blob: d9dc2ea9130a41476ba2ceacbfbdf738586c06c6 [file] [log] [blame] [edit]
/**
* @file HostCryptoAPI.h
* @author NXP Semiconductors
* @version 1.0
* @par License
*
* Copyright 2017 NXP
* SPDX-License-Identifier: Apache-2.0
*
* @par Description
* Host Crypto wrapper API for the A7-series security IC's
*
* @par HISTORY
*
*/
#ifndef _HOST_CRYPTO_API_H_
#define _HOST_CRYPTO_API_H_
#include "HLSETypes.h"
#define HOST_CRYPTO_NOT_SUPPORTED -1 //!< Crypto engine does not support implementation
#define HOST_CRYPTO_ERROR 0 //!< Failure
#define HOST_CRYPTO_OK 1 //!< Success
/**
* Enumerates all the Cryptographic Mechanisms that are supported. A list of mechanisms is returned in \p mechanisms.
If \p mechanism is NULL, then all that the function does is return (in \p *mechanismNum) the number of HLSE_MECHANISM_TYPE which would suffice
to hold the returned list. HLSE_SW_OK is returned by the function.
If \p mechanism is not NULL, then \p *mechanismLen must contain the number of mechanisms in the buffer \p mechanism. If that buffer
is large enough to hold number of mechanisms to be returned, then the mechanisms are copied to \p mechanism, and HLSE_SW_OK is returned by the function.
If the buffer is not large enough, then HLSE_ERR_BUF_TOO_SMALL is returned. In either case, \p *mechanismLen is set to hold the exact number of
mechanisms to be returned.
* \param[in, out] mechanism IN: caller passes a buffer of at least *mechanismNum; OUT: contains the mechanisms supported
* \param[in, out] mechanismLen IN: number of mechanisms in mechanisms; OUT: set to hold the exact number of mechanisms
*
* \retval ::HLSE_SW_OK Successfull execution
* \retval ::HLSE_ERR_BUF_TOO_SMALL Buffer is too small to return the mechanisms
* \retval ::HLSE_ERR_API_ERROR Invalid function arguments
*/
HLSE_RET_CODE HLCRYPT_GetSupportedMechanisms(HLSE_MECHANISM_TYPE* mechanism, U32* mechanismLen);
/**
* Encrypts the data provided using the given key and the requested mechanism.
The Cryptographic Mechanism to be used is passed in the \p type member of the \p pMechanismType parameter.
The key to encrypt the data with is provided by \p inKey.
If additional information is required by the specific encryption mechanism, is will be conveyed in \p pMechanismType->pParameter.
If \p outEncryptedData is NULL, then all that the function does is return (in \p *outEncryptedDataLen) a number of bytes which would suffice
to hold the return value. HLSE_SW_OK is returned by the function.
If \p outEncryptedData is not NULL, then \p *outEncryptedDataLen must contain the number of bytes in the buffer \p outEncryptedData. If that buffer
is large enough to hold the data be returned, then the data is copied to \p outEncryptedData, and HLSE_SW_OK is returned by the function.
If the buffer is not large enough, then HLSE_ERR_BUF_TOO_SMALL is returned. In either case, \p *outEncryptedDataLen is set to hold the exact number of
bytes to be returned.
* \param[in] pMechanismType The encryption Cryptographic Mechanism to be used
* \param[in] inKey The key data to encrypt with
* \param[in] inKeyLen The length in bytes of \p inKey
* \param[in] inData Data buffer for that should be encrypted
* \param[in] inDataLen The length of data passed as argument
* \param[in,out] outEncryptedData IN: caller passes a buffer to hold the data to be returned;
OUT: contains the encrypted data
* \param[in,out] outEncryptedDataLen IN: length of the \p outEncryptedData buffer passed;
OUT: the number of bytes returned in \p outEncryptedData
*
* \retval ::HLSE_SW_OK Upon successful execution
* \retval ::HLSE_ERR_BUF_TOO_SMALL \p outEncryptedData is too small to return the data
* \retval ::HLSE_ERR_API_ERROR Invalid function arguments
*/
HLSE_RET_CODE HLCRYPT_Encrypt(HLSE_MECHANISM_INFO* pMechanismType, U8* inKey, U32 inKeyLen,
U8* inData, U32 inDataLen,
U8* outEncryptedData, U32* outEncryptedDataLen);
/**
* Decrypts the data provided using the given key and the requested mechanism.
