1 /*
2  * Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #ifndef PACKEDC_CRYPTO_CLIENT_H
8 #define PACKEDC_CRYPTO_CLIENT_H
9 
10 #include "rpc_caller_session.h"
11 #include <service/crypto/client/cpp/crypto_client.h>
12 #include <protocols/service/crypto/packed-c/key_attributes.h>
13 
14 /*
15  * A concrete crypto_client that uses the packed-c based crypto access protocol
16  */
17 class packedc_crypto_client : public crypto_client
18 {
19 public:
20 	packedc_crypto_client();
21 	packedc_crypto_client(struct rpc_caller_session *session);
22 	virtual ~packedc_crypto_client();
23 
24 	/* Key lifecycle methods */
25 	psa_status_t generate_key(
26 		const psa_key_attributes_t *attributes,
27 		psa_key_id_t *id);
28 
29 	psa_status_t destroy_key(
30 		psa_key_id_t id);
31 
32 	psa_status_t import_key(
33 		const psa_key_attributes_t *attributes,
34 		const uint8_t *data, size_t data_length,
35 		psa_key_id_t *id);
36 
37 	psa_status_t copy_key(
38 		psa_key_id_t source_key,
39 		const psa_key_attributes_t *attributes,
40 		psa_key_id_t *target_key);
41 
42 	psa_status_t purge_key(
43 		psa_key_id_t id);
44 
45 	psa_status_t get_key_attributes(
46 		psa_key_id_t id,
47 		psa_key_attributes_t *attributes);
48 
49 	/* Key export methods */
50 	psa_status_t export_key(
51 		psa_key_id_t id,
52 		uint8_t *data, size_t data_size, size_t *data_length);
53 
54 	psa_status_t export_public_key(
55 		psa_key_id_t id,
56 		uint8_t *data, size_t data_size, size_t *data_length);
57 
58 	/* Sign/verify hash methods */
59 	psa_status_t sign_hash(
60 		psa_key_id_t id,
61 		psa_algorithm_t alg,
62 		const uint8_t *hash, size_t hash_length,
63 		uint8_t *signature, size_t signature_size, size_t *signature_length);
64 
65 	psa_status_t verify_hash(
66 		psa_key_id_t id,
67 		psa_algorithm_t alg,
68 		const uint8_t *hash, size_t hash_length,
69 		const uint8_t *signature, size_t signature_length);
70 
71 	/* Sign/verify message methods */
72 	psa_status_t sign_message(
73 		psa_key_id_t id,
74 		psa_algorithm_t alg,
75 		const uint8_t *message, size_t message_length,
76 		uint8_t *signature, size_t signature_size, size_t *signature_length);
77 
78 	psa_status_t verify_message(
79 		psa_key_id_t id,
80 		psa_algorithm_t alg,
81 		const uint8_t *message, size_t message_length,
82 		const uint8_t *signature, size_t signature_length);
83 
84 	/* Asymmetric encrypt/decrypt */
85 	psa_status_t asymmetric_encrypt(
86 		psa_key_id_t id,
87 		psa_algorithm_t alg,
88 		const uint8_t *input, size_t input_length,
89 		const uint8_t *salt, size_t salt_length,
90 		uint8_t *output, size_t output_size, size_t *output_length);
91 
92 	psa_status_t asymmetric_decrypt(
93 		psa_key_id_t id,
94 		psa_algorithm_t alg,
95 		const uint8_t *input, size_t input_length,
96 		const uint8_t *salt, size_t salt_length,
97 		uint8_t *output, size_t output_size, size_t *output_length);
98 
99 	/* Random number generation */
100 	psa_status_t generate_random(
101 		uint8_t *output, size_t output_size);
102 
103 	/* Hash methods */
104 	size_t hash_max_update_size() const;
105 
106 	psa_status_t hash_setup(
107 		uint32_t *op_handle,
108 		psa_algorithm_t alg);
109 
110 	psa_status_t hash_update(
111 		uint32_t op_handle,
112 		const uint8_t *input, size_t input_length);
113 
114 	psa_status_t hash_finish(
115 		uint32_t op_handle,
116 		uint8_t *hash, size_t hash_size, size_t *hash_length);
117 
118 	psa_status_t hash_abort(
119 		uint32_t op_handle);
120 
121 	psa_status_t hash_verify(
122 		uint32_t op_handle,
123 		const uint8_t *hash, size_t hash_length);
124 
