diff --git a/mcux/mcux-sdk-ng/devices/MCX/MCXA/MCXA266/MCXA266_features.h b/mcux/mcux-sdk-ng/devices/MCX/MCXA/MCXA266/MCXA266_features.h index 086e4c942b..9d35adcb19 100644 --- a/mcux/mcux-sdk-ng/devices/MCX/MCXA/MCXA266/MCXA266_features.h +++ b/mcux/mcux-sdk-ng/devices/MCX/MCXA/MCXA266/MCXA266_features.h @@ -786,6 +786,8 @@ #define FSL_FEATURE_RTC_HAS_NO_CR_SUP (1) /* @brief Has no oscillator enable bit (CR). */ #define FSL_FEATURE_RTC_HAS_NO_CR_OSCE (1) +/* @brief Has clock output (bitfield CR[CLKO]). */ +#define FSL_FEATURE_RTC_HAS_CLOCK_OUTPUT (0) /* SPC module features */ diff --git a/mcux/mcux-sdk-ng/devices/MCX/MCXA/MCXA345/MCXA345_features.h b/mcux/mcux-sdk-ng/devices/MCX/MCXA/MCXA345/MCXA345_features.h index 144e4bc25c..cda6cc3517 100644 --- a/mcux/mcux-sdk-ng/devices/MCX/MCXA/MCXA345/MCXA345_features.h +++ b/mcux/mcux-sdk-ng/devices/MCX/MCXA/MCXA345/MCXA345_features.h @@ -762,6 +762,8 @@ #define FSL_FEATURE_RTC_HAS_NO_CR_SUP (1) /* @brief Has no oscillator enable bit (CR). */ #define FSL_FEATURE_RTC_HAS_NO_CR_OSCE (1) +/* @brief Has clock output (bitfield CR[CLKO]). */ +#define FSL_FEATURE_RTC_HAS_CLOCK_OUTPUT (0) /* SPC module features */ diff --git a/mcux/mcux-sdk-ng/devices/MCX/MCXA/MCXA346/MCXA346_features.h b/mcux/mcux-sdk-ng/devices/MCX/MCXA/MCXA346/MCXA346_features.h index 500d38e82d..86f1c575fd 100644 --- a/mcux/mcux-sdk-ng/devices/MCX/MCXA/MCXA346/MCXA346_features.h +++ b/mcux/mcux-sdk-ng/devices/MCX/MCXA/MCXA346/MCXA346_features.h @@ -762,6 +762,8 @@ #define FSL_FEATURE_RTC_HAS_NO_CR_SUP (1) /* @brief Has no oscillator enable bit (CR). */ #define FSL_FEATURE_RTC_HAS_NO_CR_OSCE (1) +/* @brief Has clock output (bitfield CR[CLKO]). */ +#define FSL_FEATURE_RTC_HAS_CLOCK_OUTPUT (0) /* SPC module features */ diff --git a/mcux/mcux-sdk-ng/devices/MCX/MCXA/MCXA366/MCXA366_features.h b/mcux/mcux-sdk-ng/devices/MCX/MCXA/MCXA366/MCXA366_features.h index 0883d1cf6b..1dbe07e828 100644 --- a/mcux/mcux-sdk-ng/devices/MCX/MCXA/MCXA366/MCXA366_features.h +++ b/mcux/mcux-sdk-ng/devices/MCX/MCXA/MCXA366/MCXA366_features.h @@ -790,6 +790,8 @@ #define FSL_FEATURE_RTC_HAS_NO_CR_SUP (1) /* @brief Has no oscillator enable bit (CR). */ #define FSL_FEATURE_RTC_HAS_NO_CR_OSCE (1) +/* @brief Has clock output (bitfield CR[CLKO]). */ +#define FSL_FEATURE_RTC_HAS_CLOCK_OUTPUT (0) /* SPC module features */ diff --git a/mcux/mcux-sdk-ng/drivers/caam/CMakeLists.txt b/mcux/mcux-sdk-ng/drivers/caam/CMakeLists.txt index 2ec5f28c3d..a04cb01883 100644 --- a/mcux/mcux-sdk-ng/drivers/caam/CMakeLists.txt +++ b/mcux/mcux-sdk-ng/drivers/caam/CMakeLists.txt @@ -1,14 +1,14 @@ -# Copyright 2024 NXP +# Copyright 2024-2025 NXP # # SPDX-License-Identifier: BSD-3-Clause if(CONFIG_MCUX_COMPONENT_driver.caam) - mcux_component_version(2.3.2) + mcux_component_version(2.4.0) mcux_add_source(SOURCES fsl_caam.c fsl_caam.h) mcux_add_include(INCLUDES .) - mcux_add_configuration(CC "-DCRYPTO_USE_DRIVER_CAAM -DCACHE_MODE_WRITE_THROUGH=1") + mcux_add_macro("-DCRYPTO_USE_DRIVER_CAAM -DCACHE_MODE_WRITE_THROUGH=1") endif() diff --git a/mcux/mcux-sdk-ng/drivers/caam/fsl_caam.c b/mcux/mcux-sdk-ng/drivers/caam/fsl_caam.c index 92cd8fdeb1..5d741cd7c0 100644 --- a/mcux/mcux-sdk-ng/drivers/caam/fsl_caam.c +++ b/mcux/mcux-sdk-ng/drivers/caam/fsl_caam.c @@ -1,6 +1,6 @@ /* * Copyright (c) 2016, Freescale Semiconductor, Inc. - * Copyright 2016-2023 NXP + * Copyright 2016-2025 NXP * All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause @@ -56,9 +56,10 @@ #define DESC_LC1_MASK 0x00020000u #define DESC_TAG_SIZE_MASK 0xFFu #define DESC_HALT 0xA0C00000u -#define DESC_JUMP_2 0xA0000002u -#define DESC_JUMP_4 0xA0000004u -#define DESC_JUMP_6 0xA0000006u +#define DESC_JUMP(x) (0xA0000000u | ((x) & 0xFFu)) +#define DESC_JUMP_2 DESC_JUMP(0x2u) +#define DESC_JUMP_4 DESC_JUMP(0x4u) +#define DESC_JUMP_6 DESC_JUMP(0x6u) #define DESC_BLACKKEY_NOMMEN 0x4u #define SEC_MEM 0x8u @@ -221,10 +222,6 @@ static uint32_t s_jrIndex2 = 0; /*!< Current index in the input static caam_job_ring_interface_t *s_jr3 = NULL; /*!< Pointer to job ring interface 3. */ static uint32_t s_jrIndex3 = 0; /*!< Current index in the input job ring 3. */ -AT_NONCACHEABLE_SECTION(static caam_rng_config_t rngConfig); -AT_NONCACHEABLE_SECTION(static caam_desc_rng_t rngGenSeckey); -AT_NONCACHEABLE_SECTION(static caam_desc_rng_t rngInstantiate); -AT_NONCACHEABLE_SECTION(static caam_desc_rng_t descBuf); /******************************************************************************* * Code ******************************************************************************/ @@ -568,6 +565,26 @@ static status_t caam_in_job_ring_add(CAAM_Type *base, caam_job_ring_t jobRing, u return kStatus_Success; } +static status_t caam_in_job_ring_add_and_wait(CAAM_Type *base, + caam_handle_t *handle, + uint32_t *descriptor, + caam_wait_mode_t mode) +{ + status_t status = kStatus_Fail; + + do + { + status = caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); + } while (status == kStatus_CAAM_Again); + + if (kStatus_Success != status) + { + return status; + } + + return CAAM_Wait(base, handle, descriptor, mode); +} + /* this function shall be only called inside CAAM driver critical section * because it accesses global variables. */ @@ -796,37 +813,37 @@ static const uint32_t templateAesGcm[] = { /* 25 */ 0x00000000u, /* place: received ICV address */ }; -status_t caam_aes_gcm_non_blocking(CAAM_Type *base, - caam_handle_t *handle, - caam_desc_aes_gcm_t descriptor, - const uint8_t *input, - uint8_t *output, - size_t size, - const uint8_t *iv, - size_t ivSize, - const uint8_t *aad, - size_t aadSize, - const uint8_t *key, - size_t keySize, - uint32_t tag, - size_t tagSize, - int encrypt); - -status_t caam_aes_gcm_non_blocking(CAAM_Type *base, - caam_handle_t *handle, - caam_desc_aes_gcm_t descriptor, - const uint8_t *input, - uint8_t *output, - size_t size, - const uint8_t *iv, - size_t ivSize, - const uint8_t *aad, - size_t aadSize, - const uint8_t *key, - size_t keySize, - uint32_t tag, - size_t tagSize, - int encrypt) +status_t s_caam_aes_gcm_non_blocking(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_gcm_t descriptor, + const uint8_t *input, + uint8_t *output, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + uint32_t tag, + size_t tagSize, + int encrypt); + +status_t s_caam_aes_gcm_non_blocking(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_gcm_t descriptor, + const uint8_t *input, + uint8_t *output, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + uint32_t tag, + size_t tagSize, + int encrypt) { BUILD_ASSURE(sizeof(templateAesGcm) <= sizeof(caam_desc_aes_gcm_t), caam_desc_aes_gcm_t_size); status_t status; @@ -907,8 +924,103 @@ status_t caam_aes_gcm_non_blocking(CAAM_Type *base, descriptor[16] = DESC_HALT; /* always halt with status 0x0 (normal) */ } - /* add operation specified by descriptor to CAAM Job Ring */ - return caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); + return kStatus_Success; +} + +status_t caam_aes_gcm_non_blocking(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_gcm_t descriptor, + const uint8_t *input, + uint8_t *output, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + uint32_t tag, + size_t tagSize, + int encrypt); + +status_t caam_aes_gcm_non_blocking(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_gcm_t descriptor, + const uint8_t *input, + uint8_t *output, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + uint32_t tag, + size_t tagSize, + int encrypt) +{ + status_t status = s_caam_aes_gcm_non_blocking(base, handle, descriptor, input, output, size, iv, ivSize, aad, + aadSize, key, keySize, tag, tagSize, encrypt); + + if (status == kStatus_Success) + { + /* add operation specified by descriptor to CAAM Job Ring */ + return caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); + } + else + { + return status; + } +} + +status_t caam_aes_gcm_non_blocking_extended(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_gcm_t descriptor, + const uint8_t *input, + uint8_t *output, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + uint32_t tag, + size_t tagSize, + int encrypt, + caam_key_type_t blackKeyType); + +status_t caam_aes_gcm_non_blocking_extended(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_gcm_t descriptor, + const uint8_t *input, + uint8_t *output, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + uint32_t tag, + size_t tagSize, + int encrypt, + caam_key_type_t blackKeyType) +{ + status_t status = s_caam_aes_gcm_non_blocking(base, handle, descriptor, input, output, size, iv, ivSize, aad, + aadSize, key, keySize, tag, tagSize, encrypt); + + if (status == kStatus_Success) + { + descriptor[1] |= (uint32_t)blackKeyType; + + /* add operation specified by descriptor to CAAM Job Ring */ + return caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); + } + else + { + return status; + } } static status_t caam_aes_ccm_check_input_args(CAAM_Type *base, @@ -1036,37 +1148,37 @@ static const uint32_t templateAesCcm[] = { }; -status_t caam_aes_ccm_non_blocking(CAAM_Type *base, - caam_handle_t *handle, - caam_desc_aes_ccm_t descriptor, - const uint8_t *input, - uint8_t *output, - size_t size, - const uint8_t *iv, - size_t ivSize, - const uint8_t *aad, - size_t aadSize, - const uint8_t *key, - size_t keySize, - uint32_t tag, - size_t tagSize, - int encrypt); - -status_t caam_aes_ccm_non_blocking(CAAM_Type *base, - caam_handle_t *handle, - caam_desc_aes_ccm_t descriptor, - const uint8_t *input, - uint8_t *output, - size_t size, - const uint8_t *iv, - size_t ivSize, - const uint8_t *aad, - size_t aadSize, - const uint8_t *key, - size_t keySize, - uint32_t tag, - size_t tagSize, - int encrypt) +status_t s_caam_aes_ccm_non_blocking(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_ccm_t descriptor, + const uint8_t *input, + uint8_t *output, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + uint32_t tag, + size_t tagSize, + int encrypt); + +status_t s_caam_aes_ccm_non_blocking(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_ccm_t descriptor, + const uint8_t *input, + uint8_t *output, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + uint32_t tag, + size_t tagSize, + int encrypt) { BUILD_ASSURE(sizeof(templateAesCcm) <= sizeof(caam_desc_aes_ccm_t), caam_desc_aes_ccm_t_size); status_t status; @@ -1165,8 +1277,102 @@ status_t caam_aes_ccm_non_blocking(CAAM_Type *base, descriptor[24] = DESC_HALT; /* always halt with status 0x0 (normal) */ } - /* add operation specified by descriptor to CAAM Job Ring */ - return caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); + return kStatus_Success; +} + +status_t caam_aes_ccm_non_blocking(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_ccm_t descriptor, + const uint8_t *input, + uint8_t *output, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + uint32_t tag, + size_t tagSize, + int encrypt); + +status_t caam_aes_ccm_non_blocking(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_ccm_t descriptor, + const uint8_t *input, + uint8_t *output, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + uint32_t tag, + size_t tagSize, + int encrypt) +{ + status_t status = s_caam_aes_ccm_non_blocking(base, handle, descriptor, input, output, size, iv, ivSize, aad, + aadSize, key, keySize, tag, tagSize, encrypt); + if (status == kStatus_Success) + { + /* add operation specified by descriptor to CAAM Job Ring */ + return caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); + } + else + { + return status; + } +} + +status_t caam_aes_ccm_non_blocking_extended(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_ccm_t descriptor, + const uint8_t *input, + uint8_t *output, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + uint32_t tag, + size_t tagSize, + int encrypt, + caam_key_type_t blackKeyType); + +status_t caam_aes_ccm_non_blocking_extended(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_ccm_t descriptor, + const uint8_t *input, + uint8_t *output, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + uint32_t tag, + size_t tagSize, + int encrypt, + caam_key_type_t blackKeyType) +{ + status_t status = s_caam_aes_ccm_non_blocking(base, handle, descriptor, input, output, size, iv, ivSize, aad, + aadSize, key, keySize, tag, tagSize, encrypt); + + if (status == kStatus_Success) + { + descriptor[1] |= (uint32_t)blackKeyType; + + /* add operation specified by descriptor to CAAM Job Ring */ + return caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); + } + else + { + return status; + } } /*! @@ -1231,7 +1437,6 @@ status_t CAAM_AES_EncryptTagCcmNonBlocking(CAAM_Type *base, * 14, or 16. * return Status from job descriptor push */ - status_t CAAM_AES_DecryptTagCcmNonBlocking(CAAM_Type *base, caam_handle_t *handle, caam_desc_aes_ccm_t descriptor, @@ -1251,6 +1456,89 @@ status_t CAAM_AES_DecryptTagCcmNonBlocking(CAAM_Type *base, key, keySize, (uint32_t)tag, tagSize, 0); } +/*! + * brief Encrypts AES and tags using CCM block mode. + * + * Puts AES CCM encrypt and tag descriptor to CAAM input job ring. + * + * param base CAAM peripheral base address + * param handle Handle used for this request. Specifies jobRing. + * param[out] descriptor Memory for the CAAM descriptor. + * param plaintext Input plain text to encrypt + * param[out] ciphertext Output cipher text. + * param size Size of input and output data in bytes. Zero means authentication only. + * param iv Nonce + * param ivSize Length of the Nonce in bytes. Must be 7, 8, 9, 10, 11, 12, or 13. + * param aad Input additional authentication data. Can be NULL if aadSize is zero. + * param aadSize Input size in bytes of AAD. Zero means data mode only (authentication skipped). + * param key Input key to use for encryption + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * param[out] tag Generated output tag. Set to NULL to skip tag processing. + * param tagSize Input size of the tag to generate, in bytes. Must be 4, 6, 8, 10, 12, 14, or 16. + * return Status from job descriptor push + */ +status_t CAAM_AES_EncryptTagCcmNonBlockingExtended(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_ccm_t descriptor, + const uint8_t *plaintext, + uint8_t *ciphertext, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + uint8_t *tag, + size_t tagSize, + caam_key_type_t blackKeyType) +{ + return caam_aes_ccm_non_blocking_extended(base, handle, descriptor, plaintext, ciphertext, size, iv, ivSize, aad, + aadSize, key, keySize, (uint32_t)tag, tagSize, 1, blackKeyType); +} + +/*! + * brief Decrypts AES and authenticates using CCM block mode. + * + * Puts AES CCM decrypt and check tag descriptor to CAAM input job ring. + * + * param base CAAM peripheral base address + * param handle Handle used for this request. Specifies jobRing. + * param[out] descriptor Memory for the CAAM descriptor. + * param ciphertext Input cipher text to decrypt + * param[out] plaintext Output plain text. + * param size Size of input and output data in bytes. Zero means authentication data only. + * param iv Nonce + * param ivSize Length of the Nonce in bytes. Must be 7, 8, 9, 10, 11, 12, or 13. + * param aad Input additional authentication data. Can be NULL if aadSize is zero. + * param aadSize Input size in bytes of AAD. Zero means data mode only (authentication data skipped). + * param key Input key to use for decryption + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * param tag Received tag. Set to NULL to skip tag processing. + * param tagSize Input size of the received tag to compare with the computed tag, in bytes. Must be 4, 6, 8, 10, 12, + * 14, or 16. + * return Status from job descriptor push + */ +status_t CAAM_AES_DecryptTagCcmNonBlockingExtended(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_ccm_t descriptor, + const uint8_t *ciphertext, + uint8_t *plaintext, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + const uint8_t *tag, + size_t tagSize, + caam_key_type_t blackKeyType) +{ + return caam_aes_ccm_non_blocking_extended(base, handle, descriptor, ciphertext, plaintext, size, iv, ivSize, aad, + aadSize, key, keySize, (uint32_t)tag, tagSize, 0, blackKeyType); +} + static const uint32_t templateAesCtr[] = { /* 00 */ 0xB0800000u, /* HEADER */ /* 01 */ 0x02000000u, /* KEY */ @@ -1309,17 +1597,17 @@ static const uint32_t templateAesCtr[] = { * are not used. * return Status from job descriptor push */ -status_t CAAM_AES_CryptCtrNonBlocking(CAAM_Type *base, - caam_handle_t *handle, - caam_desc_aes_ctr_t descriptor, - const uint8_t *input, - uint8_t *output, - size_t size, - uint8_t *counter, - const uint8_t *key, - size_t keySize, - uint8_t *counterlast, - size_t *szLeft) +static status_t s_CAAM_AES_CryptCtrNonBlocking(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_ctr_t descriptor, + const uint8_t *input, + uint8_t *output, + size_t size, + uint8_t *counter, + const uint8_t *key, + size_t keySize, + uint8_t *counterlast, + size_t *szLeft) { BUILD_ASSURE(sizeof(templateAesCtr) <= sizeof(caam_desc_aes_ctr_t), caam_desc_aes_ctr_t_size); uint32_t descriptorSize; @@ -1394,8 +1682,115 @@ status_t CAAM_AES_CryptCtrNonBlocking(CAAM_Type *base, /* read last CTRi from AES back to caller */ descriptor[24] = ADD_OFFSET((uint32_t)counter); - /* add operation specified by descriptor to CAAM Job Ring */ - return caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); + return kStatus_Success; +} + +/*! + * brief Encrypts or decrypts AES using CTR block mode. + * + * Encrypts or decrypts AES using CTR block mode. + * AES CTR mode uses only forward AES cipher and same algorithm for encryption and decryption. + * The only difference between encryption and decryption is that, for encryption, the input argument + * is plain text and the output argument is cipher text. For decryption, the input argument is cipher text + * and the output argument is plain text. + * + * Puts AES CTR crypt descriptor to CAAM input job ring. + * + * param base CAAM peripheral base address + * param handle Handle used for this request. Specifies jobRing. + * param[out] descriptor Memory for the CAAM descriptor. + * param input Input data for CTR block mode + * param[out] output Output data for CTR block mode + * param size Size of input and output data in bytes + * param[in,out] counter Input counter (updates on return) + * param key Input key to use for forward AES cipher + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * param[out] counterlast Output cipher of last counter, for chained CTR calls. NULL can be passed if chained calls are + * not used. + * param[out] szLeft Output number of bytes in left unused in counterlast block. NULL can be passed if chained calls + * are not used. + * return Status from job descriptor push + */ +status_t CAAM_AES_CryptCtrNonBlocking(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_ctr_t descriptor, + const uint8_t *input, + uint8_t *output, + size_t size, + uint8_t *counter, + const uint8_t *key, + size_t keySize, + uint8_t *counterlast, + size_t *szLeft) +{ + status_t status = s_CAAM_AES_CryptCtrNonBlocking(base, handle, descriptor, input, output, size, counter, key, + keySize, counterlast, szLeft); + + if (status == kStatus_Success) + { + /* add operation specified by descriptor to CAAM Job Ring */ + return caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); + } + else + { + return status; + } +} + +/*! + * brief Encrypts or decrypts AES using CTR block mode using black key. + * + * Encrypts or decrypts AES using CTR block mode. + * AES CTR mode uses only forward AES cipher and same algorithm for encryption and decryption. + * The only difference between encryption and decryption is that, for encryption, the input argument + * is plain text and the output argument is cipher text. For decryption, the input argument is cipher text + * and the output argument is plain text. + * + * Puts AES CTR crypt descriptor to CAAM input job ring. + * + * param base CAAM peripheral base address + * param handle Handle used for this request. Specifies jobRing. + * param[out] descriptor Memory for the CAAM descriptor. + * param input Input data for CTR block mode + * param[out] output Output data for CTR block mode + * param size Size of input and output data in bytes + * param[in,out] counter Input counter (updates on return) + * param key Input key to use for forward AES cipher + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * param[out] counterlast Output cipher of last counter, for chained CTR calls. NULL can be passed if chained calls are + * not used. + * param[out] szLeft Output number of bytes in left unused in counterlast block. NULL can be passed if chained calls + * are not used. + * param blackKeyType Type of black key + * return Status from job descriptor push + */ +status_t CAAM_AES_CryptCtrNonBlockingExtended(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_ctr_t descriptor, + const uint8_t *input, + uint8_t *output, + size_t size, + uint8_t *counter, + const uint8_t *key, + size_t keySize, + uint8_t *counterlast, + size_t *szLeft, + caam_key_type_t blackKeyType) +{ + status_t status = s_CAAM_AES_CryptCtrNonBlocking(base, handle, descriptor, input, output, size, counter, key, + keySize, counterlast, szLeft); + + if (status == kStatus_Success) + { + descriptor[1] |= (uint32_t)blackKeyType; + + /* add operation specified by descriptor to CAAM Job Ring */ + return caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); + } + else + { + return status; + } } static const uint32_t templateAesEcb[] = { @@ -1425,14 +1820,14 @@ static const uint32_t templateAesEcb[] = { * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. * return Status from job descriptor push */ -status_t CAAM_AES_EncryptEcbNonBlocking(CAAM_Type *base, - caam_handle_t *handle, - caam_desc_aes_ecb_t descriptor, - const uint8_t *plaintext, - uint8_t *ciphertext, - size_t size, - const uint8_t *key, - size_t keySize) +static status_t s_CAAM_AES_EncryptEcbNonBlocking(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_ecb_t descriptor, + const uint8_t *plaintext, + uint8_t *ciphertext, + size_t size, + const uint8_t *key, + size_t keySize) { BUILD_ASSURE(sizeof(templateAesEcb) <= sizeof(caam_desc_aes_ecb_t), caam_desc_aes_ecb_t_size); uint32_t descriptorSize; @@ -1460,7 +1855,44 @@ status_t CAAM_AES_EncryptEcbNonBlocking(CAAM_Type *base, descriptor[8] = size; /* FIFO STORE EXT size */ descriptor[9] |= 1u; /* add ENC bit to specify Encrypt OPERATION */ - return caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); + return kStatus_Success; +} + +/*! + * brief Encrypts AES using the ECB block mode. + * + * Puts AES ECB encrypt descriptor to CAAM input job ring. + * + * param base CAAM peripheral base address + * param plaintext Input plain text to encrypt + * param[out] descriptor Memory for the CAAM descriptor. + * param[out] ciphertext Output cipher text + * param size Size of input and output data in bytes. Must be multiple of 16 bytes. + * param key Input key to use for encryption + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * return Status from job descriptor push + */ +status_t CAAM_AES_EncryptEcbNonBlocking(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_ecb_t descriptor, + const uint8_t *plaintext, + uint8_t *ciphertext, + size_t size, + const uint8_t *key, + size_t keySize) +{ + status_t status = + s_CAAM_AES_EncryptEcbNonBlocking(base, handle, descriptor, plaintext, ciphertext, size, key, keySize); + + if (status == kStatus_Success) + { + /* add operation specified by descriptor to CAAM Job Ring */ + return caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); + } + else + { + return status; + } } /*! @@ -1478,14 +1910,14 @@ status_t CAAM_AES_EncryptEcbNonBlocking(CAAM_Type *base, * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. * return Status from job descriptor push */ -status_t CAAM_AES_DecryptEcbNonBlocking(CAAM_Type *base, - caam_handle_t *handle, - caam_desc_aes_ecb_t descriptor, - const uint8_t *ciphertext, - uint8_t *plaintext, - size_t size, - const uint8_t *key, - size_t keySize) +static status_t s_CAAM_AES_DecryptEcbNonBlocking(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_ecb_t descriptor, + const uint8_t *ciphertext, + uint8_t *plaintext, + size_t size, + const uint8_t *key, + size_t keySize) { uint32_t descriptorSize; @@ -1511,7 +1943,128 @@ status_t CAAM_AES_DecryptEcbNonBlocking(CAAM_Type *base, descriptor[7] = (uint32_t)ADD_OFFSET((uint32_t)plaintext); descriptor[8] = size; /* FIFO STORE EXT size */ - return caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); + return kStatus_Success; +} + +/*! + * brief Decrypts AES using ECB block mode. + * + * Puts AES ECB decrypt descriptor to CAAM input job ring. + * + * param base CAAM peripheral base address + * param handle Handle used for this request. Specifies jobRing. + * param[out] descriptor Memory for the CAAM descriptor. + * param ciphertext Input cipher text to decrypt + * param[out] plaintext Output plain text + * param size Size of input and output data in bytes. Must be multiple of 16 bytes. + * param key Input key. + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * return Status from job descriptor push + */ +status_t CAAM_AES_DecryptEcbNonBlocking(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_ecb_t descriptor, + const uint8_t *ciphertext, + uint8_t *plaintext, + size_t size, + const uint8_t *key, + size_t keySize) +{ + status_t status = + s_CAAM_AES_DecryptEcbNonBlocking(base, handle, descriptor, ciphertext, plaintext, size, key, keySize); + + if (status == kStatus_Success) + { + /* add operation specified by descriptor to CAAM Job Ring */ + return caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); + } + else + { + return status; + } +} + +/*! + * brief Encrypts AES using the ECB block mode using black key. + * + * Puts AES ECB encrypt descriptor to CAAM input job ring. + * + * param base CAAM peripheral base address + * param plaintext Input plain text to encrypt + * param[out] descriptor Memory for the CAAM descriptor. + * param[out] ciphertext Output cipher text + * param size Size of input and output data in bytes. Must be multiple of 16 bytes. + * param key Input key to use for encryption + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * param blackKeyType Type of black key + * return Status from job descriptor push + */ +status_t CAAM_AES_EncryptEcbNonBlockingExtended(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_ecb_t descriptor, + const uint8_t *plaintext, + uint8_t *ciphertext, + size_t size, + const uint8_t *key, + size_t keySize, + caam_key_type_t blackKeyType) +{ + status_t status = + s_CAAM_AES_EncryptEcbNonBlocking(base, handle, descriptor, plaintext, ciphertext, size, key, keySize); + + if (status == kStatus_Success) + { + descriptor[1] |= (uint32_t)blackKeyType; + + /* add operation specified by descriptor to CAAM Job Ring */ + return caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); + } + else + { + return status; + } +} + +/*! + * brief Decrypts AES using ECB block mode using black key. + * + * Puts AES ECB decrypt descriptor to CAAM input job ring. + * + * param base CAAM peripheral base address + * param handle Handle used for this request. Specifies jobRing. + * param[out] descriptor Memory for the CAAM descriptor. + * param ciphertext Input cipher text to decrypt + * param[out] plaintext Output plain text + * param size Size of input and output data in bytes. Must be multiple of 16 bytes. + * param key Input key. + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * param blackKeyType Type of black key + * return Status from job descriptor push + */ +status_t CAAM_AES_DecryptEcbNonBlockingExtended(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_ecb_t descriptor, + const uint8_t *ciphertext, + uint8_t *plaintext, + size_t size, + const uint8_t *key, + size_t keySize, + caam_key_type_t blackKeyType) +{ + status_t status = + s_CAAM_AES_DecryptEcbNonBlocking(base, handle, descriptor, ciphertext, plaintext, size, key, keySize); + + if (status == kStatus_Success) + { + descriptor[1] |= (uint32_t)blackKeyType; + + /* add operation specified by descriptor to CAAM Job Ring */ + return caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); + } + else + { + return status; + } } static const uint32_t templateAesCbc[] = { @@ -1529,6 +2082,70 @@ static const uint32_t templateAesCbc[] = { /* 11 */ 0x82100100u, /* OPERATION: AES CBC Decrypt */ }; +/*! + * brief Encrypts AES using CBC block mode. + * + * Puts AES CBC encrypt descriptor to CAAM input job ring. + * + * param[out] descriptor Memory for the CAAM descriptor. + * param plaintext Input plain text to encrypt + * param[out] ciphertext Output cipher text + * param size Size of input and output data in bytes. Must be multiple of 16 bytes. + * param iv Input initial vector to combine with the first input block. + * param key Input key to use for encryption + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * return Status from job descriptor push + */ +static status_t s_CAAM_AES_EncryptCbc(caam_desc_aes_cbc_t descriptor, + const uint8_t *plaintext, + uint8_t *ciphertext, + size_t size, + const uint8_t *iv, + const uint8_t *key, + size_t keySize) +{ + BUILD_ASSURE(sizeof(templateAesCbc) <= sizeof(caam_desc_aes_cbc_t), caam_desc_aes_cbc_t_size); + uint32_t descriptorSize; + + if (!caam_check_key_size(keySize)) + { + return kStatus_InvalidArgument; + } + + /* CBC mode, size must be non-zero 16-byte multiple */ + if (0U != (size % 16u)) + { + return kStatus_InvalidArgument; + } + + /* get template descriptor and it's size */ + descriptorSize = ARRAY_SIZE(templateAesCbc); + (void)caam_memcpy(descriptor, templateAesCbc, sizeof(templateAesCbc)); + + /* add descriptor size */ + descriptor[0] |= (descriptorSize & DESC_SIZE_MASK); + + /* key address and key size */ + descriptor[1] |= (keySize & DESC_KEY_SIZE_MASK); + descriptor[2] = (uint32_t)ADD_OFFSET((uint32_t)key); + + /* descriptor[3] configures 16 bytes length for IV in templateAesCbc */ + descriptor[4] = (uint32_t)ADD_OFFSET((uint32_t)iv); + + /* source address and size */ + descriptor[6] = (uint32_t)ADD_OFFSET((uint32_t)plaintext); + descriptor[7] = size; + + /* destination address and size */ + descriptor[9] = (uint32_t)ADD_OFFSET((uint32_t)ciphertext); + descriptor[10] = size; + + /* AES CBC */ + descriptor[11] |= 1u; /* add ENC bit to specify Encrypt OPERATION */ + + return kStatus_Success; +} + /*! * brief Encrypts AES using CBC block mode. * @@ -1555,7 +2172,41 @@ status_t CAAM_AES_EncryptCbcNonBlocking(CAAM_Type *base, const uint8_t *key, size_t keySize) { - BUILD_ASSURE(sizeof(templateAesCbc) <= sizeof(caam_desc_aes_cbc_t), caam_desc_aes_cbc_t_size); + status_t status = s_CAAM_AES_EncryptCbc(descriptor, plaintext, ciphertext, size, iv, key, keySize); + + if (status == kStatus_Success) + { + /* add operation specified by descriptor to CAAM Job Ring */ + return caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); + } + else + { + return status; + } +} + +/*! + * brief Decrypts AES using CBC block mode. + * + * Puts AES CBC decrypt descriptor to CAAM input job ring. + * + * param[out] descriptor Memory for the CAAM descriptor. + * param ciphertext Input cipher text to decrypt + * param[out] plaintext Output plain text + * param size Size of input and output data in bytes. Must be multiple of 16 bytes. + * param iv Input initial vector to combine with the first input block. + * param key Input key to use for decryption + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * return Status from job descriptor push + */ +static status_t s_CAAM_AES_DecryptCbc(caam_desc_aes_cbc_t descriptor, + const uint8_t *ciphertext, + uint8_t *plaintext, + size_t size, + const uint8_t *iv, + const uint8_t *key, + size_t keySize) +{ uint32_t descriptorSize; if (!caam_check_key_size(keySize)) @@ -1578,28 +2229,108 @@ status_t CAAM_AES_EncryptCbcNonBlocking(CAAM_Type *base, /* key address and key size */ descriptor[1] |= (keySize & DESC_KEY_SIZE_MASK); - descriptor[2] = (uint32_t)ADD_OFFSET((uint32_t)key); + descriptor[2] = ADD_OFFSET((uint32_t)key); /* descriptor[3] configures 16 bytes length for IV in templateAesCbc */ - descriptor[4] = (uint32_t)ADD_OFFSET((uint32_t)iv); + descriptor[4] = ADD_OFFSET((uint32_t)iv); /* source address and size */ - descriptor[6] = (uint32_t)ADD_OFFSET((uint32_t)plaintext); + descriptor[6] = ADD_OFFSET((uint32_t)ciphertext); descriptor[7] = size; /* destination address and size */ - descriptor[9] = (uint32_t)ADD_OFFSET((uint32_t)ciphertext); + descriptor[9] = ADD_OFFSET((uint32_t)plaintext); descriptor[10] = size; - /* AES CBC */ - descriptor[11] |= 1u; /* add ENC bit to specify Encrypt OPERATION */ + /* AES CBC Decrypt OPERATION in descriptor[11] */ + + /* add operation specified by descriptor to CAAM Job Ring */ + return kStatus_Success; +} +/*! + * brief Decrypts AES using CBC block mode. + * + * Puts AES CBC decrypt descriptor to CAAM input job ring. + * + * param base CAAM peripheral base address + * param handle Handle used for this request. Specifies jobRing. + * param[out] descriptor Memory for the CAAM descriptor. + * param ciphertext Input cipher text to decrypt + * param[out] plaintext Output plain text + * param size Size of input and output data in bytes. Must be multiple of 16 bytes. + * param iv Input initial vector to combine with the first input block. + * param key Input key to use for decryption + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * return Status from job descriptor push + */ +status_t CAAM_AES_DecryptCbcNonBlocking(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_cbc_t descriptor, + const uint8_t *ciphertext, + uint8_t *plaintext, + size_t size, + const uint8_t *iv, + const uint8_t *key, + size_t keySize) +{ + status_t status = s_CAAM_AES_DecryptCbc(descriptor, ciphertext, plaintext, size, iv, key, keySize); + + if (status == kStatus_Success) + { + /* add operation specified by descriptor to CAAM Job Ring */ + return caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); + } + else + { + return