SRCS
src/hal-api-security-certs.c
src/hal-api-security-auth.c
+ src/hal-api-security-keys.c
)
LINK_DIRECTORIES(${SECURITY_DEPS_LIBRARY_DIRS})
--- /dev/null
+/*
+ * Copyright (c) 2025 Samsung Electronics Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the License);
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __HAL_SECURITY_KEYS_INTERFACE_1_H__
+#define __HAL_SECURITY_KEYS_INTERFACE_1_H__
+
+#include <stddef.h>
+#include <stdbool.h>
+
+#include <hal-security-keys-types.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @addtogroup HALAPI_HAL_SECURITY_KEYS_MODULE
+ * @{
+ */
+
+/**
+ * @brief Structure for security keys functions.
+ * @since HAL_MODULE_SECURITY_KEYS 1.0
+ */
+
+typedef struct _hal_backend_security_keys_funcs {
+ /**< Initialize HAL backend context */
+ int (*context_initialize)(hal_security_keys_context_s* context);
+
+ /**< Free HAL backend context */
+ int (*context_free)(hal_security_keys_context_s* context);
+
+ /** Create IV */
+ int (*create_iv)(const hal_security_keys_context_s context,
+ hal_security_keys_data_s* iv);
+
+ /** Create AES key */
+ int (*create_key_aes)(const hal_security_keys_context_s context,
+ const size_t key_size_bits,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_s key_pwd,
+ hal_security_keys_data_s* key_tag);
+
+ /** Create RSA key pair */
+ int (*create_key_pair_rsa)(const hal_security_keys_context_s context,
+ const size_t key_size_bits,
+ const hal_security_keys_data_s priv_key_id,
+ const hal_security_keys_password_iv_s priv_key_pwd,
+ const hal_security_keys_data_s pub_key_id,
+ const hal_security_keys_password_iv_s pub_key_pwd,
+ hal_security_keys_data_s* priv_key_tag,
+ hal_security_keys_data_s* pub_key_tag);
+
+ /** Create DSA key pair */
+ int (*create_key_pair_dsa)(const hal_security_keys_context_s context,
+ const size_t key_size_bits,
+ const hal_security_keys_data_s prime,
+ const hal_security_keys_data_s subprime,
+ const hal_security_keys_data_s base,
+ const hal_security_keys_data_s priv_key_id,
+ const hal_security_keys_password_iv_s priv_key_pwd,
+ const hal_security_keys_data_s pub_key_id,
+ const hal_security_keys_password_iv_s pub_key_pwd,
+ hal_security_keys_data_s* priv_key_tag,
+ hal_security_keys_data_s* pub_key_tag);
+
+ /** Create ECDSA key pair */
+ int (*create_key_pair_ecdsa)(const hal_security_keys_context_s context,
+ const hal_security_keys_ec_type_e ec_type,
+ const hal_security_keys_data_s priv_key_id,
+ const hal_security_keys_password_iv_s priv_key_pwd,
+ const hal_security_keys_data_s pub_key_id,
+ const hal_security_keys_password_iv_s pub_key_pwd,
+ hal_security_keys_data_s* priv_key_tag,
+ hal_security_keys_data_s* pub_key_tag);
+
+ /** Create KEM key pair */
+ int (*create_key_pair_kem)(const hal_security_keys_context_s context,
+ const hal_security_keys_kem_type_e kem_type,
+ const hal_security_keys_data_s priv_key_id,
+ const hal_security_keys_password_iv_s priv_key_pwd,
+ const hal_security_keys_data_s pub_key_id,
+ const hal_security_keys_password_iv_s pub_key_pwd,
+ hal_security_keys_data_s* priv_key_tag,
+ hal_security_keys_data_s* pub_key_tag);
+
+ /** Import wrapped key */
+ int (*import_wrapped_key)(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s iv,
+ const hal_security_keys_data_s aad,
+ const size_t ctr_len_or_tag_size_bits,
+ const hal_security_keys_data_s wrapping_key_id,
+ const hal_security_keys_password_iv_tag_s wrapping_key_pwd,
+ const hal_security_keys_data_s wrapped_key,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_s key_pwd,
+ const hal_security_keys_data_type_e key_type,
+ hal_security_keys_data_s* key_tag);
+
+ /** Export wrapped key */
+ int (*export_wrapped_key)(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s iv,
+ const hal_security_keys_data_s aad,
+ const size_t ctr_len_or_tag_size_bits,
+ const hal_security_keys_data_s wrapping_key_id,
+ const hal_security_keys_password_iv_tag_s wrapping_key_pwd,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_tag_s key_pwd,
+ const hal_security_keys_data_type_e key_type,
+ hal_security_keys_data_s* wrapped_key);
+
+ /** Encapsulate key */
+ int (*encapsulate_key)(const hal_security_keys_context_s context,
+ const hal_security_keys_kem_type_e kem_type,
+ const hal_security_keys_data_s pub_key_id,
+ const hal_security_keys_password_iv_tag_s pub_key_pwd,
+ const hal_security_keys_data_s shared_secret_id,
+ const hal_security_keys_password_iv_s shared_secret_pwd,
+ hal_security_keys_data_s* ciphertext,
+ hal_security_keys_data_s* shared_secret_tag);
+
+ /** Decapsulate key */
+ int (*decapsulate_key)(const hal_security_keys_context_s context,
+ const hal_security_keys_kem_type_e kem_type,
+ const hal_security_keys_data_s priv_key_id,
+ const hal_security_keys_password_iv_tag_s priv_key_pwd,
+ const hal_security_keys_data_s shared_secret_id,
+ const hal_security_keys_password_iv_s shared_secret_pwd,
+ const hal_security_keys_data_s ciphertext,
+ hal_security_keys_data_s* shared_secret_tag);
+
+ /** Destroy key */
+ int (*destroy_key)(const hal_security_keys_context_s context,
+ const hal_security_keys_data_s key_id);
+
+ /** Import data */
+ int (*import_data)(const hal_security_keys_context_s context,
+ const hal_security_keys_data_s data_id,
+ const hal_security_keys_password_iv_s data_pwd,
+ const hal_security_keys_data_type_e data_type,
+ const hal_security_keys_data_s data,
+ const hal_security_keys_data_s data_encryption_iv,
+ const hal_security_keys_data_s data_encryption_tag,
+ hal_security_keys_data_s* data_tag);
+
+ /** Export data */
+ int (*export_data)(const hal_security_keys_context_s context,
+ const hal_security_keys_data_s data_id,
+ const hal_security_keys_password_iv_tag_s data_pwd,
+ const hal_security_keys_data_type_e data_type,
+ hal_security_keys_data_s* data);
+
+ /** Wrap concatenated data */
+ int (*wrap_concatenated_data)(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s wrapping_key_id,
+ const hal_security_keys_password_iv_tag_s wrapping_key_pwd,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_tag_s key_pwd,
