1 /*
2 * Copyright (c) 2017 Intel Corporation
3 *
4 * SPDX-License-Identifier: Apache-2.0
5 *
6 */
7
8 #ifndef ZEPHYR_DRIVERS_CRYPTO_CRYPTO_ATAES132A_PRIV_H_
9 #define ZEPHYR_DRIVERS_CRYPTO_CRYPTO_ATAES132A_PRIV_H_
10
11 #include <zephyr/drivers/i2c.h>
12 #include <zephyr/kernel.h>
13 #include <zephyr/sys/util.h>
14
15 /* Configuration Read Only Registers */
16 #define ATAES_SERIALNUM_REG 0xF000
17 #define ATAES_LOTHISTORY_REG 0xF008
18 #define ATAES_JEDEC_REG 0xF010
19 #define ATAES_ALGORITHM_REG 0xF015
20 #define ATAES_EEPAGESIZE_REG 0xF017
21 #define ATAES_ENCREADSIZE_REG 0xF018
22 #define ATAES_ENCWRITESIZE_REG 0xF019
23 #define ATAES_DEVICENUM_REG 0xF01A
24 #define ATAES_MANUFACTID_REG 0xF02B
25 #define ATAES_PERMCONFIG_REG 0xF02D
26
27 /* Configuration Pre-Lock Writable Registers */
28 #define ATAES_I2CADDR_REG 0xF040
29 #define ATAES_CHIPCONFIG_REG 0xF042
30 #define ATAES_FREESPACE_ADDR 0xF180
31
32 /**
33 * Counter Config Memory Map
34 * ctrid valid entries are [0x0-0xF]
35 */
36 #define ATAES_CTRCFG_REG(ctrid) (0xF060 + (ctrid < 1))
37
38 /**
39 * Key Config Memory Map
40 * keyid valid entries are [0x0-0xF]
41 */
42 #define ATAES_KEYCFG_REG(keyid) (0xF080 + (keyid < 2))
43
44 /**
45 * Zone Config Memory Map
46 * zoneid valid entries are [0x0-0xF]
47 */
48 #define ATAES_ZONECFG_REG(zoneid) (0xF0C0 + (zoneid < 2))
49
50 /**
51 * Counter Memory Map
52 * crtid valid entries are [0x0-0xF] characters
53 */
54 #define ATAES_COUNTER_REG(ctrid) (0xF100 + (ctrid < 3))
55
56 /**
57 * Small Zone Memory Address
58 * Pre-Small Zone Lock Writable
59 */
60 #define ATAES_SMALLZONE_ADDR 0xF1E0
61
62 /**
63 * Key Memory Map
64 * keynum valid entries are [0-F] characters
65 */
66 #define ATAES_KEYMEMMAP_REG(keyid) (0xF2##keyid##0)
67
68 #define ATAES_COMMAND_MEM_ADDR 0xFE00
69 #define ATAES_COMMAND_ADDRR_RESET 0xFFE0
70 #define ATAES_STATUS_REG 0xFFF0
71
72 #define ATAES_STATUS_WIP BIT(0)
73 #define ATAES_STATUS_WEN BIT(1)
74 #define ATAES_STATUS_WAK BIT(2)
75 #define ATAES_STATUS_CRC BIT(4)
76 #define ATAES_STATUS_RDY BIT(6)
77 #define ATAES_STATUS_ERR BIT(7)
78
79 #define ATAES_VOLATILE_KEYID 0xFF
80 #define ATAES_VOLATILE_AUTHOK BIT(0)
81 #define ATAES_VOLATILE_ENCOK (BIT(1) & BIT(2))
82 #define ATAES_VOLATILE_DECOK BIT(3)
83 #define ATAES_VOLATILE_RNDNNC BIT(4)
84 #define ATAES_VOLATILE_AUTHCO BIT(5)
85 #define ATAES_VOLATILE_LEGACYOK BIT(6)
86
87 #define ATAES_KEYCONFIG_EXTERNAL BIT(0)
88 #define ATAES_KEYCONFIG_RAND_NONCE BIT(2)
89 #define ATAES_KEYCONFIG_LEGACYOK BIT(3)
90 #define ATAES_KEYCONFIG_AUTHKEY BIT(4)
91
92 #define ATAES_CHIPCONFIG_LEGACYE BIT(0)
93
94 #define ATAES_NONCE_OP 0x01
95 #define ATAES_ENCRYPT_OP 0x06
96 #define ATAES_DECRYPT_OP 0x07
97 #define ATAES_INFO_OP 0x0C
98 #define ATAES_LEGACY_OP 0x0F
99 #define ATAES_BLOCKRD_OP 0x10
100
101 #define ATAES_MAC_MODE_COUNTER BIT(5)
102 #define ATAES_MAC_MODE_SERIAL BIT(6)
103 #define ATAES_MAC_MODE_SMALLZONE BIT(7)
104
105 #if defined(CONFIG_CRYPTO_ATAES132A_I2C_SPEED_STANDARD)
106 #define ATAES132A_BUS_SPEED I2C_SPEED_STANDARD
