Security Peripheral Abstraction Layer.
Data Structures | |
struct | security_user_config_t |
Define user configuration Implements : security_user_config_t_Class. More... | |
Functions | |
status_t | SECURITY_Init (security_instance_t instance, const security_user_config_t *config) |
Initializes the SECURITY module. More... | |
status_t | SECURITY_Deinit (security_instance_t instance) |
De-initializes the SECURITY module. More... | |
status_t | SECURITY_EncryptEcbBlocking (security_instance_t instance, security_key_id_t keyId, const uint8_t *plainText, uint32_t msgLen, uint8_t *cipherText, uint32_t timeout) |
ECB Encryption. More... | |
status_t | SECURITY_DecryptEcbBlocking (security_instance_t instance, security_key_id_t keyId, const uint8_t *cipherText, uint32_t msgLen, uint8_t *plainText, uint32_t timeout) |
ECB Decryption. More... | |
status_t | SECURITY_EncryptCbcBlocking (security_instance_t instance, security_key_id_t keyId, const uint8_t *plainText, uint32_t msgLen, const uint8_t *iv, uint8_t *cipherText, uint32_t timeout) |
CBC Decryption. More... | |
status_t | SECURITY_DecryptCbcBlocking (security_instance_t instance, security_key_id_t keyId, const uint8_t *cipherText, uint32_t msgLen, const uint8_t *iv, uint8_t *plainText, uint32_t timeout) |
CBC Decryption. More... | |
status_t | SECURITY_GenerateMacBlocking (security_instance_t instance, security_key_id_t keyId, const uint8_t *msg, uint64_t msgLen, uint8_t *cmac, uint32_t timeout) |
MAC Generation. More... | |
status_t | SECURITY_VerifyMacBlocking (security_instance_t instance, security_key_id_t keyId, const uint8_t *msg, uint64_t msgLen, const uint8_t *mac, uint16_t macLen, bool *verifStatus, uint32_t timeout) |
MAC Verification. More... | |
status_t | SECURITY_LoadKey (security_instance_t instance, security_key_id_t keyId, const uint8_t *m1, const uint8_t *m2, const uint8_t *m3, uint8_t *m4, uint8_t *m5, uint32_t timeout) |
Load Key. More... | |
status_t | SECURITY_LoadPlainKey (security_instance_t instance, const uint8_t *plainKey, uint32_t timeout) |
Load Plain Key. More... | |
status_t | SECURITY_ExportRamKey (security_instance_t instance, uint8_t *m1, uint8_t *m2, uint8_t *m3, uint8_t *m4, uint8_t *m5, uint32_t timeout) |
Export RAM key. More... | |
status_t | SECURITY_ExtendSeed (security_instance_t instance, const uint8_t *entropy, uint32_t timeout) |
Initialize Random Number Generator. More... | |
status_t | SECURITY_InitRng (security_instance_t instance, uint32_t timeout) |
Initialize Random Number Generator. More... | |
status_t | SECURITY_GenerateRnd (security_instance_t instance, uint8_t *rnd, uint32_t timeout) |
Generate RND. More... | |
status_t | SECURITY_GetId (security_instance_t instance, const uint8_t *challenge, uint8_t *uid, uint8_t *sreg, uint8_t *mac, uint32_t timeout) |
Get ID. More... | |
status_t | SECURITY_SecureBoot (security_instance_t instance, uint32_t bootImageSize, const uint8_t *bootImagePtr, uint32_t timeout) |
Secure boot. More... | |
status_t | SECURITY_BootFailure (security_instance_t instance, uint32_t timeout) |
Boot Failure. More... | |
status_t | SECURITY_BootOk (security_instance_t instance, uint32_t timeout) |
Boot Ok. More... | |
status_t | SECURITY_BootDefine (security_instance_t instance, uint32_t bootSize, security_boot_flavor_t bootFlavor, uint32_t timeout) |
Boot Define. More... | |
status_t | SECURITY_DbgChal (security_instance_t instance, uint8_t *challenge, uint32_t timeout) |
Debug Challenge. More... | |
status_t | SECURITY_DbgAuth (security_instance_t instance, const uint8_t *authorization, uint32_t timeout) |
