pal_crypto.h 4.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121
  1. /* Copyright (C) 2014 Stony Brook University
  2. This file is part of Graphene Library OS.
  3. Graphene Library OS is free software: you can redistribute it and/or
  4. modify it under the terms of the GNU Lesser General Public License
  5. as published by the Free Software Foundation, either version 3 of the
  6. License, or (at your option) any later version.
  7. Graphene Library OS is distributed in the hope that it will be useful,
  8. but WITHOUT ANY WARRANTY; without even the implied warranty of
  9. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  10. GNU Lesser General Public License for more details.
  11. You should have received a copy of the GNU Lesser General Public License
  12. along with this program. If not, see <http://www.gnu.org/licenses/>. */
  13. /*
  14. * Cryptographic primitive abstractions. This layer provides a way to
  15. * change the crypto library without changing the rest of Graphene code
  16. * by providing a small crypto library adaptor implementing these methods.
  17. */
  18. #ifndef PAL_CRYPTO_H
  19. #define PAL_CRYPTO_H
  20. #define SHA256_DIGEST_LEN 32
  21. #define AES_CMAC_KEY_LEN 16
  22. #define AES_CMAC_DIGEST_LEN 32
  23. #ifdef CRYPTO_USE_WOLFSSL
  24. #define CRYPTO_PROVIDER_SPECIFIED
  25. #include "crypto/wolfssl/cmac.h"
  26. #include "crypto/wolfssl/aes.h"
  27. #include "crypto/wolfssl/sha256.h"
  28. #include "crypto/wolfssl/dh.h"
  29. #include "crypto/wolfssl/rsa.h"
  30. typedef SHA256 LIB_SHA256_CONTEXT;
  31. #define DH_SIZE 128
  32. typedef struct {
  33. uint8_t priv[DH_SIZE];
  34. uint32_t priv_size;
  35. DhKey key;
  36. } LIB_DH_CONTEXT __attribute__((aligned(DH_SIZE)));
  37. typedef struct RSAKey LIB_RSA_KEY;
  38. #endif /* CRYPTO_USE_WOLFSSL */
  39. #ifdef CRYPTO_USE_MBEDTLS
  40. #define CRYPTO_PROVIDER_SPECIFIED
  41. #include "crypto/mbedtls/mbedtls/cmac.h"
  42. typedef struct AES LIB_AES_CONTEXT;
  43. #include "crypto/mbedtls/mbedtls/dhm.h"
  44. #include "crypto/mbedtls/mbedtls/rsa.h"
  45. #include "crypto/mbedtls/mbedtls/sha256.h"
  46. typedef mbedtls_sha256_context LIB_SHA256_CONTEXT;
  47. /* DH_SIZE is tied to the choice of parameters in mbedtls_dh.c. */
  48. #define DH_SIZE 256
  49. #include "crypto/mbedtls/mbedtls/dhm.h"
  50. typedef mbedtls_dhm_context LIB_DH_CONTEXT;
  51. typedef mbedtls_rsa_context LIB_RSA_KEY;
  52. #endif /* CRYPTO_USE_MBEDTLS */
  53. #ifndef CRYPTO_PROVIDER_SPECIFIED
  54. # error "Unknown crypto provider. Set CRYPTO_PROVIDER in Makefile"
  55. #endif
  56. /* SHA256 */
  57. int lib_SHA256Init(LIB_SHA256_CONTEXT *context);
  58. int lib_SHA256Update(LIB_SHA256_CONTEXT *context, const uint8_t *data,
  59. uint64_t len);
  60. int lib_SHA256Final(LIB_SHA256_CONTEXT *context, uint8_t *output);
  61. /* Diffie-Hellman Key Exchange */
  62. int lib_DhInit(LIB_DH_CONTEXT *context);
  63. int lib_DhCreatePublic(LIB_DH_CONTEXT *context, uint8_t *public,
  64. uint64_t *public_size);
  65. int lib_DhCalcSecret(LIB_DH_CONTEXT *context, uint8_t *peer, uint64_t peer_size,
  66. uint8_t *secret, uint64_t *secret_size);
  67. void lib_DhFinal(LIB_DH_CONTEXT *context);
  68. /* AES-CMAC */
  69. int lib_AESCMAC(const uint8_t *key, uint64_t key_len, const uint8_t *input,
  70. uint64_t input_len, uint8_t *mac, uint64_t mac_len);
  71. /* RSA. Limited functionality. */
  72. // Initializes the key structure
  73. int lib_RSAInitKey(LIB_RSA_KEY *key);
  74. // Must call lib_RSAInitKey first
  75. int lib_RSAGenerateKey(LIB_RSA_KEY *key, uint64_t length_in_bits,
  76. uint64_t exponent);
  77. int lib_RSAExportPublicKey(LIB_RSA_KEY *key, uint8_t *e, uint64_t *e_size,
  78. uint8_t *n, uint64_t *n_size);
  79. int lib_RSAImportPublicKey(LIB_RSA_KEY *key, const uint8_t *e, uint64_t e_size,
  80. const uint8_t *n, uint64_t n_size);
  81. // Sign and verify signatures.
  82. // This function must implement RSA signature verification using PKCS#1 v1.5
  83. // padding, with SHA256 as the hash mechanism. These signatures are generated
  84. // by the Graphene filesystem build (so outside of a running Graphene
  85. // application), but are verified within the Graphene application.
  86. int lib_RSAVerifySHA256(LIB_RSA_KEY *key, const uint8_t *signature,
  87. uint64_t signature_len, uint8_t *signed_data_out,
  88. uint64_t signed_data_out_len);
  89. // Frees memory allocated in lib_RSAInitKey.
  90. int lib_RSAFreeKey(LIB_RSA_KEY *key);
  91. #endif