/** * @file axHostCrypto.h * @author NXP Semiconductors * @version 1.0 * @par License * * Copyright 2016 NXP * SPDX-License-Identifier: Apache-2.0 * * @par Description * Host Crypto wrapper API for the A7-series security IC's * * @par HISTORY * */ #ifndef _AX_HOSTCRYPTO_H_ #define _AX_HOSTCRYPTO_H_ #include "sm_types.h" #ifdef OPENSSL #include #include #endif #ifdef MBEDTLS #include #include #endif #ifdef TGT_A70CI #include "a70ciHostCrypto.h" #endif #ifdef __cplusplus extern "C" { #endif // Move this in cryptolibrary specific header files #ifdef OPENSSL typedef CMAC_CTX axHcCmacCtx_t; #define HOST_ENCRYPT (AES_ENCRYPT) //!< Request encrypt operation #define HOST_DECRYPT (AES_DECRYPT) //!< Request decrypt operation #endif //OPENSSL #ifdef MBEDTLS typedef mbedtls_cipher_context_t axHcCmacCtx_t; #define HOST_ENCRYPT (1) //!< Request encrypt operation #define HOST_DECRYPT (0) //!< Request decrypt operation #endif // MBEDTLS #ifdef NO_SECURE_CHANNEL_SUPPORT typedef struct { int dummy; } axHcCmacCtx_t; #endif // NO_SECURE_CHANNEL_SUPPORT /* The error code defines follow the OpenSSL conventions */ #define HOST_CRYPTO_NOT_SUPPORTED -1 //!< Crypto engine does not support implementation #define HOST_CRYPTO_ERROR 0 //!< Failure #define HOST_CRYPTO_OK 1 //!< Success /** * Calculate in one shot the SHA-1 hash value of the provided input \p msg. * SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a 160 bit output. * @param[in] msg Input data whose hash value must be calculated * @param[in] msgLen Length in byte of \p msg * @param[in,out] pHash IN: Buffer provided by caller (at least 20 byte); OUT: Calculated hash value * * @retval HOST_CRYPTO_OK * @retval HOST_CRYPTO_ERROR */ S32 HOST_SHA1_Get(const U8 *msg, U32 msgLen, U8 *pHash); /** * Calculate in one shot the SHA256 hash value of the provided input \p msg. * SHA256 (Secure Hash Algorithm) is a cryptographic hash function with a 256 bit output. * @param[in] msg Input data whose hash value must be calculated * @param[in] msgLen Length in byte of \p msg * @param[in,out] pHash IN: Buffer provided by caller (at least 32 byte); OUT: Calculated hash value * * @retval HOST_CRYPTO_OK * @retval HOST_CRYPTO_ERROR */ S32 HOST_SHA256_Get(const U8 *msg, U32 msgLen, U8 *pHash); #ifdef TGT_A70CU #define SHA256_STATE_SIZE 32 #define PARTIAL_HASH_DEFAULT_NO_STATE S32 HOST_SHA256_GetPartialHash(const U8 *msg, U32 msgLen, U8 *pHashState, U32 *pNumProcessedMsgBytes); #endif /** * Calculate in one shot the AES-128 based CMAC of \p mMsg. * @param[in] pKey 128 bit AES key * @param[in] keySizeInBytes Currently only a keysize of 16 is supported * @param[in] pMsg input data to me mac'd * @param[in] msgLen length of input data in bytes * @param[in,out] pMac IN: Buffer of at least 16 byte; OUT: Calculated CMAC value (16 byte long) * * @retval ::ERR_MEMORY * @retval ::HOST_CRYPTO_OK * @retval ::HOST_CRYPTO_ERROR */ S32 HOST_CMAC_Get(const U8 *pKey, U8 keySizeInBytes, const U8 *pMsg, U32 msgLen, U8 *pMac); /** * Initialize AES-128 based CMAC