linux/drivers/mxc/security/rng/include/shw_driver.h File Reference

Header file to use the SHW driver. More...

Data Structures

struct  fsl_shw_spo_t
struct  fsl_shw_uco_t
struct  fsl_shw_result_t
struct  fsl_shw_kso_t
struct  fsl_shw_sko_t
struct  fsl_shw_pco_t
 Platform Capability Object. More...
struct  fsl_shw_hco_t
struct  fsl_shw_hmco_t
struct  fsl_shw_scco_t
struct  fsl_shw_acco_t

Defines

#define SHW_IOCTL_REQUEST   21
#define fsl_shw_pco_check_pk_supported(pcobject)   0
#define fsl_shw_pco_check_sw_keys_supported(pcobject)   0
#define fsl_shw_pco_get_scc_driver_version(pcobject, pcmajor, pcminor)
#define fsl_shw_sko_init(skobject, skalgorithm)
#define fsl_shw_sko_init_pf_key(skobject, skalgorithm, skhwkey)
#define fsl_shw_sko_set_key(skobject, skkey, skkeylen)
#define fsl_shw_sko_calculate_wrapped_size(wkeyinfo, wkeylen)
#define fsl_shw_sko_set_flags(skobject, skflags)   (skobject)->flags |= (skflags)
#define fsl_shw_gen_random_pf_key(user_ctx)   FSL_RETURN_NO_RESOURCE_S
#define fsl_shw_read_tamper_event(user_ctx, tamperp, timestampp)   FSL_RETURN_NO_RESOURCE_S

Typedefs

typedef enum shw_user_request_t shw_user_request_t
typedef enum
fsl_shw_user_ctx_flags_t 
fsl_shw_user_ctx_flags_t
typedef enum fsl_shw_return_t fsl_shw_return_t
typedef enum fsl_shw_key_alg_t fsl_shw_key_alg_t
typedef enum fsl_shw_sym_mode_t fsl_shw_sym_mode_t
typedef enum fsl_shw_hash_alg_t fsl_shw_hash_alg_t
typedef enum fsl_shw_acc_mode_t fsl_shw_acc_mode_t
typedef enum
fsl_shw_hash_ctx_flags_t 
fsl_shw_hash_ctx_flags_t
typedef enum
fsl_shw_hmac_ctx_flags_t 
fsl_shw_hmac_ctx_flags_t
typedef enum fsl_shw_cypher_mode_t fsl_shw_cypher_mode_t
typedef enum fsl_shw_pf_key_t fsl_shw_pf_key_t
typedef enum fsl_shw_tamper_t fsl_shw_tamper_t

