blob: a18ee31ca7cb73884d78474de72c25f680cf6373 [file] [log] [blame]
/**
* @file a71cl_api.h
* @author NXP Semiconductors
* @version 1.0
* @par License
*
* Copyright 2016 NXP
* SPDX-License-Identifier: Apache-2.0
*
* @par Description
* This file provides the public interface of the A71CL module.
* @par History
* 1.0 1-oct-2016 : Initial version
*
*****************************************************************************/
#ifndef _A71CL_API_
#define _A71CL_API_
#include "scp.h"
#include "sm_api.h"
#include "sm_types.h"
#include "ax_common.h"
#ifdef __cplusplus
extern "C" {
#endif
/* ------------------------------ */
typedef U8 SST_Index_t;
#define A71CL_SCP02_MAX_PAYLOAD_SIZE 239 //!< Maximum size of command/response data in case SCP02 in enabled
#define A71CL_KEK_MAX_DATA_CHUNK 224 //!< Maximum size of command data in case KEK in enabled
#define A71CL_SHA256_MAX_DATA_CHUNK (A71CL_SCP02_MAX_PAYLOAD_SIZE) //!< SHA256 specific implementation parameter
#define A71CL_CL_STRING_SIZE 12
//#define API_ONLY_ASYMMETRIC_CRYPT
typedef enum digestAlgorithm
{
eSHA1 = 0,
eSHA224 = 1,
eSHA256 = 2,
eSHA384 = 3,
eSHA512 = 4,
eSM3 = 5,
eEND
} eDigestAlgorithm;
typedef enum clKeyType {
e3DES = 0,
eAES = 1,
eRSA = 2,
eRSA_CRT = 3,
eSM2 = 4,
eSM4 = 5,
eSSF33 = 6,
eSM7 = 7,
eSM9 = 8,
eSM1 = 9,
eECC = 10
} eCLKeyType;
typedef enum clKeyTag {
etag3ES = 0x40,
etagAES = 0x41,
etagSM4 = 0x42,
etagSSF33 = 0x43,
etagSM7 = 0x44,
etagSM9 = 0x45,
etagSM1 = 0x46,
etagRSA_CRT_INVQ = 0x49,
etagRSA_CRT_DP = 0x50,
etagRSA_CRT_DQ = 0x51,
etagSM2_W_X = 0x60,
etagSM2_W_Y = 0x60,
etagSM2_S = 0x62,
etagRSA_D = 0x64,
etagRSA_E = 0x65,
etagRSA_N = 0x6E,
etagRSA_CRT_P = 0x70,
etagRSA_CRT_Q = 0x71,
etagECC_W_X = 0x72,
etagECC_W_Y = 0x73,
etagECC_S = 0x74
} eCLKeyTag;
typedef enum clSymCryptMode {
eEncrypt = 0x51,
eDecrypt = 0x52,
eSignMac = 0x53,
eVerifyMac = 0x54
} eCLSymCryptMode;
typedef enum clSymCryptType {
eDES_CBC_NOPADDING = 0x00,
eDES_ECB_NOPADDING = 0x01,
eAES_CBC_NOPADDING = 0x02,
eAES_ECB_NOPADDING = 0x03,
eDES_CBC_ISO9797_M1 = 0x04,
eDES_CBC_ISO9797_M2 = 0x05,
eAES_CBC_ISO9797_M1 = 0x06,
eAES_CBC_ISO9797_M2 = 0x07,
eSM4_CBC_NOPADDING = 0x10,
eSM4_ECB_NOPADDING = 0x11,
eSM7_CBC_NOPADDING = 0x12,
eSM7_ECB_NOPADDING = 0x13,
eSM4_CBC_ISO9797_M1 = 0x14,
eSM4_CBC_ISO9797_M2 = 0x15,
eSM7_CBC_ISO9797_M1 = 0x16,
eSM7_CBC_ISO9797_M2 = 0x17
} eCLSymCryptType;
typedef enum clAsymCryptMode {
eAsymEncrypt = 0x51,
eAsymDecrypt = 0x52,
eAsymSign = 0x53,
eAsymVerifySign = 0x54
} eCLAsymCryptMode;
typedef enum clAsymCryptType {
eRSA_NOPADDING = 0x00,
eRSA_SHA1_PKCS1 = 0x01,
eRSA_SHA256_PKCS1 = 0x02,
eRSA_SHA384_PKCS1 = 0x03,
eRSA_SHA512_PKCS1 = 0x04,
eSM2_SM3 = 0x05,
eECDSA = 0x06
} eCLAsymCryptType;
#ifdef WIN32
#pragma pack(push, 1)
typedef struct cl_ID {
U16 vendor;
U8 length;
U8 id[A71CL_CL_STRING_SIZE];
} sCL_ID;
typedef struct CL_keyHeader
{
U8 cLIdLen;
U8 cLId[A71CL_CL_STRING_SIZE];
U8 keyType;
U8 keyId;
// U32* keyElement;
} sCL_KeyHeader;
typedef struct CL_keyElement
{
U8 keyElTag;
U16 keyElLen;
// U32* keyValue;
} sCL_KeyElement;
typedef struct CL_VendorInfo {
U16 oemId;
U8 version[8];
U8 configuration[4];
U16 availableSpace;
U8 extentionBits[4];
} sCL_VendorInfo;
#pragma pack(pop)
#else
//#ifdef LINUX
typedef struct __attribute__((packed)) cl_ID {
U16 vendor;
U8 length;
U8 id[A71CL_CL_STRING_SIZE];
} sCL_ID;
typedef struct CL_keyHeader
{
U8 cLIdLen;
U8 cLId[A71CL_CL_STRING_SIZE];
U8 keyType;
U8 keyId;
// U32* keyElement;
} sCL_KeyHeader;
typedef struct CL_keyElement
{
U8 keyElTag;
U16 keyElLen;
// U32* keyValue;
} sCL_KeyElement;
