Software APIs
key_transport.h
Go to the documentation of this file.
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #ifndef OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_KEY_TRANSPORT_H_
6 #define OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_KEY_TRANSPORT_H_
7 
8 #include "datatypes.h"
9 
10 /**
11  * @file
12  * @brief Key import/export for the OpenTitan cryptography library.
13  *
14  * These functions allow library users to translate to and from the crypto
15  * library's key representations.
16  */
17 
18 #ifdef __cplusplus
19 extern "C" {
20 #endif // __cplusplus
21 
22 /**
23  * Generates a new, random symmetric key.
24  *
25  * Use this only for symmetric algorithms (e.g. AES, HMAC, KMAC). Asymmetric
26  * algorithms (e.g. ECDSA, RSA) have their own specialized key-generation
27  * routines. Cannot be used for hardware-backed keys; use
28  * `otcrypto_hw_backed_key` instead to generate these.
29  *
30  * The caller should allocate space for the keyblob and populate the blinded
31  * key struct with the length of the keyblob, the pointer to the keyblob
32  * buffer, and the key configuration. The value in the `checksum` field of
33  * the blinded key struct will be populated by the key generation function.
34  * The keyblob should be twice the length of the unblinded key. This function
35  * will return an error if the keyblob length does not match expectations based
36  * on the key mode and configuration.
37  *
38  * The keyblob should be twice the length of the key. The caller only needs to
39  * allocate the keyblob, not populate it.
40  *
41  * The personalization string may empty, and may be up to 48 bytes long; any
42  * longer will result in an error. It is passed as an extra seed input to the
43  * DRBG, in addition to the hardware TRNG.
44  *
45  * @param perso_string Optional personalization string to be passed to DRBG.
46  * @param[out] key Destination blinded key struct.
47  * @return The result of the operation.
48  */
49 otcrypto_status_t otcrypto_symmetric_keygen(
50  otcrypto_const_byte_buf_t perso_string, otcrypto_blinded_key_t *key);
51 
52 /**
53  * Creates a handle for a hardware-backed key.
54  *
55  * This routine may be used for both symmetric and asymmetric algorithms, since
56  * conceptually it only creates some data that the key manager can use to
57  * generate key material at the time of use. However, not all algorithms are
58  * suitable for hardware-backed keys (for example, RSA is not suitable), so
59  * some choices of algorithm may result in errors.
60  *
61  * The caller should partially populate the blinded key struct; they should set
62  * the full key configuration and the keyblob length (always 32 bytes), and
63  * then allocate 32 bytes of space for the keyblob and set the keyblob pointer.
64  *
65  * This function will populate the `checksum` field and copy the salt/version
66  * data into the keyblob buffer in the specific order that the rest of
67  * cryptolib expects.
68  *
69  * @param version Key version.
70  * @param salt Key salt (diversification data for KDF).
71  * @param[out] key Destination blinded key struct.
72  * @return The result of the operation.
73  */
74 otcrypto_status_t otcrypto_hw_backed_key(uint32_t version,
75  const uint32_t salt[7],
76  otcrypto_blinded_key_t *key);
77 
78 /**
79  * Creates a blinded key struct from masked key material.
80  *
81  * The caller should allocate and partially populate the blinded key struct,
82  * including populating the key configuration and allocating space for the
83  * keyblob. The keyblob should be twice the length of the user key.
84  * Hardware-backed and asymmetric (ECC or RSA) keys cannot be imported this
85  * way. For asymmetric keys, use algorithm-specific key construction methods.
86  *
87  * This function will copy the data from the shares into the keyblob; it is
88  * safe to free `key_share0` and `key_share1` after this call.
89  *
90  * @param key_share0 First share of the user provided key.
91  * @param key_share1 Second share of the user provided key.
92  * @param[out] blinded_key Generated blinded key struct.
93  * @return Result of the blinded key import operation.
94  */
95 otcrypto_status_t otcrypto_import_blinded_key(
96  const otcrypto_const_word32_buf_t key_share0,
97  const otcrypto_const_word32_buf_t key_share1,
98  otcrypto_blinded_key_t *blinded_key);
99 
100 /**
101  * Exports a blinded key to the user provided key buffer, in shares.
102  *
103  * This function will copy data from the keyblob into the shares; after the
104  * call, it is safe to free the blinded key and the data pointed to by
105  * `blinded_key.keyblob`.
106  *
107  * Hardware-backed, non-exportable, and asymmetric (ECC or RSA) keys cannot be
108  * exported this way. For asymmetric keys, use an algorithm-specific funtion.
109  *
110  * @param blinded_key Blinded key struct to be exported.
111  * @param[out] key_share0 First share of the blinded key.
112  * @param[out] key_share1 Second share of the blinded key.
113  * @return Result of the blinded key export operation.
114  */
115 otcrypto_status_t otcrypto_export_blinded_key(
116  const otcrypto_blinded_key_t blinded_key, otcrypto_word32_buf_t key_share0,
117  otcrypto_word32_buf_t key_share1);
118 
119 #ifdef __cplusplus
120 } // extern "C"
121 #endif // __cplusplus
122 
123 #endif // OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_KEY_TRANSPORT_H_
Return to OpenTitan Documentation