-
Notifications
You must be signed in to change notification settings - Fork 0
/
axHostCrypto.h
200 lines (179 loc) · 6.29 KB
/
axHostCrypto.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
/**
* @file axHostCrypto.h
* @author NXP Semiconductors
* @version 1.0
* @par License
* Copyright 2016 NXP
*
* This software is owned or controlled by NXP and may only be used
* strictly in accordance with the applicable license terms. By expressly
* accepting such terms or by downloading, installing, activating and/or
* otherwise using the software, you are agreeing that you have read, and
* that you agree to comply with and are bound by, such license terms. If
* you do not agree to be bound by the applicable license terms, then you
* may not retain, install, activate or otherwise use the software.
*
* @par Description
* Host Crypto wrapper API for the A7-series security IC's
*
* @par HISTORY
*
*/
#ifndef _AX_HOSTCRYPTO_H_
#define _AX_HOSTCRYPTO_H_
#include "sm_types.h"
#ifdef OPENSSL
#include <openssl/cmac.h>
#include <openssl/aes.h>
#endif
#ifdef MBEDTLS
#include <mbedtls/cmac.h>
#include <mbedtls/aes.h>
#endif
#ifdef TGT_A70CI
#include "a70ciHostCrypto.h"
#endif
#ifdef __cplusplus
extern "C" {
#endif
// Move this in cryptolibrary specific header files
#ifdef OPENSSL
typedef CMAC_CTX axHcCmacCtx_t;
#define HOST_ENCRYPT (AES_ENCRYPT) //!< Request encrypt operation
#define HOST_DECRYPT (AES_DECRYPT) //!< Request decrypt operation
#endif //OPENSSL
#ifdef MBEDTLS
typedef mbedtls_cipher_context_t axHcCmacCtx_t;
#define HOST_ENCRYPT (1) //!< Request encrypt operation
#define HOST_DECRYPT (0) //!< Request decrypt operation
#endif // MBEDTLS
#ifdef NO_SECURE_CHANNEL_SUPPORT
typedef struct {
int dummy;
} axHcCmacCtx_t;
#endif // NO_SECURE_CHANNEL_SUPPORT
/* The error code defines follow the OpenSSL conventions */
#define HOST_CRYPTO_NOT_SUPPORTED -1 //!< Crypto engine does not support implementation
#define HOST_CRYPTO_ERROR 0 //!< Failure
#define HOST_CRYPTO_OK 1 //!< Success
/**
* Calculate in one shot the SHA-1 hash value of the provided input \p msg.
* SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a 160 bit output.
* @param[in] msg Input data whose hash value must be calculated
* @param[in] msgLen Length in byte of \p msg
* @param[in,out] pHash IN: Buffer provided by caller (at least 20 byte); OUT: Calculated hash value
*
* @retval HOST_CRYPTO_OK
* @retval HOST_CRYPTO_ERROR
*/
S32 HOST_SHA1_Get(const U8 *msg, U32 msgLen, U8 *pHash);
/**
* Calculate in one shot the SHA256 hash value of the provided input \p msg.
* SHA256 (Secure Hash Algorithm) is a cryptographic hash function with a 256 bit output.
* @param[in] msg Input data whose hash value must be calculated
* @param[in] msgLen Length in byte of \p msg
* @param[in,out] pHash IN: Buffer provided by caller (at least 32 byte); OUT: Calculated hash value
*
* @retval HOST_CRYPTO_OK
* @retval HOST_CRYPTO_ERROR
*/
S32 HOST_SHA256_Get(const U8 *msg, U32 msgLen, U8 *pHash);
#ifdef TGT_A70CU
#define SHA256_STATE_SIZE 32
#define PARTIAL_HASH_DEFAULT_NO_STATE
S32 HOST_SHA256_GetPartialHash(const U8 *msg, U32 msgLen, U8 *pHashState, U32 *pNumProcessedMsgBytes);
#endif
/**
* Calculate in one shot the AES-128 based CMAC of \p mMsg.
