Google Git
Sign in
coral / a71ch-crypto-support / 8dc1f1434da50a4b7361d651239c1f3f4f8cc25b / . / sss / inc / fsl_sss_openssl_types.h
blob: f76bf5b39c0c9c7065bccea47cbcd175ffe8a5c4 [file] [log] [blame]
/*
*
* Copyright 2018-2020 NXP
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef SSS_APIS_INC_FSL_SSS_OPENSSL_TYPES_H_
#define SSS_APIS_INC_FSL_SSS_OPENSSL_TYPES_H_
/* ************************************************************************** */
/* Includes */
/* ************************************************************************** */
#include <fsl_sss_api.h>
#if defined(SSS_USE_FTR_FILE)
#include "fsl_sss_ftr.h"
#else
#include "fsl_sss_ftr_default.h"
#endif
#if SSS_HAVE_OPENSSL
#include <fsl_sss_keyid_map.h>
#include <openssl/cmac.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
/**
* @addtogroup sss_sw_openssl
* @{
*/
/* ************************************************************************** */
/* Defines */
/* ************************************************************************** */
#define SSS_SUBSYSTEM_TYPE_IS_OPENSSL(subsystem) (subsystem == kType_SSS_OpenSSL)
#define SSS_SESSION_TYPE_IS_OPENSSL(session) (session && SSS_SUBSYSTEM_TYPE_IS_OPENSSL(session->subsystem))
#define SSS_KEY_STORE_TYPE_IS_OPENSSL(keyStore) (keyStore && SSS_SESSION_TYPE_IS_OPENSSL(keyStore->session))
#define SSS_OBJECT_TYPE_IS_OPENSSL(pObject) (pObject && SSS_KEY_STORE_TYPE_IS_OPENSSL(pObject->keyStore))
#define SSS_ASYMMETRIC_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session))
#define SSS_DERIVE_KEY_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session))
#define SSS_SYMMETRIC_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session))
#define SSS_MAC_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session))
#define SSS_RNG_CONTEXT_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session))
#define SSS_DIGEST_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session))
#define SSS_AEAD_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session))
/* ************************************************************************** */
/* Structrues and Typedefs */
/* ************************************************************************** */
struct _sss_openssl_session;
typedef struct _sss_openssl_session
{
/*! Indicates which security subsystem is selected to be used. */
sss_type_t subsystem;
/* Root Path for persitant key store */
const char *szRootPath;
} sss_openssl_session_t;
struct _sss_openssl_object;
typedef struct _sss_openssl_key_store
{
sss_openssl_session_t *session;
/*! Implementation specific part */
struct _sss_openssl_object **objects;
uint32_t max_object_count;
keyStoreTable_t *keystore_shadow;
} sss_openssl_key_store_t;
typedef struct _sss_openssl_object
{
/*! key store holding the data and other properties */
sss_openssl_key_store_t *keyStore;
/*! Object types */
uint32_t objectType;
uint32_t cipherType;
/*! Application specific key identifier. The keyId is kept in the key store
* along with the key data and other properties. */
uint32_t keyId;
/*! Implementation specific part */
/** Contents are malloced, so must be freed */
uint32_t contents_must_free : 1;
/** Type of key. Persistnet/trainsient @ref sss_key_object_mode_t */
uint32_t keyMode : 3;
/** Max size allocated */
size_t contents_max_size;
size_t contents_size;
size_t keyBitLen;
uint32_t user_id;
sss_mode_t purpose;
sss_access_permission_t accessRights;
/* malloced / referenced contents */
void *contents;
} sss_openssl_object_t;
typedef struct _sss_openssl_derive_key
{
sss_openssl_session_t *session;
sss_openssl_object_t *keyObject;
sss_algorithm_t algorithm; /*! */
sss_mode_t mode; /*! */
} sss_openssl_derive_key_t;
typedef struct _sss_openssl_asymmetric
{
sss_openssl_session_t *session;
sss_openssl_object_t *keyObject;
