1 /** 2 * Copyright (c) 2020 HiSilicon (Shanghai) Technologies CO., LIMITED. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 * 15 * Description: Provides pke driver header \n 16 * 17 * History: \n 18 * 2023-03-14, Create file. \n 19 */ 20 #ifndef UNIFIED_CIPHER_PKE_H 21 #define UNIFIED_CIPHER_PKE_H 22 23 #include <stdint.h> 24 #include <stdbool.h> 25 #include "errcode.h" 26 27 #ifdef __cplusplus 28 #if __cplusplus 29 extern "C" { 30 #endif 31 #endif 32 33 /** 34 * @defgroup security_unified_pke PKE 35 * @ingroup drivers_driver_security_unified 36 * @{ 37 */ 38 39 /** 40 * @if Eng 41 * @brief ECC curve type 42 * @note TDES is not secure, and we advise not to use it. 43 * @else 44 * @brief ECC曲线类型 45 * @note TDES不安全,不建议使用。 46 * @endif 47 */ 48 typedef enum { 49 UAPI_DRV_CIPHER_PKE_ECC_TYPE_RFC5639_P256 = 0, /* RFC 5639 - Brainpool P256/384/512 */ 50 UAPI_DRV_CIPHER_PKE_ECC_TYPE_RFC5639_P384, /* RFC 5639 - Brainpool P256/384/512 */ 51 UAPI_DRV_CIPHER_PKE_ECC_TYPE_RFC5639_P512, /* RFC 5639 - Brainpool P256/384/512 */ 52 UAPI_DRV_CIPHER_PKE_ECC_TYPE_FIPS_P256K, /* NIST FIPS 186-4 P192/224/256/384/521, suggest not to use */ 53 UAPI_DRV_CIPHER_PKE_ECC_TYPE_FIPS_P192R, /* NIST FIPS 186-4 P192/224/256/384/521, suggest not to use */ 54 UAPI_DRV_CIPHER_PKE_ECC_TYPE_FIPS_P224R, /* NIST FIPS 186-4 P192/224/256/384/521, suggest not to use */ 55 UAPI_DRV_CIPHER_PKE_ECC_TYPE_FIPS_P256R, /* NIST FIPS 186-4 P192/224/256/384/521, suggest not to use */ 56 UAPI_DRV_CIPHER_PKE_ECC_TYPE_FIPS_P384R, /* NIST FIPS 186-4 P192/224/256/384/521, suggest not to use */ 57 UAPI_DRV_CIPHER_PKE_ECC_TYPE_FIPS_P521R, /* NIST FIPS 186-4 P192/224/256/384/521, suggest not to use */ 58 UAPI_DRV_CIPHER_PKE_ECC_TYPE_RFC7748, /* RFC 7748 - Curve25519 */ 59 UAPI_DRV_CIPHER_PKE_ECC_TYPE_RFC7748_448, /* RFC 7748 - Curve448 */ 60 UAPI_DRV_CIPHER_PKE_ECC_TYPE_RFC8032, /* RFC 8032 - ED25519 */ 61 UAPI_DRV_CIPHER_PKE_ECC_TYPE_SM2, /* GMT 0003.2-2012 */ 62 UAPI_DRV_CIPHER_PKE_ECC_TYPE_MAX, 63 UAPI_DRV_CIPHER_PKE_ECC_TYPE_INVALID = 0xffffffff, 64 } uapi_drv_cipher_pke_ecc_curve_type_t; 65 66 /** 67 * @if Eng 68 * @brief Padding mode of the RSA algorithm 69 * @note PKCS1_V15 is not secure, and we advise not to use it. 70 * @else 71 * @brief RSA算法填充方式 72 * @note PKCS1_V15不安全,不建议使用。 73 * @endif 74 */ 75 typedef enum { 76 UAPI_DRV_CIPHER_PKE_RSA_SCHEME_PKCS1_V15 = 0x00, /* not security, suggest not to use */ 77 UAPI_DRV_CIPHER_PKE_RSA_SCHEME_PKCS1_V21, 78 UAPI_DRV_CIPHER_PKE_RSA_SCHEME_MAX, 79 UAPI_DRV_CIPHER_PKE_RSA_SCHEME_INVALID = 0xffffffff, 80 } uapi_drv_cipher_pke_rsa_scheme_t; 81 82 /** 83 * @if Eng 84 * @brief Hash algorithm type used for RSA padding 85 * @note SHA1 and SHA224 is not secure, and we advise not to use it. 86 * @else 87 * @brief RSA填充使用的hash算法类型 88 * @note SHA1和SHA224不安全,不建议使用。 89 * @endif 90 */ 91 typedef enum { 92 UAPI_DRV_CIPHER_PKE_HASH_TYPE_SHA1 = 0x00, /* not security, suggest not to use */ 93 UAPI_DRV_CIPHER_PKE_HASH_TYPE_SHA224, 94 UAPI_DRV_CIPHER_PKE_HASH_TYPE_SHA256, 95 UAPI_DRV_CIPHER_PKE_HASH_TYPE_SHA384, 96 UAPI_DRV_CIPHER_PKE_HASH_TYPE_SHA512, 97 UAPI_DRV_CIPHER_PKE_HASH_TYPE_SM3, 98 UAPI_DRV_CIPHER_PKE_HASH_TYPE_MAX, 99 UAPI_DRV_CIPHER_PKE_HASH_TYPE_INVALID = 0xffffffff, 100 } uapi_drv_cipher_pke_hash_type_t; 101 102 /** 103 * @if Eng 104 * @brief Buffer security attribute for RSA input messages 105 * @else 106 * @brief RSA输入消息的缓冲区安全属性 107 * @endif 108 */ 109 typedef enum { 110 UAPI_DRV_CIPHER_PKE_BUF_NONSECURE = 0x00, 111 UAPI_DRV_CIPHER_PKE_BUF_SECURE, 112 UAPI_DRV_CIPHER_PKE_BUF_INVALID = 0xffffffff, 113 } uapi_drv_cipher_pke_buffer_secure_t; 114 115 /** 116 * @if Eng 117 * @brief Common PKE data structure 118 * @else 119 * @brief PKE通用数据结构体 120 * @endif 121 */ 122 typedef struct { 123 uint32_t length; /*!< @if Eng PKE common data buffer length. 124 @else PKE通用数据缓冲区长度。 @endif */ 125 uint8_t *data; /*!< @if Eng PKE common data buffer. 126 @else PKE通用数据缓冲区。 @endif */ 127 } uapi_drv_cipher_pke_data_t; 128 129 /** 130 * @if Eng 131 * @brief ECC public key structure 132 * @else 133 * @brief ECC公钥结构体 134 * @endif 135 */ 136 typedef struct { 137 uint8_t *x; /*!< @if Eng X coordinates of the generated public key, the caller ensures it is padded with leading 138 zeros if the effective size of this key is smaller than ecc key size. 139 @else 公钥的X坐标,调用方确保如果此密钥的有效大小小于ecc密钥大小,则用前导零填充。 @endif */ 140 uint8_t *y; /*!< @if Eng Y coordinates of the generated public key, the caller ensures it is padded with leading 141 zeros if the effective size of this key is smaller than ecc key size. 142 @else 公钥的Y坐标,调用方确保如果此密钥的有效大小小于ecc密钥大小,则用前导零填充。 @endif */ 143 uint32_t length; /*!< @if Eng ECC public key length. 144 @else RCC公钥长度。 @endif */ 145 } uapi_drv_cipher_pke_ecc_point_t; 146 147 /** 148 * @if Eng 149 * @brief ECC signature structure 150 * @else 151 * @brief ECC签名结构体 152 * @endif 153 */ 154 typedef struct { 155 uint8_t *r; /*!< @if Eng ECC signature R. 156 @else ECC签名值R。 @endif */ 157 uint8_t *s; /*!< @if Eng ECC signature S. 158 @else ECC签名值S。 @endif */ 159 uint32_t length; /*!< @if Eng Length of the ECC signature. 160 @else ECC签名数据长度。 @endif */ 161 } uapi_drv_cipher_pke_ecc_sig_t; 162 163 /** 164 * @if Eng 165 * @brief ECC input message structure 166 * @else 167 * @brief ECC输入消息结构体 168 * @endif 169 */ 170 typedef struct { 171 uint32_t length; /*!< @if Eng Length of the ECC input message buffer. 172 @else ECC输入消息缓冲区长度。 @endif */ 173 uint8_t *data; /*!< @if Eng ECC input message buffer. 174 @else ECC输入消息缓冲区。 @endif */ 175 uapi_drv_cipher_pke_buffer_secure_t buf_sec; 176 } uapi_drv_cipher_pke_msg_t; 177 178 /** 179 * @if Eng 180 * @brief RSA private key structure 181 * @else 182 * @brief RSA私钥结构体 183 * @endif 184 */ 185 typedef struct { 186 uint8_t *n; /*!< @if Eng RSA public modulus. 187 @else RSA秘钥参数n。 @endif */ 188 uint8_t *e; /*!< @if Eng public exponent. 189 @else RSA公钥参数e。 @endif */ 190 uint8_t *d; /*!< @if Eng private exponent. 191 @else RSA私钥参数d。 @endif */ 192 uint8_t *p; /*!< @if Eng 1st prime factor. 193 @else RSA第一素数因子。 @endif */ 194 uint8_t *q; /*!< @if Eng 2nd prime factor. 195 @else RSA第二素数因子。 @endif */ 196 uint8_t *dp; /*!< @if Eng D % (P - 1). 197 @else D % (P - 1)的结果。 @endif */ 198 uint8_t *dq; /*!< @if Eng D % (Q - 1). 199 @else D % (Q - 1)的结果。 @endif */ 200 uint8_t *qp; /*!< @if Eng 1 / (Q % P). 201 @else 1 / (Q % P)的结果。 @endif */ 202 uint16_t n_len; /*!< @if Eng length of public modulus. 203 @else RSA秘钥参数n的长度。 @endif */ 204 uint16_t e_len; /*!< @if Eng length of public exponent. 205 @else RSA公钥参数e的长度。 @endif */ 206 uint16_t d_len; /*!< @if Eng length of private exponent. 207 @else RSA私钥参数d的长度。 @endif */ 208 uint16_t p_len; /*!< @if Eng length of 1st prime factor,should be half of u16NLen. 209 @else RSA第一素因子的长度,应该是u16NLen的一半。 @endif */ 210 uint16_t q_len; /*!< @if Eng length of 2nd prime factor,should be half of u16NLen. 211 @else RSA第二素因子的长度,应该是u16NLen的一半。 @endif */ 212 uint16_t dp_len; /*!< @if Eng length of D % (P - 1),should be half of u16NLen. 213 @else D % (P - 1)结果的长度,应该是u16NLen的一半。 @endif */ 214 uint16_t dq_len; /*!< @if Eng length of D % (Q - 1),should be half of u16NLen. 215 @else D % (Q - 1)结果的长度,应该是u16NLen的一半。 @endif */ 216 uint16_t qp_len; /*!< @if Eng length of 1 / (Q % P),should be half of u16NLen. 217 @else 1 / (Q % P)结果的长度,应该是u16NLen的一半。 @endif */ 218 } uapi_drv_cipher_pke_rsa_priv_key_t; 219 220 /** 221 * @if Eng 222 * @brief RSA public key structure. 223 * @else 224 * @brief RSA公钥结构体。 225 * @endif 226 */ 227 typedef struct { 228 uint8_t *n; /*!< @if Eng private exponent. 229 @else RSA私钥参数d。 @endif */ 230 uint8_t *e; /*!< @if Eng public exponent. 231 @else RSA公钥参数e。 @endif */ 232 uint16_t len; /*!< @if Eng RSA public key length. 233 @else RSA公钥长度。 @endif */ 234 } uapi_drv_cipher_pke_rsa_pub_key_t; 235 236 /** 237 * @if Eng 238 * @brief Generate an ECC Key Pair. 239 * @param [in] curve_type ECC Curve Type. 240 * @param [in] input_priv_key Input private key, which can be a null pointer. 