nRF Connect SDK API 3.3.99
Loading...
Searching...
No Matches
bl_crypto.h
Go to the documentation of this file.
1/*
2 * Copyright (c) 2018 Nordic Semiconductor ASA
3 *
4 * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
5 */
6
7#ifndef BOOTLOADER_CRYPTO_H__
8#define BOOTLOADER_CRYPTO_H__
9
10#ifdef __cplusplus
11extern "C" {
12#endif
13
14#include <zephyr/types.h>
15#include <fw_info.h>
16#if defined(CONFIG_NRF_SECURITY)
17#include <psa/crypto.h>
18#include <psa/crypto_extra.h>
19#endif
20
25/* Placeholder defines. Values should be updated, if no existing errors can be
26 * used instead. */
27#define EHASHINV 101
28#define ESIGINV 102
29
30#if defined(CONFIG_SB_CRYPTO_PSA_SHA512)
31typedef psa_hash_operation_t bl_sha512_ctx_t;
32#elif defined(CONFIG_SB_CRYPTO_OBERON_SHA256)
33#include <ocrypto_sha256.h>
34#define SHA256_CTX_SIZE sizeof(ocrypto_sha256_ctx)
35typedef ocrypto_sha256_ctx bl_sha256_ctx_t;
36#elif defined(CONFIG_SB_CRYPTO_CC310_SHA256)
37#include <nrf_cc310_bl_hash_sha256.h>
38#define SHA256_CTX_SIZE sizeof(nrf_cc310_bl_hash_context_sha256_t)
39typedef nrf_cc310_bl_hash_context_sha256_t bl_sha256_ctx_t;
40#else
41#define SHA256_CTX_SIZE 256
42/* uint32_t to make sure it is aligned equally as the other contexts. */
43typedef uint32_t bl_sha256_ctx_t[SHA256_CTX_SIZE/4];
44#endif
45
46
53int bl_crypto_init(void);
54
55
78int bl_root_of_trust_verify(const uint8_t *public_key,
79 const uint8_t *public_key_hash,
80 const uint8_t *signature,
81 const uint8_t *firmware,
82 const uint32_t firmware_len);
83
84/* Typedef for use in EXT_API declaration */
85typedef int (*bl_root_of_trust_verify_t)(
86 const uint8_t *public_key,
87 const uint8_t *public_key_hash,
88 const uint8_t *signature,
89 const uint8_t *firmware,
90 const uint32_t firmware_len);
91
92
98int bl_root_of_trust_verify_external(const uint8_t *public_key,
99 const uint8_t *public_key_hash,
100 const uint8_t *signature,
101 const uint8_t *firmware,
102 const uint32_t firmware_len);
103
112void bl_root_of_trust_housekeeping(void);
113
122int bl_sha256_init(bl_sha256_ctx_t *ctx);
123
124/* Typedef for use in EXT_API declaration */
125typedef int (*bl_sha256_init_t)(bl_sha256_ctx_t *ctx);
126
127
144int bl_sha256_update(bl_sha256_ctx_t *ctx, const uint8_t *data, uint32_t data_len);
145
146/* Typedef for use in EXT_API declaration */
147typedef int (*bl_sha256_update_t)(bl_sha256_ctx_t *ctx, const uint8_t *data,
148 uint32_t data_len);
149
150
161int bl_sha256_finalize(bl_sha256_ctx_t *ctx, uint8_t *output);
162
163/* Typedef for use in EXT_API declaration */
164typedef int (*bl_sha256_finalize_t)(bl_sha256_ctx_t *ctx, uint8_t *output);
165
166
180int bl_sha256_verify(const uint8_t *data, uint32_t data_len, const uint8_t *expected);
181
182/* Typedef for use in EXT_API declaration */
183typedef int (*bl_sha256_verify_t)(const uint8_t *data, uint32_t data_len,
184 const uint8_t *expected);
185
186#if defined(CONFIG_SB_CRYPTO_PSA_SHA512)
195int bl_sha512_init(bl_sha512_ctx_t *ctx);
196
213int bl_sha512_update(bl_sha512_ctx_t *ctx, const uint8_t *data, uint32_t data_len);
214
225int bl_sha512_finalize(bl_sha512_ctx_t *ctx, uint8_t *output);
226
240int bl_sha512_verify(const uint8_t *data, uint32_t data_len, const uint8_t *expected);
241#endif
242
256int bl_secp256r1_validate(const uint8_t *hash,
257 uint32_t hash_len,
258 const uint8_t *public_key,
259 const uint8_t *signature);
260
261/* Typedef for use in EXT_API declaration */
262typedef int (*bl_secp256r1_validate_t)(
263 const uint8_t *hash,
264 uint32_t hash_len,
265 const uint8_t *public_key,
266 const uint8_t *signature);
267
280int bl_ed25519_validate(const uint8_t *hash,
281 uint32_t hash_len,
282 const uint8_t *signature);
283
293void bl_ed25519_keys_housekeeping(void);
294
301
312
319
322#ifdef __cplusplus
323}
324#endif
325
326#endif
fw_info.h
bl_crypto_init
int bl_crypto_init(void)
Initialize bootloader crypto module.
