[sw/silicon_creator] Add sigverify_keys_ptrs.h to mock keys stored in Mask ROM
Signed-off-by: Alphan Ulusoy <alphan@google.com>
diff --git a/sw/device/silicon_creator/mask_rom/sigverify_keys.c b/sw/device/silicon_creator/mask_rom/sigverify_keys.c
index f35f847..0c661cb 100644
--- a/sw/device/silicon_creator/mask_rom/sigverify_keys.c
+++ b/sw/device/silicon_creator/mask_rom/sigverify_keys.c
@@ -11,6 +11,7 @@
#include "sw/device/lib/base/hardened.h"
#include "sw/device/silicon_creator/lib/drivers/otp.h"
#include "sw/device/silicon_creator/lib/sigverify.h"
+#include "sw/device/silicon_creator/mask_rom/sigverify_keys_ptrs.h"
#include "otp_ctrl_regs.h"
@@ -151,8 +152,10 @@
rom_error_t sigverify_rsa_key_get(uint32_t key_id,
const sigverify_rsa_key_t **key) {
- for (size_t i = 0; i < kSigVerifyNumRsaKeys; ++i) {
- const sigverify_mask_rom_key_t *cand_key = &kSigVerifyRsaKeys[i];
+ const sigverify_mask_rom_key_t *keys = sigverify_rsa_keys_ptr_get();
+ size_t num_keys = sigverify_num_rsa_keys_get();
+ for (size_t i = 0; i < num_keys; ++i) {
+ const sigverify_mask_rom_key_t *cand_key = &keys[i];
if (sigverify_rsa_key_id_get(&cand_key->key.n) == key_id) {
RETURN_IF_ERROR(key_is_valid_in_otp(i));
*key = &cand_key->key;
@@ -161,3 +164,6 @@
}
return kErrorSigverifyBadKey;
}
+
+extern const sigverify_mask_rom_key_t *sigverify_rsa_keys_ptr_get(void);
+extern size_t sigverify_num_rsa_keys_get(void);
diff --git a/sw/device/silicon_creator/mask_rom/sigverify_keys.h b/sw/device/silicon_creator/mask_rom/sigverify_keys.h
index 98ec51d..fe44ce9 100644
--- a/sw/device/silicon_creator/mask_rom/sigverify_keys.h
+++ b/sw/device/silicon_creator/mask_rom/sigverify_keys.h
@@ -16,10 +16,6 @@
enum {
/**
- * Number of RSA public keys.
- */
- kSigVerifyNumRsaKeys = 2,
- /**
* Number of key validity entries per OTP word.
*
* Validity of each public key is encoded using a byte-sized
@@ -31,55 +27,6 @@
};
/**
- * Key types.
- *
- * The life cycle states in which a key can be used depend on its type.
- */
-typedef enum sigverify_key_type {
- /**
- * A key used for manufacturing, testing, and RMA.
- *
- * Keys of this type can be used only in TEST_UNLOCKED* and RMA life cycle
- * states.
- */
- kSigverifyKeyTypeTest,
- /**
- * A production key.
- *
- * Keys of this type can be used in all operational life cycle states, i.e.
- * states in which CPU execution is enabled.
- */
- kSigverifyKeyTypeProd,
- /**
- * A development key.
- *
- * Keys of this type can be used only in the DEV life cycle state.
- */
- kSigVerifyKeyTypeDev,
-} sigverify_key_type_t;
-
-/**
- * An RSA public key stored in mask ROM.
- */
-typedef struct sigverify_mask_rom_key {
- /**
- * An RSA public key.
- */
- sigverify_rsa_key_t key;
- /**
- * Type of the key.
- */
- sigverify_key_type_t key_type;
-} sigverify_mask_rom_key_t;
-
-/**
- * Public keys for signature verification.
- *
- * Note: Declared here to be able to use in tests.
- */
-extern const sigverify_mask_rom_key_t kSigVerifyRsaKeys[kSigVerifyNumRsaKeys];
-
-/**
* Returns the key with the given ID.
