1 /*
2 * SPDX-FileCopyrightText: Copyright (c) 2023-2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
3 * SPDX-License-Identifier: MIT
4 *
5 * Permission is hereby granted, free of charge, to any person obtaining a
6 * copy of this software and associated documentation files (the "Software"),
7 * to deal in the Software without restriction, including without limitation
8 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
9 * and/or sell copies of the Software, and to permit persons to whom the
10 * Software is furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be included in
13 * all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
21 * DEALINGS IN THE SOFTWARE.
22 */
23 
24 #ifndef __INTERNAL_CRYPT_LIB_H__
25 #define __INTERNAL_CRYPT_LIB_H__
26 
27 /*
28  * This code uses Linux Kernel Crypto API extensively. Web page written by
29  * Stephan Mueller and Marek Vasut is a good starting reference on how linux
30  * kernel provides crypto api.
31  */
32 #include "conftest.h"
33 
34 #include <linux/errno.h>
35 #include <linux/kernel.h>
36 #include <linux/limits.h>
37 #include <linux/random.h>
38 #include <linux/string.h>
39 
40 // Check if ECDH/ECDSA are there, on some platforms they might not be...
41 #ifndef AUTOCONF_INCLUDED
42 #if defined(NV_GENERATED_AUTOCONF_H_PRESENT)
43 #include <generated/autoconf.h>
44 #else
45 #include <linux/autoconf.h>
46 #endif
47 #endif
48 #if \
49     (defined(CONFIG_CRYPTO_AEAD) || defined(CONFIG_CRYPTO_AEAD_MODULE)) && \
50     (defined(CONFIG_CRYPTO_AKCIPHER) || defined(CONFIG_CRYPTO_AKCIPHER_MODULE)) && \
51     (defined(CONFIG_CRYPTO_SKCIPHER) || defined(CONFIG_CRYPTO_SKCIPHER_MODULE)) && \
52     (defined(CONFIG_CRYPTO_HASH) || defined(CONFIG_CRYPTO_HASH_MODULE)) && \
53     (defined(CONFIG_CRYPTO_HMAC) || defined(CONFIG_CRYPTO_HMAC_MODULE)) && \
54     (defined(CONFIG_CRYPTO_ECDH) || defined(CONFIG_CRYPTO_ECDH_MODULE)) && \
55     (defined(CONFIG_CRYPTO_ECDSA) || defined(CONFIG_CRYPTO_ECDSA_MODULE)) && \
56     (defined(CONFIG_CRYPTO_RSA) || defined(CONFIG_CRYPTO_RSA_MODULE)) && \
57     (defined(CONFIG_X509_CERTIFICATE_PARSER) || defined(CONFIG_X509_CERTIFICATE_PARSER_MODULE))
58 #define NV_CONFIG_CRYPTO_PRESENT 1
59 #endif
60 
61 /*
62  * It is possible that we don't have access to all the functions we have. This
63  * could be either because we are running non-gpl kernel, because kernel is too
64  * old or even just user disabled. If we should use LKCA, include headers, else
65  * define stubs to return errors.
66  */
67 #if defined(NV_CRYPTO_PRESENT) && defined (NV_CONFIG_CRYPTO_PRESENT)
68 #define USE_LKCA 1
69 #endif
70 
71 #ifdef USE_LKCA
72 #include <linux/crypto.h>
73 #include <linux/scatterlist.h>
74 #include <crypto/aead.h>
75 #include <crypto/algapi.h>
76 #include <crypto/hash.h>
77 #include <crypto/sm3.h>
78 
79 // HASH_MAX_DIGESTSIZE is available since 4.20.
80 // This value is accurate as of 6.1
81 #ifndef HASH_MAX_DIGESTSIZE
82 #define HASH_MAX_DIGESTSIZE 64
83 #endif
84 
85 #else
86 // Just stub everything out
87 struct shash_desc;
88 struct crypto_shash;
89 #define crypto_shash_setkey(...) -ENOMEM
90 #define crypto_shash_init(...) -ENOMEM
91 #define crypto_shash_update(...) -ENOMEM
92 #define crypto_shash_update(...) -ENOMEM
93 #define crypto_shash_final(...) -ENOMEM
94 #endif
95 
96 #define CHAR_BIT 8U
97 #undef SIZE_MAX
98 #define SIZE_MAX 8
99 
100 #include "library/cryptlib.h"
101 
102 #define LIBSPDM_ASSERT(...)
