gecko: se_manager files updated | Update to GSDK 4.4.0
Updated the files present in gecko/se_manager folder as per latest gecko_sdk. Purpose of this PR is to align the codebase of hal_silabs with gecko_sdk 4.4.0 Signed-off-by: Sateesh Kotapati <sateesh.kotapati@silabs.com>
This commit is contained in:
Sateesh Kotapati
Filip Kokosiński
parent
4cfb0e3e36
commit
11ab59175a
|
|
@ -30,9 +30,9 @@
|
|||
#ifndef SL_SE_MANAGER_H
|
||||
#define SL_SE_MANAGER_H
|
||||
|
||||
#include "em_device.h"
|
||||
#include "sli_se_manager_features.h"
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(CRYPTOACC_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED) || defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
/***************************************************************************//**
|
||||
* @addtogroup sl_se_manager Secure Engine Manager
|
||||
|
|
@ -99,7 +99,7 @@ sl_status_t sl_se_init(void);
|
|||
******************************************************************************/
|
||||
sl_status_t sl_se_deinit(void);
|
||||
|
||||
#if !defined(SL_CATALOG_TZ_SECURE_KEY_LIBRARY_NS_PRESENT) || defined(DOXYGEN)
|
||||
#if !defined(SL_CATALOG_TZ_SECURE_KEY_LIBRARY_NS_PRESENT)
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Set the yield attribute of the SE command context object.
|
||||
|
|
@ -118,9 +118,9 @@ sl_status_t sl_se_deinit(void);
|
|||
******************************************************************************/
|
||||
sl_status_t sl_se_set_yield(sl_se_command_context_t *cmd_ctx,
|
||||
bool yield);
|
||||
#endif // !SL_CATALOG_TZ_SECURE_KEY_LIBRARY_NS_PRESENT || DOXYGEN
|
||||
#endif // !SL_CATALOG_TZ_SECURE_KEY_LIBRARY_NS_PRESENT
|
||||
|
||||
#if defined(CRYPTOACC_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* From VSE mailbox read which command, if any, was executed.
|
||||
|
|
@ -151,7 +151,7 @@ sl_status_t sl_se_read_executed_command(sl_se_command_context_t *cmd_ctx);
|
|||
* Status code, @ref sl_status.h.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_ack_command(sl_se_command_context_t *cmd_ctx);
|
||||
#endif //defined(CRYPTOACC_PRESENT)
|
||||
#endif //defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
|
|
@ -198,7 +198,7 @@ sl_status_t sl_se_deinit_command_context(sl_se_command_context_t *cmd_ctx);
|
|||
/// @} (end addtogroup sl_se_manager_core)
|
||||
/// @} (end addtogroup sl_se_manager)
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT) || defined(CRYPTOACC_PRESENT)
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED) || defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
#endif // SL_SE_MANAGER_H
|
||||
|
||||
|
|
@ -211,8 +211,9 @@ sl_status_t sl_se_deinit_command_context(sl_se_command_context_t *cmd_ctx);
|
|||
/// # Introduction
|
||||
///
|
||||
/// The Secure Engine (SE) Manager provides thread-safe APIs for the Secure Engine's mailbox interface. Note that PSA Crypto is the main device independant crypto API and should be used
|
||||
/// whenever possible, see @ref ls_psa_usage. However, the SE manager APIs can be used directly for performance or space constrained applications.
|
||||
|
||||
/// whenever possible. Visit the <a href="https://mbed-tls.readthedocs.io/en/latest/">Mbed TLS & PSA Crypto documentation hub</a> for more details. The SE manager APIs can be used directly
|
||||
/// for performance or space constrained applications.
|
||||
///
|
||||
/// Available functionality will vary between devices: device management, such as secure firmware upgrade, secure boot and secure debug implementation, is available on all series 2 devices.
|
||||
/// Devices with the SE subsystem includes a low level crypto API where the SE Manager will use the SE hardware peripherals to accelerate cryptographic operations. Finally, Vault High
|
||||
/// devices also include secure key storage functionality, anti-tamper protection, advanced crypto API and attestation.
|
||||
|
|
@ -408,9 +409,10 @@ sl_status_t sl_se_deinit_command_context(sl_se_command_context_t *cmd_ctx);
|
|||
/// <li>Trigger threshold
|
||||
/// </ul>
|
||||
/// These options can be set to the values given in the tables in the Response Filter section. Please see the examples section for a suggested use of the tamper filter signal.
|
||||
/// <tr><td>Flags <td>On EFR32MG21 the tamper flags is only used to configure one option:
|
||||
/// <tr><td>Flags <td>The tamper flags is used to configure two options:
|
||||
/// <ul>
|
||||
/// <li>Digital Glitch Detector Always On – This option will keep the digital glitch detector running even while the SE is not performing any operations. This leads to increased energy consumption.
|
||||
/// <li>Keep Tamper Alive During Sleep (not available on EFR32xG21B devices) – If set, the tamper module keeps running at sleep mode (down to EM3).
|
||||
/// </ul>
|
||||
/// <tr><td>Reset threshold <td>The number of consecutive tamper resets before the the part enters debug mode.\n\n
|
||||
/// If the threshold is set to 0, the part will never enter the debug mode due to tamper reset.
|
||||
|
|
|
|||
|
|
@ -30,11 +30,10 @@
|
|||
#ifndef SL_SE_MANAGER_ATTESTATION_H
|
||||
#define SL_SE_MANAGER_ATTESTATION_H
|
||||
|
||||
#include "em_device.h"
|
||||
#include "sli_se_manager_features.h"
|
||||
|
||||
#if (defined(SEMAILBOX_PRESENT) \
|
||||
&& (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)) \
|
||||
|| defined(DOXYGEN)
|
||||
#if (defined(SLI_MAILBOX_COMMAND_SUPPORTED) \
|
||||
&& (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT))
|
||||
|
||||
/// @addtogroup sl_se_manager
|
||||
/// @{
|
||||
|
|
@ -205,6 +204,6 @@ sl_status_t sl_se_attestation_get_config_token_size(sl_se_command_context_t *cmd
|
|||
/// @} (end addtogroup sl_se_manager_attestation)
|
||||
/// @} (end addtogroup sl_se_manager)
|
||||
|
||||
#endif // SEMAILBOX_PRESENT && VAULT
|
||||
#endif // SLI_MAILBOX_COMMAND_SUPPORTED && VAULT
|
||||
|
||||
#endif // SL_SE_MANAGER_ATTESTATION_H
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@
|
|||
|
||||
#if defined(SL_SE_MANAGER_THREADING) \
|
||||
&& !defined(SL_SE_MANAGER_YIELD_WHILE_WAITING_FOR_COMMAND_COMPLETION) \
|
||||
&& !defined(CRYPTOACC_PRESENT)
|
||||
&& !defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
#error "Yield when waiting for SE commands to finish is currently required in RTOS mode."
|
||||
#endif
|
||||
#if defined(SL_SE_MANAGER_YIELD_WHILE_WAITING_FOR_COMMAND_COMPLETION) \
|
||||
|
|
@ -50,8 +50,12 @@
|
|||
#error "RTOS requires threading mode."
|
||||
#endif
|
||||
|
||||
#if (defined(CRYPTOACC_PRESENT) && defined(SL_SE_MANAGER_YIELD_WHILE_WAITING_FOR_COMMAND_COMPLETION))
|
||||
#if (defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED) && defined(SL_SE_MANAGER_YIELD_WHILE_WAITING_FOR_COMMAND_COMPLETION))
|
||||
#error "Yield support is not available on EFR32xG22 devices"
|
||||
#endif
|
||||
|
||||
#if (SLI_SE_AES_CTR_NUM_BLOCKS_BUFFERED != 1)
|
||||
#error "Using multiple blocks for key stream computation is not supported"
|
||||
#endif
|
||||
|
||||
#endif // SL_SE_MANAGER_CHECK_CONFIG_H
|
||||
|
|
|
|||
|
|
@ -30,9 +30,9 @@
|
|||
#ifndef SL_SE_MANAGER_CIPHER_H
|
||||
#define SL_SE_MANAGER_CIPHER_H
|
||||
|
||||
#include "em_device.h"
|
||||
#include "sli_se_manager_features.h"
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
/// @addtogroup sl_se_manager
|
||||
/// @{
|
||||
|
|
@ -217,6 +217,11 @@ sl_status_t sl_se_aes_crypt_cfb8(sl_se_command_context_t *cmd_ctx,
|
|||
* @brief
|
||||
* AES-CTR buffer encryption/decryption.
|
||||
*
|
||||
* @warning
|
||||
* Avoid passing in the same buffer for nonce_counter and
|
||||
* stream_block as the incrementation operation of
|
||||
* nonce_counter can lead to corruption of the ciphertext
|
||||
*
|
||||
* @param[in] cmd_ctx
|
||||
* Pointer to an SE command context object.
|
||||
*
|
||||
|
|
@ -251,7 +256,7 @@ sl_status_t sl_se_aes_crypt_ctr(sl_se_command_context_t *cmd_ctx,
|
|||
size_t length,
|
||||
uint32_t *nc_off,
|
||||
unsigned char nonce_counter[16],
|
||||
unsigned char stream_block[16],
|
||||
unsigned char stream_block[SLI_SE_AES_CTR_NUM_BLOCKS_BUFFERED * SL_SE_AES_BLOCK_SIZE],
|
||||
const unsigned char *input,
|
||||
unsigned char *output);
|
||||
|
||||
|
|
@ -683,32 +688,6 @@ sl_status_t sl_se_cmac_multipart_starts(sl_se_cmac_multipart_context_t *cmac_ctx
|
|||
sl_se_command_context_t *cmd_ctx,
|
||||
const sl_se_key_descriptor_t *key);
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Deprecated, please switch to using \ref sl_se_cmac_multipart_starts().
|
||||
*
|
||||
* Prepare a CMAC streaming command context object.
|
||||
*
|
||||
* @details
|
||||
* Prepare a CMAC streaming command context object to be used in subsequent
|
||||
* CMAC streaming function calls.
|
||||
*
|
||||
* @param[in] cmac_ctx
|
||||
* Pointer to a CMAC streaming context object.
|
||||
*
|
||||
* @param[in] cmd_ctx
|
||||
* Pointer to an SE command context object.
|
||||
*
|
||||
* @param[in] key
|
||||
* Pointer to sl_se_key_descriptor_t structure.
|
||||
*
|
||||
* @return
|
||||
* Status code, @ref sl_status.h.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_cmac_starts(sl_se_cmac_streaming_context_t *cmac_ctx,
|
||||
sl_se_command_context_t *cmd_ctx,
|
||||
const sl_se_key_descriptor_t *key) SL_DEPRECATED_API_SDK_3_3;
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* This function feeds an input buffer into an ongoing CMAC computation.
|
||||
|
|
@ -741,33 +720,6 @@ sl_status_t sl_se_cmac_multipart_update(sl_se_cmac_multipart_context_t *cmac_ctx
|
|||
const uint8_t *input,
|
||||
size_t input_len);
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Deprecated, please switch to using \ref sl_se_cmac_multipart_update().
|
||||
*
|
||||
* This function feeds an input buffer into an ongoing CMAC computation.
|
||||
*
|
||||
* @details
|
||||
* It is called between sl_se_cmac_multipart_starts() and sl_se_cmac_multipart_finish().
|
||||
* Can be called repeatedly.
|
||||
*
|
||||
* @param[in,out] cmac_ctx
|
||||
* Pointer to a CMAC streaming context object.
|
||||
*
|
||||
* @param[in] input
|
||||
* Buffer holding the input data, must be at least @p input_len bytes wide.
|
||||
*
|
||||
* @param[in] input_len
|
||||
* The length of the input data in bytes.
|
||||
*
|
||||
* @return
|
||||
* Status code, @ref sl_status.h.
|
||||
******************************************************************************/
|
||||
|
||||
sl_status_t sl_se_cmac_update(sl_se_cmac_streaming_context_t *cmac_ctx,
|
||||
const uint8_t *input,
|
||||
size_t input_len) SL_DEPRECATED_API_SDK_3_3;
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Finish a CMAC streaming operation and return the resulting CMAC tag.
|
||||
|
|
@ -795,72 +747,6 @@ sl_status_t sl_se_cmac_multipart_finish(sl_se_cmac_multipart_context_t *cmac_ctx
|
|||
const sl_se_key_descriptor_t *key,
|
||||
uint8_t *output);
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Deprecated, please switch to using \ref sl_se_cmac_multipart_finish().
|
||||
*
|
||||
* Finish a CMAC streaming operation and return the resulting CMAC tag.
|
||||
*
|
||||
* @details
|
||||
* It is called after sl_se_cmac_update().
|
||||
*
|
||||
* @param[in,out] cmac_ctx
|
||||
* Pointer to a CMAC streaming context object.
|
||||
*
|
||||
* @param[out] output
|
||||
* Buffer holding the 16-byte CMAC tag, must be at least 16 bytes wide.
|
||||
*
|
||||
* @return
|
||||
* Status code, @ref sl_status.h.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_cmac_finish(sl_se_cmac_streaming_context_t *cmac_ctx,
|
||||
uint8_t *output) SL_DEPRECATED_API_SDK_3_3;
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Deprecated, please switch to using \ref sl_se_gcm_multipart_starts().
|
||||
*
|
||||
* Prepare a GCM streaming command context object.
|
||||
* @details
|
||||
* Prepare a GCM streaming command context object to be used in subsequent
|
||||
* GCM streaming function calls.
|
||||
*
|
||||
* @param[in] gcm_ctx
|
||||
* Pointer to a GCM streaming context object.
|
||||
*
|
||||
* @param[in] cmd_ctx
|
||||
* Pointer to an SE command context object.
|
||||
*
|
||||
* @param[in] key
|
||||
* Pointer to sl_se_key_descriptor_t structure.
|
||||
*
|
||||
* @param mode
|
||||
* The operation to perform: SL_SE_ENCRYPT or SL_SE_DECRYPT.
|
||||
*
|
||||
* @param iv
|
||||
* The initialization vector.
|
||||
*
|
||||
* @param iv_len
|
||||
* The length of the IV.
|
||||
*
|
||||
* @param add
|
||||
* The buffer holding the additional data, or NULL if @p add_len is 0.
|
||||
*
|
||||
* @param add_len
|
||||
* The length of the additional data. If 0, @p add is NULL.
|
||||
*
|
||||
* @return
|
||||
* Status code, @ref sl_status.h.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_gcm_starts(sl_se_gcm_streaming_context_t *gcm_ctx,
|
||||
sl_se_command_context_t *cmd_ctx,
|
||||
const sl_se_key_descriptor_t *key,
|
||||
sl_se_cipher_operation_t mode,
|
||||
const uint8_t *iv,
|
||||
size_t iv_len,
|
||||
const uint8_t *add,
|
||||
size_t add_len) SL_DEPRECATED_API_SDK_3_3;
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Prepare a GCM streaming command context object.
|
||||
|
|
@ -905,36 +791,6 @@ sl_status_t sl_se_gcm_multipart_starts(sl_se_gcm_multipart_context_t *gcm_ctx,
|
|||
const uint8_t *add,
|
||||
size_t add_len);
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Deprecated, please switch to using \ref sl_se_gcm_multipart_update().
|
||||
*
|
||||
* This function feeds an input buffer into an ongoing GCM computation.
|
||||
*
|
||||
* It is called between sl_se_gcm_starts() and sl_se_gcm_finish().
|
||||
* Can be called repeatedly.
|
||||
*
|
||||
* @param[in] gcm_ctx
|
||||
* Pointer to a GCM streaming context object.
|
||||
*
|
||||
* @param[in] length
|
||||
* The length of the input data. This must be a multiple of 16 except in
|
||||
* the last call before sl_se_gcm_finish().
|
||||
*
|
||||
* @param[in] input
|
||||
* Buffer holding the input data, must be at least @p length bytes wide.
|
||||
*
|
||||
* @param[out] output
|
||||
* Buffer for holding the output data, must be at least @p length bytes wide.
|
||||
*
|
||||
* @return
|
||||
* Status code, @ref sl_status.h.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_gcm_update(sl_se_gcm_streaming_context_t *gcm_ctx,
|
||||
size_t length,
|
||||
const uint8_t *input,
|
||||
uint8_t *output) SL_DEPRECATED_API_SDK_3_3;
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* This function feeds an input buffer into an ongoing GCM computation.
|
||||
|
|
@ -968,30 +824,6 @@ sl_status_t sl_se_gcm_multipart_update(sl_se_gcm_multipart_context_t *gcm_ctx,
|
|||
uint8_t *output,
|
||||
size_t *output_length);
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Deprecated, please switch to using \ref sl_se_gcm_multipart_finish().
|
||||
*
|
||||
* Finish a GCM streaming operation and return the resulting GCM tag.
|
||||
*
|
||||
* It is called after sl_se_gcm_update().
|
||||
*
|
||||
* @param[in] gcm_ctx
|
||||
* Pointer to a GCM streaming context object.
|
||||
*
|
||||
* @param[out] tag
|
||||
* The buffer for holding the tag.
|
||||
*
|
||||
* @param[in] tag_len
|
||||
* The length of the tag to generate. Must be at least four.
|
||||
*
|
||||
* @return
|
||||
* Status code, @ref sl_status.h.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_gcm_finish(sl_se_gcm_streaming_context_t *gcm_ctx,
|
||||
uint8_t *tag,
|
||||
size_t tag_len) SL_DEPRECATED_API_SDK_3_3;
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Finish a GCM streaming operation and return the resulting GCM tag.
|
||||
|
|
@ -1085,7 +917,7 @@ sl_status_t sl_se_hmac(sl_se_command_context_t *cmd_ctx,
|
|||
uint8_t *output,
|
||||
size_t output_len);
|
||||
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) || defined(DOXYGEN)
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* ChaCha20 buffer encryption/decryption, as defined by RFC8439 section 2.4.
|
||||
|
|
@ -1276,6 +1108,6 @@ sl_status_t sl_se_poly1305_genkey_tag(sl_se_command_context_t *cmd_ctx,
|
|||
/// @} (end addtogroup sl_se_manager_cipher)
|
||||
/// @} (end addtogroup sl_se_manager)
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT)
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
#endif // SL_SE_MANAGER_CIPHER_H
|
||||
|
|
|
|||
|
|
@ -44,16 +44,20 @@
|
|||
// is currently required in RTOS mode.
|
||||
#define SL_SE_MANAGER_THREADING
|
||||
|
||||
#if !defined(SL_SE_MANAGER_YIELD_WHILE_WAITING_FOR_COMMAND_COMPLETION) && !defined(CRYPTOACC_PRESENT)
|
||||
#if !defined(SL_SE_MANAGER_YIELD_WHILE_WAITING_FOR_COMMAND_COMPLETION) && !defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
// Enable yield support. Configure sl_se_command_context_t to yield CPU while waiting for SE commands.
|
||||
// This is not supported on EFR32xG22.
|
||||
#define SL_SE_MANAGER_YIELD_WHILE_WAITING_FOR_COMMAND_COMPLETION
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef SLI_SE_AES_CTR_NUM_BLOCKS_BUFFERED
|
||||
#define SLI_SE_AES_CTR_NUM_BLOCKS_BUFFERED 1
|
||||
#endif
|
||||
|
||||
// Check consistency of configuration options.
|
||||
// Always include se_manager_check_config.h in order to assert that the
|
||||
// configuration options dependencies and restrictions are aok.
|
||||
// configuration options dependencies and restrictions are ok.
|
||||
#include "sl_se_manager_check_config.h"
|
||||
|
||||
#endif // SL_SE_MANAGER_CONFIG_H
|
||||
|
|
|
|||
|
|
@ -30,17 +30,19 @@
|
|||
#ifndef SL_SE_MANAGER_DEFINES_H
|
||||
#define SL_SE_MANAGER_DEFINES_H
|
||||
|
||||
#include "em_device.h"
|
||||
#include "sli_se_manager_features.h"
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(CRYPTOACC_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED) || defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
#if !defined(SLI_SE_MANAGER_HOST_SYSTEM)
|
||||
#if !defined(SL_TRUSTZONE_NONSECURE)
|
||||
#if !defined(SE_MANAGER_CONFIG_FILE)
|
||||
#include "sl_se_manager_config.h"
|
||||
#else
|
||||
#include SE_MANAGER_CONFIG_FILE
|
||||
#endif
|
||||
#endif
|
||||
#endif // SE_MANAGER_CONFIG_FILE
|
||||
#endif // SL_TRUSTZONE_NONSECURE
|
||||
#endif // SLI_SE_MANAGER_HOST_SYSTEM
|
||||
|
||||
#if defined (SL_COMPONENT_CATALOG_PRESENT)
|
||||
#include "sl_component_catalog.h"
|
||||
|
|
@ -62,7 +64,7 @@ extern "C" {
|
|||
/// @{
|
||||
|
||||
/// Default configuration for OTP initialisation structure.
|
||||
#if defined(SEMAILBOX_PRESENT) && (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED) && (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
#define SL_SE_OTP_INIT_DEFAULT \
|
||||
{ \
|
||||
.enable_secure_boot = false, \
|
||||
|
|
@ -89,7 +91,7 @@ extern "C" {
|
|||
|
||||
/// @} (end addtogroup sl_se_manager_util)
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
// -------------------------------
|
||||
// Defines for SE functionality
|
||||
|
||||
|
|
@ -159,7 +161,7 @@ extern "C" {
|
|||
/// ECC X25519 key for ECDH
|
||||
#define SL_SE_KEY_TYPE_ECC_X25519 (SL_SE_KEY_TYPE_ECC_MONTGOMERY | (0x20))
|
||||
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) || defined(DOXYGEN)
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
/// Symmetric key type for ChaCha20
|
||||
#define SL_SE_KEY_TYPE_CHACHA20 0x00000020
|
||||
|
||||
|
|
@ -182,7 +184,7 @@ extern "C" {
|
|||
/// can save its in-memory buffer to non-volatile memory as needed to
|
||||
/// provide key persistence.
|
||||
#define SL_SE_KEY_STORAGE_EXTERNAL_PLAINTEXT 0x00
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) || defined(DOXYGEN)
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
/// Key is stored encrypted in application memory. This ensures the key in
|
||||
/// wrapped form is only usable on a specific device. If the key
|
||||
/// additionally needs to be prevented from ever being output as plaintext,
|
||||
|
|
@ -205,7 +207,7 @@ extern "C" {
|
|||
#define SL_SE_KEY_STORAGE_INTERNAL_IMMUTABLE 0x03
|
||||
|
||||
/// List of available internal SE key slots
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) || defined(DOXYGEN)
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
#define SL_SE_KEY_SLOT_VOLATILE_0 0x00 ///< Internal volatile slot 0
|
||||
#define SL_SE_KEY_SLOT_VOLATILE_1 0x01 ///< Internal volatile slot 1
|
||||
#define SL_SE_KEY_SLOT_VOLATILE_2 0x02 ///< Internal volatile slot 2
|
||||
|
|
@ -277,7 +279,7 @@ extern "C" {
|
|||
#define SL_SE_TAMPER_LEVEL_PERMANENTLY_ERASE_OTP 7 ///< Erase OTP - THIS WILL MAKE THE DEVICE INOPERATIONAL!
|
||||
|
||||
// SE tamper signals
|
||||
#if defined(_SILICON_LABS_32B_SERIES_2_CONFIG_1)
|
||||
#if defined(SLI_SE_MAJOR_VERSION_ONE)
|
||||
|
||||
#define SL_SE_TAMPER_SIGNAL_RESERVED_1 0x0 ///< Reserved tamper signal
|
||||
#define SL_SE_TAMPER_SIGNAL_FILTER_COUNTER 0x1 ///< Filter counter exceeds threshold
|
||||
|
|
@ -313,6 +315,43 @@ extern "C" {
|
|||
#define SL_SE_TAMPER_SIGNAL_SE_ICACHE_ERROR 0x1F ///< SE ICACHE checksum error
|
||||
#define SL_SE_TAMPER_SIGNAL_NUM_SIGNALS 0x20 ///< Number of tamper signals
|
||||
|
||||
#elif defined(_SILICON_LABS_32B_SERIES_2_CONFIG_5)
|
||||
|
||||
// SE tamper signals for xG25, with ETAMPDET signal included.
|
||||
#define SL_SE_TAMPER_SIGNAL_RESERVED_1 0x0 ///< Reserved tamper signal
|
||||
#define SL_SE_TAMPER_SIGNAL_FILTER_COUNTER 0x1 ///< Filter counter exceeds threshold
|
||||
#define SL_SE_TAMPER_SIGNAL_WATCHDOG 0x2 ///< SE watchdog timeout
|
||||
#define SL_SE_TAMPER_SIGNAL_RESERVED_2 0x3 ///< Reserved tamper signal
|
||||
#define SL_SE_TAMPER_SIGNAL_SE_RAM_ECC_2 0x4 ///< SE RAM 2-bit ECC error
|
||||
#define SL_SE_TAMPER_SIGNAL_SE_HARDFAULT 0x5 ///< SE CPU hardfault
|
||||
#define SL_SE_TAMPER_SIGNAL_RESERVED_3 0x6 ///< Reserved tamper signal
|
||||
#define SL_SE_TAMPER_SIGNAL_SE_SOFTWARE_ASSERTION 0x7 ///< SE software triggers an assert
|
||||
#define SL_SE_TAMPER_SIGNAL_SE_SECURE_BOOT_FAILED 0x8 ///< Secure boot of SE firmware failed
|
||||
#define SL_SE_TAMPER_SIGNAL_USER_SECURE_BOOT_FAILED 0x9 ///< Secure boot of user code failed
|
||||
#define SL_SE_TAMPER_SIGNAL_MAILBOX_AUTHORIZATION_ERROR 0xA ///< Unauthorised command received over the Mailbox interface
|
||||
#define SL_SE_TAMPER_SIGNAL_DCI_AUTHORIZATION_ERROR 0xB ///< Unauthorised command received over the DCI interface
|
||||
#define SL_SE_TAMPER_SIGNAL_FLASH_INTEGRITY_ERROR 0xC ///< Flash content couldn't be properly authenticated
|
||||
#define SL_SE_TAMPER_SIGNAL_RESERVED_4 0xD ///< Reserved tamper signal
|
||||
#define SL_SE_TAMPER_SIGNAL_SELFTEST_FAILED 0xE ///< Integrity error of internal storage is detected
|
||||
#define SL_SE_TAMPER_SIGNAL_TRNG_MONITOR 0xF ///< TRNG monitor detected lack of entropy
|
||||
#define SL_SE_TAMPER_SIGNAL_SECURE_LOCK_ERROR 0x10 ///< Debug lock internal logic check failed
|
||||
#define SL_SE_TAMPER_ATAMPDET_EMPGD 0x11 ///< Electromagnetic pulse glitch detector
|
||||
#define SL_SE_TAMPER_ATAMPDET_SUPGD 0x12 ///< Supply glitch detector
|
||||
#define SL_SE_TAMPER_SE_ICACHE_ERROR 0x13 ///< SE ICache RAM error
|
||||
#define SL_SE_TAMPER_SIGNAL_SE_RAM_ECC_1 0x14 ///< SE RAM 1-bit ECC error
|
||||
#define SL_SE_TAMPER_SIGNAL_BOD 0x15 ///< Brown-out-detector threshold alert
|
||||
#define SL_SE_TAMPER_SIGNAL_TEMPERATURE_SENSOR 0x16 ///< On-device temperature sensor
|
||||
#define SL_SE_TAMPER_SIGNAL_DPLL_LOCK_FAIL_LOW 0x17 ///< DPLL lock fail low
|
||||
#define SL_SE_TAMPER_SIGNAL_DPLL_LOCK_FAIL_HIGH 0x18 ///< DPLL lock fail high
|
||||
#define SL_SE_TAMPER_SIGNAL_ETAMPDET 0x19 ///< External tamper detect
|
||||
#define SL_SE_TAMPER_SIGNAL_PRS0 0x1a ///< PRS channel 0 asserted
|
||||
#define SL_SE_TAMPER_SIGNAL_PRS1 0x1b ///< PRS channel 1 asserted
|
||||
#define SL_SE_TAMPER_SIGNAL_PRS2 0x1c ///< PRS channel 2 asserted
|
||||
#define SL_SE_TAMPER_SIGNAL_PRS3 0x1d ///< PRS channel 3 asserted
|
||||
#define SL_SE_TAMPER_SIGNAL_PRS4 0x1e ///< PRS channel 4 asserted
|
||||
#define SL_SE_TAMPER_SIGNAL_PRS5 0x1f ///< PRS channel 5 asserted
|
||||
#define SL_SE_TAMPER_SIGNAL_NUM_SIGNALS 0x20 ///< Number of tamper signals
|
||||
|
||||
#else
|
||||
|
||||
// SE tamper signals
|
||||
|
|
@ -398,6 +437,7 @@ extern "C" {
|
|||
|
||||
/// Tamper flags.
|
||||
#define SL_SE_TAMPER_FLAG_DGLITCH_ALWAYS_ON (1UL << 1) /// Digital glitch detector always on
|
||||
#define SL_SE_TAMPER_FLAG_KEEP_TAMPER_ALIVE_DURING_SLEEP (1UL << 2) /// Tamper is kept alive during sleep (down to EM3)
|
||||
|
||||
/// @} (end addtogroup sl_se_manager_util_tamper)
|
||||
|
||||
|
|
@ -412,7 +452,7 @@ extern "C" {
|
|||
/// in the SE Manager API. The purpose of these initialization values is to set
|
||||
/// the context objects to a known safe state initially when the context object
|
||||
/// is declared.
|
||||
#if defined(SL_SE_MANAGER_YIELD_WHILE_WAITING_FOR_COMMAND_COMPLETION) || defined(DOXYGEN)
|
||||
#if defined(SL_SE_MANAGER_YIELD_WHILE_WAITING_FOR_COMMAND_COMPLETION)
|
||||
#define SL_SE_COMMAND_CONTEXT_INIT { SE_COMMAND_DEFAULT(0), false }
|
||||
#else
|
||||
#define SL_SE_COMMAND_CONTEXT_INIT { SE_COMMAND_DEFAULT(0) }
|
||||
|
|
@ -429,6 +469,10 @@ extern "C" {
|
|||
/// Initial values for AES-GCM streaming context struct @ref sl_se_gcm_streaming_context_t
|
||||
#define SL_SE_GCM_STREAMING_INIT_DEFAULT { NULL, 0, 0, { 0 }, { 0 }, \
|
||||
{ 0 }, 0, 0 }
|
||||
|
||||
/// Block size for the AES
|
||||
#define SL_SE_AES_BLOCK_SIZE (16u)
|
||||
|
||||
/// @} (end addtogroup sl_se_manager_cipher)
|
||||
|
||||
/// @addtogroup sl_se_manager_hash
|
||||
|
|
@ -441,13 +485,14 @@ extern "C" {
|
|||
#define SL_SE_SHA512_STREAMING_INIT_DEFAULT { { 0 }, { 0 }, { 0 } } ///< SHA512 streaming hash context
|
||||
/// @} (end addtogroup sl_se_manager_hash)
|
||||
|
||||
#elif defined(CRYPTOACC_PRESENT) // defined(SEMAILBOX_PRESENT)
|
||||
#elif defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED) // defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
// -------------------------------
|
||||
// Defines for Root code functionality
|
||||
|
||||
#define SL_SE_COMMAND_CONTEXT_INIT { SE_COMMAND_DEFAULT(0) }
|
||||
#define SL_SE_ROOT_CONFIG_MCU_SETTINGS_SHIFT 16U
|
||||
#endif // defined(SEMAILBOX_PRESENT)
|
||||
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
@ -455,6 +500,6 @@ extern "C" {
|
|||
|
||||
/// @} (end addtogroup sl_se)
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT) || defined(CRYPTOACC_PRESENT)
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED) || defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
#endif // SE_MANAGER_DEFINES_H
|
||||
|
|
|
|||
|
|
@ -30,9 +30,9 @@
|
|||
#ifndef SL_SE_MANAGER_ENTROPY_H
|
||||
#define SL_SE_MANAGER_ENTROPY_H
|
||||
|
||||
#include "em_device.h"
|
||||
#include "sli_se_manager_features.h"
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
/// @addtogroup sl_se_manager
|
||||
/// @{
|
||||
|
|
@ -92,6 +92,6 @@ sl_status_t sl_se_get_random(sl_se_command_context_t *cmd_ctx,
|
|||
/// @} (end addtogroup sl_se_manager_entropy)
|
||||
/// @} (end addtogroup sl_se)
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT)
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
#endif // SL_SE_MANAGER_ENTROPY_H
|
||||
|
|
|
|||
|
|
@ -30,9 +30,9 @@
|
|||
#ifndef SL_SE_MANAGER_HASH_H
|
||||
#define SL_SE_MANAGER_HASH_H
|
||||
|
||||
#include "em_device.h"
|
||||
#include "sli_se_manager_features.h"
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
/// @addtogroup sl_se_manager
|
||||
/// @{
|
||||
|
|
@ -124,33 +124,6 @@ sl_status_t sl_se_hash(sl_se_command_context_t *cmd_ctx,
|
|||
sl_status_t sl_se_hash_sha1_multipart_starts(sl_se_sha1_multipart_context_t *sha1_ctx,
|
||||
sl_se_command_context_t *cmd_ctx);
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Deprecated, please switch to using \ref sl_se_hash1_multipart_starts().
|
||||
*
|
||||
* Prepare a SHA1 hash streaming command context object.
|
||||
*
|
||||
* @details
|
||||
* Prepare a SHA1 hash streaming command context object to be used in
|
||||
* subsequent calls to hash streaming functions sl_se_hash_update() and
|
||||
* sl_se_hash_finish().
|
||||
*
|
||||
* @param[in] hash_ctx
|
||||
* Pointer to a generic hash streaming context object.
|
||||
*
|
||||
* @param[in] cmd_ctx
|
||||
* Pointer to an SE command context object.
|
||||
*
|
||||
* @param[in] sha1_ctx
|
||||
* Pointer to a SHA1 streaming context object.
