Zephyr API Documentation  3.5.0
A Scalable Open Source RTOS
3.5.0
All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Modules Pages
crypto.h
Go to the documentation of this file.
1/*
2 * Copyright (c) 2016 Intel Corporation.
3 *
4 * SPDX-License-Identifier: Apache-2.0
5 */
6
17#ifndef ZEPHYR_INCLUDE_CRYPTO_H_
18#define ZEPHYR_INCLUDE_CRYPTO_H_
19
20#include <zephyr/device.h>
21#include <errno.h>
22#include <zephyr/sys/util.h>
23#include <zephyr/sys/__assert.h>
24#include <zephyr/crypto/hash.h>
25#include "cipher.h"
26
35/* ctx.flags values. Not all drivers support all flags.
36 * A user app can query the supported hw / driver
37 * capabilities via provided API (crypto_query_hwcaps()), and choose a
38 * supported config during the session setup.
39 */
40#define CAP_OPAQUE_KEY_HNDL BIT(0)
41#define CAP_RAW_KEY BIT(1)
42
43/* TBD to define */
44#define CAP_KEY_LOADING_API BIT(2)
45
47#define CAP_INPLACE_OPS BIT(3)
48#define CAP_SEPARATE_IO_BUFS BIT(4)
49
54#define CAP_SYNC_OPS BIT(5)
55#define CAP_ASYNC_OPS BIT(6)
56
58#define CAP_AUTONONCE BIT(7)
59
61#define CAP_NO_IV_PREFIX BIT(8)
62
63/* More flags to be added as necessary */
64
66__subsystem struct crypto_driver_api {
67 int (*query_hw_caps)(const struct device *dev);
68
69 /* Setup a crypto session */
70 int (*cipher_begin_session)(const struct device *dev, struct cipher_ctx *ctx,
71 enum cipher_algo algo, enum cipher_mode mode,
72 enum cipher_op op_type);
73
74 /* Tear down an established session */
75 int (*cipher_free_session)(const struct device *dev, struct cipher_ctx *ctx);
76
77 /* Register async crypto op completion callback with the driver */
78 int (*cipher_async_callback_set)(const struct device *dev,
79 cipher_completion_cb cb);
80
81 /* Setup a hash session */
82 int (*hash_begin_session)(const struct device *dev, struct hash_ctx *ctx,
83 enum hash_algo algo);
84 /* Tear down an established hash session */
85 int (*hash_free_session)(const struct device *dev, struct hash_ctx *ctx);
86 /* Register async hash op completion callback with the driver */
87 int (*hash_async_callback_set)(const struct device *dev,
88 hash_completion_cb cb);
89};
90
91/* Following are the public API a user app may call.
92 * The first two relate to crypto "session" setup / teardown. Further we
93 * have four cipher mode specific (CTR, CCM, CBC ...) calls to perform the
94 * actual crypto operation in the context of a session. Also we have an
95 * API to provide the callback for async operations.
