mirror of
https://github.com/genesi/linux-legacy.git
synced 2026-07-10 10:46:42 +00:00
Added padding of 64 bytes (cache line size for Cortex-A8) around buffers that are used by the hardware to prevent any cache coherency problems that could arise if buffers share a cache line with some other data that is used by the CPU. Signed-off-by: Anish Trivedi <anish@freescale.com>
2274 lines
88 KiB
C
2274 lines
88 KiB
C
/*
|
|
* Copyright (C) 2004-2011 Freescale Semiconductor, Inc. All Rights Reserved.
|
|
*/
|
|
|
|
/*
|
|
* The code contained herein is licensed under the GNU General Public
|
|
* License. You may obtain a copy of the GNU General Public License
|
|
* Version 2 or later at the following locations:
|
|
*
|
|
* http://www.opensource.org/licenses/gpl-license.html
|
|
* http://www.gnu.org/copyleft/gpl.html
|
|
*/
|
|
|
|
/*!
|
|
* @file sahara.h
|
|
*
|
|
* File which implements the FSL_SHW API when used on Sahara
|
|
*/
|
|
/*!
|
|
* @if USE_MAINPAGE
|
|
* @mainpage Sahara2 implemtation of FSL Security Hardware API
|
|
* @endif
|
|
*
|
|
*/
|
|
|
|
#define _DIAG_DRV_IF
|
|
#define _DIAG_SECURITY_FUNC
|
|
#define _DIAG_ADAPTOR
|
|
|
|
#ifndef SAHARA2_API_H
|
|
#define SAHARA2_API_H
|
|
|
|
#ifdef DIAG_SECURITY_FUNC
|
|
#include <diagnostic.h>
|
|
#endif /* DIAG_SECURITY_FUNC */
|
|
|
|
/* This is a Linux flag... ? */
|
|
#ifndef __KERNEL__
|
|
#include <inttypes.h>
|
|
#include <stdlib.h>
|
|
#include <memory.h>
|
|
#else
|
|
#include "portable_os.h"
|
|
#endif
|
|
|
|
/* This definition may need a new name, and needs to go somewhere which
|
|
* can determine platform, kernel vs. user, os, etc.
|
|
*/
|
|
#define copy_bytes(out, in, len) memcpy(out, in, len)
|
|
|
|
/* Does this belong here? */
|
|
#ifndef SAHARA_DEVICE
|
|
#define SAHARA_DEVICE "/dev/sahara"
|
|
#endif
|
|
|
|
/*!
|
|
*******************************************************************************
|
|
* @defgroup lnkflags Link Flags
|
|
*
|
|
* @brief Flags to show information about link data and link segments
|
|
*
|
|
******************************************************************************/
|
|
/*! @addtogroup lnkflags
|
|
* @{
|
|
*/
|
|
|
|
/*!
|
|
*******************************************************************************
|
|
* This flag indicates that the data in a link is owned by the security
|
|
* function component and this memory will be freed by the security function
|
|
* component. To be used as part of the flag field of the sah_Link structure.
|
|
******************************************************************************/
|
|
#define SAH_OWNS_LINK_DATA 0x01
|
|
|
|
/*!
|
|
*******************************************************************************
|
|
* The data in a link is not owned by the security function component and
|
|
* therefore it will not attempt to free this memory. To be used as part of the
|
|
* flag field of the sah_Link structure.
|
|
******************************************************************************/
|
|
#define SAH_USES_LINK_DATA 0x02
|
|
|
|
/*!
|
|
*******************************************************************************
|
|
* The data in this link will change when the descriptor gets executed.
|
|
******************************************************************************/
|
|
#define SAH_OUTPUT_LINK 0x04
|
|
|
|
/*!
|
|
*******************************************************************************
|
|
* The ptr and length in this link are really 'established key' info. They
|
|
* are to be converted to ptr/length before putting on request queue.
|
|
******************************************************************************/
|
|
#define SAH_KEY_IS_HIDDEN 0x08
|
|
|
|
/*!
|
|
*******************************************************************************
|
|
* The link structure has been appended to the previous one by the driver. It
|
|
* needs to be removed before leaving the driver (and returning to API).
|
|
******************************************************************************/
|
|
#define SAH_REWORKED_LINK 0x10
|
|
|
|
/*!
|
|
*******************************************************************************
|
|
* The length and data fields of this link contain the slot and user id
|
|
* used to access the SCC stored key
|
|
******************************************************************************/
|
|
#define SAH_STORED_KEY_INFO 0x20
|
|
|
|
/*!
|
|
*******************************************************************************
|
|
* The Data field points to a physical address, and does not need to be
|
|
* processed by the driver. Honored only in Kernel API.
|
|
******************************************************************************/
|
|
#define SAH_PREPHYS_DATA 0x40
|
|
|
|
/*!
|
|
*******************************************************************************
|
|
* The link was inserted during the Physicalise procedure. It is tagged so
|
|
* it can be removed during DePhysicalise, thereby returning to the caller an
|
|
* intact chain.
|
|
******************************************************************************/
|
|
#define SAH_LINK_INSERTED_LINK 0x80
|
|
|
|
/*!
|
|
*******************************************************************************
|
|
* The Data field points to the location of the key, which is in a secure
|
|
* partition held by the user. The memory address needs to be converted to
|
|
* kernel space manually, by looking through the partitions that the user holds.
|
|
******************************************************************************/
|
|
#define SAH_IN_USER_KEYSTORE 0x100
|
|
|
|
/*!
|
|
*******************************************************************************
|
|
* sah_Link_Flags
|
|
*
|
|
* Type to be used for flags associated with a Link in security function.
|
|
* These flags are used internally by the security function component only.
|
|
*
|
|
* Values defined at @ref lnkflags
|
|
*
|
|
* @brief typedef for flags field of sah_Link
|
|
******************************************************************************/
|
|
typedef uint32_t sah_Link_Flags;
|
|
|
|
/*
|
|
*******************************************************************************
|
|
* Security Parameters Related Structures
|
|
*
|
|
* All of structures associated with API parameters
|
|
*
|
|
******************************************************************************/
|
|
|
|
/*
|
|
*******************************************************************************
|
|
* Common Types
|
|
*
|
|
* All of structures used across several classes of crytography
|
|
******************************************************************************/
|
|
|
|
/*!
|
|
*******************************************************************************
|
|
* @brief Indefinite precision integer used for security operations on SAHARA
|
|
* accelerator. The data will always be in little Endian format.
|
|
******************************************************************************/
|
|
typedef uint8_t *sah_Int;
|
|
|
|
/*!
|
|
*******************************************************************************
|
|
* @brief Byte array used for block cipher and hash digest/MAC operations on
|
|
* SAHARA accelerator. The Endian format will be as specified by the function
|
|
* using the sah_Oct_Str.
|
|
******************************************************************************/
|
|
typedef uint8_t *sah_Oct_Str;
|
|
|
|
/*!
|
|
* A queue of descriptor heads -- used to hold requests waiting for user to
|
|
* pick up the results. */
|
|
typedef struct sah_Queue {
|
|
int count; /*!< # entries in queue */
|
|
struct sah_Head_Desc *head; /*!< first entry in queue */
|
|
struct sah_Head_Desc *tail; /*!< last entry in queue */
|
|
} sah_Queue;
|
|
|
|
/******************************************************************************
|
|
* Enumerations
|
|
*****************************************************************************/
|
|
/*!
|
|
* Flags for the state of the User Context Object (#fsl_shw_uco_t).
|
|
*/
|
|
typedef enum fsl_shw_user_ctx_flags_t {
|
|
/*!
|
|
* API will block the caller until operation completes. The result will be
|
|
* available in the return code. If this is not set, user will have to get
|
|
* results using #fsl_shw_get_results().
|
|
*/
|
|
FSL_UCO_BLOCKING_MODE = 0x01,
|
|
/*!
|
|
* User wants callback (at the function specified with
|
|
* #fsl_shw_uco_set_callback()) when the operation completes. This flag is
|
|
* valid only if #FSL_UCO_BLOCKING_MODE is not set.
|
|
*/
|
|
FSL_UCO_CALLBACK_MODE = 0x02,
|
|
/*! Do not free descriptor chain after driver (adaptor) finishes */
|
|
FSL_UCO_SAVE_DESC_CHAIN = 0x04,
|
|
/*!
|
|
* User has made at least one request with callbacks requested, so API is
|
|
* ready to handle others.
|
|
*/
|
|
FSL_UCO_CALLBACK_SETUP_COMPLETE = 0x08,
|
|
/*!
|
|
* (virtual) pointer to descriptor chain is completely linked with physical
|
|
* (DMA) addresses, ready for the hardware. This flag should not be used
|
|
* by FSL SHW API programs.
|
|
*/
|
|
FSL_UCO_CHAIN_PREPHYSICALIZED = 0x10,
|
|
/*!
|
|
* The user has changed the context but the changes have not been copied to
|
|
* the kernel driver.
|
|
*/
|
|
FSL_UCO_CONTEXT_CHANGED = 0x20,
|
|
/*! Internal Use. This context belongs to a user-mode API user. */
|
|
FSL_UCO_USERMODE_USER = 0x40,
|
|
} fsl_shw_user_ctx_flags_t;
|
|
|
|
/*!
|
|
* Return code for FSL_SHW library.
|
|
*
|
|
* These codes may be returned from a function call. In non-blocking mode,
|
|
* they will appear as the status in a Result Object.
|
|
*/
|
|
typedef enum fsl_shw_return_t {
|
|
/*!
|
|
* No error. As a function return code in Non-blocking mode, this may
|
|
* simply mean that the operation was accepted for eventual execution.
|
|
*/
|
|
FSL_RETURN_OK_S = 0,
|
|
/*! Failure for non-specific reason. */
|
|
FSL_RETURN_ERROR_S,
|
|
/*!
|
|
* Operation failed because some resource was not able to be allocated.
|
|
*/
|
|
FSL_RETURN_NO_RESOURCE_S,
|
|
/*! Crypto algorithm unrecognized or improper. */
|
|
FSL_RETURN_BAD_ALGORITHM_S,
|
|
/*! Crypto mode unrecognized or improper. */
|
|
FSL_RETURN_BAD_MODE_S,
|
|
/*! Flag setting unrecognized or inconsistent. */
|
|
FSL_RETURN_BAD_FLAG_S,
|
|
/*! Improper or unsupported key length for algorithm. */
|
|
FSL_RETURN_BAD_KEY_LENGTH_S,
|
|
/*! Improper parity in a (DES, TDES) key. */
|
|
FSL_RETURN_BAD_KEY_PARITY_S,
|
|
/*!
|
|
* Improper or unsupported data length for algorithm or internal buffer.
|
|
*/
|
|
FSL_RETURN_BAD_DATA_LENGTH_S,
|
|
/*! Authentication / Integrity Check code check failed. */
|
|
FSL_RETURN_AUTH_FAILED_S,
|
|
/*! A memory error occurred. */
|
|
FSL_RETURN_MEMORY_ERROR_S,
|
|
/*! An error internal to the hardware occurred. */
|
|
FSL_RETURN_INTERNAL_ERROR_S,
|
|
/*! ECC detected Point at Infinity */
|
|
FSL_RETURN_POINT_AT_INFINITY_S,
|
|
/*! ECC detected No Point at Infinity */
|
|
FSL_RETURN_POINT_NOT_AT_INFINITY_S,
|
|
/*! GCD is One */
|
|
FSL_RETURN_GCD_IS_ONE_S,
|
|
/*! GCD is not One */
|
|
FSL_RETURN_GCD_IS_NOT_ONE_S,
|
|
/*! Candidate is Prime */
|
|
FSL_RETURN_PRIME_S,
|
|
/*! Candidate is not Prime */
|
|
FSL_RETURN_NOT_PRIME_S,
|
|
/*! N register loaded improperly with even value */
|
|
FSL_RETURN_EVEN_MODULUS_ERROR_S,
|
|
/*! Divisor is zero. */
|
|
FSL_RETURN_DIVIDE_BY_ZERO_ERROR_S,
|
|
/*! Bad Exponent or Scalar value for Point Multiply */
|
|
FSL_RETURN_BAD_EXPONENT_ERROR_S,
|
|
/*! RNG hardware problem. */
|
|
FSL_RETURN_OSCILLATOR_ERROR_S,
|
|
/*! RNG hardware problem. */
|
|
FSL_RETURN_STATISTICS_ERROR_S,
|
|
} fsl_shw_return_t;
|
|
|
|
/*!
|
|
* Algorithm Identifier.
|
|
*
|
|
* Selection of algorithm will determine how large the block size of the
|
|
* algorithm is. Context size is the same length unless otherwise specified.
|
|
* Selection of algorithm also affects the allowable key length.
|
|
*/
|
|
typedef enum fsl_shw_key_alg_t {
|
|
/*!
|
|
* Key will be used to perform an HMAC. Key size is 1 to 64 octets. Block
|
|
* size is 64 octets.
|
|
*/
|
|
FSL_KEY_ALG_HMAC,
|
|
/*!
|
|
* Advanced Encryption Standard (Rijndael). Block size is 16 octets. Key
|
|
* size is 16 octets. (The single choice of key size is a Sahara platform
|
|
* limitation.)