+ const hal_security_keys_data_s data,
+ hal_security_keys_data_s* wrapped_key);
+
+ /** Unwrap concatenated data */
+ int (*unwrap_concatenated_data)(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s wrapping_key_id,
+ const hal_security_keys_password_iv_tag_s wrapping_key_pwd,
+ const hal_security_keys_data_s wrapped_key,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_s key_pwd,
+ const hal_security_keys_data_type_e key_type,
+ const size_t key_size_bits,
+ hal_security_keys_data_s* data,
+ hal_security_keys_data_s* key_tag);
+
+ /** Authenticated data encryption */
+ int (*encrypt_data_auth)(const hal_security_keys_context_s context,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_tag_s key_pwd,
+ const hal_security_keys_data_s data,
+ const hal_security_keys_data_s iv,
+ const hal_security_keys_data_s aad,
+ const size_t tag_size_bits,
+ hal_security_keys_data_s* tag,
+ hal_security_keys_data_s* out);
+
+ /** Authenticated data decryption */
+ int (*decrypt_data_auth)(const hal_security_keys_context_s context,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_tag_s key_pwd,
+ const hal_security_keys_data_s data,
+ const hal_security_keys_data_s iv,
+ const hal_security_keys_data_s aad,
+ const size_t tag_size_bits,
+ const hal_security_keys_data_s tag,
+ hal_security_keys_data_s* out);
+
+ /** Encrypt data */
+ int (*encrypt_data)(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_tag_s key_pwd,
+ const hal_security_keys_data_s data,
+ const hal_security_keys_data_s iv,
+ hal_security_keys_data_s* out);
+
+ /** Decrypt data */
+ int (*decrypt_data)(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_tag_s key_pwd,
+ const hal_security_keys_data_s data,
+ const hal_security_keys_data_s iv,
+ hal_security_keys_data_s* out);
+
+ /** Destroy data */
+ int (*destroy_data)(const hal_security_keys_context_s context,
+ const hal_security_keys_data_s data_id);
+
+ /** Initialize cipher */
+ int (*cipher_initialize)(const hal_security_keys_context_s context,
+ const bool encrypt,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_tag_s key_pwd,
+ const hal_security_keys_data_s iv,
+ const hal_security_keys_data_s aad,
+ const size_t tag_size_bits,
+ hal_security_keys_cipher_context_t* cipher_context);
+
+ /** Add AAD */
+ int (*cipher_add_aad)(const hal_security_keys_context_s context,
+ const hal_security_keys_cipher_context_t cipher_context,
+ const hal_security_keys_data_s aad);
+
+ /** Update cipher */
+ int (*cipher_update)(const hal_security_keys_context_s context,
+ const hal_security_keys_cipher_context_t cipher_context,
+ const hal_security_keys_data_s data,
+ hal_security_keys_data_s* out);
+
+ /** Finalize cipher */
+ int (*cipher_finalize)(const hal_security_keys_context_s context,
+ const hal_security_keys_cipher_context_t cipher_context,
+ const hal_security_keys_data_s data,
+ hal_security_keys_data_s* out);
+
+ /** Cleanup cipher */
+ int (*cipher_free)(const hal_security_keys_context_s context,
+ const hal_security_keys_cipher_context_t cipher_context);
+
+ /** Create signature */
+ int (*create_signature)(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s priv_key_id,
+ const hal_security_keys_password_iv_tag_s priv_key_pwd,
+ const hal_security_keys_data_s message,
+ hal_security_keys_data_s* signature);
+
+ /** Verify signature */
+ int (*verify_signature)(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s pub_key_id,
+ const hal_security_keys_password_iv_tag_s pub_key_pwd,
+ const hal_security_keys_data_s message,
+ const hal_security_keys_data_s signature);
+
+ /** Derive ECDH */
+ int (*derive_ecdh)(const hal_security_keys_context_s context,
+ const hal_security_keys_ec_type_e ec_type,
+ const hal_security_keys_data_s pub_key_x,
+ const hal_security_keys_data_s pub_key_y,
+ const hal_security_keys_data_s priv_key_id,
+ const hal_security_keys_password_iv_tag_s priv_key_pwd,
+ const hal_security_keys_data_s secret_id,
+ const hal_security_keys_password_iv_s secret_pwd,
+ hal_security_keys_data_s* secret_tag);
+
+ /** Derive KBKDF */
+ int (*derive_kbkdf)(const hal_security_keys_context_s context,
+ const hal_security_keys_kbkdf_params_s params,
+ const hal_security_keys_data_s secret_id,
+ const hal_security_keys_password_iv_tag_s secret_pwd,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_s key_pwd,
+ hal_security_keys_data_s* key_tag);
+
+ /** Derive hybrid KBKDF */
+ int (*derive_hybrid_kbkdf)(const hal_security_keys_context_s context,
+ const hal_security_keys_kbkdf_params_s params,
+ const hal_security_keys_data_s first_secret_id,
+ const hal_security_keys_password_iv_tag_s first_secret_pwd,
+ const hal_security_keys_data_s second_secret_id,
+ const hal_security_keys_password_iv_tag_s second_secret_pwd,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_s key_pwd,
+ hal_security_keys_data_s* key_tag);
+
+ /** Get max chunk size */
+ int (*get_max_chunk_size)(const hal_security_keys_context_s context,
+ size_t* chunk_size);
+
+} hal_backend_security_keys_funcs;
+
+/**
+ * @}
+ */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __HAL_SECURITY_KEYS_INTERFACE_1_H__ */
--- /dev/null
+/*
+ * Copyright (c) 2025 Samsung Electronics Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the License);
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __HAL_SECURITY_KEYS_INTERFACE_H__
+#define __HAL_SECURITY_KEYS_INTERFACE_H__
+
+#include <hal-security-keys-interface-1.h>
+
+#endif /* __HAL_SECURITY_KEYS_INTERFACE_H__ */
--- /dev/null
+/*
+ * Copyright (c) 2025 Samsung Electronics Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the License);
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __HAL_SECURITY_KEYS_TYPES_H__
+#define __HAL_SECURITY_KEYS_TYPES_H__
+
+#include <stddef.h>
+#include <stdbool.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @addtogroup HALAPI_HAL_SECURITY_KEYS_MODULE
+ * @{
+ */
+
+/**
+ * @brief Structure for security keys context.
