andrius
/
arm-trusted-firmware
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

cryptocell: add support for Cryptocell 713 

Add Crypto 713 support as crypto module and NVM counter provider.

As files under include/drivers/arm/cryptocell/713/ are copied verbatim
from the CryptoCell SBROM lib project they are filtered from checkpatch
coding style check.

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Change-Id: I7c361772f00ca7d96481f81ac6cbb2704467e52c
This commit is contained in:
Gilad Ben-Yossef 2019-05-15 09:24:04 +03:00 committed by Gilad Ben-Yossef
parent 0f99bf32df
commit 4501843f2d
15 changed files with 1408 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Makefile
View File

@ -39,12 +39,20 @@ PLAT := ${DEFAULT_PLAT}
CHECKCODE_ARGS := --no-patch
# Do not check the coding style on imported library files or documentation files
INC_ARM_DIRS_TO_CHECK := $(sort $(filter-out \
include/drivers/arm/cryptocell, \
$(wildcard include/drivers/arm/*)))
INC_ARM_DIRS_TO_CHECK += include/drivers/arm/cryptocell/*.h
INC_DRV_DIRS_TO_CHECK := $(sort $(filter-out \
include/drivers/arm, \
$(wildcard include/drivers/*)))
INC_LIB_DIRS_TO_CHECK := $(sort $(filter-out \
include/lib/libfdt \
include/lib/libc, \
$(wildcard include/lib/*)))
INC_DIRS_TO_CHECK := $(sort $(filter-out \
include/lib, \
include/lib \
include/drivers, \
$(wildcard include/*)))
LIB_DIRS_TO_CHECK := $(sort $(filter-out \
lib/compiler-rt \
@ -60,7 +68,9 @@ ROOT_DIRS_TO_CHECK := $(sort $(filter-out \
CHECK_PATHS := ${ROOT_DIRS_TO_CHECK} \
${INC_DIRS_TO_CHECK} \
${INC_LIB_DIRS_TO_CHECK} \
${LIB_DIRS_TO_CHECK}
${LIB_DIRS_TO_CHECK} \
${INC_DRV_DIRS_TO_CHECK} \
${INC_ARM_DIRS_TO_CHECK}
################################################################################

