1 /*! ********************************************************************************* 2 * Copyright 2022 NXP 3 * All rights reserved. 4 * 5 * \file 6 * 7 * SPDX-License-Identifier: BSD-3-Clause 8 ********************************************************************************** */ 9 10 #ifndef __SSS_CRYPTO_H__ 11 #define __SSS_CRYPTO_H__ 12 13 #include "fsl_common.h" 14 #include "fsl_sscp_mu.h" 15 #include "fsl_sss_sscp.h" 16 17 #define SSS_HIGH_QUALITY_RNG 1 18 19 #ifndef RAISE_ERROR 20 #define RAISE_ERROR(x, code) \ 21 { \ 22 (x) = (code); \ 23 break; \ 24 } 25 #endif 26 27 #define SSS_MAX_SUBSYTEM_WAIT (0xFFFFFFFFu) 28 29 #ifndef SSS_CRYPTOHW_INITIALIZED 30 #define SSS_CRYPTOHW_INITIALIZED (0xF0F0F0F0u) 31 #endif 32 #ifndef SSS_CRYPTOHW_NONINITIALIZED 33 #define SSS_CRYPTOHW_NONINITIALIZED ~SSS_CRYPTOHW_INITIALIZED 34 #endif 35 #define SSS_SUBSYSTEM (kType_SSS_Ele200) 36 37 #define SSS_KEYPROP_OPERATION_NONE (0x00000000u) 38 #define SSS_KEYPROP_OPERATION_AES (0x00000001u) 39 #define SSS_KEYPROP_OPERATION_MAC (0x00000002u) 40 #define SSS_KEYPROP_OPERATION_AEAD (0x00000004u) 41 #define SSS_KEYPROP_OPERATION_ASYM (0x00000008u) 42 #define SSS_KEYPROP_OPERATION_KDF (0x00000010u) 43 #define SSS_KEYPROP_NO_PLAIN_READ (0x00008000u) 44 45 #define ECP256_COORDINATE_BITLEN 256u 46 #define ECP256_COORDINATE_LEN (ECP256_COORDINATE_BITLEN >> 3) 47 #define ECP256_COORDINATE_WLEN ((ECP256_COORDINATE_LEN) / 4U) 48 49 /* HMAC SHA256 section */ 50 #define MD_HMAC_SHA256_SIZE 32u 51 #define MD_HMAC_SHA256_BLOCK_SIZE 64u 52 53 extern sss_sscp_key_store_t g_keyStore; 54 extern sss_sscp_session_t g_sssSession; 55 extern sscp_context_t g_sscpContext; 56 57 /* AES related section */ 58 59 typedef struct aes_context_t 60 { 61 sss_sscp_object_t sssKey; 62 sss_sscp_symmetric_t cipher_ctx; 63 } aes_context_t; 64 65 typedef struct cmac_aes_context_t 66 { 67 sss_sscp_object_t sssKey; 68 sss_sscp_mac_t sscp_mac; 69 bool sscp_mac_was_set; 70 71 } cmac_aes_context_t; 72 73 /** 74 * \brief The SHA-256 context structure. 75 * 76 * The structure is used both for SHA-256 and for SHA-224 77 * checksum calculations. The choice between these two is 78 * made in the call to mbedtls_sha256_starts_ret(). 79 */ 80 typedef struct sss_sha256_context 81 { 82 sss_sscp_digest_t ctx; 83 } sss_sha256_context_t; 84 85 typedef struct sss_ccm_context_t 86 { 87 sss_sscp_object_t key; 88 89 sss_sscp_aead_t aead_ctx; 90 91 } sss_ccm_context_t; 92 93 typedef struct sss_hmac_context_t 94 { 95 unsigned char ipad[MD_HMAC_SHA256_BLOCK_SIZE]; 96 unsigned char opad[MD_HMAC_SHA256_BLOCK_SIZE]; 97 unsigned char tmp[MD_HMAC_SHA256_SIZE]; 98 } sss_hmac_context_t; 99 100 typedef struct sss_hmac_sha256_context_s 101 { 102 sss_sha256_context_t md_ctx; 103 sss_hmac_context_t hmac_ctx; 104 105 } sss_hmac_sha256_context_t; 106 107 typedef struct sss_ecp256_context_t 108 { 109 uint32_t PrivateKey[ECP256_COORDINATE_WLEN]; /*!< The private key : RNG output */ 110 uint32_t OwnPublicKey[2U * ECP256_COORDINATE_WLEN]; /*! Own Public computed from PrivateKey */ 111 sss_session_t session; 112 sss_sscp_key_store_t ks; 113 uint32_t keyId; 114 sss_sscp_object_t OwnKey; /*! Own Key object reference */ 115 } sss_ecp256_context_t; 116 117 typedef struct sss_ecdh_p256_context_t 118 { 119 sss_ecp256_context_t *ecdh_key_pair; 120 uint32_t Qp[2U * ECP256_COORDINATE_WLEN]; /*!< The value of the public key of the peer. */ 121 uint32_t z[2U * ECP256_COORDINATE_WLEN]; /*!