1 /** 2 * @file hi_cipher.h 3 * 4 * Copyright (c) 2020 HiSilicon (Shanghai) Technologies CO., LIMITED. 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 /** 19 * @defgroup iot_cipher Encryption and Decryption. 20 * @ingroup drivers 21 */ 22 #ifndef __HI_CIPHER_H__ 23 #define __HI_CIPHER_H__ 24 25 #include <hi_types.h> 26 27 #ifdef __cplusplus 28 #if __cplusplus 29 extern "C" { 30 #endif 31 #endif /* __cplusplus */ 32 33 #define PKE_LEN_32_BYTES 32 34 #define PKE_LEN_256_BYTES 256 35 #define PKE_LEN_384_BYTES 384 36 #define PKE_LEN_512_BYTES 512 37 #define RSA_KEY_LEN_2048 256 38 #define AES_MAX_KEY_IN_WORD 16 39 #define AES_IV_LEN_IN_WORD 4 40 #define KDF_KEY_LEN_IN_BYTES 32 41 42 /** 43 * @ingroup iot_cipher 44 * Hash algrithm type 45 */ 46 typedef enum { 47 HI_CIPHER_HASH_TYPE_SHA256 = 0x0, 48 HI_CIPHER_HASH_TYPE_HMAC_SHA256, 49 HI_CIPHER_HASH_TYPE_MAX, 50 HI_CIPHER_HASH_TYPE_INVALID = 0xffffffff, 51 }hi_cipher_hash_type; 52 53 /** 54 * @ingroup iot_cipher 55 * Rsa sign and veriry scheme 56 */ 57 typedef enum { 58 HI_CIPHER_RSA_SIGN_SCHEME_RSASSA_PKCS1_V15_SHA256 = 0x00, /**< PKCS#1 RSASSA_PKCS1_V15_SHA256 signature */ 59 HI_CIPHER_RSA_SIGN_SCHEME_RSASSA_PKCS1_PSS_SHA256, /**< PKCS#1 RSASSA_PKCS1_PSS_SHA256 signature */ 60 HI_CIPHER_RSA_SIGN_SCHEME_MAX, 61 HI_CIPHER_RSA_SIGN_SCHEME_INVALID = 0xffffffff, 62 }hi_cipher_rsa_sign_scheme; 63 64 /** 65 * @ingroup iot_cipher 66 * Aes key from 67 */ 68 typedef enum { 69 HI_CIPHER_AES_KEY_FROM_CPU = 0x00, 70 HI_CIPHER_AES_KEY_FROM_KDF, 71 HI_CIPHER_AES_KEY_FROM_MAX, 72 HI_CIPHER_AES_KEY_FROM_INVALID = 0xffffffff, 73 }hi_cipher_aes_key_from; 74 75 /** 76 * @ingroup iot_cipher 77 * Aes work mode 78 */ 79 typedef enum { 80 HI_CIPHER_AES_WORK_MODE_ECB = 0x00, /**< Electronic codebook (ECB) mode, ECB has been considered insecure and 81 it is recommended not to use it. */ 82 HI_CIPHER_AES_WORK_MODE_CBC, /**< Cipher block chaining (CBC) mode. */ 83 HI_CIPHER_AES_WORK_MODE_CTR, /**< Counter (CTR) mode. */ 84 HI_CIPHER_AES_WORK_MODE_CCM, /**< Counter (CCM) mode. */ 85 HI_CIPHER_AES_WORK_MODE_XTS, /**< XTS-AES (XTS) mode. */ 86 HI_CIPHER_AES_WORK_MODE_MAX, 87 HI_CIPHER_AES_WORK_MODE_INVALID = 0xffffffff, 88 }hi_cipher_aes_work_mode; 89 90 /** 91 * @ingroup iot_cipher 92 * Aes key length 93 */ 94 typedef enum { 95 HI_CIPHER_AES_KEY_LENGTH_128BIT = 0x00, 96 HI_CIPHER_AES_KEY_LENGTH_192BIT, 97 HI_CIPHER_AES_KEY_LENGTH_256BIT, 98 HI_CIPHER_AES_KEY_LENGTH_512BIT, /**< 512bit, just used for xts. */ 99 HI_CIPHER_AES_KEY_LENGTH_MAX, 100 HI_CIPHER_AES_KEY_LENGTH_INVALID = 0xffffffff, 101 }hi_cipher_aes_key_length; 102 103 /** 104 * @ingroup iot_cipher 105 * Rsa private key sign 106 */ 107 typedef struct { 108 hi_cipher_rsa_sign_scheme scheme; /**< The rsa sign type */ 109 hi_u8 *d; /**< The private exponent */ 110 hi_u8 *n; /**< The modulus */ 111 hi_u32 klen; /**< The key length */ 112 } hi_cipher_rsa_sign; 113 114 /** 115 * @ingroup iot_cipher 116 * Rsa public key verify 117 */ 118 