/************************************************************************************** * Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * * * * This file and the related binary are licensed under the following license: * * * * ARM Object Code and Header Files License, v1.0 Redistribution. * * * * Redistribution and use of object code, header files, and documentation, without * * modification, are permitted provided that the following conditions are met: * * * * 1) Redistributions must reproduce the above copyright notice and the * * following disclaimer in the documentation and/or other materials * * provided with the distribution. * * * * 2) Unless to the extent explicitly permitted by law, no reverse * * engineering, decompilation, or disassembly of is permitted. * * * * 3) Redistribution and use is permitted solely for the purpose of * * developing or executing applications that are targeted for use * * on an ARM-based product. * * * * DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * * CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * * NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * **************************************************************************************/ #ifndef CRYS_ECPKI_TYPES_H #define CRYS_ECPKI_TYPES_H /*! @file @brief Contains all of the enums and definitions that are used for the CRYS ECPKI APIs. */ #include "ssi_pal_types_plat.h" #include "crys_hash.h" #include "crys_pka_defs_hw.h" #include "ssi_pal_compiler.h" #ifdef __cplusplus extern "C" { #endif /************************ Defines ******************************/ /*! Internal buffer size in words. */ #define CRYS_PKA_DOMAIN_LLF_BUFF_SIZE_IN_WORDS (10 + 3*CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS) /************************************************************************************** * Enumerators ***************************************************************************************/ /*------------------------------------------------------------------*/ /*! Enumerator for the EC Domain idetifier References: [13] - SEC 2: Recommended elliptic curve domain parameters. Version 1.0. Certicom 2000. [8] - WAP-261-WTLS-20010406-a, Version 06-April-2001. */ typedef enum { /* For prime field */ CRYS_ECPKI_DomainID_secp160k1, /*!< EC secp160r1 */ CRYS_ECPKI_DomainID_secp160r1, /*!< EC secp160k1 */ CRYS_ECPKI_DomainID_secp160r2, /*!< EC secp160r2 */ CRYS_ECPKI_DomainID_secp192k1, /*!< EC secp192k1 */ CRYS_ECPKI_DomainID_secp192r1, /*!< EC secp192r1 */ CRYS_ECPKI_DomainID_secp224k1, /*!< EC secp224k1 */ CRYS_ECPKI_DomainID_secp224r1, /*!< EC secp224r1 */ CRYS_ECPKI_DomainID_secp256k1, /*!< EC secp256k1 */ CRYS_ECPKI_DomainID_secp256r1, /*!< EC secp256r1 */ CRYS_ECPKI_DomainID_secp384r1, /*!< EC secp384r1 */ CRYS_ECPKI_DomainID_secp521r1, /*!< EC secp521r1 */ CRYS_ECPKI_DomainID_Builded, /*!< User given, not identified. */ CRYS_ECPKI_DomainID_OffMode, /*!< Reserved.*/ CRYS_ECPKI_DomainIDLast = 0x7FFFFFFF, /*! Reserved.*/ }CRYS_ECPKI_DomainID_t; /*------------------------------------------------------------------*/ /*! Defines the enum for the HASH operation mode. * The enumerator defines 6 HASH modes according to IEEE 1363. * */ typedef enum { CRYS_ECPKI_HASH_SHA1_mode = 0, /*!< The message data will be hashed with SHA1. */ CRYS_ECPKI_HASH_SHA224_mode = 1, /*!< The message data will be hashed with SHA224. */ CRYS_ECPKI_HASH_SHA256_mode = 2, /*!< The message data will be hashed with SHA256. */ CRYS_ECPKI_HASH_SHA384_mode = 3, /*!< The message data will be hashed with SHA384. */ CRYS_ECPKI_HASH_SHA512_mode = 4, /*!< The message data will be hashed with SHA512. */ CRYS_ECPKI_AFTER_HASH_SHA1_mode = 5, /*!< The message data is a digest of SHA1 and will not be hashed. */ CRYS_ECPKI_AFTER_HASH_SHA224_mode = 6, /*!< The message data is a digest of SHA224 and will not be hashed. */ CRYS_ECPKI_AFTER_HASH_SHA256_mode = 7, /*!< The message data is a digest of SHA256 and will not be hashed. */ CRYS_ECPKI_AFTER_HASH_SHA384_mode = 8, /*!