Zephyr API Documentation 4.4.99
A Scalable Open Source RTOS
Loading...
Searching...
No Matches
crypto.h
Go to the documentation of this file.
1/*
2 * Copyright (c) 2016 Intel Corporation.
3 *
4 * SPDX-License-Identifier: Apache-2.0
5 */
6
14
15#ifndef ZEPHYR_INCLUDE_CRYPTO_H_
16#define ZEPHYR_INCLUDE_CRYPTO_H_
17
18#include <zephyr/device.h>
19#include <errno.h>
20#include <zephyr/sys/util.h>
21#include <zephyr/sys/__assert.h>
22#include <zephyr/crypto/hash.h>
23#include "cipher.h"
24
33
44
46#define CAP_OPAQUE_KEY_HNDL BIT(0)
47
49#define CAP_RAW_KEY BIT(1)
50
52#define CAP_KEY_LOADING_API BIT(2)
53
55#define CAP_INPLACE_OPS BIT(3)
56
58#define CAP_SEPARATE_IO_BUFS BIT(4)
59
61#define CAP_SYNC_OPS BIT(5)
62
64#define CAP_ASYNC_OPS BIT(6)
65
67#define CAP_AUTONONCE BIT(7)
68
70#define CAP_NO_IV_PREFIX BIT(8)
71
75
80
85typedef int (*crypto_api_query_hw_caps)(const struct device *dev);
86
91typedef int (*crypto_api_cipher_begin_session)(const struct device *dev, struct cipher_ctx *ctx,
92 enum cipher_algo algo, enum cipher_mode mode,
93 enum cipher_op op_type);
94
99typedef int (*crypto_api_cipher_free_session)(const struct device *dev, struct cipher_ctx *ctx);
100
105typedef int (*crypto_api_cipher_async_callback_set)(const struct device *dev,
106 cipher_completion_cb cb);
107
112typedef int (*crypto_api_hash_begin_session)(const struct device *dev, struct hash_ctx *ctx,
113 enum hash_algo algo);
114
119typedef int (*crypto_api_hash_free_session)(const struct device *dev, struct hash_ctx *ctx);
120
125typedef int (*crypto_api_hash_async_callback_set)(const struct device *dev, hash_completion_cb cb);
126
152
156
157/* Following are the public API a user app may call.
158 * The first two relate to crypto "session" setup / teardown. Further we
159 * have four cipher mode specific (CTR, CCM, CBC ...) calls to perform the
160 * actual crypto operation in the context of a session. Also we have an
161 * API to provide the callback for async operations.
162 */
163
175static inline int crypto_query_hwcaps(const struct device *dev)
176{
177 const struct crypto_driver_api *api = DEVICE_API_GET(crypto, dev);
178 int tmp;
179
180 tmp = api->query_hw_caps(dev);
181
182 __ASSERT((tmp & (CAP_OPAQUE_KEY_HNDL | CAP_RAW_KEY)) != 0,
183 "Driver should support at least one key type: RAW/Opaque");
184
185 __ASSERT((tmp & (CAP_INPLACE_OPS | CAP_SEPARATE_IO_BUFS)) != 0,
186 "Driver should support at least one IO buf type: Inplace/separate");
187
188 __ASSERT((tmp & (CAP_SYNC_OPS | CAP_ASYNC_OPS)) != 0,
189 "Driver should support at least one op-type: sync/async");
190 return tmp;
191
192}
193
197
204
224static inline int cipher_begin_session(const struct device *dev,
225 struct cipher_ctx *ctx,
226 enum cipher_algo algo,
227 enum cipher_mode mode,
228 enum cipher_op optype)
229{
230 const struct crypto_driver_api *api = DEVICE_API_GET(crypto, dev);
231 uint32_t flags;
232
233 ctx->device = dev;
234 ctx->ops.cipher_mode = mode;
235
236 flags = (ctx->flags & (CAP_OPAQUE_KEY_HNDL | CAP_RAW_KEY));
237 __ASSERT(flags != 0U, "Keytype missing: RAW Key or OPAQUE handle");
238 __ASSERT(flags != (CAP_OPAQUE_KEY_HNDL | CAP_RAW_KEY),
239 "conflicting options for keytype");
240
241 flags = (ctx->flags & (CAP_INPLACE_OPS | CAP_SEPARATE_IO_BUFS));
242 __ASSERT(flags != 0U, "IO buffer type missing");