103 struct lkca_aead_ctx;
104 int lkca_aead_alloc(struct lkca_aead_ctx **ctx, char const *alg);
105 void lkca_aead_free(struct lkca_aead_ctx *ctx);
106 int lkca_aead_ex(struct lkca_aead_ctx *ctx,
107                  const uint8_t *key, size_t key_size,
108                  uint8_t *iv, size_t iv_size,
109                  const uint8_t *data_in, size_t data_in_size,
110                  uint8_t *tag, size_t tag_size,
111                  uint8_t *data_out, size_t *data_out_size,
112                  bool enc);
113 
114 int libspdm_aead(const uint8_t *key, size_t key_size,
115                  const uint8_t *iv, size_t iv_size,
116                  const uint8_t *a_data, size_t a_data_size,
117                  const uint8_t *data_in, size_t data_in_size,
118                  const uint8_t *tag, size_t tag_size,
119                  uint8_t *data_out, size_t *data_out_size,
120                  bool enc, char const *alg);
121 
122 void *lkca_hash_new(const char* alg_name);
123 void lkca_hash_free(struct shash_desc *ctx);
124 bool lkca_hash_duplicate(struct shash_desc *dst, struct shash_desc const *src);
125 bool lkca_hash_all(const char* alg_name, const void *data,
126                    size_t data_size, uint8_t *hash_value);
127 bool lkca_hmac_duplicate(struct shash_desc *dst, struct shash_desc const *src);
128 bool lkca_hmac_set_key(struct shash_desc *ctx, const uint8_t *key, size_t key_size);
129 bool lkca_hmac_all(const char* alg_name, const uint8_t *key, size_t key_size,
130                    const uint8_t *data, size_t data_size, uint8_t *hash_value);
131 bool lkca_hkdf_extract_and_expand(const char *alg_name,
132                                   const uint8_t *key, size_t key_size,
133                                   const uint8_t *salt, size_t salt_size,
134                                   const uint8_t *info, size_t info_size,
135                                   uint8_t *out, size_t out_size);
136 bool lkca_hkdf_expand(const char *alg_name,
137                       const uint8_t *prk, size_t prk_size,
138                       const uint8_t *info, size_t info_size,
139                       uint8_t *out, size_t out_size);
140 
141 
142 bool lkca_ecdsa_set_priv_key(void *context, uint8_t *key, size_t key_size);
143 bool lkca_ec_set_pub_key(void *ec_context, const uint8_t *public_key,
144                          size_t public_key_size);
145 bool lkca_ec_get_pub_key(void *ec_context, uint8_t *public_key,
146                          size_t *public_key_size);
147 bool lkca_ec_generate_key(void *ec_context, uint8_t *public_data,
148                           size_t *public_size);
149 bool lkca_ec_compute_key(void *ec_context, const uint8_t *peer_public,
150                          size_t peer_public_size, uint8_t *key,
151                          size_t *key_size);
152 bool lkca_ecdsa_verify(void *ec_context, size_t hash_nid,
153                        const uint8_t *message_hash, size_t hash_size,
154                        const uint8_t *signature, size_t sig_size);
155 
156 bool lkca_rsa_verify(void *rsa_context, size_t hash_nid,
157                      const uint8_t *message_hash, size_t hash_size,
158                      const uint8_t *signature, size_t sig_size);
159 
160 bool lkca_rsa_pkcs1_sign(void *rsa_context, size_t hash_nid,
161                          const uint8_t *message_hash, size_t hash_size,
162                          uint8_t *signature, size_t *sig_size);
163 
164 bool lkca_rsa_pss_sign(void *rsa_context, size_t hash_nid,
165                        const uint8_t *message_hash, size_t hash_size,
166                        uint8_t *signature, size_t *sig_size);
167 
168 #endif
169