/* * Copyright 2015 The Chromium OS Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ #ifndef __SOURCE_CRYPTUTIL_FP_H #define __SOURCE_CRYPTUTIL_FP_H BOOL CryptAreKeySizesConsistent( TPMT_PUBLIC *publicArea // IN: the public area to check ); TPMI_YES_NO CryptCapGetECCCurve( TPM_ECC_CURVE curveID, // IN: the starting ECC curve UINT32 maxCount, // IN: count of returned curve TPML_ECC_CURVE *curveList // OUT: ECC curve list ); UINT32 CryptCapGetEccCurveNumber(void); UINT16 CryptCommit(void); LIB_EXPORT int CryptCompare(const UINT32 aSize, // IN: size of a const BYTE *a, // IN: a buffer const UINT32 bSize, // IN: size of b const BYTE *b // IN: b buffer ); TPM_RC CryptCommitCompute( TPMS_ECC_POINT *K, // OUT: [d]B TPMS_ECC_POINT *L, // OUT: [r]B TPMS_ECC_POINT *E, // OUT: [r]M TPM_ECC_CURVE curveID, // IN: The curve for the computation TPMS_ECC_POINT *M, // IN: M (P1) TPMS_ECC_POINT *B, // IN: B (x2, y2) TPM2B_ECC_PARAMETER *d, // IN: the private scalar TPM2B_ECC_PARAMETER *r // IN: the computed r value ); int CryptCompareSigned(UINT32 aSize, // IN: size of a BYTE *a, // IN: a buffer UINT32 bSize, // IN: size of b BYTE *b // IN: b buffer ); void CryptComputeSymmetricUnique( TPMI_ALG_HASH nameAlg, // IN: object name algorithm TPMT_SENSITIVE *sensitive, // IN: sensitive area TPM2B_DIGEST *unique // OUT: unique buffer ); LIB_EXPORT UINT16 CryptCompleteHMAC2B(HMAC_STATE *hmacState, // IN: the state of HMAC stack TPM2B *digest // OUT: HMAC ); LIB_EXPORT UINT16 CryptCompleteHash(void *state, // IN: the state of hash stack UINT16 digestSize, // IN: size of digest buffer BYTE *digest // OUT: hash digest ); UINT16 CryptCompleteHash2B( void *state, // IN: the state of hash stack TPM2B *digest // IN: the size of the buffer Out: requested number of byte ); TPM_RC CryptCreateObject( TPM_HANDLE parentHandle, // IN/OUT: indication of the seed source TPMT_PUBLIC *publicArea, // IN/OUT: public area TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation TPMT_SENSITIVE *sensitive // OUT: sensitive area ); void CryptDrbgGetPutState(GET_PUT direction // IN: Get from or put to DRBG ); TPM_RC CryptDecryptRSA( UINT16 *dataOutSize, // OUT: size of plain text in byte BYTE *dataOut, // OUT: plain text OBJECT *rsaKey, // IN: internal RSA key TPMT_RSA_DECRYPT *scheme, // IN: selects the padding scheme UINT16 cipherInSize, // IN: size of cipher text in byte BYTE *cipherIn, // IN: cipher text const char *label // IN: a label, when needed ); TPM_RC CryptDivide( TPM2B *numerator, // IN: numerator TPM2B *denominator, // IN: denominator TPM2B *quotient, // OUT: quotient = numerator / denominator. TPM2B *remainder // OUT: numerator mod denominator. ); void CryptDrbgGetPutState(GET_PUT direction // IN: Get from or put to DRBG ); // // // 10.2.6.3 CryptEccGetKeySizeBytes() // // This macro returns the size of the ECC key in bytes. It uses // CryptEccGetKeySizeInBits(). // #define CryptEccGetKeySizeInBytes(curve) \ ((CryptEccGetKeySizeInBits(curve) + 7) / 8) TPM_RC CryptEcc2PhaseKeyExchange( TPMS_ECC_POINT *outZ1, // OUT: the computed point TPMS_ECC_POINT *outZ2, // OUT: optional second point TPM_ALG_ID scheme, // IN: the key exchange scheme TPM_ECC_CURVE curveId, // IN: the curve for the computation TPM2B_ECC_PARAMETER *dsA, // IN: static private TPM key TPM2B_ECC_PARAMETER *deA, // IN: ephemeral private TPM key TPMS_ECC_POINT *QsB, // IN: static public party B key