|
|
*/
|
|
FSL_KEY_ALG_AES,
|
|
/*!
|
|
* Data Encryption Standard. Block size is 8 octets. Key size is 8
|
|
* octets.
|
|
*/
|
|
FSL_KEY_ALG_DES,
|
|
/*!
|
|
* 2- or 3-key Triple DES. Block size is 8 octets. Key size is 16 octets
|
|
* for 2-key Triple DES, and 24 octets for 3-key.
|
|
*/
|
|
FSL_KEY_ALG_TDES,
|
|
/*!
|
|
* ARC4. No block size. Context size is 259 octets. Allowed key size is
|
|
* 1-16 octets. (The choices for key size are a Sahara platform
|
|
* limitation.)
|
|
*/
|
|
FSL_KEY_ALG_ARC4,
|
|
/*!
|
|
* Private key of a public-private key-pair. Max is 512 bits...
|
|
*/
|
|
FSL_KEY_PK_PRIVATE,
|
|
} fsl_shw_key_alg_t;
|
|
|
|
/*!
|
|
* Mode selector for Symmetric Ciphers.
|
|
*
|
|
* The selection of mode determines how a cryptographic algorithm will be
|
|
* used to process the plaintext or ciphertext.
|
|
*
|
|
* For all modes which are run block-by-block (that is, all but
|
|
* #FSL_SYM_MODE_STREAM), any partial operations must be performed on a text
|
|
* length which is multiple of the block size. Except for #FSL_SYM_MODE_CTR,
|
|
* these block-by-block algorithms must also be passed a total number of octets
|
|
* which is a multiple of the block size.
|
|
*
|
|
* In modes which require that the total number of octets of data be a multiple
|
|
* of the block size (#FSL_SYM_MODE_ECB and #FSL_SYM_MODE_CBC), and the user
|
|
* has a total number of octets which are not a multiple of the block size, the
|
|
* user must perform any necessary padding to get to the correct data length.
|
|
*/
|
|
typedef enum fsl_shw_sym_mode_t {
|
|
/*!
|
|
* Stream. There is no associated block size. Any request to process data
|
|
* may be of any length. This mode is only for ARC4 operations, and is
|
|
* also the only mode used for ARC4.
|
|
*/
|
|
FSL_SYM_MODE_STREAM,
|
|
|
|
/*!
|
|
* Electronic Codebook. Each block of data is encrypted/decrypted. The
|
|
* length of the data stream must be a multiple of the block size. This
|
|
* mode may be used for DES, 3DES, and AES. The block size is determined
|
|
* by the algorithm.
|
|
*/
|
|
FSL_SYM_MODE_ECB,
|
|
/*!
|
|
* Cipher-Block Chaining. Each block of data is encrypted/decrypted and
|
|
* then "chained" with the previous block by an XOR function. Requires
|
|
* context to start the XOR (previous block). This mode may be used for
|
|
* DES, 3DES, and AES. The block size is determined by the algorithm.
|
|
*/
|
|
FSL_SYM_MODE_CBC,
|
|
/*!
|
|
* Counter. The counter is encrypted, then XORed with a block of data.
|
|
* The counter is then incremented (using modulus arithmetic) for the next
|
|
* block. The final operation may be non-multiple of block size. This mode
|
|
* may be used for AES. The block size is determined by the algorithm.
|
|
*/
|
|
FSL_SYM_MODE_CTR,
|
|
} fsl_shw_sym_mode_t;
|
|
|
|
/*!
|
|
* Algorithm selector for Cryptographic Hash functions.
|
|
*
|
|
* Selection of algorithm determines how large the context and digest will be.
|
|
* Context is the same size as the digest (resulting hash), unless otherwise
|
|
* specified.
|
|
*/
|
|
typedef enum fsl_shw_hash_alg_t {
|
|
/*! MD5 algorithm. Digest is 16 octets. */
|
|
FSL_HASH_ALG_MD5,
|
|
/*! SHA-1 (aka SHA or SHA-160) algorithm. Digest is 20 octets. */
|
|
FSL_HASH_ALG_SHA1,
|
|
/*!
|
|
* SHA-224 algorithm. Digest is 28 octets, though context is 32 octets.
|
|
*/
|
|
FSL_HASH_ALG_SHA224,
|
|
/*! SHA-256 algorithm. Digest is 32 octets. */
|
|
FSL_HASH_ALG_SHA256
|
|
} fsl_shw_hash_alg_t;
|
|
|
|
/*!
|
|
* The type of Authentication-Cipher function which will be performed.
|
|
*/
|
|
typedef enum fsl_shw_acc_mode_t {
|
|
/*!
|
|
* CBC-MAC for Counter. Requires context and modulus. Final operation may
|
|
* be non-multiple of block size. This mode may be used for AES.
|
|
*/
|
|
FSL_ACC_MODE_CCM,
|
|
/*!
|
|
* SSL mode. Not supported. Combines HMAC and encrypt (or decrypt).
|
|
* Needs one key object for encryption, another for the HMAC. The usual
|
|
* hashing and symmetric encryption algorithms are supported.
|
|
*/
|
|
FSL_ACC_MODE_SSL,
|
|
} fsl_shw_acc_mode_t;
|
|
|
|
/* REQ-S2LRD-PINTFC-COA-HCO-001 */
|
|
/*!
|
|
* Flags which control a Hash operation.
|
|
*/
|
|
typedef enum fsl_shw_hash_ctx_flags_t {
|
|
/*!
|
|
* Context is empty. Hash is started from scratch, with a
|
|
* message-processed count of zero.
|
|
*/
|
|
FSL_HASH_FLAGS_INIT = 0x01,
|
|
/*!
|
|
* Retrieve context from hardware after hashing. If used with the
|
|
* #FSL_HASH_FLAGS_FINALIZE flag, the final digest value will be saved in
|
|
* the object.
|
|
*/
|
|
FSL_HASH_FLAGS_SAVE = 0x02,
|
|
/*! Place context into hardware before hashing. */
|
|
FSL_HASH_FLAGS_LOAD = 0x04,
|
|
/*!
|
|
* PAD message and perform final digest operation. If user message is
|
|
* pre-padded, this flag should not be used.
|
|
*/
|
|
FSL_HASH_FLAGS_FINALIZE = 0x08,
|
|
} fsl_shw_hash_ctx_flags_t;
|
|
|
|
/*!
|
|
* Flags which control an HMAC operation.
|
|
*
|
|
* These may be combined by ORing them together. See #fsl_shw_hmco_set_flags()
|
|
* and #fsl_shw_hmco_clear_flags().
|
|
*/
|
|
typedef enum fsl_shw_hmac_ctx_flags_t {
|
|
/*!
|
|
* Message context is empty. HMAC is started from scratch (with key) or
|
|
* from precompute of inner hash, depending on whether
|
|
* #FSL_HMAC_FLAGS_PRECOMPUTES_PRESENT is set.
|
|
*/
|
|
FSL_HMAC_FLAGS_INIT = 1,
|
|
/*!
|
|
* Retrieve ongoing context from hardware after hashing. If used with the
|
|
* #FSL_HMAC_FLAGS_FINALIZE flag, the final digest value (HMAC) will be
|
|
* saved in the object.
|
|
*/
|
|
FSL_HMAC_FLAGS_SAVE = 2,
|
|
/*! Place ongoing context into hardware before hashing. */
|
|
FSL_HMAC_FLAGS_LOAD = 4,
|
|
/*!
|
|
* PAD message and perform final HMAC operations of inner and outer
|
|
* hashes.
|
|
*/
|
|
FSL_HMAC_FLAGS_FINALIZE = 8,
|
|
/*!
|
|
* This means that the context contains precomputed inner and outer hash
|
|
* values.
|
|
*/
|
|
FSL_HMAC_FLAGS_PRECOMPUTES_PRESENT = 16,
|
|
} fsl_shw_hmac_ctx_flags_t;
|
|
|
|
/*!
|
|
* Flags to control use of the #fsl_shw_scco_t.
|
|
*
|
|
* These may be ORed together to get the desired effect.
|
|
* See #fsl_shw_scco_set_flags() and #fsl_shw_scco_clear_flags()
|
|
*/
|
|
typedef enum fsl_shw_sym_ctx_flags_t {
|
|
/*!
|
|
* Context is empty. In ARC4, this means that the S-Box needs to be
|
|
* generated from the key. In #FSL_SYM_MODE_CBC mode, this allows an IV of
|
|
* zero to be specified. In #FSL_SYM_MODE_CTR mode, it means that an
|
|
* initial CTR value of zero is desired.
|
|
*/
|
|
FSL_SYM_CTX_INIT = 1,
|
|
/*!
|
|
* Load context from object into hardware before running cipher. In
|
|
* #FSL_SYM_MODE_CTR mode, this would refer to the Counter Value.
|
|
*/
|
|
FSL_SYM_CTX_LOAD = 2,
|
|
/*!
|
|
* Save context from hardware into object after running cipher. In
|
|
* #FSL_SYM_MODE_CTR mode, this would refer to the Counter Value.
|
|
*/
|
|
FSL_SYM_CTX_SAVE = 4,
|
|
/*!
|
|
* Context (SBox) is to be unwrapped and wrapped on each use.
|
|
* This flag is unsupported.
|
|
* */
|
|
FSL_SYM_CTX_PROTECT = 8,
|
|
} fsl_shw_sym_ctx_flags_t;
|
|
|
|
/*!
|
|
* Flags which describe the state of the #fsl_shw_sko_t.
|
|
*
|
|
* These may be ORed together to get the desired effect.
|
|
* See #fsl_shw_sko_set_flags() and #fsl_shw_sko_clear_flags()
|
|
*/
|
|
typedef enum fsl_shw_key_flags_t {
|
|
/*! If algorithm is DES or 3DES, do not validate the key parity bits. */
|
|
FSL_SKO_KEY_IGNORE_PARITY = 1,
|
|
/*! Clear key is present in the object. */
|
|
FSL_SKO_KEY_PRESENT = 2,
|
|
/*!
|
|
* Key has been established for use. This feature is not available for all
|
|
* platforms, nor for all algorithms and modes.
|
|
*/
|
|
FSL_SKO_KEY_ESTABLISHED = 4,
|
|
/*!
|
|
* Key intended for user (software) use; can be read cleartext from the
|
|
* keystore.
|
|
*/
|
|
FSL_SKO_KEY_SW_KEY = 8,
|
|
} fsl_shw_key_flags_t;
|
|
|
|
/*!
|
|
* Type of value which is associated with an established key.
|
|
*/
|
|
typedef uint64_t key_userid_t;
|
|
|
|
/*!
|
|
* Flags which describe the state of the #fsl_shw_acco_t.
|
|
*
|
|
* The @a FSL_ACCO_CTX_INIT and @a FSL_ACCO_CTX_FINALIZE flags, when used
|
|
* together, provide for a one-shot operation.
|
|
*/
|
|
typedef enum fsl_shw_auth_ctx_flags_t {
|
|
/*! Initialize Context(s) */
|
|
FSL_ACCO_CTX_INIT = 1,
|
|
/*! Load intermediate context(s). This flag is unsupported. */
|
|
FSL_ACCO_CTX_LOAD = 2,
|
|
/*! Save intermediate context(s). This flag is unsupported. */
|
|
FSL_ACCO_CTX_SAVE = 4,
|
|
/*! Create MAC during this operation. */
|
|
FSL_ACCO_CTX_FINALIZE = 8,
|
|
/*!
|
|
* Formatting of CCM input data is performed by calls to
|
|
* #fsl_shw_ccm_nist_format_ctr_and_iv() and
|
|
* #fsl_shw_ccm_nist_update_ctr_and_iv().
|
|
*/
|
|
FSL_ACCO_NIST_CCM = 0x10,
|
|
} fsl_shw_auth_ctx_flags_t;
|
|
|
|
/*!
|
|
* The operation which controls the behavior of #fsl_shw_establish_key().
|
|
*
|
|
* These values are passed to #fsl_shw_establish_key().
|
|
*/
|
|
typedef enum fsl_shw_key_wrap_t {
|
|
/*! Generate a key from random values. */
|
|
FSL_KEY_WRAP_CREATE,
|
|
/*! Use the provided clear key. */
|
|
FSL_KEY_WRAP_ACCEPT,
|
|
/*! Unwrap a previously wrapped key. */
|
|
FSL_KEY_WRAP_UNWRAP
|
|
} fsl_shw_key_wrap_t;
|
|
|
|
/*!
|
|
* Modulus Selector for CTR modes.
|
|
*
|
|
* The incrementing of the Counter value may be modified by a modulus. If no
|
|
* modulus is needed or desired for AES, use #FSL_CTR_MOD_128.