typedef struct { 119 hi_cipher_rsa_sign_scheme scheme; /**< The rsa sign type */ 120 hi_u8 *e; /**< The public exponent */ 121 hi_u8 *n; /**< The modulus */ 122 hi_u32 klen; /**< The key length */ 123 } hi_cipher_rsa_verify; 124 125 /** 126 * @ingroup iot_cipher 127 * cipher struct for output 128 */ 129 typedef struct { 130 hi_u8 *out; /**< Point for output */ 131 hi_u32 out_buf_len; /**< Length of output buffer */ 132 hi_u32 *out_len; /**< Length of valid output data */ 133 } hi_cipher_output; 134 135 /** 136 * @ingroup iot_cipher 137 * Struct of ecc curves parameters 138 */ 139 typedef struct { 140 const hi_u8 *p; /**< Finite field: equal to p in case of prime field curves or equal to 2^n in case of binary 141 field curves. */ 142 const hi_u8 *a; /**< Curve parameter a (q-3 in Suite B). */ 143 const hi_u8 *b; /**< Curve parameter b. */ 144 const hi_u8 *gx; /**< X coordinates of G which is a base point on the curve. */ 145 const hi_u8 *gy; /**< Y coordinates of G which is a base point on the curve. */ 146 const hi_u8 *n; /**< Prime which is the order of G point. */ 147 hi_u32 h; /**< Cofactor, which is the order of the elliptic curve divided by the order of the point G. For 148 the Suite B curves, h = 1. */ 149 hi_u32 ksize; /**< Ecc key size in bytes. It corresponds to the size in bytes of the prime, should be 32bytes. */ 150 }hi_cipher_ecc_param; 151 152 /** 153 * @ingroup iot_cipher 154 * Struct of ecc sign 155 */ 156 typedef struct { 157 const hi_u8 *d; /**< Ecdh private key, the caller ensures it is padded with leading zeros if the effective size of 158 this key is smaller than ecc key size. */ 159 const hi_u8 *hash; /**< Hash data for ecc sign. */ 160 hi_u32 hash_len; /**< The length of hash data, just 32 bytes is valid data. */ 161 hi_u8 *r; /**< Output ecc sign result R, its length is ecc key size. */ 162 hi_u8 *s; /**< Output ecc sign result S, its length is ecc key size. */ 163 }hi_cipher_ecc_sign; 164 165 /** 166 * @ingroup iot_cipher 167 * Struct of ecc verify 168 */ 169 typedef struct { 170 const hi_u8 *px; /**< Ecdh X coordinates of the generated public key, the caller ensures it is padded with leading 171 zeros if the effective size of this key is smaller than ecc key size. */ 172 const hi_u8 *py; /**< Ecdh Y coordinates of the generated public key, the caller ensures it is padded with leading 173 zeros if the effective size of this key is smaller than ecc key size. */ 174 const hi_u8 *hash; /**< Hash data for ecc verify. */ 175 hi_u32 hash_len; /**< The length of hash data, just 32 bytes is valid data. */ 176 const hi_u8 *r; /**< Output ecc sign result R, its length is ecc key size. */ 177 const hi_u8 *s; /**< Output ecc sign result S, its length is ecc key size. */ 178 }hi_cipher_ecc_verify; 179 180 /** 181 * @ingroup iot_cipher 182 * Aes ccm struct 183 */ 184 typedef struct { 185 hi_u8 *n; /**< Nonce. */ 186 hi_u32 n_len; /**< Nonce length for CCM, which is an element of {7,8,9,10,11,12,13}. */ 187 