TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / next / TF-M / trusted-firmware-m / 6085ff074cb28d138cdf280e31987e9fa0a60762 / . / secure_fw / services / crypto / crypto_engine.h
blob: c5771bf9979b8afee2fb947a30d0e57d0e94409a [file] [log] [blame]
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]1/*
2 * Copyright (c) 2019, Arm Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
8#ifndef __CRYPTO_ENGINE_H__
9#define __CRYPTO_ENGINE_H__
10
11#ifdef __cplusplus
12extern "C" {
13#endif
14
15#include <limits.h>
16#include "psa_crypto.h"
17
18#if defined(TFM_CRYPTO_ENGINE_MBEDTLS)
19/* Pre include Mbed TLS headers */
20#define LIB_PREFIX_NAME __tfm_crypto__
21#include "mbedtls_global_symbols.h"
22
23/* Include the Mbed TLS configuration file, the way Mbed TLS does it
24 * in each of its header files. */
25#if !defined(MBEDTLS_CONFIG_FILE)
26#include "platform/ext/common/tfm_mbedtls_config.h"
27#else
28#include MBEDTLS_CONFIG_FILE
29#endif
30
31/**
32 * \brief List of engine specific includes for Mbed TLS
33 *
34 */
35#include "mbedtls/memory_buffer_alloc.h"
36#include "mbedtls/md.h"
37#include "mbedtls/cipher.h"
38#include "mbedtls/cmac.h"
39
40#endif /* TFM_CRYPTO_ENGINE_MBEDTLS */
41
42/**
43 * \brief Generic engine cipher context type
44 *
45 */
46union engine_cipher_context {
47 uint32_t dummy; /* Needed to keep the union always not empty */
48#if defined(TFM_CRYPTO_ENGINE_MBEDTLS)
49 mbedtls_cipher_context_t ctx;
50#endif
51};
52
53/**
54 * \brief Generic engine hash context type
55 *
56 */
57union engine_hash_context {
58 uint32_t dummy; /* Needed to keep the union always not empty */
59#if defined (TFM_CRYPTO_ENGINE_MBEDTLS)
60 mbedtls_md_context_t ctx;
61#endif
62};
63
64/**
65 * \brief Generic engine cmac context type
66 *
67 */
68union engine_cmac_context {
69 uint32_t dummy; /* Needed to keep the union always not empty */
70#if defined (TFM_CRYPTO_ENGINE_MBEDTLS)
71 mbedtls_cmac_context_t ctx;
72#endif
73};
74
75
76
77/**
78 * \brief For a cipher operation, define the possible modes of configuration.
79 */
80enum engine_cipher_mode_t {
81 ENGINE_CIPHER_MODE_NONE = 0, /*!< Cipher mode not selected */
82 ENGINE_CIPHER_MODE_DECRYPT, /*!< Cipher mode set to decryption */
83 ENGINE_CIPHER_MODE_ENCRYPT, /*!< Cipher mode set to encryption */
84 /* Used to force enum size */
85 ENGINE_CIPHER_MODE_FORCE_INT_SIZE = INT_MAX
86};
87
88/**
89 * \brief Structure used to keep engine information during the engine setup
90 * step for a hash operation.
91 */
92struct hash_engine_info {
93 uint32_t type; /*!< Engine specific identifier which describes
94 * the operation which has to be configured on
95 * the crypto engine
96 */
97};
98
99/**
100 * \brief Structure used to keep engine information during the engine setup
101 * step for a cipher operation
102 */
103struct cipher_engine_info {
104 uint32_t type; /*!< Engine specific identifier which describes
105 * the operation which has to be configured on
106 * the crypto engine
107 */
108 enum engine_cipher_mode_t cipher_mode; /*!< Describes if the cipher on
109 * the engine is configured for
110 * encryption or decryption
111 */
112 uint32_t padding_mode; /*!< Engine specific identifier which describes
113 * the padding mode which has been configured
114 * on the cipher, if any
115 */
116};
117
118/**
119 * \brief This function performs all the generic operations required to
120 * initialise the crypto engine
121 *
122 * \return Return values as specified by \ref psa_status_t
123 */
124psa_status_t tfm_crypto_engine_init(void);
125
126/**
127 * \brief This function performs the setup of a multipart hash operation on the
128 * crypto engine
129 *
130 * \param[in] alg Algorithm to be setup
131 * \param[out] engine_info Pointer to the engine_info structure containing
132 * engine parameters determined during the setup
133 *
134 * \return Return values as specified by \ref psa_status_t
135 */
136psa_status_t tfm_crypto_engine_hash_setup(const psa_algorithm_t alg,
137 struct hash_engine_info *engine_info);
138/**
139 * \brief This function starts a multipart hash operation on the crypto engine
140 *
141 * \param[in/out] hp Pointer to the hash engine context to be used
142 * \param[in] engine_info Pointer to the engine_info structure as determined
143 * during the setup step
144 *
145 * \return Return values as specified by \ref psa_status_t
146 */
147psa_status_t tfm_crypto_engine_hash_start(union engine_hash_context *hp,
148 const struct hash_engine_info *engine_info);
149/**
150 * \brief This function updates a multipart hash operation with one chunk of
151 * input data
152 *
153 * \param[in/out] hp Pointer to the hash engine context to be used
