1 /** 2 * Copyright (c) 2020 HiSilicon (Shanghai) Technologies CO., LIMITED. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 * 15 * Description: Provides KM driver header \n 16 * 17 * History: \n 18 * 2023-03-14, Create file. \n 19 */ 20 #ifndef KM_H 21 #define KM_H 22 23 #include <stdint.h> 24 #include <stdbool.h> 25 #include "errcode.h" 26 27 #ifdef __cplusplus 28 #if __cplusplus 29 extern "C" { 30 #endif 31 #endif 32 33 /** 34 * @defgroup security_unified_km KM 35 * @ingroup drivers_driver_security_unified 36 * @{ 37 */ 38 39 /** 40 * @if Eng 41 * @brief Keyslot type selection. 42 * @else 43 * @brief keyslot 类型选择。 44 * @endif 45 */ 46 typedef enum { 47 UAPI_DRV_KEYSLOT_TYPE_MCIPHER = 0, 48 UAPI_DRV_KEYSLOT_TYPE_HMAC, 49 UAPI_DRV_KEYSLOT_TYPE_FLASH, 50 } uapi_drv_keyslot_type_t; 51 52 /** 53 * @if Eng 54 * @brief Root key selection during KDF key derivation. 55 * @else 56 * @brief KDF 密钥派生时根密钥选择。 57 * @endif 58 */ 59 typedef enum { 60 UAPI_DRV_KDF_OTP_KEY_MRK1 = 0, 61 UAPI_DRV_KDF_OTP_KEY_USK, 62 UAPI_DRV_KDF_OTP_KEY_RUSK 63 } uapi_drv_kdf_otp_key_t; 64 65 /** 66 * @if Eng 67 * @brief Symmetric algorithm selection during KDF key derivation. 68 * @else 69 * @brief KDF 密钥派生时对称算法选择。 70 * @endif 71 */ 72 typedef enum { 73 UAPI_DRV_KDF_UPDATE_ALG_AES = 0, 74 UAPI_DRV_KDF_UPDATE_ALG_SM4 75 } uapi_drv_kdf_update_alg_t; 76 77 /** 78 * @if Eng 79 * @brief Select the derived key type during KDF key derivation. 80 * @else 81 * @brief KDF 密钥派生时派生key类型选择。 82 * @endif 83 */ 84 typedef enum { 85 UAPI_DRV_KDF_HARD_KEY_TYPE_SBRK0 = 0x03000000, 86 UAPI_DRV_KDF_HARD_KEY_TYPE_SBRK1, 87 UAPI_DRV_KDF_HARD_KEY_TYPE_SBRK2, 88 UAPI_DRV_KDF_HARD_KEY_TYPE_ABRK0, 89 UAPI_DRV_KDF_HARD_KEY_TYPE_ABRK1, 90 UAPI_DRV_KDF_HARD_KEY_TYPE_ABRK2, 91 UAPI_DRV_KDF_HARD_KEY_TYPE_DRK0, 92 UAPI_DRV_KDF_HARD_KEY_TYPE_DRK1, 93 UAPI_DRV_KDF_HARD_KEY_TYPE_RDRK0, 94 UAPI_DRV_KDF_HARD_KEY_TYPE_RDRK1, 95 UAPI_DRV_KDF_HARD_KEY_TYPE_PSK, 96 UAPI_DRV_KDF_HARD_KEY_TYPE_FDRK0, 97 UAPI_DRV_KDF_HARD_KEY_TYPE_ODRK0, 98 UAPI_DRV_KDF_HARD_KEY_TYPE_ODRK1, 99 UAPI_DRV_KDF_HARD_KEY_TYPE_OARK0, 100 UAPI_DRV_KDF_HARD_KEY_TYPE_MDRK0, 101 UAPI_DRV_KDF_HARD_KEY_TYPE_MDRK1, 102 UAPI_DRV_KDF_HARD_KEY_TYPE_MDRK2, 103 UAPI_DRV_KDF_HARD_KEY_TYPE_MDRK3, 104 105 UAPI_DRV_KDF_HARD_KEY_TYPE_ABRK_REE, 106 UAPI_DRV_KDF_HARD_KEY_TYPE_ABRK_TEE, 107 UAPI_DRV_KDF_HARD_KEY_TYPE_RDRK_REE, 108 UAPI_DRV_KDF_HARD_KEY_TYPE_RDRK_TEE, 109 } uapi_drv_kdf_hard_key_type_t; 110 111 /** 112 * @if Eng 113 * @brief KDF key derivation, hash algorithm selection when the hardware PBKDF2 algorithm is used. 114 * @else 115 * @brief KDF 密钥派生,硬件PBKDF2算法时HASH算法选择。 116 * @endif 117 */ 118 typedef enum { 119 UAPI_DRV_KDF_HARD_ALG_SHA256 = 0, 120 UAPI_DRV_KDF_HARD_ALG_SM3, 121 UAPI_DRV_KDF_HARD_ALG_MAX 122 } uapi_drv_kdf_hard_alg_t; 123 124 /** 125 * @if Eng 126 * @brief The klad target module's algorithm engine, determining the algorithm supported by the sent key. 127 * @else 128 * @brief klad 目标模块算法引擎,决定送出的 key 支持哪个算法。 