# Security **Detailed Description** This section contains APIs related to security management. - *group* Telematics\_sec\_mgmt - Typedefs - using CryptoOperationTypes = int32\_t - List of operation types consisting of entries from [CryptoOperation](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga93dfc1d527f9631f2c05cb1c178d041a.html#a00004_1ga93dfc1d527f9631f2c05cb1c178d041a). Multiple values can be OR’ed together, for example, (CRYPTO\_OP\_ENCRYPT | CRYPTO\_OP\_DECRYPT). - using BlockModeTypes = int32\_t - List of block mode types consisting of entries from [BlockMode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga0a6d52c70549af3650df1c34f8bad138.html#a00004_1ga0a6d52c70549af3650df1c34f8bad138). Multiple values can be OR’ed together, for example, (BLOCK\_MODE\_ECB | BLOCK\_MODE\_CBC). - using PaddingTypes = int32\_t - List of padding types to use consisting of entries from [Padding](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga62521a1ab1831c0309da246106bf910d.html#a00004_1ga62521a1ab1831c0309da246106bf910d). Multiple values can be OR’ed together, for example, (PADDING\_PKCS7 | PADDING\_RSA\_PSS). - using DigestTypes = int32\_t - List of digest types to use consisting of entries from [Digest](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1gac8603a7ca330c202f38cb846a83506fa.html#a00004_1gac8603a7ca330c202f38cb846a83506fa). Multiple values can be OR’ed together, for example, (DIGEST\_SHA\_2\_256 | DIGEST\_SHA\_2\_512). - using AlgorithmTypes = int32\_t - Specifies the algorithm to use; valid values are listed in [Algorithm](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga8151fd2f356e9f0a26b3d03e5c06a587.html#a00004_1ga8151fd2f356e9f0a26b3d03e5c06a587). - using CurveTypes = int32\_t - Specifies the curve to use; valid values are listed in [Curve](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga88ed667a6bb5d0dfcc7b0cc0d77ae64d.html#a00004_1ga88ed667a6bb5d0dfcc7b0cc0d77ae64d). Enums - enum CellularThreatType - Describes the cellular threats detected. *Values:* - enumerator UNKNOWN - No scoring (analysis) has been performed yet or it is in-progress. For example; during cell reselection, a device may be camped to a new cell and may remain idle (not exchanging data over cellular network). During this time scoring is not done. When device uses cellular network for actual use, scoring is done. - enumerator IMPRISON - Base station (BS) configuration is preventing the device from connecting to the neighboring base stations. - enumerator DOS - BS intercepts or jams signals to and from the device such that it results in a denial of cellular service. - enumerator DOWNGRADE - BS is forcing the device to downgrade to use less secure cellular service. For example; downgrade from LTE to second-generation cellular network (2G). - enumerator LOCATION\_TRACKED\_USING\_IMSI - BS is continuously tracking location of the device. - enumerator LOCATION\_TRACKED\_USING\_AUTH - BS is continuously tracking location of the device using the authentication process. - enumerator PERSUADE - BS portrays itself as the best option for the UE to select. - enumerator NO\_THREAT\_DETECTED - No threat has been detected for this base station. - enumerator NO\_ENCRYPTION - GSM EDGE radio access network (GERAN) BS is not using encryption. - enumerator WEAK\_ENCRYPTION - GERAN BS is using weak encryption. - enumerator SELF\_BLACKLISTING\_CELL - When using long-term evolution (LTE), BS blacklisted itself on physical layer cell identity (PCI) and E-UTRA absolute radio frequency channel number (EARFCN). - enumerator UNAUTHENTICATED\_SMS - On a unauthenticated GERAN, a short message service (SMS) was received. - enumerator UNAUTHENTICATED\_EMERGENCY\_MESSAGE - On an unauthenticated GERAN, an emergency message was received. - enumerator IMSI\_LEAK - The international mobile subscriber identity (IMSI) of the device has leaked in an unencrypted state to an unauthenticated base station. - enum EnvironmentState - Describes the state of the cellular environment observed by the device. *Values:* - enumerator UNKNOWN - No scoring (analysis) has been performed yet or it is in-progress. - enumerator SAFE - Device and base station have authenticated each other and connected. - enumerator ALERT - Environment is potentially unsafe to operate. There may be potentially malicious BS. The threat score has crossed configured threshold at least once. More analysis needed to conclude, if the environment is safe. - enumerator HOSTILE - Environment is hostile and threats have been detected. For example, compromised/malicious base stations are detected in the environment. - enum ActionType - Based on the policy configured on the device, certain actions are taken automatically. For example; when a compromised/malicious BS is detected, it is blacklisted (cell barring) for a certain period of time (hence device will not be able to connect to it). When configured action has been taken, a security report is generated. In that report, ActionType represents exact action taken. *Values:* - enumerator NONE - No specific action taken. - enumerator DEPRIORITIZED - Priority of this cell for selection is reduced so that other cells get more priority for cell selection/reselection during device attempting to camp to a cell. - enumerator REMOVED\_DEPRIORITIZATION - Priority of this cell (previously deprioritized) for selection is resumed to regular status. - enumerator CELL\_BARRED - This cell has been barred (device will not camp to this cell). - enumerator REMOVED\_CELL\_BARRING - Cell barring has been removed from this previously barred cell. This cell can be considered for connection, during cell selection/reselection process. - enumerator INVALID - The configured action was outside the allowed range of actions. - enum RATType - Defines all the cell info types. *Values:* - enumerator UNKNOWN - - enumerator GSM - - enumerator WCDMA - - enumerator LTE - - enumerator NR5G - - enum Mode - Defines how the user gets verification and calculation results. *Values:* - enumerator MODE\_SYNC - [ICryptoAcceleratorManager::eccVerifyDigest()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00601_1acb66cf90aab6e383e6c2d8c5a72b5070) and [ICryptoAcceleratorManager::ecqvPointMultiplyAndAdd()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00601_1a90bb5ecf8ada90fd8f12bc15bc207e4a) APIs are used to send verification and calculation data and obtain results synchronously. - enumerator MODE\_ASYNC\_POLL - [ICryptoAcceleratorManager::eccPostDigestForVerification()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00601_1a7c04cd4bb400373ced74d333cb4567a3) and [ICryptoAcceleratorManager::ecqvPostDataForMultiplyAndAdd()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00601_1a581ccb188f2805c1fd846b601d08e51f) APIs are used to send verification and calculation data. Results are obtained via [ICryptoAcceleratorManager::getAsyncResults()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00601_1a20602c98aad4f5c70be471a02dcce8d5) API. - enumerator MODE\_ASYNC\_LISTENER - [ICryptoAcceleratorManager::eccPostDigestForVerification()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00601_1a7c04cd4bb400373ced74d333cb4567a3) and [ICryptoAcceleratorManager::ecqvPostDataForMultiplyAndAdd()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00601_1a581ccb188f2805c1fd846b601d08e51f) APIs are used to send verification and calculation data. Results are obtained asynchronously in [ICryptoAcceleratorListener::onVerificationResult()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00600_1afa56735543452705af82bf54d179769c) and [ICryptoAcceleratorListener::onCalculationResult()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00600_1a077c42af81a85edf8806ccb3e02a9a1a) callbacks. - enum RequestPriority - Relative priority of the request. *Values:* - enumerator REQ\_PRIORITY\_HIGH - High priority - enumerator REQ\_PRIORITY\_NORMAL - Lower priority (compared to high priority data) - enum ECCCurve - Elliptic curve used by ECC algorithm. *Values:* - enumerator CURVE\_SM2 - - enumerator CURVE\_NISTP256 - - enumerator CURVE\_NISTP384 - - enumerator CURVE\_BRAINPOOLP256R1 - - enumerator CURVE\_BRAINPOOLP384R1 - - enum OperationType - Type of operation carried by crypto accelerator. *Values:* - enumerator OP\_TYPE\_VERIFY - - enumerator OP\_TYPE\_CALCULATE - - enum CryptoOperation - Specifies the operation for which the key can be used. A key can be used for multiple operation types. *Values:* - enumerator CRYPTO\_OP\_ENCRYPT - Key will be used for encryption. - enumerator CRYPTO\_OP\_DECRYPT - Key will be used for decryption. - enumerator CRYPTO\_OP\_SIGN - Key will be used for signing. - enumerator CRYPTO\_OP\_VERIFY - Key will be used for verification. - enum BlockMode - Specifies the block cipher mode(s) with which the AES key may be used. *Values:* - enumerator BLOCK\_MODE\_ECB - Electronic code block mode - enumerator BLOCK\_MODE\_CBC - Cipher block chain mode - enumerator BLOCK\_MODE\_CTR - Counter-based mode - enumerator BLOCK\_MODE\_GCM - Galois/counter mode - enum Padding - Padding modes that may be applied to plain text for encryption operations. Only cryptographically-appropriate pairs are specified here. *Values:* - enumerator PADDING\_NONE - No padding. - enumerator PADDING\_RSA\_OAEP - RSA optimal asymmetric encryption padding. - enumerator PADDING\_RSA\_PSS - RSA probabilistic signature scheme. - enumerator PADDING\_RSA\_PKCS1\_1\_5\_ENC - RSA PKCS#1 v1.5 padding for encryption. - enumerator PADDING\_RSA\_PKCS1\_1\_5\_SIGN - RSA PKCS#1 v1.5 padding for signing. - enumerator PADDING\_PKCS7 - Public-key cryptography standard. - enum Digest - Specifies the digest algorithms that may be used with the key to perform signing and verification operations using RSA, ECDSA, and HMAC keys. The digest used during signing or verification must match the digest associated with the key when the key was generated. *Values:* - enumerator DIGEST\_NONE - No digest. - enumerator DIGEST\_MD5 - Message-digest algorithm. - enumerator DIGEST\_SHA1 - Secure hash algorithm 1 - enumerator DIGEST\_SHA\_2\_224 - Secure hash algorithm 2, digest 224. - enumerator DIGEST\_SHA\_2\_256 - Secure hash algorithm 2, digest 256. - enumerator DIGEST\_SHA\_2\_384 - Secure hash algorithm 2, digest 384. - enumerator DIGEST\_SHA\_2\_512 - Secure hash algorithm 2, digest 512. - enum Algorithm - Algorithm for signing, verification, encryption, and decryption operations. *Values:* - enumerator ALGORITHM\_UNKNOWN - Unspecified algorithm. - enumerator ALGORITHM\_RSA - RSA (Rivest–Shamir–Adleman) algorithm. - enumerator ALGORITHM\_EC - Elliptic-curve algorithm. - enumerator ALGORITHM\_AES - Advanced encryption standard algorithm. - enumerator ALGORITHM\_HMAC - Hash-based message authentication code algorithm. - enum Curve - NIST curves used with ECDSA. *Values:* - enumerator CURVE\_P\_224 - NIST curve P-224. - enumerator CURVE\_P\_256 - NIST curve P-256. - enumerator CURVE\_P\_384 - NIST curve P-384. - enumerator CURVE\_P\_521 - NIST curve P-521. - enum KeyFormat - Formats for key import and export. *Values:* - enumerator KEY\_FORMAT\_X509 - Public key export. - enumerator KEY\_FORMAT\_PKCS8 - Asymmetric key pair import. - enumerator KEY\_FORMAT\_RAW - Symmetric key import and export. - enum RNGSource - Specifies source of the random number generator. *Values:* - enumerator QTI\_HW\_TRNG - True random number generator (TRNG) on Qualcomm Technologies Inc. (QTI) platform. This is FIPS compliant. - enumerator DEV\_RANDOM - Linux /dev/random device is used as the random number provider. It is based on ChaCha20 stream cipher and uses events from timer, platform, bootloader, hardware random number generator, interrupts, input and disk devices for entropy purpose. - enum AnalysisResult - Security analysis result for a given access point (AP). *Values:* - enumerator NO\_RESULT - There was no result for this AP because either the device is moving or the AP is on the fringes of signal strength. - enumerator NEW\_ASSOCIATION - This is the first time this AP is used for a connection and no previous references exist. - enumerator NO\_THREAT\_DETECTED - The AP appears safe. - enumerator MALICIOUS - The AP is not safe. Variables - static const uint32\_t CA\_RESULT\_DATA\_LENGTH = 96 - Length of the unparsed raw result from the crypto accelerator. - struct LoadConfig - Specifies how load should be calculated. Public Members - uint64\_t calculationInterval - - struct CACapacity - Represents curve-wise absolute capacity. This value represents capacity as if only that type of curve is used in all crypto operations. For example, a capacity of 3000 for sm2 means, 3000 signature verifications of type sm2 can be done under current operating conditions, when no other type of verifications are performed. Public Members - uint32\_t sm2 - - uint32\_t nist256 - - uint32\_t nist384 - - uint32\_t bp256 - - uint32\_t bp384 - - struct CALoad - Represents curve-wise absolute load as calculated in the time window defined by [LoadConfig::calculationInterval](https://docs.qualcomm.com/doc/80-PF458-8/topic/struct_a00584.html#a00584_1a08b60aa4a7ef76e6bd145542252ea53b). For example, a value of 1000 for sm2 means, in that time window, 1000 sm2 type verification were completed. This verification includes both passed and failed signature. Public Members - uint32\_t sm2 - - uint32\_t nist256 - - uint32\_t nist384 - - uint32\_t bp256 - - uint32\_t bp384 - - class ICAControlManagerListener : public telux::common::[ISDKListener](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00046.html#_CPPv4N5telux6common12ISDKListenerE) - Receives load and capacity updates. Public Functions - inline virtual void onCapacityUpdate(struct [CACapacity](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec10CACapacityE) newCapacity) - Invoked to provide an updated capacity. - Parameters: - **newCapacity** – **[in]** New capacity as per current allowed conditions. - inline virtual void onLoadUpdate(struct [CALoad](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec6CALoadE) currentLoad) - Invoked to provide load on crypto accelerator, as observed during time window defined by [LoadConfig::calculationInterval](https://docs.qualcomm.com/doc/80-PF458-8/topic/struct_a00584.html#a00584_1a08b60aa4a7ef76e6bd145542252ea53b). - Parameters: - **currentLoad** – **[in]** Load as observed in the set time window. - inline virtual ~ICAControlManagerListener() - Destructor for [ICAControlManagerListener](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00587). - class ICAControlManager - Public Functions - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) registerListener(std::weak\_ptr<[ICAControlManagerListener](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00587.html#_CPPv4N5telux3sec25ICAControlManagerListenerE)> listener) = 0 - Registers the given listener to get load and capacity updates in [ICAControlManagerListener::onLoadUpdate()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00587_1a9b7c40fc88f84392b765484f9cc03094) and [ICAControlManagerListener::onCapacityUpdate()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00587_1ac77bfe0591c3b95fa85d47ff20048dda) methods. Capacity updates are received whenever capacity changes. Load updates are received as per parameters specified with [startMonitoring()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00588_1a18daff529a543893d5da5b78125eeef5). Note Eval: This is a new API and is being evaluated. It is subject to change and could break backwards compatibility. - Parameters: - **listener** – **[in]** Receives load and capacity updates - Returns: - telux::common::Status::SUCCESS if the listener is registered, otherwise, an appropriate error code - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) deRegisterListener(std::weak\_ptr<[ICAControlManagerListener](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00587.html#_CPPv4N5telux3sec25ICAControlManagerListenerE)> listener) = 0 - Unregisters the given listener registered previously with [registerListener()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00588_1aa11bfd2786720b04f10e292b2505ee32). Note Eval: This is a new API and is being evaluated. It is subject to change and could break backwards compatibility. - Parameters: - **listener** – **[in]** Listener to deregister - Returns: - telux::common::Status::SUCCESS if the listener is unregistered, otherwise, an appropriate error code - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) startMonitoring([LoadConfig](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec10LoadConfigE) loadConfig) = 0 - Starts monitoring and reporting load calculated based on the parameters specified. Calculated load is received by [ICAControlManagerListener::onLoadUpdate()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00587_1a9b7c40fc88f84392b765484f9cc03094) periodically as per time interval specified. On platforms with access control enabled, caller needs to have TELUX\_SEC\_CA\_CTRL\_LOAD\_OPS permission to invoke this API successfully. Note Eval: This is a new API and is being evaluated. It is subject to change and could break backwards compatibility. - Parameters: - **loadConfig** – **[in]** Defines load calculation parameters - Returns: - telux::common::Status::SUCCESS if the monitoring started, otherwise, an appropriate error code - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) stopMonitoring() = 0 - Stops monitoring the load calculation previosuly started by [startMonitoring()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00588_1a18daff529a543893d5da5b78125eeef5). On platforms with access control enabled, caller needs to have TELUX\_SEC\_CA\_CTRL\_LOAD\_OPS permission to invoke this API successfully. Note Eval: This is a new API and is being evaluated. It is subject to change and could break backwards compatibility. - Returns: - telux::common::Status::SUCCESS if the monitoring stopped, otherwise, an appropriate error code - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) getCapacity([CACapacity](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec10CACapacityE) &capacity) = 0 - Provides current verification capacity of the crypto accelerator. Note Eval: This is a new API and is being evaluated. It is subject to change and could break backwards compatibility. - Parameters: - **capacity** – **[out]** current capacity of the crypto accelerator - Returns: - telux::common::Status::SUCCESS if the capacity is fetched, otherwise, an appropriate error code - inline virtual ~ICAControlManager() - Destructor of [ICAControlManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00588). Cleans up as applicable. - struct EnvironmentInfo - Describes an overall cellular environment’s information. Public Members - [EnvironmentState](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga9f4d7234399b233e040608ea8356b574.html#_CPPv4N5telux3sec16EnvironmentStateE) environmentState - Please refer [EnvironmentState](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga9f4d7234399b233e040608ea8356b574.html#a00004_1ga9f4d7234399b233e040608ea8356b574) for details. - struct CellularSecurityReport - Represents security scan report for a cellular connection per base station. Public Members - uint32\_t threatScore - The higher the score higher the possibility of a compromised/malicious base station. The range of valid values for the score is configurable in the platform. The default range is 0 to 500. - uint32\_t cellId - Unique identifier of a cell operated by a mobile network operator. - uint32\_t pid - Physical cell id; identifier of a cell in the physical layer of the cellular technology. - std::string mcc - Mobile country code to uniquely identify a mobile network operator (carrier). - std::string mnc - Mobile network code to uniquely identify a mobile network operator (carrier). - std::vector<[CellularThreatType](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1gaa39cdea6611e05b3d094cf73ef8be17a.html#_CPPv4N5telux3sec18CellularThreatTypeE)> threats - Types of the threat identified. Please refer [CellularThreatType](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1gaa39cdea6611e05b3d094cf73ef8be17a.html#a00004_1gaa39cdea6611e05b3d094cf73ef8be17a) for more details. - [ActionType](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga78f1d735ec6e196b43a111407b9afd16.html#_CPPv4N5telux3sec10ActionTypeE) actionType - Action taken based on the policy configured and threat