1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
/*
* Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef CRYPTO_MOD_H
#define CRYPTO_MOD_H
#define CRYPTO_AUTH_VERIFY_ONLY 1
#define CRYPTO_HASH_CALC_ONLY 2
#define CRYPTO_AUTH_VERIFY_AND_HASH_CALC 3
/* Return values */
enum crypto_ret_value {
CRYPTO_SUCCESS = 0,
CRYPTO_ERR_INIT,
CRYPTO_ERR_HASH,
CRYPTO_ERR_SIGNATURE,
CRYPTO_ERR_DECRYPTION,
CRYPTO_ERR_UNKNOWN
};
#define CRYPTO_MAX_IV_SIZE 16U
#define CRYPTO_MAX_TAG_SIZE 16U
/* Decryption algorithm */
enum crypto_dec_algo {
CRYPTO_GCM_DECRYPT = 0
};
/* Message digest algorithm */
enum crypto_md_algo {
CRYPTO_MD_SHA256,
CRYPTO_MD_SHA384,
CRYPTO_MD_SHA512,
};
/* Maximum size as per the known stronger hash algorithm i.e.SHA512 */
#define CRYPTO_MD_MAX_SIZE 64U
/*
* Cryptographic library descriptor
*/
typedef struct crypto_lib_desc_s {
const char *name;
/* Initialize library. This function is not expected to fail. All errors
* must be handled inside the function, asserting or panicing in case of
* a non-recoverable error */
void (*init)(void);
/* Verify a digital signature. Return one of the
* 'enum crypto_ret_value' options */
int (*verify_signature)(void *data_ptr, unsigned int data_len,
void *sig_ptr, unsigned int sig_len,
void *sig_alg, unsigned int sig_alg_len,
void *pk_ptr, unsigned int pk_len);
/* Verify a hash. Return one of the 'enum crypto_ret_value' options */
int (*verify_hash)(void *data_ptr, unsigned int data_len,
void *digest_info_ptr, unsigned int digest_info_len);
/* Calculate a hash. Return hash value */
int (*calc_hash)(enum crypto_md_algo md_alg, void *data_ptr,
unsigned int data_len,
unsigned char output[CRYPTO_MD_MAX_SIZE]);
/* Convert Public key (optional) */
int (*convert_pk)(void *full_pk_ptr, unsigned int full_pk_len,
void **hashed_pk_ptr, unsigned int *hashed_pk_len);
/*
* Authenticated decryption. Return one of the
* 'enum crypto_ret_value' options.
*/
int (*auth_decrypt)(enum crypto_dec_algo dec_algo, void *data_ptr,
size_t len, const void *key, unsigned int key_len,
unsigned int key_flags, const void *iv,
unsigned int iv_len, const void *tag,
unsigned int tag_len);
} crypto_lib_desc_t;
/* Public functions */
#if CRYPTO_SUPPORT
void crypto_mod_init(void);
#else
static inline void crypto_mod_init(void)
{
}
#endif /* CRYPTO_SUPPORT */
#if (CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY) || \
(CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC)
int crypto_mod_verify_signature(void *data_ptr, unsigned int data_len,
void *sig_ptr, unsigned int sig_len,
void *sig_alg_ptr, unsigned int sig_alg_len,
void *pk_ptr, unsigned int pk_len);
int crypto_mod_verify_hash(void *data_ptr, unsigned int data_len,
void *digest_info_ptr, unsigned int digest_info_len);
#endif /* (CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY) || \
(CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC) */
int crypto_mod_auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr,
size_t len, const void *key, unsigned int key_len,
unsigned int key_flags, const void *iv,
unsigned int iv_len, const void *tag,
unsigned int tag_len);
#if (CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY) || \
(CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC)
int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr,
unsigned int data_len,
unsigned char output[CRYPTO_MD_MAX_SIZE]);
#endif /* (CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY) || \
(CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC) */
int crypto_mod_convert_pk(void *full_pk_ptr, unsigned int full_pk_len,
void **hashed_pk_ptr, unsigned int *hashed_pk_len);
/* Macro to register a cryptographic library */
#define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \
_calc_hash, _auth_decrypt, _convert_pk) \
const crypto_lib_desc_t crypto_lib_desc = { \
.name = _name, \
.init = _init, \
.verify_signature = _verify_signature, \
.verify_hash = _verify_hash, \
.calc_hash = _calc_hash, \
.auth_decrypt = _auth_decrypt, \
.convert_pk = _convert_pk \
}
extern const crypto_lib_desc_t crypto_lib_desc;
#endif /* CRYPTO_MOD_H */
|
