security_pal.c
Go to the documentation of this file.
1 /*
2  * Copyright 2017 NXP
3  * All rights reserved.
4  *
5  * THIS SOFTWARE IS PROVIDED BY NXP "AS IS" AND ANY EXPRESSED OR
6  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
7  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
8  * IN NO EVENT SHALL NXP OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
9  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
10  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
11  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
12  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
13  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
14  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
15  * THE POSSIBILITY OF SUCH DAMAGE.
16  */
17 
50 #include "security_pal.h"
51 #include "device_registers.h"
52 
53 /* Include driver files */
54 #if (defined (SECURITY_OVER_CSEC))
55  #include "csec_driver.h"
56 #elif (defined (SECURITY_OVER_HSM))
57  #include "hsm_driver.h"
58 #endif
59 
60 #if (defined (SECURITY_OVER_CSEC))
61  #define NO_OF_INSTS_FOR_SECURITY_PAL NO_OF_CSEC_INSTS_FOR_SECURITY
62  static bool g_bCsecStateIsAllocated[NO_OF_INSTS_FOR_SECURITY_PAL];
63  static security_instance_t g_tCsecInstance[NO_OF_INSTS_FOR_SECURITY_PAL];
64 #elif (defined (SECURITY_OVER_HSM))
65  #define NO_OF_INSTS_FOR_SECURITY_PAL NO_OF_HSM_INSTS_FOR_SECURITY
66  static bool g_bHsmStateIsAllocated[NO_OF_INSTS_FOR_SECURITY_PAL];
67  static security_instance_t g_tHsmInstance[NO_OF_INSTS_FOR_SECURITY_PAL];
68 #endif
69 
70 /*FUNCTION**********************************************************************
71  *
72  * Function Name : SecurityAllocateInstance
73  * Description : Allocate state.
74  *
75  *END**************************************************************************/
76 static status_t SecurityAllocateInstance(bool * isAllocated,
77  security_instance_t * instList,
78  security_instance_t instId,
79  uint32_t numberOfInst)
80 {
81  uint32_t counter = 0U;
82 
83  for (counter = 0U; counter < numberOfInst; counter++)
84  {
85  if (false == isAllocated[counter])
86  {
87  isAllocated[counter] = true;
88  instList[counter] = instId;
89  return STATUS_SUCCESS;
90  }
91  }
92 
93  return STATUS_ERROR;
94 }
95 
96 /*FUNCTION**********************************************************************
97  *
98  * Function Name : SecurityFreeInstance
99  * Description : Free state.
100  *
101  *END**************************************************************************/
102 static status_t SecurityFreeInstance(bool * isAllocated,
103  const security_instance_t * instList,
104  security_instance_t instId,
105  uint32_t numberOfInst)
106 {
107  uint32_t counter = 0U;
108 
109  for (counter = 0U; counter < numberOfInst; counter++)
110  {
111  if (instId == instList[counter])
112  {
113  isAllocated[counter] = false;
114  return STATUS_SUCCESS;
115  }
116  }
117 
118  return STATUS_ERROR;
119 }
120 
121 /*FUNCTION**********************************************************************
122  *
123  * Function Name : SecurityGetInstance
124  * Description : Get state.
125  *
126  *END**************************************************************************/
127 static status_t SecurityGetInstance(const bool * isAllocated,
128  const security_instance_t * instList,
129  security_instance_t instId,
130  uint32_t numberOfInst,
131  uint32_t * retInstId)
132 {
133  uint32_t counter = 0U;
134 
135  for (counter = 0U; counter < numberOfInst; counter++)
136  {
137  if ((instId == instList[counter]) &&
138  (true == isAllocated[counter]))
139  {
140  *retInstId = counter;
141  return STATUS_SUCCESS;
142  }
143  }
144 
145  return STATUS_ERROR;
146 }
147 
148 /*FUNCTION**********************************************************************
149  *
150  * Function Name : SECURITY_Init
151  * Description : Initializes the state structure, enables interrupt,
152  * installs interrupt handler.
153  * Implements : SECURITY_Init_Activity
154  *
155  *END**************************************************************************/
157  const security_user_config_t * config)
158 {
159  status_t status = STATUS_SUCCESS;
160  uint32_t stateInsts = 0U;
161 #if (defined (SECURITY_OVER_CSEC))
162  (void)instance;
163  static csec_state_t s_tCsecState[NO_OF_INSTS_FOR_SECURITY_PAL];
164 
165  status = SecurityAllocateInstance(g_bCsecStateIsAllocated, g_tCsecInstance, SECURITY_INSTANCE0, NO_OF_INSTS_FOR_SECURITY_PAL);
166  if (STATUS_SUCCESS != status)
167  {
168  return STATUS_ERROR;
169  }
170  status = SecurityGetInstance(g_bCsecStateIsAllocated, g_tCsecInstance, SECURITY_INSTANCE0, NO_OF_INSTS_FOR_SECURITY_PAL, &stateInsts);
171  if (STATUS_SUCCESS != status)
172  {
173  return STATUS_ERROR;
174  }
175  (void)CSEC_DRV_Init(&s_tCsecState[stateInsts]);
176  (void)CSEC_DRV_InstallCallback(config->callback, config->callbackParam);
177 #elif (defined (SECURITY_OVER_HSM))
178  (void)instance;
179  static hsm_state_t s_tHsmState[NO_OF_INSTS_FOR_SECURITY_PAL];
180 
181  status = SecurityAllocateInstance(g_bHsmStateIsAllocated, g_tHsmInstance, SECURITY_INSTANCE0, NO_OF_INSTS_FOR_SECURITY_PAL);
182  if (STATUS_SUCCESS != status)
183  {
184  return STATUS_ERROR;
185  }
186  status = SecurityGetInstance(g_bHsmStateIsAllocated, g_tHsmInstance, SECURITY_INSTANCE0, NO_OF_INSTS_FOR_SECURITY_PAL, &stateInsts);
187  if (STATUS_SUCCESS != status)
188  {
189  return STATUS_ERROR;
190  }
191  status = HSM_DRV_Init(&s_tHsmState[stateInsts]);
192  if (STATUS_SUCCESS != status)
193  {
194  return STATUS_ERROR;
195  }
196  (void)HSM_DRV_InstallCallback(config->callback, config->callbackParam);
197 #else
198  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
199 #endif
200 
201  return status;
202 }
203 
204 /*FUNCTION**********************************************************************
205  *
206  * Function Name : SECURITY_Deinit
207  * Description : Writes with '0' the entire state structure, resets internal
208  * state pointer to NULL, disables interrupts.