hi_u32 tag_len; /**< Tag lenght for CCM which is an element of {4,6,8,10,12,14,16}. */ 188 hi_u32 aad_len; /**< Associated data length for CCM. */ 189 uintptr_t aad_addr; /**< Physical address of Associated data for CCM. */ 190 }hi_cipher_aes_ccm; 191 192 /** 193 * @ingroup iot_cipher 194 * Aes ctrl struct 195 */ 196 typedef struct { 197 hi_u32 key[AES_MAX_KEY_IN_WORD]; /**< Key input. */ 198 hi_u32 iv[AES_IV_LEN_IN_WORD]; /**< Initialization vector (IV). */ 199 hi_bool random_en; /**< Enable random delay or not. */ 200 hi_u8 resv[3]; /* 3 byte reserved */ 201 hi_cipher_aes_key_from key_from; /**< Key from, When using kdf key, no nead to configure the input key. */ 202 hi_cipher_aes_work_mode work_mode; /**< Work mode. */ 203 hi_cipher_aes_key_length key_len; /**< Key length. aes-ecb/cbc/ctr support 128/192/256 bits key, ccm just support 204 128 bits key, xts just support 256/512 bits key. */ 205 hi_cipher_aes_ccm *ccm; /**< Struct for ccm. */ 206 }hi_cipher_aes_ctrl; 207 208 /** 209 * @ingroup iot_cipher 210 * Kdf key type 211 */ 212 typedef enum { 213 HI_CIPHER_SSS_KDF_KEY_DEVICE = 0x0, /**< kdf device key derivation. */ 214 HI_CIPHER_SSS_KDF_KEY_STORAGE, /**< kdf storage key derivation. */ 215 HI_CIPHER_SSS_KDF_KEY_MAX, 216 HI_CIPHER_SSS_KDF_KEY_INVALID = 0xFFFFFFFF, 217 }hi_cipher_kdf_mode; 218 219 /** 220 * @ingroup iot_cipher 221 * Kdf ctrl struct 222 */ 223 typedef struct { 224 const hi_u8 *salt; /**< salt for kdf key derivation. */ 225 hi_u32 salt_len; /**< salt_len should be 16 bytes for kdf device key derivation, 226 32 bytes for kdf storage key derivation. */ 227 hi_u8 key[KDF_KEY_LEN_IN_BYTES]; 228 hi_cipher_kdf_mode kdf_mode; /**< kdf mode for key derivation. */ 229 hi_u32 kdf_cnt; /**< kdf cnt for iteration.It is recommended that the number of iterations be 230 not less than 10000 times, if performance requirement, no less than 1000 231 times, and not more than 0xffff times. */ 232 hi_u8 result[KDF_KEY_LEN_IN_BYTES]; 233 }hi_cipher_kdf_ctrl; 234 235 /** 236 * @ingroup iot_cipher 237 * Hash/hmac init struct input 238 */ 239 typedef struct { 240 const hi_u8 *hmac_key; /**< hmac_key, just used for hmac. */ 241 hi_u32 hmac_key_len; /**< hmac_key_len, just used for hmac. */ 242 hi_cipher_hash_type sha_type; /**< sha_type, hash or hmac type. */ 243 }hi_cipher_hash_atts; 244 245 /** 246 * @ingroup iot_cipher 247 * @brief Initializes the Cipher module. CNcomment:Cipher 模块初始化。CNend 248 * 249 * @par 描述: 250 * Initializes the Cipher module, does NOT support multi-tasks. 251 CNcomment:Cipher模块初始化,不支持多任务。CNend 252 * 253 * @attention This function must be called before using cipher module. 254 CNcomment:使用Cipher模块算法前调用本接口初始化。CNend 255 * @param None 256 * 257 * @retval #0 Success 258 * @retval #Other Failure, for details, see file hi_errno.h. 259 * @par 依赖: 260 * @li hi_cipher.h:Describes Cipher module APIs. 261 CNcomment:文件用于描述Cipher模块相关接口。CNend 262 * @see hi_cipher_init。 