From: Jakub Wlostowski Date: Fri, 7 Feb 2025 12:04:20 +0000 (+0100) Subject: Add Security Keys HAL API X-Git-Tag: accepted/tizen/unified/20250325.011330~6 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=257ce1a640298960b957e741824dc72c142b38fc;p=platform%2Fhal%2Fapi%2Fsecurity.git Add Security Keys HAL API Change-Id: I7d08d69b241a5bae681606c891eb9b2e6f512f00 --- diff --git a/CMakeLists.txt b/CMakeLists.txt index a2b8057..3ed8757 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -20,6 +20,7 @@ SET( SRCS src/hal-api-security-certs.c src/hal-api-security-auth.c + src/hal-api-security-keys.c ) LINK_DIRECTORIES(${SECURITY_DEPS_LIBRARY_DIRS}) diff --git a/include/hal-security-keys-interface-1.h b/include/hal-security-keys-interface-1.h new file mode 100644 index 0000000..9f09ea4 --- /dev/null +++ b/include/hal-security-keys-interface-1.h @@ -0,0 +1,335 @@ +/* + * Copyright (c) 2025 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the License); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __HAL_SECURITY_KEYS_INTERFACE_1_H__ +#define __HAL_SECURITY_KEYS_INTERFACE_1_H__ + +#include +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @addtogroup HALAPI_HAL_SECURITY_KEYS_MODULE + * @{ + */ + +/** + * @brief Structure for security keys functions. + * @since HAL_MODULE_SECURITY_KEYS 1.0 + */ + +typedef struct _hal_backend_security_keys_funcs { + /**< Initialize HAL backend context */ + int (*context_initialize)(hal_security_keys_context_s* context); + + /**< Free HAL backend context */ + int (*context_free)(hal_security_keys_context_s* context); + + /** Create IV */ + int (*create_iv)(const hal_security_keys_context_s context, + hal_security_keys_data_s* iv); + + /** Create AES key */ + int (*create_key_aes)(const hal_security_keys_context_s context, + const size_t key_size_bits, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_s key_pwd, + hal_security_keys_data_s* key_tag); + + /** Create RSA key pair */ + int (*create_key_pair_rsa)(const hal_security_keys_context_s context, + const size_t key_size_bits, + const hal_security_keys_data_s priv_key_id, + const hal_security_keys_password_iv_s priv_key_pwd, + const hal_security_keys_data_s pub_key_id, + const hal_security_keys_password_iv_s pub_key_pwd, + hal_security_keys_data_s* priv_key_tag, + hal_security_keys_data_s* pub_key_tag); + + /** Create DSA key pair */ + int (*create_key_pair_dsa)(const hal_security_keys_context_s context, + const size_t key_size_bits, + const hal_security_keys_data_s prime, + const hal_security_keys_data_s subprime, + const hal_security_keys_data_s base, + const hal_security_keys_data_s priv_key_id, + const hal_security_keys_password_iv_s priv_key_pwd, + const hal_security_keys_data_s pub_key_id, + const hal_security_keys_password_iv_s pub_key_pwd, + hal_security_keys_data_s* priv_key_tag, + hal_security_keys_data_s* pub_key_tag); + + /** Create ECDSA key pair */ + int (*create_key_pair_ecdsa)(const hal_security_keys_context_s context, + const hal_security_keys_ec_type_e ec_type, + const hal_security_keys_data_s priv_key_id, + const hal_security_keys_password_iv_s priv_key_pwd, + const hal_security_keys_data_s pub_key_id, + const hal_security_keys_password_iv_s pub_key_pwd, + hal_security_keys_data_s* priv_key_tag, + hal_security_keys_data_s* pub_key_tag); + + /** Create KEM key pair */ + int (*create_key_pair_kem)(const hal_security_keys_context_s context, + const hal_security_keys_kem_type_e kem_type, + const hal_security_keys_data_s priv_key_id, + const hal_security_keys_password_iv_s priv_key_pwd, + const hal_security_keys_data_s pub_key_id, + const hal_security_keys_password_iv_s pub_key_pwd, + hal_security_keys_data_s* priv_key_tag, + hal_security_keys_data_s* pub_key_tag); + + /** Import wrapped key */ + int (*import_wrapped_key)(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s iv, + const hal_security_keys_data_s aad, + const size_t ctr_len_or_tag_size_bits, + const hal_security_keys_data_s wrapping_key_id, + const hal_security_keys_password_iv_tag_s wrapping_key_pwd, + const hal_security_keys_data_s wrapped_key, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_s key_pwd, + const hal_security_keys_data_type_e key_type, + hal_security_keys_data_s* key_tag); + + /** Export wrapped key */ + int (*export_wrapped_key)(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s iv, + const hal_security_keys_data_s aad, + const size_t ctr_len_or_tag_size_bits, + const hal_security_keys_data_s wrapping_key_id, + const hal_security_keys_password_iv_tag_s wrapping_key_pwd, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_tag_s key_pwd, + const hal_security_keys_data_type_e key_type, + hal_security_keys_data_s* wrapped_key); + + /** Encapsulate key */ + int (*encapsulate_key)(const hal_security_keys_context_s context, + const hal_security_keys_kem_type_e kem_type, + const hal_security_keys_data_s pub_key_id, + const hal_security_keys_password_iv_tag_s pub_key_pwd, + const hal_security_keys_data_s shared_secret_id, + const hal_security_keys_password_iv_s shared_secret_pwd, + hal_security_keys_data_s* ciphertext, + hal_security_keys_data_s* shared_secret_tag); + + /** Decapsulate key */ + int (*decapsulate_key)(const hal_security_keys_context_s context, + const hal_security_keys_kem_type_e kem_type, + const hal_security_keys_data_s priv_key_id, + const hal_security_keys_password_iv_tag_s priv_key_pwd, + const hal_security_keys_data_s shared_secret_id, + const hal_security_keys_password_iv_s shared_secret_pwd, + const hal_security_keys_data_s ciphertext, + hal_security_keys_data_s* shared_secret_tag); + + /** Destroy key */ + int (*destroy_key)(const hal_security_keys_context_s context, + const hal_security_keys_data_s key_id); + + /** Import data */ + int (*import_data)(const hal_security_keys_context_s context, + const hal_security_keys_data_s