241 * @param [out] output_priv_key Output private key. 242 * @param [out] output_pub_key Output public key. 243 * @retval ERRCODE_SUCC Success. 244 * @retval Other Failure. For details, see @ref errcode_t 245 * @else 246 * @brief 生成ECC秘钥对。 247 * @param [in] curve_type ECC曲线类型。 248 * @param [in] input_priv_key 输入私钥,可以为空指针。 249 * @param [out] output_priv_key 输出私钥。 250 * @param [out] output_pub_key 输出公钥。 251 * @retval ERRCODE_SUCC 成功。 252 * @retval Other 失败,参考 @ref errcode_t 。 253 * @endif 254 */ 255 errcode_t uapi_drv_cipher_pke_ecc_gen_key(uapi_drv_cipher_pke_ecc_curve_type_t curve_type, 256 const uapi_drv_cipher_pke_data_t *input_priv_key, 257 const uapi_drv_cipher_pke_data_t *output_priv_key, 258 const uapi_drv_cipher_pke_ecc_point_t *output_pub_key); 259 260 /** 261 * @if Eng 262 * @brief ECC Signature. 263 * @param [in] curve_type ECC Curve Type. 264 * @param [in] priv_key Input private key. 265 * @param [in] hash Input digest. 266 * @param [out] sig Output Signature. 267 * @retval ERRCODE_SUCC Success. 268 * @retval Other Failure. For details, see @ref errcode_t 269 * @else 270 * @brief 椭圆曲线数字签名。 271 * @param [in] curve_type ECC曲线类型。 272 * @param [in] priv_key 输入私钥。 273 * @param [in] hash 输入摘要。 274 * @param [out] sig 输出签名。 275 * @retval ERRCODE_SUCC 成功。 276 * @retval Other 失败,参考 @ref errcode_t 。 277 * @endif 278 */ 279 errcode_t uapi_drv_cipher_pke_ecdsa_sign(uapi_drv_cipher_pke_ecc_curve_type_t curve_type, 280 const uapi_drv_cipher_pke_data_t *priv_key, 281 const uapi_drv_cipher_pke_data_t *hash, 282 const uapi_drv_cipher_pke_ecc_sig_t *sig); 283 284 /** 285 * @if Eng 286 * @brief ECC signature verification. 287 * @param [in] curve_type ECC Curve Type. 288 * @param [in] pub_key Input public key. 289 * @param [in] hash Input digest. 290 * @param [out] sig Input Signature. 291 * @retval ERRCODE_SUCC Success. 292 * @retval Other Failure. For details, see @ref errcode_t 293 * @else 294 * @brief 椭圆曲线数字ECC验签。 295 * @param [in] curve_type ECC曲线类型。 296 * @param [in] pub_key 输入公钥。 297 * @param [in] hash 输入摘要。 298 * @param [out] sig 输入签名。 299 * @retval ERRCODE_SUCC 成功。 300 * @retval Other 失败,参考 @ref errcode_t 。 301 * @endif 302 */ 303 errcode_t uapi_drv_cipher_pke_ecdsa_verify(uapi_drv_cipher_pke_ecc_curve_type_t curve_type, 304 const uapi_drv_cipher_pke_ecc_point_t *pub_key, 305 const uapi_drv_cipher_pke_data_t *hash, 306 const uapi_drv_cipher_pke_ecc_sig_t *sig); 307 308 /** 309 * @if Eng 310 * @brief Edwards curve signature. 311 * @param [in] curve_type ECC Curve Type. 312 * @param [in] priv_key Input public key. 313 * @param [in] msg Input message. 314 * @param [out] sig Output Signature. 315 * @retval ERRCODE_SUCC Success. 316 * @retval Other Failure. For details, see @ref errcode_t 317 * @else 318 * @brief 爱德华兹曲线数字签名。 319 * @param [in] curve_type ECC曲线类型。 320 * @param [in] priv_key 输入私钥。 321 * @param [in] msg 输入消息。 322 * @param [out] sig 输出签名。 323 * @retval ERRCODE_SUCC 成功。 324 * @retval Other 失败,参考 @ref errcode_t 。 325 * @endif 326 */ 327 errcode_t uapi_drv_cipher_pke_eddsa_sign(uapi_drv_cipher_pke_ecc_curve_type_t curve_type, 328 const uapi_drv_cipher_pke_data_t *priv_key, 329 const uapi_drv_cipher_pke_msg_t *msg, 330 const uapi_drv_cipher_pke_ecc_sig_t *sig); 331 332 /** 333 * @if Eng 334 * @brief Edwards curve signature verification. 335 * @param [in] curve_type ECC Curve Type. 336 * @param [in] pub_key Input public key. 337 * @param [in] msg Input message. 338 * @param [in] sig output Signature. 339 * @retval ERRCODE_SUCC Success. 340 * @retval Other Failure. For details, see @ref errcode_t 341 * @else 342 * @brief 爱德华兹曲线数字验签。 343 * @param [in] curve_type ECC曲线类型。 344 * @param [in] pub_key 输入私钥。 345 * @param [in] msg 输入消息。 346 * @param [in] sig 输出签名。 347 * @retval ERRCODE_SUCC 成功 348 * @retval Other 失败,参考 @ref errcode_t 。 