|
||||
*
|
||||
* @return
|
||||
* Status code, @ref sl_status.h.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_hash_sha1_starts(sl_se_hash_streaming_context_t *hash_ctx,
|
||||
sl_se_command_context_t *cmd_ctx,
|
||||
sl_se_sha1_streaming_context_t *sha1_ctx) SL_DEPRECATED_API_SDK_3_3;
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Prepare a SHA224 hash streaming command context object.
|
||||
|
|
@ -172,33 +145,6 @@ sl_status_t sl_se_hash_sha1_starts(sl_se_hash_streaming_context_t *hash_ctx,
|
|||
sl_status_t sl_se_hash_sha224_multipart_starts(sl_se_sha224_multipart_context_t *sha224_ctx,
|
||||
sl_se_command_context_t *cmd_ctx);
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Deprecated, please switch to using \ref sl_se_hash224_multipart_starts().
|
||||
*
|
||||
* Prepare a SHA224 hash streaming command context object.
|
||||
*
|
||||
* @details
|
||||
* Prepare a SHA224 hash streaming command context object to be used in
|
||||
* subsequent calls to hash streaming functions sl_se_hash_update() and
|
||||
* sl_se_hash_finish().
|
||||
*
|
||||
* @param[in] hash_ctx
|
||||
* Pointer to a generic hash streaming context object.
|
||||
*
|
||||
* @param[in] cmd_ctx
|
||||
* Pointer to an SE command context object.
|
||||
*
|
||||
* @param[in] sha224_ctx
|
||||
* Pointer to a SHA224 streaming context object.
|
||||
*
|
||||
* @return
|
||||
* Status code, @ref sl_status.h.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_hash_sha224_starts(sl_se_hash_streaming_context_t *hash_ctx,
|
||||
sl_se_command_context_t *cmd_ctx,
|
||||
sl_se_sha224_streaming_context_t *sha224_ctx) SL_DEPRECATED_API_SDK_3_3;
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Prepare a SHA256 hash streaming command context object.
|
||||
|
|
@ -220,34 +166,7 @@ sl_status_t sl_se_hash_sha224_starts(sl_se_hash_streaming_context_t *hash_ctx,
|
|||
sl_status_t sl_se_hash_sha256_multipart_starts(sl_se_sha256_multipart_context_t *sha256_ctx,
|
||||
sl_se_command_context_t *cmd_ctx);
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Deprecated, please switch to using \ref sl_se_hash256_multipart_starts().
|
||||
*
|
||||
* Prepare a SHA256 hash streaming command context object.
|
||||
*
|
||||
* @details
|
||||
* Prepare a SHA256 hash streaming command context object to be used in
|
||||
* subsequent calls to hash streaming functions sl_se_hash_update() and
|
||||
* sl_se_hash_finish().
|
||||
*
|
||||
* @param[in] hash_ctx
|
||||
* Pointer to a generic hash streaming context object.
|
||||
*
|
||||
* @param[in] cmd_ctx
|
||||
* Pointer to an SE command context object.
|
||||
*
|
||||
* @param[in] sha256_ctx
|
||||
* Pointer to a SHA256 streaming context object.
|
||||
*
|
||||
* @return
|
||||
* Status code, @ref sl_status.h.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_hash_sha256_starts(sl_se_hash_streaming_context_t *hash_ctx,
|
||||
sl_se_command_context_t *cmd_ctx,
|
||||
sl_se_sha256_streaming_context_t *sha256_ctx) SL_DEPRECATED_API_SDK_3_3;
|
||||
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) || defined(DOXYGEN)
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Prepare a SHA384 streaming command context object.
|
||||
|
|
@ -269,33 +188,6 @@ sl_status_t sl_se_hash_sha256_starts(sl_se_hash_streaming_context_t *hash_ctx,
|
|||
sl_status_t sl_se_hash_sha384_multipart_starts(sl_se_sha384_multipart_context_t *sha384_ctx,
|
||||
sl_se_command_context_t *cmd_ctx);
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Deprecated, please switch to using \ref sl_se_hash384_multipart_starts().
|
||||
*
|
||||
* Prepare a SHA384 streaming command context object.
|
||||
*
|
||||
* @details
|
||||
* Prepare a SHA384 hash streaming command context object to be used in
|
||||
* subsequent calls to hash streaming functions sl_se_hash_update() and
|
||||
* sl_se_hash_finish().
|
||||
*
|
||||
* @param[in] hash_ctx
|
||||
* Pointer to a generic hash streaming context object.
|
||||
*
|
||||
* @param[in] cmd_ctx
|
||||
* Pointer to an SE command context object.
|
||||
*
|
||||
* @param[in] sha384_ctx
|
||||
* Pointer to a SHA384 streaming context object.
|
||||
*
|
||||
* @return
|
||||
* Status code, @ref sl_status.h.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_hash_sha384_starts(sl_se_hash_streaming_context_t *hash_ctx,
|
||||
sl_se_command_context_t *cmd_ctx,
|
||||
sl_se_sha384_streaming_context_t *sha384_ctx) SL_DEPRECATED_API_SDK_3_3;
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Prepare a SHA512 streaming command context object.
|
||||
|
|
@ -317,32 +209,6 @@ sl_status_t sl_se_hash_sha384_starts(sl_se_hash_streaming_context_t *hash_ctx,
|
|||
sl_status_t sl_se_hash_sha512_multipart_starts(sl_se_sha512_multipart_context_t *sha512_ctx,
|
||||
sl_se_command_context_t *cmd_ctx);
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Deprecated, please switch to using \ref sl_se_hash512_multipart_starts().
|
||||
*
|
||||
* Prepare a SHA512 streaming command context object.
|
||||
*
|
||||
* @details
|
||||
* Prepare a SHA512 hash streaming command context object to be used in
|
||||
* subsequent calls to hash streaming functions sl_se_hash_update() and
|
||||
* sl_se_hash_finish().
|
||||
*
|
||||
* @param[in] hash_ctx
|
||||
* Pointer to a generic hash streaming context object.
|
||||
*
|
||||
* @param[in] cmd_ctx
|
||||
* Pointer to an SE command context object.
|
||||
*
|
||||
* @param[in] sha512_ctx
|
||||
* Pointer to a SHA512 streaming context object.
|
||||
*
|
||||
* @return
|
||||
* Status code, @ref sl_status.h.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_hash_sha512_starts(sl_se_hash_streaming_context_t *hash_ctx,
|
||||
sl_se_command_context_t *cmd_ctx,
|
||||
sl_se_sha512_streaming_context_t *sha512_ctx) SL_DEPRECATED_API_SDK_3_3;
|
||||
#endif // (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
|
||||
/***************************************************************************//**
|
||||
|
|
@ -372,38 +238,6 @@ sl_status_t sl_se_hash_multipart_starts(void *hash_type_ctx,
|
|||
sl_se_command_context_t *cmd_ctx,
|
||||
sl_se_hash_type_t hash_type);
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Deprecated, please switch to using \ref sl_se_hash_multipart_starts().
|
||||
*
|
||||
* Prepare a hash streaming command context object.
|
||||
*
|
||||
* @details
|
||||
* Prepare a hash (message digest) streaming command context object to be
|
||||
* used in subsequent calls to hash streaming functions sl_se_hash_update()
|
||||
* and sl_se_hash_finish().
|
||||
*
|
||||
* @param[in] hash_ctx
|
||||
* Pointer to a generic hash streaming context object.
|
||||
*
|
||||
* @param[in] cmd_ctx
|
||||
* Pointer to an SE command context object.
|
||||
*
|
||||
* @param[in] hash_type
|
||||
* Type of hash algoritm
|
||||
*
|
||||
* @param[in] hash_type_ctx
|
||||
* Pointer to a hash streaming context object specific to the hash type
|
||||
* specified by @p hash_type.
|
||||
*
|
||||
* @return
|
||||
* Status code, @ref sl_status.h.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_hash_starts(sl_se_hash_streaming_context_t *hash_ctx,
|
||||
sl_se_command_context_t *cmd_ctx,
|
||||
sl_se_hash_type_t hash_type,
|
||||
void *hash_type_ctx) SL_DEPRECATED_API_SDK_3_3;
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Feeds an input buffer into an ongoing hash computation.
|
||||
|
|
@ -433,32 +267,6 @@ sl_status_t sl_se_hash_multipart_update(void *hash_type_ctx,
|
|||
const uint8_t *input,
|
||||
size_t input_len);
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Deprecated, please switch to using \ref sl_se_hash_multipart_update().
|
||||
*
|
||||
* Feeds an input buffer into an ongoing hash computation.
|
||||
*
|
||||
* This function is called between @ref sl_se_hash_starts() and
|
||||
* @ref sl_se_hash_finish().
|
||||
* This function can be called repeatedly.
|
||||
*
|
||||
* @param[in] hash_ctx
|
||||
* Pointer to a generic hash streaming context object.
|
||||
*
|
||||
* @param[in] input
|
||||
* Buffer holding the input data, must be at least @p ilen bytes wide.
|
||||
*
|
||||
* @param[in] input_len
|
||||
* The length of the input data in bytes.
|
||||
*
|
||||
* @return
|
||||
* Status code, @ref sl_status.h.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_hash_update(sl_se_hash_streaming_context_t *hash_ctx,
|
||||
const uint8_t *input,
|
||||
size_t input_len) SL_DEPRECATED_API_SDK_3_3;
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Finish a hash streaming operation and return the resulting hash digest.
|
||||
|
|
@ -488,32 +296,6 @@ sl_status_t sl_se_hash_multipart_finish(void *hash_type_ctx,
|
|||
uint8_t *digest_out,
|
||||
size_t digest_len);
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Deprecated, please switch to using \ref sl_se_hash_multipart_finish().
|
||||
*
|
||||
* Finish a hash streaming operation and return the resulting hash digest.
|
||||
*
|
||||
* This function is called after sl_se_hash_update().
|
||||
*
|
||||
* @param[in] hash_ctx
|
||||
* Pointer to a generic hash streaming context object.
|
||||
*
|
||||
* @param[out] digest_out
|
||||
* Buffer for holding the message digest (hash), must be at least the size
|
||||
* of the corresponding message digest type.
|
||||
*
|
||||
* @param[in] digest_len
|
||||
* The length of the message digest (hash), must be at least the size of the
|
||||
* corresponding hash type.
|
||||
*
|
||||
* @return
|
||||
* Status code, @ref sl_status.h.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_hash_finish(sl_se_hash_streaming_context_t *hash_ctx,
|
||||
uint8_t *digest_out,
|
||||
size_t digest_len) SL_DEPRECATED_API_SDK_3_3;
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
@ -521,6 +303,6 @@ sl_status_t sl_se_hash_finish(sl_se_hash_streaming_context_t *hash_ctx,
|
|||
/// @} (end addtogroup sl_se_manager_hash)
|
||||
/// @} (end addtogroup sl_se_manager)
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT)
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
#endif // SL_SE_MANAGER_HASH_H
|
||||
|
|
|
|||
|
|
@ -30,12 +30,12 @@
|
|||
#ifndef SL_SE_MANAGER_INTERNAL_KEYS
|
||||
#define SL_SE_MANAGER_INTERNAL_KEYS
|
||||
|
||||
#include "em_device.h"
|
||||
#include "sli_se_manager_features.h"
|
||||
#include "sl_se_manager_defines.h"
|
||||
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) || defined(DOXYGEN)
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
|
||||
#if defined(_SILICON_LABS_32B_SERIES_2_CONFIG_1)
|
||||
#if defined(SLI_SE_MAJOR_VERSION_ONE)
|
||||
/// Key descriptor for internal application attestation key
|
||||
#define SL_SE_APPLICATION_ATTESTATION_KEY \
|
||||
{ \
|
||||
|
|
|
|||
|
|
@ -30,9 +30,9 @@
|
|||
#ifndef SL_SE_MANAGER_KEY_DERIVATION_H
|
||||
#define SL_SE_MANAGER_KEY_DERIVATION_H
|
||||
|
||||
#include "em_device.h"
|
||||
#include "sli_se_manager_features.h"
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
/// @addtogroup sl_se_manager
|
||||
/// @{
|
||||
|
|
@ -338,7 +338,7 @@ sl_status_t sl_se_ecjpake_write_round_two(sl_se_ecjpake_context_t *ctx,
|
|||
// -------------------------------
|
||||
// Key derivation functions
|
||||
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) || defined(DOXYGEN)
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Derive a pseudorandom key from the input key material using HKDF.
|
||||
|
|
@ -431,6 +431,6 @@ sl_status_t sl_se_derive_key_pbkdf2(sl_se_command_context_t *cmd_ctx,
|
|||
/// @} (end addtogroup sl_se_manager_key_derivation)
|
||||
/// @} (end addtogroup sl_se_manager)
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT)
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
#endif // SL_SE_MANAGER_KEY_DERIVATION_H
|
||||
|
|
|
|||
|
|
@ -30,9 +30,9 @@
|
|||
#ifndef SL_SE_MANAGER_KEY_HANDLING_H
|
||||
#define SL_SE_MANAGER_KEY_HANDLING_H
|
||||
|
||||
#include "em_device.h"
|
||||
#include "sli_se_manager_features.h"
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
/// @addtogroup sl_se_manager
|
||||
/// @{
|
||||
|
|
@ -253,6 +253,6 @@ sl_status_t sl_se_get_storage_size(const sl_se_key_descriptor_t *key,
|
|||
/** @} (end addtogroup sl_se_key) */
|
||||
/** @} (end addtogroup sl_se) */
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT)
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
#endif // SL_SE_MANAGER_KEY_HANDLING_H
|
||||
|
|
|
|||
|
|
@ -30,9 +30,9 @@
|
|||
#ifndef SL_SE_MANAGER_SIGNATURE_H
|
||||
#define SL_SE_MANAGER_SIGNATURE_H
|
||||
|
||||
#include "em_device.h"
|
||||
#include "sli_se_manager_features.h"
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
/// @addtogroup sl_se_manager
|
||||
/// @{
|
||||
|
|
@ -180,6 +180,6 @@ sl_status_t sl_se_ecc_verify(sl_se_command_context_t *cmd_ctx,
|
|||
/// @} (end addtogroup sl_se_manager_signature)
|
||||
/// @} (end addtogroup sl_se_manager)
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT)
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
#endif // SL_SE_MANAGER_SIGNATURE_H
|
||||
|
|
|
|||
|
|
@ -30,9 +30,9 @@
|
|||
#ifndef SL_SE_MANAGER_TYPES_H
|
||||
#define SL_SE_MANAGER_TYPES_H
|
||||
|
||||
#include "em_device.h"
|
||||
#include "sli_se_manager_features.h"
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(CRYPTOACC_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED) || defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
/// @addtogroup sl_se_manager
|
||||
/// @{
|
||||
|
|
@ -57,16 +57,16 @@ extern "C" {
|
|||
typedef enum {
|
||||
SL_SE_KEY_TYPE_IMMUTABLE_BOOT = 0,
|
||||
SL_SE_KEY_TYPE_IMMUTABLE_AUTH,
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
SL_SE_KEY_TYPE_IMMUTABLE_AES_128,
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) || defined(DOXYGEN)
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
SL_SE_KEY_TYPE_IMMUTABLE_ATTESTATION,
|
||||
SL_SE_KEY_TYPE_IMMUTABLE_SE_ATTESTATION,
|
||||
#endif // _SILICON_LABS_SECURITY_FEATURE_VAULT
|
||||
#endif // SEMAILBOX_PRESENT
|
||||
#endif // SLI_MAILBOX_COMMAND_SUPPORTED
|
||||
} sl_se_device_key_type_t;
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT) && (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED) && (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
/// SE tamper signal levels
|
||||
typedef uint8_t sl_se_tamper_level_t;
|
||||
|
||||
|
|
@ -106,7 +106,7 @@ typedef struct {
|
|||
/// secure-booted image, including the last page if end of signature is not
|
||||
/// page-aligned.
|
||||
bool secure_boot_page_lock_full;
|
||||
#if defined(SEMAILBOX_PRESENT) && (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED) && (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
/// List of tamper levels to configure for the different tamper sources.
|
||||
sl_se_tamper_level_t tamper_levels[SL_SE_TAMPER_SIGNAL_NUM_SIGNALS];
|
||||
/// Reset period for the tamper filter counter.
|
||||
|
|
@ -139,13 +139,13 @@ typedef struct {
|
|||
******************************************************************************/
|
||||
typedef struct sl_se_command_context_t {
|
||||
SE_Command_t command; ///< SE mailbox command struct
|
||||
#if defined(SL_SE_MANAGER_YIELD_WHILE_WAITING_FOR_COMMAND_COMPLETION) || defined(DOXYGEN)
|
||||
#if defined(SL_SE_MANAGER_YIELD_WHILE_WAITING_FOR_COMMAND_COMPLETION)
|
||||
bool yield; ///< If true, yield the CPU core while
|
||||
///< waiting for the SE mailbox command
|
||||
///< to complete. If false, busy-wait, by
|
||||
///< polling the SE mailbox response
|
||||
///< register.
|
||||
#endif // SEMAILBOX_PRESENT
|
||||
#endif // SL_SE_MANAGER_YIELD_WHILE_WAITING_FOR_COMMAND_COMPLETION
|
||||
} sl_se_command_context_t;
|
||||
|
||||
/// @} (end addtogroup sl_se_manager_core)
|
||||
|
|
@ -156,7 +156,7 @@ typedef struct sl_se_command_context_t {
|
|||
/// SE Debug lock flags
|
||||
typedef uint32_t sl_se_debug_flags_t;
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
/// Debug lock options
|
||||
typedef struct {
|
||||
/// Non-Secure, Invasive debug access enabled if true. If false, it is not
|
||||
|
|
@ -193,7 +193,7 @@ typedef struct {
|
|||
/// True if locked with @ref sl_se_apply_debug_lock().
|
||||
/// False if new clean, erased or unlocked with @ref sl_se_open_debug().
|
||||
bool debug_port_lock_state;
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
/// Debug option configuration as set by @ref sl_se_set_debug_options().
|
||||
sl_se_debug_options_t options_config;
|
||||
/// Current state of debug options, locked by @ref sl_se_set_debug_options() and
|
||||
|
|
@ -204,7 +204,7 @@ typedef struct {
|
|||
|
||||
/// @} (end addtogroup sl_se_manager_util)
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
/// @addtogroup sl_se_manager_key_handling
|
||||
/// @{
|
||||
|
|
@ -262,7 +262,7 @@ typedef struct {
|
|||
const void* domain;
|
||||
} sl_se_key_descriptor_t;
|
||||
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) || defined(DOXYGEN)
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
/// Custom Weierstrass curve structure.
|
||||
typedef struct {
|
||||
/// Domain size in bytes.
|
||||
|
|
@ -312,6 +312,8 @@ typedef struct {
|
|||
sl_se_debug_status_t debug_status;
|
||||
/// Secure boot enabled.
|
||||
bool secure_boot_enabled;
|
||||
/// Active mode enabled.
|
||||
bool active_mode_enabled;
|
||||
/// Recorded tamper status. Reset on status read.
|
||||
uint32_t tamper_status;
|
||||
/// Currently active tamper sources.
|
||||
|
|
@ -337,13 +339,6 @@ typedef struct {
|
|||
size_t length; ///< Length of all processed and unprocessed data
|
||||
} sl_se_cmac_multipart_context_t;
|
||||
|
||||
/// CMAC streaming context. Deprecated.
|
||||
typedef struct {
|
||||
sl_se_command_context_t *cmd_ctx; ///< Pointer to command context object
|
||||
const sl_se_key_descriptor_t *key; ///< Pointer to key object
|
||||
sl_se_cmac_multipart_context_t cmac_ctx; ///< CMAC streaming context
|
||||
} sl_se_cmac_streaming_context_t;
|
||||
|
||||
/// CCM streaming context.
|
||||
typedef struct {
|
||||
uint32_t processed_message_length;///< Current length of the encrypted/decrypted data
|
||||
|
|
@ -351,7 +346,7 @@ typedef struct {
|
|||
uint8_t iv[13]; ///< Nonce (MAX size is 13 bytes)
|
||||
uint32_t tag_len; ///< Tag length
|
||||
sl_se_cipher_operation_t mode;///< CCM mode (decrypt or encrypt)
|
||||
#if (_SILICON_LABS_32B_SERIES_2_CONFIG == 1)
|
||||
#if defined(SLI_SE_MAJOR_VERSION_ONE)
|
||||
uint8_t nonce_counter[16]; ///< Counter to keep CTR state
|
||||
uint8_t iv_len; ///< Nonce length
|
||||
uint8_t cbc_mac_state[16]; ///< State of authenication/MAC
|
||||
|
|
@ -366,23 +361,10 @@ typedef struct {
|
|||
uint8_t final_data_length; ///< Length of data saved
|
||||
} sl_se_ccm_multipart_context_t;
|
||||
|
||||
/// GCM streaming context. Deprecated.
|
||||
typedef struct {
|
||||
sl_se_command_context_t *cmd_ctx; ///< Pointer to command context object
|
||||
const sl_se_key_descriptor_t *key;///< Pointer to key object
|
||||
uint64_t len; ///< Total length of the encrypted data
|
||||
uint64_t add_len; ///< Total length of the additional data
|
||||
uint8_t se_ctx_enc[32]; ///< SE encryption state
|
||||
uint8_t se_ctx_dec[32]; ///< SE decryption state
|
||||
uint8_t tagbuf[16]; ///< Tag
|
||||
int mode; ///< GCM mode
|
||||
bool last_op; ///< Last operation / update
|
||||
} sl_se_gcm_streaming_context_t;
|
||||
|
||||
typedef struct {
|
||||
uint64_t len; ///< Total length of the encrypted data
|
||||
uint64_t add_len; ///< Total length of the additional data
|
||||
#if (_SILICON_LABS_32B_SERIES_2_CONFIG < 3)
|
||||
#if defined(SLI_SE_MAJOR_VERSION_ONE)
|
||||
uint8_t tagbuf[16]; ///< Tag
|
||||
uint8_t previous_se_ctx[32]; ///< SE state from previous operation
|
||||
#endif
|
||||
|
|
@ -404,21 +386,13 @@ typedef enum {
|
|||
SL_SE_HASH_SHA1, ///< SHA-1
|
||||
SL_SE_HASH_SHA224, ///< SHA-224
|
||||
SL_SE_HASH_SHA256, ///< SHA-256
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) || defined(DOXYGEN)
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
SL_SE_HASH_SHA384, ///< SHA-384
|
||||
SL_SE_HASH_SHA512, ///< SHA-512
|
||||
#endif
|
||||
} sl_se_hash_type_t;
|
||||
|
||||
/// Generic hash streaming context. Deprecated.
|
||||
typedef struct {
|
||||
sl_se_command_context_t *cmd_ctx; ///< Pointer to command context object
|
||||
sl_se_hash_type_t hash_type; ///< Hash type
|
||||
size_t size; ///< Hash output size
|
||||
void *hash_type_ctx; ///< Pointer to hash specific context
|
||||
} sl_se_hash_streaming_context_t;
|
||||
|
||||
/// SHA-1 streaming context. Safe to use.
|
||||
/// SHA-1 streaming context.
|
||||
typedef struct {
|
||||
sl_se_hash_type_t hash_type; ///< Hash streaming context
|
||||
uint32_t total[2]; ///< number of bytes processed
|
||||
|
|
@ -426,14 +400,7 @@ typedef struct {
|
|||
uint8_t buffer[64]; ///< data block being processed
|
||||
} sl_se_sha1_multipart_context_t;
|
||||
|
||||
/// SHA-1 streaming context. Deprecated.
|
||||
typedef struct {
|
||||
uint32_t total[2]; ///< number of bytes processed
|
||||
uint8_t state[32]; ///< intermediate digest state
|
||||
uint8_t buffer[64]; ///< data block being processed
|
||||
} sl_se_sha1_streaming_context_t;
|
||||
|
||||
/// SHA-224 streaming context. Safe to use.
|
||||
/// SHA-224 streaming context.
|
||||
typedef struct {
|
||||
sl_se_hash_type_t hash_type; ///< Hash streaming context
|
||||
uint32_t total[2]; ///< Number of bytes processed
|
||||
|
|
@ -441,14 +408,7 @@ typedef struct {
|
|||
uint8_t buffer[64]; ///< Data block being processed
|
||||
} sl_se_sha224_multipart_context_t;
|
||||
|
||||
/// SHA-224 streaming context. Deprecated.
|
||||
typedef struct {
|
||||
uint32_t total[2]; ///< Number of bytes processed
|
||||
uint8_t state[32]; ///< Intermediate digest state
|
||||
uint8_t buffer[64]; ///< Data block being processed
|
||||
} sl_se_sha224_streaming_context_t;
|
||||
|
||||
/// SHA-256 streaming context. Safe to use.
|
||||
/// SHA-256 streaming context.
|
||||
typedef struct {
|
||||
sl_se_hash_type_t hash_type; ///< Hash streaming context
|
||||
uint32_t total[2]; ///< Number of bytes processed
|
||||
|
|
@ -456,15 +416,8 @@ typedef struct {
|
|||
uint8_t buffer[64]; ///< Data block being processed
|
||||
} sl_se_sha256_multipart_context_t;
|
||||
|
||||
/// SHA-256 streaming context. Deprecated.
|
||||
typedef struct {
|
||||
uint32_t total[2]; ///< Number of bytes processed
|
||||
uint8_t state[32]; ///< Intermediate digest state
|
||||
uint8_t buffer[64]; ///< Data block being processed
|
||||
} sl_se_sha256_streaming_context_t;
|
||||
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) || defined(DOXYGEN)
|
||||
/// SHA-384 streaming context. Safe to use.
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
/// SHA-384 streaming context.
|
||||
typedef struct {
|
||||
sl_se_hash_type_t hash_type; ///< Hash streaming context
|
||||
uint32_t total[4]; ///< Number of bytes processed
|
||||
|
|
@ -472,14 +425,7 @@ typedef struct {
|
|||
uint8_t buffer[128]; ///< Data block being processed
|
||||
} sl_se_sha384_multipart_context_t;
|
||||
|
||||
/// SHA-384 streaming context. Deprecated.
|
||||
typedef struct {
|
||||
uint32_t total[4]; ///< Number of bytes processed
|
||||
uint8_t state[64]; ///< Intermediate digest state
|
||||
uint8_t buffer[128]; ///< Data block being processed
|
||||
} sl_se_sha384_streaming_context_t;
|
||||
|
||||
/// SHA-512 streaming context. Safe to use.
|
||||
/// SHA-512 streaming context.
|
||||
typedef struct {
|
||||
sl_se_hash_type_t hash_type; ///< Hash streaming context
|
||||
uint32_t total[4]; ///< Number of bytes processed
|
||||
|
|
@ -487,12 +433,6 @@ typedef struct {
|
|||
uint8_t buffer[128]; ///< Data block being processed
|
||||
} sl_se_sha512_multipart_context_t;
|
||||
|
||||
/// SHA-512 streaming context. Deprecated.
|
||||
typedef struct {
|
||||
uint32_t total[4]; ///< Number of bytes processed
|
||||
uint8_t state[64]; ///< Intermediate digest state
|
||||
uint8_t buffer[128]; ///< Data block being processed
|
||||
} sl_se_sha512_streaming_context_t;
|
||||
#endif
|
||||
|
||||
/// @} (end addtogroup sl_se_manager_hash)
|
||||
|
|
@ -533,7 +473,7 @@ typedef struct {
|
|||
uint8_t Xp[64]; ///< Their point (round 2)
|
||||
} sl_se_ecjpake_context_t;
|
||||
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) || defined(DOXYGEN)
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
/// Typedef sl_se_pbkdf2_prf_type_t to sl_se_hash_type_t in order to maintain
|
||||
/// backward compatibility. Defines for mapping the PRF identifiers to the
|
||||
/// underlying hash enum values exists in sl_se_manager_defines.h.
|
||||
|
|
@ -542,7 +482,7 @@ typedef sl_se_hash_type_t sl_se_pbkdf2_prf_type_t;
|
|||
|
||||
/// @} (end addtogroup sl_se_manager_key_derivation)
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT)
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
@ -550,6 +490,6 @@ typedef sl_se_hash_type_t sl_se_pbkdf2_prf_type_t;
|
|||
|
||||
/// @} (end addtogroup sl_se_manager)
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT) || defined(CRYPTOACC_PRESENT)
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED) || defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
#endif // SL_SE_MANAGER_TYPES_H
|
||||
|
|
|
|||
|
|
@ -30,9 +30,9 @@
|
|||
#ifndef SL_SE_MANAGER_UTIL_H
|
||||
#define SL_SE_MANAGER_UTIL_H
|
||||
|
||||
#include "em_device.h"
|
||||
#include "sli_se_manager_features.h"
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(CRYPTOACC_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED) || defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
/// @addtogroup sl_se_manager
|
||||
/// @{
|
||||
|
|
@ -295,6 +295,26 @@ sl_status_t sl_se_read_pubkey(sl_se_command_context_t *cmd_ctx,
|
|||
sl_status_t sl_se_init_otp(sl_se_command_context_t *cmd_ctx,
|
||||
sl_se_otp_init_t *otp_init);
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Read the OTP firmware version of the SE module.
|
||||
*
|
||||
* @param[in] cmd_ctx
|
||||
* Pointer to an SE command context object.
|
||||
*
|
||||
* @param[out] version
|
||||
* Pointer to uint32_t word where version shall be returned.
|
||||
*
|
||||
* @return
|
||||
* One of the following sl_status_t codes:
|
||||
* @retval SL_STATUS_OK when the command was executed successfully
|
||||
* @retval SL_STATUS_INVALID_OPERATION when the SE command ID is not recognized
|
||||
* @retval SL_STATUS_INVALID_CREDENTIALS when the command is not authorized
|
||||
* @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_get_otp_version(sl_se_command_context_t *cmd_ctx,
|
||||
uint32_t *version);
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Read SE OTP configuration.
|
||||
|
|
@ -371,7 +391,7 @@ sl_status_t sl_se_get_debug_lock_status(sl_se_command_context_t *cmd_ctx,
|
|||
******************************************************************************/
|
||||
sl_status_t sl_se_apply_debug_lock(sl_se_command_context_t *cmd_ctx);
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Writes data to User Data section in MTP. Write data must be aligned to
|
||||
|
|
@ -456,27 +476,7 @@ sl_status_t sl_se_get_status(sl_se_command_context_t *cmd_ctx,
|
|||
sl_status_t sl_se_get_serialnumber(sl_se_command_context_t *cmd_ctx,
|
||||
void *serial);
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Read the OTP firmware version of the SE module.
|
||||
*
|
||||
* @param[in] cmd_ctx
|
||||
* Pointer to an SE command context object.
|
||||
*
|
||||
* @param[out] version
|
||||
* Pointer to uint32_t word where version shall be returned.
|
||||
*
|
||||
* @return
|
||||
* One of the following sl_status_t codes:
|
||||
* @retval SL_STATUS_OK when the command was executed successfully
|
||||
* @retval SL_STATUS_INVALID_OPERATION when the SE command ID is not recognized
|
||||
* @retval SL_STATUS_INVALID_CREDENTIALS when the command is not authorized
|
||||
* @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_get_otp_version(sl_se_command_context_t *cmd_ctx,
|
||||
uint32_t *version);
|
||||
|
||||
#if defined(_SILICON_LABS_32B_SERIES_2_CONFIG_1) || defined(DOXYGEN)
|
||||
#if defined(SLI_SE_COMMAND_STATUS_READ_RSTCAUSE_AVAILABLE)
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Read the EMU->RSTCAUSE after a tamper reset. This function should be called
|
||||
|
|
@ -494,9 +494,38 @@ sl_status_t sl_se_get_otp_version(sl_se_command_context_t *cmd_ctx,
|
|||
* @retval SL_STATUS_INVALID_OPERATION when the SE command ID is not recognized
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_get_reset_cause(sl_se_command_context_t *cmd_ctx,
|
||||
uint32_t* reset_cause);
|
||||
uint32_t *reset_cause);
|
||||
#endif
|
||||
|
||||
#if defined(SLI_SE_COMMAND_READ_TAMPER_RESET_CAUSE_AVAILABLE)
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Read the latest cached tamper reset cause. The returned value is the index
|
||||
* of the tamper source that caused a reset.
|
||||
* Requires SE version 2.2.1 or above.
|
||||
*
|
||||
* @param[in] cmd_ctx
|
||||
* Pointer to an SE command context object.
|
||||
*
|
||||
* @param[out] was_tamper_reset
|
||||
* Pointer to bool that indicates if a tamper event occurred. If the cached
|
||||
* value is 0 this will be false, true otherwise.
|
||||
*
|
||||
* @param[out] reset_cause
|
||||
* Pointer to a uint32_t where the cached reset cause value should
|
||||
* be returned.
|
||||
*
|
||||
* @return
|
||||
* One of the following sl_status_t codes:
|
||||
* @retval SL_STATUS_OK when the command was executed successfully
|
||||
* @retval SL_STATUS_INVALID_OPERATION when the SE command ID is not recognized
|
||||
* @retval SL_STATUS_INVALID_PARAMETER when cmd_ctx or reset_cause is NULL
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_get_tamper_reset_cause(sl_se_command_context_t *cmd_ctx,
|
||||
bool *was_tamper_reset,
|
||||
uint32_t *reset_cause);
|
||||
#endif // SLI_SE_COMMAND_READ_TAMPER_RESET_CAUSE_AVAILABLE
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Enables the secure debug functionality.
|
||||
|
|
@ -669,7 +698,7 @@ sl_status_t sl_se_open_debug(sl_se_command_context_t *cmd_ctx,
|
|||
uint32_t len,
|
||||
const sl_se_debug_options_t *debug_options);
|
||||
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) || defined(DOXYGEN)
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Temporarily disable tamper configuration using certificate and signed
|
||||
|
|
@ -741,7 +770,48 @@ sl_status_t sl_se_read_cert(sl_se_command_context_t *cmd_ctx,
|
|||
void *cert,
|
||||
uint32_t num_bytes);
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT)
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Enter SE active mode.
