Software APIs
sigverify_key_types.h
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_ROM_SIGVERIFY_KEY_TYPES_H_
6 #define OPENTITAN_SW_DEVICE_SILICON_CREATOR_ROM_SIGVERIFY_KEY_TYPES_H_
7 
8 #include <stdint.h>
9 
10 #include "sw/device/silicon_creator/lib/sigverify/ecdsa_p256_key.h"
11 #include "sw/device/silicon_creator/lib/sigverify/rsa_key.h"
12 #include "sw/device/silicon_creator/lib/sigverify/spx_key.h"
13 
14 #ifdef __cplusplus
15 extern "C" {
16 #endif // __cplusplus
17 
18 /**
19  * Key types.
20  *
21  * The life cycle states in which a key can be used depend on its type.
22  *
23  * Encoding generated with
24  * $ ./util/design/sparse-fsm-encode.py -d 6 -m 3 -n 32 \
25  * -s 1985033815 --language=c
26  *
27  * Minimum Hamming distance: 15
28  * Maximum Hamming distance: 18
29  * Minimum Hamming weight: 13
30  * Maximum Hamming weight: 16
31  */
32 typedef enum sigverify_key_type {
33  /**
34  * A key used for manufacturing, testing, and RMA.
35  *
36  * Keys of this type can be used only in TEST_UNLOCKED* and RMA life cycle
37  * states.
38  */
39  kSigverifyKeyTypeTest = 0x3ff0c819,
40  /**
41  * A production key.
42  *
43  * Keys of this type can be used in all operational life cycle states, i.e.
44  * states in which CPU execution is enabled.
45  */
46  kSigverifyKeyTypeProd = 0x43a839ad,
47  /**
48  * A development key.
49  *
50  * Keys of this type can be used only in the DEV life cycle state.
51  */
52  kSigverifyKeyTypeDev = 0x7a01a471,
53 } sigverify_key_type_t;
54 
55 /**
56  * OTP key state encoding values used in the `ROT_CREATOR_AUTH_STATE` OTP
57  * partition.
58  *
59  * The values are derived from the otp_ctrl encoding algorithm to ensure that
60  * the following one-directional transitions are possible:
61  * - `kSigVerifyKeyAuthStateBlank` -> `kSigVerifyKeyAuthStateProvisioned`
62  * - `kSigVerifyKeyAuthStateProvisioned` -> `kSigVerifyKeyAuthStateRevoked`
63  *
64  * No other state transitions are supported. An attacker who attempts to change
65  * the state of the key from `kSigVerifyKeyAuthStateRevoked` to
66  * `kSigVerifyKeyAuthStateProvisioned` will trigger an ECC error in the OTP
67  * macro
68  */
69 typedef enum sigverify_key_auth_state {
70  /**
71  * Represents the state of the key as blank.
72  */
73  kSigVerifyKeyAuthStateBlank = 0,
74  /**
75  * Represents the state of the key as enabled.
76  *
77  * The value is derived from the otp_ctrl encoding algorithm to ensure that
78  * transitions from this value to `kSigVerifyKeyAuthStateRevoked` are
79  * possible (i.e. the value change does not trigger an ECC error in the OTP
80  * macro). See https://github.com/lowRISC/opentitan/pull/21270 for more
81  * details.
82  *
83  * parameter logic [15:0] I0 = 16'b0110_0111_1000_0001; // ECC: 6'b000100
84  * parameter logic [15:0] I1 = 16'b1110_1000_1010_0001; // ECC: 6'b100110
85  * AuthStEnabled = { I1, I0},
86  */
87  kSigVerifyKeyAuthStateProvisioned = 0xe8a16781,
88  /**
89  * Represents the state of the key as revoked.
90  *
91  * The value is derived from the otp_ctrl encoding algorithm to ensure that
92  * transitions into this value from `kSigVerifyKeyAuthStateProvisioned` are
93  * possible (i.e. the value change does not trigger an ECC error in the OTP
94  * macro). See https://github.com/lowRISC/opentitan/pull/21270 for more
95  * details.
96  *
97  * parameter logic [15:0] J0 = 16'b0111_1111_1010_0001; // ECC: 6'b101101
98  * parameter logic [15:0] J1 = 16'b1110_1001_1111_0101; // ECC: 6'b101111
99  * AuthStDisabled = { J1, J0}
100  */
101  kSigVerifyKeyAuthStateRevoked = 0xe9f57fa1,
102 } sigverify_key_auth_state_t;
103 
104 /**
105  * Common initial sequence of public keys stored in ROM.
106  *
107  * OpenTitan ROM contains RSA and SPX keys whose definitions share this common
108  * initial sequence. This common initial sequence allows us to perform key
109  * lookup and validity checks in a generic manner by casting
110  * `sigverify_rom_rsa_key_t` or `sigverify_rom_spx_key_t` to this type.
111  */
112 typedef struct sigverify_rom_key_header {
113  /**
114  * Type of the key.
115  */
116  sigverify_key_type_t key_type;
117  /**
118  * ID of the key.
119  */
120  uint32_t key_id;
121 } sigverify_rom_key_header_t;
122 
123 OT_ASSERT_MEMBER_OFFSET(sigverify_rom_key_header_t, key_type, 0);
124 OT_ASSERT_MEMBER_OFFSET(sigverify_rom_key_header_t, key_id, 4);
125 OT_ASSERT_SIZE(sigverify_rom_key_header_t, 8);
126 
127 /**
128  * An ECDSA P256 public key stored in ROM.
129  *
130  * This struct must start with the common initial sequence
131  * `sigverify_rom_key_header_t`.
132  *
133  */
134 typedef struct sigverify_rom_ecdsa_p256_key_entry {
135  /**
136  * Type of the key.
