diff --git a/.astyleignore b/.astyleignore index ba97ee2..bf97857 100644 --- a/.astyleignore +++ b/.astyleignore @@ -7,7 +7,6 @@ ^connectivity/drivers/emac ^connectivity/drivers/mbedtls ^connectivity/mbedtls -^features/cryptocell ^features/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_MBED_PSA_SRV ^features/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM ^features/frameworks diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/Readme.md b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/Readme.md new file mode 100644 index 0000000..f8145b5 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/Readme.md @@ -0,0 +1,37 @@ +# Guidelines for porting Cryptocell to Mbed OS + +Cryptocell (CC) 310 is a hardware accelerator you can port to boards that have CC 310 embedded in their hardware. + +The CC 310 driver consists of three libraries: + +* A common core library (`libcc_core.a`). +* A platform-specific TRNG library containing TRNG-related information for sampling sufficient entropy on the specific platform (`libcc_trng.a`). +* A platform-specific library containing extra information, such as the CC register's base addresses on the specific board (`libcc_ext.a`). + +Library version information: + +* The CC 310 libraries were built from version `arm_sw-cc310-1.1.0.1285`. +* The `IAR` libraries were built using `IAR ANSI C/C++ Compiler V7.80.1.11864/W32 for ARM` with `--cpu Cortex-M4f`. +* The `ARM` libraries were built using `ARM Compiler 5.06 update 4 (build 422)` with `--cpu cortex-m4`. +* The `GCC_ARM` libraries were built using `arm-none-eabi-gcc 6.3.1 20170620 (release)` with `-mcpu=cortex-m4`. + +To port your CC 310 driver to Mbed OS on your specific target: + +1. In `targets.json`, add the following to your target: + * `MBEDTLS_CONFIG_HW_SUPPORT` to `macros_add` key. This instructs Mbed TLS to look for an alternative cryptographic implementation. + * `CRYPTOCELL310` to `feature`. Use this in your common code that you need to remove from compilation in case CC exists in your board. Use `#if !defined(FEATURE_CRYPTOCELL310)` and `#if defined(FEATURE_CRYPTOCELL310)`. +1. In `objects.h`, include `objects_cryptocell.h`. You can use the `FEATURE_CRYPTOCELL310` precompilation check as defined above. +1. In `features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_`, add your platform-specific libraries for all toolchains in `TOOLCHAIN_ARM`, `TOOLCHAIN_GCC_ARM` and `TOOLCHAIN_IAR` respectively. +1. Add your CC setup code: + * Implement `crypto_platform_setup()` and `crypto_platform_terminate()` to enable CC on your platform, in case you have board-specific setup functionality, required for CC setup. You MUST call `SaSi_LibInit()` and `SaSi_LibFini()` in these functions. + * Define `crypto_platform_ctx` in `crypto_device_platform.h` in a way that suits your implementation. + +## Enabling optional alternative drivers + +Three additional modules that are not enabled by default have alternative implementation support. This allows backward compatability because these modules don't have full functionality and returns `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED` for some features. The modules are: + +* `AES`, which only supports 128 bit key size, as opposed to previous support for all key sizes. +* `CMAC`, which only supports AES 128 bit key size, as opposed to previous support for DES and all key sizes. +* `SHA512`, which only supports SHA512, as opposed to previous support for SHA384, as well. + +To enable these modules, define `MBEDTLS_AES_ALT`, `MBEDTLS_CMAC_ALT` and `MBEDTLS_SHA512_ALT`, either in `mbed_app.json` or in your `MBEDTLS_USER_CONFIG_FILE`, to have hardware accelerated module with reduced RAM size, on the expense of full functionality. diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_ARM/libcc_310_ext.ar b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_ARM/libcc_310_ext.ar new file mode 100644 index 0000000..40e27f7 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_ARM/libcc_310_ext.ar Binary files differ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_ARM/libcc_310_trng.ar b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_ARM/libcc_310_trng.ar new file mode 100644 index 0000000..17f0057 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_ARM/libcc_310_trng.ar Binary files differ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_GCC_ARM/libcc_310_ext.a b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_GCC_ARM/libcc_310_ext.a new file mode 100644 index 0000000..64c57cc --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_GCC_ARM/libcc_310_ext.a Binary files differ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_GCC_ARM/libcc_310_trng.a b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_GCC_ARM/libcc_310_trng.a new file mode 100644 index 0000000..df24c2c --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_GCC_ARM/libcc_310_trng.a Binary files differ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_IAR/lib_cc310_ext.a b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_IAR/lib_cc310_ext.a new file mode 100644 index 0000000..3b54c60 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_IAR/lib_cc310_ext.a Binary files differ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_IAR/lib_cc310_trng.a b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_IAR/lib_cc310_trng.a new file mode 100644 index 0000000..312518e --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_IAR/lib_cc310_trng.a Binary files differ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/crypto_device_platform.c b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/crypto_device_platform.c new file mode 100644 index 0000000..8fccaeb --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/crypto_device_platform.c @@ -0,0 +1,44 @@ + /* + * crypto_platform.c + * + * Copyright (C) 2018, Arm Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include "platform_alt.h" +#include "nrf52840.h" +#include "sns_silib.h" +#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) + +static CRYS_RND_WorkBuff_t rndWorkBuff = { { 0 } } ; + +int crypto_platform_setup( crypto_platform_ctx *ctx ) +{ + NRF_CRYPTOCELL->ENABLE = 1; + + if( SaSi_LibInit( &ctx->rndState, &rndWorkBuff ) != 0 ) + return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + return ( 0 ); +} + +void crypto_platform_terminate( crypto_platform_ctx *ctx ) +{ + SaSi_LibFini( &ctx->rndState ); + NRF_CRYPTOCELL->ENABLE = 0; +} + +#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/crypto_device_platform.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/crypto_device_platform.h new file mode 100644 index 0000000..9b611b2 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/crypto_device_platform.h @@ -0,0 +1,35 @@ +/* + * crypto_platform.h + * + * Copyright (C) 2018, Arm Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +#ifndef __CRYPTO_PLATFORM_H_ +#define __CRYPTO_PLATFORM_H_ +#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) +#include "crys_rnd.h" +/** + * \brief The CC platform context structure. + * + * \note This structure may be used to assist platform-specific + * setup or teardown operations. + */ +typedef struct { + CRYS_RND_State_t rndState; +} +crypto_platform_ctx; +#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ +#endif /* __CRYPTO_PLATFORM_H_ */ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/binaries/TOOLCHAIN_ARM/libcc_310_core.ar b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/binaries/TOOLCHAIN_ARM/libcc_310_core.ar new file mode 100644 index 0000000..3121265 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/binaries/TOOLCHAIN_ARM/libcc_310_core.ar Binary files differ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/binaries/TOOLCHAIN_GCC_ARM/libcc_310_core.a b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/binaries/TOOLCHAIN_GCC_ARM/libcc_310_core.a new file mode 100644 index 0000000..bace518 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/binaries/TOOLCHAIN_GCC_ARM/libcc_310_core.a Binary files differ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/binaries/TOOLCHAIN_IAR/lib_cc310_core.a b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/binaries/TOOLCHAIN_IAR/lib_cc310_core.a new file mode 100644 index 0000000..498bd54 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/binaries/TOOLCHAIN_IAR/lib_cc310_core.a Binary files differ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/aes_alt.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/aes_alt.h new file mode 100644 index 0000000..54167a2 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/aes_alt.h @@ -0,0 +1,56 @@ +/* + * aes_alt.h + * + * Copyright (C) 2019, Arm Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef __AES_ALT__ +#define __AES_ALT__ + +#if defined(MBEDTLS_AES_ALT) +#include "ssi_aes.h" +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct +{ + SaSiAesUserContext_t CC_Context; + SaSiAesEncryptMode_t CC_cipherFlag; + uint8_t CC_Key[SASI_AES_KEY_MAX_SIZE_IN_BYTES]; + size_t CC_keySizeInBytes; +} +mbedtls_aes_context; + +#if defined(MBEDTLS_CIPHER_MODE_XTS) +/** + * \brief The AES XTS context-type definition. + */ +typedef struct mbedtls_aes_xts_context +{ + int unsupported; +} +mbedtls_aes_xts_context; +#endif /* MBEDTLS_CIPHER_MODE_XTS */ + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_AES_ALT */ +#endif /* __AES_ALT__ */ + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/cc_internal.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/cc_internal.h new file mode 100644 index 0000000..66efc0f --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/cc_internal.h @@ -0,0 +1,133 @@ +/* + * cc_internal.h + * + * Internal utility functions and definitions, + * used for converting mbedtls types to CC types, and vice versa + * + * Copyright (C) 2018, Arm Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef __CC_INTERNAL_H__ +#define __CC_INTERNAL_H__ +#include "crys_ecpki_types.h" +#include "crys_ec_mont_api.h" +#include "mbedtls/ecp.h" +#include +#include + +#define CURVE_25519_KEY_SIZE 32 + +#ifdef __cplusplus +extern "C" { +#endif + +#define MAX_KEY_SIZE_IN_BYTES ( ( CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS ) * SASI_32BIT_WORD_SIZE) + +/* ECC utility functions and structures*/ +typedef struct cc_ecc_ws_keygen_params{ + CRYS_ECPKI_UserPublKey_t pubKey; + CRYS_ECPKI_UserPrivKey_t privKey; + CRYS_ECPKI_KG_TempData_t kgTempData; +} cc_ecc_ws_keygen_params_t; + +typedef struct cc_ecc_ws_comp_shared_params{ + CRYS_ECPKI_UserPublKey_t pubKey; + CRYS_ECPKI_UserPrivKey_t privKey; + CRYS_ECDH_TempData_t ecdhTempData; +} cc_ecc_ws_comp_shared_params_t; + +typedef struct cc_ecc_ws_verify_params{ + CRYS_ECPKI_UserPublKey_t pubKey; + CRYS_ECDSA_VerifyUserContext_t verifyContext; +} cc_ecc_ws_verify_params_t; + +typedef struct cc_ecc_ws_sign_params{ + CRYS_ECPKI_UserPrivKey_t privKey; + CRYS_ECDSA_SignUserContext_t signContext; +} cc_ecc_ws_sign_params_t; + +typedef struct cc_ecc_25519_keygen_params{ + uint8_t pubKey[CURVE_25519_KEY_SIZE]; + uint8_t privKey[CURVE_25519_KEY_SIZE]; + CRYS_ECMONT_TempBuff_t kgTempData; +} cc_ecc_25519_keygen_params_t; + +typedef cc_ecc_25519_keygen_params_t cc_ecc_25519_comp_shared_params_t; + +/** + * \brief This function converts mbedtls type mbedtls_ecp_group_id + * to Cryptocell type CRYS_ECPKI_DomainID_t + * + * \param grp_id The mbedtls mbedtls_ecp_group_id to convert + * + * \return \c The corresponding CRYS_ECPKI_DomainID_t. + * CRYS_ECPKI_DomainID_OffMode if not recognized. + */ +CRYS_ECPKI_DomainID_t convert_mbedtls_grp_id_to_crys_domain_id( mbedtls_ecp_group_id grp_id ); + +/* f_rng conversion from mbedtls type to cc type*/ +typedef struct +{ + int (*f_rng)( void* ctx, unsigned char* output, size_t outSizeBytes ); + void* ctx; + +}mbedtls_rand_func_container; + +/** + * \brief This function converts mbedtls f_rng type to + * Cryptocell f_rng type(SaSiRndGenerateVectWorkFunc_t) + * + * Note: The Mbed TLS type f_rng signature is: + * int (*f_rng)( void* ctx, unsigned char* output, size_t outSizeBytes ); + * while CC f_rng signature is: + * uint32_t (*SaSiRndGenerateVectWorkFunc_t)( + * void *rndState_ptr, + * uint16_t outSizeBytes, + * uint8_t *out_ptr) + * + * so the Mbed TLS f_rng can't be sent as is to the CC API. + * + * In addition, this function manipulates the different random data, + * to adjust between the way Cryptocell reads the random data. This is done for + * different standard tests to pass. + * + * + * \param mbedtls_rand The mbedtls rnd context pointer + * \param outSizeBytes The size of the output buffer + * \param out_ptr Pointer to the output buffer + * + * \return \c The corresponding CRYS_ECPKI_DomainID_t. + * CRYS_ECPKI_DomainID_OffMode if not recognized. + */ + +uint32_t convert_mbedtls_to_cc_rand( void* mbedtls_rand, uint16_t outSizeBytes, uint8_t* out_ptr ); + +/** + * \brief This function convertsCryptocell error + * Mbed TLS related error. + * + * + * \return \c The corresponding Mbed TLS error, + * MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED as default, if none found + */ +int convert_CrysError_to_mbedtls_err( CRYSError_t Crys_err ); + +#ifdef __cplusplus +} +#endif + +#endif /* __CC_INTERNAL_H__ */ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/ccm_alt.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/ccm_alt.h new file mode 100644 index 0000000..a0a3bdf --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/ccm_alt.h @@ -0,0 +1,34 @@ +/* + * ccm_alt.h + * + * Copyright (C) 2018, Arm Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef __CCM_ALT__ +#define __CCM_ALT__ + +#if defined(MBEDTLS_CCM_ALT) +#include "crys_aesccm.h" + +typedef struct { + CRYS_AESCCM_Key_t cipher_key; /*!< cipher key used */ + CRYS_AESCCM_KeySize_t key_size; +} +mbedtls_ccm_context; + +#endif /* MBEDTLS_CCM_ALT */ +#endif /* __CCM_ALT__ */ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/cmac_alt.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/cmac_alt.h new file mode 100644 index 0000000..845a7a7 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/cmac_alt.h @@ -0,0 +1,50 @@ +/* + * cmac_alt.h + * + * Copyright (C) 2019, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef __CMAC_ALT__ +#define __CMAC_ALT__ + +#if defined(MBEDTLS_CMAC_ALT) +#include "ssi_aes.h" +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct mbedtls_cmac_context_t +{ + SaSiAesUserContext_t CC_Context; + uint8_t CC_Key[SASI_AES_KEY_MAX_SIZE_IN_BYTES]; + size_t CC_keySizeInBytes; + /** Unprocessed data - either data that was not block aligned and is still + * pending processing, or the final block */ + unsigned char unprocessed_block[SASI_AES_BLOCK_SIZE_IN_BYTES]; + + /** The length of data pending processing. */ + size_t unprocessed_len; + + int is_cc_initiated; +} mbedtls_cmac_context_t; + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_CMAC_ALT */ +#endif /* __CMAC_ALT__ */ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ccsw_crys_rsa_shared_types.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ccsw_crys_rsa_shared_types.h new file mode 100644 index 0000000..03f561a --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ccsw_crys_rsa_shared_types.h @@ -0,0 +1,144 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +#ifndef SW_CRYS_RSA_SHARED_TYPES_H +#define SW_CRYS_RSA_SHARED_TYPES_H + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/** @file + * @brief This file contains the types for the CCSW RSA module. + */ + +/************************ Defines ******************************/ + +/************************************************************************/ +/* the following definitions are only relevant for RSA code on SW */ +/************************************************************************/ +/* Define the maximal allowed width of the exponentiation sliding window +in range 2...6. This define is actual for projects on soft platform. +To minimize code size use the minimum value. To optimize performance +choose the maximum value */ + +/* The valid key size in bits */ +#define SW_CRYS_RSA_MIN_VALID_KEY_SIZE_VALUE_IN_BITS 512 + +#ifndef CRYS_NO_RSA_MAX_KEY_SIZE_4096_BIT_SUPPORT +#define SW_CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS 4096 +#define SW_CRYS_RSA_MAX_KEY_GENERATION_SIZE_BITS 4096 +#else +#ifndef CRYS_NO_RSA_MAX_KEY_SIZE_3072_BIT_SUPPORT +#define SW_CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS 3072 +#define SW_CRYS_RSA_MAX_KEY_GENERATION_SIZE_BITS 3072 +#else +#define SW_CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS 2048 +#define SW_CRYS_RSA_MAX_KEY_GENERATION_SIZE_BITS 2048 +#endif +#endif + + + + + +/* Define the size of the exponentiation temp buffer, used in LLF_PKI exponentiation and NON DEPENDED on + width of the sliding window. The size defined in units equaled to maximal RSA modulus size */ +#define PKI_EXP_CONST_TEMP_BUFF_SIZE_IN_MODULUS_UNITS 7 + +#define PKI_EXP_SLIDING_WINDOW_MAX_VALUE 2 + + /* The maximum buffer size for the 'H' value */ +#define SW_CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS ((SW_CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS + 64UL ) / 32 ) + + +/* definition of PKI_KEY_GEN_TEMP_BUFF_SIZE_WORDS IS DEPENDED on width of the sliding window*/ +#if( PKI_EXP_SLIDING_WINDOW_MAX_VALUE > 2 ) +#define PKI_KEY_GEN_TEMP_BUFF_SIZE_WORDS \ + ((4 + (1<<(PKI_EXP_SLIDING_WINDOW_MAX_VALUE-2))) * SW_CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS) +#else +#define PKI_KEY_GEN_TEMP_BUFF_SIZE_WORDS \ + (16 * SW_CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS) +#endif + +#ifndef PKI_EXP_WINDOW_TEMP_BUFFER_SIZE_IN_MODULUS_UNITS +#define PKI_EXP_WINDOW_TEMP_BUFFER_SIZE_IN_MODULUS_UNITS (3 + (1 << (PKI_EXP_SLIDING_WINDOW_MAX_VALUE-1))) +#endif + + +/* Define the size of the temp buffer, used in LLF_PKI exponentiation and DEPENDED on + width of the sliding window in words */ +#if (PKI_EXP_CONST_TEMP_BUFF_SIZE_IN_MODULUS_UNITS > PKI_EXP_WINDOW_TEMP_BUFFER_SIZE_IN_MODULUS_UNITS ) +#define PKI_EXP_TEMP_BUFFER_SIZE_IN_WORDS \ + (PKI_EXP_CONST_TEMP_BUFF_SIZE_IN_MODULUS_UNITS * SW_CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS + 2 ) +#else +#define PKI_EXP_TEMP_BUFFER_SIZE_IN_WORDS \ + (PKI_EXP_WINDOW_TEMP_BUFFER_SIZE_IN_MODULUS_UNITS * SW_CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS + 2 ) +#endif + +/* the RSA data type */ +typedef struct SW_Shared_CRYS_RSAPrimeData_t { + /* The aligned input and output data buffers */ + uint32_t DataIn[SW_CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; + uint32_t DataOut[SW_CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; + + /* #include specific fields that are used by the low level */ + struct { + union { + struct { /* Temporary buffers used for the exponent calculation */ + uint32_t Tempbuff1[PKI_EXP_TEMP_BUFFER_SIZE_IN_WORDS]; + uint32_t Tempbuff2[SW_CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS * 2]; + /* Temporary buffer for self-test support */ + uint32_t TempBuffer[SW_CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; + }NonCrt; + + struct { /* Temporary buffers used for the exponent calculation */ + uint32_t Tempbuff1[PKI_EXP_TEMP_BUFFER_SIZE_IN_WORDS]; + uint32_t Tempbuff2[SW_CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS * 2]; + }Crt; + }Data; + }LLF; + +}SW_Shared_CRYS_RSAPrimeData_t; + + + + +#ifdef __cplusplus +} +#endif +#endif diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_aesccm.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_aesccm.h new file mode 100644 index 0000000..ccf0732 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_aesccm.h @@ -0,0 +1,315 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + +#ifndef CRYS_AESCCM_H +#define CRYS_AESCCM_H + +#include "ssi_pal_types.h" +#include "crys_error.h" + +#include "ssi_aes.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! +@file +@brief This file contains all of the enums and definitions that are used for the CRYS AESCCM APIs, as well as the APIs themselves. +The API supports AES-CCM and AES-CCM* as defined in ieee-802.15.4. +@defgroup crys_aesccm CryptoCell AES-CCM APIs +@{ +@ingroup cryptocell_api + + +@note +Regarding the AES-CCM*, the API supports only AES-CCM* as defined in ieee-802.15.4-2011; With the instantiations as defined in B.3.2 and the nonce as defined in 7.3.2. +in case of AES-CCM* the flow should be as follows: +
  • AES-CCM* integrated
    • +
    • CRYS_AESCCMStar_NonceGenerate
      • +
    • CRYS_AESCCMStar
+
  • AES-CCM* non-integrated
    • +
    • CRYS_AESCCMStar_NonceGenerate
      • +
    • CRYS_AESCCMStar_Init
      • +
    • CRYS_AESCCM_BlockAdata
      • +
    • CRYS_AESCCM_BlockTextData
      • +
    • CRYS_AESCCM_Finish
+*/ + +/************************ Defines ******************************/ + +/*! AES CCM context size in words.*/ +#define CRYS_AESCCM_USER_CTX_SIZE_IN_WORDS (152/4) + +/*! AES CCM maximal key size in words. */ +#define CRYS_AESCCM_KEY_SIZE_WORDS 8 + +/* nonce and AESCCM-MAC sizes definitions */ +/*! AES CCM NONCE minimal size in bytes. */ +#define CRYS_AESCCM_NONCE_MIN_SIZE_BYTES 7 +/*! AES CCM NONCE maximal size in bytes. */ +#define CRYS_AESCCM_NONCE_MAX_SIZE_BYTES 13 +/*! AES CCM MAC minimal size in bytes..*/ +#define CRYS_AESCCM_MAC_MIN_SIZE_BYTES 4 +/*! AES CCM MAC maximal size in bytes. */ +#define CRYS_AESCCM_MAC_MAX_SIZE_BYTES 16 + +/*! AES CCM star NONCE size in bytes. */ +#define CRYS_AESCCM_STAR_NONCE_SIZE_BYTES 13 +/*! AES CCM star source address size in bytes. */ +#define CRYS_AESCCM_STAR_SOURCE_ADDRESS_SIZE_BYTES 8 + +/*! AES CCM mode - CCM. */ +#define CRYS_AESCCM_MODE_CCM 0 +/*! AES CCM mode - CCM STAR. */ +#define CRYS_AESCCM_MODE_STAR 1 + + +/************************ Typedefs ****************************/ +/*! AES CCM key sizes. */ +typedef enum { + /*! Key size 128 bits. */ + CRYS_AES_Key128BitSize = 0, + /*! Key size 192 bits. */ + CRYS_AES_Key192BitSize = 1, + /*! Key size 256 bits. */ + CRYS_AES_Key256BitSize = 2, + /*! Key size 512 bits. */ + CRYS_AES_Key512BitSize = 3, + /*! Number of optional key sizes. */ + CRYS_AES_KeySizeNumOfOptions, + /*! Reserved. */ + CRYS_AES_KeySizeLast = 0x7FFFFFFF, + +}CRYS_AESCCM_KeySize_t; + +/*! AES_CCM key buffer definition.*/ +typedef uint8_t CRYS_AESCCM_Key_t[CRYS_AESCCM_KEY_SIZE_WORDS * sizeof(uint32_t)]; +/*! AES_CCM MAC buffer definition.*/ +typedef uint8_t CRYS_AESCCM_Mac_Res_t[SASI_AES_BLOCK_SIZE_IN_BYTES]; + +/*! AES_CCM_STAR source address buffer defintion. */ +typedef uint8_t CRYS_AESCCMStar_SourceAddress_t[CRYS_AESCCM_STAR_SOURCE_ADDRESS_SIZE_BYTES]; +/*! AES_CCM_STAR Nonce buffer defintion. */ +typedef uint8_t CRYS_AESCCMStar_Nonce_t[CRYS_AESCCM_STAR_NONCE_SIZE_BYTES]; + +/******************* Context Structure ***********************/ +/*! The user's context structure - the argument type that is passed by the user to the AES CCM APIs */ +typedef struct CRYS_AESCCM_UserContext_t +{ + /*! AES CCM context buffer for internal usage. */ + uint32_t buff[CRYS_AESCCM_USER_CTX_SIZE_IN_WORDS]; +}CRYS_AESCCM_UserContext_t; + + +/************************ Public Functions **********************/ + +/*! +@brief This function initializes the AES CCM context. + +It formats of the input data, calculates AES-MAC value for the formatted B0 block containing control information and +CCM unique value (Nonce), and initializes the AES context structure including the initial CTR0 value. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_aesccm_error.h. +*/ +CRYSError_t CC_AESCCM_Init( + CRYS_AESCCM_UserContext_t *ContextID_ptr, /*!< [in] Pointer to the AES context buffer that is allocated by the user and is used for + the AES operation. */ + SaSiAesEncryptMode_t EncrDecrMode, /*!< [in] Flag specifying whether Encrypt (::SASI_AES_ENCRYPT) or Decrypt + (::SASI_AES_DECRYPT) operation should be performed. */ + CRYS_AESCCM_Key_t CCM_Key, /*!< [in] Pointer to the AES-CCM key. */ + CRYS_AESCCM_KeySize_t KeySizeId, /*!< [in] Enumerator defining the key size (only 128 bit is valid). */ + uint32_t AdataSize, /*!< [in] Full byte length of additional (associated) data. If set to zero, + calling ::CRYS_AESCCM_BlockAdata on the same context would return an error. */ + uint32_t TextSizeQ, /*!< [in] Full length of plain text data. */ + uint8_t *N_ptr, /*!< [in] Pointer to the Nonce. */ + uint8_t SizeOfN, /*!< [in] Nonce byte size. The valid values depend on the ccm mode: +
  • CCM: valid values = [7 .. 13].
    • +
  • CCM*: valid values = [13].
*/ + uint8_t SizeOfT, /*!< [in] AES-CCM MAC (tag) byte size. The valid values depend on the ccm mode: +
  • CCM: valid values = [4, 6, 8, 10, 12, 14, 16].
    • +
  • CCM*: valid values = [0, 4, 8, 16].
*/ + uint32_t ccmMode /*!< [in] Flag specifying whether AES-CCM or AES-CCM* should be performed. */ +); + +/*! Macro defintion for CRYS_AESCCM_Init (AES CCM non-star implementation). */ +#define CRYS_AESCCM_Init(ContextID_ptr, EncrDecrMode, CCM_Key, KeySizeId, AdataSize, TextSizeQ, N_ptr, SizeOfN, SizeOfT) \ + CC_AESCCM_Init(ContextID_ptr, EncrDecrMode, CCM_Key, KeySizeId, AdataSize, TextSizeQ, N_ptr, SizeOfN, SizeOfT, CRYS_AESCCM_MODE_CCM) + +/*! Macro defintion CRYS_AESCCMStar_Init (AES CCM star implementation). */ +#define CRYS_AESCCMStar_Init(ContextID_ptr, EncrDecrMode, CCM_Key, KeySizeId, AdataSize, TextSizeQ, N_ptr, SizeOfN, SizeOfT) \ + CC_AESCCM_Init(ContextID_ptr, EncrDecrMode, CCM_Key, KeySizeId, AdataSize, TextSizeQ, N_ptr, SizeOfN, SizeOfT, CRYS_AESCCM_MODE_STAR) + +/*! +@brief This function receives a CCM context and a block of additional data, and adds it to the AES MAC +calculation. +This API can be called only once per operation context. It should not be called in case AdataSize was set to +zero in ::CC_AESCCM_Init. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_aesccm_error.h. +*/ +CRYSError_t CRYS_AESCCM_BlockAdata( + CRYS_AESCCM_UserContext_t *ContextID_ptr, /*!< [in] Pointer to the context buffer. */ + uint8_t *DataIn_ptr, /*!< [in] Pointer to the additional input data. The buffer must be contiguous. */ + uint32_t DataInSize /*!< [in] Byte size of the additional data. Must match AdataSize parameter provided to + ::CRYS_AESCCM_Init. */ +); + +/*! +@brief This function can be invoked for any block of Text data whose size is a multiple of 16 bytes, +excluding the last block that must be processed by ::CRYS_AESCCM_Finish. +
  • If encrypting: + Continues calculation of the intermediate AES_MAC value of the text data, while simultaneously encrypting the text data using AES_CTR, + starting from CTR value = CTR0+1.
    • +
  • If decrypting: + Continues decryption of the text data, while calculating the intermediate AES_MAC value of decrypted data.
+ +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_aesccm_error.h. +*/ +CRYSError_t CRYS_AESCCM_BlockTextData( + CRYS_AESCCM_UserContext_t *ContextID_ptr, /*!< [in] Pointer to the context buffer. */ + uint8_t *DataIn_ptr, /*!< [in] Pointer to the additional input data. The buffer must be contiguous. */ + uint32_t DataInSize, /*!< [in] Byte size of the text data block. Must be a multiple of 16 bytes. */ + uint8_t *DataOut_ptr /*!< [out] Pointer to the output data. The size of the output buffer must be at least DataInSize. + The buffer must be contiguous. */ +); + +/*! +@brief This function must be the last to be called on the text data. +It can either be called on the entire text data (if transferred as one block), or on the last block of the text data, +even if total size of text data is equal to 0. +It performs the same operations as ::CRYS_AESCCM_BlockTextData, but additionally: +
  • If encrypting:
    • +
    • If the size of text data is not in multiples of 16 bytes, it pads the remaining bytes with zeros to a full 16-bytes block and + processes the data using AES_MAC and AES_CTR algorithms.
      • +
    • Encrypts the AES_MAC result with AES_CTR using the CTR0 value saved in the context and places the SizeOfT bytes of MAC (tag) + at the end.
+
  • If decrypting:
    • +
    • Processes the text data, except for the last SizeOfT bytes (tag), using AES_CTR and then AES_MAC algorithms.
      • +
    • Encrypts the calculated MAC using AES_CTR based on the saved CTR0 value, and compares it with SizeOfT last bytes of input data (i.e. + tag value).
      • +
    • The function saves the validation result (Valid/Invalid) in the context.
      • +
    • Returns (as the error code) the final CCM-MAC verification result.
+ +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_aesccm_error.h. +*/ +CEXPORT_C CRYSError_t CRYS_AESCCM_Finish( + CRYS_AESCCM_UserContext_t *ContextID_ptr, /*!< [in] Pointer to the context buffer. */ + uint8_t *DataIn_ptr, /*!< [in] Pointer to the last input data. The buffer must be contiguous. */ + uint32_t DataInSize, /*!< [in] Byte size of the last text data block. Can be zero. */ + uint8_t *DataOut_ptr, /*!< [in] Pointer to the output (cipher or plain text data) data. The buffer must + be contiguous. If DataInSize = 0, output buffer is not required. */ + CRYS_AESCCM_Mac_Res_t MacRes, /*!< [in] MAC result buffer pointer. */ + uint8_t *SizeOfT /*!< [out] AES-CCM MAC byte size as defined in CRYS_AESCCM_Init. */ +); + +/****************************************************************************************************/ +/******** AESCCM FUNCTION ******/ +/****************************************************************************************************/ +/*! +@brief AES CCM combines Counter mode encryption with CBC-MAC authentication. +Input to CCM includes the following elements: +
  • Payload - text data that is both authenticated and encrypted.
    • +
  • Associated data (Adata) - data that is authenticated but not encrypted, e.g., a header.
    • +
  • Nonce - A unique value that is assigned to the payload and the associated data.
+ +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_aesccm_error.h. +*/ +CIMPORT_C CRYSError_t CC_AESCCM( + SaSiAesEncryptMode_t EncrDecrMode, /*!< [in] A flag specifying whether an AES Encrypt (::SASI_AES_ENCRYPT) or Decrypt + (::SASI_AES_DECRYPT) operation should be performed. */ + CRYS_AESCCM_Key_t CCM_Key, /*!< [in] Pointer to AES-CCM key. */ + CRYS_AESCCM_KeySize_t KeySizeId, /*!< [in] Enumerator defining the key size (only 128 bit is valid). */ + uint8_t *N_ptr, /*!< [in] Pointer to the Nonce. */ + uint8_t SizeOfN, /*!< [in] Nonce byte size. The valid values depend on the ccm mode: +
  • CCM: valid values = [7 .. 13].
    • +
  • CCM*: valid values = [13].
*/ + uint8_t *ADataIn_ptr, /*!< [in] Pointer to the additional input data. The buffer must be contiguous. */ + uint32_t ADataInSize, /*!< [in] Byte size of the additional data. */ + uint8_t *TextDataIn_ptr, /*!< [in] Pointer to the plain-text data for encryption or cipher-text data for decryption. + The buffer must be contiguous. */ + uint32_t TextDataInSize, /*!< [in] Byte size of the full text data. */ + uint8_t *TextDataOut_ptr, /*!< [out] Pointer to the output (cipher or plain text data according to encrypt-decrypt mode) + data. The buffer must be contiguous. */ + uint8_t SizeOfT, /*!< [in] AES-CCM MAC (tag) byte size. The valid values depend on the ccm mode: +
  • CCM: valid values = [4, 6, 8, 10, 12, 14, 16].
    • +
  • CCM*: valid values = [0, 4, 8, 16].
*/ + CRYS_AESCCM_Mac_Res_t Mac_Res, /*!< [in/out] Pointer to the MAC result buffer. */ + uint32_t ccmMode /*!< [in] Flag specifying whether AES-CCM or AES-CCM* should be performed. */ +); + +/*! Macro defintion for CRYS_AESCCM (AES CCM non-star implementation). */ +#define CRYS_AESCCM(EncrDecrMode, CCM_Key, KeySizeId, N_ptr, SizeOfN, ADataIn_ptr, ADataInSize, TextDataIn_ptr, TextDataInSize, TextDataOut_ptr, SizeOfT, Mac_Res) \ + CC_AESCCM(EncrDecrMode, CCM_Key, KeySizeId, N_ptr, SizeOfN, ADataIn_ptr, ADataInSize, TextDataIn_ptr, TextDataInSize, TextDataOut_ptr, SizeOfT, Mac_Res, CRYS_AESCCM_MODE_CCM) + +/*! Macro defintion for CRYS_AESCCMStar (AES CCM star implementation). */ +#define CRYS_AESCCMStar(EncrDecrMode, CCM_Key, KeySizeId, N_ptr, SizeOfN, ADataIn_ptr, ADataInSize, TextDataIn_ptr, TextDataInSize, TextDataOut_ptr, SizeOfT, Mac_Res) \ + CC_AESCCM(EncrDecrMode, CCM_Key, KeySizeId, N_ptr, SizeOfN, ADataIn_ptr, ADataInSize, TextDataIn_ptr, TextDataInSize, TextDataOut_ptr, SizeOfT, Mac_Res, CRYS_AESCCM_MODE_STAR) + + +/*! +@brief This function receives the MAC source address, the frame counter and the MAC size +and returns the required nonce for AES-CCM* as defined in ieee-802.15.4. +This API should be called before CRYS_AESCCMStar and CRYS_AESCCMStar_Init, +and the generated nonce should be provided to these functions. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_aesccm_error.h. +*/ +CRYSError_t CRYS_AESCCMStar_NonceGenerate( + CRYS_AESCCMStar_SourceAddress_t srcAddr, /*!< [in] The MAC address in EUI-64 format. */ + uint32_t FrameCounter, /*!< [in] The MAC frame counter. */ + uint8_t SizeOfT, /*!< [in] AES-CCM* MAC (tag) byte size. Valid values = [0,4,8,16]. */ + CRYS_AESCCMStar_Nonce_t nonce /*!< [out] The required nonce for AES-CCM*. */ +); + +#ifdef __cplusplus +} +#endif + +/** +@} + */ + +#endif /*#ifndef CRYS_AESCCM_H*/ + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_aesccm_error.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_aesccm_error.h new file mode 100644 index 0000000..4ed26e3 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_aesccm_error.h @@ -0,0 +1,134 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + + +#ifndef CRYS_AESCCM_ERROR_H +#define CRYS_AESCCM_ERROR_H + + +#include "crys_error.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! +@file +@brief This module contains the definitions of the CRYS AESCCM errors. +@defgroup crys_aesccm_error CryptoCell AES-CCM specific errors +@{ +@ingroup crys_aesccm +*/ + +/************************ Defines ******************************/ + +/*! CRYS AESCCM module errors. CRYS_AESCCM_MODULE_ERROR_BASE = 0x00F01500. */ +/*! Invalid context pointer. */ +#define CRYS_AESCCM_INVALID_USER_CONTEXT_POINTER_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x00UL) +/*! Illegal key size. */ +#define CRYS_AESCCM_ILLEGAL_KEY_SIZE_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x01UL) +/*! Invalid key pointer. */ +#define CRYS_AESCCM_INVALID_KEY_POINTER_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x02UL) +/*! Invalid encryption mode. */ +#define CRYS_AESCCM_INVALID_ENCRYPT_MODE_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x03UL) +/*! Context is corrupted. */ +#define CRYS_AESCCM_USER_CONTEXT_CORRUPTED_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x04UL) +/*! Invalid data in pointer. */ +#define CRYS_AESCCM_DATA_IN_POINTER_INVALID_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x05UL) +/*! Invalid data out pointer. */ +#define CRYS_AESCCM_DATA_OUT_POINTER_INVALID_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x06UL) +/*! Illegal data in size. */ +#define CRYS_AESCCM_DATA_IN_SIZE_ILLEGAL (CRYS_AESCCM_MODULE_ERROR_BASE + 0x07UL) +/*! Illegal data in or data out address. */ +#define CRYS_AESCCM_DATA_OUT_DATA_IN_OVERLAP_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x08UL) +/*! Illegal data out size. */ +#define CRYS_AESCCM_DATA_OUT_SIZE_INVALID_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x09UL) +/*! Illegal call to process additional data. */ +#define CRYS_AESCCM_ADDITIONAL_BLOCK_NOT_PERMITTED_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x0AUL) +/*! Illegal dma buffer type. */ +#define CRYS_AESCCM_ILLEGAL_DMA_BUFF_TYPE_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x0BUL) +/*! Illegal parameter size. */ +#define CRYS_AESCCM_ILLEGAL_PARAMETER_SIZE_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x0CUL) +/*! Invalid parameter pointer. */ +#define CRYS_AESCCM_ILLEGAL_PARAMETER_PTR_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x0DUL) +/*! Invalid data type. */ +#define CRYS_AESCCM_ILLEGAL_DATA_TYPE_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x0EUL) +/*! CCM MAC compare failure. */ +#define CRYS_AESCCM_CCM_MAC_INVALID_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x0FUL) +/*! Illegal operation. */ +#define CRYS_AESCCM_LAST_BLOCK_NOT_PERMITTED_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x10UL) +/*! Illegal parameter. */ +#define CRYS_AESCCM_ILLEGAL_PARAMETER_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x11UL) +/*! Additional data input size is incorrect. */ +#define CRYS_AESCCM_NOT_ALL_ADATA_WAS_PROCESSED_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x13UL) +/*! Text data input size is incorrect. */ +#define CRYS_AESCCM_NOT_ALL_DATA_WAS_PROCESSED_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x14UL) +/*! Additional data was already processed (must be processed only once). */ +#define CRYS_AESCCM_ADATA_WAS_PROCESSED_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x15UL) +/*! Illegal Nonce size. */ +#define CRYS_AESCCM_ILLEGAL_NONCE_SIZE_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x16UL) +/*! Illegal tag (MAC) size. */ +#define CRYS_AESCCM_ILLEGAL_TAG_SIZE_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x17UL) + +/*! Illegal context size. */ +#define CRYS_AESCCM_CTX_SIZES_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x28UL) +/*! Illegal parameters. */ +#define CRYS_AESCCM_ILLEGAL_PARAMS_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x29UL) +/*! AESCCM is not supported. */ +#define CRYS_AESCCM_IS_NOT_SUPPORTED (CRYS_AESCCM_MODULE_ERROR_BASE + 0xFFUL) + +/************************ Enums ********************************/ + +/************************ Typedefs ****************************/ + +/************************ Structs *****************************/ + +/************************ Public Variables *********************/ + +/************************ Public Functions *********************/ + +#ifdef __cplusplus +} +#endif + +/** +@} + */ + +#endif + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_chacha.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_chacha.h new file mode 100644 index 0000000..89fb88d --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_chacha.h @@ -0,0 +1,234 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +/*! +@file +@brief This file contains all of the enums and definitions that are used for the + CRYS CHACHA APIs, as well as the APIs themselves. +@defgroup crys_chacha CryptoCell CHACHA APIs +@{ +@ingroup cryptocell_api +*/ +#ifndef CRYS_CHACHA_H +#define CRYS_CHACHA_H + + +#include "ssi_pal_types.h" +#include "crys_error.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/************************ Defines ******************************/ +/*! CHACHA user's context size in words. */ +#define CRYS_CHACHA_USER_CTX_SIZE_IN_WORDS 17 + +/*! CHACHA block size in words. */ +#define CRYS_CHACHA_BLOCK_SIZE_IN_WORDS 16 +/*! CHACHA block size in bytes. */ +#define CRYS_CHACHA_BLOCK_SIZE_IN_BYTES (CRYS_CHACHA_BLOCK_SIZE_IN_WORDS * sizeof(uint32_t)) + +/*! Nonce buffer max size in words. */ +#define CRYS_CHACHA_NONCE_MAX_SIZE_IN_WORDS 3 +/*! Nonce buffer max size in bytes. */ +#define CRYS_CHACHA_NONCE_MAX_SIZE_IN_BYTES (CRYS_CHACHA_NONCE_MAX_SIZE_IN_WORDS * sizeof(uint32_t)) + +/*! CHACHA KEY maximal size in words. */ +#define CRYS_CHACHA_KEY_MAX_SIZE_IN_WORDS 8 +/*! CHACHA KEY maximal size in bytes. */ +#define CRYS_CHACHA_KEY_MAX_SIZE_IN_BYTES (CRYS_CHACHA_KEY_MAX_SIZE_IN_WORDS * sizeof(uint32_t)) + +/************************ Enums ********************************/ + +/*! Enum defining the CHACHA Encrypt or Decrypt operation mode. */ +typedef enum { + /*! CHACHA encrypt mode. */ + CRYS_CHACHA_Encrypt = 0, + /*! CHACHA decrypt mode. */ + CRYS_CHACHA_Decrypt = 1, + /*! CHACHA maximal number of operations (encrypt/decrypt). */ + CRYS_CHACHA_EncryptNumOfOptions, + + /*! Reserved. */ + CRYS_CHACHA_EncryptModeLast = 0x7FFFFFFF, + +}CRYS_CHACHA_EncryptMode_t; + +/*! Enum defining the CHACHA Nonce size in bits. */ +typedef enum { + /*! 64 bit Nonce size. */ + CRYS_CHACHA_Nonce64BitSize = 0, + /*! 96 bit Nonce size. */ + CRYS_CHACHA_Nonce96BitSize = 1, + /*! CHACHA maximal number of nonce sizes. */ + CRYS_CHACHA_NonceSizeNumOfOptions, + /*! Reserved. */ + CRYS_CHACHA_NonceSizeLast = 0x7FFFFFFF, + +}CRYS_CHACHA_NonceSize_t; + +/************************ Typedefs ****************************/ + +/*! Defines the Nonce buffer 12 bytes array. */ +typedef uint8_t CRYS_CHACHA_Nonce_t[CRYS_CHACHA_NONCE_MAX_SIZE_IN_BYTES]; + +/*! Defines the CHACHA key buffer. */ +typedef uint8_t CRYS_CHACHA_Key_t[CRYS_CHACHA_KEY_MAX_SIZE_IN_BYTES]; + + +/************************ context Structs ******************************/ + +/*! The user's context prototype - the argument type that is passed by the user + to the CHACHA API. The context saves the state of the operation and must be saved by the user + till the end of the APIs flow (for example till ::CRYS_CHACHA_Free is called). */ +typedef struct CRYS_CHACHAUserContext_t { + /* Allocated buffer must be double the size of actual context + * + 1 word for offset management */ + /*! Context buffer for internal use */ + uint32_t buff[CRYS_CHACHA_USER_CTX_SIZE_IN_WORDS]; +}CRYS_CHACHAUserContext_t; + +/************************ Public Variables **********************/ + + +/************************ Public Functions **********************/ + +/****************************************************************************************************/ + +/*! +@brief This function is used to initialize the context for CHACHA operations. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_chacha_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_CHACHA_Init( + CRYS_CHACHAUserContext_t *pContextID, /*!< [in] Pointer to the CHACHA context buffer that is allocated by the user + and is used for the CHACHA operation. */ + CRYS_CHACHA_Nonce_t pNonce, /*!< [in] A buffer containing an nonce. */ + CRYS_CHACHA_NonceSize_t nonceSize, /*!< [in] Enumerator defining the nonce size (only 64 and 96 bit are valid). */ + CRYS_CHACHA_Key_t pKey, /*!< [in] A pointer to the user's key buffer. */ + uint32_t initialCounter, /*!< [in] An initial counter. */ + CRYS_CHACHA_EncryptMode_t EncryptDecryptFlag /*!< [in] A flag specifying whether the CHACHA should perform an Encrypt operation + or a Decrypt operation. */ +); + + +/*! +@brief This function is used to process aligned blocks of CHACHA. +The data in size should be a multiple of chacha block size. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_chacha_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_CHACHA_Block( + CRYS_CHACHAUserContext_t *pContextID, /*!< [in] Pointer to the context buffer. */ + uint8_t *pDataIn, /*!< [in] A pointer to the buffer of the input data to the CHACHA. + The pointer does not need to be aligned. must not be null. */ + uint32_t dataInSize, /*!< [in] The size of the input data. + Must be a multiple of ::CRYS_CHACHA_BLOCK_SIZE_IN_BYTES bytes and must not be 0. */ + uint8_t *pDataOut /*!< [out] A pointer to the buffer of the output data from the CHACHA. + The pointer does not need to be aligned. must not be null. */ +); + + +/*! +@brief This function is used to process the remaining data of CHACHA. +The data in size should be smaller than chacha block size. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_chacha_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_CHACHA_Finish( + CRYS_CHACHAUserContext_t *pContextID, /*!< [in] Pointer to the context buffer. */ + uint8_t *pDataIn, /*!< [in] A pointer to the buffer of the input data to the CHACHA. + The pointer does not need to be aligned. If dataInSize = 0, input buffer is not required. */ + uint32_t dataInSize, /*!< [in] The size of the input data. + zero and non multiple of ::CRYS_CHACHA_BLOCK_SIZE_IN_BYTES are valid. */ + uint8_t *pDataOut /*!< [out] A pointer to the buffer of the output data from the CHACHA. + The pointer does not need to be aligned. If dataInSize = 0, output buffer is not required. */ +); + + +/*! +@brief This function is used to free the context of CHACHA operations. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_chacha_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_CHACHA_Free( + CRYS_CHACHAUserContext_t *pContextID /*!< [in] Pointer to the context buffer. */ +); + + +/*! +@brief This function is used to perform the CHACHA operation in one integrated process. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_chacha_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_CHACHA( + CRYS_CHACHA_Nonce_t pNonce, /*!< [in] A buffer containing an nonce. */ + CRYS_CHACHA_NonceSize_t nonceSize, /*!< [in] Enumerator defining the nonce size (only 64 and 96 bit are valid). */ + CRYS_CHACHA_Key_t pKey, /*!< [in] A pointer to the user's key buffer. */ + uint32_t initialCounter, /*!< [in] An initial counter. */ + CRYS_CHACHA_EncryptMode_t encryptDecryptFlag, /*!< [in] A flag specifying whether the CHACHA should perform an Encrypt operation + or a Decrypt operation. */ + uint8_t *pDataIn, /*!< [in] A pointer to the buffer of the input data to the CHACHA. + The pointer does not need to be aligned. must not be null. */ + uint32_t dataInSize, /*!< [in] The size of the input data. must not be 0. */ + uint8_t *pDataOut /*!< [out] A pointer to the buffer of the output data from the CHACHA. + The pointer does not need to be aligned. must not be null. */ +); + + +/***********************************************************************************/ + +#ifdef __cplusplus +} +#endif + +/** +@} + */ + +#endif /* #ifndef CRYS_CHACHA_H */ + + + + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_chacha_error.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_chacha_error.h new file mode 100644 index 0000000..93f6141 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_chacha_error.h @@ -0,0 +1,103 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +#ifndef CRYS_CHACHA_ERROR_H +#define CRYS_CHACHA_ERROR_H + + +#include "crys_error.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! +@file +@brief This module contains the definitions of the CRYS CHACHA errors. +@defgroup crys_chacha_error CryptoCell CHACHA specific errors +@{ +@ingroup crys_chacha +*/ + + + +/************************ Defines ******************************/ + +/*! The CRYS CHACHA module errors base address - 0x00F02200. */ +/*! Illegal Nonce. */ +#define CRYS_CHACHA_INVALID_NONCE_ERROR (CRYS_CHACHA_MODULE_ERROR_BASE + 0x01UL) +/*! Illegal key size. */ +#define CRYS_CHACHA_ILLEGAL_KEY_SIZE_ERROR (CRYS_CHACHA_MODULE_ERROR_BASE + 0x02UL) +/*! Illegal key pointer. */ +#define CRYS_CHACHA_INVALID_KEY_POINTER_ERROR (CRYS_CHACHA_MODULE_ERROR_BASE + 0x03UL) +/*! Illegal operation mode. */ +#define CRYS_CHACHA_INVALID_ENCRYPT_MODE_ERROR (CRYS_CHACHA_MODULE_ERROR_BASE + 0x04UL) +/*! Illegal data in pointer. */ +#define CRYS_CHACHA_DATA_IN_POINTER_INVALID_ERROR (CRYS_CHACHA_MODULE_ERROR_BASE + 0x05UL) +/*! Illegal data out pointer. */ +#define CRYS_CHACHA_DATA_OUT_POINTER_INVALID_ERROR (CRYS_CHACHA_MODULE_ERROR_BASE + 0x06UL) +/*! Illegal user context. */ +#define CRYS_CHACHA_INVALID_USER_CONTEXT_POINTER_ERROR (CRYS_CHACHA_MODULE_ERROR_BASE + 0x07UL) +/*! Illegal user context size. */ +#define CRYS_CHACHA_CTX_SIZES_ERROR (CRYS_CHACHA_MODULE_ERROR_BASE + 0x08UL) +/*! Illegal Nonce pointer. */ +#define CRYS_CHACHA_INVALID_NONCE_PTR_ERROR (CRYS_CHACHA_MODULE_ERROR_BASE + 0x09UL) +/*! Illegal data in size. */ +#define CRYS_CHACHA_DATA_IN_SIZE_ILLEGAL (CRYS_CHACHA_MODULE_ERROR_BASE + 0x0AUL) +/*! General error. */ +#define CRYS_CHACHA_GENERAL_ERROR (CRYS_CHACHA_MODULE_ERROR_BASE + 0x0BUL) +/*! CHACHA is not supported. */ +#define CRYS_CHACHA_IS_NOT_SUPPORTED (CRYS_CHACHA_MODULE_ERROR_BASE + 0xFFUL) + +/************************ Enums ********************************/ + +/************************ Typedefs ****************************/ + +/************************ Structs *****************************/ + +/************************ Public Variables *********************/ + +/************************ Public Functions *********************/ + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_chacha_poly.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_chacha_poly.h new file mode 100644 index 0000000..f9a7ce1 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_chacha_poly.h @@ -0,0 +1,95 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +/*! +@file +@brief This file contains all of the enums and definitions that are used for the + CRYS CHACHA-POLY APIs, as well as the APIs themselves. +@defgroup crys_chacha_poly CryptoCell CHACHA-POLY APIs +@{ +@ingroup cryptocell_api +*/ +#ifndef CRYS_CHACHA_POLY_H +#define CRYS_CHACHA_POLY_H + + +#include "ssi_pal_types.h" +#include "crys_error.h" +#include "crys_chacha.h" +#include "crys_poly.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/*! +@brief This function is used to perform the CHACHA-POLY encryption and authentication operation. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_chacha_poly_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_CHACHA_POLY( + CRYS_CHACHA_Nonce_t pNonce, /*!< [in] A pointer to a buffer containing the nonce value. */ + CRYS_CHACHA_Key_t pKey, /*!< [in] A pointer to the user's key buffer. */ + CRYS_CHACHA_EncryptMode_t encryptDecryptFlag, /*!< [in] A flag specifying whether the CHACHA-POLY should perform an Encrypt or + Decrypt operation. */ + uint8_t *pAddData, /*!< [in] A pointer to the buffer of the additional data to the POLY. + The pointer does not need to be aligned. must not be null. */ + size_t addDataSize, /*!< [in] The size of the input data. must not be 0. */ + uint8_t *pDataIn, /*!< [in] A pointer to the buffer of the input data to the CHACHA. + The pointer does not need to be aligned. must not be null. */ + size_t dataInSize, /*!< [in] The size of the input data. must not be 0. */ + uint8_t *pDataOut, /*!< [out] A pointer to the buffer of the output data from the CHACHA. + must not be null. */ + CRYS_POLY_Mac_t macRes /*!< [in/out] Pointer to the MAC result buffer.*/ +); + + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif /* #ifndef CRYS_CHACHA_POLY_H */ + + + + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_chacha_poly_error.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_chacha_poly_error.h new file mode 100644 index 0000000..f5465ec --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_chacha_poly_error.h @@ -0,0 +1,95 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +#ifndef CRYS_CHACHA_POLY_ERROR_H +#define CRYS_CHACHA_POLY_ERROR_H + + +#include "crys_error.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! +@file +@brief This module contains the definitions of the CRYS CHACHA POLY errors. +@defgroup crys_chacha_poly_error CryptoCell CHACHA POLY specific errors +@{ +@ingroup crys_chacha_poly +*/ + + + +/************************ Defines ******************************/ + +/*! The CRYS CHACHA POLY module errors base address - 0x00F02400. */ +/*! Invalid Additional data. */ +#define CRYS_CHACHA_POLY_ADATA_INVALID_ERROR (CRYS_CHACHA_POLY_MODULE_ERROR_BASE + 0x01UL) +/*! Invalid input data. */ +#define CRYS_CHACHA_POLY_DATA_INVALID_ERROR (CRYS_CHACHA_POLY_MODULE_ERROR_BASE + 0x02UL) +/*! Illegal encryption mode. */ +#define CRYS_CHACHA_POLY_ENC_MODE_INVALID_ERROR (CRYS_CHACHA_POLY_MODULE_ERROR_BASE + 0x03UL) +/*! Illegal data size. */ +#define CRYS_CHACHA_POLY_DATA_SIZE_INVALID_ERROR (CRYS_CHACHA_POLY_MODULE_ERROR_BASE + 0x04UL) +/*! Key generation error. */ +#define CRYS_CHACHA_POLY_GEN_KEY_ERROR (CRYS_CHACHA_POLY_MODULE_ERROR_BASE + 0x05UL) +/*! CHACHA Key generation error. */ +#define CRYS_CHACHA_POLY_ENCRYPTION_ERROR (CRYS_CHACHA_POLY_MODULE_ERROR_BASE + 0x06UL) +/*! Authentication error. */ +#define CRYS_CHACHA_POLY_AUTH_ERROR (CRYS_CHACHA_POLY_MODULE_ERROR_BASE + 0x07UL) +/*! MAC comparison error. */ +#define CRYS_CHACHA_POLY_MAC_ERROR (CRYS_CHACHA_POLY_MODULE_ERROR_BASE + 0x08UL) + +/************************ Enums ********************************/ + +/************************ Typedefs ****************************/ + +/************************ Structs *****************************/ + +/************************ Public Variables *********************/ + +/************************ Public Functions *********************/ + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_common.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_common.h new file mode 100644 index 0000000..74c6302 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_common.h @@ -0,0 +1,371 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + + +#ifndef CRYS_COMMON_H +#define CRYS_COMMON_H + +#include "crys_common_error.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/************************ Defines ******************************/ + +#define CRYS_AES_SECRET_KEY_SIZE_IN_WORDS 4 + +/* the ROT13 definition - relevant only on SW low level engines compiled in the ROT mode */ +#define CRYS_COMMON_ROT_13_OFFSET 13 + + + +/************************ Enums ********************************/ + +/************************ Typedefs ****************************/ + +/************************ Structs *****************************/ + +/************************ Public Variables *********************/ + +/************************ Public Functions *********************/ + + + +/*********************************************************************** + ** + * @brief This function executes a reverse bytes copying from one buffer to another buffer. + * + * Overlapping of buffers is not allowed, excluding the case, when destination and source + * buffers are the same. + * Example of a 5 byte buffer: + * + * dst_ptr[4] = src_ptr[0] + * dst_ptr[3] = src_ptr[1] + * dst_ptr[2] = src_ptr[2] + * dst_ptr[1] = src_ptr[3] + * dst_ptr[0] = src_ptr[4] + * + * @param[in] dst_ptr - The pointer to destination buffer. + * @param[in] src_ptr - The pointer to source buffer. + * @param[in] size - The size in bytes. + * + */ + CRYSError_t CRYS_COMMON_ReverseMemcpy( uint8_t *dst_ptr , uint8_t *src_ptr , uint32_t size ); + + +/*********************************************************************** + ** + * @brief This function converts aligned words array to bytes array/ + * + * 1. Assumed, that input buffer is aligned to 4-bytes word and + * bytes order is set according to machine endianness. + * 2. Output buffer receives data as bytes stream from LSB to MSB. + * For increasing performance on small buffers, the output data is given + * by rounded down pointer and alignment. + * 3. This implementation is given for both Big and Little endian machines. + * + * + * @param[in] in32_ptr - The pointer to aligned input buffer. + * @param[in] out32_ptr - The 32-bits pointer to output buffer (rounded down to 4 bytes) . + * @param[in] outAlignBits - The actual output data alignment; + * @param[in] sizeWords - The size in words (sizeWords >= 1). + * + * return - no return value. + */ + void CRYS_COMMON_AlignedWordsArrayToBytes( uint32_t *in32_ptr , uint32_t *out32_ptr , + uint32_t outAlignBits, uint32_t sizeWords ); + +/***********************************************************************/ + /** + * @brief This function converts in place words byffer to bytes buffer with + * reversed endianity of output array. + * + * The function can convert: + * - big endian bytes array to words array with little endian order + * of words and backward. + * + * Note: + * 1. Endianness of each word in words buffer should be set allways + * according to processor used. + * 2. Implementation is given for both big and little endianness of + * processor. + * + * @param[in] buf_ptr - The 32-bits pointer to input/output buffer. + * @param[in] sizeWords - The size in words (sizeWords > 0). + * + * @return - no return value. + */ +void CRYS_COMMON_InPlaceConvertBytesWordsAndArrayEndianness( + uint32_t *buf_ptr, + uint32_t sizeWords); + + +/***********************************************************************/ + /** + * @brief This function converts big endianness bytes array to aligned words + * array with words order according to little endian / + * + * 1. Assumed, that input bytes order is set according + * to big endianness: MS Byte is most left, i.e. order is from + * Msb to Lsb. + * 2. Output words array should set according to + * little endianness words order: LSWord is most left, i.e. order + * is from Lsw to Msw. Order bytes in each word - according to + * 3. Implementation is given for both big and little + * endianness of processor. + * + * @param[out] out32_ptr - The 32-bits pointer to output buffer. + * @param[in] sizeOutBuffBytes - The size in bytes of output buffer, must be + * aligned to 4 bytes and not less than sizeInBytes. + * @param[in] in8_ptr - The pointer to input buffer. + * @param[in] sizeInBytes - The size in bytes of input data(sizeBytes >= 1). + * + * @return CRYSError_t - On success CRYS_OK is returned, on failure a + * value MODULE_* as defined in . + */ +CRYSError_t CRYS_COMMON_ConvertMsbLsbBytesToLswMswWords( + uint32_t *out32_ptr, + uint32_t sizeOutBuffBytes, + const uint8_t *in8_ptr, + uint32_t sizeInBytes); + + +/***********************************************************************/ + /** + * @brief This function converts LE 32bit-words array to BE bytes array. + * + * Note: The function allows output full size of the data and also output + * without leading zeros, if the user gives appropriate exact output + * size < input size. + * + * Assuming: + * 1. Output bytes order is according to big endianness: + * MS Byte is most left, i.e. order is from Msb to Lsb. + * 2. Input array words order is set according to + * little endianness words order: LSWord is most left, i.e. order + * is from Lsw to Msw. Bytes order in each word - according to + * processor endianness. + * 3. Owerlapping of buffers is not allowed, besides in + * place operation and size aligned to full words. + * 4. Implementation is given for both big and little + * endianness of processor. + * + * @param[in] out8_ptr - The bytes pointer to the output buffer. + * @param[in] sizeOutBuffBytes - The size of the data in bytes to output; must + * be not less, than sizeInBytes. + * @param[out] in32_ptr - The pointer to the input buffer. + * @param[in] sizeInpBytes - The size of the input data in bytes. The size must + * be > 0 and aligned to 4 bytes. + * + * @return CRYSError_t - On success CRYS_OK is returned, on failure a + * value MODULE_* as defined in . + */ +CRYSError_t CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes( + uint8_t *out8_ptr, + uint32_t sizeOutBytes, + uint32_t *in32_ptr, + uint32_t sizeInpBytes); + + +/***********************************************************************/ +/** + * @brief VOS_GetGlobalData get the global random key hidden inside the function + * the global data implemented for now are random key buffer and AES secret key buffer + * + * When no_rtos is declared then we allow a global data. The random key/AES secret key are hidden as static inside the function + * + * + * @param[in] Globalid select the buffer + * @param[in] GlobalDataSizeWords - the global data buffer size needed in words - this value must be a predetermined value + * @param[out] GlobalData_ptr - Pointer to the global buffer returned. The buffer must be at least GlobalDataSizeWords size + * + * @return CRYSError_t - On success CRYS_OK is returned, on failure an Error as defined in VOS_error + */ +CRYSError_t CRYS_COMMON_GetGlobalData(uint16_t Globalid, uint32_t *GlobalData_ptr, uint16_t GlobalDataSizeWords); + + +/***********************************************************************/ +/** +* @brief CRYS_COMMON_StoreGlobalData store the global random key into the global buffer hidden inside the function +* the global data implemented for now are random key buffer and AES secret key buffer +* +* +* @param[in] Globalid - random key / AES secret key +* @param[in] GlobalDataSizeWords - the global data buffer size needed in words - this value must be a predetermined value +* @param[in] GlobalData_ptr - Pointer to the global buffer to be saved. The buffer must be at least GlobalDataSizeWords size +* +* Return Value: +*/ +CRYSError_t CRYS_COMMON_StoreGlobalData(uint16_t Globalid, uint32_t *GlobalData_ptr, uint16_t GlobalDataSizeWords); + + +/***********************************************************************/ +/** + * @brief The CRYS_COMMON_CutAndSaveEndOfLliData() function saves the data from end of source + * memory, pointed by LLI table, to destination memory, and decreases the LLI table accordingly. + * + * The function executes the following major steps: + * + * 1. Starts copy bytes from last byte of last chunk of source LLI table into + * last byte of destination memory. + * 2. Continues copy bytes in reverse order while not completes copying of all amount of data. + * 3. If last chunk of source or destination data is not enough, the function crosses + * to next chunk of LLI table. + * 4. Decreases the Data size of last updated LLI entry and sets the LAST bit. + * 5. Exits with the OK code. + * + * + * @param[in] SrcLliTab_ptr - The pointer to the LLI table, containing pointers and sizes of + * chunks of source data. The table need to be aligned and placed + * in SEP SRAM. + * @param[in] SrcLliTabSize_ptr - The pointer to buffer, containing th size of the LLI table in words. + * @param[in] Dest_ptr - The destination address for copying the data. + * @param[in] DataSize - The count of bytes to copy. + * + * @return CRYSError_t - On success CRYS_OK is returned, + * - CRYS_COMMON_ERROR_IN_SAVING_LLI_DATA_ERROR + * + * NOTE: 1. Because the function is intended for internal using, it is presumed that all input parameters + * are valid. + * 2. Assumed, that copied source not may to take more than two last chunks of source memory. + */ + CRYSError_t CRYS_COMMON_CutAndSaveEndOfLliData( + uint32_t *SrcLliTab_ptr, + uint32_t *SrcLliTabSize_ptr, + uint8_t *Dst_ptr, + uint32_t DataSize); + +/***********************************************************************/ +/** + * @brief The CRYS_COMMON_CutAndSaveBeginOfLliData() function saves the data from beginning of source + * memory, pointed by LLI table, to destination memory, and decreases the LLI table accordingly. + * + * The function executes the following major steps: + * + * 1. Starts copy bytes from first byte of first chunk of source LLI table into + * destination memory. + * 2. If first chunk of source is not enough, the function crosses + * to next chunk of LLI table. + * 3. Updates LLI table pointer and size according to copied amount of data. + * 5. Exits with the OK code. + * + * @param[in/out] SrcLliTab_ptr_ptr - The pointer to pointer to the LLI table, containing pointers and + * sizes of the chunks of source data. The table need to be aligned and + * placed in SRAM. + * @param[in/out] SrcLliTabSize_ptr - The pointer to buffer, containing th size of the LLI table in words. + * @param[in] Dest_ptr - The destination address for copying the data. + * @param[in] DataSize - The count of bytes to copy. + * + * @return - no return value. + * + * NOTE: 1. Because the function is intended for internal using, it is presumed that all input parameters + * are valid. + * 2. Assumed, that copied source not may to take more than two first chunks of source memory. + */ + void CRYS_COMMON_CutAndSaveBeginOfLliData( + uint32_t **SrcLliTab_ptr_ptr, + uint32_t *SrcLliTabSize_ptr, + uint8_t *Dst_ptr, + uint32_t DataSize); + +/***********************************************************************/ + /** + * @brief This function converts 32-bit words array with little endian + * order of words to bytes array with little endian (LE) order of bytes. + * + * Assuming: no buffers overlapping, in/out pointers and sizes not equall to NULL, + the buffer size must be not less, than input data size. + * + * @param[out] out8Le - The bytes pointer to output buffer. + * @param[in] in32Le - The pointer to input 32-bit words buffer. + * @param[in] sizeInWords - The size in words of input data (sizeWords >= 0). + * + * @return CRYSError_t - On success CRYS_OK is returned, on failure a + * value MODULE_* as defined in . + */ +void CRYS_COMMON_ConvertLswMswWordsToLsbMsbBytes( + uint8_t *out8Le, + const uint32_t *in32Le, + size_t sizeInWords); + + +/***********************************************************************/ +/** + * @brief This function converts bytes array with little endian (LE) order of + * bytes to 32-bit words array with little endian order of words and bytes. + * + * Assuming: No owerlapping of buffers; in/out pointers and sizes are not equall to NULL. + * If is in-place conversion, then the size must be multiple of 4 bytes. + * @param[out] out32Le - The 32-bits pointer to output buffer. The buffer size must be + * not less, than input data size. + * @param[in] in8Le - The pointer to input buffer. + * @param[in] sizeInBytes - The size in bytes of input data(sizeBytes > 0). + * + * @return CRYSError_t - On success CRYS_OK is returned, on failure a + * value MODULE_* as defined in . + */ +void CRYS_COMMON_ConvertLsbMsbBytesToLswMswWords( + uint32_t *out32Le, + const uint8_t *in8Le, + size_t sizeInBytes); + + +/** + * The function compares value of byte vector to null. + * + * @author reuvenl (6/20/2016) + * + * @param vect - a pointer to bytes vector. + * @param sizeBytes - size of the vector. + * + * @return uint32_t - if vector's value iz zero, then returns 1, else - 0; + */ +uint32_t CRYS_COMMON_CheckIsVectorZero(uint8_t *vect, uint32_t sizeBytes); + + + + +#ifdef __cplusplus +} +#endif + +#endif + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_common_error.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_common_error.h new file mode 100644 index 0000000..03c73c5 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_common_error.h @@ -0,0 +1,95 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + + #ifndef CRYS_COMMON_ERROR_H +#define CRYS_COMMON_ERROR_H + +#include "crys_error.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/************************ Defines ******************************/ + +/* CRYS COMMON module errors. Base address - 0x00F00D00 */ + +#define CRYS_COMMON_INIT_HW_SEM_CREATION_FAILURE (CRYS_COMMON_MODULE_ERROR_BASE + 0x0UL) +#define CRYS_COMMON_DATA_IN_POINTER_INVALID_ERROR (CRYS_COMMON_MODULE_ERROR_BASE + 0x4UL) +#define CRYS_COMMON_DATA_SIZE_ILLEGAL (CRYS_COMMON_MODULE_ERROR_BASE + 0x5UL) +#define CRYS_COMMON_DATA_OUT_DATA_IN_OVERLAP_ERROR (CRYS_COMMON_MODULE_ERROR_BASE + 0x6UL) +#define CRYS_COMMON_DATA_OUT_POINTER_INVALID_ERROR (CRYS_COMMON_MODULE_ERROR_BASE + 0x7UL) +#define CRYS_COMMON_OUTPUT_BUFF_SIZE_ILLEGAL (CRYS_COMMON_MODULE_ERROR_BASE + 0x9UL) + +#define CRYS_COMMON_TST_UTIL_CHUNK_SIZE_SMALL_ERROR (CRYS_COMMON_MODULE_ERROR_BASE + 0x10UL) +#define CRYS_COMMON_ERROR_IN_SAVING_LLI_DATA_ERROR (CRYS_COMMON_MODULE_ERROR_BASE + 0x11UL) + + +#define CRYS_COMMON_TST_UTIL_LLI_ENTRY_SIZE_TOO_SMALL_ERROR (CRYS_COMMON_MODULE_ERROR_BASE + 0x12UL) +#define CRYS_COMMON_TST_CSI_DATA_SIZE_EXCEED_ERROR (CRYS_COMMON_MODULE_ERROR_BASE + 0x13UL) +#define CRYS_COMMON_TST_CSI_MODULE_ID_OUT_OF_RANGE (CRYS_COMMON_MODULE_ERROR_BASE + 0x14UL) +#define CRYS_COMMON_TST_CSI_MEMORY_MAPPING_ERROR (CRYS_COMMON_MODULE_ERROR_BASE + 0x15UL) + +#define CRYS_COMMON_TERM_HW_SEM_DELETE_FAILURE (CRYS_COMMON_MODULE_ERROR_BASE + 0x16UL) + +#define CRYS_COMMON_TST_UTIL_NOT_INTEGER_CHAR_ERROR (CRYS_COMMON_MODULE_ERROR_BASE + 0x17UL) +#define CRYS_COMMON_TST_UTIL_BUFFER_IS_SMALL_ERROR (CRYS_COMMON_MODULE_ERROR_BASE + 0x18UL) +#define CRYS_COMMON_POINTER_NOT_ALIGNED_ERROR (CRYS_COMMON_MODULE_ERROR_BASE + 0x19UL) + + +/************************ Enums ********************************/ + + +/************************ Typedefs ****************************/ + + +/************************ Structs ******************************/ + + +/************************ Public Variables **********************/ + + +/************************ Public Functions **********************/ + +#ifdef __cplusplus +} +#endif + +#endif + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_dh.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_dh.h new file mode 100644 index 0000000..be0deb9 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_dh.h @@ -0,0 +1,446 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + + +#ifndef _CRYS_DH_H +#define _CRYS_DH_H + +#include "crys_rsa_types.h" +#include "crys_kdf.h" +#include "crys_rnd.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/*! +@file +@brief This module defines the API that supports Diffie-Hellman key exchange, as defined in [PKCS3] and in [X9.42] (key lengths 1024 and 2048 bits). +@defgroup crys_dh CryptoCell DH APIs +@{ +@ingroup cryptocell_api +*/ + + +/************************ Defines ******************************/ +/*! Defintion for DH public key.*/ +#define CRYS_DHPubKey_t CRYSRSAPubKey_t + +/*! Maximal valid key size in bits.*/ +#define CRYS_DH_MAX_VALID_KEY_SIZE_VALUE_IN_BITS CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS /*!< \internal RL restrict to 2048 */ +/*! Minimal valid key size in bits.*/ +#define CRYS_DH_MIN_VALID_KEY_SIZE_VALUE_IN_BITS 1024 /*!< Size limitation according to ANSI standard */ +/*! Maximal modulus size in bytes.*/ +#define CRYS_DH_MAX_MOD_SIZE_IN_BYTES (CRYS_DH_MAX_VALID_KEY_SIZE_VALUE_IN_BITS / SASI_BITS_IN_BYTE) +/*! Maximal modulus size in words.*/ +#define CRYS_DH_MAX_MOD_SIZE_IN_WORDS (CRYS_DH_MAX_MOD_SIZE_IN_BYTES/sizeof(uint32_t)) + +/*! Modulus buffer size in words.*/ +#define CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS (CRYS_DH_MAX_MOD_SIZE_IN_WORDS + 2) +/*! Maximal domain generation size in bits.*/ +#define CRYS_DH_DOMAIN_GENERATION_MAX_SIZE_BITS CRYS_RSA_MAX_KEY_GENERATION_SIZE_BITS /*!< \internal RL restrict to 2048 */ + +/*! Defintion for DH primitives data.*/ +#define CRYS_DHPrimeData_t CRYS_RSAPrimeData_t +/*! Defintion for DH public key.*/ +#define CRYS_DHUserPubKey_t CRYS_RSAUserPubKey_t +/*! Defintion for DH other info.*/ +#define CRYS_DH_OtherInfo_t CRYS_KDF_OtherInfo_t + +/*! Keying data size is in bytes*/ +#define CRYS_DH_MAX_SIZE_OF_KEYING_DATA CRYS_KDF_MAX_SIZE_OF_KEYING_DATA + +/************************ Enums ********************************/ + +/*! DH operations mode */ +typedef enum +{ + /*! PKCS3 operation mode. */ + CRYS_DH_PKCS3_mode = 0, + /*! ANSI X942 operation mode. */ + CRYS_DH_ANSI_X942_mode = 1, + /*! Total number of operation modes. */ + CRYS_DH_NumOfModes, + + /*! Reserved. */ + CRYS_DH_OpModeLast = 0x7FFFFFFF, + +}CRYS_DH_OpMode_t; + +/*! HASH operation modes */ +typedef enum +{ + /*! SHA1 operation mode. */ + CRYS_DH_HASH_SHA1_mode = CRYS_HASH_SHA1_mode, + /*! SHA224 operation mode. */ + CRYS_DH_HASH_SHA224_mode = CRYS_HASH_SHA224_mode, + /*! SHA256 operation mode. */ + CRYS_DH_HASH_SHA256_mode = CRYS_HASH_SHA256_mode, + /*! SHA384 operation mode. */ + CRYS_DH_HASH_SHA384_mode = CRYS_HASH_SHA384_mode, + /*! SHA512 operation mode. */ + CRYS_DH_HASH_SHA512_mode = CRYS_HASH_SHA512_mode, + /*! MD5 operation mode (not used in DH). */ + CRYS_DH_HASH_MD5_mode = CRYS_HASH_MD5_mode, /*!< \internal not used in DH */ + /*! Total number of HASH modes. */ + CRYS_DH_HASH_NumOfModes = CRYS_HASH_MD5_mode, + /*! Reserved. */ + CRYS_DH_HASH_OperationModeLast = 0x7FFFFFFF, + +}CRYS_DH_HASH_OpMode_t; + +/*! Key derivation modes. */ +typedef enum +{ + /*! ASN1 derivation mode.*/ + CRYS_DH_ASN1_Der_mode = CRYS_KDF_ASN1_DerivMode, + /*! Concatination derivation mode.*/ + CRYS_DH_Concat_Der_mode = CRYS_KDF_ConcatDerivMode, + /*! X963 derivation mode.*/ + CRYS_DH_X963_DerMode = CRYS_KDF_ConcatDerivMode, + /*! Reserved. */ + CRYS_DH_DerivationFunc_ModeLast= 0x7FFFFFFF, + +}CRYS_DH_DerivationFunc_Mode; + + +/************************ Typedefs *************************************/ +/*! Temporary buffer structure for internal usage.*/ +typedef struct +{ + /*! Temporary primitives data */ + CRYS_DHPrimeData_t PrimeData; + /*! Public key. */ + CRYS_DHPubKey_t PubKey; + /*! Temporary buffer for internal usage. */ + uint32_t TempBuff[CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS]; +} CRYS_DH_ExpTemp_t; + +/*! Temporary buffer structure for internal usage. */ +typedef struct +{ + /*! Temporary primitives data */ + CRYS_DHPrimeData_t PrimeData; + /*! User's public key. */ + CRYS_DHUserPubKey_t UserPubKey; + /*! Temporary buffer for internal usage. */ + uint32_t TempBuff[CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS]; +} CRYS_DH_Temp_t; + +/*! Temporary buffer structure for internal usage. */ +typedef struct +{ + /*! Temporary primitives data */ + CRYS_DHPrimeData_t PrimeData; + /*! User's public key. */ + CRYS_DHUserPubKey_t UserPubKey; + /*! Temporary buffer for internal usage. */ + uint32_t TempBuff[2*CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS]; +} CRYS_DH_HybrTemp_t; + +/*! Defintion of buffer used for FIPS Known Answer Tests. */ +typedef struct +{ + /*! Public key. */ + CRYS_DHUserPubKey_t pubKey; + /*! Temporary primitives data */ + CRYS_DHPrimeData_t primeData; + /*! Buffer for the secret value.*/ + uint8_t secretBuff[CRYS_DH_MIN_VALID_KEY_SIZE_VALUE_IN_BITS/SASI_BITS_IN_BYTE]; // KAT tests uses 1024 bit key +} CRYS_DH_FipsKat_t; + + +/************************ Structs **************************************/ + +/************************ Public Variables ******************************/ + +/************************ Public Functions ******************************/ + +/*******************************************************************************************/ + +/*! +@brief This function has two purposes: +
  1. Randomly generate the client private key according to the choosen version [PKCS3] or [ANSI X9.42].
    2. +
  2. Computes the client public key as follows: ClientPub = Generator^Prv mod Prime, where '^' is the symbol of exponentiation.
+This function should not be called directly. Instead, use the macros ::CRYS_DH_PKCS3_GeneratePubPrv and ::CRYS_DH_ANSI_X942_GeneratePubPrv. +\note +All buffer parameters should be in Big-Endian form. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_dh_error.h, crys_rnd_error.h or crys_rsa_error.h. + */ +CIMPORT_C CRYSError_t _DX_DH_GeneratePubPrv( + void *rndState_ptr, /*!< [in/out] Pointer to the RND state structure. */ + SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to the random vector generation function. */ + uint8_t *Generator_ptr, /*!< [in] Pointer to the Generator octet string. */ + uint16_t GeneratorSize, /*!< [in] The size of the Generator string (in bytes). */ + uint8_t *Prime_ptr, /*!< [in] Pointer to the Prime octet string P (used as modulus in the algorithm). */ + uint16_t PrimeSize, /*!< [in] The size of the Prime string in bytes. */ + uint16_t L, /*!< [in] Exact size in bits of the Prime to be generated (relevant only for [PKCS3]): +
  • If L!=0, force the private key to be [2^(L-1) ? Prv < 2^L], where '^' + indicates exponentiation.
    • +
  • If L = 0 then [0 < Prv < P-1].
*/ + uint8_t *Q_ptr, /*!< [in] Relevant only for [ANSI X9.42] - Pointer to the Q octet string in the range: + 1 <= Prv <= Q-1 or 1 < Prv < Q-1. */ + uint16_t QSize, /*!< [in] Relevant only for [ANSI X9.42] - Size of the Q string (in bytes). */ + CRYS_DH_OpMode_t DH_mode, /*!< [in] An enumerator declaring whether this is [PKCS3] or [ANSI X9.42] mode. */ + CRYS_DHUserPubKey_t *tmpPubKey_ptr, /*!< [in] Pointer to a temporary buffer for public key structure. Used for the + exponentiation function. */ + CRYS_DHPrimeData_t *tmpPrimeData_ptr, /*!< [in] Pointer to a structure holding internal temporary buffers. */ + uint8_t *ClientPrvKey_ptr, /*!< [out] Pointer to the Private key Prv. This buffer should be at least the following + size (in bytes): +
  • If L is provided: (L+7)/8.
    • +
  • If L is NULL: \p PrimeSize.
*/ + uint16_t *ClientPrvKeySize_ptr, /*!< [in/out] Pointer to the Private key size: +
  • Input - size of the given buffer.
    • +
  • Output - actual size of the generated private key.
*/ + uint8_t *ClientPub1_ptr, /*!< [out] Pointer to the Public key. This buffer should be at least \p PrimeSize bytes. */ + uint16_t *ClientPubSize_ptr /*!< [in/out] Pointer to the Public key size: +
  • Input - size of the given buffer.
    • +
  • Output - actual size of the generated public key.
*/ +); + + +/* macro for calling the GeneratePubPrv function on PKCS#3 mode: Q is irrelevant */ +/*--------------------------------------------------------------------------------*/ +/*! +This macro is used to generate the public and private DH keys according to [PKCS3]. For a description of the parameters see ::_DX_DH_GeneratePubPrv. +*/ +#define CRYS_DH_PKCS3_GeneratePubPrv(rndState_ptr, rndGenerateVectFunc, Generator_ptr,GeneratorSize,\ + Prime_ptr,PrimeSize,\ + L,\ + tmpPubKey_ptr,tmpPrimeData_ptr,\ + ClientPrvKey_ptr,ClientPrvKeySize_ptr,\ + ClientPub_ptr,ClientPubSize_ptr)\ + _DX_DH_GeneratePubPrv(rndState_ptr, rndGenerateVectFunc, (Generator_ptr),(GeneratorSize),\ + (Prime_ptr),(PrimeSize),\ + (L),\ + (uint8_t *)NULL,(uint16_t)0,\ + CRYS_DH_PKCS3_mode,\ + (tmpPubKey_ptr),(tmpPrimeData_ptr),\ + (ClientPrvKey_ptr),(ClientPrvKeySize_ptr),\ + (ClientPub_ptr),(ClientPubSize_ptr)) + +/*! +This macro is used to generate the public and private DH keys according to [ANSI X9.42]. For a description of the parameters see ::_DX_DH_GeneratePubPrv. +*/ +#define CRYS_DH_ANSI_X942_GeneratePubPrv(rndState_ptr, rndGenerateVectFunc, Generator_ptr,GeneratorSize,Prime_ptr,PrimeSize,\ + Q_ptr,QSize,\ + tmpPubKey_ptr,tmpPrimeData_ptr,\ + ClientPrvKey_ptr,ClientPrvKeySize_ptr,\ + ClientPub_ptr,ClientPubSize_ptr)\ + _DX_DH_GeneratePubPrv(rndState_ptr, rndGenerateVectFunc, (Generator_ptr),(GeneratorSize),\ + (Prime_ptr),(PrimeSize),\ + (uint16_t)0,\ + (Q_ptr),(QSize),\ + CRYS_DH_ANSI_X942_mode,\ + (tmpPubKey_ptr),(tmpPrimeData_ptr),\ + (ClientPrvKey_ptr),(ClientPrvKeySize_ptr),\ + (ClientPub_ptr),(ClientPubSize_ptr)) + + +/*******************************************************************************************/ +/*! +@brief This function computes the shared secret key (value) accordng to [ANSI X9.42], 7.5.1: + SecretKey = ServerPubKey ^ ClientPrvKey mod Prime. +\note
  • All buffer parameters should be in Big-Endian form.
    • +
  • The user must obtain assurance of validity of the public key, using one of methods, +described in [ANSI X9.42] paragraph 7.4.
    • +
  • The actual size of the private key (in bits) must be not less than 2 and not greater than the actual +size of the Prime (modulus in bits).
+ +@return CRYS_OK on success. +@return A non-zero value on failure as defined in crys_dh_error.h or crys_rsa_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_DH_GetSecretKey( + uint8_t *ClientPrvKey_ptr, /*!< [in] Pointer to the Private key octet string Prv < Prime. */ + uint16_t ClientPrvKeySize, /*!< [in] The Private key Size (in bytes). */ + uint8_t *ServerPubKey_ptr, /*!< [in] Pointer to the Server public key octet string. */ + uint16_t ServerPubKeySize, /*!< [in] The Server Public key Size (in bytes). */ + uint8_t *Prime_ptr, /*!< [in] Pointer to the Prime octet string. */ + uint16_t PrimeSize, /*!< [in] The size of the Prime string. */ + CRYS_DHUserPubKey_t *tmpPubKey_ptr, /*!< [in] Pointer to the public key structure. Used for the exponentiation + operation function. Need not be initialized. */ + CRYS_DHPrimeData_t *tmpPrimeData_ptr, /*!< [in] Pointer to a structure containing internal temp buffers. */ + uint8_t *SecretKey_ptr, /*!< [out] Pointer to the secret key octet string. This buffer should be at + least PrimeSize bytes. */ + uint16_t *SecretKeySize_ptr /*!< [in/out] Pointer to the secret key Buffer Size. This buffer should be at + least of PrimeSize bytes: +
  • Input - size of the given buffer.
    • +
  • Output - actual size.
*/ +); + + +/******************************************************************************************/ +/*! +@brief This function extracts the shared secret keying data from the shared secret value. It should be called by using +macros ::CRYS_DH_X942_GetSecretDataAsn1 and ::CRYS_DH_X942_GetSecretDataConcat. + +\note +
  • The "other info" argument and its AlgorithmID entry are mandatory only for ASN1 key derivation, and optional for +the other derivation modes.
    • +
  • If used, all entries of the structure should be initialized with relevant data and size, prior to calling this function +(entry size of empty fields must be set to 0).
    • +
  • All buffers arguments are represented in Big-Endian form.
+ +@return CRYS_OK on success. +@return A non-zero value on failure as defined in crys_dh_error.h, crys_rsa_error.h, crys_kdf_error.h or crys_hash_error.h. +*/ + CIMPORT_C CRYSError_t CRYS_DH_X942_GetSecretData( + uint8_t *ClientPrvKey_ptr, /*!< [in] Pointer to the Private key octet string. */ + uint16_t ClientPrvKeySize, /*!< [in] The Private key size (in bytes). */ + uint8_t *ServerPubKey_ptr, /*!< [in] Pointer to the Server public key octet string. */ + uint16_t ServerPubKeySize, /*!< [in] The Server Public key size (in bytes). */ + uint8_t *Prime_ptr, /*!< [in] Pointer to the Prime octet string. */ + uint16_t PrimeSize, /*!< [in] The size of the Prime string. */ + CRYS_DH_OtherInfo_t *otherInfo_ptr, /*!< [in] Pointer to structure containing other data, shared by two entities + sharing the secret keying data. + The Maximal size of each data entry of "other info" is limited - see crys_kdf.h + for the defined value. */ + CRYS_DH_HASH_OpMode_t hashMode, /*!< [in] One of the supported SHA-x HASH modes. The supported modes are according to the supported + HASH modes for the product (and MD5 is not supported). */ + CRYS_DH_DerivationFunc_Mode DerivFunc_mode, /*!< [in] The enumerator ID of key derivation function mode. ASN1 or Concatenation + modes are supported. */ + CRYS_DH_Temp_t *tmpBuff_ptr, /*!< [in] A pointer to the DH temp buffer structure. Not initialized. */ + uint8_t *SecretKeyingData_ptr, /*!< [out] Pointer to the secret key octet string. This buffer should be at least + PrimeSize bytes. */ + uint16_t SecretKeyingDataSize /*!< [in] The required Secret Keying data size (in bytes). Must be larger than 0, + and smaller than the maximal - CRYS_DH_MAX_SIZE_OF_KEYING_DATA. */ +); + +/****************************************************************/ +/*! +This macro implements the DH [ANSI X9.42] standard. It derives a secret key using the Derivation function based on ASN.1. For a +description of the parameters see ::CRYS_DH_X942_GetSecretData.*/ +#define CRYS_DH_X942_GetSecretDataAsn1(ClientPrvKey_ptr,ClientPrvKeySize,ServerPubKey_ptr,ServerPubKeySize,Prime_ptr,PrimeSize,otherInfo_ptr,hashMode,tmpBuff_ptr,SecretKeyingData_ptr,SecretKeyingDataSize)\ + CRYS_DH_X942_GetSecretData((ClientPrvKey_ptr),(ClientPrvKeySize),(ServerPubKey_ptr),(ServerPubKeySize),(Prime_ptr),(PrimeSize),(otherInfo_ptr),(hashMode),(CRYS_DH_ASN1_Der_mode),(tmpBuff_ptr),(SecretKeyingData_ptr),(SecretKeyingDataSize)) +/*! +This macro implements the DH [ANSI X9.42] standard. It derives a secret key using the Derivation function based on concatenation of HASHed data. +For a description of the parameters see ::CRYS_DH_X942_GetSecretData.*/ +#define CRYS_DH_X942_GetSecretDataConcat(ClientPrvKey_ptr,ClientPrvKeySize,ServerPubKey_ptr,ServerPubKeySize,Prime_ptr,PrimeSize,otherInfo_ptr,hashMode,tmpBuff_ptr,SecretKeyingData_ptr,SecretKeyingDataSize)\ + CRYS_DH_X942_GetSecretData((ClientPrvKey_ptr),(ClientPrvKeySize),(ServerPubKey_ptr),(ServerPubKeySize),(Prime_ptr),(PrimeSize),(otherInfo_ptr),(hashMode),(CRYS_DH_Concat_Der_mode),(tmpBuff_ptr),(SecretKeyingData_ptr),(SecretKeyingDataSize)) + + +/****************************************************************/ +/*! +@brief The function computes shared secret data using two pairs of public and private keys: + +
  • SecretKey1 = ServerPubKey1^ClientPrvKey1 mod Prime.
    • +
  • SecretKey2 = ServerPubKey2^ClientPrvKey2 mod Prime.
+It uses the Derivation function to derive secret keying data from the two secret keys (values). +This function may be called directly, or by using macros ::CRYS_DH_X942_HybridGetSecretDataAsn1 and ::CRYS_DH_X942_HybridGetSecretDataConcat +described above. + +\note +
  • The "other info" argument and its AlgorithmID entry are mandatory only for ASN1 key derivation, and optional for the other derivation modes.
    • +If used, all entries of the structure should be initialized with relevant data and size, prior to calling this function +(entry size of empty fields must be set to 0). +
  • All buffers arguments are represented in Big-Endian form.
+ +@return CRYS_OK on success. +@return A non-zero value on failure as defined in crys_dh_error.h, crys_rsa_error.h or crys_hash_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_DH_X942_HybridGetSecretData( + uint8_t *ClientPrvKey_ptr1, /*!< [in] Pointer to the First Private key octet string number. */ + uint16_t ClientPrvKeySize1, /*!< [in] The First Private key Size (in bytes). */ + uint8_t *ClientPrvKey_ptr2, /*!< [in] Pointer to the Second Private key octet string. */ + uint16_t ClientPrvKeySize2, /*!< [in] The Second Private key Size (in bytes). */ + uint8_t *ServerPubKey_ptr1, /*!< [in] Pointer to the First Server public key octet string. */ + uint16_t ServerPubKeySize1, /*!< [in] The First Server Public key Size (in bytes). */ + uint8_t *ServerPubKey_ptr2, /*!< [in] Pointer to the Second Server public key octet string. */ + uint16_t ServerPubKeySize2, /*!< [in] The Second Server Public key Size (in bytes). */ + uint8_t *Prime_ptr, /*!< [in] Pointer to the Prime octet string. */ + uint16_t PrimeSize, /*!< [in] The size of the Prime string. */ + CRYS_DH_OtherInfo_t *otherInfo_ptr, /*!< [in] Pointer to structure containing optional other data, shared by two entities + sharing the secret keying data. */ + CRYS_DH_HASH_OpMode_t hashMode, /*!< [in] One of the supported SHA-x HASH modes. The supported modes are according to the supported + HASH modes for the product (and MD5 is not supported). */ + CRYS_DH_DerivationFunc_Mode DerivFunc_mode, /*!< [in] The type of function to use to derive the secret key to the key data. + ASN.1 or Concatenation modes are supported. */ + CRYS_DH_HybrTemp_t *tmpDhHybr_ptr, /*!< [in] Pointer to a CRYS_DH_Temp_t structure that contains temp buffers for + internal operations. */ + uint8_t *SecretKeyingData_ptr, /*!< [out] Pointer to the secret key octet string. This buffer should be at least + of size PrimeSize bytes. */ + uint16_t SecretKeyingDataSize /*!< [in] The required Secret Keying data size (in bytes). Must be larger than 0, + and smaller than CRYS_DH_MAX_SIZE_OF_KEYING_DATA. */ +); + + +/****************************************************************/ +/*! +This macro implements the DH [X9.42] standard deriving a hybrid secret key from two public-private pair of keys using the Derivation function based on ASN.1. +For a description of the parameters see ::CRYS_DH_X942_HybridGetSecretData.*/ +#define CRYS_DH_X942_HybridGetSecretDataAsn1(ClientPrvKey_ptr1,ClientPrvKeySize1,ClientPrvKey_ptr2,ClientPrvKeySize2,ServerPubKey_ptr1,ServerPubKeySize1,ServerPubKey_ptr2,ServerPubKeySize2,Prime_ptr,PrimeSize,otherInfo_ptr,hashFunc,tmpDhHybr_ptr,SecretKeyingData_ptr,SecretKeyingDataSize)\ + CRYS_DH_X942_HybridGetSecretData((ClientPrvKey_ptr1),(ClientPrvKeySize1),(ClientPrvKey_ptr2),(ClientPrvKeySize2),(ServerPubKey_ptr1),(ServerPubKeySize1),(ServerPubKey_ptr2),(ServerPubKeySize2),(Prime_ptr),(PrimeSize),(otherInfo_ptr),(hashFunc),CRYS_DH_ASN1_Der_mode,(tmpDhHybr_ptr),(SecretKeyingData_ptr),(SecretKeyingDataSize)) + +/*! +This macro implements the DH [X9.42] standard, deriving a hybrid secret key from two pairs of public-private keys, using the Derivation +function based on concatenation using SHA-x HASH. For a description of the parameters see ::CRYS_DH_X942_HybridGetSecretData. +*/ +#define CRYS_DH_X942_HybridGetSecretDataConcat(ClientPrvKey_ptr1,ClientPrvKeySize1,ClientPrvKey_ptr2,ClientPrvKeySize2,ServerPubKey_ptr1,ServerPubKeySize1,ServerPubKey_ptr2,ServerPubKeySize2,Prime_ptr,PrimeSize,otherInfo_ptr,hashFunc,tmpDhHybr_ptr,SecretKeyingData_ptr,SecretKeyingDataSize)\ + CRYS_DH_X942_HybridGetSecretData((ClientPrvKey_ptr1),(ClientPrvKeySize1),(ClientPrvKey_ptr2),(ClientPrvKeySize2),(ServerPubKey_ptr1),(ServerPubKeySize1),(ServerPubKey_ptr2),(ServerPubKeySize2),(Prime_ptr),(PrimeSize),(otherInfo_ptr),(hashFunc),CRYS_DH_Concat_Der_mode,(tmpDhHybr_ptr),(SecretKeyingData_ptr),(SecretKeyingDataSize)) + + +/******************************************************************************************/ +/*! +@brief The function checks the obtained DH public key according to its domain parameters [ANSI X9.42-2001] + +\note +Assuming: The DH domain parameters are valid. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined in crys_dh_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_DH_CheckPubKey( + uint8_t *modP_ptr, /*!< [in] The pointer to the modulus (prime) P. */ + uint32_t modPsizeBytes, /*!< [in] The modulus size in bytes. */ + uint8_t *orderQ_ptr, /*!< [in] The pointer to the prime order Q of generator. */ + uint32_t orderQsizeBytes, /*!< [in] The size of order of generator in bytes. */ + uint8_t *pubKey_ptr, /*!< [in] The pointer to the public key to be validated. */ + uint32_t pubKeySizeBytes, /*!< [in] The public key size in bytes. */ + CRYS_DH_Temp_t *tempBuff_ptr /*!< [in] The temp buffer for internal calculations. */ +); + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_dh_error.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_dh_error.h new file mode 100644 index 0000000..c9a7ff6 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_dh_error.h @@ -0,0 +1,158 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + +#ifndef CRYS_DH_ERROR_H +#define CRYS_DH_ERROR_H + + +#include "crys_error.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! +@file +@brief This file contains error codes definitions for CRYS DH module. +@defgroup crys_dh_error CryptoCell DH specific errors +@{ +@ingroup crys_dh +*/ +/************************ Defines ******************************/ +/* DH module on the CRYS layer base address - 0x00F00500 */ +/*! The CRYS DH module errors */ +/*! Illegal input pointer.*/ +#define CRYS_DH_INVALID_ARGUMENT_POINTER_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x0UL) +/*! Illegal input size.*/ +#define CRYS_DH_INVALID_ARGUMENT_SIZE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x1UL) +/*! Illegal operation mode.*/ +#define CRYS_DH_INVALID_ARGUMENT_OPERATION_MODE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x2UL) +/*! Illegal hash mode.*/ +#define CRYS_DH_INVALID_ARGUMENT_HASH_MODE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x3UL) + +/*! Illegal secret key data size. */ +#define CRYS_DH_SECRET_KEYING_DATA_SIZE_ILLEGAL_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x4UL) +/*! Illegal L input. */ +#define CRYS_DH_INVALID_L_ARGUMENT_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x5UL) +/*! Prime is smaller than generator. */ +#define CRYS_DH_ARGUMENT_PRIME_SMALLER_THAN_GENERATOR_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x6UL) +/*! Generator is smaller than zero. */ +#define CRYS_DH_ARGUMENT_GENERATOR_SMALLER_THAN_ZERO_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x7UL) +/*! Illegal private key size. */ +#define CRYS_DH_ARGUMENT_PRV_SIZE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x8UL) +/*! Illegal buffer size. */ +#define CRYS_DH_ARGUMENT_BUFFER_SIZE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x9UL) +/*! Invalid shared secret value. */ +#define CRYS_DH_INVALID_SHARED_SECRET_VALUE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0xAUL) +/*! DH is not supported. */ +#define CRYS_DH_IS_NOT_SUPPORTED (CRYS_DH_MODULE_ERROR_BASE + 0xFUL) +/*! Illegal X942 hybrid buffer size.*/ +#define CRYS_DH_X942_HYBRID_SIZE1_BUFFER_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x15UL) + +/*The requested derived secret key size is invalid*/ +/*! Illegal secret key size .*/ +#define CRYS_DH_SECRET_KEY_SIZE_NEEDED_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x16UL) +/*! Illegal output secret key size .*/ +#define CRYS_DH_SECRET_KEY_SIZE_OUTPUT_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x17UL) +/*! Illegal otherInfo size .*/ +#define CRYS_DH_OTHERINFO_SIZE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x18UL) + +/* DH domain and key generation and checking errors */ +/*! Illegal modulus size. */ +#define CRYS_DH_INVALID_MODULUS_SIZE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x20UL) +/*! Illegal order size. */ +#define CRYS_DH_INVALID_ORDER_SIZE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x21UL) +/*! Illegal seed size. */ +#define CRYS_DH_INVALID_SEED_SIZE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x22UL) +/*! Illegal J factor pointer size. */ +#define CRYS_DH_INVALID_J_FACTOR_PTR_OR_SIZE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x23UL) +/*! Illegal generator pointer or size. */ +#define CRYS_DH_INVALID_GENERATOR_PTR_OR_SIZE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x24UL) + +/*! Illegal domain primes. */ +#define CRYS_DH_CHECK_DOMAIN_PRIMES_NOT_VALID_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x25UL) +/*! Illegal domain generator. */ +#define CRYS_DH_CHECK_DOMAIN_GENERATOR_NOT_VALID_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x26UL) +/*! Illegal public key size. */ +#define CRYS_DH_INVALID_PUBLIC_KEY_SIZE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x27UL) +/*! Illegal public key. */ +#define CRYS_DH_CHECK_PUB_KEY_NOT_VALID_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x28UL) +/*! Illegal generator size or pointer. */ +#define CRYS_DH_CHECK_GENERATOR_SIZE_OR_PTR_NOT_VALID_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x29UL) +/*! Illegal seed size or pointer. */ +#define CRYS_DH_CHECK_SEED_SIZE_OR_PTR_NOT_VALID_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x2AUL) +/*! Illegal generator. */ +#define CRYS_DH_CHECK_GENERATOR_NOT_VALID_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x2BUL) +/*! Prime generation failed. */ +#define CRYS_DH_PRIME_P_GENERATION_FAILURE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x2CUL) +/*! Illegal public key. */ +#define CRYS_DH_INVALID_PUBLIC_KEY_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x2DUL) +/*! Illegal seed. */ +#define CRYS_DH_PASSED_INVALID_SEED_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x2EUL) +/*! Prime generation failed. */ +#define CRYS_DH_PRIME_Q_GENERATION_FAILURE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x2FUL) +/*! Internal PKI error */ +#define CRYS_DH_PKI_INTERNAL_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x30UL) + + + +/************************ Enums ********************************/ + + +/************************ Typedefs ****************************/ + + +/************************ Structs ******************************/ + + +/************************ Public Variables **********************/ + + +/************************ Public Functions **********************/ + + + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_dh_kg.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_dh_kg.h new file mode 100644 index 0000000..1565428 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_dh_kg.h @@ -0,0 +1,203 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + + +#ifndef _CRYS_DH_KG_H +#define _CRYS_DH_KG_H + + +#include "crys_dh.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! @file +@brief This module defines the API that supports Diffie-Hellman domain. +@defgroup crys_dh_kg CryptoCell DH Key Generation APIs +@{ +@ingroup crys_dh +*/ + +/************************ Defines ******************************/ +/*! Minimal size of DH seed in bytes. */ +#define CRYS_DH_SEED_MIN_SIZE_IN_BYTES CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES +/*! Minimal size of DH seed in bits. */ +#define CRYS_DH_SEED_MIN_SIZE_IN_BITS (CRYS_DH_SEED_MIN_SIZE_IN_BYTES * 8) + +/************************ Enums ********************************/ + + +/************************ Typedefs ****************************/ + +/* temp buffers, used in different DH KG functions */ + +/*! Temporary data buffer structure for domain parameters generation in DH. */ +typedef struct CRYS_DHKGData_t +{ + /* The aligned input and output temp buffers */ + /*! Temporary buffer. */ + uint32_t TempBuff1[CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS]; + /*! Temporary buffer. */ + uint32_t TempBuff2[CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS]; + /*! Temporary buffer. */ + uint32_t TempBuff3[CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS]; + /*! Temporary buffer. */ + uint32_t TempBuff4[CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS]; + /*! Temporary buffer. */ + uint32_t TempBuff5[CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS]; + /*! Temporary buffer. */ + uint32_t TempBuff6[CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS]; + /*! Temporary buffer. */ + CRYS_DH_Temp_t ExpTemps; +}CRYS_DHKGData_t; + +/*! Temporary buffer structure . */ +typedef struct CRYS_DHKG_CheckTemp_t +{ + /*! Temporary buffer. */ + uint32_t CheckTempBuff[3*CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS]; + /*! Temporary buffer. */ + CRYS_DHKGData_t DhKgBuff; +}CRYS_DHKG_CheckTemp_t; + +/*! DH Domain generation values definitions */ +/*! Minimal modulus size for X942 - 1024.*/ +#define DH_X942_PRIME_MOD_MIN_VAL 1024 +/*! Maximal modulus size for X942 - 2048.*/ +#define DH_X942_PRIME_MOD_MAX_VAL 2048 +/*! PGeneration counter for X942 - 4096.*/ +#define DH_X942_PGEN_COUNTER_CONST 4096 +/*! HASH size in bits for X942 - 160.*/ +#define DH_X942_HASH_SIZE_BITS 160 +/*! Maximal allowed ratio between modulus and generator order sizes (by implementation) */ +#define DH_MAX_RATIO_MODULO_TO_ORDER 4 + +/************************ Structs ******************************/ + +/************************ Public Variables **********************/ + +/************************ Public Functions **********************/ + + +/******************************************************************************************/ +/*! +@brief This function generates DH domain parameters in Galois prime field according to standard [ANS X9.42]. +It receives the required sizes (in bits) of the modulus, the generator's order, and the seed, and then generates +the prime modulus and the generator according to given sizes. +If generateSeed argument is set to 1, the function generates and outputs the random seed. Otherwise (if set to 0), +the seed has to be passed as an input argument. According to implementation the seed should be not greate, than (2^seedSizeBits - 2^32). +The seed and some additional parameters, generated by the function (factorJ, pgenCounter), are used for checking +that all domain parameters are generated according to the standard and not forged. +\note All buffer parameters should be in Big-Endian form. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_dh_error.h, crys_rnd_error.h or crys_hash_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_DH_CreateDomainParams( + void *rndState_ptr, /*!< [in/out] Pointer to the RND state structure. */ + SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to a random vector generation function. */ + uint32_t modPsizeBits, /*!< [in] Size of the modulus (Prime) in bits equal 256*n, where n >= 4. FIPS 186-4 + defines sizes 1024 and 2048 bit. */ + uint32_t orderQsizeBits, /*!< [in] Size of the Generator's order in bits. FIPS 186-4 defines orderQSizeBits = 160 + for modulus 1024 bit and 224 or 256 bit for modPSizeBits = 2048. We not recommend + sizes > 256 and returns an error if orderQSizeBits > modPSizeBits/4 */ + uint32_t seedSizeBits, /*!< [in] Seed size in bits. Requirements: modPSizeBits >= seedSizeBits >= orderQSizeBits + (the first is required by our implementation). */ + uint8_t *modP_ptr, /*!< [out] Pointer to the modulus (prime) buffer. The size of the buffer for output + generated value must be no less than given modulus size. */ + uint8_t *orderQ_ptr, /*!< [out] Pointer to the order Q of generator. The size of the buffer for output generated + value must be no less than the given order size. */ + uint8_t *generatorG_ptr, /*!< [out] Pointer to the generator of multiplicative subgroup in GF(P). + If the user does not need this output, then both the pointer and the buffer size + must be set to 0. */ + uint32_t *generGsizeBytes_ptr, /*!< [in/out] Pointer to the one word buffer for outputting the generator's size. + The passed size (if needed) must be not less than modulus size and the function + returns the actual size of the generator. */ + uint8_t *factorJ_ptr, /*!< [out] Pointer to the buffer for integer factor J. If NULL, the function does not output + this parameter (in this case JsizeBytes_ptr also must be set to NULL, else the function + returns an error). */ + uint32_t *JsizeBytes_ptr, /*!< [in/out] Pointer to the size of integer factor J. If NULL, the function does not output + this parameter. */ + uint8_t *seedS_ptr, /*!< [in/out] Random seed used for prime generation. The size of the buffer must be + at least the seed size. */ + int8_t generateSeed, /*!< [in] Flag, defining whether the seed should be generated randomly by the function + (1) or is passed by the user (0). */ + uint32_t *pgenCounter_ptr, /*!< [out] Pointer to counter of tries to generate the primes. If NULL, the function does not + output this parameter. */ + CRYS_DHKGData_t *DHKGbuff_ptr /*!< [out] The temp buffer of defined structure for internal calculations. */ +); + + +/******************************************************************************************/ +/*! +@brief This function receives DH domain parameters, seed and prime generation counter and then verifies +that the domain was created according to the standard [ANS X9.42]. +According to implementation, the value of the user passed seed should be not +greate, than (2^seedSizeBits - 2^32), otherwise an error is returned. +\note All buffer parameters should be in Big-Endian form. For more detailed +description of the parameters see ::CRYS_DH_CreateDomainParams. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_dh_error.h, crys_rnd_error.h or crys_hash_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_DH_CheckDomainParams( + void *rndState_ptr, /*!< [in/out] Pointer to the RND state. */ + SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in/out] Pointer to the RND Generate vector function pointer. */ + uint8_t *modP_ptr, /*!< [in] Pointer to the modulus (Prime). */ + uint32_t modPsizeBytes, /*!< [in] Size of the modulus (Prime) in bytes. */ + uint8_t *orderQ_ptr, /*!< [in] Pointer to the order Q of generator. The size of the buffer for output + generated value must be no less than the order size. */ + uint32_t orderQsizeBytes, /*!< [in] Size of the Generator's order in bytes. */ + uint8_t *generatorG_ptr, /*!< [in] Pointer to the generator of the multiplicative subgroup in GF(P). */ + uint32_t generatorSizeBytes, /*!< [in] Size of the generator in bytes. */ + uint8_t *seedS_ptr, /*!< [in] Random seed used for prime generation. */ + uint32_t seedSizeBits, /*!< [in] Seed size in bits. */ + uint32_t pgenCounter, /*!< [in] Counter of prime generation attempts. */ + CRYS_DHKG_CheckTemp_t *checkTempBuff_ptr /*!< [in] Temporary buffer for internal calculations. */ + +); + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ec_edw_api.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ec_edw_api.h new file mode 100644 index 0000000..6d54471 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ec_edw_api.h @@ -0,0 +1,201 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + +#ifndef CRYS_EC_EDW_API_H +#define CRYS_EC_EDW_API_H + +#include "ssi_pal_types.h" +#include "crys_hash.h" +#include "crys_rnd.h" +#include "crys_pka_defs_hw.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/*! +@defgroup cryptocell_ec CryptoCell EC 25519 curve APIs +@{ +@ingroup cryptocell_api +@brief This group is the cryptocell EC 25519 curve root group +@} + +@file +@brief This file contains the CRYS APIs used for EC EDW (Edwards) ed25519 algorithms. +@defgroup crys_ec_edw CryptoCell EC Edwards APIs +@{ +@ingroup cryptocell_ec + +\note Algorithms of Montgomery and Edwards elliptic curves cryptography were developed by + Daniel.J.Bernstein. +*/ + +/*! EC Edwards ed25519 modulus and order sizes in bits, words and bytes. */ +/*! EC Edwards modulus size in bits. */ +#define CRYS_ECEDW_MOD_SIZE_IN_BITS 255U /*!<\internal MOD - EC Edw modulus size*/ +/*! EC Edwards order size in bits. */ +#define CRYS_ECEDW_ORD_SIZE_IN_BITS 255U /*!<\internal ORD - EC Edw generator order size*/ +/*! EC Edwards nodulus size in words. */ +#define CRYS_ECEDW_MOD_SIZE_IN_32BIT_WORDS ((CRYS_ECEDW_MOD_SIZE_IN_BITS + SASI_BITS_IN_32BIT_WORD - 1) / SASI_BITS_IN_32BIT_WORD) +/*! EC Edwards modulus size in bytes. */ +#define CRYS_ECEDW_MOD_SIZE_IN_BYTES (CRYS_ECEDW_MOD_SIZE_IN_32BIT_WORDS * SASI_32BIT_WORD_SIZE) +/*! EC Edwards order size in words. */ +#define CRYS_ECEDW_ORD_SIZE_IN_32BIT_WORDS ((CRYS_ECEDW_ORD_SIZE_IN_BITS + SASI_BITS_IN_32BIT_WORD - 1) / SASI_BITS_IN_32BIT_WORD) +/*! EC Edwards order size in bytes. */ +#define CRYS_ECEDW_ORD_SIZE_IN_BYTES (CRYS_ECEDW_ORD_SIZE_IN_32BIT_WORDS * SASI_32BIT_WORD_SIZE) + +/*! Constant sizes of special EC_MONT buffers and arrays */ +/*! EC Edwards seed size in bytes. */ +#define CRYS_ECEDW_SEED_BYTES CRYS_ECEDW_MOD_SIZE_IN_BYTES +/*! EC Edwards secret key size in bytes. */ +#define CRYS_ECEDW_SECRET_KEY_BYTES (2 * CRYS_ECEDW_MOD_SIZE_IN_BYTES) +/*! EC Edwards signatue size in bytes. */ +#define CRYS_ECEDW_SIGNATURE_BYTES (2 * CRYS_ECEDW_ORD_SIZE_IN_BYTES) +/*! EC Edwards scalar size in bytes. */ +#define CRYS_ECEDW_SCALAR_BYTES CRYS_ECEDW_ORD_SIZE_IN_BYTES +/*! EC Edwards scalar multiplication size in bytes. */ +#define CRYS_ECEDW_SCALARMULT_BYTES CRYS_ECEDW_MOD_SIZE_IN_BYTES + +/*! EC_EDW temp buffer size definition. */ +#define CRYS_ECEDW_TEMP_BUFF_SIZE_IN_32BIT_WORD (10*CRYS_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_WORDS + (sizeof(CRYS_HASHUserContext_t)+SASI_32BIT_WORD_SIZE-1)/SASI_32BIT_WORD_SIZE) + +/*! EC_EDW temp buffer type definition. */ +typedef struct { + /*! Internal buffer. */ + uint32_t buff[CRYS_ECEDW_TEMP_BUFF_SIZE_IN_32BIT_WORD]; +} CRYS_ECEDW_TempBuff_t; + + +/******************************************************************************/ +/*! +@brief The function creates EC Edwards signature on the message. +\note Used detached form of signature, separated from the message. + Implemented algorithm of Bernstein D. etc. sign ed25519. + +@return CRYS_OK on success, +@return A non-zero value on failure as defined crys_ec_mont_edw_error.h or crys_hash_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_ECEDW_Sign ( + uint8_t *pSign, /*!< [out] Pointer to the detached signature. */ + size_t *pSignSize, /*!< [in/out] Pointer to the total size of the signature ; + In - the buffer size, which (must be at least 2*EC order size); + Out - the actual size of output data. */ + const uint8_t *pMsg, /*!< [in] Pointer to the message. */ + size_t msgSize, /*!< [in] Message size in bytes: must be less, than + (CRYS_HASH_UPDATE_DATA_MAX_SIZE_IN_BYTES - 2*(EC_EDW modulus size)). */ + const uint8_t *pSignSecrKey, /*!< [in] Pointer to the signer secret key (seed || pulKey) */ + size_t secrKeySize, /*!< [in] Size of signer secret key in bytes: (must be 2*EC order size). */ + CRYS_ECEDW_TempBuff_t *pTempBuff /*!< [in] Pointer to the temp buffer. */); + + + +/******************************************************************************/ +/*! +@brief The function verifies the EC Edwards ed25519 signature on the message. +\note The input signature is in detached form, i.e. separated from the message. + +@return CRYS_OK on success, +@return A non-zero value on failure as defined crys_ec_mont_edw_error.h or crys_hash_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_ECEDW_Verify( + const uint8_t *pSign, /*!< [in] Pointer to detached signature, i.e. the + signature is separated from the message. */ + size_t signSize, /*!< [in] Size of the signature in bytes, it must be + equal to two EC Order size in bytes. */ + const uint8_t *pSignPublKey, /*!< [in] Pointer to signer public key. */ + size_t publKeySize, /*!< [in] Size of the signer public key in bytes; must be + equal to EC modulus size. */ + uint8_t *pMsg, /*!< [in] Pointer to the message. */ + size_t msgSize, /*!< [in] Pointer to the message size in bytes. Must be less than + (CRYS_HASH_UPDATE_DATA_MAX_SIZE_IN_BYTES - 2*(EC_EDW modulus size)). */ + CRYS_ECEDW_TempBuff_t *pTempBuff /*!< [in] Pointer to the temp buffer, for internal use. */); + + +/******************************************************************************/ +/*! +@brief The function randomly generates Ec ed25519 private and public keys + using given seed. + The generation is performed using EC Edwards ed25519 algorithm. + +@return CRYS_OK on success, +@return A non-zero value on failure as defined crys_ec_mont_edw_error.h or crys_hash_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_ECEDW_SeedKeyPair ( + const uint8_t *pSeed, /*!< [in] Pointer to the given seed. */ + size_t seedSize, /*!< [in] Size of the seed in bytes, must be equal the EC order size + in bytes. */ + uint8_t *pSecrKey, /*!< [out] Pointer to the secret key, including the seed, concatenated + with the public key. */ + size_t *pSecrKeySize, /*!< [in/out] Pointer to the size of the secret key buffer in bytes + (must be at least 2*EC order size). */ + uint8_t *pPublKey, /*!< [out] Pointer to the public key. */ + size_t *pPublKeySize, /*!< [in/out] Pointer to the size of the public key in bytes. + In - the size of buffer must be at least EC modulus size; + Out - the actual size. */ + CRYS_ECEDW_TempBuff_t *pTempBuff /*!< [in] Pointer to the temp buffer, for internal use. */); + +/*******************************************************************/ +/*! + @brief The function randomly generates the EC Edwards ed25519 private and + public keys. + The generation is performed using EC Edwards ed25519 algorithm. + +@return CRYS_OK on success, +@return A non-zero value on failure as defined crys_ec_mont_edw_error.h, crys_hash_error.h or crys_rnd_error. +*/ +CIMPORT_C CRYSError_t CRYS_ECEDW_KeyPair ( + uint8_t *pSecrKey, /*!< [out] Pointer to the secret key (including seed and public key). */ + size_t *pSecrKeySize, /*!< [in/out] Pointer to the size of the secret key in bytes, + (must be at least 2*EC order size). */ + uint8_t *pPublKey, /*!< [out] Pointer to the public key. */ + size_t *pPublKeySize, /*!< [in/out] - Pointer to the size of the public key in bytes. + In - the size of buffer must be at least EC modulus size; + Out - the actual size. */ + void *pRndState, /*!< [in/out] Pointer to the RND state structure. */ + SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to the random vector generation function. */ + CRYS_ECEDW_TempBuff_t *pTempBuff /*!< [in] Pointer to the temp buffer. */); + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif + + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ec_mont_api.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ec_mont_api.h new file mode 100644 index 0000000..57ab9d7 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ec_mont_api.h @@ -0,0 +1,213 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + +#ifndef CRYS_ECMONT_API_H +#define CRYS_ECMONT_API_H + +#include "ssi_pal_types.h" +#include "crys_rnd.h" +#include "crys_pka_defs_hw.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/*! +@file +@brief This file contains the CRYS APIs used for EC MONT (Montgomery Curve25519) algorithms. +@defgroup crys_ec_mont CryptoCell EC Montgomery APIs +@{ +@ingroup cryptocell_ec + + +\note Implemented algorithms according to Montgomery elliptic curves cryptography, + developed by Daniel J.Bernstein etc. +*/ + +/*! EC Montgomery curve25519 modulus size in bits, words and bytes */ +/*! EC Montgomery modulus size in bits. */ +#define CRYS_ECMONT_MOD_SIZE_IN_BITS 255U +/*! EC Montgomery modulus size in words. */ +#define CRYS_ECMONT_MOD_SIZE_IN_32BIT_WORDS ((CRYS_ECMONT_MOD_SIZE_IN_BITS + SASI_BITS_IN_32BIT_WORD - 1) / SASI_BITS_IN_32BIT_WORD) +/*! EC Montgomery modulus size in bytes. */ +#define CRYS_ECMONT_MOD_SIZE_IN_BYTES ((CRYS_ECMONT_MOD_SIZE_IN_BITS + SASI_BITS_IN_32BIT_WORD - 1) / sizeof(uint32_t)) + +/*! Constant sizes of special EC_MONT buffers and arrays */ +/*! EC Montgomery scalar size in bytes. */ +#define CRYS_ECMONT_SCALARBYTES (CRYS_ECMONT_MOD_SIZE_IN_32BIT_WORDS * SASI_32BIT_WORD_SIZE) +/*! EC Montgomery scalar multiplication size in bytes. */ +#define CRYS_ECMONT_SCALARMULTBYTES (CRYS_ECMONT_MOD_SIZE_IN_32BIT_WORDS * SASI_32BIT_WORD_SIZE) +/*! EC Montgomery scalar seed size in bytes. */ +#define CRYS_ECMONT_SEEDBYTES (CRYS_ECMONT_MOD_SIZE_IN_32BIT_WORDS * SASI_32BIT_WORD_SIZE) + +/*! EC Montgomery domains ID-s enumerator. */ +typedef enum { + CRYS_ECMONT_DOMAIN_CURVE_25519, /*!< EC Curve25519. */ + /*! EC Montgomery last domain. */ + CRYS_ECMONT_DOMAIN_OFF_MODE, + /*! Reserved. */ + CRYS_ECMONT_DOMAIN_LAST = 0x7FFFFFFF +}CRYS_ECMONT_DomainId_t; + + +/*! EC_MONT scalar mult temp buffer type definition */ +typedef struct { + /*! Internal temporary buffer. */ + uint32_t ecMontScalarMultTempBuff[CRYS_EC_MONT_TEMP_BUFF_SIZE_IN_32BIT_WORDS]; // set needed +} CRYS_ECMONT_ScalrMultTempBuff_t; + +/*! EC_MONT temp buffer type definition */ +typedef struct { + /* Don't change sequence order of the buffers */ + /*! Internal temporary buffer. */ + uint32_t ecMontScalar[CRYS_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_WORDS]; + /*! Internal temporary buffer. */ + uint32_t ecMontResPoint[CRYS_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_WORDS]; + /*! Internal temporary buffer. */ + uint32_t ecMontInPoint[CRYS_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_WORDS]; + /*! Internal temporary buffer. */ + CRYS_ECMONT_ScalrMultTempBuff_t ecMontScalrMultTempBuff; // if needed +} CRYS_ECMONT_TempBuff_t; + + +/*********************************************************************/ +/*! +@brief The function performs EC Montgomery (Curve25519) scalar multiplication: + resPoint = scalar * point. + +@return CRYS_OK on success, +@return A non-zero value on failure as defined crys_ec_mont_edw_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_ECMONT_Scalarmult( + uint8_t *pResPoint, /*!< [out] Pointer to the public (secret) key. */ + size_t *pResPointSize, /*!< [in/out] Pointer to the size of the public key in bytes. + In - the size of the buffer. must be at least EC modulus + size (for curve25519 - 32 bytes). + Out - the actual size. */ + const uint8_t *pScalar, /*!< [in] Pointer to the secret (private) key. */ + size_t scalarSize, /*!< [in] Pointer to the size of the secret key in bytes; + must be equal to EC order size (for curve25519 - 32 bytes). */ + const uint8_t *pInPoint, /*!< [in] Pointer to the input point (compressed). */ + size_t inPointSize, /*!< [in] Size of the point - must be equal to CRYS_ECMONT_MOD_SIZE_IN_BYTES. */ + CRYS_ECMONT_TempBuff_t *pEcMontTempBuff /*!< [in] Pointer to temp buffer, for internal use. */); + + +/*********************************************************************/ +/*! +@brief The function performs EC Montgomery (Curve25519) scalar multiplication of base point: + res = scalar * base_point. + + Note: all byte arrays have LE order of bytes, i.e. LS byte is on left most place. + +@return CRYS_OK on success, +@return A non-zero value on failure as defined crys_ec_mont_edw_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_ECMONT_ScalarmultBase( + uint8_t *pResPoint, /*!< [out] Pointer to the public (secret) key. */ + size_t *pResPointSize, /*!< [in/out] Pointer to the size of the public key in bytes. + In - the size of buffer must be at least EC modulus size + (for curve25519 - 32 bytes); + Out - the actual size. */ + const uint8_t *pScalar, /*!< [in] Pointer to the secret (private) key. */ + size_t scalarSize, /*!< [in] Pointer to the size of the scalar in bytes - + must be equal to EC order size (for curve25519 - 32 bytes). */ + CRYS_ECMONT_TempBuff_t *pEcMontTempBuff /*!< [in] Pointer to temp buffer, for internal use. */); + + +/*******************************************************************/ +/*! +@brief The function randomly generates private and public keys for Montgomery + Curve25519. + + +\note
  • All byte arrays are in LE order of bytes, i.e. LS byte is on the left most place.