data_id, + const hal_security_keys_password_iv_s data_pwd, + const hal_security_keys_data_type_e data_type, + const hal_security_keys_data_s data, + const hal_security_keys_data_s data_encryption_iv, + const hal_security_keys_data_s data_encryption_tag, + hal_security_keys_data_s* data_tag); + + /** Export data */ + int (*export_data)(const hal_security_keys_context_s context, + const hal_security_keys_data_s data_id, + const hal_security_keys_password_iv_tag_s data_pwd, + const hal_security_keys_data_type_e data_type, + hal_security_keys_data_s* data); + + /** Wrap concatenated data */ + int (*wrap_concatenated_data)(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s wrapping_key_id, + const hal_security_keys_password_iv_tag_s wrapping_key_pwd, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_tag_s key_pwd, + const hal_security_keys_data_s data, + hal_security_keys_data_s* wrapped_key); + + /** Unwrap concatenated data */ + int (*unwrap_concatenated_data)(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s wrapping_key_id, + const hal_security_keys_password_iv_tag_s wrapping_key_pwd, + const hal_security_keys_data_s wrapped_key, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_s key_pwd, + const hal_security_keys_data_type_e key_type, + const size_t key_size_bits, + hal_security_keys_data_s* data, + hal_security_keys_data_s* key_tag); + + /** Authenticated data encryption */ + int (*encrypt_data_auth)(const hal_security_keys_context_s context, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_tag_s key_pwd, + const hal_security_keys_data_s data, + const hal_security_keys_data_s iv, + const hal_security_keys_data_s aad, + const size_t tag_size_bits, + hal_security_keys_data_s* tag, + hal_security_keys_data_s* out); + + /** Authenticated data decryption */ + int (*decrypt_data_auth)(const hal_security_keys_context_s context, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_tag_s key_pwd, + const hal_security_keys_data_s data, + const hal_security_keys_data_s iv, + const hal_security_keys_data_s aad, + const size_t tag_size_bits, + const hal_security_keys_data_s tag, + hal_security_keys_data_s* out); + + /** Encrypt data */ + int (*encrypt_data)(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_tag_s key_pwd, + const hal_security_keys_data_s data, + const hal_security_keys_data_s iv, + hal_security_keys_data_s* out); + + /** Decrypt data */ + int (*decrypt_data)(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_tag_s key_pwd, + const hal_security_keys_data_s data, + const hal_security_keys_data_s iv, + hal_security_keys_data_s* out); + + /** Destroy data */ + int (*destroy_data)(const hal_security_keys_context_s context, + const hal_security_keys_data_s data_id); + + /** Initialize cipher */ + int (*cipher_initialize)(const hal_security_keys_context_s context, + const bool encrypt, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_tag_s key_pwd, + const hal_security_keys_data_s iv, + const hal_security_keys_data_s aad, + const size_t tag_size_bits, + hal_security_keys_cipher_context_t* cipher_context); + + /** Add AAD */ + int (*cipher_add_aad)(const hal_security_keys_context_s context, + const hal_security_keys_cipher_context_t cipher_context, + const hal_security_keys_data_s aad); + + /** Update cipher */ + int (*cipher_update)(const hal_security_keys_context_s context, + const hal_security_keys_cipher_context_t cipher_context, + const hal_security_keys_data_s data, + hal_security_keys_data_s* out); + + /** Finalize cipher */ + int (*cipher_finalize)(const hal_security_keys_context_s context, + const hal_security_keys_cipher_context_t cipher_context, + const hal_security_keys_data_s data, + hal_security_keys_data_s* out); + + /** Cleanup cipher */ + int (*cipher_free)(const hal_security_keys_context_s context, + const hal_security_keys_cipher_context_t cipher_context); + + /** Create signature */ + int (*create_signature)(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s priv_key_id, + const hal_security_keys_password_iv_tag_s priv_key_pwd, + const hal_security_keys_data_s message, + hal_security_keys_data_s* signature); + + /** Verify signature */ + int (*verify_signature)(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s pub_key_id, + const hal_security_keys_password_iv_tag_s pub_key_pwd, + const hal_security_keys_data_s message, + const hal_security_keys_data_s signature); + + /** Derive ECDH */ + int (*derive_ecdh)(const hal_security_keys_context_s context, + const hal_security_keys_ec_type_e ec_type, + const hal_security_keys_data_s pub_key_x, + const hal_security_keys_data_s pub_key_y, + const hal_security_keys_data_s priv_key_id, + const hal_security_keys_password_iv_tag_s priv_key_pwd, + const hal_security_keys_data_s secret_id, + const hal_security_keys_password_iv_s secret_pwd, + hal_security_keys_data_s* secret_tag); + + /** Derive KBKDF */ + int (*derive_kbkdf)(const hal_security_keys_context_s context, + const hal_security_keys_kbkdf_params_s params, + const hal_security_keys_data_s secret_id, + const hal_security_keys_password_iv_tag_s secret_pwd, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_s key_pwd, + hal_security_keys_data_s* key_tag); + + /** Derive hybrid KBKDF */ + int (*derive_hybrid_kbkdf)(const hal_security_keys_context_s context, + const hal_security_keys_kbkdf_params_s params, + const hal_security_keys_data_s first_secret_id, + const hal_security_keys_password_iv_tag_s first_secret_pwd, + const hal_security_keys_data_s second_secret_id, + const hal_security_keys_password_iv_tag_s second_secret_pwd, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_s key_pwd, + hal_security_keys_data_s* key_tag); + + /** Get max chunk size */ + int (*get_max_chunk_size)(const hal_security_keys_context_s context, + size_t* chunk_size); + +} hal_backend_security_keys_funcs; + +/** + * @} + */ + +#ifdef __cplusplus +} +#endif + +#endif /* __HAL_SECURITY_KEYS_INTERFACE_1_H__ */ diff --git a/include/hal-security-keys-interface.h b/include/hal-security-keys-interface.h new file mode 100644 index 0000000..cffe350 --- /dev/null +++ b/include/hal-security-keys-interface.h @@ -0,0 +1,22 @@ +/* + * Copyright (c) 2025 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the License); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __HAL_SECURITY_KEYS_INTERFACE_H__ +#define __HAL_SECURITY_KEYS_INTERFACE_H__ + +#include + +#endif /* __HAL_SECURITY_KEYS_INTERFACE_H__ */ diff --git a/include/hal-security-keys-types.h b/include/hal-security-keys-types.h new file mode 100644 index 0000000..cb0a312 --- /dev/null +++ b/include/hal-security-keys-types.h @@ -0,0 +1,206 @@ +/* + * Copyright (c) 2025 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the License); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __HAL_SECURITY_KEYS_TYPES_H__ +#define __HAL_SECURITY_KEYS_TYPES_H__ + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @addtogroup HALAPI_HAL_SECURITY_KEYS_MODULE + * @{ + */ + +/** + * @brief Structure for security keys context. + * @since HAL_MODULE_SECURITY_KEYS 1.0 + */ +typedef struct { + void* ctx; /**< Backend context */ + void* session; /**< Backend session */ +} hal_security_keys_context_s; + +/** + * @brief Type for cipher context. + * @since HAL_MODULE_SECURITY_KEYS 1.0 + */ +typedef size_t hal_security_keys_cipher_context_t; + +/** + * @brief Structure for binary data exchange. + * @since HAL_MODULE_SECURITY_KEYS 1.0 + */ +typedef struct { + unsigned char* buffer; /**< Binary data buffer */ + size_t length; /**< Binary data length */ +} hal_security_keys_data_s; + +/** + * @brief Structure for password and iv params exchange. + * @since HAL_MODULE_SECURITY_KEYS 1.0 + */ +typedef struct { + hal_security_keys_data_s password; /**< Password buffer */ + hal_security_keys_data_s iv; /**< IV buffer */ +} hal_security_keys_password_iv_s; + +/** + * @brief Structure for password, iv and tag params exchange. + * @since HAL_MODULE_SECURITY_KEYS 1.0 + */ +typedef struct { + hal_security_keys_data_s password; /**< Password buffer */ + hal_security_keys_data_s iv; /**< IV buffer */ + hal_security_keys_data_s tag; /**< Tag buffer */ +} hal_security_keys_password_iv_tag_s; + +/** + * @brief Enumeration for security keys errors. + * @since HAL_MODULE_SECURITY_KEYS 1.0 + */ +typedef enum { + HAL_SECURITY_KEYS_ERROR_NONE, /**< Successful */ + HAL_SECURITY_KEYS_ERROR_INVALID_PARAMETER, /**< Invalid input parameter */ + HAL_SECURITY_KEYS_ERROR_OUT_OF_MEMORY, /**< Out of memory */ + HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED, /**< Operation not supported */ + HAL_SECURITY_KEYS_ERROR_AUTHENTICATION_FAILED, /**< Authentication failed */ + HAL_SECURITY_KEYS_ERROR_VERIFICATION_FAILED, /**< Verification failed */ + HAL_SECURITY_KEYS_ERROR_INTERNAL_ERROR, /**< Internal error */ + HAL_SECURITY_KEYS_ERROR_TARGET_DEAD, /**< Target dead */ +} hal_security_keys_error_e; + +/** + * @brief Enumeration for algorithm type. + * @since HAL_MODULE_SECURITY_KEYS 1.0 + */ +typedef enum { + HAL_SECURITY_KEYS_ALGO_TYPE_AES_CTR, /**< AES CTR */ + HAL_SECURITY_KEYS_ALGO_TYPE_AES_CBC, /**< AES CBC */ + HAL_SECURITY_KEYS_ALGO_TYPE_AES_GCM, /**< AES GCM */ + HAL_SECURITY_KEYS_ALGO_TYPE_AES_CFB, /**< AES CFB */ + HAL_SECURITY_KEYS_ALGO_TYPE_RSA_OAEP, /**< RSA OAEP */ + HAL_SECURITY_KEYS_ALGO_TYPE_RSA, /**< RSA */ + HAL_SECURITY_KEYS_ALGO_TYPE_DSA, /**< DSA */ + HAL_SECURITY_KEYS_ALGO_TYPE_ECDSA, /**< ECDSA */ +} hal_security_keys_algo_type_e; + +/** + * @brief Enumeration for elliptic curve type. + * @since HAL_MODULE_SECURITY_KEYS 1.0 + */ +typedef enum { + HAL_SECURITY_KEYS_EC_TYPE_PRIME192V1, /**< PRIME192V1 */ + HAL_SECURITY_KEYS_EC_TYPE_PRIME256V1, /**< PRIME256V1 */ + HAL_SECURITY_KEYS_EC_TYPE_SECP384R1, /**< SECP384R1 */ +} hal_security_keys_ec_type_e; + +/** + * @brief Enumeration for ML KEM type. + * @since HAL_MODULE_SECURITY_KEYS 1.0 + */ +typedef enum { + HAL_SECURITY_KEYS_ML_KEM_768, /**< ML KEM 768 */ + HAL_SECURITY_KEYS_ML_KEM_1024, /**< ML KEM 1024 */ +} hal_security_keys_kem_type_e; + +/** + * @brief Enumeration for data type. + * @since HAL_MODULE_SECURITY_KEYS 1.0 + */ +typedef enum { + HAL_SECURITY_KEYS_DATA_TYPE_BINARY_DATA, /**< Binary data */ + HAL_SECURITY_KEYS_DATA_TYPE_KEY_AES, /**< AES key */ + HAL_SECURITY_KEYS_DATA_TYPE_KEY_RSA_PUBLIC, /**< Public RSA key */ + HAL_SECURITY_KEYS_DATA_TYPE_KEY_RSA_PRIVATE, /**< Private RSA key */ + HAL_SECURITY_KEYS_DATA_TYPE_KEY_DSA_PUBLIC, /**< Public DSA key */ + HAL_SECURITY_KEYS_DATA_TYPE_KEY_DSA_PRIVATE, /**< Private DSA key */ + HAL_SECURITY_KEYS_DATA_TYPE_KEY_ECDSA_PUBLIC, /**< Public ECDSA key */ + HAL_SECURITY_KEYS_DATA_TYPE_KEY_ECDSA_PRIVATE, /**< Private ECDSA key */ + HAL_SECURITY_KEYS_DATA_TYPE_KEY_KEM_PUBLIC, /**< Public KEM key */ + HAL_SECURITY_KEYS_DATA_TYPE_KEY_KEM_PRIVATE, /**< Private KEM key */ +} hal_security_keys_data_type_e; + +/** + * @brief Enumeration for hash algorithm. + * @since HAL_MODULE_SECURITY_KEYS 1.0 + */ +typedef enum { + HAL_SECURITY_KEYS_HASH_ALGORITHM_NONE, /**< None */ + HAL_SECURITY_KEYS_HASH_ALGORITHM_SHA1, /**< SHA1 */ + HAL_SECURITY_KEYS_HASH_ALGORITHM_SHA256, /**< SHA256 */ + HAL_SECURITY_KEYS_HASH_ALGORITHM_SHA384, /**< SHA384 */ + HAL_SECURITY_KEYS_HASH_ALGORITHM_SHA512, /**< SHA512 */ +} hal_security_keys_hash_algorithm_e; + +/** + * @brief Enumeration for KDF PRF type. + * @since HAL_MODULE_SECURITY_KEYS 1.0 + */ +typedef enum { + HAL_SECURITY_KEYS_PRF_TYPE_HMAC_SHA256, /**< HMAC_SHA256 */ + HAL_SECURITY_KEYS_PRF_TYPE_HMAC_SHA384, /**< HMAC_SHA384 */ + HAL_SECURITY_KEYS_PRF_TYPE_HMAC_SHA512, /**< HMAC_SHA512 */ +} hal_security_keys_kdf_prf_type_e; + +/** + * @brief Enumeration for KBKDF mode. + * @since