ote_crypto.h

Go to the documentation of this file.

/*
 * Copyright (c) 2013-2017, NVIDIA CORPORATION. All rights reserved
 *
 * Permission is hereby granted, free of charge, to any person obtaining
 * a copy of this software and associated documentation files
 * (the "Software"), to deal in the Software without restriction,
 * including without limitation the rights to use, copy, modify, merge,
 * publish, distribute, sublicense, and/or sell copies of the Software,
 * and to permit persons to whom the Software is furnished to do so,
 * subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be
 * included in all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
 * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
 * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
 * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 */

#ifndef __OTE_CRYPTO_H
#define __OTE_CRYPTO_H

#include <service/ote_attrs.h>

/* Crypto object/operation forward definition.  */
struct __te_crypto_object;
typedef struct __te_crypto_object *te_crypto_object_t;
struct __te_crypto_operation_t;
typedef struct __te_crypto_operation_t *te_crypto_operation_t;

typedef struct {
    uint32_t algorithm;
    uint32_t operation_class;
    uint32_t mode;
    uint32_t digest_length;
    uint32_t key_size;
    uint32_t required_key_usage;
    uint32_t handle_state;
} te_crypto_operation_info_t;

struct __te_crypto_operation_t {
    te_crypto_operation_info_t info;
    void *key;
    void *iv;
    size_t iv_len;
    void *imp_obj;
    te_error_t (*init)(te_crypto_operation_t operation);
    te_error_t (*update)(te_crypto_operation_t operation,
            const void *src_data,
            size_t src_size,
            void *dst_dat,
            size_t *dst_size);
    te_error_t (*do_final)(te_crypto_operation_t operation,
            const void *srd_data,
            size_t src_size,
            void *dst_data,
            size_t *dst_size);
    te_error_t (*handle_req)(te_crypto_operation_t operation,
            const void *src_data,
            size_t src_size,
            void *dst_data,
            size_t *dst_size);
    void (*free)(te_crypto_operation_t operation);
};

typedef struct {
    uint8_t *public_mod;
    int public_mod_len;
    uint8_t *public_expo;
    int public_expo_len;
    uint8_t *private_expo;
    int private_expo_len;
    uint8_t *prime1;
    int prime1_len;
    uint8_t *prime2;
    int prime2_len;
    uint8_t *expo1;
    int expo1_len;
    uint8_t *expo2;
    int expo2_len;
    uint8_t *coeff;
    int coeff_len;
} te_crypto_rsa_key_t;

te_error_t te_allocate_object(te_crypto_object_t *obj);

te_error_t te_populate_object(te_crypto_object_t obj, te_attribute_t *attrs,
        uint32_t attr_count);

void te_free_object(te_crypto_object_t obj);

typedef enum {
    OTE_ALG_AES_ECB_NOPAD   = 0x10000010,
    OTE_ALG_AES_CBC_NOPAD   = 0x10000110,
    OTE_ALG_AES_CTR     = 0x10000210,
    OTE_ALG_AES_CTS     = 0x10000310,
    OTE_ALG_AES_ECB     = 0x10000510,
    OTE_ALG_AES_CBC     = 0x10000610,
    OTE_ALG_AES_CBC_256 = 0x10000710,
    OTE_ALG_AES_CBC_256_NOPAD   = 0x10000810,
    OTE_ALG_AES_CMAC_128    = 0x20000110, /* AES-CBC w/ 128 bit key */
    OTE_ALG_AES_CMAC_192    = 0x20000120, /* AES-CBC w/ 192 bit key */
    OTE_ALG_AES_CMAC_256    = 0x20000130, /* AES-CBC w/ 256 bit key */
    OTE_ALG_SHA_HMAC_224    = 0x20000210, /* HMAC w/ SHA224 */
    OTE_ALG_SHA_HMAC_256    = 0x20000220, /* HMAC w/ SHA256 */
    OTE_ALG_SHA_HMAC_384    = 0x20000230, /* HMAC w/ SHA384 */
    OTE_ALG_SHA_HMAC_512    = 0x20000240, /* HMAC w/ SHA512 */
    OTE_ALG_SHA_HMAC_1  = 0x20000250, /* HMAC w/ SHA1 */
    OTE_ALG_RSA_PKCS_OAEP   = 0x30000100,
    OTE_ALG_RSA_PSS     = 0x30000200,
    OTE_ALG_PKCS1_Block1    = 0x30000300,
    OTE_ALG_DRNG        = 0x50000000, /* Deterministic RNG */
} te_oper_crypto_algo_t;