209  * Implements : SECURITY_Deinit_Activity
210  *
211  *END**************************************************************************/
213 {
214  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
215 
216  status_t status = STATUS_SUCCESS;
217 
218 #if (defined (SECURITY_OVER_CSEC))
219  (void)instance;
220  (void)CSEC_DRV_Deinit();
221  status = SecurityFreeInstance(g_bCsecStateIsAllocated, g_tCsecInstance, SECURITY_INSTANCE0, NO_OF_INSTS_FOR_SECURITY_PAL);
222  if (STATUS_SUCCESS != status)
223  {
224  return STATUS_ERROR;
225  }
226 #elif (defined (SECURITY_OVER_HSM))
227  (void)instance;
228  status = HSM_DRV_Deinit();
229  if (STATUS_SUCCESS != status)
230  {
231  return STATUS_ERROR;
232  }
233  status = SecurityFreeInstance(g_bHsmStateIsAllocated, g_tHsmInstance, SECURITY_INSTANCE0, NO_OF_INSTS_FOR_SECURITY_PAL);
234  if (STATUS_SUCCESS != status)
235  {
236  return STATUS_ERROR;
237  }
238 #endif
239 
240  return status;
241 }
242 
243 /*FUNCTION**********************************************************************
244  *
245  * Function Name : SECURITY_EncryptEcbBlocking
246  * Description : Performs AES-128 encryption in ECB mode of the input plain
247  * text buffer.
248  * Implements : SECURITY_EncryptEcbBlocking_Activity
249  *
250  *END**************************************************************************/
252  security_key_id_t keyId,
253  const uint8_t *plainText,
254  uint32_t msgLen,
255  uint8_t *cipherText,
256  uint32_t timeout)
257 {
258  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
259 
260  status_t status = STATUS_SUCCESS;
261 
262 #if (defined (SECURITY_OVER_CSEC))
263  (void)instance;
264  status = CSEC_DRV_EncryptECB((csec_key_id_t)keyId, plainText, msgLen, cipherText, timeout);
265 #elif (defined (SECURITY_OVER_HSM))
266  (void)instance;
267  status = HSM_DRV_EncryptECB((hsm_key_id_t)keyId, plainText, msgLen, cipherText, timeout);
268 #endif
269 
270  return status;
271 }
272 
273 /*FUNCTION**********************************************************************
274  *
275  * Function Name : SECURITY_DecryptEcbBlocking
276  * Description : Performs AES-128 decryption in ECB mode of the input cipher
277  * text buffer.
278  * Implements : SECURITY_DecryptEcbBlocking_Activity
279  *
280  *END**************************************************************************/
282  security_key_id_t keyId,
283  const uint8_t *cipherText,
284  uint32_t msgLen,
285  uint8_t *plainText,
286  uint32_t timeout)
287 {
288  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
289 
290  status_t status = STATUS_SUCCESS;
291 
292 #if (defined (SECURITY_OVER_CSEC))
293  (void)instance;
294  status = CSEC_DRV_DecryptECB((csec_key_id_t)keyId, cipherText, msgLen, plainText, timeout);
295 #elif (defined (SECURITY_OVER_HSM))
296  (void)instance;
297  status = HSM_DRV_DecryptECB((hsm_key_id_t)keyId, cipherText, msgLen, plainText, timeout);
298 #endif
299 
300  return status;
301 }
302 
303 /*FUNCTION**********************************************************************
304  *
305  * Function Name : SECURITY_EncryptCbcBlocking
306  * Description : Performs AES-128 encryption in CBC mode of the input plain
307  * text buffer.
308  * Implements : SECURITY_EncryptCbcBlocking_Activity
309  *
310  *END**************************************************************************/
312  security_key_id_t keyId,
313  const uint8_t *plainText,
314  uint32_t msgLen,
315  const uint8_t *iv,
316  uint8_t *cipherText,
317  uint32_t timeout)
318 {
319  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
320 
321  status_t status = STATUS_SUCCESS;
322 
323 #if (defined (SECURITY_OVER_CSEC))
324  (void)instance;
325  status = CSEC_DRV_EncryptCBC((csec_key_id_t)keyId, plainText, msgLen, iv, cipherText, timeout);
326 #elif (defined (SECURITY_OVER_HSM))
327  (void)instance;
328  status = HSM_DRV_EncryptCBC((hsm_key_id_t)keyId, plainText, msgLen, iv, cipherText, timeout);
329 #endif
330 
331  return status;
332 }
333 
334 /*FUNCTION**********************************************************************
335  *
336  * Function Name : SECURITY_DecryptCbcBlocking
337  * Description : Performs AES-128 decryption in CBC mode of the input cipher
338  * text buffer.
339  * Implements : SECURITY_DecryptCbcBlocking_Activity
340  *
341  *END**************************************************************************/
343  security_key_id_t keyId,
344  const uint8_t *cipherText,
345  uint32_t msgLen,
346  const uint8_t* iv,
347  uint8_t *plainText,
348  uint32_t timeout)
349 {
350  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
351 
352  status_t status = STATUS_SUCCESS;
353 
354 #if (defined (SECURITY_OVER_CSEC))
355  (void)instance;
356  status = CSEC_DRV_DecryptCBC((csec_key_id_t)keyId, cipherText, msgLen, iv, plainText, timeout);
357 #elif (defined (SECURITY_OVER_HSM))
358  (void)instance;
359  status = HSM_DRV_DecryptCBC((hsm_key_id_t)keyId, cipherText, msgLen, iv, plainText, timeout);
360 #endif
361 
362  return status;
363 }
364 
365 /*FUNCTION**********************************************************************
366  *
367  * Function Name : SECURITY_GenerateMacBlocking
368  * Description : Calculates MAC of a given message using CMAC with AES-128.
