Home | History | Annotate | Download | only in tpm2
      1 /*
      2  * Copyright 2015 The Chromium OS Authors. All rights reserved.
      3  * Use of this source code is governed by a BSD-style license that can be
      4  * found in the LICENSE file.
      5  */
      6 
      7 #ifndef __SOURCE_CRYPTUTIL_FP_H
      8 #define __SOURCE_CRYPTUTIL_FP_H
      9 
     10 BOOL CryptAreKeySizesConsistent(
     11     TPMT_PUBLIC *publicArea  // IN: the public area to check
     12     );
     13 TPMI_YES_NO CryptCapGetECCCurve(
     14     TPM_ECC_CURVE curveID,     // IN: the starting ECC curve
     15     UINT32 maxCount,           // IN: count of returned curve
     16     TPML_ECC_CURVE *curveList  // OUT: ECC curve list
     17     );
     18 UINT32 CryptCapGetEccCurveNumber(void);
     19 UINT16 CryptCommit(void);
     20 LIB_EXPORT int CryptCompare(const UINT32 aSize,  //   IN:   size of a
     21                             const BYTE *a,       //   IN:   a buffer
     22                             const UINT32 bSize,  //   IN:   size of b
     23                             const BYTE *b        //   IN:   b buffer
     24                             );
     25 TPM_RC CryptCommitCompute(
     26     TPMS_ECC_POINT *K,       //   OUT: [d]B
     27     TPMS_ECC_POINT *L,       //   OUT: [r]B
     28     TPMS_ECC_POINT *E,       //   OUT: [r]M
     29     TPM_ECC_CURVE curveID,   //   IN: The curve for the computation
     30     TPMS_ECC_POINT *M,       //   IN: M (P1)
     31     TPMS_ECC_POINT *B,       //   IN: B (x2, y2)
     32     TPM2B_ECC_PARAMETER *d,  //   IN: the private scalar
     33     TPM2B_ECC_PARAMETER *r   //   IN: the computed r value
     34     );
     35 int CryptCompareSigned(UINT32 aSize,  //   IN:   size of a
     36                        BYTE *a,       //   IN:   a buffer
     37                        UINT32 bSize,  //   IN:   size of b
     38                        BYTE *b        //   IN:   b buffer
     39                        );
     40 void CryptComputeSymmetricUnique(
     41     TPMI_ALG_HASH nameAlg,      // IN: object name algorithm
     42     TPMT_SENSITIVE *sensitive,  // IN: sensitive area
     43     TPM2B_DIGEST *unique        // OUT: unique buffer
     44     );
     45 LIB_EXPORT UINT16
     46 CryptCompleteHMAC2B(HMAC_STATE *hmacState,  // IN: the state of HMAC stack
     47                     TPM2B *digest           // OUT: HMAC
     48                     );
     49 LIB_EXPORT UINT16
     50 CryptCompleteHash(void *state,        // IN: the state of hash stack
     51                   UINT16 digestSize,  // IN: size of digest buffer
     52                   BYTE *digest        // OUT: hash digest
     53                   );
     54 UINT16 CryptCompleteHash2B(
     55     void *state,   // IN: the state of hash stack
     56     TPM2B *digest  // IN: the size of the buffer Out: requested number of byte
     57     );
     58 TPM_RC CryptCreateObject(
     59     TPM_HANDLE parentHandle,  //   IN/OUT: indication of the seed source
     60     TPMT_PUBLIC *publicArea,  //   IN/OUT: public area
     61     TPMS_SENSITIVE_CREATE *sensitiveCreate,  //   IN: sensitive creation
     62     TPMT_SENSITIVE *sensitive                //   OUT: sensitive area
     63     );
     64 void CryptDrbgGetPutState(GET_PUT direction  // IN: Get from or put to DRBG
     65                           );
     66 TPM_RC CryptDecryptRSA(
     67     UINT16 *dataOutSize,       // OUT: size of plain text in byte
     68     BYTE *dataOut,             //   OUT: plain text
     69     OBJECT *rsaKey,            //   IN: internal RSA key
     70     TPMT_RSA_DECRYPT *scheme,  //   IN: selects the padding scheme
     71     UINT16 cipherInSize,       //   IN: size of cipher text in byte
     72     BYTE *cipherIn,            //   IN: cipher text
     73     const char *label          //   IN: a label, when needed
     74     );
     75 TPM_RC CryptDivide(
     76     TPM2B *numerator,    //   IN: numerator
     77     TPM2B *denominator,  //   IN: denominator
     78     TPM2B *quotient,     //   OUT: quotient = numerator / denominator.
     79     TPM2B *remainder     //   OUT: numerator mod denominator.
     80     );
     81 void CryptDrbgGetPutState(GET_PUT direction  // IN: Get from or put to DRBG
     82                           );
     83 //
     84 //
     85 //      10.2.6.3    CryptEccGetKeySizeBytes()
     86 //
     87 //  This macro returns the size of the ECC key in bytes. It uses
     88 //  CryptEccGetKeySizeInBits().
