cryptocb.h 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111
  1. /*!
  2. \ingroup CryptoCb
  3. \brief This function registers a unique device identifier (devID) and
  4. callback function for offloading crypto operations to external
  5. hardware such as Key Store, Secure Element, HSM, PKCS11 or TPM.
  6. For STSAFE with Crypto Callbacks example see
  7. wolfcrypt/src/port/st/stsafe.c and the wolfSSL_STSAFE_CryptoDevCb function.
  8. For TPM based crypto callbacks example see the wolfTPM2_CryptoDevCb
  9. function in wolfTPM src/tpm2_wrap.c
  10. \return CRYPTOCB_UNAVAILABLE to fallback to using software crypto
  11. \return 0 for success
  12. \return negative value for failure
  13. \param devId any unique value, not -2 (INVALID_DEVID)
  14. \param cb a callback function with prototype:
  15. typedef int (*CryptoDevCallbackFunc)(int devId, wc_CryptoInfo* info, void* ctx);
  16. _Example_
  17. \code
  18. #include <wolfssl/wolfcrypt/settings.h>
  19. #include <wolfssl/wolfcrypt/cryptocb.h>
  20. static int myCryptoCb_Func(int devId, wc_CryptoInfo* info, void* ctx)
  21. {
  22. int ret = CRYPTOCB_UNAVAILABLE;
  23. if (info->algo_type == WC_ALGO_TYPE_PK) {
  24. #ifndef NO_RSA
  25. if (info->pk.type == WC_PK_TYPE_RSA) {
  26. switch (info->pk.rsa.type) {
  27. case RSA_PUBLIC_ENCRYPT:
  28. case RSA_PUBLIC_DECRYPT:
  29. // RSA public op
  30. ret = wc_RsaFunction(
  31. info->pk.rsa.in, info->pk.rsa.inLen,
  32. info->pk.rsa.out, info->pk.rsa.outLen,
  33. info->pk.rsa.type, info->pk.rsa.key,
  34. info->pk.rsa.rng);
  35. break;
  36. case RSA_PRIVATE_ENCRYPT:
  37. case RSA_PRIVATE_DECRYPT:
  38. // RSA private op
  39. ret = wc_RsaFunction(
  40. info->pk.rsa.in, info->pk.rsa.inLen,
  41. info->pk.rsa.out, info->pk.rsa.outLen,
  42. info->pk.rsa.type, info->pk.rsa.key,
  43. info->pk.rsa.rng);
  44. break;
  45. }
  46. }
  47. #endif
  48. #ifdef HAVE_ECC
  49. if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
  50. // ECDSA
  51. ret = wc_ecc_sign_hash(
  52. info->pk.eccsign.in, info->pk.eccsign.inlen,
  53. info->pk.eccsign.out, info->pk.eccsign.outlen,
  54. info->pk.eccsign.rng, info->pk.eccsign.key);
  55. }
  56. #endif
  57. #ifdef HAVE_ED25519
  58. if (info->pk.type == WC_PK_TYPE_ED25519_SIGN) {
  59. // ED25519 sign
  60. ret = wc_ed25519_sign_msg_ex(
  61. info->pk.ed25519sign.in, info->pk.ed25519sign.inLen,
  62. info->pk.ed25519sign.out, info->pk.ed25519sign.outLen,
  63. info->pk.ed25519sign.key, info->pk.ed25519sign.type,
  64. info->pk.ed25519sign.context,
  65. info->pk.ed25519sign.contextLen);
  66. }
  67. #endif
  68. }
  69. return ret;
  70. }
  71. int devId = 1;
  72. wc_CryptoCb_RegisterDevice(devId, myCryptoCb_Func, &myCtx);
  73. wolfSSL_CTX_SetDevId(ctx, devId);
  74. \endcode
  75. \sa wc_CryptoCb_UnRegisterDevice
  76. \sa wolfSSL_SetDevId
  77. \sa wolfSSL_CTX_SetDevId
  78. */
  79. int wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx);
  80. /*!
  81. \ingroup CryptoCb
  82. \brief This function un-registers a unique device identifier (devID)
  83. callback function.
  84. \return none No returns.
  85. \param devId any unique value, not -2 (INVALID_DEVID)
  86. _Example_
  87. \code
  88. wc_CryptoCb_UnRegisterDevice(devId);
  89. devId = INVALID_DEVID;
  90. wolfSSL_CTX_SetDevId(ctx, devId);
  91. \endcode
  92. \sa wc_CryptoCb_RegisterDevice
  93. \sa wolfSSL_SetDevId
  94. \sa wolfSSL_CTX_SetDevId
  95. */
  96. void wc_CryptoCb_UnRegisterDevice(int devId);