hostlib/hostLib/libCommon/hostCrypto/axHostCrypto.h

/**
 * @file axHostCrypto.h
 * @author NXP Semiconductors
 * @version 1.0
 * @par License
 *
 * Copyright 2016 NXP
 * SPDX-License-Identifier: Apache-2.0
 *
 * @par Description
 * Host Crypto wrapper API for the A7-series security IC's
 *
 * @par HISTORY
 *
 */

#ifndef _AX_HOSTCRYPTO_H_
#define _AX_HOSTCRYPTO_H_

#include "sm_types.h"
#ifdef OPENSSL
#include <openssl/cmac.h>
#include <openssl/aes.h>
#endif

#ifdef MBEDTLS
#include <mbedtls/cmac.h>
#include <mbedtls/aes.h>
#endif

#ifdef TGT_A70CI
#include "a70ciHostCrypto.h"
#endif

#ifdef __cplusplus
extern "C" {
#endif

// Move this in cryptolibrary specific header files
#ifdef OPENSSL
typedef CMAC_CTX axHcCmacCtx_t;
#define HOST_ENCRYPT    (AES_ENCRYPT)  //!< Request encrypt operation
#define HOST_DECRYPT    (AES_DECRYPT)  //!< Request decrypt operation
#endif //OPENSSL

#ifdef MBEDTLS
typedef mbedtls_cipher_context_t axHcCmacCtx_t;
#define HOST_ENCRYPT    (1)  //!< Request encrypt operation
#define HOST_DECRYPT    (0)  //!< Request decrypt operation
#endif // MBEDTLS

#ifdef NO_SECURE_CHANNEL_SUPPORT
typedef struct {
    int dummy;
} axHcCmacCtx_t;
#endif // NO_SECURE_CHANNEL_SUPPORT

/* The error code defines follow the OpenSSL conventions */
#define HOST_CRYPTO_NOT_SUPPORTED -1  //!< Crypto engine does not support implementation
#define HOST_CRYPTO_ERROR          0  //!< Failure
#define HOST_CRYPTO_OK             1  //!< Success

/**
 * Calculate in one shot the SHA-1 hash value of the provided input \p msg.
 * SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a 160 bit output.
 * @param[in] msg     Input data whose hash value must be calculated
 * @param[in] msgLen  Length in byte of \p msg
 * @param[in,out] pHash IN: Buffer provided by caller (at least 20 byte); OUT: Calculated hash value
 *
 * @retval HOST_CRYPTO_OK
 * @retval HOST_CRYPTO_ERROR
 */
S32 HOST_SHA1_Get(const U8 *msg, U32 msgLen, U8 *pHash);

/**
 * Calculate in one shot the SHA256 hash value of the provided input \p msg.
 * SHA256 (Secure Hash Algorithm) is a cryptographic hash function with a 256 bit output.
 * @param[in] msg     Input data whose hash value must be calculated
 * @param[in] msgLen  Length in byte of \p msg
 * @param[in,out] pHash IN: Buffer provided by caller (at least 32 byte); OUT: Calculated hash value
 *
 * @retval HOST_CRYPTO_OK
 * @retval HOST_CRYPTO_ERROR
 */
S32 HOST_SHA256_Get(const U8 *msg, U32 msgLen, U8 *pHash);

#ifdef TGT_A70CU
#define SHA256_STATE_SIZE   32
#define PARTIAL_HASH_DEFAULT_NO_STATE
S32 HOST_SHA256_GetPartialHash(const U8 *msg, U32 msgLen, U8 *pHashState, U32 *pNumProcessedMsgBytes);
#endif

/**
 * Calculate in one shot the AES-128 based CMAC of \p mMsg.
 * @param[in] pKey           128 bit AES key
 * @param[in] keySizeInBytes Currently only a keysize of 16 is supported
 * @param[in] pMsg           input data to me mac'd
 * @param[in] msgLen         length of input data in bytes
 * @param[in,out] pMac       IN: Buffer of at least 16 byte; OUT: Calculated CMAC value (16 byte long)
 *
 * @retval ::ERR_MEMORY
 * @retval ::HOST_CRYPTO_OK
 * @retval ::HOST_CRYPTO_ERROR
 */
S32 HOST_CMAC_Get(const U8 *pKey, U8 keySizeInBytes, const U8 *pMsg, U32 msgLen, U8 *pMac);