|
||||
*
|
||||
* @details
|
||||
* SE will enter active mode. This will ensure SE is not powered down between
|
||||
* operations, at the expense of increased power consumption.
|
||||
*
|
||||
* @warning
|
||||
* Active mode will prevent entry to EM2/3/4. To allow energy mode entry, exit
|
||||
* active mode through @ref sl_se_exit_active_mode().
|
||||
*
|
||||
* @param[in] cmd_ctx
|
||||
* Pointer to an SE command context object.
|
||||
*
|
||||
* @return
|
||||
* One of the following sl_status_t codes:
|
||||
* @retval SL_STATUS_OK when the command was executed successfully
|
||||
* @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed
|
||||
* @retval SL_STATUS_COMMAND_IS_INVALID when already in active mode
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_enter_active_mode(sl_se_command_context_t *cmd_ctx);
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Exit SE active mode.
|
||||
*
|
||||
* @details
|
||||
* SE will exit active mode.
|
||||
*
|
||||
* @param[in] cmd_ctx
|
||||
* Pointer to an SE command context object.
|
||||
*
|
||||
* @return
|
||||
* One of the following sl_status_t codes:
|
||||
* @retval SL_STATUS_OK when the command was executed successfully
|
||||
* @retval SL_STATUS_INVALID_PARAMETER when an invalid parameter was passed
|
||||
* @retval SL_STATUS_COMMAND_IS_INVALID when already not in active mode
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_exit_active_mode(sl_se_command_context_t *cmd_ctx);
|
||||
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
@ -750,6 +820,6 @@ sl_status_t sl_se_read_cert(sl_se_command_context_t *cmd_ctx,
|
|||
/// @} (end addtogroup sl_se_manager_util)
|
||||
/// @} (end addtogroup sl_se_manager)
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT) || defined(CRYPTOACC_PRESENT)
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED) || defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
#endif // SL_SE_MANAGER_UTIL_H
|
||||
|
|
|
|||
|
|
@ -1,425 +0,0 @@
|
|||
/*******************************************************************************
|
||||
* @file
|
||||
* @brief SL Status Codes.
|
||||
*******************************************************************************
|
||||
* # License
|
||||
* <b>Copyright 2019 Silicon Laboratories Inc. www.silabs.com</b>
|
||||
*******************************************************************************
|
||||
*
|
||||
* SPDX-License-Identifier: Zlib
|
||||
*
|
||||
* The licensor of this software is Silicon Laboratories Inc.
|
||||
*
|
||||
* This software is provided 'as-is', without any express or implied
|
||||
* warranty. In no event will the authors be held liable for any damages
|
||||
* arising from the use of this software.
|
||||
*
|
||||
* Permission is granted to anyone to use this software for any purpose,
|
||||
* including commercial applications, and to alter it and redistribute it
|
||||
* freely, subject to the following restrictions:
|
||||
*
|
||||
* 1. The origin of this software must not be misrepresented; you must not
|
||||
* claim that you wrote the original software. If you use this software
|
||||
* in a product, an acknowledgment in the product documentation would be
|
||||
* appreciated but is not required.
|
||||
* 2. Altered source versions must be plainly marked as such, and must not be
|
||||
* misrepresented as being the original software.
|
||||
* 3. This notice may not be removed or altered from any source distribution.
|
||||
*
|
||||
******************************************************************************/
|
||||
|
||||
#ifndef SL_STATUS_H
|
||||
#define SL_STATUS_H
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
/*******************************************************************************
|
||||
* @addtogroup status Status Codes
|
||||
* @brief Status codes
|
||||
* @{
|
||||
******************************************************************************/
|
||||
|
||||
// -----------------------------------------------------------------------------
|
||||
// Space Defines
|
||||
|
||||
#define SL_STATUS_SPACE_MASK ((sl_status_t)0xFF00)
|
||||
|
||||
#define SL_STATUS_GENERIC_SPACE ((sl_status_t)0x0000)
|
||||
|
||||
#define SL_STATUS_PLATFORM_1_SPACE ((sl_status_t)0x0100)
|
||||
#define SL_STATUS_PLATFORM_2_SPACE ((sl_status_t)0x0200)
|
||||
#define SL_STATUS_HARDWARE_SPACE ((sl_status_t)0x0300)
|
||||
|
||||
#define SL_STATUS_BLUETOOTH_SPACE ((sl_status_t)0x0400)
|
||||
#define SL_STATUS_BLUETOOTH_MESH_SPACE ((sl_status_t)0x0500)
|
||||
#define SL_STATUS_CAN_CANOPEN_SPACE ((sl_status_t)0x0600)
|
||||
#define SL_STATUS_CONNECT_SPACE ((sl_status_t)0x0700)
|
||||
#define SL_STATUS_NET_SUITE_SPACE ((sl_status_t)0x0800)
|
||||
#define SL_STATUS_THREAD_SPACE ((sl_status_t)0x0900)
|
||||
#define SL_STATUS_USB_SPACE ((sl_status_t)0x0A00)
|
||||
#define SL_STATUS_WIFI_SPACE ((sl_status_t)0x0B00)
|
||||
#define SL_STATUS_ZIGBEE_SPACE ((sl_status_t)0x0C00)
|
||||
#define SL_STATUS_Z_WAVE_SPACE ((sl_status_t)0x0D00)
|
||||
|
||||
#define SL_STATUS_GECKO_OS_1_SPACE ((sl_status_t)0x0E00)
|
||||
#define SL_STATUS_GECKO_OS_2_SPACE ((sl_status_t)0x0F00)
|
||||
|
||||
#define SL_STATUS_BLUETOOTH_CTRL_SPACE ((sl_status_t)0x1000)
|
||||
#define SL_STATUS_BLUETOOTH_ATT_SPACE ((sl_status_t)0x1100)
|
||||
#define SL_STATUS_BLUETOOTH_SMP_SPACE ((sl_status_t)0x1200)
|
||||
#define SL_STATUS_BLUETOOTH_MESH_FOUNDATION_SPACE ((sl_status_t)0x1300)
|
||||
|
||||
// -----------------------------------------------------------------------------
|
||||
// Status Defines
|
||||
|
||||
// -----------------------------------------------------------------------------
|
||||
// Generic Errors
|
||||
|
||||
#define SL_STATUS_OK ((sl_status_t)0x0000) ///< No error.
|
||||
#define SL_STATUS_FAIL ((sl_status_t)0x0001) ///< Generic error.
|
||||
|
||||
// State Errors
|
||||
#define SL_STATUS_INVALID_STATE ((sl_status_t)0x0002) ///< Generic invalid state error.
|
||||
#define SL_STATUS_NOT_READY ((sl_status_t)0x0003) ///< Module is not ready for requested operation.
|
||||
#define SL_STATUS_BUSY ((sl_status_t)0x0004) ///< Module is busy and cannot carry out requested operation.
|
||||
#define SL_STATUS_IN_PROGRESS ((sl_status_t)0x0005) ///< Operation is in progress and not yet complete (pass or fail).
|
||||
#define SL_STATUS_ABORT ((sl_status_t)0x0006) ///< Operation aborted.
|
||||
#define SL_STATUS_TIMEOUT ((sl_status_t)0x0007) ///< Operation timed out.
|
||||
#define SL_STATUS_PERMISSION ((sl_status_t)0x0008) ///< Operation not allowed per permissions.
|
||||
#define SL_STATUS_WOULD_BLOCK ((sl_status_t)0x0009) ///< Non-blocking operation would block.
|
||||
#define SL_STATUS_IDLE ((sl_status_t)0x000A) ///< Operation/module is Idle, cannot carry requested operation.
|
||||
#define SL_STATUS_IS_WAITING ((sl_status_t)0x000B) ///< Operation cannot be done while construct is waiting.
|
||||
#define SL_STATUS_NONE_WAITING ((sl_status_t)0x000C) ///< No task/construct waiting/pending for that action/event.
|
||||
#define SL_STATUS_SUSPENDED ((sl_status_t)0x000D) ///< Operation cannot be done while construct is suspended.
|
||||
#define SL_STATUS_NOT_AVAILABLE ((sl_status_t)0x000E) ///< Feature not available due to software configuration.
|
||||
#define SL_STATUS_NOT_SUPPORTED ((sl_status_t)0x000F) ///< Feature not supported.
|
||||
#define SL_STATUS_INITIALIZATION ((sl_status_t)0x0010) ///< Initialization failed.
|
||||
#define SL_STATUS_NOT_INITIALIZED ((sl_status_t)0x0011) ///< Module has not been initialized.
|
||||
#define SL_STATUS_ALREADY_INITIALIZED ((sl_status_t)0x0012) ///< Module has already been initialized.
|
||||
#define SL_STATUS_DELETED ((sl_status_t)0x0013) ///< Object/construct has been deleted.
|
||||
#define SL_STATUS_ISR ((sl_status_t)0x0014) ///< Illegal call from ISR.
|
||||
#define SL_STATUS_NETWORK_UP ((sl_status_t)0x0015) ///< Illegal call because network is up.
|
||||
#define SL_STATUS_NETWORK_DOWN ((sl_status_t)0x0016) ///< Illegal call because network is down.
|
||||
#define SL_STATUS_NOT_JOINED ((sl_status_t)0x0017) ///< Failure due to not being joined in a network.
|
||||
#define SL_STATUS_NO_BEACONS ((sl_status_t)0x0018) ///< Invalid operation as there are no beacons.
|
||||
|
||||
// Allocation/ownership Errors
|
||||
#define SL_STATUS_ALLOCATION_FAILED ((sl_status_t)0x0019) ///< Generic allocation error.
|
||||
#define SL_STATUS_NO_MORE_RESOURCE ((sl_status_t)0x001A) ///< No more resource available to perform the operation.
|
||||
#define SL_STATUS_EMPTY ((sl_status_t)0x001B) ///< Item/list/queue is empty.
|
||||
#define SL_STATUS_FULL ((sl_status_t)0x001C) ///< Item/list/queue is full.
|
||||
#define SL_STATUS_WOULD_OVERFLOW ((sl_status_t)0x001D) ///< Item would overflow.
|
||||
#define SL_STATUS_HAS_OVERFLOWED ((sl_status_t)0x001E) ///< Item/list/queue has been overflowed.
|
||||
#define SL_STATUS_OWNERSHIP ((sl_status_t)0x001F) ///< Generic ownership error.
|
||||
#define SL_STATUS_IS_OWNER ((sl_status_t)0x0020) ///< Already/still owning resource.
|
||||
|
||||
// Invalid Parameters Errors
|
||||
#define SL_STATUS_INVALID_PARAMETER ((sl_status_t)0x0021) ///< Generic invalid argument or consequence of invalid argument.
|
||||
#define SL_STATUS_NULL_POINTER ((sl_status_t)0x0022) ///< Invalid null pointer received as argument.
|
||||
#define SL_STATUS_INVALID_CONFIGURATION ((sl_status_t)0x0023) ///< Invalid configuration provided.
|
||||
#define SL_STATUS_INVALID_MODE ((sl_status_t)0x0024) ///< Invalid mode.
|
||||
#define SL_STATUS_INVALID_HANDLE ((sl_status_t)0x0025) ///< Invalid handle.
|
||||
#define SL_STATUS_INVALID_TYPE ((sl_status_t)0x0026) ///< Invalid type for operation.
|
||||
#define SL_STATUS_INVALID_INDEX ((sl_status_t)0x0027) ///< Invalid index.
|
||||
#define SL_STATUS_INVALID_RANGE ((sl_status_t)0x0028) ///< Invalid range.
|
||||
#define SL_STATUS_INVALID_KEY ((sl_status_t)0x0029) ///< Invalid key.
|
||||
#define SL_STATUS_INVALID_CREDENTIALS ((sl_status_t)0x002A) ///< Invalid credentials.
|
||||
#define SL_STATUS_INVALID_COUNT ((sl_status_t)0x002B) ///< Invalid count.
|
||||
#define SL_STATUS_INVALID_SIGNATURE ((sl_status_t)0x002C) ///< Invalid signature / verification failed.
|
||||
#define SL_STATUS_NOT_FOUND ((sl_status_t)0x002D) ///< Item could not be found.
|
||||
#define SL_STATUS_ALREADY_EXISTS ((sl_status_t)0x002E) ///< Item already exists.
|
||||
|
||||
// IO/Communication Errors
|
||||
#define SL_STATUS_IO ((sl_status_t)0x002F) ///< Generic I/O failure.
|
||||
#define SL_STATUS_IO_TIMEOUT ((sl_status_t)0x0030) ///< I/O failure due to timeout.
|
||||
#define SL_STATUS_TRANSMIT ((sl_status_t)0x0031) ///< Generic transmission error.
|
||||
#define SL_STATUS_TRANSMIT_UNDERFLOW ((sl_status_t)0x0032) ///< Transmit underflowed.
|
||||
#define SL_STATUS_TRANSMIT_INCOMPLETE ((sl_status_t)0x0033) ///< Transmit is incomplete.
|
||||
#define SL_STATUS_TRANSMIT_BUSY ((sl_status_t)0x0034) ///< Transmit is busy.
|
||||
#define SL_STATUS_RECEIVE ((sl_status_t)0x0035) ///< Generic reception error.
|
||||
#define SL_STATUS_OBJECT_READ ((sl_status_t)0x0036) ///< Failed to read on/via given object.
|
||||
#define SL_STATUS_OBJECT_WRITE ((sl_status_t)0x0037) ///< Failed to write on/via given object.
|
||||
#define SL_STATUS_MESSAGE_TOO_LONG ((sl_status_t)0x0038) ///< Message is too long.
|
||||
|
||||
// EEPROM/Flash Errors
|
||||
#define SL_STATUS_EEPROM_MFG_VERSION_MISMATCH ((sl_status_t)0x0039) ///<
|
||||
#define SL_STATUS_EEPROM_STACK_VERSION_MISMATCH ((sl_status_t)0x003A) ///<
|
||||
#define SL_STATUS_FLASH_WRITE_INHIBITED ((sl_status_t)0x003B) ///< Flash write is inhibited.
|
||||
#define SL_STATUS_FLASH_VERIFY_FAILED ((sl_status_t)0x003C) ///< Flash verification failed.
|
||||
#define SL_STATUS_FLASH_PROGRAM_FAILED ((sl_status_t)0x003D) ///< Flash programming failed.
|
||||
#define SL_STATUS_FLASH_ERASE_FAILED ((sl_status_t)0x003E) ///< Flash erase failed.
|
||||
|
||||
// MAC Errors
|
||||
#define SL_STATUS_MAC_NO_DATA ((sl_status_t)0x003F) ///<
|
||||
#define SL_STATUS_MAC_NO_ACK_RECEIVED ((sl_status_t)0x0040) ///<
|
||||
#define SL_STATUS_MAC_INDIRECT_TIMEOUT ((sl_status_t)0x0041) ///<
|
||||
#define SL_STATUS_MAC_UNKNOWN_HEADER_TYPE ((sl_status_t)0x0042) ///<
|
||||
#define SL_STATUS_MAC_ACK_HEADER_TYPE ((sl_status_t)0x0043) ///<
|
||||
#define SL_STATUS_MAC_COMMAND_TRANSMIT_FAILURE ((sl_status_t)0x0044) ///<
|
||||
|
||||
// CLI_STORAGE Errors
|
||||
#define SL_STATUS_CLI_STORAGE_NVM_OPEN_ERROR ((sl_status_t)0x0045) ///< Error in open NVM
|
||||
|
||||
// Security status codes
|
||||
#define SL_STATUS_SECURITY_IMAGE_CHECKSUM_ERROR ((sl_status_t)0x0046) ///< Image checksum is not valid.
|
||||
#define SL_STATUS_SECURITY_DECRYPT_ERROR ((sl_status_t)0x0047) ///< Decryption failed
|
||||
|
||||
// Command status codes
|
||||
#define SL_STATUS_COMMAND_IS_INVALID ((sl_status_t)0x0048) ///< Command was not recognized
|
||||
#define SL_STATUS_COMMAND_TOO_LONG ((sl_status_t)0x0049) ///< Command or parameter maximum length exceeded
|
||||
#define SL_STATUS_COMMAND_INCOMPLETE ((sl_status_t)0x004A) ///< Data received does not form a complete command
|
||||
|
||||
// Misc Errors
|
||||
#define SL_STATUS_BUS_ERROR ((sl_status_t)0x004B) ///< Bus error, e.g. invalid DMA address
|
||||
|
||||
// Unified MAC Errors
|
||||
#define SL_STATUS_CCA_FAILURE ((sl_status_t)0x004C) ///<
|
||||
|
||||
// Scan errors
|
||||
#define SL_STATUS_MAC_SCANNING ((sl_status_t)0x004D) ///<
|
||||
#define SL_STATUS_MAC_INCORRECT_SCAN_TYPE ((sl_status_t)0x004E) ///<
|
||||
#define SL_STATUS_INVALID_CHANNEL_MASK ((sl_status_t)0x004F) ///<
|
||||
#define SL_STATUS_BAD_SCAN_DURATION ((sl_status_t)0x0050) ///<
|
||||
|
||||
// Bluetooth status codes
|
||||
#define SL_STATUS_BT_OUT_OF_BONDS ((sl_status_t)0x0402) ///< Bonding procedure can't be started because device has no space left for bond.
|
||||
#define SL_STATUS_BT_UNSPECIFIED ((sl_status_t)0x0403) ///< Unspecified error
|
||||
#define SL_STATUS_BT_HARDWARE ((sl_status_t)0x0404) ///< Hardware failure
|
||||
#define SL_STATUS_BT_NO_BONDING ((sl_status_t)0x0406) ///< The bonding does not exist.
|
||||
#define SL_STATUS_BT_CRYPTO ((sl_status_t)0x0407) ///< Error using crypto functions
|
||||
#define SL_STATUS_BT_DATA_CORRUPTED ((sl_status_t)0x0408) ///< Data was corrupted.
|
||||
#define SL_STATUS_BT_INVALID_SYNC_HANDLE ((sl_status_t)0x040A) ///< Invalid periodic advertising sync handle
|
||||
#define SL_STATUS_BT_INVALID_MODULE_ACTION ((sl_status_t)0x040B) ///< Bluetooth cannot be used on this hardware
|
||||
#define SL_STATUS_BT_RADIO ((sl_status_t)0x040C) ///< Error received from radio
|
||||
#define SL_STATUS_BT_L2CAP_REMOTE_DISCONNECTED ((sl_status_t)0x040D) ///< Returned when remote disconnects the connection-oriented channel by sending disconnection request.
|
||||
#define SL_STATUS_BT_L2CAP_LOCAL_DISCONNECTED ((sl_status_t)0x040E) ///< Returned when local host disconnect the connection-oriented channel by sending disconnection request.
|
||||
#define SL_STATUS_BT_L2CAP_CID_NOT_EXIST ((sl_status_t)0x040F) ///< Returned when local host did not find a connection-oriented channel with given destination CID.
|
||||
#define SL_STATUS_BT_L2CAP_LE_DISCONNECTED ((sl_status_t)0x0410) ///< Returned when connection-oriented channel disconnected due to LE connection is dropped.
|
||||
#define SL_STATUS_BT_L2CAP_FLOW_CONTROL_VIOLATED ((sl_status_t)0x0412) ///< Returned when connection-oriented channel disconnected due to remote end send data even without credit.
|
||||
#define SL_STATUS_BT_L2CAP_FLOW_CONTROL_CREDIT_OVERFLOWED ((sl_status_t)0x0413) ///< Returned when connection-oriented channel disconnected due to remote end send flow control credits exceed 65535.
|
||||
#define SL_STATUS_BT_L2CAP_NO_FLOW_CONTROL_CREDIT ((sl_status_t)0x0414) ///< Returned when connection-oriented channel has run out of flow control credit and local application still trying to send data.
|
||||
#define SL_STATUS_BT_L2CAP_CONNECTION_REQUEST_TIMEOUT ((sl_status_t)0x0415) ///< Returned when connection-oriented channel has not received connection response message within maximum timeout.
|
||||
#define SL_STATUS_BT_L2CAP_INVALID_CID ((sl_status_t)0x0416) ///< Returned when local host received a connection-oriented channel connection response with an invalid destination CID.
|
||||
#define SL_STATUS_BT_L2CAP_WRONG_STATE ((sl_status_t)0x0417) ///< Returned when local host application tries to send a command which is not suitable for L2CAP channel's current state.
|
||||
#define SL_STATUS_BT_PS_STORE_FULL ((sl_status_t)0x041B) ///< Flash reserved for PS store is full
|
||||
#define SL_STATUS_BT_PS_KEY_NOT_FOUND ((sl_status_t)0x041C) ///< PS key not found
|
||||
#define SL_STATUS_BT_APPLICATION_MISMATCHED_OR_INSUFFICIENT_SECURITY ((sl_status_t)0x041D) ///< Mismatched or insufficient security level
|
||||
#define SL_STATUS_BT_APPLICATION_ENCRYPTION_DECRYPTION_ERROR ((sl_status_t)0x041E) ///< Encrypion/decryption operation failed.
|
||||
|
||||
// Bluetooth controller status codes
|
||||
#define SL_STATUS_BT_CTRL_UNKNOWN_CONNECTION_IDENTIFIER ((sl_status_t)0x1002) ///< Connection does not exist, or connection open request was cancelled.
|
||||
#define SL_STATUS_BT_CTRL_AUTHENTICATION_FAILURE ((sl_status_t)0x1005) ///< Pairing or authentication failed due to incorrect results in the pairing or authentication procedure. This could be due to an incorrect PIN or Link Key
|
||||
#define SL_STATUS_BT_CTRL_PIN_OR_KEY_MISSING ((sl_status_t)0x1006) ///< Pairing failed because of missing PIN, or authentication failed because of missing Key
|
||||
#define SL_STATUS_BT_CTRL_MEMORY_CAPACITY_EXCEEDED ((sl_status_t)0x1007) ///< Controller is out of memory.
|
||||
#define SL_STATUS_BT_CTRL_CONNECTION_TIMEOUT ((sl_status_t)0x1008) ///< Link supervision timeout has expired.
|
||||
#define SL_STATUS_BT_CTRL_CONNECTION_LIMIT_EXCEEDED ((sl_status_t)0x1009) ///< Controller is at limit of connections it can support.
|
||||
#define SL_STATUS_BT_CTRL_SYNCHRONOUS_CONNECTIONTION_LIMIT_EXCEEDED ((sl_status_t)0x100A) ///< The Synchronous Connection Limit to a Device Exceeded error code indicates that the Controller has reached the limit to the number of synchronous connections that can be achieved to a device.
|
||||
#define SL_STATUS_BT_CTRL_ACL_CONNECTION_ALREADY_EXISTS ((sl_status_t)0x100B) ///< The ACL Connection Already Exists error code indicates that an attempt to create a new ACL Connection to a device when there is already a connection to this device.
|
||||
#define SL_STATUS_BT_CTRL_COMMAND_DISALLOWED ((sl_status_t)0x100C) ///< Command requested cannot be executed because the Controller is in a state where it cannot process this command at this time.
|
||||
#define SL_STATUS_BT_CTRL_CONNECTION_REJECTED_DUE_TO_LIMITED_RESOURCES ((sl_status_t)0x100D) ///< The Connection Rejected Due To Limited Resources error code indicates that an incoming connection was rejected due to limited resources.
|
||||
#define SL_STATUS_BT_CTRL_CONNECTION_REJECTED_DUE_TO_SECURITY_REASONS ((sl_status_t)0x100E) ///< The Connection Rejected Due To Security Reasons error code indicates that a connection was rejected due to security requirements not being fulfilled, like authentication or pairing.
|
||||
#define SL_STATUS_BT_CTRL_CONNECTION_REJECTED_DUE_TO_UNACCEPTABLE_BD_ADDR ((sl_status_t)0x100F) ///< The Connection was rejected because this device does not accept the BD_ADDR. This may be because the device will only accept connections from specific BD_ADDRs.
|
||||
#define SL_STATUS_BT_CTRL_CONNECTION_ACCEPT_TIMEOUT_EXCEEDED ((sl_status_t)0x1010) ///< The Connection Accept Timeout has been exceeded for this connection attempt.
|
||||
#define SL_STATUS_BT_CTRL_UNSUPPORTED_FEATURE_OR_PARAMETER_VALUE ((sl_status_t)0x1011) ///< A feature or parameter value in the HCI command is not supported.
|
||||
#define SL_STATUS_BT_CTRL_INVALID_COMMAND_PARAMETERS ((sl_status_t)0x1012) ///< Command contained invalid parameters.
|
||||
#define SL_STATUS_BT_CTRL_REMOTE_USER_TERMINATED ((sl_status_t)0x1013) ///< User on the remote device terminated the connection.
|
||||
#define SL_STATUS_BT_CTRL_REMOTE_DEVICE_TERMINATED_CONNECTION_DUE_TO_LOW_RESOURCES ((sl_status_t)0x1014) ///< The remote device terminated the connection because of low resources
|
||||
#define SL_STATUS_BT_CTRL_REMOTE_POWERING_OFF ((sl_status_t)0x1015) ///< Remote Device Terminated Connection due to Power Off
|
||||
#define SL_STATUS_BT_CTRL_CONNECTION_TERMINATED_BY_LOCAL_HOST ((sl_status_t)0x1016) ///< Local device terminated the connection.
|
||||
#define SL_STATUS_BT_CTRL_REPEATED_ATTEMPTS ((sl_status_t)0x1017) ///< The Controller is disallowing an authentication or pairing procedure because too little time has elapsed since the last authentication or pairing attempt failed.
|
||||
#define SL_STATUS_BT_CTRL_PAIRING_NOT_ALLOWED ((sl_status_t)0x1018) ///< The device does not allow pairing. This can be for example, when a device only allows pairing during a certain time window after some user input allows pairing
|
||||
#define SL_STATUS_BT_CTRL_UNSUPPORTED_REMOTE_FEATURE ((sl_status_t)0x101A) ///< The remote device does not support the feature associated with the issued command.
|
||||
#define SL_STATUS_BT_CTRL_UNSPECIFIED_ERROR ((sl_status_t)0x101F) ///< No other error code specified is appropriate to use.
|
||||
#define SL_STATUS_BT_CTRL_LL_RESPONSE_TIMEOUT ((sl_status_t)0x1022) ///< Connection terminated due to link-layer procedure timeout.
|
||||
#define SL_STATUS_BT_CTRL_LL_PROCEDURE_COLLISION ((sl_status_t)0x1023) ///< LL procedure has collided with the same transaction or procedure that is already in progress.
|
||||
#define SL_STATUS_BT_CTRL_ENCRYPTION_MODE_NOT_ACCEPTABLE ((sl_status_t)0x1025) ///< The requested encryption mode is not acceptable at this time.
|
||||
#define SL_STATUS_BT_CTRL_LINK_KEY_CANNOT_BE_CHANGED ((sl_status_t)0x1026) ///< Link key cannot be changed because a fixed unit key is being used.
|
||||
#define SL_STATUS_BT_CTRL_INSTANT_PASSED ((sl_status_t)0x1028) ///< LMP PDU or LL PDU that includes an instant cannot be performed because the instant when this would have occurred has passed.
|
||||
#define SL_STATUS_BT_CTRL_PAIRING_WITH_UNIT_KEY_NOT_SUPPORTED ((sl_status_t)0x1029) ///< It was not possible to pair as a unit key was requested and it is not supported.
|
||||
#define SL_STATUS_BT_CTRL_DIFFERENT_TRANSACTION_COLLISION ((sl_status_t)0x102A) ///< LMP transaction was started that collides with an ongoing transaction.
|
||||
#define SL_STATUS_BT_CTRL_CHANNEL_ASSESSMENT_NOT_SUPPORTED ((sl_status_t)0x102E) ///< The Controller cannot perform channel assessment because it is not supported.
|
||||
#define SL_STATUS_BT_CTRL_INSUFFICIENT_SECURITY ((sl_status_t)0x102F) ///< The HCI command or LMP PDU sent is only possible on an encrypted link.
|
||||
#define SL_STATUS_BT_CTRL_PARAMETER_OUT_OF_MANDATORY_RANGE ((sl_status_t)0x1030) ///< A parameter value requested is outside the mandatory range of parameters for the given HCI command or LMP PDU.
|
||||
#define SL_STATUS_BT_CTRL_SIMPLE_PAIRING_NOT_SUPPORTED_BY_HOST ((sl_status_t)0x1037) ///< The IO capabilities request or response was rejected because the sending Host does not support Secure Simple Pairing even though the receiving Link Manager does.
|
||||
#define SL_STATUS_BT_CTRL_HOST_BUSY_PAIRING ((sl_status_t)0x1038) ///< The Host is busy with another pairing operation and unable to support the requested pairing. The receiving device should retry pairing again later.
|
||||
#define SL_STATUS_BT_CTRL_CONNECTION_REJECTED_DUE_TO_NO_SUITABLE_CHANNEL_FOUND ((sl_status_t)0x1039) ///< The Controller could not calculate an appropriate value for the Channel selection operation.
|
||||
#define SL_STATUS_BT_CTRL_CONTROLLER_BUSY ((sl_status_t)0x103A) ///< Operation was rejected because the controller is busy and unable to process the request.
|
||||
#define SL_STATUS_BT_CTRL_UNACCEPTABLE_CONNECTION_INTERVAL ((sl_status_t)0x103B) ///< Remote device terminated the connection because of an unacceptable connection interval.
|
||||
#define SL_STATUS_BT_CTRL_ADVERTISING_TIMEOUT ((sl_status_t)0x103C) ///< Ddvertising for a fixed duration completed or, for directed advertising, that advertising completed without a connection being created.
|
||||
#define SL_STATUS_BT_CTRL_CONNECTION_TERMINATED_DUE_TO_MIC_FAILURE ((sl_status_t)0x103D) ///< Connection was terminated because the Message Integrity Check (MIC) failed on a received packet.
|
||||
#define SL_STATUS_BT_CTRL_CONNECTION_FAILED_TO_BE_ESTABLISHED ((sl_status_t)0x103E) ///< LL initiated a connection but the connection has failed to be established. Controller did not receive any packets from remote end.
|
||||
#define SL_STATUS_BT_CTRL_MAC_CONNECTION_FAILED ((sl_status_t)0x103F) ///< The MAC of the 802.11 AMP was requested to connect to a peer, but the connection failed.
|
||||
#define SL_STATUS_BT_CTRL_COARSE_CLOCK_ADJUSTMENT_REJECTED_BUT_WILL_TRY_TO_ADJUST_USING_CLOCK_DRAGGING ((sl_status_t)0x1040) ///< The master, at this time, is unable to make a coarse adjustment to the piconet clock, using the supplied parameters. Instead the master will attempt to move the clock using clock dragging.
|
||||
#define SL_STATUS_BT_CTRL_UNKNOWN_ADVERTISING_IDENTIFIER ((sl_status_t)0x1042) ///< A command was sent from the Host that should identify an Advertising or Sync handle, but the Advertising or Sync handle does not exist.
|
||||
#define SL_STATUS_BT_CTRL_LIMIT_REACHED ((sl_status_t)0x1043) ///< Number of operations requested has been reached and has indicated the completion of the activity (e.g., advertising or scanning).
|
||||
#define SL_STATUS_BT_CTRL_OPERATION_CANCELLED_BY_HOST ((sl_status_t)0x1044) ///< A request to the Controller issued by the Host and still pending was successfully canceled.
|
||||
#define SL_STATUS_BT_CTRL_PACKET_TOO_LONG ((sl_status_t)0x1045) ///< An attempt was made to send or receive a packet that exceeds the maximum allowed packet l
|
||||
|
||||
// Bluetooth attribute status codes
|
||||
#define SL_STATUS_BT_ATT_INVALID_HANDLE ((sl_status_t)0x1101) ///< The attribute handle given was not valid on this server
|
||||
#define SL_STATUS_BT_ATT_READ_NOT_PERMITTED ((sl_status_t)0x1102) ///< The attribute cannot be read
|
||||
#define SL_STATUS_BT_ATT_WRITE_NOT_PERMITTED ((sl_status_t)0x1103) ///< The attribute cannot be written
|
||||
#define SL_STATUS_BT_ATT_INVALID_PDU ((sl_status_t)0x1104) ///< The attribute PDU was invalid
|
||||
#define SL_STATUS_BT_ATT_INSUFFICIENT_AUTHENTICATION ((sl_status_t)0x1105) ///< The attribute requires authentication before it can be read or written.
|
||||
#define SL_STATUS_BT_ATT_REQUEST_NOT_SUPPORTED ((sl_status_t)0x1106) ///< Attribute Server does not support the request received from the client.
|
||||
#define SL_STATUS_BT_ATT_INVALID_OFFSET ((sl_status_t)0x1107) ///< Offset specified was past the end of the attribute
|
||||
#define SL_STATUS_BT_ATT_INSUFFICIENT_AUTHORIZATION ((sl_status_t)0x1108) ///< The attribute requires authorization before it can be read or written.
|
||||
#define SL_STATUS_BT_ATT_PREPARE_QUEUE_FULL ((sl_status_t)0x1109) ///< Too many prepare writes have been queueud
|
||||
#define SL_STATUS_BT_ATT_ATT_NOT_FOUND ((sl_status_t)0x110A) ///< No attribute found within the given attribute handle range.
|
||||
#define SL_STATUS_BT_ATT_ATT_NOT_LONG ((sl_status_t)0x110B) ///< The attribute cannot be read or written using the Read Blob Request
|
||||
#define SL_STATUS_BT_ATT_INSUFFICIENT_ENC_KEY_SIZE ((sl_status_t)0x110C) ///< The Encryption Key Size used for encrypting this link is insufficient.
|
||||
#define SL_STATUS_BT_ATT_INVALID_ATT_LENGTH ((sl_status_t)0x110D) ///< The attribute value length is invalid for the operation
|
||||
#define SL_STATUS_BT_ATT_UNLIKELY_ERROR ((sl_status_t)0x110E) ///< The attribute request that was requested has encountered an error that was unlikely, and therefore could not be completed as requested.
