2 * @copyright Copyright (c) 2017-2020 TOYOTA MOTOR CORPORATION.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #ifndef HAL_API_SECURITY_HAL_H_
18 #define HAL_API_SECURITY_HAL_H_
21 #include <native_service/frameworkunified_types.h>
24 * @file security_hal.h
27 /** @addtogroup update_service
30 /** @addtogroup security_hal
31 * @ingroup update_service
36 * \~english The max size of RSA modulus
38 #define RSA_MODULUS_MAX_SIZE 2048
40 * \~english The max size of RSA public exponent
42 #define RSA_PUBLIC_EXPONENT_MAX_SIZE 2048
44 * \~english The max size of RSA private exponent
46 #define RSA_PRIVATE_EXPONENT_MAX_SIZE 2048
48 * \~english The minimum size of RSA padding
50 #define RSA_PADDING_MINIMUM_SIZE 11
53 * \~english Cipher type
57 * \~english AES symmetric cipher
59 SYMMETRIC_CIPHER_AES = 1,
61 * \~english BLOWFISH symmetric cipher
63 SYMMETRIC_CIPHER_BLOWFISH,
65 * \~english CAST5 symmetric cipher
67 SYMMETRIC_CIPHER_CAST5,
69 * \~english DES symmetric cipher
73 * \~english DESEDA symmetric cipher
75 SYMMETRIC_CIPHER_DESEDA,
77 * \~english DESEDA3 symmetric cipher
79 SYMMETRIC_CIPHER_DESEDA3,
81 * \~english IDEA symmetric cipher
83 SYMMETRIC_CIPHER_IDEA,
85 * \~english RC2 symmetric cipher
89 * \~english RC4 symmetric cipher
93 * \~english RC5 symmetric cipher
97 * \~english RSA asymmetric cipher
99 ASYMMETRIC_CIPHER_RSA,
101 * \~english DSA asymmetric cipher
103 ASYMMETRIC_CIPHER_DSA,
105 * \~english ECDSA asymmetric cipher
107 ASYMMETRIC_CIPHER_ECDSA
111 * \~english Symmetric Cipher Mode
113 enum SymmetricCipherMode {
115 * \~english Stream symmetric cipher mode
117 SYMMETRIC_CIPHER_MODE_STREAM = 0x00000001,
119 * \~english ECB symmetric cipher mode
121 SYMMETRIC_CIPHER_MODE_BLOCK_ECB = 0x00000002,
123 * \~english CBC symmetric cipher mode
125 SYMMETRIC_CIPHER_MODE_BLOCK_CBC = 0x00000004,
127 * \~english CFB symmetric cipher mode
129 SYMMETRIC_CIPHER_MODE_BLOCK_CFB = 0x00000008,
131 * \~english OFB symmetric cipher mode
133 SYMMETRIC_CIPHER_MODE_BLOCK_OFB = 0x00000010
137 * \~english Symmetric cipher Block Size
139 enum SymmetricCipherBlockSize {
141 * \~english Symmetric cipher block size is 4 bytes
143 SYMMETRIC_CIPHER_BLOCK_SIZE_4 = 0x00000001,
145 * \~english Symmetric cipher block size is 8 bytes
147 SYMMETRIC_CIPHER_BLOCK_SIZE_8 = 0x00000002,
149 * \~english Symmetric cipher block size is 16 bytes
151 SYMMETRIC_CIPHER_BLOCK_SIZE_16 = 0x00000004,
153 * \~english Symmetric cipher block size is 32 bytes
155 SYMMETRIC_CIPHER_BLOCK_SIZE_32 = 0x00000008
159 * \~english Symmetric Cipher Round
161 enum SymmetricCipherRound {
163 * \~english Symmetric cipher round is 1
165 SYMMETRIC_CIPHER_ROUND_1 = 0x00000001,
167 * \~english Symmetric cipher round is 2
169 SYMMETRIC_CIPHER_ROUND_2 = 0x00000002,
171 * \~english Symmetric cipher round is 8.5
173 SYMMETRIC_CIPHER_ROUND_8_5 = 0x00000004,
175 * \~english Symmetric cipher round is 10
177 SYMMETRIC_CIPHER_ROUND_10 = 0x00000008,
179 * \~english Symmetric cipher round is 12
181 SYMMETRIC_CIPHER_ROUND_12 = 0x00000010,
183 * \~english Symmetric cipher round is 14
185 SYMMETRIC_CIPHER_ROUND_14 = 0x00000020,
187 * \~english Symmetric cipher round is 16
189 SYMMETRIC_CIPHER_ROUND_16 = 0x00000040
193 * \~english Asymmetric Padding Mode
195 enum AsymmetricPaddingMode {
197 * \~english RSA PKCS1 asymmetric padding mode
199 ASYMMETRIC_PADDING_MODE_RSA_PKCS1 = 1,
201 * \~english RSA SSLV23 asymmetric padding mode
203 ASYMMETRIC_PADDING_MODE_RSA_SSLV23,
205 * \~english RSA NOPADDING asymmetric padding mode
207 ASYMMETRIC_PADDING_MODE_RSA_NOPADDING,
209 * \~english RSA OAEP asymmetric padding mode
211 ASYMMETRIC_PADDING_MODE_RSA_OAEP,
213 * \~english RSA PSS asymmetric padding mode
215 ASYMMETRIC_PADDING_MODE_RSA_PSS
219 * @union CipherParameter
220 * \~english @par Brief
221 * Union of cipher parameter
223 union CipherParameter {
225 * \~english Struct of symmetric cipher parameter
227 struct SymmetricCipherParameter {
229 * \~english Symmetric cipher mode
231 enum SymmetricCipherMode mode;
233 * \~english Symmetric cipher block size
235 enum SymmetricCipherBlockSize block_size;
237 * \~english Symmetric cipher round
239 enum SymmetricCipherRound round;
241 * \~english Padding ON/OFF. Only used in CBC mode and ECB mode.