primitive * @param[out] ctx Pointer to context (double indirection) * @param[in] pKey 128 bit AES key * @param[in] keySizeInBytes Currently only 16 is supported * * @retval ::ERR_MEMORY * @retval ::HOST_CRYPTO_OK * @retval ::HOST_CRYPTO_ERROR */ S32 HOST_CMAC_Init(axHcCmacCtx_t **ctx, const U8 *pKey, U8 keySizeInBytes); /** * Update/Append to data that must be mac'd * @param[in] ctx Pointer to context * @param[in] pMsg * @param[in] msgLen * * @retval ::HOST_CRYPTO_OK * @retval ::HOST_CRYPTO_ERROR */ S32 HOST_CMAC_Update(axHcCmacCtx_t *ctx, const U8 *pMsg, U32 msgLen); /** * Retrieve the mac value and clean up/free the context * @param[in] ctx Pointer to context * @param[out] pMac * * @retval ::HOST_CRYPTO_OK * @retval ::HOST_CRYPTO_ERROR */ S32 HOST_CMAC_Finish(axHcCmacCtx_t *ctx, U8 *pMac); /** * Decrypt the provided ciphertext (assumed to be a block of 16 byte) using AES in ECB mode * @param[in,out] plainText * @param[in] cipherText * @param[in] key * @param[in] keyLen * * @retval ::HOST_CRYPTO_OK * @retval ::HOST_CRYPTO_ERROR */ S32 HOST_AES_ECB_DECRYPT(U8 *plainText, const U8 *cipherText, const U8 *key, U32 keyLen); /** * Encrypt the provided plaintext (assumed to be a block of 16 byte) using AES in ECB mode * @param[in] plainText * @param[in,out] cipherText * @param[in] key * @param[in] keyLen * * @retval ::HOST_CRYPTO_OK * @retval ::HOST_CRYPTO_ERROR */ S32 HOST_AES_ECB_ENCRYPT(const U8 *plainText, U8 *cipherText, const U8 *key, U32 keyLen); /** * Encrypt/Decrypt the provided plaintext \p pIn using AES-128 in CBC mode * @param[in] pKey * @param[in] keyLen Currently only a keysize of 16 byte is supported * @param[in] pIv Initialization vector * @param[in] dir Either ::HOST_ENCRYPT or ::HOST_DECRYPT * @param[in] pIn input data * @param[in] inLen * @param[in,out] pOut * * @retval ::ERR_API_ERROR * @retval ::HOST_CRYPTO_OK * @retval ::HOST_CRYPTO_ERROR */ S32 HOST_AES_CBC_Process(const U8 *pKey, U32 keyLen, const U8 *pIv, U8 dir, const U8 *pIn, U32 inLen, U8 *pOut); /** * Fill up the provided buffer \p pRandom with \p inLen byte of random data * @param[in] inLen number (in byte) of random data requested * @param[in,out] pRandom IN: buffer of at least inLen size; OUT: retrieved random data * * @retval ::HOST_CRYPTO_NOT_SUPPORTED Random not supported by Crypto Engine * @retval ::HOST_CRYPTO_OK * @retval ::HOST_CRYPTO_ERROR */ S32 HOST_GetRandom(U32 inLen, U8 * pRandom); /** * Encrypt/Decrypt the provided plaintext \p pIn using AES-128 in ecb mode * @param[in] pKey * @param[in] keyLen Currently only a keysize of 16 byte is supported * @param[in] pIv Initialization vector * @param[in] dir Either ::HOST_ENCRYPT or ::HOST_DECRYPT * @param[in] pIn input data * @param[in] inLen * @param[in,out] pOut * * @retval ::ERR_API_ERROR * @retval ::HOST_CRYPTO_OK * @retval ::HOST_CRYPTO_ERROR */ S32 HOST_AES_ECB_Process(const U8 *pKey, U32 keyLen, const U8 *pIv, U8 dir, const U8 *pIn, U32 inLen, U8 *pOut); /** * Encrypt/Decrypt the provided plaintext \p pIn using Triple-DES