263 */ 264 hi_u32 hi_cipher_init(hi_void); 265 266 /** 267 * @ingroup iot_cipher 268 * @brief Settings of AES. CNcomment:AES算法参数配置。CNend 269 * 270 * @par 描述: 271 * Configure of AES. CNcomment:AES算法参数配置。CNend 272 * 273 * @attention None 274 * @param ctrl [IN] type #hi_cipher_aes_ctrl *,AES parameters. CNcomment:AES算法参数配置。CNend 275 * 276 * @retval #0 Success 277 * @retval #Other Failure, for details, see file hi_errno.h. 278 * @par 依赖: 279 * @li hi_cipher.h:Describes Cipher module APIs. 280 CNcomment:文件用于描述Cipher模块相关接口。CNend 281 * @see hi_cipher_aes_config。 282 */ 283 hi_u32 hi_cipher_aes_config(hi_cipher_aes_ctrl *ctrl); 284 285 /** 286 * @ingroup iot_cipher 287 * @brief Encryption/Decryption of AES, if execution fails, hi_cipher_aes_destroy_config must be called to 288 release resources. 289 CNcomment:AES算法加解密,如果执行失败,必须调用hi_cipher_aes_destroy_config接口释放资源。CNend 290 * 291 * @par 描述: 292 * Encryption/Decryption of AES. CNcomment:AES算法加解密。CNend 293 * 294 * @attention 无。 295 * @param src_addr [IN] type #uintptr_t,Input data source address. 296 CNcomment:待加密或解密的源数据物理地址,地址要求4对齐。CNend 297 * @param dest_addr [OUT] type #uintptr_t,output data physical address, the address must be 298 aligned in 4 bytes. 299 CNcomment:加密或解密结果数据物理地址,地址要求4对齐。CNend 300 * @param length [IN] type #hi_u32,data length, ECB/CBC/CTR must be aligned in 16 bytes, 301 CCM doesn't need to. 302 CNcomment:数据长度, ECB/CBC/CTR要求16bytes对齐, CCM可以不要求16bytes对齐。CNend 303 * @param encrypt [IN] type #hi_bool,options of encryption/decryption, HI_TRUE is for encryption, 304 HI_FALSE is for decryption.CNcomment:加解密配置选项,配置HI_TRUE为加密,配置HI_FALSE为解密。CNend 305 * 306 * @retval #0 Success 307 * @retval #Other Failure, for details, see file hi_errno.h. 308 * @par 依赖: 309 * @li hi_cipher.h:Describes Cipher module APIs. 310 CNcomment:文件用于描述Cipher模块相关接口。CNend 311 * @see hi_cipher_aes_crypto。 312 */ 313 hi_u32 hi_cipher_aes_crypto(uintptr_t src_addr, uintptr_t dest_addr, hi_u32 length, hi_bool encrypt); 314 315 /** 316 * @ingroup iot_cipher 317 * @brief Output Tag, if execution fails, hi_cipher_aes_destroy_config must be called to release resources. 318 CNcomment:输出Tag,如果执行失败,必须调用hi_cipher_aes_destroy_config接口释放资源。CNend 319 * 320 * @par 描述: 321 * Output Tag, AES and CCM will output Tag after encrypting or decrypting. 322 CNcomment:输出Tag, AES CCM 模式加密或解密计算完成后,输出Tag值。CNend 323 * 324 * @attention None 325 * @param tag [OUT] type #hi_u8 *,Pointer to output Tag. CNcomment:输出Tag指针。CNend 326 * @param tag_buf_len [IN] type #hi_u32,Length of the buffer which tag points to. 327 CNcomment:tag指针指向的输出buff长度。CNend 328 * @param tag_len [OUT] type #hi_u32*,Length of the output tag. 329 CNcomment: 输出的tag数据长度。CNend. 330 * 331 * @retval #0 Success 332 * @retval #Other Failure, for details, see file hi_errno.h. 333 * @par 依赖: 334 * @li hi_cipher.h:Describes Cipher module APIs. 335 CNcomment:文件用于描述Cipher模块相关接口。CNend 336 * @see hi_cipher_aes_get_tag。 