/* * Copyright (C) 2004-2011 Freescale Semiconductor, Inc. All Rights Reserved. */ /* * The code contained herein is licensed under the GNU General Public * License. You may obtain a copy of the GNU General Public License * Version 2 or later at the following locations: * * http://www.opensource.org/licenses/gpl-license.html * http://www.gnu.org/copyleft/gpl.html */ /*! * @file sahara.h * * File which implements the FSL_SHW API when used on Sahara */ /*! * @if USE_MAINPAGE * @mainpage Sahara2 implemtation of FSL Security Hardware API * @endif * */ #define _DIAG_DRV_IF #define _DIAG_SECURITY_FUNC #define _DIAG_ADAPTOR #ifndef SAHARA2_API_H #define SAHARA2_API_H #ifdef DIAG_SECURITY_FUNC #include #endif /* DIAG_SECURITY_FUNC */ /* This is a Linux flag... ? */ #ifndef __KERNEL__ #include #include #include #else #include "portable_os.h" #endif /* This definition may need a new name, and needs to go somewhere which * can determine platform, kernel vs. user, os, etc. */ #define copy_bytes(out, in, len) memcpy(out, in, len) /* Does this belong here? */ #ifndef SAHARA_DEVICE #define SAHARA_DEVICE "/dev/sahara" #endif /*! ******************************************************************************* * @defgroup lnkflags Link Flags * * @brief Flags to show information about link data and link segments * ******************************************************************************/ /*! @addtogroup lnkflags * @{ */ /*! ******************************************************************************* * This flag indicates that the data in a link is owned by the security * function component and this memory will be freed by the security function * component. To be used as part of the flag field of the sah_Link structure. ******************************************************************************/ #define SAH_OWNS_LINK_DATA 0x01 /*! ******************************************************************************* * The data in a link is not owned by the security function component and * therefore it will not attempt to free this memory. To be used as part of the * flag field of the sah_Link structure. ******************************************************************************/ #define SAH_USES_LINK_DATA 0x02 /*! ******************************************************************************* * The data in this link will change when the descriptor gets executed. ******************************************************************************/ #define SAH_OUTPUT_LINK 0x04 /*! ******************************************************************************* * The ptr and length in this link are really 'established key' info. They * are to be converted to ptr/length before putting on request queue. ******************************************************************************/ #define SAH_KEY_IS_HIDDEN 0x08 /*! ******************************************************************************* * The link structure has been appended to the previous one by the driver. It * needs to be removed before leaving the driver (and returning to API). ******************************************************************************/ #define SAH_REWORKED_LINK 0x10 /*! ******************************************************************************* * The length and data fields of this link contain the slot and user id * used to access the SCC stored key ******************************************************************************/ #define SAH_STORED_KEY_INFO 0x20 /*! ******************************************************************************* * The Data field points to a physical address, and does not need to be * processed by the driver. Honored only in Kernel API. ******************************************************************************/ #define SAH_PREPHYS_DATA 0x40 /*! ******************************************************************************* * The link was inserted during the Physicalise procedure. It is tagged so * it can be removed during DePhysicalise, thereby returning to the caller an * intact chain. ******************************************************************************/ #define SAH_LINK_INSERTED_LINK 0x80 /*! ******************************************************************************* * The Data field points to the location of the key, which is in a secure * partition held by the user. The memory address needs to be converted to * kernel space manually, by looking through the partitions that the user holds. ******************************************************************************/ #define SAH_IN_USER_KEYSTORE 0x100 /*! ******************************************************************************* * sah_Link_Flags * * Type to be used for flags associated with a Link in security function. * These flags are used internally by the security function component only. * * Values defined at @ref lnkflags * * @brief typedef for flags field of sah_Link ******************************************************************************/ typedef uint32_t sah_Link_Flags; /* ******************************************************************************* * Security Parameters Related Structures * * All of structures associated with API parameters * ******************************************************************************/ /* ******************************************************************************* * Common Types * * All of structures used across several classes of crytography ******************************************************************************/ /*! ******************************************************************************* * @brief Indefinite precision integer used for security operations on SAHARA * accelerator. The data will always be in little Endian format. ******************************************************************************/ typedef uint8_t *sah_Int; /*! ******************************************************************************* * @brief Byte array used for block cipher and hash digest/MAC operations on * SAHARA accelerator. The Endian format will be as specified by the function * using the sah_Oct_Str. ******************************************************************************/ typedef uint8_t *sah_Oct_Str; /*! * A queue of descriptor heads -- used to hold requests waiting for user to * pick up the results. */ typedef struct sah_Queue { int count; /*!< # entries in queue */ struct sah_Head_Desc *head; /*!< first entry in queue */ struct sah_Head_Desc *tail; /*!< last entry in queue */ } sah_Queue; /****************************************************************************** * Enumerations *****************************************************************************/ /*! * Flags for the state of the User Context Object (#fsl_shw_uco_t). */ typedef enum fsl_shw_user_ctx_flags_t { /*! * API will block the caller until operation completes. The result will be * available in the return code. If this is not set, user will have to get * results using #fsl_shw_get_results(). */ FSL_UCO_BLOCKING_MODE = 0x01, /*! * User wants callback (at the function specified with * #fsl_shw_uco_set_callback()) when the operation completes. This flag is * valid only if #FSL_UCO_BLOCKING_MODE is not set. */ FSL_UCO_CALLBACK_MODE = 0x02, /*! Do not free descriptor chain after driver (adaptor) finishes */ FSL_UCO_SAVE_DESC_CHAIN = 0x04, /*! * User has made at least one request with callbacks requested, so API is * ready to handle others. */ FSL_UCO_CALLBACK_SETUP_COMPLETE = 0x08, /*! * (virtual) pointer to descriptor chain is completely linked with physical * (DMA) addresses, ready for the hardware. This flag should not be used * by FSL SHW API programs. */ FSL_UCO_CHAIN_PREPHYSICALIZED = 0x10, /*! * The user has changed the context but the changes have not been copied to * the kernel driver. */ FSL_UCO_CONTEXT_CHANGED = 0x20, /*! Internal Use. This context belongs to a user-mode API user. */ FSL_UCO_USERMODE_USER = 0x40, } fsl_shw_user_ctx_flags_t; /*! * Return code for FSL_SHW library. * * These codes may be returned from a function call. In non-blocking mode, * they will appear as the status in a Result Object. */ typedef enum fsl_shw_return_t { /*! * No error. As a function return code in Non-blocking mode, this may * simply mean that the operation was accepted for eventual execution. */ FSL_RETURN_OK_S = 0, /*! Failure for non-specific reason. */ FSL_RETURN_ERROR_S, /*! * Operation failed because some resource was not able to be allocated. */ FSL_RETURN_NO_RESOURCE_S, /*! Crypto algorithm unrecognized or improper. */ FSL_RETURN_BAD_ALGORITHM_S, /*! Crypto mode unrecognized or improper. */ FSL_RETURN_BAD_MODE_S, /*! Flag setting unrecognized or inconsistent. */ FSL_RETURN_BAD_FLAG_S, /*! Improper or unsupported key length for algorithm. */ FSL_RETURN_BAD_KEY_LENGTH_S, /*! Improper parity in a (DES, TDES) key. */ FSL_RETURN_BAD_KEY_PARITY_S, /*! * Improper or unsupported data length for algorithm or internal buffer. */ FSL_RETURN_BAD_DATA_LENGTH_S, /*! Authentication / Integrity Check code check