HAL_MODULE_SECURITY_KEYS 1.0 + */ +typedef enum { + HAL_SECURITY_KEYS_KBKDF_MODE_COUNTER, /**< Counter mode */ +} hal_security_keys_kbkdf_mode_e; + +/** + * @brief Enumeration for KBKDF counter location. + * @since HAL_MODULE_SECURITY_KEYS 1.0 + */ +typedef enum { + HAL_SECURITY_KEYS_KBKDF_COUNTER_LOCATION_BEFORE_FIXED, /**< Before fixed */ + HAL_SECURITY_KEYS_KBKDF_COUNTER_LOCATION_AFTER_FIXED, /**< After fixed */ + HAL_SECURITY_KEYS_KBKDF_COUNTER_LOCATION_MIDDLE_FIXED, /**< Middle fixed */ +} hal_security_keys_kbkdf_counter_location_e; + +/** + * @brief Structure for KBKDF params exchange. + * @since HAL_MODULE_SECURITY_KEYS 1.0 + */ +typedef struct { + hal_security_keys_kdf_prf_type_e prf; /**< Pseudo-random function */ + size_t length; /**< Length of the derived key in bytes */ + hal_security_keys_kbkdf_mode_e mode; /**< KDF mode */ + hal_security_keys_data_s label; /**< Purpose for the derived key */ + hal_security_keys_data_s context; /**< Information related to the derived key */ + hal_security_keys_data_s fixed; /**< KBKDF fixed input replacing context and label */ + hal_security_keys_kbkdf_counter_location_e location; /**< Specifies location of the counter */ + size_t rlen; /**< Specifies the length of the counter representation in bits */ + size_t llen; /**< Specifies the extent of the length suffix representation in bits */ + bool no_separator; /**< Skip the zero octet separator between label and context */ +} hal_security_keys_kbkdf_params_s; + +/** + * @} + */ + +#ifdef __cplusplus +} +#endif + +#endif /* __HAL_SECURITY_KEYS_TYPES_H__ */ diff --git a/include/hal-security-keys.h b/include/hal-security-keys.h new file mode 100644 index 0000000..939001e --- /dev/null +++ b/include/hal-security-keys.h @@ -0,0 +1,287 @@ +/* + * Copyright (c) 2025 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the License); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __HAL_SECURITY_KEYS_H__ +#define __HAL_SECURITY_KEYS_H__ + +#include +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +int hal_security_keys_get_backend(void); +int hal_security_keys_put_backend(void); + +int hal_security_keys_context_initialize(hal_security_keys_context_s* context); +int hal_security_keys_context_free(hal_security_keys_context_s* context); + +int hal_security_keys_create_iv(const hal_security_keys_context_s context, + hal_security_keys_data_s* iv); + +int hal_security_keys_create_key_aes(const hal_security_keys_context_s context, + const size_t key_size_bits, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_s key_pwd, + hal_security_keys_data_s* key_tag); + +int hal_security_keys_create_key_pair_rsa(const hal_security_keys_context_s context, + const size_t key_size_bits, + const hal_security_keys_data_s priv_key_id, + const hal_security_keys_password_iv_s priv_key_pwd, + const hal_security_keys_data_s pub_key_id, + const hal_security_keys_password_iv_s pub_key_pwd, + hal_security_keys_data_s* priv_key_tag, + hal_security_keys_data_s* pub_key_tag); + +int hal_security_keys_create_key_pair_dsa(const hal_security_keys_context_s context, + const size_t key_size_bits, + const hal_security_keys_data_s prime, + const hal_security_keys_data_s subprime, + const hal_security_keys_data_s base, + const hal_security_keys_data_s priv_key_id, + const hal_security_keys_password_iv_s priv_key_pwd, + const hal_security_keys_data_s pub_key_id, + const hal_security_keys_password_iv_s pub_key_pwd, + hal_security_keys_data_s* priv_key_tag, + hal_security_keys_data_s* pub_key_tag); + +int hal_security_keys_create_key_pair_ecdsa(const hal_security_keys_context_s context, + const hal_security_keys_ec_type_e ec_type, + const hal_security_keys_data_s priv_key_id, + const hal_security_keys_password_iv_s priv_key_pwd, + const hal_security_keys_data_s pub_key_id, + const hal_security_keys_password_iv_s pub_key_pwd, + hal_security_keys_data_s* priv_key_tag, + hal_security_keys_data_s* pub_key_tag); + +int hal_security_keys_create_key_pair_kem(const hal_security_keys_context_s context, + const hal_security_keys_kem_type_e kem_type, + const hal_security_keys_data_s priv_key_id, + const hal_security_keys_password_iv_s priv_key_pwd, + const hal_security_keys_data_s pub_key_id, + const hal_security_keys_password_iv_s pub_key_pwd, + hal_security_keys_data_s* priv_key_tag, + hal_security_keys_data_s* pub_key_tag); + +int hal_security_keys_import_wrapped_key(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s iv, + const hal_security_keys_data_s aad, + const size_t ctr_len_or_tag_size_bits, + const hal_security_keys_data_s wrapping_key_id, + const hal_security_keys_password_iv_tag_s wrapping_key_pwd, + const hal_security_keys_data_s wrapped_key, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_s key_pwd, + const hal_security_keys_data_type_e key_type, + hal_security_keys_data_s* key_tag); + +int hal_security_keys_export_wrapped_key(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s iv, + const hal_security_keys_data_s aad, + const size_t ctr_len_or_tag_size_bits, + const hal_security_keys_data_s wrapping_key_id, + const hal_security_keys_password_iv_tag_s wrapping_key_pwd, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_tag_s key_pwd, + const hal_security_keys_data_type_e key_type, + hal_security_keys_data_s* wrapped_key); + +int hal_security_keys_encapsulate_key(const hal_security_keys_context_s context, + const hal_security_keys_kem_type_e kem_type, + const hal_security_keys_data_s pub_key_id, + const hal_security_keys_password_iv_tag_s pub_key_pwd, + const hal_security_keys_data_s shared_secret_id, + const hal_security_keys_password_iv_s shared_secret_pwd, + hal_security_keys_data_s* ciphertext, + hal_security_keys_data_s* shared_secret_tag); + +int hal_security_keys_decapsulate_key(const hal_security_keys_context_s context, + const hal_security_keys_kem_type_e