keu in cbc mode * @param[in] pKey * @param[in] keyLen Currently only a keysize of 16 byte is supported * @param[in] pIv Initialization vector * @param[in] dir Either ::HOST_ENCRYPT or ::HOST_DECRYPT * @param[in] pIn input data * @param[in] inLen * @param[in,out] pOut * * @retval ::ERR_API_ERROR * @retval ::HOST_CRYPTO_OK * @retval ::HOST_CRYPTO_ERROR */ S32 HOST_3DES_CBC_Process(const U8 *pKey, U32 keyLen, const U8 *pIv, U8 dir, const U8 *pIn, U32 inLen, U8 *pOut); /** * Encrypt/Decrypt the provided plaintext \p pIn using Triple-DES keu in ecb mode * @param[in] pKey * @param[in] keyLen Currently only a keysize of 16 byte is supported * @param[in] pIv Initialization vector * @param[in] dir Either ::HOST_ENCRYPT or ::HOST_DECRYPT * @param[in] pIn input data * @param[in] inLen * @param[in,out] pOut * * @retval ::ERR_API_ERROR * @retval ::HOST_CRYPTO_OK * @retval ::HOST_CRYPTO_ERROR */ S32 HOST_3DES_ECB_Process(const U8 *pKey, U32 keyLen, const U8 *pIv, U8 dir, const U8 *pIn, U32 inLen, U8 *pOut); /** * Calculate in one shot the DES based CMAC of \p mMsg. * @param[in] pKey the DES key * @param[in] keySizeInBytes the key size * @param[in] pMsg input data to me mac'd * @param[in] msgLen length of input data in bytes * @param[in,out] pMac IN: Buffer of at least 8 byte; OUT: Calculated CMAC value (8 byte long) * * @retval ::ERR_MEMORY * @retval ::HOST_CRYPTO_OK * @retval ::HOST_CRYPTO_ERROR */ S32 HOST_CMAC_Get_Des(const U8 *pKey, U8 keySizeInBytes, const U8 *pMsg, U32 msgLen, U8* pMac); /** * Initialize DES based CMAC primitive * @param[out] ctx Pointer to context (double indirection) * @param[in] pKey the key * @param[in] keySizeInBytes the key size * * @retval ::ERR_MEMORY * @retval ::HOST_CRYPTO_OK * @retval ::HOST_CRYPTO_ERROR */ S32 HOST_CMAC_Init_Des(axHcCmacCtx_t **ctx, const U8 *pKey, U8 keySizeInBytes); /** * Wrap data with an AES wrapping key according to RFC 3394 * @param[in] wrapKey the AES wrapping key * @param[in] wrapKeyLen the key size * @param[in,out] out buffer to contain the wrapped data * @param[in,out] outLen the wrapped data length * @param[in] in input data to me wrapped * @param[in] inLen the length of input data in bytes * * @retval ::ERR_MEMORY * @retval ::HOST_CRYPTO_OK * @retval ::HOST_CRYPTO_ERROR */ S32 HOST_AesWrapKeyRFC3394(const U8 *wrapKey, U16 wrapKeyLen, U8 *out, U16 *outLen, const U8 *in, U16 inLen); /** * Wrap data with an AES wrapping key according to RFC 3394, with a give IV * @param[in] wrapKey the AES wrapping key * @param[in] wrapKeyLen the key size * @param[in] iv the Initialization Vector * @param[in,out] out buffer to contain the wrapped data * @param[in,out] outLen the wrapped data length * @param[in] in input data to me wrapped * @param[in] inLen the length of input data in bytes * * @retval ::ERR_MEMORY * @retval ::HOST_CRYPTO_OK * @retval ::HOST_CRYPTO_ERROR */ S32 HOST_AesWrapKeyRFC3394WithIV(const U8 *wrapKey, U16 wrapKeyLen, U8* iv, U8 *out, U16 *outLen, const U8 *in, U16 inLen); #ifdef __cplusplus } #endif #endif