244 * 1.If plaintext length isn't aligned with block size, the
245 * ciphertext length is aligned with block size.
246 * 2.If plaintext length is aligned with block size, the
247 * ciphertext length is equal to plaintext length + 1 block size.
249 * 1.If ciphertext length isn't aligned with block size, return error.
250 * 2.If ciphertext length is aligned with block size, plaintext length
251 * is equal to ciphertext length minus padding length. Padding length
252 * is greater than 0 and not greater than block size.
255 * 1.If plaintext length isn't aligned with block size, return error.
256 * 2.If plaintext length is aligned with block size, the
257 * ciphertext length is equal to plaintext length.
259 * 1.If ciphertext length isn't aligned with block size, return error.
260 * 2.If ciphertext length is aligned with block size, the
261 * plaintext length is equal to ciphertext length.
267 * \~english Struct of asymmetric cipher parameter
269 struct AsymmetricCipherParameter {
271 * \~english Asymmetric padding mode
273 enum AsymmetricPaddingMode mode;
279 * \~english Symmetric cipher key type
281 enum SymmetricCipherKeyType {
283 * \~english Key is managed by hardware/chip
285 SYMMETRIC_CIPHER_KEY_TYPE_MANAGED,
287 * \~english Key is provided by user
289 SYMMETRIC_CIPHER_KEY_TYPE_USER
293 * @struct RsaPrivateKey
294 * \~english @par Brief
295 * Struct of RSA private key
297 struct RsaPrivateKey {
299 * \~english Private exponent
301 uint8_t d[RSA_PRIVATE_EXPONENT_MAX_SIZE];
305 uint8_t n[RSA_MODULUS_MAX_SIZE];
307 * \~english The length of private exponent
311 * \~english The length of modulus
318 * \~english @par Brief
319 * Union of private key
323 * \~english Rsa private key
325 struct RsaPrivateKey rsa;
329 * @struct RsaPublicKey
330 * \~english @par Brief
331 * Union of RSA public key
333 struct RsaPublicKey {
335 * \~english Public exponent
337 uint8_t e[RSA_PUBLIC_EXPONENT_MAX_SIZE];
341 uint8_t n[RSA_MODULUS_MAX_SIZE];
343 * \~english The length of public exponent
347 * \~english The length of modulus
354 * \~english @par Brief
355 * Union of public key
359 * \~english Struct of rsa public key
361 struct RsaPublicKey rsa;
365 * \~english Asymmetric cipher key type
367 enum AsymmetricCipherKeyType {
369 * \~english Key is managed by hardware/chip
371 ASYMMETRIC_CIPHER_KEY_TYPE_MANAGED,
373 * \~english Public key is provided by user
375 ASYMMETRIC_CIPHER_KEY_TYPE_USER_PUBLIC,
377 * \~english Private key is provided by user
379 ASYMMETRIC_CIPHER_KEY_TYPE_USER_PRIVATE
384 * \~english @par Brief
385 * Union of key parameter
389 * \~english Struct of symmetric key paramater
391 struct SymmetricKeyParam {
393 * \~english Symmetric cipher key type
395 enum SymmetricCipherKeyType key_type;
397 * \~english Union of symmetric key parameter
401 * \~english The symmetric key index
403 uint32_t managed_key_index;
405 * \~english Struct of user key
409 * \~english Key source
413 * \~english Key length
417 * \~english Key Initialization vector.
421 * \~english Initialization vector length.The length should be
422 * equal to block size, otherwise return error.
429 * \~english Struct of asymmetric key parameter
431 struct AsymmetricKeyParam {
433 * \~english Asymmetric cipher key type
435 enum AsymmetricCipherKeyType key_type;
437 * \~english Union of asymmetric key parameter
441 * \~english The asymmetric key index
443 uint32_t managed_key_index;
445 * \~english Union of user key
449 * \~english Public key
451 union PublicKey* public_key;
453 * \~english Private key
455 union PrivateKey* private_key;
462 * \~english hash type
466 * \~english hash type is md5
470 * \~english hash type is sha1
474 * \~english hash type is sha224
478 * \~english hash type is sha256
482 * \~english hash type is sha384
486 * \~english hash type is sha512
492 * \ingroup EncryptStart
493 * \~english @par Brief
494 * Initialize the encrypt context information.
495 * \~english @param [in] cipher_type
496 * enum CipherType - Cipher type.
497 * \~english @param [in] param
498 * union CipherParameter* - Cipher parameter
499 * \~english @param [in] key
500 * union KeyParam* - Key parameter
501 * \~english @param [out] ctx
502 * void** - The encrypt information context handle.
