1 /* 2 * Copyright 2018-2021 NXP 3 * All rights reserved. 4 * 5 * SPDX-License-Identifier: BSD-3-Clause 6 */ 7 /** @file */ 8 #ifndef FSL_SSS_H 9 #define FSL_SSS_H 10 11 #if !defined(SSS_CONFIG_FILE) 12 #include "fsl_sss_config.h" 13 #else 14 #include SSS_CONFIG_FILE 15 #endif 16 17 18 #include "fsl_common.h" 19 20 #include <stddef.h> 21 22 /** Version of the SSS API */ 23 #define SSS_API_VERSION (MAKE_VERSION(2, 10, 0)) 24 25 /** Size of an AES Block, in bytes */ 26 #define SSS_AES_BLOCK_SIZE (16u) 27 /** Size of a DES Block, in bytes */ 28 #define SSS_DES_BLOCK_SIZE (8u) 29 /** Size of a DES Key, in bytes */ 30 #define SSS_DES_KEY_SIZE (8u) 31 /** Size of a DES IV, in bytes */ 32 #define SSS_DES_IV_SIZE (8u) 33 34 /** Status of the SSS APIs */ 35 #if !defined(SSS_STATUS_ENUM_ALT) 36 typedef enum 37 { 38 /** Operation was successful */ 39 kStatus_SSS_Success = 0x5a5a5a5au, 40 /** Operation failed */ 41 kStatus_SSS_Fail = 0x3c3c0000u, 42 /** Operation not performed because some of the passed parameters 43 * were found inappropriate */ 44 kStatus_SSS_InvalidArgument = 0x3c3c0001u, 45 /** Where the underlying sub-system *supports* multi-threading, 46 * Internal status to handle simultaneous access. 47 * 48 * This status is not expected to be returned to higher layers. 49 * */ 50 kStatus_SSS_ResourceBusy = 0x3c3c0002u, 51 } sss_status_t; 52 #endif 53 54 /** Cryptographic sub system */ 55 56 #define SSS_ENUM(GROUP, INDEX) ((GROUP) | (INDEX)) 57 58 #if !defined(SSS_TYPE_ENUM_ALT) 59 typedef enum 60 { 61 kType_SSS_SubSystem_NONE, 62 /** Software based */ 63 kType_SSS_Software = SSS_ENUM(0x01 < 8, 0x00), 64 kType_SSS_mbedTLS = SSS_ENUM(kType_SSS_Software, 0x01), 65 kType_SSS_OpenSSL = SSS_ENUM(kType_SSS_Software, 0x02), 66 /** HOST HW Based */ 67 kType_SSS_HW = SSS_ENUM(0x02 < 8, 0x00), 68 kType_SSS_SECO = SSS_ENUM(kType_SSS_HW, 0x01), 69 /** Isolated HW */ 70 kType_SSS_Isolated_HW = SSS_ENUM(0x04 < 8, 0x00), 71 kType_SSS_Ele = SSS_ENUM(kType_SSS_Isolated_HW, 0x01), 72 kType_SSS_Ele200 = SSS_ENUM(kType_SSS_Isolated_HW, 0x02), 73 kType_SSS_Ele300 = SSS_ENUM(kType_SSS_Isolated_HW, 0x03), 74 kType_SSS_Ele400 = SSS_ENUM(kType_SSS_Isolated_HW, 0x04), 75 kType_SSS_Ele500 = SSS_ENUM(kType_SSS_Isolated_HW, 0x05), 76 /** Secure Eleemnt */ 77 kType_SSS_SecureElement = SSS_ENUM(0x08 < 8, 0x00), 78 /** To connect to www.nxp.com/products/:A71CH */ 79 kType_SSS_SE_A71CH = SSS_ENUM(kType_SSS_SecureElement, 0x01), 80 kType_SSS_SE_A71CL = SSS_ENUM(kType_SSS_SecureElement, 0x02), 81 /** To connect to www.nxp.com/products/:SE050 */ 82 kType_SSS_SE_SE05x = SSS_ENUM(kType_SSS_SecureElement, 0x03), 83 kType_SSS_SubSystem_LAST 84 } sss_type_t; 85 #endif 86 87 typedef enum 88 { 89 /* Plain => Lowest level of security requested. 90 * => Probably a system with no mechanism to *identify* who 91 * has opened the session from host 92 * => Probably a system with Easy for man in the middle attack. 93 * 94 */ 95 kSSS_ConnectionType_Plain, 96 /* Password: 97 * => Some level of user authentication/identification requested 98 * => Probably a system with "static" authentication/identification. 99 * => Probably same Password us always. 100 * => "Password" mostly gets sent in plain over the communication layer 101 * => Probably a system with replay attack possible 102 */ 103 kSSS_ConnectionType_Password, 104 /* Encrypted: 105 * Communication is guaranteed to be Encrypted. 106 * For SE => This would mean highest level of authentication 107 * For other system => channel would be encrypted 108 * 109 * In general, almost a level of security that is definitely higher than 110 * Plain/Password/PIN. 111 * 112 * Using *Dynamic* Sessions Keys for authenticated communication. 113 */ 114 kSSS_ConnectionType_Encrypted 115 } sss_connection_type_t; 116 117 #define SSS_ALGORITHM_START_AES (0x00) 118 #define SSS_ALGORITHM_START_CHACHA (0x01) 119 #define SSS_ALGORITHM_START_DES (0x02) 120 #define SSS_ALGORITHM_START_SHA (0x03) 121 #define SSS_ALGORITHM_START_MAC (0x04) 122 #define SSS_ALGORITHM_START_DH (0x05) 123 #define SSS_ALGORITHM_START_DSA (0x06) 124 #define SSS_ALGORITHM_START_RSASSA_PKCS1_V1_5 (0x07) 125 #define SSS_ALGORITHM_START_RSASSA_PKCS1_PSS_MGF1 (0x08) 126 #define SSS_ALGORITHM_START_RSAES_PKCS1_OAEP (0x09) 127 #define SSS_ALGORITHM_START_RSAES_PKCS1_V1_5 (0x0A) 128 #define SSS_ALGORITHM_START_RSASSA_NO_PADDING (0x0B) 129 #define SSS_ALGORITHM_START_ECDSA (0x0C) 130 131 #define SSS_ENUM_ALGORITHM(GROUP, INDEX) (((SSS_ALGORITHM_START_##GROUP) << 8) | (INDEX)) 132 133 /** Cryptographic algorithm to be applied */ 134 #if !defined(SSS_ALGORITHM_ENUM_ALT) 135 typedef enum 136 { 137 kAlgorithm_None, 138 /* AES */ 139 kAlgorithm_SSS_AES_ECB = SSS_ENUM_ALGORITHM(AES, 0x01), 140 kAlgorithm_SSS_AES_CBC = SSS_ENUM_ALGORITHM(AES, 0x02), 141 kAlgorithm_SSS_AES_CTR = SSS_ENUM_ALGORITHM(AES, 0x03), 142 kAlgorithm_SSS_AES_GCM = SSS_ENUM_ALGORITHM(AES, 0x04), 143 kAlgorithm_SSS_AES_CCM = SSS_ENUM_ALGORITHM(AES, 0x05), 144 /* CHACHA_POLY */ 145 kAlgorithm_SSS_CHACHA_POLY = SSS_ENUM_ALGORITHM(CHACHA, 0x01), 146 /* DES */ 147 kAlgorithm_SSS_DES_ECB = SSS_ENUM_ALGORITHM(DES, 0x01), 148 kAlgorithm_SSS_DES_CBC = SSS_ENUM_ALGORITHM(DES, 0x02), 149 /* DES3 */ 150 kAlgorithm_SSS_DES3_ECB = SSS_ENUM_ALGORITHM(DES, 0x03), 151 kAlgorithm_SSS_DES3_CBC = SSS_ENUM_ALGORITHM(DES, 0x04), 152 /* digest */ 153 kAlgorithm_SSS_SHA1 = SSS_ENUM_ALGORITHM(SHA, 0x01), 154 kAlgorithm_SSS_SHA224 = SSS_ENUM_ALGORITHM(SHA, 0x02), 155 kAlgorithm_SSS_SHA256 = SSS_ENUM_ALGORITHM(SHA, 0x03), 156 kAlgorithm_SSS_SHA384 = SSS_ENUM_ALGORITHM(SHA, 0x04), 157 kAlgorithm_SSS_SHA512 = SSS_ENUM_ALGORITHM(SHA, 0x05), 158 /* MAC */ 159 kAlgorithm_SSS_CMAC_AES = SSS_ENUM_ALGORITHM(MAC, 0x01), 160 kAlgorithm_SSS_HMAC_SHA1 = SSS_ENUM_ALGORITHM(MAC, 0x02), 161 kAlgorithm_SSS_HMAC_SHA224 = SSS_ENUM_ALGORITHM(MAC, 0x03), 162 kAlgorithm_SSS_HMAC_SHA256 = SSS_ENUM_ALGORITHM(MAC, 0x04), 163 kAlgorithm_SSS_HMAC_SHA384 = SSS_ENUM_ALGORITHM(MAC, 0x05), 164 kAlgorithm_SSS_HMAC_SHA512 = SSS_ENUM_ALGORITHM(MAC, 0x06), 165 /* See above: 166 * kAlgorithm_SSS_HMAC_SHA224 = SSS_ENUM_ALGORITHM(CHACHA, 0x01) */ 167 168 /* Diffie-Helmann */ 169 kAlgorithm_SSS_DH = SSS_ENUM_ALGORITHM(DH, 0x01), 170 kAlgorithm_SSS_ECDH = SSS_ENUM_ALGORITHM(DH, 0x02), 171 /* DSA */ 172 kAlgorithm_SSS_DSA_SHA1 = SSS_ENUM_ALGORITHM(DSA, 0x01), 173 kAlgorithm_SSS_DSA_SHA224 = SSS_ENUM_ALGORITHM(DSA, 0x02), 174 kAlgorithm_SSS_DSA_SHA256 = SSS_ENUM_ALGORITHM(DSA, 0x03), 175 /* RSA */ 176 kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA1 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x01), 177 kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA224 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x02), 178 kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA256 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x03), 179 kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA384 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x04), 180 kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA512 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x05), 181 kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA1 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_PSS_MGF1, 0x01), 182 kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA224 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_PSS_MGF1, 0x02), 183 kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA256 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_PSS_MGF1, 0x03), 184 kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA384 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_PSS_MGF1, 0x04), 185 kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA512 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_PSS_MGF1, 0x05), 186 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA1 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_OAEP, 0x01), 187 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA224 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_OAEP, 0x02), 188 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA256 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_OAEP, 0x03), 189 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA384 