blob: 6bceb58f1662213102c7e624f95a8021e61f441e [file] [log] [blame]
// Copyright lowRISC contributors.
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENTITAN_SW_DEVICE_LIB_TESTING_KEYMGR_TESTUTILS_H_
#define OPENTITAN_SW_DEVICE_LIB_TESTING_KEYMGR_TESTUTILS_H_
#include "sw/device/lib/dif/dif_flash_ctrl.h"
#include "sw/device/lib/dif/dif_keymgr.h"
#include "sw/device/lib/dif/dif_kmac.h"
/**
* Versioned key parameters for testing.
*
* Change destination in order to sideload keys to hardware.
*/
static const dif_keymgr_versioned_key_params_t kKeyVersionedParams = {
.dest = kDifKeymgrVersionedKeyDestSw,
.salt =
{
0xb6521d8f,
0x13a0e876,
0x1ca1567b,
0xb4fb0fdf,
0x9f89bc56,
0x4bd127c7,
0x322288d8,
0xde919d54,
},
.version = 0x11,
};
/**
* Software binding value for advancing to creator root key state.
*/
static const dif_keymgr_state_params_t kCreatorParams = {
.binding_value = {0xdc96c23d, 0xaf36e268, 0xcb68ff71, 0xe92f76e2,
0xb8a8379d, 0x426dc745, 0x19f5cff7, 0x4ec9c6d6},
.max_key_version = 0x11,
};
/**
* Software binding value for advancing to owner intermediate key state.
*/
static const dif_keymgr_state_params_t kOwnerIntParams = {
.binding_value = {0xe4987b39, 0x3f83d390, 0xc2f3bbaf, 0x3195dbfa,
0x23fb480c, 0xb012ae5e, 0xf1394d28, 0x1940ceeb},
.max_key_version = 0xaa,
};
/**
* Struct to hold the creator or owner secrets for the key manager.
*/
typedef struct keymgr_testutils_secret {
uint32_t value[8];
} keymgr_testutils_secret_t;
/**
* Key manager Creator Secret stored in info flash page.
*/
static const keymgr_testutils_secret_t kCreatorSecret = {
.value = {0x4e919d54, 0x322288d8, 0x4bd127c7, 0x9f89bc56, 0xb4fb0fdf,
0x1ca1567b, 0x13a0e876, 0xa6521d8f}};
/**
* Key manager Owner Secret stored in info flash page.
*/
static const keymgr_testutils_secret_t kOwnerSecret = {.value = {
0xa6521d8f,
0x13a0e876,
0x1ca1567b,
0xb4fb0fdf,
0x9f89bc56,
0x4bd127c7,
0x322288d8,
0x4e919d54,
}};
/**
* Programs flash with secrets so that the keymgr can be advanced to
* CreatorRootKey state.
*
* This is normally a subfunction of keymgr_testutils_startup, but some tests
* use the function separately as well.
*
* @param flash An initialized flash_ctrl handle.
* @param creator_secret The creator secret to be programmed to flash.
* @param owner_secret The owner secret to be programmed to flash.
*
*/
void keymgr_testutils_flash_init(
dif_flash_ctrl_state_t *flash,
const keymgr_testutils_secret_t *creator_secret,
const keymgr_testutils_secret_t *owner_secret);
/**
* Programs flash, restarts, and advances keymgr to CreatorRootKey state.
*
* This procedure essentially gets the keymgr into the first state where it can
* be used for tests. Tests should call it before anything else, like below:
*
* void test_main(void) {
* // Set up and advance to CreatorRootKey state.
* dif_keymgr_t keymgr;
* dif_kmac_t kmac;
* keymgr_testutils_startup(&keymgr, &kmac);
*
* // Remainder of test; optionally advance to OwnerIntKey state, generate
* // keys and identities.
* ...
* }
*
* Because the key manager uses KMAC, this procedure also initializes and
* configures KMAC. Software should not rely on the configuration here and
* should reconfigure KMAC if needed. The purpose of configuring KMAC in this
* procedure is so that the key manager will not use KMAC with the default
* entropy settings.
*
* @param keymgr A key manager handle, may be uninitialized.
* @param kmac A KMAC handle, may be uninitialized.
*/
void keymgr_testutils_startup(dif_keymgr_t *keymgr, dif_kmac_t *kmac);
/**
* Issues a keymgr advance operation and wait for it to complete
*
* @param keymgr A key manager handle.
* @param params The binding and max key version value for the next state.
*/
void keymgr_testutils_advance_state(const dif_keymgr_t *keymgr,
const dif_keymgr_state_params_t *params);
/**
* Checks if the current keymgr state matches the expected state
*
* @param keymgr A key manager handle.
* @param exp_state The expected key manager state.
*/
void keymgr_testutils_check_state(const dif_keymgr_t *keymgr,
const dif_keymgr_state_t exp_state);
/**
* Issues a keymgr identity generation and wait for it to complete
*
* @param keymgr A key manager handle.
*/
void keymgr_testutils_generate_identity(const dif_keymgr_t *keymgr);
/**
* Issues a keymgr HW/SW versioned key generation and wait for it to complete
*
* @param keymgr A key manager handle.
* @param params Key generation parameters.
*/
void keymgr_testutils_generate_versioned_key(
const dif_keymgr_t *keymgr, const dif_keymgr_versioned_key_params_t params);
/**
* Issues a keymgr disable and wait for it to complete
*/
void keymgr_testutils_disable(const dif_keymgr_t *keymgr);
/**
* Polling keymgr status until it becomes idle.
* Fail the test if the status code indicates any error.
*
* @param keymgr A key manager handle.
*/
void keymgr_testutils_wait_for_operation_done(const dif_keymgr_t *keymgr);
#endif // OPENTITAN_SW_DEVICE_LIB_TESTING_KEYMGR_TESTUTILS_H_