273
drivers/auth/cryptocell/713/cryptocell_crypto.c Normal file
View File

@ -0,0 +1,273 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
#include <stddef.h>
#include <string.h>
#include <drivers/arm/cryptocell/713/bsv_api.h>
#include <drivers/arm/cryptocell/713/bsv_crypto_asym_api.h>
#include <drivers/auth/crypto_mod.h>
#include <mbedtls/oid.h>
#define LIB_NAME "CryptoCell 713 SBROM"
#define RSA_SALT_LEN 32
#define RSA_EXPONENT 65537
/*
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL
* }
*
* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING
* }
*
* DigestInfo ::= SEQUENCE {
* digestAlgorithm AlgorithmIdentifier,
* digest OCTET STRING
* }
*
* RSASSA-PSS-params ::= SEQUENCE {
* hashAlgorithm [0] HashAlgorithm,
* maskGenAlgorithm [1] MaskGenAlgorithm,
* saltLength [2] INTEGER,
* trailerField [3] TrailerField DEFAULT trailerFieldBC
* }
*/
/*
* Initialize the library and export the descriptor
*/
static void init(void)
{
CCError_t ret;
uint32_t lcs;
/* Initialize CC SBROM */
ret = CC_BsvInit((uintptr_t)PLAT_CRYPTOCELL_BASE);
if (ret != CC_OK) {
ERROR("CryptoCell CC_BsvInit() error %x\n", ret);
panic();
}
/* Initialize lifecycle state */
ret = CC_BsvGetAndInitLcs((uintptr_t)PLAT_CRYPTOCELL_BASE, &lcs);
if (ret != CC_OK) {
ERROR("CryptoCell CC_BsvGetAndInitLcs() error %x\n", ret);
panic();
}
}
/*
* Verify a signature.
*
* Parameters are passed using the DER encoding format following the ASN.1
* structures detailed above.
*/
static int verify_signature(void *data_ptr, unsigned int data_len,
void *sig_ptr, unsigned int sig_len,
void *sig_alg, unsigned int sig_alg_len,
void *pk_ptr, unsigned int pk_len)
{
CCError_t error;
CCBsvNBuff_t NBuff;
CCBsvSignature_t signature;
int rc, exp;
mbedtls_asn1_buf sig_oid, alg_oid, params;
mbedtls_md_type_t md_alg;
mbedtls_pk_type_t pk_alg;
mbedtls_pk_rsassa_pss_options pss_opts;
size_t len;
uint8_t *p, *end;
CCHashResult_t digest;
CCBool_t is_verified;
/* This is a rather large array, we don't want it on stack */
static uint32_t workspace[BSV_RSA_WORKSPACE_MIN_SIZE];
/* Verify the signature algorithm */
/* Get pointers to signature OID and parameters */
p = sig_alg;
end = p + sig_alg_len;
rc = mbedtls_asn1_get_alg(&p, end, &sig_oid, &params);
if (rc != 0)
return CRYPTO_ERR_SIGNATURE;
/* Get the actual signature algorithm (MD + PK) */
rc = mbedtls_oid_get_sig_alg(&sig_oid, &md_alg, &pk_alg);
if (rc != 0)
return CRYPTO_ERR_SIGNATURE;
/* The CryptoCell only supports RSASSA-PSS signature */
if (pk_alg != MBEDTLS_PK_RSASSA_PSS || md_alg != MBEDTLS_MD_NONE)
return CRYPTO_ERR_SIGNATURE;
/* Verify the RSASSA-PSS params */
/* The trailer field is verified to be 0xBC internally by this API */
rc = mbedtls_x509_get_rsassa_pss_params(&params, &md_alg,
&pss_opts.mgf1_hash_id,
&pss_opts.expected_salt_len);
if (rc != 0)
return CRYPTO_ERR_SIGNATURE;
/* The CryptoCell only supports SHA256 as hash algorithm */
if (md_alg != MBEDTLS_MD_SHA256 ||
pss_opts.mgf1_hash_id != MBEDTLS_MD_SHA256)
return CRYPTO_ERR_SIGNATURE;
if (pss_opts.expected_salt_len != RSA_SALT_LEN)
return CRYPTO_ERR_SIGNATURE;
/* Parse the public key */
p = pk_ptr;
end = p + pk_len;
rc = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
if (rc != 0)
return CRYPTO_ERR_SIGNATURE;
end = p + len;
rc = mbedtls_asn1_get_alg_null(&p, end, &alg_oid);
if (rc != 0)
return CRYPTO_ERR_SIGNATURE;
if (mbedtls_oid_get_pk_alg(&alg_oid, &pk_alg) != 0)
return CRYPTO_ERR_SIGNATURE;
if (pk_alg != MBEDTLS_PK_RSA)
return CRYPTO_ERR_SIGNATURE;
rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
if (rc != 0)
return CRYPTO_ERR_SIGNATURE;
rc = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE);
if (rc != 0)
return CRYPTO_ERR_SIGNATURE;
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER);
if (rc != 0)
return CRYPTO_ERR_SIGNATURE;
if (*p == 0) {
p++; len--;
}
if (len != BSV_CERT_RSA_KEY_SIZE_IN_BYTES || ((p + len) > end))
return CRYPTO_ERR_SIGNATURE;
/*
* Copy N from certificate.
*/
memcpy(NBuff, p, BSV_CERT_RSA_KEY_SIZE_IN_BYTES);
/* Verify the RSA exponent */
p += len;
rc = mbedtls_asn1_get_int(&p, end, &exp);
if (rc != 0)
return CRYPTO_ERR_SIGNATURE;
if (exp != RSA_EXPONENT)
return CRYPTO_ERR_SIGNATURE;
/* Get the signature (bitstring) */
p = sig_ptr;
end = p + sig_len;
rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
if (rc != 0)
return CRYPTO_ERR_SIGNATURE;
if (len != BSV_CERT_RSA_KEY_SIZE_IN_BYTES || ((p + len) > end))
return CRYPTO_ERR_SIGNATURE;
/*
* Copy the signature (in BE format)
*/
memcpy((uint8_t *)signature, p, BSV_CERT_RSA_KEY_SIZE_IN_BYTES);
error = CC_BsvSha256((uintptr_t)PLAT_CRYPTOCELL_BASE,
data_ptr, data_len, digest);
if (error != CC_OK)
return CRYPTO_ERR_SIGNATURE;
/* Verify the signature */
error = CC_BsvRsaPssVerify((uintptr_t)PLAT_CRYPTOCELL_BASE, NBuff,
NULL, signature, digest, workspace,
BSV_RSA_WORKSPACE_MIN_SIZE, &is_verified);
if ((error != CC_OK) || (is_verified != CC_TRUE))
return CRYPTO_ERR_SIGNATURE;
/* Signature verification success */
return CRYPTO_SUCCESS;
}
/*
* Match a hash
*
* Digest info is passed in DER format following the ASN.1 structure detailed
* above.
*/
static int verify_hash(void *data_ptr, unsigned int data_len,
void *digest_info_ptr, unsigned int digest_info_len)
{
mbedtls_asn1_buf hash_oid, params;
mbedtls_md_type_t md_alg;
uint8_t *p, *end, *hash;
CCHashResult_t pubKeyHash;
size_t len;
int rc;
CCError_t error;
/* Digest info should be an MBEDTLS_ASN1_SEQUENCE */
p = digest_info_ptr;
end = p + digest_info_len;
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE);
if (rc != 0)
return CRYPTO_ERR_HASH;
/* Get the hash algorithm */
rc = mbedtls_asn1_get_alg(&p, end, &hash_oid, &params);
if (rc != 0)
return CRYPTO_ERR_HASH;
rc = mbedtls_oid_get_md_alg(&hash_oid, &md_alg);
if (rc != 0)
return CRYPTO_ERR_HASH;
/* Verify that hash algorithm is SHA256 */
if (md_alg != MBEDTLS_MD_SHA256)
return CRYPTO_ERR_HASH;
/* Hash should be octet string type */
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
if (rc != 0)
return CRYPTO_ERR_HASH;
/* Length of hash must match the algorithm's size */
if (len != HASH_RESULT_SIZE_IN_BYTES)
return CRYPTO_ERR_HASH;
hash = p;
error = CC_BsvSha256((uintptr_t)PLAT_CRYPTOCELL_BASE, data_ptr,
data_len, pubKeyHash);
if (error != CC_OK)
return CRYPTO_ERR_HASH;
rc = memcmp(pubKeyHash, hash, HASH_RESULT_SIZE_IN_BYTES);
if (rc != 0)
return CRYPTO_ERR_HASH;
return CRYPTO_SUCCESS;
}
/*
* Register crypto library descriptor
*/
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL);

109
drivers/auth/cryptocell/713/cryptocell_plat_helpers.c Normal file
View File

@ -0,0 +1,109 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
#include <stddef.h>
#include <string.h>
#include <plat/common/platform.h>
#include <tools_share/tbbr_oid.h>
#include <lib/libc/endian.h>
#include <drivers/arm/cryptocell/713/bsv_api.h>
#include <drivers/arm/cryptocell/713/bsv_error.h>
/*
* Return the ROTPK hash
*
* Return: 0 = success, Otherwise = error
*/
int cc_get_rotpk_hash(unsigned char *dst, unsigned int len, unsigned int *flags)
{
CCError_t error;
uint32_t lcs;
int i;
uint32_t *key = (uint32_t *)dst;
assert(dst != NULL);
assert(len >= HASH_RESULT_SIZE_IN_WORDS);
assert(flags != NULL);
error = CC_BsvLcsGet(PLAT_CRYPTOCELL_BASE, &lcs);
if (error != CC_OK)
return 1;
if ((lcs == CC_BSV_CHIP_MANUFACTURE_LCS) || (lcs == CC_BSV_RMA_LCS)) {
*flags = ROTPK_NOT_DEPLOYED;
return 0;
}
error = CC_BsvPubKeyHashGet(PLAT_CRYPTOCELL_BASE,
CC_SB_HASH_BOOT_KEY_256B,
key, HASH_RESULT_SIZE_IN_WORDS);
if (error == CC_BSV_HASH_NOT_PROGRAMMED_ERR) {
*flags = ROTPK_NOT_DEPLOYED;
return 0;
}
if (error == CC_OK) {
/* Keys are stored in OTP in little-endian format */
for (i = 0; i < HASH_RESULT_SIZE_IN_WORDS; i++)
key[i] = le32toh(key[i]);
*flags = ROTPK_IS_HASH;
return 0;
}
return 1;
}
/*
* Return the non-volatile counter value stored in the platform. The cookie
* specifies the OID of the counter in the certificate.
*
* Return: 0 = success, Otherwise = error
*/
int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
{
CCError_t error = CC_FAIL;
if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
error = CC_BsvSwVersionGet(PLAT_CRYPTOCELL_BASE,
CC_SW_VERSION_TRUSTED, nv_ctr);
} else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
error = CC_BsvSwVersionGet(PLAT_CRYPTOCELL_BASE,
CC_SW_VERSION_NON_TRUSTED, nv_ctr);
}
return (error != CC_OK);
}
/*
* Store a new non-volatile counter value in the counter specified by the OID
* in the cookie. This function is not expected to be called if the Lifecycle
* state is RMA as the values in the certificate are expected to always match
* the nvcounter values. But if called when the LCS is RMA, the underlying
* helper functions will return success but without updating the counter.
*
* Return: 0 = success, Otherwise = error
*/
int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
{
CCError_t error = CC_FAIL;
if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
error = CC_BsvSwVersionSet(PLAT_CRYPTOCELL_BASE,
CC_SW_VERSION_TRUSTED, nv_ctr);
} else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
error = CC_BsvSwVersionSet(PLAT_CRYPTOCELL_BASE,
CC_SW_VERSION_NON_TRUSTED, nv_ctr);
}
return (error != CC_OK);
}

