2 * Copyright (c) 2017 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Lukasz Kostyra (l.kostyra@samsung.com)
23 #include <tee_client_api.h>
24 #include <ckm/ckm-raw-buffer.h>
25 #include <data-type.h>
26 #include <km_ta_defines.h>
28 #include <tz-backend/obj.h>
29 #include <generic-backend/encryption-params.h>
30 #include <tz-backend/tz-serializer.h>
37 class TrustZoneContext final
40 static TrustZoneContext& Instance();
42 void generateIV(RawBuffer &iv);
43 void generateSKey(tz_algo_type algo,
45 const RawBuffer &hash);
46 void generateSKeyPwd(tz_algo_type algo,
49 const uint32_t pwdKeySizeBits,
51 const RawBuffer &hash);
52 void generateRSAKey(uint32_t keySizeBits,
53 const RawBuffer &pubPwd,
54 const RawBuffer &pubPwdIv,
55 const RawBuffer &privPwd,
56 const RawBuffer &privPwdIv,
58 RawBuffer &privKeyTag,
59 const RawBuffer &hashPriv,
60 const RawBuffer &hashPub);
61 void generateDSAKey(uint32_t keySizeBits,
62 const RawBuffer &prime,
63 const RawBuffer &subprime,
64 const RawBuffer &base,
65 const RawBuffer &pubPwd,
66 const RawBuffer &pubPwdIv,
67 const RawBuffer &privPwd,
68 const RawBuffer &privPwdIv,
70 RawBuffer &privKeyTag,
71 const RawBuffer &hashPriv,
72 const RawBuffer &hashPub);
73 void generateECKey(tz_ec ec,
74 const RawBuffer &pubPwd,
75 const RawBuffer &pubPwdIv,
76 const RawBuffer &privPwd,
77 const RawBuffer &privPwdIv,
79 RawBuffer &privKeyTag,
80 const RawBuffer &hashPriv,
81 const RawBuffer &hashPub);
83 void importData(uint32_t dataType,
84 const RawBuffer &data,
85 const Crypto::EncryptionParams &encData,
87 const RawBuffer &pwdIV,
88 const uint32_t keySizeBits,
90 const RawBuffer &hash);
92 void importWrappedKey(const RawBuffer &wrappingKeyId,
93 const Pwd &wrappingKeyPwd,
96 const uint32_t ctrLenOrTagSizeBits,
98 const tz_data_type encryptedKeyType,
99 const RawBuffer &encryptedKey,
100 const RawBuffer &encryptedKeyPwdBuf,
101 const RawBuffer &encryptedKeyIV,
102 RawBuffer &encryptedKeyTag,
103 const RawBuffer &encryptedKeyHash);
105 RawBuffer exportWrappedKey(const RawBuffer &wrappingKeyId,
106 const Pwd &wrappingKeyPwd,
109 const uint32_t ctrLenOrTagSizeBits,
110 const RawBuffer &aad,
111 const RawBuffer &keyToWrapId,
112 const Pwd &keyToWrapPwd,
113 tz_data_type keyToWrapType);
115 void executeCrypt(tz_command cmd,
117 const RawBuffer &keyId,
120 const RawBuffer &data,
123 void executeEncryptAE(const RawBuffer &keyId,
127 const RawBuffer &aad,
128 const RawBuffer &data,
131 void executeDecryptAE(const RawBuffer &keyId,
135 const RawBuffer &tag,
136 const RawBuffer &aad,
137 const RawBuffer &data,
140 uint32_t initGcmCipher(uint32_t encrypt,
141 const RawBuffer &keyId,
145 const RawBuffer &aad);
147 void addGcmAAD(uint32_t opId,
148 const RawBuffer &aad);
150 RawBuffer updateGcmCipher(uint32_t opId,
151 const RawBuffer &data);
153 RawBuffer finalizeGcmCipher(uint32_t opId,
154 const RawBuffer &data);
156 void cleanupCipher(uint32_t opId);
158 void executeSign(tz_algo_type algo,
160 const RawBuffer &keyId,
162 const RawBuffer &message,
163 RawBuffer &signature);
164 int executeVerify(tz_algo_type algo,
166 const RawBuffer &keyId,
168 const RawBuffer &message,
169 const RawBuffer &signature);
171 void executeDestroy(const RawBuffer &keyId);
173 void getData(const RawBuffer &dataId,
175 const tz_data_type type,
178 void destroyData(const RawBuffer &dataId);
180 void executeEcdh(const RawBuffer &prvKeyId,
181 const Pwd &prvKeyPwd,
182 const RawBuffer &pubX,
183 const RawBuffer &pubY,
184 const RawBuffer &secretPwdBuf,
185 const RawBuffer &secretPwdIV,
186 RawBuffer &secretTag,
187 const RawBuffer &secretHash);
189 void executeKbkdf(const RawBuffer& secretId,
190 const Pwd& secretPwd,
192 const RawBuffer& label,
193 const RawBuffer& context,
194 const RawBuffer& fixed,
197 tz_kbkdf_ctr_loc location,
201 const RawBuffer &keyPwdBuf,
202 const RawBuffer &keyPwdIV,
204 const RawBuffer &keyHash);
206 uint32_t getMaxChunkSize();
211 TrustZoneContext(const TrustZoneContext &other) = delete;
212 TrustZoneContext(TrustZoneContext &&other) = delete;
218 void GetDataSize(const RawBuffer &dataId, const tz_data_type type, uint32_t &dataSize);
220 void Execute(tz_command commandID, TEEC_Operation* op);
222 void GenerateAKey(tz_command commandID,
225 const RawBuffer &pubPwd,
226 const RawBuffer &pubPwdIv,
227 const RawBuffer &privPwd,
228 const RawBuffer &privPwdIv,
229 RawBuffer &pubKeyTag,
230 RawBuffer &privKeyTag,
231 const RawBuffer &hashPriv,
232 const RawBuffer &hashPub);
234 TEEC_Context m_Context;
235 TEEC_Session m_Session;
237 bool m_ContextInitialized;
238 bool m_SessionInitialized;
241 } // namespace Internals
243 } // namespace Crypto