1 /*
2  * Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #ifndef CRYPTO_CLIENT_H
8 #define CRYPTO_CLIENT_H
9 
10 #include <cstdint>
11 #include <psa/crypto.h>
12 #include <service/common/client/service_client.h>
13 
14 /*
15  * Provides a client interface for accessing an instance of the Crypto service
16  * using a C++ version of the PSA Crypto API.
17  */
18 class crypto_client
19 {
20 public:
21 	virtual ~crypto_client();
22 
23 	int err_rpc_status() const;
24 	struct service_info get_service_info() const;
25 
26 	/* Key lifecycle methods */
27 	virtual psa_status_t generate_key(
28 		const psa_key_attributes_t *attributes,
29 		psa_key_id_t *id) = 0;
30 
31 	virtual psa_status_t destroy_key(
32 		psa_key_id_t id) = 0;
33 
34 	virtual psa_status_t import_key(
35 		const psa_key_attributes_t *attributes,
36 		const uint8_t *data, size_t data_length,
37 		psa_key_id_t *id) = 0;
38 
39 	virtual psa_status_t copy_key(
40 		psa_key_id_t source_key,
41 		const psa_key_attributes_t *attributes,
42 		psa_key_id_t *target_key) = 0;
43 
44 	virtual psa_status_t purge_key(
45 		psa_key_id_t id) = 0;
46 
47 	virtual psa_status_t get_key_attributes(
48 		psa_key_id_t id,
49 		psa_key_attributes_t *attributes) = 0;
50 
51 	/* Key export methods */
52 	virtual psa_status_t export_key(
53 		psa_key_id_t id,
54 		uint8_t *data, size_t data_size, size_t *data_length) = 0;
55 
56 	virtual psa_status_t export_public_key(
57 		psa_key_id_t id,
58 		uint8_t *data, size_t data_size, size_t *data_length) = 0;
59 
60 	/* Sign/verify hash methods */
61 	virtual psa_status_t sign_hash(
62 		psa_key_id_t id,
63 		psa_algorithm_t alg,
64 		const uint8_t *hash, size_t hash_length,
65 		uint8_t *signature, size_t signature_size, size_t *signature_length) = 0;
66 
67 	virtual psa_status_t verify_hash(
68 		psa_key_id_t id,
69 		psa_algorithm_t alg,
70 		const uint8_t *hash, size_t hash_length,
71 		const uint8_t *signature, size_t signature_length) = 0;
72 
73 	/* Sign/verify message methods */
74 	virtual psa_status_t sign_message(
75 		psa_key_id_t id,
76 		psa_algorithm_t alg,
77 		const uint8_t *message, size_t message_length,
78 		uint8_t *signature, size_t signature_size, size_t *signature_length) = 0;
79 
80 	virtual psa_status_t verify_message(
81 		psa_key_id_t id,
82 		psa_algorithm_t alg,
83 		const uint8_t *message, size_t message_length,
84 		const uint8_t *signature, size_t signature_length) = 0;
85 
86 	/* Asymmetric encrypt/decrypt */
87 	virtual psa_status_t asymmetric_encrypt(
88 		psa_key_id_t id,
89 		psa_algorithm_t alg,
90 		const uint8_t *input, size_t input_length,
91 		const uint8_t *salt, size_t salt_length,
92 		uint8_t *output, size_t output_size, size_t *output_length) = 0;
93 
94 	virtual psa_status_t asymmetric_decrypt(
95 		psa_key_id_t id,
96 		psa_algorithm_t alg,
97 		const uint8_t *input, size_t input_length,
98 		const uint8_t *salt, size_t salt_length,
99 		uint8_t *output, size_t output_size, size_t *output_length) = 0;
100 
101 	/* Random number generation */
102 	virtual psa_status_t generate_random(
103 		uint8_t *output, size_t output_size) = 0;
104 
105 	/* Hash methods */
106 	virtual size_t hash_max_update_size() const = 0;
107 
108 	virtual psa_status_t hash_setup(
109 		uint32_t *op_handle,
110 		psa_algorithm_t alg) = 0;
111 
112 	virtual psa_status_t hash_update(
113 		uint32_t op_handle,
114 		const uint8_t *input, size_t input_length) = 0;
115 
116 	virtual psa_status_t hash_finish(
117 		uint32_t op_handle,
118 		uint8_t *hash, size_t hash_size, size_t *hash_length) = 0;
119 
120 	virtual psa_status_t hash_abort(
121 		uint32_t op_handle) = 0;
122 
123 	virtual psa_status_t hash_verify(
124 		uint32_t op_handle,
125 		const uint8_t *hash, size_t hash_length) = 0;
126 
127 	virtual psa_status_t hash_clone(
128 		uint32_t source_op_handle,
129 		uint32_t *target_op_handle) = 0;
130 
131 	/* Cipher methods */
132 	virtual size_t cipher_max_update_size() const = 0;