    • +
  • LS and MS bits of the Secret key are set according to EC Montgomery scalar mult. algorithm: + secrKey[0] &= 248; secrKey[31] &= 127; secrKey[31] |= 64;
+ +@return CRYS_OK on success, +@return A non-zero value on failure as defined crys_ec_mont_edw_error.h or crys_rnd_error.h. + +*/ +CIMPORT_C CRYSError_t CRYS_ECMONT_KeyPair ( + uint8_t *pPublKey, /*!< [out] Pointer to the public key. */ + size_t *pPublKeySize, /*!< [in/out] Pointer to the size of the public key in bytes. + In - the size of the buffer must be at least EC order size + (for curve25519 - 32 bytes); + Out - the actual size. */ + uint8_t *pSecrKey, /*!< [out] Pointer to the secret key, including. */ + size_t *pSecrKeySize, /*!< [in/out] Pointer to the size of buffer for the secret key in bytes - + must be at least EC order size (for curve25519 - 32 bytes). */ + void *pRndState, /*!< [in/out] Pointer to the RND state structure. */ + SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to the random vector generation function. */ + CRYS_ECMONT_TempBuff_t *pEcMontTempBuff /*!< [in] Pointer to the temp buffer, for internal use. */); + + +/*******************************************************************/ +/*! +@brief The function generates private and public keys for Montgomery algorithms. + + The generation performed using given seed. + + +@return CRYS_OK on success, +@return A non-zero value on failure as defined crys_ec_mont_edw_error.h or crys_hash_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_ECMONT_SeedKeyPair ( + uint8_t *pPublKey, /*!< [out] Pointer to the public (secret) key. */ + size_t *pPublKeySize, /*!< [in/out] Pointer to the size of the public key in bytes. + In - the size of buffer must be at least EC order size + (for curve25519 - 32 bytes); + Out - the actual size. */ + uint8_t *pSecrKey, /*!< [out] Pointer to the secret (private) key. */ + size_t *pSecrKeySize, /*!< [in/out] Pointer to the size of the secret key in bytes + In - the size of buffer must be at least EC order size + (for curve25519 - 32 bytes); + Out - the actual size. */ + const uint8_t *pSeed, /*!< [in] Pointer to the given seed - 32 bytes. */ + size_t seedSize, /*!< [in/] Size of the seed in bytes (must be equal to CRYS_ECMONT_SEEDBYTES). */ + CRYS_ECMONT_TempBuff_t *pEcMontTempBuff /*!< [in] Pointer to a temp buffer, for internal use. */); + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif + + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ec_mont_edw_error.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ec_mont_edw_error.h new file mode 100644 index 0000000..5b76d2c --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ec_mont_edw_error.h @@ -0,0 +1,114 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +#ifndef CRYS_EC_MONT_EDW_ERROR_H +#define CRYS_EC_MONT_EDW_ERROR_H + +/*! +@file +@brief This module containes the definitions of the CRYS ECC-25519 errors. +@defgroup crys_ecmontedw_error CryptoCell ECC-25519 errors +@{ +@ingroup cryptocell_ec +*/ + +#include "crys_error.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/************************ Defines ******************************/ + +/********************************************************************************************************** + * CRYS EC Montgomery-Edwards MODULE ERRORS base address - 0x00F02300 * + **********************************************************************************************************/ +/*! Illegal input pointer */ +#define CRYS_ECEDW_INVALID_INPUT_POINTER_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x00UL) +/*! Illegal input size */ +#define CRYS_ECEDW_INVALID_INPUT_SIZE_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x01UL) +/*! Illegal scalar size */ +#define CRYS_ECEDW_INVALID_SCALAR_SIZE_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x02UL) +/*! Illegal scalar data */ +#define CRYS_ECEDW_INVALID_SCALAR_DATA_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x03UL) +/*! Invalid RND context pointer */ +#define CRYS_ECEDW_RND_CONTEXT_PTR_INVALID_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x04UL) +/*! Invalid RND generate vector functions pointer */ +#define CRYS_ECEDW_RND_GEN_VECTOR_FUNC_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x05UL) +/*! Signing or verification operation failed */ +#define CRYS_ECEDW_SIGN_VERIFY_FAILED_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x20UL) +/*! Illegal input pointer */ +#define CRYS_ECMONT_INVALID_INPUT_POINTER_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x30UL) +/*! Illegal input size */ +#define CRYS_ECMONT_INVALID_INPUT_SIZE_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x31UL) +/*! Illegal domain id */ +#define CRYS_ECMONT_INVALID_DOMAIN_ID_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x32UL) +/*! Internal PKI error */ +#define CRYS_ECEDW_PKI_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x33UL) +/*! Internal PKI error */ +#define CRYS_ECMONT_PKI_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x34UL) + + +/************************************************************************************************************ + * NOT SUPPORTED MODULES ERROR IDs * + ************************************************************************************************************/ +/*! EC montgomery is not supported */ +#define CRYS_ECMONT_IS_NOT_SUPPORTED (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0xFEUL) +/*! EC edwards is not supported */ +#define CRYS_ECEDW_IS_NOT_SUPPORTED (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0xFFUL) + + + +/************************ Enums ********************************/ + +/************************ Typedefs ****************************/ + +/************************ Structs ******************************/ + +/************************ Public Variables **********************/ + +/************************ Public Functions **********************/ + +#ifdef __cplusplus +} +#endif +/** +@} +*/ +#endif + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ecpki_build.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ecpki_build.h new file mode 100644 index 0000000..72391ab --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ecpki_build.h @@ -0,0 +1,207 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +#ifndef CRYS_ECPKI_BUILD_H +#define CRYS_ECPKI_BUILD_H + +/*! +@defgroup cryptocell_ecpki CryptoCell ECC APIs +@{ +@ingroup cryptocell_api +@brief This group is the cryptocell ECC root group +@} + +@file +@brief This module defines functions for building key structures used in Elliptic Curves Cryptography (ECC). +@defgroup crys_ecpki_build CryptoCell key build for ECC APIs +@{ +@ingroup cryptocell_ecpki +*/ + + +#include "crys_error.h" +#include "crys_ecpki_types.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/********************************************************************************** + * CRYS_ECPKI_BuildPrivKey function * + **********************************************************************************/ +/*! +@brief Builds (imports) the user private key structure from an existing private key so +that this structure can be used by other EC primitives. +This function should be called before using of the private key. Input +domain structure must be initialized by EC parameters and auxiliary +values, using CRYS_ECPKI_GetDomain or CRYS_ECPKI_SetDomain functions. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_ecpki_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_ECPKI_BuildPrivKey( + const CRYS_ECPKI_Domain_t *pDomain, /*!< [in] The EC domain (curve). */ + const uint8_t *pPrivKeyIn, /*!< [in] Pointer to private key data. */ + uint32_t PrivKeySizeInBytes, /*!< [in] Size of private key data (in bytes). */ + CRYS_ECPKI_UserPrivKey_t *pUserPrivKey /*!< [out] Pointer to the private key structure. + This structure is used as input to the ECPKI cryptographic primitives. */ + ); + +/********************************************************************************** + * _DX_ECPKI_BuildPublKey function * + **********************************************************************************/ +/*! +@brief Builds a user public key structure from an imported public key, +so it can be used by other EC primitives. +When operating the EC cryptographic algorithms with imported EC public +key, this function should be called before using of the public key. + +\note The Incoming public key PublKeyIn structure is big endian bytes array, containing +concatenation of PC||X||Y, where: +
  • PC - point control single byte, defining the type of point: 0x4 - uncompressed, +06,07 - hybrid, 2,3 - compressed.
    • +
  • X,Y - EC point coordinates of public key (y is omitted in compressed form), +size of X and Y must be equal to size of EC modulus.
+ +The user may call this function by appropriate macros, according to necessary validation level [SEC1. ECC standard: 3.2, ANS X9.62]: +
  • Checking the input pointers and sizes only - ::CRYS_ECPKI_BuildPublKey.
    • +
  • Partially checking of public key - ::CRYS_ECPKI_BuildPublKeyPartlyCheck.
    • +
  • Full checking of public key - ::CRYS_ECPKI_BuildPublKeyFullCheck.
+ +\note Full check mode takes long time and should be used when it is actually needed. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_ecpki_error.h. +*/ +/* +The function performs the following operations: +- Checks validity of incoming variables and pointers; +- Converts incoming key data from big endian into little endian; +- If public key is given in compressed form (i.e. byte[0] = 2 or 3 and + coordinate Y is omitted), then the function uncompress it; +- Performs checking of input key according to CheckMode parameter. +- Initializes variables and structures. +*/ +CIMPORT_C CRYSError_t _DX_ECPKI_BuildPublKey( + const CRYS_ECPKI_Domain_t *pDomain, /*!< [in] The EC domain (curve). */ + uint8_t *PublKeyIn_ptr, /*!< [in] Pointer to the input public key data, in compressed or + uncompressed or hybrid form: + [PC||X||Y] Big-Endian representation, structured according to + [IEEE1363], where: +
  • X and Y are the public key's EC point coordinates. + In compressed form, Y is omitted.
    • +
  • The sizes of X and Y are equal to the size of the EC modulus.
    • +
  • PC is a one-byte point control that defines the type of point + compression.
*/ + uint32_t PublKeySizeInBytes, /*!< [in] The size of public key data (in bytes). */ + EC_PublKeyCheckMode_t CheckMode, /*!< [in] The required level of public key verification + (higher verification level means longer verification time): +
  • 0 = preliminary validation.
    • +
  • 1 = partial validation.
    • +
  • 2 = full validation.
*/ + CRYS_ECPKI_UserPublKey_t *pUserPublKey, /*!< [out] Pointer to the output public key structure. + This structure is used as input to the ECPKI cryptographic primitives. */ + CRYS_ECPKI_BUILD_TempData_t *pTempBuff /*!< [in] Pointer for a temporary buffer required for the build function. */ + ); + + +/********************************************************************************** + * CRYS_ECPKI_BuildPublKey macro * + **********************************************************************************/ +/*! +@brief This macro calls _DX_ECPKI_BuildPublKey function for building the public key +while checking input pointers and sizes. For a description of the parameters see ::_DX_ECPKI_BuildPublKey. +*/ +#define CRYS_ECPKI_BuildPublKey(pDomain, PublKeyIn_ptr, PublKeySizeInBytes, pUserPublKey) \ + _DX_ECPKI_BuildPublKey((pDomain), (PublKeyIn_ptr), (PublKeySizeInBytes), CheckPointersAndSizesOnly, (pUserPublKey), NULL) + + +/********************************************************************************** + * CRYS_ECPKI_BuildPublKeyPartlyCheck macro * + **********************************************************************************/ +/*! +@brief This macro calls _DX_ECPKI_BuildPublKey function for building the public key with partial validation of the key [SEC1] - 3.2.3. +For a description of the parameters see ::_DX_ECPKI_BuildPublKey. +*/ +#define CRYS_ECPKI_BuildPublKeyPartlyCheck(pDomain, PublKeyIn_ptr, PublKeySizeInBytes, pUserPublKey, pTempBuff) \ + _DX_ECPKI_BuildPublKey((pDomain), (PublKeyIn_ptr), (PublKeySizeInBytes), ECpublKeyPartlyCheck, (pUserPublKey), (pTempBuff)) + + +/********************************************************************************** + * CRYS_ECPKI_BuildPublKeyFullCheck macro * + **********************************************************************************/ +/*! +@brief This macro calls _DX_ECPKI_BuildPublKey function for building the public key with full validation of the key [SEC1] - 3.2.2. +For a description of the parameters and return values see _DX_ECPKI_BuildPublKey. +*/ +#define CRYS_ECPKI_BuildPublKeyFullCheck(pDomain, PublKeyIn_ptr, PublKeySizeInBytes, pUserPublKey, pTempBuff) \ + _DX_ECPKI_BuildPublKey((pDomain), (PublKeyIn_ptr), (PublKeySizeInBytes), (ECpublKeyFullCheck), (pUserPublKey), (pTempBuff)) + + +/*********************************************************************************** + * CRYS_ECPKI_ExportPublKey function * + ***********************************************************************************/ +/*! +@brief Converts an existing public key from internal representation to Big-Endian export representation. +The function converts the X,Y coordinates of public key EC point to big endianness, +and sets the public key as follows: +
  • In case "Uncompressed" point: PubKey = PC||X||Y, PC = 0x4 - single byte;
    • +
  • In case of "Hybrid" key PC = 0x6.
    • +
  • In case of "Compressed" key PC = 0x2.
+\note Size of output X and Y coordinates is equal to ModSizeInBytes. +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_ecpki_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_ECPKI_ExportPublKey( + CRYS_ECPKI_UserPublKey_t *pUserPublKey, /*!< [in] Pointer to the input public key structure (in Little-Endian form). */ + CRYS_ECPKI_PointCompression_t compression, /*!< [in] Compression mode: Compressed, Uncompressed or Hybrid. */ + uint8_t *pExternPublKey, /*!< [out] Pointer to the exported public key array, in compressed or uncompressed + or hybrid form: + [PC||X||Y] Big-Endian representation, structured according to [IEEE1363]. + In compressed form, Y is omitted. */ + uint32_t *pPublKeySizeBytes /*!< [in/out] Pointer used for the input of the user public key buffer size + (in bytes), and the output of the size of the converted public key in bytes. */ + ); + + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ecpki_dh.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ecpki_dh.h new file mode 100644 index 0000000..b95abe5 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ecpki_dh.h @@ -0,0 +1,90 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + +#ifndef CRYS_ECPKI_DH_H +#define CRYS_ECPKI_DH_H + +/*! @file +@brief Defines the API that supports EC Diffie-Hellman shared secret value derivation primitives. +@defgroup crys_ecpki_dh CryptoCell ECC Diffie-Hellman APIs +@{ +@ingroup cryptocell_ecpki +*/ + + +#include "crys_ecpki_types.h" +#include "crys_ecpki_error.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*********************************************************************** + * CRYS_ECDH_SVDP_DH function * + ***********************************************************************/ +/*! +@brief Creates the shared secret value according to [IEEE1363, ANS X9.63]: + +
  1. Checks input-parameter pointers and EC Domain in public and private +keys.
    2. +
  2. Derives the partner public key and calls the EcWrstDhDeriveSharedSecret +function, which performs EC SVDP operations.
+\note The term "User" +refers to any party that calculates a shared secret value using this primitive. +The term "Partner" refers to any other party of shared secret value calculation. +Partner's public key shall be validated before using in this primitive. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_ecpki_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_ECDH_SVDP_DH( + CRYS_ECPKI_UserPublKey_t *PartnerPublKey_ptr, /*!< [in] Pointer to a partner public key. */ + CRYS_ECPKI_UserPrivKey_t *UserPrivKey_ptr, /*!< [in] Pointer to a user private key. */ + uint8_t *SharedSecretValue_ptr, /*!< [out] Pointer to an output buffer that will contain the shared + secret value. */ + uint32_t *SharedSecrValSize_ptr, /*!< [in/out] Pointer to the size of user-passed buffer (in) and + actual size of output of calculated shared secret value + (out). */ + CRYS_ECDH_TempData_t *TempBuff_ptr /*!< [in] Pointer to a temporary buffer. */); + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ecpki_domain.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ecpki_domain.h new file mode 100644 index 0000000..8475d52 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ecpki_domain.h @@ -0,0 +1,80 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + +#ifndef CRYS_ECPKI_DOMAIN_H +#define CRYS_ECPKI_DOMAIN_H + + +/*! +@file +@brief Defines the ecpki build domain API. +@defgroup crys_ecpki_domain CryptoCell ECC domain APIs +@{ +@ingroup cryptocell_ecpki +*/ + + +#include "crys_error.h" +#include "crys_ecpki_types.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + + + +/********************************************************************************** + * CRYS_ECPKI_GetEcDomain function * + **********************************************************************************/ + +/*! + * @brief The function returns a pointer to an ECDSA saved domain (one of the supported domains). + * + * @return Domain pointer on success. + * @return NULL on failure. + */ + +const CRYS_ECPKI_Domain_t *CRYS_ECPKI_GetEcDomain(CRYS_ECPKI_DomainID_t domainId /*!< [in] Index of one of the domain Id (must be one of the supported domains). */); + +#ifdef __cplusplus +} +#endif +/** +@} +*/ +#endif diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ecpki_ecdsa.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ecpki_ecdsa.h new file mode 100644 index 0000000..02db31d --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ecpki_ecdsa.h @@ -0,0 +1,139 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + +#ifndef CRYS_ECPKI_ECDSA_H +#define CRYS_ECPKI_ECDSA_H + +/*! +@file +@brief Defines the APIs that support the ECDSA functions. +@defgroup crys_ecpki_ecdsa CryptoCell ECDSA APIs +@{ +@ingroup cryptocell_ecpki +*/ + +#include "crys_error.h" +#include "crys_ecpki_types.h" +#include "crys_hash.h" +#include "crys_rnd.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + + +/************************************************************************** + * CRYS_ECDSA_Sign - integrated function + **************************************************************************/ +/*! +@brief This function performs an ECDSA sign operation in integrated form. + +\note +Using of HASH functions with HASH size greater than EC modulus size, is not recommended!. +Algorithm according [ANS X9.62] standard. + +The message data may be either a non-hashed data or a digest of a hash function. +For a non-hashed data, the message data will be hashed using the hash function indicated by ::CRYS_ECPKI_HASH_OpMode_t. +For a digest, ::CRYS_ECPKI_HASH_OpMode_t should indicate the hash function that the message data was created by, and it will not be hashed. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_ecpki_error.h, crys_hash_error.h or crys_rnd_error.h. +**/ +CIMPORT_C CRYSError_t CRYS_ECDSA_Sign( + void *rndState_ptr, /*!< [in/out] Pointer to the RND state structure. */ + SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to the random vector generation function. */ + CRYS_ECDSA_SignUserContext_t *pSignUserContext, /*!< [in/out] Pointer to the user buffer for signing the database. */ + CRYS_ECPKI_UserPrivKey_t *pSignerPrivKey, /*!< [in] A pointer to a user private key structure. */ + CRYS_ECPKI_HASH_OpMode_t hashMode, /*!< [in] One of the supported SHA-x HASH modes, as defined in + ::CRYS_ECPKI_HASH_OpMode_t. + \note MD5 is not supported. */ + uint8_t *pMessageDataIn, /*!< [in] Pointer to the input data to be signed. + The size of the scatter/gather list representing the data buffer + is limited to 128 entries, and the size of each entry is limited + to 64KB (fragments larger than 64KB are broken into + fragments <= 64KB). */ + uint32_t messageSizeInBytes, /*!< [in] Size of message data in bytes. */ + uint8_t *pSignatureOut, /*!< [in] Pointer to a buffer for output of signature. */ + uint32_t *pSignatureOutSize /*!< [in/out] Pointer to the signature size. Used to pass the size of + the SignatureOut buffer (in), which must be >= 2 + * OrderSizeInBytes. When the API returns, + it is replaced with the size of the actual signature (out). */ + ); + + + +/************************************************************************** + * CRYS_ECDSA_Verify integrated function + **************************************************************************/ +/*! +@brief This function performs an ECDSA verify operation in integrated form. +Algorithm according [ANS X9.62] standard. + +The message data may be either a non-hashed data or a digest of a hash function. +For a non-hashed data, the message data will be hashed using the hash function indicated by ::CRYS_ECPKI_HASH_OpMode_t. +For a digest, ::CRYS_ECPKI_HASH_OpMode_t should indicate the hash function that the message data was created by, and it will not be hashed. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_ecpki_error.h or crys_hash_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_ECDSA_Verify ( + CRYS_ECDSA_VerifyUserContext_t *pVerifyUserContext, /*!< [in] Pointer to the user buffer for signing the database. */ + CRYS_ECPKI_UserPublKey_t *pUserPublKey, /*!< [in] Pointer to a user public key structure. */ + CRYS_ECPKI_HASH_OpMode_t hashMode, /*!< [in] One of the supported SHA-x HASH modes, as defined in + ::CRYS_ECPKI_HASH_OpMode_t. + \note MD5 is not supported. */ + uint8_t *pSignatureIn, /*!< [in] Pointer to the signature to be verified. */ + uint32_t SignatureSizeBytes, /*!< [in] Size of the signature (in bytes). */ + uint8_t *pMessageDataIn, /*!< [in] Pointer to the input data that was signed (same as given to + the signing function). The size of the scatter/gather list representing + the data buffer is limited to 128 entries, and the size of each entry is + limited to 64KB (fragments larger than 64KB are broken into fragments <= 64KB). */ + uint32_t messageSizeInBytes /*!< [in] Size of the input data (in bytes). */ + ); + + +/**********************************************************************************************************/ + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ecpki_error.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ecpki_error.h new file mode 100644 index 0000000..9eb141d --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ecpki_error.h @@ -0,0 +1,303 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + +#ifndef CRYS_ECPKI_ERROR_H +#define CRYS_ECPKI_ERROR_H + + +/*! +@file +@brief This module contains the definitions of the CRYS ECPKI errors. +@defgroup crys_ecpki_error CryptoCell ECC specific errors +@{ +@ingroup cryptocell_ecpki +*/ + +#include "crys_error.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/************************ Defines ******************************/ + +/* CRYS_ECPKI_MODULE_ERROR_BASE = 0x00F00800 */ + +/********************************************************************************************* + * CRYS ECPKI MODULE ERRORS * + *********************************************************************************************/ +/*! Illegal domain ID. */ +#define CRYS_ECPKI_ILLEGAL_DOMAIN_ID_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x1UL) +/*! Illegal domain pointer. */ +#define CRYS_ECPKI_DOMAIN_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x2UL) +/* The CRYS ECPKI GEN KEY PAIR module errors */ +/*! Illegal private key pointer. */ +#define CRYS_ECPKI_GEN_KEY_INVALID_PRIVATE_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x3UL) +/*! Illegal public key pointer. */ +#define CRYS_ECPKI_GEN_KEY_INVALID_PUBLIC_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x4UL) +/*! Illegal temporary buffer pointer. */ +#define CRYS_ECPKI_GEN_KEY_INVALID_TEMP_DATA_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x5UL) +/*! Illegal RND context pointer. */ +#define CRYS_ECPKI_RND_CONTEXT_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x6UL) + +/************************************************************************************************************ +* The CRYS ECPKI BUILD KEYS MODULE ERRORS * +*************************************************************************************************************/ +/*! Illegal compression mode. */ +#define CRYS_ECPKI_BUILD_KEY_INVALID_COMPRESSION_MODE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x07UL) +/*! Illegal domain ID. */ +#define CRYS_ECPKI_BUILD_KEY_ILLEGAL_DOMAIN_ID_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x08UL) +/*! Illegal private key pointer. */ +#define CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_IN_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x09UL) +/*! Illegal private key structure pointer. */ +#define CRYS_ECPKI_BUILD_KEY_INVALID_USER_PRIV_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x0AUL) +/*! Illegal private key size. */ +#define CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_SIZE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x0BUL) +/*! Illegal private key data. */ +#define CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_DATA_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x0CUL) +/*! Illegal public key pointer. */ +#define CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_IN_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x0DUL) +/*! Illegal public key structure pointer. */ +#define CRYS_ECPKI_BUILD_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x0EUL) +/*! Illegal public key size. */ +#define CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_SIZE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x0FUL) +/*! Illegal public key data. */ +#define CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_DATA_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x10UL) +/*! Illegal EC build check mode option. */ +#define CRYS_ECPKI_BUILD_KEY_INVALID_CHECK_MODE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x11UL) +/*! Illegal temporary buffer pointer. */ +#define CRYS_ECPKI_BUILD_KEY_INVALID_TEMP_BUFF_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x12UL) + +/* The CRYS ECPKI EXPORT PUBLIC KEY MODULE ERRORS */ +/*! Illegal public key structure pointer. */ +#define CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x14UL) +/*! Illegal public key compression mode. */ +#define CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_COMPRESSION_MODE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x15UL) +/*! Illegal output public key pointer. */ +#define CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_EXTERN_PUBL_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x16UL) +/*! Illegal output public key size pointer. */ +#define CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x17UL) +/*! Illegal output public key size. */ +#define CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x18UL) +/*! Illegal domain ID. */ +#define CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_DOMAIN_ID_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x19UL) +/*! Validation of public key failed. */ +#define CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_VALIDATION_TAG_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x1AUL) +/*! Validation of public key failed. */ +#define CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_DATA_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x1BUL) + +/* The CRYS ECPKI BUILD ECC DOMAIN ERRORS */ +/*! Illegal domain ID. */ +#define CRYS_ECPKI_BUILD_DOMAIN_ID_IS_NOT_VALID_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x20UL) +/*! Illegal domain ID pointer. */ +#define CRYS_ECPKI_BUILD_DOMAIN_DOMAIN_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x21UL) +/*! Illegal domain parameter pointer. */ +#define CRYS_ECPKI_BUILD_DOMAIN_EC_PARAMETR_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x22UL) +/*! Illegal domain parameter size. */ +#define CRYS_ECPKI_BUILD_DOMAIN_EC_PARAMETR_SIZE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x23UL) +/*! Illegal domain cofactor parameters. */ +#define CRYS_ECPKI_BUILD_DOMAIN_COFACTOR_PARAMS_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x24UL) +/*! Insufficient strength. */ +#define CRYS_ECPKI_BUILD_DOMAIN_SECURITY_STRENGTH_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x25UL) +/*! SCA resistance error. */ +#define CRYS_ECPKI_BUILD_SCA_RESIST_ILLEGAL_MODE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x26UL) + + +/*! Internal PKI error */ +#define CRYS_ECPKI_PKI_INTERNAL_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x30UL) + +/************************************************************************************************************ + * CRYS EC DIFFIE-HELLMAN MODULE ERRORS +*************************************************************************************************************/ +/* The CRYS EC SVDP_DH Function errors */ +/*! Illegal partner's public key pointer. */ +#define CRYS_ECDH_SVDP_DH_INVALID_PARTNER_PUBL_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x31UL) +/*! Partner's public key validation failed. */ +#define CRYS_ECDH_SVDP_DH_PARTNER_PUBL_KEY_VALID_TAG_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x32UL) +/*! Illegal user private key pointer. */ +#define CRYS_ECDH_SVDP_DH_INVALID_USER_PRIV_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x33UL) +/*! Private key validation failed. */ +#define CRYS_ECDH_SVDP_DH_USER_PRIV_KEY_VALID_TAG_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x34UL) +/*! Illegal shared secret pointer. */ +#define CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x35UL) +/*! Illegal temporary buffer pointer. */ +#define CRYS_ECDH_SVDP_DH_INVALID_TEMP_DATA_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x36UL) +/*! Illegal shared secret size pointer. */ +#define CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x37UL) +/*! Illegal shared secret size. */ +#define CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x38UL) +/*! Illegal domain ID. */ +#define CRYS_ECDH_SVDP_DH_ILLEGAL_DOMAIN_ID_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x39UL) +/*! Illegal private and public domain ID are different. */ +#define CRYS_ECDH_SVDP_DH_NOT_CONCENT_PUBL_AND_PRIV_DOMAIN_ID_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x3AUL) + + +/************************************************************************************************************ + * CRYS ECDSA MODULE ERRORS + ************************************************************************************************************/ +/* The CRYS ECDSA Signing errors */ +/*! Illegal domain ID. */ +#define CRYS_ECDSA_SIGN_INVALID_DOMAIN_ID_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x50UL) +/*! Illegal context pointer. */ +#define CRYS_ECDSA_SIGN_INVALID_USER_CONTEXT_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x51UL) +/*! Illegal private key pointer. */ +#define CRYS_ECDSA_SIGN_INVALID_USER_PRIV_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x52UL) +/*! Illegal hash operation mode. */ +#define CRYS_ECDSA_SIGN_ILLEGAL_HASH_OP_MODE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x53UL) +/*! Illegal data in pointer. */ +#define CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x54UL) +/*! Illegal data in size. */ +#define CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_SIZE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x55UL) +/*! Context validation failed. */ +#define CRYS_ECDSA_SIGN_USER_CONTEXT_VALIDATION_TAG_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x57UL) +/*! User's private key validation failed. */ +#define CRYS_ECDSA_SIGN_USER_PRIV_KEY_VALIDATION_TAG_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x58UL) +/*! Illegal signature pointer. */ +#define CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x60UL) +/*! Illegal signature size pointer. */ +#define CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x61UL) +/*! Illegal signature size. */ +#define CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x62UL) +/*! Ephemeral key error. */ +#define CRYS_ECDSA_SIGN_INVALID_IS_EPHEMER_KEY_INTERNAL_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x63UL) +/*! Illegal ephemeral key pointer. */ +#define CRYS_ECDSA_SIGN_INVALID_EPHEMERAL_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x64UL) +/*! Illegal RND context pointer. */ +#define CRYS_ECDSA_SIGN_INVALID_RND_CONTEXT_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x65UL) +/*! Illegal RND function pointer. */ +#define CRYS_ECDSA_SIGN_INVALID_RND_FUNCTION_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x66UL) +/*! Signature calculation failed. */ +#define CRYS_ECDSA_SIGN_SIGNING_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x67UL) + +/* The CRYS ECDSA Verifying errors */ +/*! Illegal domain ID. */ +#define CRYS_ECDSA_VERIFY_INVALID_DOMAIN_ID_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x70UL) +/*! Illegal user's context pointer. */ +#define CRYS_ECDSA_VERIFY_INVALID_USER_CONTEXT_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x71UL) +/*! Illegal public key pointer. */ +#define CRYS_ECDSA_VERIFY_INVALID_SIGNER_PUBL_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x72UL) +/*! Illegal hash operation mode. */ +#define CRYS_ECDSA_VERIFY_ILLEGAL_HASH_OP_MODE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x73UL) +/*! Illegal signature pointer. */ +#define CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_IN_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x76UL) +/*! Illegal signature size. */ +#define CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_SIZE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x77UL) +/*! Illegal data in pointer. */ +#define CRYS_ECDSA_VERIFY_INVALID_MESSAGE_DATA_IN_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x80UL) +/*! Illegal data in size. */ +#define CRYS_ECDSA_VERIFY_INVALID_MESSAGE_DATA_IN_SIZE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x81UL) +/*! Context validation failed. */ +#define CRYS_ECDSA_VERIFY_USER_CONTEXT_VALIDATION_TAG_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x82UL) +/*! public key validation failed. */ +#define CRYS_ECDSA_VERIFY_SIGNER_PUBL_KEY_VALIDATION_TAG_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x83UL) +/*! Verification failed. */ +#define CRYS_ECDSA_VERIFY_INCONSISTENT_VERIFY_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x84UL) + +/*! Illegal parameters. */ +#define CRYS_ECC_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xD3UL) +/*! Illegal hash mode. */ +#define CRYS_ECC_ILLEGAL_HASH_MODE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xE0UL) + + +/************************************************************************************************************ + * CRYS ECPKI MODULE COMMON ERRORS +*************************************************************************************************************/ +/*! Illegal RND function pointer. */ +#define CRYS_ECPKI_INVALID_RND_FUNC_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x90UL) +/*! Illegal RND context pointer. */ +#define CRYS_ECPKI_INVALID_RND_CTX_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x91UL) +/*! Illegal domain ID. */ +#define CRYS_ECPKI_INVALID_DOMAIN_ID_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x92UL) +/*! Private key validation failed. */ +#define CRYS_ECPKI_INVALID_PRIV_KEY_TAG_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x93UL) +/*! Public key validation failed. */ +#define CRYS_ECPKI_INVALID_PUBL_KEY_TAG_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x94UL) +/*! Illegal data in. */ +#define CRYS_ECPKI_INVALID_DATA_IN_PASSED_STRUCT_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x95UL) + +/************************************************************************************************************ + * CRYS ECIES MODULE ERRORS +*************************************************************************************************************/ +/*! Illegal public key pointer. */ +#define CRYS_ECIES_INVALID_PUBL_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xE0UL) +/*! Public key validation failed. */ +#define CRYS_ECIES_INVALID_PUBL_KEY_TAG_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xE1UL) +/*! Illegal private key pointer. */ +#define CRYS_ECIES_INVALID_PRIV_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xE2UL) +/*! Private key validation failed. */ +#define CRYS_ECIES_INVALID_PRIV_KEY_TAG_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xE3UL) +/*! Illegal private key value. */ +#define CRYS_ECIES_INVALID_PRIV_KEY_VALUE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xE4UL) +/*! Illegal KDF derivation mode. */ +#define CRYS_ECIES_INVALID_KDF_DERIV_MODE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xE5UL) +/*! Illegal KDF hash mode. */ +#define CRYS_ECIES_INVALID_KDF_HASH_MODE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xE6UL) +/*! Illegal secret key pointer. */ +#define CRYS_ECIES_INVALID_SECRET_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xE7UL) +/*! Illegal secret key size. */ +#define CRYS_ECIES_INVALID_SECRET_KEY_SIZE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xE8UL) +/*! Illegal cipher data pointer. */ +#define CRYS_ECIES_INVALID_CIPHER_DATA_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xE9UL) +/*! Illegal cipher data size pointer. */ +#define CRYS_ECIES_INVALID_CIPHER_DATA_SIZE_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xEAUL) +/*! Illegal cipher data size. */ +#define CRYS_ECIES_INVALID_CIPHER_DATA_SIZE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xEBUL) +/*! Illegal temporary buffer pointer. */ +#define CRYS_ECIES_INVALID_TEMP_DATA_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xECUL) +/*! Illegal ephemeral key pointer */ +#define CRYS_ECIES_INVALID_EPHEM_KEY_PAIR_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xEDUL) + +/************************ Enums ********************************/ + +/************************ Typedefs ****************************/ + +/************************ Structs ******************************/ + +/************************ Public Variables **********************/ + +/************************ Public Functions **********************/ + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ecpki_kg.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ecpki_kg.h new file mode 100644 index 0000000..10fcd49 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ecpki_kg.h @@ -0,0 +1,88 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + +#ifndef CRYS_ECPKI_KG_H +#define CRYS_ECPKI_KG_H + +/*! @file +@brief Defines the API for generation of ECC private and public keys. +@defgroup crys_ecpki_kg CryptoCell ECC Key Generation APIs +@{ +@ingroup cryptocell_ecpki +*/ + + +#include "crys_error.h" +#include "crys_rnd.h" +#include "crys_ecpki_types.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/***************** CRYS_ECPKI_GenKeyPair function **********************/ +/*! +@brief Generates a pair of private and public keys in internal representation according to [ANS X9.62]. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_ecpki_error.h or crys_rnd_error.h +*/ +CIMPORT_C CRYSError_t CRYS_ECPKI_GenKeyPair( + void *rndState_ptr, /*!< [in/out] Pointer to the RND state structure. */ + SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to the random vector generation function. */ + const CRYS_ECPKI_Domain_t *pDomain, /*!< [in] Pointer to EC domain (curve). */ + CRYS_ECPKI_UserPrivKey_t *pUserPrivKey, /*!< [out] Pointer to the private key structure. This structure is used as input to the + ECPKI cryptographic primitives. */ + CRYS_ECPKI_UserPublKey_t *pUserPublKey, /*!< [out] Pointer to the public key structure. This structure is used as input to the + ECPKI cryptographic primitives. */ + CRYS_ECPKI_KG_TempData_t *pTempData, /*!< [in] Temporary buffers for internal use, defined in ::CRYS_ECPKI_KG_TempData_t. */ + CRYS_ECPKI_KG_FipsContext_t *pFipsCtx /*!< [in] Pointer to temporary buffer used in case FIPS certification if required. */ +); + + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif + + + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ecpki_types.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ecpki_types.h new file mode 100644 index 0000000..2b4ee2c --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_ecpki_types.h @@ -0,0 +1,478 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + +#ifndef CRYS_ECPKI_TYPES_H +#define CRYS_ECPKI_TYPES_H + +/*! +@file +@brief Contains all of the enums and definitions that are used for the CRYS ECPKI APIs. +@defgroup crys_ecpki_types CryptoCell ECC specific types +@{ +@ingroup cryptocell_ecpki +*/ + +#include "ssi_pal_types_plat.h" +#include "crys_hash.h" +#include "crys_pka_defs_hw.h" +#include "ssi_pal_compiler.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/************************ Defines ******************************/ +/*! Internal buffer size in words. */ +#define CRYS_PKA_DOMAIN_LLF_BUFF_SIZE_IN_WORDS (10 + 3*CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS) + +/************************************************************************************** + * Enumerators + ***************************************************************************************/ + +/*------------------------------------------------------------------*/ +/*! Enumerator for the EC Domain idetifier + References: [13] - SEC 2: Recommended elliptic curve domain parameters. + Version 1.0. Certicom 2000. + [8] - WAP-261-WTLS-20010406-a, Version 06-April-2001. */ + +typedef enum +{ + /* For prime field */ + CRYS_ECPKI_DomainID_secp160k1, /*!< EC secp160r1 */ + CRYS_ECPKI_DomainID_secp160r1, /*!< EC secp160k1 */ + CRYS_ECPKI_DomainID_secp160r2, /*!< EC secp160r2 */ + CRYS_ECPKI_DomainID_secp192k1, /*!< EC secp192k1 */ + CRYS_ECPKI_DomainID_secp192r1, /*!< EC secp192r1 */ + CRYS_ECPKI_DomainID_secp224k1, /*!< EC secp224k1 */ + CRYS_ECPKI_DomainID_secp224r1, /*!< EC secp224r1 */ + CRYS_ECPKI_DomainID_secp256k1, /*!< EC secp256k1 */ + CRYS_ECPKI_DomainID_secp256r1, /*!< EC secp256r1 */ + CRYS_ECPKI_DomainID_secp384r1, /*!< EC secp384r1 */ + CRYS_ECPKI_DomainID_secp521r1, /*!< EC secp521r1 */ + + CRYS_ECPKI_DomainID_Builded, /*!< User given, not identified. */ + CRYS_ECPKI_DomainID_OffMode, /*!< Reserved.*/ + + CRYS_ECPKI_DomainIDLast = 0x7FFFFFFF, /*! Reserved.*/ + +}CRYS_ECPKI_DomainID_t; + + +/*------------------------------------------------------------------*/ +/*! Defines the enum for the HASH operation mode. + * The enumerator defines 6 HASH modes according to IEEE 1363. + * + */ +typedef enum +{ + CRYS_ECPKI_HASH_SHA1_mode = 0, /*!< The message data will be hashed with SHA1. */ + CRYS_ECPKI_HASH_SHA224_mode = 1, /*!< The message data will be hashed with SHA224. */ + CRYS_ECPKI_HASH_SHA256_mode = 2, /*!< The message data will be hashed with SHA256. */ + CRYS_ECPKI_HASH_SHA384_mode = 3, /*!< The message data will be hashed with SHA384. */ + CRYS_ECPKI_HASH_SHA512_mode = 4, /*!< The message data will be hashed with SHA512. */ + + CRYS_ECPKI_AFTER_HASH_SHA1_mode = 5, /*!< The message data is a digest of SHA1 and will not be hashed. */ + CRYS_ECPKI_AFTER_HASH_SHA224_mode = 6, /*!< The message data is a digest of SHA224 and will not be hashed. */ + CRYS_ECPKI_AFTER_HASH_SHA256_mode = 7, /*!< The message data is a digest of SHA256 and will not be hashed. */ + CRYS_ECPKI_AFTER_HASH_SHA384_mode = 8, /*!< The message data is a digest of SHA384 and will not be hashed. */ + CRYS_ECPKI_AFTER_HASH_SHA512_mode = 9, /*!< The message data is a digest of SHA512 and will not be hashed. */ + + + CRYS_ECPKI_HASH_NumOfModes, /*!< Maximal number of HASH modes. */ + CRYS_ECPKI_HASH_OpModeLast = 0x7FFFFFFF, /*!< Reserved. */ + +}CRYS_ECPKI_HASH_OpMode_t; + + +/*---------------------------------------------------*/ +/*! Enumerator for the EC point compression idetifier. */ +typedef enum +{ + CRYS_EC_PointCompressed = 2, /*!< Compressed point. */ + CRYS_EC_PointUncompressed = 4, /*!< Uncompressed point. */ + CRYS_EC_PointContWrong = 5, /*!< Wrong Point Control value. */ + CRYS_EC_PointHybrid = 6, /*!< Hybrid point. */ + + CRYS_EC_PointCompresOffMode = 8, /*!< Reserved. */ + + CRYS_ECPKI_PointCompressionLast= 0x7FFFFFFF, /*!< Reserved. */ + +}CRYS_ECPKI_PointCompression_t; + + +/*! EC key checks defintions. */ +typedef enum { + CheckPointersAndSizesOnly = 0, /*!< Only preliminary input parameters are checked. */ + ECpublKeyPartlyCheck = 1, /*!< Preliminary input parameters check and verify that EC PubKey point is on the curve. */ + ECpublKeyFullCheck = 2, /*!< All the above and in addition verifies that EC_GeneratorOrder*PubKey = O */ + + PublKeyChecingOffMode, /*! Reserved. */ + EC_PublKeyCheckModeLast = 0x7FFFFFFF, /*! Reserved. */ +}EC_PublKeyCheckMode_t; + +/*----------------------------------------------------*/ +/*! Defintion of sw SCA protection. */ +typedef enum { + SCAP_Inactive, /*! Inactive.*/ + SCAP_Active, /*! Active.*/ + SCAP_OFF_MODE, /*! Reserved. */ + SCAP_LAST = 0x7FFFFFFF /*! Reserved. */ +} CRYS_ECPKI_ScaProtection_t; + + +/************************************************************************************** + * EC Domain structure definition + ***************************************************************************************/ + +/*! The structure containing the EC domain parameters in little-endian form + EC equation: Y^2 = X^3 + A*X + B over prime fild GFp. */ +typedef struct { + + /*! EC modulus: P. */ + uint32_t ecP [CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! EC equation parameter a. */ + uint32_t ecA [CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! EC equation parameter b. */ + uint32_t ecB [CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! Order of generator. */ + uint32_t ecR [CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS + 1]; + /*! EC cofactor EC_Cofactor_K + Generator (EC base point) coordinates in projective form. */ + uint32_t ecGx [CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! EC cofactor EC_Cofactor_K + Generator (EC base point) coordinates in projective form. */ + uint32_t ecGy [CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! EC cofactor EC_Cofactor_K + Generator (EC base point) coordinates in projective form. */ + uint32_t ecH; + /*! Specific fields that are used by the low level.*/ + uint32_t llfBuff[CRYS_PKA_DOMAIN_LLF_BUFF_SIZE_IN_WORDS]; + /*! Size of fields in bits. */ + uint32_t modSizeInBits; + /*! Order size in bits. */ + uint32_t ordSizeInBits; + /*! Size of each inserted Barret tag in words; 0 - if not inserted.*/ + uint32_t barrTagSizeInWords; + /*! EC Domain identifier.*/ + CRYS_ECPKI_DomainID_t DomainID; + + /*! Internal buffer. */ + int8_t name[20]; + +} CRYS_ECPKI_Domain_t; + + + +/************************************************************************************** + * EC point structures definitions + ***************************************************************************************/ + +/*! The structure containing the EC point in affine coordinates + and little endian form. */ +typedef struct +{ + /*! Point coordinate X. */ + uint32_t x[CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! Point coordinate Y. */ + uint32_t y[CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + +}CRYS_ECPKI_PointAffine_t; + + +/************************************************************************************** + * ECPKI public and private key Structures + ***************************************************************************************/ + +/* --------------------------------------------------------------------- */ +/* .................. The public key structures definitions ............ */ +/* --------------------------------------------------------------------- */ + +/*! The structure containing the Public Key in affine coordinates.*/ +typedef struct +{ + /*! Public Key coordinate X.*/ + uint32_t x[CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! Public Key coordinate Y.*/ + uint32_t y[CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! EC Domain.*/ + CRYS_ECPKI_Domain_t domain; + /*! Point type.*/ + uint32_t pointType; +} CRYS_ECPKI_PublKey_t; + +/*! The EC public key's user structure prototype. This structure must be saved by the user, and is used as input to the ECC functions +(such as ::CRYS_ECDSA_Verify etc.). */ +typedef struct CRYS_ECPKI_UserPublKey_t +{ + /*! Validation tag.*/ + uint32_t valid_tag; + /*! Public key data. */ + uint32_t PublKeyDbBuff[(sizeof(CRYS_ECPKI_PublKey_t)+3)/4]; + +} CRYS_ECPKI_UserPublKey_t; + + +/* --------------------------------------------------------------------- */ +/* .................. The private key structures definitions ........... */ +/* --------------------------------------------------------------------- */ + +/*! Structure containing the Private key data. */ +typedef struct +{ + /*! Private Key data. */ + uint32_t PrivKey[CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS + 1]; + /*! Domain. */ + CRYS_ECPKI_Domain_t domain; + /*! SCA protection mode. */ + CRYS_ECPKI_ScaProtection_t scaProtection; + +}CRYS_ECPKI_PrivKey_t; + + +/*! The EC private key's user structure prototype. This structure must be saved by the user, and is used as input to the ECC functions +(such as ::CRYS_ECDSA_Sign etc.). */ +typedef struct CRYS_ECPKI_UserPrivKey_t +{ + /*! Validation tag. */ + uint32_t valid_tag; + /*! Private key data. */ + uint32_t PrivKeyDbBuff[(sizeof(CRYS_ECPKI_PrivKey_t)+3)/4]; + +} CRYS_ECPKI_UserPrivKey_t; + +/*! ECDH temporary data type */ +typedef struct CRYS_ECDH_TempData_t +{ + /*! Temporary buffers. */ + uint32_t crysEcdhIntBuff[CRYS_PKA_ECDH_BUFF_MAX_LENGTH_IN_WORDS]; +}CRYS_ECDH_TempData_t; + +/*! EC build temporary data. */ +typedef struct CRYS_ECPKI_BUILD_TempData_t +{ + /*! Temporary buffers. */ + uint32_t crysBuildTmpIntBuff[CRYS_PKA_ECPKI_BUILD_TMP_BUFF_MAX_LENGTH_IN_WORDS]; +}CRYS_ECPKI_BUILD_TempData_t; + + + +/************************************************************************** + * CRYS ECDSA context structures + **************************************************************************/ + +/* --------------------------------------------------------------------- */ +/* CRYS ECDSA Signing context structure */ +/* --------------------------------------------------------------------- */ +/*! Internal buffer used in the signing process. */ +typedef uint32_t CRYS_ECDSA_SignIntBuff[CRYS_PKA_ECDSA_SIGN_BUFF_MAX_LENGTH_IN_WORDS]; + +/*! Context definition for Signing operation. */ +typedef struct +{ + /*! Private Key data. */ + CRYS_ECPKI_UserPrivKey_t ECDSA_SignerPrivKey; + + /*! HASH context. */ + CRYS_HASHUserContext_t hashUserCtxBuff; + /*! HASH result buffer. */ + CRYS_HASH_Result_t hashResult; + /*! HASH result size in words. */ + uint32_t hashResultSizeWords; + /*! HASH mode. */ + CRYS_ECPKI_HASH_OpMode_t hashMode; + /*! Internal buffer. */ + CRYS_ECDSA_SignIntBuff crysEcdsaSignIntBuff; +}ECDSA_SignContext_t; + + +/* --------------------------------------------------------------------- */ +/* CRYS ECDSA Signing User context database */ +/* --------------------------------------------------------------------- */ + +/*! User's context definition for signing operation. The context saves the state of the operation and must be saved by the user + till the end of the APIs flow */ +typedef struct CRYS_ECDSA_SignUserContext_t +{ + /*! Signing process data. */ + uint32_t context_buff [(sizeof(ECDSA_SignContext_t)+3)/4]; + /*! Validation tag*/ + uint32_t valid_tag; +} CRYS_ECDSA_SignUserContext_t; + + + +/****************************************************************************/ + +/* --------------------------------------------------------------------- */ +/* CRYS ECDSA Verifying context structure */ +/* --------------------------------------------------------------------- */ +/*! Internal buffer used in the verification process. */ +typedef uint32_t CRYS_ECDSA_VerifyIntBuff[CRYS_PKA_ECDSA_VERIFY_BUFF_MAX_LENGTH_IN_WORDS]; + +/*! Context definition for verification operation. */ +typedef struct +{ + /*! Public key data. */ + CRYS_ECPKI_UserPublKey_t ECDSA_SignerPublKey; + + /*! HASH context. */ + CRYS_HASHUserContext_t hashUserCtxBuff; + /*! HASH result. */ + CRYS_HASH_Result_t hashResult; + /*! HASH result size in words. */ + uint32_t hashResultSizeWords; + /*! HASH mode. */ + CRYS_ECPKI_HASH_OpMode_t hashMode; + /*! Internal buffer. */ + CRYS_ECDSA_VerifyIntBuff crysEcdsaVerIntBuff; + +}ECDSA_VerifyContext_t; + + +/* --------------------------------------------------------------------- */ +/* CRYS ECDSA Verifying User context database */ +/* --------------------------------------------------------------------- */ +/*! User's context definition for verification operation. The context saves the state of the operation and must be saved by the user + till the end of the APIs flow */ +typedef struct CRYS_ECDSA_VerifyUserContext_t +{ + /*! Verification process data. */ + uint32_t context_buff[(sizeof(ECDSA_VerifyContext_t)+3)/4]; + /*! Validation tag. */ + uint32_t valid_tag; +}CRYS_ECDSA_VerifyUserContext_t; + + + + +/* --------------------------------------------------------------------- */ +/* .................. key generation temp buffer ........... */ +/* --------------------------------------------------------------------- */ + +/*! ECPKI KG temporary data type */ +typedef struct CRYS_ECPKI_KG_TempData_t +{ + /*! Internal buffer. */ + uint32_t crysKGIntBuff[CRYS_PKA_KG_BUFF_MAX_LENGTH_IN_WORDS]; +}CRYS_ECPKI_KG_TempData_t; + +/*! ECIES temporary data definition. */ +typedef struct CRYS_ECIES_TempData_t { + + /*! Private key data. */ + CRYS_ECPKI_UserPrivKey_t PrivKey; + /*! Public key data. */ + CRYS_ECPKI_UserPublKey_t PublKey; + /*! Internal buffer. */ + uint32_t zz[3*CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS + 1]; + /*! Internal buffers. */ + union { + CRYS_ECPKI_BUILD_TempData_t buildTempbuff; + CRYS_ECPKI_KG_TempData_t KgTempBuff; + CRYS_ECDH_TempData_t DhTempBuff; + } tmp; + +}CRYS_ECIES_TempData_t; + + +/* --------------------------------------------------------------------- */ +/* .................. defines for FIPS ........... */ +/* --------------------------------------------------------------------- */ + +/*! Order length for the FIPS ECC tests. */ +#define CRYS_ECPKI_FIPS_ORDER_LENGTH (256/SASI_BITS_IN_BYTE) // the order of secp256r1 in bytes + +/*! Context definition required for internal FIPS verification for ECPKI key generation. */ +typedef struct CRYS_ECPKI_KG_FipsContext_t +{ + /*! Signing and verification data. */ + union { + CRYS_ECDSA_SignUserContext_t signCtx; + CRYS_ECDSA_VerifyUserContext_t verifyCtx; + }operationCtx; + /*! Internal buffer. */ + uint32_t signBuff[2*CRYS_ECPKI_ORDER_MAX_LENGTH_IN_WORDS]; +}CRYS_ECPKI_KG_FipsContext_t; + + + +/*! Context defintion, required for internal FIPS verification for ECDSA KAT. * +* The ECDSA KAT tests defined for domain 256r1. */ +typedef struct CRYS_ECDSAFipsKatContext_t{ + /*! Key data. */ + union { + /*! Private key data. */ + struct { + CRYS_ECPKI_UserPrivKey_t PrivKey; + CRYS_ECDSA_SignUserContext_t signCtx; + }userSignData; + /*! Public key data. */ + struct { + CRYS_ECPKI_UserPublKey_t PublKey; + union { + CRYS_ECDSA_VerifyUserContext_t verifyCtx; + CRYS_ECPKI_BUILD_TempData_t tempData; + }buildOrVerify; + }userVerifyData; + }keyContextData; + /*! Internal buffer. */ + uint8_t signBuff[2*CRYS_ECPKI_FIPS_ORDER_LENGTH]; +}CRYS_ECDSAFipsKatContext_t; + +/*! Context definition, required for internal FIPS verification for ECDH KAT. */ +typedef struct CRYS_ECDHFipsKatContext_t{ + /*! Public key data. */ + CRYS_ECPKI_UserPublKey_t pubKey; + /*! Private key data. */ + CRYS_ECPKI_UserPrivKey_t privKey; + /*! Internal buffers. */ + union { + CRYS_ECPKI_BUILD_TempData_t ecpkiTempData; + CRYS_ECDH_TempData_t ecdhTempBuff; + }tmpData; + /*! Buffer for the secret key. */ + uint8_t secretBuff[CRYS_ECPKI_FIPS_ORDER_LENGTH]; +}CRYS_ECDHFipsKatContext_t; + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_error.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_error.h new file mode 100644 index 0000000..ae9125e --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_error.h @@ -0,0 +1,273 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +#ifndef CRYS_ERROR_H +#define CRYS_ERROR_H + +#include "ssi_pal_types.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! @file +@brief This module defines the error return code types and the numbering spaces of the error codes +for each module of the layers listed below. +@defgroup crys_error CryptoCell general base error codes +@{ +@ingroup cryptocell_api +*/ + +/*! The definitions of the error number space used for the different modules */ + +/* ........... Error base numeric mapping definitions ................... */ +/* ----------------------------------------------------------------------- */ + + /*! CRYS error base number. */ +#define CRYS_ERROR_BASE 0x00F00000UL + +/*! Error range number assigned for each layer. */ +#define CRYS_ERROR_LAYER_RANGE 0x00010000UL + +/*! Error range number assigned to each module on its specified layer. */ +#define CRYS_ERROR_MODULE_RANGE 0x00000100UL + +/* Defines the layer index for the error mapping. */ +/*! CRYS error layer index. */ +#define CRYS_LAYER_ERROR_IDX 0x00UL +/*! Low level functions error layer index. */ +#define LLF_LAYER_ERROR_IDX 0x01UL +/*! Generic error layer index. */ +#define GENERIC_ERROR_IDX 0x05UL + +/* Defines the module index for error mapping */ +/*! AES error index.*/ +#define AES_ERROR_IDX 0x00UL +/*! DES error index.*/ +#define DES_ERROR_IDX 0x01UL +/*! HASH error index.*/ +#define HASH_ERROR_IDX 0x02UL +/*! HMAC error index.*/ +#define HMAC_ERROR_IDX 0x03UL +/*! RSA error index.*/ +#define RSA_ERROR_IDX 0x04UL +/*! DH error index.*/ +#define DH_ERROR_IDX 0x05UL + +/*! ECPKI error index.*/ +#define ECPKI_ERROR_IDX 0x08UL +/*! RND error index.*/ +#define RND_ERROR_IDX 0x0CUL +/*! Common error index.*/ +#define COMMON_ERROR_IDX 0x0DUL +/*! KDF error index.*/ +#define KDF_ERROR_IDX 0x11UL +/*! HKDF error index.*/ +#define HKDF_ERROR_IDX 0x12UL +/*! AESCCM error index.*/ +#define AESCCM_ERROR_IDX 0x15UL +/*! FIPS error index.*/ +#define FIPS_ERROR_IDX 0x17UL + +/*! PKA error index.*/ +#define PKA_MODULE_ERROR_IDX 0x21UL +/*! CHACHA error index.*/ +#define CHACHA_ERROR_IDX 0x22UL +/*! EC montgomery and edwards error index.*/ +#define EC_MONT_EDW_ERROR_IDX 0x23UL +/*! CHACHA POLY error index.*/ +#define CHACHA_POLY_ERROR_IDX 0x24UL +/*! POLY error index.*/ +#define POLY_ERROR_IDX 0x25UL +/*! SRP error index.*/ +#define SRP_ERROR_IDX 0x26UL + + + +/* .......... defining the error spaces for each module on each layer ........... */ +/* ------------------------------------------------------------------------------ */ + +/*! AES module error base address - 0x00F00000. */ +#define CRYS_AES_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ + (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ + (CRYS_ERROR_MODULE_RANGE * AES_ERROR_IDX ) ) + +/*! DES module error base address - 0x00F00100. */ +#define CRYS_DES_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ + (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ + (CRYS_ERROR_MODULE_RANGE * DES_ERROR_IDX ) ) + +/*! HASH module error base address - 0x00F00200. */ +#define CRYS_HASH_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ + (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ + (CRYS_ERROR_MODULE_RANGE * HASH_ERROR_IDX ) ) + +/*! HMAC module error base address - 0x00F00300. */ +#define CRYS_HMAC_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ + (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ + (CRYS_ERROR_MODULE_RANGE * HMAC_ERROR_IDX ) ) + +/*! RSA module error base address - 0x00F00400. */ +#define CRYS_RSA_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ + (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ + (CRYS_ERROR_MODULE_RANGE * RSA_ERROR_IDX ) ) + +/*! DH module error base address - 0x00F00500. */ +#define CRYS_DH_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ + (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ + (CRYS_ERROR_MODULE_RANGE * DH_ERROR_IDX ) ) + +/*! ECPKI module error base address - 0x00F00800. */ +#define CRYS_ECPKI_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ + (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ + (CRYS_ERROR_MODULE_RANGE * ECPKI_ERROR_IDX ) ) + +/*! Low level ECPKI module error base address - 0x00F10800. */ +#define LLF_ECPKI_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ + (CRYS_ERROR_LAYER_RANGE * LLF_LAYER_ERROR_IDX) + \ + (CRYS_ERROR_MODULE_RANGE * ECPKI_ERROR_IDX ) ) + +/*! RND module error base address - 0x00F00C00. */ +#define CRYS_RND_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ + (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ + (CRYS_ERROR_MODULE_RANGE * RND_ERROR_IDX ) ) + +/*! Low level RND module error base address - 0x00F10C00. */ +#define LLF_RND_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ + (CRYS_ERROR_LAYER_RANGE * LLF_LAYER_ERROR_IDX) + \ + (CRYS_ERROR_MODULE_RANGE * RND_ERROR_IDX ) ) + +/*! COMMMON module error base address - 0x00F00D00. */ +#define CRYS_COMMON_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ + (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ + (CRYS_ERROR_MODULE_RANGE * COMMON_ERROR_IDX ) ) + +/*! KDF module error base address - 0x00F01100. */ +#define CRYS_KDF_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ + (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ + (CRYS_ERROR_MODULE_RANGE * KDF_ERROR_IDX ) ) + +/*! HKDF module error base address - 0x00F01100. */ +#define CRYS_HKDF_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ + (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ + (CRYS_ERROR_MODULE_RANGE * HKDF_ERROR_IDX ) ) + +/*! AESCCM module error base address - 0x00F01500. */ +#define CRYS_AESCCM_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ + (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ + (CRYS_ERROR_MODULE_RANGE * AESCCM_ERROR_IDX ) ) + +/*! FIPS module error base address - 0x00F01700. */ +#define CRYS_FIPS_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ + (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ + (CRYS_ERROR_MODULE_RANGE * FIPS_ERROR_IDX ) ) + +/*! PKA module error base address - 0x00F02100. */ +#define PKA_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ + (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ + (CRYS_ERROR_MODULE_RANGE * PKA_MODULE_ERROR_IDX ) ) + +/*! CHACHA module error base address - 0x00F02200. */ +#define CRYS_CHACHA_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ + (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ + (CRYS_ERROR_MODULE_RANGE * CHACHA_ERROR_IDX ) ) +/*! CHACHA POLY module error base address - 0x00F02400. */ +#define CRYS_CHACHA_POLY_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ + (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ + (CRYS_ERROR_MODULE_RANGE * CHACHA_POLY_ERROR_IDX ) ) +/*! POLY module error base address - 0x00F02500. */ +#define CRYS_POLY_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ + (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ + (CRYS_ERROR_MODULE_RANGE * POLY_ERROR_IDX ) ) + +/*! SRP module error base address - 0x00F02600. */ +#define CRYS_SRP_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ + (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ + (CRYS_ERROR_MODULE_RANGE * SRP_ERROR_IDX ) ) + + +/*! EC MONT_EDW module error base address - 0x00F02300. */ +#define CRYS_EC_MONT_EDW_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ + (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ + (CRYS_ERROR_MODULE_RANGE * EC_MONT_EDW_ERROR_IDX ) ) + + +/*! User generic error base address - 0x00F50000 */ +#define GENERIC_ERROR_BASE ( CRYS_ERROR_BASE + (CRYS_ERROR_LAYER_RANGE * GENERIC_ERROR_IDX) ) +/*! CRYS fatal error. */ +#define CRYS_FATAL_ERROR (GENERIC_ERROR_BASE + 0x00UL) +/*! CRYS out of resources error. */ +#define CRYS_OUT_OF_RESOURCE_ERROR (GENERIC_ERROR_BASE + 0x01UL) +/*! CRYS illegal resource value error. */ +#define CRYS_ILLEGAL_RESOURCE_VAL_ERROR (GENERIC_ERROR_BASE + 0x02UL) + + + +/* ............ The OK (success) definition ....................... */ +/*! Success defintion. */ +#define CRYS_OK 0 + +/*! MACRO that defines crys return value. */ +#define SASI_CRYS_RETURN_ERROR(retCode, retcodeInfo, funcHandler) \ + ((retCode) == 0 ? CRYS_OK : funcHandler(retCode, retcodeInfo)) + +/************************ Enums ********************************/ + + +/************************ Typedefs ****************************/ + +/*! The typedef definition of all of the error codes that are returned from the CRYS functions */ +typedef uint32_t CRYSError_t; + +/************************ Structs ******************************/ + + +/************************ Public Variables **********************/ + + +/************************ Public Functions **********************/ + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif + + + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hash.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hash.h new file mode 100644 index 0000000..ea93a8a --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hash.h @@ -0,0 +1,285 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +/*! +@file +@brief This file contains all of the enums and definitions +that are used for the CRYS HASH APIs, as well as the APIs themselves. +@defgroup crys_hash CryptoCell HASH APIs +@{ +@ingroup cryptocell_api + + +This product supports the following HASH algorithms (or modes, according to product): +
  • CRYS_HASH_MD5 (producing 16 byte output).
    • +
  • CRYS_HASH_SHA1 (producing 20 byte output).
    • +
  • CRYS_HASH_SHA224 (producing 28 byte output).
    • +
  • CRYS_HASH_SHA256 (producing 32 byte output).
    • +
  • CRYS_HASH_SHA384 (producing 48 byte output).
    • +
  • CRYS_HASH_SHA512 (producing 64 byte output).
+ +HASH calculation can be performed in either of the following two modes of operation: +
  • Integrated operation - Processes all data in a single function call. This flow is applicable when all data is available prior to the + cryptographic operation.
    • +
  • Block operation - Processes a subset of the data buffers, and is called multiple times in a sequence. This flow is applicable when the + next data buffer becomes available only during/after processing of the current data buffer.
+ +The following is a typical HASH Block operation flow: +
  1. ::CRYS_HASH_Init - this function initializes the HASH machine on the CRYS level by setting the context pointer that is used on the entire + HASH operation.
    2. +
  2. ::CRYS_HASH_Update - this function runs a HASH operation on a block of data allocated by the user. This function may be called as many times + as required.
    3. +
  3. ::CRYS_HASH_Finish - this function ends the HASH operation. It returns the digest result and clears the context.
+*/ + +#ifndef CRYS_HASH_H +#define CRYS_HASH_H + + +#include "ssi_pal_types.h" +#include "crys_error.h" +#include "crys_hash_defs.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/************************ Defines ******************************/ +/* The hash result in words +#define CRYS_HASH_RESULT_SIZE_IN_WORDS 5*/ +/*! The maximal hash result is 512 bits for SHA512. */ +#define CRYS_HASH_RESULT_SIZE_IN_WORDS 16 + +/*! MD5 digest result size in bytes. */ +#define CRYS_HASH_MD5_DIGEST_SIZE_IN_BYTES 16 + +/*! MD5 digest result size in words. */ +#define CRYS_HASH_MD5_DIGEST_SIZE_IN_WORDS 4 + +/*! SHA-1 digest result size in bytes. */ +#define CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES 20 + +/*! SHA-1 digest result size in words. */ +#define CRYS_HASH_SHA1_DIGEST_SIZE_IN_WORDS 5 + +/*! SHA-256 digest result size in words. */ +#define CRYS_HASH_SHA224_DIGEST_SIZE_IN_WORDS 7 + +/*! SHA-256 digest result size in words. */ +#define CRYS_HASH_SHA256_DIGEST_SIZE_IN_WORDS 8 + +/*! SHA-384 digest result size in words. */ +#define CRYS_HASH_SHA384_DIGEST_SIZE_IN_WORDS 12 + +/*! SHA-512 digest result size in words. */ +#define CRYS_HASH_SHA512_DIGEST_SIZE_IN_WORDS 16 + +/*! SHA-256 digest result size in bytes */ +#define CRYS_HASH_SHA224_DIGEST_SIZE_IN_BYTES 28 + +/*! SHA-256 digest result size in bytes */ +#define CRYS_HASH_SHA256_DIGEST_SIZE_IN_BYTES 32 + +/*! SHA-384 digest result size in bytes */ +#define CRYS_HASH_SHA384_DIGEST_SIZE_IN_BYTES 48 + +/*! SHA-512 digest result size in bytes */ +#define CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES 64 + +/*! SHA1 hash block size in words */ +#define CRYS_HASH_BLOCK_SIZE_IN_WORDS 16 + +/*! SHA1 hash block size in bytes */ +#define CRYS_HASH_BLOCK_SIZE_IN_BYTES 64 + +/*! SHA2 hash block size in words */ +#define CRYS_HASH_SHA512_BLOCK_SIZE_IN_WORDS 32 + +/*! SHA2 hash block size in bytes */ +#define CRYS_HASH_SHA512_BLOCK_SIZE_IN_BYTES 128 + +/*! Maximal data size for update operation. */ +#define CRYS_HASH_UPDATE_DATA_MAX_SIZE_IN_BYTES (1 << 29) + + +/************************ Enums ********************************/ + +/*! +HASH operation mode +*/ +typedef enum { + CRYS_HASH_SHA1_mode = 0, /*!< SHA1. */ + CRYS_HASH_SHA224_mode = 1, /*!< SHA224. */ + CRYS_HASH_SHA256_mode = 2, /*!< SHA256. */ + CRYS_HASH_SHA384_mode = 3, /*!< SHA384. */ + CRYS_HASH_SHA512_mode = 4, /*!< SHA512. */ + CRYS_HASH_MD5_mode = 5, /*!< MD5. */ + /*! Number of hash modes. */ + CRYS_HASH_NumOfModes, + /*! Reserved. */ + CRYS_HASH_OperationModeLast= 0x7FFFFFFF, + +}CRYS_HASH_OperationMode_t; + +/************************ Typedefs *****************************/ + +/*! HASH result buffer. */ +typedef uint32_t CRYS_HASH_Result_t[CRYS_HASH_RESULT_SIZE_IN_WORDS]; + +/************************ Structs ******************************/ +/*! The user's context prototype - the argument type that is passed by the user + to the HASH APIs. The context saves the state of the operation and must be saved by the user + till the end of the APIs flow. */ +typedef struct CRYS_HASHUserContext_t { + /*! Internal buffer */ + uint32_t buff[CRYS_HASH_USER_CTX_SIZE_IN_WORDS]; +}CRYS_HASHUserContext_t; + +/************************ Public Variables **********************/ + +/************************ Public Functions **********************/ + + +/************************************************************************************************/ +/*! +@brief This function initializes the HASH machine and the HASH Context. + +It receives as input a pointer to store the context handle to the HASH Context, +and initializes the HASH Context with the cryptographic attributes that are needed for the HASH block operation (initializes H's value for the HASH algorithm). + +@return CRYS_OK on success. +@return A non-zero value from crys_hash_error.h on failure. +*/ +CIMPORT_C CRYSError_t CRYS_HASH_Init( + CRYS_HASHUserContext_t *ContextID_ptr, /*!< [in] Pointer to the HASH context buffer allocated by the user that is used + for the HASH machine operation. */ + CRYS_HASH_OperationMode_t OperationMode /*!< [in] One of the supported HASH modes, as defined in CRYS_HASH_OperationMode_t. */ +); + +/************************************************************************************************/ +/*! +@brief This function processes a block of data to be HASHed. + +It updates a HASH Context that was previously initialized by CRYS_HASH_Init or updated by a previous call to CRYS_HASH_Update. + +@return CRYS_OK on success. +@return A non-zero value from crys_hash_error.h on failure. +*/ + +CIMPORT_C CRYSError_t CRYS_HASH_Update( + CRYS_HASHUserContext_t *ContextID_ptr, /*!< [in] Pointer to the HASH context buffer allocated by the user, which is used for the + HASH machine operation. */ + uint8_t *DataIn_ptr, /*!< [in] Pointer to the input data to be HASHed. + it is a one contiguous memory block. */ + size_t DataInSize /*!< [in] Byte size of the input data. Must be > 0. + If not a multiple of the HASH block size (64 for MD5, SHA-1 and SHA-224/256, + 128 for SHA-384/512), no further calls + to CRYS_HASH_Update are allowed in this context, and only CRYS_HASH_Finish + can be called to complete the computation. */ +); + +/************************************************************************************************/ +/*! +@brief This function finalizes the hashing process of data block. + +It receives a handle to the HASH Context, which was previously initialized by CRYS_HASH_Init or by CRYS_HASH_Update. +It "adds" a header to the data block according to the relevant HASH standard, and computes the final message digest. + +@return CRYS_OK on success. +@return A non-zero value from crys_hash_error.h on failure. +*/ + +CIMPORT_C CRYSError_t CRYS_HASH_Finish( + CRYS_HASHUserContext_t *ContextID_ptr, /*!< [in] Pointer to the HASH context buffer allocated by the user that is used for + the HASH machine operation. */ + CRYS_HASH_Result_t HashResultBuff /*!< [in] Pointer to the word-aligned 64 byte buffer. The actual size of the HASH + result depends on CRYS_HASH_OperationMode_t. */ +); + + +/************************************************************************************************/ +/*! +@brief This function is a utility function that frees the context if the operation has failed. + +The function executes the following major steps: +
  1. Checks the validity of all of the inputs of the function.
    2. +
  2. Clears the user's context.
    3. +
  3. Exits the handler with the OK code.
+ +@return CRYS_OK on success. +@return A non-zero value from crys_hash_error.h on failure. +*/ + +CIMPORT_C CRYSError_t CRYS_HASH_Free( + CRYS_HASHUserContext_t *ContextID_ptr /*!< [in] Pointer to the HASH context buffer allocated by the user that is used for + the HASH machine operation. */ +); + + +/************************************************************************************************/ +/*! +@brief This function processes a single buffer of data. + +The function allocates an internal HASH Context, and initializes it with the cryptographic attributes +that are needed for the HASH block operation (initialize H's value for the HASH algorithm). +Then it processes the data block, calculating the HASH. Finally, it returns the data buffer's message digest. + +@return CRYS_OK on success. +@return A non-zero value from crys_hash_error.h on failure. + */ + +CIMPORT_C CRYSError_t CRYS_HASH ( + CRYS_HASH_OperationMode_t OperationMode, /*!< [in] One of the supported HASH modes, as defined in CRYS_HASH_OperationMode_t. */ + uint8_t *DataIn_ptr, /*!< [in] Pointer to the input data to be HASHed. + The size of the scatter/gather list representing the data buffer is limited + to 128 entries, and the size of each entry is limited to 64KB + (fragments larger than 64KB are broken into fragments <= 64KB). */ + size_t DataSize, /*!< [in] The size of the data to be hashed in bytes. */ + CRYS_HASH_Result_t HashResultBuff /*!< [out] Pointer to a word-aligned 64 byte buffer. The actual size of the HASH + result depends on CRYS_HASH_OperationMode_t. */ +); + + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hash_defs.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hash_defs.h new file mode 100644 index 0000000..701f78a --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hash_defs.h @@ -0,0 +1,66 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +#ifndef CRYS_HASH_DEFS_H +#define CRYS_HASH_DEFS_H + +/*! +@file +@brief This file contains HASH definitions. +@defgroup crys_hash_defs CryptoCell Hash definitions +@{ +@ingroup crys_hash +*/ + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/************************ Defines ******************************/ + +/*! The size of user's context prototype (see ::CRYS_HASHUserContext_t) in words. */ +#define CRYS_HASH_USER_CTX_SIZE_IN_WORDS 60 + + +#ifdef __cplusplus +} +#endif + +/** +@} + */ +#endif diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hash_error.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hash_error.h new file mode 100644 index 0000000..3840d18 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hash_error.h @@ -0,0 +1,108 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + + +#ifndef CRYS_HASH_ERROR_H +#define CRYS_HASH_ERROR_H + + +#include "crys_error.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! +@file +@brief This module contains the definitions of the CRYS HASH errors. +@defgroup crys_hash_error CryptoCell HASH specific errors +@{ +@ingroup crys_hash +*/ + + + + +/************************ Defines ******************************/ +/*! HASH module on the CRYS layer base address - 0x00F00200*/ +/* The CRYS HASH module errors */ +/*! Illegal context pointer. */ +#define CRYS_HASH_INVALID_USER_CONTEXT_POINTER_ERROR (CRYS_HASH_MODULE_ERROR_BASE + 0x0UL) +/*! Illegal operation mode. */ +#define CRYS_HASH_ILLEGAL_OPERATION_MODE_ERROR (CRYS_HASH_MODULE_ERROR_BASE + 0x1UL) +/*! Context is corrupted. */ +#define CRYS_HASH_USER_CONTEXT_CORRUPTED_ERROR (CRYS_HASH_MODULE_ERROR_BASE + 0x2UL) +/*! Illegal data in pointer. */ +#define CRYS_HASH_DATA_IN_POINTER_INVALID_ERROR (CRYS_HASH_MODULE_ERROR_BASE + 0x3UL) +/*! Illegal data in size. */ +#define CRYS_HASH_DATA_SIZE_ILLEGAL (CRYS_HASH_MODULE_ERROR_BASE + 0x4UL) +/*! Illegal result buffer pointer. */ +#define CRYS_HASH_INVALID_RESULT_BUFFER_POINTER_ERROR (CRYS_HASH_MODULE_ERROR_BASE + 0x5UL) +/*! Last block was already processed (may happen if previous block was not a multiple of block size). */ +#define CRYS_HASH_LAST_BLOCK_ALREADY_PROCESSED_ERROR (CRYS_HASH_MODULE_ERROR_BASE + 0xCUL) +/*! Illegal parameter. */ +#define CRYS_HASH_ILLEGAL_PARAMS_ERROR (CRYS_HASH_MODULE_ERROR_BASE + 0xDUL) +/*! Illegal context size. */ +#define CRYS_HASH_CTX_SIZES_ERROR (CRYS_HASH_MODULE_ERROR_BASE + 0xEUL) +/*! HASH is not supported. */ +#define CRYS_HASH_IS_NOT_SUPPORTED (CRYS_HASH_MODULE_ERROR_BASE + 0xFUL) + + + +/************************ Enums ********************************/ + + +/************************ Typedefs ****************************/ + + +/************************ Structs ******************************/ + + +/************************ Public Variables **********************/ + + +/************************ Public Functions **********************/ + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hkdf.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hkdf.h new file mode 100644 index 0000000..fbc5bcc --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hkdf.h @@ -0,0 +1,124 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +#ifndef CRYS_HKDF_H +#define CRYS_HKDF_H + +#include "crys_hash.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! +@file +@brief This module defines the API that supports HMAC Key derivation function as defined by RFC5869. +@defgroup crys_hkdf CryptoCell HMAC Key Derivation APIs +@{ +@ingroup cryptocell_api +*/ + +/*! HKDF maximal key size in words. */ +#define CRYS_HKDF_MAX_HASH_KEY_SIZE_IN_BYTES 512 + +/*! HKDF maximal HASH digest size in bytes. */ +#define CRYS_HKDF_MAX_HASH_DIGEST_SIZE_IN_BYTES CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES + +/************************ Defines ******************************/ + +/************************ Enums ********************************/ + +/*! Enum defining HKDF HASH available modes. */ +typedef enum +{ + /*! SHA1 mode. */ + CRYS_HKDF_HASH_SHA1_mode = 0, + /*! SHA224 mode. */ + CRYS_HKDF_HASH_SHA224_mode = 1, + /*! SHA256 mode. */ + CRYS_HKDF_HASH_SHA256_mode = 2, + /*! SHA384 mode. */ + CRYS_HKDF_HASH_SHA384_mode = 3, + /*! SHA512 mode. */ + CRYS_HKDF_HASH_SHA512_mode = 4, + + /*! Maximal number of HASH modes. */ + CRYS_HKDF_HASH_NumOfModes, + + /*! Reserved */ + CRYS_HKDF_HASH_OpModeLast = 0x7FFFFFFF, + +}CRYS_HKDF_HASH_OpMode_t; + +/************************ Typedefs ****************************/ + +/************************ Structs ******************************/ + +/************************ Public Variables **********************/ + +/************************ Public Functions **********************/ + +/****************************************************************/ + + +/*********************************************************************************************************/ +/*! +@brief CRYS_HKDF_KeyDerivFunc performs the HMAC-based key derivation, according to RFC5869 + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_kdf_error.h, crys_hash_error or crys_hmac_error.h +*/ +CEXPORT_C CRYSError_t CRYS_HKDF_KeyDerivFunc( + CRYS_HKDF_HASH_OpMode_t HKDFhashMode, /*!< [in] The HKDF identifier of hash function to be used. */ + uint8_t* Salt_ptr, /*!< [in] A pointer to a non secret random value. can be NULL. */ + size_t SaltLen, /*!< [in] The size of the salt_ptr. */ + uint8_t* Ikm_ptr, /*!< [in] A pointer to a input key message. */ + uint32_t IkmLen, /*!< [in] The size of the input key message */ + uint8_t* Info, /*!< [in] A pointer to an optional context and application specific information. can be NULL */ + uint32_t InfoLen, /*!< [in] The size of the info. */ + uint8_t* Okm, /*!< [in] A pointer to a output key material. */ + uint32_t OkmLen, /*!< [in] The size of the output key material. */ + SaSiBool IsStrongKey /*!< [in] if TRUE , then no need to perform the extraction phase. */ + ); + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hkdf_error.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hkdf_error.h new file mode 100644 index 0000000..d78398e --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hkdf_error.h @@ -0,0 +1,91 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +#ifndef CRYS_HKDF_ERROR_H +#define CRYS_HKDF_ERROR_H + +#include "crys_error.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! +@file +@brief This module contains the definitions of the CRYS HKDF errors. +@defgroup crys_hkdf_error HMAC Key Derivation specific errors +@{ +@ingroup crys_hkdf + */ + + +/************************ Defines *******************************/ + +/*! CryptoCell HKDF module errors / base address - 0x00F01100. */ +/*! Invalid argument. */ +#define CRYS_HKDF_INVALID_ARGUMENT_POINTER_ERROR (CRYS_HKDF_MODULE_ERROR_BASE + 0x0UL) +/*! Invalid argument size. */ +#define CRYS_HKDF_INVALID_ARGUMENT_SIZE_ERROR (CRYS_HKDF_MODULE_ERROR_BASE + 0x1UL) +/*! Illegal hash mode. */ +#define CRYS_HKDF_INVALID_ARGUMENT_HASH_MODE_ERROR (CRYS_HKDF_MODULE_ERROR_BASE + 0x3UL) +/*! HKDF not supported. */ +#define CRYS_HKDF_IS_NOT_SUPPORTED (CRYS_HKDF_MODULE_ERROR_BASE + 0xFFUL) + +/************************ Enums *********************************/ + +/************************ Typedefs *****************************/ + +/************************ Structs ******************************/ + +/************************ Public Variables **********************/ + +/************************ Public Functions **********************/ + + + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif + + + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hmac.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hmac.h new file mode 100644 index 0000000..9094d73 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hmac.h @@ -0,0 +1,214 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +/*! +@file +@brief This file contains all of the enums and definitions +that are used for the CRYS HMAC APIs, as well as the APIs themselves. +@defgroup crys_hmac CryptoCell HMAC APIs +@{ +@ingroup cryptocell_api + + +HMAC is a wrapping algorithm that uses a HASH function (one of the supported HASH algorithms, as specified in the HASH chapter) and a key, +to generate a unique authentication code over the input data. +HMAC calculation can be performed in either of the following two modes of operation: +
  • Integrated operation - Processes all data in a single function call. This flow is applicable when all data is available prior to +the cryptographic operation.
    • +
  • Block operation - Processes a subset of the data buffers, and is called multiple times in a sequence. This flow is applicable when +the next data buffer becomes available only during/after processing of the current data buffer.
+ +The following is a typical HMAC Block operation flow: +
  1. ::CRYS_HMAC_Init: This function initializes the HMAC machine on the CRYS level by setting the context pointer that is + used on the entire HMAC operation.
    2. +
  2. ::CRYS_HMAC_Update: This function runs an HMAC operation on a block of data allocated by the user. This function may be called as + many times as required.
    3. +
  3. ::CRYS_HMAC_Finish: This function ends the HMAC operation. It returns the digest result and clears the context.
+*/ + +#ifndef CRYS_HMAC_H +#define CRYS_HMAC_H + + +#include "ssi_pal_types.h" +#include "crys_error.h" + +#include "crys_hash.h" +#include "crys_hmac_defs.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/************************ Defines ******************************/ + +/*! HMAC key size after padding for MD5, SHA1, SHA256. */ +#define CRYS_HMAC_KEY_SIZE_IN_BYTES 64 + +/*! HMAC key size after padding for SHA384, SHA512 */ +#define CRYS_HMAC_SHA2_1024BIT_KEY_SIZE_IN_BYTES 128 + +/************************ Enums ********************************/ + +/************************ Typedefs ****************************/ + +/*********************** Structures ****************************/ + + +/*! User's context prototype - the argument type that is passed by the user + to the HMAC APIs. The context saves the state of the operation and must be saved by the user + till the end of the APIs flow */ +typedef struct CRYS_HMACUserContext_t { + /*! Context buffer for internal use */ + uint32_t buff[CRYS_HMAC_USER_CTX_SIZE_IN_WORDS]; + +}CRYS_HMACUserContext_t; + +/************************ Structs ******************************/ + + +/************************ Public Variables **********************/ + + +/************************ Public Functions **********************/ + +/*! +@brief This function initializes the HMAC machine. + +It allocates and initializes the HMAC Context. It initiates a HASH session and processes a HASH update on the Key XOR ipad, +then stores it in the context + +@return CRYS_OK on success. +@return A non-zero value from crys_hmac_error.h or crys_hash_error.h on failure. +*/ +CIMPORT_C CRYSError_t CRYS_HMAC_Init( + CRYS_HMACUserContext_t *ContextID_ptr, /*!< [in] Pointer to the HMAC context buffer allocated by the user, which is used + for the HMAC machine operation. */ + CRYS_HASH_OperationMode_t OperationMode, /*!< [in] One of the supported HASH modes, as defined in CRYS_HASH_OperationMode_t. */ + uint8_t *key_ptr, /*!< [in] The pointer to the user's key buffer. */ + uint16_t keySize /*!< [in] The key size in bytes. If the key size is bigger than the HASH block, the key will be hashed. + The limitations on the key size are the same as the limitations on MAX hash size. */ +); + + +/*! +@brief This function processes a block of data to be HASHed. + +It receives a handle to the HMAC Context, and updates the HASH value with the new data. + +@return CRYS_OK on success. +@return A non-zero value from crys_hmac_error.h or crys_hash_error.h on failure. +*/ + +CIMPORT_C CRYSError_t CRYS_HMAC_Update( + CRYS_HMACUserContext_t *ContextID_ptr, /*!< [in] Pointer to the HMAC context buffer allocated by the user + that is used for the HMAC machine operation. */ + uint8_t *DataIn_ptr, /*!< [in] Pointer to the input data to be HASHed. + The size of the scatter/gather list representing the data buffer is limited to + 128 entries, and the size of each entry is limited to 64KB + (fragments larger than 64KB are broken into fragments <= 64KB). */ + size_t DataInSize /*!< [in] Byte size of the input data. Must be > 0. + If not a multiple of the HASH block size (64 for SHA-1 and SHA-224/256, + 128 for SHA-384/512), no further calls to ::CRYS_HMAC_Update are allowed in + this context, and only ::CRYS_HMAC_Finish can be called to complete the + computation. */ +); + + +/*! +@brief This function finalizes the HMAC processing of a data block. + +It receives a handle to the HMAC context that was previously initialized by ::CRYS_HMAC_Init, or by ::CRYS_HMAC_Update. +It completes the HASH calculation on the ipad and text, and then executes a new HASH operation with the key XOR opad and the previous +HASH operation result. + +@return CRYS_OK on success. +@return A non-zero value from crys_hmac_error.h or crys_hash_error.h on failure. +*/ + +CIMPORT_C CRYSError_t CRYS_HMAC_Finish( + CRYS_HMACUserContext_t *ContextID_ptr, /*!< [in] Pointer to the HMAC context buffer allocated by the user, which is used + for the HMAC machine operation. */ + CRYS_HASH_Result_t HmacResultBuff /*!< [out] Pointer to the word-aligned 64 byte buffer. The actual size of the + HASH result depends on CRYS_HASH_OperationMode_t. */ +); + + +/*! +@brief This function is a service function that frees the context if the operation has failed. + +The function executes the following major steps: +
  1. Checks the validity of all of the inputs of the function.
    2. +
  2. Clears the user's context.
    3. +
  3. Exits the handler with the OK code.
+ +@return CRYS_OK on success. +@return a non-zero value from crys_hmac_error.h on failure. +*/ + +CIMPORT_C CRYSError_t CRYS_HMAC_Free( + CRYS_HMACUserContext_t *ContextID_ptr /*!< [in] Pointer to the HMAC context buffer allocated by the user, which is used for + the HMAC machine operation. */ +); + + +/*! +@brief This function processes a single buffer of data, and returns the data buffer's message digest. + +@return CRYS_OK on success. +@return A non-zero value from crys_hmac_error.h or crys_hash_error.h on failure. +*/ +CIMPORT_C CRYSError_t CRYS_HMAC ( + CRYS_HASH_OperationMode_t OperationMode, /*!< [in] One of the supported HASH modes, as defined in CRYS_HASH_OperationMode_t. */ + uint8_t *key_ptr, /*!< [in] The pointer to the user's key buffer. */ + uint16_t keySize, /*!< [in] The key size in bytes. If the key size is bigger than the HASH block, the key will be hashed. + The limitations on the key size are the same as the limitations on MAX hash size.*/ + uint8_t *DataIn_ptr, /*!< [in] Pointer to the input data to be HASHed. + The size of the scatter/gather list representing the data buffer is limited to 128 + entries, and the size of each entry is limited to 64KB (fragments larger than + 64KB are broken into fragments <= 64KB). */ + size_t DataSize, /*!< [in] The size of the data to be hashed (in bytes). */ + CRYS_HASH_Result_t HmacResultBuff /*!< [out] Pointer to the word-aligned 64 byte buffer. The actual size of the + HMAC result depends on CRYS_HASH_OperationMode_t. */ +); +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hmac_defs.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hmac_defs.h new file mode 100644 index 0000000..6e76d71 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hmac_defs.h @@ -0,0 +1,64 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +#ifndef CRYS_HMAC_DEFS_H +#define CRYS_HMAC_DEFS_H + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! +@file +@brief This file contains HMAC definitions. +@defgroup crys_hmac_defs CryptoCell Hmac definitions +@{ +@ingroup crys_hmac +*/ + +/************************ Defines ******************************/ +/*! The size of user's context prototype (see ::CRYS_HMACUserContext_t) in words. */ +#define CRYS_HMAC_USER_CTX_SIZE_IN_WORDS 94 + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hmac_error.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hmac_error.h new file mode 100644 index 0000000..e9bd5c8 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_hmac_error.h @@ -0,0 +1,108 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + +#ifndef CRYS_HMAC_ERROR_H +#define CRYS_HMAC_ERROR_H + +#include "crys_error.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! @file +@brief This module contains the definitions of the CRYS HMAC errors. +@defgroup crys_hmac_error CryptoCell HMAC specific errors +@{ +@ingroup crys_hmac +*/ + + + +/************************ Defines ******************************/ + +/*! The CRYS HMAC module errors */ +/*! Illegal context pointer. */ +#define CRYS_HMAC_INVALID_USER_CONTEXT_POINTER_ERROR (CRYS_HMAC_MODULE_ERROR_BASE + 0x0UL) +/*! Illegal operation mode. */ +#define CRYS_HMAC_ILLEGAL_OPERATION_MODE_ERROR (CRYS_HMAC_MODULE_ERROR_BASE + 0x1UL) +/*! Context is corrupted. */ +#define CRYS_HMAC_USER_CONTEXT_CORRUPTED_ERROR (CRYS_HMAC_MODULE_ERROR_BASE + 0x2UL) +/*! Illegal data in pointer. */ +#define CRYS_HMAC_DATA_IN_POINTER_INVALID_ERROR (CRYS_HMAC_MODULE_ERROR_BASE + 0x3UL) +/*! Illegal data in size. */ +#define CRYS_HMAC_DATA_SIZE_ILLEGAL (CRYS_HMAC_MODULE_ERROR_BASE + 0x4UL) +/*! Illegal result buffer pointer. */ +#define CRYS_HMAC_INVALID_RESULT_BUFFER_POINTER_ERROR (CRYS_HMAC_MODULE_ERROR_BASE + 0x5UL) +/*! Illegal key buffer pointer. */ +#define CRYS_HMAC_INVALID_KEY_POINTER_ERROR (CRYS_HMAC_MODULE_ERROR_BASE + 0x6UL) +/*! Illegal key size. */ +#define CRYS_HMAC_UNVALID_KEY_SIZE_ERROR (CRYS_HMAC_MODULE_ERROR_BASE + 0x7UL) +/*! Last block was already processed (may happen if previous block was not a multiple of block size). */ +#define CRYS_HMAC_LAST_BLOCK_ALREADY_PROCESSED_ERROR (CRYS_HMAC_MODULE_ERROR_BASE + 0xBUL) +/*! Illegal parameters. */ +#define CRYS_HMAC_ILLEGAL_PARAMS_ERROR (CRYS_HMAC_MODULE_ERROR_BASE + 0xCUL) +/*! Illegal context size. */ +#define CRYS_HMAC_CTX_SIZES_ERROR (CRYS_HMAC_MODULE_ERROR_BASE + 0xEUL) +/*! HMAC is not supported. */ +#define CRYS_HMAC_IS_NOT_SUPPORTED (CRYS_HMAC_MODULE_ERROR_BASE + 0xFUL) + + + +/************************ Enums ********************************/ + + +/************************ Typedefs ****************************/ + + +/************************ Structs ******************************/ + + +/************************ Public Variables **********************/ + + +/************************ Public Functions **********************/ + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_kdf.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_kdf.h new file mode 100644 index 0000000..add338e --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_kdf.h @@ -0,0 +1,211 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +#ifndef CRYS_KDF_H +#define CRYS_KDF_H + + +#include "crys_hash.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! +@file +@brief This module defines the API that supports Key derivation function in modes +as defined in PKCS#3, ANSI X9.42-2001, and ANSI X9.63-1999. +@defgroup crys_kdf CryptoCell Key Derivation APIs +@{ +@ingroup cryptocell_api +*/ + +#include "crys_hash.h" + +/************************ Defines ******************************/ + +/*! Shared secret value max size in bytes */ +#define CRYS_KDF_MAX_SIZE_OF_SHARED_SECRET_VALUE 1024 + +/* Count and max. sizeof OtherInfo entries (pointers to data buffers) */ +/*! Number of other info entries. */ +#define CRYS_KDF_COUNT_OF_OTHER_INFO_ENTRIES 5 +/*! Maximal size of other info entry. */ +#define CRYS_KDF_MAX_SIZE_OF_OTHER_INFO_ENTRY 64 /*!< Size is in bytes*/ +/*! Maximal size of keying data in bytes. */ +#define CRYS_KDF_MAX_SIZE_OF_KEYING_DATA 2048 + +/************************ Enums ********************************/ +/*! HASH operation modes */ +typedef enum +{ + /*! SHA1 mode.*/ + CRYS_KDF_HASH_SHA1_mode = 0, + /*! SHA224 mode.*/ + CRYS_KDF_HASH_SHA224_mode = 1, + /*! SHA256 mode.*/ + CRYS_KDF_HASH_SHA256_mode = 2, + /*! SHA384 mode.*/ + CRYS_KDF_HASH_SHA384_mode = 3, + /*! SHA512 mode.*/ + CRYS_KDF_HASH_SHA512_mode = 4, + /*! Maximal number of HASH modes. */ + CRYS_KDF_HASH_NumOfModes, + /*! Reserved.*/ + CRYS_KDF_HASH_OpModeLast = 0x7FFFFFFF, + +}CRYS_KDF_HASH_OpMode_t; + +/*! Key derivation modes. */ +typedef enum +{ + /*! ASN1 key derivation mode.*/ + CRYS_KDF_ASN1_DerivMode = 0, + /*! Concatination key derivation mode.*/ + CRYS_KDF_ConcatDerivMode = 1, + /*! X963 key derivation mode.*/ + CRYS_KDF_X963_DerivMode = CRYS_KDF_ConcatDerivMode, + /*! ISO 18033 KDF1 key derivation mode.*/ + CRYS_KDF_ISO18033_KDF1_DerivMode = 3, + /*! ISO 18033 KDF2 key derivation mode.*/ + CRYS_KDF_ISO18033_KDF2_DerivMode = 4, + /*! Maximal number of key derivation modes. */ + CRYS_KDF_DerivFunc_NumOfModes = 5, + /*! Reserved.*/ + CRYS_KDF_DerivFuncModeLast= 0x7FFFFFFF, + +}CRYS_KDF_DerivFuncMode_t; + +/************************ Typedefs ****************************/ + +/*! Structure, containing the optional data (other info) for KDF, + if any data is not needed, then the pointer value and + the size must be set to NULL */ +typedef struct +{ + /*! A unique object identifier (OID), indicating algorithm(s) + for which the keying data is used. */ + uint8_t AlgorithmID[CRYS_KDF_MAX_SIZE_OF_OTHER_INFO_ENTRY]; + uint32_t SizeOfAlgorithmID; /*!< Size of algorithm ID.*/ + /*! Public information contributed by the initiator. */ + uint8_t PartyUInfo[CRYS_KDF_MAX_SIZE_OF_OTHER_INFO_ENTRY]; + uint32_t SizeOfPartyUInfo; /*!< Size of the Public information contributed by the initiator. */ + /*! Public information contributed by the responder. */ + uint8_t PartyVInfo[CRYS_KDF_MAX_SIZE_OF_OTHER_INFO_ENTRY]; + uint32_t SizeOfPartyVInfo; /*!< Size of the responder's public information. */ + /*! Mutually-known private information, e.g. shared information + communicated throgh a separate channel. */ + uint8_t SuppPrivInfo[CRYS_KDF_MAX_SIZE_OF_OTHER_INFO_ENTRY]; + uint32_t SizeOfSuppPrivInfo; /*!< Size of the private information. */ + /*! Mutually-known public information, */ + uint8_t SuppPubInfo[CRYS_KDF_MAX_SIZE_OF_OTHER_INFO_ENTRY]; + uint32_t SizeOfSuppPubInfo; /*!< Size of the public information. */ + +}CRYS_KDF_OtherInfo_t; + +/************************ Structs ******************************/ + +/************************ Public Variables **********************/ + +/************************ Public Functions **********************/ + +/****************************************************************/ + + +/*********************************************************************************************************/ +/*! + @brief CRYS_KDF_KeyDerivFunc performs key derivation according to one of the modes defined in standards: + ANS X9.42-2001, ANS X9.63, ISO/IEC 18033-2. + +The present implementation of the function allows the following operation modes: +
  • CRYS_KDF_ASN1_DerivMode - mode based on ASN.1 DER encoding;
    • +
  • CRYS_KDF_ConcatDerivMode - mode based on concatenation;
    • +
  • CRYS_KDF_X963_DerivMode = CRYS_KDF_ConcatDerivMode;
    • +
  • CRYS_KDF_ISO18033_KDF1_DerivMode - specific mode according to ECIES-KEM algorithm (ISO/IEC 18033-2).
+ +The purpose of this function is to derive a keying data from the shared secret value and some +other optional shared information (SharedInfo). + +\note +
  • The length in Bytes of the hash result buffer is denoted by "hashlen".
    • +
  • All buffers arguments are represented in Big-Endian format.
    • + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_kdf_error.h or crys_hash_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_KDF_KeyDerivFunc( + uint8_t *ZZSecret_ptr, /*!< [in] A pointer to shared secret value octet string. */ + uint32_t ZZSecretSize, /*!< [in] The size of the shared secret value in bytes. + The maximal size is defined as: CRYS_KDF_MAX_SIZE_OF_SHARED_SECRET_VALUE. */ + CRYS_KDF_OtherInfo_t *OtherInfo_ptr, /*!< [in] The pointer to structure, containing the data, shared by two entities of + agreement and the data sizes. This argument may be optional in several modes + (if it is not needed - set NULL). + On two ISO/IEC 18033-2 modes - set NULL. + On KDF ASN1 mode the OtherInfo and its AlgorithmID entry are mandatory. */ + CRYS_KDF_HASH_OpMode_t KDFhashMode, /*!< [in] The KDF identifier of hash function to be used. The hash function output + must be at least 160 bits. */ + CRYS_KDF_DerivFuncMode_t derivation_mode, /*!< [in] Specifies one of above described derivation modes. */ + uint8_t *KeyingData_ptr, /*!< [out] A pointer to the buffer for derived keying data. */ + uint32_t KeyingDataSizeBytes /*!< [in] The size in bytes of the keying data to be derived. + The maximal size is defined as: CRYS_KDF_MAX_SIZE_OF_KEYING_DATA. */ +); + +/*********************************************************************************************************/ +/*! + CRYS_KDF_ASN1_KeyDerivFunc is A MACRO that performs key derivation according to ASN1 DER encoding method defined + in standard ANS X9.42-2001, 7.2.1. For a description of the parameters see ::CRYS_KDF_KeyDerivFunc. +*/ +#define CRYS_KDF_ASN1_KeyDerivFunc(ZZSecret_ptr,ZZSecretSize,OtherInfo_ptr,KDFhashMode,KeyingData_ptr,KeyLenInBytes)\ + CRYS_KDF_KeyDerivFunc((ZZSecret_ptr),(ZZSecretSize),(OtherInfo_ptr),(KDFhashMode),CRYS_KDF_ASN1_DerivMode,(KeyingData_ptr),(KeyLenInBytes)) + + +/*********************************************************************************************************/ +/*! + CRYS_KDF_ConcatKeyDerivFunc is a MACRO that performs key derivation according to concatenation mode defined + in standard ANS X9.42-2001, 7.2.2. For a description of the parameters see + ::CRYS_KDF_KeyDerivFunc. +*/ +#define CRYS_KDF_ConcatKeyDerivFunc(ZZSecret_ptr,ZZSecretSize,OtherInfo_ptr,KDFhashMode,KeyingData_ptr,KeyLenInBytes)\ + CRYS_KDF_KeyDerivFunc((ZZSecret_ptr),(ZZSecretSize),(OtherInfo_ptr),(KDFhashMode),CRYS_KDF_ConcatDerivMode,(KeyingData_ptr),(KeyLenInBytes)) + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_kdf_error.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_kdf_error.h new file mode 100644 index 0000000..905ffa1 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_kdf_error.h @@ -0,0 +1,105 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +#ifndef CRYS_KDF_ERROR_H +#define CRYS_KDF_ERROR_H + +#include "crys_error.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! +@file +@brief This module contains the definitions of the CRYS KDF errors. +@defgroup crys_kdf_error CryptoCell Key Derivation specific errors +@{ +@ingroup crys_kdf + */ + + +/************************ Defines *******************************/ + +/*! The CRYS KDF module errors / base address - 0x00F01100*/ +/*! Illegal input pointer. */ +#define CRYS_KDF_INVALID_ARGUMENT_POINTER_ERROR (CRYS_KDF_MODULE_ERROR_BASE + 0x0UL) +/*! Illegal input size. */ +#define CRYS_KDF_INVALID_ARGUMENT_SIZE_ERROR (CRYS_KDF_MODULE_ERROR_BASE + 0x1UL) +/*! Illegal operation mode. */ +#define CRYS_KDF_INVALID_ARGUMENT_OPERATION_MODE_ERROR (CRYS_KDF_MODULE_ERROR_BASE + 0x2UL) +/*! Illegal hash mode. */ +#define CRYS_KDF_INVALID_ARGUMENT_HASH_MODE_ERROR (CRYS_KDF_MODULE_ERROR_BASE + 0x3UL) +/*! Illegal key derivation mode. */ +#define CRYS_KDF_INVALID_KEY_DERIVATION_MODE_ERROR (CRYS_KDF_MODULE_ERROR_BASE + 0x4UL) +/*! Illegal shared secret value size. */ +#define CRYS_KDF_INVALID_SHARED_SECRET_VALUE_SIZE_ERROR (CRYS_KDF_MODULE_ERROR_BASE + 0x5UL) +/*! Illegal otherInfo size. */ +#define CRYS_KDF_INVALID_OTHER_INFO_SIZE_ERROR (CRYS_KDF_MODULE_ERROR_BASE + 0x6UL) +/*! Illegal key data size. */ +#define CRYS_KDF_INVALID_KEYING_DATA_SIZE_ERROR (CRYS_KDF_MODULE_ERROR_BASE + 0x7UL) +/*! Illegal algorithm ID pointer. */ +#define CRYS_KDF_INVALID_ALGORITHM_ID_POINTER_ERROR (CRYS_KDF_MODULE_ERROR_BASE + 0x8UL) +/*! Illegal algorithm ID size. */ +#define CRYS_KDF_INVALID_ALGORITHM_ID_SIZE_ERROR (CRYS_KDF_MODULE_ERROR_BASE + 0x9UL) +/*! KDF is not supproted. */ +#define CRYS_KDF_IS_NOT_SUPPORTED (CRYS_KDF_MODULE_ERROR_BASE + 0xFFUL) + +/************************ Enums *********************************/ + +/************************ Typedefs *****************************/ + +/************************ Structs ******************************/ + +/************************ Public Variables **********************/ + +/************************ Public Functions **********************/ + + + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif + + + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_pka_defs_hw.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_pka_defs_hw.h new file mode 100644 index 0000000..5073ad2 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_pka_defs_hw.h @@ -0,0 +1,128 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + + +#ifndef _CRYS_PKA_DEFS_HW_H_ +#define _CRYS_PKA_DEFS_HW_H_ + +#include "ssi_pal_types.h" +#include "ssi_pka_hw_plat_defs.h" + +/*! +@defgroup cryptocell_pka CryptoCell PKA group +@{ +@ingroup cryptocell_api +@brief This group is the cryptocell PKA root group +@} + +@file +@brief The file contains all of the enums and definitions that are used in the PKA related code. +@defgroup crys_pka_defs_hw CryptoCell PKA specific definitions +@{ +@ingroup cryptocell_pka +*/ + + +/* The valid key sizes in bits for RSA primitives (exponentiation) */ +/*! Maximal RSA modulus size */ +#define CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS ((CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS + SASI_PKA_WORD_SIZE_IN_BITS) / SASI_BITS_IN_32BIT_WORD ) +/*! Maximal EC modulus size */ +#define CRYS_ECPKI_MODUL_MAX_LENGTH_IN_BITS 521 + +/*! size of buffers for Barrett modulus tag NP, used in PKI algorithms. */ +#define CRYS_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS 5 +/*! size of buffers for Barrett modulus tag NP, used in ECC. */ +#define CRYS_PKA_ECPKI_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS CRYS_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS +/*! Maximal PKA modulus size */ +#define CRYS_PKA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS +/*! Maximal PKA public key size in words */ +#define CRYS_PKA_PUB_KEY_BUFF_SIZE_IN_WORDS (2*CRYS_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS) +/*! Maximal PKA private key size in words */ +#define CRYS_PKA_PRIV_KEY_BUFF_SIZE_IN_WORDS (2*CRYS_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS) +/*! Maximal PKA KG buffer size in words */ +#define CRYS_PKA_KGDATA_BUFF_SIZE_IN_WORDS (3*CRYS_PKA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS) + + +/*! Maximal EC modulus size in words. */ +#define CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS 18 /*!< \internal [(CRYS_ECPKI_MODUL_MAX_LENGTH_IN_BITS + 31)/(sizeof(uint32_t)) + 1] */ +/*! Maximal EC order size in words. */ +#define CRYS_ECPKI_ORDER_MAX_LENGTH_IN_WORDS (CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS + 1) +/*! Maximal EC domain size in words. */ +#define CRYS_PKA_DOMAIN_BUFF_SIZE_IN_WORDS (2*CRYS_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS) + + +/*! ECC NAF buffer definitions */ +#define COUNT_NAF_WORDS_PER_KEY_WORD 8 /*!< \internal Change according to NAF representation (? 2)*/ +/*! Maximal ECC NAF length */ +#define CRYS_PKA_ECDSA_NAF_BUFF_MAX_LENGTH_IN_WORDS (COUNT_NAF_WORDS_PER_KEY_WORD*CRYS_ECPKI_ORDER_MAX_LENGTH_IN_WORDS + 1) + +#ifndef SSI_SUPPORT_ECC_SCA_SW_PROTECT +/* on fast SCA non protected mode required additional buffers for NAF key */ +/*! Scalar Buffer size in words */ +#define CRYS_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS (CRYS_PKA_ECDSA_NAF_BUFF_MAX_LENGTH_IN_WORDS+CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS+2) +#else +/*! Scalar Buffer size in words */ +#define CRYS_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS 1 /*(4*CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS)*/ +#endif +/*! ECC temp buffer size in words */ +#define CRYS_PKA_ECPKI_BUILD_TMP_BUFF_MAX_LENGTH_IN_WORDS (3*CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS+CRYS_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS) +/*! ECC sign temp buffer size in words */ +#define CRYS_PKA_ECDSA_SIGN_BUFF_MAX_LENGTH_IN_WORDS (6*CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS+CRYS_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS) +/*! ECC ecdh temp buffer size in words */ +#define CRYS_PKA_ECDH_BUFF_MAX_LENGTH_IN_WORDS (2*CRYS_ECPKI_ORDER_MAX_LENGTH_IN_WORDS + CRYS_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS) +/*! PKA KG temp buffer size in words */ +#define CRYS_PKA_KG_BUFF_MAX_LENGTH_IN_WORDS (2*CRYS_ECPKI_ORDER_MAX_LENGTH_IN_WORDS + CRYS_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS) +/*! ECC verify temp buffer size in words */ +#define CRYS_PKA_ECDSA_VERIFY_BUFF_MAX_LENGTH_IN_WORDS (3*CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS) + +/* *************************************************************************** */ +/*! Definitions of maximal size of modulus buffers for CRYS_EC_MONT and EC_EDW in bytes */ +#define CRYS_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_BYTES 32U /*!< \internal for Curve25519 */ +/*! Definitions of maximal size of modulus buffers for CRYS_EC_MONT and EC_EDW in words */ +#define CRYS_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_WORDS 8U /*!< \internal for Curve25519 */ +/*! ECC montgomery temp buffer size in words */ +#define CRYS_EC_MONT_TEMP_BUFF_SIZE_IN_32BIT_WORDS (8 * CRYS_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_WORDS) +/*! ECC edwards temp buffer size in words */ +#define CRYS_EC_EDW_TEMP_BUFF_SIZE_IN_32BIT_WORD (8*CRYS_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_WORDS + (sizeof(CRYS_HASHUserContext_t)+SASI_32BIT_WORD_SIZE-1)/SASI_32BIT_WORD_SIZE) + +/** +@} + */ +/** +@} + */ +#endif /*_CRYS_PKA_DEFS_HW_H_*/ + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_poly.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_poly.h new file mode 100644 index 0000000..7c5f218 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_poly.h @@ -0,0 +1,107 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +/*! +@file +@brief This file contains all of the enums and definitions that are used for the + CRYS POLY APIs, as well as the APIs themselves. +@defgroup crys_poly CryptoCell POLY APIs +@{ +@ingroup cryptocell_api + +*/ +#ifndef CRYS_POLY_H +#define CRYS_POLY_H + + +#include "ssi_pal_types.h" +#include "crys_error.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/************************ Defines ******************************/ +/*! POLY KEY size in words. */ +#define CRYS_POLY_KEY_SIZE_IN_WORDS 8 +/*! POLY KEY size in bytes. */ +#define CRYS_POLY_KEY_SIZE_IN_BYTES (CRYS_POLY_KEY_SIZE_IN_WORDS*SASI_32BIT_WORD_SIZE) + +/*! POLY MAC size in words. */ +#define CRYS_POLY_MAC_SIZE_IN_WORDS 4 +/*! POLY MAC size in bytes. */ +#define CRYS_POLY_MAC_SIZE_IN_BYTES (CRYS_POLY_MAC_SIZE_IN_WORDS*SASI_32BIT_WORD_SIZE) + +/************************ Typedefs ****************************/ + +/*! CHACHA MAC buffer definition. */ +typedef uint32_t CRYS_POLY_Mac_t[CRYS_POLY_MAC_SIZE_IN_WORDS]; + +/*! CHACHA key buffer definition. */ +typedef uint32_t CRYS_POLY_Key_t[CRYS_POLY_KEY_SIZE_IN_WORDS]; + +/************************ Public Functions **********************/ + +/****************************************************************************************************/ +/*! +@brief This function is used to perform the POLY MAC Calculation. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_poly_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_POLY( + CRYS_POLY_Key_t pKey, /*!< [in] A pointer to the user's key buffer. */ + uint8_t *pDataIn, /*!< [in] A pointer to the buffer of the input data to the CHACHA. + must not be null. */ + size_t dataInSize, /*!< [in] The size of the input data. must not be 0. */ + CRYS_POLY_Mac_t macRes /*!< [in/out] Pointer to the MAC result buffer.*/ +); + + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif /* #ifndef CRYS_POLY_H */ + + + + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_poly_error.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_poly_error.h new file mode 100644 index 0000000..0b89892 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_poly_error.h @@ -0,0 +1,89 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +#ifndef CRYS_POLY_ERROR_H +#define CRYS_POLY_ERROR_H + + +#include "crys_error.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! +@file +@brief This module contains the definitions of the CRYS POLY errors. +@defgroup crys_poly_error CryptoCell POLY specific errors +@{ +@ingroup crys_poly +*/ + + +/************************ Defines ******************************/ + +/*! The CRYS POLY module errors base address - 0x00F02500 */ +/*! Invalid key. */ +#define CRYS_POLY_KEY_INVALID_ERROR (CRYS_POLY_MODULE_ERROR_BASE + 0x01UL) +/*! Invalid input data. */ +#define CRYS_POLY_DATA_INVALID_ERROR (CRYS_POLY_MODULE_ERROR_BASE + 0x02UL) +/*! Illegal input data size. */ +#define CRYS_POLY_DATA_SIZE_INVALID_ERROR (CRYS_POLY_MODULE_ERROR_BASE + 0x03UL) +/*! MAC calculation error. */ +#define CRYS_POLY_MAC_CALCULATION_ERROR (CRYS_POLY_MODULE_ERROR_BASE + 0x04UL) + +/************************ Enums ********************************/ + +/************************ Typedefs ****************************/ + +/************************ Structs *****************************/ + +/************************ Public Variables *********************/ + +/************************ Public Functions *********************/ + +#ifdef __cplusplus +} +#endif + + +/** +@} + */ + +#endif + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rnd.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rnd.h new file mode 100644 index 0000000..12ba8ec --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rnd.h @@ -0,0 +1,380 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + + +#ifndef CRYS_RND_H +#define CRYS_RND_H + +#include "crys_error.h" +#include "ssi_aes.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! +@file +@brief This file contains the CRYS APIs used for random number generation. +The random-number generation module implements referenced standard [SP800-90]. +@defgroup crys_rnd CryptoCell Random Generator APIs +@{ +@ingroup cryptocell_api +*/ + +/************************ Defines ******************************/ + +/*! Maximal reseed counter - indicates maximal number of +requests allowed between reseeds; according to NIST 800-90 +it is (2^48 - 1), our restriction is : (0xFFFFFFFF - 0xF).*/ +#define CRYS_RND_MAX_RESEED_COUNTER (0xFFFFFFFF - 0xF) + +/* Max size for one RNG generation (in bits) = + max_num_of_bits_per_request = 2^19 (FIPS 800-90 Tab.3) */ +/*! Maximal size of generated vector in bits. */ +#define CRYS_RND_MAX_GEN_VECTOR_SIZE_BITS 0x7FFFF +/*! Maximal size of generated vector in bytes. */ +#define CRYS_RND_MAX_GEN_VECTOR_SIZE_BYTES 0xFFFF + +/*! AES output block size in words. */ +#define CRYS_RND_AES_BLOCK_SIZE_IN_WORDS SASI_AES_BLOCK_SIZE_IN_WORDS + + +/* RND seed and additional input sizes */ +/*! Maximal size of random seed in words. */ +#define CRYS_RND_SEED_MAX_SIZE_WORDS 12 + +#ifndef CRYS_RND_ADDITINAL_INPUT_MAX_SIZE_WORDS +/*! Maximal size of additional input data in words. */ +#define CRYS_RND_ADDITINAL_INPUT_MAX_SIZE_WORDS CRYS_RND_SEED_MAX_SIZE_WORDS +#endif + +/* allowed sizes of AES Key, in words */ +/*! AES key size (128 bits) in words. */ +#define CRYS_RND_AES_KEY_128_SIZE_WORDS 4 +/*! AES key size (192 bits) in words. */ +#define CRYS_RND_AES_KEY_192_SIZE_WORDS 6 +/*! AES key size (256 bits) in words. */ +#define CRYS_RND_AES_KEY_256_SIZE_WORDS 8 + +/* Definitions of temp buffer for RND_DMA version of CRYS_RND */ +/*******************************************************************/ +/* Definitions of temp buffer for DMA version of CRYS_RND */ + +/*! Temporary buffer size in words. */ +#define CRYS_RND_WORK_BUFFER_SIZE_WORDS 1528 + +/*! A definition for RAM buffer to be internally used in instantiation (or reseeding) operation. */ +typedef struct +{ + /*! Internal buffer*/ + uint32_t crysRndWorkBuff[CRYS_RND_WORK_BUFFER_SIZE_WORDS]; +}CRYS_RND_WorkBuff_t; + +/*! A definition for entropy estimation data type. */ +#define CRYS_RND_EntropyEstimatData_t CRYS_RND_WorkBuff_t +/*! A definition for entropy estimation buffer. */ +#define crysRndEntrIntBuff crysRndWorkBuff + + +/* RND source buffer inner (entrpopy) offset */ +/*! An internal offset definition. */ +#define CRYS_RND_TRNG_SRC_INNER_OFFSET_WORDS 2 +/*! An internal offset definition. */ +#define CRYS_RND_TRNG_SRC_INNER_OFFSET_BYTES (CRYS_RND_TRNG_SRC_INNER_OFFSET_WORDS*sizeof(uint32_t)) + + + + +/* Size of the expected output buffer used by FIPS KAT */ +/*! FIPS Known answer test output size. */ +#define CRYS_PRNG_FIPS_KAT_OUT_DATA_SIZE 64 + +/************************ Enumerators ****************************/ + +/*! Definition of random operation modes. */ +typedef enum +{ + /*! SW entropy estimation mode. */ + CRYS_RND_Fast = 0, + /*! Full entropy mode. */ + CRYS_RND_Slow = 1, + /*! Reserved. */ + CRYS_RND_ModeLast = 0x7FFFFFFF, +} CRYS_RND_mode_t; + + + +/************************ Structs *****************************/ + + +/* The internal state of DRBG mechanism based on AES CTR and CBC-MAC + algorithms. It is set as global data defined by the following + structure */ +/*! RND state structure. Includes internal data that needs to be saved between boots by the user.*/ +typedef struct +{ + /* Seed buffer, consists from concatenated Key||V: max size 12 words */ + /*! Random Seed buffer */ + uint32_t Seed[CRYS_RND_SEED_MAX_SIZE_WORDS]; + /* Previous value for continuous test */ + /*! Previous random data (used for continuous test). */ + uint32_t PreviousRandValue[SASI_AES_BLOCK_SIZE_IN_WORDS]; + + /* AdditionalInput buffer max size = seed max size words + 4w for padding*/ + /*! Previous additional input buffer. */ + uint32_t PreviousAdditionalInput[CRYS_RND_ADDITINAL_INPUT_MAX_SIZE_WORDS+5]; + /*! Additional input buffer. */ + uint32_t AdditionalInput[CRYS_RND_ADDITINAL_INPUT_MAX_SIZE_WORDS+4]; + /*! Additional input size in words. */ + uint32_t AddInputSizeWords; /* size of additional data set by user, words */ + + /*! Entropy source size in words */ + uint32_t EntropySourceSizeWords; + + /*! Reseed counter (32 bits active) - indicates number of requests for entropy + since instantiation or reseeding */ + uint32_t ReseedCounter; + + /*! Key size: 4 or 8 words according to security strength 128 bits or 256 bits*/ + uint32_t KeySizeWords; + + /* State flag (see definition of StateFlag above), containing bit-fields, defining: + - b'0: instantiation steps: 0 - not done, 1 - done; + - 2b'9,8: working or testing mode: 0 - working, 1 - KAT DRBG test, 2 - + KAT TRNG test; + b'16: flag defining is Previous random valid or not: + 0 - not valid, 1 - valid */ + /*! State flag used internally in the code.*/ + uint32_t StateFlag; + + /* Trng processing flag - indicates which ROSC lengths are: + - allowed (bits 0-3); + - total started (bits 8-11); + - processed (bits 16-19); + - started, but not processed (bits24-27) */ + /*! TRNG process state used internally in the code */ + uint32_t TrngProcesState; + + /* validation tag */ + /*! Validation tag used internally in the code */ + uint32_t ValidTag; + + /*! Rnd source entropy size in bits */ + uint32_t EntropySizeBits; + +} CRYS_RND_State_t; + + +/*! The RND Generate vector function pointer type definition. + The prototype intendent for External and CRYS internal RND functions + pointers definitions. + Full description can be found in ::CRYS_RND_GenerateVector function API. */ +typedef uint32_t (*SaSiRndGenerateVectWorkFunc_t)( \ + void *rndState_ptr, /*context*/ \ + uint16_t outSizeBytes, /*in*/ \ + uint8_t *out_ptr /*out*/); + + + +/*! Data structure required for internal FIPS verification for PRNG KAT. */ +typedef struct +{ + /*! Internal working buffer. */ + CRYS_RND_WorkBuff_t rndWorkBuff; + /*! Output buffer. */ + uint8_t rndOutputBuff[CRYS_PRNG_FIPS_KAT_OUT_DATA_SIZE]; +} CRYS_PrngFipsKatCtx_t; + + +/*****************************************************************************/ +/********************** Public Functions *************************/ +/*****************************************************************************/ + +/*! +@brief This function initializes the RND context. +It must be called at least once prior to using this context with any API that requires it as a parameter (e.g., other RND APIs, asymmetric +cryptography key generation and signatures). +It is called as part of ARM TrustZone CryptoCell library initialization, which initializes and returns the primary RND context. +This primary context can be used as a single global context for all RND needs. +Alternatively, other contexts may be initialized and used with a more limited scope (for specific applications or specific threads). +The call to this function must be followed by a call to ::CRYS_RND_SetGenerateVectorFunc API to set the generate vector function. +It implements referenced standard [SP800-90] - 10.2.1.3.2 - CTR-DRBG Instantiate algorithm using AES (FIPS-PUB 197) and Derivation Function (DF). +\note Additional data can be mixed with the random seed (personalization data or nonce). If required, this data should be provided by calling ::CRYS_RND_AddAdditionalInput prior to using this API. + +@return CRYS_OK on success. +@return A non-zero value from crys_rnd_error.h on failure. +*/ +CIMPORT_C CRYSError_t CRYS_RND_Instantiation( + void *rndState_ptr, /*!< [in/out] Pointer to the RND state buffer allocated by the user, which is used to + maintain the RND state. This context state must be saved and provided as a + parameter to any API that uses the RND module. + \note the context must be cleared before sent to the function. */ + CRYS_RND_WorkBuff_t *rndWorkBuff_ptr /*!< [in/out] Scratchpad for the RND module's work. */ +); + + +/*! +@brief Clears existing RNG instantiation state. + +@return CRYS_OK on success. +@return A non-zero value from crys_rnd_error.h on failure. +*/ +CIMPORT_C CRYSError_t CRYS_RND_UnInstantiation( + void *rndState_ptr /*!< [in/out] Pointer to the RND context state buffer. */ +); + + +/*! +@brief This function is used for reseeding the RNG with additional entropy and additional user-provided input. +(additional data should be provided by calling ::CRYS_RND_AddAdditionalInput prior to using this API). +It implements referenced standard [SP800-90] - 10.2.1.4.2 - CTR-DRBG Reseeding algorithm, using AES (FIPS-PUB 197) and Derivation Function (DF). + +@return CRYS_OK on success. +@return A non-zero value from crys_rnd_error.h on failure. +*/ +CIMPORT_C CRYSError_t CRYS_RND_Reseeding( + void *rndState_ptr, /*!< [in/out] Pointer to the RND context buffer. */ + CRYS_RND_WorkBuff_t *rndWorkBuff_ptr /*!< [in/out] Scratchpad for the RND module's work. */ +); + + +/****************************************************************************************/ +/*! +@brief Generates a random vector according to the algorithm defined in referenced standard [SP800-90] - 10.2.1.5.2 - CTR-DRBG. +The generation algorithm uses AES (FIPS-PUB 197) and Derivation Function (DF). + +\note +
    • The RND module must be instantiated prior to invocation of this API.
      • +
    • In the following cases, Reseeding operation must be performed prior to vector generation:
      • +
      • Prediction resistance is required.
        • +
      • The function returns CRYS_RND_RESEED_COUNTER_OVERFLOW_ERROR, stating that the Reseed Counter has passed its upper-limit (2^32-2).
    + +@return CRYS_OK on success. +@return A non-zero value from crys_rnd_error.h on failure. +*/ +CIMPORT_C CRYSError_t CRYS_RND_GenerateVector( + void *rndState_ptr, /*!< [in/out] Pointer to the RND state structure, which is part of the RND context structure. + Use rndContext->rndState field of the context for this parameter. */ + uint16_t outSizeBytes, /*!< [in] The size in bytes of the random vector required. The maximal size is 2^16 -1 bytes. */ + uint8_t *out_ptr /*!< [out] The pointer to output buffer. */ +); + + + +/**********************************************************************************************************/ +/*! +@brief Generates a random vector with specific limitations by testing candidates (described and used in FIPS 186-4: B.1.2, B.4.2 etc.). + +This function draws a random vector, compare it to the range limits, and if within range - return it in rndVect_ptr. +If outside the range, the function continues retrying until a conforming vector is found, or the maximal retries limit is exceeded. +If maxVect_ptr is provided, rndSizeInBits specifies its size, and the output vector must conform to the range [1 < rndVect < maxVect]. +If maxVect_ptr is NULL, rndSizeInBits specifies the exact required vector size, and the output vector must be the exact same +bit size (with its most significant bit = 1). +\note +The RND module must be instantiated prior to invocation of this API. + +@return CRYS_OK on success. +@return A non-zero value from crys_rnd_error.h on failure. +*/ +CIMPORT_C CRYSError_t CRYS_RND_GenerateVectorInRange( + void *rndState_ptr, /*!< [in/out] Pointer to the RND state structure. */ + SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to the random vector generation function. */ + uint32_t rndSizeInBits, /*!< [in] The size in bits of the random vector required. The allowed size in range 2 <= rndSizeInBits < 2^19-1, bits. */ + uint8_t *maxVect_ptr, /*!< [in] Pointer to the vector defining the upper limit for the random vector output, Given as little-endian byte array. + If not NULL, its actual size is treated as [(rndSizeInBits+7)/8] bytes and its value must be in range (3, 2^19) */ + uint8_t *rndVect_ptr /*!< [in/out] Pointer to the output buffer for the random vector. Must be at least [(rndSizeInBits+7)/8] bytes. + Treated as little-endian byte array. */ +); + + +/*************************************************************************************/ +/*! +@brief Used for adding additional input/personalization data provided by the user, +to be later used by the ::CRYS_RND_Instantiation/::CRYS_RND_Reseeding/::CRYS_RND_GenerateVector functions. + +@return CRYS_OK on success. +@return A non-zero value from crys_rnd_error.h on failure. +*/ +CIMPORT_C CRYSError_t CRYS_RND_AddAdditionalInput( + void *rndState_ptr, /*!< [in/out] Pointer to the RND context state buffer. */ + uint8_t *additonalInput_ptr, /*!< [in] The Additional Input buffer. */ + uint16_t additonalInputSize /*!< [in] The size of the Additional Input buffer. It must + be <= CRYS_RND_ADDITINAL_INPUT_MAX_SIZE_WORDS and a multiple of 4. */ +); + +/*! +@brief The CRYS_RND_EnterKatMode function sets KAT mode bit into StateFlag of global CRYS_RND_WorkingState structure. + +The user must call this function before calling functions performing KAT tests. + +\note Total size of entropy and nonce must be not great than 126 words (maximal size of entropy and nonce). + +@return CRYS_OK on success. +@return A non-zero value from crys_rnd_error.h on failure. +*/ +CIMPORT_C CRYSError_t CRYS_RND_EnterKatMode( + void *rndState_ptr, /*!< [in/out] Pointer to the RND context state buffer. */ + uint8_t *entrData_ptr, /*!< [in] Entropy data. */ + uint32_t entrSize, /*!< [in] Entropy size in bytes. */ + uint8_t *nonce_ptr, /*!< [in] Nonce. */ + uint32_t nonceSize, /*!< [in] Entropy size in bytes. */ + CRYS_RND_WorkBuff_t *workBuff_ptr /*!< [out] RND working buffer, must be the same buffer, which should be passed into + Instantiation/Reseeding functions. */ +); + +/**********************************************************************************************************/ +/*! +@brief The CRYS_RND_DisableKatMode function disables KAT mode bit into StateFlag of global CRYS_RND_State_t structure. + +The user must call this function after KAT tests before actual using RND module (Instantiation etc.). + +@return CRYS_OK on success. +@return A non-zero value from crys_rnd_error.h on failure. +*/ +CIMPORT_C void CRYS_RND_DisableKatMode( + void *rndState_ptr /*!< [in/out] Pointer to the RND state buffer. */ +); + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif /* #ifndef CRYS_RND_H */ + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rnd_error.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rnd_error.h new file mode 100644 index 0000000..a38f3bc --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rnd_error.h @@ -0,0 +1,153 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + + +#ifndef CRYS_RND_ERROR_H +#define CRYS_RND_ERROR_H + +#include "crys_error.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/*! +@file +@brief This module contains the definitions of the CRYS RND errors. +@defgroup crys_rnd_error CryptoCell RND specific errors +@{ +@ingroup crys_rnd +*/ + + + +/************************ Defines ******************************/ +/*! RND module on the CRYS layer base address - 0x00F00C00 */ + +/*! Illegal output pointer.*/ +#define CRYS_RND_DATA_OUT_POINTER_INVALID_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x0UL) +/*! Random generation in range failed .*/ +#define CRYS_RND_CAN_NOT_GENERATE_RAND_IN_RANGE (CRYS_RND_MODULE_ERROR_BASE + 0x1UL) +/*! CPRNGT test failed.*/ +#define CRYS_RND_CPRNG_TEST_FAIL_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x2UL) +/*! Illegal additional data buffer. */ +#define CRYS_RND_ADDITIONAL_INPUT_BUFFER_NULL (CRYS_RND_MODULE_ERROR_BASE + 0x3UL) +/*! Illegal additional data size. */ +#define CRYS_RND_ADDITIONAL_INPUT_SIZE_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x4UL) +/*! Data size overflow. */ +#define CRYS_RND_DATA_SIZE_OVERFLOW_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x5UL) +/*! Illegal vector size. */ +#define CRYS_RND_VECTOR_SIZE_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x6UL) +/*! Reseed counter overflow - in case this error was returned instantiation or reseeding operation must be called. */ +#define CRYS_RND_RESEED_COUNTER_OVERFLOW_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x7UL) +/*! Instantiation was not yet called. */ +#define CRYS_RND_INSTANTIATION_NOT_DONE_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x8UL) +/*! TRNG loss of samples. */ +#define CRYS_RND_TRNG_LOSS_SAMPLES_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x9UL) +/*! TRNG Time exceeded limitations. */ +#define CRYS_RND_TRNG_TIME_EXCEED_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0xAUL) +/*! TRNG loss of samples and time exceeded limitations. */ +#define CRYS_RND_TRNG_LOSS_SAMPLES_AND_TIME_EXCEED_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0xBUL) +/*! RND is in Known Answer Test mode. */ +#define CRYS_RND_IS_KAT_MODE_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0xCUL) +/*! RND operation not supported. */ +#define CRYS_RND_OPERATION_IS_NOT_SUPPORTED_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0xDUL) +/*! RND validity check failed. */ +#define CRYS_RND_STATE_VALIDATION_TAG_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0xEUL) +/*! RND is not supported. */ +#define CRYS_RND_IS_NOT_SUPPORTED (CRYS_RND_MODULE_ERROR_BASE + 0xFUL) + +/*! Illegal generate vector function pointer. */ +#define CRYS_RND_GEN_VECTOR_FUNC_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x14UL) + +/*! Illegal work buffer pointer. */ +#define CRYS_RND_WORK_BUFFER_PTR_INVALID_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x20UL) +/*! Illegal AES key size. */ +#define CRYS_RND_ILLEGAL_AES_KEY_SIZE_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x21UL) +/*! Illegal data pointer. */ +#define CRYS_RND_ILLEGAL_DATA_PTR_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x22UL) +/*! Illegal data size. */ +#define CRYS_RND_ILLEGAL_DATA_SIZE_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x23UL) +/*! Illegal parameter. */ +#define CRYS_RND_ILLEGAL_PARAMETER_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x24UL) +/*! Illegal RND state pointer. */ +#define CRYS_RND_STATE_PTR_INVALID_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x25UL) +/*! TRNG errors. */ +#define CRYS_RND_TRNG_ERRORS_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x26UL) +/*! Illegal context pointer. */ +#define CRYS_RND_CONTEXT_PTR_INVALID_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x27UL) + +/*! Illegal output vector pointer. */ +#define CRYS_RND_VECTOR_OUT_PTR_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x30UL) +/*! Illegal output vector size. */ +#define CRYS_RND_VECTOR_OUT_SIZE_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x31UL) +/*! Maximal vector size is too small. */ +#define CRYS_RND_MAX_VECTOR_IS_TOO_SMALL_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x32UL) +/*! Illegal Known Answer Tests parameters. */ +#define CRYS_RND_KAT_DATA_PARAMS_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x33UL) +/*! TRNG Known Answer Test not supported. */ +#define CRYS_RND_TRNG_KAT_NOT_SUPPORTED_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x34UL) +/*! SRAM memory is not defined. */ +#define CRYS_RND_SRAM_NOT_SUPPORTED_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x35UL) +/*! AES operation failure. */ +#define CRYS_RND_AES_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x36UL) + + +/************************ Enums ********************************/ + + +/************************ Typedefs ****************************/ + + +/************************ Structs ******************************/ + + +/************************ Public Variables **********************/ + + +/************************ Public Functions **********************/ + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rsa_build.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rsa_build.h new file mode 100644 index 0000000..c522aa3 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rsa_build.h @@ -0,0 +1,152 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + +#ifndef CRYS_RSA_BUILD_H +#define CRYS_RSA_BUILD_H + + +#include "crys_error.h" +#include "crys_rsa_types.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! +@defgroup crys_rsa CryptoCell RSA APIs +@{ +@ingroup cryptocell_api +@brief This group is the cryptocell ECC root group +@} + +@file +@brief This module defines some utility functions for working with RSA cryptography. +@defgroup crys_rsa_build CryptoCell RSA Utility APIs +@{ +@ingroup crys_rsa +*/ + +/******************************************************************************************/ +/*! +@brief Builds a ::CRYSRSAPubKey_t public key structure with the provided modulus and exponent. + +@return CRYS_OK on success. +@return A non-zero value from crys_rsa_error.h on failure. +*/ +CIMPORT_C CRYSError_t CRYS_RSA_Build_PubKey( + CRYS_RSAUserPubKey_t *UserPubKey_ptr, /*!< [out] Pointer to the public key structure. */ + uint8_t *Exponent_ptr, /*!< [in] Pointer to the exponent stream of bytes (Big-Endian format). */ + uint16_t ExponentSize, /*!< [in] The size of the exponent (in bytes). */ + uint8_t *Modulus_ptr, /*!< [in] Pointer to the modulus stream of bytes (Big-Endian format). + The most significant bit (MSB) must be set to '1'. */ + uint16_t ModulusSize /*!< [in] The modulus size in bytes. Supported sizes are 64, 128, 256, 384 and 512. */ +); + + +/******************************************************************************************/ +/*! +@brief Builds a ::CRYSRSAPrivKey_t private key structure with the provided modulus and exponent, marking the key as a non-CRT key. + +@return CRYS_OK on success. +@return A non-zero value from crys_rsa_error.h on failure. +*/ +CIMPORT_C CRYSError_t CRYS_RSA_Build_PrivKey( + CRYS_RSAUserPrivKey_t *UserPrivKey_ptr, /*!< [out] Pointer to the public key structure.*/ + uint8_t *PrivExponent_ptr, /*!< [in] Pointer to the private exponent stream of bytes (Big-Endian format). */ + uint16_t PrivExponentSize, /*!< [in] The size of the private exponent (in bytes). */ + uint8_t *PubExponent_ptr, /*!< [in] Pointer to the public exponent stream of bytes (Big-Endian format). */ + uint16_t PubExponentSize, /*!< [in] The size of the public exponent (in bytes). */ + uint8_t *Modulus_ptr, /*!< [in] Pointer to the modulus stream of bytes (Big-Endian format). + The most significant bit must be set to '1'. */ + uint16_t ModulusSize /*!< [in] The modulus size in bytes. Supported sizes are 64, 128, 256, 384 and 512. */ +); + +/******************************************************************************************/ +/*! +@brief Builds a ::CRYSRSAPrivKey_t private key structure with the provided parameters, marking the key as a CRT key. + +@return CRYS_OK on success. +@return A non-zero value from crys_rsa_error.h on failure. +*/ +CIMPORT_C CRYSError_t CRYS_RSA_Build_PrivKeyCRT( + CRYS_RSAUserPrivKey_t *UserPrivKey_ptr, /*!< [out] Pointer to the public key structure. */ + uint8_t *P_ptr, /*!< [in] Pointer to the first factor stream of bytes (Big-Endian format). */ + uint16_t PSize, /*!< [in] The size of the first factor (in bytes). */ + uint8_t *Q_ptr, /*!< [in] Pointer to the second factor stream of bytes (Big-Endian format). */ + uint16_t QSize, /*!< [in] The size of the second factor (in bytes). */ + uint8_t *dP_ptr, /*!< [in] Pointer to the first factor's CRT exponent stream of bytes + (Big-Endian format). */ + uint16_t dPSize, /*!< [in] The size of the first factor's CRT exponent (in bytes). */ + uint8_t *dQ_ptr, /*!< [in] Pointer to the second factor's CRT exponent stream of bytes + (Big-Endian format). */ + uint16_t dQSize, /*!< [in] The size of the second factor's CRT exponent (in bytes). */ + uint8_t *qInv_ptr, /*!< [in] Pointer to the first CRT coefficient stream of bytes (Big-Endian format). */ + uint16_t qInvSize /*!< [in] The size of the first CRT coefficient (in bytes). */ +); + + +/******************************************************************************************/ +/*! +@brief The function gets the e,n public key parameters from the input +CRYS_RSAUserPubKey_t structure. The function can also be used to retrieve the +modulus and exponent sizes only (Exponent_ptr AND Modulus_ptr must be set to +NULL). + +\note All members of input UserPubKey_ptr structure must be initialized. + +@return CRYS_OK on success. +@return A non-zero value from crys_rsa_error.h on failure. +*/ +CIMPORT_C CRYSError_t CRYS_RSA_Get_PubKey( + CRYS_RSAUserPubKey_t *UserPubKey_ptr, /*!< [in] A pointer to the public key structure. */ + uint8_t *Exponent_ptr, /*!< [out] A pointer to the exponent stream of bytes (Big-Endian format). */ + uint16_t *ExponentSize_ptr, /*!< [in/out] the size of the exponent buffer in bytes, + it is updated to the actual size of the exponent, in bytes. */ + uint8_t *Modulus_ptr, /*!< [out] A pointer to the modulus stream of bytes (Big-Endian format). + The MS (most significant) bit must be set to '1'. */ + uint16_t *ModulusSize_ptr /*!< [in/out] the size of the modulus buffer in bytes, it is updated to the actual + size of the modulus, in bytes. */ +); + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rsa_error.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rsa_error.h new file mode 100644 index 0000000..a8468ff --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rsa_error.h @@ -0,0 +1,277 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + + #ifndef CRYS_RSA_ERROR_H +#define CRYS_RSA_ERROR_H + + +#include "crys_error.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! @file +@brief This module contains the definitions of the CRYS RSA errors. +@defgroup crys_rsa_error CryptoCell RSA specific errors +@{ +@ingroup crys_rsa +*/ + +/************************ Defines ******************************/ + +/*! CRYS RSA module on the CRYS layer base address - 0x00F00400 */ + +/*! The CRYS RSA module errors */ +/*! Illegal modulus size. */ +#define CRYS_RSA_INVALID_MODULUS_SIZE (CRYS_RSA_MODULE_ERROR_BASE + 0x0UL) +/*! Illegal modulus pointer. */ +#define CRYS_RSA_INVALID_MODULUS_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x1UL) +/*! Illegal exponent pointer. */ +#define CRYS_RSA_INVALID_EXPONENT_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x2UL) +/*! Illegal public key structure pointer. */ +#define CRYS_RSA_INVALID_PUB_KEY_STRUCT_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x3UL) +/*! Illegal private key structure pointer. */ +#define CRYS_RSA_INVALID_PRIV_KEY_STRUCT_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x4UL) +/*! Illegal exponent value. */ +#define CRYS_RSA_INVALID_EXPONENT_VAL (CRYS_RSA_MODULE_ERROR_BASE + 0x5UL) +/*! Illegal exponent size. */ +#define CRYS_RSA_INVALID_EXPONENT_SIZE (CRYS_RSA_MODULE_ERROR_BASE + 0x6UL) +/*! Illegal CRT first factor pointer (P_ptr) . */ +#define CRYS_RSA_INVALID_CRT_FIRST_FACTOR_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x7UL) +/*! Illegal CRT second factor pointer (Q_ptr) . */ +#define CRYS_RSA_INVALID_CRT_SECOND_FACTOR_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x8UL) +/*! Illegal CRT first exponent factor pointer (dP_ptr) . */ +#define CRYS_RSA_INVALID_CRT_FIRST_FACTOR_EXP_PTR_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x9UL) +/*! Illegal CRT second exponent factor pointer (dQ_ptr) . */ +#define CRYS_RSA_INVALID_CRT_SECOND_FACTOR_EXP_PTR_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0xAUL) +/*! Illegal CRT coefficient pointer (qInv_ptr) . */ +#define CRYS_RSA_INVALID_CRT_COEFFICIENT_PTR_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0xBUL) +/*! Illegal CRT first factor size (Psize). */ +#define CRYS_RSA_INVALID_CRT_FIRST_FACTOR_SIZE (CRYS_RSA_MODULE_ERROR_BASE + 0xCUL) +/*! Illegal CRT second factor size (Qsize). */ +#define CRYS_RSA_INVALID_CRT_SECOND_FACTOR_SIZE (CRYS_RSA_MODULE_ERROR_BASE + 0xDUL) +/*! Illegal CRT first and second factor size (Psize + Qsize). */ +#define CRYS_RSA_INVALID_CRT_FIRST_AND_SECOND_FACTOR_SIZE (CRYS_RSA_MODULE_ERROR_BASE + 0xEUL) +/*! Illegal CRT first factor exponent value (dP). */ +#define CRYS_RSA_INVALID_CRT_FIRST_FACTOR_EXPONENT_VAL (CRYS_RSA_MODULE_ERROR_BASE + 0xFUL) +/*! Illegal CRT first factor exponent value (dQ). */ +#define CRYS_RSA_INVALID_CRT_SECOND_FACTOR_EXPONENT_VAL (CRYS_RSA_MODULE_ERROR_BASE + 0x10UL) +/*! Illegal CRT coefficient value (qInv). */ +#define CRYS_RSA_INVALID_CRT_COEFF_VAL (CRYS_RSA_MODULE_ERROR_BASE + 0x11UL) +/*! Illegal data in. */ +#define CRYS_RSA_DATA_POINTER_INVALID_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x12UL) +/*! Illegal message data size. */ +#define CRYS_RSA_INVALID_MESSAGE_DATA_SIZE (CRYS_RSA_MODULE_ERROR_BASE + 0x13UL) +/*! Illegal message value. */ +#define CRYS_RSA_INVALID_MESSAGE_VAL (CRYS_RSA_MODULE_ERROR_BASE + 0x14UL) + +/*! Modulus even error. */ +#define CRYS_RSA_MODULUS_EVEN_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x15UL) +/*! Illegal context pointer. */ +#define CRYS_RSA_INVALID_USER_CONTEXT_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x16UL) +/*! Illegal hash operation mode. */ +#define CRYS_RSA_HASH_ILLEGAL_OPERATION_MODE_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x17UL) +/*! Illegal MGF value. */ +#define CRYS_RSA_MGF_ILLEGAL_ARG_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x18UL) +/*! Illegal PKCS1 version. */ +#define CRYS_RSA_PKCS1_VER_ARG_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x19UL) + +/*! Invalid private key. */ +#define CRYS_RSA_PRIV_KEY_VALIDATION_TAG_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x1AUL) +/*! Invalid public key. */ +#define CRYS_RSA_PUB_KEY_VALIDATION_TAG_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x1BUL) +/*! Invalid context. */ +#define CRYS_RSA_USER_CONTEXT_VALIDATION_TAG_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x1CUL) +/*! Illegal output pointer. */ +#define CRYS_RSA_INVALID_OUTPUT_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x1DUL) +/*! Illegal output size pointer. */ +#define CRYS_RSA_INVALID_OUTPUT_SIZE_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x1FUL) +/*! Illegal temporary buffer pointer. */ +#define CRYS_RSA_CONV_TO_CRT_INVALID_TEMP_BUFF_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x20UL) + +/*! OAEP encode parameter string is too long. */ +#define CRYS_RSA_BASE_OAEP_ENCODE_PARAMETER_STRING_TOO_LONG (CRYS_RSA_MODULE_ERROR_BASE + 0x22UL) +/*! OAEP decode parameter string is too long. */ +#define CRYS_RSA_BASE_OAEP_DECODE_PARAMETER_STRING_TOO_LONG (CRYS_RSA_MODULE_ERROR_BASE + 0x23UL) +/*! OAEP encode message is too long. */ +#define CRYS_RSA_BASE_OAEP_ENCODE_MESSAGE_TOO_LONG (CRYS_RSA_MODULE_ERROR_BASE + 0x24UL) +/*! OAEP decode message is too long. */ +#define CRYS_RSA_BASE_OAEP_DECODE_MESSAGE_TOO_LONG (CRYS_RSA_MODULE_ERROR_BASE + 0x25UL) +/*! Illegal key generation data struct pointer. */ +#define CRYS_RSA_KEY_GEN_DATA_STRUCT_POINTER_INVALID (CRYS_RSA_MODULE_ERROR_BASE + 0x26UL) +/*! Illegal PRIM data struct pointer. */ +#define CRYS_RSA_PRIM_DATA_STRUCT_POINTER_INVALID (CRYS_RSA_MODULE_ERROR_BASE + 0x27UL) +/*! Illegal message buffer size. */ +#define CRYS_RSA_INVALID_MESSAGE_BUFFER_SIZE (CRYS_RSA_MODULE_ERROR_BASE + 0x28UL) +/*! Illegal signature buffer size. */ +#define CRYS_RSA_INVALID_SIGNATURE_BUFFER_SIZE (CRYS_RSA_MODULE_ERROR_BASE + 0x29UL) +/*! Illegal modulus size pointer. */ +#define CRYS_RSA_INVALID_MOD_BUFFER_SIZE_POINTER (CRYS_RSA_MODULE_ERROR_BASE + 0x2AUL) +/*! Illegal exponent size pointer. */ +#define CRYS_RSA_INVALID_EXP_BUFFER_SIZE_POINTER (CRYS_RSA_MODULE_ERROR_BASE + 0x2BUL) +/*! Illegal signature pointer. */ +#define CRYS_RSA_INVALID_SIGNATURE_BUFFER_POINTER (CRYS_RSA_MODULE_ERROR_BASE + 0x2CUL) +/*! Wrong private key type. */ +#define CRYS_RSA_WRONG_PRIVATE_KEY_TYPE (CRYS_RSA_MODULE_ERROR_BASE + 0x2DUL) + +/*! Illegal CRT first factor size pointer (Psize) . */ +#define CRYS_RSA_INVALID_CRT_FIRST_FACTOR_SIZE_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x2EUL) +/*! Illegal CRT second factor size pointer (Qsize) . */ +#define CRYS_RSA_INVALID_CRT_SECOND_FACTOR_SIZE_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x2FUL) +/*! Illegal CRT first factor exponent size pointer (dPsize) . */ +#define CRYS_RSA_INVALID_CRT_FIRST_FACTOR_EXP_SIZE_PTR_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x30UL) +/*! Illegal CRT second factor exponent size pointer (dQsize) . */ +#define CRYS_RSA_INVALID_CRT_SECOND_FACTOR_EXP_SIZE_PTR_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x31UL) +/*! Illegal CRT coefficient size pointer (qInvsize) . */ +#define CRYS_RSA_INVALID_CRT_COEFFICIENT_SIZE_PTR_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x32UL) + +/*! Illegal CRT first factor size (Psize) . */ +#define CRYS_RSA_INVALID_CRT_FIRST_FACTOR_SIZE_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x33UL) +/*! Illegal CRT second factor size (Qsize) . */ +#define CRYS_RSA_INVALID_CRT_SECOND_FACTOR_SIZE_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x34UL) +/*! Illegal CRT first factor exponent size (dPsize) . */ +#define CRYS_RSA_INVALID_CRT_FIRST_FACTOR_EXP_SIZE_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x35UL) +/*! Illegal CRT second factor exponent size (dQsize) . */ +#define CRYS_RSA_INVALID_CRT_SECOND_FACTOR_EXP_SIZE_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x36UL) +/*! Illegal CRT coefficient size (qInvsize) . */ +#define CRYS_RSA_INVALID_CRT_COEFFICIENT_SIZE_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x37UL) +/*! Key generation conditional test failed. */ +#define CRYS_RSA_KEY_GEN_CONDITIONAL_TEST_FAIL_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x38UL) + +/*! Random generation in range failed. */ +#define CRYS_RSA_CAN_NOT_GENERATE_RAND_IN_RANGE (CRYS_RSA_MODULE_ERROR_BASE + 0x39UL) +/*! Illegal CRT parameter size. */ +#define CRYS_RSA_INVALID_CRT_PARAMETR_SIZE_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x3AUL) + +/*! Illegal modulus. */ +#define CRYS_RSA_INVALID_MODULUS_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x40UL) +/*! Illegal pointer. */ +#define CRYS_RSA_INVALID_PTR_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x41UL) +/*! Illegal decryption mode. */ +#define CRYS_RSA_INVALID_DECRYPRION_MODE_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x42UL) + +/*! Illegal generated private key. */ +#define CRYS_RSA_GENERATED_PRIV_KEY_IS_TOO_LOW (CRYS_RSA_MODULE_ERROR_BASE + 0x43UL) +/*! Key generation error. */ +#define CRYS_RSA_KEY_GENERATION_FAILURE_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x44UL) +/*! Internal error. */ +#define CRYS_RSA_INTERNAL_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x45UL) + + +/**************************************************************************************** + * PKCS#1 VERSION 1.5 ERRORS + ****************************************************************************************/ +/*! BER encoding passed. */ +#define CRYS_RSA_BER_ENCODING_OK CRYS_OK +/*! Error in BER parsing. */ +#define CRYS_RSA_ERROR_BER_PARSING (CRYS_RSA_MODULE_ERROR_BASE+0x51UL) +/*! Error in PKCS15 message. */ +#define CRYS_RSA_ENCODE_15_MSG_OUT_OF_RANGE (CRYS_RSA_MODULE_ERROR_BASE+0x52UL) +/*! Error in PKCS15 PS. */ +#define CRYS_RSA_ENCODE_15_PS_TOO_SHORT (CRYS_RSA_MODULE_ERROR_BASE+0x53UL) +/*! PKCS15 block type is not supported. */ +#define CRYS_RSA_PKCS1_15_BLOCK_TYPE_NOT_SUPPORTED (CRYS_RSA_MODULE_ERROR_BASE+0x54UL) +/*! Error in PKCS15 decrypted block parsing. */ +#define CRYS_RSA_15_ERROR_IN_DECRYPTED_BLOCK_PARSING (CRYS_RSA_MODULE_ERROR_BASE+0x55UL) +/*! Error in random operation. */ +#define CRYS_RSA_ERROR_IN_RANDOM_OPERATION_FOR_ENCODE (CRYS_RSA_MODULE_ERROR_BASE+0x56UL) +/*! PKCS15 verification failed. */ +#define CRYS_RSA_ERROR_VER15_INCONSISTENT_VERIFY (CRYS_RSA_MODULE_ERROR_BASE+0x57UL) +/*! Illegal message size (in no hash operation case). */ +#define CRYS_RSA_INVALID_MESSAGE_DATA_SIZE_IN_NO_HASH_CASE (CRYS_RSA_MODULE_ERROR_BASE+0x58UL) +/*! Illegal message size. */ +#define CRYS_RSA_INVALID_MESSAGE_DATA_SIZE_IN_SSL_CASE (CRYS_RSA_MODULE_ERROR_BASE+0x59UL) +/*! PKCS#1 Ver 1.5 verify hash input inconsistent with hash mode derived from signature. */ +#define CRYS_RSA_PKCS15_VERIFY_BER_ENCODING_HASH_TYPE (CRYS_RSA_MODULE_ERROR_BASE+0x60UL) +/*! Illegal DER hash mode */ +#define CRYS_RSA_GET_DER_HASH_MODE_ILLEGAL (CRYS_RSA_MODULE_ERROR_BASE+0x61UL) + +/**************************************************************************************** + * PKCS#1 VERSION 2.1 ERRORS + ****************************************************************************************/ +/*! Illegal salt length. */ +#define CRYS_RSA_PSS_ENCODING_MODULUS_HASH_SALT_LENGTHS_ERROR (CRYS_RSA_MODULE_ERROR_BASE+0x80UL) +/*! Illegal MGF mask. */ +#define CRYS_RSA_BASE_MGF_MASK_TOO_LONG (CRYS_RSA_MODULE_ERROR_BASE+0x81UL) +/*! PSS verification failed. */ +#define CRYS_RSA_ERROR_PSS_INCONSISTENT_VERIFY (CRYS_RSA_MODULE_ERROR_BASE+0x82UL) +/*! OAEP message too long. */ +#define CRYS_RSA_OAEP_VER21_MESSAGE_TOO_LONG (CRYS_RSA_MODULE_ERROR_BASE+0x83UL) +/*! OAEP error in decrypted block parsing. */ +#define CRYS_RSA_ERROR_IN_DECRYPTED_BLOCK_PARSING (CRYS_RSA_MODULE_ERROR_BASE+0x84UL) +/*! OAEP decoding error. */ +#define CRYS_RSA_OAEP_DECODE_ERROR (CRYS_RSA_MODULE_ERROR_BASE+0x85UL) +/*! Error in decrypted data size. */ +#define CRYS_RSA_15_ERROR_IN_DECRYPTED_DATA_SIZE (CRYS_RSA_MODULE_ERROR_BASE+0x86UL) +/*! Error in decrypted data. */ +#define CRYS_RSA_15_ERROR_IN_DECRYPTED_DATA (CRYS_RSA_MODULE_ERROR_BASE+0x87UL) +/*! Illegal L pointer. */ +#define CRYS_RSA_OAEP_L_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE+0x88UL) +/*! Illegal output size. */ +#define CRYS_RSA_DECRYPT_INVALID_OUTPUT_SIZE (CRYS_RSA_MODULE_ERROR_BASE+0x89UL) +/*! Illegal output size pointer. */ +#define CRYS_RSA_DECRYPT_OUTPUT_SIZE_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE+0x8AUL) +/*! Illegal parameters. */ +#define CRYS_RSA_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x93UL) +/*! RSA is not supported. */ +#define CRYS_RSA_IS_NOT_SUPPORTED (CRYS_RSA_MODULE_ERROR_BASE+0xFFUL) + + +/************************ Enums ********************************/ + + +/************************ Typedefs ****************************/ + + +/************************ Structs ******************************/ + + +/************************ Public Variables **********************/ + + +/************************ Public Functions **********************/ + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rsa_kg.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rsa_kg.h new file mode 100644 index 0000000..401fb2e --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rsa_kg.h @@ -0,0 +1,129 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + + +#ifndef CRYS_RSA_KG_H +#define CRYS_RSA_KG_H + +#include "crys_rsa_types.h" +#include "crys_rnd.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! +@file +@brief Generates a RSA pair of public and private keys. +@defgroup crys_rsa_kg CryptoCell RSA key generation APIs +@{ +@ingroup crys_rsa +*/ + +/************************ Defines ******************************/ + +/* Max allowed size and values of public exponent for key generation in CRYS */ +/*! Maximal public exponent size in bits. */ +#define CRYS_RSA_KG_PUB_EXP_MAX_SIZE_BITS 17 +/*! Definition of public exponent value. */ +#define CRYS_RSA_KG_PUB_EXP_ALLOW_VAL_1 0x000003 +/*! Definition of public exponent value. */ +#define CRYS_RSA_KG_PUB_EXP_ALLOW_VAL_2 0x000011 +/*! Definition of public exponent value. */ +#define CRYS_RSA_KG_PUB_EXP_ALLOW_VAL_3 0x010001 + + + + +/***********************************************************************************************/ + +/*! +@brief CRYS_RSA_KG_GenerateKeyPair generates a Pair of public and private keys on non CRT mode according to [ANS X9.31]. + +\note To be FIPS 186-4 [5.1] compliant use only the following key sizes (in bits): 1024, 2048 and 3072. + +@return CRYS_OK on success. +@return A non-zero value from crys_rsa_error.h or crys_rnd_error.h on failure. + +*/ + +CIMPORT_C CRYSError_t CRYS_RSA_KG_GenerateKeyPair( + void *rndState_ptr, /*!< [in/out] Pointer to the RND state structure. */ + SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to the random vector generation function. */ + uint8_t *pubExp_ptr, /*!< [in] The pointer to the public exponent (public key). */ + uint16_t pubExpSizeInBytes, /*!< [in] The public exponent size in bytes. */ + uint32_t keySize, /*!< [in] The size of the key, in bits. Supported sizes are + 512, 1024, 2048, 3072 and 4096 bit. */ + CRYS_RSAUserPrivKey_t *userPrivKey_ptr, /*!< [out] Pointer to the private key structure. */ + CRYS_RSAUserPubKey_t *userPubKey_ptr, /*!< [out] Pointer to the public key structure. */ + CRYS_RSAKGData_t *keyGenData_ptr, /*!< [in] Pointer to a temporary structure required for the KeyGen operation. */ + CRYS_RSAKGFipsContext_t *pFipsCtx /*!< [in] Pointer to temporary buffer used in case FIPS certification if required. */ +); + +/***********************************************************************************************/ +/*! +@brief Generates a pair of public and private keys on CRT mode according to [ANS X9.31]. + +\note To be FIPS 186-4 [5.1] compliant use only the following key sizes (in bits): 1024, 2048 and 3072. + +@return CRYS_OK on success. +@return A non-zero value from crys_rsa_error.h or crys_rnd_error.h on failure. +*/ + +CIMPORT_C CRYSError_t CRYS_RSA_KG_GenerateKeyPairCRT( + void *rndState_ptr, /*!< [in/out] Pointer to the RND state structure. */ + SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to the random vector generation function. */ + uint8_t *pubExp_ptr, /*!< [in] The pointer to the public exponent (public key). */ + uint16_t pubExpSizeInBytes, /*!< [in] The public exponent size in bytes. */ + uint32_t keySize, /*!< [in] The size of the key, in bits. Supported sizes are + 512, 1024, 2048, 3072 and 4096 bit. */ + CRYS_RSAUserPrivKey_t *userPrivKey_ptr, /*!< [out] Pointer to the private key structure. */ + CRYS_RSAUserPubKey_t *userPubKey_ptr, /*!< [out] Pointer to the public key structure. */ + CRYS_RSAKGData_t *keyGenData_ptr, /*!< [in] Pointer to a temporary structure required for the KeyGen operation. */ + CRYS_RSAKGFipsContext_t *pFipsCtx /*!< [in] Pointer to temporary buffer used in case FIPS certification if required. */ +); + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rsa_prim.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rsa_prim.h new file mode 100644 index 0000000..2d2c3b4 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rsa_prim.h @@ -0,0 +1,125 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + +#ifndef CRYS_RSA_PRIM_H +#define CRYS_RSA_PRIM_H + +#include "crys_rsa_types.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! +@file +@brief This module defines the API that implements the [PKCS1_2.1] primitive functions. +@defgroup crys_rsa_prim CryptoCell RSA primitive APIs +@{ +@ingroup crys_rsa + + +\note Direct use of primitive functions, rather than schemes to protect data, is strongly discouraged as primitive functions are +susceptible to well-known attacks. +*/ + + + +/**********************************************************************************/ +/*! +@brief Implements the RSAEP algorithm, as defined in [PKCS1_2.1] - 6.1.1. + +@return CRYS_OK on success. +@return A non-zero value from crys_rsa_error.h on failure. + */ +CIMPORT_C CRYSError_t CRYS_RSA_PRIM_Encrypt( + CRYS_RSAUserPubKey_t *UserPubKey_ptr, /*!< [in] Pointer to the public key data structure. */ + CRYS_RSAPrimeData_t *PrimeData_ptr, /*!< [in] Pointer to a temporary structure containing internal buffers. */ + uint8_t *Data_ptr, /*!< [in] Pointer to the data to encrypt. */ + uint16_t DataSize, /*!< [in] The size (in bytes) of input data must be ≤ modulus size. If is smaller, + then the function padds it by zeros on left side up to the modulus size + and therefore, after further decrypt operation, its result will contain + zero-padding also. If the function is used for recovering the plain data + from result of inverse function (CRYS_RSA_PRIM_Decrypt), the input size + must be equal to modulus size exactly. */ + uint8_t *Output_ptr /*!< [out] Pointer to the encrypted data. The buffer size must be ≥ the modulus size. */ +); + + +/**********************************************************************************/ +/*! +@brief Implements the RSADP algorithm, as defined in [PKCS1_2.1] - 6.1.2. + +@return CRYS_OK on success. +@return A non-zero value from crys_rsa_error.h on failure. + +*/ +CIMPORT_C CRYSError_t CRYS_RSA_PRIM_Decrypt( + CRYS_RSAUserPrivKey_t *UserPrivKey_ptr, /*!< [in] Pointer to the private key data structure. + The key representation (pair or quintuple) and hence the RSA algorithm + (CRT or not-CRT) is determined by enum value in the structure + ::CRYS_RSA_Build_PrivKey or ::CRYS_RSA_Build_PrivKeyCRT. */ + CRYS_RSAPrimeData_t *PrimeData_ptr, /*!< [in] Pointer to a temporary structure containing internal buffers required for + the RSA operation. */ + uint8_t *Data_ptr, /*!< [in] Pointer to the data to be decrypted. */ + uint16_t DataSize, /*!< [in] The size (in bytes) of input data must be ≤ modulus size. + If the size is smaller (not recommendet), then the data will be zero-padded + by the function on left side up to the modulus size and therefore, after further + decrypt operation,its result will contain zero-padding also. If the function is used + for recovering the plain data from result of inverse function (CRYS_RSA_PRIM_Encrypt), + the input size must be equal to modulus size exactly. */ + uint8_t *Output_ptr /*!< [out] Pointer to the decrypted data. The buffer size must be ≤ the modulus size. */ +); + + +/*! +@brief Implements the RSASP1 algorithm, as defined in [PKCS1_2.1] - 6.2.1, as a call to ::CRYS_RSA_PRIM_Decrypt, +since the signature primitive is identical to the decryption primitive. +*/ +#define CRYS_RSA_PRIM_Sign CRYS_RSA_PRIM_Decrypt + +/*! +@brief Implements the RSAVP1 algorithm, as defined in [PKCS1_2.1] - 6.2.2, as a call to ::CRYS_RSA_PRIM_Encrypt. +*/ +#define CRYS_RSA_PRIM_Verify CRYS_RSA_PRIM_Encrypt + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rsa_schemes.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rsa_schemes.h new file mode 100644 index 0000000..ab35620 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rsa_schemes.h @@ -0,0 +1,521 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + +#ifndef CRYS_RSA_SCHEMES_H +#define CRYS_RSA_SCHEMES_H + + +#include "crys_error.h" +#include "crys_rsa_types.h" +#include "crys_rnd.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! +@file +@brief This module defines APIs that support [PKCS1_1.5] and [PKCS1_2.1] encryption and signature schemes. +@defgroup crys_rsa_schemes CryptoCell RSA encryption and signature schemes +@{ +@ingroup crys_rsa +*/ + +/**********************************************************************************************************/ +/*! +@brief This function implements the Encrypt algorithm, as defined in [PKCS1_2.1] and [PKCS1_1.5]. + +It should not be called directly. Instead, use macros ::CRYS_RSA_OAEP_Encrypt or ::CRYS_RSA_PKCS1v15_Encrypt. + +@return CRYS_OK on success. +@return A non-zero value from crys_rsa_error.h, crys_rnd_error.h or crys_hash_error.h on failure. +*/ +CIMPORT_C CRYSError_t SaSi_RsaSchemesEncrypt( + void *rndState_ptr, /*!< [in/out] Pointer to the RND state structure. */ + SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to the random vector generation function. */ + CRYS_RSAUserPubKey_t *UserPubKey_ptr, /*!< [in] Pointer to the public key data structure. */ + CRYS_RSAPrimeData_t *PrimeData_ptr, /*!< [in] Pointer to a temporary structure that is internally used as workspace for the + Encryption operation. */ + CRYS_RSA_HASH_OpMode_t hashFunc, /*!< [in] The HASH function to be used. One of the supported SHA-x HASH modes, as defined + in ::CRYS_RSA_HASH_OpMode_t (MD5 is not supported).*/ + uint8_t *L, /*!< [in] The label input pointer. Relevant for [PKCS1_2.1] only. NULL by default. + NULL for [PKCS1_1.5]. */ + uint16_t Llen, /*!< [in] The label length. Relevant for [PKCS1_2.1] only. Zero by default. + Must be <=2048. Zero for [PKCS1_1.5]. */ + CRYS_PKCS1_MGF_t MGF, /*!< [in] The mask generation function. [PKCS1_2.1] defines MGF1, so the only value + allowed here is CRYS_PKCS1_MGF1. */ + uint8_t *DataIn_ptr, /*!< [in] Pointer to the data to encrypt. */ + uint16_t DataInSize, /*!< [in] The size (in bytes) of the data to encrypt. The data size must be: + - For [PKCS1_2.1], DataSize <= modulus size - 2*HashLen - 2. + - For [PKCS1_1.5], DataSize <= modulus size - 11. */ + uint8_t *Output_ptr, /*!< [out] Pointer to the encrypted data. The buffer must be at least modulus size bytes long. */ + CRYS_PKCS1_version PKCS1_ver /*!< [in] [PKCS1_1.5] or [PKCS1_2.1], according to the functionality required. */ +); + +/*! + @brief + CRYS_RSA_OAEP_PSS21_Encrypt implements the RSAES-OAEP algorithm + as defined in PKCS#1 v2.1 8.1. + + \note It is not recommended to use hash MD5 in OAEP PKCS1 ver 2.1, therefore + it is not supported. + + This function combines the RSA encryption primitive and the + EME-OAEP encoding method, to provide an RSA-based encryption + method that is semantically secure against adaptive + chosen-ciphertext attacks. For additional details, please refer to + the PKCS#1 standard. +*/ +#define CRYS_RSA_OAEP_Encrypt(rndState_ptr, rndGenerateVectFunc, UserPubKey_ptr,PrimeData_ptr,HashMode,L,Llen,MGF,Data_ptr,DataSize,Output_ptr)\ + SaSi_RsaSchemesEncrypt(rndState_ptr, rndGenerateVectFunc, UserPubKey_ptr,PrimeData_ptr,HashMode,L,Llen,MGF,Data_ptr,DataSize,Output_ptr,CRYS_PKCS1_VER21) + +/*! + @brief + CRYS_RSA_PKCS1v15_Encrypt implements the RSAES-PKCS1v15 algorithm + as defined in PKCS#1 v2.1 8.2. +*/ +#define CRYS_RSA_PKCS1v15_Encrypt(rndState_ptr, rndGenerateVectFunc, UserPubKey_ptr,PrimeData_ptr,DataIn_ptr,DataInSize,Output_ptr)\ + SaSi_RsaSchemesEncrypt(rndState_ptr, rndGenerateVectFunc, UserPubKey_ptr,PrimeData_ptr,CRYS_RSA_HASH_NO_HASH_mode,NULL,0,CRYS_PKCS1_NO_MGF,DataIn_ptr, \ + DataInSize, Output_ptr,CRYS_PKCS1_VER15) + + +/**********************************************************************************************************/ +/*! +@brief This function implements the Decrypt algorithm, as defined in [PKCS1_2.1] and [PKCS1_1.5]. + +It should not be called directly. Instead, use macros ::CRYS_RSA_OAEP_Decrypt or ::CRYS_RSA_PKCS1v15_Decrypt. + +@return CRYS_OK on success. +@return A non-zero value from crys_rsa_error.h or crys_hash_error.h on failure. +*/ +CIMPORT_C CRYSError_t SaSi_RsaSchemesDecrypt( + CRYS_RSAUserPrivKey_t *UserPrivKey_ptr, /*!< [in] Pointer to the private key data structure of the user. */ + CRYS_RSAPrimeData_t *PrimeData_ptr, /*!< [in] Pointer to a temporary structure that is internally used as workspace + for the decryption operation. */ + CRYS_RSA_HASH_OpMode_t hashFunc, /*!< [in] The HASH function to be used. One of the supported SHA-x HASH modes, + as defined in ::CRYS_RSA_HASH_OpMode_t (MD5 is not supported). */ + uint8_t *L, /*!< [in] The label input pointer. Relevant for [PKCS1_2.1] only. NULL by default. + NULL for [PKCS1_1.5]. */ + uint16_t Llen, /*!< [in] The label length. Relevant for [PKCS1_2.1] only. Zero by default. + Zero for [PKCS1_1.5]. */ + CRYS_PKCS1_MGF_t MGF, /*!< [in] The mask generation function. [PKCS1_2.1] defines MGF1, so the only + value allowed here is CRYS_PKCS1_MGF1. */ + uint8_t *DataIn_ptr, /*!< [in] Pointer to the data to decrypt. */ + uint16_t DataInSize, /*!< [in] The size (in bytes) of the data to decrypt. DataSize must be ≤ + the modulus size. */ + uint8_t *Output_ptr, /*!< [in] Pointer to the decrypted data. The buffer must be at least + PrivKey_ptr->N.len bytes long (i.e. the modulus size in bytes). */ + uint16_t *OutputSize_ptr, /*!< [in] Pointer to the byte size of the buffer pointed to by Output_buffer. + The size must be: +
    • For PKCS #1 v2.1: Modulus size > OutputSize >= + (modulus size - 2*HashLen - 2).
      • +
    • For PKCS #1 v1.5: Modulus size > OutputSize >= (modulus size - 11). + The value pointed by OutputSize_ptr is updated after decryption with + the actual number of bytes that are loaded to Output_ptr.
    */ + CRYS_PKCS1_version PKCS1_ver /*!< [in] [PKCS1_1.5] or [PKCS1_2.1], according to the functionality required. */ +); + +/**********************************************************************************************************/ +/** + @brief + CRYS_RSA_OAEP_Decrypt implements the RSAES-OAEP algorithm + as defined in PKCS#1 v2.1 8.1. + + \note It is not recommended to use hash MD5 in OAEP PKCS1 ver 2.1, therefore + it is not supported. + + This function combines the RSA decryption primitive and the + EME-OAEP encoding method, to provide an RSA-based decryption + method that is semantically secure against adaptive + chosen-ciphertext attacks. For more details, please refer to + the PKCS#1 standard. + +*/ +#define CRYS_RSA_OAEP_Decrypt(UserPrivKey_ptr,PrimeData_ptr,HashMode,L,Llen,MGF,Data_ptr,DataSize,Output_ptr,OutputSize_ptr)\ + SaSi_RsaSchemesDecrypt(UserPrivKey_ptr,PrimeData_ptr,HashMode,L,Llen,MGF,Data_ptr,DataSize,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21) + + +/** + @brief + CRYS_RSA_PKCS1v15_Decrypt implements the RSAES-PKCS1v15 algorithm as defined + in PKCS#1 v2.1 8.2. +*/ +#define CRYS_RSA_PKCS1v15_Decrypt(UserPrivKey_ptr,PrimeData_ptr,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr)\ + SaSi_RsaSchemesDecrypt(UserPrivKey_ptr,PrimeData_ptr,CRYS_RSA_HASH_NO_HASH_mode,NULL,0,CRYS_PKCS1_NO_MGF,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER15) + + +/**********************************************************************************************************/ +/*! +@brief Implements the Signing algorithm, as defined in [PKCS1_1.5] or [PKCS1_2.1], using a single function. + +The input data may be either a non-hashed data or a digest of a hash function. +For a non-hashed data, the input data will be hashed using the hash function indicated by ::CRYS_RSA_HASH_OpMode_t. +For a digest, ::CRYS_RSA_HASH_OpMode_t should indicate the hash function that the input data was created by, and it will not be hashed. + +@return CRYS_OK on success. +@return A non-zero value from crys_rsa_error.h, crys_rnd_error.h or crys_hash_error.h on failure. +*/ +CIMPORT_C CRYSError_t SaSi_RsaSign( + void *rndState_ptr, /*!< [in/out] Pointer to the RND state. */ + SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in/out] Pointer to the RND Generate vector function pointer. */ + CRYS_RSAPrivUserContext_t *UserContext_ptr, /*!< [in] Pointer to a temporary context for internal use. */ + CRYS_RSAUserPrivKey_t *UserPrivKey_ptr, /*!< [in] Pointer to the private key data structure of the user. + The representation (pair or quintuple) and hence the algorithm (CRT or not CRT) + is determined by the Private Key build function - + ::CRYS_RSA_Build_PrivKey or ::CRYS_RSA_Build_PrivKeyCRT. */ + CRYS_RSA_HASH_OpMode_t rsaHashMode, /*!< [in] One of the supported SHA-x HASH modes, as defined in ::CRYS_RSA_HASH_OpMode_t. + (MD5 is not supported). */ + CRYS_PKCS1_MGF_t MGF, /*!< [in] The mask generation function. [PKCS1_2.1] defines only MGF1, so the only value + allowed for [PKCS1_2.1] is CRYS_PKCS1_MGF1. */ + uint16_t SaltLen, /*!< [in] The Length of the Salt buffer (relevant for PKCS#1 Ver 2.1 only, typically lengths is 0 or hash Len). + FIPS 186-4 requires, that SaltLen <= hash len. If SaltLen > KeySize - hash Len - 2, the function + returns an error. */ + uint8_t *DataIn_ptr, /*!< [in] Pointer to the input data to be signed. + The size of the scatter/gather list representing the data buffer is limited to 128 + entries, and the size of each entry is limited to 64KB (fragments larger than + 64KB are broken into fragments <= 64KB). */ + uint32_t DataInSize, /*!< [in] The size (in bytes) of the data to sign. */ + uint8_t *Output_ptr, /*!< [out] Pointer to the signature. The buffer must be at least PrivKey_ptr->N.len bytes + long (i.e. the modulus size in bytes). */ + uint16_t *OutputSize_ptr, /*!< [in/out] Pointer to the signature size value - the input value is the signature + buffer size allocated, the output value is the signature size used. + he buffer must be equal to PrivKey_ptr->N.len bytes long + (i.e. the modulus size in bytes). */ + CRYS_PKCS1_version PKCS1_ver /*!< [in] [PKCS1_1.5] or [PKCS1_2.1], according to the functionality required. */ +); + + +/*! +@brief CRYS_RSA_PKCS1v15_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5. + +This function combines the RSASP1 signature primitive and the EMSA-PKCS1v15 encoding method, to provide an RSA-based signature scheme. +For more details, please refer to the PKCS#1 standard. + */ + +#define CRYS_RSA_PKCS1v15_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,hashFunc,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr)\ + SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(hashFunc),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),(DataInSize),(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15) + + +/*! +@brief CRYS_RSA_PKCS1v15_SHA1_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function - +it assumes that the data in has already been hashed using SHA-1. + +\note The data_in size is already known after the Hash. +*/ +#define CRYS_RSA_PKCS1v15_SHA1_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\ + SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(CRYS_RSA_After_SHA1_mode),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15) + +/*! +@brief CRYS_RSA_PKCS1v15_MD5_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function - +it assumes that the data in has already been hashed using MD5. + +\note The data_in size is already known after the Hash. +*/ + +#define CRYS_RSA_PKCS1v15_MD5_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\ + SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),CRYS_RSA_After_MD5_mode,CRYS_PKCS1_NO_MGF,0,(DataIn_ptr),CRYS_HASH_MD5_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15) + + +/*! +@brief CRYS_RSA_PKCS1v15_SHA224_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function - +it assumes that the data in has already been hashed using SHA-224. + +\note The data_in size is already known after the Hash. +*/ +#define CRYS_RSA_PKCS1v15_SHA224_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\ + SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(CRYS_RSA_After_SHA224_mode),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),CRYS_HASH_SHA224_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15) + + +/*! +@brief CRYS_RSA_PKCS1v15_SHA256_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function - +it assumes that the data in has already been hashed using SHA-256. + +\note The data_in size is already known after the Hash. +*/ +#define CRYS_RSA_PKCS1v15_SHA256_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\ + SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(CRYS_RSA_After_SHA256_mode),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),CRYS_HASH_SHA256_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15) + +/*! +@brief CRYS_RSA_PKCS1v15_SHA1_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function - +it assumes that the data in has already been hashed using SHA-384. + +\note The data_in size is already known after the Hash. +*/ +#define CRYS_RSA_PKCS1v15_SHA384_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\ + SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(CRYS_RSA_After_SHA384_mode),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),CRYS_HASH_SHA384_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15) + + +/*! +@brief CRYS_RSA_PKCS1v15_SHA512_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function - +it assumes that the data in has already been hashed using SHA-512. + +\note The data_in size is already known after the Hash. +*/ +#define CRYS_RSA_PKCS1v15_SHA512_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\ + SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(CRYS_RSA_After_SHA512_mode),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15) + + + +/*! +@brief CRYS_RSA_PSS_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1, in a single function call. + +\note According to the PKCS#1 ver2.1 it is not recommended to use MD5 Hash, therefore it is not supported. + +The actual macro that is used by the user is ::CRYS_RSA_PSS_Sign. +*/ + +#define CRYS_RSA_PSS_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,hashFunc,MGF,SaltLen,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr)\ + SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,hashFunc,MGF,SaltLen,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21) + + +/*! +@brief CRYS_RSA_PSS_SHA1_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1 in a single function call, but without performing a HASH function - +it assumes that the data in has already been hashed using SHA-1. + +\note The data_in size is already known after the Hash. + +The actual macro that is used by the users is ::CRYS_RSA_PSS_SHA1_Sign. +*/ + +#define CRYS_RSA_PSS_SHA1_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\ + SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,CRYS_RSA_After_SHA1_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21) + + +/*! +@brief CRYS_RSA_PSS_SHA224_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1 in a single function call, but without performing a HASH function - +it assumes that the data in has already been hashed using SHA-224. + +\note The data_in size is already known after the Hash. + +The actual macro that is used by the users is ::CRYS_RSA_PSS_SHA224_Sign. +*/ + +#define CRYS_RSA_PSS_SHA224_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\ + SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,CRYS_RSA_After_SHA224_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA224_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21) + + +/*! +@brief CRYS_RSA_PSS_SHA256_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1 in a single function call, but without performing a HASH function - +it assumes that the data in has already been hashed using SHA-256. + +\note The data_in size is already known after the Hash. + +The actual macro that is used by the users is ::CRYS_RSA_PSS_SHA256_Sign. +*/ + +#define CRYS_RSA_PSS_SHA256_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\ + SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,CRYS_RSA_After_SHA256_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA256_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21) + + +/*! +@brief CRYS_RSA_PSS_SHA384_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1 in a single function call, but without performing a HASH function - +it assumes that the data in has already been hashed using SHA-384. + +\note The data_in size is already known after the Hash. + +The actual macro that is used by the users is ::CRYS_RSA_PSS_SHA384_Sign. +*/ + +#define CRYS_RSA_PSS_SHA384_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\ + SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,CRYS_RSA_After_SHA384_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA384_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21) + + +/*! +@brief CRYS_RSA_PSS_SHA512_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1 in a single function call, but without performing a HASH function - +it assumes that the data in has already been hashed using SHA-512. + +\note The data_in size is already known after the Hash. + +The actual macro that is used by the users is ::CRYS_RSA_PSS_SHA512_Sign. +*/ + +#define CRYS_RSA_PSS_SHA512_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\ + SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,CRYS_RSA_After_SHA512_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21) + + +/**********************************************************************************************************/ +/*! +@brief Implements the RSA signature verification algorithms, in a single function call, as defined in referenced standards [PKCS1_1.5] +and [PKCS1_2.1]. + +The input data may be either a non-hashed data or a digest of a hash function. +For a non-hashed data, the input data will be hashed using the hash function indicated by ::CRYS_RSA_HASH_OpMode_t. +For a digest, ::CRYS_RSA_HASH_OpMode_t should indicate the hash function that the input data was created by, and it will not be hashed. + +@return CRYS_OK on success. +@return A non-zero value from crys_rsa_error.h or crys_hash_error.h on failure. +*/ + +CIMPORT_C CRYSError_t SaSi_RsaVerify( + CRYS_RSAPubUserContext_t *UserContext_ptr, /*!< [in] Pointer to a temporary context for internal use. */ + CRYS_RSAUserPubKey_t *UserPubKey_ptr, /*!< [in] Pointer to the public key data structure of the user. */ + CRYS_RSA_HASH_OpMode_t rsaHashMode, /*!< [in] One of the supported SHA-x HASH modes, as defined in ::CRYS_RSA_HASH_OpMode_t. + (MD5 is not supported). */ + CRYS_PKCS1_MGF_t MGF, /*!< [in] The mask generation function. [PKCS1_2.1] defines only MGF1, so the only + value allowed for [PKCS_2.1] is CRYS_PKCS1_MGF1. */ + uint16_t SaltLen, /*!< [in] The Length of the Salt buffer. Relevant only for [PKCS1_2.1]. + Typical lengths are 0 or hash Len (20 for SHA-1). + The maximum length allowed is [modulus size - hash Len - 2]. */ + uint8_t *DataIn_ptr, /*!< [in] Pointer to the input data to be verified. + The size of the scatter/gather list representing the data buffer is + limited to 128 entries, and the size of each entry is limited to 64KB + (fragments larger than 64KB are broken into fragments <= 64KB). */ + uint32_t DataInSize, /*!< [in] The size (in bytes) of the data whose signature is to be verified. */ + uint8_t *Sig_ptr, /*!< [in] Pointer to the signature to be verified. + The length of the signature is PubKey_ptr->N.len bytes + (i.e. the modulus size in bytes). */ + CRYS_PKCS1_version PKCS1_ver /*!< [in] [PKCS1_1.5] or [PKCS1_2.1], according to the functionality required. */ +); + +/*! +@brief CRYS_RSA_PKCS1v15_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5. +*/ +#define CRYS_RSA_PKCS1v15_Verify(UserContext_ptr,UserPubKey_ptr,hashFunc,DataIn_ptr,DataInSize,Sig_ptr)\ + SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,hashFunc,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,DataInSize,Sig_ptr,CRYS_PKCS1_VER15) + + +/*! +@brief CRYS_RSA_PKCS1v15_MD5_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function - +it assumes the DataIn_ptr data has already been hashed using MD5. +*/ +#define CRYS_RSA_PKCS1v15_MD5_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\ + SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_MD5_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_MD5_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15) + + +/*! +@brief CRYS_RSA_PKCS1v15_SHA1_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function - +it assumes that the DataIn_ptr data has already been hashed using SHA1. + +*/ +#define CRYS_RSA_PKCS1v15_SHA1_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\ + SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA1_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15) + +/*! +@brief CRYS_RSA_PKCS1v15_SHA224_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function - +it assumes that the DataIn_ptr data has already been hashed using SHA224. + +*/ +#define CRYS_RSA_PKCS1v15_SHA224_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\ + SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA224_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_SHA224_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15) + +/*! +@brief CRYS_RSA_PKCS1v15_SHA256_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function - +it assumes that the DataIn_ptr data has already been hashed using SHA256. + +*/ +#define CRYS_RSA_PKCS1v15_SHA256_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\ + SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA256_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_SHA256_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15) + +/*! +@brief CRYS_RSA_PKCS1v15_SHA384_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function - +it assumes that the DataIn_ptr data has already been hashed using SHA384. + +*/ +#define CRYS_RSA_PKCS1v15_SHA384_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\ + SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA384_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_SHA384_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15) + +/*! +@brief CRYS_RSA_PKCS1v15_SHA512_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function - +it assumes that the DataIn_ptr data has already been hashed using SHA512. + +*/ +#define CRYS_RSA_PKCS1v15_SHA512_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\ + SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA512_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15) + +/*! +@brief CRYS_RSA_PSS_Verify implements the RSASSA-PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1. +*/ + +#define CRYS_RSA_PSS_Verify(UserContext_ptr,UserPubKey_ptr,hashFunc,MGF,SaltLen,DataIn_ptr,DataInSize,Sig_ptr)\ + SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,hashFunc,MGF,SaltLen,DataIn_ptr,DataInSize,Sig_ptr,CRYS_PKCS1_VER21) + + /*! +@brief CRYS_RSA_PSS_SHA1_Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function - +it assumes the DataIn_ptr has already been hashed using SHA1. + +*/ + +#define CRYS_RSA_PSS_SHA1_Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\ + SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA1_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER21) + + +/*! +@brief CRYS_RSA_PSS_SHA224_Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function - +it assumes the DataIn_ptr has already been hashed using SHA224. +*/ + +#define CRYS_RSA_PSS_SHA224_Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\ + SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA224_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA224_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER21) + +/*! +@brief CRYS_RSA_PSS_SHA256_Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function - +it assumes the DataIn_ptr has already been hashed using SHA256. + +*/ + +#define CRYS_RSA_PSS_SHA256_Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\ + SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA256_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA256_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER21) + + +/*! +@brief CRYS_RSA_PSS_SHA384_Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function - +it assumes the DataIn_ptr has already been hashed using SHA384. + +*/ + +#define CRYS_RSA_PSS_SHA384_Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\ + SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA384_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA384_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER21) + + +/*! +@brief CRYS_RSA_PSS_SHA512_Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function - +it assumes the DataIn_ptr has already been hashed using SHA512. +*/ + +#define CRYS_RSA_PSS_SHA512_Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\ + SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA512_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER21) + +/**********************************************************************************************************/ + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rsa_types.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rsa_types.h new file mode 100644 index 0000000..4a47c37 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_rsa_types.h @@ -0,0 +1,616 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +#ifndef CRYS_RSA_TYPES_H +#define CRYS_RSA_TYPES_H + +#include "crys_hash.h" +#include "crys_pka_defs_hw.h" +#include "ssi_pal_types.h" +#include "ssi_pal_compiler.h" + +#ifdef DX_SOFT_KEYGEN +#include "ccsw_crys_rsa_shared_types.h" +#endif + + +#ifdef __cplusplus +extern "C" +{ +#endif +/*! +@file +@brief This file contains all of the enums and definitions that are used for the CRYS RSA APIs. +@defgroup crys_rsa_types CryptoCell RSA used definitions and enums +@{ +@ingroup crys_rsa +*/ + +/************************ Defines ******************************/ + +/*! Definition of HASH context size. */ +#define CRYS_PKA_RSA_HASH_CTX_SIZE_IN_WORDS CRYS_HASH_USER_CTX_SIZE_IN_WORDS + +/*! Maximal key size in bytes. */ +#define CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BYTES (CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS / SASI_BITS_IN_BYTE) + +/*! Minimal key size in bits. */ +#define CRYS_RSA_MIN_VALID_KEY_SIZE_VALUE_IN_BITS 512 +/*! Valid key size multiplications in RSA. */ +#define CRYS_RSA_VALID_KEY_SIZE_MULTIPLE_VALUE_IN_BITS 256 + +/*! Maximal RSA generated key size in bits. */ +#define CRYS_RSA_MAX_KEY_GENERATION_SIZE_BITS CRYS_RSA_MAX_KEY_GENERATION_HW_SIZE_BITS + +/* FIPS 184-4 definitions for allowed RSA and FFC DH key sizes */ +/*! FIPS 184-4 allowed key size - 1024 bits. */ +#define CRYS_RSA_FIPS_KEY_SIZE_1024_BITS 1024 +/*! FIPS 184-4 allowed key size - 2048 bits. */ +#define CRYS_RSA_FIPS_KEY_SIZE_2048_BITS 2048 +/*! FIPS 184-4 allowed key size - 3072 bits. */ +#define CRYS_RSA_FIPS_KEY_SIZE_3072_BITS 3072 +/*! FIPS 184-4 allowed modulus size in bits. */ +#define CRYS_RSA_FIPS_MODULUS_SIZE_BITS CRYS_RSA_FIPS_KEY_SIZE_2048_BITS + +/*! FIPS 184-4 DH key size - 1024 bits. */ +#define CRYS_DH_FIPS_KEY_SIZE_1024_BITS 1024 +/*! FIPS 184-4 DH key size - 2048 bits. */ +#define CRYS_DH_FIPS_KEY_SIZE_2048_BITS 2048 + + +/*! Salt length definition - if the salt length is not available in verify operation, the user can use this define and the algorithm will + calculate the salt length alone*/ +/*!\note Security wise: it is not recommended to use this flag.*/ +#define CRYS_RSA_VERIFY_SALT_LENGTH_UNKNOWN 0xFFFF + +/*! Minimal public exponent value */ +#define CRYS_RSA_MIN_PUB_EXP_VALUE 3 +/*! Minimal private exponent value */ +#define CRYS_RSA_MIN_PRIV_EXP_VALUE 1 + +/* The maximum buffer size for the 'H' value */ +/*! Temporary buffer size definition.*/ +#define CRYS_RSA_TMP_BUFF_SIZE (CRYS_RSA_OAEP_ENCODE_MAX_MASKDB_SIZE + CRYS_RSA_OAEP_ENCODE_MAX_SEEDMASK_SIZE + CRYS_PKA_RSA_HASH_CTX_SIZE_IN_WORDS*sizeof(uint32_t) + sizeof(CRYS_HASH_Result_t)) + +/*! Hash structure definition.*/ +#define CRYS_PKCS1_HashFunc_t CRYS_HASH_OperationMode_t + +/*! OAEP maximal H length.*/ +#define CRYS_RSA_OAEP_MAX_HLEN CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES + +/*! MGF1 definitions */ +#define CRYS_RSA_MGF_2_POWER_32 65535 /*!< \internal 0xFFFF This is the 2^32 of the 2^32*hLen boundary check */ +/*! MGF1 definitions */ +#define CRYS_RSA_SIZE_OF_T_STRING_BYTES (CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS*sizeof(uint32_t)) + +/*********************************************************** + * + * RSA PKCS#1 v2.1 DEFINES + * + ***********************************************************/ +/*! Size of OEAP seed. */ +#define CRYS_RSA_OAEP_ENCODE_MAX_SEEDMASK_SIZE CRYS_RSA_OAEP_MAX_HLEN +/*! Maximal PSS salt size. */ +#define CRYS_RSA_PSS_SALT_LENGTH CRYS_RSA_OAEP_MAX_HLEN +/*! PSS padding length. */ +#define CRYS_RSA_PSS_PAD1_LEN 8 + +/*! OAEP encode mask size. */ +#define CRYS_RSA_OAEP_ENCODE_MAX_MASKDB_SIZE (CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS*sizeof(uint32_t)) /*!< \internal For OAEP Encode; the max size is emLen */ +/*! OAEP decode mask size. */ +#define CRYS_RSA_OAEP_DECODE_MAX_DBMASK_SIZE (CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS*sizeof(uint32_t)) /*!< \internal For OAEP Decode; the max size is emLen */ + +/************************ Enums ********************************/ + +/*! Defines the enum for the HASH operation mode. */ +typedef enum +{ + CRYS_RSA_HASH_MD5_mode = 0, /*!< For PKCS1 v1.5 only. The input data will be hashed with MD5 */ + CRYS_RSA_HASH_SHA1_mode = 1, /*!< The input data will be hashed with SHA1. */ + CRYS_RSA_HASH_SHA224_mode = 2, /*!< The input data will be hashed with SHA224. */ + CRYS_RSA_HASH_SHA256_mode = 3, /*!< The input data will be hashed with SHA256. */ + CRYS_RSA_HASH_SHA384_mode = 4, /*!< The input data will be hashed with SHA384. */ + CRYS_RSA_HASH_SHA512_mode = 5, /*!< The input data will be hashed with SHA512. */ + CRYS_RSA_After_MD5_mode = 6, /*!< For PKCS1 v1.5 only. The input data is a digest of MD5 and will not be hashed. */ + CRYS_RSA_After_SHA1_mode = 7, /*!< The input data is a digest of SHA1 and will not be hashed. */ + CRYS_RSA_After_SHA224_mode = 8, /*!< The input data is a digest of SHA224 and will not be hashed. */ + CRYS_RSA_After_SHA256_mode = 9, /*!< The input data is a digest of SHA256 and will not be hashed. */ + CRYS_RSA_After_SHA384_mode = 10, /*!< The input data is a digest of SHA384 and will not be hashed. */ + CRYS_RSA_After_SHA512_mode = 11, /*!< The input data is a digest of SHA512 and will not be hashed. */ + CRYS_RSA_After_HASH_NOT_KNOWN_mode = 12, /*!< \internal used only for PKCS#1 Ver 1.5 - possible to perform verify operation without hash mode input, + the hash mode is derived from the signature.*/ + CRYS_RSA_HASH_NO_HASH_mode = 13, /*!< Used for PKCS1 v1.5 Encrypt and Decrypt.*/ + CRYS_RSA_HASH_NumOfModes, /*!< Maximal number of hash operations modes. */ + + CRYS_RSA_HASH_OpModeLast = 0x7FFFFFFF, /*! Reserved.*/ + +}CRYS_RSA_HASH_OpMode_t; + + +/*! Defines the enum of the RSA decryption mode. */ +typedef enum +{ + CRYS_RSA_NoCrt = 10, /*!< Decryption no CRT mode.*/ + CRYS_RSA_Crt = 11, /*!< Decryption CRT mode.*/ + + CRYS_RSADecryptionNumOfOptions, /*! Reserved.*/ + + CRYS_RSA_DecryptionModeLast= 0x7FFFFFFF, /*! Reserved.*/ + +}CRYS_RSA_DecryptionMode_t; + +/*! RSA Key source definition. */ +typedef enum +{ + CRYS_RSA_ExternalKey = 1, /*!< External key.*/ + CRYS_RSA_InternalKey = 2, /*!< Internal key.*/ + + CRYS_RSA_KeySourceLast= 0x7FFFFFFF, /*!< Reserved. */ + +}CRYS_RSA_KeySource_t; + +/*! MGF values. */ +typedef enum +{ + CRYS_PKCS1_MGF1 = 0, /*! MGF1. */ + CRYS_PKCS1_NO_MGF = 1, /*! No MGF. */ + CRYS_RSA_NumOfMGFFunctions, /*! Maximal number of MGF options. */ + + CRYS_PKCS1_MGFLast= 0x7FFFFFFF, /*! Reserved.*/ + +}CRYS_PKCS1_MGF_t; + +/*! Defines the enum of the various PKCS1 versions. */ +typedef enum +{ + CRYS_PKCS1_VER15 = 0, /*! PKCS1 version 15. */ + CRYS_PKCS1_VER21 = 1, /*! PKCS1 version 21. */ + + CRYS_RSA_NumOf_PKCS1_versions, /*! Maximal number of PKCS versions. */ + + CRYS_PKCS1_versionLast= 0x7FFFFFFF, /*! Reserved.*/ + +}CRYS_PKCS1_version; + + +/*! Enum defining primality testing mode in Rabin-Miller + and Lucas-Lehmer tests (internal tests). */ +typedef enum +{ + /* P and Q primes */ + CRYS_RSA_PRIME_TEST_MODE = 0, /*!< PRIME test. */ + /* FFC (DH, DSA) primes */ + CRYS_DH_PRIME_TEST_MODE = 1, /*!< DH Prime test. */ + + CRYS_RSA_DH_PRIME_TEST_OFF_MODE /*!< Reserved.*/ + +}CRYS_RSA_DH_PrimeTestMode_t; + +/************************ Public and private key database Structs ******************************/ + +/* .................. The public key definitions ...................... */ +/* --------------------------------------------------------------------- */ + +/*! Public key data structure (used internally). */ +typedef struct +{ + /*! RSA modulus buffer. */ + uint32_t n[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; + /*! RSA modulus size in bits. */ + uint32_t nSizeInBits; + + /*! RSA public exponent buffer. */ + uint32_t e[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; + /*! RSA public exponent buffer. */ + uint32_t eSizeInBits; + + /*! Buffer for internal usage.*/ + uint32_t crysRSAIntBuff[CRYS_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS]; + +}CRYSRSAPubKey_t; + +/*! The public key's user structure prototype. This structure must be saved by the user, and is used as input to the RSA functions +(such as ::SaSi_RsaSchemesEncrypt etc.) */ +typedef struct CRYS_RSAUserPubKey_t +{ + /*! Validation tag. */ + uint32_t valid_tag; + /*! Public key data. */ + uint32_t PublicKeyDbBuff[ sizeof(CRYSRSAPubKey_t)/sizeof(uint32_t) + 1 ]; + + +}CRYS_RSAUserPubKey_t; + +/* .................. The private key definitions ...................... */ +/* --------------------------------------------------------------------- */ + +/*! Private key on non-CRT mode data structure (used internally). */ +typedef struct +{ + /*! RSA private exponent buffer. */ + uint32_t d[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; + /*! RSA private exponent size in bits. */ + uint32_t dSizeInBits; + + /*! RSA public exponent buffer. */ + uint32_t e[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; + /*! RSA public exponent size in bits. */ + uint32_t eSizeInBits; + +}CRYSRSAPrivNonCRTKey_t; + +/*! Private key on CRT mode data structure (used internally). */ +#ifndef CRYS_NO_RSA_SMALL_CRT_BUFFERS_SUPPORT +/* use small CRT buffers */ +typedef struct +{ + /*! First factor buffer. */ + uint32_t P[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS/2]; + /*! First factor size in bits. */ + uint32_t PSizeInBits; + + /*! Second factor buffer. */ + uint32_t Q[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS/2]; + /*! Second factor size in bits. */ + uint32_t QSizeInBits; + + /*! First CRT exponent buffer. */ + uint32_t dP[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS/2]; + /*! First CRT exponent size in bits. */ + uint32_t dPSizeInBits; + + /*! Second CRT exponent buffer. */ + uint32_t dQ[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS/2]; + /*! Second CRT exponent size in bits. */ + uint32_t dQSizeInBits; + + /*! First CRT coefficient buffer. */ + uint32_t qInv[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS/2]; + /*! First CRT coefficient size in bits. */ + uint32_t qInvSizeInBits; + +}CRYSRSAPrivCRTKey_t; + +/*! Size of CRYSRSAPrivCRTKey_t structure in words (used for temp buffers allocation). */ +#define CRYS_RSA_SIZE_IN_WORDS_OF_CRYSRSAPrivCRTKey_t (CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS*7/2 + 5) + +#else /* use large CRT buffers */ +typedef struct +{ + /* The first factor buffer and size in bits */ + uint32_t P[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; + uint32_t PSizeInBits; + + /* The second factor buffer and its size in bits */ + uint32_t Q[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; + uint32_t QSizeInBits; + + /* The first CRT exponent buffer and its size in bits */ + uint32_t dP[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; + uint32_t dPSizeInBits; + + /* The second CRT exponent buffer and its size in bits */ + uint32_t dQ[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; + uint32_t dQSizeInBits; + + /* The first CRT coefficient buffer and its size in bits */ + uint32_t qInv[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; + uint32_t qInvSizeInBits; + +}CRYSRSAPrivCRTKey_t; + +/* size of CRYSRSAPrivCRTKey_t structure in words (used for temp buffers allocation) */ +#define CRYS_RSA_SIZE_IN_WORDS_OF_CRYSRSAPrivCRTKey_t (CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS*5 + 5) + +#endif + +/*! Private key data structure (used internally). */ +typedef struct +{ + /*! RSA modulus buffer. */ + uint32_t n[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; + /*! RSA modulus size in bits. */ + uint32_t nSizeInBits; + + /*! Decryption operation mode. */ + CRYS_RSA_DecryptionMode_t OperationMode; + + /*! Key source ( internal or external ). */ + CRYS_RSA_KeySource_t KeySource; + + + /*! Union between the CRT and non-CRT data structures. */ + union + { + CRYSRSAPrivNonCRTKey_t NonCrt; /*!< Non CRT data structure. */ + CRYSRSAPrivCRTKey_t Crt; /*!< CRT data structure. */ + }PriveKeyDb; + + /*! Internal buffer. */ + uint32_t crysRSAPrivKeyIntBuff[CRYS_PKA_PRIV_KEY_BUFF_SIZE_IN_WORDS]; + +}CRYSRSAPrivKey_t; + +/*! The private key's user structure prototype. This structure must be saved by the user, and is used as input to the RSA functions +(such as ::SaSi_RsaSchemesDecrypt etc.). */ +typedef struct CRYS_RSAUserPrivKey_t +{ + /*! Validation tag.*/ + uint32_t valid_tag; + /*! Private key data. */ + uint32_t PrivateKeyDbBuff[ sizeof(CRYSRSAPrivKey_t)/sizeof(uint32_t) + 1 ] ; + +}CRYS_RSAUserPrivKey_t; + +/*! Temporary buffers for RSA usage. */ +typedef struct CRYS_RSAPrimeData_t +{ + /* The aligned input and output data buffers */ + uint32_t DataIn[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; /*!< Temporary buffer for data in.*/ + uint32_t DataOut[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; /*!< Temporary buffer for data out.*/ + /*! Temporary buffer for internal data.*/ + uint8_t InternalBuff[CRYS_RSA_TMP_BUFF_SIZE] SASI_PAL_COMPILER_ALIGN (4); + +}CRYS_RSAPrimeData_t; + +/*! KG data type. */ +typedef union CRYS_RSAKGData_t +{ + /*! RSA Key Generation buffers definitions. */ + struct + { + /* The aligned input and output data buffers */ + /*! First factor buffer. */ + uint32_t p[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS / 2]; + /*! Second factor buffer. */ + uint32_t q[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS / 2]; + union { + /*! Internal buffer. */ + uint32_t crysRSAKGDataIntBuff[CRYS_PKA_KGDATA_BUFF_SIZE_IN_WORDS]; + #ifdef DX_SOFT_KEYGEN + /* # added for compatibility with size of KGData SW type */ + uint32_t TempbuffExp[PKI_KEY_GEN_TEMP_BUFF_SIZE_WORDS]; + #endif + }kg_buf; + }KGData; + + /*! Buffers for internal usage. */ + union { + /*! Internally used buffer.*/ + struct { + CRYS_RSAPrimeData_t PrimData; + }primExt; + #ifdef DX_SOFT_KEYGEN + /* # added for compatibility with size of SW CRYSRSAPrivKey_t type */ + SW_Shared_CRYS_RSAPrimeData_t SW_Shared_PrimData; + #endif + }prim; +}CRYS_RSAKGData_t; + + /************* + * RSA contexts + **************/ +/************************ CRYS RSA struct for Private Key ******************************/ + +/*! Context definition for operations that use the RSA private key. */ +typedef struct +{ + + /*! Private key data. */ + CRYS_RSAUserPrivKey_t PrivUserKey; + + /*! RSA PKCS#1 Version 1.5 or 2.1 */ + uint8_t PKCS1_Version; + + /*! MGF to be used for the PKCS1 Ver 2.1 sign or verify operations. */ + uint8_t MGF_2use; + + /*! Salt random length for PKCS#1 PSS Ver 2.1*/ + uint16_t SaltLen; + + /*! Internal buffer. */ + CRYS_RSAPrimeData_t PrimeData; + + /*! HASH context buffer. */ + uint32_t CRYSPKAHashCtxBuff[CRYS_PKA_RSA_HASH_CTX_SIZE_IN_WORDS]; + /*! HASH result buffer. */ + CRYS_HASH_Result_t HASH_Result; + /*! HASH result size in words. */ + uint16_t HASH_Result_Size; /*in words*/ + /*! RSA HASH operation mode (all modes RSA supports).*/ + CRYS_RSA_HASH_OpMode_t RsaHashOperationMode; /*RSA HASH enum. */ + /*! HASH operation mode.*/ + CRYS_HASH_OperationMode_t HashOperationMode; /*CRYS HASH enum. */ + /*! HASH block size (in words).*/ + uint16_t HashBlockSize; /*in words*/ + /*! HASH flag. */ + bool doHash; + + /* Used for sensitive data manipulation in the context space, which is safer and which saves stack space */ + /*! Internal buffer.*/ + uint32_t EBD[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; + /*! Internal bufffer used size in bits. */ + uint32_t EBDSizeInBits; + + /* Used for sensitive data manipulation in the context space, which is safer and which saves stack space */ + /*! Internal buffer.*/ + uint8_t T_Buf[CRYS_RSA_SIZE_OF_T_STRING_BYTES]; + /*! Internal buffer used size.*/ + uint16_t T_BufSize; + + /*! Buffer for the use of the Ber encoder in the case of PKCS#1 Ver 1.5. */ + uint32_t BER[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; + /*! Ber encoder buffer size.*/ + uint16_t BERSize; + + /*! Internal buffer.*/ + uint8_t DummyBufAESBlockSize[16]; + +}RSAPrivContext_t; + +/*! The user's context prototype - the argument type that is passed by the user + to the RSA APIs. The context saves the state of the operation and must be saved by the user + till the end of the APIs flow . */ +typedef struct CRYS_RSAPrivUserContext_t +{ + /*! Validation tag. */ + uint32_t valid_tag; + /*! Internally used value.*/ + uint32_t AES_iv; + /*! Private data context buffer. */ + uint8_t context_buff[ sizeof(RSAPrivContext_t) + sizeof(uint32_t)] SASI_PAL_COMPILER_ALIGN (4); /* must be aligned to 4 */ + +}CRYS_RSAPrivUserContext_t; + + +/************************ CRYS RSA struct for Public Key ******************************/ + +/*! Context definition for operations that use the RSA public key. */ +typedef struct +{ + + /*! RSA public key structure. */ + CRYS_RSAUserPubKey_t PubUserKey; + + /*! Public key size in bytes */ + uint32_t nSizeInBytes; + + /*! RSA PKCS#1 Version 1.5 or 2.1 */ + uint8_t PKCS1_Version; + + /*! MGF to be used for the PKCS1 Ver 2.1 Sign or Verify operations */ + uint8_t MGF_2use; + + /*! Salt random length for PKCS#1 PSS Ver 2.1*/ + uint16_t SaltLen; + + /*! Internal buffer. */ + CRYS_RSAPrimeData_t PrimeData; + + /*! HASH context. */ + uint32_t CRYSPKAHashCtxBuff[CRYS_PKA_RSA_HASH_CTX_SIZE_IN_WORDS]; + /*! HASH result buffer. */ + CRYS_HASH_Result_t HASH_Result; + /*! HASH result size. */ + uint16_t HASH_Result_Size; /* denotes the length, in words, of the hash function output */ + /*! RSA HASH operation mode (all modes RSA supports). */ + CRYS_RSA_HASH_OpMode_t RsaHashOperationMode; /*RSA HASH enum. */ + /*! HASH operation mode. */ + CRYS_HASH_OperationMode_t HashOperationMode; /*CRYS HASH enum. */ + /*! HASH block size. */ + uint16_t HashBlockSize; /*in words*/ + /*! HASH flag.*/ + bool doHash; + + /* Used for sensitive data manipulation in the context space, which is safer and which saves stack space */ + /*! Internal buffer.*/ + uint32_t EBD[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; + /*! Internal bufffer used size in bits. */ + uint32_t EBDSizeInBits; + + /* Used for sensitive data manipulation in the context space, which is safer and which saves stack space */ + /*! Internal buffer.*/ + uint8_t T_Buf[CRYS_RSA_SIZE_OF_T_STRING_BYTES]; + /*! Internal buffer used size.*/ + uint16_t T_BufSize; + + /*! Internal buffer.*/ + uint8_t DummyBufAESBlockSize[16]; + +}RSAPubContext_t; + +/*! Temporary buffers for the RSA usage. */ +typedef struct CRYS_RSAPubUserContext_t +{ + /*! Validation tag. */ + uint32_t valid_tag; + /*! Internally used value.*/ + uint32_t AES_iv; /* For the use of the AES CBC mode of Encryption and Decryption of the context in CCM */ + /*! Public data context buffer. */ + uint32_t context_buff[ sizeof(RSAPubContext_t)/sizeof(uint32_t) + 1] ; + +}CRYS_RSAPubUserContext_t; + + + +/*! Required for internal FIPS verification for RSA key generation. */ +typedef struct CRYS_RSAKGFipsContext_t{ + /*! Internal buffer. */ + CRYS_RSAPrimeData_t primData; + /*! Buffer used for decryption. */ + uint8_t decBuff[((CRYS_RSA_MIN_VALID_KEY_SIZE_VALUE_IN_BITS/SASI_BITS_IN_BYTE) - 2*(CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES) -2)]; + /*! Buffer used for encryption. */ + uint8_t encBuff[CRYS_RSA_FIPS_MODULUS_SIZE_BITS/SASI_BITS_IN_BYTE]; +}CRYS_RSAKGFipsContext_t; + +/*! Required for internal FIPS verification for RSA KAT. The RSA KAT tests defined for scheme 2.1 with modulus key size of 2048. */ +typedef struct CRYS_RSAFipsKatContext_t{ + /*! RSA user's key (either public or private).*/ + union { + /*! RSA user's public key. */ + CRYS_RSAUserPubKey_t userPubKey; // used for RsaEnc and RsaVerify + /*! RSA user's private key. */ + CRYS_RSAUserPrivKey_t userPrivKey; // used for RsaDec and RsaSign + }userKey; + /*! RSA user's context (either public or private).*/ + union { + /*! RSA user's private context. */ + CRYS_RSAPrivUserContext_t userPrivContext; // used for RsaSign + /*! RSA public user's context. */ + CRYS_RSAPubUserContext_t userPubContext; // used for RsaVerify + /*! Internal buffers. */ + CRYS_RSAPrimeData_t primData; // used for RsaEnc and RsaDec + }userContext; + /*! RSA user's data. */ + union { + struct { // used for RsaEnc and RsaDec + /*! Buffer for encrypted data. */ + uint8_t encBuff[CRYS_RSA_FIPS_MODULUS_SIZE_BITS/SASI_BITS_IN_BYTE]; + /*! Buffer for decrypted data. */ + uint8_t decBuff[((CRYS_RSA_FIPS_MODULUS_SIZE_BITS/SASI_BITS_IN_BYTE) - 2*(CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES) -2)]; + }userOaepData; + /*! Buffer for Signed data. */ + uint8_t signBuff[CRYS_RSA_FIPS_MODULUS_SIZE_BITS/SASI_BITS_IN_BYTE]; // used for RsaSign and RsaVerify + }userData; +}CRYS_RSAFipsKatContext_t; + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_srp.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_srp.h new file mode 100644 index 0000000..20ca556 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_srp.h @@ -0,0 +1,375 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +/*! +@file +@brief This file contains all of the enums and definitions that are used for the + CRYS SRP APIs, as well as the APIs themselves. +@defgroup crys_srp CryptoCell SRP APIs +@{ +@ingroup cryptocell_api + +*/ +#ifndef CRYS_SRP_H +#define CRYS_SRP_H + + +#include "ssi_pal_types.h" +#include "crys_error.h" +#include "crys_pka_defs_hw.h" +#include "crys_hash.h" +#include "crys_rnd.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*!\internal The following describes the SRP APIs usage for the Device and the Accessory :* + + Device (User) Accessory (Host) +* -------------- ----------------- + + 1. CRYS_SRP_HK_INIT(CRYS_SRP_USER, .......) CRYS_SRP_HK_INIT(CRYS_SRP_HOST, .....) + + 2. CRYS_SRP_PwdVerCreate(..) + + 3. CRYS_SRP_UserPubKeyCreate(..) CRYS_SRP_HostPubKeyCreate(..) + + 4. CRYS_SRP_UserProofCalc(..) + + 5. CRYS_SRP_HostProofVerifyAndCalc(..) + + 6. CRYS_SRP_UserProofVerify(..) + + 7. CRYS_SRP_Clear(..) CRYS_SRP_Clear(..) + + */ + +/************************ Defines ******************************/ +/*! The SRP modulus sizes. */ +/*! 1024 bits modulus size. */ +#define CRYS_SRP_MODULUS_SIZE_1024_BITS 1024 +/*! 1536 bits modulus size. */ +#define CRYS_SRP_MODULUS_SIZE_1536_BITS 1536 +/*! 2048 bits modulus size. */ +#define CRYS_SRP_MODULUS_SIZE_2048_BITS 2048 +/*! 3072 bits modulus size. */ +#define CRYS_SRP_MODULUS_SIZE_3072_BITS 3072 + +/*! Maximal modulus size in bits. */ +#define CRYS_SRP_MAX_MODULUS_IN_BITS CRYS_SRP_MODULUS_SIZE_3072_BITS +/*! Maximal modulus size in bytes. */ +#define CRYS_SRP_MAX_MODULUS (CRYS_SRP_MAX_MODULUS_IN_BITS/SASI_BITS_IN_BYTE) +/*! Maximal modulus size in words. */ +#define CRYS_SRP_MAX_MODULUS_IN_WORDS (CRYS_SRP_MAX_MODULUS_IN_BITS/SASI_BITS_IN_32BIT_WORD) + +/*! The SRP private number size range. */ +/*! Minimal private number size in bits. */ +#define CRYS_SRP_PRIV_NUM_MIN_SIZE_IN_BITS (256) +/*! Minimal private number size in bytes. */ +#define CRYS_SRP_PRIV_NUM_MIN_SIZE (CRYS_SRP_PRIV_NUM_MIN_SIZE_IN_BITS/SASI_BITS_IN_BYTE) +/*! Minimal private number size in words. */ +#define CRYS_SRP_PRIV_NUM_MIN_SIZE_IN_WORDS (CRYS_SRP_PRIV_NUM_MIN_SIZE_IN_BITS/SASI_BITS_IN_32BIT_WORD) +/*! Maximal private number size in bits. */ +#define CRYS_SRP_PRIV_NUM_MAX_SIZE_IN_BITS (CRYS_SRP_MAX_MODULUS_IN_BITS) +/*! Maximal private number size in bytes. */ +#define CRYS_SRP_PRIV_NUM_MAX_SIZE (CRYS_SRP_PRIV_NUM_MAX_SIZE_IN_BITS/SASI_BITS_IN_BYTE) +/*! Maximal private number size in words. */ +#define CRYS_SRP_PRIV_NUM_MAX_SIZE_IN_WORDS (CRYS_SRP_PRIV_NUM_MAX_SIZE_IN_BITS/SASI_BITS_IN_32BIT_WORD) + +/*! Maximal SRP HASH digest size in words. */ +#define CRYS_SRP_MAX_DIGEST_IN_WORDS CRYS_HASH_RESULT_SIZE_IN_WORDS +/*! Maximal SRP HASH digest size in bytes. */ +#define CRYS_SRP_MAX_DIGEST (CRYS_SRP_MAX_DIGEST_IN_WORDS*SASI_32BIT_WORD_SIZE) + +/*! Minimal salt size in bytes. */ +#define CRYS_SRP_MIN_SALT_SIZE (8) +/*! Minimal salt size in words. */ +#define CRYS_SRP_MIN_SALT_SIZE_IN_WORDS (CRYS_SRP_MIN_SALT_SIZE/SASI_32BIT_WORD_SIZE) +/*! Maximal salt size in bytes. */ +#define CRYS_SRP_MAX_SALT_SIZE (64) +/*! Maximal salt size in words. */ +#define CRYS_SRP_MAX_SALT_SIZE_IN_WORDS (CRYS_SRP_MAX_SALT_SIZE/SASI_32BIT_WORD_SIZE) + +/************************ Typedefs ****************************/ +/*! SRP modulus buffer definition. */ +typedef uint8_t CRYS_SRP_Modulus_t[CRYS_SRP_MAX_MODULUS]; + +/*! SRP digest buffer definition. */ +typedef uint8_t CRYS_SRP_Digest_t[CRYS_SRP_MAX_DIGEST]; + +/*! SRP secret buffer definition. */ +typedef uint8_t CRYS_SRP_Secret_t[2*CRYS_SRP_MAX_DIGEST]; + +/************************ Enums ********************************/ + +/*! +SRP supported versions +*/ +typedef enum { + CRYS_SRP_VER_3 = 0, /*!< VER 3. */ + CRYS_SRP_VER_6 = 1, /*!< VER 6. */ + CRYS_SRP_VER_6A = 2, /*!< VER 6A. */ + CRYS_SRP_VER_HK = 3, /*!< VER 6A. */ + /*! Maximal number of supported versions.*/ + CRYS_SRP_NumOfVersions, + /*! Reserved.*/ + CRYS_SRP_VersionLast= 0x7FFFFFFF, + +}CRYS_SRP_Version_t; + +/*! +SRP entity type +*/ +typedef enum { + CRYS_SRP_HOST = 1, /*!< Host entity, called also server, verifier, or Accessory in Home-Kit */ + CRYS_SRP_USER = 2, /*!< User entity, called also client, or Device in Home-Kit */ + /*! Maximal number of entities types.*/ + CRYS_SRP_NumOfEntityType, + /*! Reserved.*/ + CRYS_SRP_EntityLast= 0x7FFFFFFF, + +}CRYS_SRP_Entity_t; + +/************************ Structs ******************************/ + +/*! Group parameters for the SRP - defines the modulus and the generator used */ +typedef struct CRYS_SRP_GroupParam_t { + /*! SRP modulus.*/ + CRYS_SRP_Modulus_t modulus; + /*! SRP generator.*/ + uint8_t gen; + /*! SRP modulus size in bits .*/ + size_t modSizeInBits; + /*! SRP valid Np.*/ + uint32_t validNp; + /*! SRP Np buffer.*/ + uint32_t Np[CRYS_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS]; +}CRYS_SRP_GroupParam_t; + +/************************ context Structs ******************************/ +/*! The SRP context prototype */ +typedef struct CRYS_SRP_Context_t { + /*! SRP entitiy type.*/ + CRYS_SRP_Entity_t srpType; + /*! SRP version.*/ + CRYS_SRP_Version_t srpVer; + /*! Group parameter including the modulus information.*/ + CRYS_SRP_GroupParam_t groupParam; // N, g, Np + /*! Hash mode.*/ + CRYS_HASH_OperationMode_t hashMode; + /*! Hash digest size.*/ + size_t hashDigestSize; + /*! Pointer to RND state.*/ + CRYS_RND_State_t *pRndState; + /*! Pointer to random vector generation function.*/ + SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc; + /*! Modulus.*/ + CRYS_SRP_Modulus_t ephemPriv; // a or b + /*! Modulus size.*/ + size_t ephemPrivSize; + /*! User name digest.*/ + CRYS_SRP_Digest_t userNameDigest; // M + /*! Cred digest.*/ + CRYS_SRP_Digest_t credDigest; // p + /*! SRP K multiplier. */ // + CRYS_SRP_Digest_t kMult; // k multiplier +}CRYS_SRP_Context_t; + + +/************************ SRP common Functions **********************/ +/****************************************************************************************************/ +/*! +@brief This function initiates the SRP context. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_srp_error.h or crys_hash_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_SRP_Init( + CRYS_SRP_Entity_t srpType, /*!< [in] SRP entity type. */ + CRYS_SRP_Version_t srpVer, /*!< [in] SRP version. */ + CRYS_SRP_Modulus_t srpModulus, /*!< [in] A pointer to the SRP modulus, BE byte buffer. */ + uint8_t srpGen, /*!< [in] The SRP generator param. */ + size_t modSizeInBits, /*!< [in] The SRP modulus size in bits:1024, 1536, 2048 & 3072 */ + CRYS_HASH_OperationMode_t hashMode, /*!< [in] Enumerator defining the HASH mode. */ + uint8_t *pUserName, /*!< [in] A Pointer to user name. */ + size_t userNameSize, /*!< [in] The user name buffer size > 0. */ + uint8_t *pPwd, /*!< [in] A Pointer to user password. */ + size_t pwdSize, /*!< [in] The user password buffer size > 0 if pPwd is valid. */ + void *pRndState, /*!< [in] A Pointer to RND context.*/ + SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to random vector generation function.*/ + CRYS_SRP_Context_t *pCtx /*!< [out] A Pointer to the SRP host context.*/ +); + +/*! MACRO definition for a specific SRP initialization function.*/ +#define CRYS_SRP_HK_INIT(srpType, srpModulus, srpGen, modSizeInBits, pUserName, userNameSize, pPwd, pwdSize, pRndState, rndGenerateVectFunc, pCtx) \ + CRYS_SRP_Init(srpType, CRYS_SRP_VER_HK, srpModulus, srpGen, modSizeInBits, CRYS_HASH_SHA512_mode, pUserName, userNameSize, pPwd, pwdSize, pRndState, rndGenerateVectFunc, pCtx) + + +/****************************************************************************************************/ +/*! +@brief This function calculates pSalt & password verifier + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_srp_error.h, crys_rnd_error.h or crys_hash_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_SRP_PwdVerCreate( + size_t saltSize, /*!< [in] The size of the random salt to generate, + The range is between CRYS_SRP_MIN_SALT_SIZE + to CRYS_SRP_MAX_SALT_SIZE. */ + uint8_t *pSalt, /*!< [out] A Pointer to the pSalt number (s).*/ + CRYS_SRP_Modulus_t pwdVerifier, /*!< [out] A Pointer to the password verifier (v). */ + CRYS_SRP_Context_t *pCtx /*!< [out] A Pointer to the SRP context.*/ +); + + +/****************************************************************************************************/ +/*! +@brief Clears the SRP context. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_srp_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_SRP_Clear( + CRYS_SRP_Context_t *pCtx /*!< [in/out] A Pointer to the SRP context.*/ +); + + +/************************ SRP Host Functions **********************/ +/****************************************************************************************************/ +/*! +@brief This function generates host public & private ephemeral key, known as B & b in RFC + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_srp_error.h or crys_rnd_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_SRP_HostPubKeyCreate( + size_t ephemPrivSize, /*!< [in] The size of the generated ephemeral private key (b). + The range is between CRYS_SRP_PRIV_NUM_MIN_SIZE to + CRYS_SRP_PRIV_NUM_MAX_SIZE */ + CRYS_SRP_Modulus_t pwdVerifier, /*!< [in] A Pointer to the verifier (v). */ + CRYS_SRP_Modulus_t hostPubKeyB, /*!< [out] A Pointer to the host ephemeral public key (B). */ + CRYS_SRP_Context_t *pCtx /*!< [in/out] A Pointer to the SRP context.*/ +); + + +/*! +@brief Verifies the user Proof and calculates the Host message proof. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_srp_error.h or crys_hash_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_SRP_HostProofVerifyAndCalc( + size_t saltSize, /*!< [in] The size of the random salt, + The range is between CRYS_SRP_MIN_SALT_SIZE + to CRYS_SRP_MAX_SALT_SIZE. */ + uint8_t *pSalt, /*!< [in] A Pointer to the pSalt number.*/ + CRYS_SRP_Modulus_t pwdVerifier, /*!< [in] A Pointer to the password verifier (v). */ + CRYS_SRP_Modulus_t userPubKeyA, /*!< [in] A Pointer to the user ephemeral public key (A). */ + CRYS_SRP_Modulus_t hostPubKeyB, /*!< [in] A Pointer to the host ephemeral public key (B). */ + CRYS_SRP_Digest_t userProof, /*!< [in] A Pointer to the SRP user proof buffer (M1).*/ + CRYS_SRP_Digest_t hostProof, /*!< [out] A Pointer to the SRP host proof buffer (M2).*/ + CRYS_SRP_Secret_t sharedSecret, /*!< [out] A Pointer to the SRP shared secret (K).*/ + CRYS_SRP_Context_t *pCtx /*!< [in] A Pointer to the SRP context.*/ +); + + + +/************************ SRP User Functions **********************/ +/****************************************************************************************************/ +/*! +@brief This function generates user public & private ephemeral key, known as A & a in RFC + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_srp_error.h or crys_rnd_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_SRP_UserPubKeyCreate( + size_t ephemPrivSize, /*!< [in] The size of the generated ephemeral private key (a). + The range is between CRYS_SRP_PRIV_NUM_MIN_SIZE to + CRYS_SRP_PRIV_NUM_MAX_SIZE */ + CRYS_SRP_Modulus_t userPubKeyA, /*!< [out] A Pointer to the user ephemeral public key (A). */ + CRYS_SRP_Context_t *pCtx /*!< [in/out] A Pointer to the SRP context.*/ +); + + +/****************************************************************************************************/ +/*! +@brief This function calculates the user proof. + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_srp_error.h or crys_hash_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_SRP_UserProofCalc( + size_t saltSize, /*!< [in] The size of the random salt, + The range is between CRYS_SRP_MIN_SALT_SIZE + to CRYS_SRP_MAX_SALT_SIZE. */ + uint8_t *pSalt, /*!< [in] A Pointer to the pSalt number.*/ + CRYS_SRP_Modulus_t userPubKeyA, /*!< [in] A Pointer to the user public ephmeral key (A).*/ + CRYS_SRP_Modulus_t hostPubKeyB, /*!< [in] A Pointer to the host public ephmeral key (B).*/ + CRYS_SRP_Digest_t userProof, /*!< [out] A Pointer to the SRP user proof buffer (M1).*/ + CRYS_SRP_Secret_t sharedSecret, /*!< [out] A Pointer to the SRP shared secret (K).*/ + CRYS_SRP_Context_t *pCtx /*!< [out] A Pointer to the SRP context.*/ +); + +/****************************************************************************************************/ +/*! +@brief This function verifies the host proof + +@return CRYS_OK on success. +@return A non-zero value on failure as defined crys_srp_error.h or crys_hash_error.h. +*/ +CIMPORT_C CRYSError_t CRYS_SRP_UserProofVerify( + CRYS_SRP_Secret_t sharedSecret, /*!< [in] A Pointer to the SRP shared secret (K).*/ + CRYS_SRP_Modulus_t userPubKeyA, /*!< [in] A Pointer to the user public ephmeral key (A).*/ + CRYS_SRP_Digest_t userProof, /*!< [in] A Pointer to the SRP user proof buffer (M1).*/ + CRYS_SRP_Digest_t hostProof, /*!< [in] A Pointer to the SRP host proof buffer (M2).*/ + CRYS_SRP_Context_t *pCtx /*!< [out] A Pointer to the SRP user context.*/ +); + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif /* #ifndef CRYS_SRP_H */ + + + + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_srp_error.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_srp_error.h new file mode 100644 index 0000000..a710746 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/crys_srp_error.h @@ -0,0 +1,91 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +#ifndef CRYS_SRP_ERROR_H +#define CRYS_SRP_ERROR_H + + +#include "crys_error.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! +@file +@brief This module contains the definitions of the CRYS SRP errors. +@defgroup crys_srp_error CryptoCell SRP specific errors +@{ +@ingroup crys_srp +*/ + + + +/************************ Defines ******************************/ + +/*! The CRYS SRP module errors base address - 0x00F02600. */ +/*! Illegal parameter. */ +#define CRYS_SRP_PARAM_INVALID_ERROR (CRYS_SRP_MODULE_ERROR_BASE + 0x01UL) +/*! Illegal modulus size . */ +#define CRYS_SRP_MOD_SIZE_INVALID_ERROR (CRYS_SRP_MODULE_ERROR_BASE + 0x02UL) +/*! Illegal state (uninitialized) . */ +#define CRYS_SRP_STATE_UNINITIALIZED_ERROR (CRYS_SRP_MODULE_ERROR_BASE + 0x03UL) +/*! Result validation error. */ +#define CRYS_SRP_RESULT_ERROR (CRYS_SRP_MODULE_ERROR_BASE + 0x04UL) +/*! Invalid parameter. */ +#define CRYS_SRP_PARAM_ERROR (CRYS_SRP_MODULE_ERROR_BASE + 0x05UL) +/*! Internal PKI error */ +#define CRYS_SRP_PKI_INTERNAL_ERROR (CRYS_SRP_MODULE_ERROR_BASE + 0x06UL) + +/************************ Enums ********************************/ + +/************************ Typedefs ****************************/ + +/************************ Structs *****************************/ + +/************************ Public Variables *********************/ + +/************************ Public Functions *********************/ + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/driver_defs.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/driver_defs.h new file mode 100644 index 0000000..bc49e7e --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/driver_defs.h @@ -0,0 +1,354 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + +#ifndef _DRIVER_DEFS_H_ +#define _DRIVER_DEFS_H_ + +#ifdef __KERNEL__ +#include +#define INT32_MAX 0x7FFFFFFFL +#else +#include +#endif + +#ifndef min +#define min(a, b) ((a) < (b) ? (a) : (b)) +#endif + +/****************************************************************************** +* TYPE DEFINITIONS +******************************************************************************/ +typedef uint32_t drvError_t; + +typedef enum aesMode { + CIPHER_NULL_MODE = -1, + CIPHER_ECB = 0, + CIPHER_CBC = 1, + CIPHER_CTR = 2, + CIPHER_CBC_MAC = 3, + CIPHER_CMAC = 7, + CIPHER_RESERVE32B = INT32_MAX +}aesMode_t; + +typedef enum hashMode { + HASH_NULL_MODE = -1, + HASH_SHA1 = 0, + HASH_SHA256 = 1, + HASH_SHA224 = 2, + HASH_SHA512 = 3, + HASH_SHA384 = 4, + HASH_RESERVE32B = INT32_MAX +}hashMode_t; + +typedef enum DataBlockType { + FIRST_BLOCK, + MIDDLE_BLOCK, + LAST_BLOCK, + RESERVE32B_BLOCK = INT32_MAX +}DataBlockType_t; + +typedef enum dataAddrType { + SRAM_ADDR = 0, + DLLI_ADDR = 1, + ADDR_RESERVE32B = INT32_MAX +}dataAddrType_t; + +typedef enum cryptoDirection { + CRYPTO_DIRECTION_ENCRYPT = 0, + CRYPTO_DIRECTION_DECRYPT = 1, + + CRYPTO_DIRECTION_NUM_OF_ENC_MODES, + CRYPTO_DIRECTION_RESERVE32B = INT32_MAX +}cryptoDirection_t; + +typedef enum cryptoKeyType { + RKEK_KEY = 0, + USER_KEY = 1, + PROVISIONING_KEY = 2, + SESSION_KEY = 3, + END_OF_KEYS = INT32_MAX, +}cryptoKeyType_t; + +typedef enum cryptoPaddingType { + CRYPTO_PADDING_NONE = 0, + CRYPTO_PADDING_PKCS7 = 1, + CRYPTO_PADDING_RESERVE32B = INT32_MAX +}cryptoPaddingType_t; + +typedef enum chachaNonceSize { + NONCE_SIZE_64 = 0, + NONCE_SIZE_96 = 1, + NONCE_SIZE_RESERVE32B = INT32_MAX +}chachaNonceSize_t; + +/* The IOT drviers base address */ +#define DRV_MODULE_ERROR_BASE 0x00F00000 +#define AES_DRV_MODULE_ERROR_BASE (DRV_MODULE_ERROR_BASE + 0x10000UL) +#define HASH_DRV_MODULE_ERROR_BASE (DRV_MODULE_ERROR_BASE + 0x20000UL) +#define HMAC_DRV_MODULE_ERROR_BASE (DRV_MODULE_ERROR_BASE + 0x30000UL) +#define BYPASS_DRV_MODULE_ERROR_BASE (DRV_MODULE_ERROR_BASE + 0x40000UL) +#define CHACHA_DRV_MODULE_ERROR_BASE (DRV_MODULE_ERROR_BASE + 0x50000UL) + + +/****************************************************************************** +* AES DEFINITIONS +******************************************************************************/ + +#define AES_BLOCK_SIZE 16 +#define AES_BLOCK_SIZE_WORDS (AES_BLOCK_SIZE >> 2) +#define AES_IV_SIZE 16 +#define AES_IV_SIZE_WORDS (AES_IV_SIZE >> 2) +#define AES_128_BIT_KEY_SIZE 16 +#define AES_128_BIT_KEY_SIZE_WORDS (AES_128_BIT_KEY_SIZE >> 2) + + +#define ENABLE_AES_CLOCK 0x1UL +#define DISABLE_AES_CLOCK 0x0UL + +#define CONFIG_DIN_AES_DOUT_VAL 0x1UL + +/* The CRYS AES module errors */ +#define AES_DRV_OK 0 +#define AES_DRV_INVALID_USER_CONTEXT_POINTER_ERROR (AES_DRV_MODULE_ERROR_BASE + 0x00UL) +#define AES_DRV_ILLEGAL_OPERATION_MODE_ERROR (AES_DRV_MODULE_ERROR_BASE + 0x01UL) +#define AES_DRV_ILLEGAL_OPERATION_DIRECTION_ERROR (AES_DRV_MODULE_ERROR_BASE + 0x02UL) +#define AES_DRV_ILLEGAL_INPUT_ADDR_MEM_ERROR (AES_DRV_MODULE_ERROR_BASE + 0x03UL) +#define AES_DRV_ILLEGAL_OUTPUT_ADDR_MEM_ERROR (AES_DRV_MODULE_ERROR_BASE + 0x04UL) +#define AES_DRV_ILLEGAL_MEM_SIZE_ERROR (AES_DRV_MODULE_ERROR_BASE + 0x05UL) + + +/****************************************************************************** +* HASH & HMAC DEFINITIONS +******************************************************************************/ + +/************************ Typedefs ****************************/ +typedef drvError_t (*llf_hash_init_operation_func)(void *); +typedef drvError_t (*llf_hash_update_operation_func)(void *, uint32_t inputDataAddr, uint32_t dataInSize); +typedef drvError_t (*llf_hash_finish_operation_func)(void *); + + +/* The SHA-1 digest result size */ +#define SHA1_DIGEST_SIZE_IN_WORDS 5 +#define SHA1_DIGEST_SIZE_IN_BYTES (SHA1_DIGEST_SIZE_IN_WORDS * sizeof(uint32_t)) + +/* The SHA-256 digest result size*/ +#define SHA224_DIGEST_SIZE_IN_WORDS 7 +#define SHA224_DIGEST_SIZE_IN_BYTES (SHA224_DIGEST_SIZE_IN_WORDS * sizeof(uint32_t)) + +/* The SHA-256 digest result size */ +#define SHA256_DIGEST_SIZE_IN_WORDS 8 +#define SHA256_DIGEST_SIZE_IN_BYTES (SHA256_DIGEST_SIZE_IN_WORDS * sizeof(uint32_t)) + +/* The SHA-384 digest result size*/ +#define SHA384_DIGEST_SIZE_IN_WORDS 12 +#define SHA384_DIGEST_SIZE_IN_BYTES (SHA384_DIGEST_SIZE_IN_WORDS * sizeof(uint32_t)) + +/* The SHA-512 digest result size in bytes */ +#define SHA512_DIGEST_SIZE_IN_WORDS 16 +#define SHA512_DIGEST_SIZE_IN_BYTES (SHA512_DIGEST_SIZE_IN_WORDS * sizeof(uint32_t)) + + +#define MAX_DIGEST_SIZE_WORDS SHA512_DIGEST_SIZE_IN_WORDS + +/* Hash driver registers configurations */ +#define ENABLE_HASH_CLOCK 0x1UL +#define DISABLE_HASH_CLOCK 0x0UL + +#define HW_HASH_CTL_SHA1_VAL 0x0001UL +#define HW_HASH_CTL_SHA256_VAL 0x0002UL +#define HW_HASH_LE_MODE_VAL 0x0001UL +#define HW_HASH_PAD_EN_VAL 0x1UL + +/* The SHA1 hash block size in words */ +#define HASH_BLOCK_SIZE_IN_WORDS 16 +#define HASH_BLOCK_SIZE_IN_BYTES (HASH_BLOCK_SIZE_IN_WORDS * sizeof(uint32_t)) + +/* The SHA2 hash block size in words */ +#define HASH_SHA512_BLOCK_SIZE_IN_WORDS 32 +#define HASH_SHA512_BLOCK_SIZE_IN_BYTES (HASH_SHA512_BLOCK_SIZE_IN_WORDS * sizeof(uint32_t)) + +#define CONFIG_HASH_MODE_VAL 0x7UL + +/* the MAC key IPAD and OPAD bytes */ +#define MAC_KEY_IPAD_BYTE 0x36 +#define MAC_KEY_OPAD_BYTE 0x5C + +#define HMAC_CONTEXT_VALIDATION_TAG 0x23456789 + +/* The CRYS HASH module errors */ +#define HASH_DRV_OK 0 +#define HASH_DRV_INVALID_USER_CONTEXT_POINTER_ERROR (HASH_DRV_MODULE_ERROR_BASE + 0x00UL) +#define HASH_DRV_ILLEGAL_OPERATION_MODE_ERROR (HASH_DRV_MODULE_ERROR_BASE + 0x01UL) +#define HASH_DRV_USER_CONTEXT_CORRUPTED_ERROR (HASH_DRV_MODULE_ERROR_BASE + 0x02UL) + +/* The CRYS HMAC module errors */ +#define HMAC_DRV_OK 0 +#define HMAC_DRV_INVALID_USER_CONTEXT_POINTER_ERROR (HMAC_DRV_MODULE_ERROR_BASE + 0x00UL) + + +/* SHA512 soft driver */ + +/* The first padding byte */ +#define LLF_HASH_FIRST_PADDING_BYTE 0x80 +/* The size at the end of the padding for SHA384 and SHA512 */ +#define LLF_HASH_SHA2_COUNTER_SIZE_ON_END_OF_PADDING_IN_BYTES (4 * sizeof(uint32_t)) +#define LLF_HASH_SHA2_COUNTER_SIZE_ON_END_OF_PADDING_IN_WORDS 4 + +/* the HASH user context validity TAG */ +#define HASH_CONTEXT_VALIDATION_TAG 0x12345678 + +/****************************************************************************** +* BYPASS DEFINITIONS +******************************************************************************/ + +#define CONFIG_DIN_BYPASS_DOUT_VAL 0 + +/* The CRYS BYPASS module errors */ +#define BYPASS_DRV_OK 0 +#define BYPASS_DRV_ILLEGAL_BLOCK_SIZE_ERROR (BYPASS_DRV_MODULE_ERROR_BASE + 0x01UL) +#define BYPASS_DRV_ILLEGAL_INPUT_ADDR_MEM_ERROR (BYPASS_DRV_MODULE_ERROR_BASE + 0x02UL) +#define BYPASS_DRV_ILLEGAL_OUTPUT_ADDR_MEM_ERROR (BYPASS_DRV_MODULE_ERROR_BASE + 0x03UL) + +/****************************************************************************** +* CHACHA DEFINITIONS +******************************************************************************/ + +#define CHACHA_BLOCK_SIZE_BYTES 64 +#define CHACHA_BLOCK_SIZE_WORDS (CHACHA_BLOCK_SIZE_BYTES >> 2) +#define CHACHA_NONCE_64_SIZE_BYTES 8 +#define CHACHA_NONCE_64_SIZE_WORDS (CHACHA_NONCE_64_SIZE_BYTES >> 2) +#define CHACHA_NONCE_96_SIZE_BYTES 12 +#define CHACHA_NONCE_96_SIZE_WORDS (CHACHA_NONCE_96_SIZE_BYTES >> 2) +#define CHACHA_256_BIT_KEY_SIZE 32 +#define CHACHA_256_BIT_KEY_SIZE_WORDS (CHACHA_256_BIT_KEY_SIZE >> 2) + +#define ENABLE_CHACHA_CLOCK 0x1UL +#define DISABLE_CHACHA_CLOCK 0x0UL + +#define CONFIG_DIN_CHACHA_DOUT_VAL 0x10UL + +/* The CRYS CHACHA module errors */ +#define CHACHA_DRV_OK 0 +#define CHACHA_DRV_INVALID_USER_CONTEXT_POINTER_ERROR (CHACHA_DRV_MODULE_ERROR_BASE + 0x00UL) +#define CHACHA_DRV_ILLEGAL_OPERATION_DIRECTION_ERROR (CHACHA_DRV_MODULE_ERROR_BASE + 0x01UL) +#define CHACHA_DRV_ILLEGAL_INPUT_ADDR_MEM_ERROR (CHACHA_DRV_MODULE_ERROR_BASE + 0x02UL) +#define CHACHA_DRV_ILLEGAL_OUTPUT_ADDR_MEM_ERROR (CHACHA_DRV_MODULE_ERROR_BASE + 0x03UL) +#define CHACHA_DRV_ILLEGAL_MEM_SIZE_ERROR (CHACHA_DRV_MODULE_ERROR_BASE + 0x04UL) +#define CHACHA_DRV_ILLEGAL_NONCE_SIZE_ERROR (CHACHA_DRV_MODULE_ERROR_BASE + 0x05UL) + + +/****************************************************************************** +* MACROS +******************************************************************************/ +/* This MACRO purpose is to switch from CryptoCell definitions to crypto driver definitions, the MACRO assumes that the value is legal (encrypt or decrypt only) */ +#define SASI_2_DRIVER_DIRECTION(ssiDirection) ((ssiDirection == SASI_AES_ENCRYPT) ? (CRYPTO_DIRECTION_ENCRYPT) : (CRYPTO_DIRECTION_DECRYPT)) + +/* Poll on the DOUT MEM DMA (DLLI) busy till it is = 0 */ +#define SASI_HAL_WAIT_ON_DOUT_MEM_DMA_BUSY()\ + do {\ + uint32_t regVal=1;\ + do {\ + regVal = SASI_HAL_READ_REGISTER( SASI_REG_OFFSET(HOST_RGF, DOUT_MEM_DMA_BUSY));\ + }while( regVal ); \ + }while(0) + +/* Poll on the DIN MEM DMA (DLLI) busy till it is = 0 */ +#define SASI_HAL_WAIT_ON_DIN_MEM_DMA_BUSY()\ + do {\ + uint32_t regVal=1;\ + do {\ + regVal = SASI_HAL_READ_REGISTER( SASI_REG_OFFSET(HOST_RGF, DIN_MEM_DMA_BUSY));\ + }while( regVal );\ + }while(0) + +/* Poll on the DOUT SRAM DMA busy till it is = 0 */ +#define SASI_HAL_WAIT_ON_DOUT_SRAM_DMA_BUSY()\ + do {\ + uint32_t regVal=1; \ + do {\ + regVal = SASI_HAL_READ_REGISTER( SASI_REG_OFFSET(HOST_RGF, DOUT_SRAM_DMA_BUSY));\ + }while( regVal );\ + }while(0) + +/* Poll on the DIN SRAM busy till it is = 0 */ +#define SASI_HAL_WAIT_ON_DIN_SRAM_DMA_BUSY()\ + do {\ + uint32_t regVal=1;\ + do {\ + regVal = SASI_HAL_READ_REGISTER( SASI_REG_OFFSET(HOST_RGF, DIN_SRAM_DMA_BUSY));\ + }while( regVal );\ + }while(0) + + +/* Poll on the AES busy till it is = 0 */ +#define SASI_HAL_WAIT_ON_AES_BUSY()\ + do {\ + uint32_t regVal=1;\ + do {\ + regVal = SASI_HAL_READ_REGISTER( SASI_REG_OFFSET(HOST_RGF, AES_BUSY));\ + }while( regVal );\ + }while(0) + +/* Poll on the HASH busy till it is = 0 */ +#define SASI_HAL_WAIT_ON_HASH_BUSY()\ + do {\ + uint32_t regVal=1;\ + do {\ + regVal = SASI_HAL_READ_REGISTER( SASI_REG_OFFSET(HOST_RGF, HASH_BUSY));\ + }while( regVal );\ + }while(0) + +/* Poll on the CHACHA busy till it is = 0 */ +#define SASI_HAL_WAIT_ON_CHACHA_BUSY() \ + do { \ + uint32_t regVal=1; \ + do { \ + regVal = SASI_HAL_READ_REGISTER( SASI_REG_OFFSET(HOST_RGF, CHACHA_BUSY)); \ + }while( regVal ); \ + }while(0) + +/* Poll on the crypto busy till it is = 0 */ +#define SASI_HAL_WAIT_ON_CRYPTO_BUSY()\ + do {\ + uint32_t regVal=1;\ + do {\ + regVal = SASI_HAL_READ_REGISTER( SASI_REG_OFFSET(HOST_RGF, CRYPTO_BUSY));\ + }while( regVal );\ + }while(0) + + +#endif /* _DRIVER_DEFS_H_ */ + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/sns_silib.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/sns_silib.h new file mode 100644 index 0000000..6a1502a --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/sns_silib.h @@ -0,0 +1,113 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +/*! +@file +@brief This file contains all of the enums and definitions that are used for the + CryptoCell Lib init and finish APIs, as well as the APIs themselves. +@defgroup sns_silib CryptoCell library basic APIs +@{ +@ingroup cryptocell_api + +*/ + +#ifndef __SNS_SILIB_H__ +#define __SNS_SILIB_H__ + +#include "ssi_pal_types.h" +#include "crys_rnd.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! Definitions for error returns from SaSi_LibInit or SaSi_LibFini functions. */ +typedef enum { + SA_SILIB_RET_OK = 0, /*!< Success defintion.*/ + SA_SILIB_RET_EINVAL_CTX_PTR, /*!< Illegal context pointer.*/ + SA_SILIB_RET_EINVAL_WORK_BUF_PTR, /*!< Illegal work buffer pointer.*/ + SA_SILIB_RET_HAL, /*!< Error returned from HAL layer.*/ + SA_SILIB_RET_PAL, /*!< Error returned from PAL layer.*/ + SA_SILIB_RET_RND_INST_ERR, /*!< RND instantiation faied.*/ + SA_SILIB_RET_EINVAL_HW_VERSION, /*!< Invalid HW version. */ + SA_SILIB_RET_EINVAL_HW_SIGNATURE, /*!< Invalid HW signature. */ + SA_SILIB_RESERVE32B = 0x7FFFFFFFL /*!< Reserved.*/ +} SA_SilibRetCode_t; + + +/*! Internal defintion for the product register. */ +#define DX_VERSION_PRODUCT_BIT_SHIFT 0x18UL +/*! Internal defintion for the product register size. */ +#define DX_VERSION_PRODUCT_BIT_SIZE 0x8UL + + + +/*! +@brief This function Perform global initialization of the ARM CryptoCell 3xx runtime library; +it must be called once per ARM CryptoCell for 3xx cold boot cycle. +Among other initializations, this function calls CRYS_RND_Instantiation and CRYS_RND_SetGenerateVectorFunc +to initialize the TRNG and the primary RND context. An initialized RND context is required for calling RND +APIs and asymmetric cryptography key generation and signatures. The primary context returned by this +function can be used as a single global context for all RND needs. Alternatively, other contexts may +be initialized and used with a more limited scope (for specific applications or specific threads). +\note The Mutexes, if used, are initialized by this API. Therefore, unlike the other APIs in the library, +this API is not thread-safe. +@return SA_SILIB_RET_OK on success. +@return A non-zero value in case of failure. +*/ +SA_SilibRetCode_t SaSi_LibInit(void *rnd_ctx, /*!< [in/out] Pointer to the RND state buffer, + allocated by the user. + This state must be saved and provided as parameter to any API that + uses the RND module.*/ + CRYS_RND_WorkBuff_t *rndWorkBuff_ptr /*!< [in] Scratchpad for the RND module's work. */); + +/*! +@brief This function finalize the library operations. It frees the associated resources (mutexes) and call hal and pal terminate functions. +the function also call CRYS_RND_UnInstantiation to clean the rnd state. +@return SA_SILIB_RET_OK on success. +@return A non-zero value in case of failure. +*/ +SA_SilibRetCode_t SaSi_LibFini(void *rnd_ctx /*!< [in/out] Pointer to the RND state buffer that was + initialized in SaSi_LibInit.*/); + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif /*__DX_CCLIB_H__*/ + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_aes.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_aes.h new file mode 100644 index 0000000..ccd50ab --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_aes.h @@ -0,0 +1,325 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +/*! @file +@brief This file contains all of the enums and definitions that are used for the +CryptoCell AES APIs, as well as the APIs themselves. +@defgroup ssi_aes CryptoCell AES APIs +@{ +@ingroup cryptocell_api +*/ + +#ifndef SSI_AES_H +#define SSI_AES_H + +#include "ssi_pal_types.h" +#include "ssi_aes_error.h" +#include "ssi_aes_defs.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/************************ Defines ******************************/ + + +/************************ Enums ********************************/ + +/*! +Encrypt or Decrypt operation mode. +*/ +typedef enum { + /*! Encrypt operation. */ + SASI_AES_ENCRYPT = 0, + /*! Decrypt operation. */ + SASI_AES_DECRYPT = 1, + /*! Maximal number of operations. */ + SASI_AES_NUM_OF_ENCRYPT_MODES, + /*! Reserved. */ + SASI_AES_ENCRYPT_MODE_LAST = 0x7FFFFFFF +}SaSiAesEncryptMode_t; + +/*! +AES operation mode. +*/ +typedef enum { + SASI_AES_MODE_ECB = 0, /*!< ECB mode. */ + SASI_AES_MODE_CBC = 1, /*!< CBC mode. */ + SASI_AES_MODE_CBC_MAC = 2, /*!< CBC-MAC mode. */ + SASI_AES_MODE_CTR = 3, /*!< CTR mode. */ + SASI_AES_MODE_XCBC_MAC = 4, /*!< XCBC-MAC mode. */ + SASI_AES_MODE_CMAC = 5, /*!< CMAC mode. */ + SASI_AES_MODE_XTS = 6, /*!< XTS mode. */ + SASI_AES_MODE_CBC_CTS = 7, /*!< CBC-CTS mode. */ + SASI_AES_MODE_OFB = 8, /*!< OFB mode. */ + + /*! Maximal number of AES modes */ + SASI_AES_NUM_OF_OPERATION_MODES, + /*! Reserved. */ + SASI_AES_OPERATION_MODE_LAST = 0x7FFFFFFF +}SaSiAesOperationMode_t; + +/*! +AES padding type. +*/ +typedef enum { + SASI_AES_PADDING_NONE = 0, /*!< No padding. */ + SASI_AES_PADDING_PKCS7 = 1, /*!< PKCS7 padding. */ + + /*! Maximal number of AES padding modes */ + SASI_AES_NUM_OF_PADDING_TYPES, + /*! Reserved. */ + SASI_AES_PADDING_TYPE_LAST = 0x7FFFFFFF +}SaSiAesPaddingType_t; + +/*! +AES key type. +*/ +typedef enum { + SASI_AES_USER_KEY = 0, /*!< user key. */ + SASI_AES_PLATFORM_KEY = 1, /*!< Kplt hardware key. */ + SASI_AES_CUSTOMER_KEY = 2, /*!< Kcst hardware key. */ + + /*! Maximal number of AES key types */ + SASI_AES_NUM_OF_KEY_TYPES, + /*! Reserved. */ + SASI_AES_KEY_TYPE_LAST = 0x7FFFFFFF +}SaSiAesKeyType_t; + +/************************ Typedefs ****************************/ + +/*! Defines the IV buffer - 16 bytes array. */ +typedef uint8_t SaSiAesIv_t[SASI_AES_IV_SIZE_IN_BYTES]; + +/*! Defines the AES key data buffer. */ +typedef uint8_t SaSiAesKeyBuffer_t[SASI_AES_KEY_MAX_SIZE_IN_BYTES]; + +/************************ Structs ******************************/ + +/*! The user's context prototype - the argument type that is passed by the user + to the AES APIs. The context saves the state of the operation and must be saved by the user + till the end of the APIs flow*/ +typedef struct SaSiAesUserContext_t { + /*! Context buffer for internal usage. */ + uint32_t buff[SASI_AES_USER_CTX_SIZE_IN_WORDS]; +}SaSiAesUserContext_t; + + +/*! AES User Key Data. */ +typedef struct SaSiAesUserKeyData_t { + uint8_t * pKey; /*!< Pointer to the key. */ + size_t keySize; /*!< The key size in bytes. Valid values: +
    • For XTS mode - 32 or 64 byte, indicating the full size of the double key (2x128 or 2x256 bit).
