Software APIs
ownership_key.h
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_OWNERSHIP_KEY_H_
6 #define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_OWNERSHIP_KEY_H_
7 
8 #include "sw/device/lib/base/hardened.h"
9 #include "sw/device/lib/base/memory.h"
10 #include "sw/device/silicon_creator/lib/drivers/hmac.h"
11 #include "sw/device/silicon_creator/lib/error.h"
12 #include "sw/device/silicon_creator/lib/ownership/datatypes.h"
13 
14 /**
15  * The OwnershipNoOwnerRecoveryKey is a silicon_creator key that allows
16  * recovery of a device should it get into the Recovery state (ie:
17  * a state where there is no valid owner).
18  */
19 extern const owner_key_t *const kNoOwnerRecoveryKey;
20 
21 typedef enum ownership_key {
22  /** The owner_key in the owner page. */
23  kOwnershipKeyOwner = 0x1111,
24 
25  /** The activate_key in the owner page. */
26  kOwnershipKeyActivate = 0x2222,
27 
28  /** The unlock_key in the owner page. */
29  kOwnershipKeyUnlock = 0x4444,
30 
31  /** The silicon_creator no_owner_recovery key. */
32  kOwnershipKeyRecovery = 0x8888,
33 } ownership_key_t;
34 
35 typedef struct owner_secret_page {
36  /** Owner entropy. */
37  hmac_digest_t owner_secret;
38  /** Hash chain of previous owners. */
39  hmac_digest_t owner_history;
40 } owner_secret_page_t;
41 
42 /**
43  * Validate that a message was signed with a given owner key.
44  * If the message fails verification with the Activate or Unlock key,
45  * the verification is retried with the Owner key.
46  *
47  * @param page Owner-page on which the key resides.
48  * @param key Which key (or keys) to use to validate the message.
49  * @param signature The signature over the message.
50  * @param message Pointer to the message.
51  * @param len Size of the message.
52  * @return kHardenedBoolTrue if the message is valid.
53  */
54 hardened_bool_t ownership_key_validate(size_t page, ownership_key_t key,
55  const owner_signature_t *signature,
56  const void *message, size_t len);
57 
58 /**
59  * Initialize sealing.
60  *
61  * Initializes the KMAC block to create a KMAC-256 seal based on a key
62  * created by keymgr.
63  *
64  * @return Success or error code.
65  */
66 rom_error_t ownership_seal_init(void);
67 
68 /**
69  * Generate a seal for an ownership page.
70  *
71  * @param page Owner page for which to generate the sealing value.
72  * @return Success or error code.
73  */
74 rom_error_t ownership_seal_page(size_t page);
75 
76 /**
77  * Check the seal on an ownership page.
78  *
79  * @param page Owner page on which to check the seal.
80  * @return Success or error code.
81  */
82 rom_error_t ownership_seal_check(size_t page);
83 
84 /**
85  * Replace the owner secret with new entropy and update the ownership history.
86  *
87  * @return Success or error code.
88  */
89 rom_error_t ownership_secret_new(void);
90 
91 /**
92  * Retrieve the owner history digest from the OwnerSecret page.
93  *
94  * @param history Digest of all previous owner keys.
95  * @return Success or error code.
96  */
97 rom_error_t ownership_history_get(hmac_digest_t *history);
98 
99 #endif // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_OWNERSHIP_KEY_H_
Return to OpenTitan Documentation