96 */
97
109static inline int crypto_query_hwcaps(const struct device *dev)
110{
111 struct crypto_driver_api *api;
112 int tmp;
113
114 api = (struct crypto_driver_api *) dev->api;
115
116 tmp = api->query_hw_caps(dev);
117
118 __ASSERT((tmp & (CAP_OPAQUE_KEY_HNDL | CAP_RAW_KEY)) != 0,
119 "Driver should support at least one key type: RAW/Opaque");
120
121 __ASSERT((tmp & (CAP_INPLACE_OPS | CAP_SEPARATE_IO_BUFS)) != 0,
122 "Driver should support at least one IO buf type: Inplace/separate");
123
124 __ASSERT((tmp & (CAP_SYNC_OPS | CAP_ASYNC_OPS)) != 0,
125 "Driver should support at least one op-type: sync/async");
126 return tmp;
127
128}
129
160static inline int cipher_begin_session(const struct device *dev,
161 struct cipher_ctx *ctx,
162 enum cipher_algo algo,
163 enum cipher_mode mode,
164 enum cipher_op optype)
165{
166 struct crypto_driver_api *api;
167 uint32_t flags;
168
169 api = (struct crypto_driver_api *) dev->api;
170 ctx->device = dev;
171 ctx->ops.cipher_mode = mode;
172
173 flags = (ctx->flags & (CAP_OPAQUE_KEY_HNDL | CAP_RAW_KEY));
174 __ASSERT(flags != 0U, "Keytype missing: RAW Key or OPAQUE handle");
175 __ASSERT(flags != (CAP_OPAQUE_KEY_HNDL | CAP_RAW_KEY),
176 "conflicting options for keytype");
177
178 flags = (ctx->flags & (CAP_INPLACE_OPS | CAP_SEPARATE_IO_BUFS));
179 __ASSERT(flags != 0U, "IO buffer type missing");
180 __ASSERT(flags != (CAP_INPLACE_OPS | CAP_SEPARATE_IO_BUFS),
181 "conflicting options for IO buffer type");
182
183 flags = (ctx->flags & (CAP_SYNC_OPS | CAP_ASYNC_OPS));
184 __ASSERT(flags != 0U, "sync/async type missing");
185 __ASSERT(flags != (CAP_SYNC_OPS | CAP_ASYNC_OPS),
186 "conflicting options for sync/async");
187
188 return api->cipher_begin_session(dev, ctx, algo, mode, optype);
189}
190
202static inline int cipher_free_session(const struct device *dev,
203 struct cipher_ctx *ctx)
204{
205 struct crypto_driver_api *api;
206
207 api = (struct crypto_driver_api *) dev->api;
208
209 return api->cipher_free_session(dev, ctx);
210}
211
226static inline int cipher_callback_set(const struct device *dev,
227 cipher_completion_cb cb)
228{
229 struct crypto_driver_api *api;
230
231 api = (struct crypto_driver_api *) dev->api;
232
233 if (api->cipher_async_callback_set) {
234 return api->cipher_async_callback_set(dev, cb);
235 }
236
237 return -ENOTSUP;
238
239}
240
250static inline int cipher_block_op(struct cipher_ctx *ctx,
251 struct cipher_pkt *pkt)
252{
253 __ASSERT(ctx->ops.cipher_mode == CRYPTO_CIPHER_MODE_ECB, "ECB mode "
254 "session invoking a different mode handler");
255
256 pkt->ctx = ctx;
257 return ctx->ops.block_crypt_hndlr(ctx, pkt);
258}
259
271static inline int cipher_cbc_op(struct cipher_ctx *ctx,
272 struct cipher_pkt *pkt, uint8_t *iv)
273{
274 __ASSERT(ctx->ops.cipher_mode == CRYPTO_CIPHER_MODE_CBC, "CBC mode "
275 "session invoking a different mode handler");
276
277 pkt->ctx = ctx;
278 return ctx->ops.cbc_crypt_hndlr(ctx, pkt, iv);
279}
280
298static inline int cipher_ctr_op(struct cipher_ctx *ctx,
299 struct cipher_pkt *pkt, uint8_t *iv)
300{
301 __ASSERT(ctx->ops.cipher_mode == CRYPTO_CIPHER_MODE_CTR, "CTR mode "
302 "session invoking a different mode handler");
303
304 pkt->ctx = ctx;
305 return ctx->ops.ctr_crypt_hndlr(ctx, pkt, iv);
306}
307
320static inline int cipher_ccm_op(struct cipher_ctx *ctx,