      • +
    • For XCBC-MAC mode - 16 byte (limited by the standard).
      • +
    • For all other modes - 16, 24 or 32 byte.
    */ +}SaSiAesUserKeyData_t; + +/*! AES HW Key Data - this structure is likely to be changed when we'll start using it. */ +typedef struct SaSiAesHwKeyData_t { + size_t slotNumber; /*!< Slot number. */ +}SaSiAesHwKeyData_t; + + +/************************ Functions *****************************/ + +/*! +@brief This function is used to initialize an AES operation context. + To operate the AES machine, this must be the first API called. + +@return SASI_OK on success, +@return A non-zero value from ssi_aes_error.h on failure. +*/ +CIMPORT_C SaSiError_t SaSi_AesInit( + SaSiAesUserContext_t * pContext, /*!< [in] Pointer to the AES context buffer that is allocated by the caller and initialized by this API. + Should be used in all subsequent calls that are part of the same operation. */ + SaSiAesEncryptMode_t encryptDecryptFlag, /*!< [in] A flag specifying whether an AES Encrypt (SASI_AES_Encrypt) or Decrypt (SASI_AES_Decrypt) operation should be performed. + Must be set to CRYS_AES_Encrypt in CBC-MAC, XCBC-MAC and CMAC modes. */ + SaSiAesOperationMode_t operationMode, /*!< [in] The operation cipher/mode. */ + SaSiAesPaddingType_t paddingType /*!< [in] The padding type for AES operation: +
    • NONE - supported for all operation modes.
      • +
    • PKCS7 - supported for ECB, CBC, CBC-MAC operation modes.
    */ +); + + +/*! +@brief This function sets the key information for the AES operation, in the context that was initialized by SaSi_AesInit. +\note When FIPS certification mode is set to ON, and the mode is AES-XTS, weak keys are not allowed (128/256 lsb bits must be +different than 128/256 msb bits, according to the key size). +@return SASI_OK on success, +@return A non-zero value from ssi_aes_error.h on failure. +*/ +CIMPORT_C SaSiError_t SaSi_AesSetKey( + SaSiAesUserContext_t * pContext, /*!< [in] Pointer to the AES context, after it was initialized by SaSi_AesInit. */ + SaSiAesKeyType_t keyType, /*!< [in] The type of key to be used for the AES operation. + Currently only SASI_AES_USER_KEY is supported - the key is plaintext and provided in the pKeyData parameter. */ + void * pKeyData, /*!< [in] Pointer to the key data structure (to be casted to the relevant struct type). */ + size_t keyDataSize /*!< [in] The size of data passed in pKeyData in bytes. */ +); + + +/*! +@brief This function sets the IV, counter or tweak data for the following AES operation on the same context. + The context must be first initialized by SaSi_AesInit. + It must be called at least once prior to the first SaSi_AesBlock operation on the same context - for those ciphers that require it. + If needed, it can also be called to override the IV in the middle of a sequence of SaSi_AesBlock operations. + +@return SASI_OK on success, +@return A non-zero value from ssi_aes_error.h on failure. +*/ +CIMPORT_C SaSiError_t SaSi_AesSetIv( + SaSiAesUserContext_t * pContext, /*!< [in] Pointer to the AES context. */ + SaSiAesIv_t pIV /*!< [in] Pointer to the buffer of the IV, counter or tweak. +
    • For CBC, CBC-CTS, OFB and CBC-MAC modes - the IV value.
      • +
    • For CTR mode - the counter.
      • +
    • For XTS mode - the tweak value.
      • +
    • For all other modes - N/A.
    */ +); + + +/*! +@brief This function retrieves the current IV, counter or tweak from the AES context. + +@return SASI_OK on success, +@return A non-zero value from ssi_aes_error.h on failure. +*/ +CIMPORT_C SaSiError_t SaSi_AesGetIv( + SaSiAesUserContext_t * pContext, /*!< [in] Pointer to the AES context. */ + SaSiAesIv_t pIV /*!< [out] Pointer to the buffer of the IV, counter or tweak. +
    • For CBC, CBC-CTS, OFB and CBC-MAC modes - the IV value.
      • +
    • For CTR mode - the counter.
      • +
    • For XTS mode - the tweak value.
      • +
    • For all other modes - N/A.
    */ +); + + +/*! +@brief This function performs an AES operation on an input data buffer, according to the configuration defined in the context parameter. + It can be called as many times as needed, until all the input data is processed. + SaSi_AesInit, SaSi_AesSetKey, and for some ciphers SaSi_AesSetIv, must be called before + the first call to this API with the same context. + +@return SASI_OK on success, +@return A non-zero value from ssi_aes_error.h on failure. +*/ +CIMPORT_C SaSiError_t SaSi_AesBlock( + SaSiAesUserContext_t * pContext, /*!< [in] Pointer to the AES context. */ + uint8_t * pDataIn, /*!< [in] Pointer to the buffer of the input data to the AES. The pointer does not need to be aligned. + For TZ, the size of the scatter/gather list representing the data buffer is limited to 128 entries, + and the size of each entry is limited to 64KB (fragments larger than 64KB are broken into fragments <= 64KB). + For ARM CryptoCell 3xx, The buffer must be contiguous and limited to 64KB. */ + size_t dataInSize, /*!< [in] Size of the input data in bytes. +
    • For all modes except XTS, must be multiple of 16 bytes.
      • +
    • For XTS mode, only the following data sizes are supported: 64, 512, 520, 521, 1024 and 4096 bytes. + The data passed in a single SaSi_AesBlock call is considered to be a single XTS unit. + All subsequent calls to this API with the same context must use the same data size.
    */ + uint8_t * pDataOut /*!< [out] Pointer to the output buffer. The pointer does not need to be aligned. + For CBC-MAC, XCBC-MAC, CMAC modes it may be NULL. + For TZ, the size of the scatter/gather list representing the data buffer is limited to 128 entries, + and the size of each entry is limited to 64KB (fragments larger than 64KB are broken into fragments <= 64KB). + For ARM CryptoCell 3xx, The buffer must be contiguous and limited to 64KB. */ +); + + +/*! +@brief This function is used to finish AES operation. + + It processes the last data block if needed, finalizes the AES operation (cipher-specific), + and produces operation results (for MAC operations). + \note In case AES padding is used (PKCS#7) Din and Dout user's buffers must include extra space for + the padding scheme. + +@return SASI_OK on success, +@return A non-zero value from ssi_aes_error.h on failure. +*/ +CIMPORT_C SaSiError_t SaSi_AesFinish( + SaSiAesUserContext_t * pContext, /*!< [in] Pointer to the AES context. */ + size_t dataSize, /*!< [in] The size of the input data in bytes. +
    • For CBC-CTS mode, must be > 16. Can be <=16 only if this is the only data (no previous calls were + made to SaSi_AesBlock with the same context).
      • +
    • For XTS mode, the data size must conform to the dataInSize rules as listed for XTS under the + SaSi_AesBlock API, and match the data size passed in the previous calls to SaSi_AesBlock with the + same context.
      • +
    • For all other modes, zero is a valid size.
      • +
    • For ECB, CBC, CBC-MAC modes:
      • +
      • Must be >= 0, if direction is SASI_AES_ENCRYPT and padding type is SASI_AES_PADDING_PKCS7.
        • +
      • Must be >= 16 and a multiple of 16 bytes, if direction is SASI_AES_DECRYPT and padding type + is SASI_AES_PADDING_PKCS7.
        • +
      • Must be a multiple of 16 bytes, otherwise.
    */ + uint8_t * pDataIn, /*!< [in] Pointer of the input data buffer. + For TZ, the size of the scatter/gather list representing the data buffer is limited to 128 entries, + and the size of each entry is limited to 64KB (fragments larger than 64KB are broken into fragments <= 64KB). + For ARM CryptoCell 3xx, The buffer must be contiguous and limited to 64KB. */ + size_t dataInBuffSize, /*!< [in] Size of pDataIn buffer in bytes. +
    • Must be >= dataSize.
      • +
    • According to padding type, must be >= dataSize + padding. For PKCS7, padding size is + maximum SASI_AES_BLOCK_SIZE_IN_BYTES.
    */ + uint8_t * pDataOut, /*!< [out] Pointer to the output buffer. + For TZ, the size of the scatter/gather list representing the data buffer is limited to 128 entries, + and the size of each entry is limited to 64KB (fragments larger than 64KB are broken into fragments <= 64KB). + For ARM CryptoCell 3xx, The buffer must be contiguous and limited to 64KB. */ + size_t * dataOutBuffSize /*!< [in,out] In - Size of pDataOut buffer in bytes. + The output buffer size must be no less than: +
    • For CBC-MAC, XCBC-MAC, CMAC modes - 16 bytes (for MAC result).
      • +
    • For non-MAC modes - dataInBuffSize.
    + Out - The size in bytes of the actual output data: +
    • If direction is SASI_AES_ENCRYPT and padding type is SASI_AES_PADDING_PKCS7, it is the actual size + with the padding.
      • +
    • If direction is SASI_AES_DECRYPT and padding type is SASI_AES_PADDING_PKCS7, it is the size without + the padding.
      • +
    • For CBC-MAC, XCBC-MAC, CMAC modes - always 16 bytes.
    */ +); + + +/*! +@brief This function releases and crears resources after AES operations. + +@return SASI_OK on success, +@return A non-zero value from ssi_aes_error.h on failure. +*/ +CIMPORT_C SaSiError_t SaSi_AesFree( + SaSiAesUserContext_t * pContext /*!< [in] Pointer to the AES context. */ +); + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif /* #ifndef SSI_AES_H */ + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_aes_defs.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_aes_defs.h new file mode 100644 index 0000000..02789d0 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_aes_defs.h @@ -0,0 +1,83 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +/*! +@file +@brief This file contains definitions that are used for the ARM CryptoCell 3xx version of the CryptoCell AES APIs. +@defgroup ssi_aes_defs CryptoCell AES definitions +@{ +@ingroup ssi_aes + +*/ + +#ifndef SSI_AES_DEFS_H +#define SSI_AES_DEFS_H + +#include "ssi_pal_types.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/************************ Defines ******************************/ + +/*! The size of the user's context prototype (see ::SaSiAesUserContext_t) in words. */ +#define SASI_AES_USER_CTX_SIZE_IN_WORDS (4+4+7+4) + +/*! The AES block size in words. */ +#define SASI_AES_BLOCK_SIZE_IN_WORDS 4 +/*! The AES block size in bytes. */ +#define SASI_AES_BLOCK_SIZE_IN_BYTES (SASI_AES_BLOCK_SIZE_IN_WORDS * sizeof(uint32_t)) + +/*! The size of the IV buffer in words. */ +#define SASI_AES_IV_SIZE_IN_WORDS SASI_AES_BLOCK_SIZE_IN_WORDS +/*! The size of the IV buffer in bytes. */ +#define SASI_AES_IV_SIZE_IN_BYTES (SASI_AES_IV_SIZE_IN_WORDS * sizeof(uint32_t)) + +/*! The maximum size of the AES KEY in words. */ +#define SASI_AES_KEY_MAX_SIZE_IN_WORDS 4 +/*! The maximum size of the AES KEY in bytes. */ +#define SASI_AES_KEY_MAX_SIZE_IN_BYTES (SASI_AES_KEY_MAX_SIZE_IN_WORDS * sizeof(uint32_t)) + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif /* #ifndef SSI_AES_DEFS_H */ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_aes_error.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_aes_error.h new file mode 100644 index 0000000..4ad49e6 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_aes_error.h @@ -0,0 +1,133 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +/*! +@file +@brief This file contains the definitions of the CryptoCell AES errors. +@defgroup ssi_aes_error CryptoCell AES specific errors +@{ +@ingroup ssi_aes +*/ + +#ifndef SSI_AES_ERROR_H +#define SSI_AES_ERROR_H + +#include "crys_error.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/************************ Defines ******************************/ + +/* generic errors */ +/*! General fatal error. */ +#define SASI_FATAL_ERROR CRYS_FATAL_ERROR +/*! General out of resources error. */ +#define SASI_OUT_OF_RESOURCE_ERROR CRYS_OUT_OF_RESOURCE_ERROR +/*! General Illegal resource value error. */ +#define SASI_ILLEGAL_RESOURCE_VAL_ERROR CRYS_ILLEGAL_RESOURCE_VAL_ERROR + +/*! CRYS_AES_MODULE_ERROR_BASE - 0x00F00000. */ +/*! Illegal user context. */ +#define SASI_AES_INVALID_USER_CONTEXT_POINTER_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x00UL) +/*! Illegal IV or tweak pointer. */ +#define SASI_AES_INVALID_IV_OR_TWEAK_PTR_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x01UL) +/*! Illegal operation. */ +#define SASI_AES_ILLEGAL_OPERATION_MODE_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x02UL) +/*! Illegal key size. */ +#define SASI_AES_ILLEGAL_KEY_SIZE_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x03UL) +/*! Illegal key pointer. */ +#define SASI_AES_INVALID_KEY_POINTER_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x04UL) +/*! Unsupported key type. */ +#define SASI_AES_KEY_TYPE_NOT_SUPPORTED_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x05UL) +/*! Illegal operation. */ +#define SASI_AES_INVALID_ENCRYPT_MODE_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x06UL) +/*! User context corrupted. */ +#define SASI_AES_USER_CONTEXT_CORRUPTED_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x07UL) +/*! Illegal data in pointer. */ +#define SASI_AES_DATA_IN_POINTER_INVALID_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x08UL) +/*! Illegal data out pointer. */ +#define SASI_AES_DATA_OUT_POINTER_INVALID_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x09UL) +/*! Illegal data in size. */ +#define SASI_AES_DATA_IN_SIZE_ILLEGAL (CRYS_AES_MODULE_ERROR_BASE + 0x0AUL) +/*! Illegal data out address. */ +#define SASI_AES_DATA_OUT_DATA_IN_OVERLAP_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x0BUL) +/*! Illegal data in buffer size. */ +#define SASI_AES_DATA_IN_BUFFER_SIZE_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x0CUL) +/*! Illegal data out buffer size. */ +#define SASI_AES_DATA_OUT_BUFFER_SIZE_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x0DUL) +/*! Illegal padding type. */ +#define SASI_AES_ILLEGAL_PADDING_TYPE_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x0EUL) +/*! Incorrect padding. */ +#define SASI_AES_INCORRECT_PADDING_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x0FUL) +/*! Output is corrupted. */ +#define SASI_AES_CORRUPTED_OUTPUT_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x10UL) +/*! Illegal output size. */ +#define SASI_AES_DATA_OUT_SIZE_POINTER_INVALID_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x11UL) +/*! Decryption operation is not permitted in this mode. */ +#define SASI_AES_DECRYPTION_NOT_ALLOWED_ON_THIS_MODE (CRYS_AES_MODULE_ERROR_BASE + 0x12UL) +/*! Additional block operation is not permitted. */ +#define SASI_AES_ADDITIONAL_BLOCK_NOT_PERMITTED_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x15UL) +/*! Illegal context size. */ +#define SASI_AES_CTX_SIZES_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x16UL) + +/*! Illegal parameters. */ +#define SASI_AES_ILLEGAL_PARAMS_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x60UL) +/*! Illegal CTR block offset. */ +#define SASI_AES_CTR_ILLEGAL_BLOCK_OFFSET_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x70UL) +/*! Illegal counter (in CTR mode). */ +#define SASI_AES_CTR_ILLEGAL_COUNTER_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x71UL) +/*! AES is not supported. */ +#define SASI_AES_IS_NOT_SUPPORTED (CRYS_AES_MODULE_ERROR_BASE + 0xFFUL) + +/************************ Enums ********************************/ + +/************************ Typedefs ****************************/ + +/************************ Structs *****************************/ + +/************************ Public Variables *********************/ + +/************************ Public Functions *********************/ + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif /* #ifndef SSI_AES_ERROR_H */ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_pal_compiler.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_pal_compiler.h new file mode 100644 index 0000000..9481d63 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_pal_compiler.h @@ -0,0 +1,188 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +#ifndef __SSI_PAL_COMPILER_H__ +#define __SSI_PAL_COMPILER_H__ + +/*! +@file +@brief This file contains compiler related definitions. +@defgroup ssi_pal_compiler CryptoCell PAL platform dependant compiler specific definitions +@{ +@ingroup ssi_pal + +*/ + +#ifdef __GNUC__ + +/************************ Defines ******************************/ + +/*! Associate a symbol with a link section. */ +#define SASI_PAL_COMPILER_SECTION(sectionName) __attribute__((section(sectionName))) + +/*! Mark symbol as used, i.e., prevent garbage collector from dropping it. */ +#define SASI_PAL_COMPILER_KEEP_SYMBOL __attribute__((used)) + +/*! Make given data item aligned (alignment in bytes). */ +#define SASI_PAL_COMPILER_ALIGN(alignement) __attribute__((aligned(alignement))) + +/*! Mark function that never returns. */ +#define SASI_PAL_COMPILER_FUNC_NEVER_RETURNS __attribute__((noreturn)) + +/*! Prevent function from being inlined */ +#define SASI_PAL_COMPILER_FUNC_DONT_INLINE __attribute__((noinline)) + +/*! Given data type may cast (alias) another data type pointer. */ +/* (this is used for "superclass" struct casting) */ +#define SASI_PAL_COMPILER_TYPE_MAY_ALIAS __attribute__((__may_alias__)) + +/*! Get sizeof for a structure type member. */ +#define SASI_PAL_COMPILER_SIZEOF_STRUCT_MEMBER(type_name, member_name) \ + sizeof(((type_name *)0)->member_name) + +/*! Assertion. */ +#define SASI_ASSERT_CONCAT_(a, b) a##b +#define SASI_ASSERT_CONCAT(a, b) SASI_ASSERT_CONCAT_(a, b) +#define SASI_PAL_COMPILER_ASSERT(cond, message) \ + enum { SASI_ASSERT_CONCAT(assert_line_, __LINE__) = 1/(!!(cond)) } + +#elif defined(__ARM_DSM__) || defined(__CC_ARM) +#define inline +/*! Associate a symbol with a link section. */ +#define SASI_PAL_COMPILER_SECTION(sectionName) __attribute__((section(sectionName))) + +/*! Mark symbol as used, i.e., prevent garbage collector from dropping it. */ +#define SASI_PAL_COMPILER_KEEP_SYMBOL __attribute__((used)) + +/*! Make given data item aligned (alignment in bytes). */ +#define SASI_PAL_COMPILER_ALIGN(alignement) __attribute__((aligned(alignement))) + +/*! Mark function that never returns. */ +#define SASI_PAL_COMPILER_FUNC_NEVER_RETURNS __attribute__((noreturn)) + +/*! Prevent function from being inlined. */ +#define SASI_PAL_COMPILER_FUNC_DONT_INLINE __attribute__((noinline)) + +/*! Given data type may cast (alias) another data type pointer. */ +/* (this is used for "superclass" struct casting) */ +#define SASI_PAL_COMPILER_TYPE_MAY_ALIAS __attribute__((__may_alias__)) + +/*! Get sizeof for a structure type member. */ +#define SASI_PAL_COMPILER_SIZEOF_STRUCT_MEMBER(type_name, member_name) \ + sizeof(((type_name *)0)->member_name) + +/*! Assertion. */ +#define SASI_ASSERT_CONCAT_(a, b) a##b +#define SASI_ASSERT_CONCAT(a, b) SASI_ASSERT_CONCAT_(a, b) +#define SASI_PAL_COMPILER_ASSERT(cond, message) \ + enum { SASI_ASSERT_CONCAT(assert_line_, __LINE__) = 1/(!!(cond)) } +#elif defined(__ARM_DS__) +#define inline +/*! Associate a symbol with a link section. */ +#define SASI_PAL_COMPILER_SECTION(sectionName) __attribute__((section(sectionName))) + +/*! Mark symbol as used, i.e., prevent garbage collector from dropping it. */ +#define SASI_PAL_COMPILER_KEEP_SYMBOL __attribute__((used)) + +/*! Make given data item aligned (alignment in bytes). */ +#define SASI_PAL_COMPILER_ALIGN(alignement) __attribute__((aligned(alignement))) + +/*! Mark function that never returns. */ +#define SASI_PAL_COMPILER_FUNC_NEVER_RETURNS __attribute__((noreturn)) + +/*! Prevent function from being inlined. */ +#define SASI_PAL_COMPILER_FUNC_DONT_INLINE __attribute__((noinline)) + +/*! Given data type may cast (alias) another data type pointer. */ +/* (this is used for "superclass" struct casting) */ +#define SASI_PAL_COMPILER_TYPE_MAY_ALIAS + +/*! Get sizeof for a structure type member. */ +#define SASI_PAL_COMPILER_SIZEOF_STRUCT_MEMBER(type_name, member_name) \ + sizeof(((type_name *)0)->member_name) + +/*! Assertion. */ +#define SASI_ASSERT_CONCAT_(a, b) a##b +#define SASI_ASSERT_CONCAT(a, b) SASI_ASSERT_CONCAT_(a, b) +#define SASI_PAL_COMPILER_ASSERT(cond, message) \ + enum { SASI_ASSERT_CONCAT(assert_line_, __LINE__) = 1/(!!(cond)) } +#elif defined(__ICCARM__) + +/************************ Defines ******************************/ + +/*! Associate a symbol with a link section. */ +#define SASI_PAL_COMPILER_SECTION(sectionName) __attribute__((section(sectionName))) + +/*! Mark symbol as used, i.e., prevent garbage collector from dropping it. */ +#define SASI_PAL_COMPILER_KEEP_SYMBOL __attribute__((used)) + + +#define STRING_PRAGMA(x) _Pragma(#x) +/*! Make given data item aligned (alignment in bytes). Not implemented */ +/* Used in crys_rsa_types.h. This is telling the compiler about buffer alignment. */ +/* IAR treats alignment a bit different. Nonetheless, this is used only for RSA, which was not ported yet. */ +#define SASI_PAL_COMPILER_ALIGN(n) + +/*! Mark function that never returns. Not implemented. */ +/* Not used anywhere, and probably located due to legacy reasons.*/ +#define SASI_PAL_COMPILER_FUNC_NEVER_RETURNS + +/* Prevent function from being inlined */ +#define SASI_PAL_COMPILER_FUNC_DONT_INLINE STRING_PRAGMA(optimize = no_inline) + +/*! Given data type may cast (alias) another data type pointer. */ +/* (this is used for "superclass" struct casting). Not implemented */ +/* Used in crys_rsa_local.h. for some compilers it translates to __may_alias__. */ +/* For IAR, there is probably no need for this attribute, as the typedef */ +/* is equivalent. Nonetheless, this is RSA code, which was not yet ported to Mbed TLS.*/ +#define SASI_PAL_COMPILER_TYPE_MAY_ALIAS + +/*! Get sizeof for a structure type member. */ +#define SASI_PAL_COMPILER_SIZEOF_STRUCT_MEMBER(type_name, member_name) \ + sizeof(((type_name *)0)->member_name) + +/*! Assertion. */ +#define SASI_ASSERT_CONCAT_(a, b) a##b +#define SASI_ASSERT_CONCAT(a, b) SASI_ASSERT_CONCAT_(a, b) + +#define SASI_PAL_COMPILER_ASSERT(cond, message) \ + enum { SASI_ASSERT_CONCAT(assert_line_, __LINE__) = 1/(!!(cond)) } +#else +#error Unsupported compiler. +#endif +/** +@} + */ +#endif /*__SSI_PAL_COMPILER_H__*/ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_pal_trng.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_pal_trng.h new file mode 100644 index 0000000..029bb0a --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_pal_trng.h @@ -0,0 +1,66 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + +#ifndef _SSI_PAL_TRNG_H +#define _SSI_PAL_TRNG_H + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*---------------------------- + PUBLIC FUNCTIONS +-----------------------------------*/ + +/** + * @brief This function purpose is to get TRNG characterization parameters. + * + * + * @return Zero on success. + * @return A non-zero value on failure. + */ +SaSiError_t SaSi_PalTrngParameterGet(uint32_t *SubSamplingRatio /*!< [out] TRNG characterization parameters, array size = 4. */); + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_pal_types.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_pal_types.h new file mode 100644 index 0000000..d255488 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_pal_types.h @@ -0,0 +1,115 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +/*! +@file +@brief This file contains the platform dependent definitions and types. +@defgroup ssi_pal_types CryptoCell PAL platform dependant types +@{ +@ingroup ssi_pal +*/ + +#ifndef SSI_PAL_TYPES_H +#define SSI_PAL_TYPES_H + +#include "ssi_pal_types_plat.h" + +/*! Boolean definition.*/ +typedef enum { + /*! Boolean false definition.*/ + SASI_FALSE = 0, + /*! Boolean true definition.*/ + SASI_TRUE = 1 +} SaSiBool; + +/*! Success definition. */ +#define SASI_SUCCESS 0UL +/*! Failure definition. */ +#define SASI_FAIL 1UL + +/*! Defintion of 1KB in bytes. */ +#define SASI_1K_SIZE_IN_BYTES 1024 +/*! Defintion of number of bits in a byte. */ +#define SASI_BITS_IN_BYTE 8 +/*! Defintion of number of bits in a 32bits word. */ +#define SASI_BITS_IN_32BIT_WORD 32 +/*! Defintion of number of bytes in a 32bits word. */ +#define SASI_32BIT_WORD_SIZE (sizeof(uint32_t)) + +/*! Success (OK) defintion. */ +#define SASI_OK SASI_SUCCESS + +/*! Macro that handles unused parameters in the code (to avoid compilation warnings). */ +#define SASI_UNUSED_PARAM(prm) ((void)prm) + +/*! Maximal uint32 value.*/ +#define SASI_MAX_UINT32_VAL (0xFFFFFFFF) + + +/* Minimum and Maximum macros */ +#ifdef min +/*! Definition for minimum. */ +#define CRYS_MIN(a,b) min( a , b ) +#else +/*! Definition for minimum. */ +#define CRYS_MIN( a , b ) ( ( (a) < (b) ) ? (a) : (b) ) +#endif + +#ifdef max +/*! Definition for maximum. */ +#define CRYS_MAX(a,b) max( a , b ) +#else +/*! Definition for maximum. */ +#define CRYS_MAX( a , b ) ( ( (a) > (b) ) ? (a) : (b) ) +#endif + +/*! Macro that calculates number of full bytes from bits (i.e. 7 bits are 1 byte). */ +#define CALC_FULL_BYTES(numBits) (((numBits) + (SASI_BITS_IN_BYTE -1))/SASI_BITS_IN_BYTE) +/*! Macro that calculates number of full 32bits words from bits (i.e. 31 bits are 1 word). */ +#define CALC_FULL_32BIT_WORDS(numBits) (((numBits) + (SASI_BITS_IN_32BIT_WORD -1))/SASI_BITS_IN_32BIT_WORD) +/*! Macro that calculates number of full 32bits words from bytes (i.e. 3 bytes are 1 word). */ +#define CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) (((sizeBytes) + SASI_32BIT_WORD_SIZE - 1) / SASI_32BIT_WORD_SIZE) +/*! Macro that round up bits to 32bits words. */ +#define ROUNDUP_BITS_TO_32BIT_WORD(numBits) (CALC_FULL_32BIT_WORDS(numBits)*SASI_BITS_IN_32BIT_WORD) +/*! Macro that round up bits to bytes. */ +#define ROUNDUP_BITS_TO_BYTES(numBits) (CALC_FULL_BYTES(numBits)*SASI_BITS_IN_BYTE) +/*! Macro that round up bytes to 32bits words. */ +#define ROUNDUP_BYTES_TO_32BIT_WORD(numBytes) (SASI_32BIT_WORD_SIZE*(((numBytes)+SASI_32BIT_WORD_SIZE-1)/SASI_32BIT_WORD_SIZE)) + + +/** +@} + */ +#endif diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_pal_types_plat.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_pal_types_plat.h new file mode 100644 index 0000000..97a9130 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_pal_types_plat.h @@ -0,0 +1,57 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + +/*! @file +@brief This file contains basic type definitions that are platform dependent. +*/ +#ifndef SSI_PAL_TYPES_PLAT_H +#define SSI_PAL_TYPES_PLAT_H +/* Host specific types for standard (ISO-C99) compilant platforms */ + +#include +#include +#include + +typedef uintptr_t SaSiVirtAddr_t; +typedef uint32_t SaSiBool_t; +typedef uint32_t SaSiStatus; + +#define SaSiError_t SaSiStatus +#define SASI_INFINITE 0xFFFFFFFF + +#define CEXPORT_C +#define CIMPORT_C + +#endif /*SSI_PAL_TYPES_PLAT_H*/ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_pka_hw_plat_defs.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_pka_hw_plat_defs.h new file mode 100644 index 0000000..c205919 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/internal/ssi_pka_hw_plat_defs.h @@ -0,0 +1,77 @@ +/************************************************************************************** +* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + + + +#ifndef PKA_HW_PLAT_DEFS_H +#define PKA_HW_PLAT_DEFS_H + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! +@file +@brief Contains the enums and definitions that are used in the PKA code (definitions that are platform dependent). +@defgroup ssi_pka_hw_plat_defs CryptoCell PKA specific types and definitions +@{ +@ingroup cryptocell_pka + +*/ + +/*! Size of PKA engine word.*/ +#define SASI_PKA_WORD_SIZE_IN_BITS 64 +/*! Maximal supported modulus size in bits. */ +#define CRYS_SRP_MAX_MODULUS_SIZE_IN_BITS 3072 +/*! Maximal supported modulus size in RSA in bits. */ +#define CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS 2048 +/*! Maximal supported key generation size in RSA in bits. */ +#define CRYS_RSA_MAX_KEY_GENERATION_HW_SIZE_BITS 2048 + +/*! PKA operations maximal count of extra bits. */ +#define PKA_EXTRA_BITS 8 +/*! PKA operations number of memory registers. */ +#define PKA_MAX_COUNT_OF_PHYS_MEM_REGS 32 + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif //PKA_HW_PLAT_DEFS_H + + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/mbedtls_device.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/mbedtls_device.h new file mode 100644 index 0000000..08cd11a --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/mbedtls_device.h @@ -0,0 +1,38 @@ + /* + * mbedtls_device.h + * + * Copyright (C) 2018-2019, Arm Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef __MBEDTLS_DEVICE__ +#define __MBEDTLS_DEVICE__ + +#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT +//#define MBEDTLS_AES_ALT +#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY +#define MBEDTLS_SHA1_ALT +#define MBEDTLS_SHA256_ALT +//#define MBEDTLS_SHA512_ALT +#define MBEDTLS_CCM_ALT +//#define MBEDTLS_CMAC_ALT +#define MBEDTLS_ECDSA_VERIFY_ALT +#define MBEDTLS_ECDSA_SIGN_ALT +#define MBEDTLS_ECDSA_GENKEY_ALT +#define MBEDTLS_ECDH_GEN_PUBLIC_ALT +#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT + +#endif //__MBEDTLS_DEVICE__ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/objects_cryptocell.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/objects_cryptocell.h new file mode 100644 index 0000000..941ddf5 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/objects_cryptocell.h @@ -0,0 +1,44 @@ + /* + * objects_cryptocell.h + * + * Copyright (C) 2017, Arm Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef MBED_OBJECTS_CRYPTOCELL_H +#define MBED_OBJECTS_CRYPTOCELL_H +#include "sns_silib.h" + +typedef struct trng_s +{ + /* parameters defining TRNG */ + CRYS_RND_mode_t TrngMode; + + /* allowed ring oscillator lengths: bits 0,1,2,3 */ + uint32_t RoscsAllowed; + + /* sampling interval: count of ring oscillator cycles between + consecutive bits sampling */ + uint32_t SubSamplingRatio; + + uint32_t SubSamplingRatio1; + uint32_t SubSamplingRatio2; + uint32_t SubSamplingRatio3; + uint32_t SubSamplingRatio4; + +}CRYS_RND_Params_t; + +#endif // MBED_OBJECTS_CRYPTOCELL_H diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/sha1_alt.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/sha1_alt.h new file mode 100644 index 0000000..245910b --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/sha1_alt.h @@ -0,0 +1,36 @@ +/* + * sha1_alt.h + * + * Copyright (C) 2018, Arm Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef __SHA1_ALT__ +#define __SHA1_ALT__ +#if defined(MBEDTLS_SHA1_ALT) +#include "crys_hash.h" + +/** + * \brief SHA-1 context structure + */ +typedef struct +{ + CRYS_HASHUserContext_t crys_hash_ctx; +} mbedtls_sha1_context; + +#endif //MBEDTLS_SHA1_ALT +#endif //__SHA1_ALT__ + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/sha256_alt.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/sha256_alt.h new file mode 100644 index 0000000..6be25f9 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/sha256_alt.h @@ -0,0 +1,37 @@ +/* + * sha256_alt.h + * + * Copyright (C) 2018, Arm Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef __SHA256_ALT__ +#define __SHA256_ALT__ + +#if defined(MBEDTLS_SHA256_ALT) + +#include "crys_hash.h" + +/** + * \brief SHA-256 context structure + */ +typedef struct +{ + CRYS_HASHUserContext_t crys_hash_ctx; +} mbedtls_sha256_context; + +#endif // MBEDTLS_SHA256_ALT__ +#endif //__SHA256_ALT__ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/sha512_alt.h b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/sha512_alt.h new file mode 100644 index 0000000..114341f --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/include/cryptocell310/sha512_alt.h @@ -0,0 +1,37 @@ +/* + * sha512_alt.h + * + * Copyright (C) 2019, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef __SHA512_ALT__ +#define __SHA512_ALT__ + +#if defined(MBEDTLS_SHA512_ALT) + +#include "crys_hash.h" + +/** + * \brief SHA-512 context structure + */ +typedef struct +{ + CRYS_HASHUserContext_t crys_hash_ctx; +} mbedtls_sha512_context; + +#endif // MBEDTLS_SHA256_ALT__ +#endif //__SHA256_ALT__ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/mbed_lib.json b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/mbed_lib.json new file mode 100644 index 0000000..607e4df --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/mbed_lib.json @@ -0,0 +1,6 @@ +{ + "name": "cryptocell310", + "config": { + "present": 1 + } +} diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/aes_alt.c b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/aes_alt.c new file mode 100644 index 0000000..19eadb3 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/aes_alt.c @@ -0,0 +1,308 @@ +/* + * aes_alt.c + * + * Copyright (C) 2019, Arm Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include "mbedtls/aes.h" +#if defined(MBEDTLS_AES_ALT) +#include +#include "ssi_aes_defs.h" +#include "mbedtls/platform.h" + +#if defined(MBEDTLS_CIPHER_MODE_CFB) +/* + * AES-CFB128 buffer encryption/decryption + */ +int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ) +{ + return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); +} + +/* + * AES-CFB8 buffer encryption/decryption + */ +int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ) +{ + return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); +} +#endif /*MBEDTLS_CIPHER_MODE_CFB */ + +#if defined(MBEDTLS_CIPHER_MODE_XTS) + +int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx, + const unsigned char *key, + unsigned int keybits ) +{ + return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); +} + +int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, + const unsigned char *key, + unsigned int keybits ) +{ + return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); +} + +int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, + int mode, + size_t length, + const unsigned char data_unit[16], + const unsigned char *input, + unsigned char *output ) +{ + return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); +} +#endif /* MBEDTLS_CIPHER_MODE_XTS */ + +#if defined(MBEDTLS_CIPHER_MODE_OFB) +int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ); +{ + return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); +} +#endif /* MBEDTLS_CIPHER_MODE_OFB */ + +void mbedtls_aes_init( mbedtls_aes_context *ctx ) +{ + memset( ctx, 0, sizeof( mbedtls_aes_context ) ); +} + +void mbedtls_aes_free( mbedtls_aes_context *ctx ) +{ + if( ctx == NULL ) + return; + + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aes_context ) ); +} +#if defined(MBEDTLS_CIPHER_MODE_XTS) + +void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ){} + +void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ){} +#endif /* MBEDTLS_CIPHER_MODE_XTS */ + +static int CC_aes_setkey( mbedtls_aes_context *ctx, const unsigned char *key, + unsigned int keybits, SaSiAesEncryptMode_t cipher_flag ) +{ + int ret = 0; + if( ctx == NULL ) + return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); + + switch( keybits ) + { + case 128: + { + ctx->CC_cipherFlag = cipher_flag; + ctx->CC_keySizeInBytes = ( keybits / 8 ); + memcpy( ctx->CC_Key, key, ctx->CC_keySizeInBytes ); + } + break; + case 192: + case 256: + return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); + default: + return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); + } + + return( 0 ); +} +int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, + unsigned int keybits ) +{ + return( CC_aes_setkey( ctx, key, keybits, SASI_AES_ENCRYPT ) ); +} + +int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, + unsigned int keybits ) +{ + return( CC_aes_setkey( ctx, key, keybits, SASI_AES_DECRYPT ) ); +} + +static int CC_aes_cipher( mbedtls_aes_context *ctx, + int mode, + SaSiAesOperationMode_t aes_mode, + size_t length, + unsigned char* iv, + size_t iv_len, + const unsigned char *input, + unsigned char *output ) +{ + int ret = 0; + SaSiAesUserKeyData_t CC_KeyData = { ctx->CC_Key, + ctx->CC_keySizeInBytes }; + + ret = SaSi_AesInit( &ctx->CC_Context, + ctx->CC_cipherFlag, + aes_mode, SASI_AES_PADDING_NONE ); + if( ret != 0 ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + ret = SaSi_AesSetKey( &ctx->CC_Context, SASI_AES_USER_KEY, + &CC_KeyData, sizeof( CC_KeyData ) ); + if( ret != 0 ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + if( iv ) + { + if( iv_len != SASI_AES_IV_SIZE_IN_BYTES ) + return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH ); + + ret = SaSi_AesSetIv( &ctx->CC_Context, iv ); + if( ret != 0 ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + } + + ret = SaSi_AesFinish( &ctx->CC_Context, length, + ( unsigned char* )input, length, output, &length ); + if( ret != 0 ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + /* update the IV for next block + * For CTR mode, update the nonce only if the current length is a full AES block length + */ + + if( ( ( aes_mode == SASI_AES_MODE_CBC ) || + ( (aes_mode == SASI_AES_MODE_CTR) && ( ( length % SASI_AES_BLOCK_SIZE_IN_BYTES) == 0) ) ) + && iv ) + { + ret = SaSi_AesGetIv( &ctx->CC_Context, iv ); + if( ret != 0 ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + } + + ret = SaSi_AesFree( &ctx->CC_Context ); + if( ret != 0 ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + return( 0 ); +} + +int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16] ) +{ + if( ctx == NULL ) + return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); + + if( ( mode == MBEDTLS_AES_ENCRYPT && ctx->CC_cipherFlag != SASI_AES_ENCRYPT ) || + ( mode == MBEDTLS_AES_DECRYPT && ctx->CC_cipherFlag != SASI_AES_DECRYPT ) ) + return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); + + return( CC_aes_cipher( ctx, mode, SASI_AES_MODE_ECB, 16, NULL, 0, input, output ) ); +} + +#if defined(MBEDTLS_CIPHER_MODE_CBC) +int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ) +{ + if( ctx == NULL ) + return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); + + if( length % SASI_AES_BLOCK_SIZE_IN_BYTES ) + return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH ); + + if( ( mode != MBEDTLS_AES_ENCRYPT || ctx->CC_cipherFlag != SASI_AES_ENCRYPT ) && + ( mode != MBEDTLS_AES_DECRYPT || ctx->CC_cipherFlag != SASI_AES_DECRYPT ) ) + return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); + + return( CC_aes_cipher( ctx, mode, SASI_AES_MODE_CBC, length, iv, 16, input, output ) ); +} + +#endif /* MBEDTLS_CIPHER_MODE_CBC */ + +#if defined(MBEDTLS_CIPHER_MODE_CTR) +int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, + size_t length, + size_t *nc_off, + unsigned char nonce_counter[16], + unsigned char stream_block[16], + const unsigned char *input, + unsigned char *output ) +{ + int ret = 0; + int n = *nc_off, c, i; + size_t j; + if( ctx == NULL ) + return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); + + if( *nc_off ) + { + /* handle corner case where we are resuming a previous encryption, + * and we are resuming within current cipher stream(stream_block) */ + while( n != 0 ) + { + c = *input++; + *output++ = (unsigned char)( c ^ stream_block[n] ); + n = ( n + 1) & 0x0F; + if( length > 0) + --length; + } + /* + * Increase the nonce_counter by 1 since we now passed one block + */ + for( i = 16; i > 0; i-- ) + if( ++nonce_counter[i - 1] != 0 ) + break; + } + if( CC_aes_cipher( ctx, MBEDTLS_AES_ENCRYPT, SASI_AES_MODE_CTR, + length, nonce_counter, SASI_AES_IV_SIZE_IN_BYTES, input, output ) != 0 ) + { + ret = -1; + } + if( ( ( length % SASI_AES_BLOCK_SIZE_IN_BYTES ) != 0 ) && ret == 0 ) + { + /* in case the length is not aligned, generate stream block for resuming + * increase nonce_block to the correct value*/ + for( j = 0; j < ( length/SASI_AES_BLOCK_SIZE_IN_BYTES ); j++) + for( i = 16; i > 0; i-- ) + if( ++nonce_counter[i - 1] != 0 ) + break; + if( ( ret = CC_aes_cipher( ctx, MBEDTLS_AES_ENCRYPT, SASI_AES_MODE_ECB, + SASI_AES_BLOCK_SIZE_IN_BYTES, NULL, 0, + nonce_counter, stream_block ) ) != 0 ) + { + goto exit; + } + } + *nc_off = ( length % SASI_AES_BLOCK_SIZE_IN_BYTES ); + +exit: + return( ret ); +} +#endif /* MBEDTLS_CIPHER_MODE_CTR */ +#endif/* MBEDTLS_AES_ALT */ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/cc_internal.c b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/cc_internal.c new file mode 100644 index 0000000..d3502e4 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/cc_internal.c @@ -0,0 +1,156 @@ +/* + * cc_internal.c + * + * Internal utility functions and definitions, + * used for converting mbedtls types to CC types, and vice versa + * + * Copyright (C) 2018, Arm Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include "cc_internal.h" +#include "crys_ecpki_error.h" +#include "crys_ec_mont_edw_error.h" +#include "mbedtls/platform.h" + +CRYS_ECPKI_DomainID_t convert_mbedtls_grp_id_to_crys_domain_id( mbedtls_ecp_group_id grp_id ) +{ + switch( grp_id ) + { + case MBEDTLS_ECP_DP_SECP192K1: + return ( CRYS_ECPKI_DomainID_secp192k1 ); + case MBEDTLS_ECP_DP_SECP192R1: + return ( CRYS_ECPKI_DomainID_secp192r1 ); + case MBEDTLS_ECP_DP_SECP224K1: + return ( CRYS_ECPKI_DomainID_secp224k1 ); + case MBEDTLS_ECP_DP_SECP224R1: + return ( CRYS_ECPKI_DomainID_secp224r1 ); + case MBEDTLS_ECP_DP_SECP256K1: + return ( CRYS_ECPKI_DomainID_secp256k1 ); + case MBEDTLS_ECP_DP_SECP256R1: + return ( CRYS_ECPKI_DomainID_secp256r1 ); + case MBEDTLS_ECP_DP_SECP384R1: + return ( CRYS_ECPKI_DomainID_secp384r1 ); + case MBEDTLS_ECP_DP_SECP521R1: + return ( CRYS_ECPKI_DomainID_secp521r1 ); + default: + return ( CRYS_ECPKI_DomainID_OffMode ); + } + +} + +uint32_t convert_mbedtls_to_cc_rand( void* mbedtls_rnd_ctx, uint16_t outSizeBytes, uint8_t* out_ptr ) +{ + uint16_t i = 0; + uint8_t temp = 0; + mbedtls_rand_func_container* mbedtls_rand = (mbedtls_rand_func_container*)mbedtls_rnd_ctx; + + if( mbedtls_rand->f_rng( mbedtls_rand->ctx, out_ptr, outSizeBytes ) != 0 ) + return ( MBEDTLS_ERR_ECP_RANDOM_FAILED ); + + /* + * CC requires the random data as LE, so reversing the data + * (although this is random, but test vectors are in specific Endianess) + */ + while ( i < ( outSizeBytes / 2 ) ) + { + temp = out_ptr[outSizeBytes - 1 - i]; + out_ptr[outSizeBytes - 1 - i] = out_ptr[i]; + out_ptr[i] = temp; + ++i; + } + /* + * CC increases the random data by one, to put the vector in the proper range (1 to n), + * The RFC tests supply a data buffer within range, and in order to generate the proper ephemeral key, + * need to decrease one from this data, before CC increases the data, so the output will be as expected + */ + i = 0; + while( out_ptr[i] == 0 ) + { + ++i; + } + while( i > 0 ) + { + --out_ptr[i]; + --i; + } + --out_ptr[0]; + return ( 0 ); +} + +int convert_CrysError_to_mbedtls_err( CRYSError_t Crys_err ) +{ + switch( Crys_err ) + { + case CRYS_OK: + return ( 0 ); + + case CRYS_ECDH_SVDP_DH_INVALID_USER_PRIV_KEY_PTR_ERROR: + case CRYS_ECDH_SVDP_DH_USER_PRIV_KEY_VALID_TAG_ERROR: + case CRYS_ECDH_SVDP_DH_INVALID_PARTNER_PUBL_KEY_PTR_ERROR: + case CRYS_ECDH_SVDP_DH_PARTNER_PUBL_KEY_VALID_TAG_ERROR: + case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_PTR_ERROR: + case CRYS_ECDH_SVDP_DH_INVALID_TEMP_DATA_PTR_ERROR: + case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_PTR_ERROR: + case CRYS_ECDH_SVDP_DH_NOT_CONCENT_PUBL_AND_PRIV_DOMAIN_ID_ERROR: + case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_ERROR: + case CRYS_ECMONT_INVALID_INPUT_POINTER_ERROR: + case CRYS_ECMONT_INVALID_INPUT_SIZE_ERROR: + case CRYS_ECMONT_INVALID_DOMAIN_ID_ERROR: + case CRYS_ECDSA_SIGN_INVALID_USER_CONTEXT_PTR_ERROR: + case CRYS_ECDSA_SIGN_INVALID_USER_PRIV_KEY_PTR_ERROR: + case CRYS_ECDSA_SIGN_ILLEGAL_HASH_OP_MODE_ERROR: + case CRYS_ECDSA_SIGN_USER_PRIV_KEY_VALIDATION_TAG_ERROR: + case CRYS_ECDSA_SIGN_USER_CONTEXT_VALIDATION_TAG_ERROR: + case CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_PTR_ERROR: + case CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_SIZE_ERROR: + case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_PTR_ERROR: + case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_PTR_ERROR: + case CRYS_ECDSA_SIGN_INVALID_IS_EPHEMER_KEY_INTERNAL_ERROR: + case CRYS_ECDSA_SIGN_INVALID_EPHEMERAL_KEY_PTR_ERROR: + case CRYS_ECDSA_VERIFY_INVALID_SIGNER_PUBL_KEY_PTR_ERROR: + case CRYS_ECDSA_VERIFY_SIGNER_PUBL_KEY_VALIDATION_TAG_ERROR: + case CRYS_ECDSA_VERIFY_INVALID_USER_CONTEXT_PTR_ERROR: + case CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_IN_PTR_ERROR: + case CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_SIZE_ERROR: + case CRYS_ECPKI_INVALID_RND_CTX_PTR_ERROR: + case CRYS_ECPKI_INVALID_RND_FUNC_PTR_ERROR: + case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_ERROR: + return ( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + + case CRYS_ECDSA_VERIFY_INCONSISTENT_VERIFY_ERROR: + return ( MBEDTLS_ERR_ECP_VERIFY_FAILED ); + + case CRYS_ECMONT_IS_NOT_SUPPORTED: + case CRYS_ECEDW_IS_NOT_SUPPORTED: + return ( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); + + case CRYS_ECEDW_RND_GEN_VECTOR_FUNC_ERROR: + return ( MBEDTLS_ERR_ECP_RANDOM_FAILED ); + + case CRYS_ECPKI_GEN_KEY_INVALID_PRIVATE_KEY_PTR_ERROR: + case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_DATA_ERROR: + case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_DATA_ERROR: + case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_SIZE_ERROR: + case CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_SIZE_ERROR: + return ( MBEDTLS_ERR_ECP_INVALID_KEY ); + + default: + return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + } + + +} diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/ccm_alt.c b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/ccm_alt.c new file mode 100644 index 0000000..85e9897 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/ccm_alt.c @@ -0,0 +1,215 @@ +/* + * ccm_alt.c + * + * Copyright (C) 2018, Arm Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include "mbedtls/ccm.h" +#if defined(MBEDTLS_CCM_ALT) +#include +#include "mbedtls/platform.h" +#include "mbedtls/platform_util.h" +#include "mbedtls/aes.h" +#include "crys_aesccm_error.h" + +void mbedtls_ccm_init( mbedtls_ccm_context *ctx ) +{ + memset( ctx, 0, sizeof( mbedtls_ccm_context ) ); +} + +void mbedtls_ccm_free( mbedtls_ccm_context *ctx ) +{ + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) ); +} + +int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keybits ) +{ + if( ctx == NULL ) + return( MBEDTLS_ERR_CCM_BAD_INPUT ); + + if( cipher != MBEDTLS_CIPHER_ID_AES ) + { + return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); + } + + switch( keybits ) + { + case 128: + { + memcpy( ctx->cipher_key , key, keybits / 8 ); + ctx->key_size = CRYS_AES_Key128BitSize; + } + break; + case 192: + case 256: + return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); + default: + return( MBEDTLS_ERR_CCM_BAD_INPUT ); + } + + + return( 0 ); + +} + +/* + * Authenticated encryption or decryption + */ + +int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, + unsigned char *output, + unsigned char *tag, size_t tag_len ) + +{ + CRYSError_t crys_ret = CRYS_OK; + CRYS_AESCCM_Mac_Res_t cc_mac_res = { 0 }; + int ret = 0; + /* + * Check length requirements: SP800-38C A.1 + * Additional requirement: a < 2^16 - 2^8 to simplify the code. + * 'length' checked later (when writing it to the first block) + */ + if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 ) + return( MBEDTLS_ERR_CCM_BAD_INPUT ); + + if( tag_len > sizeof( cc_mac_res ) ) + return( MBEDTLS_ERR_CCM_BAD_INPUT ); + + /* Also implies q is within bounds */ + if( iv_len < 7 || iv_len > 13 ) + return( MBEDTLS_ERR_CCM_BAD_INPUT ); + +#if SIZE_MAX > UINT_MAX + if( length > 0xFFFFFFFF || add_len > 0xFFFFFFFF ) + return( MBEDTLS_ERR_CCM_BAD_INPUT ); +#endif + + crys_ret = CRYS_AESCCM( SASI_AES_ENCRYPT, ctx->cipher_key, ctx->key_size, + (uint8_t*)iv, iv_len, (uint8_t*)add, add_len, + (uint8_t*)input, length, output, tag_len, + cc_mac_res ); + if( crys_ret == CRYS_AESCCM_ILLEGAL_PARAMETER_SIZE_ERROR ) + { + ret = MBEDTLS_ERR_CCM_BAD_INPUT; + goto exit; + } + else if( crys_ret != CRYS_OK ) + { + ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; + goto exit; + } + + memcpy( tag, cc_mac_res, tag_len ); + +exit: + return( ret ); + +} + +/* + * Authenticated decryption + */ +int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + const unsigned char *tag, size_t tag_len ) + +{ + CRYSError_t crys_ret = CRYS_OK; + int ret = 0; + /* + * Check length requirements: SP800-38C A.1 + * Additional requirement: a < 2^16 - 2^8 to simplify the code. + * 'length' checked later (when writing it to the first block) + */ + if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 ) + return( MBEDTLS_ERR_CCM_BAD_INPUT ); + + /* Also implies q is within bounds */ + if( iv_len < 7 || iv_len > 13 ) + return( MBEDTLS_ERR_CCM_BAD_INPUT ); + +#if SIZE_MAX > UINT_MAX + if( length > 0xFFFFFFFF || add_len > 0xFFFFFFFF ) + return( MBEDTLS_ERR_CCM_BAD_INPUT ); +#endif + + crys_ret = CRYS_AESCCM( SASI_AES_DECRYPT, ctx->cipher_key, ctx->key_size, + (uint8_t*)iv, iv_len, (uint8_t*)add, add_len, + (uint8_t*)input, length, output, tag_len, + (uint8_t*)tag ); + if( crys_ret == CRYS_AESCCM_ILLEGAL_PARAMETER_SIZE_ERROR ) + { + /* + * When CRYS_AESCCM_ILLEGAL_PARAMETER_SIZE_ERROR is returned, + * no operation has occured, and no need to zeroize output. + * In addition, it could be that the message length is too big, + * returning this error code, and we don't want to overflow + * the output buffer. + */ + return( MBEDTLS_ERR_CCM_BAD_INPUT ); + } + else if( crys_ret == CRYS_FATAL_ERROR ) + { + /* + * Unfortunately, Crys AESCCM returns CRYS_FATAL_ERROR when + * MAC isn't as expected. + */ + ret = MBEDTLS_ERR_CCM_AUTH_FAILED; + goto exit; + } + else if( crys_ret != CRYS_OK ) + { + ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; + goto exit; + } + +exit: + if( ret != 0 ) + mbedtls_platform_zeroize( output, length ); + return( ret ); + +} + +int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, + unsigned char *output, + unsigned char *tag, size_t tag_len ) +{ + return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); +} + +int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, + unsigned char *output, + const unsigned char *tag, size_t tag_len ) +{ + return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); +} + +#endif diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/cmac_alt.c b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/cmac_alt.c new file mode 100644 index 0000000..a9e5df4 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/cmac_alt.c @@ -0,0 +1,294 @@ +/* + * cmac_alt.c + * + * Copyright (C) 2019, Arm Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include "mbedtls/cmac.h" +#if defined(MBEDTLS_CMAC_ALT) +#include "mbedtls/platform.h" +#include "mbedtls/platform_util.h" +#if defined(MBEDTLS_AES_C) +#include "mbedtls/aes.h" +#endif +#include "ssi_aes_defs.h" +#include + +static int init_cc( mbedtls_cmac_context_t *cmac_ctx ) +{ + int ret = 0; + SaSiAesUserKeyData_t CC_KeyData; + if( SaSi_AesInit( &cmac_ctx->CC_Context, SASI_AES_ENCRYPT, + SASI_AES_MODE_CMAC, SASI_AES_PADDING_NONE ) != 0 ) + { + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + } + + CC_KeyData.pKey = cmac_ctx->CC_Key; + CC_KeyData.keySize = cmac_ctx->CC_keySizeInBytes; + + if( SaSi_AesSetKey( &cmac_ctx->CC_Context, SASI_AES_USER_KEY, + &CC_KeyData, sizeof( CC_KeyData ) ) != 0 ) + { + ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; + goto exit; + } + + cmac_ctx->is_cc_initiated = 1; + +exit: + return( ret ); +} + +static int deinit_cc( mbedtls_cmac_context_t *cmac_ctx ) +{ + if( cmac_ctx->is_cc_initiated == 1 && + SaSi_AesFree( &cmac_ctx->CC_Context ) != 0 ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + return( 0 ); +} + +int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, + const unsigned char *key, size_t keybits ) +{ + mbedtls_cmac_context_t *cmac_ctx; + mbedtls_cipher_type_t type; + + if( ctx == NULL || ctx->cipher_info == NULL || key == NULL ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + type = ctx->cipher_info->type; + + switch( type ) + { + case MBEDTLS_CIPHER_AES_128_ECB: + break; + case MBEDTLS_CIPHER_AES_192_ECB: + case MBEDTLS_CIPHER_AES_256_ECB: + case MBEDTLS_CIPHER_DES_EDE3_ECB: + return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); + default: + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + } + + + switch( keybits ) + { + case 128: + /* Allocated and initialise in the cipher context memory for the CMAC + * context + */ + cmac_ctx = mbedtls_calloc( 1, sizeof( mbedtls_cmac_context_t ) ); + if( cmac_ctx == NULL ) + return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); + cmac_ctx->CC_keySizeInBytes = ( keybits / 8 ); + memcpy( cmac_ctx->CC_Key, key, cmac_ctx->CC_keySizeInBytes ); + break; + case 192: + case 256: + return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); + default: + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + } + + ctx->cmac_ctx = cmac_ctx; + return( init_cc( cmac_ctx ) ); +} + +int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, + const unsigned char *input, size_t ilen ) +{ + mbedtls_cmac_context_t *cmac_ctx; + int ret = 0; + size_t block_size; + + if( ctx == NULL || ctx->cipher_info == NULL || input == NULL || + ctx->cmac_ctx == NULL ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + if( ctx == NULL || ctx->cipher_info == NULL ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + block_size = ctx->cipher_info->block_size; + if( block_size != SASI_AES_BLOCK_SIZE_IN_BYTES ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + cmac_ctx = ctx->cmac_ctx; + + /* Is there data still to process from the last call? + */ + if( cmac_ctx->unprocessed_len > 0 ) + { + const size_t size_to_copy = ilen > ( block_size - cmac_ctx->unprocessed_len ) ? + block_size - cmac_ctx->unprocessed_len : ilen; + memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len], + input, size_to_copy ); + cmac_ctx->unprocessed_len += size_to_copy; + input += size_to_copy; + ilen -= size_to_copy; + + /* + * Process the unproccessed data, in case it reached a full AES block, + * and there is still input data. + */ + if( cmac_ctx->unprocessed_len == SASI_AES_BLOCK_SIZE_IN_BYTES && ilen > 0 ) + { + if( SaSi_AesBlock( &cmac_ctx->CC_Context, cmac_ctx->unprocessed_block, + SASI_AES_BLOCK_SIZE_IN_BYTES, NULL ) != 0 ) + { + ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; + goto exit; + } + cmac_ctx->unprocessed_len = 0; + } + } + + if( ilen > 0 ) + { + const size_t size_to_store = ( ilen % SASI_AES_BLOCK_SIZE_IN_BYTES == 0 ) ? + SASI_AES_BLOCK_SIZE_IN_BYTES : ilen % SASI_AES_BLOCK_SIZE_IN_BYTES; + memcpy( cmac_ctx->unprocessed_block, + input + ilen - size_to_store, + size_to_store ); + cmac_ctx->unprocessed_len = size_to_store; + ilen -= size_to_store; + if( ilen > 0 ) + { + if( SaSi_AesBlock( &cmac_ctx->CC_Context, (uint8_t *)input, + ilen, NULL ) != 0 ) + { + ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; + goto exit; + } + } + } + +exit: + if( ret != 0 ) + { + deinit_cc( cmac_ctx ); + mbedtls_platform_zeroize( cmac_ctx, sizeof( *cmac_ctx ) ); + mbedtls_free( cmac_ctx ); + } + return( ret ); +} + +int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, + unsigned char *output ) +{ + mbedtls_cmac_context_t *cmac_ctx; + int ret = 0; + size_t olen = SASI_AES_BLOCK_SIZE_IN_BYTES; + + if( ctx == NULL || ctx->cipher_info == NULL || + ctx->cmac_ctx == NULL || output == NULL ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + cmac_ctx = ctx->cmac_ctx; + + if( ( ret = SaSi_AesFinish( &cmac_ctx->CC_Context, cmac_ctx->unprocessed_len, + cmac_ctx->unprocessed_block, + cmac_ctx->unprocessed_len, output, &olen ) ) != 0 ) + { + ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; + goto exit; + } + +exit: + if( deinit_cc( cmac_ctx ) && ret == 0 ) + { + ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; + } + + return( ret ); +} + +int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ) +{ + mbedtls_cmac_context_t *cmac_ctx; + + if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + cmac_ctx = ctx->cmac_ctx; + + /* Reset the internal state */ + cmac_ctx->unprocessed_len = 0; + mbedtls_platform_zeroize( cmac_ctx->unprocessed_block, + sizeof( cmac_ctx->unprocessed_block ) ); + + if( deinit_cc( cmac_ctx ) != 0 ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + return( init_cc( cmac_ctx ) ); +} + +int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, + const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + int ret = 0; + mbedtls_cipher_context_t ctx; + size_t olen = SASI_AES_BLOCK_SIZE_IN_BYTES; + + if( cipher_info == NULL || key == NULL || + input == NULL || output == NULL ) + return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + + mbedtls_cipher_init( &ctx ); + + if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 ) + goto exit; + + ret = mbedtls_cipher_cmac_starts( &ctx, key, keylen ); + if( ret != 0 ) + goto exit; + + if( SaSi_AesFinish( &ctx.cmac_ctx->CC_Context, ilen, ( uint8_t * ) input, + ilen, output, &olen ) != 0 ) + { + ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; + goto clear_cc; + } + +clear_cc: + if( deinit_cc( ctx.cmac_ctx ) != 0 && ret == 0 ) + { + ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; + } + +exit: + mbedtls_cipher_free( &ctx ); + + return( ret ); + +} + +#if defined(MBEDTLS_AES_C) + +int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len, + const unsigned char *input, size_t in_len, + unsigned char output[16] ) +{ + return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); +} +#endif /* MBEDTLS_AES_C */ + + +#endif /* MBEDTLS_CMAC_ALT */ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/ecdh_alt.c b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/ecdh_alt.c new file mode 100644 index 0000000..a3c7414 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/ecdh_alt.c @@ -0,0 +1,300 @@ +/* + * ecdh_alt.c + * + * Copyright (C) 2018, Arm Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include "mbedtls/ecdh.h" +#include +#include "crys_ecpki_dh.h" +#include "crys_ecpki_build.h" +#include "crys_common.h" +#include "crys_ecpki_kg.h" +#include "crys_ecpki_domain.h" +#include "crys_ec_mont_api.h" +#include "mbedtls/platform.h" +#include "mbedtls/platform_util.h" +#include "cc_internal.h" + + +#if defined (MBEDTLS_ECDH_GEN_PUBLIC_ALT) +int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, + int ( *f_rng )( void *, unsigned char *, size_t ), + void *p_rng ) +{ + int ret = 0; + void* pHeap = NULL; + size_t heapSize = 0; + + uint32_t public_key_size = (2 * MAX_KEY_SIZE_IN_BYTES + 1); + const CRYS_ECPKI_Domain_t* pDomain = CRYS_ECPKI_GetEcDomain ( convert_mbedtls_grp_id_to_crys_domain_id( grp->id ) ); + mbedtls_rand_func_container cc_rand = { f_rng, p_rng }; + + if ( pDomain ) + { + uint8_t temp_buf[ 2 * MAX_KEY_SIZE_IN_BYTES + 1 ] = {0}; + cc_ecc_ws_keygen_params_t* kgParams = mbedtls_calloc( 1, sizeof( cc_ecc_ws_keygen_params_t ) ); + + if ( kgParams == NULL ) + return ( MBEDTLS_ERR_ECP_ALLOC_FAILED ); + pHeap = kgParams; + heapSize = sizeof( cc_ecc_ws_keygen_params_t ); + + ret = convert_CrysError_to_mbedtls_err( CRYS_ECPKI_GenKeyPair( &cc_rand, convert_mbedtls_to_cc_rand, + pDomain, &kgParams->privKey, + &kgParams->pubKey, + &kgParams->kgTempData, NULL ) ); + if( ret != 0 ) + { + goto cleanup; + } + + ret = convert_CrysError_to_mbedtls_err( CRYS_ECPKI_ExportPublKey( &kgParams->pubKey, + CRYS_EC_PointUncompressed,temp_buf, &public_key_size ) ); + if( ret != 0 ) + { + goto cleanup; + } + + + MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( grp, Q, temp_buf, public_key_size ) ); + memset ( temp_buf, 0 , sizeof(temp_buf) ); + + ret = convert_CrysError_to_mbedtls_err( CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes( temp_buf, (grp->nbits+7)/8, + kgParams->privKey.PrivKeyDbBuff, + 4*((((grp->nbits+7)/8)+3)/4) ) ); + if( ret != 0 ) + { + mbedtls_platform_zeroize( temp_buf, sizeof( temp_buf ) ); + goto cleanup; + } + + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary( d, temp_buf, (grp->nbits+7)/8 ) ); + mbedtls_platform_zeroize( temp_buf, sizeof( temp_buf ) ); + } + + /* if CRYS_ECPKI_GetEcDomain returns NULL, then the given curve is either Montgomery 25519 + * or another curve which is not supported by CC310*/ + else if ( grp->id == MBEDTLS_ECP_DP_CURVE25519 ) + { + size_t priv_key_size = public_key_size = CURVE_25519_KEY_SIZE ; + + cc_ecc_25519_keygen_params_t* kgParams = mbedtls_calloc( 1, sizeof(cc_ecc_25519_keygen_params_t) ); + + if ( kgParams == NULL ) + return ( MBEDTLS_ERR_ECP_ALLOC_FAILED ); + pHeap = ( uint8_t* )kgParams; + heapSize = sizeof(cc_ecc_25519_keygen_params_t); + + ret = convert_CrysError_to_mbedtls_err( CRYS_ECMONT_KeyPair( kgParams->pubKey, ( size_t* )&public_key_size, kgParams->privKey, + &priv_key_size, &cc_rand, convert_mbedtls_to_cc_rand, + &kgParams->kgTempData ) ); + if( ret != 0 ) + { + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( d, kgParams->privKey, priv_key_size ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &Q->X, kgParams->pubKey, public_key_size ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Q->Z, 1 ) ); + } + else + ret = MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; + +cleanup: + + if ( pHeap ) + { + mbedtls_platform_zeroize( pHeap, heapSize ); + mbedtls_free( pHeap ); + } + + return ( ret ); +} +#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */ + +/* + * Compute shared secret (SEC1 3.3.1) + */ +#if defined (MBEDTLS_ECDH_COMPUTE_SHARED_ALT) +int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, + const mbedtls_ecp_point *Q, const mbedtls_mpi *d, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) +{ + int ret; + void* pHeap = NULL; + size_t heapSize = 0; + + size_t public_key_size = (grp->nbits+7)/8 ; + const CRYS_ECPKI_Domain_t* pDomain = CRYS_ECPKI_GetEcDomain ( convert_mbedtls_grp_id_to_crys_domain_id( grp->id ) ); + uint32_t secret_size = ( ( grp->nbits + 7 ) / 8 ) ; + const uint32_t secret_size_in_heap = secret_size; + uint8_t* secret = mbedtls_calloc( 1, secret_size_in_heap ); + if ( secret == NULL ) + return ( MBEDTLS_ERR_ECP_ALLOC_FAILED ); + + /* + * Make sure Q is a valid pubkey before using it + */ + MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, Q ) ); + if ( pDomain ) + { + uint8_t temp_buf[ 2 * MAX_KEY_SIZE_IN_BYTES + 1 ] = {0}; + cc_ecc_ws_comp_shared_params_t* ecdhParams = mbedtls_calloc( 1, sizeof(cc_ecc_ws_comp_shared_params_t) ); + + if ( ecdhParams == NULL ) + { + ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; + goto cleanup; + } + + pHeap = ecdhParams; + heapSize = sizeof(cc_ecc_ws_comp_shared_params_t); + + + MBEDTLS_MPI_CHK( mbedtls_ecp_point_write_binary( grp, Q, MBEDTLS_ECP_PF_UNCOMPRESSED, + &public_key_size, temp_buf, sizeof(temp_buf) ) ); + + ret = convert_CrysError_to_mbedtls_err( CRYS_ECPKI_BuildPublKey( pDomain, temp_buf, public_key_size, + &ecdhParams->pubKey ) ); + if ( ret != 0 ) + { + goto cleanup; + } + + memset ( temp_buf, 0, sizeof(temp_buf) ); + + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, temp_buf, mbedtls_mpi_size( d ) ) ); + + ret = convert_CrysError_to_mbedtls_err( CRYS_ECPKI_BuildPrivKey( pDomain, + temp_buf, + mbedtls_mpi_size( d ), + &ecdhParams->privKey ) ); + mbedtls_platform_zeroize( temp_buf, sizeof( temp_buf ) ); + if ( ret != 0 ) + { + goto cleanup; + } + + ret = convert_CrysError_to_mbedtls_err( CRYS_ECDH_SVDP_DH( &ecdhParams->pubKey, &ecdhParams->privKey, + secret, &secret_size, + &ecdhParams->ecdhTempData ) ); + if ( ret != 0 ) + { + goto cleanup; + } + } + else if ( grp->id == MBEDTLS_ECP_DP_CURVE25519 ) + { + uint8_t temp_buf[CURVE_25519_KEY_SIZE] = {0}; + cc_ecc_25519_comp_shared_params_t* ecdhParams = mbedtls_calloc( 1, sizeof(cc_ecc_25519_comp_shared_params_t) ); + if ( ecdhParams == NULL ) + { + ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; + goto cleanup; + } + + pHeap = ecdhParams; + heapSize = sizeof(cc_ecc_25519_comp_shared_params_t); + + if( mbedtls_mpi_size( d ) != CURVE_25519_KEY_SIZE ) + { + ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + goto cleanup; + } + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, temp_buf, + mbedtls_mpi_size( d ) ) ) ; + ret = convert_CrysError_to_mbedtls_err( + CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes( ecdhParams->privKey, + CURVE_25519_KEY_SIZE, + (uint32_t*)temp_buf, + sizeof( temp_buf) ) ); + if ( ret != 0 ) + { + mbedtls_platform_zeroize( temp_buf, sizeof(temp_buf) ); + goto cleanup; + } + + if( public_key_size != CURVE_25519_KEY_SIZE ) + { + ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &Q->X, temp_buf, public_key_size ) ); + ret = convert_CrysError_to_mbedtls_err( + CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes( ecdhParams->pubKey, + CURVE_25519_KEY_SIZE, + (uint32_t*)temp_buf, + sizeof( temp_buf) ) ); + if ( ret != 0 ) + { + mbedtls_platform_zeroize( temp_buf, sizeof(temp_buf) ); + goto cleanup; + } + + if( secret_size != CURVE_25519_KEY_SIZE ) + { + ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + goto cleanup; + } + + ret = convert_CrysError_to_mbedtls_err( CRYS_ECMONT_Scalarmult( temp_buf, ( size_t* )&secret_size, + ecdhParams->privKey, CURVE_25519_KEY_SIZE , + ecdhParams->pubKey, CURVE_25519_KEY_SIZE , + &ecdhParams->kgTempData ) ); + if ( ret != 0 ) + { + goto cleanup; + } + ret = convert_CrysError_to_mbedtls_err( + CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes( secret, + secret_size, + (uint32_t*)temp_buf, + CURVE_25519_KEY_SIZE ) ); + if ( ret != 0 ) + { + mbedtls_platform_zeroize( temp_buf, sizeof(temp_buf) ); + goto cleanup; + } + } + else + { + ret = MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( z, secret, secret_size ) ); + +cleanup: + + if ( pHeap ) + { + mbedtls_platform_zeroize( pHeap, heapSize ); + mbedtls_free ( pHeap ); + } + + if ( secret ) + { + mbedtls_platform_zeroize( secret, secret_size_in_heap ); + mbedtls_free ( secret ); + } + + return ( ret ); +} +#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/ecdsa_alt.c b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/ecdsa_alt.c new file mode 100644 index 0000000..16a8976 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/ecdsa_alt.c @@ -0,0 +1,322 @@ +/* + * ecdsa_alt.c + * + * Copyright (C) 2018, Arm Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include "mbedtls/ecdsa.h" +#include +#include "crys_ecpki_ecdsa.h" +#include "crys_ecpki_build.h" +#include "crys_common.h" +#include "crys_ecpki_kg.h" +#include "crys_ecpki_domain.h" +#include "crys_ec_edw_api.h" +#include "mbedtls/platform.h" +#include "mbedtls/platform_util.h" +#include "cc_internal.h" + +static CRYS_ECPKI_HASH_OpMode_t message_size_to_hash_mode( size_t blen ) +{ + CRYS_ECPKI_HASH_OpMode_t hash_mode; + switch( blen ) + { + case CRYS_HASH_SHA1_DIGEST_SIZE_IN_WORDS*sizeof(uint32_t): + hash_mode = CRYS_ECPKI_AFTER_HASH_SHA1_mode; + break; + case CRYS_HASH_SHA224_DIGEST_SIZE_IN_WORDS*sizeof(uint32_t): + hash_mode = CRYS_ECPKI_AFTER_HASH_SHA224_mode; + break; + case CRYS_HASH_SHA256_DIGEST_SIZE_IN_WORDS*sizeof(uint32_t): + hash_mode = CRYS_ECPKI_AFTER_HASH_SHA256_mode; + break; + case CRYS_HASH_SHA384_DIGEST_SIZE_IN_WORDS*sizeof(uint32_t): + hash_mode = CRYS_ECPKI_AFTER_HASH_SHA384_mode; + break; + case CRYS_HASH_SHA512_DIGEST_SIZE_IN_WORDS*sizeof(uint32_t): + hash_mode = CRYS_ECPKI_AFTER_HASH_SHA512_mode; + break; + default: + hash_mode = CRYS_ECPKI_HASH_OpModeLast; + } + + return hash_mode; +} + +#if defined(MBEDTLS_ECDSA_SIGN_ALT) +int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, + const mbedtls_mpi *d, const unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + int ret = 0; + CRYSError_t CrysRet = CRYS_OK; + void* pHeap = NULL; + size_t heapSize = 0; + uint8_t* pSignature = NULL; + CRYS_ECPKI_HASH_OpMode_t hash_mode = message_size_to_hash_mode( blen ); + uint32_t signature_size = ( ( grp->nbits + 7 ) / 8 ) *2; + const uint32_t signature_size_for_heap = signature_size; + mbedtls_rand_func_container cc_rand = { f_rng, p_rng }; + const CRYS_ECPKI_Domain_t* pDomain = CRYS_ECPKI_GetEcDomain ( convert_mbedtls_grp_id_to_crys_domain_id( grp->id ) ); + +#if SIZE_MAX > UINT_MAX + if( blen > 0xFFFFFFFF ) + { + return ( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + } +#endif + + if ( pDomain != NULL ) + { + uint8_t temp_buf[ MAX_KEY_SIZE_IN_BYTES ] = {0}; + cc_ecc_ws_sign_params_t* signParams = mbedtls_calloc( 1, sizeof(cc_ecc_ws_sign_params_t) ); + if ( signParams == NULL) + return ( MBEDTLS_ERR_ECP_ALLOC_FAILED ); + pHeap = signParams; + heapSize = sizeof(cc_ecc_ws_sign_params_t); + + pSignature = mbedtls_calloc( 1, signature_size_for_heap ); + if ( pSignature == NULL) + { + ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, temp_buf, mbedtls_mpi_size( d ) ) ); + + CrysRet = CRYS_ECPKI_BuildPrivKey( pDomain, + temp_buf, + mbedtls_mpi_size( d ), + &signParams->privKey); + if( CrysRet != CRYS_OK ) + { + ret = convert_CrysError_to_mbedtls_err( CrysRet ); + mbedtls_platform_zeroize( temp_buf, sizeof(temp_buf) ); + goto cleanup; + } + + CrysRet = CRYS_ECDSA_Sign( &cc_rand, + convert_mbedtls_to_cc_rand, + &signParams->signContext, + &signParams->privKey, + hash_mode, + (uint8_t*)buf, + blen, + pSignature, + &signature_size ); + mbedtls_platform_zeroize( temp_buf, sizeof(temp_buf) ); + if( CrysRet != CRYS_OK ) + { + ret = convert_CrysError_to_mbedtls_err( CrysRet ); + goto cleanup; + } + } + else + { + ret = MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( r, pSignature, ( ( grp->nbits + 7 ) / 8 ) ) ); + + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( s, pSignature + ( ( grp->nbits + 7 ) / 8 ), ( ( grp->nbits + 7 ) / 8 ) ) ); + + +cleanup: + + if ( pHeap ) + { + mbedtls_platform_zeroize( pHeap, heapSize ); + mbedtls_free( pHeap ); + } + + if( pSignature ) + { + mbedtls_platform_zeroize( pSignature, signature_size_for_heap ); + mbedtls_free( pSignature ); + + } + + return ( ret ) ; +} +#endif /* MBEDTLS_ECDSA_SIGN_ALT*/ + +#if defined(MBEDTLS_ECDSA_VERIFY_ALT) +//need to normalize the coordinates +int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, + const unsigned char *buf, size_t blen, + const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s) +{ + int ret = 0; + CRYSError_t CrysRet = CRYS_OK; + void* pHeap = NULL; + size_t heapSize = 0; + uint8_t * pSignature = NULL; + CRYS_ECPKI_HASH_OpMode_t hash_mode = message_size_to_hash_mode( blen ); + size_t temp_size = 0; + uint32_t signature_size = ( ( grp->nbits + 7 ) / 8 ) * 2; + const CRYS_ECPKI_Domain_t* pDomain = CRYS_ECPKI_GetEcDomain ( convert_mbedtls_grp_id_to_crys_domain_id( grp->id ) ); + +#if SIZE_MAX > UINT_MAX + if( blen > 0xFFFFFFFF ) + { + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + } +#endif + + if ( pDomain ) + { + uint8_t temp_buf[ 2*MAX_KEY_SIZE_IN_BYTES + 1 ] = {0}; + + cc_ecc_ws_verify_params_t* verifyParams = mbedtls_calloc( 1, sizeof(cc_ecc_ws_verify_params_t) ); + if ( verifyParams == NULL) + return ( MBEDTLS_ERR_ECP_ALLOC_FAILED ); + pHeap = verifyParams; + heapSize = sizeof(cc_ecc_ws_verify_params_t); + + pSignature = mbedtls_calloc( 1, signature_size ); + if ( pSignature == NULL) + { + ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_ecp_point_write_binary( grp, Q, MBEDTLS_ECP_PF_UNCOMPRESSED, + &temp_size, temp_buf, sizeof(temp_buf) ) ); + + CrysRet = CRYS_ECPKI_BuildPublKey(pDomain, temp_buf, temp_size, &verifyParams->pubKey); + if( CrysRet != CRYS_OK ) + { + ret = convert_CrysError_to_mbedtls_err( CrysRet ); + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( r, pSignature, ( ( grp->nbits + 7 ) / 8 ) ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( s, pSignature + ( ( grp->nbits + 7 ) / 8 ), ( ( grp->nbits + 7 ) / 8 ) ) ); + CrysRet = CRYS_ECDSA_Verify ( &verifyParams->verifyContext, + &verifyParams->pubKey, + hash_mode, + pSignature, + signature_size, + (uint8_t*)buf, + blen ); + if( CrysRet != CRYS_OK ) + { + ret = convert_CrysError_to_mbedtls_err( CrysRet ); + goto cleanup; + } + } + else + ret = MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; + +cleanup: + + if( pHeap ) + { + mbedtls_platform_zeroize( pHeap, heapSize ); + mbedtls_free( pHeap ); + } + + if( pSignature ) + { + mbedtls_platform_zeroize( pSignature, signature_size ); + mbedtls_free( pSignature ); + + } + + return ret; +} +#endif /* MBEDTLS_ECDSA_VERIFY_ALT */ + +#if defined(MBEDTLS_ECDSA_GENKEY_ALT) +int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + int ret = 0; + CRYSError_t CrysRet = CRYS_OK; + void* pHeap = NULL; + size_t heapSize = 0; + uint32_t key_size = 2*MAX_KEY_SIZE_IN_BYTES + 1; + const CRYS_ECPKI_Domain_t* pDomain = CRYS_ECPKI_GetEcDomain ( convert_mbedtls_grp_id_to_crys_domain_id( gid ) ); + mbedtls_rand_func_container cc_rand = { f_rng, p_rng }; + + + if ( pDomain ) + { + uint8_t temp_buf[ 2 * MAX_KEY_SIZE_IN_BYTES + 1 ] = {0}; + + cc_ecc_ws_keygen_params_t* kgParams = mbedtls_calloc( 1, sizeof(cc_ecc_ws_keygen_params_t) ); + if ( kgParams == NULL ) + return ( MBEDTLS_ERR_ECP_ALLOC_FAILED ); + + pHeap = kgParams; + heapSize = sizeof(cc_ecc_ws_keygen_params_t); + + CrysRet = CRYS_ECPKI_GenKeyPair( &cc_rand, convert_mbedtls_to_cc_rand, pDomain, + &kgParams->privKey, &kgParams->pubKey, + &kgParams->kgTempData, NULL ); + if ( CrysRet != CRYS_OK ) + { + ret = convert_CrysError_to_mbedtls_err( CrysRet ); + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ctx->grp, gid ) ); + + CrysRet = CRYS_ECPKI_ExportPublKey( &kgParams->pubKey, CRYS_EC_PointUncompressed, temp_buf, &key_size ); + if ( CrysRet != CRYS_OK ) + { + ret = convert_CrysError_to_mbedtls_err( CrysRet ); + goto cleanup; + } + + ret = mbedtls_ecp_point_read_binary( &ctx->grp, &ctx->Q, temp_buf, key_size ); + if ( ret != 0 ) + goto cleanup; + + memset ( temp_buf, 0 , sizeof(temp_buf) ); + + CrysRet = CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes( temp_buf, (ctx->grp.nbits+7)/8, + kgParams->privKey.PrivKeyDbBuff, + 4*((((ctx->grp.nbits+7)/8)+3)/4) ); + if ( CrysRet != CRYS_OK ) + { + ret = convert_CrysError_to_mbedtls_err( CrysRet ); + mbedtls_platform_zeroize( temp_buf, sizeof(temp_buf) ); + goto cleanup; + } + + ret = mbedtls_mpi_read_binary( &ctx->d, temp_buf, (ctx->grp.nbits+7)/8 ); + mbedtls_platform_zeroize( temp_buf, sizeof(temp_buf) ); + if ( ret != 0 ) + { + goto cleanup; + } + } + else + ret = MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; + + +cleanup: + if ( pHeap ) + { + mbedtls_platform_zeroize( pHeap, heapSize ); + mbedtls_free ( pHeap ); + } + return ( ret ); +} +#endif /* MBEDTLS_ECDSA_GENKEY_ALT */ diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/sha1_alt.c b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/sha1_alt.c new file mode 100644 index 0000000..f750485 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/sha1_alt.c @@ -0,0 +1,84 @@ +/* + * sha1_alt.c + * + * Copyright (C) 2018, Arm Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include "mbedtls/sha1.h" +#if defined(MBEDTLS_SHA1_ALT) +#include +#include "mbedtls/platform.h" + +void mbedtls_sha1_init( mbedtls_sha1_context *ctx ) +{ + memset( ctx, 0, sizeof( mbedtls_sha1_context ) ); +} + +void mbedtls_sha1_free( mbedtls_sha1_context *ctx ) +{ + if( ctx == NULL ) + return; + + CRYS_HASH_Free( &ctx->crys_hash_ctx ); + + memset( ctx, 0, sizeof( mbedtls_sha1_context ) ); +} + +void mbedtls_sha1_clone( mbedtls_sha1_context *dst, + const mbedtls_sha1_context *src ) +{ + memcpy( dst, src, sizeof( mbedtls_sha1_context ) ); +} + +int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ) +{ + if( CRYS_HASH_Init( &ctx->crys_hash_ctx, CRYS_HASH_SHA1_mode ) != CRYS_OK ) + return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return ( 0 ); +} + + +int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + if( CRYS_HASH_Update( &ctx->crys_hash_ctx, (uint8_t*)input, ilen ) != CRYS_OK ) + return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return ( 0 ); +} + +int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, + unsigned char output[20] ) +{ + CRYSError_t crys_err = CRYS_OK; + CRYS_HASH_Result_t crys_result = {0}; + crys_err = CRYS_HASH_Finish( &ctx->crys_hash_ctx, crys_result ); + if( crys_err == CRYS_OK ) + { + memcpy( output, crys_result, 20 ); + return ( 0 ); + } + else + return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); +} + +int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, + const unsigned char data[64] ) +{ + return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); +} +#endif //MBEDTLS_SHA1_ALT diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/sha256_alt.c b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/sha256_alt.c new file mode 100644 index 0000000..71c4201 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/sha256_alt.c @@ -0,0 +1,84 @@ +/* + * sha256_alt.c + * + * Copyright (C) 2018, Arm Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include "mbedtls/sha256.h" +#if defined(MBEDTLS_SHA256_ALT) +#include +#include "mbedtls/platform.h" + +void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) +{ + memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); +} + +void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) +{ + if( ctx == NULL ) + return; + CRYS_HASH_Free( &ctx->crys_hash_ctx ); + memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); +} + +void mbedtls_sha256_clone( mbedtls_sha256_context *dst, + const mbedtls_sha256_context *src ) +{ + memcpy( dst, src, sizeof( mbedtls_sha256_context ) ); +} + + +int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) +{ + if(CRYS_HASH_Init( &ctx->crys_hash_ctx, is224 ? + CRYS_HASH_SHA224_mode : CRYS_HASH_SHA256_mode ) != CRYS_OK ) + return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return ( 0 ); +} + +int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, + const unsigned char data[64] ) +{ + return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); +} + +int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + if( CRYS_HASH_Update( &ctx->crys_hash_ctx, (uint8_t*)input, ilen ) != CRYS_OK ) + return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return ( 0 ); +} + +int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, + unsigned char output[32] ) +{ + CRYSError_t crys_err = CRYS_OK; + CRYS_HASH_Result_t crys_result = {0}; + crys_err = CRYS_HASH_Finish( &ctx->crys_hash_ctx, crys_result ); + if( crys_err == CRYS_OK ) + { + memcpy( output, crys_result, 32 ); + return ( 0 ); + } + else + return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); +} +#endif //MBEDTLS_SHA256_ALT + diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/sha512_alt.c b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/sha512_alt.c new file mode 100644 index 0000000..3ba5ba9 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/sha512_alt.c @@ -0,0 +1,84 @@ +/* + * sha512_alt.c + * + * Copyright (C) 2019, Arm Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include "mbedtls/sha512.h" +#if defined(MBEDTLS_SHA512_ALT) +#include +#include "mbedtls/platform.h" + +void mbedtls_sha512_init( mbedtls_sha512_context *ctx ) +{ + memset( ctx, 0, sizeof( mbedtls_sha512_context ) ); +} + +void mbedtls_sha512_free( mbedtls_sha512_context *ctx ) +{ + if( ctx == NULL ) + return; + CRYS_HASH_Free( &ctx->crys_hash_ctx ); + memset( ctx, 0, sizeof( mbedtls_sha512_context ) ); +} + +void mbedtls_sha512_clone( mbedtls_sha512_context *dst, + const mbedtls_sha512_context *src ) +{ + memcpy(dst,src,sizeof(mbedtls_sha512_context)); +} + + +int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) +{ + if( is384 ) + return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); + if( CRYS_HASH_Init( &ctx->crys_hash_ctx, CRYS_HASH_SHA512_mode ) != CRYS_OK ) + return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return ( 0 ); +} + +int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, + const unsigned char data[128] ) +{ + return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); +} + +int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + if( CRYS_HASH_Update( &ctx->crys_hash_ctx, (uint8_t*)input, ilen ) != CRYS_OK ) + return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return ( 0 ); +} + +int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, + unsigned char output[64] ) +{ + CRYSError_t crys_err = CRYS_OK; + CRYS_HASH_Result_t crys_result = {0}; + crys_err = CRYS_HASH_Finish( &ctx->crys_hash_ctx, crys_result ); + if( crys_err == CRYS_OK ) + { + memcpy(output,crys_result,64); + return ( 0 ); + } + else + return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); +} +#endif //MBEDTLS_SHA512_ALT diff --git a/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/trng.c b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/trng.c new file mode 100644 index 0000000..fb2f893 --- /dev/null +++ b/connectivity/drivers/mbedtls/FEATURE_CRYPTOCELL310/source/trng.c @@ -0,0 +1,90 @@ + /* + * trng.c + * + * Copyright (C) 2017, Arm Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#if DEVICE_TRNG + +#include +#include "trng_api.h" +#include "mbedtls/platform.h" + +extern mbedtls_platform_context plat_ctx; +static CRYS_RND_WorkBuff_t rndWorkBuff = { { 0 } }; + +/* Implementation that should never be optimized out by the compiler */ +static void mbedtls_zeroize( void *v, size_t n ) { + volatile unsigned char *p = (unsigned char*)v; + while( n-- ) *p++ = 0; +} + +CRYSError_t RNG_PLAT_SetUserRngParameters( + CRYS_RND_State_t *pRndState, + CRYS_RND_Params_t *pTrngParams); + +CRYSError_t LLF_RND_GetTrngSource( + CRYS_RND_State_t *rndState_ptr, + CRYS_RND_Params_t *trngParams_ptr, + SaSiBool_t isContinued, + uint32_t *entropySize_ptr, + uint32_t **sourceOut_ptr_ptr, + uint32_t *sourceOutSize_ptr, + uint32_t *rndWorkBuff_ptr); + + +void trng_init(trng_t *obj) +{ + RNG_PLAT_SetUserRngParameters(&plat_ctx.platform_impl_ctx.rndState, obj); +} + +void trng_free(trng_t *obj) +{ + (void)obj; +} + + +int trng_get_bytes(trng_t *obj, uint8_t *output, size_t length, size_t *outputLength) +{ + (void)obj; + int ret; + uint32_t entropySizeBits; + uint32_t *entrSource_ptr; + uint32_t actualLength; + + ret = LLF_RND_GetTrngSource( + &plat_ctx.platform_impl_ctx.rndState , /*in/out*/ + obj, /*in/out*/ + 0, /*in*/ + &entropySizeBits, /*in/out*/ + &entrSource_ptr, /*out*/ + &actualLength, /*out*/ + (uint32_t*)&rndWorkBuff.crysRndWorkBuff /*in*/); + if ( ret != 0 ) + return -1; + + if ( length < actualLength ) + actualLength = length; + + *outputLength = actualLength; + + memcpy( output, entrSource_ptr + CRYS_RND_TRNG_SRC_INNER_OFFSET_WORDS, *outputLength ); + mbedtls_zeroize( entrSource_ptr + CRYS_RND_TRNG_SRC_INNER_OFFSET_WORDS, *outputLength ); + return 0; +} + +#endif //DEVICE_TRNG diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/Readme.md b/features/cryptocell/FEATURE_CRYPTOCELL310/Readme.md deleted file mode 100644 index f8145b5..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/Readme.md +++ /dev/null @@ -1,37 +0,0 @@ -# Guidelines for porting Cryptocell to Mbed OS - -Cryptocell (CC) 310 is a hardware accelerator you can port to boards that have CC 310 embedded in their hardware. - -The CC 310 driver consists of three libraries: - -* A common core library (`libcc_core.a`). -* A platform-specific TRNG library containing TRNG-related information for sampling sufficient entropy on the specific platform (`libcc_trng.a`). -* A platform-specific library containing extra information, such as the CC register's base addresses on the specific board (`libcc_ext.a`). - -Library version information: - -* The CC 310 libraries were built from version `arm_sw-cc310-1.1.0.1285`. -* The `IAR` libraries were built using `IAR ANSI C/C++ Compiler V7.80.1.11864/W32 for ARM` with `--cpu Cortex-M4f`. -* The `ARM` libraries were built using `ARM Compiler 5.06 update 4 (build 422)` with `--cpu cortex-m4`. -* The `GCC_ARM` libraries were built using `arm-none-eabi-gcc 6.3.1 20170620 (release)` with `-mcpu=cortex-m4`. - -To port your CC 310 driver to Mbed OS on your specific target: - -1. In `targets.json`, add the following to your target: - * `MBEDTLS_CONFIG_HW_SUPPORT` to `macros_add` key. This instructs Mbed TLS to look for an alternative cryptographic implementation. - * `CRYPTOCELL310` to `feature`. Use this in your common code that you need to remove from compilation in case CC exists in your board. Use `#if !defined(FEATURE_CRYPTOCELL310)` and `#if defined(FEATURE_CRYPTOCELL310)`. -1. In `objects.h`, include `objects_cryptocell.h`. You can use the `FEATURE_CRYPTOCELL310` precompilation check as defined above. -1. In `features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_`, add your platform-specific libraries for all toolchains in `TOOLCHAIN_ARM`, `TOOLCHAIN_GCC_ARM` and `TOOLCHAIN_IAR` respectively. -1. Add your CC setup code: - * Implement `crypto_platform_setup()` and `crypto_platform_terminate()` to enable CC on your platform, in case you have board-specific setup functionality, required for CC setup. You MUST call `SaSi_LibInit()` and `SaSi_LibFini()` in these functions. - * Define `crypto_platform_ctx` in `crypto_device_platform.h` in a way that suits your implementation. - -## Enabling optional alternative drivers - -Three additional modules that are not enabled by default have alternative implementation support. This allows backward compatability because these modules don't have full functionality and returns `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED` for some features. The modules are: - -* `AES`, which only supports 128 bit key size, as opposed to previous support for all key sizes. -* `CMAC`, which only supports AES 128 bit key size, as opposed to previous support for DES and all key sizes. -* `SHA512`, which only supports SHA512, as opposed to previous support for SHA384, as well. - -To enable these modules, define `MBEDTLS_AES_ALT`, `MBEDTLS_CMAC_ALT` and `MBEDTLS_SHA512_ALT`, either in `mbed_app.json` or in your `MBEDTLS_USER_CONFIG_FILE`, to have hardware accelerated module with reduced RAM size, on the expense of full functionality. diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_ARM/libcc_310_ext.ar b/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_ARM/libcc_310_ext.ar deleted file mode 100644 index 40e27f7..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_ARM/libcc_310_ext.ar +++ /dev/null Binary files differ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_ARM/libcc_310_trng.ar b/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_ARM/libcc_310_trng.ar deleted file mode 100644 index 17f0057..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_ARM/libcc_310_trng.ar +++ /dev/null Binary files differ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_GCC_ARM/libcc_310_ext.a b/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_GCC_ARM/libcc_310_ext.a deleted file mode 100644 index 64c57cc..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_GCC_ARM/libcc_310_ext.a +++ /dev/null Binary files differ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_GCC_ARM/libcc_310_trng.a b/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_GCC_ARM/libcc_310_trng.a deleted file mode 100644 index df24c2c..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_GCC_ARM/libcc_310_trng.a +++ /dev/null Binary files differ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_IAR/lib_cc310_ext.a b/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_IAR/lib_cc310_ext.a deleted file mode 100644 index 3b54c60..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_IAR/lib_cc310_ext.a +++ /dev/null Binary files differ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_IAR/lib_cc310_trng.a b/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_IAR/lib_cc310_trng.a deleted file mode 100644 index 312518e..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/TOOLCHAIN_IAR/lib_cc310_trng.a +++ /dev/null Binary files differ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/crypto_device_platform.c b/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/crypto_device_platform.c deleted file mode 100644 index 8fccaeb..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/crypto_device_platform.c +++ /dev/null @@ -1,44 +0,0 @@ - /* - * crypto_platform.c - * - * Copyright (C) 2018, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include "platform_alt.h" -#include "nrf52840.h" -#include "sns_silib.h" -#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) - -static CRYS_RND_WorkBuff_t rndWorkBuff = { { 0 } } ; - -int crypto_platform_setup( crypto_platform_ctx *ctx ) -{ - NRF_CRYPTOCELL->ENABLE = 1; - - if( SaSi_LibInit( &ctx->rndState, &rndWorkBuff ) != 0 ) - return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - - return ( 0 ); -} - -void crypto_platform_terminate( crypto_platform_ctx *ctx ) -{ - SaSi_LibFini( &ctx->rndState ); - NRF_CRYPTOCELL->ENABLE = 0; -} - -#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/crypto_device_platform.h b/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/crypto_device_platform.h deleted file mode 100644 index 9b611b2..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/TARGET_MCU_NRF52840/crypto_device_platform.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - * crypto_platform.h - * - * Copyright (C) 2018, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -#ifndef __CRYPTO_PLATFORM_H_ -#define __CRYPTO_PLATFORM_H_ -#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) -#include "crys_rnd.h" -/** - * \brief The CC platform context structure. - * - * \note This structure may be used to assist platform-specific - * setup or teardown operations. - */ -typedef struct { - CRYS_RND_State_t rndState; -} -crypto_platform_ctx; -#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ -#endif /* __CRYPTO_PLATFORM_H_ */ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/aes_alt.c b/features/cryptocell/FEATURE_CRYPTOCELL310/aes_alt.c deleted file mode 100644 index 19eadb3..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/aes_alt.c +++ /dev/null @@ -1,308 +0,0 @@ -/* - * aes_alt.c - * - * Copyright (C) 2019, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include "mbedtls/aes.h" -#if defined(MBEDTLS_AES_ALT) -#include -#include "ssi_aes_defs.h" -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_CIPHER_MODE_CFB) -/* - * AES-CFB128 buffer encryption/decryption - */ -int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) -{ - return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); -} - -/* - * AES-CFB8 buffer encryption/decryption - */ -int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) -{ - return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); -} -#endif /*MBEDTLS_CIPHER_MODE_CFB */ - -#if defined(MBEDTLS_CIPHER_MODE_XTS) - -int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits ) -{ - return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); -} - -int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits ) -{ - return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); -} - -int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, - int mode, - size_t length, - const unsigned char data_unit[16], - const unsigned char *input, - unsigned char *output ) -{ - return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); -} -#endif /* MBEDTLS_CIPHER_MODE_XTS */ - -#if defined(MBEDTLS_CIPHER_MODE_OFB) -int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); -{ - return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); -} -#endif /* MBEDTLS_CIPHER_MODE_OFB */ - -void mbedtls_aes_init( mbedtls_aes_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_aes_context ) ); -} - -void mbedtls_aes_free( mbedtls_aes_context *ctx ) -{ - if( ctx == NULL ) - return; - - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aes_context ) ); -} -#if defined(MBEDTLS_CIPHER_MODE_XTS) - -void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ){} - -void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ){} -#endif /* MBEDTLS_CIPHER_MODE_XTS */ - -static int CC_aes_setkey( mbedtls_aes_context *ctx, const unsigned char *key, - unsigned int keybits, SaSiAesEncryptMode_t cipher_flag ) -{ - int ret = 0; - if( ctx == NULL ) - return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); - - switch( keybits ) - { - case 128: - { - ctx->CC_cipherFlag = cipher_flag; - ctx->CC_keySizeInBytes = ( keybits / 8 ); - memcpy( ctx->CC_Key, key, ctx->CC_keySizeInBytes ); - } - break; - case 192: - case 256: - return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); - default: - return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); - } - - return( 0 ); -} -int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, - unsigned int keybits ) -{ - return( CC_aes_setkey( ctx, key, keybits, SASI_AES_ENCRYPT ) ); -} - -int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, - unsigned int keybits ) -{ - return( CC_aes_setkey( ctx, key, keybits, SASI_AES_DECRYPT ) ); -} - -static int CC_aes_cipher( mbedtls_aes_context *ctx, - int mode, - SaSiAesOperationMode_t aes_mode, - size_t length, - unsigned char* iv, - size_t iv_len, - const unsigned char *input, - unsigned char *output ) -{ - int ret = 0; - SaSiAesUserKeyData_t CC_KeyData = { ctx->CC_Key, - ctx->CC_keySizeInBytes }; - - ret = SaSi_AesInit( &ctx->CC_Context, - ctx->CC_cipherFlag, - aes_mode, SASI_AES_PADDING_NONE ); - if( ret != 0 ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - - ret = SaSi_AesSetKey( &ctx->CC_Context, SASI_AES_USER_KEY, - &CC_KeyData, sizeof( CC_KeyData ) ); - if( ret != 0 ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - - if( iv ) - { - if( iv_len != SASI_AES_IV_SIZE_IN_BYTES ) - return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH ); - - ret = SaSi_AesSetIv( &ctx->CC_Context, iv ); - if( ret != 0 ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - } - - ret = SaSi_AesFinish( &ctx->CC_Context, length, - ( unsigned char* )input, length, output, &length ); - if( ret != 0 ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - - /* update the IV for next block - * For CTR mode, update the nonce only if the current length is a full AES block length - */ - - if( ( ( aes_mode == SASI_AES_MODE_CBC ) || - ( (aes_mode == SASI_AES_MODE_CTR) && ( ( length % SASI_AES_BLOCK_SIZE_IN_BYTES) == 0) ) ) - && iv ) - { - ret = SaSi_AesGetIv( &ctx->CC_Context, iv ); - if( ret != 0 ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - } - - ret = SaSi_AesFree( &ctx->CC_Context ); - if( ret != 0 ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - - return( 0 ); -} - -int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ) -{ - if( ctx == NULL ) - return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); - - if( ( mode == MBEDTLS_AES_ENCRYPT && ctx->CC_cipherFlag != SASI_AES_ENCRYPT ) || - ( mode == MBEDTLS_AES_DECRYPT && ctx->CC_cipherFlag != SASI_AES_DECRYPT ) ) - return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); - - return( CC_aes_cipher( ctx, mode, SASI_AES_MODE_ECB, 16, NULL, 0, input, output ) ); -} - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) -{ - if( ctx == NULL ) - return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); - - if( length % SASI_AES_BLOCK_SIZE_IN_BYTES ) - return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH ); - - if( ( mode != MBEDTLS_AES_ENCRYPT || ctx->CC_cipherFlag != SASI_AES_ENCRYPT ) && - ( mode != MBEDTLS_AES_DECRYPT || ctx->CC_cipherFlag != SASI_AES_DECRYPT ) ) - return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); - - return( CC_aes_cipher( ctx, mode, SASI_AES_MODE_CBC, length, iv, 16, input, output ) ); -} - -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - -#if defined(MBEDTLS_CIPHER_MODE_CTR) -int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], - const unsigned char *input, - unsigned char *output ) -{ - int ret = 0; - int n = *nc_off, c, i; - size_t j; - if( ctx == NULL ) - return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); - - if( *nc_off ) - { - /* handle corner case where we are resuming a previous encryption, - * and we are resuming within current cipher stream(stream_block) */ - while( n != 0 ) - { - c = *input++; - *output++ = (unsigned char)( c ^ stream_block[n] ); - n = ( n + 1) & 0x0F; - if( length > 0) - --length; - } - /* - * Increase the nonce_counter by 1 since we now passed one block - */ - for( i = 16; i > 0; i-- ) - if( ++nonce_counter[i - 1] != 0 ) - break; - } - if( CC_aes_cipher( ctx, MBEDTLS_AES_ENCRYPT, SASI_AES_MODE_CTR, - length, nonce_counter, SASI_AES_IV_SIZE_IN_BYTES, input, output ) != 0 ) - { - ret = -1; - } - if( ( ( length % SASI_AES_BLOCK_SIZE_IN_BYTES ) != 0 ) && ret == 0 ) - { - /* in case the length is not aligned, generate stream block for resuming - * increase nonce_block to the correct value*/ - for( j = 0; j < ( length/SASI_AES_BLOCK_SIZE_IN_BYTES ); j++) - for( i = 16; i > 0; i-- ) - if( ++nonce_counter[i - 1] != 0 ) - break; - if( ( ret = CC_aes_cipher( ctx, MBEDTLS_AES_ENCRYPT, SASI_AES_MODE_ECB, - SASI_AES_BLOCK_SIZE_IN_BYTES, NULL, 0, - nonce_counter, stream_block ) ) != 0 ) - { - goto exit; - } - } - *nc_off = ( length % SASI_AES_BLOCK_SIZE_IN_BYTES ); - -exit: - return( ret ); -} -#endif /* MBEDTLS_CIPHER_MODE_CTR */ -#endif/* MBEDTLS_AES_ALT */ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/aes_alt.h b/features/cryptocell/FEATURE_CRYPTOCELL310/aes_alt.h deleted file mode 100644 index 54167a2..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/aes_alt.h +++ /dev/null @@ -1,56 +0,0 @@ -/* - * aes_alt.h - * - * Copyright (C) 2019, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef __AES_ALT__ -#define __AES_ALT__ - -#if defined(MBEDTLS_AES_ALT) -#include "ssi_aes.h" -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct -{ - SaSiAesUserContext_t CC_Context; - SaSiAesEncryptMode_t CC_cipherFlag; - uint8_t CC_Key[SASI_AES_KEY_MAX_SIZE_IN_BYTES]; - size_t CC_keySizeInBytes; -} -mbedtls_aes_context; - -#if defined(MBEDTLS_CIPHER_MODE_XTS) -/** - * \brief The AES XTS context-type definition. - */ -typedef struct mbedtls_aes_xts_context -{ - int unsupported; -} -mbedtls_aes_xts_context; -#endif /* MBEDTLS_CIPHER_MODE_XTS */ - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_AES_ALT */ -#endif /* __AES_ALT__ */ - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/binaries/TOOLCHAIN_ARM/libcc_310_core.ar b/features/cryptocell/FEATURE_CRYPTOCELL310/binaries/TOOLCHAIN_ARM/libcc_310_core.ar deleted file mode 100644 index 3121265..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/binaries/TOOLCHAIN_ARM/libcc_310_core.ar +++ /dev/null Binary files differ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/binaries/TOOLCHAIN_GCC_ARM/libcc_310_core.a b/features/cryptocell/FEATURE_CRYPTOCELL310/binaries/TOOLCHAIN_GCC_ARM/libcc_310_core.a deleted file mode 100644 index bace518..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/binaries/TOOLCHAIN_GCC_ARM/libcc_310_core.a +++ /dev/null Binary files differ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/binaries/TOOLCHAIN_IAR/lib_cc310_core.a b/features/cryptocell/FEATURE_CRYPTOCELL310/binaries/TOOLCHAIN_IAR/lib_cc310_core.a deleted file mode 100644 index 498bd54..