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_OAEP, 0x04), 190 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA512 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_OAEP, 0x05), 191 kAlgorithm_SSS_RSAES_PKCS1_V1_5_SHA1 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_V1_5, 0x01), 192 kAlgorithm_SSS_RSAES_PKCS1_V1_5_SHA224 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_V1_5, 0x02), 193 kAlgorithm_SSS_RSAES_PKCS1_V1_5_SHA256 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_V1_5, 0x03), 194 kAlgorithm_SSS_RSAES_PKCS1_V1_5_SHA384 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_V1_5, 0x04), 195 kAlgorithm_SSS_RSAES_PKCS1_V1_5_SHA512 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_V1_5, 0x05), 196 kAlgorithm_SSS_RSASSA_NO_PADDING = SSS_ENUM_ALGORITHM(RSASSA_NO_PADDING, 0x01), 197 /* ECDSA */ 198 kAlgorithm_SSS_ECDSA_SHA1 = SSS_ENUM_ALGORITHM(ECDSA, 0x01), 199 kAlgorithm_SSS_ECDSA_SHA224 = SSS_ENUM_ALGORITHM(ECDSA, 0x02), 200 kAlgorithm_SSS_ECDSA_SHA256 = SSS_ENUM_ALGORITHM(ECDSA, 0x03), 201 kAlgorithm_SSS_ECDSA_SHA384 = SSS_ENUM_ALGORITHM(ECDSA, 0x04), 202 kAlgorithm_SSS_ECDSA_SHA512 = SSS_ENUM_ALGORITHM(ECDSA, 0x05), 203 } sss_algorithm_t; 204 #endif 205 206 // Deprecated names for RSAES_PKCS1_OAEP algorithms 207 #define kAlgorithm_SSS_RSASSA_PKCS1_OEAP_SHA1 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA1 208 #define kAlgorithm_SSS_RSASSA_PKCS1_OEAP_SHA224 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA224 209 #define kAlgorithm_SSS_RSASSA_PKCS1_OEAP_SHA256 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA256 210 #define kAlgorithm_SSS_RSASSA_PKCS1_OEAP_SHA384 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA384 211 #define kAlgorithm_SSS_RSASSA_PKCS1_OEAP_SHA512 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA512 212 213 /** High level algorihtmic operations. 214 * 215 * Augmented by @ref sss_algorithm_t 216 */ 217 #if !defined(SSS_MODE_ENUM_ALT) 218 typedef enum 219 { 220 kMode_SSS_Encrypt = 1, //!< Encrypt 221 kMode_SSS_Decrypt = 2, //!< Decrypt 222 kMode_SSS_Sign = 3, //!< Sign 223 kMode_SSS_Verify = 4, //!< Verify 224 /* Compute Shared Secret. e.g. Diffie-Hellman */ 225 kMode_SSS_ComputeSharedSecret = 5, 226 kMode_SSS_Digest = 6, //!< Message Digest 227 kMode_SSS_Mac = 7, //!< Message Authentication Code 228 } sss_mode_t; 229 #endif 230 231 /** 232 * Permissions of an object 233 */ 234 #if !defined(SSS_ACCESS_PERMISSION_ENUM_ALT) 235 typedef enum 236 { 237 /** Can read (applicable) contents of the key. 238 * 239 * @note This is not same as @ref kAccessPermission_SSS_Use. 240 * 241 * Without reading, the object, the key can be used. 242 */ 243 kAccessPermission_SSS_Read = (1u << 0), 244 /** Can change the value of an object */ 245 kAccessPermission_SSS_Write = (1u << 1), 246 /** Can use an object */ 247 kAccessPermission_SSS_Use = (1u << 2), 248 /** Can delete an object */ 249 kAccessPermission_SSS_Delete = (1u << 3), 250 /** Can change permissions applicable to an object */ 251 kAccessPermission_SSS_ChangeAttributes = (1u << 4), 252 } sss_access_permission_t; 253 #endif 254 255 /** 256 * Persistent / Non persistent mode of a key 257 */ 258 #if !defined(SSS_KEY_OBJECT_MODE_ENUM_ALT) 259 typedef enum 260 { 261 kKeyObject_Mode_None = 0, //!< kKeyObject_Mode_None 262 /** Key object will be persisted in memory 263 * and will retain it's value after a closed session 264 */ 265 kKeyObject_Mode_Persistent = 1, 266 /** Key Object will be stored in RAM. 267 * It will lose it's contents after a session is closed 268 */ 269 kKeyObject_Mode_Transient = 2, 270 } sss_key_object_mode_t; 271 #endif 272 273 #if !defined(SSS_KEY_PART_ENUM_ALT) 274 /** Part of a key */ 275 typedef enum 276 { 277 kSSS_KeyPart_NONE, 278 /** Applicable where we have UserID, PIN, Binary Files, 279 * Certificates, Symmetric Keys, PCR */ 280 kSSS_KeyPart_Default = 1, 281 /** Public part of asymmetric key */ 282 kSSS_KeyPart_Public = 2, 283 /** Private only part of asymmetric key */ 284 kSSS_KeyPart_Private = 3, 285 /** Both, public and private part of asymmetric key */ 286 kSSS_KeyPart_Pair = 4, 287 } sss_key_part_t; 288 #endif 289 290 /*! For all cipher types, key bit length is provides at the time key is inserted/generated */ 291 #if !defined(SSS_KEY_CIPHER_TYPE_ENUM_ALT) 292 typedef enum 293 { 294 kSSS_CipherType_NONE, 295 kSSS_CipherType_AES = 10, 296 kSSS_CipherType_DES = 12, 297 298 kSSS_CipherType_CMAC = 20, 299 kSSS_CipherType_HMAC = 21, 300 301 kSSS_CipherType_MAC = 30, 302 kSSS_CipherType_RSA = 31, /*! RSA RAW format */ 303 kSSS_CipherType_RSA_CRT = 32, /*! RSA CRT format */ 304 305 /* The following keys can be identified 306 * solely by the *Family* and bit length 307 */ 308 kSSS_CipherType_EC_NIST_P = 40, /*! Keys Part of NIST-P Family */ 309 kSSS_CipherType_EC_NIST_K = 41, /*! Keys Part of NIST-K Family */ 310 311 /* The following keys need their full curve parameters (p,a,b,x,y,n,h) 312 */ 313 /*! Montgomery Key, */ 314 kSSS_CipherType_EC_MONTGOMERY = 50, 315 /*! twisted Edwards form elliptic curve public key */ 316 kSSS_CipherType_EC_TWISTED_ED = 51, 317 /*! Brainpool form elliptic curve public key */ 318 kSSS_CipherType_EC_BRAINPOOL = 52, 319 /*! Barreto Naehrig curve */ 320 kSSS_CipherType_EC_BARRETO_NAEHRIG = 53, 321 322 kSSS_CipherType_UserID = 70, 323 kSSS_CipherType_Certificate = 71, 324 kSSS_CipherType_Binary = 72, 325 kSSS_CipherType_Count = 73, 326 kSSS_CipherType_PCR = 74, 327 kSSS_CipherType_ReservedPin = 75, 328 } sss_cipher_type_t; 329 #endif 330 331 /** XY Co-ordinates for ECC Curves */ 332 typedef struct 333 { 334 /** X Point */ 335 uint8_t *X; 336 /** Y Point */ 337 uint8_t *Y; 338 } sss_ecc_point_t; 339 340 /** ECC Curve Parameter */ 341 typedef struct 342 { 343 uint8_t *p; /**< ECC parameter P */ 344 uint8_t *a; /**< ECC parameter a */ 345 uint8_t *b; /**< ECC parameter b */ 346 sss_ecc_point_t *G; /**< ECC parameter G */ 347 uint8_t *n; /**< ECC parameter n */ 348 uint8_t *h; /**< ECC parameter h */ 349 } sss_eccgfp_group_t; 350 351 /*! 352 * @addtogroup sss_session 353 * @{ 354 */ 355 356 /** Properties of session that are U32 357 * 358 * From 0 to kSSS_SessionProp_Optional_Prop_Start, 359 * around 2^24 = 16777215 Properties are 360 * possible. 361 * 362 * From 0 to kSSS_SessionProp_Optional_Prop_Start, 363 * around 2^24 = 16777215 Properties are 364 * possible. 365 * 366 */ 367 typedef enum 368 { 369 /** Invalid */ 370 kSSS_SessionProp_u32_NA = 0, 371 /** Major version */ 372 kSSS_SessionProp_VerMaj, 373 /** Minor Version */ 374 kSSS_SessionProp_VerMin, 375 /** Development Version */ 376 kSSS_SessionProp_VerDev, 377 378 /* Lenght of UID */ 379 kSSS_SessionProp_UIDLen, 380 381 /** Optional Properties Start */ 382 kSSS_SessionProp_u32_Optional_Start = 0x00FFFFFFu, 383 384 /** How much persistent memory is free */ 385 kSSS_KeyStoreProp_FreeMem_Persistant, 386 387 /** How much transient memory is free */ 388 kSSS_KeyStoreProp_FreeMem_Transient, 389 390 /** Proprietary Properties Start */ 391 kSSS_SessionProp_u32_Proprietary_Start = 0x01FFFFFFu, 392 393 } sss_session_prop_u32_t; 394 395 /** Properties of session that are S32 396 * 397 * From 0 to kSSS_SessionProp_Optional_Prop_Start, 398 * around 2^24 = 16777215 Properties are 399 * possible. 400 * 401 * From 0 to kSSS_SessionProp_Optional_Prop_Start, 402 * around 2^24 = 16777215 Properties are 403 * possible. 404 * 405 */ 406 typedef enum 407 { 408 /** Invalid */ 409 kSSS_SessionProp_au8_NA = 0, 410 /** Name of the product, string */ 411 kSSS_SessionProp_szName, 412 /** Unique Identifier */ 413 kSSS_SessionProp_UID, 414 415 /** Optional Properties Start */ 416 kSSS_SessionProp_au8_Optional_Start = 0x00FFFFFFu, 417 418 /** Proprietary Properties Start */ 419 kSSS_SessionProp_au8_Proprietary_Start = 0x01FFFFFFu, 420 421 } sss_session_prop_au8_t; 422 423 /** @} */ 424 425 /*! 426 * @addtogroup sss_session 427 * @{ 428 */ 429 430 /** @brief Root session 431 * 432 * This is a *singleton* for each connection (physical/logical) 433 * to individual cryptographic system. 434 */ 435 typedef struct 436 { 437 /*! Indicates which security subsystem is selected. 