369  * Implements : SECURITY_GenerateMacBlocking_Activity
370  *
371  *END**************************************************************************/
373  security_key_id_t keyId,
374  const uint8_t *msg,
375  uint64_t msgLen,
376  uint8_t *cmac,
377  uint32_t timeout)
378 {
379  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
380 #if (defined (SECURITY_OVER_CSEC))
381  DEV_ASSERT((uint64_t)0xFFFFFFFFU >= msgLen);
382 #endif
383 
384  status_t status = STATUS_SUCCESS;
385 
386 #if (defined (SECURITY_OVER_CSEC))
387  (void)instance;
388  status = CSEC_DRV_GenerateMAC((csec_key_id_t)keyId, msg, (uint32_t)msgLen, cmac, timeout);
389 #elif (defined (SECURITY_OVER_HSM))
390  (void)instance;
391  status = HSM_DRV_GenerateMAC((hsm_key_id_t)keyId, msg, msgLen, cmac, timeout);
392 #endif
393 
394  return status;
395 }
396 
397 /*FUNCTION**********************************************************************
398  *
399  * Function Name : SECURITY_VerifyMacBlocking
400  * Description : Verifies the MAC of a given message using CMAC with AES-128.
401  * Implements : SECURITY_VerifyMacBlocking_Activity
402  *
403  *END**************************************************************************/
405  security_key_id_t keyId,
406  const uint8_t *msg,
407  uint64_t msgLen,
408  const uint8_t *mac,
409  uint16_t macLen,
410  bool *verifStatus,
411  uint32_t timeout)
412 {
413  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
414 #if (defined (SECURITY_OVER_CSEC))
415  DEV_ASSERT((uint64_t)0xFFFFFFFFU >= msgLen);
416 #endif
417 
418  status_t status = STATUS_SUCCESS;
419 
420 #if (defined (SECURITY_OVER_CSEC))
421  (void)instance;
422  status = CSEC_DRV_VerifyMAC((csec_key_id_t)keyId, msg, (uint32_t)msgLen, mac, macLen, verifStatus, timeout);
423 #elif (defined (SECURITY_OVER_HSM))
424  (void)instance;
425  status = HSM_DRV_VerifyMAC((hsm_key_id_t)keyId, msg, msgLen, mac, macLen, verifStatus, timeout);
426 #endif
427 
428  return status;
429 }
430 
431 /*FUNCTION**********************************************************************
432  *
433  * Function Name : SECURITY_LoadKey
434  * Description : Updates an internal key per the SHE specification.
435  * Implements : SECURITY_LoadKey_Activity
436  *
437  *END**************************************************************************/
439  security_key_id_t keyId,
440  const uint8_t *m1,
441  const uint8_t *m2,
442  const uint8_t *m3,
443  uint8_t *m4,
444  uint8_t *m5,
445  uint32_t timeout)
446 {
447  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
448 
449  status_t status = STATUS_SUCCESS;
450 
451 #if (defined (SECURITY_OVER_CSEC))
452  (void)instance;
453  (void)timeout;
454  status = CSEC_DRV_LoadKey((csec_key_id_t)keyId, m1, m2, m3, m4, m5);
455 #elif (defined (SECURITY_OVER_HSM))
456  (void)instance;
457  status = HSM_DRV_LoadKey((hsm_key_id_t)keyId, m1, m2, m3, m4, m5, timeout);
458 #endif
459 
460  return status;
461 }
462 
463 /*FUNCTION**********************************************************************
464  *
465  * Function Name : SECURITY_LoadPlainKey
466  * Description : Updates the RAM key memory slot with a 128-bit plaintext.
467  * Implements : SECURITY_LoadPlainKey_Activity
468  *
469  *END**************************************************************************/
471  const uint8_t *plainKey,
472  uint32_t timeout)
473 {
474  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
475 
476  status_t status = STATUS_SUCCESS;
477 
478 #if (defined (SECURITY_OVER_CSEC))
479  (void)instance;
480  (void)timeout;
481  status = CSEC_DRV_LoadPlainKey(plainKey);
482 #elif (defined (SECURITY_OVER_HSM))
483  (void)instance;
484  status = HSM_DRV_LoadPlainKey(plainKey, timeout);
485 #endif
486 
487  return status;
488 }
489 
490 /*FUNCTION**********************************************************************
491  *
492  * Function Name : SECURITY_ExportRamKey
493  * Description : Exports the RAM_KEY into a format protected by SECRET_KEY.
494  * Implements : SECURITY_ExportRamKey_Activity
495  *
496  *END**************************************************************************/
498  uint8_t *m1,
499  uint8_t *m2,
500  uint8_t *m3,
501  uint8_t *m4,
502  uint8_t *m5,
503  uint32_t timeout)
504 {
505  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
506 
507  status_t status = STATUS_SUCCESS;
508 
509 #if (defined (SECURITY_OVER_CSEC))
510  (void)instance;
511  (void)timeout;
512  status = CSEC_DRV_ExportRAMKey(m1, m2, m3, m4, m5);
513 #elif (defined (SECURITY_OVER_HSM))
514  (void)instance;
515  status = HSM_DRV_ExportRAMKey(m1, m2, m3, m4, m5, timeout);
516 #endif
517 
518  return status;
519 }
520 
521 /*FUNCTION**********************************************************************
522  *
523  * Function Name : SECURITY_ExtendSeed
524  * Description : Extends the seed of the PRNG.
525  * Implements : SECURITY_ExtendSeed_Activity
526  *
527  *END**************************************************************************/
529  const uint8_t *entropy,
530  uint32_t timeout)
531 {
532  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
533 
534  status_t status = STATUS_SUCCESS;
535 
536 #if (defined (SECURITY_OVER_CSEC))
537  (void)instance;
538  (void)timeout;
539  status = CSEC_DRV_ExtendSeed(entropy);
540 #elif (defined (SECURITY_OVER_HSM))
541  (void)instance;
542  status = HSM_DRV_ExtendSeed(entropy, timeout);
543 #endif
544 
545  return status;
546 }
547 
548 /*FUNCTION**********************************************************************
549  *
550  * Function Name : SECURITY_InitRng
551  * Description : Initializes the seed and derive a key for the PRNG.
552  * Implements : SECURITY_InitRng_Activity
553  *
554  *END**************************************************************************/
556  uint32_t timeout)
557 {
558  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
559 
560  status_t status = STATUS_SUCCESS;
561 
562 #if (defined (SECURITY_OVER_CSEC))
563  (void)instance;
564  (void)timeout;
565  status = CSEC_DRV_InitRNG();
566 #elif (defined (SECURITY_OVER_HSM))
567  (void)instance;
568  status = HSM_DRV_InitRNG(timeout);
569 #endif
570 
571  return status;
572 }
573 
574 /*FUNCTION**********************************************************************
575  *
576  * Function Name : SECURITY_GenerateRnd
577  * Description : Generates a vector of 128 random bits.