243 __ASSERT(flags != (CAP_INPLACE_OPS | CAP_SEPARATE_IO_BUFS),
244 "conflicting options for IO buffer type");
245
246 flags = (ctx->flags & (CAP_SYNC_OPS | CAP_ASYNC_OPS));
247 __ASSERT(flags != 0U, "sync/async type missing");
248 __ASSERT(flags != (CAP_SYNC_OPS | CAP_ASYNC_OPS),
249 "conflicting options for sync/async");
250
251 return api->cipher_begin_session(dev, ctx, algo, mode, optype);
252}
253
265static inline int cipher_free_session(const struct device *dev,
266 struct cipher_ctx *ctx)
267{
268 return DEVICE_API_GET(crypto, dev)->cipher_free_session(dev, ctx);
269}
270
285static inline int cipher_callback_set(const struct device *dev,
286 cipher_completion_cb cb)
287{
288 const struct crypto_driver_api *api = DEVICE_API_GET(crypto, dev);
289
290 if (api->cipher_async_callback_set) {
291 return api->cipher_async_callback_set(dev, cb);
292 }
293
294 return -ENOTSUP;
295}
296
306static inline int cipher_block_op(struct cipher_ctx *ctx,
307 struct cipher_pkt *pkt)
308{
309 __ASSERT(ctx->ops.cipher_mode == CRYPTO_CIPHER_MODE_ECB, "ECB mode "
310 "session invoking a different mode handler");
311
312 pkt->ctx = ctx;
313 return ctx->ops.block_crypt_hndlr(ctx, pkt);
314}
315
327static inline int cipher_cbc_op(struct cipher_ctx *ctx,
328 struct cipher_pkt *pkt, uint8_t *iv)
329{
330 __ASSERT(ctx->ops.cipher_mode == CRYPTO_CIPHER_MODE_CBC, "CBC mode "
331 "session invoking a different mode handler");
332
333 pkt->ctx = ctx;
334 return ctx->ops.cbc_crypt_hndlr(ctx, pkt, iv);
335}
336
354static inline int cipher_ctr_op(struct cipher_ctx *ctx,
355 struct cipher_pkt *pkt, uint8_t *iv)
356{
357 __ASSERT(ctx->ops.cipher_mode == CRYPTO_CIPHER_MODE_CTR, "CTR mode "
358 "session invoking a different mode handler");
359
360 pkt->ctx = ctx;
361 return ctx->ops.ctr_crypt_hndlr(ctx, pkt, iv);
362}
363
376static inline int cipher_ccm_op(struct cipher_ctx *ctx,
377 struct cipher_aead_pkt *pkt, uint8_t *nonce)
378{
379 __ASSERT(ctx->ops.cipher_mode == CRYPTO_CIPHER_MODE_CCM, "CCM mode "
380 "session invoking a different mode handler");
381
382 pkt->pkt->ctx = ctx;
383 return ctx->ops.ccm_crypt_hndlr(ctx, pkt, nonce);
384}
385
398static inline int cipher_gcm_op(struct cipher_ctx *ctx,
399 struct cipher_aead_pkt *pkt, uint8_t *nonce)
400{
401 __ASSERT(ctx->ops.cipher_mode == CRYPTO_CIPHER_MODE_GCM, "GCM mode "
402 "session invoking a different mode handler");
403
404 pkt->pkt->ctx = ctx;
405 return ctx->ops.gcm_crypt_hndlr(ctx, pkt, nonce);
406}
407
408
412
419
420
438static inline int hash_begin_session(const struct device *dev,
439 struct hash_ctx *ctx,
440 enum hash_algo algo)
441{
442 const struct crypto_driver_api *api = DEVICE_API_GET(crypto, dev);
443 uint32_t flags;
444
445 ctx->device = dev;
446
447 flags = (ctx->flags & (CAP_INPLACE_OPS | CAP_SEPARATE_IO_BUFS));
448 __ASSERT(flags != 0U, "IO buffer type missing");
449 __ASSERT(flags != (CAP_INPLACE_OPS | CAP_SEPARATE_IO_BUFS),
450 "conflicting options for IO buffer type");
451
452 flags = (ctx->flags & (CAP_SYNC_OPS | CAP_ASYNC_OPS));
453 __ASSERT(flags != 0U, "sync/async type missing");
454 __ASSERT(flags != (CAP_SYNC_OPS | CAP_ASYNC_OPS),
455 "conflicting options for sync/async");
456
457
458 return api->hash_begin_session(dev, ctx, algo);
459}
460
472static inline int hash_free_session(const struct device *dev,
