Software APIs
sw
device
lib
dif
dif_keymgr_dpe.h
Go to the documentation of this file.
1
// Copyright lowRISC contributors (OpenTitan project).
2
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
3
// SPDX-License-Identifier: Apache-2.0
4
5
#ifndef OPENTITAN_SW_DEVICE_LIB_DIF_DIF_KEYMGR_DPE_H_
6
#define OPENTITAN_SW_DEVICE_LIB_DIF_DIF_KEYMGR_DPE_H_
7
8
/**
9
* @file
10
* @brief <a href="/hw/ip/keymgr_dpe/doc/">Key Manager DPE</a> Device Interface
11
* Functions
12
*/
13
14
#include <
stdint.h
>
15
16
#include "
sw/device/lib/base/macros.h
"
17
#include "
sw/device/lib/base/mmio.h
"
18
#include "
sw/device/lib/dif/dif_base.h
"
19
20
#include "
sw/device/lib/dif/autogen/dif_keymgr_dpe_autogen.h
"
21
22
#ifdef __cplusplus
23
extern
"C"
{
24
#endif
// __cplusplus
25
26
/**
27
* SW-visible key manager DPE states.
28
*
29
* Key manager RTL has more than 4 finite state machine (FSM) states, but it
30
* simply truncates the reported state into four states given below. The reason
31
* behind this truncation is that FSM lingers on some states temporarily (i.e.
32
* few clock cycles) and the transition into the next state does not require
33
* further invocation.
34
*
35
* From SW point of view, key manager FSM transitions follow a sequence
36
* sequential manner and these transitions are irreversible until a power cycle.
37
*/
38
typedef
enum
dif_keymgr_dpe_state
{
39
kDifKeymgrDpeStateReset = 0,
40
kDifKeymgrDpeStateAvailable = 1,
41
kDifKeymgrDpeStateDisabled = 2,
42
kDifKeymgrDpeStateInvalid = 3
43
}
dif_keymgr_dpe_state_t
;
44
45
/**
46
* Input parameters for advancing a DPE context/slot.
47
*/
48
typedef
struct
dif_keymgr_dpe_advance_params
{
49
/**
50
* This value is used by key manager as input to DICE computation and can be
51
* either a value that represents the measurement of a boot stage or simply a
52
* tag from a manifest.
53
*/
54
uint32_t
binding_value
[8];
55
56
/**
57
* Maximum allowed version for keys to be generated at a state. This value is
58
* stored inside keymgr slot so that it can later be compared against the
59
* `key_version` input provided along with generation request.
60
*/
61
uint32_t
max_key_version
;
62
63
/**
64
* The source slot to be used as parent DPE context.
65
*/
66
uint32_t
slot_src_sel
;
67
68
/**
69
* The destination slot which recieves the derived child DPE context.
70
*/
71
uint32_t
slot_dst_sel
;
72
73
/**
74
* The slot policy bits for the derived child DPE context.
75
*/
76
uint32_t
slot_policy
;
77
}
dif_keymgr_dpe_advance_params_t
;
78
79
/**
80
* Key destination of a versioned key generation operation.
81
*
82
* Regardless of whether the generated key is SW or sideload key, HW uses a
83
* unique diversification constant for each cryptographic use case. In the case
84
* of sideload key, this enum value is also used to determine the target
85
* peripheral port to which the generated key is loaded.
86
*/
87
typedef
enum
dif_keymgr_dpe_key_dest
{
88
/**
89
* Diversify the generated key for no HW IP (and don't sideload it).
90
*/
91
kDifKeymgrDpeKeyDestNone
= 0,
92
/**
93
* Diversify the generated key for AES (and load it to AES peripheral port if
94
* sideload key).
95
*/
96
kDifKeymgrDpeKeyDestAes
= 1,
97
/**
98
* Diversify the generated key for KMAC (and load it to KMAC peripheral port
99
* if sideload key).