438 * 439 * This is set when @ref sss_session_open is successful */ 440 sss_type_t subsystem; 441 442 /** Reserved memory for implementation specific extension */ 443 struct 444 { 445 uint8_t data[SSS_SESSION_MAX_CONTEXT_SIZE]; 446 } extension; 447 } sss_session_t; 448 /** @} */ 449 450 /*! 451 * @addtogroup sss_key_store 452 * @{ 453 */ 454 455 /** @brief Store for secure and non secure key objects within a cryptographic system. 456 * 457 * - A cryptographic system may have more than partitions to store such keys. 458 * 459 */ 460 typedef struct 461 { 462 /*! Virtual connection between application (user context) and specific 463 * security subsystem and function thereof. */ 464 sss_session_t *session; 465 466 /** Reserved memory for implementation specific extension */ 467 struct 468 { 469 uint8_t data[SSS_KEY_STORE_MAX_CONTEXT_SIZE]; 470 } extension; 471 } sss_key_store_t; 472 473 typedef enum 474 { 475 kSSS_TunnelDest_None = 0, 476 kSSS_TunnelType_Se05x_Iot_applet, 477 } sss_tunnel_dest_t; 478 479 /** @} */ 480 481 /*! 482 * @addtogroup sss_key_object 483 * @{ 484 */ 485 486 /** @brief An object (secure / non-secure) within a Key Store. 487 * 488 */ 489 typedef struct 490 { 491 /*! key store holding the data and other properties */ 492 sss_key_store_t *keyStore; 493 /*! FIXME define object types */ 494 uint32_t objectType; 495 /*! FIXME define cipherType types */ 496 uint32_t cipherType; 497 /*! Application specific key identifier. The keyId is kept in the key store 498 * along with the key data and other properties. */ 499 uint32_t keyId; 500 501 /** Reserved memory for implementation specific extension */ 502 struct 503 { 504 uint8_t data[SSS_KEY_OBJECT_MAX_CONTEXT_SIZE]; 505 } extension; 506 } sss_object_t; 507 508 /** @} */ 509 510 /*! 511 * @addtogroup sss_crypto_symmetric 512 * @{ 513 */ 514 515 /*! @brief Typedef for the symmetric crypto context */ 516 typedef struct 517 { 518 /*! Virtual connection between application (user context) and specific 519 * security subsystem and function thereof. */ 520 sss_session_t *session; 521 /** Key to be used for the symmetric operation */ 522 sss_object_t *keyObject; 523 /** Algorithm to be applied, e.g AES_ECB / CBC */ 524 sss_algorithm_t algorithm; 525 /** Mode of operation, e.g Encryption/Decryption */ 526 sss_mode_t mode; 527 528 /** Reserved memory for implementation specific extension */ 529 struct 530 { 531 uint8_t data[SSS_SYMMETRIC_MAX_CONTEXT_SIZE]; 532 } extension; 533 } sss_symmetric_t; 534 /** @} */ 535 536 /** @brief Authenticated Encryption with Additional Data 537 * 538 */ 539 typedef struct 540 { 541 /*! Virtual connection between application (user context) and specific 542 * security subsystem and function thereof. */ 543 sss_session_t *session; 544 /** Key to be used for asymmetric */ 545 sss_object_t *keyObject; 546 /** TODO : Algorithm to be applied */ 547 sss_algorithm_t algorithm; 548 /** TODO : High level operation */ 549 sss_mode_t mode; 550 551 /** Reserved memory for implementation specific extension */ 552 struct 553 { 554 uint8_t data[SSS_AEAD_MAX_CONTEXT_SIZE]; 555 } extension; 556 } sss_aead_t; 557 558 typedef struct 559 { 560 /*! Virtual connection between application (user context) and specific 561 * security subsystem and function thereof. */ 562 sss_session_t *session; 563 /** Algorithm to be applied, e.g SHA1, SHA256 */ 564 sss_algorithm_t algorithm; 565 /** Mode of operation, e.g Sign/Verify */ 566 sss_mode_t mode; 567 /*! Full digest length per algorithm definition. This field is initialized along with algorithm. */ 568 size_t digestFullLen; 569 /*! Implementation specific part */ 570 struct 571 { 572 uint8_t data[SSS_DIGEST_MAX_CONTEXT_SIZE]; 573 } extension; 574 } sss_digest_t; 575 576 /** @brief Message Authentication Code 577 * 578 */ 579 typedef struct 580 { 581 /*! Virtual connection between application (user context) and specific 582 * security subsystem and function thereof. */ 583 sss_session_t *session; 584 /** Key to be used for ... */ 585 sss_object_t *keyObject; 586 /** Algorithm to be applied, e.g. MAC/CMAC */ 587 sss_algorithm_t algorithm; 588 /** Mode of operation for MAC e.g. ... 589 * @todo : May be we don ot this mode here. */ 590 sss_mode_t mode; 591 592 /** Reserved memory for implementation specific extension */ 593 struct 594 { 595 uint8_t data[SSS_MAC_MAX_CONTEXT_SIZE]; 596 } extension; 597 } sss_mac_t; 598 599 /** @brief Asymmetric Cryptographic operations 600 * 601 * e.g. RSA/ECC. 602 */ 603 604 typedef struct 605 { 606 /** Pointer to root session */ 607 sss_session_t *session; 608 /** KeyObject used for Asymmetric operation */ 609 sss_object_t *keyObject; 610 /** Algorithm to be applied, e.g. ECDSA */ 611 sss_algorithm_t algorithm; 612 /** Mode of operation for the Asymmetric operation. 613 * e.g. Sign/Verify/Encrypt/Decrypt */ 614 sss_mode_t mode; 615 616 /** Reserved memory for implementation specific extension */ 617 struct 618 { 619 uint8_t data[SSS_ASYMMETRIC_MAX_CONTEXT_SIZE]; 620 } extension; 621 } sss_asymmetric_t; 622 623 /** Tunneling */ 624 625 typedef struct 626 { 627 uint8_t hdr[0 /* For Indentation */ 628 + 1 /* CLA */ 629 + 1 /* INS */ 630 + 1 /* P1 */ 631 + 1 /* P2 */ 632 ]; 633 } tlvHeader_t; 634 635 /** Tunneling */ 636 typedef struct 637 { 638 /** Pointer to the session */ 639 sss_session_t *session; 640 /** TODO: More documentation */ 641 uint32_t tunnelType; 642 643 /** Reserved memory for implementation specific extension */ 644 struct 645 { 646 uint8_t data[SSS_TUNNEL_MAX_CONTEXT_SIZE]; 647 } extension; 648 } sss_tunnel_t; 649 650 /*! 651 * @addtogroup sss_crypto_derive_key 652 * @{ 653 */ 654 655 /** Key derivation */ 656 typedef struct 657 { 658 /** Pointer to the session */ 659 sss_session_t *session; 660 /** KeyObject used to derive key s*/ 661 sss_object_t *keyObject; 662 /** Algorithm to be applied, e.g. ... */ 663 sss_algorithm_t algorithm; 664 /** Mode of operation for .... e.g. ... */ 665 sss_mode_t mode; 666 667 /** Reserved memory for implementation specific extension */ 668 struct 669 { 670 uint8_t data[SSS_DERIVE_KEY_MAX_CONTEXT_SIZE]; 671 } extension; 672 } sss_derive_key_t; 673 /** @} */ 674 675 /** Random number generator context */ 676 typedef struct 677 { 678 /** Pointer to the session */ 679 sss_session_t *session; 680 681 /** Reserved memory for implementation specific extension */ 682 struct 683 { 684 uint8_t data[SSS_RNG_MAX_CONTEXT_SIZE]; 685 } context; 686 687 } sss_rng_context_t; 688 689 /******************************************************************************* 690 * API 691 ******************************************************************************/ 692 #if defined(__cplusplus) 693 extern "C" { 694 #endif 695 696 /*! 697 * @addtogroup sss_session 698 * @{ 699 */ 700 701 /* Same as @ref sss_session_open but to support sub systems 702 * that explictily need a create before opening. 703 * 704 * For the sake of portabilty across various sub systems, 705 * the applicaiton has to call @ref sss_session_create 706 * before calling @ref sss_session_open. 707 */ 708 sss_status_t sss_session_create(sss_session_t *session, 709 sss_type_t subsystem, 710 uint32_t application_id, 711 sss_connection_type_t connetion_type, 712 void *connectionData); 713 714 /*! 715 * @brief Open session between application and a security subsystem. 716 * 717 * Open virtual session between application (user context) and a security subsystem and function thereof. 718 * Pointer to session shall be supplied to all SSS APIs as argument. 719 * Low level SSS functions can provide implementation specific behaviour based on the session argument. 720 * 721 * @param session Session context. 722 * @param subsystem Indicates which security subsystem is selected to be used. 723 * @param application_id ObjectId/AuthenticationID Connecting to 724 * 725 * 0 => Super use / Plaform user 726 * Anything else => Authenticated user 727 * 728 * @param connetion_type How are we connecting to the system. 729 * 730 * @param connectionData subsystem specific connection parameters. 731 * @return status 732 */ 733 sss_status_t sss_session_open(sss_session_t *session, 734 sss_type_t subsystem, 735 uint32_t application_id, 736 sss_connection_type_t connetion_type, 737 void *connectionData); 738 739 /*! 