t-head/thead-uboot
1
0
Fork 0
mirror of https://github.com/revyos/th1520-vendor-uboot.git synced 2026-06-21 09:02:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Linux_SDK_V2.0.2

Browse Source 
Signed-off-by: devops_admin <devops_admin@alibabacloud.com>
This commit is contained in:
devops_admin
2024-08-26 01:45:12 +00:00
committed by Han Gao
parent fc9575fa63
commit 8942b2dce6
106 changed files with 19083 additions and 529 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
lib/sec_library/include/aes.h
View File

@@ -64,9 +64,11 @@ typedef enum{
AES_MODE_CBC = 0x20000020,
AES_MODE_CTR = 0x200001c0,
AES_MODE_CFB = 0x20000400,
AES_MODE_GCM = 0x20030040,
AES_MODE_CCM = 0x21D40040,
AES_MODE_GCM = 0x20020040,
AES_MODE_CCM = 0x207C0040,
AES_MODE_OFB = 0x24000000,
AES_MODE_XTS = 0x20001800,
AES_MODE_CBC_MAC = 0x2000800C,
} csi_aes_mode_t;
/**
@@ -82,10 +84,16 @@ typedef struct {
*/
typedef struct {
uint32_t key_len_byte;
uint8_t key[32]; /*Data block being processed*/
uint8_t key[32]; /*Data block being processed*/
uint32_t sca;
uint32_t is_kdf;
uint32_t is_dma;
uint64_t HH[16];
uint64_t HL[16];
uint8_t ctr[16];
uint8_t buf[16];
uint32_t origin_add_len;
uint32_t origin_len;
} csi_aes_context_t;
/**
@@ -294,7 +302,7 @@ csi_error_t csi_aes_ctr_decrypt(csi_aes_t *aes,void *in,void *out,uint32_t size,
\param[in] iv init vector
\return error code \ref csi_error_t
*/
csi_error_t csi_aes_gcm_encrypt(csi_aes_t *aes, void *in, void *out,uint32_t size, uint32_t add_len, void *iv);
csi_error_t csi_aes_gcm_encrypt(csi_aes_t *aes, void *in, void *out, uint32_t size, uint32_t add_len, void *iv, void *tag);
/**
\brief Aes gcm decrypt
@@ -305,7 +313,7 @@ csi_error_t csi_aes_gcm_encrypt(csi_aes_t *aes, void *in, void *out,uint32_t siz
\param[in] iv init vecotr
\return error code \ref csi_error_t
*/
csi_error_t csi_aes_gcm_decrypt(csi_aes_t *aes, void *in, void *out,uint32_t size, uint32_t add_len, void *iv);
csi_error_t csi_aes_gcm_decrypt(csi_aes_t *aes, void *in, void *out, uint32_t size, uint32_t add_len, void *iv, void *tag);
/**
\brief Aes ccm encrypt
@@ -317,7 +325,7 @@ csi_error_t csi_aes_gcm_decrypt(csi_aes_t *aes, void *in, void *out,uint32_t siz
\param[in] tag_out tag output
\return error code \ref csi_error_t
*/
csi_error_t csi_aes_ccm_encrypt(csi_aes_t *aes, void *in, void *out,uint32_t size, uint32_t add_len, void *iv, uint8_t *tag_out);
csi_error_t csi_aes_ccm_encrypt(csi_aes_t *aes, void *in, void *out, uint32_t size, uint32_t add_len, void *iv, void *tag);
/**
\brief Aes ccm decrypt
@@ -329,7 +337,7 @@ csi_error_t csi_aes_ccm_encrypt(csi_aes_t *aes, void *in, void *out,uint32_t siz
\param[in] tag_out tag output
\return error code \ref csi_error_t
*/
csi_error_t csi_aes_ccm_decrypt(csi_aes_t *aes, void *in, void *out,uint32_t size, uint32_t add_len, void *iv, uint8_t *tag_out);
