3585 lines
146 KiB
C
3585 lines
146 KiB
C
/**
|
|
* @file module_driver_hsm.h
|
|
* @author flagchip
|
|
* @brief HSM driver type definition and API
|
|
* @version 2.0.0
|
|
* @date 2024-08-20
|
|
*
|
|
* SDK Version: 2.6.0
|
|
*
|
|
|
|
* @copyright Copyright (c) 2024 Flagchip Semiconductors Co., Ltd.
|
|
*
|
|
*/
|
|
/* ********************************************************************************
|
|
* Revision History:
|
|
*
|
|
* Version Date Initials CR# Descriptions
|
|
* --------- ---------- ------------ ---------- ---------------
|
|
* 0.1.0 2023-12-15 Flagchip051 N/A First version for FC7300
|
|
* 2.0.0 2024-10-12 Flagchip071 N/A Change version and release
|
|
******************************************************************************** */
|
|
#ifndef _DRIVER_MODULE_DRIVER_HSM_H_
|
|
#define _DRIVER_MODULE_DRIVER_HSM_H_
|
|
|
|
#ifdef CRYPTO_HSM_MCAL
|
|
#include "Mcal.h"
|
|
#else
|
|
#include "device_header.h"
|
|
#endif
|
|
|
|
#if defined(__cplusplus)
|
|
extern "C"
|
|
{
|
|
#endif
|
|
|
|
#ifdef CRYPTO_HSM_MCAL
|
|
typedef uint32 hsm_uint32_t;
|
|
typedef uint16 hsm_uint16_t;
|
|
typedef uint8 hsm_uint8_t;
|
|
typedef sint32 hsm_int32_t;
|
|
typedef sint8 hsm_int8_t;
|
|
#else
|
|
typedef uint32_t hsm_uint32_t;
|
|
typedef uint16_t hsm_uint16_t;
|
|
typedef uint8_t hsm_uint8_t;
|
|
typedef int32_t hsm_int32_t;
|
|
typedef int8_t hsm_int8_t;
|
|
#endif
|
|
|
|
#define TYPE_CONVERT(from_type, to_type, data) ((to_type)(data))
|
|
|
|
/**
|
|
* @addtogroup fc7xxx_driver_hsm
|
|
* @{
|
|
*/
|
|
/**
|
|
* @name definitions for HSM_BoolType
|
|
*
|
|
*/
|
|
/**@{*/
|
|
/**
|
|
* @brief Boolean false value definition for type HSM_BoolType used by HSM
|
|
*
|
|
*/
|
|
#define HSM_FALSE (0u)
|
|
|
|
/**
|
|
* @brief Boolean true value definition for type HSM_BoolType used by HSM
|
|
*
|
|
*/
|
|
#define HSM_TRUE (1u)
|
|
|
|
/**
|
|
* @brief Boolean type for HSM
|
|
*
|
|
*/
|
|
typedef hsm_uint32_t HSM_BoolType;
|
|
/**@}*/
|
|
|
|
#define HSM_KEY_LOCATION_NVR_RAM (0x1u)
|
|
#define HSM_KEY_LOCATION_NVR_FLASH (0x0u)
|
|
#define HSM_KEY_ID(id, location) \
|
|
(((((hsm_uint32_t)(id)) << 8u)) | (((hsm_uint32_t)(location)) & 0x1u))
|
|
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief the true random count return by the API
|
|
*
|
|
*/
|
|
#define HSM_TRNG_RAND_U32_CNT 16
|
|
|
|
/**
|
|
* @brief Status returned by HSM SDK CM7 side APIs
|
|
*
|
|
*/
|
|
typedef enum
|
|
{
|
|
HSM_STATUS_SUCCESS = 0U, /*!< return this when HSM API execute successfully */
|
|
HSM_STATUS_BUSY, /*!< return this when hsm driver or the hardware is busy now */
|
|
HSM_STATUS_PARAM_ERR, /*!< return this when parameter error */
|
|
HSM_STATUS_ERROR, /*!< return this when some error happen in HSM API */
|
|
HSM_STATUS_ECC_ERROR, /*!< return this when flash ecc error */
|
|
HSM_STATUS_IDLE, /*!< return this when driver has nothing to do */
|
|
HSM_STATUS_ERROR_STOP, /*!< return this when the continous operation in poll API or ISR is
|
|
stopped due to some error happen */
|
|
HSM_STATUS_FINISH, /*!< return this only when FC4150F512 CMAC/XMAC push data into hardware finish */
|
|
HSM_STATUS_PASS, /*!< return this when ecc/sm2 verify pass, or check pass in CMAC/XMAC/CCM/GCM
|
|
which icv check enabled */
|
|
HSM_STATUS_FAIL, /*!< return this when ecc/sm2 verify fail, or check fail in CMAC/XMAC/CCM/GCM
|
|
which icv check enabled, or get random data fail */
|
|
HSM_STATUS_AGAIN, /*!< return this when the HSM API need call again */
|
|
HSM_STATUS_LOGIC_ERR, /*!< return this when HSM API called in wrong logic */
|
|
HSM_STATUS_HW_ERR, /*!< return this when the HSM hardware error happen */
|
|
HSM_STATUS_HW_IDLE, /*!< return this when the HSM hardware has nothing to do */
|
|
HSM_STATUS_ALREADY_FINISHED, /*!< return this only when FC4150F512 CMAC/XMAC has pushed all data
|
|
into the hardware */
|
|
HSM_STATUS_SEND_FAIL, /*!< return this when send the command to HSM core fail */
|
|
HSM_STATUS_BUFFER_SIZE_ERR, /*!< return this when the result buffer size not enough */
|
|
HSM_STATUS_TIMEOUT_ERR,
|
|
HSM_STATUS_NOT_EXIST,
|
|
HSM_STATUS_EXIST,
|
|
HSM_STATUS_ZOMBIE,
|
|
HSM_STATUS_SPACE_FULL
|
|
} HSM_StatusType;
|
|
|
|
/**
|
|
* @name definitions for HSM_MailboxApiRetType
|
|
*
|
|
*/
|
|
/**@{*/
|
|
/**
|
|
* @brief success status (HSM_MailboxApiRetType) returned by HSM subsystem APIs
|
|
*
|
|
*/
|
|
#define MAILBOXAPI_RET_SUCCESS (0u)
|
|
|
|
/**
|
|
* @brief error status (HSM_MailboxApiRetType) returned by HSM subsystem APIs
|
|
*
|
|
*/
|
|
#define MAILBOXAPI_RET_ERROR (1u)
|
|
|
|
/**
|
|
* @brief failure status (HSM_MailboxApiRetType) returned by HSM subsystem APIs
|
|
*
|
|
*/
|
|
#define MAILBOXAPI_RET_FAIL (2u)
|
|
|
|
/**
|
|
* @brief verify pass status (HSM_MailboxApiRetType) returned by HSM subsystem APIs
|
|
*
|
|
*/
|
|
#define MAILBOXAPI_RET_PASS (3u)
|
|
|
|
/**
|
|
* @brief function not support status (HSM_MailboxApiRetType) returned by HSM subsystem APIs
|
|
*
|
|
*/
|
|
#define MAILBOXAPI_RET_NOT_SUPPORT (4u)
|
|
|
|
/**
|
|
* @brief hardware error status (HSM_MailboxApiRetType) returned by HSM subsystem APIs
|
|
*
|
|
*/
|
|
#define MAILBOXAPI_RET_HW_ERROR (5u)
|
|
|
|
/**
|
|
* @brief have no permission status (HSM_MailboxApiRetType) returned by HSM subsystem APIs
|
|
*
|
|
*/
|
|
#define MAILBOXAPI_RET_NO_PRIVILEGES (6u)
|
|
|
|
/**
|
|
* @brief parameters error status (HSM_MailboxApiRetType) returned by HSM subsystem APIs
|
|
*
|
|
*/
|
|
#define MAILBOXAPI_RET_PARAMETER_ERROR (7u)
|
|
|
|
/**
|
|
* @brief authority error status (HSM_MailboxApiRetType) returned by HSM subsystem APIs
|
|
*
|
|
*/
|
|
#define MAILBOXAPI_RET_AUTHORITY_ERROR (8u)
|
|
|
|
/**
|
|
* @brief hardware busy status (HSM_MailboxApiRetType) returned by HSM subsystem APIs
|
|
*
|
|
*/
|
|
#define MAILBOXAPI_RET_BUSY (9u)
|
|
|
|
/**
|
|
* @brief flash ecc error status (HSM_MailboxApiRetType) returned by HSM subsystem APIs
|
|
*
|
|
*/
|
|
#define MAILBOXAPI_RET_ECC_ERR (10u)
|
|
|
|
/**
|
|
* @brief time expire error status (HSM_MailboxApiRetType) returned by HSM subsystem APIs
|
|
*
|
|
*/
|
|
#define MAILBOXAPI_RET_TIMEOUT (11u)
|
|
|
|
#define MAILBOXAPI_RET_NONE (0xFFFFFFFFu)
|
|
/**
|
|
* @brief status type definition returned by HSM subsystem APIs
|
|
*
|
|
*/
|
|
typedef hsm_uint32_t HSM_MailboxApiRetType;
|
|
/**@}*/
|
|
|
|
/**
|
|
* @name Type definition for HSM Isr/Poll mode
|
|
*
|
|
*/
|
|
/**@{*/
|
|
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief the true random count return by the API
|
|
*
|
|
*/
|
|
#define HSM_TRNG_RAND_U32_CNT 16
|
|
|
|
#define HSMCOM_TRNG_SRC_0 0x40cau
|
|
#define HSMCOM_TRNG_SRC_1 0xc51cu
|
|
#define HSMCOM_TRNG_SRC_ANY 0x359bu
|
|
#define HSMCOM_TRNG_SRC_XOR 0x80a5u
|
|
#define HSMCOM_TRNG_SRC_SHIFTXOR 0x648Cu
|
|
|
|
typedef hsm_uint32_t HSM_RndSrcType;
|
|
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief HSM cmd type definition
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
hsm_uint32_t u32Cmd; /*!< current command id to HSM core via mailbox */
|
|
hsm_uint32_t u32Addr; /*!< current parameter address to HSM core via mailbox */
|
|
} HSM_CmdType;
|
|
|
|
/**
|
|
* @brief the true random information passed to HSM core by mailbox
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t (
|
|
*aRandom)[HSM_TRNG_RAND_U32_CNT]; /*!< address is 4bytes aligned, the buffer address, HSM
|
|
core will write random data to this buffer */
|
|
} HSMCom_TrueRandType;
|
|
|
|
/**
|
|
* @brief the true random extend information passed to HSM core by mailbox
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t (
|
|
*aRandom)[HSM_TRNG_RAND_U32_CNT]; /*!< address is 4bytes aligned, the buffer address, HSM
|
|
core will write random data to this buffer */
|
|
HSM_RndSrcType u32RandSrc; /*!< which random source will be selected */
|
|
} HSMCom_TrueRandExType;
|
|
|
|
#define HSMCOM_FASTTRNG_SRC_NORMAL 0x0u
|
|
#define HSMCOM_FASTTRNG_SRC_XOR 0x1u
|
|
|
|
typedef hsm_uint32_t HSM_FastTrngSrcType;
|
|
|
|
typedef struct
|
|
{
|
|
uint32_t entropy_delay;
|
|
uint32_t samp_size;
|
|
uint32_t freq_min;
|
|
uint32_t freq_max;
|
|
uint32_t lrun_max;
|
|
uint32_t retry_max;
|
|
uint32_t mono_max;
|
|
uint32_t mono_range;
|
|
uint32_t run_range;
|
|
uint32_t run_max;
|
|
uint32_t poker_range;
|
|
|
|
uint32_t u32RngCtrlBitsOr;
|
|
} HSM_TrngInitCfgType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
uint32_t u32Timeout; /*!< current command timeout tick count, tick refer to the HSM bus clock */
|
|
uint32_t (*aRandom)[HSM_TRNG_RAND_U32_CNT]; /*!< the buffer address, HSM core will write random
|
|
data to this buffer */
|
|
uint32_t u32CtrlBit;
|
|
HSM_TrngInitCfgType tTrngCfg;
|
|
} HSMCom_FastTrueRandType;
|
|
/* ------------------------------------------------------------------------------- */
|
|
|
|
/**
|
|
* @name Type definition for HSM Isr/Poll mode
|
|
*
|
|
*/
|
|
/**@{*/
|
|
|
|
/**
|
|
* @brief Poll mode value for type "HSM_TriggerSrcType"
|
|
*
|
|
* HSM driver can work in two mode:Isr mode and poll mode.
|
|
* In poll mode, Hsm interrupt is disabled, if the algorithm need more than one step in driver,
|
|
* driver API user should call the API to trigger the internal state machine go to next state.
|
|
* If don't need trigger the process any more, user should call the specific API to get the result
|
|
* state more than one time until driver API return it actually.
|
|
*/
|
|
#define HSM_TRIGGER_SRC_USER_POLL (0U)
|
|
|
|
/**
|
|
* @brief Isr mode value for type "HSM_TriggerSrcType"
|
|
*
|
|
* HSM driver can work in two mode:Isr mode and poll mode.
|
|
* In Isr mode, Hsm interrupt is enabled, driver API user only call the specific API to start the
|
|
* process. If the algorithm need more than one step in driver, the isr will trigger the next
|
|
* process step in driver internal. After all steps finished, and the result will be passed to the
|
|
* callback registered in the init API called by driver user.
|
|
*/
|
|
#define HSM_TRIGGER_SRC_ISR (1U)
|
|
|
|
/**
|
|
* @brief type definition for hsm state machine trigger source used by cortex side hsm driver
|
|
*
|
|
* HSM driver can work in two mode:Isr mode and poll mode.
|
|
* Isr mode's detail can refer to HSM_TRIGGER_SRC_ISR.