|
|
*/
|
|
typedef enum fsl_shw_ctr_mod_t {
|
|
FSL_CTR_MOD_8, /*!< Run counter with modulus of 2^8. */
|
|
FSL_CTR_MOD_16, /*!< Run counter with modulus of 2^16. */
|
|
FSL_CTR_MOD_24, /*!< Run counter with modulus of 2^24. */
|
|
FSL_CTR_MOD_32, /*!< Run counter with modulus of 2^32. */
|
|
FSL_CTR_MOD_40, /*!< Run counter with modulus of 2^40. */
|
|
FSL_CTR_MOD_48, /*!< Run counter with modulus of 2^48. */
|
|
FSL_CTR_MOD_56, /*!< Run counter with modulus of 2^56. */
|
|
FSL_CTR_MOD_64, /*!< Run counter with modulus of 2^64. */
|
|
FSL_CTR_MOD_72, /*!< Run counter with modulus of 2^72. */
|
|
FSL_CTR_MOD_80, /*!< Run counter with modulus of 2^80. */
|
|
FSL_CTR_MOD_88, /*!< Run counter with modulus of 2^88. */
|
|
FSL_CTR_MOD_96, /*!< Run counter with modulus of 2^96. */
|
|
FSL_CTR_MOD_104, /*!< Run counter with modulus of 2^104. */
|
|
FSL_CTR_MOD_112, /*!< Run counter with modulus of 2^112. */
|
|
FSL_CTR_MOD_120, /*!< Run counter with modulus of 2^120. */
|
|
FSL_CTR_MOD_128 /*!< Run counter with modulus of 2^128. */
|
|
} fsl_shw_ctr_mod_t;
|
|
|
|
/*!
|
|
* Permissions flags for Secure Partitions
|
|
*/
|
|
typedef enum fsl_shw_permission_t {
|
|
/*! SCM Access Permission: Do not zeroize/deallocate partition on SMN Fail state */
|
|
FSL_PERM_NO_ZEROIZE = 0x80000000,
|
|
/*! SCM Access Permission: Enforce trusted key read in */
|
|
FSL_PERM_TRUSTED_KEY_READ = 0x40000000,
|
|
/*! SCM Access Permission: Ignore Supervisor/User mode in permission determination */
|
|
FSL_PERM_HD_S = 0x00000800,
|
|
/*! SCM Access Permission: Allow Read Access to Host Domain */
|
|
FSL_PERM_HD_R = 0x00000400,
|
|
/*! SCM Access Permission: Allow Write Access to Host Domain */
|
|
FSL_PERM_HD_W = 0x00000200,
|
|
/*! SCM Access Permission: Allow Execute Access to Host Domain */
|
|
FSL_PERM_HD_X = 0x00000100,
|
|
/*! SCM Access Permission: Allow Read Access to Trusted Host Domain */
|
|
FSL_PERM_TH_R = 0x00000040,
|
|
/*! SCM Access Permission: Allow Write Access to Trusted Host Domain */
|
|
FSL_PERM_TH_W = 0x00000020,
|
|
/*! SCM Access Permission: Allow Read Access to Other/World Domain */
|
|
FSL_PERM_OT_R = 0x00000004,
|
|
/*! SCM Access Permission: Allow Write Access to Other/World Domain */
|
|
FSL_PERM_OT_W = 0x00000002,
|
|
/*! SCM Access Permission: Allow Execute Access to Other/World Domain */
|
|
FSL_PERM_OT_X = 0x00000001,
|
|
} fsl_shw_permission_t;
|
|
|
|
typedef enum fsl_shw_cypher_mode_t {
|
|
FSL_SHW_CYPHER_MODE_ECB = 1, /*!< ECB mode */
|
|
FSL_SHW_CYPHER_MODE_CBC = 2, /*!< CBC mode */
|
|
} fsl_shw_cypher_mode_t;
|
|
|
|
typedef enum fsl_shw_pf_key_t {
|
|
FSL_SHW_PF_KEY_IIM, /*!< Present fused IIM key */
|
|
FSL_SHW_PF_KEY_PRG, /*!< Present Program key */
|
|
FSL_SHW_PF_KEY_IIM_PRG, /*!< Present IIM ^ Program key */
|
|
FSL_SHW_PF_KEY_IIM_RND, /*!< Present Random key */
|
|
FSL_SHW_PF_KEY_RND, /*!< Present IIM ^ Random key */
|
|
} fsl_shw_pf_key_t;
|
|
|
|
typedef enum fsl_shw_tamper_t {
|
|
FSL_SHW_TAMPER_NONE, /*!< No error detected */
|
|
FSL_SHW_TAMPER_WTD, /*!< wire-mesh tampering det */
|
|
FSL_SHW_TAMPER_ETBD, /*!< ext tampering det: input B */
|
|
FSL_SHW_TAMPER_ETAD, /*!< ext tampering det: input A */
|
|
FSL_SHW_TAMPER_EBD, /*!< external boot detected */
|
|
FSL_SHW_TAMPER_SAD, /*!< security alarm detected */
|
|
FSL_SHW_TAMPER_TTD, /*!< temperature tampering det */
|
|
FSL_SHW_TAMPER_CTD, /*!< clock tampering det */
|
|
FSL_SHW_TAMPER_VTD, /*!< voltage tampering det */
|
|
FSL_SHW_TAMPER_MCO, /*!< monotonic counter overflow */
|
|
FSL_SHW_TAMPER_TCO, /*!< time counter overflow */
|
|
} fsl_shw_tamper_t;
|
|
|
|
/******************************************************************************
|
|
* Data Structures
|
|
*****************************************************************************/
|
|
|
|
/*!
|
|
*
|
|
* @brief Structure type for descriptors
|
|
*
|
|
* The first five fields are passed to the hardware.
|
|
*
|
|
*****************************************************************************/
|
|
#ifndef USE_NEW_PTRS /* Experimental */
|
|
|
|
typedef struct sah_Desc {
|
|
uint32_t header; /*!< descriptor header value */
|
|
uint32_t len1; /*!< number of data bytes in 'ptr1' buffer */
|
|
void *ptr1; /*!< pointer to first sah_Link structure */
|
|
uint32_t len2; /*!< number of data bytes in 'ptr2' buffer */
|
|
void *ptr2; /*!< pointer to second sah_Link structure */
|
|
struct sah_Desc *next; /*!< pointer to next descriptor */
|
|
#ifdef __KERNEL__ /* This needs a better test */
|
|
/* These two must be last. See sah_Copy_Descriptors */
|
|
struct sah_Desc *virt_addr; /*!< Virtual (kernel) address of this
|
|
descriptor. */
|
|
dma_addr_t dma_addr; /*!< Physical (bus) address of this
|
|
descriptor. */
|
|
void *original_ptr1; /*!< user's pointer to ptr1 */
|
|
void *original_ptr2; /*!< user's pointer to ptr2 */
|
|
struct sah_Desc *original_next; /*!< user's pointer to next */
|
|
#endif
|
|
} sah_Desc;
|
|
|
|
#else
|
|
|
|
typedef struct sah_Desc {
|
|
uint32_t header; /*!< descriptor header value */
|
|
uint32_t len1; /*!< number of data bytes in 'ptr1' buffer */
|
|
uint32_t hw_ptr1; /*!< pointer to first sah_Link structure */
|
|
uint32_t len2; /*!< number of data bytes in 'ptr2' buffer */
|
|
uint32_t hw_ptr2; /*!< pointer to second sah_Link structure */
|
|
uint32_t hw_next; /*!< pointer to next descriptor */
|
|
struct sah_Link *ptr1; /*!< (virtual) pointer to first sah_Link structure */
|
|
struct sah_Link *ptr2; /*!< (virtual) pointer to first sah_Link structure */
|
|
struct sah_Desc *next; /*!< (virtual) pointer to next descriptor */
|
|
#ifdef __KERNEL__ /* This needs a better test */
|
|
/* These two must be last. See sah_Copy_Descriptors */
|
|
struct sah_Desc *virt_addr; /*!< Virtual (kernel) address of this
|
|
descriptor. */
|
|
dma_addr_t dma_addr; /*!< Physical (bus) address of this
|
|
descriptor. */
|
|
#endif
|
|
} sah_Desc;
|
|
|
|
#endif
|
|
|
|
/*!
|
|
*******************************************************************************
|
|
* @brief The first descriptor in a chain
|
|
******************************************************************************/
|
|
typedef struct sah_Head_Desc {
|
|
sah_Desc desc; /*!< whole struct - must be first */
|
|
struct fsl_shw_uco_t *user_info; /*!< where result pool lives */
|
|
uint32_t user_ref; /*!< at time of request */
|
|
uint32_t uco_flags; /*!< at time of request */
|
|
uint32_t status; /*!< Status of queue entry */
|
|
uint32_t error_status; /*!< If error, register from Sahara */
|
|
uint32_t fault_address; /*!< If error, register from Sahara */
|
|
uint32_t op_status; /*!< If error, register from Sahara */
|
|
fsl_shw_return_t result; /*!< Result of running descriptor */
|
|
struct sah_Head_Desc *next; /*!< Next in queue */
|
|
struct sah_Head_Desc *prev; /*!< previous in queue */
|
|
struct sah_Head_Desc *user_desc; /*!< For API async get_results */
|
|
void *out1_ptr; /*!< For async post-processing */
|
|
void *out2_ptr; /*!< For async post-processing */
|
|
uint32_t out_len; /*!< For async post-processing */
|
|
} sah_Head_Desc;
|
|
|
|
/*!
|
|
* @brief Structure type for links
|
|
*
|
|
* The first three fields are used by hardware.
|
|
*****************************************************************************/
|
|
#ifndef USE_NEW_PTRS
|
|
|
|
typedef struct sah_Link {
|
|
size_t len; /*!< len of 'data' buffer in bytes */
|
|
uint8_t *data; /*!< buffer to store data */
|
|
struct sah_Link *next; /*!< pointer to the next sah_Link storing
|
|
* data */
|
|
sah_Link_Flags flags; /*!< indicates the component that created the
|
|
* data buffer. Security Function internal
|
|
* information */
|
|
key_userid_t ownerid; /*!< Auth code for established key */
|
|
uint32_t slot; /*!< Location of the the established key */
|
|
#ifdef __KERNEL__ /* This needs a better test */
|
|
/* These two elements must be last. See sah_Copy_Links() */
|
|
struct sah_Link *virt_addr;
|
|
dma_addr_t dma_addr;
|
|
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0))
|
|
struct page *vm_info;
|
|
#endif
|
|
uint8_t *original_data; /*!< user's version of data pointer */
|
|
struct sah_Link *original_next; /*!< user's version of next pointer */
|
|
#ifdef SAH_COPY_DATA
|
|
uint8_t *copy_data; /*!< Virtual address of acquired buffer */
|
|
#endif
|
|
#endif /* kernel-only */
|
|
} sah_Link;
|
|
|
|
#else
|
|
|
|
typedef struct sah_Link {
|
|
/*! len of 'data' buffer in bytes */
|
|
size_t len;
|
|
/*! buffer to store data */
|
|
uint32_t hw_data;
|
|
/*! Physical address */
|
|
uint32_t hw_next;
|
|
/*!
|
|
* indicates the component that created the data buffer. Security Function
|
|
* internal information
|
|
*/
|
|
sah_Link_Flags flags;
|
|
/*! (virtual) pointer to data */
|
|
uint8_t *data;
|
|
/*! (virtual) pointer to the next sah_Link storing data */
|
|
struct sah_Link *next;
|
|
/*! Auth code for established key */
|
|
key_userid_t ownerid;
|
|
/*! Location of the the established key */
|
|
uint32_t slot;
|
|
#ifdef __KERNEL__ /* This needs a better test */
|
|
/* These two elements must be last. See sah_Copy_Links() */
|
|
struct sah_Link *virt_addr;
|
|
dma_addr_t dma_addr;
|
|
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0))
|
|
struct page *vm_info;
|
|
#endif
|
|
#endif /* kernel-only */
|
|
} sah_Link;
|
|
|
|
#endif
|
|
|
|
/*!
|
|
* Initialization Object
|
|
*/
|
|
typedef struct fsl_sho_ibo_t {
|
|
} fsl_sho_ibo_t;
|
|
|
|
/* Imported from Sahara1 driver -- is it needed forever? */
|
|
/*!
|
|
*******************************************************************************
|
|
* FIELDS
|
|
*
|
|
* void * ref - parameter to be passed into the memory function calls
|
|
*
|
|
* void * (*malloc)(void *ref, size_t n) - pointer to user's malloc function
|
|
*
|
|
* void (*free)(void *ref, void *ptr) - pointer to user's free function
|
|
*
|
|
* void * (*memcpy)(void *ref, void *dest, const void *src, size_t n) -
|
|
* pointer to user's memcpy function
|
|
*
|
|
* void * (*memset)(void *ref, void *ptr, int ch, size_t n) - pointer to
|
|
* user's memset function
|
|
*
|
|
* @brief Structure for API memory utilities
|
|
******************************************************************************/
|
|
typedef struct sah_Mem_Util {
|
|
/*! Who knows. Vestigial. */
|
|
void *mu_ref;
|
|
/*! Acquire buffer of size n bytes */
|
|
void *(*mu_malloc) (void *ref, size_t n);
|
|
/*! Acquire a sah_Head_Desc */
|
|
sah_Head_Desc *(*mu_alloc_head_desc) (void *ref);
|
|
/* Acquire a sah_Desc */
|
|
sah_Desc *(*mu_alloc_desc) (void *ref);
|
|
/* Acquire a sah_Link */
|
|
sah_Link *(*mu_alloc_link) (void *ref);
|
|
/*! Free buffer at ptr */
|
|
void (*mu_free) (void *ref, void *ptr);
|
|
/*! Free sah_Head_Desc at ptr */
|
|
void (*mu_free_head_desc) (void *ref, sah_Head_Desc * ptr);
|
|
/*! Free sah_Desc at ptr */
|
|
void (*mu_free_desc) (void *ref, sah_Desc * ptr);
|
|
/*! Free sah_Link at ptr */
|
|
void (*mu_free_link) (void *ref, sah_Link * ptr);
|
|
/*! Funciton which will copy n bytes from src to dest */
|
|
void *(*mu_memcpy) (void *ref, void *dest, const void *src, size_t n);
|
|
/*! Set all n bytes of ptr to ch */
|
|
void *(*mu_memset) (void *ref, void *ptr, int ch, size_t n);
|
|
} sah_Mem_Util;
|
|
|
|
/*!
