summaryrefslogtreecommitdiff
path: root/board/cr50/dcrypto/dcrypto.h
diff options
context:
space:
mode:
Diffstat (limited to 'board/cr50/dcrypto/dcrypto.h')
-rw-r--r--board/cr50/dcrypto/dcrypto.h128
1 files changed, 17 insertions, 111 deletions
diff --git a/board/cr50/dcrypto/dcrypto.h b/board/cr50/dcrypto/dcrypto.h
index 3712f56fc4..cef877969a 100644
--- a/board/cr50/dcrypto/dcrypto.h
+++ b/board/cr50/dcrypto/dcrypto.h
@@ -315,7 +315,7 @@ enum dcrypto_result DCRYPTO_sw_hash_init(
union hash_ctx *ctx, enum hashing_mode mode) __warn_unused_result;
/**
- * Initialize hardware-acceleated or software version of hash computation,
+ * Initialize hardware-accelerated or software version of hash computation,
* preferring hardware version when available.
*
* @param ctx storage for context
@@ -349,7 +349,7 @@ enum dcrypto_result DCRYPTO_sw_hmac_init(union hmac_ctx *ctx, const void *key,
__warn_unused_result;
/**
- * Initialize hardware-acceleated or software version of HMAC computation,
+ * Initialize hardware-accelerated or software version of HMAC computation,
* preferring hardware version when available.
*
* @param ctx storage for context
@@ -404,7 +404,7 @@ __always_inline void HASH_update(union hash_ctx *const ctx, const void *data,
}
/**
* Finalize hash computation by adding padding, message length.
- * Returns pointer to computed digest stored inside provided context.
+ * Returns pointer to the computed digest stored inside the provided context.
*
* @param ctx digest context (can be one of union subtypes).
*
@@ -430,7 +430,7 @@ __always_inline void SHA256_update(struct sha256_ctx *const ctx,
/**
* Finalize hash computation by adding padding, message length.
- * Returns pointer to computed digest stored inside provided context.
+ * Returns pointer to the computed digest stored inside the provided context.
*
* @param ctx SHA256 digest context.
*
@@ -632,68 +632,6 @@ enum dcrypto_result DCRYPTO_aes_ctr(uint8_t *out, const uint8_t *key,
void DCRYPTO_aes_write_iv(const uint8_t *iv);
void DCRYPTO_aes_read_iv(uint8_t *iv);
-/* AES-GCM-128/192/256
- * NIST Special Publication 800-38D, IV is provided externally
- * Caller should use IV length according to section 8.2 of SP 800-38D
- * And choose appropriate IV construction method, constrain number
- * of invocations according to section 8.3 of SP 800-38D
- */
-struct GCM_CTX {
- union {
- uint32_t d[4];
- uint8_t c[16];
- } block, Ej0;
-
- uint64_t aad_len;
- uint64_t count;
- size_t remainder;
-};
-
-/* Initialize the GCM context structure. */
-void DCRYPTO_gcm_init(struct GCM_CTX *ctx, uint32_t key_bits,
- const uint8_t *key, const uint8_t *iv, size_t iv_len);
-/* Additional authentication data to include in the tag calculation. */
-void DCRYPTO_gcm_aad(struct GCM_CTX *ctx, const uint8_t *aad_data, size_t len);
-/* Encrypt & decrypt return the number of bytes written to out
- * (always an integral multiple of 16), or -1 on error. These functions
- * may be called repeatedly with incremental data.
- *
- * NOTE: if in_len is not a integral multiple of 16, then out_len must
- * be atleast in_len - (in_len % 16) + 16 bytes.
- */
-int DCRYPTO_gcm_encrypt(struct GCM_CTX *ctx, uint8_t *out, size_t out_len,
- const uint8_t *in, size_t in_len);
-int DCRYPTO_gcm_decrypt(struct GCM_CTX *ctx, uint8_t *out, size_t out_len,
- const uint8_t *in, size_t in_len);
-/* Encrypt & decrypt a partial final block, if any. These functions
- * return the number of bytes written to out (<= 15), or -1 on error.
- */
-int DCRYPTO_gcm_encrypt_final(struct GCM_CTX *ctx, uint8_t *out,
- size_t out_len);
-int DCRYPTO_gcm_decrypt_final(struct GCM_CTX *ctx, uint8_t *out,
- size_t out_len);
-/* Compute the tag over AAD + encrypt or decrypt data, and return the
- * number of bytes written to tag. Returns -1 on error.
- */
-int DCRYPTO_gcm_tag(struct GCM_CTX *ctx, uint8_t *tag, size_t tag_len);
-/* Cleanup secrets. */
-void DCRYPTO_gcm_finish(struct GCM_CTX *ctx);
-
-/* AES-CMAC-128
- * NIST Special Publication 800-38B, RFC 4493
- * K: 128-bit key, M: message, len: number of bytes in M
- * Writes 128-bit tag to T; returns 0 if an error is encountered and 1
- * otherwise.
- */
-enum dcrypto_result DCRYPTO_aes_cmac(const uint8_t *K, const uint8_t *M,
- size_t len, uint32_t T[4]);
-/* key: 128-bit key, M: message, len: number of bytes in M,
- * T: tag to be verified
- * Returns 1 if the tag is correct and 0 otherwise.
