/** * This function process a block of data via the HASH Hardware. * The function receives as input an handle to the HASH Context , that was initialized before * by an CRYS_HASH_Init function or by other CRYS_HASH_Update * function. The function Sets the hardware with the last H's * value that where stored in the CRYS HASH context and then * process the data block using the hardware and in the end of * the process stores in the HASH context the H's value HASH * Context with the cryptographic attributes that are needed for * the HASH block operation ( initialize H's value for the HASH * algorithm ). This function is used in cases not all the data * is arrange in one continues buffer. * * The function flow: * * 1) checking the parameters validty if there is an error the function shall exit with an error code. * 2) Aquiring the working context from the CCM manager. * 3) If there isnt enouth data in the previous update data buff in the context plus the received data * load it to the context buffer and exit the function. * 4) fill the previous update data buffer to contain an entire block. * 5) Calling the hardware low level function to execute the update. * 6) fill the previous update data buffer with the data not processed at the end of the received data. * 7) release the CCM context. * * @param[in] ContextID_ptr - a pointer to the HASH context buffer allocated by the user that * is used for the HASH machine operation. * * @param DataIn_ptr a pointer to the buffer that stores the data to be * hashed . * * @param DataInSize The size of the data to be hashed in bytes. * * @return CRYSError_t on success the function returns CRYS_OK else non ZERO error. * */ CEXPORT_C CRYSError_t CRYS_HASH_Update(CRYS_HASHUserContext_t* ContextID_ptr, DxUint8_t* DataIn_ptr, DxUint32_t DataInSize ) { struct sep_ctx_hash *pHashContext; CRYS_HASHPrivateContext_t *pHashPrivContext; int symRc = DX_RET_OK; int hash_block_size_in_bytes = 0; if ( ContextID_ptr == DX_NULL ) { return CRYS_HASH_INVALID_USER_CONTEXT_POINTER_ERROR; } if( DataInSize == 0 ) { return CRYS_OK; } if( DataIn_ptr == DX_NULL ) { return CRYS_HASH_DATA_IN_POINTER_INVALID_ERROR; } // PRINT_INFO("--->NOW enter into CRYS_HASH_Update\n"); /* check validity for priv */ if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_HASHUserContext_t))) { return CRYS_HASH_ILLEGAL_PARAMS_ERROR; } /* Get pointer to contiguous context in the HOST buffer */ pHashContext = (struct sep_ctx_hash *)DX_GetUserCtxLocation(ContextID_ptr->buff); pHashPrivContext = (CRYS_HASHPrivateContext_t *)&(((uint32_t*)pHashContext)[CRYS_HASH_USER_CTX_ACTUAL_SIZE_IN_WORDS-1]); if (pHashPrivContext->isLastBlockProcessed != 0) { return CRYS_HASH_LAST_BLOCK_ALREADY_PROCESSED_ERROR; } if (pHashContext->mode < SEP_HASH_SHA512) hash_block_size_in_bytes = CRYS_HASH_BLOCK_SIZE_IN_BYTES; else hash_block_size_in_bytes = CRYS_HASH_SHA512_BLOCK_SIZE_IN_BYTES; if ((DataInSize % hash_block_size_in_bytes) == 0) { symRc = SymDriverAdaptorProcess((struct sep_ctx_generic *)pHashContext, DataIn_ptr, NULL, DataInSize); if (symRc != DX_RET_OK) { return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysHashErr); } } else { /* this is the last block */ pHashPrivContext->isLastBlockProcessed = 1; symRc = SymDriverAdaptorFinalize((struct sep_ctx_generic *)pHashContext, DataIn_ptr, NULL, DataInSize); if (symRc != DX_RET_OK) { return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysHashErr); } } //PRINT_INFO("--->NOW leave CRYS_HASH_Update\n"); return CRYS_OK; }