740 * @brief Get an underlying property of the crypto sub system 741 * 742 * This API is used to get values that are 743 * numeric in nature. 744 * 745 * Property can be either fixed value that is 746 * calculated at compile time and returned 747 * directly, or it may involve some access to the 748 * underlying system. 749 * 750 * For applicable properties see @ref sss_session_prop_u32_t 751 * 752 * @param[in] session Session context 753 * @param[in] property Value that is part of @ref sss_session_prop_u32_t 754 * @param[out] pValue 755 * 756 * @return 757 */ 758 sss_status_t sss_session_prop_get_u32(sss_session_t *session, uint32_t property, uint32_t *pValue); 759 760 /*! 761 * @brief Get an underlying property of the crypto sub system 762 * 763 * This API is used to get values that are 764 * numeric in nature. 765 * 766 * Property can be either fixed value that is 767 * calculated at compile time and returned 768 * directly, or it may involve some access to the 769 * underlying system. 770 * 771 * @param[in] session Session context 772 * @param[in] property Value that is part of @ref sss_session_prop_au8_t 773 * @param[out] pValue Output buffer array 774 * @param[in,out] pValueLen Count of values thare are/must br read 775 * @return 776 */ 777 sss_status_t sss_session_prop_get_au8(sss_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen); 778 779 /*! 780 * @brief Close session between application and security subsystem. 781 * 782 * This function closes a session which has been opened with a security subsystem. 783 * All commands within the session must have completed before this function can be called. 784 * The implementation must do nothing if the input ``session`` parameter is NULL. 785 * 786 * @param session Session context. 787 */ 788 void sss_session_close(sss_session_t *session); 789 790 /* Counterpart to @ref sss_session_create 791 * 792 * Similar to contraint on @ref sss_session_create, application 793 * may call @ref sss_session_delete to explicitly release all 794 * underlying/used session specific resoures of that implementation. 795 */ 796 void sss_session_delete(sss_session_t *session); 797 798 /*! 799 *@} 800 */ /* end of sss_session */ 801 802 /*! 803 * @addtogroup sss_key_store 804 * @{ 805 */ 806 807 /*! @brief Constructor for the key store context data structure. 808 * 809 * @param[out] keyStore Pointer to key store context. Key store context is updated on function return. 810 * @param session Session context. 811 */ 812 sss_status_t sss_key_store_context_init(sss_key_store_t *keyStore, sss_session_t *session); 813 814 /*! @brief Get handle to key store. 815 * If the key store already exists, nothing is allocated. 816 * If the key store does not exists, new empty key store is created and initialized. 817 * Key store context structure is updated with actual information. 818 * 819 * @param[out] keyStore Pointer to key store context. Key store context is updated on function return. 820 * @param keyStoreId Implementation specific ID, can be used in case security subsystem manages multiple different 821 * key stores. 822 */ 823 sss_status_t sss_key_store_allocate(sss_key_store_t *keyStore, uint32_t keyStoreId); 824 825 /*! @brief Save all cached persistent objects to persistent memory. 826 */ 827 sss_status_t sss_key_store_save(sss_key_store_t *keyStore); 828 829 /*! @brief Load from persistent memory to cached objects. 830 */ 831 sss_status_t sss_key_store_load(sss_key_store_t *keyStore); 832 833 /*! @brief This function moves data[] from memory to the destination key store. 834 * 835 * @param keyStore Key store context 836 * @param keyObject Reference to a key and it's properties 837 * @param data Data to be stored in Key 838 * @param dataLen Length of the data 839 * @param keyBitLen Crypto algorithm key bit length 840 * @param options Pointer to implementation specific options 841 * @param optionsLen Length of the options in bytes 842 * 843 * @return 844 */ 845 sss_status_t sss_key_store_set_key(sss_key_store_t *keyStore, 846 sss_object_t *keyObject, 847 const uint8_t *data, 848 size_t dataLen, 849 size_t keyBitLen, 850 void *options, 851 size_t optionsLen); 852 853 /*! @brief This function generates key[] in the destination key store. */ 854 sss_status_t sss_key_store_generate_key(sss_key_store_t *keyStore, 855 sss_object_t *keyObject, 856 size_t keyBitLen, 857 void *options); 858 859 /*! @brief This function exports plain key[] from key store (if constraints and user id allows reading) */ 860 sss_status_t sss_key_store_get_key( 861 sss_key_store_t *keyStore, sss_object_t *keyObject, uint8_t *data, size_t *dataLen, size_t *pKeyBitLen); 862 863 #if 0 864 /* To be reviewed: Purnank */ 865 /*! @brief This function exports plain key[] from key store (if constraints and user id allows reading) */ 866 sss_status_t sss_key_store_get_key_fromoffset(sss_key_store_t *keyStore, 867 sss_object_t *keyObject, 868 uint8_t *data, 869 size_t *dataLen, 870 size_t *pKeyBitLen); 871 #endif 872 873 /*! @brief This function outputs referenced plain key[] to destination security subsystem - e.g.to secret key bus or 874 * CryptoLib context */ 875 sss_status_t sss_key_store_open_key(sss_key_store_t *keyStore, sss_object_t *keyObject); 876 877 /*! @brief The referenced plain key[] cannot be updated any more. */ 878 sss_status_t sss_key_store_freeze_key(sss_key_store_t *keyStore, sss_object_t *keyObject); 879 880 /*! @brief The referenced plain key[] is discarded. */ 881 sss_status_t sss_key_store_erase_key(sss_key_store_t *keyStore, sss_object_t *keyObject); 882 883 // sss_status_t sss_key_store_clear_all(sss_key_store_t *keyStore); 884 885 /*! @brief Destructor for the key store context. */ 886 void sss_key_store_context_free(sss_key_store_t *keyStore); 887 888 /*! 889 *@} 890 */ /* end of sss_key_store */ 891 892 /*! 893 * @addtogroup sss_key_object 894 * @{ 895 */ 896 897 /*! @brief Constructor for a key object data structure 898 * The function initializes keyObject data structure and associates it with a key store 899 * in which the plain key and other attributes are stored. 900 * 901 * @param keyObject 902 * @param keyStore 903 * 904 * @returns Status of the operation 905 * @retval #kStatus_SSS_Success The operation has completed successfully. 906 * @retval #kStatus_SSS_Fail The operation has failed. 907 * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. 908 */ 909 sss_status_t sss_key_object_init(sss_object_t *keyObject, sss_key_store_t *keyStore); 910 911 /** @brief create new key 912 * 913 * @param[in,out] keyObject The object 914 * If required, update implementation defined values 915 * inside the keyObject 916 * @param keyId External Key ID. Later on this may be used by 917 * @ref sss_key_object_get_handle 918 * @param keyPart See @ref sss_key_part_t 919 * @param cipherType See @ref sss_cipher_type_t 920 * @param keyByteLenMax Maximum storage this type of key may need. 921 * For systems that have their own internal allocation table 922 * this would help 923 * @param options 0 = Persistant Key (Default) or Transient Key. 924 * See sss_key_object_mode_t 925 * @return Status of object allocation. 926 */ 927 sss_status_t sss_key_object_allocate_handle(sss_object_t *keyObject, 928 uint32_t keyId, 929 sss_key_part_t keyPart, 930 sss_cipher_type_t cipherType, 931 size_t keyByteLenMax, 932 uint32_t options); /* Check if this can be made sss_key_object_mode_t */ 933 934 /*! @brief get handle to existing 935 * 936 * See @ref sss_key_object_allocate_handle. 937 * 938 * Ideally keyObject should be same for sss_key_object_allocate_handle and 939 * sss_key_object_get_handle 940 * */ 941 sss_status_t sss_key_object_get_handle(sss_object_t *keyObject, uint32_t keyId); 942 943 /*! @brief Assign user to a key object. 944 * 945 * @param keyObject the object where permission restrictions are applied 946 * 947 * @param user Assign User id for a key object. The user is kept in the key 948 * store along with the key data and other properties. 949 * @param options Transient or persistent update. Allows for transient update 950 * of persistent attributes. 