kem_type, + const hal_security_keys_data_s priv_key_id, + const hal_security_keys_password_iv_tag_s priv_key_pwd, + const hal_security_keys_data_s shared_secret_id, + const hal_security_keys_password_iv_s shared_secret_pwd, + const hal_security_keys_data_s ciphertext, + hal_security_keys_data_s* shared_secret_tag); + +int hal_security_keys_destroy_key(const hal_security_keys_context_s context, + const hal_security_keys_data_s key_id); + +int hal_security_keys_import_data(const hal_security_keys_context_s context, + const hal_security_keys_data_s data_id, + const hal_security_keys_password_iv_s data_pwd, + const hal_security_keys_data_type_e data_type, + const hal_security_keys_data_s data, + const hal_security_keys_data_s data_encryption_iv, + const hal_security_keys_data_s data_encryption_tag, + hal_security_keys_data_s* data_tag); + +int hal_security_keys_export_data(const hal_security_keys_context_s context, + const hal_security_keys_data_s data_id, + const hal_security_keys_password_iv_tag_s data_pwd, + const hal_security_keys_data_type_e data_type, + hal_security_keys_data_s* data); + +int hal_security_keys_wrap_concatenated_data(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s wrapping_key_id, + const hal_security_keys_password_iv_tag_s wrapping_key_pwd, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_tag_s key_pwd, + const hal_security_keys_data_s data, + hal_security_keys_data_s* wrapped_key); + +int hal_security_keys_unwrap_concatenated_data(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s wrapping_key_id, + const hal_security_keys_password_iv_tag_s wrapping_key_pwd, + const hal_security_keys_data_s wrapped_key, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_s key_pwd, + const hal_security_keys_data_type_e key_type, + const size_t key_size_bits, + hal_security_keys_data_s* data, + hal_security_keys_data_s* key_tag); + +int hal_security_keys_encrypt_data_auth(const hal_security_keys_context_s context, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_tag_s key_pwd, + const hal_security_keys_data_s data, + const hal_security_keys_data_s iv, + const hal_security_keys_data_s aad, + const size_t tag_size_bits, + hal_security_keys_data_s* tag, + hal_security_keys_data_s* out); + +int hal_security_keys_decrypt_data_auth(const hal_security_keys_context_s context, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_tag_s key_pwd, + const hal_security_keys_data_s data, + const hal_security_keys_data_s iv, + const hal_security_keys_data_s aad, + const size_t tag_size_bits, + const hal_security_keys_data_s tag, + hal_security_keys_data_s* out); + +int hal_security_keys_encrypt_data(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_tag_s key_pwd, + const hal_security_keys_data_s data, + const hal_security_keys_data_s iv, + hal_security_keys_data_s* out); + +int hal_security_keys_decrypt_data(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_tag_s key_pwd, + const hal_security_keys_data_s data, + const hal_security_keys_data_s iv, + hal_security_keys_data_s* out); + +int hal_security_keys_destroy_data(const hal_security_keys_context_s context, + const hal_security_keys_data_s data_id); + +int hal_security_keys_cipher_initialize(const hal_security_keys_context_s context, + const bool encrypt, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_tag_s key_pwd, + const hal_security_keys_data_s iv, + const hal_security_keys_data_s aad, + const size_t tag_size_bits, + hal_security_keys_cipher_context_t* cipher_context); + +int hal_security_keys_cipher_add_aad(const hal_security_keys_context_s context, + const hal_security_keys_cipher_context_t cipher_context, + const hal_security_keys_data_s aad); + +int hal_security_keys_cipher_update(const hal_security_keys_context_s context, + const hal_security_keys_cipher_context_t cipher_context, + const hal_security_keys_data_s data, + hal_security_keys_data_s* out); + +int hal_security_keys_cipher_finalize(const hal_security_keys_context_s context, + const hal_security_keys_cipher_context_t cipher_context, + const hal_security_keys_data_s data, + hal_security_keys_data_s* out); + +int hal_security_keys_cipher_free(const hal_security_keys_context_s context, + const hal_security_keys_cipher_context_t cipher_context); + +int hal_security_keys_create_signature(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s priv_key_id, + const hal_security_keys_password_iv_tag_s priv_key_pwd, + const hal_security_keys_data_s message, + hal_security_keys_data_s* signature); + +int hal_security_keys_verify_signature(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s pub_key_id, + const hal_security_keys_password_iv_tag_s pub_key_pwd, + const hal_security_keys_data_s message, + const hal_security_keys_data_s signature); + +int hal_security_keys_derive_ecdh(const hal_security_keys_context_s context, + const hal_security_keys_ec_type_e ec_type, + const hal_security_keys_data_s pub_key_x, + const hal_security_keys_data_s pub_key_y, + const hal_security_keys_data_s priv_key_id, + const hal_security_keys_password_iv_tag_s priv_key_pwd, + const hal_security_keys_data_s secret_id, + const hal_security_keys_password_iv_s secret_pwd, + hal_security_keys_data_s* secret_tag); + +int hal_security_keys_derive_kbkdf(const hal_security_keys_context_s context, + const hal_security_keys_kbkdf_params_s params, + const hal_security_keys_data_s secret_id, + const hal_security_keys_password_iv_tag_s secret_pwd, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_s key_pwd, + hal_security_keys_data_s* key_tag); + +int hal_security_keys_derive_hybrid_kbkdf(const hal_security_keys_context_s context, + const hal_security_keys_kbkdf_params_s params, + const hal_security_keys_data_s first_secret_id, + const hal_security_keys_password_iv_tag_s first_secret_pwd, + const hal_security_keys_data_s