129 * @endif 130 */ 131 typedef enum { 132 UAPI_DRV_KLAD_ENGINE_AES = 0x20, 133 UAPI_DRV_KLAD_ENGINE_LAE = 0x40, 134 UAPI_DRV_KLAD_ENGINE_SM4 = 0x50, 135 UAPI_DRV_KLAD_ENGINE_TDES = 0x70, 136 UAPI_DRV_KLAD_ENGINE_SHA1_HMAC = 0xA0, 137 UAPI_DRV_KLAD_ENGINE_SHA2_HMAC = 0xA1, 138 UAPI_DRV_KLAD_ENGINE_SM3_HMAC = 0xA2, 139 UAPI_DRV_KLAD_ENGINE_MAX 140 } uapi_drv_klad_engine_t; 141 142 /** 143 * @if Eng 144 * @brief The klad target module,determining the module to which the key is sent. 145 * @else 146 * @brief klad 目标模块,决定 key 送给哪个模块使用。 147 * @endif 148 */ 149 typedef enum { 150 UAPI_DRV_KLAD_DEST_MCIPHER = 0, 151 UAPI_DRV_KLAD_DEST_HMAC, 152 UAPI_DRV_KLAD_DEST_FLASH, 153 UAPI_DRV_KLAD_DEST_NPU, 154 UAPI_DRV_KLAD_DEST_AIDSP, 155 UAPI_DRV_KLAD_DEST_MAX, 156 } uapi_drv_klad_dest_t; 157 158 /** 159 * @if Eng 160 * @brief Flash online decryption mode, determining the mode used after the key is sent. 161 * @else 162 * @brief Flash 在线解密模式,决定送 key 后使用哪种模式 163 * @endif 164 */ 165 typedef enum { 166 UAPI_DRV_KLAD_FLASH_KEY_TYPE_REE_DEC = 0x00, /* REE flash online decryption key */ 167 UAPI_DRV_KLAD_FLASH_KEY_TYPE_TEE_DEC, /* TEE flash online decryption key */ 168 UAPI_DRV_KLAD_FLASH_KEY_TYPE_TEE_AUT, /* TEE flash online authentication key */ 169 UAPI_DRV_KLAD_FLASH_KEY_TYPE_INVALID, 170 } uapi_drv_klad_flash_key_type_t; 171 172 /** 173 * @if Eng 174 * @brief Symmetric key length. Determines the length of the final working key. 175 * @else 176 * @brief 对称密钥长度。决定了最终的工作密钥的长度 177 * @endif 178 */ 179 typedef enum { 180 UAPI_DRV_KLAD_KEY_SIZE_128BIT, 181 UAPI_DRV_KLAD_KEY_SIZE_192BIT, 182 UAPI_DRV_KLAD_KEY_SIZE_256BIT, 183 UAPI_DRV_KLAD_KEY_SIZE_INVALID = 0xffffffff 184 } uapi_drv_klad_key_size_t; 185 186 /** 187 * @if Eng 188 * @brief When the target engine is HMAC, determine the HAMC algorithm to be used. 189 * @note SHA1 and SHA224 are insecure and are not recommended.. 190 * @else 191 * @brief 当目标引擎为HMAC时,决定具体使用的HAMC算法。 192 * @note SHA1和SHA224模式不安全,不推荐使用. 193 * @endif 194 */ 195 typedef enum { 196 UAPI_DRV_KLAD_HMAC_TYPE_SHA1 = 0x20, 197 UAPI_DRV_KLAD_HMAC_TYPE_SHA224, 198 UAPI_DRV_KLAD_HMAC_TYPE_SHA256, 199 UAPI_DRV_KLAD_HMAC_TYPE_SHA384, 200 UAPI_DRV_KLAD_HMAC_TYPE_SHA512, 201 UAPI_DRV_KLAD_HMAC_TYPE_SM3 = 0x30, 202 UAPI_DRV_KLAD_HMAC_TYPE_MAX, 203 UAPI_DRV_KLAD_HMAC_TYPE_INVALID = 0xffffffff, 204 } uapi_drv_klad_hmac_type_t; 205 206 /** 207 * @if Eng 208 * @brief Clear key structure when klad sends a clear key. 209 * @else 210 * @brief klad送明文key时,明文key的结构。 211 * @endif 212 */ 213 typedef struct { 214 uint8_t *key; /*!< @if Eng Clear key content. 215 @else 明文key内容。 @endif */ 216 uint32_t key_length; /*!< @if Eng Length of the clear key, in bytes. 217 For the symmetric algorithm, the value can only be 16, 24, or 32. 218 For HMAC-SH1/SHA224/SHA256/SM3, the value cannot exceed 64. 219 For HMAC-SHA384/SHA512, the value cannot exceed 128. 220 @else 明文key长度,单位为字节。 对于对称算法,只能是16/24/32; 221 对于HMAC-SH1/SHA224/SHA256/SM3,长度不超过64; 222 对于HMAC-SHA384/SHA512,长度不超过128。