Enumerations

enum  shw_user_request_t {
  SHW_USER_REQ_REGISTER_USER,
  SHW_USER_REQ_DEREGISTER_USER,
  SHW_USER_REQ_GET_RESULTS,
  SHW_USER_REQ_GET_CAPABILITIES,
  SHW_USER_REQ_GET_RANDOM,
  SHW_USER_REQ_ADD_ENTROPY,
  SHW_USER_REQ_DROP_PERMS,
  SHW_USER_REQ_SSTATUS,
  SHW_USER_REQ_SFREE,
  SHW_USER_REQ_SCC_ENCRYPT,
  SHW_USER_REQ_SCC_DECRYPT
}
enum  fsl_shw_partition_status_t {
  FSL_PART_S_UNUSABLE,
  FSL_PART_S_UNAVAILABLE,
  FSL_PART_S_AVAILABLE,
  FSL_PART_S_ALLOCATED,
  FSL_PART_S_ENGAGED,
  FSL_PART_S_UNUSABLE,
  FSL_PART_S_UNAVAILABLE,
  FSL_PART_S_AVAILABLE,
  FSL_PART_S_ALLOCATED,
  FSL_PART_S_ENGAGED,
  FSL_PART_S_UNUSABLE,
  FSL_PART_S_UNAVAILABLE,
  FSL_PART_S_AVAILABLE,
  FSL_PART_S_ALLOCATED,
  FSL_PART_S_ENGAGED
}
enum  fsl_shw_user_ctx_flags_t {
  FSL_UCO_BLOCKING_MODE = 0x01,
  FSL_UCO_CALLBACK_MODE = 0x02,
  FSL_UCO_SAVE_DESC_CHAIN = 0x04,
  FSL_UCO_CALLBACK_SETUP_COMPLETE = 0x08,
  FSL_UCO_CHAIN_PREPHYSICALIZED = 0x10,
  FSL_UCO_CONTEXT_CHANGED = 0x20,
  FSL_UCO_USERMODE_USER = 0x40,
  FSL_UCO_BLOCKING_MODE,
  FSL_UCO_CALLBACK_MODE,
  FSL_UCO_SAVE_DESC_CHAIN,
  FSL_UCO_CALLBACK_SETUP_COMPLETE,
  FSL_UCO_CHAIN_PREPHYSICALIZED,
  FSL_UCO_CONTEXT_CHANGED,
  FSL_UCO_USERMODE_USER,
  FSL_UCO_BLOCKING_MODE = 0x01,
  FSL_UCO_CALLBACK_MODE = 0x02,
  FSL_UCO_SAVE_DESC_CHAIN = 0x04,
  FSL_UCO_CALLBACK_SETUP_COMPLETE = 0x08,
  FSL_UCO_CHAIN_PREPHYSICALIZED = 0x10,
  FSL_UCO_CONTEXT_CHANGED = 0x20,
  FSL_UCO_USERMODE_USER = 0x40,
  FSL_UCO_BLOCKING_MODE,
  FSL_UCO_CALLBACK_MODE,
  FSL_UCO_SAVE_DESC_CHAIN,
  FSL_UCO_CALLBACK_SETUP_COMPLETE,
  FSL_UCO_CHAIN_PREPHYSICALIZED,
  FSL_UCO_CONTEXT_CHANGED,
  FSL_UCO_USERMODE_USER,
  FSL_UCO_BLOCKING_MODE = 0x01,
  FSL_UCO_CALLBACK_MODE = 0x02,
  FSL_UCO_SAVE_DESC_CHAIN = 0x04,
  FSL_UCO_CALLBACK_SETUP_COMPLETE = 0x08,
  FSL_UCO_CHAIN_PREPHYSICALIZED = 0x10,
  FSL_UCO_CONTEXT_CHANGED = 0x20,
  FSL_UCO_USERMODE_USER = 0x40
}
enum  fsl_shw_return_t {
  FSL_RETURN_OK_S = 0,
  FSL_RETURN_ERROR_S,
  FSL_RETURN_NO_RESOURCE_S,
  FSL_RETURN_BAD_ALGORITHM_S,
  FSL_RETURN_BAD_MODE_S,
  FSL_RETURN_BAD_FLAG_S,
  FSL_RETURN_BAD_KEY_LENGTH_S,
  FSL_RETURN_BAD_KEY_PARITY_S,
  FSL_RETURN_BAD_DATA_LENGTH_S,
  FSL_RETURN_AUTH_FAILED_S,
  FSL_RETURN_MEMORY_ERROR_S,
  FSL_RETURN_INTERNAL_ERROR_S,
  FSL_RETURN_POINT_AT_INFINITY_S,
  FSL_RETURN_POINT_NOT_AT_INFINITY_S,
  FSL_RETURN_GCD_IS_ONE_S,
  FSL_RETURN_GCD_IS_NOT_ONE_S,
  FSL_RETURN_PRIME_S,
  FSL_RETURN_NOT_PRIME_S,
  FSL_RETURN_EVEN_MODULUS_ERROR_S,
  FSL_RETURN_DIVIDE_BY_ZERO_ERROR_S,
  FSL_RETURN_BAD_EXPONENT_ERROR_S,
  FSL_RETURN_OSCILLATOR_ERROR_S,
  FSL_RETURN_STATISTICS_ERROR_S,
  FSL_RETURN_OK_S = 0,
  FSL_RETURN_ERROR_S,
  FSL_RETURN_NO_RESOURCE_S,
  FSL_RETURN_BAD_ALGORITHM_S,
  FSL_RETURN_BAD_MODE_S,
  FSL_RETURN_BAD_FLAG_S,
  FSL_RETURN_BAD_KEY_LENGTH_S,
  FSL_RETURN_BAD_KEY_PARITY_S,
  FSL_RETURN_BAD_DATA_LENGTH_S,
  FSL_RETURN_AUTH_FAILED_S,
  FSL_RETURN_MEMORY_ERROR_S,
  FSL_RETURN_INTERNAL_ERROR_S,
  FSL_RETURN_POINT_AT_INFINITY_S,
  FSL_RETURN_POINT_NOT_AT_INFINITY_S,
  FSL_RETURN_GCD_IS_ONE_S,
  FSL_RETURN_GCD_IS_NOT_ONE_S,
  FSL_RETURN_PRIME_S,
  FSL_RETURN_NOT_PRIME_S,
  FSL_RETURN_EVEN_MODULUS_ERROR_S,
  FSL_RETURN_DIVIDE_BY_ZERO_ERROR_S,
  FSL_RETURN_BAD_EXPONENT_ERROR_S,
  FSL_RETURN_OSCILLATOR_ERROR_S,
  FSL_RETURN_STATISTICS_ERROR_S,
  FSL_RETURN_OK_S = 0,
  FSL_RETURN_ERROR_S,
  FSL_RETURN_NO_RESOURCE_S,
  FSL_RETURN_BAD_ALGORITHM_S,
  FSL_RETURN_BAD_MODE_S,
  FSL_RETURN_BAD_FLAG_S,
  FSL_RETURN_BAD_KEY_LENGTH_S,
  FSL_RETURN_BAD_KEY_PARITY_S,
  FSL_RETURN_BAD_DATA_LENGTH_S,
  FSL_RETURN_AUTH_FAILED_S,
  FSL_RETURN_MEMORY_ERROR_S,
  FSL_RETURN_INTERNAL_ERROR_S,
  FSL_RETURN_POINT_AT_INFINITY_S,
  FSL_RETURN_POINT_NOT_AT_INFINITY_S,
  FSL_RETURN_GCD_IS_ONE_S,
  FSL_RETURN_GCD_IS_NOT_ONE_S,
  FSL_RETURN_PRIME_S,
  FSL_RETURN_NOT_PRIME_S,
  FSL_RETURN_EVEN_MODULUS_ERROR_S,
  FSL_RETURN_DIVIDE_BY_ZERO_ERROR_S,
  FSL_RETURN_BAD_EXPONENT_ERROR_S,
  FSL_RETURN_OSCILLATOR_ERROR_S,
  FSL_RETURN_STATISTICS_ERROR_S,
  FSL_RETURN_OK_S = 0,
  FSL_RETURN_ERROR_S,
  FSL_RETURN_NO_RESOURCE_S,
  FSL_RETURN_BAD_ALGORITHM_S,
  FSL_RETURN_BAD_MODE_S,
  FSL_RETURN_BAD_FLAG_S,
  FSL_RETURN_BAD_KEY_LENGTH_S,
  FSL_RETURN_BAD_KEY_PARITY_S,
  FSL_RETURN_BAD_DATA_LENGTH_S,
  FSL_RETURN_AUTH_FAILED_S,
  FSL_RETURN_MEMORY_ERROR_S,
  FSL_RETURN_INTERNAL_ERROR_S,
  FSL_RETURN_POINT_AT_INFINITY_S,
  FSL_RETURN_POINT_NOT_AT_INFINITY_S,
  FSL_RETURN_GCD_IS_ONE_S,
  FSL_RETURN_GCD_IS_NOT_ONE_S,
  FSL_RETURN_PRIME_S,
  FSL_RETURN_NOT_PRIME_S,
  FSL_RETURN_EVEN_MODULUS_ERROR_S,
  FSL_RETURN_DIVIDE_BY_ZERO_ERROR_S,
  FSL_RETURN_BAD_EXPONENT_ERROR_S,
  FSL_RETURN_OSCILLATOR_ERROR_S,
  FSL_RETURN_STATISTICS_ERROR_S,
  FSL_RETURN_OK_S = 0,
  FSL_RETURN_ERROR_S,
  FSL_RETURN_NO_RESOURCE_S,
  FSL_RETURN_BAD_ALGORITHM_S,
  FSL_RETURN_BAD_MODE_S,
  FSL_RETURN_BAD_FLAG_S,
  FSL_RETURN_BAD_KEY_LENGTH_S,
  FSL_RETURN_BAD_KEY_PARITY_S,
  FSL_RETURN_BAD_DATA_LENGTH_S,
  FSL_RETURN_AUTH_FAILED_S,
  FSL_RETURN_MEMORY_ERROR_S,
  FSL_RETURN_INTERNAL_ERROR_S,
  FSL_RETURN_POINT_AT_INFINITY_S,
  FSL_RETURN_POINT_NOT_AT_INFINITY_S,
  FSL_RETURN_GCD_IS_ONE_S,
  FSL_RETURN_GCD_IS_NOT_ONE_S,
  FSL_RETURN_PRIME_S,
  FSL_RETURN_NOT_PRIME_S,
  FSL_RETURN_EVEN_MODULUS_ERROR_S,
  FSL_RETURN_DIVIDE_BY_ZERO_ERROR_S,
  FSL_RETURN_BAD_EXPONENT_ERROR_S,
  FSL_RETURN_OSCILLATOR_ERROR_S,
  FSL_RETURN_STATISTICS_ERROR_S
}
enum  fsl_shw_key_alg_t {
  FSL_KEY_ALG_HMAC,
  FSL_KEY_ALG_AES,
  FSL_KEY_ALG_DES,
  FSL_KEY_ALG_TDES,
  FSL_KEY_ALG_ARC4,
  FSL_KEY_ALG_HMAC,
  FSL_KEY_ALG_AES,
  FSL_KEY_ALG_DES,
  FSL_KEY_ALG_TDES,
  FSL_KEY_ALG_ARC4,
  FSL_KEY_ALG_HMAC,
  FSL_KEY_ALG_AES,
  FSL_KEY_ALG_DES,
  FSL_KEY_ALG_TDES,
  FSL_KEY_ALG_ARC4,
  FSL_KEY_PK_PRIVATE,
  FSL_KEY_ALG_HMAC,
  FSL_KEY_ALG_AES,
  FSL_KEY_ALG_DES,
  FSL_KEY_ALG_TDES,
  FSL_KEY_ALG_ARC4,
  FSL_KEY_ALG_HMAC,
  FSL_KEY_ALG_AES,
  FSL_KEY_ALG_DES,
  FSL_KEY_ALG_TDES,
  FSL_KEY_ALG_ARC4,
  FSL_KEY_PK_PRIVATE
}
enum  fsl_shw_sym_mode_t {
  FSL_SYM_MODE_STREAM,
  FSL_SYM_MODE_ECB,
  FSL_SYM_MODE_CBC,
  FSL_SYM_MODE_CTR,
  FSL_SYM_MODE_STREAM,
  FSL_SYM_MODE_ECB,
  FSL_SYM_MODE_CBC,
  FSL_SYM_MODE_CTR,
  FSL_SYM_MODE_STREAM,
  FSL_SYM_MODE_ECB,
  FSL_SYM_MODE_CBC,
  FSL_SYM_MODE_CTR,
  FSL_SYM_MODE_STREAM,
  FSL_SYM_MODE_ECB,
  FSL_SYM_MODE_CBC,
  FSL_SYM_MODE_CTR,
  FSL_SYM_MODE_STREAM,
  FSL_SYM_MODE_ECB,
  FSL_SYM_MODE_CBC,
  FSL_SYM_MODE_CTR
}
enum  fsl_shw_hash_alg_t {
  FSL_HASH_ALG_MD5,
  FSL_HASH_ALG_SHA1,
  FSL_HASH_ALG_SHA224,
  FSL_HASH_ALG_SHA256,
  FSL_HASH_ALG_MD5,
  FSL_HASH_ALG_SHA1,
  FSL_HASH_ALG_SHA224,
  FSL_HASH_ALG_SHA256,
  FSL_HASH_ALG_MD5,
  FSL_HASH_ALG_SHA1,
  FSL_HASH_ALG_SHA224,
  FSL_HASH_ALG_SHA256,
  FSL_HASH_ALG_MD5,
  FSL_HASH_ALG_SHA1,
  FSL_HASH_ALG_SHA224,
  FSL_HASH_ALG_SHA256,
  FSL_HASH_ALG_MD5,
  FSL_HASH_ALG_SHA1,
  FSL_HASH_ALG_SHA224,
  FSL_HASH_ALG_SHA256
}
enum  fsl_shw_acc_mode_t {
  FSL_ACC_MODE_CCM,
  FSL_ACC_MODE_SSL,
  FSL_ACC_MODE_CCM,
  FSL_ACC_MODE_SSL,
  FSL_ACC_MODE_CCM,
  FSL_ACC_MODE_SSL,
  FSL_ACC_MODE_CCM,
  FSL_ACC_MODE_SSL,
  FSL_ACC_MODE_CCM,
  FSL_ACC_MODE_SSL
}
enum  fsl_shw_hash_ctx_flags_t {
  FSL_HASH_FLAGS_INIT = 0x01,
  FSL_HASH_FLAGS_SAVE = 0x02,
  FSL_HASH_FLAGS_LOAD = 0x04,
  FSL_HASH_FLAGS_FINALIZE = 0x08,
  FSL_HASH_FLAGS_INIT = 1,
  FSL_HASH_FLAGS_SAVE = 2,
  FSL_HASH_FLAGS_LOAD = 4,
  FSL_HASH_FLAGS_FINALIZE = 8,
  FSL_HASH_FLAGS_INIT = 0x01,
  FSL_HASH_FLAGS_SAVE = 0x02,
  FSL_HASH_FLAGS_LOAD = 0x04,
  FSL_HASH_FLAGS_FINALIZE = 0x08,
  FSL_HASH_FLAGS_INIT = 1,
  FSL_HASH_FLAGS_SAVE = 2,
  FSL_HASH_FLAGS_LOAD = 4,
  FSL_HASH_FLAGS_FINALIZE = 8,
  FSL_HASH_FLAGS_INIT = 0x01,
  FSL_HASH_FLAGS_SAVE = 0x02,
  FSL_HASH_FLAGS_LOAD = 0x04,
  FSL_HASH_FLAGS_FINALIZE = 0x08
}
enum  fsl_shw_hmac_ctx_flags_t { ,
  FSL_HMAC_FLAGS_INIT = 1,
  FSL_HMAC_FLAGS_SAVE = 2,
  FSL_HMAC_FLAGS_LOAD = 4,
  FSL_HMAC_FLAGS_FINALIZE = 8,
  FSL_HMAC_FLAGS_PRECOMPUTES_PRESENT = 16,
  FSL_HMAC_FLAGS_INIT = 1,
  FSL_HMAC_FLAGS_SAVE = 2,
  FSL_HMAC_FLAGS_LOAD = 4,
  FSL_HMAC_FLAGS_FINALIZE = 8,
  FSL_HMAC_FLAGS_PRECOMPUTES_PRESENT = 16,
  FSL_HMAC_FLAGS_INIT = 1,
  FSL_HMAC_FLAGS_SAVE = 2,
  FSL_HMAC_FLAGS_LOAD = 4,
  FSL_HMAC_FLAGS_FINALIZE = 8,
  FSL_HMAC_FLAGS_PRECOMPUTES_PRESENT = 16,
  FSL_HMAC_FLAGS_INIT = 1,
  FSL_HMAC_FLAGS_SAVE = 2,
  FSL_HMAC_FLAGS_LOAD = 4,
  FSL_HMAC_FLAGS_FINALIZE = 8,
  FSL_HMAC_FLAGS_PRECOMPUTES_PRESENT = 16
}
enum  fsl_shw_sym_ctx_flags_t { ,
  FSL_SYM_CTX_INIT = 1,
  FSL_SYM_CTX_LOAD = 2,
  FSL_SYM_CTX_SAVE = 4,
  FSL_SYM_CTX_PROTECT = 8,
  FSL_SYM_CTX_INIT = 1,
  FSL_SYM_CTX_LOAD = 2,
  FSL_SYM_CTX_SAVE = 4,
  FSL_SYM_CTX_PROTECT = 8,
  FSL_SYM_CTX_INIT = 1,
  FSL_SYM_CTX_LOAD = 2,
  FSL_SYM_CTX_SAVE = 4,
  FSL_SYM_CTX_PROTECT = 8,
  FSL_SYM_CTX_INIT = 1,
  FSL_SYM_CTX_LOAD = 2,
  FSL_SYM_CTX_SAVE = 4,
  FSL_SYM_CTX_PROTECT = 8
}
enum  fsl_shw_key_flags_t {
  FSL_SKO_KEY_IGNORE_PARITY = 1,
  FSL_SKO_KEY_PRESENT = 2,
  FSL_SKO_KEY_ESTABLISHED = 4,
  FSL_SKO_USE_SECRET_KEY = 8,
  FSL_SKO_KEY_SW_KEY = 16,
  FSL_SKO_KEY_SELECT_PF_KEY = 32,
  FSL_SKO_KEY_IGNORE_PARITY = 1,
  FSL_SKO_KEY_PRESENT = 2,
  FSL_SKO_KEY_ESTABLISHED = 4,
  FSL_SKO_KEY_SW_KEY = 8,
  FSL_SKO_KEY_IGNORE_PARITY = 1,
  FSL_SKO_KEY_PRESENT = 2,
  FSL_SKO_KEY_ESTABLISHED = 4,
  FSL_SKO_KEY_SW_KEY = 8,
  FSL_SKO_KEY_IGNORE_PARITY = 1,
  FSL_SKO_KEY_PRESENT = 2,
  FSL_SKO_KEY_ESTABLISHED = 4,
  FSL_SKO_KEY_SW_KEY = 8,
  FSL_SKO_KEY_IGNORE_PARITY = 1,
  FSL_SKO_KEY_PRESENT = 2,
  FSL_SKO_KEY_ESTABLISHED = 4,
  FSL_SKO_KEY_SW_KEY = 8
}
enum  fsl_shw_auth_ctx_flags_t { ,
  FSL_ACCO_CTX_INIT = 1,
  FSL_ACCO_CTX_LOAD = 2,
  FSL_ACCO_CTX_SAVE = 4,
  FSL_ACCO_CTX_FINALIZE = 8,
  FSL_ACCO_NIST_CCM = 16,
  FSL_ACCO_CTX_INIT = 1,
  FSL_ACCO_CTX_LOAD = 2,
  FSL_ACCO_CTX_SAVE = 4,
  FSL_ACCO_CTX_FINALIZE = 8,
  FSL_ACCO_NIST_CCM = 0x10,
  FSL_ACCO_CTX_INIT = 1,
  FSL_ACCO_CTX_LOAD = 2,
  FSL_ACCO_CTX_SAVE = 4,
  FSL_ACCO_CTX_FINALIZE = 8,
  FSL_ACCO_NIST_CCM = 16,
  FSL_ACCO_CTX_INIT = 1,
  FSL_ACCO_CTX_LOAD = 2,
  FSL_ACCO_CTX_SAVE = 4,
  FSL_ACCO_CTX_FINALIZE = 8,
  FSL_ACCO_NIST_CCM = 0x10
}
enum  fsl_shw_key_wrap_t { ,
  FSL_KEY_WRAP_CREATE,
  FSL_KEY_WRAP_ACCEPT,
  FSL_KEY_WRAP_UNWRAP,
  FSL_KEY_WRAP_CREATE,
  FSL_KEY_WRAP_ACCEPT,
  FSL_KEY_WRAP_UNWRAP,
  FSL_KEY_WRAP_CREATE,
  FSL_KEY_WRAP_ACCEPT,
  FSL_KEY_WRAP_UNWRAP,
  FSL_KEY_WRAP_CREATE,
  FSL_KEY_WRAP_ACCEPT,
  FSL_KEY_WRAP_UNWRAP
}
enum  fsl_shw_ctr_mod_t { ,
  FSL_CTR_MOD_8,
  FSL_CTR_MOD_16,
  FSL_CTR_MOD_24,
  FSL_CTR_MOD_32,
  FSL_CTR_MOD_40,
  FSL_CTR_MOD_48,
  FSL_CTR_MOD_56,
  FSL_CTR_MOD_64,
  FSL_CTR_MOD_72,
  FSL_CTR_MOD_80,
  FSL_CTR_MOD_88,
  FSL_CTR_MOD_96,
  FSL_CTR_MOD_104,
  FSL_CTR_MOD_112,
  FSL_CTR_MOD_120,
  FSL_CTR_MOD_128,
  FSL_CTR_MOD_8,
  FSL_CTR_MOD_16,
  FSL_CTR_MOD_24,
  FSL_CTR_MOD_32,
  FSL_CTR_MOD_40,
  FSL_CTR_MOD_48,
  FSL_CTR_MOD_56,
  FSL_CTR_MOD_64,
  FSL_CTR_MOD_72,
  FSL_CTR_MOD_80,
  FSL_CTR_MOD_88,
  FSL_CTR_MOD_96,
  FSL_CTR_MOD_104,
  FSL_CTR_MOD_112,
  FSL_CTR_MOD_120,
  FSL_CTR_MOD_128,
  FSL_CTR_MOD_8,
  FSL_CTR_MOD_16,
  FSL_CTR_MOD_24,
  FSL_CTR_MOD_32,
  FSL_CTR_MOD_40,
  FSL_CTR_MOD_48,
  FSL_CTR_MOD_56,
  FSL_CTR_MOD_64,
  FSL_CTR_MOD_72,
  FSL_CTR_MOD_80,
  FSL_CTR_MOD_88,
  FSL_CTR_MOD_96,
  FSL_CTR_MOD_104,
  FSL_CTR_MOD_112,
  FSL_CTR_MOD_120,
  FSL_CTR_MOD_128,
  FSL_CTR_MOD_8,
  FSL_CTR_MOD_16,
  FSL_CTR_MOD_24,
  FSL_CTR_MOD_32,
  FSL_CTR_MOD_40,
  FSL_CTR_MOD_48,
  FSL_CTR_MOD_56,
  FSL_CTR_MOD_64,
  FSL_CTR_MOD_72,
  FSL_CTR_MOD_80,
  FSL_CTR_MOD_88,
  FSL_CTR_MOD_96,
  FSL_CTR_MOD_104,
  FSL_CTR_MOD_112,
  FSL_CTR_MOD_120,
  FSL_CTR_MOD_128
}
enum  fsl_shw_permission_t { ,
  FSL_PERM_NO_ZEROIZE,
  FSL_PERM_TRUSTED_KEY_READ,
  FSL_PERM_HD_S,
  FSL_PERM_HD_R,
  FSL_PERM_HD_W,
  FSL_PERM_HD_X,
  FSL_PERM_TH_R,
  FSL_PERM_TH_W,
  FSL_PERM_OT_R,
  FSL_PERM_OT_W,
  FSL_PERM_OT_X,
  FSL_PERM_NO_ZEROIZE = 0x80000000,
  FSL_PERM_TRUSTED_KEY_READ = 0x40000000,
  FSL_PERM_HD_S = 0x00000800,
  FSL_PERM_HD_R = 0x00000400,
  FSL_PERM_HD_W = 0x00000200,
  FSL_PERM_HD_X = 0x00000100,
  FSL_PERM_TH_R = 0x00000040,
  FSL_PERM_TH_W = 0x00000020,
  FSL_PERM_OT_R = 0x00000004,
  FSL_PERM_OT_W = 0x00000002,
  FSL_PERM_OT_X = 0x00000001,
  FSL_PERM_NO_ZEROIZE,
  FSL_PERM_TRUSTED_KEY_READ,
  FSL_PERM_HD_S,
  FSL_PERM_HD_R,
  FSL_PERM_HD_W,
  FSL_PERM_HD_X,
  FSL_PERM_TH_R,
  FSL_PERM_TH_W,
  FSL_PERM_OT_R,
  FSL_PERM_OT_W,
  FSL_PERM_OT_X,
  FSL_PERM_NO_ZEROIZE = 0x80000000,
  FSL_PERM_TRUSTED_KEY_READ = 0x40000000,
  FSL_PERM_HD_S = 0x00000800,
  FSL_PERM_HD_R = 0x00000400,
  FSL_PERM_HD_W = 0x00000200,
  FSL_PERM_HD_X = 0x00000100,
  FSL_PERM_TH_R = 0x00000040,
  FSL_PERM_TH_W = 0x00000020,
  FSL_PERM_OT_R = 0x00000004,
  FSL_PERM_OT_W = 0x00000002,
  FSL_PERM_OT_X = 0x00000001
}
enum  fsl_shw_cypher_mode_t {
  FSL_SHW_CYPHER_MODE_ECB = 1,
  FSL_SHW_CYPHER_MODE_CBC = 2,
  FSL_SHW_CYPHER_MODE_ECB,
  FSL_SHW_CYPHER_MODE_CBC,
  FSL_SHW_CYPHER_MODE_ECB = 1,
  FSL_SHW_CYPHER_MODE_CBC = 2,
  FSL_SHW_CYPHER_MODE_ECB,
  FSL_SHW_CYPHER_MODE_CBC,
  FSL_SHW_CYPHER_MODE_ECB = 1,
  FSL_SHW_CYPHER_MODE_CBC = 2
}
enum  fsl_shw_pf_key_t {
  FSL_SHW_PF_KEY_IIM,
  FSL_SHW_PF_KEY_PRG,
  FSL_SHW_PF_KEY_IIM_PRG,
  FSL_SHW_PF_KEY_IIM_RND,
  FSL_SHW_PF_KEY_RND,
  FSL_SHW_PF_KEY_IIM,
  FSL_SHW_PF_KEY_PRG,
  FSL_SHW_PF_KEY_IIM_PRG,
  FSL_SHW_PF_KEY_IIM_RND,
  FSL_SHW_PF_KEY_RND,
  FSL_SHW_PF_KEY_IIM,
  FSL_SHW_PF_KEY_PRG,
  FSL_SHW_PF_KEY_IIM_PRG,
  FSL_SHW_PF_KEY_IIM_RND,
  FSL_SHW_PF_KEY_RND,
  FSL_SHW_PF_KEY_IIM,
  FSL_SHW_PF_KEY_PRG,
  FSL_SHW_PF_KEY_IIM_PRG,
  FSL_SHW_PF_KEY_IIM_RND,
  FSL_SHW_PF_KEY_RND,
  FSL_SHW_PF_KEY_IIM,
  FSL_SHW_PF_KEY_PRG,
  FSL_SHW_PF_KEY_IIM_PRG,
  FSL_SHW_PF_KEY_IIM_RND,
  FSL_SHW_PF_KEY_RND
}
enum  fsl_shw_tamper_t {
  FSL_SHW_TAMPER_NONE,
  FSL_SHW_TAMPER_WTD,
  FSL_SHW_TAMPER_ETBD,
  FSL_SHW_TAMPER_ETAD,
  FSL_SHW_TAMPER_EBD,
  FSL_SHW_TAMPER_SAD,
  FSL_SHW_TAMPER_TTD,
  FSL_SHW_TAMPER_CTD,
  FSL_SHW_TAMPER_VTD,
  FSL_SHW_TAMPER_MCO,
  FSL_SHW_TAMPER_TCO,
  FSL_SHW_TAMPER_NONE,
  FSL_SHW_TAMPER_WTD,
  FSL_SHW_TAMPER_ETBD,
  FSL_SHW_TAMPER_ETAD,
  FSL_SHW_TAMPER_EBD,
  FSL_SHW_TAMPER_SAD,
  FSL_SHW_TAMPER_TTD,
  FSL_SHW_TAMPER_CTD,
  FSL_SHW_TAMPER_VTD,
  FSL_SHW_TAMPER_MCO,
  FSL_SHW_TAMPER_TCO,
  FSL_SHW_TAMPER_NONE,
  FSL_SHW_TAMPER_WTD,
  FSL_SHW_TAMPER_ETBD,
  FSL_SHW_TAMPER_ETAD,
  FSL_SHW_TAMPER_EBD,
  FSL_SHW_TAMPER_SAD,
  FSL_SHW_TAMPER_TTD,
  FSL_SHW_TAMPER_CTD,
  FSL_SHW_TAMPER_VTD,
  FSL_SHW_TAMPER_MCO,
  FSL_SHW_TAMPER_TCO,
  FSL_SHW_TAMPER_NONE,
  FSL_SHW_TAMPER_WTD,
  FSL_SHW_TAMPER_ETBD,
  FSL_SHW_TAMPER_ETAD,
  FSL_SHW_TAMPER_EBD,
  FSL_SHW_TAMPER_SAD,
  FSL_SHW_TAMPER_TTD,
  FSL_SHW_TAMPER_CTD,
  FSL_SHW_TAMPER_VTD,
  FSL_SHW_TAMPER_MCO,
  FSL_SHW_TAMPER_TCO,
  FSL_SHW_TAMPER_NONE,
  FSL_SHW_TAMPER_WTD,
  FSL_SHW_TAMPER_ETBD,
  FSL_SHW_TAMPER_ETAD,
  FSL_SHW_TAMPER_EBD,
  FSL_SHW_TAMPER_SAD,
  FSL_SHW_TAMPER_TTD,
  FSL_SHW_TAMPER_CTD,
  FSL_SHW_TAMPER_VTD,
  FSL_SHW_TAMPER_MCO,
  FSL_SHW_TAMPER_TCO
}