107 #else
108 #define ATAES132A_BUS_SPEED I2C_SPEED_FAST
109 #endif
110
111 #define CRC16_POLY 0x8005
112
ataes132a_atmel_crc(uint8_t * input,uint8_t length,uint8_t * output)113 void ataes132a_atmel_crc(uint8_t *input, uint8_t length,
114 uint8_t *output)
115 {
116 int i, j;
117 uint8_t bit;
118 uint16_t crc;
119 uint16_t double_carry;
120 uint8_t higher_crc_bit;
121
122 for (i = 0, crc = 0U; i < length; i++) {
123 for (j = 7; j >= 0; j--) {
124 bit = !!(input[i] & BIT(j));
125 higher_crc_bit = crc >> 15;
126 double_carry = (crc & BIT(8)) << 1;
127 crc <<= 1;
128 crc |= double_carry;
129
130 if ((bit ^ higher_crc_bit)) {
131 crc ^= CRC16_POLY;
132 }
133 }
134 }
135
136 *(uint16_t *)output = crc << 8 | crc >> 8;
137 }
138
burst_write_i2c(const struct i2c_dt_spec * spec,uint16_t start_addr,uint8_t * buf,uint8_t num_bytes)139 static inline int burst_write_i2c(const struct i2c_dt_spec *spec,
140 uint16_t start_addr, uint8_t *buf,
141 uint8_t num_bytes)
142 {
143 uint8_t addr_buffer[2];
144 struct i2c_msg msg[2];
145
146 addr_buffer[1] = start_addr & 0xFF;
147 addr_buffer[0] = start_addr >> 8;
148 msg[0].buf = addr_buffer;
149 msg[0].len = 2U;
150 msg[0].flags = I2C_MSG_WRITE;
151
152 msg[1].buf = buf;
153 msg[1].len = num_bytes;
154 msg[1].flags = I2C_MSG_WRITE | I2C_MSG_STOP;
155
156 return i2c_transfer_dt(spec, msg, 2);
157 }
158
159
burst_read_i2c(const struct i2c_dt_spec * spec,uint16_t start_addr,uint8_t * buf,uint8_t num_bytes)160 static inline int burst_read_i2c(const struct i2c_dt_spec *spec,
161 uint16_t start_addr, uint8_t *buf,
162 uint8_t num_bytes)
163 {
164 uint8_t addr_buffer[2];
165 struct i2c_msg msg[2];
166
167 addr_buffer[1] = start_addr & 0xFF;
168 addr_buffer[0] = start_addr >> 8;
169 msg[0].buf = addr_buffer;
170 msg[0].len = 2U;
171 msg[0].flags = I2C_MSG_WRITE;
172
173 msg[1].buf = buf;
174 msg[1].len = num_bytes;
175 msg[1].flags = I2C_MSG_RESTART | I2C_MSG_READ | I2C_MSG_STOP;
176
177 return i2c_transfer_dt(spec, msg, 2);
178 }
179
read_reg_i2c(const struct i2c_dt_spec * spec,uint16_t reg_addr,uint8_t * value)180 static inline int read_reg_i2c(const struct i2c_dt_spec *spec,
181 uint16_t reg_addr, uint8_t *value)
182 {
183 return burst_read_i2c(spec, reg_addr, value, 1);
184 }
185
write_reg_i2c(const struct i2c_dt_spec * spec,uint16_t reg_addr,uint8_t value)186 static inline int write_reg_i2c(const struct i2c_dt_spec *spec,
187 uint16_t reg_addr, uint8_t value)
188 {
189 return burst_write_i2c(spec, reg_addr, &value, 1);
190 }
191
192 struct ataes132a_device_config {
193 struct i2c_dt_spec i2c;
194 };
195
196 struct ataes132a_device_data {
197 const struct device *i2c;
198 uint8_t command_buffer[64];
199 struct k_sem device_sem;
200 };
201
202 struct ataes132a_driver_state {
203 bool in_use;
204 uint8_t key_id;
205 uint8_t key_config;
206 uint8_t chip_config;
207 };
208
209 /**
210 * @brief Data structure that describes the ATAES132A device external items
211 * used in the CCM MAC generation and authorization processes.