@endif */ 223 bool key_parity; /*!< @if Eng Indicates the parity attribute of a key. 224 Valid when the target is a symmetric algorithm engine and key_length is set to 16. 225 @else key的奇偶属性。当目标为对称算法引擎且key_length为16时生效。 @endif */ 226 uapi_drv_klad_hmac_type_t hmac_type; /*!< @if Eng Indicates the HMAC algorithm. 227 Valid only when the target is the HMAC algorithm engine.. 228 @else hmac 算法。当目标为HMAC算法引擎时生效。 @endif */ 229 } uapi_drv_klad_clear_key_t; 230 231 /** 232 * @if Eng 233 * @brief Keyladder root key type selection. 234 * @else 235 * @brief Keyladder 根密钥类型选择。 236 * @endif 237 */ 238 typedef struct { 239 uapi_drv_kdf_hard_key_type_t rootkey_type; /*!< @if Eng Type of rootkey to generate. 240 @else 要生成的根密钥的类型。 @endif */ 241 } uapi_drv_klad_config_t; 242 243 /** 244 * @if Eng 245 * @brief Keyladder working key attribute configuration. 246 * @else 247 * @brief Keyladder 工作密钥属性配置。 248 * @endif 249 */ 250 typedef struct { 251 uapi_drv_klad_engine_t engine; /*!< @if Eng The working key can be used for which algorithm of the crypto engine. 252 @else 工作密钥可用于加密引擎的哪种算法。 @endif */ 253 bool decrypt_support; /*!< @if Eng The working key can be used for decrypting. 254 @else 工作密钥可用于解密。 @endif */ 255 bool encrypt_support; /*!< @if Eng The working key can be used for encrypting. 256 @else 工作密钥可用于加密。 @endif */ 257 } uapi_drv_klad_key_config_t; 258 259 /** 260 * @if Eng 261 * @brief Security attribute of the key. 262 when cipher work mode is CBC_MAC, dest_buf_sec_support and dest_buf_non_sec_support cannot be both false 263 * @else 264 * @brief key 的安全属性。 265 当加密工作模式为CBC_MAC时,dest_buf_sec_support和dest_buf_non_sec_support不能同时为false。 266 * @endif 267 */ 268 typedef struct { 269 bool key_sec; /*!< @if Eng Secure key can only be used by TEE CPU and AIDSP locked cipher and hash channel. 270 @else 安全密钥只能由TEE CPU和AIDSP锁定的对称通道或哈希通道使用。 @endif */ 271 bool master_only_enable; /*!< @if Eng Only the cipher or hash channel which is locked by same CPU as keyladder 272 can use this key, valid only for TEE CPU and AIDSP. 273 @else 只有与Keylader相同的CPU锁定的密码或哈希通道才能使用此密钥, 274 当TEE CPU或AIDSP时生效。 @endif */ 275 bool dest_buf_sec_support; /*!< @if Eng The destination buffer of target engine can be secure. 276 @else 目标引擎的目标缓冲区可以是安全的。 @endif */ 277 bool dest_buf_non_sec_support; /*!< @if Eng The destination buffer of target engine can be secure. 278 @else 目标引擎的目标缓冲区可以是非安全的。 @endif */ 279 bool src_buf_sec_support; /*!< @if Eng The destination buffer of target engine can be secure. 280 @else 目标引擎的源缓冲区可以是安全的。 @endif */ 281 bool src_buf_non_sec_support; /*!< @if Eng The destination buffer of target engine can be secure. 282 @else 目标引擎的源缓冲区可以是非安全的。 @endif */ 283 } uapi_drv_klad_key_secure_config_t; 284 285 /** 286 * @if Eng 287 * @brief Keyladder configuration attributes. 288 * @else 289 * @brief Keyladder 配置属性。 290 * @endif 291 */ 292 typedef struct { 293 uapi_drv_klad_config_t klad_cfg; /*!< @if Eng The keyladder configuration, valid for harware key. 294 @else KeyLader配置,对硬件密钥有效。 @endif */ 295 uapi_drv_klad_key_config_t key_cfg; /*!< @if Eng The working key configuration. 296 @else 工作密钥配置。 @endif */ 297 uapi_drv_klad_key_secure_config_t key_sec_cfg; /*!< @if Eng The working key security configuration. 298 @else 工作密钥安全配置。 @endif */ 299 uint32_t rkp_sw_cfg; /*!< @if Eng Used by the NPU module. 300 Other modules do not need to be configured. 301 @else NPU模块使用,其他模块不需要配置。 @endif */ 302 } uapi_drv_klad_attr_t; 303 304 /** 305 * @if Eng 306 * @brief Keyladder hardware key configuration attributes. 307 * @else 308 * @brief Keyladder硬件key参数配置。 309 * @endif 310 */ 311 typedef struct { 312 uapi_drv_kdf_hard_alg_t kdf_hard_alg; /*!< @if Eng HMAC algorithm used for key derivation. 313 @else key派生时使用的hmac算法。 @endif */ 314 bool key_parity; /*!< @if Eng Indicates the parity attribute of a key. 315 Valid when the target is a symmetric algorithm engine and key_length is set to 16. 316 @else key的奇偶属性。当目标为对称算法引擎且key_length为16时生效。 @endif */ 317 uapi_drv_klad_key_size_t key_size; /*!< @if Eng Length of the key to be derived. 318 @else 需要派生的key的长度。 @endif */ 319 uint8_t *salt; /*!< @if Eng Salt content. Used as user input materials for key derivation. 320 The final working key varies according to the salt value. 321 @else 盐值内容。作为用户输入材料参与密钥派生,盐值不同,最终的工作密钥也不同。 @endif */ 322 uint32_t salt_length; /*!< @if Eng Salt length, in bytes. It can only be 28. 323 @else 盐值长度,单位是字节。只能为28。 @endif */ 324 bool oneway; /*!< @if Eng Default zero. if set 1, you'll not generate the same key, 325 even if use the same derived materials. 326 @else 密钥派生的单一性,默认为0。如果设置为1,即使使用相同的密钥派生材料也无法派生出相同的密钥。 @endif */ 327 } uapi_drv_klad_effective_key_t; 328 329 /** 330 * @if Eng 331 * @brief KM initialization. 332 * @retval ERRCODE_SUCC Success. 333 * @retval Other Failure. For details, see @ref errcode_t 334 * @else 335 * @brief KM初始化。 336 * @retval ERRCODE_SUCC 成功。 337 * @retval Other 失败,参考 @ref errcode_t 。 338 * @endif 339 */ 340 errcode_t uapi_drv_km_init(void); 341 342 /** 343 * @if Eng 344 * @brief KM deinitialization. 345 * @retval ERRCODE_SUCC Success. 346 * @retval Other Failure. For details, see @ref errcode_t 347 * @else 348 * @brief KM去初始化。 349 * @retval ERRCODE_SUCC 成功。 350 * @retval Other 失败,参考 @ref errcode_t 。 351 * @endif 352 */ 353 errcode_t uapi_drv_km_deinit(void); 354 355 /** 356 * @if Eng 357 * @brief Creates a keyslot handle. 358 * @param [out] keyslot_handle The channel handle for storing key. 359 * @param [in] keyslot_type Key usage type. 360 * @retval ERRCODE_SUCC Success. 361 * @retval Other Failure. For details, see @ref errcode_t 362 * @else 363 * @brief 创建keyslot句柄。 364 * @param [out] keyslot_handle 用于保存key的句柄。 365 * @param [in] keyslot_type key的用途类型。 366 * @retval ERRCODE_SUCC 成功。 367 * @retval Other 失败,参考 @ref errcode_t 。 368 * @endif 369 */ 370 errcode_t uapi_drv_keyslot_create(uint32_t *keyslot_handle, uapi_drv_keyslot_type_t keyslot_type); 371 372 /** 373 * @if Eng 374 * @brief Destroy the keyslot handle. 375 * @param [in] keyslot_handle Channel handle of the key to be destroyed. 