Functions

fsl_shw_pco_tfsl_shw_get_capabilities (fsl_shw_uco_t *user_ctx)
fsl_shw_return_t fsl_shw_register_user (fsl_shw_uco_t *user_ctx)
fsl_shw_return_t fsl_shw_deregister_user (fsl_shw_uco_t *user_ctx)
fsl_shw_return_t fsl_shw_get_results (fsl_shw_uco_t *user_ctx, unsigned result_size, fsl_shw_result_t results[], unsigned *result_count)
fsl_shw_return_t fsl_shw_establish_key (fsl_shw_uco_t *user_ctx, fsl_shw_sko_t *key_info, fsl_shw_key_wrap_t establish_type, const uint8_t *key)
fsl_shw_return_t fsl_shw_extract_key (fsl_shw_uco_t *user_ctx, fsl_shw_sko_t *key_info, uint8_t *covered_key)
fsl_shw_return_t fsl_shw_read_key (fsl_shw_uco_t *user_ctx, fsl_shw_sko_t *key_info, uint8_t *key)
fsl_shw_return_t fsl_shw_release_key (fsl_shw_uco_t *user_ctx, fsl_shw_sko_t *key_info)
void * fsl_shw_smalloc (fsl_shw_uco_t *user_ctx, uint32_t size, const uint8_t *UMID, uint32_t permissions)
fsl_shw_return_t fsl_shw_sfree (fsl_shw_uco_t *user_ctx, void *address)
fsl_shw_return_t fsl_shw_diminish_perms (fsl_shw_uco_t *user_ctx, void *address, uint32_t permissions)
fsl_shw_return_t fsl_shw_symmetric_encrypt (fsl_shw_uco_t *user_ctx, fsl_shw_sko_t *key_info, fsl_shw_scco_t *sym_ctx, uint32_t length, const uint8_t *pt, uint8_t *ct)
fsl_shw_return_t fsl_shw_symmetric_decrypt (fsl_shw_uco_t *user_ctx, fsl_shw_sko_t *key_info, fsl_shw_scco_t *sym_ctx, uint32_t length, const uint8_t *ct, uint8_t *pt)
fsl_shw_return_t fsl_shw_hash (fsl_shw_uco_t *user_ctx, fsl_shw_hco_t *hash_ctx, const uint8_t *msg, uint32_t length, uint8_t *result, uint32_t result_len)
fsl_shw_return_t fsl_shw_hmac_precompute (fsl_shw_uco_t *user_ctx, fsl_shw_sko_t *key_info, fsl_shw_hmco_t *hmac_ctx)
fsl_shw_return_t fsl_shw_hmac (fsl_shw_uco_t *user_ctx, fsl_shw_sko_t *key_info, fsl_shw_hmco_t *hmac_ctx, const uint8_t *msg, uint32_t length, uint8_t *result, uint32_t result_len)
fsl_shw_return_t fsl_shw_get_random (fsl_shw_uco_t *user_ctx, uint32_t length, uint8_t *data)
fsl_shw_return_t fsl_shw_add_entropy (fsl_shw_uco_t *user_ctx, uint32_t length, uint8_t *data)
fsl_shw_return_t fsl_shw_gen_encrypt (fsl_shw_uco_t *user_ctx, fsl_shw_acco_t *auth_ctx, fsl_shw_sko_t *cipher_key_info, fsl_shw_sko_t *auth_key_info, uint32_t auth_data_length, const uint8_t *auth_data, uint32_t payload_length, const uint8_t *payload, uint8_t *ct, uint8_t *auth_value)
fsl_shw_return_t fsl_shw_auth_decrypt (fsl_shw_uco_t *user_ctx, fsl_shw_acco_t *auth_ctx, fsl_shw_sko_t *cipher_key_info, fsl_shw_sko_t *auth_key_info, uint32_t auth_data_length, const uint8_t *auth_data, uint32_t payload_length, const uint8_t *ct, const uint8_t *auth_value, uint8_t *payload)
fsl_shw_return_t do_scc_encrypt_region (fsl_shw_uco_t *user_ctx, void *partition_base, uint32_t offset_bytes, uint32_t byte_count, uint8_t *black_data, uint32_t *IV, fsl_shw_cypher_mode_t cypher_mode)
fsl_shw_return_t do_scc_decrypt_region (fsl_shw_uco_t *user_ctx, void *partition_base, uint32_t offset_bytes, uint32_t byte_count, const uint8_t *black_data, uint32_t *IV, fsl_shw_cypher_mode_t cypher_mode)

Detailed Description

Header file to use the SHW driver.

The SHW driver is used in two modes: By a user, from the FSL SHW API in user space, which goes through /dev/fsl_shw to make open(), ioctl(), and close() calls; and by other kernel modules/drivers, which use the FSL SHW API, parts of which are supported directly by the SHW driver.

Testing is performed by using the apitest and kernel api test routines developed for the Sahara2 driver.


Define Documentation

#define fsl_shw_gen_random_pf_key ( user_ctx   )     FSL_RETURN_NO_RESOURCE_S

Cause the hardware to create a new random key for secure memory use.

Have the hardware use the secure hardware random number generator to load a new secret key into the hardware random key register. It will not be made active without a call to fsl_shw_select_pf_key().

Parameters:
user_ctx A user context from fsl_shw_register_user().
Returns:
A return code of type fsl_shw_return_t.
#define fsl_shw_pco_check_pk_supported ( pcobject   )     0

Determine whether Programmed Key features are available

Parameters:
pcobject The Platform Capabilities Object to query.
Returns:
1 if Programmed Key features are available, otherwise zero.

Referenced by run_wrap().

#define fsl_shw_pco_check_sw_keys_supported ( pcobject   )     0

Determine whether Software Key features are available

Parameters:
pc_info The Platform Capabilities Object to query.
Returns:
1 if Software key features are available, otherwise zero.

Referenced by run_wrap().

#define fsl_shw_pco_get_scc_driver_version ( pcobject,
pcmajor,
pcminor   ) 
Value:
{                                                                             \
    *(pcmajor) = (pcobject)->scc_driver_major;                                \
    *(pcminor) = (pcobject)->scc_driver_minor;                                \
}

Get FSL SHW SCC driver version

Parameters:
pcobject The Platform Capababilities Object to query.
[out] pcmajor A pointer to where the major version of the SCC driver is to be stored.
[out] pcminor A pointer to where the minor version of the SCC driver is to be stored.
#define fsl_shw_read_tamper_event ( user_ctx,
tamperp,
timestampp   )     FSL_RETURN_NO_RESOURCE_S

Retrieve the detected tamper event.

Note that if more than one event was detected, this routine will only ever return one of them.

Parameters:
[in] user_ctx A user context from fsl_shw_register_user().
[out] tamperp Location to store the tamper information.
[out] timestampp Locate to store timestamp from hardwhare when an event was detected.
Returns:
A return code of type fsl_shw_return_t (for instance, if the platform is not in a fail state.
#define fsl_shw_sko_calculate_wrapped_size ( wkeyinfo,
wkeylen   ) 
Value:
{                                                                       \
    register fsl_shw_sko_t* kp = wkeyinfo;                              \
    register uint32_t kl = kp->key_length;                              \
    int key_blocks;                                                     \
    int base_size = 35; /* ICV + T' + ALG + LEN + FLAGS */              \
                                                                        \
    if (kp->flags & FSL_SKO_KEY_SELECT_PF_KEY) {                        \
        kl = 21;  /* 168-bit 3DES key */                                \
    }                                                                   \
    key_blocks = (kl + 7) / 8;                                          \
    /* Round length up to 3DES block size for CBC mode */               \
    *(wkeylen) = base_size + 8 * key_blocks;                            \
}

Determine the size of a wrapped key based upon the cleartext key's length.

This function can be used to calculate the number of octets that fsl_shw_extract_key() will write into the location at covered_key.

If zero is returned at length, this means that the key length in key_info is not supported.

Parameters:
wkeyinfo Information about a key to be wrapped.
wkeylen Location to store the length of a wrapped version of the key in key_info.

Referenced by extract_reestablish_key(), run_user_wrap(), run_wrap(), and test_software_key().

#define fsl_shw_sko_init ( skobject,
skalgorithm   ) 
Value:
{                                                                       \
    fsl_shw_sko_t* skop = skobject;                                     \
                                                                        \
    skop->algorithm = skalgorithm;                                      \
    skop->flags = 0;                                                    \
    skop->keystore = NULL;                                              \
    skop->pf_key = FSL_SHW_PF_KEY_PRG;                                  \
}

Initialize a Secret Key Object.

This function must be called before performing any other operation with the Object.

Parameters:
skobject The Secret Key Object to be initialized.
skalgorithm DES, AES, etc.

Referenced by init_key_and_sym_ctx(), and test_software_key().

#define fsl_shw_sko_init_pf_key ( skobject,
skalgorithm,
skhwkey   ) 
Value:
{                                                                       \
    fsl_shw_sko_t* skop = skobject;                                     \
    fsl_shw_key_alg_t alg = skalgorithm;                                \
    fsl_shw_pf_key_t key = skhwkey;                                     \
                                                                        \
    skop->algorithm = alg;                                              \
    if (alg == FSL_KEY_ALG_TDES) {                                      \
        skop->key_length = 21;                                          \
    }                                                                   \
    skop->keystore = NULL;                                              \
    skop->flags = FSL_SKO_KEY_SELECT_PF_KEY;                            \
    skop->pf_key = key;                                                 \
    if ((key == FSL_SHW_PF_KEY_IIM) || (key == FSL_SHW_PF_KEY_PRG)      \
        || (key == FSL_SHW_PF_KEY_IIM_PRG)                              \
        || (key == FSL_SHW_PF_KEY_IIM_RND)                              \
        || (key == FSL_SHW_PF_KEY_RND)) {                               \
        skop->flags |= FSL_SKO_KEY_ESTABLISHED;                         \
    }                                                                   \
}

Initialize a Secret Key Object to use a Platform Key register.

This function must be called before performing any other operation with the Object.

Parameters:
skobject The Secret Key Object to be initialized.
skalgorithm DES, AES, etc.
skhwkey one of the fsl_shw_pf_key_t values.
#define fsl_shw_sko_set_flags ( skobject,
skflags   )     (skobject)->flags |= (skflags)

Set some flags in the key object.

Turns on the flags specified in flags. Other flags are untouched.

Parameters:
skobject A variable of type fsl_shw_sko_t.
skflags (One or more) ORed members of fsl_shw_key_flags_t which are to be set.

Referenced by init_key_and_sym_ctx(), run_user_wrap(), run_wrap(), and test_software_key().

#define fsl_shw_sko_set_key ( skobject,
skkey,
skkeylen   ) 
Value:
{                                                                            \
       (skobject)->key_length = skkeylen;                                    \
       copy_bytes((skobject)->key, skkey, skkeylen);                         \
       (skobject)->flags |= FSL_SKO_KEY_PRESENT;                             \
       (skobject)->flags &= ~FSL_SKO_KEY_ESTABLISHED;                        \
}

Store a cleartext key in the key object.

This has the side effect of setting the FSL_SKO_KEY_PRESENT flag and resetting the FSL_SKO_KEY_ESTABLISHED flag.

Parameters:
skobject A variable of type fsl_shw_sko_t.
skkey A pointer to the beginning of the key.
skkeylen The length, in octets, of the key. The value should be appropriate to the key size supported by the algorithm. 64 octets is the absolute maximum value allowed for this call.
#define SHW_IOCTL_REQUEST   21

Perform a security function.

Referenced by OS_DEV_IOCTL().


Typedef Documentation

The type of Authentication-Cipher function which will be performed.

Select the cypher mode to use for partition cover/uncover operations.

They currently map directly to the values used in the SCC2 driver, but this is not guarinteed behavior.

Algorithm selector for Cryptographic Hash functions.

Selection of algorithm determines how large the context and digest will be. Context is the same size as the digest (resulting hash), unless otherwise specified.

Flags which control a Hash operation.

Flags which control an HMAC operation.

These may be combined by ORing them together. See fsl_shw_hmco_set_flags() and fsl_shw_hmco_clear_flags().

Algorithm Identifier.

Selection of algorithm will determine how large the block size of the algorithm is. Context size is the same length unless otherwise specified. Selection of algorithm also affects the allowable key length.

Which platform key should be presented for cryptographic use.

Return code for FSL_SHW library.

These codes may be returned from a function call. In non-blocking mode, they will appear as the status in a Result Object.

Mode selector for Symmetric Ciphers.

The selection of mode determines how a cryptographic algorithm will be used to process the plaintext or ciphertext.

For all modes which are run block-by-block (that is, all but FSL_SYM_MODE_STREAM), any partial operations must be performed on a text length which is multiple of the block size. Except for FSL_SYM_MODE_CTR, these block-by-block algorithms must also be passed a total number of octets which is a multiple of the block size.

In modes which require that the total number of octets of data be a multiple of the block size (FSL_SYM_MODE_ECB and FSL_SYM_MODE_CBC), and the user has a total number of octets which are not a multiple of the block size, the user must perform any necessary padding to get to the correct data length.

The various security tamper events

Flags for the state of the User Context Object (fsl_shw_uco_t).

This is part of the IOCTL request type passed between kernel and user space. It is added to SHW_IOCTL_REQUEST to generate the actual value.


Enumeration Type Documentation

The type of Authentication-Cipher function which will be performed.

Enumerator:
FSL_ACC_MODE_CCM 

CBC-MAC for Counter. Requires context and modulus. Final operation may be non-multiple of block size. This mode may be used for AES.

FSL_ACC_MODE_SSL 

SSL mode. Not supported. Combines HMAC and encrypt (or decrypt). Needs one key object for encryption, another for the HMAC. The usual hashing and symmetric encryption algorithms are supported.

FSL_ACC_MODE_CCM 

CBC-MAC for Counter. Requires context and modulus. Final operation may be non-multiple of block size. This mode may be used for AES.

FSL_ACC_MODE_SSL 

SSL mode. Not supported. Combines HMAC and encrypt (or decrypt). Needs one key object for encryption, another for the HMAC. The usual hashing and symmetric encryption algorithms are supported.

FSL_ACC_MODE_CCM 

CBC-MAC for Counter. Requires context and modulus. Final operation may be non-multiple of block size. This mode may be used for AES.

FSL_ACC_MODE_SSL 

SSL mode. Not supported. Combines HMAC and encrypt (or decrypt). Needs one key object for encryption, another for the HMAC. The usual hashing and symmetric encryption algorithms are supported.

FSL_ACC_MODE_CCM 

CBC-MAC for Counter. Requires context and modulus. Final operation may be non-multiple of block size. This mode may be used for AES.

FSL_ACC_MODE_SSL 

SSL mode. Not supported. Combines HMAC and encrypt (or decrypt). Needs one key object for encryption, another for the HMAC. The usual hashing and symmetric encryption algorithms are supported.

FSL_ACC_MODE_CCM 

CBC-MAC for Counter. Requires context and modulus. Final operation may be non-multiple of block size. This mode may be used for AES.

FSL_ACC_MODE_SSL 

SSL mode. Not supported. Combines HMAC and encrypt (or decrypt). Needs one key object for encryption, another for the HMAC. The usual hashing and symmetric encryption algorithms are supported.

Enumerator:
FSL_ACCO_CTX_INIT 

Initialize Context(s)

FSL_ACCO_CTX_LOAD 

Load intermediate context(s). This flag is unsupported.

FSL_ACCO_CTX_SAVE 

Save intermediate context(s). This flag is unsupported.

FSL_ACCO_CTX_FINALIZE 

Create MAC during this operation.

FSL_ACCO_NIST_CCM 

Formatting of CCM input data is performed by calls to fsl_shw_ccm_nist_format_ctr_and_iv() and fsl_shw_ccm_nist_update_ctr_and_iv().

FSL_ACCO_CTX_INIT 

Initialize Context(s)

FSL_ACCO_CTX_LOAD 

Load intermediate context(s). This flag is unsupported.

FSL_ACCO_CTX_SAVE 

Save intermediate context(s). This flag is unsupported.

FSL_ACCO_CTX_FINALIZE 

Create MAC during this operation.

FSL_ACCO_NIST_CCM 

Formatting of CCM input data is performed by calls to fsl_shw_ccm_nist_format_ctr_and_iv() and fsl_shw_ccm_nist_update_ctr_and_iv().

FSL_ACCO_CTX_INIT 

Initialize Context(s)

FSL_ACCO_CTX_LOAD 

Load intermediate context(s). This flag is unsupported.

FSL_ACCO_CTX_SAVE 

Save intermediate context(s). This flag is unsupported.

FSL_ACCO_CTX_FINALIZE 

Create MAC during this operation.

FSL_ACCO_NIST_CCM 

Formatting of CCM input data is performed by calls to fsl_shw_ccm_nist_format_ctr_and_iv() and fsl_shw_ccm_nist_update_ctr_and_iv().

FSL_ACCO_CTX_INIT 

Initialize Context(s)

FSL_ACCO_CTX_LOAD 

Load intermediate context(s). This flag is unsupported.

FSL_ACCO_CTX_SAVE 

Save intermediate context(s). This flag is unsupported.

FSL_ACCO_CTX_FINALIZE 

Create MAC during this operation.

FSL_ACCO_NIST_CCM 

Formatting of CCM input data is performed by calls to fsl_shw_ccm_nist_format_ctr_and_iv() and fsl_shw_ccm_nist_update_ctr_and_iv().

Enumerator:
FSL_CTR_MOD_8 

Run counter with modulus of 2^8.

FSL_CTR_MOD_16 

Run counter with modulus of 2^16.

FSL_CTR_MOD_24 

Run counter with modulus of 2^24.

FSL_CTR_MOD_32 

Run counter with modulus of 2^32.