503 * \~english @retval eFrameworkunifiedStatusOK : indicates success
504 * \~english @retval eFrameworkunifiedStatusFail : indicates the hardware/handle initialize
505 * fail or hardware I/O operation fail or
506 * hardware device busy or allocate context handle fail.
507 * \~english @retval eFrameworkunifiedStatusInvldParam : indicates parameter error.
508 * \~english @par Prerequisite
510 * \~english @par Change of internal state
511 * - Change of internal state according to the API does not occur.
512 * \~english @par Conditions of processing failure
513 * - If the parameter "cipher_type" is less than SYMMETRIC_CIPHER_AES
514 * or greater than ASYMMETRIC_CIPHER_ECDSA [eFrameworkunifiedStatusInvldParam]
515 * - If the parameter "param" is NULL [eFrameworkunifiedStatusInvldParam]
516 * - If the parameter "key" is NULL [eFrameworkunifiedStatusInvldParam]
517 * - If the parameter "ctx" is NULL [eFrameworkunifiedStatusInvldParam]
518 * - If the hardware/handle initialize failed [eFrameworkunifiedStatusFail]
519 * - If the hardware I/O operation failed [eFrameworkunifiedStatusFail]
520 * - If the hardware device is busy [eFrameworkunifiedStatusFail]
521 * - If ctx can not be allocated [eFrameworkunifiedStatusFail]
522 * \~english @par Detail
523 * - Initialize the encrypt context information according to cipher type,
524 * cipher parameter and key parameter.
525 * - If EncryptStart() was called successfully, EncryptCleanup() should
526 * be called to clean up encrypt context information.
527 * - The API can be used by multiple processes.
528 * \~english @par Classification
530 * \~english @par Type
533 * EncryptUpdate, EncryptFinish, EncryptCleanup
535 EFrameworkunifiedStatus EncryptStart(enum CipherType cipher_type, union CipherParameter* param,
536 union KeyParam* key, void** ctx);
539 * \ingroup EncryptUpdate
540 * \~english @par Brief
541 * Encrypt plaintext information.
542 * \~english @param [in] ctx
543 * void* - The encrypt information context handle.
544 * \~english @param [in] in
545 * const uint8_t* - The plaintext to be encrypted.
546 * \~english @param [in] in_len
547 * uint32_t - The input buffer length
548 * in_len shall be greater than 0 for symmetric encrypt.
549 * in_len shall be greater than 0 and not greater than
550 * RSA_PRIVATE_EXPONENT_MAX_SIZE/8 - RSA_PADDING_MINIMUM_SIZE
551 * for RSA asymmetric encrypt.
552 * \~english @param [out] out
553 * uint8_t* - The ciphertext after plaintext had been encrypted.
554 * \~english @param [in] out_len
555 * uint32_t - The output buffer length.
556 * out_len shall not be less than in_len + 1 block size for symmetric encrypt.
557 * out_len shall not be less than RSA_PRIVATE_EXPONENT_MAX_SIZE/8 for RSA asymmetric encrypt.
558 * \~english @param [out] true_length
559 * uint32_t* - The ciphertext length.
560 * \~english @retval eFrameworkunifiedStatusOK : indicates success
561 * \~english @retval eFrameworkunifiedStatusFail : indicates the hardware/handle initialize fail, hardware I/O operation fail,
562 * hardware device busy or allocate context handle fail.
563 * \~english @retval eFrameworkunifiedStatusInvldParam : indicates parameter error.
564 * \~english @par Prerequisite
565 * - EncryptStart() was called successfully.
566 * \~english @par Change of internal state
567 * - Change of internal state according to the API does not occur
568 * \~english @par Conditions of processing failure
569 * - If the parameter "ctx" is NULL [eFrameworkunifiedStatusInvldParam]
570 * - If the parameter "in" is NULL [eFrameworkunifiedStatusInvldParam]
571 * - If the parameter "in_len" is 0 for symmetric encrypt[eFrameworkunifiedStatusInvldParam]
572 * - If the parameter "in_len" is 0 or greater than
573 * RSA_PRIVATE_EXPONENT_MAX_SIZE/8 - RSA_PADDING_MINIMUM_SIZE for RSA asymmetric encrypt[eFrameworkunifiedStatusInvldParam]
574 * - If the parameter "out is NULL [eFrameworkunifiedStatusInvldParam]
575 * - If the parameter "out_len" is less than in_len + 1 block size
576 * for symmetric encrypt [eFrameworkunifiedStatusInvldParam]
577 * - If the parameter "out_len" is less than RSA_PRIVATE_EXPONENT_MAX_SIZE/8
578 * for RSA asymmetric encrypt [eFrameworkunifiedStatusInvldParam]
579 * - If the parameter "true_length" is NULL [eFrameworkunifiedStatusFail]
580 * - If the hardware/handle init failed [eFrameworkunifiedStatusFail]
581 * - If the hardware I/O operation failed [eFrameworkunifiedStatusFail]
582 * - If the hardware device is busy [eFrameworkunifiedStatusFail]
583 * - If ctx can not be allocated [eFrameworkunifiedStatusFail]
584 * \~english @par Detail
585 * - Update the plaintext to ciphertext by symmetric or asymmetric encrypt algorithm.
586 * - The API can be used by multiple processes.