Debug Authentification. More... | |
status_t | SECURITY_MPCompress (security_instance_t instance, const uint8_t *msg, uint32_t msgLen, uint8_t *mpCompress, uint32_t timeout) |
Miyaguchi-Prenell Compression. More... | |
status_t | SECURITY_GenerateTrnd (security_instance_t instance, uint8_t *trnd, uint32_t timeout) |
Generate True Random Number. More... | |
status_t | SECURITY_CancelCommand (security_instance_t instance) |
Cancel Command. More... | |
status_t | SECURITY_GetAsyncCmdStatus (security_instance_t instance) |
Get asynchronous command status. More... | |
status_t | SECURITY_EncryptEcb (security_instance_t instance, security_key_id_t keyId, const uint8_t *plainText, uint32_t msgLen, uint8_t *cipherText) |
Encrypt ECB. More... | |
status_t | SECURITY_DecryptEcb (security_instance_t instance, security_key_id_t keyId, const uint8_t *cipherText, uint32_t msgLen, uint8_t *plainText) |
Decrypt ECB. More... | |
status_t | SECURITY_EncryptCbc (security_instance_t instance, security_key_id_t keyId, const uint8_t *plainText, uint32_t msgLen, const uint8_t *iv, uint8_t *cipherText) |
Encrypt CBC. More... | |
status_t | SECURITY_DecryptCbc (security_instance_t instance, security_key_id_t keyId, const uint8_t *cipherText, uint32_t msgLen, const uint8_t *iv, uint8_t *plainText) |
Decrypt CBC. More... | |
status_t | SECURITY_GenerateMac (security_instance_t instance, security_key_id_t keyId, const uint8_t *msg, uint64_t msgLen, uint8_t *cmac) |
Generate MAC. More... | |
status_t | SECURITY_VerifyMac (security_instance_t instance, security_key_id_t keyId, const uint8_t *msg, uint64_t msgLen, const uint8_t *mac, uint16_t macLen, bool *verifStatus) |
Verify MAC. More... | |
Defines the security boot flavor Implements : security_boot_flavor_t_Class.
Enumerator | |
---|---|
SECURITY_BOOT_STRICT | |
SECURITY_BOOT_SERIAL | |
SECURITY_BOOT_PARALLEL | |
SECURITY_BOOT_NOT_DEFINED |
Definition at line 100 of file security_pal.h.
enum security_cmd_t |
Defines the security command Implements : security_cmd_t_Class.
Definition at line 112 of file security_pal.h.
enum security_instance_t |
Define instances for SECURITY PAL Implements : security_instance_t_Class.
Enumerator | |
---|---|
SECURITY_INSTANCE0 |
Definition at line 52 of file security_pal.h.
enum security_key_id_t |
Defines the security keys Implements : security_key_id_t_Class.
Definition at line 61 of file security_pal.h.
status_t SECURITY_BootDefine | ( | security_instance_t | instance, |
uint32_t | bootSize, | ||
security_boot_flavor_t | bootFlavor, | ||
uint32_t | timeout | ||
) |
Boot Define.
Implements an extension of the SHE standard to define both the user boot size and boot method.
[in] | instance | security module instance |
[in] | bootSize | Number of blocks of 128-bit data to check on boot. Maximum size is 512kBytes. |
[in] | bootFlavor | The boot method. |
[in] | timeout | Specifies the maximum time allowed for command completion, else STATUS_TIMEOUT is returned. |
Definition at line 725 of file security_pal.c.
status_t SECURITY_BootFailure | ( | security_instance_t | instance, |
uint32_t | timeout | ||
) |
Boot Failure.
Signals a failure detected during later stages of the boot process.
[in] | instance | security module instance |
[in] | timeout | Specifies the maximum time allowed for command completion, else STATUS_TIMEOUT is returned. |
Definition at line 671 of file security_pal.c.
status_t SECURITY_BootOk | ( | security_instance_t | instance, |
uint32_t | timeout | ||
) |
Boot Ok.