4
drivers/auth/cryptocell/cryptocell_crypto.mk
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
# Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@ -22,6 +22,8 @@ endif
CRYPTOCELL_VERSION ?= 712
ifeq (${CRYPTOCELL_VERSION},712)
CCSBROM_LIB_FILENAME := cc_712sbromx509
else ifeq (${CRYPTOCELL_VERSION},713)
CCSBROM_LIB_FILENAME := cc_713bsv
else
$(error Error: CRYPTOCELL_VERSION set to invalid version)
endif

221
include/drivers/arm/cryptocell/713/bsv_api.h Normal file
View File

@ -0,0 +1,221 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _BSV_API_H
#define _BSV_API_H
#ifdef __cplusplus
extern "C"
{
#endif
/*!
@file
@brief This file contains the Boot Services APIs and definitions.
@defgroup cc_bsv_api CryptoCell Boot Services APIs and definitions
@{
@ingroup cc_bsv
*/
#include "cc_pal_types.h"
#include "cc_sec_defs.h"
#include "cc_boot_defs.h"
/* Life cycle state definitions. */
#define CC_BSV_CHIP_MANUFACTURE_LCS 0x0 /*!< The CM life-cycle state (LCS) value. */
#define CC_BSV_DEVICE_MANUFACTURE_LCS 0x1 /*!< The DM life-cycle state (LCS) value. */
#define CC_BSV_SECURE_LCS 0x5 /*!< The Secure life-cycle state (LCS) value. */
#define CC_BSV_RMA_LCS 0x7 /*!< The RMA life-cycle state (LCS) value. */
#define CC_BSV_INVALID_LCS 0xff /*!< The invalid life-cycle state (LCS) value. */
/*----------------------------
TYPES
-----------------------------------*/
/*----------------------------
PUBLIC FUNCTIONS
-----------------------------------*/
/*!
@brief This function verifies the product and version numbers of the HW, and initializes it.
\warning This function must be the first CryptoCell-7xx SBROM library API called.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvInit(
unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
);
/*!
@brief This function retrieves the HW LCS and performs validity checks.
If the LCS is RMA, it also sets the OTP secret keys to a fixed value.
@note An error is returned if there is an invalid LCS. If this happens, your code must
completely disable the device.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvGetAndInitLcs(
unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
uint32_t *pLcs /*!< [out] The value of the current LCS. */
);
/*!
@brief This function retrieves the LCS from the NVM manager.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvLcsGet(
unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
uint32_t *pLcs /*!< [out] The value of the current LCS. */
);
/*!
@brief This function reads software revocation counter from OTP memory, according to the provided sw version index.
SW version is stored in NVM counter and represented by ones. Meaning seVersion=5 would be stored as binary 0b11111;
hence:
the maximal of trusted is 32
the maximal of non-trusted is 224
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvSwVersionGet(
unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
CCSbSwVersionId_t id, /*!< [in] Enumeration defining the trusted/non-trusted counter to read. */
uint32_t *swVersion /*!< [out] The value of the requested counter as read from OTP memory. */
);
/*!
@brief This function sets the NVM counter according to swVersionID (trusted/non-trusted).
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvSwVersionSet(
unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
CCSbSwVersionId_t id, /*!< [in] Enumeration defining the trusted/non-trusted counter to read. */
uint32_t swVersion /*!< [in] New value of the counter to be programmed in OTP memory. */
);
/*!
@brief This function sets the "fatal error" flag in the NVM manager, to disable the use of
any HW keys or security services.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvFatalErrorSet(
unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
);
/*!
@brief This function retrieves the public key hash from OTP memory, according to the provided index.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvPubKeyHashGet(
unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
CCSbPubKeyIndexType_t keyIndex, /*!< [in] Enumeration defining the key hash to retrieve: 128-bit HBK0, 128-bit HBK1, or 256-bit HBK. */
uint32_t *hashedPubKey, /*!< [out] A buffer to contain the public key HASH. */
uint32_t hashResultSizeWords /*!< [in] The size of the hash in 32-bit words:
- Must be 4 for 128-bit hash.
- Must be 8 for 256bit hash. */
);
/*!
@brief This function permanently sets the RMA LCS for the ICV and the OEM.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvRMAModeEnable(
unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
);
/*!
@brief This function is called by the ICV code, to disable the OEM code from changing the ICV RMA bit flag.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvICVRMAFlagBitLock(
unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
);
/*!
@brief This function locks the defined ICV class keys from further usage.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvICVKeyLock(
unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
CCBool_t isICVProvisioningKeyLock, /*!< [in] Should the provisioning key be locked. */
CCBool_t isICVCodeEncKeyLock /*!< [in] Should the encryption key be locked. */
);
/*!
@brief This function retrieves the value of "secure disable" bit.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvSecureDisableGet(
unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
CCBool_t *isSDEnabled /*!< [out] The value of the SD Enable bit. */
);
/*!
@brief This function derives the platform key (Kplt) from the Kpicv, and then decrypts the customer key (Kcst)
from the EKcst (burned in the OTP). The decryption is done only in Secure and RMA LCS mode using AES-ECB.
The customer ROM should invoke this function during early boot, prior to running any non-ROM code, only if Kcst exists.
The resulting Kcst is saved in a HW register.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvCustomerKeyDecrypt(
unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
);
#ifdef __cplusplus
}
#endif
/*!
@brief This function derives the unique SoC_ID for the device, as hashed (Hbk || AES_CMAC (HUK)).
@note SoC_ID is required to create debug certificates.
The OEM or ICV must provide a method for a developer to discover the SoC_ID of a target
device without having to first enable debugging.
One suggested implementation is to have the device ROM code compute the SoC_ID and place
it in a specific location in the flash memory, from where it can be accessed by the developer.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvSocIDCompute(
unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
CCHashResult_t hashResult /*!< [out] The derived SoC_ID. */
);
#endif /* _BSV_API_H */
/**
@}
*/

