1 /* 2 * SPDX-FileCopyrightText: Copyright (c) 2023-2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 * SPDX-License-Identifier: MIT 4 * 5 * Permission is hereby granted, free of charge, to any person obtaining a 6 * copy of this software and associated documentation files (the "Software"), 7 * to deal in the Software without restriction, including without limitation 8 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 9 * and/or sell copies of the Software, and to permit persons to whom the 10 * Software is furnished to do so, subject to the following conditions: 11 * 12 * The above copyright notice and this permission notice shall be included in 13 * all copies or substantial portions of the Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 21 * DEALINGS IN THE SOFTWARE. 22 */ 23 24 #ifndef __INTERNAL_CRYPT_LIB_H__ 25 #define __INTERNAL_CRYPT_LIB_H__ 26 27 /* 28 * This code uses Linux Kernel Crypto API extensively. Web page written by 29 * Stephan Mueller and Marek Vasut is a good starting reference on how linux 30 * kernel provides crypto api. 31 */ 32 #include "conftest.h" 33 34 #include <linux/errno.h> 35 #include <linux/kernel.h> 36 #include <linux/limits.h> 37 #include <linux/random.h> 38 #include <linux/string.h> 39 40 // Check if ECDH/ECDSA are there, on some platforms they might not be... 41 #ifndef AUTOCONF_INCLUDED 42 #if defined(NV_GENERATED_AUTOCONF_H_PRESENT) 43 #include <generated/autoconf.h> 44 #else 45 #include <linux/autoconf.h> 46 #endif 47 #endif 48 #if \ 49 (defined(CONFIG_CRYPTO_AEAD) || defined(CONFIG_CRYPTO_AEAD_MODULE)) && \ 50 (defined(CONFIG_CRYPTO_AKCIPHER) || defined(CONFIG_CRYPTO_AKCIPHER_MODULE)) && \ 51 (defined(CONFIG_CRYPTO_SKCIPHER) || defined(CONFIG_CRYPTO_SKCIPHER_MODULE)) && \ 52 (defined(CONFIG_CRYPTO_HASH) || defined(CONFIG_CRYPTO_HASH_MODULE)) && \ 53 (defined(CONFIG_CRYPTO_HMAC) || defined(CONFIG_CRYPTO_HMAC_MODULE)) && \ 54 (defined(CONFIG_CRYPTO_ECDH) || defined(CONFIG_CRYPTO_ECDH_MODULE)) && \ 55 (defined(CONFIG_CRYPTO_ECDSA) || defined(CONFIG_CRYPTO_ECDSA_MODULE)) && \ 56 (defined(CONFIG_CRYPTO_RSA) || defined(CONFIG_CRYPTO_RSA_MODULE)) && \ 57 (defined(CONFIG_X509_CERTIFICATE_PARSER) || defined(CONFIG_X509_CERTIFICATE_PARSER_MODULE)) 58 #define NV_CONFIG_CRYPTO_PRESENT 1 59 #endif 60 61 /* 62 * It is possible that we don't have access to all the functions we have. This 63 * could be either because we are running non-gpl kernel, because kernel is too 64 * old or even just user disabled. If we should use LKCA, include headers, else 65 * define stubs to return errors. 66 */ 67 #if defined(NV_CRYPTO_PRESENT) && defined (NV_CONFIG_CRYPTO_PRESENT) 68 #define USE_LKCA 1 69 #endif 70 71 #ifdef USE_LKCA 72 #include <linux/crypto.h> 73 #include <linux/scatterlist.h> 74 #include <crypto/aead.h> 75 #include <crypto/algapi.h> 76 #include <crypto/hash.h> 77 #include <crypto/sm3.h> 78 79 // HASH_MAX_DIGESTSIZE is available since 4.20. 