587 * \~english @par Classification
589 * \~english @par Type
592 * EncryptStart, EncryptFinish, EncryptCleanup
594 EFrameworkunifiedStatus EncryptUpdate(void* ctx, const uint8_t* in, uint32_t in_len,
595 uint8_t* out, uint32_t out_len, uint32_t* true_length);
598 * \ingroup EncryptFinish
599 * \~english @par Brief
600 * Encrypt the final plaintext information.
601 * \~english @param [in] ctx
602 * void* - The encrypt information context handle.
603 * \~english @param [out] out
604 * uint8_t* - The ciphertext after plaintext had been encrypted.
605 * out is useless for RSA asymmetric encrypt.
606 * \~english @param [in] out_len
607 * uint32_t - The final output buffer length.
608 * out_len shall not be less than 1 block size for symmetric encrypt.
609 * out_len is useless for RSA asymmetric encrypt.
610 * \~english @param [out] true_length
611 * uint32_t* - The ciphertext length.
612 * true_length is useless for RSA asymmetric encrypt.
613 * \~english @retval eFrameworkunifiedStatusOK : indicates success
614 * \~english @retval eFrameworkunifiedStatusFail : indicates the hardware/handle initialize fail, hardware I/O operation fail,
615 * hardware device busy or allocate context handle fail.
616 * \~english @retval eFrameworkunifiedStatusInvldParam : indicates parameter error.
617 * \~english @par Prerequisite
618 * - EncryptStart() and EncryptUpdate() were called successfully.
619 * \~english @par Change of internal state
620 * - Change of internal state according to the API does not occur
621 * \~english @par Conditions of processing failure
622 * - If the parameter "ctx" is NULL [eFrameworkunifiedStatusInvldParam]
623 * - If the parameter "out" is NULL [eFrameworkunifiedStatusInvldParam]
624 * - If the parameter "out_len" is less than 1 block size
625 * for symmetric encrypt [eFrameworkunifiedStatusInvldParam]
626 * - If the parameter "true_length" is NULL [eFrameworkunifiedStatusInvldParam]
627 * - If the hardware/handle init failed [eFrameworkunifiedStatusFail]
628 * - If the hardware I/O operation failed [eFrameworkunifiedStatusFail]
629 * - If the hardware device is busy [eFrameworkunifiedStatusFail]
630 * - If ctx can not be allocated [eFrameworkunifiedStatusFail]
631 * \~english @par Detail
632 * - Update the final plaintext to ciphertext for symmetric encrypt and do nothing for asymmetric encrypt.
633 * - The API can be used by multiple processes.
634 * \~english @par Classification
636 * \~english @par Type
639 * EncryptStart, EncryptUpdate, EncryptCleanup
641 EFrameworkunifiedStatus EncryptFinish(void* ctx, uint8_t* out, uint32_t out_len, uint32_t* true_length);
644 * \ingroup EncryptCleanup
645 * \~english @par Brief
646 * Clean up encrypt context information.
647 * \~english @param [in] ctx
648 * void* - The encrypt information context handle.
649 * \~english @retval eFrameworkunifiedStatusOK : indicates success
650 * \~english @retval eFrameworkunifiedStatusInvldParam : indicates parameter error.
651 * \~english @par Prerequisite
652 * - EncryptStart() was called successfully.
653 * \~english @par Change of internal state
654 * - Change of internal state according to the API does not occur
655 * \~english @par Conditions of processing failure
656 * - If the parameter "ctx" is NULL [eFrameworkunifiedStatusInvldParam]
657 * \~english @par Detail
658 * - Clean up encrypt context information.
659 * - The API can be used by multiple processes.
660 * \~english @par Classification
662 * \~english @par Type
665 * EncryptStart, EncryptUpdate, EncryptFinish
667 EFrameworkunifiedStatus EncryptCleanup(void* ctx);
670 * \ingroup DecryptStart
671 * \~english @par Brief
672 * Initialize the decrypt context information.
673 * \~english @param [in] cipher_type
674 * enum CipherType - Cipher type.
675 * \~english @param [in] param
676 * union CipherParameter* - Cipher parameter
677 * \~english @param [in] key
678 * union KeyParam* - Key parameter
679 * \~english @param [out] ctx
680 * void** - The decrypt information context handle.
681 * \~english @retval eFrameworkunifiedStatusOK : indicates success
682 * \~english @retval eFrameworkunifiedStatusFail : indicates the hardware/handle initialize fail or hardware I/O
683 * operation fail or hardware device busy or allocate context handle fail.
684 * \~english @retval eFrameworkunifiedStatusInvldParam : indicates parameter error.
685 * \~english @par Prerequisite
687 * \~english @par Change of internal state
688 * - Change of internal state according to the API does not occur.
689 * \~english @par Conditions of processing failure
690 * - If the parameter "cipher_type" is less than SYMMETRIC_CIPHER_AES
691 * or greater than ASYMMETRIC_CIPHER_ECDSA [eFrameworkunifiedStatusInvldParam]
692 * - If the parameter "param" is NULL [eFrameworkunifiedStatusInvldParam]
693 * - If the parameter "key" is NULL [eFrameworkunifiedStatusInvldParam]
694 * - If the parameter "ctx" is NULL [eFrameworkunifiedStatusInvldParam]
695 * - If the hardware/handle initialize failed [eFrameworkunifiedStatusFail]
696 * - If the hardware I/O operation failed [eFrameworkunifiedStatusFail]
697 * - If the hardware device is busy [eFrameworkunifiedStatusFail]
698 * - If ctx can not be allocated [eFrameworkunifiedStatusFail]
699 * \~english @par Detail
700 * - Initialize the decrypt context information according to cipher type, cipher parameter and key parameter.