second_secret_id, + const hal_security_keys_password_iv_tag_s second_secret_pwd, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_s key_pwd, + hal_security_keys_data_s* key_tag); + +int hal_security_keys_get_max_chunk_size(const hal_security_keys_context_s context, + size_t* chunk_size); + +#ifdef __cplusplus +} +#endif + +#endif /* __HAL_SECURITY_KEYS_H__ */ diff --git a/packaging/hal-api-security-manifest.xml b/packaging/hal-api-security-manifest.xml index 9946b3c..96028ad 100644 --- a/packaging/hal-api-security-manifest.xml +++ b/packaging/hal-api-security-manifest.xml @@ -8,5 +8,9 @@ HAL_MODULE_SECURITY_AUTH 1.0 + + HAL_MODULE_SECURITY_KEYS + 1.0 + diff --git a/packaging/hal-api-security.spec b/packaging/hal-api-security.spec index 7b08f9b..89c9b84 100644 --- a/packaging/hal-api-security.spec +++ b/packaging/hal-api-security.spec @@ -80,6 +80,7 @@ rm -rf %{buildroot} %license LICENSE.Apache-2.0 %{_includedir}/hal/hal-security-auth*.h %{_includedir}/hal/hal-security-certs*.h +%{_includedir}/hal/hal-security-keys*.h %{_libdir}/pkgconfig/hal-api-security.pc %{_libdir}/hal/lib%{name}.so diff --git a/src/hal-api-security-keys.c b/src/hal-api-security-keys.c new file mode 100644 index 0000000..ccc5f79 --- /dev/null +++ b/src/hal-api-security-keys.c @@ -0,0 +1,512 @@ +/* + * Copyright (c) 2025 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the License); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include + +#include "hal-security-keys.h" +#include "hal-security-keys-interface.h" + +#ifndef EXPORT +#define EXPORT __attribute__ ((visibility("default"))) +#endif + +static hal_backend_security_keys_funcs *g_security_keys_funcs = NULL; + +EXPORT int hal_security_keys_get_backend(void) +{ + int ret; + + if (g_security_keys_funcs) + return 0; + + g_security_keys_funcs = calloc(1, sizeof(hal_backend_security_keys_funcs)); + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_OUT_OF_MEMORY; + + ret = hal_common_get_backend(HAL_MODULE_SECURITY_KEYS, (void **)&g_security_keys_funcs); + if (ret < 0) { + free(g_security_keys_funcs); + g_security_keys_funcs = NULL; + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + } + + return 0; +} + +EXPORT int hal_security_keys_put_backend(void) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + + hal_common_put_backend(HAL_MODULE_SECURITY_KEYS, (void *)g_security_keys_funcs); + + free(g_security_keys_funcs); + g_security_keys_funcs = NULL; + + return 0; +} + +EXPORT int hal_security_keys_context_initialize(hal_security_keys_context_s* context) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->context_initialize(context); +} + +EXPORT int hal_security_keys_context_free(hal_security_keys_context_s* context) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->context_free(context); +} + +EXPORT int hal_security_keys_create_iv(const hal_security_keys_context_s context, + hal_security_keys_data_s* iv) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->create_iv(context, iv); +} + +EXPORT int hal_security_keys_create_key_aes(const hal_security_keys_context_s context, + const size_t key_size_bits, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_s key_pwd, + hal_security_keys_data_s* key_tag) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->create_key_aes(context, key_size_bits, key_id, key_pwd, key_tag); +} + +EXPORT int hal_security_keys_create_key_pair_rsa(const hal_security_keys_context_s context, + const size_t key_size_bits, + const hal_security_keys_data_s priv_key_id, + const hal_security_keys_password_iv_s priv_key_pwd, + const hal_security_keys_data_s pub_key_id, + const hal_security_keys_password_iv_s pub_key_pwd, + hal_security_keys_data_s* priv_key_tag, + hal_security_keys_data_s* pub_key_tag) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->create_key_pair_rsa(context, key_size_bits, + priv_key_id, priv_key_pwd, pub_key_id, pub_key_pwd, + priv_key_tag, pub_key_tag); +} + +EXPORT int hal_security_keys_create_key_pair_dsa(const hal_security_keys_context_s context, + const size_t key_size_bits, + const hal_security_keys_data_s prime, + const hal_security_keys_data_s subprime, + const hal_security_keys_data_s base, + const hal_security_keys_data_s priv_key_id, + const hal_security_keys_password_iv_s priv_key_pwd, + const hal_security_keys_data_s pub_key_id, + const hal_security_keys_password_iv_s pub_key_pwd, + hal_security_keys_data_s* priv_key_tag, + hal_security_keys_data_s* pub_key_tag) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->create_key_pair_dsa(context, key_size_bits, prime, subprime, base, + priv_key_id, priv_key_pwd, pub_key_id, pub_key_pwd, + priv_key_tag, pub_key_tag); +} + +EXPORT int hal_security_keys_create_key_pair_ecdsa(const hal_security_keys_context_s context, + const hal_security_keys_ec_type_e ec_type, + const hal_security_keys_data_s priv_key_id, + const hal_security_keys_password_iv_s priv_key_pwd, + const hal_security_keys_data_s pub_key_id, + const hal_security_keys_password_iv_s pub_key_pwd, + hal_security_keys_data_s* priv_key_tag, + hal_security_keys_data_s* pub_key_tag) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->create_key_pair_ecdsa(context, ec_type, + priv_key_id, priv_key_pwd, pub_key_id, pub_key_pwd, + priv_key_tag, pub_key_tag); +} + +EXPORT int hal_security_keys_create_key_pair_kem(const hal_security_keys_context_s context, + const hal_security_keys_kem_type_e kem_type, + const hal_security_keys_data_s priv_key_id, + const hal_security_keys_password_iv_s priv_key_pwd, + const hal_security_keys_data_s pub_key_id, + const hal_security_keys_password_iv_s pub_key_pwd, + hal_security_keys_data_s* priv_key_tag, + hal_security_keys_data_s* pub_key_tag) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->create_key_pair_kem(context, kem_type, + priv_key_id, priv_key_pwd, pub_key_id, pub_key_pwd, + priv_key_tag, pub_key_tag); +} + +EXPORT