score. - [RATType](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga26edc0c9077a8e83f28ac9efd2eb72a3.html#_CPPv4N5telux3sec7RATTypeE) rat - Radio access technology being used for communication between the device and the base station (2G/GERAN, 3G/WCDMA, 4G/LTE and 5G/NR). - struct SessionStats - For the current session, it represents a high-level summary of the security stats gathered till now. This gives an overall idea about the operational cellular environment. This can be useful in cases for example, to decide whether a security sensitive operation should be deferred to a later time or place with less hostile environment or extra preventive measures should be activated. Public Members - uint32\_t reportsCount - Number of the reports received. - uint32\_t thresholdCrossedCount - Number of times hostile score threshold was crossed. This count depends on the value of the threshold configured in the platform. This count increments each time the threat score increases beyond this threshold. - std::vector<[CellularThreatType](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1gaa39cdea6611e05b3d094cf73ef8be17a.html#_CPPv4N5telux3sec18CellularThreatTypeE)> threats - Different types of threats detected. - float averageThreatScore - An average score (average of [CellularSecurityReport::threatScore](https://docs.qualcomm.com/doc/80-PF458-8/topic/struct_a00590.html#a00590_1a328b081bfbd9d10ac71abc2c55abc8b8)). - [ActionType](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga78f1d735ec6e196b43a111407b9afd16.html#_CPPv4N5telux3sec10ActionTypeE) lastAction - Last action that was taken based on the policy configured, when a malicious activity was detected. - bool anyActionTaken - Set to true, if an action was taken, when the score crossed hostile threshold. - class ICellularScanReportListener : public telux::common::[IServiceStatusListener](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00049.html#_CPPv4N5telux6common22IServiceStatusListenerE) - Receives security scan reports when a change in cellular environment is detected. For example; 1. Device connects to a given cell tower. 2. Device moves between different cell towers. 3. A new cellular base station is detected. 4. There is a change in the threat score beyond defined threshold. Public Functions - inline virtual void onScanReportAvailable([CellularSecurityReport](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec22CellularSecurityReportE) report, [EnvironmentInfo](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec15EnvironmentInfoE) environmentInfo) - Invoked to provide a security scan report for cellular connection environment. - Parameters: - - **report** – **[in]** [CellularSecurityReport](https://docs.qualcomm.com/doc/80-PF458-8/topic/struct_a00590.html#a00590) result of the cellular security scanning - **environmentInfo** – **[in]** [EnvironmentInfo](https://docs.qualcomm.com/doc/80-PF458-8/topic/struct_a00589.html#a00589) overall environment information - inline virtual ~ICellularScanReportListener() - Destructor for [ICellularScanReportListener](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00592). - class ICellularSecurityManager - Provides support for detecting, monitoring and generating security threat scan report for cellular connections. When a change in the cellular operating environment is detected, information about the environment is gathered and analyzed for targeted, general purpose attacks and anomalies. This information is then provided as a security scan report. The report includes information such as, IMSI leak, tracking location of the device, denial of service, man-in-the-middle attack, spam or phishing SMS, fake emergency messages and rogue base stations. Public Functions - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) registerListener(std::weak\_ptr<[ICellularScanReportListener](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00592.html#_CPPv4N5telux3sec27ICellularScanReportListenerE)> reportListener) = 0 - Registers given listener to receive cellular security scan report. On platforms with access control enabled, caller needs to have TELUX\_SEC\_CCS\_REPORT permission to invoke this API successfully. Note Eval: This is a new API and is being evaluated. It is subject to change and could break backwards compatibility. - Parameters: - **reportListener** – **[in]** Receives security scan reports via [ICellularScanReportListener::onScanReportAvailable()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00592_1a5bb35ee1777fef31a7466aa15ef0f6ad) - Returns: - telux::common::ErrorCode::SUCCESS, if the listener is registered, otherwise, an appropriate error code - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) deRegisterListener(std::weak\_ptr<[ICellularScanReportListener](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00592.html#_CPPv4N5telux3sec27ICellularScanReportListenerE)> reportListener) = 0 - Unregisters the given listener registered previously with [registerListener()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00593_1af14d0adad0300d9a548d66c9c5e70901). On platforms with access control enabled, caller needs to have TELUX\_SEC\_CCS\_REPORT permission to invoke this API successfully. Note Eval: This is a new API and is being evaluated. It is subject to change and could break backwards compatibility. - Parameters: - **reportListener** – **[in]** Listener to unregister - Returns: - telux::common::ErrorCode::SUCCESS, if the listener is deregistered, otherwise, an appropriate error code - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) getCurrentSessionStats([SessionStats](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec12SessionStatsE) &sessionStats) = 0 - Gets current session statistics such as average score, number of reports generated, and threat types detected etc. A session starts when a listener is registered using [ICellularSecurityManager::registerListener](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00593_1af14d0adad0300d9a548d66c9c5e70901) and ends when it is deregistered using [ICellularSecurityManager::deRegisterListener](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00593_1a14ceac5ef9b7a515cf05c8b8086a7d54). On platforms with access control enabled, caller needs to have TELUX\_SEC\_CCS\_REPORT permission to invoke this API successfully. Note Eval: This is a new API and is being evaluated. It is subject to change and could break backwards compatibility. - Parameters: - **sessionStats** – **[out]** [SessionStats](https://docs.qualcomm.com/doc/80-PF458-8/topic/struct_a00591.html#a00591) will contain current session’s stats upon method return - Returns: - Status telux::common::ErrorCode::SUCCESS, if the stats are fetched successfully, otherwise, an appropriate error code - inline virtual ~ICellularSecurityManager() - Destructor of [ICellularSecurityManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00593). Cleans up as applicable. - class ConnectionSecurityFactory - ConnectionConnectionSecurityFactory allows creation of CellularSecurityManager and WiFiSecurityManager. Public Functions - virtual std::shared\_ptr<[ICellularSecurityManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00593.html#_CPPv4N5telux3sec24ICellularSecurityManagerE)> getCellularSecurityManager(telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) &ec) = 0 - Provides an [ICellularSecurityManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00593) instance that detects and monitors security threats and generates security scan reports for cellular connections. - Parameters: - **ec** – **[out]** telux::common::ErrorCode::SUCCESS if [ICellularSecurityManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00593) is created successfully, otherwise, an appropriate error code - Returns: - [ICellularSecurityManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00593) instance or nullptr, if an error occurred - virtual std::shared\_ptr<[IWiFiSecurityManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00058.html#_CPPv4N5telux3sec20IWiFiSecurityManagerE)> getWiFiSecurityManager(telux::common::[InitResponseCb](https://docs.qualcomm.com/doc/80-PF458-8/topic/typedef_a00235_1ab92f90010203f914a62cec6bd7af0a1a.html#_CPPv4N5telux6common14InitResponseCbE) callback) = 0 - Provides an [IWiFiSecurityManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00058.html#a00058) instance that detects and monitors security threats and generates security analysis reports for WiFi connections. Note Eval: This is a new API and is being evaluated. It is subject to change and could break backwards compatibility. - Parameters: - **callback** – **[in]** Callback to receive the WiFiSecurityManager initialization status. - Returns: - [IWiFiSecurityManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00058.html#a00058) instance or nullptr, if an error occurred - virtual std::shared\_ptr<[IWiFiSecurityManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00058.html#_CPPv4N5telux3sec20IWiFiSecurityManagerE)> getWiFiSecurityManager(telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) &ec) = 0 - Provides an [IWiFiSecurityManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00058.html#a00058) instance that detects and monitors security threats and generates security analysis reports for Wi-Fi connections. use the [getWiFiSecurityManager(telux::common::InitResponseCb callback)](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00594_1a4cb04bc48e99e85029b2662f20e23901) API instead - Parameters: - **ec** – **[out]** telux::common::ErrorCode::SUCCESS if [IWiFiSecurityManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00058.html#a00058) is created successfully, otherwise, an appropriate error code - Returns: - [IWiFiSecurityManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00058.html#a00058) instance or nullptr, if an error occurred Public Static Functions - static [ConnectionSecurityFactory](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00594.html#_CPPv4N5telux3sec25ConnectionSecurityFactoryE) &getInstance() - Gets the [ConnectionSecurityFactory](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00594) instance. Private Functions - ConnectionSecurityFactory(const [ConnectionSecurityFactory](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00594.html#_CPPv4N5telux3sec25ConnectionSecurityFactory25ConnectionSecurityFactoryERK25ConnectionSecurityFactory)&) = delete - - [ConnectionSecurityFactory](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00594.html#_CPPv4N5telux3sec25ConnectionSecurityFactoryE) &operator=(const [ConnectionSecurityFactory](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00594.html#_CPPv4N5telux3sec25ConnectionSecurityFactoryE)&) = delete - - struct ECCPoint - Represents a point on an elliptic curve. Public Members - uint8\_t \*x - - size\_t xLength - - uint8\_t \*y - - size\_t yLength - - struct DataDigest - Represents digest of the data whose signature is to be verified. Public Members - uint8\_t \*digest - - size\_t digestLength - - struct Signature - Represents signature of the digest to be verified. Public Members - uint8\_t \*rSignature - - uint8\_t \*sSignature - - size\_t rsLength - - struct Scalar - Represents scalar value to be used with an ECQV operation. Public Members - uint8\_t \*scalar - - size\_t scalarLength - - struct OperationResult - Represents a result obtained from the crypto accelerator. The value of an individual field must only be interpreted through helper methods in [ResultParser](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00602). Public Members - uint32\_t reserved - - uint32\_t id - - uint32\_t operationType - - uint32\_t result - - uint32\_t errCode - - uint8\_t data[[CA\_RESULT\_DATA\_LENGTH](https://docs.qualcomm.com/doc/80-PF458-8/topic/variable_a00004_1ga709a7770b1dd177ae149a7ea38a67c10.html#_CPPv4N5telux3sec21CA_RESULT_DATA_LENGTHE)] - - class ICryptoAcceleratorListener : public telux::common::[IServiceStatusListener](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00049.html#_CPPv4N5telux6common22IServiceStatusListenerE) - Receives ECC signature verification and ECQV calculation result. Public Functions - inline virtual void onVerificationResult(uint32\_t uniqueId, telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) errorCode, std::vector<uint8\_t> resultData) - Invoked to provide an ECC signature verification result. - Parameters: - - **uniqueId** – **[in]** Unique request identifier. This is the same as what was passed to [ICryptoAcceleratorManager::eccPostDigestForVerification()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00601_1a7c04cd4bb400373ced74d333cb4567a3) - **errorCode** – **[in]** telux::common::ErrorCode::SUCCESS, if signature passed validation, telux::common::ErrorCode::VERIFICATION\_FAILED if all inputs were correct, verification completed and signature was invalid, an appropriate error code in all other cases - **resultData** – **[in]** Contains the r’ (computed r-component of the signature) - inline virtual void onCalculationResult(uint32\_t uniqueId, telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) errorCode, std::vector<uint8\_t> resultData) - Invoked to provide an ECQV calculation result. - Parameters: - - **uniqueId** – **[in]** Unique request identifier. This is the same as what was passed to [ICryptoAcceleratorManager::ecqvPostDataForMultiplyAndAdd()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00601_1a581ccb188f2805c1fd846b601d08e51f) - **errorCode** – **[in]** telux::common::ErrorCode::SUCCESS, if calculation succeeded, otherwise, an appropriate error code - **resultData** – **[in]** Output point Q (Q=kP+A). For [CURVE\_SM2](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1gaae841d29b820424890df700e693a22e5.html#a00004_1ggaae841d29b820424890df700e693a22e5ad37c29944d0eec11a7e75fd1a7ef3e9e), [CURVE\_NISTP256](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1gaae841d29b820424890df700e693a22e5.html#a00004_1ggaae841d29b820424890df700e693a22e5a2b5bd835a678b7b2c2b35e0e18137ab2) and [CURVE\_BRAINPOOLP256R1](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1gaae841d29b820424890df700e693a22e5.html#a00004_1ggaae841d29b820424890df700e693a22e5aa59ac80651703cf27629aa5a980d3a74), byte from 0 to 31 contains x-coordinate, and byte from 32 to 63 contains y-coordinate. For [CURVE\_NISTP384](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1gaae841d29b820424890df700e693a22e5.html#a00004_1ggaae841d29b820424890df700e693a22e5ac33b8701f8fd0cd068106104e52eb82d) and [CURVE\_BRAINPOOLP384R1](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1gaae841d29b820424890df700e693a22e5.html#a00004_1ggaae841d29b820424890df700e693a22e5a184e506806e498d416e4a48f7f1a5da9), byte from 0 to 47 contains x-coordinate, and byte from 48 to 95 contains y-coordinate. - inline virtual ~ICryptoAcceleratorListener() - Destructor for [ICryptoAcceleratorListener](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00600). - class ICryptoAcceleratorManager - Provides support for ECC based signature verification and calculation related crypto operations. APIs with asynchronous and synchronous semantics are provided for the same operation, providing flexibility to optimally support multiple client solutions. Clients that prefer to invoke verifications from a thread and consume the results on a different thread should use the asynchronous APIs. Clients that prefer to invoke verification APIs and block until the result is ready, should use the synchronous APIs. Public Functions - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) eccPostDigestForVerification(const [DataDigest](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec10DataDigestE) &digest, const [ECCPoint](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec8ECCPointE) &publicKey, const [Signature](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec9SignatureE) &signature, telux::sec::[ECCCurve](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1gaae841d29b820424890df700e693a22e5.html#_CPPv4N5telux3sec8ECCCurveE) curve, uint32\_t uniqueId, telux::sec::[RequestPriority](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga479bdf29b3ad9b7d02c240d878962b6a.html#_CPPv4N5telux3sec15RequestPriorityE) priority) = 0 - Sends hashed ECC data to the crypto accelerator for integrity verification using the given public key and signature. Verification result is received by the [ICryptoAcceleratorListener::onVerificationResult()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00600_1afa56735543452705af82bf54d179769c) method for [MODE\_ASYNC\_LISTENER](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga662f3159d86d4f429ddfab695daabe6c.html#a00004_1gga662f3159d86d4f429ddfab695daabe6ca38c0a5f9b3f78f1655c155dd0f519084). For [MODE\_ASYNC\_POLL](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga662f3159d86d4f429ddfab695daabe6c.html#a00004_1gga662f3159d86d4f429ddfab695daabe6ca2cf1ab7f545c776ae9bebb368d40b21c), [getAsyncResults()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00601_1a20602c98aad4f5c70be471a02dcce8d5) is used to obtain the results. - Parameters: - - **digest** – **[in]** Digest of data - **publicKey** – **[in]** Uncompressed public key used to verify the signature - **signature** – **[in]** [Signature](https://docs.qualcomm.com/doc/80-PF458-8/topic/struct_a00597.html#a00597) of the digest - **curve** – **[in]** ECC curve on which given public key lies - **uniqueId** – **[in]** Unique identifier for each request. This number must be unique across all requests for which results are pending. Once the result for a request is received, the same number can be reused. Valid value range is 0 <= uniqueId <= 4095. - **priority** – **[in]** Relative priority indicating this digest should be verified before any other low priority digest - Returns: - telux::common::ErrorCode::SUCCESS, if the data is sent to the accelerator, otherwise an appropriate error code - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) ecqvPostDataForMultiplyAndAdd(const [ECCPoint](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec8ECCPointE) &multiplicandPoint, const [ECCPoint](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec8ECCPointE) &addendPoint, const [Scalar](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec6ScalarE) &scalar, telux::sec::[ECCCurve](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1gaae841d29b820424890df700e693a22e5.html#_CPPv4N5telux3sec8ECCCurveE) curve, uint32\_t uniqueId, telux::sec::[RequestPriority](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga479bdf29b3ad9b7d02c240d878962b6a.html#_CPPv4N5telux3sec15RequestPriorityE) priority) = 0 - Sends data to the crypto accelerator to perform a point multiplication and addition for ‘Short Weierstrass’ curves; Q=kP+A. Calculation result is received by the [ICryptoAcceleratorListener::onCalculationResult()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00600_1a077c42af81a85edf8806ccb3e02a9a1a) method for [MODE\_ASYNC\_LISTENER](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga662f3159d86d4f429ddfab695daabe6c.html#a00004_1gga662f3159d86d4f429ddfab695daabe6ca38c0a5f9b3f78f1655c155dd0f519084). For [MODE\_ASYNC\_POLL](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga662f3159d86d4f429ddfab695daabe6c.html#a00004_1gga662f3159d86d4f429ddfab695daabe6ca2cf1ab7f545c776ae9bebb368d40b21c), [getAsyncResults()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00601_1a20602c98aad4f5c70be471a02dcce8d5) is used to obtain the results. - Parameters: - - **multiplicandPoint** – **[in]** Point to multiply (P). In context of public key reconstruction, it represents the reconstruction value - **addendPoint** – **[in]** Point to add (A). In context of public key reconstruction, it represents the CA public key - **scalar** – **[in]** [Scalar](https://docs.qualcomm.com/doc/80-PF458-8/topic/struct_a00598.html#a00598) for the scalar multiplication (k). In context of public key reconstruction, it represents the hash construct - **curve** – **[in]** ECC curve associated with point P and A - **uniqueId** – **[in]** Unique identifier for each request. This number must be unique across all requests for which results are pending. Once the result for a request is received, the the same number can be reused. Valid value range is 0 <= uniqueId <= 4095. - **priority** – **[in]** Relative priority indicating this calculation should be performed before any other low priority operation - Returns: - telux::common::ErrorCode::SUCCESS, if the data is sent to the accelerator, otherwise