概述
sec_crypto组件为安全算法组件,提供安全平台的安全算法抽象开发接口,实现常见的密码学算法,包含对称算法、非对称/公钥算法、摘要算法、消息验证码算法。
功能
- 对称算法
AES ECB/CBC
AES with 128/192/256 bit keywidth
- 非对称算法
RSA1024
RSA2048
ECC256
- 摘要
SHA1、SHA2
消息验证码
随机数
接口定义
错误码
错误码 | 值 |
---|---|
SC_OK | 0 |
SC_FAIL | 0x10000001 |
SC_MEM_OVERFLOW | 0x10000002 |
SC_PARAM_INV | 0x10000003 |
SC_OPERATION_BUSY | 0x10000004 |
SC_AUTH_FAIL | 0x10000005 |
SC_CRYPT_FAIL | 0x10000006 |
SC_NOT_SUPPORT | 0x10000007 |
SC_INVALID_PADDING | 0x10000008 |
SC_BAD_INPUT_DATA | 0x10000009 |
SC_INVALID_KEY_LENGTH | 0x100000010 |
SC_INVALID_INPUT_LENGTH | 0x100000011 |
SC_FEATURE_UNAVAILABLE | 0x100000012 |
SC_HW_ACCEL_FAILED | 0x100000013 |
SC_CCM_AUTH_FAILED | 0x100000014 |
SC_KEY_GEN_FAILED | 0x100000015 |
SC_KEY_CHECK_FAILED | 0x100000016 |
SC_PUBLIC_FAILED | 0x100000017 |
SC_PRIVATE_FAILED | 0x100000018 |
SC_VERIFY_FAILED | 0x100000019 |
SC_OUTPUT_TOO_LARGE | 0x100000020 |
SC_RNG_FAILED | 0x100000021 |
SC_BUFFER_TOO_SMALL | 0x100000022 |
SC_INVALID_FORMAT | 0x100000023 |
SC_ALLOC_FAILED | 0x100000024 |
SC_DRV_FAILED | 0x100000025 |
AES接口原型
sc_aes_init
uint32_t sc_aes_init(sc_aes_t *aes, uint32_t idx)
Initialize AES Interface. Initializes the resources needed for the AES interface.
Parameters [in] aes operate handle [in] idx device id
Returns error code uint32_t
sc_aes_uninit
void sc_aes_uninit(sc_aes_t *aes)
De-initialize AES Interface. stops operation and releases the software resources used by the interface.
Parameters [in] aes handle to operate
Returns None
sc_aes_set_encrypt_key
uint32_t sc_aes_set_encrypt_key(sc_aes_t *aes, void *key, sc_aes_key_bits_t key_len)
Set encrypt key.
Parameters [in] aes handle to operate [in] key Pointer to the key buf [in] key_len Pointer to \ref sc_aes_key_bits_t
Returns error code uint32_t
sc_aes_set_decrypt_key
uint32_t sc_aes_set_decrypt_key(sc_aes_t *aes, void *key, sc_aes_key_bits_t key_len)
Set decrypt key.
Parameters [in] aes handle to operate [in] key Pointer to the key buf [in] key_len Pointer to \ref sc_aes_key_bits_t
Returns error code uint32_t
sc_aes_ecb_encrypt
uint32_t sc_aes_ecb_encrypt(sc_aes_t *aes, void *in, void *out, uint32_t size)
Aes ecb encrypt.
Parameters [in] aes handle to operate [in] in Pointer to the Source data [out] out Pointer to the Result data [in] size the Source data size
Returns error code uint32_t
sc_aes_ecb_decrypt
uint32_t sc_aes_ecb_decrypt(sc_aes_t *aes, void *in, void *out, uint32_t size)
Aes ecb decrypt.
Parameters [in] aes handle to operate [in] in Pointer to the Source data [out] out Pointer to the Result data [in] size the Source data size
Returns error code uint32_t
sc_aes_cbc_encrypt
uint32_t sc_aes_cbc_encrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, void *iv);
Aes cbc encrypt.
Parameters [in] aes handle to operate [in] in Pointer to the Source data [out] out Pointer to the Result data [in] size the Source data size [in] iv init vector
Returns error code uint32_t
sc_aes_cbc_decrypt
uint32_t sc_aes_cbc_decrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, void *iv);
Aes cbc decrypt.
Parameters [in] aes handle to operate [in] in Pointer to the Source data [out] out Pointer to the Result data [in] size the Source data size [in] iv init vector
Returns error code uint32_t
sc_aes_cfb1_encrypt
uint32_t sc_aes_cfb1_encrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, void *iv);
Aes cfb1 encrypt.