|
|
* Poll mode's detail can refer to HSM_TRIGGER_SRC_USER_POLL
|
|
*/
|
|
typedef hsm_uint32_t HSM_TriggerSrcType;
|
|
/**
|
|
* @brief HSM 4bytes unit data format for HSM_DataFormatType
|
|
* for example, if data is 0x000102030405060708090a0b0c0d0e0f, use this format, should be divided as
|
|
* following. 0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f
|
|
*/
|
|
#define HSM_DATA_FORMAT_4B 0u
|
|
|
|
/**
|
|
* @brief HSM 1byte unit data format for HSM_DataFormatType
|
|
* for example, if data is 0x000102030405060708090a0b0c0d0e0f, use this format, should be divided as
|
|
* following. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
|
|
* 0x0e, 0x0f
|
|
*/
|
|
#define HSM_DATA_FORMAT_1B 1u
|
|
|
|
/**
|
|
* @brief HSM 1byte unit data format for HSM_DataFormatType
|
|
* for example, if data is 0x000102030405060708090a0b0c0d0e0f, the buffer size is 18bytes, use this
|
|
* format, should be divided as following. 0x00(pad), 0x00(pad), 0x00, 0x01, 0x02, 0x03, 0x04, 0x05,
|
|
* 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
|
|
*/
|
|
#define HSM_DATA_FORMAT_1B_PAD_0_LEFT_FIT_BUF 3u
|
|
|
|
/**
|
|
* @brief HSM data format
|
|
* refer to HSM_DATA_FORMAT_4B, HSM_DATA_FORMAT_1B
|
|
*/
|
|
typedef hsm_uint32_t HSM_DataFormatType;
|
|
|
|
/**
|
|
* @name definitions for HSM_ShaAlgType
|
|
*
|
|
*/
|
|
/**@{*/
|
|
/**
|
|
* @brief SHA160 algorithm value for type "HSM_ShaAlgType"
|
|
* @note it's the so-called SHA1
|
|
*/
|
|
#define HSM_SHA_160 (1U)
|
|
|
|
/**
|
|
* @brief SHA224 algorithm value for type "HSM_ShaAlgType"
|
|
* @note it's the so-called SHA2-224
|
|
*/
|
|
#define HSM_SHA_224 (2U)
|
|
|
|
/**
|
|
* @brief SHA256 algorithm value for type "HSM_ShaAlgType"
|
|
* @note it's the so-called SHA2-256
|
|
*/
|
|
#define HSM_SHA_256 (3U)
|
|
|
|
/**
|
|
* @brief SHA384 algorithm value for type "HSM_ShaAlgType"
|
|
* @note it's the so-called SHA2-384
|
|
*/
|
|
#define HSM_SHA_384 (4U)
|
|
|
|
/**
|
|
* @brief SHA512 algorithm value for type "HSM_ShaAlgType"
|
|
* @note it's the so-called SHA2-512
|
|
*/
|
|
#define HSM_SHA_512 (5U)
|
|
|
|
/**
|
|
* @brief SHA512/224 algorithm value for type "HSM_ShaAlgType"
|
|
* @note it's the so-called SHA2-512/224
|
|
*/
|
|
#define HSM_SHA_512_224 (6U)
|
|
|
|
/**
|
|
* @brief SHA512/256 algorithm value for type "HSM_ShaAlgType"
|
|
* @note it's the so-called SHA2-512/256
|
|
*/
|
|
#define HSM_SHA_512_256 (7U)
|
|
|
|
/**
|
|
* @brief type definition for SHA algorithm
|
|
* refer to HSM_SHA_160,HSM_SHA_224,HSM_SHA_256,HSM_SHA_384,HSM_SHA_512,HSM_SHA_512_224,HSM_SHA_512_256
|
|
*/
|
|
typedef hsm_uint32_t HSM_ShaAlgType;
|
|
/**@}*/
|
|
|
|
/**
|
|
* @name definitions for HSM_HfamMacType
|
|
*
|
|
*/
|
|
/**@{*/
|
|
/**
|
|
* @brief SMAC mode value for type "HSM_HfamMacType"
|
|
*
|
|
*/
|
|
#define HSM_HFAM_MAC_SMAC (0U)
|
|
|
|
/**
|
|
* @brief HMAC mode value for type "HSM_HfamMacType"
|
|
*
|
|
*/
|
|
#define HSM_HFAM_MAC_HMAC (1U)
|
|
|
|
/**
|
|
* @brief SM3/MD5/SHA can generate MAC, use this to select the type of MAC
|
|
* SMAC refer to HSM_HFAM_MAC_SMAC
|
|
* HMAC refer to HSM_HFAM_MAC_HMAC
|
|
*/
|
|
typedef hsm_uint32_t HSM_HfamMacType;
|
|
/**@}*/
|
|
|
|
/**
|
|
* @brief SHA/MD5/SM3 context information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_BoolType bGenerateMacEn; /*!< whether generate MAC */
|
|
HSM_HfamMacType eMacType; /*!< if enable generating MAC, this should configure */
|
|
union
|
|
{
|
|
const void *pKeyData; /*!< address is 4bytes aligned, key to generate MAC, if enable
|
|
generating MAC, this should configure */
|
|
hsm_uint32_t u32KeyId;
|
|
} tKeyInfo;
|
|
hsm_uint32_t u32KeyByteCnt; /*!< the byte count of key data */
|
|
hsm_uint32_t u32GenerateMacByteCnt; /*!< the byte count of MAC data output */
|
|
|
|
hsm_uint32_t u32InputDataByteCnt; /*!< the byte count of input data */
|
|
const void *pInputData; /*!< address is 4bytes aligned, point to the input data */
|
|
} HSM_SmsCfgType; /* sms is short for sha/md5/sm3 */
|
|
|
|
/**
|
|
* @brief SHA context information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef HSM_SmsCfgType HSM_ShaCtxType;
|
|
|
|
/**
|
|
* @brief type definition for driver to store information
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
hsm_uint32_t aResult[0x10]; /*!< store the sha result, max size 0x10 is for SHA512 */
|
|
hsm_uint32_t u32ResultU32Cnt; /*!< store the result hsm_uint32_t count, it's set by driver */
|
|
} HSM_ShaResultBufType;
|
|
|
|
/**
|
|
* @brief SHA information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_ShaAlgType eAlg; /*!< select sha algorithm type */
|
|
HSM_ShaCtxType tCfg; /*!< sha algorithm parameter set by user */
|
|
HSM_ShaResultBufType *pResult; /*!< point to the memory that HSM core to write result */
|
|
} HSM_ShaType;
|
|
|
|
/**
|
|
* @brief SHA information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
HSM_ShaType tCfg; /*!< sha algorithm parameter set by user */
|
|
} HSMCom_ShaType;
|
|
|
|
/**
|
|
* @brief SHA extend information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_ShaAlgType eAlg; /*!< select sha algorithm type */
|
|
HSM_ShaCtxType tCfg; /*!< sha algorithm parameter set by user */
|
|
HSM_ShaResultBufType *pResult; /*!< point to the memory that HSM core to write result */
|
|
HSM_DataFormatType eInputFmt;
|
|
HSM_DataFormatType eOutputFmt;
|
|
} HSM_ShaExType;
|
|
|
|
/**
|
|
* @brief SHA extend information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
HSM_ShaExType tCfg; /*!< sha algorithm parameter set by user */
|
|
} HSMCom_ShaExType;
|
|
|
|
/**
|
|
* @brief SHA information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_ShaAlgType eAlg; /*!< select sha algorithm type */
|
|
HSM_ShaCtxType tCfg; /*!< sha algorithm parameter set by user */
|
|
hsm_uint8_t *pResult; /*!< point to the memory that HSM core to write result */
|
|
} HSM_Sha2Type;
|
|
|
|
/**
|
|
* @brief SHA information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
HSM_Sha2Type tCfg; /*!< sha algorithm parameter set by user */
|
|
} HSMCom_Sha2Type;
|
|
|
|
/**
|
|
* @brief Scatter Hash information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_ShaAlgType eAlg; /*!< select sha algorithm type */
|
|
HSM_ShaCtxType tCfg; /*!< sha algorithm parameter set by user */
|
|
hsm_uint32_t (*pResult)[18]; /*!< point to the memory that HSM core to write result */
|
|
} HSM_ScatterHashType;
|
|
|
|
/**
|
|
* @brief Scatter Hash information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
HSM_ScatterHashType tCfg; /*!< sha algorithm parameter set by user */
|
|
} HSMCom_ScatterHashType;
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @name definitions for HSM_DrvEccCurvePrmIndexType
|
|
*
|
|
*/
|
|
/**@{*/
|
|
/**
|
|
* @brief ECC curve NIST SECP224R1 value for type "HSM_DrvEccCurvePrmIndexType"
|
|
*
|
|
*/
|
|
#define HSM_DRV_ECC_CURVE_PRM_IDX_SECP224R1 (4U)
|
|
|
|
/**
|
|
* @brief ECC curve NIST SECP256R1 value for type "HSM_DrvEccCurvePrmIndexType"
|
|
*
|
|
*/
|
|
#define HSM_DRV_ECC_CURVE_PRM_IDX_SECP256R1 (1U)
|
|
|
|
/**
|
|
* @brief ECC curve NIST SECP384R1 value for type "HSM_DrvEccCurvePrmIndexType"
|
|
*
|
|
*/
|
|
#define HSM_DRV_ECC_CURVE_PRM_IDX_SECP384R1 (2U)
|
|
|
|
/**
|
|
* @brief ECC curve NIST SECP521R1 value for type "HSM_DrvEccCurvePrmIndexType"
|
|
*
|
|
*/
|
|
#define HSM_DRV_ECC_CURVE_PRM_IDX_SECP521R1 (3U)
|
|
|
|
/**
|
|
* @brief max count of ECC curve supported for type "HSM_DrvEccCurvePrmIndexType"
|
|
*
|
|
*/
|
|
#define HSM_DRV_ECC_CURVE_PRM_IDX_MAX (0xFFFFFFFFU)
|
|
|
|
/**
|
|
* @brief type definition for ECC curve data that defined by NIST
|
|
*
|
|
*/
|
|
typedef hsm_uint32_t HSM_DrvEccCurvePrmIndexType;
|
|
/**@}*/
|
|
|
|
/**
|
|
* @brief ECC curve information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
const hsm_uint32_t *pP; /*!< address is 4bytes aligned, ecc curve modulus */
|
|
const hsm_uint32_t *pN; /*!< address is 4bytes aligned, ecc curve order; size; the count of all
|
|
possible EC points */
|
|
const hsm_uint32_t *pA; /*!< address is 4bytes aligned, the constant "a" in y^2 = x^3 + a*x + b
|
|
(mod p) */
|
|
const hsm_uint32_t *pB; /*!< address is 4bytes aligned, the constant "b" in y^2 = x^3 + a*x + b
|
|
(mod p) */
|
|
const hsm_uint32_t *pGx; /*!< address is 4bytes aligned, x of the curve generator point G {x, y} */
|
|
const hsm_uint32_t *pGy; /*!< address is 4bytes aligned, y of the curve generator point G {x, y} */
|
|
} HSM_DrvEccCurveParamType;
|
|
|
|
/**
|
|
* @brief ECC sign information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
hsm_uint32_t u32ByteCount; /*!< all the data size, it should contains all N data */
|
|
HSM_DrvEccCurveParamType tCurve; /*!< ecc curve parameters */
|
|
const hsm_uint32_t *pPrivateKey; /*!< address is 4bytes aligned, private key */
|
|
const hsm_uint32_t *pHashData; /*!< address is 4bytes aligned, hash of the data to verify */
|
|
|
|
/* the following the sign output */
|
|
hsm_uint32_t *pR; /*!< address is 4bytes aligned, driver internal use this buffer to store the
|
|
sign result R of the data to sign */
|
|
hsm_uint32_t *pS; /*!< address is 4bytes aligned, driver internal use this buffer to store the
|
|
sign result S of the data to sign */
|
|
} HSM_EccSignType;
|
|
|
|
/**
|
|
* @brief ECC sign information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID_PrivateKey; /*!< 0 means use key from HSM internal key space,
|
|
otherwise would load key with KEYID from key space */
|
|
hsm_uint32_t u32BitCnt; /*!< ECC parameter N bit count */
|
|
HSM_DrvEccCurvePrmIndexType u32EccCurve; /*!< select hsm rom internal ecc curve parameters, if
|
|
use user's self curve, set it to
|
|
HSM_DRV_ECC_CURVE_PRM_IDX_MAX */
|
|
HSM_EccSignType tCfg; /*!< ecc sign parameters */
|
|
} HSMCom_EccSignType;
|
|
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief ECC verify information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
hsm_uint32_t u32DataByteCnt; /*!< the byte count of all ecc curve parameter */
|
|
HSM_DrvEccCurveParamType tCurve; /*!< ecc curve parameters */
|
|
const hsm_uint32_t *pkG_x; /*!< address is 4bytes aligned, public key axis x */
|
|
const hsm_uint32_t *pkG_y; /*!< address is 4bytes aligned, public key axis y */
|
|
const hsm_uint32_t *pHashData; /*!< address is 4bytes aligned, hash of the data to verify */
|
|
const hsm_uint32_t *pR; /*!< address is 4bytes aligned, the sign result R of the data to verify */
|
|
const hsm_uint32_t *pS; /*!< address is 4bytes aligned, the sign result S of the data to verify */
|
|
} HSM_EccVerifyType;
|
|
|
|
/**
|
|
* @brief ECC verify information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID_PublicKey; /*!< 0 means don't use key from HSM internal key space,
|
|
otherwise would load key with KEYID from HSM */
|
|
hsm_uint32_t u32BitCnt; /*!< ECC parameter N bit count */
|
|
HSM_DrvEccCurvePrmIndexType u32EccCurve; /*!< select hsm rom internal ecc curve parameters, if
|
|
use user's self curve, set it to
|
|
HSM_DRV_ECC_CURVE_PRM_IDX_MAX */
|
|
HSM_EccVerifyType tCfg; /*!< ecc verify parameters */
|
|
} HSMCom_EccVerifyType;
|
|
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief SM2 key pair generation information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
hsm_uint32_t (*pPrivateKey)[8]; /*!< address is 4bytes aligned, private key */
|
|
hsm_uint32_t (*pPublicKey_X)[8]; /*!< address is 4bytes aligned, the public key X */
|
|
hsm_uint32_t (*pPublicKey_Y)[8]; /*!< address is 4bytes aligned, the public key Y */
|
|
} HSM_Sm2GenKeyPairType;
|
|
|
|
/**
|
|
* @brief SM2 key pair generation information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
HSM_Sm2GenKeyPairType tCfg; /*!< sm2 generate key pair parameters */
|
|
} HSMCom_Sm2GenKeyPairType;
|
|
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief SM2 encrypt information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
hsm_uint32_t u32SM2InputByteCnt; /*!< the length should be <= 32bytes */
|
|
hsm_uint32_t *pSM2OutputByteCnt; /*!< address is 4bytes aligned, driver internal will set output
|
|
byte count in the memory this pointer point to */
|
|
hsm_uint32_t *pInputData; /*!< address is 4bytes aligned, length should be more than
|
|
u32SM2InputByteCnt, and must be 4bytes align */
|
|
hsm_uint32_t (*pPublicKey_x)[8]; /*!< address is 4bytes aligned, public key axis x data */
|
|
hsm_uint32_t (*pPublicKey_y)[8]; /*!< address is 4bytes aligned, public key axis y data */
|
|
hsm_uint32_t *pOutputData; /*!< address is 4bytes aligned, length should be more than
|
|
u32SM2InputByteCnt+97, and must be 4bytes align */
|
|
} HSM_Sm2EncryptType;
|
|
|
|
/**
|
|
* @brief SM2 encrypt information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID_PublicKey; /*!< 0 means don't use key from HSM internal key space,
|
|
otherwise would load key with KEYID from HSM */
|
|
HSM_Sm2EncryptType tCfg; /*!< sm2 encrypt parameters */
|
|
} HSMCom_Sm2EncryptType;
|
|
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief SM2 decrypt information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
hsm_uint32_t u32SM2InputByteCnt; /*!< the length should be <= 129bytes */
|
|
hsm_uint32_t *pSM2OutputByteCnt; /*!< address is 4bytes aligned, driver internal will set output
|
|
byte count in the memory this pointer point to */
|
|
hsm_uint32_t *pInputData; /*!< address is 4bytes aligned, length should be more than
|
|
u32SM2InputByteCnt, and must be 4bytes align */
|
|
hsm_uint32_t (*pPrivateKey)[8]; /*!< address is 4bytes aligned, private key */
|
|
hsm_uint32_t *pOutputData; /*!< address is 4bytes aligned, length should be more than
|
|
u32SM2InputByteCnt-97, and must be 4bytes align */
|
|
} HSM_Sm2DecryptType;
|
|
|
|
/**
|
|
* @brief SM2 decrypt information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID_PrivateKey; /*!< 0 means don't use key from HSM internal key space,
|
|
otherwise would load key with KEYID from HSM */
|
|
HSM_Sm2DecryptType tCfg; /*!< sm2 decrypt parameters */
|
|
} HSMCom_Sm2DecryptType;
|
|
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief SM2 sign information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_BoolType bUseDefaultID; /*!< true means use default ID. false means use specific ID with
|
|
"pInputData_ID" and "u32SM2InputIDByteCnt" params. */
|
|
HSM_BoolType bHashInput; /*!< true means process hash message. false means process raw M message */
|
|
hsm_uint32_t u32SM2InputMByteCnt; /*!< the length should be <= 32bytes */
|
|
hsm_uint32_t u32SM2InputIDByteCnt; /*!< the length should be <= 32bytes note: If "bUseDefaultID"
|
|
is false, would use this specific ID length with byte unit. */
|
|
hsm_uint32_t *pInputData_ID; /*!< address is 4bytes aligned, note: If "bUseDefaultID" is false,
|
|
would use this specific ID. length should be more than
|
|
u32SM2InputIDByteCnt, and must be 4bytes align */
|
|
hsm_uint32_t *pInputData_MOrHash; /*!< address is 4bytes aligned, length should be more than
|
|
u32SM2InputMOrHashByteCnt, and must be 4bytes align */
|
|
hsm_uint32_t (*pPrivateKey)[8]; /*!< address is 4bytes aligned, private key */
|
|
hsm_uint32_t (*pPublicKey_X)[8]; /*!< address is 4bytes aligned, If bHashInput is false, the
|
|
pointer must be not NULL_PTR */
|
|
hsm_uint32_t (*pPublicKey_Y)[8]; /*!< address is 4bytes aligned, If bHashInput is false, the
|
|
pointer must be not NULL_PTR */
|
|
hsm_uint32_t (*pOutputData_R)[8]; /*!< address is 4bytes aligned, sign result R */
|
|
hsm_uint32_t (*pOutputData_S)[8]; /*!< address is 4bytes aligned, sign result S */
|
|
} HSM_Sm2SignType;
|
|
|
|
/**
|
|
* @brief SM2 sign information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID_PublicKey; /*!< 0 means don't use key from HSM internal key space,
|
|
otherwise would load key with KEYID from HSM */
|
|
hsm_uint32_t u32UserKeyID_PrivateKey; /*!< 0 means don't use key from HSM internal key space,
|
|
otherwise would load key with KEYID from HSM */
|
|
HSM_Sm2SignType tCfg; /*!< sm2 sign parameters */
|
|
} HSMCom_Sm2SignType;
|
|
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief SM2 verify information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_BoolType bUseDefaultID; /*!< true means use default ID. false means use specific ID with
|
|
"pInputData_ID" and "u32SM2InputIDByteCnt" params. */
|
|
HSM_BoolType bHashInput; /*!< true means process hash message. false means process raw M message */
|
|
hsm_uint32_t u32SM2InputMByteCnt; /*!< the length should be <= 32bytes */
|
|
hsm_uint32_t u32SM2InputIDByteCnt; /*!< the length should be <= 32bytes note: If "bUseDefaultID"
|
|
is false, would use this specific ID length with byte unit. */
|
|
hsm_uint32_t *pInputData_MOrHash; /*!< address is 4bytes aligned, length should be more than
|
|
u32SM2InputMOrHashByteCnt, and must be 4bytes align */
|
|
hsm_uint32_t *pInputData_ID; /*!< address is 4bytes aligned, note: If "bUseDefaultID" is false,
|
|
would use this specific ID. length should be more than
|
|
u32SM2InputIDByteCnt, and must be 4bytes align */
|
|
hsm_uint32_t (*pInputData_R)[8]; /*!< address is 4bytes aligned, the sign result R */
|
|
hsm_uint32_t (*pInputData_S)[8]; /*!< address is 4bytes aligned, the sign result S */
|
|
hsm_uint32_t (*pPublicKey_X)[8]; /*!< address is 4bytes aligned, the public key X */
|
|
hsm_uint32_t (*pPublicKey_Y)[8]; /*!< address is 4bytes aligned, the public key Y */
|
|
} HSM_Sm2VerifyType;
|
|
|
|
/**
|
|
* @brief SM2 verify information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID_PublicKey; /*!< 0 means don't use key from HSM internal key space,
|
|
otherwise would load key with KEYID from HSM */
|
|
HSM_Sm2VerifyType tCfg; /*!< sm2 verify parameters */
|
|
} HSMCom_Sm2VerifyType;
|
|
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief SM2 ZA generation information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_BoolType bUseDefaultID; /*!< true means use default ID. false means use specific ID with
|
|
"pInputData_ID" and "u32SM2InputIDByteCnt" params. */
|
|
hsm_uint32_t u32SM2InputIDByteCnt; /*!< the length should be <= 32bytes note: If "bUseDefaultID"
|
|
is false, would use this specific ID length with byte unit.*/
|
|
hsm_uint32_t (*pPublicKey_X)[8]; /*!< address is 4bytes aligned, public key x */
|
|
hsm_uint32_t (*pPublicKey_Y)[8]; /*!< address is 4bytes aligned, public key y */
|
|
hsm_uint32_t *pInputData_ID; /*!< address is 4bytes aligned, note: If "bUseDefaultID" is false,
|
|
would use this specific ID. length should be more than
|
|
u32SM2InputIDByteCnt, and must be 4bytes align */
|
|
hsm_uint32_t (*pOutputData_Za)[8]; /*!< address is 4bytes aligned, Length is 32bytes, SM3 always
|
|
output 256bit */
|
|
} HSM_Sm2GenZaType;
|
|
|
|
/**
|
|
* @brief SM2 ZA generation information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID_PublicKey; /*!< 0 means don't use key from HSM internal key space,
|
|
otherwise would load key with KEYID from HSM */
|
|
HSM_Sm2GenZaType tCfg;
|
|
} HSMCom_Sm2GenZaType;
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief SM2 HASH generation information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
hsm_uint32_t u32InputDataByteCnt; /*!< input data byte count */
|
|
hsm_uint32_t *pInputData_ZaAndM; /*!< address is 4bytes aligned, note: it should be ZA||M, the
|
|
length should be more than u32InputDataByteCnt, and must be
|
|
4bytes align */
|
|
hsm_uint32_t (*pOutputData_Hash)[8]; /*!< address is 4bytes aligned, Length is 32bytes, SM3
|
|
always output 256bit */
|
|
} HSM_Sm2GenHashType;
|
|
|
|
/**
|
|
* @brief SM2 HASH generation information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
HSM_Sm2GenHashType tCfg; /*!< sm2 generate hash parameters */
|
|
} HSMCom_Sm2GenHashType;
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @name definitions for HSM_Sm4KeyType
|
|
*
|
|
*/
|
|
/**@{*/
|
|
/**
|
|
* @brief vendor key value for type "HSM_Sm4KeyType"
|
|
*
|
|
* HSM hardware support accessing the SM4 key stored in nvr flash directly,
|
|
* chip user should program the key in flash already.