951 */ 952 sss_status_t sss_key_object_set_user(sss_object_t *keyObject, uint32_t user, uint32_t options); 953 954 /*! @brief Assign purpose to a key object. 955 * 956 * @param keyObject the object where permission restrictions are applied 957 * @param purpose Usage of the key. 958 * @param options Transient or persistent update. Allows for transient update of persistent attributes. 959 */ 960 sss_status_t sss_key_object_set_purpose(sss_object_t *keyObject, sss_mode_t purpose, uint32_t options); 961 962 /*! @brief Assign access permissions to a key object. 963 * 964 * @param keyObject the object where permission restrictions are applied 965 * @param access Logical OR of read, write, delete, use, change attributes defined by enum _sss_access_permission. 966 * @param options Transient or persistent update. Allows for transient update of persistent attributes. 967 */ 968 sss_status_t sss_key_object_set_access(sss_object_t *keyObject, uint32_t access, uint32_t options); 969 970 /*! @brief Set elliptic curve domain parameters over Fp for a key object 971 * 972 * When the key object is a reference to one of ECC Private, ECC Public or ECC Pair key types, 973 * this function shall be used to specify the exact domain parameters prior to using the key object 974 * for ECDSA or ECDH algorithms. 975 * 976 * @param keyObject The destination key object 977 * @param group Pointer to elliptic curve domain parameters over Fp (sextuple p,a,b,G,n,h) 978 */ 979 sss_status_t sss_key_object_set_eccgfp_group(sss_object_t *keyObject, sss_eccgfp_group_t *group); 980 981 /*! @brief get attributes */ 982 sss_status_t sss_key_object_get_user(sss_object_t *keyObject, uint32_t *user); 983 984 /** Check what is purpose restrictions on an object 985 * 986 * @param keyObject Object to be checked 987 * @param purpose Know what is permitted. 988 * @return 989 */ 990 sss_status_t sss_key_object_get_purpose(sss_object_t *keyObject, sss_mode_t *purpose); 991 992 /** Check what are access restrictions on an object 993 * 994 * @param keyObject Object 995 * @param access What is permitted 996 * @return 997 */ 998 sss_status_t sss_key_object_get_access(sss_object_t *keyObject, uint32_t *access); 999 1000 /*! @brief Destructor for the key object. 1001 * The function frees key object context. 1002 * 1003 * @param keyObject Pointer to key object context. 1004 */ 1005 void sss_key_object_free(sss_object_t *keyObject); 1006 1007 /*! 1008 *@} 1009 */ /* end of sss_key_object */ 1010 1011 /*! 1012 * @addtogroup sss_crypto_symmetric 1013 * @{ 1014 */ 1015 1016 /*! @brief Symmetric context init. 1017 * The function initializes symmetric context with initial values. 1018 * 1019 * @param context Pointer to symmetric crypto context. 1020 * @param session Associate SSS session with symmetric context. 1021 * @param keyObject Associate SSS key object with symmetric context. 1022 * @param algorithm One of the symmetric algorithms defined by @ref sss_algorithm_t. 1023 * @param mode One of the modes defined by @ref sss_mode_t. 1024 * 1025 * @returns Status of the operation 1026 * @retval #kStatus_SSS_Success The operation has completed successfully. 1027 * @retval #kStatus_SSS_Fail The operation has failed. 1028 * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. 1029 */ 1030 sss_status_t sss_symmetric_context_init(sss_symmetric_t *context, 1031 sss_session_t *session, 1032 sss_object_t *keyObject, 1033 sss_algorithm_t algorithm, 1034 sss_mode_t mode); 1035 1036 /*! @brief Symmetric cipher in one blocking function call. 1037 * The function blocks current thread until the operation completes or an error occurs. 1038 * 1039 * @param context Pointer to symmetric crypto context. 1040 * @param iv Buffer containing the symmetric operation Initialization Vector. 1041 * @param ivLen Length of the Initialization Vector in bytes. 1042 * @param srcData Buffer containing the input data. 1043 * @param destData Buffer containing the output data. 1044 * @param dataLen Size of input and output data buffer in bytes. 1045 * @returns Status of the operation 1046 * @retval #kStatus_SSS_Success The operation has completed successfully. 1047 * @retval #kStatus_SSS_Fail The operation has failed. 1048 */ 1049 sss_status_t sss_cipher_one_go( 1050 sss_symmetric_t *context, uint8_t *iv, size_t ivLen, const uint8_t *srcData, uint8_t *destData, size_t dataLen); 1051 1052 /*! @brief Symmetric cipher init. 1053 * The function starts the symmetric cipher operation. 1054 * 1055 * @param context Pointer to symmetric crypto context. 1056 * @param iv Buffer containing the symmetric operation Initialization Vector. 1057 * @param ivLen Length of the Initialization Vector in bytes. 1058 * @returns Status of the operation 1059 * @retval #kStatus_SSS_Success The operation has completed successfully. 1060 * @retval #kStatus_SSS_Fail The operation has failed. 1061 */ 1062 sss_status_t sss_cipher_init(sss_symmetric_t *context, uint8_t *iv, size_t ivLen); 1063 1064 /*! @brief Symmetric cipher update. 1065 * Input data does not have to be a multiple of block size. Subsequent calls to this function are possible. 1066 * Unless one or more calls of this function have supplied sufficient input data, no output is generated. 1067 * The cipher operation is finalized with a call to @ref sss_cipher_finish(). 1068 * 1069 * @param context Pointer to symmetric crypto context. 1070 * @param srcData Buffer containing the input data. 1071 * @param srcLen Length of the input data in bytes. 1072 * @param destData Buffer containing the output data. 1073 * @param[in,out] destLen Length of the output data in bytes. Buffer length on entry, reflects actual output size on 1074 * return. 1075 * @returns Status of the operation 1076 * @retval #kStatus_SSS_Success The operation has completed successfully. 1077 * @retval #kStatus_SSS_Fail The operation has failed. 1078 * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. 1079 */ 1080 sss_status_t sss_cipher_update( 1081 sss_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); 1082 1083 /*! @brief Symmetric cipher finalize. 1084 * 1085 * @param context Pointer to symmetric crypto context. 1086 * @param srcData Buffer containing final chunk of input data. 1087 * @param srcLen Length of final chunk of input data in bytes. 1088 * @param destData Buffer containing output data. 1089 * @param[in,out] destLen Length of output data in bytes. Buffer length on entry, reflects actual output size on 1090 * return. 1091 * @returns Status of the operation 1092 * @retval #kStatus_SSS_Success The operation has completed successfully. 1093 * @retval #kStatus_SSS_Fail The operation has failed. 1094 * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. 1095 */ 1096 sss_status_t sss_cipher_finish( 1097 sss_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); 1098 1099 /*! @brief Symmetric AES in Counter mode in one blocking function call. 1100 * The function blocks current thread until the operation completes or an error occurs. 1101 * 1102 * @param context Pointer to symmetric crypto context. 1103 * @param srcData Buffer containing the input data. 1104 * @param destData Buffer containing the output data. 1105 * @param size Size of source and destination data buffers in bytes. 1106 * @param[in,out] initialCounter Input counter (updates on return) 1107 * @param[out] lastEncryptedCounter Output cipher of last counter, for chained CTR calls. NULL can be passed if 1108 * chained calls are not used. 1109 * @param[out] szLeft Output number of bytes in left unused in lastEncryptedCounter block. NULL can be passed if 1110 * chained calls are not used. 1111 * @returns Status of the operation 1112 * @retval #kStatus_SSS_Success The operation has completed successfully. 1113 * @retval #kStatus_SSS_Fail The operation has failed. 1114 */ 1115 sss_status_t sss_cipher_crypt_ctr(sss_symmetric_t *context, 1116 const uint8_t *srcData, 1117 uint8_t *destData, 1118 size_t size, 1119 uint8_t *initialCounter, 1120 uint8_t *lastEncryptedCounter, 1121 size_t *szLeft); 1122 1123 /*! @brief Symmetric context release. 1124 * The function frees symmetric context. 1125 * 1126 * @param context Pointer to symmetric crypto context. 