diff options
Diffstat (limited to 'lib/sec_library')
21 files changed, 3080 insertions, 0 deletions
diff --git a/lib/sec_library/include/aes.h b/lib/sec_library/include/aes.h new file mode 100644 index 00000000..ea90660a --- /dev/null +++ b/lib/sec_library/include/aes.h @@ -0,0 +1,265 @@ +/* + * Copyright (C) 2017-2021 Alibaba Group Holding Limited + */ + +/****************************************************************************** + * @file drv/aes.h + * @brief Header File for AES Driver + * @version V1.0 + * @date 9. Oct 2020 + * @model aes + ******************************************************************************/ + +#ifndef _DRV_AES_H_ +#define _DRV_AES_H_ + +#include <stdint.h> +#include <drv/common.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/*----- Encrypt & Decrypt: Config key length -----*/ +typedef enum { + AES_KEY_LEN_BITS_128 = 0, ///< 128 Data bits + AES_KEY_LEN_BITS_192, ///< 192 Data bits + AES_KEY_LEN_BITS_256 ///< 256 Data bits +} csi_aes_key_bits_t; + +/** +\brief AES Ctrl Block +*/ +typedef struct { + csi_dev_t dev; + void *priv; +} csi_aes_t; + +/** + \brief Initialize AES interface. Initializes the resources needed for the AES interface + \param[in] aes Handle to operate + \param[in] idx Device id + \return Error code \ref csi_error_t +*/ +csi_error_t csi_aes_init(csi_aes_t *aes, uint32_t idx); + +/** + \brief De-initialize AES interface. Stops operation and releases the software resources used by the interface + \param[in] aes Dandle to operate + \return None +*/ +void csi_aes_uninit(csi_aes_t *aes); + +/** + \brief Set encrypt key + \param[in] aes Handle to operate + \param[in] key Pointer to the key buf + \param[in] key_len Pointer to \ref csi_aes_key_bits_t + \return Error code \ref Csi_error_t +*/ +csi_error_t csi_aes_set_encrypt_key(csi_aes_t *aes, void *key, csi_aes_key_bits_t key_len); + +/** + \brief Set decrypt key + \param[in] aes Handle to operate + \param[in] key Pointer to the key buf + \param[in] key_len Pointer to \ref csi_aes_key_bits_t + \return Error code \ref Csi_error_t +*/ +csi_error_t csi_aes_set_decrypt_key(csi_aes_t *aes, void *key, csi_aes_key_bits_t key_len); + +/** + \brief AES ecb encrypt + \param[in] aes Handle to operate + \param[in] in Pointer to the source data + \param[out] out Pointer to the result data + \param[in] size The source data size + \return Error code \ref Csi_error_t +*/ +csi_error_t csi_aes_ecb_encrypt(csi_aes_t *aes, void *in, void *out, uint32_t size); + +/** + \brief AES ecb decrypt + \param[in] aes Handle to operate + \param[in] in Pointer to the source data + \param[out] out Pointer to the result data + \param[in] size The source data size + \return Error code \ref Csi_error_t +*/ +csi_error_t csi_aes_ecb_decrypt(csi_aes_t *aes, void *in, void *out, uint32_t size); + +/** + \brief AES cbc encrypt + \param[in] aes Handle to operate + \param[in] in Pointer to the source data + \param[out] out Pointer to the result data + \param[in] size The source data size + \param[in] iv Init vector + \return Error code \ref Csi_error_t +*/ +csi_error_t csi_aes_cbc_encrypt(csi_aes_t *aes, void *in, void *out, uint32_t size, void *iv); + +/** + \brief AES cbc decrypt + \param[in] aes Handle to operate + \param[in] in Pointer to the source data + \param[out] out Pointer to the result data + \param[in] size The source data size + \param[in] iv Init vector + \return Error code \ref Csi_error_t +*/ +csi_error_t csi_aes_cbc_decrypt(csi_aes_t *aes, void *in, void *out, uint32_t size, void *iv); + +/** + \brief AES cfb1 encrypt + \param[in] aes Handle to operate + \param[in] in Pointer to the source data + \param[out] out Pointer to the result data + \param[in] size The source data size + \param[in] iv Init vector + \return Error code \ref Csi_error_t +*/ +csi_error_t csi_aes_cfb1_encrypt(csi_aes_t *aes, void *in, void *out, uint32_t size, void *iv); + +/** + \brief AES cfb1 decrypt + \param[in] aes Handle to operate + \param[in] in Pointer to the source data + \param[out] out Pointer to the result data + \param[in] size The source data size + \param[in] iv Init vector + \return Error code \ref Csi_error_t +*/ +csi_error_t csi_aes_cfb1_decrypt(csi_aes_t *aes, void *in, void *out, uint32_t size, void *iv); + +/** + \brief AES cfb8 encrypt + \param[in] aes Handle to operate + \param[in] in Pointer to the source data + \param[out] out Pointer to the result data + \param[in] size The source data size + \param[in] iv Init vector + \return Error code \ref Csi_error_t +*/ +csi_error_t csi_aes_cfb8_encrypt(csi_aes_t *aes, void *in, void *out, uint32_t size, void *iv); + +/** + \brief AES cfb8 decrypt + \param[in] aes Handle to operate + \param[in] in Pointer to the source data + \param[out] out Pointer to the result data + \param[in] size The source data size + \param[in] iv Init vector + \return Error code \ref Csi_error_t +*/ +csi_error_t csi_aes_cfb8_decrypt(csi_aes_t *aes, void *in, void *out, uint32_t size, void *iv); + +/** + \brief AES cfb128 decrypt + \param[in] aes Handle to operate + \param[in] in Pointer to the source data + \param[out] out Pointer to the result data + \param[in] size The source data size + \param[in] iv Init vector + \param[out] num The number of the 128-bit block we have used + \return Error code \ref csi_error_t +*/ +csi_error_t csi_aes_cfb128_decrypt(csi_aes_t *aes, void *in, void *out, uint32_t size, void *iv, uint32_t *num); + +/** + \brief AES cfb128 encrypt + \param[in] aes Handle to operate + \param[in] in Pointer to the source data + \param[out] out Pointer to the result data + \param[in] size The source data size + \param[in] iv Init vector + \param[out] num The number of the 128-bit block we have used + \return Error code \ref csi_error_t +*/ +csi_error_t csi_aes_cfb128_encrypt(csi_aes_t *aes, void *in, void *out, uint32_t size, void *iv, uint32_t *num); + +/** + \brief AES ofb encrypt + \param[in] aes Handle to operate + \param[in] in Pointer to the source data + \param[out] out Pointer to the result data + \param[in] size The source data size + \param[in] iv Init vector + \param[out] num The number of the 128-bit block we have used + \return Error code \ref csi_error_t +*/ +csi_error_t csi_aes_ofb_encrypt(csi_aes_t *aes, void *in, void *out, uint32_t size, void *iv, uint32_t *num); + +/** + \brief AES ofb decrypt + \param[in] aes Handle to operate + \param[in] in Pointer to the source data + \param[out] out Pointer to the result data + \param[in] size The source data size + \param[in] iv Init vector + \param[out] num The number of the 128-bit block we have used + \return Error code \ref csi_error_t +*/ +csi_error_t csi_aes_ofb_decrypt(csi_aes_t *aes, void *in, void *out, uint32_t size, void *iv, uint32_t *num); + +/** + \brief AES ctr encrypt + \param[in] aes Handle to operate + \param[in] in Pointer to the source data + \param[out] out Pointer to the result data + \param[in] size The source data size + \param[in] nonce_counter Pointer to the 128-bit nonce and counter + \param[in] stream_block Pointer to the saved stream-block for resuming + \param[in] iv Init vector + \param[out] num The number of the 128-bit block we have used + \return Error code \ref csi_error_t +*/ +csi_error_t csi_aes_ctr_encrypt(csi_aes_t *aes, + void *in, + void *out, + uint32_t size, + uint8_t nonce_counter[16], + uint8_t stream_block[16], + void *iv, + uint32_t *num); + +/** + \brief AES ctr decrypt + \param[in] aes Handle to operate + \param[in] in Pointer to the source data + \param[out] out Pointer to the result data + \param[in] size The source data size + \param[in] nonce_counter Pointer to the 128-bit nonce and counter + \param[in] stream_block Pointer to the saved stream-block for resuming + \param[in] iv Init vecotr + \param[out] num The number of the 128-bit block we have used + \return Error code \ref csi_error_t +*/ +csi_error_t csi_aes_ctr_decrypt(csi_aes_t *aes, + void *in, + void *out, + uint32_t size, + uint8_t nonce_counter[16], + uint8_t stream_block[16], + void *iv, + uint32_t *num); + +/** + \brief Enable AES power manage + \param[in] aes Handle to operate + \return Error code \ref csi_error_t +*/ +csi_error_t csi_aes_enable_pm(csi_aes_t *aes); + +/** + \brief Disable AES power manage + \param[in] aes Handle to operate + \return None +*/ +void csi_aes_disable_pm(csi_aes_t *aes); + +#ifdef __cplusplus +} +#endif + +#endif /* _DRV_AES_H_ */ diff --git a/lib/sec_library/include/csi_efuse_api.h b/lib/sec_library/include/csi_efuse_api.h new file mode 100644 index 00000000..748a7b06 --- /dev/null +++ b/lib/sec_library/include/csi_efuse_api.h @@ -0,0 +1,56 @@ +/* + * Copyright (C) 2019-2021 Alibaba Group Holding Limited + */ +#ifndef __CSI_EFUSE_API_H__ +#define __CSI_EFUSE_API_H__ + +#include <stdint.h> + +#ifdef __cplusplus +extern "C" { +#endif + +typedef enum { + SECURE_BOOT_DIS = 0x5a5a5a5a, + SECURE_BOOT_EN = ~(SECURE_BOOT_DIS), +} sboot_st_t; + + +typedef enum { + IMAGE_ENCRYPT_DIS = 0x5a5a5a5a, + IMAGE_ENCRYPT_EN = ~(IMAGE_ENCRYPT_DIS), +} img_encrypt_st_t; + +int csi_efuse_api_int(void); + +int csi_efuse_api_uninit(void); + +int csi_efuse_get_secure_boot_st(sboot_st_t *sboot_st); + +int csi_efuse_get_digest_signature_scheme(uint32_t *digest_scheme, uint32_t *signature_scheme); + +int csi_efuse_get_bl2_encrypt_st(img_encrypt_st_t *encrypt_st); + +int csi_efuse_set_bl2_encrypt_st(img_encrypt_st_t encrypt_st); + +int csi_efuse_get_bl3_encrypt_st(img_encrypt_st_t *encrypt_st); + +int csi_efuse_set_bl3_encrypt_st(img_encrypt_st_t encrypt_st); + +int csi_efuse_get_bl1_version(uint32_t *version); + +int csi_efuse_set_bl1_version(uint32_t version); + +int csi_efuse_get_bl2_version(uint32_t *version); + +int csi_efuse_set_bl2_version(uint32_t version); + +int csi_efuse_read_raw(uint32_t addr, void *data, uint32_t cnt); + +int csi_efuse_write_raw(uint32_t addr, const void *data, uint32_t cnt); + +#ifdef __cplusplus +} +#endif + +#endif /* __CSI_EFUSE_API_H__ */ diff --git a/lib/sec_library/include/csi_sec_img_verify.h b/lib/sec_library/include/csi_sec_img_verify.h new file mode 100644 index 00000000..24190684 --- /dev/null +++ b/lib/sec_library/include/csi_sec_img_verify.h @@ -0,0 +1,31 @@ +/* + * Copyright (C) 2019-2021 Alibaba Group Holding Limited + */ +#ifndef __CSI_SEC_IMG_VERIFY_H__ +#define __CSI_SEC_IMG_VERIFY_H__ + +#include <stdint.h> + +#ifdef __cplusplus +extern "C" { +#endif + +typedef enum { + BOOT_STAGE_BL1 = 0, + BOOT_STAGE_BL2, + BOOT_STAGE_ERR, +} boot_stage_t; + +int csi_sec_custom_image_verify(unsigned long img_src_addr, unsigned long cur_hdr_addr); + +int csi_sec_uboot_image_verify(unsigned long img_src_addr, unsigned long cur_hdr_addr); + +int csi_sec_set_boot_stage(boot_stage_t boot_stage); + +int csi_sec_get_lib_version(char ** p_version); + +#ifdef __cplusplus +} +#endif + +#endif /* __CSI_SEC_IMG_VERIFY_H__ */ diff --git a/lib/sec_library/include/kdf.h b/lib/sec_library/include/kdf.h new file mode 100644 index 00000000..c07adedc --- /dev/null +++ b/lib/sec_library/include/kdf.h @@ -0,0 +1,142 @@ +/* + * Copyright (C) 2019-2021 Alibaba Group Holding Limited + */ + +#ifndef __KDF_H__ +#define __KDF_H__ +#include "drv/aes.h" +#include "drv/sm4.h" +#include "drv/common.h" +#include <stdint.h> + +typedef enum { + KDF_ROOT_CV_UNIQUE_KEY, + KDF_ROOT_CV_COMMON_KEY, + KDF_ROOT_USER_UNIQUE_KEY, + KDF_ROOT_USER_COMMON_KEY, + KDF_ROOT_KEY_MAX, +} csi_kdf_root_key_t; + +typedef enum { + KDF_DERIVED_DFT_CHALLENGE_EK, + KDF_DERIVED_C910TJTAG_CHALLENGE_EK, + KDF_DERIVED_E902JTAG_CHALLENGE_EK, + KDF_DERIVED_IMAGE_EK, + KDF_DERIVED_SECURE_STORAGE_EK1, + KDF_DERIVED_SECURE_STORAGE_EK2, + KDF_DERIVED_SECURE_STORAGE_EK3, + KDF_DERIVED_SECURE_STORAGE_EK4, + KDF_DERIVED_SECURE_STORAGE_EK5, + KDF_DERIVED_SECURE_STORAGE_EK6, + KDF_DERIVED_SECURE_STORAGE_EK7, + KDF_DERIVED_SECURE_STORAGE_EK8, + KDF_DERIVED_SECURE_STORAGE_EK9, + KDF_DERIVED_SECURE_STORAGE_EK10, + KDF_DERIVED_SECURE_STORAGE_EK11, + KDF_DERIVED_SECURE_STORAGE_EK12, + KDF_DERIVED_SECURE_STORAGE_EK13, + KDF_DERIVED_SECURE_STORAGE_EK14, + KDF_DERIVED_SECURE_STORAGE_EK15, + KDF_DERIVED_SECURE_STORAGE_EK16, + KDF_DERIVED_RPMB_ACCESS_EK, + KDF_DERIVED_MAX, +} csi_kdf_derived_key_t; + +typedef enum { + KDF_KEY_TYPE_AES_256, + KDF_KEY_TYPE_AES_192, + KDF_KEY_TYPE_AES_128, + KDF_KEY_TYPE_SM4, + KDF_KEY_TYPE_TDES_192, + KDF_KEY_TYPE_TDES_128, + KDF_KEY_TYPE_DES, + KDF_KEY_TYPE_MAX, +} csi_kdf_key_type_t; + +typedef struct key_attr_tag { + uint8_t len_in_byte; + uint8_t valid; + uint32_t offset; +} csi_kdf_key_attr_t; + +/** +\brief KDF Ctrl Block +*/ +typedef struct { + union { + csi_aes_t *aes; + csi_sm4_t *sm4; + }; + csi_kdf_key_type_t type; +} csi_kdf_key_handle_t; + +/** +\brief KDF Ctrl Block +*/ +typedef struct { + csi_dev_t dev; + void *priv; +} csi_kdf_t; + +/** + \brief kdf initialiez. + \param[in] kdf Handle to operate. + \param[in] idx Device id. + \return error code +*/ +csi_error_t csi_kdf_init(csi_kdf_t *kdf, uint32_t idx); + +/** + \brief kdf uninitialiez. + \param[in] kdf Handle to operate +*/ +void csi_kdf_uninit(csi_kdf_t *kdf); + +/** + \brief Derive key function. + \param[in] kdf Handle to operate. + \param[in] rkey derive source root key type. + \param[in] dkey derived key type from root key. + \return error code +*/ +csi_error_t csi_kdf_derived_key(csi_kdf_t *kdf, csi_kdf_root_key_t rkey, + csi_kdf_derived_key_t dkey); + +/** + \brief Destroy derived key in storage. + \param[in] kdf Handle to operate. + \param[in] dkey derived key type. + \return error code +*/ +csi_error_t csi_kdf_destory_key(csi_kdf_t *kdf, csi_kdf_derived_key_t dkey); +// xiaoxia: keyram layout config macro + +/** + \brief Set key to algorithim engine. + \param[in] handle Handle to cipher. + \param[in] kdf Handle to operate. + \param[in] dkey derived key type. + \return error code +*/ +csi_error_t csi_kdf_set_key(csi_kdf_key_handle_t *handle, csi_kdf_t *kdf, + csi_kdf_derived_key_t dkey); + +/** + \brief Clear key in algorithim engine. + \param[in] kdf Handle to operate. + \param[in] dkey derived key type. + \return error code +*/ +csi_error_t csi_kdf_clear_key(csi_kdf_t *kdf, csi_kdf_derived_key_t dkey); + +/** + \brief Get key attribute. + \param[in] kdf Handle to operate. + \param[in] dkey derived key type. + \param[out] attr Buffer to get attribute. + \return error code +*/ +csi_error_t csi_kdf_get_key_attr(csi_kdf_t *kdf, csi_kdf_derived_key_t dkey, + csi_kdf_key_attr_t *attr); + +#endif diff --git a/lib/sec_library/include/keyram.h b/lib/sec_library/include/keyram.h new file mode 100644 index 00000000..6f8f706a --- /dev/null +++ b/lib/sec_library/include/keyram.h @@ -0,0 +1,78 @@ +/* + * Copyright (C) 2017-2021 Alibaba Group Holding Limited + */ + +/****************************************************************************** + * @file keyram.h + * @brief CSI Source File for kdf Driver + * @version V1.0 + * @date 12. MAR 2021 + ******************************************************************************/ + +#include "drv/kdf.h" +#include <stdio.h> +#include <string.h> + +#define KDF_CON 0x000 +#define KDF_KEYTRANSFER 0x004 +#define KDF_KEYINDEX 0x008 +#define KDF_INTCON 0x00C +#define KDF_ZONE1SADDR 0x020 +#define KDF_ZONE2SADDR 0x030 +#define KDF_ZONE3SADDR 0x040 +#define KDF_RAMENC_KEY0H 0x058 +#define KDF_RAMENC_KEY0L 0x05c +#define KDF_RAMENC_KEY1H 0x060 +#define KDF_RAMENC_KEY1L 0x064 +#define KDF_RAMENC_KEY2H 0x068 +#define KDF_RAMENC_KEY2L 0x06c +#define KDF_RAMENC_KEY3H 0x070 +#define KDF_RAMENC_KEY3L 0x074 +#define KDF_MASK_RNG0 0x080 +#define KDF_MASK_RNG1 0x084 +#define KDF_MASK_RNG2 0x088 +#define KDF_MASK_RNG3 0x08c +#define KDF_MASK_RNG4 0x090 +#define KDF_MASK_RNG5 0x094 +#define KDF_MASK_RNG6 0x098 +#define KDF_MASK_RNG7 0x09c +#define KDF_STA 0x0a0 +#define KDF_IPID 0x0fc +#define KDF_RAM 0x8000 + +/** + * @brief keyram init. + * + * @return uint32_t + */ +uint32_t keyram_init(); + +/** + * @brief keyram set key. + * + * @param key + * @param len + * @return uint32_t + */ +uint32_t keyram_set_key(csi_kdf_derived_key_t key, uint32_t len); + +/** + * @brief get key addr in keyram. + * + * @param key + * @param addr + * @return uint32_t + */ +uint32_t keyram_get_key_addr(csi_kdf_derived_key_t key, uint64_t *addr); + +/** + * @brief Clear key in keyram. + * + * @return uint32_t + */ +uint32_t keyram_clear(); + +/** + * @brief Uninit. This function will lock KDF. + */ +void keyram_uninit(); diff --git a/lib/sec_library/include/rng.h b/lib/sec_library/include/rng.h new file mode 100644 index 00000000..55fe37b1 --- /dev/null +++ b/lib/sec_library/include/rng.h @@ -0,0 +1,40 @@ +/* + * Copyright (C) 2017-2021 Alibaba Group Holding Limited + */ + +/****************************************************************************** + * @file drv/tng.h + * @brief Header File for RNG Driver + * @version V1.0 + * @date 22. Apr 2020 + * @model tng + ******************************************************************************/ +#ifndef _DRV_TNG_H_ +#define _DRV_TNG_H_ + +#include "drv/common.h" +#include <stdint.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/** + \brief Get data from the TNG engine + \param[out] Data Pointer to buffer with data get from TNG + \param[in] Num Number of data items,uinit in uint32 + \return Error code \ref csi_error_t +*/ +csi_error_t csi_rng_get_multi_word(uint32_t *data, uint32_t num); + +/** + \brief Get data from the TNG engine + \return Error code \ref csi_error_t +*/ +csi_error_t csi_rng_get_single_word(uint32_t* data); + +#ifdef __cplusplus +} +#endif + +#endif /* _DRV_TNG_H_ */ diff --git a/lib/sec_library/include/rsa.h b/lib/sec_library/include/rsa.h new file mode 100644 index 00000000..5c2e53fc --- /dev/null +++ b/lib/sec_library/include/rsa.h @@ -0,0 +1,264 @@ +/* + * Copyright (C) 2017-2021 Alibaba Group Holding Limited + */ +/****************************************************************************** + * @file drv/rsa.h + * @brief Header File for RSA Driver + * @version V1.0 + * @date 02. June 2020 + * @model rsa + ******************************************************************************/ +#ifndef _DRV_RSA_H_ +#define _DRV_RSA_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include <stdint.h> +#include <drv/common.h> + +/*----- RSA Control Codes: Mode Parameters: Key Bits -----*/ +typedef enum { + RSA_KEY_BITS_192 = 0, ///< 192 Key bits + RSA_KEY_BITS_256, ///< 256 Key bits + RSA_KEY_BITS_512, ///< 512 Key bits + RSA_KEY_BITS_1024, ///< 1024 Key bits + RSA_KEY_BITS_2048, ///< 2048 Key bits + RSA_KEY_BITS_3072, ///< 3072 Key bits + RSA_KEY_BITS_4096 ///< 4096 Key bits +} csi_rsa_key_bits_t; + +typedef enum { + RSA_PADDING_MODE_NO = 0, ///< RSA NO Padding Mode + RSA_PADDING_MODE_PKCS1, ///< RSA PKCS1 Padding Mode + RSA_PADDING_MODE_PKCS1_OAEP, ///< RSA PKCS1 OAEP Padding Mode + RSA_PADDING_MODE_SSLV23, ///< RSA SSLV23 Padding Mode + RSA_PADDING_MODE_X931, ///< RSA X931 Padding Mode + RSA_PADDING_MODE_PSS ///< RSA PSS Padding Mode +} csi_rsa_padding_type_t; + +typedef enum { + RSA_HASH_TYPE_MD5 = 0, + RSA_HASH_TYPE_SHA1, + RSA_HASH_TYPE_SHA224, + RSA_HASH_TYPE_SHA256, + RSA_HASH_TYPE_SHA384, + RSA_HASH_TYPE_SHA512 +} csi_rsa_hash_type_t; + +typedef struct { + void *n; ///< Pointer to the public modulus + void *e; ///< Pointer to the public exponent + void *d; ///< Pointer to the private exponent + csi_rsa_key_bits_t key_bits; ///< RSA KEY BITS + csi_rsa_padding_type_t padding_type; ///< RSA PADDING TYPE +} csi_rsa_context_t; + +/** +\brief RSA State +*/ +typedef struct { + uint8_t busy : 1; ///< Calculate busy flag + uint8_t error : 1; ///< Calculate error flag +} csi_rsa_state_t; + +typedef struct { + csi_dev_t dev; + void *cb; + void *arg; + csi_rsa_state_t state; + void *prim; +} csi_rsa_t; + +typedef struct { + uint32_t pout[64]; + uint8_t *pouts; + uint32_t *pout_size; + uint32_t u32keywords; + uint8_t *pdst; + uint32_t u32padding; + uint32_t u32dst_words; + uint32_t u32type; + uint32_t rsa_state; +}rsa_middle_t; + +/****** RSA Event *****/ +typedef enum { + RSA_EVENT_COMPLETE = 0, ///< rsa event completed + RSA_EVENT_VERIFY_SUCCESS, + RSA_EVENT_VERIFY_FAILED, + RSA_EVENT_ERROR, ///< error event +} csi_rsa_event_t; + +typedef void (*csi_rsa_callback_t)(csi_rsa_t *rsa, csi_rsa_event_t event, void *arg); ///< Pointer to \ref csi_rsa_callback_t : RSA Event call back. + +/** + \brief Initialize RSA Interface. 