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/binaries/TOOLCHAIN_IAR/lib_cc310_core.a +++ /dev/null Binary files differ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/cc_internal.c b/features/cryptocell/FEATURE_CRYPTOCELL310/cc_internal.c deleted file mode 100644 index d3502e4..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/cc_internal.c +++ /dev/null @@ -1,156 +0,0 @@ -/* - * cc_internal.c - * - * Internal utility functions and definitions, - * used for converting mbedtls types to CC types, and vice versa - * - * Copyright (C) 2018, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include "cc_internal.h" -#include "crys_ecpki_error.h" -#include "crys_ec_mont_edw_error.h" -#include "mbedtls/platform.h" - -CRYS_ECPKI_DomainID_t convert_mbedtls_grp_id_to_crys_domain_id( mbedtls_ecp_group_id grp_id ) -{ - switch( grp_id ) - { - case MBEDTLS_ECP_DP_SECP192K1: - return ( CRYS_ECPKI_DomainID_secp192k1 ); - case MBEDTLS_ECP_DP_SECP192R1: - return ( CRYS_ECPKI_DomainID_secp192r1 ); - case MBEDTLS_ECP_DP_SECP224K1: - return ( CRYS_ECPKI_DomainID_secp224k1 ); - case MBEDTLS_ECP_DP_SECP224R1: - return ( CRYS_ECPKI_DomainID_secp224r1 ); - case MBEDTLS_ECP_DP_SECP256K1: - return ( CRYS_ECPKI_DomainID_secp256k1 ); - case MBEDTLS_ECP_DP_SECP256R1: - return ( CRYS_ECPKI_DomainID_secp256r1 ); - case MBEDTLS_ECP_DP_SECP384R1: - return ( CRYS_ECPKI_DomainID_secp384r1 ); - case MBEDTLS_ECP_DP_SECP521R1: - return ( CRYS_ECPKI_DomainID_secp521r1 ); - default: - return ( CRYS_ECPKI_DomainID_OffMode ); - } - -} - -uint32_t convert_mbedtls_to_cc_rand( void* mbedtls_rnd_ctx, uint16_t outSizeBytes, uint8_t* out_ptr ) -{ - uint16_t i = 0; - uint8_t temp = 0; - mbedtls_rand_func_container* mbedtls_rand = (mbedtls_rand_func_container*)mbedtls_rnd_ctx; - - if( mbedtls_rand->f_rng( mbedtls_rand->ctx, out_ptr, outSizeBytes ) != 0 ) - return ( MBEDTLS_ERR_ECP_RANDOM_FAILED ); - - /* - * CC requires the random data as LE, so reversing the data - * (although this is random, but test vectors are in specific Endianess) - */ - while ( i < ( outSizeBytes / 2 ) ) - { - temp = out_ptr[outSizeBytes - 1 - i]; - out_ptr[outSizeBytes - 1 - i] = out_ptr[i]; - out_ptr[i] = temp; - ++i; - } - /* - * CC increases the random data by one, to put the vector in the proper range (1 to n), - * The RFC tests supply a data buffer within range, and in order to generate the proper ephemeral key, - * need to decrease one from this data, before CC increases the data, so the output will be as expected - */ - i = 0; - while( out_ptr[i] == 0 ) - { - ++i; - } - while( i > 0 ) - { - --out_ptr[i]; - --i; - } - --out_ptr[0]; - return ( 0 ); -} - -int convert_CrysError_to_mbedtls_err( CRYSError_t Crys_err ) -{ - switch( Crys_err ) - { - case CRYS_OK: - return ( 0 ); - - case CRYS_ECDH_SVDP_DH_INVALID_USER_PRIV_KEY_PTR_ERROR: - case CRYS_ECDH_SVDP_DH_USER_PRIV_KEY_VALID_TAG_ERROR: - case CRYS_ECDH_SVDP_DH_INVALID_PARTNER_PUBL_KEY_PTR_ERROR: - case CRYS_ECDH_SVDP_DH_PARTNER_PUBL_KEY_VALID_TAG_ERROR: - case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_PTR_ERROR: - case CRYS_ECDH_SVDP_DH_INVALID_TEMP_DATA_PTR_ERROR: - case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_PTR_ERROR: - case CRYS_ECDH_SVDP_DH_NOT_CONCENT_PUBL_AND_PRIV_DOMAIN_ID_ERROR: - case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_ERROR: - case CRYS_ECMONT_INVALID_INPUT_POINTER_ERROR: - case CRYS_ECMONT_INVALID_INPUT_SIZE_ERROR: - case CRYS_ECMONT_INVALID_DOMAIN_ID_ERROR: - case CRYS_ECDSA_SIGN_INVALID_USER_CONTEXT_PTR_ERROR: - case CRYS_ECDSA_SIGN_INVALID_USER_PRIV_KEY_PTR_ERROR: - case CRYS_ECDSA_SIGN_ILLEGAL_HASH_OP_MODE_ERROR: - case CRYS_ECDSA_SIGN_USER_PRIV_KEY_VALIDATION_TAG_ERROR: - case CRYS_ECDSA_SIGN_USER_CONTEXT_VALIDATION_TAG_ERROR: - case CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_PTR_ERROR: - case CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_SIZE_ERROR: - case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_PTR_ERROR: - case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_PTR_ERROR: - case CRYS_ECDSA_SIGN_INVALID_IS_EPHEMER_KEY_INTERNAL_ERROR: - case CRYS_ECDSA_SIGN_INVALID_EPHEMERAL_KEY_PTR_ERROR: - case CRYS_ECDSA_VERIFY_INVALID_SIGNER_PUBL_KEY_PTR_ERROR: - case CRYS_ECDSA_VERIFY_SIGNER_PUBL_KEY_VALIDATION_TAG_ERROR: - case CRYS_ECDSA_VERIFY_INVALID_USER_CONTEXT_PTR_ERROR: - case CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_IN_PTR_ERROR: - case CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_SIZE_ERROR: - case CRYS_ECPKI_INVALID_RND_CTX_PTR_ERROR: - case CRYS_ECPKI_INVALID_RND_FUNC_PTR_ERROR: - case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_ERROR: - return ( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - - case CRYS_ECDSA_VERIFY_INCONSISTENT_VERIFY_ERROR: - return ( MBEDTLS_ERR_ECP_VERIFY_FAILED ); - - case CRYS_ECMONT_IS_NOT_SUPPORTED: - case CRYS_ECEDW_IS_NOT_SUPPORTED: - return ( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); - - case CRYS_ECEDW_RND_GEN_VECTOR_FUNC_ERROR: - return ( MBEDTLS_ERR_ECP_RANDOM_FAILED ); - - case CRYS_ECPKI_GEN_KEY_INVALID_PRIVATE_KEY_PTR_ERROR: - case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_DATA_ERROR: - case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_DATA_ERROR: - case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_SIZE_ERROR: - case CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_SIZE_ERROR: - return ( MBEDTLS_ERR_ECP_INVALID_KEY ); - - default: - return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - } - - -} diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/cc_internal.h b/features/cryptocell/FEATURE_CRYPTOCELL310/cc_internal.h deleted file mode 100644 index 66efc0f..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/cc_internal.h +++ /dev/null @@ -1,133 +0,0 @@ -/* - * cc_internal.h - * - * Internal utility functions and definitions, - * used for converting mbedtls types to CC types, and vice versa - * - * Copyright (C) 2018, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef __CC_INTERNAL_H__ -#define __CC_INTERNAL_H__ -#include "crys_ecpki_types.h" -#include "crys_ec_mont_api.h" -#include "mbedtls/ecp.h" -#include -#include - -#define CURVE_25519_KEY_SIZE 32 - -#ifdef __cplusplus -extern "C" { -#endif - -#define MAX_KEY_SIZE_IN_BYTES ( ( CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS ) * SASI_32BIT_WORD_SIZE) - -/* ECC utility functions and structures*/ -typedef struct cc_ecc_ws_keygen_params{ - CRYS_ECPKI_UserPublKey_t pubKey; - CRYS_ECPKI_UserPrivKey_t privKey; - CRYS_ECPKI_KG_TempData_t kgTempData; -} cc_ecc_ws_keygen_params_t; - -typedef struct cc_ecc_ws_comp_shared_params{ - CRYS_ECPKI_UserPublKey_t pubKey; - CRYS_ECPKI_UserPrivKey_t privKey; - CRYS_ECDH_TempData_t ecdhTempData; -} cc_ecc_ws_comp_shared_params_t; - -typedef struct cc_ecc_ws_verify_params{ - CRYS_ECPKI_UserPublKey_t pubKey; - CRYS_ECDSA_VerifyUserContext_t verifyContext; -} cc_ecc_ws_verify_params_t; - -typedef struct cc_ecc_ws_sign_params{ - CRYS_ECPKI_UserPrivKey_t privKey; - CRYS_ECDSA_SignUserContext_t signContext; -} cc_ecc_ws_sign_params_t; - -typedef struct cc_ecc_25519_keygen_params{ - uint8_t pubKey[CURVE_25519_KEY_SIZE]; - uint8_t privKey[CURVE_25519_KEY_SIZE]; - CRYS_ECMONT_TempBuff_t kgTempData; -} cc_ecc_25519_keygen_params_t; - -typedef cc_ecc_25519_keygen_params_t cc_ecc_25519_comp_shared_params_t; - -/** - * \brief This function converts mbedtls type mbedtls_ecp_group_id - * to Cryptocell type CRYS_ECPKI_DomainID_t - * - * \param grp_id The mbedtls mbedtls_ecp_group_id to convert - * - * \return \c The corresponding CRYS_ECPKI_DomainID_t. - * CRYS_ECPKI_DomainID_OffMode if not recognized. - */ -CRYS_ECPKI_DomainID_t convert_mbedtls_grp_id_to_crys_domain_id( mbedtls_ecp_group_id grp_id ); - -/* f_rng conversion from mbedtls type to cc type*/ -typedef struct -{ - int (*f_rng)( void* ctx, unsigned char* output, size_t outSizeBytes ); - void* ctx; - -}mbedtls_rand_func_container; - -/** - * \brief This function converts mbedtls f_rng type to - * Cryptocell f_rng type(SaSiRndGenerateVectWorkFunc_t) - * - * Note: The Mbed TLS type f_rng signature is: - * int (*f_rng)( void* ctx, unsigned char* output, size_t outSizeBytes ); - * while CC f_rng signature is: - * uint32_t (*SaSiRndGenerateVectWorkFunc_t)( - * void *rndState_ptr, - * uint16_t outSizeBytes, - * uint8_t *out_ptr) - * - * so the Mbed TLS f_rng can't be sent as is to the CC API. - * - * In addition, this function manipulates the different random data, - * to adjust between the way Cryptocell reads the random data. This is done for - * different standard tests to pass. - * - * - * \param mbedtls_rand The mbedtls rnd context pointer - * \param outSizeBytes The size of the output buffer - * \param out_ptr Pointer to the output buffer - * - * \return \c The corresponding CRYS_ECPKI_DomainID_t. - * CRYS_ECPKI_DomainID_OffMode if not recognized. - */ - -uint32_t convert_mbedtls_to_cc_rand( void* mbedtls_rand, uint16_t outSizeBytes, uint8_t* out_ptr ); - -/** - * \brief This function convertsCryptocell error - * Mbed TLS related error. - * - * - * \return \c The corresponding Mbed TLS error, - * MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED as default, if none found - */ -int convert_CrysError_to_mbedtls_err( CRYSError_t Crys_err ); - -#ifdef __cplusplus -} -#endif - -#endif /* __CC_INTERNAL_H__ */ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/ccm_alt.c b/features/cryptocell/FEATURE_CRYPTOCELL310/ccm_alt.c deleted file mode 100644 index 85e9897..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/ccm_alt.c +++ /dev/null @@ -1,215 +0,0 @@ -/* - * ccm_alt.c - * - * Copyright (C) 2018, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include "mbedtls/ccm.h" -#if defined(MBEDTLS_CCM_ALT) -#include -#include "mbedtls/platform.h" -#include "mbedtls/platform_util.h" -#include "mbedtls/aes.h" -#include "crys_aesccm_error.h" - -void mbedtls_ccm_init( mbedtls_ccm_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_ccm_context ) ); -} - -void mbedtls_ccm_free( mbedtls_ccm_context *ctx ) -{ - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) ); -} - -int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits ) -{ - if( ctx == NULL ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); - - if( cipher != MBEDTLS_CIPHER_ID_AES ) - { - return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); - } - - switch( keybits ) - { - case 128: - { - memcpy( ctx->cipher_key , key, keybits / 8 ); - ctx->key_size = CRYS_AES_Key128BitSize; - } - break; - case 192: - case 256: - return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); - default: - return( MBEDTLS_ERR_CCM_BAD_INPUT ); - } - - - return( 0 ); - -} - -/* - * Authenticated encryption or decryption - */ - -int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, - unsigned char *output, - unsigned char *tag, size_t tag_len ) - -{ - CRYSError_t crys_ret = CRYS_OK; - CRYS_AESCCM_Mac_Res_t cc_mac_res = { 0 }; - int ret = 0; - /* - * Check length requirements: SP800-38C A.1 - * Additional requirement: a < 2^16 - 2^8 to simplify the code. - * 'length' checked later (when writing it to the first block) - */ - if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); - - if( tag_len > sizeof( cc_mac_res ) ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); - - /* Also implies q is within bounds */ - if( iv_len < 7 || iv_len > 13 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); - -#if SIZE_MAX > UINT_MAX - if( length > 0xFFFFFFFF || add_len > 0xFFFFFFFF ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); -#endif - - crys_ret = CRYS_AESCCM( SASI_AES_ENCRYPT, ctx->cipher_key, ctx->key_size, - (uint8_t*)iv, iv_len, (uint8_t*)add, add_len, - (uint8_t*)input, length, output, tag_len, - cc_mac_res ); - if( crys_ret == CRYS_AESCCM_ILLEGAL_PARAMETER_SIZE_ERROR ) - { - ret = MBEDTLS_ERR_CCM_BAD_INPUT; - goto exit; - } - else if( crys_ret != CRYS_OK ) - { - ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - goto exit; - } - - memcpy( tag, cc_mac_res, tag_len ); - -exit: - return( ret ); - -} - -/* - * Authenticated decryption - */ -int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, unsigned char *output, - const unsigned char *tag, size_t tag_len ) - -{ - CRYSError_t crys_ret = CRYS_OK; - int ret = 0; - /* - * Check length requirements: SP800-38C A.1 - * Additional requirement: a < 2^16 - 2^8 to simplify the code. - * 'length' checked later (when writing it to the first block) - */ - if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); - - /* Also implies q is within bounds */ - if( iv_len < 7 || iv_len > 13 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); - -#if SIZE_MAX > UINT_MAX - if( length > 0xFFFFFFFF || add_len > 0xFFFFFFFF ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); -#endif - - crys_ret = CRYS_AESCCM( SASI_AES_DECRYPT, ctx->cipher_key, ctx->key_size, - (uint8_t*)iv, iv_len, (uint8_t*)add, add_len, - (uint8_t*)input, length, output, tag_len, - (uint8_t*)tag ); - if( crys_ret == CRYS_AESCCM_ILLEGAL_PARAMETER_SIZE_ERROR ) - { - /* - * When CRYS_AESCCM_ILLEGAL_PARAMETER_SIZE_ERROR is returned, - * no operation has occured, and no need to zeroize output. - * In addition, it could be that the message length is too big, - * returning this error code, and we don't want to overflow - * the output buffer. - */ - return( MBEDTLS_ERR_CCM_BAD_INPUT ); - } - else if( crys_ret == CRYS_FATAL_ERROR ) - { - /* - * Unfortunately, Crys AESCCM returns CRYS_FATAL_ERROR when - * MAC isn't as expected. - */ - ret = MBEDTLS_ERR_CCM_AUTH_FAILED; - goto exit; - } - else if( crys_ret != CRYS_OK ) - { - ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - goto exit; - } - -exit: - if( ret != 0 ) - mbedtls_platform_zeroize( output, length ); - return( ret ); - -} - -int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, - unsigned char *output, - unsigned char *tag, size_t tag_len ) -{ - return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); -} - -int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, - unsigned char *output, - const unsigned char *tag, size_t tag_len ) -{ - return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); -} - -#endif diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/ccm_alt.h b/features/cryptocell/FEATURE_CRYPTOCELL310/ccm_alt.h deleted file mode 100644 index a0a3bdf..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/ccm_alt.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * ccm_alt.h - * - * Copyright (C) 2018, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef __CCM_ALT__ -#define __CCM_ALT__ - -#if defined(MBEDTLS_CCM_ALT) -#include "crys_aesccm.h" - -typedef struct { - CRYS_AESCCM_Key_t cipher_key; /*!< cipher key used */ - CRYS_AESCCM_KeySize_t key_size; -} -mbedtls_ccm_context; - -#endif /* MBEDTLS_CCM_ALT */ -#endif /* __CCM_ALT__ */ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/cmac_alt.c b/features/cryptocell/FEATURE_CRYPTOCELL310/cmac_alt.c deleted file mode 100644 index a9e5df4..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/cmac_alt.c +++ /dev/null @@ -1,294 +0,0 @@ -/* - * cmac_alt.c - * - * Copyright (C) 2019, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include "mbedtls/cmac.h" -#if defined(MBEDTLS_CMAC_ALT) -#include "mbedtls/platform.h" -#include "mbedtls/platform_util.h" -#if defined(MBEDTLS_AES_C) -#include "mbedtls/aes.h" -#endif -#include "ssi_aes_defs.h" -#include - -static int init_cc( mbedtls_cmac_context_t *cmac_ctx ) -{ - int ret = 0; - SaSiAesUserKeyData_t CC_KeyData; - if( SaSi_AesInit( &cmac_ctx->CC_Context, SASI_AES_ENCRYPT, - SASI_AES_MODE_CMAC, SASI_AES_PADDING_NONE ) != 0 ) - { - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - } - - CC_KeyData.pKey = cmac_ctx->CC_Key; - CC_KeyData.keySize = cmac_ctx->CC_keySizeInBytes; - - if( SaSi_AesSetKey( &cmac_ctx->CC_Context, SASI_AES_USER_KEY, - &CC_KeyData, sizeof( CC_KeyData ) ) != 0 ) - { - ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - goto exit; - } - - cmac_ctx->is_cc_initiated = 1; - -exit: - return( ret ); -} - -static int deinit_cc( mbedtls_cmac_context_t *cmac_ctx ) -{ - if( cmac_ctx->is_cc_initiated == 1 && - SaSi_AesFree( &cmac_ctx->CC_Context ) != 0 ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - - return( 0 ); -} - -int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, - const unsigned char *key, size_t keybits ) -{ - mbedtls_cmac_context_t *cmac_ctx; - mbedtls_cipher_type_t type; - - if( ctx == NULL || ctx->cipher_info == NULL || key == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - - type = ctx->cipher_info->type; - - switch( type ) - { - case MBEDTLS_CIPHER_AES_128_ECB: - break; - case MBEDTLS_CIPHER_AES_192_ECB: - case MBEDTLS_CIPHER_AES_256_ECB: - case MBEDTLS_CIPHER_DES_EDE3_ECB: - return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); - default: - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - } - - - switch( keybits ) - { - case 128: - /* Allocated and initialise in the cipher context memory for the CMAC - * context - */ - cmac_ctx = mbedtls_calloc( 1, sizeof( mbedtls_cmac_context_t ) ); - if( cmac_ctx == NULL ) - return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); - cmac_ctx->CC_keySizeInBytes = ( keybits / 8 ); - memcpy( cmac_ctx->CC_Key, key, cmac_ctx->CC_keySizeInBytes ); - break; - case 192: - case 256: - return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); - default: - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - } - - ctx->cmac_ctx = cmac_ctx; - return( init_cc( cmac_ctx ) ); -} - -int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, - const unsigned char *input, size_t ilen ) -{ - mbedtls_cmac_context_t *cmac_ctx; - int ret = 0; - size_t block_size; - - if( ctx == NULL || ctx->cipher_info == NULL || input == NULL || - ctx->cmac_ctx == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - - if( ctx == NULL || ctx->cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - - block_size = ctx->cipher_info->block_size; - if( block_size != SASI_AES_BLOCK_SIZE_IN_BYTES ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - - cmac_ctx = ctx->cmac_ctx; - - /* Is there data still to process from the last call? - */ - if( cmac_ctx->unprocessed_len > 0 ) - { - const size_t size_to_copy = ilen > ( block_size - cmac_ctx->unprocessed_len ) ? - block_size - cmac_ctx->unprocessed_len : ilen; - memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len], - input, size_to_copy ); - cmac_ctx->unprocessed_len += size_to_copy; - input += size_to_copy; - ilen -= size_to_copy; - - /* - * Process the unproccessed data, in case it reached a full AES block, - * and there is still input data. - */ - if( cmac_ctx->unprocessed_len == SASI_AES_BLOCK_SIZE_IN_BYTES && ilen > 0 ) - { - if( SaSi_AesBlock( &cmac_ctx->CC_Context, cmac_ctx->unprocessed_block, - SASI_AES_BLOCK_SIZE_IN_BYTES, NULL ) != 0 ) - { - ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - goto exit; - } - cmac_ctx->unprocessed_len = 0; - } - } - - if( ilen > 0 ) - { - const size_t size_to_store = ( ilen % SASI_AES_BLOCK_SIZE_IN_BYTES == 0 ) ? - SASI_AES_BLOCK_SIZE_IN_BYTES : ilen % SASI_AES_BLOCK_SIZE_IN_BYTES; - memcpy( cmac_ctx->unprocessed_block, - input + ilen - size_to_store, - size_to_store ); - cmac_ctx->unprocessed_len = size_to_store; - ilen -= size_to_store; - if( ilen > 0 ) - { - if( SaSi_AesBlock( &cmac_ctx->CC_Context, (uint8_t *)input, - ilen, NULL ) != 0 ) - { - ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - goto exit; - } - } - } - -exit: - if( ret != 0 ) - { - deinit_cc( cmac_ctx ); - mbedtls_platform_zeroize( cmac_ctx, sizeof( *cmac_ctx ) ); - mbedtls_free( cmac_ctx ); - } - return( ret ); -} - -int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, - unsigned char *output ) -{ - mbedtls_cmac_context_t *cmac_ctx; - int ret = 0; - size_t olen = SASI_AES_BLOCK_SIZE_IN_BYTES; - - if( ctx == NULL || ctx->cipher_info == NULL || - ctx->cmac_ctx == NULL || output == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - - cmac_ctx = ctx->cmac_ctx; - - if( ( ret = SaSi_AesFinish( &cmac_ctx->CC_Context, cmac_ctx->unprocessed_len, - cmac_ctx->unprocessed_block, - cmac_ctx->unprocessed_len, output, &olen ) ) != 0 ) - { - ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - goto exit; - } - -exit: - if( deinit_cc( cmac_ctx ) && ret == 0 ) - { - ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } - - return( ret ); -} - -int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ) -{ - mbedtls_cmac_context_t *cmac_ctx; - - if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - - cmac_ctx = ctx->cmac_ctx; - - /* Reset the internal state */ - cmac_ctx->unprocessed_len = 0; - mbedtls_platform_zeroize( cmac_ctx->unprocessed_block, - sizeof( cmac_ctx->unprocessed_block ) ); - - if( deinit_cc( cmac_ctx ) != 0 ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - - return( init_cc( cmac_ctx ) ); -} - -int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, - const unsigned char *key, size_t keylen, - const unsigned char *input, size_t ilen, - unsigned char *output ) -{ - int ret = 0; - mbedtls_cipher_context_t ctx; - size_t olen = SASI_AES_BLOCK_SIZE_IN_BYTES; - - if( cipher_info == NULL || key == NULL || - input == NULL || output == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - - mbedtls_cipher_init( &ctx ); - - if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 ) - goto exit; - - ret = mbedtls_cipher_cmac_starts( &ctx, key, keylen ); - if( ret != 0 ) - goto exit; - - if( SaSi_AesFinish( &ctx.cmac_ctx->CC_Context, ilen, ( uint8_t * ) input, - ilen, output, &olen ) != 0 ) - { - ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - goto clear_cc; - } - -clear_cc: - if( deinit_cc( ctx.cmac_ctx ) != 0 && ret == 0 ) - { - ret = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } - -exit: - mbedtls_cipher_free( &ctx ); - - return( ret ); - -} - -#if defined(MBEDTLS_AES_C) - -int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len, - const unsigned char *input, size_t in_len, - unsigned char output[16] ) -{ - return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); -} -#endif /* MBEDTLS_AES_C */ - - -#endif /* MBEDTLS_CMAC_ALT */ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/cmac_alt.h b/features/cryptocell/FEATURE_CRYPTOCELL310/cmac_alt.h deleted file mode 100644 index 845a7a7..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/cmac_alt.h +++ /dev/null @@ -1,50 +0,0 @@ -/* - * cmac_alt.h - * - * Copyright (C) 2019, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef __CMAC_ALT__ -#define __CMAC_ALT__ - -#if defined(MBEDTLS_CMAC_ALT) -#include "ssi_aes.h" -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct mbedtls_cmac_context_t -{ - SaSiAesUserContext_t CC_Context; - uint8_t CC_Key[SASI_AES_KEY_MAX_SIZE_IN_BYTES]; - size_t CC_keySizeInBytes; - /** Unprocessed data - either data that was not block aligned and is still - * pending processing, or the final block */ - unsigned char unprocessed_block[SASI_AES_BLOCK_SIZE_IN_BYTES]; - - /** The length of data pending processing. */ - size_t unprocessed_len; - - int is_cc_initiated; -} mbedtls_cmac_context_t; - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_CMAC_ALT */ -#endif /* __CMAC_ALT__ */ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/ecdh_alt.c b/features/cryptocell/FEATURE_CRYPTOCELL310/ecdh_alt.c deleted file mode 100644 index a3c7414..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/ecdh_alt.c +++ /dev/null @@ -1,300 +0,0 @@ -/* - * ecdh_alt.c - * - * Copyright (C) 2018, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include "mbedtls/ecdh.h" -#include -#include "crys_ecpki_dh.h" -#include "crys_ecpki_build.h" -#include "crys_common.h" -#include "crys_ecpki_kg.h" -#include "crys_ecpki_domain.h" -#include "crys_ec_mont_api.h" -#include "mbedtls/platform.h" -#include "mbedtls/platform_util.h" -#include "cc_internal.h" - - -#if defined (MBEDTLS_ECDH_GEN_PUBLIC_ALT) -int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, - int ( *f_rng )( void *, unsigned char *, size_t ), - void *p_rng ) -{ - int ret = 0; - void* pHeap = NULL; - size_t heapSize = 0; - - uint32_t public_key_size = (2 * MAX_KEY_SIZE_IN_BYTES + 1); - const CRYS_ECPKI_Domain_t* pDomain = CRYS_ECPKI_GetEcDomain ( convert_mbedtls_grp_id_to_crys_domain_id( grp->id ) ); - mbedtls_rand_func_container cc_rand = { f_rng, p_rng }; - - if ( pDomain ) - { - uint8_t temp_buf[ 2 * MAX_KEY_SIZE_IN_BYTES + 1 ] = {0}; - cc_ecc_ws_keygen_params_t* kgParams = mbedtls_calloc( 1, sizeof( cc_ecc_ws_keygen_params_t ) ); - - if ( kgParams == NULL ) - return ( MBEDTLS_ERR_ECP_ALLOC_FAILED ); - pHeap = kgParams; - heapSize = sizeof( cc_ecc_ws_keygen_params_t ); - - ret = convert_CrysError_to_mbedtls_err( CRYS_ECPKI_GenKeyPair( &cc_rand, convert_mbedtls_to_cc_rand, - pDomain, &kgParams->privKey, - &kgParams->pubKey, - &kgParams->kgTempData, NULL ) ); - if( ret != 0 ) - { - goto cleanup; - } - - ret = convert_CrysError_to_mbedtls_err( CRYS_ECPKI_ExportPublKey( &kgParams->pubKey, - CRYS_EC_PointUncompressed,temp_buf, &public_key_size ) ); - if( ret != 0 ) - { - goto cleanup; - } - - - MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( grp, Q, temp_buf, public_key_size ) ); - memset ( temp_buf, 0 , sizeof(temp_buf) ); - - ret = convert_CrysError_to_mbedtls_err( CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes( temp_buf, (grp->nbits+7)/8, - kgParams->privKey.PrivKeyDbBuff, - 4*((((grp->nbits+7)/8)+3)/4) ) ); - if( ret != 0 ) - { - mbedtls_platform_zeroize( temp_buf, sizeof( temp_buf ) ); - goto cleanup; - } - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary( d, temp_buf, (grp->nbits+7)/8 ) ); - mbedtls_platform_zeroize( temp_buf, sizeof( temp_buf ) ); - } - - /* if CRYS_ECPKI_GetEcDomain returns NULL, then the given curve is either Montgomery 25519 - * or another curve which is not supported by CC310*/ - else if ( grp->id == MBEDTLS_ECP_DP_CURVE25519 ) - { - size_t priv_key_size = public_key_size = CURVE_25519_KEY_SIZE ; - - cc_ecc_25519_keygen_params_t* kgParams = mbedtls_calloc( 1, sizeof(cc_ecc_25519_keygen_params_t) ); - - if ( kgParams == NULL ) - return ( MBEDTLS_ERR_ECP_ALLOC_FAILED ); - pHeap = ( uint8_t* )kgParams; - heapSize = sizeof(cc_ecc_25519_keygen_params_t); - - ret = convert_CrysError_to_mbedtls_err( CRYS_ECMONT_KeyPair( kgParams->pubKey, ( size_t* )&public_key_size, kgParams->privKey, - &priv_key_size, &cc_rand, convert_mbedtls_to_cc_rand, - &kgParams->kgTempData ) ); - if( ret != 0 ) - { - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( d, kgParams->privKey, priv_key_size ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &Q->X, kgParams->pubKey, public_key_size ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Q->Z, 1 ) ); - } - else - ret = MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; - -cleanup: - - if ( pHeap ) - { - mbedtls_platform_zeroize( pHeap, heapSize ); - mbedtls_free( pHeap ); - } - - return ( ret ); -} -#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */ - -/* - * Compute shared secret (SEC1 3.3.1) - */ -#if defined (MBEDTLS_ECDH_COMPUTE_SHARED_ALT) -int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, - const mbedtls_ecp_point *Q, const mbedtls_mpi *d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ - int ret; - void* pHeap = NULL; - size_t heapSize = 0; - - size_t public_key_size = (grp->nbits+7)/8 ; - const CRYS_ECPKI_Domain_t* pDomain = CRYS_ECPKI_GetEcDomain ( convert_mbedtls_grp_id_to_crys_domain_id( grp->id ) ); - uint32_t secret_size = ( ( grp->nbits + 7 ) / 8 ) ; - const uint32_t secret_size_in_heap = secret_size; - uint8_t* secret = mbedtls_calloc( 1, secret_size_in_heap ); - if ( secret == NULL ) - return ( MBEDTLS_ERR_ECP_ALLOC_FAILED ); - - /* - * Make sure Q is a valid pubkey before using it - */ - MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, Q ) ); - if ( pDomain ) - { - uint8_t temp_buf[ 2 * MAX_KEY_SIZE_IN_BYTES + 1 ] = {0}; - cc_ecc_ws_comp_shared_params_t* ecdhParams = mbedtls_calloc( 1, sizeof(cc_ecc_ws_comp_shared_params_t) ); - - if ( ecdhParams == NULL ) - { - ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; - goto cleanup; - } - - pHeap = ecdhParams; - heapSize = sizeof(cc_ecc_ws_comp_shared_params_t); - - - MBEDTLS_MPI_CHK( mbedtls_ecp_point_write_binary( grp, Q, MBEDTLS_ECP_PF_UNCOMPRESSED, - &public_key_size, temp_buf, sizeof(temp_buf) ) ); - - ret = convert_CrysError_to_mbedtls_err( CRYS_ECPKI_BuildPublKey( pDomain, temp_buf, public_key_size, - &ecdhParams->pubKey ) ); - if ( ret != 0 ) - { - goto cleanup; - } - - memset ( temp_buf, 0, sizeof(temp_buf) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, temp_buf, mbedtls_mpi_size( d ) ) ); - - ret = convert_CrysError_to_mbedtls_err( CRYS_ECPKI_BuildPrivKey( pDomain, - temp_buf, - mbedtls_mpi_size( d ), - &ecdhParams->privKey ) ); - mbedtls_platform_zeroize( temp_buf, sizeof( temp_buf ) ); - if ( ret != 0 ) - { - goto cleanup; - } - - ret = convert_CrysError_to_mbedtls_err( CRYS_ECDH_SVDP_DH( &ecdhParams->pubKey, &ecdhParams->privKey, - secret, &secret_size, - &ecdhParams->ecdhTempData ) ); - if ( ret != 0 ) - { - goto cleanup; - } - } - else if ( grp->id == MBEDTLS_ECP_DP_CURVE25519 ) - { - uint8_t temp_buf[CURVE_25519_KEY_SIZE] = {0}; - cc_ecc_25519_comp_shared_params_t* ecdhParams = mbedtls_calloc( 1, sizeof(cc_ecc_25519_comp_shared_params_t) ); - if ( ecdhParams == NULL ) - { - ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; - goto cleanup; - } - - pHeap = ecdhParams; - heapSize = sizeof(cc_ecc_25519_comp_shared_params_t); - - if( mbedtls_mpi_size( d ) != CURVE_25519_KEY_SIZE ) - { - ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - goto cleanup; - } - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, temp_buf, - mbedtls_mpi_size( d ) ) ) ; - ret = convert_CrysError_to_mbedtls_err( - CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes( ecdhParams->privKey, - CURVE_25519_KEY_SIZE, - (uint32_t*)temp_buf, - sizeof( temp_buf) ) ); - if ( ret != 0 ) - { - mbedtls_platform_zeroize( temp_buf, sizeof(temp_buf) ); - goto cleanup; - } - - if( public_key_size != CURVE_25519_KEY_SIZE ) - { - ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &Q->X, temp_buf, public_key_size ) ); - ret = convert_CrysError_to_mbedtls_err( - CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes( ecdhParams->pubKey, - CURVE_25519_KEY_SIZE, - (uint32_t*)temp_buf, - sizeof( temp_buf) ) ); - if ( ret != 0 ) - { - mbedtls_platform_zeroize( temp_buf, sizeof(temp_buf) ); - goto cleanup; - } - - if( secret_size != CURVE_25519_KEY_SIZE ) - { - ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - goto cleanup; - } - - ret = convert_CrysError_to_mbedtls_err( CRYS_ECMONT_Scalarmult( temp_buf, ( size_t* )&secret_size, - ecdhParams->privKey, CURVE_25519_KEY_SIZE , - ecdhParams->pubKey, CURVE_25519_KEY_SIZE , - &ecdhParams->kgTempData ) ); - if ( ret != 0 ) - { - goto cleanup; - } - ret = convert_CrysError_to_mbedtls_err( - CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes( secret, - secret_size, - (uint32_t*)temp_buf, - CURVE_25519_KEY_SIZE ) ); - if ( ret != 0 ) - { - mbedtls_platform_zeroize( temp_buf, sizeof(temp_buf) ); - goto cleanup; - } - } - else - { - ret = MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( z, secret, secret_size ) ); - -cleanup: - - if ( pHeap ) - { - mbedtls_platform_zeroize( pHeap, heapSize ); - mbedtls_free ( pHeap ); - } - - if ( secret ) - { - mbedtls_platform_zeroize( secret, secret_size_in_heap ); - mbedtls_free ( secret ); - } - - return ( ret ); -} -#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/ecdsa_alt.c b/features/cryptocell/FEATURE_CRYPTOCELL310/ecdsa_alt.c deleted file mode 100644 index 16a8976..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/ecdsa_alt.c +++ /dev/null @@ -1,322 +0,0 @@ -/* - * ecdsa_alt.c - * - * Copyright (C) 2018, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include "mbedtls/ecdsa.h" -#include -#include "crys_ecpki_ecdsa.h" -#include "crys_ecpki_build.h" -#include "crys_common.h" -#include "crys_ecpki_kg.h" -#include "crys_ecpki_domain.h" -#include "crys_ec_edw_api.h" -#include "mbedtls/platform.h" -#include "mbedtls/platform_util.h" -#include "cc_internal.h" - -static CRYS_ECPKI_HASH_OpMode_t message_size_to_hash_mode( size_t blen ) -{ - CRYS_ECPKI_HASH_OpMode_t hash_mode; - switch( blen ) - { - case CRYS_HASH_SHA1_DIGEST_SIZE_IN_WORDS*sizeof(uint32_t): - hash_mode = CRYS_ECPKI_AFTER_HASH_SHA1_mode; - break; - case CRYS_HASH_SHA224_DIGEST_SIZE_IN_WORDS*sizeof(uint32_t): - hash_mode = CRYS_ECPKI_AFTER_HASH_SHA224_mode; - break; - case CRYS_HASH_SHA256_DIGEST_SIZE_IN_WORDS*sizeof(uint32_t): - hash_mode = CRYS_ECPKI_AFTER_HASH_SHA256_mode; - break; - case CRYS_HASH_SHA384_DIGEST_SIZE_IN_WORDS*sizeof(uint32_t): - hash_mode = CRYS_ECPKI_AFTER_HASH_SHA384_mode; - break; - case CRYS_HASH_SHA512_DIGEST_SIZE_IN_WORDS*sizeof(uint32_t): - hash_mode = CRYS_ECPKI_AFTER_HASH_SHA512_mode; - break; - default: - hash_mode = CRYS_ECPKI_HASH_OpModeLast; - } - - return hash_mode; -} - -#if defined(MBEDTLS_ECDSA_SIGN_ALT) -int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, - const mbedtls_mpi *d, const unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ - int ret = 0; - CRYSError_t CrysRet = CRYS_OK; - void* pHeap = NULL; - size_t heapSize = 0; - uint8_t* pSignature = NULL; - CRYS_ECPKI_HASH_OpMode_t hash_mode = message_size_to_hash_mode( blen ); - uint32_t signature_size = ( ( grp->nbits + 7 ) / 8 ) *2; - const uint32_t signature_size_for_heap = signature_size; - mbedtls_rand_func_container cc_rand = { f_rng, p_rng }; - const CRYS_ECPKI_Domain_t* pDomain = CRYS_ECPKI_GetEcDomain ( convert_mbedtls_grp_id_to_crys_domain_id( grp->id ) ); - -#if SIZE_MAX > UINT_MAX - if( blen > 0xFFFFFFFF ) - { - return ( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - } -#endif - - if ( pDomain != NULL ) - { - uint8_t temp_buf[ MAX_KEY_SIZE_IN_BYTES ] = {0}; - cc_ecc_ws_sign_params_t* signParams = mbedtls_calloc( 1, sizeof(cc_ecc_ws_sign_params_t) ); - if ( signParams == NULL) - return ( MBEDTLS_ERR_ECP_ALLOC_FAILED ); - pHeap = signParams; - heapSize = sizeof(cc_ecc_ws_sign_params_t); - - pSignature = mbedtls_calloc( 1, signature_size_for_heap ); - if ( pSignature == NULL) - { - ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, temp_buf, mbedtls_mpi_size( d ) ) ); - - CrysRet = CRYS_ECPKI_BuildPrivKey( pDomain, - temp_buf, - mbedtls_mpi_size( d ), - &signParams->privKey); - if( CrysRet != CRYS_OK ) - { - ret = convert_CrysError_to_mbedtls_err( CrysRet ); - mbedtls_platform_zeroize( temp_buf, sizeof(temp_buf) ); - goto cleanup; - } - - CrysRet = CRYS_ECDSA_Sign( &cc_rand, - convert_mbedtls_to_cc_rand, - &signParams->signContext, - &signParams->privKey, - hash_mode, - (uint8_t*)buf, - blen, - pSignature, - &signature_size ); - mbedtls_platform_zeroize( temp_buf, sizeof(temp_buf) ); - if( CrysRet != CRYS_OK ) - { - ret = convert_CrysError_to_mbedtls_err( CrysRet ); - goto cleanup; - } - } - else - { - ret = MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( r, pSignature, ( ( grp->nbits + 7 ) / 8 ) ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( s, pSignature + ( ( grp->nbits + 7 ) / 8 ), ( ( grp->nbits + 7 ) / 8 ) ) ); - - -cleanup: - - if ( pHeap ) - { - mbedtls_platform_zeroize( pHeap, heapSize ); - mbedtls_free( pHeap ); - } - - if( pSignature ) - { - mbedtls_platform_zeroize( pSignature, signature_size_for_heap ); - mbedtls_free( pSignature ); - - } - - return ( ret ) ; -} -#endif /* MBEDTLS_ECDSA_SIGN_ALT*/ - -#if defined(MBEDTLS_ECDSA_VERIFY_ALT) -//need to normalize the coordinates -int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, - const unsigned char *buf, size_t blen, - const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s) -{ - int ret = 0; - CRYSError_t CrysRet = CRYS_OK; - void* pHeap = NULL; - size_t heapSize = 0; - uint8_t * pSignature = NULL; - CRYS_ECPKI_HASH_OpMode_t hash_mode = message_size_to_hash_mode( blen ); - size_t temp_size = 0; - uint32_t signature_size = ( ( grp->nbits + 7 ) / 8 ) * 2; - const CRYS_ECPKI_Domain_t* pDomain = CRYS_ECPKI_GetEcDomain ( convert_mbedtls_grp_id_to_crys_domain_id( grp->id ) ); - -#if SIZE_MAX > UINT_MAX - if( blen > 0xFFFFFFFF ) - { - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - } -#endif - - if ( pDomain ) - { - uint8_t temp_buf[ 2*MAX_KEY_SIZE_IN_BYTES + 1 ] = {0}; - - cc_ecc_ws_verify_params_t* verifyParams = mbedtls_calloc( 1, sizeof(cc_ecc_ws_verify_params_t) ); - if ( verifyParams == NULL) - return ( MBEDTLS_ERR_ECP_ALLOC_FAILED ); - pHeap = verifyParams; - heapSize = sizeof(cc_ecc_ws_verify_params_t); - - pSignature = mbedtls_calloc( 1, signature_size ); - if ( pSignature == NULL) - { - ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_ecp_point_write_binary( grp, Q, MBEDTLS_ECP_PF_UNCOMPRESSED, - &temp_size, temp_buf, sizeof(temp_buf) ) ); - - CrysRet = CRYS_ECPKI_BuildPublKey(pDomain, temp_buf, temp_size, &verifyParams->pubKey); - if( CrysRet != CRYS_OK ) - { - ret = convert_CrysError_to_mbedtls_err( CrysRet ); - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( r, pSignature, ( ( grp->nbits + 7 ) / 8 ) ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( s, pSignature + ( ( grp->nbits + 7 ) / 8 ), ( ( grp->nbits + 7 ) / 8 ) ) ); - CrysRet = CRYS_ECDSA_Verify ( &verifyParams->verifyContext, - &verifyParams->pubKey, - hash_mode, - pSignature, - signature_size, - (uint8_t*)buf, - blen ); - if( CrysRet != CRYS_OK ) - { - ret = convert_CrysError_to_mbedtls_err( CrysRet ); - goto cleanup; - } - } - else - ret = MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; - -cleanup: - - if( pHeap ) - { - mbedtls_platform_zeroize( pHeap, heapSize ); - mbedtls_free( pHeap ); - } - - if( pSignature ) - { - mbedtls_platform_zeroize( pSignature, signature_size ); - mbedtls_free( pSignature ); - - } - - return ret; -} -#endif /* MBEDTLS_ECDSA_VERIFY_ALT */ - -#if defined(MBEDTLS_ECDSA_GENKEY_ALT) -int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ - int ret = 0; - CRYSError_t CrysRet = CRYS_OK; - void* pHeap = NULL; - size_t heapSize = 0; - uint32_t key_size = 2*MAX_KEY_SIZE_IN_BYTES + 1; - const CRYS_ECPKI_Domain_t* pDomain = CRYS_ECPKI_GetEcDomain ( convert_mbedtls_grp_id_to_crys_domain_id( gid ) ); - mbedtls_rand_func_container cc_rand = { f_rng, p_rng }; - - - if ( pDomain ) - { - uint8_t temp_buf[ 2 * MAX_KEY_SIZE_IN_BYTES + 1 ] = {0}; - - cc_ecc_ws_keygen_params_t* kgParams = mbedtls_calloc( 1, sizeof(cc_ecc_ws_keygen_params_t) ); - if ( kgParams == NULL ) - return ( MBEDTLS_ERR_ECP_ALLOC_FAILED ); - - pHeap = kgParams; - heapSize = sizeof(cc_ecc_ws_keygen_params_t); - - CrysRet = CRYS_ECPKI_GenKeyPair( &cc_rand, convert_mbedtls_to_cc_rand, pDomain, - &kgParams->privKey, &kgParams->pubKey, - &kgParams->kgTempData, NULL ); - if ( CrysRet != CRYS_OK ) - { - ret = convert_CrysError_to_mbedtls_err( CrysRet ); - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ctx->grp, gid ) ); - - CrysRet = CRYS_ECPKI_ExportPublKey( &kgParams->pubKey, CRYS_EC_PointUncompressed, temp_buf, &key_size ); - if ( CrysRet != CRYS_OK ) - { - ret = convert_CrysError_to_mbedtls_err( CrysRet ); - goto cleanup; - } - - ret = mbedtls_ecp_point_read_binary( &ctx->grp, &ctx->Q, temp_buf, key_size ); - if ( ret != 0 ) - goto cleanup; - - memset ( temp_buf, 0 , sizeof(temp_buf) ); - - CrysRet = CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes( temp_buf, (ctx->grp.nbits+7)/8, - kgParams->privKey.PrivKeyDbBuff, - 4*((((ctx->grp.nbits+7)/8)+3)/4) ); - if ( CrysRet != CRYS_OK ) - { - ret = convert_CrysError_to_mbedtls_err( CrysRet ); - mbedtls_platform_zeroize( temp_buf, sizeof(temp_buf) ); - goto cleanup; - } - - ret = mbedtls_mpi_read_binary( &ctx->d, temp_buf, (ctx->grp.nbits+7)/8 ); - mbedtls_platform_zeroize( temp_buf, sizeof(temp_buf) ); - if ( ret != 0 ) - { - goto cleanup; - } - } - else - ret = MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; - - -cleanup: - if ( pHeap ) - { - mbedtls_platform_zeroize( pHeap, heapSize ); - mbedtls_free ( pHeap ); - } - return ( ret ); -} -#endif /* MBEDTLS_ECDSA_GENKEY_ALT */ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/ccsw_crys_rsa_shared_types.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/ccsw_crys_rsa_shared_types.h deleted file mode 100644 index 03f561a..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/ccsw_crys_rsa_shared_types.h +++ /dev/null @@ -1,144 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -#ifndef SW_CRYS_RSA_SHARED_TYPES_H -#define SW_CRYS_RSA_SHARED_TYPES_H - -#ifdef __cplusplus -extern "C" -{ -#endif - - -/** @file - * @brief This file contains the types for the CCSW RSA module. - */ - -/************************ Defines ******************************/ - -/************************************************************************/ -/* the following definitions are only relevant for RSA code on SW */ -/************************************************************************/ -/* Define the maximal allowed width of the exponentiation sliding window -in range 2...6. This define is actual for projects on soft platform. -To minimize code size use the minimum value. To optimize performance -choose the maximum value */ - -/* The valid key size in bits */ -#define SW_CRYS_RSA_MIN_VALID_KEY_SIZE_VALUE_IN_BITS 512 - -#ifndef CRYS_NO_RSA_MAX_KEY_SIZE_4096_BIT_SUPPORT -#define SW_CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS 4096 -#define SW_CRYS_RSA_MAX_KEY_GENERATION_SIZE_BITS 4096 -#else -#ifndef CRYS_NO_RSA_MAX_KEY_SIZE_3072_BIT_SUPPORT -#define SW_CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS 3072 -#define SW_CRYS_RSA_MAX_KEY_GENERATION_SIZE_BITS 3072 -#else -#define SW_CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS 2048 -#define SW_CRYS_RSA_MAX_KEY_GENERATION_SIZE_BITS 2048 -#endif -#endif - - - - - -/* Define the size of the exponentiation temp buffer, used in LLF_PKI exponentiation and NON DEPENDED on - width of the sliding window. The size defined in units equaled to maximal RSA modulus size */ -#define PKI_EXP_CONST_TEMP_BUFF_SIZE_IN_MODULUS_UNITS 7 - -#define PKI_EXP_SLIDING_WINDOW_MAX_VALUE 2 - - /* The maximum buffer size for the 'H' value */ -#define SW_CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS ((SW_CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS + 64UL ) / 32 ) - - -/* definition of PKI_KEY_GEN_TEMP_BUFF_SIZE_WORDS IS DEPENDED on width of the sliding window*/ -#if( PKI_EXP_SLIDING_WINDOW_MAX_VALUE > 2 ) -#define PKI_KEY_GEN_TEMP_BUFF_SIZE_WORDS \ - ((4 + (1<<(PKI_EXP_SLIDING_WINDOW_MAX_VALUE-2))) * SW_CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS) -#else -#define PKI_KEY_GEN_TEMP_BUFF_SIZE_WORDS \ - (16 * SW_CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS) -#endif - -#ifndef PKI_EXP_WINDOW_TEMP_BUFFER_SIZE_IN_MODULUS_UNITS -#define PKI_EXP_WINDOW_TEMP_BUFFER_SIZE_IN_MODULUS_UNITS (3 + (1 << (PKI_EXP_SLIDING_WINDOW_MAX_VALUE-1))) -#endif - - -/* Define the size of the temp buffer, used in LLF_PKI exponentiation and DEPENDED on - width of the sliding window in words */ -#if (PKI_EXP_CONST_TEMP_BUFF_SIZE_IN_MODULUS_UNITS > PKI_EXP_WINDOW_TEMP_BUFFER_SIZE_IN_MODULUS_UNITS ) -#define PKI_EXP_TEMP_BUFFER_SIZE_IN_WORDS \ - (PKI_EXP_CONST_TEMP_BUFF_SIZE_IN_MODULUS_UNITS * SW_CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS + 2 ) -#else -#define PKI_EXP_TEMP_BUFFER_SIZE_IN_WORDS \ - (PKI_EXP_WINDOW_TEMP_BUFFER_SIZE_IN_MODULUS_UNITS * SW_CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS + 2 ) -#endif - -/* the RSA data type */ -typedef struct SW_Shared_CRYS_RSAPrimeData_t { - /* The aligned input and output data buffers */ - uint32_t DataIn[SW_CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; - uint32_t DataOut[SW_CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; - - /* #include specific fields that are used by the low level */ - struct { - union { - struct { /* Temporary buffers used for the exponent calculation */ - uint32_t Tempbuff1[PKI_EXP_TEMP_BUFFER_SIZE_IN_WORDS]; - uint32_t Tempbuff2[SW_CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS * 2]; - /* Temporary buffer for self-test support */ - uint32_t TempBuffer[SW_CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; - }NonCrt; - - struct { /* Temporary buffers used for the exponent calculation */ - uint32_t Tempbuff1[PKI_EXP_TEMP_BUFFER_SIZE_IN_WORDS]; - uint32_t Tempbuff2[SW_CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS * 2]; - }Crt; - }Data; - }LLF; - -}SW_Shared_CRYS_RSAPrimeData_t; - - - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_aesccm.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_aesccm.h deleted file mode 100644 index ccf0732..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_aesccm.h +++ /dev/null @@ -1,315 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - -#ifndef CRYS_AESCCM_H -#define CRYS_AESCCM_H - -#include "ssi_pal_types.h" -#include "crys_error.h" - -#include "ssi_aes.h" - - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! -@file -@brief This file contains all of the enums and definitions that are used for the CRYS AESCCM APIs, as well as the APIs themselves. -The API supports AES-CCM and AES-CCM* as defined in ieee-802.15.4. -@defgroup crys_aesccm CryptoCell AES-CCM APIs -@{ -@ingroup cryptocell_api - - -@note -Regarding the AES-CCM*, the API supports only AES-CCM* as defined in ieee-802.15.4-2011; With the instantiations as defined in B.3.2 and the nonce as defined in 7.3.2. -in case of AES-CCM* the flow should be as follows: -
    • AES-CCM* integrated
      • -
      • CRYS_AESCCMStar_NonceGenerate
        • -
      • CRYS_AESCCMStar
    -
    • AES-CCM* non-integrated
      • -
      • CRYS_AESCCMStar_NonceGenerate
        • -
      • CRYS_AESCCMStar_Init
        • -
      • CRYS_AESCCM_BlockAdata
        • -
      • CRYS_AESCCM_BlockTextData
        • -
      • CRYS_AESCCM_Finish
    -*/ - -/************************ Defines ******************************/ - -/*! AES CCM context size in words.*/ -#define CRYS_AESCCM_USER_CTX_SIZE_IN_WORDS (152/4) - -/*! AES CCM maximal key size in words. */ -#define CRYS_AESCCM_KEY_SIZE_WORDS 8 - -/* nonce and AESCCM-MAC sizes definitions */ -/*! AES CCM NONCE minimal size in bytes. */ -#define CRYS_AESCCM_NONCE_MIN_SIZE_BYTES 7 -/*! AES CCM NONCE maximal size in bytes. */ -#define CRYS_AESCCM_NONCE_MAX_SIZE_BYTES 13 -/*! AES CCM MAC minimal size in bytes..*/ -#define CRYS_AESCCM_MAC_MIN_SIZE_BYTES 4 -/*! AES CCM MAC maximal size in bytes. */ -#define CRYS_AESCCM_MAC_MAX_SIZE_BYTES 16 - -/*! AES CCM star NONCE size in bytes. */ -#define CRYS_AESCCM_STAR_NONCE_SIZE_BYTES 13 -/*! AES CCM star source address size in bytes. */ -#define CRYS_AESCCM_STAR_SOURCE_ADDRESS_SIZE_BYTES 8 - -/*! AES CCM mode - CCM. */ -#define CRYS_AESCCM_MODE_CCM 0 -/*! AES CCM mode - CCM STAR. */ -#define CRYS_AESCCM_MODE_STAR 1 - - -/************************ Typedefs ****************************/ -/*! AES CCM key sizes. */ -typedef enum { - /*! Key size 128 bits. */ - CRYS_AES_Key128BitSize = 0, - /*! Key size 192 bits. */ - CRYS_AES_Key192BitSize = 1, - /*! Key size 256 bits. */ - CRYS_AES_Key256BitSize = 2, - /*! Key size 512 bits. */ - CRYS_AES_Key512BitSize = 3, - /*! Number of optional key sizes. */ - CRYS_AES_KeySizeNumOfOptions, - /*! Reserved. */ - CRYS_AES_KeySizeLast = 0x7FFFFFFF, - -}CRYS_AESCCM_KeySize_t; - -/*! AES_CCM key buffer definition.*/ -typedef uint8_t CRYS_AESCCM_Key_t[CRYS_AESCCM_KEY_SIZE_WORDS * sizeof(uint32_t)]; -/*! AES_CCM MAC buffer definition.*/ -typedef uint8_t CRYS_AESCCM_Mac_Res_t[SASI_AES_BLOCK_SIZE_IN_BYTES]; - -/*! AES_CCM_STAR source address buffer defintion. */ -typedef uint8_t CRYS_AESCCMStar_SourceAddress_t[CRYS_AESCCM_STAR_SOURCE_ADDRESS_SIZE_BYTES]; -/*! AES_CCM_STAR Nonce buffer defintion. */ -typedef uint8_t CRYS_AESCCMStar_Nonce_t[CRYS_AESCCM_STAR_NONCE_SIZE_BYTES]; - -/******************* Context Structure ***********************/ -/*! The user's context structure - the argument type that is passed by the user to the AES CCM APIs */ -typedef struct CRYS_AESCCM_UserContext_t -{ - /*! AES CCM context buffer for internal usage. */ - uint32_t buff[CRYS_AESCCM_USER_CTX_SIZE_IN_WORDS]; -}CRYS_AESCCM_UserContext_t; - - -/************************ Public Functions **********************/ - -/*! -@brief This function initializes the AES CCM context. - -It formats of the input data, calculates AES-MAC value for the formatted B0 block containing control information and -CCM unique value (Nonce), and initializes the AES context structure including the initial CTR0 value. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_aesccm_error.h. -*/ -CRYSError_t CC_AESCCM_Init( - CRYS_AESCCM_UserContext_t *ContextID_ptr, /*!< [in] Pointer to the AES context buffer that is allocated by the user and is used for - the AES operation. */ - SaSiAesEncryptMode_t EncrDecrMode, /*!< [in] Flag specifying whether Encrypt (::SASI_AES_ENCRYPT) or Decrypt - (::SASI_AES_DECRYPT) operation should be performed. */ - CRYS_AESCCM_Key_t CCM_Key, /*!< [in] Pointer to the AES-CCM key. */ - CRYS_AESCCM_KeySize_t KeySizeId, /*!< [in] Enumerator defining the key size (only 128 bit is valid). */ - uint32_t AdataSize, /*!< [in] Full byte length of additional (associated) data. If set to zero, - calling ::CRYS_AESCCM_BlockAdata on the same context would return an error. */ - uint32_t TextSizeQ, /*!< [in] Full length of plain text data. */ - uint8_t *N_ptr, /*!< [in] Pointer to the Nonce. */ - uint8_t SizeOfN, /*!< [in] Nonce byte size. The valid values depend on the ccm mode: -
    • CCM: valid values = [7 .. 13].
      • -
    • CCM*: valid values = [13].
    */ - uint8_t SizeOfT, /*!< [in] AES-CCM MAC (tag) byte size. The valid values depend on the ccm mode: -
    • CCM: valid values = [4, 6, 8, 10, 12, 14, 16].
      • -
    • CCM*: valid values = [0, 4, 8, 16].
    */ - uint32_t ccmMode /*!< [in] Flag specifying whether AES-CCM or AES-CCM* should be performed. */ -); - -/*! Macro defintion for CRYS_AESCCM_Init (AES CCM non-star implementation). */ -#define CRYS_AESCCM_Init(ContextID_ptr, EncrDecrMode, CCM_Key, KeySizeId, AdataSize, TextSizeQ, N_ptr, SizeOfN, SizeOfT) \ - CC_AESCCM_Init(ContextID_ptr, EncrDecrMode, CCM_Key, KeySizeId, AdataSize, TextSizeQ, N_ptr, SizeOfN, SizeOfT, CRYS_AESCCM_MODE_CCM) - -/*! Macro defintion CRYS_AESCCMStar_Init (AES CCM star implementation). */ -#define CRYS_AESCCMStar_Init(ContextID_ptr, EncrDecrMode, CCM_Key, KeySizeId, AdataSize, TextSizeQ, N_ptr, SizeOfN, SizeOfT) \ - CC_AESCCM_Init(ContextID_ptr, EncrDecrMode, CCM_Key, KeySizeId, AdataSize, TextSizeQ, N_ptr, SizeOfN, SizeOfT, CRYS_AESCCM_MODE_STAR) - -/*! -@brief This function receives a CCM context and a block of additional data, and adds it to the AES MAC -calculation. -This API can be called only once per operation context. It should not be called in case AdataSize was set to -zero in ::CC_AESCCM_Init. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_aesccm_error.h. -*/ -CRYSError_t CRYS_AESCCM_BlockAdata( - CRYS_AESCCM_UserContext_t *ContextID_ptr, /*!< [in] Pointer to the context buffer. */ - uint8_t *DataIn_ptr, /*!< [in] Pointer to the additional input data. The buffer must be contiguous. */ - uint32_t DataInSize /*!< [in] Byte size of the additional data. Must match AdataSize parameter provided to - ::CRYS_AESCCM_Init. */ -); - -/*! -@brief This function can be invoked for any block of Text data whose size is a multiple of 16 bytes, -excluding the last block that must be processed by ::CRYS_AESCCM_Finish. -
    • If encrypting: - Continues calculation of the intermediate AES_MAC value of the text data, while simultaneously encrypting the text data using AES_CTR, - starting from CTR value = CTR0+1.
      • -
    • If decrypting: - Continues decryption of the text data, while calculating the intermediate AES_MAC value of decrypted data.
    - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_aesccm_error.h. -*/ -CRYSError_t CRYS_AESCCM_BlockTextData( - CRYS_AESCCM_UserContext_t *ContextID_ptr, /*!< [in] Pointer to the context buffer. */ - uint8_t *DataIn_ptr, /*!< [in] Pointer to the additional input data. The buffer must be contiguous. */ - uint32_t DataInSize, /*!< [in] Byte size of the text data block. Must be a multiple of 16 bytes. */ - uint8_t *DataOut_ptr /*!< [out] Pointer to the output data. The size of the output buffer must be at least DataInSize. - The buffer must be contiguous. */ -); - -/*! -@brief This function must be the last to be called on the text data. -It can either be called on the entire text data (if transferred as one block), or on the last block of the text data, -even if total size of text data is equal to 0. -It performs the same operations as ::CRYS_AESCCM_BlockTextData, but additionally: -
    • If encrypting:
      • -
      • If the size of text data is not in multiples of 16 bytes, it pads the remaining bytes with zeros to a full 16-bytes block and - processes the data using AES_MAC and AES_CTR algorithms.
        • -
      • Encrypts the AES_MAC result with AES_CTR using the CTR0 value saved in the context and places the SizeOfT bytes of MAC (tag) - at the end.
    -
    • If decrypting:
      • -
      • Processes the text data, except for the last SizeOfT bytes (tag), using AES_CTR and then AES_MAC algorithms.
        • -
      • Encrypts the calculated MAC using AES_CTR based on the saved CTR0 value, and compares it with SizeOfT last bytes of input data (i.e. - tag value).
        • -
      • The function saves the validation result (Valid/Invalid) in the context.
        • -
      • Returns (as the error code) the final CCM-MAC verification result.
    - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_aesccm_error.h. -*/ -CEXPORT_C CRYSError_t CRYS_AESCCM_Finish( - CRYS_AESCCM_UserContext_t *ContextID_ptr, /*!< [in] Pointer to the context buffer. */ - uint8_t *DataIn_ptr, /*!< [in] Pointer to the last input data. The buffer must be contiguous. */ - uint32_t DataInSize, /*!< [in] Byte size of the last text data block. Can be zero. */ - uint8_t *DataOut_ptr, /*!< [in] Pointer to the output (cipher or plain text data) data. The buffer must - be contiguous. If DataInSize = 0, output buffer is not required. */ - CRYS_AESCCM_Mac_Res_t MacRes, /*!< [in] MAC result buffer pointer. */ - uint8_t *SizeOfT /*!< [out] AES-CCM MAC byte size as defined in CRYS_AESCCM_Init. */ -); - -/****************************************************************************************************/ -/******** AESCCM FUNCTION ******/ -/****************************************************************************************************/ -/*! -@brief AES CCM combines Counter mode encryption with CBC-MAC authentication. -Input to CCM includes the following elements: -
    • Payload - text data that is both authenticated and encrypted.
      • -
    • Associated data (Adata) - data that is authenticated but not encrypted, e.g., a header.
      • -
    • Nonce - A unique value that is assigned to the payload and the associated data.
    - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_aesccm_error.h. -*/ -CIMPORT_C CRYSError_t CC_AESCCM( - SaSiAesEncryptMode_t EncrDecrMode, /*!< [in] A flag specifying whether an AES Encrypt (::SASI_AES_ENCRYPT) or Decrypt - (::SASI_AES_DECRYPT) operation should be performed. */ - CRYS_AESCCM_Key_t CCM_Key, /*!< [in] Pointer to AES-CCM key. */ - CRYS_AESCCM_KeySize_t KeySizeId, /*!< [in] Enumerator defining the key size (only 128 bit is valid). */ - uint8_t *N_ptr, /*!< [in] Pointer to the Nonce. */ - uint8_t SizeOfN, /*!< [in] Nonce byte size. The valid values depend on the ccm mode: -
    • CCM: valid values = [7 .. 13].
      • -
    • CCM*: valid values = [13].
    */ - uint8_t *ADataIn_ptr, /*!< [in] Pointer to the additional input data. The buffer must be contiguous. */ - uint32_t ADataInSize, /*!< [in] Byte size of the additional data. */ - uint8_t *TextDataIn_ptr, /*!< [in] Pointer to the plain-text data for encryption or cipher-text data for decryption. - The buffer must be contiguous. */ - uint32_t TextDataInSize, /*!< [in] Byte size of the full text data. */ - uint8_t *TextDataOut_ptr, /*!< [out] Pointer to the output (cipher or plain text data according to encrypt-decrypt mode) - data. The buffer must be contiguous. */ - uint8_t SizeOfT, /*!< [in] AES-CCM MAC (tag) byte size. The valid values depend on the ccm mode: -
    • CCM: valid values = [4, 6, 8, 10, 12, 14, 16].
      • -
    • CCM*: valid values = [0, 4, 8, 16].
    */ - CRYS_AESCCM_Mac_Res_t Mac_Res, /*!< [in/out] Pointer to the MAC result buffer. */ - uint32_t ccmMode /*!< [in] Flag specifying whether AES-CCM or AES-CCM* should be performed. */ -); - -/*! Macro defintion for CRYS_AESCCM (AES CCM non-star implementation). */ -#define CRYS_AESCCM(EncrDecrMode, CCM_Key, KeySizeId, N_ptr, SizeOfN, ADataIn_ptr, ADataInSize, TextDataIn_ptr, TextDataInSize, TextDataOut_ptr, SizeOfT, Mac_Res) \ - CC_AESCCM(EncrDecrMode, CCM_Key, KeySizeId, N_ptr, SizeOfN, ADataIn_ptr, ADataInSize, TextDataIn_ptr, TextDataInSize, TextDataOut_ptr, SizeOfT, Mac_Res, CRYS_AESCCM_MODE_CCM) - -/*! Macro defintion for CRYS_AESCCMStar (AES CCM star implementation). */ -#define CRYS_AESCCMStar(EncrDecrMode, CCM_Key, KeySizeId, N_ptr, SizeOfN, ADataIn_ptr, ADataInSize, TextDataIn_ptr, TextDataInSize, TextDataOut_ptr, SizeOfT, Mac_Res) \ - CC_AESCCM(EncrDecrMode, CCM_Key, KeySizeId, N_ptr, SizeOfN, ADataIn_ptr, ADataInSize, TextDataIn_ptr, TextDataInSize, TextDataOut_ptr, SizeOfT, Mac_Res, CRYS_AESCCM_MODE_STAR) - - -/*! -@brief This function receives the MAC source address, the frame counter and the MAC size -and returns the required nonce for AES-CCM* as defined in ieee-802.15.4. -This API should be called before CRYS_AESCCMStar and CRYS_AESCCMStar_Init, -and the generated nonce should be provided to these functions. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_aesccm_error.h. -*/ -CRYSError_t CRYS_AESCCMStar_NonceGenerate( - CRYS_AESCCMStar_SourceAddress_t srcAddr, /*!< [in] The MAC address in EUI-64 format. */ - uint32_t FrameCounter, /*!< [in] The MAC frame counter. */ - uint8_t SizeOfT, /*!< [in] AES-CCM* MAC (tag) byte size. Valid values = [0,4,8,16]. */ - CRYS_AESCCMStar_Nonce_t nonce /*!< [out] The required nonce for AES-CCM*. */ -); - -#ifdef __cplusplus -} -#endif - -/** -@} - */ - -#endif /*#ifndef CRYS_AESCCM_H*/ - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_aesccm_error.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_aesccm_error.h deleted file mode 100644 index 4ed26e3..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_aesccm_error.h +++ /dev/null @@ -1,134 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - - -#ifndef CRYS_AESCCM_ERROR_H -#define CRYS_AESCCM_ERROR_H - - -#include "crys_error.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! -@file -@brief This module contains the definitions of the CRYS AESCCM errors. -@defgroup crys_aesccm_error CryptoCell AES-CCM specific errors -@{ -@ingroup crys_aesccm -*/ - -/************************ Defines ******************************/ - -/*! CRYS AESCCM module errors. CRYS_AESCCM_MODULE_ERROR_BASE = 0x00F01500. */ -/*! Invalid context pointer. */ -#define CRYS_AESCCM_INVALID_USER_CONTEXT_POINTER_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x00UL) -/*! Illegal key size. */ -#define CRYS_AESCCM_ILLEGAL_KEY_SIZE_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x01UL) -/*! Invalid key pointer. */ -#define CRYS_AESCCM_INVALID_KEY_POINTER_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x02UL) -/*! Invalid encryption mode. */ -#define CRYS_AESCCM_INVALID_ENCRYPT_MODE_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x03UL) -/*! Context is corrupted. */ -#define CRYS_AESCCM_USER_CONTEXT_CORRUPTED_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x04UL) -/*! Invalid data in pointer. */ -#define CRYS_AESCCM_DATA_IN_POINTER_INVALID_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x05UL) -/*! Invalid data out pointer. */ -#define CRYS_AESCCM_DATA_OUT_POINTER_INVALID_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x06UL) -/*! Illegal data in size. */ -#define CRYS_AESCCM_DATA_IN_SIZE_ILLEGAL (CRYS_AESCCM_MODULE_ERROR_BASE + 0x07UL) -/*! Illegal data in or data out address. */ -#define CRYS_AESCCM_DATA_OUT_DATA_IN_OVERLAP_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x08UL) -/*! Illegal data out size. */ -#define CRYS_AESCCM_DATA_OUT_SIZE_INVALID_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x09UL) -/*! Illegal call to process additional data. */ -#define CRYS_AESCCM_ADDITIONAL_BLOCK_NOT_PERMITTED_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x0AUL) -/*! Illegal dma buffer type. */ -#define CRYS_AESCCM_ILLEGAL_DMA_BUFF_TYPE_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x0BUL) -/*! Illegal parameter size. */ -#define CRYS_AESCCM_ILLEGAL_PARAMETER_SIZE_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x0CUL) -/*! Invalid parameter pointer. */ -#define CRYS_AESCCM_ILLEGAL_PARAMETER_PTR_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x0DUL) -/*! Invalid data type. */ -#define CRYS_AESCCM_ILLEGAL_DATA_TYPE_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x0EUL) -/*! CCM MAC compare failure. */ -#define CRYS_AESCCM_CCM_MAC_INVALID_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x0FUL) -/*! Illegal operation. */ -#define CRYS_AESCCM_LAST_BLOCK_NOT_PERMITTED_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x10UL) -/*! Illegal parameter. */ -#define CRYS_AESCCM_ILLEGAL_PARAMETER_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x11UL) -/*! Additional data input size is incorrect. */ -#define CRYS_AESCCM_NOT_ALL_ADATA_WAS_PROCESSED_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x13UL) -/*! Text data input size is incorrect. */ -#define CRYS_AESCCM_NOT_ALL_DATA_WAS_PROCESSED_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x14UL) -/*! Additional data was already processed (must be processed only once). */ -#define CRYS_AESCCM_ADATA_WAS_PROCESSED_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x15UL) -/*! Illegal Nonce size. */ -#define CRYS_AESCCM_ILLEGAL_NONCE_SIZE_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x16UL) -/*! Illegal tag (MAC) size. */ -#define CRYS_AESCCM_ILLEGAL_TAG_SIZE_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x17UL) - -/*! Illegal context size. */ -#define CRYS_AESCCM_CTX_SIZES_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x28UL) -/*! Illegal parameters. */ -#define CRYS_AESCCM_ILLEGAL_PARAMS_ERROR (CRYS_AESCCM_MODULE_ERROR_BASE + 0x29UL) -/*! AESCCM is not supported. */ -#define CRYS_AESCCM_IS_NOT_SUPPORTED (CRYS_AESCCM_MODULE_ERROR_BASE + 0xFFUL) - -/************************ Enums ********************************/ - -/************************ Typedefs ****************************/ - -/************************ Structs *****************************/ - -/************************ Public Variables *********************/ - -/************************ Public Functions *********************/ - -#ifdef __cplusplus -} -#endif - -/** -@} - */ - -#endif - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_chacha.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_chacha.h deleted file mode 100644 index 89fb88d..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_chacha.h +++ /dev/null @@ -1,234 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -/*! -@file -@brief This file contains all of the enums and definitions that are used for the - CRYS CHACHA APIs, as well as the APIs themselves. -@defgroup crys_chacha CryptoCell CHACHA APIs -@{ -@ingroup cryptocell_api -*/ -#ifndef CRYS_CHACHA_H -#define CRYS_CHACHA_H - - -#include "ssi_pal_types.h" -#include "crys_error.h" - - -#ifdef __cplusplus -extern "C" -{ -#endif - -/************************ Defines ******************************/ -/*! CHACHA user's context size in words. */ -#define CRYS_CHACHA_USER_CTX_SIZE_IN_WORDS 17 - -/*! CHACHA block size in words. */ -#define CRYS_CHACHA_BLOCK_SIZE_IN_WORDS 16 -/*! CHACHA block size in bytes. */ -#define CRYS_CHACHA_BLOCK_SIZE_IN_BYTES (CRYS_CHACHA_BLOCK_SIZE_IN_WORDS * sizeof(uint32_t)) - -/*! Nonce buffer max size in words. */ -#define CRYS_CHACHA_NONCE_MAX_SIZE_IN_WORDS 3 -/*! Nonce buffer max size in bytes. */ -#define CRYS_CHACHA_NONCE_MAX_SIZE_IN_BYTES (CRYS_CHACHA_NONCE_MAX_SIZE_IN_WORDS * sizeof(uint32_t)) - -/*! CHACHA KEY maximal size in words. */ -#define CRYS_CHACHA_KEY_MAX_SIZE_IN_WORDS 8 -/*! CHACHA KEY maximal size in bytes. */ -#define CRYS_CHACHA_KEY_MAX_SIZE_IN_BYTES (CRYS_CHACHA_KEY_MAX_SIZE_IN_WORDS * sizeof(uint32_t)) - -/************************ Enums ********************************/ - -/*! Enum defining the CHACHA Encrypt or Decrypt operation mode. */ -typedef enum { - /*! CHACHA encrypt mode. */ - CRYS_CHACHA_Encrypt = 0, - /*! CHACHA decrypt mode. */ - CRYS_CHACHA_Decrypt = 1, - /*! CHACHA maximal number of operations (encrypt/decrypt). */ - CRYS_CHACHA_EncryptNumOfOptions, - - /*! Reserved. */ - CRYS_CHACHA_EncryptModeLast = 0x7FFFFFFF, - -}CRYS_CHACHA_EncryptMode_t; - -/*! Enum defining the CHACHA Nonce size in bits. */ -typedef enum { - /*! 64 bit Nonce size. */ - CRYS_CHACHA_Nonce64BitSize = 0, - /*! 96 bit Nonce size. */ - CRYS_CHACHA_Nonce96BitSize = 1, - /*! CHACHA maximal number of nonce sizes. */ - CRYS_CHACHA_NonceSizeNumOfOptions, - /*! Reserved. */ - CRYS_CHACHA_NonceSizeLast = 0x7FFFFFFF, - -}CRYS_CHACHA_NonceSize_t; - -/************************ Typedefs ****************************/ - -/*! Defines the Nonce buffer 12 bytes array. */ -typedef uint8_t CRYS_CHACHA_Nonce_t[CRYS_CHACHA_NONCE_MAX_SIZE_IN_BYTES]; - -/*! Defines the CHACHA key buffer. */ -typedef uint8_t CRYS_CHACHA_Key_t[CRYS_CHACHA_KEY_MAX_SIZE_IN_BYTES]; - - -/************************ context Structs ******************************/ - -/*! The user's context prototype - the argument type that is passed by the user - to the CHACHA API. The context saves the state of the operation and must be saved by the user - till the end of the APIs flow (for example till ::CRYS_CHACHA_Free is called). */ -typedef struct CRYS_CHACHAUserContext_t { - /* Allocated buffer must be double the size of actual context - * + 1 word for offset management */ - /*! Context buffer for internal use */ - uint32_t buff[CRYS_CHACHA_USER_CTX_SIZE_IN_WORDS]; -}CRYS_CHACHAUserContext_t; - -/************************ Public Variables **********************/ - - -/************************ Public Functions **********************/ - -/****************************************************************************************************/ - -/*! -@brief This function is used to initialize the context for CHACHA operations. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_chacha_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_CHACHA_Init( - CRYS_CHACHAUserContext_t *pContextID, /*!< [in] Pointer to the CHACHA context buffer that is allocated by the user - and is used for the CHACHA operation. */ - CRYS_CHACHA_Nonce_t pNonce, /*!< [in] A buffer containing an nonce. */ - CRYS_CHACHA_NonceSize_t nonceSize, /*!< [in] Enumerator defining the nonce size (only 64 and 96 bit are valid). */ - CRYS_CHACHA_Key_t pKey, /*!< [in] A pointer to the user's key buffer. */ - uint32_t initialCounter, /*!< [in] An initial counter. */ - CRYS_CHACHA_EncryptMode_t EncryptDecryptFlag /*!< [in] A flag specifying whether the CHACHA should perform an Encrypt operation - or a Decrypt operation. */ -); - - -/*! -@brief This function is used to process aligned blocks of CHACHA. -The data in size should be a multiple of chacha block size. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_chacha_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_CHACHA_Block( - CRYS_CHACHAUserContext_t *pContextID, /*!< [in] Pointer to the context buffer. */ - uint8_t *pDataIn, /*!< [in] A pointer to the buffer of the input data to the CHACHA. - The pointer does not need to be aligned. must not be null. */ - uint32_t dataInSize, /*!< [in] The size of the input data. - Must be a multiple of ::CRYS_CHACHA_BLOCK_SIZE_IN_BYTES bytes and must not be 0. */ - uint8_t *pDataOut /*!< [out] A pointer to the buffer of the output data from the CHACHA. - The pointer does not need to be aligned. must not be null. */ -); - - -/*! -@brief This function is used to process the remaining data of CHACHA. -The data in size should be smaller than chacha block size. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_chacha_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_CHACHA_Finish( - CRYS_CHACHAUserContext_t *pContextID, /*!< [in] Pointer to the context buffer. */ - uint8_t *pDataIn, /*!< [in] A pointer to the buffer of the input data to the CHACHA. - The pointer does not need to be aligned. If dataInSize = 0, input buffer is not required. */ - uint32_t dataInSize, /*!< [in] The size of the input data. - zero and non multiple of ::CRYS_CHACHA_BLOCK_SIZE_IN_BYTES are valid. */ - uint8_t *pDataOut /*!< [out] A pointer to the buffer of the output data from the CHACHA. - The pointer does not need to be aligned. If dataInSize = 0, output buffer is not required. */ -); - - -/*! -@brief This function is used to free the context of CHACHA operations. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_chacha_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_CHACHA_Free( - CRYS_CHACHAUserContext_t *pContextID /*!< [in] Pointer to the context buffer. */ -); - - -/*! -@brief This function is used to perform the CHACHA operation in one integrated process. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_chacha_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_CHACHA( - CRYS_CHACHA_Nonce_t pNonce, /*!< [in] A buffer containing an nonce. */ - CRYS_CHACHA_NonceSize_t nonceSize, /*!< [in] Enumerator defining the nonce size (only 64 and 96 bit are valid). */ - CRYS_CHACHA_Key_t pKey, /*!< [in] A pointer to the user's key buffer. */ - uint32_t initialCounter, /*!< [in] An initial counter. */ - CRYS_CHACHA_EncryptMode_t encryptDecryptFlag, /*!< [in] A flag specifying whether the CHACHA should perform an Encrypt operation - or a Decrypt operation. */ - uint8_t *pDataIn, /*!< [in] A pointer to the buffer of the input data to the CHACHA. - The pointer does not need to be aligned. must not be null. */ - uint32_t dataInSize, /*!< [in] The size of the input data. must not be 0. */ - uint8_t *pDataOut /*!< [out] A pointer to the buffer of the output data from the CHACHA. - The pointer does not need to be aligned. must not be null. */ -); - - -/***********************************************************************************/ - -#ifdef __cplusplus -} -#endif - -/** -@} - */ - -#endif /* #ifndef CRYS_CHACHA_H */ - - - - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_chacha_error.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_chacha_error.h deleted file mode 100644 index 93f6141..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_chacha_error.h +++ /dev/null @@ -1,103 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -#ifndef CRYS_CHACHA_ERROR_H -#define CRYS_CHACHA_ERROR_H - - -#include "crys_error.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! -@file -@brief This module contains the definitions of the CRYS CHACHA errors. -@defgroup crys_chacha_error CryptoCell CHACHA specific errors -@{ -@ingroup crys_chacha -*/ - - - -/************************ Defines ******************************/ - -/*! The CRYS CHACHA module errors base address - 0x00F02200. */ -/*! Illegal Nonce. */ -#define CRYS_CHACHA_INVALID_NONCE_ERROR (CRYS_CHACHA_MODULE_ERROR_BASE + 0x01UL) -/*! Illegal key size. */ -#define CRYS_CHACHA_ILLEGAL_KEY_SIZE_ERROR (CRYS_CHACHA_MODULE_ERROR_BASE + 0x02UL) -/*! Illegal key pointer. */ -#define CRYS_CHACHA_INVALID_KEY_POINTER_ERROR (CRYS_CHACHA_MODULE_ERROR_BASE + 0x03UL) -/*! Illegal operation mode. */ -#define CRYS_CHACHA_INVALID_ENCRYPT_MODE_ERROR (CRYS_CHACHA_MODULE_ERROR_BASE + 0x04UL) -/*! Illegal data in pointer. */ -#define CRYS_CHACHA_DATA_IN_POINTER_INVALID_ERROR (CRYS_CHACHA_MODULE_ERROR_BASE + 0x05UL) -/*! Illegal data out pointer. */ -#define CRYS_CHACHA_DATA_OUT_POINTER_INVALID_ERROR (CRYS_CHACHA_MODULE_ERROR_BASE + 0x06UL) -/*! Illegal user context. */ -#define CRYS_CHACHA_INVALID_USER_CONTEXT_POINTER_ERROR (CRYS_CHACHA_MODULE_ERROR_BASE + 0x07UL) -/*! Illegal user context size. */ -#define CRYS_CHACHA_CTX_SIZES_ERROR (CRYS_CHACHA_MODULE_ERROR_BASE + 0x08UL) -/*! Illegal Nonce pointer. */ -#define CRYS_CHACHA_INVALID_NONCE_PTR_ERROR (CRYS_CHACHA_MODULE_ERROR_BASE + 0x09UL) -/*! Illegal data in size. */ -#define CRYS_CHACHA_DATA_IN_SIZE_ILLEGAL (CRYS_CHACHA_MODULE_ERROR_BASE + 0x0AUL) -/*! General error. */ -#define CRYS_CHACHA_GENERAL_ERROR (CRYS_CHACHA_MODULE_ERROR_BASE + 0x0BUL) -/*! CHACHA is not supported. */ -#define CRYS_CHACHA_IS_NOT_SUPPORTED (CRYS_CHACHA_MODULE_ERROR_BASE + 0xFFUL) - -/************************ Enums ********************************/ - -/************************ Typedefs ****************************/ - -/************************ Structs *****************************/ - -/************************ Public Variables *********************/ - -/************************ Public Functions *********************/ - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_chacha_poly.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_chacha_poly.h deleted file mode 100644 index f9a7ce1..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_chacha_poly.h +++ /dev/null @@ -1,95 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -/*! -@file -@brief This file contains all of the enums and definitions that are used for the - CRYS CHACHA-POLY APIs, as well as the APIs themselves. -@defgroup crys_chacha_poly CryptoCell CHACHA-POLY APIs -@{ -@ingroup cryptocell_api -*/ -#ifndef CRYS_CHACHA_POLY_H -#define CRYS_CHACHA_POLY_H - - -#include "ssi_pal_types.h" -#include "crys_error.h" -#include "crys_chacha.h" -#include "crys_poly.h" - - -#ifdef __cplusplus -extern "C" -{ -#endif - - -/*! -@brief This function is used to perform the CHACHA-POLY encryption and authentication operation. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_chacha_poly_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_CHACHA_POLY( - CRYS_CHACHA_Nonce_t pNonce, /*!< [in] A pointer to a buffer containing the nonce value. */ - CRYS_CHACHA_Key_t pKey, /*!< [in] A pointer to the user's key buffer. */ - CRYS_CHACHA_EncryptMode_t encryptDecryptFlag, /*!< [in] A flag specifying whether the CHACHA-POLY should perform an Encrypt or - Decrypt operation. */ - uint8_t *pAddData, /*!< [in] A pointer to the buffer of the additional data to the POLY. - The pointer does not need to be aligned. must not be null. */ - size_t addDataSize, /*!< [in] The size of the input data. must not be 0. */ - uint8_t *pDataIn, /*!< [in] A pointer to the buffer of the input data to the CHACHA. - The pointer does not need to be aligned. must not be null. */ - size_t dataInSize, /*!< [in] The size of the input data. must not be 0. */ - uint8_t *pDataOut, /*!< [out] A pointer to the buffer of the output data from the CHACHA. - must not be null. */ - CRYS_POLY_Mac_t macRes /*!< [in/out] Pointer to the MAC result buffer.*/ -); - - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif /* #ifndef CRYS_CHACHA_POLY_H */ - - - - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_chacha_poly_error.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_chacha_poly_error.h deleted file mode 100644 index f5465ec..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_chacha_poly_error.h +++ /dev/null @@ -1,95 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -#ifndef CRYS_CHACHA_POLY_ERROR_H -#define CRYS_CHACHA_POLY_ERROR_H - - -#include "crys_error.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! -@file -@brief This module contains the definitions of the CRYS CHACHA POLY errors. -@defgroup crys_chacha_poly_error CryptoCell CHACHA POLY specific errors -@{ -@ingroup crys_chacha_poly -*/ - - - -/************************ Defines ******************************/ - -/*! The CRYS CHACHA POLY module errors base address - 0x00F02400. */ -/*! Invalid Additional data. */ -#define CRYS_CHACHA_POLY_ADATA_INVALID_ERROR (CRYS_CHACHA_POLY_MODULE_ERROR_BASE + 0x01UL) -/*! Invalid input data. */ -#define CRYS_CHACHA_POLY_DATA_INVALID_ERROR (CRYS_CHACHA_POLY_MODULE_ERROR_BASE + 0x02UL) -/*! Illegal encryption mode. */ -#define CRYS_CHACHA_POLY_ENC_MODE_INVALID_ERROR (CRYS_CHACHA_POLY_MODULE_ERROR_BASE + 0x03UL) -/*! Illegal data size. */ -#define CRYS_CHACHA_POLY_DATA_SIZE_INVALID_ERROR (CRYS_CHACHA_POLY_MODULE_ERROR_BASE + 0x04UL) -/*! Key generation error. */ -#define CRYS_CHACHA_POLY_GEN_KEY_ERROR (CRYS_CHACHA_POLY_MODULE_ERROR_BASE + 0x05UL) -/*! CHACHA Key generation error. */ -#define CRYS_CHACHA_POLY_ENCRYPTION_ERROR (CRYS_CHACHA_POLY_MODULE_ERROR_BASE + 0x06UL) -/*! Authentication error. */ -#define CRYS_CHACHA_POLY_AUTH_ERROR (CRYS_CHACHA_POLY_MODULE_ERROR_BASE + 0x07UL) -/*! MAC comparison error. */ -#define CRYS_CHACHA_POLY_MAC_ERROR (CRYS_CHACHA_POLY_MODULE_ERROR_BASE + 0x08UL) - -/************************ Enums ********************************/ - -/************************ Typedefs ****************************/ - -/************************ Structs *****************************/ - -/************************ Public Variables *********************/ - -/************************ Public Functions *********************/ - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_common.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_common.h deleted file mode 100644 index 74c6302..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_common.h +++ /dev/null @@ -1,371 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - - -#ifndef CRYS_COMMON_H -#define CRYS_COMMON_H - -#include "crys_common_error.h" - - -#ifdef __cplusplus -extern "C" -{ -#endif - - -/************************ Defines ******************************/ - -#define CRYS_AES_SECRET_KEY_SIZE_IN_WORDS 4 - -/* the ROT13 definition - relevant only on SW low level engines compiled in the ROT mode */ -#define CRYS_COMMON_ROT_13_OFFSET 13 - - - -/************************ Enums ********************************/ - -/************************ Typedefs ****************************/ - -/************************ Structs *****************************/ - -/************************ Public Variables *********************/ - -/************************ Public Functions *********************/ - - - -/*********************************************************************** - ** - * @brief This function executes a reverse bytes copying from one buffer to another buffer. - * - * Overlapping of buffers is not allowed, excluding the case, when destination and source - * buffers are the same. - * Example of a 5 byte buffer: - * - * dst_ptr[4] = src_ptr[0] - * dst_ptr[3] = src_ptr[1] - * dst_ptr[2] = src_ptr[2] - * dst_ptr[1] = src_ptr[3] - * dst_ptr[0] = src_ptr[4] - * - * @param[in] dst_ptr - The pointer to destination buffer. - * @param[in] src_ptr - The pointer to source buffer. - * @param[in] size - The size in bytes. - * - */ - CRYSError_t CRYS_COMMON_ReverseMemcpy( uint8_t *dst_ptr , uint8_t *src_ptr , uint32_t size ); - - -/*********************************************************************** - ** - * @brief This function converts aligned words array to bytes array/ - * - * 1. Assumed, that input buffer is aligned to 4-bytes word and - * bytes order is set according to machine endianness. - * 2. Output buffer receives data as bytes stream from LSB to MSB. - * For increasing performance on small buffers, the output data is given - * by rounded down pointer and alignment. - * 3. This implementation is given for both Big and Little endian machines. - * - * - * @param[in] in32_ptr - The pointer to aligned input buffer. - * @param[in] out32_ptr - The 32-bits pointer to output buffer (rounded down to 4 bytes) . - * @param[in] outAlignBits - The actual output data alignment; - * @param[in] sizeWords - The size in words (sizeWords >= 1). - * - * return - no return value. - */ - void CRYS_COMMON_AlignedWordsArrayToBytes( uint32_t *in32_ptr , uint32_t *out32_ptr , - uint32_t outAlignBits, uint32_t sizeWords ); - -/***********************************************************************/ - /** - * @brief This function converts in place words byffer to bytes buffer with - * reversed endianity of output array. - * - * The function can convert: - * - big endian bytes array to words array with little endian order - * of words and backward. - * - * Note: - * 1. Endianness of each word in words buffer should be set allways - * according to processor used. - * 2. Implementation is given for both big and little endianness of - * processor. - * - * @param[in] buf_ptr - The 32-bits pointer to input/output buffer. - * @param[in] sizeWords - The size in words (sizeWords > 0). - * - * @return - no return value. - */ -void CRYS_COMMON_InPlaceConvertBytesWordsAndArrayEndianness( - uint32_t *buf_ptr, - uint32_t sizeWords); - - -/***********************************************************************/ - /** - * @brief This function converts big endianness bytes array to aligned words - * array with words order according to little endian / - * - * 1. Assumed, that input bytes order is set according - * to big endianness: MS Byte is most left, i.e. order is from - * Msb to Lsb. - * 2. Output words array should set according to - * little endianness words order: LSWord is most left, i.e. order - * is from Lsw to Msw. Order bytes in each word - according to - * 3. Implementation is given for both big and little - * endianness of processor. - * - * @param[out] out32_ptr - The 32-bits pointer to output buffer. - * @param[in] sizeOutBuffBytes - The size in bytes of output buffer, must be - * aligned to 4 bytes and not less than sizeInBytes. - * @param[in] in8_ptr - The pointer to input buffer. - * @param[in] sizeInBytes - The size in bytes of input data(sizeBytes >= 1). - * - * @return CRYSError_t - On success CRYS_OK is returned, on failure a - * value MODULE_* as defined in . - */ -CRYSError_t CRYS_COMMON_ConvertMsbLsbBytesToLswMswWords( - uint32_t *out32_ptr, - uint32_t sizeOutBuffBytes, - const uint8_t *in8_ptr, - uint32_t sizeInBytes); - - -/***********************************************************************/ - /** - * @brief This function converts LE 32bit-words array to BE bytes array. - * - * Note: The function allows output full size of the data and also output - * without leading zeros, if the user gives appropriate exact output - * size < input size. - * - * Assuming: - * 1. Output bytes order is according to big endianness: - * MS Byte is most left, i.e. order is from Msb to Lsb. - * 2. Input array words order is set according to - * little endianness words order: LSWord is most left, i.e. order - * is from Lsw to Msw. Bytes order in each word - according to - * processor endianness. - * 3. Owerlapping of buffers is not allowed, besides in - * place operation and size aligned to full words. - * 4. Implementation is given for both big and little - * endianness of processor. - * - * @param[in] out8_ptr - The bytes pointer to the output buffer. - * @param[in] sizeOutBuffBytes - The size of the data in bytes to output; must - * be not less, than sizeInBytes. - * @param[out] in32_ptr - The pointer to the input buffer. - * @param[in] sizeInpBytes - The size of the input data in bytes. The size must - * be > 0 and aligned to 4 bytes. - * - * @return CRYSError_t - On success CRYS_OK is returned, on failure a - * value MODULE_* as defined in . - */ -CRYSError_t CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes( - uint8_t *out8_ptr, - uint32_t sizeOutBytes, - uint32_t *in32_ptr, - uint32_t sizeInpBytes); - - -/***********************************************************************/ -/** - * @brief VOS_GetGlobalData get the global random key hidden inside the function - * the global data implemented for now are random key buffer and AES secret key buffer - * - * When no_rtos is declared then we allow a global data. The random key/AES secret key are hidden as static inside the function - * - * - * @param[in] Globalid select the buffer - * @param[in] GlobalDataSizeWords - the global data buffer size needed in words - this value must be a predetermined value - * @param[out] GlobalData_ptr - Pointer to the global buffer returned. The buffer must be at least GlobalDataSizeWords size - * - * @return CRYSError_t - On success CRYS_OK is returned, on failure an Error as defined in VOS_error - */ -CRYSError_t CRYS_COMMON_GetGlobalData(uint16_t Globalid, uint32_t *GlobalData_ptr, uint16_t GlobalDataSizeWords); - - -/***********************************************************************/ -/** -* @brief CRYS_COMMON_StoreGlobalData store the global random key into the global buffer hidden inside the function -* the global data implemented for now are random key buffer and AES secret key buffer -* -* -* @param[in] Globalid - random key / AES secret key -* @param[in] GlobalDataSizeWords - the global data buffer size needed in words - this value must be a predetermined value -* @param[in] GlobalData_ptr - Pointer to the global buffer to be saved. The buffer must be at least GlobalDataSizeWords size -* -* Return Value: -*/ -CRYSError_t CRYS_COMMON_StoreGlobalData(uint16_t Globalid, uint32_t *GlobalData_ptr, uint16_t GlobalDataSizeWords); - - -/***********************************************************************/ -/** - * @brief The CRYS_COMMON_CutAndSaveEndOfLliData() function saves the data from end of source - * memory, pointed by LLI table, to destination memory, and decreases the LLI table accordingly. - * - * The function executes the following major steps: - * - * 1. Starts copy bytes from last byte of last chunk of source LLI table into - * last byte of destination memory. - * 2. Continues copy bytes in reverse order while not completes copying of all amount of data. - * 3. If last chunk of source or destination data is not enough, the function crosses - * to next chunk of LLI table. - * 4. Decreases the Data size of last updated LLI entry and sets the LAST bit. - * 5. Exits with the OK code. - * - * - * @param[in] SrcLliTab_ptr - The pointer to the LLI table, containing pointers and sizes of - * chunks of source data. The table need to be aligned and placed - * in SEP SRAM. - * @param[in] SrcLliTabSize_ptr - The pointer to buffer, containing th size of the LLI table in words. - * @param[in] Dest_ptr - The destination address for copying the data. - * @param[in] DataSize - The count of bytes to copy. - * - * @return CRYSError_t - On success CRYS_OK is returned, - * - CRYS_COMMON_ERROR_IN_SAVING_LLI_DATA_ERROR - * - * NOTE: 1. Because the function is intended for internal using, it is presumed that all input parameters - * are valid. - * 2. Assumed, that copied source not may to take more than two last chunks of source memory. - */ - CRYSError_t CRYS_COMMON_CutAndSaveEndOfLliData( - uint32_t *SrcLliTab_ptr, - uint32_t *SrcLliTabSize_ptr, - uint8_t *Dst_ptr, - uint32_t DataSize); - -/***********************************************************************/ -/** - * @brief The CRYS_COMMON_CutAndSaveBeginOfLliData() function saves the data from beginning of source - * memory, pointed by LLI table, to destination memory, and decreases the LLI table accordingly. - * - * The function executes the following major steps: - * - * 1. Starts copy bytes from first byte of first chunk of source LLI table into - * destination memory. - * 2. If first chunk of source is not enough, the function crosses - * to next chunk of LLI table. - * 3. Updates LLI table pointer and size according to copied amount of data. - * 5. Exits with the OK code. - * - * @param[in/out] SrcLliTab_ptr_ptr - The pointer to pointer to the LLI table, containing pointers and - * sizes of the chunks of source data. The table need to be aligned and - * placed in SRAM. - * @param[in/out] SrcLliTabSize_ptr - The pointer to buffer, containing th size of the LLI table in words. - * @param[in] Dest_ptr - The destination address for copying the data. - * @param[in] DataSize - The count of bytes to copy. - * - * @return - no return value. - * - * NOTE: 1. Because the function is intended for internal using, it is presumed that all input parameters - * are valid. - * 2. Assumed, that copied source not may to take more than two first chunks of source memory. - */ - void CRYS_COMMON_CutAndSaveBeginOfLliData( - uint32_t **SrcLliTab_ptr_ptr, - uint32_t *SrcLliTabSize_ptr, - uint8_t *Dst_ptr, - uint32_t DataSize); - -/***********************************************************************/ - /** - * @brief This function converts 32-bit words array with little endian - * order of words to bytes array with little endian (LE) order of bytes. - * - * Assuming: no buffers overlapping, in/out pointers and sizes not equall to NULL, - the buffer size must be not less, than input data size. - * - * @param[out] out8Le - The bytes pointer to output buffer. - * @param[in] in32Le - The pointer to input 32-bit words buffer. - * @param[in] sizeInWords - The size in words of input data (sizeWords >= 0). - * - * @return CRYSError_t - On success CRYS_OK is returned, on failure a - * value MODULE_* as defined in . - */ -void CRYS_COMMON_ConvertLswMswWordsToLsbMsbBytes( - uint8_t *out8Le, - const uint32_t *in32Le, - size_t sizeInWords); - - -/***********************************************************************/ -/** - * @brief This function converts bytes array with little endian (LE) order of - * bytes to 32-bit words array with little endian order of words and bytes. - * - * Assuming: No owerlapping of buffers; in/out pointers and sizes are not equall to NULL. - * If is in-place conversion, then the size must be multiple of 4 bytes. - * @param[out] out32Le - The 32-bits pointer to output buffer. The buffer size must be - * not less, than input data size. - * @param[in] in8Le - The pointer to input buffer. - * @param[in] sizeInBytes - The size in bytes of input data(sizeBytes > 0). - * - * @return CRYSError_t - On success CRYS_OK is returned, on failure a - * value MODULE_* as defined in . - */ -void CRYS_COMMON_ConvertLsbMsbBytesToLswMswWords( - uint32_t *out32Le, - const uint8_t *in8Le, - size_t sizeInBytes); - - -/** - * The function compares value of byte vector to null. - * - * @author reuvenl (6/20/2016) - * - * @param vect - a pointer to bytes vector. - * @param sizeBytes - size of the vector. - * - * @return uint32_t - if vector's value iz zero, then returns 1, else - 0; - */ -uint32_t CRYS_COMMON_CheckIsVectorZero(uint8_t *vect, uint32_t sizeBytes); - - - - -#ifdef __cplusplus -} -#endif - -#endif - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_common_error.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_common_error.h deleted file mode 100644 index 03c73c5..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_common_error.h +++ /dev/null @@ -1,95 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - - #ifndef CRYS_COMMON_ERROR_H -#define CRYS_COMMON_ERROR_H - -#include "crys_error.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - - -/************************ Defines ******************************/ - -/* CRYS COMMON module errors. Base address - 0x00F00D00 */ - -#define CRYS_COMMON_INIT_HW_SEM_CREATION_FAILURE (CRYS_COMMON_MODULE_ERROR_BASE + 0x0UL) -#define CRYS_COMMON_DATA_IN_POINTER_INVALID_ERROR (CRYS_COMMON_MODULE_ERROR_BASE + 0x4UL) -#define CRYS_COMMON_DATA_SIZE_ILLEGAL (CRYS_COMMON_MODULE_ERROR_BASE + 0x5UL) -#define CRYS_COMMON_DATA_OUT_DATA_IN_OVERLAP_ERROR (CRYS_COMMON_MODULE_ERROR_BASE + 0x6UL) -#define CRYS_COMMON_DATA_OUT_POINTER_INVALID_ERROR (CRYS_COMMON_MODULE_ERROR_BASE + 0x7UL) -#define CRYS_COMMON_OUTPUT_BUFF_SIZE_ILLEGAL (CRYS_COMMON_MODULE_ERROR_BASE + 0x9UL) - -#define CRYS_COMMON_TST_UTIL_CHUNK_SIZE_SMALL_ERROR (CRYS_COMMON_MODULE_ERROR_BASE + 0x10UL) -#define CRYS_COMMON_ERROR_IN_SAVING_LLI_DATA_ERROR (CRYS_COMMON_MODULE_ERROR_BASE + 0x11UL) - - -#define CRYS_COMMON_TST_UTIL_LLI_ENTRY_SIZE_TOO_SMALL_ERROR (CRYS_COMMON_MODULE_ERROR_BASE + 0x12UL) -#define CRYS_COMMON_TST_CSI_DATA_SIZE_EXCEED_ERROR (CRYS_COMMON_MODULE_ERROR_BASE + 0x13UL) -#define CRYS_COMMON_TST_CSI_MODULE_ID_OUT_OF_RANGE (CRYS_COMMON_MODULE_ERROR_BASE + 0x14UL) -#define CRYS_COMMON_TST_CSI_MEMORY_MAPPING_ERROR (CRYS_COMMON_MODULE_ERROR_BASE + 0x15UL) - -#define CRYS_COMMON_TERM_HW_SEM_DELETE_FAILURE (CRYS_COMMON_MODULE_ERROR_BASE + 0x16UL) - -#define CRYS_COMMON_TST_UTIL_NOT_INTEGER_CHAR_ERROR (CRYS_COMMON_MODULE_ERROR_BASE + 0x17UL) -#define CRYS_COMMON_TST_UTIL_BUFFER_IS_SMALL_ERROR (CRYS_COMMON_MODULE_ERROR_BASE + 0x18UL) -#define CRYS_COMMON_POINTER_NOT_ALIGNED_ERROR (CRYS_COMMON_MODULE_ERROR_BASE + 0x19UL) - - -/************************ Enums ********************************/ - - -/************************ Typedefs ****************************/ - - -/************************ Structs ******************************/ - - -/************************ Public Variables **********************/ - - -/************************ Public Functions **********************/ - -#ifdef __cplusplus -} -#endif - -#endif - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_dh.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_dh.h deleted file mode 100644 index be0deb9..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_dh.h +++ /dev/null @@ -1,446 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - - -#ifndef _CRYS_DH_H -#define _CRYS_DH_H - -#include "crys_rsa_types.h" -#include "crys_kdf.h" -#include "crys_rnd.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - - -/*! -@file -@brief This module defines the API that supports Diffie-Hellman key exchange, as defined in [PKCS3] and in [X9.42] (key lengths 1024 and 2048 bits). -@defgroup crys_dh CryptoCell DH APIs -@{ -@ingroup cryptocell_api -*/ - - -/************************ Defines ******************************/ -/*! Defintion for DH public key.*/ -#define CRYS_DHPubKey_t CRYSRSAPubKey_t - -/*! Maximal valid key size in bits.*/ -#define CRYS_DH_MAX_VALID_KEY_SIZE_VALUE_IN_BITS CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS /*!< \internal RL restrict to 2048 */ -/*! Minimal valid key size in bits.*/ -#define CRYS_DH_MIN_VALID_KEY_SIZE_VALUE_IN_BITS 1024 /*!< Size limitation according to ANSI standard */ -/*! Maximal modulus size in bytes.*/ -#define CRYS_DH_MAX_MOD_SIZE_IN_BYTES (CRYS_DH_MAX_VALID_KEY_SIZE_VALUE_IN_BITS / SASI_BITS_IN_BYTE) -/*! Maximal modulus size in words.*/ -#define CRYS_DH_MAX_MOD_SIZE_IN_WORDS (CRYS_DH_MAX_MOD_SIZE_IN_BYTES/sizeof(uint32_t)) - -/*! Modulus buffer size in words.*/ -#define CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS (CRYS_DH_MAX_MOD_SIZE_IN_WORDS + 2) -/*! Maximal domain generation size in bits.*/ -#define CRYS_DH_DOMAIN_GENERATION_MAX_SIZE_BITS CRYS_RSA_MAX_KEY_GENERATION_SIZE_BITS /*!< \internal RL restrict to 2048 */ - -/*! Defintion for DH primitives data.*/ -#define CRYS_DHPrimeData_t CRYS_RSAPrimeData_t -/*! Defintion for DH public key.*/ -#define CRYS_DHUserPubKey_t CRYS_RSAUserPubKey_t -/*! Defintion for DH other info.*/ -#define CRYS_DH_OtherInfo_t CRYS_KDF_OtherInfo_t - -/*! Keying data size is in bytes*/ -#define CRYS_DH_MAX_SIZE_OF_KEYING_DATA CRYS_KDF_MAX_SIZE_OF_KEYING_DATA - -/************************ Enums ********************************/ - -/*! DH operations mode */ -typedef enum -{ - /*! PKCS3 operation mode. */ - CRYS_DH_PKCS3_mode = 0, - /*! ANSI X942 operation mode. */ - CRYS_DH_ANSI_X942_mode = 1, - /*! Total number of operation modes. */ - CRYS_DH_NumOfModes, - - /*! Reserved. */ - CRYS_DH_OpModeLast = 0x7FFFFFFF, - -}CRYS_DH_OpMode_t; - -/*! HASH operation modes */ -typedef enum -{ - /*! SHA1 operation mode. */ - CRYS_DH_HASH_SHA1_mode = CRYS_HASH_SHA1_mode, - /*! SHA224 operation mode. */ - CRYS_DH_HASH_SHA224_mode = CRYS_HASH_SHA224_mode, - /*! SHA256 operation mode. */ - CRYS_DH_HASH_SHA256_mode = CRYS_HASH_SHA256_mode, - /*! SHA384 operation mode. */ - CRYS_DH_HASH_SHA384_mode = CRYS_HASH_SHA384_mode, - /*! SHA512 operation mode. */ - CRYS_DH_HASH_SHA512_mode = CRYS_HASH_SHA512_mode, - /*! MD5 operation mode (not used in DH). */ - CRYS_DH_HASH_MD5_mode = CRYS_HASH_MD5_mode, /*!< \internal not used in DH */ - /*! Total number of HASH modes. */ - CRYS_DH_HASH_NumOfModes = CRYS_HASH_MD5_mode, - /*! Reserved. */ - CRYS_DH_HASH_OperationModeLast = 0x7FFFFFFF, - -}CRYS_DH_HASH_OpMode_t; - -/*! Key derivation modes. */ -typedef enum -{ - /*! ASN1 derivation mode.*/ - CRYS_DH_ASN1_Der_mode = CRYS_KDF_ASN1_DerivMode, - /*! Concatination derivation mode.*/ - CRYS_DH_Concat_Der_mode = CRYS_KDF_ConcatDerivMode, - /*! X963 derivation mode.*/ - CRYS_DH_X963_DerMode = CRYS_KDF_ConcatDerivMode, - /*! Reserved. */ - CRYS_DH_DerivationFunc_ModeLast= 0x7FFFFFFF, - -}CRYS_DH_DerivationFunc_Mode; - - -/************************ Typedefs *************************************/ -/*! Temporary buffer structure for internal usage.*/ -typedef struct -{ - /*! Temporary primitives data */ - CRYS_DHPrimeData_t PrimeData; - /*! Public key. */ - CRYS_DHPubKey_t PubKey; - /*! Temporary buffer for internal usage. */ - uint32_t TempBuff[CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS]; -} CRYS_DH_ExpTemp_t; - -/*! Temporary buffer structure for internal usage. */ -typedef struct -{ - /*! Temporary primitives data */ - CRYS_DHPrimeData_t PrimeData; - /*! User's public key. */ - CRYS_DHUserPubKey_t UserPubKey; - /*! Temporary buffer for internal usage. */ - uint32_t TempBuff[CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS]; -} CRYS_DH_Temp_t; - -/*! Temporary buffer structure for internal usage. */ -typedef struct -{ - /*! Temporary primitives data */ - CRYS_DHPrimeData_t PrimeData; - /*! User's public key. */ - CRYS_DHUserPubKey_t UserPubKey; - /*! Temporary buffer for internal usage. */ - uint32_t TempBuff[2*CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS]; -} CRYS_DH_HybrTemp_t; - -/*! Defintion of buffer used for FIPS Known Answer Tests. */ -typedef struct -{ - /*! Public key. */ - CRYS_DHUserPubKey_t pubKey; - /*! Temporary primitives data */ - CRYS_DHPrimeData_t primeData; - /*! Buffer for the secret value.*/ - uint8_t secretBuff[CRYS_DH_MIN_VALID_KEY_SIZE_VALUE_IN_BITS/SASI_BITS_IN_BYTE]; // KAT tests uses 1024 bit key -} CRYS_DH_FipsKat_t; - - -/************************ Structs **************************************/ - -/************************ Public Variables ******************************/ - -/************************ Public Functions ******************************/ - -/*******************************************************************************************/ - -/*! -@brief This function has two purposes: -
    1. Randomly generate the client private key according to the choosen version [PKCS3] or [ANSI X9.42].
      2. -
    2. Computes the client public key as follows: ClientPub = Generator^Prv mod Prime, where '^' is the symbol of exponentiation.