< The message data is a digest of SHA384 and will not be hashed. */ CRYS_ECPKI_AFTER_HASH_SHA512_mode = 9, /*!< The message data is a digest of SHA512 and will not be hashed. */ CRYS_ECPKI_HASH_NumOfModes, /*!< Maximal number of HASH modes. */ CRYS_ECPKI_HASH_OpModeLast = 0x7FFFFFFF, /*!< Reserved. */ }CRYS_ECPKI_HASH_OpMode_t; /*---------------------------------------------------*/ /*! Enumerator for the EC point compression idetifier. */ typedef enum { CRYS_EC_PointCompressed = 2, /*!< Compressed point. */ CRYS_EC_PointUncompressed = 4, /*!< Uncompressed point. */ CRYS_EC_PointContWrong = 5, /*!< Wrong Point Control value. */ CRYS_EC_PointHybrid = 6, /*!< Hybrid point. */ CRYS_EC_PointCompresOffMode = 8, /*!< Reserved. */ CRYS_ECPKI_PointCompressionLast= 0x7FFFFFFF, /*!< Reserved. */ }CRYS_ECPKI_PointCompression_t; /*! EC key checks defintions. */ typedef enum { CheckPointersAndSizesOnly = 0, /*!< Only preliminary input parameters are checked. */ ECpublKeyPartlyCheck = 1, /*!< Preliminary input parameters check and verify that EC PubKey point is on the curve. */ ECpublKeyFullCheck = 2, /*!< All the above and in addition verifies that EC_GeneratorOrder*PubKey = O */ PublKeyChecingOffMode, /*! Reserved. */ EC_PublKeyCheckModeLast = 0x7FFFFFFF, /*! Reserved. */ }EC_PublKeyCheckMode_t; /*----------------------------------------------------*/ /*! Defintion of sw SCA protection. */ typedef enum { SCAP_Inactive, /*! Inactive.*/ SCAP_Active, /*! Active.*/ SCAP_OFF_MODE, /*! Reserved. */ SCAP_LAST = 0x7FFFFFFF /*! Reserved. */ } CRYS_ECPKI_ScaProtection_t; /************************************************************************************** * EC Domain structure definition ***************************************************************************************/ /*! The structure containing the EC domain parameters in little-endian form EC equation: Y^2 = X^3 + A*X + B over prime fild GFp. */ typedef struct { /*! EC modulus: P. */ uint32_t ecP [CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; /*! EC equation parameter a. */ uint32_t ecA [CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; /*! EC equation parameter b. */ uint32_t ecB [CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; /*! Order of generator. */ uint32_t ecR [CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS + 1]; /*! EC cofactor EC_Cofactor_K Generator (EC base point) coordinates in projective form. */ uint32_t ecGx [CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; /*! EC cofactor EC_Cofactor_K Generator (EC base point) coordinates in projective form. */ uint32_t ecGy [CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; /*! EC cofactor EC_Cofactor_K Generator (EC base point) coordinates in projective form. */ uint32_t ecH; /*! Specific fields that are used by the low level.*/ uint32_t llfBuff[CRYS_PKA_DOMAIN_LLF_BUFF_SIZE_IN_WORDS]; /*! Size of fields in bits. */ uint32_t modSizeInBits; /*! Order size in bits. */ uint32_t ordSizeInBits; /*! Size of each inserted Barret tag in words; 0 - if not inserted.*/ uint32_t barrTagSizeInWords; /*! EC Domain identifier.*/ CRYS_ECPKI_DomainID_t DomainID; /*! Internal buffer. */ int8_t name[20]; } CRYS_ECPKI_Domain_t; /************************************************************************************** * EC point structures definitions ***************************************************************************************/ /*! The structure containing the EC point in affine coordinates and little endian form. */ typedef struct { /*! Point coordinate X. */ uint32_t x[CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; /*! Point coordinate Y. */ uint32_t y[CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; }CRYS_ECPKI_PointAffine_t; /************************************************************************************** * ECPKI public and private key Structures ***************************************************************************************/ /* --------------------------------------------------------------------- */ /* .................. The public key structures definitions ............ */ /* --------------------------------------------------------------------- */ /*! The structure containing the Public Key in affine coordinates.*/ typedef struct { /*! Public Key coordinate X.*/ uint32_t x[CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; /*! Public Key coordinate Y.*/ uint32_t y[CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; /*! EC Domain.*/ CRYS_ECPKI_Domain_t domain; /*! Point type.*/ uint32_t pointType; } CRYS_ECPKI_PublKey_t; /*! The EC public key's user structure prototype. This structure must be saved by the user, and is used as input to the ECC functions (such as ::CRYS_ECDSA_Verify etc.). */ typedef struct CRYS_ECPKI_UserPublKey_t { /*! Validation tag.*/ uint32_t valid_tag; /*! Public key data. */ uint32_t PublKeyDbBuff[(sizeof(CRYS_ECPKI_PublKey_t)+3)/4]; } CRYS_ECPKI_UserPublKey_t; /* --------------------------------------------------------------------- */ /* .................. The private key structures definitions ........... */ /* --------------------------------------------------------------------- */ /*! Structure containing the Private key data. */ typedef struct { /*! Private Key data. */ uint32_t PrivKey[CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS + 1]; /*! Domain. */ CRYS_ECPKI_Domain_t domain; /*! SCA protection mode. */ CRYS_ECPKI_ScaProtection_t scaProtection; }CRYS_ECPKI_PrivKey_t; /*! The EC private key's user structure prototype. This structure must be saved by the user, and is used as input to the ECC functions (such as ::CRYS_ECDSA_Sign etc.). */ typedef struct CRYS_ECPKI_UserPrivKey_t { /*! Validation tag. */ uint32_t valid_tag; /*! Private key data. */ uint32_t PrivKeyDbBuff[(sizeof(CRYS_ECPKI_PrivKey_t)+3)/4]; } CRYS_ECPKI_UserPrivKey_t; /*! ECDH temporary data type */ typedef struct CRYS_ECDH_TempData_t { /*! Temporary buffers. */ uint32_t crysEcdhIntBuff[CRYS_PKA_ECDH_BUFF_MAX_LENGTH_IN_WORDS]; }CRYS_ECDH_TempData_t; /*! EC build temporary data. */ typedef struct CRYS_ECPKI_BUILD_TempData_t { /*! Temporary buffers. */ uint32_t crysBuildTmpIntBuff[CRYS_PKA_ECPKI_BUILD_TMP_BUFF_MAX_LENGTH_IN_WORDS]; }CRYS_ECPKI_BUILD_TempData_t; /************************************************************************** * CRYS ECDSA context structures **************************************************************************/ /* --------------------------------------------------------------------- */ /* CRYS ECDSA Signing context structure */ /* --------------------------------------------------------------------- */ /*! Internal buffer used in the signing process. */ typedef uint32_t CRYS_ECDSA_SignIntBuff[CRYS_PKA_ECDSA_SIGN_BUFF_MAX_LENGTH_IN_WORDS]; /*! Context definition for Signing operation. */ typedef struct { /*! Private Key data. */ CRYS_ECPKI_UserPrivKey_t ECDSA_SignerPrivKey; /*! HASH context. */ CRYS_HASHUserContext_t hashUserCtxBuff; /*! HASH result buffer. */ CRYS_HASH_Result_t hashResult; /*! HASH result size in words. */ uint32_t hashResultSizeWords; /*! HASH mode. */ CRYS_ECPKI_HASH_OpMode_t hashMode; /*! Internal buffer. */ CRYS_ECDSA_SignIntBuff crysEcdsaSignIntBuff; }ECDSA_SignContext_t; /* --------------------------------------------------------------------- */ /* CRYS ECDSA Signing User context database */ /* --------------------------------------------------------------------- */ /*! User's context definition for signing operation. The context saves the state of the operation and must be saved by the user till the end of the APIs flow */ typedef struct CRYS_ECDSA_SignUserContext_t { /*! Signing process data. */ uint32_t context_buff [(sizeof(ECDSA_SignContext_t)+3)/4]; /*! Validation tag*/ uint32_t valid_tag; } CRYS_ECDSA_SignUserContext_t; /****************************************************************************/ /* --------------------------------------------------------------------- */ /* CRYS ECDSA Verifying context structure */ /* --------------------------------------------------------------------- */ /*! Internal buffer used in the verification process. */ typedef uint32_t CRYS_ECDSA_VerifyIntBuff[CRYS_PKA_ECDSA_VERIFY_BUFF_MAX_LENGTH_IN_WORDS]; /*! Context definition for verification operation. */ typedef struct { /*! Public key data. */ CRYS_ECPKI_UserPublKey_t ECDSA_SignerPublKey; /*! HASH context. */ CRYS_HASHUserContext_t hashUserCtxBuff; /*! HASH result. */ CRYS_HASH_Result_t hashResult; /*! HASH result size in words. */ uint32_t hashResultSizeWords; /*! HASH mode. */ CRYS_ECPKI_HASH_OpMode_t hashMode; /*! Internal buffer. */ CRYS_ECDSA_VerifyIntBuff crysEcdsaVerIntBuff; }ECDSA_VerifyContext_t; /* --------------------------------------------------------------------- */ /* CRYS ECDSA Verifying User context database */ /* --------------------------------------------------------------------- */ /*! User's context definition for verification operation. The context saves the state of the operation and must be saved by the user till the end of the APIs flow */ typedef struct CRYS_ECDSA_VerifyUserContext_t { /*! Verification process data. */ uint32_t context_buff[(sizeof(ECDSA_VerifyContext_t)+3)/4]; /*! Validation tag. */ uint32_t valid_tag; }CRYS_ECDSA_VerifyUserContext_t; /* --------------------------------------------------------------------- */ /* .................. key generation temp buffer ........... */ /* --------------------------------------------------------------------- */ /*! ECPKI KG temporary data type */ typedef struct CRYS_ECPKI_KG_TempData_t { /*! Internal buffer. */ uint32_t crysKGIntBuff[CRYS_PKA_KG_BUFF_MAX_LENGTH_IN_WORDS]; }CRYS_ECPKI_KG_TempData_t; /*! ECIES temporary data definition. */ typedef struct CRYS_ECIES_TempData_t { /*! Private key data. */ CRYS_ECPKI_UserPrivKey_t PrivKey; /*! Public key data. */ CRYS_ECPKI_UserPublKey_t PublKey; /*! Internal buffer. */ uint32_t zz[3*CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS + 1]; /*! Internal buffers. */ union { CRYS_ECPKI_BUILD_TempData_t buildTempbuff; CRYS_ECPKI_KG_TempData_t KgTempBuff; CRYS_ECDH_TempData_t DhTempBuff; } tmp; }CRYS_ECIES_TempData_t; /* --------------------------------------------------------------------- */ /* .................. defines for FIPS ........... */ /* --------------------------------------------------------------------- */ /*! Order length for the FIPS ECC tests. */ #define CRYS_ECPKI_FIPS_ORDER_LENGTH (256/SASI_BITS_IN_BYTE) // the order of secp256r1 in bytes /*! Context definition required for internal FIPS verification for ECPKI key generation. */ typedef struct CRYS_ECPKI_KG_FipsContext_t { /*! Signing and verification data. */ union { CRYS_ECDSA_SignUserContext_t signCtx; CRYS_ECDSA_VerifyUserContext_t verifyCtx; }operationCtx; /*! Internal buffer. */ uint32_t signBuff[2*CRYS_ECPKI_ORDER_MAX_LENGTH_IN_WORDS]; }CRYS_ECPKI_KG_FipsContext_t; /*! Context defintion, required for internal FIPS verification for ECDSA KAT. * * The ECDSA KAT tests defined for domain 256r1. */ typedef struct CRYS_ECDSAFipsKatContext_t{ /*! Key data. */ union { /*! Private key data. */ struct { CRYS_ECPKI_UserPrivKey_t PrivKey; CRYS_ECDSA_SignUserContext_t signCtx; }userSignData; /*! Public key data. */ struct { CRYS_ECPKI_UserPublKey_t PublKey; union { CRYS_ECDSA_VerifyUserContext_t verifyCtx; CRYS_ECPKI_BUILD_TempData_t tempData; }buildOrVerify; }userVerifyData; }keyContextData; /*! Internal buffer. */ uint8_t signBuff[2*CRYS_ECPKI_FIPS_ORDER_LENGTH]; }CRYS_ECDSAFipsKatContext_t; /*! Context definition, required for internal FIPS verification for ECDH KAT. */ typedef struct CRYS_ECDHFipsKatContext_t{ /*! Public key data. */ CRYS_ECPKI_UserPublKey_t pubKey; /*! Private key data. */ CRYS_ECPKI_UserPrivKey_t privKey; /*! Internal buffers. */ union { CRYS_ECPKI_BUILD_TempData_t ecpkiTempData; CRYS_ECDH_TempData_t ecdhTempBuff; }tmpData; /*! Buffer for the secret key. */ uint8_t secretBuff[CRYS_ECPKI_FIPS_ORDER_LENGTH]; }CRYS_ECDHFipsKatContext_t; #ifdef __cplusplus } #endif #endif