1. Initializes the resources needed for the RSA interface 2.registers event callback function + \param[in] rsa RSA handle to operate. + \param[in] idx Device id + \return Error code \ref csi_error_t +*/ +csi_error_t csi_rsa_init(csi_rsa_t *rsa, uint32_t idx); + +/** + \brief De-initialize RSA Interface. stops operation and releases the software resources used by the interface + \param[in] rsa RSA handle to operate. + \return none +*/ +void csi_rsa_uninit(csi_rsa_t *rsa); + +/** + \brief Attach the callback handler to RSA + \param[in] rsa Operate handle. + \param[in] cb Callback function + \param[in] arg User can define it by himself as callback's param + \return Error code \ref csi_error_t +*/ +csi_error_t csi_rsa_attach_callback(csi_rsa_t *rsa, csi_rsa_callback_t cb, void *arg); + +/** + \brief Detach the callback handler + \param[in] rsa Operate handle. +*/ +void csi_rsa_detach_callback(csi_rsa_t *rsa); + +/** + \brief Generate rsa key pair. + \param[in] rsa RSA handle to operate. + \param[out] context Pointer to the rsa context + \return Error code \ref csi_error_t +*/ +csi_error_t csi_rsa_gen_key(csi_rsa_t *rsa, csi_rsa_context_t *context); + +/** + \brief Encrypt + \param[in] rsa RSA handle to operate. + \param[in] context Pointer to the rsa context + \param[in] src Pointer to the source data. + \param[in] src_size The source data len + \param[out] out Pointer to the result buffer + \return Error code \ref csi_error_t +*/ +csi_error_t csi_rsa_encrypt(csi_rsa_t *rsa, csi_rsa_context_t *context, void *src, uint32_t src_size, void *out); + +/** + \brief decrypt + \param[in] rsa RSA handle to operate. + \param[in] context Pointer to the rsa context + \param[in] src Pointer to the source data. + \param[in] src_size The source data len + \param[out] out Pointer to the result buffer + \param[out] out_size The result size + \return Error code \ref csi_error_t +*/ +csi_error_t csi_rsa_decrypt(csi_rsa_t *rsa, csi_rsa_context_t *context, void *src, uint32_t src_size, void *out, uint32_t *out_size); + +/** + \brief RSA sign + \param[in] rsa RSA handle to operate. + \param[in] context Pointer to the rsa context + \param[in] src Pointer to the source data. + \param[in] src_size The source data len + \param[out] signature Pointer to the signature + \param[in] hash_type The source data hash type + \return Error code \ref csi_error_t +*/ +csi_error_t csi_rsa_sign(csi_rsa_t *rsa, csi_rsa_context_t *context, void *src, uint32_t src_size, void *signature, csi_rsa_hash_type_t hash_type); + +/** + \brief RSA verify + \param[in] rsa RSA handle to operate. + \param[in] context Pointer to the rsa context + \param[in] src Pointer to the source data. + \param[in] src_size The source data len + \param[in] signature Pointer to the signature + \param[in] sig_size The signature size + \param[in] hash_type The source data hash type + \return Verify result +*/ +bool csi_rsa_verify(csi_rsa_t *rsa, csi_rsa_context_t *context, void *src, uint32_t src_size, void *signature, uint32_t sig_size, csi_rsa_hash_type_t hash_type); + +/** + \brief encrypt(async mode) + \param[in] rsa RSA handle to operate. + \param[in] context Pointer to the rsa context + \param[in] src Pointer to the source data. + \param[in] src_size The source data len + \param[out] out Pointer to the result buffer + \return Error code \ref csi_error_t +*/ +csi_error_t csi_rsa_encrypt_async(csi_rsa_t *rsa, csi_rsa_context_t *context, void *src, uint32_t src_size, void *out); + +/** + \brief decrypt(async mode) + \param[in] rsa RSA handle to operate. + \param[in] context Pointer to the rsa context + \param[in] src Pointer to the source data. + \param[in] src_size The source data len + \param[out] out Pointer to the result buffer + \param[out] out_size The result size + \return Error code \ref csi_error_t +*/ +csi_error_t csi_rsa_decrypt_async(csi_rsa_t *rsa, csi_rsa_context_t *context, void *src, uint32_t src_size, void *out, uint32_t *out_size); + +/** + \brief RSA sign(async mode) + \param[in] rsa RSA handle to operate. + \param[in] context Pointer to the rsa context + \param[in] src Pointer to the source data. + \param[in] src_size The source data len + \param[out] signature Pointer to the signature + \param[in] hash_type The source data hash type + \return Error code \ref csi_error_t +*/ +csi_error_t csi_rsa_sign_async(csi_rsa_t *rsa, csi_rsa_context_t *context, void *src, uint32_t src_size, void *signature, csi_rsa_hash_type_t hash_type); + +/** + \brief RSA verify(async mode) + \param[in] rsa RSA handle to operate. + \param[in] context Pointer to the rsa context + \param[in] src Pointer to the source data. + \param[in] src_size The source data len + \param[in] signature Pointer to the signature + \param[in] sig_size The signature size + \param[in] hash_type The source data hash type + \return Verify result +*/ +csi_error_t csi_rsa_verify_async(csi_rsa_t *rsa, csi_rsa_context_t *context, void *src, uint32_t src_size, void *signature, uint32_t sig_size, csi_rsa_hash_type_t hash_type); + +/** + \brief Get RSA state. + \param[in] rsa RSA handle to operate. + \param[out] state RSA state \ref csi_rsa_state_t. + \return Error code \ref csi_error_t +*/ +csi_error_t csi_rsa_get_state(csi_rsa_t *rsa, csi_rsa_state_t *state); + +/** + \brief Get big prime data + \param[in] rsa RSA handle to operate. + \param[in] p Pointer to the prime + \param[in] bit_length Pointer to the prime bit length + \return Error code \ref csi_error_t +*/ +csi_error_t csi_rsa_get_prime(csi_rsa_t *rsa, void *p, uint32_t bit_length); + +/** + \brief Enable rsa power manage + \param[in] rsa RSA handle to operate. + \return Error code \ref csi_error_t +*/ +csi_error_t csi_rsa_enable_pm(csi_rsa_t *rsa); + +/** + \brief Disable rsa power manage + \param[in] rsa RSA handle to operate. +*/ +void csi_rsa_disable_pm(csi_rsa_t *rsa); + +#ifdef __cplusplus +} +#endif + +#endif /* _DRV_RSA_H_ */ diff --git a/lib/sec_library/include/sec_crypto_aes.h b/lib/sec_library/include/sec_crypto_aes.h new file mode 100755 index 00000000..47c45c05 --- /dev/null +++ b/lib/sec_library/include/sec_crypto_aes.h @@ -0,0 +1,263 @@ +/* + * Copyright (C) 2017-2021 Alibaba Group Holding Limited + */ +/****************************************************************************** + * @file seccrypt_aes.h + * @brief Header File for AES + * @version V1.0 + * @date 20. Jul 2020 + * @model aes + ******************************************************************************/ +#ifndef _SC_AES_H_ +#define _SC_AES_H_ + +#include <stdint.h> +#include <sec_crypto_errcode.h> + +#ifdef CONFIG_SYSTEM_SECURE +#include "drv/aes.h" +#endif + +#ifdef CONFIG_SEC_CRYPTO_AES_SW +#include "crypto_aes.h" +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +typedef enum { + SC_AES_KEY_LEN_BITS_128 = 0U, ///< 128 Data bits + SC_AES_KEY_LEN_BITS_192, ///< 192 Data bits + SC_AES_KEY_LEN_BITS_256 ///< 256 Data bits +} sc_aes_key_bits_t; + +/** +\brief AES Ctrl Block +*/ +typedef struct { +#ifdef CONFIG_SYSTEM_SECURE +#ifdef CONFIG_CSI_V1 + aes_handle_t handle; + unsigned char key[32]; + unsigned int key_len; +#endif +#ifdef CONFIG_CSI_V2 + csi_aes_t csi_aes; + //unsigned char sc_ctx[SC_AES_CTX_SIZE]; +#endif +#endif +#if defined(CONFIG_TEE_CA) + unsigned char key[32]; + unsigned int key_len; +#endif +#if defined(CONFIG_SEC_CRYPTO_AES_SW) + sc_mbedtls_aes_context aes_ctx; +#endif + //void *ctx; +} sc_aes_t; + +// Function documentation +/** + \brief Initialize AES Interface. Initializes the resources needed for the AES interface + \param[in] aes operate handle + \param[in] idx device id + \return error code \ref uint32_t +*/ +uint32_t sc_aes_init(sc_aes_t *aes, uint32_t idx); + +/** + \brief De-initialize AES Interface. stops operation and releases the software resources used by the interface + \param[in] aes handle to operate + \return None +*/ +void sc_aes_uninit(sc_aes_t *aes); + +/** + \brief Set encrypt key + \param[in] aes handle to operate + \param[in] key Pointer to the key buf + \param[in] key_len Pointer to \ref sc_aes_key_bits_t + \return error code \ref uint32_t +*/ +uint32_t sc_aes_set_encrypt_key(sc_aes_t *aes, void *key, sc_aes_key_bits_t key_len); + +/** + \brief Set decrypt key + \param[in] aes handle to operate + \param[in] key Pointer to the key buf + \param[in] key_len Pointer to \ref sc_aes_key_bits_t + \return error code \ref uint32_t +*/ +uint32_t sc_aes_set_decrypt_key(sc_aes_t *aes, void *key, sc_aes_key_bits_t key_len); + +/** + \brief Aes ecb encrypt + \param[in] aes handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \return error code \ref uint32_t +*/ +uint32_t sc_aes_ecb_encrypt(sc_aes_t *aes, void *in, void *out, uint32_t size); + +/** + \brief Aes ecb decrypt + \param[in] aes handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \return error code \ref uint32_t +*/ +uint32_t sc_aes_ecb_decrypt(sc_aes_t *aes, void *in, void *out, uint32_t size); + +/** + \brief Aes cbc encrypt + \param[in] aes handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \return error code \ref uint32_t +*/ +uint32_t sc_aes_cbc_encrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, void *iv); + +/** + \brief Aes cbc decrypt + \param[in] aes handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \return error code \ref uint32_t +*/ +uint32_t sc_aes_cbc_decrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, void *iv); + +/** + \brief Aes cfb1 encrypt + \param[in] aes handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \return error code \ref uint32_t +*/ +uint32_t sc_aes_cfb1_encrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, void *iv); + +/** + \brief Aes cfb1 decrypt + \param[in] aes handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \return error code \ref uint32_t +*/ +uint32_t sc_aes_cfb1_decrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, void *iv); + +/** + \brief Aes cfb8 encrypt + \param[in] aes handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \return error code \ref uint32_t +*/ +uint32_t sc_aes_cfb8_encrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, void *iv); + +/** + \brief Aes cfb8 decrypt + \param[in] aes handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \return error code \ref uint32_t +*/ +uint32_t sc_aes_cfb8_decrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, void *iv); + +/** + \brief Aes cfb128 decrypt + \param[in] aes handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \param[out] num the number of the 128-bit block we have used + \return error code \ref uint32_t +*/ +uint32_t sc_aes_cfb128_decrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, void *iv, + uint32_t *num); + +/** + \brief Aes cfb128 encrypt + \param[in] aes handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \param[out] num the number of the 128-bit block we have used + \return error code \ref uint32_t +*/ +uint32_t sc_aes_cfb128_encrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, void *iv, + uint32_t *num); +/** + \brief Aes ofb encrypt + \param[in] aes handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \param[out] num the number of the 128-bit block we have used + \return error code \ref uint32_t +*/ +uint32_t sc_aes_ofb_encrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, void *iv, + uint32_t *num); +/** + \brief Aes ofb decrypt + \param[in] aes handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \param[out] num the number of the 128-bit block we have used + \return error code \ref uint32_t +*/ +uint32_t sc_aes_ofb_decrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, void *iv, + uint32_t *num); +/** + \brief Aes ctr encrypt + \param[in] aes handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] nonce_counter Pointer to the 128-bit nonce and counter + \param[in] stream_block Pointer to the saved stream-block for resuming + \param[in] iv init vector + \param[out] num the number of the 128-bit block we have used + \return error code \ref uint32_t +*/ +uint32_t sc_aes_ctr_encrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, + uint8_t