Gitiles
Code Review Sign In
192.168.1.100 / T108 / c2023d5d03be91dbb983606f0ec5e9e4ea36c8c2 / . / marvell / obm / Common / SecureBoot / Security.h
blob: 94700cc0a36d9695c88d1c1d079d6ecf6edb3087 [file] [log] [blame]
b.liue9582032025-04-17 19:18:16 +0800[diff] [blame]1/****************************************************************************
2 *
3 * (C)Copyright 2005 - 2010 Marvell. All Rights Reserved.
4 *
5 * THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF MARVELL.
6 * The copyright notice above does not evidence any actual or intended
7 * publication of such source code. This Module contains Proprietary
8 * Information of Marvell and should be treated as Confidential. The
9 * information in this file is provided for the exclusive use of the
10 * licensees of Marvell. Such users have the right to use, modify, and
11 * incorporate this code into products for purposes authorized by the
12 * license agreement provided they include this notice and the associated
13 * copyright notice with any such product.
14 *
15 * The information in this file is provided "AS IS" without warranty.
16 *
17 ***************************************************************************/
18
19#ifndef _Security_h
20#define _Security_h
21
22#include "tim.h"
23#include "general.h"
24#include "Errors.h"
25#include "TrustedBoot.h"
26
27
28#if !(BL_USE_WTM_CRYPTO || BL_USE_WTM_FUSE_PROG)
29typedef enum _Cryptographic_Scheme
30{ // CAT PKCS HASH AES
31 // | | | |
32 // AES
33 AES_ECB128 = 0x00008000, // 1000-0000-0000-0000
34 AES_ECB192 = 0x00008002, // 1000-0000-0000-0010
35 AES_ECB256 = 0x00008001, // 1000-0000-0000-0001
36 AES_CBC128 = 0x00008004, // 1000-0000-0000-0100
37 AES_CBC192 = 0x00008006, // 1000-0000-0000-0110
38 AES_CBC256 = 0x00008005, // 1000-0000-0000-0101
39
40 AES_TB_CTS_ECB128 = 0x0001E000,
41 AES_TB_CTS_ECB192 = 0x0001E002,
42 AES_TB_CTS_ECB256 = 0x0001E001,
43 AES_TB_CTS_CBC128 = 0x0001E004,
44 AES_TB_CTS_CBC192 = 0x0001E006,
45 AES_TB_CTS_CBC256 = 0x0001E005,
46
47 //PKCS#1 v1.5 Digital Signature
48 PKCSv1_SHA1_1024RSA = 0x0000A100, // 1010-0001-0000-0000
49 PKCSv1_SHA256_1024RSA = 0x0000A110, // 1010-0001-0001-0000
50 PKCSv1_SHA1_2048RSA = 0x0000A200, // 1010-0010-0000-0000
51 PKCSv1_SHA256_2048RSA = 0x0000A210, // 1010-0010-0001-0000
52
53 //PKCS#1 v2.2 RSASSA-PSS Digital Signature
54 PKCSv1_PSS_SHA1_1024RSA = 0x0000A300,
55 PKCSv1_PSS_SHA256_1024RSA = 0x0000A310,
56 PKCSv1_PSS_SHA1_2048RSA = 0x0000A400,
57 PKCSv1_PSS_SHA256_2048RSA = 0x0000A410,
58
59
60 // ECC
61 // CAT FIELD HASH DH/DSA/MQV
62 //ECCP | | | |
63 ECCP256_FIPS_DSA_SHA1 = 0x0000B101, // 1011-0001-0000-0001
64 ECCP256_FIPS_DSA_SHA256 = 0x0000B111, // 1011-0001-0001-0001
65 ECCP256_FIPS_DSA_SHA512 = 0x0000B141, // 1011-0001-0100-0001
66
67 ECCP521_FIPS_DSA_SHA1 = 0x0000B301, // 1011-0011-0000-0001
68 ECCP521_FIPS_DSA_SHA256 = 0x0000B311, // 1011-0011-0001-0001