     89 //
     90 #define CryptEccGetKeySizeInBytes(curve) \
     91   ((CryptEccGetKeySizeInBits(curve) + 7) / 8)
     92 
     93 TPM_RC CryptEcc2PhaseKeyExchange(
     94     TPMS_ECC_POINT *outZ1,     //   OUT: the computed point
     95     TPMS_ECC_POINT *outZ2,     //   OUT: optional second point
     96     TPM_ALG_ID scheme,         //   IN: the key exchange scheme
     97     TPM_ECC_CURVE curveId,     //   IN: the curve for the computation
     98     TPM2B_ECC_PARAMETER *dsA,  //   IN: static private TPM key
     99     TPM2B_ECC_PARAMETER *deA,  //   IN: ephemeral private TPM key
    100     TPMS_ECC_POINT *QsB,       //   IN: static public party B key
    101     TPMS_ECC_POINT *QeB        //   IN: ephemeral public party B key
    102     );
    103 TPM_RC CryptEncryptRSA(
    104     UINT16 *cipherOutSize,     //   OUT: size of cipher text in byte
    105     BYTE *cipherOut,           //   OUT: cipher text
    106     OBJECT *rsaKey,            //   IN: internal RSA key
    107     TPMT_RSA_DECRYPT *scheme,  //   IN: selects the padding scheme
    108     UINT16 dataInSize,         //   IN: size of plain text in byte
    109     BYTE *dataIn,              //   IN: plain text
    110     const char *label          //   IN: an optional label
    111     );
    112 TPM_ALG_ID CryptGetContextAlg(void *state  // IN: the context to check
    113                               );
    114 LIB_EXPORT TPM_ALG_ID CryptGetHashAlgByIndex(UINT32 index  // IN: the index
    115                                              );
    116 LIB_EXPORT UINT16
    117 CryptGetHashDigestSize(TPM_ALG_ID hashAlg  // IN: hash algorithm
    118                        );
    119 LIB_EXPORT const TPM2B *CryptEccGetParameter(
    120     char p,                // IN: the parameter selector
    121     TPM_ECC_CURVE curveId  // IN: the curve id
    122     );
    123 BOOL CryptEccGetParameters(
    124     TPM_ECC_CURVE curveId,                 // IN: ECC curve ID
    125     TPMS_ALGORITHM_DETAIL_ECC *parameters  // OUT: ECC parameter
    126     );
    127 TPM_RC CryptEccPointMultiply(TPMS_ECC_POINT *pOut,      //   OUT: output point
    128                              TPM_ECC_CURVE curveId,     //   IN: curve selector
    129                              TPM2B_ECC_PARAMETER *dIn,  //   IN: public scalar
    130                              TPMS_ECC_POINT *pIn        //   IN: optional point
    131                              );
    132 BOOL CryptEccIsPointOnCurve(TPM_ECC_CURVE curveID,  // IN: ECC curve ID
    133                             TPMS_ECC_POINT *Q       // IN: ECC point
    134                             );
    135 void CryptEndCommit(UINT16 c  // IN: the counter value of the commitment
    136                     );