76
include/drivers/arm/cryptocell/713/bsv_crypto_api.h Normal file
View File

@ -0,0 +1,76 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _BSV_CRYPTO_API_H
#define _BSV_CRYPTO_API_H
#ifdef __cplusplus
extern "C"
{
#endif
/*!
@file
@brief This file contains the cryptographic ROM APIs of the Boot Services.
@defgroup cc_bsv_crypto_api CryptoCell Boot Services cryptographic ROM APIs
@{
@ingroup cc_bsv
*/
#include "cc_pal_types.h"
#include "cc_sec_defs.h"
#include "cc_address_defs.h"
#include "bsv_crypto_defs.h"
/*----------------------------
PUBLIC FUNCTIONS
-----------------------------------*/
/*!
@brief This function calculates the SHA-256 digest over contiguous memory
in an integrated operation.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvSha256(
unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
uint8_t *pDataIn, /*!< [in] A pointer to the input buffer to be hashed. The buffer must be contiguous. */
size_t dataSize, /*!< [in] The size of the data to be hashed, in bytes. */
CCHashResult_t hashBuff /*!< [out] A pointer to a word-aligned 32-byte buffer. */
);
/*!
@brief This function allows you to calculate SHA256 digest of an image with decryption base on AES-CTR,
with HW or user key.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure. (in this case, hashBuff will be returned clean, while the output data should be cleaned by the user).
*/
CCError_t CC_BsvCryptoImageDecrypt( unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
CCBsvflowMode_t flow, /*!< [in] The supported operations are: HASH, AES to HASH, AES and HASH. */
CCBsvKeyType_t keyType, /*!< [in] The key type to use: Kce, Kceicv, or user key. */
uint8_t *pUserKey, /*!< [in] A pointer to the user key buffer in case keyType is CC_BSV_USER_KEY. */
size_t userKeySize, /*!< [in] The user key size in bytes (128bits) in case keyType is CC_BSV_USER_KEY. */
uint8_t *pIvBuf, /*!< [in] A pointer to the IV / counter buffer. */
uint8_t *pInputData, /*!< [in] A pointer to the input data. */
uint8_t *pOutputData, /*!< [out] A pointer to the output buffer. (optional should be null in case of hash only). */
size_t dataSize, /*!< [in] The size of the input data in bytes. MUST be multiple of AES block size. */
CCHashResult_t hashBuff /*!< [out] A pointer to a word-aligned 32-byte digest output buffer. */
);
#ifdef __cplusplus
}
#endif
#endif
/**
@}
*/

100
include/drivers/arm/cryptocell/713/bsv_crypto_asym_api.h Normal file
View File

@ -0,0 +1,100 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _BSV_CRYPTO_ASYM_API_H
#define _BSV_CRYPTO_ASYM_API_H
#ifdef __cplusplus
extern "C"
{
#endif
/*!
@file
@brief This file contains the cryptographic Asymmetric ROM APIs of the Boot Services.
@defgroup cc_bsv_crypto_asym_api CryptoCell Boot Services cryptographic Asymmetric ROM APIs
@{
@ingroup cc_bsv
*/
#include "cc_pal_types.h"
#include "cc_pka_hw_plat_defs.h"
#include "cc_sec_defs.h"
#include "bsv_crypto_api.h"
/*! Defines the workspace size in bytes needed for internal Asymmetric operations. */
#define BSV_RSA_WORKSPACE_MIN_SIZE (4*BSV_CERT_RSA_KEY_SIZE_IN_BYTES +\
2*RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_BYTES)
/*! Definition for the RSA public modulus array. */
typedef uint32_t CCBsvNBuff_t[BSV_CERT_RSA_KEY_SIZE_IN_WORDS];
/*! Definition for the RSA Barrett mod tag array. */
typedef uint32_t CCBsvNpBuff_t[RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_BYTES];
/*! Definition for the RSA signature array. */
typedef uint32_t CCBsvSignature_t[BSV_CERT_RSA_KEY_SIZE_IN_WORDS];
/*----------------------------
PUBLIC FUNCTIONS
-----------------------------------*/
/*!
@brief This function performs the primitive operation of RSA, meaning exponent and modulus.
outBuff = (pInBuff ^ Exp) mod NBuff. ( Exp = 0x10001 )
The function supports 2k and 3K bit size of modulus, based on compile time define.
There are no restriction on pInBuff location, however its size must be equal to BSV_RSA_KEY_SIZE_IN_BYTES and its
value must be smaller than the modulus.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvRsaPrimVerify (unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
CCBsvNBuff_t NBuff, /*!< [in] The modulus buffer big endian format. */
CCBsvNpBuff_t NpBuff, /*!< [in] The barret tag buffer big endian format - optional. */
uint32_t *pInBuff, /*!< [in] The DataIn buffer to be encrypted. */
size_t inBuffSize, /*!< [in] The DataIn buffer size in bytes, must be BSV_RSA_KEY_SIZE_IN_BYTES. */
CCBsvSignature_t pOutBuff, /*!< [out] The encrypted buffer in big endian format. */
uint32_t *pWorkSpace, /*!< [in] The pointer to user allocated buffer for internal use. */
size_t workBufferSize /*!< [in] The size in bytes of pWorkSpace, must be at-least BSV_RSA_WORKSPACE_MIN_SIZE. */
);
/*!
@brief This function performs RSA PSS verify.
The function should support 2k and 3K bit size of modulus, based on compile time define.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvRsaPssVerify (unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
CCBsvNBuff_t NBuff, /*!< [in] The modulus buffer big endian format. */
CCBsvNpBuff_t NpBuff, /*!< [in] The barret tag buffer big endian format - optional. */
CCBsvSignature_t signature, /*!< [in] The signature buffer to verify - big endian format. */
CCHashResult_t hashedData, /*!< [in] The data-in buffer to be verified as sha256 digest. */
uint32_t *pWorkSpace, /*!< [in] The pointer to user allocated buffer for internal use. */
size_t workBufferSize, /*!< [in] The size in bytes of pWorkSpace, must be at-least BSV_RSA_WORKSPACE_MIN_SIZE. */
CCBool_t *pIsVerified /*!< [out] The flag indicates whether the signature is verified or not.
If verified value will be CC_TRUE, otherwise CC_FALSE */
);
#ifdef __cplusplus
}
#endif
#endif
/**
@}
*/