failed. */ FSL_RETURN_AUTH_FAILED_S, /*! A memory error occurred. */ FSL_RETURN_MEMORY_ERROR_S, /*! An error internal to the hardware occurred. */ FSL_RETURN_INTERNAL_ERROR_S, /*! ECC detected Point at Infinity */ FSL_RETURN_POINT_AT_INFINITY_S, /*! ECC detected No Point at Infinity */ FSL_RETURN_POINT_NOT_AT_INFINITY_S, /*! GCD is One */ FSL_RETURN_GCD_IS_ONE_S, /*! GCD is not One */ FSL_RETURN_GCD_IS_NOT_ONE_S, /*! Candidate is Prime */ FSL_RETURN_PRIME_S, /*! Candidate is not Prime */ FSL_RETURN_NOT_PRIME_S, /*! N register loaded improperly with even value */ FSL_RETURN_EVEN_MODULUS_ERROR_S, /*! Divisor is zero. */ FSL_RETURN_DIVIDE_BY_ZERO_ERROR_S, /*! Bad Exponent or Scalar value for Point Multiply */ FSL_RETURN_BAD_EXPONENT_ERROR_S, /*! RNG hardware problem. */ FSL_RETURN_OSCILLATOR_ERROR_S, /*! RNG hardware problem. */ FSL_RETURN_STATISTICS_ERROR_S, } fsl_shw_return_t; /*! * Algorithm Identifier. * * Selection of algorithm will determine how large the block size of the * algorithm is. Context size is the same length unless otherwise specified. * Selection of algorithm also affects the allowable key length. */ typedef enum fsl_shw_key_alg_t { /*! * Key will be used to perform an HMAC. Key size is 1 to 64 octets. Block * size is 64 octets. */ FSL_KEY_ALG_HMAC, /*! * Advanced Encryption Standard (Rijndael). Block size is 16 octets. Key * size is 16 octets. (The single choice of key size is a Sahara platform * limitation.) */ FSL_KEY_ALG_AES, /*! * Data Encryption Standard. Block size is 8 octets. Key size is 8 * octets. */ FSL_KEY_ALG_DES, /*! * 2- or 3-key Triple DES. Block size is 8 octets. Key size is 16 octets * for 2-key Triple DES, and 24 octets for 3-key. */ FSL_KEY_ALG_TDES, /*! * ARC4. No block size. Context size is 259 octets. Allowed key size is * 1-16 octets. (The choices for key size are a Sahara platform * limitation.) */ FSL_KEY_ALG_ARC4, /*! * Private key of a public-private key-pair. Max is 512 bits... */ FSL_KEY_PK_PRIVATE, } fsl_shw_key_alg_t; /*! * Mode selector for Symmetric Ciphers. * * The selection of mode determines how a cryptographic algorithm will be * used to process the plaintext or ciphertext. * * For all modes which are run block-by-block (that is, all but * #FSL_SYM_MODE_STREAM), any partial operations must be performed on a text * length which is multiple of the block size. Except for #FSL_SYM_MODE_CTR, * these block-by-block algorithms must also be passed a total number of octets * which is a multiple of the block size. * * In modes which require that the total number of octets of data be a multiple * of the block size (#FSL_SYM_MODE_ECB and #FSL_SYM_MODE_CBC), and the user * has a total number of octets which are not a multiple of the block size, the * user must perform any necessary padding to get to the correct data length. */ typedef enum fsl_shw_sym_mode_t { /*! * Stream. There is no associated block size. Any request to process data * may be of any length. This mode is only for ARC4 operations, and is * also the only mode used for ARC4. */ FSL_SYM_MODE_STREAM, /*! * Electronic Codebook. Each block of data is encrypted/decrypted. The * length of the data stream must be a multiple of the block size. This * mode may be used for DES, 3DES, and AES. The block size is determined * by the algorithm. */ FSL_SYM_MODE_ECB, /*! * Cipher-Block Chaining. Each block of data is encrypted/decrypted and * then "chained" with the previous block by an XOR function. Requires * context to start the XOR (previous block). This mode may be used for * DES, 3DES, and AES. The block size is determined by the algorithm. */ FSL_SYM_MODE_CBC, /*! * Counter. The counter is encrypted, then XORed with a block of data. * The counter is then incremented (using modulus arithmetic) for the next * block. The final operation may be non-multiple of block size. This mode * may be used for AES. The block size is determined by the algorithm. */ FSL_SYM_MODE_CTR, } fsl_shw_sym_mode_t; /*! * Algorithm selector for Cryptographic Hash functions. * * Selection of algorithm determines how large the context and digest will be. * Context is the same size as the digest (resulting hash), unless otherwise * specified. */ typedef enum fsl_shw_hash_alg_t { /*! MD5 algorithm. Digest is 16 octets. */ FSL_HASH_ALG_MD5, /*! SHA-1 (aka SHA or SHA-160) algorithm. Digest is 20 octets. */ FSL_HASH_ALG_SHA1, /*! * SHA-224 algorithm. Digest is 28 octets, though context is 32 octets. */ FSL_HASH_ALG_SHA224, /*! SHA-256 algorithm. Digest is 32 octets. */ FSL_HASH_ALG_SHA256 } fsl_shw_hash_alg_t; /*! * The type of Authentication-Cipher function which will be performed. */ typedef enum fsl_shw_acc_mode_t { /*! * CBC-MAC for Counter. Requires context and modulus. Final operation may * be non-multiple of block size. This mode may be used for AES. */ FSL_ACC_MODE_CCM, /*! * SSL mode. Not supported. Combines HMAC and encrypt (or decrypt). * Needs one key object for encryption, another for the HMAC. The usual * hashing and symmetric encryption algorithms are supported. */ FSL_ACC_MODE_SSL, } fsl_shw_acc_mode_t; /* REQ-S2LRD-PINTFC-COA-HCO-001 */ /*! * Flags which control a Hash operation. */ typedef enum fsl_shw_hash_ctx_flags_t { /*! * Context is empty. Hash is started from scratch, with a * message-processed count of zero. */ FSL_HASH_FLAGS_INIT = 0x01, /*! * Retrieve context from hardware after hashing. If used with the * #FSL_HASH_FLAGS_FINALIZE flag, the final digest value will be saved in * the object. */ FSL_HASH_FLAGS_SAVE = 0x02, /*! Place context into hardware before hashing. */ FSL_HASH_FLAGS_LOAD = 0x04, /*! * PAD message and perform final digest operation. If user message is * pre-padded, this flag should not be used. */ FSL_HASH_FLAGS_FINALIZE = 0x08, } fsl_shw_hash_ctx_flags_t; /*! * Flags which control an HMAC operation. * * These may be combined by ORing them together. See #fsl_shw_hmco_set_flags() * and #fsl_shw_hmco_clear_flags(). */ typedef enum fsl_shw_hmac_ctx_flags_t { /*! * Message context is empty. HMAC is started from scratch (with key) or * from precompute of inner hash, depending on whether * #FSL_HMAC_FLAGS_PRECOMPUTES_PRESENT is set. */ FSL_HMAC_FLAGS_INIT = 1, /*! * Retrieve ongoing context from hardware after hashing. If used with the * #FSL_HMAC_FLAGS_FINALIZE flag, the final digest value (HMAC) will be * saved in the object. */ FSL_HMAC_FLAGS_SAVE = 2, /*! Place ongoing context into hardware before hashing. */ FSL_HMAC_FLAGS_LOAD = 4, /*! * PAD message and perform final HMAC operations of inner and outer * hashes. */ FSL_HMAC_FLAGS_FINALIZE = 8, /*! * This means that the context contains precomputed inner and outer hash * values. */ FSL_HMAC_FLAGS_PRECOMPUTES_PRESENT = 16, } fsl_shw_hmac_ctx_flags_t; /*! * Flags to control use of the #fsl_shw_scco_t. * * These may be ORed together to get the desired effect. * See #fsl_shw_scco_set_flags() and #fsl_shw_scco_clear_flags() */ typedef enum fsl_shw_sym_ctx_flags_t { /*! * Context is empty. In ARC4, this means that the S-Box needs to be * generated from the key. In #FSL_SYM_MODE_CBC mode, this allows an IV of * zero to be specified. In #FSL_SYM_MODE_CTR mode, it means that an * initial CTR value of zero is desired. */ FSL_SYM_CTX_INIT = 1, /*! * Load context from object into hardware before running cipher. In * #FSL_SYM_MODE_CTR mode, this would refer to the Counter Value. */ FSL_SYM_CTX_LOAD = 2, /*! * Save context from hardware into object after running cipher. In * #FSL_SYM_MODE_CTR mode, this would refer to the Counter Value. */ FSL_SYM_CTX_SAVE = 4, /*! * Context (SBox) is to be unwrapped and wrapped on each use. * This flag is unsupported. * */ FSL_SYM_CTX_PROTECT = 8, } fsl_shw_sym_ctx_flags_t; /*! * Flags which describe the state of the #fsl_shw_sko_t. * * These may be ORed together to get the desired effect. * See #fsl_shw_sko_set_flags() and #fsl_shw_sko_clear_flags() */ typedef enum fsl_shw_key_flags_t { /*! If algorithm is DES or 3DES, do not validate the key parity bits. */ FSL_SKO_KEY_IGNORE_PARITY = 1, /*! Clear key is present in the object. */ FSL_SKO_KEY_PRESENT = 2, /*! * Key has been established for use. This feature is not available for all * platforms, nor for all algorithms and modes. */ FSL_SKO_KEY_ESTABLISHED = 4, /*! * Key intended for user (software) use; can be read cleartext from the * keystore. */ FSL_SKO_KEY_SW_KEY = 8, } fsl_shw_key_flags_t; /*! * Type of value which is associated with an established key. */ typedef uint64_t key_userid_t; /*! * Flags which describe the state of the #fsl_shw_acco_t. * * The @a FSL_ACCO_CTX_INIT and @a FSL_ACCO_CTX_FINALIZE flags, when used * together, provide for a one-shot operation. */ typedef enum fsl_shw_auth_ctx_flags_t { /*! Initialize Context(s) */ FSL_ACCO_CTX_INIT = 1, /*! Load intermediate context(s). This flag is unsupported. */ FSL_ACCO_CTX_LOAD = 2, /*! Save intermediate context(s). This flag is unsupported. */ FSL_ACCO_CTX_SAVE = 4, /*! Create MAC during this operation. */ FSL_ACCO_CTX_FINALIZE = 8, /*! * Formatting of CCM input data is performed by calls to * #fsl_shw_ccm_nist_format_ctr_and_iv() and * #fsl_shw_ccm_nist_update_ctr_and_iv(). */ FSL_ACCO_NIST_CCM = 0x10, } fsl_shw_auth_ctx_flags_t; /*! * The operation which controls the behavior of #fsl_shw_establish_key(). * * These values are passed to #fsl_shw_establish_key(). */ typedef enum fsl_shw_key_wrap_t { /*! Generate a key from random values. */ FSL_KEY_WRAP_CREATE, /*! Use the provided clear key. */ FSL_KEY_WRAP_ACCEPT, /*! Unwrap a previously wrapped key. */ FSL_KEY_WRAP_UNWRAP } fsl_shw_key_wrap_t; /*! * Modulus Selector for CTR modes. * * The incrementing of the Counter value may be modified by a modulus. If no * modulus is needed or desired for AES, use #FSL_CTR_MOD_128. */ typedef enum fsl_shw_ctr_mod_t { FSL_CTR_MOD_8, /*!