    137 BOOL CryptGenerateR(
    138     TPM2B_ECC_PARAMETER *r,  //   OUT: the generated random value
    139     UINT16 *c,               //   IN/OUT: count value.
    140     TPMI_ECC_CURVE curveID,  //   IN: the curve for the value
    141     TPM2B_NAME *name  //   IN: optional name of a key to associate with 'r'
    142     );
    143 UINT16 CryptGenerateRandom(UINT16 randomSize,  // IN: size of random number
    144                            BYTE *buffer        // OUT: buffer of random number
    145                            );
    146 void CryptGenerateNewSymmetric(
    147     TPMS_SENSITIVE_CREATE *sensitiveCreate,  //   IN: sensitive creation data
    148     TPMT_SENSITIVE *sensitive,               //   OUT: sensitive area
    149     TPM_ALG_ID hashAlg,                      //   IN: hash algorithm for the KDF
    150     TPM2B_SEED *seed,                        //   IN: seed used in creation
    151     TPM2B_NAME *name                         //   IN: name of the object
    152     );
    153 const TPMT_ECC_SCHEME *CryptGetCurveSignScheme(
    154     TPM_ECC_CURVE curveId  // IN: The curve selector
    155     );
    156 LIB_EXPORT UINT16
    157 CryptGetHashDigestSize(TPM_ALG_ID hashAlg  // IN: hash algorithm
    158                        );
    159 TPMI_ALG_HASH CryptGetSignHashAlg(TPMT_SIGNATURE *auth  // IN: signature
    160                                   );
    161 INT16 CryptGetSymmetricBlockSize(
    162     TPMI_ALG_SYM algorithm,  // IN: symmetric algorithm
    163     UINT16 keySize           // IN: key size in bit
    164     );
    165 TPM_RC CryptGetTestResult(TPM2B_MAX_BUFFER *outData  // OUT: test result data
    166                           );
    167 LIB_EXPORT UINT16
    168 CryptHashBlock(TPM_ALG_ID algId,  //   IN: the hash algorithm to use
    169                UINT16 blockSize,  //   IN: size of the data block
    170                BYTE *block,       //   IN: address of the block to hash
    171                UINT16 retSize,    //   IN: size of the return buffer
    172                BYTE *ret          //   OUT: address of the buffer
    173                );
    174 //
    175 //
    176 //
    177 //      10.2.4.23 CryptKDFa()
    178 //
    179 // This function generates a key using the KDFa() formulation in Part 1 of the
    180 // TPM specification. In this implementation, this is a macro invocation of
    181 // _cpri__KDFa() in the hash module of the CryptoEngine(). This macro sets
    182 // once to FALSE so that KDFa() will iterate as many times as necessary to
    183 // generate sizeInBits number of bits.
    184 //
    185 #define CryptKDFa(hashAlg, key, label, contextU, contextV, sizeInBits,        \
    186                   keyStream, counterInOut)                                    \
    187   TEST_HASH(hashAlg);                                                         \
    188   _cpri__KDFa(((TPM_ALG_ID)hashAlg), ((TPM2B *)key), ((const char *)label),   \
    189               ((TPM2B *)contextU), ((TPM2B *)contextV), ((UINT32)sizeInBits), \
    190               ((BYTE *)keyStream), ((UINT32 *)counterInOut), ((BOOL)FALSE))
    191 
    192 //
    193 //
    194 //      10.2.4.24 CryptKDFaOnce()
    195 //
    196 // This function generates a key using the KDFa() formulation in Part 1 of the
    197 // TPM specification. In this implementation, this is a macro invocation of
    198 // _cpri__KDFa() in the hash module of the CryptoEngine(). This macro will
    199 // call _cpri__KDFa() with once TRUE so that only one iteration is performed,
    200 // regardless of sizeInBits.
    201 //
    202 #define CryptKDFaOnce(hashAlg, key, label, contextU, contextV, sizeInBits,    \
    203                       keyStream, counterInOut)                                \
    204   TEST_HASH(hashAlg);                                                         \
    205   _cpri__KDFa(((TPM_ALG_ID)hashAlg), ((TPM2B *)key), ((const char *)label),   \
    206               ((TPM2B *)contextU), ((TPM2B *)contextV), ((UINT32)sizeInBits), \
    207               ((BYTE *)keyStream), ((UINT32 *)counterInOut), ((BOOL)TRUE))
    208 
    209 //
    210 //
    211 //    10.2.4.26 CryptKDFe()
    212 //
    213 //  This function generates a key using the KDFa() formulation in Part 1 of
    214 //  the TPM specification. In this implementation, this is a macro invocation
    215 //  of _cpri__KDFe() in the hash module of the CryptoEngine().