473 struct hash_ctx *ctx)
474{
475 return DEVICE_API_GET(crypto, dev)->hash_free_session(dev, ctx);
476}
477
492static inline int hash_callback_set(const struct device *dev,
493 hash_completion_cb cb)
494{
495 const struct crypto_driver_api *api = DEVICE_API_GET(crypto, dev);
496
497 if (api->hash_async_callback_set) {
498 return api->hash_async_callback_set(dev, cb);
499 }
500
501 return -ENOTSUP;
502}
503
512static inline int hash_compute(struct hash_ctx *ctx, struct hash_pkt *pkt)
513{
514 pkt->ctx = ctx;
515
516 return ctx->hash_hndlr(ctx, pkt, true);
517}
518
531static inline int hash_update(struct hash_ctx *ctx, struct hash_pkt *pkt)
532{
533 pkt->ctx = ctx;
534
535 return ctx->hash_hndlr(ctx, pkt, false);
536}
537
541
542#endif /* ZEPHYR_INCLUDE_CRYPTO_H_ */
__assert.h
cipher.h
Crypto Cipher structure definitions.
DEVICE_API_GET
#define DEVICE_API_GET(_class, _dev)
Expands to the pointer of a device's API for a given class.
Definition device.h:1425
errno.h
System error numbers.
crypto_api_cipher_begin_session
int(* crypto_api_cipher_begin_session)(const struct device *dev, struct cipher_ctx *ctx, enum cipher_algo algo, enum cipher_mode mode, enum cipher_op op_type)
Setup a crypto cipher session.
Definition crypto.h:91
crypto_api_hash_free_session
int(* crypto_api_hash_free_session)(const struct device *dev, struct hash_ctx *ctx)
Cleanup a crypto hash session.
Definition crypto.h:119
crypto_api_hash_async_callback_set
int(* crypto_api_hash_async_callback_set)(const struct device *dev, hash_completion_cb cb)
Register an asynchronous crypto hash callback.
Definition crypto.h:125
crypto_api_cipher_free_session
int(* crypto_api_cipher_free_session)(const struct device *dev, struct cipher_ctx *ctx)
Cleanup a crypto cipher session.
Definition crypto.h:99
crypto_api_query_hw_caps
int(* crypto_api_query_hw_caps)(const struct device *dev)
Query crypto hardware capabilities.
Definition crypto.h:85
crypto_api_cipher_async_callback_set
int(* crypto_api_cipher_async_callback_set)(const struct device *dev, cipher_completion_cb cb)
Register an asynchronous crypto cipher callback.
Definition crypto.h:105
crypto_api_hash_begin_session
int(* crypto_api_hash_begin_session)(const struct device *dev, struct hash_ctx *ctx, enum hash_algo algo)
Setup a crypto hash session.
Definition crypto.h:112
cipher_block_op
static int cipher_block_op(struct cipher_ctx *ctx, struct cipher_pkt *pkt)
Perform single-block crypto operation (ECB cipher mode).
Definition crypto.h:306
cipher_completion_cb
void(* cipher_completion_cb)(struct cipher_pkt *completed, int status)
Handle completion of an asynchronous cipher request.
Definition cipher.h:347
cipher_begin_session
static int cipher_begin_session(const struct device *dev, struct cipher_ctx *ctx, enum cipher_algo algo, enum cipher_mode mode, enum cipher_op optype)
Setup a crypto session.
Definition crypto.h:224
cipher_op
cipher_op
Cipher operation types.
Definition cipher.h:34
cipher_cbc_op
static int cipher_cbc_op(struct cipher_ctx *ctx, struct cipher_pkt *pkt, uint8_t *iv)
Perform Cipher Block Chaining (CBC) crypto operation.
Definition crypto.h:327
cipher_gcm_op
static int cipher_gcm_op(struct cipher_ctx *ctx, struct cipher_aead_pkt *pkt, uint8_t *nonce)
Perform Galois/Counter Mode (GCM) crypto operation.