+ * @since HAL_MODULE_SECURITY_KEYS 1.0
+ */
+typedef struct {
+ void* ctx; /**< Backend context */
+ void* session; /**< Backend session */
+} hal_security_keys_context_s;
+
+/**
+ * @brief Type for cipher context.
+ * @since HAL_MODULE_SECURITY_KEYS 1.0
+ */
+typedef size_t hal_security_keys_cipher_context_t;
+
+/**
+ * @brief Structure for binary data exchange.
+ * @since HAL_MODULE_SECURITY_KEYS 1.0
+ */
+typedef struct {
+ unsigned char* buffer; /**< Binary data buffer */
+ size_t length; /**< Binary data length */
+} hal_security_keys_data_s;
+
+/**
+ * @brief Structure for password and iv params exchange.
+ * @since HAL_MODULE_SECURITY_KEYS 1.0
+ */
+typedef struct {
+ hal_security_keys_data_s password; /**< Password buffer */
+ hal_security_keys_data_s iv; /**< IV buffer */
+} hal_security_keys_password_iv_s;
+
+/**
+ * @brief Structure for password, iv and tag params exchange.
+ * @since HAL_MODULE_SECURITY_KEYS 1.0
+ */
+typedef struct {
+ hal_security_keys_data_s password; /**< Password buffer */
+ hal_security_keys_data_s iv; /**< IV buffer */
+ hal_security_keys_data_s tag; /**< Tag buffer */
+} hal_security_keys_password_iv_tag_s;
+
+/**
+ * @brief Enumeration for security keys errors.
+ * @since HAL_MODULE_SECURITY_KEYS 1.0
+ */
+typedef enum {
+ HAL_SECURITY_KEYS_ERROR_NONE, /**< Successful */
+ HAL_SECURITY_KEYS_ERROR_INVALID_PARAMETER, /**< Invalid input parameter */
+ HAL_SECURITY_KEYS_ERROR_OUT_OF_MEMORY, /**< Out of memory */
+ HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED, /**< Operation not supported */
+ HAL_SECURITY_KEYS_ERROR_AUTHENTICATION_FAILED, /**< Authentication failed */
+ HAL_SECURITY_KEYS_ERROR_VERIFICATION_FAILED, /**< Verification failed */
+ HAL_SECURITY_KEYS_ERROR_INTERNAL_ERROR, /**< Internal error */
+ HAL_SECURITY_KEYS_ERROR_TARGET_DEAD, /**< Target dead */
+} hal_security_keys_error_e;
+
+/**
+ * @brief Enumeration for algorithm type.
+ * @since HAL_MODULE_SECURITY_KEYS 1.0
+ */
+typedef enum {
+ HAL_SECURITY_KEYS_ALGO_TYPE_AES_CTR, /**< AES CTR */
+ HAL_SECURITY_KEYS_ALGO_TYPE_AES_CBC, /**< AES CBC */
+ HAL_SECURITY_KEYS_ALGO_TYPE_AES_GCM, /**< AES GCM */
+ HAL_SECURITY_KEYS_ALGO_TYPE_AES_CFB, /**< AES CFB */
+ HAL_SECURITY_KEYS_ALGO_TYPE_RSA_OAEP, /**< RSA OAEP */
+ HAL_SECURITY_KEYS_ALGO_TYPE_RSA, /**< RSA */
+ HAL_SECURITY_KEYS_ALGO_TYPE_DSA, /**< DSA */
+ HAL_SECURITY_KEYS_ALGO_TYPE_ECDSA, /**< ECDSA */
+} hal_security_keys_algo_type_e;
+
+/**
+ * @brief Enumeration for elliptic curve type.
+ * @since HAL_MODULE_SECURITY_KEYS 1.0
+ */
+typedef enum {
+ HAL_SECURITY_KEYS_EC_TYPE_PRIME192V1, /**< PRIME192V1 */
+ HAL_SECURITY_KEYS_EC_TYPE_PRIME256V1, /**< PRIME256V1 */
+ HAL_SECURITY_KEYS_EC_TYPE_SECP384R1, /**< SECP384R1 */
+} hal_security_keys_ec_type_e;
+
+/**
+ * @brief Enumeration for ML KEM type.
+ * @since HAL_MODULE_SECURITY_KEYS 1.0
+ */
+typedef enum {
+ HAL_SECURITY_KEYS_ML_KEM_768, /**< ML KEM 768 */
+ HAL_SECURITY_KEYS_ML_KEM_1024, /**< ML KEM 1024 */
+} hal_security_keys_kem_type_e;
+
+/**
+ * @brief Enumeration for data type.
+ * @since HAL_MODULE_SECURITY_KEYS 1.0
+ */
+typedef enum {
+ HAL_SECURITY_KEYS_DATA_TYPE_BINARY_DATA, /**< Binary data */
+ HAL_SECURITY_KEYS_DATA_TYPE_KEY_AES, /**< AES key */
+ HAL_SECURITY_KEYS_DATA_TYPE_KEY_RSA_PUBLIC, /**< Public RSA key */
+ HAL_SECURITY_KEYS_DATA_TYPE_KEY_RSA_PRIVATE, /**< Private RSA key */
+ HAL_SECURITY_KEYS_DATA_TYPE_KEY_DSA_PUBLIC, /**< Public DSA key */
+ HAL_SECURITY_KEYS_DATA_TYPE_KEY_DSA_PRIVATE, /**< Private DSA key */
+ HAL_SECURITY_KEYS_DATA_TYPE_KEY_ECDSA_PUBLIC, /**< Public ECDSA key */
+ HAL_SECURITY_KEYS_DATA_TYPE_KEY_ECDSA_PRIVATE, /**< Private ECDSA key */
+ HAL_SECURITY_KEYS_DATA_TYPE_KEY_KEM_PUBLIC, /**< Public KEM key */
+ HAL_SECURITY_KEYS_DATA_TYPE_KEY_KEM_PRIVATE, /**< Private KEM key */
+} hal_security_keys_data_type_e;
+
+/**
+ * @brief Enumeration for hash algorithm.
