Aditya Patwardhan 4dc2ace0b7
fix(esp_hw_support): Update key manager support
1) Added new Key Manager APIs
    2) Added crypto locking layer for Key Manager
    3) Remove support for deploying known key
    4) Format key manager support
    5) Fix build header error
    6) Updated the key_mgr_types.h file
    7) Added key manager tests
2024-01-23 10:24:39 +05:30

105 lines
2.6 KiB
C

/*
* SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
#include "soc/soc_caps.h"
#if SOC_KEY_MANAGER_SUPPORTED
#include <stdint.h>
#include "esp_attr.h"
#include "ets_sys.h"
#include "km.h"
#if __cplusplus
extern "C" {
#endif
// store huk info, occupy 96 words
struct huk_info {
#define HUK_INFO_LEN 384
uint8_t info[HUK_INFO_LEN];
uint32_t crc;
} PACKED_ATTR;
// store key info, occupy 512 bits
struct key_info {
#define KEY_INFO_LEN 64
uint8_t info[KEY_INFO_LEN];
uint32_t crc;
} PACKED_ATTR;
struct huk_key_block {
#define KEY_HUK_SECTOR_MAGIC 0xDEA5CE5A
uint32_t magic;
uint32_t version; // for backward compatibility
uint8_t key_type;
uint8_t reserved[15];
struct huk_info huk_info;
struct key_info key_info[2]; // at most 2 key info (XTS-512_1 and XTS-512_2), at least use 1
} WORD_ALIGNED_ATTR PACKED_ATTR;
/*
* We define two info sectors "active" and "backup" here
* Most rom code would rely only on the "active" sector for the key information
*
* But there could be a situation where the huk and key information must be regenerated
* based on ageing and other factors. For that scenario, we need a "backup" sector
*/
#define KEY_HUK_SECTOR_OFFSET(i) ((i)*0x1000)
#define ACTIVE_SECTOR_OFFSET KEY_HUK_SECTOR_OFFSET(0)
#define BACKUP_SECTOR_OFFSET KEY_HUK_SECTOR_OFFSET(1)
#define KM_PERI_ECDSA (BIT(0))
#define KM_PERI_XTS (BIT(1))
struct km_deploy_ops {
#define KM_KEY_PURPOSE_ECDSA 1
#define KM_KEY_PURPOSE_XTS_256_1 2
#define KM_KEY_PURPOSE_XTS_256_2 3
#define KM_KEY_PURPOSE_XTS_128 4
int km_key_purpose;
#define KM_DEPLOY_MODE_RANDOM 0
#define KM_DEPLOY_MODE_AES 1
#define KM_DEPLOY_MODE_ECDH0 2
#define KM_DEPLOY_MODE_ECDH1 3
#define KM_DEPLOY_MODE_RECOVER 4
#define KM_DEPLOY_MODE_EXPORT 5
int deploy_mode;
uint8_t *init_key; // 256 bits, only used in aes and ecdh1 deploy mode
int deploy_only_once;
int force_use_km_key;
int km_use_efuse_key;
uint32_t efuse_km_rnd_switch_cycle; // 0 means use default
uint32_t km_rnd_switch_cycle; // 0 means use default
int km_use_sw_init_key;
struct huk_info *huk_info;
struct key_info *key_info;
};
/* state of km */
#define KM_STATE_IDLE 0
#define KM_STATE_LOAD 1
#define KM_STATE_GAIN 2
#define KM_STATE_BUSY 3
#define KM_STATE_INVALID 4
/* state of huk generator
* values defined same as km
*/
#define HUK_STATE_IDLE 0
#define HUK_STATE_LOAD 1
#define HUK_STATE_GAIN 2
#define HUK_STATE_BUSY 3
#define HUK_NOT_GENERATED 0
#define HUK_GEN_VALID 1
#define HUK_GEN_INVALID 2
#if __cplusplus
}
#endif
#endif