--- /dev/null
+/*
+ * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stddef.h>
+#include <string.h>
+
+#include <platform_def.h>
+
+#include <arch_helpers.h>
+#include <common/debug.h>
+#include <drivers/arm/cryptocell/712/crypto_driver.h>
+#include <drivers/arm/cryptocell/712/rsa.h>
+#include <drivers/arm/cryptocell/712/sbrom_bsv_api.h>
+#include <drivers/arm/cryptocell/712/secureboot_base_func.h>
+#include <drivers/arm/cryptocell/712/secureboot_gen_defs.h>
+#include <drivers/arm/cryptocell/712/util.h>
+#include <drivers/auth/crypto_mod.h>
+#include <drivers/auth/mbedtls/mbedtls_common.h>
+#include <lib/utils.h>
+
+#include <mbedtls/oid.h>
+
+#define LIB_NAME "CryptoCell 712 SBROM"
+#define RSA_SALT_LEN 32
+#define RSA_EXPONENT 65537
+
+/*
+ * AlgorithmIdentifier ::= SEQUENCE {
+ * algorithm OBJECT IDENTIFIER,
+ * parameters ANY DEFINED BY algorithm OPTIONAL
+ * }
+ *
+ * SubjectPublicKeyInfo ::= SEQUENCE {
+ * algorithm AlgorithmIdentifier,
+ * subjectPublicKey BIT STRING
+ * }
+ *
+ * DigestInfo ::= SEQUENCE {
+ * digestAlgorithm AlgorithmIdentifier,
+ * digest OCTET STRING
+ * }
+ *
+ * RSASSA-PSS-params ::= SEQUENCE {
+ * hashAlgorithm [0] HashAlgorithm,
+ * maskGenAlgorithm [1] MaskGenAlgorithm,
+ * saltLength [2] INTEGER,
+ * trailerField [3] TrailerField DEFAULT trailerFieldBC
+ * }
+ */
+
+/*
+ * Initialize the library and export the descriptor
+ */
+static void init(void)
+{
+ CCError_t ret;
+ uint32_t lcs;
+
+ /* Initialize CC SBROM */
+ ret = CC_BsvSbromInit((uintptr_t)PLAT_CRYPTOCELL_BASE);
+ if (ret != CC_OK) {
+ ERROR("CryptoCell CC_BsvSbromInit() error %x\n", ret);
+ panic();
+ }
+
+ /* Initialize lifecycle state */
+ ret = CC_BsvLcsGetAndInit((uintptr_t)PLAT_CRYPTOCELL_BASE, &lcs);
+ if (ret != CC_OK) {
+ ERROR("CryptoCell CC_BsvLcsGetAndInit() error %x\n", ret);
+ panic();
+ }
+
+ /* If the lifecyclestate is `SD`, then stop further execution */
+ if (lcs == CC_BSV_SECURITY_DISABLED_LCS) {
+ ERROR("CryptoCell LCS is security-disabled\n");
+ panic();
+ }
+}
+
+/*
+ * Verify a signature.
+ *
+ * Parameters are passed using the DER encoding format following the ASN.1
+ * structures detailed above.
+ */
+static int verify_signature(void *data_ptr, unsigned int data_len,
+ void *sig_ptr, unsigned int sig_len,
+ void *sig_alg, unsigned int sig_alg_len,
+ void *pk_ptr, unsigned int pk_len)
+{
+ CCError_t error;
+ CCSbNParams_t pk;
+ CCSbSignature_t signature;
+ int rc, exp;
+ mbedtls_asn1_buf sig_oid, alg_oid, params;
+ mbedtls_md_type_t md_alg;
+ mbedtls_pk_type_t pk_alg;
+ mbedtls_pk_rsassa_pss_options pss_opts;
+ size_t len;
+ uint8_t *p, *end;
+ /* Temp buf to store the public key modulo (N) in LE format */
+ uint32_t RevN[SB_RSA_MOD_SIZE_IN_WORDS];
+
+ /* Verify the signature algorithm */
+ /* Get pointers to signature OID and parameters */
+ p = sig_alg;
+ end = p + sig_alg_len;
+ rc = mbedtls_asn1_get_alg(&p, end, &sig_oid, ¶ms);
+ if (rc != 0)
+ return CRYPTO_ERR_SIGNATURE;
+
+ /* Get the actual signature algorithm (MD + PK) */
+ rc = mbedtls_oid_get_sig_alg(&sig_oid, &md_alg, &pk_alg);
+ if (rc != 0)
+ return CRYPTO_ERR_SIGNATURE;
+
+ /* The CryptoCell only supports RSASSA-PSS signature */
+ if (pk_alg != MBEDTLS_PK_RSASSA_PSS || md_alg != MBEDTLS_MD_NONE)
+ return CRYPTO_ERR_SIGNATURE;
+
+ /* Verify the RSASSA-PSS params */
+ /* The trailer field is verified to be 0xBC internally by this API */
+ rc = mbedtls_x509_get_rsassa_pss_params(¶ms, &md_alg,
+ &pss_opts.mgf1_hash_id,
+ &pss_opts.expected_salt_len);
+ if (rc != 0)
+ return CRYPTO_ERR_SIGNATURE;
+
+ /* The CryptoCell only supports SHA256 as hash algorithm */
+ if (md_alg != MBEDTLS_MD_SHA256 || pss_opts.mgf1_hash_id != MBEDTLS_MD_SHA256)
+ return CRYPTO_ERR_SIGNATURE;
+
+ if (pss_opts.expected_salt_len != RSA_SALT_LEN)
+ return CRYPTO_ERR_SIGNATURE;
+
+ /* Parse the public key */
+ p = pk_ptr;
+ end = p + pk_len;
+ rc = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+ if (rc != 0)
+ return CRYPTO_ERR_SIGNATURE;
+
+ end = p + len;
+ rc = mbedtls_asn1_get_alg_null(&p, end, &alg_oid);
+ if (rc != 0)
+ return CRYPTO_ERR_SIGNATURE;
+
+ if (mbedtls_oid_get_pk_alg(&alg_oid, &pk_alg) != 0)
+ return CRYPTO_ERR_SIGNATURE;
+
+ if (pk_alg != MBEDTLS_PK_RSA)
+ return CRYPTO_ERR_SIGNATURE;
+
+ rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
+ if (rc != 0)
+ return CRYPTO_ERR_SIGNATURE;
+
+ rc = mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+ if (rc != 0)
+ return CRYPTO_ERR_SIGNATURE;
+
+ rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER);
+ if (rc != 0)
+ return CRYPTO_ERR_SIGNATURE;
+
+ if (*p == 0) {
+ p++; len--;
+ }
+ if (len != RSA_MOD_SIZE_IN_BYTES || ((p + len) > end))
+ return CRYPTO_ERR_SIGNATURE;
+
+ /*
+ * The CCSbVerifySignature() API expects N and Np in BE format and
+ * the signature in LE format. Copy N from certificate.
+ */
+ memcpy(pk.N, p, RSA_MOD_SIZE_IN_BYTES);
+
+ /* Verify the RSA exponent */
+ p += len;
+ rc = mbedtls_asn1_get_int(&p, end, &exp);
+ if (rc != 0)
+ return CRYPTO_ERR_SIGNATURE;
+
+ if (exp != RSA_EXPONENT)
+ return CRYPTO_ERR_SIGNATURE;
+
+ /*
+ * Calculate the Np (Barrett n' value). The RSA_CalcNp() API expects
+ * N in LE format. Hence reverse N into a temporary buffer `RevN`.