    -This function should not be called directly. Instead, use the macros ::CRYS_DH_PKCS3_GeneratePubPrv and ::CRYS_DH_ANSI_X942_GeneratePubPrv. -\note -All buffer parameters should be in Big-Endian form. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_dh_error.h, crys_rnd_error.h or crys_rsa_error.h. - */ -CIMPORT_C CRYSError_t _DX_DH_GeneratePubPrv( - void *rndState_ptr, /*!< [in/out] Pointer to the RND state structure. */ - SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to the random vector generation function. */ - uint8_t *Generator_ptr, /*!< [in] Pointer to the Generator octet string. */ - uint16_t GeneratorSize, /*!< [in] The size of the Generator string (in bytes). */ - uint8_t *Prime_ptr, /*!< [in] Pointer to the Prime octet string P (used as modulus in the algorithm). */ - uint16_t PrimeSize, /*!< [in] The size of the Prime string in bytes. */ - uint16_t L, /*!< [in] Exact size in bits of the Prime to be generated (relevant only for [PKCS3]): -
    • If L!=0, force the private key to be [2^(L-1) ? Prv < 2^L], where '^' - indicates exponentiation.
      • -
    • If L = 0 then [0 < Prv < P-1].
    */ - uint8_t *Q_ptr, /*!< [in] Relevant only for [ANSI X9.42] - Pointer to the Q octet string in the range: - 1 <= Prv <= Q-1 or 1 < Prv < Q-1. */ - uint16_t QSize, /*!< [in] Relevant only for [ANSI X9.42] - Size of the Q string (in bytes). */ - CRYS_DH_OpMode_t DH_mode, /*!< [in] An enumerator declaring whether this is [PKCS3] or [ANSI X9.42] mode. */ - CRYS_DHUserPubKey_t *tmpPubKey_ptr, /*!< [in] Pointer to a temporary buffer for public key structure. Used for the - exponentiation function. */ - CRYS_DHPrimeData_t *tmpPrimeData_ptr, /*!< [in] Pointer to a structure holding internal temporary buffers. */ - uint8_t *ClientPrvKey_ptr, /*!< [out] Pointer to the Private key Prv. This buffer should be at least the following - size (in bytes): -
    • If L is provided: (L+7)/8.
      • -
    • If L is NULL: \p PrimeSize.
    */ - uint16_t *ClientPrvKeySize_ptr, /*!< [in/out] Pointer to the Private key size: -
    • Input - size of the given buffer.
      • -
    • Output - actual size of the generated private key.
    */ - uint8_t *ClientPub1_ptr, /*!< [out] Pointer to the Public key. This buffer should be at least \p PrimeSize bytes. */ - uint16_t *ClientPubSize_ptr /*!< [in/out] Pointer to the Public key size: -
    • Input - size of the given buffer.
      • -
    • Output - actual size of the generated public key.
    */ -); - - -/* macro for calling the GeneratePubPrv function on PKCS#3 mode: Q is irrelevant */ -/*--------------------------------------------------------------------------------*/ -/*! -This macro is used to generate the public and private DH keys according to [PKCS3]. For a description of the parameters see ::_DX_DH_GeneratePubPrv. -*/ -#define CRYS_DH_PKCS3_GeneratePubPrv(rndState_ptr, rndGenerateVectFunc, Generator_ptr,GeneratorSize,\ - Prime_ptr,PrimeSize,\ - L,\ - tmpPubKey_ptr,tmpPrimeData_ptr,\ - ClientPrvKey_ptr,ClientPrvKeySize_ptr,\ - ClientPub_ptr,ClientPubSize_ptr)\ - _DX_DH_GeneratePubPrv(rndState_ptr, rndGenerateVectFunc, (Generator_ptr),(GeneratorSize),\ - (Prime_ptr),(PrimeSize),\ - (L),\ - (uint8_t *)NULL,(uint16_t)0,\ - CRYS_DH_PKCS3_mode,\ - (tmpPubKey_ptr),(tmpPrimeData_ptr),\ - (ClientPrvKey_ptr),(ClientPrvKeySize_ptr),\ - (ClientPub_ptr),(ClientPubSize_ptr)) - -/*! -This macro is used to generate the public and private DH keys according to [ANSI X9.42]. For a description of the parameters see ::_DX_DH_GeneratePubPrv. -*/ -#define CRYS_DH_ANSI_X942_GeneratePubPrv(rndState_ptr, rndGenerateVectFunc, Generator_ptr,GeneratorSize,Prime_ptr,PrimeSize,\ - Q_ptr,QSize,\ - tmpPubKey_ptr,tmpPrimeData_ptr,\ - ClientPrvKey_ptr,ClientPrvKeySize_ptr,\ - ClientPub_ptr,ClientPubSize_ptr)\ - _DX_DH_GeneratePubPrv(rndState_ptr, rndGenerateVectFunc, (Generator_ptr),(GeneratorSize),\ - (Prime_ptr),(PrimeSize),\ - (uint16_t)0,\ - (Q_ptr),(QSize),\ - CRYS_DH_ANSI_X942_mode,\ - (tmpPubKey_ptr),(tmpPrimeData_ptr),\ - (ClientPrvKey_ptr),(ClientPrvKeySize_ptr),\ - (ClientPub_ptr),(ClientPubSize_ptr)) - - -/*******************************************************************************************/ -/*! -@brief This function computes the shared secret key (value) accordng to [ANSI X9.42], 7.5.1: - SecretKey = ServerPubKey ^ ClientPrvKey mod Prime. -\note
    • All buffer parameters should be in Big-Endian form.
      • -
    • The user must obtain assurance of validity of the public key, using one of methods, -described in [ANSI X9.42] paragraph 7.4.
      • -
    • The actual size of the private key (in bits) must be not less than 2 and not greater than the actual -size of the Prime (modulus in bits).
    - -@return CRYS_OK on success. -@return A non-zero value on failure as defined in crys_dh_error.h or crys_rsa_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_DH_GetSecretKey( - uint8_t *ClientPrvKey_ptr, /*!< [in] Pointer to the Private key octet string Prv < Prime. */ - uint16_t ClientPrvKeySize, /*!< [in] The Private key Size (in bytes). */ - uint8_t *ServerPubKey_ptr, /*!< [in] Pointer to the Server public key octet string. */ - uint16_t ServerPubKeySize, /*!< [in] The Server Public key Size (in bytes). */ - uint8_t *Prime_ptr, /*!< [in] Pointer to the Prime octet string. */ - uint16_t PrimeSize, /*!< [in] The size of the Prime string. */ - CRYS_DHUserPubKey_t *tmpPubKey_ptr, /*!< [in] Pointer to the public key structure. Used for the exponentiation - operation function. Need not be initialized. */ - CRYS_DHPrimeData_t *tmpPrimeData_ptr, /*!< [in] Pointer to a structure containing internal temp buffers. */ - uint8_t *SecretKey_ptr, /*!< [out] Pointer to the secret key octet string. This buffer should be at - least PrimeSize bytes. */ - uint16_t *SecretKeySize_ptr /*!< [in/out] Pointer to the secret key Buffer Size. This buffer should be at - least of PrimeSize bytes: -
    • Input - size of the given buffer.
      • -
    • Output - actual size.
    */ -); - - -/******************************************************************************************/ -/*! -@brief This function extracts the shared secret keying data from the shared secret value. It should be called by using -macros ::CRYS_DH_X942_GetSecretDataAsn1 and ::CRYS_DH_X942_GetSecretDataConcat. - -\note -
    • The "other info" argument and its AlgorithmID entry are mandatory only for ASN1 key derivation, and optional for -the other derivation modes.
      • -
    • If used, all entries of the structure should be initialized with relevant data and size, prior to calling this function -(entry size of empty fields must be set to 0).
      • -
    • All buffers arguments are represented in Big-Endian form.
    - -@return CRYS_OK on success. -@return A non-zero value on failure as defined in crys_dh_error.h, crys_rsa_error.h, crys_kdf_error.h or crys_hash_error.h. -*/ - CIMPORT_C CRYSError_t CRYS_DH_X942_GetSecretData( - uint8_t *ClientPrvKey_ptr, /*!< [in] Pointer to the Private key octet string. */ - uint16_t ClientPrvKeySize, /*!< [in] The Private key size (in bytes). */ - uint8_t *ServerPubKey_ptr, /*!< [in] Pointer to the Server public key octet string. */ - uint16_t ServerPubKeySize, /*!< [in] The Server Public key size (in bytes). */ - uint8_t *Prime_ptr, /*!< [in] Pointer to the Prime octet string. */ - uint16_t PrimeSize, /*!< [in] The size of the Prime string. */ - CRYS_DH_OtherInfo_t *otherInfo_ptr, /*!< [in] Pointer to structure containing other data, shared by two entities - sharing the secret keying data. - The Maximal size of each data entry of "other info" is limited - see crys_kdf.h - for the defined value. */ - CRYS_DH_HASH_OpMode_t hashMode, /*!< [in] One of the supported SHA-x HASH modes. The supported modes are according to the supported - HASH modes for the product (and MD5 is not supported). */ - CRYS_DH_DerivationFunc_Mode DerivFunc_mode, /*!< [in] The enumerator ID of key derivation function mode. ASN1 or Concatenation - modes are supported. */ - CRYS_DH_Temp_t *tmpBuff_ptr, /*!< [in] A pointer to the DH temp buffer structure. Not initialized. */ - uint8_t *SecretKeyingData_ptr, /*!< [out] Pointer to the secret key octet string. This buffer should be at least - PrimeSize bytes. */ - uint16_t SecretKeyingDataSize /*!< [in] The required Secret Keying data size (in bytes). Must be larger than 0, - and smaller than the maximal - CRYS_DH_MAX_SIZE_OF_KEYING_DATA. */ -); - -/****************************************************************/ -/*! -This macro implements the DH [ANSI X9.42] standard. It derives a secret key using the Derivation function based on ASN.1. For a -description of the parameters see ::CRYS_DH_X942_GetSecretData.*/ -#define CRYS_DH_X942_GetSecretDataAsn1(ClientPrvKey_ptr,ClientPrvKeySize,ServerPubKey_ptr,ServerPubKeySize,Prime_ptr,PrimeSize,otherInfo_ptr,hashMode,tmpBuff_ptr,SecretKeyingData_ptr,SecretKeyingDataSize)\ - CRYS_DH_X942_GetSecretData((ClientPrvKey_ptr),(ClientPrvKeySize),(ServerPubKey_ptr),(ServerPubKeySize),(Prime_ptr),(PrimeSize),(otherInfo_ptr),(hashMode),(CRYS_DH_ASN1_Der_mode),(tmpBuff_ptr),(SecretKeyingData_ptr),(SecretKeyingDataSize)) -/*! -This macro implements the DH [ANSI X9.42] standard. It derives a secret key using the Derivation function based on concatenation of HASHed data. -For a description of the parameters see ::CRYS_DH_X942_GetSecretData.*/ -#define CRYS_DH_X942_GetSecretDataConcat(ClientPrvKey_ptr,ClientPrvKeySize,ServerPubKey_ptr,ServerPubKeySize,Prime_ptr,PrimeSize,otherInfo_ptr,hashMode,tmpBuff_ptr,SecretKeyingData_ptr,SecretKeyingDataSize)\ - CRYS_DH_X942_GetSecretData((ClientPrvKey_ptr),(ClientPrvKeySize),(ServerPubKey_ptr),(ServerPubKeySize),(Prime_ptr),(PrimeSize),(otherInfo_ptr),(hashMode),(CRYS_DH_Concat_Der_mode),(tmpBuff_ptr),(SecretKeyingData_ptr),(SecretKeyingDataSize)) - - -/****************************************************************/ -/*! -@brief The function computes shared secret data using two pairs of public and private keys: - -
    • SecretKey1 = ServerPubKey1^ClientPrvKey1 mod Prime.
      • -
    • SecretKey2 = ServerPubKey2^ClientPrvKey2 mod Prime.
    -It uses the Derivation function to derive secret keying data from the two secret keys (values). -This function may be called directly, or by using macros ::CRYS_DH_X942_HybridGetSecretDataAsn1 and ::CRYS_DH_X942_HybridGetSecretDataConcat -described above. - -\note -
    • The "other info" argument and its AlgorithmID entry are mandatory only for ASN1 key derivation, and optional for the other derivation modes.
      • -If used, all entries of the structure should be initialized with relevant data and size, prior to calling this function -(entry size of empty fields must be set to 0). -
    • All buffers arguments are represented in Big-Endian form.
    - -@return CRYS_OK on success. -@return A non-zero value on failure as defined in crys_dh_error.h, crys_rsa_error.h or crys_hash_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_DH_X942_HybridGetSecretData( - uint8_t *ClientPrvKey_ptr1, /*!< [in] Pointer to the First Private key octet string number. */ - uint16_t ClientPrvKeySize1, /*!< [in] The First Private key Size (in bytes). */ - uint8_t *ClientPrvKey_ptr2, /*!< [in] Pointer to the Second Private key octet string. */ - uint16_t ClientPrvKeySize2, /*!< [in] The Second Private key Size (in bytes). */ - uint8_t *ServerPubKey_ptr1, /*!< [in] Pointer to the First Server public key octet string. */ - uint16_t ServerPubKeySize1, /*!< [in] The First Server Public key Size (in bytes). */ - uint8_t *ServerPubKey_ptr2, /*!< [in] Pointer to the Second Server public key octet string. */ - uint16_t ServerPubKeySize2, /*!< [in] The Second Server Public key Size (in bytes). */ - uint8_t *Prime_ptr, /*!< [in] Pointer to the Prime octet string. */ - uint16_t PrimeSize, /*!< [in] The size of the Prime string. */ - CRYS_DH_OtherInfo_t *otherInfo_ptr, /*!< [in] Pointer to structure containing optional other data, shared by two entities - sharing the secret keying data. */ - CRYS_DH_HASH_OpMode_t hashMode, /*!< [in] One of the supported SHA-x HASH modes. The supported modes are according to the supported - HASH modes for the product (and MD5 is not supported). */ - CRYS_DH_DerivationFunc_Mode DerivFunc_mode, /*!< [in] The type of function to use to derive the secret key to the key data. - ASN.1 or Concatenation modes are supported. */ - CRYS_DH_HybrTemp_t *tmpDhHybr_ptr, /*!< [in] Pointer to a CRYS_DH_Temp_t structure that contains temp buffers for - internal operations. */ - uint8_t *SecretKeyingData_ptr, /*!< [out] Pointer to the secret key octet string. This buffer should be at least - of size PrimeSize bytes. */ - uint16_t SecretKeyingDataSize /*!< [in] The required Secret Keying data size (in bytes). Must be larger than 0, - and smaller than CRYS_DH_MAX_SIZE_OF_KEYING_DATA. */ -); - - -/****************************************************************/ -/*! -This macro implements the DH [X9.42] standard deriving a hybrid secret key from two public-private pair of keys using the Derivation function based on ASN.1. -For a description of the parameters see ::CRYS_DH_X942_HybridGetSecretData.*/ -#define CRYS_DH_X942_HybridGetSecretDataAsn1(ClientPrvKey_ptr1,ClientPrvKeySize1,ClientPrvKey_ptr2,ClientPrvKeySize2,ServerPubKey_ptr1,ServerPubKeySize1,ServerPubKey_ptr2,ServerPubKeySize2,Prime_ptr,PrimeSize,otherInfo_ptr,hashFunc,tmpDhHybr_ptr,SecretKeyingData_ptr,SecretKeyingDataSize)\ - CRYS_DH_X942_HybridGetSecretData((ClientPrvKey_ptr1),(ClientPrvKeySize1),(ClientPrvKey_ptr2),(ClientPrvKeySize2),(ServerPubKey_ptr1),(ServerPubKeySize1),(ServerPubKey_ptr2),(ServerPubKeySize2),(Prime_ptr),(PrimeSize),(otherInfo_ptr),(hashFunc),CRYS_DH_ASN1_Der_mode,(tmpDhHybr_ptr),(SecretKeyingData_ptr),(SecretKeyingDataSize)) - -/*! -This macro implements the DH [X9.42] standard, deriving a hybrid secret key from two pairs of public-private keys, using the Derivation -function based on concatenation using SHA-x HASH. For a description of the parameters see ::CRYS_DH_X942_HybridGetSecretData. -*/ -#define CRYS_DH_X942_HybridGetSecretDataConcat(ClientPrvKey_ptr1,ClientPrvKeySize1,ClientPrvKey_ptr2,ClientPrvKeySize2,ServerPubKey_ptr1,ServerPubKeySize1,ServerPubKey_ptr2,ServerPubKeySize2,Prime_ptr,PrimeSize,otherInfo_ptr,hashFunc,tmpDhHybr_ptr,SecretKeyingData_ptr,SecretKeyingDataSize)\ - CRYS_DH_X942_HybridGetSecretData((ClientPrvKey_ptr1),(ClientPrvKeySize1),(ClientPrvKey_ptr2),(ClientPrvKeySize2),(ServerPubKey_ptr1),(ServerPubKeySize1),(ServerPubKey_ptr2),(ServerPubKeySize2),(Prime_ptr),(PrimeSize),(otherInfo_ptr),(hashFunc),CRYS_DH_Concat_Der_mode,(tmpDhHybr_ptr),(SecretKeyingData_ptr),(SecretKeyingDataSize)) - - -/******************************************************************************************/ -/*! -@brief The function checks the obtained DH public key according to its domain parameters [ANSI X9.42-2001] - -\note -Assuming: The DH domain parameters are valid. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined in crys_dh_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_DH_CheckPubKey( - uint8_t *modP_ptr, /*!< [in] The pointer to the modulus (prime) P. */ - uint32_t modPsizeBytes, /*!< [in] The modulus size in bytes. */ - uint8_t *orderQ_ptr, /*!< [in] The pointer to the prime order Q of generator. */ - uint32_t orderQsizeBytes, /*!< [in] The size of order of generator in bytes. */ - uint8_t *pubKey_ptr, /*!< [in] The pointer to the public key to be validated. */ - uint32_t pubKeySizeBytes, /*!< [in] The public key size in bytes. */ - CRYS_DH_Temp_t *tempBuff_ptr /*!< [in] The temp buffer for internal calculations. */ -); - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_dh_error.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_dh_error.h deleted file mode 100644 index c9a7ff6..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_dh_error.h +++ /dev/null @@ -1,158 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - -#ifndef CRYS_DH_ERROR_H -#define CRYS_DH_ERROR_H - - -#include "crys_error.h" - - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! -@file -@brief This file contains error codes definitions for CRYS DH module. -@defgroup crys_dh_error CryptoCell DH specific errors -@{ -@ingroup crys_dh -*/ -/************************ Defines ******************************/ -/* DH module on the CRYS layer base address - 0x00F00500 */ -/*! The CRYS DH module errors */ -/*! Illegal input pointer.*/ -#define CRYS_DH_INVALID_ARGUMENT_POINTER_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x0UL) -/*! Illegal input size.*/ -#define CRYS_DH_INVALID_ARGUMENT_SIZE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x1UL) -/*! Illegal operation mode.*/ -#define CRYS_DH_INVALID_ARGUMENT_OPERATION_MODE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x2UL) -/*! Illegal hash mode.*/ -#define CRYS_DH_INVALID_ARGUMENT_HASH_MODE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x3UL) - -/*! Illegal secret key data size. */ -#define CRYS_DH_SECRET_KEYING_DATA_SIZE_ILLEGAL_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x4UL) -/*! Illegal L input. */ -#define CRYS_DH_INVALID_L_ARGUMENT_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x5UL) -/*! Prime is smaller than generator. */ -#define CRYS_DH_ARGUMENT_PRIME_SMALLER_THAN_GENERATOR_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x6UL) -/*! Generator is smaller than zero. */ -#define CRYS_DH_ARGUMENT_GENERATOR_SMALLER_THAN_ZERO_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x7UL) -/*! Illegal private key size. */ -#define CRYS_DH_ARGUMENT_PRV_SIZE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x8UL) -/*! Illegal buffer size. */ -#define CRYS_DH_ARGUMENT_BUFFER_SIZE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x9UL) -/*! Invalid shared secret value. */ -#define CRYS_DH_INVALID_SHARED_SECRET_VALUE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0xAUL) -/*! DH is not supported. */ -#define CRYS_DH_IS_NOT_SUPPORTED (CRYS_DH_MODULE_ERROR_BASE + 0xFUL) -/*! Illegal X942 hybrid buffer size.*/ -#define CRYS_DH_X942_HYBRID_SIZE1_BUFFER_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x15UL) - -/*The requested derived secret key size is invalid*/ -/*! Illegal secret key size .*/ -#define CRYS_DH_SECRET_KEY_SIZE_NEEDED_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x16UL) -/*! Illegal output secret key size .*/ -#define CRYS_DH_SECRET_KEY_SIZE_OUTPUT_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x17UL) -/*! Illegal otherInfo size .*/ -#define CRYS_DH_OTHERINFO_SIZE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x18UL) - -/* DH domain and key generation and checking errors */ -/*! Illegal modulus size. */ -#define CRYS_DH_INVALID_MODULUS_SIZE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x20UL) -/*! Illegal order size. */ -#define CRYS_DH_INVALID_ORDER_SIZE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x21UL) -/*! Illegal seed size. */ -#define CRYS_DH_INVALID_SEED_SIZE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x22UL) -/*! Illegal J factor pointer size. */ -#define CRYS_DH_INVALID_J_FACTOR_PTR_OR_SIZE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x23UL) -/*! Illegal generator pointer or size. */ -#define CRYS_DH_INVALID_GENERATOR_PTR_OR_SIZE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x24UL) - -/*! Illegal domain primes. */ -#define CRYS_DH_CHECK_DOMAIN_PRIMES_NOT_VALID_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x25UL) -/*! Illegal domain generator. */ -#define CRYS_DH_CHECK_DOMAIN_GENERATOR_NOT_VALID_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x26UL) -/*! Illegal public key size. */ -#define CRYS_DH_INVALID_PUBLIC_KEY_SIZE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x27UL) -/*! Illegal public key. */ -#define CRYS_DH_CHECK_PUB_KEY_NOT_VALID_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x28UL) -/*! Illegal generator size or pointer. */ -#define CRYS_DH_CHECK_GENERATOR_SIZE_OR_PTR_NOT_VALID_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x29UL) -/*! Illegal seed size or pointer. */ -#define CRYS_DH_CHECK_SEED_SIZE_OR_PTR_NOT_VALID_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x2AUL) -/*! Illegal generator. */ -#define CRYS_DH_CHECK_GENERATOR_NOT_VALID_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x2BUL) -/*! Prime generation failed. */ -#define CRYS_DH_PRIME_P_GENERATION_FAILURE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x2CUL) -/*! Illegal public key. */ -#define CRYS_DH_INVALID_PUBLIC_KEY_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x2DUL) -/*! Illegal seed. */ -#define CRYS_DH_PASSED_INVALID_SEED_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x2EUL) -/*! Prime generation failed. */ -#define CRYS_DH_PRIME_Q_GENERATION_FAILURE_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x2FUL) -/*! Internal PKI error */ -#define CRYS_DH_PKI_INTERNAL_ERROR (CRYS_DH_MODULE_ERROR_BASE + 0x30UL) - - - -/************************ Enums ********************************/ - - -/************************ Typedefs ****************************/ - - -/************************ Structs ******************************/ - - -/************************ Public Variables **********************/ - - -/************************ Public Functions **********************/ - - - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_dh_kg.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_dh_kg.h deleted file mode 100644 index 1565428..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_dh_kg.h +++ /dev/null @@ -1,203 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - - -#ifndef _CRYS_DH_KG_H -#define _CRYS_DH_KG_H - - -#include "crys_dh.h" - - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! @file -@brief This module defines the API that supports Diffie-Hellman domain. -@defgroup crys_dh_kg CryptoCell DH Key Generation APIs -@{ -@ingroup crys_dh -*/ - -/************************ Defines ******************************/ -/*! Minimal size of DH seed in bytes. */ -#define CRYS_DH_SEED_MIN_SIZE_IN_BYTES CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES -/*! Minimal size of DH seed in bits. */ -#define CRYS_DH_SEED_MIN_SIZE_IN_BITS (CRYS_DH_SEED_MIN_SIZE_IN_BYTES * 8) - -/************************ Enums ********************************/ - - -/************************ Typedefs ****************************/ - -/* temp buffers, used in different DH KG functions */ - -/*! Temporary data buffer structure for domain parameters generation in DH. */ -typedef struct CRYS_DHKGData_t -{ - /* The aligned input and output temp buffers */ - /*! Temporary buffer. */ - uint32_t TempBuff1[CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS]; - /*! Temporary buffer. */ - uint32_t TempBuff2[CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS]; - /*! Temporary buffer. */ - uint32_t TempBuff3[CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS]; - /*! Temporary buffer. */ - uint32_t TempBuff4[CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS]; - /*! Temporary buffer. */ - uint32_t TempBuff5[CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS]; - /*! Temporary buffer. */ - uint32_t TempBuff6[CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS]; - /*! Temporary buffer. */ - CRYS_DH_Temp_t ExpTemps; -}CRYS_DHKGData_t; - -/*! Temporary buffer structure . */ -typedef struct CRYS_DHKG_CheckTemp_t -{ - /*! Temporary buffer. */ - uint32_t CheckTempBuff[3*CRYS_DH_MAX_MOD_BUFFER_SIZE_IN_WORDS]; - /*! Temporary buffer. */ - CRYS_DHKGData_t DhKgBuff; -}CRYS_DHKG_CheckTemp_t; - -/*! DH Domain generation values definitions */ -/*! Minimal modulus size for X942 - 1024.*/ -#define DH_X942_PRIME_MOD_MIN_VAL 1024 -/*! Maximal modulus size for X942 - 2048.*/ -#define DH_X942_PRIME_MOD_MAX_VAL 2048 -/*! PGeneration counter for X942 - 4096.*/ -#define DH_X942_PGEN_COUNTER_CONST 4096 -/*! HASH size in bits for X942 - 160.*/ -#define DH_X942_HASH_SIZE_BITS 160 -/*! Maximal allowed ratio between modulus and generator order sizes (by implementation) */ -#define DH_MAX_RATIO_MODULO_TO_ORDER 4 - -/************************ Structs ******************************/ - -/************************ Public Variables **********************/ - -/************************ Public Functions **********************/ - - -/******************************************************************************************/ -/*! -@brief This function generates DH domain parameters in Galois prime field according to standard [ANS X9.42]. -It receives the required sizes (in bits) of the modulus, the generator's order, and the seed, and then generates -the prime modulus and the generator according to given sizes. -If generateSeed argument is set to 1, the function generates and outputs the random seed. Otherwise (if set to 0), -the seed has to be passed as an input argument. According to implementation the seed should be not greate, than (2^seedSizeBits - 2^32). -The seed and some additional parameters, generated by the function (factorJ, pgenCounter), are used for checking -that all domain parameters are generated according to the standard and not forged. -\note All buffer parameters should be in Big-Endian form. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_dh_error.h, crys_rnd_error.h or crys_hash_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_DH_CreateDomainParams( - void *rndState_ptr, /*!< [in/out] Pointer to the RND state structure. */ - SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to a random vector generation function. */ - uint32_t modPsizeBits, /*!< [in] Size of the modulus (Prime) in bits equal 256*n, where n >= 4. FIPS 186-4 - defines sizes 1024 and 2048 bit. */ - uint32_t orderQsizeBits, /*!< [in] Size of the Generator's order in bits. FIPS 186-4 defines orderQSizeBits = 160 - for modulus 1024 bit and 224 or 256 bit for modPSizeBits = 2048. We not recommend - sizes > 256 and returns an error if orderQSizeBits > modPSizeBits/4 */ - uint32_t seedSizeBits, /*!< [in] Seed size in bits. Requirements: modPSizeBits >= seedSizeBits >= orderQSizeBits - (the first is required by our implementation). */ - uint8_t *modP_ptr, /*!< [out] Pointer to the modulus (prime) buffer. The size of the buffer for output - generated value must be no less than given modulus size. */ - uint8_t *orderQ_ptr, /*!< [out] Pointer to the order Q of generator. The size of the buffer for output generated - value must be no less than the given order size. */ - uint8_t *generatorG_ptr, /*!< [out] Pointer to the generator of multiplicative subgroup in GF(P). - If the user does not need this output, then both the pointer and the buffer size - must be set to 0. */ - uint32_t *generGsizeBytes_ptr, /*!< [in/out] Pointer to the one word buffer for outputting the generator's size. - The passed size (if needed) must be not less than modulus size and the function - returns the actual size of the generator. */ - uint8_t *factorJ_ptr, /*!< [out] Pointer to the buffer for integer factor J. If NULL, the function does not output - this parameter (in this case JsizeBytes_ptr also must be set to NULL, else the function - returns an error). */ - uint32_t *JsizeBytes_ptr, /*!< [in/out] Pointer to the size of integer factor J. If NULL, the function does not output - this parameter. */ - uint8_t *seedS_ptr, /*!< [in/out] Random seed used for prime generation. The size of the buffer must be - at least the seed size. */ - int8_t generateSeed, /*!< [in] Flag, defining whether the seed should be generated randomly by the function - (1) or is passed by the user (0). */ - uint32_t *pgenCounter_ptr, /*!< [out] Pointer to counter of tries to generate the primes. If NULL, the function does not - output this parameter. */ - CRYS_DHKGData_t *DHKGbuff_ptr /*!< [out] The temp buffer of defined structure for internal calculations. */ -); - - -/******************************************************************************************/ -/*! -@brief This function receives DH domain parameters, seed and prime generation counter and then verifies -that the domain was created according to the standard [ANS X9.42]. -According to implementation, the value of the user passed seed should be not -greate, than (2^seedSizeBits - 2^32), otherwise an error is returned. -\note All buffer parameters should be in Big-Endian form. For more detailed -description of the parameters see ::CRYS_DH_CreateDomainParams. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_dh_error.h, crys_rnd_error.h or crys_hash_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_DH_CheckDomainParams( - void *rndState_ptr, /*!< [in/out] Pointer to the RND state. */ - SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in/out] Pointer to the RND Generate vector function pointer. */ - uint8_t *modP_ptr, /*!< [in] Pointer to the modulus (Prime). */ - uint32_t modPsizeBytes, /*!< [in] Size of the modulus (Prime) in bytes. */ - uint8_t *orderQ_ptr, /*!< [in] Pointer to the order Q of generator. The size of the buffer for output - generated value must be no less than the order size. */ - uint32_t orderQsizeBytes, /*!< [in] Size of the Generator's order in bytes. */ - uint8_t *generatorG_ptr, /*!< [in] Pointer to the generator of the multiplicative subgroup in GF(P). */ - uint32_t generatorSizeBytes, /*!< [in] Size of the generator in bytes. */ - uint8_t *seedS_ptr, /*!< [in] Random seed used for prime generation. */ - uint32_t seedSizeBits, /*!< [in] Seed size in bits. */ - uint32_t pgenCounter, /*!< [in] Counter of prime generation attempts. */ - CRYS_DHKG_CheckTemp_t *checkTempBuff_ptr /*!< [in] Temporary buffer for internal calculations. */ - -); - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ec_edw_api.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ec_edw_api.h deleted file mode 100644 index 6d54471..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ec_edw_api.h +++ /dev/null @@ -1,201 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - -#ifndef CRYS_EC_EDW_API_H -#define CRYS_EC_EDW_API_H - -#include "ssi_pal_types.h" -#include "crys_hash.h" -#include "crys_rnd.h" -#include "crys_pka_defs_hw.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/*! -@defgroup cryptocell_ec CryptoCell EC 25519 curve APIs -@{ -@ingroup cryptocell_api -@brief This group is the cryptocell EC 25519 curve root group -@} - -@file -@brief This file contains the CRYS APIs used for EC EDW (Edwards) ed25519 algorithms. -@defgroup crys_ec_edw CryptoCell EC Edwards APIs -@{ -@ingroup cryptocell_ec - -\note Algorithms of Montgomery and Edwards elliptic curves cryptography were developed by - Daniel.J.Bernstein. -*/ - -/*! EC Edwards ed25519 modulus and order sizes in bits, words and bytes. */ -/*! EC Edwards modulus size in bits. */ -#define CRYS_ECEDW_MOD_SIZE_IN_BITS 255U /*!<\internal MOD - EC Edw modulus size*/ -/*! EC Edwards order size in bits. */ -#define CRYS_ECEDW_ORD_SIZE_IN_BITS 255U /*!<\internal ORD - EC Edw generator order size*/ -/*! EC Edwards nodulus size in words. */ -#define CRYS_ECEDW_MOD_SIZE_IN_32BIT_WORDS ((CRYS_ECEDW_MOD_SIZE_IN_BITS + SASI_BITS_IN_32BIT_WORD - 1) / SASI_BITS_IN_32BIT_WORD) -/*! EC Edwards modulus size in bytes. */ -#define CRYS_ECEDW_MOD_SIZE_IN_BYTES (CRYS_ECEDW_MOD_SIZE_IN_32BIT_WORDS * SASI_32BIT_WORD_SIZE) -/*! EC Edwards order size in words. */ -#define CRYS_ECEDW_ORD_SIZE_IN_32BIT_WORDS ((CRYS_ECEDW_ORD_SIZE_IN_BITS + SASI_BITS_IN_32BIT_WORD - 1) / SASI_BITS_IN_32BIT_WORD) -/*! EC Edwards order size in bytes. */ -#define CRYS_ECEDW_ORD_SIZE_IN_BYTES (CRYS_ECEDW_ORD_SIZE_IN_32BIT_WORDS * SASI_32BIT_WORD_SIZE) - -/*! Constant sizes of special EC_MONT buffers and arrays */ -/*! EC Edwards seed size in bytes. */ -#define CRYS_ECEDW_SEED_BYTES CRYS_ECEDW_MOD_SIZE_IN_BYTES -/*! EC Edwards secret key size in bytes. */ -#define CRYS_ECEDW_SECRET_KEY_BYTES (2 * CRYS_ECEDW_MOD_SIZE_IN_BYTES) -/*! EC Edwards signatue size in bytes. */ -#define CRYS_ECEDW_SIGNATURE_BYTES (2 * CRYS_ECEDW_ORD_SIZE_IN_BYTES) -/*! EC Edwards scalar size in bytes. */ -#define CRYS_ECEDW_SCALAR_BYTES CRYS_ECEDW_ORD_SIZE_IN_BYTES -/*! EC Edwards scalar multiplication size in bytes. */ -#define CRYS_ECEDW_SCALARMULT_BYTES CRYS_ECEDW_MOD_SIZE_IN_BYTES - -/*! EC_EDW temp buffer size definition. */ -#define CRYS_ECEDW_TEMP_BUFF_SIZE_IN_32BIT_WORD (10*CRYS_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_WORDS + (sizeof(CRYS_HASHUserContext_t)+SASI_32BIT_WORD_SIZE-1)/SASI_32BIT_WORD_SIZE) - -/*! EC_EDW temp buffer type definition. */ -typedef struct { - /*! Internal buffer. */ - uint32_t buff[CRYS_ECEDW_TEMP_BUFF_SIZE_IN_32BIT_WORD]; -} CRYS_ECEDW_TempBuff_t; - - -/******************************************************************************/ -/*! -@brief The function creates EC Edwards signature on the message. -\note Used detached form of signature, separated from the message. - Implemented algorithm of Bernstein D. etc. sign ed25519. - -@return CRYS_OK on success, -@return A non-zero value on failure as defined crys_ec_mont_edw_error.h or crys_hash_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_ECEDW_Sign ( - uint8_t *pSign, /*!< [out] Pointer to the detached signature. */ - size_t *pSignSize, /*!< [in/out] Pointer to the total size of the signature ; - In - the buffer size, which (must be at least 2*EC order size); - Out - the actual size of output data. */ - const uint8_t *pMsg, /*!< [in] Pointer to the message. */ - size_t msgSize, /*!< [in] Message size in bytes: must be less, than - (CRYS_HASH_UPDATE_DATA_MAX_SIZE_IN_BYTES - 2*(EC_EDW modulus size)). */ - const uint8_t *pSignSecrKey, /*!< [in] Pointer to the signer secret key (seed || pulKey) */ - size_t secrKeySize, /*!< [in] Size of signer secret key in bytes: (must be 2*EC order size). */ - CRYS_ECEDW_TempBuff_t *pTempBuff /*!< [in] Pointer to the temp buffer. */); - - - -/******************************************************************************/ -/*! -@brief The function verifies the EC Edwards ed25519 signature on the message. -\note The input signature is in detached form, i.e. separated from the message. - -@return CRYS_OK on success, -@return A non-zero value on failure as defined crys_ec_mont_edw_error.h or crys_hash_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_ECEDW_Verify( - const uint8_t *pSign, /*!< [in] Pointer to detached signature, i.e. the - signature is separated from the message. */ - size_t signSize, /*!< [in] Size of the signature in bytes, it must be - equal to two EC Order size in bytes. */ - const uint8_t *pSignPublKey, /*!< [in] Pointer to signer public key. */ - size_t publKeySize, /*!< [in] Size of the signer public key in bytes; must be - equal to EC modulus size. */ - uint8_t *pMsg, /*!< [in] Pointer to the message. */ - size_t msgSize, /*!< [in] Pointer to the message size in bytes. Must be less than - (CRYS_HASH_UPDATE_DATA_MAX_SIZE_IN_BYTES - 2*(EC_EDW modulus size)). */ - CRYS_ECEDW_TempBuff_t *pTempBuff /*!< [in] Pointer to the temp buffer, for internal use. */); - - -/******************************************************************************/ -/*! -@brief The function randomly generates Ec ed25519 private and public keys - using given seed. - The generation is performed using EC Edwards ed25519 algorithm. - -@return CRYS_OK on success, -@return A non-zero value on failure as defined crys_ec_mont_edw_error.h or crys_hash_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_ECEDW_SeedKeyPair ( - const uint8_t *pSeed, /*!< [in] Pointer to the given seed. */ - size_t seedSize, /*!< [in] Size of the seed in bytes, must be equal the EC order size - in bytes. */ - uint8_t *pSecrKey, /*!< [out] Pointer to the secret key, including the seed, concatenated - with the public key. */ - size_t *pSecrKeySize, /*!< [in/out] Pointer to the size of the secret key buffer in bytes - (must be at least 2*EC order size). */ - uint8_t *pPublKey, /*!< [out] Pointer to the public key. */ - size_t *pPublKeySize, /*!< [in/out] Pointer to the size of the public key in bytes. - In - the size of buffer must be at least EC modulus size; - Out - the actual size. */ - CRYS_ECEDW_TempBuff_t *pTempBuff /*!< [in] Pointer to the temp buffer, for internal use. */); - -/*******************************************************************/ -/*! - @brief The function randomly generates the EC Edwards ed25519 private and - public keys. - The generation is performed using EC Edwards ed25519 algorithm. - -@return CRYS_OK on success, -@return A non-zero value on failure as defined crys_ec_mont_edw_error.h, crys_hash_error.h or crys_rnd_error. -*/ -CIMPORT_C CRYSError_t CRYS_ECEDW_KeyPair ( - uint8_t *pSecrKey, /*!< [out] Pointer to the secret key (including seed and public key). */ - size_t *pSecrKeySize, /*!< [in/out] Pointer to the size of the secret key in bytes, - (must be at least 2*EC order size). */ - uint8_t *pPublKey, /*!< [out] Pointer to the public key. */ - size_t *pPublKeySize, /*!< [in/out] - Pointer to the size of the public key in bytes. - In - the size of buffer must be at least EC modulus size; - Out - the actual size. */ - void *pRndState, /*!< [in/out] Pointer to the RND state structure. */ - SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to the random vector generation function. */ - CRYS_ECEDW_TempBuff_t *pTempBuff /*!< [in] Pointer to the temp buffer. */); - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif - - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ec_mont_api.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ec_mont_api.h deleted file mode 100644 index 57ab9d7..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ec_mont_api.h +++ /dev/null @@ -1,213 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - -#ifndef CRYS_ECMONT_API_H -#define CRYS_ECMONT_API_H - -#include "ssi_pal_types.h" -#include "crys_rnd.h" -#include "crys_pka_defs_hw.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/*! -@file -@brief This file contains the CRYS APIs used for EC MONT (Montgomery Curve25519) algorithms. -@defgroup crys_ec_mont CryptoCell EC Montgomery APIs -@{ -@ingroup cryptocell_ec - - -\note Implemented algorithms according to Montgomery elliptic curves cryptography, - developed by Daniel J.Bernstein etc. -*/ - -/*! EC Montgomery curve25519 modulus size in bits, words and bytes */ -/*! EC Montgomery modulus size in bits. */ -#define CRYS_ECMONT_MOD_SIZE_IN_BITS 255U -/*! EC Montgomery modulus size in words. */ -#define CRYS_ECMONT_MOD_SIZE_IN_32BIT_WORDS ((CRYS_ECMONT_MOD_SIZE_IN_BITS + SASI_BITS_IN_32BIT_WORD - 1) / SASI_BITS_IN_32BIT_WORD) -/*! EC Montgomery modulus size in bytes. */ -#define CRYS_ECMONT_MOD_SIZE_IN_BYTES ((CRYS_ECMONT_MOD_SIZE_IN_BITS + SASI_BITS_IN_32BIT_WORD - 1) / sizeof(uint32_t)) - -/*! Constant sizes of special EC_MONT buffers and arrays */ -/*! EC Montgomery scalar size in bytes. */ -#define CRYS_ECMONT_SCALARBYTES (CRYS_ECMONT_MOD_SIZE_IN_32BIT_WORDS * SASI_32BIT_WORD_SIZE) -/*! EC Montgomery scalar multiplication size in bytes. */ -#define CRYS_ECMONT_SCALARMULTBYTES (CRYS_ECMONT_MOD_SIZE_IN_32BIT_WORDS * SASI_32BIT_WORD_SIZE) -/*! EC Montgomery scalar seed size in bytes. */ -#define CRYS_ECMONT_SEEDBYTES (CRYS_ECMONT_MOD_SIZE_IN_32BIT_WORDS * SASI_32BIT_WORD_SIZE) - -/*! EC Montgomery domains ID-s enumerator. */ -typedef enum { - CRYS_ECMONT_DOMAIN_CURVE_25519, /*!< EC Curve25519. */ - /*! EC Montgomery last domain. */ - CRYS_ECMONT_DOMAIN_OFF_MODE, - /*! Reserved. */ - CRYS_ECMONT_DOMAIN_LAST = 0x7FFFFFFF -}CRYS_ECMONT_DomainId_t; - - -/*! EC_MONT scalar mult temp buffer type definition */ -typedef struct { - /*! Internal temporary buffer. */ - uint32_t ecMontScalarMultTempBuff[CRYS_EC_MONT_TEMP_BUFF_SIZE_IN_32BIT_WORDS]; // set needed -} CRYS_ECMONT_ScalrMultTempBuff_t; - -/*! EC_MONT temp buffer type definition */ -typedef struct { - /* Don't change sequence order of the buffers */ - /*! Internal temporary buffer. */ - uint32_t ecMontScalar[CRYS_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_WORDS]; - /*! Internal temporary buffer. */ - uint32_t ecMontResPoint[CRYS_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_WORDS]; - /*! Internal temporary buffer. */ - uint32_t ecMontInPoint[CRYS_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_WORDS]; - /*! Internal temporary buffer. */ - CRYS_ECMONT_ScalrMultTempBuff_t ecMontScalrMultTempBuff; // if needed -} CRYS_ECMONT_TempBuff_t; - - -/*********************************************************************/ -/*! -@brief The function performs EC Montgomery (Curve25519) scalar multiplication: - resPoint = scalar * point. - -@return CRYS_OK on success, -@return A non-zero value on failure as defined crys_ec_mont_edw_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_ECMONT_Scalarmult( - uint8_t *pResPoint, /*!< [out] Pointer to the public (secret) key. */ - size_t *pResPointSize, /*!< [in/out] Pointer to the size of the public key in bytes. - In - the size of the buffer. must be at least EC modulus - size (for curve25519 - 32 bytes). - Out - the actual size. */ - const uint8_t *pScalar, /*!< [in] Pointer to the secret (private) key. */ - size_t scalarSize, /*!< [in] Pointer to the size of the secret key in bytes; - must be equal to EC order size (for curve25519 - 32 bytes). */ - const uint8_t *pInPoint, /*!< [in] Pointer to the input point (compressed). */ - size_t inPointSize, /*!< [in] Size of the point - must be equal to CRYS_ECMONT_MOD_SIZE_IN_BYTES. */ - CRYS_ECMONT_TempBuff_t *pEcMontTempBuff /*!< [in] Pointer to temp buffer, for internal use. */); - - -/*********************************************************************/ -/*! -@brief The function performs EC Montgomery (Curve25519) scalar multiplication of base point: - res = scalar * base_point. - - Note: all byte arrays have LE order of bytes, i.e. LS byte is on left most place. - -@return CRYS_OK on success, -@return A non-zero value on failure as defined crys_ec_mont_edw_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_ECMONT_ScalarmultBase( - uint8_t *pResPoint, /*!< [out] Pointer to the public (secret) key. */ - size_t *pResPointSize, /*!< [in/out] Pointer to the size of the public key in bytes. - In - the size of buffer must be at least EC modulus size - (for curve25519 - 32 bytes); - Out - the actual size. */ - const uint8_t *pScalar, /*!< [in] Pointer to the secret (private) key. */ - size_t scalarSize, /*!< [in] Pointer to the size of the scalar in bytes - - must be equal to EC order size (for curve25519 - 32 bytes). */ - CRYS_ECMONT_TempBuff_t *pEcMontTempBuff /*!< [in] Pointer to temp buffer, for internal use. */); - - -/*******************************************************************/ -/*! -@brief The function randomly generates private and public keys for Montgomery - Curve25519. - - -\note
    • All byte arrays are in LE order of bytes, i.e. LS byte is on the left most place.
      • -
    • LS and MS bits of the Secret key are set according to EC Montgomery scalar mult. algorithm: - secrKey[0] &= 248; secrKey[31] &= 127; secrKey[31] |= 64;
    - -@return CRYS_OK on success, -@return A non-zero value on failure as defined crys_ec_mont_edw_error.h or crys_rnd_error.h. - -*/ -CIMPORT_C CRYSError_t CRYS_ECMONT_KeyPair ( - uint8_t *pPublKey, /*!< [out] Pointer to the public key. */ - size_t *pPublKeySize, /*!< [in/out] Pointer to the size of the public key in bytes. - In - the size of the buffer must be at least EC order size - (for curve25519 - 32 bytes); - Out - the actual size. */ - uint8_t *pSecrKey, /*!< [out] Pointer to the secret key, including. */ - size_t *pSecrKeySize, /*!< [in/out] Pointer to the size of buffer for the secret key in bytes - - must be at least EC order size (for curve25519 - 32 bytes). */ - void *pRndState, /*!< [in/out] Pointer to the RND state structure. */ - SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to the random vector generation function. */ - CRYS_ECMONT_TempBuff_t *pEcMontTempBuff /*!< [in] Pointer to the temp buffer, for internal use. */); - - -/*******************************************************************/ -/*! -@brief The function generates private and public keys for Montgomery algorithms. - - The generation performed using given seed. - - -@return CRYS_OK on success, -@return A non-zero value on failure as defined crys_ec_mont_edw_error.h or crys_hash_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_ECMONT_SeedKeyPair ( - uint8_t *pPublKey, /*!< [out] Pointer to the public (secret) key. */ - size_t *pPublKeySize, /*!< [in/out] Pointer to the size of the public key in bytes. - In - the size of buffer must be at least EC order size - (for curve25519 - 32 bytes); - Out - the actual size. */ - uint8_t *pSecrKey, /*!< [out] Pointer to the secret (private) key. */ - size_t *pSecrKeySize, /*!< [in/out] Pointer to the size of the secret key in bytes - In - the size of buffer must be at least EC order size - (for curve25519 - 32 bytes); - Out - the actual size. */ - const uint8_t *pSeed, /*!< [in] Pointer to the given seed - 32 bytes. */ - size_t seedSize, /*!< [in/] Size of the seed in bytes (must be equal to CRYS_ECMONT_SEEDBYTES). */ - CRYS_ECMONT_TempBuff_t *pEcMontTempBuff /*!< [in] Pointer to a temp buffer, for internal use. */); - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif - - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ec_mont_edw_error.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ec_mont_edw_error.h deleted file mode 100644 index 5b76d2c..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ec_mont_edw_error.h +++ /dev/null @@ -1,114 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -#ifndef CRYS_EC_MONT_EDW_ERROR_H -#define CRYS_EC_MONT_EDW_ERROR_H - -/*! -@file -@brief This module containes the definitions of the CRYS ECC-25519 errors. -@defgroup crys_ecmontedw_error CryptoCell ECC-25519 errors -@{ -@ingroup cryptocell_ec -*/ - -#include "crys_error.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - - -/************************ Defines ******************************/ - -/********************************************************************************************************** - * CRYS EC Montgomery-Edwards MODULE ERRORS base address - 0x00F02300 * - **********************************************************************************************************/ -/*! Illegal input pointer */ -#define CRYS_ECEDW_INVALID_INPUT_POINTER_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x00UL) -/*! Illegal input size */ -#define CRYS_ECEDW_INVALID_INPUT_SIZE_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x01UL) -/*! Illegal scalar size */ -#define CRYS_ECEDW_INVALID_SCALAR_SIZE_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x02UL) -/*! Illegal scalar data */ -#define CRYS_ECEDW_INVALID_SCALAR_DATA_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x03UL) -/*! Invalid RND context pointer */ -#define CRYS_ECEDW_RND_CONTEXT_PTR_INVALID_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x04UL) -/*! Invalid RND generate vector functions pointer */ -#define CRYS_ECEDW_RND_GEN_VECTOR_FUNC_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x05UL) -/*! Signing or verification operation failed */ -#define CRYS_ECEDW_SIGN_VERIFY_FAILED_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x20UL) -/*! Illegal input pointer */ -#define CRYS_ECMONT_INVALID_INPUT_POINTER_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x30UL) -/*! Illegal input size */ -#define CRYS_ECMONT_INVALID_INPUT_SIZE_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x31UL) -/*! Illegal domain id */ -#define CRYS_ECMONT_INVALID_DOMAIN_ID_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x32UL) -/*! Internal PKI error */ -#define CRYS_ECEDW_PKI_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x33UL) -/*! Internal PKI error */ -#define CRYS_ECMONT_PKI_ERROR (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0x34UL) - - -/************************************************************************************************************ - * NOT SUPPORTED MODULES ERROR IDs * - ************************************************************************************************************/ -/*! EC montgomery is not supported */ -#define CRYS_ECMONT_IS_NOT_SUPPORTED (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0xFEUL) -/*! EC edwards is not supported */ -#define CRYS_ECEDW_IS_NOT_SUPPORTED (CRYS_EC_MONT_EDW_MODULE_ERROR_BASE + 0xFFUL) - - - -/************************ Enums ********************************/ - -/************************ Typedefs ****************************/ - -/************************ Structs ******************************/ - -/************************ Public Variables **********************/ - -/************************ Public Functions **********************/ - -#ifdef __cplusplus -} -#endif -/** -@} -*/ -#endif - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ecpki_build.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ecpki_build.h deleted file mode 100644 index 72391ab..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ecpki_build.h +++ /dev/null @@ -1,207 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -#ifndef CRYS_ECPKI_BUILD_H -#define CRYS_ECPKI_BUILD_H - -/*! -@defgroup cryptocell_ecpki CryptoCell ECC APIs -@{ -@ingroup cryptocell_api -@brief This group is the cryptocell ECC root group -@} - -@file -@brief This module defines functions for building key structures used in Elliptic Curves Cryptography (ECC). -@defgroup crys_ecpki_build CryptoCell key build for ECC APIs -@{ -@ingroup cryptocell_ecpki -*/ - - -#include "crys_error.h" -#include "crys_ecpki_types.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -/********************************************************************************** - * CRYS_ECPKI_BuildPrivKey function * - **********************************************************************************/ -/*! -@brief Builds (imports) the user private key structure from an existing private key so -that this structure can be used by other EC primitives. -This function should be called before using of the private key. Input -domain structure must be initialized by EC parameters and auxiliary -values, using CRYS_ECPKI_GetDomain or CRYS_ECPKI_SetDomain functions. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_ecpki_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_ECPKI_BuildPrivKey( - const CRYS_ECPKI_Domain_t *pDomain, /*!< [in] The EC domain (curve). */ - const uint8_t *pPrivKeyIn, /*!< [in] Pointer to private key data. */ - uint32_t PrivKeySizeInBytes, /*!< [in] Size of private key data (in bytes). */ - CRYS_ECPKI_UserPrivKey_t *pUserPrivKey /*!< [out] Pointer to the private key structure. - This structure is used as input to the ECPKI cryptographic primitives. */ - ); - -/********************************************************************************** - * _DX_ECPKI_BuildPublKey function * - **********************************************************************************/ -/*! -@brief Builds a user public key structure from an imported public key, -so it can be used by other EC primitives. -When operating the EC cryptographic algorithms with imported EC public -key, this function should be called before using of the public key. - -\note The Incoming public key PublKeyIn structure is big endian bytes array, containing -concatenation of PC||X||Y, where: -
    • PC - point control single byte, defining the type of point: 0x4 - uncompressed, -06,07 - hybrid, 2,3 - compressed.
      • -
    • X,Y - EC point coordinates of public key (y is omitted in compressed form), -size of X and Y must be equal to size of EC modulus.
    - -The user may call this function by appropriate macros, according to necessary validation level [SEC1. ECC standard: 3.2, ANS X9.62]: -
    • Checking the input pointers and sizes only - ::CRYS_ECPKI_BuildPublKey.
      • -
    • Partially checking of public key - ::CRYS_ECPKI_BuildPublKeyPartlyCheck.
      • -
    • Full checking of public key - ::CRYS_ECPKI_BuildPublKeyFullCheck.
    - -\note Full check mode takes long time and should be used when it is actually needed. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_ecpki_error.h. -*/ -/* -The function performs the following operations: -- Checks validity of incoming variables and pointers; -- Converts incoming key data from big endian into little endian; -- If public key is given in compressed form (i.e. byte[0] = 2 or 3 and - coordinate Y is omitted), then the function uncompress it; -- Performs checking of input key according to CheckMode parameter. -- Initializes variables and structures. -*/ -CIMPORT_C CRYSError_t _DX_ECPKI_BuildPublKey( - const CRYS_ECPKI_Domain_t *pDomain, /*!< [in] The EC domain (curve). */ - uint8_t *PublKeyIn_ptr, /*!< [in] Pointer to the input public key data, in compressed or - uncompressed or hybrid form: - [PC||X||Y] Big-Endian representation, structured according to - [IEEE1363], where: -
    • X and Y are the public key's EC point coordinates. - In compressed form, Y is omitted.
      • -
    • The sizes of X and Y are equal to the size of the EC modulus.
      • -
    • PC is a one-byte point control that defines the type of point - compression.
    */ - uint32_t PublKeySizeInBytes, /*!< [in] The size of public key data (in bytes). */ - EC_PublKeyCheckMode_t CheckMode, /*!< [in] The required level of public key verification - (higher verification level means longer verification time): -
    • 0 = preliminary validation.
      • -
    • 1 = partial validation.
      • -
    • 2 = full validation.
    */ - CRYS_ECPKI_UserPublKey_t *pUserPublKey, /*!< [out] Pointer to the output public key structure. - This structure is used as input to the ECPKI cryptographic primitives. */ - CRYS_ECPKI_BUILD_TempData_t *pTempBuff /*!< [in] Pointer for a temporary buffer required for the build function. */ - ); - - -/********************************************************************************** - * CRYS_ECPKI_BuildPublKey macro * - **********************************************************************************/ -/*! -@brief This macro calls _DX_ECPKI_BuildPublKey function for building the public key -while checking input pointers and sizes. For a description of the parameters see ::_DX_ECPKI_BuildPublKey. -*/ -#define CRYS_ECPKI_BuildPublKey(pDomain, PublKeyIn_ptr, PublKeySizeInBytes, pUserPublKey) \ - _DX_ECPKI_BuildPublKey((pDomain), (PublKeyIn_ptr), (PublKeySizeInBytes), CheckPointersAndSizesOnly, (pUserPublKey), NULL) - - -/********************************************************************************** - * CRYS_ECPKI_BuildPublKeyPartlyCheck macro * - **********************************************************************************/ -/*! -@brief This macro calls _DX_ECPKI_BuildPublKey function for building the public key with partial validation of the key [SEC1] - 3.2.3. -For a description of the parameters see ::_DX_ECPKI_BuildPublKey. -*/ -#define CRYS_ECPKI_BuildPublKeyPartlyCheck(pDomain, PublKeyIn_ptr, PublKeySizeInBytes, pUserPublKey, pTempBuff) \ - _DX_ECPKI_BuildPublKey((pDomain), (PublKeyIn_ptr), (PublKeySizeInBytes), ECpublKeyPartlyCheck, (pUserPublKey), (pTempBuff)) - - -/********************************************************************************** - * CRYS_ECPKI_BuildPublKeyFullCheck macro * - **********************************************************************************/ -/*! -@brief This macro calls _DX_ECPKI_BuildPublKey function for building the public key with full validation of the key [SEC1] - 3.2.2. -For a description of the parameters and return values see _DX_ECPKI_BuildPublKey. -*/ -#define CRYS_ECPKI_BuildPublKeyFullCheck(pDomain, PublKeyIn_ptr, PublKeySizeInBytes, pUserPublKey, pTempBuff) \ - _DX_ECPKI_BuildPublKey((pDomain), (PublKeyIn_ptr), (PublKeySizeInBytes), (ECpublKeyFullCheck), (pUserPublKey), (pTempBuff)) - - -/*********************************************************************************** - * CRYS_ECPKI_ExportPublKey function * - ***********************************************************************************/ -/*! -@brief Converts an existing public key from internal representation to Big-Endian export representation. -The function converts the X,Y coordinates of public key EC point to big endianness, -and sets the public key as follows: -
    • In case "Uncompressed" point: PubKey = PC||X||Y, PC = 0x4 - single byte;
      • -
    • In case of "Hybrid" key PC = 0x6.
      • -
    • In case of "Compressed" key PC = 0x2.
    -\note Size of output X and Y coordinates is equal to ModSizeInBytes. -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_ecpki_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_ECPKI_ExportPublKey( - CRYS_ECPKI_UserPublKey_t *pUserPublKey, /*!< [in] Pointer to the input public key structure (in Little-Endian form). */ - CRYS_ECPKI_PointCompression_t compression, /*!< [in] Compression mode: Compressed, Uncompressed or Hybrid. */ - uint8_t *pExternPublKey, /*!< [out] Pointer to the exported public key array, in compressed or uncompressed - or hybrid form: - [PC||X||Y] Big-Endian representation, structured according to [IEEE1363]. - In compressed form, Y is omitted. */ - uint32_t *pPublKeySizeBytes /*!< [in/out] Pointer used for the input of the user public key buffer size - (in bytes), and the output of the size of the converted public key in bytes. */ - ); - - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ecpki_dh.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ecpki_dh.h deleted file mode 100644 index b95abe5..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ecpki_dh.h +++ /dev/null @@ -1,90 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - -#ifndef CRYS_ECPKI_DH_H -#define CRYS_ECPKI_DH_H - -/*! @file -@brief Defines the API that supports EC Diffie-Hellman shared secret value derivation primitives. -@defgroup crys_ecpki_dh CryptoCell ECC Diffie-Hellman APIs -@{ -@ingroup cryptocell_ecpki -*/ - - -#include "crys_ecpki_types.h" -#include "crys_ecpki_error.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*********************************************************************** - * CRYS_ECDH_SVDP_DH function * - ***********************************************************************/ -/*! -@brief Creates the shared secret value according to [IEEE1363, ANS X9.63]: - -
    1. Checks input-parameter pointers and EC Domain in public and private -keys.
      2. -
    2. Derives the partner public key and calls the EcWrstDhDeriveSharedSecret -function, which performs EC SVDP operations.
    -\note The term "User" -refers to any party that calculates a shared secret value using this primitive. -The term "Partner" refers to any other party of shared secret value calculation. -Partner's public key shall be validated before using in this primitive. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_ecpki_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_ECDH_SVDP_DH( - CRYS_ECPKI_UserPublKey_t *PartnerPublKey_ptr, /*!< [in] Pointer to a partner public key. */ - CRYS_ECPKI_UserPrivKey_t *UserPrivKey_ptr, /*!< [in] Pointer to a user private key. */ - uint8_t *SharedSecretValue_ptr, /*!< [out] Pointer to an output buffer that will contain the shared - secret value. */ - uint32_t *SharedSecrValSize_ptr, /*!< [in/out] Pointer to the size of user-passed buffer (in) and - actual size of output of calculated shared secret value - (out). */ - CRYS_ECDH_TempData_t *TempBuff_ptr /*!< [in] Pointer to a temporary buffer. */); - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ecpki_domain.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ecpki_domain.h deleted file mode 100644 index 8475d52..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ecpki_domain.h +++ /dev/null @@ -1,80 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - -#ifndef CRYS_ECPKI_DOMAIN_H -#define CRYS_ECPKI_DOMAIN_H - - -/*! -@file -@brief Defines the ecpki build domain API. -@defgroup crys_ecpki_domain CryptoCell ECC domain APIs -@{ -@ingroup cryptocell_ecpki -*/ - - -#include "crys_error.h" -#include "crys_ecpki_types.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - - - - -/********************************************************************************** - * CRYS_ECPKI_GetEcDomain function * - **********************************************************************************/ - -/*! - * @brief The function returns a pointer to an ECDSA saved domain (one of the supported domains). - * - * @return Domain pointer on success. - * @return NULL on failure. - */ - -const CRYS_ECPKI_Domain_t *CRYS_ECPKI_GetEcDomain(CRYS_ECPKI_DomainID_t domainId /*!< [in] Index of one of the domain Id (must be one of the supported domains). */); - -#ifdef __cplusplus -} -#endif -/** -@} -*/ -#endif diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ecpki_ecdsa.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ecpki_ecdsa.h deleted file mode 100644 index 02db31d..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ecpki_ecdsa.h +++ /dev/null @@ -1,139 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - -#ifndef CRYS_ECPKI_ECDSA_H -#define CRYS_ECPKI_ECDSA_H - -/*! -@file -@brief Defines the APIs that support the ECDSA functions. -@defgroup crys_ecpki_ecdsa CryptoCell ECDSA APIs -@{ -@ingroup cryptocell_ecpki -*/ - -#include "crys_error.h" -#include "crys_ecpki_types.h" -#include "crys_hash.h" -#include "crys_rnd.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - - - -/************************************************************************** - * CRYS_ECDSA_Sign - integrated function - **************************************************************************/ -/*! -@brief This function performs an ECDSA sign operation in integrated form. - -\note -Using of HASH functions with HASH size greater than EC modulus size, is not recommended!. -Algorithm according [ANS X9.62] standard. - -The message data may be either a non-hashed data or a digest of a hash function. -For a non-hashed data, the message data will be hashed using the hash function indicated by ::CRYS_ECPKI_HASH_OpMode_t. -For a digest, ::CRYS_ECPKI_HASH_OpMode_t should indicate the hash function that the message data was created by, and it will not be hashed. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_ecpki_error.h, crys_hash_error.h or crys_rnd_error.h. -**/ -CIMPORT_C CRYSError_t CRYS_ECDSA_Sign( - void *rndState_ptr, /*!< [in/out] Pointer to the RND state structure. */ - SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to the random vector generation function. */ - CRYS_ECDSA_SignUserContext_t *pSignUserContext, /*!< [in/out] Pointer to the user buffer for signing the database. */ - CRYS_ECPKI_UserPrivKey_t *pSignerPrivKey, /*!< [in] A pointer to a user private key structure. */ - CRYS_ECPKI_HASH_OpMode_t hashMode, /*!< [in] One of the supported SHA-x HASH modes, as defined in - ::CRYS_ECPKI_HASH_OpMode_t. - \note MD5 is not supported. */ - uint8_t *pMessageDataIn, /*!< [in] Pointer to the input data to be signed. - The size of the scatter/gather list representing the data buffer - is limited to 128 entries, and the size of each entry is limited - to 64KB (fragments larger than 64KB are broken into - fragments <= 64KB). */ - uint32_t messageSizeInBytes, /*!< [in] Size of message data in bytes. */ - uint8_t *pSignatureOut, /*!< [in] Pointer to a buffer for output of signature. */ - uint32_t *pSignatureOutSize /*!< [in/out] Pointer to the signature size. Used to pass the size of - the SignatureOut buffer (in), which must be >= 2 - * OrderSizeInBytes. When the API returns, - it is replaced with the size of the actual signature (out). */ - ); - - - -/************************************************************************** - * CRYS_ECDSA_Verify integrated function - **************************************************************************/ -/*! -@brief This function performs an ECDSA verify operation in integrated form. -Algorithm according [ANS X9.62] standard. - -The message data may be either a non-hashed data or a digest of a hash function. -For a non-hashed data, the message data will be hashed using the hash function indicated by ::CRYS_ECPKI_HASH_OpMode_t. -For a digest, ::CRYS_ECPKI_HASH_OpMode_t should indicate the hash function that the message data was created by, and it will not be hashed. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_ecpki_error.h or crys_hash_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_ECDSA_Verify ( - CRYS_ECDSA_VerifyUserContext_t *pVerifyUserContext, /*!< [in] Pointer to the user buffer for signing the database. */ - CRYS_ECPKI_UserPublKey_t *pUserPublKey, /*!< [in] Pointer to a user public key structure. */ - CRYS_ECPKI_HASH_OpMode_t hashMode, /*!< [in] One of the supported SHA-x HASH modes, as defined in - ::CRYS_ECPKI_HASH_OpMode_t. - \note MD5 is not supported. */ - uint8_t *pSignatureIn, /*!< [in] Pointer to the signature to be verified. */ - uint32_t SignatureSizeBytes, /*!< [in] Size of the signature (in bytes). */ - uint8_t *pMessageDataIn, /*!< [in] Pointer to the input data that was signed (same as given to - the signing function). The size of the scatter/gather list representing - the data buffer is limited to 128 entries, and the size of each entry is - limited to 64KB (fragments larger than 64KB are broken into fragments <= 64KB). */ - uint32_t messageSizeInBytes /*!< [in] Size of the input data (in bytes). */ - ); - - -/**********************************************************************************************************/ - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ecpki_error.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ecpki_error.h deleted file mode 100644 index 9eb141d..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ecpki_error.h +++ /dev/null @@ -1,303 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - -#ifndef CRYS_ECPKI_ERROR_H -#define CRYS_ECPKI_ERROR_H - - -/*! -@file -@brief This module contains the definitions of the CRYS ECPKI errors. -@defgroup crys_ecpki_error CryptoCell ECC specific errors -@{ -@ingroup cryptocell_ecpki -*/ - -#include "crys_error.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - - -/************************ Defines ******************************/ - -/* CRYS_ECPKI_MODULE_ERROR_BASE = 0x00F00800 */ - -/********************************************************************************************* - * CRYS ECPKI MODULE ERRORS * - *********************************************************************************************/ -/*! Illegal domain ID. */ -#define CRYS_ECPKI_ILLEGAL_DOMAIN_ID_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x1UL) -/*! Illegal domain pointer. */ -#define CRYS_ECPKI_DOMAIN_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x2UL) -/* The CRYS ECPKI GEN KEY PAIR module errors */ -/*! Illegal private key pointer. */ -#define CRYS_ECPKI_GEN_KEY_INVALID_PRIVATE_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x3UL) -/*! Illegal public key pointer. */ -#define CRYS_ECPKI_GEN_KEY_INVALID_PUBLIC_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x4UL) -/*! Illegal temporary buffer pointer. */ -#define CRYS_ECPKI_GEN_KEY_INVALID_TEMP_DATA_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x5UL) -/*! Illegal RND context pointer. */ -#define CRYS_ECPKI_RND_CONTEXT_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x6UL) - -/************************************************************************************************************ -* The CRYS ECPKI BUILD KEYS MODULE ERRORS * -*************************************************************************************************************/ -/*! Illegal compression mode. */ -#define CRYS_ECPKI_BUILD_KEY_INVALID_COMPRESSION_MODE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x07UL) -/*! Illegal domain ID. */ -#define CRYS_ECPKI_BUILD_KEY_ILLEGAL_DOMAIN_ID_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x08UL) -/*! Illegal private key pointer. */ -#define CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_IN_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x09UL) -/*! Illegal private key structure pointer. */ -#define CRYS_ECPKI_BUILD_KEY_INVALID_USER_PRIV_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x0AUL) -/*! Illegal private key size. */ -#define CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_SIZE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x0BUL) -/*! Illegal private key data. */ -#define CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_DATA_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x0CUL) -/*! Illegal public key pointer. */ -#define CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_IN_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x0DUL) -/*! Illegal public key structure pointer. */ -#define CRYS_ECPKI_BUILD_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x0EUL) -/*! Illegal public key size. */ -#define CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_SIZE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x0FUL) -/*! Illegal public key data. */ -#define CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_DATA_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x10UL) -/*! Illegal EC build check mode option. */ -#define CRYS_ECPKI_BUILD_KEY_INVALID_CHECK_MODE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x11UL) -/*! Illegal temporary buffer pointer. */ -#define CRYS_ECPKI_BUILD_KEY_INVALID_TEMP_BUFF_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x12UL) - -/* The CRYS ECPKI EXPORT PUBLIC KEY MODULE ERRORS */ -/*! Illegal public key structure pointer. */ -#define CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x14UL) -/*! Illegal public key compression mode. */ -#define CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_COMPRESSION_MODE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x15UL) -/*! Illegal output public key pointer. */ -#define CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_EXTERN_PUBL_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x16UL) -/*! Illegal output public key size pointer. */ -#define CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x17UL) -/*! Illegal output public key size. */ -#define CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x18UL) -/*! Illegal domain ID. */ -#define CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_DOMAIN_ID_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x19UL) -/*! Validation of public key failed. */ -#define CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_VALIDATION_TAG_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x1AUL) -/*! Validation of public key failed. */ -#define CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_DATA_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x1BUL) - -/* The CRYS ECPKI BUILD ECC DOMAIN ERRORS */ -/*! Illegal domain ID. */ -#define CRYS_ECPKI_BUILD_DOMAIN_ID_IS_NOT_VALID_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x20UL) -/*! Illegal domain ID pointer. */ -#define CRYS_ECPKI_BUILD_DOMAIN_DOMAIN_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x21UL) -/*! Illegal domain parameter pointer. */ -#define CRYS_ECPKI_BUILD_DOMAIN_EC_PARAMETR_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x22UL) -/*! Illegal domain parameter size. */ -#define CRYS_ECPKI_BUILD_DOMAIN_EC_PARAMETR_SIZE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x23UL) -/*! Illegal domain cofactor parameters. */ -#define CRYS_ECPKI_BUILD_DOMAIN_COFACTOR_PARAMS_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x24UL) -/*! Insufficient strength. */ -#define CRYS_ECPKI_BUILD_DOMAIN_SECURITY_STRENGTH_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x25UL) -/*! SCA resistance error. */ -#define CRYS_ECPKI_BUILD_SCA_RESIST_ILLEGAL_MODE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x26UL) - - -/*! Internal PKI error */ -#define CRYS_ECPKI_PKI_INTERNAL_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x30UL) - -/************************************************************************************************************ - * CRYS EC DIFFIE-HELLMAN MODULE ERRORS -*************************************************************************************************************/ -/* The CRYS EC SVDP_DH Function errors */ -/*! Illegal partner's public key pointer. */ -#define CRYS_ECDH_SVDP_DH_INVALID_PARTNER_PUBL_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x31UL) -/*! Partner's public key validation failed. */ -#define CRYS_ECDH_SVDP_DH_PARTNER_PUBL_KEY_VALID_TAG_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x32UL) -/*! Illegal user private key pointer. */ -#define CRYS_ECDH_SVDP_DH_INVALID_USER_PRIV_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x33UL) -/*! Private key validation failed. */ -#define CRYS_ECDH_SVDP_DH_USER_PRIV_KEY_VALID_TAG_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x34UL) -/*! Illegal shared secret pointer. */ -#define CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x35UL) -/*! Illegal temporary buffer pointer. */ -#define CRYS_ECDH_SVDP_DH_INVALID_TEMP_DATA_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x36UL) -/*! Illegal shared secret size pointer. */ -#define CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x37UL) -/*! Illegal shared secret size. */ -#define CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x38UL) -/*! Illegal domain ID. */ -#define CRYS_ECDH_SVDP_DH_ILLEGAL_DOMAIN_ID_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x39UL) -/*! Illegal private and public domain ID are different. */ -#define CRYS_ECDH_SVDP_DH_NOT_CONCENT_PUBL_AND_PRIV_DOMAIN_ID_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x3AUL) - - -/************************************************************************************************************ - * CRYS ECDSA MODULE ERRORS - ************************************************************************************************************/ -/* The CRYS ECDSA Signing errors */ -/*! Illegal domain ID. */ -#define CRYS_ECDSA_SIGN_INVALID_DOMAIN_ID_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x50UL) -/*! Illegal context pointer. */ -#define CRYS_ECDSA_SIGN_INVALID_USER_CONTEXT_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x51UL) -/*! Illegal private key pointer. */ -#define CRYS_ECDSA_SIGN_INVALID_USER_PRIV_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x52UL) -/*! Illegal hash operation mode. */ -#define CRYS_ECDSA_SIGN_ILLEGAL_HASH_OP_MODE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x53UL) -/*! Illegal data in pointer. */ -#define CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x54UL) -/*! Illegal data in size. */ -#define CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_SIZE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x55UL) -/*! Context validation failed. */ -#define CRYS_ECDSA_SIGN_USER_CONTEXT_VALIDATION_TAG_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x57UL) -/*! User's private key validation failed. */ -#define CRYS_ECDSA_SIGN_USER_PRIV_KEY_VALIDATION_TAG_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x58UL) -/*! Illegal signature pointer. */ -#define CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x60UL) -/*! Illegal signature size pointer. */ -#define CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x61UL) -/*! Illegal signature size. */ -#define CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x62UL) -/*! Ephemeral key error. */ -#define CRYS_ECDSA_SIGN_INVALID_IS_EPHEMER_KEY_INTERNAL_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x63UL) -/*! Illegal ephemeral key pointer. */ -#define CRYS_ECDSA_SIGN_INVALID_EPHEMERAL_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x64UL) -/*! Illegal RND context pointer. */ -#define CRYS_ECDSA_SIGN_INVALID_RND_CONTEXT_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x65UL) -/*! Illegal RND function pointer. */ -#define CRYS_ECDSA_SIGN_INVALID_RND_FUNCTION_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x66UL) -/*! Signature calculation failed. */ -#define CRYS_ECDSA_SIGN_SIGNING_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x67UL) - -/* The CRYS ECDSA Verifying errors */ -/*! Illegal domain ID. */ -#define CRYS_ECDSA_VERIFY_INVALID_DOMAIN_ID_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x70UL) -/*! Illegal user's context pointer. */ -#define CRYS_ECDSA_VERIFY_INVALID_USER_CONTEXT_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x71UL) -/*! Illegal public key pointer. */ -#define CRYS_ECDSA_VERIFY_INVALID_SIGNER_PUBL_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x72UL) -/*! Illegal hash operation mode. */ -#define CRYS_ECDSA_VERIFY_ILLEGAL_HASH_OP_MODE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x73UL) -/*! Illegal signature pointer. */ -#define CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_IN_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x76UL) -/*! Illegal signature size. */ -#define CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_SIZE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x77UL) -/*! Illegal data in pointer. */ -#define CRYS_ECDSA_VERIFY_INVALID_MESSAGE_DATA_IN_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x80UL) -/*! Illegal data in size. */ -#define CRYS_ECDSA_VERIFY_INVALID_MESSAGE_DATA_IN_SIZE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x81UL) -/*! Context validation failed. */ -#define CRYS_ECDSA_VERIFY_USER_CONTEXT_VALIDATION_TAG_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x82UL) -/*! public key validation failed. */ -#define CRYS_ECDSA_VERIFY_SIGNER_PUBL_KEY_VALIDATION_TAG_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x83UL) -/*! Verification failed. */ -#define CRYS_ECDSA_VERIFY_INCONSISTENT_VERIFY_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x84UL) - -/*! Illegal parameters. */ -#define CRYS_ECC_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xD3UL) -/*! Illegal hash mode. */ -#define CRYS_ECC_ILLEGAL_HASH_MODE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xE0UL) - - -/************************************************************************************************************ - * CRYS ECPKI MODULE COMMON ERRORS -*************************************************************************************************************/ -/*! Illegal RND function pointer. */ -#define CRYS_ECPKI_INVALID_RND_FUNC_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x90UL) -/*! Illegal RND context pointer. */ -#define CRYS_ECPKI_INVALID_RND_CTX_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x91UL) -/*! Illegal domain ID. */ -#define CRYS_ECPKI_INVALID_DOMAIN_ID_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x92UL) -/*! Private key validation failed. */ -#define CRYS_ECPKI_INVALID_PRIV_KEY_TAG_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x93UL) -/*! Public key validation failed. */ -#define CRYS_ECPKI_INVALID_PUBL_KEY_TAG_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x94UL) -/*! Illegal data in. */ -#define CRYS_ECPKI_INVALID_DATA_IN_PASSED_STRUCT_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0x95UL) - -/************************************************************************************************************ - * CRYS ECIES MODULE ERRORS -*************************************************************************************************************/ -/*! Illegal public key pointer. */ -#define CRYS_ECIES_INVALID_PUBL_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xE0UL) -/*! Public key validation failed. */ -#define CRYS_ECIES_INVALID_PUBL_KEY_TAG_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xE1UL) -/*! Illegal private key pointer. */ -#define CRYS_ECIES_INVALID_PRIV_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xE2UL) -/*! Private key validation failed. */ -#define CRYS_ECIES_INVALID_PRIV_KEY_TAG_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xE3UL) -/*! Illegal private key value. */ -#define CRYS_ECIES_INVALID_PRIV_KEY_VALUE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xE4UL) -/*! Illegal KDF derivation mode. */ -#define CRYS_ECIES_INVALID_KDF_DERIV_MODE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xE5UL) -/*! Illegal KDF hash mode. */ -#define CRYS_ECIES_INVALID_KDF_HASH_MODE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xE6UL) -/*! Illegal secret key pointer. */ -#define CRYS_ECIES_INVALID_SECRET_KEY_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xE7UL) -/*! Illegal secret key size. */ -#define CRYS_ECIES_INVALID_SECRET_KEY_SIZE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xE8UL) -/*! Illegal cipher data pointer. */ -#define CRYS_ECIES_INVALID_CIPHER_DATA_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xE9UL) -/*! Illegal cipher data size pointer. */ -#define CRYS_ECIES_INVALID_CIPHER_DATA_SIZE_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xEAUL) -/*! Illegal cipher data size. */ -#define CRYS_ECIES_INVALID_CIPHER_DATA_SIZE_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xEBUL) -/*! Illegal temporary buffer pointer. */ -#define CRYS_ECIES_INVALID_TEMP_DATA_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xECUL) -/*! Illegal ephemeral key pointer */ -#define CRYS_ECIES_INVALID_EPHEM_KEY_PAIR_PTR_ERROR (CRYS_ECPKI_MODULE_ERROR_BASE + 0xEDUL) - -/************************ Enums ********************************/ - -/************************ Typedefs ****************************/ - -/************************ Structs ******************************/ - -/************************ Public Variables **********************/ - -/************************ Public Functions **********************/ - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ecpki_kg.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ecpki_kg.h deleted file mode 100644 index 10fcd49..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ecpki_kg.h +++ /dev/null @@ -1,88 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - -#ifndef CRYS_ECPKI_KG_H -#define CRYS_ECPKI_KG_H - -/*! @file -@brief Defines the API for generation of ECC private and public keys. -@defgroup crys_ecpki_kg CryptoCell ECC Key Generation APIs -@{ -@ingroup cryptocell_ecpki -*/ - - -#include "crys_error.h" -#include "crys_rnd.h" -#include "crys_ecpki_types.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -/***************** CRYS_ECPKI_GenKeyPair function **********************/ -/*! -@brief Generates a pair of private and public keys in internal representation according to [ANS X9.62]. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_ecpki_error.h or crys_rnd_error.h -*/ -CIMPORT_C CRYSError_t CRYS_ECPKI_GenKeyPair( - void *rndState_ptr, /*!< [in/out] Pointer to the RND state structure. */ - SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to the random vector generation function. */ - const CRYS_ECPKI_Domain_t *pDomain, /*!< [in] Pointer to EC domain (curve). */ - CRYS_ECPKI_UserPrivKey_t *pUserPrivKey, /*!< [out] Pointer to the private key structure. This structure is used as input to the - ECPKI cryptographic primitives. */ - CRYS_ECPKI_UserPublKey_t *pUserPublKey, /*!< [out] Pointer to the public key structure. This structure is used as input to the - ECPKI cryptographic primitives. */ - CRYS_ECPKI_KG_TempData_t *pTempData, /*!< [in] Temporary buffers for internal use, defined in ::CRYS_ECPKI_KG_TempData_t. */ - CRYS_ECPKI_KG_FipsContext_t *pFipsCtx /*!< [in] Pointer to temporary buffer used in case FIPS certification if required. */ -); - - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif - - - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ecpki_types.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ecpki_types.h deleted file mode 100644 index 2b4ee2c..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_ecpki_types.h +++ /dev/null @@ -1,478 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - -#ifndef CRYS_ECPKI_TYPES_H -#define CRYS_ECPKI_TYPES_H - -/*! -@file -@brief Contains all of the enums and definitions that are used for the CRYS ECPKI APIs. -@defgroup crys_ecpki_types CryptoCell ECC specific types -@{ -@ingroup cryptocell_ecpki -*/ - -#include "ssi_pal_types_plat.h" -#include "crys_hash.h" -#include "crys_pka_defs_hw.h" -#include "ssi_pal_compiler.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - - -/************************ Defines ******************************/ -/*! Internal buffer size in words. */ -#define CRYS_PKA_DOMAIN_LLF_BUFF_SIZE_IN_WORDS (10 + 3*CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS) - -/************************************************************************************** - * Enumerators - ***************************************************************************************/ - -/*------------------------------------------------------------------*/ -/*! Enumerator for the EC Domain idetifier - References: [13] - SEC 2: Recommended elliptic curve domain parameters. - Version 1.0. Certicom 2000. - [8] - WAP-261-WTLS-20010406-a, Version 06-April-2001. */ - -typedef enum -{ - /* For prime field */ - CRYS_ECPKI_DomainID_secp160k1, /*!< EC secp160r1 */ - CRYS_ECPKI_DomainID_secp160r1, /*!< EC secp160k1 */ - CRYS_ECPKI_DomainID_secp160r2, /*!< EC secp160r2 */ - CRYS_ECPKI_DomainID_secp192k1, /*!< EC secp192k1 */ - CRYS_ECPKI_DomainID_secp192r1, /*!< EC secp192r1 */ - CRYS_ECPKI_DomainID_secp224k1, /*!< EC secp224k1 */ - CRYS_ECPKI_DomainID_secp224r1, /*!< EC secp224r1 */ - CRYS_ECPKI_DomainID_secp256k1, /*!< EC secp256k1 */ - CRYS_ECPKI_DomainID_secp256r1, /*!< EC secp256r1 */ - CRYS_ECPKI_DomainID_secp384r1, /*!< EC secp384r1 */ - CRYS_ECPKI_DomainID_secp521r1, /*!< EC secp521r1 */ - - CRYS_ECPKI_DomainID_Builded, /*!< User given, not identified. */ - CRYS_ECPKI_DomainID_OffMode, /*!< Reserved.*/ - - CRYS_ECPKI_DomainIDLast = 0x7FFFFFFF, /*! Reserved.*/ - -}CRYS_ECPKI_DomainID_t; - - -/*------------------------------------------------------------------*/ -/*! Defines the enum for the HASH operation mode. - * The enumerator defines 6 HASH modes according to IEEE 1363. - * - */ -typedef enum -{ - CRYS_ECPKI_HASH_SHA1_mode = 0, /*!< The message data will be hashed with SHA1. */ - CRYS_ECPKI_HASH_SHA224_mode = 1, /*!< The message data will be hashed with SHA224. */ - CRYS_ECPKI_HASH_SHA256_mode = 2, /*!< The message data will be hashed with SHA256. */ - CRYS_ECPKI_HASH_SHA384_mode = 3, /*!< The message data will be hashed with SHA384. */ - CRYS_ECPKI_HASH_SHA512_mode = 4, /*!< The message data will be hashed with SHA512. */ - - CRYS_ECPKI_AFTER_HASH_SHA1_mode = 5, /*!< The message data is a digest of SHA1 and will not be hashed. */ - CRYS_ECPKI_AFTER_HASH_SHA224_mode = 6, /*!< The message data is a digest of SHA224 and will not be hashed. */ - CRYS_ECPKI_AFTER_HASH_SHA256_mode = 7, /*!< The message data is a digest of SHA256 and will not be hashed. */ - CRYS_ECPKI_AFTER_HASH_SHA384_mode = 8, /*!< The message data is a digest of SHA384 and will not be hashed. */ - CRYS_ECPKI_AFTER_HASH_SHA512_mode = 9, /*!< The message data is a digest of SHA512 and will not be hashed. */ - - - CRYS_ECPKI_HASH_NumOfModes, /*!< Maximal number of HASH modes. */ - CRYS_ECPKI_HASH_OpModeLast = 0x7FFFFFFF, /*!< Reserved. */ - -}CRYS_ECPKI_HASH_OpMode_t; - - -/*---------------------------------------------------*/ -/*! Enumerator for the EC point compression idetifier. */ -typedef enum -{ - CRYS_EC_PointCompressed = 2, /*!< Compressed point. */ - CRYS_EC_PointUncompressed = 4, /*!< Uncompressed point. */ - CRYS_EC_PointContWrong = 5, /*!< Wrong Point Control value. */ - CRYS_EC_PointHybrid = 6, /*!< Hybrid point. */ - - CRYS_EC_PointCompresOffMode = 8, /*!< Reserved. */ - - CRYS_ECPKI_PointCompressionLast= 0x7FFFFFFF, /*!< Reserved. */ - -}CRYS_ECPKI_PointCompression_t; - - -/*! EC key checks defintions. */ -typedef enum { - CheckPointersAndSizesOnly = 0, /*!< Only preliminary input parameters are checked. */ - ECpublKeyPartlyCheck = 1, /*!< Preliminary input parameters check and verify that EC PubKey point is on the curve. */ - ECpublKeyFullCheck = 2, /*!< All the above and in addition verifies that EC_GeneratorOrder*PubKey = O */ - - PublKeyChecingOffMode, /*! Reserved. */ - EC_PublKeyCheckModeLast = 0x7FFFFFFF, /*! Reserved. */ -}EC_PublKeyCheckMode_t; - -/*----------------------------------------------------*/ -/*! Defintion of sw SCA protection. */ -typedef enum { - SCAP_Inactive, /*! Inactive.*/ - SCAP_Active, /*! Active.*/ - SCAP_OFF_MODE, /*! Reserved. */ - SCAP_LAST = 0x7FFFFFFF /*! Reserved. */ -} CRYS_ECPKI_ScaProtection_t; - - -/************************************************************************************** - * EC Domain structure definition - ***************************************************************************************/ - -/*! The structure containing the EC domain parameters in little-endian form - EC equation: Y^2 = X^3 + A*X + B over prime fild GFp. */ -typedef struct { - - /*! EC modulus: P. */ - uint32_t ecP [CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; - /*! EC equation parameter a. */ - uint32_t ecA [CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; - /*! EC equation parameter b. */ - uint32_t ecB [CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; - /*! Order of generator. */ - uint32_t ecR [CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS + 1]; - /*! EC cofactor EC_Cofactor_K - Generator (EC base point) coordinates in projective form. */ - uint32_t ecGx [CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; - /*! EC cofactor EC_Cofactor_K - Generator (EC base point) coordinates in projective form. */ - uint32_t ecGy [CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; - /*! EC cofactor EC_Cofactor_K - Generator (EC base point) coordinates in projective form. */ - uint32_t ecH; - /*! Specific fields that are used by the low level.*/ - uint32_t llfBuff[CRYS_PKA_DOMAIN_LLF_BUFF_SIZE_IN_WORDS]; - /*! Size of fields in bits. */ - uint32_t modSizeInBits; - /*! Order size in bits. */ - uint32_t ordSizeInBits; - /*! Size of each inserted Barret tag in words; 0 - if not inserted.*/ - uint32_t barrTagSizeInWords; - /*! EC Domain identifier.*/ - CRYS_ECPKI_DomainID_t DomainID; - - /*! Internal buffer. */ - int8_t name[20]; - -} CRYS_ECPKI_Domain_t; - - - -/************************************************************************************** - * EC point structures definitions - ***************************************************************************************/ - -/*! The structure containing the EC point in affine coordinates - and little endian form. */ -typedef struct -{ - /*! Point coordinate X. */ - uint32_t x[CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; - /*! Point coordinate Y. */ - uint32_t y[CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; - -}CRYS_ECPKI_PointAffine_t; - - -/************************************************************************************** - * ECPKI public and private key Structures - ***************************************************************************************/ - -/* --------------------------------------------------------------------- */ -/* .................. The public key structures definitions ............ */ -/* --------------------------------------------------------------------- */ - -/*! The structure containing the Public Key in affine coordinates.*/ -typedef struct -{ - /*! Public Key coordinate X.*/ - uint32_t x[CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; - /*! Public Key coordinate Y.*/ - uint32_t y[CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; - /*! EC Domain.*/ - CRYS_ECPKI_Domain_t domain; - /*! Point type.*/ - uint32_t pointType; -} CRYS_ECPKI_PublKey_t; - -/*! The EC public key's user structure prototype. This structure must be saved by the user, and is used as input to the ECC functions -(such as ::CRYS_ECDSA_Verify etc.). */ -typedef struct CRYS_ECPKI_UserPublKey_t -{ - /*! Validation tag.*/ - uint32_t valid_tag; - /*! Public key data. */ - uint32_t PublKeyDbBuff[(sizeof(CRYS_ECPKI_PublKey_t)+3)/4]; - -} CRYS_ECPKI_UserPublKey_t; - - -/* --------------------------------------------------------------------- */ -/* .................. The private key structures definitions ........... */ -/* --------------------------------------------------------------------- */ - -/*! Structure containing the Private key data. */ -typedef struct -{ - /*! Private Key data. */ - uint32_t PrivKey[CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS + 1]; - /*! Domain. */ - CRYS_ECPKI_Domain_t domain; - /*! SCA protection mode. */ - CRYS_ECPKI_ScaProtection_t scaProtection; - -}CRYS_ECPKI_PrivKey_t; - - -/*! The EC private key's user structure prototype. This structure must be saved by the user, and is used as input to the ECC functions -(such as ::CRYS_ECDSA_Sign etc.). */ -typedef struct CRYS_ECPKI_UserPrivKey_t -{ - /*! Validation tag. */ - uint32_t valid_tag; - /*! Private key data. */ - uint32_t PrivKeyDbBuff[(sizeof(CRYS_ECPKI_PrivKey_t)+3)/4]; - -} CRYS_ECPKI_UserPrivKey_t; - -/*! ECDH temporary data type */ -typedef struct CRYS_ECDH_TempData_t -{ - /*! Temporary buffers. */ - uint32_t crysEcdhIntBuff[CRYS_PKA_ECDH_BUFF_MAX_LENGTH_IN_WORDS]; -}CRYS_ECDH_TempData_t; - -/*! EC build temporary data. */ -typedef struct CRYS_ECPKI_BUILD_TempData_t -{ - /*! Temporary buffers. */ - uint32_t crysBuildTmpIntBuff[CRYS_PKA_ECPKI_BUILD_TMP_BUFF_MAX_LENGTH_IN_WORDS]; -}CRYS_ECPKI_BUILD_TempData_t; - - - -/************************************************************************** - * CRYS ECDSA context structures - **************************************************************************/ - -/* --------------------------------------------------------------------- */ -/* CRYS ECDSA Signing context structure */ -/* --------------------------------------------------------------------- */ -/*! Internal buffer used in the signing process. */ -typedef uint32_t CRYS_ECDSA_SignIntBuff[CRYS_PKA_ECDSA_SIGN_BUFF_MAX_LENGTH_IN_WORDS]; - -/*! Context definition for Signing operation. */ -typedef struct -{ - /*! Private Key data. */ - CRYS_ECPKI_UserPrivKey_t ECDSA_SignerPrivKey; - - /*! HASH context. */ - CRYS_HASHUserContext_t hashUserCtxBuff; - /*! HASH result buffer. */ - CRYS_HASH_Result_t hashResult; - /*! HASH result size in words. */ - uint32_t hashResultSizeWords; - /*! HASH mode. */ - CRYS_ECPKI_HASH_OpMode_t hashMode; - /*! Internal buffer. */ - CRYS_ECDSA_SignIntBuff crysEcdsaSignIntBuff; -}ECDSA_SignContext_t; - - -/* --------------------------------------------------------------------- */ -/* CRYS ECDSA Signing User context database */ -/* --------------------------------------------------------------------- */ - -/*! User's context definition for signing operation. The context saves the state of the operation and must be saved by the user - till the end of the APIs flow */ -typedef struct CRYS_ECDSA_SignUserContext_t -{ - /*! Signing process data. */ - uint32_t context_buff [(sizeof(ECDSA_SignContext_t)+3)/4]; - /*! Validation tag*/ - uint32_t valid_tag; -} CRYS_ECDSA_SignUserContext_t; - - - -/****************************************************************************/ - -/* --------------------------------------------------------------------- */ -/* CRYS ECDSA Verifying context structure */ -/* --------------------------------------------------------------------- */ -/*! Internal buffer used in the verification process. */ -typedef uint32_t CRYS_ECDSA_VerifyIntBuff[CRYS_PKA_ECDSA_VERIFY_BUFF_MAX_LENGTH_IN_WORDS]; - -/*! Context definition for verification operation. */ -typedef struct -{ - /*! Public key data. */ - CRYS_ECPKI_UserPublKey_t ECDSA_SignerPublKey; - - /*! HASH context. */ - CRYS_HASHUserContext_t hashUserCtxBuff; - /*! HASH result. */ - CRYS_HASH_Result_t hashResult; - /*! HASH result size in words. */ - uint32_t hashResultSizeWords; - /*! HASH mode. */ - CRYS_ECPKI_HASH_OpMode_t hashMode; - /*! Internal buffer. */ - CRYS_ECDSA_VerifyIntBuff crysEcdsaVerIntBuff; - -}ECDSA_VerifyContext_t; - - -/* --------------------------------------------------------------------- */ -/* CRYS ECDSA Verifying User context database */ -/* --------------------------------------------------------------------- */ -/*! User's context definition for verification operation. The context saves the state of the operation and must be saved by the user - till the end of the APIs flow */ -typedef struct CRYS_ECDSA_VerifyUserContext_t -{ - /*! Verification process data. */ - uint32_t context_buff[(sizeof(ECDSA_VerifyContext_t)+3)/4]; - /*! Validation tag. */ - uint32_t valid_tag; -}CRYS_ECDSA_VerifyUserContext_t; - - - - -/* --------------------------------------------------------------------- */ -/* .................. key generation temp buffer ........... */ -/* --------------------------------------------------------------------- */ - -/*! ECPKI KG temporary data type */ -typedef struct CRYS_ECPKI_KG_TempData_t -{ - /*! Internal buffer. */ - uint32_t crysKGIntBuff[CRYS_PKA_KG_BUFF_MAX_LENGTH_IN_WORDS]; -}CRYS_ECPKI_KG_TempData_t; - -/*! ECIES temporary data definition. */ -typedef struct CRYS_ECIES_TempData_t { - - /*! Private key data. */ - CRYS_ECPKI_UserPrivKey_t PrivKey; - /*! Public key data. */ - CRYS_ECPKI_UserPublKey_t PublKey; - /*! Internal buffer. */ - uint32_t zz[3*CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS + 1]; - /*! Internal buffers. */ - union { - CRYS_ECPKI_BUILD_TempData_t buildTempbuff; - CRYS_ECPKI_KG_TempData_t KgTempBuff; - CRYS_ECDH_TempData_t DhTempBuff; - } tmp; - -}CRYS_ECIES_TempData_t; - - -/* --------------------------------------------------------------------- */ -/* .................. defines for FIPS ........... */ -/* --------------------------------------------------------------------- */ - -/*! Order length for the FIPS ECC tests. */ -#define CRYS_ECPKI_FIPS_ORDER_LENGTH (256/SASI_BITS_IN_BYTE) // the order of secp256r1 in bytes - -/*! Context definition required for internal FIPS verification for ECPKI key generation. */ -typedef struct CRYS_ECPKI_KG_FipsContext_t -{ - /*! Signing and verification data. */ - union { - CRYS_ECDSA_SignUserContext_t signCtx; - CRYS_ECDSA_VerifyUserContext_t verifyCtx; - }operationCtx; - /*! Internal buffer. */ - uint32_t signBuff[2*CRYS_ECPKI_ORDER_MAX_LENGTH_IN_WORDS]; -}CRYS_ECPKI_KG_FipsContext_t; - - - -/*! Context defintion, required for internal FIPS verification for ECDSA KAT. * -* The ECDSA KAT tests defined for domain 256r1. */ -typedef struct CRYS_ECDSAFipsKatContext_t{ - /*! Key data. */ - union { - /*! Private key data. */ - struct { - CRYS_ECPKI_UserPrivKey_t PrivKey; - CRYS_ECDSA_SignUserContext_t signCtx; - }userSignData; - /*! Public key data. */ - struct { - CRYS_ECPKI_UserPublKey_t PublKey; - union { - CRYS_ECDSA_VerifyUserContext_t verifyCtx; - CRYS_ECPKI_BUILD_TempData_t tempData; - }buildOrVerify; - }userVerifyData; - }keyContextData; - /*! Internal buffer. */ - uint8_t signBuff[2*CRYS_ECPKI_FIPS_ORDER_LENGTH]; -}CRYS_ECDSAFipsKatContext_t; - -/*! Context definition, required for internal FIPS verification for ECDH KAT. */ -typedef struct CRYS_ECDHFipsKatContext_t{ - /*! Public key data. */ - CRYS_ECPKI_UserPublKey_t pubKey; - /*! Private key data. */ - CRYS_ECPKI_UserPrivKey_t privKey; - /*! Internal buffers. */ - union { - CRYS_ECPKI_BUILD_TempData_t ecpkiTempData; - CRYS_ECDH_TempData_t ecdhTempBuff; - }tmpData; - /*! Buffer for the secret key. */ - uint8_t secretBuff[CRYS_ECPKI_FIPS_ORDER_LENGTH]; -}CRYS_ECDHFipsKatContext_t; - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_error.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_error.h deleted file mode 100644 index ae9125e..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_error.h +++ /dev/null @@ -1,273 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -#ifndef CRYS_ERROR_H -#define CRYS_ERROR_H - -#include "ssi_pal_types.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! @file -@brief This module defines the error return code types and the numbering spaces of the error codes -for each module of the layers listed below. -@defgroup crys_error CryptoCell general base error codes -@{ -@ingroup cryptocell_api -*/ - -/*! The definitions of the error number space used for the different modules */ - -/* ........... Error base numeric mapping definitions ................... */ -/* ----------------------------------------------------------------------- */ - - /*! CRYS error base number. */ -#define CRYS_ERROR_BASE 0x00F00000UL - -/*! Error range number assigned for each layer. */ -#define CRYS_ERROR_LAYER_RANGE 0x00010000UL - -/*! Error range number assigned to each module on its specified layer. */ -#define CRYS_ERROR_MODULE_RANGE 0x00000100UL - -/* Defines the layer index for the error mapping. */ -/*! CRYS error layer index. */ -#define CRYS_LAYER_ERROR_IDX 0x00UL -/*! Low level functions error layer index. */ -#define LLF_LAYER_ERROR_IDX 0x01UL -/*! Generic error layer index. */ -#define GENERIC_ERROR_IDX 0x05UL - -/* Defines the module index for error mapping */ -/*! AES error index.*/ -#define AES_ERROR_IDX 0x00UL -/*! DES error index.*/ -#define DES_ERROR_IDX 0x01UL -/*! HASH error index.*/ -#define HASH_ERROR_IDX 0x02UL -/*! HMAC error index.*/ -#define HMAC_ERROR_IDX 0x03UL -/*! RSA error index.*/ -#define RSA_ERROR_IDX 0x04UL -/*! DH error index.*/ -#define DH_ERROR_IDX 0x05UL - -/*! ECPKI error index.*/ -#define ECPKI_ERROR_IDX 0x08UL -/*! RND error index.*/ -#define RND_ERROR_IDX 0x0CUL -/*! Common error index.*/ -#define COMMON_ERROR_IDX 0x0DUL -/*! KDF error index.*/ -#define KDF_ERROR_IDX 0x11UL -/*! HKDF error index.*/ -#define HKDF_ERROR_IDX 0x12UL -/*! AESCCM error index.*/ -#define AESCCM_ERROR_IDX 0x15UL -/*! FIPS error index.*/ -#define FIPS_ERROR_IDX 0x17UL - -/*! PKA error index.*/ -#define PKA_MODULE_ERROR_IDX 0x21UL -/*! CHACHA error index.*/ -#define CHACHA_ERROR_IDX 0x22UL -/*! EC montgomery and edwards error index.*/ -#define EC_MONT_EDW_ERROR_IDX 0x23UL -/*! CHACHA POLY error index.*/ -#define CHACHA_POLY_ERROR_IDX 0x24UL -/*! POLY error index.*/ -#define POLY_ERROR_IDX 0x25UL -/*! SRP error index.*/ -#define SRP_ERROR_IDX 0x26UL - - - -/* .......... defining the error spaces for each module on each layer ........... */ -/* ------------------------------------------------------------------------------ */ - -/*! AES module error base address - 0x00F00000. */ -#define CRYS_AES_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ - (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ - (CRYS_ERROR_MODULE_RANGE * AES_ERROR_IDX ) ) - -/*! DES module error base address - 0x00F00100. */ -#define CRYS_DES_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ - (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ - (CRYS_ERROR_MODULE_RANGE * DES_ERROR_IDX ) ) - -/*! HASH module error base address - 0x00F00200. */ -#define CRYS_HASH_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ - (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ - (CRYS_ERROR_MODULE_RANGE * HASH_ERROR_IDX ) ) - -/*! HMAC module error base address - 0x00F00300. */ -#define CRYS_HMAC_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ - (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ - (CRYS_ERROR_MODULE_RANGE * HMAC_ERROR_IDX ) ) - -/*! RSA module error base address - 0x00F00400. */ -#define CRYS_RSA_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ - (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ - (CRYS_ERROR_MODULE_RANGE * RSA_ERROR_IDX ) ) - -/*! DH module error base address - 0x00F00500. */ -#define CRYS_DH_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ - (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ - (CRYS_ERROR_MODULE_RANGE * DH_ERROR_IDX ) ) - -/*! ECPKI module error base address - 0x00F00800. */ -#define CRYS_ECPKI_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ - (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ - (CRYS_ERROR_MODULE_RANGE * ECPKI_ERROR_IDX ) ) - -/*! Low level ECPKI module error base address - 0x00F10800. */ -#define LLF_ECPKI_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ - (CRYS_ERROR_LAYER_RANGE * LLF_LAYER_ERROR_IDX) + \ - (CRYS_ERROR_MODULE_RANGE * ECPKI_ERROR_IDX ) ) - -/*! RND module error base address - 0x00F00C00. */ -#define CRYS_RND_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ - (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ - (CRYS_ERROR_MODULE_RANGE * RND_ERROR_IDX ) ) - -/*! Low level RND module error base address - 0x00F10C00. */ -#define LLF_RND_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ - (CRYS_ERROR_LAYER_RANGE * LLF_LAYER_ERROR_IDX) + \ - (CRYS_ERROR_MODULE_RANGE * RND_ERROR_IDX ) ) - -/*! COMMMON module error base address - 0x00F00D00. */ -#define CRYS_COMMON_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ - (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ - (CRYS_ERROR_MODULE_RANGE * COMMON_ERROR_IDX ) ) - -/*! KDF module error base address - 0x00F01100. */ -#define CRYS_KDF_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ - (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ - (CRYS_ERROR_MODULE_RANGE * KDF_ERROR_IDX ) ) - -/*! HKDF module error base address - 0x00F01100. */ -#define CRYS_HKDF_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ - (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ - (CRYS_ERROR_MODULE_RANGE * HKDF_ERROR_IDX ) ) - -/*! AESCCM module error base address - 0x00F01500. */ -#define CRYS_AESCCM_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ - (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ - (CRYS_ERROR_MODULE_RANGE * AESCCM_ERROR_IDX ) ) - -/*! FIPS module error base address - 0x00F01700. */ -#define CRYS_FIPS_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ - (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ - (CRYS_ERROR_MODULE_RANGE * FIPS_ERROR_IDX ) ) - -/*! PKA module error base address - 0x00F02100. */ -#define PKA_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ - (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ - (CRYS_ERROR_MODULE_RANGE * PKA_MODULE_ERROR_IDX ) ) - -/*! CHACHA module error base address - 0x00F02200. */ -#define CRYS_CHACHA_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ - (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ - (CRYS_ERROR_MODULE_RANGE * CHACHA_ERROR_IDX ) ) -/*! CHACHA POLY module error base address - 0x00F02400. */ -#define CRYS_CHACHA_POLY_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ - (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ - (CRYS_ERROR_MODULE_RANGE * CHACHA_POLY_ERROR_IDX ) ) -/*! POLY module error base address - 0x00F02500. */ -#define CRYS_POLY_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ - (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ - (CRYS_ERROR_MODULE_RANGE * POLY_ERROR_IDX ) ) - -/*! SRP module error base address - 0x00F02600. */ -#define CRYS_SRP_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ - (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ - (CRYS_ERROR_MODULE_RANGE * SRP_ERROR_IDX ) ) - - -/*! EC MONT_EDW module error base address - 0x00F02300. */ -#define CRYS_EC_MONT_EDW_MODULE_ERROR_BASE (CRYS_ERROR_BASE + \ - (CRYS_ERROR_LAYER_RANGE * CRYS_LAYER_ERROR_IDX) + \ - (CRYS_ERROR_MODULE_RANGE * EC_MONT_EDW_ERROR_IDX ) ) - - -/*! User generic error base address - 0x00F50000 */ -#define GENERIC_ERROR_BASE ( CRYS_ERROR_BASE + (CRYS_ERROR_LAYER_RANGE * GENERIC_ERROR_IDX) ) -/*! CRYS fatal error. */ -#define CRYS_FATAL_ERROR (GENERIC_ERROR_BASE + 0x00UL) -/*! CRYS out of resources error. */ -#define CRYS_OUT_OF_RESOURCE_ERROR (GENERIC_ERROR_BASE + 0x01UL) -/*! CRYS illegal resource value error. */ -#define CRYS_ILLEGAL_RESOURCE_VAL_ERROR (GENERIC_ERROR_BASE + 0x02UL) - - - -/* ............ The OK (success) definition ....................... */ -/*! Success defintion. */ -#define CRYS_OK 0 - -/*! MACRO that defines crys return value. */ -#define SASI_CRYS_RETURN_ERROR(retCode, retcodeInfo, funcHandler) \ - ((retCode) == 0 ? CRYS_OK : funcHandler(retCode, retcodeInfo)) - -/************************ Enums ********************************/ - - -/************************ Typedefs ****************************/ - -/*! The typedef definition of all of the error codes that are returned from the CRYS functions */ -typedef uint32_t CRYSError_t; - -/************************ Structs ******************************/ - - -/************************ Public Variables **********************/ - - -/************************ Public Functions **********************/ - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif - - - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hash.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hash.h deleted file mode 100644 index ea93a8a..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hash.h +++ /dev/null @@ -1,285 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -/*! -@file -@brief This file contains all of the enums and definitions -that are used for the CRYS HASH APIs, as well as the APIs themselves. -@defgroup crys_hash CryptoCell HASH APIs -@{ -@ingroup cryptocell_api - - -This product supports the following HASH algorithms (or modes, according to product): -
    • CRYS_HASH_MD5 (producing 16 byte output).