337 */ 338 hi_u32 hi_cipher_aes_get_tag(hi_u8 *tag, hi_u32 tag_buf_len, hi_u32 *tag_len); 339 340 /** 341 * @ingroup iot_cipher 342 * @brief Destory AES configures. CNcomment:AES算法销毁配置的参数CNend 343 * 344 * @par 描述: 345 * Destory AES configures. CNcomment:AES算法销毁配置的参数CNend 346 * 347 * @attention In pair with hi_cipher_aes_config.CNcomment:与参数配置成对使用CNend 348 * @param None 349 350 * @retval #0 Success 351 * @retval #Other Failure, for details, see file hi_errno.h. 352 * @par 依赖: 353 * @li hi_cipher.h:Describes Cipher module APIs. 354 CNcomment:文件用于描述Cipher模块相关接口。CNend 355 * @see hi_cipher_aes_destroy_config。 356 */ 357 hi_u32 hi_cipher_aes_destroy_config(hi_void); 358 359 /** 360 * @ingroup iot_cipher 361 * @brief Settings of HASH/HMAC, if execution success, hi_cipher_hash_final must be called to release 362 resources.CNcomment:HASH/HMAC算法参数配置,执行成功后必须调用hi_cipher_hash_final接口释放资源。CNend 363 * 364 * @par 描述: 365 * Settings of HASH/HMAC, this function should be called before calculating. 366 CNcomment:HASH/HMAC算法参数配置,HASH/HMAC计算前调用 367 * 368 * @attention None 369 * @param atts [IN] type #const hi_cipher_hash_atts *,HASH attribute.CNcomment:HASH算法类型配置。CNend 370 371 * @retval #0 Success 372 * @retval #Other Failure, for details, see file hi_errno.h. 373 * @par 依赖: 374 * @li hi_cipher.h:Describes Cipher module APIs. 375 CNcomment:文件用于描述Cipher模块相关接口。CNend 376 * @see hi_cipher_hash_start。 377 */ 378 hi_u32 hi_cipher_hash_start(const hi_cipher_hash_atts *atts); 379 380 /** 381 * @ingroup iot_cipher 382 * @brief Calculating by HASH/HMAC, if execution success, hi_cipher_hash_final must be called to release 383 resources.CNcomment:HASH/HMAC计算,执行成功后必须调用hi_cipher_hash_final接口释放资源。CNend 384 * 385 * @par 描述: 386 * Hash calculation. Multiple segments can be calculated. HMAC calculation supports only single-segment 387 calculation.CNcomment:HASH计算,支持多段计算,HMAC计算只支持单段计算。CNend 388 * 389 * @attention None 390 * @param src_addr [IN] type #uintptr_t,Data address to be calculated by HASH. 391 CNcomment:待HASH计算的数据地址。CNend 392 * @param length [IN] type #hi_u32,Data length to be calculated by HASH. 393 CNcomment:待HASH计算的数据长度。CNend 394 * 395 * @retval #0 Success 396 * @retval #Other Failure, for details, see file hi_errno.h. 397 * @par 依赖: 398 * @li hi_cipher.h:Describes Cipher module APIs. 399 CNcomment:文件用于描述Cipher模块相关接口。CNend 400 * @see hi_cipher_hash_update。 401 */ 402 hi_u32 hi_cipher_hash_update(uintptr_t src_addr, hi_u32 length); 403 404 /** 405 * @ingroup iot_cipher 406 * @brief HASH/HMAC calculation finished.CNcomment:HASH/HMAC计算结束CNend 407 * 408 * @par 描述: 409 * Ouput results after HASH/HMAC finished calculating.CNcomment:HASH/HMAC计算结束, 410 输出计算结果。CNend 411 * 412 * @attention None 413 * 414 * @param out [OUT] type #hi_u8 *,Pointer to the output of the HASH/HMAC calculation result. 415 CNcomment:HASH/HMAC计算结果输出指针。CNend 416 * @param out_len [IN] type #hi_u32,HASH/HMAC The output pointer of the calculation result points to 417 * the space length. The output length must be greater than or equal to 32 bytes. 418 CNcomment:HASH/HMAC计算结果输出指针指向空间长度,要求输出长度满足不小于32bytes。