/* * Copyright (c) Hisilicon Technologies Co., Ltd. 2019-2020. All rights reserved. * Description: Define API about key ladder driver * Author: Hisilicon * Create: 2019-6-26 */ #ifndef UAPI_KLAD_H #define UAPI_KLAD_H #include "td_type.h" #include "uapi_security.h" #ifdef __cplusplus #if __cplusplus extern "C" { #endif #endif /* __cplusplus */ typedef enum { UAPI_ROOTKEY_NULL = 0x0, UAPI_ROOTKEY_CSA2 = 0x1, UAPI_ROOTKEY_CSA3 = 0x2, UAPI_ROOTKEY_AES = 0x3, UAPI_ROOTKEY_TDES = 0x4, UAPI_ROOTKEY_SM4 = 0x5, UAPI_ROOTKEY_MISC = 0x6, UAPI_ROOTKEY_R2R = 0x7, UAPI_ROOTKEY_HDCP = 0x8, UAPI_ROOTKEY_DCAS = 0x9, UAPI_ROOTKEY_DYM = 0xFF, } uapi_rootkey_type; /* * Keyladder type list */ typedef enum { UAPI_KLAD_COM = 0x10, UAPI_KLAD_TA = 0x11, UAPI_KLAD_FP = 0x12, UAPI_KLAD_NONCE = 0x13, UAPI_KLAD_CLR = 0x14, } uapi_klad_type; #define uapi_klad_instance(ca, rk, klad, id) \ ((((ca) << 24) & 0xFF000000) + (((rk) << 16) & 0xFF0000) + (((klad) << 8) & 0xFF00) + (id)) #define UAPI_CA_ID_BASIC 0x0 /* * Clear route keyladder. */ #define UAPI_KLAD_TYPE_CLEARCW uapi_klad_instance(UAPI_CA_ID_BASIC, UAPI_ROOTKEY_NULL, UAPI_KLAD_CLR, 0x01) /* * Dynamic keyladder, it can be customized. */ #define UAPI_KLAD_TYPE_DYNAMIC uapi_klad_instance(UAPI_CA_ID_BASIC, UAPI_ROOTKEY_DYM, UAPI_KLAD_COM, 0x01) /* * OEM Software keyladder * 1 stage keyladder * Keyladder algorithm use AES, target engine is MCipher and target engine algorithm is AES. */ #define UAPI_KLAD_TYPE_OEM_SW uapi_klad_instance(UAPI_CA_ID_BASIC, UAPI_ROOTKEY_R2R, UAPI_KLAD_COM, 0x01) /* * OEM R2R keyladder * 1 stage keyladder * Keyladder algorithm use AES, target engine is MCipher and target engine algorithm is AES. */ #define UAPI_KLAD_TYPE_OEM_R2R uapi_klad_instance(UAPI_CA_ID_BASIC, UAPI_ROOTKEY_R2R, UAPI_KLAD_COM, 0x02) /* * OEM HDCP keyladder * 1 stage keyladder * Keyladder algorithm use AES, target engine is MCipher and target engine algorithm is AES. */ #define UAPI_KLAD_TYPE_OEM_HDCP uapi_klad_instance(UAPI_CA_ID_BASIC, UAPI_ROOTKEY_HDCP, UAPI_KLAD_COM, 0x01) /* * CSA2 keyladder * 2 stage keyladder * Keyladder algorithm use AES/TDES/SM4, target engine is TSCIPHER and target engine algorithm is CSA2. */ #define UAPI_KLAD_TYPE_CSA2 uapi_klad_instance(UAPI_CA_ID_BASIC, UAPI_ROOTKEY_CSA2, UAPI_KLAD_COM, 0x01) /* * CSA3 keyladder * 2 stage keyladder * Keyladder algorithm use AES/TDES/SM4, target engine is TSCIPHER and target engine algorithm is CSA3. */ #define UAPI_KLAD_TYPE_CSA3 uapi_klad_instance(UAPI_CA_ID_BASIC, UAPI_ROOTKEY_CSA3, UAPI_KLAD_COM, 0x01) /* * R2R keyladder * 2 stage keyladder * Keyladder algorithm use AES/TDES/SM4, target engine is MCipher and target engine algorithm is AES/TDES/SM4. */ #define UAPI_KLAD_TYPE_R2R uapi_klad_instance(UAPI_CA_ID_BASIC, UAPI_ROOTKEY_R2R, UAPI_KLAD_COM, 0x03) /* * SP keyladder * 2 stage keyladder * Keyladder algorithm use AES/TDES/SM4, target engine is TSCIPHER and target engine algorithm is AES. */ #define UAPI_KLAD_TYPE_SP uapi_klad_instance(UAPI_CA_ID_BASIC, UAPI_ROOTKEY_AES, UAPI_KLAD_COM, 0x01) /* * MISC keyladder * 2 stage keyladder * Keyladder algorithm use AES/TDES/SM4, target engine is TSCIPHER and target engine algorithm is CSA2/CSA3/AES/TDES. */ #define UAPI_KLAD_TYPE_MISC uapi_klad_instance(UAPI_CA_ID_BASIC, UAPI_ROOTKEY_MISC, UAPI_KLAD_COM, 0x01) /* Define the maximum session key level. */ #define UAPI_SESSION_KEY_MAX_LEVEL 0x04 /* Define the maximum key length. */ #define UAPI_KLAD_MAX_KEY_LEN 32 /* Define the keyladder algorithm. */ typedef enum { UAPI_KLAD_ALG_TYPE_DEFAULT = 0, /* Default value */ UAPI_KLAD_ALG_TYPE_TDES = 