    216 //
    217 #define CryptKDFe(hashAlg, Z, label, partyUInfo, partyVInfo, sizeInBits,  \
    218                   keyStream)                                              \
    219   TEST_HASH(hashAlg);                                                     \
    220   _cpri__KDFe(((TPM_ALG_ID)hashAlg), ((TPM2B *)Z), ((const char *)label), \
    221               ((TPM2B *)partyUInfo), ((TPM2B *)partyVInfo),               \
    222               ((UINT32)sizeInBits), ((BYTE *)keyStream))
    223 
    224 void CryptHashStateImportExport(
    225     HASH_STATE *internalFmt,  // IN: state to LIB_EXPORT
    226     HASH_STATE *externalFmt,  // OUT: exported state
    227     IMPORT_EXPORT direction);
    228 void CryptInitUnits(void);
    229 BOOL CryptIsAsymAlgorithm(TPM_ALG_ID algID  // IN: algorithm ID
    230                           );
    231 BOOL CryptIsDecryptScheme(TPMI_ALG_ASYM_SCHEME scheme);
    232 BOOL CryptIsSchemeAnonymous(
    233     TPM_ALG_ID scheme  // IN: the scheme algorithm to test
    234     );
    235 BOOL CryptIsSignScheme(TPMI_ALG_ASYM_SCHEME scheme);
    236 BOOL CryptIsSplitSign(TPM_ALG_ID scheme  // IN: the algorithm selector
    237                       );
    238 TPM_RC CryptNewEccKey(TPM_ECC_CURVE curveID,          // IN: ECC curve
    239                       TPMS_ECC_POINT *publicPoint,    // OUT: public point
    240                       TPM2B_ECC_PARAMETER *sensitive  // OUT: private area
    241                       );
    242 BOOL CryptObjectIsPublicConsistent(TPMT_PUBLIC *publicArea  // IN: public area
    243                                    );
    244 TPM_RC CryptObjectPublicPrivateMatch(OBJECT *object  // IN: the object to check
    245                                      );
    246 TPM_RC CryptParameterDecryption(
    247     TPM_HANDLE handle,   //   IN: encrypted session handle
    248     TPM2B *nonceCaller,  //   IN: nonce caller
    249     UINT32 bufferSize,   //   IN: size of parameter buffer
    250     UINT16
    251         leadingSizeInByte,  //   IN: the size of the leading size field in byte
    252     TPM2B_AUTH *extraKey,   //   IN: the authValue
    253     BYTE *buffer            //   IN/OUT: parameter buffer to be decrypted
    254     );
    255 void CryptParameterEncryption(
    256     TPM_HANDLE handle,         // IN: encrypt session handle
    257     TPM2B *nonceCaller,        // IN: nonce caller
    258     UINT16 leadingSizeInByte,  // IN: the size of the leading size field in byte
    259     TPM2B_AUTH *
    260         extraKey,  // IN: additional key material other than session auth
    261     BYTE *buffer   // IN/OUT: parameter buffer to be encrypted
    262     );
    263 TPM_RC CryptSecretDecrypt(
    264     TPM_HANDLE tpmKey,         // IN: decrypt key
    265     TPM2B_NONCE *nonceCaller,  // IN: nonceCaller. It is needed for symmetric
    266                                // decryption. For asymmetric decryption, this
    267                                // parameter is NULL
    268     const char *label,         // IN: a null-terminated string as L
    269     TPM2B_ENCRYPTED_SECRET *secret,  // IN: input secret
    270     TPM2B_DATA *data                 // OUT: decrypted secret value
    271     );
    272 TPM_RC CryptSecretEncrypt(
    273     TPMI_DH_OBJECT keyHandle,       //   IN: encryption key handle
    274     const char *label,              //   IN: a null-terminated string as L
    275     TPM2B_DATA *data,               //   OUT: secret value
    276     TPM2B_ENCRYPTED_SECRET *secret  //   OUT: secret structure
    277     );
    278 TPMT_RSA_DECRYPT *CryptSelectRSAScheme(
    279     TPMI_DH_OBJECT rsaHandle,  // IN: handle of sign key
    280     TPMT_RSA_DECRYPT *scheme   // IN: a sign or decrypt scheme
    281     );
    282 TPM_RC CryptSelectSignScheme(
    283     TPMI_DH_OBJECT signHandle,  // IN: handle of signing key
    284     TPMT_SIG_SCHEME *scheme     // IN/OUT: signing scheme
    285     );