94
include/drivers/arm/cryptocell/713/bsv_crypto_defs.h Normal file
View File

@ -0,0 +1,94 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _BSV_CRYPTO_DEFS_H
#define _BSV_CRYPTO_DEFS_H
#ifdef __cplusplus
extern "C"
{
#endif
/*!
@file
@brief This file contains the definitions of the cryptographic ROM APIs.
@defgroup cc_bsv_crypto_defs CryptoCell Boot Services cryptographic ROM API definitions
@{
@ingroup cc_bsv
*/
/*! AES supported HW key code table. */
typedef enum {
CC_BSV_USER_KEY = 0, /*!< Definition for a user key. */
CC_BSV_HUK_KEY = 1, /*!< Definition for the HW unique key. */
CC_BSV_RTL_KEY = 2, /*!< Definition for the RTL key. */
CC_BSV_SESSION_KEY = 3, /*!< Definition for the Session key. */
CC_BSV_CE_KEY = 4, /*!< Definition for the Kce. */
CC_BSV_PLT_KEY = 5, /*!< Definition for the Platform key. */
CC_BSV_KCST_KEY = 6, /*!< Definition for Kcst. */
CC_BSV_ICV_PROV_KEY = 0xd, /*!< Definition for the Kpicv. */
CC_BSV_ICV_CE_KEY = 0xe, /*!< Definition for the Kceicv. */
CC_BSV_PROV_KEY = 0xf, /*!< Definition for the Kcp. */
CC_BSV_END_OF_KEY_TYPE = INT32_MAX, /*!< Reserved. */
}CCBsvKeyType_t;
/*! AES directions. */
typedef enum bsvAesDirection {
BSV_AES_DIRECTION_ENCRYPT = 0, /*!< Encrypt.*/
BSV_AES_DIRECTION_DECRYPT = 1, /*!< Decrypt.*/
BSV_AES_NUM_OF_ENCRYPT_MODES, /*!< The maximal number of operations. */
BSV_AES_DIRECTION_RESERVE32B = INT32_MAX /*!< Reserved.*/
}bsvAesDirection_t;
/*! Definitions of the cryptographic flow supported as part of the Secure Boot. */
typedef enum {
CC_BSV_CRYPTO_HASH_MODE = 0, /*!< Hash mode only. */
CC_BSV_CRYPTO_AES_CTR_AND_HASH_MODE = 1, /*!< Data goes into the AES and Hash engines. */
CC_BSV_CRYPTO_AES_CTR_TO_HASH_MODE = 2 /*!< Data goes into the AES and from the AES to the Hash engine. */
}CCBsvflowMode_t;
/*! CryptoImage HW completion sequence mode */
typedef enum
{
BSV_CRYPTO_COMPLETION_NO_WAIT = 0, /*!< The driver waits only before reading the output. */
BSV_CRYPTO_COMPLETION_WAIT_UPON_END = 1 /*!< The driver waits after each chunk of data. */
}bsvCryptoCompletionMode_t;
/*! AES-CMAC result size, in words. */
#define CC_BSV_CMAC_RESULT_SIZE_IN_WORDS 4 /* 128b */
/*! AES-CMAC result size, in bytes. */
#define CC_BSV_CMAC_RESULT_SIZE_IN_BYTES 16 /* 128b */
/*! AES-CCM 128bit key size, in bytes. */
#define CC_BSV_CCM_KEY_SIZE_BYTES 16
/*! AES-CCM 128bit key size, in words. */
#define CC_BSV_CCM_KEY_SIZE_WORDS 4
/*! AES-CCM NONCE size, in bytes. */
#define CC_BSV_CCM_NONCE_SIZE_BYTES 12
/*! AES-CMAC result buffer. */
typedef uint32_t CCBsvCmacResult_t[CC_BSV_CMAC_RESULT_SIZE_IN_WORDS];
/*! AES-CCM key buffer.*/
typedef uint32_t CCBsvCcmKey_t[CC_BSV_CCM_KEY_SIZE_WORDS];
/*! AES-CCM nonce buffer.*/
typedef uint8_t CCBsvCcmNonce_t[CC_BSV_CCM_NONCE_SIZE_BYTES];
/*! AES-CCM MAC buffer.*/
typedef uint8_t CCBsvCcmMacRes_t[CC_BSV_CMAC_RESULT_SIZE_IN_BYTES];
#ifdef __cplusplus
}
#endif
#endif
/**
@}
*/