nonce_counter[16], uint8_t stream_block[16], void *iv, + uint32_t *num); +/** + \brief Aes ctr decrypt + \param[in] aes handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] nonce_counter Pointer to the 128-bit nonce and counter + \param[in] stream_block Pointer to the saved stream-block for resuming + \param[in] iv init vecotr + \param[out] num the number of the 128-bit block we have used + \return error code \ref uint32_t +*/ +uint32_t sc_aes_ctr_decrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, + uint8_t nonce_counter[16], uint8_t stream_block[16], void *iv, + uint32_t *num); + +#ifdef __cplusplus +} +#endif +#endif /* _SC_AES_H_ */ diff --git a/lib/sec_library/include/sec_crypto_common.h b/lib/sec_library/include/sec_crypto_common.h new file mode 100644 index 00000000..ad5ac4ff --- /dev/null +++ b/lib/sec_library/include/sec_crypto_common.h @@ -0,0 +1,27 @@ +/* + * Copyright (C) 2019-2021 Alibaba Group Holding Limited + */ + + +#ifndef __SEC_CRYPTO_COMMON_H__ +#define __SEC_CRYPTO_COMMON_H__ + +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + + +#include "rambus.h" +#include "sec_crypto_errcode.h" +#include "sec_crypto_aes.h" +#include "sec_crypto_rng.h" +#include "sec_crypto_rsa.h" +#include "sec_crypto_sha.h" +#include "sec_crypto_sm2.h" +#include "sec_crypto_sm4.h" + +#define SC_lOG(...) + +#endif + diff --git a/lib/sec_library/include/sec_crypto_errcode.h b/lib/sec_library/include/sec_crypto_errcode.h new file mode 100755 index 00000000..04b2e561 --- /dev/null +++ b/lib/sec_library/include/sec_crypto_errcode.h @@ -0,0 +1,92 @@ +/* + * Copyright (C) 2019-2021 Alibaba Group Holding Limited + */ + +#ifndef _SC_ERRCODE_H +#define _SC_ERRCODE_H + +/* common */ + +#ifndef SC_OK +#define SC_ERROR_BASE 0x10000000 +#define SC_OK 0 +#define SC_FAIL SC_ERROR_BASE + 1 +#define SC_MEM_OVERFLOW SC_ERROR_BASE + 2 +#define SC_PARAM_INV SC_ERROR_BASE + 3 +#define SC_OPERATION_BUSY SC_ERROR_BASE + 4 +#define SC_AUTH_FAIL SC_ERROR_BASE + 5 +#define SC_CRYPT_FAIL SC_ERROR_BASE + 6 +#define SC_NOT_SUPPORT SC_ERROR_BASE + 7 +#define SC_INVALID_PADDING SC_ERROR_BASE + 8 +#define SC_BAD_INPUT_DATA SC_ERROR_BASE + 9 +#define SC_INVALID_KEY_LENGTH SC_ERROR_BASE + 10 +#define SC_INVALID_INPUT_LENGTH SC_ERROR_BASE + 11 +#define SC_FEATURE_UNAVAILABLE SC_ERROR_BASE + 12 +#define SC_HW_ACCEL_FAILED SC_ERROR_BASE + 13 +#define SC_CCM_AUTH_FAILED SC_ERROR_BASE + 14 +#define SC_KEY_GEN_FAILED SC_ERROR_BASE + 15 +#define SC_KEY_CHECK_FAILED SC_ERROR_BASE + 16 +#define SC_PUBLIC_FAILED SC_ERROR_BASE + 17 +#define SC_PRIVATE_FAILED SC_ERROR_BASE + 18 +#define SC_VERIFY_FAILED SC_ERROR_BASE + 19 +#define SC_OUTPUT_TOO_LARGE SC_ERROR_BASE + 20 +#define SC_RNG_FAILED SC_ERROR_BASE + 21 +#define SC_BUFFER_TOO_SMALL SC_ERROR_BASE + 22 +#define SC_INVALID_FORMAT SC_ERROR_BASE + 23 +#define SC_ALLOC_FAILED SC_ERROR_BASE + 24 +#define SC_DRV_FAILED SC_ERROR_BASE + 25 + +#define CHECK_RET(x) \ + do { \ + if (!(x)) { \ + LOG_CRIT("err %s, %d\n", __FUNCTION__, __LINE__); \ + return; \ + } \ + } while (0) + +#define CHECK_RET_WITH_RET(x, ret) \ + do { \ + if (!(x)) { \ + LOG_CRIT("err %s, %d\n", __FUNCTION__, __LINE__); \ + return ret; \ + } \ + } while (0) + +#define CHECK_16byte_ALIGNMENT(_i, ret) \ + if ((((uint64_t)_i) & 0xF) != 0) { \ + LOG_CRIT("err %s, %d\n", __FUNCTION__, __LINE__); \ + return ret; \ + } + +#define CHECK_32byte_ALIGNMENT(_i, ret) \ + if ((((uint64_t)_i) & 0x1F) != 0) { \ + LOG_CRIT("err %s, %d\n", __FUNCTION__, __LINE__); \ + return ret; \ + } + +#define CHECK_64byte_ALIGNMENT(_i, ret) \ + if ((((uint64_t)_i) & 0x3F) != 0) { \ + LOG_CRIT("err %s, %d\n", __FUNCTION__, __LINE__); \ + return ret; \ + } + +#define CHECK_PARAM_RET(c, r) \ + do { \ + if (!(c)) { \ + LOG_CRIT("err %s, %d\n", __FUNCTION__, __LINE__); \ + return (r); \ + } \ + } while (0) + +#define CHECK_RET_VOID(c) \ + do { \ + if (!(c)) { \ + LOG_CRIT("err %s, %d\n", __FUNCTION__, __LINE__); \ + return; \ + } \ + } while (0) + +#define CHECK_PARAM CHECK_PARAM_RET +#endif + +#endif diff --git a/lib/sec_library/include/sec_crypto_rng.h b/lib/sec_library/include/sec_crypto_rng.h new file mode 100755 index 00000000..4832c882 --- /dev/null +++ b/lib/sec_library/include/sec_crypto_rng.h @@ -0,0 +1,41 @@ +/* + * Copyright (C) 2017-2021 Alibaba Group Holding Limited + */ +/****************************************************************************** + * @file seccrypt_rng.h + * @brief Header File for RNG + * @version V1.0 + * @date 20. Jul 2020 + * @model rng + ******************************************************************************/ +#ifndef _SC_RNG_H_ +#define _SC_RNG_H_ + + +#include <stdint.h> +#include <sec_crypto_errcode.h> + + +#ifdef __cplusplus +extern "C" { +#endif + +/** + \brief Get data from the TRNG engine + \param[out] data Pointer to buffer with data get from TRNG + \param[in] num Number of data items,uinit in uint32 + \return error code +*/ +uint32_t sc_rng_get_multi_word(uint32_t *data, uint32_t num); + +/** + \brief Get data from the TRNG engine + \return error code +*/ +uint32_t sc_rng_get_single_word(uint32_t *data); + +#ifdef __cplusplus +} +#endif + +#endif /* _DRV_TRNG_H_ */ diff --git a/lib/sec_library/include/sec_crypto_rsa.h b/lib/sec_library/include/sec_crypto_rsa.h new file mode 100755 index 00000000..03defbe4 --- /dev/null +++ b/lib/sec_library/include/sec_crypto_rsa.h @@ -0,0 +1,293 @@ +/* + * Copyright (C) 2017-2021 Alibaba Group Holding Limited + */ +/****************************************************************************** + * @file seccrypt_rsa.h + * @brief Header File for RSA + * @version V1.0 + * @date 20. Jul 2020 + * @model rsa + ******************************************************************************/ +#ifndef _SC_RSA_H_ +#define _SC_RSA_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef CONFIG_SYSTEM_SECURE +#include "drv/rsa.h" +#endif + + +#ifdef CONFIG_SEC_CRYPTO_RSA_SW +#include "crypto_rsa.h" +#endif + + +#include <stdint.h> +#include <stdbool.h> +#include <drv/common.h> +#include <sec_crypto_errcode.h> + + +//TODO Del this file after updating to sc2.0 + +/*----- RSA Control Codes: Mode Parameters: Key Bits -----*/ +typedef enum { + SC_RSA_KEY_BITS_192 = 0, ///< 192 Key bits + SC_RSA_KEY_BITS_256, ///< 256 Key bits + SC_RSA_KEY_BITS_512, ///< 512 Key bits + SC_RSA_KEY_BITS_1024, ///< 1024 Key bits + SC_RSA_KEY_BITS_2048, ///< 2048 Key bits + SC_RSA_KEY_BITS_3072, ///< 3072 Key bits + SC_RSA_KEY_BITS_4096 ///< 4096 Key bits +} sc_rsa_key_bits_t; + +typedef enum { + SC_RSA_PADDING_MODE_NO = 0, ///< RSA NO Padding Mode + SC_RSA_PADDING_MODE_PKCS1, ///< RSA PKCS1 Padding Mode + SC_RSA_PADDING_MODE_PKCS1_OAEP, ///< RSA PKCS1 OAEP Padding Mode + SC_RSA_PADDING_MODE_SSLV23, ///< RSA SSLV23 Padding Mode + SC_RSA_PADDING_MODE_X931, ///< RSA X931 Padding Mode + SC_RSA_PADDING_MODE_PSS ///< RSA PSS Padding Mode +} sc_rsa_padding_type_t; + +typedef enum { + SC_RSA_HASH_TYPE_MD5 = 0, + SC_RSA_HASH_TYPE_SHA1, + SC_RSA_HASH_TYPE_SHA224, + SC_RSA_HASH_TYPE_SHA256, + SC_RSA_HASH_TYPE_SHA384, + SC_RSA_HASH_TYPE_SHA512 +} sc_rsa_hash_type_t; + +typedef struct { +// #if (defined(CONFIG_SYSTEM_SECURE) && defined(CONFIG_CSI_V2)) +// csi_rsa_context_t rsa_ctx; +// #else + void * n; ///< Pointer to the public modulus + void * e; ///< Pointer to the public exponent + void * d; ///< Pointer to the private exponent + sc_rsa_key_bits_t key_bits; ///< RSA KEY BITS + sc_rsa_padding_type_t padding_type; ///< RSA PADDING TYPE + sc_rsa_hash_type_t hash_type; +// #endif +} sc_rsa_context_t; + +/** +\brief RSA State +*/ +typedef struct { + uint8_t busy : 1; ///< Calculate busy flag + uint8_t error : 1; ///< Calculate error flag +} sc_rsa_state_t; + +typedef struct { +#ifdef CONFIG_SYSTEM_SECURE +#ifdef CONFIG_CSI_V1 + rsa_handle_t handle; +#endif /* CONFIG_CSI_V1 */ +#ifdef CONFIG_CSI_V2 + csi_rsa_t csi_rsa; +#endif +#endif +#if defined(CONFIG_SEC_CRYPTO_RSA_SW) + sc_mbedtls_rsa_context rsa_ctx; +#endif + sc_rsa_key_bits_t bits; +} sc_rsa_t; + +/****** RSA Event *****/ +typedef enum { + SC_RSA_EVENT_COMPLETE = 0, ///< rsa event completed + SC_RSA_EVENT_VERIFY_SUCCESS, + SC_RSA_EVENT_VERIFY_FAILED, + SC_RSA_EVENT_ERROR, ///< error event +} sc_rsa_event_t; + +typedef void (*sc_rsa_callback_t)( + sc_rsa_t *rsa, sc_rsa_event_t event, + void *arg); ///< Pointer to \ref sc_rsa_callback_t : RSA Event call back. + +// Function documentation + +/** + \brief Initialize RSA Interface. 1. Initializes the resources needed for the RSA interface 2.registers event callback function + \param[in] rsa rsa handle to operate. + \param[in] idx device id + \param[in] data_bits rsa bit width + \return \ref uint32_t +*/ +uint32_t sc_rsa_init(sc_rsa_t *rsa, uint32_t idx, sc_rsa_key_bits_t data_bits); + +/** + \brief De-initialize RSA Interface. stops operation and releases the software resources used by the interface + \param[in] rsa rsa handle to operate. + \return none +*/ +void sc_rsa_uninit(sc_rsa_t *rsa); + +/** + \brief attach the callback handler to RSA + \param[in] rsa operate handle. + \param[in] cb callback function + \param[in] arg user can define it by himself as callback's param + \return error code +*/ +uint32_t sc_rsa_attach_callback(sc_rsa_t *rsa, sc_rsa_callback_t cb, void *arg); + +/** + \brief detach the callback handler + \param[in] rsa operate handle. +*/ +void sc_rsa_detach_callback(sc_rsa_t *rsa); + +/** + \brief generate rsa key pair. + \param[in] rsa rsa handle to operate. + \param[out] context Pointer to the rsa context + \return \ref uint32_t +*/ +uint32_t sc_rsa_gen_key(sc_rsa_t *rsa, sc_rsa_context_t *context); + +/** + \brief encrypt + \param[in] rsa rsa handle to operate. + \param[in] context Pointer to the rsa context + \param[in] src Pointer to the source data. + \param[in] src_size the source data len + \param[out] out Pointer to the result buffer + \return \ref uint32_t +*/ +uint32_t sc_rsa_encrypt(sc_rsa_t *rsa, sc_rsa_context_t *context, void *src, + uint32_t src_size, void *out); + +/** + \brief decrypt + \param[in] rsa rsa handle to operate. + \param[in] context Pointer to the rsa context + \param[in] src Pointer to the source data. + \param[in] src_size the source data len + \param[out] out Pointer to the result buffer + \param[out] out_size the result size + \return \ref uint32_t +*/ +uint32_t sc_rsa_decrypt(sc_rsa_t *rsa, sc_rsa_context_t *context, void *src, + uint32_t src_size, void *out, uint32_t *out_size); + +/** + \brief rsa sign + \param[in] rsa rsa handle to operate. + \param[in] context Pointer to the rsa context + \param[in] src Pointer to the source data. + \param[in] src_size the source data len + \param[out] signature Pointer to the signature + \param[in] hash_type the source data hash type + \return \ref uint32_t +*/ +uint32_t sc_rsa_sign(sc_rsa_t *rsa, sc_rsa_context_t *context, void *src, uint32_t src_size, + void *signature, sc_rsa_hash_type_t hash_type); + +/** + \brief rsa verify + \param[in] rsa rsa handle to operate. + \param[in] context Pointer to the rsa context + \param[in] src Pointer to the source data. + \param[in] src_size the source data len + \param[in] signature Pointer to the signature + \param[in] sig_size the signature size + \param[in] hash_type the source data hash type + \return verify result +*/ +bool sc_rsa_verify(sc_rsa_t *rsa, sc_rsa_context_t *context, void *src, uint32_t src_size, + void *signature, uint32_t sig_size, sc_rsa_hash_type_t hash_type); + +/** + \brief encrypt(async mode) + \param[in] rsa rsa handle to operate. + \param[in] context Pointer to the rsa context + \param[in] src Pointer to the source data. + \param[in] src_size the source data len + \param[out] out Pointer to the result buffer + \return \ref uint32_t +*/ +uint32_t sc_rsa_encrypt_async(sc_rsa_t *rsa, sc_rsa_context_t *context, void *src, + uint32_t src_size, void *out); + +/** + \brief decrypt(async mode) + \param[in] rsa rsa handle to operate. + \param[in] context Pointer to the rsa context + \param[in] src Pointer to the source data. + \param[in] src_size the source data len + \param[out] out Pointer to the result buffer + \param[out] out_size the result size + \return \ref uint32_t +*/ +uint32_t sc_rsa_decrypt_async(sc_rsa_t *rsa, sc_rsa_context_t *context, void *src, + uint32_t src_size, void *out, uint32_t *out_size); + +/** + \brief rsa sign(async mode) + \param[in] rsa rsa handle to operate. + \param[in] context Pointer to the rsa context + \param[in] src Pointer to the source data. + \param[in] src_size the source data len + \param[out] signature Pointer to the signature + \param[in] hash_type the source data hash type + \return \ref uint32_t +*/ +uint32_t sc_rsa_sign_async(sc_rsa_t *rsa, sc_rsa_context_t *context, void *src, + uint32_t src_size, void *signature, sc_rsa_hash_type_t hash_type); + +/** + \brief rsa verify(async mode) + \param[in] rsa rsa handle to operate. + \param[in] context Pointer to the rsa context + \param[in] src Pointer to the source data. + \param[in] src_size the source data len + \param[in] signature Pointer to the signature + \param[in] sig_size the signature size + \param[in] hash_type the source data hash type + \return verify result +*/ +uint32_t sc_rsa_verify_async(sc_rsa_t *rsa, sc_rsa_context_t *context, void *src, + uint32_t src_size, void *signature, uint32_t sig_size, + sc_rsa_hash_type_t hash_type); + +/** + \brief Get RSA state. + \param[in] rsa rsa handle to operate. + \param[out] state rsa state \ref sc_rsa_state_t. + \return \ref uint32_t +*/ +uint32_t sc_rsa_get_state(sc_rsa_t *rsa, sc_rsa_state_t *state); + +/** + \brief Get big prime data + \param[in] rsa rsa handle to operate. + \param[in] p Pointer to the prime + \param[in] bit_length Pointer to the prime bit length + \return \ref uint32_t +*/ +uint32_t sc_rsa_get_prime(sc_rsa_t *rsa, void *p, uint32_t bit_length); + +/** + \brief enable rsa power manage + \param[in] rsa rsa handle to operate. + \return error code +*/ +uint32_t sc_rsa_enable_pm(sc_rsa_t *rsa); + +/** + \brief disable rsa power manage + \param[in] rsa rsa handle to operate. +*/ +void sc_rsa_disable_pm(sc_rsa_t *rsa); + +#ifdef __cplusplus +} +#endif + +#endif /* _SC_RSA_H_ */ diff --git a/lib/sec_library/include/sec_crypto_sha.h b/lib/sec_library/include/sec_crypto_sha.h new file mode 100755 index 00000000..aa31fde2 --- /dev/null +++ b/lib/sec_library/include/sec_crypto_sha.h @@ -0,0 +1,173 @@ +/* + * Copyright (C) 2017-2021 Alibaba Group Holding Limited + */ +/****************************************************************************** + * @file seccrypt_sha.h + * @brief Header File for SHA + * @version V1.0 + * @date 20. Jul 2020 + * @model sha + ******************************************************************************/ +#ifndef _SC_SHA_H_ +#define _SC_SHA_H_ + +#include <stdint.h> +#ifdef CONFIG_SYSTEM_SECURE +#include "drv/sha.h" +#include "soc.h" +#endif +#ifdef CONFIG_SEC_CRYPTO_SM3 +#include "drv/sm3.h" +#endif + +#include <sec_crypto_errcode.h> + + +#ifdef CONFIG_SEC_CRYPTO_SHA_SW +#include "crypto_sha1.h" +#include "crypto_sha256.h" +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/*----- SHA Control Codes: Mode -----*/ +typedef enum { + SC_SHA_MODE_1 = 1U, ///< SHA_1 mode + SC_SHA_MODE_256, ///< SHA_256 mode + SC_SHA_MODE_224, ///< SHA_224 mode + SC_SHA_MODE_512, ///< SHA_512 mode + SC_SHA_MODE_384, ///< SHA_384 mode + SC_SHA_MODE_512_256, ///< SHA_512_256 mode + SC_SHA_MODE_512_224, ///< SHA_512_224 mode + SC_SM3_MODE, +} sc_sha_mode_t; + +/** +\brief SHA State +*/ +typedef struct { + uint32_t busy : 1; ///< calculate busy flag + uint32_t error : 1; ///< calculate error flag +} sc_sha_state_t; + +typedef struct { +#ifdef CONFIG_SYSTEM_SECURE +#ifdef CONFIG_CSI_V1 +uint8_t ctx[SHA_CONTEXT_SIZE]; +#endif /* CONFIG_CSI_V1 */ +#ifdef CONFIG_CSI_V2 + csi_sha_context_t ctx; + csi_sm3_context_t sm3ctx; +#endif +#endif +#if defined(CONFIG_TEE_CA) + uint8_t ctx[224+8]; +#endif +#if defined(CONFIG_SEC_CRYPTO_SHA_SW) + sc_mbedtls_sha1_context sha1_ctx; + sc_mbedtls_sha256_context sha2_ctx; +#endif + sc_sha_mode_t mode; ///< sha mode +} sc_sha_context_t; + +/****** SHA Event *****/ +typedef enum { + SC_SHA_EVENT_COMPLETE = 0U, ///< calculate completed + SC_SHA_EVENT_ERROR ///< calculate error +} sc_sha_event_t; + +typedef struct sc_sha { +#ifdef CONFIG_SYSTEM_SECURE +#ifdef CONFIG_CSI_V1 + sha_handle_t handle; + sc_sha_context_t ctx; + sc_sha_mode_t mode; ///< sha mode +#endif /* CONFIG_CSI_V1 */ +#ifdef CONFIG_CSI_V2 + csi_sha_t csi_sha; + csi_sm3_t csi_sm3; +#endif +#endif +#if defined(CONFIG_TEE_CA) +#endif +} sc_sha_t; + +// Function documentation + +/** + \brief Initialize SHA Interface. Initializes the resources needed for the SHA interface + \param[in] sha operate handle. + \param[in] idx index of sha + \return error code \ref uint32_t +*/ +uint32_t sc_sha_init(sc_sha_t *sha, uint32_t idx); + +/** + \brief De-initialize SHA Interface. stops operation and releases the software resources used by the interface + \param[in] sha sha handle to operate. + \return none +*/ +void sc_sha_uninit(sc_sha_t *sha); + +/** + \brief attach the callback handler to SHA + \param[in] sha operate handle. + \param[in] callback callback function + \param[in] arg callback's param + \return error code +*/ +uint32_t sc_sha_attach_callback(sc_sha_t *sha, void *callback, void *arg); + +/** + \brief detach the callback handler + \param[in] sha operate handle. +*/ +void sc_sha_detach_callback(sc_sha_t *sha); + +/** + \brief start the engine + \param[in] sha sha handle to operate. + \param[in] context Pointer to the sha context \ref sc_sha_context_t + \param[in] mode sha mode \ref sc_sha_mode_t + \return error code \ref uint32_t +*/ +uint32_t sc_sha_start(sc_sha_t *sha, sc_sha_context_t *context, sc_sha_mode_t mode); + +/** + \brief update the engine + \param[in] sha sha handle to operate. + \param[in] context Pointer to the sha context \ref sc_sha_context_t + \param[in] input Pointer to the Source data + \param[in] size the data size + \return error code \ref uint32_t +*/ +uint32_t sc_sha_update(sc_sha_t *sha, sc_sha_context_t *context, const void *input, uint32_t size); + +/** + \brief accumulate the engine (async mode) + \param[in] sha sha handle to operate. + \param[in] context Pointer to the sha context \ref sc_sha_context_t + \param[in] input Pointer to the Source data + \param[in] size the data size + \return error code \ref uint32_t +*/ +uint32_t sc_sha_update_async(sc_sha_t *sha, sc_sha_context_t *context, const void *input, + uint32_t size); + +/** + \brief finish the engine + \param[in] sha sha handle to operate. + \param[in] context Pointer to the sha context \ref sc_sha_context_t + \param[out] output Pointer to the result data + \param[out] out_size Pointer to the result data size(bytes) + \return error code \ref uint32_t +*/ +uint32_t sc_sha_finish(sc_sha_t *sha, sc_sha_context_t *context, void *output, uint32_t *out_size); + +#ifdef __cplusplus +} +#endif + +#endif /* _sc_SHA_H_ */ diff --git a/lib/sec_library/include/sec_crypto_sm2.h b/lib/sec_library/include/sec_crypto_sm2.h new file mode 100755 index 00000000..e9e83203 --- /dev/null +++ b/lib/sec_library/include/sec_crypto_sm2.h @@ -0,0 +1,242 @@ +/* + * Copyright (C) 2017-2021 Alibaba Group Holding Limited + */ +/****************************************************************************** + * @file sec_crypt_sm2.h + * @brief Header File for SM2 + * @version V1.0 + * @date 20. Jul 2021 + * @model sm2 + ******************************************************************************/ +#ifndef _SC_SM2_H_ +#define _SC_SM2_H_ + +#ifdef CONFIG_SEC_CRYPTO_SM2 + +#ifdef __cplusplus +extern "C" { +#endif + +#include "drv/sm2.h" + +typedef struct { + uint32_t sm2_curve : 1; ///< supports 256bits curve +} sc_sm2_capabilities_t; + +/** +\brief SM2 ciphertext order +*/ +typedef enum { + SC_SM2_C1C3C2 = 0, + SC_SM2_C1C2C3, +} sc_sm2_cipher_order_e; + +typedef enum { + SC_SM2_ENDIAN_LITTLE = 0, ///< Little Endian + SC_SM2_ENDIAN_BIG ///< Big Endian +} sc_sm2_endian_mode_e; + +/** +\brief SM2 status +*/ +typedef struct { + uint32_t busy : 1; ///< Calculate busy flag +} sc_sm2_state_t; + +/** +\brief SM2 key exchange role +*/ +typedef enum { SC_SM2_Role_Sponsor = 0, SC_SM2_Role_Responsor } sc_sm2_exchange_role_e; + +/****** SM2 Event *****/ +typedef enum { + SC_SM2_EVENT_MAKE_KEY_COMPLETE = 0, ///< Make key completed + SC_SM2_EVENT_ENCRYPT_COMPLETE, ///< Encrypt completed + SC_SM2_EVENT_DECRYPT_COMPLETE, ///< Decrypt completed + SC_SM2_EVENT_SIGN_COMPLETE, ///< Sign completed + SC_SM2_EVENT_VERIFY_COMPLETE, ///< Verify completed + SC_SM2_EVENT_EXCHANGE_KEY_COMPLETE, ///< Exchange key completed +} sc_sm2_event_e; + +typedef struct { +#ifdef CONFIG_CSI_V2 + csi_sm2_t sm2; +#endif +} sc_sm2_t; + +///< Pointer to \ref sc_sm2_callback_t : SM2 Event call back. +typedef void (*sc_sm2_callback_t)(sc_sm2_event_e event); + +/** + \brief Initialize SM2. + \param[in] sm2 sm2 handle to operate. + \param[in] idx device id + \return \ref uint32_t +*/ +uint32_t sc_sm2_init(sc_sm2_t *sm2, uint32_t idx); + +/** + \brief De-initialize SM2 Interface. stops operation and releases the + software resources used by the interface \param[in] sm2 sm2 handle to + operate. \return none +*/ +void sc_sm2_uninit(sc_sm2_t *sm2); + +/** + \brief sm2 get capability. + \param[in] sm2 Operate handle. + \return \ref uint32_t +*/ +uint32_t sc_sm2_config(sc_sm2_t *sm2, sc_sm2_cipher_order_e co, + sc_sm2_endian_mode_e endian); + +/** + \brief Attach the callback handler to SM2 + \param[in] sm2 Operate