typedef struct CL_VendorInfo {
U16 oemId;
U8 version[8];
U8 configuration[4];
U16 availableSpace;
U8 extentionBits[4];
} sCL_VendorInfo;
#endif
/* ------------------------------ */
#ifndef API_ONLY_ASYMMETRIC_CRYPT
/** \name Module functions
@{ */
U16 CL_CalCRC(const U8* dataBuf, const U32 len, const U16 initValue);
U16 CL_GetID(U8 *idData, const U16 idDataLen);
U16 CL_GetVendorInfo(sCL_VendorInfo* vendorInfoStruct);
U16 CL_DisablePlainInjectionMode();
U16 CL_FreeReadServiceData(U8 recordNum, U8 *outData, U16* outDataLen);
U8 CL_IsAppletInAuthenticationMode();
/** @}*/
/** \name Host Authentication functions
@{ */
U16 CL_GetChallenge(U8 *random, const U8 randomLen);
U16 CL_ExternalAuthenticate(U8 *cryptogram, U16 cryptogramLen);
/** @}*/
/** \name Sensitive Data Storage functions
@{ */
U16 CL_SecurityStorage(U8 *keyData, const U16 keyDataLen);
U16 CL_SecurityStorageWithKEK(U8 *keyData, const U16 keyDataLen, U8 *kekValue, U16 kekValueLen);
U16 CL_SecurityStorageUpdateServiceData(U8 *inData, U16 inDataLen);
U16 CL_SecurityStorageReadServiceData(U8* outData, U16* outDataLen);
U16 CL_GenerateKeyPair(U8 *publicKey, const U16 keyDataLen, const U8 keyType, const U8 keyID);
U16 CL_GenerateKeyPairWithKEK(U8 *publicKey, const U16 keyDataLen,
const U8 keyType, const U8 keyID,
U8 *kekValue, U16 kekValueLen);
U16 CL_SetKEKValue(U8 *currentKekValue, U16 currentKekValueLen, U8 *newKekValue, U16 newKekValueLen);
U16 CL_UpdateServiceData(U8 recordNum, U8 *kekValue, U16 kekValueLen, U8 *inData, U16 inDataLen);
/** @}*/
/** \name Cryptography functions
@{ */
U16 CL_ComputeDigest(U8 *data, const U16 dataLen,
U8 *digest, U16 *digestLen,
const U8 hashType);
U16 CL_SymmetricCrypt(U8 *inData, U16 inDataLen,
U8 symmMode, U8 symmType, U8 keyIndex,
U8 *outData, U16* outDataLen);
#endif
U16 CL_AsymmetricCrypt(U8 *inData, U16 inDataLen,
U8 asymmMode, U8 asymmType, U8 keyIndex,
U8 *outData, U16* outDataLen);
/** @}*/
#ifndef API_ONLY_ASYMMETRIC_CRYPT
/** \name Debug functions
@{ */
U16 CL_ResetContents();
/** @}*/
#endif
// The Link Layer used to communicate between Host and Secure Element may introduce
// additional constraints on the packetsize. This constraint is set by defining MAX_CHUNK_LENGTH_LINK.
// NOTE: In sm_apdu.h MAX_APDU_BUF_LENGTH is set. This value corresponds to the maximum APDU
// buffer length of the Security Module.
// On memory constrained hosts these values can be reduced to a lower value.
// #define MAX_CHUNK_LENGTH_LINK 1024 // Compromise value; can be reduced to about 650
// The A71CL has been tested in combination with: SCI2C interface & SMCOM_JRCP_V1
// TODO: Have the MAX_APDU_BUF_LENGTH take precedence on MAX_CHUNK_LENGTH_LINK
// for the time being the cap on the APDU size is enforced through MAX_CHUNK_LENGTH_LINK
#if defined(SCI2C) || defined(T1oI2C)
#define MAX_CHUNK_LENGTH_LINK 256 //!< Limited by A71CL applet capability
#elif defined(SPI)
#define MAX_CHUNK_LENGTH_LINK 256 //!< Limited by A71CL applet capability
#elif defined(PCSC)
#define MAX_CHUNK_LENGTH_LINK 256 //!< Limited by A71CL applet capability
#elif defined(TDA8029_UART)
#error "Not yet tested"
#elif defined(SMCOM_JRCP_V1)
#define MAX_CHUNK_LENGTH_LINK 256 //!< Limited by A71CL applet capability
#elif defined(RJCT_VCOM)
#define MAX_CHUNK_LENGTH_LINK 256 //!< Limited by A71CL applet capability
#elif defined(SMCOM_JRCP_V2)
#define MAX_CHUNK_LENGTH_LINK 256 //!< Limited by A71CL applet capability
#else
#error "Define a communication layer as a preprocessor constant"
#endif
#ifdef __cplusplus
}
#endif
#endif //_A71CL_API_