Software APIs
dif_aes.h
Go to the documentation of this file.
1// Copyright lowRISC contributors (OpenTitan project).
2// Licensed under the Apache License, Version 2.0, see LICENSE for details.
3// SPDX-License-Identifier: Apache-2.0
4
5#ifndef OPENTITAN_SW_DEVICE_LIB_DIF_DIF_AES_H_
6#define OPENTITAN_SW_DEVICE_LIB_DIF_DIF_AES_H_
7
8#include <stdbool.h>
9#include <stdint.h>
10
11#include "sw/device/lib/base/macros.h"
12#include "sw/device/lib/base/mmio.h"
13#include "sw/device/lib/dif/dif_base.h"
14
15#include "sw/device/lib/dif/autogen/dif_aes_autogen.h"
16
17#ifdef __cplusplus
18extern "C" {
19#endif // __cplusplus
20
21/**
22 *
23 * @file
24 * @brief <a href="/book/hw/ip/aes/">AES</a> Device Interface Functions
25 *
26 * This API assumes transactional nature of work, where the peripheral is
27 * configured once per message (data consisting of 1..N 128-bit blocks), and
28 * then "de-initialised" when this message has been fully encrypted/decrypted.
29 *
30 * The peripheral is configured through one of the cipher mode "start"
31 * functions:
32 * `dif_aes_start_ecb`, `dif_aes_start_cbc`, ... .
33 *
34 * Then the encryption/decryption data is fed one 128-bit block at the
35 * time through `dif_aes_load_data` function. The cipher mode operation details
36 * are described in the description of above mentioned "start" functions. When
37 * configured in "automatic" operation mode, every "load data" call, will
38 * trigger encryption/decryption. This is not true when in "manual" operation
39 * mode, where encryption/decryption is triggered by explicitly setting the
40 * `aes.TRIGGER.START` flag through `dif_aes_trigger` call.
41 *
42 * When an entire requested message has been processed the internal state of
43 * AES registers must be securely cleared, by calling `dif_aes_end`.
44 *
45 * Please see the following documentation for further information:
46 * https://opentitan.org/book/hw/ip/aes/
47 * https://csrc.nist.gov/csrc/media/publications/fips/197/final/documents/fips-197.pdf
48 * https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf
49 */
50
51/**
52 * A typed representation of the AES key share.
53 *
54 * Two part masked AES key, where XOR operation of these two parts results in
55 * the actual key.
56 */
57typedef struct dif_aes_key_share {
58 /**
59 * One share of the key that when XORed with `share1` results in the actual
60 * key.
61 */
62 uint32_t share0[8];
63 /**
64 * One share of the key that when XORed with `share0` results in the actual
65 * key.
66 */
67 uint32_t share1[8];
68} dif_aes_key_share_t;
69
70/**
71 * A typed representation of the AES Initialisation Vector (IV).
72 */
73typedef struct dif_aes_iv {
74 uint32_t iv[4];
75} dif_aes_iv_t;
76
77/**
78 * A typed representation of the AES data.
79 */
80typedef struct dif_aes_data {
81 uint32_t data[4];
82} dif_aes_data_t;
83
84/**
85 * AES operation.
86 */
87typedef enum dif_aes_operation {
88 /**
89 * AES encryption.
90 */
91 kDifAesOperationEncrypt = 1,
92 /**
93 * AES decryption.
94 */
95 kDifAesOperationDecrypt = 2,
96} dif_aes_operation_t;
97
98/**
99 * AES block cipher mode of operation.
100 */
101typedef enum dif_aes_mode {
102 /**
103 * The Electronic Codebook Mode.
104 * In ECB cipher mode the key must be changed for every new block of data.
105 * This is the only secure way to use ECB cipher mode.
106 *
107 * Note: The ECB cipher mode doesn't use the iv parameter of the
108 * `dif_aes_start` function.
109 *
110 * Note: it is discouraged to use this cipher mode, due to impractical amount
111 * of different keys required to encrypt/decrypt multi-block messages.
112 */
113 kDifAesModeEcb = 1,
114
115 /**
116 * The Cipher Block Chaining Mode.
117 *
118 * In CBC cipher mode, the same key can be used for all messages, however
119 * new Initialisation Vector (IV) must be generated for any new message. The
120 * following condition must be true:
121 * The IV must be unpredictable (it must not be possible to predict the IV
122 * that will be associated to the plaintext in advance of the generation
123 * of the IV).