/**
 * Initialize AES-128 based CMAC primitive
 * @param[out] ctx Pointer to context (double indirection)
 * @param[in] pKey           128 bit AES key
 * @param[in] keySizeInBytes Currently only 16 is supported
 *
 * @retval ::ERR_MEMORY
 * @retval ::HOST_CRYPTO_OK
 * @retval ::HOST_CRYPTO_ERROR
 */
S32 HOST_CMAC_Init(axHcCmacCtx_t **ctx, const U8 *pKey, U8 keySizeInBytes);

/**
 * Update/Append to data that must be mac'd
 * @param[in] ctx Pointer to context
 * @param[in] pMsg
 * @param[in] msgLen
 *
 * @retval ::HOST_CRYPTO_OK
 * @retval ::HOST_CRYPTO_ERROR
 */
S32 HOST_CMAC_Update(axHcCmacCtx_t *ctx, const U8 *pMsg, U32 msgLen);

/**
 * Retrieve the mac value and clean up/free the context
 * @param[in]  ctx Pointer to context
 * @param[out] pMac
 *
 * @retval ::HOST_CRYPTO_OK
 * @retval ::HOST_CRYPTO_ERROR
 */
S32 HOST_CMAC_Finish(axHcCmacCtx_t *ctx, U8 *pMac);

/**
 * Decrypt the provided ciphertext (assumed to be a block of 16 byte) using AES in ECB mode
 * @param[in,out] plainText
 * @param[in] cipherText
 * @param[in] key
 * @param[in] keyLen
 *
 * @retval ::HOST_CRYPTO_OK
 * @retval ::HOST_CRYPTO_ERROR
 */
S32 HOST_AES_ECB_DECRYPT(U8 *plainText, const U8 *cipherText, const U8 *key, U32 keyLen);

/**
 * Encrypt the provided plaintext (assumed to be a block of 16 byte) using AES in ECB mode
 * @param[in] plainText
 * @param[in,out] cipherText
 * @param[in] key
 * @param[in] keyLen
 *
 * @retval ::HOST_CRYPTO_OK
 * @retval ::HOST_CRYPTO_ERROR
 */
S32 HOST_AES_ECB_ENCRYPT(const U8 *plainText, U8 *cipherText, const U8 *key, U32 keyLen);

/**
 * Encrypt/Decrypt the provided plaintext \p pIn using AES-128 in CBC mode
 * @param[in] pKey
 * @param[in] keyLen  Currently only a keysize of 16 byte is supported
 * @param[in] pIv Initialization vector
 * @param[in] dir Either ::HOST_ENCRYPT or ::HOST_DECRYPT
 * @param[in] pIn input data
 * @param[in] inLen
 * @param[in,out] pOut
 *
 * @retval ::ERR_API_ERROR
 * @retval ::HOST_CRYPTO_OK
 * @retval ::HOST_CRYPTO_ERROR
 */
S32 HOST_AES_CBC_Process(const U8 *pKey, U32 keyLen, const U8 *pIv, U8 dir, const U8 *pIn, U32 inLen, U8 *pOut);

/**
 * Fill up the provided buffer \p pRandom with \p inLen byte of random data
 * @param[in]     inLen    number (in byte) of random data requested
 * @param[in,out] pRandom  IN: buffer of at least inLen size; OUT: retrieved random data
 *
 * @retval ::HOST_CRYPTO_NOT_SUPPORTED   Random not supported by Crypto Engine
 * @retval ::HOST_CRYPTO_OK
 * @retval ::HOST_CRYPTO_ERROR
 */
S32 HOST_GetRandom(U32 inLen, U8 * pRandom);

/**
* Encrypt/Decrypt the provided plaintext \p pIn using AES-128 in ecb mode
* @param[in] pKey
* @param[in] keyLen  Currently only a keysize of 16 byte is supported
* @param[in] pIv Initialization vector
* @param[in] dir Either ::HOST_ENCRYPT or ::HOST_DECRYPT
* @param[in] pIn input data
* @param[in] inLen
* @param[in,out] pOut
*
* @retval ::ERR_API_ERROR
* @retval ::HOST_CRYPTO_OK
* @retval ::HOST_CRYPTO_ERROR
*/
S32 HOST_AES_ECB_Process(const U8 *pKey, U32 keyLen, const U8 *pIv, U8 dir, const U8 *pIn, U32 inLen, U8 *pOut);