349 * @endif 350 */ 351 errcode_t uapi_drv_cipher_pke_eddsa_verify(uapi_drv_cipher_pke_ecc_curve_type_t curve_type, 352 const uapi_drv_cipher_pke_ecc_point_t *pub_key, 353 const uapi_drv_cipher_pke_msg_t *msg, 354 const uapi_drv_cipher_pke_ecc_sig_t *sig); 355 356 /** 357 * @if Eng 358 * @brief Elliptical Curve Diffie-Helman(ECDH) for key exchange. 359 * @param [in] curve_type ECC Curve Type. 360 * @param [in] input_pub_key Input public key. 361 * @param [in] input_priv_key Input private key. 362 * @param [out] output_shared_key Output exchanged key . 363 * @retval ERRCODE_SUCC Success. 364 * @retval Other Failure. For details, see @ref errcode_t 365 * @else 366 * @brief 椭圆曲线迪菲-赫尔曼秘钥协商。 367 * @param [in] curve_type ECC曲线类型。 368 * @param [in] input_pub_key 输入公钥。 369 * @param [in] input_priv_key 输入私钥。 370 * @param [out] output_shared_key 输出协商秘钥。 371 * @retval ERRCODE_SUCC 成功。 372 * @retval Other 失败,参考 @ref errcode_t 。 373 * @endif 374 */ 375 errcode_t uapi_drv_cipher_pke_ecc_gen_ecdh_key(uapi_drv_cipher_pke_ecc_curve_type_t curve_type, 376 const uapi_drv_cipher_pke_ecc_point_t *input_pub_key, 377 const uapi_drv_cipher_pke_data_t *input_priv_key, 378 const uapi_drv_cipher_pke_data_t *output_shared_key); 379 380 /** 381 * @if Eng 382 * @brief Check whether the point is on the elliptic curve. 383 * @param [in] curve_type ECC Curve Type. 384 * @param [in] pub_key Input public key. 385 * @param [out] is_on_curve Output result. 386 * @retval ERRCODE_SUCC Success. 387 * @retval Other Failure. For details, see @ref errcode_t 388 * @else 389 * @brief 检查点是否在椭圆曲线上。 390 * @param [in] curve_type ECC曲线类型。 391 * @param [in] pub_key 输入公钥。 392 * @param [out] is_on_curve 输出结果。 393 * @retval ERRCODE_SUCC 成功。 394 * @retval Other 失败,参考 @ref errcode_t 。 395 * @endif 396 */ 397 errcode_t uapi_drv_cipher_pke_check_dot_on_curve(uapi_drv_cipher_pke_ecc_curve_type_t curve_type, 398 const uapi_drv_cipher_pke_ecc_point_t *pub_key, bool *is_on_curve); 399 400 /** 401 * @if Eng 402 * @brief SM3 digest calculation for SM2. 403 * @param [in] sm2_id SM2 ID. 404 * @param [in] pub_key Input public key. 405 * @param [in] msg Input message. 406 * @param [out] hash Output digest. 407 * @retval ERRCODE_SUCC Success. 408 * @retval Other Failure. For details, see @ref errcode_t 409 * @else 410 * @brief SM2杂凑的SM3摘要计算。 411 * @param [in] sm2_id SM2 ID。 412 * @param [in] pub_key 输入公钥。 413 * @param [in] msg 输入消息。 414 * @param [out] hash 输出摘要。 415 * @retval ERRCODE_SUCC 成功。 416 * @retval Other 失败,参考 @ref errcode_t 。 417 * @endif 418 */ 419 errcode_t uapi_drv_cipher_pke_sm2_dsa_hash(const uapi_drv_cipher_pke_data_t *sm2_id, 420 const uapi_drv_cipher_pke_ecc_point_t *pub_key, 421 const uapi_drv_cipher_pke_msg_t *msg, 422 uapi_drv_cipher_pke_data_t *hash); 423 424 /** 425 * @if Eng 426 * @brief SM2 public key encryption. 427 * @param [in] pub_key Input public key. 428 * @param [in] plain_text Input plain text. 429 * @param [out] cipher_text Output cipher text. 430 * @retval ERRCODE_SUCC Success. 431 * @retval Other Failure. For details, see @ref errcode_t 432 * @else 433 * @brief SM2公钥加密。 434 * @param [in] pub_key 输入公钥。 435 * @param [in] plain_text 输入明文。 436 * @param [out] cipher_text 输出密文。 437 * @retval ERRCODE_SUCC 成功。 438 * @retval Other 失败,参考 @ref errcode_t 。 439 * @endif 440 */ 441 errcode_t uapi_drv_cipher_pke_sm2_public_encrypt(const uapi_drv_cipher_pke_ecc_point_t *pub_key, 442 const uapi_drv_cipher_pke_data_t *plain_text, 443 const uapi_drv_cipher_pke_data_t *cipher_text); 444 445 /** 446 * @if Eng 447 * @brief SM2 private key decryption. 448 * @param [in] priv_key Input private key. 449 * @param [in] cipher_text Input cipher text. 450 * @param [out] plain_text Output plain text. 451 * @retval ERRCODE_SUCC Success. 452 * @retval Other Failure. For details, see @ref errcode_t 453 * @else 454 * @brief SM2私钥解密。 455 * @param [in] priv_key 输入私钥。 456 * @param [in] cipher_text 输入密文。 457 * @param [out] plain_text 输出明文。 458 * @retval ERRCODE_SUCC 成功。 