|
|
* This way don't need software read data and write it to some place,
|
|
* hardware will read the data itself automatically.
|
|
*/
|
|
#define HSM_SM4_KEY_CHIP_VENDOR_IFR \
|
|
(0U) /* key has existed in Flash IFR, it provided by chip, not changeable */
|
|
|
|
/**
|
|
* @brief driver user's new key value for type "HSM_Sm4KeyType"
|
|
*
|
|
* HSM use the key passed by driver API user.
|
|
*/
|
|
#define HSM_SM4_KEY_NEW (1U) /* user should provide the new key */
|
|
|
|
typedef hsm_uint32_t HSM_Sm4KeyType;
|
|
/**@}*/
|
|
|
|
/**
|
|
* @name definitions for HSM_SymmEnDecryptAlgType
|
|
*
|
|
*/
|
|
/**@{*/
|
|
/**
|
|
* @brief CTR mode value for type "HSM_SymmEnDecryptAlgType"
|
|
*
|
|
*/
|
|
#define HSM_SYMM_ENDECRYPT_MODE_CTR (0U)
|
|
|
|
/**
|
|
* @brief CBC mode value for type "HSM_SymmEnDecryptAlgType"
|
|
*
|
|
*/
|
|
#define HSM_SYMM_ENDECRYPT_MODE_CBC (1U)
|
|
|
|
/**
|
|
* @brief ECB mode value for type "HSM_SymmEnDecryptAlgType"
|
|
*
|
|
*/
|
|
#define HSM_SYMM_ENDECRYPT_MODE_ECB (2U)
|
|
|
|
/**
|
|
* @brief CFB mode value for type "HSM_SymmEnDecryptAlgType"
|
|
*
|
|
*/
|
|
#define HSM_SYMM_ENDECRYPT_MODE_CFB (3U)
|
|
|
|
/**
|
|
* @brief OFB mode value for type "HSM_SymmEnDecryptAlgType"
|
|
*
|
|
*/
|
|
#define HSM_SYMM_ENDECRYPT_MODE_OFB (4U)
|
|
|
|
/**
|
|
* @brief type definition for SM4/AES encrypt/decrypt mode
|
|
*
|
|
* HSM support CTR/CBC/ECB/CFB/OFB mode, driver api use this to select the encrypt/decrypt mode.
|
|
*/
|
|
typedef hsm_uint32_t HSM_SymmEnDecryptAlgType;
|
|
/**@}*/
|
|
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief ECC encrypt information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
hsm_uint32_t u32ByteCount; /*!< all the data size, it should contains all N data */
|
|
|
|
const hsm_uint32_t *pCoeffi_A; /*!< address should align with 4bytes, the constant "a" in y^2 =
|
|
x^3 + a*x + b (mod p), all data 8 bytes aligned */
|
|
const hsm_uint32_t *pCoeffi_B; /*!< address should align with 4bytes, the constant "b" in y^2 =
|
|
x^3 + a*x + b (mod p) */
|
|
const hsm_uint32_t *pP; /*!< address should align with 4bytes, ecc curve modulus */
|
|
const hsm_uint32_t *pN; /*!< address should align with 4bytes, ecc curve order; size; the count
|
|
of all possible EC points */
|
|
const hsm_uint32_t *pOtherSidePublicKey_x; /*!< address should align with 4bytes, decrypt side's
|
|
public key axis x data */
|
|
const hsm_uint32_t *pOtherSidePublicKey_y; /*!< address should align with 4bytes, decrypt side's
|
|
public key axis y data */
|
|
const hsm_uint32_t *pPrivateKey; /*!< address should align with 4bytes, encrypt side private key */
|
|
const hsm_uint32_t *pPlainData; /*!< address should align with 4bytes, data to be encrypted, its
|
|
byte count should be same as u32ByteCount */
|
|
|
|
hsm_uint32_t *pEncryedData; /*!< address should align with 4bytes, driver internal write the
|
|
result to this buffer */
|
|
} HSM_EccEasyEncryType;
|
|
|
|
/**
|
|
* @brief ECC encrypt information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID_PrivateKey; /*!< 0 means don't use key from HSM internal key space,
|
|
otherwise would load key with KEYID from HSM */
|
|
hsm_uint32_t u32UserKeyID_PublicKey; /*!< 0 means don't use key from HSM internal key space,
|
|
otherwise would load key with KEYID from HSM */
|
|
hsm_uint32_t u32BitCnt; /*!< ecc encrypt data bit count */
|
|
HSM_DrvEccCurvePrmIndexType u32EccCurve; /*!< ecc curve */
|
|
HSM_EccEasyEncryType tCfg; /*!< ecc encrypt parameters */
|
|
} HSMCom_EccEasyEncryType;
|
|
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief ECC decrypt information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
hsm_uint32_t u32ByteCount; /*!< all the data size, it should contains all N data */
|
|
|
|
const hsm_uint32_t *pCoeffi_A; /*!< address should align with 4bytes, the constant "a" in y^2 =
|
|
x^3 + a*x + b (mod p), all data 8 bytes aligned */
|
|
const hsm_uint32_t *pCoeffi_B; /*!< address should align with 4bytes, the constant "b" in y^2 =
|
|
x^3 + a*x + b (mod p) */
|
|
const hsm_uint32_t *pP; /*!< address should align with 4bytes, ecc curve modulus */
|
|
const hsm_uint32_t *pN; /*!< address should align with 4bytes, ecc curve order; size; the count
|
|
of all possible EC points */
|
|
const hsm_uint32_t *pOtherSidePublicKey_x; /*!< address should align with 4bytes, encrypt side's
|
|
public key axis x data */
|
|
const hsm_uint32_t *pOtherSidePublicKey_y; /*!< address should align with 4bytes, encrypt side's
|
|
public key axis y data */
|
|
const hsm_uint32_t *pPrivateKey; /*!< address should align with 4bytes, decrypt side private key */
|
|
const hsm_uint32_t *pEncryedData; /*!< address should align with 4bytes, data to be decrypted,
|
|
its byte count should be same as u32ByteCount */
|
|
|
|
hsm_uint32_t *pPlainData; /*!< address should align with 4bytes, driver internal write the
|
|
result to this buffer */
|
|
} HSM_EccEasyDecryType;
|
|
|
|
/**
|
|
* @brief ECC decrypt information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID_PrivateKey; /*!< 0 means don't use key from HSM internal key space,
|
|
otherwise would load key with KEYID from HSM */
|
|
hsm_uint32_t u32UserKeyID_PublicKey; /*!< 0 means don't use key from HSM internal key space,
|
|
otherwise would load key with KEYID from HSM */
|
|
hsm_uint32_t u32BitCnt; /*!< ecc encrypt data bit count */
|
|
HSM_DrvEccCurvePrmIndexType u32EccCurve; /*!< ecc curve */
|
|
HSM_EccEasyDecryType tCfg; /*!< ecc decrypt parameters */
|
|
} HSMCom_EccEasyDecryType;
|
|
/* ------------------------------------------------------------------------------- */
|
|
/* ------------------------------------------------------------------------------- */
|
|
#define HSM_ECC_CALC_PADD 0xFC73F800U
|
|
#define HSM_ECC_CALC_PDBL 0xFC73F801U
|
|
#define HSM_ECC_CALC_PMUL 0xFC73F802U
|
|
#define HSM_ECC_CALC_PCHK 0xFC73F803U
|
|
|
|
/**
|
|
* @brief ECC point calclulate used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
hsm_uint32_t u32ByteCount; /*!< all the data size, it should contains all N data */
|
|
|
|
const hsm_uint32_t *pCoeffi_A; /*!< address should align with 4bytes, the constant "a" in y^2 =
|
|
x^3 + a*x + b (mod p), all data 8 bytes aligned */
|
|
const hsm_uint32_t *pCoeffi_B; /*!< address should align with 4bytes, the constant "b" in y^2 =
|
|
x^3 + a*x + b (mod p) */
|
|
const hsm_uint32_t *pP; /*!< address should align with 4bytes, ecc curve modulus */
|
|
const hsm_uint32_t *pN; /*!< address should align with 4bytes, ecc curve order; size; the count
|
|
of all possible EC points */
|
|
const hsm_uint32_t *pP1x; /*!< address should align with 4bytes, encrypt side's public key axis x data */
|
|
const hsm_uint32_t *pP1y; /*!< address should align with 4bytes, encrypt side's public key axis y data */
|
|
const hsm_uint32_t *pE; /*!< address should align with 4bytes, decrypt side private key */
|
|
const hsm_uint32_t *pP2x; /*!< address should align with 4bytes, data to be decrypted, its byte
|
|
count should be same as u32ByteCount */
|
|
|
|
hsm_uint32_t *pResultx; /*!< address should align with 4bytes, driver internal write the result
|
|
to this buffer */
|
|
|
|
hsm_uint32_t u32CalcType;
|
|
const hsm_uint32_t *pP2y;
|
|
hsm_uint32_t *pResulty;
|
|
} HSM_EccCalcType;
|
|
|
|
/**
|
|
* @brief ECC point calclulate used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID_E; /*!< 0 means don't use key from HSM internal key space, otherwise
|
|
would load key with KEYID from HSM */
|
|
hsm_uint32_t u32UserKeyID_P1; /*!< 0 means don't use key from HSM internal key space, otherwise
|
|
would load key with KEYID from HSM */
|
|
hsm_uint32_t u32BitCnt; /*!< ecc encrypt data bit count */
|
|
HSM_DrvEccCurvePrmIndexType u32EccCurve; /*!< ecc curve */
|
|
HSM_EccCalcType tCfg; /*!< ecc decrypt parameters */
|
|
} HSMCom_EccCalcType;
|
|
|
|
/* ------------------------------------------------------------------------------- */
|
|
#define HSM_COM_REQUEST_AUTH_DATA_U32_CNT 8
|
|
|
|
/**
|
|
* @brief Request Auth used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t (*pData)[HSM_COM_REQUEST_AUTH_DATA_U32_CNT]; /*!< address should align with 4bytes,
|
|
buffer to store the data */
|
|
} HSMCom_RequestAuthType;
|
|
/* ------------------------------------------------------------------------------- */
|
|
/* #define AUTH_CHECK_DATA_BYTE_CNT 32 */
|
|
|
|
/**
|
|
* @brief Change lifecycle used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
const hsm_uint32_t *pkG_x; /*!< address should align with 4bytes */
|
|
const hsm_uint32_t *pkG_y; /*!< address should align with 4bytes */
|
|
const hsm_uint32_t *pR; /*!< address should align with 4bytes */
|
|
const hsm_uint32_t *pS; /*!< address should align with 4bytes */
|
|
/* For user code verify function */
|
|
const hsm_uint32_t *pData; /*!< address should align with 4bytes */
|
|
hsm_uint32_t u32DataLength; /*!< the data byte count */
|
|
} HSMCom_LifeCycleChangeType;
|
|
/* ------------------------------------------------------------------------------- */
|
|
|
|
/**
|
|
* @brief Cancel job used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32MailboxChannel; /*!< the mailbox channel of the job to be canceled */
|
|
} HSMCom_CancelJobType;
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @name definitions for HSMCom_FirmwareLoadStatus
|
|
*
|
|
*/
|
|
/**@{*/
|
|
/**
|
|
* @brief no firmware detected in flash status
|
|
*
|
|
*/
|
|
#define HSMCOM_FIRMWARE_LOAD_NONE 0U
|
|
|
|
/**
|
|
* @brief status value represents firmware is loading now
|
|
*
|
|
*/
|
|
#define HSMCOM_FIRMWARE_LOADING 1U
|
|
|
|
/**
|
|
* @brief status value represents firmware waiting user to trigger load in CM7 side
|
|
*
|
|
*/
|
|
#define HSMCOM_FIRMWARE_NEED_USER_LOAD 2U
|
|
|
|
/**
|
|
* @brief status value represents firmware is loaded successfully
|
|
*
|
|
*/
|
|
#define HSMCOM_FIRMWARE_LOAD_OK 3U
|
|
|
|
/**
|
|
* @brief status value represents firmware load fail
|
|
*
|
|
*/
|
|
#define HSMCOM_FIRMWARE_LOAD_FAIL 4U
|
|
|
|
/**
|
|
* @brief type definition for firmware load status
|
|
*
|
|
*/
|
|
typedef hsm_uint32_t HSMCom_FirmwareLoadStatus;
|
|
/**@}*/
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32CommitId; /*!< HSM repo commit id */
|
|
hsm_uint32_t u32BuildDate; /*!< HSM repo build id */
|
|
hsm_uint32_t u32FirmVersion; /*!< firmware version */
|
|
hsm_uint32_t u32FixedValue; /*!< FIX to 0x4d6f0000 */
|
|
hsm_uint32_t u32BusClk; /*!< the hsm bus clock */
|
|
hsm_uint32_t u32Reserved0;
|
|
hsm_uint32_t u32Reserved1;
|
|
hsm_uint32_t u32Reserved2;
|
|
hsm_uint32_t u32Reserved3;
|
|
HSMCom_FirmwareLoadStatus u32FirmwareLoadStatus; /*!< the status of loading firmware, IF >= 4 FAIL */
|
|
} HSMCom_SelfTestType;
|
|
/* ------------------------------------------------------------------------------- */
|
|
#define HSMCOM_NVR_OTP_START_ADDR 0x04400400
|
|
#define HSMCOM_NVR_OTP_END_ADDR 0x04401fff
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32Addr; /*!< 0x04400400 - 0x04401fff, 16bytes align */
|
|
hsm_uint32_t aData[4];
|
|
} HSMCom_NvrOtpType;
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @name definitions for HSM_KeyManagerBoolType
|
|
*
|
|
*/
|
|
/**@{*/
|
|
#define KEYMANAGER_FALSE (0u)
|
|
#define KEYMANAGER_TRUE (1u)
|
|
typedef hsm_uint32_t HSM_KeyManagerBoolType;
|
|
/**@}*/
|
|
|
|
/**
|
|
* @name definitions for HSM_KeyManagerKeyExportType
|
|
*
|
|
*/
|
|
/**@{*/
|
|
#define KEYMANAGER_KEY_EXPORT_FORBIRD (0u)
|
|
#define KEYMANAGER_KEY_EXPORT_PLAIN (1u)
|
|
#define KEYMANAGER_KEY_EXPORT_CIPHER (2u)
|
|
#define KEYMANAGER_KEY_EXPORT_MAX (3u)
|
|
typedef hsm_uint32_t HSM_KeyManagerKeyExportType;
|
|
/**@}*/
|
|
|
|
/**
|
|
* @name definitions for HSM_KeyManagerUserKeyEnDecryType
|
|
*
|
|
*/
|
|
/**@{*/
|
|
#define KEYMANAGER_ENDECRY_NONE (0u) /* For plain key, no need to encrypt or decrypt. */
|
|
#define KEYMANAGER_ENDECRY_AES256 (1u)
|
|
#define KEYMANAGER_ENDECRY_SM4 (2u)
|
|
#define KEYMANAGER_ENDECRY_MAX (3u)
|
|
typedef hsm_uint32_t HSM_KeyManagerUserKeyEnDecryType;
|
|
/**@}*/
|
|
|
|
/**
|
|
* @name definitions for HSM_KeyManagerUserKeyTypeType
|
|
*
|
|
*/
|
|
/**@{*/
|
|
#define KEYMANAGER_USER_KEY_TYPE_NONE \
|
|
(0u) /* not configure the key type, HSM shall not check if the key type is matched with \
|
|
de/encrypt ALG. */
|
|