701 * - If DecryptStart() was called successfully, DecryptCleanup() should be called
702 * to clean up decrypt context information.
703 * - The API can be used by multiple processes.
704 * \~english @par Classification
706 * \~english @par Type
709 * DecryptUpdate, DecryptFinish, DecryptCleanup
711 EFrameworkunifiedStatus DecryptStart(enum CipherType cipher_type, union CipherParameter* param,
712 union KeyParam *key, void** ctx);
715 * \ingroup DecryptUpdate
716 * \~english @par Brief
717 * Decrypt ciphertext information.
718 * \~english @param [in] ctx
719 * void* - The decrypt information context handle.
720 * \~english @param [in] in
721 * const uint8_t* - The ciphertext to be decrypted.
722 * \~english @param [in] in_len
723 * uint32_t - The input buffer length
724 * in_len shall be greater than 0 for symmetric decrypt.
725 * in_len shall be equal to RSA_PRIVATE_EXPONENT_MAX_SIZE/8
726 * for RSA asymmetric decrypt.
727 * \~english @param [out] out
728 * uint8_t* - The plaintext after ciphertext had been decrypted.
729 * \~english @param [in] out_len
730 * uint32_t - The output buffer length.
731 * out_len shall not be less than in_len + 1 block size for symmetric decrypt.
732 * out_len shall not be less than RSA_PRIVATE_EXPONENT_MAX_SIZE/8 - RSA_PADDING_MINIMUM_SIZE
733 * for RSA asymmetric decrypt.
734 * \~english @param [out] true_length
735 * uint32_t* - The plaintext length.
736 * \~english @retval eFrameworkunifiedStatusOK : indicates success
737 * \~english @retval eFrameworkunifiedStatusFail : indicates the hardware/handle initialize fail, hardware I/O operation fail,
738 * hardware device busy or allocate context handle fail.
739 * \~english @retval eFrameworkunifiedStatusInvldParam : indicates parameter error.
740 * \~english @par Prerequisite
741 * - DecryptStart() was called successfully.
742 * \~english @par Change of internal state
743 * - Change of internal state according to the API does not occur
744 * \~english @par Conditions of processing failure
745 * - If the parameter "ctx" is NULL [eFrameworkunifiedStatusInvldParam]
746 * - If the parameter "in" is NULL [eFrameworkunifiedStatusInvldParam]
747 * - If the parameter "in_len" is 0 for symmetric decrypt [eFrameworkunifiedStatusInvldParam]
748 * - If the parameter "in_len" isn't equal to
749 * RSA_PRIVATE_EXPONENT_MAX_SIZE/8 for RSA asymmetric decrypt [eFrameworkunifiedStatusInvldParam]
750 * - If the parameter "out is NULL [eFrameworkunifiedStatusInvldParam]
751 * - If the parameter "out_len" is less than in_len
752 * for symmetric decrypt [eFrameworkunifiedStatusInvldParam]
753 * - If the parameter "out_len" is less than RSA_PRIVATE_EXPONENT_MAX_SIZE/8 - RSA_PADDING_MINIMUM_SIZE
754 * for RSA asymmetric decrypt [eFrameworkunifiedStatusInvldParam]
755 * - If the parameter "true_length" is NULL [eFrameworkunifiedStatusInvldParam]
756 * - If the hardware/handle init failed [eFrameworkunifiedStatusFail]
757 * - If the hardware I/O operation failed [eFrameworkunifiedStatusFail]
758 * - If the hardware device is busy [eFrameworkunifiedStatusFail]
759 * - If ctx can not be allocated [eFrameworkunifiedStatusFail]
760 * \~english @par Detail
761 * - Update the ciphertext to plaintext by symmetric or asymmetric decrypt algorithm.
762 * - The API can be used by multiple processes.
763 * \~english @par Classification
765 * \~english @par Type
768 * DecryptStart, DecryptFinish, DecryptCleanup
770 EFrameworkunifiedStatus DecryptUpdate(void* ctx, const uint8_t* in, uint32_t in_len,
771 uint8_t* out, uint32_t out_len, uint32_t* true_length);
774 * \ingroup DecryptFinish
775 * \~english @par Brief
776 * Decrypt the final ciphertext information.
777 * \~english @param [in] ctx
778 * void* - The decrypt information context handle.
779 * \~english @param [out] out
780 * uint8_t* - The plaintext after ciphertext had been decrypted.
781 * out is useless for RSA asymmetric decrypt.
782 * \~english @param [in] out_len
783 * uint32_t - The final output buffer length.
784 * out_len shall not be less than 1 block size for symmetric decrypt.
785 * out_len is useless for RSA asymmetric decrypt.
786 * \~english @param [out] true_length
787 * uint32_t* - The plaintext length.
788 * true_length is useless for RSA asymmetric decrypt.
789 * \~english @retval eFrameworkunifiedStatusOK : indicates success
790 * \~english @retval eFrameworkunifiedStatusFail : indicates the hardware/handle initialize fail, hardware I/O operation fail,
791 * hardware device busy or allocate context handle fail.