161
include/drivers/arm/cryptocell/713/bsv_error.h Normal file
View File

@ -0,0 +1,161 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _BSV_ERROR_H
#define _BSV_ERROR_H
#ifdef __cplusplus
extern "C"
{
#endif
/*!
@file
@brief This file defines the error code types that are returned from the Boot Services APIs.
@defgroup cc_bsv_error CryptoCell Boot Services error codes
@{
@ingroup cc_bsv
*/
/*! Defines the base address for Boot Services errors. */
#define CC_BSV_BASE_ERROR 0x0B000000
/*! Defines the base address for Boot Services cryptographic errors. */
#define CC_BSV_CRYPTO_ERROR 0x0C000000
/*! Illegal input parameter. */
#define CC_BSV_ILLEGAL_INPUT_PARAM_ERR (CC_BSV_BASE_ERROR + 0x00000001)
/*! Illegal HUK value. */
#define CC_BSV_ILLEGAL_HUK_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000002)
/*! Illegal Kcp value. */
#define CC_BSV_ILLEGAL_KCP_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000003)
/*! Illegal Kce value. */
#define CC_BSV_ILLEGAL_KCE_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000004)
/*! Illegal Kpicv value. */
#define CC_BSV_ILLEGAL_KPICV_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000005)
/*! Illegal Kceicv value. */
#define CC_BSV_ILLEGAL_KCEICV_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000006)
/*! Illegal EKcst value. */
#define CC_BSV_ILLEGAL_EKCST_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000007)
/*! Hash boot key not programmed in the OTP. */
#define CC_BSV_HASH_NOT_PROGRAMMED_ERR (CC_BSV_BASE_ERROR + 0x00000008)
/*! Illegal Hash boot key zero count in the OTP. */
#define CC_BSV_HBK_ZERO_COUNT_ERR (CC_BSV_BASE_ERROR + 0x00000009)
/*! Illegal LCS. */
#define CC_BSV_ILLEGAL_LCS_ERR (CC_BSV_BASE_ERROR + 0x0000000A)
/*! OTP write compare failure. */
#define CC_BSV_OTP_WRITE_CMP_FAIL_ERR (CC_BSV_BASE_ERROR + 0x0000000B)
/*! OTP access error */
#define CC_BSV_OTP_ACCESS_ERR (CC_BSV_BASE_ERROR + 0x0000000C)
/*! Erase key in OTP failed. */
#define CC_BSV_ERASE_KEY_FAILED_ERR (CC_BSV_BASE_ERROR + 0x0000000D)
/*! Illegal PIDR. */
#define CC_BSV_ILLEGAL_PIDR_ERR (CC_BSV_BASE_ERROR + 0x0000000E)
/*! Illegal CIDR. */
#define CC_BSV_ILLEGAL_CIDR_ERR (CC_BSV_BASE_ERROR + 0x0000000F)
/*! Device failed to move to fatal error state. */
#define CC_BSV_FAILED_TO_SET_FATAL_ERR (CC_BSV_BASE_ERROR + 0x00000010)
/*! Failed to set RMA LCS. */
#define CC_BSV_FAILED_TO_SET_RMA_ERR (CC_BSV_BASE_ERROR + 0x00000011)
/*! Illegal RMA indication. */
#define CC_BSV_ILLEGAL_RMA_INDICATION_ERR (CC_BSV_BASE_ERROR + 0x00000012)
/*! Boot Services version is not initialized. */
#define CC_BSV_VER_IS_NOT_INITIALIZED_ERR (CC_BSV_BASE_ERROR + 0x00000013)
/*! APB secure mode is locked. */
#define CC_BSV_APB_SECURE_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000014)
/*! APB privilege mode is locked. */
#define CC_BSV_APB_PRIVILEG_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000015)
/*! Illegal operation. */
#define CC_BSV_ILLEGAL_OPERATION_ERR (CC_BSV_BASE_ERROR + 0x00000016)
/*! Illegal asset size. */
#define CC_BSV_ILLEGAL_ASSET_SIZE_ERR (CC_BSV_BASE_ERROR + 0x00000017)
/*! Illegal asset value. */
#define CC_BSV_ILLEGAL_ASSET_VAL_ERR (CC_BSV_BASE_ERROR + 0x00000018)
/*! Kpicv is locked. */
#define CC_BSV_KPICV_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000019)
/*! Illegal SW version. */
#define CC_BSV_ILLEGAL_SW_VERSION_ERR (CC_BSV_BASE_ERROR + 0x0000001A)
/*! AO write operation. */
#define CC_BSV_AO_WRITE_FAILED_ERR (CC_BSV_BASE_ERROR + 0x0000001B)
/*! Chip state is already initialized. */
#define CC_BSV_CHIP_INITIALIZED_ERR (CC_BSV_BASE_ERROR + 0x0000001C)
/*! SP is not enabled. */
#define CC_BSV_SP_NOT_ENABLED_ERR (CC_BSV_BASE_ERROR + 0x0000001D)
/*! Production secure provisioning - header fields. */
#define CC_BSV_PROD_PKG_HEADER_ERR (CC_BSV_BASE_ERROR + 0x0000001E)
/*! Production secure provisioning - header MAC. */
#define CC_BSV_PROD_PKG_HEADER_MAC_ERR (CC_BSV_BASE_ERROR + 0x0000001F)
/*! Overrun buffer or size. */
#define CC_BSV_OVERRUN_ERR (CC_BSV_BASE_ERROR + 0x00000020)
/*! Kceicv is locked. */
#define CC_BSV_KCEICV_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000021)
/*! Chip indication is CHIP_STATE_ERROR. */
#define CC_BSV_CHIP_INDICATION_ERR (CC_BSV_BASE_ERROR + 0x00000022)
/*! Device is locked in fatal error state. */
#define CC_BSV_FATAL_ERR_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000023)
/*! Device has security disable feature enabled. */
#define CC_BSV_SECURE_DISABLE_ERROR (CC_BSV_BASE_ERROR + 0x00000024)
/*! Device has Kcst in disabled state */
#define CC_BSV_KCST_DISABLE_ERROR (CC_BSV_BASE_ERROR + 0x00000025)
/*! Illegal data-in pointer. */
#define CC_BSV_CRYPTO_INVALID_DATA_IN_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000001)
/*! Illegal data-out pointer. */
#define CC_BSV_CRYPTO_INVALID_DATA_OUT_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000002)
/*! Illegal data size. */
#define CC_BSV_CRYPTO_INVALID_DATA_SIZE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000003)
/*! Illegal key type. */
#define CC_BSV_CRYPTO_INVALID_KEY_TYPE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000004)
/*! Illegal key size. */
#define CC_BSV_CRYPTO_INVALID_KEY_SIZE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000005)
/*! Invalid key pointer. */
#define CC_BSV_CRYPTO_INVALID_KEY_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000006)
/*! Illegal key DMA type. */
#define CC_BSV_CRYPTO_INVALID_KEY_DMA_TYPE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000007)
/*! Illegal IV pointer. */
#define CC_BSV_CRYPTO_INVALID_IV_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000008)
/*! Illegal cipher mode. */
#define CC_BSV_CRYPTO_INVALID_CIPHER_MODE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000009)
/*! Illegal result buffer pointer. */
#define CC_BSV_CRYPTO_INVALID_RESULT_BUFFER_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000A)
/*! Invalid DMA type. */
#define CC_BSV_CRYPTO_INVALID_DMA_TYPE_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000B)
/*! Invalid in/out buffers overlapping. */
#define CC_BSV_CRYPTO_DATA_OUT_DATA_IN_OVERLAP_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000C)
/*! Invalid KDF label size. */
#define CC_BSV_CRYPTO_ILLEGAL_KDF_LABEL_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000D)
/*! Invalid KDF Context size. */
#define CC_BSV_CRYPTO_ILLEGAL_KDF_CONTEXT_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000E)
/*! Invalid CCM key. */
#define CC_BSV_CCM_INVALID_KEY_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000f)
/*! Invalid CCM Nonce. */
#define CC_BSV_CCM_INVALID_NONCE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000010)
/*! Invalid CCM associated data. */
#define CC_BSV_CCM_INVALID_ASSOC_DATA_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000011)
/*! Invalid CCM text data. */
#define CC_BSV_CCM_INVALID_TEXT_DATA_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000012)
/*! Invalid CCM-MAC buffer. */
#define CC_BSV_CCM_INVALID_MAC_BUF_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000013)
/*! CCM-MAC comparison failed. */
#define CC_BSV_CCM_TAG_LENGTH_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000014)
/*! CCM-MAC comparison failed. */
#define CC_BSV_CCM_MAC_INVALID_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000015)
/*! Illegal flow mode. */
#define CC_BSV_CRYPTO_INVALID_FLOW_MODE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000016)
#ifdef __cplusplus
}
#endif
#endif
/**
@}
*/