124 *
125 * With key length less than 256 bits, the excess portion of the `key` can be
126 * written with any data (preferably random).
127 */
128 kDifAesModeCbc = (1 << 1),
129
130 /**
131 * The Cipher Feedback Mode.
132 *
133 * In CFB cipher mode, the same key can be used for all messages, however
134 * new Initialisation Vector (IV) must be generated for any new message. The
135 * following condition must be true:
136 * The IV must be unpredictable (it must not be possible to predict the IV
137 * that will be associated to the plaintext in advance of the generation
138 * of the IV).
139 *
140 * With key length less than 256 bits, the excess portion of the `key` can be
141 * written with any data (preferably random).
142 */
143 kDifAesModeCfb = (1 << 2),
144
145 /**
146 * The Output Feedback Mode.
147 *
148 * In OFB cipher mode, the same key can be used for all messages, and the
149 * Initialization Vector (IV) need NOT be unpredictable. The following
150 * conditions must be true:
151 * OFB mode requires a unique initialization vector for every message that
152 * is ever encrypted under a given key, across all messages.
153 *
154 * With key length less than 256 bits, the excess portion of the `key` can be
155 * written with any data (preferably random).
156 */
157 kDifAesModeOfb = (1 << 3),
158
159 /**
160 * The Counter Mode.
161 *
162 * In CTR cipher mode, the same key can be used for all messages, if the
163 * following condition is true:
164 * CTR mode requires a unique counter block for each plaintext block that
165 * is ever encrypted under a given key, across all messages.
166 *
167 * With key length less than 256 bits, the excess portion of the `key` can be
168 * written with any data (preferably random).
169 */
170 kDifAesModeCtr = (1 << 4),
171
172 /**
173 * The Galois/Counter Mode.
174 */
175 kDifAesModeGcm = (1 << 5),
176} dif_aes_mode_t;
177
178/**
179 * AES key length in bits.
180 */
181typedef enum dif_aes_key_length {
182 /**
183 * 128 bit wide AES key.
184 */
185 kDifAesKey128 = 1,
186 /**
187 * 192 bit wide AES key.
188 */
189 kDifAesKey192 = (1 << 1),
190 /**
191 * 256 bit wide AES key.
192 */
193 kDifAesKey256 = (1 << 2)
194} dif_aes_key_length_t;
195
196/**
197 * AES manual operation.
198 */
199typedef enum dif_aes_manual_operation {
200 /**
201 * AES operates in automatic mode - which means that the encryption/decryption
202 * is automatically triggered on every successful `dif_aes_*_load_data()`.
203 */
204 kDifAesManualOperationAuto = 0,
205 /**
206 * AES operates in manual mode - which means that the encryption/decryption
207 * is manually triggered by `dif_aes_trigger(kDifAesTriggerStart)`.
208 */
209 kDifAesManualOperationManual,
210} dif_aes_manual_operation_t;
211
212/**
213 * AES key sideloaded.
214 *
215 * Controls whether the AES uses the key provided by the key manager or
216 * software.
217 */
218typedef enum dif_aes_key_provider {
219 /**
220 * The key is provided by software via `dif_aes_key_share_t`.
221 */
222 kDifAesKeySoftwareProvided = 0,
223 /**
224 * The key be provided by the key manager.
225 */
226 kDifAesKeySideload,
227} dif_aes_key_provider_t;
228
229/**
230 * AES reseeding rate
231 *
232 * Controls the reseeding rate of the internal pseudo-random number generator
233 * (PRNG) used for masking.
234 */
235typedef enum dif_aes_mask_reseeding {
236 /**
237 * The masking PRNG will be reseed every block.
238 */
239 kDifAesReseedPerBlock = 1 << 0,
240 /**
241 * The masking PRNG will be reseed every 64 blocks.
242 */
243 kDifAesReseedPer64Block = 1 << 1,
244 /**
245 * The masking PRNG will be reseed every 8192 blocks.
246 */
247 kDifAesReseedPer8kBlock = 1 << 2,
248} dif_aes_mask_reseeding_t;
249
250/**
251 * Parameters for an AES transaction.