Marks a successful boot verification during later stages of the boot process.
[in] | instance | security module instance |
[in] | timeout | Specifies the maximum time allowed for command completion, else STATUS_TIMEOUT is returned. |
Definition at line 698 of file security_pal.c.
status_t SECURITY_CancelCommand | ( | security_instance_t | instance | ) |
Cancel Command.
Cancels a previously initiated command.
[in] | instance | security module instance |
Definition at line 874 of file security_pal.c.
status_t SECURITY_DbgAuth | ( | security_instance_t | instance, |
const uint8_t * | authorization, | ||
uint32_t | timeout | ||
) |
Debug Authentification.
Erases all keys (actual and outdated) stored in NVM Memory if the authorization is confirmed.
[in] | instance | security module instance |
[in] | authorization | Pointer to the 128-bit buffer containing the authorization value. |
[in] | timeout | Specifies the maximum time allowed for command completion, else STATUS_TIMEOUT is returned. |
Definition at line 786 of file security_pal.c.
status_t SECURITY_DbgChal | ( | security_instance_t | instance, |
uint8_t * | challenge, | ||
uint32_t | timeout | ||
) |
Debug Challenge.
Obtains a random number which the user shall use along with the MASTER_ECU_KEY and UID to return an authorization request.
[in] | instance | security module instance |
[out] | challenge | Pointer to the 128-bit buffer where the challenge data will be stored. |
[in] | timeout | Specifies the maximum time allowed for command completion, else STATUS_TIMEOUT is returned. |
Definition at line 758 of file security_pal.c.
status_t SECURITY_DecryptCbc | ( | security_instance_t | instance, |
security_key_id_t | keyId, | ||
const uint8_t * | cipherText, | ||
uint32_t | msgLen, | ||
const uint8_t * | iv, | ||
uint8_t * | plainText | ||
) |
Decrypt CBC.
Asynchronously performs the AES-128 decryption in CBC mode of the input cipher text buffer.
[in] | instance | security module instance |
[in] | keyId | KeyID used to perform the cryptographic operation. |
[in] | cipherText | Pointer to the cipher text buffer. |
[in] | msgLen | Number of bytes of cipher text message to be decrypted. It should be multiple of 16 bytes. |
[in] | iv | Pointer to the initialization vector buffer. |
[out] | plainText | Pointer to the plain text buffer. The buffer shall have the same size as the cipher text buffer. |
Definition at line 1012 of file security_pal.c.
status_t SECURITY_DecryptCbcBlocking | ( | security_instance_t | instance, |
security_key_id_t | keyId, | ||
const uint8_t * | cipherText, | ||
uint32_t | msgLen, | ||
const uint8_t * | iv, | ||
uint8_t * | plainText, | ||
uint32_t | timeout | ||
) |
CBC Decryption.
Perform AES-128 decryption in CBC mode of the input cipher text buffer.
[in] | instance | security module instance |
[in] | keyId | KeyID used to perform the cryptographic operation |
[in] | cipherText | Pointer to the cipher text buffer. |
[in] | msgLen | Number of bytes of plain text message to be encrypted. It is multiple of 16 bytes. |
[in] | iv | Pointer to the initialization vector buffer. |
[out] | plainText | Pointer to the plain text buffer. The buffer shall have the same size as the cipher text buffer. |
[in] | timeout | Specifies the maximum time allowed for command completion, else STATUS_TIMEOUT is returned. |
Definition at line 342 of file security_pal.c.
status_t SECURITY_DecryptEcb | ( | security_instance_t | instance, |
security_key_id_t | keyId, | ||
const uint8_t * | cipherText, | ||
uint32_t | msgLen, | ||
uint8_t * | plainText | ||
) |
Decrypt ECB.
Asynchronously performs the AES-128 decryption in ECB mode of the input cipher text buffer.