      • -
    • CRYS_HASH_SHA1 (producing 20 byte output).
      • -
    • CRYS_HASH_SHA224 (producing 28 byte output).
      • -
    • CRYS_HASH_SHA256 (producing 32 byte output).
      • -
    • CRYS_HASH_SHA384 (producing 48 byte output).
      • -
    • CRYS_HASH_SHA512 (producing 64 byte output).
    - -HASH calculation can be performed in either of the following two modes of operation: -
    • Integrated operation - Processes all data in a single function call. This flow is applicable when all data is available prior to the - cryptographic operation.
      • -
    • Block operation - Processes a subset of the data buffers, and is called multiple times in a sequence. This flow is applicable when the - next data buffer becomes available only during/after processing of the current data buffer.
    - -The following is a typical HASH Block operation flow: -
    1. ::CRYS_HASH_Init - this function initializes the HASH machine on the CRYS level by setting the context pointer that is used on the entire - HASH operation.
      2. -
    2. ::CRYS_HASH_Update - this function runs a HASH operation on a block of data allocated by the user. This function may be called as many times - as required.
      3. -
    3. ::CRYS_HASH_Finish - this function ends the HASH operation. It returns the digest result and clears the context.
    -*/ - -#ifndef CRYS_HASH_H -#define CRYS_HASH_H - - -#include "ssi_pal_types.h" -#include "crys_error.h" -#include "crys_hash_defs.h" - - -#ifdef __cplusplus -extern "C" -{ -#endif - - -/************************ Defines ******************************/ -/* The hash result in words -#define CRYS_HASH_RESULT_SIZE_IN_WORDS 5*/ -/*! The maximal hash result is 512 bits for SHA512. */ -#define CRYS_HASH_RESULT_SIZE_IN_WORDS 16 - -/*! MD5 digest result size in bytes. */ -#define CRYS_HASH_MD5_DIGEST_SIZE_IN_BYTES 16 - -/*! MD5 digest result size in words. */ -#define CRYS_HASH_MD5_DIGEST_SIZE_IN_WORDS 4 - -/*! SHA-1 digest result size in bytes. */ -#define CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES 20 - -/*! SHA-1 digest result size in words. */ -#define CRYS_HASH_SHA1_DIGEST_SIZE_IN_WORDS 5 - -/*! SHA-256 digest result size in words. */ -#define CRYS_HASH_SHA224_DIGEST_SIZE_IN_WORDS 7 - -/*! SHA-256 digest result size in words. */ -#define CRYS_HASH_SHA256_DIGEST_SIZE_IN_WORDS 8 - -/*! SHA-384 digest result size in words. */ -#define CRYS_HASH_SHA384_DIGEST_SIZE_IN_WORDS 12 - -/*! SHA-512 digest result size in words. */ -#define CRYS_HASH_SHA512_DIGEST_SIZE_IN_WORDS 16 - -/*! SHA-256 digest result size in bytes */ -#define CRYS_HASH_SHA224_DIGEST_SIZE_IN_BYTES 28 - -/*! SHA-256 digest result size in bytes */ -#define CRYS_HASH_SHA256_DIGEST_SIZE_IN_BYTES 32 - -/*! SHA-384 digest result size in bytes */ -#define CRYS_HASH_SHA384_DIGEST_SIZE_IN_BYTES 48 - -/*! SHA-512 digest result size in bytes */ -#define CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES 64 - -/*! SHA1 hash block size in words */ -#define CRYS_HASH_BLOCK_SIZE_IN_WORDS 16 - -/*! SHA1 hash block size in bytes */ -#define CRYS_HASH_BLOCK_SIZE_IN_BYTES 64 - -/*! SHA2 hash block size in words */ -#define CRYS_HASH_SHA512_BLOCK_SIZE_IN_WORDS 32 - -/*! SHA2 hash block size in bytes */ -#define CRYS_HASH_SHA512_BLOCK_SIZE_IN_BYTES 128 - -/*! Maximal data size for update operation. */ -#define CRYS_HASH_UPDATE_DATA_MAX_SIZE_IN_BYTES (1 << 29) - - -/************************ Enums ********************************/ - -/*! -HASH operation mode -*/ -typedef enum { - CRYS_HASH_SHA1_mode = 0, /*!< SHA1. */ - CRYS_HASH_SHA224_mode = 1, /*!< SHA224. */ - CRYS_HASH_SHA256_mode = 2, /*!< SHA256. */ - CRYS_HASH_SHA384_mode = 3, /*!< SHA384. */ - CRYS_HASH_SHA512_mode = 4, /*!< SHA512. */ - CRYS_HASH_MD5_mode = 5, /*!< MD5. */ - /*! Number of hash modes. */ - CRYS_HASH_NumOfModes, - /*! Reserved. */ - CRYS_HASH_OperationModeLast= 0x7FFFFFFF, - -}CRYS_HASH_OperationMode_t; - -/************************ Typedefs *****************************/ - -/*! HASH result buffer. */ -typedef uint32_t CRYS_HASH_Result_t[CRYS_HASH_RESULT_SIZE_IN_WORDS]; - -/************************ Structs ******************************/ -/*! The user's context prototype - the argument type that is passed by the user - to the HASH APIs. The context saves the state of the operation and must be saved by the user - till the end of the APIs flow. */ -typedef struct CRYS_HASHUserContext_t { - /*! Internal buffer */ - uint32_t buff[CRYS_HASH_USER_CTX_SIZE_IN_WORDS]; -}CRYS_HASHUserContext_t; - -/************************ Public Variables **********************/ - -/************************ Public Functions **********************/ - - -/************************************************************************************************/ -/*! -@brief This function initializes the HASH machine and the HASH Context. - -It receives as input a pointer to store the context handle to the HASH Context, -and initializes the HASH Context with the cryptographic attributes that are needed for the HASH block operation (initializes H's value for the HASH algorithm). - -@return CRYS_OK on success. -@return A non-zero value from crys_hash_error.h on failure. -*/ -CIMPORT_C CRYSError_t CRYS_HASH_Init( - CRYS_HASHUserContext_t *ContextID_ptr, /*!< [in] Pointer to the HASH context buffer allocated by the user that is used - for the HASH machine operation. */ - CRYS_HASH_OperationMode_t OperationMode /*!< [in] One of the supported HASH modes, as defined in CRYS_HASH_OperationMode_t. */ -); - -/************************************************************************************************/ -/*! -@brief This function processes a block of data to be HASHed. - -It updates a HASH Context that was previously initialized by CRYS_HASH_Init or updated by a previous call to CRYS_HASH_Update. - -@return CRYS_OK on success. -@return A non-zero value from crys_hash_error.h on failure. -*/ - -CIMPORT_C CRYSError_t CRYS_HASH_Update( - CRYS_HASHUserContext_t *ContextID_ptr, /*!< [in] Pointer to the HASH context buffer allocated by the user, which is used for the - HASH machine operation. */ - uint8_t *DataIn_ptr, /*!< [in] Pointer to the input data to be HASHed. - it is a one contiguous memory block. */ - size_t DataInSize /*!< [in] Byte size of the input data. Must be > 0. - If not a multiple of the HASH block size (64 for MD5, SHA-1 and SHA-224/256, - 128 for SHA-384/512), no further calls - to CRYS_HASH_Update are allowed in this context, and only CRYS_HASH_Finish - can be called to complete the computation. */ -); - -/************************************************************************************************/ -/*! -@brief This function finalizes the hashing process of data block. - -It receives a handle to the HASH Context, which was previously initialized by CRYS_HASH_Init or by CRYS_HASH_Update. -It "adds" a header to the data block according to the relevant HASH standard, and computes the final message digest. - -@return CRYS_OK on success. -@return A non-zero value from crys_hash_error.h on failure. -*/ - -CIMPORT_C CRYSError_t CRYS_HASH_Finish( - CRYS_HASHUserContext_t *ContextID_ptr, /*!< [in] Pointer to the HASH context buffer allocated by the user that is used for - the HASH machine operation. */ - CRYS_HASH_Result_t HashResultBuff /*!< [in] Pointer to the word-aligned 64 byte buffer. The actual size of the HASH - result depends on CRYS_HASH_OperationMode_t. */ -); - - -/************************************************************************************************/ -/*! -@brief This function is a utility function that frees the context if the operation has failed. - -The function executes the following major steps: -
    1. Checks the validity of all of the inputs of the function.
      2. -
    2. Clears the user's context.
      3. -
    3. Exits the handler with the OK code.
    - -@return CRYS_OK on success. -@return A non-zero value from crys_hash_error.h on failure. -*/ - -CIMPORT_C CRYSError_t CRYS_HASH_Free( - CRYS_HASHUserContext_t *ContextID_ptr /*!< [in] Pointer to the HASH context buffer allocated by the user that is used for - the HASH machine operation. */ -); - - -/************************************************************************************************/ -/*! -@brief This function processes a single buffer of data. - -The function allocates an internal HASH Context, and initializes it with the cryptographic attributes -that are needed for the HASH block operation (initialize H's value for the HASH algorithm). -Then it processes the data block, calculating the HASH. Finally, it returns the data buffer's message digest. - -@return CRYS_OK on success. -@return A non-zero value from crys_hash_error.h on failure. - */ - -CIMPORT_C CRYSError_t CRYS_HASH ( - CRYS_HASH_OperationMode_t OperationMode, /*!< [in] One of the supported HASH modes, as defined in CRYS_HASH_OperationMode_t. */ - uint8_t *DataIn_ptr, /*!< [in] Pointer to the input data to be HASHed. - The size of the scatter/gather list representing the data buffer is limited - to 128 entries, and the size of each entry is limited to 64KB - (fragments larger than 64KB are broken into fragments <= 64KB). */ - size_t DataSize, /*!< [in] The size of the data to be hashed in bytes. */ - CRYS_HASH_Result_t HashResultBuff /*!< [out] Pointer to a word-aligned 64 byte buffer. The actual size of the HASH - result depends on CRYS_HASH_OperationMode_t. */ -); - - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hash_defs.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hash_defs.h deleted file mode 100644 index 701f78a..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hash_defs.h +++ /dev/null @@ -1,66 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -#ifndef CRYS_HASH_DEFS_H -#define CRYS_HASH_DEFS_H - -/*! -@file -@brief This file contains HASH definitions. -@defgroup crys_hash_defs CryptoCell Hash definitions -@{ -@ingroup crys_hash -*/ - -#ifdef __cplusplus -extern "C" -{ -#endif - - -/************************ Defines ******************************/ - -/*! The size of user's context prototype (see ::CRYS_HASHUserContext_t) in words. */ -#define CRYS_HASH_USER_CTX_SIZE_IN_WORDS 60 - - -#ifdef __cplusplus -} -#endif - -/** -@} - */ -#endif diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hash_error.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hash_error.h deleted file mode 100644 index 3840d18..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hash_error.h +++ /dev/null @@ -1,108 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - - -#ifndef CRYS_HASH_ERROR_H -#define CRYS_HASH_ERROR_H - - -#include "crys_error.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! -@file -@brief This module contains the definitions of the CRYS HASH errors. -@defgroup crys_hash_error CryptoCell HASH specific errors -@{ -@ingroup crys_hash -*/ - - - - -/************************ Defines ******************************/ -/*! HASH module on the CRYS layer base address - 0x00F00200*/ -/* The CRYS HASH module errors */ -/*! Illegal context pointer. */ -#define CRYS_HASH_INVALID_USER_CONTEXT_POINTER_ERROR (CRYS_HASH_MODULE_ERROR_BASE + 0x0UL) -/*! Illegal operation mode. */ -#define CRYS_HASH_ILLEGAL_OPERATION_MODE_ERROR (CRYS_HASH_MODULE_ERROR_BASE + 0x1UL) -/*! Context is corrupted. */ -#define CRYS_HASH_USER_CONTEXT_CORRUPTED_ERROR (CRYS_HASH_MODULE_ERROR_BASE + 0x2UL) -/*! Illegal data in pointer. */ -#define CRYS_HASH_DATA_IN_POINTER_INVALID_ERROR (CRYS_HASH_MODULE_ERROR_BASE + 0x3UL) -/*! Illegal data in size. */ -#define CRYS_HASH_DATA_SIZE_ILLEGAL (CRYS_HASH_MODULE_ERROR_BASE + 0x4UL) -/*! Illegal result buffer pointer. */ -#define CRYS_HASH_INVALID_RESULT_BUFFER_POINTER_ERROR (CRYS_HASH_MODULE_ERROR_BASE + 0x5UL) -/*! Last block was already processed (may happen if previous block was not a multiple of block size). */ -#define CRYS_HASH_LAST_BLOCK_ALREADY_PROCESSED_ERROR (CRYS_HASH_MODULE_ERROR_BASE + 0xCUL) -/*! Illegal parameter. */ -#define CRYS_HASH_ILLEGAL_PARAMS_ERROR (CRYS_HASH_MODULE_ERROR_BASE + 0xDUL) -/*! Illegal context size. */ -#define CRYS_HASH_CTX_SIZES_ERROR (CRYS_HASH_MODULE_ERROR_BASE + 0xEUL) -/*! HASH is not supported. */ -#define CRYS_HASH_IS_NOT_SUPPORTED (CRYS_HASH_MODULE_ERROR_BASE + 0xFUL) - - - -/************************ Enums ********************************/ - - -/************************ Typedefs ****************************/ - - -/************************ Structs ******************************/ - - -/************************ Public Variables **********************/ - - -/************************ Public Functions **********************/ - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hkdf.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hkdf.h deleted file mode 100644 index fbc5bcc..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hkdf.h +++ /dev/null @@ -1,124 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -#ifndef CRYS_HKDF_H -#define CRYS_HKDF_H - -#include "crys_hash.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! -@file -@brief This module defines the API that supports HMAC Key derivation function as defined by RFC5869. -@defgroup crys_hkdf CryptoCell HMAC Key Derivation APIs -@{ -@ingroup cryptocell_api -*/ - -/*! HKDF maximal key size in words. */ -#define CRYS_HKDF_MAX_HASH_KEY_SIZE_IN_BYTES 512 - -/*! HKDF maximal HASH digest size in bytes. */ -#define CRYS_HKDF_MAX_HASH_DIGEST_SIZE_IN_BYTES CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES - -/************************ Defines ******************************/ - -/************************ Enums ********************************/ - -/*! Enum defining HKDF HASH available modes. */ -typedef enum -{ - /*! SHA1 mode. */ - CRYS_HKDF_HASH_SHA1_mode = 0, - /*! SHA224 mode. */ - CRYS_HKDF_HASH_SHA224_mode = 1, - /*! SHA256 mode. */ - CRYS_HKDF_HASH_SHA256_mode = 2, - /*! SHA384 mode. */ - CRYS_HKDF_HASH_SHA384_mode = 3, - /*! SHA512 mode. */ - CRYS_HKDF_HASH_SHA512_mode = 4, - - /*! Maximal number of HASH modes. */ - CRYS_HKDF_HASH_NumOfModes, - - /*! Reserved */ - CRYS_HKDF_HASH_OpModeLast = 0x7FFFFFFF, - -}CRYS_HKDF_HASH_OpMode_t; - -/************************ Typedefs ****************************/ - -/************************ Structs ******************************/ - -/************************ Public Variables **********************/ - -/************************ Public Functions **********************/ - -/****************************************************************/ - - -/*********************************************************************************************************/ -/*! -@brief CRYS_HKDF_KeyDerivFunc performs the HMAC-based key derivation, according to RFC5869 - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_kdf_error.h, crys_hash_error or crys_hmac_error.h -*/ -CEXPORT_C CRYSError_t CRYS_HKDF_KeyDerivFunc( - CRYS_HKDF_HASH_OpMode_t HKDFhashMode, /*!< [in] The HKDF identifier of hash function to be used. */ - uint8_t* Salt_ptr, /*!< [in] A pointer to a non secret random value. can be NULL. */ - size_t SaltLen, /*!< [in] The size of the salt_ptr. */ - uint8_t* Ikm_ptr, /*!< [in] A pointer to a input key message. */ - uint32_t IkmLen, /*!< [in] The size of the input key message */ - uint8_t* Info, /*!< [in] A pointer to an optional context and application specific information. can be NULL */ - uint32_t InfoLen, /*!< [in] The size of the info. */ - uint8_t* Okm, /*!< [in] A pointer to a output key material. */ - uint32_t OkmLen, /*!< [in] The size of the output key material. */ - SaSiBool IsStrongKey /*!< [in] if TRUE , then no need to perform the extraction phase. */ - ); - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hkdf_error.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hkdf_error.h deleted file mode 100644 index d78398e..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hkdf_error.h +++ /dev/null @@ -1,91 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -#ifndef CRYS_HKDF_ERROR_H -#define CRYS_HKDF_ERROR_H - -#include "crys_error.h" - - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! -@file -@brief This module contains the definitions of the CRYS HKDF errors. -@defgroup crys_hkdf_error HMAC Key Derivation specific errors -@{ -@ingroup crys_hkdf - */ - - -/************************ Defines *******************************/ - -/*! CryptoCell HKDF module errors / base address - 0x00F01100. */ -/*! Invalid argument. */ -#define CRYS_HKDF_INVALID_ARGUMENT_POINTER_ERROR (CRYS_HKDF_MODULE_ERROR_BASE + 0x0UL) -/*! Invalid argument size. */ -#define CRYS_HKDF_INVALID_ARGUMENT_SIZE_ERROR (CRYS_HKDF_MODULE_ERROR_BASE + 0x1UL) -/*! Illegal hash mode. */ -#define CRYS_HKDF_INVALID_ARGUMENT_HASH_MODE_ERROR (CRYS_HKDF_MODULE_ERROR_BASE + 0x3UL) -/*! HKDF not supported. */ -#define CRYS_HKDF_IS_NOT_SUPPORTED (CRYS_HKDF_MODULE_ERROR_BASE + 0xFFUL) - -/************************ Enums *********************************/ - -/************************ Typedefs *****************************/ - -/************************ Structs ******************************/ - -/************************ Public Variables **********************/ - -/************************ Public Functions **********************/ - - - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif - - - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hmac.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hmac.h deleted file mode 100644 index 9094d73..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hmac.h +++ /dev/null @@ -1,214 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -/*! -@file -@brief This file contains all of the enums and definitions -that are used for the CRYS HMAC APIs, as well as the APIs themselves. -@defgroup crys_hmac CryptoCell HMAC APIs -@{ -@ingroup cryptocell_api - - -HMAC is a wrapping algorithm that uses a HASH function (one of the supported HASH algorithms, as specified in the HASH chapter) and a key, -to generate a unique authentication code over the input data. -HMAC calculation can be performed in either of the following two modes of operation: -
    • Integrated operation - Processes all data in a single function call. This flow is applicable when all data is available prior to -the cryptographic operation.
      • -
    • Block operation - Processes a subset of the data buffers, and is called multiple times in a sequence. This flow is applicable when -the next data buffer becomes available only during/after processing of the current data buffer.
    - -The following is a typical HMAC Block operation flow: -
    1. ::CRYS_HMAC_Init: This function initializes the HMAC machine on the CRYS level by setting the context pointer that is - used on the entire HMAC operation.
      2. -
    2. ::CRYS_HMAC_Update: This function runs an HMAC operation on a block of data allocated by the user. This function may be called as - many times as required.
      3. -
    3. ::CRYS_HMAC_Finish: This function ends the HMAC operation. It returns the digest result and clears the context.
    -*/ - -#ifndef CRYS_HMAC_H -#define CRYS_HMAC_H - - -#include "ssi_pal_types.h" -#include "crys_error.h" - -#include "crys_hash.h" -#include "crys_hmac_defs.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - - -/************************ Defines ******************************/ - -/*! HMAC key size after padding for MD5, SHA1, SHA256. */ -#define CRYS_HMAC_KEY_SIZE_IN_BYTES 64 - -/*! HMAC key size after padding for SHA384, SHA512 */ -#define CRYS_HMAC_SHA2_1024BIT_KEY_SIZE_IN_BYTES 128 - -/************************ Enums ********************************/ - -/************************ Typedefs ****************************/ - -/*********************** Structures ****************************/ - - -/*! User's context prototype - the argument type that is passed by the user - to the HMAC APIs. The context saves the state of the operation and must be saved by the user - till the end of the APIs flow */ -typedef struct CRYS_HMACUserContext_t { - /*! Context buffer for internal use */ - uint32_t buff[CRYS_HMAC_USER_CTX_SIZE_IN_WORDS]; - -}CRYS_HMACUserContext_t; - -/************************ Structs ******************************/ - - -/************************ Public Variables **********************/ - - -/************************ Public Functions **********************/ - -/*! -@brief This function initializes the HMAC machine. - -It allocates and initializes the HMAC Context. It initiates a HASH session and processes a HASH update on the Key XOR ipad, -then stores it in the context - -@return CRYS_OK on success. -@return A non-zero value from crys_hmac_error.h or crys_hash_error.h on failure. -*/ -CIMPORT_C CRYSError_t CRYS_HMAC_Init( - CRYS_HMACUserContext_t *ContextID_ptr, /*!< [in] Pointer to the HMAC context buffer allocated by the user, which is used - for the HMAC machine operation. */ - CRYS_HASH_OperationMode_t OperationMode, /*!< [in] One of the supported HASH modes, as defined in CRYS_HASH_OperationMode_t. */ - uint8_t *key_ptr, /*!< [in] The pointer to the user's key buffer. */ - uint16_t keySize /*!< [in] The key size in bytes. If the key size is bigger than the HASH block, the key will be hashed. - The limitations on the key size are the same as the limitations on MAX hash size. */ -); - - -/*! -@brief This function processes a block of data to be HASHed. - -It receives a handle to the HMAC Context, and updates the HASH value with the new data. - -@return CRYS_OK on success. -@return A non-zero value from crys_hmac_error.h or crys_hash_error.h on failure. -*/ - -CIMPORT_C CRYSError_t CRYS_HMAC_Update( - CRYS_HMACUserContext_t *ContextID_ptr, /*!< [in] Pointer to the HMAC context buffer allocated by the user - that is used for the HMAC machine operation. */ - uint8_t *DataIn_ptr, /*!< [in] Pointer to the input data to be HASHed. - The size of the scatter/gather list representing the data buffer is limited to - 128 entries, and the size of each entry is limited to 64KB - (fragments larger than 64KB are broken into fragments <= 64KB). */ - size_t DataInSize /*!< [in] Byte size of the input data. Must be > 0. - If not a multiple of the HASH block size (64 for SHA-1 and SHA-224/256, - 128 for SHA-384/512), no further calls to ::CRYS_HMAC_Update are allowed in - this context, and only ::CRYS_HMAC_Finish can be called to complete the - computation. */ -); - - -/*! -@brief This function finalizes the HMAC processing of a data block. - -It receives a handle to the HMAC context that was previously initialized by ::CRYS_HMAC_Init, or by ::CRYS_HMAC_Update. -It completes the HASH calculation on the ipad and text, and then executes a new HASH operation with the key XOR opad and the previous -HASH operation result. - -@return CRYS_OK on success. -@return A non-zero value from crys_hmac_error.h or crys_hash_error.h on failure. -*/ - -CIMPORT_C CRYSError_t CRYS_HMAC_Finish( - CRYS_HMACUserContext_t *ContextID_ptr, /*!< [in] Pointer to the HMAC context buffer allocated by the user, which is used - for the HMAC machine operation. */ - CRYS_HASH_Result_t HmacResultBuff /*!< [out] Pointer to the word-aligned 64 byte buffer. The actual size of the - HASH result depends on CRYS_HASH_OperationMode_t. */ -); - - -/*! -@brief This function is a service function that frees the context if the operation has failed. - -The function executes the following major steps: -
    1. Checks the validity of all of the inputs of the function.
      2. -
    2. Clears the user's context.
      3. -
    3. Exits the handler with the OK code.
    - -@return CRYS_OK on success. -@return a non-zero value from crys_hmac_error.h on failure. -*/ - -CIMPORT_C CRYSError_t CRYS_HMAC_Free( - CRYS_HMACUserContext_t *ContextID_ptr /*!< [in] Pointer to the HMAC context buffer allocated by the user, which is used for - the HMAC machine operation. */ -); - - -/*! -@brief This function processes a single buffer of data, and returns the data buffer's message digest. - -@return CRYS_OK on success. -@return A non-zero value from crys_hmac_error.h or crys_hash_error.h on failure. -*/ -CIMPORT_C CRYSError_t CRYS_HMAC ( - CRYS_HASH_OperationMode_t OperationMode, /*!< [in] One of the supported HASH modes, as defined in CRYS_HASH_OperationMode_t. */ - uint8_t *key_ptr, /*!< [in] The pointer to the user's key buffer. */ - uint16_t keySize, /*!< [in] The key size in bytes. If the key size is bigger than the HASH block, the key will be hashed. - The limitations on the key size are the same as the limitations on MAX hash size.*/ - uint8_t *DataIn_ptr, /*!< [in] Pointer to the input data to be HASHed. - The size of the scatter/gather list representing the data buffer is limited to 128 - entries, and the size of each entry is limited to 64KB (fragments larger than - 64KB are broken into fragments <= 64KB). */ - size_t DataSize, /*!< [in] The size of the data to be hashed (in bytes). */ - CRYS_HASH_Result_t HmacResultBuff /*!< [out] Pointer to the word-aligned 64 byte buffer. The actual size of the - HMAC result depends on CRYS_HASH_OperationMode_t. */ -); -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hmac_defs.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hmac_defs.h deleted file mode 100644 index 6e76d71..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hmac_defs.h +++ /dev/null @@ -1,64 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -#ifndef CRYS_HMAC_DEFS_H -#define CRYS_HMAC_DEFS_H - - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! -@file -@brief This file contains HMAC definitions. -@defgroup crys_hmac_defs CryptoCell Hmac definitions -@{ -@ingroup crys_hmac -*/ - -/************************ Defines ******************************/ -/*! The size of user's context prototype (see ::CRYS_HMACUserContext_t) in words. */ -#define CRYS_HMAC_USER_CTX_SIZE_IN_WORDS 94 - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hmac_error.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hmac_error.h deleted file mode 100644 index e9bd5c8..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_hmac_error.h +++ /dev/null @@ -1,108 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - -#ifndef CRYS_HMAC_ERROR_H -#define CRYS_HMAC_ERROR_H - -#include "crys_error.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! @file -@brief This module contains the definitions of the CRYS HMAC errors. -@defgroup crys_hmac_error CryptoCell HMAC specific errors -@{ -@ingroup crys_hmac -*/ - - - -/************************ Defines ******************************/ - -/*! The CRYS HMAC module errors */ -/*! Illegal context pointer. */ -#define CRYS_HMAC_INVALID_USER_CONTEXT_POINTER_ERROR (CRYS_HMAC_MODULE_ERROR_BASE + 0x0UL) -/*! Illegal operation mode. */ -#define CRYS_HMAC_ILLEGAL_OPERATION_MODE_ERROR (CRYS_HMAC_MODULE_ERROR_BASE + 0x1UL) -/*! Context is corrupted. */ -#define CRYS_HMAC_USER_CONTEXT_CORRUPTED_ERROR (CRYS_HMAC_MODULE_ERROR_BASE + 0x2UL) -/*! Illegal data in pointer. */ -#define CRYS_HMAC_DATA_IN_POINTER_INVALID_ERROR (CRYS_HMAC_MODULE_ERROR_BASE + 0x3UL) -/*! Illegal data in size. */ -#define CRYS_HMAC_DATA_SIZE_ILLEGAL (CRYS_HMAC_MODULE_ERROR_BASE + 0x4UL) -/*! Illegal result buffer pointer. */ -#define CRYS_HMAC_INVALID_RESULT_BUFFER_POINTER_ERROR (CRYS_HMAC_MODULE_ERROR_BASE + 0x5UL) -/*! Illegal key buffer pointer. */ -#define CRYS_HMAC_INVALID_KEY_POINTER_ERROR (CRYS_HMAC_MODULE_ERROR_BASE + 0x6UL) -/*! Illegal key size. */ -#define CRYS_HMAC_UNVALID_KEY_SIZE_ERROR (CRYS_HMAC_MODULE_ERROR_BASE + 0x7UL) -/*! Last block was already processed (may happen if previous block was not a multiple of block size). */ -#define CRYS_HMAC_LAST_BLOCK_ALREADY_PROCESSED_ERROR (CRYS_HMAC_MODULE_ERROR_BASE + 0xBUL) -/*! Illegal parameters. */ -#define CRYS_HMAC_ILLEGAL_PARAMS_ERROR (CRYS_HMAC_MODULE_ERROR_BASE + 0xCUL) -/*! Illegal context size. */ -#define CRYS_HMAC_CTX_SIZES_ERROR (CRYS_HMAC_MODULE_ERROR_BASE + 0xEUL) -/*! HMAC is not supported. */ -#define CRYS_HMAC_IS_NOT_SUPPORTED (CRYS_HMAC_MODULE_ERROR_BASE + 0xFUL) - - - -/************************ Enums ********************************/ - - -/************************ Typedefs ****************************/ - - -/************************ Structs ******************************/ - - -/************************ Public Variables **********************/ - - -/************************ Public Functions **********************/ - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_kdf.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_kdf.h deleted file mode 100644 index add338e..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_kdf.h +++ /dev/null @@ -1,211 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -#ifndef CRYS_KDF_H -#define CRYS_KDF_H - - -#include "crys_hash.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! -@file -@brief This module defines the API that supports Key derivation function in modes -as defined in PKCS#3, ANSI X9.42-2001, and ANSI X9.63-1999. -@defgroup crys_kdf CryptoCell Key Derivation APIs -@{ -@ingroup cryptocell_api -*/ - -#include "crys_hash.h" - -/************************ Defines ******************************/ - -/*! Shared secret value max size in bytes */ -#define CRYS_KDF_MAX_SIZE_OF_SHARED_SECRET_VALUE 1024 - -/* Count and max. sizeof OtherInfo entries (pointers to data buffers) */ -/*! Number of other info entries. */ -#define CRYS_KDF_COUNT_OF_OTHER_INFO_ENTRIES 5 -/*! Maximal size of other info entry. */ -#define CRYS_KDF_MAX_SIZE_OF_OTHER_INFO_ENTRY 64 /*!< Size is in bytes*/ -/*! Maximal size of keying data in bytes. */ -#define CRYS_KDF_MAX_SIZE_OF_KEYING_DATA 2048 - -/************************ Enums ********************************/ -/*! HASH operation modes */ -typedef enum -{ - /*! SHA1 mode.*/ - CRYS_KDF_HASH_SHA1_mode = 0, - /*! SHA224 mode.*/ - CRYS_KDF_HASH_SHA224_mode = 1, - /*! SHA256 mode.*/ - CRYS_KDF_HASH_SHA256_mode = 2, - /*! SHA384 mode.*/ - CRYS_KDF_HASH_SHA384_mode = 3, - /*! SHA512 mode.*/ - CRYS_KDF_HASH_SHA512_mode = 4, - /*! Maximal number of HASH modes. */ - CRYS_KDF_HASH_NumOfModes, - /*! Reserved.*/ - CRYS_KDF_HASH_OpModeLast = 0x7FFFFFFF, - -}CRYS_KDF_HASH_OpMode_t; - -/*! Key derivation modes. */ -typedef enum -{ - /*! ASN1 key derivation mode.*/ - CRYS_KDF_ASN1_DerivMode = 0, - /*! Concatination key derivation mode.*/ - CRYS_KDF_ConcatDerivMode = 1, - /*! X963 key derivation mode.*/ - CRYS_KDF_X963_DerivMode = CRYS_KDF_ConcatDerivMode, - /*! ISO 18033 KDF1 key derivation mode.*/ - CRYS_KDF_ISO18033_KDF1_DerivMode = 3, - /*! ISO 18033 KDF2 key derivation mode.*/ - CRYS_KDF_ISO18033_KDF2_DerivMode = 4, - /*! Maximal number of key derivation modes. */ - CRYS_KDF_DerivFunc_NumOfModes = 5, - /*! Reserved.*/ - CRYS_KDF_DerivFuncModeLast= 0x7FFFFFFF, - -}CRYS_KDF_DerivFuncMode_t; - -/************************ Typedefs ****************************/ - -/*! Structure, containing the optional data (other info) for KDF, - if any data is not needed, then the pointer value and - the size must be set to NULL */ -typedef struct -{ - /*! A unique object identifier (OID), indicating algorithm(s) - for which the keying data is used. */ - uint8_t AlgorithmID[CRYS_KDF_MAX_SIZE_OF_OTHER_INFO_ENTRY]; - uint32_t SizeOfAlgorithmID; /*!< Size of algorithm ID.*/ - /*! Public information contributed by the initiator. */ - uint8_t PartyUInfo[CRYS_KDF_MAX_SIZE_OF_OTHER_INFO_ENTRY]; - uint32_t SizeOfPartyUInfo; /*!< Size of the Public information contributed by the initiator. */ - /*! Public information contributed by the responder. */ - uint8_t PartyVInfo[CRYS_KDF_MAX_SIZE_OF_OTHER_INFO_ENTRY]; - uint32_t SizeOfPartyVInfo; /*!< Size of the responder's public information. */ - /*! Mutually-known private information, e.g. shared information - communicated throgh a separate channel. */ - uint8_t SuppPrivInfo[CRYS_KDF_MAX_SIZE_OF_OTHER_INFO_ENTRY]; - uint32_t SizeOfSuppPrivInfo; /*!< Size of the private information. */ - /*! Mutually-known public information, */ - uint8_t SuppPubInfo[CRYS_KDF_MAX_SIZE_OF_OTHER_INFO_ENTRY]; - uint32_t SizeOfSuppPubInfo; /*!< Size of the public information. */ - -}CRYS_KDF_OtherInfo_t; - -/************************ Structs ******************************/ - -/************************ Public Variables **********************/ - -/************************ Public Functions **********************/ - -/****************************************************************/ - - -/*********************************************************************************************************/ -/*! - @brief CRYS_KDF_KeyDerivFunc performs key derivation according to one of the modes defined in standards: - ANS X9.42-2001, ANS X9.63, ISO/IEC 18033-2. - -The present implementation of the function allows the following operation modes: -
    • CRYS_KDF_ASN1_DerivMode - mode based on ASN.1 DER encoding;
      • -
    • CRYS_KDF_ConcatDerivMode - mode based on concatenation;
      • -
    • CRYS_KDF_X963_DerivMode = CRYS_KDF_ConcatDerivMode;
      • -
    • CRYS_KDF_ISO18033_KDF1_DerivMode - specific mode according to ECIES-KEM algorithm (ISO/IEC 18033-2).
    - -The purpose of this function is to derive a keying data from the shared secret value and some -other optional shared information (SharedInfo). - -\note -
    • The length in Bytes of the hash result buffer is denoted by "hashlen".
      • -
    • All buffers arguments are represented in Big-Endian format.
      • - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_kdf_error.h or crys_hash_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_KDF_KeyDerivFunc( - uint8_t *ZZSecret_ptr, /*!< [in] A pointer to shared secret value octet string. */ - uint32_t ZZSecretSize, /*!< [in] The size of the shared secret value in bytes. - The maximal size is defined as: CRYS_KDF_MAX_SIZE_OF_SHARED_SECRET_VALUE. */ - CRYS_KDF_OtherInfo_t *OtherInfo_ptr, /*!< [in] The pointer to structure, containing the data, shared by two entities of - agreement and the data sizes. This argument may be optional in several modes - (if it is not needed - set NULL). - On two ISO/IEC 18033-2 modes - set NULL. - On KDF ASN1 mode the OtherInfo and its AlgorithmID entry are mandatory. */ - CRYS_KDF_HASH_OpMode_t KDFhashMode, /*!< [in] The KDF identifier of hash function to be used. The hash function output - must be at least 160 bits. */ - CRYS_KDF_DerivFuncMode_t derivation_mode, /*!< [in] Specifies one of above described derivation modes. */ - uint8_t *KeyingData_ptr, /*!< [out] A pointer to the buffer for derived keying data. */ - uint32_t KeyingDataSizeBytes /*!< [in] The size in bytes of the keying data to be derived. - The maximal size is defined as: CRYS_KDF_MAX_SIZE_OF_KEYING_DATA. */ -); - -/*********************************************************************************************************/ -/*! - CRYS_KDF_ASN1_KeyDerivFunc is A MACRO that performs key derivation according to ASN1 DER encoding method defined - in standard ANS X9.42-2001, 7.2.1. For a description of the parameters see ::CRYS_KDF_KeyDerivFunc. -*/ -#define CRYS_KDF_ASN1_KeyDerivFunc(ZZSecret_ptr,ZZSecretSize,OtherInfo_ptr,KDFhashMode,KeyingData_ptr,KeyLenInBytes)\ - CRYS_KDF_KeyDerivFunc((ZZSecret_ptr),(ZZSecretSize),(OtherInfo_ptr),(KDFhashMode),CRYS_KDF_ASN1_DerivMode,(KeyingData_ptr),(KeyLenInBytes)) - - -/*********************************************************************************************************/ -/*! - CRYS_KDF_ConcatKeyDerivFunc is a MACRO that performs key derivation according to concatenation mode defined - in standard ANS X9.42-2001, 7.2.2. For a description of the parameters see - ::CRYS_KDF_KeyDerivFunc. -*/ -#define CRYS_KDF_ConcatKeyDerivFunc(ZZSecret_ptr,ZZSecretSize,OtherInfo_ptr,KDFhashMode,KeyingData_ptr,KeyLenInBytes)\ - CRYS_KDF_KeyDerivFunc((ZZSecret_ptr),(ZZSecretSize),(OtherInfo_ptr),(KDFhashMode),CRYS_KDF_ConcatDerivMode,(KeyingData_ptr),(KeyLenInBytes)) - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_kdf_error.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_kdf_error.h deleted file mode 100644 index 905ffa1..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_kdf_error.h +++ /dev/null @@ -1,105 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -#ifndef CRYS_KDF_ERROR_H -#define CRYS_KDF_ERROR_H - -#include "crys_error.h" - - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! -@file -@brief This module contains the definitions of the CRYS KDF errors. -@defgroup crys_kdf_error CryptoCell Key Derivation specific errors -@{ -@ingroup crys_kdf - */ - - -/************************ Defines *******************************/ - -/*! The CRYS KDF module errors / base address - 0x00F01100*/ -/*! Illegal input pointer. */ -#define CRYS_KDF_INVALID_ARGUMENT_POINTER_ERROR (CRYS_KDF_MODULE_ERROR_BASE + 0x0UL) -/*! Illegal input size. */ -#define CRYS_KDF_INVALID_ARGUMENT_SIZE_ERROR (CRYS_KDF_MODULE_ERROR_BASE + 0x1UL) -/*! Illegal operation mode. */ -#define CRYS_KDF_INVALID_ARGUMENT_OPERATION_MODE_ERROR (CRYS_KDF_MODULE_ERROR_BASE + 0x2UL) -/*! Illegal hash mode. */ -#define CRYS_KDF_INVALID_ARGUMENT_HASH_MODE_ERROR (CRYS_KDF_MODULE_ERROR_BASE + 0x3UL) -/*! Illegal key derivation mode. */ -#define CRYS_KDF_INVALID_KEY_DERIVATION_MODE_ERROR (CRYS_KDF_MODULE_ERROR_BASE + 0x4UL) -/*! Illegal shared secret value size. */ -#define CRYS_KDF_INVALID_SHARED_SECRET_VALUE_SIZE_ERROR (CRYS_KDF_MODULE_ERROR_BASE + 0x5UL) -/*! Illegal otherInfo size. */ -#define CRYS_KDF_INVALID_OTHER_INFO_SIZE_ERROR (CRYS_KDF_MODULE_ERROR_BASE + 0x6UL) -/*! Illegal key data size. */ -#define CRYS_KDF_INVALID_KEYING_DATA_SIZE_ERROR (CRYS_KDF_MODULE_ERROR_BASE + 0x7UL) -/*! Illegal algorithm ID pointer. */ -#define CRYS_KDF_INVALID_ALGORITHM_ID_POINTER_ERROR (CRYS_KDF_MODULE_ERROR_BASE + 0x8UL) -/*! Illegal algorithm ID size. */ -#define CRYS_KDF_INVALID_ALGORITHM_ID_SIZE_ERROR (CRYS_KDF_MODULE_ERROR_BASE + 0x9UL) -/*! KDF is not supproted. */ -#define CRYS_KDF_IS_NOT_SUPPORTED (CRYS_KDF_MODULE_ERROR_BASE + 0xFFUL) - -/************************ Enums *********************************/ - -/************************ Typedefs *****************************/ - -/************************ Structs ******************************/ - -/************************ Public Variables **********************/ - -/************************ Public Functions **********************/ - - - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif - - - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_pka_defs_hw.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_pka_defs_hw.h deleted file mode 100644 index 5073ad2..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_pka_defs_hw.h +++ /dev/null @@ -1,128 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - - -#ifndef _CRYS_PKA_DEFS_HW_H_ -#define _CRYS_PKA_DEFS_HW_H_ - -#include "ssi_pal_types.h" -#include "ssi_pka_hw_plat_defs.h" - -/*! -@defgroup cryptocell_pka CryptoCell PKA group -@{ -@ingroup cryptocell_api -@brief This group is the cryptocell PKA root group -@} - -@file -@brief The file contains all of the enums and definitions that are used in the PKA related code. -@defgroup crys_pka_defs_hw CryptoCell PKA specific definitions -@{ -@ingroup cryptocell_pka -*/ - - -/* The valid key sizes in bits for RSA primitives (exponentiation) */ -/*! Maximal RSA modulus size */ -#define CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS ((CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS + SASI_PKA_WORD_SIZE_IN_BITS) / SASI_BITS_IN_32BIT_WORD ) -/*! Maximal EC modulus size */ -#define CRYS_ECPKI_MODUL_MAX_LENGTH_IN_BITS 521 - -/*! size of buffers for Barrett modulus tag NP, used in PKI algorithms. */ -#define CRYS_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS 5 -/*! size of buffers for Barrett modulus tag NP, used in ECC. */ -#define CRYS_PKA_ECPKI_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS CRYS_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS -/*! Maximal PKA modulus size */ -#define CRYS_PKA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS -/*! Maximal PKA public key size in words */ -#define CRYS_PKA_PUB_KEY_BUFF_SIZE_IN_WORDS (2*CRYS_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS) -/*! Maximal PKA private key size in words */ -#define CRYS_PKA_PRIV_KEY_BUFF_SIZE_IN_WORDS (2*CRYS_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS) -/*! Maximal PKA KG buffer size in words */ -#define CRYS_PKA_KGDATA_BUFF_SIZE_IN_WORDS (3*CRYS_PKA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS) - - -/*! Maximal EC modulus size in words. */ -#define CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS 18 /*!< \internal [(CRYS_ECPKI_MODUL_MAX_LENGTH_IN_BITS + 31)/(sizeof(uint32_t)) + 1] */ -/*! Maximal EC order size in words. */ -#define CRYS_ECPKI_ORDER_MAX_LENGTH_IN_WORDS (CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS + 1) -/*! Maximal EC domain size in words. */ -#define CRYS_PKA_DOMAIN_BUFF_SIZE_IN_WORDS (2*CRYS_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS) - - -/*! ECC NAF buffer definitions */ -#define COUNT_NAF_WORDS_PER_KEY_WORD 8 /*!< \internal Change according to NAF representation (? 2)*/ -/*! Maximal ECC NAF length */ -#define CRYS_PKA_ECDSA_NAF_BUFF_MAX_LENGTH_IN_WORDS (COUNT_NAF_WORDS_PER_KEY_WORD*CRYS_ECPKI_ORDER_MAX_LENGTH_IN_WORDS + 1) - -#ifndef SSI_SUPPORT_ECC_SCA_SW_PROTECT -/* on fast SCA non protected mode required additional buffers for NAF key */ -/*! Scalar Buffer size in words */ -#define CRYS_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS (CRYS_PKA_ECDSA_NAF_BUFF_MAX_LENGTH_IN_WORDS+CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS+2) -#else -/*! Scalar Buffer size in words */ -#define CRYS_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS 1 /*(4*CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS)*/ -#endif -/*! ECC temp buffer size in words */ -#define CRYS_PKA_ECPKI_BUILD_TMP_BUFF_MAX_LENGTH_IN_WORDS (3*CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS+CRYS_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS) -/*! ECC sign temp buffer size in words */ -#define CRYS_PKA_ECDSA_SIGN_BUFF_MAX_LENGTH_IN_WORDS (6*CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS+CRYS_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS) -/*! ECC ecdh temp buffer size in words */ -#define CRYS_PKA_ECDH_BUFF_MAX_LENGTH_IN_WORDS (2*CRYS_ECPKI_ORDER_MAX_LENGTH_IN_WORDS + CRYS_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS) -/*! PKA KG temp buffer size in words */ -#define CRYS_PKA_KG_BUFF_MAX_LENGTH_IN_WORDS (2*CRYS_ECPKI_ORDER_MAX_LENGTH_IN_WORDS + CRYS_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS) -/*! ECC verify temp buffer size in words */ -#define CRYS_PKA_ECDSA_VERIFY_BUFF_MAX_LENGTH_IN_WORDS (3*CRYS_ECPKI_MODUL_MAX_LENGTH_IN_WORDS) - -/* *************************************************************************** */ -/*! Definitions of maximal size of modulus buffers for CRYS_EC_MONT and EC_EDW in bytes */ -#define CRYS_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_BYTES 32U /*!< \internal for Curve25519 */ -/*! Definitions of maximal size of modulus buffers for CRYS_EC_MONT and EC_EDW in words */ -#define CRYS_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_WORDS 8U /*!< \internal for Curve25519 */ -/*! ECC montgomery temp buffer size in words */ -#define CRYS_EC_MONT_TEMP_BUFF_SIZE_IN_32BIT_WORDS (8 * CRYS_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_WORDS) -/*! ECC edwards temp buffer size in words */ -#define CRYS_EC_EDW_TEMP_BUFF_SIZE_IN_32BIT_WORD (8*CRYS_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_WORDS + (sizeof(CRYS_HASHUserContext_t)+SASI_32BIT_WORD_SIZE-1)/SASI_32BIT_WORD_SIZE) - -/** -@} - */ -/** -@} - */ -#endif /*_CRYS_PKA_DEFS_HW_H_*/ - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_poly.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_poly.h deleted file mode 100644 index 7c5f218..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_poly.h +++ /dev/null @@ -1,107 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -/*! -@file -@brief This file contains all of the enums and definitions that are used for the - CRYS POLY APIs, as well as the APIs themselves. -@defgroup crys_poly CryptoCell POLY APIs -@{ -@ingroup cryptocell_api - -*/ -#ifndef CRYS_POLY_H -#define CRYS_POLY_H - - -#include "ssi_pal_types.h" -#include "crys_error.h" - - -#ifdef __cplusplus -extern "C" -{ -#endif - -/************************ Defines ******************************/ -/*! POLY KEY size in words. */ -#define CRYS_POLY_KEY_SIZE_IN_WORDS 8 -/*! POLY KEY size in bytes. */ -#define CRYS_POLY_KEY_SIZE_IN_BYTES (CRYS_POLY_KEY_SIZE_IN_WORDS*SASI_32BIT_WORD_SIZE) - -/*! POLY MAC size in words. */ -#define CRYS_POLY_MAC_SIZE_IN_WORDS 4 -/*! POLY MAC size in bytes. */ -#define CRYS_POLY_MAC_SIZE_IN_BYTES (CRYS_POLY_MAC_SIZE_IN_WORDS*SASI_32BIT_WORD_SIZE) - -/************************ Typedefs ****************************/ - -/*! CHACHA MAC buffer definition. */ -typedef uint32_t CRYS_POLY_Mac_t[CRYS_POLY_MAC_SIZE_IN_WORDS]; - -/*! CHACHA key buffer definition. */ -typedef uint32_t CRYS_POLY_Key_t[CRYS_POLY_KEY_SIZE_IN_WORDS]; - -/************************ Public Functions **********************/ - -/****************************************************************************************************/ -/*! -@brief This function is used to perform the POLY MAC Calculation. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_poly_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_POLY( - CRYS_POLY_Key_t pKey, /*!< [in] A pointer to the user's key buffer. */ - uint8_t *pDataIn, /*!< [in] A pointer to the buffer of the input data to the CHACHA. - must not be null. */ - size_t dataInSize, /*!< [in] The size of the input data. must not be 0. */ - CRYS_POLY_Mac_t macRes /*!< [in/out] Pointer to the MAC result buffer.*/ -); - - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif /* #ifndef CRYS_POLY_H */ - - - - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_poly_error.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_poly_error.h deleted file mode 100644 index 0b89892..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_poly_error.h +++ /dev/null @@ -1,89 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -#ifndef CRYS_POLY_ERROR_H -#define CRYS_POLY_ERROR_H - - -#include "crys_error.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! -@file -@brief This module contains the definitions of the CRYS POLY errors. -@defgroup crys_poly_error CryptoCell POLY specific errors -@{ -@ingroup crys_poly -*/ - - -/************************ Defines ******************************/ - -/*! The CRYS POLY module errors base address - 0x00F02500 */ -/*! Invalid key. */ -#define CRYS_POLY_KEY_INVALID_ERROR (CRYS_POLY_MODULE_ERROR_BASE + 0x01UL) -/*! Invalid input data. */ -#define CRYS_POLY_DATA_INVALID_ERROR (CRYS_POLY_MODULE_ERROR_BASE + 0x02UL) -/*! Illegal input data size. */ -#define CRYS_POLY_DATA_SIZE_INVALID_ERROR (CRYS_POLY_MODULE_ERROR_BASE + 0x03UL) -/*! MAC calculation error. */ -#define CRYS_POLY_MAC_CALCULATION_ERROR (CRYS_POLY_MODULE_ERROR_BASE + 0x04UL) - -/************************ Enums ********************************/ - -/************************ Typedefs ****************************/ - -/************************ Structs *****************************/ - -/************************ Public Variables *********************/ - -/************************ Public Functions *********************/ - -#ifdef __cplusplus -} -#endif - - -/** -@} - */ - -#endif - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rnd.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rnd.h deleted file mode 100644 index 12ba8ec..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rnd.h +++ /dev/null @@ -1,380 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - - -#ifndef CRYS_RND_H -#define CRYS_RND_H - -#include "crys_error.h" -#include "ssi_aes.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! -@file -@brief This file contains the CRYS APIs used for random number generation. -The random-number generation module implements referenced standard [SP800-90]. -@defgroup crys_rnd CryptoCell Random Generator APIs -@{ -@ingroup cryptocell_api -*/ - -/************************ Defines ******************************/ - -/*! Maximal reseed counter - indicates maximal number of -requests allowed between reseeds; according to NIST 800-90 -it is (2^48 - 1), our restriction is : (0xFFFFFFFF - 0xF).*/ -#define CRYS_RND_MAX_RESEED_COUNTER (0xFFFFFFFF - 0xF) - -/* Max size for one RNG generation (in bits) = - max_num_of_bits_per_request = 2^19 (FIPS 800-90 Tab.3) */ -/*! Maximal size of generated vector in bits. */ -#define CRYS_RND_MAX_GEN_VECTOR_SIZE_BITS 0x7FFFF -/*! Maximal size of generated vector in bytes. */ -#define CRYS_RND_MAX_GEN_VECTOR_SIZE_BYTES 0xFFFF - -/*! AES output block size in words. */ -#define CRYS_RND_AES_BLOCK_SIZE_IN_WORDS SASI_AES_BLOCK_SIZE_IN_WORDS - - -/* RND seed and additional input sizes */ -/*! Maximal size of random seed in words. */ -#define CRYS_RND_SEED_MAX_SIZE_WORDS 12 - -#ifndef CRYS_RND_ADDITINAL_INPUT_MAX_SIZE_WORDS -/*! Maximal size of additional input data in words. */ -#define CRYS_RND_ADDITINAL_INPUT_MAX_SIZE_WORDS CRYS_RND_SEED_MAX_SIZE_WORDS -#endif - -/* allowed sizes of AES Key, in words */ -/*! AES key size (128 bits) in words. */ -#define CRYS_RND_AES_KEY_128_SIZE_WORDS 4 -/*! AES key size (192 bits) in words. */ -#define CRYS_RND_AES_KEY_192_SIZE_WORDS 6 -/*! AES key size (256 bits) in words. */ -#define CRYS_RND_AES_KEY_256_SIZE_WORDS 8 - -/* Definitions of temp buffer for RND_DMA version of CRYS_RND */ -/*******************************************************************/ -/* Definitions of temp buffer for DMA version of CRYS_RND */ - -/*! Temporary buffer size in words. */ -#define CRYS_RND_WORK_BUFFER_SIZE_WORDS 1528 - -/*! A definition for RAM buffer to be internally used in instantiation (or reseeding) operation. */ -typedef struct -{ - /*! Internal buffer*/ - uint32_t crysRndWorkBuff[CRYS_RND_WORK_BUFFER_SIZE_WORDS]; -}CRYS_RND_WorkBuff_t; - -/*! A definition for entropy estimation data type. */ -#define CRYS_RND_EntropyEstimatData_t CRYS_RND_WorkBuff_t -/*! A definition for entropy estimation buffer. */ -#define crysRndEntrIntBuff crysRndWorkBuff - - -/* RND source buffer inner (entrpopy) offset */ -/*! An internal offset definition. */ -#define CRYS_RND_TRNG_SRC_INNER_OFFSET_WORDS 2 -/*! An internal offset definition. */ -#define CRYS_RND_TRNG_SRC_INNER_OFFSET_BYTES (CRYS_RND_TRNG_SRC_INNER_OFFSET_WORDS*sizeof(uint32_t)) - - - - -/* Size of the expected output buffer used by FIPS KAT */ -/*! FIPS Known answer test output size. */ -#define CRYS_PRNG_FIPS_KAT_OUT_DATA_SIZE 64 - -/************************ Enumerators ****************************/ - -/*! Definition of random operation modes. */ -typedef enum -{ - /*! SW entropy estimation mode. */ - CRYS_RND_Fast = 0, - /*! Full entropy mode. */ - CRYS_RND_Slow = 1, - /*! Reserved. */ - CRYS_RND_ModeLast = 0x7FFFFFFF, -} CRYS_RND_mode_t; - - - -/************************ Structs *****************************/ - - -/* The internal state of DRBG mechanism based on AES CTR and CBC-MAC - algorithms. It is set as global data defined by the following - structure */ -/*! RND state structure. Includes internal data that needs to be saved between boots by the user.*/ -typedef struct -{ - /* Seed buffer, consists from concatenated Key||V: max size 12 words */ - /*! Random Seed buffer */ - uint32_t Seed[CRYS_RND_SEED_MAX_SIZE_WORDS]; - /* Previous value for continuous test */ - /*! Previous random data (used for continuous test). */ - uint32_t PreviousRandValue[SASI_AES_BLOCK_SIZE_IN_WORDS]; - - /* AdditionalInput buffer max size = seed max size words + 4w for padding*/ - /*! Previous additional input buffer. */ - uint32_t PreviousAdditionalInput[CRYS_RND_ADDITINAL_INPUT_MAX_SIZE_WORDS+5]; - /*! Additional input buffer. */ - uint32_t AdditionalInput[CRYS_RND_ADDITINAL_INPUT_MAX_SIZE_WORDS+4]; - /*! Additional input size in words. */ - uint32_t AddInputSizeWords; /* size of additional data set by user, words */ - - /*! Entropy source size in words */ - uint32_t EntropySourceSizeWords; - - /*! Reseed counter (32 bits active) - indicates number of requests for entropy - since instantiation or reseeding */ - uint32_t ReseedCounter; - - /*! Key size: 4 or 8 words according to security strength 128 bits or 256 bits*/ - uint32_t KeySizeWords; - - /* State flag (see definition of StateFlag above), containing bit-fields, defining: - - b'0: instantiation steps: 0 - not done, 1 - done; - - 2b'9,8: working or testing mode: 0 - working, 1 - KAT DRBG test, 2 - - KAT TRNG test; - b'16: flag defining is Previous random valid or not: - 0 - not valid, 1 - valid */ - /*! State flag used internally in the code.*/ - uint32_t StateFlag; - - /* Trng processing flag - indicates which ROSC lengths are: - - allowed (bits 0-3); - - total started (bits 8-11); - - processed (bits 16-19); - - started, but not processed (bits24-27) */ - /*! TRNG process state used internally in the code */ - uint32_t TrngProcesState; - - /* validation tag */ - /*! Validation tag used internally in the code */ - uint32_t ValidTag; - - /*! Rnd source entropy size in bits */ - uint32_t EntropySizeBits; - -} CRYS_RND_State_t; - - -/*! The RND Generate vector function pointer type definition. - The prototype intendent for External and CRYS internal RND functions - pointers definitions. - Full description can be found in ::CRYS_RND_GenerateVector function API. */ -typedef uint32_t (*SaSiRndGenerateVectWorkFunc_t)( \ - void *rndState_ptr, /*context*/ \ - uint16_t outSizeBytes, /*in*/ \ - uint8_t *out_ptr /*out*/); - - - -/*! Data structure required for internal FIPS verification for PRNG KAT. */ -typedef struct -{ - /*! Internal working buffer. */ - CRYS_RND_WorkBuff_t rndWorkBuff; - /*! Output buffer. */ - uint8_t rndOutputBuff[CRYS_PRNG_FIPS_KAT_OUT_DATA_SIZE]; -} CRYS_PrngFipsKatCtx_t; - - -/*****************************************************************************/ -/********************** Public Functions *************************/ -/*****************************************************************************/ - -/*! -@brief This function initializes the RND context. -It must be called at least once prior to using this context with any API that requires it as a parameter (e.g., other RND APIs, asymmetric -cryptography key generation and signatures). -It is called as part of ARM TrustZone CryptoCell library initialization, which initializes and returns the primary RND context. -This primary context can be used as a single global context for all RND needs. -Alternatively, other contexts may be initialized and used with a more limited scope (for specific applications or specific threads). -The call to this function must be followed by a call to ::CRYS_RND_SetGenerateVectorFunc API to set the generate vector function. -It implements referenced standard [SP800-90] - 10.2.1.3.2 - CTR-DRBG Instantiate algorithm using AES (FIPS-PUB 197) and Derivation Function (DF). -\note Additional data can be mixed with the random seed (personalization data or nonce). If required, this data should be provided by calling ::CRYS_RND_AddAdditionalInput prior to using this API. - -@return CRYS_OK on success. -@return A non-zero value from crys_rnd_error.h on failure. -*/ -CIMPORT_C CRYSError_t CRYS_RND_Instantiation( - void *rndState_ptr, /*!< [in/out] Pointer to the RND state buffer allocated by the user, which is used to - maintain the RND state. This context state must be saved and provided as a - parameter to any API that uses the RND module. - \note the context must be cleared before sent to the function. */ - CRYS_RND_WorkBuff_t *rndWorkBuff_ptr /*!< [in/out] Scratchpad for the RND module's work. */ -); - - -/*! -@brief Clears existing RNG instantiation state. - -@return CRYS_OK on success. -@return A non-zero value from crys_rnd_error.h on failure. -*/ -CIMPORT_C CRYSError_t CRYS_RND_UnInstantiation( - void *rndState_ptr /*!< [in/out] Pointer to the RND context state buffer. */ -); - - -/*! -@brief This function is used for reseeding the RNG with additional entropy and additional user-provided input. -(additional data should be provided by calling ::CRYS_RND_AddAdditionalInput prior to using this API). -It implements referenced standard [SP800-90] - 10.2.1.4.2 - CTR-DRBG Reseeding algorithm, using AES (FIPS-PUB 197) and Derivation Function (DF). - -@return CRYS_OK on success. -@return A non-zero value from crys_rnd_error.h on failure. -*/ -CIMPORT_C CRYSError_t CRYS_RND_Reseeding( - void *rndState_ptr, /*!< [in/out] Pointer to the RND context buffer. */ - CRYS_RND_WorkBuff_t *rndWorkBuff_ptr /*!< [in/out] Scratchpad for the RND module's work. */ -); - - -/****************************************************************************************/ -/*! -@brief Generates a random vector according to the algorithm defined in referenced standard [SP800-90] - 10.2.1.5.2 - CTR-DRBG. -The generation algorithm uses AES (FIPS-PUB 197) and Derivation Function (DF). - -\note -
      • The RND module must be instantiated prior to invocation of this API.
        • -
      • In the following cases, Reseeding operation must be performed prior to vector generation:
        • -
        • Prediction resistance is required.
          • -
        • The function returns CRYS_RND_RESEED_COUNTER_OVERFLOW_ERROR, stating that the Reseed Counter has passed its upper-limit (2^32-2).
      - -@return CRYS_OK on success. -@return A non-zero value from crys_rnd_error.h on failure. -*/ -CIMPORT_C CRYSError_t CRYS_RND_GenerateVector( - void *rndState_ptr, /*!< [in/out] Pointer to the RND state structure, which is part of the RND context structure. - Use rndContext->rndState field of the context for this parameter. */ - uint16_t outSizeBytes, /*!< [in] The size in bytes of the random vector required. The maximal size is 2^16 -1 bytes. */ - uint8_t *out_ptr /*!< [out] The pointer to output buffer. */ -); - - - -/**********************************************************************************************************/ -/*! -@brief Generates a random vector with specific limitations by testing candidates (described and used in FIPS 186-4: B.1.2, B.4.2 etc.). - -This function draws a random vector, compare it to the range limits, and if within range - return it in rndVect_ptr. -If outside the range, the function continues retrying until a conforming vector is found, or the maximal retries limit is exceeded. -If maxVect_ptr is provided, rndSizeInBits specifies its size, and the output vector must conform to the range [1 < rndVect < maxVect]. -If maxVect_ptr is NULL, rndSizeInBits specifies the exact required vector size, and the output vector must be the exact same -bit size (with its most significant bit = 1). -\note -The RND module must be instantiated prior to invocation of this API. - -@return CRYS_OK on success. -@return A non-zero value from crys_rnd_error.h on failure. -*/ -CIMPORT_C CRYSError_t CRYS_RND_GenerateVectorInRange( - void *rndState_ptr, /*!< [in/out] Pointer to the RND state structure. */ - SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to the random vector generation function. */ - uint32_t rndSizeInBits, /*!< [in] The size in bits of the random vector required. The allowed size in range 2 <= rndSizeInBits < 2^19-1, bits. */ - uint8_t *maxVect_ptr, /*!< [in] Pointer to the vector defining the upper limit for the random vector output, Given as little-endian byte array. - If not NULL, its actual size is treated as [(rndSizeInBits+7)/8] bytes and its value must be in range (3, 2^19) */ - uint8_t *rndVect_ptr /*!< [in/out] Pointer to the output buffer for the random vector. Must be at least [(rndSizeInBits+7)/8] bytes. - Treated as little-endian byte array. */ -); - - -/*************************************************************************************/ -/*! -@brief Used for adding additional input/personalization data provided by the user, -to be later used by the ::CRYS_RND_Instantiation/::CRYS_RND_Reseeding/::CRYS_RND_GenerateVector functions. - -@return CRYS_OK on success. -@return A non-zero value from crys_rnd_error.h on failure. -*/ -CIMPORT_C CRYSError_t CRYS_RND_AddAdditionalInput( - void *rndState_ptr, /*!< [in/out] Pointer to the RND context state buffer. */ - uint8_t *additonalInput_ptr, /*!< [in] The Additional Input buffer. */ - uint16_t additonalInputSize /*!< [in] The size of the Additional Input buffer. It must - be <= CRYS_RND_ADDITINAL_INPUT_MAX_SIZE_WORDS and a multiple of 4. */ -); - -/*! -@brief The CRYS_RND_EnterKatMode function sets KAT mode bit into StateFlag of global CRYS_RND_WorkingState structure. - -The user must call this function before calling functions performing KAT tests. - -\note Total size of entropy and nonce must be not great than 126 words (maximal size of entropy and nonce). - -@return CRYS_OK on success. -@return A non-zero value from crys_rnd_error.h on failure. -*/ -CIMPORT_C CRYSError_t CRYS_RND_EnterKatMode( - void *rndState_ptr, /*!< [in/out] Pointer to the RND context state buffer. */ - uint8_t *entrData_ptr, /*!< [in] Entropy data. */ - uint32_t entrSize, /*!< [in] Entropy size in bytes. */ - uint8_t *nonce_ptr, /*!< [in] Nonce. */ - uint32_t nonceSize, /*!< [in] Entropy size in bytes. */ - CRYS_RND_WorkBuff_t *workBuff_ptr /*!< [out] RND working buffer, must be the same buffer, which should be passed into - Instantiation/Reseeding functions. */ -); - -/**********************************************************************************************************/ -/*! -@brief The CRYS_RND_DisableKatMode function disables KAT mode bit into StateFlag of global CRYS_RND_State_t structure. - -The user must call this function after KAT tests before actual using RND module (Instantiation etc.). - -@return CRYS_OK on success. -@return A non-zero value from crys_rnd_error.h on failure. -*/ -CIMPORT_C void CRYS_RND_DisableKatMode( - void *rndState_ptr /*!< [in/out] Pointer to the RND state buffer. */ -); - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif /* #ifndef CRYS_RND_H */ - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rnd_error.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rnd_error.h deleted file mode 100644 index a38f3bc..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rnd_error.h +++ /dev/null @@ -1,153 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - - -#ifndef CRYS_RND_ERROR_H -#define CRYS_RND_ERROR_H - -#include "crys_error.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - - -/*! -@file -@brief This module contains the definitions of the CRYS RND errors. -@defgroup crys_rnd_error CryptoCell RND specific errors -@{ -@ingroup crys_rnd -*/ - - - -/************************ Defines ******************************/ -/*! RND module on the CRYS layer base address - 0x00F00C00 */ - -/*! Illegal output pointer.*/ -#define CRYS_RND_DATA_OUT_POINTER_INVALID_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x0UL) -/*! Random generation in range failed .*/ -#define CRYS_RND_CAN_NOT_GENERATE_RAND_IN_RANGE (CRYS_RND_MODULE_ERROR_BASE + 0x1UL) -/*! CPRNGT test failed.*/ -#define CRYS_RND_CPRNG_TEST_FAIL_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x2UL) -/*! Illegal additional data buffer. */ -#define CRYS_RND_ADDITIONAL_INPUT_BUFFER_NULL (CRYS_RND_MODULE_ERROR_BASE + 0x3UL) -/*! Illegal additional data size. */ -#define CRYS_RND_ADDITIONAL_INPUT_SIZE_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x4UL) -/*! Data size overflow. */ -#define CRYS_RND_DATA_SIZE_OVERFLOW_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x5UL) -/*! Illegal vector size. */ -#define CRYS_RND_VECTOR_SIZE_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x6UL) -/*! Reseed counter overflow - in case this error was returned instantiation or reseeding operation must be called. */ -#define CRYS_RND_RESEED_COUNTER_OVERFLOW_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x7UL) -/*! Instantiation was not yet called. */ -#define CRYS_RND_INSTANTIATION_NOT_DONE_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x8UL) -/*! TRNG loss of samples. */ -#define CRYS_RND_TRNG_LOSS_SAMPLES_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x9UL) -/*! TRNG Time exceeded limitations. */ -#define CRYS_RND_TRNG_TIME_EXCEED_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0xAUL) -/*! TRNG loss of samples and time exceeded limitations. */ -#define CRYS_RND_TRNG_LOSS_SAMPLES_AND_TIME_EXCEED_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0xBUL) -/*! RND is in Known Answer Test mode. */ -#define CRYS_RND_IS_KAT_MODE_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0xCUL) -/*! RND operation not supported. */ -#define CRYS_RND_OPERATION_IS_NOT_SUPPORTED_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0xDUL) -/*! RND validity check failed. */ -#define CRYS_RND_STATE_VALIDATION_TAG_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0xEUL) -/*! RND is not supported. */ -#define CRYS_RND_IS_NOT_SUPPORTED (CRYS_RND_MODULE_ERROR_BASE + 0xFUL) - -/*! Illegal generate vector function pointer. */ -#define CRYS_RND_GEN_VECTOR_FUNC_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x14UL) - -/*! Illegal work buffer pointer. */ -#define CRYS_RND_WORK_BUFFER_PTR_INVALID_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x20UL) -/*! Illegal AES key size. */ -#define CRYS_RND_ILLEGAL_AES_KEY_SIZE_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x21UL) -/*! Illegal data pointer. */ -#define CRYS_RND_ILLEGAL_DATA_PTR_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x22UL) -/*! Illegal data size. */ -#define CRYS_RND_ILLEGAL_DATA_SIZE_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x23UL) -/*! Illegal parameter. */ -#define CRYS_RND_ILLEGAL_PARAMETER_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x24UL) -/*! Illegal RND state pointer. */ -#define CRYS_RND_STATE_PTR_INVALID_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x25UL) -/*! TRNG errors. */ -#define CRYS_RND_TRNG_ERRORS_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x26UL) -/*! Illegal context pointer. */ -#define CRYS_RND_CONTEXT_PTR_INVALID_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x27UL) - -/*! Illegal output vector pointer. */ -#define CRYS_RND_VECTOR_OUT_PTR_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x30UL) -/*! Illegal output vector size. */ -#define CRYS_RND_VECTOR_OUT_SIZE_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x31UL) -/*! Maximal vector size is too small. */ -#define CRYS_RND_MAX_VECTOR_IS_TOO_SMALL_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x32UL) -/*! Illegal Known Answer Tests parameters. */ -#define CRYS_RND_KAT_DATA_PARAMS_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x33UL) -/*! TRNG Known Answer Test not supported. */ -#define CRYS_RND_TRNG_KAT_NOT_SUPPORTED_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x34UL) -/*! SRAM memory is not defined. */ -#define CRYS_RND_SRAM_NOT_SUPPORTED_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x35UL) -/*! AES operation failure. */ -#define CRYS_RND_AES_ERROR (CRYS_RND_MODULE_ERROR_BASE + 0x36UL) - - -/************************ Enums ********************************/ - - -/************************ Typedefs ****************************/ - - -/************************ Structs ******************************/ - - -/************************ Public Variables **********************/ - - -/************************ Public Functions **********************/ - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rsa_build.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rsa_build.h deleted file mode 100644 index c522aa3..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rsa_build.h +++ /dev/null @@ -1,152 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - -#ifndef CRYS_RSA_BUILD_H -#define CRYS_RSA_BUILD_H - - -#include "crys_error.h" -#include "crys_rsa_types.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! -@defgroup crys_rsa CryptoCell RSA APIs -@{ -@ingroup cryptocell_api -@brief This group is the cryptocell ECC root group -@} - -@file -@brief This module defines some utility functions for working with RSA cryptography. -@defgroup crys_rsa_build CryptoCell RSA Utility APIs -@{ -@ingroup crys_rsa -*/ - -/******************************************************************************************/ -/*! -@brief Builds a ::CRYSRSAPubKey_t public key structure with the provided modulus and exponent. - -@return CRYS_OK on success. -@return A non-zero value from crys_rsa_error.h on failure. -*/ -CIMPORT_C CRYSError_t CRYS_RSA_Build_PubKey( - CRYS_RSAUserPubKey_t *UserPubKey_ptr, /*!< [out] Pointer to the public key structure. */ - uint8_t *Exponent_ptr, /*!< [in] Pointer to the exponent stream of bytes (Big-Endian format). */ - uint16_t ExponentSize, /*!< [in] The size of the exponent (in bytes). */ - uint8_t *Modulus_ptr, /*!< [in] Pointer to the modulus stream of bytes (Big-Endian format). - The most significant bit (MSB) must be set to '1'. */ - uint16_t ModulusSize /*!< [in] The modulus size in bytes. Supported sizes are 64, 128, 256, 384 and 512. */ -); - - -/******************************************************************************************/ -/*! -@brief Builds a ::CRYSRSAPrivKey_t private key structure with the provided modulus and exponent, marking the key as a non-CRT key. - -@return CRYS_OK on success. -@return A non-zero value from crys_rsa_error.h on failure. -*/ -CIMPORT_C CRYSError_t CRYS_RSA_Build_PrivKey( - CRYS_RSAUserPrivKey_t *UserPrivKey_ptr, /*!< [out] Pointer to the public key structure.*/ - uint8_t *PrivExponent_ptr, /*!< [in] Pointer to the private exponent stream of bytes (Big-Endian format). */ - uint16_t PrivExponentSize, /*!< [in] The size of the private exponent (in bytes). */ - uint8_t *PubExponent_ptr, /*!< [in] Pointer to the public exponent stream of bytes (Big-Endian format). */ - uint16_t PubExponentSize, /*!< [in] The size of the public exponent (in bytes). */ - uint8_t *Modulus_ptr, /*!< [in] Pointer to the modulus stream of bytes (Big-Endian format). - The most significant bit must be set to '1'. */ - uint16_t ModulusSize /*!< [in] The modulus size in bytes. Supported sizes are 64, 128, 256, 384 and 512. */ -); - -/******************************************************************************************/ -/*! -@brief Builds a ::CRYSRSAPrivKey_t private key structure with the provided parameters, marking the key as a CRT key. - -@return CRYS_OK on success. -@return A non-zero value from crys_rsa_error.h on failure. -*/ -CIMPORT_C CRYSError_t CRYS_RSA_Build_PrivKeyCRT( - CRYS_RSAUserPrivKey_t *UserPrivKey_ptr, /*!< [out] Pointer to the public key structure. */ - uint8_t *P_ptr, /*!< [in] Pointer to the first factor stream of bytes (Big-Endian format). */ - uint16_t PSize, /*!< [in] The size of the first factor (in bytes). */ - uint8_t *Q_ptr, /*!< [in] Pointer to the second factor stream of bytes (Big-Endian format). */ - uint16_t QSize, /*!< [in] The size of the second factor (in bytes). */ - uint8_t *dP_ptr, /*!< [in] Pointer to the first factor's CRT exponent stream of bytes - (Big-Endian format). */ - uint16_t dPSize, /*!< [in] The size of the first factor's CRT exponent (in bytes). */ - uint8_t *dQ_ptr, /*!< [in] Pointer to the second factor's CRT exponent stream of bytes - (Big-Endian format). */ - uint16_t dQSize, /*!< [in] The size of the second factor's CRT exponent (in bytes). */ - uint8_t *qInv_ptr, /*!< [in] Pointer to the first CRT coefficient stream of bytes (Big-Endian format). */ - uint16_t qInvSize /*!< [in] The size of the first CRT coefficient (in bytes). */ -); - - -/******************************************************************************************/ -/*! -@brief The function gets the e,n public key parameters from the input -CRYS_RSAUserPubKey_t structure. The function can also be used to retrieve the -modulus and exponent sizes only (Exponent_ptr AND Modulus_ptr must be set to -NULL). - -\note All members of input UserPubKey_ptr structure must be initialized. - -@return CRYS_OK on success. -@return A non-zero value from crys_rsa_error.h on failure. -*/ -CIMPORT_C CRYSError_t CRYS_RSA_Get_PubKey( - CRYS_RSAUserPubKey_t *UserPubKey_ptr, /*!< [in] A pointer to the public key structure. */ - uint8_t *Exponent_ptr, /*!< [out] A pointer to the exponent stream of bytes (Big-Endian format). */ - uint16_t *ExponentSize_ptr, /*!< [in/out] the size of the exponent buffer in bytes, - it is updated to the actual size of the exponent, in bytes. */ - uint8_t *Modulus_ptr, /*!< [out] A pointer to the modulus stream of bytes (Big-Endian format). - The MS (most significant) bit must be set to '1'. */ - uint16_t *ModulusSize_ptr /*!< [in/out] the size of the modulus buffer in bytes, it is updated to the actual - size of the modulus, in bytes. */ -); - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rsa_error.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rsa_error.h deleted file mode 100644 index a8468ff..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rsa_error.h +++ /dev/null @@ -1,277 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - - #ifndef CRYS_RSA_ERROR_H -#define CRYS_RSA_ERROR_H - - -#include "crys_error.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! @file -@brief This module contains the definitions of the CRYS RSA errors. -@defgroup crys_rsa_error CryptoCell RSA specific errors -@{ -@ingroup crys_rsa -*/ - -/************************ Defines ******************************/ - -/*! CRYS RSA module on the CRYS layer base address - 0x00F00400 */ - -/*! The CRYS RSA module errors */ -/*! Illegal modulus size. */ -#define CRYS_RSA_INVALID_MODULUS_SIZE (CRYS_RSA_MODULE_ERROR_BASE + 0x0UL) -/*! Illegal modulus pointer. */ -#define CRYS_RSA_INVALID_MODULUS_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x1UL) -/*! Illegal exponent pointer. */ -#define CRYS_RSA_INVALID_EXPONENT_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x2UL) -/*! Illegal public key structure pointer. */ -#define CRYS_RSA_INVALID_PUB_KEY_STRUCT_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x3UL) -/*! Illegal private key structure pointer. */ -#define CRYS_RSA_INVALID_PRIV_KEY_STRUCT_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x4UL) -/*! Illegal exponent value. */ -#define CRYS_RSA_INVALID_EXPONENT_VAL (CRYS_RSA_MODULE_ERROR_BASE + 0x5UL) -/*! Illegal exponent size. */ -#define CRYS_RSA_INVALID_EXPONENT_SIZE (CRYS_RSA_MODULE_ERROR_BASE + 0x6UL) -/*! Illegal CRT first factor pointer (P_ptr) . */ -#define CRYS_RSA_INVALID_CRT_FIRST_FACTOR_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x7UL) -/*! Illegal CRT second factor pointer (Q_ptr) . */ -#define CRYS_RSA_INVALID_CRT_SECOND_FACTOR_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x8UL) -/*! Illegal CRT first exponent factor pointer (dP_ptr) . */ -#define CRYS_RSA_INVALID_CRT_FIRST_FACTOR_EXP_PTR_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x9UL) -/*! Illegal CRT second exponent factor pointer (dQ_ptr) . */ -#define CRYS_RSA_INVALID_CRT_SECOND_FACTOR_EXP_PTR_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0xAUL) -/*! Illegal CRT coefficient pointer (qInv_ptr) . */ -#define CRYS_RSA_INVALID_CRT_COEFFICIENT_PTR_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0xBUL) -/*! Illegal CRT first factor size (Psize). */ -#define CRYS_RSA_INVALID_CRT_FIRST_FACTOR_SIZE (CRYS_RSA_MODULE_ERROR_BASE + 0xCUL) -/*! Illegal CRT second factor size (Qsize). */ -#define CRYS_RSA_INVALID_CRT_SECOND_FACTOR_SIZE (CRYS_RSA_MODULE_ERROR_BASE + 0xDUL) -/*! Illegal CRT first and second factor size (Psize + Qsize). */ -#define CRYS_RSA_INVALID_CRT_FIRST_AND_SECOND_FACTOR_SIZE (CRYS_RSA_MODULE_ERROR_BASE + 0xEUL) -/*! Illegal CRT first factor exponent value (dP). */ -#define CRYS_RSA_INVALID_CRT_FIRST_FACTOR_EXPONENT_VAL (CRYS_RSA_MODULE_ERROR_BASE + 0xFUL) -/*! Illegal CRT first factor exponent value (dQ). */ -#define CRYS_RSA_INVALID_CRT_SECOND_FACTOR_EXPONENT_VAL (CRYS_RSA_MODULE_ERROR_BASE + 0x10UL) -/*! Illegal CRT coefficient value (qInv). */ -#define CRYS_RSA_INVALID_CRT_COEFF_VAL (CRYS_RSA_MODULE_ERROR_BASE + 0x11UL) -/*! Illegal data in. */ -#define CRYS_RSA_DATA_POINTER_INVALID_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x12UL) -/*! Illegal message data size. */ -#define CRYS_RSA_INVALID_MESSAGE_DATA_SIZE (CRYS_RSA_MODULE_ERROR_BASE + 0x13UL) -/*! Illegal message value. */ -#define CRYS_RSA_INVALID_MESSAGE_VAL (CRYS_RSA_MODULE_ERROR_BASE + 0x14UL) - -/*! Modulus even error. */ -#define CRYS_RSA_MODULUS_EVEN_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x15UL) -/*! Illegal context pointer. */ -#define CRYS_RSA_INVALID_USER_CONTEXT_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x16UL) -/*! Illegal hash operation mode. */ -#define CRYS_RSA_HASH_ILLEGAL_OPERATION_MODE_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x17UL) -/*! Illegal MGF value. */ -#define CRYS_RSA_MGF_ILLEGAL_ARG_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x18UL) -/*! Illegal PKCS1 version. */ -#define CRYS_RSA_PKCS1_VER_ARG_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x19UL) - -/*! Invalid private key. */ -#define CRYS_RSA_PRIV_KEY_VALIDATION_TAG_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x1AUL) -/*! Invalid public key. */ -#define CRYS_RSA_PUB_KEY_VALIDATION_TAG_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x1BUL) -/*! Invalid context. */ -#define CRYS_RSA_USER_CONTEXT_VALIDATION_TAG_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x1CUL) -/*! Illegal output pointer. */ -#define CRYS_RSA_INVALID_OUTPUT_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x1DUL) -/*! Illegal output size pointer. */ -#define CRYS_RSA_INVALID_OUTPUT_SIZE_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x1FUL) -/*! Illegal temporary buffer pointer. */ -#define CRYS_RSA_CONV_TO_CRT_INVALID_TEMP_BUFF_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x20UL) - -/*! OAEP encode parameter string is too long. */ -#define CRYS_RSA_BASE_OAEP_ENCODE_PARAMETER_STRING_TOO_LONG (CRYS_RSA_MODULE_ERROR_BASE + 0x22UL) -/*! OAEP decode parameter string is too long. */ -#define CRYS_RSA_BASE_OAEP_DECODE_PARAMETER_STRING_TOO_LONG (CRYS_RSA_MODULE_ERROR_BASE + 0x23UL) -/*! OAEP encode message is too long. */ -#define CRYS_RSA_BASE_OAEP_ENCODE_MESSAGE_TOO_LONG (CRYS_RSA_MODULE_ERROR_BASE + 0x24UL) -/*! OAEP decode message is too long. */ -#define CRYS_RSA_BASE_OAEP_DECODE_MESSAGE_TOO_LONG (CRYS_RSA_MODULE_ERROR_BASE + 0x25UL) -/*! Illegal key generation data struct pointer. */ -#define CRYS_RSA_KEY_GEN_DATA_STRUCT_POINTER_INVALID (CRYS_RSA_MODULE_ERROR_BASE + 0x26UL) -/*! Illegal PRIM data struct pointer. */ -#define CRYS_RSA_PRIM_DATA_STRUCT_POINTER_INVALID (CRYS_RSA_MODULE_ERROR_BASE + 0x27UL) -/*! Illegal message buffer size. */ -#define CRYS_RSA_INVALID_MESSAGE_BUFFER_SIZE (CRYS_RSA_MODULE_ERROR_BASE + 0x28UL) -/*! Illegal signature buffer size. */ -#define CRYS_RSA_INVALID_SIGNATURE_BUFFER_SIZE (CRYS_RSA_MODULE_ERROR_BASE + 0x29UL) -/*! Illegal modulus size pointer. */ -#define CRYS_RSA_INVALID_MOD_BUFFER_SIZE_POINTER (CRYS_RSA_MODULE_ERROR_BASE + 0x2AUL) -/*! Illegal exponent size pointer. */ -#define CRYS_RSA_INVALID_EXP_BUFFER_SIZE_POINTER (CRYS_RSA_MODULE_ERROR_BASE + 0x2BUL) -/*! Illegal signature pointer. */ -#define CRYS_RSA_INVALID_SIGNATURE_BUFFER_POINTER (CRYS_RSA_MODULE_ERROR_BASE + 0x2CUL) -/*! Wrong private key type. */ -#define CRYS_RSA_WRONG_PRIVATE_KEY_TYPE (CRYS_RSA_MODULE_ERROR_BASE + 0x2DUL) - -/*! Illegal CRT first factor size pointer (Psize) . */ -#define CRYS_RSA_INVALID_CRT_FIRST_FACTOR_SIZE_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x2EUL) -/*! Illegal CRT second factor size pointer (Qsize) . */ -#define CRYS_RSA_INVALID_CRT_SECOND_FACTOR_SIZE_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x2FUL) -/*! Illegal CRT first factor exponent size pointer (dPsize) . */ -#define CRYS_RSA_INVALID_CRT_FIRST_FACTOR_EXP_SIZE_PTR_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x30UL) -/*! Illegal CRT second factor exponent size pointer (dQsize) . */ -#define CRYS_RSA_INVALID_CRT_SECOND_FACTOR_EXP_SIZE_PTR_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x31UL) -/*! Illegal CRT coefficient size pointer (qInvsize) . */ -#define CRYS_RSA_INVALID_CRT_COEFFICIENT_SIZE_PTR_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x32UL) - -/*! Illegal CRT first factor size (Psize) . */ -#define CRYS_RSA_INVALID_CRT_FIRST_FACTOR_SIZE_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x33UL) -/*! Illegal CRT second factor size (Qsize) . */ -#define CRYS_RSA_INVALID_CRT_SECOND_FACTOR_SIZE_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x34UL) -/*! Illegal CRT first factor exponent size (dPsize) . */ -#define CRYS_RSA_INVALID_CRT_FIRST_FACTOR_EXP_SIZE_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x35UL) -/*! Illegal CRT second factor exponent size (dQsize) . */ -#define CRYS_RSA_INVALID_CRT_SECOND_FACTOR_EXP_SIZE_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x36UL) -/*! Illegal CRT coefficient size (qInvsize) . */ -#define CRYS_RSA_INVALID_CRT_COEFFICIENT_SIZE_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x37UL) -/*! Key generation conditional test failed. */ -#define CRYS_RSA_KEY_GEN_CONDITIONAL_TEST_FAIL_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x38UL) - -/*! Random generation in range failed. */ -#define CRYS_RSA_CAN_NOT_GENERATE_RAND_IN_RANGE (CRYS_RSA_MODULE_ERROR_BASE + 0x39UL) -/*! Illegal CRT parameter size. */ -#define CRYS_RSA_INVALID_CRT_PARAMETR_SIZE_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x3AUL) - -/*! Illegal modulus. */ -#define CRYS_RSA_INVALID_MODULUS_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x40UL) -/*! Illegal pointer. */ -#define CRYS_RSA_INVALID_PTR_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x41UL) -/*! Illegal decryption mode. */ -#define CRYS_RSA_INVALID_DECRYPRION_MODE_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x42UL) - -/*! Illegal generated private key. */ -#define CRYS_RSA_GENERATED_PRIV_KEY_IS_TOO_LOW (CRYS_RSA_MODULE_ERROR_BASE + 0x43UL) -/*! Key generation error. */ -#define CRYS_RSA_KEY_GENERATION_FAILURE_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x44UL) -/*! Internal error. */ -#define CRYS_RSA_INTERNAL_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x45UL) - - -/**************************************************************************************** - * PKCS#1 VERSION 1.5 ERRORS - ****************************************************************************************/ -/*! BER encoding passed. */ -#define CRYS_RSA_BER_ENCODING_OK CRYS_OK -/*! Error in BER parsing. */ -#define CRYS_RSA_ERROR_BER_PARSING (CRYS_RSA_MODULE_ERROR_BASE+0x51UL) -/*! Error in PKCS15 message. */ -#define CRYS_RSA_ENCODE_15_MSG_OUT_OF_RANGE (CRYS_RSA_MODULE_ERROR_BASE+0x52UL) -/*! Error in PKCS15 PS. */ -#define CRYS_RSA_ENCODE_15_PS_TOO_SHORT (CRYS_RSA_MODULE_ERROR_BASE+0x53UL) -/*! PKCS15 block type is not supported. */ -#define CRYS_RSA_PKCS1_15_BLOCK_TYPE_NOT_SUPPORTED (CRYS_RSA_MODULE_ERROR_BASE+0x54UL) -/*! Error in PKCS15 decrypted block parsing. */ -#define CRYS_RSA_15_ERROR_IN_DECRYPTED_BLOCK_PARSING (CRYS_RSA_MODULE_ERROR_BASE+0x55UL) -/*! Error in random operation. */ -#define CRYS_RSA_ERROR_IN_RANDOM_OPERATION_FOR_ENCODE (CRYS_RSA_MODULE_ERROR_BASE+0x56UL) -/*! PKCS15 verification failed. */ -#define CRYS_RSA_ERROR_VER15_INCONSISTENT_VERIFY (CRYS_RSA_MODULE_ERROR_BASE+0x57UL) -/*! Illegal message size (in no hash operation case). */ -#define CRYS_RSA_INVALID_MESSAGE_DATA_SIZE_IN_NO_HASH_CASE (CRYS_RSA_MODULE_ERROR_BASE+0x58UL) -/*! Illegal message size. */ -#define CRYS_RSA_INVALID_MESSAGE_DATA_SIZE_IN_SSL_CASE (CRYS_RSA_MODULE_ERROR_BASE+0x59UL) -/*! PKCS#1 Ver 1.5 verify hash input inconsistent with hash mode derived from signature. */ -#define CRYS_RSA_PKCS15_VERIFY_BER_ENCODING_HASH_TYPE (CRYS_RSA_MODULE_ERROR_BASE+0x60UL) -/*! Illegal DER hash mode */ -#define CRYS_RSA_GET_DER_HASH_MODE_ILLEGAL (CRYS_RSA_MODULE_ERROR_BASE+0x61UL) - -/**************************************************************************************** - * PKCS#1 VERSION 2.1 ERRORS - ****************************************************************************************/ -/*! Illegal salt length. */ -#define CRYS_RSA_PSS_ENCODING_MODULUS_HASH_SALT_LENGTHS_ERROR (CRYS_RSA_MODULE_ERROR_BASE+0x80UL) -/*! Illegal MGF mask. */ -#define CRYS_RSA_BASE_MGF_MASK_TOO_LONG (CRYS_RSA_MODULE_ERROR_BASE+0x81UL) -/*! PSS verification failed. */ -#define CRYS_RSA_ERROR_PSS_INCONSISTENT_VERIFY (CRYS_RSA_MODULE_ERROR_BASE+0x82UL) -/*! OAEP message too long. */ -#define CRYS_RSA_OAEP_VER21_MESSAGE_TOO_LONG (CRYS_RSA_MODULE_ERROR_BASE+0x83UL) -/*! OAEP error in decrypted block parsing. */ -#define CRYS_RSA_ERROR_IN_DECRYPTED_BLOCK_PARSING (CRYS_RSA_MODULE_ERROR_BASE+0x84UL) -/*! OAEP decoding error. */ -#define CRYS_RSA_OAEP_DECODE_ERROR (CRYS_RSA_MODULE_ERROR_BASE+0x85UL) -/*! Error in decrypted data size. */ -#define CRYS_RSA_15_ERROR_IN_DECRYPTED_DATA_SIZE (CRYS_RSA_MODULE_ERROR_BASE+0x86UL) -/*! Error in decrypted data. */ -#define CRYS_RSA_15_ERROR_IN_DECRYPTED_DATA (CRYS_RSA_MODULE_ERROR_BASE+0x87UL) -/*! Illegal L pointer. */ -#define CRYS_RSA_OAEP_L_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE+0x88UL) -/*! Illegal output size. */ -#define CRYS_RSA_DECRYPT_INVALID_OUTPUT_SIZE (CRYS_RSA_MODULE_ERROR_BASE+0x89UL) -/*! Illegal output size pointer. */ -#define CRYS_RSA_DECRYPT_OUTPUT_SIZE_POINTER_ERROR (CRYS_RSA_MODULE_ERROR_BASE+0x8AUL) -/*! Illegal parameters. */ -#define CRYS_RSA_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR (CRYS_RSA_MODULE_ERROR_BASE + 0x93UL) -/*! RSA is not supported. */ -#define CRYS_RSA_IS_NOT_SUPPORTED (CRYS_RSA_MODULE_ERROR_BASE+0xFFUL) - - -/************************ Enums ********************************/ - - -/************************ Typedefs ****************************/ - - -/************************ Structs ******************************/ - - -/************************ Public Variables **********************/ - - -/************************ Public Functions **********************/ - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rsa_kg.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rsa_kg.h deleted file mode 100644 index 401fb2e..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rsa_kg.h +++ /dev/null @@ -1,129 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - - -#ifndef CRYS_RSA_KG_H -#define CRYS_RSA_KG_H - -#include "crys_rsa_types.h" -#include "crys_rnd.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! -@file -@brief Generates a RSA pair of public and private keys. -@defgroup crys_rsa_kg CryptoCell RSA key generation APIs -@{ -@ingroup crys_rsa -*/ - -/************************ Defines ******************************/ - -/* Max allowed size and values of public exponent for key generation in CRYS */ -/*! Maximal public exponent size in bits. */ -#define CRYS_RSA_KG_PUB_EXP_MAX_SIZE_BITS 17 -/*! Definition of public exponent value. */ -#define CRYS_RSA_KG_PUB_EXP_ALLOW_VAL_1 0x000003 -/*! Definition of public exponent value. */ -#define CRYS_RSA_KG_PUB_EXP_ALLOW_VAL_2 0x000011 -/*! Definition of public exponent value. */ -#define CRYS_RSA_KG_PUB_EXP_ALLOW_VAL_3 0x010001 - - - - -/***********************************************************************************************/ - -/*! -@brief CRYS_RSA_KG_GenerateKeyPair generates a Pair of public and private keys on non CRT mode according to [ANS X9.31]. - -\note To be FIPS 186-4 [5.1] compliant use only the following key sizes (in bits): 1024, 2048 and 3072. - -@return CRYS_OK on success. -@return A non-zero value from crys_rsa_error.h or crys_rnd_error.h on failure. - -*/ - -CIMPORT_C CRYSError_t CRYS_RSA_KG_GenerateKeyPair( - void *rndState_ptr, /*!< [in/out] Pointer to the RND state structure. */ - SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to the random vector generation function. */ - uint8_t *pubExp_ptr, /*!< [in] The pointer to the public exponent (public key). */ - uint16_t pubExpSizeInBytes, /*!< [in] The public exponent size in bytes. */ - uint32_t keySize, /*!< [in] The size of the key, in bits. Supported sizes are - 512, 1024, 2048, 3072 and 4096 bit. */ - CRYS_RSAUserPrivKey_t *userPrivKey_ptr, /*!< [out] Pointer to the private key structure. */ - CRYS_RSAUserPubKey_t *userPubKey_ptr, /*!< [out] Pointer to the public key structure. */ - CRYS_RSAKGData_t *keyGenData_ptr, /*!< [in] Pointer to a temporary structure required for the KeyGen operation. */ - CRYS_RSAKGFipsContext_t *pFipsCtx /*!< [in] Pointer to temporary buffer used in case FIPS certification if required. */ -); - -/***********************************************************************************************/ -/*! -@brief Generates a pair of public and private keys on CRT mode according to [ANS X9.31]. - -\note To be FIPS 186-4 [5.1] compliant use only the following key sizes (in bits): 1024, 2048 and 3072. - -@return CRYS_OK on success. -@return A non-zero value from crys_rsa_error.h or crys_rnd_error.h on failure. -*/ - -CIMPORT_C CRYSError_t CRYS_RSA_KG_GenerateKeyPairCRT( - void *rndState_ptr, /*!< [in/out] Pointer to the RND state structure. */ - SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to the random vector generation function. */ - uint8_t *pubExp_ptr, /*!< [in] The pointer to the public exponent (public key). */ - uint16_t pubExpSizeInBytes, /*!< [in] The public exponent size in bytes. */ - uint32_t keySize, /*!< [in] The size of the key, in bits. Supported sizes are - 512, 1024, 2048, 3072 and 4096 bit. */ - CRYS_RSAUserPrivKey_t *userPrivKey_ptr, /*!< [out] Pointer to the private key structure. */ - CRYS_RSAUserPubKey_t *userPubKey_ptr, /*!< [out] Pointer to the public key structure. */ - CRYS_RSAKGData_t *keyGenData_ptr, /*!< [in] Pointer to a temporary structure required for the KeyGen operation. */ - CRYS_RSAKGFipsContext_t *pFipsCtx /*!< [in] Pointer to temporary buffer used in case FIPS certification if required. */ -); - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rsa_prim.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rsa_prim.h deleted file mode 100644 index 2d2c3b4..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rsa_prim.h +++ /dev/null @@ -1,125 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - -#ifndef CRYS_RSA_PRIM_H -#define CRYS_RSA_PRIM_H - -#include "crys_rsa_types.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! -@file -@brief This module defines the API that implements the [PKCS1_2.1] primitive functions. -@defgroup crys_rsa_prim CryptoCell RSA primitive APIs -@{ -@ingroup crys_rsa - - -\note Direct use of primitive functions, rather than schemes to protect data, is strongly discouraged as primitive functions are -susceptible to well-known attacks. -*/ - - - -/**********************************************************************************/ -/*! -@brief Implements the RSAEP algorithm, as defined in [PKCS1_2.1] - 6.1.1. - -@return CRYS_OK on success. -@return A non-zero value from crys_rsa_error.h on failure. - */ -CIMPORT_C CRYSError_t CRYS_RSA_PRIM_Encrypt( - CRYS_RSAUserPubKey_t *UserPubKey_ptr, /*!< [in] Pointer to the public key data structure. */ - CRYS_RSAPrimeData_t *PrimeData_ptr, /*!< [in] Pointer to a temporary structure containing internal buffers. */ - uint8_t *Data_ptr, /*!< [in] Pointer to the data to encrypt. */ - uint16_t DataSize, /*!< [in] The size (in bytes) of input data must be ≤ modulus size. If is smaller, - then the function padds it by zeros on left side up to the modulus size - and therefore, after further decrypt operation, its result will contain - zero-padding also. If the function is used for recovering the plain data - from result of inverse function (CRYS_RSA_PRIM_Decrypt), the input size - must be equal to modulus size exactly. */ - uint8_t *Output_ptr /*!< [out] Pointer to the encrypted data. The buffer size must be ≥ the modulus size. */ -); - - -/**********************************************************************************/ -/*! -@brief Implements the RSADP algorithm, as defined in [PKCS1_2.1] - 6.1.2. - -@return CRYS_OK on success. -@return A non-zero value from crys_rsa_error.h on failure. - -*/ -CIMPORT_C CRYSError_t CRYS_RSA_PRIM_Decrypt( - CRYS_RSAUserPrivKey_t *UserPrivKey_ptr, /*!< [in] Pointer to the private key data structure. - The key representation (pair or quintuple) and hence the RSA algorithm - (CRT or not-CRT) is determined by enum value in the structure - ::CRYS_RSA_Build_PrivKey or ::CRYS_RSA_Build_PrivKeyCRT. */ - CRYS_RSAPrimeData_t *PrimeData_ptr, /*!< [in] Pointer to a temporary structure containing internal buffers required for - the RSA operation. */ - uint8_t *Data_ptr, /*!< [in] Pointer to the data to be decrypted. */ - uint16_t DataSize, /*!< [in] The size (in bytes) of input data must be ≤ modulus size. - If the size is smaller (not recommendet), then the data will be zero-padded - by the function on left side up to the modulus size and therefore, after further - decrypt operation,its result will contain zero-padding also. If the function is used - for recovering the plain data from result of inverse function (CRYS_RSA_PRIM_Encrypt), - the input size must be equal to modulus size exactly. */ - uint8_t *Output_ptr /*!< [out] Pointer to the decrypted data. The buffer size must be ≤ the modulus size. */ -); - - -/*! -@brief Implements the RSASP1 algorithm, as defined in [PKCS1_2.1] - 6.2.1, as a call to ::CRYS_RSA_PRIM_Decrypt, -since the signature primitive is identical to the decryption primitive. -*/ -#define CRYS_RSA_PRIM_Sign CRYS_RSA_PRIM_Decrypt - -/*! -@brief Implements the RSAVP1 algorithm, as defined in [PKCS1_2.1] - 6.2.2, as a call to ::CRYS_RSA_PRIM_Encrypt. -*/ -#define CRYS_RSA_PRIM_Verify CRYS_RSA_PRIM_Encrypt - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rsa_schemes.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rsa_schemes.h deleted file mode 100644 index ab35620..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rsa_schemes.h +++ /dev/null @@ -1,521 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - -#ifndef CRYS_RSA_SCHEMES_H -#define CRYS_RSA_SCHEMES_H - - -#include "crys_error.h" -#include "crys_rsa_types.h" -#include "crys_rnd.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! -@file -@brief This module defines APIs that support [PKCS1_1.5] and [PKCS1_2.1] encryption and signature schemes. -@defgroup crys_rsa_schemes CryptoCell RSA encryption and signature schemes -@{ -@ingroup crys_rsa -*/ - -/**********************************************************************************************************/ -/*! -@brief This function implements the Encrypt algorithm, as defined in [PKCS1_2.1] and [PKCS1_1.5]. - -It should not be called directly. Instead, use macros ::CRYS_RSA_OAEP_Encrypt or ::CRYS_RSA_PKCS1v15_Encrypt. - -@return CRYS_OK on success. -@return A non-zero value from crys_rsa_error.h, crys_rnd_error.h or crys_hash_error.h on failure. -*/ -CIMPORT_C CRYSError_t SaSi_RsaSchemesEncrypt( - void *rndState_ptr, /*!< [in/out] Pointer to the RND state structure. */ - SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to the random vector generation function. */ - CRYS_RSAUserPubKey_t *UserPubKey_ptr, /*!< [in] Pointer to the public key data structure. */ - CRYS_RSAPrimeData_t *PrimeData_ptr, /*!< [in] Pointer to a temporary structure that is internally used as workspace for the - Encryption operation. */ - CRYS_RSA_HASH_OpMode_t hashFunc, /*!< [in] The HASH function to be used. One of the supported SHA-x HASH modes, as defined - in ::CRYS_RSA_HASH_OpMode_t (MD5 is not supported).*/ - uint8_t *L, /*!< [in] The label input pointer. Relevant for [PKCS1_2.1] only. NULL by default. - NULL for [PKCS1_1.5]. */ - uint16_t Llen, /*!< [in] The label length. Relevant for [PKCS1_2.1] only. Zero by default. - Must be <=2048. Zero for [PKCS1_1.5]. */ - CRYS_PKCS1_MGF_t MGF, /*!< [in] The mask generation function. [PKCS1_2.1] defines MGF1, so the only value - allowed here is CRYS_PKCS1_MGF1. */ - uint8_t *DataIn_ptr, /*!< [in] Pointer to the data to encrypt. */ - uint16_t DataInSize, /*!< [in] The size (in bytes) of the data to encrypt. The data size must be: - - For [PKCS1_2.1], DataSize <= modulus size - 2*HashLen - 2. - - For [PKCS1_1.5], DataSize <= modulus size - 11. */ - uint8_t *Output_ptr, /*!< [out] Pointer to the encrypted data. The buffer must be at least modulus size bytes long. */ - CRYS_PKCS1_version PKCS1_ver /*!< [in] [PKCS1_1.5] or [PKCS1_2.1], according to the functionality required. */ -); - -/*! - @brief - CRYS_RSA_OAEP_PSS21_Encrypt implements the RSAES-OAEP algorithm - as defined in PKCS#1 v2.1 8.1. - - \note It is not recommended to use hash MD5 in OAEP PKCS1 ver 2.1, therefore - it is not supported. - - This function combines the RSA encryption primitive and the - EME-OAEP encoding method, to provide an RSA-based encryption - method that is semantically secure against adaptive - chosen-ciphertext attacks. For additional details, please refer to - the PKCS#1 standard. -*/ -#define CRYS_RSA_OAEP_Encrypt(rndState_ptr, rndGenerateVectFunc, UserPubKey_ptr,PrimeData_ptr,HashMode,L,Llen,MGF,Data_ptr,DataSize,Output_ptr)\ - SaSi_RsaSchemesEncrypt(rndState_ptr, rndGenerateVectFunc, UserPubKey_ptr,PrimeData_ptr,HashMode,L,Llen,MGF,Data_ptr,DataSize,Output_ptr,CRYS_PKCS1_VER21) - -/*! - @brief - CRYS_RSA_PKCS1v15_Encrypt implements the RSAES-PKCS1v15 algorithm - as defined in PKCS#1 v2.1 8.2. -*/ -#define CRYS_RSA_PKCS1v15_Encrypt(rndState_ptr, rndGenerateVectFunc, UserPubKey_ptr,PrimeData_ptr,DataIn_ptr,DataInSize,Output_ptr)\ - SaSi_RsaSchemesEncrypt(rndState_ptr, rndGenerateVectFunc, UserPubKey_ptr,PrimeData_ptr,CRYS_RSA_HASH_NO_HASH_mode,NULL,0,CRYS_PKCS1_NO_MGF,DataIn_ptr, \ - DataInSize, Output_ptr,CRYS_PKCS1_VER15) - - -/**********************************************************************************************************/ -/*! -@brief This function implements the Decrypt algorithm, as defined in [PKCS1_2.1] and [PKCS1_1.5]. - -It should not be called directly. Instead, use macros ::CRYS_RSA_OAEP_Decrypt or ::CRYS_RSA_PKCS1v15_Decrypt. - -@return CRYS_OK on success. -@return A non-zero value from crys_rsa_error.h or crys_hash_error.h on failure. -*/ -CIMPORT_C CRYSError_t SaSi_RsaSchemesDecrypt( - CRYS_RSAUserPrivKey_t *UserPrivKey_ptr, /*!< [in] Pointer to the private key data structure of the user. */ - CRYS_RSAPrimeData_t *PrimeData_ptr, /*!< [in] Pointer to a temporary structure that is internally used as workspace - for the decryption operation. */ - CRYS_RSA_HASH_OpMode_t hashFunc, /*!< [in] The HASH function to be used. One of the supported SHA-x HASH modes, - as defined in ::CRYS_RSA_HASH_OpMode_t (MD5 is not supported). */ - uint8_t *L, /*!< [in] The label input pointer. Relevant for [PKCS1_2.1] only. NULL by default. - NULL for [PKCS1_1.5]. */ - uint16_t Llen, /*!< [in] The label length. Relevant for [PKCS1_2.1] only. Zero by default. - Zero for [PKCS1_1.5]. */ - CRYS_PKCS1_MGF_t MGF, /*!< [in] The mask generation function. [PKCS1_2.1] defines MGF1, so the only - value allowed here is CRYS_PKCS1_MGF1. */ - uint8_t *DataIn_ptr, /*!< [in] Pointer to the data to decrypt. */ - uint16_t DataInSize, /*!< [in] The size (in bytes) of the data to decrypt. DataSize must be ≤ - the modulus size. */ - uint8_t *Output_ptr, /*!< [in] Pointer to the decrypted data. The buffer must be at least - PrivKey_ptr->N.len bytes long (i.e. the modulus size in bytes). */ - uint16_t *OutputSize_ptr, /*!< [in] Pointer to the byte size of the buffer pointed to by Output_buffer. - The size must be: -
      • For PKCS #1 v2.1: Modulus size > OutputSize >= - (modulus size - 2*HashLen - 2).
        • -
      • For PKCS #1 v1.5: Modulus size > OutputSize >= (modulus size - 11). - The value pointed by OutputSize_ptr is updated after decryption with - the actual number of bytes that are loaded to Output_ptr.