an appropriate error code - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) getAsyncResults(std::vector<[OperationResult](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec15OperationResultE)> &results, uint32\_t numResultsToRead, int32\_t timeout, uint32\_t &numResultsRead) = 0 - When using Mode::MODE\_ASYNC\_POLL, [ICryptoAcceleratorManager::eccPostDigestForVerification()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00601_1a7c04cd4bb400373ced74d333cb4567a3) and [ICryptoAcceleratorManager::ecqvPostDataForMultiplyAndAdd()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00601_1a581ccb188f2805c1fd846b601d08e51f) APIs are used to send request. The result of these request is obtained asynchronously using this method. It blocks until result(s) is available or timeout occurs. Caller should allocate sufficient memory pointed by ‘results’. - Parameters: - - **results** – **[out]** Buffer that will contain the results - **numResultsToRead** – **[in]** Number of the results to read - **timeout** – **[in]** Time to wait (in milliseconds) for the result(s). Specifying a negative value means an infinite timeout. Zero value means return immediately (there may or may not be any results read). - **numResultsRead** – **[out]** Number of results actually read - Returns: - telux::common::ErrorCode::SUCCESS, if the result(s) are obtained successfully, otherwise an appropriate error code - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) eccVerifyDigest(const [DataDigest](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec10DataDigestE) &digest, const [ECCPoint](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec8ECCPointE) &publicKey, const [Signature](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec9SignatureE) &signature, telux::sec::[ECCCurve](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1gaae841d29b820424890df700e693a22e5.html#_CPPv4N5telux3sec8ECCCurveE) curve, uint32\_t uniqueId, telux::sec::[RequestPriority](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga479bdf29b3ad9b7d02c240d878962b6a.html#_CPPv4N5telux3sec15RequestPriorityE) priority, std::vector<uint8\_t> &resultData) = 0 - Verifies the signature of the digest using given public key. - Parameters: - - **digest** – **[in]** Digest of data - **publicKey** – **[in]** Uncompressed public key used to verify the signature - **signature** – **[in]** [Signature](https://docs.qualcomm.com/doc/80-PF458-8/topic/struct_a00597.html#a00597) of the digest - **curve** – **[in]** ECC curve on which given public key lies - **uniqueId** – **[in]** Unique identifier for each request. This number must be unique across all requests for which results are pending. Once the result for a request is received, the same number can be reused. Valid value range is 0 <= uniqueId <= 4095. - **priority** – **[in]** Relative priority indicating this digest should be verified before any other low priority digest - **resultData** – **[out]** Contains the r’ prime (computed r-component of the signature) - Returns: - telux::common::ErrorCode::SUCCESS, if signature passed validation, telux::common::ErrorCode::VERIFICATION\_FAILED if all inputs were correct, verification completed and signature was invalid, an appropriate error code in all other cases - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) ecqvPointMultiplyAndAdd(const [ECCPoint](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec8ECCPointE) &multiplicandPoint, const [ECCPoint](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec8ECCPointE) &addendPoint, const [Scalar](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec6ScalarE) &scalar, telux::sec::[ECCCurve](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1gaae841d29b820424890df700e693a22e5.html#_CPPv4N5telux3sec8ECCCurveE) curve, uint32\_t uniqueId, telux::sec::[RequestPriority](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga479bdf29b3ad9b7d02c240d878962b6a.html#_CPPv4N5telux3sec15RequestPriorityE) priority, std::vector<uint8\_t> &resultData) = 0 - Performs a point multiplication and addition for ‘Short Weierstrass’ curves; Q=kP+A with the help of accelerator. This can be used, for example; to reconstruct a public key, using ‘Elliptic Curve Qu-Vanstone (ECQV)’ implicit certificate scheme. - Parameters: - - **multiplicandPoint** – **[in]** Point to multiply (P). In context of public key reconstruction, it represents the reconstruction value - **addendPoint** – **[in]** Point to add (A). In context of public key reconstruction, it represents the CA public key - **scalar** – **[in]** [Scalar](https://docs.qualcomm.com/doc/80-PF458-8/topic/struct_a00598.html#a00598) for the scalar multiplication (k). In context of public key reconstruction, it represents the hash construct - **curve** – **[in]** ECC curve associated with point P and A - **uniqueId** – **[in]** Unique identifier for each request. This number must be unique across all requests for which results are pending. Once the result for a request is received, the the same number can be reused. Valid value range is 0 <= uniqueId <= 4095. - **priority** – **[in]** Relative priority indicating this calculation should be performed before any other low priority operation - **resultData** – **[out]** Output point Q (Q=kP+A). For [CURVE\_SM2](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1gaae841d29b820424890df700e693a22e5.html#a00004_1ggaae841d29b820424890df700e693a22e5ad37c29944d0eec11a7e75fd1a7ef3e9e), [CURVE\_NISTP256](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1gaae841d29b820424890df700e693a22e5.html#a00004_1ggaae841d29b820424890df700e693a22e5a2b5bd835a678b7b2c2b35e0e18137ab2) and [CURVE\_BRAINPOOLP256R1](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1gaae841d29b820424890df700e693a22e5.html#a00004_1ggaae841d29b820424890df700e693a22e5aa59ac80651703cf27629aa5a980d3a74), byte from 0 to 31 contains x-coordinate, and byte from 32 to 63 contains y-coordinate. For [CURVE\_NISTP384](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1gaae841d29b820424890df700e693a22e5.html#a00004_1ggaae841d29b820424890df700e693a22e5ac33b8701f8fd0cd068106104e52eb82d) and [CURVE\_BRAINPOOLP384R1](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1gaae841d29b820424890df700e693a22e5.html#a00004_1ggaae841d29b820424890df700e693a22e5a184e506806e498d416e4a48f7f1a5da9), byte from 0 to 47 contains x-coordinate, and byte from 48 to 95 contains y-coordinate. - Returns: - telux::common::ErrorCode::SUCCESS, if the calculation succeeded, otherwise an appropriate error code - inline virtual ~ICryptoAcceleratorManager() - Destructor of [ICryptoAcceleratorManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00601). Cleans up as applicable. - class ResultParser - Provides helpers to parse fields in the [OperationResult](https://docs.qualcomm.com/doc/80-PF458-8/topic/struct_a00599.html#a00599). Public Static Functions - static uint32\_t getId(const [OperationResult](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec15OperationResultE) &result) - Gets the unique identifier associated with the result. - Parameters: - **result** – **[in]** Result obtained from [ICryptoAcceleratorManager::getAsyncResults()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00601_1a20602c98aad4f5c70be471a02dcce8d5) - Returns: - Unique identifier associated with the result. This is the same as what was passed in request - static [OperationType](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga192a57edf0a3b9043692d50807c18940.html#_CPPv4N5telux3sec13OperationTypeE) getOperationType(const [OperationResult](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec15OperationResultE) &result) - Gets the type of operation corresponding to this result; values are and OperationType::OP\_TYPE\_VERIFY and OperationType::OP\_TYPE\_CALCULATE. - Parameters: - **result** – **[in]** Result obtained from [ICryptoAcceleratorManager::getAsyncResults()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00601_1a20602c98aad4f5c70be471a02dcce8d5) - Returns: - Operation type - OperationType::OP\_TYPE\_VERIFY for signature verification, OperationType::OP\_TYPE\_CALCULATE for point calculation. - static telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) getErrorCode(const [OperationResult](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec15OperationResultE) &result) - Indicates if the operation passed. - Parameters: - **result** – **[in]** Result obtained from [ICryptoAcceleratorManager::getAsyncResults()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00601_1a20602c98aad4f5c70be471a02dcce8d5) - Returns: - For ECC verification, telux::common::ErrorCode::SUCCESS, if signature passed validation, telux::common::ErrorCode::VERIFICATION\_FAILED if all inputs were correct, verification completed and signature was invalid, an appropriate error code in all other cases. For ECQV calculation, telux::common::ErrorCode::SUCCESS, if the calculation succeeded, an appropriate error code in all other cases - static telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) getCAErrorCode(const [OperationResult](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec15OperationResultE) &result) - Provides a crypto accelerator hardware specific error code to further identify the actual error. Should be used only if [getErrorCode()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00602_1ab90f38d41272bf02f2f07ce4ec2b142b) indicates an error occurred. - Parameters: - **result** – **[in]** Result obtained from [ICryptoAcceleratorManager::getAsyncResults()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00601_1a20602c98aad4f5c70be471a02dcce8d5) - Returns: - Error code - [telux::common::ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#a00023_1ga84acdb74b7d34616b1ca497c7369810d)::\* as obtained from the accelerator - static uint8\_t \*getData([OperationResult](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec15OperationResultE) &result) - Gets the actual result data. For ECC verification, it contains r-prime and for ECQV it contains coordinates. - Parameters: - **result** – **[in]** Result obtained from [ICryptoAcceleratorManager::getAsyncResults()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00601_1a20602c98aad4f5c70be471a02dcce8d5) - Returns: - Pointer to the data, For ECC verification contains r-prime, For ECQV calculatio contains coordinates - class ICryptoParam - Specifies how a crypto operation should be performed. An instance of this must be created only thorough [CryptoParamBuilder](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00606). Public Functions - inline virtual ~ICryptoParam() - - struct EncryptedData - Represents encrypted data and optional nonce. Public Members - std::vector<uint8\_t> encryptedText - Encrypted text. - std::vector<uint8\_t> nonce - Generated nonce. - class ICryptoManager - [ICryptoManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00605) provides key management and crypto operation support. It uses trusted hardware bound cryptography. All keys generated are bound to the device cryptographically. Public Functions - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) generateKey(std::shared\_ptr<[ICryptoParam](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00603.html#_CPPv4N5telux3sec12ICryptoParamE)> cryptoParam, std::vector<uint8\_t> &keyBlob) = 0 - Generates key and provides it in the form of a corresponding key blob. The key’s secret is encrypted in this key blob. On platforms with access control enabled, the caller needs to have TELUX\_SEC\_KEY\_OPS permission to successfully invoke this API. - Parameters: - - **cryptoParam** – **[in]** Specifications of the key. - **keyBlob** – **[out]** Key blob representing the key. - Returns: - [telux::common::ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#a00023_1ga84acdb74b7d34616b1ca497c7369810d) as appropriate. - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) importKey(std::shared\_ptr<[ICryptoParam](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00603.html#_CPPv4N5telux3sec12ICryptoParamE)> cryptoParam, telux::sec::[KeyFormat](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga2abf2280910af90f329c01dcb9725e95.html#_CPPv4N5telux3sec9KeyFormatE) keyFmt, std::vector<uint8\_t> const &keyData, std::vector<uint8\_t> &keyBlob) = 0 - Creates a key blob from the given key data. On platforms with access control enabled, the caller needs to have TELUX\_SEC\_KEY\_OPS permission to successfully invoke this API. - Parameters: - - **cryptoParam** – **[in]** Specifications of the key - **keyFmt** – **[in]** Format in which the key should be imported ([KeyFormat](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga2abf2280910af90f329c01dcb9725e95.html#a00004_1ga2abf2280910af90f329c01dcb9725e95)) - **keyData** – **[in]** Key’s data, in the specified format, to be imported. - **keyBlob** – **[out]** Key blob created from the given key data. - Returns: - [telux::common::ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#a00023_1ga84acdb74b7d34616b1ca497c7369810d) as appropriate. - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) exportKey(telux::sec::[KeyFormat](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga2abf2280910af90f329c01dcb9725e95.html#_CPPv4N5telux3sec9KeyFormatE) keyFmt, std::vector<uint8\_t> const &keyBlob, std::vector<uint8\_t> &keyData) = 0 - Generates equivalent key data from the given key blob. On platforms with access control enabled, the caller needs to have TELUX\_SEC\_KEY\_OPS permission to successfully invoke this API. - Parameters: - - **keyFmt** – **[in]** [KeyFormat](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga2abf2280910af90f329c01dcb9725e95.html#a00004_1ga2abf2280910af90f329c01dcb9725e95) Format in which key should be exported. - **keyBlob** – **[in]** Key blob representing the key to be exported. - **keyData** – **[out]** Key’s data generated from the given key blob. - Returns: - [telux::common::ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#a00023_1ga84acdb74b7d34616b1ca497c7369810d) as appropriate. - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) upgradeKey(std::shared\_ptr<[ICryptoParam](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00603.html#_CPPv4N5telux3sec12ICryptoParamE)> cryptoParam, std::vector<uint8\_t> const &oldKeyBlob, std::vector<uint8\_t> &newKeyBlob) = 0 - Upgrades the given key if it has expired. For example, This API can be used when a key has expired due to a system software upgrade. On platforms with access control enabled, the caller needs to have TELUX\_SEC\_KEY\_OPS permission to successfully invoke this API. - Parameters: - - **cryptoParam** – **[in]** Input parameters passed to the upgrade algorithm. Specifically, unique data should be set if it was used when the key was originally created. - **oldKeyBlob** – **[in]** Key blob representing the key to be upgraded. - **newKeyBlob** – **[out]** Key blob representing the upgraded key. - Returns: - [telux::common::ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#a00023_1ga84acdb74b7d34616b1ca497c7369810d) as appropriate. - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) signData(std::shared\_ptr<[ICryptoParam](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00603.html#_CPPv4N5telux3sec12ICryptoParamE)> cryptoParam, std::vector<uint8\_t> const &keyBlob, std::vector<uint8\_t> const &plainText, std::vector<uint8\_t> &signature) = 0 - Generates a signature to verify the integrity of the given data. On platforms with access control enabled, the caller needs to have TELUX\_SEC\_SIGN\_OPS permission to successfully invoke this API. - Parameters: - - **cryptoParam** – **[in]** Input parameters passed to the signature generation algorithm. - **keyBlob** – **[in]** Key blob to sign given data. - **plainText** – **[in]** Data to be signed. - **signature** – **[out]** [Signature](https://docs.qualcomm.com/doc/80-PF458-8/topic/struct_a00597.html#a00597) generated for the given data. - Returns: - [telux::common::ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#a00023_1ga84acdb74b7d34616b1ca497c7369810d) as appropriate. - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) verifyData(std::shared\_ptr<[ICryptoParam](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00603.html#_CPPv4N5telux3sec12ICryptoParamE)> cryptoParam, std::vector<uint8\_t> const &keyBlob, std::vector<uint8\_t> const &plainText, std::vector<uint8\_t> const &signature) = 0 - Verifies integrity of the given data through its signature. On platforms with access control enabled, the caller needs to have TELUX\_SEC\_SIGN\_OPS permission to successfully invoke this API. - Parameters: - - **cryptoParam** – **[in]** Input parameters passed to the signature validation algorithm. - **keyBlob** – **[in]** Key blob to verify the given data. - **plainText** – **[in]** Data to be verified. - **signature** – **[in]** [Signature](https://docs.qualcomm.com/doc/80-PF458-8/topic/struct_a00597.html#a00597) of the data. - Returns: - telux::common::ErrorCode::SUCCESS if verification is passed otherwise [telux::common::ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#a00023_1ga84acdb74b7d34616b1ca497c7369810d) as appropriate. - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) encryptData(std::shared\_ptr<[ICryptoParam](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00603.html#_CPPv4N5telux3sec12ICryptoParamE)> cryptoParam, std::vector<uint8\_t> const &keyBlob, std::vector<uint8\_t> const &plainText, std::shared\_ptr<[EncryptedData](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec13EncryptedDataE)> &encryptedData) = 0 - Encrypts data per the given inputs to the encryption algorithm. On platforms with access control enabled, the caller needs to have TELUX\_SEC\_ENCRYPTION\_OPS permission to successfully invoke this API. - Parameters: - - **cryptoParam** – **[in]** Input parameters passed to the encryption algorithm. - **keyBlob** – **[in]** Key blob to be used for encryption. - **plainText** – **[in]** Data to be encrypted. - **encryptedData** – **[out]** Encrypted data and nonce, if [CryptoParamBuilder::setCallerNonce()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00606_1aa4d408a432e4c32d75386d69bd24898b) was not set when creating keys for encryption/decryption). - Returns: - [telux::common::ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#a00023_1ga84acdb74b7d34616b1ca497c7369810d) as appropriate. - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) decryptData(std::shared\_ptr<[ICryptoParam](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00603.html#_CPPv4N5telux3sec12ICryptoParamE)> cryptoParam, std::vector<uint8\_t> const &keyBlob, std::vector<uint8\_t> const &encryptedText, std::vector<uint8\_t> &decryptedText) = 0 - Decrypts data per the given inputs to the decryption algorithm. On platforms with access control enabled, the caller needs to have TELUX\_SEC\_ENCRYPTION\_OPS permission to successfully invoke this API. - Parameters: - - **cryptoParam** – **[in]** Input parameters passed to the decryption algorithm. - **keyBlob** – **[in]** Key blob to be used for decryption. - **encryptedText** – **[in]** Encrypted data to be decrypted. - **decryptedText** – **[out]** Decrypted data. - Returns: - [telux::common::ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#a00023_1ga84acdb74b7d34616b1ca497c7369810d) as appropriate. - inline virtual ~ICryptoManager() - Destroys the [ICryptoManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00605) instance. Performs cleanup as applicable. - class CryptoParamBuilder - [CryptoParamBuilder](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00606) helps setup input parameters for a given crypto operation. Public Functions - CryptoParamBuilder() - Allocates an instance of [CryptoParamBuilder](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00606). - [CryptoParamBuilder](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00606.html#_CPPv4N5telux3sec18CryptoParamBuilderE) setAlgorithm([AlgorithmTypes](https://docs.qualcomm.com/doc/80-PF458-8/topic/typedef_a00004_1ga18915e6077706a4552ac80ec2a9a0340.html#_CPPv4N5telux3sec14AlgorithmTypesE) algorithm) - When generating keys, specifies with which algorithm the keys will be used. For crypto operations, specifies the algorithm to use. Use [telux::sec::Algorithm](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga8151fd2f356e9f0a26b3d03e5c06a587.html#a00004_1ga8151fd2f356e9f0a26b3d03e5c06a587) enumeration to define