+ * @since HAL_MODULE_SECURITY_KEYS 1.0
+ */
+typedef enum {
+ HAL_SECURITY_KEYS_HASH_ALGORITHM_NONE, /**< None */
+ HAL_SECURITY_KEYS_HASH_ALGORITHM_SHA1, /**< SHA1 */
+ HAL_SECURITY_KEYS_HASH_ALGORITHM_SHA256, /**< SHA256 */
+ HAL_SECURITY_KEYS_HASH_ALGORITHM_SHA384, /**< SHA384 */
+ HAL_SECURITY_KEYS_HASH_ALGORITHM_SHA512, /**< SHA512 */
+} hal_security_keys_hash_algorithm_e;
+
+/**
+ * @brief Enumeration for KDF PRF type.
+ * @since HAL_MODULE_SECURITY_KEYS 1.0
+ */
+typedef enum {
+ HAL_SECURITY_KEYS_PRF_TYPE_HMAC_SHA256, /**< HMAC_SHA256 */
+ HAL_SECURITY_KEYS_PRF_TYPE_HMAC_SHA384, /**< HMAC_SHA384 */
+ HAL_SECURITY_KEYS_PRF_TYPE_HMAC_SHA512, /**< HMAC_SHA512 */
+} hal_security_keys_kdf_prf_type_e;
+
+/**
+ * @brief Enumeration for KBKDF mode.
+ * @since HAL_MODULE_SECURITY_KEYS 1.0
+ */
+typedef enum {
+ HAL_SECURITY_KEYS_KBKDF_MODE_COUNTER, /**< Counter mode */
+} hal_security_keys_kbkdf_mode_e;
+
+/**
+ * @brief Enumeration for KBKDF counter location.
+ * @since HAL_MODULE_SECURITY_KEYS 1.0
+ */
+typedef enum {
+ HAL_SECURITY_KEYS_KBKDF_COUNTER_LOCATION_BEFORE_FIXED, /**< Before fixed */
+ HAL_SECURITY_KEYS_KBKDF_COUNTER_LOCATION_AFTER_FIXED, /**< After fixed */
+ HAL_SECURITY_KEYS_KBKDF_COUNTER_LOCATION_MIDDLE_FIXED, /**< Middle fixed */
+} hal_security_keys_kbkdf_counter_location_e;
+
+/**
+ * @brief Structure for KBKDF params exchange.
+ * @since HAL_MODULE_SECURITY_KEYS 1.0
+ */
+typedef struct {
+ hal_security_keys_kdf_prf_type_e prf; /**< Pseudo-random function */
+ size_t length; /**< Length of the derived key in bytes */
+ hal_security_keys_kbkdf_mode_e mode; /**< KDF mode */
+ hal_security_keys_data_s label; /**< Purpose for the derived key */
+ hal_security_keys_data_s context; /**< Information related to the derived key */
+ hal_security_keys_data_s fixed; /**< KBKDF fixed input replacing context and label */
+ hal_security_keys_kbkdf_counter_location_e location; /**< Specifies location of the counter */
+ size_t rlen; /**< Specifies the length of the counter representation in bits */
+ size_t llen; /**< Specifies the extent of the length suffix representation in bits */
+ bool no_separator; /**< Skip the zero octet separator between label and context */
+} hal_security_keys_kbkdf_params_s;
+
+/**
+ * @}
+ */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __HAL_SECURITY_KEYS_TYPES_H__ */
--- /dev/null
+/*
+ * Copyright (c) 2025 Samsung Electronics Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the License);
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __HAL_SECURITY_KEYS_H__
+#define __HAL_SECURITY_KEYS_H__
+
+#include <stddef.h>
+#include <stdbool.h>
+
+#include <hal-security-keys-types.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int hal_security_keys_get_backend(void);
+int hal_security_keys_put_backend(void);
+
+int hal_security_keys_context_initialize(hal_security_keys_context_s* context);
+int hal_security_keys_context_free(hal_security_keys_context_s* context);
+
+int hal_security_keys_create_iv(const hal_security_keys_context_s context,
+ hal_security_keys_data_s* iv);
+
+int hal_security_keys_create_key_aes(const hal_security_keys_context_s context,
+ const size_t key_size_bits,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_s key_pwd,
+ hal_security_keys_data_s* key_tag);
+
+int hal_security_keys_create_key_pair_rsa(const hal_security_keys_context_s context,
+ const size_t key_size_bits,
+ const hal_security_keys_data_s priv_key_id,
+ const hal_security_keys_password_iv_s priv_key_pwd,
+ const hal_security_keys_data_s pub_key_id,
+ const hal_security_keys_password_iv_s pub_key_pwd,
+ hal_security_keys_data_s* priv_key_tag,
+ hal_security_keys_data_s* pub_key_tag);
+
+int hal_security_keys_create_key_pair_dsa(const hal_security_keys_context_s context,
+ const size_t key_size_bits,
+ const hal_security_keys_data_s prime,
+ const hal_security_keys_data_s subprime,
+ const hal_security_keys_data_s base,
+ const hal_security_keys_data_s priv_key_id,
+ const hal_security_keys_password_iv_s priv_key_pwd,
+ const hal_security_keys_data_s pub_key_id,
+ const hal_security_keys_password_iv_s pub_key_pwd,
+ hal_security_keys_data_s* priv_key_tag,
+ hal_security_keys_data_s* pub_key_tag);
+
+int hal_security_keys_create_key_pair_ecdsa(const hal_security_keys_context_s context,
+ const hal_security_keys_ec_type_e ec_type,
+ const hal_security_keys_data_s priv_key_id,
+ const hal_security_keys_password_iv_s priv_key_pwd,
+ const hal_security_keys_data_s pub_key_id,
+ const hal_security_keys_password_iv_s pub_key_pwd,
+ hal_security_keys_data_s* priv_key_tag,
+ hal_security_keys_data_s* pub_key_tag);
+
+int hal_security_keys_create_key_pair_kem(const hal_security_keys_context_s context,
+ const hal_security_keys_kem_type_e kem_type,
+ const hal_security_keys_data_s priv_key_id,
+ const hal_security_keys_password_iv_s priv_key_pwd,
+ const hal_security_keys_data_s pub_key_id,
+ const hal_security_keys_password_iv_s pub_key_pwd,
+ hal_security_keys_data_s* priv_key_tag,
+ hal_security_keys_data_s* pub_key_tag);
+
+int hal_security_keys_import_wrapped_key(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s iv,
+ const hal_security_keys_data_s aad,
+ const size_t ctr_len_or_tag_size_bits,
+ const hal_security_keys_data_s wrapping_key_id,
+ const hal_security_keys_password_iv_tag_s wrapping_key_pwd,
+ const hal_security_keys_data_s wrapped_key,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_s key_pwd,
+ const hal_security_keys_data_type_e key_type,
+ hal_security_keys_data_s* key_tag);
+
+int hal_security_keys_export_wrapped_key(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s iv,
+ const hal_security_keys_data_s aad,
+ const size_t ctr_len_or_tag_size_bits,
+ const hal_security_keys_data_s wrapping_key_id,
+ const hal_security_keys_password_iv_tag_s wrapping_key_pwd,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_tag_s key_pwd,