459 * @retval Other 失败,参考 @ref errcode_t 。 460 * @endif 461 */ 462 errcode_t uapi_drv_cipher_pke_sm2_private_decrypt(const uapi_drv_cipher_pke_data_t *priv_key, 463 const uapi_drv_cipher_pke_data_t *cipher_text, 464 const uapi_drv_cipher_pke_data_t *plain_text); 465 466 /** 467 * @if Eng 468 * @brief RSA Signature. 469 * @param [in] priv_key Input private key 470 * @param [in] scheme RSA padding mode 471 * @param [in] hash_type Digest algorithm used for RSA padding 472 * @param [in] input_hash Input digest 473 * @param [out] sign Output the signature result 474 * @retval ERRCODE_SUCC Success. 475 * @retval Other Failure. For details, see @ref errcode_t 476 * @else 477 * @brief RSA签名。 478 * @param [in] priv_key 输入私钥。 479 * @param [in] scheme RSA填充方式。 480 * @param [in] hash_type RSA填充使用的摘要算法。 481 * @param [in] input_hash 输入摘要。 482 * @param [out] sign 输出签名结果。 483 * @retval ERRCODE_SUCC 成功。 484 * @retval Other 失败,参考 @ref errcode_t 。 485 * @endif 486 */ 487 errcode_t uapi_drv_cipher_pke_rsa_sign(const uapi_drv_cipher_pke_rsa_priv_key_t *priv_key, 488 uapi_drv_cipher_pke_rsa_scheme_t scheme, 489 uapi_drv_cipher_pke_hash_type_t hash_type, 490 const uapi_drv_cipher_pke_data_t *input_hash, 491 uapi_drv_cipher_pke_data_t *sign); 492 493 /** 494 * @if Eng 495 * @brief Generate an RSA private key based on the RSA public key. 496 * @param [in] pub_key Input public key 497 * @param [in] scheme RSA padding mode 498 * @param [in] hash_type Digest algorithm used for RSA padding 499 * @param [in] input_hash Input digest 500 * @param [out] sig Output signature 501 * @retval ERRCODE_SUCC Success. 502 * @retval Other Failure. For details, see @ref errcode_t 503 * @else 504 * @brief RSA验签。 505 * @param [in] pub_key 输入公钥。 506 * @param [in] scheme RSA填充方式。 507 * @param [in] hash_type RSA填充使用的摘要算法。 508 * @param [in] input_hash 输入摘要。 509 * @param [out] sig 输出签名。 510 * @retval ERRCODE_SUCC 成功。 511 * @retval Other 失败,参考 @ref errcode_t 。 512 * @endif 513 */ 514 errcode_t uapi_drv_cipher_pke_rsa_verify(const uapi_drv_cipher_pke_rsa_pub_key_t *pub_key, 515 uapi_drv_cipher_pke_rsa_scheme_t scheme, 516 uapi_drv_cipher_pke_hash_type_t hash_type, 517 uapi_drv_cipher_pke_data_t *input_hash, 518 const uapi_drv_cipher_pke_data_t *sig); 519 520 /** 521 * @if Eng 522 * @brief RSA public key encryption. 523 * @param [in] scheme padding mode 524 * @param [in] hash_type Digest algorithm used for RSA padding, used by OAEP padding mode 525 * @param [in] pub_key Input public key 526 * @param [in] input Input plain text 527 * @param [in] label RSA label, used by OAEP padding mode 528 * @param [out] output Output cipher text 529 * @retval ERRCODE_SUCC Success. 530 * @retval Other Failure. For details, see @ref errcode_t 531 * @else 532 * @brief RSA公钥加密。 533 * @param [in] scheme RSA填充方式。 534 * @param [in] hash_type RSA填充使用的摘要算法, 仅 OAEP 填充模式时使用此参数。 535 * @param [in] pub_key 输入公钥。 536 * @param [in] input 输入明文。 537 * @param [in] label RSA标签, 仅 OAEP 填充模式时使用此参数。 538 * @param [out] output 输出密文。 539 * @retval ERRCODE_SUCC 成功 540 * @retval Other 失败,参考 @ref errcode_t 541 * @endif 542 */ 543 errcode_t uapi_drv_cipher_pke_rsa_public_encrypt(uapi_drv_cipher_pke_rsa_scheme_t scheme, 544 uapi_drv_cipher_pke_hash_type_t hash_type, 545 const uapi_drv_cipher_pke_rsa_pub_key_t *pub_key, 546 const uapi_drv_cipher_pke_data_t *input, 547 const uapi_drv_cipher_pke_data_t *label, 548 uapi_drv_cipher_pke_data_t *output); 549 550 /** 551 * @if Eng 552 * @brief RSA public key encryption. 553 * @param [in] scheme padding mode 554 * @param [in] hash_type Digest algorithm used for RSA padding, used by OAEP padding mode 555 * @param [in] priv_key Input private key 556 * @param [in] input Input cipher text 557 * @param [in] label RSA label, used by OAEP padding mode 558 * @param [out] output Output plain text 559 * @retval ERRCODE_SUCC Success. 560 * @retval Other Failure. For details, see @ref errcode_t 561 * @else 562 * @brief RSA私钥解密。 