TPMS_ECC_POINT *QeB // IN: ephemeral public party B key ); TPM_RC CryptEncryptRSA( UINT16 *cipherOutSize, // OUT: size of cipher text in byte BYTE *cipherOut, // OUT: cipher text OBJECT *rsaKey, // IN: internal RSA key TPMT_RSA_DECRYPT *scheme, // IN: selects the padding scheme UINT16 dataInSize, // IN: size of plain text in byte BYTE *dataIn, // IN: plain text const char *label // IN: an optional label ); TPM_ALG_ID CryptGetContextAlg(void *state // IN: the context to check ); LIB_EXPORT TPM_ALG_ID CryptGetHashAlgByIndex(UINT32 index // IN: the index ); LIB_EXPORT UINT16 CryptGetHashDigestSize(TPM_ALG_ID hashAlg // IN: hash algorithm ); LIB_EXPORT const TPM2B *CryptEccGetParameter( char p, // IN: the parameter selector TPM_ECC_CURVE curveId // IN: the curve id ); BOOL CryptEccGetParameters( TPM_ECC_CURVE curveId, // IN: ECC curve ID TPMS_ALGORITHM_DETAIL_ECC *parameters // OUT: ECC parameter ); TPM_RC CryptEccPointMultiply(TPMS_ECC_POINT *pOut, // OUT: output point TPM_ECC_CURVE curveId, // IN: curve selector TPM2B_ECC_PARAMETER *dIn, // IN: public scalar TPMS_ECC_POINT *pIn // IN: optional point ); BOOL CryptEccIsPointOnCurve(TPM_ECC_CURVE curveID, // IN: ECC curve ID TPMS_ECC_POINT *Q // IN: ECC point ); void CryptEndCommit(UINT16 c // IN: the counter value of the commitment ); BOOL CryptGenerateR( TPM2B_ECC_PARAMETER *r, // OUT: the generated random value UINT16 *c, // IN/OUT: count value. TPMI_ECC_CURVE curveID, // IN: the curve for the value TPM2B_NAME *name // IN: optional name of a key to associate with 'r' ); UINT16 CryptGenerateRandom(UINT16 randomSize, // IN: size of random number BYTE *buffer // OUT: buffer of random number ); void CryptGenerateNewSymmetric( TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation data TPMT_SENSITIVE *sensitive, // OUT: sensitive area TPM_ALG_ID hashAlg, // IN: hash algorithm for the KDF TPM2B_SEED *seed, // IN: seed used in creation TPM2B_NAME *name // IN: name of the object ); const TPMT_ECC_SCHEME *CryptGetCurveSignScheme( TPM_ECC_CURVE curveId // IN: The curve selector ); LIB_EXPORT UINT16 CryptGetHashDigestSize(TPM_ALG_ID hashAlg // IN: hash algorithm ); TPMI_ALG_HASH CryptGetSignHashAlg(TPMT_SIGNATURE *auth // IN: signature ); INT16 CryptGetSymmetricBlockSize( TPMI_ALG_SYM algorithm, // IN: symmetric algorithm UINT16 keySize // IN: key size in bit ); TPM_RC CryptGetTestResult(TPM2B_MAX_BUFFER *outData // OUT: test result data ); LIB_EXPORT UINT16 CryptHashBlock(TPM_ALG_ID algId, // IN: the hash algorithm to use UINT16 blockSize, // IN: size of the data block BYTE *block, // IN: address of the block to hash UINT16 retSize, // IN: size of the return buffer BYTE *ret // OUT: address of the buffer ); // // // // 10.2.4.23 CryptKDFa() // // This function generates a key using the KDFa() formulation in Part 1 of the // TPM specification. In this implementation, this is a macro invocation of // _cpri__KDFa() in the hash module of the CryptoEngine(). This macro sets // once to FALSE so that KDFa() will iterate as many times as necessary to // generate sizeInBits number of bits. // #define CryptKDFa(hashAlg, key, label, contextU, contextV, sizeInBits, \ keyStream, counterInOut) \ TEST_HASH(hashAlg); \ _cpri__KDFa(((TPM_ALG_ID)hashAlg), ((TPM2B *)key), ((const char *)label), \ ((TPM2B *)contextU), ((TPM2B *)contextV), ((UINT32)sizeInBits), \ ((BYTE *)keyStream), ((UINT32 *)counterInOut), ((BOOL)FALSE)) // // // 