Software APIs
sw
device
lib
dif
dif_hmac.h
Go to the documentation of this file.
1
// Copyright lowRISC contributors (OpenTitan project).
2
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
3
// SPDX-License-Identifier: Apache-2.0
4
5
#ifndef OPENTITAN_SW_DEVICE_LIB_DIF_DIF_HMAC_H_
6
#define OPENTITAN_SW_DEVICE_LIB_DIF_DIF_HMAC_H_
7
8
/**
9
* @file
10
* @brief <a href="/hw/ip/hmac/doc/">HMAC</a> Device Interface Functions
11
*/
12
13
#include <
stddef.h
>
14
#include <
stdint.h
>
15
16
#include "
sw/device/lib/base/macros.h
"
17
#include "
sw/device/lib/base/mmio.h
"
18
#include "
sw/device/lib/dif/dif_base.h
"
19
20
#include "
sw/device/lib/dif/autogen/dif_hmac_autogen.h
"
21
22
#ifdef __cplusplus
23
extern
"C"
{
24
#endif
// __cplusplus
25
26
/**
27
* Supported HMAC modes of operation.
28
*/
29
typedef
enum
dif_hmac_mode
{
30
/** The HMAC mode. */
31
kDifHmacModeHmac
= 0,
32
/** The SHA256-only mode. */
33
kDifHmacModeSha256
,
34
}
dif_hmac_mode_t
;
35
36
/**
37
* Supported byte endienness options.
38
*/
39
typedef
enum
dif_hmac_endianness
{
40
/** Big endian byte ordering. */
41
kDifHmacEndiannessBig
= 0,
42
/** Little endian byte ordering. */
43
kDifHmacEndiannessLittle
,
44
}
dif_hmac_endianness_t
;
45
46
/**
47
* HMAC key length in bits.
48
*/
49
typedef
enum
dif_hmac_key_length
{
50
kDifHMACKey128 = 1,
51
kDifHMACKey256 = (1 << 1),
52
kDifHMACKey384 = (1 << 2),
53
kDifHMACKey512 = (1 << 3),
54
kDifHMACKey1024 = (1 << 4),
55
}
dif_hmac_key_length_t
;
56
57
/**
58
* SHA-2 digest size
59
*/
60
typedef
enum
dif_sha2_digest_size
{
61
kDifSHA256 = (1 << 1),
62
kDifSHA384 = (1 << 2),
63
kDifSHA512 = (1 << 3),
64
}
dif_sha2_digest_size_t
;
65
66
/**
67
* Configuration for a single HMAC Transaction
68
*/
69
typedef
struct
dif_hmac_transaction
{
70
/** Byte endianness for writes to the FIFO. */
71
dif_hmac_endianness_t
message_endianness
;
72
/** Byte endianness for reads from the digest. */
73
dif_hmac_endianness_t
digest_endianness
;
74
/** SHA-2 digest size. */
75
dif_sha2_digest_size_t
digest_size
;
76
/** HMAC key length. */
77
dif_hmac_key_length_t
key_length
;
78
}
dif_hmac_transaction_t
;
79
80
/**
81
* A typed representation of the HMAC digest.
82
*/
83
typedef
struct
dif_hmac_digest
{
84
uint32_t digest[8];
85
}
dif_hmac_digest_t
;
86
87
/**
88
* Resets the HMAC engine and readies it to receive a new message to process an
89
* HMAC digest.
90
*
91
* This function causes the HMAC engine to start its operation. After a
92
* successful call to this function, |dif_hmac_fifo_push()| can be called to
93
* write the message for HMAC processing.
94
*
95
* This function should be called with a valid `key` that references a 32-byte,
96
* contiguous, readable region where the key may be copied from. Passing a
97
* `NULL` `key` reference will skip loading of the key. This is only expected to
98
* be used to test scenarios where the key is not loaded.
99
*
100
* @param hmac The HMAC device to start HMAC operation for.
101
* @param key The 256-bit HMAC key.
102
* @param config The per-transaction configuration.
103
* @return The result of the operation.
104
*/
105
OT_WARN_UNUSED_RESULT
106
dif_result_t
dif_hmac_mode_hmac_start
(
const
dif_hmac_t
*hmac,
107
const
uint8_t *key,
108
const
dif_hmac_transaction_t
config);
109
110
/**
111
* Resets the HMAC engine and readies it to receive a new message to process a
112
* SHA256 digest.
113
*
114
* This function causes the HMAC engine to start its operation. After a
115
* successful call to this function, |dif_hmac_fifo_push()| can be called to
116
* write the message for SHA256 processing.
117
*
118
* @param hmac The HMAC device to start SHA256 operation for.
119
* @param config The per-transaction configuration.
120
* @return The result of the operation.
121
*/
122
OT_WARN_UNUSED_RESULT
123
dif_result_t
dif_hmac_mode_sha256_start
(
const
dif_hmac_t
*hmac,
124
const
dif_hmac_transaction_t
config);
125
126
/**
127
* Attempts to send `len` bytes from the buffer pointed to by `data` to the
128
* device described by `hmac`. This function will send to the message FIFO until
129
* the FIFO fills up or `len` bytes have been sent.