< Run counter with modulus of 2^8. */ FSL_CTR_MOD_16, /*!< Run counter with modulus of 2^16. */ FSL_CTR_MOD_24, /*!< Run counter with modulus of 2^24. */ FSL_CTR_MOD_32, /*!< Run counter with modulus of 2^32. */ FSL_CTR_MOD_40, /*!< Run counter with modulus of 2^40. */ FSL_CTR_MOD_48, /*!< Run counter with modulus of 2^48. */ FSL_CTR_MOD_56, /*!< Run counter with modulus of 2^56. */ FSL_CTR_MOD_64, /*!< Run counter with modulus of 2^64. */ FSL_CTR_MOD_72, /*!< Run counter with modulus of 2^72. */ FSL_CTR_MOD_80, /*!< Run counter with modulus of 2^80. */ FSL_CTR_MOD_88, /*!< Run counter with modulus of 2^88. */ FSL_CTR_MOD_96, /*!< Run counter with modulus of 2^96. */ FSL_CTR_MOD_104, /*!< Run counter with modulus of 2^104. */ FSL_CTR_MOD_112, /*!< Run counter with modulus of 2^112. */ FSL_CTR_MOD_120, /*!< Run counter with modulus of 2^120. */ FSL_CTR_MOD_128 /*!< Run counter with modulus of 2^128. */ } fsl_shw_ctr_mod_t; /*! * Permissions flags for Secure Partitions */ typedef enum fsl_shw_permission_t { /*! SCM Access Permission: Do not zeroize/deallocate partition on SMN Fail state */ FSL_PERM_NO_ZEROIZE = 0x80000000, /*! SCM Access Permission: Enforce trusted key read in */ FSL_PERM_TRUSTED_KEY_READ = 0x40000000, /*! SCM Access Permission: Ignore Supervisor/User mode in permission determination */ FSL_PERM_HD_S = 0x00000800, /*! SCM Access Permission: Allow Read Access to Host Domain */ FSL_PERM_HD_R = 0x00000400, /*! SCM Access Permission: Allow Write Access to Host Domain */ FSL_PERM_HD_W = 0x00000200, /*! SCM Access Permission: Allow Execute Access to Host Domain */ FSL_PERM_HD_X = 0x00000100, /*! SCM Access Permission: Allow Read Access to Trusted Host Domain */ FSL_PERM_TH_R = 0x00000040, /*! SCM Access Permission: Allow Write Access to Trusted Host Domain */ FSL_PERM_TH_W = 0x00000020, /*! SCM Access Permission: Allow Read Access to Other/World Domain */ FSL_PERM_OT_R = 0x00000004, /*! SCM Access Permission: Allow Write Access to Other/World Domain */ FSL_PERM_OT_W = 0x00000002, /*! SCM Access Permission: Allow Execute Access to Other/World Domain */ FSL_PERM_OT_X = 0x00000001, } fsl_shw_permission_t; typedef enum fsl_shw_cypher_mode_t { FSL_SHW_CYPHER_MODE_ECB = 1, /*!< ECB mode */ FSL_SHW_CYPHER_MODE_CBC = 2, /*!< CBC mode */ } fsl_shw_cypher_mode_t; typedef enum fsl_shw_pf_key_t { FSL_SHW_PF_KEY_IIM, /*!< Present fused IIM key */ FSL_SHW_PF_KEY_PRG, /*!< Present Program key */ FSL_SHW_PF_KEY_IIM_PRG, /*!< Present IIM ^ Program key */ FSL_SHW_PF_KEY_IIM_RND, /*!< Present Random key */ FSL_SHW_PF_KEY_RND, /*!< Present IIM ^ Random key */ } fsl_shw_pf_key_t; typedef enum fsl_shw_tamper_t { FSL_SHW_TAMPER_NONE, /*!< No error detected */ FSL_SHW_TAMPER_WTD, /*!< wire-mesh tampering det */ FSL_SHW_TAMPER_ETBD, /*!< ext tampering det: input B */ FSL_SHW_TAMPER_ETAD, /*!< ext tampering det: input A */ FSL_SHW_TAMPER_EBD, /*!< external boot detected */ FSL_SHW_TAMPER_SAD, /*!< security alarm detected */ FSL_SHW_TAMPER_TTD, /*!< temperature tampering det */ FSL_SHW_TAMPER_CTD, /*!< clock tampering det */ FSL_SHW_TAMPER_VTD, /*!< voltage tampering det */ FSL_SHW_TAMPER_MCO, /*!< monotonic counter overflow */ FSL_SHW_TAMPER_TCO, /*!< time counter overflow */ } fsl_shw_tamper_t; /****************************************************************************** * Data Structures *****************************************************************************/ /*! * * @brief Structure type for descriptors * * The first five fields are passed to the hardware. * *****************************************************************************/ #ifndef USE_NEW_PTRS /* Experimental */ typedef struct sah_Desc { uint32_t header; /*!< descriptor header value */ uint32_t len1; /*!< number of data bytes in 'ptr1' buffer */ void *ptr1; /*!< pointer to first sah_Link structure */ uint32_t len2; /*!< number of data bytes in 'ptr2' buffer */ void *ptr2; /*!< pointer to second sah_Link structure */ struct sah_Desc *next; /*!< pointer to next descriptor */ #ifdef __KERNEL__ /* This needs a better test */ /* These two must be last. See sah_Copy_Descriptors */ struct sah_Desc *virt_addr; /*!< Virtual (kernel) address of this descriptor. */ dma_addr_t dma_addr; /*!< Physical (bus) address of this descriptor. */ void *original_ptr1; /*!< user's pointer to ptr1 */ void *original_ptr2; /*!< user's pointer to ptr2 */ struct sah_Desc *original_next; /*!< user's pointer to next */ #endif } sah_Desc; #else typedef struct sah_Desc { uint32_t header; /*!< descriptor header value */ uint32_t len1; /*!< number of data bytes in 'ptr1' buffer */ uint32_t hw_ptr1; /*!< pointer to first sah_Link structure */ uint32_t len2; /*!< number of data bytes in 'ptr2' buffer */ uint32_t hw_ptr2; /*!< pointer to second sah_Link structure */ uint32_t hw_next; /*!< pointer to next descriptor */ struct sah_Link *ptr1; /*!< (virtual) pointer to first sah_Link structure */ struct sah_Link *ptr2; /*!< (virtual) pointer to first sah_Link structure */ struct sah_Desc *next; /*!< (virtual) pointer to next descriptor */ #ifdef __KERNEL__ /* This needs a better test */ /* These two must be last. See sah_Copy_Descriptors */ struct sah_Desc *virt_addr; /*!< Virtual (kernel) address of this descriptor. */ dma_addr_t dma_addr; /*!< Physical (bus) address of this descriptor. */ #endif } sah_Desc; #endif /*! ******************************************************************************* * @brief The first descriptor in a chain ******************************************************************************/ typedef struct sah_Head_Desc { sah_Desc desc; /*!< whole struct - must be first */ struct fsl_shw_uco_t *user_info; /*!< where result pool lives */ uint32_t user_ref; /*!< at time of request */ uint32_t uco_flags; /*!< at time of request */ uint32_t status; /*!< Status of queue entry */ uint32_t error_status; /*!< If error, register from Sahara */ uint32_t fault_address; /*!< If error, register from Sahara */ uint32_t op_status; /*!< If error, register from Sahara */ fsl_shw_return_t result; /*!< Result of running descriptor */ struct sah_Head_Desc *next; /*!< Next in queue */ struct sah_Head_Desc *prev; /*!< previous in queue */ struct sah_Head_Desc *user_desc; /*!< For API async get_results */ void *out1_ptr; /*!< For async post-processing */ void *out2_ptr; /*!< For async post-processing */ uint32_t out_len; /*!< For async post-processing */ } sah_Head_Desc; /*! * @brief Structure type for links * * The first three fields are used by hardware. *****************************************************************************/ #ifndef USE_NEW_PTRS typedef struct sah_Link { size_t len; /*!< len of 'data' buffer in bytes */ uint8_t *data; /*!< buffer to store data */ struct sah_Link *next; /*!< pointer to the next sah_Link storing * data */ sah_Link_Flags flags; /*!< indicates the component that created the * data buffer. Security Function internal * information */ key_userid_t ownerid; /*!< Auth code for established key */ uint32_t slot; /*!< Location of the the established key */ #ifdef __KERNEL__ /* This needs a better test */ /* These two elements must be last. See sah_Copy_Links() */ struct sah_Link *virt_addr; dma_addr_t dma_addr; #if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)) struct page *vm_info; #endif uint8_t *original_data; /*!< user's version of data pointer */ struct sah_Link *original_next; /*!< user's version of next pointer */ #ifdef SAH_COPY_DATA uint8_t *copy_data; /*!