* @param[in] pKey 128 bit AES key
* @param[in] keySizeInBytes Currently only a keysize of 16 is supported
* @param[in] pMsg input data to me mac'd
* @param[in] msgLen length of input data in bute
* @param[in,out] pMac IN: Buffer of at least 16 byte; OUT: Calculated CMAC value (16 byte long)
*
* @retval ::ERR_MEMORY
* @retval ::HOST_CRYPTO_OK
* @retval ::HOST_CRYPTO_ERROR
*/
S32 HOST_CMAC_Get(const U8 *pKey, U8 keySizeInBytes, const U8 *pMsg, U32 msgLen, U8 *pMac);
/**
* Initialize AES-128 based CMAC primitive
* @param[out] ctx Pointer to context (double indirection)
* @param[in] pKey 128 bit AES key
* @param[in] keySizeInBytes Currently only 16 is supported
*
* @retval ::ERR_MEMORY
* @retval ::HOST_CRYPTO_OK
* @retval ::HOST_CRYPTO_ERROR
*/
S32 HOST_CMAC_Init(axHcCmacCtx_t **ctx, const U8 *pKey, U8 keySizeInBytes);
/**
* Update/Append to data that must be mac'd
* @param[in] ctx Pointer to context
* @param[in] pMsg
* @param[in] msgLen
*
* @retval ::HOST_CRYPTO_OK
* @retval ::HOST_CRYPTO_ERROR
*/
S32 HOST_CMAC_Update(axHcCmacCtx_t *ctx, const U8 *pMsg, U32 msgLen);
/**
* Retrieve the mac value and clean up/free the context
* @param[in] ctx Pointer to context
* @param[out] pMac
*
* @retval ::HOST_CRYPTO_OK
* @retval ::HOST_CRYPTO_ERROR
*/
S32 HOST_CMAC_Finish(axHcCmacCtx_t *ctx, U8 *pMac);
/**
* Decrypt the provided ciphertext (assumed to be a block of 16 byte) using AES in ECB mode
* @param[in,out] plainText
* @param[in] cipherText
* @param[in] key
* @param[in] keyLen
*
* @retval ::HOST_CRYPTO_OK
* @retval ::HOST_CRYPTO_ERROR
*/
S32 HOST_AES_ECB_DECRYPT(U8 *plainText, const U8 *cipherText, const U8 *key, U32 keyLen);
/**
* Encrypt the provided plaintext (assumed to be a block of 16 byte) using AES in ECB mode
* @param[in] plainText
* @param[in,out] cipherText
* @param[in] key
* @param[in] keyLen
*
* @retval ::HOST_CRYPTO_OK
* @retval ::HOST_CRYPTO_ERROR
*/
S32 HOST_AES_ECB_ENCRYPT(const U8 *plainText, U8 *cipherText, const U8 *key, U32 keyLen);
/**
* Encrypt/Decrypt the provided plaintext \p pIn using AES-128 in CBC mode
* @param[in] pKey
* @param[in] keyLen Currently only a keysize of 16 byte is supported
* @param[in] pIv Initialization vector
* @param[in] dir Either ::HOST_ENCRYPT or ::HOST_DECRYPT
* @param[in] pIn input data
* @param[in] inLen
* @param[in,out] pOut
*
* @retval ::ERR_API_ERROR
* @retval ::HOST_CRYPTO_OK
* @retval ::HOST_CRYPTO_ERROR
*/
S32 HOST_AES_CBC_Process(const U8 *pKey, U32 keyLen, const U8 *pIv, U8 dir, const U8 *pIn, U32 inLen, U8 *pOut);
/**
* Fill up the provided buffer \p pRandom with \p inLen byte of random data
* @param[in] inLen number (in byte) of random data requested
* @param[in,out] pRandom IN: buffer of at least inLen size; OUT: retrieved random data
*
* @retval ::HOST_CRYPTO_NOT_SUPPORTED Random not supported by Crypto Engine
* @retval ::HOST_CRYPTO_OK
* @retval ::HOST_CRYPTO_ERROR
*/
S32 HOST_GetRandom(U32 inLen, U8 * pRandom);
#ifdef __cplusplus
}
#endif
#endif