252 */
253typedef struct dif_aes_transaction {
254 dif_aes_operation_t operation;
255 dif_aes_mode_t mode;
256 dif_aes_key_length_t key_len;
257 dif_aes_manual_operation_t manual_operation;
258 dif_aes_key_provider_t key_provider;
259 dif_aes_mask_reseeding_t mask_reseeding;
260 /**
261 * If true the internal pseudo-random number generators used for clearing and
262 * masking will be reseeded every time the key changes.
263 */
264 bool reseed_on_key_change;
265 /**
266 * If true, the internal pseudo-random number generator used for masking is
267 * not advancing leading to constant masks.
268 *
269 * NOTE: This should only be used for development purpose (SCA), and is
270 * expected to be removed for the production version.
271 */
272 bool force_masks;
273 /**
274 * If true `reseed_on_key_change` and `force_masks` will be locked until the
275 * device is reset.
276 */
277 bool ctrl_aux_lock;
278} dif_aes_transaction_t;
279
280/**
281 * Resets an instance of AES.
282 *
283 * Clears the internal state along with the interface registers.
284 *
285 * @param aes AES state data.
286 * @return The result of the operation.
287 */
288OT_WARN_UNUSED_RESULT
289dif_result_t dif_aes_reset(const dif_aes_t *aes);
290
291/**
292 * Begins an AES transaction in the mode selected by the `transaction->mode`.
293 *
294 * Each call to this function should be sequenced with a call to
295 * `dif_aes_end()`.
296 *
297 * The peripheral must be in IDLE state for this operation to take effect, and
298 * will return `kDifAesBusy` if this condition is not met.
299 *
300 * @param aes AES state data.
301 * @param transaction Configuration data.
302 * @param key Encryption/decryption key when `kDifAesKeySoftwareProvided`, can
303 * be `NULL` otherwise.
304 * @param iv Initialization vector when the mode isn't `kDifAesModeEcb`, can be
305 * `NULL` otherwise.
306 * @return The result of the operation.
307 */
308OT_WARN_UNUSED_RESULT
309dif_result_t dif_aes_start(const dif_aes_t *aes,
310 const dif_aes_transaction_t *transaction,
311 const dif_aes_key_share_t *key,
312 const dif_aes_iv_t *iv);
313/**
314 * Ends an AES transaction.
315 *
316 * This function must be called at the end of every `dif_aes_<mode>_start`
317 * operation.
318 *
319 * The peripheral must be in IDLE state for this operation to take effect, and
320 * will return `kDifAesEndBusy` if this condition is not met.
321 *
322 * @param aes AES state data.
323 * @return The result of the operation.
324 */
325OT_WARN_UNUSED_RESULT
326dif_result_t dif_aes_end(const dif_aes_t *aes);
327
328/**
329 * Loads AES Input Data.
330 *
331 * This function will trigger encryption/decryption when configured in
332 * the automatic operation mode.
333 *
334 * The peripheral must be able to accept the input (INPUT_READY set), and
335 * will return `kDifAesLoadDataBusy` if this condition is not met.
336 *
337 * @param aes AES state data.
338 * @param data AES Input Data.
339 * @return The result of the operation.
340 */
341OT_WARN_UNUSED_RESULT
342dif_result_t dif_aes_load_data(const dif_aes_t *aes, const dif_aes_data_t data);
343
344/**
345 * Reads AES Output Data.
346 *
347 * The peripheral must have finished previous encryption/decryption operation,
348 * and have valid data in the output registers (OUTPUT_VALID set), and will
349 * return `kDifAesReadOutputInvalid` if this condition is not met.
350 *
351 * @param aes AES state data.
352 * @param data AES Output Data.
353 * @return The result of the operation.
354 */
355OT_WARN_UNUSED_RESULT
356dif_result_t dif_aes_read_output(const dif_aes_t *aes, dif_aes_data_t *data);
357
358/**
359 * Puts the AES GCM into the provided phase.
360 *
361 * @param aes AES state data.
362 * @param phase The AES GCM phase we want to enter.
363 * @param num_valid_bytes The number of valid bytes for the AES block.
364 * @return The result of the operation.
365 */
366OT_WARN_UNUSED_RESULT
367dif_result_t dif_aes_set_gcm_phase(const dif_aes_t *aes, uint32_t phase,
368 size_t num_valid_bytes);
369
370/**
371 * Loads len(aad) || len(ptx) into the AES-GCM.
372 *
373 * @param aes AES state data.
374 * @param len_ptx Number of plaintext bits.
375 * @param len_aad Number of AAD bits.