< Virtual address of acquired buffer */ #endif #endif /* kernel-only */ } sah_Link; #else typedef struct sah_Link { /*! len of 'data' buffer in bytes */ size_t len; /*! buffer to store data */ uint32_t hw_data; /*! Physical address */ uint32_t hw_next; /*! * indicates the component that created the data buffer. Security Function * internal information */ sah_Link_Flags flags; /*! (virtual) pointer to data */ uint8_t *data; /*! (virtual) pointer to the next sah_Link storing data */ struct sah_Link *next; /*! Auth code for established key */ key_userid_t ownerid; /*! Location of the the established key */ uint32_t slot; #ifdef __KERNEL__ /* This needs a better test */ /* These two elements must be last. See sah_Copy_Links() */ struct sah_Link *virt_addr; dma_addr_t dma_addr; #if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)) struct page *vm_info; #endif #endif /* kernel-only */ } sah_Link; #endif /*! * Initialization Object */ typedef struct fsl_sho_ibo_t { } fsl_sho_ibo_t; /* Imported from Sahara1 driver -- is it needed forever? */ /*! ******************************************************************************* * FIELDS * * void * ref - parameter to be passed into the memory function calls * * void * (*malloc)(void *ref, size_t n) - pointer to user's malloc function * * void (*free)(void *ref, void *ptr) - pointer to user's free function * * void * (*memcpy)(void *ref, void *dest, const void *src, size_t n) - * pointer to user's memcpy function * * void * (*memset)(void *ref, void *ptr, int ch, size_t n) - pointer to * user's memset function * * @brief Structure for API memory utilities ******************************************************************************/ typedef struct sah_Mem_Util { /*! Who knows. Vestigial. */ void *mu_ref; /*! Acquire buffer of size n bytes */ void *(*mu_malloc) (void *ref, size_t n); /*! Acquire a sah_Head_Desc */ sah_Head_Desc *(*mu_alloc_head_desc) (void *ref); /* Acquire a sah_Desc */ sah_Desc *(*mu_alloc_desc) (void *ref); /* Acquire a sah_Link */ sah_Link *(*mu_alloc_link) (void *ref); /*! Free buffer at ptr */ void (*mu_free) (void *ref, void *ptr); /*! Free sah_Head_Desc at ptr */ void (*mu_free_head_desc) (void *ref, sah_Head_Desc * ptr); /*! Free sah_Desc at ptr */ void (*mu_free_desc) (void *ref, sah_Desc * ptr); /*! Free sah_Link at ptr */ void (*mu_free_link) (void *ref, sah_Link * ptr); /*! Funciton which will copy n bytes from src to dest */ void *(*mu_memcpy) (void *ref, void *dest, const void *src, size_t n); /*! Set all n bytes of ptr to ch */ void *(*mu_memset) (void *ref, void *ptr, int ch, size_t n); } sah_Mem_Util; /*! * Secure Partition information * * This holds the context to a single secure partition owned by the user. It * is only available in the kernel version of the User Context Object. */ typedef struct fsl_shw_spo_t { uint32_t user_base; /*!< Base address (user virtual) */ void *kernel_base; /*!< Base address (kernel virtual) */ struct fsl_shw_spo_t *next; /*!< Pointer to the next partition owned by the user. NULL if this is the last partition. */ } fsl_shw_spo_t; /* REQ-S2LRD-PINTFC-COA-UCO-001 */ /*! * User Context Object */ typedef struct fsl_shw_uco_t { int sahara_openfd; /*!< this should be kernel-only?? */ sah_Mem_Util *mem_util; /*!< Memory utility fns */ uint32_t user_ref; /*!< User's reference */ void (*callback) (struct fsl_shw_uco_t * uco); /*!< User's callback fn */ uint32_t flags; /*!< from fsl_shw_user_ctx_flags_t */ unsigned pool_size; /*!< maximum size of user pool */ #ifdef __KERNEL__ sah_Queue result_pool; /*!< where non-blocking results go */ os_process_handle_t process; /*!< remember for signalling User mode */ fsl_shw_spo_t *partition; /*!< chain of secure partitions owned by the user */ #else struct fsl_shw_uco_t *next; /*!< To allow user-mode chaining of contexts, for signalling. */ #endif } fsl_shw_uco_t; /* REQ-S2LRD-PINTFC-API-GEN-006 ?? */ /*! * Result object */ typedef struct fsl_shw_result_t { uint32_t user_ref; fsl_shw_return_t code; uint32_t detail1; uint32_t detail2; sah_Head_Desc *user_desc; } fsl_shw_result_t; /*! * Keystore Object */ typedef struct fsl_shw_kso_t { #ifdef __KERNEL__ os_lock_t lock; /*!< Pointer to lock that controls access to the keystore. */ #endif void *user_data; /*!< Pointer to user structure that handles the internals of the keystore. */ fsl_shw_return_t(*data_init) (fsl_shw_uco_t * user_ctx, void **user_data); void (*data_cleanup) (fsl_shw_uco_t * user_ctx, void **user_data); fsl_shw_return_t(*slot_verify_access) (void *user_data, uint64_t owner_id, uint32_t slot); fsl_shw_return_t(*slot_alloc) (void *user_data, uint32_t size_bytes, uint64_t owner_id, uint32_t * slot); fsl_shw_return_t(*slot_dealloc) (void *user_data, uint64_t owner_id, uint32_t slot); void *(*slot_get_address) (void *user_data, uint32_t slot); uint32_t(*slot_get_base) (void *user_data, uint32_t slot); uint32_t(*slot_get_offset) (void *user_data, uint32_t slot); uint32_t(*slot_get_slot_size) (void *user_data, uint32_t slot); } fsl_shw_kso_t; /* REQ-S2LRD-PINTFC-COA-SKO-001 */ /*! * Secret Key Context Object */ typedef struct fsl_shw_sko_t { uint32_t flags; fsl_shw_key_alg_t algorithm; key_userid_t userid; uint32_t handle; uint16_t key_length; uint8_t key[64]; struct fsl_shw_kso_t *keystore; /*!< If present, key is in keystore */ } fsl_shw_sko_t; /* REQ-S2LRD-PINTFC-COA-CO-001 */ /*! * @brief Platform Capability Object */ typedef struct fsl_shw_pco_t { /* Consider turning these constants into symbols */ int api_major; int api_minor; int driver_major; int driver_minor; fsl_shw_key_alg_t sym_algorithms[4]; fsl_shw_sym_mode_t sym_modes[4]; fsl_shw_hash_alg_t hash_algorithms[4]; uint8_t sym_support[5][4]; /* indexed by key alg then mode */ int scc_driver_major; int scc_driver_minor; int scm_version; /*!< Version from SCM Configuration register */ int smn_version; /*!< Version from SMN Status register */ int block_size_bytes; /*!< Number of bytes per block of RAM; also block size of the crypto algorithm. */ union { struct { int black_ram_size_blocks; /*!< Number of blocks of Black RAM */ int red_ram_size_blocks; /*!< Number of blocks of Red RAM */ } scc_info; struct { int partition_size_bytes; /*!< Number of bytes in each partition */ int partition_count; /*!< Number of partitions on this platform */ } scc2_info; }; } fsl_shw_pco_t; /* REQ-S2LRD-PINTFC-COA-HCO-001 */ /*! * Hash Context Object */ typedef struct fsl_shw_hco_t { /* fsl_shw_hash_context_object */ fsl_shw_hash_alg_t algorithm; uint32_t flags; uint8_t digest_length; /* in bytes */ uint8_t context_length; /* in bytes */ uint8_t context_register_length; /* in bytes */ /* ensure following HW buffers not cached with surrounding fields */ uint8_t cache_front_pad[64]; /* fill out cache line */ uint32_t context[9]; /* largest digest + msg size */ uint8_t cache_back_pad[64]; /* fill out cache line */ } fsl_shw_hco_t; /*! * HMAC Context Object */ typedef struct fsl_shw_hmco_t { /* fsl_shw_hmac_context_object */ fsl_shw_hash_alg_t algorithm; uint32_t flags; uint8_t digest_length; /*!< in bytes */ uint8_t context_length; /*!< in bytes */ uint8_t context_register_length; /*!< in bytes */ /* ensure following HW buffers not cached with surrounding fields */ uint8_t cache_front_pad[64]; /* fill out cache line */ uint32_t ongoing_context[9]; /**< largest digest + msg size */ uint32_t inner_precompute[9]; /**< largest digest + msg size */ uint32_t outer_precompute[9]; /**< largest digest + msg size */ uint8_t cache_back_pad[64]; /* fill out cache line */ } fsl_shw_hmco_t; /* REQ-S2LRD-PINTFC-COA-SCCO-001 */ /*! * Symmetric Crypto Context Object Context Object */ typedef struct fsl_shw_scco_t { uint32_t flags; unsigned block_size_bytes; /* double duty block&ctx size */ fsl_shw_sym_mode_t mode; /* Could put modulus plus 16-octet context in union with arc4 sbox+ptrs... */ fsl_shw_ctr_mod_t modulus_exp; /* ensure following HW buffers not cached with surrounding fields */ uint8_t cache_front_pad[64]; /* fill out cache line */ uint8_t context[259]; uint8_t cache_back_pad[64]; /* fill out cache line */ } fsl_shw_scco_t; /*! * Authenticate-Cipher Context Object * An object for controlling the function of, and holding information about, * data for the authenticate-cipher functions, #fsl_shw_gen_encrypt() and * #fsl_shw_auth_decrypt(). */ typedef struct fsl_shw_acco_t { uint32_t flags; /*!< See #fsl_shw_auth_ctx_flags_t for meanings */ fsl_shw_acc_mode_t mode; /*!< CCM only */ uint8_t mac_length; /*!< User's value for length */ unsigned q_length; /*!< NIST parameter - */ fsl_shw_scco_t cipher_ctx_info; /*!< For running encrypt/decrypt. */ union { fsl_shw_scco_t CCM_ctx_info; /*!< For running the CBC in AES-CCM. */ fsl_shw_hco_t hash_ctx_info; /*!< For running the hash */ } auth_info; /*!< "auth" info struct */ uint8_t unencrypted_mac[16]; /*!< max block size... */ /* ensure above HW buffer not cached with any following variables */ uint8_t cache_back_pad[64]; /* fill out cache line */ } fsl_shw_acco_t; /*! * Used by Sahara API to retrieve completed non-blocking results. */ typedef struct sah_results { unsigned requested; /*!< number of results requested */ unsigned *actual; /*!< number of results obtained */ fsl_shw_result_t *results; /*!< pointer to memory to hold results */ } sah_results; /*! * @typedef scc_partition_status_t */ /*! Partition status information. */ typedef enum fsl_shw_partition_status_t { FSL_PART_S_UNUSABLE, /*!< Partition not implemented */ FSL_PART_S_UNAVAILABLE, /*!< Partition owned by other host */ FSL_PART_S_AVAILABLE, /*!< Partition available */ FSL_PART_S_ALLOCATED, /*!< Partition owned by host but not engaged */ FSL_PART_S_ENGAGED, /*!