int hal_security_keys_import_wrapped_key(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s iv, + const hal_security_keys_data_s aad, + const size_t ctr_len_or_tag_size_bits, + const hal_security_keys_data_s wrapping_key_id, + const hal_security_keys_password_iv_tag_s wrapping_key_pwd, + const hal_security_keys_data_s wrapped_key, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_s key_pwd, + const hal_security_keys_data_type_e key_type, + hal_security_keys_data_s* key_tag) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->import_wrapped_key(context, algo, hash, iv, aad, ctr_len_or_tag_size_bits, + wrapping_key_id, wrapping_key_pwd, wrapped_key, + key_id, key_pwd, key_type, key_tag); +} + +EXPORT int hal_security_keys_export_wrapped_key(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s iv, + const hal_security_keys_data_s aad, + const size_t ctr_len_or_tag_size_bits, + const hal_security_keys_data_s wrapping_key_id, + const hal_security_keys_password_iv_tag_s wrapping_key_pwd, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_tag_s key_pwd, + const hal_security_keys_data_type_e key_type, + hal_security_keys_data_s* wrapped_key) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->export_wrapped_key(context, algo, hash, iv, aad, ctr_len_or_tag_size_bits, + wrapping_key_id, wrapping_key_pwd, + key_id, key_pwd, key_type, wrapped_key); +} + +EXPORT int hal_security_keys_encapsulate_key(const hal_security_keys_context_s context, + const hal_security_keys_kem_type_e kem_type, + const hal_security_keys_data_s pub_key_id, + const hal_security_keys_password_iv_tag_s pub_key_pwd, + const hal_security_keys_data_s shared_secret_id, + const hal_security_keys_password_iv_s shared_secret_pwd, + hal_security_keys_data_s* ciphertext, + hal_security_keys_data_s* shared_secret_tag) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->encapsulate_key(context, kem_type, pub_key_id, pub_key_pwd, + shared_secret_id, shared_secret_pwd, + ciphertext, shared_secret_tag); +} + +EXPORT int hal_security_keys_decapsulate_key(const hal_security_keys_context_s context, + const hal_security_keys_kem_type_e kem_type, + const hal_security_keys_data_s priv_key_id, + const hal_security_keys_password_iv_tag_s priv_key_pwd, + const hal_security_keys_data_s shared_secret_id, + const hal_security_keys_password_iv_s shared_secret_pwd, + const hal_security_keys_data_s ciphertext, + hal_security_keys_data_s* shared_secret_tag) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->decapsulate_key(context, kem_type, priv_key_id, priv_key_pwd, + shared_secret_id, shared_secret_pwd, + ciphertext, shared_secret_tag); +} + +EXPORT int hal_security_keys_destroy_key(const hal_security_keys_context_s context, + const hal_security_keys_data_s key_id) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->destroy_key(context, key_id); +} + +EXPORT int hal_security_keys_import_data(const hal_security_keys_context_s context, + const hal_security_keys_data_s data_id, + const hal_security_keys_password_iv_s data_pwd, + const hal_security_keys_data_type_e data_type, + const hal_security_keys_data_s data, + const hal_security_keys_data_s data_encryption_iv, + const hal_security_keys_data_s data_encryption_tag, + hal_security_keys_data_s* data_tag) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->import_data(context, data_id, data_pwd, data_type, + data, data_encryption_iv, data_encryption_tag, + data_tag); +} + +EXPORT int hal_security_keys_export_data(const hal_security_keys_context_s context, + const hal_security_keys_data_s data_id, + const hal_security_keys_password_iv_tag_s data_pwd, + const hal_security_keys_data_type_e data_type, + hal_security_keys_data_s* data) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->export_data(context, data_id, data_pwd, data_type, data); +} + +EXPORT int hal_security_keys_wrap_concatenated_data(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s wrapping_key_id, + const hal_security_keys_password_iv_tag_s wrapping_key_pwd, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_tag_s key_pwd, + const hal_security_keys_data_s data, + hal_security_keys_data_s* wrapped_key) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->wrap_concatenated_data(context, algo, hash, + wrapping_key_id, wrapping_key_pwd, + key_id, key_pwd, data, wrapped_key); +} + +EXPORT int hal_security_keys_unwrap_concatenated_data(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s wrapping_key_id, + const hal_security_keys_password_iv_tag_s wrapping_key_pwd, + const hal_security_keys_data_s wrapped_key, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_s key_pwd, + const hal_security_keys_data_type_e key_type, + const size_t key_size_bits, + hal_security_keys_data_s* data, + hal_security_keys_data_s* key_tag) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->unwrap_concatenated_data(context, algo, hash, + wrapping_key_id, wrapping_key_pwd, wrapped_key, + key_id, key_pwd, key_type, key_size_bits, + data, key_tag); +} + +EXPORT int hal_security_keys_encrypt_data_auth(const hal_security_keys_context_s context, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_tag_s key_pwd, + const hal_security_keys_data_s data, + const hal_security_keys_data_s iv, + const hal_security_keys_data_s aad, + const size_t tag_size_bits, + hal_security_keys_data_s* tag, + hal_security_keys_data_s* out) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->encrypt_data_auth(context, key_id, key_pwd, data, iv, aad, tag_size_bits, + tag, out); +} + +EXPORT int hal_security_keys_decrypt_data_auth(const hal_security_keys_context_s context, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_tag_s key_pwd, + const hal_security_keys_data_s data, + const hal_security_keys_data_s iv, + const hal_security_keys_data_s aad, + const size_t