Google Git
Sign in
coral / a71ch-crypto-support / 8dc1f1434da50a4b7361d651239c1f3f4f8cc25b / . / sss / inc / fsl_sss_se05x_types.h
blob: 4ade4e543d995481605c411d2685717c98c63533 [file] [log] [blame]
/*
*
* Copyright 2018-2020 NXP
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef SSS_APIS_INC_FSL_SSS_SE05X_TYPES_H_
#define SSS_APIS_INC_FSL_SSS_SE05X_TYPES_H_
/* ************************************************************************** */
/* Includes */
/* ************************************************************************** */
#include <fsl_sss_api.h>
#include <fsl_sss_policy.h>
#if defined(SSS_USE_FTR_FILE)
#include "fsl_sss_ftr.h"
#else
#include "fsl_sss_ftr_default.h"
#endif
#if SSS_HAVE_APPLET_SE05X_IOT
#include "nxScp03_Types.h"
#include "se05x_const.h"
#include "se05x_tlv.h"
#include "sm_api.h"
#if (__GNUC__ && !AX_EMBEDDED)
#include <pthread.h>
/* Only for base session with os */
#endif
/* FreeRTOS includes. */
#if AX_EMBEDDED && USE_RTOS
#include "FreeRTOS.h"
#include "FreeRTOSIPConfig.h"
#include "semphr.h"
#include "task.h"
#endif
/*!
* @addtogroup sss_sw_se05x
* @{
*/
/* ************************************************************************** */
/* Defines */
/* ************************************************************************** */
/** Are we using SE05X as crypto subsystem? */
#define SSS_SUBSYSTEM_TYPE_IS_SE05X(subsystem) (subsystem == kType_SSS_SE_SE05x)
/** Are we using SE05X as crypto subsystem? */
#define SSS_SESSION_TYPE_IS_SE05X(session) (session && SSS_SUBSYSTEM_TYPE_IS_SE05X(session->subsystem))
/** Are we using SE05X as crypto subsystem? */
#define SSS_KEY_STORE_TYPE_IS_SE05X(keyStore) (keyStore && SSS_SESSION_TYPE_IS_SE05X(keyStore->session))
/** Are we using SE05X as crypto subsystem? */
#define SSS_OBJECT_TYPE_IS_SE05X(pObject) (pObject && SSS_KEY_STORE_TYPE_IS_SE05X(pObject->keyStore))
/** Are we using SE05X as crypto subsystem? */
#define SSS_ASYMMETRIC_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session))
/** Are we using SE05X as crypto subsystem? */
#define SSS_DERIVE_KEY_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session))
/** Are we using SE05X as crypto subsystem? */
#define SSS_SYMMETRIC_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session))
/** Are we using SE05X as crypto subsystem? */
#define SSS_MAC_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session))
/** Are we using SE05X as crypto subsystem? */
#define SSS_RNG_CONTEXT_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session))
/** Are we using SE05X as crypto subsystem? */
#define SSS_DIGEST_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session))
/** Are we using SE05X as crypto subsystem? */
#define SSS_AEAD_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session))
/** Are we using SE05X as crypto subsystem? */
#define SSS_TUNNEL_CONTEXT_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session))
/** Are we using SE05X as crypto subsystem? */
#define SSS_TUNNEL_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session))
/* ************************************************************************** */
/* Structrues and Typedefs */
/* ************************************************************************** */
struct _sss_se05x_session;
/** @copydoc sss_tunnel_t */
typedef struct _sss_se05x_tunnel_context
{
/** Pointer to the base SE050 SEssion */
struct _sss_se05x_session *se05x_session;
/** Where exectly this tunner terminate to */
sss_tunnel_dest_t tunnelDest;
#if (__GNUC__ && !AX_EMBEDDED)