+ */
+ UTIL_ReverseMemCopy((uint8_t *)RevN, (uint8_t *)pk.N, sizeof(RevN));
+
+ RSA_CalcNp((uintptr_t)PLAT_CRYPTOCELL_BASE, RevN, pk.Np);
+
+ /* Np is in LE format. Reverse it to BE */
+ UTIL_ReverseBuff((uint8_t *)pk.Np, sizeof(pk.Np));
+
+ /* Get the signature (bitstring) */
+ p = sig_ptr;
+ end = p + sig_len;
+ rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
+ if (rc != 0)
+ return CRYPTO_ERR_SIGNATURE;
+
+ if (len != RSA_MOD_SIZE_IN_BYTES || ((p + len) > end))
+ return CRYPTO_ERR_SIGNATURE;
+
+ /*
+ * The signature is BE format. Convert it to LE before calling
+ * CCSbVerifySignature().
+ */
+ UTIL_ReverseMemCopy((uint8_t *)signature.sig, p, RSA_MOD_SIZE_IN_BYTES);
+
+ /*
+ * CryptoCell utilises DMA internally to transfer data. Flush the data
+ * from caches.
+ */
+ flush_dcache_range((uintptr_t)data_ptr, data_len);
+
+ /* Verify the signature */
+ error = CCSbVerifySignature((uintptr_t)PLAT_CRYPTOCELL_BASE,
+ (uint32_t *)data_ptr, &pk, &signature,
+ data_len, RSA_PSS_2048);
+ if (error != CC_OK)
+ return CRYPTO_ERR_SIGNATURE;
+
+ /* Signature verification success */
+ return CRYPTO_SUCCESS;
+}
+
+/*
+ * Match a hash
+ *
+ * Digest info is passed in DER format following the ASN.1 structure detailed
+ * above.
+ */
+static int verify_hash(void *data_ptr, unsigned int data_len,
+ void *digest_info_ptr, unsigned int digest_info_len)
+{
+ mbedtls_asn1_buf hash_oid, params;
+ mbedtls_md_type_t md_alg;
+ uint8_t *p, *end, *hash;
+ CCHashResult_t pubKeyHash;
+ size_t len;
+ int rc;
+ CCError_t error;
+
+ /* Digest info should be an MBEDTLS_ASN1_SEQUENCE */
+ p = digest_info_ptr;
+ end = p + digest_info_len;
+ rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE);
+ if (rc != 0)
+ return CRYPTO_ERR_HASH;
+
+ /* Get the hash algorithm */
+ rc = mbedtls_asn1_get_alg(&p, end, &hash_oid, ¶ms);
+ if (rc != 0)
+ return CRYPTO_ERR_HASH;
+
+ rc = mbedtls_oid_get_md_alg(&hash_oid, &md_alg);
+ if (rc != 0)
+ return CRYPTO_ERR_HASH;
+ /* Verify that hash algorithm is SHA256 */
+ if (md_alg != MBEDTLS_MD_SHA256)
+ return CRYPTO_ERR_HASH;
+
+ /* Hash should be octet string type */
+ rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
+ if (rc != 0)
+ return CRYPTO_ERR_HASH;
+
+ /* Length of hash must match the algorithm's size */
+ if (len != HASH_RESULT_SIZE_IN_BYTES)
+ return CRYPTO_ERR_HASH;
+
+ /*
+ * CryptoCell utilises DMA internally to transfer data. Flush the data
+ * from caches.
+ */
+ flush_dcache_range((uintptr_t)data_ptr, data_len);
+
+ hash = p;
+ error = SBROM_CryptoHash((uintptr_t)PLAT_CRYPTOCELL_BASE,
+ (uintptr_t)data_ptr, data_len, pubKeyHash);
+ if (error != CC_OK)
+ return CRYPTO_ERR_HASH;
+
+ rc = memcmp(pubKeyHash, hash, HASH_RESULT_SIZE_IN_BYTES);
+ if (rc != 0)
+ return CRYPTO_ERR_HASH;
+
+ return CRYPTO_SUCCESS;
+}
+
+/*
+ * Register crypto library descriptor
+ */
+REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash);
+
--- /dev/null
+/*
+ * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <stddef.h>
+#include <string.h>
+
+#include <platform_def.h>
+
+#include <plat/common/platform.h>
+#include <tools_share/tbbr_oid.h>
+
+#include <common/debug.h>
+#include <drivers/arm/cryptocell/712/sbrom_bsv_api.h>
+#include <drivers/arm/cryptocell/712/nvm.h>
+#include <drivers/arm/cryptocell/712/nvm_otp.h>
+
+/*
+ * Return the ROTPK hash
+ *
+ * dst: buffer into which the ROTPK hash will be copied into
+ * len: length of the provided buffer, which must be at least enough for a
+ * SHA256 hash
+ * flags: a pointer to integer that will be set to indicate the ROTPK status
+ *
+ * Return: 0 = success, Otherwise = error
+ */
+int cc_get_rotpk_hash(unsigned char *dst, unsigned int len, unsigned int *flags)
+{
+ CCError_t error;
+ uint32_t lcs;
+
+ assert(dst != NULL);
+ assert(len >= HASH_RESULT_SIZE_IN_WORDS);
+ assert(flags != NULL);
+
+ error = NVM_GetLCS(PLAT_CRYPTOCELL_BASE, &lcs);
+ if (error != CC_OK)
+ return 1;
+
+ /* If the lifecycle state is `SD`, return failure */
+ if (lcs == CC_BSV_SECURITY_DISABLED_LCS)
+ return 1;
+
+ /*
+ * If the lifecycle state is `CM` or `DM`, ROTPK shouldn't be verified.
+ * Return success after setting ROTPK_NOT_DEPLOYED flag
+ */
+ if ((lcs == CC_BSV_CHIP_MANUFACTURE_LCS) ||
+ (lcs == CC_BSV_DEVICE_MANUFACTURE_LCS)) {
+ *flags = ROTPK_NOT_DEPLOYED;
+ return 0;
+ }
+
+ /* Copy the DER header */
+ error = NVM_ReadHASHPubKey(PLAT_CRYPTOCELL_BASE,
+ CC_SB_HASH_BOOT_KEY_256B,
+ (uint32_t *)dst, HASH_RESULT_SIZE_IN_WORDS);
+ if (error != CC_OK)
+ return 1;
+
+ *flags = ROTPK_IS_HASH;
+ return 0;
+}
+
+/*
+ * Return the non-volatile counter value stored in the platform. The cookie
+ * specifies the OID of the counter in the certificate.
+ *
+ * Return: 0 = success, Otherwise = error
+ */
+int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
+{
+ CCError_t error = CC_FAIL;
+
+ if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
+ error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE,
+ CC_SW_VERSION_COUNTER1, nv_ctr);
+ } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
+ error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE,
+ CC_SW_VERSION_COUNTER2, nv_ctr);
+ }
+
+ return (error != CC_OK);
+}
+
+/*
+ * Store a new non-volatile counter value in the counter specified by the OID
+ * in the cookie. This function is not expected to be called if the Lifecycle
+ * state is RMA as the values in the certificate are expected to always match
+ * the nvcounter values. But if called when the LCS is RMA, the underlying
+ * helper functions will return success but without updating the counter.