Definition crypto.h:398
cipher_ccm_op
static int cipher_ccm_op(struct cipher_ctx *ctx, struct cipher_aead_pkt *pkt, uint8_t *nonce)
Perform Counter with CBC-MAC (CCM) mode crypto operation.
Definition crypto.h:376
cipher_algo
cipher_algo
Cipher algorithms.
Definition cipher.h:29
cipher_free_session
static int cipher_free_session(const struct device *dev, struct cipher_ctx *ctx)
Cleanup a crypto session.
Definition crypto.h:265
cipher_callback_set
static int cipher_callback_set(const struct device *dev, cipher_completion_cb cb)
Registers an async crypto op completion callback with the driver.
Definition crypto.h:285
cipher_mode
cipher_mode
Possible cipher mode options.
Definition cipher.h:44
cipher_ctr_op
static int cipher_ctr_op(struct cipher_ctx *ctx, struct cipher_pkt *pkt, uint8_t *iv)
Perform Counter (CTR) mode crypto operation.
Definition crypto.h:354
CRYPTO_CIPHER_MODE_GCM
@ CRYPTO_CIPHER_MODE_GCM
Galois/Counter mode.
Definition cipher.h:49
CRYPTO_CIPHER_MODE_ECB
@ CRYPTO_CIPHER_MODE_ECB
Electronic Codebook mode.
Definition cipher.h:45
CRYPTO_CIPHER_MODE_CCM
@ CRYPTO_CIPHER_MODE_CCM
Counter with CBC-MAC mode.
Definition cipher.h:48
CRYPTO_CIPHER_MODE_CTR
@ CRYPTO_CIPHER_MODE_CTR
Counter mode.
Definition cipher.h:47
CRYPTO_CIPHER_MODE_CBC
@ CRYPTO_CIPHER_MODE_CBC
Cipher Block Chaining mode.
Definition cipher.h:46
hash_completion_cb
void(* hash_completion_cb)(struct hash_pkt *completed, int status)
Handle completion of an asynchronous hash request.
Definition hash.h:148
hash_compute
static int hash_compute(struct hash_ctx *ctx, struct hash_pkt *pkt)
Perform a cryptographic hash function.
Definition crypto.h:512
hash_begin_session
static int hash_begin_session(const struct device *dev, struct hash_ctx *ctx, enum hash_algo algo)
Setup a hash session.
Definition crypto.h:438
hash_callback_set
static int hash_callback_set(const struct device *dev, hash_completion_cb cb)
Registers an async hash completion callback with the driver.
Definition crypto.h:492
hash_algo
hash_algo
Hash algorithms.
Definition hash.h:25
hash_free_session
static int hash_free_session(const struct device *dev, struct hash_ctx *ctx)
Cleanup a hash session.
Definition crypto.h:472
hash_update
static int hash_update(struct hash_ctx *ctx, struct hash_pkt *pkt)
Perform a cryptographic multipart hash operation.
Definition crypto.h:531
CAP_SYNC_OPS
#define CAP_SYNC_OPS
Synchronous operations are supported.
Definition crypto.h:61
CAP_INPLACE_OPS
#define CAP_INPLACE_OPS
In-place operations are supported.
Definition crypto.h:55
CAP_ASYNC_OPS
#define CAP_ASYNC_OPS
Asynchronous operations with completion notifications are supported.
Definition crypto.h:64
CAP_OPAQUE_KEY_HNDL
#define CAP_OPAQUE_KEY_HNDL
Key material is referenced through an opaque driver-specific handle.
Definition crypto.h:46
CAP_SEPARATE_IO_BUFS
#define CAP_SEPARATE_IO_BUFS
Separate input and output buffers are supported.
Definition crypto.h:58
CAP_RAW_KEY
#define CAP_RAW_KEY
Key material is supplied as raw key bytes.
Definition crypto.h:49
crypto_query_hwcaps
static int crypto_query_hwcaps(const struct device *dev)
Query the crypto hardware capabilities.
Definition crypto.h:175
ENOTSUP
#define ENOTSUP
Unsupported value.
Definition errno.h:114
hash.h
Crypto Hash APIs.
flags
flags
Definition parser.h:97
uint32_t
__UINT32_TYPE__ uint32_t
Definition stdint.h:90
uint8_t
__UINT8_TYPE__ uint8_t
Definition stdint.h:88
cipher_aead_pkt
Structure encoding IO parameters in AEAD (Authenticated Encryption with Associated Data) scenario lik...