|
|
* Secure Partition information
|
|
*
|
|
* This holds the context to a single secure partition owned by the user. It
|
|
* is only available in the kernel version of the User Context Object.
|
|
*/
|
|
typedef struct fsl_shw_spo_t {
|
|
uint32_t user_base; /*!< Base address (user virtual) */
|
|
void *kernel_base; /*!< Base address (kernel virtual) */
|
|
struct fsl_shw_spo_t *next; /*!< Pointer to the next partition
|
|
owned by the user. NULL if this
|
|
is the last partition. */
|
|
} fsl_shw_spo_t;
|
|
|
|
/* REQ-S2LRD-PINTFC-COA-UCO-001 */
|
|
/*!
|
|
* User Context Object
|
|
*/
|
|
typedef struct fsl_shw_uco_t {
|
|
int sahara_openfd; /*!< this should be kernel-only?? */
|
|
sah_Mem_Util *mem_util; /*!< Memory utility fns */
|
|
uint32_t user_ref; /*!< User's reference */
|
|
void (*callback) (struct fsl_shw_uco_t * uco); /*!< User's callback fn */
|
|
uint32_t flags; /*!< from fsl_shw_user_ctx_flags_t */
|
|
unsigned pool_size; /*!< maximum size of user pool */
|
|
#ifdef __KERNEL__
|
|
sah_Queue result_pool; /*!< where non-blocking results go */
|
|
os_process_handle_t process; /*!< remember for signalling User mode */
|
|
fsl_shw_spo_t *partition; /*!< chain of secure partitions owned by
|
|
the user */
|
|
#else
|
|
struct fsl_shw_uco_t *next; /*!< To allow user-mode chaining of contexts,
|
|
for signalling. */
|
|
#endif
|
|
} fsl_shw_uco_t;
|
|
|
|
/* REQ-S2LRD-PINTFC-API-GEN-006 ?? */
|
|
/*!
|
|
* Result object
|
|
*/
|
|
typedef struct fsl_shw_result_t {
|
|
uint32_t user_ref;
|
|
fsl_shw_return_t code;
|
|
uint32_t detail1;
|
|
uint32_t detail2;
|
|
sah_Head_Desc *user_desc;
|
|
} fsl_shw_result_t;
|
|
|
|
/*!
|
|
* Keystore Object
|
|
*/
|
|
typedef struct fsl_shw_kso_t {
|
|
#ifdef __KERNEL__
|
|
os_lock_t lock; /*!< Pointer to lock that controls access to
|
|
the keystore. */
|
|
#endif
|
|
void *user_data; /*!< Pointer to user structure that handles
|
|
the internals of the keystore. */
|
|
fsl_shw_return_t(*data_init) (fsl_shw_uco_t * user_ctx,
|
|
void **user_data);
|
|
void (*data_cleanup) (fsl_shw_uco_t * user_ctx, void **user_data);
|
|
fsl_shw_return_t(*slot_verify_access) (void *user_data,
|
|
uint64_t owner_id,
|
|
uint32_t slot);
|
|
fsl_shw_return_t(*slot_alloc) (void *user_data, uint32_t size_bytes,
|
|
uint64_t owner_id, uint32_t * slot);
|
|
fsl_shw_return_t(*slot_dealloc) (void *user_data, uint64_t owner_id,
|
|
uint32_t slot);
|
|
void *(*slot_get_address) (void *user_data, uint32_t slot);
|
|
uint32_t(*slot_get_base) (void *user_data, uint32_t slot);
|
|
uint32_t(*slot_get_offset) (void *user_data, uint32_t slot);
|
|
uint32_t(*slot_get_slot_size) (void *user_data, uint32_t slot);
|
|
} fsl_shw_kso_t;
|
|
|
|
/* REQ-S2LRD-PINTFC-COA-SKO-001 */
|
|
/*!
|
|
* Secret Key Context Object
|
|
*/
|
|
typedef struct fsl_shw_sko_t {
|
|
uint32_t flags;
|
|
fsl_shw_key_alg_t algorithm;
|
|
key_userid_t userid;
|
|
uint32_t handle;
|
|
uint16_t key_length;
|
|
uint8_t key[64];
|
|
struct fsl_shw_kso_t *keystore; /*!< If present, key is in keystore */
|
|
} fsl_shw_sko_t;
|
|
|
|
/* REQ-S2LRD-PINTFC-COA-CO-001 */
|
|
/*!
|
|
* @brief Platform Capability Object
|
|
*/
|
|
typedef struct fsl_shw_pco_t { /* Consider turning these constants into symbols */
|
|
int api_major;
|
|
int api_minor;
|
|
int driver_major;
|
|
int driver_minor;
|
|
fsl_shw_key_alg_t sym_algorithms[4];
|
|
fsl_shw_sym_mode_t sym_modes[4];
|
|
fsl_shw_hash_alg_t hash_algorithms[4];
|
|
uint8_t sym_support[5][4]; /* indexed by key alg then mode */
|
|
|
|
int scc_driver_major;
|
|
int scc_driver_minor;
|
|
int scm_version; /*!< Version from SCM Configuration register */
|
|
int smn_version; /*!< Version from SMN Status register */
|
|
int block_size_bytes; /*!< Number of bytes per block of RAM; also
|
|
block size of the crypto algorithm. */
|
|
union {
|
|
struct {
|
|
int black_ram_size_blocks; /*!< Number of blocks of Black RAM */
|
|
int red_ram_size_blocks; /*!< Number of blocks of Red RAM */
|
|
} scc_info;
|
|
struct {
|
|
int partition_size_bytes; /*!< Number of bytes in each partition */
|
|
int partition_count; /*!< Number of partitions on this platform */
|
|
} scc2_info;
|
|
};
|
|
} fsl_shw_pco_t;
|
|
|
|
/* REQ-S2LRD-PINTFC-COA-HCO-001 */
|
|
/*!
|
|
* Hash Context Object
|
|
*/
|
|
typedef struct fsl_shw_hco_t { /* fsl_shw_hash_context_object */
|
|
fsl_shw_hash_alg_t algorithm;
|
|
uint32_t flags;
|
|
uint8_t digest_length; /* in bytes */
|
|
uint8_t context_length; /* in bytes */
|
|
uint8_t context_register_length; /* in bytes */
|
|
/* ensure following HW buffers not cached with surrounding fields */
|
|
uint8_t cache_front_pad[64]; /* fill out cache line */
|
|
uint32_t context[9]; /* largest digest + msg size */
|
|
uint8_t cache_back_pad[64]; /* fill out cache line */
|
|
} fsl_shw_hco_t;
|
|
|
|
/*!
|
|
* HMAC Context Object
|
|
*/
|
|
typedef struct fsl_shw_hmco_t { /* fsl_shw_hmac_context_object */
|
|
fsl_shw_hash_alg_t algorithm;
|
|
uint32_t flags;
|
|
uint8_t digest_length; /*!< in bytes */
|
|
uint8_t context_length; /*!< in bytes */
|
|
uint8_t context_register_length; /*!< in bytes */
|
|
/* ensure following HW buffers not cached with surrounding fields */
|
|
uint8_t cache_front_pad[64]; /* fill out cache line */
|
|
uint32_t ongoing_context[9]; /**< largest digest + msg size */
|
|
uint32_t inner_precompute[9]; /**< largest digest + msg size */
|
|
uint32_t outer_precompute[9]; /**< largest digest + msg size */
|
|
uint8_t cache_back_pad[64]; /* fill out cache line */
|
|
} fsl_shw_hmco_t;
|
|
|
|
/* REQ-S2LRD-PINTFC-COA-SCCO-001 */
|
|
/*!
|
|
* Symmetric Crypto Context Object Context Object
|
|
*/
|
|
typedef struct fsl_shw_scco_t {
|
|
uint32_t flags;
|
|
unsigned block_size_bytes; /* double duty block&ctx size */
|
|
fsl_shw_sym_mode_t mode;
|
|
/* Could put modulus plus 16-octet context in union with arc4
|
|
sbox+ptrs... */
|
|
fsl_shw_ctr_mod_t modulus_exp;
|
|
/* ensure following HW buffers not cached with surrounding fields */
|
|
uint8_t cache_front_pad[64]; /* fill out cache line */
|
|
uint8_t context[259];
|
|
uint8_t cache_back_pad[64]; /* fill out cache line */
|
|
} fsl_shw_scco_t;
|
|
|
|
/*!
|
|
* Authenticate-Cipher Context Object
|
|
|
|
* An object for controlling the function of, and holding information about,
|
|
* data for the authenticate-cipher functions, #fsl_shw_gen_encrypt() and
|
|
* #fsl_shw_auth_decrypt().
|
|
*/
|
|
typedef struct fsl_shw_acco_t {
|
|
uint32_t flags; /*!< See #fsl_shw_auth_ctx_flags_t for
|
|
meanings */
|
|
fsl_shw_acc_mode_t mode; /*!< CCM only */
|
|
uint8_t mac_length; /*!< User's value for length */
|
|
unsigned q_length; /*!< NIST parameter - */
|
|
fsl_shw_scco_t cipher_ctx_info; /*!< For running
|
|
encrypt/decrypt. */
|
|
union {
|
|
fsl_shw_scco_t CCM_ctx_info; /*!< For running the CBC in
|
|
AES-CCM. */
|
|
fsl_shw_hco_t hash_ctx_info; /*!< For running the hash */
|
|
} auth_info; /*!< "auth" info struct */
|
|
uint8_t unencrypted_mac[16]; /*!< max block size... */
|
|
/* ensure above HW buffer not cached with any following variables */
|
|
uint8_t cache_back_pad[64]; /* fill out cache line */
|
|
} fsl_shw_acco_t;
|
|
|
|
/*!
|
|
* Used by Sahara API to retrieve completed non-blocking results.
|
|
*/
|
|
typedef struct sah_results {
|
|
unsigned requested; /*!< number of results requested */
|
|
unsigned *actual; /*!< number of results obtained */
|
|
fsl_shw_result_t *results; /*!< pointer to memory to hold results */
|
|
} sah_results;
|
|
|
|
/*!
|
|
* @typedef scc_partition_status_t
|
|
*/
|
|
/*! Partition status information. */
|
|
typedef enum fsl_shw_partition_status_t {
|
|
FSL_PART_S_UNUSABLE, /*!< Partition not implemented */
|
|
FSL_PART_S_UNAVAILABLE, /*!< Partition owned by other host */
|
|
FSL_PART_S_AVAILABLE, /*!< Partition available */
|
|
FSL_PART_S_ALLOCATED, /*!< Partition owned by host but not engaged
|
|
*/
|
|
FSL_PART_S_ENGAGED, /*!< Partition owned by host and engaged */
|
|
} fsl_shw_partition_status_t;
|
|
|
|
/******************************************************************************
|
|
* Access Macros for Objects
|
|
*****************************************************************************/
|
|
/*!
|
|
* Get FSL SHW API version
|
|
*
|
|
* @param pcobject The Platform Capababilities Object to query.
|
|
* @param[out] pcmajor A pointer to where the major version
|
|
* of the API is to be stored.
|
|
* @param[out] pcminor A pointer to where the minor version
|
|
* of the API is to be stored.
|
|
*/
|
|
#define fsl_shw_pco_get_version(pcobject, pcmajor, pcminor) \
|
|
{ \
|
|
*(pcmajor) = (pcobject)->api_major; \
|
|
*(pcminor) = (pcobject)->api_minor; \
|
|
}
|
|
|
|
/*!
|
|
* Get underlying driver version.
|
|
*
|
|
* @param pcobject The Platform Capababilities Object to query.
|
|
* @param[out] pcmajor A pointer to where the major version
|
|
* of the driver is to be stored.
|
|
* @param[out] pcminor A pointer to where the minor version
|
|
* of the driver is to be stored.
|
|
*/
|
|
#define fsl_shw_pco_get_driver_version(pcobject, pcmajor, pcminor) \
|
|
{ \
|
|
*(pcmajor) = (pcobject)->driver_major; \
|
|
*(pcminor) = (pcobject)->driver_minor; \
|
|
}
|
|
|
|
/*!
|
|
* Get list of symmetric algorithms supported.
|
|
*
|
|
* @param pcobject The Platform Capababilities Object to query.
|
|
* @param[out] pcalgorithms A pointer to where to store the location of
|
|
* the list of algorithms.
|
|
* @param[out] pcacount A pointer to where to store the number of
|
|
* algorithms in the list at @a algorithms.