#define AES_BLOCK_SIZE          16
#define AES_ENCRYPTION_PADDED_SIZE(clearlen) \
        ((((clearlen) + AES_BLOCK_SIZE) / AES_BLOCK_SIZE) * AES_BLOCK_SIZE)

#define OTE_AES_MODE_NEEDS_PADDING(algo) \
    (((algo) == OTE_ALG_AES_ECB) || ((algo) == OTE_ALG_AES_CBC) || \
    ((algo) == OTE_ALG_AES_CBC_256))

typedef enum {
    OTE_ALG_MODE_ENCRYPT,
    OTE_ALG_MODE_DECRYPT,
    OTE_ALG_MODE_SIGN,
    OTE_ALG_MODE_VERIFY,
    OTE_ALG_MODE_DIGEST,
    OTE_ALG_MODE_DERIVE
} te_oper_crypto_algo_mode_t;

te_error_t te_allocate_operation(te_crypto_operation_t *oper,
        te_oper_crypto_algo_t algorithm,
        te_oper_crypto_algo_mode_t mode);

te_error_t te_set_operation_key(te_crypto_operation_t oper,
        te_crypto_object_t obj);

te_error_t te_cipher_init(te_crypto_operation_t oper, void *iv,
        size_t iv_size);

te_error_t te_cipher_update(te_crypto_operation_t oper, const void *src_data,
        size_t src_size, void *dst_data, size_t *dst_size);

te_error_t te_cipher_do_final(te_crypto_operation_t oper, const void *src_data,
        size_t src_len, void *dst_data, size_t *dst_len);

te_error_t te_rsa_init(te_crypto_operation_t oper);

te_error_t te_rsa_get_modulus_size(te_crypto_operation_t oper, size_t *modulus_size_bytes);

te_error_t te_rsa_handle_request(te_crypto_operation_t oper,
        const void *src_data, size_t src_size,
        void *dst_data, size_t *dst_size);

void te_free_operation(te_crypto_operation_t oper);

#define HWRNG_CACHE_SIZE_BYTES 1024
#define HWRNG_CACHE_ENTROPY_SIZE_BYTES 256

/* The hwrng cache is structured as follows:
 * [  Randomness available to TAs  |  Entropy for Crypto Libraries  ]
 *                                 <-HWRNG_CACHE_ENTROPY_SIZE_BYTES->
 * <-----------------HWRNG_CACHE_SIZE_BYTES------------------------->
 */

/*
 * @brief Cache to store random numbers generated by the HW.
 * @cache           Buffer to hold random data
 * @size            Overall Size of the Buffer
 * @entropy_size    Reserved Size to seed Entropy in a s/w crypto library
 * @bytes_available Number of Bytes available in the cache
 */
struct hwrng_cache {
    uint8_t *cache;
    size_t size;
    size_t entropy_size;
    size_t bytes_available;
};

void te_generate_random(void *buffer, size_t size);

te_error_t te_get_attribute_by_id(te_crypto_object_t object,
        te_attribute_id_t id, te_attribute_t **ret);

te_error_t te_crypt_data(te_oper_crypto_algo_mode_t mode,
            te_oper_crypto_algo_t algo, unsigned char *key,
            unsigned int keysize,
            unsigned char *iv, unsigned int ivsize,
            unsigned char *in, unsigned int insize,
            unsigned char *out, unsigned int *outsize);

#endif