+ *
+ * Return: 0 = success, Otherwise = error
+ */
+int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
+{
+ CCError_t error = CC_FAIL;
+
+ if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
+ error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE,
+ CC_SW_VERSION_COUNTER1, nv_ctr);
+ } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
+ error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE,
+ CC_SW_VERSION_COUNTER2, nv_ctr);
+ }
+
+ return (error != CC_OK);
+}
+
+++ /dev/null
-/*
- * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <stddef.h>
-#include <string.h>
-
-#include <platform_def.h>
-
-#include <arch_helpers.h>
-#include <common/debug.h>
-#include <drivers/arm/cryptocell/crypto_driver.h>
-#include <drivers/arm/cryptocell/rsa.h>
-#include <drivers/arm/cryptocell/sbrom_bsv_api.h>
-#include <drivers/arm/cryptocell/secureboot_base_func.h>
-#include <drivers/arm/cryptocell/secureboot_gen_defs.h>
-#include <drivers/arm/cryptocell/util.h>
-#include <drivers/auth/crypto_mod.h>
-#include <drivers/auth/mbedtls/mbedtls_common.h>
-#include <lib/utils.h>
-
-#include <mbedtls/oid.h>
-
-#define LIB_NAME "CryptoCell SBROM"
-#define RSA_SALT_LEN 32
-#define RSA_EXPONENT 65537
-
-/*
- * AlgorithmIdentifier ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY algorithm OPTIONAL
- * }
- *
- * SubjectPublicKeyInfo ::= SEQUENCE {
- * algorithm AlgorithmIdentifier,
- * subjectPublicKey BIT STRING
- * }
- *
- * DigestInfo ::= SEQUENCE {
- * digestAlgorithm AlgorithmIdentifier,
- * digest OCTET STRING
- * }
- *
- * RSASSA-PSS-params ::= SEQUENCE {
- * hashAlgorithm [0] HashAlgorithm,
- * maskGenAlgorithm [1] MaskGenAlgorithm,
- * saltLength [2] INTEGER,
- * trailerField [3] TrailerField DEFAULT trailerFieldBC
- * }
- */
-
-/*
- * Initialize the library and export the descriptor
- */
-static void init(void)
-{
- CCError_t ret;
- uint32_t lcs;
-
- /* Initialize CC SBROM */
- ret = CC_BsvSbromInit((uintptr_t)PLAT_CRYPTOCELL_BASE);
- if (ret != CC_OK) {
- ERROR("CryptoCell CC_BsvSbromInit() error %x\n", ret);
- panic();
- }
-
- /* Initialize lifecycle state */
- ret = CC_BsvLcsGetAndInit((uintptr_t)PLAT_CRYPTOCELL_BASE, &lcs);
- if (ret != CC_OK) {
- ERROR("CryptoCell CC_BsvLcsGetAndInit() error %x\n", ret);
- panic();
- }
-
- /* If the lifecyclestate is `SD`, then stop further execution */
- if (lcs == CC_BSV_SECURITY_DISABLED_LCS) {
- ERROR("CryptoCell LCS is security-disabled\n");
- panic();
- }
-}
-
-/*
- * Verify a signature.
- *
- * Parameters are passed using the DER encoding format following the ASN.1
- * structures detailed above.
- */
-static int verify_signature(void *data_ptr, unsigned int data_len,
- void *sig_ptr, unsigned int sig_len,
- void *sig_alg, unsigned int sig_alg_len,
- void *pk_ptr, unsigned int pk_len)
-{
- CCError_t error;
- CCSbNParams_t pk;
- CCSbSignature_t signature;
- int rc, exp;
- mbedtls_asn1_buf sig_oid, alg_oid, params;
- mbedtls_md_type_t md_alg;
- mbedtls_pk_type_t pk_alg;
- mbedtls_pk_rsassa_pss_options pss_opts;
- size_t len;
- uint8_t *p, *end;
- /* Temp buf to store the public key modulo (N) in LE format */
- uint32_t RevN[SB_RSA_MOD_SIZE_IN_WORDS];
-
- /* Verify the signature algorithm */
- /* Get pointers to signature OID and parameters */
- p = sig_alg;
- end = p + sig_alg_len;
- rc = mbedtls_asn1_get_alg(&p, end, &sig_oid, ¶ms);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- /* Get the actual signature algorithm (MD + PK) */
- rc = mbedtls_oid_get_sig_alg(&sig_oid, &md_alg, &pk_alg);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- /* The CryptoCell only supports RSASSA-PSS signature */
- if (pk_alg != MBEDTLS_PK_RSASSA_PSS || md_alg != MBEDTLS_MD_NONE)
- return CRYPTO_ERR_SIGNATURE;
-
- /* Verify the RSASSA-PSS params */
- /* The trailer field is verified to be 0xBC internally by this API */
- rc = mbedtls_x509_get_rsassa_pss_params(¶ms, &md_alg,
- &pss_opts.mgf1_hash_id,
- &pss_opts.expected_salt_len);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- /* The CryptoCell only supports SHA256 as hash algorithm */
- if (md_alg != MBEDTLS_MD_SHA256 || pss_opts.mgf1_hash_id != MBEDTLS_MD_SHA256)
- return CRYPTO_ERR_SIGNATURE;
-
- if (pss_opts.expected_salt_len != RSA_SALT_LEN)
- return CRYPTO_ERR_SIGNATURE;
-
- /* Parse the public key */
- p = pk_ptr;
- end = p + pk_len;
- rc = mbedtls_asn1_get_tag(&p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- end = p + len;
- rc = mbedtls_asn1_get_alg_null(&p, end, &alg_oid);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- if (mbedtls_oid_get_pk_alg(&alg_oid, &pk_alg) != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- if (pk_alg != MBEDTLS_PK_RSA)
- return CRYPTO_ERR_SIGNATURE;
-
- rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- rc = mbedtls_asn1_get_tag(&p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- if (*p == 0) {
- p++; len--;
- }
- if (len != RSA_MOD_SIZE_IN_BYTES || ((p + len) > end))
- return CRYPTO_ERR_SIGNATURE;
-
- /*
- * The CCSbVerifySignature() API expects N and Np in BE format and
- * the signature in LE format. Copy N from certificate.
- */
- memcpy(pk.N, p, RSA_MOD_SIZE_IN_BYTES);
-
- /* Verify the RSA exponent */
- p += len;
- rc = mbedtls_asn1_get_int(&p, end, &exp);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- if (exp != RSA_EXPONENT)
- return CRYPTO_ERR_SIGNATURE;
-
- /*
- * Calculate the Np (Barrett n' value). The RSA_CalcNp() API expects
- * N in LE format. Hence reverse N into a temporary buffer `RevN`.
- */
- UTIL_ReverseMemCopy((uint8_t *)RevN, (uint8_t *)pk.N, sizeof(RevN));
-
- RSA_CalcNp((uintptr_t)PLAT_CRYPTOCELL_BASE, RevN, pk.Np);
-
- /* Np is in LE format. Reverse it to BE */
- UTIL_ReverseBuff((uint8_t *)pk.Np, sizeof(pk.Np));
-
- /* Get the signature (bitstring) */
- p = sig_ptr;
- end = p + sig_len;
- rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- if (len != RSA_MOD_SIZE_IN_BYTES || ((p + len) > end))
- return CRYPTO_ERR_SIGNATURE;
-
- /*
- * The signature is BE format. Convert it to LE before calling
- * CCSbVerifySignature().
- */
- UTIL_ReverseMemCopy((uint8_t *)signature.sig, p, RSA_MOD_SIZE_IN_BYTES);
-
- /*
- * CryptoCell utilises DMA internally to transfer data. Flush the data
- * from caches.
- */
- flush_dcache_range((uintptr_t)data_ptr, data_len);
-
- /* Verify the signature */
- error = CCSbVerifySignature((uintptr_t)PLAT_CRYPTOCELL_BASE,
- (uint32_t *)data_ptr, &pk, &signature,
- data_len, RSA_PSS_2048);
- if (error != CC_OK)
- return CRYPTO_ERR_SIGNATURE;
-
- /* Signature verification success */
- return CRYPTO_SUCCESS;
-}
-
-/*
- * Match a hash
- *
- * Digest info is passed in DER format following the ASN.1 structure detailed
- * above.
