1 /* 2 * Copyright 2018-2021 NXP 3 * All rights reserved. 4 * 5 * SPDX-License-Identifier: BSD-3-Clause 6 */ 7 #ifndef FSL_SSS_SSCP_H 8 #define FSL_SSS_SSCP_H 9 10 // #include <stddef.h> 11 #include <stdint.h> 12 #include "fsl_sscp.h" 13 #include "fsl_sss_api.h" 14 15 #if !defined(SSS_SSCP_CONFIG_FILE) 16 #include "fsl_sss_sscp_config.h" 17 #else 18 #include SSS_SSCP_CONFIG_FILE 19 #endif 20 21 typedef struct 22 { 23 /*! Indicates which security subsystem is selected to be used. */ 24 sss_type_t subsystem; 25 26 /*! Implementation specific part */ 27 sscp_context_t *sscp; 28 uint32_t ctx; 29 } sss_sscp_session_t; 30 31 typedef struct 32 { 33 /*! Virtual connection between application (user context) and specific 34 * security subsystem and function thereof. */ 35 sss_sscp_session_t *session; 36 /*! Implementation specific part */ 37 uint32_t keyStoreId; 38 struct 39 { 40 uint8_t data[SSS_SSCP_KEY_STORE_CONTEXT_SIZE]; 41 } context; 42 uint32_t ctx; 43 } sss_sscp_key_store_t; 44 45 typedef struct 46 { 47 /*! key store holding the data and other properties */ 48 sss_sscp_key_store_t *keyStore; 49 50 uint32_t objectType; /*! TODO define object types */ 51 uint32_t objectKeyCipher; 52 /*! Application specific key identifier. The keyId is kept in the key store along with the key data and other 53 * properties. */ 54 uint32_t keyId; 55 /*! Used only for ECC key types, to specify the elliptic curve related to the key. */ 56 sss_eccgfp_group_t *eccgfpGroup; 57 /*! Implementation specific part */ 58 struct 59 { 60 uint8_t data[SSS_SSCP_KEY_OBJECT_CONTEXT_SIZE]; 61 } context; 62 uint32_t ctx; 63 } sss_sscp_object_t; 64 65 /*! @brief ::_sss_symmetric with SSCP specific information */ 66 typedef struct 67 { 68 /*! Virtual connection between application (user context) and 69 specific security subsystem and function thereof. */ 70 sss_sscp_session_t *session; 71 sss_sscp_object_t *keyObject; /*! Reference to key and it's properties. */ 72 sss_algorithm_t algorithm; /*! */ 73 sss_mode_t mode; /*! */ 74 75 /*! Implementation specific part */ 76 struct 77 { 78 uint8_t data[SSS_SSCP_SYMMETRIC_CONTEXT_SIZE]; 79 } context; 80 uint32_t ctx; 81 } sss_sscp_symmetric_t; 82 83 typedef struct 84 { 85 /*! Virtual connection between application (user context) and specific 86 * security subsystem and function thereof. */ 87 sss_sscp_session_t *session; 88 sss_sscp_object_t *keyObject; /*! Reference to key and it's properties. */ 89 sss_algorithm_t algorithm; /*! */ 90 sss_mode_t mode; /*! */ 91 92 /*! Implementation specific part */ 93 struct 94 { 95 uint8_t data[SSS_SSCP_AEAD_CONTEXT_SIZE]; 96 } context; 97 uint32_t ctx; 98 } sss_sscp_aead_t; 99 100 typedef struct 101 { 102 /*! Virtual connection between application (user context) and specific security subsystem and function thereof. */ 103 sss_sscp_session_t *session; 104 sss_algorithm_t algorithm; /*! */ 105 sss_mode_t mode; /*! */ 106 /*! Full digest length per algorithm definition. This field is initialized along with algorithm. */ 107 size_t digestFullLen; 108 /*! Implementation specific part */ 109 struct 110 { 111 uint8_t data[SSS_SSCP_DIGEST_CONTEXT_SIZE]; 112 } context; 113 uint32_t ctx; 114 } sss_sscp_digest_t; 115 116 typedef struct 117 { 118 /*! Virtual connection between application (user context) and specific 119 * security subsystem and function thereof. */ 120 sss_sscp_session_t *session; 121 sss_sscp_object_t *keyObject; /*! Reference to key and it's properties. */ 122 sss_algorithm_t algorithm; /*! */ 123 sss_mode_t mode; /*! */ 124 125 /*! Implementation specific part */ 126 uint32_t ctx; 