tag_size_bits, + const hal_security_keys_data_s tag, + hal_security_keys_data_s* out) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->decrypt_data_auth(context, key_id, key_pwd, data, iv, aad, tag_size_bits, + tag, out); +} + +EXPORT int hal_security_keys_encrypt_data(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_tag_s key_pwd, + const hal_security_keys_data_s data, + const hal_security_keys_data_s iv, + hal_security_keys_data_s* out) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->encrypt_data(context, algo, hash, key_id, key_pwd, data, iv, out); +} + +EXPORT int hal_security_keys_decrypt_data(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_tag_s key_pwd, + const hal_security_keys_data_s data, + const hal_security_keys_data_s iv, + hal_security_keys_data_s* out) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->decrypt_data(context, algo, hash, key_id, key_pwd, data, iv, out); +} + +EXPORT int hal_security_keys_destroy_data(const hal_security_keys_context_s context, + const hal_security_keys_data_s data_id) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->destroy_data(context, data_id); +} + +EXPORT int hal_security_keys_cipher_initialize(const hal_security_keys_context_s context, + const bool encrypt, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_tag_s key_pwd, + const hal_security_keys_data_s iv, + const hal_security_keys_data_s aad, + const size_t tag_size_bits, + hal_security_keys_cipher_context_t* cipher_context) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->cipher_initialize(context, encrypt, key_id, key_pwd, iv, aad, tag_size_bits, + cipher_context); +} + +EXPORT int hal_security_keys_cipher_add_aad(const hal_security_keys_context_s context, + const hal_security_keys_cipher_context_t cipher_context, + const hal_security_keys_data_s aad) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->cipher_add_aad(context, cipher_context, aad); +} + +EXPORT int hal_security_keys_cipher_update(const hal_security_keys_context_s context, + const hal_security_keys_cipher_context_t cipher_context, + const hal_security_keys_data_s data, + hal_security_keys_data_s* out) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->cipher_update(context, cipher_context, data, out); +} + +EXPORT int hal_security_keys_cipher_finalize(const hal_security_keys_context_s context, + const hal_security_keys_cipher_context_t cipher_context, + const hal_security_keys_data_s data, + hal_security_keys_data_s* out) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->cipher_finalize(context, cipher_context, data, out); +} + +EXPORT int hal_security_keys_cipher_free(const hal_security_keys_context_s context, + const hal_security_keys_cipher_context_t cipher_context) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->cipher_free(context, cipher_context); +} + +EXPORT int hal_security_keys_create_signature(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s priv_key_id, + const hal_security_keys_password_iv_tag_s priv_key_pwd, + const hal_security_keys_data_s message, + hal_security_keys_data_s* signature) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->create_signature(context, algo, hash, priv_key_id, priv_key_pwd, + message, signature); +} + +EXPORT int hal_security_keys_verify_signature(const hal_security_keys_context_s context, + const hal_security_keys_algo_type_e algo, + const hal_security_keys_hash_algorithm_e hash, + const hal_security_keys_data_s pub_key_id, + const hal_security_keys_password_iv_tag_s pub_key_pwd, + const hal_security_keys_data_s message, + const hal_security_keys_data_s signature) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->verify_signature(context, algo, hash, pub_key_id, pub_key_pwd, + message, signature); +} + +EXPORT int hal_security_keys_derive_ecdh(const hal_security_keys_context_s context, + const hal_security_keys_ec_type_e ec_type, + const hal_security_keys_data_s pub_key_x, + const hal_security_keys_data_s pub_key_y, + const hal_security_keys_data_s priv_key_id, + const hal_security_keys_password_iv_tag_s priv_key_pwd, + const hal_security_keys_data_s secret_id, + const hal_security_keys_password_iv_s secret_pwd, + hal_security_keys_data_s* secret_tag) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->derive_ecdh(context, ec_type, pub_key_x, pub_key_y, + priv_key_id, priv_key_pwd, + secret_id, secret_pwd, secret_tag); +} + +EXPORT int hal_security_keys_derive_kbkdf(const hal_security_keys_context_s context, + const hal_security_keys_kbkdf_params_s params, + const hal_security_keys_data_s secret_id, + const hal_security_keys_password_iv_tag_s secret_pwd, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_s key_pwd, + hal_security_keys_data_s* key_tag) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->derive_kbkdf(context, params, secret_id, secret_pwd, + key_id, key_pwd, key_tag); +} + +EXPORT int hal_security_keys_derive_hybrid_kbkdf(const hal_security_keys_context_s context, + const hal_security_keys_kbkdf_params_s params, + const hal_security_keys_data_s first_secret_id, + const hal_security_keys_password_iv_tag_s first_secret_pwd, + const hal_security_keys_data_s second_secret_id, + const hal_security_keys_password_iv_tag_s second_secret_pwd, + const hal_security_keys_data_s key_id, + const hal_security_keys_password_iv_s key_pwd, + hal_security_keys_data_s* key_tag) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->derive_hybrid_kbkdf(context, params, first_secret_id, first_secret_pwd, + second_secret_id, second_secret_pwd, + key_id, key_pwd, key_tag); +} + +EXPORT int hal_security_keys_get_max_chunk_size(const hal_security_keys_context_s context, + size_t* chunk_size) +{ + if (!g_security_keys_funcs) + return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED; + return g_security_keys_funcs->get_max_chunk_size(context, chunk_size); +}