projects / platform / core / security / key-manager.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add context cleanup command for TZ
[platform/core/security/key-manager.git] / src / manager / crypto / tz-backend / tz-context.h
1 /*
2  *  Copyright (c) 2017 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *  Licensed under the Apache License, Version 2.0 (the "License");
5  *  you may not use this file except in compliance with the License.
6  *  You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *  Unless required by applicable law or agreed to in writing, software
11  *  distributed under the License is distributed on an "AS IS" BASIS,
12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *  See the License for the specific language governing permissions and
14  *  limitations under the License
15  */
16 /*
17  * @file       tz-context.h
18  * @author     Lukasz Kostyra (l.kostyra@samsung.com)
19  * @version    1.0
20  */
21 #pragma once
22
23 #include <tee_client_api.h>
24 #include <ckm/ckm-raw-buffer.h>
25 #include <data-type.h>
26 #include <km_ta_defines.h>
27 #include <memory>
28 #include <tz-backend/obj.h>
29 #include <generic-backend/encryption-params.h>
30 #include <tz-backend/tz-serializer.h>
31
32 namespace CKM {
33 namespace Crypto {
34 namespace TZ {
35 namespace Internals {
36
37 class TrustZoneContext final
38 {
39 public:
40         static TrustZoneContext& Instance();
41
42         void generateIV(RawBuffer &iv);
43         void generateSKey(tz_algo_type algo,
44                                         uint32_t keySizeBits,
45                                         const RawBuffer &hash);
46         void generateSKeyPwd(tz_algo_type algo,
47                                                 const RawBuffer &pwd,
48                                                 const RawBuffer &iv,
49                                                 const uint32_t pwdKeySizeBits,
50                                                 RawBuffer &pwdTag,
51                                                 const RawBuffer &hash);
52         void generateRSAKey(uint32_t keySizeBits,
53                                         const RawBuffer &pubPwd,
54                                         const RawBuffer &pubPwdIv,
55                                         const RawBuffer &privPwd,
56                                         const RawBuffer &privPwdIv,
57                                         RawBuffer &pubKeyTag,
58                                         RawBuffer &privKeyTag,
59                                         const RawBuffer &hashPriv,
60                                         const RawBuffer &hashPub);
61         void generateDSAKey(uint32_t keySizeBits,
62                                                 const RawBuffer &prime,
63                                                 const RawBuffer &subprime,
64                                                 const RawBuffer &base,
65                                                 const RawBuffer &pubPwd,
66                                                 const RawBuffer &pubPwdIv,
67                                                 const RawBuffer &privPwd,
68                                                 const RawBuffer &privPwdIv,
69                                                 RawBuffer &pubKeyTag,
70                                                 RawBuffer &privKeyTag,
71                                                 const RawBuffer &hashPriv,
72                                                 const RawBuffer &hashPub);
73         void generateECKey(tz_ec ec,
74                                            const RawBuffer &pubPwd,
75                                            const RawBuffer &pubPwdIv,
76                                            const RawBuffer &privPwd,
77                                            const RawBuffer &privPwdIv,
78                                            RawBuffer &pubKeyTag,
79                                            RawBuffer &privKeyTag,
80                                            const RawBuffer &hashPriv,
81                                            const RawBuffer &hashPub);
82
83         void importData(uint32_t dataType,
84                                         const RawBuffer &data,
85                                         const Crypto::EncryptionParams &encData,
86                                         const RawBuffer &pwd,
87                                         const RawBuffer &pwdIV,
88                                         const uint32_t keySizeBits,
89                                         RawBuffer &pwdTag,
90                                         const RawBuffer &hash);
91
92         void importWrappedKey(const RawBuffer &wrappingKeyId,
93                                                   const Pwd &wrappingKeyPwd,
94                                                   tz_algo_type algo,
95                                                   const RawBuffer &iv,
96                                                   const uint32_t ctrLenOrTagSizeBits,
97                                                   const RawBuffer &aad,
98                                                   const tz_data_type encryptedKeyType,
99                                                   const RawBuffer &encryptedKey,
100                                                   const RawBuffer &encryptedKeyPwdBuf,
101                                                   const RawBuffer &encryptedKeyIV,
102                                                   RawBuffer &encryptedKeyTag,
103                                                   const RawBuffer &encryptedKeyHash);
104
105         RawBuffer exportWrappedKey(const RawBuffer &wrappingKeyId,
106                                                            const Pwd &wrappingKeyPwd,
107                                                            tz_algo_type algo,
108                                                            const RawBuffer &iv,
109                                                            const uint32_t ctrLenOrTagSizeBits,
110                                                            const RawBuffer &aad,
111                                                            const RawBuffer &keyToWrapId,
112                                                            const Pwd &keyToWrapPwd,
113                                                            tz_data_type keyToWrapType);
114
115         void executeCrypt(tz_command cmd,
