| /**************************************************************************** |
| * |
| * (C)Copyright 2005 - 2010 Marvell. All Rights Reserved. |
| * |
| * THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF MARVELL. |
| * The copyright notice above does not evidence any actual or intended |
| * publication of such source code. This Module contains Proprietary |
| * Information of Marvell and should be treated as Confidential. The |
| * information in this file is provided for the exclusive use of the |
| * licensees of Marvell. Such users have the right to use, modify, and |
| * incorporate this code into products for purposes authorized by the |
| * license agreement provided they include this notice and the associated |
| * copyright notice with any such product. |
| * |
| * The information in this file is provided "AS IS" without warranty. |
| * |
| ***************************************************************************/ |
| |
| #ifndef _Security_h |
| #define _Security_h |
| |
| #include "tim.h" |
| #include "general.h" |
| #include "Errors.h" |
| #include "TrustedBoot.h" |
| |
| |
| #if !(BL_USE_WTM_CRYPTO || BL_USE_WTM_FUSE_PROG) |
| typedef enum _Cryptographic_Scheme |
| { // CAT PKCS HASH AES |
| // | | | | |
| // AES |
| AES_ECB128 = 0x00008000, // 1000-0000-0000-0000 |
| AES_ECB192 = 0x00008002, // 1000-0000-0000-0010 |
| AES_ECB256 = 0x00008001, // 1000-0000-0000-0001 |
| AES_CBC128 = 0x00008004, // 1000-0000-0000-0100 |
| AES_CBC192 = 0x00008006, // 1000-0000-0000-0110 |
| AES_CBC256 = 0x00008005, // 1000-0000-0000-0101 |
| |
| AES_TB_CTS_ECB128 = 0x0001E000, |
| AES_TB_CTS_ECB192 = 0x0001E002, |
| AES_TB_CTS_ECB256 = 0x0001E001, |
| AES_TB_CTS_CBC128 = 0x0001E004, |
| AES_TB_CTS_CBC192 = 0x0001E006, |
| AES_TB_CTS_CBC256 = 0x0001E005, |
| |
| //PKCS#1 v1.5 Digital Signature |
| PKCSv1_SHA1_1024RSA = 0x0000A100, // 1010-0001-0000-0000 |
| PKCSv1_SHA256_1024RSA = 0x0000A110, // 1010-0001-0001-0000 |
| PKCSv1_SHA1_2048RSA = 0x0000A200, // 1010-0010-0000-0000 |
| PKCSv1_SHA256_2048RSA = 0x0000A210, // 1010-0010-0001-0000 |
| |
| //PKCS#1 v2.2 RSASSA-PSS Digital Signature |
| PKCSv1_PSS_SHA1_1024RSA = 0x0000A300, |
| PKCSv1_PSS_SHA256_1024RSA = 0x0000A310, |
| PKCSv1_PSS_SHA1_2048RSA = 0x0000A400, |
| PKCSv1_PSS_SHA256_2048RSA = 0x0000A410, |
| |
| |
| // ECC |
| // CAT FIELD HASH DH/DSA/MQV |
| //ECCP | | | | |
| ECCP256_FIPS_DSA_SHA1 = 0x0000B101, // 1011-0001-0000-0001 |
| ECCP256_FIPS_DSA_SHA256 = 0x0000B111, // 1011-0001-0001-0001 |
| ECCP256_FIPS_DSA_SHA512 = 0x0000B141, // 1011-0001-0100-0001 |
| |
| ECCP521_FIPS_DSA_SHA1 = 0x0000B301, // 1011-0011-0000-0001 |
| ECCP521_FIPS_DSA_SHA256 = 0x0000B311, // 1011-0011-0001-0001 |
| ECCP521_FIPS_DSA_SHA512 = 0x0000B341, // 1011-0011-0100-0001 |
| |
| CRYPTOGRAPHIC_SCHEME_LAST_ONE, |