#define KEYMANAGER_USER_KEY_TYPE_AES (1u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_SM4 (1u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_ECC_PRIVATE (3u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_ECC_PUBLIC (4u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_SM2_PRIVATE (5u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_SM2_PUBLIC (6u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_RSA_E (7u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_RSA_N (8u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_XMAC (9u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_CMAC_KEY (10u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_CCM (11u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_GCM (12u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_ECC_SIGNATURE (13u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_SM2_SIGNATURE (14u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_IV (15u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_CMAC_RESULT (16u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_XMAC_RESULT (17u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_RSA_SIGNATURE (18u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_ED25519_PUBKEY (19u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_ED25519_SIGNATURE (20u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_ED25519_PRIVATE (21u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_PBKDF2_PWD (22u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_HASHMAC_KEY (23u)
|
|
#define KEYMANAGER_USER_KEY_TYPE_RSA (24u)
|
|
typedef hsm_uint32_t HSM_KeyManagerUserKeyTypeType;
|
|
/**@}*/
|
|
|
|
/**
|
|
* @name definitions for HSM_KeyManagerEnDecryAlgType
|
|
*
|
|
*/
|
|
/**@{*/
|
|
|
|
#define KEYMANAGER_ENDECRY_ALG_CTR (0u)
|
|
#define KEYMANAGER_ENDECRY_ALG_CBC (1u)
|
|
#define KEYMANAGER_ENDECRY_ALG_ECB (2u)
|
|
#define KEYMANAGER_ENDECRY_ALG_CFB (3u)
|
|
#define KEYMANAGER_ENDECRY_ALG_OFB (4u)
|
|
#define KEYMANAGER_ENDECRY_ALG_MAX (5u)
|
|
|
|
typedef hsm_uint32_t HSM_KeyManagerEnDecryAlgType;
|
|
/**@}*/
|
|
|
|
typedef struct
|
|
{
|
|
hsm_uint32_t *pDataAddr; /*!< address should align with 4bytes */
|
|
hsm_uint32_t *pDataLength; /*!< address should align with 4bytes, a hsm_uint32_t variable to
|
|
store the length */
|
|
hsm_uint32_t u32KeyID;
|
|
HSM_KeyManagerUserKeyEnDecryType eEncryType; /*!< indicate if the key exported is need to be
|
|
encrypted */
|
|
/* if the key exported need to be encrypted, below Param need to configure */
|
|
hsm_uint32_t u32EncryKeyID; /*!< 0 means use USRK as encrykey, otherwise load decrykey with
|
|
KEYID from hsm key space */
|
|
HSM_KeyManagerEnDecryAlgType eAlgType;
|
|
hsm_uint32_t (*pIV)[4]; /*!< address should align with 4bytes */
|
|
} HSM_KeyManagerExportUserKeyType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_KeyManagerBoolType bStoreInFlash; /* true means store the key in flash, false means store
|
|
the key in ram */
|
|
HSM_KeyManagerKeyExportType eExportType;
|
|
hsm_uint32_t *pDataAddr; /*!< address should align with 4bytes, the address of key imported */
|
|
hsm_uint32_t u32DataLength; /*!< the length of key imported */
|
|
hsm_uint32_t *pKeyID; /*!< address should align with 4bytes */
|
|
HSM_KeyManagerUserKeyEnDecryType eDecryType; /*!< indicate if the key imported is plain */
|
|
/* if the key imported is encrypted, below Param need to configure */
|
|
hsm_uint32_t u32DecryKeyID; /*!< 0 means use USRK as decrykey, otherwise load decrykey with
|
|
KEYID from hsm key space */
|
|
HSM_KeyManagerUserKeyTypeType eUserKeyType;
|
|
HSM_KeyManagerEnDecryAlgType eAlgType;
|
|
hsm_uint32_t (*pIV)[4]; /*!< address should align with 4bytes */
|
|
} HSM_KeyManagerImportUserKeyType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_KeyManagerBoolType bStoreInFlash; /* true means store the key in flash, false means store
|
|
the key in ram */
|
|
HSM_KeyManagerKeyExportType eExportType;
|
|
const hsm_uint32_t *pDataAddr; /* the address of key imported */
|
|
hsm_uint32_t u32DataLength; /* the length of key imported */
|
|
hsm_uint32_t *pKeyID;
|
|
HSM_KeyManagerUserKeyEnDecryType eDecryType; /* indicate if the key imported is plain */
|
|
/* if the key imported is encrypted, below Param need to configure */
|
|
hsm_uint32_t u32DecryKeyID; /* 0 means use USRK as decrykey, otherwise load decrykey with KEYID
|
|
from hsm key space */
|
|
HSM_KeyManagerUserKeyTypeType eUserKeyType;
|
|
HSM_KeyManagerEnDecryAlgType eAlgType;
|
|
hsm_uint32_t (*pIV)[4];
|
|
hsm_uint32_t u32KeyIdFix; /* FC7300 fw support */
|
|
hsm_uint32_t u32Protect; /* support from FC500 */
|
|
} HSM_Ln_ImportUserKeyExtType;
|
|
|
|
typedef struct
|
|
{
|
|
hsm_uint32_t u32SrcKeyID;
|
|
hsm_uint32_t u32DestKeyID;
|
|
hsm_uint32_t *pDestKeyID;
|
|
HSM_KeyManagerBoolType bStoreInFlash;
|
|
hsm_uint32_t eUserKeyType;
|
|
} HSM_Ln_CopyUserKeyType;
|
|
|
|
#define KEYMANAGER_GEN_KEYPAIR_SM2 (0u)
|
|
#define KEYMANAGER_GEN_KEYPAIR_ECC (1u)
|
|
#define KEYMANAGER_GEN_KEYPAIR_MAX (2u)
|
|
typedef hsm_uint32_t HSM_KeyManagerGenKeyPairType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_KeyManagerGenKeyPairType eKeyPairType;
|
|
HSM_KeyManagerKeyExportType eExportType;
|
|
HSM_KeyManagerBoolType bStoreInFlash;
|
|
hsm_uint32_t *pPrivateKeyID; /*!< address should align with 4bytes */
|
|
hsm_uint32_t *pPublicKeyID; /*!< address should align with 4bytes */
|
|
} HSM_KeyManagerGenUserKeyType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_KeyManagerGenUserKeyType tGenKeyPairCfg;
|
|
HSM_DrvEccCurveParamType tEccParam; /*!< only for generate ECC key pair */
|
|
hsm_uint32_t u32EccBitLength; /*!< only for generate ECC key pair */
|
|
} HSMCom_GenUserKeyType;
|
|
|
|
#if ((FC7XXX_HSM_SUBSYSTEM_TYPE == FC7240_HSM_SUBSYSTEM) || \
|
|
(FC7XXX_HSM_SUBSYSTEM_TYPE == FC7300_HSM_SUBSYSTEM))
|
|
|
|
#define KEYMANAGER_USERKEY_STATUS_NOT_EXIST (0u)
|
|
#define KEYMANAGER_USERKEY_STATUS_EXIST_VALID (1u)
|
|
#define KEYMANAGER_USERKEY_STATUS_EXIST_INVALID (2u)
|
|
#define KEYMANAGER_USERKEY_STATUS_ERROR (3u)
|
|
|
|
typedef hsm_uint32_t KeyManager_UserKeyStatusType;
|
|
|
|
typedef struct
|
|
{
|
|
hsm_uint32_t u32KeyID;
|
|
KeyManager_UserKeyStatusType *pUserKeyStatus;
|
|
} HSM_KeyManagerCheckUserKeyStatusExtType;
|
|
|
|
#endif
|
|
|
|
#if ((FC7XXX_HSM_SUBSYSTEM_TYPE == FC7240_HSM_SUBSYSTEM) || \
|
|
(FC7XXX_HSM_SUBSYSTEM_TYPE == FC7300_HSM_SUBSYSTEM))
|
|
|
|
#else
|
|
typedef struct
|
|
{
|
|
hsm_uint32_t u32KeyId;
|
|
const void *pDataAddr; // the address of key imported
|
|
hsm_uint32_t u32PlainKeyLength; // the length of key plain
|
|
|
|
// if the key imported is encrypted, below Param need to configure
|
|
HSM_KeyManagerUserKeyEnDecryType eDecryType; // indicate if the key imported is plain
|
|
hsm_uint32_t u32DecryKeyID; // 0 means use USRK as decrykey, otherwise load decrykey with
|
|
// KEYID from hsm key space
|
|
HSM_KeyManagerUserKeyTypeType eUserKeyType;
|
|
HSM_KeyManagerEnDecryAlgType eAlgType;
|
|
hsm_uint32_t (*pIV)[4];
|
|
} HSM_Ln_KeyManagerUpdateUserKeyType;
|
|
|
|
#endif
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
union
|
|
{
|
|
/* For revoke UserKey function*/
|
|
hsm_uint32_t u32RevokeUserKeyID;
|
|
/* For import User Key function*/
|
|
HSM_KeyManagerImportUserKeyType tImportUserKeyCfg;
|
|
/* For export user key function */
|
|
HSM_KeyManagerExportUserKeyType tExportUserKeyCfg;
|
|
/* For generate key pair function */
|
|
HSMCom_GenUserKeyType tGenUserKeyCfg;
|
|
/* For using fixed id to import User Key function */
|
|
HSM_Ln_ImportUserKeyExtType tImportUserKeyExtCfg;
|
|
/* For check key id wheather exsist */
|
|
hsm_uint32_t u32CheckUserKeyIDExt;
|
|
/* For copy key from flash to ram or ram to flash*/
|
|
HSM_Ln_CopyUserKeyType tCopyUserKeyExtCfg;
|
|
|
|
#if ((FC7XXX_HSM_SUBSYSTEM_TYPE == FC7240_HSM_SUBSYSTEM) || \
|
|
(FC7XXX_HSM_SUBSYSTEM_TYPE == FC7300_HSM_SUBSYSTEM))
|
|
/* For check the key id status */
|
|
HSM_KeyManagerCheckUserKeyStatusExtType tKeyIdStatusExtCfg;
|
|
#endif
|
|
|
|
#if ((FC7XXX_HSM_SUBSYSTEM_TYPE == FC7240_HSM_SUBSYSTEM) || \
|
|
(FC7XXX_HSM_SUBSYSTEM_TYPE == FC7300_HSM_SUBSYSTEM))
|
|
#else
|
|
|
|
/* For update user key function */
|
|
HSM_Ln_KeyManagerUpdateUserKeyType tUpdateUserKeyCfg;
|
|
#endif
|
|
} tKMParam;
|
|
} HSMCom_UserKeyManageType;
|
|
/* ------------------------------------------------------------------------------- */
|
|
typedef struct
|
|
{
|
|
/* For Key Flash Space */
|
|
HSM_KeyManagerBoolType bCriticalError;
|
|
HSM_KeyManagerBoolType bKMLackKeyHeadSpace;
|
|
HSM_KeyManagerBoolType bKMLackKeyDataSpace;
|
|
hsm_uint32_t u32KeyHeadRestSpace; /*!< The unit is number */
|
|
hsm_uint32_t u32KeyDataRestSpace; /*!< The unit is page */
|
|
hsm_uint32_t u32InvalidKeyCounter;
|
|
/* For Key ram space */
|
|
hsm_uint32_t u32KeyRamSpaceUsed;
|
|
} HSM_Ln_KeySpaceStatusType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
HSM_Ln_KeySpaceStatusType *pKMSpaceStatus; /*!< address should align with 4bytes */
|
|
} HSMCom_KeySpaceStatusType;
|
|
/* ------------------------------------------------------------------------------- */
|
|
|
|
/**
|
|
* @name definitions for HSM_AesKeyType
|
|
*
|
|
*/
|
|
/**@{*/
|
|
|
|
/**
|
|
* @brief vendor key value for type "HSM_AesKeyType"
|
|
*
|
|
* HSM hardware support accessing the aes key stored in nvr flash directly,
|
|
* chip user should program the key in flash already.
|
|
* This way don't need software read data and write it to some place,
|
|
* hardware will read the data itself automatically.
|
|
*/
|
|
#define HSM_AES_KEY_CHIP_VENDOR_IFR \
|
|
(0U) /* key has existed in Flash IFR, it provided by chip hardware, not changeable */
|
|
|
|
/**
|
|
* @brief driver user's new key value for type "HSM_AesKeyType"
|
|
*
|
|
* HSM use the key passed by driver API user.
|
|
*/
|
|
#define HSM_AES_KEY_NEW (1U) /* user should provide the new key */
|
|
|
|
/**
|
|
* @brief type definition for the key source
|
|
*
|
|
* key from the nvr refer to HSM_AES_KEY_CHIP_VENDOR_IFR
|
|
* key from driver user's parameters refer to HSM_AES_KEY_NEW
|
|
*/
|
|
typedef hsm_uint32_t HSM_AesKeyType;
|
|
/**@}*/
|
|
|
|
/**
|
|
* @name definitions for HSM_AesKeyBitCntType
|
|
*
|
|
*/
|
|
/**@{*/
|
|
|
|
/**
|
|
* @brief AES128 key type value for type "HSM_AesKeyBitCntType"
|
|
*
|
|
*/
|
|
#define HSM_AES_KEY128 (0U)
|
|
|
|
/**
|
|
* @brief AES192 key type value for type "HSM_AesKeyBitCntType"
|
|
*
|
|
*/
|
|
#define HSM_AES_KEY192 (1U)
|
|
|
|
/**
|
|
* @brief AES256 key type value for type "HSM_AesKeyBitCntType"
|
|
*
|
|
*/
|
|
#define HSM_AES_KEY256 (2U)
|
|
|
|
/**
|
|
* @brief type definition for AES key
|
|
*
|
|
* HSM support AES128/192/256, driver api use this to select the algorithm.
|
|
*/
|
|
typedef hsm_uint32_t HSM_AesKeyBitCntType;
|
|
/**@}*/
|
|
|
|
/**
|
|
* @brief key information used by AES when use one key in software
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_AesKeyBitCntType eKeyType; /*!< the key bit count, which determine the AES algorithm type */
|
|
const void *pKeyAddr; /*!< the key data pointer, the address should 4bytes align, the buffer
|
|
array should declared by hsm_uint32_t */
|
|
} HSM_AesNewKeyInfType;
|
|
|
|
/**
|
|
* @brief key information used by AES when use one key in nvr flash
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_AesKeyBitCntType eKeyType; /*!< the key bit count, which determine the AES algorithm type */
|
|
} HSM_AesVendorKeyInfType;
|
|
|
|
/**
|
|
* @brief AES encrypt/decrypt information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_AesKeyType eUseKeyType; /*!< the key source:vendor key programmed in nvr flash or new key in
|
|
software */
|
|
HSM_AesNewKeyInfType tNewKeyInf; /*!< when eUseKeyType is HSM_AES_KEY_NEW, this MUST configure */
|
|
HSM_AesVendorKeyInfType tVendorKeyInf; /*!< when eUseKeyType is HSM_AES_KEY_CHIP_VENDOR_IFR,
|
|
this MUST configure */
|
|
HSM_SymmEnDecryptAlgType eAesAlg; /*!< encrypt/decrypt mode */
|
|
|
|
const hsm_uint32_t *pDataInput; /*!< address should align with 4bytes */
|
|
hsm_uint32_t u32InputByteCnt; /*!< 128bit(16Bytes) align */
|
|
hsm_uint32_t *pDataOutput; /*!< address should align with 4bytes */
|
|
hsm_uint32_t u32OutputMemSize; /*!< the output data buffer "pDataOutput" size, should >=
|
|
"u32InputByteCnt" */
|
|
|
|
const hsm_uint32_t *pIvData; /*!< address should align with 4bytes, 128bit(16Bytes)
|
|
iv(initialization vector) data array, ECB not need configure
|
|
this */
|
|
} HSM_AesEnDecryptType;
|
|
|
|
/**
|
|
* @brief Flexiable AES zero padding type for type "HSM_FlexAesPadType"
|
|
* if input data is not aligned with 16bytes, this configuration will make append byte data 0 to
|
|
* keep 16bytes align.
