NVIDIA DRIVE OS Linux API Reference

5.1.3.0 Release

 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
ote_nvcrypto.h File Reference

Detailed Description

NVIDIA Trusted Little Kernel Interface: NVIDIA Cryptography

Description: Declares the cryptography APIs in the TLK.

Definition in file ote_nvcrypto.h.

Go to the source code of this file.

Macros

#define CRYPTO_SERVICE_SANITY_CHECK   0
 
#define CRYPTO_SERVICE_GET_KEYBOX   1
 
#define CRYPTO_SERVICE_GET_STORAGE_KEY   2
 
#define CRYPTO_SERVICE_GET_ROLLBACK_KEY   3
 
#define CRYPTO_SERVICE_GET_RO_TRUST_KEY   4
 
#define CRYPTO_SERVICE_GET_WV_SIG_RSA_KEY   5
 
#define CRYPTO_SERVICE_GET_GS_SIG_KEY   6
 
#define CRYPTO_SERVICE_GET_VUDU_PLATFORM_KEY   7 /* Deprecated */
 
#define CRYPTO_SERVICE_GET_HWRANDOM   8
 
#define CRYPTO_SERVICE_GET_EKS2_MAC_KEY   9U
 
#define CRYPTO_SERVICE_INSTALL_EKS2_KEYS   10U
 
#define CRYPTO_SERVICE_GET_WIDEVINE_KEY   11U
 
#define CRYPTO_SERVICE_GET_KEYBOX_ATTRIBUTE   12U
 
#define CRYPTO_SERVICE_GET_STORAGE_MASTER_KEY   CRYPTO_SERVICE_GET_STORAGE_KEY
 
#define CRYPTO_SERVICE_GET_RANDOM_NUMBER   CRYPTO_SERVICE_GET_HWRANDOM
 
#define CRYPTO_SERVICE_DERIVE_KEY   0x80
 
#define CRYPTO_SERVICE_UPDATE_SE_KEYSLOT   0x81
 
#define CRYPTO_SERVICE_RSA_RAW_PRIVATE_ENCRYPT   0x82
 
#define CRYPTO_SERVICE_DO_CRYPT_FUNCTIONS   0x83
 
#define CRYPTO_SERVICE_GET_EFS_MASTER_KEY   0x84
 
#define CRYPTO_SERVICE_REQUEST_SE_KEYSLOT   0x85
 
#define CRYPTO_SERVICE_RELEASE_SE_KEYSLOT   0x86
 
#define KEYSLOT_TYPE_AES   0
 
#define KEYSLOT_TYPE_RSA   1
 
#define MAX_HWRANDOM_SIZE   4096
 

Enumerations

enum  {
  KEYSLOT_RICH_OS_NO_READ_NO_WRITE_KEY_ACCESSIBLE = 0,
  KEYSLOT_CONFIG_ALL
}
 
enum  keystore_lookup_type {
  KEYSTORE_LOOKUP_ABSOLUTE = 1,
  KEYSTORE_LOOKUP_RELATIVE,
  KEYSTORE_LOOKUP_BY_ID
}
 
enum  keybox_attr_type { KEYBOX_ATTR_SIZE = 1 }
 

Functions

te_error_t ote_nvcrypto_init (void)
 Initializes and opens an nvcrypto service session. More...
 
te_error_t ote_nvcrypto_deinit (void)
 Closes an nvcrypto service session. More...
 
te_error_t ote_nvcrypto_get_keybox (uint32_t keybox_lookup_index, keystore_lookup_type lookup_type, void *buf, uint32_t *len)
 Gets the key box provisioned in the EKS partition. More...
 
te_error_t ote_nvcrypto_get_keybox_size (uint32_t keybox_lookup_index, keystore_lookup_type lookup_type, uint32_t *len)
 Gets the size of the key box provisioned in the EKS partition. More...
 
te_error_t ote_nvcrypto_get_storage_key (uint8_t *key, uint32_t key_size)
 Gets the storage key. More...
 
te_error_t ote_nvcrypto_get_rollback_key (uint8_t *key, uint32_t key_size)
 Gets the rollback key. More...
 
te_error_t ote_nvcrypto_get_ro_trust_key (uint8_t *key, uint32_t key_size)
 Gets the key derived from the root of trust. More...
 
te_error_t ote_nvcrypto_get_random (uint8_t *buf, uint32_t buf_len)
 Gets SE HW random number generated data. More...
 
te_error_t ote_nvcrypto_get_wv_rsa_sig_key (uint8_t *key, uint32_t *key_size)
 Gets the wv rsa sig key. More...
 
te_error_t ote_nvcrypto_get_gs_key (uint8_t *key, uint32_t *key_size)
 Gets the vrr auth key. More...
 
te_error_t ote_nvcrypto_get_key (uint8_t *key, uint32_t key_size, uint32_t key_type)
 Gets the storage/rollback key. More...
 
te_error_t ote_nvcrypto_derive_key (const uint8_t *src_buffer, const uint32_t src_buf_len, uint8_t *dest)
 Generates a unique encryption key by performing crypto operations on the src_buffer a predefined initial vector IV and a secure storage key. More...
 
te_error_t ote_nvcrypto_get_widevine_key (uint8_t *key, uint32_t key_size)
 Gets the Widevine Device Unique key. More...
 
te_error_t ote_nvcrypto_update_se_keyslot (uint32_t KeySlotType, uint32_t KeySlotIdx, uint32_t access_control, const uint32_t *pData, uint32_t pData_len)
 Updates the HW security engine AES/RSA keyslots with an input Key. More...
 
te_error_t ote_nvcrypto_rsa_raw_private_encrypt (uint8_t *pri_key, uint32_t pri_key_len, uint32_t *data_in, uint32_t data_in_len, uint8_t *signedData, uint32_t signed_data_len)
 Interface sign a data blob with a RSA key with no data padding. More...
 
te_error_t ote_nvcrypto_do_crypt_functions (uint32_t algo, uint32_t mode, uint8_t *inbuf, uint32_t inbuf_len, uint8_t *iv, uint32_t iv_len, uint8_t *key, uint32_t key_len, uint8_t *outbuf, uint32_t *outbuf_len)
 Interface for crypto operations such as AES, SHA, and RSA using openssl library. More...
 
te_error_t ote_nvcrypto_get_eks2_mac_key (uint8_t *key, uint32_t *key_size)
 Gets the EKS2 mac key, which is used to validate integrity of the EKS2 blob coming from the non-secure world. More...
 
te_error_t ote_nvcrypto_install_eks2_keys (const uint8_t *buf, uint32_t buf_len, uint32_t num_keys)
 Installs EKS2 keys in NVCrypto key slots. More...