100
*/
101
kDifKeymgrDpeKeyDestKmac
= 2,
102
/**
103
* Diversify the generated key for OTBN (and load it to OTBN peripheral port
104
* if sideload key).
105
*/
106
kDifKeymgrDpeKeyDestOtbn
= 3,
107
}
dif_keymgr_dpe_key_dest_t
;
108
109
/**
110
* Input parameters for advancing a DPE context/slot.
111
*/
112
typedef
struct
dif_keymgr_dpe_generate_params
{
113
/**
114
* Destination for {AES, KMAC, OTBN}, which is used for diversification.
115
*/
116
dif_keymgr_dpe_key_dest_t
key_dest
;
117
118
/**
119
* Set to true, if this is a sideload key, otherwise set to false.
120
*/
121
bool
sideload_key
;
122
123
/**
124
* Salt value used as input for key generation (i.e. becomes part of the
125
* message payload sent to KMAC during computation).
126
*/
127
uint32_t
salt
[8];
128
129
/**
130
* The key version used for generating versioned key. This value should not be
131
* greater than the `max_key_version` value stored inside the source slot that
132
* is used to generate the key.
133
*/
134
uint32_t
version
;
135
136
/**
137
* The source slot from which the key is derived.
138
*/
139
uint32_t
slot_src_sel
;
140
}
dif_keymgr_dpe_generate_params_t
;
141
142
/**
143
* Input parameters for erasing a DPE context/slot.
144
*/
145
typedef
struct
dif_keymgr_dpe_erase_params
{
146
/**
147
* Index for the slot to be erased.
148
*/
149
uint32_t
slot_dst_sel
;
150
}
dif_keymgr_dpe_erase_params_t
;
151
152
/**
153
* Useed to represent the output of SW generated key.
154
*/
155
typedef
struct
dif_keymgr_dpe_output
{
156
uint32_t value[2][8];
157
}
dif_keymgr_dpe_output_t
;
158
159
/**
160
* Status code bit flags.
161
*
162
* See also: `dif_keymgr_dpe_status_codes_t`.
163
*/
164
typedef
enum
dif_keymgr_dpe_status_code
{
165
/**
166
* Key manager is idle.
167
*/
168
kDifKeymgrDpeStatusCodeIdle
= 1 << 0,
169
/**
170
* Software invoked an invalid operation.
171
*/
172
kDifKeymgrDpeStatusCodeInvalidOperation
= 1 << 1,
173
/**
174
* Key manager issued invalid data to KMAC interface.
175
*/
176
kDifKeymgrDpeStatusCodeInvalidKmacInput
= 1 << 2,
177
/**
178
* Key manager encountered invalid state.
179
*/
180
kDifKeymgrDpeStatusCodeInvalidState
= 1 << 3,
181
182
}
dif_keymgr_dpe_status_code_t
;
183
184
/**
185
* Define mask for error fields of `dif_keymgr_dpe_status_code_t`.
186
*/
187
static
const
bitfield_field32_t
kIdleBitfield = (
bitfield_field32_t
){
188
.
mask
= 0x1,
189
.index = 0,
190
};
191
192
/**
193
* Define mask for idle field of `dif_keymgr_dpe_status_code_t`.
194
*/
195
static
const
bitfield_field32_t
kErrorBitfield = (
bitfield_field32_t
){
196
.
mask
= 0x7,
197
.index = 1,
198
};
199
200
/**
201
* A bit vector of status codes.
202
*
203
* The following snippet can be used to check if key manager is idle:
204
*
205
* `bool is_idle = (status_codes & kDifKeymgrDpeStatusCodeIdle);`
206
*
207
* The following snippet can be used to check if key manager is idle and
208
* error-free:
209
*
210
* `bool is_idle_and_ok = (status_codes == kDifKeymgrDpeStatusCodeIdle);`
211
*
212
* See also: `dif_keymgr_dpe_status_code_t`.
213
*/
214
typedef
uint8_t
dif_keymgr_dpe_status_codes_t
;
215
216
/**
217
* Initializes the keymgr_pde block by performing an advance operation.