|
|
*/
|
|
#define HSM_FLEXAES_PAD_ZERO 0u
|
|
|
|
/**
|
|
* @brief Flexiable AES PKCS7 padding type for type "HSM_FlexAesPadType"
|
|
* if input data is not aligned with 16bytes, this configuration will make append bytes by PKCS7
|
|
* method to keep 16bytes align.
|
|
*/
|
|
#define HSM_FLEXAES_PAD_PKCS7 1u
|
|
|
|
/**
|
|
* @brief Flexiable AES padding type definition
|
|
* if use zero padding, refer to HSM_FLEXAES_PAD_ZERO, after decrypt, user should remove the zero
|
|
* manually if use PKCS7 padding, refer to HSM_FLEXAES_PAD_PKCS7
|
|
*/
|
|
typedef hsm_uint32_t HSM_FlexAesPadType;
|
|
|
|
/**
|
|
* @brief Flex AES encrypt/decrypt information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_AesKeyType eUseKeyType; /*!< the key source:vendor key programmed in nvr flash or new key in
|
|
software */
|
|
HSM_AesNewKeyInfType tNewKeyInf; /*!< when eUseKeyType is HSM_AES_KEY_NEW, this MUST configure */
|
|
HSM_AesVendorKeyInfType tVendorKeyInf; /*!< when eUseKeyType is HSM_AES_KEY_CHIP_VENDOR_IFR,
|
|
this MUST configure */
|
|
HSM_SymmEnDecryptAlgType eAesAlg; /*!< encrypt/decrypt mode */
|
|
|
|
const hsm_uint8_t *pDataInput; /*!< address should align with 4bytes */
|
|
hsm_uint32_t u32InputByteCnt; /*!< 128bit(16Bytes) align */
|
|
hsm_uint8_t *pDataOutput; /*!< address should align with 4bytes */
|
|
hsm_uint32_t u32OutputMemSize; /*!< the output data buffer "pDataOutput" size, should >=
|
|
"u32InputByteCnt" */
|
|
|
|
const hsm_uint8_t *pIvData; /*!< address should align with 4bytes, 128bit(16Bytes) iv(initialization
|
|
vector) data array, ECB not need configure this */
|
|
|
|
hsm_uint32_t *pGenerateOutByteCnt; /*!< point to the hsm_uint32_t variable to store the result
|
|
byte count, can't be NULL_PTR */
|
|
|
|
HSM_FlexAesPadType ePad; /*!< for encrypt, if data size not 16bytes aligned, the pad byte should
|
|
refer to this configuration, for decrypt, driver to process the
|
|
padding data according to this, however, if zero padding, driver will
|
|
not remove the padding 0, user should delete the data manually */
|
|
HSM_DataFormatType eInputFmt; /*!< key/iv/input data organized format, hsm_uint8_t array, or
|
|
hsm_uint32_t array */
|
|
HSM_DataFormatType eOutputFmt; /*!< output result data format */
|
|
|
|
} HSM_FlexAesEnDecryptType;
|
|
|
|
/**
|
|
* @brief AES decrypt information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef HSM_AesEnDecryptType HSM_AesEncryptType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID; /*!< 0 means don't use key from HSM internal key space, otherwise
|
|
would load key with KEYID from HSM */
|
|
HSM_AesEncryptType tCfg; /*!< aes parameters */
|
|
} HSMCom_AesEncryptType;
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief AES encrypt information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef HSM_AesEnDecryptType HSM_AesDecryptType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID; /*!< 0 means don't use key from HSM internal key space, otherwise
|
|
would load key with KEYID from HSM */
|
|
HSM_AesDecryptType tCfg; /*!< AES decrypt parameters */
|
|
} HSMCom_AesDecryptType;
|
|
/* ------------------------------------------------------------------------------- */
|
|
|
|
/**
|
|
* @brief Flex AES decrypt information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef HSM_FlexAesEnDecryptType HSM_FlexAesEncryptType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID; /*!< 0 means don't use key from HSM internal key space, otherwise
|
|
would load key with KEYID from HSM */
|
|
HSM_FlexAesEncryptType tCfg; /*!< aes parameters */
|
|
} HSMCom_FlexAesEncryptType;
|
|
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief AES encrypt information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef HSM_FlexAesEnDecryptType HSM_FlexAesDecryptType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID; /*!< 0 means don't use key from HSM internal key space, otherwise
|
|
would load key with KEYID from HSM */
|
|
HSM_FlexAesDecryptType tCfg; /*!< AES decrypt parameters */
|
|
} HSMCom_FlexAesDecryptType;
|
|
|
|
/**
|
|
* @brief SM4 encrypt/decrypt information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_Sm4KeyType eUseKeyType; /*!< the key source:vendor key programmed in nvr flash or new key in
|
|
software */
|
|
const hsm_uint32_t (*pKeyAddr)[4]; /*!< address is 4bytes aligned, when eUseKeyType is
|
|
HSM_SM4_KEY_NEW, this MUST configure */
|
|
HSM_SymmEnDecryptAlgType eSm4Alg; /*!< SM4 encrypt/decrypt mode */
|
|
|
|
const hsm_uint32_t *pDataInput; /*!< address should align with 4bytes */
|
|
hsm_uint32_t u32InputByteCnt; /*!< 128bit(16Bytes) align */
|
|
hsm_uint32_t *pDataOutput; /*!< address should align with 4bytes */
|
|
hsm_uint32_t u32OutputMemSize; /*!< the output data buffer "pDataOutput" size, should >=
|
|
"u32InputByteCnt" */
|
|
|
|
const void *pIvData; /*!< address is 4bytes aligned, 128bit(16Bytes) iv(initialization vector)
|
|
data array, ECB not need configure this */
|
|
} HSM_Sm4EnDecryptType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID; /*!< 0 means don't use key from HSM internal key space, otherwise
|
|
would load key with KEYID from HSM */
|
|
HSM_Sm4EnDecryptType tCfg; /*!< sm4 encrypt/decrypt parameters */
|
|
} HSMCom_Sm4EnDecryptType;
|
|
|
|
typedef HSMCom_Sm4EnDecryptType HSMCom_Sm4DecryptType;
|
|
|
|
typedef HSMCom_Sm4EnDecryptType HSMCom_Sm4EncryptType;
|
|
|
|
typedef struct
|
|
{
|
|
HSMCom_Sm4EncryptType *pParam;
|
|
hsm_uint32_t u32Remain;
|
|
} HSMWrap_Sm4EncryptType;
|
|
|
|
typedef HSMCom_FlexAesEncryptType HSMCom_Sm4EncryptExType;
|
|
typedef HSMCom_FlexAesDecryptType HSMCom_Sm4DecryptExType;
|
|
|
|
typedef struct
|
|
{
|
|
HSMCom_Sm4EncryptExType *pParam;
|
|
hsm_uint32_t u32Remain;
|
|
HSM_FlexAesPadType ePad;
|
|
hsm_uint32_t u32CurrentOutSize;
|
|
hsm_uint32_t u32OutAlreadyByteCnt;
|
|
hsm_uint32_t *pOutResultByteCnt;
|
|
} HSMWrap_Sm4EncryptExType;
|
|
/* ------------------------------------------------------------------------------- */
|
|
|
|
/**
|
|
* @brief CMAC/XMAC information used by driver when call specific API
|
|
*
|
|
*/
|
|
|
|
typedef struct
|
|
{
|
|
HSM_AesKeyType eUseKeyType; /*!< fix to HSM_AES_KEY_NEW */
|
|
HSM_AesNewKeyInfType tNewKeyInf; /*!< when eUseKeyType is HSM_AES_KEY_NEW, this MUST configure */
|
|
HSM_AesVendorKeyInfType tVendorKeyInf; /*!< when eUseKeyType is HSM_AES_KEY_CHIP_VENDOR_IFR,
|
|
this MUST configure */
|
|
hsm_uint32_t u32GenMacByteCnt; /*!< XCMAC API generate MAC data, it's "u32GenMacByteCnt" size
|
|
ICV data */
|
|
HSM_BoolType bCheckMacEn; /*!< if enable this check, user should place the data after the input
|
|
data, hsm will check the generated data and it, if fail, hsm generate
|
|
a interrupt, and if user get hw status, will get a error status */
|
|
const hsm_uint32_t *pDataInput; /*!< address should align with 4bytes */
|
|
hsm_uint32_t u32InputByteCnt; /*!< 128bit(16Bytes) align */
|
|
hsm_uint32_t *pDataOutput; /*!< address should align with 4bytes */
|
|
hsm_uint32_t u32OutputMemSize; /*!< 4bytes align, the output data buffer "pDataOutput" size,
|
|
should >= "u32GenMacByteCnt" */
|
|
} HSM_XCMacType;
|
|
|
|
/**
|
|
* @brief CMAC information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef HSM_XCMacType HSM_CMacType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID; /*!< 0 means don't use key from HSM internal key space, otherwise
|
|
would load key with KEYID from HSM */
|
|
HSM_CMacType tCfg; /*!< CMAC parameters */
|
|
} HSMCom_CMacType;
|
|
|
|
#define HSM_XCMAC_ENGINE_SM4 1U
|
|
#define HSM_XCMAC_ENGINE_AES 0U
|
|
typedef hsm_uint32_t HSM_XCMacEngineType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_AesKeyType eUseKeyType; /*!< fix to HSM_AES_KEY_NEW */
|
|
HSM_AesNewKeyInfType tNewKeyInf; /*!< when eUseKeyType is HSM_AES_KEY_NEW, this MUST configure */
|
|
HSM_AesVendorKeyInfType tVendorKeyInf; /*!< when eUseKeyType is HSM_AES_KEY_CHIP_VENDOR_IFR,
|
|
this MUST configure */
|
|
hsm_uint32_t u32GenMacByteCnt; /*!< XCMAC API generate MAC data, it's "u32GenMacByteCnt" size
|
|
ICV data */
|
|
HSM_BoolType bCheckMacEn; /*!< if enable this check, user should place the data after the input
|
|
data, hsm will check the generated data and it, if fail, hsm generate
|
|
a interrupt, and if user get hw status, will get a error status */
|
|
const hsm_uint32_t *pDataInput; /*!< address should align with 4bytes */
|
|
hsm_uint32_t u32InputByteCnt; /*!< 128bit(16Bytes) align */
|
|
hsm_uint32_t *pDataOutput; /*!< address should align with 4bytes */
|
|
hsm_uint32_t u32OutputMemSize; /*!< 4bytes align, the output data buffer "pDataOutput" size,
|
|
should >= "u32GenMacByteCnt" */
|
|
HSM_DataFormatType eInputFmt;
|
|
HSM_DataFormatType eOutputFmt;
|
|
HSM_XCMacEngineType eEngine;
|
|
} HSM_XCMacExType;
|
|
|
|
typedef HSM_XCMacExType HSM_CMacExType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID; /*!< 0 means don't use key from HSM internal key space, otherwise
|
|
would load key with KEYID from HSM */
|
|
HSM_CMacExType tCfg; /*!< CMAC parameters */
|
|
} HSMCom_CMacExType;
|
|
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief XMAC information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef HSM_XCMacType HSM_XMacType;
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID; /*!< 0 means don't use key from HSM internal key space, otherwise
|
|
would load key with KEYID from HSM */
|
|
HSM_XMacType tCfg; /*!< XMAC parameter */
|
|
} HSMCom_XMacType;
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief CCM Encrypt information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_AesKeyType eUseKeyType; /*!< the key source:vendor key programmed in nvr flash or new key in
|
|
software */
|
|
HSM_AesNewKeyInfType tNewKeyInf; /*!< when eUseKeyType is HSM_AES_KEY_NEW, this MUST configure */
|
|
HSM_AesVendorKeyInfType tVendorKeyInf; /*!< when eUseKeyType is HSM_AES_KEY_CHIP_VENDOR_IFR,
|
|
this MUST configure */
|
|
|
|
hsm_uint32_t *pAllData; /*!< address should align with 4bytes, place AAD data(16bytes align)
|
|
first, then input data */
|
|
hsm_uint32_t u32AadByteCnt; /*!< the byte count contain the 2bytes in the head, it's the valid
|
|
data size, not after aligned, 128bit(16Bytes) align, if not, only
|
|
the aligned data treat as AAD, the left AAD bytes will be treated
|
|
as input data */
|
|
hsm_uint32_t u32InputByteCnt; /*!< 128bit(16Bytes) align, ONLY represent data */
|
|
|
|
hsm_uint32_t u32GenMacByteCnt; /*!< output mac size */
|
|
hsm_uint32_t *pDataOutput; /*!< address should align with 4bytes */
|
|
hsm_uint32_t u32OutputMemSize; /*!< the output data buffer "pDataOutput" size, should >=
|
|
"u32InputByteCnt" */
|
|
|
|
const hsm_uint32_t *pIvData; /*!< address should align with 4bytes, all data 32bytes, iv data,
|
|
consist of 16bytes B0 data, and 16bytes CTR, MUST configure */
|
|
hsm_uint32_t (*pMacOut)[4]; /*!< address should align with 4bytes, HSM generated MAC data */
|
|
hsm_uint32_t (
|
|
*pEmacOut)[4]; /*!< address should align with 4bytes, HSM generated encrypted MAC data */
|
|
} HSM_CcmEncryptType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID; /*!< 0 means don't use key from HSM internal key space, otherwise
|
|
would load key with KEYID from HSM */
|
|
HSM_CcmEncryptType tCfg; /*!< CCM encrypt parameters */
|
|
} HSMCom_CcmEncryptType;
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief CCM Decrypt information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_AesKeyType eUseKeyType; /*!< the key source:vendor key programmed in nvr flash or new key in
|
|
software */
|
|
HSM_AesNewKeyInfType tNewKeyInf; /*!< when eUseKeyType is HSM_AES_KEY_NEW, this MUST configure */
|
|
HSM_AesVendorKeyInfType tVendorKeyInf; /*!< when eUseKeyType is HSM_AES_KEY_CHIP_VENDOR_IFR,
|
|
this MUST configure */
|
|
|
|
hsm_uint32_t *pAllData; /*!< address should align with 4bytes, place AAD data(if exist, 16bytes
|
|
align) first, then input data, then MAC data(if exist) */
|
|
|
|
hsm_uint32_t u32AadByteCnt; /*!< 128bit(16Bytes) align, if not, only the aligned data treat as
|
|
AAD, the left AAD bytes will be treated as input data */
|
|
hsm_uint32_t u32InputByteCnt; /*!< 128bit(16Bytes) align */
|
|
HSM_BoolType bCheckMacEn; /*!< check the MAC data in input or not */
|
|
hsm_uint32_t u32MacByteCnt; /*!< 128bit(16Bytes) align */
|
|
|
|
hsm_uint32_t *pDataOutput; /*!< address should align with 4bytes, point to the buffer that store
|
|
the result */
|
|
hsm_uint32_t u32OutputMemSize; /*!< the output data buffer "pDataOutput" size, should >=
|
|
"u32InputByteCnt" */
|
|
|
|
const hsm_uint32_t *pIvData; /*!< address should align with 4bytes, all data 32bytes, iv data,
|
|
consist of 16bytes B0 data, and 16bytes CTR, MUST configure */
|
|
} HSM_CcmDecryptType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID; /*!< 0 means don't use key from HSM internal key space, otherwise
|
|
would load key with KEYID from HSM */
|
|
HSM_CcmDecryptType tCfg; /*!< CCM decrypt parameter */
|
|
} HSMCom_CcmDecryptType;
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief GCM Encrypt information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_AesKeyType eUseKeyType; /*!< the key source:vendor key programmed in nvr flash or new key in
|
|
software */
|
|
HSM_AesNewKeyInfType tNewKeyInf; /*!< when eUseKeyType is HSM_AES_KEY_NEW, this MUST configure */
|
|
HSM_AesVendorKeyInfType tVendorKeyInf; /*!< when eUseKeyType is HSM_AES_KEY_CHIP_VENDOR_IFR,
|
|
this MUST configure */
|
|
|
|
hsm_uint32_t *pAllData; /*!< address should align with 4bytes, place IV data first, then AAD
|
|
data(16bytes align), then input data */
|
|
hsm_uint32_t u32IvDataByteCnt; /*!< 64bit(8Bytes) align, if not, only the aligned data treat as
|
|
IV, the left IV bytes will be treated as AAD data */
|
|
hsm_uint32_t u32AadByteCnt; /*!< 64bit(8Bytes) align, if not, only the aligned data treat as
|
|
AAD, the left AAD bytes will be treated as input data */
|
|
hsm_uint32_t u32InputByteCnt; /*!< 128bit(16Bytes) align */
|
|
|
|
hsm_uint32_t u32GenMacByteCnt; /*!< set the MAC result byte count */
|
|
hsm_uint32_t *pDataOutput; /*!< address should align with 4bytes */
|
|
hsm_uint32_t u32OutputMemSize; /*!< the output data buffer "pDataOutput" size, should >=
|
|
"u32InputByteCnt" */
|
|
hsm_uint32_t (*pMacOut)[4]; /*!< address should align with 4bytes, buffer address, this buffer
|
|
store the result */
|
|
} HSM_GcmEncryptType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID; /*!< 0 means don't use key from HSM internal key space, otherwise
|
|
would load key with KEYID from HSM */
|
|
HSM_GcmEncryptType tCfg; /*!< GCM parameters */
|
|
} HSMCom_GcmEncryptType;
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief GCM Decrypt information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_AesKeyType eUseKeyType; /*!< the key source:vendor key programmed in nvr flash or new key in
|
|
software */
|
|
HSM_AesNewKeyInfType tNewKeyInf; /*!< when eUseKeyType is HSM_AES_KEY_NEW, this MUST configure */