|
||||
#define SL_STATUS_BT_ATT_INSUFFICIENT_ENCRYPTION ((sl_status_t)0x110F) ///< The attribute requires encryption before it can be read or written.
|
||||
#define SL_STATUS_BT_ATT_UNSUPPORTED_GROUP_TYPE ((sl_status_t)0x1110) ///< The attribute type is not a supported grouping attribute as defined by a higher layer specification.
|
||||
#define SL_STATUS_BT_ATT_INSUFFICIENT_RESOURCES ((sl_status_t)0x1111) ///< Insufficient Resources to complete the request
|
||||
#define SL_STATUS_BT_ATT_OUT_OF_SYNC ((sl_status_t)0x1112) ///< The server requests the client to rediscover the database.
|
||||
#define SL_STATUS_BT_ATT_VALUE_NOT_ALLOWED ((sl_status_t)0x1113) ///< The attribute parameter value was not allowed.
|
||||
#define SL_STATUS_BT_ATT_APPLICATION ((sl_status_t)0x1180) ///< When this is returned in a BGAPI response, the application tried to read or write the value of a user attribute from the GATT databa
|
||||
#define SL_STATUS_BT_ATT_WRITE_REQUEST_REJECTED ((sl_status_t)0x11FC) ///< The requested write operation cannot be fulfilled for reasons other than permissions.
|
||||
#define SL_STATUS_BT_ATT_CLIENT_CHARACTERISTIC_CONFIGURATION_DESCRIPTOR_IMPROPERLY_CONFIGURED ((sl_status_t)0x11FD) ///< The Client Characteristic Configuration descriptor is not configured according to the requirements of the profile or service.
|
||||
#define SL_STATUS_BT_ATT_PROCEDURE_ALREADY_IN_PROGRESS ((sl_status_t)0x11FE) ///< The profile or service request cannot be serviced because an operation that has been previously triggered is still in progress.
|
||||
#define SL_STATUS_BT_ATT_OUT_OF_RANGE ((sl_status_t)0x11FF) ///< The attribute value is out of range as defined by a profile or service specification.
|
||||
|
||||
// Bluetooth Security Manager Protocol status codes
|
||||
#define SL_STATUS_BT_SMP_PASSKEY_ENTRY_FAILED ((sl_status_t)0x1201) ///< The user input of passkey failed, for example, the user cancelled the operation
|
||||
#define SL_STATUS_BT_SMP_OOB_NOT_AVAILABLE ((sl_status_t)0x1202) ///< Out of Band data is not available for authentication
|
||||
#define SL_STATUS_BT_SMP_AUTHENTICATION_REQUIREMENTS ((sl_status_t)0x1203) ///< The pairing procedure cannot be performed as authentication requirements cannot be met due to IO capabilities of one or both devices
|
||||
#define SL_STATUS_BT_SMP_CONFIRM_VALUE_FAILED ((sl_status_t)0x1204) ///< The confirm value does not match the calculated compare value
|
||||
#define SL_STATUS_BT_SMP_PAIRING_NOT_SUPPORTED ((sl_status_t)0x1205) ///< Pairing is not supported by the device
|
||||
#define SL_STATUS_BT_SMP_ENCRYPTION_KEY_SIZE ((sl_status_t)0x1206) ///< The resultant encryption key size is insufficient for the security requirements of this device
|
||||
#define SL_STATUS_BT_SMP_COMMAND_NOT_SUPPORTED ((sl_status_t)0x1207) ///< The SMP command received is not supported on this device
|
||||
#define SL_STATUS_BT_SMP_UNSPECIFIED_REASON ((sl_status_t)0x1208) ///< Pairing failed due to an unspecified reason
|
||||
#define SL_STATUS_BT_SMP_REPEATED_ATTEMPTS ((sl_status_t)0x1209) ///< Pairing or authentication procedure is disallowed because too little time has elapsed since last pairing request or security request
|
||||
#define SL_STATUS_BT_SMP_INVALID_PARAMETERS ((sl_status_t)0x120A) ///< The Invalid Parameters error code indicates: the command length is invalid or a parameter is outside of the specified range.
|
||||
#define SL_STATUS_BT_SMP_DHKEY_CHECK_FAILED ((sl_status_t)0x120B) ///< Indicates to the remote device that the DHKey Check value received doesn't match the one calculated by the local device.
|
||||
#define SL_STATUS_BT_SMP_NUMERIC_COMPARISON_FAILED ((sl_status_t)0x120C) ///< Indicates that the confirm values in the numeric comparison protocol do not match.
|
||||
#define SL_STATUS_BT_SMP_BREDR_PAIRING_IN_PROGRESS ((sl_status_t)0x120D) ///< Indicates that the pairing over the LE transport failed due to a Pairing Request sent over the BR/EDR transport in process.
|
||||
#define SL_STATUS_BT_SMP_CROSS_TRANSPORT_KEY_DERIVATION_GENERATION_NOT_ALLOWED ((sl_status_t)0x120E) ///< Indicates that the BR/EDR Link Key generated on the BR/EDR transport cannot be used to derive and distribute keys for the LE transport.
|
||||
|
||||
// Bluetooth Mesh status codes
|
||||
#define SL_STATUS_BT_MESH_ALREADY_EXISTS ((sl_status_t)0x0501) ///< Returned when trying to add a key or some other unique resource with an ID which already exists
|
||||
#define SL_STATUS_BT_MESH_DOES_NOT_EXIST ((sl_status_t)0x0502) ///< Returned when trying to manipulate a key or some other resource with an ID which does not exist
|
||||
#define SL_STATUS_BT_MESH_LIMIT_REACHED ((sl_status_t)0x0503) ///< Returned when an operation cannot be executed because a pre-configured limit for keys, key bindings, elements, models, virtual addresses, provisioned devices, or provisioning sessions is reached
|
||||
#define SL_STATUS_BT_MESH_INVALID_ADDRESS ((sl_status_t)0x0504) ///< Returned when trying to use a reserved address or add a "pre-provisioned" device using an address already used by some other device
|
||||
#define SL_STATUS_BT_MESH_MALFORMED_DATA ((sl_status_t)0x0505) ///< In a BGAPI response, the user supplied malformed data; in a BGAPI event, the remote end responded with malformed or unrecognized data
|
||||
#define SL_STATUS_BT_MESH_ALREADY_INITIALIZED ((sl_status_t)0x0506) ///< An attempt was made to initialize a subsystem that was already initialized.
|
||||
#define SL_STATUS_BT_MESH_NOT_INITIALIZED ((sl_status_t)0x0507) ///< An attempt was made to use a subsystem that wasn't initialized yet. Call the subsystem's init function first.
|
||||
#define SL_STATUS_BT_MESH_NO_FRIEND_OFFER ((sl_status_t)0x0508) ///< Returned when trying to establish a friendship as a Low Power Node, but no acceptable friend offer message was received.
|
||||
#define SL_STATUS_BT_MESH_PROV_LINK_CLOSED ((sl_status_t)0x0509) ///< Provisioning link was unexpectedly closed before provisioning was complete.
|
||||
#define SL_STATUS_BT_MESH_PROV_INVALID_PDU ((sl_status_t)0x050A) ///< An unrecognized provisioning PDU was received.
|
||||
#define SL_STATUS_BT_MESH_PROV_INVALID_PDU_FORMAT ((sl_status_t)0x050B) ///< A provisioning PDU with wrong length or containing field values that are out of bounds was received.
|
||||
#define SL_STATUS_BT_MESH_PROV_UNEXPECTED_PDU ((sl_status_t)0x050C) ///< An unexpected (out of sequence) provisioning PDU was received.
|
||||
#define SL_STATUS_BT_MESH_PROV_CONFIRMATION_FAILED ((sl_status_t)0x050D) ///< The computed confirmation value did not match the expected value.
|
||||
#define SL_STATUS_BT_MESH_PROV_OUT_OF_RESOURCES ((sl_status_t)0x050E) ///< Provisioning could not be continued due to insufficient resources.
|
||||
#define SL_STATUS_BT_MESH_PROV_DECRYPTION_FAILED ((sl_status_t)0x050F) ///< The provisioning data block could not be decrypted.
|
||||
#define SL_STATUS_BT_MESH_PROV_UNEXPECTED_ERROR ((sl_status_t)0x0510) ///< An unexpected error happened during provisioning.
|
||||
#define SL_STATUS_BT_MESH_PROV_CANNOT_ASSIGN_ADDR ((sl_status_t)0x0511) ///< Device could not assign unicast addresses to all of its elements.
|
||||
#define SL_STATUS_BT_MESH_ADDRESS_TEMPORARILY_UNAVAILABLE ((sl_status_t)0x0512) ///< Returned when trying to reuse an address of a previously deleted device before an IV Index Update has been executed.
|
||||
#define SL_STATUS_BT_MESH_ADDRESS_ALREADY_USED ((sl_status_t)0x0513) ///< Returned when trying to assign an address that is used by one of the devices in the Device Database, or by the Provisioner itself.
|
||||
|
||||
// Bluetooth Mesh foundation status codes
|
||||
#define SL_STATUS_BT_MESH_FOUNDATION_INVALID_ADDRESS ((sl_status_t)0x1301) ///< Returned when address in request was not valid
|
||||
#define SL_STATUS_BT_MESH_FOUNDATION_INVALID_MODEL ((sl_status_t)0x1302) ///< Returned when model identified is not found for a given element
|
||||
#define SL_STATUS_BT_MESH_FOUNDATION_INVALID_APP_KEY ((sl_status_t)0x1303) ///< Returned when the key identified by AppKeyIndex is not stored in the node
|
||||
#define SL_STATUS_BT_MESH_FOUNDATION_INVALID_NET_KEY ((sl_status_t)0x1304) ///< Returned when the key identified by NetKeyIndex is not stored in the node
|
||||
#define SL_STATUS_BT_MESH_FOUNDATION_INSUFFICIENT_RESOURCES ((sl_status_t)0x1305) ///< Returned when The node cannot serve the request due to insufficient resources
|
||||
#define SL_STATUS_BT_MESH_FOUNDATION_KEY_INDEX_EXISTS ((sl_status_t)0x1306) ///< Returned when the key identified is already stored in the node and the new NetKey value is different
|
||||
#define SL_STATUS_BT_MESH_FOUNDATION_INVALID_PUBLISH_PARAMS ((sl_status_t)0x1307) ///< Returned when the model does not support the publish mechanism
|
||||
#define SL_STATUS_BT_MESH_FOUNDATION_NOT_SUBSCRIBE_MODEL ((sl_status_t)0x1308) ///< Returned when the model does not support the subscribe mechanism
|
||||
#define SL_STATUS_BT_MESH_FOUNDATION_STORAGE_FAILURE ((sl_status_t)0x1309) ///< Returned when storing of the requested parameters failed
|
||||
#define SL_STATUS_BT_MESH_FOUNDATION_NOT_SUPPORTED ((sl_status_t)0x130A) ///< Returned when requested setting is not supported
|
||||
#define SL_STATUS_BT_MESH_FOUNDATION_CANNOT_UPDATE ((sl_status_t)0x130B) ///< Returned when the requested update operation cannot be performed due to general constraints
|
||||
#define SL_STATUS_BT_MESH_FOUNDATION_CANNOT_REMOVE ((sl_status_t)0x130C) ///< Returned when the requested delete operation cannot be performed due to general constraints
|
||||
#define SL_STATUS_BT_MESH_FOUNDATION_CANNOT_BIND ((sl_status_t)0x130D) ///< Returned when the requested bind operation cannot be performed due to general constraints
|
||||
#define SL_STATUS_BT_MESH_FOUNDATION_TEMPORARILY_UNABLE ((sl_status_t)0x130E) ///< Returned when The node cannot start advertising with Node Identity or Proxy since the maximum number of parallel advertising is reached
|
||||
#define SL_STATUS_BT_MESH_FOUNDATION_CANNOT_SET ((sl_status_t)0x130F) ///< Returned when the requested state cannot be set
|
||||
#define SL_STATUS_BT_MESH_FOUNDATION_UNSPECIFIED ((sl_status_t)0x1310) ///< Returned when an unspecified error took place
|
||||
#define SL_STATUS_BT_MESH_FOUNDATION_INVALID_BINDING ((sl_status_t)0x1311) ///< Returned when the NetKeyIndex and AppKeyIndex combination is not valid for a Config AppKey Update
|
||||
|
||||
// -----------------------------------------------------------------------------
|
||||
// Wi-Fi Errors
|
||||
|
||||
#define SL_STATUS_WIFI_INVALID_KEY ((sl_status_t)0x0B01) ///< Invalid firmware keyset
|
||||
#define SL_STATUS_WIFI_FIRMWARE_DOWNLOAD_TIMEOUT ((sl_status_t)0x0B02) ///< The firmware download took too long
|
||||
#define SL_STATUS_WIFI_UNSUPPORTED_MESSAGE_ID ((sl_status_t)0x0B03) ///< Unknown request ID or wrong interface ID used
|
||||
#define SL_STATUS_WIFI_WARNING ((sl_status_t)0x0B04) ///< The request is successful but some parameters have been ignored
|
||||
#define SL_STATUS_WIFI_NO_PACKET_TO_RECEIVE ((sl_status_t)0x0B05) ///< No Packets waiting to be received
|
||||
#define SL_STATUS_WIFI_SLEEP_GRANTED ((sl_status_t)0x0B08) ///< The sleep mode is granted
|
||||
#define SL_STATUS_WIFI_SLEEP_NOT_GRANTED ((sl_status_t)0x0B09) ///< The WFx does not go back to sleep
|
||||
#define SL_STATUS_WIFI_SECURE_LINK_MAC_KEY_ERROR ((sl_status_t)0x0B10) ///< The SecureLink MAC key was not found
|
||||
#define SL_STATUS_WIFI_SECURE_LINK_MAC_KEY_ALREADY_BURNED ((sl_status_t)0x0B11) ///< The SecureLink MAC key is already installed in OTP
|
||||
#define SL_STATUS_WIFI_SECURE_LINK_RAM_MODE_NOT_ALLOWED ((sl_status_t)0x0B12) ///< The SecureLink MAC key cannot be installed in RAM
|
||||
#define SL_STATUS_WIFI_SECURE_LINK_FAILED_UNKNOWN_MODE ((sl_status_t)0x0B13) ///< The SecureLink MAC key installation failed
|
||||
#define SL_STATUS_WIFI_SECURE_LINK_EXCHANGE_FAILED ((sl_status_t)0x0B14) ///< SecureLink key (re)negotiation failed
|
||||
#define SL_STATUS_WIFI_WRONG_STATE ((sl_status_t)0x0B18) ///< The device is in an inappropriate state to perform the request
|
||||
#define SL_STATUS_WIFI_CHANNEL_NOT_ALLOWED ((sl_status_t)0x0B19) ///< The request failed due to regulatory limitations
|
||||
#define SL_STATUS_WIFI_NO_MATCHING_AP ((sl_status_t)0x0B1A) ///< The connection request failed because no suitable AP was found
|
||||
#define SL_STATUS_WIFI_CONNECTION_ABORTED ((sl_status_t)0x0B1B) ///< The connection request was aborted by host
|
||||
#define SL_STATUS_WIFI_CONNECTION_TIMEOUT ((sl_status_t)0x0B1C) ///< The connection request failed because of a timeout
|
||||
#define SL_STATUS_WIFI_CONNECTION_REJECTED_BY_AP ((sl_status_t)0x0B1D) ///< The connection request failed because the AP rejected the device
|
||||
#define SL_STATUS_WIFI_CONNECTION_AUTH_FAILURE ((sl_status_t)0x0B1E) ///< The connection request failed because the WPA handshake did not complete successfully
|
||||
#define SL_STATUS_WIFI_RETRY_EXCEEDED ((sl_status_t)0x0B1F) ///< The request failed because the retry limit was exceeded
|
||||
#define SL_STATUS_WIFI_TX_LIFETIME_EXCEEDED ((sl_status_t)0x0B20) ///< The request failed because the MSDU life time was exceeded
|
||||
|
||||
// -----------------------------------------------------------------------------
|
||||
// Data Types
|
||||
|
||||
typedef uint32_t sl_status_t;
|
||||
|
||||
// -----------------------------------------------------------------------------
|
||||
// Functions
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/********************************************************************************************************
|
||||
* sl_status_get_string_n()
|
||||
*
|
||||
* @brief Get a copy of the status string associated to the status code passed, up to
|
||||
* 'buffer_length' length, if the string associated to the status code is enabled. If not,
|
||||
* the error code number, in hex, prefixed by "SL_STATUS_" will be copied in the buffer
|
||||
* instead.
|
||||
* For example, the buffer would either contain "SL_STATUS_FAIL" if that status string is
|
||||
* enabled, or "SL_STATUS_0x0001" if the string is disabled, as SL_STATUS_FAIL's
|
||||
* value is 0x0001.
|
||||
*
|
||||
* @param status The status code from which to obtain the status string.
|
||||
*
|
||||
* @param buffer Pointer to a buffer in which the status string will be copied. A terminating
|
||||
* null-character will be appended after the copied status string.
|
||||
*
|
||||
* @param buffer_length Maximum number of characters that can be written in the buffer, including the
|
||||
* terminating null-character. If the status string would be longer than the
|
||||
* available length, it will be truncated and a null-terminating character will
|
||||
* be the last character contained in the buffer.
|
||||
*
|
||||
* @return The number of characters that would have been written if the buffer_length had been
|
||||
* sufficiently large, not counting the terminating null character.
|
||||
* If the status code is invalid, 0 or a negative number is returned.
|
||||
* Notice that only when this returned value is strictly positive and less than
|
||||
* buffer_length, the status string has been completely written in the buffer.
|
||||
*******************************************************************************************************/
|
||||
int32_t sl_status_get_string_n(sl_status_t status, char *buffer, uint32_t buffer_length);
|
||||
|
||||
/********************************************************************************************************
|
||||
* sl_status_print()
|
||||
*
|
||||
* @brief Print, through printf, the string associated to the passed status code. If the string
|
||||
* associated to the status code is enabled, the status string will be printed, for example
|
||||
* "SL_STATUS_OK". If the string associated to the status code is disabled, the status number,
|
||||
* in hex, prefixed by "SL_STATUS_" will be printed instead, for example "SL_STATUS_0x0000",
|
||||
* as SL_STATUS_OK's value is 0x0000.
|
||||
*
|
||||
* @param status The status code of which to print the status string.
|
||||
*******************************************************************************************************/
|
||||
void sl_status_print(sl_status_t status);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
/** @} (end addtogroup status) */
|
||||
|
||||
#endif /* SL_STATUS_H */
|
||||
|
|
@ -0,0 +1,133 @@
|
|||
/***************************************************************************//**
|
||||
* @file
|
||||
* @brief Silicon Labs SE Manager macros representing features.
|
||||
*******************************************************************************
|
||||
* # License
|
||||
* <b>Copyright 2023 Silicon Laboratories Inc. www.silabs.com</b>
|
||||
*******************************************************************************
|
||||
*
|
||||
* SPDX-License-Identifier: Zlib
|
||||
*
|
||||
* The licensor of this software is Silicon Laboratories Inc.
|
||||
*
|
||||
* This software is provided 'as-is', without any express or implied
|
||||
* warranty. In no event will the authors be held liable for any damages
|
||||
* arising from the use of this software.
|
||||
*
|
||||
* Permission is granted to anyone to use this software for any purpose,
|
||||
* including commercial applications, and to alter it and redistribute it
|
||||
* freely, subject to the following restrictions:
|
||||
*
|
||||
* 1. The origin of this software must not be misrepresented; you must not
|
||||
* claim that you wrote the original software. If you use this software
|
||||
* in a product, an acknowledgment in the product documentation would be
|
||||
* appreciated but is not required.
|
||||
* 2. Altered source versions must be plainly marked as such, and must not be
|
||||
* misrepresented as being the original software.
|
||||
* 3. This notice may not be removed or altered from any source distribution.
|
||||
*
|
||||
******************************************************************************/
|
||||
|
||||
#ifndef SLI_SE_MANAGER_FEATURES_H
|
||||
#define SLI_SE_MANAGER_FEATURES_H
|
||||
|
||||
#if !defined(__linux__)
|
||||
#include "em_device.h"
|
||||
#endif // !__linux__
|
||||
|
||||
#if defined(DOXYGEN)
|
||||
|
||||
#undef _SILICON_LABS_SECURITY_FEATURE // Allow doxygen to include the SVH only features
|
||||
|
||||
#define _SILICON_LABS_SECURITY_FEATURE _SILICON_LABS_SECURITY_FEATURE_VAULT
|
||||
#define SLI_MAILBOX_COMMAND_SUPPORTED
|
||||
#define SLI_VSE_MAILBOX_COMMAND_SUPPORTED
|
||||
#define SL_SE_MANAGER_YIELD_WHILE_WAITING_FOR_COMMAND_COMPLETION
|
||||
#define SLI_SE_COMMAND_STATUS_READ_RSTCAUSE_AVAILABLE
|
||||
#define SLI_SE_COMMAND_READ_TAMPER_RESET_CAUSE_AVAILABLE
|
||||
#define SLI_SE_COMMAND_DERIVE_KEY_PBKDF2_CMAC_AVAILABLE
|
||||
|
||||
#else // DOXYGEN
|
||||
|
||||
#if defined(__linux__)
|
||||
// ---------------------------- HOST ---------------------------- //
|
||||
|
||||
// The header is being used on a host system with Linux running on it,
|
||||
// assume that the endpoint attached to the host system is a SVH type.
|
||||
|
||||
#define SLI_SE_MANAGER_HOST_SYSTEM
|
||||
#define SLI_MAILBOX_COMMAND_SUPPORTED
|
||||
|
||||
#define _SILICON_LABS_SECURITY_FEATURE_SE (0)
|
||||
#define _SILICON_LABS_SECURITY_FEATURE_VAULT (1)
|
||||
#define _SILICON_LABS_SECURITY_FEATURE_ROT (2)
|
||||
#define _SILICON_LABS_SECURITY_FEATURE _SILICON_LABS_SECURITY_FEATURE_VAULT
|
||||
|
||||
#define SLI_SE_COMMAND_READ_TAMPER_RESET_CAUSE_AVAILABLE
|
||||
|
||||
#if defined(SLI_SE_MAJOR_VERSION_ONE)
|
||||
#define SLI_SE_COMMAND_STATUS_READ_RSTCAUSE_AVAILABLE
|
||||
|
||||
// EFR32xG23+ doesn't require padding of curve elements or other keys
|
||||
#define SLI_SE_KEY_PADDING_REQUIRED
|
||||
#define SLI_SE_P521_PADDING_BYTES (2u)
|
||||
|
||||
#define SLI_MINIMUM_REQUIRED_NUMBER_PARAMS (0u)
|
||||
#elif defined(SLI_SE_MAJOR_VERSION_TWO)
|
||||
#define SLI_SE_P521_PADDING_BYTES (0u)
|
||||
// PBKDF2 with CMAC as the PRF was first supported on EFR32xG23.
|
||||
#define SLI_SE_COMMAND_DERIVE_KEY_PBKDF2_CMAC_AVAILABLE
|
||||
#define SLI_MINIMUM_REQUIRED_NUMBER_PARAMS (1u)
|
||||
#endif
|
||||
|
||||
// Define the helper macros needed for the host system
|
||||
#define __REV(num) (((num & 0xFF000000) >> 24) \
|
||||
| ((num & 0x00FF0000) >> 8) \
|
||||
| ((num & 0x0000FF00) << 8) \
|
||||
| ((num & 0x000000FF) << 24))
|
||||
|
||||
#elif defined(SEMAILBOX_PRESENT)
|
||||
// --------------------------------- HSE --------------------------------- //
|
||||
|
||||
#define SLI_MAILBOX_COMMAND_SUPPORTED
|
||||
|
||||
#if (defined(_SILICON_LABS_SECURITY_FEATURE) \
|
||||
&& (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) \
|
||||
&& (_SILICON_LABS_32B_SERIES_2_CONFIG >= 3))
|
||||
// Reading the latest cached tamper reset cause requires SE version 2.2.1 or above.
|
||||
#define SLI_SE_COMMAND_READ_TAMPER_RESET_CAUSE_AVAILABLE
|
||||
// The option to keep the tamper alive during sleep is only configurable for SE with major version 2
|
||||
#define SLI_SE_TAMPER_FLAG_KEEP_TAMPER_ALIVE_AVAILABLE
|
||||
#endif
|
||||
|
||||
#if defined(_SILICON_LABS_32B_SERIES_2_CONFIG_1)
|
||||
#define SLI_SE_MAJOR_VERSION_ONE
|
||||
#else
|
||||
#define SLI_SE_MAJOR_VERSION_TWO
|
||||
#endif
|
||||
|
||||
#if defined(SLI_SE_MAJOR_VERSION_ONE)
|
||||
#define SLI_SE_COMMAND_STATUS_READ_RSTCAUSE_AVAILABLE
|
||||
|
||||
// EFR32xG23+ doesn't require padding of curve elements or other keys
|
||||
#define SLI_SE_KEY_PADDING_REQUIRED
|
||||
#define SLI_SE_P521_PADDING_BYTES (2u)
|
||||
|
||||
#define SLI_MINIMUM_REQUIRED_NUMBER_PARAMS (0u)
|
||||
#elif defined(SLI_SE_MAJOR_VERSION_TWO)
|
||||
#define SLI_SE_P521_PADDING_BYTES (0u)
|
||||
// PBKDF2 with CMAC as the PRF was first supported on EFR32xG23.
|
||||
#define SLI_SE_COMMAND_DERIVE_KEY_PBKDF2_CMAC_AVAILABLE
|
||||
#define SLI_MINIMUM_REQUIRED_NUMBER_PARAMS (1u)
|
||||
#endif
|
||||
|
||||
#elif defined(CRYPTOACC_PRESENT)
|
||||
// --------------------------------- VSE --------------------------------- //
|
||||
|
||||
#define SLI_VSE_MAILBOX_COMMAND_SUPPORTED
|
||||
|
||||
#endif // __linux__
|
||||
|
||||
#endif // DOXYGEN
|
||||
|
||||
#endif // SLI_SE_MANAGER_FEATURES_H
|
||||
|
|
@ -30,9 +30,9 @@
|
|||
#ifndef SE_MANAGER_INTERNAL_H
|
||||
#define SE_MANAGER_INTERNAL_H
|
||||
|
||||
#include "em_device.h"
|
||||
#include "sli_se_manager_features.h"
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(CRYPTOACC_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED) || defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
#include "sl_status.h"
|
||||
#include "em_se.h"
|
||||
|
|
@ -79,10 +79,10 @@ extern "C" {
|
|||
#define SLI_SE_RESPONSE_NOT_INITIALIZED 0x000B0000UL
|
||||
/// Abort status code is given when no operation is attempted.
|
||||
#define SLI_SE_RESPONSE_ABORT 0x00FF0000UL
|
||||
#if defined(CRYPTOACC_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(CRYPTOACC_PRESENT)
|
||||
/// Root Code Mailbox is invalid.
|
||||
#define SLI_SE_RESPONSE_MAILBOX_INVALID 0x00FE0000UL
|
||||
#endif
|
||||
#endif // CRYPTOACC_PRESENT
|
||||
|
||||
// -------------------------------
|
||||
// SE command words
|
||||
|
|
@ -107,13 +107,14 @@ extern "C" {
|
|||
#define SLI_SE_COMMAND_DBG_LOCK_APPLY 0x430C0000UL
|
||||
|
||||
// Commands limited to SE devices
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
#define SLI_SE_COMMAND_CREATE_KEY 0x02000000UL
|
||||
#define SLI_SE_COMMAND_READPUB_KEY 0x02010000UL
|
||||
|
||||
#define SLI_SE_COMMAND_HASH 0x03000000UL
|
||||
#define SLI_SE_COMMAND_HASHUPDATE 0x03010000UL
|
||||
#define SLI_SE_COMMAND_HMAC 0x03020000UL
|
||||
#define SLI_SE_COMMAND_HASHFINISH 0x03030000UL
|
||||
|
||||
#define SLI_SE_COMMAND_AES_ENCRYPT 0x04000000UL
|
||||
#define SLI_SE_COMMAND_AES_DECRYPT 0x04010000UL
|
||||
|
|
@ -149,16 +150,20 @@ extern "C" {
|
|||
#define SLI_SE_COMMAND_DBG_LOCK_STATUS 0x43110000UL
|
||||
#define SLI_SE_COMMAND_DBG_SET_RESTRICTIONS 0x43120000UL
|
||||
#define SLI_SE_COMMAND_PROTECTED_REGISTER 0x43210000UL
|
||||
#if defined(_SILICON_LABS_32B_SERIES_2_CONFIG_1)
|
||||
#if defined(SLI_SE_COMMAND_STATUS_READ_RSTCAUSE_AVAILABLE)
|
||||
// SLI_SE_COMMAND_STATUS_READ_RSTCAUSE is only available on xG21 devices (series-2-config-1)
|
||||
#define SLI_SE_COMMAND_STATUS_READ_RSTCAUSE 0x43220000UL
|
||||
#endif
|
||||
#define SLI_SE_COMMAND_READ_USER_CERT_SIZE 0x43FA0000UL
|
||||
#define SLI_SE_COMMAND_READ_USER_CERT 0x43FB0000UL
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) || defined(DOXYGEN)
|
||||
#define SLI_SE_COMMAND_ATTEST_PSA_IAT 0x0A030000UL
|
||||
#define SLI_SE_COMMAND_ATTEST_CONFIG 0x0A040000UL
|
||||
#endif
|
||||
#endif // SLI_SE_COMMAND_STATUS_READ_RSTCAUSE_AVAILABLE
|
||||
#define SLI_SE_COMMAND_READ_USER_CERT_SIZE 0x43FA0000UL
|
||||
#define SLI_SE_COMMAND_READ_USER_CERT 0x43FB0000UL
|
||||
|
||||
#define SLI_SE_COMMAND_ENTER_ACTIVE_MODE 0x45000000UL
|
||||
#define SLI_SE_COMMAND_EXIT_ACTIVE_MODE 0x45010000UL
|
||||
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
#define SLI_SE_COMMAND_ATTEST_PSA_IAT 0x0A030000UL
|
||||
#define SLI_SE_COMMAND_ATTEST_CONFIG 0x0A040000UL
|
||||
#endif // _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
|
||||
#define SLI_SE_COMMAND_GET_CHALLENGE 0xFD000001UL
|
||||
#define SLI_SE_COMMAND_ROLL_CHALLENGE 0xFD000101UL
|
||||
|
|
@ -169,31 +174,32 @@ extern "C" {
|
|||
#define SLI_SE_COMMAND_READ_PUBKEYBOOT 0xFE020001UL
|
||||
#define SLI_SE_COMMAND_SET_UPGRADEFLAG_SE 0xFE030000UL
|
||||
#define SLI_SE_COMMAND_SET_UPGRADEFLAG_HOST 0xFE030001UL
|
||||
#define SLI_SE_COMMAND_READ_TAMPER_RESET_CAUSE 0xFE050000UL
|
||||
|
||||
#define SLI_SE_COMMAND_INIT_PUBKEY_SIGNATURE 0xFF090001UL
|
||||
#define SLI_SE_COMMAND_READ_PUBKEY_SIGNATURE 0xFF0A0001UL
|
||||
#define SLI_SE_COMMAND_INIT_AES_128_KEY 0xFF0B0001UL
|
||||
#endif // SEMAILBOX_PRESENT
|
||||
#endif // SLI_MAILBOX_COMMAND_SUPPORTED
|
||||
|
||||
// Commands limited to SE Vault High devices
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) || defined(DOXYGEN)
|
||||
#define SLI_SE_COMMAND_WRAP_KEY 0x01000000UL
|
||||
#define SLI_SE_COMMAND_UNWRAP_KEY 0x01020000UL
|
||||
#define SLI_SE_COMMAND_DELETE_KEY 0x01050000UL
|
||||
#define SLI_SE_COMMAND_TRANSFER_KEY 0x01060000UL
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
#define SLI_SE_COMMAND_WRAP_KEY 0x01000000UL
|
||||
#define SLI_SE_COMMAND_UNWRAP_KEY 0x01020000UL
|
||||
#define SLI_SE_COMMAND_DELETE_KEY 0x01050000UL
|
||||
#define SLI_SE_COMMAND_TRANSFER_KEY 0x01060000UL
|
||||
|
||||
#define SLI_SE_COMMAND_DERIVE_KEY_PBKDF2_HMAC 0x02020002UL
|
||||
#define SLI_SE_COMMAND_DERIVE_KEY_HKDF 0x02020003UL
|
||||
#define SLI_SE_COMMAND_DERIVE_KEY_PBKDF2_CMAC 0x02020010UL
|
||||
#define SLI_SE_COMMAND_DERIVE_KEY_PBKDF2_HMAC 0x02020002UL
|
||||
#define SLI_SE_COMMAND_DERIVE_KEY_HKDF 0x02020003UL
|
||||
#define SLI_SE_COMMAND_DERIVE_KEY_PBKDF2_CMAC 0x02020010UL
|
||||
|
||||
#define SLI_SE_COMMAND_CHACHAPOLY_ENCRYPT 0x0C000000UL
|
||||
#define SLI_SE_COMMAND_CHACHAPOLY_DECRYPT 0x0C010000UL
|
||||
#define SLI_SE_COMMAND_CHACHA20_ENCRYPT 0x0C020000UL
|
||||
#define SLI_SE_COMMAND_CHACHA20_DECRYPT 0x0C030000UL
|
||||
#define SLI_SE_COMMAND_POLY1305_KEY_MAC 0x0C040000UL
|
||||
#define SLI_SE_COMMAND_CHACHAPOLY_ENCRYPT 0x0C000000UL
|
||||
#define SLI_SE_COMMAND_CHACHAPOLY_DECRYPT 0x0C010000UL
|
||||
#define SLI_SE_COMMAND_CHACHA20_ENCRYPT 0x0C020000UL
|
||||
#define SLI_SE_COMMAND_CHACHA20_DECRYPT 0x0C030000UL
|
||||
#define SLI_SE_COMMAND_POLY1305_KEY_MAC 0x0C040000UL
|
||||
|
||||
#define SLI_SE_COMMAND_DISABLE_TAMPER 0xFD020001UL
|
||||
#endif // _SILICON_LABS_SECURITY_FEATURE_VAULT
|
||||
#define SLI_SE_COMMAND_DISABLE_TAMPER 0xFD020001UL
|
||||
#endif // _SILICON_LABS_SECURITY_FEATURE_VAULT
|
||||
|
||||
// -------------------------------
|
||||
// SE command options
|
||||
|
|
@ -205,13 +211,13 @@ extern "C" {
|
|||
#define SLI_SE_KEY_TYPE_AUTH 0x00000200UL
|
||||
|
||||
// Options limited to SE devices
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
/// Root pubkey
|
||||
#define SLI_SE_KEY_TYPE_ROOT 0x00000300UL
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) || defined(DOXYGEN)
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
/// Attestation pubkey
|
||||
#define SLI_SE_KEY_TYPE_ATTEST 0x00000400UL
|
||||
#endif // _SILICON_LABS_SECURITY_FEATURE_VAULT
|
||||
#define SLI_SE_KEY_TYPE_ATTEST 0x00000400UL
|
||||
#endif // _SILICON_LABS_SECURITY_FEATURE_VAULT
|
||||
/// BGL encryption key
|
||||
#define SLI_SE_IMMUTABLE_KEY_TYPE_AES_128 0x00000500UL
|
||||
|
||||
|
|
@ -249,18 +255,18 @@ extern "C" {
|
|||
#define SLI_SE_COMMAND_CERT_SE 0x00000200UL
|
||||
#define SLI_SE_COMMAND_CERT_HOST 0x00000300UL
|
||||
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) || defined(DOXYGEN)
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
/// Use SHA384 as hash algorithm
|
||||
#define SLI_SE_COMMAND_OPTION_HASH_SHA384 0x00000500UL
|
||||
#define SLI_SE_COMMAND_OPTION_HASH_SHA384 0x00000500UL
|
||||
/// Use SHA512 as hash algorithm
|
||||
#define SLI_SE_COMMAND_OPTION_HASH_SHA512 0x00000600UL
|
||||
#endif
|
||||
#endif // SEMAILBOX_PRESENT
|
||||
#define SLI_SE_COMMAND_OPTION_HASH_SHA512 0x00000600UL
|
||||
#endif // _SILICON_LABS_SECURITY_FEATURE_VAULT
|
||||
#endif // SLI_MAILBOX_COMMAND_SUPPORTED
|
||||
|
||||
// -------------------------------
|
||||
// Other defines
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
// Due to a problem with the countermeasures applied to
|
||||
// accelerated point multiplication over elliptic curves,
|
||||
// it is possible that random errors are encountered (this
|
||||
|
|
@ -270,16 +276,7 @@ extern "C" {
|
|||
// that the error code was returned incorrectly. This helps
|
||||
// lower the error probability further when using purposely
|
||||
// small or large scalars, for example during testing.