69 ECCP521_FIPS_DSA_SHA512 = 0x0000B341, // 1011-0011-0100-0001
70
71 CRYPTOGRAPHIC_SCHEME_LAST_ONE,
72} CRYPTO_SCHEME_ENUM;
73#endif
74
75// Key Lengths
76#define WordLengthOf_PKCS1024 32
77#define WordLengthOf_PKCS2048 64
78#define WordLengthOf_ECDSA256 8
79#define WordLengthOf_ECDSA521 17
80#define WordLengthOf_SHA1 5
81#define WordLengthOf_SHA256 8
82#define WordLengthOf_SHA512 16
83
84#define ByteLengthOf_SHA1 20
85#define ByteLengthOf_SHA256 32
86#define ByteLengthOf_SHA512 64
87
88//constant offsets of OEM hash and Jtag hash in the OTP section (in bytes)
89#define OEMHASH_OFFSET_OTP 0
90#define JTAGHASH_OFFSET_OTP (WordLengthOf_SHA1*4)
91
92typedef struct
93{
94 UINT_T (*pInitializeSecurity) (UINT_T ver_adv);
95 UINT_T (*pSHAMessageDigest) (const UINT8_T* pSrcMesgIn, UINT_T SrcMesgByteLen, UINT8_T* pMesgDigestOut, UINT_T DigestByteLen);
96 UINT_T (*pPKCS_DSA_Verify)(const UINT8_T* pSrcMesgIn, UINT_T SrcMesgByteLen, const pPLAT_DS pDSA, UINT8_T* DataBuffer);
97 UINT_T (*pECCP_DSA_Verify)(const UINT8_T* pSrcMesgIn, UINT_T SrcMesgByteLen, const pPLAT_DS pDSA, UINT8_T* DataBuffer);
98 UINT_T (*pGet_NonceBitLen) ();
99 UINT_T (*pGet_Nonce) (UINT_T* pNonceOut, UINT_T NonceBitLen);
100 UINT_T (*pAES_Decrypt) (UINT_T scheme_enum, void *source, void *dest, UINT_T data_len, void *key, void *iv);
101 UINT_T (*pAES_Encrypt) (UINT_T scheme_enum, void *source, void *dest, UINT_T data_len, void *key, void *iv);
102 UINT_T (*pHMAC) ( const UINT8_T* pHMAC_Key, const UINT8_T* pSrcMesgIn, UINT_T SrcMesgByteLen, UINT8_T* pMesgDigestOut );
103} SECURITY_FUNCTIONS, *pSECURITY_FUNCTIONS;
104
105// Internal Functions
106UINT_T ValidateTIMSignature(pTIM pTIM_h);
107UINT_T VerifySignature(const UINT8_T* pBufferToVerifyIn, UINT_T NumBytesToVerify, const UINT_T* pSignatureIn, const pKEY_MOD_3_4_0 pKeyIn, UINT_T ReverseSignatureBytes);
108#if BOOTROM
109UINT_T VerifyPlatformKey (pTIM pTIM_h);
110#endif
111
112// General Functions
113pSECURITY_FUNCTIONS GetSecurityFunctionsPointer(void);
114UINT8_T* GetRSADataBufferPointer(void);
115UINT8_T* GetECDSADataBufferPointer(void);
116UINT_T SecurityInitialization(UINT_T ver_adv);
117UINT_T SecurityShutdown(void);
118UINT_T ReadPINFuseBits(UINT_T* pBuffer, UINT_T Size );
119UINT_T ValidateImage(UINT_T ImageAddr, UINT_T ImageID, pTIM pTIM_h);
120INT_T CalcBufferHash(UINT_T *Buffer, UINT_T NumBytesToHash, UINT_T *HashBuff, HASHALGORITHMID_T HashType);
121
122#if !BOOTROM // BootLoader Only
123UINT_T VerifyEncryptedKey(pKEY_MOD_3_4_0 PlainTextKey, pKEY_MOD_3_4_0 EncryptedKey, pKEY_MOD_3_4_0 DecryptionKey);
124#endif
125UINT_T VerifyBufferHash(UINT_T BufferAddr, UINT_T NumBytesToVerify, HASHALGORITHMID_T HashType, const UINT_T * pHashValueIn);
126#if BOOTROM
127UINT_T VerifyKey(KEYMODULES_T KeyType, pTIM pTIM_h);
128#endif
129
130
131#endif // _Security_h