|
|
HSM_AesVendorKeyInfType tVendorKeyInf; /*!< when eUseKeyType is HSM_AES_KEY_CHIP_VENDOR_IFR,
|
|
this MUST configure */
|
|
|
|
hsm_uint32_t *pAllData; /*!< address should align with 4bytes, place IV data first, then AAD data(if
|
|
exist, 16bytes align), then input data, then MAC data(if exist) */
|
|
hsm_uint32_t u32IvDataByteCnt; /*!< 64bit(8Bytes) align, if not, only the aligned data treat as
|
|
IV, the left IV bytes will be treated as AAD data */
|
|
hsm_uint32_t u32AadByteCnt; /*!< 64bit(8Bytes) align, if not, only the aligned data treat as
|
|
AAD, the left AAD bytes will be treated as input data */
|
|
hsm_uint32_t u32InputByteCnt; /*!< 128bit(16Bytes) align */
|
|
HSM_BoolType bCheckMacEn; /*!< check the MAC data in input or not */
|
|
hsm_uint32_t u32MacByteCnt; /*!< 128bit(16Bytes) align */
|
|
|
|
hsm_uint32_t *pDataOutput; /*!< address should align with 4bytes, point to the buffer that store
|
|
the result */
|
|
hsm_uint32_t u32OutputMemSize; /*!< the output data buffer "pDataOutput" size, should >=
|
|
"u32InputByteCnt" */
|
|
} HSM_GcmDecryptType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID; /*!< 0 means don't use key from HSM internal key space, otherwise
|
|
would load key with KEYID from HSM */
|
|
HSM_GcmDecryptType tCfg; /*!< GCM decrypt parameter */
|
|
} HSMCom_GcmDecryptType;
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief MD5 context information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef HSM_SmsCfgType HSM_Md5CtxType;
|
|
|
|
/**
|
|
* @brief MD5 information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_Md5CtxType tCfg; /*!< MD5 algorithm parameter set by user */
|
|
hsm_uint32_t (*pRet)[4]; /*!< address should align with 4bytes, point to the memory that driver
|
|
to store result */
|
|
} HSM_Md5Type;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
HSM_Md5Type tCfg;
|
|
} HSMCom_Md5Type;
|
|
|
|
/**
|
|
* @brief MD5 information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_Md5CtxType tCfg; /*!< MD5 algorithm parameter set by user */
|
|
hsm_uint32_t (*pRet)[4]; /*!< address should align with 4bytes, point to the memory that driver
|
|
to store result */
|
|
HSM_DataFormatType eInputFmt;
|
|
HSM_DataFormatType eOutputFmt;
|
|
} HSM_Md5ExType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
HSM_Md5ExType tCfg;
|
|
} HSMCom_Md5ExType;
|
|
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief SM3 context information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef HSM_SmsCfgType HSM_Sm3CtxType;
|
|
|
|
/**
|
|
* @brief SM3 information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_Sm3CtxType tCfg; /*!< sm3 algorithm parameter set by user */
|
|
hsm_uint32_t (*pRet)[8]; /*!< address should align with 4bytes, point to the memory that driver
|
|
to store result */
|
|
} HSM_Sm3Type;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
HSM_Sm3Type tCfg;
|
|
} HSMCom_Sm3Type;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_Sm3CtxType tCfg; /*!< sm3 algorithm parameter set by user */
|
|
hsm_uint32_t (*pRet)[8]; /*!< address should align with 4bytes, point to the memory that driver
|
|
to store result */
|
|
HSM_DataFormatType eInputFmt;
|
|
HSM_DataFormatType eOutputFmt;
|
|
} HSM_Sm3ExType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
HSM_Sm3ExType tCfg;
|
|
} HSMCom_Sm3ExType;
|
|
|
|
/* ------------------------------------------------------------------------------- */
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32MonotonicIndex; /*!< range 0-13 */
|
|
hsm_uint32_t u32CurrentValue; /*!< store the monotonic counter value */
|
|
} HSMCom_MonCountType;
|
|
/* ------------------------------------------------------------------------------- */
|
|
/**
|
|
* @brief RSA information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
const hsm_uint32_t *pInputData; /*!< address is 4bytes aligned, input data, if not 64bytes align,
|
|
the last uint64_t's high byte left to patch 0 to align */
|
|
hsm_uint32_t u32InputDataByteCount; /*!< the byte count of input data */
|
|
|
|
const hsm_uint32_t *pKey_E; /*!< address is 4bytes aligned, input key E data for "A = (input
|
|
data)^E mod N", if not 64bytes align, the last uint64_t's high
|
|
byte left to patch 0 to align */
|
|
hsm_uint32_t u32Key_E_ByteCount; /*!< the byte count of key E */
|
|
|
|
const hsm_uint32_t *pKey_N; /*!< address is 4bytes aligned, input key N data for "A = (input
|
|
data)^E mod N", if not 64bytes align, the last uint64_t's high
|
|
byte left to patch 0 to align */
|
|
hsm_uint32_t u32Key_N_ByteCount; /*!< hw will get the actual key data bit count according to the
|
|
non-zero bit count, it means key not generate by multiply 2 */
|
|
|
|
hsm_uint32_t *pResult; /*!< address is 4bytes aligned, output buffer, the buffer size should >=
|
|
"u32Key_N_ByteCount" */
|
|
hsm_uint32_t u32ResultBufByteCnt; /*!< the result buffer size */
|
|
} HSM_RsaType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID_KEY_E; /*!< means don't load key from HSM, otherwise would load key
|
|
with KEYID from HSM */
|
|
hsm_uint32_t u32UserKeyID_KEY_N; /*!< means don't load key from HSM, otherwise would load key
|
|
with KEYID from HSM */
|
|
hsm_uint32_t u32RsaBitCnt; /*!< the bit count of numbers used in RSA */
|
|
HSM_RsaType tCfg; /*!< RSA parameters */
|
|
} HSMCom_RsaType;
|
|
/* ------------------------------------------------------------------------------- */
|
|
#define HSM_BIGNUMBER_CALC_A_ADD_B 0xFC730002
|
|
#define HSM_BIGNUMBER_CALC_A_SUB_B 0xFC730003
|
|
#define HSM_BIGNUMBER_CALC_B_SUB_A 0xFC730004
|
|
#define HSM_BIGNUMBER_CALC_A_MUL_B 0xFC730005
|
|
#define HSM_BIGNUMBER_CALC_A_EXP_E 0xFC730006
|
|
#define HSM_BIGNUMBER_CALC_A_RED_N 0xFC730007
|
|
#define HSM_BIGNUMBER_CALC_A_INV 0xFC730008
|
|
|
|
/**
|
|
* @brief RSA information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
const hsm_uint8_t *pA; /*!< address is 4bytes aligned, input data, if not 64bytes align, the
|
|
last uint64_t's high byte left to patch 0 to align */
|
|
hsm_uint32_t u32AByteCount; /*!< the byte count of input data */
|
|
|
|
const hsm_uint8_t *pE; /*!< address is 4bytes aligned, input key E data for "A = (input data)^E
|
|
mod N", if not 64bytes align, the last uint64_t's high byte left to
|
|
patch 0 to align */
|
|
hsm_uint32_t u32EByteCount; /*!< the byte count of key E */
|
|
|
|
const hsm_uint8_t *pN; /*!< address is 4bytes aligned, input key N data for "A = (input data)^E
|
|
mod N", if not 64bytes align, the last uint64_t's high byte left to
|
|
patch 0 to align */
|
|
hsm_uint32_t u32NByteCount; /*!< hw will get the actual key data bit count according to the
|
|
non-zero bit count, it means key not generate by multiply 2 */
|
|
|
|
hsm_uint8_t *pResult; /*!< address is 4bytes aligned, output buffer, the buffer size should >=
|
|
"u32Key_N_ByteCount" */
|
|
hsm_uint32_t u32ResultBufByteCnt; /*!< the result buffer size */
|
|
|
|
hsm_uint32_t u32CalcType;
|
|
const hsm_uint8_t *pB;
|
|
hsm_uint32_t u32BByteCount;
|
|
} HSM_BigNumberCalcType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID_KEY_E; /*!< means don't load key from HSM, otherwise would load key
|
|
with KEYID from HSM */
|
|
hsm_uint32_t u32UserKeyID_KEY_N; /*!< means don't load key from HSM, otherwise would load key
|
|
with KEYID from HSM */
|
|
hsm_uint32_t u32BitCnt; /*!< the bit count of numbers used of N */
|
|
HSM_BigNumberCalcType tCfg; /*!< RSA parameters */
|
|
} HSMCom_BigNumberCalcType;
|
|
|
|
#define HSM_BN_VALID_FLAG_E 0x1u
|
|
#define HSM_BN_VALID_FLAG_B 0x2u
|
|
|
|
typedef struct
|
|
{
|
|
const hsm_uint8_t *pA; /*!< address is 4bytes aligned, input data, if not 64bytes align, the
|
|
last uint64_t's high byte left to patch 0 to align */
|
|
hsm_uint32_t u32AByteCount; /*!< the byte count of input data */
|
|
|
|
const hsm_uint8_t *pE; /*!< address is 4bytes aligned, input key E data for "A = (input data)^E
|
|
mod N", if not 64bytes align, the last uint64_t's high byte left to
|
|
patch 0 to align */
|
|
hsm_uint32_t u32EByteCount; /*!< the byte count of key E */
|
|
|
|
const hsm_uint8_t *pN; /*!< address is 4bytes aligned, input key N data for "A = (input data)^E
|
|
mod N", if not 64bytes align, the last uint64_t's high byte left to
|
|
patch 0 to align */
|
|
hsm_uint32_t u32NByteCount; /*!< hw will get the actual key data bit count according to the
|
|
non-zero bit count, it means key not generate by multiply 2 */
|
|
|
|
hsm_uint8_t *pResult; /*!< address is 4bytes aligned, output buffer, the buffer size should >=
|
|
"u32Key_N_ByteCount" */
|
|
hsm_uint32_t u32ResultBufByteCnt; /*!< the result buffer size */
|
|
|
|
hsm_uint32_t u32CalcType;
|
|
const hsm_uint8_t *pB;
|
|
hsm_uint32_t u32BByteCount;
|
|
|
|
hsm_uint32_t u32DataValidFlag;
|
|
HSM_DataFormatType eInputDataFmt;
|
|
HSM_DataFormatType eKeyEFmt;
|
|
HSM_DataFormatType eKeyNFmt;
|
|
HSM_DataFormatType eOutputFmt;
|
|
hsm_uint32_t *pResultByteCount;
|
|
} HSM_BigNumberCalcExtType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID_KEY_E; /*!< means don't load key from HSM, otherwise would load key
|
|
with KEYID from HSM */
|
|
hsm_uint32_t u32UserKeyID_KEY_N; /*!< means don't load key from HSM, otherwise would load key
|
|
with KEYID from HSM */
|
|
hsm_uint32_t u32BitCnt; /*!< the bit count of numbers used of N */
|
|
HSM_BigNumberCalcExtType tCfg; /*!< RSA parameters */
|
|
} HSMCom_BigNumberCalcExtType;
|
|
|
|
/* ------------------------------------------------------------------------------- */
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
} HSMCom_LoadFirmwareType;
|
|
|
|
/* ------------------------------------------------------------------------------- */
|
|
|
|
/* #define AUTH_CHECK_DATA_BYTE_CNT 32 */
|
|
|
|
typedef struct
|
|
{
|
|
hsm_uint32_t u32HSMStatusRet;
|
|
hsm_uint32_t u32Timeout;
|
|
const hsm_uint32_t *pkG_x; /*!< address should align with 4bytes */
|
|
const hsm_uint32_t *pkG_y; /*!< address should align with 4bytes */
|
|
const hsm_uint32_t *pR; /*!< address should align with 4bytes */
|
|
const hsm_uint32_t *pS; /*!< address should align with 4bytes */
|
|
/* For user code verify function */
|
|
const hsm_uint32_t *pData; /*!< address should align with 4bytes */
|
|
hsm_uint32_t u32DataLength;
|
|
} HSMCom_AuthCheckType;
|
|
|
|
/* ------------------------------------------------------------------------------- */
|
|
typedef struct
|
|
{
|
|
hsm_uint32_t key_type;
|
|
hsm_uint32_t key_sel;
|
|
void *key_addr; /* addr */
|
|
} HSM_AESM_CFG_KEY_CFG_T;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_AESM_CFG_KEY_CFG_T *key_cfg; /* addr */
|
|
hsm_uint32_t key_cfg_en;
|
|
hsm_uint32_t aes_mode;
|
|
hsm_uint32_t aes_as;
|
|
hsm_uint32_t enc_dec;
|
|
hsm_uint32_t eng_sel;
|
|
hsm_uint32_t mst_en;
|
|
hsm_uint32_t icv_en;
|
|
hsm_uint32_t data_len;
|
|
hsm_uint32_t icv_len;
|
|
hsm_uint32_t aad_len;
|
|
const void *in_addr; /* addr */
|
|
void *out_addr; /* addr */
|
|
const void *iv_addr; /* addr */
|
|
hsm_uint32_t dbg_wait;
|
|
hsm_uint32_t iv_len;
|
|
} HSM_AESM_ENTRY_CFG_T;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_AESM_ENTRY_CFG_T tCfg;
|
|
HSM_AESM_CFG_KEY_CFG_T tKeyCfg;
|
|
hsm_uint32_t (*pCtx1)[16]; /* context 1 has 64bytes */
|
|
} HSM_AesmRawApiType;
|
|
|
|
typedef struct
|
|
{
|
|
hsm_uint32_t u32HSMStatusRet;
|
|
hsm_uint32_t u32Timeout;
|
|
hsm_uint32_t u32UserKeyID; /* 0 means don't load key from HSM, otherwise would load key with
|
|
KEYID from HSM */
|
|
HSM_AesmRawApiType tCfg;
|
|
} HSMCom_AesmRawApiType;
|
|
|
|
/**
|
|
* @brief RSA SSA input data is the raw message for HSM_RsaSsaInputType
|
|
*
|
|
*/
|
|
#define HSM_RSA_SSA_INPUT_RAW_MESSAGE 0u
|
|
|
|
/**
|
|
* @brief RSA SSA input data is the hash value of raw message for HSM_RsaSsaInputType
|
|
*
|
|
*/
|
|
#define HSM_RSA_SSA_INPUT_HASH_DATA 1u
|
|
|
|
/**
|
|
* @brief type definition for rsa ssa input data type
|
|
* refer to HSM_RSA_SSA_INPUT_RAW_MESSAGE, HSM_RSA_SSA_INPUT_HASH_DATA
|
|
*/
|
|
typedef hsm_uint32_t HSM_RsaSsaInputType;
|
|
|
|
/**
|
|
* @brief MD5 algorithm value for type "HSM_HashAlgType"
|
|
*
|
|
*/
|
|
#define HSM_HASH_MD5 (0U)
|
|
|
|
/**
|
|
* @brief SHA160 algorithm value for type "HSM_HashAlgType"
|
|
*
|
|
*/
|
|
#define HSM_HASH_SHA_160 (1U)
|
|
|
|
/**
|
|
* @brief SHA224 algorithm value for type "HSM_HashAlgType"
|
|
*
|
|
*/
|
|
#define HSM_HASH_SHA_224 (2U)
|
|
|
|
/**
|
|
* @brief SHA256 algorithm value for type "HSM_HashAlgType"
|
|
*
|
|
*/
|
|
#define HSM_HASH_SHA_256 (3U)
|
|
|
|
/**
|
|
* @brief SHA384 algorithm value for type "HSM_HashAlgType"
|
|
*
|
|
*/
|
|
#define HSM_HASH_SHA_384 (4U)
|
|
|
|
/**
|
|
* @brief SHA512 algorithm value for type "HSM_HashAlgType"
|
|
*
|
|
*/
|
|
#define HSM_HASH_SHA_512 (5U)
|
|
|
|
/**
|
|
* @brief SHA512/224 algorithm value for type "HSM_HashAlgType"
|
|
*
|
|
*/
|
|
#define HSM_HASH_SHA_512_224 (6U)
|
|
|
|
/**
|
|
* @brief SHA512/256 algorithm value for type "HSM_HashAlgType"
|
|
*
|
|
*/
|
|
#define HSM_HASH_SHA_512_256 (7U)
|
|
|
|
/**
|
|
* @brief SM3 algorithm value for type "HSM_HashAlgType"
|
|
*
|
|
*/
|
|
#define HSM_HASH_SM3 (8U)
|
|
/**
|
|
* @brief type definition for SHA algorithm
|
|
* refer to
|
|
* HSM_SHA_160,HSM_SHA_224,HSM_SHA_256,HSM_SHA_384,HSM_SHA_512,HSM_SHA_512_224,HSM_SHA_512_256,HSM_HASH_MD5,HSM_HASH_SM3
|
|
*/
|
|
typedef hsm_uint32_t HSM_HashAlgType;
|
|
|
|
/**
|
|
* @brief RSA PSS signature verify information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
hsm_uint32_t u32EmBitCnt; /* RFC8017 require set it to (N's bit count - 1). the em data bit
|
|
count, it MUST < N's bit count, should keep same with the signature
|
|
generate configuration */
|
|
HSM_HashAlgType eMgfHashType; /*!< the hash type used by signature */
|
|
HSM_HashAlgType eHashType; /*!< the hash type used by signature */
|
|
hsm_uint32_t u32SaltByteCount; /*!< the byte count of salt data, it must > 0, suggest use hash
|
|
length, for example, if eHashType is HSM_SHA_256, set this to
|
|
256/8=32bytes */
|
|
|
|
HSM_DataFormatType eInputDataFmt; /*!< input data(raw message or hash data) organized format,
|
|
hsm_uint8_t array, or hsm_uint32_t array */
|
|
HSM_RsaSsaInputType eInputType; /*!< input data type, may raw input message, or the hash data of
|
|
raw message */
|
|
const hsm_uint8_t *pInputData; /*!< input data */
|
|
hsm_uint32_t u32InputDataByteCount; /*!< the byte count of input data, when the eInputType is
|
|
HSM_RSA_SSA_INPUT_RAW_MESSAGE */
|
|
|
|
HSM_DataFormatType eSignDataFmt; /*!< Signature/Public key/N input data organized format,
|
|
hsm_uint8_t array, or hsm_uint32_t array */
|
|
const hsm_uint8_t *pSignData; /*!< input signature data */
|
|
hsm_uint32_t u32SignDataByteCount; /*!< the byte count of signature data, it must > 0 */
|
|
|
|
HSM_DataFormatType ePublicKeyDataFmt;
|
|
const hsm_uint8_t *pPublicKey; /*!< public key, input key E data for "A = (input data)^E mod N" */
|
|
hsm_uint32_t u32PublicKeyByteCnt; /*!< the byte count of key E */
|
|
|
|