|
||||
#define SLI_SE_MAX_POINT_MULT_RETRIES 3U
|
||||
#endif
|
||||
|
||||
// EFR32xG23+ doesn't require padding of curve elements or other keys
|
||||
#if defined(_SILICON_LABS_32B_SERIES_2_CONFIG) \
|
||||
&& (_SILICON_LABS_32B_SERIES_2_CONFIG < 3)
|
||||
#define SLI_SE_KEY_PADDING_REQUIRED
|
||||
#define SLI_SE_P521_PADDING_BYTES 2
|
||||
#else
|
||||
#define SLI_SE_P521_PADDING_BYTES 0
|
||||
#define SLI_SE_MAX_POINT_MULT_RETRIES 3U
|
||||
#endif
|
||||
|
||||
// -------------------------------
|
||||
|
|
@ -302,7 +299,7 @@ extern "C" {
|
|||
cmd_ctx->command.data_out = NULL; \
|
||||
cmd_ctx->command.num_parameters = 0;
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
/***************************************************************************//**
|
||||
* @brief
|
||||
* Helper macros to add key parameters and input/output blocks to SE commands
|
||||
|
|
@ -363,7 +360,7 @@ extern "C" {
|
|||
return (status); \
|
||||
} \
|
||||
SE_addDataOutput(&cmd_ctx->command, &key_output_buffer);
|
||||
#endif // SEMAILBOX_PRESENT
|
||||
#endif // SLI_MAILBOX_COMMAND_SUPPORTED
|
||||
|
||||
/*******************************************************************************
|
||||
***************************** PROTOTYPES **********************************
|
||||
|
|
@ -403,7 +400,7 @@ sl_status_t sli_se_lock_release(void);
|
|||
******************************************************************************/
|
||||
sl_status_t sli_se_execute_and_wait(sl_se_command_context_t *cmd_ctx);
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(DOXYGEN)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
// Key handling helper functions
|
||||
sl_status_t sli_key_get_storage_size(const sl_se_key_descriptor_t* key,
|
||||
uint32_t *storage_size);
|
||||
|
|
@ -421,12 +418,12 @@ sl_status_t sli_se_get_auth_buffer(const sl_se_key_descriptor_t* key,
|
|||
SE_DataTransfer_t* auth_buffer);
|
||||
sl_status_t sli_se_get_key_input_output(const sl_se_key_descriptor_t* key,
|
||||
SE_DataTransfer_t* buffer);
|
||||
#endif // SEMAILBOX_PRESENT
|
||||
#endif // SLI_MAILBOX_COMMAND_SUPPORTED
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* defined(SEMAILBOX_PRESENT) || defined(CRYPTOACC_PRESENT) */
|
||||
#endif /* defined(SLI_MAILBOX_COMMAND_SUPPORTED) || defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED) */
|
||||
|
||||
#endif /* SE_MANAGER_INTERNAL_H */
|
||||
|
|
|
|||
|
|
@ -27,24 +27,25 @@
|
|||
* 3. This notice may not be removed or altered from any source distribution.
|
||||
*
|
||||
******************************************************************************/
|
||||
#include "em_device.h"
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(CRYPTOACC_PRESENT)
|
||||
|
||||
#include "sl_se_manager.h"
|
||||
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED) || defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
#if !defined(SL_CATALOG_TZ_SECURE_KEY_LIBRARY_NS_PRESENT)
|
||||
|
||||
#include "sli_se_manager_internal.h"
|
||||
#include "sli_se_manager_osal.h"
|
||||
#include "em_se.h"
|
||||
#include "sl_assert.h"
|
||||
#if defined(_CMU_CLKEN1_SEMAILBOXHOST_MASK)
|
||||
#include "em_bus.h"
|
||||
#endif
|
||||
#if !defined(SLI_SE_MANAGER_HOST_SYSTEM)
|
||||
#include "sli_se_manager_osal.h"
|
||||
#endif
|
||||
|
||||
#include <string.h>
|
||||
|
||||
/// @addtogroup sl_se_manager
|
||||
/// @addtogroup sl_se_managers
|
||||
/// @{
|
||||
|
||||
// -----------------------------------------------------------------------------
|
||||
|
|
@ -230,7 +231,7 @@ sl_status_t sli_se_to_sl_status(SE_Response_t res)
|
|||
return SL_STATUS_INITIALIZATION;
|
||||
case SLI_SE_RESPONSE_NOT_INITIALIZED:
|
||||
return SL_STATUS_NOT_INITIALIZED;
|
||||
#if defined(CRYPTOACC_PRESENT)
|
||||
#if defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
case SLI_SE_RESPONSE_MAILBOX_INVALID:
|
||||
return SL_STATUS_COMMAND_IS_INVALID;
|
||||
#endif
|
||||
|
|
@ -329,7 +330,7 @@ sl_status_t sl_se_set_yield(sl_se_command_context_t *cmd_ctx,
|
|||
* @return
|
||||
* Status code, @ref sl_status.h.
|
||||
******************************************************************************/
|
||||
#if defined(SEMAILBOX_PRESENT)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED) && !defined(SLI_SE_MANAGER_HOST_SYSTEM)
|
||||
sl_status_t sli_se_execute_and_wait(sl_se_command_context_t *cmd_ctx)
|
||||
{
|
||||
sl_status_t status;
|
||||
|
|
@ -392,7 +393,7 @@ sl_status_t sli_se_execute_and_wait(sl_se_command_context_t *cmd_ctx)
|
|||
}
|
||||
}
|
||||
|
||||
#elif defined(CRYPTOACC_PRESENT) // SEMAILBOX_PRESENT
|
||||
#elif defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED) // SLI_MAILBOX_COMMAND_SUPPORTED
|
||||
|
||||
sl_status_t sli_se_execute_and_wait(sl_se_command_context_t *cmd_ctx)
|
||||
{
|
||||
|
|
@ -479,7 +480,7 @@ sl_status_t sl_se_ack_command(sl_se_command_context_t *cmd_ctx)
|
|||
}
|
||||
}
|
||||
|
||||
#endif // CRYPTOACC_PRESENT
|
||||
#endif // SLI_VSE_MAILBOX_COMMAND_SUPPORTED
|
||||
|
||||
#endif // !SL_CATALOG_TZ_SECURE_KEY_LIBRARY_NS_PRESENT
|
||||
|
||||
|
|
@ -512,4 +513,4 @@ sl_status_t sl_se_deinit_command_context(sl_se_command_context_t *cmd_ctx)
|
|||
|
||||
/** @} (end addtogroup sl_se) */
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT) || defined(CRYPTOACC_PRESENT)
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED) || defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
|
|
|||
|
|
@ -27,23 +27,20 @@
|
|||
* 3. This notice may not be removed or altered from any source distribution.
|
||||
*
|
||||
******************************************************************************/
|
||||
#include "em_device.h"
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT)
|
||||
#include "sl_se_manager.h"
|
||||
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED) \
|
||||
&& (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
|
||||
#include "sl_se_manager.h"
|
||||
#include "sli_se_manager_internal.h"
|
||||
#include "sl_se_manager_attestation.h"
|
||||
#include "em_se.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/// @addtogroup sl_se_manager
|
||||
/// @{
|
||||
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
// -----------------------------------------------------------------------------
|
||||
// Static Functions
|
||||
|
||||
|
|
@ -294,12 +291,6 @@ sl_status_t sl_se_attestation_get_config_token_size(sl_se_command_context_t *cmd
|
|||
SLI_SE_COMMAND_ATTEST_CONFIG);
|
||||
}
|
||||
|
||||
#endif // (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
/** @} (end addtogroup sl_se_manager) */
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT)
|
||||
#endif // SLI_MAILBOX_COMMAND_SUPPORTED && VAULT
|
||||
|
|
|
|||
|
|
@ -27,18 +27,15 @@
|
|||
* 3. This notice may not be removed or altered from any source distribution.
|
||||
*
|
||||
******************************************************************************/
|
||||
#include "em_device.h"
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT)
|
||||
|
||||
#include "sl_se_manager.h"
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
#include "sli_se_manager_internal.h"
|
||||
#include "em_se.h"
|
||||
#include "sl_assert.h"
|
||||
#include <string.h>
|
||||
|
||||
#define BUFSIZE 16
|
||||
|
||||
/// @addtogroup sl_se_manager
|
||||
/// @{
|
||||
|
||||
|
|
@ -298,6 +295,51 @@ sl_status_t sl_se_aes_crypt_cfb8(sl_se_command_context_t *cmd_ctx,
|
|||
return ret;
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* Increment the input nonce counter by one
|
||||
******************************************************************************/
|
||||
static void increment_nonce_counter(uint8_t block_end, unsigned char nonce_counter[])
|
||||
{
|
||||
for (size_t i = 0u; i < SL_SE_AES_BLOCK_SIZE; i++) {
|
||||
nonce_counter[block_end - i] = nonce_counter[block_end - i] + 1u;
|
||||
if (nonce_counter[block_end - i] != 0u) {
|
||||
// did not overflow so no need to increment the value at next index
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#if (SLI_SE_AES_CTR_NUM_BLOCKS_BUFFERED > 1)
|
||||
/***************************************************************************//**
|
||||
* Prepare the SLI_SE_AES_CTR_NUM_BLOCKS_BUFFERED * SL_SE_AES_BLOCK_SIZE byte
|
||||
* wide stream block buffer that will be used as nonce counter for
|
||||
* encryption/decryption.
|
||||
******************************************************************************/
|
||||
static void prepare_nonce_counter(unsigned char nonce_counter[],
|
||||
unsigned char stream_block[])
|
||||
{
|
||||
uint8_t no_of_blocks = ((SLI_SE_AES_CTR_NUM_BLOCKS_BUFFERED * SL_SE_AES_BLOCK_SIZE) / SL_SE_AES_BLOCK_SIZE);
|
||||
// place the most recent counter in the first stream block
|
||||
memcpy(stream_block,
|
||||
nonce_counter,
|
||||
SL_SE_AES_BLOCK_SIZE);
|
||||
|
||||
for (size_t i = 0; i < no_of_blocks - 1u; i++) {
|
||||
// Use the first block's reference counter to update the other
|
||||
// blocks since it holds the most recent counter information.
|
||||
memcpy(&stream_block[i * SL_SE_AES_BLOCK_SIZE + SL_SE_AES_BLOCK_SIZE],
|
||||
&stream_block[i * SL_SE_AES_BLOCK_SIZE],
|
||||
SL_SE_AES_BLOCK_SIZE);
|
||||
increment_nonce_counter(((i + 2u) * SL_SE_AES_BLOCK_SIZE) - 1u, stream_block);
|
||||
}
|
||||
|
||||
// Store the largest counter back in the nonce counter buffer
|
||||
memcpy(nonce_counter,
|
||||
&stream_block[(no_of_blocks - 1u) * SL_SE_AES_BLOCK_SIZE],
|
||||
SL_SE_AES_BLOCK_SIZE);
|
||||
}
|
||||
#endif // SLI_SE_AES_CTR_NUM_BLOCKS_BUFFERED > 1
|
||||
|
||||
/***************************************************************************//**
|
||||
* AES-CTR buffer encryption/decryption.
|
||||
******************************************************************************/
|
||||
|
|
@ -306,7 +348,7 @@ sl_status_t sl_se_aes_crypt_ctr(sl_se_command_context_t *cmd_ctx,
|
|||
size_t length,
|
||||
uint32_t *nc_off,
|
||||
unsigned char nonce_counter[16],
|
||||
unsigned char stream_block[16],
|
||||
unsigned char stream_block[SLI_SE_AES_CTR_NUM_BLOCKS_BUFFERED * SL_SE_AES_BLOCK_SIZE],
|
||||
const unsigned char *input,
|
||||
unsigned char *output)
|
||||
{
|
||||
|
|
@ -325,11 +367,11 @@ sl_status_t sl_se_aes_crypt_ctr(sl_se_command_context_t *cmd_ctx,
|
|||
if (n > 0) {
|
||||
// start by filling up the IV
|
||||
output[processed] = (unsigned char)(input[processed] ^ stream_block[n]);
|
||||
n = (n + 1) & 0x0F;
|
||||
n = (n + 1) & ((SLI_SE_AES_CTR_NUM_BLOCKS_BUFFERED * SL_SE_AES_BLOCK_SIZE) - 1u);
|
||||
processed++;
|
||||
} else {
|
||||
// process one or more blocks of data
|
||||
uint32_t iterations = (length - processed) / 16;
|
||||
uint32_t iterations = (length - processed) / SL_SE_AES_BLOCK_SIZE;
|
||||
|
||||
if (iterations > 0) {
|
||||
sli_se_command_init(cmd_ctx,
|
||||
|
|
@ -340,25 +382,25 @@ sl_status_t sl_se_aes_crypt_ctr(sl_se_command_context_t *cmd_ctx,
|
|||
// Add key parameters to command
|
||||
sli_add_key_parameters(cmd_ctx, key, command_status);
|
||||
// Message size (number of bytes)
|
||||
SE_addParameter(se_cmd, iterations * 16);
|
||||
SE_addParameter(se_cmd, iterations * SL_SE_AES_BLOCK_SIZE);
|
||||
|
||||
// Add key metadata block to command
|
||||
sli_add_key_metadata(cmd_ctx, key, command_status);
|
||||
// Add key input block to command
|
||||
sli_add_key_input(cmd_ctx, key, command_status);
|
||||
|
||||
SE_DataTransfer_t iv_in = SE_DATATRANSFER_DEFAULT(nonce_counter, 16);
|
||||
SE_DataTransfer_t in = SE_DATATRANSFER_DEFAULT(&input[processed], iterations * 16);
|
||||
SE_DataTransfer_t iv_in = SE_DATATRANSFER_DEFAULT(nonce_counter, SL_SE_AES_BLOCK_SIZE);
|
||||
SE_DataTransfer_t in = SE_DATATRANSFER_DEFAULT(&input[processed], iterations * SL_SE_AES_BLOCK_SIZE);
|
||||
SE_addDataInput(se_cmd, &iv_in);
|
||||
SE_addDataInput(se_cmd, &in);
|
||||
|
||||
SE_DataTransfer_t out = SE_DATATRANSFER_DEFAULT(&output[processed], iterations * 16);
|
||||
SE_DataTransfer_t iv_out = SE_DATATRANSFER_DEFAULT(nonce_counter, 16);
|
||||
SE_DataTransfer_t out = SE_DATATRANSFER_DEFAULT(&output[processed], iterations * SL_SE_AES_BLOCK_SIZE);
|
||||
SE_DataTransfer_t iv_out = SE_DATATRANSFER_DEFAULT(nonce_counter, SL_SE_AES_BLOCK_SIZE);
|
||||
SE_addDataOutput(se_cmd, &out);
|
||||
SE_addDataOutput(se_cmd, &iv_out);
|
||||
|
||||
command_status = sli_se_execute_and_wait(cmd_ctx);
|
||||
processed += iterations * 16;
|
||||
processed += iterations * SL_SE_AES_BLOCK_SIZE;
|
||||
if (command_status != SL_STATUS_OK) {
|
||||
return command_status;
|
||||
}
|
||||
|
|
@ -367,26 +409,32 @@ sl_status_t sl_se_aes_crypt_ctr(sl_se_command_context_t *cmd_ctx,
|
|||
while ((length - processed) > 0) {
|
||||
if (n == 0) {
|
||||
// Get a new stream block
|
||||
unsigned char *counter_ptr = NULL;
|
||||
#if (SLI_SE_AES_CTR_NUM_BLOCKS_BUFFERED > 1)
|
||||
// Use the nonce counter buffer as the reference to create nonce counter blocks
|
||||
// needed to compute the key stream blocks. Also, update the nonce counter buffer
|
||||
// to store the latest block.
|
||||
prepare_nonce_counter(nonce_counter, stream_block);
|
||||
// The key stream buffer now holds the nonce counter
|
||||
counter_ptr = stream_block;
|
||||
#else
|
||||
counter_ptr = nonce_counter;
|
||||
#endif // SLI_SE_AES_CTR_NUM_BLOCKS_BUFFERED > 1
|
||||
|
||||
command_status = sl_se_aes_crypt_ecb(cmd_ctx,
|
||||
key,
|
||||
SL_SE_ENCRYPT,
|
||||
16U,
|
||||
nonce_counter,
|
||||
SLI_SE_AES_CTR_NUM_BLOCKS_BUFFERED * SL_SE_AES_BLOCK_SIZE,
|
||||
counter_ptr,
|
||||
stream_block);
|
||||
if (command_status != SL_STATUS_OK) {
|
||||
return command_status;
|
||||
}
|
||||
// increment nonce counter
|
||||
for (uint32_t i = 0; i < 16; i++) {
|
||||
nonce_counter[15 - i] = nonce_counter[15 - i] + 1;
|
||||
if (nonce_counter[15 - i] != 0) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
increment_nonce_counter(SL_SE_AES_BLOCK_SIZE - 1u, nonce_counter);
|
||||
}
|
||||
// Save remainder to IV
|
||||
output[processed] = (unsigned char)(input[processed] ^ stream_block[n]);
|
||||
n = (n + 1) & 0x0F;
|
||||
n = (n + 1) & ((SLI_SE_AES_CTR_NUM_BLOCKS_BUFFERED * SL_SE_AES_BLOCK_SIZE) - 1u);
|
||||
processed++;
|
||||
}
|
||||
}
|
||||
|
|
@ -442,9 +490,11 @@ sl_status_t sl_se_ccm_encrypt_and_tag(sl_se_command_context_t *cmd_ctx,
|
|||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
#if !defined(SLI_SE_MANAGER_HOST_SYSTEM)
|
||||
if ((uint32_t)output + length > RAM_MEM_END) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
#endif // SLI_SE_MANAGER_HOST_SYSTEM
|
||||
|
||||
sli_se_command_init(cmd_ctx, SLI_SE_COMMAND_AES_CCM_ENCRYPT);
|
||||
|
||||
|
|
@ -519,9 +569,11 @@ sl_status_t sl_se_ccm_auth_decrypt(sl_se_command_context_t *cmd_ctx,
|
|||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
#if !defined(SLI_SE_MANAGER_HOST_SYSTEM)
|
||||
if ((uint32_t)output + length > RAM_MEM_END) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
#endif // SLI_SE_MANAGER_HOST_SYSTEM
|
||||
|
||||
sli_se_command_init(cmd_ctx, SLI_SE_COMMAND_AES_CCM_DECRYPT);
|
||||
|
||||
|
|
@ -558,7 +610,7 @@ sl_status_t sl_se_ccm_auth_decrypt(sl_se_command_context_t *cmd_ctx,
|
|||
}
|
||||
}
|
||||
|
||||
#if (_SILICON_LABS_32B_SERIES_2_CONFIG == 1)
|
||||
#if defined(SLI_SE_MAJOR_VERSION_ONE)
|
||||
sl_status_t sl_se_ccm_multipart_starts(sl_se_ccm_multipart_context_t *ccm_ctx,
|
||||
sl_se_command_context_t *cmd_ctx,
|
||||
const sl_se_key_descriptor_t *key,
|
||||
|
|
@ -572,10 +624,10 @@ sl_status_t sl_se_ccm_multipart_starts(sl_se_ccm_multipart_context_t *ccm_ctx,
|
|||
{
|
||||
sl_status_t status = SL_STATUS_OK;
|
||||
uint8_t q;
|
||||
uint8_t b[BUFSIZE] = { 0 };
|
||||
uint8_t tag_out[BUFSIZE] = { 0 };
|
||||
uint8_t cbc_mac_state[BUFSIZE] = { 0 };
|
||||
uint8_t nonce_counter[BUFSIZE] = { 0 };
|
||||
uint8_t b[SL_SE_AES_BLOCK_SIZE] = { 0 };
|
||||
uint8_t tag_out[SL_SE_AES_BLOCK_SIZE] = { 0 };
|
||||
uint8_t cbc_mac_state[SL_SE_AES_BLOCK_SIZE] = { 0 };
|
||||
uint8_t nonce_counter[SL_SE_AES_BLOCK_SIZE] = { 0 };
|
||||
uint32_t len_left;
|
||||
|
||||
//Check input parameters
|
||||
|
|
@ -640,7 +692,7 @@ sl_status_t sl_se_ccm_multipart_starts(sl_se_ccm_multipart_context_t *ccm_ctx,
|
|||
status = sl_se_aes_crypt_cbc(cmd_ctx,
|
||||
key,
|
||||
SL_SE_ENCRYPT,
|
||||
BUFSIZE,
|
||||
SL_SE_AES_BLOCK_SIZE,
|
||||
cbc_mac_state,
|
||||
b,
|
||||
tag_out);
|
||||
|
|
@ -658,7 +710,7 @@ sl_status_t sl_se_ccm_multipart_starts(sl_se_ccm_multipart_context_t *ccm_ctx,
|
|||
// First block.
|
||||
b[0] = (unsigned char)((aad_len >> 8) & 0xFF);
|
||||
b[1] = (unsigned char)((aad_len) & 0xFF);
|
||||
use_len = len_left < BUFSIZE - 2 ? len_left : 16 - 2;
|
||||
use_len = len_left < SL_SE_AES_BLOCK_SIZE - 2 ? len_left : 16 - 2;
|
||||
memcpy(b + 2, aad, use_len);
|
||||
len_left -= use_len;
|
||||
aad += use_len;
|
||||
|
|
@ -666,7 +718,7 @@ sl_status_t sl_se_ccm_multipart_starts(sl_se_ccm_multipart_context_t *ccm_ctx,
|
|||
status = sl_se_aes_crypt_cbc(cmd_ctx,
|
||||
key,
|
||||
SL_SE_ENCRYPT,
|
||||
BUFSIZE,
|
||||
SL_SE_AES_BLOCK_SIZE,
|
||||
cbc_mac_state,
|
||||
b,
|
||||
tag_out);
|
||||
|
|
@ -682,7 +734,7 @@ sl_status_t sl_se_ccm_multipart_starts(sl_se_ccm_multipart_context_t *ccm_ctx,
|
|||
status = sl_se_aes_crypt_cbc(cmd_ctx,
|
||||
key,
|
||||
SL_SE_ENCRYPT,
|
||||
BUFSIZE,
|
||||
SL_SE_AES_BLOCK_SIZE,
|
||||
cbc_mac_state,
|
||||
b,
|
||||
tag_out);
|
||||
|
|
@ -719,9 +771,9 @@ sl_status_t sl_se_ccm_multipart_update(sl_se_ccm_multipart_context_t *ccm_ctx,
|
|||
sl_status_t status = SL_STATUS_OK;
|
||||
*output_length = 0;
|
||||
|
||||
uint8_t out_buf[BUFSIZE] = { 0 };
|
||||
uint8_t empty[BUFSIZE] = { 0 };
|
||||
uint8_t b[BUFSIZE] = { 0 };
|
||||
uint8_t out_buf[SL_SE_AES_BLOCK_SIZE] = { 0 };
|
||||
uint8_t empty[SL_SE_AES_BLOCK_SIZE * SLI_SE_AES_CTR_NUM_BLOCKS_BUFFERED] = { 0 };
|
||||
uint8_t b[SL_SE_AES_BLOCK_SIZE] = { 0 };
|
||||
|
||||
size_t len_left;
|
||||
|
||||
|
|
@ -757,8 +809,8 @@ sl_status_t sl_se_ccm_multipart_update(sl_se_ccm_multipart_context_t *ccm_ctx,
|
|||
input = output;
|
||||
}
|
||||
|
||||
if (length + ccm_ctx->final_data_length < BUFSIZE && length < BUFSIZE && ccm_ctx->processed_message_length + length != ccm_ctx->total_message_length ) {
|
||||
if (ccm_ctx->final_data_length > BUFSIZE) {
|
||||
if (length + ccm_ctx->final_data_length < SL_SE_AES_BLOCK_SIZE && length < SL_SE_AES_BLOCK_SIZE && ccm_ctx->processed_message_length + length != ccm_ctx->total_message_length ) {
|
||||
if (ccm_ctx->final_data_length > SL_SE_AES_BLOCK_SIZE) {
|
||||
// Context is not valid.
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
|
@ -775,19 +827,19 @@ sl_status_t sl_se_ccm_multipart_update(sl_se_ccm_multipart_context_t *ccm_ctx,
|
|||
// The only difference between encryption and decryption is
|
||||
// the respective order of authentication and {en,de}cryption.
|
||||
while (len_left > 0 ) {
|
||||
uint8_t use_len = len_left > BUFSIZE ? BUFSIZE : len_left;
|
||||
uint8_t use_len = len_left > SL_SE_AES_BLOCK_SIZE ? SL_SE_AES_BLOCK_SIZE : len_left;
|
||||
|
||||
memset(b, 0, sizeof(b));
|
||||
|
||||
// Process data stored in context first.
|
||||
if (ccm_ctx->final_data_length > 0) {
|
||||
if (ccm_ctx->final_data_length > BUFSIZE) {
|
||||
if (ccm_ctx->final_data_length > SL_SE_AES_BLOCK_SIZE) {
|
||||
// Context is not valid.
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
memcpy(b, ccm_ctx->final_data, ccm_ctx->final_data_length);
|
||||
memcpy(b + ccm_ctx->final_data_length, input, BUFSIZE - ccm_ctx->final_data_length);
|
||||
input += BUFSIZE - ccm_ctx->final_data_length;
|
||||
memcpy(b + ccm_ctx->final_data_length, input, SL_SE_AES_BLOCK_SIZE - ccm_ctx->final_data_length);
|
||||
input += SL_SE_AES_BLOCK_SIZE - ccm_ctx->final_data_length;
|
||||
ccm_ctx->final_data_length = 0;
|
||||
} else {
|
||||
memcpy(b, input, use_len);
|
||||
|
|
@ -798,7 +850,7 @@ sl_status_t sl_se_ccm_multipart_update(sl_se_ccm_multipart_context_t *ccm_ctx,
|
|||
status = sl_se_aes_crypt_cbc(cmd_ctx,
|
||||
key,
|
||||
SL_SE_ENCRYPT,
|
||||
BUFSIZE,
|
||||
SL_SE_AES_BLOCK_SIZE,
|
||||
ccm_ctx->cbc_mac_state,
|
||||
b,
|
||||
out_buf);
|
||||
|
|
@ -824,7 +876,7 @@ sl_status_t sl_se_ccm_multipart_update(sl_se_ccm_multipart_context_t *ccm_ctx,
|
|||
status = sl_se_aes_crypt_cbc(cmd_ctx,
|
||||
key,
|
||||
SL_SE_ENCRYPT,
|
||||
BUFSIZE,
|
||||
SL_SE_AES_BLOCK_SIZE,
|
||||
ccm_ctx->cbc_mac_state,
|
||||
b,
|
||||
out_buf);
|
||||
|
|
@ -838,7 +890,7 @@ sl_status_t sl_se_ccm_multipart_update(sl_se_ccm_multipart_context_t *ccm_ctx,
|
|||
len_left -= use_len;
|
||||
output += use_len;
|
||||
|
||||
if (len_left < BUFSIZE && ((ccm_ctx->processed_message_length + len_left) != ccm_ctx->total_message_length)) {
|
||||
if (len_left < SL_SE_AES_BLOCK_SIZE && ((ccm_ctx->processed_message_length + len_left) != ccm_ctx->total_message_length)) {
|
||||
memcpy(ccm_ctx->final_data, input, len_left);
|
||||
ccm_ctx->final_data_length = len_left;
|
||||
break;
|
||||
|
|
@ -863,8 +915,8 @@ sl_status_t sl_se_ccm_multipart_finish(sl_se_ccm_multipart_context_t *ccm_ctx,
|
|||
{
|
||||
(void)output;
|
||||
uint8_t q;
|
||||
uint8_t ctr[BUFSIZE] = { 0 };
|
||||
uint8_t out_tag[BUFSIZE] = { 0 };
|
||||
uint8_t ctr[SL_SE_AES_BLOCK_SIZE] = { 0 };
|
||||
uint8_t out_tag[SL_SE_AES_BLOCK_SIZE] = { 0 };
|
||||
//Check input parameters
|
||||
if (ccm_ctx == NULL || cmd_ctx == NULL || key == NULL || tag == NULL) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
|
|
@ -883,7 +935,7 @@ sl_status_t sl_se_ccm_multipart_finish(sl_se_ccm_multipart_context_t *ccm_ctx,
|
|||
memcpy(ctr + 1, ccm_ctx->iv, ccm_ctx->iv_len);
|
||||
|
||||
// Encrypt the tag with CTR.
|
||||
uint8_t empty[BUFSIZE] = { 0 };
|
||||
uint8_t empty[SL_SE_AES_BLOCK_SIZE * SLI_SE_AES_CTR_NUM_BLOCKS_BUFFERED] = { 0 };
|
||||
status = sl_se_aes_crypt_ctr(cmd_ctx,
|
||||
key,
|
||||
ccm_ctx->tag_len,
|
||||
|
|
@ -910,9 +962,9 @@ sl_status_t sl_se_ccm_multipart_finish(sl_se_ccm_multipart_context_t *ccm_ctx,
|
|||
*output_length = 0;
|
||||
return SL_STATUS_OK;
|
||||
}
|
||||
#endif// _SILICON_LABS_32B_SERIES_2_CONFIG == 1
|
||||
#endif // SLI_SE_MAJOR_VERSION_ONE
|
||||
|
||||
#if (_SILICON_LABS_32B_SERIES_2_CONFIG > 2)
|
||||
#if defined(SLI_SE_MAJOR_VERSION_TWO)
|
||||
/***************************************************************************//**
|
||||
* Prepare a CCM streaming command context object to be used in subsequent
|
||||
* CCM streaming function calls.
|
||||
|
|
@ -1038,7 +1090,7 @@ sl_status_t sl_se_ccm_multipart_starts(sl_se_ccm_multipart_context_t *ccm_ctx,
|
|||
* It is called between sl_se_ccm_multipart_starts() and sl_se_ccm_multipart_finish().
|
||||
* Can be called repeatedly.
|
||||
******************************************************************************/
|
||||
#if (_SILICON_LABS_32B_SERIES_2_CONFIG > 2)
|
||||
#if defined(SLI_SE_MAJOR_VERSION_TWO)
|
||||
sl_status_t sl_se_ccm_multipart_update(sl_se_ccm_multipart_context_t *ccm_ctx,
|
||||
sl_se_command_context_t *cmd_ctx,
|
||||
const sl_se_key_descriptor_t *key,
|
||||
|
|
@ -1071,9 +1123,11 @@ sl_status_t sl_se_ccm_multipart_update(sl_se_ccm_multipart_context_t *ccm_ctx,
|
|||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
#if !defined(SLI_SE_MANAGER_HOST_SYSTEM)
|
||||
if ((uint32_t)output + length > RAM_MEM_END) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
#endif // SLI_SE_MANAGER_HOST_SYSTEM
|
||||
|
||||
SE_Command_t *se_cmd = &cmd_ctx->command;
|
||||
*output_length = 0;
|
||||
|
|
@ -1220,7 +1274,7 @@ sl_status_t sl_se_ccm_multipart_update(sl_se_ccm_multipart_context_t *ccm_ctx,
|
|||
* Finish a CCM streaming operation and return the resulting CCM tag.