154 * \param[in] input Pointer to the buffer containing the input data
155 * \param[in] input_length Size in bytes of the input data
156 *
157 * \return Return values as specified by \ref psa_status_t
158 */
159psa_status_t tfm_crypto_engine_hash_update(union engine_hash_context *hp,
160 const uint8_t *input,
161 const uint32_t input_length);
162/**
163 * \brief This function finalises a multipart hash operation producing one hash
164 * value in output as described by the operation context
165 *
166 * \param[in/out] hp Pointer to the hash engine context to be used
167 * \param[out] hash Pointer to the buffer containing the output hash value
168 *
169 * \return Return values as specified by \ref psa_status_t
170 */
171psa_status_t tfm_crypto_engine_hash_finish(union engine_hash_context *hp,
172 uint8_t *hash);
173/**
174 * \brief This function releases the crypto engine resources associated to a
175 * multipart hash operation context
176 *
177 * \param[in/out] hp Pointer to the hash engine context to be used
178 *
179 * \return Return values as specified by \ref psa_status_t
180 */
181psa_status_t tfm_crypto_engine_hash_release(union engine_hash_context *hp);
182
183/**
184 * \brief This function performs the setup of a multipart cipher operation on
185 * the crypto engine
186 *
187 * \param[in] alg Algorithm to be configured
188 * \param[in] key_type Key type of the key that will be used
189 * \param[in] key_size Size in bits of the key that will be used
190 * \param[in] engine_cipher_mode Parameter specifying if the cipher must be set
191 * in encrypt or decrypt mode
192 * \param[out] engine_info Pointer to the engine configuration structure
193 * containing engine parameters determined during
194 * setup
195 *
196 * \return Return values as specified by \ref psa_status_t
197 */
198psa_status_t tfm_crypto_engine_cipher_setup(const psa_algorithm_t alg,
199 const psa_key_type_t key_type,
200 const uint32_t key_size,
201 const enum engine_cipher_mode_t engine_cipher_mode,
202 struct cipher_engine_info *engine_info);
203/**
204 * \brief This function sets the padding mode on the crypto engine based on the
205 * information gathered during the setup phase
206 *
207 * \param[in/out] cp Pointer to the cipher engine context to be used
208 * \param[in] engine_info Pointer to the engine configuration structure
209 * containing engine parameters determined during
210 * setup
211 *
212 * \return Return values as specified by \ref psa_status_t
213 */
214psa_status_t tfm_crypto_engine_cipher_set_padding_mode(
215 union engine_cipher_context *cp,
216 const struct cipher_engine_info *engine_info);
217/**
218 * \brief This function starts a multipart cipher operation
219 *
220 * \param[in/out] cp Pointer to the cipher engine context to be used
221 * \param[in] engine_info Pointer to the engine configuration structure
222 * containing engine parameters determined during
223 * setup
224 *
225 * \return Return values as specified by \ref psa_status_t
226 */
227psa_status_t tfm_crypto_engine_cipher_start(
228 union engine_cipher_context *cp,
229 const struct cipher_engine_info *engine_info);
230/**
231 * \brief This function sets the key data on the crypto engine for a multipart
232 * cipher operation. It reads also from the engine_info configuration
233 * item to determine if the key needs to be set in encryption or
234 * decryption mode on the engine.
235 *
236 * \param[in/out] cp Pointer to the cipher engine context to be used
237 * \param[in] key_data Pointer to the buffer containing key material
238 * \param[in] key_size Size in bytes of the key pointed by key_data
239 * \param[in] engine_info Pointer to the engine configuration structure
240 * containing engine parameters determined during
241 * setup
242 *
243 * \return Return values as specified by \ref psa_status_t
244 */
245psa_status_t tfm_crypto_engine_cipher_set_key(
246 union engine_cipher_context *cp,
247 const uint8_t *key_data,
248 const uint32_t key_size,
249 const struct cipher_engine_info *engine_info);
250/**
251 * \brief This function sets the initialisation vector on the crypto engine for
252 * a multipart cipher operation
253 *
254 * \param[in/out] cp Pointer to the cipher engine context to be used
255 * \param[in] iv Pointer to the buffer containing the IV
256 * \param[in] iv_length Size in bytes of the initialisation vector
257 *
258 * \return Return values as specified by \ref psa_status_t
259 */
260psa_status_t tfm_crypto_engine_cipher_set_iv(union engine_cipher_context *cp,
261 const uint8_t *iv,
262 const uint32_t iv_length);
263/**
264 * \brief This function updates a multipart cipher operation on the crypto
265 * engine with a new chunk of input data. It may produce output data.