50
include/drivers/arm/cryptocell/713/cc_address_defs.h Normal file
View File

@ -0,0 +1,50 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _CC_ADDRESS_DEFS_H
#define _CC_ADDRESS_DEFS_H
/*!
@file
@brief This file contains general definitions.
*/
#ifdef __cplusplus
extern "C"
{
#endif
#include "cc_pal_types.h"
/************************ Defines ******************************/
/**
* Address types within CC
*/
/*! Definition of DMA address type, can be 32 bits or 64 bits according to CryptoCell's HW. */
typedef uint64_t CCDmaAddr_t;
/*! Definition of CryptoCell address type, can be 32 bits or 64 bits according to platform. */
typedef uint64_t CCAddr_t;
/*! Definition of CC SRAM address type, can be 32 bits according to CryptoCell's HW. */
typedef uint32_t CCSramAddr_t;
/*
* CCSramAddr_t is being cast into pointer type which can be 64 bit.
*/
/*! Definition of MACRO that casts SRAM addresses to pointer types. */
#define CCSramAddr2Ptr(sramAddr) ((uintptr_t)sramAddr)
#ifdef __cplusplus
}
#endif
#endif
/**
@}
*/

52
include/drivers/arm/cryptocell/713/cc_boot_defs.h Normal file
View File

@ -0,0 +1,52 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _CC_BOOT_DEFS_H
#define _CC_BOOT_DEFS_H
/*!
@file
@brief This file contains general definitions of types and enums of Boot APIs.
*/
#ifdef __cplusplus
extern "C"
{
#endif
/*! Version counters value. */
typedef enum {
CC_SW_VERSION_TRUSTED = 0, /*!< Trusted counter. */
CC_SW_VERSION_NON_TRUSTED, /*!< Non trusted counter. */
CC_SW_VERSION_MAX = 0x7FFFFFFF /*!< Reserved */
} CCSbSwVersionId_t;
/*! The hash boot key definition. */
typedef enum {
CC_SB_HASH_BOOT_KEY_0_128B = 0, /*!< Hbk0: 128-bit truncated SHA-256 digest of PubKB0. Used by ICV */
CC_SB_HASH_BOOT_KEY_1_128B = 1, /*!< Hbk1: 128-bit truncated SHA-256 digest of PubKB1. Used by OEM */
CC_SB_HASH_BOOT_KEY_256B = 2, /*!< Hbk: 256-bit SHA-256 digest of public key. */
CC_SB_HASH_BOOT_NOT_USED = 0xF, /*!< Hbk is not used. */
CC_SB_HASH_MAX_NUM = 0x7FFFFFFF, /*!< Reserved. */
} CCSbPubKeyIndexType_t;
/*! Chip state. */
typedef enum {
CHIP_STATE_NOT_INITIALIZED = 0, /*! Chip is not initialized. */
CHIP_STATE_TEST = 1, /*! Chip is in Production state. */
CHIP_STATE_PRODUCTION = 2, /*! Chip is in Production state. */
CHIP_STATE_ERROR = 3, /*! Chip is in Error state. */
} CCBsvChipState_t;
#ifdef __cplusplus
}
#endif
#endif /*_CC_BOOT_DEFS_H */
/**
@}
*/

100
include/drivers/arm/cryptocell/713/cc_pal_types.h Normal file
View File

@ -0,0 +1,100 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef CC_PAL_TYPES_H
#define CC_PAL_TYPES_H
/*!
@file
@brief This file contains platform-dependent definitions and types of the PAL layer.
@defgroup cc_pal_types CryptoCell platform-dependent PAL layer definitions and types
@{
@ingroup cc_pal
@{
@ingroup cc_pal
@}
*/
#include "cc_pal_types_plat.h"
/*! Definition of Boolean type.*/
typedef enum {
/*! Boolean false.*/
CC_FALSE = 0,
/*! Boolean true.*/
CC_TRUE = 1
} CCBool_t;
/*! Success. */
#define CC_SUCCESS 0UL
/*! Failure. */
#define CC_FAIL 1UL
/*! Success (OK). */
#define CC_OK 0
/*! This macro handles unused parameters in the code, to avoid compilation warnings. */
#define CC_UNUSED_PARAM(prm) ((void)prm)
/*! The maximal uint32 value.*/
#define CC_MAX_UINT32_VAL (0xFFFFFFFF)
/* Minimal and Maximal macros */
#ifdef min
/*! Definition for minimal calculation. */
#define CC_MIN(a,b) min( a , b )
#else
/*! Definition for minimal calculation. */
#define CC_MIN( a , b ) ( ( (a) < (b) ) ? (a) : (b) )
#endif
#ifdef max
/*! Definition for maximal calculation. */
#define CC_MAX(a,b) max( a , b )
#else
/*! Definition for maximal calculation.. */
#define CC_MAX( a , b ) ( ( (a) > (b) ) ? (a) : (b) )
#endif
/*! This macro calculates the number of full Bytes from bits, where seven bits are one Byte. */
#define CALC_FULL_BYTES(numBits) ((numBits)/CC_BITS_IN_BYTE + (((numBits) & (CC_BITS_IN_BYTE-1)) > 0))
/*! This macro calculates the number of full 32-bit words from bits where 31 bits are one word. */
#define CALC_FULL_32BIT_WORDS(numBits) ((numBits)/CC_BITS_IN_32BIT_WORD + (((numBits) & (CC_BITS_IN_32BIT_WORD-1)) > 0))
/*! This macro calculates the number of full 32-bit words from Bytes where three Bytes are one word. */
#define CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) ((sizeBytes)/CC_32BIT_WORD_SIZE + (((sizeBytes) & (CC_32BIT_WORD_SIZE-1)) > 0))
/*! This macro calculates the number of full 32-bit words from 64-bits dwords. */
#define CALC_32BIT_WORDS_FROM_64BIT_DWORD(sizeWords) (sizeWords * CC_32BIT_WORD_IN_64BIT_DWORD)
/*! This macro rounds up bits to 32-bit words. */
#define ROUNDUP_BITS_TO_32BIT_WORD(numBits) (CALC_FULL_32BIT_WORDS(numBits) * CC_BITS_IN_32BIT_WORD)
/*! This macro rounds up bits to Bytes. */
#define ROUNDUP_BITS_TO_BYTES(numBits) (CALC_FULL_BYTES(numBits) * CC_BITS_IN_BYTE)
/*! This macro rounds up bytes to 32-bit words. */
#define ROUNDUP_BYTES_TO_32BIT_WORD(sizeBytes) (CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) * CC_32BIT_WORD_SIZE)
/*! This macro calculates the number Bytes from words. */
#define CALC_WORDS_TO_BYTES(numwords) ((numwords)*CC_32BIT_WORD_SIZE)
/*! Definition of 1 KB in Bytes. */
#define CC_1K_SIZE_IN_BYTES 1024
/*! Definition of number of bits in a Byte. */
#define CC_BITS_IN_BYTE 8
/*! Definition of number of bits in a 32-bits word. */
#define CC_BITS_IN_32BIT_WORD 32
/*! Definition of number of Bytes in a 32-bits word. */
#define CC_32BIT_WORD_SIZE 4
/*! Definition of number of 32-bits words in a 64-bits dword. */
#define CC_32BIT_WORD_IN_64BIT_DWORD 2
#endif
/**
@}
*/

