2 * Copyright (c) 2017 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Lukasz Kostyra (l.kostyra@samsung.com)
23 #include <tee_client_api.h>
24 #include <ckm/ckm-raw-buffer.h>
25 #include <data-type.h>
26 #include <km_ta_defines.h>
28 #include <tz-backend/obj.h>
29 #include <generic-backend/encryption-params.h>
30 #include <tz-backend/tz-serializer.h>
37 class TrustZoneContext final
40 static TrustZoneContext& Instance();
42 void generateIV(RawBuffer &iv);
43 void generateSKey(tz_algo_type algo,
45 const RawBuffer &hash);
46 void generateSKeyPwd(tz_algo_type algo,
49 const uint32_t pwdKeySizeBits,
51 const RawBuffer &hash);
52 void generateRSAKey(uint32_t keySizeBits,
53 const RawBuffer &pubPwd,
54 const RawBuffer &pubPwdIv,
55 const RawBuffer &privPwd,
56 const RawBuffer &privPwdIv,
58 RawBuffer &privKeyTag,
59 const RawBuffer &hashPriv,
60 const RawBuffer &hashPub);
61 void generateDSAKey(uint32_t keySizeBits,
62 const RawBuffer &prime,
63 const RawBuffer &subprime,
64 const RawBuffer &base,
65 const RawBuffer &pubPwd,
66 const RawBuffer &pubPwdIv,
67 const RawBuffer &privPwd,
68 const RawBuffer &privPwdIv,
70 RawBuffer &privKeyTag,
71 const RawBuffer &hashPriv,
72 const RawBuffer &hashPub);
73 void generateECKey(tz_ec ec,
74 const RawBuffer &pubPwd,
75 const RawBuffer &pubPwdIv,
76 const RawBuffer &privPwd,
77 const RawBuffer &privPwdIv,
79 RawBuffer &privKeyTag,
80 const RawBuffer &hashPriv,
81 const RawBuffer &hashPub);
83 void importData(uint32_t dataType,
84 const RawBuffer &data,
85 const Crypto::EncryptionParams &encData,
87 const RawBuffer &pwdIV,
88 const uint32_t keySizeBits,
90 const RawBuffer &hash);
92 void importWrappedKey(const RawBuffer &wrappingKeyId,
93 const Pwd &wrappingKeyPwd,
96 const uint32_t ctrLenOrTagSizeBits,
98 const tz_data_type encryptedKeyType,
99 const RawBuffer &encryptedKey,
100 const RawBuffer &encryptedKeyPwdBuf,
101 const RawBuffer &encryptedKeyIV,
102 RawBuffer &encryptedKeyTag,
103 const RawBuffer &encryptedKeyHash);
105 RawBuffer exportWrappedKey(const RawBuffer &wrappingKeyId,
106 const Pwd &wrappingKeyPwd,
109 const uint32_t ctrLenOrTagSizeBits,
110 const RawBuffer &aad,
111 const RawBuffer &keyToWrapId,
112 const Pwd &keyToWrapPwd);
114 void executeCrypt(tz_command cmd,
116 const RawBuffer &keyId,
119 const RawBuffer &data,
122 void executeEncryptAE(const RawBuffer &keyId,
126 const RawBuffer &aad,
127 const RawBuffer &data,
130 void executeDecryptAE(const RawBuffer &keyId,
134 const RawBuffer &tag,
135 const RawBuffer &aad,
136 const RawBuffer &data,
139 uint32_t initGcmCipher(uint32_t encrypt,
140 const RawBuffer &keyId,
144 const RawBuffer &aad);
146 void addGcmAAD(uint32_t opId,
147 const RawBuffer &aad);
149 RawBuffer updateGcmCipher(uint32_t opId,
150 const RawBuffer &data);
152 RawBuffer finalizeGcmCipher(uint32_t opId,
153 const RawBuffer &data);
155 void executeSign(tz_algo_type algo,
157 const RawBuffer &keyId,
159 const RawBuffer &message,
160 RawBuffer &signature);
161 int executeVerify(tz_algo_type algo,
163 const RawBuffer &keyId,
165 const RawBuffer &message,
166 const RawBuffer &signature);
168 void executeDestroy(const RawBuffer &keyId);
170 void getData(const RawBuffer &dataId,
174 void destroyData(const RawBuffer &dataId);
176 void executeEcdh(const RawBuffer &prvKeyId,
177 const Pwd &prvKeyPwd,
178 const RawBuffer &pubX,
179 const RawBuffer &pubY,
180 const RawBuffer &secretPwdBuf,
181 const RawBuffer &secretPwdIV,
182 RawBuffer &secretTag,
183 const RawBuffer &secretHash);
185 void executeKbkdf(const RawBuffer& secretId,
186 const RawBuffer& label,
187 const RawBuffer& context,
188 const RawBuffer& fixed,
191 tz_kbkdf_ctr_loc location,
195 const RawBuffer &keyPwdBuf,
196 const RawBuffer &keyPwdIV,
198 const RawBuffer &keyHash);
203 TrustZoneContext(const TrustZoneContext &other) = delete;
204 TrustZoneContext(TrustZoneContext &&other) = delete;
210 void GetDataSize(const RawBuffer &dataId, uint32_t &dataSize);
212 void Execute(tz_command commandID, TEEC_Operation* op);
214 void GenerateAKey(tz_command commandID,
217 const RawBuffer &pubPwd,
218 const RawBuffer &pubPwdIv,
219 const RawBuffer &privPwd,
220 const RawBuffer &privPwdIv,
221 RawBuffer &pubKeyTag,
222 RawBuffer &privKeyTag,
223 const RawBuffer &hashPriv,
224 const RawBuffer &hashPub);
226 TEEC_Context m_Context;
227 TEEC_Session m_Session;
229 bool m_ContextInitialized;
230 bool m_SessionInitialized;
233 } // namespace Internals
235 } // namespace Crypto