| /** |
| * @file a71cl_api.h |
| * @author NXP Semiconductors |
| * @version 1.0 |
| * @par License |
| * |
| * Copyright 2016 NXP |
| * SPDX-License-Identifier: Apache-2.0 |
| * |
| * @par Description |
| * This file provides the public interface of the A71CL module. |
| * @par History |
| * 1.0 1-oct-2016 : Initial version |
| * |
| *****************************************************************************/ |
| #ifndef _A71CL_API_ |
| #define _A71CL_API_ |
| |
| #include "scp.h" |
| #include "sm_api.h" |
| #include "sm_types.h" |
| #include "ax_common.h" |
| |
| #ifdef __cplusplus |
| extern "C" { |
| #endif |
| |
| /* ------------------------------ */ |
| typedef U8 SST_Index_t; |
| |
| #define A71CL_SCP02_MAX_PAYLOAD_SIZE 239 //!< Maximum size of command/response data in case SCP02 in enabled |
| #define A71CL_KEK_MAX_DATA_CHUNK 224 //!< Maximum size of command data in case KEK in enabled |
| #define A71CL_SHA256_MAX_DATA_CHUNK (A71CL_SCP02_MAX_PAYLOAD_SIZE) //!< SHA256 specific implementation parameter |
| |
| #define A71CL_CL_STRING_SIZE 12 |
| |
| //#define API_ONLY_ASYMMETRIC_CRYPT |
| |
| |
| typedef enum digestAlgorithm |
| { |
| eSHA1 = 0, |
| eSHA224 = 1, |
| eSHA256 = 2, |
| eSHA384 = 3, |
| eSHA512 = 4, |
| eSM3 = 5, |
| eEND |
| } eDigestAlgorithm; |
| |
| typedef enum clKeyType { |
| e3DES = 0, |
| eAES = 1, |
| eRSA = 2, |
| eRSA_CRT = 3, |
| eSM2 = 4, |
| eSM4 = 5, |
| eSSF33 = 6, |
| eSM7 = 7, |
| eSM9 = 8, |
| eSM1 = 9, |
| eECC = 10 |
| } eCLKeyType; |
| |
| typedef enum clKeyTag { |
| etag3ES = 0x40, |
| etagAES = 0x41, |
| etagSM4 = 0x42, |
| etagSSF33 = 0x43, |
| etagSM7 = 0x44, |
| etagSM9 = 0x45, |
| etagSM1 = 0x46, |
| etagRSA_CRT_INVQ = 0x49, |
| etagRSA_CRT_DP = 0x50, |
| etagRSA_CRT_DQ = 0x51, |
| etagSM2_W_X = 0x60, |
| etagSM2_W_Y = 0x60, |
| etagSM2_S = 0x62, |
| etagRSA_D = 0x64, |
| etagRSA_E = 0x65, |
| etagRSA_N = 0x6E, |
| etagRSA_CRT_P = 0x70, |
| etagRSA_CRT_Q = 0x71, |
| etagECC_W_X = 0x72, |
| etagECC_W_Y = 0x73, |
| etagECC_S = 0x74 |
| } eCLKeyTag; |
| |
| typedef enum clSymCryptMode { |
| eEncrypt = 0x51, |
| eDecrypt = 0x52, |
| eSignMac = 0x53, |
| eVerifyMac = 0x54 |
| } eCLSymCryptMode; |
| |
| typedef enum clSymCryptType { |
| eDES_CBC_NOPADDING = 0x00, |
| eDES_ECB_NOPADDING = 0x01, |
| eAES_CBC_NOPADDING = 0x02, |
| eAES_ECB_NOPADDING = 0x03, |
| eDES_CBC_ISO9797_M1 = 0x04, |
| eDES_CBC_ISO9797_M2 = 0x05, |
| eAES_CBC_ISO9797_M1 = 0x06, |
| eAES_CBC_ISO9797_M2 = 0x07, |
| eSM4_CBC_NOPADDING = 0x10, |
| eSM4_ECB_NOPADDING = 0x11, |
| eSM7_CBC_NOPADDING = 0x12, |
| eSM7_ECB_NOPADDING = 0x13, |
| eSM4_CBC_ISO9797_M1 = 0x14, |
| eSM4_CBC_ISO9797_M2 = 0x15, |
| eSM7_CBC_ISO9797_M1 = 0x16, |
| eSM7_CBC_ISO9797_M2 = 0x17 |
| } eCLSymCryptType; |