CNend 419 * 420 * @retval #0 Success 421 * @retval #Other Failure, for details, see file hi_errno.h. 422 * @par 依赖: 423 * @li hi_cipher.h:Describes Cipher module APIs. 424 CNcomment:文件用于描述Cipher模块相关接口。CNend 425 * @see hi_cipher_hash_final。 426 */ 427 hi_u32 hi_cipher_hash_final(hi_u8 *out, hi_u32 out_len); 428 429 /** 430 * @ingroup iot_cipher 431 * @brief HASH calculation.CNcomment:HASH计算CNend 432 * 433 * @par 描述: 434 * Performs hash calculation on a segment of data and outputs the hash result. 435 CNcomment:对一段数据做HASH计算,并输出HASH结果。CNend 436 * 437 * @attention None 438 * 439 * @param input [IN] type #uintptr_t,Enter the data address. The address must be 4-bytes-aligned. 440 CNcomment:输入数据地址,地址要求4对齐。CNend 441 * @param input_len [IN] type #hi_u32, Input data length.CNcomment:输入数据长度。CNend 442 * @param hash [OUT] type #hi_u8 *,Output the hash result. The length is 32 bytes. 443 CNcomment:输出HASH结果, 长度为 32 bytes。CNend 444 * @param hash_len [IN] type #hi_u32, BUF length of the hash result. The value must be greater than or 445 * equal to 32 bytes.CNcomment:输出HASH结果的BUF长度,需要满足不小于32bytes。CNend 446 * 447 * @retval #0 Success 448 * @retval #Other Failure, for details, see file hi_errno.h. 449 * @par 依赖: 450 * @li hi_cipher.h:Describes Cipher module APIs. 451 CNcomment:文件用于描述Cipher模块相关接口。CNend 452 * @see hi_cipher_hash_sha256。 453 */ 454 hi_u32 hi_cipher_hash_sha256(uintptr_t input, hi_u32 input_len, hi_u8 *hash, hi_u32 hash_len); 455 456 /** 457 * @ingroup iot_cipher 458 * @brief KDF calculation.CNcomment:KDF算法计算。CNend 459 * 460 * @par 描述: 461 * KDF calculation.CNcomment:KDF算法计算。CNend 462 * 463 * @attention None 464 * @param ctrl [IN] type #hi_cipher_kdf_ctrl*,Poninter to KDF algorithm parameter configuration 465 control structure.CNcomment:KDF算法参数配置控制结构体。CNend 466 * 467 * @retval #0 Success 468 * @retval #Other Failure, for details, see file hi_errno.h. 469 * @par 依赖: 470 * @li hi_cipher.h:Describes Cipher module APIs. 471 CNcomment:文件用于描述Cipher模块相关接口。CNend 472 * @see hi_cipher_kdf_key_derive。 473 */ 474 hi_u32 hi_cipher_kdf_key_derive(hi_cipher_kdf_ctrl *ctrl); 475 476 /** 477 * @ingroup iot_cipher 478 * @brief Rsa signature.CNcomment:Rsa 签名CNend 479 * 480 * @par 描述: 481 * Rsa signature and output of the signature result.CNcomment:Rsa签名,输出签名结果。CNend 482 * 483 * @attention None 484 * @param rsa_sign [IN] type #hi_cipher_rsa_sign *,Pointer to RSA signature structure. 485 CNcomment:Rsa签名算法结构体。CNend 486 * @param hash_data [IN] type #const hi_u8 *,Indicates the hash data to be signed. 487 CNcomment:待签名的HASH数据。CNend 488 * @param hash_data_len [IN] type #hi_u32, Length of the hash data to be signed, 32 bytes data. 489 CNcomment:待签名的HASH数据的长度,32bytes数据。CNend 490 * @param sign [OUT] type #const hi_cipher_output *,Signature result output structure. The length 491 * of the output signature result is the length of the key. 492 CNcomment:签名结果输出结构体,输出的签名结果长度为key的长度。