792 * \~english @retval eFrameworkunifiedStatusInvldParam : indicates parameter error.
793 * \~english @par Prerequisite
794 * - DecryptStart() and DecryptUpdate() were called successfully.
795 * \~english @par Change of internal state
796 * - Change of internal state according to the API does not occur
797 * \~english @par Conditions of processing failure
798 * - If the parameter "ctx" is NULL [eFrameworkunifiedStatusInvldParam]
799 * - If the parameter "out" is NULL [eFrameworkunifiedStatusInvldParam]
800 * - If the parameter "out_len" is less than 1 block size
801 * for symmetric decrypt [eFrameworkunifiedStatusInvldParam]
802 * - If the parameter "true_length" is NULL [eFrameworkunifiedStatusInvldParam]
803 * - If the hardware/handle init failed [eFrameworkunifiedStatusFail]
804 * - If the hardware I/O operation failed [eFrameworkunifiedStatusFail]
805 * - If the hardware device is busy [eFrameworkunifiedStatusFail]
806 * - If ctx can not be allocated [eFrameworkunifiedStatusFail]
807 * \~english @par Detail
808 * - Update the final ciphertext to plaintext for symmetric decrypt and do nothing for asymmetric decrypt.
809 * - The API can be used by multiple processes.
810 * \~english @par Classification
812 * \~english @par Type
815 * DecryptStart, DecryptUpdate, DecryptCleanup
817 EFrameworkunifiedStatus DecryptFinish(void* ctx, uint8_t* out, uint32_t out_len, uint32_t* true_length);
820 * \ingroup DecryptCleanup
821 * \~english @par Brief
822 * Clean up decrypt context information.
823 * \~english @param [in] ctx
824 * void* - The decrypt information context handle.
825 * \~english @retval eFrameworkunifiedStatusOK : indicates success
827 * \~english @retval eFrameworkunifiedStatusInvldParam : indicates parameter error.
829 * \~english @par Prerequisite
830 * - DecryptStart() was called successfully.
831 * \~english @par Change of internal state
832 * - Change of internal state according to the API does not occur
833 * \~english @par Conditions of processing failure
834 * - If the parameter "ctx" is NULL [eFrameworkunifiedStatusInvldParam]
835 * \~english @par Detail
836 * - Clean up decrypt context information.
837 * - The API can be used by multiple processes.
838 * \~english @par Classification
840 * \~english @par Type
843 * DecryptStart, DecryptUpdate, DecryptFinish
845 EFrameworkunifiedStatus DecryptCleanup(void* ctx);
849 * \~english @par Brief
850 * Initialize hash context information.
851 * \~english @param [in] hash_type
852 * enum HashType - Hash type.
853 * \~english @param [out] ctx
854 * void** - The hash information context handle.
855 * \~english @retval eFrameworkunifiedStatusOK : indicates success
856 * \~english @retval eFrameworkunifiedStatusFail : indicates the hardware/handle initialize fail or hardware I/O operation
857 * fail or hardware device busy or allocate context handle fail.
858 * \~english @retval eFrameworkunifiedStatusInvldParam : indicates parameter error.
859 * \~english @par Prerequisite
861 * \~english @par Change of internal state
862 * - Change of internal state according to the API does not occur.
863 * \~english @par Conditions of processing failure
864 * - If the parameter "hash_type" less than HASH_TYPE_MD5
865 * or greater than HASH_TYPE_SHA512 [eFrameworkunifiedStatusInvldParam]
866 * - If the parameter "ctx" is NULL [eFrameworkunifiedStatusInvldParam]
867 * - If the hardware/handle initialize failed [eFrameworkunifiedStatusFail]
868 * - If the hardware I/O operation failed [eFrameworkunifiedStatusFail]
869 * - If the hardware device is busy [eFrameworkunifiedStatusFail]
870 * - If ctx can not be allocated [eFrameworkunifiedStatusFail]
871 * \~english @par Detail
872 * - Initialize hash context information according to hash type.
873 * - If HashStart() was called successfully, HashCleanup() should be called
874 * to clean up hash context information.
875 * - The API can be used by multiple processes.
876 * \~english @par Classification
878 * \~english @par Type
881 * HashUpdate, HashFinish, HashCleanup
883 EFrameworkunifiedStatus HashStart(enum HashType hash_type, void** ctx);
886 * \ingroup HashUpdate
887 * \~english @par Brief
888 * Caculate hash value of input data.
889 * \~english @param [in] ctx
890 * void* - The hash information context handle.
891 * \~english @param [in] in
892 * const uint8_t* - The input data to be hashed.
893 * \~english @param [in] in_len
894 * uint32_t - The input buffer length
895 * \~english @retval eFrameworkunifiedStatusOK : indicates success
896 * \~english @retval eFrameworkunifiedStatusFail : indicates the hardware/handle initialize fail, hardware I/O operation fail,
897 * hardware device busy or allocate context handle fail.
898 * \~english @retval eFrameworkunifiedStatusInvldParam : indicates parameter error.
899 * \~english @par Prerequisite
900 * - HashStart() was called successfully.
