/**
* This function process a block of data via the HASH Hardware.
* The function receives as input an handle to the HASH Context , that was initialized before
* by an CRYS_HASH_Init function or by other CRYS_HASH_Update
* function. The function Sets the hardware with the last H's
* value that where stored in the CRYS HASH context and then
* process the data block using the hardware and in the end of
* the process stores in the HASH context the H's value HASH
* Context with the cryptographic attributes that are needed for
* the HASH block operation ( initialize H's value for the HASH
* algorithm ). This function is used in cases not all the data
* is arrange in one continues buffer.
*
* The function flow:
*
* 1) checking the parameters validty if there is an error the function shall exit with an error code.
* 2) Aquiring the working context from the CCM manager.
* 3) If there isnt enouth data in the previous update data buff in the context plus the received data
* load it to the context buffer and exit the function.
* 4) fill the previous update data buffer to contain an entire block.
* 5) Calling the hardware low level function to execute the update.
* 6) fill the previous update data buffer with the data not processed at the end of the received data.
* 7) release the CCM context.
*
* @param[in] ContextID_ptr - a pointer to the HASH context buffer allocated by the user that
* is used for the HASH machine operation.
*
* @param DataIn_ptr a pointer to the buffer that stores the data to be
* hashed .
*
* @param DataInSize The size of the data to be hashed in bytes.
*
* @return CRYSError_t on success the function returns CRYS_OK else non ZERO error.
*
*/
CEXPORT_C CRYSError_t CRYS_HASH_Update(CRYS_HASHUserContext_t* ContextID_ptr,
DxUint8_t* DataIn_ptr,
DxUint32_t DataInSize )
{
struct sep_ctx_hash *pHashContext;
CRYS_HASHPrivateContext_t *pHashPrivContext;
int symRc = DX_RET_OK;
int hash_block_size_in_bytes = 0;
if ( ContextID_ptr == DX_NULL ) {
return CRYS_HASH_INVALID_USER_CONTEXT_POINTER_ERROR;
}
if( DataInSize == 0 ) {
return CRYS_OK;
}
if( DataIn_ptr == DX_NULL ) {
return CRYS_HASH_DATA_IN_POINTER_INVALID_ERROR;
}
// PRINT_INFO("--->NOW enter into CRYS_HASH_Update\n");
/* check validity for priv */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_HASHUserContext_t))) {
return CRYS_HASH_ILLEGAL_PARAMS_ERROR;
}
/* Get pointer to contiguous context in the HOST buffer */
pHashContext = (struct sep_ctx_hash *)DX_GetUserCtxLocation(ContextID_ptr->buff);
pHashPrivContext = (CRYS_HASHPrivateContext_t *)&(((uint32_t*)pHashContext)[CRYS_HASH_USER_CTX_ACTUAL_SIZE_IN_WORDS-1]);
if (pHashPrivContext->isLastBlockProcessed != 0) {
return CRYS_HASH_LAST_BLOCK_ALREADY_PROCESSED_ERROR;
}
if (pHashContext->mode < SEP_HASH_SHA512)
hash_block_size_in_bytes = CRYS_HASH_BLOCK_SIZE_IN_BYTES;
else
hash_block_size_in_bytes = CRYS_HASH_SHA512_BLOCK_SIZE_IN_BYTES;
if ((DataInSize % hash_block_size_in_bytes) == 0) {
symRc = SymDriverAdaptorProcess((struct sep_ctx_generic *)pHashContext,
DataIn_ptr, NULL, DataInSize);
if (symRc != DX_RET_OK) {
return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysHashErr);
}
} else { /* this is the last block */
pHashPrivContext->isLastBlockProcessed = 1;
symRc = SymDriverAdaptorFinalize((struct sep_ctx_generic *)pHashContext,
DataIn_ptr, NULL, DataInSize);
if (symRc != DX_RET_OK) {
return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysHashErr);
}
}
//PRINT_INFO("--->NOW leave CRYS_HASH_Update\n");
return CRYS_OK;
}
/**
* This function finalizes the HMAC processing of a data block.
* The function receives as input a handle to the HMAC Context that was previously initialized
* by a CRYS_HMAC_Init function or by a CRYS_HMAC_Update function.