+ const hal_security_keys_data_type_e key_type,
+ hal_security_keys_data_s* wrapped_key);
+
+int hal_security_keys_encapsulate_key(const hal_security_keys_context_s context,
+ const hal_security_keys_kem_type_e kem_type,
+ const hal_security_keys_data_s pub_key_id,
+ const hal_security_keys_password_iv_tag_s pub_key_pwd,
+ const hal_security_keys_data_s shared_secret_id,
+ const hal_security_keys_password_iv_s shared_secret_pwd,
+ hal_security_keys_data_s* ciphertext,
+ hal_security_keys_data_s* shared_secret_tag);
+
+int hal_security_keys_decapsulate_key(const hal_security_keys_context_s context,
+ const hal_security_keys_kem_type_e kem_type,
+ const hal_security_keys_data_s priv_key_id,
+ const hal_security_keys_password_iv_tag_s priv_key_pwd,
+ const hal_security_keys_data_s shared_secret_id,
+ const hal_security_keys_password_iv_s shared_secret_pwd,
+ const hal_security_keys_data_s ciphertext,
+ hal_security_keys_data_s* shared_secret_tag);
+
+int hal_security_keys_destroy_key(const hal_security_keys_context_s context,
+ const hal_security_keys_data_s key_id);
+
+int hal_security_keys_import_data(const hal_security_keys_context_s context,
+ const hal_security_keys_data_s data_id,
+ const hal_security_keys_password_iv_s data_pwd,
+ const hal_security_keys_data_type_e data_type,
+ const hal_security_keys_data_s data,
+ const hal_security_keys_data_s data_encryption_iv,
+ const hal_security_keys_data_s data_encryption_tag,
+ hal_security_keys_data_s* data_tag);
+
+int hal_security_keys_export_data(const hal_security_keys_context_s context,
+ const hal_security_keys_data_s data_id,
+ const hal_security_keys_password_iv_tag_s data_pwd,
+ const hal_security_keys_data_type_e data_type,
+ hal_security_keys_data_s* data);
+
+int hal_security_keys_wrap_concatenated_data(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s wrapping_key_id,
+ const hal_security_keys_password_iv_tag_s wrapping_key_pwd,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_tag_s key_pwd,
+ const hal_security_keys_data_s data,
+ hal_security_keys_data_s* wrapped_key);
+
+int hal_security_keys_unwrap_concatenated_data(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s wrapping_key_id,
+ const hal_security_keys_password_iv_tag_s wrapping_key_pwd,
+ const hal_security_keys_data_s wrapped_key,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_s key_pwd,
+ const hal_security_keys_data_type_e key_type,
+ const size_t key_size_bits,
+ hal_security_keys_data_s* data,
+ hal_security_keys_data_s* key_tag);
+
+int hal_security_keys_encrypt_data_auth(const hal_security_keys_context_s context,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_tag_s key_pwd,
+ const hal_security_keys_data_s data,
+ const hal_security_keys_data_s iv,
+ const hal_security_keys_data_s aad,
+ const size_t tag_size_bits,
+ hal_security_keys_data_s* tag,
+ hal_security_keys_data_s* out);
+
+int hal_security_keys_decrypt_data_auth(const hal_security_keys_context_s context,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_tag_s key_pwd,
+ const hal_security_keys_data_s data,
+ const hal_security_keys_data_s iv,
+ const hal_security_keys_data_s aad,
+ const size_t tag_size_bits,
+ const hal_security_keys_data_s tag,
+ hal_security_keys_data_s* out);
+
+int hal_security_keys_encrypt_data(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_tag_s key_pwd,
+ const hal_security_keys_data_s data,
+ const hal_security_keys_data_s iv,
+ hal_security_keys_data_s* out);
+
+int hal_security_keys_decrypt_data(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_tag_s key_pwd,
+ const hal_security_keys_data_s data,
+ const hal_security_keys_data_s iv,
+ hal_security_keys_data_s* out);
+
+int hal_security_keys_destroy_data(const hal_security_keys_context_s context,
+ const hal_security_keys_data_s data_id);
+
+int hal_security_keys_cipher_initialize(const hal_security_keys_context_s context,
+ const bool encrypt,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_tag_s key_pwd,
+ const hal_security_keys_data_s iv,
+ const hal_security_keys_data_s aad,
+ const size_t tag_size_bits,
+ hal_security_keys_cipher_context_t* cipher_context);
+
+int hal_security_keys_cipher_add_aad(const hal_security_keys_context_s context,
+ const hal_security_keys_cipher_context_t cipher_context,
+ const hal_security_keys_data_s aad);
+
+int hal_security_keys_cipher_update(const hal_security_keys_context_s context,
+ const hal_security_keys_cipher_context_t cipher_context,
+ const hal_security_keys_data_s data,
+ hal_security_keys_data_s* out);
+
+int hal_security_keys_cipher_finalize(const hal_security_keys_context_s context,
+ const hal_security_keys_cipher_context_t cipher_context,
+ const hal_security_keys_data_s data,
+ hal_security_keys_data_s* out);
+
+int hal_security_keys_cipher_free(const hal_security_keys_context_s context,
+ const hal_security_keys_cipher_context_t cipher_context);
+
+int hal_security_keys_create_signature(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s priv_key_id,
+ const hal_security_keys_password_iv_tag_s priv_key_pwd,
+ const hal_security_keys_data_s message,
+ hal_security_keys_data_s* signature);
+
+int hal_security_keys_verify_signature(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s pub_key_id,
+ const hal_security_keys_password_iv_tag_s pub_key_pwd,
+ const hal_security_keys_data_s message,
+ const hal_security_keys_data_s signature);
+
+int hal_security_keys_derive_ecdh(const hal_security_keys_context_s context,
+ const hal_security_keys_ec_type_e ec_type,
+ const hal_security_keys_data_s pub_key_x,
+ const hal_security_keys_data_s pub_key_y,
+ const hal_security_keys_data_s priv_key_id,
+ const hal_security_keys_password_iv_tag_s priv_key_pwd,
+ const hal_security_keys_data_s secret_id,
+ const hal_security_keys_password_iv_s secret_pwd,
+ hal_security_keys_data_s* secret_tag);
+
+int hal_security_keys_derive_kbkdf(const hal_security_keys_context_s context,