578  * Implements : SECURITY_GenerateRnd_Activity
579  *
580  *END**************************************************************************/
582  uint8_t *rnd,
583  uint32_t timeout)
584 {
585  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
586 
587  status_t status = STATUS_SUCCESS;
588 
589 #if (defined (SECURITY_OVER_CSEC))
590  (void)instance;
591  (void)timeout;
592  status = CSEC_DRV_GenerateRND(rnd);
593 #elif (defined (SECURITY_OVER_HSM))
594  (void)instance;
595  status = HSM_DRV_GenerateRND(rnd, timeout);
596 #endif
597 
598  return status;
599 }
600 
601 /*FUNCTION**********************************************************************
602  *
603  * Function Name : SECURITY_GetId
604  * Description : Returns the identity (UID) and the value of the status
605  * register protected by a MAC over a challenge and the data.
606  * Implements : SECURITY_GetId_Activity
607  *
608  *END**************************************************************************/
610  const uint8_t *challenge,
611  uint8_t *uid,
612  uint8_t *sreg,
613  uint8_t *mac,
614  uint32_t timeout)
615 {
616  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
617 
618  status_t status = STATUS_SUCCESS;
619 
620 #if (defined (SECURITY_OVER_CSEC))
621  (void)instance;
622  (void)timeout;
623  status = CSEC_DRV_GetID(challenge, uid, sreg, mac);
624 #elif (defined (SECURITY_OVER_HSM))
625  (void)instance;
626  status = HSM_DRV_GetID(challenge, uid, sreg, mac, timeout);
627 #endif
628 
629  return status;
630 }
631 
632 /*FUNCTION**********************************************************************
633  *
634  * Function Name : SECURITY_SecureBoot
635  * Description : Loads the command processor firmware and memory slot data
636  * and then executes the SHE secure boot protocol.
637  * Implements : SECURITY_SecureBoot_Activity
638  *
639  *END**************************************************************************/
641  uint32_t bootImageSize,
642  const uint8_t *bootImagePtr,
643  uint32_t timeout)
644 {
645  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
646 
647  status_t status = STATUS_SUCCESS;
648 
649 #if (defined (SECURITY_OVER_CSEC))
650  (void)instance;
651  (void)bootImageSize;
652  (void)bootImagePtr;
653  (void)timeout;
654  status = STATUS_UNSUPPORTED;
655 #elif (defined (SECURITY_OVER_HSM))
656  (void)instance;
657  status = HSM_DRV_SecureBoot(bootImageSize, bootImagePtr, timeout);
658 #endif
659 
660  return status;
661 }
662 
663 /*FUNCTION**********************************************************************
664  *
665  * Function Name : SECURITY_BootFailure
666  * Description : Signals a failure detected during later stages of the
667  * boot process.
668  * Implements : SECURITY_BootFailure_Activity
669  *
670  *END**************************************************************************/
672  uint32_t timeout)
673 {
674  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
675 
676  status_t status = STATUS_SUCCESS;
677 
678 #if (defined (SECURITY_OVER_CSEC))
679  (void)instance;
680  (void)timeout;
681  status = CSEC_DRV_BootFailure();
682 #elif (defined (SECURITY_OVER_HSM))
683  (void)instance;
684  status = HSM_DRV_BootFailure(timeout);
685 #endif
686 
687  return status;
688 }
689 
690 /*FUNCTION**********************************************************************
691  *
692  * Function Name : SECURITY_BootOk
693  * Description : Marks a successful boot verification during later stages
694  * of the boot process.
695  * Implements : SECURITY_BootOk_Activity
696  *
697  *END**************************************************************************/
699  uint32_t timeout)
700 {
701  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
702 
703  status_t status = STATUS_SUCCESS;
704 
705 #if (defined (SECURITY_OVER_CSEC))
706  (void)instance;
707  (void)timeout;
708  status = CSEC_DRV_BootOK();
709 #elif (defined (SECURITY_OVER_HSM))
710  (void)instance;
711  status = HSM_DRV_BootOK(timeout);
712 #endif
713 
714  return status;
715 }
716 
717 /*FUNCTION**********************************************************************
718  *
719  * Function Name : SECURITY_BootDefine
720  * Description : Implements an extension of the SHE standard to define both
721  * the user boot size and boot method.
722  * Implements : SECURITY_BootDefine_Activity
723  *
724  *END**************************************************************************/
726  uint32_t bootSize,
727  security_boot_flavor_t bootFlavor,
728  uint32_t timeout)
729 {
730  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
731 
732  status_t status = STATUS_SUCCESS;
733 
734 #if (defined (SECURITY_OVER_CSEC))
735  (void)instance;
736  (void)timeout;
737  status = CSEC_DRV_BootDefine(bootSize, (csec_boot_flavor_t)bootFlavor);
738 #elif (defined (SECURITY_OVER_HSM))
739  (void)instance;
740  (void)bootSize;
741  (void)bootFlavor;
742  (void)timeout;
743  status = STATUS_UNSUPPORTED;
744 #endif
745 
746  return status;
747 }
748 
749 /*FUNCTION**********************************************************************
750  *
751  * Function Name : SECURITY_DbgChal
752  * Description : Obtains a random number which the user shall use along with
753  * the MASTER_ECU_KEY and UID to return an authorization
754  * request.
755  * Implements : SECURITY_DbgChal_Activity
756  *
757  *END**************************************************************************/
759  uint8_t *challenge,
760  uint32_t timeout)
761 {
762  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
763 
764  status_t status = STATUS_SUCCESS;
765 
766 #if (defined (SECURITY_OVER_CSEC))
767  (void)instance;
768  (void)timeout;
769  status = CSEC_DRV_DbgChal(challenge);
770 #elif (defined (SECURITY_OVER_HSM))
771  (void)instance;
772  status = HSM_DRV_DbgChal(challenge, timeout);
773 #endif
774 
775  return status;
776 }
777 
778 /*FUNCTION**********************************************************************
779  *
780  * Function Name : SECURITY_DbgAuth
781  * Description : Erases all keys (actual and outdated) stored in NVM Memory
782  * if the authorization is confirmed.
