1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3  * Copyright (c) 2017-2020, Linaro Limited
4  */
5 
6 #ifndef PKCS11_TA_PROCESSING_H
7 #define PKCS11_TA_PROCESSING_H
8 
9 #include <pkcs11_attributes.h>
10 #include <pkcs11_ta.h>
11 #include <tee_internal_api.h>
12 
13 struct pkcs11_client;
14 struct pkcs11_session;
15 struct pkcs11_object;
16 struct active_processing;
17 
18 /**
19  * RSA PSS processing context
20  *
21  * @hash_alg: Hash algorithm mechanism
22  * @mgf_type: Mask generator function
23  * @salt_len: Length of the salt in bytes
24  */
25 struct rsa_pss_processing_ctx {
26 	enum pkcs11_mechanism_id hash_alg;
27 	enum pkcs11_mgf_id mgf_type;
28 	uint32_t salt_len;
29 };
30 
31 /**
32  * RSA OAEP processing context
33  *
34  * @hash_alg: Hash algorithm mechanism
35  * @mgf_type: Mask generator function
36  * @source_type: Type of source.
37  * @source_data_len: Length of the source data.
38  * @source_data: Source data.
39  */
40 struct rsa_oaep_processing_ctx {
41 	enum pkcs11_mechanism_id hash_alg;
42 	enum pkcs11_mgf_id mgf_type;
43 	uint32_t source_type;
44 	uint32_t source_data_len;
45 	uint8_t source_data[];
46 };
47 
48 /**
49  * RSA AES key wrap processing context
50  *
51  * @hash_alg: Hash algorithm mechanism
52  * @mgf_type: Mask generator function
53  * @aes_key_bits: Length of AES key in bits
54  * @source_type: Type of source.
55  * @source_data_len: Length of the source data.
56  * @source_data: Source data.
57  */
58 struct rsa_aes_key_wrap_processing_ctx {
59 	enum pkcs11_mechanism_id hash_alg;
60 	enum pkcs11_mgf_id mgf_type;
61 	uint32_t aes_key_bits;
62 	uint32_t source_type;
63 	uint32_t source_data_len;
64 	uint8_t source_data[];
65 };
66 
67 /**
68  * EDDSA processing context
69  *
70  * @flag: Prehash flag
71  * @ctx_len: Length of the context data
72  * @ctx: Context data
73  */
74 struct eddsa_processing_ctx {
75 	uint32_t flag;
76 	uint32_t ctx_len;
77 	uint8_t ctx[];
78 };
79 
80 /*
81  * Entry points from PKCS11 TA invocation commands
82  */
83 
84 enum pkcs11_rc entry_generate_secret(struct pkcs11_client *client,
85 				     uint32_t ptypes, TEE_Param *params);
86 
87 enum pkcs11_rc entry_generate_key_pair(struct pkcs11_client *client,
88 				       uint32_t ptypes, TEE_Param *params);
89 
90 enum pkcs11_rc entry_processing_init(struct pkcs11_client *client,
91 				     uint32_t ptypes, TEE_Param *params,
92 				     enum processing_func function);
93 
94 enum pkcs11_rc entry_processing_step(struct pkcs11_client *client,
95 				     uint32_t ptypes, TEE_Param *params,
96 				     enum processing_func function,
97 				     enum processing_step step);
98 
99 enum pkcs11_rc entry_processing_key(struct pkcs11_client *client,
100 				    uint32_t ptypes, TEE_Param *params,
101 				    enum processing_func function);
102 
103 enum pkcs11_rc entry_release_active_processing(struct pkcs11_client *client,
104 					       uint32_t ptypes,
105 					       TEE_Param *params);
106 
107 enum pkcs11_rc entry_wrap_key(struct pkcs11_client *client,
108 			      uint32_t ptypes, TEE_Param *params);
109 
110 /*
111  * Util
112  */
113 size_t get_object_key_bit_size(struct pkcs11_object *obj);
114 
115 void release_active_processing(struct pkcs11_session *session);
116 
117 enum pkcs11_rc alloc_get_tee_attribute_data(TEE_ObjectHandle tee_obj,
118 					    uint32_t attribute,
119 					    void **data, size_t *size);
120 
121 enum pkcs11_rc tee2pkcs_add_attribute(struct obj_attrs **head,
122 				      uint32_t pkcs11_id,
123 				      TEE_ObjectHandle tee_obj,
124 				      uint32_t tee_id);
125 
126 /* Asymmetric key operations util */
127 bool processing_is_tee_asymm(uint32_t proc_id);
128 
129 enum pkcs11_rc init_asymm_operation(struct pkcs11_session *session,
130 				    enum processing_func function,
131 				    struct pkcs11_attribute_head *proc_params,
132 				    struct pkcs11_object *obj);
133 
134 enum pkcs11_rc step_asymm_operation(struct pkcs11_session *session,
135 				    enum processing_func function,
136 				    enum processing_step step,
137 				    uint32_t ptypes, TEE_Param *params);
138 
139 enum pkcs11_rc wrap_data_by_asymm_enc(struct pkcs11_session *session,
140 				      void *data, uint32_t data_sz,
141 				      void *out_buf, uint32_t *out_sz);
142 
143 enum pkcs11_rc unwrap_key_by_asymm(struct pkcs11_session *session, void *data,
144 				   uint32_t data_sz, void **out_buf,
145 				   uint32_t *out_sz);
146 
147 /*
148  * Symmetric crypto algorithm specific functions
149  */
150 bool processing_is_tee_symm(uint32_t proc_id);