< The shared secret is the X coordinate of the DH Key */ 122 123 sss_sscp_object_t peerPublicKey; 124 sss_sscp_object_t sharedSecret; 125 bool keepSharedSecret; 126 } sss_ecdh_context_t; 127 128 #ifdef __cplusplus 129 extern "C" { 130 #endif 131 132 status_t CRYPTO_InitHardware(void); 133 status_t CRYPTO_ReinitHardware(void); 134 135 void CRYPTO_DeinitHardware(void); 136 137 void CRYPTO_ELEMU_reset(void); 138 139 status_t SSS_aes_cmac_starts(cmac_aes_context_t *ctx, const unsigned char *key, size_t key_bytelen); 140 141 #ifdef SSS_CMAC_UPDATE_SUPPORTED 142 143 status_t SSS_aes_cmac_update(cmac_aes_context_t *ctx, const unsigned char *input, size_t ilen); 144 145 status_t SSS_aes_cmac_finish(cmac_aes_context_t *ctx, unsigned char *output); 146 147 #endif /* SSS_CMAC_UPDATE_SUPPORTED */ 148 149 status_t SSS_aes_cmac(cmac_aes_context_t *pCtx, 150 const unsigned char *key, 151 size_t keylen, 152 const unsigned char *input, 153 size_t ilen, 154 unsigned char *output); 155 156 status_t SSS_aes_cmac_prf_128(cmac_aes_context_t *pCtx, 157 const unsigned char *key, 158 size_t key_len, 159 const unsigned char *input, 160 size_t in_len, 161 unsigned char output[16]); 162 163 status_t SSS_set_aes_key_cmac(cmac_aes_context_t *pCtx, const unsigned char *key, size_t key_bytelen); 164 165 void SSS_aes_cmac_free(cmac_aes_context_t *ctx); 166 167 status_t SSS_set_aes_key(aes_context_t *ctx, const unsigned char *key, const size_t key_byte_len); 168 169 status_t SSS_aes_init(aes_context_t *ctx, const unsigned char *key, size_t keybits); 170 171 status_t SSS_aes_operation(aes_context_t *ctx, 172 const unsigned char *input, 173 size_t inputLen, 174 unsigned char *iv, 175 const unsigned char *key, 176 size_t key_bitlen, 177 unsigned char *output, 178 bool encrypt_nDecrypt, 179 sss_algorithm_t algo); 180 181 status_t SSS_aes128_CTR_operation(aes_context_t *ctx, 182 const unsigned char *input, 183 size_t inputLen, 184 unsigned char *initialCounter, 185 const unsigned char *key, 186 unsigned char *output, 187 bool encrypt_nDecrypt, 188 unsigned char *stream_block, 189 size_t *offset_sz_left); 190 191 /* CMAC related section */ 192 193 /* CCM section */ 194 195 status_t SSS_ccm_setkey(sss_ccm_context_t *ctx, const unsigned char *key, unsigned int keybits); 196 197 void SSS_ccm_free(sss_ccm_context_t *ctx); 198 199 status_t SSS_ccm_encrypt_and_tag(sss_ccm_context_t *ctx, 200 size_t length, 201 const unsigned char *iv, 202 size_t iv_len, 203 const unsigned char *add, 204 size_t add_len, 205 const unsigned char *input, 206 unsigned char *output, 207 unsigned char *tag, 208 size_t tag_len); 209 210 status_t SSS_ccm_auth_decrypt(sss_ccm_context_t *ctx, 211 size_t length, 212 const unsigned char *iv, 213 size_t iv_len, 214 const unsigned char *add, 215 size_t add_len, 216 const unsigned char *input, 217 unsigned char *output, 218 const unsigned char *tag, 219 size_t tag_len); 220 221 /* SHA256 Digest section */ 222 223 void SSS_sha256_init(sss_sha256_context_t *p_ctx); 224 void SSS_sha256_free(sss_sha256_context_t *p_ctx); 225 void SSS_sha256_clone(sss_sha256_context_t *dst, const sss_sha256_context_t *src); 226 227 /* The output of SHA224 and SHA256 is similar in size so the codeis shared */ 228 status_t SSS_sha256_ret(const unsigned char *input, size_t ilen, unsigned char output[32], bool is_sha224); 229 230 status_t SSS_sha256_finish_ret(sss_sha256_context_t *ctx, unsigned char output[32]); 231 232 status_t SSS_sha256_update_ret(sss_sha256_context_t *ctx, const unsigned char *input, size_t ilen); 233 234 status_t SSS_sha256_starts_ret(sss_sha256_context_t *ctx, bool is_sha224); 235 236 /*! ********************************************************************************* 237 * \brief Performs the initialization of the HMAC SHA256 context data. 238 * 239 * \param [in] ctx Pointer to the HMAC SHA256 context data structure. 