127 struct 128 { 129 uint8_t data[SSS_SSCP_MAC_CONTEXT_SIZE]; 130 } context; 131 } sss_sscp_mac_t; 132 133 typedef struct 134 { 135 sss_sscp_session_t *session; 136 sss_sscp_object_t *keyObject; 137 sss_algorithm_t algorithm; /*! */ 138 sss_mode_t mode; /*! */ 139 size_t signatureFullLen; 140 141 /*! Implementation specific part */ 142 uint32_t ctx; 143 } sss_sscp_asymmetric_t; 144 145 typedef struct 146 { 147 sss_sscp_session_t *session; 148 uint32_t tunnelType; 149 150 /*! Implementation specific part */ 151 uint32_t ctx; 152 uint8_t *buffer; 153 size_t bufferSize; 154 } sss_sscp_tunnel_t; 155 156 typedef struct 157 { 158 sss_sscp_session_t *session; 159 sss_sscp_object_t *keyObject; 160 sss_algorithm_t algorithm; /*! */ 161 sss_mode_t mode; /*! */ 162 163 /*! Implementation specific part */ 164 uint32_t ctx; 165 } sss_sscp_derive_key_t; 166 167 typedef struct 168 { 169 sss_sscp_session_t *session; 170 uint32_t rngTypeSpecifier; 171 /*! Implementation specific part */ 172 } sss_sscp_rng_t; 173 174 /******************************************************************************* 175 * API 176 ******************************************************************************/ 177 #if defined(__cplusplus) 178 extern "C" { 179 #endif 180 sss_status_t sss_sscp_open_session(sss_sscp_session_t *session, 181 uint32_t sessionId, 182 sss_type_t subsystem, 183 sscp_context_t *sscpctx); 184 185 sss_status_t sss_sscp_close_session(sss_sscp_session_t *session); 186 187 /*******************************SYMETRIC***************************************/ 188 189 sss_status_t sss_sscp_symmetric_context_init(sss_sscp_symmetric_t *context, 190 sss_sscp_session_t *session, 191 sss_sscp_object_t *keyObject, 192 sss_algorithm_t algorithm, 193 sss_mode_t mode); 194 195 sss_status_t sss_sscp_cipher_one_go(sss_sscp_symmetric_t *context, 196 uint8_t *iv, 197 size_t ivLen, 198 const uint8_t *srcData, 199 uint8_t *destData, 200 size_t dataLen); 201 202 sss_status_t sss_sscp_cipher_init(sss_sscp_symmetric_t *context, uint8_t *iv, size_t ivLen); 203 204 sss_status_t sss_sscp_cipher_update( 205 sss_sscp_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); 206 207 sss_status_t sss_sscp_cipher_finish( 208 sss_sscp_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); 209 210 sss_status_t sss_sscp_cipher_crypt_ctr(sss_sscp_symmetric_t *context, 211 const uint8_t *srcData, 212 uint8_t *destData, 213 size_t size, 214 uint8_t *initialCounter, 215 uint8_t *lastEncryptedCounter, 216 size_t *szLeft); 217 218 sss_status_t sss_sscp_symmetric_context_free(sss_sscp_symmetric_t *context); 219 220 /**********************************AEAD****************************************/ 221 222 sss_status_t sss_sscp_aead_context_init(sss_sscp_aead_t *context, 223 sss_sscp_session_t *session, 224 sss_sscp_object_t *keyObject, 225 sss_algorithm_t algorithm, 226 sss_mode_t mode); 227 228 sss_status_t sss_sscp_aead_one_go(sss_sscp_aead_t *context, 229 const uint8_t *srcData, 230 uint8_t *destData, 231 size_t size, 232 uint8_t *nonce, 233 size_t nonceLen, 234 const uint8_t *aad, 235 size_t aadLen, 236 uint8_t *tag, 237 size_t *tagLen); 238 239 sss_status_t sss_sscp_aead_init( 240 sss_sscp_aead_t *context, uint8_t *nonce, size_t nonceLen, size_t tagLen, size_t aadLen, size_t payloadLen); 241 242 sss_status_t sss_sscp_aead_update_aad(sss_sscp_aead_t *context, const uint8_t *aadData, size_t aadDataLen); 243 244 sss_status_t sss_sscp_aead_update( 245 sss_sscp_aead_t *context, const uint8_t *srcData, size_t srcLen, uint8_t destData, size_t *destLen); 246 247 sss_status_t sss_sscp_aead_finish(sss_sscp_aead_t *context, 248 const uint8_t *srcData, 249 size_t srcLen, 250 uint8_t destData, 251 size_t *destLen, 252 uint8_t *tag, 253 size_t *tagLen); 254 255 sss_status_t sss_sscp_aead_context_free(sss_sscp_aead_t *context); 256 257 /********************************DIGEST****************************************/ 258 259 sss_status_t sss_sscp_digest_context_init(sss_sscp_digest_t *context, 260 sss_sscp_session_t *session, 261 sss_algorithm_t algorithm, 262 sss_mode_t mode); 263 264 /*! @copydoc sss_digest_one_go */ 265 sss_status_t sss_sscp_digest_one_go( 266 sss_sscp_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen); 267 268 sss_status_t sss_sscp_digest_init(sss_sscp_digest_t *context); 269 270 sss_status_t sss_sscp_digest_update(sss_sscp_digest_t *context, uint8_t *message, size_t messageLen); 271 272 sss_status_t sss_sscp_digest_finish(sss_sscp_digest_t *context, uint8_t *digest, size_t *digestLen); 273 274 sss_status_t sss_sscp_digest_context_free(sss_sscp_digest_t *context); 275 276 /*******************************ASYMETRIC**************************************/ 277 sss_status_t sss_sscp_asymmetric_context_init(sss_sscp_asymmetric_t *context, 278 sss_sscp_session_t *session, 279 sss_sscp_object_t *keyObject, 280 sss_algorithm_t algorithm, 281 sss_mode_t mode); 282 283 sss_status_t sss_sscp_asymmetric_encrypt( 284 sss_sscp_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); 285 286 sss_status_t sss_sscp_asymmetric_decrypt( 287 sss_sscp_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); 288 289 sss_status_t sss_sscp_asymmetric_sign_digest( 290 sss_sscp_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen); 291 292 sss_status_t sss_sscp_asymmetric_verify_digest( 293 sss_sscp_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen); 294 295 sss_status_t sss_sscp_asymmetric_context_free(sss_sscp_asymmetric_t *context); 296 297 /******************************DERIVE KEY**************************************/ 298 sss_status_t sss_sscp_derive_key_context_init(sss_sscp_derive_key_t *context, 299 sss_sscp_session_t *session, 300 sss_sscp_object_t *keyObject, 301 sss_algorithm_t algorithm, 302 sss_mode_t mode); 303 304 sss_status_t sss_sscp_derive_key(sss_sscp_derive_key_t *context, 305 const uint8_t *saltData, 306 size_t saltLen, 307 sss_sscp_object_t *derivedKeyObject); 308 309 sss_status_t sss_sscp_asymmetric_dh_derive_key(sss_sscp_derive_key_t *context, 310 sss_sscp_object_t *otherPartyKeyObject, 311 sss_sscp_object_t *derivedKeyObject); 312 313 sss_status_t sss_sscp_derive_key_context_free(sss_sscp_derive_key_t *context); 314 /*********************************MAC******************************************/ 315 sss_status_t sss_sscp_mac_context_init(sss_sscp_mac_t *context, 316 sss_sscp_session_t *session, 317 sss_sscp_object_t *keyObject, 318 sss_algorithm_t algorithm, 319 sss_mode_t mode); 320 321 sss_status_t sss_sscp_mac_one_go( 322 sss_sscp_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); 323 324 sss_status_t sss_sscp_mac_init(sss_sscp_mac_t *context); 325 326 sss_status_t sss_sscp_mac_update(sss_sscp_mac_t *context, const uint8_t *message, size_t messageLen); 327 328 sss_status_t sss_sscp_mac_finish(sss_sscp_mac_t *context, uint8_t *mac, size_t *macLen); 329 330 sss_status_t sss_sscp_mac_context_free(sss_sscp_mac_t *context); 331 332 /*******************************KEYSTORE***************************************/ 333 sss_status_t sss_sscp_key_store_init(sss_sscp_key_store_t *keyStore, sss_sscp_session_t *session); 334 335 sss_status_t sss_sscp_key_store_set_key(sss_sscp_key_store_t *keyStore, 336 