csi_error_t csi_aes_ccm_decrypt(csi_aes_t *aes, void *in, void *out, uint32_t size, uint32_t add_len, void *iv, void *tag);
/**
\brief Enable AES power manage
@@ -347,11 +355,55 @@ void csi_aes_disable_pm(csi_aes_t *aes);
/**
\brief Config AES data transfer mode
\param[in] mode \ref csi_des_trans_mode_t
\param[in] mode \ref csi_des_trans_mode_t
\return None
*/
csi_error_t csi_aes_trans_config(csi_aes_t *aes, csi_aes_trans_mode_t mode);
/**
\brief Aes xts encrypt
\param[in] dev_aes dev_aes handle to operate
\param[in] in Pointer to the Source data
\param[out] out Pointer to the Result data
\param[in] size the Source data size
\param[in] iv init vector
\param[in] key2 XTS second key
\return error code \ref csi_error_t
*/
csi_error_t csi_aes_xts_encrypt(csi_aes_t *aes, void *in, void *out, uint32_t size, void *iv, void *key2);
/**
\brief Aes xts decrypt
\param[in] dev_aes dev_aes handle to operate
\param[in] in Pointer to the Source data
\param[out] out Pointer to the Result data
\param[in] size the Source data size
\param[in] iv init vecotr
\param[in] key2 XTS second key
\return error code \ref csi_error_t
*/
csi_error_t csi_aes_xts_decrypt(csi_aes_t *aes, void *in, void *out, uint32_t size, void *iv, void *key2);
/**
\brief Aes cbc mac encrypt
\param[in] dev_aes dev_aes handle to operate
\param[in] in Pointer to the Source data
\param[in] size the Source data size
\param[out] tag tag output
\return error code \ref csi_error_t
*/
csi_error_t csi_aes_cbc_mac_encrypt(csi_aes_t *aes, void *in, uint32_t size, void *tag);
/**
\brief Aes cbc mac decrypt
\param[in] dev_aes dev_aes handle to operate
\param[in] in Pointer to the Source data
\param[in] size the Source data size
\param[in] tag tag authen
\return error code \ref csi_error_t
*/
csi_error_t csi_aes_cbc_mac_decrypt(csi_aes_t *aes, void *in, uint32_t size, void *tag);
#ifdef __cplusplus
}
#endif

106
lib/sec_library/include/sec_crypto_aes.h
View File

@@ -27,6 +27,10 @@
#include "crypto_aes.h"
#endif
#ifdef CONFIG_SEC_CRYPTO_GCM_SW
#include "crypto_gcm.h"
#endif
#ifdef __cplusplus
extern "C" {
#endif
@@ -69,6 +73,9 @@ typedef struct {
#if defined(CONFIG_SEC_CRYPTO_AES_SW)
sc_mbedtls_aes_context aes_ctx;
#endif
#if defined(CONFIG_SEC_CRYPTO_GCM_SW)
mbedtls_gcm_context gcm_ctx;
#endif
} sc_aes_t;
/*Function documentation*/
@@ -87,6 +94,14 @@ uint32_t sc_aes_init(sc_aes_t *aes, uint32_t idx);
*/
void sc_aes_uninit(sc_aes_t *aes);
/**
\brief Aes data transfer config
\param[in] aes handle to operate
\param[in] mode \ref sc_aes_trans_mode_t
\return error code \ref uint32_t
*/
uint32_t sc_aes_trans_config(sc_aes_t *aes, sc_aes_trans_mode_t mode);
/**
\brief Set encrypt key
\param[in] aes handle to operate
@@ -263,53 +278,104 @@ uint32_t sc_aes_ctr_decrypt(sc_aes_t *aes, void *in, void *out, uint32_t size,vo
/**
\brief Aes gcm encrypt
\param[in] dev_aes dev_aes handle to operate
\param[in] in Pointer to the Source data.
