projects / platform / core / security / key-manager.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Implement public key extraction in TZ backend
[platform/core/security/key-manager.git] / src / manager / crypto / tz-backend / tz-context.h
1 /*
2  *  Copyright (c) 2017 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *  Licensed under the Apache License, Version 2.0 (the "License");
5  *  you may not use this file except in compliance with the License.
6  *  You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *  Unless required by applicable law or agreed to in writing, software
11  *  distributed under the License is distributed on an "AS IS" BASIS,
12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *  See the License for the specific language governing permissions and
14  *  limitations under the License
15  */
16 /*
17  * @file       tz-context.h
18  * @author     Lukasz Kostyra (l.kostyra@samsung.com)
19  * @version    1.0
20  */
21 #pragma once
22
23 #include <tee_client_api.h>
24 #include <ckm/ckm-raw-buffer.h>
25 #include <data-type.h>
26 #include <km_ta_defines.h>
27 #include <memory>
28 #include <tz-backend/obj.h>
29 #include <generic-backend/encryption-params.h>
30 #include <tz-backend/tz-serializer.h>
31
32 namespace CKM {
33 namespace Crypto {
34 namespace TZ {
35 namespace Internals {
36
37 class TrustZoneContext final
38 {
39 public:
40         static TrustZoneContext& Instance();
41
42         void generateIV(RawBuffer &iv);
43         void generateSKey(tz_algo_type algo,
44                                         uint32_t keySizeBits,
45                                         const RawBuffer &hash);
46         void generateSKeyPwd(tz_algo_type algo,
47                                                 const RawBuffer &pwd,
48                                                 const RawBuffer &iv,
49                                                 const uint32_t pwdKeySizeBits,
50                                                 RawBuffer &pwdTag,
51                                                 const RawBuffer &hash);
52         void generateRSAKey(uint32_t keySizeBits,
53                                         const RawBuffer &pubPwd,
54                                         const RawBuffer &pubPwdIv,
55                                         const RawBuffer &privPwd,
56                                         const RawBuffer &privPwdIv,
57                                         RawBuffer &pubKeyTag,
58                                         RawBuffer &privKeyTag,
59                                         const RawBuffer &hashPriv,
60                                         const RawBuffer &hashPub);
61         void generateDSAKey(uint32_t keySizeBits,
62                                                 const RawBuffer &prime,
63                                                 const RawBuffer &subprime,
64                                                 const RawBuffer &base,
65                                                 const RawBuffer &pubPwd,
66                                                 const RawBuffer &pubPwdIv,
67                                                 const RawBuffer &privPwd,
68                                                 const RawBuffer &privPwdIv,
69                                                 RawBuffer &pubKeyTag,
70                                                 RawBuffer &privKeyTag,
71                                                 const RawBuffer &hashPriv,
72                                                 const RawBuffer &hashPub);
73         void generateECKey(tz_ec ec,
74                                            const RawBuffer &pubPwd,
75                                            const RawBuffer &pubPwdIv,
76                                            const RawBuffer &privPwd,
77                                            const RawBuffer &privPwdIv,
78                                            RawBuffer &pubKeyTag,
79                                            RawBuffer &privKeyTag,
80                                            const RawBuffer &hashPriv,
81                                            const RawBuffer &hashPub);
82
83         void importData(uint32_t dataType,
84                                         const RawBuffer &data,
85                                         const Crypto::EncryptionParams &encData,
86                                         const RawBuffer &pwd,
87                                         const RawBuffer &pwdIV,
88                                         const uint32_t keySizeBits,
89                                         RawBuffer &pwdTag,
90                                         const RawBuffer &hash);
91
92         void importWrappedKey(const RawBuffer &wrappingKeyId,
93                                                   const Pwd &wrappingKeyPwd,
94                                                   tz_algo_type algo,
95                                                   const RawBuffer &iv,
96                                                   const uint32_t ctrLenOrTagSizeBits,
97                                                   const RawBuffer &aad,
98                                                   const tz_data_type encryptedKeyType,
99                                                   const RawBuffer &encryptedKey,
100                                                   const RawBuffer &encryptedKeyPwdBuf,
101                                                   const RawBuffer &encryptedKeyIV,
102                                                   RawBuffer &encryptedKeyTag,
103                                                   const RawBuffer &encryptedKeyHash);
104
105         RawBuffer exportWrappedKey(const RawBuffer &wrappingKeyId,
106                                                            const Pwd &wrappingKeyPwd,
107                                                            tz_algo_type algo,
108                                                            const RawBuffer &iv,
109                                                            const uint32_t ctrLenOrTagSizeBits,
110                                                            const RawBuffer &aad,
111                                                            const RawBuffer &keyToWrapId,