901 * \~english @par Change of internal state
902 * - Change of internal state according to the API does not occur
903 * \~english @par Conditions of processing failure
904 * - If the parameter "ctx" is NULL [eFrameworkunifiedStatusInvldParam]
905 * - If the parameter "in" is NULL [eFrameworkunifiedStatusInvldParam]
906 * - If the parameter "in_len" is 0 [eFrameworkunifiedStatusInvldParam]
907 * - If the hardware/handle init failed [eFrameworkunifiedStatusFail]
908 * - If the hardware I/O operation failed [eFrameworkunifiedStatusFail]
909 * - If the hardware device is busy [eFrameworkunifiedStatusFail]
910 * - If ctx can not be allocated [eFrameworkunifiedStatusFail]
911 * \~english @par Detail
912 * - Caculate hash value of input data.
913 * - The API can be used by multiple processes.
914 * \~english @par Classification
916 * \~english @par Type
919 * HashStart, HashFinish, HashCleanup
921 EFrameworkunifiedStatus HashUpdate(void* ctx, const uint8_t* in, uint32_t in_len);
924 * \ingroup HashFinish
925 * \~english @par Brief
926 * Caculate final message digest.
927 * \~english @param [in] ctx
928 * void* - The hash information context handle.
929 * \~english @param [out] out
930 * uint8_t* - The message digest after all input data had been hashed.
931 * \~english @param [in] out_len
932 * uint32_t - The output buffer length.
933 * \~english @param [out] true_length
934 * uint32_t* - The message digest length.
935 * \~english @retval eFrameworkunifiedStatusOK : indicates success
936 * \~english @retval eFrameworkunifiedStatusFail : indicates the hardware/handle initialize fail, hardware I/O operation fail,
937 * hardware device busy or allocate context handle fail.
938 * \~english @retval eFrameworkunifiedStatusInvldParam : indicates parameter error.
939 * \~english @par Prerequisite
940 * - HashStart() and HashUpdate() were called successfully.
941 * \~english @par Change of internal state
942 * - Change of internal state according to the API does not occur
943 * \~english @par Conditions of processing failure
944 * - If the parameter "ctx" is NULL [eFrameworkunifiedStatusInvldParam]
945 * - If the parameter "out" is NULL [eFrameworkunifiedStatusInvldParam]
946 * - If the parameter "out_len" is 0 [eFrameworkunifiedStatusInvldParam]
947 * - If the parameter "true_length" is NULL [eFrameworkunifiedStatusInvldParam]
948 * - If the hardware/handle init failed [eFrameworkunifiedStatusFail]
949 * - If the hardware I/O operation failed [eFrameworkunifiedStatusFail]
950 * - If the hardware device is busy [eFrameworkunifiedStatusFail]
951 * - If ctx can not be allocated [eFrameworkunifiedStatusFail]
952 * \~english @par Detail
953 * - Caculate final message digest.
954 * - The API can be used by multiple processes.
955 * \~english @par Classification
957 * \~english @par Type
960 * HashStart, HashUpdate, HashCleanup
962 EFrameworkunifiedStatus HashFinish(void* ctx, uint8_t* out, uint32_t out_len, uint32_t* true_length);
965 * \ingroup HashCleanup
966 * \~english @par Brief
967 * Clean up hash context information.
968 * \~english @param [in] ctx
969 * void* - The hash information context handle.
970 * \~english @retval eFrameworkunifiedStatusOK : indicates success
971 * \~english @retval eFrameworkunifiedStatusInvldParam : indicates parameter error.
972 * \~english @par Prerequisite
973 * - HashStart() was called successfully.
974 * \~english @par Change of internal state
975 * - Change of internal state according to the API does not occur
976 * \~english @par Conditions of processing failure
977 * - If the parameter "ctx" is NULL [eFrameworkunifiedStatusInvldParam]
978 * \~english @par Detail
979 * - Clean up hash context information.
980 * - The API can be used by multiple processes.
981 * \~english @par Classification
983 * \~english @par Type
986 * HashStart, HashUpdate, HashFinish
988 EFrameworkunifiedStatus HashCleanup(void* ctx);
991 * \ingroup RandomInit
992 * \~english @par Brief
993 * Initialize random number context information.
994 * \~english @param [out] ctx
995 * void** - The random number information context handle.
996 * \~english @param [in] seed_buffer
997 * uint8_t* - The random number seed buffer.
998 * \~english @param [in] buffer_len
999 * uint32_t - The random number seed buffer length.
1000 * \~english @retval eFrameworkunifiedStatusOK : indicates success
1001 * \~english @retval eFrameworkunifiedStatusFail : indicates the hardware/handle initialize fail or hardware I/O operation
1002 * fail or hardware device busy or allocate context handle fail.
1003 * \~english @retval eFrameworkunifiedStatusInvldParam : indicates parameter error.
1004 * \~english @par Prerequisite
1006 * \~english @par Change of internal state
1007 * - Change of internal state according to the API does not occur.
1008 * \~english @par Conditions of processing failure
1009 * - If the parameter "ctx" is NULL [eFrameworkunifiedStatusInvldParam]
1010 * - If the parameter "seed_buffer" is NULL [eFrameworkunifiedStatusInvldParam]
1011 * - If the parameter "buffer_len" is 0 [eFrameworkunifiedStatusInvldParam]
1012 * - If the hardware/handle initialize failed [eFrameworkunifiedStatusFail]
1013 * - If the hardware I/O operation failed [eFrameworkunifiedStatusFail]
1014 * - If the hardware device is busy [eFrameworkunifiedStatusFail]
1015 * - If ctx can not be allocated [eFrameworkunifiedStatusFail]
1016 * \~english @par Detail
1017 * - Initialize random number context information according to random number seed.