321 struct cipher_aead_pkt *pkt, uint8_t *nonce)
322{
323 __ASSERT(ctx->ops.cipher_mode == CRYPTO_CIPHER_MODE_CCM, "CCM mode "
324 "session invoking a different mode handler");
325
326 pkt->pkt->ctx = ctx;
327 return ctx->ops.ccm_crypt_hndlr(ctx, pkt, nonce);
328}
329
342static inline int cipher_gcm_op(struct cipher_ctx *ctx,
343 struct cipher_aead_pkt *pkt, uint8_t *nonce)
344{
345 __ASSERT(ctx->ops.cipher_mode == CRYPTO_CIPHER_MODE_GCM, "GCM mode "
346 "session invoking a different mode handler");
347
348 pkt->pkt->ctx = ctx;
349 return ctx->ops.gcm_crypt_hndlr(ctx, pkt, nonce);
350}
351
352
382static inline int hash_begin_session(const struct device *dev,
383 struct hash_ctx *ctx,
384 enum hash_algo algo)
385{
386 uint32_t flags;
387 struct crypto_driver_api *api;
388
389 api = (struct crypto_driver_api *) dev->api;
390 ctx->device = dev;
391
392 flags = (ctx->flags & (CAP_INPLACE_OPS | CAP_SEPARATE_IO_BUFS));
393 __ASSERT(flags != 0U, "IO buffer type missing");
394 __ASSERT(flags != (CAP_INPLACE_OPS | CAP_SEPARATE_IO_BUFS),
395 "conflicting options for IO buffer type");
396
397 flags = (ctx->flags & (CAP_SYNC_OPS | CAP_ASYNC_OPS));
398 __ASSERT(flags != 0U, "sync/async type missing");
399 __ASSERT(flags != (CAP_SYNC_OPS | CAP_ASYNC_OPS),
400 "conflicting options for sync/async");
401
402
403 return api->hash_begin_session(dev, ctx, algo);
404}
405
417static inline int hash_free_session(const struct device *dev,
418 struct hash_ctx *ctx)
419{
420 struct crypto_driver_api *api;
421
422 api = (struct crypto_driver_api *) dev->api;
423
424 return api->hash_free_session(dev, ctx);
425}
426
441static inline int hash_callback_set(const struct device *dev,
442 hash_completion_cb cb)
443{
444 struct crypto_driver_api *api;
445
446 api = (struct crypto_driver_api *) dev->api;
447
448 if (api->hash_async_callback_set) {
449 return api->hash_async_callback_set(dev, cb);
450 }
451
452 return -ENOTSUP;
453
454}
455
464static inline int hash_compute(struct hash_ctx *ctx, struct hash_pkt *pkt)
465{
466 pkt->ctx = ctx;
467
468 return ctx->hash_hndlr(ctx, pkt, true);
469}
470
483static inline int hash_update(struct hash_ctx *ctx, struct hash_pkt *pkt)
484{
485 pkt->ctx = ctx;
486
487 return ctx->hash_hndlr(ctx, pkt, false);
488}
489
494#endif /* ZEPHYR_INCLUDE_CRYPTO_H_ */
__assert.h
cipher.h
Crypto Cipher structure definitions.
errno.h
System error numbers.
cipher_block_op
static int cipher_block_op(struct cipher_ctx *ctx, struct cipher_pkt *pkt)
Perform single-block crypto operation (ECB cipher mode).
Definition: crypto.h:250
cipher_completion_cb
void(* cipher_completion_cb)(struct cipher_pkt *completed, int status)
Definition: cipher.h:242
cipher_begin_session
static int cipher_begin_session(const struct device *dev, struct cipher_ctx *ctx, enum cipher_algo algo, enum cipher_mode mode, enum cipher_op optype)
Setup a crypto session.
Definition: crypto.h:160
cipher_op
cipher_op
Cipher Operation.
Definition: cipher.h:34
cipher_cbc_op
static int cipher_cbc_op(struct cipher_ctx *ctx, struct cipher_pkt *pkt, uint8_t *iv)
Perform Cipher Block Chaining (CBC) crypto operation.
Definition: crypto.h:271
cipher_gcm_op
static int cipher_gcm_op(struct cipher_ctx *ctx, struct cipher_aead_pkt *pkt, uint8_t *nonce)
Perform Galois/Counter Mode (GCM) crypto operation.