1127 */ 1128 void sss_symmetric_context_free(sss_symmetric_t *context); 1129 /*! 1130 *@} 1131 */ /* end of sss_crypto_symmetric */ 1132 1133 /*! 1134 * @addtogroup sss_crypto_aead 1135 * @{ 1136 */ 1137 1138 /*! @brief AEAD context init. 1139 * The function initializes aead context with initial values. 1140 * 1141 * @param context Pointer to aead crypto context. 1142 * @param session Associate SSS session with aead context. 1143 * @param keyObject Associate SSS key object with aead context. 1144 * @param algorithm One of the aead algorithms defined by @ref sss_algorithm_t. 1145 * @param mode One of the modes defined by @ref sss_mode_t. 1146 * 1147 * @returns Status of the operation 1148 * @retval #kStatus_SSS_Success The operation has completed successfully. 1149 * @retval #kStatus_SSS_Fail The operation has failed. 1150 * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. 1151 */ 1152 sss_status_t sss_aead_context_init( 1153 sss_aead_t *context, sss_session_t *session, sss_object_t *keyObject, sss_algorithm_t algorithm, sss_mode_t mode); 1154 1155 /*! @brief AEAD in one blocking function call. 1156 * The function blocks current thread until the operation completes or an error occurs. 1157 * 1158 * @param context Pointer to aead crypto context. 1159 * @param srcData Buffer containing the input data. 1160 * @param destData Buffer containing the output data. 1161 * @param size Size of input and output data buffer in bytes. 1162 * @param nonce The operation nonce or IV. 1163 * @param nonceLen The length of nonce in bytes. For AES-GCM it must be >= 1. For AES-CCM it must be 7, 8, 9, 10, 1164 * 11, 12, or 13. 1165 * @param aad Input additional authentication data AAD 1166 * @param aadLen Input size in bytes of AAD 1167 * @param tag Encryption: Output buffer filled with computed tag 1168 * Decryption: Input buffer filled with received tag 1169 * @param tagLen Length of the tag in bytes. 1170 * For AES-GCM it must be 4,8,12,13,14,15 or 16. 1171 * For AES-CCM it must be 4,6,8,10,12,14 or 16. 1172 * 1173 * @returns Status of the operation 1174 * @retval #kStatus_SSS_Success The operation has completed successfully. 1175 * @retval #kStatus_SSS_Fail The operation has failed. 1176 */ 1177 sss_status_t sss_aead_one_go(sss_aead_t *context, 1178 const uint8_t *srcData, 1179 uint8_t *destData, 1180 size_t size, 1181 uint8_t *nonce, 1182 size_t nonceLen, 1183 const uint8_t *aad, 1184 size_t aadLen, 1185 uint8_t *tag, 1186 size_t *tagLen); 1187 1188 /*! @brief AEAD init. 1189 * The function starts the aead operation. 1190 * 1191 * @param context Pointer to aead crypto context. 1192 * @param nonce The operation nonce or IV. 1193 * @param nonceLen The length of nonce in bytes. For AES-GCM it must be >= 1. For AES-CCM it must be 7, 8, 9, 10, 1194 * 11, 12, or 13. 1195 * @param tagLen Length of the computed or received tag in bytes. 1196 * For AES-GCM it must be 4,8,12,13,14,15 or 16. 1197 * For AES-CCM it must be 4,6,8,10,12,14 or 16. 1198 * @param aadLen Input size in bytes of AAD. Used only for AES-CCM. Ignored for AES-GCM. 1199 * @param payloadLen Length in bytes of the payload. Used only for AES-CCM. Ignored for AES-GCM. 1200 * @returns Status of the operation 1201 * @retval #kStatus_SSS_Success The operation has completed successfully. 1202 * @retval #kStatus_SSS_Fail The operation has failed. 1203 */ 1204 sss_status_t sss_aead_init( 1205 sss_aead_t *context, uint8_t *nonce, size_t nonceLen, size_t tagLen, size_t aadLen, size_t payloadLen); 1206 1207 /*! @brief Feeds a new chunk of the AAD. 1208 * Subsequent calls of this function are possible. 1209 * 1210 * @param context Pointer to aead crypto context 1211 * @param aadData Input buffer containing the chunk of AAD 1212 * @param aadDataLen Length of the AAD data in bytes. 1213 * 1214 * @returns Status of the operation 1215 * @retval #kStatus_SSS_Success The operation has completed successfully. 1216 * @retval #kStatus_SSS_Fail The operation has failed. 1217 * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. 1218 */ 1219 sss_status_t sss_aead_update_aad(sss_aead_t *context, const uint8_t *aadData, size_t aadDataLen); 1220 1221 /*! @brief AEAD data update. 1222 * Feeds a new chunk of the data payload. 1223 * Input data does not have to be a multiple of block size. Subsequent calls to this function are possible. 1224 * Unless one or more calls of this function have supplied sufficient input data, no output is generated. 1225 * The integration check is done by @ref sss_aead_finish(). Until then it is not sure if the decrypt data is 1226 * authentic. 1227 * 1228 * @param context Pointer to aead crypto context. 1229 * @param srcData Buffer containing the input data. 1230 * @param srcLen Length of the input data in bytes. 1231 * @param destData Buffer containing the output data. 1232 * @param[in,out] destLen Length of the output data in bytes. Buffer length on entry, reflects actual output size on 1233 * return. 1234 * 1235 * @returns Status of the operation 1236 * @retval #kStatus_SSS_Success The operation has completed successfully. 1237 * @retval #kStatus_SSS_Fail The operation has failed. 1238 * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. 1239 */ 1240 sss_status_t sss_aead_update( 1241 sss_aead_t *context, const uint8_t *srcData, size_t srcLen, uint8_t destData, size_t *destLen); 1242 1243 /*! @brief Finalize AEAD. 1244 * The functions processes data that has not been processed by previous calls to sss_aead_update() as well as 1245 * srcData. It finalizes the AEAD operations and computes the tag (encryption) or compares the computed tag with the 1246 * tag supplied in the parameter (decryption). 1247 * 1248 * @param context Pointer to aead crypto context. 1249 * @param srcData Buffer containing final chunk of input data. 1250 * @param srcLen Length of final chunk of input data in bytes. 1251 * @param destData Buffer containing output data. 1252 * @param[in,out] destLen Length of output data in bytes. Buffer length on entry, reflects actual output size on 1253 * return. 1254 * @param tag Encryption: Output buffer filled with computed tag 1255 * Decryption: Input buffer filled with received tag 1256 * @param tagLen Length of the computed or received tag in bytes. 1257 * For AES-GCM it must be 4,8,12,13,14,15 or 16. 1258 * For AES-CCM it must be 4,6,8,10,12,14 or 16. 1259 * @returns Status of the operation 1260 * @retval #kStatus_SSS_Success The operation has completed successfully. 1261 * @retval #kStatus_SSS_Fail The operation has failed. 1262 * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. 1263 */ 1264 sss_status_t sss_aead_finish(sss_aead_t *context, 1265 const uint8_t *srcData, 1266 size_t srcLen, 1267 uint8_t destData, 1268 size_t *destLen, 1269 uint8_t *tag, 1270 size_t *tagLen); 1271 1272 /*! @brief AEAD context release. 1273 * The function frees aead context. 1274 * 1275 * @param context Pointer to aead context. 1276 */ 1277 void sss_aead_context_free(sss_aead_t *context); 1278 /*! 1279 *@} 1280 */ /* end of sss_crypto_aead */ 1281 1282 /*! 1283 * @addtogroup sss_crypto_digest 1284 * @{ 1285 */ 1286 1287 /*! @brief Digest context init. 1288 * The function initializes digest context with initial values. 1289 * 1290 * @param context Pointer to digest context. 1291 * @param session Associate SSS session with digest context. 1292 * @param algorithm One of the digest algorithms defined by @ref sss_algorithm_t. 1293 * @param mode One of the modes defined by @ref sss_mode_t. 1294 * 1295 * @returns Status of the operation 1296 * @retval #kStatus_SSS_Success The operation has completed successfully. 1297 * @retval #kStatus_SSS_Fail The operation has failed. 1298 * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. 1299 */ 1300 sss_status_t sss_digest_context_init(sss_digest_t *context, 1301 sss_session_t *session, 1302 sss_algorithm_t algorithm, 1303 sss_mode_t mode); 1304 1305 /*! @brief Message digest in one blocking function call. 1306 * The function blocks current thread until the operation completes or an error occurs. 1307 * 1308 * @param context Pointer to digest context. 