* This function finishes the HASH operation on the ipad and text, and then
* executes a new HASH operation with the key XOR opad and the previous HASH operation result.
*
* @param[in] ContextID_ptr - A pointer to the HMAC context buffer allocated by the user
* that is used for the HMAC machine operation.
*
* @retval HmacResultBuff - A pointer to the target buffer where the
* HMAC result stored in the context is loaded to.
*
* @return CRYSError_t - On success the function returns CRYS_OK,
* and on failure a non-ZERO error.
*/
CIMPORT_C CRYSError_t CRYS_HMAC_Finish( CRYS_HMACUserContext_t *ContextID_ptr,
CRYS_HASH_Result_t HmacResultBuff )
{
struct sep_ctx_hmac *pHmacContext;
CRYS_HMACPrivateContext_t *pHmacPrivContext;
int symRc = DX_RET_OK;
uint32_t hmacDigesSize;
/* if the users context ID pointer is DX_NULL return an error */
if( ContextID_ptr == DX_NULL ) {
return CRYS_HMAC_INVALID_USER_CONTEXT_POINTER_ERROR;
}
/* check validity for priv */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_HMACUserContext_t))) {
return CRYS_HMAC_ILLEGAL_PARAMS_ERROR;
}
/* Get pointer to contiguous context in the HOST buffer */
pHmacContext = (struct sep_ctx_hmac *)DX_GetUserCtxLocation(ContextID_ptr->buff);
pHmacPrivContext = (CRYS_HMACPrivateContext_t *)&(((uint32_t*)pHmacContext)[CRYS_HMAC_USER_CTX_ACTUAL_SIZE_IN_WORDS-1]);
/* check validity for priv */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, pHmacContext, sizeof(struct sep_ctx_hmac))) {
return CRYS_HMAC_ILLEGAL_PARAMS_ERROR;
}
if (pHmacPrivContext->isLastBlockProcessed == 0) {
symRc = SymDriverAdaptorFinalize((struct sep_ctx_generic *)pHmacContext, NULL, NULL, 0);
if (symRc != DX_RET_OK) {
return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysHmacErr);
}
}
switch(pHmacContext->mode){
case SEP_HASH_SHA1:
hmacDigesSize = SEP_SHA1_DIGEST_SIZE;
break;
case SEP_HASH_SHA224:
hmacDigesSize = SEP_SHA224_DIGEST_SIZE;
break;
case SEP_HASH_SHA256:
hmacDigesSize = SEP_SHA256_DIGEST_SIZE;
break;
case SEP_HASH_SHA384:
hmacDigesSize = SEP_SHA384_DIGEST_SIZE;
break;
case SEP_HASH_SHA512:
hmacDigesSize = SEP_SHA512_DIGEST_SIZE;
break;
default:
hmacDigesSize = -1;
break;
}
DX_PAL_MemCopy(HmacResultBuff, pHmacContext->digest, hmacDigesSize);
return CRYS_OK;
}
CIMPORT_C CRYSError_t CRYS_HMAC_Update(CRYS_HMACUserContext_t *ContextID_ptr,
DxUint8_t *DataIn_ptr,
DxUint32_t DataInSize )
{
struct sep_ctx_hmac *pHmacContext;
CRYS_HMACPrivateContext_t *pHmacPrivContext;
int symRc = DX_RET_OK;
uint32_t blockSizeBytes;
/* if the users context ID pointer is DX_NULL return an error */
if( ContextID_ptr == DX_NULL ) {
return CRYS_HMAC_INVALID_USER_CONTEXT_POINTER_ERROR;
}
/* if the users Data In pointer is illegal and the size is not 0 return an error */
if( (DataIn_ptr == DX_NULL) && DataInSize ) {
return CRYS_HMAC_DATA_IN_POINTER_INVALID_ERROR;
}
/* if the data size is zero no need to execute an update , return CRYS_OK */
if( DataInSize == 0 ) {
return CRYS_OK;
}
/* check validity for priv */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_HMACUserContext_t))) {
return CRYS_HMAC_ILLEGAL_PARAMS_ERROR;
}
/* Get pointer to contiguous context in the HOST buffer */