status; + } +} + +/*! + * brief Encrypts AES using CBC block mode using black key. + * + * Puts AES CBC encrypt descriptor to CAAM input job ring. + * + * param base CAAM peripheral base address + * param handle Handle used for this request. Specifies jobRing. + * param[out] descriptor Memory for the CAAM descriptor. + * param plaintext Input plain text to encrypt + * param[out] ciphertext Output cipher text + * param size Size of input and output data in bytes. Must be multiple of 16 bytes. + * param iv Input initial vector to combine with the first input block. + * param key Input key to use for encryption + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * param blackKeyType Type of black key + * return Status from job descriptor push + */ +status_t CAAM_AES_EncryptCbcNonBlockingExtended(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_cbc_t descriptor, + const uint8_t *plaintext, + uint8_t *ciphertext, + size_t size, + const uint8_t *iv, + const uint8_t *key, + size_t keySize, + caam_key_type_t blackKeyType) +{ + status_t status = s_CAAM_AES_EncryptCbc(descriptor, plaintext, ciphertext, size, iv, key, keySize); + + if (status == kStatus_Success) + { + descriptor[1] |= (uint32_t)blackKeyType; - /* add operation specified by descriptor to CAAM Job Ring */ - return caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); + /* add operation specified by descriptor to CAAM Job Ring */ + return caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); + } + else + { + return status; + } } /*! - * brief Decrypts AES using CBC block mode. + * brief Decrypts AES using CBC block mode using black key. * * Puts AES CBC decrypt descriptor to CAAM input job ring. * @@ -1612,57 +2343,33 @@ status_t CAAM_AES_EncryptCbcNonBlocking(CAAM_Type *base, * param iv Input initial vector to combine with the first input block. * param key Input key to use for decryption * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * param blackKeyType Type of black key * return Status from job descriptor push */ -status_t CAAM_AES_DecryptCbcNonBlocking(CAAM_Type *base, - caam_handle_t *handle, - caam_desc_aes_cbc_t descriptor, - const uint8_t *ciphertext, - uint8_t *plaintext, - size_t size, - const uint8_t *iv, - const uint8_t *key, - size_t keySize) -{ - uint32_t descriptorSize; +status_t CAAM_AES_DecryptCbcNonBlockingExtended(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_cbc_t descriptor, + const uint8_t *ciphertext, + uint8_t *plaintext, + size_t size, + const uint8_t *iv, + const uint8_t *key, + size_t keySize, + caam_key_type_t blackKeyType) +{ + status_t status = s_CAAM_AES_DecryptCbc(descriptor, ciphertext, plaintext, size, iv, key, keySize); - if (!caam_check_key_size(keySize)) + if (status == kStatus_Success) { - return kStatus_InvalidArgument; - } + descriptor[1] |= (uint32_t)blackKeyType; - /* CBC mode, size must be non-zero 16-byte multiple */ - if (0U != (size % 16u)) + /* add operation specified by descriptor to CAAM Job Ring */ + return caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); + } + else { - return kStatus_InvalidArgument; + return status; } - - /* get template descriptor and it's size */ - descriptorSize = ARRAY_SIZE(templateAesCbc); - (void)caam_memcpy(descriptor, templateAesCbc, sizeof(templateAesCbc)); - - /* add descriptor size */ - descriptor[0] |= (descriptorSize & DESC_SIZE_MASK); - - /* key address and key size */ - descriptor[1] |= (keySize & DESC_KEY_SIZE_MASK); - descriptor[2] = ADD_OFFSET((uint32_t)key); - - /* descriptor[3] configures 16 bytes length for IV in templateAesCbc */ - descriptor[4] = ADD_OFFSET((uint32_t)iv); - - /* source address and size */ - descriptor[6] = ADD_OFFSET((uint32_t)ciphertext); - descriptor[7] = size; - - /* destination address and size */ - descriptor[9] = ADD_OFFSET((uint32_t)plaintext); - descriptor[10] = size; - - /* AES CBC Decrypt OPERATION in descriptor[11] */ - - /* add operation specified by descriptor to CAAM Job Ring */ - return caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); } /*! @@ -1749,6 +2456,92 @@ status_t CAAM_AES_DecryptTagGcmNonBlocking(CAAM_Type *base, key, keySize, (uint32_t)tag, tagSize, 0); } +/*! + * brief Encrypts AES and tags using GCM block mode. + * + * Encrypts AES and optionally tags using GCM block mode. If plaintext is NULL, only the GHASH is calculated and output + * in the 'tag' field. + * Puts AES GCM encrypt and tag descriptor to CAAM input job ring. + * + * param base CAAM peripheral base address + * param handle Handle used for this request. Specifies jobRing. + * param[out] descriptor Memory for the CAAM descriptor. + * param plaintext Input plain text to encrypt + * param[out] ciphertext Output cipher text. + * param size Size of input and output data in bytes + * param iv Input initial vector + * param ivSize Size of the IV + * param aad Input additional authentication data + * param aadSize Input size in bytes of AAD + * param key Input key to use for encryption + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * param[out] tag Output hash tag. Set to NULL to skip tag processing. + * param tagSize Input size of the tag to generate, in bytes. Must be 4,8,12,13,14,15 or 16. + * return Status from job descriptor push + */ +status_t CAAM_AES_EncryptTagGcmNonBlockingExtended(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_gcm_t descriptor, + const uint8_t *plaintext, + uint8_t *ciphertext, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + uint8_t *tag, + size_t tagSize, + caam_key_type_t blackKeyType) +{ + return caam_aes_gcm_non_blocking_extended(base, handle, descriptor, plaintext, ciphertext, size, iv, ivSize, aad, + aadSize, key, keySize, (uint32_t)tag, tagSize, 1, blackKeyType); +} + +/*! + * brief Decrypts AES and authenticates using GCM block mode. + * + * Decrypts AES and optionally authenticates using GCM block mode. If ciphertext is NULL, only the GHASH is calculated + * and compared with the received GHASH in 'tag' field. + * Puts AES GCM decrypt and check tag descriptor to CAAM input job ring. + * + * param base CAAM peripheral base address + * param handle Handle used for this request. Specifies jobRing. + * param[out] descriptor Memory for the CAAM descriptor. + * param ciphertext Input cipher text to decrypt + * param[out] plaintext Output plain text. + * param size Size of input and output data in bytes + * param iv Input initial vector + * param ivSize Size of the IV + * param aad Input additional authentication data + * param aadSize Input size in bytes of AAD + * param key Input key to use for encryption + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * param tag Input hash tag to compare. Set to NULL to skip tag processing. + * param tagSize Input size of the tag, in bytes. Must be 4, 8, 12, 13, 14, 15, or 16. + * return Status from job descriptor push + */ +status_t CAAM_AES_DecryptTagGcmNonBlockingExtended(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_gcm_t descriptor, + const uint8_t *ciphertext, + uint8_t *plaintext, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + const uint8_t *tag, + size_t tagSize, + caam_key_type_t blackKeyType) +{ + return caam_aes_gcm_non_blocking_extended(base, handle, descriptor, ciphertext, plaintext, size, iv, ivSize, aad, + aadSize, key, keySize, (uint32_t)tag, tagSize, 0, blackKeyType); +} + /*! * brief Gets the default configuration structure. * @@ -1846,6 +2639,7 @@ status_t CAAM_Init(CAAM_Type *base, const caam_config_t *config) * for FIFO STORE command to be able to store Key register as Black key * for example during AES XCBC-MAC context switch (need to store derived key K1 to memory) */ + caam_rng_config_t rngConfig; (void)CAAM_RNG_GetDefaultConfig(&rngConfig); /* reset RNG */ @@ -2149,6 +2943,99 @@ status_t CAAM_AES_DecryptEcb(CAAM_Type *base, return status; } +/*! + * brief Encrypts AES using the ECB block mode using black key. + * + * Encrypts AES using the ECB block mode. + * + * param base CAAM peripheral base address + * param plaintext Input plain text to encrypt + * param[out] ciphertext Output cipher text + * param size Size of input and output data in bytes. Must be multiple of 16 bytes. + * param key Input key to use for encryption + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * param blackKeyType Type of black key + * return Status from encrypt operation + */ +status_t CAAM_AES_EncryptEcbExtended(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *plaintext, + uint8_t *ciphertext, + size_t size, + const uint8_t *key, + size_t keySize, + caam_key_type_t blackKeyType) +{ + caam_desc_aes_ecb_t descBuf; + status_t status; + + do + { + status = CAAM_AES_EncryptEcbNonBlockingExtended(base, handle, descBuf, plaintext, ciphertext, size, key, + keySize, blackKeyType); + } while (status == kStatus_CAAM_Again); + + if (status != 0) + { + return status; + } + + status = CAAM_Wait(base, handle, descBuf, kCAAM_Blocking); +#if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) + /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ + /* Invalidate unaligned data can cause memory corruption in write-back mode */ + DCACHE_InvalidateByRange((uint32_t)ciphertext, size); +#endif /* CAAM_OUT_INVALIDATE */ + return status; +} + +/*! + * brief Decrypts AES using ECB block mode using black key. + * + * Decrypts AES using ECB block mode. + * + * param base CAAM peripheral base address + * param handle Handle used for this request. Specifies jobRing. + * param ciphertext Input cipher text to decrypt + * param[out] plaintext Output plain text + * param size Size of input and output data in bytes. Must be multiple of 16 bytes. + * param key Input key. + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * param blackKeyType Type of black key + * return Status from decrypt operation + */ +status_t CAAM_AES_DecryptEcbExtended(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *ciphertext, + uint8_t *plaintext, + size_t size, + const uint8_t *key, + size_t keySize, + caam_key_type_t blackKeyType) +{ + caam_desc_aes_ecb_t descBuf; + status_t status; + + do + { + status = CAAM_AES_DecryptEcbNonBlockingExtended(base, handle, descBuf, ciphertext, plaintext, size, key, + keySize, blackKeyType); + } while (status == kStatus_CAAM_Again); + + if (status != 0) + { + return status; + } + + status = CAAM_Wait(base, handle, descBuf, kCAAM_Blocking); +#if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) + /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ + /* Invalidate unaligned data can cause memory corruption in write-back mode */ + DCACHE_InvalidateByRange((uint32_t)plaintext, size); +#endif /* CAAM_OUT_INVALIDATE */ + return status; +} + /*! * brief Encrypts AES using CBC block mode. * @@ -2237,6 +3124,100 @@ status_t CAAM_AES_DecryptCbc(CAAM_Type *base, return status; } +/*! + * brief Encrypts AES using CBC block mode using black key. + * + * param base CAAM peripheral base address + * param handle Handle used for this request. Specifies jobRing. + * param plaintext Input plain text to encrypt + * param[out] ciphertext Output cipher text + * param size Size of input and output data in bytes. Must be multiple of 16 bytes. + * param iv Input initial vector to combine with the first input block. + * param key Input key to use for encryption + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * param blackKeyType Type of black key + * return Status from encrypt operation + */ +status_t CAAM_AES_EncryptCbcExtended(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *plaintext, + uint8_t *ciphertext, + size_t size, + const uint8_t iv[16], + const uint8_t *key, + size_t keySize, + caam_key_type_t blackKeyType) +{ + caam_desc_aes_cbc_t descBuf; + status_t status; + + do + { + status = CAAM_AES_EncryptCbcNonBlockingExtended(base, handle, descBuf, plaintext, ciphertext, size, iv, key, + keySize, blackKeyType); + } while (status == kStatus_CAAM_Again); + + if (status != 0) + { + return status; + } + + status = CAAM_Wait(base, handle, descBuf, kCAAM_Blocking); +#if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) + /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ + /* Invalidate unaligned data can cause memory corruption in write-back mode */ + DCACHE_InvalidateByRange((uint32_t)ciphertext, size); +#endif /* CAAM_OUT_INVALIDATE */ + return status; +} + +/*! + * brief Decrypts AES using CBC block mode using black key. + * + * param base CAAM peripheral base address + * param handle Handle used for this request. Specifies jobRing. + * param ciphertext Input cipher text to decrypt + * param[out] plaintext Output plain text + * param size Size of input and output data in bytes. Must be multiple of 16 bytes. + * param iv Input initial vector to combine with the first input block. + * param key Input key to use for decryption + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * param blackKeyType Type of black key + * return Status from decrypt operation + */ +status_t CAAM_AES_DecryptCbcExtended(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *ciphertext, + uint8_t *plaintext, + size_t size, + const uint8_t iv[16], + const uint8_t *key, + size_t keySize, + caam_key_type_t blackKeyType) +{ + caam_desc_aes_cbc_t descBuf; + status_t status; + + do + { + status = CAAM_AES_DecryptCbcNonBlockingExtended(base, handle, descBuf, ciphertext, plaintext, size, iv, key, + keySize, blackKeyType); + } while (status == kStatus_CAAM_Again); + + if (status != 0) + { + return status; + } + + status = CAAM_Wait(base, handle, descBuf, kCAAM_Blocking); +#if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) + /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ + /* Invalidate unaligned data can cause memory corruption in write-back mode */ + DCACHE_InvalidateByRange((uint32_t)plaintext, size); +#endif /* CAAM_OUT_INVALIDATE */ + return status; +} + /*! * brief Encrypts or decrypts AES using CTR block mode. * @@ -2300,6 +3281,71 @@ status_t CAAM_AES_CryptCtr(CAAM_Type *base, return status; } +/*! + * brief Encrypts or decrypts AES using CTR block mode using black key. + * + * Encrypts or decrypts AES using CTR block mode. + * AES CTR mode uses only forward AES cipher and same algorithm for encryption and decryption. + * The only difference between encryption and decryption is that, for encryption, the input argument + * is plain text and the output argument is cipher text. For decryption, the input argument is cipher text + * and the output argument is plain text. + * + * param base CAAM peripheral base address + * param handle Handle used for this request. Specifies jobRing. + * param input Input data for CTR block mode + * param[out] output Output data for CTR block mode + * param size Size of input and output data in bytes + * param[in,out] counter Input counter (updates on return) + * param key Input key to use for forward AES cipher + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * param[out] counterlast Output cipher of last counter, for chained CTR calls. NULL can be passed if chained calls are + * not used. + * param[out] szLeft Output number of bytes in left unused in counterlast block. NULL can be passed if chained calls + * are not used. + * param blackKeyType Type of black key + * return Status from encrypt operation + */ +status_t CAAM_AES_CryptCtrExtended(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *input, + uint8_t *output, + size_t size, + uint8_t counter[16], + const uint8_t *key, + size_t keySize, + uint8_t counterlast[16], + size_t *szLeft, + caam_key_type_t blackKeyType) +{ + caam_desc_aes_ctr_t descBuf; + status_t status; + + do + { + status = CAAM_AES_CryptCtrNonBlockingExtended(base, handle, descBuf, input, output, size, counter, key, keySize, + counterlast, szLeft, blackKeyType); + } while (status == kStatus_CAAM_Again); + + if (status != 0) + { + return status; + } + + status = CAAM_Wait(base, handle, descBuf, kCAAM_Blocking); +#if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) + /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ + /* Invalidate unaligned data can cause memory corruption in write-back mode */ + DCACHE_InvalidateByRange((uint32_t)output, size); + DCACHE_InvalidateByRange((uint32_t)counter, 16u); + DCACHE_InvalidateByRange((uint32_t)szLeft, sizeof(szLeft)); + if (counterlast != NULL) + { + DCACHE_InvalidateByRange((uint32_t)counterlast, 16u); + } +#endif /* CAAM_OUT_INVALIDATE */ + return status; +} + /*! * brief Encrypts AES and tags using CCM block mode. * @@ -2416,6 +3462,127 @@ status_t CAAM_AES_DecryptTagCcm(CAAM_Type *base, return status; } +/*! + * brief Encrypts AES and tags using CCM block mode using black key. + * + * Encrypts AES and optionally tags using CCM block mode. + * + * param base CAAM peripheral base address + * param handle Handle used for this request. Specifies jobRing. + * param plaintext Input plain text to encrypt + * param[out] ciphertext Output cipher text. + * param size Size of input and output data in bytes. Zero means authentication only. + * param iv Nonce + * param ivSize