218
*
219
* The hardware does not have an explicit initialize command. Initialization is
220
* simple the first advance call without software binding, max version or
221
* policy registers set. Use this call before calling
222
* `dif_keymgr_dpe_advance_state()`.
223
*
224
* @param keymgr_dpe A key manager handle.
225
* @param slot_dst_sel Target slot used to latch the UDS key.
226
* @return The result of the operation.
227
*/
228
dif_result_t
dif_keymgr_dpe_initialize
(
const
dif_keymgr_dpe_t
*keymgr_dpe,
229
uint32_t slot_dst_sel);
230
231
/**
232
* Advances a keymgr_dpe slot with given parameters.
233
*
234
* @param keymgr_dpe A key manager handle.
235
* @param params Struct to pass inputs consumed by HW during advance.
236
* @return The result of the operation.
237
*/
238
OT_WARN_UNUSED_RESULT
239
dif_result_t
dif_keymgr_dpe_advance_state
(
240
const
dif_keymgr_dpe_t
*keymgr_dpe,
241
const
dif_keymgr_dpe_advance_params_t
*params);
242
243
/**
244
* Erases a given keymgr_dpe slot.
245
*
246
* @param keymgr_dpe A key manager handle.
247
* @param params A struct that selects the slot to be erased.
248
* @return The result of the operation.
249
*/
250
OT_WARN_UNUSED_RESULT
251
dif_result_t
dif_keymgr_dpe_erase_slot
(
252
const
dif_keymgr_dpe_t
*keymgr_dpe,
253
const
dif_keymgr_dpe_erase_params_t
*params);
254
255
/**
256
* Generate a SW/HW key from a chosen keymgr_dpe slot.
257
*
258
* @param keymgr_dpe A key manager handle.
259
* @param params Struct to pass inputs consumed by HW generate operation.
260
* @return The result of the operation.
261
*/
262
OT_WARN_UNUSED_RESULT
263
dif_result_t
dif_keymgr_dpe_generate
(
264
const
dif_keymgr_dpe_t
*keymgr_dpe,
265
const
dif_keymgr_dpe_generate_params_t
*params);
266
267
/**
268
* Gets the operational status of keymgr_dpe.
269
*
270
* This function also clears OP_STATUS and ERR_CODE registers after reading
271
* them.
272
*
273
* @param keymgr_dpe A key manager handle.
274
* @param[out] status_codes Out-param for key manager status codes.
275
* @return The result of the operation.
276
*/
277
OT_WARN_UNUSED_RESULT
278
dif_result_t
dif_keymgr_dpe_get_status_codes
(
279
const
dif_keymgr_dpe_t
*keymgr_dpe,
280
dif_keymgr_dpe_status_codes_t
*status_codes);
281
282
/**
283
* Gets the current state of key manager.
284
*
285
* @param keymgr_dpe A key manager handle.
286
* @param[out] state Out-param for current key manager state.
287
* @return The result of the operation.
288
*/
289
OT_WARN_UNUSED_RESULT
290
dif_result_t
dif_keymgr_dpe_get_state
(
const
dif_keymgr_dpe_t
*keymgr_dpe,
291
uint32_t *state);
292
293
/**
294
* Read the value of SW generated key from its related CSR. It is the
295
* responsibility of the caller to check that key generation has completed.
296
*
297
* @param keymgr_dpe A key manager handle.
298
* @param[out] output The key value in two shares.
299
* @return The result of the operation.
300
*/
301
OT_WARN_UNUSED_RESULT
302
dif_result_t
dif_keymgr_dpe_read_output
(
const
dif_keymgr_dpe_t
*keymgr_dpe,
303
dif_keymgr_dpe_output_t
*output);
304
305
#ifdef __cplusplus
306
}
// extern "C"
307
#endif
// __cplusplus
308
309
#endif
// OPENTITAN_SW_DEVICE_LIB_DIF_DIF_KEYMGR_DPE_H_
Return to
OpenTitan Documentation