|
||||
* It is called after sl_se_ccm_multipart_update().
|
||||
******************************************************************************/
|
||||
#if (_SILICON_LABS_32B_SERIES_2_CONFIG > 2)
|
||||
#if defined(SLI_SE_MAJOR_VERSION_TWO)
|
||||
sl_status_t sl_se_ccm_multipart_finish(sl_se_ccm_multipart_context_t *ccm_ctx,
|
||||
sl_se_command_context_t *cmd_ctx,
|
||||
const sl_se_key_descriptor_t *key,
|
||||
|
|
@ -1420,19 +1474,6 @@ sl_status_t sl_se_cmac_multipart_finish(sl_se_cmac_multipart_context_t *cmac_ctx
|
|||
return status;
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* Finish a CMAC streaming operation and return the resulting CMAC tag.
|
||||
* It is called after sl_se_cmac_update(). Deprecated.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_cmac_finish(sl_se_cmac_streaming_context_t *cmac_ctx,
|
||||
uint8_t *output)
|
||||
{
|
||||
if (cmac_ctx == NULL || output == NULL) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
return sl_se_cmac_multipart_finish(&cmac_ctx->cmac_ctx, cmac_ctx->cmd_ctx, cmac_ctx->key, output);
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* Prepare a CMAC streaming command context object to be used in subsequent
|
||||
* CMAC streaming function calls.
|
||||
|
|
@ -1459,23 +1500,6 @@ sl_status_t sl_se_cmac_multipart_starts(sl_se_cmac_multipart_context_t *cmac_ctx
|
|||
return SL_STATUS_OK;
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* Prepare a CMAC streaming command context object to be used in subsequent
|
||||
* CMAC streaming function calls. Deprecated.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_cmac_starts(sl_se_cmac_streaming_context_t *cmac_ctx,
|
||||
sl_se_command_context_t *cmd_ctx,
|
||||
const sl_se_key_descriptor_t *key)
|
||||
{
|
||||
if (cmac_ctx == NULL) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
cmac_ctx->cmd_ctx = cmd_ctx;
|
||||
cmac_ctx->key = key;
|
||||
|
||||
return sl_se_cmac_multipart_starts(&cmac_ctx->cmac_ctx, cmac_ctx->cmd_ctx, cmac_ctx->key);
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* This function feeds an input buffer into an ongoing CMAC computation.
|
||||
* It is called between sl_se_cmac_starts() and sl_se_cmac_finish().
|
||||
|
|
@ -1549,22 +1573,6 @@ sl_status_t sl_se_cmac_multipart_update(sl_se_cmac_multipart_context_t *cmac_ctx
|
|||
return status;
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* This function feeds an input buffer into an ongoing CMAC computation.
|
||||
* It is called between sl_se_cmac_starts() and sl_se_cmac_finish().
|
||||
* Can be called repeatedly. Deprecatad.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_cmac_update(sl_se_cmac_streaming_context_t *cmac_ctx,
|
||||
const uint8_t *input,
|
||||
size_t input_len)
|
||||
{
|
||||
if (cmac_ctx == NULL ) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
return sl_se_cmac_multipart_update(&cmac_ctx->cmac_ctx, cmac_ctx->cmd_ctx, cmac_ctx->key, input, input_len);
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* Compute a HMAC on a full message.
|
||||
******************************************************************************/
|
||||
|
|
@ -1861,141 +1869,7 @@ sl_status_t sl_se_gcm_auth_decrypt(sl_se_command_context_t *cmd_ctx,
|
|||
return status;
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* GCM streaming encryption/decryption, initial stage. Deprecated.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_gcm_starts(sl_se_gcm_streaming_context_t *gcm_ctx,
|
||||
sl_se_command_context_t *cmd_ctx,
|
||||
const sl_se_key_descriptor_t *key,
|
||||
sl_se_cipher_operation_t mode,
|
||||
const uint8_t *iv,
|
||||
size_t iv_len,
|
||||
const uint8_t *add,
|
||||
size_t add_len)
|
||||
{
|
||||
sl_status_t status = SL_STATUS_OK;
|
||||
|
||||
// Check input parameters.
|
||||
if (gcm_ctx == NULL || cmd_ctx == NULL || key == NULL || iv == NULL
|
||||
|| (add_len > 0 && add == NULL)) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
if ((iv_len != 12)
|
||||
// AD are limited to 2^64 bits, so 2^61 bytes.
|
||||
// However, on 32 bit platforms, that amount of continous data cannot be
|
||||
// available.
|
||||
// || (((uint64_t)add_len) >> 61 != 0)
|
||||
) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
memset(gcm_ctx, 0, sizeof(sl_se_gcm_streaming_context_t));
|
||||
|
||||
gcm_ctx->mode = mode;
|
||||
gcm_ctx->len = 0;
|
||||
gcm_ctx->add_len = add_len;
|
||||
gcm_ctx->last_op = false;
|
||||
gcm_ctx->cmd_ctx = cmd_ctx;
|
||||
gcm_ctx->key = key;
|
||||
|
||||
if ( add_len > 0 ) {
|
||||
// Start with encryption
|
||||
// Need to do encryption twice: once to create the context, the other to
|
||||
// pre-compute the tag in case there's no more data coming.
|
||||
// (SE doesn't support a type of 'finalize' command. All operations with
|
||||
// 'END' set need to contain some data).
|
||||
|
||||
SE_Command_t *se_cmd = &cmd_ctx->command;
|
||||
SE_DataTransfer_t iv_in = SE_DATATRANSFER_DEFAULT(iv, iv_len);
|
||||
SE_DataTransfer_t add_in = SE_DATATRANSFER_DEFAULT(add, add_len);
|
||||
SE_DataTransfer_t tag_out = SE_DATATRANSFER_DEFAULT(gcm_ctx->tagbuf,
|
||||
sizeof(gcm_ctx->tagbuf));
|
||||
|
||||
sli_se_command_init(cmd_ctx,
|
||||
SLI_SE_COMMAND_AES_GCM_ENCRYPT
|
||||
| SLI_SE_COMMAND_OPTION_CONTEXT_WHOLE);
|
||||
|
||||
sli_add_key_parameters(cmd_ctx, key, status);
|
||||
SE_addParameter(se_cmd, add_len);
|
||||
SE_addParameter(se_cmd, 0);
|
||||
|
||||
sli_add_key_metadata(cmd_ctx, key, status);
|
||||
sli_add_key_input(cmd_ctx, key, status);
|
||||
|
||||
SE_addDataInput(se_cmd, &iv_in);
|
||||
SE_addDataInput(se_cmd, &add_in);
|
||||
SE_addDataOutput(se_cmd, &tag_out);
|
||||
|
||||
status = sli_se_execute_and_wait(cmd_ctx);
|
||||
if (status != SL_STATUS_OK) {
|
||||
memset(gcm_ctx->tagbuf, 0, sizeof(gcm_ctx->tagbuf));
|
||||
return status;
|
||||
}
|
||||
|
||||
{
|
||||
SE_DataTransfer_t iv_in = SE_DATATRANSFER_DEFAULT(iv, iv_len);
|
||||
SE_DataTransfer_t add_in = SE_DATATRANSFER_DEFAULT(add, add_len);
|
||||
SE_DataTransfer_t ctx_out =
|
||||
SE_DATATRANSFER_DEFAULT(gcm_ctx->se_ctx_enc, sizeof(gcm_ctx->se_ctx_enc));
|
||||
|
||||
sli_se_command_init(cmd_ctx,
|
||||
SLI_SE_COMMAND_AES_GCM_ENCRYPT
|
||||
| SLI_SE_COMMAND_OPTION_CONTEXT_START);
|
||||
|
||||
sli_add_key_parameters(cmd_ctx, key, status);
|
||||
SE_addParameter(se_cmd, add_len);
|
||||
SE_addParameter(se_cmd, 0);
|
||||
|
||||
sli_add_key_metadata(cmd_ctx, key, status);
|
||||
sli_add_key_input(cmd_ctx, key, status);
|
||||
|
||||
SE_addDataInput(se_cmd, &iv_in);
|
||||
SE_addDataInput(se_cmd, &add_in);
|
||||
SE_addDataOutput(se_cmd, &ctx_out);
|
||||
|
||||
status = sli_se_execute_and_wait(cmd_ctx);
|
||||
if (status != SL_STATUS_OK) {
|
||||
memset(gcm_ctx->se_ctx_enc, 0, sizeof(gcm_ctx->se_ctx_enc));
|
||||
return status;
|
||||
}
|
||||
}
|
||||
|
||||
// Do decryption if requested
|
||||
if (gcm_ctx->mode == SL_SE_DECRYPT) {
|
||||
SE_DataTransfer_t iv_in = SE_DATATRANSFER_DEFAULT((void*)iv, iv_len);
|
||||
SE_DataTransfer_t add_in = SE_DATATRANSFER_DEFAULT((void*)add, add_len);
|
||||
SE_DataTransfer_t ctx_out = SE_DATATRANSFER_DEFAULT(gcm_ctx->se_ctx_dec,
|
||||
sizeof(gcm_ctx->se_ctx_dec));
|
||||
|
||||
sli_se_command_init(cmd_ctx,
|
||||
SLI_SE_COMMAND_AES_GCM_DECRYPT
|
||||
| SLI_SE_COMMAND_OPTION_CONTEXT_START);
|
||||
|
||||
sli_add_key_parameters(cmd_ctx, key, status);
|
||||
SE_addParameter(se_cmd, add_len);
|
||||
SE_addParameter(se_cmd, 0);
|
||||
|
||||
sli_add_key_metadata(cmd_ctx, key, status);
|
||||
sli_add_key_input(cmd_ctx, key, status);
|
||||
|
||||
SE_addDataInput(se_cmd, &iv_in);
|
||||
SE_addDataInput(se_cmd, &add_in);
|
||||
SE_addDataOutput(se_cmd, &ctx_out);
|
||||
|
||||
status = sli_se_execute_and_wait(cmd_ctx);
|
||||
if (status != SL_STATUS_OK) {
|
||||
memset(gcm_ctx->se_ctx_dec, 0, sizeof(gcm_ctx->se_ctx_dec));
|
||||
return status;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
memcpy(gcm_ctx->se_ctx_enc, iv, iv_len);
|
||||
}
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
#if (_SILICON_LABS_32B_SERIES_2_CONFIG > 2)
|
||||
#if defined(SLI_SE_MAJOR_VERSION_TWO)
|
||||
/***************************************************************************//**
|
||||
* GCM multipart encryption/decryption, initial stage.
|
||||
******************************************************************************/
|
||||
|
|
@ -2108,8 +1982,6 @@ sl_status_t sl_se_gcm_multipart_starts(sl_se_gcm_multipart_context_t *gcm_ctx,
|
|||
gcm_ctx->len = 0;
|
||||
gcm_ctx->add_len = add_len;
|
||||
|
||||
SE_Command_t *se_cmd = &cmd_ctx->command;
|
||||
|
||||
// The start context requires some data, either additional data or input data.
|
||||
// Case add_len > 0: Run start command with additonal data to create ctx_out.
|
||||
// Case add_len = 0: Store iv in gcm_ctx and run start function with input data
|
||||
|
|
@ -2117,51 +1989,22 @@ sl_status_t sl_se_gcm_multipart_starts(sl_se_gcm_multipart_context_t *gcm_ctx,
|
|||
// input data < 16 run sl_se_gcm_auth_decrypt()/sl_se_gcm_crypt_and_tag() in
|
||||
// sl_se_gcm_multipart_finish.
|
||||
if ( add_len > 0 ) {
|
||||
{
|
||||
// Encrypt: Compute tag and store it in context and output tag in finish.
|
||||
// Decrypt: Compute tag and store it in context and compare it to the
|
||||
// input tag in finish to verify it.
|
||||
// Encrypt: Compute tag and store it in context and output tag in finish.
|
||||
// Decrypt: Compute tag and store it in context and compare it to the
|
||||
// input tag in finish to verify it.
|
||||
|
||||
// Explanation:The end-context in finish is currently not supporting 0 input data
|
||||
// for this config. For add_len = 0 and input_length = 0 we can run
|
||||
// sl_se_gcm_auth_decrypt()/sl_se_gcm_crypt_and_tag() in finish, so this is only
|
||||
// an issue for 0 input data and add_len != 0.
|
||||
SE_Command_t *se_cmd = &cmd_ctx->command;
|
||||
SE_DataTransfer_t iv_in = SE_DATATRANSFER_DEFAULT(iv, iv_len);
|
||||
SE_DataTransfer_t add_in = SE_DATATRANSFER_DEFAULT(add, add_len);
|
||||
SE_DataTransfer_t tag_out = SE_DATATRANSFER_DEFAULT(gcm_ctx->tagbuf,
|
||||
sizeof(gcm_ctx->tagbuf));
|
||||
|
||||
sli_se_command_init(cmd_ctx,
|
||||
SLI_SE_COMMAND_AES_GCM_ENCRYPT
|
||||
| SLI_SE_COMMAND_OPTION_CONTEXT_WHOLE);
|
||||
|
||||
sli_add_key_parameters(cmd_ctx, key, status);
|
||||
SE_addParameter(se_cmd, add_len);
|
||||
SE_addParameter(se_cmd, 0);
|
||||
|
||||
sli_add_key_metadata(cmd_ctx, key, status);
|
||||
sli_add_key_input(cmd_ctx, key, status);
|
||||
|
||||
SE_addDataInput(se_cmd, &iv_in);
|
||||
SE_addDataInput(se_cmd, &add_in);
|
||||
SE_addDataOutput(se_cmd, &tag_out);
|
||||
|
||||
status = sli_se_execute_and_wait(cmd_ctx);
|
||||
if (status != SL_STATUS_OK) {
|
||||
memset(gcm_ctx->tagbuf, 0, sizeof(gcm_ctx->tagbuf));
|
||||
return status;
|
||||
}
|
||||
}
|
||||
// Explanation:The end-context in finish is currently not supporting 0 input data
|
||||
// for this config. For add_len = 0 and input_length = 0 we can run
|
||||
// sl_se_gcm_auth_decrypt()/sl_se_gcm_crypt_and_tag() in finish, so this is only
|
||||
// an issue for 0 input data and add_len != 0.
|
||||
SE_Command_t *se_cmd = &cmd_ctx->command;
|
||||
SE_DataTransfer_t iv_in = SE_DATATRANSFER_DEFAULT(iv, iv_len);
|
||||
SE_DataTransfer_t add_in = SE_DATATRANSFER_DEFAULT(add, add_len);
|
||||
SE_DataTransfer_t ctx_out =
|
||||
SE_DATATRANSFER_DEFAULT(gcm_ctx->se_ctx, sizeof(gcm_ctx->se_ctx));
|
||||
|
||||
SE_DataTransfer_t tag_out = SE_DATATRANSFER_DEFAULT(gcm_ctx->tagbuf,
|
||||
sizeof(gcm_ctx->tagbuf));
|
||||
sli_se_command_init(cmd_ctx,
|
||||
(gcm_ctx->mode == SL_SE_DECRYPT ? SLI_SE_COMMAND_AES_GCM_DECRYPT
|
||||
: SLI_SE_COMMAND_AES_GCM_ENCRYPT)
|
||||
| SLI_SE_COMMAND_OPTION_CONTEXT_START);
|
||||
SLI_SE_COMMAND_AES_GCM_ENCRYPT
|
||||
| SLI_SE_COMMAND_OPTION_CONTEXT_WHOLE);
|
||||
|
||||
sli_add_key_parameters(cmd_ctx, key, status);
|
||||
SE_addParameter(se_cmd, add_len);
|
||||
|
|
@ -2172,7 +2015,25 @@ sl_status_t sl_se_gcm_multipart_starts(sl_se_gcm_multipart_context_t *gcm_ctx,
|
|||
|
||||
SE_addDataInput(se_cmd, &iv_in);
|
||||
SE_addDataInput(se_cmd, &add_in);
|
||||
SE_addDataOutput(se_cmd, &ctx_out);
|
||||
SE_addDataOutput(se_cmd, &tag_out);
|
||||
|
||||
status = sli_se_execute_and_wait(cmd_ctx);
|
||||
if (status != SL_STATUS_OK) {
|
||||
memset(gcm_ctx->tagbuf, 0, sizeof(gcm_ctx->tagbuf));
|
||||
return status;
|
||||
}
|
||||
|
||||
SE_DataTransfer_t ctx_out =
|
||||
SE_DATATRANSFER_DEFAULT(gcm_ctx->se_ctx, sizeof(gcm_ctx->se_ctx));
|
||||
|
||||
// Reuse the values of the command context object from the previous
|
||||
// operation, and only update the command word and the output data pointer.
|
||||
cmd_ctx->command.command =
|
||||
(gcm_ctx->mode == SL_SE_DECRYPT ? SLI_SE_COMMAND_AES_GCM_DECRYPT
|
||||
: SLI_SE_COMMAND_AES_GCM_ENCRYPT)
|
||||
| SLI_SE_COMMAND_OPTION_CONTEXT_START;
|
||||
|
||||
cmd_ctx->command.data_out = &ctx_out;
|
||||
|
||||
status = sli_se_execute_and_wait(cmd_ctx);
|
||||
if (status != SL_STATUS_OK) {
|
||||
|
|
@ -2188,238 +2049,7 @@ sl_status_t sl_se_gcm_multipart_starts(sl_se_gcm_multipart_context_t *gcm_ctx,
|
|||
}
|
||||
#endif
|
||||
|
||||
/***************************************************************************//**
|
||||
* GCM streaming encryption/decryption, update stage. Deprecated.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_gcm_update(sl_se_gcm_streaming_context_t *gcm_ctx,
|
||||
size_t length,
|
||||
const uint8_t *input,
|
||||
uint8_t *output)
|
||||
{
|
||||
uint32_t lena_lenc[4];
|
||||
sl_status_t status = SL_STATUS_OK;
|
||||
|
||||
// Check input parameters.
|
||||
if (gcm_ctx == NULL) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
if (length == 0) {
|
||||
return SL_STATUS_OK;
|
||||
}
|
||||
if (length > 0 && (input == NULL || output == NULL)) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
// Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes.
|
||||
// Also check for possible overflow.
|
||||
if (gcm_ctx->len + length < gcm_ctx->len
|
||||
|| (uint64_t)gcm_ctx->len + length > 0xFFFFFFFE0ULL) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
if (gcm_ctx->last_op == true) {
|
||||
// We've already closed the input stream, no way back.
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
SE_Command_t *se_cmd = &gcm_ctx->cmd_ctx->command;
|
||||
sl_se_command_context_t *cmd_ctx = gcm_ctx->cmd_ctx;
|
||||
|
||||
// Approach:
|
||||
// Encryption: encrypt regularly with context store. If input length is not
|
||||
// a block multiple, close the operation and store the resulting tag in a
|
||||
// tag buffer.
|
||||
// Decryption: decrypt regularly with context store. For each decryption,
|
||||
// re-encrypt the decrypted data with context store. If input length is not a
|
||||
// block multiple, close both operations and store the tag from the re-encrypt
|
||||
// in a tag buffer.
|
||||
// In both cases, the (re-)encryption is done twice: once assuming there is
|
||||
// more data to follow, and once assuming this is the final block.
|
||||
// Explanation: SE doesn't support a type of 'finalize' command. All
|
||||
// operations with 'END' set need to contain some data.
|
||||
|
||||
// Figure out whether we'll be closing out
|
||||
bool first_op = (gcm_ctx->add_len == 0 && gcm_ctx->len == 0) ? true : false;
|
||||
if ( length % 16 != 0) {
|
||||
// Indicate that this is our last op
|
||||
gcm_ctx->last_op = true;
|
||||
}
|
||||
if (first_op && gcm_ctx->last_op) {
|
||||
// Need to store length in context for later.
|
||||
gcm_ctx->len = length;
|
||||
return sl_se_gcm_crypt_and_tag(gcm_ctx->cmd_ctx,
|
||||
gcm_ctx->key,
|
||||
(sl_se_cipher_operation_t)gcm_ctx->mode,
|
||||
length,
|
||||
gcm_ctx->se_ctx_enc, 12,
|
||||
NULL, 0,
|
||||
input, output,
|
||||
// Compute max tag size (16 bytes)
|
||||
// and store it in the context
|
||||
16, gcm_ctx->tagbuf);
|
||||
}
|
||||
lena_lenc[0] = __REV(gcm_ctx->add_len >> 29);
|
||||
lena_lenc[1] = __REV((gcm_ctx->add_len << 3) & 0xFFFFFFFFUL);
|
||||
lena_lenc[2] = __REV((gcm_ctx->len + length) >> 29);
|
||||
lena_lenc[3] = __REV(((gcm_ctx->len + length) << 3) & 0xFFFFFFFFUL);
|
||||
|
||||
gcm_ctx->len += length;
|
||||
|
||||
if (gcm_ctx->mode == SL_SE_DECRYPT) {
|
||||
// Run decryption first
|
||||
SE_DataTransfer_t iv_ctx_in = SE_DATATRANSFER_DEFAULT(
|
||||
first_op ? gcm_ctx->se_ctx_enc : gcm_ctx->se_ctx_dec,
|
||||
first_op ? 12 : sizeof(gcm_ctx->se_ctx_dec));
|
||||
|
||||
SE_DataTransfer_t data_in = SE_DATATRANSFER_DEFAULT((void*)input, length);
|
||||
SE_DataTransfer_t lenalenc_in = SE_DATATRANSFER_DEFAULT(lena_lenc, sizeof(lena_lenc));
|
||||
SE_DataTransfer_t data_out = SE_DATATRANSFER_DEFAULT(output, length);
|
||||
SE_DataTransfer_t ctx_out = SE_DATATRANSFER_DEFAULT(gcm_ctx->se_ctx_dec,
|
||||
sizeof(gcm_ctx->se_ctx_dec));
|
||||
SE_DataTransfer_t mac_in = SE_DATATRANSFER_DEFAULT(gcm_ctx->tagbuf,
|
||||
sizeof(gcm_ctx->tagbuf));
|
||||
|
||||
sli_se_command_init(cmd_ctx,
|
||||
SLI_SE_COMMAND_AES_GCM_DECRYPT
|
||||
| (first_op
|
||||
? SLI_SE_COMMAND_OPTION_CONTEXT_START
|
||||
: (gcm_ctx->last_op
|
||||
? SLI_SE_COMMAND_OPTION_CONTEXT_END
|
||||
: SLI_SE_COMMAND_OPTION_CONTEXT_ADD)));
|
||||
|
||||
sli_add_key_parameters(cmd_ctx, gcm_ctx->key, status);
|
||||
SE_addParameter(se_cmd, 0);
|
||||
SE_addParameter(se_cmd, length);
|
||||
|
||||
sli_add_key_metadata(cmd_ctx, gcm_ctx->key, status);
|
||||
sli_add_key_input(cmd_ctx, gcm_ctx->key, status);
|
||||
|
||||
SE_addDataInput(se_cmd, &iv_ctx_in);
|
||||
SE_addDataInput(se_cmd, &data_in);
|
||||
SE_addDataOutput(se_cmd, &data_out);
|
||||
if (!gcm_ctx->last_op) {
|
||||
SE_addDataOutput(se_cmd, &ctx_out);
|
||||
} else {
|
||||
SE_addDataInput(se_cmd, &lenalenc_in);
|
||||
SE_addDataInput(se_cmd, &mac_in);
|
||||
}
|
||||
|
||||
status = sli_se_execute_and_wait(cmd_ctx);
|
||||
if ((status != SL_STATUS_OK) && (status != SL_STATUS_INVALID_SIGNATURE)) {
|
||||
memset(output, 0, length);
|
||||
memset(gcm_ctx->se_ctx_dec, 0, sizeof(gcm_ctx->se_ctx_dec));
|
||||
return status;
|
||||
}
|
||||
}
|
||||
|
||||
if (!gcm_ctx->last_op) {
|
||||
// We need to do the final calculation first, such that we keep the input
|
||||
// context intact.
|
||||
|
||||
SE_DataTransfer_t iv_ctx_in =
|
||||
SE_DATATRANSFER_DEFAULT(gcm_ctx->se_ctx_enc,
|
||||
first_op ? 12 : sizeof(gcm_ctx->se_ctx_enc));
|
||||
SE_DataTransfer_t data_in =
|
||||
SE_DATATRANSFER_DEFAULT(gcm_ctx->mode == SL_SE_ENCRYPT
|
||||
? (void*)input : (void*)output,
|
||||
length);
|
||||
SE_DataTransfer_t lenalenc_in = SE_DATATRANSFER_DEFAULT(&lena_lenc[0],
|
||||
sizeof(lena_lenc));
|
||||
SE_DataTransfer_t data_out = SE_DATATRANSFER_DEFAULT(NULL, length);
|
||||
SE_DataTransfer_t tag_out = SE_DATATRANSFER_DEFAULT(gcm_ctx->tagbuf,
|
||||
sizeof(gcm_ctx->tagbuf));
|
||||
|
||||
sli_se_command_init(cmd_ctx,
|
||||
SLI_SE_COMMAND_AES_GCM_ENCRYPT
|
||||
| (first_op
|
||||
? SLI_SE_COMMAND_OPTION_CONTEXT_WHOLE
|
||||
: SLI_SE_COMMAND_OPTION_CONTEXT_END));
|
||||
|
||||
sli_add_key_parameters(cmd_ctx, gcm_ctx->key, status);
|
||||
SE_addParameter(se_cmd, 0);
|
||||
SE_addParameter(se_cmd, length);
|
||||
|
||||
sli_add_key_metadata(cmd_ctx, gcm_ctx->key, status);
|
||||
sli_add_key_input(cmd_ctx, gcm_ctx->key, status);
|
||||
|
||||
SE_addDataInput(se_cmd, &iv_ctx_in);
|
||||
SE_addDataInput(se_cmd, &data_in);
|
||||
if (!first_op) {
|
||||
SE_addDataInput(se_cmd, &lenalenc_in);
|
||||
}
|
||||
data_out.length |= SE_DATATRANSFER_DISCARD;
|
||||
SE_addDataOutput(se_cmd, &data_out);
|
||||
SE_addDataOutput(se_cmd, &tag_out);
|
||||
|
||||
status = sli_se_execute_and_wait(cmd_ctx);
|
||||
if (status != SL_STATUS_OK) {
|
||||
memset(gcm_ctx->tagbuf, 0, sizeof(gcm_ctx->tagbuf));
|
||||
return status;
|
||||
}
|
||||
}
|
||||
|
||||
{
|
||||
SE_DataTransfer_t iv_ctx_in =
|
||||
SE_DATATRANSFER_DEFAULT(gcm_ctx->se_ctx_enc,
|
||||
first_op ? 12 : sizeof(gcm_ctx->se_ctx_enc));
|
||||
SE_DataTransfer_t data_in =
|
||||
SE_DATATRANSFER_DEFAULT(gcm_ctx->mode == SL_SE_ENCRYPT
|
||||
? (void*)input
|
||||
: (void*)output, length);
|
||||
SE_DataTransfer_t lenalenc_in = SE_DATATRANSFER_DEFAULT(&lena_lenc[0],
|
||||
sizeof(lena_lenc));
|
||||
|
||||
SE_DataTransfer_t data_out = SE_DATATRANSFER_DEFAULT(output, length);
|
||||
SE_DataTransfer_t tag_out = SE_DATATRANSFER_DEFAULT(gcm_ctx->tagbuf,
|
||||
sizeof(gcm_ctx->tagbuf));
|
||||
SE_DataTransfer_t ctx_out = SE_DATATRANSFER_DEFAULT(gcm_ctx->se_ctx_enc,
|
||||
sizeof(gcm_ctx->se_ctx_enc));
|
||||
|
||||
sli_se_command_init(cmd_ctx,
|
||||
SLI_SE_COMMAND_AES_GCM_ENCRYPT
|
||||
| (first_op
|
||||
? SLI_SE_COMMAND_OPTION_CONTEXT_START
|
||||
: (gcm_ctx->last_op
|
||||
? SLI_SE_COMMAND_OPTION_CONTEXT_END
|
||||
: SLI_SE_COMMAND_OPTION_CONTEXT_ADD)));
|
||||
|
||||
sli_add_key_parameters(cmd_ctx, gcm_ctx->key, status);
|
||||
SE_addParameter(se_cmd, 0);
|
||||
SE_addParameter(se_cmd, length);
|
||||
|
||||
sli_add_key_metadata(cmd_ctx, gcm_ctx->key, status);
|
||||
sli_add_key_input(cmd_ctx, gcm_ctx->key, status);
|
||||
|
||||
SE_addDataInput(se_cmd, &iv_ctx_in);
|
||||
SE_addDataInput(se_cmd, &data_in);
|
||||
if (gcm_ctx->last_op) {
|
||||
SE_addDataInput(se_cmd, &lenalenc_in);
|
||||
}
|
||||
if (gcm_ctx->mode == SL_SE_DECRYPT) {
|
||||
data_out.data = NULL;
|
||||
data_out.length |= SE_DATATRANSFER_DISCARD;
|
||||
}
|
||||
SE_addDataOutput(se_cmd, &data_out);
|
||||
|
||||
if (gcm_ctx->last_op) {
|
||||
SE_addDataOutput(se_cmd, &tag_out);
|
||||
} else {
|
||||
SE_addDataOutput(se_cmd, &ctx_out);
|
||||
}
|
||||
|
||||
status = sli_se_execute_and_wait(cmd_ctx);
|
||||
|
||||
if (status != SL_STATUS_OK) {
|
||||
if (gcm_ctx->last_op) {
|
||||
memset(gcm_ctx->tagbuf, 0, sizeof(gcm_ctx->tagbuf));
|
||||
} else {
|
||||
memset(gcm_ctx->se_ctx_enc, 0, sizeof(gcm_ctx->se_ctx_enc));
|
||||
}
|
||||
}
|
||||
|
||||
return status;
|
||||
}
|
||||
}
|
||||
|
||||
#if (_SILICON_LABS_32B_SERIES_2_CONFIG > 2)
|
||||
#if defined(SLI_SE_MAJOR_VERSION_TWO)
|
||||
/***************************************************************************//**
|
||||
* GCM multipart encryption/decryption, update stage.
|
||||
******************************************************************************/
|
||||
|
|
@ -2590,7 +2220,7 @@ sl_status_t sl_se_gcm_multipart_update(sl_se_gcm_multipart_context_t *gcm_ctx,
|
|||
return SL_STATUS_OK;
|
||||
}
|
||||
|
||||
#else //devices with _SILICON_LABS_32B_SERIES_2_CONFIG < 3
|
||||
#else // SLI_SE_MAJOR_VERSION_ONE
|
||||
/***************************************************************************//**
|
||||
* GCM multipart encryption/decryption, update stage.
|
||||
******************************************************************************/
|
||||
|
|
@ -2848,33 +2478,6 @@ sl_status_t sl_se_gcm_multipart_update(sl_se_gcm_multipart_context_t *gcm_ctx,
|
|||
}
|
||||
#endif
|
||||
|
||||
/***************************************************************************//**
|
||||
* GCM streaming encryption/decryption, finish stage. Deprecated.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_gcm_finish(sl_se_gcm_streaming_context_t *gcm_ctx,
|
||||
uint8_t *tag,
|
||||
size_t tag_len)
|
||||
{
|
||||
if (gcm_ctx == NULL || tag == NULL || tag_len < 4 || tag_len > 16) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
if (gcm_ctx->add_len == 0 && gcm_ctx->len == 0) {
|
||||
return sl_se_gcm_crypt_and_tag(gcm_ctx->cmd_ctx,
|
||||
gcm_ctx->key,
|
||||
SL_SE_ENCRYPT,
|
||||
0,
|
||||
gcm_ctx->se_ctx_enc,
|
||||
12,
|
||||
NULL, 0,
|
||||
NULL, NULL,
|
||||
tag_len, tag);
|
||||
}
|
||||
|
||||
memcpy(tag, gcm_ctx->tagbuf, tag_len);
|
||||
return SL_STATUS_OK;
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* GCM multipart encryption/decryption, finish stage.
|
||||
******************************************************************************/
|
||||
|
|
@ -2903,7 +2506,7 @@ sl_status_t sl_se_gcm_multipart_finish(sl_se_gcm_multipart_context_t *gcm_ctx,
|
|||
length = gcm_ctx->final_data_length;
|
||||
gcm_ctx->len += ((length % 16 != 0) ? length : 0);
|
||||
|
||||
#if (_SILICON_LABS_32B_SERIES_2_CONFIG < 3)
|
||||
#if defined(SLI_SE_MAJOR_VERSION_ONE)
|
||||
if ((gcm_ctx->add_len > 0) && (gcm_ctx->len == 0)) {
|
||||
if (gcm_ctx->mode == SL_SE_DECRYPT) {
|
||||
if (memcmp_time_cst(tag, gcm_ctx->tagbuf, tag_length)) {
|
||||
|
|
@ -2917,7 +2520,7 @@ sl_status_t sl_se_gcm_multipart_finish(sl_se_gcm_multipart_context_t *gcm_ctx,
|
|||
}
|
||||
#endif
|
||||
|
||||
#if (_SILICON_LABS_32B_SERIES_2_CONFIG < 3)
|
||||
#if defined(SLI_SE_MAJOR_VERSION_ONE)
|
||||
// For xG21 devices, since the multipart finish command cannot handle cases without
|
||||
// more data being passed as part of the finish call, there are two cases for which
|
||||
// a finish call can condense into a one-shot operation:
|
||||
|
|
@ -2982,7 +2585,7 @@ sl_status_t sl_se_gcm_multipart_finish(sl_se_gcm_multipart_context_t *gcm_ctx,
|
|||
SE_DataTransfer_t data_in =
|
||||
SE_DATATRANSFER_DEFAULT(gcm_ctx->final_data, length);
|
||||
|
||||
#if (_SILICON_LABS_32B_SERIES_2_CONFIG < 3)
|
||||
#if defined(SLI_SE_MAJOR_VERSION_ONE)
|
||||
SE_DataTransfer_t iv_ctx_in = SE_DATATRANSFER_DEFAULT((length % 16 != 0 || length == 0) ? gcm_ctx->se_ctx : gcm_ctx->previous_se_ctx, sizeof(gcm_ctx->previous_se_ctx));
|
||||
#else
|
||||
SE_DataTransfer_t iv_ctx_in = SE_DATATRANSFER_DEFAULT(gcm_ctx->se_ctx, sizeof(gcm_ctx->se_ctx));
|
||||
|
|
@ -3277,4 +2880,4 @@ sl_status_t sl_se_poly1305_genkey_tag(sl_se_command_context_t *cmd_ctx,
|
|||
|
||||
/** @} (end addtogroup sl_se) */
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT)
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
|
|
|||
|
|
@ -27,14 +27,13 @@
|
|||
* 3. This notice may not be removed or altered from any source distribution.