Parameters [in] aes handle to operate [in] in Pointer to the Source data [out] out Pointer to the Result data [in] size the Source data size [in] iv init vector
Returns error code uint32_t
sc_aes_cfb1_decrypt
uint32_t sc_aes_cfb1_decrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, void *iv);
Aes cfb1 decrypt.
Parameters [in] aes handle to operate [in] in Pointer to the Source data [out] out Pointer to the Result data [in] size the Source data size [in] iv init vector
Returns error code uint32_t
sc_aes_cfb8_encrypt
uint32_t sc_aes_cfb8_encrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, void *iv);
Aes cfb8 encrypt.
Parameters [in] aes handle to operate [in] in Pointer to the Source data [out] out Pointer to the Result data [in] size the Source data size [in] iv init vector
Returns error code uint32_t
sc_aes_cfb8_decrypt
uint32_t sc_aes_cfb8_decrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, void *iv);
Aes cfb8 decrypt.
Parameters [in] aes handle to operate [in] in Pointer to the Source data [out] out Pointer to the Result data [in] size the Source data size [in] iv init vector
Returns error code uint32_t
sc_aes_cfb128_decrypt
uint32_t sc_aes_cfb128_decrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, void *iv,uint32_t *num);
Aes cfb128 decrypt.
Parameters [in] aes handle to operate [in] in Pointer to the Source data [out] out Pointer to the Result data [in] size the Source data size [in] iv init vector [out] num the number of the 128-bit block we have used
Returns error code uint32_t
sc_aes_cfb128_encrypt
uint32_t sc_aes_cfb128_encrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, void *iv,uint32_t *num);
Aes cfb128 encrypt.
Parameters [in] aes handle to operate [in] in Pointer to the Source data [out] out Pointer to the Result data [in] size the Source data size [in] iv init vector [out] num the number of the 128-bit block we have used
Returns error code uint32_t
sc_aes_ofb_encrypt
uint32_t sc_aes_ofb_encrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, void *iv,uint32_t *num);
Aes ofb encrypt.
Parameters [in] aes handle to operate [in] in Pointer to the Source data [out] out Pointer to the Result data [in] size the Source data size [in] iv init vector [out] num the number of the 128-bit block we have used
Returns error code uint32_t
sc_aes_ofb_decrypt
uint32_t sc_aes_ofb_decrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, void *iv,uint32_t *num);
Aes ofb decrypt.
Parameters [in] aes handle to operate [in] in Pointer to the Source data [out] out Pointer to the Result data [in] size the Source data size [in] iv init vector [out] num the number of the 128-bit block we have used
Returns error code uint32_t
sc_aes_ctr_encrypt
uint32_t sc_aes_ctr_encrypt(sc_aes_t *aes, void *in, void *out, uint32_t size,uint8_t nonce_counter[16], uint8_t stream_block[16], void *iv,uint32_t *num);
Aes ctr encrypt.
Parameters [in] aes handle to operate [in] in Pointer to the Source data [out] out Pointer to the Result data [in] size the Source data size [in] nonce_counter Pointer to the 128-bit nonce and counter [in] stream_block Pointer to the saved stream-block for resuming [in] iv init vector [out] num the number of the 128-bit block we have used
Returns error code uint32_t
sc_aes_ctr_decrypt
uint32_t sc_aes_ctr_decrypt(sc_aes_t *aes, void *in, void *out, uint32_t size,uint8_t nonce_counter[16], uint8_t stream_block[16], void *iv,uint32_t *num);
Aes ctr decrypt.