*
* This function also checks whether the key with the given ID is valid by
diff --git a/sw/device/silicon_creator/mask_rom/sigverify_keys_ptrs.h b/sw/device/silicon_creator/mask_rom/sigverify_keys_ptrs.h
new file mode 100644
index 0000000..36b0273
--- /dev/null
+++ b/sw/device/silicon_creator/mask_rom/sigverify_keys_ptrs.h
@@ -0,0 +1,104 @@
+// Copyright lowRISC contributors.
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+#ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_MASK_ROM_SIGVERIFY_KEYS_PTRS_H_
+#define OPENTITAN_SW_DEVICE_SILICON_CREATOR_MASK_ROM_SIGVERIFY_KEYS_PTRS_H_
+
+#include <stddef.h>
+
+#include "sw/device/silicon_creator/lib/sigverify_rsa_key.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif // __cplusplus
+
+enum {
+ /**
+ * Number of RSA public keys.
+ */
+ kSigVerifyNumRsaKeys = 2,
+};
+
+/**
+ * Key types.
+ *
+ * The life cycle states in which a key can be used depend on its type.
+ */
+typedef enum sigverify_key_type {
+ /**
+ * A key used for manufacturing, testing, and RMA.
+ *
+ * Keys of this type can be used only in TEST_UNLOCKED* and RMA life cycle
+ * states.
+ */
+ kSigverifyKeyTypeTest,
+ /**
+ * A production key.
+ *
+ * Keys of this type can be used in all operational life cycle states, i.e.
+ * states in which CPU execution is enabled.
+ */
+ kSigverifyKeyTypeProd,
+ /**
+ * A development key.
+ *
+ * Keys of this type can be used only in the DEV life cycle state.
+ */
+ kSigverifyKeyTypeDev,
+} sigverify_key_type_t;
+
+/**
+ * An RSA public key stored in mask ROM.
+ */
+typedef struct sigverify_mask_rom_key {
+ /**
+ * An RSA public key.
+ */
+ sigverify_rsa_key_t key;
+ /**
+ * Type of the key.
+ */
+ sigverify_key_type_t key_type;
+} sigverify_mask_rom_key_t;
+
+/**
+ * Public keys for signature verification.
+ *
+ * Note: Declared here to be able to use in tests.
+ */
+extern const sigverify_mask_rom_key_t kSigVerifyRsaKeys[kSigVerifyNumRsaKeys];
+
+#ifndef OT_OFF_TARGET_TEST
+
+/**
+ * Returns a pointer to the RSA public keys stored in the Mask ROM.
+ *
+ * @return Pointer to the RSA public keys.
+ */
+inline const sigverify_mask_rom_key_t *sigverify_rsa_keys_ptr_get(void) {
+ return kSigVerifyRsaKeys;
+}
+
+/**
+ * Returns the number of RSA public keys stored in the Mask ROM.
+ *
+ * @return Number of RSA public keys.
+ */
+inline size_t sigverify_num_rsa_keys_get(void) { return kSigVerifyNumRsaKeys; }
+
+#else
+
+/**
+ * Declarations for the functions above that should be defined in tests.
+ */
+const sigverify_mask_rom_key_t *sigverify_rsa_keys_ptr_get(void);
+size_t sigverify_num_rsa_keys_get(void);
+
+#endif
+
+#ifdef __cplusplus
+} // extern "C"
+#endif // __cplusplus
+
+#endif // OPENTITAN_SW_DEVICE_SILICON_CREATOR_MASK_ROM_SIGVERIFY_KEYS_PTRS_H_
diff --git a/sw/device/silicon_creator/mask_rom/sigverify_keys_unittest.cc b/sw/device/silicon_creator/mask_rom/sigverify_keys_unittest.cc
index 730fbc1..2332f01 100644
--- a/sw/device/silicon_creator/mask_rom/sigverify_keys_unittest.cc
+++ b/sw/device/silicon_creator/mask_rom/sigverify_keys_unittest.cc
@@ -16,6 +16,7 @@
#include "sw/device/silicon_creator/lib/mock_sigverify_mod_exp_otbn.h"
#include "sw/device/silicon_creator/lib/sigverify.h"
#include "sw/device/silicon_creator/lib/sigverify_mod_exp.h"
+#include "sw/device/silicon_creator/mask_rom/sigverify_keys_ptrs.h"
#include "otp_ctrl_regs.h"