1018 * - If RandomInit() was called successfully, RandomCleanup() should be called to
1019 * clean up random number context information. If RandomInit() was called faild,
1020 * RandomCleanup() must not be called.
1021 * - The API can be used by multiple processes.
1022 * \~english @par Classification
1024 * \~english @par Type
1027 * RandomGet, RandomCleanup
1029 EFrameworkunifiedStatus RandomInit(void** ctx, uint8_t* seed_buffer, uint32_t buffer_len);
1032 * \ingroup RandomGet
1033 * \~english @par Brief
1034 * Get random number.
1035 * \~english @param [in] ctx
1036 * void* - The random number information context handle.
1037 * \~english @param [out] out
1038 * uint8_t* - The random number that caculated by random number seed.
1039 * \~english @param [in] out_len
1040 * uint32_t - The output buffer length.
1041 * \~english @param [out] true_length
1042 * uint32_t* - The random number length.
1043 * \~english @retval eFrameworkunifiedStatusOK : indicates success
1044 * \~english @retval eFrameworkunifiedStatusFail : indicates the hardware/handle initialize fail, hardware I/O operation fail,
1045 * hardware device busy or allocate context handle fail.
1046 * \~english @retval eFrameworkunifiedStatusInvldParam : indicates parameter error.
1047 * \~english @par Prerequisite
1048 * - RandomInit() was called successfully.
1049 * \~english @par Change of internal state
1050 * - Change of internal state according to the API does not occur
1051 * \~english @par Conditions of processing failure
1052 * - If the parameter "ctx" is NULL [eFrameworkunifiedStatusInvldParam]
1053 * - If the parameter "out" is NULL [eFrameworkunifiedStatusInvldParam]
1054 * - If the parameter "out_len" is 0 [eFrameworkunifiedStatusInvldParam]
1055 * - If the parameter "true_length" is NULL [eFrameworkunifiedStatusInvldParam]
1056 * - If the hardware/handle init failed [eFrameworkunifiedStatusFail]
1057 * - If the hardware I/O operation failed [eFrameworkunifiedStatusFail]
1058 * - If the hardware device is busy [eFrameworkunifiedStatusFail]
1059 * - If ctx can not be allocated [eFrameworkunifiedStatusFail]
1060 * \~english @par Detail
1061 * - Get random number.
1062 * - The API can be used by multiple processes.
1063 * \~english @par Classification
1065 * \~english @par Type
1068 * RandomInit, RandomCleanup
1070 EFrameworkunifiedStatus RandomGet(void* ctx, uint8_t* out, uint32_t out_len, uint32_t* true_length);
1073 * \ingroup RandomCleanup
1074 * \~english @par Brief
1075 * Clean up random number context information.
1076 * \~english @param [in] ctx
1077 * void* - The random number information context handle.
1078 * \~english @retval eFrameworkunifiedStatusOK : indicates success
1079 * \~english @retval eFrameworkunifiedStatusInvldParam : indicates parameter error.
1080 * \~english @par Prerequisite
1081 * - RandomInit() was called successfully.
1082 * \~english @par Change of internal state
1083 * - Change of internal state according to the API does not occur
1084 * \~english @par Conditions of processing failure
1085 * - If the parameter "ctx" is NULL [eFrameworkunifiedStatusInvldParam]
1086 * \~english @par Detail
1087 * - Clean up random number context information.
1088 * - The API can be used by multiple processes.
1089 * \~english @par Classification
1091 * \~english @par Type
1094 * RandomInit, RandomGet
1096 EFrameworkunifiedStatus RandomCleanup(void* ctx);
1099 * \ingroup ResetSecurityIC
1100 * \~english @par Brief
1101 * Security IC Reset.
1102 * \~english @param none
1103 * \~english @retval eFrameworkunifiedStatusOK : indicates success
1104 * \~english @retval eFrameworkunifiedStatusFail : indicates the hardware initialize fail, hardware I/O operation fail,
1105 * hardware device busy.
1106 * \~english @par Prerequisite
1108 * \~english @par Change of internal state
1109 * - Change of internal state according to the API does not occur
1110 * \~english @par Conditions of processing failure
1111 * - If the hardware initialize failed [eFrameworkunifiedStatusFail]
1112 * - If the hardware I/O operation failed [eFrameworkunifiedStatusFail]
1113 * - If the hardware device is busy [eFrameworkunifiedStatusFail]
1114 * \~english @par Classification
1116 * \~english @par Type
1118 * \~english @par Detail
1119 * - Security IC Reset.
1120 * - The API can be used by multiple processes.
1121 * - This API does not cleanup context information when EncryptStart(), DecryptStart() or HashStart() is successfull.
1122 * Use EncryptCleanup(), DecryptCleanup() or RandomCleanup() to cleanup context information.
1126 EFrameworkunifiedStatus ResetSecurityIC(void);
1128 /** @}*/ // end of security_hal
1129 /** @}*/ // end of update_service
1131 #endif // HAL_API_SECURITY_HAL_H_