/** For systems where we potentially have multi-threaded operations, have a lock */
pthread_mutex_t channelLock;
#elif AX_EMBEDDED && USE_RTOS
SemaphoreHandle_t channelLock;
#endif
} sss_se05x_tunnel_context_t;
/** @copydoc sss_session_t */
typedef struct _sss_se05x_session
{
/** Indicates which security subsystem is selected to be used. */
sss_type_t subsystem;
/** Connection context to SE050 */
Se05xSession_t s_ctx;
/** In case connection is tunneled, context to the tunnel */
sss_se05x_tunnel_context_t *ptun_ctx;
} sss_se05x_session_t;
struct _sss_se05x_object;
/** @copydoc sss_key_store_t */
typedef struct
{
/** Pointer to the session */
sss_se05x_session_t *session;
/** In case the we are using Key Wrapping while injecting the keys, pointer to key used for wrapping */
struct _sss_se05x_object *kekKey;
} sss_se05x_key_store_t;
/** @copydoc sss_object_t */
typedef struct _sss_se05x_object
{
/** key store holding the data and other properties */
sss_se05x_key_store_t *keyStore;
/** @copydoc sss_object_t::objectType */
uint32_t objectType;
/** @copydoc sss_object_t::cipherType */
uint32_t cipherType;
/** Application specific key identifier. The keyId is kept in the key store
* along with the key data and other properties. */
uint32_t keyId;
/** If this is an ECC Key, the Curve ID of the key */
#if APPLET_SE050_VER_MAJOR_MINOR >= 20000u
SE05x_ECCurve_t curve_id;
#else
uint32_t curve_id;
#endif
/** Whether this is a persistant or tansient object */
uint8_t isPersistant : 1;
} sss_se05x_object_t;
/** @copydoc sss_derive_key_t */
typedef struct
{
/** @copydoc sss_derive_key_t::session */
sss_se05x_session_t *session;
/** @copydoc sss_derive_key_t::keyObject */
sss_se05x_object_t *keyObject;
/** @copydoc sss_derive_key_t::algorithm */
sss_algorithm_t algorithm;
/** @copydoc sss_derive_key_t::mode */
sss_mode_t mode;
} sss_se05x_derive_key_t;
/** @copydoc sss_asymmetric_t */
typedef struct
{
/** @copydoc sss_asymmetric_t::session */
sss_se05x_session_t *session;
/** @copydoc sss_asymmetric_t::keyObject */
sss_se05x_object_t *keyObject;
/** @copydoc sss_asymmetric_t::algorithm */
sss_algorithm_t algorithm;
/** @copydoc sss_asymmetric_t::mode */
sss_mode_t mode;
} sss_se05x_asymmetric_t;
/** @copydoc sss_symmetric_t */
typedef struct
{
/** Virtual connection between application (user context) and specific
* security subsystem and function thereof. */
sss_se05x_session_t *session;
/** Reference to key and it's properties. */
sss_se05x_object_t *keyObject;
/** @copydoc sss_symmetric_t::algorithm */
sss_algorithm_t algorithm;
/** @copydoc sss_symmetric_t::mode */
sss_mode_t mode;
/* Implementation specific part */
/** Used crypto object ID for this operation */
SE05x_CryptoObjectID_t cryptoObjectId;
/** Since underlying system conly only process in fixed chunks, chache them on host
* to complete the operation sanely */
uint8_t cache_data[16];
/** Length of bytes cached on host */
size_t cache_data_len;
} sss_se05x_symmetric_t;
/** @copydoc sss_mac_t */
typedef struct
{
/** copydoc sss_mac_t::session */
sss_se05x_session_t *session;
/** copydoc sss_mac_t::keyObject */
sss_se05x_object_t *keyObject;
/** copydoc sss_mac_t::algorithm */
sss_algorithm_t algorithm;
/** copydoc sss_mac_t::mode */
sss_mode_t mode;
/* Implementation specific part */
/** Used crypto object ID for this operation */
SE05x_CryptoObjectID_t cryptoObjectId;
} sss_se05x_mac_t;
/** @copydoc sss_aead_t */
typedef struct
{
/** @copydoc sss_aead_t::session */
sss_se05x_session_t *session;
/** @copydoc sss_aead_t::keyObject */
sss_se05x_object_t *keyObject;