240 * 241 * note: The sss_hmac_sha256_context_t structure contains the HMAC buffers. 242 * It may be allocated or in the stack 243 * 244 ********************************************************************************** */ 245 void SSS_md_hmac_sha256_init(sss_hmac_sha256_context_t *ctx); 246 247 /*! ********************************************************************************* 248 * \brief Free the HMAC SHA256 context data by simply resetting the contents. 249 * 250 * \param [in] ctx Pointer to the HMAC SHA256 context data structure. 251 * 252 * 253 ********************************************************************************** */ 254 void SSS_md_hmac_sha256_free(sss_hmac_sha256_context_t *ctx); 255 256 /*! ********************************************************************************* 257 * \brief Reset the HMAC SHA256 context data. 258 * 259 * \param [in] ctx Pointer to the HMAC SHA256 context data structure. 260 * 261 * 262 ********************************************************************************** */ 263 status_t SSS_md_hmac_sha256_reset(sss_hmac_sha256_context_t *ctx); 264 265 /*! ********************************************************************************* 266 * \brief Clones a HMAC SHA256 context 267 * 268 * \param [out] dst Pointer to buffer sufficient to hold HMAC SHA256 context data 269 * 270 * \param [in] src Pointer to the HMAC SHA256 context to be cloned 271 * 272 ********************************************************************************** */ 273 status_t SSS_md_hmac_sha256_clone(sss_hmac_sha256_context_t *dst, const sss_hmac_sha256_context_t *src); 274 275 /*! ********************************************************************************* 276 * \brief Start a HMAC SHA256 operation 277 * 278 * \param [in] ctx Pointer to the HMAC SHA256 context data. 279 * \param [in] key Pointer to the HMAC key 280 * \param [in] keyLen Length of the HMAC key in bytes 281 * 282 * \return kSSS_StatusSuccess if all SSS operations are Ok 283 ********************************************************************************** */ 284 status_t SSS_md_hmac_sha256_starts(sss_hmac_sha256_context_t *ctx, const unsigned char *key, size_t keylen); 285 286 /*! ********************************************************************************* 287 * \brief Compute HMAC SHA256 digest over input 288 * 289 * \param [in] ctx Pointer to the HMAC SHA256 context data. 290 * \param [in] input Pointer to input to be hashed. 291 * \param [in] iLen Length of input buffer in bytes. 292 * 293 * \return kSSS_StatusSuccess if all SSS operations are Ok 294 ********************************************************************************** */ 295 status_t SSS_md_hmac_sha256_update(sss_hmac_sha256_context_t *ctx, const unsigned char *input, size_t ilen); 296 297 /*! ********************************************************************************* 298 * \brief Return the HMAC SHA256 digest value 299 * 300 * \param [in] ctx Pointer to the HMAC SHA256 context data. 301 * \param [out] output Pointer to output buffer for caller to receive digest. 302 * 303 * \return kSSS_StatusSuccess if all SSS operations are Ok 304 ********************************************************************************** */ 305 status_t SSS_md_hmac_sha256_finish(sss_hmac_sha256_context_t *ctx, unsigned char *output); 306 307 /*! ********************************************************************************* 308 * \brief Performs all HMAC SHA256 steps on multiple bytes: initialize, 309 * update, finish, and update context data. 310 * The final HMAC value is stored at the provided output location. 