212 */
213 struct ataes132a_mac_packet {
214 /** Key storage id used on CCM encryption */
215 uint8_t encryption_key_id;
216 /** MAC Count value */
217 uint8_t encryption_mac_count;
218 };
219
220 /**
221 * @brief Data structure that describes the ATAES132A device internal items
222 * used in the CCM MAC generation and authorization processes.
223 */
224 struct ataes132a_mac_mode {
225 /** Indicates to include the counter value
226 * in the MAC calculation
227 */
228 bool include_counter;
229 /** Indicates to include the device serial
230 * number in the MAC calculation
231 */
232 bool include_serial;
233 /** Indicates to include the small zone number
234 * in the MAC calculation
235 */
236 bool include_smallzone;
237 };
238
239 /**
240 * @brief ATAES132A device initialize function
241 *
242 * This function receives a reference to the i2c port
243 * where the ATES132A device is attached. It initializes
244 * the I2C device and get it ready to communicate with
245 * the cryptographic device.
246 *
247 * @param i2c_dev reference to the I2C device where ATES132A is attached.
248 *
249 * @return Returns 0 in case of success and an error code otherwise.
250 */
251 int ataes132a_init(const struct device *i2c_dev);
252
253 /**
254 * @brief ATAES132A CCM decrypt function
255 *
256 * This function performs a CCM decrypt and authorization operation on the
257 * input and MAC buffer. In Client Decryption Mode it can decrypt buffers
258 * encrypted by the same ATAES132A * device or other ATAES132A devices.
259 * In User Decryption Mode it can decrypt buffers encrypted by the Host.
260 * To be able to decrypt a buffer encrypted by a different ATAES132A device
261 * successfully, the following conditions must be satisfied:
262 *
263 * - The encryption key id must be known.
264 * - The nonce used by the encryption device must be known or synchronized
265 * with the decryption device.
266 * - The expected output length must be identical to the original length of
267 * the encryption's input buffer.
268 * - The MAC Count of the encryption device must be known.
269 * - The MAC Mode must be identical between encrypt and decrypt calls.
270 * - If the encryption was performed with a randomly generated nonce
271 * a previous nonce synchronization is required.
272 * - If the encryption was performed with a given nonce, the given nonce
273 * must be known.
274 *
275 * @param i2c_dev Reference to the I2C device where ATES132A is attached.
276 *
277 * @param key_id Key ID from the ATAS132A key storage. This will be the used
278 * to decrypt and authenticate the buffer and MAC.
279 *
280 * @param mac_mode Reference to a structure that defines which internal device
281 * items (data generated by the ATAES132A chip) must be
282 included during MAC authentication. The values
283 * must be identical to the ones used during encryption. If the
284 * buffer was encrypted by the Host and not by an ATAES132A
285 * device then this value must be null.
286 *
287 * @param mac_packet Reference to a structure that defines the external device
288 * items (data provided by the application or the user)that
289 must be included during MAC authentication. The
290 * values must be identical to those used during encryption.
291 * If the buffer was encrypted by the Host and not by an
292 * ATAES132A device then this value must be null.
293 *
294 * @param aead_op Data structure that includes the reference to the input
295 * buffer that requires to be decrypted (it must be 16 or 32
296 * bytes length), the length of the input buffer, the reference
297 * to the 16 bytes MAC buffer that requires to be authenticated
298 * as the tag pointer, the reference to the buffer where the
299 * unencrypted buffer will be placed and the expected output
300 * length (it must be identical to the length of the original
301 * encrypted buffer).