< Partition owned by host and engaged */ } fsl_shw_partition_status_t; /****************************************************************************** * Access Macros for Objects *****************************************************************************/ /*! * Get FSL SHW API version * * @param pcobject The Platform Capababilities Object to query. * @param[out] pcmajor A pointer to where the major version * of the API is to be stored. * @param[out] pcminor A pointer to where the minor version * of the API is to be stored. */ #define fsl_shw_pco_get_version(pcobject, pcmajor, pcminor) \ { \ *(pcmajor) = (pcobject)->api_major; \ *(pcminor) = (pcobject)->api_minor; \ } /*! * Get underlying driver version. * * @param pcobject The Platform Capababilities Object to query. * @param[out] pcmajor A pointer to where the major version * of the driver is to be stored. * @param[out] pcminor A pointer to where the minor version * of the driver is to be stored. */ #define fsl_shw_pco_get_driver_version(pcobject, pcmajor, pcminor) \ { \ *(pcmajor) = (pcobject)->driver_major; \ *(pcminor) = (pcobject)->driver_minor; \ } /*! * Get list of symmetric algorithms supported. * * @param pcobject The Platform Capababilities Object to query. * @param[out] pcalgorithms A pointer to where to store the location of * the list of algorithms. * @param[out] pcacount A pointer to where to store the number of * algorithms in the list at @a algorithms. */ #define fsl_shw_pco_get_sym_algorithms(pcobject, pcalgorithms, pcacount) \ { \ *(pcalgorithms) = (pcobject)->sym_algorithms; \ *(pcacount) = sizeof((pcobject)->sym_algorithms)/4; \ } /*! * Get list of symmetric modes supported. * * @param pcobject The Platform Capababilities Object to query. * @param[out] gsmodes A pointer to where to store the location of * the list of modes. * @param[out] gsacount A pointer to where to store the number of * algorithms in the list at @a modes. */ #define fsl_shw_pco_get_sym_modes(pcobject, gsmodes, gsacount) \ { \ *(gsmodes) = (pcobject)->sym_modes; \ *(gsacount) = sizeof((pcobject)->sym_modes)/4; \ } /*! * Get list of hash algorithms supported. * * @param pcobject The Platform Capababilities Object to query. * @param[out] gsalgorithms A pointer which will be set to the list of * algorithms. * @param[out] gsacount The number of algorithms in the list at @a * algorithms. */ #define fsl_shw_pco_get_hash_algorithms(pcobject, gsalgorithms, gsacount) \ { \ *(gsalgorithms) = (pcobject)->hash_algorithms; \ *(gsacount) = sizeof((pcobject)->hash_algorithms)/4; \ } /*! * Determine whether the combination of a given symmetric algorithm and a given * mode is supported. * * @param pcobject The Platform Capababilities Object to query. * @param pcalg A Symmetric Cipher algorithm. * @param pcmode A Symmetric Cipher mode. * * @return 0 if combination is not supported, non-zero if supported. */ #define fsl_shw_pco_check_sym_supported(pcobject, pcalg, pcmode) \ ((pcobject)->sym_support[pcalg][pcmode]) /*! * Determine whether a given Encryption-Authentication mode is supported. * * @param pcobject The Platform Capababilities Object to query. * @param pcmode The Authentication mode. * * @return 0 if mode is not supported, non-zero if supported. */ #define fsl_shw_pco_check_auth_supported(pcobject, pcmode) \ ((pcmode == FSL_ACC_MODE_CCM) ? 1 : 0) /*! * Determine whether Black Keys (key establishment / wrapping) is supported. * * @param pcobject The Platform Capababilities Object to query. * * @return 0 if wrapping is not supported, non-zero if supported. */ #define fsl_shw_pco_check_black_key_supported(pcobject) \ 1 /*! * Determine whether Programmed Key features are available * * @param pc_info The Platform Capabilities Object to query. * * @return 1 if Programmed Key features are available, otherwise zero. */ #define fsl_shw_pco_check_pk_supported(pcobject) \ 0 /*! * Determine whether Software Key features are available * * @param pc_info The Platform Capabilities Object to query. * * @return 1 if Software key features are available, otherwise zero. */ #define fsl_shw_pco_check_sw_keys_supported(pcobject) \ 0 /*! * Get FSL SHW SCC driver version * * @param pcobject The Platform Capabilities Object to query. * @param[out] pcmajor A pointer to where the major version * of the SCC driver is to be stored. * @param[out] pcminor A pointer to where the minor version * of the SCC driver is to be stored. */ #define fsl_shw_pco_get_scc_driver_version(pcobject, pcmajor, pcminor) \ { \ *(pcmajor) = (pcobject)->scc_driver_major; \ *(pcminor) = (pcobject)->scc_driver_minor; \ } /*! * Get SCM hardware version * * @param pcobject The Platform Capabilities Object to query. * @return The SCM hardware version */ #define fsl_shw_pco_get_scm_version(pcobject) \ ((pcobject)->scm_version) /*! * Get SMN hardware version * * @param pcobject The Platform Capabilities Object to query. * @return The SMN hardware version */ #define fsl_shw_pco_get_smn_version(pcobject) \ ((pcobject)->smn_version) /*! * Get the size of an SCM block, in bytes * * @param pcobject The Platform Capabilities Object to query. * @return The size of an SCM block, in bytes. */ #define fsl_shw_pco_get_scm_block_size(pcobject) \ ((pcobject)->block_size_bytes) /*! * Get size of Black and Red RAM memory * * @param pcobject The Platform Capabilities Object to query. * @param[out] black_size A pointer to where the size of the Black RAM, in * blocks, is to be placed. * @param[out] red_size A pointer to where the size of the Red RAM, in * blocks, is to be placed. */ #define fsl_shw_pco_get_smn_size(pcobject, black_size, red_size) \ { \ if ((pcobject)->scm_version == 1) { \ *(black_size) = (pcobject)->scc_info.black_ram_size_blocks; \ *(red_size) = (pcobject)->scc_info.red_ram_size_blocks; \ } else { \ *(black_size) = 0; \ *(red_size) = 0; \ } \ } /*! * Determine whether Secure Partitions are supported * * @param pcobject The Platform Capabilities Object to query. * * @return 0 if secure partitions are not supported, non-zero if supported. */ #define fsl_shw_pco_check_spo_supported(pcobject) \ ((pcobject)->scm_version == 2) /*! * Get the size of a Secure Partitions * * @param pcobject The Platform Capabilities Object to query. * * @return Partition size, in bytes. 0 if Secure Partitions not supported. */ #define fsl_shw_pco_get_spo_size_bytes(pcobject) \ (((pcobject)->scm_version == 2) ? \ ((pcobject)->scc2_info.partition_size_bytes) : 0 ) /*! * Get the number of Secure Partitions on this platform * * @param pcobject The Platform Capabilities Object to query. * * @return Number of partitions. 0 if Secure Paritions not supported. Note * that this returns the total number of partitions, not all may be * available to the user. */ #define fsl_shw_pco_get_spo_count(pcobject) \ (((pcobject)->scm_version == 2) ? \ ((pcobject)->scc2_info.partition_count) : 0 ) /*! * Initialize a User Context Object. * * This function must be called before performing any other operation with the * Object. It sets the User Context Object to initial values, and set the size * of the results pool. The mode will be set to a default of * #FSL_UCO_BLOCKING_MODE. * * When using non-blocking operations, this sets the maximum number of * operations which can be outstanding. This number includes the counts of * operations waiting to start, operation(s) being performed, and results which * have not been retrieved. * * Changes to this value are ignored once user registration has completed. It * should be set to 1 if only blocking operations will ever be performed. * * @param ucontext The User Context object to operate on. * @param usize The maximum number of operations which can be * outstanding. */ #ifdef __KERNEL__ #define fsl_shw_uco_init(ucontext, usize) \ { \ (ucontext)->pool_size = usize; \ (ucontext)->flags = FSL_UCO_BLOCKING_MODE; \ (ucontext)->sahara_openfd = -1; \ (ucontext)->mem_util = NULL; \ (ucontext)->partition = NULL; \ (ucontext)->callback = NULL; \ } #else #define fsl_shw_uco_init(ucontext, usize) \ { \ (ucontext)->pool_size = usize; \ (ucontext)->flags = FSL_UCO_BLOCKING_MODE; \ (ucontext)->sahara_openfd = -1; \ (ucontext)->mem_util = NULL; \ (ucontext)->callback = NULL; \ } #endif /*! * Set the User Reference for the User Context. * * @param ucontext The User Context object to operate on. * @param uref A value which will be passed back with a result. */ #define fsl_shw_uco_set_reference(ucontext, uref) \ (ucontext)->user_ref = uref /*! * Set the User Reference for the User Context. * * @param ucontext The User Context object to operate on. * @param ucallback The function the API will invoke when an operation * completes. */ #define fsl_shw_uco_set_callback(ucontext, ucallback) \ (ucontext)->callback = ucallback /*! * Set flags in the User Context. * * Turns on the flags specified in @a flags. Other flags are untouched. * * @param ucontext The User Context object to operate on. * @param uflags ORed values from #fsl_shw_user_ctx_flags_t. */ #define fsl_shw_uco_set_flags(ucontext, uflags) \ (ucontext)->flags |= (uflags) /*! * Clear flags in the User Context. * * Turns off the flags specified in @a flags. Other flags are untouched. * * @param ucontext The User Context object to operate on. * @param uflags ORed values from #fsl_shw_user_ctx_flags_t. */ #define fsl_shw_uco_clear_flags(ucontext, uflags) \ (ucontext)->flags &= ~(uflags) /*! * Retrieve