- */
-enum dcrypto_result DCRYPTO_aes_cmac_verify(const uint8_t *key,
- const uint8_t *M, size_t len,
- const uint32_t T[4]);
/*
* BIGNUM utility methods.
@@ -959,37 +897,6 @@ enum dcrypto_result DCRYPTO_p256_ecdsa_sign(const p256_int *key,
/************************************************************/
-/* P256 based integration encryption (DH+AES128+SHA256).
- * Not FIPS 140-2 compliant, not used other than for tests
- * Authenticated data may be provided, where the first auth_data_len
- * bytes of in will be authenticated but not encrypted. *
- * Supports in-place encryption / decryption. *
- * The output format is:
- * 0x04 || PUBKEY || AUTH_DATA || AES128_CTR(PLAINTEXT) ||
- * HMAC_SHA256(AUTH_DATA || CIPHERTEXT)
- */
-size_t DCRYPTO_ecies_encrypt(void *out, size_t out_len, const void *in,
- size_t in_len, size_t auth_data_len,
- const uint8_t *iv, const p256_int *pub_x,
- const p256_int *pub_y, const uint8_t *salt,
- size_t salt_len, const uint8_t *info,
- size_t info_len);
-size_t DCRYPTO_ecies_decrypt(void *out, size_t out_len, const void *in,
- size_t in_len, size_t auth_data_len,
- const uint8_t *iv, const p256_int *d,
- const uint8_t *salt, size_t salt_len,
- const uint8_t *info, size_t info_len);
-
-/*
- * HKDF as per RFC 5869. Mentioned as conforming NIST SP 800-56C Rev.1
- * [RFC 5869] specifies a version of the above extraction-then-expansion
- * key-derivation procedure using HMAC for both the extraction and expansion
- * steps.
- */
-int DCRYPTO_hkdf(uint8_t *OKM, size_t OKM_len, const uint8_t *salt,
- size_t salt_len, const uint8_t *IKM, size_t IKM_len,
- const uint8_t *info, size_t info_len);
-
/*
* BN.
*/
@@ -998,9 +905,12 @@ int DCRYPTO_hkdf(uint8_t *OKM, size_t OKM_len, const uint8_t *salt,
* Returns DCRYPTO_OK if test passed, DCRYPTO_FAIL otherwise
*/
enum dcrypto_result DCRYPTO_bn_generate_prime(struct LITE_BIGNUM *p);
-void DCRYPTO_bn_wrap(struct LITE_BIGNUM *b, void *buf, size_t len);
+
+/* Compute c = a * b. */
void DCRYPTO_bn_mul(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a,
const struct LITE_BIGNUM *b);
+
+/* Compute (quotient, remainder) = input / divisor. */
int DCRYPTO_bn_div(struct LITE_BIGNUM *quotient, struct LITE_BIGNUM *remainder,
const struct LITE_BIGNUM *input,
const struct LITE_BIGNUM *divisor);
@@ -1015,7 +925,7 @@ size_t DCRYPTO_asn1_pubp(uint8_t *buf, const p256_int *x, const p256_int *y);
* X509.
*/
/* DCRYPTO_x509_verify verifies that the provided X509 certificate was issued
- * by the specified certifcate authority.
+ * by the specified certificate authority.
*
* cert is a pointer to a DER encoded X509 certificate, as specified
* in https://tools.ietf.org/html/rfc5280#section-4.1. In ASN.1
@@ -1083,11 +993,19 @@ enum dcrypto_appid {
/* This enum value should not exceed 7. */
};
+/* Retrieve Firmware Root Key from hardware key ladder. */
int DCRYPTO_ladder_compute_frk2(size_t major_fw_version, uint8_t *frk2);
+
+/* Revoke access to hardware key ladder. */
void DCRYPTO_ladder_revoke(void);
+/* Preload application specific secret into key ladder register. */
int DCRYPTO_appkey_init(enum dcrypto_appid id);
+
+/* Clean-up secret loaded from key ladder. */
void DCRYPTO_appkey_finish(void);
+
+/* Compute application-specific, hardware-bound constant. */
int DCRYPTO_appkey_derive(enum dcrypto_appid appid, const uint32_t input[8],
uint32_t output[8]);
@@ -1139,23 +1057,11 @@ int DCRYPTO_ladder_is_enabled(void);
void fips_init_trng(void);
/**
- * Returns random number from TRNG with indication wherever reading is valid.
- * This is different from rand() which doesn't provide any indication.
- * High 32-bits set to zero in case of error; otherwise value >> 32 == 1
- * Use of uint64_t vs. struct results in more efficient code.
- * Random is passed continuous TRNG health tests.
- *
- * @return uint64_t, low 32 bits - random high 32 bits - validity status
- */
-uint64_t fips_trng_rand32(void);
-
-/**
* Return true if fips_trng_rand() result contains valid random from TRNG.
* @param rand value from fips_trng_rand32() or read_rand()
*
* @return true if rand contains valid random
*/
-
inline bool rand_valid(uint64_t rand)
{
return (rand >> 32) != 0;
View Lorry Controller Status