- */
-static int verify_hash(void *data_ptr, unsigned int data_len,
- void *digest_info_ptr, unsigned int digest_info_len)
-{
- mbedtls_asn1_buf hash_oid, params;
- mbedtls_md_type_t md_alg;
- uint8_t *p, *end, *hash;
- CCHashResult_t pubKeyHash;
- size_t len;
- int rc;
- CCError_t error;
-
- /* Digest info should be an MBEDTLS_ASN1_SEQUENCE */
- p = digest_info_ptr;
- end = p + digest_info_len;
- rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0)
- return CRYPTO_ERR_HASH;
-
- /* Get the hash algorithm */
- rc = mbedtls_asn1_get_alg(&p, end, &hash_oid, ¶ms);
- if (rc != 0)
- return CRYPTO_ERR_HASH;
-
- rc = mbedtls_oid_get_md_alg(&hash_oid, &md_alg);
- if (rc != 0)
- return CRYPTO_ERR_HASH;
- /* Verify that hash algorithm is SHA256 */
- if (md_alg != MBEDTLS_MD_SHA256)
- return CRYPTO_ERR_HASH;
-
- /* Hash should be octet string type */
- rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
- if (rc != 0)
- return CRYPTO_ERR_HASH;
-
- /* Length of hash must match the algorithm's size */
- if (len != HASH_RESULT_SIZE_IN_BYTES)
- return CRYPTO_ERR_HASH;
-
- /*
- * CryptoCell utilises DMA internally to transfer data. Flush the data
- * from caches.
- */
- flush_dcache_range((uintptr_t)data_ptr, data_len);
-
- hash = p;
- error = SBROM_CryptoHash((uintptr_t)PLAT_CRYPTOCELL_BASE,
- (uintptr_t)data_ptr, data_len, pubKeyHash);
- if (error != CC_OK)
- return CRYPTO_ERR_HASH;
-
- rc = memcmp(pubKeyHash, hash, HASH_RESULT_SIZE_IN_BYTES);
- if (rc != 0)
- return CRYPTO_ERR_HASH;
-
- return CRYPTO_SUCCESS;
-}
-
-/*
- * Register crypto library descriptor
- */
-REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash);
-
$(error Error: CCSBROM_LIB_PATH not set)
endif
-TF_LDFLAGS += -L$(CCSBROM_LIB_PATH)
-LDLIBS += -lcc_712sbromx509
+CRYPTOCELL_VERSION ?= 712
+ifeq (${CRYPTOCELL_VERSION},712)
+ CCSBROM_LIB_FILENAME := cc_712sbromx509
+else
+ $(error Error: CRYPTOCELL_VERSION set to invalid version)
+endif
+
+CRYPTOCELL_SRC_DIR := drivers/auth/cryptocell/${CRYPTOCELL_VERSION}/
-CRYPTOCELL_SOURCES := drivers/auth/cryptocell/cryptocell_crypto.c \
- drivers/auth/cryptocell/cryptocell_plat_helpers.c
+CRYPTOCELL_SOURCES := ${CRYPTOCELL_SRC_DIR}/cryptocell_crypto.c \
+ ${CRYPTOCELL_SRC_DIR}/cryptocell_plat_helpers.c
+
+TF_LDFLAGS += -L$(CCSBROM_LIB_PATH)
+LDLIBS += -l$(CCSBROM_LIB_FILENAME)
BL1_SOURCES += ${CRYPTOCELL_SOURCES}
BL2_SOURCES += ${CRYPTOCELL_SOURCES}
+++ /dev/null
-/*
- * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <assert.h>
-#include <stddef.h>
-#include <string.h>
-
-#include <platform_def.h>
-
-#include <plat/common/platform.h>
-#include <tools_share/tbbr_oid.h>
-
-#include <common/debug.h>
-#include <drivers/arm/cryptocell/sbrom_bsv_api.h>
-#include <drivers/arm/cryptocell/nvm.h>
-#include <drivers/arm/cryptocell/nvm_otp.h>
-
-/*
- * Return the ROTPK hash
- *
- * dst: buffer into which the ROTPK hash will be copied into
- * len: length of the provided buffer, which must be at least enough for a
- * SHA256 hash
- * flags: a pointer to integer that will be set to indicate the ROTPK status
- *
- * Return: 0 = success, Otherwise = error
- */
-int cc_get_rotpk_hash(unsigned char *dst, unsigned int len, unsigned int *flags)
-{
- CCError_t error;
- uint32_t lcs;
-
- assert(dst != NULL);
- assert(len >= HASH_RESULT_SIZE_IN_WORDS);
- assert(flags != NULL);
-
- error = NVM_GetLCS(PLAT_CRYPTOCELL_BASE, &lcs);
- if (error != CC_OK)
- return 1;
-
- /* If the lifecycle state is `SD`, return failure */
- if (lcs == CC_BSV_SECURITY_DISABLED_LCS)
- return 1;
-
- /*
- * If the lifecycle state is `CM` or `DM`, ROTPK shouldn't be verified.
- * Return success after setting ROTPK_NOT_DEPLOYED flag
- */
- if ((lcs == CC_BSV_CHIP_MANUFACTURE_LCS) ||
- (lcs == CC_BSV_DEVICE_MANUFACTURE_LCS)) {
- *flags = ROTPK_NOT_DEPLOYED;
- return 0;
- }
-
- /* Copy the DER header */
- error = NVM_ReadHASHPubKey(PLAT_CRYPTOCELL_BASE,
- CC_SB_HASH_BOOT_KEY_256B,
- (uint32_t *)dst, HASH_RESULT_SIZE_IN_WORDS);
- if (error != CC_OK)
- return 1;
-
- *flags = ROTPK_IS_HASH;
- return 0;
-}
-
-/*
- * Return the non-volatile counter value stored in the platform. The cookie
- * specifies the OID of the counter in the certificate.
- *
- * Return: 0 = success, Otherwise = error
- */
-int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
-{
- CCError_t error = CC_FAIL;
-
- if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_COUNTER1, nv_ctr);
- } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_COUNTER2, nv_ctr);
- }
-
- return (error != CC_OK);
-}
-
-/*
- * Store a new non-volatile counter value in the counter specified by the OID
- * in the cookie. This function is not expected to be called if the Lifecycle
- * state is RMA as the values in the certificate are expected to always match
- * the nvcounter values. But if called when the LCS is RMA, the underlying
- * helper functions will return success but without updating the counter.
- *
- * Return: 0 = success, Otherwise = error
- */
-int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
-{
- CCError_t error = CC_FAIL;
-
- if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_COUNTER1, nv_ctr);
- } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_COUNTER2, nv_ctr);
- }
-
- return (error != CC_OK);
-}
-
--- /dev/null
+/*
+ * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef _CC_CRYPTO_BOOT_DEFS_H
+#define _CC_CRYPTO_BOOT_DEFS_H
+
+/*! @file
+@brief This file contains SBROM definitions
+*/
+
+/*! Version counters value. */
+typedef enum {
+
+ CC_SW_VERSION_COUNTER1 = 1, /*!< Counter 1 - trusted version. */
+ CC_SW_VERSION_COUNTER2, /*!< Counter 2 - non trusted version. */
+
+ CC_SW_VERSION_MAX = 0x7FFFFFFF
+
+} CCSbSwVersionId_t;
+
+/* HASH boot key definition */
+typedef enum {
+ CC_SB_HASH_BOOT_KEY_0_128B = 0, /*!< 128-bit truncated SHA256 digest of public key 0. */
+ CC_SB_HASH_BOOT_KEY_1_128B = 1, /*!< 128-bit truncated SHA256 digest of public key 1. */
+ CC_SB_HASH_BOOT_KEY_256B = 2, /*!< 256-bit SHA256 digest of public key. */
+ CC_SB_HASH_BOOT_NOT_USED = 0xFF,
+ CC_SB_HASH_MAX_NUM = 0x7FFFFFFF, /*!\internal use external 128-bit truncated SHA256 digest */
+} CCSbPubKeyIndexType_t;
+
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/*!
+@file
+@brief This file contains the platform-dependent definitions that are used in the SBROM code.