783  * Implements : SECURITY_DbgAuth_Activity
784  *
785  *END**************************************************************************/
787  const uint8_t *authorization,
788  uint32_t timeout)
789 {
790  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
791 
792  status_t status = STATUS_SUCCESS;
793 
794 #if (defined (SECURITY_OVER_CSEC))
795  (void)instance;
796  (void)timeout;
797  status = CSEC_DRV_DbgAuth(authorization);
798 #elif (defined (SECURITY_OVER_HSM))
799  (void)instance;
800  status = HSM_DRV_DbgAuth(authorization, timeout);
801 #endif
802 
803  return status;
804 }
805 
806 /*FUNCTION**********************************************************************
807  *
808  * Function Name : SECURITY_MPCompress
809  * Description : Compresses the given messages by accessing the
810  * Miyaguchi-Prenell compression feature with in the CSEc
811  * feature set.
812  * Implements : SECURITY_MPCompress_Activity
813  *
814  *END**************************************************************************/
816  const uint8_t *msg,
817  uint32_t msgLen,
818  uint8_t *mpCompress,
819  uint32_t timeout)
820 {
821  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
822 #if (defined (SECURITY_OVER_CSEC) || defined (SECURITY_OVER_HSM))
823  DEV_ASSERT((uint32_t)0xFFFFU >= msgLen);
824 #endif
825 
826  status_t status = STATUS_SUCCESS;
827 
828 #if (defined (SECURITY_OVER_CSEC))
829  (void)instance;
830  status = CSEC_DRV_MPCompress(msg, (uint16_t)msgLen, mpCompress, timeout);
831 #elif (defined (SECURITY_OVER_HSM))
832  (void)instance;
833  status = HSM_DRV_MPCompress(msg, (uint16_t)msgLen, mpCompress, timeout);
834 #endif
835 
836  return status;
837 }
838 
839 /*FUNCTION**********************************************************************
840  *
841  * Function Name : SECURITY_GenerateTrnd
842  * Description : Generates a vector of 128 random bits using TRNG.
843  * Implements : SECURITY_GenerateTrnd_Activity
844  *
845  *END**************************************************************************/
847  uint8_t *trnd,
848  uint32_t timeout)
849 {
850  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
851 
852  status_t status = STATUS_SUCCESS;
853 
854 #if (defined (SECURITY_OVER_CSEC))
855  (void)instance;
856  (void)trnd;
857  (void)timeout;
858  status = STATUS_UNSUPPORTED;
859 #elif (defined (SECURITY_OVER_HSM))
860  (void)instance;
861  status = HSM_DRV_GenerateTRND(trnd, timeout);
862 #endif
863 
864  return status;
865 }
866 
867 /*FUNCTION**********************************************************************
868  *
869  * Function Name : SECURITY_CancelCommand
870  * Description : Cancels a previously initiated command.
871  * Implements : SECURITY_CancelCommand_Activity
872  *
873  *END**************************************************************************/
875 {
876  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
877 
878  status_t status = STATUS_SUCCESS;
879 
880 #if (defined (SECURITY_OVER_CSEC))
881  (void)instance;
883  status = STATUS_SUCCESS;
884 #elif (defined (SECURITY_OVER_HSM))
885  (void)instance;
886  status = HSM_DRV_CancelCommand();
887 #endif
888 
889  return status;
890 }
891 
892 /*FUNCTION**********************************************************************
893  *
894  * Function Name : SECURITY_GetAsyncCmdStatus
895  * Description : Checks the status of the execution of an asynchronous command.
896  * Implements : SECURITY_GetAsyncCmdStatus_Activity
897  *
898  *END**************************************************************************/
900 {
901  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
902 
903  status_t status = STATUS_SUCCESS;
904 
905 #if (defined (SECURITY_OVER_CSEC))
906  (void)instance;
907  status = CSEC_DRV_GetAsyncCmdStatus();
908 #elif (defined (SECURITY_OVER_HSM))
909  (void)instance;
910  status = HSM_DRV_GetAsyncCmdStatus();
911 #endif
912 
913  return status;
914 }
915 
916 /*FUNCTION**********************************************************************
917  *
918  * Function Name : SECURITY_EncryptEcb
919  * Description : Asynchronously performs the AES-128 encryption in ECB mode
920  * of the input plain text buffer.
921  * Implements : SECURITY_EncryptEcb_Activity
922  *
923  *END**************************************************************************/
925  security_key_id_t keyId,
926  const uint8_t *plainText,
927  uint32_t msgLen,
928  uint8_t *cipherText)
929 {
930  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
931 
932  status_t status = STATUS_SUCCESS;
933 
934 #if (defined (SECURITY_OVER_CSEC))
935  (void)instance;
936  status = CSEC_DRV_EncryptECBAsync((csec_key_id_t)keyId, plainText, msgLen, cipherText);
937 #elif (defined (SECURITY_OVER_HSM))
938  (void)instance;
939  status = HSM_DRV_EncryptECBAsync((hsm_key_id_t)keyId, plainText, msgLen, cipherText);
940 #endif
941 
942  return status;
943 }
944 
945 /*FUNCTION**********************************************************************
946  *
947  * Function Name : SECURITY_DecryptEcb
948  * Description : Asynchronously performs the AES-128 decryption in ECB mode
949  * of the input cipher text buffer.
950  * Implements : SECURITY_DecryptEcb_Activity
951  *
952  *END**************************************************************************/
954  security_key_id_t keyId,
955  const uint8_t *cipherText,
956  uint32_t msgLen,
957  uint8_t *plainText)
958 {
959  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
960 
961  status_t status = STATUS_SUCCESS;
962 
963 #if (defined (SECURITY_OVER_CSEC))
964  (void)instance;
965  status = CSEC_DRV_DecryptECBAsync((csec_key_id_t)keyId, cipherText, msgLen, plainText);
966 #elif (defined (SECURITY_OVER_HSM))
967  (void)instance;
968  status = HSM_DRV_DecryptECBAsync((hsm_key_id_t)keyId, cipherText, msgLen, plainText);
969 #endif
970 
971  return status;
972 }
973 
974 /*FUNCTION**********************************************************************
975  *
976  * Function Name : SECURITY_EncryptCbc
977  * Description : Asynchronously performs the AES-128 encryption in CBC mode
978  * of the input plain text buffer.