|
|
*/
|
|
#define fsl_shw_pco_get_sym_algorithms(pcobject, pcalgorithms, pcacount) \
|
|
{ \
|
|
*(pcalgorithms) = (pcobject)->sym_algorithms; \
|
|
*(pcacount) = sizeof((pcobject)->sym_algorithms)/4; \
|
|
}
|
|
|
|
/*!
|
|
* Get list of symmetric modes supported.
|
|
*
|
|
* @param pcobject The Platform Capababilities Object to query.
|
|
* @param[out] gsmodes A pointer to where to store the location of
|
|
* the list of modes.
|
|
* @param[out] gsacount A pointer to where to store the number of
|
|
* algorithms in the list at @a modes.
|
|
*/
|
|
#define fsl_shw_pco_get_sym_modes(pcobject, gsmodes, gsacount) \
|
|
{ \
|
|
*(gsmodes) = (pcobject)->sym_modes; \
|
|
*(gsacount) = sizeof((pcobject)->sym_modes)/4; \
|
|
}
|
|
|
|
/*!
|
|
* Get list of hash algorithms supported.
|
|
*
|
|
* @param pcobject The Platform Capababilities Object to query.
|
|
* @param[out] gsalgorithms A pointer which will be set to the list of
|
|
* algorithms.
|
|
* @param[out] gsacount The number of algorithms in the list at @a
|
|
* algorithms.
|
|
*/
|
|
#define fsl_shw_pco_get_hash_algorithms(pcobject, gsalgorithms, gsacount) \
|
|
{ \
|
|
*(gsalgorithms) = (pcobject)->hash_algorithms; \
|
|
*(gsacount) = sizeof((pcobject)->hash_algorithms)/4; \
|
|
}
|
|
|
|
/*!
|
|
* Determine whether the combination of a given symmetric algorithm and a given
|
|
* mode is supported.
|
|
*
|
|
* @param pcobject The Platform Capababilities Object to query.
|
|
* @param pcalg A Symmetric Cipher algorithm.
|
|
* @param pcmode A Symmetric Cipher mode.
|
|
*
|
|
* @return 0 if combination is not supported, non-zero if supported.
|
|
*/
|
|
#define fsl_shw_pco_check_sym_supported(pcobject, pcalg, pcmode) \
|
|
((pcobject)->sym_support[pcalg][pcmode])
|
|
|
|
/*!
|
|
* Determine whether a given Encryption-Authentication mode is supported.
|
|
*
|
|
* @param pcobject The Platform Capababilities Object to query.
|
|
* @param pcmode The Authentication mode.
|
|
*
|
|
* @return 0 if mode is not supported, non-zero if supported.
|
|
*/
|
|
#define fsl_shw_pco_check_auth_supported(pcobject, pcmode) \
|
|
((pcmode == FSL_ACC_MODE_CCM) ? 1 : 0)
|
|
|
|
/*!
|
|
* Determine whether Black Keys (key establishment / wrapping) is supported.
|
|
*
|
|
* @param pcobject The Platform Capababilities Object to query.
|
|
*
|
|
* @return 0 if wrapping is not supported, non-zero if supported.
|
|
*/
|
|
#define fsl_shw_pco_check_black_key_supported(pcobject) \
|
|
1
|
|
|
|
/*!
|
|
* Determine whether Programmed Key features are available
|
|
*
|
|
* @param pc_info The Platform Capabilities Object to query.
|
|
*
|
|
* @return 1 if Programmed Key features are available, otherwise zero.
|
|
*/
|
|
#define fsl_shw_pco_check_pk_supported(pcobject) \
|
|
0
|
|
|
|
/*!
|
|
* Determine whether Software Key features are available
|
|
*
|
|
* @param pc_info The Platform Capabilities Object to query.
|
|
*
|
|
* @return 1 if Software key features are available, otherwise zero.
|
|
*/
|
|
#define fsl_shw_pco_check_sw_keys_supported(pcobject) \
|
|
0
|
|
|
|
/*!
|
|
* Get FSL SHW SCC driver version
|
|
*
|
|
* @param pcobject The Platform Capabilities Object to query.
|
|
* @param[out] pcmajor A pointer to where the major version
|
|
* of the SCC driver is to be stored.
|
|
* @param[out] pcminor A pointer to where the minor version
|
|
* of the SCC driver is to be stored.
|
|
*/
|
|
#define fsl_shw_pco_get_scc_driver_version(pcobject, pcmajor, pcminor) \
|
|
{ \
|
|
*(pcmajor) = (pcobject)->scc_driver_major; \
|
|
*(pcminor) = (pcobject)->scc_driver_minor; \
|
|
}
|
|
|
|
/*!
|
|
* Get SCM hardware version
|
|
*
|
|
* @param pcobject The Platform Capabilities Object to query.
|
|
* @return The SCM hardware version
|
|
*/
|
|
#define fsl_shw_pco_get_scm_version(pcobject) \
|
|
((pcobject)->scm_version)
|
|
|
|
/*!
|
|
* Get SMN hardware version
|
|
*
|
|
* @param pcobject The Platform Capabilities Object to query.
|
|
* @return The SMN hardware version
|
|
*/
|
|
#define fsl_shw_pco_get_smn_version(pcobject) \
|
|
((pcobject)->smn_version)
|
|
|
|
/*!
|
|
* Get the size of an SCM block, in bytes
|
|
*
|
|
* @param pcobject The Platform Capabilities Object to query.
|
|
* @return The size of an SCM block, in bytes.
|
|
*/
|
|
#define fsl_shw_pco_get_scm_block_size(pcobject) \
|
|
((pcobject)->block_size_bytes)
|
|
|
|
/*!
|
|
* Get size of Black and Red RAM memory
|
|
*
|
|
* @param pcobject The Platform Capabilities Object to query.
|
|
* @param[out] black_size A pointer to where the size of the Black RAM, in
|
|
* blocks, is to be placed.
|
|
* @param[out] red_size A pointer to where the size of the Red RAM, in
|
|
* blocks, is to be placed.
|
|
*/
|
|
#define fsl_shw_pco_get_smn_size(pcobject, black_size, red_size) \
|
|
{ \
|
|
if ((pcobject)->scm_version == 1) { \
|
|
*(black_size) = (pcobject)->scc_info.black_ram_size_blocks; \
|
|
*(red_size) = (pcobject)->scc_info.red_ram_size_blocks; \
|
|
} else { \
|
|
*(black_size) = 0; \
|
|
*(red_size) = 0; \
|
|
} \
|
|
}
|
|
|
|
/*!
|
|
* Determine whether Secure Partitions are supported
|
|
*
|
|
* @param pcobject The Platform Capabilities Object to query.
|
|
*
|
|
* @return 0 if secure partitions are not supported, non-zero if supported.
|
|
*/
|
|
#define fsl_shw_pco_check_spo_supported(pcobject) \
|
|
((pcobject)->scm_version == 2)
|
|
|
|
/*!
|
|
* Get the size of a Secure Partitions
|
|
*
|
|
* @param pcobject The Platform Capabilities Object to query.
|
|
*
|
|
* @return Partition size, in bytes. 0 if Secure Partitions not supported.
|
|
*/
|
|
#define fsl_shw_pco_get_spo_size_bytes(pcobject) \
|
|
(((pcobject)->scm_version == 2) ? \
|
|
((pcobject)->scc2_info.partition_size_bytes) : 0 )
|
|
|
|
/*!
|
|
* Get the number of Secure Partitions on this platform
|
|
*
|
|
* @param pcobject The Platform Capabilities Object to query.
|
|
*
|
|
* @return Number of partitions. 0 if Secure Paritions not supported. Note
|
|
* that this returns the total number of partitions, not all may be
|
|
* available to the user.
|
|
*/
|
|
#define fsl_shw_pco_get_spo_count(pcobject) \
|
|
(((pcobject)->scm_version == 2) ? \
|
|
((pcobject)->scc2_info.partition_count) : 0 )
|
|
|
|
/*!
|
|
* Initialize a User Context Object.
|
|
*
|
|
* This function must be called before performing any other operation with the
|
|
* Object. It sets the User Context Object to initial values, and set the size
|
|
* of the results pool. The mode will be set to a default of
|
|
* #FSL_UCO_BLOCKING_MODE.
|
|
*
|
|
* When using non-blocking operations, this sets the maximum number of
|
|
* operations which can be outstanding. This number includes the counts of
|
|
* operations waiting to start, operation(s) being performed, and results which
|
|
* have not been retrieved.
|
|
*
|
|
* Changes to this value are ignored once user registration has completed. It
|
|
* should be set to 1 if only blocking operations will ever be performed.
|
|
*
|
|
* @param ucontext The User Context object to operate on.
|
|
* @param usize The maximum number of operations which can be
|
|
* outstanding.
|
|
*/
|
|
#ifdef __KERNEL__
|
|
#define fsl_shw_uco_init(ucontext, usize) \
|
|
{ \
|
|
(ucontext)->pool_size = usize; \
|
|
(ucontext)->flags = FSL_UCO_BLOCKING_MODE; \
|
|
(ucontext)->sahara_openfd = -1; \
|
|
(ucontext)->mem_util = NULL; \
|
|
(ucontext)->partition = NULL; \
|
|
(ucontext)->callback = NULL; \
|
|
}
|
|
#else
|
|
#define fsl_shw_uco_init(ucontext, usize) \
|
|
{ \
|
|
(ucontext)->pool_size = usize; \
|
|
(ucontext)->flags = FSL_UCO_BLOCKING_MODE; \
|
|
(ucontext)->sahara_openfd = -1; \
|
|
(ucontext)->mem_util = NULL; \
|
|
(ucontext)->callback = NULL; \
|
|
}
|
|
#endif
|
|
|
|
/*!
|
|
* Set the User Reference for the User Context.
|
|
*
|
|
* @param ucontext The User Context object to operate on.
|
|
* @param uref A value which will be passed back with a result.
|
|
*/
|
|
#define fsl_shw_uco_set_reference(ucontext, uref) \
|
|
(ucontext)->user_ref = uref
|
|
|
|
/*!
|
|
* Set the User Reference for the User Context.
|
|
*
|
|
* @param ucontext The User Context object to operate on.
|
|
* @param ucallback The function the API will invoke when an operation
|
|
* completes.
|
|
*/
|
|
#define fsl_shw_uco_set_callback(ucontext, ucallback) \
|
|
(ucontext)->callback = ucallback
|
|
|
|
/*!
|
|
* Set flags in the User Context.
|
|
*
|
|
* Turns on the flags specified in @a flags. Other flags are untouched.
|
|
*
|
|
* @param ucontext The User Context object to operate on.
|
|
* @param uflags ORed values from #fsl_shw_user_ctx_flags_t.
|
|
*/
|
|
#define fsl_shw_uco_set_flags(ucontext, uflags) \
|
|
(ucontext)->flags |= (uflags)
|
|
|
|
/*!
|
|
* Clear flags in the User Context.
|
|
*
|
|
* Turns off the flags specified in @a flags. Other flags are untouched.
|
|
*
|
|
* @param ucontext The User Context object to operate on.
|
|
* @param uflags ORed values from #fsl_shw_user_ctx_flags_t.
|
|
*/
|
|
#define fsl_shw_uco_clear_flags(ucontext, uflags) \
|
|
(ucontext)->flags &= ~(uflags)
|
|
|
|
/*!
|
|
* Retrieve the reference value from a Result Object.
|
|
*
|
|
* @param robject The result object to query.
|
|
*
|
|
* @return The reference associated with the request.
|
|
*/
|
|
#define fsl_shw_ro_get_reference(robject) \
|
|
(robject)->user_ref
|
|
|
|
/*!
|
|
* Retrieve the status code from a Result Object.
|
|
*
|
|
* @param robject The result object to query.
|
|
*
|
|
* @return The status of the request.
|
|
*/
|
|
#define fsl_shw_ro_get_status(robject) \
|
|
(robject)->code
|
|
|
|
/*!
|
|
* Initialize a Secret Key Object.
|
|
*
|
|
* This function must be called before performing any other operation with
|
|
* the Object.
|
|
*
|
|
* @param skobject The Secret Key Object to be initialized.
|
|
* @param skalgorithm DES, AES, etc.
|
|
*
|
|
*/
|
|
#define fsl_shw_sko_init(skobject,skalgorithm) \
|
|
{ \
|
|
(skobject)->algorithm = skalgorithm; \
|
|
(skobject)->flags = 0; \
|
|
(skobject)->keystore = NULL; \
|
|
}
|
|
|
|
/*!
|
|
* Initialize a Secret Key Object to use a Platform Key register.
|
|
*
|
|
* This function must be called before performing any other operation with
|
|
* the Object. INVALID on this platform.
|
|
*
|
|
* @param skobject The Secret Key Object to be initialized.
|
|
* @param skalgorithm DES, AES, etc.
|
|
* @param skhwkey one of the fsl_shw_pf_key_t values.
|
|
*
|
|
*/
|
|
#define fsl_shw_sko_init_pf_key(skobject,skalgorithm,skhwkey) \
|
|
{ \
|
|
(skobject)->algorithm = -1; \
|
|
(skobject)->flags = -1; \
|
|
(skobject)->keystore = NULL; \
|
|
}
|
|
|
|
/*!