+*/
+
+#ifndef _CC_PAL_SB_PLAT_H
+#define _CC_PAL_SB_PLAT_H
+
+#include "cc_pal_types.h"
+
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/*! Definition of DMA address type, can be 32 bits or 64 bits according to CryptoCell's HW. */
+typedef uint64_t CCDmaAddr_t;
+/*! Definition of CryptoCell address type, can be 32 bits or 64 bits according to platform. */
+typedef uintptr_t CCAddr_t;
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CC_PAL_TYPES_H
+#define CC_PAL_TYPES_H
+
+/*!
+@file
+@brief This file contains platform-dependent definitions and types.
+*/
+
+#include "cc_pal_types_plat.h"
+
+typedef enum {
+ CC_FALSE = 0,
+ CC_TRUE = 1
+} CCBool;
+
+#define CC_SUCCESS 0UL
+#define CC_FAIL 1UL
+
+#define CC_1K_SIZE_IN_BYTES 1024
+#define CC_BITS_IN_BYTE 8
+#define CC_BITS_IN_32BIT_WORD 32
+#define CC_32BIT_WORD_SIZE (sizeof(uint32_t))
+
+#define CC_OK CC_SUCCESS
+
+#define CC_UNUSED_PARAM(prm) ((void)prm)
+
+#define CC_MAX_UINT32_VAL (0xFFFFFFFF)
+
+#define CALC_FULL_BYTES(numBits) (((numBits) + (CC_BITS_IN_BYTE - 1))/CC_BITS_IN_BYTE)
+#define CALC_FULL_32BIT_WORDS(numBits) (((numBits) + (CC_BITS_IN_32BIT_WORD - 1))/CC_BITS_IN_32BIT_WRD)
+#define CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) (((sizeBytes) + CC_32BIT_WORD_SIZE - 1)/CC_32BIT_WORD_SIZE)
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/*! @file
+@brief This file contains basic type definitions that are platform-dependent.
+*/
+#ifndef _CC_PAL_TYPES_PLAT_H
+#define _CC_PAL_TYPES_PLAT_H
+/* Host specific types for standard (ISO-C99) compilant platforms */
+
+#include <stddef.h>
+#include <stdint.h>
+
+typedef uint32_t CCStatus;
+
+#define CCError_t CCStatus
+#define CC_INFINITE 0xFFFFFFFF
+
+#define CEXPORT_C
+#define CIMPORT_C
+
+#endif /*_CC_PAL_TYPES_PLAT_H*/
--- /dev/null
+/*
+ * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef _CC_SEC_DEFS_H
+#define _CC_SEC_DEFS_H
+
+/*!
+@file
+@brief This file contains general hash definitions and types.
+*/
+
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/*! The hashblock size in words. */
+#define HASH_BLOCK_SIZE_IN_WORDS 16
+/*! The hash - SHA2 results in words. */
+#define HASH_RESULT_SIZE_IN_WORDS 8
+#define HASH_RESULT_SIZE_IN_BYTES 32
+
+/*! Definition for hash result array. */
+typedef uint32_t CCHashResult_t[HASH_RESULT_SIZE_IN_WORDS];
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef _CRYPTO_DRIVER_H
+#define _CRYPTO_DRIVER_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include "cc_pal_sb_plat.h"
+#include "cc_sec_defs.h"
+
+/*----------------------------
+ PUBLIC FUNCTIONS
+-----------------------------------*/
+/*!
+ * @brief This function gives the functionality of integrated hash
+ *
+ * @param[in] hwBaseAddress - CryptoCell base address
+ * @param[out] hashResult - the HASH result.
+ *
+ */
+CCError_t SBROM_CryptoHash(unsigned long hwBaseAddress, CCDmaAddr_t inputDataAddr, uint32_t BlockSize,
+ CCHashResult_t hashResult);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef _NVM__H
+#define _NVM__H
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include "cc_crypto_boot_defs.h"
+#include "cc_pal_types.h"
+#include "cc_sec_defs.h"
+
+/*------------------------------------
+ DEFINES
+-------------------------------------*/
+
+/**
+ * @brief This function reads the LCS from the SRAM/NVM
+ *
+ * @param[in] hwBaseAddress - CryptoCell base address
+ *
+ * @param[in/out] lcs_ptr - pointer to memory to store the LCS
+ *
+ * @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
+ */
+CCError_t NVM_GetLCS(unsigned long hwBaseAddress, uint32_t *lcs_ptr);
+
+/**
+ * @brief The NVM_ReadHASHPubKey function is a NVM interface function -
+ * The function retrieves the HASH of the device Public key from the SRAM/NVM
+ *
+ * @param[in] hwBaseAddress - CryptoCell base address
+ *
+ * @param[in] pubKeyIndex - Index of HASH in the OTP
+ *
+ * @param[out] PubKeyHASH - the public key HASH.
+ *
+ * @param[in] hashSizeInWords - hash size (valid values: 4W, 8W)
+ *
+ * @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
+ */
+
+CCError_t NVM_ReadHASHPubKey(unsigned long hwBaseAddress, CCSbPubKeyIndexType_t pubKeyIndex, CCHashResult_t PubKeyHASH, uint32_t hashSizeInWords);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef _NVM_OTP_H
+#define _NVM_OTP_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include "cc_crypto_boot_defs.h"
+#include "cc_pal_types.h"
+
+/*------------------------------------
+ DEFINES
+-------------------------------------*/
+
+
+
+/**
+ * @brief The NVM_GetSwVersion function is a NVM interface function -
+ * The function retrieves the SW version from the SRAM/NVM.
+ * In case of OTP, we support up to 16 anti-rollback counters (taken from the certificate)
+ *
+ * @param[in] hwBaseAddress - CryptoCell base address
+ *
+ * @param[in] counterId - relevant only for OTP (valid values: 1,2)
+ *
+ * @param[out] swVersion - the minimum SW version
+ *
+ * @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
+ */
+CCError_t NVM_GetSwVersion(unsigned long hwBaseAddress, CCSbSwVersionId_t counterId, uint32_t *swVersion);
+
+
+/**
+ * @brief The NVM_SetSwVersion function is a NVM interface function -
+ * The function writes the SW version into the SRAM/NVM.
+ * In case of OTP, we support up to 16 anti-rollback counters (taken from the certificate)
+ *
+ * @param[in] hwBaseAddress - CryptoCell base address
+ *
+ * @param[in] counterId - relevant only for OTP (valid values: 1,2)
+ *
+ * @param[in] swVersion - the minimum SW version
+ *
+ * @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
+ */
+CCError_t NVM_SetSwVersion(unsigned long hwBaseAddress, CCSbSwVersionId_t counterId, uint32_t swVersion);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef RSA_H
+#define RSA_H
+
+/*
+ * All the includes that are needed for code using this module to
+ * compile correctly should be #included here.
+ */
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include "cc_pal_types.h"
+
+/************************ Defines ******************************/
+
+/* the modulus size ion bits */
+#define RSA_MOD_SIZE_IN_BITS 2048UL
+#define RSA_MOD_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_MOD_SIZE_IN_BITS))
+#define RSA_MOD_SIZE_IN_WORDS (CALC_FULL_32BIT_WORDS(RSA_MOD_SIZE_IN_BITS))
+#define RSA_MOD_SIZE_IN_256BITS (RSA_MOD_SIZE_IN_WORDS/8)
+#define RSA_EXP_SIZE_IN_BITS 17UL
+#define RSA_EXP_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_EXP_SIZE_IN_BITS))
+
+/* size of buffer for Barrett modulus tag NP, used in PKA algorithms */
+#define RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_BITS 132
+#define RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_BITS))
+#define RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS (CALC_FULL_32BIT_WORDS(RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_BITS))
+
+/*
+ * @brief The RSA_CalcNp calculates Np value and saves it into Np_ptr:
+ *
+ *
+
+ * @param[in] hwBaseAddress - HW base address. Relevant for HW
+ * implementation, for SW it is ignored.