the reference value from a Result Object. * * @param robject The result object to query. * * @return The reference associated with the request. */ #define fsl_shw_ro_get_reference(robject) \ (robject)->user_ref /*! * Retrieve the status code from a Result Object. * * @param robject The result object to query. * * @return The status of the request. */ #define fsl_shw_ro_get_status(robject) \ (robject)->code /*! * Initialize a Secret Key Object. * * This function must be called before performing any other operation with * the Object. * * @param skobject The Secret Key Object to be initialized. * @param skalgorithm DES, AES, etc. * */ #define fsl_shw_sko_init(skobject,skalgorithm) \ { \ (skobject)->algorithm = skalgorithm; \ (skobject)->flags = 0; \ (skobject)->keystore = NULL; \ } /*! * Initialize a Secret Key Object to use a Platform Key register. * * This function must be called before performing any other operation with * the Object. INVALID on this platform. * * @param skobject The Secret Key Object to be initialized. * @param skalgorithm DES, AES, etc. * @param skhwkey one of the fsl_shw_pf_key_t values. * */ #define fsl_shw_sko_init_pf_key(skobject,skalgorithm,skhwkey) \ { \ (skobject)->algorithm = -1; \ (skobject)->flags = -1; \ (skobject)->keystore = NULL; \ } /*! * Store a cleartext key in the key object. * * This has the side effect of setting the #FSL_SKO_KEY_PRESENT flag and * resetting the #FSL_SKO_KEY_ESTABLISHED flag. * * @param skobject A variable of type #fsl_shw_sko_t. * @param skkey A pointer to the beginning of the key. * @param skkeylen The length, in octets, of the key. The value should be * appropriate to the key size supported by the algorithm. * 64 octets is the absolute maximum value allowed for this * call. */ #define fsl_shw_sko_set_key(skobject, skkey, skkeylen) \ { \ (skobject)->key_length = skkeylen; \ copy_bytes((skobject)->key, skkey, skkeylen); \ (skobject)->flags |= FSL_SKO_KEY_PRESENT; \ (skobject)->flags &= ~FSL_SKO_KEY_ESTABLISHED; \ } /*! * Set a size for the key. * * This function would normally be used when the user wants the key to be * generated from a random source. * * @param skobject A variable of type #fsl_shw_sko_t. * @param skkeylen The length, in octets, of the key. The value should be * appropriate to the key size supported by the algorithm. * 64 octets is the absolute maximum value allowed for this * call. */ #define fsl_shw_sko_set_key_length(skobject, skkeylen) \ (skobject)->key_length = skkeylen; /*! * Set the User ID associated with the key. * * @param skobject A variable of type #fsl_shw_sko_t. * @param skuserid The User ID to identify authorized users of the key. */ #define fsl_shw_sko_set_user_id(skobject, skuserid) \ (skobject)->userid = (skuserid) /*! * Establish a user Keystore to hold the key. */ #define fsl_shw_sko_set_keystore(skobject, user_keystore) \ (skobject)->keystore = (user_keystore) /*! * Set the establish key handle into a key object. * * The @a userid field will be used to validate the access to the unwrapped * key. This feature is not available for all platforms, nor for all * algorithms and modes. * * The #FSL_SKO_KEY_ESTABLISHED will be set (and the #FSL_SKO_KEY_PRESENT flag * will be cleared). * * @param skobject A variable of type #fsl_shw_sko_t. * @param skuserid The User ID to verify this user is an authorized user of * the key. * @param skhandle A @a handle from #fsl_shw_sko_get_established_info. */ #define fsl_shw_sko_set_established_info(skobject, skuserid, skhandle) \ { \ (skobject)->userid = (skuserid); \ (skobject)->handle = (skhandle); \ (skobject)->flags |= FSL_SKO_KEY_ESTABLISHED; \ (skobject)->flags &= \ ~(FSL_SKO_KEY_PRESENT); \ } /*! * Retrieve the established-key handle from a key object. * * @param skobject A variable of type #fsl_shw_sko_t. * @param skhandle The location to store the @a handle of the unwrapped * key. */ #define fsl_shw_sko_get_established_info(skobject, skhandle) \ *(skhandle) = (skobject)->handle /*! * Extract the algorithm from a key object. * * @param skobject The Key Object to be queried. * @param[out] skalgorithm A pointer to the location to store the algorithm. */ #define fsl_shw_sko_get_algorithm(skobject, skalgorithm) \ *(skalgorithm) = (skobject)->algorithm /*! * Retrieve the cleartext key from a key object that is stored in a user * keystore. * * @param skobject The Key Object to be queried. * @param[out] skkey A pointer to the location to store the key. NULL * if the key is not stored in a user keystore. */ #define fsl_shw_sko_get_key(skobject, skkey) \ { \ fsl_shw_kso_t* keystore = (skobject)->keystore; \ if (keystore != NULL) { \ *(skkey) = keystore->slot_get_address(keystore->user_data, \ (skobject)->handle); \ } else { \ *(skkey) = NULL; \ } \ } /*! * Determine the size of a wrapped key based upon the cleartext key's length. * * This function can be used to calculate the number of octets that * #fsl_shw_extract_key() will write into the location at @a covered_key. * * If zero is returned at @a length, this means that the key length in * @a key_info is not supported. * * @param wkeyinfo Information about a key to be wrapped. * @param wkeylen Location to store the length of a wrapped * version of the key in @a key_info. */ #define fsl_shw_sko_calculate_wrapped_size(wkeyinfo, wkeylen) \ { \ register fsl_shw_sko_t* kp = wkeyinfo; \ register uint32_t kl = kp->key_length; \ int key_blocks = (kl + 15) / 16; \ int base_size = 35; /* ICV + T' + ALG + LEN + FLAGS */ \ \ *(wkeylen) = base_size + 16 * key_blocks; \ } /*! * Set some flags in the key object. * * Turns on the flags specified in @a flags. Other flags are untouched. * * @param skobject A variable of type #fsl_shw_sko_t. * @param skflags (One or more) ORed members of #fsl_shw_key_flags_t which * are to be set. */ #define fsl_shw_sko_set_flags(skobject, skflags) \ (skobject)->flags |= (skflags) /*! * Clear some flags in the key object. * * Turns off the flags specified in @a flags. Other flags are untouched. * * @param skobject A variable of type #fsl_shw_sko_t. * @param skflags (One or more) ORed members of #fsl_shw_key_flags_t * which are to be reset. */ #define fsl_shw_sko_clear_flags(skobject, skflags) \ (skobject)->flags &= ~(skflags) /*! * Initialize a Hash Context Object. * * This function must be called before performing any other operation with the * Object. It sets the current message length and hash algorithm in the hash * context object. * * @param hcobject The hash context to operate upon. * @param hcalgorithm The hash algorithm to be used (#FSL_HASH_ALG_MD5, * #FSL_HASH_ALG_SHA256, etc). * */ #define fsl_shw_hco_init(hcobject, hcalgorithm) \ { \ (hcobject)->algorithm = hcalgorithm; \ (hcobject)->flags = 0; \ switch (hcalgorithm) { \ case FSL_HASH_ALG_MD5: \ (hcobject)->digest_length = 16; \ (hcobject)->context_length = 16; \ (hcobject)->context_register_length = 24; \ break; \ case FSL_HASH_ALG_SHA1: \ (hcobject)->digest_length = 20; \ (hcobject)->context_length = 20; \ (hcobject)->context_register_length = 24; \ break; \ case FSL_HASH_ALG_SHA224: \ (hcobject)->digest_length = 28; \ (hcobject)->context_length = 32; \ (hcobject)->context_register_length = 36; \ break; \ case FSL_HASH_ALG_SHA256: \ (hcobject)->digest_length = 32; \ (hcobject)->context_length = 32; \ (hcobject)->context_register_length = 36; \ break; \ default: \ /* error ! */ \ (hcobject)->digest_length = 1; \ (hcobject)->context_length = 1; \ (hcobject)->context_register_length = 1; \ break; \ } \ } /*! * Get the current hash value and message length from the hash context object. * * The algorithm must have already been specified. See #fsl_shw_hco_init(). * * @param hcobject The hash context to query. * @param[out] hccontext Pointer to the location of @a length octets where to * store a copy of the current value of the digest. * @param hcclength Number of octets of hash value to copy. * @param[out] hcmsglen Pointer to the location to store the number of octets * already hashed. */ #define fsl_shw_hco_get_digest(hcobject, hccontext, hcclength, hcmsglen) \ { \ copy_bytes(hccontext, (hcobject)->context, hcclength); \ if ((hcobject)->algorithm == FSL_HASH_ALG_SHA224 \ || (hcobject)->algorithm == FSL_HASH_ALG_SHA256) { \ *(hcmsglen) = (hcobject)->context[8]; \ } else { \ *(hcmsglen) = (hcobject)->context[5]; \ } \ } /*! * Get the hash algorithm from the hash context object. * * @param hcobject The hash context to query. * @param[out] hcalgorithm Pointer to where the algorithm is to be stored. */ #define fsl_shw_hco_get_info(hcobject, hcalgorithm) \ { \ *(hcalgorithm) = (hcobject)->algorithm; \ } /*! * Set the current hash value and message length in the hash context object. * * The algorithm must have already been specified. See #fsl_shw_hco_init(). * * @param hcobject The hash context to operate upon. * @param hccontext Pointer to buffer of appropriate length to copy into * the hash context object. * @param hcmsglen The number of octets of the message which have * already been hashed. * */ #define fsl_shw_hco_set_digest(hcobject, hccontext, hcmsglen) \ { \ copy_bytes((hcobject)->context, hccontext, (hcobject)->context_length); \ if (((hcobject)->algorithm == FSL_HASH_ALG_SHA224) \ || ((hcobject)->algorithm == FSL_HASH_ALG_SHA256)) { \ (hcobject)->context[8] = hcmsglen; \ } else { \ (hcobject)->context[5] = hcmsglen; \ } \ } /*! * Set flags in a Hash Context Object. * * Turns on the flags specified in @a flags. Other flags are untouched. * * @param hcobject The hash context to be operated on. * @param hcflags The flags to be set in the context. These can be ORed * members of #fsl_shw_hash_ctx_flags_t. */ #define fsl_shw_hco_set_flags(hcobject, hcflags) \ (hcobject)->flags |= (hcflags) /*! * Clear flags in a Hash Context Object. * * Turns off the flags specified in @a flags. Other flags are untouched. * * @param hcobject The hash context to be operated on. * @param hcflags The flags to be reset in the context. These can be ORed * members of #fsl_shw_hash_ctx_flags_t. */ #define fsl_shw_hco_clear_flags(hcobject, hcflags) \ (hcobject)->flags &= ~(hcflags) /*! * Initialize an HMAC Context Object. * * This function must be called before performing any other operation with the * Object. It sets the current message length and hash algorithm in the HMAC * context object. * * @param hcobject The HMAC context to operate upon. * @param hcalgorithm The hash algorithm to be used (#FSL_HASH_ALG_MD5, * #FSL_HASH_ALG_SHA256, etc). * */ #define fsl_shw_hmco_init(hcobject, hcalgorithm) \ fsl_shw_hco_init(hcobject, hcalgorithm) /*! * Set flags in an HMAC Context Object. * * Turns on the flags specified in @a flags. Other flags are untouched. * * @param hcobject The HMAC context to be operated on. * @param hcflags The flags to be set in the context. These can be ORed * members of #fsl_shw_hmac_ctx_flags_t. */ #define fsl_shw_hmco_set_flags(hcobject, hcflags) \ (hcobject)->flags |= (hcflags) /*! * Clear flags in an HMAC Context Object. * * Turns off the flags specified in @a flags. Other flags are untouched. * * @param hcobject The HMAC context to be operated on. * @param hcflags The flags to be reset in the context. These can be ORed * members of #fsl_shw_hmac_ctx_flags_t. */ #define fsl_shw_hmco_clear_flags(hcobject, hcflags) \ (hcobject)->flags &= ~(hcflags) /*! * Initialize a Symmetric Cipher Context Object. * * This function must be called before performing any other operation with the * Object. This will set the @a mode and @a algorithm and initialize the * Object. * * @param scobject The context object to operate on. * @param scalg The cipher algorithm this context will be used with. * @param scmode #FSL_SYM_MODE_CBC, #FSL_SYM_MODE_ECB, etc. * */ #define fsl_shw_scco_init(scobject, scalg, scmode) \ { \ register uint32_t bsb; /* block-size bytes */ \ \ switch (scalg) { \ case FSL_KEY_ALG_AES: \ bsb = 16; \ break; \ case FSL_KEY_ALG_DES: \ /* fall through */ \ case FSL_KEY_ALG_TDES: \ bsb = 8; \ break; \ case FSL_KEY_ALG_ARC4: \ bsb = 259; \ break; \ case FSL_KEY_ALG_HMAC: \ bsb = 1; /* meaningless */ \ break; \ default: \ bsb = 00; \ } \ (scobject)->block_size_bytes = bsb; \ (scobject)->mode = scmode; \ (scobject)->flags = 0; \ } /*! * Set the flags for a Symmetric Cipher Context. * * Turns on the flags specified in @a flags. Other flags are untouched. * * @param scobject The context object to operate on. * @param scflags The flags to reset (one or more values from * #fsl_shw_sym_ctx_flags_t ORed together). * */ #define fsl_shw_scco_set_flags(scobject, scflags) \ (scobject)->flags |= (scflags) /*! * Clear some flags in a Symmetric Cipher Context Object. * * Turns off the flags specified in @a flags. Other flags are untouched. * * @param scobject The context object to operate on. * @param scflags The flags to reset (one or more values from * #fsl_shw_sym_ctx_flags_t ORed together). * */ #define fsl_shw_scco_clear_flags(scobject, scflags) \ (scobject)->flags &= ~(scflags) /*! * Set the Context (IV) for a Symmetric Cipher Context. * * This is to set the context/IV for #FSL_SYM_MODE_CBC mode, or to set the * context (the S-Box and pointers) for ARC4. The full context size will * be copied. * * @param scobject The context object to operate on. * @param sccontext A pointer to the buffer which contains the context. * */ #define fsl_shw_scco_set_context(scobject, sccontext) \ copy_bytes((scobject)->context, sccontext, \ (scobject)->block_size_bytes) /*! * Get the Context for a Symmetric Cipher Context. * * This is to retrieve the context/IV for #FSL_SYM_MODE_CBC mode, or to * retrieve context (the S-Box and pointers) for ARC4. The full context * will be copied. * * @param scobject The context object to operate on. * @param[out] sccontext Pointer to location where context will be stored. */ #define fsl_shw_scco_get_context(scobject, sccontext) \ copy_bytes(sccontext, (scobject)->context, (scobject)->block_size_bytes) /*! * Set the Counter Value for a Symmetric Cipher Context. * * This will set the Counter Value for CTR mode. * * @param scobject The context object to operate on. * @param sccounter The starting counter value. The number of octets. * copied will be the block size for the algorithm. * @param scmodulus The modulus for controlling the incrementing of the * counter. * */ #define fsl_shw_scco_set_counter_info(scobject, sccounter, scmodulus) \ { \ if ((sccounter) != NULL) { \ copy_bytes((scobject)->context, sccounter, \ (scobject)->block_size_bytes); \ } \ (scobject)->modulus_exp = scmodulus; \ } /*! * Get the Counter Value for a Symmetric Cipher Context. * * This will retrieve the Counter Value is for CTR mode. * * @param scobject The context object to query. * @param[out] sccounter Pointer to location to store the current counter * value. The number of octets copied will be the * block size for the algorithm. * @param[out] scmodulus Pointer to location to store the modulus. * */ #define fsl_shw_scco_get_counter_info(scobject, sccounter, scmodulus) \ { \ if ((sccounter) != NULL) { \ copy_bytes(sccounter, (scobject)->context, \ (scobject)->block_size_bytes); \ } \ if ((scmodulus) != NULL) { \ *(scmodulus) = (scobject)->modulus_exp; \ } \ } /*! * Initialize a Authentication-Cipher Context. * * @param acobject Pointer to object to operate on. * @param acmode The mode for this object (only #FSL_ACC_MODE_CCM * supported). */ #define fsl_shw_acco_init(acobject, acmode) \ { \ (acobject)->flags = 0; \ (acobject)->mode = (acmode); \ } /*! * Set the flags for a Authentication-Cipher Context. * * Turns on the flags specified in @a flags. Other flags are untouched. * * @param acobject Pointer to object to operate on. * @param acflags The flags to set (one or more from * #fsl_shw_auth_ctx_flags_t ORed together). * */ #define fsl_shw_acco_set_flags(acobject, acflags) \ (acobject)->flags |= (acflags) /*! * Clear some flags in a Authentication-Cipher Context Object. * * Turns off the flags specified in @a flags. Other flags are untouched. * * @param acobject Pointer to object to operate on. * @param acflags The flags to reset (one or more from * #fsl_shw_auth_ctx_flags_t ORed together). * */ #define fsl_shw_acco_clear_flags(acobject, acflags) \ (acobject)->flags &= ~(acflags) /*! * Set up the Authentication-Cipher Object for CCM mode. * * This will set the @a auth_object for CCM mode and save the @a ctr, * and @a mac_length. This function can be called instead of * #fsl_shw_acco_init(). * * The paramater @a ctr is Counter Block 0, (counter value 0), which is for the * MAC. * * @param acobject Pointer to object to operate on. * @param acalg Cipher algorithm. Only AES is supported. * @param accounter The initial counter value. * @param acmaclen The number of octets used for the MAC. Valid values are * 4, 6, 8, 10, 12, 14, and 16. */ /* Do we need to stash the +1 value of the CTR somewhere? */ #define fsl_shw_acco_set_ccm(acobject, acalg, accounter, acmaclen) \ { \ (acobject)->flags = 0; \ (acobject)->mode = FSL_ACC_MODE_CCM; \ (acobject)->auth_info.CCM_ctx_info.block_size_bytes = 16; \ (acobject)->cipher_ctx_info.block_size_bytes = 16; \ (acobject)->mac_length = acmaclen; \ fsl_shw_scco_set_counter_info(&(acobject)->cipher_ctx_info, accounter, \ FSL_CTR_MOD_128); \ } /*! * Format the First Block (IV) & Initial Counter Value per NIST CCM. * * This function will also set the IV and CTR values per Appendix A of NIST * Special Publication 800-38C (May 2004). It will also perform the * #fsl_shw_acco_set_ccm() operation with information derived from this set of * parameters. * * Note this function assumes the algorithm is AES. It initializes the * @a auth_object by setting the mode to #FSL_ACC_MODE_CCM and setting the * flags to be #FSL_ACCO_NIST_CCM. * * @param acobject Pointer to object to operate on. * @param act The number of octets used for the MAC. Valid values are * 4, 6, 8, 10, 12, 14, and 16. * @param acad Number of octets of Associated Data (may be zero). * @param acq A value for the size of the length of @a q field. Valid * values are 1-8. * @param acN The Nonce (packet number or other changing value). Must * be (15 - @a q_length) octets long. * @param acQ The