376 * @retval ERRCODE_SUCC Success. 377 * @retval Other Failure. For details, see @ref errcode_t 378 * @else 379 * @brief 销毁keyslot句柄。 380 * @param [in] keyslot_handle 要销毁的key的通道句柄。 381 * @retval ERRCODE_SUCC 成功。 382 * @retval Other 失败,参考 @ref errcode_t 。 383 * @endif 384 */ 385 errcode_t uapi_drv_keyslot_destroy(uint32_t keyslot_handle); 386 387 /** 388 * @if Eng 389 * @brief Creates a key ladder channel handle. 390 * @param [out] klad_handle Handle of the keyladder channel. 391 * @retval ERRCODE_SUCC Success. 392 * @retval Other Failure. For details, see @ref errcode_t 393 * @else 394 * @brief 创建keyladder通道句柄。 395 * @param [out] klad_handle keyladder通道句柄。 396 * @retval ERRCODE_SUCC 成功。 397 * @retval Other 失败,参考 @ref errcode_t 。 398 * @endif 399 */ 400 errcode_t uapi_drv_klad_create(uint32_t *klad_handle); 401 402 /** 403 * @if Eng 404 * @brief Destroy the key ladder channel handle. 405 * @param [in] klad_handle Handle of the keyladder channel to be destroyed. 406 * @retval ERRCODE_SUCC Success. 407 * @retval Other Failure. For details, see @ref errcode_t 408 * @else 409 * @brief 销毁keyladder通道句柄。 410 * @param [in] klad_handle 要销毁的keyladder通道句柄。 411 * @retval ERRCODE_SUCC 成功。 412 * @retval Other 失败,参考 @ref errcode_t 。 413 * @endif 414 */ 415 errcode_t uapi_drv_klad_destroy(uint32_t klad_handle); 416 417 /** 418 * @if Eng 419 * @brief Associate the keyslot handle with the klad handle. 420 * @param [in] klad_handle Handle of the key ladder channel to be associated. 421 * @param [in] klad_type Klad target module. 422 * @param [in] keyslot_handle Keyslot channel handle to be associated. 423 * @retval ERRCODE_SUCC Success. 424 * @retval Other Failure. For details, see @ref errcode_t 425 * @else 426 * @brief 将keyslot句柄与klad句柄关联上。 427 * @param [in] klad_handle 要关联的keyladder通道句柄。 428 * @param [in] klad_type klad 目标模块。 429 * @param [in] keyslot_handle 要关联的keyslot通道句柄。 430 * @retval ERRCODE_SUCC 成功。 431 * @retval Other 失败,参考 @ref errcode_t 。 432 * @endif 433 */ 434 errcode_t uapi_drv_klad_attach(uint32_t klad_handle, uapi_drv_klad_dest_t klad_type, uint32_t keyslot_handle); 435 436 /** 437 * @if Eng 438 * @brief Disassociate the keyslot handle from the klad handle. 439 * @param [in] klad_handle Handle of the key ladder channel to be deassociated. 440 * @param [in] klad_type Klad target module. 441 * @param [in] keyslot_handle Keyslot channel handle to be deassociated. 442 * @retval ERRCODE_SUCC Success. 443 * @retval Other Failure. For details, see @ref errcode_t 444 * @else 445 * @brief 将keyslot句柄与klad句柄解关联。 446 * @param [in] klad_handle 要解关联的keyladder通道句柄。 447 * @param [in] klad_type klad 目标模块。 448 * @param [in] keyslot_handle 要解关联的keyslot通道句柄。 449 * @retval ERRCODE_SUCC 成功。 450 * @retval Other 失败,参考 @ref errcode_t 。 451 * @endif 452 */ 453 errcode_t uapi_drv_klad_detach(uint32_t klad_handle, uapi_drv_klad_dest_t klad_type, uint32_t keyslot_handle); 454 455 /** 456 * @if Eng 457 * @brief Sets the attributes of the keyladder. 