302 *
303 * @param nonce_buf Reference to the 12 bytes nonce buffer to be used during
304 * authentication. If the buffer was encrypted using a random
305 * nonce, this value must be null and a previous nonce
306 * synchronization across devices is needed.
307 *
308 * @return Returns 0 in case of success and an error code otherwise.
309 */
310 int ataes132a_aes_ccm_decrypt(const struct device *i2c_dev,
311 uint8_t key_id,
312 struct ataes132a_mac_mode *mac_mode,
313 struct ataes132a_mac_packet *mac_packet,
314 struct cipher_aead_pkt *aead_op,
315 uint8_t *nonce_buf);
316
317 /**
318 * @brief ATAES132A CCM encrypt function
319 *
320 * This function performs a CCM encrypt operation on the input buffer.
321 * The encrypt operation accepts 1 to 32 bytes of plaintext as input buffer,
322 * encrypts the data and generates an integrity MAC.
323 * This function can be used to encrypt packets for decryption by the same
324 * or another ATAES132A device if the requirements described in the Client
325 * Decryption Mode are satisfied.
326 *
327 * If the encryption key is configured to require a random nonce then the
328 * nonce_buf will be ignored. It preferably must be null.
329 *
330 * @param i2c_dev Reference to the I2C device where ATES132A is attached.
331 *
332 * @param key_id Key ID from the ATAS132A key storage. This will be the used
333 * to encrypt and generate the buffer and MAC.
334 *
335 * @param mac_mode Reference to a structure that defines which internal device
336 * items must be included during MAC generation. The values
337 * must be known by the decrypt operation. If the reference is
338 * equal to null then none of the items are integrated into
339 * the MAC calculation.
340 * @param aead_op Data structure that includes the plain text buffer to be
341 * encrypted, the length of the input buffer (it cannot be
342 * above 32 bytes), the tag buffer to receive the generated
343 * MAC (it must have space reserved to hold 16 bytes) and the
344 * buffer to receive the encrypted message (it must have space
345 * reserved to hold 16 or 32 bytes according to the input
346 * length.
347 *
348 * @param non_buf 12 bytes nonce buffer. If encryption key requires random
349 * nonce the parameter will be ignored. If the parameter is
350 * null then the current nonce registered in the device will be
351 * used if any.
352 *
353 * @param mac_count Reference a 1 byte variable to return the MAC counter
354 * value if the mac value is indicated in the MAC mode.
355 *
356 * @return Returns 0 in case of success and an error code otherwise.
357 */
358 int ataes132a_aes_ccm_encrypt(const struct device *i2c_dev,
359 uint8_t key_id,
360 struct ataes132a_mac_mode *mac_mode,
361 struct cipher_aead_pkt *aead_op,
362 uint8_t *nonce_buf,
363 uint8_t *mac_count);
364
365 /**
366 * @brief ATAES132A ECM block function
367 *
368 * This function performs an ECM encrypt operation on the input buffer.
369 * The encrypt operation accepts 1 to 32 bytes of plain text as input buffer.
370 * The encryption key must be enabled to perform legacy ECM operation.
371 * Any key configured to work with legacy operations should never be used
372 * with any other command. The ECM operation can be used to exhaustively
373 * attack the key.
374 *
375 * @param i2c_dev Reference to the I2C device where ATES132A is attached.
376 *
377 * @param key_id Key ID from the ATAS132A key storage.
378 *
379 * @param pkt Data structure that includes the plain text buffer to be
380 * encrypted/decrypted, the length of the input buffer (it cannot
381 * be above 16 bytes) and the buffer to receive the result (it must
382 * have space reserved to hold 16 bytes).
383 *
384 * @return Returns 0 in case of success and an error code otherwise.
385 */
386 int ataes132a_aes_ecb_block(const struct device *i2c_dev,
387 uint8_t key_id,
388 struct cipher_pkt *pkt);
389
390 #endif /* ZEPHYR_DRIVERS_CRYPTO_CRYPTO_ATAES132A_PRIV_H_ */
391