The Cryptographic Mechanism to be used is passed in the \p type member of the \p pMechanismType parameter.
A handle to the key to decrypt the data with is provided by \p hObject.
If additional information is required by the specific decryption mechanism, is will be conveyed in \p pMechanismType->pParameter.
If \p outDecryptedData is NULL, then all that the function does is return (in \p *outDecryptedDataLen) a number of bytes which would suffice
to hold the return value. HLSE_SW_OK is returned by the function.
If \p outData is not NULL, then \p *outDecryptedDataLen must contain the number of bytes in the buffer \p outDecryptedData. If that buffer
is large enough to hold the data be returned, then the data is copied to \p outDecryptedData, and HLSE_SW_OK is returned by the function.
If the buffer is not large enough, then HLSE_ERR_BUF_TOO_SMALL is returned. In either case, \p *outDecryptedDataLen is set to hold the exact number of
bytes to be returned.
* \param[in] pMechanismType The decryption Cryptographic Mechanism to be used
* \param[in] inKey The key data to decrypt with
* \param[in] inKeyLen The length in bytes of \p inKey
* \param[in] inData Data buffer for that should be decrypted
* \param[in] inDataLen The length of data passed as argument
* \param[in,out] outDecryptedData IN: caller passes a buffer to hold the data to be returned;
OUT: contains the decrypted data
* \param[in,out] outDecryptedDataLen IN: length of the \p outDecryptedData buffer passed;
OUT: the number of bytes returned in \p outDecryptedData
*
* \retval ::HLSE_SW_OK Upon successful execution
* \retval ::HLSE_ERR_BUF_TOO_SMALL \p outData is too small to return the data
* \retval ::HLSE_ERR_API_ERROR Invalid function arguments
*/
HLSE_RET_CODE HLCRYPT_Decrypt(HLSE_MECHANISM_INFO* pMechanismType, U8* inKey, U32 inKeyLen,
U8* inData, U32 inDataLen,
U8* outDecryptedData, U32* outDecryptedDataLen);
/**
* Calculates the Digest (e.g. Sha256) value of the data provided as input.
The Cryptographic Mechanism to be used is passed in the \p type member of the \p pMechanismType parameter.
If additional information is required by the specific digest mechanism, is will be conveyed in \p pMechanismType->pParameter.
If \p outDigest is NULL, then all that the function does is return (in \p *outDigestLen) a number of bytes which would suffice
to hold the digest value. HLSE_SW_OK is returned by the function.
If \p outDigest is not NULL, then \p *outDigestLen must contain the number of bytes in the buffer \p outDigest. If that buffer
is large enough to hold the digest value be returned, then the data is copied to \p outDigest, and HLSE_SW_OK is returned by the function.
If the buffer is not large enough, then HLSE_ERR_BUF_TOO_SMALL is returned. In either case, \p *outDigestLen is set to hold the exact number of
bytes to be returned.
* \param[in] pMechanismType The Digest Cryptographic Mechanism to be used
* \param[in] inData Data buffer for which the digest must be calculated
* \param[in] inDataLen The length of data passed as argument
* \param[in,out] outDigest IN: caller passes a buffer to hold the digest value;
OUT: contains the calculated digest
* \param[in,out] outDigestLen IN: length of the \p outDigest buffer passed;
OUT: the number of bytes returned in \p outDigest
*
* \retval ::HLSE_SW_OK Upon successful execution
* \retval ::HLSE_ERR_BUF_TOO_SMALL \p outDigest is too small to return the digest
* \retval ::HLSE_ERR_API_ERROR Invalid function arguments
*/
HLSE_RET_CODE HLCRYPT_Digest(HLSE_MECHANISM_INFO* pMechanismType,
U8* inData, U32 inDataLen,
U8* outDigest, U32* outDigestLen);
/**
* Signs the data provided using the given key and the requested mechanism.
The Cryptographic Mechanism to be used is passed in the \p type member of the \p pMechanismType parameter.
A handle to the key to sign the data with is provided by \p hObject.
If additional information is required by the specific signing mechanism, is will be conveyed in \p pMechanismType->pParameter.