563 * @param [in] scheme RSA填充方式。 564 * @param [in] hash_type RSA填充使用的摘要算法, 仅 OAEP 填充模式时使用此参数。 565 * @param [in] priv_key 输入私钥。 566 * @param [in] input 输入密文。 567 * @param [in] label RSA标签, 仅 OAEP 填充模式时使用此参数。 568 * @param [out] output 输出明文。 569 * @retval ERRCODE_SUCC 成功。 570 * @retval Other 失败,参考 @ref errcode_t 。 571 * @endif 572 */ 573 errcode_t uapi_drv_cipher_pke_rsa_private_decrypt(uapi_drv_cipher_pke_rsa_scheme_t scheme, 574 uapi_drv_cipher_pke_hash_type_t hash_type, 575 const uapi_drv_cipher_pke_rsa_priv_key_t *priv_key, 576 const uapi_drv_cipher_pke_data_t *input, 577 const uapi_drv_cipher_pke_data_t *label, 578 const uapi_drv_cipher_pke_data_t *output); 579 580 /** 581 * @if Eng 582 * @brief DH generate key pair or generate public key from private key. 583 * @attention The valid length of module shouldn't be two bytes less than the support length. 584 * @param [in] g_data The public base data, which is prime, and length shouldn't be larger than mod_n->length. 585 * @param [in] mod_n The public module, which is prime only support 192/224/256/384/512/521/1024/2048/3072/4096bits. 586 * @param [in] input_priv_key The input private key, which can be null. 587 * If not, the length should be equal to mod_n->length. 588 * @param [out] output_priv_key The output private key, which length should be equal to mod_n->length. 589 * @param [out] output_pub_key The output public key, which length should be equal to mod_n->length. 590 * @retval ERRCODE_SUCC Success. 591 * @retval Other Failure. For details, see @ref errcode_t 592 * @else 593 * @brief DH 公私钥对生成或由私钥生成公钥。 594 * @attention 模数的有效字节数与 mod_n->length 支持的规格之差不能大于2字节。 595 * @param [in] g_data 公开的底数,该数为质数,g_data->length 不能大于 mod_n->length。 596 * @param [in] mod_n 公开的模数,该数为质数。 597 * @param [in] input_priv_key 用户输入的私钥,可以为空。若非空,input_priv_key->length 应该与 mod_n->length 相同。 598 * @param [out] output_priv_key 生成的私钥,output_priv_key->length 应该与 mod_n->length 相同。 599 * @param [out] output_pub_key 生成的公钥,output_pub_key->length 应该与 mod_n->length 相同。 600 * @retval ERRCODE_SUCC 成功。 601 * @retval Other 失败,参考 @ref errcode_t 。 602 * @endif 603 */ 604 errcode_t uapi_drv_cipher_pke_dh_gen_key(const uapi_drv_cipher_pke_data_t *g_data, 605 const uapi_drv_cipher_pke_data_t *mod_n, const uapi_drv_cipher_pke_data_t *input_priv_key, 606 const uapi_drv_cipher_pke_data_t *output_priv_key, const uapi_drv_cipher_pke_data_t *output_pub_key); 607 608 /** 609 * @if Eng 610 * @brief Diffie-Hellman algorithm. 611 * @param [in] mod_n The public modulus, which is prime. 612 * @param [in] input_priv_key The input private key. 613 * @param [in] input_pub_key The input public key. 614 * @param [out] output_shared_key The output shared key. 615 * @retval ERRCODE_SUCC Success. 616 * @retval Other Failure. For details, see @ref errcode_t 617 * @else 618 * @brief DH 密钥协商算法。 619 * @param [in] mod_n 公开的模数,该数为质数。 620 * @param [in] input_priv_key 用户输入的私钥。 621 * @param [in] input_pub_key 用户输入的公钥。 622 * @param [out] output_shared_key 生成的共享密钥。 623 * @retval ERRCODE_SUCC 成功。 624 * @retval Other 失败,参考 @ref errcode_t 。 625 * @endif 626 */ 627 errcode_t uapi_drv_cipher_pke_dh_compute_key(const uapi_drv_cipher_pke_data_t *mod_n, 628 const uapi_drv_cipher_pke_data_t *input_priv_key, const uapi_drv_cipher_pke_data_t *input_pub_key, 629 const uapi_drv_cipher_pke_data_t *output_shared_key); 630 631 /** 632 * @if Eng 633 * @brief Modular addition c = (a + b) mod p. 634 * @attention The valid length of modulur shouldn't be two bytes less than the support length. 635 * @param [in] a The first parameter, which length shouldn't be larger than p->length. 636 * @param [in] b The second parameter, which length shouldn't be larger than p->length. 637 * @param [in] p The modulur, which only support 192/224/256/384/512/521/1024/1536/2048/3072/4096bits. 638 * @param [out] c The output data, which length should be equal to p->length. 639 * @retval ERRCODE_SUCC Success. 