+ * @N_ptr[in] - The pointer to the modulus buffer.
+ * @Np_ptr[out] - pointer to Np vector buffer. Its size must be >= 160.
+ */
+void RSA_CalcNp(unsigned long hwBaseAddress,
+ uint32_t *N_ptr,
+ uint32_t *Np_ptr);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef _SBROM_BSV_API_H
+#define _SBROM_BSV_API_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/*! @file
+@brief This file contains all SBROM library APIs and definitions.
+*/
+#include "cc_pal_types.h"
+
+/* Life cycle state definitions */
+#define CC_BSV_CHIP_MANUFACTURE_LCS 0x0 /*!< CM lifecycle value. */
+#define CC_BSV_DEVICE_MANUFACTURE_LCS 0x1 /*!< DM lifecycle value. */
+#define CC_BSV_SECURITY_DISABLED_LCS 0x3 /*!< SD lifecycle value. */
+#define CC_BSV_SECURE_LCS 0x5 /*!< Secure lifecycle value. */
+#define CC_BSV_RMA_LCS 0x7 /*!< RMA lifecycle value. */
+
+/*----------------------------
+ PUBLIC FUNCTIONS
+-----------------------------------*/
+
+/*!
+@brief This function should be the first ARM TrustZone CryptoCell TEE SBROM library API called.
+It verifies the HW product and version numbers.
+
+@return CC_OK On success.
+@return A non-zero value from sbrom_bsv_error.h on failure.
+*/
+CCError_t CC_BsvSbromInit(
+ unsigned long hwBaseAddress /*!< [in] HW registers base address. */
+ );
+
+
+/*!
+@brief This function can be used for checking the LCS value, after CC_BsvLcsGetAndInit was called by the Boot ROM.
+
+@return CC_OK On success.
+@return A non-zero value from sbrom_bsv_error.h on failure.
+*/
+CCError_t CC_BsvLcsGet(
+ unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
+ uint32_t *pLcs /*!< [out] Returned lifecycle state. */
+ );
+
+/*!
+@brief This function retrieves the HW security lifecycle state, performs validity checks,
+and additional initializations in case the LCS is RMA (sets the Kce to fixed value).
+\note Invalid LCS results in an error returned.
+In this case, the customer's code must completely disable the device.
+
+@return CC_OK On success.
+@return A non-zero value from sbrom_bsv_error.h on failure.
+*/
+CCError_t CC_BsvLcsGetAndInit(
+ unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
+ uint32_t *pLcs /*!< [out] Returned lifecycle state. */
+ );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef _SECURE_BOOT_BASE_FUNC_H
+#define _SECURE_BOOT_BASE_FUNC_H
+
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include "cc_pal_types.h"
+#include "secureboot_gen_defs.h"
+
+
+/*----------------------------
+ PUBLIC FUNCTIONS
+-----------------------------------*/
+
+/**
+ * @brief This function calculates the HASH over the given data and than verify
+ * RSA signature on that hashed data
+ *
+ * @param[in] hwBaseAddr - CryptoCell base address
+ * @param[in] pData - pointer to the data to be verified
+ * @param[in] pNParams - a pointer to the public key parameters
+ * @param[in] pSignature - a pointer to the signature structure
+ * @param[in] sizeOfData - size of the data to calculate the HASH on (in bytes)
+ * @param[in] RSAAlg - RSA algorithm to use
+ *
+ * @return CCError_t - On success the value CC_OK is returned,
+ * on failure - a value from BootImagesVerifier_error.h
+ */
+CCError_t CCSbVerifySignature(unsigned long hwBaseAddress,
+ uint32_t *pData,
+ CCSbNParams_t *pNParams,
+ CCSbSignature_t *pSignature,
+ uint32_t sizeOfData,
+ CCSbRsaAlg_t RSAAlg);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef _SECURE_BOOT_GEN_DEFS_H
+#define _SECURE_BOOT_GEN_DEFS_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/*! @file
+@brief This file contains all of the definitions and structures that are used for the secure boot.
+*/
+
+#include "cc_pal_sb_plat.h"
+#include "cc_sec_defs.h"
+
+
+/* General definitions */
+/***********************/
+
+/*RSA definitions*/
+#define SB_RSA_MOD_SIZE_IN_WORDS 64
+#define SB_RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS 5
+
+
+/*! Public key data structure. */
+typedef struct {
+ uint32_t N[SB_RSA_MOD_SIZE_IN_WORDS]; /*!< N public key, big endian representation. */
+ uint32_t Np[SB_RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS]; /*!< Np (Barrett n' value). */
+} CCSbNParams_t;
+
+/*! Signature structure. */
+typedef struct {
+ uint32_t sig[SB_RSA_MOD_SIZE_IN_WORDS]; /*!< RSA PSS signature. */
+} CCSbSignature_t;
+
+
+/********* Supported algorithms definitions ***********/
+
+/*! RSA supported algorithms */
+typedef enum {
+ RSA_PSS_2048 = 0x01, /*!< RSA PSS 2048 after hash SHA 256 */
+ RSA_PKCS15_2048 = 0x02, /*!< RSA PKX15 */
+ RSA_Last = 0x7FFFFFFF
+} CCSbRsaAlg_t;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef UTIL_H
+#define UTIL_H
+
+/*
+ * All the includes that are needed for code using this module to
+ * compile correctly should be #included here.
+ */
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/************************ Defines ******************************/
+
+/* invers the bytes on a word- used for output from HASH */
+#ifdef BIG__ENDIAN
+#define UTIL_INVERSE_UINT32_BYTES(val) (val)
+#else
+#define UTIL_INVERSE_UINT32_BYTES(val) \
+ (((val) >> 24) | (((val) & 0x00FF0000) >> 8) | (((val) & 0x0000FF00) << 8) | (((val) & 0x000000FF) << 24))
+#endif
+
+/* invers the bytes on a word - used for input data for HASH */
+#ifdef BIG__ENDIAN
+#define UTIL_REVERT_UINT32_BYTES(val) \
+ (((val) >> 24) | (((val) & 0x00FF0000) >> 8) | (((val) & 0x0000FF00) << 8) | (((val) & 0x000000FF) << 24))
+#else
+#define UTIL_REVERT_UINT32_BYTES(val) (val)
+#endif
+
+ /* ------------------------------------------------------------
+ **
+ * @brief This function executes a reverse bytes copying from one buffer to another buffer.
+ *
+ * @param[in] dst_ptr - The pointer to destination buffer.
+ * @param[in] src_ptr - The pointer to source buffer.
+ * @param[in] size - The size in bytes.
+ *
+ */
+
+void UTIL_ReverseMemCopy(uint8_t *dst_ptr, uint8_t *src_ptr, uint32_t size);
+
+
+ /* ------------------------------------------------------------
+ **
+ * @brief This function executes a reversed byte copy on a specified buffer.
+ *
+ * on a 6 byte byffer:
+ *
+ * buff[5] <---> buff[0]
+ * buff[4] <---> buff[1]
+ * buff[3] <---> buff[2]
+ *
+ * @param[in] dst_ptr - The counter buffer.
+ * @param[in] src_ptr - The counter size in bytes.