/** @copydoc sss_aead_t::algorithm */
sss_algorithm_t algorithm;
/** @copydoc sss_aead_t::mode */
sss_mode_t mode;
/** Implementation specific part */
SE05x_CryptoObjectID_t cryptoObjectId;
/** Cache in case of un-alined inputs */
uint8_t cache_data[16];
/** How much we have cached */
size_t cache_data_len;
} sss_se05x_aead_t;
/** @copydoc sss_digest_t */
typedef struct
{
/** Virtual connection between application (user context) and specific
* security subsystem and function thereof. */
sss_se05x_session_t *session;
/** @copydoc sss_digest_t::algorithm */
sss_algorithm_t algorithm;
/** @copydoc sss_digest_t::mode */
sss_mode_t mode;
/** @copydoc sss_digest_t::digestFullLen */
size_t digestFullLen;
/** Implementation specific part */
SE05x_CryptoObjectID_t cryptoObjectId;
} sss_se05x_digest_t;
/** @copydoc sss_rng_context_t */
typedef struct
{
/** @copydoc sss_rng_context_t::session */
sss_se05x_session_t *session;
} sss_se05x_rng_context_t;
/** SE050 Properties that can be represented as an array */
typedef enum
{
kSSS_SE05x_SessionProp_CertUID = kSSS_SessionProp_au8_Proprietary_Start + 1,
} sss_s05x_sesion_prop_au8_t;
/** SE050 Properties that can be represented as 32bit numbers */
typedef enum
{
kSSS_SE05x_SessionProp_CertUIDLen = kSSS_SessionProp_u32_Optional_Start + 1,
} sss_s05x_sesion_prop_u32_t;
/** deprecated : Used only for backwards compatibility */
#define SE05x_Connect_Ctx_t SE_Connect_Ctx_t
/** deprecated : Used only for backwards compatibility */
#define se05x_auth_context_t SE_Connect_Ctx_t
/** Used to enable Applet Features via ``sss_se05x_set_feature`` */
typedef struct
{
/** Use of curve TPM_ECC_BN_P256 */
uint8_t AppletConfig_ECDAA : 1;
/** EC DSA and DH support */
uint8_t AppletConfig_ECDSA_ECDH_ECDHE : 1;
/** Use of curve RESERVED_ID_ECC_ED_25519 */
uint8_t AppletConfig_EDDSA : 1;
/** Use of curve RESERVED_ID_ECC_MONT_DH_25519 */
uint8_t AppletConfig_DH_MONT : 1;
/** Writing HMACKey objects */
uint8_t AppletConfig_HMAC : 1;
/** Writing RSAKey objects */
uint8_t AppletConfig_RSA_PLAIN : 1;
/** Writing RSAKey objects */
uint8_t AppletConfig_RSA_CRT : 1;
/** Writing AESKey objects */
uint8_t AppletConfig_AES : 1;
/** Writing DESKey objects */
uint8_t AppletConfig_DES : 1;
/** PBKDF2 */
uint8_t AppletConfig_PBKDF : 1;
/** TLS Handshake support commands (see 4.16) in APDU Spec*/
uint8_t AppletConfig_TLS : 1;
/** Mifare DESFire support (see 4.15) in APDU Spec*/
uint8_t AppletConfig_MIFARE : 1;
/** Allocated value undefined and reserved for future use */
uint8_t AppletConfig_RFU1 : 1;
/** I2C Master support (see 4.17) in APDU Spec*/
uint8_t AppletConfig_I2CM : 1;
/** RFU */
uint8_t AppletConfig_RFU21 : 1;
} SE05x_Applet_Feature_t;
/** Used to disable Applet Features via ``sss_se05x_set_feature`` */
typedef struct
{
/** Disable feature ECDH B2b8 */
uint8_t EXTCFG_FORBID_ECDH : 1;
/** Disable feature ECDAA B2b7 */
uint8_t EXTCFG_FORBID_ECDAA : 1;
/** Disable feature RSA_LT_2K B6b8 */
uint8_t EXTCFG_FORBID_RSA_LT_2K : 1;
/** Disable feature RSA_SHA1 B6b7 */
uint8_t EXTCFG_FORBID_RSA_SHA1 : 1;
/** Disable feature AES_GCM B8b8 */
uint8_t EXTCFG_FORBID_AES_GCM : 1;
/** Disable feature AES_GCM_EXT_IV B8b7 */
uint8_t EXTCFG_FORBID_AES_GCM_EXT_IV : 1;
/** Disable feature HKDF_EXTRACT B10b7 */
uint8_t EXTCFG_FORBID_HKDF_EXTRACT : 1;
} SE05x_Applet_Feature_Disable_t;
/** Attestation data */
typedef struct
{
/** Random used during attestation */
uint8_t outrandom[16];
/** length of outrandom */
size_t outrandomLen;
/** time stamp */
SE05x_TimeStamp_t timeStamp;
/** Length of timeStamp */