|
|
* Store a cleartext key in the key object.
|
|
*
|
|
* This has the side effect of setting the #FSL_SKO_KEY_PRESENT flag and
|
|
* resetting the #FSL_SKO_KEY_ESTABLISHED flag.
|
|
*
|
|
* @param skobject A variable of type #fsl_shw_sko_t.
|
|
* @param skkey A pointer to the beginning of the key.
|
|
* @param skkeylen The length, in octets, of the key. The value should be
|
|
* appropriate to the key size supported by the algorithm.
|
|
* 64 octets is the absolute maximum value allowed for this
|
|
* call.
|
|
*/
|
|
#define fsl_shw_sko_set_key(skobject, skkey, skkeylen) \
|
|
{ \
|
|
(skobject)->key_length = skkeylen; \
|
|
copy_bytes((skobject)->key, skkey, skkeylen); \
|
|
(skobject)->flags |= FSL_SKO_KEY_PRESENT; \
|
|
(skobject)->flags &= ~FSL_SKO_KEY_ESTABLISHED; \
|
|
}
|
|
|
|
/*!
|
|
* Set a size for the key.
|
|
*
|
|
* This function would normally be used when the user wants the key to be
|
|
* generated from a random source.
|
|
*
|
|
* @param skobject A variable of type #fsl_shw_sko_t.
|
|
* @param skkeylen The length, in octets, of the key. The value should be
|
|
* appropriate to the key size supported by the algorithm.
|
|
* 64 octets is the absolute maximum value allowed for this
|
|
* call.
|
|
*/
|
|
#define fsl_shw_sko_set_key_length(skobject, skkeylen) \
|
|
(skobject)->key_length = skkeylen;
|
|
|
|
/*!
|
|
* Set the User ID associated with the key.
|
|
*
|
|
* @param skobject A variable of type #fsl_shw_sko_t.
|
|
* @param skuserid The User ID to identify authorized users of the key.
|
|
*/
|
|
#define fsl_shw_sko_set_user_id(skobject, skuserid) \
|
|
(skobject)->userid = (skuserid)
|
|
|
|
/*!
|
|
* Establish a user Keystore to hold the key.
|
|
*/
|
|
#define fsl_shw_sko_set_keystore(skobject, user_keystore) \
|
|
(skobject)->keystore = (user_keystore)
|
|
|
|
/*!
|
|
* Set the establish key handle into a key object.
|
|
*
|
|
* The @a userid field will be used to validate the access to the unwrapped
|
|
* key. This feature is not available for all platforms, nor for all
|
|
* algorithms and modes.
|
|
*
|
|
* The #FSL_SKO_KEY_ESTABLISHED will be set (and the #FSL_SKO_KEY_PRESENT flag
|
|
* will be cleared).
|
|
*
|
|
* @param skobject A variable of type #fsl_shw_sko_t.
|
|
* @param skuserid The User ID to verify this user is an authorized user of
|
|
* the key.
|
|
* @param skhandle A @a handle from #fsl_shw_sko_get_established_info.
|
|
*/
|
|
#define fsl_shw_sko_set_established_info(skobject, skuserid, skhandle) \
|
|
{ \
|
|
(skobject)->userid = (skuserid); \
|
|
(skobject)->handle = (skhandle); \
|
|
(skobject)->flags |= FSL_SKO_KEY_ESTABLISHED; \
|
|
(skobject)->flags &= \
|
|
~(FSL_SKO_KEY_PRESENT); \
|
|
}
|
|
|
|
/*!
|
|
* Retrieve the established-key handle from a key object.
|
|
*
|
|
* @param skobject A variable of type #fsl_shw_sko_t.
|
|
* @param skhandle The location to store the @a handle of the unwrapped
|
|
* key.
|
|
*/
|
|
#define fsl_shw_sko_get_established_info(skobject, skhandle) \
|
|
*(skhandle) = (skobject)->handle
|
|
|
|
/*!
|
|
* Extract the algorithm from a key object.
|
|
*
|
|
* @param skobject The Key Object to be queried.
|
|
* @param[out] skalgorithm A pointer to the location to store the algorithm.
|
|
*/
|
|
#define fsl_shw_sko_get_algorithm(skobject, skalgorithm) \
|
|
*(skalgorithm) = (skobject)->algorithm
|
|
|
|
/*!
|
|
* Retrieve the cleartext key from a key object that is stored in a user
|
|
* keystore.
|
|
*
|
|
* @param skobject The Key Object to be queried.
|
|
* @param[out] skkey A pointer to the location to store the key. NULL
|
|
* if the key is not stored in a user keystore.
|
|
*/
|
|
#define fsl_shw_sko_get_key(skobject, skkey) \
|
|
{ \
|
|
fsl_shw_kso_t* keystore = (skobject)->keystore; \
|
|
if (keystore != NULL) { \
|
|
*(skkey) = keystore->slot_get_address(keystore->user_data, \
|
|
(skobject)->handle); \
|
|
} else { \
|
|
*(skkey) = NULL; \
|
|
} \
|
|
}
|
|
|
|
/*!
|
|
* Determine the size of a wrapped key based upon the cleartext key's length.
|
|
*
|
|
* This function can be used to calculate the number of octets that
|
|
* #fsl_shw_extract_key() will write into the location at @a covered_key.
|
|
*
|
|
* If zero is returned at @a length, this means that the key length in
|
|
* @a key_info is not supported.
|
|
*
|
|
* @param wkeyinfo Information about a key to be wrapped.
|
|
* @param wkeylen Location to store the length of a wrapped
|
|
* version of the key in @a key_info.
|
|
*/
|
|
#define fsl_shw_sko_calculate_wrapped_size(wkeyinfo, wkeylen) \
|
|
{ \
|
|
register fsl_shw_sko_t* kp = wkeyinfo; \
|
|
register uint32_t kl = kp->key_length; \
|
|
int key_blocks = (kl + 15) / 16; \
|
|
int base_size = 35; /* ICV + T' + ALG + LEN + FLAGS */ \
|
|
\
|
|
*(wkeylen) = base_size + 16 * key_blocks; \
|
|
}
|
|
|
|
/*!
|
|
* Set some flags in the key object.
|
|
*
|
|
* Turns on the flags specified in @a flags. Other flags are untouched.
|
|
*
|
|
* @param skobject A variable of type #fsl_shw_sko_t.
|
|
* @param skflags (One or more) ORed members of #fsl_shw_key_flags_t which
|
|
* are to be set.
|
|
*/
|
|
#define fsl_shw_sko_set_flags(skobject, skflags) \
|
|
(skobject)->flags |= (skflags)
|
|
|
|
/*!
|
|
* Clear some flags in the key object.
|
|
*
|
|
* Turns off the flags specified in @a flags. Other flags are untouched.
|
|
*
|
|
* @param skobject A variable of type #fsl_shw_sko_t.
|
|
* @param skflags (One or more) ORed members of #fsl_shw_key_flags_t
|
|
* which are to be reset.
|
|
*/
|
|
#define fsl_shw_sko_clear_flags(skobject, skflags) \
|
|
(skobject)->flags &= ~(skflags)
|
|
|
|
/*!
|
|
* Initialize a Hash Context Object.
|
|
*
|
|
* This function must be called before performing any other operation with the
|
|
* Object. It sets the current message length and hash algorithm in the hash
|
|
* context object.
|
|
*
|
|
* @param hcobject The hash context to operate upon.
|
|
* @param hcalgorithm The hash algorithm to be used (#FSL_HASH_ALG_MD5,
|
|
* #FSL_HASH_ALG_SHA256, etc).
|
|
*
|
|
*/
|
|
#define fsl_shw_hco_init(hcobject, hcalgorithm) \
|
|
{ \
|
|
(hcobject)->algorithm = hcalgorithm; \
|
|
(hcobject)->flags = 0; \
|
|
switch (hcalgorithm) { \
|
|
case FSL_HASH_ALG_MD5: \
|
|
(hcobject)->digest_length = 16; \
|
|
(hcobject)->context_length = 16; \
|
|
(hcobject)->context_register_length = 24; \
|
|
break; \
|
|
case FSL_HASH_ALG_SHA1: \
|
|
(hcobject)->digest_length = 20; \
|
|
(hcobject)->context_length = 20; \
|
|
(hcobject)->context_register_length = 24; \
|
|
break; \
|
|
case FSL_HASH_ALG_SHA224: \
|
|
(hcobject)->digest_length = 28; \
|
|
(hcobject)->context_length = 32; \
|
|
(hcobject)->context_register_length = 36; \
|
|
break; \
|
|
case FSL_HASH_ALG_SHA256: \
|
|
(hcobject)->digest_length = 32; \
|
|
(hcobject)->context_length = 32; \
|
|
(hcobject)->context_register_length = 36; \
|
|
break; \
|
|
default: \
|
|
/* error ! */ \
|
|
(hcobject)->digest_length = 1; \
|
|
(hcobject)->context_length = 1; \
|
|
(hcobject)->context_register_length = 1; \
|
|
break; \
|
|
} \
|
|
}
|
|
|
|
/*!
|
|
* Get the current hash value and message length from the hash context object.
|
|
*
|
|
* The algorithm must have already been specified. See #fsl_shw_hco_init().
|
|
*
|
|
* @param hcobject The hash context to query.
|
|
* @param[out] hccontext Pointer to the location of @a length octets where to
|
|
* store a copy of the current value of the digest.
|
|
* @param hcclength Number of octets of hash value to copy.
|
|
* @param[out] hcmsglen Pointer to the location to store the number of octets
|
|
* already hashed.
|
|
*/
|
|
#define fsl_shw_hco_get_digest(hcobject, hccontext, hcclength, hcmsglen) \
|
|
{ \
|
|
copy_bytes(hccontext, (hcobject)->context, hcclength); \
|
|
if ((hcobject)->algorithm == FSL_HASH_ALG_SHA224 \
|
|
|| (hcobject)->algorithm == FSL_HASH_ALG_SHA256) { \
|
|
*(hcmsglen) = (hcobject)->context[8]; \
|
|
} else { \
|
|
*(hcmsglen) = (hcobject)->context[5]; \
|
|
} \
|
|
}
|
|
|
|
/*!
|
|
* Get the hash algorithm from the hash context object.
|
|
*
|
|
* @param hcobject The hash context to query.
|
|
* @param[out] hcalgorithm Pointer to where the algorithm is to be stored.
|
|
*/
|
|
#define fsl_shw_hco_get_info(hcobject, hcalgorithm) \
|
|
{ \
|
|
*(hcalgorithm) = (hcobject)->algorithm; \
|
|
}
|
|
|
|
/*!
|
|
* Set the current hash value and message length in the hash context object.
|
|
*
|
|
* The algorithm must have already been specified. See #fsl_shw_hco_init().
|
|
*
|
|
* @param hcobject The hash context to operate upon.
|
|
* @param hccontext Pointer to buffer of appropriate length to copy into
|
|
* the hash context object.
|
|
* @param hcmsglen The number of octets of the message which have
|
|
* already been hashed.
|
|
*
|
|
*/
|
|
#define fsl_shw_hco_set_digest(hcobject, hccontext, hcmsglen) \
|
|
{ \
|
|
copy_bytes((hcobject)->context, hccontext, (hcobject)->context_length); \
|
|
if (((hcobject)->algorithm == FSL_HASH_ALG_SHA224) \
|
|
|| ((hcobject)->algorithm == FSL_HASH_ALG_SHA256)) { \
|
|
(hcobject)->context[8] = hcmsglen; \
|
|
} else { \
|
|
(hcobject)->context[5] = hcmsglen; \
|
|
} \
|
|
}
|
|
|
|
/*!
|
|
* Set flags in a Hash Context Object.
|
|
*
|
|
* Turns on the flags specified in @a flags. Other flags are untouched.
|
|
*
|
|
* @param hcobject The hash context to be operated on.
|
|
* @param hcflags The flags to be set in the context. These can be ORed
|
|
* members of #fsl_shw_hash_ctx_flags_t.
|
|
*/
|
|
#define fsl_shw_hco_set_flags(hcobject, hcflags) \
|
|
(hcobject)->flags |= (hcflags)
|
|
|
|
/*!
|
|
* Clear flags in a Hash Context Object.
|
|
*
|
|
* Turns off the flags specified in @a flags. Other flags are untouched.
|
|
*
|
|
* @param hcobject The hash context to be operated on.
|
|
* @param hcflags The flags to be reset in the context. These can be ORed
|
|
* members of #fsl_shw_hash_ctx_flags_t.
|
|
*/
|
|
#define fsl_shw_hco_clear_flags(hcobject, hcflags) \
|
|
(hcobject)->flags &= ~(hcflags)
|
|
|
|
/*!
|
|
* Initialize an HMAC Context Object.
|
|
*
|
|
* This function must be called before performing any other operation with the
|
|
* Object. It sets the current message length and hash algorithm in the HMAC
|
|
* context object.
|
|
*
|
|
* @param hcobject The HMAC context to operate upon.
|
|
* @param hcalgorithm The hash algorithm to be used (#FSL_HASH_ALG_MD5,
|
|
* #FSL_HASH_ALG_SHA256, etc).