1, UAPI_KLAD_ALG_TYPE_AES, UAPI_KLAD_ALG_TYPE_SM4, UAPI_KLAD_ALG_TYPE_MAX } uapi_klad_alg_type; /* Define the keyladder level. */ typedef enum { UAPI_KLAD_LEVEL1 = 0, UAPI_KLAD_LEVEL2, UAPI_KLAD_LEVEL3, UAPI_KLAD_LEVEL4, UAPI_KLAD_LEVEL5, UAPI_KLAD_LEVEL6, UAPI_KLAD_LEVEL_MAX } uapi_klad_level; /* Define the structure of keyladder configuration. */ typedef struct { td_u32 owner_id; /* Keyladder owner ID. Different keyladder have different ID. */ td_u32 klad_type; /* Keyladder type. */ } uapi_klad_config; /* Define the structure of content key configurations. */ typedef struct { td_bool decrypt_support; /* The content key can be used for decrypting. */ td_bool encrypt_support; /* The content key can be used for encrypting. */ uapi_crypto_alg engine; /* The content key can be used for which algorithm of the crypto engine. */ } uapi_klad_key_config; /* Structure of keyladder extend attributes. */ typedef struct { uapi_klad_config klad_cfg; /* The keyladder configuration. */ uapi_klad_key_config key_cfg; /* The content key configuration. */ } uapi_klad_attr; /* Structure of setting session key. */ typedef struct { uapi_klad_level level; /* the level of session key. */ uapi_klad_alg_type alg; /* the algorithm used to decrypt session key. */ td_u32 key_size; /* the size of session key. */ td_u8 key[UAPI_KLAD_MAX_KEY_LEN]; /* the session key. */ } uapi_klad_session_key; /* Structure of setting content key. */ typedef struct { td_bool odd; /* Odd or even key flag. */ uapi_klad_alg_type alg; /* The algorithm of the content key. */ td_u32 key_size; /* The size of content key. */ td_u8 key[UAPI_KLAD_MAX_KEY_LEN]; /* The content key. */ } uapi_klad_content_key; /* Structure of sending clear key. */ typedef struct { td_bool odd; /* Odd or even key flag. */ td_u32 key_size; /* The size of content key. */ td_u8 key[UAPI_KLAD_MAX_KEY_LEN]; /* The content key. */ } uapi_klad_clear_key; /* Structure of generating keyladder key. */ typedef struct { uapi_klad_alg_type alg; /* The algorithm of the content key. */ td_u32 key_size; /* The size of content key. */ td_u8 key[UAPI_KLAD_MAX_KEY_LEN]; td_u32 gen_key_size; /* The size of generated key. */ td_u8 gen_key[UAPI_KLAD_MAX_KEY_LEN]; } uapi_klad_gen_key; /* Structure of setting Nonce keyladder key. */ typedef struct { uapi_klad_alg_type alg; /* The algorithm of the content key. */ td_u32 key_size; /* The size of content key. */ td_u8 key[UAPI_KLAD_MAX_KEY_LEN]; td_u32 nonce_size; /* The size of nonce key. */ td_u8 nonce[UAPI_KLAD_MAX_KEY_LEN]; /* The size of nonce key. */ } uapi_klad_nonce_key; /* Rootkey slot. */ typedef enum { UAPI_BOOT_ROOTKEY_SLOT = 0x0, UAPI_SOC_ROOTKEY_SLOT = 0x1, UAPI_OEM_ROOTKEY_SLOT = 0x2, UAPI_CAS_ROOTKEY_SLOT0 = 0x10, UAPI_CAS_ROOTKEY_SLOT1 = 0x11, UAPI_CAS_ROOTKEY_SLOT2 = 0x12, UAPI_CAS_ROOTKEY_SLOT3 = 0x13, UAPI_CAS_ROOTKEY_SLOT4 = 0x14, UAPI_CAS_ROOTKEY_SLOT5 = 0x15, UAPI_CAS_ROOTKEY_SLOT6 = 0x16, UAPI_CAS_ROOTKEY_SLOT7 = 0x17, UAPI_ROOTKEY_SLOT_MAX } uapi_rootkey_select; /* Configure crypto engine type. */ typedef struct { td_bool mcipher_support; /* Support send key to Mcipher or not. */ td_bool tscipher_support; /* Support send key to TScipher(TSR2RCipher and Demux) or not. */ } uapi_rootkey_target; /* configure crypto engine algorithm. */ typedef struct { td_bool sm4_support; /* Target engine support SM4 algorithm or not. */ td_bool tdes_support; /* Target engine support TDES algorithm or not. */ td_bool aes_support; /* Target engine support AES algorithm or not. */ td_bool csa2_support; /* Target engine support CSA2 algorithm or not. */ td_bool csa3_support; /* Target engine support CSA3 algorithm or not. */ td_bool