[in] | instance | security module instance |
[in] | keyId | KeyID used to perform the cryptographic operation. |
[in] | cipherText | Pointer to the cipher text buffer. |
[in] | msgLen | Number of bytes of cipher text message to be decrypted. It should be multiple of 16 bytes. |
[out] | plainText | Pointer to the plain text buffer. The buffer shall have the same size as the cipher text buffer. |
Definition at line 953 of file security_pal.c.
status_t SECURITY_DecryptEcbBlocking | ( | security_instance_t | instance, |
security_key_id_t | keyId, | ||
const uint8_t * | cipherText, | ||
uint32_t | msgLen, | ||
uint8_t * | plainText, | ||
uint32_t | timeout | ||
) |
ECB Decryption.
Perform AES-128 decryption in ECB mode of the input cipher text buffer.
[in] | instance | security module instance |
[in] | keyId | KeyID used to perform the cryptographic operation |
[in] | cipherText | Pointer to the cipher text buffer. |
[in] | msgLen | Number of bytes of plain text message to be encrypted. It is multiple of 16 bytes. |
[out] | plainText | Pointer to the plain text buffer. The buffer shall have the same size as the cipher text buffer. |
[in] | timeout | Specifies the maximum time allowed for command completion, else STATUS_TIMEOUT is returned. |
Definition at line 281 of file security_pal.c.
status_t SECURITY_Deinit | ( | security_instance_t | instance | ) |
De-initializes the SECURITY module.
This function de-initializes the requested SECURITY instance.
[in] | instance | security module instance |
Definition at line 212 of file security_pal.c.
status_t SECURITY_EncryptCbc | ( | security_instance_t | instance, |
security_key_id_t | keyId, | ||
const uint8_t * | plainText, | ||
uint32_t | msgLen, | ||
const uint8_t * | iv, | ||
uint8_t * | cipherText | ||
) |
Encrypt CBC.
Asynchronously performs the AES-128 encryption in CBC mode of the input plain text buffer.
[in] | instance | security module instance |
[in] | keyId | KeyID used to perform the cryptographic operation. |
[in] | plainText | Pointer to the plain text buffer. |
[in] | msgLen | Number of bytes of plain text message to be encrypted. It should be multiple of 16 bytes. |
[in] | iv | Pointer to the initialization vector buffer. |
[out] | cipherText | Pointer to the cipher text buffer. The buffer shall have the same size as the plain text buffer. |
Definition at line 982 of file security_pal.c.
status_t SECURITY_EncryptCbcBlocking | ( | security_instance_t | instance, |
security_key_id_t | keyId, | ||
const uint8_t * | plainText, | ||
uint32_t | msgLen, | ||
const uint8_t * | iv, | ||
uint8_t * | cipherText, | ||
uint32_t | timeout | ||
) |
CBC Decryption.
Perform AES-128 decryption in CBC mode of the input cipher text buffer.
[in] | instance | security module instance |
[in] | keyId | KeyID used to perform the cryptographic operation |
[in] | plainText | Pointer to the plain text buffer. The buffer shall have the same size as the cipher text buffer. |
[in] | msgLen | Number of bytes of plain text message to be encrypted. It is multiple of 16 bytes. |
[in] | iv | Pointer to the initialization vector buffer. |
[out] | cipherText | Pointer to the cipher text buffer. |
[in] | timeout | Specifies the maximum time allowed for command completion, else STATUS_TIMEOUT is returned. |
Definition at line 311 of file security_pal.c.
status_t SECURITY_EncryptEcb | ( | security_instance_t | instance, |
security_key_id_t | keyId, | ||
const uint8_t * | plainText, | ||
uint32_t | msgLen, | ||
uint8_t * | cipherText | ||
) |
Encrypt ECB.
Asynchronously performs the AES-128 encryption in ECB mode of the input plain text buffer.
[in] | instance | security module instance |
[in] | keyId | KeyID used to perform the cryptographic operation. |
[in] | plainText | Pointer to the plain text buffer. |
[in] | msgLen | Number of bytes of plain text message to be encrypted. It should be multiple of 16 bytes. |
[out] | cipherText | Pointer to the cipher text buffer. The buffer shall have the same size as the plain text buffer. |
Definition at line 924 of file security_pal.c.
status_t SECURITY_EncryptEcbBlocking | ( | security_instance_t | instance, |
security_key_id_t | keyId, | ||
const uint8_t * | plainText, | ||
uint32_t | msgLen, | ||
uint8_t * | cipherText, | ||
uint32_t | timeout | ||
) |
ECB Encryption.
