Specifies an implementation of the hardware-based AES-CMAC function, very similar to the OpenSSL CMAC implementation, and based on the same concepts.
If you are not familiar with the OpenSSL implementation of CMAC, the reference above will help you understand it. Each AES-CMAC function corresponds to an OpenSSL CMAC function with a similar name and usage. To use AES-CMAC, follow the same sequence of operations as for OpenSSL CMAC, using the AES-CMAC functions instead of the OpenSSL CMAC ones.key definition functions.
OpenSSL CMAC function | Corresponding hardware-based AES-CMAC function |
---|---|
CMAC_CTX_new() | tegra_se_cmac_new() |
CMAC_Init() | tegra_se_cmac_init() |
CMAC_Update() | tegra_se_cmac_update() |
CMAC_Final() | tegra_se_cmac_final() |
CMAC_CTX_free() | tegra_se_cmac_free() |
The hardware-based KDF may only be used at boot time to avoid a runtime conflict with SE hardware usage by the SE driver in the Linux kernel. A run time, use the software-based KDF instead.
The following code shows examples of how the API functions can be used.
Typedefs | |
typedef struct tegra_se_cmac_context | se_cmac_ctx |
Functions | |
uint32_t | se_acquire (void) |
void | se_release (void) |
uint32_t | se_derive_root_key (uint8_t *root_key, size_t root_key_len, uint8_t *fv, size_t fv_len, uint32_t keyslot) |
int | se_write_keyslot (uint8_t *key_in, uint32_t keylen, uint32_t key_quad_sel, uint32_t keyslot) |
uint32_t | se_clear_aes_keyslots (void) |
se_cmac_ctx * | tegra_se_cmac_new (void) |
Creates an SE CMAC context. More... | |
void | tegra_se_cmac_free (se_cmac_ctx *se_cmac) |
Frees an SE CMAC context. More... | |
int | tegra_se_cmac_init (se_cmac_ctx *se_cmac, se_aes_keyslot_t keyslot, uint32_t keylen) |
Initialize the SE CMAC from a user-provided key. More... | |
int | tegra_se_cmac_update (se_cmac_ctx *se_cmac, void *data, uint32_t dlen) |
Caches input data in an SE CMAC. More... | |
int | tegra_se_cmac_final (se_cmac_ctx *se_cmac, uint8_t *out, uint32_t *poutlen) |
Finalizes a SE CMAC. More... | |
typedef struct tegra_se_cmac_context se_cmac_ctx |
Definition at line 199 of file tegra_se.h.
uint32_t se_acquire | ( | void | ) |
uint32_t se_clear_aes_keyslots | ( | void | ) |
Referenced by key_mgnt_derive_root_keys().
uint32_t se_derive_root_key | ( | uint8_t * | root_key, |
size_t | root_key_len, | ||
uint8_t * | fv, | ||
size_t | fv_len, | ||
uint32_t | keyslot | ||
) |
Referenced by key_mgnt_derive_root_keys().
void se_release | ( | void | ) |
int se_write_keyslot | ( | uint8_t * | key_in, |
uint32_t | keylen, | ||
uint32_t | key_quad_sel, | ||
uint32_t | keyslot | ||
) |
Referenced by set_ekb_key_to_keyslot(), tegra_se_cmac_self_test(), and tegra_se_nist_800_108_kdf_self_test().
int tegra_se_cmac_final | ( | se_cmac_ctx * | se_cmac, |
uint8_t * | out, | ||
uint32_t * | poutlen | ||
) |
Finalizes a SE CMAC.
Call this function after the input has been processed and the output has been used.
[in] | *se_cmac | A pointer to the SE CMAC context. |
[out] | *out | A pointer to an output buffer. The function places the derived key here. |
[out] | *poutlen | A pointer to the derived key length. The function places the length of the derived key here. |
Referenced by tegra_se_cmac_self_test().
void tegra_se_cmac_free | ( | se_cmac_ctx * | se_cmac | ) |
Frees an SE CMAC context.
[in] | *se_cmac | A pointer to the SE CMAC context. |
Referenced by tegra_se_cmac_self_test().
int tegra_se_cmac_init | ( | se_cmac_ctx * | se_cmac, |
se_aes_keyslot_t | keyslot, | ||
uint32_t | keylen | ||
) |
Initialize the SE CMAC from a user-provided key.
[in] | *se_cmac | A pointer to the SE CMAC context. |
[in] | *keyslot | A pointer to an SE keyslot containing the user-provided key. |
[in] | *keylen | Length of the user-provided key. |
NO_ERROR | if successful. |
ERR_INVALID_ARGS | if any of the arguments is invalid. |
ERR_NO_MEMORY | if no memory is available. |
Referenced by tegra_se_cmac_self_test().
se_cmac_ctx* tegra_se_cmac_new | ( | void | ) |
Creates an SE CMAC context.
Referenced by tegra_se_cmac_self_test().
int tegra_se_cmac_update | ( | se_cmac_ctx * | se_cmac, |
void * | data, | ||
uint32_t | dlen | ||
) |
Caches input data in an SE CMAC.
This function may be called multiple times to cache additional data.
[in] | *se_cmac | A pointer to the SE CMAC context. |
[in] | *data | A pointer to input data. |
[in] | dlen | Length of the input data. |
NO_ERROR | if successful. |
ERR_INVALID_ARGS | if any of the arguments is invalid. |
ERR_NO_MEMORY | if no memory is available. |
Referenced by tegra_se_cmac_self_test().