pHmacContext = (struct sep_ctx_hmac *)DX_GetUserCtxLocation(ContextID_ptr->buff);
pHmacPrivContext = (CRYS_HMACPrivateContext_t *)&(((uint32_t*)pHmacContext)[CRYS_HMAC_USER_CTX_ACTUAL_SIZE_IN_WORDS-1]);
if (pHmacPrivContext->isLastBlockProcessed != 0) {
return CRYS_HMAC_LAST_BLOCK_ALREADY_PROCESSED_ERROR;
}
blockSizeBytes = GetHmacBlocktSize(pHmacContext->mode);
if ((DataInSize % blockSizeBytes) == 0) {
symRc = SymDriverAdaptorProcess((struct sep_ctx_generic *)pHmacContext,
DataIn_ptr, NULL, DataInSize);
if (symRc != DX_RET_OK) {
return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysHmacErr);
}
} else { /* this is the last block */
pHmacPrivContext->isLastBlockProcessed = 1;
symRc = SymDriverAdaptorFinalize((struct sep_ctx_generic *)pHmacContext,
DataIn_ptr, NULL, DataInSize);
if (symRc != DX_RET_OK) {
return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysHmacErr);
}
}
return CRYS_OK;
}
CEXPORT_C CRYSError_t CRYS_HASH_Finish( CRYS_HASHUserContext_t* ContextID_ptr,
CRYS_HASH_Result_t HashResultBuff )
{
struct sep_ctx_hash *pHashContext;
CRYS_HASHPrivateContext_t *pHashPrivContext;
int symRc = DX_RET_OK;
//PRINT_INFO("--->NOW enter into CRYS_HASH_Finish\n");
if ( ContextID_ptr == DX_NULL ) {
return CRYS_HASH_INVALID_USER_CONTEXT_POINTER_ERROR;
}
if ( HashResultBuff == DX_NULL ) {
return CRYS_HASH_INVALID_RESULT_BUFFER_POINTER_ERROR;
}
/* check validity for priv */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_HASHUserContext_t))) {
return CRYS_HASH_ILLEGAL_PARAMS_ERROR;
}
/* Get pointer to contiguous context in the HOST buffer */
pHashContext = (struct sep_ctx_hash *)DX_GetUserCtxLocation(ContextID_ptr->buff);
pHashPrivContext = (CRYS_HASHPrivateContext_t *)&(((uint32_t*)pHashContext)[CRYS_HASH_USER_CTX_ACTUAL_SIZE_IN_WORDS-1]);
/* check access permission for applet */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, HashResultBuff, sizeof(struct sep_ctx_hash))) {
return CRYS_HASH_ILLEGAL_PARAMS_ERROR;
}
if (pHashPrivContext->isLastBlockProcessed == 0) {
symRc = SymDriverAdaptorFinalize((struct sep_ctx_generic *)pHashContext, NULL, NULL, 0);
if (symRc != DX_RET_OK) {
return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysHashErr);
}
}
/* Copy the result to the user buffer */
DX_PAL_MemCopy(HashResultBuff, pHashContext->digest, CRYS_HASH_RESULT_SIZE_IN_WORDS*sizeof(DxUint32_t));
return CRYS_OK;
}
/*!
* This function is used to finish the combined or tunneling operations
* It releases all used contexts (including suboperation ones).
*
* \param pConfig A pointer to the Configuration Nodes array (NodesConfig).
* This array represents the user combined scheme.
* \param cipherOffset Relevant in cases where the authenticated data resides in
* a different offset from the cipher data.
* Note: currently an error returned for any value other than zero.
* \param pDataIn A pointer on a block of input data ready for processing.
* \param dataInSize The size of the input data.
* \param pDataOut A pointer to output data. Could be the same as input data pointer
* (for inplace operations) or NULL if there is only
* authentication for output.
* \param pAuthDataOut A pointer to authenticated or digested output result.