hmac_sha_support; /* Target engine support HMAC SHA or not. */ td_bool hmac_sm3_support; /* Target engine support HMAC SM3 or not. */ } uapi_rootkey_target_alg; /* Configure target engine features. */ typedef struct { td_bool encrypt_support; /* Target engine support encrypt or not. */ td_bool decrypt_support; /* Target engine support decrypt or not. */ } uapi_rootkey_target_feature; /* Configure keyladder algorithm. */ typedef struct { td_bool sm4_support; /* Keyladder support SM4 algorithm or not. */ td_bool tdes_support; /* Keyladder support TDES algorithm or not. */ td_bool aes_support; /* Keyladder support AES algorithm or not. */ } uapi_rootkey_alg; /* Configure keyladder stage. */ typedef enum { UAPI_ROOTKEY_LEVEL1 = 0, /* Keyladder support 1 stage. */ UAPI_ROOTKEY_LEVEL2, /* Keyladder support 2 stage. */ UAPI_ROOTKEY_LEVEL3, /* Keyladder support 3 stage. */ UAPI_ROOTKEY_LEVEL4, /* Keyladder support 4 stage. */ UAPI_ROOTKEY_LEVEL5, /* Keyladder support 5 stage. */ UAPI_ROOTKEY_LEVEL_MAX } uapi_rootkey_level; /* Structure of Rootkey attributes. */ typedef struct { uapi_rootkey_select root_key_sel; /* Rootkey slot select. */ uapi_rootkey_target target_support; /* Crypto engine select. */ uapi_rootkey_target_alg target_alg_support; /* Crypto engine algorithm. */ uapi_rootkey_target_feature target_feature_support; uapi_rootkey_level level; /* Keyladder stage. */ uapi_rootkey_alg alg_support; /* Keyladder algorithm. */ } uapi_rootkey_attr; /* * brief Declare keyladder callback function interface * param[in] err_code Return error code. * param[in] args Receive buffer. * param[in] size The length of args. * param[in] user_data User private data. * param[in] user_data_len User private data length. */ typedef td_s32 (*uapi_klad_func)(td_s32 err_code, td_char *args, td_u32 size, td_void *user_data, td_u32 user_data_len); /* Define callback descriptor */ /* CNcomment:定义回调描述信息 */ typedef struct { uapi_klad_func done_callback; /* Keyladder callback function interface */ td_void *user_data; /* User private data */ td_u32 user_data_len; /* User private data length */ } uapi_klad_done_callback; /* * brief Initialize the key ladder device. * param None * retval ::TD_SUCCESS Success * retval ::TD_FAILURE Failure */ td_s32 uapi_klad_init(td_void); /* * brief Terminate and clean the key ladder device. * param None * retval ::TD_SUCCESS Success * retval ::TD_FAILURE Failure */ td_s32 uapi_klad_deinit(td_void); /* \brief Create handle of key ladder. \param[out] klad Handle of key ladder. \retval ::TD_SUCCESS Success \retval ::TD_FAILURE Failure \retval ::SOC_ERR_KLAD_INVALID_PARAM The parameter is invalid. */ td_s32 uapi_klad_create(td_handle *klad); /* \brief Destroy key ladder handle. \param[in] klad Handle of key ladder. \retval ::TD_SUCCESS Success \retval ::TD_FAILURE Failure \retval ::SOC_ERR_KLAD_INVALID_PARAM The parameter is invalid. */ td_s32 uapi_klad_destroy(td_handle klad); /* * brief Attach key ladder to the target. * param[in] klad Handle of key ladder. * param[in] target Handle of target, it is Keyslot handle that created by CIPHER/TSCIPHER driver. * retval ::TD_SUCCESS Success * retval ::TD_FAILURE Failure * retval ::SOC_ERR_KLAD_INVALID_PARAM The parameter is invalid. */ td_s32 uapi_klad_attach(td_handle klad, td_handle target); /* * brief Detach a key ladder from a target. * param[in] klad Handle of key ladder. * param[in] target Handle of target, it is Keyslot handle that created by CIPHER/TSCIPHER driver. * retval ::TD_SUCCESS Success * retval ::TD_FAILURE Failure * retval ::SOC_ERR_KLAD_INVALID_PARAM The parameter is invalid. */ td_s32 