+ const hal_security_keys_kbkdf_params_s params,
+ const hal_security_keys_data_s secret_id,
+ const hal_security_keys_password_iv_tag_s secret_pwd,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_s key_pwd,
+ hal_security_keys_data_s* key_tag);
+
+int hal_security_keys_derive_hybrid_kbkdf(const hal_security_keys_context_s context,
+ const hal_security_keys_kbkdf_params_s params,
+ const hal_security_keys_data_s first_secret_id,
+ const hal_security_keys_password_iv_tag_s first_secret_pwd,
+ const hal_security_keys_data_s second_secret_id,
+ const hal_security_keys_password_iv_tag_s second_secret_pwd,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_s key_pwd,
+ hal_security_keys_data_s* key_tag);
+
+int hal_security_keys_get_max_chunk_size(const hal_security_keys_context_s context,
+ size_t* chunk_size);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __HAL_SECURITY_KEYS_H__ */
<name>HAL_MODULE_SECURITY_AUTH</name>
<version>1.0</version>
</hal-module>
+ <hal-module>
+ <name>HAL_MODULE_SECURITY_KEYS</name>
+ <version>1.0</version>
+ </hal-module>
</manifest>
</hal-api>
%license LICENSE.Apache-2.0
%{_includedir}/hal/hal-security-auth*.h
%{_includedir}/hal/hal-security-certs*.h
+%{_includedir}/hal/hal-security-keys*.h
%{_libdir}/pkgconfig/hal-api-security.pc
%{_libdir}/hal/lib%{name}.so
--- /dev/null
+/*
+ * Copyright (c) 2025 Samsung Electronics Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the License);
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdlib.h>
+
+#include <hal/hal-common.h>
+
+#include "hal-security-keys.h"
+#include "hal-security-keys-interface.h"
+
+#ifndef EXPORT
+#define EXPORT __attribute__ ((visibility("default")))
+#endif
+
+static hal_backend_security_keys_funcs *g_security_keys_funcs = NULL;
+
+EXPORT int hal_security_keys_get_backend(void)
+{
+ int ret;
+
+ if (g_security_keys_funcs)
+ return 0;
+
+ g_security_keys_funcs = calloc(1, sizeof(hal_backend_security_keys_funcs));
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_OUT_OF_MEMORY;
+
+ ret = hal_common_get_backend(HAL_MODULE_SECURITY_KEYS, (void **)&g_security_keys_funcs);
+ if (ret < 0) {
+ free(g_security_keys_funcs);
+ g_security_keys_funcs = NULL;
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ }
+
+ return 0;
+}
+
+EXPORT int hal_security_keys_put_backend(void)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+
+ hal_common_put_backend(HAL_MODULE_SECURITY_KEYS, (void *)g_security_keys_funcs);
+
+ free(g_security_keys_funcs);
+ g_security_keys_funcs = NULL;
+
+ return 0;
+}
+
+EXPORT int hal_security_keys_context_initialize(hal_security_keys_context_s* context)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->context_initialize(context);
+}
+
+EXPORT int hal_security_keys_context_free(hal_security_keys_context_s* context)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->context_free(context);
+}
+
+EXPORT int hal_security_keys_create_iv(const hal_security_keys_context_s context,
+ hal_security_keys_data_s* iv)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->create_iv(context, iv);
+}
+
+EXPORT int hal_security_keys_create_key_aes(const hal_security_keys_context_s context,
+ const size_t key_size_bits,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_s key_pwd,
+ hal_security_keys_data_s* key_tag)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->create_key_aes(context, key_size_bits, key_id, key_pwd, key_tag);
+}
+
+EXPORT int hal_security_keys_create_key_pair_rsa(const hal_security_keys_context_s context,
+ const size_t key_size_bits,
+ const hal_security_keys_data_s priv_key_id,
+ const hal_security_keys_password_iv_s priv_key_pwd,
+ const hal_security_keys_data_s pub_key_id,
+ const hal_security_keys_password_iv_s pub_key_pwd,
+ hal_security_keys_data_s* priv_key_tag,
+ hal_security_keys_data_s* pub_key_tag)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->create_key_pair_rsa(context, key_size_bits,
+ priv_key_id, priv_key_pwd, pub_key_id, pub_key_pwd,
+ priv_key_tag, pub_key_tag);
+}
+
+EXPORT int hal_security_keys_create_key_pair_dsa(const hal_security_keys_context_s context,
+ const size_t key_size_bits,
+ const hal_security_keys_data_s prime,
+ const hal_security_keys_data_s subprime,
+ const hal_security_keys_data_s base,
+ const hal_security_keys_data_s priv_key_id,
+ const hal_security_keys_password_iv_s priv_key_pwd,
+ const hal_security_keys_data_s pub_key_id,
+ const hal_security_keys_password_iv_s pub_key_pwd,
+ hal_security_keys_data_s* priv_key_tag,
+ hal_security_keys_data_s* pub_key_tag)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->create_key_pair_dsa(context, key_size_bits, prime, subprime, base,
+ priv_key_id, priv_key_pwd, pub_key_id, pub_key_pwd,
+ priv_key_tag, pub_key_tag);
+}
+
+EXPORT int hal_security_keys_create_key_pair_ecdsa(const hal_security_keys_context_s context,
+ const hal_security_keys_ec_type_e ec_type,
+ const hal_security_keys_data_s priv_key_id,
+ const hal_security_keys_password_iv_s priv_key_pwd,
+ const hal_security_keys_data_s pub_key_id,
+ const hal_security_keys_password_iv_s pub_key_pwd,
+ hal_security_keys_data_s* priv_key_tag,
+ hal_security_keys_data_s* pub_key_tag)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->create_key_pair_ecdsa(context, ec_type,
+ priv_key_id, priv_key_pwd, pub_key_id, pub_key_pwd,
+ priv_key_tag, pub_key_tag);
+}
+
+EXPORT int hal_security_keys_create_key_pair_kem(const hal_security_keys_context_s context,
+ const hal_security_keys_kem_type_e kem_type,
+ const hal_security_keys_data_s priv_key_id,
+ const hal_security_keys_password_iv_s priv_key_pwd,
+ const hal_security_keys_data_s pub_key_id,
+ const hal_security_keys_password_iv_s pub_key_pwd,
+ hal_security_keys_data_s* priv_key_tag,
+ hal_security_keys_data_s* pub_key_tag)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->create_key_pair_kem(context, kem_type,