Perform AES-128 encryption in ECB mode of the input plain text buffer.
[in] | instance | security module instance |
[in] | keyId | KeyID used to perform the cryptographic operation |
[in] | plainText | Pointer to the plain text buffer |
[in] | msgLen | Number of bytes of plain text message to be encrypted. It is multiple of 16 bytes. |
[out] | cipherText | Pointer to the cipher text buffer. The buffer shall have the same size as the plain text buffer. |
[in] | timeout | Specifies the maximum time allowed for command completion, else STATUS_TIMEOUT is returned. |
Definition at line 251 of file security_pal.c.
status_t SECURITY_ExportRamKey | ( | security_instance_t | instance, |
uint8_t * | m1, | ||
uint8_t * | m2, | ||
uint8_t * | m3, | ||
uint8_t * | m4, | ||
uint8_t * | m5, | ||
uint32_t | timeout | ||
) |
Export RAM key.
Exports the RAM_KEY into a format protected by SECRET_KEY.
[in] | instance | security module instance |
[out] | m1 | Pointer to a buffer where the M1 parameter will be exported. |
[out] | m2 | Pointer to a buffer where the M2 parameter will be exported. |
[out] | m3 | Pointer to a buffer where the M3 parameter will be exported. |
[out] | m4 | Pointer to a buffer where the M4 parameter will be exported. |
[out] | m5 | Pointer to a buffer where the M5 parameter will be exported. |
[in] | timeout | Specifies the maximum time allowed for command completion, else STATUS_TIMEOUT is returned. |
Definition at line 497 of file security_pal.c.
status_t SECURITY_ExtendSeed | ( | security_instance_t | instance, |
const uint8_t * | entropy, | ||
uint32_t | timeout | ||
) |
Initialize Random Number Generator.
Extends the seed of the PRNG by compressing the former seed value and the supplied entropy into a new seed. This new seed is then to be used to generate a random number by invoking the CMD_RND command. The random number generator must be initialized by CMD_INIT_RNG before the seed may be extended.
[in] | instance | security module instance |
[in] | entropy | pointer to a 128-bit buffer containing the entropy. |
[in] | timeout | Specifies the maximum time allowed for command completion, else STATUS_TIMEOUT is returned. |
Definition at line 528 of file security_pal.c.
status_t SECURITY_GenerateMac | ( | security_instance_t | instance, |
security_key_id_t | keyId, | ||
const uint8_t * | msg, | ||
uint64_t | msgLen, | ||
uint8_t * | cmac | ||
) |
Generate MAC.
Asynchronously calculates the MAC of a given message using CMAC with AES-128.
[in] | instance | security module instance |
[in] | keyId | KeyID used to perform the cryptographic operation. |
[in] | msg | Pointer to the message buffer. |
[in] | msgLen | Number of bits of message on which CMAC will be computed. |
[out] | cmac | Pointer to the buffer containing the result of the CMAC computation. |
Definition at line 1042 of file security_pal.c.
status_t SECURITY_GenerateMacBlocking | ( | security_instance_t | instance, |
security_key_id_t | keyId, | ||
const uint8_t * | msg, | ||
uint64_t | msgLen, | ||
uint8_t * | cmac, | ||
uint32_t | timeout | ||
) |
MAC Generation.
Calculates MAC of a given message using CMAC with AES-128.
[in] | instance | security module instance |
[in] | keyId | KeyID used to perform the cryptographic operation. |
[in] | msg | Pointer to the message buffer. |
[in] | msgLen | Number of bits of message on which CMAC will be computed. |
[out] | cmac | Pointer to the buffer containing the result of the CMAC computation. |
[in] | timeout | Specifies the maximum time allowed for command completion, else STATUS_TIMEOUT is returned. |
[in] | timeout | Specifies the maximum time allowed for command completion, else STATUS_TIMEOUT is returned. |
Definition at line 372 of file security_pal.c.
status_t SECURITY_GenerateRnd | ( | security_instance_t | instance, |
uint8_t * | rnd, | ||
uint32_t | timeout | ||
) |
Generate RND.