640 * @retval Other Failure. For details, see @ref errcode_t 641 * @else 642 * @brief 模加 c = (a + b) mod p。 643 * @attention 模数的有效字节数与 p->length 支持的规格之差不能大于2字节。 644 * @param [in] a 入参,a->length 不能大于 p->length。 645 * @param [in] b 入参,b->length 不能大于 p->length。 646 * @param [in] p 模数,p->length 只能为 192/224/256/384/512/521/1024/1536/2048/3072/4096bits。 647 * @param [out] c 计算结果,c->length 应该与 p->length 相同。 648 * @retval ERRCODE_SUCC 成功。 649 * @retval Other 失败,参考 @ref errcode_t 。 650 * @endif 651 */ 652 errcode_t uapi_drv_cipher_pke_add_mod(const uapi_drv_cipher_pke_data_t *a, const uapi_drv_cipher_pke_data_t *b, 653 const uapi_drv_cipher_pke_data_t *p, const uapi_drv_cipher_pke_data_t *c); 654 655 /** 656 * @if Eng 657 * @brief Modular subtraction c = (a - b) mod p. 658 * @attention The valid length of modulur shouldn't be two bytes less than the support length. 659 * @param [in] a The first parameter, which length shouldn't be larger than p->length. 660 * @param [in] b The second parameter, which length shouldn't be larger than p->length. 661 * @param [in] p The modulur, which only support 192/224/256/384/512/521/1024/1536/2048/3072/4096bits. 662 * @param [out] c The output data, which length should be equal to p->length. 663 * @retval ERRCODE_SUCC Success. 664 * @retval Other Failure. For details, see @ref errcode_t 665 * @else 666 * @brief 模减 c = (a - b) mod p。 667 * @attention 模数的有效字节数与 p->length 支持的规格之差不能大于2字节。 668 * @param [in] a 入参,a->length 不能大于 p->length。 669 * @param [in] b 入参,b->length 不能大于 p->length。 670 * @param [in] p 模数,p->length 只能为 192/224/256/384/512/521/1024/1536/2048/3072/4096bits。 671 * @param [out] c 计算结果,c->length 应该与 p->length 相同。 672 * @retval ERRCODE_SUCC 成功。 673 * @retval Other 失败,参考 @ref errcode_t 。 674 * @endif 675 */ 676 errcode_t uapi_drv_cipher_pke_sub_mod(const uapi_drv_cipher_pke_data_t *a, const uapi_drv_cipher_pke_data_t *b, 677 const uapi_drv_cipher_pke_data_t *p, const uapi_drv_cipher_pke_data_t *c); 678 679 /** 680 * @if Eng 681 * @brief Modular multiplication c = (a * b) mod p. 682 * @attention The valid length of modulur shouldn't be two bytes less than the support length. 683 * @param [in] a The first parameter, which length shouldn't be larger than p->length. 684 * @param [in] b The second parameter, which length shouldn't be larger than p->length. 685 * @param [in] p The modulur, which only support 192/256/384/512/1024/1536/2048/3072/4096bits, 686 * and the modulur shouldn't be even. 687 * @param [out] c The output data, which length should be equal to p->length. 688 * @retval ERRCODE_SUCC Success. 689 * @retval Other Failure. For details, see @ref errcode_t 690 * @else 691 * @brief 模乘 c = (a * b) mod p。 692 * @attention 模数的有效字节数与 p->length 支持的规格之差不能大于2字节。 693 * @param [in] a 入参,a->length 不能大于 p->length。 694 * @param [in] b 入参,b->length 不能大于 p->length。 695 * @param [in] p 模数,p->length 只能为 192/256/384/512/1024/1536/2048/3072/4096bits,且模数不能为偶数。 696 * @param [out] c 计算结果,c->length 应该与 p->length 相同。 697 * @retval ERRCODE_SUCC 成功。 698 * @retval Other 失败,参考 @ref errcode_t 。 699 * @endif 700 */ 701 errcode_t uapi_drv_cipher_pke_mul_mod(const uapi_drv_cipher_pke_data_t *a, const uapi_drv_cipher_pke_data_t *b, 702 const uapi_drv_cipher_pke_data_t *p, const uapi_drv_cipher_pke_data_t *c); 703 704 /** 705 * @if Eng 706 * @brief Modular inverse c = (a^-1) mod p. 707 * @attention The valid length of modulur shouldn't be two bytes less than the support length. 708 * @param [in] a The input parameter, which length should be equal to p->length. 709 * @param [in] p The modulur, which only support 192/256/384/512/1024/1536/2048/3072/4096bits, 710 * and the modulur shouldn't be even. 711 * @param [out] c The output data, which length should be equal to p->length. 712 * @retval ERRCODE_SUCC Success. 713 * @retval Other Failure. For details, see @ref errcode_t 714 * @else 715 * @brief 模逆 c = (a^-1) mod p。 