112                                                            const Pwd &keyToWrapPwd);
113
114         void executeCrypt(tz_command cmd,
115                                         tz_algo_type algo,
116                                         const RawBuffer &keyId,
117                                         const Pwd &pwd,
118                                         const RawBuffer &iv,
119                                         const RawBuffer &data,
120                                         RawBuffer &out);
121
122         void executeEncryptAE(const RawBuffer &keyId,
123                                                 const Pwd &pwd,
124                                                 const RawBuffer &iv,
125                                                 int tagSizeBits,
126                                                 const RawBuffer &aad,
127                                                 const RawBuffer &data,
128                                                 RawBuffer &out,
129                                                 RawBuffer &tag);
130         void executeDecryptAE(const RawBuffer &keyId,
131                                                 const Pwd &pwd,
132                                                 const RawBuffer &iv,
133                                                 int tagSizeBits,
134                                                 const RawBuffer &tag,
135                                                 const RawBuffer &aad,
136                                                 const RawBuffer &data,
137                                                 RawBuffer &out);
138
139         uint32_t initGcmCipher(uint32_t encrypt,
140                                                    const RawBuffer &keyId,
141                                                    const Pwd &pwd,
142                                                    const RawBuffer &iv,
143                                                    int tagSizeBits,
144                                                    const RawBuffer &aad);
145
146         void addGcmAAD(uint32_t opId,
147                                    const RawBuffer &aad);
148
149         RawBuffer updateGcmCipher(uint32_t opId,
150                                                           const RawBuffer &data);
151
152         RawBuffer finalizeGcmCipher(uint32_t opId,
153                                                                 const RawBuffer &data);
154
155         void executeSign(tz_algo_type algo,
156                                         tz_hash_type hash,
157                                         const RawBuffer &keyId,
158                                         const Pwd &pwd,
159                                         const RawBuffer &message,
160                                         RawBuffer &signature);
161         int executeVerify(tz_algo_type algo,
162                                         tz_hash_type hash,
163                                         const RawBuffer &keyId,
164                                         const Pwd &pwd,
165                                         const RawBuffer &message,
166                                         const RawBuffer &signature);
167
168         void executeDestroy(const RawBuffer &keyId);
169
170         void getData(const RawBuffer &dataId,
171                                  const Pwd &pwd,
172                                  RawBuffer &data);
173
174         void destroyData(const RawBuffer &dataId);
175
176         void executeEcdh(const RawBuffer &prvKeyId,
177                                          const Pwd &prvKeyPwd,
178                                          const RawBuffer &pubX,
179                                          const RawBuffer &pubY,
180                                          const RawBuffer &secretPwdBuf,
181                                          const RawBuffer &secretPwdIV,
182                                          RawBuffer &secretTag,
183                                          const RawBuffer &secretHash);
184
185         void executeKbkdf(const RawBuffer& secretId,
186                                           const RawBuffer& label,
187                                           const RawBuffer& context,
188                                           const RawBuffer& fixed,
189                                           tz_prf prf,
190                                           tz_kbkdf_mode mode,
191                                           tz_kbkdf_ctr_loc location,
192                                           size_t rlen,
193                                           size_t llen,
194                                           bool noSeparator,
195                                           const RawBuffer &keyPwdBuf,
196                                           const RawBuffer &keyPwdIV,
197                                           RawBuffer &keyTag,
198                                           const RawBuffer &keyHash);
199
200 private:
201         TrustZoneContext();
202         ~TrustZoneContext();
203         TrustZoneContext(const TrustZoneContext &other) = delete;
204         TrustZoneContext(TrustZoneContext &&other) = delete;
205
206         void Initialize();
207         void Destroy();
208         void Reload();
209
210         void GetDataSize(const RawBuffer &dataId, uint32_t &dataSize);
211
212         void Execute(tz_command commandID, TEEC_Operation* op);
213
214         void GenerateAKey(tz_command commandID,
215                           TZSerializer &sIn,
216                           uint32_t genParam,
217                           const RawBuffer &pubPwd,
218                           const RawBuffer &pubPwdIv,
219                           const RawBuffer &privPwd,
220                           const RawBuffer &privPwdIv,
221                           RawBuffer &pubKeyTag,
222                           RawBuffer &privKeyTag,
223                           const RawBuffer &hashPriv,
224                                           const RawBuffer &hashPub);
225
226         TEEC_Context m_Context;
227         TEEC_Session m_Session;
228
229         bool m_ContextInitialized;
230         bool m_SessionInitialized;
231 };
232
233 } // namespace Internals
234 } // namespace TZ
235 } // namespace Crypto
236 } // namespace CKM
Domain: Security / Utilities;