If \p outSignature is NULL, then all that the function does is return (in \p *outSignatureLen) a number of bytes which would suffice
to hold the signature. HLSE_SW_OK is returned by the function.
If \p outSignature is not NULL, then \p *outSignatureLen must contain the number of bytes in the buffer \p outSignature. If that buffer
is large enough to hold the signature be returned, then the data is copied to \p outSignature, and HLSE_SW_OK is returned by the function.
If the buffer is not large enough, then HLSE_ERR_BUF_TOO_SMALL is returned. In either case, \p *outSignatureLen is set to hold the exact number of
bytes to be returned.
* \param[in] pMechanismType The signing Cryptographic Mechanism to be used
* \param[in] inKey The key data to sign with
* \param[in] inKeyLen The length in bytes of \p inKey
* \param[in] inData Data buffer for that should be signed (e.g. a digest)
* \param[in] inDataLen The length of data passed as argument
* \param[in,out] outSignature IN: caller passes a buffer to hold the signature;
OUT: contains the calculated signature
* \param[in,out] outSignatureLen IN: length of the \p outSignature buffer passed;
OUT: the number of bytes returned in \p outSignature
*
* \retval ::HLSE_SW_OK Upon successful execution
* \retval ::HLSE_ERR_BUF_TOO_SMALL \p outSignature is too small to return the signature
* \retval ::HLSE_ERR_API_ERROR Invalid function arguments
* \retval ::HLSE_ERR_CRYPTO_ENGINE_FAILED in case of failure
*/
HLSE_RET_CODE HLCRYPT_Sign(HLSE_MECHANISM_INFO* pMechanismType, U8* inKey, U32 inKeyLen,
U8* inData, U32 inDataLen,
U8* outSignature, U32* outSignatureLen);
/**
* Verifies the data provided using the given key and the requested mechanism.
The Cryptographic Mechanism to be used is passed in the \p type member of the \p pMechanismType parameter.
A handle to the key to verify the data with is provided by \p hObject.
If additional information is required by the specific verifying mechanism, is will be conveyed in \p pMechanismType->pParameter.
* \param[in] pMechanismType The verifying Cryptographic Mechanism to be used
* \param[in] inKey The key data to verify with
* \param[in] inKeyLen The length in bytes of \p inKey
* \param[in] inData The mesage hash
* \param[in] inDataLen The length of hash
* \param[in] inSignature IN: caller passes a buffer with signature to read and verify;
* \param[in] inSignatureLen IN: length of the \p inSignature buffer passed;
*
* \retval ::HLSE_SW_OK Upon successful execution
* \retval ::HLSE_ERR_BUF_TOO_SMALL \p outSignature is too small to return the signature
* \retval ::HLSE_ERR_API_ERROR Invalid function arguments
* \retval ::HLSE_ERR_CRYPTO_ENGINE_FAILED in case of failure
*/
HLSE_RET_CODE HLCRYPT_Verify(HLSE_MECHANISM_INFO* pMechanismType, U8* inKey, U32 inKeyLen,
U8* inData, U32 inDataLen,
U8* inSignature, U32 inSignatureLen);
/**
* Initialize a Signature operation using the given key and the requested mechanism.
The Cryptographic Mechanism to be used is passed in the \p type member of the \p pMechanismType parameter.
A handle to the key to sign the data with is provided by \p hObject.
If additional information is required by the specific signing mechanism, is will be conveyed in \p pMechanismType->pParameter.
* \param[in] pMechanismType The signing Cryptographic Mechanism to be used
* \param[in] inKey The key data to sign with
* \param[in] inKeyLen The length in bytes of \p inKey
* \param[out] hContext Pointer to context (double indirection)
*
* \retval ::HLSE_SW_OK Upon successful execution
* \retval ::HLSE_ERR_BUF_TOO_SMALL \p outSignature is too small to return the signature
* \retval ::HLSE_ERR_API_ERROR Invalid function arguments
*/
HLSE_RET_CODE HLCRYPT_SignInit(HLSE_MECHANISM_INFO* pMechanismType, U8* inKey, U32 inKeyLen, HLSE_CONTEXT_HANDLE* hContext);
/**
* Update/Append to data to be signed.
