2 * Copyright (c) 2017 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Lukasz Kostyra (l.kostyra@samsung.com)
23 #include <tee_client_api.h>
24 #include <ckm/ckm-raw-buffer.h>
25 #include <data-type.h>
26 #include <km_ta_defines.h>
28 #include <tz-backend/obj.h>
29 #include <generic-backend/encryption-params.h>
30 #include <tz-backend/tz-serializer.h>
37 class TrustZoneContext final
40 static TrustZoneContext& Instance();
42 void generateIV(RawBuffer &iv);
43 void generateSKey(tz_algo_type algo,
45 const RawBuffer &hash);
46 void generateSKeyPwd(tz_algo_type algo,
49 const uint32_t pwdKeySizeBits,
51 const RawBuffer &hash);
52 void generateRSAKey(uint32_t keySizeBits,
53 const RawBuffer &pubPwd,
54 const RawBuffer &pubPwdIv,
55 const RawBuffer &privPwd,
56 const RawBuffer &privPwdIv,
58 RawBuffer &privKeyTag,
59 const RawBuffer &hashPriv,
60 const RawBuffer &hashPub);
61 void generateDSAKey(uint32_t keySizeBits,
62 const RawBuffer &prime,
63 const RawBuffer &subprime,
64 const RawBuffer &base,
65 const RawBuffer &pubPwd,
66 const RawBuffer &pubPwdIv,
67 const RawBuffer &privPwd,
68 const RawBuffer &privPwdIv,
70 RawBuffer &privKeyTag,
71 const RawBuffer &hashPriv,
72 const RawBuffer &hashPub);
73 void generateECKey(tz_ec ec,
74 const RawBuffer &pubPwd,
75 const RawBuffer &pubPwdIv,
76 const RawBuffer &privPwd,
77 const RawBuffer &privPwdIv,
79 RawBuffer &privKeyTag,
80 const RawBuffer &hashPriv,
81 const RawBuffer &hashPub);
83 void importData(uint32_t dataType,
84 const RawBuffer &data,
85 const Crypto::EncryptionParams &encData,
87 const RawBuffer &pwdIV,
88 const uint32_t keySizeBits,
90 const RawBuffer &hash);
92 void importWrappedKey(const RawBuffer &wrappingKeyId,
93 const Pwd &wrappingKeyPwd,
96 const uint32_t ctrLenOrTagSizeBits,
98 const tz_data_type encryptedKeyType,
99 const RawBuffer &encryptedKey,
100 const RawBuffer &encryptedKeyPwdBuf,
101 const RawBuffer &encryptedKeyIV,
102 RawBuffer &encryptedKeyTag,
103 const RawBuffer &encryptedKeyHash);
105 RawBuffer exportWrappedKey(const RawBuffer &wrappingKeyId,
106 const Pwd &wrappingKeyPwd,
109 const uint32_t ctrLenOrTagSizeBits,
110 const RawBuffer &aad,
111 const RawBuffer &keyToWrapId,
112 const Pwd &keyToWrapPwd,
113 tz_data_type keyToWrapType);
115 void executeCrypt(tz_command cmd,
117 const RawBuffer &keyId,
120 const RawBuffer &data,
123 void executeEncryptAE(const RawBuffer &keyId,
127 const RawBuffer &aad,
128 const RawBuffer &data,
131 void executeDecryptAE(const RawBuffer &keyId,
135 const RawBuffer &tag,
136 const RawBuffer &aad,
137 const RawBuffer &data,
140 uint32_t initGcmCipher(uint32_t encrypt,
141 const RawBuffer &keyId,
145 const RawBuffer &aad);
147 void addGcmAAD(uint32_t opId,
148 const RawBuffer &aad);
150 RawBuffer updateGcmCipher(uint32_t opId,
151 const RawBuffer &data);
153 RawBuffer finalizeGcmCipher(uint32_t opId,
154 const RawBuffer &data);
156 void executeSign(tz_algo_type algo,
158 const RawBuffer &keyId,
160 const RawBuffer &message,
161 RawBuffer &signature);
162 int executeVerify(tz_algo_type algo,
164 const RawBuffer &keyId,
166 const RawBuffer &message,
167 const RawBuffer &signature);
169 void executeDestroy(const RawBuffer &keyId);
171 void getData(const RawBuffer &dataId,
173 const tz_data_type type,
176 void destroyData(const RawBuffer &dataId);
178 void executeEcdh(const RawBuffer &prvKeyId,
179 const Pwd &prvKeyPwd,
180 const RawBuffer &pubX,
181 const RawBuffer &pubY,
182 const RawBuffer &secretPwdBuf,
183 const RawBuffer &secretPwdIV,
184 RawBuffer &secretTag,
185 const RawBuffer &secretHash);
187 void executeKbkdf(const RawBuffer& secretId,
188 const Pwd& secretPwd,
190 const RawBuffer& label,
191 const RawBuffer& context,
192 const RawBuffer& fixed,
195 tz_kbkdf_ctr_loc location,
199 const RawBuffer &keyPwdBuf,
200 const RawBuffer &keyPwdIV,
202 const RawBuffer &keyHash);
204 uint32_t getMaxChunkSize();
209 TrustZoneContext(const TrustZoneContext &other) = delete;
210 TrustZoneContext(TrustZoneContext &&other) = delete;
216 void GetDataSize(const RawBuffer &dataId, const tz_data_type type, uint32_t &dataSize);
218 void Execute(tz_command commandID, TEEC_Operation* op);
220 void GenerateAKey(tz_command commandID,
223 const RawBuffer &pubPwd,
224 const RawBuffer &pubPwdIv,
225 const RawBuffer &privPwd,
226 const RawBuffer &privPwdIv,
227 RawBuffer &pubKeyTag,
228 RawBuffer &privKeyTag,
229 const RawBuffer &hashPriv,
230 const RawBuffer &hashPub);
232 TEEC_Context m_Context;
233 TEEC_Session m_Session;
235 bool m_ContextInitialized;
236 bool m_SessionInitialized;
239 } // namespace Internals
241 } // namespace Crypto