376 */
377OT_WARN_UNUSED_RESULT
378dif_result_t dif_aes_load_gcm_tag_len(const dif_aes_t *aes, uint64_t len_ptx,
379 uint64_t len_aad);
380
381/**
382 * Process a stream of data containing the plain text and output a stream of
383 * data with the cipher text.
384 *
385 * This function should be used when performance is desired. It requires the
386 * automatic operation mode activated.
387 *
388 * The peripheral must be able to accept the input (INPUT_READY set), and
389 * will return `kDifAesLoadDataBusy` if this condition is not met.
390 *
391 * @param aes AES handle.
392 * @param plain_text AES Input Data.
393 * @param cipher_text AES Output Data.
394 * @param block_amount The amount of blocks to be encrypted.
395 * @return The result of the operation.
396 */
397OT_WARN_UNUSED_RESULT
398dif_result_t dif_aes_process_data(const dif_aes_t *aes,
399 const dif_aes_data_t *plain_text,
400 dif_aes_data_t *cipher_text,
401 size_t block_amount);
402
403/**
404 * AES Trigger flags.
405 */
406typedef enum dif_aes_trigger {
407 /**
408 * Trigger encrypt/decrypt.
409 */
410 kDifAesTriggerStart = 0,
411 /**
412 * Clear key, Initialisation Vector/Initial Counter Value and input data.
413 */
414 kDifAesTriggerKeyIvDataInClear,
415 /**
416 * Clear Output Data registers.
417 */
418 kDifAesTriggerDataOutClear,
419 /**
420 * Perform reseed of the internal state.
421 */
422 kDifAesTriggerPrngReseed,
423} dif_aes_trigger_t;
424
425/**
426 * Triggers one of `dif_aes_trigger_t` operations.
427 *
428 * All the triggers are applicable to both (automatic and manual) modes, with
429 * the exception of `kDifAesTriggerStart`, which is ignored in automatic mode.
430 *
431 * @param aes AES state data.
432 * @param trigger AES trigger.
433 * @return The result of the operation.
434 */
435OT_WARN_UNUSED_RESULT
436dif_result_t dif_aes_trigger(const dif_aes_t *aes, dif_aes_trigger_t trigger);
437
438/**
439 * AES Status flags.
440 */
441typedef enum dif_aes_status {
442 /**
443 * Device is idle.
444 */
445 kDifAesStatusIdle = 0,
446 /**
447 * Device has stalled (only relevant in automatic
448 * operation mode). Output data overwrite
449 * protection.
450 */
451 kDifAesStatusStall,
452 /**
453 * Output data has been overwritten by the AES unit before the processor
454 * could fully read it. This bit is "sticky" for the entire duration of
455 * the current transaction.
456 */
457 kDifAesStatusOutputLost,
458 /**
459 * Device output is valid/ready. Denotes a
460 * successful encrypt or decrypt operation.
461 */
462 kDifAesStatusOutputValid,
463 /**
464 * Device Input Data registers can be written to
465 * (ready to accept new input data).
466 */
467 kDifAesStatusInputReady,
468 /**
469 * Fatal alert conditions include i) storage errors in the Control Register,
470 * and ii) if any internal FSM enters an invalid state.
471 */
472 kDifAesStatusAlertFatalFault,
473 /**
474 * Recoverable alert conditions include update errors in the Control Register.
475 */
476 kDifAesStatusAlertRecovCtrlUpdateErr,
477} dif_aes_status_t;
478
479/**
480 * Queries the AES status flags.
481 *
482 * @param aes AES state data.
483 * @param flag Status flag to query.
484 * @param[out] set Flag state (set/unset).
485 * @return The result of the operation.
486 */
487OT_WARN_UNUSED_RESULT
488dif_result_t dif_aes_get_status(const dif_aes_t *aes, dif_aes_status_t flag,
489 bool *set);
490
491/**
492 * Read the current initialization vector from its register.
493 *
494 * @param aes AES handle.
495 * @param iv The pointer to receive the initialization vector.
496 * @return The result of the operation.
497 */
498OT_WARN_UNUSED_RESULT
499dif_result_t dif_aes_read_iv(const dif_aes_t *aes, dif_aes_iv_t *iv);
500
501#ifdef __cplusplus
502} // extern "C"
503#endif // __cplusplus
504
505#endif // OPENTITAN_SW_DEVICE_LIB_DIF_DIF_AES_H_