handle. + \param[in] cb Callback function + \param[in] arg User can define it by himself as callback's param + \return Error code \ref uint32_t +*/ +uint32_t sc_sm2_attach_callback(sc_sm2_t *sm2, sc_sm2_callback_t cb, void *arg); + +/** + \brief Detach the callback handler + \param[in] sm2 Operate handle. +*/ +void sc_sm2_detach_callback(sc_sm2_t *sm2); + +/** + \brief sm2 get capability. + \param[in] sm2 Operate handle. + \param[out] cap Pointer of sc_sm2_capabilities_t. + \return \ref uint32_t +*/ +uint32_t sc_sm2_get_capabilities(sc_sm2_t *sm2, sc_sm2_capabilities_t *cap); + +uint32_t sc_sm2_check_keypair(sc_sm2_t *sm2, uint8_t pubkey[65], + uint8_t prikey[32]); + +/** + \brief generate sm2 key. + \param[in] sm2 sm2 handle to operate. + \param[out] private Pointer to the sm2 private key, alloc by caller. + \param[out] public Pointer to the sm2 public key, alloc by caller. + \return \ref uint32_t +*/ +uint32_t sc_sm2_gen_key(sc_sm2_t *sm2, uint8_t pubkey[65], uint8_t prikey[32]); + +/** + \brief sm2 sign + \param[in] sm2 sm2 handle to operate. + \param[in] d Pointer to the digest. + \param[out] privkey Pointer to the private key + \param[out] s Pointer to the signature + \return \ref uint32_t +*/ +uint32_t sc_sm2_sign(sc_sm2_t *sm2, uint8_t d[32], uint8_t prikey[32], + uint8_t s[64]); + +/** + \brief sm2 sign + \param[in] sm2 sm2 handle to operate. + \param[in] d Pointer to the digest. + \param[out] privkey Pointer to the private key + \param[out] s Pointer to the signature + \return \ref uint32_t +*/ +uint32_t sc_sm2_sign_async(sc_sm2_t *sm2, uint8_t d[32], uint8_t prikey[32], + uint8_t s[64]); + +/* TODO */ +/** + \brief sm2 verify + \param[in] sm2 sm2 handle to operate. + \param[in] d Pointer to the digest. + \param[out] privkey Pointer to the private key + \param[out] s Pointer to the signature + \return verify result +*/ +bool sc_sm2_verify(sc_sm2_t *sm2, uint8_t d[32], uint8_t pubkey[65], + uint8_t s[64]); + +/** + \brief sm2 verify + \param[in] sm2 sm2 handle to operate. + \param[in] d Pointer to the digest. + \param[out] privkey Pointer to the private key + \param[out] s Pointer to the signature + \return verify result +*/ +bool sc_sm2_verify_async(sc_sm2_t *sm2, uint8_t d[32], uint8_t pubkey[65], + uint8_t s[64]); + +/** + \brief sm2 encrypto + \param[in] sm2 sm2 handle to operate. + \param[in] plain Pointer to the plaintext. + \param[in] PlainByteLen plaintext len + \param[in] pubKey public key. + \param[out] cipher Pointer to the chipher + \param[out] cipher_byte_len Pointer to the chipher len. + \return uint32_t +*/ +uint32_t sc_sm2_encrypt(sc_sm2_t *sm2, uint8_t *plain, uint32_t plain_len, + uint8_t pubKey[65], uint8_t *cipher, + uint32_t *cipher_len); + +/** + \brief sm2 encrypto + \param[in] sm2 sm2 handle to operate. + \param[in] cipher Pointer to the chipher + \param[in] CipherByteLen chipher len. + \param[in] prikey private key. + \param[out] plain Pointer to the plaintext. + \param[out] PlainByteLen plaintext len + \return uint32_t +*/ +uint32_t sc_sm2_decrypt(sc_sm2_t *sm2, uint8_t *cipher, uint32_t cipher_len, + uint8_t prikey[32], uint8_t *plain, + uint32_t *plain_len); + +/** + \brief sm2 key exchange + \param[in] sm2 sm2 handle to operate. + \return uint32_t +*/ +uint32_t sc_sm2_exchangekey(sc_sm2_t *sm2, sc_sm2_exchange_role_e role, + uint8_t *da, uint8_t *pb, uint8_t *ra1, uint8_t *ra, + uint8_t *rb, uint8_t *za, uint8_t *zb, + uint32_t k_len, uint8_t *ka, uint8_t *s1, + uint8_t *sa); + +/** + \brief sm2 key exchange get Z. + \param[in] sm2 sm2 handle to operate. + \return uint32_t +*/ +uint32_t sc_sm2_getZ(sc_sm2_t *sm2, uint8_t *id, uint32_t id_len, + uint8_t pubkey[65], uint8_t z[32]); + +/** + \brief sm2 key exchange get E + \param[in] sm2 sm2 handle to operate. + \return uint32_t +*/ +uint32_t sc_sm2_getE(sc_sm2_t *sm2, uint8_t *m, uint32_t len, uint8_t z[32], + uint8_t e[32]); + +/** + \brief Get SM2 state. + \param[in] sm2 SM2 handle to operate. + \param[out] state SM2 state \ref sc_sm2_state_t. + \return Error code \ref uint32_t +*/ +uint32_t sc_sm2_get_state(sc_sm2_t *sm2, sc_sm2_state_t *state); + +#ifdef __cplusplus +extern "C" { +#endif + +#endif + +#endif /* _SC_SM2_H_ */ diff --git a/lib/sec_library/include/sec_crypto_sm4.h b/lib/sec_library/include/sec_crypto_sm4.h new file mode 100755 index 00000000..e8208145 --- /dev/null +++ b/lib/sec_library/include/sec_crypto_sm4.h @@ -0,0 +1,236 @@ +/* + * Copyright (C) 2017-2021 Alibaba Group Holding Limited + */ +/****************************************************************************** + * @file sec_crypt_sm4.h + * @brief Header File for SM4 + * @version V1.0 + * @date 20. Jul 2021 + * @model sm4 + ******************************************************************************/ + +#ifndef _SC_SM4_H_ +#define _SC_SM4_H_ + + +#ifdef CONFIG_CSI_V2 +#include "drv/sm4.h" +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/** +\brief SM4 Ctrl Block +*/ +typedef struct { +#ifdef CONFIG_CSI_V2 + csi_sm4_t sm4; +#endif +} sc_sm4_t; + +// Function documentation +/** + \brief Initialize sm4 Interface. Initializes the resources needed for + the sm4 interface \param[in] sm4 operate handle \param[in] idx device + id \return error code \ref uint32_t +*/ +uint32_t sc_sm4_init(sc_sm4_t *sm4, uint32_t idx); + +/** + \brief De-initialize sm4 Interface. stops operation and releases the + software resources used by the interface \param[in] sm4 handle to operate + \return None +*/ +void sc_sm4_uninit(sc_sm4_t *sm4); + +/** + \brief Set encrypt key + \param[in] sm4 handle to operate + \param[in] key Pointer to the key buf + \return error code \ref uint32_t +*/ +uint32_t sc_sm4_set_encrypt_key(sc_sm4_t *sm4, uint8_t *key); + +/** + \brief Set decrypt key + \param[in] sm4 handle to operate + \param[in] key Pointer to the key buf + \return error code \ref uint32_t +*/ +uint32_t sc_sm4_set_decrypt_key(sc_sm4_t *sm4, uint8_t *key); + +/** + \brief sm4 ecb encrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \return error code \ref uint32_t +*/ +uint32_t sc_sm4_ecb_encrypt(sc_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size); + +/** + \brief sm4 ecb decrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \return error code \ref uint32_t +*/ +uint32_t sc_sm4_ecb_decrypt(sc_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size); + +/** + \brief sm4 cbc encrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \return error code \ref uint32_t +*/ +uint32_t sc_sm4_cbc_encrypt(sc_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t *iv); + +/** + \brief sm4 cbc decrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \return error code \ref uint32_t +*/ +uint32_t sc_sm4_cbc_decrypt(sc_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t *iv); + +/** + \brief sm4 cfb1 encrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \return error code \ref uint32_t +*/ +uint32_t sc_sm4_cfb1_encrypt(sc_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t *iv); + +/** + \brief sm4 cfb1 decrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \return error code \ref uint32_t +*/ +uint32_t sc_sm4_cfb1_decrypt(sc_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t *iv); + +/** + \brief sm4 cfb8 encrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \return error code \ref uint32_t +*/ +uint32_t sc_sm4_cfb8_encrypt(sc_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t *iv); + +/** + \brief sm4 cfb8 decrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \return error code \ref uint32_t +*/ +uint32_t sc_sm4_cfb8_decrypt(sc_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t *iv); + +/** + \brief sm4 cfb128 decrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \param[out] num the number of the 128-bit block we have used + \return error code \ref uint32_t +*/ +uint32_t sc_sm4_cfb128_decrypt(sc_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t *iv, uint32_t *num); + +/** + \brief sm4 cfb128 encrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \param[out] num the number of the 128-bit block we have used + \return error code \ref uint32_t +*/ +uint32_t sc_sm4_cfb128_encrypt(sc_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t *iv, uint32_t *num); +/** + \brief sm4 ofb encrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \param[out] num the number of the 128-bit block we have used + \return error code \ref uint32_t +*/ +uint32_t sc_sm4_ofb_encrypt(sc_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t *iv, uint32_t *num); + +/** + \brief sm4 ofb encrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \param[out] num the number of the 128-bit block we have used + \return error code \ref uint32_t +*/ +uint32_t sc_sm4_ofb_decrypt(sc_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t *iv, uint32_t *num); + +/** + \brief sm4 ctr encrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] nonce_counter counter + \return error code \ref uint32_t +*/ +uint32_t sc_sm4_ctr_encrypt(sc_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t nonce_counter[16]); +/** + \brief sm4 ctr encrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] nonce_counter counter + \return error code \ref uint32_t +*/ +uint32_t sc_sm4_ctr_decrypt(sc_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t nonce_counter[16]); + +#ifdef __cplusplus +extern "C" { +#endif + +#endif /* _SC_SM4_H_ */ diff --git a/lib/sec_library/include/sec_library.h b/lib/sec_library/include/sec_library.h new file mode 100755 index 00000000..1cb043ab --- /dev/null +++ b/lib/sec_library/include/sec_library.h @@ -0,0 +1,15 @@ +/* + * Copyright (C) 2017-2021 Alibaba Group Holding Limited + */ +/****************************************************************************** + * @file sec_library.h + * @brief Header File for sec library + * @version V1.0 + * @date 20. Jul 2021 + * @model sm4 + ******************************************************************************/ + +#ifndef _SL_H_ +#define _SL_H_ + +#endif /* _SL_H_ */ diff --git a/lib/sec_library/include/sha.h b/lib/sec_library/include/sha.h new file mode 100644 index 00000000..75472f12 --- /dev/null +++ b/lib/sec_library/include/sha.h @@ -0,0 +1,160 @@ +/* + * Copyright (C) 2017-2021 Alibaba Group Holding Limited + */ + +/****************************************************************************** + * @file drv/sha.h + * @brief Header File for SHA Driver + * @version V1.0 + * @date 9. Oct 2020 + * @model sha + ******************************************************************************/ + +#ifndef _DRV_SHA_H_ +#define _DRV_SHA_H_ + +#include <drv/common.h> +#include <drv/dma.