FSL_CTR_MOD_40 

Run counter with modulus of 2^40.

FSL_CTR_MOD_48 

Run counter with modulus of 2^48.

FSL_CTR_MOD_56 

Run counter with modulus of 2^56.

FSL_CTR_MOD_64 

Run counter with modulus of 2^64.

FSL_CTR_MOD_72 

Run counter with modulus of 2^72.

FSL_CTR_MOD_80 

Run counter with modulus of 2^80.

FSL_CTR_MOD_88 

Run counter with modulus of 2^88.

FSL_CTR_MOD_96 

Run counter with modulus of 2^96.

FSL_CTR_MOD_104 

Run counter with modulus of 2^104.

FSL_CTR_MOD_112 

Run counter with modulus of 2^112.

FSL_CTR_MOD_120 

Run counter with modulus of 2^120.

FSL_CTR_MOD_128 

Run counter with modulus of 2^128.

FSL_CTR_MOD_8 

Run counter with modulus of 2^8.

FSL_CTR_MOD_16 

Run counter with modulus of 2^16.

FSL_CTR_MOD_24 

Run counter with modulus of 2^24.

FSL_CTR_MOD_32 

Run counter with modulus of 2^32.

FSL_CTR_MOD_40 

Run counter with modulus of 2^40.

FSL_CTR_MOD_48 

Run counter with modulus of 2^48.

FSL_CTR_MOD_56 

Run counter with modulus of 2^56.

FSL_CTR_MOD_64 

Run counter with modulus of 2^64.

FSL_CTR_MOD_72 

Run counter with modulus of 2^72.

FSL_CTR_MOD_80 

Run counter with modulus of 2^80.

FSL_CTR_MOD_88 

Run counter with modulus of 2^88.

FSL_CTR_MOD_96 

Run counter with modulus of 2^96.

FSL_CTR_MOD_104 

Run counter with modulus of 2^104.

FSL_CTR_MOD_112 

Run counter with modulus of 2^112.

FSL_CTR_MOD_120 

Run counter with modulus of 2^120.

FSL_CTR_MOD_128 

Run counter with modulus of 2^128.

FSL_CTR_MOD_8 

Run counter with modulus of 2^8.

FSL_CTR_MOD_16 

Run counter with modulus of 2^16.

FSL_CTR_MOD_24 

Run counter with modulus of 2^24.

FSL_CTR_MOD_32 

Run counter with modulus of 2^32.

FSL_CTR_MOD_40 

Run counter with modulus of 2^40.

FSL_CTR_MOD_48 

Run counter with modulus of 2^48.

FSL_CTR_MOD_56 

Run counter with modulus of 2^56.

FSL_CTR_MOD_64 

Run counter with modulus of 2^64.

FSL_CTR_MOD_72 

Run counter with modulus of 2^72.

FSL_CTR_MOD_80 

Run counter with modulus of 2^80.

FSL_CTR_MOD_88 

Run counter with modulus of 2^88.

FSL_CTR_MOD_96 

Run counter with modulus of 2^96.

FSL_CTR_MOD_104 

Run counter with modulus of 2^104.

FSL_CTR_MOD_112 

Run counter with modulus of 2^112.

FSL_CTR_MOD_120 

Run counter with modulus of 2^120.

FSL_CTR_MOD_128 

Run counter with modulus of 2^128.

FSL_CTR_MOD_8 

Run counter with modulus of 2^8.

FSL_CTR_MOD_16 

Run counter with modulus of 2^16.

FSL_CTR_MOD_24 

Run counter with modulus of 2^24.

FSL_CTR_MOD_32 

Run counter with modulus of 2^32.

FSL_CTR_MOD_40 

Run counter with modulus of 2^40.

FSL_CTR_MOD_48 

Run counter with modulus of 2^48.

FSL_CTR_MOD_56 

Run counter with modulus of 2^56.

FSL_CTR_MOD_64 

Run counter with modulus of 2^64.

FSL_CTR_MOD_72 

Run counter with modulus of 2^72.

FSL_CTR_MOD_80 

Run counter with modulus of 2^80.

FSL_CTR_MOD_88 

Run counter with modulus of 2^88.

FSL_CTR_MOD_96 

Run counter with modulus of 2^96.

FSL_CTR_MOD_104 

Run counter with modulus of 2^104.

FSL_CTR_MOD_112 

Run counter with modulus of 2^112.

FSL_CTR_MOD_120 

Run counter with modulus of 2^120.

FSL_CTR_MOD_128 

Run counter with modulus of 2^128.

Select the cypher mode to use for partition cover/uncover operations.

They currently map directly to the values used in the SCC2 driver, but this is not guarinteed behavior.

Enumerator:
FSL_SHW_CYPHER_MODE_ECB 

ECB mode

FSL_SHW_CYPHER_MODE_CBC 

CBC mode

FSL_SHW_CYPHER_MODE_ECB 

ECB mode

FSL_SHW_CYPHER_MODE_CBC 

CBC mode

FSL_SHW_CYPHER_MODE_ECB 

ECB mode

FSL_SHW_CYPHER_MODE_CBC 

CBC mode

FSL_SHW_CYPHER_MODE_ECB 

ECB mode

FSL_SHW_CYPHER_MODE_CBC 

CBC mode

FSL_SHW_CYPHER_MODE_ECB 

ECB mode

FSL_SHW_CYPHER_MODE_CBC 

CBC mode

Algorithm selector for Cryptographic Hash functions.

Selection of algorithm determines how large the context and digest will be. Context is the same size as the digest (resulting hash), unless otherwise specified.

Enumerator:
FSL_HASH_ALG_MD5 

MD5 algorithm. Digest is 16 octets.

FSL_HASH_ALG_SHA1 

SHA-1 (aka SHA or SHA-160) algorithm. Digest is 20 octets.

FSL_HASH_ALG_SHA224 

SHA-224 algorithm. Digest is 28 octets, though context is 32 octets.

FSL_HASH_ALG_SHA256 

SHA-256 algorithm. Digest is 32 octets.

FSL_HASH_ALG_MD5 

MD5 algorithm. Digest is 16 octets.

FSL_HASH_ALG_SHA1 

SHA-1 (aka SHA or SHA-160) algorithm. Digest is 20 octets.

FSL_HASH_ALG_SHA224 

SHA-224 algorithm. Digest is 28 octets, though context is 32 octets.

FSL_HASH_ALG_SHA256 

SHA-256 algorithm. Digest is 32 octets.

FSL_HASH_ALG_MD5 

MD5 algorithm. Digest is 16 octets.

FSL_HASH_ALG_SHA1 

SHA-1 (aka SHA or SHA-160) algorithm. Digest is 20 octets.

FSL_HASH_ALG_SHA224 

SHA-224 algorithm. Digest is 28 octets, though context is 32 octets.

FSL_HASH_ALG_SHA256 

SHA-256 algorithm. Digest is 32 octets.

FSL_HASH_ALG_MD5 

MD5 algorithm. Digest is 16 octets.

FSL_HASH_ALG_SHA1 

SHA-1 (aka SHA or SHA-160) algorithm. Digest is 20 octets.

FSL_HASH_ALG_SHA224 

SHA-224 algorithm. Digest is 28 octets, though context is 32 octets.

FSL_HASH_ALG_SHA256 

SHA-256 algorithm. Digest is 32 octets.

FSL_HASH_ALG_MD5 

MD5 algorithm. Digest is 16 octets.

FSL_HASH_ALG_SHA1 

SHA-1 (aka SHA or SHA-160) algorithm. Digest is 20 octets.

FSL_HASH_ALG_SHA224 

SHA-224 algorithm. Digest is 28 octets, though context is 32 octets.

FSL_HASH_ALG_SHA256 

SHA-256 algorithm. Digest is 32 octets.

Flags which control a Hash operation.

Enumerator:
FSL_HASH_FLAGS_INIT 

Context is empty. Hash is started from scratch, with a message-processed count of zero.

FSL_HASH_FLAGS_SAVE 

Retrieve context from hardware after hashing. If used with the FSL_HASH_FLAGS_FINALIZE flag, the final digest value will be saved in the object.

FSL_HASH_FLAGS_LOAD 

Place context into hardware before hashing.

FSL_HASH_FLAGS_FINALIZE 

PAD message and perform final digest operation. If user message is pre-padded, this flag should not be used.

FSL_HASH_FLAGS_INIT 

Context is empty. Hash is started from scratch, with a message-processed count of zero.

FSL_HASH_FLAGS_SAVE 

Retrieve context from hardware after hashing. If used with the FSL_HASH_FLAGS_FINALIZE flag, the final digest value will be saved in the object.

FSL_HASH_FLAGS_LOAD 

Place context into hardware before hashing.

FSL_HASH_FLAGS_FINALIZE 

PAD message and perform final digest operation. If user message is pre-padded, this flag should not be used.

FSL_HASH_FLAGS_INIT 

Context is empty. Hash is started from scratch, with a message-processed count of zero.

FSL_HASH_FLAGS_SAVE 

Retrieve context from hardware after hashing. If used with the FSL_HASH_FLAGS_FINALIZE flag, the final digest value will be saved in the object.

FSL_HASH_FLAGS_LOAD 

Place context into hardware before hashing.

FSL_HASH_FLAGS_FINALIZE 

PAD message and perform final digest operation. If user message is pre-padded, this flag should not be used.

FSL_HASH_FLAGS_INIT 

Context is empty. Hash is started from scratch, with a message-processed count of zero.

FSL_HASH_FLAGS_SAVE 

Retrieve context from hardware after hashing. If used with the FSL_HASH_FLAGS_FINALIZE flag, the final digest value will be saved in the object.

FSL_HASH_FLAGS_LOAD 

Place context into hardware before hashing.

FSL_HASH_FLAGS_FINALIZE 

PAD message and perform final digest operation. If user message is pre-padded, this flag should not be used.

FSL_HASH_FLAGS_INIT 

Context is empty. Hash is started from scratch, with a message-processed count of zero.

FSL_HASH_FLAGS_SAVE 

Retrieve context from hardware after hashing. If used with the FSL_HASH_FLAGS_FINALIZE flag, the final digest value will be saved in the object.

FSL_HASH_FLAGS_LOAD 

Place context into hardware before hashing.

FSL_HASH_FLAGS_FINALIZE 

PAD message and perform final digest operation. If user message is pre-padded, this flag should not be used.

Flags which control an HMAC operation.

These may be combined by ORing them together. See fsl_shw_hmco_set_flags() and fsl_shw_hmco_clear_flags().

Enumerator:
FSL_HMAC_FLAGS_INIT 

Message context is empty. HMAC is started from scratch (with key) or from precompute of inner hash, depending on whether FSL_HMAC_FLAGS_PRECOMPUTES_PRESENT is set.

FSL_HMAC_FLAGS_SAVE 

Retrieve ongoing context from hardware after hashing. If used with the FSL_HMAC_FLAGS_FINALIZE flag, the final digest value (HMAC) will be saved in the object.

FSL_HMAC_FLAGS_LOAD 

Place ongoing context into hardware before hashing.

FSL_HMAC_FLAGS_FINALIZE 

PAD message and perform final HMAC operations of inner and outer hashes.

FSL_HMAC_FLAGS_PRECOMPUTES_PRESENT 

This means that the context contains precomputed inner and outer hash values.

FSL_HMAC_FLAGS_INIT 

Message context is empty. HMAC is started from scratch (with key) or from precompute of inner hash, depending on whether FSL_HMAC_FLAGS_PRECOMPUTES_PRESENT is set.

FSL_HMAC_FLAGS_SAVE 

Retrieve ongoing context from hardware after hashing. If used with the FSL_HMAC_FLAGS_FINALIZE flag, the final digest value (HMAC) will be saved in the object.

FSL_HMAC_FLAGS_LOAD 

Place ongoing context into hardware before hashing.

FSL_HMAC_FLAGS_FINALIZE 

PAD message and perform final HMAC operations of inner and outer hashes.

FSL_HMAC_FLAGS_PRECOMPUTES_PRESENT 

This means that the context contains precomputed inner and outer hash values.

FSL_HMAC_FLAGS_INIT 

Message context is empty. HMAC is started from scratch (with key) or from precompute of inner hash, depending on whether FSL_HMAC_FLAGS_PRECOMPUTES_PRESENT is set.

FSL_HMAC_FLAGS_SAVE 

Retrieve ongoing context from hardware after hashing. If used with the FSL_HMAC_FLAGS_FINALIZE flag, the final digest value (HMAC) will be saved in the object.

FSL_HMAC_FLAGS_LOAD 

Place ongoing context into hardware before hashing.

FSL_HMAC_FLAGS_FINALIZE 

PAD message and perform final HMAC operations of inner and outer hashes.

FSL_HMAC_FLAGS_PRECOMPUTES_PRESENT 

This means that the context contains precomputed inner and outer hash values.

FSL_HMAC_FLAGS_INIT 

Message context is empty. HMAC is started from scratch (with key) or from precompute of inner hash, depending on whether FSL_HMAC_FLAGS_PRECOMPUTES_PRESENT is set.

FSL_HMAC_FLAGS_SAVE 

Retrieve ongoing context from hardware after hashing. If used with the FSL_HMAC_FLAGS_FINALIZE flag, the final digest value (HMAC) will be saved in the object.

FSL_HMAC_FLAGS_LOAD 

Place ongoing context into hardware before hashing.

FSL_HMAC_FLAGS_FINALIZE 

PAD message and perform final HMAC operations of inner and outer hashes.

FSL_HMAC_FLAGS_PRECOMPUTES_PRESENT 

This means that the context contains precomputed inner and outer hash values.

Algorithm Identifier.

Selection of algorithm will determine how large the block size of the algorithm is. Context size is the same length unless otherwise specified. Selection of algorithm also affects the allowable key length.

Enumerator:
FSL_KEY_ALG_HMAC 

Key will be used to perform an HMAC. Key size is 1 to 64 octets. Block size is 64 octets.

FSL_KEY_ALG_AES 

Advanced Encryption Standard (Rijndael). Block size is 16 octets. Key size is 16 octets. (The single choice of key size is a Sahara platform limitation.)

FSL_KEY_ALG_DES 

Data Encryption Standard. Block size is 8 octets. Key size is 8 octets.

FSL_KEY_ALG_TDES 

2- or 3-key Triple DES. Block size is 8 octets. Key size is 16 octets for 2-key Triple DES, and 24 octets for 3-key.

FSL_KEY_ALG_ARC4 

ARC4. No block size. Context size is 259 octets. Allowed key size is 1-16 octets. (The choices for key size are a Sahara platform limitation.)

FSL_KEY_ALG_HMAC 

Key will be used to perform an HMAC. Key size is 1 to 64 octets. Block size is 64 octets.

FSL_KEY_ALG_AES 

Advanced Encryption Standard (Rijndael). Block size is 16 octets. Key size is 16 octets. (The single choice of key size is a Sahara platform limitation.)

FSL_KEY_ALG_DES 

Data Encryption Standard. Block size is 8 octets. Key size is 8 octets.

FSL_KEY_ALG_TDES 

2- or 3-key Triple DES. Block size is 8 octets. Key size is 16 octets for 2-key Triple DES, and 24 octets for 3-key.

FSL_KEY_ALG_ARC4 

ARC4. No block size. Context size is 259 octets. Allowed key size is 1-16 octets. (The choices for key size are a Sahara platform limitation.)

FSL_KEY_ALG_HMAC 

Key will be used to perform an HMAC. Key size is 1 to 64 octets. Block size is 64 octets.

FSL_KEY_ALG_AES 

Advanced Encryption Standard (Rijndael). Block size is 16 octets. Key size is 16 octets. (The single choice of key size is a Sahara platform limitation.)

FSL_KEY_ALG_DES 

Data Encryption Standard. Block size is 8 octets. Key size is 8 octets.

FSL_KEY_ALG_TDES 

2- or 3-key Triple DES. Block size is 8 octets. Key size is 16 octets for 2-key Triple DES, and 24 octets for 3-key.

FSL_KEY_ALG_ARC4 

ARC4. No block size. Context size is 259 octets. Allowed key size is 1-16 octets. (The choices for key size are a Sahara platform limitation.)

FSL_KEY_PK_PRIVATE 

Private key of a public-private key-pair. Max is 512 bits...

FSL_KEY_ALG_HMAC 

Key will be used to perform an HMAC. Key size is 1 to 64 octets. Block size is 64 octets.

FSL_KEY_ALG_AES 

Advanced Encryption Standard (Rijndael). Block size is 16 octets. Key size is 16 octets. (The single choice of key size is a Sahara platform limitation.)

FSL_KEY_ALG_DES 

Data Encryption Standard. Block size is 8 octets. Key size is 8 octets.

FSL_KEY_ALG_TDES 

2- or 3-key Triple DES. Block size is 8 octets. Key size is 16 octets for 2-key Triple DES, and 24 octets for 3-key.

FSL_KEY_ALG_ARC4 

ARC4. No block size. Context size is 259 octets. Allowed key size is 1-16 octets. (The choices for key size are a Sahara platform limitation.)

FSL_KEY_ALG_HMAC 

Key will be used to perform an HMAC. Key size is 1 to 64 octets. Block size is 64 octets.