125 	psa_status_t hash_clone(
126 		uint32_t source_op_handle,
127 		uint32_t *target_op_handle);
128 
129 	/* Cipher methods */
130 	size_t cipher_max_update_size() const;
131 
132 	psa_status_t cipher_encrypt_setup(
133 		uint32_t *op_handle,
134 		psa_key_id_t key,
135 		psa_algorithm_t alg);
136 
137 	psa_status_t cipher_decrypt_setup(
138 		uint32_t *op_handle,
139 		psa_key_id_t key,
140 		psa_algorithm_t alg);
141 
142 	psa_status_t cipher_generate_iv(
143 		uint32_t op_handle,
144 		uint8_t *iv, size_t iv_size, size_t *iv_length);
145 
146 	psa_status_t cipher_set_iv(
147 		uint32_t op_handle,
148 		const uint8_t *iv, size_t iv_length);
149 
150 	psa_status_t cipher_update(
151 		uint32_t op_handle,
152 		const uint8_t *input, size_t input_length,
153 		uint8_t *output, size_t output_size, size_t *output_length);
154 
155 	psa_status_t cipher_finish(
156 		uint32_t op_handle,
157 		uint8_t *output, size_t output_size, size_t *output_length);
158 
159 	psa_status_t cipher_abort(
160 		uint32_t op_handle);
161 
162 	/* MAC methods */
163 	size_t mac_max_update_size() const;
164 
165 	psa_status_t mac_sign_setup(
166 		uint32_t *op_handle,
167 		psa_key_id_t key,
168 		psa_algorithm_t alg);
169 
170 	psa_status_t mac_verify_setup(
171 		uint32_t *op_handle,
172 		psa_key_id_t key,
173 		psa_algorithm_t alg);
174 
175 	psa_status_t mac_update(
176 		uint32_t op_handle,
177 		const uint8_t *input, size_t input_length);
178 
179 	psa_status_t mac_sign_finish(
180 		uint32_t op_handle,
181 		uint8_t *mac, size_t mac_size, size_t *mac_length);
182 
183 	psa_status_t mac_verify_finish(
184 		uint32_t op_handle,
185 		const uint8_t *mac, size_t mac_length);
186 
187 	psa_status_t mac_abort(
188 		uint32_t op_handle);
189 
190 	/* Key derivation methods */
191 	psa_status_t key_derivation_setup(
192 		uint32_t *op_handle,
193 		psa_algorithm_t alg);
194 
195 	psa_status_t key_derivation_get_capacity(
196 		const uint32_t op_handle,
197 		size_t *capacity);
198 
199 	psa_status_t key_derivation_set_capacity(
200 		uint32_t op_handle,
201 		size_t capacity);
202 
203 	psa_status_t key_derivation_input_bytes(
204 		uint32_t op_handle,
205 		psa_key_derivation_step_t step,
206 		const uint8_t *data, size_t data_length);
207 
208 	psa_status_t key_derivation_input_key(
209 		uint32_t op_handle,
210 		psa_key_derivation_step_t step,
211 		psa_key_id_t key);
212 
213 	psa_status_t key_derivation_output_bytes(
214 		uint32_t op_handle,
215 		uint8_t *output, size_t output_length);
216 
217 	psa_status_t key_derivation_output_key(
218 		const psa_key_attributes_t *attributes,
219 		uint32_t op_handle,
220 		psa_key_id_t *key);
221 
222 	psa_status_t key_derivation_abort(
223 		uint32_t op_handle);
224 
225 	psa_status_t key_derivation_key_agreement(
226 		uint32_t op_handle,
227 		psa_key_derivation_step_t step,
228 		psa_key_id_t private_key,
229 		const uint8_t *peer_key, size_t peer_key_length);
230 
231 	psa_status_t raw_key_agreement(psa_algorithm_t alg,
232 		psa_key_id_t private_key,
233 		const uint8_t *peer_key, size_t peer_key_length,
234 		uint8_t *output, size_t output_size, size_t *output_length);
235 
236 	int verify_pkcs7_signature(const uint8_t *signature_cert, uint64_t signature_cert_len,
237 				   const uint8_t *hash, uint64_t hash_len,
238 				   const uint8_t *public_key_cert, uint64_t public_key_cert_len);
239 
240 	int get_uefi_priv_auth_var_fingerprint(const uint8_t *signature_cert,
241 				    uint64_t signature_cert_len,
242 				    uint8_t *output);
243 };
244 
245 #endif /* PACKEDC_CRYPTO_CLIENT_H */
246