/** * This function finalizes the HMAC processing of a data block. * The function receives as input a handle to the HMAC Context that was previously initialized * by a CRYS_HMAC_Init function or by a CRYS_HMAC_Update function. * This function finishes the HASH operation on the ipad and text, and then * executes a new HASH operation with the key XOR opad and the previous HASH operation result. * * @param[in] ContextID_ptr - A pointer to the HMAC context buffer allocated by the user * that is used for the HMAC machine operation. * * @retval HmacResultBuff - A pointer to the target buffer where the * HMAC result stored in the context is loaded to. * * @return CRYSError_t - On success the function returns CRYS_OK, * and on failure a non-ZERO error. */ CIMPORT_C CRYSError_t CRYS_HMAC_Finish( CRYS_HMACUserContext_t *ContextID_ptr, CRYS_HASH_Result_t HmacResultBuff ) { struct sep_ctx_hmac *pHmacContext; CRYS_HMACPrivateContext_t *pHmacPrivContext; int symRc = DX_RET_OK; uint32_t hmacDigesSize; /* if the users context ID pointer is DX_NULL return an error */ if( ContextID_ptr == DX_NULL ) { return CRYS_HMAC_INVALID_USER_CONTEXT_POINTER_ERROR; } /* check validity for priv */ if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_HMACUserContext_t))) { return CRYS_HMAC_ILLEGAL_PARAMS_ERROR; } /* Get pointer to contiguous context in the HOST buffer */ pHmacContext = (struct sep_ctx_hmac *)DX_GetUserCtxLocation(ContextID_ptr->buff); pHmacPrivContext = (CRYS_HMACPrivateContext_t *)&(((uint32_t*)pHmacContext)[CRYS_HMAC_USER_CTX_ACTUAL_SIZE_IN_WORDS-1]); /* check validity for priv */ if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, pHmacContext, sizeof(struct sep_ctx_hmac))) { return CRYS_HMAC_ILLEGAL_PARAMS_ERROR; } if (pHmacPrivContext->isLastBlockProcessed == 0) { symRc = SymDriverAdaptorFinalize((struct sep_ctx_generic *)pHmacContext, NULL, NULL, 0); if (symRc != DX_RET_OK) { return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysHmacErr); } } switch(pHmacContext->mode){ case SEP_HASH_SHA1: hmacDigesSize = SEP_SHA1_DIGEST_SIZE; break; case SEP_HASH_SHA224: hmacDigesSize = SEP_SHA224_DIGEST_SIZE; break; case SEP_HASH_SHA256: hmacDigesSize = SEP_SHA256_DIGEST_SIZE; break; case SEP_HASH_SHA384: hmacDigesSize = SEP_SHA384_DIGEST_SIZE; break; case SEP_HASH_SHA512: hmacDigesSize = SEP_SHA512_DIGEST_SIZE; break; default: hmacDigesSize = -1; break; } DX_PAL_MemCopy(HmacResultBuff, pHmacContext->digest, hmacDigesSize); return CRYS_OK; }
CIMPORT_C CRYSError_t CRYS_HMAC_Update(CRYS_HMACUserContext_t *ContextID_ptr, DxUint8_t *DataIn_ptr, DxUint32_t DataInSize ) { struct sep_ctx_hmac *pHmacContext; CRYS_HMACPrivateContext_t *pHmacPrivContext; int symRc = DX_RET_OK; uint32_t blockSizeBytes; /* if the users context ID pointer is DX_NULL return an error */ if( ContextID_ptr == DX_NULL ) { return CRYS_HMAC_INVALID_USER_CONTEXT_POINTER_ERROR; } /* if the users Data In pointer is illegal and the size is not 0 return an error */ if( (DataIn_ptr == DX_NULL) && DataInSize ) { return