\param[in] in Pointer to the Source data(add + plaintext, Add can be null,
Add and plaintext must be to an integer multiple of 16Byte)
\param[out] out Pointer to the Result data
\param[in] size the Source data size
\param[in] iv init vector
\param[in] size the Source data true size
\param[in] add_len the Additional authenticated data true size
\param[in] iv Nonce(12Byte)
\param[out] tag tag output(16byte), parse null if not needed
\return error code \ref csi_error_t
*/
uint32_t sc_aes_gcm_encrypt(sc_aes_t *aes, void *in, void *out,uint32_t size, uint32_t add_len, void *iv);
uint32_t sc_aes_gcm_encrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, uint32_t add_len, void *iv, void* tag);
/**
\brief Aes gcm decrypt
\param[in] dev_aes dev_aes handle to operate
\param[in] in Pointer to the Source data.
\param[out] out Pointer to the Result data
\param[in] size the Source data size
\param[in] iv init vecotr
\param[in] in Pointer to the Source data
\param[in] in Pointer to the Source data(add + cipher, Add can be null,
Add and plaintext must be to an integer multiple of 16Byte)
\param[in] size the Source data true size
\param[in] add_len the Additional authenticated data true size
\param[in] iv Nonce(12Byte)
\param[in] tag tag authenticated(16byte), parse null if not needed
\return error code \ref csi_error_t
*/
uint32_t sc_aes_gcm_decrypt(sc_aes_t *aes, void *in, void *out,uint32_t size, uint32_t add_len, void *iv);
uint32_t sc_aes_gcm_decrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, uint32_t add_len, void *iv, void* tag);
/**
\brief Aes gcm encrypt
\param[in] dev_aes dev_aes handle to operate
\param[in] in Pointer to the Source data.
\param[in] in Pointer to the Source data(add + padding + plaintext + padding, Add can be null,
Add and plaintext must fill to an integer multiple of 16Byte with zero,
ignore this if the value is a multiple of 16)
\param[out] out Pointer to the Result data
\param[in] size the Source data size
\param[in] iv init vector
\param[in] tag_out tag output ,parse null if not needed
\param[in] size the Source data true size
\param[in] add_len the Additional authenticated data true size
\param[in] iv Nonce(only support 7Byte)
\param[out] tag tag authenticated(onlt support 4Byte), parse null if not needed
\return error code \ref csi_error_t
*/
uint32_t sc_aes_ccm_encrypt(sc_aes_t *aes, void *in, void *out,uint32_t size, uint32_t add_len, void *iv, uint8_t* tag_out);
uint32_t sc_aes_ccm_encrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, uint32_t add_len, void *iv, void* tag);
/**
\brief Aes gcm decrypt
\param[in] dev_aes dev_aes handle to operate
\param[in] in Pointer to the Source data.
\param[in] in Pointer to the Source data(add + padding + cipher + padding, Add can be null,
Add and cipher must fill to an integer multiple of 16 with zero,
ignore this if the value is a multiple of 16)
\param[out] out Pointer to the decrypted data
\param[in] size the Source data true size
\param[in] add_len the Additional authenticated data true size
\param[in] iv Nonce(only support 7Byte)
\param[in] tag tag authenticated(onlt support 4Byte), parse null if not needed
\return error code \ref csi_error_t
*/