|
|
*
|
|
*/
|
|
#define fsl_shw_hmco_init(hcobject, hcalgorithm) \
|
|
fsl_shw_hco_init(hcobject, hcalgorithm)
|
|
|
|
/*!
|
|
* Set flags in an HMAC Context Object.
|
|
*
|
|
* Turns on the flags specified in @a flags. Other flags are untouched.
|
|
*
|
|
* @param hcobject The HMAC context to be operated on.
|
|
* @param hcflags The flags to be set in the context. These can be ORed
|
|
* members of #fsl_shw_hmac_ctx_flags_t.
|
|
*/
|
|
#define fsl_shw_hmco_set_flags(hcobject, hcflags) \
|
|
(hcobject)->flags |= (hcflags)
|
|
|
|
/*!
|
|
* Clear flags in an HMAC Context Object.
|
|
*
|
|
* Turns off the flags specified in @a flags. Other flags are untouched.
|
|
*
|
|
* @param hcobject The HMAC context to be operated on.
|
|
* @param hcflags The flags to be reset in the context. These can be ORed
|
|
* members of #fsl_shw_hmac_ctx_flags_t.
|
|
*/
|
|
#define fsl_shw_hmco_clear_flags(hcobject, hcflags) \
|
|
(hcobject)->flags &= ~(hcflags)
|
|
|
|
/*!
|
|
* Initialize a Symmetric Cipher Context Object.
|
|
*
|
|
* This function must be called before performing any other operation with the
|
|
* Object. This will set the @a mode and @a algorithm and initialize the
|
|
* Object.
|
|
*
|
|
* @param scobject The context object to operate on.
|
|
* @param scalg The cipher algorithm this context will be used with.
|
|
* @param scmode #FSL_SYM_MODE_CBC, #FSL_SYM_MODE_ECB, etc.
|
|
*
|
|
*/
|
|
#define fsl_shw_scco_init(scobject, scalg, scmode) \
|
|
{ \
|
|
register uint32_t bsb; /* block-size bytes */ \
|
|
\
|
|
switch (scalg) { \
|
|
case FSL_KEY_ALG_AES: \
|
|
bsb = 16; \
|
|
break; \
|
|
case FSL_KEY_ALG_DES: \
|
|
/* fall through */ \
|
|
case FSL_KEY_ALG_TDES: \
|
|
bsb = 8; \
|
|
break; \
|
|
case FSL_KEY_ALG_ARC4: \
|
|
bsb = 259; \
|
|
break; \
|
|
case FSL_KEY_ALG_HMAC: \
|
|
bsb = 1; /* meaningless */ \
|
|
break; \
|
|
default: \
|
|
bsb = 00; \
|
|
} \
|
|
(scobject)->block_size_bytes = bsb; \
|
|
(scobject)->mode = scmode; \
|
|
(scobject)->flags = 0; \
|
|
}
|
|
|
|
/*!
|
|
* Set the flags for a Symmetric Cipher Context.
|
|
*
|
|
* Turns on the flags specified in @a flags. Other flags are untouched.
|
|
*
|
|
* @param scobject The context object to operate on.
|
|
* @param scflags The flags to reset (one or more values from
|
|
* #fsl_shw_sym_ctx_flags_t ORed together).
|
|
*
|
|
*/
|
|
#define fsl_shw_scco_set_flags(scobject, scflags) \
|
|
(scobject)->flags |= (scflags)
|
|
|
|
/*!
|
|
* Clear some flags in a Symmetric Cipher Context Object.
|
|
*
|
|
* Turns off the flags specified in @a flags. Other flags are untouched.
|
|
*
|
|
* @param scobject The context object to operate on.
|
|
* @param scflags The flags to reset (one or more values from
|
|
* #fsl_shw_sym_ctx_flags_t ORed together).
|
|
*
|
|
*/
|
|
#define fsl_shw_scco_clear_flags(scobject, scflags) \
|
|
(scobject)->flags &= ~(scflags)
|
|
|
|
/*!
|
|
* Set the Context (IV) for a Symmetric Cipher Context.
|
|
*
|
|
* This is to set the context/IV for #FSL_SYM_MODE_CBC mode, or to set the
|
|
* context (the S-Box and pointers) for ARC4. The full context size will
|
|
* be copied.
|
|
*
|
|
* @param scobject The context object to operate on.
|
|
* @param sccontext A pointer to the buffer which contains the context.
|
|
*
|
|
*/
|
|
#define fsl_shw_scco_set_context(scobject, sccontext) \
|
|
copy_bytes((scobject)->context, sccontext, \
|
|
(scobject)->block_size_bytes)
|
|
|
|
/*!
|
|
* Get the Context for a Symmetric Cipher Context.
|
|
*
|
|
* This is to retrieve the context/IV for #FSL_SYM_MODE_CBC mode, or to
|
|
* retrieve context (the S-Box and pointers) for ARC4. The full context
|
|
* will be copied.
|
|
*
|
|
* @param scobject The context object to operate on.
|
|
* @param[out] sccontext Pointer to location where context will be stored.
|
|
*/
|
|
#define fsl_shw_scco_get_context(scobject, sccontext) \
|
|
copy_bytes(sccontext, (scobject)->context, (scobject)->block_size_bytes)
|
|
|
|
/*!
|
|
* Set the Counter Value for a Symmetric Cipher Context.
|
|
*
|
|
* This will set the Counter Value for CTR mode.
|
|
*
|
|
* @param scobject The context object to operate on.
|
|
* @param sccounter The starting counter value. The number of octets.
|
|
* copied will be the block size for the algorithm.
|
|
* @param scmodulus The modulus for controlling the incrementing of the
|
|
* counter.
|
|
*
|
|
*/
|
|
#define fsl_shw_scco_set_counter_info(scobject, sccounter, scmodulus) \
|
|
{ \
|
|
if ((sccounter) != NULL) { \
|
|
copy_bytes((scobject)->context, sccounter, \
|
|
(scobject)->block_size_bytes); \
|
|
} \
|
|
(scobject)->modulus_exp = scmodulus; \
|
|
}
|
|
|
|
/*!
|
|
* Get the Counter Value for a Symmetric Cipher Context.
|
|
*
|
|
* This will retrieve the Counter Value is for CTR mode.
|
|
*
|
|
* @param scobject The context object to query.
|
|
* @param[out] sccounter Pointer to location to store the current counter
|
|
* value. The number of octets copied will be the
|
|
* block size for the algorithm.
|
|
* @param[out] scmodulus Pointer to location to store the modulus.
|
|
*
|
|
*/
|
|
#define fsl_shw_scco_get_counter_info(scobject, sccounter, scmodulus) \
|
|
{ \
|
|
if ((sccounter) != NULL) { \
|
|
copy_bytes(sccounter, (scobject)->context, \
|
|
(scobject)->block_size_bytes); \
|
|
} \
|
|
if ((scmodulus) != NULL) { \
|
|
*(scmodulus) = (scobject)->modulus_exp; \
|
|
} \
|
|
}
|
|
|
|
/*!
|
|
* Initialize a Authentication-Cipher Context.
|
|
*
|
|
* @param acobject Pointer to object to operate on.
|
|
* @param acmode The mode for this object (only #FSL_ACC_MODE_CCM
|
|
* supported).
|
|
*/
|
|
#define fsl_shw_acco_init(acobject, acmode) \
|
|
{ \
|
|
(acobject)->flags = 0; \
|
|
(acobject)->mode = (acmode); \
|
|
}
|
|
|
|
/*!
|
|
* Set the flags for a Authentication-Cipher Context.
|
|
*
|
|
* Turns on the flags specified in @a flags. Other flags are untouched.
|
|
*
|
|
* @param acobject Pointer to object to operate on.
|
|
* @param acflags The flags to set (one or more from
|
|
* #fsl_shw_auth_ctx_flags_t ORed together).
|
|
*
|
|
*/
|
|
#define fsl_shw_acco_set_flags(acobject, acflags) \
|
|
(acobject)->flags |= (acflags)
|
|
|
|
/*!
|
|
* Clear some flags in a Authentication-Cipher Context Object.
|
|
*
|
|
* Turns off the flags specified in @a flags. Other flags are untouched.
|
|
*
|
|
* @param acobject Pointer to object to operate on.
|
|
* @param acflags The flags to reset (one or more from
|
|
* #fsl_shw_auth_ctx_flags_t ORed together).
|
|
*
|
|
*/
|
|
#define fsl_shw_acco_clear_flags(acobject, acflags) \
|
|
(acobject)->flags &= ~(acflags)
|
|
|
|
/*!
|
|
* Set up the Authentication-Cipher Object for CCM mode.
|
|
*
|
|
* This will set the @a auth_object for CCM mode and save the @a ctr,
|
|
* and @a mac_length. This function can be called instead of
|
|
* #fsl_shw_acco_init().
|
|
*
|
|
* The paramater @a ctr is Counter Block 0, (counter value 0), which is for the
|
|
* MAC.
|
|
*
|
|
* @param acobject Pointer to object to operate on.
|
|
* @param acalg Cipher algorithm. Only AES is supported.
|
|
* @param accounter The initial counter value.
|
|
* @param acmaclen The number of octets used for the MAC. Valid values are
|
|
* 4, 6, 8, 10, 12, 14, and 16.
|
|
*/
|
|
/* Do we need to stash the +1 value of the CTR somewhere? */
|
|
#define fsl_shw_acco_set_ccm(acobject, acalg, accounter, acmaclen) \
|
|
{ \
|
|
(acobject)->flags = 0; \
|
|
(acobject)->mode = FSL_ACC_MODE_CCM; \
|
|
(acobject)->auth_info.CCM_ctx_info.block_size_bytes = 16; \
|
|
(acobject)->cipher_ctx_info.block_size_bytes = 16; \
|
|
(acobject)->mac_length = acmaclen; \
|
|
fsl_shw_scco_set_counter_info(&(acobject)->cipher_ctx_info, accounter, \
|
|
FSL_CTR_MOD_128); \
|
|
}
|
|
|
|
/*!
|
|
* Format the First Block (IV) & Initial Counter Value per NIST CCM.
|
|
*
|
|
* This function will also set the IV and CTR values per Appendix A of NIST
|
|
* Special Publication 800-38C (May 2004). It will also perform the
|
|
* #fsl_shw_acco_set_ccm() operation with information derived from this set of
|
|
* parameters.
|
|
*
|
|
* Note this function assumes the algorithm is AES. It initializes the
|
|
* @a auth_object by setting the mode to #FSL_ACC_MODE_CCM and setting the
|
|
* flags to be #FSL_ACCO_NIST_CCM.
|
|
*
|
|
* @param acobject Pointer to object to operate on.
|
|
* @param act The number of octets used for the MAC. Valid values are
|
|
* 4, 6, 8, 10, 12, 14, and 16.
|
|
* @param acad Number of octets of Associated Data (may be zero).
|
|
* @param acq A value for the size of the length of @a q field. Valid
|
|
* values are 1-8.
|
|
* @param acN The Nonce (packet number or other changing value). Must
|
|
* be (15 - @a q_length) octets long.
|
|
* @param acQ The value of Q (size of the payload in octets).
|
|
*
|
|
*/
|
|
/* Do we need to stash the +1 value of the CTR somewhere? */
|
|
#define fsl_shw_ccm_nist_format_ctr_and_iv(acobject, act, acad, acq, acN, acQ)\
|
|
{ \
|
|
uint64_t Q = acQ; \
|
|
uint8_t bflag = ((acad)?0x40:0) | ((((act)-2)/2)<<3) | ((acq)-1); \
|
|
unsigned i; \
|
|
uint8_t* qptr = (acobject)->auth_info.CCM_ctx_info.context + 15; \
|
|
(acobject)->auth_info.CCM_ctx_info.block_size_bytes = 16; \
|
|
(acobject)->cipher_ctx_info.block_size_bytes = 16; \
|
|
(acobject)->mode = FSL_ACC_MODE_CCM; \
|
|
(acobject)->flags = FSL_ACCO_NIST_CCM; \
|
|
\
|
|
/* Store away the MAC length (after calculating actual value */ \
|
|
(acobject)->mac_length = (act); \
|
|
/* Set Flag field in Block 0 */ \
|
|
*((acobject)->auth_info.CCM_ctx_info.context) = bflag; \
|
|
/* Set Nonce field in Block 0 */ \
|
|
copy_bytes((acobject)->auth_info.CCM_ctx_info.context+1, acN, \
|
|
15-(acq)); \
|
|
/* Set Flag field in ctr */ \
|
|
*((acobject)->cipher_ctx_info.context) = (acq)-1; \
|
|
/* Update the Q (payload length) field of Block0 */ \
|
|
(acobject)->q_length = acq; \
|
|
for (i = 0; i < (acq); i++) { \
|
|
*qptr-- = Q & 0xFF; \
|
|
Q >>= 8; \
|
|
} \
|
|
/* Set the Nonce field of the ctr */ \
|
|
copy_bytes((acobject)->cipher_ctx_info.context+1, acN, 15-(acq)); \
|
|
/* Clear the block counter field of the ctr */ \
|
|
memset((acobject)->cipher_ctx_info.context+16-(acq), 0, (acq)+1); \
|
|
}
|
|
|
|
/*!
|
|
* Update the First Block (IV) & Initial Counter Value per NIST CCM.