+ priv_key_id, priv_key_pwd, pub_key_id, pub_key_pwd,
+ priv_key_tag, pub_key_tag);
+}
+
+EXPORT int hal_security_keys_import_wrapped_key(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s iv,
+ const hal_security_keys_data_s aad,
+ const size_t ctr_len_or_tag_size_bits,
+ const hal_security_keys_data_s wrapping_key_id,
+ const hal_security_keys_password_iv_tag_s wrapping_key_pwd,
+ const hal_security_keys_data_s wrapped_key,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_s key_pwd,
+ const hal_security_keys_data_type_e key_type,
+ hal_security_keys_data_s* key_tag)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->import_wrapped_key(context, algo, hash, iv, aad, ctr_len_or_tag_size_bits,
+ wrapping_key_id, wrapping_key_pwd, wrapped_key,
+ key_id, key_pwd, key_type, key_tag);
+}
+
+EXPORT int hal_security_keys_export_wrapped_key(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s iv,
+ const hal_security_keys_data_s aad,
+ const size_t ctr_len_or_tag_size_bits,
+ const hal_security_keys_data_s wrapping_key_id,
+ const hal_security_keys_password_iv_tag_s wrapping_key_pwd,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_tag_s key_pwd,
+ const hal_security_keys_data_type_e key_type,
+ hal_security_keys_data_s* wrapped_key)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->export_wrapped_key(context, algo, hash, iv, aad, ctr_len_or_tag_size_bits,
+ wrapping_key_id, wrapping_key_pwd,
+ key_id, key_pwd, key_type, wrapped_key);
+}
+
+EXPORT int hal_security_keys_encapsulate_key(const hal_security_keys_context_s context,
+ const hal_security_keys_kem_type_e kem_type,
+ const hal_security_keys_data_s pub_key_id,
+ const hal_security_keys_password_iv_tag_s pub_key_pwd,
+ const hal_security_keys_data_s shared_secret_id,
+ const hal_security_keys_password_iv_s shared_secret_pwd,
+ hal_security_keys_data_s* ciphertext,
+ hal_security_keys_data_s* shared_secret_tag)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->encapsulate_key(context, kem_type, pub_key_id, pub_key_pwd,
+ shared_secret_id, shared_secret_pwd,
+ ciphertext, shared_secret_tag);
+}
+
+EXPORT int hal_security_keys_decapsulate_key(const hal_security_keys_context_s context,
+ const hal_security_keys_kem_type_e kem_type,
+ const hal_security_keys_data_s priv_key_id,
+ const hal_security_keys_password_iv_tag_s priv_key_pwd,
+ const hal_security_keys_data_s shared_secret_id,
+ const hal_security_keys_password_iv_s shared_secret_pwd,
+ const hal_security_keys_data_s ciphertext,
+ hal_security_keys_data_s* shared_secret_tag)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->decapsulate_key(context, kem_type, priv_key_id, priv_key_pwd,
+ shared_secret_id, shared_secret_pwd,
+ ciphertext, shared_secret_tag);
+}
+
+EXPORT int hal_security_keys_destroy_key(const hal_security_keys_context_s context,
+ const hal_security_keys_data_s key_id)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->destroy_key(context, key_id);
+}
+
+EXPORT int hal_security_keys_import_data(const hal_security_keys_context_s context,
+ const hal_security_keys_data_s data_id,
+ const hal_security_keys_password_iv_s data_pwd,
+ const hal_security_keys_data_type_e data_type,
+ const hal_security_keys_data_s data,
+ const hal_security_keys_data_s data_encryption_iv,
+ const hal_security_keys_data_s data_encryption_tag,
+ hal_security_keys_data_s* data_tag)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->import_data(context, data_id, data_pwd, data_type,
+ data, data_encryption_iv, data_encryption_tag,
+ data_tag);
+}
+
+EXPORT int hal_security_keys_export_data(const hal_security_keys_context_s context,
+ const hal_security_keys_data_s data_id,
+ const hal_security_keys_password_iv_tag_s data_pwd,
+ const hal_security_keys_data_type_e data_type,
+ hal_security_keys_data_s* data)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->export_data(context, data_id, data_pwd, data_type, data);
+}
+
+EXPORT int hal_security_keys_wrap_concatenated_data(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s wrapping_key_id,
+ const hal_security_keys_password_iv_tag_s wrapping_key_pwd,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_tag_s key_pwd,
+ const hal_security_keys_data_s data,
+ hal_security_keys_data_s* wrapped_key)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->wrap_concatenated_data(context, algo, hash,
+ wrapping_key_id, wrapping_key_pwd,
+ key_id, key_pwd, data, wrapped_key);
+}
+
+EXPORT int hal_security_keys_unwrap_concatenated_data(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s wrapping_key_id,
+ const hal_security_keys_password_iv_tag_s wrapping_key_pwd,
+ const hal_security_keys_data_s wrapped_key,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_s key_pwd,
+ const hal_security_keys_data_type_e key_type,
+ const size_t key_size_bits,
+ hal_security_keys_data_s* data,
+ hal_security_keys_data_s* key_tag)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->unwrap_concatenated_data(context, algo, hash,
+ wrapping_key_id, wrapping_key_pwd, wrapped_key,
+ key_id, key_pwd, key_type, key_size_bits,
+ data, key_tag);
+}
+
+EXPORT int hal_security_keys_encrypt_data_auth(const hal_security_keys_context_s context,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_tag_s key_pwd,
+ const hal_security_keys_data_s data,
+ const hal_security_keys_data_s iv,
+ const hal_security_keys_data_s aad,
+ const size_t tag_size_bits,
+ hal_security_keys_data_s* tag,
+ hal_security_keys_data_s* out)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->encrypt_data_auth(context, key_id, key_pwd, data, iv, aad, tag_size_bits,
+ tag, out);
+}
+
+EXPORT int hal_security_keys_decrypt_data_auth(const hal_security_keys_context_s context,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_tag_s key_pwd,
+ const hal_security_keys_data_s data,
+ const hal_security_keys_data_s iv,
+ const hal_security_keys_data_s aad,