979  * Implements : SECURITY_EncryptCbc_Activity
980  *
981  *END**************************************************************************/
983  security_key_id_t keyId,
984  const uint8_t *plainText,
985  uint32_t msgLen,
986  const uint8_t *iv,
987  uint8_t *cipherText)
988 {
989  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
990 
991  status_t status = STATUS_SUCCESS;
992 
993 #if (defined (SECURITY_OVER_CSEC))
994  (void)instance;
995  status = CSEC_DRV_EncryptCBCAsync((csec_key_id_t)keyId, plainText, msgLen, iv, cipherText);
996 #elif (defined (SECURITY_OVER_HSM))
997  (void)instance;
998  status = HSM_DRV_EncryptCBCAsync((hsm_key_id_t)keyId, plainText, msgLen, iv, cipherText);
999 #endif
1000 
1001  return status;
1002 }
1003 
1004 /*FUNCTION**********************************************************************
1005  *
1006  * Function Name : SECURITY_DecryptCbc
1007  * Description : Asynchronously performs the AES-128 decryption in CBC mode
1008  * of the input cipher text buffer.
1009  * Implements : SECURITY_DecryptCbc_Activity
1010  *
1011  *END**************************************************************************/
1013  security_key_id_t keyId,
1014  const uint8_t *cipherText,
1015  uint32_t msgLen,
1016  const uint8_t* iv,
1017  uint8_t *plainText)
1018 {
1019  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
1020 
1021  status_t status = STATUS_SUCCESS;
1022 
1023 #if (defined (SECURITY_OVER_CSEC))
1024  (void)instance;
1025  status = CSEC_DRV_DecryptCBCAsync((csec_key_id_t)keyId, cipherText, msgLen, iv, plainText);
1026 #elif (defined (SECURITY_OVER_HSM))
1027  (void)instance;
1028  status = HSM_DRV_DecryptCBCAsync((hsm_key_id_t)keyId, cipherText, msgLen, iv, plainText);
1029 #endif
1030 
1031  return status;
1032 }
1033 
1034 /*FUNCTION**********************************************************************
1035  *
1036  * Function Name : SECURITY_GenerateMac
1037  * Description : Asynchronously calculates the MAC of a given message using
1038  * CMAC with AES-128.
1039  * Implements : SECURITY_GenerateMac_Activity
1040  *
1041  *END**************************************************************************/
1043  security_key_id_t keyId,
1044  const uint8_t *msg,
1045  uint64_t msgLen,
1046  uint8_t *cmac)
1047 {
1048  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
1049 #if (defined (SECURITY_OVER_CSEC))
1050  DEV_ASSERT((uint64_t)0xFFFFFFFFU >= msgLen);
1051 #endif
1052 
1053  status_t status = STATUS_SUCCESS;
1054 
1055 #if (defined (SECURITY_OVER_CSEC))
1056  (void)instance;
1057  status = CSEC_DRV_GenerateMACAsync((csec_key_id_t)keyId, msg, (uint32_t)msgLen, cmac);
1058 #elif (defined (SECURITY_OVER_HSM))
1059  (void)instance;
1060  status = HSM_DRV_GenerateMACAsync((hsm_key_id_t)keyId, msg, msgLen, cmac);
1061 #endif
1062 
1063  return status;
1064 }
1065 
1066 /*FUNCTION**********************************************************************
1067  *
1068  * Function Name : SECURITY_VerifyMac
1069  * Description : Asynchronously verifies the MAC of a given message using
1070  * CMAC with AES-128.
1071  * Implements : SECURITY_VerifyMac_Activity
1072  *
1073  *END**************************************************************************/
1075  security_key_id_t keyId,
1076  const uint8_t *msg,
1077  uint64_t msgLen,
1078  const uint8_t *mac,
1079  uint16_t macLen,
1080  bool *verifStatus)
1081 {
1082  DEV_ASSERT((uint32_t)NO_OF_INSTS_FOR_SECURITY_PAL > ((uint32_t)instance));
1083 #if (defined (SECURITY_OVER_CSEC))
1084  DEV_ASSERT((uint64_t)0xFFFFFFFFU >= msgLen);
1085 #endif
1086 
1087  status_t status = STATUS_SUCCESS;
1088 
1089 #if (defined (SECURITY_OVER_CSEC))
1090  (void)instance;
1091  status = CSEC_DRV_VerifyMACAsync((csec_key_id_t)keyId, msg, (uint32_t)msgLen, mac, macLen, verifStatus);
1092 #elif (defined (SECURITY_OVER_HSM))
1093  (void)instance;
1094  status = HSM_DRV_VerifyMACAsync((hsm_key_id_t)keyId, msg, msgLen, mac, macLen, verifStatus);
1095 #endif
1096 
1097  return status;
1098 }
1099 
1100 /******************************************************************************
1101  * EOF
1102  *****************************************************************************/
status_t CSEC_DRV_LoadPlainKey(const uint8_t *plainKey)
Updates the RAM key memory slot with a 128-bit plaintext.
Definition: csec_driver.c:657
status_t CSEC_DRV_GetAsyncCmdStatus(void)
Checks the status of the execution of an asynchronous command.
Definition: csec_driver.c:1388
status_t SECURITY_CancelCommand(security_instance_t instance)
Cancel Command.
Definition: security_pal.c:874
status_t SECURITY_LoadKey(security_instance_t instance, security_key_id_t keyId, const uint8_t *m1, const uint8_t *m2, const uint8_t *m3, uint8_t *m4, uint8_t *m5, uint32_t timeout)
Load Key.
Definition: security_pal.c:438
status_t SECURITY_ExtendSeed(security_instance_t instance, const uint8_t *entropy, uint32_t timeout)
Initialize Random Number Generator.
Definition: security_pal.c:528
void CSEC_DRV_InstallCallback(security_callback_t callbackFunc, void *callbackParam)
Installs a callback function which will be invoked when an asynchronous command finishes its executio...
Definition: csec_driver.c:1763
Define user configuration Implements : security_user_config_t_Class.
Definition: security_pal.h:158
status_t SECURITY_DecryptEcb(security_instance_t instance, security_key_id_t keyId, const uint8_t *cipherText, uint32_t msgLen, uint8_t *plainText)
Decrypt ECB.
Definition: security_pal.c:953
status_t SECURITY_GenerateMacBlocking(security_instance_t instance, security_key_id_t keyId, const uint8_t *msg, uint64_t msgLen, uint8_t *cmac, uint32_t timeout)
MAC Generation.
Definition: security_pal.c:372
status_t CSEC_DRV_GetID(const uint8_t *challenge, uint8_t *uid, uint8_t *sreg, uint8_t *mac)
Returns the identity (UID) and the value of the status register protected by a MAC over a challenge a...