size_t timeStampLen;
/** Uinquie ID of SE050 */
uint8_t chipId[SE050_MODULE_UNIQUE_ID_LEN];
/** Lenght of the Unique ID */
size_t chipIdLen;
/** Attributes */
uint8_t attribute[MAX_POLICY_BUFFER_SIZE + 15];
/** Length of Attribute */
size_t attributeLen;
/** Signature for attestation */
uint8_t signature[512];
/** Lenght of signature */
size_t signatureLen;
} sss_se05x_attst_comp_data_t;
/** Data to be read with attestation */
typedef struct
{
/** Whle reading RSA Objects, modulus and public exporent get attested separately, */
sss_se05x_attst_comp_data_t data[SE05X_MAX_ATTST_DATA];
/** How many entries to attest */
uint8_t valid_number;
} sss_se05x_attst_data_t;
/** @} */
/** @addtogroup se050_i2cm
*
* @{ */
/** Types of entries in an I2CM Transaction */
typedef enum
{
/** Do nothing */
kSE05x_I2CM_None = 0,
/** Configure the address, baudrate */
kSE05x_I2CM_Configure,
/** Write to I2C Slave */
kSE05x_I2CM_Write = 3,
/** Read from I2C Slave */
kSE05x_I2CM_Read,
/** Response from SE05x that there is something wrong */
kSE05x_I2CM_StructuralIssue = 0xFF
} SE05x_I2CM_TLV_type_t;
/** Status of I2CM Transaction */
typedef enum
{
kSE05x_I2CM_Success = 0x5A,
kSE05x_I2CM_I2C_Nack_Fail = 0x01,
kSE05x_I2CM_I2C_Write_Error = 0x02,
kSE05x_I2CM_I2C_Read_Error = 0x03,
kSE05x_I2CM_I2C_Time_Out_Error = 0x05,
kSE05x_I2CM_Invalid_Tag = 0x11,
kSE05x_I2CM_Invalid_Length = 0x12,
kSE05x_I2CM_Invalid_Length_Encode = 0x13,
kSE05x_I2CM_I2C_Config = 0x21
} SE05x_I2CM_status_t;
/** Additional operation on data read by I2C */
typedef enum
{
kSE05x_Security_None = 0,
kSE05x_Sign_Request,
kSE05x_Sign_Enc_Request,
} SE05x_I2CM_securityReq_t;
/** Configuration for I2CM */
typedef enum
{
kSE05x_I2CM_Baud_Rate_100Khz = 0,
kSE05x_I2CM_Baud_Rate_400Khz,
} SE05x_I2CM_Baud_Rate_t;
/** Data Configuration for I2CM */
typedef struct
{
/** 7 Bit address of I2C slave */
uint8_t I2C_addr;
/** What baud rate */
SE05x_I2CM_Baud_Rate_t I2C_baudRate;
/** return status of the config operation */
SE05x_I2CM_status_t status;
} SE05x_I2CM_configData_t;
/** @brief Security Configuration for I2CM */
typedef struct
{
/** @copydoc SE05x_I2CM_securityReq_t */
SE05x_I2CM_securityReq_t operation;
/** object used for the operation */
uint32_t keyObject;
} SE05x_I2CM_securityData_t;
/** @brief Write From I2CM to I2C Slave */
typedef struct
{
/** How many bytes to write */
uint8_t writeLength;
/** [Out] status of the operation */
SE05x_I2CM_status_t wrStatus;
/** Buffer to be written */
uint8_t *writebuf; /* Input */
} SE05x_I2CM_writeData_t;
/** Read to I2CM from I2C Slave */
typedef struct
{
/** How many bytes to read */
uint16_t readLength;
/** [Out] status of the operation */
SE05x_I2CM_status_t rdStatus;
/** Output. rdBuf will point to Host buffer. */
uint8_t *rdBuf;
} SE05x_I2CM_readData_t;
/** Used to report error response, not for outgoing command */
typedef struct
{
/** [Out] In case there is any structural issue */
SE05x_I2CM_status_t issueStatus;
} SE05x_I2CM_structuralIssue_t;
/** @brief Individual entry in array of TLV commands */
typedef union {
/** @copydoc SE05x_I2CM_configData_t */
SE05x_I2CM_configData_t cfg;
/** @copydoc SE05x_I2CM_securityData_t */
SE05x_I2CM_securityData_t sec;
/** @copydoc SE05x_I2CM_writeData_t */
SE05x_I2CM_writeData_t w;
/** @copydoc SE05x_I2CM_readData_t */
SE05x_I2CM_readData_t rd;
/** @copydoc SE05x_I2CM_structuralIssue_t */
SE05x_I2CM_structuralIssue_t issue;
} SE05x_I2CM_INS_type_t;
/** Individual entry in array of TLV commands, with type
*
* @ref Se05x_i2c_master_txn would expect an array of these.
