src/manager/crypto/tz-backend/internals.h

   1 /*
   2  *  Copyright (c) 2017 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
   3  *
   4  *  Licensed under the Apache License, Version 2.0 (the "License");
   5  *  you may not use this file except in compliance with the License.
   6  *  You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  *  Unless required by applicable law or agreed to in writing, software
  11  *  distributed under the License is distributed on an "AS IS" BASIS,
  12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  *  See the License for the specific language governing permissions and
  14  *  limitations under the License
  15  */
  16 /*
  17  * @file       internals.h
  18  * @author     Krzysztof Dynowski (k.dynowski@samsung.com)
  19  * @author     Lukasz Kostyra (l.kostyra@samsung.com)
  20  * @version    1.0
  21  */
  22 #pragma once
  23
  24 #include <ckm/ckm-type.h>
  25 #include <data-type.h>
  26 #include <tz-backend/obj.h>
  27 #include <generic-backend/gstore.h>
  28
  29 namespace CKM {
  30 namespace Crypto {
  31 namespace TZ {
  32 namespace Internals {
  33
  34 using DataPair = std::pair<Data, Data>;
  35 using BufferPair = std::pair<RawBuffer, RawBuffer>;
  36
  37 // encryption schema + buffer pair
  38 using KeyIdPair = std::pair<int, RawBuffer>;
  39
  40 RawBuffer generateIV();
  41
  42 AlgoType generateAKey(const CryptoAlgorithm &alg,
  43                                         const Password &pubPwd,
  44                                         const Password &privPwd,
  45                                         const RawBuffer &pubPwdIv,
  46                                         const RawBuffer &privPwdIv,
  47                                         RawBuffer &pubTag,
  48                                         RawBuffer &privTag,
  49                                         const RawBuffer &hashPriv,
  50                                         const RawBuffer &hashPub);
  51
  52 void generateSKey(const CryptoAlgorithm &alg,
  53                                 const Password &pwd,
  54                                 const RawBuffer &iv,
  55                                 RawBuffer &tag,
  56                                 const RawBuffer &hash);
  57
  58 void importData(const Data &key,
  59                                          const EncryptionParams &encData,
  60                                          const Password &pwd,
  61                                          const RawBuffer &pwdIV,
  62                                          RawBuffer &tag,
  63                                          const RawBuffer &hash);
  64
  65 void importWrappedKey(const RawBuffer &wrappingKeyId,
  66                                           const Pwd &wrappingKeyPwd,
  67                                           const CryptoAlgorithm &alg,
  68                                           const Data &encryptedKey,
  69                                           const Password &encryptedKeyPassword,
  70                                           const RawBuffer &encryptedKeyIV,
  71                                           RawBuffer &encryptedKeyTag,
  72                                           const RawBuffer &encryptedKeyId);
  73
  74 RawBuffer exportWrappedKey(const RawBuffer &wrappingKeyId,
  75                                                    const Pwd &wrappingKeyPwd,
  76                                                    const CryptoAlgorithm &alg,
  77                                                    const RawBuffer &keyToWrapId,
  78                                                    const Pwd &keyToWrapPwd,
  79                                                    const DataType &keyToWrapType);
  80
  81 RawBuffer getData(const RawBuffer &dataId,
  82                                   const Pwd &pwd,
  83                                   const DataType &type);
  84
  85 void destroyData(const RawBuffer &dataId);
  86
  87 void destroyKey(const RawBuffer &keyId);
  88
  89 RawBuffer symmetricEncrypt(
  90         const RawBuffer &keyId,
  91         const Pwd &pwd,
  92         const CryptoAlgorithm &alg,
  93         const RawBuffer &data);
  94
  95 RawBuffer symmetricDecrypt(
  96         const RawBuffer &keyId,
  97         const Pwd &pwd,
  98         const CryptoAlgorithm &alg,
  99         const RawBuffer &cipher);
 100
 101 RawBuffer asymmetricEncrypt(
 102         const RawBuffer &keyId,
 103         const Pwd &pwd,
 104         const CryptoAlgorithm &alg,
 105         const RawBuffer &data);
 106
 107 RawBuffer asymmetricDecrypt(
 108         const RawBuffer &keyId,
 109         const Pwd &pwd,
 110         const CryptoAlgorithm &alg,
 111         const RawBuffer &cipher);
 112
 113 BufferPair encryptDataAesGcm(const RawBuffer &keyId,
 114                                                         const Pwd &pwd,
 115                                                         const RawBuffer &iv,
 116                                                         int tagSize,
 117                                                         const RawBuffer &data,
 118                                                         const RawBuffer &aad = RawBuffer());
 119
 120 RawBuffer decryptDataAesGcm(const RawBuffer &keyId,
 121                                                         const Pwd &pwd,
 122                                                         const RawBuffer &iv,
 123                                                         const RawBuffer &tag,
 124                                                         const RawBuffer &data,
 125                                                         const RawBuffer &aad = RawBuffer());
 126
 127 uint32_t initCipher(const RawBuffer &keyId,
 128                                         const Pwd &pwd,
 129                                         const CryptoAlgorithm &alg,
 130                                         bool encrypt);
 131
 132 void addAAD(uint32_t opId,
 133                         const RawBuffer &aad);
 134
 135 RawBuffer updateCipher(uint32_t opId,
 136                                            const RawBuffer &data);
 137
 138 RawBuffer finalizeCipher(uint32_t opId,
 139                                                  const RawBuffer &data);
 140
 141 void cleanupCipher(uint32_t opId);
 142
 143 RawBuffer sign(const RawBuffer &pkeyId,
 144                         const Pwd &pwd,
 145                         const CryptoAlgorithm &alg,
 146                         const RawBuffer &message);
 147
 148 int verify(const RawBuffer &pkeyId,
 149                 const Pwd &pwd,
 150                 const CryptoAlgorithm &alg,
 151                 const RawBuffer &message,
 152                 const RawBuffer &signature);
 153
 154 void deriveECDH(const RawBuffer &prvKeyId,
 155                                 const Pwd &prvKeyPwd,
 156                                 const RawBuffer &pubKey,
 157                                 const Password &secretPwd,
 158                                 const RawBuffer &secretPwdIV,
 159                                 RawBuffer &secretTag,
 160                                 const RawBuffer &secretHash);
 161
 162 void deriveKBKDF(const RawBuffer &secretId,
 163                                  const Pwd &secretPwd,
 164                                  const CryptoAlgorithm &alg,
 165                                  const Password &keyPwd,
 166                                  const RawBuffer &keyPwdIV,
 167                                  RawBuffer &keyTag,
 168                                  const RawBuffer &keyHash);
 169
 170 size_t maxChunkSize();
 171 } // namespace Internals
 172 } // namespace TZ
 173 } // namespace Crypto
 174 } // namespace CKM