25
include/drivers/arm/cryptocell/713/cc_pal_types_plat.h Normal file
View File

@ -0,0 +1,25 @@
/*
* Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
/*! @file
@brief This file contains basic type definitions that are platform-dependent.
*/
#ifndef _CC_PAL_TYPES_PLAT_H
#define _CC_PAL_TYPES_PLAT_H
/* Host specific types for standard (ISO-C99) compilant platforms */
#include <stddef.h>
#include <stdint.h>
typedef uint32_t CCStatus;
#define CCError_t CCStatus
#define CC_INFINITE 0xFFFFFFFF
#define CEXPORT_C
#define CIMPORT_C
#endif /*_CC_PAL_TYPES_PLAT_H*/

62
include/drivers/arm/cryptocell/713/cc_pka_hw_plat_defs.h Normal file
View File

@ -0,0 +1,62 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _CC_PKA_HW_PLAT_DEFS_H
#define _CC_PKA_HW_PLAT_DEFS_H
#ifdef __cplusplus
extern "C"
{
#endif
#include "cc_pal_types.h"
/*!
@file
@brief Contains the enums and definitions that are used in the PKA code (definitions that are platform dependent).
*/
/*! The size of the PKA engine word. */
#define CC_PKA_WORD_SIZE_IN_BITS 128
/*! The maximal supported size of modulus in RSA in bits. */
#define CC_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS 4096
/*! The maximal supported size of key-generation in RSA in bits. */
#define CC_RSA_MAX_KEY_GENERATION_HW_SIZE_BITS 4096
/*! Secure boot/debug certificate RSA public modulus key size in bits. */
#if (KEY_SIZE == 3072)
#define BSV_CERT_RSA_KEY_SIZE_IN_BITS 3072
#else
#define BSV_CERT_RSA_KEY_SIZE_IN_BITS 2048
#endif
/*! Secure boot/debug certificate RSA public modulus key size in bytes. */
#define BSV_CERT_RSA_KEY_SIZE_IN_BYTES (BSV_CERT_RSA_KEY_SIZE_IN_BITS/CC_BITS_IN_BYTE)
/*! Secure boot/debug certificate RSA public modulus key size in words. */
#define BSV_CERT_RSA_KEY_SIZE_IN_WORDS (BSV_CERT_RSA_KEY_SIZE_IN_BITS/CC_BITS_IN_32BIT_WORD)
/*! The maximal count of extra bits in PKA operations. */
#define PKA_EXTRA_BITS 8
/*! The number of memory registers in PKA operations. */
#define PKA_MAX_COUNT_OF_PHYS_MEM_REGS 32
/*! Size of buffer for Barrett modulus tag in words. */
#define RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS 5
/*! Size of buffer for Barrett modulus tag in bytes. */
#define RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_BYTES (RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS*CC_32BIT_WORD_SIZE)
#ifdef __cplusplus
}
#endif
#endif //_CC_PKA_HW_PLAT_DEFS_H
/**
@}
*/

70
include/drivers/arm/cryptocell/713/cc_sec_defs.h Normal file
View File

@ -0,0 +1,70 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _CC_SEC_DEFS_H
#define _CC_SEC_DEFS_H
/*!
@file
@brief This file contains general definitions and types.
*/
#ifdef __cplusplus
extern "C"
{
#endif
#include "cc_pal_types.h"
/*! Hashblock size in words. */
#define HASH_BLOCK_SIZE_IN_WORDS 16
/*! Hash - SHA2 results in words. */
#define HASH_RESULT_SIZE_IN_WORDS 8
/*! Hash - SHA2 results in bytes. */
#define HASH_RESULT_SIZE_IN_BYTES 32
/*! Definition for hash result array. */
typedef uint32_t CCHashResult_t[HASH_RESULT_SIZE_IN_WORDS];
/*! Definition for converting pointer to Host address. */
#define CONVERT_TO_ADDR(ptr) (unsigned long)ptr
/*! Definition for converting pointer to SRAM address. */
#define CONVERT_TO_SRAM_ADDR(ptr) (0xFFFFFFFF & ptr)
/*! The data size of the signed SW image, in bytes. */
/*!\internal ContentCertImageRecord_t includes: HS(8W) + 64-b dstAddr(2W) + imgSize(1W) + isCodeEncUsed(1W) */
#define SW_REC_SIGNED_DATA_SIZE_IN_BYTES 48
/*! The data size of the unsigned SW image, in bytes. */
/*!\internal CCSbSwImgAddData_t includes: 64-b srcAddr(2W)*/
#define SW_REC_NONE_SIGNED_DATA_SIZE_IN_BYTES 8
/*! The additional data size - storage address and length of the unsigned SW image, in words. */
#define SW_REC_NONE_SIGNED_DATA_SIZE_IN_WORDS SW_REC_NONE_SIGNED_DATA_SIZE_IN_BYTES/CC_32BIT_WORD_SIZE
/*! The additional data section size, in bytes. */
#define CC_SB_MAX_SIZE_ADDITIONAL_DATA_BYTES 128
/*! Indication of whether or not to load the SW image to memory. */
#define CC_SW_COMP_NO_MEM_LOAD_INDICATION 0xFFFFFFFFFFFFFFFFUL
/*! Indication of product version, stored in certificate version field. */
#define CC_SB_CERT_VERSION_PROJ_PRD 0x713
#ifdef __cplusplus
}
#endif
#endif
/**
@}
*/