Parameters [in] aes handle to operate [in] in Pointer to the Source data [out] out Pointer to the Result data [in] size the Source data size [in] nonce_counter Pointer to the 128-bit nonce and counter [in] stream_block Pointer to the saved stream-block for resuming [in] iv init vector [out] num the number of the 128-bit block we have used
Returns error code uint32_t
SHA接口原型
SHA模式枚举
typedef enum {
SHA_MODE_1 = 1U,
SHA_MODE_256,
SHA_MODE_224,
SHA_MODE_512,
SHA_MODE_384,
SHA_MODE_512_256,
SHA_MODE_512_224
} sc_sha_mode_t;
相关数据结构
typedef struct {
uint32_t busy : 1; ///< calculate busy flag
uint32_t error : 1; ///< calculate error flag
} sc_sha_state_t;
typedef struct {
#ifdef CONFIG_SYSTEM_SECURE
#ifdef CONFIG_CSI_V1
uint8_t ctx[SHA_CONTEXT_SIZE];
#endif /* CONFIG_CSI_V1 */
#ifdef CONFIG_CSI_V2
csi_sha_context_t ctx;
#endif
#endif
#if defined(CONFIG_TEE_CA)
uint8_t ctx[224+8];
#endif
#if defined(CONFIG_SEC_CRYPTO_SHA_SW)
sc_mbedtls_sha1_context sha1_ctx;
sc_mbedtls_sha256_context sha2_ctx;
#endif
sc_sha_mode_t mode; ///< sha mode
} sc_sha_context_t;
/****** SHA Event *****/
typedef enum {
SC_SHA_EVENT_COMPLETE = 0U, ///< calculate completed
SC_SHA_EVENT_ERROR ///< calculate error
} sc_sha_event_t;
typedef struct sc_sha {
#ifdef CONFIG_SYSTEM_SECURE
#ifdef CONFIG_CSI_V1
sha_handle_t handle;
sc_sha_context_t ctx;
sc_sha_mode_t mode; ///< sha mode
#endif /* CONFIG_CSI_V1 */
#ifdef CONFIG_CSI_V2
csi_sha_t csi_sha;
#endif
#endif
#if defined(CONFIG_TEE_CA)
#endif
void *user; ///< CID 68702(1 的 1 数):编码标准冲突 (MISRA C-2012 Rule 21.18)
} sc_sha_t;
sc_sha_init
uint32_t sc_sha_init(sc_sha_t *sha, uint32_t idx);
Initialize SHA Interface. Initializes the resources needed for the SHA interface.
Parameters [in] sha operate handle. [in] idx index of sha
Returns error code uint32_t
sc_sha_uninit
void sc_sha_uninit(sc_sha_t *sha);
De-initialize SHA Interface. stops operation and releases the software resources used by the interface.
Parameters [in] sha sha handle to operate.
Returns none
sc_sha_attach_callback
uint32_t sc_sha_attach_callback(sc_sha_t *sha, void *callback, void *arg);
attach the callback handler to SHA.
Parameters [in] sha sha handle to operate [in] callback callback function [in] arg callback's param
Returns error code
sc_sha_detach_callback
void sc_sha_detach_callback(sc_sha_t *sha);
detach the callback handler.
Parameters [in] sha sha handle to operate
sc_sha_start
uint32_t sc_sha_start(sc_sha_t *sha, sc_sha_context_t *context, sc_sha_mode_t mode);
start the engine.
Parameters [in] sha sha handle to operate. [in] context Pointer to the sha context sc_sha_context_t [in] mode sha mode sc_sha_mode_t
Returns error code uint32_t
sc_sha_update
uint32_t sc_sha_update(sc_sha_t *sha, sc_sha_context_t *context, const void *input,uint32_t size);
update the engine.
Parameters [in] sha sha handle to operate. [in] context Pointer to the sha context sc_sha_context_t [in] input Pointer to the Source data [in] size the data size
Returns error code uint32_t
sc_sha_update_async
uint32_t sc_sha_update_async(sc_sha_t *sha, sc_sha_context_t *context, const void *input,uint32_t size);
accumulate the engine (async mode).
Parameters [in] sha sha handle to operate. [in] context Pointer to the sha context sc_sha_context_t [in] input Pointer to the Source data [in] size the data size
Returns error code uint32_t
sc_sha_finish
uint32_t sc_sha_finish(sc_sha_t *sha, sc_sha_context_t *context, void *output,uint32_t *out_size);
finish the engine.