      */ - CRYS_PKCS1_version PKCS1_ver /*!< [in] [PKCS1_1.5] or [PKCS1_2.1], according to the functionality required. */ -); - -/**********************************************************************************************************/ -/** - @brief - CRYS_RSA_OAEP_Decrypt implements the RSAES-OAEP algorithm - as defined in PKCS#1 v2.1 8.1. - - \note It is not recommended to use hash MD5 in OAEP PKCS1 ver 2.1, therefore - it is not supported. - - This function combines the RSA decryption primitive and the - EME-OAEP encoding method, to provide an RSA-based decryption - method that is semantically secure against adaptive - chosen-ciphertext attacks. For more details, please refer to - the PKCS#1 standard. - -*/ -#define CRYS_RSA_OAEP_Decrypt(UserPrivKey_ptr,PrimeData_ptr,HashMode,L,Llen,MGF,Data_ptr,DataSize,Output_ptr,OutputSize_ptr)\ - SaSi_RsaSchemesDecrypt(UserPrivKey_ptr,PrimeData_ptr,HashMode,L,Llen,MGF,Data_ptr,DataSize,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21) - - -/** - @brief - CRYS_RSA_PKCS1v15_Decrypt implements the RSAES-PKCS1v15 algorithm as defined - in PKCS#1 v2.1 8.2. -*/ -#define CRYS_RSA_PKCS1v15_Decrypt(UserPrivKey_ptr,PrimeData_ptr,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr)\ - SaSi_RsaSchemesDecrypt(UserPrivKey_ptr,PrimeData_ptr,CRYS_RSA_HASH_NO_HASH_mode,NULL,0,CRYS_PKCS1_NO_MGF,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER15) - - -/**********************************************************************************************************/ -/*! -@brief Implements the Signing algorithm, as defined in [PKCS1_1.5] or [PKCS1_2.1], using a single function. - -The input data may be either a non-hashed data or a digest of a hash function. -For a non-hashed data, the input data will be hashed using the hash function indicated by ::CRYS_RSA_HASH_OpMode_t. -For a digest, ::CRYS_RSA_HASH_OpMode_t should indicate the hash function that the input data was created by, and it will not be hashed. - -@return CRYS_OK on success. -@return A non-zero value from crys_rsa_error.h, crys_rnd_error.h or crys_hash_error.h on failure. -*/ -CIMPORT_C CRYSError_t SaSi_RsaSign( - void *rndState_ptr, /*!< [in/out] Pointer to the RND state. */ - SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in/out] Pointer to the RND Generate vector function pointer. */ - CRYS_RSAPrivUserContext_t *UserContext_ptr, /*!< [in] Pointer to a temporary context for internal use. */ - CRYS_RSAUserPrivKey_t *UserPrivKey_ptr, /*!< [in] Pointer to the private key data structure of the user. - The representation (pair or quintuple) and hence the algorithm (CRT or not CRT) - is determined by the Private Key build function - - ::CRYS_RSA_Build_PrivKey or ::CRYS_RSA_Build_PrivKeyCRT. */ - CRYS_RSA_HASH_OpMode_t rsaHashMode, /*!< [in] One of the supported SHA-x HASH modes, as defined in ::CRYS_RSA_HASH_OpMode_t. - (MD5 is not supported). */ - CRYS_PKCS1_MGF_t MGF, /*!< [in] The mask generation function. [PKCS1_2.1] defines only MGF1, so the only value - allowed for [PKCS1_2.1] is CRYS_PKCS1_MGF1. */ - uint16_t SaltLen, /*!< [in] The Length of the Salt buffer (relevant for PKCS#1 Ver 2.1 only, typically lengths is 0 or hash Len). - FIPS 186-4 requires, that SaltLen <= hash len. If SaltLen > KeySize - hash Len - 2, the function - returns an error. */ - uint8_t *DataIn_ptr, /*!< [in] Pointer to the input data to be signed. - The size of the scatter/gather list representing the data buffer is limited to 128 - entries, and the size of each entry is limited to 64KB (fragments larger than - 64KB are broken into fragments <= 64KB). */ - uint32_t DataInSize, /*!< [in] The size (in bytes) of the data to sign. */ - uint8_t *Output_ptr, /*!< [out] Pointer to the signature. The buffer must be at least PrivKey_ptr->N.len bytes - long (i.e. the modulus size in bytes). */ - uint16_t *OutputSize_ptr, /*!< [in/out] Pointer to the signature size value - the input value is the signature - buffer size allocated, the output value is the signature size used. - he buffer must be equal to PrivKey_ptr->N.len bytes long - (i.e. the modulus size in bytes). */ - CRYS_PKCS1_version PKCS1_ver /*!< [in] [PKCS1_1.5] or [PKCS1_2.1], according to the functionality required. */ -); - - -/*! -@brief CRYS_RSA_PKCS1v15_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5. - -This function combines the RSASP1 signature primitive and the EMSA-PKCS1v15 encoding method, to provide an RSA-based signature scheme. -For more details, please refer to the PKCS#1 standard. - */ - -#define CRYS_RSA_PKCS1v15_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,hashFunc,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr)\ - SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(hashFunc),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),(DataInSize),(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15) - - -/*! -@brief CRYS_RSA_PKCS1v15_SHA1_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function - -it assumes that the data in has already been hashed using SHA-1. - -\note The data_in size is already known after the Hash. -*/ -#define CRYS_RSA_PKCS1v15_SHA1_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\ - SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(CRYS_RSA_After_SHA1_mode),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15) - -/*! -@brief CRYS_RSA_PKCS1v15_MD5_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function - -it assumes that the data in has already been hashed using MD5. - -\note The data_in size is already known after the Hash. -*/ - -#define CRYS_RSA_PKCS1v15_MD5_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\ - SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),CRYS_RSA_After_MD5_mode,CRYS_PKCS1_NO_MGF,0,(DataIn_ptr),CRYS_HASH_MD5_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15) - - -/*! -@brief CRYS_RSA_PKCS1v15_SHA224_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function - -it assumes that the data in has already been hashed using SHA-224. - -\note The data_in size is already known after the Hash. -*/ -#define CRYS_RSA_PKCS1v15_SHA224_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\ - SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(CRYS_RSA_After_SHA224_mode),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),CRYS_HASH_SHA224_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15) - - -/*! -@brief CRYS_RSA_PKCS1v15_SHA256_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function - -it assumes that the data in has already been hashed using SHA-256. - -\note The data_in size is already known after the Hash. -*/ -#define CRYS_RSA_PKCS1v15_SHA256_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\ - SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(CRYS_RSA_After_SHA256_mode),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),CRYS_HASH_SHA256_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15) - -/*! -@brief CRYS_RSA_PKCS1v15_SHA1_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function - -it assumes that the data in has already been hashed using SHA-384. - -\note The data_in size is already known after the Hash. -*/ -#define CRYS_RSA_PKCS1v15_SHA384_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\ - SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(CRYS_RSA_After_SHA384_mode),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),CRYS_HASH_SHA384_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15) - - -/*! -@brief CRYS_RSA_PKCS1v15_SHA512_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function - -it assumes that the data in has already been hashed using SHA-512. - -\note The data_in size is already known after the Hash. -*/ -#define CRYS_RSA_PKCS1v15_SHA512_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\ - SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(CRYS_RSA_After_SHA512_mode),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15) - - - -/*! -@brief CRYS_RSA_PSS_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1, in a single function call. - -\note According to the PKCS#1 ver2.1 it is not recommended to use MD5 Hash, therefore it is not supported. - -The actual macro that is used by the user is ::CRYS_RSA_PSS_Sign. -*/ - -#define CRYS_RSA_PSS_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,hashFunc,MGF,SaltLen,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr)\ - SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,hashFunc,MGF,SaltLen,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21) - - -/*! -@brief CRYS_RSA_PSS_SHA1_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1 in a single function call, but without performing a HASH function - -it assumes that the data in has already been hashed using SHA-1. - -\note The data_in size is already known after the Hash. - -The actual macro that is used by the users is ::CRYS_RSA_PSS_SHA1_Sign. -*/ - -#define CRYS_RSA_PSS_SHA1_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\ - SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,CRYS_RSA_After_SHA1_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21) - - -/*! -@brief CRYS_RSA_PSS_SHA224_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1 in a single function call, but without performing a HASH function - -it assumes that the data in has already been hashed using SHA-224. - -\note The data_in size is already known after the Hash. - -The actual macro that is used by the users is ::CRYS_RSA_PSS_SHA224_Sign. -*/ - -#define CRYS_RSA_PSS_SHA224_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\ - SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,CRYS_RSA_After_SHA224_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA224_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21) - - -/*! -@brief CRYS_RSA_PSS_SHA256_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1 in a single function call, but without performing a HASH function - -it assumes that the data in has already been hashed using SHA-256. - -\note The data_in size is already known after the Hash. - -The actual macro that is used by the users is ::CRYS_RSA_PSS_SHA256_Sign. -*/ - -#define CRYS_RSA_PSS_SHA256_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\ - SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,CRYS_RSA_After_SHA256_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA256_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21) - - -/*! -@brief CRYS_RSA_PSS_SHA384_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1 in a single function call, but without performing a HASH function - -it assumes that the data in has already been hashed using SHA-384. - -\note The data_in size is already known after the Hash. - -The actual macro that is used by the users is ::CRYS_RSA_PSS_SHA384_Sign. -*/ - -#define CRYS_RSA_PSS_SHA384_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\ - SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,CRYS_RSA_After_SHA384_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA384_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21) - - -/*! -@brief CRYS_RSA_PSS_SHA512_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1 in a single function call, but without performing a HASH function - -it assumes that the data in has already been hashed using SHA-512. - -\note The data_in size is already known after the Hash. - -The actual macro that is used by the users is ::CRYS_RSA_PSS_SHA512_Sign. -*/ - -#define CRYS_RSA_PSS_SHA512_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\ - SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,CRYS_RSA_After_SHA512_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21) - - -/**********************************************************************************************************/ -/*! -@brief Implements the RSA signature verification algorithms, in a single function call, as defined in referenced standards [PKCS1_1.5] -and [PKCS1_2.1]. - -The input data may be either a non-hashed data or a digest of a hash function. -For a non-hashed data, the input data will be hashed using the hash function indicated by ::CRYS_RSA_HASH_OpMode_t. -For a digest, ::CRYS_RSA_HASH_OpMode_t should indicate the hash function that the input data was created by, and it will not be hashed. - -@return CRYS_OK on success. -@return A non-zero value from crys_rsa_error.h or crys_hash_error.h on failure. -*/ - -CIMPORT_C CRYSError_t SaSi_RsaVerify( - CRYS_RSAPubUserContext_t *UserContext_ptr, /*!< [in] Pointer to a temporary context for internal use. */ - CRYS_RSAUserPubKey_t *UserPubKey_ptr, /*!< [in] Pointer to the public key data structure of the user. */ - CRYS_RSA_HASH_OpMode_t rsaHashMode, /*!< [in] One of the supported SHA-x HASH modes, as defined in ::CRYS_RSA_HASH_OpMode_t. - (MD5 is not supported). */ - CRYS_PKCS1_MGF_t MGF, /*!< [in] The mask generation function. [PKCS1_2.1] defines only MGF1, so the only - value allowed for [PKCS_2.1] is CRYS_PKCS1_MGF1. */ - uint16_t SaltLen, /*!< [in] The Length of the Salt buffer. Relevant only for [PKCS1_2.1]. - Typical lengths are 0 or hash Len (20 for SHA-1). - The maximum length allowed is [modulus size - hash Len - 2]. */ - uint8_t *DataIn_ptr, /*!< [in] Pointer to the input data to be verified. - The size of the scatter/gather list representing the data buffer is - limited to 128 entries, and the size of each entry is limited to 64KB - (fragments larger than 64KB are broken into fragments <= 64KB). */ - uint32_t DataInSize, /*!< [in] The size (in bytes) of the data whose signature is to be verified. */ - uint8_t *Sig_ptr, /*!< [in] Pointer to the signature to be verified. - The length of the signature is PubKey_ptr->N.len bytes - (i.e. the modulus size in bytes). */ - CRYS_PKCS1_version PKCS1_ver /*!< [in] [PKCS1_1.5] or [PKCS1_2.1], according to the functionality required. */ -); - -/*! -@brief CRYS_RSA_PKCS1v15_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5. -*/ -#define CRYS_RSA_PKCS1v15_Verify(UserContext_ptr,UserPubKey_ptr,hashFunc,DataIn_ptr,DataInSize,Sig_ptr)\ - SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,hashFunc,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,DataInSize,Sig_ptr,CRYS_PKCS1_VER15) - - -/*! -@brief CRYS_RSA_PKCS1v15_MD5_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function - -it assumes the DataIn_ptr data has already been hashed using MD5. -*/ -#define CRYS_RSA_PKCS1v15_MD5_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\ - SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_MD5_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_MD5_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15) - - -/*! -@brief CRYS_RSA_PKCS1v15_SHA1_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function - -it assumes that the DataIn_ptr data has already been hashed using SHA1. - -*/ -#define CRYS_RSA_PKCS1v15_SHA1_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\ - SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA1_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15) - -/*! -@brief CRYS_RSA_PKCS1v15_SHA224_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function - -it assumes that the DataIn_ptr data has already been hashed using SHA224. - -*/ -#define CRYS_RSA_PKCS1v15_SHA224_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\ - SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA224_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_SHA224_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15) - -/*! -@brief CRYS_RSA_PKCS1v15_SHA256_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function - -it assumes that the DataIn_ptr data has already been hashed using SHA256. - -*/ -#define CRYS_RSA_PKCS1v15_SHA256_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\ - SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA256_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_SHA256_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15) - -/*! -@brief CRYS_RSA_PKCS1v15_SHA384_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function - -it assumes that the DataIn_ptr data has already been hashed using SHA384. - -*/ -#define CRYS_RSA_PKCS1v15_SHA384_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\ - SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA384_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_SHA384_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15) - -/*! -@brief CRYS_RSA_PKCS1v15_SHA512_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function - -it assumes that the DataIn_ptr data has already been hashed using SHA512. - -*/ -#define CRYS_RSA_PKCS1v15_SHA512_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\ - SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA512_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15) - -/*! -@brief CRYS_RSA_PSS_Verify implements the RSASSA-PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1. -*/ - -#define CRYS_RSA_PSS_Verify(UserContext_ptr,UserPubKey_ptr,hashFunc,MGF,SaltLen,DataIn_ptr,DataInSize,Sig_ptr)\ - SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,hashFunc,MGF,SaltLen,DataIn_ptr,DataInSize,Sig_ptr,CRYS_PKCS1_VER21) - - /*! -@brief CRYS_RSA_PSS_SHA1_Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function - -it assumes the DataIn_ptr has already been hashed using SHA1. - -*/ - -#define CRYS_RSA_PSS_SHA1_Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\ - SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA1_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER21) - - -/*! -@brief CRYS_RSA_PSS_SHA224_Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function - -it assumes the DataIn_ptr has already been hashed using SHA224. -*/ - -#define CRYS_RSA_PSS_SHA224_Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\ - SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA224_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA224_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER21) - -/*! -@brief CRYS_RSA_PSS_SHA256_Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function - -it assumes the DataIn_ptr has already been hashed using SHA256. - -*/ - -#define CRYS_RSA_PSS_SHA256_Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\ - SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA256_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA256_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER21) - - -/*! -@brief CRYS_RSA_PSS_SHA384_Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function - -it assumes the DataIn_ptr has already been hashed using SHA384. - -*/ - -#define CRYS_RSA_PSS_SHA384_Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\ - SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA384_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA384_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER21) - - -/*! -@brief CRYS_RSA_PSS_SHA512_Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function - -it assumes the DataIn_ptr has already been hashed using SHA512. -*/ - -#define CRYS_RSA_PSS_SHA512_Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\ - SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA512_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER21) - -/**********************************************************************************************************/ - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rsa_types.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rsa_types.h deleted file mode 100644 index 4a47c37..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_rsa_types.h +++ /dev/null @@ -1,616 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -#ifndef CRYS_RSA_TYPES_H -#define CRYS_RSA_TYPES_H - -#include "crys_hash.h" -#include "crys_pka_defs_hw.h" -#include "ssi_pal_types.h" -#include "ssi_pal_compiler.h" - -#ifdef DX_SOFT_KEYGEN -#include "ccsw_crys_rsa_shared_types.h" -#endif - - -#ifdef __cplusplus -extern "C" -{ -#endif -/*! -@file -@brief This file contains all of the enums and definitions that are used for the CRYS RSA APIs. -@defgroup crys_rsa_types CryptoCell RSA used definitions and enums -@{ -@ingroup crys_rsa -*/ - -/************************ Defines ******************************/ - -/*! Definition of HASH context size. */ -#define CRYS_PKA_RSA_HASH_CTX_SIZE_IN_WORDS CRYS_HASH_USER_CTX_SIZE_IN_WORDS - -/*! Maximal key size in bytes. */ -#define CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BYTES (CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS / SASI_BITS_IN_BYTE) - -/*! Minimal key size in bits. */ -#define CRYS_RSA_MIN_VALID_KEY_SIZE_VALUE_IN_BITS 512 -/*! Valid key size multiplications in RSA. */ -#define CRYS_RSA_VALID_KEY_SIZE_MULTIPLE_VALUE_IN_BITS 256 - -/*! Maximal RSA generated key size in bits. */ -#define CRYS_RSA_MAX_KEY_GENERATION_SIZE_BITS CRYS_RSA_MAX_KEY_GENERATION_HW_SIZE_BITS - -/* FIPS 184-4 definitions for allowed RSA and FFC DH key sizes */ -/*! FIPS 184-4 allowed key size - 1024 bits. */ -#define CRYS_RSA_FIPS_KEY_SIZE_1024_BITS 1024 -/*! FIPS 184-4 allowed key size - 2048 bits. */ -#define CRYS_RSA_FIPS_KEY_SIZE_2048_BITS 2048 -/*! FIPS 184-4 allowed key size - 3072 bits. */ -#define CRYS_RSA_FIPS_KEY_SIZE_3072_BITS 3072 -/*! FIPS 184-4 allowed modulus size in bits. */ -#define CRYS_RSA_FIPS_MODULUS_SIZE_BITS CRYS_RSA_FIPS_KEY_SIZE_2048_BITS - -/*! FIPS 184-4 DH key size - 1024 bits. */ -#define CRYS_DH_FIPS_KEY_SIZE_1024_BITS 1024 -/*! FIPS 184-4 DH key size - 2048 bits. */ -#define CRYS_DH_FIPS_KEY_SIZE_2048_BITS 2048 - - -/*! Salt length definition - if the salt length is not available in verify operation, the user can use this define and the algorithm will - calculate the salt length alone*/ -/*!\note Security wise: it is not recommended to use this flag.*/ -#define CRYS_RSA_VERIFY_SALT_LENGTH_UNKNOWN 0xFFFF - -/*! Minimal public exponent value */ -#define CRYS_RSA_MIN_PUB_EXP_VALUE 3 -/*! Minimal private exponent value */ -#define CRYS_RSA_MIN_PRIV_EXP_VALUE 1 - -/* The maximum buffer size for the 'H' value */ -/*! Temporary buffer size definition.*/ -#define CRYS_RSA_TMP_BUFF_SIZE (CRYS_RSA_OAEP_ENCODE_MAX_MASKDB_SIZE + CRYS_RSA_OAEP_ENCODE_MAX_SEEDMASK_SIZE + CRYS_PKA_RSA_HASH_CTX_SIZE_IN_WORDS*sizeof(uint32_t) + sizeof(CRYS_HASH_Result_t)) - -/*! Hash structure definition.*/ -#define CRYS_PKCS1_HashFunc_t CRYS_HASH_OperationMode_t - -/*! OAEP maximal H length.*/ -#define CRYS_RSA_OAEP_MAX_HLEN CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES - -/*! MGF1 definitions */ -#define CRYS_RSA_MGF_2_POWER_32 65535 /*!< \internal 0xFFFF This is the 2^32 of the 2^32*hLen boundary check */ -/*! MGF1 definitions */ -#define CRYS_RSA_SIZE_OF_T_STRING_BYTES (CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS*sizeof(uint32_t)) - -/*********************************************************** - * - * RSA PKCS#1 v2.1 DEFINES - * - ***********************************************************/ -/*! Size of OEAP seed. */ -#define CRYS_RSA_OAEP_ENCODE_MAX_SEEDMASK_SIZE CRYS_RSA_OAEP_MAX_HLEN -/*! Maximal PSS salt size. */ -#define CRYS_RSA_PSS_SALT_LENGTH CRYS_RSA_OAEP_MAX_HLEN -/*! PSS padding length. */ -#define CRYS_RSA_PSS_PAD1_LEN 8 - -/*! OAEP encode mask size. */ -#define CRYS_RSA_OAEP_ENCODE_MAX_MASKDB_SIZE (CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS*sizeof(uint32_t)) /*!< \internal For OAEP Encode; the max size is emLen */ -/*! OAEP decode mask size. */ -#define CRYS_RSA_OAEP_DECODE_MAX_DBMASK_SIZE (CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS*sizeof(uint32_t)) /*!< \internal For OAEP Decode; the max size is emLen */ - -/************************ Enums ********************************/ - -/*! Defines the enum for the HASH operation mode. */ -typedef enum -{ - CRYS_RSA_HASH_MD5_mode = 0, /*!< For PKCS1 v1.5 only. The input data will be hashed with MD5 */ - CRYS_RSA_HASH_SHA1_mode = 1, /*!< The input data will be hashed with SHA1. */ - CRYS_RSA_HASH_SHA224_mode = 2, /*!< The input data will be hashed with SHA224. */ - CRYS_RSA_HASH_SHA256_mode = 3, /*!< The input data will be hashed with SHA256. */ - CRYS_RSA_HASH_SHA384_mode = 4, /*!< The input data will be hashed with SHA384. */ - CRYS_RSA_HASH_SHA512_mode = 5, /*!< The input data will be hashed with SHA512. */ - CRYS_RSA_After_MD5_mode = 6, /*!< For PKCS1 v1.5 only. The input data is a digest of MD5 and will not be hashed. */ - CRYS_RSA_After_SHA1_mode = 7, /*!< The input data is a digest of SHA1 and will not be hashed. */ - CRYS_RSA_After_SHA224_mode = 8, /*!< The input data is a digest of SHA224 and will not be hashed. */ - CRYS_RSA_After_SHA256_mode = 9, /*!< The input data is a digest of SHA256 and will not be hashed. */ - CRYS_RSA_After_SHA384_mode = 10, /*!< The input data is a digest of SHA384 and will not be hashed. */ - CRYS_RSA_After_SHA512_mode = 11, /*!< The input data is a digest of SHA512 and will not be hashed. */ - CRYS_RSA_After_HASH_NOT_KNOWN_mode = 12, /*!< \internal used only for PKCS#1 Ver 1.5 - possible to perform verify operation without hash mode input, - the hash mode is derived from the signature.*/ - CRYS_RSA_HASH_NO_HASH_mode = 13, /*!< Used for PKCS1 v1.5 Encrypt and Decrypt.*/ - CRYS_RSA_HASH_NumOfModes, /*!< Maximal number of hash operations modes. */ - - CRYS_RSA_HASH_OpModeLast = 0x7FFFFFFF, /*! Reserved.*/ - -}CRYS_RSA_HASH_OpMode_t; - - -/*! Defines the enum of the RSA decryption mode. */ -typedef enum -{ - CRYS_RSA_NoCrt = 10, /*!< Decryption no CRT mode.*/ - CRYS_RSA_Crt = 11, /*!< Decryption CRT mode.*/ - - CRYS_RSADecryptionNumOfOptions, /*! Reserved.*/ - - CRYS_RSA_DecryptionModeLast= 0x7FFFFFFF, /*! Reserved.*/ - -}CRYS_RSA_DecryptionMode_t; - -/*! RSA Key source definition. */ -typedef enum -{ - CRYS_RSA_ExternalKey = 1, /*!< External key.*/ - CRYS_RSA_InternalKey = 2, /*!< Internal key.*/ - - CRYS_RSA_KeySourceLast= 0x7FFFFFFF, /*!< Reserved. */ - -}CRYS_RSA_KeySource_t; - -/*! MGF values. */ -typedef enum -{ - CRYS_PKCS1_MGF1 = 0, /*! MGF1. */ - CRYS_PKCS1_NO_MGF = 1, /*! No MGF. */ - CRYS_RSA_NumOfMGFFunctions, /*! Maximal number of MGF options. */ - - CRYS_PKCS1_MGFLast= 0x7FFFFFFF, /*! Reserved.*/ - -}CRYS_PKCS1_MGF_t; - -/*! Defines the enum of the various PKCS1 versions. */ -typedef enum -{ - CRYS_PKCS1_VER15 = 0, /*! PKCS1 version 15. */ - CRYS_PKCS1_VER21 = 1, /*! PKCS1 version 21. */ - - CRYS_RSA_NumOf_PKCS1_versions, /*! Maximal number of PKCS versions. */ - - CRYS_PKCS1_versionLast= 0x7FFFFFFF, /*! Reserved.*/ - -}CRYS_PKCS1_version; - - -/*! Enum defining primality testing mode in Rabin-Miller - and Lucas-Lehmer tests (internal tests). */ -typedef enum -{ - /* P and Q primes */ - CRYS_RSA_PRIME_TEST_MODE = 0, /*!< PRIME test. */ - /* FFC (DH, DSA) primes */ - CRYS_DH_PRIME_TEST_MODE = 1, /*!< DH Prime test. */ - - CRYS_RSA_DH_PRIME_TEST_OFF_MODE /*!< Reserved.*/ - -}CRYS_RSA_DH_PrimeTestMode_t; - -/************************ Public and private key database Structs ******************************/ - -/* .................. The public key definitions ...................... */ -/* --------------------------------------------------------------------- */ - -/*! Public key data structure (used internally). */ -typedef struct -{ - /*! RSA modulus buffer. */ - uint32_t n[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; - /*! RSA modulus size in bits. */ - uint32_t nSizeInBits; - - /*! RSA public exponent buffer. */ - uint32_t e[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; - /*! RSA public exponent buffer. */ - uint32_t eSizeInBits; - - /*! Buffer for internal usage.*/ - uint32_t crysRSAIntBuff[CRYS_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS]; - -}CRYSRSAPubKey_t; - -/*! The public key's user structure prototype. This structure must be saved by the user, and is used as input to the RSA functions -(such as ::SaSi_RsaSchemesEncrypt etc.) */ -typedef struct CRYS_RSAUserPubKey_t -{ - /*! Validation tag. */ - uint32_t valid_tag; - /*! Public key data. */ - uint32_t PublicKeyDbBuff[ sizeof(CRYSRSAPubKey_t)/sizeof(uint32_t) + 1 ]; - - -}CRYS_RSAUserPubKey_t; - -/* .................. The private key definitions ...................... */ -/* --------------------------------------------------------------------- */ - -/*! Private key on non-CRT mode data structure (used internally). */ -typedef struct -{ - /*! RSA private exponent buffer. */ - uint32_t d[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; - /*! RSA private exponent size in bits. */ - uint32_t dSizeInBits; - - /*! RSA public exponent buffer. */ - uint32_t e[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; - /*! RSA public exponent size in bits. */ - uint32_t eSizeInBits; - -}CRYSRSAPrivNonCRTKey_t; - -/*! Private key on CRT mode data structure (used internally). */ -#ifndef CRYS_NO_RSA_SMALL_CRT_BUFFERS_SUPPORT -/* use small CRT buffers */ -typedef struct -{ - /*! First factor buffer. */ - uint32_t P[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS/2]; - /*! First factor size in bits. */ - uint32_t PSizeInBits; - - /*! Second factor buffer. */ - uint32_t Q[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS/2]; - /*! Second factor size in bits. */ - uint32_t QSizeInBits; - - /*! First CRT exponent buffer. */ - uint32_t dP[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS/2]; - /*! First CRT exponent size in bits. */ - uint32_t dPSizeInBits; - - /*! Second CRT exponent buffer. */ - uint32_t dQ[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS/2]; - /*! Second CRT exponent size in bits. */ - uint32_t dQSizeInBits; - - /*! First CRT coefficient buffer. */ - uint32_t qInv[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS/2]; - /*! First CRT coefficient size in bits. */ - uint32_t qInvSizeInBits; - -}CRYSRSAPrivCRTKey_t; - -/*! Size of CRYSRSAPrivCRTKey_t structure in words (used for temp buffers allocation). */ -#define CRYS_RSA_SIZE_IN_WORDS_OF_CRYSRSAPrivCRTKey_t (CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS*7/2 + 5) - -#else /* use large CRT buffers */ -typedef struct -{ - /* The first factor buffer and size in bits */ - uint32_t P[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; - uint32_t PSizeInBits; - - /* The second factor buffer and its size in bits */ - uint32_t Q[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; - uint32_t QSizeInBits; - - /* The first CRT exponent buffer and its size in bits */ - uint32_t dP[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; - uint32_t dPSizeInBits; - - /* The second CRT exponent buffer and its size in bits */ - uint32_t dQ[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; - uint32_t dQSizeInBits; - - /* The first CRT coefficient buffer and its size in bits */ - uint32_t qInv[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; - uint32_t qInvSizeInBits; - -}CRYSRSAPrivCRTKey_t; - -/* size of CRYSRSAPrivCRTKey_t structure in words (used for temp buffers allocation) */ -#define CRYS_RSA_SIZE_IN_WORDS_OF_CRYSRSAPrivCRTKey_t (CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS*5 + 5) - -#endif - -/*! Private key data structure (used internally). */ -typedef struct -{ - /*! RSA modulus buffer. */ - uint32_t n[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; - /*! RSA modulus size in bits. */ - uint32_t nSizeInBits; - - /*! Decryption operation mode. */ - CRYS_RSA_DecryptionMode_t OperationMode; - - /*! Key source ( internal or external ). */ - CRYS_RSA_KeySource_t KeySource; - - - /*! Union between the CRT and non-CRT data structures. */ - union - { - CRYSRSAPrivNonCRTKey_t NonCrt; /*!< Non CRT data structure. */ - CRYSRSAPrivCRTKey_t Crt; /*!< CRT data structure. */ - }PriveKeyDb; - - /*! Internal buffer. */ - uint32_t crysRSAPrivKeyIntBuff[CRYS_PKA_PRIV_KEY_BUFF_SIZE_IN_WORDS]; - -}CRYSRSAPrivKey_t; - -/*! The private key's user structure prototype. This structure must be saved by the user, and is used as input to the RSA functions -(such as ::SaSi_RsaSchemesDecrypt etc.). */ -typedef struct CRYS_RSAUserPrivKey_t -{ - /*! Validation tag.*/ - uint32_t valid_tag; - /*! Private key data. */ - uint32_t PrivateKeyDbBuff[ sizeof(CRYSRSAPrivKey_t)/sizeof(uint32_t) + 1 ] ; - -}CRYS_RSAUserPrivKey_t; - -/*! Temporary buffers for RSA usage. */ -typedef struct CRYS_RSAPrimeData_t -{ - /* The aligned input and output data buffers */ - uint32_t DataIn[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; /*!< Temporary buffer for data in.*/ - uint32_t DataOut[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; /*!< Temporary buffer for data out.*/ - /*! Temporary buffer for internal data.*/ - uint8_t InternalBuff[CRYS_RSA_TMP_BUFF_SIZE] SASI_PAL_COMPILER_ALIGN (4); - -}CRYS_RSAPrimeData_t; - -/*! KG data type. */ -typedef union CRYS_RSAKGData_t -{ - /*! RSA Key Generation buffers definitions. */ - struct - { - /* The aligned input and output data buffers */ - /*! First factor buffer. */ - uint32_t p[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS / 2]; - /*! Second factor buffer. */ - uint32_t q[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS / 2]; - union { - /*! Internal buffer. */ - uint32_t crysRSAKGDataIntBuff[CRYS_PKA_KGDATA_BUFF_SIZE_IN_WORDS]; - #ifdef DX_SOFT_KEYGEN - /* # added for compatibility with size of KGData SW type */ - uint32_t TempbuffExp[PKI_KEY_GEN_TEMP_BUFF_SIZE_WORDS]; - #endif - }kg_buf; - }KGData; - - /*! Buffers for internal usage. */ - union { - /*! Internally used buffer.*/ - struct { - CRYS_RSAPrimeData_t PrimData; - }primExt; - #ifdef DX_SOFT_KEYGEN - /* # added for compatibility with size of SW CRYSRSAPrivKey_t type */ - SW_Shared_CRYS_RSAPrimeData_t SW_Shared_PrimData; - #endif - }prim; -}CRYS_RSAKGData_t; - - /************* - * RSA contexts - **************/ -/************************ CRYS RSA struct for Private Key ******************************/ - -/*! Context definition for operations that use the RSA private key. */ -typedef struct -{ - - /*! Private key data. */ - CRYS_RSAUserPrivKey_t PrivUserKey; - - /*! RSA PKCS#1 Version 1.5 or 2.1 */ - uint8_t PKCS1_Version; - - /*! MGF to be used for the PKCS1 Ver 2.1 sign or verify operations. */ - uint8_t MGF_2use; - - /*! Salt random length for PKCS#1 PSS Ver 2.1*/ - uint16_t SaltLen; - - /*! Internal buffer. */ - CRYS_RSAPrimeData_t PrimeData; - - /*! HASH context buffer. */ - uint32_t CRYSPKAHashCtxBuff[CRYS_PKA_RSA_HASH_CTX_SIZE_IN_WORDS]; - /*! HASH result buffer. */ - CRYS_HASH_Result_t HASH_Result; - /*! HASH result size in words. */ - uint16_t HASH_Result_Size; /*in words*/ - /*! RSA HASH operation mode (all modes RSA supports).*/ - CRYS_RSA_HASH_OpMode_t RsaHashOperationMode; /*RSA HASH enum. */ - /*! HASH operation mode.*/ - CRYS_HASH_OperationMode_t HashOperationMode; /*CRYS HASH enum. */ - /*! HASH block size (in words).*/ - uint16_t HashBlockSize; /*in words*/ - /*! HASH flag. */ - bool doHash; - - /* Used for sensitive data manipulation in the context space, which is safer and which saves stack space */ - /*! Internal buffer.*/ - uint32_t EBD[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; - /*! Internal bufffer used size in bits. */ - uint32_t EBDSizeInBits; - - /* Used for sensitive data manipulation in the context space, which is safer and which saves stack space */ - /*! Internal buffer.*/ - uint8_t T_Buf[CRYS_RSA_SIZE_OF_T_STRING_BYTES]; - /*! Internal buffer used size.*/ - uint16_t T_BufSize; - - /*! Buffer for the use of the Ber encoder in the case of PKCS#1 Ver 1.5. */ - uint32_t BER[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; - /*! Ber encoder buffer size.*/ - uint16_t BERSize; - - /*! Internal buffer.*/ - uint8_t DummyBufAESBlockSize[16]; - -}RSAPrivContext_t; - -/*! The user's context prototype - the argument type that is passed by the user - to the RSA APIs. The context saves the state of the operation and must be saved by the user - till the end of the APIs flow . */ -typedef struct CRYS_RSAPrivUserContext_t -{ - /*! Validation tag. */ - uint32_t valid_tag; - /*! Internally used value.*/ - uint32_t AES_iv; - /*! Private data context buffer. */ - uint8_t context_buff[ sizeof(RSAPrivContext_t) + sizeof(uint32_t)] SASI_PAL_COMPILER_ALIGN (4); /* must be aligned to 4 */ - -}CRYS_RSAPrivUserContext_t; - - -/************************ CRYS RSA struct for Public Key ******************************/ - -/*! Context definition for operations that use the RSA public key. */ -typedef struct -{ - - /*! RSA public key structure. */ - CRYS_RSAUserPubKey_t PubUserKey; - - /*! Public key size in bytes */ - uint32_t nSizeInBytes; - - /*! RSA PKCS#1 Version 1.5 or 2.1 */ - uint8_t PKCS1_Version; - - /*! MGF to be used for the PKCS1 Ver 2.1 Sign or Verify operations */ - uint8_t MGF_2use; - - /*! Salt random length for PKCS#1 PSS Ver 2.1*/ - uint16_t SaltLen; - - /*! Internal buffer. */ - CRYS_RSAPrimeData_t PrimeData; - - /*! HASH context. */ - uint32_t CRYSPKAHashCtxBuff[CRYS_PKA_RSA_HASH_CTX_SIZE_IN_WORDS]; - /*! HASH result buffer. */ - CRYS_HASH_Result_t HASH_Result; - /*! HASH result size. */ - uint16_t HASH_Result_Size; /* denotes the length, in words, of the hash function output */ - /*! RSA HASH operation mode (all modes RSA supports). */ - CRYS_RSA_HASH_OpMode_t RsaHashOperationMode; /*RSA HASH enum. */ - /*! HASH operation mode. */ - CRYS_HASH_OperationMode_t HashOperationMode; /*CRYS HASH enum. */ - /*! HASH block size. */ - uint16_t HashBlockSize; /*in words*/ - /*! HASH flag.*/ - bool doHash; - - /* Used for sensitive data manipulation in the context space, which is safer and which saves stack space */ - /*! Internal buffer.*/ - uint32_t EBD[CRYS_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS]; - /*! Internal bufffer used size in bits. */ - uint32_t EBDSizeInBits; - - /* Used for sensitive data manipulation in the context space, which is safer and which saves stack space */ - /*! Internal buffer.*/ - uint8_t T_Buf[CRYS_RSA_SIZE_OF_T_STRING_BYTES]; - /*! Internal buffer used size.*/ - uint16_t T_BufSize; - - /*! Internal buffer.*/ - uint8_t DummyBufAESBlockSize[16]; - -}RSAPubContext_t; - -/*! Temporary buffers for the RSA usage. */ -typedef struct CRYS_RSAPubUserContext_t -{ - /*! Validation tag. */ - uint32_t valid_tag; - /*! Internally used value.*/ - uint32_t AES_iv; /* For the use of the AES CBC mode of Encryption and Decryption of the context in CCM */ - /*! Public data context buffer. */ - uint32_t context_buff[ sizeof(RSAPubContext_t)/sizeof(uint32_t) + 1] ; - -}CRYS_RSAPubUserContext_t; - - - -/*! Required for internal FIPS verification for RSA key generation. */ -typedef struct CRYS_RSAKGFipsContext_t{ - /*! Internal buffer. */ - CRYS_RSAPrimeData_t primData; - /*! Buffer used for decryption. */ - uint8_t decBuff[((CRYS_RSA_MIN_VALID_KEY_SIZE_VALUE_IN_BITS/SASI_BITS_IN_BYTE) - 2*(CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES) -2)]; - /*! Buffer used for encryption. */ - uint8_t encBuff[CRYS_RSA_FIPS_MODULUS_SIZE_BITS/SASI_BITS_IN_BYTE]; -}CRYS_RSAKGFipsContext_t; - -/*! Required for internal FIPS verification for RSA KAT. The RSA KAT tests defined for scheme 2.1 with modulus key size of 2048. */ -typedef struct CRYS_RSAFipsKatContext_t{ - /*! RSA user's key (either public or private).*/ - union { - /*! RSA user's public key. */ - CRYS_RSAUserPubKey_t userPubKey; // used for RsaEnc and RsaVerify - /*! RSA user's private key. */ - CRYS_RSAUserPrivKey_t userPrivKey; // used for RsaDec and RsaSign - }userKey; - /*! RSA user's context (either public or private).*/ - union { - /*! RSA user's private context. */ - CRYS_RSAPrivUserContext_t userPrivContext; // used for RsaSign - /*! RSA public user's context. */ - CRYS_RSAPubUserContext_t userPubContext; // used for RsaVerify - /*! Internal buffers. */ - CRYS_RSAPrimeData_t primData; // used for RsaEnc and RsaDec - }userContext; - /*! RSA user's data. */ - union { - struct { // used for RsaEnc and RsaDec - /*! Buffer for encrypted data. */ - uint8_t encBuff[CRYS_RSA_FIPS_MODULUS_SIZE_BITS/SASI_BITS_IN_BYTE]; - /*! Buffer for decrypted data. */ - uint8_t decBuff[((CRYS_RSA_FIPS_MODULUS_SIZE_BITS/SASI_BITS_IN_BYTE) - 2*(CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES) -2)]; - }userOaepData; - /*! Buffer for Signed data. */ - uint8_t signBuff[CRYS_RSA_FIPS_MODULUS_SIZE_BITS/SASI_BITS_IN_BYTE]; // used for RsaSign and RsaVerify - }userData; -}CRYS_RSAFipsKatContext_t; - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_srp.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_srp.h deleted file mode 100644 index 20ca556..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_srp.h +++ /dev/null @@ -1,375 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -/*! -@file -@brief This file contains all of the enums and definitions that are used for the - CRYS SRP APIs, as well as the APIs themselves. -@defgroup crys_srp CryptoCell SRP APIs -@{ -@ingroup cryptocell_api - -*/ -#ifndef CRYS_SRP_H -#define CRYS_SRP_H - - -#include "ssi_pal_types.h" -#include "crys_error.h" -#include "crys_pka_defs_hw.h" -#include "crys_hash.h" -#include "crys_rnd.h" - - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*!\internal The following describes the SRP APIs usage for the Device and the Accessory :* - - Device (User) Accessory (Host) -* -------------- ----------------- - - 1. CRYS_SRP_HK_INIT(CRYS_SRP_USER, .......) CRYS_SRP_HK_INIT(CRYS_SRP_HOST, .....) - - 2. CRYS_SRP_PwdVerCreate(..) - - 3. CRYS_SRP_UserPubKeyCreate(..) CRYS_SRP_HostPubKeyCreate(..) - - 4. CRYS_SRP_UserProofCalc(..) - - 5. CRYS_SRP_HostProofVerifyAndCalc(..) - - 6. CRYS_SRP_UserProofVerify(..) - - 7. CRYS_SRP_Clear(..) CRYS_SRP_Clear(..) - - */ - -/************************ Defines ******************************/ -/*! The SRP modulus sizes. */ -/*! 1024 bits modulus size. */ -#define CRYS_SRP_MODULUS_SIZE_1024_BITS 1024 -/*! 1536 bits modulus size. */ -#define CRYS_SRP_MODULUS_SIZE_1536_BITS 1536 -/*! 2048 bits modulus size. */ -#define CRYS_SRP_MODULUS_SIZE_2048_BITS 2048 -/*! 3072 bits modulus size. */ -#define CRYS_SRP_MODULUS_SIZE_3072_BITS 3072 - -/*! Maximal modulus size in bits. */ -#define CRYS_SRP_MAX_MODULUS_IN_BITS CRYS_SRP_MODULUS_SIZE_3072_BITS -/*! Maximal modulus size in bytes. */ -#define CRYS_SRP_MAX_MODULUS (CRYS_SRP_MAX_MODULUS_IN_BITS/SASI_BITS_IN_BYTE) -/*! Maximal modulus size in words. */ -#define CRYS_SRP_MAX_MODULUS_IN_WORDS (CRYS_SRP_MAX_MODULUS_IN_BITS/SASI_BITS_IN_32BIT_WORD) - -/*! The SRP private number size range. */ -/*! Minimal private number size in bits. */ -#define CRYS_SRP_PRIV_NUM_MIN_SIZE_IN_BITS (256) -/*! Minimal private number size in bytes. */ -#define CRYS_SRP_PRIV_NUM_MIN_SIZE (CRYS_SRP_PRIV_NUM_MIN_SIZE_IN_BITS/SASI_BITS_IN_BYTE) -/*! Minimal private number size in words. */ -#define CRYS_SRP_PRIV_NUM_MIN_SIZE_IN_WORDS (CRYS_SRP_PRIV_NUM_MIN_SIZE_IN_BITS/SASI_BITS_IN_32BIT_WORD) -/*! Maximal private number size in bits. */ -#define CRYS_SRP_PRIV_NUM_MAX_SIZE_IN_BITS (CRYS_SRP_MAX_MODULUS_IN_BITS) -/*! Maximal private number size in bytes. */ -#define CRYS_SRP_PRIV_NUM_MAX_SIZE (CRYS_SRP_PRIV_NUM_MAX_SIZE_IN_BITS/SASI_BITS_IN_BYTE) -/*! Maximal private number size in words. */ -#define CRYS_SRP_PRIV_NUM_MAX_SIZE_IN_WORDS (CRYS_SRP_PRIV_NUM_MAX_SIZE_IN_BITS/SASI_BITS_IN_32BIT_WORD) - -/*! Maximal SRP HASH digest size in words. */ -#define CRYS_SRP_MAX_DIGEST_IN_WORDS CRYS_HASH_RESULT_SIZE_IN_WORDS -/*! Maximal SRP HASH digest size in bytes. */ -#define CRYS_SRP_MAX_DIGEST (CRYS_SRP_MAX_DIGEST_IN_WORDS*SASI_32BIT_WORD_SIZE) - -/*! Minimal salt size in bytes. */ -#define CRYS_SRP_MIN_SALT_SIZE (8) -/*! Minimal salt size in words. */ -#define CRYS_SRP_MIN_SALT_SIZE_IN_WORDS (CRYS_SRP_MIN_SALT_SIZE/SASI_32BIT_WORD_SIZE) -/*! Maximal salt size in bytes. */ -#define CRYS_SRP_MAX_SALT_SIZE (64) -/*! Maximal salt size in words. */ -#define CRYS_SRP_MAX_SALT_SIZE_IN_WORDS (CRYS_SRP_MAX_SALT_SIZE/SASI_32BIT_WORD_SIZE) - -/************************ Typedefs ****************************/ -/*! SRP modulus buffer definition. */ -typedef uint8_t CRYS_SRP_Modulus_t[CRYS_SRP_MAX_MODULUS]; - -/*! SRP digest buffer definition. */ -typedef uint8_t CRYS_SRP_Digest_t[CRYS_SRP_MAX_DIGEST]; - -/*! SRP secret buffer definition. */ -typedef uint8_t CRYS_SRP_Secret_t[2*CRYS_SRP_MAX_DIGEST]; - -/************************ Enums ********************************/ - -/*! -SRP supported versions -*/ -typedef enum { - CRYS_SRP_VER_3 = 0, /*!< VER 3. */ - CRYS_SRP_VER_6 = 1, /*!< VER 6. */ - CRYS_SRP_VER_6A = 2, /*!< VER 6A. */ - CRYS_SRP_VER_HK = 3, /*!< VER 6A. */ - /*! Maximal number of supported versions.*/ - CRYS_SRP_NumOfVersions, - /*! Reserved.*/ - CRYS_SRP_VersionLast= 0x7FFFFFFF, - -}CRYS_SRP_Version_t; - -/*! -SRP entity type -*/ -typedef enum { - CRYS_SRP_HOST = 1, /*!< Host entity, called also server, verifier, or Accessory in Home-Kit */ - CRYS_SRP_USER = 2, /*!< User entity, called also client, or Device in Home-Kit */ - /*! Maximal number of entities types.*/ - CRYS_SRP_NumOfEntityType, - /*! Reserved.*/ - CRYS_SRP_EntityLast= 0x7FFFFFFF, - -}CRYS_SRP_Entity_t; - -/************************ Structs ******************************/ - -/*! Group parameters for the SRP - defines the modulus and the generator used */ -typedef struct CRYS_SRP_GroupParam_t { - /*! SRP modulus.*/ - CRYS_SRP_Modulus_t modulus; - /*! SRP generator.*/ - uint8_t gen; - /*! SRP modulus size in bits .*/ - size_t modSizeInBits; - /*! SRP valid Np.*/ - uint32_t validNp; - /*! SRP Np buffer.*/ - uint32_t Np[CRYS_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS]; -}CRYS_SRP_GroupParam_t; - -/************************ context Structs ******************************/ -/*! The SRP context prototype */ -typedef struct CRYS_SRP_Context_t { - /*! SRP entitiy type.*/ - CRYS_SRP_Entity_t srpType; - /*! SRP version.*/ - CRYS_SRP_Version_t srpVer; - /*! Group parameter including the modulus information.*/ - CRYS_SRP_GroupParam_t groupParam; // N, g, Np - /*! Hash mode.*/ - CRYS_HASH_OperationMode_t hashMode; - /*! Hash digest size.*/ - size_t hashDigestSize; - /*! Pointer to RND state.*/ - CRYS_RND_State_t *pRndState; - /*! Pointer to random vector generation function.*/ - SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc; - /*! Modulus.*/ - CRYS_SRP_Modulus_t ephemPriv; // a or b - /*! Modulus size.*/ - size_t ephemPrivSize; - /*! User name digest.*/ - CRYS_SRP_Digest_t userNameDigest; // M - /*! Cred digest.*/ - CRYS_SRP_Digest_t credDigest; // p - /*! SRP K multiplier. */ // - CRYS_SRP_Digest_t kMult; // k multiplier -}CRYS_SRP_Context_t; - - -/************************ SRP common Functions **********************/ -/****************************************************************************************************/ -/*! -@brief This function initiates the SRP context. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_srp_error.h or crys_hash_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_SRP_Init( - CRYS_SRP_Entity_t srpType, /*!< [in] SRP entity type. */ - CRYS_SRP_Version_t srpVer, /*!< [in] SRP version. */ - CRYS_SRP_Modulus_t srpModulus, /*!< [in] A pointer to the SRP modulus, BE byte buffer. */ - uint8_t srpGen, /*!< [in] The SRP generator param. */ - size_t modSizeInBits, /*!< [in] The SRP modulus size in bits:1024, 1536, 2048 & 3072 */ - CRYS_HASH_OperationMode_t hashMode, /*!< [in] Enumerator defining the HASH mode. */ - uint8_t *pUserName, /*!< [in] A Pointer to user name. */ - size_t userNameSize, /*!< [in] The user name buffer size > 0. */ - uint8_t *pPwd, /*!< [in] A Pointer to user password. */ - size_t pwdSize, /*!< [in] The user password buffer size > 0 if pPwd is valid. */ - void *pRndState, /*!< [in] A Pointer to RND context.*/ - SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to random vector generation function.*/ - CRYS_SRP_Context_t *pCtx /*!< [out] A Pointer to the SRP host context.*/ -); - -/*! MACRO definition for a specific SRP initialization function.*/ -#define CRYS_SRP_HK_INIT(srpType, srpModulus, srpGen, modSizeInBits, pUserName, userNameSize, pPwd, pwdSize, pRndState, rndGenerateVectFunc, pCtx) \ - CRYS_SRP_Init(srpType, CRYS_SRP_VER_HK, srpModulus, srpGen, modSizeInBits, CRYS_HASH_SHA512_mode, pUserName, userNameSize, pPwd, pwdSize, pRndState, rndGenerateVectFunc, pCtx) - - -/****************************************************************************************************/ -/*! -@brief This function calculates pSalt & password verifier - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_srp_error.h, crys_rnd_error.h or crys_hash_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_SRP_PwdVerCreate( - size_t saltSize, /*!< [in] The size of the random salt to generate, - The range is between CRYS_SRP_MIN_SALT_SIZE - to CRYS_SRP_MAX_SALT_SIZE. */ - uint8_t *pSalt, /*!< [out] A Pointer to the pSalt number (s).*/ - CRYS_SRP_Modulus_t pwdVerifier, /*!< [out] A Pointer to the password verifier (v). */ - CRYS_SRP_Context_t *pCtx /*!< [out] A Pointer to the SRP context.*/ -); - - -/****************************************************************************************************/ -/*! -@brief Clears the SRP context. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_srp_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_SRP_Clear( - CRYS_SRP_Context_t *pCtx /*!< [in/out] A Pointer to the SRP context.*/ -); - - -/************************ SRP Host Functions **********************/ -/****************************************************************************************************/ -/*! -@brief This function generates host public & private ephemeral key, known as B & b in RFC - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_srp_error.h or crys_rnd_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_SRP_HostPubKeyCreate( - size_t ephemPrivSize, /*!< [in] The size of the generated ephemeral private key (b). - The range is between CRYS_SRP_PRIV_NUM_MIN_SIZE to - CRYS_SRP_PRIV_NUM_MAX_SIZE */ - CRYS_SRP_Modulus_t pwdVerifier, /*!< [in] A Pointer to the verifier (v). */ - CRYS_SRP_Modulus_t hostPubKeyB, /*!< [out] A Pointer to the host ephemeral public key (B). */ - CRYS_SRP_Context_t *pCtx /*!< [in/out] A Pointer to the SRP context.*/ -); - - -/*! -@brief Verifies the user Proof and calculates the Host message proof. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_srp_error.h or crys_hash_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_SRP_HostProofVerifyAndCalc( - size_t saltSize, /*!< [in] The size of the random salt, - The range is between CRYS_SRP_MIN_SALT_SIZE - to CRYS_SRP_MAX_SALT_SIZE. */ - uint8_t *pSalt, /*!< [in] A Pointer to the pSalt number.*/ - CRYS_SRP_Modulus_t pwdVerifier, /*!< [in] A Pointer to the password verifier (v). */ - CRYS_SRP_Modulus_t userPubKeyA, /*!< [in] A Pointer to the user ephemeral public key (A). */ - CRYS_SRP_Modulus_t hostPubKeyB, /*!< [in] A Pointer to the host ephemeral public key (B). */ - CRYS_SRP_Digest_t userProof, /*!< [in] A Pointer to the SRP user proof buffer (M1).*/ - CRYS_SRP_Digest_t hostProof, /*!< [out] A Pointer to the SRP host proof buffer (M2).*/ - CRYS_SRP_Secret_t sharedSecret, /*!< [out] A Pointer to the SRP shared secret (K).*/ - CRYS_SRP_Context_t *pCtx /*!< [in] A Pointer to the SRP context.*/ -); - - - -/************************ SRP User Functions **********************/ -/****************************************************************************************************/ -/*! -@brief This function generates user public & private ephemeral key, known as A & a in RFC - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_srp_error.h or crys_rnd_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_SRP_UserPubKeyCreate( - size_t ephemPrivSize, /*!< [in] The size of the generated ephemeral private key (a). - The range is between CRYS_SRP_PRIV_NUM_MIN_SIZE to - CRYS_SRP_PRIV_NUM_MAX_SIZE */ - CRYS_SRP_Modulus_t userPubKeyA, /*!< [out] A Pointer to the user ephemeral public key (A). */ - CRYS_SRP_Context_t *pCtx /*!< [in/out] A Pointer to the SRP context.*/ -); - - -/****************************************************************************************************/ -/*! -@brief This function calculates the user proof. - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_srp_error.h or crys_hash_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_SRP_UserProofCalc( - size_t saltSize, /*!< [in] The size of the random salt, - The range is between CRYS_SRP_MIN_SALT_SIZE - to CRYS_SRP_MAX_SALT_SIZE. */ - uint8_t *pSalt, /*!< [in] A Pointer to the pSalt number.*/ - CRYS_SRP_Modulus_t userPubKeyA, /*!< [in] A Pointer to the user public ephmeral key (A).*/ - CRYS_SRP_Modulus_t hostPubKeyB, /*!< [in] A Pointer to the host public ephmeral key (B).*/ - CRYS_SRP_Digest_t userProof, /*!< [out] A Pointer to the SRP user proof buffer (M1).*/ - CRYS_SRP_Secret_t sharedSecret, /*!< [out] A Pointer to the SRP shared secret (K).*/ - CRYS_SRP_Context_t *pCtx /*!< [out] A Pointer to the SRP context.*/ -); - -/****************************************************************************************************/ -/*! -@brief This function verifies the host proof - -@return CRYS_OK on success. -@return A non-zero value on failure as defined crys_srp_error.h or crys_hash_error.h. -*/ -CIMPORT_C CRYSError_t CRYS_SRP_UserProofVerify( - CRYS_SRP_Secret_t sharedSecret, /*!< [in] A Pointer to the SRP shared secret (K).*/ - CRYS_SRP_Modulus_t userPubKeyA, /*!< [in] A Pointer to the user public ephmeral key (A).*/ - CRYS_SRP_Digest_t userProof, /*!< [in] A Pointer to the SRP user proof buffer (M1).*/ - CRYS_SRP_Digest_t hostProof, /*!< [in] A Pointer to the SRP host proof buffer (M2).*/ - CRYS_SRP_Context_t *pCtx /*!< [out] A Pointer to the SRP user context.*/ -); - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif /* #ifndef CRYS_SRP_H */ - - - - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_srp_error.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_srp_error.h deleted file mode 100644 index a710746..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/crys_srp_error.h +++ /dev/null @@ -1,91 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -#ifndef CRYS_SRP_ERROR_H -#define CRYS_SRP_ERROR_H - - -#include "crys_error.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! -@file -@brief This module contains the definitions of the CRYS SRP errors. -@defgroup crys_srp_error CryptoCell SRP specific errors -@{ -@ingroup crys_srp -*/ - - - -/************************ Defines ******************************/ - -/*! The CRYS SRP module errors base address - 0x00F02600. */ -/*! Illegal parameter. */ -#define CRYS_SRP_PARAM_INVALID_ERROR (CRYS_SRP_MODULE_ERROR_BASE + 0x01UL) -/*! Illegal modulus size . */ -#define CRYS_SRP_MOD_SIZE_INVALID_ERROR (CRYS_SRP_MODULE_ERROR_BASE + 0x02UL) -/*! Illegal state (uninitialized) . */ -#define CRYS_SRP_STATE_UNINITIALIZED_ERROR (CRYS_SRP_MODULE_ERROR_BASE + 0x03UL) -/*! Result validation error. */ -#define CRYS_SRP_RESULT_ERROR (CRYS_SRP_MODULE_ERROR_BASE + 0x04UL) -/*! Invalid parameter. */ -#define CRYS_SRP_PARAM_ERROR (CRYS_SRP_MODULE_ERROR_BASE + 0x05UL) -/*! Internal PKI error */ -#define CRYS_SRP_PKI_INTERNAL_ERROR (CRYS_SRP_MODULE_ERROR_BASE + 0x06UL) - -/************************ Enums ********************************/ - -/************************ Typedefs ****************************/ - -/************************ Structs *****************************/ - -/************************ Public Variables *********************/ - -/************************ Public Functions *********************/ - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/driver_defs.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/driver_defs.h deleted file mode 100644 index bc49e7e..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/driver_defs.h +++ /dev/null @@ -1,354 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - -#ifndef _DRIVER_DEFS_H_ -#define _DRIVER_DEFS_H_ - -#ifdef __KERNEL__ -#include -#define INT32_MAX 0x7FFFFFFFL -#else -#include -#endif - -#ifndef min -#define min(a, b) ((a) < (b) ? (a) : (b)) -#endif - -/****************************************************************************** -* TYPE DEFINITIONS -******************************************************************************/ -typedef uint32_t drvError_t; - -typedef enum aesMode { - CIPHER_NULL_MODE = -1, - CIPHER_ECB = 0, - CIPHER_CBC = 1, - CIPHER_CTR = 2, - CIPHER_CBC_MAC = 3, - CIPHER_CMAC = 7, - CIPHER_RESERVE32B = INT32_MAX -}aesMode_t; - -typedef enum hashMode { - HASH_NULL_MODE = -1, - HASH_SHA1 = 0, - HASH_SHA256 = 1, - HASH_SHA224 = 2, - HASH_SHA512 = 3, - HASH_SHA384 = 4, - HASH_RESERVE32B = INT32_MAX -}hashMode_t; - -typedef enum DataBlockType { - FIRST_BLOCK, - MIDDLE_BLOCK, - LAST_BLOCK, - RESERVE32B_BLOCK = INT32_MAX -}DataBlockType_t; - -typedef enum dataAddrType { - SRAM_ADDR = 0, - DLLI_ADDR = 1, - ADDR_RESERVE32B = INT32_MAX -}dataAddrType_t; - -typedef enum cryptoDirection { - CRYPTO_DIRECTION_ENCRYPT = 0, - CRYPTO_DIRECTION_DECRYPT = 1, - - CRYPTO_DIRECTION_NUM_OF_ENC_MODES, - CRYPTO_DIRECTION_RESERVE32B = INT32_MAX -}cryptoDirection_t; - -typedef enum cryptoKeyType { - RKEK_KEY = 0, - USER_KEY = 1, - PROVISIONING_KEY = 2, - SESSION_KEY = 3, - END_OF_KEYS = INT32_MAX, -}cryptoKeyType_t; - -typedef enum cryptoPaddingType { - CRYPTO_PADDING_NONE = 0, - CRYPTO_PADDING_PKCS7 = 1, - CRYPTO_PADDING_RESERVE32B = INT32_MAX -}cryptoPaddingType_t; - -typedef enum chachaNonceSize { - NONCE_SIZE_64 = 0, - NONCE_SIZE_96 = 1, - NONCE_SIZE_RESERVE32B = INT32_MAX -}chachaNonceSize_t; - -/* The IOT drviers base address */ -#define DRV_MODULE_ERROR_BASE 0x00F00000 -#define AES_DRV_MODULE_ERROR_BASE (DRV_MODULE_ERROR_BASE + 0x10000UL) -#define HASH_DRV_MODULE_ERROR_BASE (DRV_MODULE_ERROR_BASE + 0x20000UL) -#define HMAC_DRV_MODULE_ERROR_BASE (DRV_MODULE_ERROR_BASE + 0x30000UL) -#define BYPASS_DRV_MODULE_ERROR_BASE (DRV_MODULE_ERROR_BASE + 0x40000UL) -#define CHACHA_DRV_MODULE_ERROR_BASE (DRV_MODULE_ERROR_BASE + 0x50000UL) - - -/****************************************************************************** -* AES DEFINITIONS -******************************************************************************/ - -#define AES_BLOCK_SIZE 16 -#define AES_BLOCK_SIZE_WORDS (AES_BLOCK_SIZE >> 2) -#define AES_IV_SIZE 16 -#define AES_IV_SIZE_WORDS (AES_IV_SIZE >> 2) -#define AES_128_BIT_KEY_SIZE 16 -#define AES_128_BIT_KEY_SIZE_WORDS (AES_128_BIT_KEY_SIZE >> 2) - - -#define ENABLE_AES_CLOCK 0x1UL -#define DISABLE_AES_CLOCK 0x0UL - -#define CONFIG_DIN_AES_DOUT_VAL 0x1UL - -/* The CRYS AES module errors */ -#define AES_DRV_OK 0 -#define AES_DRV_INVALID_USER_CONTEXT_POINTER_ERROR (AES_DRV_MODULE_ERROR_BASE + 0x00UL) -#define AES_DRV_ILLEGAL_OPERATION_MODE_ERROR (AES_DRV_MODULE_ERROR_BASE + 0x01UL) -#define AES_DRV_ILLEGAL_OPERATION_DIRECTION_ERROR (AES_DRV_MODULE_ERROR_BASE + 0x02UL) -#define AES_DRV_ILLEGAL_INPUT_ADDR_MEM_ERROR (AES_DRV_MODULE_ERROR_BASE + 0x03UL) -#define AES_DRV_ILLEGAL_OUTPUT_ADDR_MEM_ERROR (AES_DRV_MODULE_ERROR_BASE + 0x04UL) -#define AES_DRV_ILLEGAL_MEM_SIZE_ERROR (AES_DRV_MODULE_ERROR_BASE + 0x05UL) - - -/****************************************************************************** -* HASH & HMAC DEFINITIONS -******************************************************************************/ - -/************************ Typedefs ****************************/ -typedef drvError_t (*llf_hash_init_operation_func)(void *); -typedef drvError_t (*llf_hash_update_operation_func)(void *, uint32_t inputDataAddr, uint32_t dataInSize); -typedef drvError_t (*llf_hash_finish_operation_func)(void *); - - -/* The SHA-1 digest result size */ -#define SHA1_DIGEST_SIZE_IN_WORDS 5 -#define SHA1_DIGEST_SIZE_IN_BYTES (SHA1_DIGEST_SIZE_IN_WORDS * sizeof(uint32_t)) - -/* The SHA-256 digest result size*/ -#define SHA224_DIGEST_SIZE_IN_WORDS 7 -#define SHA224_DIGEST_SIZE_IN_BYTES (SHA224_DIGEST_SIZE_IN_WORDS * sizeof(uint32_t)) - -/* The SHA-256 digest result size */ -#define SHA256_DIGEST_SIZE_IN_WORDS 8 -#define SHA256_DIGEST_SIZE_IN_BYTES (SHA256_DIGEST_SIZE_IN_WORDS * sizeof(uint32_t)) - -/* The SHA-384 digest result size*/ -#define SHA384_DIGEST_SIZE_IN_WORDS 12 -#define SHA384_DIGEST_SIZE_IN_BYTES (SHA384_DIGEST_SIZE_IN_WORDS * sizeof(uint32_t)) - -/* The SHA-512 digest result size in bytes */ -#define SHA512_DIGEST_SIZE_IN_WORDS 16 -#define SHA512_DIGEST_SIZE_IN_BYTES (SHA512_DIGEST_SIZE_IN_WORDS * sizeof(uint32_t)) - - -#define MAX_DIGEST_SIZE_WORDS SHA512_DIGEST_SIZE_IN_WORDS - -/* Hash driver registers configurations */ -#define ENABLE_HASH_CLOCK 0x1UL -#define DISABLE_HASH_CLOCK 0x0UL - -#define HW_HASH_CTL_SHA1_VAL 0x0001UL -#define HW_HASH_CTL_SHA256_VAL 0x0002UL -#define HW_HASH_LE_MODE_VAL 0x0001UL -#define HW_HASH_PAD_EN_VAL 0x1UL - -/* The SHA1 hash block size in words */ -#define HASH_BLOCK_SIZE_IN_WORDS 16 -#define HASH_BLOCK_SIZE_IN_BYTES (HASH_BLOCK_SIZE_IN_WORDS * sizeof(uint32_t)) - -/* The SHA2 hash block size in words */ -#define HASH_SHA512_BLOCK_SIZE_IN_WORDS 32 -#define HASH_SHA512_BLOCK_SIZE_IN_BYTES (HASH_SHA512_BLOCK_SIZE_IN_WORDS * sizeof(uint32_t)) - -#define CONFIG_HASH_MODE_VAL 0x7UL - -/* the MAC key IPAD and OPAD bytes */ -#define MAC_KEY_IPAD_BYTE 0x36 -#define MAC_KEY_OPAD_BYTE 0x5C - -#define HMAC_CONTEXT_VALIDATION_TAG 0x23456789 - -/* The CRYS HASH module errors */ -#define HASH_DRV_OK 0 -#define HASH_DRV_INVALID_USER_CONTEXT_POINTER_ERROR (HASH_DRV_MODULE_ERROR_BASE + 0x00UL) -#define HASH_DRV_ILLEGAL_OPERATION_MODE_ERROR (HASH_DRV_MODULE_ERROR_BASE + 0x01UL) -#define HASH_DRV_USER_CONTEXT_CORRUPTED_ERROR (HASH_DRV_MODULE_ERROR_BASE + 0x02UL) - -/* The CRYS HMAC module errors */ -#define HMAC_DRV_OK 0 -#define HMAC_DRV_INVALID_USER_CONTEXT_POINTER_ERROR (HMAC_DRV_MODULE_ERROR_BASE + 0x00UL) - - -/* SHA512 soft driver */ - -/* The first padding byte */ -#define LLF_HASH_FIRST_PADDING_BYTE 0x80 -/* The size at the end of the padding for SHA384 and SHA512 */ -#define LLF_HASH_SHA2_COUNTER_SIZE_ON_END_OF_PADDING_IN_BYTES (4 * sizeof(uint32_t)) -#define LLF_HASH_SHA2_COUNTER_SIZE_ON_END_OF_PADDING_IN_WORDS 4 - -/* the HASH user context validity TAG */ -#define HASH_CONTEXT_VALIDATION_TAG 0x12345678 - -/****************************************************************************** -* BYPASS DEFINITIONS -******************************************************************************/ - -#define CONFIG_DIN_BYPASS_DOUT_VAL 0 - -/* The CRYS BYPASS module errors */ -#define BYPASS_DRV_OK 0 -#define BYPASS_DRV_ILLEGAL_BLOCK_SIZE_ERROR (BYPASS_DRV_MODULE_ERROR_BASE + 0x01UL) -#define BYPASS_DRV_ILLEGAL_INPUT_ADDR_MEM_ERROR (BYPASS_DRV_MODULE_ERROR_BASE + 0x02UL) -#define BYPASS_DRV_ILLEGAL_OUTPUT_ADDR_MEM_ERROR (BYPASS_DRV_MODULE_ERROR_BASE + 0x03UL) - -/****************************************************************************** -* CHACHA DEFINITIONS -******************************************************************************/ - -#define CHACHA_BLOCK_SIZE_BYTES 64 -#define CHACHA_BLOCK_SIZE_WORDS (CHACHA_BLOCK_SIZE_BYTES >> 2) -#define CHACHA_NONCE_64_SIZE_BYTES 8 -#define CHACHA_NONCE_64_SIZE_WORDS (CHACHA_NONCE_64_SIZE_BYTES >> 2) -#define CHACHA_NONCE_96_SIZE_BYTES 12 -#define CHACHA_NONCE_96_SIZE_WORDS (CHACHA_NONCE_96_SIZE_BYTES >> 2) -#define CHACHA_256_BIT_KEY_SIZE 32 -#define CHACHA_256_BIT_KEY_SIZE_WORDS (CHACHA_256_BIT_KEY_SIZE >> 2) - -#define ENABLE_CHACHA_CLOCK 0x1UL -#define DISABLE_CHACHA_CLOCK 0x0UL - -#define CONFIG_DIN_CHACHA_DOUT_VAL 0x10UL - -/* The CRYS CHACHA module errors */ -#define CHACHA_DRV_OK 0 -#define CHACHA_DRV_INVALID_USER_CONTEXT_POINTER_ERROR (CHACHA_DRV_MODULE_ERROR_BASE + 0x00UL) -#define CHACHA_DRV_ILLEGAL_OPERATION_DIRECTION_ERROR (CHACHA_DRV_MODULE_ERROR_BASE + 0x01UL) -#define CHACHA_DRV_ILLEGAL_INPUT_ADDR_MEM_ERROR (CHACHA_DRV_MODULE_ERROR_BASE + 0x02UL) -#define CHACHA_DRV_ILLEGAL_OUTPUT_ADDR_MEM_ERROR (CHACHA_DRV_MODULE_ERROR_BASE + 0x03UL) -#define CHACHA_DRV_ILLEGAL_MEM_SIZE_ERROR (CHACHA_DRV_MODULE_ERROR_BASE + 0x04UL) -#define CHACHA_DRV_ILLEGAL_NONCE_SIZE_ERROR (CHACHA_DRV_MODULE_ERROR_BASE + 0x05UL) - - -/****************************************************************************** -* MACROS -******************************************************************************/ -/* This MACRO purpose is to switch from CryptoCell definitions to crypto driver definitions, the MACRO assumes that the value is legal (encrypt or decrypt only) */ -#define SASI_2_DRIVER_DIRECTION(ssiDirection) ((ssiDirection == SASI_AES_ENCRYPT) ? (CRYPTO_DIRECTION_ENCRYPT) : (CRYPTO_DIRECTION_DECRYPT)) - -/* Poll on the DOUT MEM DMA (DLLI) busy till it is = 0 */ -#define SASI_HAL_WAIT_ON_DOUT_MEM_DMA_BUSY()\ - do {\ - uint32_t regVal=1;\ - do {\ - regVal = SASI_HAL_READ_REGISTER( SASI_REG_OFFSET(HOST_RGF, DOUT_MEM_DMA_BUSY));\ - }while( regVal ); \ - }while(0) - -/* Poll on the DIN MEM DMA (DLLI) busy till it is = 0 */ -#define SASI_HAL_WAIT_ON_DIN_MEM_DMA_BUSY()\ - do {\ - uint32_t regVal=1;\ - do {\ - regVal = SASI_HAL_READ_REGISTER( SASI_REG_OFFSET(HOST_RGF, DIN_MEM_DMA_BUSY));\ - }while( regVal );\ - }while(0) - -/* Poll on the DOUT SRAM DMA busy till it is = 0 */ -#define SASI_HAL_WAIT_ON_DOUT_SRAM_DMA_BUSY()\ - do {\ - uint32_t regVal=1; \ - do {\ - regVal = SASI_HAL_READ_REGISTER( SASI_REG_OFFSET(HOST_RGF, DOUT_SRAM_DMA_BUSY));\ - }while( regVal );\ - }while(0) - -/* Poll on the DIN SRAM busy till it is = 0 */ -#define SASI_HAL_WAIT_ON_DIN_SRAM_DMA_BUSY()\ - do {\ - uint32_t regVal=1;\ - do {\ - regVal = SASI_HAL_READ_REGISTER( SASI_REG_OFFSET(HOST_RGF, DIN_SRAM_DMA_BUSY));\ - }while( regVal );\ - }while(0) - - -/* Poll on the AES busy till it is = 0 */ -#define SASI_HAL_WAIT_ON_AES_BUSY()\ - do {\ - uint32_t regVal=1;\ - do {\ - regVal = SASI_HAL_READ_REGISTER( SASI_REG_OFFSET(HOST_RGF, AES_BUSY));\ - }while( regVal );\ - }while(0) - -/* Poll on the HASH busy till it is = 0 */ -#define SASI_HAL_WAIT_ON_HASH_BUSY()\ - do {\ - uint32_t regVal=1;\ - do {\ - regVal = SASI_HAL_READ_REGISTER( SASI_REG_OFFSET(HOST_RGF, HASH_BUSY));\ - }while( regVal );\ - }while(0) - -/* Poll on the CHACHA busy till it is = 0 */ -#define SASI_HAL_WAIT_ON_CHACHA_BUSY() \ - do { \ - uint32_t regVal=1; \ - do { \ - regVal = SASI_HAL_READ_REGISTER( SASI_REG_OFFSET(HOST_RGF, CHACHA_BUSY)); \ - }while( regVal ); \ - }while(0) - -/* Poll on the crypto busy till it is = 0 */ -#define SASI_HAL_WAIT_ON_CRYPTO_BUSY()\ - do {\ - uint32_t regVal=1;\ - do {\ - regVal = SASI_HAL_READ_REGISTER( SASI_REG_OFFSET(HOST_RGF, CRYPTO_BUSY));\ - }while( regVal );\ - }while(0) - - -#endif /* _DRIVER_DEFS_H_ */ - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/sns_silib.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/sns_silib.h deleted file mode 100644 index 6a1502a..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/sns_silib.h +++ /dev/null @@ -1,113 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -/*! -@file -@brief This file contains all of the enums and definitions that are used for the - CryptoCell Lib init and finish APIs, as well as the APIs themselves. -@defgroup sns_silib CryptoCell library basic APIs -@{ -@ingroup cryptocell_api - -*/ - -#ifndef __SNS_SILIB_H__ -#define __SNS_SILIB_H__ - -#include "ssi_pal_types.h" -#include "crys_rnd.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! Definitions for error returns from SaSi_LibInit or SaSi_LibFini functions. */ -typedef enum { - SA_SILIB_RET_OK = 0, /*!< Success defintion.*/ - SA_SILIB_RET_EINVAL_CTX_PTR, /*!< Illegal context pointer.*/ - SA_SILIB_RET_EINVAL_WORK_BUF_PTR, /*!< Illegal work buffer pointer.*/ - SA_SILIB_RET_HAL, /*!< Error returned from HAL layer.*/ - SA_SILIB_RET_PAL, /*!< Error returned from PAL layer.*/ - SA_SILIB_RET_RND_INST_ERR, /*!< RND instantiation faied.*/ - SA_SILIB_RET_EINVAL_HW_VERSION, /*!< Invalid HW version. */ - SA_SILIB_RET_EINVAL_HW_SIGNATURE, /*!< Invalid HW signature. */ - SA_SILIB_RESERVE32B = 0x7FFFFFFFL /*!< Reserved.*/ -} SA_SilibRetCode_t; - - -/*! Internal defintion for the product register. */ -#define DX_VERSION_PRODUCT_BIT_SHIFT 0x18UL -/*! Internal defintion for the product register size. */ -#define DX_VERSION_PRODUCT_BIT_SIZE 0x8UL - - - -/*! -@brief This function Perform global initialization of the ARM CryptoCell 3xx runtime library; -it must be called once per ARM CryptoCell for 3xx cold boot cycle. -Among other initializations, this function calls CRYS_RND_Instantiation and CRYS_RND_SetGenerateVectorFunc -to initialize the TRNG and the primary RND context. An initialized RND context is required for calling RND -APIs and asymmetric cryptography key generation and signatures. The primary context returned by this -function can be used as a single global context for all RND needs. Alternatively, other contexts may -be initialized and used with a more limited scope (for specific applications or specific threads). -\note The Mutexes, if used, are initialized by this API. Therefore, unlike the other APIs in the library, -this API is not thread-safe. -@return SA_SILIB_RET_OK on success. -@return A non-zero value in case of failure. -*/ -SA_SilibRetCode_t SaSi_LibInit(void *rnd_ctx, /*!< [in/out] Pointer to the RND state buffer, - allocated by the user. - This state must be saved and provided as parameter to any API that - uses the RND module.*/ - CRYS_RND_WorkBuff_t *rndWorkBuff_ptr /*!< [in] Scratchpad for the RND module's work. */); - -/*! -@brief This function finalize the library operations. It frees the associated resources (mutexes) and call hal and pal terminate functions. -the function also call CRYS_RND_UnInstantiation to clean the rnd state. -@return SA_SILIB_RET_OK on success. -@return A non-zero value in case of failure. -*/ -SA_SilibRetCode_t SaSi_LibFini(void *rnd_ctx /*!< [in/out] Pointer to the RND state buffer that was - initialized in SaSi_LibInit.*/); - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif /*__DX_CCLIB_H__*/ - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_aes.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_aes.h deleted file mode 100644 index ccd50ab..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_aes.h +++ /dev/null @@ -1,325 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -/*! @file -@brief This file contains all of the enums and definitions that are used for the -CryptoCell AES APIs, as well as the APIs themselves. -@defgroup ssi_aes CryptoCell AES APIs -@{ -@ingroup cryptocell_api -*/ - -#ifndef SSI_AES_H -#define SSI_AES_H - -#include "ssi_pal_types.h" -#include "ssi_aes_error.h" -#include "ssi_aes_defs.h" - - -#ifdef __cplusplus -extern "C" -{ -#endif - -/************************ Defines ******************************/ - - -/************************ Enums ********************************/ - -/*! -Encrypt or Decrypt operation mode. -*/ -typedef enum { - /*! Encrypt operation. */ - SASI_AES_ENCRYPT = 0, - /*! Decrypt operation. */ - SASI_AES_DECRYPT = 1, - /*! Maximal number of operations. */ - SASI_AES_NUM_OF_ENCRYPT_MODES, - /*! Reserved. */ - SASI_AES_ENCRYPT_MODE_LAST = 0x7FFFFFFF -}SaSiAesEncryptMode_t; - -/*! -AES operation mode. -*/ -typedef enum { - SASI_AES_MODE_ECB = 0, /*!< ECB mode. */ - SASI_AES_MODE_CBC = 1, /*!< CBC mode. */ - SASI_AES_MODE_CBC_MAC = 2, /*!< CBC-MAC mode. */ - SASI_AES_MODE_CTR = 3, /*!< CTR mode. */ - SASI_AES_MODE_XCBC_MAC = 4, /*!< XCBC-MAC mode. */ - SASI_AES_MODE_CMAC = 5, /*!< CMAC mode. */ - SASI_AES_MODE_XTS = 6, /*!< XTS mode. */ - SASI_AES_MODE_CBC_CTS = 7, /*!< CBC-CTS mode. */ - SASI_AES_MODE_OFB = 8, /*!< OFB mode. */ - - /*! Maximal number of AES modes */ - SASI_AES_NUM_OF_OPERATION_MODES, - /*! Reserved. */ - SASI_AES_OPERATION_MODE_LAST = 0x7FFFFFFF -}SaSiAesOperationMode_t; - -/*! -AES padding type. -*/ -typedef enum { - SASI_AES_PADDING_NONE = 0, /*!< No padding. */ - SASI_AES_PADDING_PKCS7 = 1, /*!< PKCS7 padding. */ - - /*! Maximal number of AES padding modes */ - SASI_AES_NUM_OF_PADDING_TYPES, - /*! Reserved. */ - SASI_AES_PADDING_TYPE_LAST = 0x7FFFFFFF -}SaSiAesPaddingType_t; - -/*! -AES key type. -*/ -typedef enum { - SASI_AES_USER_KEY = 0, /*!< user key. */ - SASI_AES_PLATFORM_KEY = 1, /*!< Kplt hardware key. */ - SASI_AES_CUSTOMER_KEY = 2, /*!< Kcst hardware key. */ - - /*! Maximal number of AES key types */ - SASI_AES_NUM_OF_KEY_TYPES, - /*! Reserved. */ - SASI_AES_KEY_TYPE_LAST = 0x7FFFFFFF -}SaSiAesKeyType_t; - -/************************ Typedefs ****************************/ - -/*! Defines the IV buffer - 16 bytes array. */ -typedef uint8_t SaSiAesIv_t[SASI_AES_IV_SIZE_IN_BYTES]; - -/*! Defines the AES key data buffer. */ -typedef uint8_t SaSiAesKeyBuffer_t[SASI_AES_KEY_MAX_SIZE_IN_BYTES]; - -/************************ Structs ******************************/ - -/*! The user's context prototype - the argument type that is passed by the user - to the AES APIs. The context saves the state of the operation and must be saved by the user - till the end of the APIs flow*/ -typedef struct SaSiAesUserContext_t { - /*! Context buffer for internal usage. */ - uint32_t buff[SASI_AES_USER_CTX_SIZE_IN_WORDS]; -}SaSiAesUserContext_t; - - -/*! AES User Key Data. */ -typedef struct SaSiAesUserKeyData_t { - uint8_t * pKey; /*!< Pointer to the key. */ - size_t keySize; /*!< The key size in bytes. Valid values: -
      • For XTS mode - 32 or 64 byte, indicating the full size of the double key (2x128 or 2x256 bit).
        • -
      • For XCBC-MAC mode - 16 byte (limited by the standard).
        • -
      • For all other modes - 16, 24 or 32 byte.
      */ -}SaSiAesUserKeyData_t; - -/*! AES HW Key Data - this structure is likely to be changed when we'll start using it. */ -typedef struct SaSiAesHwKeyData_t { - size_t slotNumber; /*!< Slot number. */ -}SaSiAesHwKeyData_t; - - -/************************ Functions *****************************/ - -/*! -@brief This function is used to initialize an AES operation context. - To operate the AES machine, this must be the first API called. - -@return SASI_OK on success, -@return A non-zero value from ssi_aes_error.h on failure. -*/ -CIMPORT_C SaSiError_t SaSi_AesInit( - SaSiAesUserContext_t * pContext, /*!< [in] Pointer to the AES context buffer that is allocated by the caller and initialized by this API. - Should be used in all subsequent calls that are part of the same operation. */ - SaSiAesEncryptMode_t encryptDecryptFlag, /*!< [in] A flag specifying whether an AES Encrypt (SASI_AES_Encrypt) or Decrypt (SASI_AES_Decrypt) operation should be performed. - Must be set to CRYS_AES_Encrypt in CBC-MAC, XCBC-MAC and CMAC modes. */ - SaSiAesOperationMode_t operationMode, /*!< [in] The operation cipher/mode. */ - SaSiAesPaddingType_t paddingType /*!< [in] The padding type for AES operation: -
      • NONE - supported for all operation modes.
        • -
      • PKCS7 - supported for ECB, CBC, CBC-MAC operation modes.
      */ -); - - -/*! -@brief This function sets the key information for the AES operation, in the context that was initialized by SaSi_AesInit. -\note When FIPS certification mode is set to ON, and the mode is AES-XTS, weak keys are not allowed (128/256 lsb bits must be -different than 128/256 msb bits, according to the key size). -@return SASI_OK on success, -@return A non-zero value from ssi_aes_error.h on failure. -*/ -CIMPORT_C SaSiError_t SaSi_AesSetKey( - SaSiAesUserContext_t * pContext, /*!< [in] Pointer to the AES context, after it was initialized by SaSi_AesInit. */ - SaSiAesKeyType_t keyType, /*!< [in] The type of key to be used for the AES operation. - Currently only SASI_AES_USER_KEY is supported - the key is plaintext and provided in the pKeyData parameter. */ - void * pKeyData, /*!< [in] Pointer to the key data structure (to be casted to the relevant struct type). */ - size_t keyDataSize /*!< [in] The size of data passed in pKeyData in bytes. */ -); - - -/*! -@brief This function sets the IV, counter or tweak data for the following AES operation on the same context. - The context must be first initialized by SaSi_AesInit. - It must be called at least once prior to the first SaSi_AesBlock operation on the same context - for those ciphers that require it. - If needed, it can also be called to override the IV in the middle of a sequence of SaSi_AesBlock operations. - -@return SASI_OK on success, -@return A non-zero value from ssi_aes_error.h on failure. -*/ -CIMPORT_C SaSiError_t SaSi_AesSetIv( - SaSiAesUserContext_t * pContext, /*!< [in] Pointer to the AES context. */ - SaSiAesIv_t pIV /*!< [in] Pointer to the buffer of the IV, counter or tweak. -
      • For CBC, CBC-CTS, OFB and CBC-MAC modes - the IV value.
        • -
      • For CTR mode - the counter.
        • -
      • For XTS mode - the tweak value.
        • -
      • For all other modes - N/A.
      */ -); - - -/*! -@brief This function retrieves the current IV, counter or tweak from the AES context. - -@return SASI_OK on success, -@return A non-zero value from ssi_aes_error.h on failure. -*/ -CIMPORT_C SaSiError_t SaSi_AesGetIv( - SaSiAesUserContext_t * pContext, /*!< [in] Pointer to the AES context. */ - SaSiAesIv_t pIV /*!< [out] Pointer to the buffer of the IV, counter or tweak. -
      • For CBC, CBC-CTS, OFB and CBC-MAC modes - the IV value.
        • -
      • For CTR mode - the counter.
        • -
      • For XTS mode - the tweak value.
        • -
      • For all other modes - N/A.
      */ -); - - -/*! -@brief This function performs an AES operation on an input data buffer, according to the configuration defined in the context parameter. - It can be called as many times as needed, until all the input data is processed. - SaSi_AesInit, SaSi_AesSetKey, and for some ciphers SaSi_AesSetIv, must be called before - the first call to this API with the same context. - -@return SASI_OK on success, -@return A non-zero value from ssi_aes_error.h on failure. -*/ -CIMPORT_C SaSiError_t SaSi_AesBlock( - SaSiAesUserContext_t * pContext, /*!< [in] Pointer to the AES context. */ - uint8_t * pDataIn, /*!< [in] Pointer to the buffer of the input data to the AES. The pointer does not need to be aligned. - For TZ, the size of the scatter/gather list representing the data buffer is limited to 128 entries, - and the size of each entry is limited to 64KB (fragments larger than 64KB are broken into fragments <= 64KB). - For ARM CryptoCell 3xx, The buffer must be contiguous and limited to 64KB. */ - size_t dataInSize, /*!< [in] Size of the input data in bytes. -
      • For all modes except XTS, must be multiple of 16 bytes.
        • -
      • For XTS mode, only the following data sizes are supported: 64, 512, 520, 521, 1024 and 4096 bytes. - The data passed in a single SaSi_AesBlock call is considered to be a single XTS unit. - All subsequent calls to this API with the same context must use the same data size.
      */ - uint8_t * pDataOut /*!< [out] Pointer to the output buffer. The pointer does not need to be aligned. - For CBC-MAC, XCBC-MAC, CMAC modes it may be NULL. - For TZ, the size of the scatter/gather list representing the data buffer is limited to 128 entries, - and the size of each entry is limited to 64KB (fragments larger than 64KB are broken into fragments <= 64KB). - For ARM CryptoCell 3xx, The buffer must be contiguous and limited to 64KB. */ -); - - -/*! -@brief This function is used to finish AES operation. - - It processes the last data block if needed, finalizes the AES operation (cipher-specific), - and produces operation results (for MAC operations). - \note In case AES padding is used (PKCS#7) Din and Dout user's buffers must include extra space for - the padding scheme. - -@return SASI_OK on success, -@return A non-zero value from ssi_aes_error.h on failure. -*/ -CIMPORT_C SaSiError_t SaSi_AesFinish( - SaSiAesUserContext_t * pContext, /*!< [in] Pointer to the AES context. */ - size_t dataSize, /*!< [in] The size of the input data in bytes. -
      • For CBC-CTS mode, must be > 16. Can be <=16 only if this is the only data (no previous calls were - made to SaSi_AesBlock with the same context).
        • -
      • For XTS mode, the data size must conform to the dataInSize rules as listed for XTS under the - SaSi_AesBlock API, and match the data size passed in the previous calls to SaSi_AesBlock with the - same context.
        • -
      • For all other modes, zero is a valid size.
        • -
      • For ECB, CBC, CBC-MAC modes:
        • -
        • Must be >= 0, if direction is SASI_AES_ENCRYPT and padding type is SASI_AES_PADDING_PKCS7.
          • -
        • Must be >= 16 and a multiple of 16 bytes, if direction is SASI_AES_DECRYPT and padding type - is SASI_AES_PADDING_PKCS7.
          • -
        • Must be a multiple of 16 bytes, otherwise.
      */ - uint8_t * pDataIn, /*!< [in] Pointer of the input data buffer. - For TZ, the size of the scatter/gather list representing the data buffer is limited to 128 entries, - and the size of each entry is limited to 64KB (fragments larger than 64KB are broken into fragments <= 64KB). - For ARM CryptoCell 3xx, The buffer must be contiguous and limited to 64KB. */ - size_t dataInBuffSize, /*!< [in] Size of pDataIn buffer in bytes. -
      • Must be >= dataSize.
        • -
      • According to padding type, must be >= dataSize + padding. For PKCS7, padding size is - maximum SASI_AES_BLOCK_SIZE_IN_BYTES.
      */ - uint8_t * pDataOut, /*!< [out] Pointer to the output buffer. - For TZ, the size of the scatter/gather list representing the data buffer is limited to 128 entries, - and the size of each entry is limited to 64KB (fragments larger than 64KB are broken into fragments <= 64KB). - For ARM CryptoCell 3xx, The buffer must be contiguous and limited to 64KB. */ - size_t * dataOutBuffSize /*!< [in,out] In - Size of pDataOut buffer in bytes. - The output buffer size must be no less than: -
      • For CBC-MAC, XCBC-MAC, CMAC modes - 16 bytes (for MAC result).
        • -
      • For non-MAC modes - dataInBuffSize.
      - Out - The size in bytes of the actual output data: -
      • If direction is SASI_AES_ENCRYPT and padding type is SASI_AES_PADDING_PKCS7, it is the actual size - with the padding.
        • -
      • If direction is SASI_AES_DECRYPT and padding type is SASI_AES_PADDING_PKCS7, it is the size without - the padding.
        • -
      • For CBC-MAC, XCBC-MAC, CMAC modes - always 16 bytes.
      */ -); - - -/*! -@brief This function releases and crears resources after AES operations. - -@return SASI_OK on success, -@return A non-zero value from ssi_aes_error.h on failure. -*/ -CIMPORT_C SaSiError_t SaSi_AesFree( - SaSiAesUserContext_t * pContext /*!< [in] Pointer to the AES context. */ -); - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif /* #ifndef SSI_AES_H */ - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_aes_defs.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_aes_defs.h deleted file mode 100644 index 02789d0..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_aes_defs.h +++ /dev/null @@ -1,83 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -/*! -@file -@brief This file contains definitions that are used for the ARM CryptoCell 3xx version of the CryptoCell AES APIs. -@defgroup ssi_aes_defs CryptoCell AES definitions -@{ -@ingroup ssi_aes - -*/ - -#ifndef SSI_AES_DEFS_H -#define SSI_AES_DEFS_H - -#include "ssi_pal_types.h" - - -#ifdef __cplusplus -extern "C" -{ -#endif - -/************************ Defines ******************************/ - -/*! The size of the user's context prototype (see ::SaSiAesUserContext_t) in words. */ -#define SASI_AES_USER_CTX_SIZE_IN_WORDS (4+4+7+4) - -/*! The AES block size in words. */ -#define SASI_AES_BLOCK_SIZE_IN_WORDS 4 -/*! The AES block size in bytes. */ -#define SASI_AES_BLOCK_SIZE_IN_BYTES (SASI_AES_BLOCK_SIZE_IN_WORDS * sizeof(uint32_t)) - -/*! The size of the IV buffer in words. */ -#define SASI_AES_IV_SIZE_IN_WORDS SASI_AES_BLOCK_SIZE_IN_WORDS -/*! The size of the IV buffer in bytes. */ -#define SASI_AES_IV_SIZE_IN_BYTES (SASI_AES_IV_SIZE_IN_WORDS * sizeof(uint32_t)) - -/*! The maximum size of the AES KEY in words. */ -#define SASI_AES_KEY_MAX_SIZE_IN_WORDS 4 -/*! The maximum size of the AES KEY in bytes. */ -#define SASI_AES_KEY_MAX_SIZE_IN_BYTES (SASI_AES_KEY_MAX_SIZE_IN_WORDS * sizeof(uint32_t)) - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif /* #ifndef SSI_AES_DEFS_H */ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_aes_error.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_aes_error.h deleted file mode 100644 index 4ad49e6..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_aes_error.h +++ /dev/null @@ -1,133 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -/*! -@file -@brief This file contains the definitions of the CryptoCell AES errors. -@defgroup ssi_aes_error CryptoCell AES specific errors -@{ -@ingroup ssi_aes -*/ - -#ifndef SSI_AES_ERROR_H -#define SSI_AES_ERROR_H - -#include "crys_error.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -/************************ Defines ******************************/ - -/* generic errors */ -/*! General fatal error. */ -#define SASI_FATAL_ERROR CRYS_FATAL_ERROR -/*! General out of resources error. */ -#define SASI_OUT_OF_RESOURCE_ERROR CRYS_OUT_OF_RESOURCE_ERROR -/*! General Illegal resource value error. */ -#define SASI_ILLEGAL_RESOURCE_VAL_ERROR CRYS_ILLEGAL_RESOURCE_VAL_ERROR - -/*! CRYS_AES_MODULE_ERROR_BASE - 0x00F00000. */ -/*! Illegal user context. */ -#define SASI_AES_INVALID_USER_CONTEXT_POINTER_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x00UL) -/*! Illegal IV or tweak pointer. */ -#define SASI_AES_INVALID_IV_OR_TWEAK_PTR_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x01UL) -/*! Illegal operation. */ -#define SASI_AES_ILLEGAL_OPERATION_MODE_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x02UL) -/*! Illegal key size. */ -#define SASI_AES_ILLEGAL_KEY_SIZE_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x03UL) -/*! Illegal key pointer. */ -#define SASI_AES_INVALID_KEY_POINTER_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x04UL) -/*! Unsupported key type. */ -#define SASI_AES_KEY_TYPE_NOT_SUPPORTED_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x05UL) -/*! Illegal operation. */ -#define SASI_AES_INVALID_ENCRYPT_MODE_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x06UL) -/*! User context corrupted. */ -#define SASI_AES_USER_CONTEXT_CORRUPTED_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x07UL) -/*! Illegal data in pointer. */ -#define SASI_AES_DATA_IN_POINTER_INVALID_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x08UL) -/*! Illegal data out pointer. */ -#define SASI_AES_DATA_OUT_POINTER_INVALID_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x09UL) -/*! Illegal data in size. */ -#define SASI_AES_DATA_IN_SIZE_ILLEGAL (CRYS_AES_MODULE_ERROR_BASE + 0x0AUL) -/*! Illegal data out address. */ -#define SASI_AES_DATA_OUT_DATA_IN_OVERLAP_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x0BUL) -/*! Illegal data in buffer size. */ -#define SASI_AES_DATA_IN_BUFFER_SIZE_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x0CUL) -/*! Illegal data out buffer size. */ -#define SASI_AES_DATA_OUT_BUFFER_SIZE_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x0DUL) -/*! Illegal padding type. */ -#define SASI_AES_ILLEGAL_PADDING_TYPE_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x0EUL) -/*! Incorrect padding. */ -#define SASI_AES_INCORRECT_PADDING_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x0FUL) -/*! Output is corrupted. */ -#define SASI_AES_CORRUPTED_OUTPUT_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x10UL) -/*! Illegal output size. */ -#define SASI_AES_DATA_OUT_SIZE_POINTER_INVALID_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x11UL) -/*! Decryption operation is not permitted in this mode. */ -#define SASI_AES_DECRYPTION_NOT_ALLOWED_ON_THIS_MODE (CRYS_AES_MODULE_ERROR_BASE + 0x12UL) -/*! Additional block operation is not permitted. */ -#define SASI_AES_ADDITIONAL_BLOCK_NOT_PERMITTED_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x15UL) -/*! Illegal context size. */ -#define SASI_AES_CTX_SIZES_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x16UL) - -/*! Illegal parameters. */ -#define SASI_AES_ILLEGAL_PARAMS_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x60UL) -/*! Illegal CTR block offset. */ -#define SASI_AES_CTR_ILLEGAL_BLOCK_OFFSET_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x70UL) -/*! Illegal counter (in CTR mode). */ -#define SASI_AES_CTR_ILLEGAL_COUNTER_ERROR (CRYS_AES_MODULE_ERROR_BASE + 0x71UL) -/*! AES is not supported. */ -#define SASI_AES_IS_NOT_SUPPORTED (CRYS_AES_MODULE_ERROR_BASE + 0xFFUL) - -/************************ Enums ********************************/ - -/************************ Typedefs ****************************/ - -/************************ Structs *****************************/ - -/************************ Public Variables *********************/ - -/************************ Public Functions *********************/ - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif /* #ifndef SSI_AES_ERROR_H */ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_pal_compiler.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_pal_compiler.h deleted file mode 100644 index 9481d63..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_pal_compiler.h +++ /dev/null @@ -1,188 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -#ifndef __SSI_PAL_COMPILER_H__ -#define __SSI_PAL_COMPILER_H__ - -/*! -@file -@brief This file contains compiler related definitions. -@defgroup ssi_pal_compiler CryptoCell PAL platform dependant compiler specific definitions -@{ -@ingroup ssi_pal - -*/ - -#ifdef __GNUC__ - -/************************ Defines ******************************/ - -/*! Associate a symbol with a link section. */ -#define SASI_PAL_COMPILER_SECTION(sectionName) __attribute__((section(sectionName))) - -/*! Mark symbol as used, i.e., prevent garbage collector from dropping it. */ -#define SASI_PAL_COMPILER_KEEP_SYMBOL __attribute__((used)) - -/*! Make given data item aligned (alignment in bytes). */ -#define SASI_PAL_COMPILER_ALIGN(alignement) __attribute__((aligned(alignement))) - -/*! Mark function that never returns. */ -#define SASI_PAL_COMPILER_FUNC_NEVER_RETURNS __attribute__((noreturn)) - -/*! Prevent function from being inlined */ -#define SASI_PAL_COMPILER_FUNC_DONT_INLINE __attribute__((noinline)) - -/*! Given data type may cast (alias) another data type pointer. */ -/* (this is used for "superclass" struct casting) */ -#define SASI_PAL_COMPILER_TYPE_MAY_ALIAS __attribute__((__may_alias__)) - -/*! Get sizeof for a structure type member. */ -#define SASI_PAL_COMPILER_SIZEOF_STRUCT_MEMBER(type_name, member_name) \ - sizeof(((type_name *)0)->member_name) - -/*! Assertion. */ -#define SASI_ASSERT_CONCAT_(a, b) a##b -#define SASI_ASSERT_CONCAT(a, b) SASI_ASSERT_CONCAT_(a, b) -#define SASI_PAL_COMPILER_ASSERT(cond, message) \ - enum { SASI_ASSERT_CONCAT(assert_line_, __LINE__) = 1/(!!(cond)) } - -#elif defined(__ARM_DSM__) || defined(__CC_ARM) -#define inline -/*! Associate a symbol with a link section. */ -#define SASI_PAL_COMPILER_SECTION(sectionName) __attribute__((section(sectionName))) - -/*! Mark symbol as used, i.e., prevent garbage collector from dropping it. */ -#define SASI_PAL_COMPILER_KEEP_SYMBOL __attribute__((used)) - -/*! Make given data item aligned (alignment in bytes). */ -#define SASI_PAL_COMPILER_ALIGN(alignement) __attribute__((aligned(alignement))) - -/*! Mark function that never returns. */ -#define SASI_PAL_COMPILER_FUNC_NEVER_RETURNS __attribute__((noreturn)) - -/*! Prevent function from being inlined. */ -#define SASI_PAL_COMPILER_FUNC_DONT_INLINE __attribute__((noinline)) - -/*! Given data type may cast (alias) another data type pointer. */ -/* (this is used for "superclass" struct casting) */ -#define SASI_PAL_COMPILER_TYPE_MAY_ALIAS __attribute__((__may_alias__)) - -/*! Get sizeof for a structure type member. */ -#define SASI_PAL_COMPILER_SIZEOF_STRUCT_MEMBER(type_name, member_name) \ - sizeof(((type_name *)0)->member_name) - -/*! Assertion. */ -#define SASI_ASSERT_CONCAT_(a, b) a##b -#define SASI_ASSERT_CONCAT(a, b) SASI_ASSERT_CONCAT_(a, b) -#define SASI_PAL_COMPILER_ASSERT(cond, message) \ - enum { SASI_ASSERT_CONCAT(assert_line_, __LINE__) = 1/(!!(cond)) } -#elif defined(__ARM_DS__) -#define inline -/*! Associate a symbol with a link section. */ -#define SASI_PAL_COMPILER_SECTION(sectionName) __attribute__((section(sectionName))) - -/*! Mark symbol as used, i.e., prevent garbage collector from dropping it. */ -#define SASI_PAL_COMPILER_KEEP_SYMBOL __attribute__((used)) - -/*! Make given data item aligned (alignment in bytes). */ -#define SASI_PAL_COMPILER_ALIGN(alignement) __attribute__((aligned(alignement))) - -/*! Mark function that never returns. */ -#define SASI_PAL_COMPILER_FUNC_NEVER_RETURNS __attribute__((noreturn)) - -/*! Prevent function from being inlined. */ -#define SASI_PAL_COMPILER_FUNC_DONT_INLINE __attribute__((noinline)) - -/*! Given data type may cast (alias) another data type pointer. */ -/* (this is used for "superclass" struct casting) */ -#define SASI_PAL_COMPILER_TYPE_MAY_ALIAS - -/*! Get sizeof for a structure type member. */ -#define SASI_PAL_COMPILER_SIZEOF_STRUCT_MEMBER(type_name, member_name) \ - sizeof(((type_name *)0)->member_name) - -/*! Assertion. */ -#define SASI_ASSERT_CONCAT_(a, b) a##b -#define SASI_ASSERT_CONCAT(a, b) SASI_ASSERT_CONCAT_(a, b) -#define SASI_PAL_COMPILER_ASSERT(cond, message) \ - enum { SASI_ASSERT_CONCAT(assert_line_, __LINE__) = 1/(!!(cond)) } -#elif defined(__ICCARM__) - -/************************ Defines ******************************/ - -/*! Associate a symbol with a link section. */ -#define SASI_PAL_COMPILER_SECTION(sectionName) __attribute__((section(sectionName))) - -/*! Mark symbol as used, i.e., prevent garbage collector from dropping it. */ -#define SASI_PAL_COMPILER_KEEP_SYMBOL __attribute__((used)) - - -#define STRING_PRAGMA(x) _Pragma(#x) -/*! Make given data item aligned (alignment in bytes). Not implemented */ -/* Used in crys_rsa_types.h. This is telling the compiler about buffer alignment. */ -/* IAR treats alignment a bit different. Nonetheless, this is used only for RSA, which was not ported yet. */ -#define SASI_PAL_COMPILER_ALIGN(n) - -/*! Mark function that never returns. Not implemented. */ -/* Not used anywhere, and probably located due to legacy reasons.*/ -#define SASI_PAL_COMPILER_FUNC_NEVER_RETURNS - -/* Prevent function from being inlined */ -#define SASI_PAL_COMPILER_FUNC_DONT_INLINE STRING_PRAGMA(optimize = no_inline) - -/*! Given data type may cast (alias) another data type pointer. */ -/* (this is used for "superclass" struct casting). Not implemented */ -/* Used in crys_rsa_local.h. for some compilers it translates to __may_alias__. */ -/* For IAR, there is probably no need for this attribute, as the typedef */ -/* is equivalent. Nonetheless, this is RSA code, which was not yet ported to Mbed TLS.*/ -#define SASI_PAL_COMPILER_TYPE_MAY_ALIAS - -/*! Get sizeof for a structure type member. */ -#define SASI_PAL_COMPILER_SIZEOF_STRUCT_MEMBER(type_name, member_name) \ - sizeof(((type_name *)0)->member_name) - -/*! Assertion. */ -#define SASI_ASSERT_CONCAT_(a, b) a##b -#define SASI_ASSERT_CONCAT(a, b) SASI_ASSERT_CONCAT_(a, b) - -#define SASI_PAL_COMPILER_ASSERT(cond, message) \ - enum { SASI_ASSERT_CONCAT(assert_line_, __LINE__) = 1/(!!(cond)) } -#else -#error Unsupported compiler. -#endif -/** -@} - */ -#endif /*__SSI_PAL_COMPILER_H__*/ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_pal_trng.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_pal_trng.h deleted file mode 100644 index 029bb0a..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_pal_trng.h +++ /dev/null @@ -1,66 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - -#ifndef _SSI_PAL_TRNG_H -#define _SSI_PAL_TRNG_H - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*---------------------------- - PUBLIC FUNCTIONS ------------------------------------*/ - -/** - * @brief This function purpose is to get TRNG characterization parameters. - * - * - * @return Zero on success. - * @return A non-zero value on failure. - */ -SaSiError_t SaSi_PalTrngParameterGet(uint32_t *SubSamplingRatio /*!< [out] TRNG characterization parameters, array size = 4. */); - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_pal_types.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_pal_types.h deleted file mode 100644 index d255488..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_pal_types.h +++ /dev/null @@ -1,115 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -/*! -@file -@brief This file contains the platform dependent definitions and types. -@defgroup ssi_pal_types CryptoCell PAL platform dependant types -@{ -@ingroup ssi_pal -*/ - -#ifndef SSI_PAL_TYPES_H -#define SSI_PAL_TYPES_H - -#include "ssi_pal_types_plat.h" - -/*! Boolean definition.*/ -typedef enum { - /*! Boolean false definition.*/ - SASI_FALSE = 0, - /*! Boolean true definition.*/ - SASI_TRUE = 1 -} SaSiBool; - -/*! Success definition. */ -#define SASI_SUCCESS 0UL -/*! Failure definition. */ -#define SASI_FAIL 1UL - -/*! Defintion of 1KB in bytes. */ -#define SASI_1K_SIZE_IN_BYTES 1024 -/*! Defintion of number of bits in a byte. */ -#define SASI_BITS_IN_BYTE 8 -/*! Defintion of number of bits in a 32bits word. */ -#define SASI_BITS_IN_32BIT_WORD 32 -/*! Defintion of number of bytes in a 32bits word. */ -#define SASI_32BIT_WORD_SIZE (sizeof(uint32_t)) - -/*! Success (OK) defintion. */ -#define SASI_OK SASI_SUCCESS - -/*! Macro that handles unused parameters in the code (to avoid compilation warnings). */ -#define SASI_UNUSED_PARAM(prm) ((void)prm) - -/*! Maximal uint32 value.*/ -#define SASI_MAX_UINT32_VAL (0xFFFFFFFF) - - -/* Minimum and Maximum macros */ -#ifdef min -/*! Definition for minimum. */ -#define CRYS_MIN(a,b) min( a , b ) -#else -/*! Definition for minimum. */ -#define CRYS_MIN( a , b ) ( ( (a) < (b) ) ? (a) : (b) ) -#endif - -#ifdef max -/*! Definition for maximum. */ -#define CRYS_MAX(a,b) max( a , b ) -#else -/*! Definition for maximum. */ -#define CRYS_MAX( a , b ) ( ( (a) > (b) ) ? (a) : (b) ) -#endif - -/*! Macro that calculates number of full bytes from bits (i.e. 7 bits are 1 byte). */ -#define CALC_FULL_BYTES(numBits) (((numBits) + (SASI_BITS_IN_BYTE -1))/SASI_BITS_IN_BYTE) -/*! Macro that calculates number of full 32bits words from bits (i.e. 31 bits are 1 word). */ -#define CALC_FULL_32BIT_WORDS(numBits) (((numBits) + (SASI_BITS_IN_32BIT_WORD -1))/SASI_BITS_IN_32BIT_WORD) -/*! Macro that calculates number of full 32bits words from bytes (i.e. 3 bytes are 1 word). */ -#define CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) (((sizeBytes) + SASI_32BIT_WORD_SIZE - 1) / SASI_32BIT_WORD_SIZE) -/*! Macro that round up bits to 32bits words. */ -#define ROUNDUP_BITS_TO_32BIT_WORD(numBits) (CALC_FULL_32BIT_WORDS(numBits)*SASI_BITS_IN_32BIT_WORD) -/*! Macro that round up bits to bytes. */ -#define ROUNDUP_BITS_TO_BYTES(numBits) (CALC_FULL_BYTES(numBits)*SASI_BITS_IN_BYTE) -/*! Macro that round up bytes to 32bits words. */ -#define ROUNDUP_BYTES_TO_32BIT_WORD(numBytes) (SASI_32BIT_WORD_SIZE*(((numBytes)+SASI_32BIT_WORD_SIZE-1)/SASI_32BIT_WORD_SIZE)) - - -/** -@} - */ -#endif diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_pal_types_plat.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_pal_types_plat.h deleted file mode 100644 index 97a9130..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_pal_types_plat.h +++ /dev/null @@ -1,57 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - -/*! @file -@brief This file contains basic type definitions that are platform dependent. -*/ -#ifndef SSI_PAL_TYPES_PLAT_H -#define SSI_PAL_TYPES_PLAT_H -/* Host specific types for standard (ISO-C99) compilant platforms */ - -#include -#include -#include - -typedef uintptr_t SaSiVirtAddr_t; -typedef uint32_t SaSiBool_t; -typedef uint32_t SaSiStatus; - -#define SaSiError_t SaSiStatus -#define SASI_INFINITE 0xFFFFFFFF - -#define CEXPORT_C -#define CIMPORT_C - -#endif /*SSI_PAL_TYPES_PLAT_H*/ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_pka_hw_plat_defs.h b/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_pka_hw_plat_defs.h deleted file mode 100644 index c205919..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/include/ssi_pka_hw_plat_defs.h +++ /dev/null @@ -1,77 +0,0 @@ -/************************************************************************************** -* Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved * -* * -* This file and the related binary are licensed under the following license: * -* * -* ARM Object Code and Header Files License, v1.0 Redistribution. * -* * -* Redistribution and use of object code, header files, and documentation, without * -* modification, are permitted provided that the following conditions are met: * -* * -* 1) Redistributions must reproduce the above copyright notice and the * -* following disclaimer in the documentation and/or other materials * -* provided with the distribution. * -* * -* 2) Unless to the extent explicitly permitted by law, no reverse * -* engineering, decompilation, or disassembly of is permitted. * -* * -* 3) Redistribution and use is permitted solely for the purpose of * -* developing or executing applications that are targeted for use * -* on an ARM-based product. * -* * -* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * -* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * -* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * -* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * -* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * -* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * -* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -**************************************************************************************/ - - - -#ifndef PKA_HW_PLAT_DEFS_H -#define PKA_HW_PLAT_DEFS_H - -#ifdef __cplusplus -extern "C" -{ -#endif - -/*! -@file -@brief Contains the enums and definitions that are used in the PKA code (definitions that are platform dependent). -@defgroup ssi_pka_hw_plat_defs CryptoCell PKA specific types and definitions -@{ -@ingroup cryptocell_pka - -*/ - -/*! Size of PKA engine word.*/ -#define SASI_PKA_WORD_SIZE_IN_BITS 64 -/*! Maximal supported modulus size in bits. */ -#define CRYS_SRP_MAX_MODULUS_SIZE_IN_BITS 3072 -/*! Maximal supported modulus size in RSA in bits. */ -#define CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS 2048 -/*! Maximal supported key generation size in RSA in bits. */ -#define CRYS_RSA_MAX_KEY_GENERATION_HW_SIZE_BITS 2048 - -/*! PKA operations maximal count of extra bits. */ -#define PKA_EXTRA_BITS 8 -/*! PKA operations number of memory registers. */ -#define PKA_MAX_COUNT_OF_PHYS_MEM_REGS 32 - - -#ifdef __cplusplus -} -#endif -/** -@} - */ -#endif //PKA_HW_PLAT_DEFS_H - - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/mbed_lib.json b/features/cryptocell/FEATURE_CRYPTOCELL310/mbed_lib.json deleted file mode 100644 index 607e4df..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/mbed_lib.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "name": "cryptocell310", - "config": { - "present": 1 - } -} diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/mbedtls_device.h b/features/cryptocell/FEATURE_CRYPTOCELL310/mbedtls_device.h deleted file mode 100644 index 08cd11a..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/mbedtls_device.h +++ /dev/null @@ -1,38 +0,0 @@ - /* - * mbedtls_device.h - * - * Copyright (C) 2018-2019, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef __MBEDTLS_DEVICE__ -#define __MBEDTLS_DEVICE__ - -#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT -//#define MBEDTLS_AES_ALT -#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -#define MBEDTLS_SHA1_ALT -#define MBEDTLS_SHA256_ALT -//#define MBEDTLS_SHA512_ALT -#define MBEDTLS_CCM_ALT -//#define MBEDTLS_CMAC_ALT -#define MBEDTLS_ECDSA_VERIFY_ALT -#define MBEDTLS_ECDSA_SIGN_ALT -#define MBEDTLS_ECDSA_GENKEY_ALT -#define MBEDTLS_ECDH_GEN_PUBLIC_ALT -#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT - -#endif //__MBEDTLS_DEVICE__ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/objects_cryptocell.h b/features/cryptocell/FEATURE_CRYPTOCELL310/objects_cryptocell.h deleted file mode 100644 index 941ddf5..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/objects_cryptocell.h +++ /dev/null @@ -1,44 +0,0 @@ - /* - * objects_cryptocell.h - * - * Copyright (C) 2017, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef MBED_OBJECTS_CRYPTOCELL_H -#define MBED_OBJECTS_CRYPTOCELL_H -#include "sns_silib.h" - -typedef struct trng_s -{ - /* parameters defining TRNG */ - CRYS_RND_mode_t TrngMode; - - /* allowed ring oscillator lengths: bits 0,1,2,3 */ - uint32_t RoscsAllowed; - - /* sampling interval: count of ring oscillator cycles between - consecutive bits sampling */ - uint32_t SubSamplingRatio; - - uint32_t SubSamplingRatio1; - uint32_t SubSamplingRatio2; - uint32_t SubSamplingRatio3; - uint32_t SubSamplingRatio4; - -}CRYS_RND_Params_t; - -#endif // MBED_OBJECTS_CRYPTOCELL_H diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/sha1_alt.c b/features/cryptocell/FEATURE_CRYPTOCELL310/sha1_alt.c deleted file mode 100644 index f750485..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/sha1_alt.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * sha1_alt.c - * - * Copyright (C) 2018, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include "mbedtls/sha1.h" -#if defined(MBEDTLS_SHA1_ALT) -#include -#include "mbedtls/platform.h" - -void mbedtls_sha1_init( mbedtls_sha1_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_sha1_context ) ); -} - -void mbedtls_sha1_free( mbedtls_sha1_context *ctx ) -{ - if( ctx == NULL ) - return; - - CRYS_HASH_Free( &ctx->crys_hash_ctx ); - - memset( ctx, 0, sizeof( mbedtls_sha1_context ) ); -} - -void mbedtls_sha1_clone( mbedtls_sha1_context *dst, - const mbedtls_sha1_context *src ) -{ - memcpy( dst, src, sizeof( mbedtls_sha1_context ) ); -} - -int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ) -{ - if( CRYS_HASH_Init( &ctx->crys_hash_ctx, CRYS_HASH_SHA1_mode ) != CRYS_OK ) - return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - return ( 0 ); -} - - -int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - if( CRYS_HASH_Update( &ctx->crys_hash_ctx, (uint8_t*)input, ilen ) != CRYS_OK ) - return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - return ( 0 ); -} - -int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, - unsigned char output[20] ) -{ - CRYSError_t crys_err = CRYS_OK; - CRYS_HASH_Result_t crys_result = {0}; - crys_err = CRYS_HASH_Finish( &ctx->crys_hash_ctx, crys_result ); - if( crys_err == CRYS_OK ) - { - memcpy( output, crys_result, 20 ); - return ( 0 ); - } - else - return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); -} - -int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, - const unsigned char data[64] ) -{ - return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); -} -#endif //MBEDTLS_SHA1_ALT diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/sha1_alt.h b/features/cryptocell/FEATURE_CRYPTOCELL310/sha1_alt.h deleted file mode 100644 index 245910b..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/sha1_alt.h +++ /dev/null @@ -1,36 +0,0 @@ -/* - * sha1_alt.h - * - * Copyright (C) 2018, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef __SHA1_ALT__ -#define __SHA1_ALT__ -#if defined(MBEDTLS_SHA1_ALT) -#include "crys_hash.h" - -/** - * \brief SHA-1 context structure - */ -typedef struct -{ - CRYS_HASHUserContext_t crys_hash_ctx; -} mbedtls_sha1_context; - -#endif //MBEDTLS_SHA1_ALT -#endif //__SHA1_ALT__ - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/sha256_alt.c b/features/cryptocell/FEATURE_CRYPTOCELL310/sha256_alt.c deleted file mode 100644 index 71c4201..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/sha256_alt.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * sha256_alt.c - * - * Copyright (C) 2018, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include "mbedtls/sha256.h" -#if defined(MBEDTLS_SHA256_ALT) -#include -#include "mbedtls/platform.h" - -void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); -} - -void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) -{ - if( ctx == NULL ) - return; - CRYS_HASH_Free( &ctx->crys_hash_ctx ); - memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); -} - -void mbedtls_sha256_clone( mbedtls_sha256_context *dst, - const mbedtls_sha256_context *src ) -{ - memcpy( dst, src, sizeof( mbedtls_sha256_context ) ); -} - - -int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) -{ - if(CRYS_HASH_Init( &ctx->crys_hash_ctx, is224 ? - CRYS_HASH_SHA224_mode : CRYS_HASH_SHA256_mode ) != CRYS_OK ) - return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - return ( 0 ); -} - -int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, - const unsigned char data[64] ) -{ - return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); -} - -int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - if( CRYS_HASH_Update( &ctx->crys_hash_ctx, (uint8_t*)input, ilen ) != CRYS_OK ) - return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - return ( 0 ); -} - -int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, - unsigned char output[32] ) -{ - CRYSError_t crys_err = CRYS_OK; - CRYS_HASH_Result_t crys_result = {0}; - crys_err = CRYS_HASH_Finish( &ctx->crys_hash_ctx, crys_result ); - if( crys_err == CRYS_OK ) - { - memcpy( output, crys_result, 32 ); - return ( 0 ); - } - else - return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); -} -#endif //MBEDTLS_SHA256_ALT - diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/sha256_alt.h b/features/cryptocell/FEATURE_CRYPTOCELL310/sha256_alt.h deleted file mode 100644 index 6be25f9..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/sha256_alt.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - * sha256_alt.h - * - * Copyright (C) 2018, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef __SHA256_ALT__ -#define __SHA256_ALT__ - -#if defined(MBEDTLS_SHA256_ALT) - -#include "crys_hash.h" - -/** - * \brief SHA-256 context structure - */ -typedef struct -{ - CRYS_HASHUserContext_t crys_hash_ctx; -} mbedtls_sha256_context; - -#endif // MBEDTLS_SHA256_ALT__ -#endif //__SHA256_ALT__ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/sha512_alt.c b/features/cryptocell/FEATURE_CRYPTOCELL310/sha512_alt.c deleted file mode 100644 index 3ba5ba9..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/sha512_alt.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * sha512_alt.c - * - * Copyright (C) 2019, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include "mbedtls/sha512.h" -#if defined(MBEDTLS_SHA512_ALT) -#include -#include "mbedtls/platform.h" - -void mbedtls_sha512_init( mbedtls_sha512_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_sha512_context ) ); -} - -void mbedtls_sha512_free( mbedtls_sha512_context *ctx ) -{ - if( ctx == NULL ) - return; - CRYS_HASH_Free( &ctx->crys_hash_ctx ); - memset( ctx, 0, sizeof( mbedtls_sha512_context ) ); -} - -void mbedtls_sha512_clone( mbedtls_sha512_context *dst, - const mbedtls_sha512_context *src ) -{ - memcpy(dst,src,sizeof(mbedtls_sha512_context)); -} - - -int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) -{ - if( is384 ) - return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); - if( CRYS_HASH_Init( &ctx->crys_hash_ctx, CRYS_HASH_SHA512_mode ) != CRYS_OK ) - return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - return ( 0 ); -} - -int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, - const unsigned char data[128] ) -{ - return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ); -} - -int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - if( CRYS_HASH_Update( &ctx->crys_hash_ctx, (uint8_t*)input, ilen ) != CRYS_OK ) - return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - return ( 0 ); -} - -int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, - unsigned char output[64] ) -{ - CRYSError_t crys_err = CRYS_OK; - CRYS_HASH_Result_t crys_result = {0}; - crys_err = CRYS_HASH_Finish( &ctx->crys_hash_ctx, crys_result ); - if( crys_err == CRYS_OK ) - { - memcpy(output,crys_result,64); - return ( 0 ); - } - else - return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); -} -#endif //MBEDTLS_SHA512_ALT diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/sha512_alt.h b/features/cryptocell/FEATURE_CRYPTOCELL310/sha512_alt.h deleted file mode 100644 index 114341f..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/sha512_alt.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - * sha512_alt.h - * - * Copyright (C) 2019, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef __SHA512_ALT__ -#define __SHA512_ALT__ - -#if defined(MBEDTLS_SHA512_ALT) - -#include "crys_hash.h" - -/** - * \brief SHA-512 context structure - */ -typedef struct -{ - CRYS_HASHUserContext_t crys_hash_ctx; -} mbedtls_sha512_context; - -#endif // MBEDTLS_SHA256_ALT__ -#endif //__SHA256_ALT__ diff --git a/features/cryptocell/FEATURE_CRYPTOCELL310/trng.c b/features/cryptocell/FEATURE_CRYPTOCELL310/trng.c deleted file mode 100644 index fb2f893..0000000 --- a/features/cryptocell/FEATURE_CRYPTOCELL310/trng.c +++ /dev/null @@ -1,90 +0,0 @@ - /* - * trng.c - * - * Copyright (C) 2017, Arm Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#if DEVICE_TRNG - -#include -#include "trng_api.h" -#include "mbedtls/platform.h" - -extern mbedtls_platform_context plat_ctx; -static CRYS_RND_WorkBuff_t rndWorkBuff = { { 0 } }; - -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; - while( n-- ) *p++ = 0; -} - -CRYSError_t RNG_PLAT_SetUserRngParameters( - CRYS_RND_State_t *pRndState, - CRYS_RND_Params_t *pTrngParams); - -CRYSError_t LLF_RND_GetTrngSource( - CRYS_RND_State_t *rndState_ptr, - CRYS_RND_Params_t *trngParams_ptr, - SaSiBool_t isContinued, - uint32_t *entropySize_ptr, - uint32_t **sourceOut_ptr_ptr, - uint32_t *sourceOutSize_ptr, - uint32_t *rndWorkBuff_ptr); - - -void trng_init(trng_t *obj) -{ - RNG_PLAT_SetUserRngParameters(&plat_ctx.platform_impl_ctx.rndState, obj); -} - -void trng_free(trng_t *obj) -{ - (void)obj; -} - - -int trng_get_bytes(trng_t *obj, uint8_t *output, size_t length, size_t *outputLength) -{ - (void)obj; - int ret; - uint32_t entropySizeBits; - uint32_t *entrSource_ptr; - uint32_t actualLength; - - ret = LLF_RND_GetTrngSource( - &plat_ctx.platform_impl_ctx.rndState , /*in/out*/ - obj, /*in/out*/ - 0, /*in*/ - &entropySizeBits, /*in/out*/ - &entrSource_ptr, /*out*/ - &actualLength, /*out*/ - (uint32_t*)&rndWorkBuff.crysRndWorkBuff /*in*/); - if ( ret != 0 ) - return -1; - - if ( length < actualLength ) - actualLength = length; - - *outputLength = actualLength; - - memcpy( output, entrSource_ptr + CRYS_RND_TRNG_SRC_INNER_OFFSET_WORDS, *outputLength ); - mbedtls_zeroize( entrSource_ptr + CRYS_RND_TRNG_SRC_INNER_OFFSET_WORDS, *outputLength ); - return 0; -} - -#endif //DEVICE_TRNG