FSL_KEY_ALG_AES 

Advanced Encryption Standard (Rijndael). Block size is 16 octets. Key size is 16 octets. (The single choice of key size is a Sahara platform limitation.)

FSL_KEY_ALG_DES 

Data Encryption Standard. Block size is 8 octets. Key size is 8 octets.

FSL_KEY_ALG_TDES 

2- or 3-key Triple DES. Block size is 8 octets. Key size is 16 octets for 2-key Triple DES, and 24 octets for 3-key.

FSL_KEY_ALG_ARC4 

ARC4. No block size. Context size is 259 octets. Allowed key size is 1-16 octets. (The choices for key size are a Sahara platform limitation.)

FSL_KEY_PK_PRIVATE 

Private key of a public-private key-pair. Max is 512 bits...

Enumerator:
FSL_SKO_KEY_IGNORE_PARITY 

If algorithm is DES or 3DES, do not validate the key parity bits.

FSL_SKO_KEY_PRESENT 

Clear key is present in the object.

FSL_SKO_KEY_ESTABLISHED 

Key has been established for use. This feature is not available for all platforms, nor for all algorithms and modes.

FSL_SKO_USE_SECRET_KEY 

Use device-unique key. Not always available.

FSL_SKO_KEY_SW_KEY 

Clear key can be provided to the user

FSL_SKO_KEY_SELECT_PF_KEY 

Internal flag to show that this key references one of the hardware keys, and its value is in pf_key.

FSL_SKO_KEY_IGNORE_PARITY 

If algorithm is DES or 3DES, do not validate the key parity bits.

FSL_SKO_KEY_PRESENT 

Clear key is present in the object.

FSL_SKO_KEY_ESTABLISHED 

Key has been established for use. This feature is not available for all platforms, nor for all algorithms and modes.

FSL_SKO_KEY_SW_KEY 

This key is for software use, and can be copied out of a keystore by its owner. The default is that they key is available only for hardware (or security driver) use.

FSL_SKO_KEY_IGNORE_PARITY 

If algorithm is DES or 3DES, do not validate the key parity bits.

FSL_SKO_KEY_PRESENT 

Clear key is present in the object.

FSL_SKO_KEY_ESTABLISHED 

Key has been established for use. This feature is not available for all platforms, nor for all algorithms and modes.

FSL_SKO_KEY_SW_KEY 

Key intended for user (software) use; can be read cleartext from the keystore.

FSL_SKO_KEY_IGNORE_PARITY 

If algorithm is DES or 3DES, do not validate the key parity bits.

FSL_SKO_KEY_PRESENT 

Clear key is present in the object.

FSL_SKO_KEY_ESTABLISHED 

Key has been established for use. This feature is not available for all platforms, nor for all algorithms and modes.

FSL_SKO_KEY_SW_KEY 

This key is for software use, and can be copied out of a keystore by its owner. The default is that they key is available only for hardware (or security driver) use.

FSL_SKO_KEY_IGNORE_PARITY 

If algorithm is DES or 3DES, do not validate the key parity bits.

FSL_SKO_KEY_PRESENT 

Clear key is present in the object.

FSL_SKO_KEY_ESTABLISHED 

Key has been established for use. This feature is not available for all platforms, nor for all algorithms and modes.

FSL_SKO_KEY_SW_KEY 

Key intended for user (software) use; can be read cleartext from the keystore.

Enumerator:
FSL_KEY_WRAP_CREATE 

Generate a key from random values.

FSL_KEY_WRAP_ACCEPT 

Use the provided clear key.

FSL_KEY_WRAP_UNWRAP 

Unwrap a previously wrapped key.

FSL_KEY_WRAP_CREATE 

Generate a key from random values.

FSL_KEY_WRAP_ACCEPT 

Use the provided clear key.

FSL_KEY_WRAP_UNWRAP 

Unwrap a previously wrapped key.

FSL_KEY_WRAP_CREATE 

Generate a key from random values.

FSL_KEY_WRAP_ACCEPT 

Use the provided clear key.

FSL_KEY_WRAP_UNWRAP 

Unwrap a previously wrapped key.

FSL_KEY_WRAP_CREATE 

Generate a key from random values.

FSL_KEY_WRAP_ACCEPT 

Use the provided clear key.

FSL_KEY_WRAP_UNWRAP 

Unwrap a previously wrapped key.

Enumerator:
FSL_PART_S_UNUSABLE 

Partition not implemented

FSL_PART_S_UNAVAILABLE 

Partition owned by other host

FSL_PART_S_AVAILABLE 

Partition available

FSL_PART_S_ALLOCATED 

Partition owned by host but not engaged

FSL_PART_S_ENGAGED 

Partition owned by host and engaged

FSL_PART_S_UNUSABLE 

Partition not implemented

FSL_PART_S_UNAVAILABLE 

Partition owned by other host

FSL_PART_S_AVAILABLE 

Partition available

FSL_PART_S_ALLOCATED 

Partition owned by host but not engaged

FSL_PART_S_ENGAGED 

Partition owned by host and engaged

FSL_PART_S_UNUSABLE 

Partition not implemented

FSL_PART_S_UNAVAILABLE 

Partition owned by other host

FSL_PART_S_AVAILABLE 

Partition available

FSL_PART_S_ALLOCATED 

Partition owned by host but not engaged

FSL_PART_S_ENGAGED 

Partition owned by host and engaged

Enumerator:
FSL_PERM_NO_ZEROIZE 

SCM Access Permission: Do not zeroize/deallocate partition on SMN Fail state

FSL_PERM_TRUSTED_KEY_READ 

SCM Access Permission: Enforce trusted key read in

FSL_PERM_HD_S 

SCM Access Permission: Ignore Supervisor/User mode in permission determination

FSL_PERM_HD_R 

SCM Access Permission: Allow Read Access to Host Domain

FSL_PERM_HD_W 

SCM Access Permission: Allow Write Access to Host Domain

FSL_PERM_HD_X 

SCM Access Permission: Allow Execute Access to Host Domain

FSL_PERM_TH_R 

SCM Access Permission: Allow Read Access to Trusted Host Domain

FSL_PERM_TH_W 

SCM Access Permission: Allow Write Access to Trusted Host Domain

FSL_PERM_OT_R 

SCM Access Permission: Allow Read Access to Other/World Domain

FSL_PERM_OT_W 

SCM Access Permission: Allow Write Access to Other/World Domain

FSL_PERM_OT_X 

SCM Access Permission: Allow Execute Access to Other/World Domain

FSL_PERM_NO_ZEROIZE 

SCM Access Permission: Do not zeroize/deallocate partition on SMN Fail state

FSL_PERM_TRUSTED_KEY_READ 

SCM Access Permission: Enforce trusted key read in

FSL_PERM_HD_S 

SCM Access Permission: Ignore Supervisor/User mode in permission determination

FSL_PERM_HD_R 

SCM Access Permission: Allow Read Access to Host Domain

FSL_PERM_HD_W 

SCM Access Permission: Allow Write Access to Host Domain

FSL_PERM_HD_X 

SCM Access Permission: Allow Execute Access to Host Domain

FSL_PERM_TH_R 

SCM Access Permission: Allow Read Access to Trusted Host Domain

FSL_PERM_TH_W 

SCM Access Permission: Allow Write Access to Trusted Host Domain

FSL_PERM_OT_R 

SCM Access Permission: Allow Read Access to Other/World Domain

FSL_PERM_OT_W 

SCM Access Permission: Allow Write Access to Other/World Domain

FSL_PERM_OT_X 

SCM Access Permission: Allow Execute Access to Other/World Domain

FSL_PERM_NO_ZEROIZE 

SCM Access Permission: Do not zeroize/deallocate partition on SMN Fail state

FSL_PERM_TRUSTED_KEY_READ 

SCM Access Permission: Enforce trusted key read in

FSL_PERM_HD_S 

SCM Access Permission: Ignore Supervisor/User mode in permission determination

FSL_PERM_HD_R 

SCM Access Permission: Allow Read Access to Host Domain

FSL_PERM_HD_W 

SCM Access Permission: Allow Write Access to Host Domain

FSL_PERM_HD_X 

SCM Access Permission: Allow Execute Access to Host Domain

FSL_PERM_TH_R 

SCM Access Permission: Allow Read Access to Trusted Host Domain

FSL_PERM_TH_W 

SCM Access Permission: Allow Write Access to Trusted Host Domain

FSL_PERM_OT_R 

SCM Access Permission: Allow Read Access to Other/World Domain

FSL_PERM_OT_W 

SCM Access Permission: Allow Write Access to Other/World Domain

FSL_PERM_OT_X 

SCM Access Permission: Allow Execute Access to Other/World Domain

FSL_PERM_NO_ZEROIZE 

SCM Access Permission: Do not zeroize/deallocate partition on SMN Fail state

FSL_PERM_TRUSTED_KEY_READ 

SCM Access Permission: Enforce trusted key read in

FSL_PERM_HD_S 

SCM Access Permission: Ignore Supervisor/User mode in permission determination

FSL_PERM_HD_R 

SCM Access Permission: Allow Read Access to Host Domain

FSL_PERM_HD_W 

SCM Access Permission: Allow Write Access to Host Domain

FSL_PERM_HD_X 

SCM Access Permission: Allow Execute Access to Host Domain

FSL_PERM_TH_R 

SCM Access Permission: Allow Read Access to Trusted Host Domain

FSL_PERM_TH_W 

SCM Access Permission: Allow Write Access to Trusted Host Domain

FSL_PERM_OT_R 

SCM Access Permission: Allow Read Access to Other/World Domain

FSL_PERM_OT_W 

SCM Access Permission: Allow Write Access to Other/World Domain

FSL_PERM_OT_X 

SCM Access Permission: Allow Execute Access to Other/World Domain

Which platform key should be presented for cryptographic use.

Enumerator:
FSL_SHW_PF_KEY_IIM 

Present fused IIM key

FSL_SHW_PF_KEY_PRG 

Present Program key

FSL_SHW_PF_KEY_IIM_PRG 

Present IIM ^ Program key

FSL_SHW_PF_KEY_IIM_RND 

Present Random key

FSL_SHW_PF_KEY_RND 

Present IIM ^ Random key

FSL_SHW_PF_KEY_IIM 

Present fused IIM key

FSL_SHW_PF_KEY_PRG 

Present Program key

FSL_SHW_PF_KEY_IIM_PRG 

Present IIM ^ Program key

FSL_SHW_PF_KEY_IIM_RND 

Present Random key

FSL_SHW_PF_KEY_RND 

Present IIM ^ Random key

FSL_SHW_PF_KEY_IIM 

Present fused IIM key

FSL_SHW_PF_KEY_PRG 

Present Program key

FSL_SHW_PF_KEY_IIM_PRG 

Present IIM ^ Program key

FSL_SHW_PF_KEY_IIM_RND 

Present Random key

FSL_SHW_PF_KEY_RND 

Present IIM ^ Random key

FSL_SHW_PF_KEY_IIM 

Present fused IIM key

FSL_SHW_PF_KEY_PRG 

Present Program key

FSL_SHW_PF_KEY_IIM_PRG 

Present IIM ^ Program key

FSL_SHW_PF_KEY_IIM_RND 

Present Random key

FSL_SHW_PF_KEY_RND 

Present IIM ^ Random key

FSL_SHW_PF_KEY_IIM 

Present fused IIM key

FSL_SHW_PF_KEY_PRG 

Present Program key

FSL_SHW_PF_KEY_IIM_PRG 

Present IIM ^ Program key

FSL_SHW_PF_KEY_IIM_RND 

Present Random key

FSL_SHW_PF_KEY_RND 

Present IIM ^ Random key

Return code for FSL_SHW library.

These codes may be returned from a function call. In non-blocking mode, they will appear as the status in a Result Object.

Enumerator:
FSL_RETURN_OK_S 

No error. As a function return code in Non-blocking mode, this may simply mean that the operation was accepted for eventual execution.

FSL_RETURN_ERROR_S 

Failure for non-specific reason.

FSL_RETURN_NO_RESOURCE_S 

Operation failed because some resource was not able to be allocated.

FSL_RETURN_BAD_ALGORITHM_S 

Crypto algorithm unrecognized or improper.

FSL_RETURN_BAD_MODE_S 

Crypto mode unrecognized or improper.

FSL_RETURN_BAD_FLAG_S 

Flag setting unrecognized or inconsistent.

FSL_RETURN_BAD_KEY_LENGTH_S 

Improper or unsupported key length for algorithm.

FSL_RETURN_BAD_KEY_PARITY_S 

Improper parity in a (DES, TDES) key.

FSL_RETURN_BAD_DATA_LENGTH_S 

Improper or unsupported data length for algorithm or internal buffer.

FSL_RETURN_AUTH_FAILED_S 

Authentication / Integrity Check code check failed.

FSL_RETURN_MEMORY_ERROR_S 

A memory error occurred.

FSL_RETURN_INTERNAL_ERROR_S 

An error internal to the hardware occurred.

FSL_RETURN_POINT_AT_INFINITY_S 

ECC detected Point at Infinity

FSL_RETURN_POINT_NOT_AT_INFINITY_S 

ECC detected No Point at Infinity

FSL_RETURN_GCD_IS_ONE_S 

GCD is One

FSL_RETURN_GCD_IS_NOT_ONE_S 

GCD is not One

FSL_RETURN_PRIME_S 

Candidate is Prime

FSL_RETURN_NOT_PRIME_S 

Candidate is not Prime

FSL_RETURN_EVEN_MODULUS_ERROR_S 

N register loaded improperly with even value

FSL_RETURN_DIVIDE_BY_ZERO_ERROR_S 

Divisor is zero.

FSL_RETURN_BAD_EXPONENT_ERROR_S 

Bad Exponent or Scalar value for Point Multiply

FSL_RETURN_OSCILLATOR_ERROR_S 

RNG hardware problem.

FSL_RETURN_STATISTICS_ERROR_S 

RNG hardware problem.

FSL_RETURN_OK_S 

No error. As a function return code in Non-blocking mode, this may simply mean that the operation was accepted for eventual execution.

FSL_RETURN_ERROR_S 

Failure for non-specific reason.

FSL_RETURN_NO_RESOURCE_S 

Operation failed because some resource was not able to be allocated.

FSL_RETURN_BAD_ALGORITHM_S 

Crypto algorithm unrecognized or improper.

FSL_RETURN_BAD_MODE_S 

Crypto mode unrecognized or improper.

FSL_RETURN_BAD_FLAG_S 

Flag setting unrecognized or inconsistent.

FSL_RETURN_BAD_KEY_LENGTH_S 

Improper or unsupported key length for algorithm.

FSL_RETURN_BAD_KEY_PARITY_S 

Improper parity in a (DES, TDES) key.

FSL_RETURN_BAD_DATA_LENGTH_S 

Improper or unsupported data length for algorithm or internal buffer.

FSL_RETURN_AUTH_FAILED_S 

Authentication / Integrity Check code check failed.

FSL_RETURN_MEMORY_ERROR_S 

A memory error occurred.

FSL_RETURN_INTERNAL_ERROR_S 

An error internal to the hardware occurred.

FSL_RETURN_POINT_AT_INFINITY_S 

ECC detected Point at Infinity

FSL_RETURN_POINT_NOT_AT_INFINITY_S 

ECC detected No Point at Infinity

FSL_RETURN_GCD_IS_ONE_S 

GCD is One

FSL_RETURN_GCD_IS_NOT_ONE_S 

GCD is not One

FSL_RETURN_PRIME_S 

Candidate is Prime

FSL_RETURN_NOT_PRIME_S 

Candidate is not Prime

FSL_RETURN_EVEN_MODULUS_ERROR_S 

N register loaded improperly with even value

FSL_RETURN_DIVIDE_BY_ZERO_ERROR_S 

Divisor is zero.

FSL_RETURN_BAD_EXPONENT_ERROR_S 

Bad Exponent or Scalar value for Point Multiply

FSL_RETURN_OSCILLATOR_ERROR_S 

RNG hardware problem.

FSL_RETURN_STATISTICS_ERROR_S 

RNG hardware problem.

FSL_RETURN_OK_S 

No error. As a function return code in Non-blocking mode, this may simply mean that the operation was accepted for eventual execution.

FSL_RETURN_ERROR_S 

Failure for non-specific reason.

FSL_RETURN_NO_RESOURCE_S 

Operation failed because some resource was not able to be allocated.

FSL_RETURN_BAD_ALGORITHM_S 

Crypto algorithm unrecognized or improper.

FSL_RETURN_BAD_MODE_S 

Crypto mode unrecognized or improper.

FSL_RETURN_BAD_FLAG_S 

Flag setting unrecognized or inconsistent.

FSL_RETURN_BAD_KEY_LENGTH_S 

Improper or unsupported key length for algorithm.

FSL_RETURN_BAD_KEY_PARITY_S 

Improper parity in a (DES, TDES) key.

FSL_RETURN_BAD_DATA_LENGTH_S 

Improper or unsupported data length for algorithm or internal buffer.