CNend 493 * 494 * @retval #0 Success 495 * @retval #Other Failure, for details, see file hi_errno.h. 496 * @par 依赖: 497 * @li hi_cipher.h:Describes Cipher module APIs. 498 CNcomment:文件用于描述Cipher模块相关接口。CNend 499 * @see hi_cipher_rsa_sign_hash。 500 */ 501 hi_u32 hi_cipher_rsa_sign_hash(const hi_cipher_rsa_sign *rsa_sign, const hi_u8 *hash_data, hi_u32 hash_data_len, 502 const hi_cipher_output *sign); 503 504 /** 505 * @ingroup iot_cipher 506 * @brief Rsa Signature Verification.CNcomment:Rsa 签名结果校验CNend 507 * 508 * @par 描述: 509 * Rsa Signature Verification.CNcomment:Rsa 签名结果校验。CNend 510 * 511 * @attention None 512 * @param rsa_verify [IN] type #hi_cipher_rsa_verify *,Structure of the Rsa signature result 513 * verification algorithm.CNcomment:Rsa签名结果校验算法结构体。CNend 514 * @param hash [IN] type #const hi_u8 *,Hash data to be checked. 515 CNcomment:待校验的HASH数据。CNend 516 * @param hash_len [IN] type #hi_u32, Indicates the length of the hash data to be verified. 517 * The value is 32 bytes valid data. 518 CNcomment:待校验的HASH数据的长度,为32bytes有效数据。CNend 519 * @param sign [IN] type #const hi_u8 *,Signature input pointer.CNcomment:签名输入指针。CNend 520 * @param sign_len [IN] type #hi_u32,Length of the signature result. The length is the same as the 521 * length of the key.CNcomment:签名结果长度, 长度与key的长度相同。CNend 522 * 523 * @retval #0 Success 524 * @retval #Other Failure, for details, see file hi_errno.h. 525 * @par 依赖: 526 * @li hi_cipher.h:Describes Cipher module APIs. 527 CNcomment:文件用于描述Cipher模块相关接口。CNend 528 * @see hi_cipher_rsa_verify_hash。 529 */ 530 hi_u32 hi_cipher_rsa_verify_hash(const hi_cipher_rsa_verify *rsa_verify, const hi_u8 *hash, hi_u32 hash_len, 531 const hi_u8 *sign, hi_u32 sign_len); 532 533 /** 534 * @ingroup iot_cipher 535 * @brief Ecdsa signature.CNcomment:Ecdsa 签名CNend 536 * 537 * @par 描述: 538 * Ecdsa signature and output of the signature result.CNcomment:Ecdsa 签名,输出签名结果。CNend 539 * 540 * @attention None 541 * @param ecc [IN] type #const hi_cipher_ecc_param *,ECC elliptic curve parameter. If the 542 * length is less than the size of the key, add 0 before the key.CNcomment:ECC椭圆曲线 543 参数,长度不足Key的大小,前面补0。CNend 544 * @param sign [IN/OUT] type #const hi_cipher_ecc_sign *,Pointer to private key of ECDH. 545 CNcomment:ECDH私钥签名结构体。CNend 546 * 547 * @retval #0 Success 548 * @retval #Other Failure, for details, see file hi_errno.h. 549 * @par 依赖: 550 * @li hi_cipher.h:Describes Cipher module APIs. 551 CNcomment:文件用于描述Cipher模块相关接口。CNend 552 * @see hi_cipher_ecc_sign_hash。 553 */ 554 hi_u32 hi_cipher_ecc_sign_hash(const hi_cipher_ecc_param *ecc, const hi_cipher_ecc_sign *sign); 555 556 /** 557 * @ingroup iot_cipher 558 * @brief Ecdsa Signature Verification.CNcomment:Ecdsa 签名结果校验CNend 559 * 560 * @par 描述: 561 * Ecdsa Signature Verification.CNcomment:Ecdsa 签名结果校验。CNend 562 * 563 * @attention None 564 * @param ecc [IN] type #const hi_cipher_ecc_param *,ECC elliptic curve parameter. If the length 565 * is less than the size of the key, add 0 before the key. 566 CNcomment:ECC椭圆曲线参数,长度不足Key的大小,前面补0。