266 *
267 * \param[in/out] cp Pointer to the cipher engine context to be used
268 * \param[in] input Pointer to the buffer containing the input data
269 * chunk
270 * \param[in] input_length Size in bytes of the input data chunk
271 * \param[out] output Pointer to the buffer containing the output data
272 * \param[out] output_length Pointer to the size in bytes of the data produced
273 * as output
274 *
275 * \return Return values as specified by \ref psa_status_t
276 */
277psa_status_t tfm_crypto_engine_cipher_update(union engine_cipher_context *cp,
278 const uint8_t *input,
279 const uint32_t input_length,
280 uint8_t *output,
281 uint32_t *output_length);
282/**
283 * \brief This function finalises a multipart cipher operation on the crypto
284 * engine. It may produce output data.
285 *
286 * \param[in/out] cp Pointer to the cipher engine context to be used
287 * \param[out] output Pointer to the buffer containing the output data
288 * \param[out] output_length Pointer to the size in bytes of the data produced
289 * as output
290 *
291 * \return Return values as specified by \ref psa_status_t
292 */
293psa_status_t tfm_crypto_engine_cipher_finish(union engine_cipher_context *cp,
294 uint8_t *output,
295 uint32_t *output_length);
296/**
297 * \brief This function releases the crypto engine resources associated to a
298 * multipart cipher operation context
299 *
300 * \param[in/out] cp Pointer to the cipher engine context to be used
301 *
302 * \return Return values as specified by \ref psa_status_t
303 */
304psa_status_t tfm_crypto_engine_cipher_release(union engine_cipher_context *cp);
Antonio de Angelis3a480992018-11-07 11:53:28 +0000[diff] [blame]305
306/**
307 * \brief This function performs an AEAD encryption on the provided data
308 *
309 * \param[in] key_type Key type of the key that will be used
310 * \param[in] alg Algorithm to be used
311 * \param[in] key_data Pointer to the buffer containing key
312 * material
313 * \param[in] key_size Size in bytes of the key pointed to by
314 * key_data
315 * \param[in] nonce Pointer to a buffer holding a nonce or IV
316 * to use
317 * \param[in] nonce_length Size in bytes of the nonce or IV data
318 * \param[in] additional_data Additional information to be authenticated
319 * \param[in] additional_data_length Size in bytes of the additional data
320 * \param[in] plaintext Buffer pointing to data to be encrypted
321 * \param[in] plaintext_length Size in bytes of the plain text buffer
322 * \param[out] ciphertext Output encrypted data, with the
323 * authentication tag appended
324 * \param[in] ciphertext_size Size in bytes of the buffer to hold the
325 * cipher text plus authentication tag
326 * \param[out] ciphertext_length Size of the ciphertext plus tag produced
327 * as output
328 *
329 * \return Return values as specified by \ref psa_status_t
330 */
331psa_status_t tfm_crypto_engine_aead_encrypt(psa_key_type_t key_type,
332 psa_algorithm_t alg,
333 const uint8_t *key_data,
334 uint32_t key_size,
335 const uint8_t *nonce,
336 uint32_t nonce_length,
337 const uint8_t *additional_data,
338 uint32_t additional_data_length,
339 const uint8_t *plaintext,
340 uint32_t plaintext_length,
341 uint8_t *ciphertext,
342 uint32_t ciphertext_size,
343 uint32_t *ciphertext_length);
344/**
345 * \brief This function performs an AEAD decryption on the provided data
346 *
347 * \param[in] key_type Key type of the key that will be used
348 * \param[in] alg Algorithm to be used
349 * \param[in] key_data Pointer to the buffer containing key
350 * material
351 * \param[in] key_size Size in bytes of the key pointed to by
352 * key_data
353 * \param[in] nonce Pointer to a buffer holding a nonce or IV
354 * to use
355 * \param[in] nonce_length Size in bytes of the nonce or IV data
356 * \param[in] additional_data Additional information which was
357 * authenticated but not encrypted
358 * \param[in] additional_data_length Size in bytes of the additional data
359 * \param[in] ciphertext Buffer pointing to data be decrypted
360 * \param[in] ciphertext_length Size in bytes of the cipher text buffer
361 * \param[out] plaintext Buffer for decrypted output data
362 * \param[in] plaintext_size Size in bytes of the buffer to hold the
363 * plain text
364 * \param[out] plaintext_length Size of the plain text actually produced
365 *
366 * \return Return values as specified by \ref psa_status_t
367 */
368psa_status_t tfm_crypto_engine_aead_decrypt(psa_key_type_t key_type,
369 psa_algorithm_t alg,
370 const uint8_t *key_data,
371 uint32_t key_size,
372 const uint8_t *nonce,
373 uint32_t nonce_length,
374 const uint8_t *additional_data,
375 uint32_t additional_data_length,
376 const uint8_t *ciphertext,
377 uint32_t ciphertext_length,
378 uint8_t *plaintext,
379 uint32_t plaintext_size,
380 uint32_t *plaintext_length);
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]381#ifdef __cplusplus
382}
383#endif
384
385#endif /* __CRYPTO_ENGINE_H__ */