151 
152 enum pkcs11_rc init_symm_operation(struct pkcs11_session *session,
153 				   enum processing_func function,
154 				   struct pkcs11_attribute_head *proc_params,
155 				   struct pkcs11_object *key);
156 
157 enum pkcs11_rc step_symm_operation(struct pkcs11_session *session,
158 				   enum processing_func function,
159 				   enum processing_step step,
160 				   uint32_t ptypes, TEE_Param *params);
161 
162 enum pkcs11_rc tee_init_ctr_operation(struct active_processing *processing,
163 				      void *proc_params, size_t params_size);
164 
165 enum pkcs11_rc derive_key_by_symm_enc(struct pkcs11_session *session,
166 				      void **out_buf, uint32_t *out_sz);
167 
168 enum pkcs11_rc wrap_data_by_symm_enc(struct pkcs11_session *session,
169 				     void *data, uint32_t data_sz,
170 				     void *out_buf, uint32_t *out_sz);
171 
172 enum pkcs11_rc unwrap_key_by_symm(struct pkcs11_session *session, void *data,
173 				  uint32_t data_sz, void **out_buf,
174 				  uint32_t *out_sz);
175 
176 /* Digest specific functions */
177 bool processing_is_tee_digest(enum pkcs11_mechanism_id mecha_id);
178 
179 enum pkcs11_rc
180 init_digest_operation(struct pkcs11_session *session,
181 		      struct pkcs11_attribute_head *proc_params);
182 
183 enum pkcs11_rc step_digest_operation(struct pkcs11_session *session,
184 				     enum processing_step step,
185 				     struct pkcs11_object *obj,
186 				     uint32_t ptypes, TEE_Param *params);
187 
188 /*
189  * Elliptic curve crypto algorithm specific functions
190  */
191 enum pkcs11_rc load_tee_ec_key_attrs(TEE_Attribute **tee_attrs,
192 				     size_t *tee_count,
193 				     struct pkcs11_object *obj);
194 
195 enum pkcs11_rc load_tee_eddsa_key_attrs(TEE_Attribute **tee_attrs,
196 					size_t *tee_count,
197 					struct pkcs11_object *obj);
198 
199 size_t ec_params2tee_keysize(void *attr, size_t size);
200 
201 uint32_t ec_params2tee_curve(void *attr, size_t size);
202 
203 enum pkcs11_rc pkcs2tee_algo_ecdsa(uint32_t *tee_id,
204 				   struct pkcs11_attribute_head *proc_params,
205 				   struct pkcs11_object *obj);
206 
207 enum pkcs11_rc generate_ec_keys(struct pkcs11_attribute_head *proc_params,
208 				struct obj_attrs **pub_head,
209 				struct obj_attrs **priv_head);
210 
211 enum pkcs11_rc generate_eddsa_keys(struct pkcs11_attribute_head *proc_params,
212 				   struct obj_attrs **pub_head,
213 				   struct obj_attrs **priv_head);
214 
215 size_t ecdsa_get_input_max_byte_size(TEE_OperationHandle op);
216 
217 /*
218  * RSA crypto algorithm specific functions
219  */
220 enum pkcs11_rc load_tee_rsa_key_attrs(TEE_Attribute **tee_attrs,
221 				      size_t *tee_count,
222 				      struct pkcs11_object *obj);
223 
224 enum pkcs11_rc
225 pkcs2tee_proc_params_rsa_pss(struct active_processing *proc,
226 			     struct pkcs11_attribute_head *proc_params);
227 
228 enum pkcs11_rc pkcs2tee_validate_rsa_pss(struct active_processing *proc,
229 					 struct pkcs11_object *obj);
230 
231 enum pkcs11_rc pkcs2tee_algo_rsa_pss(uint32_t *tee_id,
232 				     struct pkcs11_attribute_head *params);
233 
234 enum pkcs11_rc
235 pkcs2tee_proc_params_rsa_oaep(struct active_processing *proc,
236 			      struct pkcs11_attribute_head *proc_params);
237 
238 enum pkcs11_rc
239 pkcs2tee_proc_params_rsa_aes_wrap(struct active_processing *proc,
240 				  struct pkcs11_attribute_head *proc_params);
241 
242 enum pkcs11_rc
243 pkcs2tee_proc_params_eddsa(struct active_processing *proc,
244 			   struct pkcs11_attribute_head *proc_params);
245 
246 enum pkcs11_rc pkcs2tee_algo_rsa_oaep(uint32_t *tee_id, uint32_t *tee_hash_id,
247 				      struct pkcs11_attribute_head *params);
248 
249 enum pkcs11_rc
250 pkcs2tee_algo_rsa_aes_wrap(uint32_t *tee_id, uint32_t *tee_hash_id,
251 			   struct pkcs11_attribute_head *params);
252 
253 enum pkcs11_rc generate_rsa_keys(struct pkcs11_attribute_head *proc_params,
254 				 struct obj_attrs **pub_head,
255 				 struct obj_attrs **priv_head);
256 
257 size_t rsa_get_input_max_byte_size(TEE_OperationHandle op);
258 
259 enum pkcs11_rc do_asymm_derivation(struct pkcs11_session *session,
260 				   struct pkcs11_attribute_head *proc_params,
261 				   struct obj_attrs **head);
262 
263 enum pkcs11_rc pkcs2tee_param_ecdh(struct pkcs11_attribute_head *proc_params,
264 				   void **pub_data, size_t *pub_size);
265 
266 enum pkcs11_rc pkcs2tee_algo_ecdh(uint32_t *tee_id,
267 				  struct pkcs11_attribute_head *proc_params,
268 				  struct pkcs11_object *obj);
269 
270 #endif /*PKCS11_TA_PROCESSING_H*/
271