Length of the Nonce in bytes. Must be 7, 8, 9, 10, 11, 12, or 13. + * param aad Input additional authentication data. Can be NULL if aadSize is zero. + * param aadSize Input size in bytes of AAD. Zero means data mode only (authentication skipped). + * param key Input key to use for encryption + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * param[out] tag Generated output tag. Set to NULL to skip tag processing. + * param tagSize Input size of the tag to generate, in bytes. Must be 4, 6, 8, 10, 12, 14, or 16. + * param blackKeyType Type of black key + * return Status from encrypt operation + */ +status_t CAAM_AES_EncryptTagCcmExtended(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *plaintext, + uint8_t *ciphertext, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + uint8_t *tag, + size_t tagSize, + caam_key_type_t blackKeyType) +{ + caam_desc_aes_ccm_t descBuf; + status_t status; + + do + { + status = + CAAM_AES_EncryptTagCcmNonBlockingExtended(base, handle, descBuf, plaintext, ciphertext, size, iv, ivSize, + aad, aadSize, key, keySize, tag, tagSize, blackKeyType); + } while (status == kStatus_CAAM_Again); + + if (status != 0) + { + return status; + } + + status = CAAM_Wait(base, handle, descBuf, kCAAM_Blocking); + +#if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) + /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ + /* Invalidate unaligned data can cause memory corruption in write-back mode */ + DCACHE_InvalidateByRange((uint32_t)ciphertext, size); + DCACHE_InvalidateByRange((uint32_t)tag, tagSize); +#endif /* CAAM_OUT_INVALIDATE */ + return status; +} + +/*! + * brief Decrypts AES and authenticates using CCM block mode using black key. + * + * Decrypts AES and optionally authenticates using CCM block mode. + * + * param base CAAM peripheral base address + * param handle Handle used for this request. Specifies jobRing. + * param ciphertext Input cipher text to decrypt + * param[out] plaintext Output plain text. + * param size Size of input and output data in bytes. Zero means authentication data only. + * param iv Nonce + * param ivSize Length of the Nonce in bytes. Must be 7, 8, 9, 10, 11, 12, or 13. + * param aad Input additional authentication data. Can be NULL if aadSize is zero. + * param aadSize Input size in bytes of AAD. Zero means data mode only (authentication data skipped). + * param key Input key to use for decryption + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * param tag Received tag. Set to NULL to skip tag processing. + * param tagSize Input size of the received tag to compare with the computed tag, in bytes. Must be 4, 6, 8, 10, 12, + * 14, or 16. + * param blackKeyType Type of black key + * return Status from decrypt operation + */ +status_t CAAM_AES_DecryptTagCcmExtended(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *ciphertext, + uint8_t *plaintext, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + const uint8_t *tag, + size_t tagSize, + caam_key_type_t blackKeyType) +{ + caam_desc_aes_ccm_t descBuf; + status_t status; + + do + { + status = + CAAM_AES_DecryptTagCcmNonBlockingExtended(base, handle, descBuf, ciphertext, plaintext, size, iv, ivSize, + aad, aadSize, key, keySize, tag, tagSize, blackKeyType); + } while (status == kStatus_CAAM_Again); + + if (status != 0) + { + return status; + } + status = CAAM_Wait(base, handle, descBuf, kCAAM_Blocking); +#if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) + /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ + /* Invalidate unaligned data can cause memory corruption in write-back mode */ + DCACHE_InvalidateByRange((uint32_t)plaintext, size); +#endif /* CAAM_OUT_INVALIDATE */ + return status; +} /*! * brief Encrypts AES and tags using GCM block mode. * @@ -2519,8 +3686,133 @@ status_t CAAM_AES_DecryptTagGcm(CAAM_Type *base, do { - status = CAAM_AES_DecryptTagGcmNonBlocking(base, handle, descBuf, ciphertext, plaintext, size, iv, ivSize, aad, - aadSize, key, keySize, tag, tagSize); + status = CAAM_AES_DecryptTagGcmNonBlocking(base, handle, descBuf, ciphertext, plaintext, size, iv, ivSize, aad, + aadSize, key, keySize, tag, tagSize); + } while (status == kStatus_CAAM_Again); + + if (status != 0) + { + return status; + } + status = CAAM_Wait(base, handle, descBuf, kCAAM_Blocking); + +#if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) + /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ + /* Invalidate unaligned data can cause memory corruption in write-back mode */ + DCACHE_InvalidateByRange((uint32_t)plaintext, size); +#endif /* CAAM_OUT_INVALIDATE */ + return status; +} + +/*! + * brief Encrypts AES and tags using GCM block mode. + * + * Encrypts AES and optionally tags using GCM block mode. If plaintext is NULL, only the GHASH is calculated and output + * in the 'tag' field. + * + * param base CAAM peripheral base address + * param handle Handle used for this request. Specifies jobRing. + * param plaintext Input plain text to encrypt + * param[out] ciphertext Output cipher text. + * param size Size of input and output data in bytes + * param iv Input initial vector + * param ivSize Size of the IV + * param aad Input additional authentication data + * param aadSize Input size in bytes of AAD + * param key Input key to use for encryption + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * param[out] tag Output hash tag. Set to NULL to skip tag processing. + * param tagSize Input size of the tag to generate, in bytes. Must be 4,8,12,13,14,15 or 16. + * return Status from encrypt operation + */ +status_t CAAM_AES_EncryptTagGcmExtended(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *plaintext, + uint8_t *ciphertext, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + uint8_t *tag, + size_t tagSize, + caam_key_type_t blackKeyType) +{ + caam_desc_aes_gcm_t descBuf; + status_t status; + + do + { + status = + CAAM_AES_EncryptTagGcmNonBlockingExtended(base, handle, descBuf, plaintext, ciphertext, size, iv, ivSize, + aad, aadSize, key, keySize, tag, tagSize, blackKeyType); + } while (status == kStatus_CAAM_Again); + + if (status != 0) + { + return status; + } + + status = CAAM_Wait(base, handle, descBuf, kCAAM_Blocking); + +#if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) + /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ + /* Invalidate unaligned data can cause memory corruption in write-back mode */ + DCACHE_InvalidateByRange((uint32_t)ciphertext, size); + if (tag != NULL) + { + DCACHE_InvalidateByRange((uint32_t)tag, tagSize); + } +#endif /* CAAM_OUT_INVALIDATE */ + return status; +} + +/*! + * brief Decrypts AES and authenticates using GCM block mode. + * + * Decrypts AES and optionally authenticates using GCM block mode. If ciphertext is NULL, only the GHASH is calculated + * and compared with the received GHASH in 'tag' field. + * + * param base CAAM peripheral base address + * param handle Handle used for this request. Specifies jobRing. + * param ciphertext Input cipher text to decrypt + * param[out] plaintext Output plain text. + * param size Size of input and output data in bytes + * param iv Input initial vector + * param ivSize Size of the IV + * param aad Input additional authentication data + * param aadSize Input size in bytes of AAD + * param key Input key to use for encryption + * param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * param tag Input hash tag to compare. Set to NULL to skip tag processing. + * param tagSize Input size of the tag, in bytes. Must be 4, 8, 12, 13, 14, 15, or 16. + * return Status from decrypt operation + */ +status_t CAAM_AES_DecryptTagGcmExtended(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *ciphertext, + uint8_t *plaintext, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + const uint8_t *tag, + size_t tagSize, + caam_key_type_t blackKeyType) +{ + caam_desc_aes_gcm_t descBuf; + status_t status; + + do + { + status = + CAAM_AES_DecryptTagGcmNonBlockingExtended(base, handle, descBuf, ciphertext, plaintext, size, iv, ivSize, + aad, aadSize, key, keySize, tag, tagSize, blackKeyType); } while (status == kStatus_CAAM_Again); if (status != 0) @@ -4447,6 +5739,7 @@ status_t CAAM_RNG_Init(CAAM_Type *base, status_t status; /* create job descriptor */ + caam_desc_rng_t rngInstantiate = {0}; rngInstantiate[0] = 0xB0800006u; rngInstantiate[1] = 0x12200020u; /* LOAD 32 bytes of to Class 1 Context Register. Offset 0 bytes. */ rngInstantiate[2] = (uint32_t)ADD_OFFSET((uint32_t)config->personalString); @@ -4542,6 +5835,7 @@ status_t CAAM_RNG_GenerateSecureKey(CAAM_Type *base, caam_handle_t *handle, caam status_t status; /* create job descriptor */ + caam_desc_rng_t rngGenSeckey = {0}; rngGenSeckey[0] = 0xB0800004u; /* HEADER */ rngGenSeckey[1] = 0x12200020u; /* LOAD 32 bytes of to Class 1 Context Register. Offset 0 bytes. */ rngGenSeckey[2] = ADD_OFFSET((uint32_t)additionalEntropy); @@ -4648,6 +5942,7 @@ status_t CAAM_RNG_GetRandomData(CAAM_Type *base, caam_rng_generic256_t additionalEntropy) { status_t status; + caam_desc_rng_t descBuf; do { @@ -4753,6 +6048,35 @@ status_t CAAM_RNG_GetRandomDataNonBlocking(CAAM_Type *base, /******************************************************************************* * BLACK Code public ******************************************************************************/ + +size_t CAAM_BLACK_KeyBlackenSize(caam_fifost_type_t fifostType, size_t dataSize) +{ + size_t output; + + switch (fifostType) + { + case kCAAM_FIFOST_Type_Ecb_Jkek: + case kCAAM_FIFOST_Type_Ecb_Tkek: + { + output = CAAM_BLACKEN_ECB_SIZE(dataSize); + break; + } + case kCAAM_FIFOST_Type_Ccm_Jkek: + case kCAAM_FIFOST_Type_Ccm_Tkek: + { + output = CAAM_BLACKEN_CCM_SIZE(dataSize); + break; + } + default: + { + output = 0; + break; + } + } + + return output; +} + static const uint32_t templateBlack[] = { /* 00 */ 0xB0800000u, /* HEADER */ /* 01 */ 0x02000000u, /* KEY command of to Class 1 Context Register. */ @@ -4800,21 +6124,11 @@ status_t CAAM_BLACK_GetKeyBlacken(CAAM_Type *base, descriptor[3] |= ((uint32_t)fifostType << 16) | (dataSize & DESC_PAYLOAD_SIZE_MASK); descriptor[4] = ADD_OFFSET((uint32_t)blackdata); - do - { - status = caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); - } while (status == kStatus_CAAM_Again); - - if (kStatus_Success != status) - { - return status; - } - - status = CAAM_Wait(base, handle, descriptor, kCAAM_Blocking); + status = caam_in_job_ring_add_and_wait(base, handle, descriptor, kCAAM_Blocking); #if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ /* Invalidate unaligned data can cause memory corruption in write-back mode */ - DCACHE_InvalidateByRange((uint32_t)blackdata, dataSize); + DCACHE_InvalidateByRange((uint32_t)blackdata, CAAM_BLACK_KeyBlackenSize(fifostType, dataSize)); #endif /* CAAM_OUT_INVALIDATE */ return status; } @@ -4879,7 +6193,7 @@ status_t CAAM_RedBlob_Encapsule(CAAM_Type *base, #if defined(KEYBLOB_USE_SECURE_MEMORY) descriptor[1] |= 8u; // KEY command to Class 2 Context Register, 64bits RNG KEY. #else - descriptor[1] |= 16u; // KEY command to Class 2 Context Register, 128bits RNG KEY. + descriptor[1] |= 16u; // KEY command to Class 2 Context Register, 128bits RNG KEY. #endif /* (KEYBLOB_USE_SECURE_MEMORY) */ descriptor[2] = ADD_OFFSET((uint32_t)keyModifier); // Key modifier adress descriptor[3] |= dataSize; // SEQ IN PTR command to load plain data @@ -4889,21 +6203,11 @@ status_t CAAM_RedBlob_Encapsule(CAAM_Type *base, #if defined(KEYBLOB_USE_SECURE_MEMORY) descriptor[7] |= (7UL << 24) | SEC_MEM; // OPERATION:Encrypt Red Blob in secure memory #else - descriptor[7] |= (7UL << 24); // OPERATION:Encrypt Red Blob in normal memory + descriptor[7] |= (7UL << 24); // OPERATION:Encrypt Red Blob in normal memory #endif /* (KEYBLOB_USE_SECURE_MEMORY) */ // schedule the job and block wait for result - do - { - status = caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); - } while (status == kStatus_CAAM_Again); - - if (kStatus_Success != status) - { - return status; - } - - status = CAAM_Wait(base, handle, descriptor, kCAAM_Blocking); + status = caam_in_job_ring_add_and_wait(base, handle, descriptor, kCAAM_Blocking); #if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ /* Invalidate unaligned data can cause memory corruption in write-back mode */ @@ -4958,7 +6262,7 @@ status_t CAAM_RedBlob_Decapsule(CAAM_Type *base, #if defined(KEYBLOB_USE_SECURE_MEMORY) descriptor[1] |= 8u; // KEY command to Class 2 Context Register, 64bits RNG KEY. #else - descriptor[1] |= 16u; // KEY command to Class 2 Context Register, 128bits RNG KEY. + descriptor[1] |= 16u; // KEY command to Class 2 Context Register, 128bits RNG KEY. #endif /* (KEYBLOB_USE_SECURE_MEMORY) */ descriptor[2] = ADD_OFFSET((uint32_t)keyModifier); // Key modifier adress descriptor[3] |= blob_size; // SEQ IN PTR command to load blob data @@ -4968,20 +6272,10 @@ status_t CAAM_RedBlob_Decapsule(CAAM_Type *base, #if defined(KEYBLOB_USE_SECURE_MEMORY) descriptor[7] |= (6UL << 24) | SEC_MEM; // OPERATION:Decrypt red blob in secure memory #else - descriptor[7] |= (6UL << 24); // OPERATION:Decrypt red blob in normal memory + descriptor[7] |= (6UL << 24); // OPERATION:Decrypt red blob in normal memory #endif /* (KEYBLOB_USE_SECURE_MEMORY) */ // schedule the job and block wait for result - do - { - status = caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); - } while (status == kStatus_CAAM_Again); - - if (kStatus_Success != status) - { - return status; - } - - status = CAAM_Wait(base, handle, descriptor, kCAAM_Blocking); + status = caam_in_job_ring_add_and_wait(base, handle, descriptor, kCAAM_Blocking); #if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ /* Invalidate unaligned data can cause memory corruption in write-back mode */ @@ -5037,7 +6331,7 @@ status_t CAAM_BlackBlob_Encapsule(CAAM_Type *base, #if defined(KEYBLOB_USE_SECURE_MEMORY) descriptor[1] |= 8u; // KEY command to Class 2 Context Register, 64bits RNG KEY. #else - descriptor[1] |= 16u; // KEY command to Class 2 Context Register, 128bits RNG KEY. + descriptor[1] |= 16u; // KEY command to Class 2 Context Register, 128bits RNG KEY. #endif /* (KEYBLOB_USE_SECURE_MEMORY) */ descriptor[2] = ADD_OFFSET((uint32_t)keyModifier); // Key modifier adress descriptor[3] |= dataSize; // SEQ IN PTR command to load plain data @@ -5053,17 +6347,7 @@ status_t CAAM_BlackBlob_Encapsule(CAAM_Type *base, #endif /* (KEYBLOB_USE_SECURE_MEMORY) */ // schedule the job and block wait for result - do - { - status = caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); - } while (status == kStatus_CAAM_Again); - - if (kStatus_Success != status) - { - return status; - } - - status = CAAM_Wait(base, handle, descriptor, kCAAM_Blocking); + status = caam_in_job_ring_add_and_wait(base, handle, descriptor, kCAAM_Blocking); #if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ /* Invalidate unaligned data can cause memory corruption in write-back mode */ @@ -5120,7 +6404,7 @@ status_t CAAM_BlackBlob_Decapsule(CAAM_Type *base, #if defined(KEYBLOB_USE_SECURE_MEMORY) descriptor[1] |= 8u; // KEY command to Class 2 Context Register, 64bits RNG KEY. #else - descriptor[1] |= 16u; // KEY command to Class 2 Context Register, 128bits RNG KEY. + descriptor[1] |= 16u; // KEY command to Class 2 Context Register, 128bits RNG KEY. #endif /* (KEYBLOB_USE_SECURE_MEMORY) */ descriptor[2] = ADD_OFFSET((uint32_t)keyModifier); // Key modifier adress descriptor[3] |= blob_size; // SEQ IN PTR command to load blob data @@ -5135,17 +6419,7 @@ status_t CAAM_BlackBlob_Decapsule(CAAM_Type *base, DESC_BLACKKEY_NOMMEN; // OPERATION:Decrypt black blob in normal memory #endif /* (KEYBLOB_USE_SECURE_MEMORY) */ // schedule the job and block wait for result - do - { - status = caam_in_job_ring_add(base, handle->jobRing, &descriptor[0]); - } while (status == kStatus_CAAM_Again); - - if (kStatus_Success != status) - { - return status; - } - - status = CAAM_Wait(base, handle, descriptor, kCAAM_Blocking); + status = caam_in_job_ring_add_and_wait(base, handle, descriptor, kCAAM_Blocking); #if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ /* Invalidate unaligned data can cause memory corruption in write-back mode */ @@ -9298,3 +10572,458 @@ status_t CAAM_PKHA_MontgomeryToNormal(CAAM_Type *base, } return status; } + +/******************************************************************************* + * ECC + ******************************************************************************/ + +/*! + * @brief Return bit value based on domain. + * + * @param[in] ecdsel Ecc curve type + * + * @return uint8_t Return 1 when ecc curve is f2m type otherwise 0 + */ +static inline uint8_t CAAM_ECC_DomainBit(caam_ecc_ecdsel_t ecdsel) +{ + return (((uint32_t)ecdsel) >= 0x40u) ? 