116                                         tz_algo_type algo,
117                                         const RawBuffer &keyId,
118                                         const Pwd &pwd,
119                                         const RawBuffer &iv,
120                                         const RawBuffer &data,
121                                         RawBuffer &out);
122
123         void executeEncryptAE(const RawBuffer &keyId,
124                                                 const Pwd &pwd,
125                                                 const RawBuffer &iv,
126                                                 int tagSizeBits,
127                                                 const RawBuffer &aad,
128                                                 const RawBuffer &data,
129                                                 RawBuffer &out,
130                                                 RawBuffer &tag);
131         void executeDecryptAE(const RawBuffer &keyId,
132                                                 const Pwd &pwd,
133                                                 const RawBuffer &iv,
134                                                 int tagSizeBits,
135                                                 const RawBuffer &tag,
136                                                 const RawBuffer &aad,
137                                                 const RawBuffer &data,
138                                                 RawBuffer &out);
139
140         uint32_t initGcmCipher(uint32_t encrypt,
141                                                    const RawBuffer &keyId,
142                                                    const Pwd &pwd,
143                                                    const RawBuffer &iv,
144                                                    int tagSizeBits,
145                                                    const RawBuffer &aad);
146
147         void addGcmAAD(uint32_t opId,
148                                    const RawBuffer &aad);
149
150         RawBuffer updateGcmCipher(uint32_t opId,
151                                                           const RawBuffer &data);
152
153         RawBuffer finalizeGcmCipher(uint32_t opId,
154                                                                 const RawBuffer &data);
155
156         void cleanupCipher(uint32_t opId);
157
158         void executeSign(tz_algo_type algo,
159                                         tz_hash_type hash,
160                                         const RawBuffer &keyId,
161                                         const Pwd &pwd,
162                                         const RawBuffer &message,
163                                         RawBuffer &signature);
164         int executeVerify(tz_algo_type algo,
165                                         tz_hash_type hash,
166                                         const RawBuffer &keyId,
167                                         const Pwd &pwd,
168                                         const RawBuffer &message,
169                                         const RawBuffer &signature);
170
171         void executeDestroy(const RawBuffer &keyId);
172
173         void getData(const RawBuffer &dataId,
174                                  const Pwd &pwd,
175                                  const tz_data_type type,
176                                  RawBuffer &data);
177
178         void destroyData(const RawBuffer &dataId);
179
180         void executeEcdh(const RawBuffer &prvKeyId,
181                                          const Pwd &prvKeyPwd,
182                                          const RawBuffer &pubX,
183                                          const RawBuffer &pubY,
184                                          const RawBuffer &secretPwdBuf,
185                                          const RawBuffer &secretPwdIV,
186                                          RawBuffer &secretTag,
187                                          const RawBuffer &secretHash);
188
189         void executeKbkdf(const RawBuffer& secretId,
190                                           const Pwd& secretPwd,
191                                           size_t length,
192                                           const RawBuffer& label,
193                                           const RawBuffer& context,
194                                           const RawBuffer& fixed,
195                                           tz_prf prf,
196                                           tz_kbkdf_mode mode,
197                                           tz_kbkdf_ctr_loc location,
198                                           size_t rlen,
199                                           size_t llen,
200                                           bool noSeparator,
201                                           const RawBuffer &keyPwdBuf,
202                                           const RawBuffer &keyPwdIV,
203                                           RawBuffer &keyTag,
204                                           const RawBuffer &keyHash);
205
206         uint32_t getMaxChunkSize();
207
208 private:
209         TrustZoneContext();
210         ~TrustZoneContext();
211         TrustZoneContext(const TrustZoneContext &other) = delete;
212         TrustZoneContext(TrustZoneContext &&other) = delete;
213
214         void Initialize();
215         void Destroy();
216         void Reload();
217
218         void GetDataSize(const RawBuffer &dataId, const tz_data_type type, uint32_t &dataSize);
219
220         void Execute(tz_command commandID, TEEC_Operation* op);
221
222         void GenerateAKey(tz_command commandID,
223                           TZSerializer &sIn,
224                           uint32_t genParam,
225                           const RawBuffer &pubPwd,
226                           const RawBuffer &pubPwdIv,
227                           const RawBuffer &privPwd,
228                           const RawBuffer &privPwdIv,
229                           RawBuffer &pubKeyTag,
230                           RawBuffer &privKeyTag,
231                           const RawBuffer &hashPriv,
232                                           const RawBuffer &hashPub);
233
234         TEEC_Context m_Context;
235         TEEC_Session m_Session;
236
237         bool m_ContextInitialized;
238         bool m_SessionInitialized;
239 };
240
241 } // namespace Internals
242 } // namespace TZ
243 } // namespace Crypto
244 } // namespace CKM
Domain: Security / Utilities;