Definition: crypto.h:342
cipher_ccm_op
static int cipher_ccm_op(struct cipher_ctx *ctx, struct cipher_aead_pkt *pkt, uint8_t *nonce)
Perform Counter with CBC-MAC (CCM) mode crypto operation.
Definition: crypto.h:320
cipher_algo
cipher_algo
Cipher Algorithm.
Definition: cipher.h:29
cipher_free_session
static int cipher_free_session(const struct device *dev, struct cipher_ctx *ctx)
Cleanup a crypto session.
Definition: crypto.h:202
cipher_callback_set
static int cipher_callback_set(const struct device *dev, cipher_completion_cb cb)
Registers an async crypto op completion callback with the driver.
Definition: crypto.h:226
cipher_mode
cipher_mode
Possible cipher mode options.
Definition: cipher.h:44
cipher_ctr_op
static int cipher_ctr_op(struct cipher_ctx *ctx, struct cipher_pkt *pkt, uint8_t *iv)
Perform Counter (CTR) mode crypto operation.
Definition: crypto.h:298
CRYPTO_CIPHER_MODE_GCM
@ CRYPTO_CIPHER_MODE_GCM
Definition: cipher.h:49
CRYPTO_CIPHER_MODE_ECB
@ CRYPTO_CIPHER_MODE_ECB
Definition: cipher.h:45
CRYPTO_CIPHER_MODE_CCM
@ CRYPTO_CIPHER_MODE_CCM
Definition: cipher.h:48
CRYPTO_CIPHER_MODE_CTR
@ CRYPTO_CIPHER_MODE_CTR
Definition: cipher.h:47
CRYPTO_CIPHER_MODE_CBC
@ CRYPTO_CIPHER_MODE_CBC
Definition: cipher.h:46
hash_completion_cb
void(* hash_completion_cb)(struct hash_pkt *completed, int status)
Definition: hash.h:114
hash_compute
static int hash_compute(struct hash_ctx *ctx, struct hash_pkt *pkt)
Perform a cryptographic hash function.
Definition: crypto.h:464
hash_begin_session
static int hash_begin_session(const struct device *dev, struct hash_ctx *ctx, enum hash_algo algo)
Setup a hash session.
Definition: crypto.h:382
hash_callback_set
static int hash_callback_set(const struct device *dev, hash_completion_cb cb)
Registers an async hash completion callback with the driver.
Definition: crypto.h:441
hash_algo
hash_algo
Hash algorithm.
Definition: hash.h:26
hash_free_session
static int hash_free_session(const struct device *dev, struct hash_ctx *ctx)
Cleanup a hash session.
Definition: crypto.h:417
hash_update
static int hash_update(struct hash_ctx *ctx, struct hash_pkt *pkt)
Perform a cryptographic multipart hash operation.
Definition: crypto.h:483
CAP_SYNC_OPS
#define CAP_SYNC_OPS
These denotes if the output (completion of a cipher_xxx_op) is conveyed by the op function returning,...
Definition: crypto.h:54
CAP_INPLACE_OPS
#define CAP_INPLACE_OPS
Whether the output is placed in separate buffer or not.
Definition: crypto.h:47
CAP_ASYNC_OPS
#define CAP_ASYNC_OPS
Definition: crypto.h:55
CAP_OPAQUE_KEY_HNDL
#define CAP_OPAQUE_KEY_HNDL
Definition: crypto.h:40
CAP_SEPARATE_IO_BUFS
#define CAP_SEPARATE_IO_BUFS
Definition: crypto.h:48
CAP_RAW_KEY
#define CAP_RAW_KEY
Definition: crypto.h:41
crypto_query_hwcaps
static int crypto_query_hwcaps(const struct device *dev)
Query the crypto hardware capabilities.
Definition: crypto.h:109
ENOTSUP
#define ENOTSUP
Unsupported value.