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/****** SHA mode ******/ +typedef enum { + SHA_MODE_1 = 1U, ///< SHA_1 mode + SHA_MODE_256, ///< SHA_256 mode + SHA_MODE_224, ///< SHA_224 mode + SHA_MODE_512, ///< SHA_512 mode + SHA_MODE_384, ///< SHA_384 mode + SHA_MODE_512_256, ///< SHA_512_256 mode + SHA_MODE_512_224 ///< SHA_512_224 mode +} csi_sha_mode_t; + +/****** SHA State ******/ +typedef struct { + uint32_t busy : 1; ///< Calculate busy flag + uint32_t error : 1; ///< Calculate error flag +} csi_sha_state_t; + +typedef struct { + csi_sha_mode_t mode; ///< SHA mode + uint32_t total[2]; ///< Number of bytes processed + uint32_t state[16]; ///< Intermediate digest state + uint8_t buffer[128]; ///< Data block being processed +} csi_sha_context_t; + +/****** SHA Event ******/ +typedef enum { + SHA_EVENT_COMPLETE = 0U, ///< Calculate completed + SHA_EVENT_ERROR ///< Calculate error +} csi_sha_event_t; + +typedef struct csi_sha csi_sha_t; + +struct csi_sha { + csi_dev_t dev; ///< SHA hw-device info + void (*callback)(csi_sha_t *sha, csi_sha_event_t event, void *arg); ///< SHA event callback for user + void *arg; ///< SHA custom designed param passed to evt_cb + csi_dma_ch_t *dma_in; ///< SHA in dma handle param + csi_sha_state_t state; ///< SHA state + void *priv; +}; + +/** + \brief Initialize SHA Interface. Initializes the resources needed for the SHA interface + \param[in] sha Operate handle + \param[in] idx Index of SHA + \return Error code \ref csi_error_t +*/ +csi_error_t csi_sha_init(csi_sha_t *sha, uint32_t idx); + +/** + \brief De-initialize SHA Interface. Stops operation and releases the software resources used by the interface + \param[in] sha SHA handle to operate + \return None +*/ +void csi_sha_uninit(csi_sha_t *sha); + +/** + \brief Attach the callback handler to SHA + \param[in] sha Handle to operate + \param[in] callback Callback function + \param[in] arg Callback's param + \return Error code \ref csi_error_t +*/ +csi_error_t csi_sha_attach_callback(csi_sha_t *sha, void *callback, void *arg); + +/** + \brief Detach the callback handler + \param[in] sha Handle to operate + \return None +*/ +void csi_sha_detach_callback(csi_sha_t *sha); + +/** + \brief Start the engine + \param[in] sha Handle to operate + \param[in] context Pointer to the SHA context \ref csi_sha_context_t + \param[in] mode SHA mode \ref csi_sha_mode_t + \return Error code \ref csi_error_t +*/ +csi_error_t csi_sha_start(csi_sha_t *sha, csi_sha_context_t *context, csi_sha_mode_t mode); + +/** + \brief Update the engine + \param[in] sha Handle to operate + \param[in] context Pointer to the SHA context \ref csi_sha_context_t + \param[in] input Pointer to the Source data + \param[in] size The data size + \return Error code \ref csi_error_t +*/ +csi_error_t csi_sha_update(csi_sha_t *sha, csi_sha_context_t *context, const void *input, uint32_t size); + +/** + \brief Accumulate the engine (async mode) + \param[in] sha Handle to operate + \param[in] context Pointer to the SHA context \ref csi_sha_context_t + \param[in] input Pointer to the Source data + \param[in] size The data size + \return Error code \ref csi_error_t +*/ +csi_error_t csi_sha_update_async(csi_sha_t *sha, csi_sha_context_t *context, const void *input, uint32_t size); + +/** + \brief Finish the engine + \param[in] sha Handle to operate + \param[in] context Pointer to the SHA context \ref csi_sha_context_t + \param[out] output Pointer to the result data + \param[out] out_size Pointer to the result data size(bytes) + \return Error code \ref csi_error_t +*/ +csi_error_t csi_sha_finish(csi_sha_t *sha, csi_sha_context_t *context, void *output, uint32_t *out_size); + +/** + \brief Get SHA state + \param[in] sha Handle to operate + \param[out] state SHA state \ref csi_sha_state_t + \return Error code \ref csi_error_t +*/ +csi_error_t csi_sha_get_state(csi_sha_t *sha, csi_sha_state_t *state); + +/** + \brief Enable SHA power manage + \param[in] sha Handle to operate + \return Error code \ref csi_error_t +*/ +csi_error_t csi_sha_enable_pm(csi_sha_t *sha); + +/** + \brief Disable SHA power manage + \param[in] sha Handle to operate + \return None +*/ +void csi_sha_disable_pm(csi_sha_t *sha); + +#ifdef __cplusplus +} +#endif + +#endif /* _DRV_SHA_H_ */ diff --git a/lib/sec_library/include/sm2.h b/lib/sec_library/include/sm2.h new file mode 100644 index 00000000..24b299db --- /dev/null +++ b/lib/sec_library/include/sm2.h @@ -0,0 +1,258 @@ +/* + * Copyright (C) 2017-2021 Alibaba Group Holding Limited + */ + +/****************************************************************************** + * @file drv/sm2.h + * @brief Header File for SM2 Driver + * @version V2.0 + * @date 9. DEC 2020 + * @model SM2 + ******************************************************************************/ + +#ifndef _DRV_SM2_H_ +#define _DRV_SM2_H_ + +#include <stdint.h> +#include <drv/common.h> + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct { + uint32_t sm2_curve : 1; ///< supports 256bits curve +} sm2_capabilities_t; + +/** +\brief SM2 ciphertext order +*/ +typedef enum { + SM2_C1C3C2 = 0, + SM2_C1C2C3, +} sm2_cipher_order_e; + +typedef enum { + SM2_ENDIAN_LITTLE = 0, ///< Little Endian + SM2_ENDIAN_BIG ///< Big Endian +} sm2_endian_mode_e; + +/** +\brief SM2 status +*/ +typedef struct { + uint32_t busy : 1; ///< Calculate busy flag +} csi_sm2_state_t; + +/** +\brief SM2 key exchange role +*/ +typedef enum { SM2_Role_Sponsor = 0, SM2_Role_Responsor } sm2_exchange_role_e; + +/****** SM2 Event *****/ +typedef enum { + SM2_EVENT_MAKE_KEY_COMPLETE = 0, ///< Make key completed + SM2_EVENT_ENCRYPT_COMPLETE, ///< Encrypt completed + SM2_EVENT_DECRYPT_COMPLETE, ///< Decrypt completed + SM2_EVENT_SIGN_COMPLETE, ///< Sign completed + SM2_EVENT_VERIFY_COMPLETE, ///< Verify completed + SM2_EVENT_EXCHANGE_KEY_COMPLETE, ///< Exchange key completed +} sm2_event_e; + +typedef struct { + csi_dev_t dev; + void * cb; + void * arg; + csi_sm2_state_t state; + void * prim; +} csi_sm2_t; + +///< Pointer to \ref csi_sm2_callback_t : SM2 Event call back. +typedef void (*csi_sm2_callback_t)(sm2_event_e event); + +/** + \brief Initialize SM2. + \param[in] sm2 sm2 handle to operate. + \param[in] idx device id + \return \ref uint32_t +*/ +csi_error_t csi_sm2_init(csi_sm2_t *sm2, uint32_t idx); + +/** + \brief De-initialize SM2 Interface. stops operation and releases the software resources used by the interface + \param[in] sm2 sm2 handle to operate. + \return none +*/ +void csi_sm2_uninit(csi_sm2_t *sm2); + +/** + \brief sm2 get capability. + \param[in] sm2 Operate handle. + \return \ref uint32_t +*/ +csi_error_t csi_sm2_config(csi_sm2_t *sm2, sm2_cipher_order_e co, + sm2_endian_mode_e endian); + +/** + \brief Attach the callback handler to SM2 + \param[in] sm2 Operate handle. + \param[in] cb Callback function + \param[in] arg User can define it by himself as callback's param + \return Error code \ref csi_error_t +*/ +csi_error_t csi_sm2_attach_callback(csi_sm2_t *sm2, csi_sm2_callback_t cb, + void *arg); + +/** + \brief Detach the callback handler + \param[in] sm2 Operate handle. +*/ +void csi_sm2_detach_callback(csi_sm2_t *sm2); + +/** + \brief sm2 get capability. + \param[in] sm2 Operate handle. + \param[out] cap Pointer of sm2_capabilities_t. + \return \ref uint32_t +*/ +csi_error_t csi_sm2_get_capabilities(csi_sm2_t *sm2, sm2_capabilities_t *cap); + +csi_error_t csi_sm2_check_keypair(csi_sm2_t *sm2, uint8_t pubkey[65], + uint8_t prikey[32]); + +/** + \brief generate sm2 key. + \param[in] sm2 sm2 handle to operate. + \param[out] private Pointer to the sm2 private key, alloc by caller. + \param[out] public Pointer to the sm2 public key, alloc by caller. + \return \ref uint32_t +*/ +csi_error_t csi_sm2_gen_key(csi_sm2_t *sm2, uint8_t pubkey[65], + uint8_t prikey[32]); + +/** + \brief sm2 sign + \param[in] sm2 sm2 handle to operate. + \param[in] d Pointer to the digest. + \param[out] privkey Pointer to the private key + \param[out] s Pointer to the signature + \return \ref uint32_t +*/ +csi_error_t csi_sm2_sign(csi_sm2_t *sm2, uint8_t d[32], uint8_t prikey[32], + uint8_t s[64]); + +/** + \brief sm2 sign + \param[in] sm2 sm2 handle to operate. + \param[in] d Pointer to the digest. + \param[out] privkey Pointer to the private key + \param[out] s Pointer to the signature + \return \ref uint32_t +*/ +csi_error_t csi_sm2_sign_async(csi_sm2_t *sm2, uint8_t d[32], + uint8_t prikey[32], uint8_t s[64]); + +/* TODO */ +/** + \brief sm2 verify + \param[in] sm2 sm2 handle to operate. + \param[in] d Pointer to the digest. + \param[out] privkey Pointer to the private key + \param[out] s Pointer to the signature + \return verify result +*/ +bool csi_sm2_verify(csi_sm2_t *sm2, uint8_t d[32], uint8_t pubkey[65], + uint8_t s[64]); + +/** + \brief sm2 verify + \param[in] sm2 sm2 handle to operate. + \param[in] d Pointer to the digest. + \param[out] privkey Pointer to the private key + \param[out] s Pointer to the signature + \return verify result +*/ +bool csi_sm2_verify_async(csi_sm2_t *sm2, uint8_t d[32], uint8_t pubkey[65], + uint8_t s[64]); + +/** + \brief sm2 encrypto + \param[in] sm2 sm2 handle to operate. + \param[in] Plain Pointer to the plaintext. + \param[in] PlainByteLen plaintext len + \param[in] pubKey public key. + \param[out] Cipher Pointer to the chipher + \param[out] CipherByteLen Pointer to the chipher len. + \return uint32_t +*/ +csi_error_t csi_sm2_encrypt(csi_sm2_t *sm2, uint8_t *Plain, + uint32_t PlainByteLen, uint8_t pubKey[65], + uint8_t *Cipher, uint32_t *CipherByteLen); + +/** + \brief sm2 encrypto + \param[in] sm2 sm2 handle to operate. + \param[in] Cipher Pointer to the chipher + \param[in] CipherByteLen chipher len. + \param[in] prikey private key. + \param[out] Plain Pointer to the plaintext. + \param[out] PlainByteLen plaintext len + \return uint32_t +*/ +csi_error_t csi_sm2_decrypt(csi_sm2_t *sm2, uint8_t *Cipher, + uint32_t CipherByteLen, uint8_t prikey[32], + uint8_t *Plain, uint32_t *PlainByteLen); + +/** + \brief sm2 key exchange + \param[in] sm2 sm2 handle to operate. + \return uint32_t +*/ +csi_error_t csi_sm2_exchangekey(csi_sm2_t *sm2, sm2_exchange_role_e role, + uint8_t *dA, uint8_t *PB, uint8_t *rA, + uint8_t *RA, uint8_t *RB, uint8_t *ZA, + uint8_t *ZB, uint32_t kByteLen, uint8_t *KA, + uint8_t *S1, uint8_t *SA); + +/** + \brief sm2 key exchange get Z. + \param[in] sm2 sm2 handle to operate. + \return uint32_t +*/ +csi_error_t csi_sm2_getZ(csi_sm2_t *sm2, uint8_t *ID, uint32_t byteLenofID, + uint8_t pubKey[65], uint8_t Z[32]); + +/** + \brief sm2 key exchange get E + \param[in] sm2 sm2 handle to operate. + \return uint32_t +*/ +csi_error_t csi_sm2_getE(csi_sm2_t *sm2, uint8_t *M, uint32_t byteLen, + uint8_t Z[32], uint8_t E[32]); + +/** + \brief Get SM2 state. + \param[in] sm2 SM2 handle to operate. + \param[out] state SM2 state \ref csi_sm2_state_t. + \return Error code \ref csi_error_t +*/ +csi_error_t csi_sm2_get_state(csi_sm2_t *sm2, csi_sm2_state_t *state); + +/** + \brief Enable sm2 power manage + \param[in] sm2 SM2 handle to operate. + \return Error code \ref csi_error_t +*/ +csi_error_t csi_sm2_enable_pm(csi_sm2_t *sm2); + +/** + \brief Disable sm2 power manage + \param[in] sm2 SM2 handle to operate. +*/ +void csi_sm2_disable_pm(csi_sm2_t *sm2); + +#ifdef __cplusplus +extern "C" { +#endif + +#endif diff --git a/lib/sec_library/include/sm3.h b/lib/sec_library/include/sm3.h new file mode 100644 index 00000000..9d5fc2c3 --- /dev/null +++ b/lib/sec_library/include/sm3.h @@ -0,0 +1,155 @@ +/* + * Copyright (C) 2017-2021 Alibaba Group Holding Limited + */ + +/****************************************************************************** + * @file drv/sm3.h + * @brief Header File for SM3 Driver + * @version V2.0 + * @date 9. DEC 2020 + * @model SM3 + ******************************************************************************/ + +#ifndef _DRV_SM3_H_ +#define _DRV_SM3_H_ + +#include <stdint.h> +#include <drv/common.h> +#include <drv/dma.h> + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct { + uint32_t total[2]; ///< Number of bytes processed + uint32_t state[16]; ///< Intermediate digest state + uint8_t buffer[64]; ///< Data block beingprocessed +} csi_sm3_context_t; + +/****** SM3 State ******/ +typedef struct { + uint32_t busy : 1; ///< Calculate busy flag + uint32_t error : 1; ///< Calculate error flag +} csi_sm3_state_t; + + +/****** SM3 Event ******/ +typedef enum { + SM3_EVENT_COMPLETE = 0U, ///< Calculate completed + SM3_EVENT_ERROR ///< Calculate error +} csi_sm3_event_t; + +typedef struct csi_sm3_t csi_sm3_t; + +struct csi_sm3_t { + csi_dev_t dev; ///< SM3 hw-device info + void (*callback)(csi_sm3_t *sm3, csi_sm3_event_t event, + void *arg); ///< SM3 event callback for user + void * arg; ///< SM3 custom designed param passed to evt_cb + csi_dma_ch_t * dma_in; ///< SM3 in dma handle param + csi_sm3_state_t state; ///< SM3 state + void * priv; +}; + +// Function documentation + +/** + \brief Initialize SM3 Interface. Initializes the resources needed for the SM3 interface + \param[in] sm3 operate handle. + \param[in] idx index of sm3 + \return error code \ref uint32_t +*/ +csi_error_t csi_sm3_init(csi_sm3_t *sm3, uint32_t idx); + +/** + \brief De-initialize SM3 Interface. stops operation and releases the software resources used by the interface + \param[in] sm3 sm3 handle to operate. + \return none +*/ +void csi_sm3_uninit(csi_sm3_t *sm3); + +/** + \brief Attach the callback handler to SM3 + \param[in] sm3 Handle to operate + \param[in] callback Callback function + \param[in] arg Callback's param + \return Error code \ref csi_error_t +*/ +csi_error_t csi_sm3_attach_callback(csi_sm3_t *sm3, void *callback, void *arg); + +/** + \brief Detach the callback handler + \param[in] sm3 Handle to operate + \return None +*/ +void csi_sm3_detach_callback(csi_sm3_t *sm3); + +/** + \brief start the engine + \param[in] sm3 sm3 handle to .operate + \param[in] context Pointer to the sm3 context \ref csi_sm3_context_t + \return error code \ref uint32_t +*/ +csi_error_t csi_sm3_start(csi_sm3_t *sm3, csi_sm3_context_t *context); + +/** + \brief update the engine + \param[in] sm3 sm3 handle to operate. + \param[in] context Pointer to the sm3 context \ref csi_sm3_context_t + \param[in] input Pointer to the Source data + \param[in] size the data size + \return error code \ref uint32_t +*/ +csi_error_t csi_sm3_update(csi_sm3_t *sm3, csi_sm3_context_t *context, + const uint8_t *input, uint32_t size); + +/** + \brief Accumulate the engine (async mode) + \param[in] sm3 Handle to operate + \param[in] context Pointer to the SM3 context \ref csi_sm3_context_t + \param[in] input Pointer to the Source data + \param[in] size The data size + \return Error code \ref csi_error_t +*/ +csi_error_t csi_sm3_update_async(csi_sm3_t *sm3, csi_sm3_context_t *context, + const uint8_t *input, uint32_t size); + +/** + \brief finish the engine + \param[in] sm3 sm3 handle to operate. + \param[in] context Pointer to the sm3 context \ref csi_sm3_context_t + \param[out] output Pointer to the result data + \param[out] out_size Pointer to the result data size(bytes) + \return error code \ref uint32_t +*/ +csi_error_t csi_sm3_finish(csi_sm3_t *sm3, csi_sm3_context_t *context, + uint8_t *output, uint32_t *out_size); + +/** + \brief Get SM3 state + \param[in] sm3 Handle to operate + \param[out] state SM3 state \ref csi_sm3_state_t + \return Error code \ref csi_error_t +*/ +csi_error_t csi_sm3_get_state(csi_sm3_t *sm3, csi_sm3_state_t *state); + +/** + \brief Enable SM3 power manage + \param[in] sm3 Handle to operate + \return Error code \ref csi_error_t +*/ +csi_error_t csi_sm3_enable_pm(csi_sm3_t *sm3); + +/** + \brief Disable SM3 power manage + \param[in] sm3 Handle to operate + \return None +*/ +void csi_sm3_disable_pm(csi_sm3_t *sm3); + +#ifdef __cplusplus +extern "C" { +#endif + +#endif //_DRV_SM3_H diff --git a/lib/sec_library/include/sm4.h b/lib/sec_library/include/sm4.h new file mode 100644 index 00000000..3e4f59f1 --- /dev/null +++ b/lib/sec_library/include/sm4.h @@ -0,0 +1,249 @@ +/* + * Copyright (C) 2017-2021 Alibaba Group Holding Limited + */ + +/****************************************************************************** + * @file drv/sm4.h + * @brief Header File for SM4 Driver + * @version V2.0 + * @date 9. DEC 2020 + * @model SM4 + ******************************************************************************/ + +#ifndef _DRV_SM4_H_ +#define _DRV_SM4_H_ + +#include <stdint.h> +#include <drv/common.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/** +\brief SM4 Ctrl Block +*/ +typedef struct { + csi_dev_t dev; + void * priv; +} csi_sm4_t; + +// Function documentation +/** + \brief Initialize sm4 Interface. Initializes the resources needed for the sm4 interface + \param[in] sm4 operate handle + \param[in] idx device id + \return error code \ref uint32_t +*/ +csi_error_t csi_sm4_init(csi_sm4_t *sm4, uint32_t idx); + +/** + \brief De-initialize sm4 Interface. stops operation and releases the software resources used by the interface + \param[in] sm4 handle to operate + \return None +*/ +void csi_sm4_uninit(csi_sm4_t *sm4); + +/** + \brief Set encrypt key + \param[in] sm4 handle to operate + \param[in] key Pointer to the key buf + \return error code \ref uint32_t +*/ +csi_error_t csi_sm4_set_encrypt_key(csi_sm4_t *sm4, uint8_t *key); + +/** + \brief Set decrypt key + \param[in] sm4 handle to operate + \param[in] key Pointer to the key buf + \return error code \ref uint32_t +*/ +csi_error_t csi_sm4_set_decrypt_key(csi_sm4_t *sm4, uint8_t *key); + +/** + \brief sm4 ecb encrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \return error code \ref uint32_t +*/ +csi_error_t csi_sm4_ecb_encrypt(csi_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size); + +/** + \brief sm4 ecb decrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \return error code \ref uint32_t +*/ +csi_error_t csi_sm4_ecb_decrypt(csi_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size); + +/** + \brief sm4 cbc encrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \return error code \ref uint32_t +*/ +csi_error_t csi_sm4_cbc_encrypt(csi_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t *iv); + +/** + \brief sm4 cbc decrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \return error code \ref uint32_t +*/ +csi_error_t csi_sm4_cbc_decrypt(csi_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t *iv); + +/** + \brief sm4 cfb1 encrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \return error code \ref uint32_t +*/ +csi_error_t csi_sm4_cfb1_encrypt(csi_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t *iv); + +/** + \brief sm4 cfb1 decrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \return error code \ref uint32_t +*/ +csi_error_t csi_sm4_cfb1_decrypt(csi_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t *iv); + +/** + \brief sm4 cfb8 encrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \return error code \ref uint32_t +*/ +csi_error_t csi_sm4_cfb8_encrypt(csi_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t *iv); + +/** + \brief sm4 cfb8 decrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \return error code \ref uint32_t +*/ +csi_error_t csi_sm4_cfb8_decrypt(csi_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t *iv); + +/** + \brief sm4 cfb128 decrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \param[out] num the number of the 128-bit block we have used + \return error code \ref uint32_t +*/ +csi_error_t csi_sm4_cfb128_decrypt(csi_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t *iv, uint32_t *num); + +/** + \brief sm4 cfb128 encrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \param[out] num the number of the 128-bit block we have used + \return error code \ref uint32_t +*/ +csi_error_t csi_sm4_cfb128_encrypt(csi_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t *iv, uint32_t *num); +/** + \brief sm4 ofb encrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \param[out] num the number of the 128-bit block we have used + \return error code \ref uint32_t +*/ +csi_error_t csi_sm4_ofb_encrypt(csi_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t *iv, uint32_t *num); + +/** + \brief sm4 ofb encrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] iv init vector + \param[out] num the number of the 128-bit block we have used + \return error code \ref uint32_t +*/ +csi_error_t csi_sm4_ofb_decrypt(csi_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t *iv, uint32_t *num); + +/** + \brief sm4 ctr encrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] nonce_counter counter + \return error code \ref uint32_t +*/ +csi_error_t csi_sm4_ctr_encrypt(csi_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t nonce_counter[16]); +/** + \brief sm4 ctr encrypt + \param[in] sm4 handle to operate + \param[in] in Pointer to the Source data + \param[out] out Pointer to the Result data + \param[in] size the Source data size + \param[in] nonce_counter counter + \return error code \ref uint32_t +*/ +csi_error_t csi_sm4_ctr_decrypt(csi_sm4_t *sm4, uint8_t *in, uint8_t *out, + uint32_t size, uint8_t nonce_counter[16]); + +/** + \brief Enable SM4 power manage + \param[in] sm4 Handle to operate + \return Error code \ref csi_error_t +*/ +csi_error_t csi_sm4_enable_pm(csi_sm4_t *sm4); + +/** + \brief Disable SM4 power manage + \param[in] sm4 Handle to operate + \return None +*/ +void csi_sm4_disable_pm(csi_sm4_t *sm4); + +#ifdef __cplusplus +extern "C" { +#endif + +#endif // _DRV_SM4_H_ diff --git a/lib/sec_library/libsec_library.a b/lib/sec_library/libsec_library.a Binary files differnew file mode 100644 index 00000000..fecfbb91 --- /dev/null +++ b/lib/sec_library/libsec_library.a |