Definition cipher.h:309
cipher_aead_pkt::pkt
struct cipher_pkt * pkt
Packet containing input and output buffers.
Definition cipher.h:314
cipher_ctx
Structure encoding session parameters.
Definition cipher.h:185
cipher_ctx::device
const struct device * device
The device driver instance this crypto context relates to.
Definition cipher.h:213
cipher_ctx::flags
uint16_t flags
How certain fields are to be interpreted for this session.
Definition cipher.h:254
cipher_ctx::ops
struct cipher_ops ops
Place for driver to return function pointers to be invoked per cipher operation.
Definition cipher.h:191
cipher_ops::block_crypt_hndlr
block_op_t block_crypt_hndlr
Handler for ECB block operations.
Definition cipher.h:140
cipher_ops::gcm_crypt_hndlr
gcm_op_t gcm_crypt_hndlr
Handler for GCM authenticated operations.
Definition cipher.h:148
cipher_ops::cipher_mode
enum cipher_mode cipher_mode
Cipher mode associated with the active handler.
Definition cipher.h:135
cipher_ops::cbc_crypt_hndlr
cbc_op_t cbc_crypt_hndlr
Handler for CBC operations.
Definition cipher.h:142
cipher_ops::ctr_crypt_hndlr
ctr_op_t ctr_crypt_hndlr
Handler for CTR operations.
Definition cipher.h:144
cipher_ops::ccm_crypt_hndlr
ccm_op_t ccm_crypt_hndlr
Handler for CCM authenticated operations.
Definition cipher.h:146
cipher_pkt
Structure encoding IO parameters of one cryptographic operation like encrypt/decrypt.
Definition cipher.h:265
cipher_pkt::ctx
struct cipher_ctx * ctx
Context this packet relates to.
Definition cipher.h:300
crypto_driver_api
<span class="mlabel">Driver Operations</span> Crypto driver operations
Definition crypto.h:130
crypto_driver_api::cipher_begin_session
crypto_api_cipher_begin_session cipher_begin_session
<span class="op-badge op-req" title="This operation MUST be implemented by the driver....
Definition crypto.h:135
crypto_driver_api::hash_free_session
crypto_api_hash_free_session hash_free_session
<span class="op-badge op-req" title="This operation MUST be implemented by the driver....
Definition crypto.h:147
crypto_driver_api::hash_async_callback_set
crypto_api_hash_async_callback_set hash_async_callback_set
<span class="op-badge op-opt" title="This operation MAY optionally be implemented by the driver....
Definition crypto.h:150
crypto_driver_api::cipher_free_session
crypto_api_cipher_free_session cipher_free_session
<span class="op-badge op-req" title="This operation MUST be implemented by the driver....
Definition crypto.h:138
crypto_driver_api::query_hw_caps
crypto_api_query_hw_caps query_hw_caps
<span class="op-badge op-req" title="This operation MUST be implemented by the driver....
Definition crypto.h:132
crypto_driver_api::hash_begin_session
crypto_api_hash_begin_session hash_begin_session
<span class="op-badge op-req" title="This operation MUST be implemented by the driver....
Definition crypto.h:144
crypto_driver_api::cipher_async_callback_set
crypto_api_cipher_async_callback_set cipher_async_callback_set
<span class="op-badge op-opt" title="This operation MAY optionally be implemented by the driver....
Definition crypto.h:141
device
Runtime device structure (in ROM) per driver instance.
Definition device.h:513
hash_ctx
Structure encoding session parameters.
Definition hash.h:57
hash_ctx::hash_hndlr
hash_op_t hash_hndlr
Hash operation handler selected for this session.
Definition hash.h:82
hash_ctx::flags
uint16_t flags
Flags describing how certain fields are interpreted for this session.
Definition hash.h:99
hash_ctx::device
const struct device * device
Device driver instance this crypto context relates to.
Definition hash.h:63
hash_pkt
Structure encoding IO parameters of a hash operation.
Definition hash.h:109
hash_pkt::ctx
struct hash_ctx * ctx
Context this packet relates to.
Definition hash.h:135
util.h
Misc utilities.