CRYS_HMAC_DATA_IN_POINTER_INVALID_ERROR; } /* if the data size is zero no need to execute an update , return CRYS_OK */ if( DataInSize == 0 ) { return CRYS_OK; } /* check validity for priv */ if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_HMACUserContext_t))) { return CRYS_HMAC_ILLEGAL_PARAMS_ERROR; } /* Get pointer to contiguous context in the HOST buffer */ pHmacContext = (struct sep_ctx_hmac *)DX_GetUserCtxLocation(ContextID_ptr->buff); pHmacPrivContext = (CRYS_HMACPrivateContext_t *)&(((uint32_t*)pHmacContext)[CRYS_HMAC_USER_CTX_ACTUAL_SIZE_IN_WORDS-1]); if (pHmacPrivContext->isLastBlockProcessed != 0) { return CRYS_HMAC_LAST_BLOCK_ALREADY_PROCESSED_ERROR; } blockSizeBytes = GetHmacBlocktSize(pHmacContext->mode); if ((DataInSize % blockSizeBytes) == 0) { symRc = SymDriverAdaptorProcess((struct sep_ctx_generic *)pHmacContext, DataIn_ptr, NULL, DataInSize); if (symRc != DX_RET_OK) { return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysHmacErr); } } else { /* this is the last block */ pHmacPrivContext->isLastBlockProcessed = 1; symRc = SymDriverAdaptorFinalize((struct sep_ctx_generic *)pHmacContext, DataIn_ptr, NULL, DataInSize); if (symRc != DX_RET_OK) { return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysHmacErr); } } return CRYS_OK; }
CEXPORT_C CRYSError_t CRYS_HASH_Finish( CRYS_HASHUserContext_t* ContextID_ptr, CRYS_HASH_Result_t HashResultBuff ) { struct sep_ctx_hash *pHashContext; CRYS_HASHPrivateContext_t *pHashPrivContext; int symRc = DX_RET_OK; //PRINT_INFO("--->NOW enter into CRYS_HASH_Finish\n"); if ( ContextID_ptr == DX_NULL ) { return CRYS_HASH_INVALID_USER_CONTEXT_POINTER_ERROR; } if ( HashResultBuff == DX_NULL ) { return CRYS_HASH_INVALID_RESULT_BUFFER_POINTER_ERROR; } /* check validity for priv */ if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_HASHUserContext_t))) { return CRYS_HASH_ILLEGAL_PARAMS_ERROR; } /* Get pointer to contiguous context in the HOST buffer */ pHashContext = (struct sep_ctx_hash *)DX_GetUserCtxLocation(ContextID_ptr->buff); pHashPrivContext = (CRYS_HASHPrivateContext_t *)&(((uint32_t*)pHashContext)[CRYS_HASH_USER_CTX_ACTUAL_SIZE_IN_WORDS-1]); /* check access permission for applet */ if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, HashResultBuff, sizeof(struct sep_ctx_hash))) { return CRYS_HASH_ILLEGAL_PARAMS_ERROR; } if (pHashPrivContext->isLastBlockProcessed == 0) { symRc = SymDriverAdaptorFinalize((struct sep_ctx_generic *)pHashContext, NULL, NULL, 0); if (symRc != DX_RET_OK) { return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysHashErr); } } /* Copy the result to the user buffer */ DX_PAL_MemCopy(HashResultBuff, pHashContext->digest, CRYS_HASH_RESULT_SIZE_IN_WORDS*sizeof(DxUint32_t)); return CRYS_OK; }
/*! * This function is used to finish the combined or tunneling operations * It releases all used contexts (including suboperation ones). * * \param pConfig A pointer to the Configuration Nodes array (NodesConfig). * This array represents the user combined scheme. * \param cipherOffset Relevant in cases where the authenticated data resides in * a different offset from the cipher data. * Note: currently an error returned for any value other than zero. * \param pDataIn A pointer on a block of input data ready for processing. * \param dataInSize