|
|
*
|
|
* This function will set the IV and CTR values per Appendix A of NIST Special
|
|
* Publication 800-38C (May 2004).
|
|
*
|
|
* Note this function assumes that #fsl_shw_ccm_nist_format_ctr_and_iv() has
|
|
* previously been called on the @a auth_object.
|
|
*
|
|
* @param acobject Pointer to object to operate on.
|
|
* @param acN The Nonce (packet number or other changing value). Must
|
|
* be (15 - @a q_length) octets long.
|
|
* @param acQ The value of Q (size of the payload in octets).
|
|
*
|
|
*/
|
|
/* Do we need to stash the +1 value of the CTR somewhere? */
|
|
#define fsl_shw_ccm_nist_update_ctr_and_iv(acobject, acN, acQ) \
|
|
{ \
|
|
uint64_t Q = acQ; \
|
|
unsigned i; \
|
|
uint8_t* qptr = (acobject)->auth_info.CCM_ctx_info.context + 15; \
|
|
\
|
|
/* Update the Nonce field field of Block0 */ \
|
|
copy_bytes((acobject)->auth_info.CCM_ctx_info.context+1, acN, \
|
|
15 - (acobject)->q_length); \
|
|
/* Update the Q (payload length) field of Block0 */ \
|
|
for (i = 0; i < (acobject)->q_length; i++) { \
|
|
*qptr-- = Q & 0xFF; \
|
|
Q >>= 8; \
|
|
} \
|
|
/* Update the Nonce field of the ctr */ \
|
|
copy_bytes((acobject)->cipher_ctx_info.context+1, acN, \
|
|
15 - (acobject)->q_length); \
|
|
}
|
|
|
|
/******************************************************************************
|
|
* Library functions
|
|
*****************************************************************************/
|
|
/* REQ-S2LRD-PINTFC-API-GEN-003 */
|
|
extern fsl_shw_pco_t *fsl_shw_get_capabilities(fsl_shw_uco_t * user_ctx);
|
|
|
|
/* REQ-S2LRD-PINTFC-API-GEN-004 */
|
|
extern fsl_shw_return_t fsl_shw_register_user(fsl_shw_uco_t * user_ctx);
|
|
|
|
/* REQ-S2LRD-PINTFC-API-GEN-005 */
|
|
extern fsl_shw_return_t fsl_shw_deregister_user(fsl_shw_uco_t * user_ctx);
|
|
|
|
/* REQ-S2LRD-PINTFC-API-GEN-006 */
|
|
extern fsl_shw_return_t fsl_shw_get_results(fsl_shw_uco_t * user_ctx,
|
|
unsigned result_size,
|
|
fsl_shw_result_t results[],
|
|
unsigned *result_count);
|
|
|
|
extern fsl_shw_return_t fsl_shw_establish_key(fsl_shw_uco_t * user_ctx,
|
|
fsl_shw_sko_t * key_info,
|
|
fsl_shw_key_wrap_t establish_type,
|
|
const uint8_t * key);
|
|
|
|
extern fsl_shw_return_t fsl_shw_extract_key(fsl_shw_uco_t * user_ctx,
|
|
fsl_shw_sko_t * key_info,
|
|
uint8_t * covered_key);
|
|
|
|
extern fsl_shw_return_t fsl_shw_release_key(fsl_shw_uco_t * user_ctx,
|
|
fsl_shw_sko_t * key_info);
|
|
|
|
extern void *fsl_shw_smalloc(fsl_shw_uco_t * user_ctx,
|
|
uint32_t size,
|
|
const uint8_t * UMID, uint32_t permissions);
|
|
|
|
extern fsl_shw_return_t fsl_shw_sfree(fsl_shw_uco_t * user_ctx, void *address);
|
|
|
|
extern fsl_shw_return_t fsl_shw_sstatus(fsl_shw_uco_t * user_ctx,
|
|
void *address,
|
|
fsl_shw_partition_status_t * status);
|
|
|
|
extern fsl_shw_return_t fsl_shw_diminish_perms(fsl_shw_uco_t * user_ctx,
|
|
void *address,
|
|
uint32_t permissions);
|
|
|
|
extern fsl_shw_return_t do_scc_engage_partition(fsl_shw_uco_t * user_ctx,
|
|
void *address,
|
|
const uint8_t * UMID,
|
|
uint32_t permissions);
|
|
|
|
extern fsl_shw_return_t do_system_keystore_slot_alloc(fsl_shw_uco_t * user_ctx,
|
|
uint32_t key_lenth,
|
|
uint64_t ownerid,
|
|
uint32_t * slot);
|
|
|
|
extern fsl_shw_return_t do_system_keystore_slot_dealloc(fsl_shw_uco_t *
|
|
user_ctx,
|
|
uint64_t ownerid,
|
|
uint32_t slot);
|
|
|
|
extern fsl_shw_return_t do_system_keystore_slot_load(fsl_shw_uco_t * user_ctx,
|
|
uint64_t ownerid,
|
|
uint32_t slot,
|
|
const uint8_t * key,
|
|
uint32_t key_length);
|
|
|
|
extern fsl_shw_return_t do_system_keystore_slot_read(fsl_shw_uco_t * user_ctx,
|
|
uint64_t ownerid,
|
|
uint32_t slot,
|
|
uint32_t key_length,
|
|
const uint8_t * key);
|
|
|
|
extern fsl_shw_return_t do_system_keystore_slot_encrypt(fsl_shw_uco_t *
|
|
user_ctx,
|
|
uint64_t ownerid,
|
|
uint32_t slot,
|
|
uint32_t key_length,
|
|
uint8_t * black_data);
|
|
|
|
extern fsl_shw_return_t do_system_keystore_slot_decrypt(fsl_shw_uco_t *
|
|
user_ctx,
|
|
uint64_t ownerid,
|
|
uint32_t slot,
|
|
uint32_t key_length,
|
|
const uint8_t *
|
|
black_data);
|
|
|
|
extern fsl_shw_return_t
|
|
do_scc_encrypt_region(fsl_shw_uco_t * user_ctx,
|
|
void *partition_base, uint32_t offset_bytes,
|
|
uint32_t byte_count, uint8_t * black_data,
|
|
uint32_t * IV, fsl_shw_cypher_mode_t cypher_mode);
|
|
|
|
extern fsl_shw_return_t
|
|
do_scc_decrypt_region(fsl_shw_uco_t * user_ctx,
|
|
void *partition_base, uint32_t offset_bytes,
|
|
uint32_t byte_count, const uint8_t * black_data,
|
|
uint32_t * IV, fsl_shw_cypher_mode_t cypher_mode);
|
|
|
|
extern fsl_shw_return_t
|
|
system_keystore_get_slot_info(uint64_t owner_id, uint32_t slot,
|
|
uint32_t * address, uint32_t * slot_size_bytes);
|
|
|
|
/* REQ-S2LRD-PINTFC-API-BASIC-SYM-002 */
|
|
/* PINTFC-API-BASIC-SYM-ARC4-001 */
|
|
/* PINTFC-API-BASIC-SYM-ARC4-002 */
|
|
extern fsl_shw_return_t fsl_shw_symmetric_encrypt(fsl_shw_uco_t * user_ctx,
|
|
fsl_shw_sko_t * key_info,
|
|
fsl_shw_scco_t * sym_ctx,
|
|
uint32_t length,
|
|
const uint8_t * pt,
|
|
uint8_t * ct);
|
|
|
|
/* PINTFC-API-BASIC-SYM-002 */
|
|
/* PINTFC-API-BASIC-SYM-ARC4-001 */
|
|
/* PINTFC-API-BASIC-SYM-ARC4-002 */
|
|
extern fsl_shw_return_t fsl_shw_symmetric_decrypt(fsl_shw_uco_t * user_ctx,
|
|
fsl_shw_sko_t * key_info,
|
|
fsl_shw_scco_t * sym_ctx,
|
|
uint32_t length,
|
|
const uint8_t * ct,
|
|
uint8_t * pt);
|
|
|
|
/* REQ-S2LRD-PINTFC-API-BASIC-HASH-005 */
|
|
extern fsl_shw_return_t fsl_shw_hash(fsl_shw_uco_t * user_ctx,
|
|
fsl_shw_hco_t * hash_ctx,
|
|
const uint8_t * msg,
|
|
uint32_t length,
|
|
uint8_t * result, uint32_t result_len);
|
|
|
|
/* REQ-S2LRD-PINTFC-API-BASIC-HMAC-001 */
|
|
extern fsl_shw_return_t fsl_shw_hmac_precompute(fsl_shw_uco_t * user_ctx,
|
|
fsl_shw_sko_t * key_info,
|
|
fsl_shw_hmco_t * hmac_ctx);
|
|
|
|
/* REQ-S2LRD-PINTFC-API-BASIC-HMAC-002 */
|
|
extern fsl_shw_return_t fsl_shw_hmac(fsl_shw_uco_t * user_ctx,
|
|
fsl_shw_sko_t * key_info,
|
|
fsl_shw_hmco_t * hmac_ctx,
|
|
const uint8_t * msg,
|
|
uint32_t length,
|
|
uint8_t * result, uint32_t result_len);
|
|
|
|
/* REQ-S2LRD-PINTFC-API-BASIC-RNG-002 */
|
|
extern fsl_shw_return_t fsl_shw_get_random(fsl_shw_uco_t * user_ctx,
|
|
uint32_t length, uint8_t * data);
|
|
|
|
extern fsl_shw_return_t fsl_shw_add_entropy(fsl_shw_uco_t * user_ctx,
|
|
uint32_t length, uint8_t * data);
|
|
|
|
extern fsl_shw_return_t fsl_shw_gen_encrypt(fsl_shw_uco_t * user_ctx,
|
|
fsl_shw_acco_t * auth_ctx,
|
|
fsl_shw_sko_t * cipher_key_info,
|
|
fsl_shw_sko_t * auth_key_info,
|
|
uint32_t auth_data_length,
|
|
const uint8_t * auth_data,
|
|
uint32_t payload_length,
|
|
const uint8_t * payload,
|
|
uint8_t * ct, uint8_t * auth_value);
|
|
|
|
extern fsl_shw_return_t fsl_shw_auth_decrypt(fsl_shw_uco_t * user_ctx,
|
|
fsl_shw_acco_t * auth_ctx,
|
|
fsl_shw_sko_t * cipher_key_info,
|
|
fsl_shw_sko_t * auth_key_info,
|
|
uint32_t auth_data_length,
|
|
const uint8_t * auth_data,
|
|
uint32_t payload_length,
|
|
const uint8_t * ct,
|
|
const uint8_t * auth_value,
|
|
uint8_t * payload);
|
|
|
|
extern fsl_shw_return_t fsl_shw_read_key(fsl_shw_uco_t * user_ctx,
|
|
fsl_shw_sko_t * key_info,
|
|
uint8_t * key);
|
|
|
|
static inline fsl_shw_return_t fsl_shw_gen_random_pf_key(fsl_shw_uco_t *
|
|
user_ctx)
|
|
{
|
|
(void)user_ctx;
|
|
|
|
return FSL_RETURN_NO_RESOURCE_S;
|
|
}
|
|
|
|
static inline fsl_shw_return_t fsl_shw_read_tamper_event(fsl_shw_uco_t *
|
|
user_ctx,
|
|
fsl_shw_tamper_t *
|
|
tamperp,
|
|
uint64_t * timestampp)
|
|
{
|
|
(void)user_ctx;
|
|
(void)tamperp;
|
|
(void)timestampp;
|
|
|
|
return FSL_RETURN_NO_RESOURCE_S;
|
|
}
|
|
|
|
fsl_shw_return_t sah_Append_Desc(const sah_Mem_Util * mu,
|
|
sah_Head_Desc ** desc_head,
|
|
const uint32_t header,
|
|
sah_Link * link1, sah_Link * link2);
|
|
|
|
/* Utility Function leftover from sahara1 API */
|
|
void sah_Descriptor_Chain_Destroy(const sah_Mem_Util * mu,
|
|
sah_Head_Desc ** desc_chain);
|
|
|
|
/* Utility Function leftover from sahara1 API */
|
|
fsl_shw_return_t sah_Descriptor_Chain_Execute(sah_Head_Desc * desc_chain,
|
|
fsl_shw_uco_t * user_ctx);
|
|
|
|
fsl_shw_return_t sah_Append_Link(const sah_Mem_Util * mu,
|
|
sah_Link * link,
|
|
uint8_t * p,
|
|
const size_t length,
|
|
const sah_Link_Flags flags);
|
|
|
|
fsl_shw_return_t sah_Create_Link(const sah_Mem_Util * mu,
|
|
sah_Link ** link,
|
|
uint8_t * p,
|
|
const size_t length,
|
|
const sah_Link_Flags flags);
|
|
|
|
fsl_shw_return_t sah_Create_Key_Link(const sah_Mem_Util * mu,
|
|
sah_Link ** link,
|
|
fsl_shw_sko_t * key_info);
|
|
|
|
void sah_Destroy_Link(const sah_Mem_Util * mu, sah_Link * link);
|
|
|
|
void sah_Postprocess_Results(fsl_shw_uco_t * user_ctx,
|
|
sah_results * result_info);
|
|
|
|
#endif /* SAHARA2_API_H */
|