* \param[in] hContext The Context handle
* \param[in] inDataPart Data buffer for that should be signed (e.g. a digest)
* \param[in] inDataPartLen The length of data passed as argument
*
* \retval ::HOST_CRYPTO_OK
* \retval ::HOST_CRYPTO_ERROR
*/
HLSE_RET_CODE HLCRYPT_SignUpdate(HLSE_CONTEXT_HANDLE hContext, U8* inDataPart, U32 inDataPartLen);
/**
* Retrieves the Signature and clean up/free the context handle.
If \p outSignature is NULL, then all that the function does is return (in \p *outSignatureLen) a number of bytes which would suffice
to hold the signature. HLSE_SW_OK is returned by the function.
If \p outSignature is not NULL, then \p *outSignatureLen must contain the number of bytes in the buffer \p outSignature. If that buffer
is large enough to hold the signature be returned, then the data is copied to \p outSignature, and HLSE_SW_OK is returned by the function.
If the buffer is not large enough, then HLSE_ERR_BUF_TOO_SMALL is returned. In either case, \p *outSignatureLen is set to hold the exact number of
bytes to be returned.
* @param[in] hContext The Context handle
* \param[in,out] outSignature IN: caller passes a buffer to hold the signature;
OUT: contains the calculated signature
* \param[in,out] outSignatureLen IN: length of the \p outSignature buffer passed;
OUT: the number of bytes returned in \p outSignature
*
* \retval ::HLSE_SW_OK Upon successful execution
* \retval ::HLSE_ERR_BUF_TOO_SMALL \p outSignature is too small to return the signature
* \retval ::HLSE_ERR_API_ERROR Invalid function arguments
* \retval ::HOST_CRYPTO_OK
* \retval ::HOST_CRYPTO_ERROR
*/
HLSE_RET_CODE HLCRYPT_SignFinal(HLSE_CONTEXT_HANDLE hContext, U8* outSignature, U32* outSignatureLen);
/**
* Fill up the provided buffer \p pRandomData with \p inLen byte of random data
* \param[in] inLen number (in bytes) of random data requested
* \param[in,out] pRandom IN: buffer of at least inLen size; OUT: retrieved random data
*
* \retval ::HOST_CRYPTO_OK Success
* \retval ::HOST_CRYPTO_ERROR Random not supported by Crypto Engine
* \retval ::RET_SUCCESS
* \retval ::RET_FAILURE
* \retval ::RET_INSUFFICIENT_BUFFER_SIZE
*/
HLSE_RET_CODE HLCRYPT_GetRandom(U32 inLen, U8 * pRandom);
/**
* Encrypts the data provided using the given key using single Des CBC mechanism.
If \p outData is NULL, then all that the function does is return (in \p *outEncryptedDataLen) a number of bytes which would suffice
to hold the return value. HLSE_SW_OK is returned by the function.
If \p outData is not NULL, then \p *outDataLen must contain the number of bytes in the buffer \p outData. If that buffer is large enough to hold the
data be returned, then the data is copied to \p outData, and HLSE_SW_OK is returned by the function.
If the buffer is not large enough, then HLSE_ERR_BUF_TOO_SMALL is returned. In either case, \p *outDataLen is set to hold the exact number of
bytes to be returned.
* \param[in] Key The key data to encrypt with
* \param[in] KeyLen The length in bytes of \p inKey
* \param[in] iv ICV to be used by CBC mechanism
* \param[in] ivlen The length in bytes of \p iv
* \param[in] inData Data buffer for that should be encrypted
* \param[in] inDataLen The length of data passed as argument
* \param[in,out] outData IN: caller passes a buffer to hold the data to be returned;
OUT: contains the encrypted data
* \param[in,out] outDataLen IN: length of the \p outEncryptedData buffer passed;
OUT: the number of bytes returned in \p outEncryptedData
*
* \retval ::HLSE_SW_OK Upon successful execution
* \retval ::HLSE_ERR_BUF_TOO_SMALL \p outEncryptedData is too small to return the data
* \retval ::HLSE_ERR_API_ERROR Invalid function arguments
*/
HLSE_RET_CODE HLCRYPT_Single_DES_CBC_Encrypt(U8 *key, U32 keylen,
U8 *iv,
U16 ivlen,
U8 *inData,
U32 inDatalen,
U8 * outData,
U32 *outDatalen);
#endif