Generates a vector of 128 random bits.
[in] | instance | security module instance |
[out] | rnd | Pointer to a 128-bit buffer where the generated random number has to be stored. |
[in] | timeout | Specifies the maximum time allowed for command completion, else STATUS_TIMEOUT is returned. |
Definition at line 581 of file security_pal.c.
status_t SECURITY_GenerateTrnd | ( | security_instance_t | instance, |
uint8_t * | trnd, | ||
uint32_t | timeout | ||
) |
Generate True Random Number.
Generates a vector of 128 random bits using TRNG.
[in] | instance | security module instance |
[out] | trnd | Pointer to a 128-bit buffer where the generated random number is stored. |
[in] | timeout | Specifies the maximum time allowed for command completion, else STATUS_TIMEOUT is returned. |
Definition at line 846 of file security_pal.c.
status_t SECURITY_GetAsyncCmdStatus | ( | security_instance_t | instance | ) |
Get asynchronous command status.
Checks the status of the execution of an asynchronous command.
[in] | instance | security module instance |
Definition at line 899 of file security_pal.c.
status_t SECURITY_GetId | ( | security_instance_t | instance, |
const uint8_t * | challenge, | ||
uint8_t * | uid, | ||
uint8_t * | sreg, | ||
uint8_t * | mac, | ||
uint32_t | timeout | ||
) |
Get ID.
Returns the identity (UID) and the value of the status register protected by a MAC over a challenge and the data.
[in] | instance | security module instance |
[in] | challenge | Pointer to the 128-bit buffer containing Challenge data. |
[out] | uid | Pointer to 120 bit buffer where the UID will be stored. |
[out] | sreg | Value of the status register. |
[out] | mac | Pointer to the 128 bit buffer where the MAC generated over challenge and UID and status will be stored. |
[in] | timeout | Specifies the maximum time allowed for command completion, else STATUS_TIMEOUT is returned. |
Definition at line 609 of file security_pal.c.
status_t SECURITY_Init | ( | security_instance_t | instance, |
const security_user_config_t * | config | ||
) |
Initializes the SECURITY module.
This function initializes and enables the requested SECURITY instance.
[in] | instance | security module instance |
[in] | config | pointer to security module configuration structure |
Definition at line 156 of file security_pal.c.
status_t SECURITY_InitRng | ( | security_instance_t | instance, |
uint32_t | timeout | ||
) |
Initialize Random Number Generator.
Initializes the seed and derive a key for the PRNG.
[in] | instance | security module instance |
[in] | timeout | Specifies the maximum time allowed for command completion, else STATUS_TIMEOUT is returned. |
Definition at line 555 of file security_pal.c.
status_t SECURITY_LoadKey | ( | security_instance_t | instance, |
security_key_id_t | keyId, | ||
const uint8_t * | m1, | ||
const uint8_t * | m2, | ||
const uint8_t * | m3, | ||
uint8_t * | m4, | ||
uint8_t * | m5, | ||
uint32_t | timeout | ||
) |
Load Key.
Updates an internal key per the SHE specification.
[in] | instance | security module instance |
[in] | keyId | KeyID of the key to be updated. |
[in] | m1 | Pointer to the 128-bit M1 message containing the UID, Key ID and Authentication Key ID. |
[in] | m2 | Pointer to the 256-bit M2 message contains the new security flags, counter and the key value all encrypted using a derived key generated from the Authentication Key. |
[in] | m3 | Pointer to the 128-bit M3 message is a MAC generated over messages M1 and M2. |
[out] | m4 | Pointer to a 256 bits buffer where the computed M4 parameter is stored. |
[out] | m5 | Pointer to a 128 bits buffer where the computed M5 parameter is stored. |
[in] | timeout | Specifies the maximum time allowed for command completion, else STATUS_TIMEOUT is returned. |
Definition at line 438 of file security_pal.c.
status_t SECURITY_LoadPlainKey | ( | security_instance_t | instance, |
const uint8_t * | plainKey, | ||
uint32_t | timeout | ||
) |
Load Plain Key.