137  */
138  sigverify_key_type_t key_type;
139  /**
140  * An ECDSA P256 public key.
141  */
142  ecdsa_p256_public_key_t key;
143 } sigverify_rom_ecdsa_p256_key_entry_t;
144 OT_ASSERT_MEMBER_OFFSET(sigverify_rom_ecdsa_p256_key_entry_t, key_type, 0);
145 OT_ASSERT_MEMBER_OFFSET(sigverify_rom_ecdsa_p256_key_entry_t, key.x[0], 4);
146 static_assert(offsetof(sigverify_rom_key_header_t, key_type) ==
147  offsetof(sigverify_rom_ecdsa_p256_key_entry_t, key_type),
148  "Invalid key_type offset.");
149 static_assert(offsetof(sigverify_rom_key_header_t, key_id) ==
150  offsetof(sigverify_rom_ecdsa_p256_key_entry_t, key.x[0]),
151  "Invalid key_id offset.");
152 
153 /**
154  * Union type to inspect the common initial sequence of ECDSA P256 public keys
155  *
156  */
157 typedef union sigverify_rom_ecdsa_p256_key {
158  /**
159  * Common initial sequence.
160  */
161  sigverify_rom_key_header_t key_header;
162  /**
163  * Actual ECDSA P256 public key entry.
164  */
165  sigverify_rom_ecdsa_p256_key_entry_t entry;
166 } sigverify_rom_ecdsa_p256_key_t;
167 
168 static_assert(sizeof(sigverify_rom_ecdsa_p256_key_entry_t) ==
169  sizeof(sigverify_rom_ecdsa_p256_key_t),
170  "Size of an ECDSA P256 public key entry must be equal to the "
171  "size of a key");
172 
173 /**
174  * An RSA public key stored in ROM.
175  *
176  * This struct must start with the common initial sequence
177  * `sigverify_rom_key_header_t`.
178  */
179 typedef struct sigverify_rom_rsa_key_entry {
180  /**
181  * Type of the key.
182  */
183  sigverify_key_type_t key_type;
184  /**
185  * An RSA public key.
186  */
187  sigverify_rsa_key_t key;
188 } sigverify_rom_rsa_key_entry_t;
189 OT_ASSERT_MEMBER_OFFSET(sigverify_rom_rsa_key_entry_t, key_type, 0);
190 OT_ASSERT_MEMBER_OFFSET(sigverify_rom_rsa_key_entry_t, key.n.data[0], 4);
191 static_assert(offsetof(sigverify_rom_key_header_t, key_type) ==
192  offsetof(sigverify_rom_rsa_key_entry_t, key_type),
193  "Invalid key_type offset.");
194 static_assert(offsetof(sigverify_rom_key_header_t, key_id) ==
195  offsetof(sigverify_rom_rsa_key_entry_t, key.n.data[0]),
196  "Invalid key_id offset.");
197 
198 /**
199  * Union type to inspect the common initial sequence of RSA public keys stored
200  * in ROM.
201  */
202 typedef union sigverify_rom_rsa_key {
203  /**
204  * Common initial sequence.
205  */
206  sigverify_rom_key_header_t key_header;
207  /**
208  * Actual RSA public key entry.
209  */
210  sigverify_rom_rsa_key_entry_t entry;
211 } sigverify_rom_rsa_key_t;
212 
213 static_assert(
214  sizeof(sigverify_rom_rsa_key_entry_t) == sizeof(sigverify_rom_rsa_key_t),
215  "Size of an RSA public key entry must be equal to the size of a key");
216 
217 /**
218  * An SPX public key stored in ROM.
219  *
220  * This struct must start with the common initial sequence
221  * `sigverify_rom_key_header_t`.
222  */
223 typedef struct sigverify_rom_spx_key_entry {
224  /**
225  * Type of the key.
226  */
227  sigverify_key_type_t key_type;
228  /**
229  * An SPX public key.
230  */
231  sigverify_spx_key_t key;
232  /**
233  * Parameter configuration ID for the SPX key.
234  */
235  sigverify_spx_config_id_t config_id;
236 } sigverify_rom_spx_key_entry_t;
237 
238 OT_ASSERT_MEMBER_OFFSET(sigverify_rom_spx_key_entry_t, key_type, 0);
239 OT_ASSERT_MEMBER_OFFSET(sigverify_rom_spx_key_entry_t, key.data[0], 4);
240 static_assert(offsetof(sigverify_rom_key_header_t, key_type) ==
241  offsetof(sigverify_rom_spx_key_entry_t, key_type),
242  "Invalid key_type offset.");
243 static_assert(offsetof(sigverify_rom_key_header_t, key_id) ==
244  offsetof(sigverify_rom_spx_key_entry_t, key.data[0]),
245  "Invalid key_id offset.");
246 
247 /**
248  * Union type to inspect the common initial sequence of SPX public keys stored
249  * in ROM.
250  */
251 typedef union sigverify_rom_spx_key {
252  /**
253  * Common initial sequence.
254  */
255  sigverify_rom_key_header_t key_header;
256  /**
257  * Actual SPX public key entry.
258  */
259  sigverify_rom_spx_key_entry_t entry;
260 } sigverify_rom_spx_key_t;
261 
262 static_assert(
263  sizeof(sigverify_rom_spx_key_entry_t) == sizeof(sigverify_rom_spx_key_t),
264  "Size of an SPX public key entry must be equal to the size of a key");
265 
266 #ifdef __cplusplus
267 } // extern "C"
268 #endif // __cplusplus
269 
270 #endif // OPENTITAN_SW_DEVICE_SILICON_CREATOR_ROM_SIGVERIFY_KEY_TYPES_H_
Return to OpenTitan Documentation