*
* \return CIMPORT_C CRYSError_t On success the value CRYS_OK is returned,
* and on failure - a value from crys_combined_error.h
*/
CIMPORT_C CRYSError_t CRYS_Combined_Finish(
CrysCombinedConfig_t *pConfig,
uint32_t cipherOffset,
uint8_t *pDataIn,
uint32_t dataInSize,
uint8_t *pDataOut,
uint8_t *pAuthDataOut,
uint32_t *pAuthDataOutSize)
{
CRYS_COMBINED_UserContext_t combinedUsrCtx;
struct sep_ctx_combined *pcombinedCtx;
CRYSError_t crysErr = CRYS_OK;
int symRc = DX_RET_OK;
/* parameters check */
if (pConfig == DX_NULL) {
return CRYS_COMBINED_INVALID_NODES_CONFIG_POINTER_ERROR;
}
if (cipherOffset != 0) {
/*currently cipher address must be equal to the auth address*/
return CRYS_COMBINED_ILLEGAL_OPERATION_MODE_ERROR;
}
/* check validity for priv */
if ( DxCcAcl_IsBuffAccessOk(ACCESS_READ, pConfig, sizeof(CrysCombinedConfig_t)) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, pAuthDataOutSize, sizeof(uint32_t)) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, pAuthDataOut, *pAuthDataOutSize)) {
return CRYS_COMBINED_ILLEGAL_PARAMS_ERROR;
}
/* Get pointer to contiguous context in the HOST buffer */
pcombinedCtx = (struct sep_ctx_combined *)DX_InitUserCtxLocation(combinedUsrCtx.buff,
sizeof(CRYS_COMBINED_UserContext_t),
sizeof(struct sep_ctx_combined));
InitCombinedContext(pcombinedCtx, pConfig);
if ((pcombinedCtx->mode != SEP_COMBINED_DIN_TO_AES_TO_AES_TO_DOUT_MODE) &&
(pAuthDataOutSize == DX_NULL)) {
return CRYS_COMBINED_DATA_AUTH_BUFFER_SIZE_INVALID_ERROR;
}
switch (pcombinedCtx->mode) {
case SEP_COMBINED_DIN_TO_AES_TO_HASH_MODE:
case SEP_COMBINED_DIN_TO_AES_AND_HASH_MODE:
case SEP_COMBINED_DIN_TO_AES_TO_HASH_AND_DOUT_MODE:
if (pAuthDataOut == NULL) {
return CRYS_COMBINED_DATA_AUTH_POINTER_INVALID_ERROR;
}
break;
case SEP_COMBINED_DIN_TO_AES_TO_AES_TO_DOUT_MODE:
break;
default:
return CRYS_COMBINED_ILLEGAL_OPERATION_MODE_ERROR;
}
crysErr = ValidateSupportedModes(pcombinedCtx);
if (crysErr != CRYS_OK) {
return crysErr;
}
symRc = SymDriverAdaptorFinalize((struct sep_ctx_generic *)pcombinedCtx,
pDataIn, pDataOut, dataInSize);
if (symRc != DX_RET_OK) {
return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysCombinedErr);
}
switch (pcombinedCtx->mode) {
case SEP_COMBINED_DIN_TO_AES_TO_HASH_MODE:
case SEP_COMBINED_DIN_TO_AES_AND_HASH_MODE:
case SEP_COMBINED_DIN_TO_AES_TO_HASH_AND_DOUT_MODE:
{
struct sep_ctx_hash *pHashCtx = (struct sep_ctx_hash *)pcombinedCtx->sub_ctx[1];
uint32_t digestSize;
crysErr = GetHashDigestSize(pHashCtx->mode, &digestSize);
if (crysErr != CRYS_OK) {
return CRYS_COMBINED_HASH_DIGEST_SIZE_ERROR;
}
if ((digestSize == 0) || (*pAuthDataOutSize < digestSize)) {
return CRYS_COMBINED_DATA_AUTH_BUFFER_SIZE_INVALID_ERROR;
}
/* set the digest length out and copy digest result */
*pAuthDataOutSize = digestSize;
DX_PAL_MemCopy( pAuthDataOut, pHashCtx->digest, *pAuthDataOutSize );
break;
}
case SEP_COMBINED_DIN_TO_AES_TO_AES_TO_DOUT_MODE:
break;
default:
return CRYS_COMBINED_ILLEGAL_OPERATION_MODE_ERROR;
}
return CRYS_OK;
}