sss_algorithm_t algorithm; /*! */
sss_mode_t mode; /*! */
} sss_openssl_asymmetric_t;
typedef struct _sss_openssl_symmetric
{
/*! Virtual connection between application (user context) and specific
* security subsystem and function thereof. */
sss_openssl_session_t *session;
sss_openssl_object_t *keyObject; /*!< Reference to key and it's properties. */
sss_algorithm_t algorithm; /*! */
sss_mode_t mode; /*! */
EVP_CIPHER_CTX *cipher_ctx;
uint8_t cache_data[16];
size_t cache_data_len;
} sss_openssl_symmetric_t;
typedef struct
{
sss_openssl_session_t *session;
sss_openssl_object_t *keyObject; /*!< Reference to key and it's properties. */
sss_algorithm_t algorithm; /*! */
sss_mode_t mode; /*! */
CMAC_CTX *cmac_ctx;
HMAC_CTX *hmac_ctx;
} sss_openssl_mac_t;
typedef struct _sss_openssl_aead
{
/*! Virtual connection between application (user context) and specific
* security subsystem and function thereof. */
sss_openssl_session_t *session;
sss_openssl_object_t *keyObject; /*!< Reference to key and it's properties. */
sss_algorithm_t algorithm; /*!< */
sss_mode_t mode; /*!< */
/*! Implementation specific part */
EVP_CIPHER_CTX *aead_ctx; /*!< Reference to aead context. */
uint8_t cache_data[16]; /*!< Cache for GCM data */
size_t cache_data_len; /*!< Store GCM Cache len*/
uint8_t *pCcm_data; /*!< Ref to CCM data dynamic allocated.. */
size_t ccm_dataTotalLen; /*!< Store CCM data total len. */
size_t ccm_dataoffset; /*!< Store CCM data offset. */
uint8_t *pCcm_tag; /*!< Reference to tag. */
size_t ccm_tagLen; /*!< Store tag len. */
const uint8_t *pCcm_aad; /*!< Reference to AAD */
size_t ccm_aadLen; /*!< Store AAD len. */
const uint8_t *pCcm_iv; /*!< Reference to IV. */
size_t ccm_ivLen; /*!< Store IV len. */
} sss_openssl_aead_t;
typedef struct _sss_openssl_digest
{
/*! Virtual connection between application (user context) and specific
* security subsystem and function thereof. */
sss_openssl_session_t *session;
sss_algorithm_t algorithm; /*!< */
sss_mode_t mode; /*!< */
/*! Full digest length per algorithm definition. This field is initialized along with algorithm. */
size_t digestFullLen;
/*! Implementation specific part */
EVP_MD_CTX *mdctx;
} sss_openssl_digest_t;
typedef struct
{
sss_openssl_session_t *session;
} sss_openssl_rng_context_t;
/* ************************************************************************** */
/* Global Variables */
/* ************************************************************************** */
/* ************************************************************************** */
/* Functions */
/* ************************************************************************** */
/** Similar to @ref sss_openssl_asymmetric_sign_digest,
*
* but hashing/digest done by openssl
*/
sss_status_t sss_openssl_asymmetric_sign(
sss_openssl_asymmetric_t *context, uint8_t *srcData, size_t srcLen, uint8_t *signature, size_t *signatureLen);
/** Similar to @ref sss_openssl_asymmetric_verify_digest,
* but hashing/digest done by openssl
*
*/
sss_status_t sss_openssl_asymmetric_verify(
sss_openssl_asymmetric_t *context, uint8_t *srcData, size_t srcLen, uint8_t *signature, size_t signatureLen);
/** Store key inside persistant key store */
sss_status_t ks_openssl_store_key(const sss_openssl_object_t *sss_key);
sss_status_t ks_openssl_load_key(sss_openssl_object_t *sss_key, keyStoreTable_t *keystore_shadow, uint32_t extKeyId);
sss_status_t ks_openssl_fat_update(sss_openssl_key_store_t *keyStore);
sss_status_t ks_openssl_remove_key(const sss_openssl_object_t *sss_key);
sss_status_t sss_openssl_key_object_allocate(sss_openssl_object_t *keyObject,
uint32_t keyId,
sss_key_part_t keyPart,
sss_cipher_type_t cipherType,
size_t keyByteLenMax,
uint32_t keyMode);
/** @} */
#endif /* SSS_HAVE_OPENSSL */
#endif /* SSS_APIS_INC_FSL_SSS_OPENSSL_TYPES_H_ */