value of Q (size of the payload in octets). * */ /* Do we need to stash the +1 value of the CTR somewhere? */ #define fsl_shw_ccm_nist_format_ctr_and_iv(acobject, act, acad, acq, acN, acQ)\ { \ uint64_t Q = acQ; \ uint8_t bflag = ((acad)?0x40:0) | ((((act)-2)/2)<<3) | ((acq)-1); \ unsigned i; \ uint8_t* qptr = (acobject)->auth_info.CCM_ctx_info.context + 15; \ (acobject)->auth_info.CCM_ctx_info.block_size_bytes = 16; \ (acobject)->cipher_ctx_info.block_size_bytes = 16; \ (acobject)->mode = FSL_ACC_MODE_CCM; \ (acobject)->flags = FSL_ACCO_NIST_CCM; \ \ /* Store away the MAC length (after calculating actual value */ \ (acobject)->mac_length = (act); \ /* Set Flag field in Block 0 */ \ *((acobject)->auth_info.CCM_ctx_info.context) = bflag; \ /* Set Nonce field in Block 0 */ \ copy_bytes((acobject)->auth_info.CCM_ctx_info.context+1, acN, \ 15-(acq)); \ /* Set Flag field in ctr */ \ *((acobject)->cipher_ctx_info.context) = (acq)-1; \ /* Update the Q (payload length) field of Block0 */ \ (acobject)->q_length = acq; \ for (i = 0; i < (acq); i++) { \ *qptr-- = Q & 0xFF; \ Q >>= 8; \ } \ /* Set the Nonce field of the ctr */ \ copy_bytes((acobject)->cipher_ctx_info.context+1, acN, 15-(acq)); \ /* Clear the block counter field of the ctr */ \ memset((acobject)->cipher_ctx_info.context+16-(acq), 0, (acq)+1); \ } /*! * Update the First Block (IV) & Initial Counter Value per NIST CCM. * * This function will set the IV and CTR values per Appendix A of NIST Special * Publication 800-38C (May 2004). * * Note this function assumes that #fsl_shw_ccm_nist_format_ctr_and_iv() has * previously been called on the @a auth_object. * * @param acobject Pointer to object to operate on. * @param acN The Nonce (packet number or other changing value). Must * be (15 - @a q_length) octets long. * @param acQ The value of Q (size of the payload in octets). * */ /* Do we need to stash the +1 value of the CTR somewhere? */ #define fsl_shw_ccm_nist_update_ctr_and_iv(acobject, acN, acQ) \ { \ uint64_t Q = acQ; \ unsigned i; \ uint8_t* qptr = (acobject)->auth_info.CCM_ctx_info.context + 15; \ \ /* Update the Nonce field field of Block0 */ \ copy_bytes((acobject)->auth_info.CCM_ctx_info.context+1, acN, \ 15 - (acobject)->q_length); \ /* Update the Q (payload length) field of Block0 */ \ for (i = 0; i < (acobject)->q_length; i++) { \ *qptr-- = Q & 0xFF; \ Q >>= 8; \ } \ /* Update the Nonce field of the ctr */ \ copy_bytes((acobject)->cipher_ctx_info.context+1, acN, \ 15 - (acobject)->q_length); \ } /****************************************************************************** * Library functions *****************************************************************************/ /* REQ-S2LRD-PINTFC-API-GEN-003 */ extern fsl_shw_pco_t *fsl_shw_get_capabilities(fsl_shw_uco_t * user_ctx); /* REQ-S2LRD-PINTFC-API-GEN-004 */ extern fsl_shw_return_t fsl_shw_register_user(fsl_shw_uco_t * user_ctx); /* REQ-S2LRD-PINTFC-API-GEN-005 */ extern fsl_shw_return_t fsl_shw_deregister_user(fsl_shw_uco_t * user_ctx); /* REQ-S2LRD-PINTFC-API-GEN-006 */ extern fsl_shw_return_t fsl_shw_get_results(fsl_shw_uco_t * user_ctx, unsigned result_size, fsl_shw_result_t results[], unsigned *result_count); extern fsl_shw_return_t fsl_shw_establish_key(fsl_shw_uco_t * user_ctx, fsl_shw_sko_t * key_info, fsl_shw_key_wrap_t establish_type, const uint8_t * key); extern fsl_shw_return_t fsl_shw_extract_key(fsl_shw_uco_t * user_ctx, fsl_shw_sko_t * key_info, uint8_t * covered_key); extern fsl_shw_return_t fsl_shw_release_key(fsl_shw_uco_t * user_ctx, fsl_shw_sko_t * key_info); extern void *fsl_shw_smalloc(fsl_shw_uco_t * user_ctx, uint32_t size, const uint8_t * UMID, uint32_t permissions); extern fsl_shw_return_t fsl_shw_sfree(fsl_shw_uco_t * user_ctx, void *address); extern fsl_shw_return_t fsl_shw_sstatus(fsl_shw_uco_t * user_ctx, void *address, fsl_shw_partition_status_t * status); extern fsl_shw_return_t fsl_shw_diminish_perms(fsl_shw_uco_t * user_ctx, void *address, uint32_t permissions); extern fsl_shw_return_t do_scc_engage_partition(fsl_shw_uco_t * user_ctx, void *address, const uint8_t * UMID, uint32_t permissions); extern fsl_shw_return_t do_system_keystore_slot_alloc(fsl_shw_uco_t * user_ctx, uint32_t key_lenth, uint64_t ownerid, uint32_t * slot); extern fsl_shw_return_t do_system_keystore_slot_dealloc(fsl_shw_uco_t * user_ctx, uint64_t ownerid, uint32_t slot); extern fsl_shw_return_t do_system_keystore_slot_load(fsl_shw_uco_t * user_ctx, uint64_t ownerid, uint32_t slot, const uint8_t * key, uint32_t key_length); extern fsl_shw_return_t do_system_keystore_slot_read(fsl_shw_uco_t * user_ctx, uint64_t ownerid, uint32_t slot, uint32_t key_length, const uint8_t * key); extern fsl_shw_return_t do_system_keystore_slot_encrypt(fsl_shw_uco_t * user_ctx, uint64_t ownerid, uint32_t slot, uint32_t key_length, uint8_t * black_data); extern fsl_shw_return_t do_system_keystore_slot_decrypt(fsl_shw_uco_t * user_ctx, uint64_t ownerid, uint32_t slot, uint32_t key_length, const uint8_t * black_data); extern fsl_shw_return_t do_scc_encrypt_region(fsl_shw_uco_t * user_ctx, void *partition_base, uint32_t offset_bytes, uint32_t byte_count, uint8_t * black_data, uint32_t * IV, fsl_shw_cypher_mode_t cypher_mode); extern fsl_shw_return_t do_scc_decrypt_region(fsl_shw_uco_t * user_ctx, void *partition_base, uint32_t offset_bytes, uint32_t byte_count, const uint8_t * black_data, uint32_t * IV, fsl_shw_cypher_mode_t cypher_mode); extern fsl_shw_return_t system_keystore_get_slot_info(uint64_t owner_id, uint32_t slot, uint32_t * address, uint32_t * slot_size_bytes); /* REQ-S2LRD-PINTFC-API-BASIC-SYM-002 */ /* PINTFC-API-BASIC-SYM-ARC4-001 */ /* PINTFC-API-BASIC-SYM-ARC4-002 */ extern fsl_shw_return_t fsl_shw_symmetric_encrypt(fsl_shw_uco_t * user_ctx, fsl_shw_sko_t * key_info, fsl_shw_scco_t * sym_ctx, uint32_t length, const uint8_t * pt, uint8_t * ct); /* PINTFC-API-BASIC-SYM-002 */ /* PINTFC-API-BASIC-SYM-ARC4-001 */ /* PINTFC-API-BASIC-SYM-ARC4-002 */ extern fsl_shw_return_t fsl_shw_symmetric_decrypt(fsl_shw_uco_t * user_ctx, fsl_shw_sko_t * key_info, fsl_shw_scco_t * sym_ctx, uint32_t length, const uint8_t * ct, uint8_t * pt); /* REQ-S2LRD-PINTFC-API-BASIC-HASH-005 */ extern fsl_shw_return_t fsl_shw_hash(fsl_shw_uco_t * user_ctx, fsl_shw_hco_t * hash_ctx, const uint8_t * msg, uint32_t length, uint8_t * result, uint32_t result_len); /* REQ-S2LRD-PINTFC-API-BASIC-HMAC-001 */ extern fsl_shw_return_t fsl_shw_hmac_precompute(fsl_shw_uco_t * user_ctx, fsl_shw_sko_t * key_info, fsl_shw_hmco_t * hmac_ctx); /* REQ-S2LRD-PINTFC-API-BASIC-HMAC-002 */ extern fsl_shw_return_t fsl_shw_hmac(fsl_shw_uco_t * user_ctx, fsl_shw_sko_t * key_info, fsl_shw_hmco_t * hmac_ctx, const uint8_t * msg, uint32_t length, uint8_t * result, uint32_t result_len); /* REQ-S2LRD-PINTFC-API-BASIC-RNG-002 */ extern fsl_shw_return_t fsl_shw_get_random(fsl_shw_uco_t * user_ctx, uint32_t length, uint8_t * data); extern fsl_shw_return_t fsl_shw_add_entropy(fsl_shw_uco_t * user_ctx, uint32_t length, uint8_t * data); extern fsl_shw_return_t fsl_shw_gen_encrypt(fsl_shw_uco_t * user_ctx, fsl_shw_acco_t * auth_ctx, fsl_shw_sko_t * cipher_key_info, fsl_shw_sko_t * auth_key_info, uint32_t auth_data_length, const uint8_t * auth_data, uint32_t payload_length, const uint8_t * payload, uint8_t * ct, uint8_t * auth_value); extern fsl_shw_return_t fsl_shw_auth_decrypt(fsl_shw_uco_t * user_ctx, fsl_shw_acco_t * auth_ctx, fsl_shw_sko_t * cipher_key_info, fsl_shw_sko_t * auth_key_info, uint32_t auth_data_length, const uint8_t * auth_data, uint32_t payload_length, const uint8_t * ct, const uint8_t * auth_value, uint8_t * payload); extern fsl_shw_return_t fsl_shw_read_key(fsl_shw_uco_t * user_ctx, fsl_shw_sko_t * key_info, uint8_t * key); static inline fsl_shw_return_t fsl_shw_gen_random_pf_key(fsl_shw_uco_t * user_ctx) { (void)user_ctx; return FSL_RETURN_NO_RESOURCE_S; } static inline fsl_shw_return_t fsl_shw_read_tamper_event(fsl_shw_uco_t * user_ctx, fsl_shw_tamper_t * tamperp, uint64_t * timestampp) { (void)user_ctx; (void)tamperp; (void)timestampp; return FSL_RETURN_NO_RESOURCE_S; } fsl_shw_return_t sah_Append_Desc(const sah_Mem_Util * mu, sah_Head_Desc ** desc_head, const uint32_t header, sah_Link * link1, sah_Link * link2); /* Utility Function leftover from sahara1 API */ void sah_Descriptor_Chain_Destroy(const sah_Mem_Util * mu, sah_Head_Desc ** desc_chain); /* Utility Function leftover from sahara1 API */ fsl_shw_return_t sah_Descriptor_Chain_Execute(sah_Head_Desc * desc_chain, fsl_shw_uco_t * user_ctx); fsl_shw_return_t sah_Append_Link(const sah_Mem_Util * mu, sah_Link * link, uint8_t * p, const size_t length, const sah_Link_Flags flags); fsl_shw_return_t sah_Create_Link(const sah_Mem_Util * mu, sah_Link ** link, uint8_t * p, const size_t length, const sah_Link_Flags flags); fsl_shw_return_t sah_Create_Key_Link(const sah_Mem_Util * mu, sah_Link ** link, fsl_shw_sko_t * key_info); void sah_Destroy_Link(const sah_Mem_Util * mu, sah_Link * link); void sah_Postprocess_Results(fsl_shw_uco_t * user_ctx, sah_results * result_info); #endif /* SAHARA2_API_H */