uapi_klad_detach(td_handle klad, td_handle target); /* * brief Set the attributes of a key ladder. * attention \n * 1:Keyladder algorithm can be changed in different stage. * 2:pstAttr->u32OwnerID is defined for each customer. * param[in] klad Handle of key ladder. * param[in] attr Pointer to the attributes of a key ladder. * retval ::TD_SUCCESS Success * retval ::TD_FAILURE Failure * retval ::SOC_ERR_KLAD_INVALID_PARAM The parameter is invalid. */ td_s32 uapi_klad_set_attr(td_handle klad, const uapi_klad_attr *attr); /* * brief Get the attributes of a key ladder * param[in] handle Handle of key ladder * param[out] attr Pointer to the attributes of a key ladder * retval ::TD_SUCCESS Success * retval ::TD_FAILURE Failure * retval ::SOC_ERR_KLAD_INVALID_PARAM The parameter is invalid. */ td_s32 uapi_klad_get_attr(td_handle klad, uapi_klad_attr *attr); /* * brief set the rootkey attributes of a key ladder. * attention \n * This API is used for create a dynamic custom keyladder. Keyladder type must be UAPI_KLAD_TYPE_DYNAMIC. * param[in] klad Handle of key ladder. * param[in] rootkey_attr Pointer to the rootkey attributes of a key ladder. * retval ::TD_SUCCESS Success * retval ::TD_FAILURE Failure * retval ::SOC_ERR_KLAD_INVALID_PARAM The parameter is invalid. */ td_s32 uapi_klad_set_rootkey_attr(td_handle klad, const uapi_rootkey_attr *rootkey_attr); /* * brief Get the rootkey attributes of a key ladder * param[in] klad Handle of key ladder * param[out] rootkey_attr Pointer to the rootkey attributes of a key ladder * retval ::TD_SUCCESS Success * retval ::TD_FAILURE Failure * retval ::SOC_ERR_KLAD_INVALID_PARAM The parameter is invalid. */ td_s32 uapi_klad_get_rootkey_attr(td_handle klad, uapi_rootkey_attr *rootkey_attr); /* * brief Set session key of a keyladder * param[in] klad Handle of key ladder * param[in] key Pointer to the session key * retval ::TD_SUCCESS Success * retval ::TD_FAILURE Failure * retval ::SOC_ERR_KLAD_INVALID_PARAM The parameter is invalid. */ td_s32 uapi_klad_set_session_key(td_handle klad, const uapi_klad_session_key *key); /* * brief Set content key of a keyladder * param[in] klad Handle of key ladder * param[in] key Pointer to the content key * retval ::TD_SUCCESS Success * retval ::TD_FAILURE Failure * retval ::SOC_ERR_KLAD_INVALID_PARAM The parameter is invalid. */ td_s32 uapi_klad_set_content_key(td_handle klad, const uapi_klad_content_key *key); /* * brief Set clear route key of a keyladder * param[in] klad Handle of key ladder * param[in] key Pointer to the content key * retval ::TD_SUCCESS Success * retval ::TD_FAILURE Failure * retval ::SOC_ERR_KLAD_INVALID_PARAM The parameter is invalid. */ td_s32 uapi_klad_set_clear_key(td_handle klad, const uapi_klad_clear_key *key); /* * brief Generate nonce key from keyladder * param[in] klad Handle of key ladder * param[in] key Pointer to the nonce key * retval ::TD_SUCCESS Success * retval ::TD_FAILURE Failure * retval ::SOC_ERR_KLAD_INVALID_PARAM The parameter is invalid. */ td_s32 uapi_klad_generate_nonce(td_handle klad, uapi_klad_nonce_key *key); /* * brief Set content key of a keyladder * param[in] klad Handle of key ladder * param[in] key Pointer to the content key * param[in] callback Callback function for receiving final result. * retval ::TD_SUCCESS Success * retval ::TD_FAILURE Failure * retval ::SOC_ERR_KLAD_INVALID_PARAM The parameter is invalid. */ td_s32 uapi_klad_async_set_content_key(td_handle klad, const uapi_klad_content_key *key, const uapi_klad_done_callback *callback); #ifdef __cplusplus #if __cplusplus } #endif #endif /* __cplusplus */ #endif /* UAPI_KLAD_H */