+ *
+ */
+void UTIL_ReverseBuff(uint8_t *buff_ptr, uint32_t size);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+++ /dev/null
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_CRYPTO_BOOT_DEFS_H
-#define _CC_CRYPTO_BOOT_DEFS_H
-
-/*! @file
-@brief This file contains SBROM definitions
-*/
-
-/*! Version counters value. */
-typedef enum {
-
- CC_SW_VERSION_COUNTER1 = 1, /*!< Counter 1 - trusted version. */
- CC_SW_VERSION_COUNTER2, /*!< Counter 2 - non trusted version. */
-
- CC_SW_VERSION_MAX = 0x7FFFFFFF
-
-} CCSbSwVersionId_t;
-
-/* HASH boot key definition */
-typedef enum {
- CC_SB_HASH_BOOT_KEY_0_128B = 0, /*!< 128-bit truncated SHA256 digest of public key 0. */
- CC_SB_HASH_BOOT_KEY_1_128B = 1, /*!< 128-bit truncated SHA256 digest of public key 1. */
- CC_SB_HASH_BOOT_KEY_256B = 2, /*!< 256-bit SHA256 digest of public key. */
- CC_SB_HASH_BOOT_NOT_USED = 0xFF,
- CC_SB_HASH_MAX_NUM = 0x7FFFFFFF, /*!\internal use external 128-bit truncated SHA256 digest */
-} CCSbPubKeyIndexType_t;
-
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-/*!
-@file
-@brief This file contains the platform-dependent definitions that are used in the SBROM code.
-*/
-
-#ifndef _CC_PAL_SB_PLAT_H
-#define _CC_PAL_SB_PLAT_H
-
-#include "cc_pal_types.h"
-
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*! Definition of DMA address type, can be 32 bits or 64 bits according to CryptoCell's HW. */
-typedef uint64_t CCDmaAddr_t;
-/*! Definition of CryptoCell address type, can be 32 bits or 64 bits according to platform. */
-typedef uintptr_t CCAddr_t;
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef CC_PAL_TYPES_H
-#define CC_PAL_TYPES_H
-
-/*!
-@file
-@brief This file contains platform-dependent definitions and types.
-*/
-
-#include "cc_pal_types_plat.h"
-
-typedef enum {
- CC_FALSE = 0,
- CC_TRUE = 1
-} CCBool;
-
-#define CC_SUCCESS 0UL
-#define CC_FAIL 1UL
-
-#define CC_1K_SIZE_IN_BYTES 1024
-#define CC_BITS_IN_BYTE 8
-#define CC_BITS_IN_32BIT_WORD 32
-#define CC_32BIT_WORD_SIZE (sizeof(uint32_t))
-
-#define CC_OK CC_SUCCESS
-
-#define CC_UNUSED_PARAM(prm) ((void)prm)
-
-#define CC_MAX_UINT32_VAL (0xFFFFFFFF)
-
-#define CALC_FULL_BYTES(numBits) (((numBits) + (CC_BITS_IN_BYTE - 1))/CC_BITS_IN_BYTE)
-#define CALC_FULL_32BIT_WORDS(numBits) (((numBits) + (CC_BITS_IN_32BIT_WORD - 1))/CC_BITS_IN_32BIT_WRD)
-#define CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) (((sizeBytes) + CC_32BIT_WORD_SIZE - 1)/CC_32BIT_WORD_SIZE)
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-/*! @file
-@brief This file contains basic type definitions that are platform-dependent.
-*/
-#ifndef _CC_PAL_TYPES_PLAT_H
-#define _CC_PAL_TYPES_PLAT_H
-/* Host specific types for standard (ISO-C99) compilant platforms */
-
-#include <stddef.h>
-#include <stdint.h>
-
-typedef uint32_t CCStatus;
-
-#define CCError_t CCStatus
-#define CC_INFINITE 0xFFFFFFFF
-
-#define CEXPORT_C
-#define CIMPORT_C
-
-#endif /*_CC_PAL_TYPES_PLAT_H*/
+++ /dev/null
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_SEC_DEFS_H
-#define _CC_SEC_DEFS_H
-
-/*!
-@file
-@brief This file contains general hash definitions and types.
-*/
-
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*! The hashblock size in words. */
-#define HASH_BLOCK_SIZE_IN_WORDS 16
-/*! The hash - SHA2 results in words. */
-#define HASH_RESULT_SIZE_IN_WORDS 8
-#define HASH_RESULT_SIZE_IN_BYTES 32
-
-/*! Definition for hash result array. */
-typedef uint32_t CCHashResult_t[HASH_RESULT_SIZE_IN_WORDS];
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CRYPTO_DRIVER_H
-#define _CRYPTO_DRIVER_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_pal_sb_plat.h"
-#include "cc_sec_defs.h"
-
-/*----------------------------
- PUBLIC FUNCTIONS
------------------------------------*/
-/*!
- * @brief This function gives the functionality of integrated hash
- *
- * @param[in] hwBaseAddress - CryptoCell base address
- * @param[out] hashResult - the HASH result.
- *
- */
-CCError_t SBROM_CryptoHash(unsigned long hwBaseAddress, CCDmaAddr_t inputDataAddr, uint32_t BlockSize,
- CCHashResult_t hashResult);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _NVM__H
-#define _NVM__H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_crypto_boot_defs.h"
-#include "cc_pal_types.h"
-#include "cc_sec_defs.h"
-
-/*------------------------------------
- DEFINES
--------------------------------------*/
-
-/**
- * @brief This function reads the LCS from the SRAM/NVM
- *
- * @param[in] hwBaseAddress - CryptoCell base address
- *
- * @param[in/out] lcs_ptr - pointer to memory to store the LCS
- *
- * @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
- */
-CCError_t NVM_GetLCS(unsigned long hwBaseAddress, uint32_t *lcs_ptr);
-
-/**
- * @brief The NVM_ReadHASHPubKey function is a NVM interface function -
- * The function retrieves the HASH of the device Public key from the SRAM/NVM
- *
- * @param[in] hwBaseAddress - CryptoCell base address
- *
- * @param[in] pubKeyIndex - Index of HASH in the OTP
- *
- * @param[out] PubKeyHASH - the public key HASH.
- *
- * @param[in] hashSizeInWords - hash size (valid values: 4W, 8W)
- *
- * @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
- */
-
-CCError_t NVM_ReadHASHPubKey(unsigned long hwBaseAddress, CCSbPubKeyIndexType_t pubKeyIndex, CCHashResult_t PubKeyHASH, uint32_t hashSizeInWords);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _NVM_OTP_H
-#define _NVM_OTP_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_crypto_boot_defs.h"
-#include "cc_pal_types.h"
-
-/*------------------------------------
- DEFINES
--------------------------------------*/
-
-
-
-/**
- * @brief The NVM_GetSwVersion function is a NVM interface function -
- * The function retrieves the SW version from the SRAM/NVM.
- * In case of OTP, we support up to 16 anti-rollback counters (taken from the certificate)
- *
- * @param[in] hwBaseAddress - CryptoCell base address
- *
- * @param[in] counterId - relevant only for OTP (valid values: 1,2)
- *
- * @param[out] swVersion - the minimum SW version
- *
- * @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
- */
-CCError_t NVM_GetSwVersion(unsigned long hwBaseAddress, CCSbSwVersionId_t counterId, uint32_t *swVersion);
-
-
-/**
- * @brief The NVM_SetSwVersion function is a NVM interface function -
- * The function writes the SW version into the SRAM/NVM.
- * In case of OTP, we support up to 16 anti-rollback counters (taken from the certificate)
- *
- * @param[in] hwBaseAddress - CryptoCell base address
- *
- * @param[in] counterId - relevant only for OTP (valid values: 1,2)
- *
- * @param[in] swVersion - the minimum SW version
- *
- * @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
- */
-CCError_t NVM_SetSwVersion(unsigned long hwBaseAddress, CCSbSwVersionId_t counterId, uint32_t swVersion);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef RSA_H
-#define RSA_H
-
-/*
- * All the includes that are needed for code using this module to
- * compile correctly should be #included here.