Definition: csec_driver.c:968
Internal driver state information.
Definition: csec_driver.h:186
status_t CSEC_DRV_DecryptCBC(csec_key_id_t keyId, const uint8_t *cipherText, uint32_t length, const uint8_t *iv, uint8_t *plainText, uint32_t timeout)
Performs the AES-128 decryption in CBC mode.
Definition: csec_driver.c:330
status_t SECURITY_GenerateMac(security_instance_t instance, security_key_id_t keyId, const uint8_t *msg, uint64_t msgLen, uint8_t *cmac)
Generate MAC.
void CSEC_DRV_Init(csec_state_t *state)
Initializes the internal state of the driver and enables the FTFC interrupt.
Definition: csec_driver.c:134
status_t CSEC_DRV_DbgAuth(const uint8_t *authorization)
Erases all keys (actual and outdated) stored in NVM Memory if the authorization is confirmed by CSEc...
Definition: csec_driver.c:1060
status_t CSEC_DRV_VerifyMACAsync(csec_key_id_t keyId, const uint8_t *msg, uint32_t msgLen, const uint8_t *mac, uint16_t macLen, bool *verifStatus)
Asynchronously verifies the MAC of a given message using CMAC with AES-128.
Definition: csec_driver.c:1348
static status_t SecurityFreeInstance(bool *isAllocated, const security_instance_t *instList, security_instance_t instId, uint32_t numberOfInst)
Definition: security_pal.c:102
status_t SECURITY_EncryptCbc(security_instance_t instance, security_key_id_t keyId, const uint8_t *plainText, uint32_t msgLen, const uint8_t *iv, uint8_t *cipherText)
Encrypt CBC.
Definition: security_pal.c:982
csec_key_id_t
Specify the KeyID to be used to implement the requested cryptographic operation.
Definition: csec_driver.h:100
status_t CSEC_DRV_BootOK(void)
Marks a successful boot verification during later stages of the boot process.
Definition: csec_driver.c:895
status_t SECURITY_DbgChal(security_instance_t instance, uint8_t *challenge, uint32_t timeout)
Debug Challenge.
Definition: security_pal.c:758
status_t SECURITY_BootFailure(security_instance_t instance, uint32_t timeout)
Boot Failure.
Definition: security_pal.c:671
status_t CSEC_DRV_EncryptCBCAsync(csec_key_id_t keyId, const uint8_t *plainText, uint32_t length, const uint8_t *iv, uint8_t *cipherText)
Asynchronously performs the AES-128 encryption in CBC mode.
Definition: csec_driver.c:1245
status_t CSEC_DRV_VerifyMAC(csec_key_id_t keyId, const uint8_t *msg, uint32_t msgLen, const uint8_t *mac, uint16_t macLen, bool *verifStatus, uint32_t timeout)
Verifies the MAC of a given message using CMAC with AES-128.
Definition: csec_driver.c:487
status_t CSEC_DRV_InitRNG(void)
Initializes the seed and derives a key for the PRNG.
Definition: csec_driver.c:746
security_boot_flavor_t
Defines the security boot flavor Implements : security_boot_flavor_t_Class.
Definition: security_pal.h:100
status_t CSEC_DRV_ExtendSeed(const uint8_t *entropy)
Extends the seed of the PRNG.
Definition: csec_driver.c:783
#define DEV_ASSERT(x)
Definition: devassert.h:77
status_t CSEC_DRV_EncryptECB(csec_key_id_t keyId, const uint8_t *plainText, uint32_t length, uint8_t *cipherText, uint32_t timeout)
Performs the AES-128 encryption in ECB mode.
Definition: csec_driver.c:169
static status_t SecurityGetInstance(const bool *isAllocated, const security_instance_t *instList, security_instance_t instId, uint32_t numberOfInst, uint32_t *retInstId)
Definition: security_pal.c:127
status_t CSEC_DRV_BootFailure(void)
Signals a failure detected during later stages of the boot process.
Definition: csec_driver.c:861
status_t CSEC_DRV_DecryptECBAsync(csec_key_id_t keyId, const uint8_t *cipherText, uint32_t length, uint8_t *plainText)
Asynchronously performs the AES-128 decryption in ECB mode.
Definition: csec_driver.c:1213
static status_t SecurityAllocateInstance(bool *isAllocated, security_instance_t *instList, security_instance_t instId, uint32_t numberOfInst)
Definition: security_pal.c:76
status_t SECURITY_EncryptEcb(security_instance_t instance, security_key_id_t keyId, const uint8_t *plainText, uint32_t msgLen, uint8_t *cipherText)
Encrypt ECB.
Definition: security_pal.c:924
status_t SECURITY_DecryptCbc(security_instance_t instance, security_key_id_t keyId, const uint8_t *cipherText, uint32_t msgLen, const uint8_t *iv, uint8_t *plainText)
Decrypt CBC.
status_t CSEC_DRV_EncryptECBAsync(csec_key_id_t keyId, const uint8_t *plainText, uint32_t length, uint8_t *cipherText)
Asynchronously performs the AES-128 encryption in ECB mode.
Definition: csec_driver.c:1181
status_t CSEC_DRV_DecryptECB(csec_key_id_t keyId, const uint8_t *cipherText, uint32_t length, uint8_t *plainText, uint32_t timeout)
Performs the AES-128 decryption in ECB mode.
Definition: csec_driver.c:222
status_t SECURITY_DecryptEcbBlocking(security_instance_t instance, security_key_id_t keyId, const uint8_t *cipherText, uint32_t msgLen, uint8_t *plainText, uint32_t timeout)
ECB Decryption.
Definition: security_pal.c:281
status_t
Status return codes. Common error codes will be a unified enumeration (C enum) that will contain all ...
Definition: status.h:44
status_t CSEC_DRV_EncryptCBC(csec_key_id_t keyId, const uint8_t *plainText, uint32_t length, const uint8_t *iv, uint8_t *cipherText, uint32_t timeout)
Performs the AES-128 encryption in CBC mode.
Definition: csec_driver.c:274
status_t SECURITY_ExportRamKey(security_instance_t instance, uint8_t *m1, uint8_t *m2, uint8_t *m3, uint8_t *m4, uint8_t *m5, uint32_t timeout)
Export RAM key.
Definition: security_pal.c:497
status_t SECURITY_Deinit(security_instance_t instance)
De-initializes the SECURITY module.