80 // This value is accurate as of 6.1 81 #ifndef HASH_MAX_DIGESTSIZE 82 #define HASH_MAX_DIGESTSIZE 64 83 #endif 84 85 #else 86 // Just stub everything out 87 struct shash_desc; 88 struct crypto_shash; 89 #define crypto_shash_setkey(...) -ENOMEM 90 #define crypto_shash_init(...) -ENOMEM 91 #define crypto_shash_update(...) -ENOMEM 92 #define crypto_shash_update(...) -ENOMEM 93 #define crypto_shash_final(...) -ENOMEM 94 #endif 95 96 #define CHAR_BIT 8U 97 #undef SIZE_MAX 98 #define SIZE_MAX 8 99 100 #include "library/cryptlib.h" 101 102 #define LIBSPDM_ASSERT(...) 103 struct lkca_aead_ctx; 104 int lkca_aead_alloc(struct lkca_aead_ctx **ctx, char const *alg); 105 void lkca_aead_free(struct lkca_aead_ctx *ctx); 106 int lkca_aead_ex(struct lkca_aead_ctx *ctx, 107 const uint8_t *key, size_t key_size, 108 uint8_t *iv, size_t iv_size, 109 const uint8_t *data_in, size_t data_in_size, 110 uint8_t *tag, size_t tag_size, 111 uint8_t *data_out, size_t *data_out_size, 112 bool enc); 113 114 int libspdm_aead(const uint8_t *key, size_t key_size, 115 const uint8_t *iv, size_t iv_size, 116 const uint8_t *a_data, size_t a_data_size, 117 const uint8_t *data_in, size_t data_in_size, 118 const uint8_t *tag, size_t tag_size, 119 uint8_t *data_out, size_t *data_out_size, 120 bool enc, char const *alg); 121 122 void *lkca_hash_new(const char* alg_name); 123 void lkca_hash_free(struct shash_desc *ctx); 124 bool lkca_hash_duplicate(struct shash_desc *dst, struct shash_desc const *src); 125 bool lkca_hash_all(const char* alg_name, const void *data, 126 size_t data_size, uint8_t *hash_value); 127 bool lkca_hmac_duplicate(struct shash_desc *dst, struct shash_desc const *src); 128 bool lkca_hmac_set_key(struct shash_desc *ctx, const uint8_t *key, size_t key_size); 129 bool lkca_hmac_all(const char* alg_name, const uint8_t *key, size_t key_size, 130 const uint8_t *data, size_t data_size, uint8_t *hash_value); 131 bool lkca_hkdf_extract_and_expand(const char *alg_name, 132 const uint8_t *key, size_t key_size, 133 const uint8_t *salt, size_t salt_size, 134 const uint8_t *info, size_t info_size, 135 uint8_t *out, size_t out_size); 136 bool lkca_hkdf_expand(const char *alg_name, 137 const uint8_t *prk, size_t prk_size, 138 const uint8_t *info, size_t info_size, 139 uint8_t *out, size_t out_size); 140 141 142 bool lkca_ecdsa_set_priv_key(void *context, uint8_t *key, size_t key_size); 143 bool lkca_ec_set_pub_key(void *ec_context, const uint8_t *public_key, 144 size_t public_key_size); 145 bool lkca_ec_get_pub_key(void *ec_context, uint8_t *public_key, 146 size_t *public_key_size); 147 bool lkca_ec_generate_key(void *ec_context, uint8_t *public_data, 148 size_t *public_size); 149 bool lkca_ec_compute_key(void *ec_context, const uint8_t *peer_public, 150 size_t peer_public_size, uint8_t *key, 151 size_t *key_size); 152 bool lkca_ecdsa_verify(void *ec_context, size_t hash_nid, 153 const uint8_t *message_hash, size_t hash_size, 154 const uint8_t *signature, size_t sig_size); 155 156 bool lkca_rsa_verify(void *rsa_context, size_t hash_nid, 157 const uint8_t *message_hash, size_t hash_size, 158 const uint8_t *signature, size_t sig_size); 159 160 bool lkca_rsa_pkcs1_sign(void *rsa_context, size_t hash_nid, 161 const uint8_t *message_hash, size_t hash_size, 162 uint8_t *signature, size_t *sig_size); 163 164 bool lkca_rsa_pss_sign(void *rsa_context, size_t hash_nid, 165 const uint8_t *message_hash, size_t hash_size, 166 uint8_t *signature, size_t *sig_size); 167 168 #endif 169