130
*
131
* In the event that the FIFO fills up before `len` bytes have been sent this
132
* function will return a `kDifHmacFifoFull` error. In this case it is valid
133
* to call this function again by advancing `data` by `len` - |*bytes_sent|
134
* bytes. It may be desirable to wait for space to free up on the FIFO before
135
* issuing subsequent calls to this function, but it is not strictly
136
* necessary. The number of entries in the FIFO can be queried with
137
* `dif_hmac_fifo_count_entries()`.
138
*
139
* `data` *must* point to an allocated buffer of at least length `len`.
140
*
141
* @param hmac The HMAC device to send to.
142
* @param data A contiguous buffer to copy from.
143
* @param len The length of the buffer to copy from.
144
* @param[out] bytes_sent The number of bytes sent to the FIFO (optional).
145
* @return The result of the operation.
146
*/
147
OT_WARN_UNUSED_RESULT
148
dif_result_t
dif_hmac_fifo_push
(
const
dif_hmac_t
*hmac,
const
void
*data,
149
size_t
len,
size_t
*bytes_sent);
150
151
/**
152
* Retrieves the number of entries in the HMAC FIFO. These entries may be
153
* semi-arbitrary in length; this function should not be used to calculate
154
* message length.
155
*
156
* @param hmac The HMAC device to get the FIFO depth for.
157
* @param[out] num_entries The number of entries in the FIFO.
158
* @return The result of the operation.
159
*/
160
OT_WARN_UNUSED_RESULT
161
dif_result_t
dif_hmac_fifo_count_entries
(
const
dif_hmac_t
*hmac,
162
uint32_t *num_entries);
163
164
/**
165
* Retrieves the number of bits in the loaded HMAC device.
166
* `dif_hmac_fifo_count_entries()` should be called before this function to
167
* ensure the FIFO is empty, as any bits in the FIFO are not counted in
168
* `msg_len`.
169
*
170
* @param hmac The HMAC device to get the message length for.
171
* @param[out] msg_len The number of bits in the HMAC message.
172
* @return The result of the operation.
173
*/
174
OT_WARN_UNUSED_RESULT
175
dif_result_t
dif_hmac_get_message_length
(
const
dif_hmac_t
*hmac,
176
uint64_t *msg_len);
177
178
/**
179
* Attempts to run HMAC or SHA256 depending on the mode `hmac` was initialized
180
* in. Calls to this function always succeed and return without blocking. The
181
* caller can use `dif_hmac_check_state()` to check for errors and for the
182
* `DIF_HMAC_DONE` status before reading the digest with
183
* `dif_hmac_digest_read()`.
184
*
185
* @param hmac The HMAC device to initiate the run on.
186
* @return The result of the operation.
187
*/
188
OT_WARN_UNUSED_RESULT
189
dif_result_t
dif_hmac_process
(
const
dif_hmac_t
*hmac);
190
191
/**
192
* Attempts to finish a transaction started with `dif_hmac_mode_*_start`, and
193
* reads the final digest in the buffer referenced by `digest`.
194
*
195
* This queries the `INTR_STATE` register to check if the HMAC is finished, and
196
* will acknowledge a `hmac_done` interrupt. If that register is not pending,
197
* then this function assumes HMAC is still processing and will return
198
* `kDifHmacErrorDigestProcessing`.
199
*
200
* `digest` must reference an allocated, contiguous, 32-byte buffer. This buffer
201
* shall also be 4-byte aligned. This is all consistent with the platform
202
* requirements for size and alignment requirements of `dif_hmac_digest_t`.
203
*
204
* @param hmac The HMAC device to read the digest from.
205
* @param disable_after_done If true, the HMAC and SHA256 datapaths will be
206
* disabled after the digest is read, clearing the digest registers.
207
* @param[out] digest A contiguous 32-byte, 4-byte aligned buffer for the
208
* digest.
209
* @return The result of the operation.
210
*/
211
OT_WARN_UNUSED_RESULT
212
dif_result_t
dif_hmac_finish
(
const
dif_hmac_t
*hmac,
bool
disable_after_done,
213
dif_hmac_digest_t
*digest);
214
215
/**
216
* Randomizes internal secret registers on the HMAC device. This includes the
217
* key, hash value, and internal state machine. The value of `entropy` will be
218
* used to "randomize" the internal state of the HMAC device. See the HMAC IP
219
* documentation for more information: hw/ip/hmac/doc.
220
*
221
* @param hmac The HMAC device to clobber state on.
222
* @param entropy A source of randomness to write to the HMAC internal state.
223
* @param[out] digest The resulting digest from the wipe operation.
224
* @return The result of the operation.
225
*/
226
OT_WARN_UNUSED_RESULT
227
dif_result_t
dif_hmac_wipe_secret
(
const
dif_hmac_t
*hmac, uint32_t entropy,
228
dif_hmac_digest_t
*digest);
229
230
#ifdef __cplusplus
231
}
// extern "C"
232
#endif
// __cplusplus
233
234
#endif
// OPENTITAN_SW_DEVICE_LIB_DIF_DIF_HMAC_H_
Return to
OpenTitan Documentation