bl_sha256_update_t
int(* bl_sha256_update_t)(bl_sha256_ctx_t *ctx, const uint8_t *data, uint32_t data_len)
Definition bl_crypto.h:147
bl_secp256r1_validate
int bl_secp256r1_validate(const uint8_t *hash, uint32_t hash_len, const uint8_t *public_key, const uint8_t *signature)
Validate a secp256r1 signature.
bl_root_of_trust_verify
int bl_root_of_trust_verify(const uint8_t *public_key, const uint8_t *public_key_hash, const uint8_t *signature, const uint8_t *firmware, const uint32_t firmware_len)
Verify a signature using configured signature and SHA-256.
bl_sha256_init
int bl_sha256_init(bl_sha256_ctx_t *ctx)
Initialize a sha256 operation context variable.
bl_sha256_verify_t
int(* bl_sha256_verify_t)(const uint8_t *data, uint32_t data_len, const uint8_t *expected)
Definition bl_crypto.h:183
bl_ed25519_keys_housekeeping
void bl_ed25519_keys_housekeeping(void)
Perform ED25519 key storage housekeeping operations.
bl_ed25519_validate
int bl_ed25519_validate(const uint8_t *hash, uint32_t hash_len, const uint8_t *signature)
Validate an ed25519 signature.
SHA256_CTX_SIZE
#define SHA256_CTX_SIZE
Definition bl_crypto.h:41
bl_sha256_init_t
int(* bl_sha256_init_t)(bl_sha256_ctx_t *ctx)
Definition bl_crypto.h:125
bl_sha256_verify
int bl_sha256_verify(const uint8_t *data, uint32_t data_len, const uint8_t *expected)
Calculate a digest and verify it directly.
bl_sha256_finalize
int bl_sha256_finalize(bl_sha256_ctx_t *ctx, uint8_t *output)
Finalize a hash result.
bl_sha256_finalize_t
int(* bl_sha256_finalize_t)(bl_sha256_ctx_t *ctx, uint8_t *output)
Definition bl_crypto.h:164
bl_root_of_trust_housekeeping
void bl_root_of_trust_housekeeping(void)
Perform root of trust housekeeping operations.
bl_secp256r1_validate_t
int(* bl_secp256r1_validate_t)(const uint8_t *hash, uint32_t hash_len, const uint8_t *public_key, const uint8_t *signature)
Definition bl_crypto.h:262
bl_root_of_trust_verify_t
int(* bl_root_of_trust_verify_t)(const uint8_t *public_key, const uint8_t *public_key_hash, const uint8_t *signature, const uint8_t *firmware, const uint32_t firmware_len)
Definition bl_crypto.h:85
bl_sha256_ctx_t
uint32_t bl_sha256_ctx_t[256/4]
Definition bl_crypto.h:43
bl_root_of_trust_verify_external
int bl_root_of_trust_verify_external(const uint8_t *public_key, const uint8_t *public_key_hash, const uint8_t *signature, const uint8_t *firmware, const uint32_t firmware_len)
Implementation of rot_verify that is safe to be called from EXT_API.
bl_sha256_update
int bl_sha256_update(bl_sha256_ctx_t *ctx, const uint8_t *data, uint32_t data_len)
Hash a portion of data.
bl_rot_verify_ext_api::bl_root_of_trust_verify
bl_root_of_trust_verify_t bl_root_of_trust_verify
Definition bl_crypto.h:299
bl_rot_verify_ext_api
Structure describing the BL_ROT_VERIFY EXT_API.
Definition bl_crypto.h:298
bl_secp256r1_ext_api::bl_secp256r1_validate
bl_secp256r1_validate_t bl_secp256r1_validate
Definition bl_crypto.h:317
bl_secp256r1_ext_api
Structure describing the BL_SECP256R1 EXT_API.
Definition bl_crypto.h:316
bl_sha256_ext_api::bl_sha256_verify
bl_sha256_verify_t bl_sha256_verify
Definition bl_crypto.h:309
bl_sha256_ext_api::bl_sha256_ctx_size
uint32_t bl_sha256_ctx_size
Definition bl_crypto.h:310
bl_sha256_ext_api::bl_sha256_init
bl_sha256_init_t bl_sha256_init
Definition bl_crypto.h:306
bl_sha256_ext_api::bl_sha256_update
bl_sha256_update_t bl_sha256_update
Definition bl_crypto.h:307
bl_sha256_ext_api::bl_sha256_finalize
bl_sha256_finalize_t bl_sha256_finalize
Definition bl_crypto.h:308
bl_sha256_ext_api
Structure describing the BL_SHA256 EXT_API.
Definition bl_crypto.h:305