FSL_RETURN_AUTH_FAILED_S 

Authentication / Integrity Check code check failed.

FSL_RETURN_MEMORY_ERROR_S 

A memory error occurred.

FSL_RETURN_INTERNAL_ERROR_S 

An error internal to the hardware occurred.

FSL_RETURN_POINT_AT_INFINITY_S 

ECC detected Point at Infinity

FSL_RETURN_POINT_NOT_AT_INFINITY_S 

ECC detected No Point at Infinity

FSL_RETURN_GCD_IS_ONE_S 

GCD is One

FSL_RETURN_GCD_IS_NOT_ONE_S 

GCD is not One

FSL_RETURN_PRIME_S 

Candidate is Prime

FSL_RETURN_NOT_PRIME_S 

Candidate is not Prime

FSL_RETURN_EVEN_MODULUS_ERROR_S 

N register loaded improperly with even value

FSL_RETURN_DIVIDE_BY_ZERO_ERROR_S 

Divisor is zero.

FSL_RETURN_BAD_EXPONENT_ERROR_S 

Bad Exponent or Scalar value for Point Multiply

FSL_RETURN_OSCILLATOR_ERROR_S 

RNG hardware problem.

FSL_RETURN_STATISTICS_ERROR_S 

RNG hardware problem.

FSL_RETURN_OK_S 

No error. As a function return code in Non-blocking mode, this may simply mean that the operation was accepted for eventual execution.

FSL_RETURN_ERROR_S 

Failure for non-specific reason.

FSL_RETURN_NO_RESOURCE_S 

Operation failed because some resource was not able to be allocated.

FSL_RETURN_BAD_ALGORITHM_S 

Crypto algorithm unrecognized or improper.

FSL_RETURN_BAD_MODE_S 

Crypto mode unrecognized or improper.

FSL_RETURN_BAD_FLAG_S 

Flag setting unrecognized or inconsistent.

FSL_RETURN_BAD_KEY_LENGTH_S 

Improper or unsupported key length for algorithm.

FSL_RETURN_BAD_KEY_PARITY_S 

Improper parity in a (DES, TDES) key.

FSL_RETURN_BAD_DATA_LENGTH_S 

Improper or unsupported data length for algorithm or internal buffer.

FSL_RETURN_AUTH_FAILED_S 

Authentication / Integrity Check code check failed.

FSL_RETURN_MEMORY_ERROR_S 

A memory error occurred.

FSL_RETURN_INTERNAL_ERROR_S 

An error internal to the hardware occurred.

FSL_RETURN_POINT_AT_INFINITY_S 

ECC detected Point at Infinity

FSL_RETURN_POINT_NOT_AT_INFINITY_S 

ECC detected No Point at Infinity

FSL_RETURN_GCD_IS_ONE_S 

GCD is One

FSL_RETURN_GCD_IS_NOT_ONE_S 

GCD is not One

FSL_RETURN_PRIME_S 

Candidate is Prime

FSL_RETURN_NOT_PRIME_S 

Candidate is not Prime

FSL_RETURN_EVEN_MODULUS_ERROR_S 

N register loaded improperly with even value

FSL_RETURN_DIVIDE_BY_ZERO_ERROR_S 

Divisor is zero.

FSL_RETURN_BAD_EXPONENT_ERROR_S 

Bad Exponent or Scalar value for Point Multiply

FSL_RETURN_OSCILLATOR_ERROR_S 

RNG hardware problem.

FSL_RETURN_STATISTICS_ERROR_S 

RNG hardware problem.

FSL_RETURN_OK_S 

No error. As a function return code in Non-blocking mode, this may simply mean that the operation was accepted for eventual execution.

FSL_RETURN_ERROR_S 

Failure for non-specific reason.

FSL_RETURN_NO_RESOURCE_S 

Operation failed because some resource was not able to be allocated.

FSL_RETURN_BAD_ALGORITHM_S 

Crypto algorithm unrecognized or improper.

FSL_RETURN_BAD_MODE_S 

Crypto mode unrecognized or improper.

FSL_RETURN_BAD_FLAG_S 

Flag setting unrecognized or inconsistent.

FSL_RETURN_BAD_KEY_LENGTH_S 

Improper or unsupported key length for algorithm.

FSL_RETURN_BAD_KEY_PARITY_S 

Improper parity in a (DES, TDES) key.

FSL_RETURN_BAD_DATA_LENGTH_S 

Improper or unsupported data length for algorithm or internal buffer.

FSL_RETURN_AUTH_FAILED_S 

Authentication / Integrity Check code check failed.

FSL_RETURN_MEMORY_ERROR_S 

A memory error occurred.

FSL_RETURN_INTERNAL_ERROR_S 

An error internal to the hardware occurred.

FSL_RETURN_POINT_AT_INFINITY_S 

ECC detected Point at Infinity

FSL_RETURN_POINT_NOT_AT_INFINITY_S 

ECC detected No Point at Infinity

FSL_RETURN_GCD_IS_ONE_S 

GCD is One

FSL_RETURN_GCD_IS_NOT_ONE_S 

GCD is not One

FSL_RETURN_PRIME_S 

Candidate is Prime

FSL_RETURN_NOT_PRIME_S 

Candidate is not Prime

FSL_RETURN_EVEN_MODULUS_ERROR_S 

N register loaded improperly with even value

FSL_RETURN_DIVIDE_BY_ZERO_ERROR_S 

Divisor is zero.

FSL_RETURN_BAD_EXPONENT_ERROR_S 

Bad Exponent or Scalar value for Point Multiply

FSL_RETURN_OSCILLATOR_ERROR_S 

RNG hardware problem.

FSL_RETURN_STATISTICS_ERROR_S 

RNG hardware problem.

Enumerator:
FSL_SYM_CTX_INIT 

Context is empty. In ARC4, this means that the S-Box needs to be generated from the key. In FSL_SYM_MODE_CBC mode, this allows an IV of zero to be specified. In FSL_SYM_MODE_CTR mode, it means that an initial CTR value of zero is desired.

FSL_SYM_CTX_LOAD 

Load context from object into hardware before running cipher. In FSL_SYM_MODE_CTR mode, this would refer to the Counter Value.

FSL_SYM_CTX_SAVE 

Save context from hardware into object after running cipher. In FSL_SYM_MODE_CTR mode, this would refer to the Counter Value.

FSL_SYM_CTX_PROTECT 

Context (SBox) is to be unwrapped and wrapped on each use. This flag is unsupported.

FSL_SYM_CTX_INIT 

Context is empty. In ARC4, this means that the S-Box needs to be generated from the key. In FSL_SYM_MODE_CBC mode, this allows an IV of zero to be specified. In FSL_SYM_MODE_CTR mode, it means that an initial CTR value of zero is desired.

FSL_SYM_CTX_LOAD 

Load context from object into hardware before running cipher. In FSL_SYM_MODE_CTR mode, this would refer to the Counter Value.

FSL_SYM_CTX_SAVE 

Save context from hardware into object after running cipher. In FSL_SYM_MODE_CTR mode, this would refer to the Counter Value.

FSL_SYM_CTX_PROTECT 

Context (SBox) is to be unwrapped and wrapped on each use. This flag is unsupported.

FSL_SYM_CTX_INIT 

Context is empty. In ARC4, this means that the S-Box needs to be generated from the key. In FSL_SYM_MODE_CBC mode, this allows an IV of zero to be specified. In FSL_SYM_MODE_CTR mode, it means that an initial CTR value of zero is desired.

FSL_SYM_CTX_LOAD 

Load context from object into hardware before running cipher. In FSL_SYM_MODE_CTR mode, this would refer to the Counter Value.

FSL_SYM_CTX_SAVE 

Save context from hardware into object after running cipher. In FSL_SYM_MODE_CTR mode, this would refer to the Counter Value.

FSL_SYM_CTX_PROTECT 

Context (SBox) is to be unwrapped and wrapped on each use. This flag is unsupported.

FSL_SYM_CTX_INIT 

Context is empty. In ARC4, this means that the S-Box needs to be generated from the key. In FSL_SYM_MODE_CBC mode, this allows an IV of zero to be specified. In FSL_SYM_MODE_CTR mode, it means that an initial CTR value of zero is desired.

FSL_SYM_CTX_LOAD 

Load context from object into hardware before running cipher. In FSL_SYM_MODE_CTR mode, this would refer to the Counter Value.

FSL_SYM_CTX_SAVE 

Save context from hardware into object after running cipher. In FSL_SYM_MODE_CTR mode, this would refer to the Counter Value.

FSL_SYM_CTX_PROTECT 

Context (SBox) is to be unwrapped and wrapped on each use. This flag is unsupported.

Mode selector for Symmetric Ciphers.

The selection of mode determines how a cryptographic algorithm will be used to process the plaintext or ciphertext.

For all modes which are run block-by-block (that is, all but FSL_SYM_MODE_STREAM), any partial operations must be performed on a text length which is multiple of the block size. Except for FSL_SYM_MODE_CTR, these block-by-block algorithms must also be passed a total number of octets which is a multiple of the block size.

In modes which require that the total number of octets of data be a multiple of the block size (FSL_SYM_MODE_ECB and FSL_SYM_MODE_CBC), and the user has a total number of octets which are not a multiple of the block size, the user must perform any necessary padding to get to the correct data length.

Enumerator:
FSL_SYM_MODE_STREAM 

Stream. There is no associated block size. Any request to process data may be of any length. This mode is only for ARC4 operations, and is also the only mode used for ARC4.

FSL_SYM_MODE_ECB 

Electronic Codebook. Each block of data is encrypted/decrypted. The length of the data stream must be a multiple of the block size. This mode may be used for DES, 3DES, and AES. The block size is determined by the algorithm.

FSL_SYM_MODE_CBC 

Cipher-Block Chaining. Each block of data is encrypted/decrypted and then "chained" with the previous block by an XOR function. Requires context to start the XOR (previous block). This mode may be used for DES, 3DES, and AES. The block size is determined by the algorithm.

FSL_SYM_MODE_CTR 

Counter. The counter is encrypted, then XORed with a block of data. The counter is then incremented (using modulus arithmetic) for the next block. The final operation may be non-multiple of block size. This mode may be used for AES. The block size is determined by the algorithm.

FSL_SYM_MODE_STREAM 

Stream. There is no associated block size. Any request to process data may be of any length. This mode is only for ARC4 operations, and is also the only mode used for ARC4.

FSL_SYM_MODE_ECB 

Electronic Codebook. Each block of data is encrypted/decrypted. The length of the data stream must be a multiple of the block size. This mode may be used for DES, 3DES, and AES. The block size is determined by the algorithm.

FSL_SYM_MODE_CBC 

Cipher-Block Chaining. Each block of data is encrypted/decrypted and then "chained" with the previous block by an XOR function. Requires context to start the XOR (previous block). This mode may be used for DES, 3DES, and AES. The block size is determined by the algorithm.

FSL_SYM_MODE_CTR 

Counter. The counter is encrypted, then XORed with a block of data. The counter is then incremented (using modulus arithmetic) for the next block. The final operation may be non-multiple of block size. This mode may be used for AES. The block size is determined by the algorithm.

FSL_SYM_MODE_STREAM 

Stream. There is no associated block size. Any request to process data may be of any length. This mode is only for ARC4 operations, and is also the only mode used for ARC4.

FSL_SYM_MODE_ECB 

Electronic Codebook. Each block of data is encrypted/decrypted. The length of the data stream must be a multiple of the block size. This mode may be used for DES, 3DES, and AES. The block size is determined by the algorithm.

FSL_SYM_MODE_CBC 

Cipher-Block Chaining. Each block of data is encrypted/decrypted and then "chained" with the previous block by an XOR function. Requires context to start the XOR (previous block). This mode may be used for DES, 3DES, and AES. The block size is determined by the algorithm.

FSL_SYM_MODE_CTR 

Counter. The counter is encrypted, then XORed with a block of data. The counter is then incremented (using modulus arithmetic) for the next block. The final operation may be non-multiple of block size. This mode may be used for AES. The block size is determined by the algorithm.

FSL_SYM_MODE_STREAM 

Stream. There is no associated block size. Any request to process data may be of any length. This mode is only for ARC4 operations, and is also the only mode used for ARC4.

FSL_SYM_MODE_ECB 

Electronic Codebook. Each block of data is encrypted/decrypted. The length of the data stream must be a multiple of the block size. This mode may be used for DES, 3DES, and AES. The block size is determined by the algorithm.

FSL_SYM_MODE_CBC 

Cipher-Block Chaining. Each block of data is encrypted/decrypted and then "chained" with the previous block by an XOR function. Requires context to start the XOR (previous block). This mode may be used for DES, 3DES, and AES. The block size is determined by the algorithm.

FSL_SYM_MODE_CTR 

Counter. The counter is encrypted, then XORed with a block of data. The counter is then incremented (using modulus arithmetic) for the next block. The final operation may be non-multiple of block size. This mode may be used for AES. The block size is determined by the algorithm.

FSL_SYM_MODE_STREAM 

Stream. There is no associated block size. Any request to process data may be of any length. This mode is only for ARC4 operations, and is also the only mode used for ARC4.

FSL_SYM_MODE_ECB 

Electronic Codebook. Each block of data is encrypted/decrypted. The length of the data stream must be a multiple of the block size. This mode may be used for DES, 3DES, and AES. The block size is determined by the algorithm.

FSL_SYM_MODE_CBC 

Cipher-Block Chaining. Each block of data is encrypted/decrypted and then "chained" with the previous block by an XOR function. Requires context to start the XOR (previous block). This mode may be used for DES, 3DES, and AES. The block size is determined by the algorithm.

FSL_SYM_MODE_CTR 

Counter. The counter is encrypted, then XORed with a block of data. The counter is then incremented (using modulus arithmetic) for the next block. The final operation may be non-multiple of block size. This mode may be used for AES. The block size is determined by the algorithm.

The various security tamper events

Enumerator:
FSL_SHW_TAMPER_NONE 

No error detected

FSL_SHW_TAMPER_WTD 

wire-mesh tampering det

FSL_SHW_TAMPER_ETBD 

ext tampering det: input B

FSL_SHW_TAMPER_ETAD 

ext tampering det: input A

FSL_SHW_TAMPER_EBD 

external boot detected

FSL_SHW_TAMPER_SAD 

security alarm detected

FSL_SHW_TAMPER_TTD 

temperature tampering det

FSL_SHW_TAMPER_CTD 

clock tampering det

FSL_SHW_TAMPER_VTD 

voltage tampering det

FSL_SHW_TAMPER_MCO 

monotonic counter overflow

FSL_SHW_TAMPER_TCO 

time counter overflow

FSL_SHW_TAMPER_NONE 

No error detected

FSL_SHW_TAMPER_WTD 

wire-mesh tampering det

FSL_SHW_TAMPER_ETBD 

ext tampering det: input B

FSL_SHW_TAMPER_ETAD 

ext tampering det: input A

FSL_SHW_TAMPER_EBD 

external boot detected

FSL_SHW_TAMPER_SAD 

security alarm detected

FSL_SHW_TAMPER_TTD 

temperature tampering det

FSL_SHW_TAMPER_CTD 

clock tampering det

FSL_SHW_TAMPER_VTD 

voltage tampering det

FSL_SHW_TAMPER_MCO 

monotonic counter overflow

FSL_SHW_TAMPER_TCO 

time counter overflow

FSL_SHW_TAMPER_NONE 

No error detected

FSL_SHW_TAMPER_WTD 

wire-mesh tampering det

FSL_SHW_TAMPER_ETBD 

ext tampering det: input B

FSL_SHW_TAMPER_ETAD 

ext tampering det: input A

FSL_SHW_TAMPER_EBD 

external boot detected

FSL_SHW_TAMPER_SAD 

security alarm detected

FSL_SHW_TAMPER_TTD 

temperature tampering det

FSL_SHW_TAMPER_CTD 

clock tampering det

FSL_SHW_TAMPER_VTD 

voltage tampering det

FSL_SHW_TAMPER_MCO 

monotonic counter overflow

FSL_SHW_TAMPER_TCO 

time counter overflow

FSL_SHW_TAMPER_NONE 

No error detected

FSL_SHW_TAMPER_WTD 

wire-mesh tampering det

FSL_SHW_TAMPER_ETBD 

ext tampering det: input B

FSL_SHW_TAMPER_ETAD 

ext tampering det: input A

FSL_SHW_TAMPER_EBD 

external boot detected

FSL_SHW_TAMPER_SAD 

security alarm detected

FSL_SHW_TAMPER_TTD 

temperature tampering det

FSL_SHW_TAMPER_CTD 

clock tampering det

FSL_SHW_TAMPER_VTD 

voltage tampering det

FSL_SHW_TAMPER_MCO 

monotonic counter overflow

FSL_SHW_TAMPER_TCO 

time counter overflow

FSL_SHW_TAMPER_NONE 

No error detected

FSL_SHW_TAMPER_WTD 

wire-mesh tampering det

FSL_SHW_TAMPER_ETBD 

ext tampering det: input B

FSL_SHW_TAMPER_ETAD 

ext tampering det: input A

FSL_SHW_TAMPER_EBD 

external boot detected

FSL_SHW_TAMPER_SAD 

security alarm detected

FSL_SHW_TAMPER_TTD 

temperature tampering det

FSL_SHW_TAMPER_CTD 

clock tampering det

FSL_SHW_TAMPER_VTD 

voltage tampering det

FSL_SHW_TAMPER_MCO 

monotonic counter overflow

FSL_SHW_TAMPER_TCO 

time counter overflow

Flags for the state of the User Context Object (fsl_shw_uco_t).