CNend 567 * @param verify [IN] type #const hi_cipher_ecc_verify *,Pointer to structure of the ECC public key 568 * verification parameter.CNcomment:ECC公钥验证参数结构体。CNend 569 * 570 * @retval #0 Success 571 * @retval #Other Failure, for details, see file hi_errno.h. 572 * @par 依赖: 573 * @li hi_cipher.h:Describes Cipher module APIs. 574 CNcomment:文件用于描述Cipher模块相关接口。CNend 575 * @see hi_cipher_ecc_sign_hash。 576 */ 577 hi_u32 hi_cipher_ecc_verify_hash(const hi_cipher_ecc_param *ecc, const hi_cipher_ecc_verify *verify); 578 579 /** 580 * @ingroup iot_cipher 581 * @brief TRNG Obtain a random number.CNcomment:TRNG获取随机数CNend 582 * 583 * @par 描述: 584 * TRNG Obtain a random number. Only one word size can be obtained at a time. 585 CNcomment:TRNG获取随机数,每次只能获取一个WORD大小的随机数。CNend 586 * 587 * @attention None 588 * @param randnum [OUT] type #hi_u32 *,Random number output pointer. 589 CNcomment:随机数输出指针。CNend 590 * 591 * @retval #0 Success 592 * @retval #Other Failure, for details, see file hi_errno.h. 593 * @par 依赖: 594 * @li hi_cipher.h:Describes Cipher module APIs. 595 CNcomment:文件用于描述Cipher模块相关接口。CNend 596 * @see hi_cipher_trng_get_random。 597 */ 598 hi_u32 hi_cipher_trng_get_random(hi_u32 *randnum); 599 600 /** 601 * @ingroup iot_cipher 602 * @brief TRNG Obtain a random number.CNcomment:TRNG获取随机数CNend 603 * 604 * @par 描述: 605 * The TRNG obtains the random number and obtains the random number of multiple bytes at a time. 606 CNcomment:TRNG获取随机数,每次获取多个byte的随机数。CNend 607 * 608 * @attention None 609 * @param randbyte [OUT] type #hi_u8 *,Random number output pointer. 610 CNcomment:随机数输出指针。CNend 611 * @param size [IN] type #hi_u32,Length of the obtained random number. 612 CNcomment:获取的随机数长度。CNend 613 * 614 * @retval #0 Success 615 * @retval #Other Failure, for details, see file hi_errno.h. 616 * @par 依赖: 617 * @li hi_cipher.h:Describes Cipher module APIs. 618 CNcomment:文件用于描述Cipher模块相关接口。CNend 619 * @see hi_cipher_trng_get_random。 620 */ 621 hi_u32 hi_cipher_trng_get_random_bytes(hi_u8 *randbyte, hi_u32 size); 622 623 /** 624 * @ingroup iot_cipher 625 * @brief Set the clock switch of cipher module.CNcomment:设置cipher模块时钟切换开关。CNend 626 * 627 * @par 描述: 628 * Set the clock switch of cipher module, which is false by default, The clock is always on. 629 When it is true, clock will be turned on when cipher algorithm is used and turned off when calculation is finished. 630 CNcomment:设置cipher模块时钟切换开关,默认为FALSE,时钟常开,设为TRUE后在使用cipher算法时打开,计算结束后关闭。CNend 631 * 632 * @attention None 633 * @param enable [IN] type #hi_bool,Random number output pointer. 634 CNcomment:随机数输出指针。CNend 635 * 636 * @retval None 637 * @par 依赖: 638 * @li hi_cipher.h:Describes Cipher module APIs. 639 CNcomment:文件用于描述Cipher模块相关接口。CNend 640 * @see hi_cipher_set_clk_ctrl。 641 */ 642 hi_void hi_cipher_set_clk_switch(hi_bool enable); 643 644 #ifdef __cplusplus 645 #if __cplusplus 646 } 647 #endif 648 #endif /* __cplusplus */ 649 650 #endif /* __HI_CIPHER_H__ */ 651 652