    286 TPM_RC CryptSign(TPMI_DH_OBJECT signHandle,    //   IN: The handle of sign key
    287                  TPMT_SIG_SCHEME *signScheme,  //   IN: sign scheme.
    288                  TPM2B_DIGEST *digest,         //   IN: The digest being signed
    289                  TPMT_SIGNATURE *signature     //   OUT: signature
    290                  );
    291 LIB_EXPORT UINT16
    292 CryptStartHMAC2B(TPMI_ALG_HASH hashAlg,  // IN: hash algorithm
    293                  TPM2B *key,             // IN: HMAC key
    294                  HMAC_STATE *hmacState  // OUT: the state of HMAC stack. It will
    295                                         // be used in HMAC update and completion
    296                  );
    297 UINT16 CryptStartHMACSequence2B(TPMI_ALG_HASH hashAlg,  // IN: hash algorithm
    298                                 TPM2B *key,             // IN: HMAC key
    299                                 HMAC_STATE *hmacState  // OUT: the state of HMAC
    300                                                        // stack. It will be used
    301                                                        // in HMAC update and
    302                                                        // completion
    303                                 );
    304 UINT16 CryptStartHashSequence(TPMI_ALG_HASH hashAlg,  // IN: hash algorithm
    305                               HASH_STATE *hashState   // OUT: the state of hash
    306                                                       // stack. It will be used
    307                                                       // in hash update and
    308                                                       // completion
    309                               );
    310 void CryptStirRandom(UINT32 entropySize,  // IN: size of entropy buffer
    311                      BYTE *buffer         // IN: entropy buffer
    312                      );
    313 void CryptStopUnits(void);
    314 void CryptSymmetricDecrypt(
    315     BYTE *decrypted,
    316     TPM_ALG_ID algorithm,    //   IN: algorithm for encryption
    317     UINT16 keySizeInBits,    //   IN: key size in bit
    318     TPMI_ALG_SYM_MODE mode,  //   IN: symmetric encryption mode
    319     BYTE *key,               //   IN: encryption key
    320     TPM2B_IV *ivIn,          //   IN/OUT: IV for next block
    321     UINT32 dataSize,         //   IN: data size in byte
    322     BYTE *data               //   IN/OUT: data buffer
    323     );
    324 void CryptSymmetricEncrypt(
    325     BYTE *encrypted,         //   OUT: the encrypted data
    326     TPM_ALG_ID algorithm,    //   IN: algorithm for encryption
    327     UINT16 keySizeInBits,    //   IN: key size in bit
    328     TPMI_ALG_SYM_MODE mode,  //   IN: symmetric encryption mode
    329     BYTE *key,               //   IN: encryption key
    330     TPM2B_IV *ivIn,   //   IN/OUT: Input IV and output chaining value for the
    331                       //   next block
    332     UINT32 dataSize,  //   IN: data size in byte
    333     BYTE *data        //   IN/OUT: data buffer
    334     );
    335 UINT16 CryptStartHash(TPMI_ALG_HASH hashAlg,  // IN: hash algorithm
    336                       HASH_STATE *hashState  // OUT: the state of hash stack. It
    337                                              // will be used in hash update and
    338                                              // completion
    339                       );
    340 void CryptUpdateDigest(void *digestState,  // IN: the state of hash stack
    341                        UINT32 dataSize,    // IN: the size of data
    342                        BYTE *data          // IN: data to be hashed
    343                        );
    344 LIB_EXPORT void CryptUpdateDigest2B(void *digestState,  // IN: the digest state
    345                                     TPM2B *bIn  // IN: 2B containing the data
    346                                     );
    347 void CryptUpdateDigestInt(void *state,     // IN: the state of hash stack
    348                           UINT32 intSize,  // IN: the size of 'intValue' in byte
    349                           void *intValue   // IN: integer value to be hashed
    350                           );
    351 BOOL CryptUtilStartup(STARTUP_TYPE type  // IN: the startup type
    352                       );
    353 TPM_RC CryptVerifySignature(
    354     TPMI_DH_OBJECT keyHandle,  // IN: The handle of sign key
    355     TPM2B_DIGEST *digest,      // IN: The digest being validated
    356     TPMT_SIGNATURE *signature  // IN: signature
    357     );
    358 void KDFa(TPM_ALG_ID hash,      //   IN: hash algorithm used in HMAC
    359           TPM2B *key,           //   IN: HMAC key
    360           const char *label,    //   IN: a null-terminated label for KDF
    361           TPM2B *contextU,      //   IN: context U
    362           TPM2B *contextV,      //   IN: context V
    363           UINT32 sizeInBits,    //   IN: size of generated key in bit
    364           BYTE *keyStream,      //   OUT: key buffer
    365           UINT32 *counterInOut  //   IN/OUT: caller may provide the iteration
    366                                 //   counter for incremental operations to avoid
    367                                 //   large intermediate buffers.
    368           );
    369 
    370 #endif  // __SOURCE_CRYPTUTIL_FP_H
    371