cipher_structs.h

Go to the documentation of this file.

/*
 * Copyright (c) 2016 Intel Corporation.
 *
 * SPDX-License-Identifier: Apache-2.0
 */
 
#ifndef ZEPHYR_INCLUDE_CRYPTO_CIPHER_STRUCTS_H_
#define ZEPHYR_INCLUDE_CRYPTO_CIPHER_STRUCTS_H_
 
#include <device.h>
#include <sys/util.h>
enum cipher_algo {
        CRYPTO_CIPHER_ALGO_AES = 1,
};
 
enum cipher_op {
        CRYPTO_CIPHER_OP_DECRYPT = 0,
        CRYPTO_CIPHER_OP_ENCRYPT = 1,
};
 
enum cipher_mode {
        CRYPTO_CIPHER_MODE_ECB = 1,
        CRYPTO_CIPHER_MODE_CBC = 2,
        CRYPTO_CIPHER_MODE_CTR = 3,
        CRYPTO_CIPHER_MODE_CCM = 4,
        CRYPTO_CIPHER_MODE_GCM = 5,
};
 
/* Forward declarations */
struct cipher_aead_pkt;
struct cipher_ctx;
struct cipher_pkt;
 
typedef int (*block_op_t)(struct cipher_ctx *ctx, struct cipher_pkt *pkt);
 
/* Function signatures for encryption/ decryption using standard cipher modes
 * like  CBC, CTR, CCM.
 */
typedef int (*cbc_op_t)(struct cipher_ctx *ctx, struct cipher_pkt *pkt,
                        uint8_t *iv);
 
typedef int (*ctr_op_t)(struct cipher_ctx *ctx, struct cipher_pkt *pkt,
                        uint8_t *ctr);
 
typedef int (*ccm_op_t)(struct cipher_ctx *ctx, struct cipher_aead_pkt *pkt,
                         uint8_t *nonce);
 
typedef int (*gcm_op_t)(struct cipher_ctx *ctx, struct cipher_aead_pkt *pkt,
                         uint8_t *nonce);
 
struct cipher_ops {
 
        enum cipher_mode cipher_mode;
 
        union {
                block_op_t      block_crypt_hndlr;
                cbc_op_t        cbc_crypt_hndlr;
                ctr_op_t        ctr_crypt_hndlr;
                ccm_op_t        ccm_crypt_hndlr;
                gcm_op_t        gcm_crypt_hndlr;
        };
};
 
struct ccm_params {
        uint16_t tag_len;
        uint16_t nonce_len;
};
 
struct ctr_params {
        /* CTR mode counter is a split counter composed of iv and counter
         * such that ivlen + ctr_len = keylen
         */
        uint32_t ctr_len;
};
 
struct gcm_params {
        uint16_t tag_len;
        uint16_t nonce_len;
};
 
struct cipher_ctx {
 
        struct cipher_ops ops;
 
        union {
                /* Cryptographic key to be used in this session */
                uint8_t *bit_stream;
                /* For cases where  key is protected and is not
                 * available to caller
                 */
                void *handle;
        } key;
 
        const struct device *device;
 
        void *drv_sessn_state;
 
        void *app_sessn_state;
 
        union {
                struct ccm_params ccm_info;
                struct ctr_params ctr_info;
                struct gcm_params gcm_info;
        } mode_params;
 
        uint16_t  keylen;
 
        uint16_t flags;
};
 
/* cipher_ctx.flags values. Not all drivers support all flags.
 * A user app can query the supported hw / driver
 * capabilities via provided API (cipher_query_hwcaps()), and choose a
 * supported config during the session setup.
 */
#define CAP_OPAQUE_KEY_HNDL             BIT(0)
#define CAP_RAW_KEY                     BIT(1)
 
/* TBD to define */
#define CAP_KEY_LOADING_API             BIT(2)
 
#define CAP_INPLACE_OPS                 BIT(3)
#define CAP_SEPARATE_IO_BUFS            BIT(4)
 
#define CAP_SYNC_OPS                    BIT(5)
#define CAP_ASYNC_OPS                   BIT(6)
 
#define CAP_AUTONONCE                   BIT(7)
 
#define CAP_NO_IV_PREFIX                BIT(8)
 
/* More flags to be added as necessary */
 
 
struct cipher_pkt {
 
        uint8_t *in_buf;
 
        int  in_len;
 
        uint8_t *out_buf;
 
        int out_buf_max;
 
        int out_len;
 
        struct cipher_ctx *ctx;
};
 
struct cipher_aead_pkt {
        /* IO buffers for encryption. This has to be supplied by the app. */
        struct cipher_pkt *pkt;
 
        uint8_t *ad;
 
        uint32_t ad_len;
 
        uint8_t *tag;
};
 
/* Prototype for the application function to be invoked by the crypto driver
 * on completion of an async request. The app may get the session context
 * via the pkt->ctx field. For CCM ops the encompassing AEAD packet may be
 * accessed via container_of(). The type of a packet can be determined via
 * pkt->ctx.ops.mode .
 */
typedef void (*crypto_completion_cb)(struct cipher_pkt *completed, int status);
 
#endif /* ZEPHYR_INCLUDE_CRYPTO_CIPHER_STRUCTS_H_ */