+ const size_t tag_size_bits,
+ const hal_security_keys_data_s tag,
+ hal_security_keys_data_s* out)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->decrypt_data_auth(context, key_id, key_pwd, data, iv, aad, tag_size_bits,
+ tag, out);
+}
+
+EXPORT int hal_security_keys_encrypt_data(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_tag_s key_pwd,
+ const hal_security_keys_data_s data,
+ const hal_security_keys_data_s iv,
+ hal_security_keys_data_s* out)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->encrypt_data(context, algo, hash, key_id, key_pwd, data, iv, out);
+}
+
+EXPORT int hal_security_keys_decrypt_data(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_tag_s key_pwd,
+ const hal_security_keys_data_s data,
+ const hal_security_keys_data_s iv,
+ hal_security_keys_data_s* out)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->decrypt_data(context, algo, hash, key_id, key_pwd, data, iv, out);
+}
+
+EXPORT int hal_security_keys_destroy_data(const hal_security_keys_context_s context,
+ const hal_security_keys_data_s data_id)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->destroy_data(context, data_id);
+}
+
+EXPORT int hal_security_keys_cipher_initialize(const hal_security_keys_context_s context,
+ const bool encrypt,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_tag_s key_pwd,
+ const hal_security_keys_data_s iv,
+ const hal_security_keys_data_s aad,
+ const size_t tag_size_bits,
+ hal_security_keys_cipher_context_t* cipher_context)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->cipher_initialize(context, encrypt, key_id, key_pwd, iv, aad, tag_size_bits,
+ cipher_context);
+}
+
+EXPORT int hal_security_keys_cipher_add_aad(const hal_security_keys_context_s context,
+ const hal_security_keys_cipher_context_t cipher_context,
+ const hal_security_keys_data_s aad)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->cipher_add_aad(context, cipher_context, aad);
+}
+
+EXPORT int hal_security_keys_cipher_update(const hal_security_keys_context_s context,
+ const hal_security_keys_cipher_context_t cipher_context,
+ const hal_security_keys_data_s data,
+ hal_security_keys_data_s* out)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->cipher_update(context, cipher_context, data, out);
+}
+
+EXPORT int hal_security_keys_cipher_finalize(const hal_security_keys_context_s context,
+ const hal_security_keys_cipher_context_t cipher_context,
+ const hal_security_keys_data_s data,
+ hal_security_keys_data_s* out)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->cipher_finalize(context, cipher_context, data, out);
+}
+
+EXPORT int hal_security_keys_cipher_free(const hal_security_keys_context_s context,
+ const hal_security_keys_cipher_context_t cipher_context)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->cipher_free(context, cipher_context);
+}
+
+EXPORT int hal_security_keys_create_signature(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s priv_key_id,
+ const hal_security_keys_password_iv_tag_s priv_key_pwd,
+ const hal_security_keys_data_s message,
+ hal_security_keys_data_s* signature)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->create_signature(context, algo, hash, priv_key_id, priv_key_pwd,
+ message, signature);
+}
+
+EXPORT int hal_security_keys_verify_signature(const hal_security_keys_context_s context,
+ const hal_security_keys_algo_type_e algo,
+ const hal_security_keys_hash_algorithm_e hash,
+ const hal_security_keys_data_s pub_key_id,
+ const hal_security_keys_password_iv_tag_s pub_key_pwd,
+ const hal_security_keys_data_s message,
+ const hal_security_keys_data_s signature)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->verify_signature(context, algo, hash, pub_key_id, pub_key_pwd,
+ message, signature);
+}
+
+EXPORT int hal_security_keys_derive_ecdh(const hal_security_keys_context_s context,
+ const hal_security_keys_ec_type_e ec_type,
+ const hal_security_keys_data_s pub_key_x,
+ const hal_security_keys_data_s pub_key_y,
+ const hal_security_keys_data_s priv_key_id,
+ const hal_security_keys_password_iv_tag_s priv_key_pwd,
+ const hal_security_keys_data_s secret_id,
+ const hal_security_keys_password_iv_s secret_pwd,
+ hal_security_keys_data_s* secret_tag)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->derive_ecdh(context, ec_type, pub_key_x, pub_key_y,
+ priv_key_id, priv_key_pwd,
+ secret_id, secret_pwd, secret_tag);
+}
+
+EXPORT int hal_security_keys_derive_kbkdf(const hal_security_keys_context_s context,
+ const hal_security_keys_kbkdf_params_s params,
+ const hal_security_keys_data_s secret_id,
+ const hal_security_keys_password_iv_tag_s secret_pwd,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_s key_pwd,
+ hal_security_keys_data_s* key_tag)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->derive_kbkdf(context, params, secret_id, secret_pwd,
+ key_id, key_pwd, key_tag);
+}
+
+EXPORT int hal_security_keys_derive_hybrid_kbkdf(const hal_security_keys_context_s context,
+ const hal_security_keys_kbkdf_params_s params,
+ const hal_security_keys_data_s first_secret_id,
+ const hal_security_keys_password_iv_tag_s first_secret_pwd,
+ const hal_security_keys_data_s second_secret_id,
+ const hal_security_keys_password_iv_tag_s second_secret_pwd,
+ const hal_security_keys_data_s key_id,
+ const hal_security_keys_password_iv_s key_pwd,
+ hal_security_keys_data_s* key_tag)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->derive_hybrid_kbkdf(context, params, first_secret_id, first_secret_pwd,
+ second_secret_id, second_secret_pwd,
+ key_id, key_pwd, key_tag);
+}
+
+EXPORT int hal_security_keys_get_max_chunk_size(const hal_security_keys_context_s context,
+ size_t* chunk_size)
+{
+ if (!g_security_keys_funcs)
+ return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+ return g_security_keys_funcs->get_max_chunk_size(context, chunk_size);
+}
projects / platform / hal / api / security.git / commitdiff