1309 * @param message Input message 1310 * @param messageLen Length of the input message in bytes 1311 * @param digest Output message digest 1312 * @param digestLen Message digest byte length 1313 * 1314 * @returns Status of the operation 1315 * @retval #kStatus_SSS_Success The operation has completed successfully. 1316 * @retval #kStatus_SSS_Fail The operation has failed. 1317 */ 1318 sss_status_t sss_digest_one_go( 1319 sss_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen); 1320 1321 /*! @brief Init digest for a message. 1322 * The function blocks current thread until the operation completes or an error occurs. 1323 * 1324 * @param context Pointer to digest context. 1325 * 1326 * @returns Status of the operation 1327 * @retval #kStatus_SSS_Success The operation has completed successfully. 1328 * @retval #kStatus_SSS_Fail The operation has failed. 1329 */ 1330 sss_status_t sss_digest_init(sss_digest_t *context); 1331 1332 /*! @brief Update digest for a message. 1333 * 1334 * The function blocks current thread until the operation completes or an error occurs. 1335 * 1336 * @param context Pointer to digest context. 1337 * @param message Buffer with a message chunk. 1338 * @param messageLen Length of the input buffer in bytes. 1339 * @returns Status of the operation 1340 * 1341 * @retval #kStatus_SSS_Success The operation has completed successfully. 1342 * @retval #kStatus_SSS_Fail The operation has failed. 1343 */ 1344 sss_status_t sss_digest_update(sss_digest_t *context, const uint8_t *message, size_t messageLen); 1345 1346 /*! @brief Finish digest for a message. 1347 * The function blocks current thread until the operation completes or an error occurs. 1348 * 1349 * @param context Pointer to digest context. 1350 * @param digest Output message digest 1351 * @param digestLen Message digest byte length 1352 * 1353 * @returns Status of the operation 1354 * @retval #kStatus_SSS_Success The operation has completed successfully. 1355 * @retval #kStatus_SSS_Fail The operation has failed. 1356 */ 1357 sss_status_t sss_digest_finish(sss_digest_t *context, uint8_t *digest, size_t *digestLen); 1358 1359 /*! @brief Digest context release. 1360 * The function frees digest context. 1361 * 1362 * @param context Pointer to digest context. 1363 */ 1364 void sss_digest_context_free(sss_digest_t *context); 1365 1366 /*! 1367 *@} 1368 */ /* end of sss_crypto_digest */ 1369 1370 /*! 1371 * @addtogroup sss_crypto_mac 1372 * @{ 1373 */ 1374 1375 /*! @brief MAC context init. 1376 * The function initializes mac context with initial values. 1377 * 1378 * @param context Pointer to mac context. 1379 * @param session Associate SSS session with mac context. 1380 * @param keyObject Associate SSS key object with mac context. 1381 * @param algorithm One of the mac algorithms defined by @ref sss_algorithm_t. 1382 * @param mode One of the modes defined by @ref sss_mode_t. 1383 * 1384 * @returns Status of the operation 1385 * @retval #kStatus_SSS_Success The operation has completed successfully. 1386 * @retval #kStatus_SSS_Fail The operation has failed. 1387 * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. 1388 */ 1389 sss_status_t sss_mac_context_init( 1390 sss_mac_t *context, sss_session_t *session, sss_object_t *keyObject, sss_algorithm_t algorithm, sss_mode_t mode); 1391 1392 /*! @brief Message MAC in one blocking function call. 1393 * The function blocks current thread until the operation completes or an error occurs. 1394 * 1395 * @param context Pointer to mac context. 1396 * @param message Input message 1397 * @param messageLen Length of the input message in bytes 1398 * @param mac Output message MAC 1399 * @param macLen Computed MAC byte length 1400 * 1401 * @returns Status of the operation 1402 * @retval #kStatus_SSS_Success The operation has completed successfully. 1403 * @retval #kStatus_SSS_Fail The operation has failed. 1404 */ 1405 sss_status_t sss_mac_one_go( 1406 sss_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); 1407 1408 /*! @brief Init mac for a message. 1409 * The function blocks current thread until the operation completes or an error occurs. 1410 * 1411 * @param context Pointer to mac context. 1412 * 1413 * @returns Status of the operation 1414 * @retval #kStatus_SSS_Success The operation has completed successfully. 1415 * @retval #kStatus_SSS_Fail The operation has failed. 1416 */ 1417 sss_status_t sss_mac_init(sss_mac_t *context); 1418 1419 /*! @brief Update mac for a message. 1420 * 1421 * The function blocks current thread until the operation completes or an error occurs. 1422 * 1423 * @param context Pointer to mac context. 1424 * @param message Buffer with a message chunk. 1425 * @param messageLen Length of the input buffer in bytes. 1426 * @returns Status of the operation 1427 * 1428 * @retval #kStatus_SSS_Success The operation has completed successfully. 1429 * @retval #kStatus_SSS_Fail The operation has failed. 1430 */ 1431 sss_status_t sss_mac_update(sss_mac_t *context, const uint8_t *message, size_t messageLen); 1432 1433 /*! @brief Finish mac for a message. 1434 * The function blocks current thread until the operation completes or an error occurs. 1435 * 1436 * @param context Pointer to mac context. 1437 * @param mac Output message MAC 1438 * @param macLen Computed MAC byte length 1439 * 1440 * @returns Status of the operation 1441 * @retval #kStatus_SSS_Success The operation has completed successfully. 1442 * @retval #kStatus_SSS_Fail The operation has failed. 1443 */ 1444 sss_status_t sss_mac_finish(sss_mac_t *context, uint8_t *mac, size_t *macLen); 1445 1446 /*! @brief MAC context release. 1447 * The function frees mac context. 1448 * 1449 * @param context Pointer to mac context. 1450 */ 1451 void sss_mac_context_free(sss_mac_t *context); 1452 /*! 1453 *@} 1454 */ /* end of sss_crypto_mac */ 1455 1456 /*! 1457 * @addtogroup sss_crypto_asymmetric 1458 * @{ 1459 */ 1460 1461 /*! @brief Asymmetric context init. 1462 * The function initializes asymmetric context with initial values. 1463 * 1464 * @param context Pointer to asymmetric crypto context. 1465 * @param session Associate SSS session with asymmetric context. 1466 * @param keyObject Associate SSS key object with asymmetric context. 1467 * @param algorithm One of the asymmetric algorithms defined by @ref sss_algorithm_t. 1468 * @param mode One of the modes defined by @ref sss_mode_t. 1469 * 1470 * @returns Status of the operation 1471 * @retval #kStatus_SSS_Success The operation has completed successfully. 1472 * @retval #kStatus_SSS_Fail The operation has failed. 1473 * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. 1474 */ 1475 sss_status_t sss_asymmetric_context_init(sss_asymmetric_t *context, 1476 sss_session_t *session, 1477 sss_object_t *keyObject, 1478 sss_algorithm_t algorithm, 1479 sss_mode_t mode); 1480 1481 /*! @brief Asymmetric encryption 1482 * The function uses asymmetric algorithm to encrypt data. Public key portion of a key pair is used for encryption. 1483 * 1484 * @param context Pointer to asymmetric context. 1485 * @param srcData Input buffer 1486 * @param srcLen Length of the input in bytes 1487 * @param destData Output buffer 1488 * @param destLen Length of the output in bytes 1489 * 1490 * @returns Status of the operation 1491 * @retval #kStatus_SSS_Success The operation has completed successfully. 1492 * @retval #kStatus_SSS_Fail The operation has failed. 1493 * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. 1494 */ 1495 sss_status_t sss_asymmetric_encrypt( 1496 sss_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); 1497 1498 /*! @brief Asymmetric decryption 1499 * The function uses asymmetric algorithm to decrypt data. Private key portion of a key pair is used for 1500 * decryption. 1501 * 1502 * @param context Pointer to asymmetric context. 1503 * @param srcData Input buffer 1504 * @param srcLen Length of the input in bytes 1505 * @param destData Output buffer 1506 * @param destLen Length of the output in bytes 1507 * 1508 * @returns Status of the operation 1509 * @retval #kStatus_SSS_Success The operation has completed successfully. 1510 * @retval #kStatus_SSS_Fail The operation has failed. 1511 * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. 