The size of the input data. * \param pDataOut A pointer to output data. Could be the same as input data pointer * (for inplace operations) or NULL if there is only * authentication for output. * \param pAuthDataOut A pointer to authenticated or digested output result. * * \return CIMPORT_C CRYSError_t On success the value CRYS_OK is returned, * and on failure - a value from crys_combined_error.h */ CIMPORT_C CRYSError_t CRYS_Combined_Finish( CrysCombinedConfig_t *pConfig, uint32_t cipherOffset, uint8_t *pDataIn, uint32_t dataInSize, uint8_t *pDataOut, uint8_t *pAuthDataOut, uint32_t *pAuthDataOutSize) { CRYS_COMBINED_UserContext_t combinedUsrCtx; struct sep_ctx_combined *pcombinedCtx; CRYSError_t crysErr = CRYS_OK; int symRc = DX_RET_OK; /* parameters check */ if (pConfig == DX_NULL) { return CRYS_COMBINED_INVALID_NODES_CONFIG_POINTER_ERROR; } if (cipherOffset != 0) { /*currently cipher address must be equal to the auth address*/ return CRYS_COMBINED_ILLEGAL_OPERATION_MODE_ERROR; } /* check validity for priv */ if ( DxCcAcl_IsBuffAccessOk(ACCESS_READ, pConfig, sizeof(CrysCombinedConfig_t)) || DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, pAuthDataOutSize, sizeof(uint32_t)) || DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, pAuthDataOut, *pAuthDataOutSize)) { return CRYS_COMBINED_ILLEGAL_PARAMS_ERROR; } /* Get pointer to contiguous context in the HOST buffer */ pcombinedCtx = (struct sep_ctx_combined *)DX_InitUserCtxLocation(combinedUsrCtx.buff, sizeof(CRYS_COMBINED_UserContext_t), sizeof(struct sep_ctx_combined)); InitCombinedContext(pcombinedCtx, pConfig); if ((pcombinedCtx->mode != SEP_COMBINED_DIN_TO_AES_TO_AES_TO_DOUT_MODE) && (pAuthDataOutSize == DX_NULL)) { return CRYS_COMBINED_DATA_AUTH_BUFFER_SIZE_INVALID_ERROR; } switch (pcombinedCtx->mode) { case SEP_COMBINED_DIN_TO_AES_TO_HASH_MODE: case SEP_COMBINED_DIN_TO_AES_AND_HASH_MODE: case SEP_COMBINED_DIN_TO_AES_TO_HASH_AND_DOUT_MODE: if (pAuthDataOut == NULL) { return CRYS_COMBINED_DATA_AUTH_POINTER_INVALID_ERROR; } break; case SEP_COMBINED_DIN_TO_AES_TO_AES_TO_DOUT_MODE: break; default: return CRYS_COMBINED_ILLEGAL_OPERATION_MODE_ERROR; } crysErr = ValidateSupportedModes(pcombinedCtx); if (crysErr != CRYS_OK) { return crysErr; } symRc = SymDriverAdaptorFinalize((struct sep_ctx_generic *)pcombinedCtx, pDataIn, pDataOut, dataInSize); if (symRc != DX_RET_OK) { return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysCombinedErr); } switch (pcombinedCtx->mode) { case SEP_COMBINED_DIN_TO_AES_TO_HASH_MODE: case SEP_COMBINED_DIN_TO_AES_AND_HASH_MODE: case SEP_COMBINED_DIN_TO_AES_TO_HASH_AND_DOUT_MODE: { struct sep_ctx_hash *pHashCtx = (struct sep_ctx_hash *)pcombinedCtx->sub_ctx[1]; uint32_t digestSize; crysErr = GetHashDigestSize(pHashCtx->mode, &digestSize); if (crysErr != CRYS_OK) { return CRYS_COMBINED_HASH_DIGEST_SIZE_ERROR; } if ((digestSize == 0) || (*pAuthDataOutSize < digestSize)) { return CRYS_COMBINED_DATA_AUTH_BUFFER_SIZE_INVALID_ERROR; } /* set the digest length out and copy digest result */ *pAuthDataOutSize = digestSize; DX_PAL_MemCopy( pAuthDataOut, pHashCtx->digest, *pAuthDataOutSize ); break; } case SEP_COMBINED_DIN_TO_AES_TO_AES_TO_DOUT_MODE: break; default: return CRYS_COMBINED_ILLEGAL_OPERATION_MODE_ERROR; } return CRYS_OK; }