1 /*
2  * Copyright (c) 2017-2021, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 
8 #ifndef __PS_CRYPTO_INTERFACE_H__
9 #define __PS_CRYPTO_INTERFACE_H__
10 
11 #include <stddef.h>
12 #include <stdint.h>
13 
14 #include "psa/protected_storage.h"
15 
16 #ifdef __cplusplus
17 extern "C" {
18 #endif
19 
20 #define PS_KEY_LEN_BYTES  16
21 #define PS_TAG_LEN_BYTES  16
22 #define PS_IV_LEN_BYTES   12
23 
24 /* Union containing crypto policy implementations. The ref member provides the
25  * reference implementation. Further members can be added to the union to
26  * provide alternative implementations.
27  */
28 union ps_crypto_t {
29     struct {
30         uint8_t tag[PS_TAG_LEN_BYTES]; /*!< MAC value of AEAD object */
31         psa_storage_uid_t uid;         /*!< UID for key label */
32         int32_t client_id;             /*!< Owner client ID for key label */
33         uint8_t iv[PS_IV_LEN_BYTES];   /*!< IV value of AEAD object */
34     } ref;
35 };
36 
37 /**
38  * \brief Initializes the crypto engine.
39  *
40  * \return Returns values as described in \ref psa_status_t
41  */
42 psa_status_t ps_crypto_init(void);
43 
44 /**
45  * \brief Sets the key to use for crypto operations for the current client.
46  *
47  * \param[in]     key_label       Pointer to the key label
48  * \param[in]     key_label_len   Length of the key label
49  *
50  * \return Returns values as described in \ref psa_status_t
51  */
52 psa_status_t ps_crypto_setkey(const uint8_t *key_label, size_t key_label_len);
53 
54 /**
55  * \brief Destroys the transient key used for crypto operations.
56  *
57  * \return Returns values as described in \ref psa_status_t
58  */
59 psa_status_t ps_crypto_destroykey(void);
60 
61 /**
62  * \brief Encrypts and tags the given plaintext data.
63  *
64  * \param[in,out] crypto    Pointer to the crypto union
65  * \param[in]     add       Pointer to the associated data
66  * \param[in]     add_len   Length of the associated data
67  * \param[in]     in        Pointer to the input data
68  * \param[in]     in_len    Length of the input data
69  * \param[out]    out       Pointer to the output buffer for encrypted data
70  * \param[in]     out_size  Size of the output buffer
71  * \param[out]    out_len   On success, the length of the output data
72  *
73  * \return Returns values as described in \ref psa_status_t
74  */
75 psa_status_t ps_crypto_encrypt_and_tag(union ps_crypto_t *crypto,
76                                        const uint8_t *add,
77                                        size_t add_len,
78                                        const uint8_t *in,
79                                        size_t in_len,
80                                        uint8_t *out,
81                                        size_t out_size,
82                                        size_t *out_len);
83 
84 /**
85  * \brief Decrypts and authenticates the given encrypted data.
86  *
87  * \param[in]  crypto    Pointer to the crypto union
88  * \param[in]  add       Pointer to the associated data
89  * \param[in]  add_len   Length of the associated data
90  * \param[in]  in        Pointer to the input data
91  * \param[in]  in_len    Length of the input data
92  * \param[out] out       Pointer to the output buffer for decrypted data
93  * \param[in]  out_size  Size of the output buffer
94  * \param[out] out_len   On success, the length of the output data
95  *
96  * \return Returns values as described in \ref psa_status_t
97  */
98 psa_status_t ps_crypto_auth_and_decrypt(const union ps_crypto_t *crypto,
99                                         const uint8_t *add,
100                                         size_t add_len,
101                                         uint8_t *in,
102                                         size_t in_len,
103                                         uint8_t *out,
104                                         size_t out_size,
105                                         size_t *out_len);
106 
107 /**
108  * \brief Generates authentication tag for given data.
109  *
110  * \param[in,out] crypto   Pointer to the crypto union
111  * \param[in]     add      Pointer to the data to authenticate
112  * \param[in]     add_len  Length of the data to authenticate
113  *
114  * \return Returns values as described in \ref psa_status_t
115  */
116 psa_status_t ps_crypto_generate_auth_tag(union ps_crypto_t *crypto,
117                                          const uint8_t *add,
118                                          uint32_t add_len);
119 
120 /**
121  * \brief Authenticate given data against the tag.
122  *
123  * \param[in] crypto   Pointer to the crypto union
124  * \param[in] add      Pointer to the data to authenticate
125  * \param[in] add_len  Length of the data to authenticate
126  *
127  * \return Returns values as described in \ref psa_status_t
128  */
129 psa_status_t ps_crypto_authenticate(const union ps_crypto_t *crypto,
130                                     const uint8_t *add,
131                                     uint32_t add_len);
132 
133 /**
134  * \brief Provides current IV value to crypto layer.
135  *
136  * \param[in] crypto  Pointer to the crypto union
137  */
138 void ps_crypto_set_iv(const union ps_crypto_t *crypto);
139 
140 /**
141  * \brief Gets a new IV value into the crypto union.
142  *
143  * \param[out] crypto  Pointer to the crypto union
144  *
145  * \return Returns values as described in \ref psa_status_t
146  */
147 psa_status_t ps_crypto_get_iv(union ps_crypto_t *crypto);
148 
149 #ifdef __cplusplus
150 }
151 #endif
152 
153 #endif /* __PS_CRYPTO_INTERFACE_H__ */
154