Parameters [in] sha sha handle to operate. [in] context Pointer to the sha context sc_sha_context_t [out] output Pointer to the result data [out] out_size Pointer to the result data size(bytes)
Returns error code uint32_t
RSA接口原型
RSA padding模式
typedef enum {
RSA_PADDING_MODE_NO = 0,
RSA_PADDING_MODE_PKCS1,
RSA_PADDING_MODE_PKCS1_OAEP,
RSA_PADDING_MODE_SSLV23,
RSA_PADDING_MODE_X931,
RSA_PADDING_MODE_PSS
} sc_rsa_padding_type_t;
相关数据结构
/*----- RSA Control Codes: Mode Parameters: Key Bits -----*/
typedef enum {
SC_RSA_KEY_BITS_192 = 0, ///< 192 Key bits
SC_RSA_KEY_BITS_256, ///< 256 Key bits
SC_RSA_KEY_BITS_512, ///< 512 Key bits
SC_RSA_KEY_BITS_1024, ///< 1024 Key bits
SC_RSA_KEY_BITS_2048, ///< 2048 Key bits
SC_RSA_KEY_BITS_3072, ///< 3072 Key bits
SC_RSA_KEY_BITS_4096 ///< 4096 Key bits
} sc_rsa_key_bits_t;
typedef enum {
SC_RSA_HASH_TYPE_MD5 = 0,
SC_RSA_HASH_TYPE_SHA1,
SC_RSA_HASH_TYPE_SHA224,
SC_RSA_HASH_TYPE_SHA256,
SC_RSA_HASH_TYPE_SHA384,
SC_RSA_HASH_TYPE_SHA512
} sc_rsa_hash_type_t;
typedef struct {
// #if (defined(CONFIG_SYSTEM_SECURE) && defined(CONFIG_CSI_V2))
// csi_rsa_context_t rsa_ctx;
// #else
void * n; ///< Pointer to the public modulus
void * e; ///< Pointer to the public exponent
void * d; ///< Pointer to the private exponent
uint32_t key_bits; ///< RSA KEY BITS
sc_rsa_padding_type_t padding_type; ///< RSA PADDING TYPE
sc_rsa_hash_type_t hash_type;
// #endif
} sc_rsa_context_t;
typedef struct {
uint8_t busy : 1; ///< Calculate busy flag
uint8_t error : 1; ///< Calculate error flag
} sc_rsa_state_t;
typedef struct {
#ifdef CONFIG_SYSTEM_SECURE
#ifdef CONFIG_CSI_V1
rsa_handle_t handle;
#endif /* CONFIG_CSI_V1 */
#ifdef CONFIG_CSI_V2
csi_rsa_t csi_rsa;
#endif
#endif
#if defined(CONFIG_SEC_CRYPTO_RSA_SW)
sc_mbedtls_rsa_context rsa_ctx;
#endif
sc_rsa_key_bits_t bits;
} sc_rsa_t;
typedef enum {
SC_RSA_EVENT_COMPLETE = 0, ///< rsa event completed
SC_RSA_EVENT_VERIFY_SUCCESS,
SC_RSA_EVENT_VERIFY_FAILED,
SC_RSA_EVENT_ERROR, ///< error event
} sc_rsa_event_t;
typedef void (*sc_rsa_callback_t)(sc_rsa_t *rsa, sc_rsa_event_t event,void *arg); ///< Pointer to \ref sc_rsa_callback_t : RSA Event call back.
sc_rsa_init
uint32_t sc_rsa_init(sc_rsa_t *rsa, uint32_t idx,sc_rsa_key_bits_t data_bits);
Initialize RSA Interface. 1. Initializes the resources needed for the RSA interface 2.registers event callback function.
Parameters [in] rsa rsa handle to operate. [in] idx device id [in] data_bits rsa bit width
Returns uint32_t
sc_rsa_uninit
void sc_rsa_uninit(sc_rsa_t *rsa);
De-initialize RSA Interface. stops operation and releases the software resources used by the interface.
Parameters [in] rsa rsa handle to operate.
Returns none
sc_rsa_attach_callback
uint32_t sc_rsa_attach_callback(sc_rsa_t *rsa, sc_rsa_callback_t cb, void *arg);
attach the callback handler to RSA.
Parameters [in] rsa rsa handle to operate. [in] cb callback function. [in] arg user can define it by himself as callback's param.
Returns error code
sc_rsa_detach_callback
void sc_rsa_detach_callback(sc_rsa_t *rsa);
detach the callback handler.
Parameters [in] rsa rsa handle to operate.
sc_rsa_gen_key
uint32_t sc_rsa_gen_key(sc_rsa_t *rsa, sc_rsa_context_t *context);
generate rsa key pair.
Parameters [in] rsa rsa handle to operate [out] context Pointer to the rsa context
Returns uint32_t
sc_rsa_encrypt
uint32_t sc_rsa_encrypt(sc_rsa_t *rsa, sc_rsa_context_t *context,
void *src,uint32_t src_size, void *out);
RSA encrypt.
Parameters [in] rsa rsa handle to operate. [in] context Pointer to the rsa context [in] src Pointer to the source data. [in] src_size the source data len [out] out Pointer to the result buffer
Returns uint32_t
sc_rsa_decrypt
uint32_t sc_rsa_decrypt(sc_rsa_t *rsa, sc_rsa_context_t *context, void *src,uint32_t src_size, void *out, uint32_t *out_size);
RSA decrypt.
Parameters [in] rsa rsa handle to operate. [in] context Pointer to the rsa context [in] src Pointer to the source data. [in] src_size the source data len [out] out Pointer to the result buffer [out] out_size the result size
Returns uint32_t
sc_rsa_sign
uint32_t sc_rsa_sign(sc_rsa_t *rsa, sc_rsa_context_t *context, void *src, uint32_t src_size,void *signature, sc_rsa_hash_type_t hash_type);
RSA sign.