133 
134 	virtual psa_status_t cipher_encrypt_setup(
135 		uint32_t *op_handle,
136 		psa_key_id_t key,
137 		psa_algorithm_t alg) = 0;
138 
139 	virtual psa_status_t cipher_decrypt_setup(
140 		uint32_t *op_handle,
141 		psa_key_id_t key,
142 		psa_algorithm_t alg) = 0;
143 
144 	virtual psa_status_t cipher_generate_iv(
145 		uint32_t op_handle,
146 		uint8_t *iv, size_t iv_size, size_t *iv_length) = 0;
147 
148 	virtual psa_status_t cipher_set_iv(
149 		uint32_t op_handle,
150 		const uint8_t *iv, size_t iv_length) = 0;
151 
152 	virtual psa_status_t cipher_update(
153 		uint32_t op_handle,
154 		const uint8_t *input, size_t input_length,
155 		uint8_t *output, size_t output_size, size_t *output_length) = 0;
156 
157 	virtual psa_status_t cipher_finish(
158 		uint32_t op_handle,
159 		uint8_t *output, size_t output_size, size_t *output_length) = 0;
160 
161 	virtual psa_status_t cipher_abort(
162 		uint32_t op_handle) = 0;
163 
164 	/* MAC methods */
165 	virtual size_t mac_max_update_size() const = 0;
166 
167 	virtual psa_status_t mac_sign_setup(
168 		uint32_t *op_handle,
169 		psa_key_id_t key,
170 		psa_algorithm_t alg) = 0;
171 
172 	virtual psa_status_t mac_verify_setup(
173 		uint32_t *op_handle,
174 		psa_key_id_t key,
175 		psa_algorithm_t alg) = 0;
176 
177 	virtual psa_status_t mac_update(
178 		uint32_t op_handle,
179 		const uint8_t *input, size_t input_length) = 0;
180 
181 	virtual psa_status_t mac_sign_finish(
182 		uint32_t op_handle,
183 		uint8_t *mac, size_t mac_size, size_t *mac_length) = 0;
184 
185 	virtual psa_status_t mac_verify_finish(
186 		uint32_t op_handle,
187 		const uint8_t *mac, size_t mac_length) = 0;
188 
189 	virtual psa_status_t mac_abort(
190 		uint32_t op_handle) = 0;
191 
192 	/* Key derivation methods */
193 	virtual psa_status_t key_derivation_setup(
194 		uint32_t *op_handle,
195 		psa_algorithm_t alg) = 0;
196 
197 	virtual psa_status_t key_derivation_get_capacity(
198 		const uint32_t op_handle,
199 		size_t *capacity) = 0;
200 
201 	virtual psa_status_t key_derivation_set_capacity(
202 		uint32_t op_handle,
203 		size_t capacity) = 0;
204 
205 	virtual psa_status_t key_derivation_input_bytes(
206 		uint32_t op_handle,
207 		psa_key_derivation_step_t step,
208 		const uint8_t *data, size_t data_length) = 0;
209 
210 	virtual psa_status_t key_derivation_input_key(
211 		uint32_t op_handle,
212 		psa_key_derivation_step_t step,
213 		psa_key_id_t key) = 0;
214 
215 	virtual psa_status_t key_derivation_output_bytes(
216 		uint32_t op_handle,
217 		uint8_t *output, size_t output_length) = 0;
218 
219 	virtual psa_status_t key_derivation_output_key(
220 		const psa_key_attributes_t *attributes,
221 		uint32_t op_handle,
222 		psa_key_id_t *key) = 0;
223 
224 	virtual psa_status_t key_derivation_abort(
225 		uint32_t op_handle) = 0;
226 
227 	virtual psa_status_t key_derivation_key_agreement(
228 		uint32_t op_handle,
229 		psa_key_derivation_step_t step,
230 		psa_key_id_t private_key,
231 		const uint8_t *peer_key, size_t peer_key_length) = 0;
232 
233 	virtual psa_status_t raw_key_agreement(psa_algorithm_t alg,
234 		psa_key_id_t private_key,
235 		const uint8_t *peer_key, size_t peer_key_length,
236 		uint8_t *output, size_t output_size, size_t *output_length) = 0;
237 
238 	virtual int verify_pkcs7_signature(const uint8_t *signature_cert,
239 					   uint64_t signature_cert_len, const uint8_t *hash,
240 					   uint64_t hash_len, const uint8_t *public_key_cert,
241 					   uint64_t public_key_cert_len) = 0;
242 
243 	virtual int get_uefi_priv_auth_var_fingerprint(const uint8_t *signature_cert,
244 						       uint64_t signature_cert_len,
245 						       uint8_t *output) = 0;
246 
247 protected:
248 	crypto_client();
249 	crypto_client(struct rpc_caller_session *session);
250 	void set_caller(struct rpc_caller_session *session);
251 
252 	struct service_client m_client;
253 };
254 
255 #endif /* CRYPTO_CLIENT_H */
256