| } CRYPTO_SCHEME_ENUM; |
| #endif |
| |
| // Key Lengths |
| #define WordLengthOf_PKCS1024 32 |
| #define WordLengthOf_PKCS2048 64 |
| #define WordLengthOf_ECDSA256 8 |
| #define WordLengthOf_ECDSA521 17 |
| #define WordLengthOf_SHA1 5 |
| #define WordLengthOf_SHA256 8 |
| #define WordLengthOf_SHA512 16 |
| |
| #define ByteLengthOf_SHA1 20 |
| #define ByteLengthOf_SHA256 32 |
| #define ByteLengthOf_SHA512 64 |
| |
| //constant offsets of OEM hash and Jtag hash in the OTP section (in bytes) |
| #define OEMHASH_OFFSET_OTP 0 |
| #define JTAGHASH_OFFSET_OTP (WordLengthOf_SHA1*4) |
| |
| typedef struct |
| { |
| UINT_T (*pInitializeSecurity) (UINT_T ver_adv); |
| UINT_T (*pSHAMessageDigest) (const UINT8_T* pSrcMesgIn, UINT_T SrcMesgByteLen, UINT8_T* pMesgDigestOut, UINT_T DigestByteLen); |
| UINT_T (*pPKCS_DSA_Verify)(const UINT8_T* pSrcMesgIn, UINT_T SrcMesgByteLen, const pPLAT_DS pDSA, UINT8_T* DataBuffer); |
| UINT_T (*pECCP_DSA_Verify)(const UINT8_T* pSrcMesgIn, UINT_T SrcMesgByteLen, const pPLAT_DS pDSA, UINT8_T* DataBuffer); |
| UINT_T (*pGet_NonceBitLen) (); |
| UINT_T (*pGet_Nonce) (UINT_T* pNonceOut, UINT_T NonceBitLen); |
| UINT_T (*pAES_Decrypt) (UINT_T scheme_enum, void *source, void *dest, UINT_T data_len, void *key, void *iv); |
| UINT_T (*pAES_Encrypt) (UINT_T scheme_enum, void *source, void *dest, UINT_T data_len, void *key, void *iv); |
| UINT_T (*pHMAC) ( const UINT8_T* pHMAC_Key, const UINT8_T* pSrcMesgIn, UINT_T SrcMesgByteLen, UINT8_T* pMesgDigestOut ); |
| } SECURITY_FUNCTIONS, *pSECURITY_FUNCTIONS; |
| |
| // Internal Functions |
| UINT_T ValidateTIMSignature(pTIM pTIM_h); |
| UINT_T VerifySignature(const UINT8_T* pBufferToVerifyIn, UINT_T NumBytesToVerify, const UINT_T* pSignatureIn, const pKEY_MOD_3_4_0 pKeyIn, UINT_T ReverseSignatureBytes); |
| #if BOOTROM |
| UINT_T VerifyPlatformKey (pTIM pTIM_h); |
| #endif |
| |
| // General Functions |
| pSECURITY_FUNCTIONS GetSecurityFunctionsPointer(void); |
| UINT8_T* GetRSADataBufferPointer(void); |
| UINT8_T* GetECDSADataBufferPointer(void); |
| UINT_T SecurityInitialization(UINT_T ver_adv); |
| UINT_T SecurityShutdown(void); |
| UINT_T ReadPINFuseBits(UINT_T* pBuffer, UINT_T Size ); |
| UINT_T ValidateImage(UINT_T ImageAddr, UINT_T ImageID, pTIM pTIM_h); |
| INT_T CalcBufferHash(UINT_T *Buffer, UINT_T NumBytesToHash, UINT_T *HashBuff, HASHALGORITHMID_T HashType); |
| |
| #if !BOOTROM // BootLoader Only |
| UINT_T VerifyEncryptedKey(pKEY_MOD_3_4_0 PlainTextKey, pKEY_MOD_3_4_0 EncryptedKey, pKEY_MOD_3_4_0 DecryptionKey); |
| #endif |
| UINT_T VerifyBufferHash(UINT_T BufferAddr, UINT_T NumBytesToVerify, HASHALGORITHMID_T HashType, const UINT_T * pHashValueIn); |
| #if BOOTROM |
| UINT_T VerifyKey(KEYMODULES_T KeyType, pTIM pTIM_h); |
| #endif |
| |
| |
| #endif // _Security_h |