| |
| typedef enum clAsymCryptMode { |
| eAsymEncrypt = 0x51, |
| eAsymDecrypt = 0x52, |
| eAsymSign = 0x53, |
| eAsymVerifySign = 0x54 |
| } eCLAsymCryptMode; |
| |
| typedef enum clAsymCryptType { |
| eRSA_NOPADDING = 0x00, |
| eRSA_SHA1_PKCS1 = 0x01, |
| eRSA_SHA256_PKCS1 = 0x02, |
| eRSA_SHA384_PKCS1 = 0x03, |
| eRSA_SHA512_PKCS1 = 0x04, |
| eSM2_SM3 = 0x05, |
| eECDSA = 0x06 |
| } eCLAsymCryptType; |
| |
| #ifdef WIN32 |
| #pragma pack(push, 1) |
| typedef struct cl_ID { |
| U16 vendor; |
| U8 length; |
| U8 id[A71CL_CL_STRING_SIZE]; |
| } sCL_ID; |
| |
| typedef struct CL_keyHeader |
| { |
| U8 cLIdLen; |
| U8 cLId[A71CL_CL_STRING_SIZE]; |
| U8 keyType; |
| U8 keyId; |
| // U32* keyElement; |
| } sCL_KeyHeader; |
| |
| typedef struct CL_keyElement |
| { |
| U8 keyElTag; |
| U16 keyElLen; |
| // U32* keyValue; |
| } sCL_KeyElement; |
| |
| typedef struct CL_VendorInfo { |
| U16 oemId; |
| U8 version[8]; |
| U8 configuration[4]; |
| U16 availableSpace; |
| U8 extentionBits[4]; |
| } sCL_VendorInfo; |
| |
| #pragma pack(pop) |
| #else |
| |
| //#ifdef LINUX |
| typedef struct __attribute__((packed)) cl_ID { |
| U16 vendor; |
| U8 length; |
| U8 id[A71CL_CL_STRING_SIZE]; |
| } sCL_ID; |
| |
| typedef struct CL_keyHeader |
| { |
| U8 cLIdLen; |
| U8 cLId[A71CL_CL_STRING_SIZE]; |
| U8 keyType; |
| U8 keyId; |
| // U32* keyElement; |
| } sCL_KeyHeader; |
| |
| typedef struct CL_keyElement |
| { |
| U8 keyElTag; |
| U16 keyElLen; |
| // U32* keyValue; |
| } sCL_KeyElement; |
| |
| typedef struct CL_VendorInfo { |
| U16 oemId; |
| U8 version[8]; |
| U8 configuration[4]; |
| U16 availableSpace; |
| U8 extentionBits[4]; |
| } sCL_VendorInfo; |
| |
| #endif |
| /* ------------------------------ */ |
| |
| #ifndef API_ONLY_ASYMMETRIC_CRYPT |
| |
| /** \name Module functions |
| @{ */ |
| U16 CL_CalCRC(const U8* dataBuf, const U32 len, const U16 initValue); |
| U16 CL_GetID(U8 *idData, const U16 idDataLen); |
| U16 CL_GetVendorInfo(sCL_VendorInfo* vendorInfoStruct); |
| U16 CL_DisablePlainInjectionMode(); |
| |
| U16 CL_FreeReadServiceData(U8 recordNum, U8 *outData, U16* outDataLen); |
| |
| U8 CL_IsAppletInAuthenticationMode(); |
| /** @}*/ |
| |
| /** \name Host Authentication functions |
| @{ */ |
| U16 CL_GetChallenge(U8 *random, const U8 randomLen); |
| U16 CL_ExternalAuthenticate(U8 *cryptogram, U16 cryptogramLen); |
| /** @}*/ |
| |
| /** \name Sensitive Data Storage functions |
| @{ */ |
| U16 CL_SecurityStorage(U8 *keyData, const U16 keyDataLen); |
| U16 CL_SecurityStorageWithKEK(U8 *keyData, const U16 keyDataLen, U8 *kekValue, U16 kekValueLen); |
| |
| U16 CL_SecurityStorageUpdateServiceData(U8 *inData, U16 inDataLen); |
| U16 CL_SecurityStorageReadServiceData(U8* outData, U16* outDataLen); |