uint32_t sc_aes_ccm_decrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, uint32_t add_len, void *iv, void* tag);
/**
\brief Aes xts encrypt
\param[in] aes handle to operate
\param[in] in Pointer to the Source data
\param[out] out Pointer to the Result data
\param[in] size the Source data size
\param[in] iv init vecotr
\param[in] tag_out tag output,parse null if not needed
\return error code \ref csi_error_t
\param[in] key2 XTS Second key
\return error code \ref uint32_t
*/
uint32_t sc_aes_ccm_decrypt(sc_aes_t *aes, void *in, void *out,uint32_t size, uint32_t add_len, void *iv, uint8_t* tag_out);
uint32_t sc_aes_xts_encrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, void *iv, void *key2);
/**
\brief Aes data transfer config
\brief Aes xts decrypt
\param[in] aes handle to operate
\param[in] in Pointer to the Source data
\param[out] out Pointer to the Result data
\param[in] size the Source data size
\param[in] iv init vecotr
\param[in] key2 XTS Second key
\return error code \ref uint32_t
*/
uint32_t sc_aes_trans_config(sc_aes_t *aes, sc_aes_trans_mode_t mode) ;
uint32_t sc_aes_xts_decrypt(sc_aes_t *aes, void *in, void *out, uint32_t size, void *iv, void *key2);
/**
\brief Aes cbc mac encrypt
\param[in] aes handle to operate
\param[in] in Pointer to the Source data
\param[in] size the Source data size
\param[out] tag tag output
\return error code \ref uint32_t
*/
uint32_t sc_aes_cbc_mac_encrypt(sc_aes_t *aes, void *in, uint32_t size, void *tag);
/**
\brief Aes cbc mac decrypt
\param[in] aes handle to operate
\param[in] in Pointer to the Source data
\param[in] size the Source data size
\param[in] tag tag authen
\return error code \ref uint32_t
*/
uint32_t sc_aes_cbc_mac_decrypt(sc_aes_t *aes, void *in, uint32_t size, void *tag);
#ifdef __cplusplus
}

26
lib/sec_library/include/sec_crypto_ecc.h
View File

@@ -99,7 +99,7 @@ void sc_ecc_uninit(sc_ecc_t *ecc);
\return \ref uint32_t
*/
uint32_t sc_ecc_config(sc_ecc_t *ecc, sc_ecc_cipher_order_e co,
sc_ecc_endian_mode_e endian);
sc_ecc_endian_mode_e endian);
/**
\brief Attach the callback handler to ECC
@@ -124,7 +124,7 @@ uint32_t sc_ecc_detach_callback(sc_ecc_t *ecc);
*/
uint32_t sc_ecc_get_capabilities(sc_ecc_t *ecc, sc_ecc_capabilities_t *cap);
uint32_t sc_ecc_check_keypair(sc_ecc_t *ecc, uint8_t pubkey[65],
uint32_t sc_ecc_check_keypair(sc_ecc_t *ecc, uint8_t pubkey[64],
uint8_t prikey[32]);
/**
@@ -134,7 +134,7 @@ uint32_t sc_ecc_check_keypair(sc_ecc_t *ecc, uint8_t pubkey[65],
\param[out] public Pointer to the ecc public key, alloc by caller.
\return \ref uint32_t
*/
uint32_t sc_ecc_gen_key(sc_ecc_t *ecc, uint8_t pubkey[65], uint8_t prikey[32]);
uint32_t sc_ecc_gen_key(sc_ecc_t *ecc, uint8_t pubkey[64], uint8_t prikey[32]);
/**
@@ -144,7 +144,7 @@ uint32_t sc_ecc_gen_key(sc_ecc_t *ecc, uint8_t pubkey[65], uint8_t prikey[32]);
\param[out] pubkey Pointer to the ecc public key, alloc by caller.
\return \ref uint32_t
*/
uint32_t sc_ecc_gen_pubkey(sc_ecc_t *ecc, uint8_t pubkey[65],
uint32_t sc_ecc_gen_pubkey(sc_ecc_t *ecc, uint8_t pubkey[64],
uint8_t prikey[32], sc_ecc_curve_type type);
/**
@@ -156,7 +156,7 @@ uint32_t sc_ecc_gen_pubkey(sc_ecc_t *ecc, uint8_t pubkey[65],
\return \ref uint32_t
*/
uint32_t sc_ecc_sign(sc_ecc_t *ecc, uint8_t d[32], uint8_t prikey[32],