Updates the RAM key memory slot with a 128-bit plaintext.
[in] | instance | security module instance |
[in] | plainKey | Pointer to the 128-bit buffer containing the key that needs to be copied in RAM_KEY slot. |
[in] | timeout | Specifies the maximum time allowed for command completion, else STATUS_TIMEOUT is returned. |
Definition at line 470 of file security_pal.c.
status_t SECURITY_MPCompress | ( | security_instance_t | instance, |
const uint8_t * | msg, | ||
uint32_t | msgLen, | ||
uint8_t * | mpCompress, | ||
uint32_t | timeout | ||
) |
Miyaguchi-Prenell Compression.
Compresses the given messages by accessing the Miyaguchi-Prenell compression feature with in the CSEc feature set.
[in] | instance | security module instance |
[in] | msg | Pointer to the messages to be compressed. Messages must be pre-processed per SHE specification if they do not already meet the full 128-bit block size requirement. |
[in] | msgLen | The number of 128 bit messages to be compressed. |
[out] | mpCompress | Pointer to the 128 bit buffer storing the compressed data. |
[in] | timeout | Specifies the maximum time allowed for command completion, else STATUS_TIMEOUT is returned. |
Definition at line 815 of file security_pal.c.
status_t SECURITY_SecureBoot | ( | security_instance_t | instance, |
uint32_t | bootImageSize, | ||
const uint8_t * | bootImagePtr, | ||
uint32_t | timeout | ||
) |
Secure boot.
The function loads the command processor firmware and memory slot data and then executes the SHE secure boot protocol.
[in] | instance | security module instance |
[in] | bootImageSize | Boot image size (in bytes). |
[in] | bootImagePtr | Boot image start address. |
[in] | timeout | Timeout in ms; the function returns STATUS_TIMEOUT if the command is not finished in the allocated period. |
Definition at line 640 of file security_pal.c.
status_t SECURITY_VerifyMac | ( | security_instance_t | instance, |
security_key_id_t | keyId, | ||
const uint8_t * | msg, | ||
uint64_t | msgLen, | ||
const uint8_t * | mac, | ||
uint16_t | macLen, | ||
bool * | verifStatus | ||
) |
Verify MAC.
Asynchronously verifies the MAC of a given message using CMAC with AES-128.
[in] | instance | security module instance |
[in] | keyId | KeyID used to perform the cryptographic operation. |
[in] | msg | Pointer to the message buffer. |
[in] | msgLen | Number of bits of message on which CMAC will be computed. |
[in] | mac | Pointer to the buffer containing the CMAC to be verified. |
[in] | macLen | Number of bits of the CMAC to be compared. A macLength value of zero indicates that all 128-bits are compared. |
[out] | verifStatus | Status of MAC verification command (true: verification operation passed, false: verification operation failed). |
Definition at line 1074 of file security_pal.c.
status_t SECURITY_VerifyMacBlocking | ( | security_instance_t | instance, |
security_key_id_t | keyId, | ||
const uint8_t * | msg, | ||
uint64_t | msgLen, | ||
const uint8_t * | mac, | ||
uint16_t | macLen, | ||
bool * | verifStatus, | ||
uint32_t | timeout | ||
) |
MAC Verification.
Verifies the MAC of a given message using CMAC with AES-128.
[in] | instance | security module instance |
[in] | keyId | KeyID used to perform the cryptographic operation. |
[in] | msg | Pointer to the message buffer. |
[in] | msgLen | Number of bits of message on which CMAC will be computed. |
[in] | mac | Pointer to the buffer containing the CMAC to be verified. |
[in] | macLen | Number of bits of the CMAC to be compared. A macLength value of zero indicates that all 128-bits are compared. |
[out] | verifStatus | Status of MAC verification command (true: verification operation passed, false: verification operation failed). |
[in] | timeout | Specifies the maximum time allowed for command completion, else STATUS_TIMEOUT is returned. |
Definition at line 404 of file security_pal.c.