Definition: security_pal.c:212
void CSEC_DRV_Deinit(void)
Clears the internal state of the driver and disables the FTFC interrupt.
Definition: csec_driver.c:154
status_t SECURITY_EncryptCbcBlocking(security_instance_t instance, security_key_id_t keyId, const uint8_t *plainText, uint32_t msgLen, const uint8_t *iv, uint8_t *cipherText, uint32_t timeout)
CBC Decryption.
Definition: security_pal.c:311
status_t SECURITY_LoadPlainKey(security_instance_t instance, const uint8_t *plainKey, uint32_t timeout)
Load Plain Key.
Definition: security_pal.c:470
status_t SECURITY_VerifyMacBlocking(security_instance_t instance, security_key_id_t keyId, const uint8_t *msg, uint64_t msgLen, const uint8_t *mac, uint16_t macLen, bool *verifStatus, uint32_t timeout)
MAC Verification.
Definition: security_pal.c:404
status_t CSEC_DRV_LoadKey(csec_key_id_t keyId, const uint8_t *m1, const uint8_t *m2, const uint8_t *m3, uint8_t *m4, uint8_t *m5)
Updates an internal key per the SHE specification.
Definition: csec_driver.c:603
security_callback_t callback
Definition: security_pal.h:160
security_key_id_t
Defines the security keys Implements : security_key_id_t_Class.
Definition: security_pal.h:61
status_t CSEC_DRV_MPCompress(const uint8_t *msg, uint16_t msgLen, uint8_t *mpCompress, uint32_t timeout)
Compresses the given messages by accessing the Miyaguchi-Prenell compression feature with in the CSEc...
Definition: csec_driver.c:1097
void CSEC_DRV_CancelCommand(void)
Cancels a previously launched asynchronous command.
Definition: csec_driver.c:1778
status_t SECURITY_VerifyMac(security_instance_t instance, security_key_id_t keyId, const uint8_t *msg, uint64_t msgLen, const uint8_t *mac, uint16_t macLen, bool *verifStatus)
Verify MAC.
csec_boot_flavor_t
Specifies the boot type for the BOOT_DEFINE command.
Definition: csec_driver.h:170
status_t SECURITY_SecureBoot(security_instance_t instance, uint32_t bootImageSize, const uint8_t *bootImagePtr, uint32_t timeout)
Secure boot.
Definition: security_pal.c:640
status_t CSEC_DRV_DecryptCBCAsync(csec_key_id_t keyId, const uint8_t *cipherText, uint32_t length, const uint8_t *iv, uint8_t *plainText)
Asynchronously performs the AES-128 decryption in CBC mode.
Definition: csec_driver.c:1280
status_t SECURITY_MPCompress(security_instance_t instance, const uint8_t *msg, uint32_t msgLen, uint8_t *mpCompress, uint32_t timeout)
Miyaguchi-Prenell Compression.
Definition: security_pal.c:815
status_t SECURITY_Init(security_instance_t instance, const security_user_config_t *config)
Initializes the SECURITY module.
Definition: security_pal.c:156
status_t SECURITY_GenerateTrnd(security_instance_t instance, uint8_t *trnd, uint32_t timeout)
Generate True Random Number.
Definition: security_pal.c:846
status_t CSEC_DRV_ExportRAMKey(uint8_t *m1, uint8_t *m2, uint8_t *m3, uint8_t *m4, uint8_t *m5)
Exports the RAM_KEY into a format protected by SECRET_KEY.
Definition: csec_driver.c:694
status_t SECURITY_BootDefine(security_instance_t instance, uint32_t bootSize, security_boot_flavor_t bootFlavor, uint32_t timeout)
Boot Define.
Definition: security_pal.c:725
status_t CSEC_DRV_GenerateRND(uint8_t *rnd)
Generates a vector of 128 random bits.
Definition: csec_driver.c:821
status_t CSEC_DRV_GenerateMAC(csec_key_id_t keyId, const uint8_t *msg, uint32_t msgLen, uint8_t *cmac, uint32_t timeout)
Calculates the MAC of a given message using CMAC with AES-128.
Definition: csec_driver.c:386
status_t SECURITY_EncryptEcbBlocking(security_instance_t instance, security_key_id_t keyId, const uint8_t *plainText, uint32_t msgLen, uint8_t *cipherText, uint32_t timeout)
ECB Encryption.
Definition: security_pal.c:251
status_t SECURITY_DecryptCbcBlocking(security_instance_t instance, security_key_id_t keyId, const uint8_t *cipherText, uint32_t msgLen, const uint8_t *iv, uint8_t *plainText, uint32_t timeout)
CBC Decryption.
Definition: security_pal.c:342
status_t SECURITY_GenerateRnd(security_instance_t instance, uint8_t *rnd, uint32_t timeout)
Generate RND.
Definition: security_pal.c:581
status_t CSEC_DRV_DbgChal(uint8_t *challenge)
Obtains a random number which the user shall use along with the MASTER_ECU_KEY and UID to return an a...
Definition: csec_driver.c:1020
status_t SECURITY_GetAsyncCmdStatus(security_instance_t instance)
Get asynchronous command status.
Definition: security_pal.c:899
status_t SECURITY_DbgAuth(security_instance_t instance, const uint8_t *authorization, uint32_t timeout)
Debug Authentification.
Definition: security_pal.c:786
security_instance_t
Define instances for SECURITY PAL Implements : security_instance_t_Class.
Definition: security_pal.h:52
status_t CSEC_DRV_BootDefine(uint32_t bootSize, csec_boot_flavor_t bootFlavor)
Implements an extension of the SHE standard to define both the user boot size and boot method...
Definition: csec_driver.c:929
status_t SECURITY_BootOk(security_instance_t instance, uint32_t timeout)
Boot Ok.
Definition: security_pal.c:698
status_t SECURITY_GetId(security_instance_t instance, const uint8_t *challenge, uint8_t *uid, uint8_t *sreg, uint8_t *mac, uint32_t timeout)
Get ID.
Definition: security_pal.c:609
status_t CSEC_DRV_GenerateMACAsync(csec_key_id_t keyId, const uint8_t *msg, uint32_t msgLen, uint8_t *cmac)
Asynchronously calculates the MAC of a given message using CMAC with AES-128.
Definition: csec_driver.c:1315
status_t SECURITY_InitRng(security_instance_t instance, uint32_t timeout)
Initialize Random Number Generator.
Definition: security_pal.c:555