716 * @attention 模数的有效字节数与 p->length 支持的规格之差不能大于2字节。 717 * @param [in] a 入参,a->length 应该等于 p->length。 718 * @param [in] p 模数,p->length 只能为 192/256/384/512/1024/1536/2048/3072/4096bits,且模数不能为偶数。 719 * @param [out] c 计算结果,c->length 应该等于 p->length。 720 * @retval ERRCODE_SUCC 成功。 721 * @retval Other 失败,参考 @ref errcode_t 。 722 * @endif 723 */ 724 errcode_t uapi_drv_cipher_pke_inv_mod(const uapi_drv_cipher_pke_data_t *a, const uapi_drv_cipher_pke_data_t *p, 725 const uapi_drv_cipher_pke_data_t *c); 726 727 /** 728 * @if Eng 729 * @brief Modular calculate c = a mod p. 730 * @attention The valid length of modulur shouldn't be two bytes less than the support length. 731 * @param [in] a The first parameter, which valid length shouldn't be larger than 2 * valid length of p->length. 732 * @param [in] p The modulur, which only support 192/256/384/512/1024/1536/2048/3072/4096bits, 733 * and the modulur shouldn't be even. 734 * @param [out] c The output data, which length should be equal to p->length. 735 * @retval ERRCODE_SUCC Success. 736 * @retval Other Failure. For details, see @ref errcode_t 737 * @else 738 * @brief 取模运算 c = a mod p。 739 * @attention 模数的有效字节数与 p->length 支持的规格之差不能大于2字节。 740 * @param [in] a 入参,其有效数据长度不能大于 2 * 模数的有效数据长度。 741 * @param [in] p 模数,p->length 只能为 192/256/384/512/1024/1536/2048/3072/4096bits,且模数不能为偶数。 742 * @param [out] c 计算结果,c->length 应该等于 p->length。 743 * @retval ERRCODE_SUCC 成功。 744 * @retval Other 失败,参考 @ref errcode_t 。 745 * @endif 746 */ 747 errcode_t uapi_drv_cipher_pke_mod(const uapi_drv_cipher_pke_data_t *a, const uapi_drv_cipher_pke_data_t *p, 748 const uapi_drv_cipher_pke_data_t *c); 749 750 /** 751 * @if Eng 752 * @brief Large number multiplication c = a * b. 753 * @param [in] a The first parameter, which length shouldn't be larger than 2048bits. 754 * @param [in] b The second parameter, which length shouldn't be larger than 2048bits. 755 * @param [out] c The output data, which length shouldn't be less than a->length + b->length. 756 * @retval ERRCODE_SUCC Success. 757 * @retval Other Failure. For details, see @ref errcode_t 758 * @else 759 * @brief 大数乘 c = a * b。 760 * @param [in] a 入参,a->length 不能大于2048比特。 761 * @param [in] b 入参,b->length 不能大于2048比特。 762 * @param [out] c 计算结果,c->length 不能小于 a->length + b->length。 763 * @retval ERRCODE_SUCC 成功。 764 * @retval Other 失败,参考 @ref errcode_t 。 765 * @endif 766 */ 767 errcode_t uapi_drv_cipher_pke_mul(const uapi_drv_cipher_pke_data_t *a, const uapi_drv_cipher_pke_data_t *b, 768 const uapi_drv_cipher_pke_data_t *c); 769 770 /** 771 * @if Eng 772 * @brief Modular exponentiation out = (in ^ k) mod n. 773 * @attention The valid length of modulur shouldn't be two bytes less than the support length. 774 * @param [in] n The modulu, which only support 192/256/384/512/1024/1536/2048/3072/4096bits, 775 * and the modulur shouldn't be even. 776 * @param [in] k The power, which length shouldn't be larger than 4096bits. 777 * @param [in] in The input data, which length shouldn't be larger than 4096bits. 778 * @param [out] out The output data, which length should be equal to p->length. 779 * @retval ERRCODE_SUCC Success. 780 * @retval Other Failure. For details, see @ref errcode_t 781 * @else 782 * @brief 模幂 out = (in ^ k) mod n。 783 * @attention 模数的有效字节数与 n->length 支持的规格之差不能大于2字节。 784 * @param [in] n 模数,n->length 只能为 192/256/384/512/1024/1536/2048/3072/4096bits,且模数不能为偶数。 785 * @param [in] k 指数,数据长度不能大于 4096 比特。 786 * @param [in] in 输入数据,数据长度不能大于 4096 比特。 787 * @param [out] out 输出结果,out->length 应该等于 n->length。 788 * @retval ERRCODE_SUCC 成功。 789 * @retval Other 失败,参考 @ref errcode_t 。 790 * @endif 791 */ 792 errcode_t uapi_drv_cipher_pke_exp_mod(const uapi_drv_cipher_pke_data_t *n, const uapi_drv_cipher_pke_data_t *k, 793 const uapi_drv_cipher_pke_data_t *in, const uapi_drv_cipher_pke_data_t *out); 794 795 /** 796 * @} 797 */ 798 799 #ifdef __cplusplus 800 #if __cplusplus 801 } 802 #endif 803 #endif 804 805 #endif