1u : 0u; +} + +size_t CAAM_ECC_PrivateKeySize(caam_ecc_encryption_type_t encryptKeyType, caam_ecc_ecdsel_t ecdsel) +{ + size_t output = CAAM_ECC_PRIVATE_KEY_LENGTH(ecdsel); + + switch (encryptKeyType) + { + case kCAAM_Ecc_Encryption_Type_Ecb_Jkek: + { + output = CAAM_BLACKEN_ECB_SIZE(output); + break; + } + case kCAAM_Ecc_Encryption_Type_Ccm_Jkek: + { + output = CAAM_BLACKEN_CCM_SIZE(output); + break; + } + default: + { + break; + } + } + + return output; +} + +static const uint32_t templateEccKeyPair[] = { + /* 00 */ 0xB0840000u, /* HEADER */ + /* 01 */ 0x02000000u, /* ECC domain */ + /* 02 */ 0x00000000u, /* s */ + /* 03 */ 0x00000000u, /* Wx,y */ + /* 04 */ 0x80000002u, /* operation */ +}; + +/*! + * brief Generates public and private key for ECC. + * + * param base CAAM peripheral base address + * param handle Handle used for this request. Specifies jobRing. + * param ecdsel Elliptic curve domain selection + * param encryptKeyType Type of key encryption + * param[out] privKey Private key + * param[out] pubKey Public key + * return Operation status. + */ +status_t CAAM_ECC_KeyPair(CAAM_Type *base, + caam_handle_t *handle, + caam_ecc_ecdsel_t ecdsel, + caam_ecc_encryption_type_t encryptKeyType, + uint8_t *privKey, + uint8_t *pubKey) +{ + caam_desc_rsa_t descriptor; + uint32_t descriptorSize = ARRAY_SIZE(templateEccKeyPair); + + (void)caam_memcpy(descriptor, templateEccKeyPair, sizeof(templateEccKeyPair)); + + descriptor[0] |= (descriptorSize & DESC_SIZE_MASK); + descriptor[1] |= (((uint32_t)ecdsel) & 0x7Fu) << 7; + descriptor[2] |= ADD_OFFSET((uint32_t)privKey); + descriptor[3] |= ADD_OFFSET((uint32_t)pubKey); + descriptor[4] |= (0x14UL << 16) | ((uint32_t)encryptKeyType) | CAAM_ECC_DomainBit(ecdsel); + + status_t status = caam_in_job_ring_add_and_wait(base, handle, descriptor, kCAAM_Blocking); + +#if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) + /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ + /* Invalidate unaligned data can cause memory corruption in write-back mode */ + DCACHE_InvalidateByRange((uint32_t)privKey, CAAM_ECC_PrivateKeySize(encryptKeyType, ecdsel)); + DCACHE_InvalidateByRange((uint32_t)pubKey, CAAM_ECC_PUBLIC_KEY_LENGTH(ecdsel)); +#endif /* CAAM_OUT_INVALIDATE */ + + return status; +} + +static const uint32_t templateEccSign[] = { + /* 00 */ 0xB0870000u, /* HEADER */ + /* 01 */ 0x00400000u, /* ECC domain */ + /* 02 */ 0x00000000u, /* s */ + /* 03 */ 0x00000000u, /* f */ + /* 04 */ 0x00000000u, /* c */ + /* 05 */ 0x00000000u, /* d */ + /* 06 */ 0x00000000u, /* ml */ + /* 07 */ 0x80000802u, /* operation */ +}; + +/*! + * brief Generates signature using ECC. + * + * param base CAAM peripheral base address + * param handle Handle used for this request. Specifies jobRing. + * param privKey Private key + * param data Hashed data + * param dataSize Hashed data length + * param ecdsel Elliptic curve domain selection + * param encryptKeyType Type of key encryption + * param[out] signFirst First part of the signature + * param[out] signSecond Second part of the signature + * return Operation status. + */ +status_t CAAM_ECC_Sign(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *privKey, + const uint8_t *data, + size_t dataSize, + caam_ecc_ecdsel_t ecdsel, + caam_ecc_encryption_type_t encryptKeyType, + uint8_t *signFirst, + uint8_t *signSecond) +{ + caam_desc_rsa_t descriptor; + uint32_t descriptorSize = ARRAY_SIZE(templateEccSign); + + (void)caam_memcpy(descriptor, templateEccSign, sizeof(templateEccSign)); + + descriptor[0] |= (descriptorSize & DESC_SIZE_MASK); + descriptor[1] |= (((uint32_t)ecdsel) & 0x7Fu) << 7; + descriptor[2] |= ADD_OFFSET((uint32_t)privKey); + descriptor[3] |= ADD_OFFSET((uint32_t)data); + descriptor[4] |= ADD_OFFSET((uint32_t)signFirst); + descriptor[5] |= ADD_OFFSET((uint32_t)signSecond); + descriptor[6] = dataSize; + descriptor[7] |= (0x15UL << 16) | ((uint32_t)encryptKeyType) | CAAM_ECC_DomainBit(ecdsel); + + status_t status = caam_in_job_ring_add_and_wait(base, handle, descriptor, kCAAM_Blocking); + +#if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) + /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ + /* Invalidate unaligned data can cause memory corruption in write-back mode */ + DCACHE_InvalidateByRange((uint32_t)signFirst, CAAM_ECC_PRIVATE_KEY_LENGTH(ecdsel)); + DCACHE_InvalidateByRange((uint32_t)signSecond, CAAM_ECC_SECOND_SIGN_BUFFER_SIZE(ecdsel)); +#endif /* CAAM_OUT_INVALIDATE */ + + return status; +} + +static const uint32_t templateEccVerifyPublic[] = { + /* 00 */ 0xB0880000u, /* HEADER */ + /* 01 */ 0x00400000u, /* ECC domain */ + /* 02 */ 0x00000000u, /* Wx,y */ + /* 03 */ 0x00000000u, /* f */ + /* 04 */ 0x00000000u, /* c */ + /* 05 */ 0x00000000u, /* d */ + /* 06 */ 0x00000000u, /* tmp */ + /* 07 */ 0x00000000u, /* ml */ + /* 08 */ 0x80000802u, /* operation */ +}; + +/*! + * brief Verify ECC signature using public key + * + * param base CAAM peripheral base address + * param handle Handle used for this request. Specifies jobRing. + * param pubKey Public key + * param data Hashed data + * param dataSize Hashed data length + * param signFirst First part of the signature + * param signSecond Second part of the signature + * param ecdsel Elliptic curve domain selection + * param[in,out] tmp Temporary storage for intermediate results + * return Operation status. + */ +status_t CAAM_ECC_VerifyPublicKey(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *pubKey, + const uint8_t *data, + size_t dataSize, + const uint8_t *signFirst, + const uint8_t *signSecond, + caam_ecc_ecdsel_t ecdsel, + uint8_t *tmp) +{ + caam_desc_rsa_t descriptor; + uint32_t descriptorSize = ARRAY_SIZE(templateEccVerifyPublic); + + (void)caam_memcpy(descriptor, templateEccVerifyPublic, sizeof(templateEccVerifyPublic)); + + descriptor[0] |= (descriptorSize & DESC_SIZE_MASK); + descriptor[1] |= (((uint32_t)ecdsel) & 0x7Fu) << 7; + descriptor[2] |= ADD_OFFSET((uint32_t)pubKey); + descriptor[3] |= ADD_OFFSET((uint32_t)data); + descriptor[4] |= ADD_OFFSET((uint32_t)signFirst); + descriptor[5] |= ADD_OFFSET((uint32_t)signSecond); + descriptor[6] |= ADD_OFFSET((uint32_t)tmp); + descriptor[7] = dataSize; + descriptor[8] |= (0x16UL << 16) | CAAM_ECC_DomainBit(ecdsel); + + status_t status = caam_in_job_ring_add_and_wait(base, handle, descriptor, kCAAM_Blocking); + +#if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) + /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ + /* Invalidate unaligned data can cause memory corruption in write-back mode */ + DCACHE_InvalidateByRange((uint32_t)tmp, CAAM_ECC_PUBLIC_KEY_LENGTH(ecdsel)); +#endif /* CAAM_OUT_INVALIDATE */ + + return status; +} + +static const uint32_t templateEccVerifyPrivate[] = { + /* 00 */ 0xB0870000u, /* HEADER */ + /* 01 */ 0x00400000u, /* ECC domain */ + /* 02 */ 0x00000000u, /* Wx,y */ + /* 03 */ 0x00000000u, /* f */ + /* 04 */ 0x00000000u, /* c */ + /* 05 */ 0x00000000u, /* d */ + /* 06 */ 0x00000000u, /* ml */ + /* 07 */ 0x80000802u, /* operation */ +}; + +/*! + * brief Verify ECC signature using private key + * + * Faster that verifying using public key. + * + * param base CAAM peripheral base address + * param handle Handle used for this request. Specifies jobRing. + * param privKey Private key + * param data Hashed data + * param dataSize Hashed data length + * param signFirst First part of the signature + * param signSecond Second part of the signature + * param ecdsel Elliptic curve domain selection + * param encryptKeyType Type of key encryption + * return Operation status. + */ +status_t CAAM_ECC_VerifyPrivateKey(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *privKey, + const uint8_t *data, + size_t dataSize, + const uint8_t *signFirst, + const uint8_t *signSecond, + caam_ecc_ecdsel_t ecdsel, + caam_ecc_encryption_type_t encryptKeyType) +{ + caam_desc_rsa_t descriptor; + uint32_t descriptorSize = ARRAY_SIZE(templateEccVerifyPrivate); + + (void)caam_memcpy(descriptor, templateEccVerifyPrivate, sizeof(templateEccVerifyPrivate)); + + descriptor[0] |= (descriptorSize & DESC_SIZE_MASK); + descriptor[1] |= (((uint32_t)ecdsel) & 0x7Fu) << 7; + descriptor[2] |= ADD_OFFSET((uint32_t)privKey); + descriptor[3] |= ADD_OFFSET((uint32_t)data); + descriptor[4] |= ADD_OFFSET((uint32_t)signFirst); + descriptor[5] |= ADD_OFFSET((uint32_t)signSecond); + descriptor[6] = dataSize; + descriptor[7] |= (0x12UL << 16) | ((uint32_t)encryptKeyType) | CAAM_ECC_DomainBit(ecdsel); + + status_t status = caam_in_job_ring_add_and_wait(base, handle, descriptor, kCAAM_Blocking); + + return status; +} + +/******************************************************************************* + * RSA + ******************************************************************************/ + +size_t CAAM_RSA_PrivateExponentSize(caam_rsa_key_type_t prvKeyType, uint32_t privExponentSize) +{ + size_t output = privExponentSize; + + switch (prvKeyType) + { + case kCAAM_Rsa_Key_Type_Ecb_Jkek: + { + output = CAAM_BLACKEN_ECB_SIZE(output); + break; + } + case kCAAM_Rsa_Key_Type_Ccm_Jkek: + { + output = CAAM_BLACKEN_CCM_SIZE(output); + break; + } + default: + { + break; + } + } + + return output; +} + +static const uint32_t templateRsaKeyPair[] = { + /* 00 */ 0xB08A0000u, /* HEADER */ + /* 01 */ 0x00000000u, /* */ + /* 02 */ 0x00000000u, /* #p */ + /* 03 */ 0x00000000u, /* #n size #e size */ + /* 04 */ 0x00000000u, /* p */ + /* 05 */ 0x00000000u, /* q */ + /* 06 */ 0x00000000u, /* e */ + /* 07 */ 0x00000000u, /* n */ + /* 08 */ 0x00000000u, /* d */ + /* 09 */ 0x00000000u, /* d size */ + /* 10 */ 0x801A0082u, /* OPERATION: RSA Keygen */ +}; + +status_t CAAM_RSA_KeyPair(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *primeP, + const uint8_t *primeQ, + uint32_t primesSize, + const uint8_t *pubExponent, + uint32_t pubExponentSize, + caam_rsa_key_type_t prvKeyType, + uint8_t *modulus, + uint32_t modulusSize, + uint8_t *privExponent, + size_t *privExponentSize) +{ + caam_desc_rsa_t descriptor; + uint32_t descriptorSize = ARRAY_SIZE(templateRsaKeyPair); + + (void)caam_memcpy(descriptor, templateRsaKeyPair, sizeof(templateRsaKeyPair)); + + descriptor[0] |= (descriptorSize & DESC_SIZE_MASK); + // descriptor[1] |=; // reserved + descriptor[2] |= primesSize & 0x1FFu; + descriptor[3] |= ((modulusSize & 0x3FFu) << 16) | (pubExponentSize & 0x3FFu); + descriptor[4] |= ADD_OFFSET((uint32_t)primeP); + descriptor[5] |= ADD_OFFSET((uint32_t)primeQ); + descriptor[6] |= ADD_OFFSET((uint32_t)pubExponent); + descriptor[7] |= ADD_OFFSET((uint32_t)modulus); + descriptor[8] |= ADD_OFFSET((uint32_t)privExponent); + descriptor[9] |= ADD_OFFSET((uint32_t)privExponentSize); + descriptor[10] |= (uint32_t)prvKeyType; + + status_t status = caam_in_job_ring_add_and_wait(base, handle, descriptor, kCAAM_Blocking); + +#if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) + /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ + /* Invalidate unaligned data can cause memory corruption in write-back mode */ + DCACHE_InvalidateByRange((uint32_t)modulus, modulusSize); + DCACHE_InvalidateByRange((uint32_t)privExponentSize, sizeof(*privExponentSize)); + DCACHE_InvalidateByRange((uint32_t)privExponent, *privExponentSize); +#endif /* CAAM_OUT_INVALIDATE */ + + return status; +} + +static const uint32_t templateRsaEncrypt[] = { + /* 00 */ 0xB0870000u, /* HEADER */ + /* 01 */ 0x00000000u, /* #e size #n size */ + /* 02 */ 0x00000000u, /* f */ + /* 03 */ 0x00000000u, /* g */ + /* 04 */ 0x00000000u, /* n */ + /* 05 */ 0x00000000u, /* e */ + /* 06 */ 0x00000000u, /* #f*/ + /* 07 */ 0x80180000u, /* OPERATION: RSA Encrrypt */ +}; + +status_t CAAM_RSA_Encrypt(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *plainText, + uint32_t plainTextSize, + const uint8_t *modulus, + uint32_t modulusSize, + const uint8_t *pubExponent, + uint32_t pubExponentSize, + caam_rsa_encryption_type_t dataOutType, + caam_rsa_format_type_t format, + uint8_t *cipherText) +{ + caam_desc_rsa_t descriptor; + uint32_t descriptorSize = ARRAY_SIZE(templateRsaEncrypt); + + (void)caam_memcpy(descriptor, templateRsaEncrypt, sizeof(templateRsaEncrypt)); + + descriptor[0] |= (descriptorSize & DESC_SIZE_MASK); + descriptor[1] |= ((pubExponentSize & 0xFFFu) << 12) | (modulusSize & 0xFFFu); + descriptor[2] |= ADD_OFFSET((uint32_t)plainText); + descriptor[3] |= ADD_OFFSET((uint32_t)cipherText); + descriptor[4] |= ADD_OFFSET((uint32_t)modulus); + descriptor[5] |= ADD_OFFSET((uint32_t)pubExponent); + descriptor[6] |= plainTextSize & 0xFFFu; + descriptor[7] |= (((uint32_t)dataOutType) << 4) | (((uint32_t)format) << 12); + + status_t status = caam_in_job_ring_add_and_wait(base, handle, descriptor, kCAAM_Blocking); + +#if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) + /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ + /* Invalidate unaligned data can cause memory corruption in write-back mode */ + DCACHE_InvalidateByRange((uint32_t)cipherText, modulusSize); +#endif /* CAAM_OUT_INVALIDATE */ + + return status; +} + +static const uint32_t templateRsaDecrypt[] = { + /* 00 */ 0xB0860000u, /* HEADER */ + /* 01 */ 0x00000000u, /* #d size #n size */ + /* 02 */ 0x00000000u, /* g */ + /* 03 */ 0x00000000u, /* f */ + /* 04 */ 0x00000000u, /* n */ + /* 05 */ 0x00000000u, /* d */ + /* 06 */ 0x80190000u, /* OPERATION: Decrypt */ + /* 07 */ 0x56080404u, /* store math0 in rsaDecSize */ + /* 08 */ 0x00000000u, /* rsaDecSize address */ +}; + +status_t CAAM_RSA_Decrypt(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *cipherText, + const uint8_t *modulus, + uint32_t modulusSize, + const uint8_t *privExponent, + uint32_t privExponentSize, + caam_rsa_encryption_type_t prvKeyType, + caam_rsa_encryption_type_t dataOutType, + caam_rsa_format_type_t format, + uint8_t *plainText, + size_t *rsaDecSize) +{ + caam_desc_rsa_t descriptor; + uint32_t descriptorSize = ARRAY_SIZE(templateRsaDecrypt); + *rsaDecSize = 0; + + (void)caam_memcpy(descriptor, templateRsaDecrypt, sizeof(templateRsaDecrypt)); + + descriptor[0] |= (descriptorSize & DESC_SIZE_MASK); + descriptor[1] |= ((privExponentSize & 0xFFFu) << 12) | (modulusSize & 0xFFFu); + descriptor[2] |= ADD_OFFSET((uint32_t)cipherText); + descriptor[3] |= ADD_OFFSET((uint32_t)plainText); + descriptor[4] |= ADD_OFFSET((uint32_t)modulus); + descriptor[5] |= ADD_OFFSET((uint32_t)privExponent); + descriptor[6] |= (((uint32_t)prvKeyType) << 8) | (((uint32_t)dataOutType) << 4) | (((uint32_t)format) << 12); + descriptor[8] = ADD_OFFSET((uint32_t)rsaDecSize); /* place: tag address */ + + status_t status = caam_in_job_ring_add_and_wait(base, handle, descriptor, kCAAM_Blocking); + +#if defined(CAAM_OUT_INVALIDATE) && (CAAM_OUT_INVALIDATE > 0u) + /* NOTE: DCACHE must be set to write-trough mode to safely invalidate cache!! */ + /* Invalidate unaligned data can cause memory corruption in write-back mode */ + DCACHE_InvalidateByRange((uint32_t)rsaDecSize, sizeof(*rsaDecSize)); + DCACHE_InvalidateByRange((uint32_t)plainText, *rsaDecSize); +#endif /* CAAM_OUT_INVALIDATE */ + + return status; +} \ No newline at end of file diff --git a/mcux/mcux-sdk-ng/drivers/caam/fsl_caam.h b/mcux/mcux-sdk-ng/drivers/caam/fsl_caam.h index de10b694d1..0b3fb29c2b 100644 --- a/mcux/mcux-sdk-ng/drivers/caam/fsl_caam.h +++ b/mcux/mcux-sdk-ng/drivers/caam/fsl_caam.h @@ -30,9 +30,9 @@ enum /*! @name Driver version */ /*! @{ */ -/*! @brief CAAM driver version. Version 2.3.2. +/*! @brief CAAM driver version. * - * Current version: 2.3.2 + * Current version: 2.4.0 * * Change log: * - Version 2.0.0 @@ -74,11 +74,14 @@ enum * - Add support for SHA HMAC. * - Version 2.3.1 * - Modified function caam_aes_ccm_check_input_args() to allow payload be empty as is specified in NIST800-38C - * Section 5.3. + * Section 5.3. * - Version 2.3.2 * - Fix MISRA-2012 issues. + * - Version 2.4.0 + * - Add new APIs for native asymmetric operations (RSA, ECC) instead of only accelerating mathematical primitives + * and support for black keys and blobs for both symmetric and asymmetric operations. */ -#define FSL_CAAM_DRIVER_VERSION (MAKE_VERSION(2, 3, 2)) +#define FSL_CAAM_DRIVER_VERSION (MAKE_VERSION(2, 4, 0)) /*! @} */ /*! @brief CAAM callback function. */ @@ -155,6 +158,12 @@ typedef uint32_t caam_desc_key_black_t[64]; typedef uint32_t caam_desc_gen_enc_blob_t[64]; typedef uint32_t caam_desc_gen_dep_blob_t[64]; +/*! @brief Memory buffer to hold CAAM descriptor for performing generating dek blob jobs */ +typedef uint32_t caam_desc_rsa_t[64]; + +/*! @brief Memory buffer to hold CAAM descriptor for performing generating dek blob jobs */ +typedef uint32_t caam_desc_ecc_t[64]; + typedef struct _caam_job_ring_interface { uint32_t inputJobRing[4]; @@ -208,7 +217,63 @@ typedef enum _caam_ext_key_xfr_source kCAAM_ExtKeyXfr_KeyRegisterClass2 = 2U, /*!< The Class 2 Key Register is the source. */ kCAAM_ExtKeyXfr_PkhaRamE = 3U, /*!