Documentation ¶
Overview ¶
Package dcp implements a driver for the NXP Data Co-Processor (DCP) cryptographic accelerator adopting the following reference specifications:
- MCIMX28RM - i.MX28 Applications Processor Reference Manual - Rev 2 2013/08
This package is only meant to be used with `GOOS=tamago GOARCH=arm` as supported by the TamaGo framework for bare metal Go on ARM SoCs, see https://github.com/usbarmory/tamago.
Index ¶
- Constants
- type DCP
- func (hw *DCP) CipherChain(buf []byte, ivs []byte, count int, size int, index int, enc bool) (err error)
- func (hw *DCP) Decrypt(buf []byte, index int, iv []byte) (err error)
- func (hw *DCP) DeriveKey(diversifier []byte, iv []byte, index int) (key []byte, err error)
- func (hw *DCP) Encrypt(buf []byte, index int, iv []byte) (err error)
- func (hw *DCP) Init()
- func (hw *DCP) New256() (Hash, error)
- func (hw *DCP) SetKey(index int, key []byte) (err error)
- func (hw *DCP) Sum256(data []byte) (sum [32]byte, err error)
- type Hash
- type WorkPacket
Constants ¶
const ( DCP_CTRL = 0x00 CTRL_SFTRST = 31 CTRL_CLKGATE = 30 DCP_STAT = 0x10 DCP_STAT_CLR = 0x18 DCP_STAT_IRQ = 0 DCP_CHANNELCTRL = 0x0020 DCP_KEY = 0x0060 KEY_INDEX = 4 KEY_SUBWORD = 0 DCP_KEYDATA = 0x0070 DCP_CH0CMDPTR = 0x0100 DCP_CH0SEMA = 0x0110 DCP_CH0STAT = 0x0120 CHxSTAT_ERROR_CODE = 16 CHxSTAT_ERROR_MASK = 0b1111110 DCP_CH0STAT_CLR = 0x0128 )
DCP registers
const ( DCP_CHANNEL_0 = iota + 1 DCP_CHANNEL_1 DCP_CHANNEL_2 DCP_CHANNEL_3 )
DCP channels
const ( DCP_CTRL0_HASH_TERM = 13 DCP_CTRL0_HASH_INIT = 12 DCP_CTRL0_OTP_KEY = 10 DCP_CTRL0_CIPHER_INIT = 9 DCP_CTRL0_CIPHER_ENCRYPT = 8 DCP_CTRL0_ENABLE_HASH = 6 DCP_CTRL0_ENABLE_CIPHER = 5 DCP_CTRL0_CHAIN = 2 DCP_CTRL0_DECR_SEMAPHORE = 1 DCP_CTRL0_INTERRUPT_ENABL = 0 DCP_CTRL1_HASH_SELECT = 16 HASH_SELECT_SHA1 = 0x00 HASH_SELECT_CRC32 = 0x01 HASH_SELECT_SHA256 = 0x02 DCP_CTRL1_KEY_SELECT = 8 KEY_SELECT_UNIQUE_KEY = 0xfe DCP_CTRL1_CIPHER_MODE = 4 CIPHER_MODE_CBC = 0x01 DCP_CTRL1_CIPHER_SELECT = 0 CIPHER_SELECT_AES128 = 0x00 )
DCP control packet settings
const WorkPacketLength = 32
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DCP ¶
type DCP struct { sync.Mutex // Base register Base uint32 // Clock gate register CCGR uint32 // Clock gate CG int // DeriveKeyMemory represents the DMA memory region used for exchanging DCP // derived keys when the derivation index points to an internal DCP key RAM // slot. The memory region must be initialized before DeriveKey(). // // It is recommended to use a DMA region within the internal RAM (e.g. // i.MX6 On-Chip OCRAM/iRAM) to avoid exposure to external RAM. // // The DeriveKey() function uses DeriveKeyMemory only if the default // DMA region start does not overlap with it. DeriveKeyMemory *dma.Region // contains filtered or unexported fields }
DCP represents the Data Co-Processor instance.
func (*DCP) CipherChain ¶
func (hw *DCP) CipherChain(buf []byte, ivs []byte, count int, size int, index int, enc bool) (err error)
CipherChain performs chained in-place buffer encryption/decryption using AES-128-CBC, the key can be selected with the index argument from one previously set with SetKey().
The function expects a byte array with concatenated input data and a byte array with concatenated initialization vectors, the count and size arguments should reflect the number of slices, each to be ciphered and with the corresponding initialization vector slice.
func (*DCP) Decrypt ¶
Decrypt performs in-place buffer decryption using AES-128-CBC, the key can be selected with the index argument from one previously set with SetKey().
func (*DCP) DeriveKey ¶
DeriveKey derives a hardware unique key in a manner equivalent to PKCS#11 C_DeriveKey with CKM_AES_CBC_ENCRYPT_DATA.
The diversifier is AES-128-CBC encrypted using the internal OTPMK (when SNVS is enabled).
*WARNING*: when SNVS is not enabled a default non-unique test vector is used and therefore key derivation is *unsafe*, see snvs.Available().
A negative index argument results in the derived key being computed and returned.
An index argument equal or greater than 0 moves the derived key, through DeriveKeyMemory, to the corresponding internal DCP key RAM slot (see SetKey()). In this case no key is returned by the function.
func (*DCP) Encrypt ¶
Encrypt performs in-place buffer encryption using AES-128-CBC, the key can be selected with the index argument from one previously set with SetKey().
func (*DCP) New256 ¶
New256 returns a new Digest computing the SHA256 checksum.
A single DCP channel is used for all operations, this entails that only one digest instance can be kept at any given time, if this condition is not met an error is returned.
The digest instance starts with New256() and terminates when when Sum() is invoked, after which the digest state can no longer be changed.
type Hash ¶
type Hash interface { // Write (via the embedded io.Writer interface) adds more data to the running hash. // It can return an error. It returns an error if Sum has been already invoked. io.Writer // Sum appends the current hash to b and returns the resulting slice. // Its invocation terminates the digest instance, for this reason Write // will return errors after Sum is invoked. Sum(b []byte) ([]byte, error) // BlockSize returns the hash's underlying block size. // The Write method must be able to accept any amount // of data, but it may operate more efficiently if all writes // are a multiple of the block size. BlockSize() int }
Hash is the common interface to DCP hardware backed hash functions.
While similar to Go native hash.Hash, this interface is not fully compatible with it as hardware errors must be checked and checksum computation affects state.
type WorkPacket ¶
type WorkPacket struct { NextCmdAddr uint32 Control0 uint32 Control1 uint32 SourceBufferAddress uint32 DestinationBufferAddress uint32 BufferSize uint32 PayloadPointer uint32 Status uint32 }
WorkPacket represents a DCP work packet (p1067, 13.2.6.4 Work Packet Structure, MCIMX28RM).
func (*WorkPacket) Bytes ¶
func (pkt *WorkPacket) Bytes() []byte
Bytes converts the DCP work packet structure to byte array format.
func (*WorkPacket) SetCipherDefaults ¶
func (pkt *WorkPacket) SetCipherDefaults()
SetCipherDefaults initializes default values for a DCP work packet that performs cipher operation.
func (*WorkPacket) SetHashDefaults ¶
func (pkt *WorkPacket) SetHashDefaults()
SetHashDefaults initializes default values for a DCP work packet that performs hash operation.