Parameters [in] rsa rsa handle to operate. [in] context Pointer to the rsa context [in] src Pointer to the source data. [in] src_size the source data len [out] signature Pointer to the signature [in] hash_type the source data hash type
Returns uint32_t
sc_rsa_verify
bool sc_rsa_verify(sc_rsa_t *rsa, sc_rsa_context_t *context, void *src, uint32_t src_size,void *signature, uint32_t sig_size, sc_rsa_hash_type_t hash_type)
RSA verify
Parameters [in] rsa rsa handle to operate. [in] context Pointer to the rsa context [in] src Pointer to the source data. [in] src_size the source data len [in] signature Pointer to the signature [in] sig_size the signature size [in] hash_type the source data hash type
Returns verify result
sc_rsa_encrypt_async
uint32_t sc_rsa_encrypt_async(sc_rsa_t *rsa, sc_rsa_context_t *context, void *src,uint32_t src_size, void *out);
encrypt(async mode).
Parameters [in] rsa rsa handle to operate. [in] context Pointer to the rsa context [in] src Pointer to the source data. [in] src_size the source data len [out] out Pointer to the result buffer
Returns uint32_t
sc_rsa_decrypt_async
uint32_t sc_rsa_decrypt_async(sc_rsa_t *rsa, sc_rsa_context_t *context, void *src,uint32_t src_size, void *out, uint32_t *out_size);
decrypt(async mode).
Parameters [in] rsa rsa handle to operate. [in] context Pointer to the rsa context [in] src Pointer to the source data. [in] src_size the source data len [out] out Pointer to the result buffer [out] out_size the result size
Returns uint32_t
sc_rsa_sign_async
uint32_t sc_rsa_sign_async(sc_rsa_t *rsa, sc_rsa_context_t *context, void *src,uint32_t src_size, void *signature, sc_rsa_hash_type_t hash_type);
rsa sign(async mode).
Parameters [in] rsa rsa handle to operate. [in] context Pointer to the rsa context [in] src Pointer to the source data. [in] src_size the source data len [out] signature Pointer to the signature [in] hash_type the source data hash type
Returns uint32_t
sc_rsa_verify_async
uint32_t sc_rsa_verify_async(sc_rsa_t *rsa, sc_rsa_context_t *context, void *src,uint32_t src_size, void *signature, uint32_t sig_size,sc_rsa_hash_type_t hash_type);
rsa verify(async mode).
Parameters [in] rsa rsa handle to operate [in] context Pointer to the rsa context [in] src Pointer to the source data [in] src_size the source data len [in] signature Pointer to the signature [in] sig_size the signature size [in] hash_type the source data hash type
Returns verify result
sc_rsa_get_state
uint32_t sc_rsa_get_state(sc_rsa_t *rsa, sc_rsa_state_t *state);
Get RSA state.
Parameters [in] rsa rsa handle to operate [out] state rsa state sc_rsa_state_t
Returns uint32_t
sc_rsa_get_prime
uint32_t sc_rsa_get_prime(sc_rsa_t *rsa, void *p, uint32_t bit_length);
Get big prime data.
Parameters [in] rsa rsa handle to operate [in] p Pointer to the prime [in] bit_length Pointer to the prime bit length
Returns uint32_t
sc_rsa_get_prime
uint32_t sc_rsa_get_prime(sc_rsa_t *rsa, void *p, uint32_t bit_length);
Get big prime data.
Parameters [in] rsa rsa handle to operate [in] p Pointer to the prime [in] bit_length Pointer to the prime bit length
Returns uint32_t
sc_rsa_enable_pm
uint32_t sc_rsa_enable_pm(sc_rsa_t *rsa);
enable rsa power manage.
Parameters [in] rsa rsa handle to operate
Returns error code
sc_rsa_disable_pm
void sc_rsa_disable_pm(sc_rsa_t *rsa);
disable rsa power manage.
Parameters [in] rsa rsa handle to operate
RNG接口
sc_rng_get_multi_word
uint32_t sc_rng_get_multi_word(uint32_t *data, uint32_t num);
Get multword data from the TRNG engine.
Parameters [out] data Pointer to buffer with data get from TRNG [in] num Number of data items,uinit in uint32
Returns error code
sc_rng_get_single_word
uint32_t sc_rng_get_single_word(uint32_t *data);
Get single word data from the TRNG engine.
Parameters [out] data Pointer to buffer with data get from TRNG
Returns error code
ECC接口
ECC接口移植自开源micro-ecc项目,参考链接