Definition: errno.h:115
hash.h
Crypto Hash APIs.
flags
flags
Definition: parser.h:96
uint32_t
__UINT32_TYPE__ uint32_t
Definition: stdint.h:90
uint8_t
__UINT8_TYPE__ uint8_t
Definition: stdint.h:88
cipher_aead_pkt
Structure encoding IO parameters in AEAD (Authenticated Encryption with Associated Data) scenario lik...
Definition: cipher.h:217
cipher_aead_pkt::pkt
struct cipher_pkt * pkt
Definition: cipher.h:219
cipher_ctx
Structure encoding session parameters.
Definition: cipher.h:110
cipher_ctx::device
const struct device * device
The device driver instance this crypto context relates to.
Definition: cipher.h:131
cipher_ctx::flags
uint16_t flags
How certain fields are to be interpreted for this session.
Definition: cipher.h:169
cipher_ctx::ops
struct cipher_ops ops
Place for driver to return function pointers to be invoked per cipher operation.
Definition: cipher.h:116
cipher_ops::block_crypt_hndlr
block_op_t block_crypt_hndlr
Definition: cipher.h:79
cipher_ops::gcm_crypt_hndlr
gcm_op_t gcm_crypt_hndlr
Definition: cipher.h:83
cipher_ops::cipher_mode
enum cipher_mode cipher_mode
Definition: cipher.h:76
cipher_ops::cbc_crypt_hndlr
cbc_op_t cbc_crypt_hndlr
Definition: cipher.h:80
cipher_ops::ctr_crypt_hndlr
ctr_op_t ctr_crypt_hndlr
Definition: cipher.h:81
cipher_ops::ccm_crypt_hndlr
ccm_op_t ccm_crypt_hndlr
Definition: cipher.h:82
cipher_pkt
Structure encoding IO parameters of one cryptographic operation like encrypt/decrypt.
Definition: cipher.h:180
cipher_pkt::ctx
struct cipher_ctx * ctx
Context this packet relates to.
Definition: cipher.h:208
crypto_driver_api
Crypto driver API definition.
Definition: crypto.h:66
crypto_driver_api::query_hw_caps
int(* query_hw_caps)(const struct device *dev)
Definition: crypto.h:67
crypto_driver_api::cipher_async_callback_set
int(* cipher_async_callback_set)(const struct device *dev, cipher_completion_cb cb)
Definition: crypto.h:78
crypto_driver_api::hash_begin_session
int(* hash_begin_session)(const struct device *dev, struct hash_ctx *ctx, enum hash_algo algo)
Definition: crypto.h:82
crypto_driver_api::cipher_free_session
int(* cipher_free_session)(const struct device *dev, struct cipher_ctx *ctx)
Definition: crypto.h:75
crypto_driver_api::hash_async_callback_set
int(* hash_async_callback_set)(const struct device *dev, hash_completion_cb cb)
Definition: crypto.h:87
crypto_driver_api::hash_free_session
int(* hash_free_session)(const struct device *dev, struct hash_ctx *ctx)
Definition: crypto.h:85
crypto_driver_api::cipher_begin_session
int(* cipher_begin_session)(const struct device *dev, struct cipher_ctx *ctx, enum cipher_algo algo, enum cipher_mode mode, enum cipher_op op_type)
Definition: crypto.h:70
device
Runtime device structure (in ROM) per driver instance.
Definition: device.h:381
device::api
const void * api
Address of the API structure exposed by the device instance.
Definition: device.h:387
hash_ctx
Structure encoding session parameters.
Definition: hash.h:47
hash_ctx::hash_hndlr
hash_op_t hash_hndlr
Hash handler set up when the session begins.
Definition: hash.h:65
hash_ctx::flags
uint16_t flags
How certain fields are to be interpreted for this session.
Definition: hash.h:78
hash_ctx::device
const struct device * device
The device driver instance this crypto context relates to.
Definition: hash.h:51
hash_pkt
Structure encoding IO parameters of a hash operation.
Definition: hash.h:88
hash_pkt::ctx
struct hash_ctx * ctx
Context this packet relates to.
Definition: hash.h:107
util.h
Misc utilities.