|
||||
*
|
||||
******************************************************************************/
|
||||
#include "em_device.h"
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT)
|
||||
|
||||
#include "sl_se_manager.h"
|
||||
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
#include "sli_se_manager_internal.h"
|
||||
#include "em_se.h"
|
||||
#include "em_system.h"
|
||||
#include <string.h>
|
||||
|
||||
/// @addtogroup sl_se_manager
|
||||
|
|
@ -101,4 +100,4 @@ sl_status_t sl_se_get_random(sl_se_command_context_t *cmd_ctx,
|
|||
|
||||
/** @} (end addtogroup sl_se) */
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT)
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
|
|
|||
|
|
@ -27,11 +27,11 @@
|
|||
* 3. This notice may not be removed or altered from any source distribution.
|
||||
*
|
||||
******************************************************************************/
|
||||
#include "em_device.h"
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT)
|
||||
|
||||
#include "sl_se_manager.h"
|
||||
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
#include "sli_se_manager_internal.h"
|
||||
#include "em_se.h"
|
||||
#include "sl_assert.h"
|
||||
|
|
@ -75,34 +75,6 @@ sl_status_t sl_se_hash_sha1_multipart_starts(sl_se_sha1_multipart_context_t *sha
|
|||
return SL_STATUS_OK;
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* Start a SHA1 stream operation. Deprecated.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_hash_sha1_starts(sl_se_hash_streaming_context_t *hash_ctx,
|
||||
sl_se_command_context_t *cmd_ctx,
|
||||
sl_se_sha1_streaming_context_t *sha1_ctx)
|
||||
{
|
||||
if (hash_ctx == NULL || cmd_ctx == NULL || sha1_ctx == NULL ) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
hash_ctx->cmd_ctx = cmd_ctx;
|
||||
|
||||
sl_se_sha1_multipart_context_t sha1_ctx_multi;
|
||||
|
||||
sl_status_t status = sl_se_hash_sha1_multipart_starts(&sha1_ctx_multi, hash_ctx->cmd_ctx);
|
||||
if (status != SL_STATUS_OK) {
|
||||
return status;
|
||||
}
|
||||
memcpy(sha1_ctx->total, sha1_ctx_multi.total, sizeof(sha1_ctx->total));
|
||||
memcpy(sha1_ctx->state, sha1_ctx_multi.state, sizeof(sha1_ctx->state));
|
||||
|
||||
hash_ctx->hash_type_ctx = sha1_ctx;
|
||||
hash_ctx->hash_type = SL_SE_HASH_SHA1;
|
||||
|
||||
return SL_STATUS_OK;
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* Start a SHA224 stream operation.
|
||||
******************************************************************************/
|
||||
|
|
@ -134,36 +106,6 @@ sl_se_hash_sha224_multipart_starts(sl_se_sha224_multipart_context_t *sha224_ctx,
|
|||
return SL_STATUS_OK;
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* Start a SHA224 stream operation. Deprecated.
|
||||
******************************************************************************/
|
||||
sl_status_t
|
||||
sl_se_hash_sha224_starts(sl_se_hash_streaming_context_t *hash_ctx,
|
||||
sl_se_command_context_t *cmd_ctx,
|
||||
sl_se_sha224_streaming_context_t *sha224_ctx)
|
||||
{
|
||||
if (hash_ctx == NULL || cmd_ctx == NULL || sha224_ctx == NULL ) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
hash_ctx->cmd_ctx = cmd_ctx;
|
||||
|
||||
sl_se_sha224_multipart_context_t sha224_ctx_multi;
|
||||
|
||||
sl_status_t status = sl_se_hash_sha224_multipart_starts(&sha224_ctx_multi, hash_ctx->cmd_ctx);
|
||||
if (status != SL_STATUS_OK) {
|
||||
return status;
|
||||
}
|
||||
|
||||
memcpy(sha224_ctx->total, sha224_ctx_multi.total, sizeof(sha224_ctx->total));
|
||||
memcpy(sha224_ctx->state, sha224_ctx_multi.state, sizeof(sha224_ctx->state));
|
||||
|
||||
hash_ctx->hash_type_ctx = sha224_ctx;
|
||||
hash_ctx->hash_type = SL_SE_HASH_SHA224;
|
||||
|
||||
return SL_STATUS_OK;
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* Start a SHA256 stream operation.
|
||||
******************************************************************************/
|
||||
|
|
@ -195,36 +137,6 @@ sl_se_hash_sha256_multipart_starts(sl_se_sha256_multipart_context_t *sha256_ctx,
|
|||
return SL_STATUS_OK;
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* Start a SHA256 stream operation. Deprecated.
|
||||
******************************************************************************/
|
||||
sl_status_t
|
||||
sl_se_hash_sha256_starts(sl_se_hash_streaming_context_t *hash_ctx,
|
||||
sl_se_command_context_t *cmd_ctx,
|
||||
sl_se_sha256_streaming_context_t *sha256_ctx)
|
||||
{
|
||||
if (hash_ctx == NULL || cmd_ctx == NULL || sha256_ctx == NULL ) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
hash_ctx->cmd_ctx = cmd_ctx;
|
||||
|
||||
sl_se_sha256_multipart_context_t sha256_ctx_multi;
|
||||
|
||||
sl_status_t status = sl_se_hash_sha256_multipart_starts(&sha256_ctx_multi, hash_ctx->cmd_ctx);
|
||||
|
||||
if (status != SL_STATUS_OK) {
|
||||
return status;
|
||||
}
|
||||
memcpy(sha256_ctx->total, sha256_ctx_multi.total, sizeof(sha256_ctx->total));
|
||||
memcpy(sha256_ctx->state, sha256_ctx_multi.state, sizeof(sha256_ctx->state));
|
||||
|
||||
hash_ctx->hash_type = SL_SE_HASH_SHA256;
|
||||
hash_ctx->hash_type_ctx = sha256_ctx;
|
||||
|
||||
return SL_STATUS_OK;
|
||||
}
|
||||
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
/***************************************************************************//**
|
||||
* Start a SHA384 stream operation.
|
||||
|
|
@ -259,35 +171,6 @@ sl_se_hash_sha384_multipart_starts(sl_se_sha384_multipart_context_t *sha384_ctx,
|
|||
return SL_STATUS_OK;
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* Start a SHA384 stream operation. Deprecated.
|
||||
******************************************************************************/
|
||||
sl_status_t
|
||||
sl_se_hash_sha384_starts(sl_se_hash_streaming_context_t *hash_ctx,
|
||||
sl_se_command_context_t *cmd_ctx,
|
||||
sl_se_sha384_streaming_context_t *sha384_ctx)
|
||||
{
|
||||
if (hash_ctx == NULL || cmd_ctx == NULL || sha384_ctx == NULL ) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
hash_ctx->cmd_ctx = cmd_ctx;
|
||||
|
||||
sl_se_sha384_multipart_context_t sha384_ctx_multi;
|
||||
|
||||
sl_status_t status = sl_se_hash_sha384_multipart_starts(&sha384_ctx_multi, hash_ctx->cmd_ctx);
|
||||
if (status != SL_STATUS_OK) {
|
||||
return status;
|
||||
}
|
||||
|
||||
memcpy(sha384_ctx->total, sha384_ctx_multi.total, sizeof(sha384_ctx->total));
|
||||
memcpy(sha384_ctx->state, sha384_ctx_multi.state, sizeof(sha384_ctx->state));
|
||||
|
||||
hash_ctx->hash_type = SL_SE_HASH_SHA384;
|
||||
hash_ctx->hash_type_ctx = sha384_ctx;
|
||||
|
||||
return SL_STATUS_OK;
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* Start a SHA512 stream operation.
|
||||
******************************************************************************/
|
||||
|
|
@ -320,35 +203,6 @@ sl_se_hash_sha512_multipart_starts(sl_se_sha512_multipart_context_t *sha512_ctx,
|
|||
return SL_STATUS_OK;
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* Start a SHA512 stream operation. Deprecated.
|
||||
******************************************************************************/
|
||||
sl_status_t
|
||||
sl_se_hash_sha512_starts(sl_se_hash_streaming_context_t *hash_ctx,
|
||||
sl_se_command_context_t *cmd_ctx,
|
||||
sl_se_sha512_streaming_context_t *sha512_ctx)
|
||||
{
|
||||
if (hash_ctx == NULL || cmd_ctx == NULL || sha512_ctx == NULL ) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
hash_ctx->cmd_ctx = cmd_ctx;
|
||||
|
||||
sl_se_sha512_multipart_context_t sha512_ctx_multi;
|
||||
|
||||
sl_status_t status = sl_se_hash_sha512_multipart_starts(&sha512_ctx_multi, hash_ctx->cmd_ctx);
|
||||
if (status != SL_STATUS_OK) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
memcpy(sha512_ctx->total, sha512_ctx_multi.total, sizeof(sha512_ctx->total));
|
||||
memcpy(sha512_ctx->state, sha512_ctx_multi.state, sizeof(sha512_ctx->state));
|
||||
|
||||
hash_ctx->hash_type = SL_SE_HASH_SHA512;
|
||||
hash_ctx->hash_type_ctx = sha512_ctx;
|
||||
|
||||
return SL_STATUS_OK;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/***************************************************************************//**
|
||||
|
|
@ -391,55 +245,6 @@ sl_status_t sl_se_hash_multipart_starts(void *hash_type_ctx,
|
|||
}
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* Start a hash stream operation. Deprecated.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_hash_starts(sl_se_hash_streaming_context_t *hash_ctx,
|
||||
sl_se_command_context_t *cmd_ctx,
|
||||
sl_se_hash_type_t hash_type,
|
||||
void *hash_type_ctx)
|
||||
{
|
||||
if (hash_ctx == NULL || cmd_ctx == NULL || hash_type_ctx == NULL) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
switch (hash_type) {
|
||||
case SL_SE_HASH_SHA1:
|
||||
return sl_se_hash_sha1_starts(hash_ctx,
|
||||
cmd_ctx,
|
||||
(sl_se_sha1_streaming_context_t*)
|
||||
hash_type_ctx);
|
||||
|
||||
case SL_SE_HASH_SHA224:
|
||||
return sl_se_hash_sha224_starts(hash_ctx,
|
||||
cmd_ctx,
|
||||
(sl_se_sha224_streaming_context_t*)
|
||||
hash_type_ctx);
|
||||
|
||||
case SL_SE_HASH_SHA256:
|
||||
return sl_se_hash_sha256_starts(hash_ctx,
|
||||
cmd_ctx,
|
||||
(sl_se_sha256_streaming_context_t*)
|
||||
hash_type_ctx);
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
case SL_SE_HASH_SHA384:
|
||||
return sl_se_hash_sha384_starts(hash_ctx,
|
||||
cmd_ctx,
|
||||
(sl_se_sha384_streaming_context_t*)
|
||||
hash_type_ctx);
|
||||
|
||||
case SL_SE_HASH_SHA512:
|
||||
return sl_se_hash_sha512_starts(hash_ctx,
|
||||
cmd_ctx,
|
||||
(sl_se_sha512_streaming_context_t*)
|
||||
hash_type_ctx);
|
||||
#endif
|
||||
|
||||
default:
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* Feeds an input block into an ongoing hash computation.
|
||||
******************************************************************************/
|
||||
|
|
@ -449,55 +254,42 @@ static sl_status_t se_cmd_hash_multipart_update(void *hash_type_ctx,
|
|||
uint32_t num_blocks)
|
||||
{
|
||||
SE_Command_t *se_cmd = &cmd_ctx->command;
|
||||
uint32_t command_word;
|
||||
unsigned int ilen, state_len;
|
||||
uint8_t *state;
|
||||
uint32_t command_word = SLI_SE_COMMAND_HASHUPDATE;
|
||||
size_t state_len, blocksize;
|
||||
|
||||
switch (((sl_se_sha1_multipart_context_t*)hash_type_ctx)->hash_type) {
|
||||
case SL_SE_HASH_SHA1:
|
||||
command_word = SE_COMMAND_HASHUPDATE | SE_COMMAND_OPTION_HASH_SHA1;
|
||||
// SHA1 block size is 64 bytes
|
||||
ilen = 64 * num_blocks;
|
||||
// SHA1 state size is 20 bytes
|
||||
state_len = 20;
|
||||
state = ((sl_se_sha1_multipart_context_t*)hash_type_ctx)->state;
|
||||
command_word |= SLI_SE_COMMAND_OPTION_HASH_SHA1;
|
||||
state_len = 20;
|
||||
blocksize = 64;
|
||||
break;
|
||||
|
||||
case SL_SE_HASH_SHA224:
|
||||
command_word = SE_COMMAND_HASHUPDATE | SE_COMMAND_OPTION_HASH_SHA224;
|
||||
// SHA224 block size is 64 bytes
|
||||
ilen = 64 * num_blocks;
|
||||
// SHA224 state size is 32 bytes
|
||||
state_len = 32;
|
||||
state = ((sl_se_sha224_multipart_context_t*)hash_type_ctx)->state;
|
||||
break;
|
||||
|
||||
case SL_SE_HASH_SHA256:
|
||||
command_word = SE_COMMAND_HASHUPDATE | SE_COMMAND_OPTION_HASH_SHA256;
|
||||
// SHA256 block size is 64 bytes
|
||||
ilen = 64 * num_blocks;
|
||||
// SHA256 state size is 32 bytes
|
||||
command_word |= SLI_SE_COMMAND_OPTION_HASH_SHA224;
|
||||
state_len = 32;
|
||||
blocksize = 64;
|
||||
break;
|
||||
case SL_SE_HASH_SHA256:
|
||||
state = ((sl_se_sha256_multipart_context_t*)hash_type_ctx)->state;
|
||||
command_word |= SLI_SE_COMMAND_OPTION_HASH_SHA256;
|
||||
state_len = 32;
|
||||
blocksize = 64;
|
||||
break;
|
||||
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
case SL_SE_HASH_SHA384:
|
||||
command_word = SE_COMMAND_HASHUPDATE | SE_COMMAND_OPTION_HASH_SHA384;
|
||||
// SHA384 block size is 128 bytes
|
||||
ilen = 128 * num_blocks;
|
||||
// SHA384 state size is 64 bytes
|
||||
state_len = 64;
|
||||
state = ((sl_se_sha384_multipart_context_t*)hash_type_ctx)->state;
|
||||
break;
|
||||
|
||||
case SL_SE_HASH_SHA512:
|
||||
command_word = SE_COMMAND_HASHUPDATE | SE_COMMAND_OPTION_HASH_SHA512;
|
||||
// SHA512 block size is 128 bytes
|
||||
ilen = 128 * num_blocks;
|
||||
// SHA512 state size is 64 bytes
|
||||
command_word |= SLI_SE_COMMAND_OPTION_HASH_SHA384;
|
||||
state_len = 64;
|
||||
blocksize = 128;
|
||||
break;
|
||||
case SL_SE_HASH_SHA512:
|
||||
state = ((sl_se_sha512_multipart_context_t*)hash_type_ctx)->state;
|
||||
command_word |= SLI_SE_COMMAND_OPTION_HASH_SHA512;
|
||||
state_len = 64;
|
||||
blocksize = 128;
|
||||
break;
|
||||
#endif
|
||||
|
||||
|
|
@ -507,6 +299,7 @@ static sl_status_t se_cmd_hash_multipart_update(void *hash_type_ctx,
|
|||
|
||||
sli_se_command_init(cmd_ctx, command_word);
|
||||
|
||||
size_t ilen = blocksize * num_blocks;
|
||||
SE_addParameter(se_cmd, ilen);
|
||||
|
||||
SE_DataTransfer_t data_in = SE_DATATRANSFER_DEFAULT(input, ilen);
|
||||
|
|
@ -529,10 +322,10 @@ sl_status_t sl_se_hash_multipart_update(void *hash_type_ctx,
|
|||
const uint8_t *input,
|
||||
size_t input_len)
|
||||
{
|
||||
size_t blocksize, countersize, blocks, fill, left;
|
||||
uint32_t *counter;
|
||||
uint8_t *buffer;
|
||||
size_t blocks, fill, left, blocksize, countersize;
|
||||
sl_status_t status;
|
||||
uint8_t *buffer;
|
||||
uint32_t *counter;
|
||||
|
||||
if ( input_len == 0 ) {
|
||||
return SL_STATUS_OK;
|
||||
|
|
@ -544,39 +337,31 @@ sl_status_t sl_se_hash_multipart_update(void *hash_type_ctx,
|
|||
|
||||
switch (((sl_se_sha1_multipart_context_t*)hash_type_ctx)->hash_type) {
|
||||
case SL_SE_HASH_SHA1:
|
||||
blocksize = 64;
|
||||
countersize = 64 / 32;
|
||||
counter = ((sl_se_sha1_multipart_context_t*)hash_type_ctx)->total;
|
||||
buffer = ((sl_se_sha1_multipart_context_t*)hash_type_ctx)->buffer;
|
||||
break;
|
||||
|
||||
case SL_SE_HASH_SHA224:
|
||||
blocksize = 64;
|
||||
countersize = 64 / 32;
|
||||
break;
|
||||
case SL_SE_HASH_SHA224:
|
||||
counter = ((sl_se_sha224_multipart_context_t*)hash_type_ctx)->total;
|
||||
buffer = ((sl_se_sha224_multipart_context_t*)hash_type_ctx)->buffer;
|
||||
break;
|
||||
|
||||
case SL_SE_HASH_SHA256:
|
||||
blocksize = 64;
|
||||
countersize = 64 / 32;
|
||||
break;
|
||||
case SL_SE_HASH_SHA256:
|
||||
counter = ((sl_se_sha256_multipart_context_t*)hash_type_ctx)->total;
|
||||
buffer = ((sl_se_sha256_multipart_context_t*)hash_type_ctx)->buffer;
|
||||
blocksize = 64;
|
||||
break;
|
||||
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
case SL_SE_HASH_SHA384:
|
||||
blocksize = 128;
|
||||
countersize = 128 / 32;
|
||||
counter = ((sl_se_sha384_multipart_context_t*)hash_type_ctx)->total;
|
||||
buffer = ((sl_se_sha384_multipart_context_t*)hash_type_ctx)->buffer;
|
||||
break;
|
||||
|
||||
case SL_SE_HASH_SHA512:
|
||||
blocksize = 128;
|
||||
countersize = 128 / 32;
|
||||
break;
|
||||
case SL_SE_HASH_SHA512:
|
||||
counter = ((sl_se_sha512_multipart_context_t*)hash_type_ctx)->total;
|
||||
buffer = ((sl_se_sha512_multipart_context_t*)hash_type_ctx)->buffer;
|
||||
blocksize = 128;
|
||||
break;
|
||||
#endif
|
||||
|
||||
|
|
@ -584,6 +369,7 @@ sl_status_t sl_se_hash_multipart_update(void *hash_type_ctx,
|
|||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
countersize = blocksize / 32;
|
||||
left = (counter[0] & (blocksize - 1));
|
||||
fill = blocksize - left;
|
||||
|
||||
|
|
@ -603,6 +389,16 @@ sl_status_t sl_se_hash_multipart_update(void *hash_type_ctx,
|
|||
#endif
|
||||
}
|
||||
|
||||
// We only support hashing up to 4 GB data
|
||||
// so if anything but counter[0] is set, return NOT_SUPPORTED
|
||||
#if defined(SLI_SE_MAJOR_VERSION_TWO)
|
||||
for (size_t i = 1; i < countersize; i++) {
|
||||
if (counter[i] != 0) {
|
||||
return SL_STATUS_NOT_SUPPORTED;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if ( (left > 0) && (input_len >= fill) ) {
|
||||
memcpy( (void *) (buffer + left), input, fill);
|
||||
status = se_cmd_hash_multipart_update(hash_type_ctx, cmd_ctx, buffer, 1);
|
||||
|
|
@ -630,113 +426,6 @@ sl_status_t sl_se_hash_multipart_update(void *hash_type_ctx,
|
|||
|
||||
return SL_STATUS_OK;
|
||||
}
|
||||
/***************************************************************************//**
|
||||
* Feeds an input buffer into an ongoing hash computation. Deprecated.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_hash_update(sl_se_hash_streaming_context_t *hash_ctx,
|
||||
const uint8_t *input,
|
||||
size_t input_len)
|
||||
|
||||
{
|
||||
if (hash_ctx == NULL) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
switch (hash_ctx->hash_type) {
|
||||
case SL_SE_HASH_SHA1:
|
||||
{
|
||||
sl_se_sha1_multipart_context_t hash_type_ctx_multi;
|
||||
|
||||
memcpy(hash_type_ctx_multi.total, ((sl_se_sha1_streaming_context_t*)hash_ctx->hash_type_ctx)->total, sizeof(hash_type_ctx_multi.total));
|
||||
memcpy(hash_type_ctx_multi.state, ((sl_se_sha1_streaming_context_t*)hash_ctx->hash_type_ctx)->state, sizeof(hash_type_ctx_multi.state));
|
||||
memcpy(hash_type_ctx_multi.buffer, ((sl_se_sha1_streaming_context_t*)hash_ctx->hash_type_ctx)->buffer, sizeof(hash_type_ctx_multi.buffer));
|
||||
hash_type_ctx_multi.hash_type = SL_SE_HASH_SHA1;
|
||||
sl_status_t status = sl_se_hash_multipart_update((void*)&hash_type_ctx_multi, hash_ctx->cmd_ctx, input, input_len);
|
||||
if (status != SL_STATUS_OK) {
|
||||
return status;
|
||||
}
|
||||
memcpy(((sl_se_sha1_streaming_context_t*)hash_ctx->hash_type_ctx)->total, hash_type_ctx_multi.total, sizeof(hash_type_ctx_multi.total));
|
||||
memcpy(((sl_se_sha1_streaming_context_t*)hash_ctx->hash_type_ctx)->buffer, hash_type_ctx_multi.buffer, sizeof(hash_type_ctx_multi.buffer));
|
||||
memcpy(((sl_se_sha1_streaming_context_t*)hash_ctx->hash_type_ctx)->state, hash_type_ctx_multi.state, sizeof(hash_type_ctx_multi.state));
|
||||
break;
|
||||
}
|
||||
case SL_SE_HASH_SHA224:
|
||||
{
|
||||
sl_se_sha224_multipart_context_t hash_type_ctx_multi;
|
||||
memcpy(hash_type_ctx_multi.total, ((sl_se_sha224_streaming_context_t*)hash_ctx->hash_type_ctx)->total, sizeof(hash_type_ctx_multi.total));
|
||||
memcpy(hash_type_ctx_multi.state, ((sl_se_sha224_streaming_context_t*)hash_ctx->hash_type_ctx)->state, sizeof(hash_type_ctx_multi.state));
|
||||
memcpy(hash_type_ctx_multi.buffer, ((sl_se_sha224_streaming_context_t*)hash_ctx->hash_type_ctx)->buffer, sizeof(hash_type_ctx_multi.buffer));
|
||||
hash_type_ctx_multi.hash_type = SL_SE_HASH_SHA224;
|
||||
sl_status_t status = sl_se_hash_multipart_update((void*)&hash_type_ctx_multi, hash_ctx->cmd_ctx, input, input_len);
|
||||
if (status != SL_STATUS_OK) {
|
||||
return status;
|
||||
}
|
||||
memcpy(((sl_se_sha224_streaming_context_t*)hash_ctx->hash_type_ctx)->total, hash_type_ctx_multi.total, sizeof(hash_type_ctx_multi.total));
|
||||
memcpy(((sl_se_sha224_streaming_context_t*)hash_ctx->hash_type_ctx)->buffer, hash_type_ctx_multi.buffer, sizeof(hash_type_ctx_multi.buffer));
|
||||
memcpy(((sl_se_sha224_streaming_context_t*)hash_ctx->hash_type_ctx)->state, hash_type_ctx_multi.state, sizeof(hash_type_ctx_multi.state));
|
||||
|
||||
break;
|
||||
}
|
||||
case SL_SE_HASH_SHA256:
|
||||
{
|
||||
sl_se_sha256_multipart_context_t hash_type_ctx_multi;
|
||||
|
||||
memcpy(hash_type_ctx_multi.total, ((sl_se_sha256_streaming_context_t*)hash_ctx->hash_type_ctx)->total, sizeof(hash_type_ctx_multi.total));
|
||||
memcpy(hash_type_ctx_multi.state, ((sl_se_sha256_streaming_context_t*)hash_ctx->hash_type_ctx)->state, sizeof(hash_type_ctx_multi.state));
|
||||
memcpy(hash_type_ctx_multi.buffer, ((sl_se_sha256_streaming_context_t*)hash_ctx->hash_type_ctx)->buffer, sizeof(hash_type_ctx_multi.buffer));
|
||||
hash_type_ctx_multi.hash_type = SL_SE_HASH_SHA256;
|
||||
sl_status_t status = sl_se_hash_multipart_update((void*)&hash_type_ctx_multi, hash_ctx->cmd_ctx, input, input_len);
|
||||
if (status != SL_STATUS_OK) {
|
||||
return status;
|
||||
}
|
||||
memcpy(((sl_se_sha256_streaming_context_t*)hash_ctx->hash_type_ctx)->total, hash_type_ctx_multi.total, sizeof(hash_type_ctx_multi.total));
|
||||
memcpy(((sl_se_sha256_streaming_context_t*)hash_ctx->hash_type_ctx)->buffer, hash_type_ctx_multi.buffer, sizeof(hash_type_ctx_multi.buffer));
|
||||
memcpy(((sl_se_sha256_streaming_context_t*)hash_ctx->hash_type_ctx)->state, hash_type_ctx_multi.state, sizeof(hash_type_ctx_multi.state));
|
||||
break;
|
||||
}
|
||||
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
case SL_SE_HASH_SHA384:
|
||||
{
|
||||
sl_se_sha384_multipart_context_t hash_type_ctx_multi;
|
||||
|
||||
memcpy(hash_type_ctx_multi.total, ((sl_se_sha384_streaming_context_t*)hash_ctx->hash_type_ctx)->total, sizeof(hash_type_ctx_multi.total));
|
||||
memcpy(hash_type_ctx_multi.state, ((sl_se_sha384_streaming_context_t*)hash_ctx->hash_type_ctx)->state, sizeof(hash_type_ctx_multi.state));
|
||||
memcpy(hash_type_ctx_multi.buffer, ((sl_se_sha384_streaming_context_t*)hash_ctx->hash_type_ctx)->buffer, sizeof(hash_type_ctx_multi.buffer));
|
||||
hash_type_ctx_multi.hash_type = SL_SE_HASH_SHA384;
|
||||
sl_status_t status = sl_se_hash_multipart_update((void*)&hash_type_ctx_multi, hash_ctx->cmd_ctx, input, input_len);
|
||||
if (status != SL_STATUS_OK) {
|
||||
return status;
|
||||
}
|
||||
memcpy(((sl_se_sha384_streaming_context_t*)hash_ctx->hash_type_ctx)->total, hash_type_ctx_multi.total, sizeof(hash_type_ctx_multi.total));
|
||||
memcpy(((sl_se_sha384_streaming_context_t*)hash_ctx->hash_type_ctx)->buffer, hash_type_ctx_multi.buffer, sizeof(hash_type_ctx_multi.buffer));
|
||||
memcpy(((sl_se_sha384_streaming_context_t*)hash_ctx->hash_type_ctx)->state, hash_type_ctx_multi.state, sizeof(hash_type_ctx_multi.state));
|
||||
break;
|
||||
}
|
||||
case SL_SE_HASH_SHA512:
|
||||
{
|
||||
sl_se_sha512_multipart_context_t hash_type_ctx_multi;
|
||||
|
||||
memcpy(hash_type_ctx_multi.total, ((sl_se_sha512_streaming_context_t*)hash_ctx->hash_type_ctx)->total, sizeof(hash_type_ctx_multi.total));
|
||||
memcpy(hash_type_ctx_multi.state, ((sl_se_sha512_streaming_context_t*)hash_ctx->hash_type_ctx)->state, sizeof(hash_type_ctx_multi.state));
|
||||
memcpy(hash_type_ctx_multi.buffer, ((sl_se_sha512_streaming_context_t*)hash_ctx->hash_type_ctx)->buffer, sizeof(hash_type_ctx_multi.buffer));
|
||||
hash_type_ctx_multi.hash_type = SL_SE_HASH_SHA512;
|
||||
sl_status_t status = sl_se_hash_multipart_update((void*)&hash_type_ctx_multi, hash_ctx->cmd_ctx, input, input_len);
|
||||
if (status != SL_STATUS_OK) {
|
||||
return status;
|
||||
}
|
||||
memcpy(((sl_se_sha512_streaming_context_t*)hash_ctx->hash_type_ctx)->total, hash_type_ctx_multi.total, sizeof(hash_type_ctx_multi.total));
|
||||
memcpy(((sl_se_sha512_streaming_context_t*)hash_ctx->hash_type_ctx)->buffer, hash_type_ctx_multi.buffer, sizeof(hash_type_ctx_multi.buffer));
|
||||
memcpy(((sl_se_sha512_streaming_context_t*)hash_ctx->hash_type_ctx)->state, hash_type_ctx_multi.state, sizeof(hash_type_ctx_multi.state));
|
||||
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
default:
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
return SL_STATUS_OK;
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* Finish an ongoing hash streaming computation.