- */
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_pal_types.h"
-
-/************************ Defines ******************************/
-
-/* the modulus size ion bits */
-#define RSA_MOD_SIZE_IN_BITS 2048UL
-#define RSA_MOD_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_MOD_SIZE_IN_BITS))
-#define RSA_MOD_SIZE_IN_WORDS (CALC_FULL_32BIT_WORDS(RSA_MOD_SIZE_IN_BITS))
-#define RSA_MOD_SIZE_IN_256BITS (RSA_MOD_SIZE_IN_WORDS/8)
-#define RSA_EXP_SIZE_IN_BITS 17UL
-#define RSA_EXP_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_EXP_SIZE_IN_BITS))
-
-/* size of buffer for Barrett modulus tag NP, used in PKA algorithms */
-#define RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_BITS 132
-#define RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_BITS))
-#define RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS (CALC_FULL_32BIT_WORDS(RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_BITS))
-
-/*
- * @brief The RSA_CalcNp calculates Np value and saves it into Np_ptr:
- *
- *
-
- * @param[in] hwBaseAddress - HW base address. Relevant for HW
- * implementation, for SW it is ignored.
- * @N_ptr[in] - The pointer to the modulus buffer.
- * @Np_ptr[out] - pointer to Np vector buffer. Its size must be >= 160.
- */
-void RSA_CalcNp(unsigned long hwBaseAddress,
- uint32_t *N_ptr,
- uint32_t *Np_ptr);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _SBROM_BSV_API_H
-#define _SBROM_BSV_API_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*! @file
-@brief This file contains all SBROM library APIs and definitions.
-*/
-#include "cc_pal_types.h"
-
-/* Life cycle state definitions */
-#define CC_BSV_CHIP_MANUFACTURE_LCS 0x0 /*!< CM lifecycle value. */
-#define CC_BSV_DEVICE_MANUFACTURE_LCS 0x1 /*!< DM lifecycle value. */
-#define CC_BSV_SECURITY_DISABLED_LCS 0x3 /*!< SD lifecycle value. */
-#define CC_BSV_SECURE_LCS 0x5 /*!< Secure lifecycle value. */
-#define CC_BSV_RMA_LCS 0x7 /*!< RMA lifecycle value. */
-
-/*----------------------------
- PUBLIC FUNCTIONS
------------------------------------*/
-
-/*!
-@brief This function should be the first ARM TrustZone CryptoCell TEE SBROM library API called.
-It verifies the HW product and version numbers.
-
-@return CC_OK On success.
-@return A non-zero value from sbrom_bsv_error.h on failure.
-*/
-CCError_t CC_BsvSbromInit(
- unsigned long hwBaseAddress /*!< [in] HW registers base address. */
- );
-
-
-/*!
-@brief This function can be used for checking the LCS value, after CC_BsvLcsGetAndInit was called by the Boot ROM.
-
-@return CC_OK On success.
-@return A non-zero value from sbrom_bsv_error.h on failure.
-*/
-CCError_t CC_BsvLcsGet(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- uint32_t *pLcs /*!< [out] Returned lifecycle state. */
- );
-
-/*!
-@brief This function retrieves the HW security lifecycle state, performs validity checks,
-and additional initializations in case the LCS is RMA (sets the Kce to fixed value).
-\note Invalid LCS results in an error returned.
-In this case, the customer's code must completely disable the device.
-
-@return CC_OK On success.
-@return A non-zero value from sbrom_bsv_error.h on failure.
-*/
-CCError_t CC_BsvLcsGetAndInit(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- uint32_t *pLcs /*!< [out] Returned lifecycle state. */
- );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _SECURE_BOOT_BASE_FUNC_H
-#define _SECURE_BOOT_BASE_FUNC_H
-
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_pal_types.h"
-#include "secureboot_gen_defs.h"
-
-
-/*----------------------------
- PUBLIC FUNCTIONS
------------------------------------*/
-
-/**
- * @brief This function calculates the HASH over the given data and than verify
- * RSA signature on that hashed data
- *
- * @param[in] hwBaseAddr - CryptoCell base address
- * @param[in] pData - pointer to the data to be verified
- * @param[in] pNParams - a pointer to the public key parameters
- * @param[in] pSignature - a pointer to the signature structure
- * @param[in] sizeOfData - size of the data to calculate the HASH on (in bytes)
- * @param[in] RSAAlg - RSA algorithm to use
- *
- * @return CCError_t - On success the value CC_OK is returned,
- * on failure - a value from BootImagesVerifier_error.h
- */
-CCError_t CCSbVerifySignature(unsigned long hwBaseAddress,
- uint32_t *pData,
- CCSbNParams_t *pNParams,
- CCSbSignature_t *pSignature,
- uint32_t sizeOfData,
- CCSbRsaAlg_t RSAAlg);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _SECURE_BOOT_GEN_DEFS_H
-#define _SECURE_BOOT_GEN_DEFS_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*! @file
-@brief This file contains all of the definitions and structures that are used for the secure boot.
-*/
-
-#include "cc_pal_sb_plat.h"
-#include "cc_sec_defs.h"
-
-
-/* General definitions */
-/***********************/
-
-/*RSA definitions*/
-#define SB_RSA_MOD_SIZE_IN_WORDS 64
-#define SB_RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS 5
-
-
-/*! Public key data structure. */
-typedef struct {
- uint32_t N[SB_RSA_MOD_SIZE_IN_WORDS]; /*!< N public key, big endian representation. */
- uint32_t Np[SB_RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS]; /*!< Np (Barrett n' value). */
-} CCSbNParams_t;
-
-/*! Signature structure. */
-typedef struct {
- uint32_t sig[SB_RSA_MOD_SIZE_IN_WORDS]; /*!< RSA PSS signature. */
-} CCSbSignature_t;
-
-
-/********* Supported algorithms definitions ***********/
-
-/*! RSA supported algorithms */
-typedef enum {
- RSA_PSS_2048 = 0x01, /*!< RSA PSS 2048 after hash SHA 256 */
- RSA_PKCS15_2048 = 0x02, /*!< RSA PKX15 */
- RSA_Last = 0x7FFFFFFF
-} CCSbRsaAlg_t;
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef UTIL_H
-#define UTIL_H
-
-/*
- * All the includes that are needed for code using this module to
- * compile correctly should be #included here.
- */
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/************************ Defines ******************************/
-
-/* invers the bytes on a word- used for output from HASH */
-#ifdef BIG__ENDIAN
-#define UTIL_INVERSE_UINT32_BYTES(val) (val)
-#else
-#define UTIL_INVERSE_UINT32_BYTES(val) \
- (((val) >> 24) | (((val) & 0x00FF0000) >> 8) | (((val) & 0x0000FF00) << 8) | (((val) & 0x000000FF) << 24))
-#endif
-
-/* invers the bytes on a word - used for input data for HASH */
-#ifdef BIG__ENDIAN
-#define UTIL_REVERT_UINT32_BYTES(val) \
- (((val) >> 24) | (((val) & 0x00FF0000) >> 8) | (((val) & 0x0000FF00) << 8) | (((val) & 0x000000FF) << 24))
-#else
-#define UTIL_REVERT_UINT32_BYTES(val) (val)
-#endif
-
- /* ------------------------------------------------------------
- **
- * @brief This function executes a reverse bytes copying from one buffer to another buffer.
- *
- * @param[in] dst_ptr - The pointer to destination buffer.
- * @param[in] src_ptr - The pointer to source buffer.
- * @param[in] size - The size in bytes.
- *
- */
-
-void UTIL_ReverseMemCopy(uint8_t *dst_ptr, uint8_t *src_ptr, uint32_t size);
-
-
- /* ------------------------------------------------------------
- **
- * @brief This function executes a reversed byte copy on a specified buffer.
- *
- * on a 6 byte byffer:
- *
- * buff[5] <---> buff[0]
- * buff[4] <---> buff[1]
- * buff[3] <---> buff[2]
- *
- * @param[in] dst_ptr - The counter buffer.
- * @param[in] src_ptr - The counter size in bytes.
- *
- */
-void UTIL_ReverseBuff(uint8_t *buff_ptr, uint32_t size);
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
projects / project / bcm63xx / atf.git / commitdiff