< The PKHA E RAM is the source. */ } caam_ext_key_xfr_source_t; -/*! @} */ /* end of caam_driver */ + +typedef enum _caam_ecc_ecdsel +{ + kCAAM_ECDSEL_P_192 = 0x00u, + kCAAM_ECDSEL_P_224 = 0x01u, + kCAAM_ECDSEL_P_256 = 0x02u, + kCAAM_ECDSEL_P_384 = 0x03u, + kCAAM_ECDSEL_P_521 = 0x04u, + kCAAM_ECDSEL_brainpoolP160r1 = 0x05u, + kCAAM_ECDSEL_brainpoolP160t1 = 0x06u, + kCAAM_ECDSEL_brainpoolP192r1 = 0x07u, + kCAAM_ECDSEL_brainpoolP192t1 = 0x08u, + kCAAM_ECDSEL_brainpoolP224r1 = 0x09u, + kCAAM_ECDSEL_brainpoolP224t1 = 0x0Au, + kCAAM_ECDSEL_brainpoolP256r1 = 0x0Bu, + kCAAM_ECDSEL_brainpoolP256t1 = 0x0Cu, + kCAAM_ECDSEL_brainpoolP320r1 = 0x0Du, + kCAAM_ECDSEL_brainpoolP320t1 = 0x0Eu, + kCAAM_ECDSEL_brainpoolP384r1 = 0x0Fu, + kCAAM_ECDSEL_brainpoolP384t1 = 0x10u, + kCAAM_ECDSEL_brainpoolP512r1 = 0x11u, + kCAAM_ECDSEL_brainpoolP512t1 = 0x12u, + kCAAM_ECDSEL_prime192v2 = 0x13u, + kCAAM_ECDSEL_prime192v3 = 0x14u, + kCAAM_ECDSEL_prime239v1 = 0x15u, + kCAAM_ECDSEL_prime239v2 = 0x16u, + kCAAM_ECDSEL_prime239v3 = 0x17u, + kCAAM_ECDSEL_secp112r1 = 0x18u, + kCAAM_ECDSEL_wtls8 = 0x19u, + kCAAM_ECDSEL_wtls9 = 0x1Au, + kCAAM_ECDSEL_secp160k1 = 0x1Bu, + kCAAM_ECDSEL_secp160r1 = 0x1Cu, + kCAAM_ECDSEL_secp160r2 = 0x1Du, + kCAAM_ECDSEL_secp192k1 = 0x1Eu, + kCAAM_ECDSEL_secp224k1 = 0x1Fu, + kCAAM_ECDSEL_secp256k1 = 0x20u, + kCAAM_ECDSEL_B_163 = 0x40u, + kCAAM_ECDSEL_B_233 = 0x41u, + kCAAM_ECDSEL_B_283 = 0x42u, + kCAAM_ECDSEL_B_409 = 0x43u, + kCAAM_ECDSEL_B_571 = 0x44u, + kCAAM_ECDSEL_K_163 = 0x45u, + kCAAM_ECDSEL_K_233 = 0x46u, + kCAAM_ECDSEL_K_283 = 0x47u, + kCAAM_ECDSEL_K_409 = 0x48u, + kCAAM_ECDSEL_K_571 = 0x49u, + kCAAM_ECDSEL_wtls1 = 0x4Au, + kCAAM_ECDSEL_sect113r1 = 0x4Bu, + kCAAM_ECDSEL_c2pnb163v1 = 0x4Cu, + kCAAM_ECDSEL_c2pnb163v2 = 0x4Du, + kCAAM_ECDSEL_c2pnb163v3 = 0x4Eu, + kCAAM_ECDSEL_sect163r1 = 0x4Fu, + kCAAM_ECDSEL_sect193r1 = 0x50u, + kCAAM_ECDSEL_sect193r2 = 0x51u, + kCAAM_ECDSEL_sect239k1 = 0x52u, +} caam_ecc_ecdsel_t; +/*! @} */ /* end of caam_driver */ /******************************************************************************* * AES Definitions @@ -240,6 +305,133 @@ typedef enum _caam_ext_key_xfr_source /*! @brief CAAM DES IV size - 8 bytes */ #define CAAM_DES_IV_SIZE 8 +/*! @brief CAAM blacken key size for ECB encryption */ +#define CAAM_BLACKEN_ECB_SIZE(x) ((uint32_t)((x) + 15u) & ~15ul) + +/*! @brief CAAM blacken key size for CCM encryption */ +#define CAAM_BLACKEN_CCM_SIZE(x) (((uint32_t)((x) + 7u) & ~7ul) + 12u) + +/*! @brief CAAM DSA public key length for EC domain */ +#define CAAM_DSA_PUBLIC_KEY_LENGTH(domain) \ + ((domain) == kCAAM_ECDSEL_P_192 ? 24u : \ + (domain) == kCAAM_ECDSEL_P_224 ? 28u : \ + (domain) == kCAAM_ECDSEL_P_256 ? 32u : \ + (domain) == kCAAM_ECDSEL_P_384 ? 48u : \ + (domain) == kCAAM_ECDSEL_P_521 ? 66u : \ + (domain) == kCAAM_ECDSEL_brainpoolP160r1 ? 20u : \ + (domain) == kCAAM_ECDSEL_brainpoolP160t1 ? 20u : \ + (domain) == kCAAM_ECDSEL_brainpoolP192r1 ? 24u : \ + (domain) == kCAAM_ECDSEL_brainpoolP192t1 ? 24u : \ + (domain) == kCAAM_ECDSEL_brainpoolP224r1 ? 28u : \ + (domain) == kCAAM_ECDSEL_brainpoolP224t1 ? 28u : \ + (domain) == kCAAM_ECDSEL_brainpoolP256r1 ? 32u : \ + (domain) == kCAAM_ECDSEL_brainpoolP256t1 ? 32u : \ + (domain) == kCAAM_ECDSEL_brainpoolP320r1 ? 40u : \ + (domain) == kCAAM_ECDSEL_brainpoolP320t1 ? 40u : \ + (domain) == kCAAM_ECDSEL_brainpoolP384r1 ? 48u : \ + (domain) == kCAAM_ECDSEL_brainpoolP384t1 ? 48u : \ + (domain) == kCAAM_ECDSEL_brainpoolP512r1 ? 64u : \ + (domain) == kCAAM_ECDSEL_brainpoolP512t1 ? 64u : \ + (domain) == kCAAM_ECDSEL_prime192v2 ? 24u : \ + (domain) == kCAAM_ECDSEL_prime192v3 ? 24u : \ + (domain) == kCAAM_ECDSEL_prime239v1 ? 30u : \ + (domain) == kCAAM_ECDSEL_prime239v2 ? 30u : \ + (domain) == kCAAM_ECDSEL_prime239v3 ? 30u : \ + (domain) == kCAAM_ECDSEL_secp112r1 ? 14u : \ + (domain) == kCAAM_ECDSEL_wtls8 ? 14u : \ + (domain) == kCAAM_ECDSEL_wtls9 ? 20u : \ + (domain) == kCAAM_ECDSEL_secp160k1 ? 20u : \ + (domain) == kCAAM_ECDSEL_secp160r1 ? 20u : \ + (domain) == kCAAM_ECDSEL_secp160r2 ? 20u : \ + (domain) == kCAAM_ECDSEL_secp192k1 ? 24u : \ + (domain) == kCAAM_ECDSEL_secp224k1 ? 28u : \ + (domain) == kCAAM_ECDSEL_secp256k1 ? 32u : \ + (domain) == kCAAM_ECDSEL_B_163 ? 21u : \ + (domain) == kCAAM_ECDSEL_B_233 ? 30u : \ + (domain) == kCAAM_ECDSEL_B_283 ? 36u : \ + (domain) == kCAAM_ECDSEL_B_409 ? 52u : \ + (domain) == kCAAM_ECDSEL_B_571 ? 72u : \ + (domain) == kCAAM_ECDSEL_K_163 ? 21u : \ + (domain) == kCAAM_ECDSEL_K_233 ? 30u : \ + (domain) == kCAAM_ECDSEL_K_283 ? 36u : \ + (domain) == kCAAM_ECDSEL_K_409 ? 52u : \ + (domain) == kCAAM_ECDSEL_K_571 ? 72u : \ + (domain) == kCAAM_ECDSEL_wtls1 ? 15u : \ + (domain) == kCAAM_ECDSEL_sect113r1 ? 15u : \ + (domain) == kCAAM_ECDSEL_c2pnb163v1 ? 21u : \ + (domain) == kCAAM_ECDSEL_c2pnb163v2 ? 21u : \ + (domain) == kCAAM_ECDSEL_c2pnb163v3 ? 21u : \ + (domain) == kCAAM_ECDSEL_sect163r1 ? 21u : \ + (domain) == kCAAM_ECDSEL_sect193r1 ? 25u : \ + (domain) == kCAAM_ECDSEL_sect193r2 ? 25u : \ + (domain) == kCAAM_ECDSEL_sect239k1 ? 25u : \ + 0u) + +/*! @brief CAAM ECC public key length for EC domain */ +#define CAAM_ECC_PUBLIC_KEY_LENGTH(domain) (CAAM_DSA_PUBLIC_KEY_LENGTH(domain) * 2u) + +/*! @brief CAAM ECC private key length for EC domain */ +#define CAAM_ECC_PRIVATE_KEY_LENGTH(domain) \ + ((domain) == kCAAM_ECDSEL_P_192 ? 24u : \ + (domain) == kCAAM_ECDSEL_P_224 ? 28u : \ + (domain) == kCAAM_ECDSEL_P_256 ? 32u : \ + (domain) == kCAAM_ECDSEL_P_384 ? 48u : \ + (domain) == kCAAM_ECDSEL_P_521 ? 66u : \ + (domain) == kCAAM_ECDSEL_brainpoolP160r1 ? 20u : \ + (domain) == kCAAM_ECDSEL_brainpoolP160t1 ? 20u : \ + (domain) == kCAAM_ECDSEL_brainpoolP192r1 ? 24u : \ + (domain) == kCAAM_ECDSEL_brainpoolP192t1 ? 24u : \ + (domain) == kCAAM_ECDSEL_brainpoolP224r1 ? 28u : \ + (domain) == kCAAM_ECDSEL_brainpoolP224t1 ? 28u : \ + (domain) == kCAAM_ECDSEL_brainpoolP256r1 ? 32u : \ + (domain) == kCAAM_ECDSEL_brainpoolP256t1 ? 32u : \ + (domain) == kCAAM_ECDSEL_brainpoolP320r1 ? 40u : \ + (domain) == kCAAM_ECDSEL_brainpoolP320t1 ? 40u : \ + (domain) == kCAAM_ECDSEL_brainpoolP384r1 ? 48u : \ + (domain) == kCAAM_ECDSEL_brainpoolP384t1 ? 48u : \ + (domain) == kCAAM_ECDSEL_brainpoolP512r1 ? 64u : \ + (domain) == kCAAM_ECDSEL_brainpoolP512t1 ? 64u : \ + (domain) == kCAAM_ECDSEL_prime192v2 ? 24u : \ + (domain) == kCAAM_ECDSEL_prime192v3 ? 24u : \ + (domain) == kCAAM_ECDSEL_prime239v1 ? 30u : \ + (domain) == kCAAM_ECDSEL_prime239v2 ? 30u : \ + (domain) == kCAAM_ECDSEL_prime239v3 ? 30u : \ + (domain) == kCAAM_ECDSEL_secp112r1 ? 14u : \ + (domain) == kCAAM_ECDSEL_wtls8 ? 15u : \ + (domain) == kCAAM_ECDSEL_wtls9 ? 21u : \ + (domain) == kCAAM_ECDSEL_secp160k1 ? 21u : \ + (domain) == kCAAM_ECDSEL_secp160r1 ? 21u : \ + (domain) == kCAAM_ECDSEL_secp160r2 ? 21u : \ + (domain) == kCAAM_ECDSEL_secp192k1 ? 24u : \ + (domain) == kCAAM_ECDSEL_secp224k1 ? 29u : \ + (domain) == kCAAM_ECDSEL_secp256k1 ? 32u : \ + (domain) == kCAAM_ECDSEL_B_163 ? 21u : \ + (domain) == kCAAM_ECDSEL_B_233 ? 30u : \ + (domain) == kCAAM_ECDSEL_B_283 ? 36u : \ + (domain) == kCAAM_ECDSEL_B_409 ? 52u : \ + (domain) == kCAAM_ECDSEL_B_571 ? 72u : \ + (domain) == kCAAM_ECDSEL_K_163 ? 21u : \ + (domain) == kCAAM_ECDSEL_K_233 ? 29u : \ + (domain) == kCAAM_ECDSEL_K_283 ? 36u : \ + (domain) == kCAAM_ECDSEL_K_409 ? 51u : \ + (domain) == kCAAM_ECDSEL_K_571 ? 72u : \ + (domain) == kCAAM_ECDSEL_wtls1 ? 14u : \ + (domain) == kCAAM_ECDSEL_sect113r1 ? 15u : \ + (domain) == kCAAM_ECDSEL_c2pnb163v1 ? 21u : \ + (domain) == kCAAM_ECDSEL_c2pnb163v2 ? 21u : \ + (domain) == kCAAM_ECDSEL_c2pnb163v3 ? 21u : \ + (domain) == kCAAM_ECDSEL_sect163r1 ? 21u : \ + (domain) == kCAAM_ECDSEL_sect193r1 ? 25u : \ + (domain) == kCAAM_ECDSEL_sect193r2 ? 25u : \ + (domain) == kCAAM_ECDSEL_sect239k1 ? 25u : \ + 0u) + +/*! @brief CAAM blacken key size for ECB encryption + * + * The second part of key size and buffer length needed for compution may differ. + */ +#define CAAM_ECC_SECOND_SIGN_BUFFER_SIZE(domain) ((CAAM_ECC_PRIVATE_KEY_LENGTH(domain) + 15u) & ~15u) + /*! *@} */ /* end of caam_driver_des */ @@ -361,29 +553,83 @@ typedef struct _caam_rng_user_config /*! @brief CAAM FIFOST types. */ typedef enum _caam_fifost_type { - kCAAM_FIFOST_Type_Kek_Kek = 0x24, /*!< Key Register, encrypted using AES-ECB with the job - descriptor key encryption key. */ - kCAAM_FIFOST_Type_Kek_TKek = 0x25, /*!< Key Register, encrypted using AES-ECB with the - trusted descriptor key encryption key. */ - kCAAM_FIFOST_Type_Kek_Cmm_Jkek = 0x14, /*!< Key Register, encrypted using AES-CCM with the + kCAAM_FIFOST_Type_Ecb_Jkek = 0x24u, /*!< Key Register, encrypted using AES-ECB with the job +descriptor key encryption key. */ + kCAAM_FIFOST_Type_Ecb_Tkek = 0x25u, /*!< Key Register, encrypted using AES-ECB with the +trusted descriptor key encryption key. */ + kCAAM_FIFOST_Type_Ccm_Jkek = 0x14u, /*!< Key Register, encrypted using AES-CCM with the job descriptor key encryption key. */ - kCAAM_FIFOST_Type_Kek_Cmm_Tkek = 0x15, /*!< Key register, encrypted using AES-CCM with the + kCAAM_FIFOST_Type_Ccm_Tkek = 0x15u, /*!< Key register, encrypted using AES-CCM with the trusted descriptor key encryption key. */ } caam_fifost_type_t; /*! @brief CAAM descriptor types. */ typedef enum _caam_desc_type { - kCAAM_Descriptor_Type_Kek_Kek = 0x0, /*!< Key Register, encrypted using AES-ECB with the job - descriptor key encryption key. */ - kCAAM_Descriptor_Type_Kek_TKek = 0x2, /*!< Key Register, encrypted using AES-ECB with the - trusted descriptor key encryption key. */ - kCAAM_Descriptor_Type_Kek_Ccm_Jkek = 0x1, /*!< Key Register, encrypted using AES-CCM with the + kCAAM_Descriptor_Type_Ecb_Jkek = 0x0u, /*!< Key Register, encrypted using AES-ECB with the job +descriptor key encryption key. */ + kCAAM_Descriptor_Type_Ecb_Tkek = 0x2u, /*!< Key Register, encrypted using AES-ECB with the +trusted descriptor key encryption key. */ + kCAAM_Descriptor_Type_Ccm_Jkek = 0x1u, /*!< Key Register, encrypted using AES-CCM with the job descriptor key encryption key. */ - kCAAM_Descriptor_Type_Kek_Ccm_Tkek = 0x3, /*!< Key register, encrypted using AES-CCM with the + kCAAM_Descriptor_Type_Ccm_Tkek = 0x3u, /*!< Key register, encrypted using AES-CCM with the trusted descriptor key encryption key. */ } caam_desc_type_t; +/*! @brief CAAM key types. */ +typedef enum _caam_key_type +{ + kCAAM_Key_Type_None = 0x0ul, + kCAAM_Key_Type_Ecb_Jkek = 0x80ul << 15, /*!< Key Register, encrypted using AES-ECB with the job + descriptor key encryption key. */ + kCAAM_Key_Type_Ecb_Tkek = 0x81ul << 15, /*!< Key Register, encrypted using AES-ECB with the + trusted descriptor key encryption key. */ + kCAAM_Key_Type_Ccm_Jkek = 0xA0ul << 15, /*!< Key Register, encrypted using AES-CCM with the +job descriptor key encryption key. */ + kCAAM_Key_Type_Ccm_Tkek = 0xA1ul << 15, /*!< Key register, encrypted using AES-CCM with the +trusted descriptor key encryption key. */ +} caam_key_type_t; + +/*! @brief CAAM ecc encryption types. */ +typedef enum _caam_ecc_encryption_type +{ + kCAAM_Ecc_Encryption_Type_None = 0x0u, + kCAAM_Ecc_Encryption_Type_Ecb_Jkek = 0x1u << 2, /*!< Key Register, encrypted using AES-ECB with the job + descriptor key encryption key. */ + kCAAM_Ecc_Encryption_Type_Ccm_Jkek = 0x5u << 2, /*!< Key Register, encrypted using AES-CCM with the + job descriptor key encryption key. */ +} caam_ecc_encryption_type_t; + +/*! @brief CAAM rsa key encryption types. */ +typedef enum _caam_rsa_key_type +{ + kCAAM_Rsa_Key_Type_None = 0x0u, + kCAAM_Rsa_Key_Type_Ecb_Jkek = 0x4u << 4, /*!< Key Register, encrypted using AES-ECB with the job + descriptor key encryption key. */ + kCAAM_Rsa_Key_Type_Ccm_Jkek = 0x5u << 4, /*!< Key Register, encrypted using AES-CCM with the + job descriptor key encryption key. */ +} caam_rsa_key_type_t; + +/*! @brief CAAM rsa encryption types. */ +typedef enum _caam_rsa_encryption_type +{ + kCAAM_Rsa_Encryption_Type_None = 0x00u, + kCAAM_Rsa_Encryption_Type_Ecb_Jkek = 0x01u, /*!< Key Register, encrypted using AES-ECB with the job + descriptor key encryption key. */ + kCAAM_Rsa_Encryption_Type_Ecb_Tkek = 0x05u, /*!< Key Register, encrypted using AES-ECB with the + trusted descriptor key encryption key. */ + kCAAM_Rsa_Encryption_Type_Ccm_Jkek = 0x03u, /*!< Key Register, encrypted using AES-CCM with the + job descriptor key encryption key. */ + kCAAM_Rsa_Encryption_Type_Ccm_Tkek = 0x07u, /*!< Key register, encrypted using AES-CCM with the + trusted descriptor key encryption key. */ +} caam_rsa_encryption_type_t; + +typedef enum _caam_rsa_format_type +{ + kCAAM_Rsa_Format_Type_None = 0x00u, /*!< No formatting */ + kCAAM_Rsa_Format_Type_PKCS1 = 0x01u, /*!< EME-PKCS1-v1_5 encryption decoding function */ +} caam_rsa_format_type_t; + // #define KEYBLOB_USE_SECURE_MEMORY 1 // Define when secure memory mode is used /*! @@ -583,6 +829,54 @@ status_t CAAM_AES_DecryptEcb(CAAM_Type *base, const uint8_t *key, size_t keySize); +/*! + * @brief Encrypts AES using the ECB block mode using black key. + * + * Encrypts AES using the ECB block mode. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param plaintext Input plain text to encrypt + * @param[out] ciphertext Output cipher text + * @param size Size of input and output data in bytes. Must be multiple of 16 bytes. + * @param key Input key to use for encryption + * @param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * @param blackKeyType Type of black key + * @return Status from encrypt operation + */ +status_t CAAM_AES_EncryptEcbExtended(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *plaintext, + uint8_t *ciphertext, + size_t size, + const uint8_t *key, + size_t keySize, + caam_key_type_t blackKeyType); + +/*! + * @brief Decrypts AES using ECB block mode using black key. + * + * Decrypts AES using ECB block mode. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param ciphertext Input cipher text to decrypt + * @param[out] plaintext Output plain text + * @param size Size of input and output data in bytes. Must be multiple of 16 bytes. + * @param key Input key. + * @param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * @param blackKeyType Type of black key + * @return Status from decrypt operation + */ +status_t CAAM_AES_DecryptEcbExtended(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *ciphertext, + uint8_t *plaintext, + size_t size, + const uint8_t *key, + size_t keySize, + caam_key_type_t blackKeyType); + /*! * @brief Encrypts AES using CBC block mode. * @@ -627,6 +921,54 @@ status_t CAAM_AES_DecryptCbc(CAAM_Type *base, const uint8_t *key, size_t keySize); +/*! + * @brief Encrypts AES using CBC block mode using black key. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param plaintext Input plain text to encrypt + * @param[out] ciphertext Output cipher text + * @param size Size of input and output data in bytes. Must be multiple of 16 bytes. + * @param iv Input initial vector to combine with the first input block. + * @param key Input key to use for encryption + * @param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * @param blackKeyType Type of black key + * @return Status from encrypt operation + */ +status_t CAAM_AES_EncryptCbcExtended(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *plaintext, + uint8_t *ciphertext, + size_t size, + const uint8_t iv[CAAM_AES_BLOCK_SIZE], + const uint8_t *key, + size_t keySize, + caam_key_type_t blackKeyType); + +/*! + * @brief Decrypts AES using CBC block mode using black key. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param ciphertext Input cipher text to decrypt + * @param[out] plaintext Output plain text + * @param size Size of input and output data in bytes. Must be multiple of 16 bytes. + * @param iv Input initial vector to combine with the first input block. + * @param key Input key to use for decryption + * @param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * @param blackKeyType Type of black key + * @return Status from decrypt operation + */ +status_t CAAM_AES_DecryptCbcExtended(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *ciphertext, + uint8_t *plaintext, + size_t size, + const uint8_t iv[CAAM_AES_BLOCK_SIZE], + const uint8_t *key, + size_t keySize, + caam_key_type_t blackKeyType); + /*! * @brief Encrypts or decrypts AES using CTR block mode. * @@ -661,6 +1003,42 @@ status_t CAAM_AES_CryptCtr(CAAM_Type *base, uint8_t counterlast[CAAM_AES_BLOCK_SIZE], size_t *szLeft); +/*! + * @brief Encrypts or decrypts AES using CTR block mode using black key. + * + * Encrypts or decrypts AES using CTR block mode. + * AES CTR mode uses only forward AES cipher and same algorithm for encryption and decryption. + * The only difference between encryption and decryption is that, for encryption, the input argument + * is plain text and the output argument is cipher text. For decryption, the input argument is cipher text + * and the output argument is plain text. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param input Input data for CTR block mode + * @param[out] output Output data for CTR block mode + * @param size Size of input and output data in bytes + * @param[in,out] counter Input counter (updates on return) + * @param key Input key to use for forward AES cipher + * @param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * @param[out] counterlast Output cipher of last counter, for chained CTR calls. NULL can be passed if chained calls are + * not used. + * @param[out] szLeft Output number of bytes in left unused in counterlast block. NULL can be passed if chained calls + * are not used. + * @param blackKeyType Type of black key + * @return Status from encrypt operation + */ +status_t CAAM_AES_CryptCtrExtended(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *input, + uint8_t *output, + size_t size, + uint8_t counter[CAAM_AES_BLOCK_SIZE], + const uint8_t *key, + size_t keySize, + uint8_t counterlast[CAAM_AES_BLOCK_SIZE], + size_t *szLeft, + caam_key_type_t blackKeyType); + /*! * @brief Encrypts AES and tags using CCM block mode. * @@ -730,6 +1108,79 @@ status_t CAAM_AES_DecryptTagCcm(CAAM_Type *base, const uint8_t *tag, size_t tagSize); +/*! + * @brief Encrypts AES and tags using CCM block mode using black key. + * + * Encrypts AES and optionally tags using CCM block mode. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param plaintext Input plain text to encrypt + * @param[out] ciphertext Output cipher text. + * @param size Size of input and output data in bytes. Zero means authentication only. + * @param iv Nonce + * @param ivSize Length of the Nonce in bytes. Must be 7, 8, 9, 10, 11, 12, or 13. + * @param aad Input additional authentication data. Can be NULL if aadSize is zero. + * @param aadSize Input size in bytes of AAD. Zero means data mode only (authentication skipped). + * @param key Input key to use for encryption + * @param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * @param[out] tag Generated output tag. Set to NULL to skip tag processing. + * @param tagSize Input size of the tag to generate, in bytes. Must be 4, 6, 8, 10, 12, 14, or 16. + * @param blackKeyType Type of black key + * @return Status from encrypt operation + */ +status_t CAAM_AES_EncryptTagCcmExtended(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *plaintext, + uint8_t *ciphertext, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + uint8_t *tag, + size_t tagSize, + caam_key_type_t blackKeyType); + +/*! + * @brief Decrypts AES and authenticates using CCM block mode using black key. + * + * Decrypts AES and optionally authenticates using CCM block mode. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param ciphertext Input cipher text to decrypt + * @param[out] plaintext Output plain text. + * @param size Size of input and output data in bytes. Zero means authentication data only. + * @param iv Nonce + * @param ivSize Length of the Nonce in bytes. Must be 7, 8, 9, 10, 11, 12, or 13. + * @param aad Input additional authentication data. Can be NULL if aadSize is zero. + * @param aadSize Input size in bytes of AAD. Zero means data mode only (authentication data skipped). + * @param key Input key to use for decryption + * @param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * @param tag Received tag. Set to NULL to skip tag processing. + * @param tagSize Input size of the received tag to compare with the computed tag, in bytes. Must be 4, 6, 8, 10, 12, + * 14, or 16. + * @param blackKeyType Type of black key + * @return Status from decrypt operation + */ +status_t CAAM_AES_DecryptTagCcmExtended(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *ciphertext, + uint8_t *plaintext, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + const uint8_t *tag, + size_t tagSize, + caam_key_type_t blackKeyType); + /*! * @brief Encrypts AES and tags using GCM block mode. * @@ -799,6 +1250,80 @@ status_t CAAM_AES_DecryptTagGcm(CAAM_Type *base, size_t keySize, const uint8_t *tag, size_t tagSize); + +/*! + * @brief Encrypts AES and tags using GCM block mode using black key. + * + * Encrypts AES and optionally tags using GCM block mode. If plaintext is NULL, only the GHASH is calculated and output + * in the 'tag' field. Uses black key. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param plaintext Input plain text to encrypt + * @param[out] ciphertext Output cipher text. + * @param size Size of input and output data in bytes + * @param iv Input initial vector + * @param ivSize Size of the IV + * @param aad Input additional authentication data + * @param aadSize Input size in bytes of AAD + * @param key Input key to use for encryption + * @param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * @param[out] tag Output hash tag. Set to NULL to skip tag processing. + * @param tagSize Input size of the tag to generate, in bytes. Must be 4,8,12,13,14,15 or 16. + * @param blackenKeyType Type of black key + * @return Status from encrypt operation + */ +status_t CAAM_AES_EncryptTagGcmExtended(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *plaintext, + uint8_t *ciphertext, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + uint8_t *tag, + size_t tagSize, + caam_key_type_t blackKeyType); + +/*! + * @brief Decrypts AES and authenticates using GCM block mode using black key. + * + * Decrypts AES and optionally authenticates using GCM block mode. If ciphertext is NULL, only the GHASH is calculated + * and compared with the received GHASH in 'tag' field. Uses black key. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param ciphertext Input cipher text to decrypt + * @param[out] plaintext Output plain text. + * @param size Size of input and output data in bytes + * @param iv Input initial vector + * @param ivSize Size of the IV + * @param aad Input additional authentication data + * @param aadSize Input size in bytes of AAD + * @param key Input key to use for encryption + * @param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * @param tag Input hash tag to compare. Set to NULL to skip tag processing. + * @param tagSize Input size of the tag, in bytes. Must be 4, 8, 12, 13, 14, 15, or 16. + * @param blackenKeyType Type of black key + * @return Status from decrypt operation + */ +status_t CAAM_AES_DecryptTagGcmExtended(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *ciphertext, + uint8_t *plaintext, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + const uint8_t *tag, + size_t tagSize, + caam_key_type_t blackKeyType); /*! *@} */ /* end of caam_driver_aes */ @@ -855,6 +1380,58 @@ status_t CAAM_AES_DecryptEcbNonBlocking(CAAM_Type *base, const uint8_t *key, size_t keySize); +/*! + * @brief Encrypts AES using the ECB block mode using black key. + * + * Puts AES ECB encrypt descriptor to CAAM input job ring. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param plaintext Input plain text to encrypt + * @param[out] descriptor Memory for the CAAM descriptor. + * @param[out] ciphertext Output cipher text + * @param size Size of input and output data in bytes. Must be multiple of 16 bytes. + * @param key Input key to use for encryption + * @param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * @param blackKeyType Type of black key + * @return Status from job descriptor push + */ +status_t CAAM_AES_EncryptEcbNonBlockingExtended(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_ecb_t descriptor, + const uint8_t *plaintext, + uint8_t *ciphertext, + size_t size, + const uint8_t *key, + size_t keySize, + caam_key_type_t blackKeyType); + +/*! + * @brief Decrypts AES using ECB block mode using black key. + * + * Puts AES ECB decrypt descriptor to CAAM input job ring. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param[out] descriptor Memory for the CAAM descriptor. + * @param ciphertext Input cipher text to decrypt + * @param[out] plaintext Output plain text + * @param size Size of input and output data in bytes. Must be multiple of 16 bytes. + * @param key Input key. + * @param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * @param blackKeyType Type of black key + * @return Status from job descriptor push + */ +status_t CAAM_AES_DecryptEcbNonBlockingExtended(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_ecb_t descriptor, + const uint8_t *ciphertext, + uint8_t *plaintext, + size_t size, + const uint8_t *key, + size_t keySize, + caam_key_type_t blackKeyType); + /*! * @brief Encrypts AES using CBC block mode. * @@ -907,6 +1484,62 @@ status_t CAAM_AES_DecryptCbcNonBlocking(CAAM_Type *base, const uint8_t *key, size_t keySize); +/*! + * @brief Encrypts AES using CBC block mode using black key. + * + * Puts AES CBC encrypt descriptor to CAAM input job ring. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param[out] descriptor Memory for the CAAM descriptor. + * @param plaintext Input plain text to encrypt + * @param[out] ciphertext Output cipher text + * @param size Size of input and output data in bytes. Must be multiple of 16 bytes. + * @param iv Input initial vector to combine with the first input block. + * @param key Input key to use for encryption + * @param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * @param blackKeyType Type of black key + * @return Status from job descriptor push + */ +status_t CAAM_AES_EncryptCbcNonBlockingExtended(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_cbc_t descriptor, + const uint8_t *plaintext, + uint8_t *ciphertext, + size_t size, + const uint8_t *iv, + const uint8_t *key, + size_t keySize, + caam_key_type_t blackKeyType); + +/*! + * @brief Decrypts AES using CBC block mode using black key. + * + * Puts AES CBC decrypt descriptor to CAAM input job ring. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param[out] descriptor Memory for the CAAM descriptor. + * @param ciphertext Input cipher text to decrypt + * @param[out] plaintext Output plain text + * @param size Size of input and output data in bytes. Must be multiple of 16 bytes. + * @param iv Input initial vector to combine with the first input block. + * @param key Input key to use for decryption + * @param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * @param blackKeyType Type of black key + * @return Status from job descriptor push + */ +status_t CAAM_AES_DecryptCbcNonBlockingExtended(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_cbc_t descriptor, + const uint8_t *ciphertext, + uint8_t *plaintext, + size_t size, + const uint8_t *iv, + const uint8_t *key, + size_t keySize, + caam_key_type_t blackKeyType); + /*! * @brief Encrypts or decrypts AES using CTR block mode. * @@ -945,6 +1578,46 @@ status_t CAAM_AES_CryptCtrNonBlocking(CAAM_Type *base, uint8_t *counterlast, size_t *szLeft); +/*! + * @brief Encrypts or decrypts AES using CTR block mode using black key. + * + * Encrypts or decrypts AES using CTR block mode. + * AES CTR mode uses only forward AES cipher and same algorithm for encryption and decryption. + * The only difference between encryption and decryption is that, for encryption, the input argument + * is plain text and the output argument is cipher text. For decryption, the input argument is cipher text + * and the output argument is plain text. + * + * Puts AES CTR crypt descriptor to CAAM input job ring. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param[out] descriptor Memory for the CAAM descriptor. + * @param input Input data for CTR block mode + * @param[out] output Output data for CTR block mode + * @param size Size of input and output data in bytes + * @param[in,out] counter Input counter (updates on return) + * @param key Input key to use for forward AES cipher + * @param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * @param[out] counterlast Output cipher of last counter, for chained CTR calls. NULL can be passed if chained calls are + * not used. + * @param[out] szLeft Output number of bytes in left unused in counterlast block. NULL can be passed if chained calls + * are not used. + * @param blackKeyType Type of black key + * @return Status from job descriptor push + */ +status_t CAAM_AES_CryptCtrNonBlockingExtended(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_ctr_t descriptor, + const uint8_t *input, + uint8_t *output, + size_t size, + uint8_t *counter, + const uint8_t *key, + size_t keySize, + uint8_t *counterlast, + size_t *szLeft, + caam_key_type_t blackKeyType); + /*! * @brief Encrypts AES and tags using CCM block mode. * @@ -1019,6 +1692,84 @@ status_t CAAM_AES_DecryptTagCcmNonBlocking(CAAM_Type *base, const uint8_t *tag, size_t tagSize); +/*! + * @brief Encrypts AES and tags using CCM block mode using black key. + * + * Puts AES CCM encrypt and tag descriptor to CAAM input job ring. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param[out] descriptor Memory for the CAAM descriptor. + * @param plaintext Input plain text to encrypt + * @param[out] ciphertext Output cipher text. + * @param size Size of input and output data in bytes. Zero means authentication only. + * @param iv Nonce + * @param ivSize Length of the Nonce in bytes. Must be 7, 8, 9, 10, 11, 12, or 13. + * @param aad Input additional authentication data. Can be NULL if aadSize is zero. + * @param aadSize Input size in bytes of AAD. Zero means data mode only (authentication skipped). + * @param key Input key to use for encryption + * @param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * @param[out] tag Generated output tag. Set to NULL to skip tag processing. + * @param tagSize Input size of the tag to generate, in bytes. Must be 4, 6, 8, 10, 12, 14, or 16. + * @param blackKeyType Type of black key + * @return Status from job descriptor push + */ +status_t CAAM_AES_EncryptTagCcmNonBlockingExtended(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_ccm_t descriptor, + const uint8_t *plaintext, + uint8_t *ciphertext, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + uint8_t *tag, + size_t tagSize, + caam_key_type_t blackKeyType); + +/*! + * @brief Decrypts AES and authenticates using CCM block mode using black key. + * + * Puts AES CCM decrypt and check tag descriptor to CAAM input job ring. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param[out] descriptor Memory for the CAAM descriptor. + * @param ciphertext Input cipher text to decrypt + * @param[out] plaintext Output plain text. + * @param size Size of input and output data in bytes. Zero means authentication data only. + * @param iv Nonce + * @param ivSize Length of the Nonce in bytes. Must be 7, 8, 9, 10, 11, 12, or 13. + * @param aad Input additional authentication data. Can be NULL if aadSize is zero. + * @param aadSize Input size in bytes of AAD. Zero means data mode only (authentication data skipped). + * @param key Input key to use for decryption + * @param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * @param tag Received tag. Set to NULL to skip tag processing. + * @param tagSize Input size of the received tag to compare with the computed tag, in bytes. Must be 4, 6, 8, 10, 12, + * 14, or 16. + * @param blackKeyType Type of black key + * @return Status from job descriptor push + */ + +status_t CAAM_AES_DecryptTagCcmNonBlockingExtended(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_ccm_t descriptor, + const uint8_t *ciphertext, + uint8_t *plaintext, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + const uint8_t *tag, + size_t tagSize, + caam_key_type_t blackKeyType); + /*! * @brief Encrypts AES and tags using GCM block mode. * @@ -1094,6 +1845,88 @@ status_t CAAM_AES_DecryptTagGcmNonBlocking(CAAM_Type *base, size_t keySize, const uint8_t *tag, size_t tagSize); + +/*! + * @brief Encrypts AES and tags using GCM block mode using black key. + * + * Encrypts AES and optionally tags using GCM block mode. If plaintext is NULL, only the GHASH is calculated and output + * in the 'tag' field. + * Puts AES GCM encrypt and tag descriptor to CAAM input job ring. + * Uses black key. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param[out] descriptor Memory for the CAAM descriptor. + * @param plaintext Input plain text to encrypt + * @param[out] ciphertext Output cipher text. + * @param size Size of input and output data in bytes + * @param iv Input initial vector + * @param ivSize Size of the IV + * @param aad Input additional authentication data + * @param aadSize Input size in bytes of AAD + * @param key Input key to use for encryption + * @param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * @param[out] tag Output hash tag. Set to NULL to skip tag processing. + * @param tagSize Input size of the tag to generate, in bytes. Must be 4,8,12,13,14,15 or 16. + * @return Status from job descriptor push + * @param blackenKeyType Type of black key + */ +status_t CAAM_AES_EncryptTagGcmNonBlockingExtended(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_gcm_t descriptor, + const uint8_t *plaintext, + uint8_t *ciphertext, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + uint8_t *tag, + size_t tagSize, + caam_key_type_t blackKeyType); + +/*! + * @brief Decrypts AES and authenticates using GCM block mode using black key. + * + * Decrypts AES and optionally authenticates using GCM block mode. If ciphertext is NULL, only the GHASH is calculated + * and compared with the received GHASH in 'tag' field. + * Puts AES GCM decrypt and check tag descriptor to CAAM input job ring. + * Uses black key. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param[out] descriptor Memory for the CAAM descriptor. + * @param ciphertext Input cipher text to decrypt + * @param[out] plaintext Output plain text. + * @param size Size of input and output data in bytes + * @param iv Input initial vector + * @param ivSize Size of the IV + * @param aad Input additional authentication data + * @param aadSize Input size in bytes of AAD + * @param key Input key to use for encryption + * @param keySize Size of the input key, in bytes. Must be 16, 24, or 32. + * @param tag Input hash tag to compare. Set to NULL to skip tag processing. + * @param tagSize Input size of the tag, in bytes. Must be 4, 8, 12, 13, 14, 15, or 16. + * @param blackenKeyType Type of black key + * @return Status from job descriptor push + */ +status_t CAAM_AES_DecryptTagGcmNonBlockingExtended(CAAM_Type *base, + caam_handle_t *handle, + caam_desc_aes_gcm_t descriptor, + const uint8_t *ciphertext, + uint8_t *plaintext, + size_t size, + const uint8_t *iv, + size_t ivSize, + const uint8_t *aad, + size_t aadSize, + const uint8_t *key, + size_t keySize, + const uint8_t *tag, + size_t tagSize, + caam_key_type_t blackKeyType); /*! *@} */ /* end of caam_nonblocking_driver_aes */ @@ -1709,6 +2542,16 @@ status_t CAAM_RNG_GetRandomDataNonBlocking(CAAM_Type *base, * @{ */ +/*! + * @brief Return size of blacken key based on encryption type and data to encrypt size + * + * @param fifostType Type of AES-CBC or AEC-CCM to encrypt plaintext + * @param dataSize Size of data to be encrypted + * + * @return size_t Size of blacken key. + */ +size_t CAAM_BLACK_KeyBlackenSize(caam_fifost_type_t fifostType, size_t dataSize); + /*! * @brief Construct a black key * @@ -3526,8 +4369,252 @@ status_t CAAM_PKHA_ECC_PointMul(CAAM_Type *base, *@} */ /* end of caam_driver_pkha */ +/******************************************************************************* + * ECC + ******************************************************************************/ + +/*! + * @addtogroup caam_driver_ecc + * @{ + */ + +/*! + * @brief Return size of private key based on encryption type and ecliptic curve domain + * + * @param encryptKeyType Type of key encryption. + * @param ecdsel Elliptic curve domain selection + * + * @return size_t Size of private key. + */ +size_t CAAM_ECC_PrivateKeySize(caam_ecc_encryption_type_t encryptKeyType, caam_ecc_ecdsel_t ecdsel); + +/*! + * @brief Generates public and private key for ECC. + * + * The buffer size of privKey can be determined using CAAM_ECC_PRIVATE_KEY_LENGTH. + * The buffer size of pubKey can be determined using CAAM_ECC_PUBLIC_KEY_LENGTH. + * For encrypted privKey, the buffer size can be determined using CAAM_BLACKEN_ECB_SIZE + * or CAAM_BLACKEN_CCM_SIZE macros. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param ecdsel Elliptic curve domain selection + * @param encryptKeyType Type of key encryption + * @param[out] privKey Private key + * @param[out] pubKey Public key + * @return Operation status. + */ +status_t CAAM_ECC_KeyPair(CAAM_Type *base, + caam_handle_t *handle, + caam_ecc_ecdsel_t ecdsel, + caam_ecc_encryption_type_t encryptKeyType, + uint8_t *privKey, + uint8_t *pubKey); + +/*! + * @brief Generates signature using ECC. + * + * The buffer size of signFirst can be determined using CAAM_ECC_PRIVATE_KEY_LENGTH. + * ! The buffer size of signSecond can be determined using CAAM_ECC_SECOND_SIGN_BUFFER_SIZE. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param privKey Private key + * @param data Hashed data + * @param dataSize Hashed data length + * @param ecdsel Elliptic curve domain selection + * @param encryptKeyType Type of key encryption + * @param[out] signFirst First part of the signature + * @param[out] signSecond Second part of the signature + * @return Operation status. + */ +status_t CAAM_ECC_Sign(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *privKey, + const uint8_t *data, + size_t dataSize, + caam_ecc_ecdsel_t ecdsel, + caam_ecc_encryption_type_t encryptKeyType, + uint8_t *signFirst, + uint8_t *signSecond); + +/*! + * @brief Verify ECC signature using public key + * + * The buffer size of tmp can be determined using CAAM_ECC_PUBLIC_KEY_LENGTH. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param pubKey Public key + * @param data Hashed data + * @param dataSize Hashed data length + * @param signFirst First part of the signature + * @param signSecond Second part of the signature + * @param ecdsel Elliptic curve domain selection + * @param[in,out] tmp Temporary storage for intermediate results + * @return Operation status. + */ +status_t CAAM_ECC_VerifyPublicKey(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *pubKey, + const uint8_t *data, + size_t dataSize, + const uint8_t *signFirst, + const uint8_t *signSecond, + caam_ecc_ecdsel_t ecdsel, + uint8_t *tmp); + +/*! + * @brief Verify ECC signature using private key + * + * Faster that verifying using public key. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param privKey Private key + * @param data Hashed data + * @param dataSize Hashed data length + * @param signFirst First part of the signature + * @param signSecond Second part of the signature + * @param ecdsel Elliptic curve domain selection + * @param encryptKeyType Type of key encryption + * @return Operation status. + */ +status_t CAAM_ECC_VerifyPrivateKey(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *privKey, + const uint8_t *data, + size_t dataSize, + const uint8_t *signFirst, + const uint8_t *signSecond, + caam_ecc_ecdsel_t ecdsel, + caam_ecc_encryption_type_t encryptKeyType); +/*! + *@} + */ /* end of caam_driver_ecc */ + +/******************************************************************************* + * RSA + ******************************************************************************/ + +/*! + * @addtogroup caam_driver_rsa + * @{ + */ + +/*! + * @brief Return size for private key buffer based on encryption type and ecliptic curve domain + * + * @param prvKeyType Type of private key + * @param privExponentSize Expected length of private exponent without encryption padding. + * + * @return size_t Size for private key buffer. + */ +size_t CAAM_RSA_PrivateExponentSize(caam_rsa_key_type_t prvKeyType, uint32_t privExponentSize); + +/*! + * @brief Generates RSA key. + * + * Generates modulus N and private exponent D give prime numbers P and Q and public exponent E. + * Public key is {E,N}. Private key is {D,N}. + * + * ! privExponentSize value may differ for different P abd Q with same bit length. + * For encrypted privExponent, the buffer size can be determined using CAAM_BLACKEN_ECB_SIZE + * or CAAM_BLACKEN_CCM_SIZE macros. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param primeP Prime number P + * @param primeQ Prime number Q + * @param primesSize Byte length of primeP or primeQ (primeP and primeQ must have the same byte length) + * @param pubExponent Public exponent E + * @param pubExponentSize Byte length of pubExponent + * @param prvKeyType Type of private key + * @param[out] modulus Buffer for calculated modulus N + * @param modulusSize Byte length of modulus buffer + * @param[out] privExponent Buffer for calculated private exponent D + * @param[out] privExponentSize Byte length of calculated private exponent. + * @return Operation status. + */ +status_t CAAM_RSA_KeyPair(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *primeP, + const uint8_t *primeQ, + uint32_t primesSize, + const uint8_t *pubExponent, + uint32_t pubExponentSize, + caam_rsa_key_type_t prvKeyType, + uint8_t *modulus, + uint32_t modulusSize, + uint8_t *privExponent, + size_t *privExponentSize); + +/*! + * @brief Performs the RSA public key primitive. + * + * Performs the RSA public key primitive which can be used when encrypting a secret or verifying a signature. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param plainText Input data + * @param plainTextize Byte length of the input data + * @param modulus Modulus N + * @param modulusSize Byte length of modulus + * @param pubExponent Public exponent E + * @param pubExponentSize Byte length of pubExponent + * @param dataOutType Type of encryption of output data + * @param[out] cipherText Buffer for RSA encrypted data + * @return Operation status + */ +status_t CAAM_RSA_Encrypt(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *plainText, + uint32_t plainTextSize, + const uint8_t *modulus, + uint32_t modulusSize, + const uint8_t *pubExponent, + uint32_t pubExponentSize, + caam_rsa_encryption_type_t dataOutType, + caam_rsa_format_type_t format, + uint8_t *cipherText); + +/*! + * @brief Performs the RSA private key primitive. + * + * Performs the RSA private key primitive which can be used when decrypting a secret or creating a siganture. + * + * @param base CAAM peripheral base address + * @param handle Handle used for this request. Specifies jobRing. + * @param cipherText Input data + * @param modulus Moulus N + * @param modulusSize Byte length of modulus + * @param privExponent Private exponent D + * @param privExponentSize Byte length of privExponent + * @param prvKeyType Type of private key encryption + * @param dataOutType Type of encryption of output data + * @param[out] plainText Buffer for RSA encrypted data + * @param[out] rsaDecSize Returned output size + * @return Operation status + */ +status_t CAAM_RSA_Decrypt(CAAM_Type *base, + caam_handle_t *handle, + const uint8_t *cipherText, + const uint8_t *modulus, + uint32_t modulusSize, + const uint8_t *privExponent, + uint32_t privExponentSize, + caam_rsa_encryption_type_t prvKeyType, + caam_rsa_encryption_type_t dataOutType, + caam_rsa_format_type_t format, + uint8_t *plainText, + size_t *rsaDecSize); + +/*! + *@} + */ /* end of caam_driver_rsa */ + #if defined(__cplusplus) } #endif -#endif /* FSL_CAAM_H_ */ +#endif /* FSL_CAAM_H_ */ \ No newline at end of file diff --git a/mcux/mcux-sdk-ng/drivers/rtc/CMakeLists.txt b/mcux/mcux-sdk-ng/drivers/rtc/CMakeLists.txt index 07d85b84ad..9fc9284855 100644 --- a/mcux/mcux-sdk-ng/drivers/rtc/CMakeLists.txt +++ b/mcux/mcux-sdk-ng/drivers/rtc/CMakeLists.txt @@ -3,7 +3,7 @@ # SPDX-License-Identifier: BSD-3-Clause if(CONFIG_MCUX_COMPONENT_driver.rtc) - mcux_component_version(2.3.3) + mcux_component_version(2.4.0) mcux_add_source(SOURCES fsl_rtc.c fsl_rtc.h) diff --git a/mcux/mcux-sdk-ng/drivers/rtc/fsl_rtc.c b/mcux/mcux-sdk-ng/drivers/rtc/fsl_rtc.c index 3b41b559d7..a4103c7ce0 100644 --- a/mcux/mcux-sdk-ng/drivers/rtc/fsl_rtc.c +++ b/mcux/mcux-sdk-ng/drivers/rtc/fsl_rtc.c @@ -118,6 +118,10 @@ static uint32_t RTC_ConvertDatetimeToSeconds(const rtc_datetime_t *datetime) * represented in the hours, minutes and seconds field*/ seconds += ((uint32_t)datetime->day - 1U); /* For leap year if month less than or equal to Febraury, decrement day counter*/ + /* + * $Branch Coverage Justification$ + * ((0U == (datetime->year & 3U)) && (datetime->month <= 2U) && 0U == seconds) cannot be covered, when it is leap year(>1970), the seconds cannot be 0U + */ if ((0U == (datetime->year & 3U)) && (datetime->month <= 2U) && 0U != seconds) { seconds--; @@ -248,13 +252,19 @@ void RTC_Init(RTC_Type *base, const rtc_config_t *config) reg &= ~(RTC_CR_WPS_MASK); reg |= RTC_CR_WPS(config->wakeupSelect ? 1U : 0U); #endif /* FSL_FEATURE_RTC_HAS_WAKEUP_PIN */ + +#if !(defined(FSL_FEATURE_RTC_HAS_CLOCK_OUTPUT) && FSL_FEATURE_RTC_HAS_CLOCK_OUTPUT == 0) + reg &= ~RTC_CR_CLKO_MASK; + reg |= RTC_CR_CLKO(config->clockOutput ? 1U : 0U); +#endif /* FSL_FEATURE_RTC_HAS_CLOCK_OUTPUT */ + base->CR = reg; /* Configure the RTC time compensation register */ base->TCR = (RTC_TCR_CIR(config->compensationInterval) | RTC_TCR_TCR(config->compensationTime)); #if defined(FSL_FEATURE_RTC_HAS_TSIC) && FSL_FEATURE_RTC_HAS_TSIC - /* Configure RTC timer seconds interrupt to be generated once per second */ + /* Configure RTC timer seconds interrupt to be generated once per second and disable the interrupt */ base->IER &= ~(RTC_IER_TSIC_MASK | RTC_IER_TSIE_MASK); #endif } @@ -279,6 +289,10 @@ void RTC_GetDefaultConfig(rtc_config_t *config) /* Initializes the configure structure to zero. */ (void)memset(config, 0, sizeof(*config)); +#if !(defined(FSL_FEATURE_RTC_HAS_CLOCK_OUTPUT) && FSL_FEATURE_RTC_HAS_CLOCK_OUTPUT == 0) + /* Clock output is disabled by default */ + config->clockOutput = false; +#endif /* FSL_FEATURE_RTC_HAS_CLOCK_OUTPUT */ /* Wakeup pin will assert if the RTC interrupt asserts or if the wakeup pin is turned on */ config->wakeupSelect = false; /* Registers cannot be written when locked */ @@ -902,3 +916,33 @@ status_t RTC_IncrementMonotonicCounter(RTC_Type *base) } #endif /* FSL_FEATURE_RTC_HAS_MONOTONIC */ + +#if defined(FSL_FEATURE_RTC_HAS_TSIC) && FSL_FEATURE_RTC_HAS_TSIC + +/*! + * brief Sets the RTC timer seconds interrupt frequency. + * + * This function sets the RTC timer seconds interrupt frequency. + * + * param base RTC peripheral base address + * param freq The timer seconds interrupt frequency. This is a member of the + * enumeration ::rtc_timer_seconds_interrupt_frequency_t + */ +void RTC_SetTimerSecondsInterruptFrequency(RTC_Type *base, rtc_timer_seconds_interrupt_frequency_t freq) +{ + assert(freq < kRTC_TimerSecondsFrequency128Hz); + uint32_t reg = base->IER; + + reg &= ~(RTC_IER_TSIC_MASK); + reg |= RTC_IER_TSIC(freq); + + /* Enable the timer seconds interrupt if not enabled */ + if ((reg & RTC_IER_TSIE_MASK) != 0U) + { + reg |= RTC_IER_TSIE_MASK; + } + + base->IER = reg; +} + +#endif /* FSL_FEATURE_RTC_HAS_TSIC */ diff --git a/mcux/mcux-sdk-ng/drivers/rtc/fsl_rtc.h b/mcux/mcux-sdk-ng/drivers/rtc/fsl_rtc.h index b923b724b6..e331deb7c9 100644 --- a/mcux/mcux-sdk-ng/drivers/rtc/fsl_rtc.h +++ b/mcux/mcux-sdk-ng/drivers/rtc/fsl_rtc.h @@ -21,7 +21,7 @@ /*! @name Driver version */ /*! @{ */ -#define FSL_RTC_DRIVER_VERSION (MAKE_VERSION(2, 3, 3)) /*!< Version 2.3.3 */ +#define FSL_RTC_DRIVER_VERSION (MAKE_VERSION(2, 4, 0)) /*!< Version 2.4.0 */ /*! @} */ /*! @brief List of RTC interrupts */ @@ -86,9 +86,25 @@ typedef enum _rtc_osc_cap_load kRTC_Capacitor_8p = RTC_CR_SC8P_MASK, /*!< 8 pF capacitor load */ kRTC_Capacitor_16p = RTC_CR_SC16P_MASK /*!< 16 pF capacitor load */ } rtc_osc_cap_load_t; - #endif /* FSL_FEATURE_SCG_HAS_OSC_SCXP */ +#if defined(FSL_FEATURE_RTC_HAS_TSIC) && FSL_FEATURE_RTC_HAS_TSIC + +/*! @brief List of RTC Timer Seconds Interrupt Frequencies */ +typedef enum _rtc_timer_seconds_interrupt_frequency +{ + kRTC_TimerSecondsFrequency1Hz = 0U, /*!< Timer seconds frequency is 1Hz */ + kRTC_TimerSecondsFrequency2Hz = 1U, /*!< Timer seconds frequency is 2Hz */ + kRTC_TimerSecondsFrequency4Hz = 2U, /*!< Timer seconds frequency is 4Hz */ + kRTC_TimerSecondsFrequency8Hz = 3U, /*!< Timer seconds frequency is 8Hz */ + kRTC_TimerSecondsFrequency16Hz = 4U, /*!< Timer seconds frequency is 16Hz */ + kRTC_TimerSecondsFrequency32Hz = 5U, /*!< Timer seconds frequency is 32Hz */ + kRTC_TimerSecondsFrequency64Hz = 6U, /*!< Timer seconds frequency is 64Hz */ + kRTC_TimerSecondsFrequency128Hz = 7U /*!< Timer seconds frequency is 128Hz */ +} rtc_timer_seconds_interrupt_frequency_t; + +#endif /* FSL_FEATURE_RTC_HAS_TSIC */ + /*! @brief Structure is used to hold the date and time */ typedef struct _rtc_datetime { @@ -132,6 +148,11 @@ typedef struct _rtc_pin_config */ typedef struct _rtc_config { +#if !(defined(FSL_FEATURE_RTC_HAS_CLOCK_OUTPUT) && FSL_FEATURE_RTC_HAS_CLOCK_OUTPUT == 0) + bool clockOutput; /*!< true: The 32 kHz clock is not output to other + peripherals; false: The 32 kHz clock is output to other + peripherals */ +#endif /* FSL_FEATURE_RTC_HAS_CLOCK_OUTPUT */ bool wakeupSelect; /*!< true: Wakeup pin outputs the 32 KHz clock; false:Wakeup pin used to wakeup the chip */ bool updateMode; /*!< true: Registers can be written even when locked under certain @@ -190,6 +211,7 @@ static inline void RTC_Deinit(RTC_Type *base) * * The default values are as follows. * @code + * config->clockOutput = false; * config->wakeupSelect = false; * config->updateMode = false; * config->supervisorAccess = false; @@ -541,6 +563,43 @@ static inline void RTC_EnableWakeUpPin(RTC_Type *base, bool enable) } #endif +#if !(defined(FSL_FEATURE_RTC_HAS_CLOCK_OUTPUT) && FSL_FEATURE_RTC_HAS_CLOCK_OUTPUT == 0) +/*! + * @brief Enables or disables the RTC 32 kHz clock output. + * + * This function enables or disables the RTC 32 kHz clock output. + * + * @param base RTC_Type base pointer. + * @param enable true to enable, false to disable. + */ +static inline void RTC_EnableClockOutput(RTC_Type *base, bool enable) +{ + if (enable) + { + base->CR |= RTC_CR_CLKO_MASK; + } + else + { + base->CR &= ~RTC_CR_CLKO_MASK; + } +} +#endif /* FSL_FEATURE_RTC_HAS_CLOCK_OUTPUT */ + +#if defined(FSL_FEATURE_RTC_HAS_TSIC) && FSL_FEATURE_RTC_HAS_TSIC + +/*! + * @brief Sets the RTC timer seconds interrupt frequency. + * + * This function sets the RTC timer seconds interrupt frequency. + * + * @param base RTC peripheral base address + * @param freq The timer seconds interrupt frequency. This is a member of the + * enumeration ::rtc_timer_seconds_interrupt_frequency_t + */ +void RTC_SetTimerSecondsInterruptFrequency(RTC_Type *base, rtc_timer_seconds_interrupt_frequency_t freq); + +#endif /* FSL_FEATURE_RTC_HAS_TSIC */ + #if defined(__cplusplus) } #endif