|
||||
|
|
@ -746,10 +435,17 @@ sl_status_t sl_se_hash_multipart_finish(void *hash_type_ctx,
|
|||
uint8_t *digest_out,
|
||||
size_t digest_len)
|
||||
{
|
||||
size_t last_data_byte, num_pad_bytes, blocksize, countersize, outputsize;
|
||||
uint8_t msglen[16];
|
||||
uint32_t *counter;
|
||||
sl_status_t status;
|
||||
size_t countersize, blocksize, outputsize;
|
||||
uint8_t *state;
|
||||
uint32_t *counter;
|
||||
#if defined(SLI_SE_MAJOR_VERSION_TWO)
|
||||
uint32_t command_word = SLI_SE_COMMAND_HASHFINISH;
|
||||
uint8_t *buffer;
|
||||
size_t state_len;
|
||||
#else
|
||||
size_t last_data_byte, num_pad_bytes;
|
||||
uint8_t msglen[16];
|
||||
// Define padding as largest padding we might need
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
static const unsigned char sha_padding[128] = {
|
||||
|
|
@ -770,51 +466,68 @@ sl_status_t sl_se_hash_multipart_finish(void *hash_type_ctx,
|
|||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
|
||||
};
|
||||
#endif
|
||||
|
||||
#endif
|
||||
if (hash_type_ctx == NULL || cmd_ctx == NULL || digest_out == NULL) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
switch (((sl_se_sha1_multipart_context_t*)hash_type_ctx)->hash_type) {
|
||||
case SL_SE_HASH_SHA1:
|
||||
blocksize = 64;
|
||||
outputsize = 20;
|
||||
countersize = 64 / 32;
|
||||
counter = ((sl_se_sha1_multipart_context_t*)hash_type_ctx)->total;
|
||||
state = ((sl_se_sha1_multipart_context_t*)hash_type_ctx)->state;
|
||||
counter = ((sl_se_sha1_multipart_context_t*)hash_type_ctx)->total;
|
||||
outputsize = 20;
|
||||
blocksize = 64;
|
||||
#if defined(SLI_SE_MAJOR_VERSION_TWO)
|
||||
state_len = 20;
|
||||
command_word |= SLI_SE_COMMAND_OPTION_HASH_SHA1;
|
||||
buffer = ((sl_se_sha1_multipart_context_t*)hash_type_ctx)->buffer;
|
||||
#endif
|
||||
break;
|
||||
|
||||
case SL_SE_HASH_SHA224:
|
||||
blocksize = 64;
|
||||
outputsize = 28;
|
||||
countersize = 64 / 32;
|
||||
counter = ((sl_se_sha224_multipart_context_t*)hash_type_ctx)->total;
|
||||
state = ((sl_se_sha224_multipart_context_t*)hash_type_ctx)->state;
|
||||
break;
|
||||
|
||||
case SL_SE_HASH_SHA256:
|
||||
counter = ((sl_se_sha224_multipart_context_t*)hash_type_ctx)->total;
|
||||
outputsize = 28;
|
||||
blocksize = 64;
|
||||
outputsize = 32;
|
||||
countersize = 64 / 32;
|
||||
counter = ((sl_se_sha256_multipart_context_t*)hash_type_ctx)->total;
|
||||
#if defined(SLI_SE_MAJOR_VERSION_TWO)
|
||||
state_len = 32;
|
||||
command_word |= SLI_SE_COMMAND_OPTION_HASH_SHA224;
|
||||
buffer = ((sl_se_sha224_multipart_context_t*)hash_type_ctx)->buffer;
|
||||
#endif
|
||||
break;
|
||||
case SL_SE_HASH_SHA256:
|
||||
state = ((sl_se_sha256_multipart_context_t*)hash_type_ctx)->state;
|
||||
counter = ((sl_se_sha256_multipart_context_t*)hash_type_ctx)->total;
|
||||
outputsize = 32;
|
||||
blocksize = 64;
|
||||
#if defined(SLI_SE_MAJOR_VERSION_TWO)
|
||||
state_len = 32;
|
||||
command_word |= SLI_SE_COMMAND_OPTION_HASH_SHA256;
|
||||
buffer = ((sl_se_sha256_multipart_context_t*)hash_type_ctx)->buffer;
|
||||
#endif
|
||||
break;
|
||||
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
case SL_SE_HASH_SHA384:
|
||||
blocksize = 128;
|
||||
outputsize = 48;
|
||||
countersize = 128 / 32;
|
||||
counter = ((sl_se_sha384_multipart_context_t*)hash_type_ctx)->total;
|
||||
state = ((sl_se_sha384_multipart_context_t*)hash_type_ctx)->state;
|
||||
break;
|
||||
|
||||
case SL_SE_HASH_SHA512:
|
||||
counter = ((sl_se_sha384_multipart_context_t*)hash_type_ctx)->total;
|
||||
outputsize = 48;
|
||||
blocksize = 128;
|
||||
outputsize = 64;
|
||||
countersize = 128 / 32;
|
||||
counter = ((sl_se_sha512_multipart_context_t*)hash_type_ctx)->total;
|
||||
#if defined(SLI_SE_MAJOR_VERSION_TWO)
|
||||
state_len = 64;
|
||||
command_word |= SLI_SE_COMMAND_OPTION_HASH_SHA384;
|
||||
buffer = ((sl_se_sha384_multipart_context_t*)hash_type_ctx)->buffer;
|
||||
#endif
|
||||
break;
|
||||
case SL_SE_HASH_SHA512:
|
||||
state = ((sl_se_sha512_multipart_context_t*)hash_type_ctx)->state;
|
||||
counter = ((sl_se_sha512_multipart_context_t*)hash_type_ctx)->total;
|
||||
outputsize = 64;
|
||||
blocksize = 128;
|
||||
#if defined(SLI_SE_MAJOR_VERSION_TWO)
|
||||
state_len = 64;
|
||||
command_word |= SLI_SE_COMMAND_OPTION_HASH_SHA512;
|
||||
buffer = ((sl_se_sha512_multipart_context_t*)hash_type_ctx)->buffer;
|
||||
#endif
|
||||
break;
|
||||
#endif
|
||||
|
||||
|
|
@ -826,6 +539,38 @@ sl_status_t sl_se_hash_multipart_finish(void *hash_type_ctx,
|
|||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
countersize = blocksize / 32;
|
||||
#if defined(SLI_SE_MAJOR_VERSION_TWO)
|
||||
|
||||
// We only support hashing up to 4 GB data
|
||||
// so if anything but counter[0] is set, return NOT_SUPPORTED
|
||||
for (size_t i = 1; i < countersize; i++) {
|
||||
if (counter[i] != 0) {
|
||||
return SL_STATUS_NOT_SUPPORTED;
|
||||
}
|
||||
}
|
||||
// Remaining bytes in buffer
|
||||
size_t rem_bytes = (counter[0] & (blocksize - 1));
|
||||
|
||||
SE_Command_t *se_cmd = &cmd_ctx->command;
|
||||
|
||||
sli_se_command_init(cmd_ctx, command_word);
|
||||
|
||||
SE_addParameter(se_cmd, rem_bytes);
|
||||
SE_addParameter(se_cmd, counter[0]);
|
||||
|
||||
SE_DataTransfer_t in_0 = SE_DATATRANSFER_DEFAULT(state, state_len);
|
||||
SE_DataTransfer_t in_1 = SE_DATATRANSFER_DEFAULT(buffer, rem_bytes);
|
||||
SE_DataTransfer_t out = SE_DATATRANSFER_DEFAULT(digest_out, outputsize);
|
||||
|
||||
SE_addDataInput(se_cmd, &in_0);
|
||||
SE_addDataInput(se_cmd, &in_1);
|
||||
SE_addDataOutput(se_cmd, &out);
|
||||
|
||||
// Execute and wait
|
||||
status = sli_se_execute_and_wait(cmd_ctx);
|
||||
#else
|
||||
|
||||
/* Convert counter value to bits, and put in big-endian array */
|
||||
uint8_t residual = 0;
|
||||
for (size_t i = 0; i < countersize; i++) {
|
||||
|
|
@ -844,7 +589,7 @@ sl_status_t sl_se_hash_multipart_finish(void *hash_type_ctx,
|
|||
? ( (blocksize - (countersize * 4)) - last_data_byte)
|
||||
: ( ((2 * blocksize) - (countersize * 4)) - last_data_byte);
|
||||
|
||||
sl_status_t status = sl_se_hash_multipart_update(hash_type_ctx, cmd_ctx, sha_padding, num_pad_bytes);
|
||||
status = sl_se_hash_multipart_update(hash_type_ctx, cmd_ctx, sha_padding, num_pad_bytes);
|
||||
|
||||
if (status == SL_STATUS_OK) {
|
||||
status = sl_se_hash_multipart_update(hash_type_ctx, cmd_ctx, msglen, countersize * 4);
|
||||
|
|
@ -853,87 +598,10 @@ sl_status_t sl_se_hash_multipart_finish(void *hash_type_ctx,
|
|||
if (status == SL_STATUS_OK) {
|
||||
memcpy(digest_out, state, outputsize);
|
||||
}
|
||||
|
||||
#endif // SLI_SE_MAJOR_VERSION_TWO
|
||||
return status;
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* Finish an ongoing hash streaming computation. Deprecated.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_hash_finish(sl_se_hash_streaming_context_t *hash_ctx,
|
||||
uint8_t *digest_out,
|
||||
size_t digest_len)
|
||||
{
|
||||
if (hash_ctx == NULL) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
switch (hash_ctx->hash_type) {
|
||||
case SL_SE_HASH_SHA1:
|
||||
{
|
||||
sl_se_sha1_multipart_context_t hash_type_ctx_multi;
|
||||
memcpy(hash_type_ctx_multi.total, ((sl_se_sha1_streaming_context_t*)hash_ctx->hash_type_ctx)->total, sizeof(hash_type_ctx_multi.total));
|
||||
memcpy(hash_type_ctx_multi.state, ((sl_se_sha1_streaming_context_t*)hash_ctx->hash_type_ctx)->state, sizeof(hash_type_ctx_multi.state));
|
||||
memcpy(hash_type_ctx_multi.buffer, ((sl_se_sha1_streaming_context_t*)hash_ctx->hash_type_ctx)->buffer, sizeof(hash_type_ctx_multi.buffer));
|
||||
|
||||
hash_type_ctx_multi.hash_type = SL_SE_HASH_SHA1;
|
||||
return sl_se_hash_multipart_finish((void*)&hash_type_ctx_multi, hash_ctx->cmd_ctx, digest_out, digest_len);
|
||||
break;
|
||||
}
|
||||
case SL_SE_HASH_SHA224:
|
||||
{
|
||||
sl_se_sha224_multipart_context_t hash_type_ctx_multi;
|
||||
memcpy(hash_type_ctx_multi.total, ((sl_se_sha224_streaming_context_t*)hash_ctx->hash_type_ctx)->total, sizeof(hash_type_ctx_multi.total));
|
||||
memcpy(hash_type_ctx_multi.state, ((sl_se_sha224_streaming_context_t*)hash_ctx->hash_type_ctx)->state, sizeof(hash_type_ctx_multi.state));
|
||||
memcpy(hash_type_ctx_multi.buffer, ((sl_se_sha224_streaming_context_t*)hash_ctx->hash_type_ctx)->buffer, sizeof(hash_type_ctx_multi.buffer));
|
||||
hash_type_ctx_multi.hash_type = hash_ctx->hash_type;
|
||||
return sl_se_hash_multipart_finish((void*)&hash_type_ctx_multi, hash_ctx->cmd_ctx, digest_out, digest_len);
|
||||
|
||||
break;
|
||||
}
|
||||
case SL_SE_HASH_SHA256:
|
||||
{
|
||||
sl_se_sha256_multipart_context_t hash_type_ctx_multi;
|
||||
|
||||
memcpy(hash_type_ctx_multi.total, ((sl_se_sha256_streaming_context_t*)hash_ctx->hash_type_ctx)->total, sizeof(hash_type_ctx_multi.total));
|
||||
memcpy(hash_type_ctx_multi.state, ((sl_se_sha256_streaming_context_t*)hash_ctx->hash_type_ctx)->state, sizeof(hash_type_ctx_multi.state));
|
||||
memcpy(hash_type_ctx_multi.buffer, ((sl_se_sha256_streaming_context_t*)hash_ctx->hash_type_ctx)->buffer, sizeof(hash_type_ctx_multi.buffer));
|
||||
hash_type_ctx_multi.hash_type = hash_ctx->hash_type;
|
||||
return sl_se_hash_multipart_finish((void*)&hash_type_ctx_multi, hash_ctx->cmd_ctx, digest_out, digest_len);
|
||||
|
||||
break;
|
||||
}
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
case SL_SE_HASH_SHA384:
|
||||
{
|
||||
sl_se_sha384_multipart_context_t hash_type_ctx_multi;
|
||||
|
||||
memcpy(hash_type_ctx_multi.total, ((sl_se_sha384_streaming_context_t*)hash_ctx->hash_type_ctx)->total, sizeof(hash_type_ctx_multi.total));
|
||||
memcpy(hash_type_ctx_multi.state, ((sl_se_sha384_streaming_context_t*)hash_ctx->hash_type_ctx)->state, sizeof(hash_type_ctx_multi.state));
|
||||
memcpy(hash_type_ctx_multi.buffer, ((sl_se_sha384_streaming_context_t*)hash_ctx->hash_type_ctx)->buffer, sizeof(hash_type_ctx_multi.buffer));
|
||||
hash_type_ctx_multi.hash_type = hash_ctx->hash_type;
|
||||
return sl_se_hash_multipart_finish((void*)&hash_type_ctx_multi, hash_ctx->cmd_ctx, digest_out, digest_len);
|
||||
|
||||
break;
|
||||
}
|
||||
case SL_SE_HASH_SHA512:
|
||||
{
|
||||
sl_se_sha512_multipart_context_t hash_type_ctx_multi;
|
||||
|
||||
memcpy(hash_type_ctx_multi.total, ((sl_se_sha512_streaming_context_t*)hash_ctx->hash_type_ctx)->total, sizeof(hash_type_ctx_multi.total));
|
||||
memcpy(hash_type_ctx_multi.state, ((sl_se_sha512_streaming_context_t*)hash_ctx->hash_type_ctx)->state, sizeof(hash_type_ctx_multi.state));
|
||||
memcpy(hash_type_ctx_multi.buffer, ((sl_se_sha512_streaming_context_t*)hash_ctx->hash_type_ctx)->buffer, sizeof(hash_type_ctx_multi.buffer));
|
||||
hash_type_ctx_multi.hash_type = hash_ctx->hash_type;
|
||||
return sl_se_hash_multipart_finish((void*)&hash_type_ctx_multi, hash_ctx->cmd_ctx, digest_out, digest_len);
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
|
||||
default:
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* Produce a message digest (a hash block) using the input data.
|
||||
******************************************************************************/
|
||||
|
|
@ -952,30 +620,30 @@ sl_status_t sl_se_hash(sl_se_command_context_t *cmd_ctx,
|
|||
}
|
||||
|
||||
SE_Command_t *se_cmd = &cmd_ctx->command;
|
||||
uint32_t command_word = SE_COMMAND_HASH;
|
||||
uint32_t command_word = SLI_SE_COMMAND_HASH;
|
||||
uint32_t digest_size = 0;
|
||||
|
||||
switch (hash_type) {
|
||||
case SL_SE_HASH_SHA1:
|
||||
command_word |= SE_COMMAND_OPTION_HASH_SHA1;
|
||||
command_word |= SLI_SE_COMMAND_OPTION_HASH_SHA1;
|
||||
digest_size = 20;
|
||||
break;
|
||||
case SL_SE_HASH_SHA224:
|
||||
command_word |= SE_COMMAND_OPTION_HASH_SHA224;
|
||||
command_word |= SLI_SE_COMMAND_OPTION_HASH_SHA224;
|
||||
digest_size = 28;
|
||||
break;
|
||||
case SL_SE_HASH_SHA256:
|
||||
command_word |= SE_COMMAND_OPTION_HASH_SHA256;
|
||||
command_word |= SLI_SE_COMMAND_OPTION_HASH_SHA256;
|
||||
digest_size = 32;
|
||||
break;
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
case SL_SE_HASH_SHA384:
|
||||
command_word |= SE_COMMAND_OPTION_HASH_SHA384;
|
||||
command_word |= SLI_SE_COMMAND_OPTION_HASH_SHA384;
|
||||
digest_size = 48;
|
||||
break;
|
||||
case SL_SE_HASH_SHA512:
|
||||
digest_size = 64;
|
||||
command_word |= SE_COMMAND_OPTION_HASH_SHA512;
|
||||
command_word |= SLI_SE_COMMAND_OPTION_HASH_SHA512;
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
|
|
@ -1002,4 +670,4 @@ sl_status_t sl_se_hash(sl_se_command_context_t *cmd_ctx,
|
|||
|
||||
/** @} (end addtogroup sl_se) */
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT)
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
|
|
|||
|
|
@ -27,14 +27,13 @@
|
|||
* 3. This notice may not be removed or altered from any source distribution.
|
||||
*
|
||||
******************************************************************************/
|
||||
#include "em_device.h"
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT)
|
||||
|
||||
#include "sl_se_manager.h"
|
||||
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
#include "sli_se_manager_internal.h"
|
||||
#include "em_se.h"
|
||||
#include "em_system.h"
|
||||
#include <string.h>
|
||||
|
||||
/***************************************************************************//**
|
||||
|
|
@ -46,28 +45,19 @@
|
|||
// Defines
|
||||
|
||||
#define KEYSPEC_DH_RESERVED 0x00000780U
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT)
|
||||
|
||||
// Constant from RFC 4492.
|
||||
#define SL_SE_ECP_TLS_NAMED_CURVE 3 ///< ECCurveType's named_curve
|
||||
#define SL_SE_TLSID_ECC_P256 23 ///< Named curve value for SECP256R1
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT)
|
||||
|
||||
// -----------------------------------------------------------------------------
|
||||
// Locals
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT)
|
||||
|
||||
// ECJPAKE role
|
||||
static const char * const ecjpake_id[] = {
|
||||
"client",
|
||||
"server"
|
||||
};
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT)
|
||||
|
||||
// -----------------------------------------------------------------------------
|
||||
// Global Functions
|
||||
|
||||
|
|
@ -1052,8 +1042,7 @@ sl_status_t sl_se_derive_key_pbkdf2(sl_se_command_context_t *cmd_ctx,
|
|||
| SLI_SE_COMMAND_OPTION_HASH_SHA512;
|
||||
break;
|
||||
|
||||
#if defined(_SILICON_LABS_32B_SERIES_2_CONFIG) \
|
||||
&& (_SILICON_LABS_32B_SERIES_2_CONFIG >= 3)
|
||||
#if defined(SLI_SE_COMMAND_DERIVE_KEY_PBKDF2_CMAC_AVAILABLE)
|
||||
// PBKDF2 with CMAC as the PRF was first supported on EFR32xG23.
|
||||
case SL_SE_PRF_AES_CMAC_128:
|
||||
command_word = SLI_SE_COMMAND_DERIVE_KEY_PBKDF2_CMAC;
|
||||
|
|
@ -1092,4 +1081,4 @@ sl_status_t sl_se_derive_key_pbkdf2(sl_se_command_context_t *cmd_ctx,
|
|||
|
||||
/** @} (end addtogroup sl_se) */
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT)
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
|
|
|||
|
|
@ -27,13 +27,12 @@
|
|||
* 3. This notice may not be removed or altered from any source distribution.
|
||||
*
|
||||
******************************************************************************/
|
||||
#include "em_device.h"
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT)
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "sl_se_manager.h"
|
||||
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
#include "sli_se_manager_internal.h"
|
||||
#include "sl_se_manager_key_handling.h"
|
||||
|
||||
|
|
@ -1190,4 +1189,4 @@ sl_status_t sl_se_delete_key(sl_se_command_context_t *cmd_ctx,
|
|||
|
||||
/** @} (end addtogroup sl_se_key) */
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT)
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
|
|
|||
|
|
@ -27,9 +27,10 @@
|
|||
* 3. This notice may not be removed or altered from any source distribution.
|
||||
*
|
||||
******************************************************************************/
|
||||
#include "em_device.h"
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT)
|
||||
#include "sl_se_manager.h"
|
||||
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
#include "sl_se_manager.h"
|
||||
#include "sli_se_manager_internal.h"
|
||||
|
|
@ -208,4 +209,4 @@ sl_status_t sl_se_ecc_verify(sl_se_command_context_t *cmd_ctx,
|
|||
|
||||
/** @} (end addtogroup sl_se) */
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT)
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
|
|
|||
|
|
@ -27,15 +27,18 @@
|
|||
* 3. This notice may not be removed or altered from any source distribution.
|
||||
*
|
||||
******************************************************************************/
|
||||
#include "em_device.h"
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT) || defined(CRYPTOACC_PRESENT)
|
||||
|
||||
#include "sl_se_manager_util.h"
|
||||
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED) || defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
#include "sli_se_manager_internal.h"
|
||||
#include "em_se.h"
|
||||
#include "sl_assert.h"
|
||||
#include "em_system.h"
|
||||
|
||||
#if defined(SLI_SE_MAJOR_VERSION_ONE)
|
||||
#include "em_system.h"
|
||||
#endif
|
||||
|
||||
/// @addtogroup sl_se_manager
|
||||
/// @{
|
||||
|
|
@ -59,7 +62,7 @@
|
|||
*
|
||||
* @return N/A
|
||||
******************************************************************************/
|
||||
#if defined(SEMAILBOX_PRESENT)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
static void decode_debug_status(sl_se_debug_status_t *debug_status,
|
||||
uint32_t status_word)
|
||||
{
|
||||
|
|
@ -84,7 +87,7 @@ static void decode_debug_status(sl_se_debug_status_t *debug_status,
|
|||
debug_status->options_config.secure_non_invasive_debug =
|
||||
(status_word & (1 << 13)) == 0;
|
||||
}
|
||||
#elif defined(CRYPTOACC_PRESENT)
|
||||
#elif defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
static void decode_debug_status(sl_se_debug_status_t *debug_status,
|
||||
uint32_t status_word)
|
||||
{
|
||||
|
|
@ -93,7 +96,7 @@ static void decode_debug_status(sl_se_debug_status_t *debug_status,
|
|||
debug_status->secure_debug_enabled = status_word & (1 << 12);
|
||||
debug_status->debug_port_lock_state = status_word & (1 << 15);
|
||||
}
|
||||
#endif // defined(SEMAILBOX_PRESENT)
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
// -----------------------------------------------------------------------------
|
||||
// Global Functions
|
||||
|
|
@ -251,7 +254,7 @@ sl_status_t sl_se_init_otp_key(sl_se_command_context_t *cmd_ctx,
|
|||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
if (key_type == SL_SE_KEY_TYPE_IMMUTABLE_AES_128) {
|
||||
if (num_bytes != 16UL) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
|
|
@ -261,7 +264,7 @@ sl_status_t sl_se_init_otp_key(sl_se_command_context_t *cmd_ctx,
|
|||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
}
|
||||
#elif defined(CRYPTOACC_PRESENT)
|
||||
#elif defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
if (num_bytes != 64UL) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
|
@ -280,11 +283,11 @@ sl_status_t sl_se_init_otp_key(sl_se_command_context_t *cmd_ctx,
|
|||
se_key_type = SLI_SE_KEY_TYPE_AUTH;
|
||||
break;
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
case SL_SE_KEY_TYPE_IMMUTABLE_AES_128:
|
||||
se_key_type = SLI_SE_IMMUTABLE_KEY_TYPE_AES_128;
|
||||
break;
|
||||
#endif // SEMAILBOX_PRESENT
|
||||
#endif // SLI_MAILBOX_COMMAND_SUPPORTED
|
||||
|
||||
default:
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
|
|
@ -298,10 +301,10 @@ sl_status_t sl_se_init_otp_key(sl_se_command_context_t *cmd_ctx,
|
|||
}
|
||||
|
||||
// SE command structures
|
||||
#if defined(SEMAILBOX_PRESENT)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
command_word = key_type == SL_SE_KEY_TYPE_IMMUTABLE_AES_128
|
||||
? SLI_SE_COMMAND_INIT_AES_128_KEY : SLI_SE_COMMAND_INIT_PUBKEY;
|
||||
#elif defined(CRYPTOACC_PRESENT)
|
||||
#elif defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
command_word = SLI_SE_COMMAND_INIT_PUBKEY;
|
||||
#endif
|
||||
|
||||
|
|
@ -339,7 +342,7 @@ sl_status_t sl_se_read_pubkey(sl_se_command_context_t *cmd_ctx,
|
|||
case SL_SE_KEY_TYPE_IMMUTABLE_AUTH:
|
||||
se_key_type = SLI_SE_KEY_TYPE_AUTH;
|
||||
break;
|
||||
#if defined(SEMAILBOX_PRESENT) && (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED) && (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
case SL_SE_KEY_TYPE_IMMUTABLE_SE_ATTESTATION:
|
||||
command_word = command_word & ~0x1;
|
||||
// Intentional fallthrough
|
||||
|
|
@ -372,7 +375,7 @@ sl_status_t sl_se_get_se_version(sl_se_command_context_t *cmd_ctx,
|
|||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
// SE command structures
|
||||
SE_Command_t *se_cmd = &cmd_ctx->command;
|
||||
|
|
@ -383,7 +386,7 @@ sl_status_t sl_se_get_se_version(sl_se_command_context_t *cmd_ctx,
|
|||
|
||||
return sli_se_execute_and_wait(cmd_ctx);
|
||||
|
||||
#elif defined(CRYPTOACC_PRESENT)
|
||||
#elif defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
sl_status_t status = SL_STATUS_OK;
|
||||
SE_Response_t command_response;
|
||||
|
|
@ -435,7 +438,7 @@ sl_status_t sl_se_get_debug_lock_status(sl_se_command_context_t *cmd_ctx,
|
|||
if (cmd_ctx == NULL || debug_status == NULL) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
#if defined(SEMAILBOX_PRESENT)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
SE_Command_t *se_cmd = &cmd_ctx->command;
|
||||
volatile uint32_t status_word = 0;
|
||||
SE_DataTransfer_t out_data = SE_DATATRANSFER_DEFAULT(&status_word, 4);
|
||||
|
|
@ -451,7 +454,7 @@ sl_status_t sl_se_get_debug_lock_status(sl_se_command_context_t *cmd_ctx,
|
|||
}
|
||||
|
||||
return ret;
|
||||
#elif defined(CRYPTOACC_PRESENT)
|
||||
#elif defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
uint32_t vse_version = 0;
|
||||
uint32_t debug_lock_flags = 0;
|
||||
|
||||
|
|
@ -486,7 +489,7 @@ sl_status_t sl_se_get_debug_lock_status(sl_se_command_context_t *cmd_ctx,
|
|||
#endif
|
||||
}
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
/***************************************************************************//**
|
||||
* Initialize SE OTP configuration.
|
||||
|
|
@ -520,7 +523,7 @@ sl_status_t sl_se_init_otp(sl_se_command_context_t *cmd_ctx,
|
|||
}
|
||||
if (otp_init->enable_anti_rollback) {
|
||||
// Verify firmware compatibility before enabling anti-rollback
|
||||
#if defined(_SILICON_LABS_32B_SERIES_2_CONFIG_1)
|
||||
#if defined(SLI_SE_MAJOR_VERSION_ONE)
|
||||
uint16_t part_number = SYSTEM_GetPartNumber();
|
||||
if (part_number == 1010 || part_number == 1020) {
|
||||
if (SYSTEM_GetProdRev() < 16) {
|
||||
|
|
@ -587,6 +590,12 @@ sl_status_t sl_se_init_otp(sl_se_command_context_t *cmd_ctx,
|
|||
otp_tamper_settings.period = otp_init->tamper_filter_period & 0x1f;
|
||||
otp_tamper_settings.threshold = otp_init->tamper_filter_threshold & 0x7;
|
||||
|
||||
#if !defined(SLI_SE_TAMPER_FLAG_KEEP_TAMPER_ALIVE_AVAILABLE)
|
||||
if ((otp_init->tamper_flags & SL_SE_TAMPER_FLAG_KEEP_TAMPER_ALIVE_DURING_SLEEP)
|
||||
== SL_SE_TAMPER_FLAG_KEEP_TAMPER_ALIVE_DURING_SLEEP) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
#endif
|
||||
otp_tamper_settings.flags = otp_init->tamper_flags;
|
||||
otp_tamper_settings.reset_threshold = otp_init->tamper_reset_threshold;
|
||||
#else
|
||||
|
|
@ -707,7 +716,7 @@ sl_status_t sl_se_read_otp(sl_se_command_context_t *cmd_ctx,
|
|||
return SL_STATUS_OK;
|
||||
}
|
||||
|
||||
#elif defined(CRYPTOACC_PRESENT)
|
||||
#elif defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
sl_status_t sl_se_init_otp(sl_se_command_context_t *cmd_ctx,
|
||||
sl_se_otp_init_t *otp_init)
|
||||
|
|
@ -758,6 +767,34 @@ sl_status_t sl_se_init_otp(sl_se_command_context_t *cmd_ctx,
|
|||
return SL_STATUS_FAIL; // Should never get to this point
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* Read the OTP firmware version of the SE module.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_get_otp_version(sl_se_command_context_t *cmd_ctx,
|
||||
uint32_t *version)
|
||||
{
|
||||
if (cmd_ctx == NULL || version == NULL) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
// Try to acquire SE lock
|
||||
sl_status_t lock_status = sli_se_lock_acquire();
|
||||
if (lock_status != SL_STATUS_OK) {
|
||||
return lock_status;
|
||||
}
|
||||
|
||||
SE_Response_t otp_status = SE_getOTPVersion(version);
|
||||
|
||||
// Release SE lock
|
||||
sli_se_lock_release();
|
||||
|
||||
if (otp_status == SE_RESPONSE_OK) {
|
||||
return SL_STATUS_OK;
|
||||
}
|
||||
|
||||
return SL_STATUS_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
sl_status_t sl_se_read_otp(sl_se_command_context_t *cmd_ctx,
|
||||
sl_se_otp_init_t *otp_settings)
|
||||
{
|
||||
|
|
@ -803,7 +840,7 @@ sl_status_t sl_se_read_otp(sl_se_command_context_t *cmd_ctx,
|
|||
}
|
||||
#endif
|
||||
|
||||
#if defined(SEMAILBOX_PRESENT)
|
||||
#if defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
/***************************************************************************//**
|
||||
* Writes data to User Data section in MTP. Write data must be aligned to
|
||||
|
|
@ -892,6 +929,14 @@ sl_status_t sl_se_get_status(sl_se_command_context_t *cmd_ctx,
|
|||
// Decode secure boot mode
|
||||
status->secure_boot_enabled =
|
||||
((output[8] & 0x1U) && ((output[8] & ~0x1U) == 0));
|
||||
|
||||
#if (_SILICON_LABS_32B_SERIES_2_CONFIG < 3)
|
||||
uint32_t active_mode_shift = 16;
|
||||
#else
|
||||
uint32_t active_mode_shift = 8;
|
||||
#endif
|
||||
status->active_mode_enabled =
|
||||
(status->boot_status >> active_mode_shift) & 0x1;
|
||||
}
|
||||
|
||||
return ret;
|
||||
|
|
@ -937,13 +982,13 @@ sl_status_t sl_se_get_otp_version(sl_se_command_context_t *cmd_ctx,
|
|||
return sli_se_execute_and_wait(cmd_ctx);
|
||||
}
|
||||
|
||||
#if defined(_SILICON_LABS_32B_SERIES_2_CONFIG_1)
|
||||
#if defined(SLI_SE_COMMAND_STATUS_READ_RSTCAUSE_AVAILABLE)
|
||||
/***************************************************************************//**
|
||||
* Read the EMU->RSTCAUSE after a tamper reset. This function should be called
|
||||
* if EMU->RSTCAUSE has been cleared upon boot.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_get_reset_cause(sl_se_command_context_t *cmd_ctx,
|
||||
uint32_t* reset_cause)
|
||||
uint32_t *reset_cause)
|
||||
{
|
||||
if (cmd_ctx == NULL || reset_cause == NULL) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
|
|
@ -957,7 +1002,52 @@ sl_status_t sl_se_get_reset_cause(sl_se_command_context_t *cmd_ctx,
|
|||
SE_addDataOutput(se_cmd, &out_data);
|
||||
return sli_se_execute_and_wait(cmd_ctx);
|
||||
}
|
||||
#endif // _SILICON_LABS_32B_SERIES_2_CONFIG_1
|
||||
#endif // SLI_SE_COMMAND_STATUS_READ_RSTCAUSE_AVAILABLE
|
||||
|
||||
#if defined(SLI_SE_COMMAND_READ_TAMPER_RESET_CAUSE_AVAILABLE)
|
||||
/***************************************************************************//**
|
||||
* Read the cached value of the EMU->TAMPERRSTCAUSE register after a tamper
|
||||
* reset. This function should be called if EMU->TAMPERRSTCAUSE has been cleared
|
||||
* upon boot.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_get_tamper_reset_cause(sl_se_command_context_t *cmd_ctx,
|
||||
bool *was_tamper_reset,
|
||||
uint32_t *reset_cause)
|
||||
{
|
||||
if (cmd_ctx == NULL || reset_cause == NULL || was_tamper_reset == NULL) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
// Use a local cache to convert from bitfield to integer
|
||||
uint32_t tamper_cause_ret = 0;
|
||||
|
||||
// SE command structures
|
||||
SE_Command_t *se_cmd = &cmd_ctx->command;
|
||||
sli_se_command_init(cmd_ctx, SLI_SE_COMMAND_READ_TAMPER_RESET_CAUSE);
|
||||
SE_DataTransfer_t out_data =
|
||||
SE_DATATRANSFER_DEFAULT(&tamper_cause_ret, sizeof(uint32_t));
|
||||
SE_addDataOutput(se_cmd, &out_data);
|
||||
sl_status_t status = sli_se_execute_and_wait(cmd_ctx);
|
||||
if (status != SL_STATUS_OK) {
|
||||
return status;
|
||||
}
|
||||
|
||||
// Update indication if the reset was because of a tamper event or not.
|
||||
*was_tamper_reset = tamper_cause_ret > 0 ? true : false;
|
||||
|
||||
// If there is a tamper cause the returned value(tamper_cause_ret) has a
|
||||
// single bit set at the position of the tamper cause.
|
||||
// Find the position of the set bit and return it.
|
||||
uint32_t set_bit_position = 0;
|
||||
while (tamper_cause_ret > 1) {
|
||||
tamper_cause_ret >>= 1;
|
||||
set_bit_position++;
|
||||
}
|
||||
|
||||
*reset_cause = set_bit_position;
|
||||
return status;
|
||||
}
|
||||
#endif // SLI_SE_COMMAND_READ_TAMPER_RESET_CAUSE_AVAILABLE
|
||||
|
||||
/***************************************************************************//**
|
||||
* Enables the secure debug functionality.
|
||||
|
|
@ -1195,10 +1285,10 @@ sl_status_t sl_se_read_cert(sl_se_command_context_t *cmd_ctx,
|
|||
// SE command structures
|
||||
sli_se_command_init(cmd_ctx, SLI_SE_COMMAND_READ_USER_CERT | se_cert_type);
|
||||
|
||||
#if _SILICON_LABS_32B_SERIES_2_CONFIG > 2
|
||||
#if SLI_MINIMUM_REQUIRED_NUMBER_PARAMS == 1
|
||||
// One parameter is required, but has no effect
|
||||
SE_addParameter(se_cmd, 0);
|
||||
#endif //
|
||||
#endif
|
||||
|
||||
SE_DataTransfer_t out_data = SE_DATATRANSFER_DEFAULT(cert, num_bytes);
|
||||
SE_addDataOutput(se_cmd, &out_data);
|
||||
|
|
@ -1206,8 +1296,36 @@ sl_status_t sl_se_read_cert(sl_se_command_context_t *cmd_ctx,
|
|||
return sli_se_execute_and_wait(cmd_ctx);
|
||||
}
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT)
|
||||
/***************************************************************************//**
|
||||
* Enter active mode.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_enter_active_mode(sl_se_command_context_t *cmd_ctx)
|
||||
{
|
||||
if (cmd_ctx == NULL) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
sli_se_command_init(cmd_ctx, SLI_SE_COMMAND_ENTER_ACTIVE_MODE);
|
||||
|
||||
return sli_se_execute_and_wait(cmd_ctx);
|
||||
}
|
||||
|
||||
/***************************************************************************//**
|
||||
* Exit active mode.
|
||||
******************************************************************************/
|
||||
sl_status_t sl_se_exit_active_mode(sl_se_command_context_t *cmd_ctx)
|
||||
{
|
||||
if (cmd_ctx == NULL) {
|
||||
return SL_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
sli_se_command_init(cmd_ctx, SLI_SE_COMMAND_EXIT_ACTIVE_MODE);
|
||||
|
||||
return sli_se_execute_and_wait(cmd_ctx);
|
||||
}
|
||||
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
||||
/// @} (end addtogroup sl_se)
|
||||
|
||||
#endif // defined(SEMAILBOX_PRESENT) || defined(CRYPTOACC_PRESENT)
|
||||
#endif // defined(SLI_MAILBOX_COMMAND_SUPPORTED) || defined(SLI_VSE_MAILBOX_COMMAND_SUPPORTED)
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if defined(SL_SE_MANAGER_THREADING) || defined(DOXYGEN)
|
||||
#if defined(SL_SE_MANAGER_THREADING)
|
||||
|
||||
/***************************************************************************//**
|
||||
* @brief Initialize a given mutex
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@
|
|||
#ifndef SE_MANAGER_OSAL_BAREMETAL_H
|
||||
#define SE_MANAGER_OSAL_BAREMETAL_H
|
||||
|
||||
#include "em_device.h"
|
||||
#include "sli_se_manager_features.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
|
|
|||
Loading…
Reference in New Issue