*/
typedef struct _SE05x_I2CM_cmd
{
/** @copybrief SE05x_I2CM_TLV_type_t */
SE05x_I2CM_TLV_type_t type;
/** @copybrief SE05x_I2CM_INS_type_t */
SE05x_I2CM_INS_type_t cmd;
} SE05x_I2CM_cmd_t;
/*!
*@}
*/ /* end of se050_i2cm */
/* ************************************************************************** */
/* Global Variables */
/* ************************************************************************** */
/* ************************************************************************** */
/* Functions */
/* ************************************************************************** */
/** MAC Validate
*
*/
sss_status_t sss_se05x_mac_validate_one_go(
sss_se05x_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t macLen);
/** Similar to @ref sss_se05x_asymmetric_sign_digest,
*
* but hashing/digest done by SE
*/
sss_status_t sss_se05x_asymmetric_sign(
sss_se05x_asymmetric_t *context, uint8_t *srcData, size_t srcLen, uint8_t *signature, size_t *signatureLen);
/** Similar to @ref sss_se05x_asymmetric_verify_digest,
* but hashing/digest done by SE
*
*/
sss_status_t sss_se05x_asymmetric_verify(
sss_se05x_asymmetric_t *context, uint8_t *srcData, size_t srcLen, uint8_t *signature, size_t signatureLen);
/** Read with attestation
*
*/
sss_status_t sss_se05x_key_store_get_key_attst(sss_se05x_key_store_t *keyStore,
sss_se05x_object_t *keyObject,
uint8_t *key,
size_t *keylen,
size_t *pKeyBitLen,
sss_se05x_object_t *keyObject_attst,
sss_algorithm_t algorithm_attst,
uint8_t *random_attst,
size_t randomLen_attst,
sss_se05x_attst_data_t *attst_data);
uint32_t se05x_sssKeyTypeLenToCurveId(sss_cipher_type_t keyType, size_t keyBits);
/** @addtogroup se050_i2cm
*
* @{
*/
/** @brief Se05x_i2c_master_txn
*
* I2CM Transaction
*
* @param[in] sess session identifier
* @param[in,out] cmds Array of structure type capturing a sequence of i2c master cmd/rsp transactions.
* @param[in] cmdLen Amount of structures contained in cmds
*
* @pre p describes I2C master commands.
* @post p contains execution state of I2C master commands, the I2C master commands can be overwritten to report on execution failure.
*/
smStatus_t Se05x_i2c_master_txn(sss_session_t *sess, SE05x_I2CM_cmd_t *cmds, uint8_t cmdLen);
/** @brief Se05x_i2c_master_attst_txn
*
* I2CM Read With Attestation
*
* @param[in] sess session identifier
* @param[in] keyObject Keyobject which contains 4 byte attestaion KeyId
* @param[in,out] p Array of structure type capturing a sequence of i2c master cmd/rsp transactions.
* @param[in] random_attst 16-byte freshness random
* @param[in] random_attstLen length of freshness random
* @param[in] attst_algo 1 byte attestationAlgo
* @param[out] ptimeStamp timestamp
* @param[out] timeStampLen Length for timestamp
* @param[out] freshness freshness (random)
* @param[out] pfreshnessLen Length for freshness
* @param[out] chipId unique chip Id
* @param[out] pchipIdLen Length for chipId
* @param[out] signature signature
* @param[out] psignatureLen Length for signature
* @param[in] noOftags Amount of structures contained in ``p``
*
* @pre p describes I2C master commands.
* @post p contains execution state of I2C master commands, the I2C master commands can be overwritten to report on execution failure.
*/
smStatus_t Se05x_i2c_master_attst_txn(sss_session_t *sess,
sss_object_t *keyObject,
SE05x_I2CM_cmd_t *p,
uint8_t *random_attst,
size_t random_attstLen,
SE05x_AttestationAlgo_t attst_algo,
SE05x_TimeStamp_t *ptimeStamp,
size_t *timeStampLen,
uint8_t *freshness,
size_t *pfreshnessLen,
uint8_t *chipId,
size_t *pchipIdLen,
uint8_t *signature,
size_t *psignatureLen,
uint8_t noOftags);
/*!
*@}
*/ /* end of se050_i2cm */
#endif /* SSS_HAVE_APPLET_SE05X_IOT */
#endif /* SSS_APIS_INC_FSL_SSS_SE05X_TYPES_H_ */