Enumerator:
FSL_UCO_BLOCKING_MODE 

API will block the caller until operation completes. The result will be available in the return code. If this is not set, user will have to get results using fsl_shw_get_results().

FSL_UCO_CALLBACK_MODE 

User wants callback (at the function specified with fsl_shw_uco_set_callback()) when the operation completes. This flag is valid only if FSL_UCO_BLOCKING_MODE is not set.

FSL_UCO_SAVE_DESC_CHAIN 

Do not free descriptor chain after driver (adaptor) finishes

FSL_UCO_CALLBACK_SETUP_COMPLETE 

User has made at least one request with callbacks requested, so API is ready to handle others.

FSL_UCO_CHAIN_PREPHYSICALIZED 

(virtual) pointer to descriptor chain is completely linked with physical (DMA) addresses, ready for the hardware. This flag should not be used by FSL SHW API programs.

FSL_UCO_CONTEXT_CHANGED 

The user has changed the context but the changes have not been copied to the kernel driver.

FSL_UCO_USERMODE_USER 

Internal Use. This context belongs to a user-mode API user.

FSL_UCO_BLOCKING_MODE 

API will block the caller until operation completes. The result will be available in the return code. If this is not set, user will have to get results using fsl_shw_get_results().

FSL_UCO_CALLBACK_MODE 

User wants callback (at the function specified with fsl_shw_uco_set_callback()) when the operation completes. This flag is valid only if FSL_UCO_BLOCKING_MODE is not set.

FSL_UCO_SAVE_DESC_CHAIN 

Do not free descriptor chain after driver (adaptor) finishes

FSL_UCO_CALLBACK_SETUP_COMPLETE 

User has made at least one request with callbacks requested, so API is ready to handle others.

FSL_UCO_CHAIN_PREPHYSICALIZED 

(virtual) pointer to descriptor chain is completely linked with physical (DMA) addresses, ready for the hardware. This flag should not be used by FSL SHW API programs.

FSL_UCO_CONTEXT_CHANGED 

The user has changed the context but the changes have not been copied to the kernel driver.

FSL_UCO_USERMODE_USER 

Internal Use. This context belongs to a user-mode API user.

FSL_UCO_BLOCKING_MODE 

API will block the caller until operation completes. The result will be available in the return code. If this is not set, user will have to get results using fsl_shw_get_results().

FSL_UCO_CALLBACK_MODE 

User wants callback (at the function specified with fsl_shw_uco_set_callback()) when the operation completes. This flag is valid only if FSL_UCO_BLOCKING_MODE is not set.

FSL_UCO_SAVE_DESC_CHAIN 

Do not free descriptor chain after driver (adaptor) finishes

FSL_UCO_CALLBACK_SETUP_COMPLETE 

User has made at least one request with callbacks requested, so API is ready to handle others.

FSL_UCO_CHAIN_PREPHYSICALIZED 

(virtual) pointer to descriptor chain is completely linked with physical (DMA) addresses, ready for the hardware. This flag should not be used by FSL SHW API programs.

FSL_UCO_CONTEXT_CHANGED 

The user has changed the context but the changes have not been copied to the kernel driver.

FSL_UCO_USERMODE_USER 

Internal Use. This context belongs to a user-mode API user.

FSL_UCO_BLOCKING_MODE 

API will block the caller until operation completes. The result will be available in the return code. If this is not set, user will have to get results using fsl_shw_get_results().

FSL_UCO_CALLBACK_MODE 

User wants callback (at the function specified with fsl_shw_uco_set_callback()) when the operation completes. This flag is valid only if FSL_UCO_BLOCKING_MODE is not set.

FSL_UCO_SAVE_DESC_CHAIN 

Do not free descriptor chain after driver (adaptor) finishes

FSL_UCO_CALLBACK_SETUP_COMPLETE 

User has made at least one request with callbacks requested, so API is ready to handle others.

FSL_UCO_CHAIN_PREPHYSICALIZED 

(virtual) pointer to descriptor chain is completely linked with physical (DMA) addresses, ready for the hardware. This flag should not be used by FSL SHW API programs.

FSL_UCO_CONTEXT_CHANGED 

The user has changed the context but the changes have not been copied to the kernel driver.

FSL_UCO_USERMODE_USER 

Internal Use. This context belongs to a user-mode API user.

FSL_UCO_BLOCKING_MODE 

API will block the caller until operation completes. The result will be available in the return code. If this is not set, user will have to get results using fsl_shw_get_results().

FSL_UCO_CALLBACK_MODE 

User wants callback (at the function specified with fsl_shw_uco_set_callback()) when the operation completes. This flag is valid only if FSL_UCO_BLOCKING_MODE is not set.

FSL_UCO_SAVE_DESC_CHAIN 

Do not free descriptor chain after driver (adaptor) finishes

FSL_UCO_CALLBACK_SETUP_COMPLETE 

User has made at least one request with callbacks requested, so API is ready to handle others.

FSL_UCO_CHAIN_PREPHYSICALIZED 

(virtual) pointer to descriptor chain is completely linked with physical (DMA) addresses, ready for the hardware. This flag should not be used by FSL SHW API programs.

FSL_UCO_CONTEXT_CHANGED 

The user has changed the context but the changes have not been copied to the kernel driver.

FSL_UCO_USERMODE_USER 

Internal Use. This context belongs to a user-mode API user.

This is part of the IOCTL request type passed between kernel and user space. It is added to SHW_IOCTL_REQUEST to generate the actual value.

Enumerator:
SHW_USER_REQ_REGISTER_USER 

Initialize user-kernel discussion.

SHW_USER_REQ_DEREGISTER_USER 

Terminate user-kernel discussion.

SHW_USER_REQ_GET_RESULTS 

Get information on outstanding results.

SHW_USER_REQ_GET_CAPABILITIES 

Get information on hardware support.

SHW_USER_REQ_GET_RANDOM 

Get random data from RNG.

SHW_USER_REQ_ADD_ENTROPY 

Add entropy to hardware RNG.

SHW_USER_REQ_DROP_PERMS 

Diminish the permissions of a block of secure memory

SHW_USER_REQ_SSTATUS 

Check the status of a block of secure memory

SHW_USER_REQ_SFREE 

Free a block of secure memory

SHW_USER_REQ_SCC_ENCRYPT 

Encrypt a region of user-owned secure memory

SHW_USER_REQ_SCC_DECRYPT 

Decrypt a region of user-owned secure memory


Function Documentation

fsl_shw_return_t do_scc_decrypt_region ( fsl_shw_uco_t user_ctx,
void *  partition_base,
uint32_t  offset_bytes,
uint32_t  byte_count,
const uint8_t *  black_data,
uint32_t *  IV,
fsl_shw_cypher_mode_t  cypher_mode 
)

Decrypt a region of secure memory using the hardware secret key.

Parameters:
user_ctx User context
partition_base Base address of the partition
offset_bytes Offset of data from the partition base
byte_count Length of the data to encrypt
black_data Location to store the encrypted data
IV IV to use for the encryption routine
cypher_mode Cyphering mode to use, specified by type fsl_shw_cypher_mode_t
Returns:
A return code of type fsl_shw_return_t.

Call the proper function to decrypt a region of encrypted secure memory

Parameters:
user_ctx User context of the partition owner (NULL in kernel)
partition_base Base address (physical) of the partition
offset_bytes Offset from base address that the decrypted data shall be placed
byte_count Length of the message (bytes)
black_data Pointer to where the encrypted data is stored
IV IV to use for decryption
cypher_mode Cyphering mode to use, specified by type fsl_shw_cypher_mode_t
Returns:
status

Call the proper function to decrypt a region of encrypted secure memory

Parameters:
user_ctx User context of the partition owner (NULL in kernel)
partition_base Base address (physical) of the partition
offset_bytes Offset from base address that the decrypted data shall be placed
byte_count Length of the message (bytes)
black_data Pointer to where the encrypted data is stored
owner_id 
Returns:
status
fsl_shw_return_t do_scc_encrypt_region ( fsl_shw_uco_t user_ctx,
void *  partition_base,
uint32_t  offset_bytes,
uint32_t  byte_count,
uint8_t *  black_data,
uint32_t *  IV,
fsl_shw_cypher_mode_t  cypher_mode 
)

Encrypt a region of secure memory using the hardware secret key.

Parameters:
user_ctx User context
partition_base Base address of the partition
offset_bytes Offset of data from the partition base
byte_count Length of the data to encrypt
black_data Location to store the encrypted data
IV IV to use for the encryption routine
cypher_mode Cyphering mode to use, specified by type fsl_shw_cypher_mode_t
Returns:
A return code of type fsl_shw_return_t.

Call the proper function to encrypt a region of encrypted secure memory

Parameters:
user_ctx User context of the partition owner (NULL in kernel)
partition_base Base address (physical) of the partition
offset_bytes Offset from base address of the data to be encrypted
byte_count Length of the message (bytes)
black_data Pointer to where the encrypted data is stored
IV IV to use for encryption
cypher_mode Cyphering mode to use, specified by type fsl_shw_cypher_mode_t
Returns:
status
fsl_shw_return_t fsl_shw_add_entropy ( fsl_shw_uco_t user_ctx,
uint32_t  length,
uint8_t *  data 
)

Add entropy to random number generator.

Parameters:
user_ctx A user context from fsl_shw_register_user().
length Number of bytes at data.
data Entropy to add to random number generator.
Returns:
A return code of type fsl_shw_return_t.

Add entropy to a random number generator

Parameters:
user_ctx 
length 
data 
Returns:
A return code of type fsl_shw_return_t.
fsl_shw_return_t fsl_shw_auth_decrypt ( fsl_shw_uco_t user_ctx,
fsl_shw_acco_t auth_ctx,
fsl_shw_sko_t cipher_key_info,
fsl_shw_sko_t auth_key_info,
uint32_t  auth_data_length,
const uint8_t *  auth_data,
uint32_t  payload_length,
const uint8_t *  ct,
const uint8_t *  auth_value,
uint8_t *  payload 
)

Authenticate and decrypt a (CCM) stream.

Perform Authentication-Decryption in Cipher + Hash.

This function will perform a one-shot decryption of a data stream as well as authenticate the authentication value. This is a one-shot function, so all of the auth_data and the total message payload must passed in one call. This also means that the flags in the auth_ctx must be FSL_ACCO_CTX_INIT and FSL_ACCO_CTX_FINALIZE.

Parameters:
user_ctx A user context from fsl_shw_register_user().
auth_ctx Controlling object for Authenticate-decrypt.
cipher_key_info The key being used for the cipher part of this operation. In CCM mode, this key is used for both parts.
auth_key_info The key being used for the authentication part of this operation. In CCM mode, this key is ignored and may be NULL.
auth_data_length Length, in octets, of auth_data.
auth_data Data to be authenticated but not decrypted.
payload_length Length, in octets, of ct and pt.
ct Pointer to the encrypted input stream.
auth_value The (encrypted) authentication value which will be authenticated. This is the same data as the (output) auth_value argument to fsl_shw_gen_encrypt().
[out] payload Pointer to where the plaintext resulting from the decryption will be stored.
Returns:
A return code of type fsl_shw_return_t.
Parameters:
user_ctx The user's context
auth_ctx Info on this Auth operation
cipher_key_info Key to encrypt payload
auth_key_info (unused - same key in CCM)
auth_data_length Length in bytes of auth_data
auth_data Any auth-only data
payload_length Length in bytes of payload
ct The encrypted data
auth_value The authentication code to validate
[out] payload The location to store decrypted data
Returns:
A return code of type fsl_shw_return_t.
fsl_shw_return_t fsl_shw_deregister_user ( fsl_shw_uco_t user_ctx  ) 

Destroy the association between the user and the provider of the API.

Parameters:
user_ctx The user context which is no longer needed.
Returns:
A return code of type fsl_shw_return_t.

Destroy the association between the the user and the provider of the API.

Parameters:
user_ctx The user context which is no longer needed.
Returns:
A return code of type fsl_shw_return_t.

Referenced by OS_DEV_CLOSE().

fsl_shw_return_t fsl_shw_diminish_perms ( fsl_shw_uco_t user_ctx,
void *  address,
uint32_t  permissions 
)

Diminish the permissions of a block of secure memory. Note that permissions can only be revoked.

Parameters:
user_ctx User context
address Base address of the secure memory to work with
permissions Permissions to initialize the partition with. Can be made by ORing flags from the fsl_shw_permission_t.
Returns:
A return code of type fsl_shw_return_t.
fsl_shw_return_t fsl_shw_establish_key ( fsl_shw_uco_t user_ctx,
fsl_shw_sko_t key_info,
fsl_shw_key_wrap_t  establish_type,
const uint8_t *  key 
)

Establish the key in a protected location, which can be the system keystore, user keystore, or (on platforms that support it) as a Platform Key.

By default, keys initialized with fsl_shw_sko_init() will be placed into the system keystore. The user can cause the key to be established in a user keystore by first calling fsl_shw_sko_set_keystore() on the key. Normally, keys in the system keystore can only be used for hardware encrypt or decrypt operations, however if the FSL_SKO_KEY_SW_KEY flag is applied using fsl_shw_sko_set_flags(), the key will be established as a software key, which can then be read out using fsl_shw_read_key().

Keys initialized with fsl_shw_sko_init_pf_key() are established as a Platform Key. Their use is covered in Hardware key-select extensions - DryIce.

This function only needs to be used when unwrapping a key, setting up a key which could be wrapped with a later call to fsl_shw_extract_key(), or setting up a key as a Platform Key. Normal cleartext keys can simply be placed into fsl_shw_sko_t key objects with fsl_shw_sko_set_key() and used directly.

The maximum key size supported for wrapped/unwrapped keys is 32 octets. (This is the maximum reasonable key length on Sahara - 32 octets for an HMAC key based on SHA-256.) The key size is determined by the key_info. The expected length of key can be determined by fsl_shw_sko_calculate_wrapped_size()

The protected key will not be available for use until this operation successfully completes.

This feature is not available for all platforms, nor for all algorithms and modes.

Parameters:
user_ctx A user context from fsl_shw_register_user().
[in,out] key_info The information about the key to be which will be established. In the create case, the key length must be set.
establish_type How key will be interpreted to establish a key for use.
key If establish_type is FSL_KEY_WRAP_UNWRAP, this is the location of a wrapped key. If establish_type is FSL_KEY_WRAP_CREATE, this parameter can be NULL. If establish_type is FSL_KEY_WRAP_ACCEPT, this is the location of a plaintext key.

Place a key into a protected location for use only by cryptographic algorithms.

This only needs to be used to a) unwrap a key, or b) set up a key which could be wrapped with a later call to fsl_shw_extract_key(). Normal cleartext keys can simply be placed into fsl_shw_sko_t key objects with fsl_shw_sko_set_key() and used directly.

The maximum key size supported for wrapped/unwrapped keys is 32 octets. (This is the maximum reasonable key length on Sahara - 32 octets for an HMAC key based on SHA-256.) The key size is determined by the key_info. The expected length of key can be determined by fsl_shw_sko_calculate_wrapped_size()

The protected key will not be available for use until this operation successfully completes.

This feature is not available for all platforms, nor for all algorithms and modes.

Parameters:
user_ctx A user context from fsl_shw_register_user().
[in,out] key_info The information about the key to be which will be established. In the create case, the key length must be set.
establish_type How key will be interpreted to establish a key for use.
key If establish_type is FSL_KEY_WRAP_UNWRAP, this is the location of a wrapped key. If establish_type is FSL_KEY_WRAP_CREATE, this parameter can be NULL. If establish_type is FSL_KEY_WRAP_ACCEPT, this is the location of a plaintext key.
Returns:
A return code of type fsl_shw_return_t.
fsl_shw_return_t fsl_shw_extract_key ( fsl_shw_uco_t user_ctx,
fsl_shw_sko_t key_info,
uint8_t *  covered_key 
)

Wrap a key and retrieve the wrapped value.

A wrapped key is a key that has been cryptographically obscured. It is only able to be used with keys that have been established by fsl_shw_establish_key().

For keys established in the system or user keystore, this function will also release the key (see fsl_shw_release_key()) so that it must be re- established before reuse. This function will not release keys that are established as a Platform Key, so a call to fsl_shw_release_key() is necessary to release those keys.

This feature is not available for all platforms, nor for all algorithms and modes.

Parameters:
user_ctx A user context from fsl_shw_register_user().
key_info The information about the key to be deleted.
[out] covered_key The location to store the wrapped key. (This size is based upon the maximum key size of 32 octets).
Returns:
A return code of type fsl_shw_return_t.

Wrap a key and retrieve the wrapped value.