sss_sscp_object_t *keyObject, 337 const uint8_t *data, 338 size_t dataLen, 339 uint32_t keyBitLen, 340 sss_key_part_t keyPart); 341 342 sss_status_t sss_sscp_key_store_get_key(sss_sscp_key_store_t *keyStore, 343 sss_sscp_object_t *keyObject, 344 uint8_t *data, 345 size_t *dataLen, 346 size_t *pKeyBitLen, 347 sss_key_part_t keyPart); 348 349 sss_status_t sss_sscp_key_store_export_key(sss_sscp_key_store_t *keyStore, 350 sss_sscp_object_t *keyObject, 351 uint8_t *data, 352 size_t *dataLen, 353 sss_sscp_blob_type_t blobType); 354 355 sss_status_t sss_sscp_key_store_import_key(sss_sscp_key_store_t *keyStore, 356 sss_sscp_object_t *keyObject, 357 const uint8_t *data, 358 size_t dataLen, 359 uint32_t keyBitLen, 360 sss_sscp_blob_type_t blobType); 361 362 sss_status_t sss_sscp_key_store_generate_key(sss_sscp_key_store_t *keyStore, 363 sss_sscp_object_t *keyObject, 364 size_t keyBitLen, 365 void *options); 366 367 sss_status_t sss_sscp_key_store_open_key(sss_sscp_key_store_t *keyStore, sss_sscp_object_t *keyObject); 368 sss_status_t sss_sscp_key_store_open_internal_key(sss_sscp_key_store_t *keyStore, sss_internal_keyID_t keyID); 369 sss_status_t sss_sscp_key_store_erase_key(sss_sscp_key_store_t *keyStore, sss_sscp_object_t *keyObject); 370 sss_status_t sss_sscp_key_store_erase_all(sss_sscp_key_store_t *keyStore); 371 sss_status_t sss_sscp_key_store_get_property(sss_sscp_key_store_t *keyStore, 372 sss_sscp_key_store_property_t propertyId, 373 uint32_t *property); 374 375 sss_status_t sss_sscp_key_store_free(sss_sscp_key_store_t *keyStore); 376 /******************************KEYOBJECT***************************************/ 377 sss_status_t sss_sscp_key_object_init_internal(sss_sscp_object_t *keyObject, sss_sscp_key_store_t *keyStore); 378 379 sss_status_t sss_sscp_key_object_init(sss_sscp_object_t *keyObject, sss_sscp_key_store_t *keyStore); 380 381 sss_status_t sss_sscp_key_object_set_eccgfp_group(sss_sscp_object_t *keyObject, sss_eccgfp_group_t *group); 382 383 sss_status_t sss_sscp_key_object_set_properties(sss_sscp_object_t *keyObject, uint32_t options); 384 385 sss_status_t sss_sscp_key_object_get_properties(sss_sscp_object_t *keyObject, uint32_t *options); 386 387 sss_status_t sss_sscp_key_object_allocate_handle(sss_sscp_object_t *keyObject, 388 uint32_t keyId, 389 sss_key_part_t keyPart, 390 sss_cipher_type_t cipherType, 391 uint32_t keyByteLenMax, 392 uint32_t options); 393 394 sss_status_t sss_sscp_key_object_get_handle(sss_sscp_object_t *keyObject, uint32_t keyId); 395 #define SSS_SSCP_KEY_OBJECT_FREE_STATIC (0x0u) 396 #define SSS_SSCP_KEY_OBJECT_FREE_DYNAMIC (0x1u) 397 sss_status_t sss_sscp_key_object_free(sss_sscp_object_t *keyObject, uint32_t options); 398 399 /*******************************TUNNEL*****************************************/ 400 sss_status_t sss_sscp_tunnel_context_init(sss_sscp_tunnel_t *context, sss_sscp_session_t *session, uint32_t tunnelType); 401 402 sss_status_t sss_sscp_tunnel(sss_sscp_tunnel_t *context, uint8_t *data, size_t dataLen, uint32_t *resultState); 403 404 sss_status_t sss_sscp_tunnel_context_free(sss_sscp_tunnel_t *context); 405 /*********************************RNG******************************************/ 406 sss_status_t sss_sscp_rng_context_init(sss_sscp_session_t *session, sss_sscp_rng_t *context, uint32_t rngTypeSpecifier); 407 408 sss_status_t sss_sscp_rng_get_random(sss_sscp_rng_t *context, uint8_t *random_data, size_t dataLen); 409 410 sss_status_t sss_sscp_rng_free(sss_sscp_rng_t *context); 411 412 #if defined(__cplusplus) 413 } 414 #endif 415 416 #endif /* FSL_SSS_SSCP_H */ 417