HSM_DataFormatType eKeyNDataFmt;
|
|
const hsm_uint8_t *pKeyN; /*!< input key N data for "A = (input data)^E mod N" */
|
|
hsm_uint32_t u32KeyNByteCount; /*!< key N data byte count */
|
|
} HSM_RsaSsaPssVerifyType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID_KEY_E; /*!< means don't load key from HSM, otherwise would load key
|
|
with KEYID from HSM */
|
|
hsm_uint32_t u32UserKeyID_KEY_N; /*!< means don't load key from HSM, otherwise would load key
|
|
with KEYID from HSM */
|
|
hsm_uint32_t u32RsaBitCnt; /*!< the bit count of numbers used in RSA */
|
|
HSM_RsaSsaPssVerifyType tCfg; /*!< RSA parameters */
|
|
} HSMCom_RsaSsaPssVerifyType;
|
|
|
|
/**
|
|
* @brief RSA PKCS1V1.5 signature verify information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_DataFormatType eInputFmt; /*!< input data organized format, hsm_uint8_t array, or
|
|
hsm_uint32_t array */
|
|
|
|
hsm_uint32_t u32EmByteCnt; /*!< set it 0 to use default value. RFC8017 require set it to N'byte
|
|
count, equal to u32KeyNByteCount. the em data byte count, itx8
|
|
MUST < N's bit count, should keep same with the signature generate
|
|
configuration */
|
|
|
|
HSM_HashAlgType eHashType; /*!< the hash type used by signature */
|
|
|
|
const hsm_uint8_t *pInputData; /*!< input data */
|
|
hsm_uint32_t u32InputDataByteCount; /*!< the byte count of input data */
|
|
|
|
const hsm_uint8_t *pSignData; /*!< input signature data */
|
|
hsm_uint32_t u32SignDataByteCount; /*!< the byte count of signature data, it must > 0 */
|
|
|
|
const hsm_uint8_t *pPublicKey; /*!< public key, input key E data for "A = (input data)^E mod N" */
|
|
hsm_uint32_t u32PublicKeyByteCnt; /*!< the byte count of key E */
|
|
|
|
HSM_BoolType bUseInputDer; /*!< set to HSM_TRUE when RFC8017 not support some hash algorithm,
|
|
for example SM3 Hash type, DER encoding of the DigestInfo value,
|
|
if use hsm internal data, just set it to HSM_FALSE */
|
|
const hsm_uint8_t *pDer; /*!< when bUseInputDer is HSM_TRUE, this field point to the DER
|
|
encoding of the DigestInfo value, others, ignore */
|
|
hsm_uint32_t u32DerByteCount; /*!< when bUseInputDer is HSM_TRUE, this field represent the byte
|
|
count of DER data, if bUseInputDer is HSM_FALSE, ignore this field */
|
|
|
|
const hsm_uint8_t *pKeyN; /*!< input key N data for "A = (input data)^E mod N" */
|
|
hsm_uint32_t u32KeyNByteCount; /*!< key N's data byte count */
|
|
|
|
HSM_RsaSsaInputType eInputType;
|
|
HSM_DataFormatType eSignDataFmt;
|
|
HSM_DataFormatType ePublicKeyFmt;
|
|
HSM_DataFormatType eKeyNFmt;
|
|
} HSM_RsaSsaPkcs1V15VerifyType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
hsm_uint32_t u32UserKeyID_KEY_E; /*!< means don't load key from HSM, otherwise would load key
|
|
with KEYID from HSM */
|
|
hsm_uint32_t u32UserKeyID_KEY_N; /*!< means don't load key from HSM, otherwise would load key
|
|
with KEYID from HSM */
|
|
hsm_uint32_t u32RsaBitCnt; /*!< the bit count of numbers used in RSA */
|
|
HSM_RsaSsaPkcs1V15VerifyType tCfg; /*!< RSA parameters */
|
|
} HSMCom_RsaSsaPkcs1V15VerifyType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_BoolType bUsePseudoRand;
|
|
|
|
HSM_HashAlgType eMgfHashType; /*!< the hash type used by MGF1 */
|
|
HSM_DataFormatType eInputFmt; /*!< input data organized format, uint8_t array, or uint32_t array */
|
|
HSM_DataFormatType eOutputFmt; /*!< output data organized format, uint8_t array, or uint32_t array */
|
|
|
|
hsm_uint32_t u32EmBitCnt; /* RFC8017 require set it to (N's bit count - 1).the em data bit
|
|
count, it MUST < N's bit count */
|
|
|
|
HSM_HashAlgType eHashType; /*!< the hash type used by signature */
|
|
HSM_RsaSsaInputType eInputType; /*!< input data type, may raw input message, or the hash data of
|
|
raw message */
|
|
const hsm_uint8_t *pInputData; /*!< input data */
|
|
hsm_uint32_t u32InputDataByteCount; /*!< the byte count of input data */
|
|
|
|
const hsm_uint8_t *pPrivateKey; /*!< private key, input key E data for "A = (input data)^E mod N" */
|
|
hsm_uint32_t u32PrivateKeyByteCnt; /*!< the byte count of key E */
|
|
|
|
HSM_BoolType bUseInputSaltData; /*!< use input salt data or not, , suggest set to HSM_FALSE to
|
|
use internal random data */
|
|
const hsm_uint8_t *pSalt; /*!< input salt data, , suggest set to NULL. if use hsm internal
|
|
random data, just set it to NULL */
|
|
hsm_uint32_t u32SaltByteCount; /*!< the byte count of salt data, it must > 0, suggest use hash
|
|
length, for example, if eHashType is HSM_SHA_256, set this to
|
|
256/8=32bytes */
|
|
|
|
const hsm_uint8_t *pKeyN; /*!< input key N data for "A = (input data)^E mod N" */
|
|
hsm_uint32_t u32KeyNByteCount; /*!< key N's data byte count */
|
|
|
|
hsm_uint8_t *pResult; /*!< output buffer, the buffer size should >= "u32KeyNByteCount" */
|
|
hsm_uint32_t u32ResultBufByteCnt; /*!< the result buffer size */
|
|
hsm_uint32_t *pResultByteCnt; /*!< the result data byte count */
|
|
} HSM_RsaSsaPssSignType;
|
|
|
|
typedef struct
|
|
{
|
|
hsm_uint32_t u32HSMStatusRet;
|
|
hsm_uint32_t u32Timeout;
|
|
hsm_uint32_t u32UserKeyID_KEY_E; /* 0 means don't load key from HSM, otherwise would load key
|
|
with KEYID from HSM */
|
|
hsm_uint32_t u32UserKeyID_KEY_N; /* 0 means don't load key from HSM, otherwise would load key
|
|
with KEYID from HSM */
|
|
hsm_uint32_t u32RsaBitCnt;
|
|
HSM_RsaSsaPssSignType tCfg;
|
|
} HSMCom_RsaSsaPssSignType;
|
|
|
|
/**
|
|
* @brief RSA PKCS1 V1.5 signature information used by driver when call specific API
|
|
*
|
|
*/
|
|
typedef struct
|
|
{
|
|
HSM_DataFormatType eInputFmt; /*!< input data organized format, uint8_t array, or uint32_t array */
|
|
HSM_DataFormatType eOutputFmt; /*!< output data organized format, uint8_t array, or uint32_t array */
|
|
|
|
hsm_uint32_t u32EmByteCnt; /* RFC8017 require set it to N'byte count, equal to u32KeyNByteCount.
|
|
the em data byte count, itx8 MUST < N's bit count, should keep
|
|
same with the signature generate configuration */
|
|
|
|
HSM_HashAlgType eHashType; /*!< the hash type used by signature */
|
|
|
|
const hsm_uint8_t *pInputData; /*!< input data */
|
|
hsm_uint32_t u32InputDataByteCount; /*!< the byte count of input data */
|
|
|
|
const hsm_uint8_t *pPrivateKey; /*!< private key, input key E data for "A = (input data)^E mod N" */
|
|
hsm_uint32_t u32PrivateKeyByteCnt; /*!< the byte count of key E */
|
|
|
|
HSM_BoolType bUseInputDer; /*!< set to HSM_TRUE when RFC8017 not support some hash algorithm,
|
|
for example SM3 Hash type, DER encoding of the DigestInfo value,
|
|
if use hsm internal data, just set it to HSM_FALSE */
|
|
const hsm_uint8_t *pDer; /*!< when bUseInputDer is HSM_TRUE, this field point to the DER
|
|
encoding of the DigestInfo value, others, ignore */
|
|
hsm_uint32_t u32DerByteCount; /*!< when bUseInputDer is HSM_TRUE, this field represent the byte
|
|
count of DER data, if bUseInputDer is HSM_FALSE, ignore this field */
|
|
|
|
const hsm_uint8_t *pKeyN; /*!< input key N data for "A = (input data)^E mod N" */
|
|
hsm_uint32_t u32KeyNByteCount; /*!< key N's data byte count */
|
|
|
|
hsm_uint8_t *pResult; /*!< output buffer, the buffer size should >= "u32KeyNByteCount" */
|
|
hsm_uint32_t u32ResultBufByteCnt; /*!< the result buffer size */
|
|
hsm_uint32_t *pResultByteCnt; /*!< the result data byte count */
|
|
|
|
HSM_RsaSsaInputType eInputType; /*!< input data type, may raw input message, or the hash data of
|
|
raw message */
|
|
} HSM_RsaSsaPkcs1V15SignType;
|
|
|
|
typedef struct
|
|
{
|
|
hsm_uint32_t u32HSMStatusRet;
|
|
hsm_uint32_t u32Timeout;
|
|
hsm_uint32_t u32UserKeyID_KEY_E; /* 0 means don't load key from HSM, otherwise would load key
|
|
with KEYID from HSM */
|
|
hsm_uint32_t u32UserKeyID_KEY_N; /* 0 means don't load key from HSM, otherwise would load key
|
|
with KEYID from HSM */
|
|
hsm_uint32_t u32RsaBitCnt;
|
|
HSM_RsaSsaPkcs1V15SignType tCfg;
|
|
} HSMCom_RsaSsaPkcs1v15SignType;
|
|
|
|
#if ((FC7XXX_HSM_SUBSYSTEM_TYPE == FC7240_HSM_SUBSYSTEM) || \
|
|
(FC7XXX_HSM_SUBSYSTEM_TYPE == FC7300_HSM_SUBSYSTEM))
|
|
#else
|
|
|
|
#define KEYMANAGER_STATUS_OK (0u)
|
|
#define KEYMANAGER_STATUS_AGAIN (1u)
|
|
#define KEYMANAGER_STATUS_DONE (2u)
|
|
#define KEYMANAGER_STATUS_EXIT (3u)
|
|
#define KEYMANAGER_STATUS_IDLE (4u)
|
|
#define KEYMANAGER_STATUS_PENDING (5u)
|
|
#define KEYMANAGER_STATUS_SUCCESS (6u)
|
|
#define KEYMANAGER_STATUS_ERROR (7u)
|
|
#define KEYMANAGER_STATUS_ID_ERROR (8u)
|
|
#define KEYMANAGER_STATUS_CONSIST_ERROR (9u)
|
|
#define KEYMANAGER_STATUS_SEQUENCE_ERROR (10u)
|
|
#define KEYMANAGER_STATUS_FLASH_ERROR (11u)
|
|
#define KEYMANAGER_STATUS_PARAM_ERROR (12u)
|
|
#define KEYMANAGER_STATUS_SPACE_ERROR (13u)
|
|
#define KEYMANAGER_STATUS_REVOKE_ERROR (14u)
|
|
#define KEYMANAGER_STATUS_ECC_ERROR (15u)
|
|
#define KEYMANAGER_STATUS_INTEGRITY_ERROR (16u)
|
|
#define KEYMANAGER_STATUS_AUTHORITY_ERROR (17u)
|
|
#define KEYMANAGER_STATUS_BUSY (18u)
|
|
|
|
#endif
|
|
|
|
typedef struct
|
|
{
|
|
uint32_t u32HSMStatusRet;
|
|
uint32_t u32Timeout;
|
|
HSM_HashAlgType eAlg;
|
|
HSM_ShaResultBufType *pResult;
|
|
} HSMCom_GetRomHashType;
|
|
|
|
typedef struct
|
|
{
|
|
HSM_MailboxApiRetType u32HSMStatusRet; /*!< HSM core write return status value in this */
|
|
hsm_uint32_t u32Timeout; /*!< current command timeout Millisecond count, max 916000ms, if set to
|
|
0, means 1000ms */
|
|
} HSMCom_LifeCycleTakeEffectType;
|
|
|
|
/**@}*/
|
|
|
|
/**
|
|
* @name API declaration for HSM
|
|
*
|
|
*/
|
|
/**@{*/
|
|
|
|
/**
|
|
* @brief Get the true random data from TRNG 0
|
|
* @note suggest use HSM_TrueRandGetSrcShiftXor to get true random fast
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_TrueRandGetSrc0(HSM_CmdType *pCmd, const HSMCom_TrueRandType *pCfg);
|
|
|
|
/**
|
|
* @brief Get the true random data from TRNG 1
|
|
* @note suggest use HSM_TrueRandGetSrcShiftXor to get true random fast
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_TrueRandGetSrc1(HSM_CmdType *pCmd, const HSMCom_TrueRandType *pCfg);
|
|
|
|
/**
|
|
* @brief Get the true random data from (TRNG 0 xor TRNG 1)
|
|
* @note suggest use HSM_TrueRandGetSrcShiftXor to get true random fast
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_TrueRandGetSrcXor(HSM_CmdType *pCmd, const HSMCom_TrueRandType *pCfg);
|
|
|
|
/**
|
|
* @brief Get the random data from ((TRNG 0 << 1) xor TRNG 1)
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_TrueRandGetSrcShiftXor(HSM_CmdType *pCmd, const HSMCom_TrueRandType *pCfg);
|
|
|
|
/**
|
|
* @brief Get the random data from TRNG 0 or TRNG 1
|
|
* @note suggest use HSM_TrueRandGetSrcShiftXor to get true random fast
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_TrueRandGet(HSM_CmdType *pCmd, const HSMCom_TrueRandExType *pCfg);
|
|
|
|
/**
|
|
* @brief Get the random data from any TRNG
|
|
* @note suggest use HSM_TrueRandGetSrcShiftXor to get true random fast
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_TrueRandGetAny(HSM_CmdType *pCmd, const HSMCom_TrueRandType *pCfg);
|
|
|
|
/**
|
|
* @brief Get the fast trng result
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_FastTrueRandGet(HSM_CmdType *pCmd, const HSMCom_FastTrueRandType *pCfg);
|
|
|
|
/**
|
|
* @brief SHA
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_Sha(HSM_CmdType *pCmd, const HSMCom_ShaType *pCfg);
|
|
|
|
/**
|
|
* @brief SHA Extend
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_FW_ShaEx(HSM_CmdType *pCmd, const HSMCom_ShaExType *pCfg, HSM_BoolType bKeyUseId);
|
|
|
|
/**
|
|
* @brief ECC Verify
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_EccVerify(HSM_CmdType *pCmd, const HSMCom_EccVerifyType *pCfg);
|
|
|
|
/**
|
|
* @brief ECC calculate Externd
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_EccCalculateEx(HSM_CmdType *pCmd, const HSMCom_EccCalcType *pCfg);
|
|
|
|
/**
|
|
* @brief SM2 decrypt
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_Sm2Decry(HSM_CmdType *pCmd, const HSMCom_Sm2DecryptType *pCfg);
|
|
|
|
/**
|
|
* @brief SM2 verify
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_Sm2Verify(HSM_CmdType *pCmd, const HSMCom_Sm2VerifyType *pCfg);
|
|
|
|
/**
|
|
* @brief SM2 ZA
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_Sm2GenZa(HSM_CmdType *pCmd, const HSMCom_Sm2GenZaType *pCfg);
|
|
|
|
/**
|
|
* @brief SM2 Hash generate
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_Sm2GenHash(HSM_CmdType *pCmd, const HSMCom_Sm2GenHashType *pCfg);
|
|
|
|
/**
|
|
* @brief SM4 Encrypt start
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_Sm4EncryptStart(HSM_CmdType *pCmd,
|
|
HSMWrap_Sm4EncryptType *pCtx,
|
|
HSMCom_Sm4EncryptType *pDecrypt);
|
|
|
|
/**
|
|
* @brief SM4 Encrypt update
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_Sm4EncryptUpdate(HSM_CmdType *pCmd, HSMWrap_Sm4EncryptType *pCtx);
|
|
|
|
/**
|
|
* @brief SM4 Encrypt extend start
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_Sm4EncryptExStart(HSM_CmdType *pCmd,
|
|
HSMWrap_Sm4EncryptExType *pCtx,
|
|
HSMCom_Sm4EncryptExType *pCfg);
|
|
|
|
/**
|
|
* @brief SM4 Encrypt extend update
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_Sm4EncryptExUpdate(HSM_CmdType *pCmd, HSMWrap_Sm4EncryptExType *pCtx);
|
|
|
|
/**
|
|
* @brief SM4 Decrypt
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_Sm4Decrypt(HSM_CmdType *pCmd, const HSMCom_Sm4DecryptType *pCfg);
|
|
|
|
/**
|
|
* @brief SM4 Decrypt extend
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_Sm4DecryptEx(HSM_CmdType *pCmd, const HSMCom_Sm4DecryptExType *pCfg);
|
|
|
|
/**
|
|
* @brief ECC decrypt
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_EccEasyDecry(HSM_CmdType *pCmd, const HSMCom_EccEasyDecryType *pCfg);
|
|
|
|
/**
|
|
* @brief require challenge data for auth
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_RequestAuthorization(HSM_CmdType *pCmd, const HSMCom_RequestAuthType *pCfg);
|
|
|
|
/**
|
|
* @brief Life cycle change take effect
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_LifeCycleTakeEffect(HSM_CmdType *pCmd, HSMCom_LifeCycleTakeEffectType *pCfg);
|
|
|
|
/**
|
|
* @brief Life cycle change to OEM DEV(need call HSM_LifeCycleTakeEffect to take effect)
|
|
* @note You can read/write/erase the USRK,UMRK,DebugAuth,IspAuth,PreFaAuth key data in the data
|
|
* flash in this life cycle
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_OemDevEnter(HSM_CmdType *pCmd, const HSMCom_AuthCheckType *pCfg);
|
|
|
|
/**
|
|
* @brief Life cycle change to OEM PDT(need call HSM_LifeCycleTakeEffect take effect)
|
|
* @note You can only write the USRK,UMRK,DebugAuth,IspAuth,PreFaAuth key data in the data flash in
|
|
* this life cycle
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_OemPdtEnter(HSM_CmdType *pCmd, const HSMCom_AuthCheckType *pCfg);
|
|
|
|
/**
|
|
* @brief Life cycle change to In Field(need call HSM_LifeCycleTakeEffect take effect)
|
|
* @note You can't access the key data in this life cycle, before you enter this, you MUST program
|
|
* you key data. Or you will need to send the chip to us if you program has bugs.