A wrapped key is a key that has been cryptographically obscured. It is only able to be used with fsl_shw_establish_key().

This function will also release the key (see fsl_shw_release_key()) so that it must be re-established before reuse.

This feature is not available for all platforms, nor for all algorithms and modes.

Parameters:
user_ctx A user context from fsl_shw_register_user().
key_info The information about the key to be deleted.
[out] covered_key The location to store the 48-octet wrapped key. (This size is based upon the maximum key size of 32 octets).
Returns:
A return code of type fsl_shw_return_t.
fsl_shw_return_t fsl_shw_gen_encrypt ( fsl_shw_uco_t user_ctx,
fsl_shw_acco_t auth_ctx,
fsl_shw_sko_t cipher_key_info,
fsl_shw_sko_t auth_key_info,
uint32_t  auth_data_length,
const uint8_t *  auth_data,
uint32_t  payload_length,
const uint8_t *  payload,
uint8_t *  ct,
uint8_t *  auth_value 
)

Generate a (CCM) auth code and encrypt the payload.

Perform Generation-Encryption by doing a Cipher and a Hash.

Generate the authentication value auth_value as well as encrypt the payload into ct (the ciphertext). This is a one-shot function, so all of the auth_data and the total message payload must passed in one call. This also means that the flags in the auth_ctx must be FSL_ACCO_CTX_INIT and FSL_ACCO_CTX_FINALIZE.

Parameters:
user_ctx A user context from fsl_shw_register_user().
auth_ctx Controlling object for Authenticate-decrypt.
cipher_key_info The key being used for the cipher part of this operation. In CCM mode, this key is used for both parts.
auth_key_info The key being used for the authentication part of this operation. In CCM mode, this key is ignored and may be NULL.
auth_data_length Length, in octets, of auth_data.
auth_data Data to be authenticated but not encrypted.
payload_length Length, in octets, of payload.
payload Pointer to the plaintext to be encrypted.
[out] ct Pointer to the where the encrypted payload will be stored. Must be payload_length octets long.
[out] auth_value Pointer to where the generated authentication field will be stored. Must be as many octets as indicated by MAC length in the function_ctx.
Returns:
A return code of type fsl_shw_return_t.

This is a very complicated function. Seven (or eight) descriptors are required to perform a CCM calculation.

First: Load CTR0 and key.

Second: Run an octet of data through to bump to CTR1. (This could be done in software, but software will have to bump and later decrement - or copy and bump.

Third: (in Virtio) Load a descriptor with data of zeros for CBC IV.

Fourth: Run any (optional) "additional data" through the CBC-mode portion of the algorithm.

Fifth: Run the payload through in CCM mode.

Sixth: Extract the unencrypted MAC.

Seventh: Load CTR0.

Eighth: Encrypt the MAC.

Parameters:
user_ctx The user's context
auth_ctx Info on this Auth operation
cipher_key_info Key to encrypt payload
auth_key_info (unused - same key in CCM)
auth_data_length Length in bytes of auth_data
auth_data Any auth-only data
payload_length Length in bytes of payload
payload The data to encrypt
[out] ct The location to store encrypted data
[out] auth_value The location to store authentication code
Returns:
A return code of type fsl_shw_return_t.
fsl_shw_pco_t * fsl_shw_get_capabilities ( fsl_shw_uco_t user_ctx  ) 

Determine the hardware security capabilities of this platform.

Though a user context object is passed into this function, it will always act in a non-blocking manner.

Parameters:
user_ctx The user context which will be used for the query.
Returns:
A pointer to the capabilities object.

Referenced by run_user_wrap(), and run_wrap().

fsl_shw_return_t fsl_shw_get_random ( fsl_shw_uco_t user_ctx,
uint32_t  length,
uint8_t *  data 
)

Get random data.

Parameters:
user_ctx A user context from fsl_shw_register_user().
length The number of octets of data being requested.
[out] data A pointer to a location of length octets to where random data will be returned.
Returns:
A return code of type fsl_shw_return_t.

Get random data.

Parameters:
user_ctx A user context from fsl_shw_register_user().
length The number of octets of data being requested.
data A pointer to a location of length octets to where random data will be returned.
Returns:
FSL_RETURN_NO_RESOURCE_S A return code of type fsl_shw_return_t. FSL_RETURN_OK_S

Get a random number

Parameters:
user_ctx 
length 
data 
Returns:
A return code of type fsl_shw_return_t.
fsl_shw_return_t fsl_shw_get_results ( fsl_shw_uco_t user_ctx,
unsigned  result_size,
fsl_shw_result_t  results[],
unsigned *  result_count 
)

Retrieve results from earlier operations.

Parameters:
user_ctx The user's context.
result_size The number of array elements of results.
[in,out] results Pointer to first of the (array of) locations to store results.
[out] result_count Pointer to store the number of results which were returned.
Returns:
A return code of type fsl_shw_return_t.

Referenced by get_results().

fsl_shw_return_t fsl_shw_hash ( fsl_shw_uco_t user_ctx,
fsl_shw_hco_t hash_ctx,
const uint8_t *  msg,
uint32_t  length,
uint8_t *  result,
uint32_t  result_len 
)

Hash a stream of data with a cryptographic hash algorithm.

The flags in the hash_ctx control the operation of this function.

Hashing functions work on 64 octets of message at a time. Therefore, when any partial hashing of a long message is performed, the message length of each segment must be a multiple of 64. When ready to FSL_HASH_FLAGS_FINALIZE the hash, the length may be any value.

With the FSL_HASH_FLAGS_INIT and FSL_HASH_FLAGS_FINALIZE flags on, a one-shot complete hash, including padding, will be performed. The length may be any value.

The first octets of a data stream can be hashed by setting the FSL_HASH_FLAGS_INIT and FSL_HASH_FLAGS_SAVE flags. The length must be a multiple of 64.

The flag FSL_HASH_FLAGS_LOAD is used to load a context previously saved by FSL_HASH_FLAGS_SAVE. The two in combination will allow a (multiple-of-64 octets) 'middle sequence' of the data stream to be hashed with the beginning. The length must again be a multiple of 64.

Since the flag FSL_HASH_FLAGS_LOAD is used to load a context previously saved by FSL_HASH_FLAGS_SAVE, the FSL_HASH_FLAGS_LOAD and FSL_HASH_FLAGS_FINALIZE flags, used together, can be used to finish the stream. The length may be any value.

If the user program wants to do the padding for the hash, it can leave off the FSL_HASH_FLAGS_FINALIZE flag. The length must then be a multiple of 64 octets.

Parameters:
user_ctx A user context from fsl_shw_register_user().
[in,out] hash_ctx Hashing algorithm and state of the cipher.
msg Pointer to the data to be hashed.
length Length, in octets, of the msg.
[out] result If not null, pointer to where to store the hash digest.
result_len Number of octets to store in result.
Returns:
A return code of type fsl_shw_return_t.
fsl_shw_return_t fsl_shw_hmac ( fsl_shw_uco_t user_ctx,
fsl_shw_sko_t key_info,
fsl_shw_hmco_t hmac_ctx,
const uint8_t *  msg,
uint32_t  length,
uint8_t *  result,
uint32_t  result_len 
)

Get the hmac

Parameters:
user_ctx Info for acquiring memory
key_info 
hmac_ctx 
msg 
length 
result 
result_len 
Returns:
A return code of type fsl_shw_return_t.

Continue, finalize, or one-shot an HMAC operation.

There are a number of ways to use this function. The flags in the hmac_ctx object will determine what operations occur.

If FSL_HMAC_FLAGS_INIT is set, then the hash will be started either from the key_info, or from the precomputed inner hash value in the hmac_ctx, depending on the value of FSL_HMAC_FLAGS_PRECOMPUTES_PRESENT.

If, instead, FSL_HMAC_FLAGS_LOAD is set, then the hash will be continued from the ongoing inner hash computation in the hmac_ctx.

If FSL_HMAC_FLAGS_FINALIZE are set, then the msg will be padded, hashed, the outer hash will be performed, and the result will be generated.

If the FSL_HMAC_FLAGS_SAVE flag is set, then the (ongoing or final) digest value will be stored in the ongoing inner hash computation field of the hmac_ctx.

Parameters:
user_ctx A user context from fsl_shw_register_user().
key_info If FSL_HMAC_FLAGS_INIT is set in the hmac_ctx, this is the key being used in this operation, and the IPAD. If FSL_HMAC_FLAGS_INIT is set in the hmac_ctx and key_info is NULL, then fsl_shw_hmac_precompute() has been used to populate the inner_precompute and outer_precompute contexts. If FSL_HMAC_FLAGS_INIT is not set, this parameter is ignored.
[in,out] hmac_ctx The context which controls, by its flags and algorithm, the operation of this function.
msg Pointer to the message to be hashed.
length Length, in octets, of the msg.
[out] result Pointer, of result_len octets, to where to store the HMAC.
result_len Length of result buffer.
Returns:
A return code of type fsl_shw_return_t.

Get the hmac

Parameters:
user_ctx Info for acquiring memory
key_info 
hmac_ctx 
msg 
length 
result 
result_len 
Returns:
A return code of type fsl_shw_return_t.
fsl_shw_return_t fsl_shw_hmac_precompute ( fsl_shw_uco_t user_ctx,
fsl_shw_sko_t key_info,
fsl_shw_hmco_t hmac_ctx 
)

Get the precompute information

Parameters:
user_ctx 
key_info 
hmac_ctx 
Returns:
A return code of type fsl_shw_return_t.

Precompute the Key hashes for an HMAC operation.

This function may be used to calculate the inner and outer precomputes, which are the hash contexts resulting from hashing the XORed key for the 'inner hash' and the 'outer hash', respectively, of the HMAC function.

After execution of this function, the hmac_ctx will contain the precomputed inner and outer contexts, so that they may be used by fsl_shw_hmac(). The flags of hmac_ctx will be updated with FSL_HMAC_FLAGS_PRECOMPUTES_PRESENT to mark their presence. In addition, the FSL_HMAC_FLAGS_INIT flag will be set.

Parameters:
user_ctx A user context from fsl_shw_register_user().
key_info The key being used in this operation. Key must be 1 to 64 octets long.
[in,out] hmac_ctx The context which controls, by its flags and algorithm, the operation of this function.
Returns:
A return code of type fsl_shw_return_t.

Get the precompute information

Parameters:
user_ctx 
key_info 
hmac_ctx 
Returns:
A return code of type fsl_shw_return_t.
fsl_shw_return_t fsl_shw_read_key ( fsl_shw_uco_t user_ctx,
fsl_shw_sko_t key_info,
uint8_t *  key 
)

Read the key value from a key object.

Only a key marked as a software key (FSL_SKO_KEY_SW_KEY) can be read with this call. It has no effect on the status of the key store.

Parameters:
user_ctx A user context from fsl_shw_register_user().
key_info The referenced key.
[out] key The location to store the key value.
Returns:
A return code of type fsl_shw_return_t.
fsl_shw_return_t fsl_shw_register_user ( fsl_shw_uco_t user_ctx  ) 

Create an association between the user and the provider of the API.

Parameters:
user_ctx The user context which will be used for this association.
Returns:
A return code of type fsl_shw_return_t.

Create an association between the the user and the provider of the API.

Parameters:
user_ctx The user context which will be used for this association.
Returns:
A return code of type fsl_shw_return_t.

Referenced by OS_DEV_MMAP(), and OS_DEV_OPEN().

fsl_shw_return_t fsl_shw_release_key ( fsl_shw_uco_t user_ctx,
fsl_shw_sko_t key_info 
)

De-establish a key so that it can no longer be accessed.

The key will need to be re-established before it can again be used.

This feature is not available for all platforms, nor for all algorithms and modes.

Parameters:
user_ctx A user context from fsl_shw_register_user().
key_info The information about the key to be deleted.
Returns:
A return code of type fsl_shw_return_t.
fsl_shw_return_t fsl_shw_sfree ( fsl_shw_uco_t user_ctx,
void *  address 
)

Free a block of secure memory that was allocated with fsl_shw_smalloc

Parameters:
user_ctx User context
address Address of the block of secure memory to be released.
Returns:
A return code of type fsl_shw_return_t.
void * fsl_shw_smalloc ( fsl_shw_uco_t user_ctx,
uint32_t  size,
const uint8_t *  UMID,
uint32_t  permissions 
)

Allocate a block of secure memory

Parameters:
user_ctx User context
size Memory size (octets). Note: currently only supports only single-partition sized blocks.
UMID User Mode ID to use when registering the partition.
permissions Permissions to initialize the partition with. Can be made by ORing flags from the fsl_shw_permission_t.
Returns:
Address of the allocated memory. NULL if the call was not successful.
fsl_shw_return_t fsl_shw_symmetric_decrypt ( fsl_shw_uco_t user_ctx,
fsl_shw_sko_t key_info,
fsl_shw_scco_t sym_ctx,
uint32_t  length,
const uint8_t *  ct,
uint8_t *  pt 
)

Decrypt a stream of data with a symmetric-key algorithm.

In ARC4, and also in FSL_SYM_MODE_CBC and FSL_SYM_MODE_CTR modes, the flags of the sym_ctx object will control part of the operation of this function. The FSL_SYM_CTX_INIT flag means that there is no context info in the object. The FSL_SYM_CTX_LOAD means to use information in the sym_ctx at the start of the operation, and the FSL_SYM_CTX_SAVE flag means to update the object's context information after the operation has been performed.

All of the data for an operation can be run through at once using the FSL_SYM_CTX_INIT or FSL_SYM_CTX_LOAD flags, as appropriate, and then using a length for the whole of the data.

If a FSL_SYM_CTX_SAVE flag were added, an additional call to the function would "pick up" where the previous call left off, allowing the user to perform the larger function in smaller steps.

In FSL_SYM_MODE_CBC and FSL_SYM_MODE_ECB modes, the length must always be a multiple of the block size for the algorithm being used. For proper operation in FSL_SYM_MODE_CTR mode, the length must be a multiple of the block size until the last operation on the total octet stream.

Some users of ARC4 may want to compute the context (S-Box and pointers) from the key before any data is available. This may be done by running this function with a length of zero, with the FSL_SYM_CTX_INIT & FSL_SYM_CTX_SAVE flags on in the sym_ctx. Subsequent operations would then run as normal with the load & save flags. Note that they key object is still required.

Parameters:
user_ctx A user context from fsl_shw_register_user().
key_info The key and algorithm being used in this operation.
[in,out] sym_ctx Info on cipher mode, state of the cipher.
length Length, in octets, of the ct (and pt).
ct pointer to ciphertext to be decrypted.
[out] pt pointer to where to store the resulting plaintext.
Returns:
A return code of type fsl_shw_return_t

Compute symmetric decryption

Parameters:
user_ctx 
key_info 
sym_ctx 
length 
pt 
ct 
Returns:
A return code of type fsl_shw_return_t.
fsl_shw_return_t fsl_shw_symmetric_encrypt ( fsl_shw_uco_t user_ctx,
fsl_shw_sko_t key_info,
fsl_shw_scco_t sym_ctx,
uint32_t  length,
const uint8_t *  pt,
uint8_t *  ct 
)

Encrypt a stream of data with a symmetric-key algorithm.

In ARC4, and also in FSL_SYM_MODE_CBC and FSL_SYM_MODE_CTR modes, the flags of the sym_ctx object will control part of the operation of this function. The FSL_SYM_CTX_INIT flag means that there is no context info in the object. The FSL_SYM_CTX_LOAD means to use information in the sym_ctx at the start of the operation, and the FSL_SYM_CTX_SAVE flag means to update the object's context information after the operation has been performed.

All of the data for an operation can be run through at once using the FSL_SYM_CTX_INIT or FSL_SYM_CTX_LOAD flags, as appropriate, and then using a length for the whole of the data.

If a FSL_SYM_CTX_SAVE flag were added, an additional call to the function would "pick up" where the previous call left off, allowing the user to perform the larger function in smaller steps.

In FSL_SYM_MODE_CBC and FSL_SYM_MODE_ECB modes, the length must always be a multiple of the block size for the algorithm being used. For proper operation in FSL_SYM_MODE_CTR mode, the length must be a multiple of the block size until the last operation on the total octet stream.

Some users of ARC4 may want to compute the context (S-Box and pointers) from the key before any data is available. This may be done by running this function with a length of zero, with the init & save flags flags on in the sym_ctx. Subsequent operations would then run as normal with the load and save flags. Note that they key object is still required.

Parameters:
user_ctx A user context from fsl_shw_register_user().
key_info Key and algorithm being used for this operation.
[in,out] sym_ctx Info on cipher mode, state of the cipher.
length Length, in octets, of the pt (and ct).
pt pointer to plaintext to be encrypted.
[out] ct pointer to where to store the resulting ciphertext.
Returns:
A return code of type fsl_shw_return_t.

Compute symmetric encryption

Parameters:
user_ctx 
key_info 
sym_ctx 
length 
pt 
ct 
Returns:
A return code of type fsl_shw_return_t.
footer
©  Freescale Semiconductor, Inc., 2007.  All rights reserved.
Freescale Confidential Proprietary
NDA Required
doxygen