diff options
Diffstat (limited to 'board/cr50/dcrypto/dcrypto.h')
-rw-r--r-- | board/cr50/dcrypto/dcrypto.h | 128 |
1 files changed, 17 insertions, 111 deletions
diff --git a/board/cr50/dcrypto/dcrypto.h b/board/cr50/dcrypto/dcrypto.h index 3712f56fc4..cef877969a 100644 --- a/board/cr50/dcrypto/dcrypto.h +++ b/board/cr50/dcrypto/dcrypto.h @@ -315,7 +315,7 @@ enum dcrypto_result DCRYPTO_sw_hash_init( union hash_ctx *ctx, enum hashing_mode mode) __warn_unused_result; /** - * Initialize hardware-acceleated or software version of hash computation, + * Initialize hardware-accelerated or software version of hash computation, * preferring hardware version when available. * * @param ctx storage for context @@ -349,7 +349,7 @@ enum dcrypto_result DCRYPTO_sw_hmac_init(union hmac_ctx *ctx, const void *key, __warn_unused_result; /** - * Initialize hardware-acceleated or software version of HMAC computation, + * Initialize hardware-accelerated or software version of HMAC computation, * preferring hardware version when available. * * @param ctx storage for context @@ -404,7 +404,7 @@ __always_inline void HASH_update(union hash_ctx *const ctx, const void *data, } /** * Finalize hash computation by adding padding, message length. - * Returns pointer to computed digest stored inside provided context. + * Returns pointer to the computed digest stored inside the provided context. * * @param ctx digest context (can be one of union subtypes). * @@ -430,7 +430,7 @@ __always_inline void SHA256_update(struct sha256_ctx *const ctx, /** * Finalize hash computation by adding padding, message length. - * Returns pointer to computed digest stored inside provided context. + * Returns pointer to the computed digest stored inside the provided context. * * @param ctx SHA256 digest context. * @@ -632,68 +632,6 @@ enum dcrypto_result DCRYPTO_aes_ctr(uint8_t *out, const uint8_t *key, void DCRYPTO_aes_write_iv(const uint8_t *iv); void DCRYPTO_aes_read_iv(uint8_t *iv); -/* AES-GCM-128/192/256 - * NIST Special Publication 800-38D, IV is provided externally - * Caller should use IV length according to section 8.2 of SP 800-38D - * And choose appropriate IV construction method, constrain number - * of invocations according to section 8.3 of SP 800-38D - */ -struct GCM_CTX { - union { - uint32_t d[4]; - uint8_t c[16]; - } block, Ej0; - - uint64_t aad_len; - uint64_t count; - size_t remainder; -}; - -/* Initialize the GCM context structure. */ -void DCRYPTO_gcm_init(struct GCM_CTX *ctx, uint32_t key_bits, - const uint8_t *key, const uint8_t *iv, size_t iv_len); -/* Additional authentication data to include in the tag calculation. */ -void DCRYPTO_gcm_aad(struct GCM_CTX *ctx, const uint8_t *aad_data, size_t len); -/* Encrypt & decrypt return the number of bytes written to out - * (always an integral multiple of 16), or -1 on error. These functions - * may be called repeatedly with incremental data. - * - * NOTE: if in_len is not a integral multiple of 16, then out_len must - * be atleast in_len - (in_len % 16) + 16 bytes. - */ -int DCRYPTO_gcm_encrypt(struct GCM_CTX *ctx, uint8_t *out, size_t out_len, - const uint8_t *in, size_t in_len); -int DCRYPTO_gcm_decrypt(struct GCM_CTX *ctx, uint8_t *out, size_t out_len, - const uint8_t *in, size_t in_len); -/* Encrypt & decrypt a partial final block, if any. These functions - * return the number of bytes written to out (<= 15), or -1 on error. - */ -int DCRYPTO_gcm_encrypt_final(struct GCM_CTX *ctx, uint8_t *out, - size_t out_len); -int DCRYPTO_gcm_decrypt_final(struct GCM_CTX *ctx, uint8_t *out, - size_t out_len); -/* Compute the tag over AAD + encrypt or decrypt data, and return the - * number of bytes written to tag. Returns -1 on error. - */ -int DCRYPTO_gcm_tag(struct GCM_CTX *ctx, uint8_t *tag, size_t tag_len); -/* Cleanup secrets. */ -void DCRYPTO_gcm_finish(struct GCM_CTX *ctx); - -/* AES-CMAC-128 - * NIST Special Publication 800-38B, RFC 4493 - * K: 128-bit key, M: message, len: number of bytes in M - * Writes 128-bit tag to T; returns 0 if an error is encountered and 1 - * otherwise. - */ -enum dcrypto_result DCRYPTO_aes_cmac(const uint8_t *K, const uint8_t *M, - size_t len, uint32_t T[4]); -/* key: 128-bit key, M: message, len: number of bytes in M, - * T: tag to be verified - * Returns 1 if the tag is correct and 0 otherwise. - */ -enum dcrypto_result DCRYPTO_aes_cmac_verify(const uint8_t *key, - const uint8_t *M, size_t len, - const uint32_t T[4]); /* * BIGNUM utility methods. @@ -959,37 +897,6 @@ enum dcrypto_result DCRYPTO_p256_ecdsa_sign(const p256_int *key, /************************************************************/ -/* P256 based integration encryption (DH+AES128+SHA256). - * Not FIPS 140-2 compliant, not used other than for tests - * Authenticated data may be provided, where the first auth_data_len - * bytes of in will be authenticated but not encrypted. * - * Supports in-place encryption / decryption. * - * The output format is: - * 0x04 || PUBKEY || AUTH_DATA || AES128_CTR(PLAINTEXT) || - * HMAC_SHA256(AUTH_DATA || CIPHERTEXT) - */ -size_t DCRYPTO_ecies_encrypt(void *out, size_t out_len, const void *in, - size_t in_len, size_t auth_data_len, - const uint8_t *iv, const p256_int *pub_x, - const p256_int *pub_y, const uint8_t *salt, - size_t salt_len, const uint8_t *info, - size_t info_len); -size_t DCRYPTO_ecies_decrypt(void *out, size_t out_len, const void *in, - size_t in_len, size_t auth_data_len, - const uint8_t *iv, const p256_int *d, - const uint8_t *salt, size_t salt_len, - const uint8_t *info, size_t info_len); - -/* - * HKDF as per RFC 5869. Mentioned as conforming NIST SP 800-56C Rev.1 - * [RFC 5869] specifies a version of the above extraction-then-expansion - * key-derivation procedure using HMAC for both the extraction and expansion - * steps. - */ -int DCRYPTO_hkdf(uint8_t *OKM, size_t OKM_len, const uint8_t *salt, - size_t salt_len, const uint8_t *IKM, size_t IKM_len, - const uint8_t *info, size_t info_len); - /* * BN. */ @@ -998,9 +905,12 @@ int DCRYPTO_hkdf(uint8_t *OKM, size_t OKM_len, const uint8_t *salt, * Returns DCRYPTO_OK if test passed, DCRYPTO_FAIL otherwise */ enum dcrypto_result DCRYPTO_bn_generate_prime(struct LITE_BIGNUM *p); -void DCRYPTO_bn_wrap(struct LITE_BIGNUM *b, void *buf, size_t len); + +/* Compute c = a * b. */ void DCRYPTO_bn_mul(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a, const struct LITE_BIGNUM *b); + +/* Compute (quotient, remainder) = input / divisor. */ int DCRYPTO_bn_div(struct LITE_BIGNUM *quotient, struct LITE_BIGNUM *remainder, const struct LITE_BIGNUM *input, const struct LITE_BIGNUM *divisor); @@ -1015,7 +925,7 @@ size_t DCRYPTO_asn1_pubp(uint8_t *buf, const p256_int *x, const p256_int *y); * X509. */ /* DCRYPTO_x509_verify verifies that the provided X509 certificate was issued - * by the specified certifcate authority. + * by the specified certificate authority. * * cert is a pointer to a DER encoded X509 certificate, as specified * in https://tools.ietf.org/html/rfc5280#section-4.1. In ASN.1 @@ -1083,11 +993,19 @@ enum dcrypto_appid { /* This enum value should not exceed 7. */ }; +/* Retrieve Firmware Root Key from hardware key ladder. */ int DCRYPTO_ladder_compute_frk2(size_t major_fw_version, uint8_t *frk2); + +/* Revoke access to hardware key ladder. */ void DCRYPTO_ladder_revoke(void); +/* Preload application specific secret into key ladder register. */ int DCRYPTO_appkey_init(enum dcrypto_appid id); + +/* Clean-up secret loaded from key ladder. */ void DCRYPTO_appkey_finish(void); + +/* Compute application-specific, hardware-bound constant. */ int DCRYPTO_appkey_derive(enum dcrypto_appid appid, const uint32_t input[8], uint32_t output[8]); @@ -1139,23 +1057,11 @@ int DCRYPTO_ladder_is_enabled(void); void fips_init_trng(void); /** - * Returns random number from TRNG with indication wherever reading is valid. - * This is different from rand() which doesn't provide any indication. - * High 32-bits set to zero in case of error; otherwise value >> 32 == 1 - * Use of uint64_t vs. struct results in more efficient code. - * Random is passed continuous TRNG health tests. - * - * @return uint64_t, low 32 bits - random high 32 bits - validity status - */ -uint64_t fips_trng_rand32(void); - -/** * Return true if fips_trng_rand() result contains valid random from TRNG. * @param rand value from fips_trng_rand32() or read_rand() * * @return true if rand contains valid random */ - inline bool rand_valid(uint64_t rand) { return (rand >> 32) != 0; |