this. - [CryptoParamBuilder](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00606.html#_CPPv4N5telux3sec18CryptoParamBuilderE) setCryptoOperation([CryptoOperationTypes](https://docs.qualcomm.com/doc/80-PF458-8/topic/typedef_a00004_1gaa2083acc0ce41aed389598edc723f23e.html#_CPPv4N5telux3sec20CryptoOperationTypesE) operation) - When generating keys, specifies the crypto operation(s) for which the key will be used. For crypto operations, specifies the operation itself (encrypting/decrypting/ signing/verifying). Use [telux::sec::CryptoOperation](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga93dfc1d527f9631f2c05cb1c178d041a.html#a00004_1ga93dfc1d527f9631f2c05cb1c178d041a) enumeration to define this. Multiple operation values can be OR’ed (|). - [CryptoParamBuilder](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00606.html#_CPPv4N5telux3sec18CryptoParamBuilderE) setDigest([DigestTypes](https://docs.qualcomm.com/doc/80-PF458-8/topic/typedef_a00004_1ga14254ef3ed064339b736984d2e07b6e3.html#_CPPv4N5telux3sec11DigestTypesE) digest) - When generating keys, specifies the digest algorithm(s) that may be used with the key to perform signing and verifying operations using RSA, ECDSA, and HMAC keys. For crypto operations, specifies exact digest algorithm to be used. Use [telux::sec::Digest](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1gac8603a7ca330c202f38cb846a83506fa.html#a00004_1gac8603a7ca330c202f38cb846a83506fa) enumeration to define this. Multiple values can be OR’ed (|). - [CryptoParamBuilder](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00606.html#_CPPv4N5telux3sec18CryptoParamBuilderE) setPadding([PaddingTypes](https://docs.qualcomm.com/doc/80-PF458-8/topic/typedef_a00004_1ga64a273c905016c496bdb626ee34dd1bd.html#_CPPv4N5telux3sec12PaddingTypesE) padding) - When generating keys, specifies the padding modes that may be used with the RSA and AES key. For crypto operations, specifies the exact padding to be used. Use [telux::sec::Padding](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga62521a1ab1831c0309da246106bf910d.html#a00004_1ga62521a1ab1831c0309da246106bf910d) enumeration to define this. Multiple padding values can be OR’ed (|). - [CryptoParamBuilder](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00606.html#_CPPv4N5telux3sec18CryptoParamBuilderE) setKeySize(int32\_t keySize) - When generating keys, specifies the size in bits, of the key, measured in the regular way for the key’s algorithm. - For RSA keys, specifies the size of the public modulus. - For AES keys, specifies length of the secret key material. - For HMAC keys, specifies the key size in bits. - For EC keys, selects the EC group. - [CryptoParamBuilder](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00606.html#_CPPv4N5telux3sec18CryptoParamBuilderE) setMinimumMacLength(int32\_t minMacLength) - When generating keys, specifies minimum length of the MAC in bits that can be requested or verified with this key for HMAC keys and AES keys that support GCM mode. - [CryptoParamBuilder](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00606.html#_CPPv4N5telux3sec18CryptoParamBuilderE) setMacLength(int32\_t macLength) - For crypto operations, specifies requested length of a MAC or GCM (which is guaranteed to be no less then minimum length of the MAC/GCM used when generating the key). - [CryptoParamBuilder](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00606.html#_CPPv4N5telux3sec18CryptoParamBuilderE) setBlockMode([BlockModeTypes](https://docs.qualcomm.com/doc/80-PF458-8/topic/typedef_a00004_1gabae99c9540af9a610677bbcefabb7077.html#_CPPv4N5telux3sec14BlockModeTypesE) blockMode) - When generating keys, specifies the block cipher mode(s) with which this key can be used. For crypto operations, specifies the exact block mode to be used. Use [telux::sec::BlockMode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga0a6d52c70549af3650df1c34f8bad138.html#a00004_1ga0a6d52c70549af3650df1c34f8bad138) enumeration to define this. Multiple block mode values can be OR’ed (|). - [CryptoParamBuilder](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00606.html#_CPPv4N5telux3sec18CryptoParamBuilderE) setCurve(int32\_t curve) - When generating the keys using an EC algorithm, only key size, only curve, or both key size and curve can be specified. If only key size is specified, the appropriate NIST curve is selected automatically. If only curve is specified, the given curve is used. If both are specified, the given curve is used and key size is validated. - [CryptoParamBuilder](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00606.html#_CPPv4N5telux3sec18CryptoParamBuilderE) setCallerNonce(bool callerNonce) - When generating AES key, if callerNonce is set to true, it specifies that an explicit nonce will be supplied by the caller during encryption and decryption using [setInitVector()](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00606_1a59711ae2909926a05b924d4c3acfb4ea). If the callerNonce is set to false (or not set), platform will generate the nonce during encryption. This nonce should be passed during decryption. - [CryptoParamBuilder](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00606.html#_CPPv4N5telux3sec18CryptoParamBuilderE) setPublicExponent(uint64\_t publicExponent) - When generating an RSA key, specifies the value of the public exponent for an RSA key pair (necessary for all RSA keys). - [CryptoParamBuilder](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00606.html#_CPPv4N5telux3sec18CryptoParamBuilderE) setInitVector(std::vector<uint8\_t> initVector) - When performing AES crypto operations, specifies the initialization vector to be used. - [CryptoParamBuilder](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00606.html#_CPPv4N5telux3sec18CryptoParamBuilderE) setUniqueData(std::vector<uint8\_t> uniqueData) - When generating or importing a key, an optional arbitrary value can be supplied through this method. In all subsequent use of the key, this value must be supplied again. The data given is bound to the key cryptographically. This data ties the key to the caller. - [CryptoParamBuilder](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00606.html#_CPPv4N5telux3sec18CryptoParamBuilderE) setAssociatedData(std::vector<uint8\_t> associatedData) - When encrypting/decrypting data, this specifies optional associated data to be used. This is applicable only for AES-GCM algorithm. - std::shared\_ptr<[ICryptoParam](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00603.html#_CPPv4N5telux3sec12ICryptoParamE)> build(void) - Creates an instance of [ICryptoParam](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00603) based on the setter methods invoked on the builder. After building the builder’s state is reset. Private Members - std::shared\_ptr<[ICryptoParam](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00603.html#_CPPv4N5telux3sec12ICryptoParamE)> cryptoParam\_ - - class IRandomNumberManager - [IRandomNumberManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00607) can be used to generate random number/data. Public Functions - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) getRandomNumber(uint32\_t &generatedNumber) = 0 - Gets a 32 bit random number. Note Eval: This is a new API and is being evaluated. It is subject to change and could break backwards compatibility. - Parameters: - **generatedNumber** – **[out]** random number generated - Returns: - telux::common::ErrorCode::SUCCESS if the random number is generated successfully otherwise an appropriate error code. - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) getRandomNumber(uint64\_t &generatedNumber) = 0 - Gets a 64 bit random number. Note Eval: This is a new API and is being evaluated. It is subject to change and could break backwards compatibility. - Parameters: - **generatedNumber** – **[out]** random number generated - Returns: - telux::common::ErrorCode::SUCCESS if the random number is generated successfully otherwise an appropriate error code. - virtual telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) getRandomData(std::vector<uint8\_t> &generatedData, size\_t &dataLength) = 0 - Gets random data bytes up to the length defined by generatedData.size(). The dataLength gives how many bytes are actually generated. Note Eval: This is a new API and is being evaluated. It is subject to change and could break backwards compatibility. - Parameters: - - **generatedData** – **[out]** will contain random data - **dataLength** – **[out]** number of bytes generated - Returns: - telux::common::ErrorCode::SUCCESS if the random data is generated successfully otherwise an appropriate error code. - inline virtual ~IRandomNumberManager() - Destroys the [IRandomNumberManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00607) instance. Performs cleanup as applicable. - class SecurityFactory - [SecurityFactory](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00608) allows creation of [ICryptoManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00605) and [ICryptoAcceleratorManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00601). Public Functions - virtual std::shared\_ptr<[ICryptoManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00605.html#_CPPv4N5telux3sec14ICryptoManagerE)> getCryptoManager(telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) &ec) = 0 - Instantiates a CryptoManager instance that can be used to perform key management and cryptographic operations. - Parameters: - **ec** – **[out]** telux::common::ErrorCode::SUCCESS if [ICryptoManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00605) is created successfully, otherwise, an appropriate error code - Returns: - [ICryptoManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00605) instance - virtual std::shared\_ptr<[ICryptoAcceleratorManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00601.html#_CPPv4N5telux3sec25ICryptoAcceleratorManagerE)> getCryptoAcceleratorManager(telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) &ec, [Mode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga662f3159d86d4f429ddfab695daabe6c.html#_CPPv4N5telux3sec4ModeE) mode, std::weak\_ptr<[ICryptoAcceleratorListener](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00600.html#_CPPv4N5telux3sec26ICryptoAcceleratorListenerE)> cryptoAccelListener = std::weak\_ptr<[ICryptoAcceleratorListener](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00600.html#_CPPv4N5telux3sec26ICryptoAcceleratorListenerE)>()) = 0 - Provides a CryptoAcceleratorManager instance that can be used to perform cryptographic operations requiring elliptic-curve cryptography (ECC) verifications and calculations. Providing [ICryptoAcceleratorListener](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00600) instance is mandatory when using Mode::MODE\_ASYNC\_LISTENER. It is not required with modes, Mode::MODE\_SYNC and Mode::MODE\_ASYNC\_POLL for cryptographic operations. To receive subsystem-restart (SSR) updates, application must provide [ICryptoAcceleratorListener](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00600) instance (irrespective of Mode::\*) and implement method [telux::common::IServiceStatusListener::onServiceStatusChange()](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00049.html#a00049_1ac61541d5b486809fbadfad455522c785). Specifying mode (Mode::\*) defines how an application will send request and receive cryptographic results. Passing listener determines whether an application is also interested in SSR updates in addition to cryptographic results or not. On platforms with access control enabled, caller needs to have TELUX\_SEC\_ACCELERATOR\_MGR permission to invoke this API successfully. - Parameters: - - **ec** – **[out]** telux::common::ErrorCode::SUCCESS if [ICryptoAcceleratorManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00601) is created successfully, otherwise, an appropriate error code - **mode** – **[in]** Defines how users obtain verification and calculation results - **cryptoAccelListener** – **[in]** Optional, listener for ECC signature verification and ECQV calculation results - Returns: - [ICryptoAcceleratorManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00601) instance - virtual std::shared\_ptr<[ICAControlManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00588.html#_CPPv4N5telux3sec17ICAControlManagerE)> getCAControlManager(telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) &ec) = 0 - Provides an [ICAControlManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00588) instance that can be used to collect statistical information about usage of the crypto accelerator. On platforms with access control enabled, caller needs to have TELUX\_SEC\_CA\_CONTROL\_MGR permission to invoke this API successfully. - Parameters: - **ec** – **[out]** telux::common::ErrorCode::SUCCESS if the [ICAControlManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00588) is created successfully, otherwise, an appropriate error code - Returns: - [ICAControlManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00588) instance - virtual std::shared\_ptr<[IRandomNumberManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00607.html#_CPPv4N5telux3sec20IRandomNumberManagerE)> getRandomNumberManager([RNGSource](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga088a1feaef3a9d60145fe0b645943490.html#_CPPv4N5telux3sec9RNGSourceE) generatorSource, telux::common::[ErrorCode](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00023_1ga84acdb74b7d34616b1ca497c7369810d.html#_CPPv4N5telux6common9ErrorCodeE) &ec) = 0 - Provides an [IRandomNumberManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00607) instance that can be used to generate random number/data. Note Eval: This is a new API and is being evaluated. It is subject to change and could break backwards compatibility. - Parameters: - - **generatorSource** – **[in]** Random number generator source to use - **ec** – **[out]** telux::common::ErrorCode::SUCCESS if the [IRandomNumberManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00607) is created successfully, telux::common::ErrorCode::INCOMPATIBLE\_STATE if the platform has been configured to use a RNG that does not correspond to the RNGSource passed to the API, otherwise, an appropriate error code. - Returns: - [IRandomNumberManager](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00607) instance Public Static Functions - static [SecurityFactory](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00608.html#_CPPv4N5telux3sec15SecurityFactoryE) &getInstance() - Gets the [SecurityFactory](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00608) instance. Private Functions - SecurityFactory(const [SecurityFactory](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00608.html#_CPPv4N5telux3sec15SecurityFactory15SecurityFactoryERK15SecurityFactory)&) = delete - - [SecurityFactory](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00608.html#_CPPv4N5telux3sec15SecurityFactoryE) &operator=(const [SecurityFactory](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00608.html#_CPPv4N5telux3sec15SecurityFactoryE)&) = delete - - struct MLAlgorithmAnalysis - Machine learning algorithm threat analysis result per AP. Public Members - uint32\_t threatScore - Higher threat scores indicate a higher possibility that the AP is malicious; range is 0 to 100. - [AnalysisResult](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga0d4843b5ad5c8af3b28f78d0b920c6c9.html#_CPPv4N5telux3sec14AnalysisResultE) result - Result of the security analysis for a given AP. - struct SummoningAnalysis - Summoning attack threat analysis result. Public Members - [AnalysisResult](https://docs.qualcomm.com/doc/80-PF458-8/topic/enum_a00004_1ga0d4843b5ad5c8af3b28f78d0b920c6c9.html#_CPPv4N5telux3sec14AnalysisResultE) result - Result of the security analysis for a given AP. - struct WiFiSecurityReport - Represents the security report for a Wi-Fi AP. Public Members - std::string ssid - Network interface name of the AP. - std::string bssid - MAC address of the AP. - bool isConnectedToAP - True if the device is connected to this AP. - bool isOpenAP - True if devices can connect to this AP without authentication. - [MLAlgorithmAnalysis](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec19MLAlgorithmAnalysisE) mlAlgorithmAnalysis - Machine learning algorithm threat analysis result. - [SummoningAnalysis](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec17SummoningAnalysisE) summoningAnalysis - Summoning attack threat analysis result. - struct DeauthenticationInfo - Represents information about a deauthentication attack. Public Members - int deauthenticationReason - Reason code why disassociation or deauthentication occurred as specified by the IEEE 802.11 standard. - bool didAPInitiateDisconnect - True if the AP initiated the disconnection. - uint32\_t threatScore - Higher threat scores indicate a higher possibility that this is a deauthentication attack; range is 0 to 100. - struct ApInfo - Represents a WiFi access point. Public Members - std::string ssid - Network interface name of the AP. - std::string bssid - MAC address of the AP. - class IWiFiReportListener : public telux::common::[ISDKListener](https://docs.qualcomm.com/doc/80-PF458-8/topic/class_a00046.html#_CPPv4N5telux6common12ISDKListenerE) - Receives security analysis reports for the Wi-Fi APs detected while scanning for APs in the vicinity and provides a listener for deauthentication attacks. It is recommended that the client should not perform any blocking/sleeping operation from within methods in this class to ensure all the information is provided for attack scans. Also the implementation should be thread safe. Public Functions - inline virtual void onReportAvailable([WiFiSecurityReport](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec18WiFiSecurityReportE) report) - Notifies that the implementation completed a threat analysis and that the report is available. This analysis is performed at various triggers. For example, when a scan for APs is triggered the implementation performs an analysis and provides a report for every AP it sees in the vicinity. Note Eval: This is a new API and is being evaluated. It is subject to change and could break backwards compatibility. - Parameters: - **report** – **[in]** [WiFiSecurityReport](https://docs.qualcomm.com/doc/80-PF458-8/topic/struct_a00611.html#a00611) result of the Wi-Fi security analysis. - inline virtual void onDeauthenticationAttack([DeauthenticationInfo](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec20DeauthenticationInfoE) deauthenticationInfo) - Notifies that a deauthentication attack is identified. Note Eval: This is a new API and is being evaluated. It is subject to change and could break backwards compatibility. - Parameters: - **deauthenticationInfo** – **[in]** [DeauthenticationInfo](https://docs.qualcomm.com/doc/80-PF458-8/topic/struct_a00612.html#a00612) security analysis information. - inline virtual void isTrustedAP([ApInfo](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#_CPPv4N5telux3sec6ApInfoE) accessPoint, bool &isTrusted) - Gets user’s confirmation that the given AP is trusted. This is called only once when the device connects to this AP for the first time. If the application trusts the given AP, it should set ‘isTrusted’ to true, otherwise it should be set to false. This information is critical for attack scans and without the user’s input security analysis reports will be blocked. Once the user confirms that an AP is trusted, this information is saved internally and used later to detect threats like evil twin attacks. On platforms with access control enabled, the caller needs to have the TELUX\_SEC\_WCS\_CONFIG permission to successfully invoke this API. Note Eval: This is a new API and is being evaluated. It is subject to change and could break backwards compatibility. - Parameters: - - **accessPoint** – **[in]** [ApInfo](https://docs.qualcomm.com/doc/80-PF458-8/topic/struct_a00613.html#a00613) provides information about an AP. - **isTrusted** – **[out]** True if trusted; false otherwise. - inline virtual ~IWiFiReportListener() - [IWiFiReportListener](https://docs.qualcomm.com/doc/80-PF458-8/topic/security.html#a00614) destructor. Last Published: May 20, 2026 [Previous Topic telux::power::ITcuActivityManager](https://docs.qualcomm.com/bundle/publicresource/80-PF458-8/topics/tcu_activity_manager.md) [Next Topic Sensor](https://docs.qualcomm.com/bundle/publicresource/80-PF458-8/topics/sensor.md)