| |
| U16 CL_GenerateKeyPair(U8 *publicKey, const U16 keyDataLen, const U8 keyType, const U8 keyID); |
| U16 CL_GenerateKeyPairWithKEK(U8 *publicKey, const U16 keyDataLen, |
| const U8 keyType, const U8 keyID, |
| U8 *kekValue, U16 kekValueLen); |
| |
| U16 CL_SetKEKValue(U8 *currentKekValue, U16 currentKekValueLen, U8 *newKekValue, U16 newKekValueLen); |
| U16 CL_UpdateServiceData(U8 recordNum, U8 *kekValue, U16 kekValueLen, U8 *inData, U16 inDataLen); |
| /** @}*/ |
| |
| /** \name Cryptography functions |
| @{ */ |
| U16 CL_ComputeDigest(U8 *data, const U16 dataLen, |
| U8 *digest, U16 *digestLen, |
| const U8 hashType); |
| |
| U16 CL_SymmetricCrypt(U8 *inData, U16 inDataLen, |
| U8 symmMode, U8 symmType, U8 keyIndex, |
| U8 *outData, U16* outDataLen); |
| |
| #endif |
| |
| U16 CL_AsymmetricCrypt(U8 *inData, U16 inDataLen, |
| U8 asymmMode, U8 asymmType, U8 keyIndex, |
| U8 *outData, U16* outDataLen); |
| /** @}*/ |
| |
| #ifndef API_ONLY_ASYMMETRIC_CRYPT |
| /** \name Debug functions |
| @{ */ |
| U16 CL_ResetContents(); |
| /** @}*/ |
| #endif |
| |
| // The Link Layer used to communicate between Host and Secure Element may introduce |
| // additional constraints on the packetsize. This constraint is set by defining MAX_CHUNK_LENGTH_LINK. |
| // NOTE: In sm_apdu.h MAX_APDU_BUF_LENGTH is set. This value corresponds to the maximum APDU |
| // buffer length of the Security Module. |
| // On memory constrained hosts these values can be reduced to a lower value. |
| // #define MAX_CHUNK_LENGTH_LINK 1024 // Compromise value; can be reduced to about 650 |
| // The A71CL has been tested in combination with: SCI2C interface & SMCOM_JRCP_V1 |
| |
| // TODO: Have the MAX_APDU_BUF_LENGTH take precedence on MAX_CHUNK_LENGTH_LINK |
| // for the time being the cap on the APDU size is enforced through MAX_CHUNK_LENGTH_LINK |
| |
| #if defined(SCI2C) || defined(T1oI2C) |
| #define MAX_CHUNK_LENGTH_LINK 256 //!< Limited by A71CL applet capability |
| #elif defined(SPI) |
| #define MAX_CHUNK_LENGTH_LINK 256 //!< Limited by A71CL applet capability |
| #elif defined(PCSC) |
| #define MAX_CHUNK_LENGTH_LINK 256 //!< Limited by A71CL applet capability |
| #elif defined(TDA8029_UART) |
| #error "Not yet tested" |
| #elif defined(SMCOM_JRCP_V1) |
| #define MAX_CHUNK_LENGTH_LINK 256 //!< Limited by A71CL applet capability |
| #elif defined(RJCT_VCOM) |
| #define MAX_CHUNK_LENGTH_LINK 256 //!< Limited by A71CL applet capability |
| #elif defined(SMCOM_JRCP_V2) |
| #define MAX_CHUNK_LENGTH_LINK 256 //!< Limited by A71CL applet capability |
| |
| #else |
| #error "Define a communication layer as a preprocessor constant" |
| #endif |
| |
| #ifdef __cplusplus |
| } |
| #endif |
| #endif //_A71CL_API_ |