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_InFieldEnter(HSM_CmdType *pCmd, const HSMCom_AuthCheckType *pCfg);
|
|
|
|
/**
|
|
* @brief cancel the current job of the channel
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_CancelJob(HSM_CmdType *pCmd, const HSMCom_CancelJobType *pCfg);
|
|
|
|
/**
|
|
* @brief hsm self test
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_SelfTest(HSM_CmdType *pCmd, volatile HSMCom_SelfTestType *pCfg);
|
|
|
|
/**
|
|
* @brief NVR OTP program
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_NvrOtpProgram(HSM_CmdType *pCmd, const HSMCom_NvrOtpType *pCfg);
|
|
|
|
/**
|
|
* @brief NVR OTP data read
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
|
|
HSM_StatusType HSM_NvrOtpRead(HSM_CmdType *pCmd, const HSMCom_NvrOtpType *pCfg);
|
|
|
|
/**
|
|
* @brief user key import
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_UserKeyImport(HSM_CmdType *pCmd, const HSMCom_UserKeyManageType *pCfg);
|
|
|
|
/**
|
|
* @brief user key export
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_UserKeyExport(HSM_CmdType *pCmd, const HSMCom_UserKeyManageType *pCfg);
|
|
|
|
/**
|
|
* @brief get the user key space status in HSM internal
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR, parameter error.
|
|
*/
|
|
HSM_StatusType HSM_GetKeySpaceStat(HSM_CmdType *pCmd, const HSMCom_KeySpaceStatusType *pCfg);
|
|
|
|
/**
|
|
* @brief tidy the user key space in HSM internal, if revoked key exist, it will make the space re-useable
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR, parameter error.
|
|
*/
|
|
HSM_StatusType HSM_TidyUpKeySpace(HSM_CmdType *pCmd, const HSMCom_KeySpaceStatusType *pCfg);
|
|
|
|
/**
|
|
* @brief Revoke user key
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR, parameter error.
|
|
*/
|
|
HSM_StatusType HSM_UserKeyRevoke(HSM_CmdType *pCmd, const HSMCom_UserKeyManageType *pCfg);
|
|
|
|
/**
|
|
* @brief AES encrypt API
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_AesEncrypt(HSM_CmdType *pCmd, const HSMCom_AesEncryptType *pCfg);
|
|
/**
|
|
* @brief AES encrypt extend API
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_AesEncryptEx(HSM_CmdType *pCmd, const HSMCom_FlexAesEncryptType *pCfg);
|
|
|
|
/**
|
|
* @brief AES decrypt
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_AesDecrypt(HSM_CmdType *pCmd, const HSMCom_AesDecryptType *pCfg);
|
|
|
|
/**
|
|
* @brief AES decrypt extend
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_AesDecryptEx(HSM_CmdType *pCmd, const HSMCom_FlexAesDecryptType *pCfg);
|
|
|
|
/**
|
|
* @brief CMAC
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_BUSY when driver is busy.
|
|
* Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_CMac(HSM_CmdType *pCmd, const HSMCom_CMacType *pCfg);
|
|
|
|
/**
|
|
* @brief CMAC extend
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_BUSY when driver is busy.
|
|
* Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_CMacEx(HSM_CmdType *pCmd, const HSMCom_CMacExType *pCfg);
|
|
|
|
/**
|
|
* @brief XMAC
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_BUSY when driver is busy.
|
|
* Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_XMac(HSM_CmdType *pCmd, const HSMCom_XMacType *pCfg);
|
|
|
|
/**
|
|
* @brief CCM encrypt
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_BUSY when driver is busy.
|
|
* Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_CcmEncry(HSM_CmdType *pCmd, const HSMCom_CcmEncryptType *pCfg);
|
|
|
|
/**
|
|
* @brief CCM decrypt
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_BUSY when driver is busy.
|
|
* Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_CcmDecry(HSM_CmdType *pCmd, const HSMCom_CcmDecryptType *pCfg);
|
|
|
|
/**
|
|
* @brief GCM encrypt
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_BUSY when driver is busy.
|
|
* Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_GcmEncry(HSM_CmdType *pCmd, const HSMCom_GcmEncryptType *pCfg);
|
|
|
|
/**
|
|
* @brief GCM decrypt
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_BUSY when driver is busy.
|
|
* Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_GcmDecry(HSM_CmdType *pCmd, const HSMCom_GcmDecryptType *pCfg);
|
|
|
|
/**
|
|
* @brief MD5
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_Md5(HSM_CmdType *pCmd, const HSMCom_Md5Type *pCfg);
|
|
|
|
/**
|
|
* @brief MD5 extend
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_FW_Md5Ex(HSM_CmdType *pCmd, const HSMCom_Md5ExType *pCfg, HSM_BoolType bKeyUseId);
|
|
|
|
/**
|
|
* @brief SM3
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_Sm3(HSM_CmdType *pCmd, const HSMCom_Sm3Type *pCfg);
|
|
|
|
/**
|
|
* @brief SM3 extend
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_FW_Sm3Ex(HSM_CmdType *pCmd, const HSMCom_Sm3ExType *pCfg, HSM_BoolType bKeyUseId);
|
|
|
|
/**
|
|
* @brief monotonic counter increase 1
|
|
* @note this counter keep value until chip power off
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_MonotonicCounterIncrease(HSM_CmdType *pCmd, const HSMCom_MonCountType *pCfg);
|
|
|
|
/**
|
|
* @brief read monotonic counter value
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_MonotonicCounterRead(HSM_CmdType *pCmd, const HSMCom_MonCountType *pCfg);
|
|
|
|
/**
|
|
* @brief RSA
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_Rsa(HSM_CmdType *pCmd, const HSMCom_RsaType *pCfg);
|
|
|
|
/**
|
|
* @brief Big number calculate extend
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_BigNumberCalculateEx(HSM_CmdType *pCmd, const HSMCom_BigNumberCalcType *pCfg);
|
|
|
|
/**
|
|
* @brief trigger firware take effect when the firmware is in delay load mode
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_LoadFirmware(HSM_CmdType *pCmd, HSMCom_LoadFirmwareType *pCfg);
|
|
|
|
/**
|
|
* @brief Scatter hash init
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_FW_ScatterHashInit(HSM_CmdType *pCmd,
|
|
const HSMCom_ScatterHashType *pCfg,
|
|
HSM_BoolType bKeyUseId,
|
|
HSM_DataFormatType eInputFmt);
|
|
|
|
/**
|
|
* @brief Scatter hash update
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_FW_ScatterHashUpdate(HSM_CmdType *pCmd,
|
|
const HSMCom_ScatterHashType *pCfg,
|
|
HSM_BoolType bKeyUseId,
|
|
HSM_DataFormatType eInputFmt);
|
|
|
|
/**
|
|
* @brief Scatter hash final
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_FW_ScatterHashFinal(HSM_CmdType *pCmd,
|
|
const HSMCom_ScatterHashType *pCfg,
|
|
HSM_BoolType bKeyUseId,
|
|
HSM_DataFormatType eInputFmt);
|
|
|
|
/**
|
|
* @brief ECC encrypt
|
|
* @note this function is implemented in firmware
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_FW_EccEncrypt(HSM_CmdType *pCmd, const HSMCom_EccEasyEncryType *pCfg);
|
|
|
|
/**
|
|
* @brief Generate SM2/ECC key pair(private key and public key)
|
|
* @note this function is implemented in firmware
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg user key pair generate parameters for trigger the process
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR, parameter error.
|
|
*/
|
|
HSM_StatusType HSM_FW_UserKeyGenPair(HSM_CmdType *pCmd, const HSMCom_UserKeyManageType *pCfg);
|
|
|
|
/**
|
|
* @brief ECC Sign
|
|
* @note this function is implemented in firmware
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_FW_EccSign(HSM_CmdType *pCmd, const HSMCom_EccSignType *pCfg);
|
|
|
|
/**
|
|
* @brief SM2 key pair generate
|
|
* @note this function is implemented in firmware
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_FW_Sm2GenKeyPair(HSM_CmdType *pCmd, const HSMCom_Sm2GenKeyPairType *pCfg);
|
|
|
|
/**
|
|
* @brief SM2 encrypt
|
|
* @note this function is implemented in firmware
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_FW_Sm2Encry(HSM_CmdType *pCmd, const HSMCom_Sm2EncryptType *pCfg);
|
|
|
|
/**
|
|
* @brief ECC encrypt
|
|
* @note this function is implemented in firmware
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_FW_EccEncrypt(HSM_CmdType *pCmd, const HSMCom_EccEasyEncryType *pCfg);
|
|
|
|
/**
|
|
* @brief SM2 sign
|
|
* @note this function is implemented in firmware
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_FW_Sm2Sign(HSM_CmdType *pCmd, const HSMCom_Sm2SignType *pCfg);
|
|
|
|
/**
|
|
* @brief user key revoke(delete ram key or abondon key in flash)
|
|
* @note this function is implemented in firmware
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM
|
|
* core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_StatusType HSM_STATUS_SUCCESS when succeed. HSM_STATUS_PARAM_ERR,
|
|
* parameter error.
|
|
*/
|
|
HSM_StatusType HSM_FW_UserKeyRevoke(HSM_CmdType *pCmd, const HSMCom_UserKeyManageType *pCfg);
|
|
|
|
/**
|
|
* @brief Scatter cmac init
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_FW_ScatterCMacInit(HSM_CmdType *pCmd,
|
|
const HSMCom_AesmRawApiType *pCfg,
|
|
HSM_DataFormatType eInputFmt,
|
|
HSM_DataFormatType eKeyFmt);
|
|
|
|
/**
|
|
* @brief Scatter cmac update
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_FW_ScatterCMacUpdate(HSM_CmdType *pCmd,
|
|
const HSMCom_AesmRawApiType *pCfg,
|
|
HSM_DataFormatType eInputFmt,
|
|
HSM_DataFormatType eKeyFmt);
|
|
|
|
/**
|
|
* @brief Scatter cmac final
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_FW_ScatterCMacFinal(HSM_CmdType *pCmd,
|
|
const HSMCom_AesmRawApiType *pCfg,
|
|
HSM_DataFormatType eInputFmt,
|
|
HSM_DataFormatType eKeyFmt);
|
|
|
|
/**
|
|
* @brief RsaSsa-pss verify
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_FW_RsaSsaPssVerify(HSM_CmdType *pCmd, const HSMCom_RsaSsaPssVerifyType *pCfg);
|
|
|
|
/**
|
|
* @brief RsaSsa-pkcs1-v1_5 verify
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_FW_RsaSsaPkcs1v15Verify(HSM_CmdType *pCmd,
|
|
const HSMCom_RsaSsaPkcs1V15VerifyType *pCfg);
|
|
|
|
/**
|
|
* @brief Userkey Import
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_FW_UserKeyImportNew(HSM_CmdType *pCmd, const HSMCom_UserKeyManageType *pCfg);
|
|
|
|
/**
|
|
* @brief Check key ID
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_FW_CheckKeyIdExt(HSM_CmdType *pCmd, const HSMCom_UserKeyManageType *pCfg);
|
|
|
|
/**
|
|
* @brief Copy key
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_FW_CopyKeyExt(HSM_CmdType *pCmd, const HSMCom_UserKeyManageType *pCfg);
|
|
|
|
/**
|
|
* @brief Big Number calculate
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_FW_BigNumberCalculateEx(HSM_CmdType *pCmd,
|
|
const HSMCom_BigNumberCalcExtType *pCfg);
|
|
|
|
/**
|
|
* @brief RsaSsa-pss verify
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_FW_RsaSsaPssSign(HSM_CmdType *pCmd, const HSMCom_RsaSsaPssSignType *pCfg);
|
|
|
|
/**
|
|
* @brief RsaSsa-pss-Pkcs-1v15 verify
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_FW_RsaSsaPkcs1v15Sign(HSM_CmdType *pCmd,
|
|
const HSMCom_RsaSsaPkcs1v15SignType *pCfg);
|
|
|
|
#if ((FC7XXX_HSM_SUBSYSTEM_TYPE == FC7240_HSM_SUBSYSTEM) || \
|
|
(FC7XXX_HSM_SUBSYSTEM_TYPE == FC7300_HSM_SUBSYSTEM))
|
|
/**
|
|
* @brief Get key Id status
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_FW_GetKeyIdStatus(HSM_CmdType *pCmd, const HSMCom_UserKeyManageType *pCfg);
|
|
#endif
|
|
|
|
#if ((FC7XXX_HSM_SUBSYSTEM_TYPE == FC7240_HSM_SUBSYSTEM) || \
|
|
(FC7XXX_HSM_SUBSYSTEM_TYPE == FC7300_HSM_SUBSYSTEM))
|
|
#else
|
|
/**
|
|
* @brief Update key content of special key id
|
|
*
|
|
* @param pCmd point to the struct variable used to configure the mailbox information send to HSM core
|
|
* @param pCfg the struct variable address to store the result
|
|
* @return HSM_StatusType HSM_STATUS_SUCCESS when succeed. Others, some error occur.
|
|
*/
|
|
HSM_StatusType HSM_UpdateKeyContentOfSpecificKeyId(HSM_CmdType *pCmd,
|
|
const HSMCom_UserKeyManageType *pCfg);
|
|
#endif
|
|
|
|
/**@}*/
|
|
#if defined(__cplusplus)
|
|
}
|
|
#endif
|
|
/** @}*/ /* module_driver_hsm */
|
|
|
|
#endif /* end of CRYPTO_LEVEL0API_H */
|