1512 */ 1513 sss_status_t sss_asymmetric_decrypt( 1514 sss_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); 1515 1516 /*! @brief Asymmetric signature of a message digest 1517 * The function signs a message digest. 1518 * 1519 * @param context Pointer to asymmetric context. 1520 * @param digest Input buffer containing the input message digest 1521 * @param digestLen Length of the digest in bytes 1522 * @param signature Output buffer written with the signature of the digest 1523 * @param signatureLen Length of the signature in bytes 1524 * 1525 * @returns Status of the operation 1526 * @retval #kStatus_SSS_Success The operation has completed successfully. 1527 * @retval #kStatus_SSS_Fail The operation has failed. 1528 * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. 1529 */ 1530 sss_status_t sss_asymmetric_sign_digest( 1531 sss_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen); 1532 1533 /*! @brief Asymmetric verify of a message digest 1534 * The function verifies a message digest. 1535 * 1536 * @param context Pointer to asymmetric context. 1537 * @param digest Input buffer containing the input message digest 1538 * @param digestLen Length of the digest in bytes 1539 * @param signature Input buffer containing the signature to verify 1540 * @param signatureLen Length of the signature in bytes 1541 * 1542 * @returns Status of the operation 1543 * @retval #kStatus_SSS_Success The operation has completed successfully. 1544 * @retval #kStatus_SSS_Fail The operation has failed. 1545 * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. 1546 */ 1547 sss_status_t sss_asymmetric_verify_digest( 1548 sss_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen); 1549 1550 /*! @brief Asymmetric context release. 1551 * The function frees asymmetric context. 1552 * 1553 * @param context Pointer to asymmetric context. 1554 */ 1555 void sss_asymmetric_context_free(sss_asymmetric_t *context); 1556 /*! 1557 *@} 1558 */ /* end of sss_crypto_asymmetric */ 1559 1560 /*! 1561 * @addtogroup sss_crypto_derive_key 1562 * @{ 1563 */ 1564 1565 /*! @brief Derive key context init. 1566 * The function initializes derive key context with initial values. 1567 * 1568 * @param context Pointer to derive key context. 1569 * @param session Associate SSS session with the derive key context. 1570 * @param keyObject Associate SSS key object with the derive key context. 1571 * @param algorithm One of the derive key algorithms defined by @ref sss_algorithm_t. 1572 * @param mode One of the modes defined by @ref sss_mode_t. 1573 * 1574 * @returns Status of the operation 1575 * @retval #kStatus_SSS_Success The operation has completed successfully. 1576 * @retval #kStatus_SSS_Fail The operation has failed. 1577 * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. 1578 */ 1579 sss_status_t sss_derive_key_context_init(sss_derive_key_t *context, 1580 sss_session_t *session, 1581 sss_object_t *keyObject, 1582 sss_algorithm_t algorithm, 1583 sss_mode_t mode); 1584 1585 /*! @brief Symmetric key derivation 1586 * The function cryptographically derives a key from another key. 1587 * For example MIFARE key derivation, PRF, HKDF-Extract. 1588 * 1589 * @param context Pointer to derive key context. 1590 * @param saltData Input data buffer, typically with some random data. 1591 * @param saltLen Length of saltData buffer in bytes. 1592 * @param info Input data buffer, typically with some fixed info. 1593 * @param infoLen Length of info buffer in bytes. 1594 * @param[in,out] derivedKeyObject Reference to a derived key 1595 * 1596 * @returns Status of the operation 1597 * @retval #kStatus_SSS_Success The operation has completed successfully. 1598 * @retval #kStatus_SSS_Fail The operation has failed. 1599 * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. 1600 */ 1601 sss_status_t sss_derive_key_go(sss_derive_key_t *context, 1602 const uint8_t *saltData, 1603 size_t saltLen, 1604 const uint8_t *info, 1605 size_t infoLen, 1606 sss_object_t *derivedKeyObject, 1607 uint16_t deriveDataLen, 1608 uint8_t *hkdfOutput, 1609 size_t *hkdfOutputLen); 1610 1611 /*! @brief Asymmetric key derivation Diffie-Helmann 1612 * The function cryptographically derives a key from another key. 1613 * For example Diffie-Helmann. 1614 * 1615 * @param context Pointer to derive key context. 1616 * @param otherPartyKeyObject Publick key of the other party in the Diffie-Helmann algorithm 1617 * @param[in,out] derivedKeyObject Reference to a derived key 1618 * 1619 * @returns Status of the operation 1620 * @retval #kStatus_SSS_Success The operation has completed successfully. 1621 * @retval #kStatus_SSS_Fail The operation has failed. 1622 * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. 1623 */ 1624 sss_status_t sss_derive_key_dh(sss_derive_key_t *context, 1625 sss_object_t *otherPartyKeyObject, 1626 sss_object_t *derivedKeyObject); 1627 1628 /*! @brief Derive key context release. 1629 * The function frees derive key context. 1630 * 1631 * @param context Pointer to derive key context. 1632 */ 1633 void sss_derive_key_context_free(sss_derive_key_t *context); 1634 /*! 1635 *@} 1636 */ /* end of sss_crypto_derive_key */ 1637 1638 /*! 1639 * @addtogroup sss_rng 1640 * @{ 1641 */ 1642 1643 /*! 1644 * @brief Initialise random generator context between application and a security subsystem. 1645 * 1646 * 1647 * @warn API Changed 1648 * 1649 * Earlier: 1650 * sss_status_t sss_rng_context_init( 1651 * sss_session_t *session, sss_rng_context_t *context); 1652 * 1653 * Now: Parameters are swapped 1654 * sss_status_t sss_rng_context_init( 1655 * sss_rng_context_t *context, sss_session_t *session); 1656 * 1657 * @param session Session context. 1658 * @param context random generator context. 1659 * @return status 1660 */ 1661 sss_status_t sss_rng_context_init(sss_rng_context_t *context, sss_session_t *session); 1662 1663 /*! 1664 * @brief Generate random number. 1665 * 1666 * @param context random generator context. 1667 * @param random_data buffer to hold random data. 1668 * @param dataLen required random number length 1669 * @return status 1670 */ 1671 sss_status_t sss_rng_get_random(sss_rng_context_t *context, uint8_t *random_data, size_t dataLen); 1672 1673 /*! 1674 * @brief free random genertor context. 1675 * 1676 * @param context generator context. 1677 * @return status 1678 */ 1679 sss_status_t sss_rng_context_free(sss_rng_context_t *context); 1680 1681 /*! 1682 *@} 1683 */ /* end of sss_rng */ 1684 1685 /*! 1686 *@} 1687 */ /* end of sss_crypto_tunnelling */ 1688 1689 /*! 1690 * @addtogroup sss_crypto_tunnel 1691 * @{ 1692 */ 1693 1694 /*! @brief Constructor for the tunnelling service context. 1695 * 1696 * Earlier: 1697 * sss_status_t sss_tunnel_context_init( 1698 * sss_session_t *session, sss_tunnel_t *context); 1699 * 1700 * Now: Parameters are swapped 1701 * sss_status_t sss_tunnel_context_init( 1702 * sss_tunnel_t *context, sss_session_t *session); 1703 * 1704 * @param[out] context Pointer to tunnel context. Tunnel context is updated on function return. 1705 * @param session Pointer to session this tunnelling service belongs to. 1706 */ 1707 sss_status_t sss_tunnel_context_init(sss_tunnel_t *context, sss_session_t *session); 1708 1709 /*! @brief Tunnelling service. 1710 * 1711 * @param[in,out] context Pointer to tunnel context. 1712 * @param data Pointer to data to be send to subsystem. 1713 * @param dataLen Length of the data in bytes. 1714 * @param keyObjects Objects references used by the service. 1715 * @param keyObjectCount Number of key references at ``keyObjects``. 1716 * @param tunnelType Implementation specific id of the service. 1717 */ 1718 sss_status_t sss_tunnel(sss_tunnel_t *context, 1719 uint8_t *data, 1720 size_t dataLen, 1721 sss_object_t *keyObjects, 1722 uint32_t keyObjectCount, 1723 uint32_t tunnelType); 1724 1725 /*! @brief Destructor for the tunnelling service context. 1726 * 1727 * @param[out] context Pointer to tunnel context. */ 1728 void sss_tunnel_context_free(sss_tunnel_t *context); 1729 1730 /*! 1731 *@} 1732 */ /* end of sss_crypto_channel */ 1733 1734 #if defined(__cplusplus) 1735 } 1736 #endif 1737 1738 #endif /* FSL_SSS_H */ 1739