/**
* Encrypt/Decrypt the provided plaintext \p pIn using Triple-DES keu in cbc mode
* @param[in] pKey
* @param[in] keyLen  Currently only a keysize of 16 byte is supported
* @param[in] pIv Initialization vector
* @param[in] dir Either ::HOST_ENCRYPT or ::HOST_DECRYPT
* @param[in] pIn input data
* @param[in] inLen
* @param[in,out] pOut
*
* @retval ::ERR_API_ERROR
* @retval ::HOST_CRYPTO_OK
* @retval ::HOST_CRYPTO_ERROR
*/
S32 HOST_3DES_CBC_Process(const U8 *pKey, U32 keyLen, const U8 *pIv, U8 dir, const U8 *pIn, U32 inLen, U8 *pOut);
/**
* Encrypt/Decrypt the provided plaintext \p pIn using Triple-DES keu in ecb mode
* @param[in] pKey
* @param[in] keyLen  Currently only a keysize of 16 byte is supported
* @param[in] pIv Initialization vector
* @param[in] dir Either ::HOST_ENCRYPT or ::HOST_DECRYPT
* @param[in] pIn input data
* @param[in] inLen
* @param[in,out] pOut
*
* @retval ::ERR_API_ERROR
* @retval ::HOST_CRYPTO_OK
* @retval ::HOST_CRYPTO_ERROR
*/
S32 HOST_3DES_ECB_Process(const U8 *pKey, U32 keyLen, const U8 *pIv,
                          U8 dir, const U8 *pIn, U32 inLen, U8 *pOut);

/**
* Calculate in one shot the DES based CMAC of \p mMsg.
* @param[in] pKey           the DES key
* @param[in] keySizeInBytes the key size
* @param[in] pMsg           input data to me mac'd
* @param[in] msgLen         length of input data in bytes
* @param[in,out] pMac       IN: Buffer of at least 8 byte; OUT: Calculated CMAC value (8 byte long)
*
* @retval ::ERR_MEMORY
* @retval ::HOST_CRYPTO_OK
* @retval ::HOST_CRYPTO_ERROR
*/
S32 HOST_CMAC_Get_Des(const U8 *pKey, U8 keySizeInBytes, const U8 *pMsg, U32 msgLen, U8* pMac);

/**
* Initialize DES based CMAC primitive
* @param[out] ctx Pointer to context (double indirection)
* @param[in] pKey           the key
* @param[in] keySizeInBytes the key size
*
* @retval ::ERR_MEMORY
* @retval ::HOST_CRYPTO_OK
* @retval ::HOST_CRYPTO_ERROR
*/
S32 HOST_CMAC_Init_Des(axHcCmacCtx_t **ctx, const U8 *pKey,  U8 keySizeInBytes);

/**
* Wrap data with an AES wrapping key according to RFC 3394
* @param[in] wrapKey           the AES wrapping key
* @param[in] wrapKeyLen        the key size
* @param[in,out] out           buffer to contain the wrapped data
* @param[in,out] outLen        the wrapped data length
* @param[in] in                input data to me wrapped
* @param[in] inLen             the length of input data in bytes
*
* @retval ::ERR_MEMORY
* @retval ::HOST_CRYPTO_OK
* @retval ::HOST_CRYPTO_ERROR
*/
S32 HOST_AesWrapKeyRFC3394(const U8 *wrapKey, U16 wrapKeyLen, U8 *out, U16 *outLen, const U8 *in, U16 inLen);

/**
* Wrap data with an AES wrapping key according to RFC 3394, with a give IV
* @param[in] wrapKey           the AES wrapping key
* @param[in] wrapKeyLen        the key size
* @param[in] iv                the Initialization Vector
* @param[in,out] out           buffer to contain the wrapped data
* @param[in,out] outLen        the wrapped data length
* @param[in] in                input data to me wrapped
* @param[in] inLen             the length of input data in bytes
*
* @retval ::ERR_MEMORY
* @retval ::HOST_CRYPTO_OK
* @retval ::HOST_CRYPTO_ERROR
*/
S32 HOST_AesWrapKeyRFC3394WithIV(const U8 *wrapKey, U16 wrapKeyLen, U8* iv, U8 *out, U16 *outLen, const U8 *in, U16 inLen);

#ifdef __cplusplus
}
#endif
#endif