458 * @param [in] klad_handle Keyladder channel handle 459 * @param [in] attr Keyladder configuration attributes 460 * @retval ERRCODE_SUCC Success. 461 * @retval Other Failure. For details, see @ref errcode_t 462 * @else 463 * @brief 设置keyladder的属性。 464 * @param [in] klad_handle Keyladder通道句柄。 465 * @param [in] attr Keyladder配置属性。 466 * @retval ERRCODE_SUCC 成功。 467 * @retval Other 失败,参考 @ref errcode_t 。 468 * @endif 469 */ 470 errcode_t uapi_drv_klad_set_attr(uint32_t klad_handle, const uapi_drv_klad_attr_t *attr); 471 472 /** 473 * @if Eng 474 * @brief Gets the attributes of the keyladder. 475 * @param [in] klad_handle Keyladder channel handle 476 * @param [out] attr Keyladder configuration attributes 477 * @retval ERRCODE_SUCC Success. 478 * @retval Other Failure. For details, see @ref errcode_t 479 * @else 480 * @brief 获取keyladder的属性。 481 * @param [in] klad_handle Keyladder通道句柄。 482 * @param [out] attr Keyladder配置属性。 483 * @retval ERRCODE_SUCC 成功。 484 * @retval Other 失败,参考 @ref errcode_t 。 485 * @endif 486 */ 487 errcode_t uapi_drv_klad_get_attr(uint32_t klad_handle, uapi_drv_klad_attr_t *attr); 488 489 /** 490 * @if Eng 491 * @brief Sets effective key. 492 * @param [in] klad_handle Keyladder channel handle 493 * @param [out] key Effective key configuration attributes 494 * @retval ERRCODE_SUCC Success. 495 * @retval Other Failure. For details, see @ref errcode_t 496 * @else 497 * @brief 设置effective key。 498 * @param [in] klad_handle Keyladder通道句柄。 499 * @param [out] key Effective key配置属性。 500 * @retval ERRCODE_SUCC 成功。 501 * @retval Other 失败,参考 @ref errcode_t 。 502 * @endif 503 */ 504 errcode_t uapi_drv_klad_set_effective_key(uint32_t klad_handle, const uapi_drv_klad_effective_key_t *key); 505 506 /** 507 * @if Eng 508 * @brief Sets effective key. 509 * @param [in] klad_handle Keyladder channel handle 510 * @param [out] key Clear key configuration attributes 511 * @retval ERRCODE_SUCC Success. 512 * @retval Other Failure. For details, see @ref errcode_t 513 * @else 514 * @brief 设置clear key。 515 * @param [in] klad_handle Keyladder通道句柄。 516 * @param [out] key Clear key配置属性。 517 * @retval ERRCODE_SUCC 成功。 518 * @retval Other 失败,参考 @ref errcode_t 。 519 * @endif 520 */ 521 errcode_t uapi_drv_klad_set_clear_key(uint32_t klad_handle, const uapi_drv_klad_clear_key_t *key); 522 523 /** 524 * @if Eng 525 * @brief Km deob update. 526 * @param [in] otp_key Type of the OTP key to be updated 527 * @param [in] alg Algorithm type used by the update 528 * @retval ERRCODE_SUCC Success. 529 * @retval Other Failure. For details, see @ref errcode_t 530 * @else 531 * @brief 更新根密钥。 532 * @param [in] otp_key 要更新的密钥类型 533 * @param [in] alg 更新时的算法类型 534 * @retval ERRCODE_SUCC 成功 535 * @retval Other 失败,参考 @ref errcode_t 536 * @endif 537 */ 538 errcode_t uapi_drv_kdf_update(uapi_drv_kdf_otp_key_t otp_key, uapi_drv_kdf_update_alg_t alg); 539 540 /** 541 * @} 542 */ 543 544 #ifdef __cplusplus 545 #if __cplusplus 546 } 547 #endif 548 #endif 549 550 #endif 551