10.2.4.24 CryptKDFaOnce() // // This function generates a key using the KDFa() formulation in Part 1 of the // TPM specification. In this implementation, this is a macro invocation of // _cpri__KDFa() in the hash module of the CryptoEngine(). This macro will // call _cpri__KDFa() with once TRUE so that only one iteration is performed, // regardless of sizeInBits. // #define CryptKDFaOnce(hashAlg, key, label, contextU, contextV, sizeInBits, \ keyStream, counterInOut) \ TEST_HASH(hashAlg); \ _cpri__KDFa(((TPM_ALG_ID)hashAlg), ((TPM2B *)key), ((const char *)label), \ ((TPM2B *)contextU), ((TPM2B *)contextV), ((UINT32)sizeInBits), \ ((BYTE *)keyStream), ((UINT32 *)counterInOut), ((BOOL)TRUE)) // // // 10.2.4.26 CryptKDFe() // // This function generates a key using the KDFa() formulation in Part 1 of // the TPM specification. In this implementation, this is a macro invocation // of _cpri__KDFe() in the hash module of the CryptoEngine(). // #define CryptKDFe(hashAlg, Z, label, partyUInfo, partyVInfo, sizeInBits, \ keyStream) \ TEST_HASH(hashAlg); \ _cpri__KDFe(((TPM_ALG_ID)hashAlg), ((TPM2B *)Z), ((const char *)label), \ ((TPM2B *)partyUInfo), ((TPM2B *)partyVInfo), \ ((UINT32)sizeInBits), ((BYTE *)keyStream)) void CryptHashStateImportExport( HASH_STATE *internalFmt, // IN: state to LIB_EXPORT HASH_STATE *externalFmt, // OUT: exported state IMPORT_EXPORT direction); void CryptInitUnits(void); BOOL CryptIsAsymAlgorithm(TPM_ALG_ID algID // IN: algorithm ID ); BOOL CryptIsDecryptScheme(TPMI_ALG_ASYM_SCHEME scheme); BOOL CryptIsSchemeAnonymous( TPM_ALG_ID scheme // IN: the scheme algorithm to test ); BOOL CryptIsSignScheme(TPMI_ALG_ASYM_SCHEME scheme); BOOL CryptIsSplitSign(TPM_ALG_ID scheme // IN: the algorithm selector ); TPM_RC CryptNewEccKey(TPM_ECC_CURVE curveID, // IN: ECC curve TPMS_ECC_POINT *publicPoint, // OUT: public point TPM2B_ECC_PARAMETER *sensitive // OUT: private area ); BOOL CryptObjectIsPublicConsistent(TPMT_PUBLIC *publicArea // IN: public area ); TPM_RC CryptObjectPublicPrivateMatch(OBJECT *object // IN: the object to check ); TPM_RC CryptParameterDecryption( TPM_HANDLE handle, // IN: encrypted session handle TPM2B *nonceCaller, // IN: nonce caller UINT32 bufferSize, // IN: size of parameter buffer UINT16 leadingSizeInByte, // IN: the size of the leading size field in byte TPM2B_AUTH *extraKey, // IN: the authValue BYTE *buffer // IN/OUT: parameter buffer to be decrypted ); void CryptParameterEncryption( TPM_HANDLE handle, // IN: encrypt session handle TPM2B *nonceCaller, // IN: nonce caller UINT16 leadingSizeInByte, // IN: the size of the leading size field in byte TPM2B_AUTH * extraKey, // IN: additional key material other than session auth BYTE *buffer // IN/OUT: parameter buffer to be encrypted ); TPM_RC CryptSecretDecrypt( TPM_HANDLE tpmKey, // IN: decrypt key TPM2B_NONCE *nonceCaller, // IN: nonceCaller. It is needed for symmetric // decryption. For asymmetric decryption, this // parameter is NULL const char *label, // IN: a null-terminated string as L TPM2B_ENCRYPTED_SECRET *secret, // IN: input secret TPM2B_DATA *data // OUT: decrypted secret value ); TPM_RC CryptSecretEncrypt( TPMI_DH_OBJECT keyHandle, // IN: encryption key handle const char *label, // IN: a null-terminated string as L TPM2B_DATA *data, // OUT: secret value TPM2B_ENCRYPTED_SECRET *secret // OUT: secret structure ); TPMT_RSA_DECRYPT *CryptSelectRSAScheme( TPMI_DH_OBJECT rsaHandle, // IN: handle of sign key TPMT_RSA_DECRYPT *scheme // IN: a sign or decrypt scheme ); TPM_RC CryptSelectSignScheme( TPMI_DH_OBJECT signHandle, // IN: handle of signing key TPMT_SIG_SCHEME *scheme // IN/OUT: signing scheme ); TPM_RC CryptSign(TPMI_DH_OBJECT signHandle, // IN: The handle of sign key TPMT_SIG_SCHEME *signScheme, // IN: sign scheme. TPM2B_DIGEST *digest, // IN: The digest being signed TPMT_SIGNATURE *signature // OUT: signature ); LIB_EXPORT UINT16 CryptStartHMAC2B(TPMI_ALG_HASH hashAlg, // IN: hash algorithm TPM2B *key, // IN: HMAC key HMAC_STATE *hmacState // OUT: the state of HMAC stack. It will // be used in HMAC update and completion ); UINT16 CryptStartHMACSequence2B(TPMI_ALG_HASH hashAlg, // IN: hash algorithm TPM2B *key, // IN: HMAC key HMAC_STATE *hmacState // OUT: the state of HMAC // stack. It will be used // in HMAC update and // completion ); UINT16 CryptStartHashSequence(TPMI_ALG_HASH hashAlg, // IN: hash algorithm HASH_STATE *hashState // OUT: the state of hash // stack. It will be used // in hash update and // completion ); void CryptStirRandom(UINT32 entropySize, // IN: size of entropy buffer BYTE *buffer // IN: entropy buffer ); void CryptStopUnits(void); void CryptSymmetricDecrypt( BYTE *decrypted, TPM_ALG_ID algorithm, // IN: algorithm for encryption UINT16 keySizeInBits, // IN: key size in bit TPMI_ALG_SYM_MODE mode, // IN: symmetric encryption mode BYTE *key, // IN: encryption key TPM2B_IV *ivIn, // IN/OUT: IV for next block UINT32 dataSize, // IN: data size in byte BYTE *data // IN/OUT: data buffer ); void CryptSymmetricEncrypt( BYTE *encrypted, // OUT: the encrypted data TPM_ALG_ID algorithm, // IN: algorithm for encryption UINT16 keySizeInBits, // IN: key size in bit TPMI_ALG_SYM_MODE mode, // IN: symmetric encryption mode BYTE *key, // IN: encryption key TPM2B_IV *ivIn, // IN/OUT: Input IV and output chaining value for the // next block UINT32 dataSize, // IN: data size in byte BYTE *data // IN/OUT: data buffer ); UINT16 CryptStartHash(TPMI_ALG_HASH hashAlg, // IN: hash algorithm HASH_STATE *hashState // OUT: the state of hash stack. It // will be used in hash update and // completion ); void CryptUpdateDigest(void *digestState, // IN: the state of hash stack UINT32 dataSize, // IN: the size of data BYTE *data // IN: data to be hashed ); LIB_EXPORT void CryptUpdateDigest2B(void *digestState, // IN: the digest state TPM2B *bIn // IN: 2B containing the data ); void CryptUpdateDigestInt(void *state, // IN: the state of hash stack UINT32 intSize, // IN: the size of 'intValue' in byte void *intValue // IN: integer value to be hashed ); BOOL CryptUtilStartup(STARTUP_TYPE type // IN: the startup type ); TPM_RC CryptVerifySignature( TPMI_DH_OBJECT keyHandle, // IN: The handle of sign key TPM2B_DIGEST *digest, // IN: The digest being validated TPMT_SIGNATURE *signature // IN: signature ); void KDFa(TPM_ALG_ID hash, // IN: hash algorithm used in HMAC TPM2B *key, // IN: HMAC key const char *label, // IN: a null-terminated label for KDF TPM2B *contextU, // IN: context U TPM2B *contextV, // IN: context V UINT32 sizeInBits, // IN: size of generated key in bit BYTE *keyStream, // OUT: key buffer UINT32 *counterInOut // IN/OUT: caller may provide the iteration // counter for incremental operations to avoid // large intermediate buffers. ); #endif // __SOURCE_CRYPTUTIL_FP_H