2 * Copyright (c) 2017 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Krzysztof Dynowski (k.dynowski@samsung.com)
19 * @author Lukasz Kostyra (l.kostyra@samsung.com)
24 #include <ckm/ckm-type.h>
25 #include <data-type.h>
26 #include <tz-backend/obj.h>
27 #include <generic-backend/gstore.h>
34 using DataPair = std::pair<Data, Data>;
35 using BufferPair = std::pair<RawBuffer, RawBuffer>;
37 // encryption schema + buffer pair
38 using KeyIdPair = std::pair<int, RawBuffer>;
40 RawBuffer generateIV();
42 AlgoType generateAKey(const CryptoAlgorithm &alg,
43 const Password &pubPwd,
44 const Password &privPwd,
45 const RawBuffer &pubPwdIv,
46 const RawBuffer &privPwdIv,
49 const RawBuffer &hashPriv,
50 const RawBuffer &hashPub);
52 void generateSKey(const CryptoAlgorithm &alg,
56 const RawBuffer &hash);
58 void importData(const Data &key,
59 const EncryptionParams &encData,
61 const RawBuffer &pwdIV,
63 const RawBuffer &hash);
65 void importWrappedKey(const RawBuffer &wrappingKeyId,
66 const Pwd &wrappingKeyPwd,
67 const CryptoAlgorithm &alg,
68 const Data &encryptedKey,
69 const Password &encryptedKeyPassword,
70 const RawBuffer &encryptedKeyIV,
71 RawBuffer &encryptedKeyTag,
72 const RawBuffer &encryptedKeyId);
74 RawBuffer exportWrappedKey(const RawBuffer &wrappingKeyId,
75 const Pwd &wrappingKeyPwd,
76 const CryptoAlgorithm &alg,
77 const RawBuffer &keyToWrapId,
78 const Pwd &keyToWrapPwd,
79 const DataType &keyToWrapType);
81 RawBuffer getData(const RawBuffer &dataId,
83 const DataType &type);
85 void destroyData(const RawBuffer &dataId);
87 void destroyKey(const RawBuffer &keyId);
89 RawBuffer symmetricEncrypt(
90 const RawBuffer &keyId,
92 const CryptoAlgorithm &alg,
93 const RawBuffer &data);
95 RawBuffer symmetricDecrypt(
96 const RawBuffer &keyId,
98 const CryptoAlgorithm &alg,
99 const RawBuffer &cipher);
101 RawBuffer asymmetricEncrypt(
102 const RawBuffer &keyId,
104 const CryptoAlgorithm &alg,
105 const RawBuffer &data);
107 RawBuffer asymmetricDecrypt(
108 const RawBuffer &keyId,
110 const CryptoAlgorithm &alg,
111 const RawBuffer &cipher);
113 BufferPair encryptDataAesGcm(const RawBuffer &keyId,
117 const RawBuffer &data,
118 const RawBuffer &aad = RawBuffer());
120 RawBuffer decryptDataAesGcm(const RawBuffer &keyId,
123 const RawBuffer &tag,
124 const RawBuffer &data,
125 const RawBuffer &aad = RawBuffer());
127 uint32_t initCipher(const RawBuffer &keyId,
129 const CryptoAlgorithm &alg,
132 void addAAD(uint32_t opId,
133 const RawBuffer &aad);
135 RawBuffer updateCipher(uint32_t opId,
136 const RawBuffer &data);
138 RawBuffer finalizeCipher(uint32_t opId,
139 const RawBuffer &data);
141 void cleanupCipher(uint32_t opId);
143 RawBuffer sign(const RawBuffer &pkeyId,
145 const CryptoAlgorithm &alg,
146 const RawBuffer &message);
148 int verify(const RawBuffer &pkeyId,
150 const CryptoAlgorithm &alg,
151 const RawBuffer &message,
152 const RawBuffer &signature);
154 void deriveECDH(const RawBuffer &prvKeyId,
155 const Pwd &prvKeyPwd,
156 const RawBuffer &pubKey,
157 const Password &secretPwd,
158 const RawBuffer &secretPwdIV,
159 RawBuffer &secretTag,
160 const RawBuffer &secretHash);
162 void deriveKBKDF(const RawBuffer &secretId,
163 const Pwd &secretPwd,
164 const CryptoAlgorithm &alg,
165 const Password &keyPwd,
166 const RawBuffer &keyPwdIV,
168 const RawBuffer &keyHash);
170 size_t maxChunkSize();
171 } // namespace Internals
173 } // namespace Crypto