311 312 * \param [in] pCtx context maybe allocated or on stack 313 * \param [in] key Pointer to the HMAC key 314 * \param [in] keylen Length of the HMAC key in bytes 315 * \param [in] input Pointer to the input data 316 * \param [in] ilen Number of bytes to perform HMAC on 317 * \param [in,out] output Pointer to the output location 318 * 319 * \return kSSS_StatusSuccess if all SSS operations are Ok 320 ********************************************************************************** */ 321 status_t SSS_md_hmac_sha256(sss_hmac_sha256_context_t *pCtx, 322 const unsigned char *key, 323 size_t keylen, 324 const unsigned char *input, 325 size_t ilen, 326 unsigned char *output); 327 328 status_t sss_ecdh_init_key(sss_ecp256_context_t *K_ctx); 329 330 /*! ********************************************************************************* 331 * \brief This function performs ECDH P256 Key pair generation 332 * 333 * \param[in] ecdh_ctx Pointer to the location of the 16-byte plain text block. 334 335 * \param[in] wrk_buf Pointer to the location of the 64 byte public key where public key 336 * is generated by SSS in MSB format. 337 * 338 * \param[in] wrk_buf_len Pointer to the location of the 128-bit key. 339 * 340 * \param[out] pOutPublicKey Pointer to the location to store the ecdhPublicKey_t X and Y coordinates 341 * i.e. 64 bytes LSB first. 342 * 343 * \param[out] pOutPrivateKey Pointer to the location to store the ecdhPrivateKey_t X P256 ECP point. 344 * i.e. 32 bytes LSB first. 345 * 346 * 347 ********************************************************************************** */ 348 status_t sss_ecdh_make_public_ecp256_key(sss_ecp256_context_t *K_ctx, unsigned char *wrk_buf, size_t wrk_buf_len); 349 350 /*! ********************************************************************************* 351 * \brief This function performs ECDH P256 DH secret calculation using the peer public key 352 * 353 * \param[in] pEcdh_ctx Pointer to the ECDH context. 354 * prerequiste: Qp must have been set. 355 * 356 * \param[in] wrk_buf Pointer to the location of the 64 byte public key where public key 357 * is generated by SSS in MSB format. 358 * 359 * \param[in] wrk_buf_len Pointer to the location of the 128-bit key. 360 * 361 * Remark: On completion, the reponse DH Key is in the wrk_buf in big endian format 362 * 363 ********************************************************************************** */ 364 status_t sss_ecdh_calc_secret(sss_ecdh_context_t *pEcdh_ctx, unsigned char *wrk_buf, size_t wrk_buf_lg); 365 status_t sss_ecdh_calc_EL2EL_key(sss_ecdh_context_t *pEcdh_ctx, unsigned char *wrk_buf, size_t wrk_buf_lg); 366 367 #define SSS_KEY_OBJ_FREE(_KEY_OBJ_) sss_sscp_key_object_free(_KEY_OBJ_, SSS_SSCP_KEY_OBJECT_FREE_DYNAMIC) 368 369 #define SSS_KEY_STORE_SET_KEY(_KEY_OBJ_, _KEY_, _KEY_BYTE_LEN_, _KEY_BITLEN_, _KEY_PART_) \ 370 sss_sscp_key_store_set_key(&g_keyStore, _KEY_OBJ_, _KEY_, _KEY_BYTE_LEN_, _KEY_BITLEN_, _KEY_PART_) 371 372 #define SSS_ECP_KEY_SZ(_KEYLEN_) (2 * (_KEYLEN_)) 373 374 #define SSS_ECP_GENERATE_KEY(_KEY_OBJ_, _KEY_BITLEN_) \ 375 sss_sscp_key_store_generate_key(&g_keyStore, _KEY_OBJ_, _KEY_BITLEN_, NULL) 376 377 #define SSS_KEY_STORE_GET_PUBKEY(_KEY_OBJ_, _KEY_BUF_, _KEY_BYTELEN_, _KEY_BITLEN_) \ 378 sss_sscp_key_store_get_key(&g_keyStore, _KEY_OBJ_, _KEY_BUF_, _KEY_BYTELEN_, _KEY_BITLEN_, kSSS_KeyPart_Public) 379 380 #define SSS_KEY_ALLOCATE_HANDLE(_KEY_OBJ_, _KEY_ID_, _KEY_PART_, _TYPE_, _BYTE_LEN_, _OPT_) \ 381 sss_sscp_key_object_allocate_handle(_KEY_OBJ_, _KEY_ID_, _KEY_PART_, _TYPE_, _BYTE_LEN_, _OPT_) 382 383 #ifdef __cplusplus 384 } 385 #endif 386 387 #endif 388