uint8_t s[64], sc_ecc_curve_type type);
uint8_t s[64], sc_ecc_curve_type type);
/**
\brief ecc sign
@@ -167,7 +167,7 @@ uint32_t sc_ecc_sign(sc_ecc_t *ecc, uint8_t d[32], uint8_t prikey[32],
\return \ref uint32_t
*/
uint32_t sc_ecc_sign_async(sc_ecc_t *ecc, uint8_t d[32], uint8_t prikey[32],
uint8_t s[64], sc_ecc_curve_type type);
uint8_t s[64], sc_ecc_curve_type type);
/* TODO */
/**
@@ -178,8 +178,8 @@ uint32_t sc_ecc_sign_async(sc_ecc_t *ecc, uint8_t d[32], uint8_t prikey[32],
\param[out] s Pointer to the signature
\return verify result
*/
bool sc_ecc_verify(sc_ecc_t *ecc, uint8_t d[32], uint8_t pubkey[65],
uint8_t s[64], sc_ecc_curve_type type);
bool sc_ecc_verify(sc_ecc_t *ecc, uint8_t d[32], uint8_t pubkey[64],
uint8_t s[64], sc_ecc_curve_type type);
/**
\brief ecc verify
@@ -189,8 +189,8 @@ bool sc_ecc_verify(sc_ecc_t *ecc, uint8_t d[32], uint8_t pubkey[65],
\param[out] s Pointer to the signature
\return verify result
*/
bool sc_ecc_verify_async(sc_ecc_t *ecc, uint8_t d[32], uint8_t pubkey[65],
uint8_t s[64], sc_ecc_curve_type type);
bool sc_ecc_verify_async(sc_ecc_t *ecc, uint8_t d[32], uint8_t pubkey[64],
uint8_t s[64], sc_ecc_curve_type type);
/**
\brief ecc encrypto
@@ -203,7 +203,7 @@ bool sc_ecc_verify_async(sc_ecc_t *ecc, uint8_t d[32], uint8_t pubkey[65],
\return uint32_t
*/
uint32_t sc_ecc_encrypt(sc_ecc_t *ecc, uint8_t *plain, uint32_t plain_len,
uint8_t pubKey[65], uint8_t *cipher,
uint8_t pubKey[64], uint8_t *cipher,
uint32_t *cipher_len);
/**
@@ -237,7 +237,7 @@ uint32_t sc_ecc_exchangekey(sc_ecc_t *ecc, sc_ecc_exchange_role_e role,
\return uint32_t
*/
uint32_t sc_ecc_getZ(sc_ecc_t *ecc, uint8_t *id, uint32_t id_len,
uint8_t pubkey[65], uint8_t z[32]);
uint8_t pubkey[65], uint8_t z[32]);
/**
\brief ecc key exchange get E
@@ -245,7 +245,7 @@ uint32_t sc_ecc_getZ(sc_ecc_t *ecc, uint8_t *id, uint32_t id_len,
\return uint32_t
*/
uint32_t sc_ecc_getE(sc_ecc_t *ecc, uint8_t *m, uint32_t len, uint8_t z[32],
uint8_t e[32]);
uint8_t e[32]);
/**
\brief Get ECC state.

113
lib/sec_library/include/sec_crypto_ecdh.h
View File

@@ -1,53 +1,104 @@
/*
* Copyright (C) 2017-2022 Alibaba Group Holding Limited
* Copyright (C) 2017-2023 Alibaba Group Holding Limited
*/
/******************************************************************************
* @file sec_crypto_ecdh.h
* @brief Header File for curve25519( a state-of-the-art Diffie-Hellman function)
* @version V3.3
* @date 10. June 2022
* @file sec_crypt_ecdh.h
* @brief Header File for ECDH
* @version V1.0
* @date 12. May 2023
* @model ecdh
******************************************************************************/
#ifndef _SC_ECDH_H_
#define _SC_ECDH_H_
#include "sec_include_config.h"
#define CONFIG_SEC_CRYPTO_ECC
#include <stdint.h>
#include <sec_crypto_errcode.h>
#include <sec_crypto_ecdsa.h>
#ifdef CONFIG_SEC_CRYPTO_ECC
#ifdef CONFIG_SYSTEM_SECURE
#ifdef SEC_LIB_VERSION
#include <drv/ecc.h>
#else
#include "ecc.h"
#endif
#endif
#ifdef CONFIG_SEC_CRYPTO_ECC_SW
#include "crypto_ecc_dsa.h"
#endif
#ifdef __cplusplus
extern "C" {
#endif
#ifdef SEC_LIB_VERSION
#include "drv/ecdh.h"
#include "drv/ecc.h"
#include "sec_crypto_ecc.h"
#else
#include "ecdh.h"
#include "ecc.h"
#include "sec_crypto_ecc.h"
#endif
#define EC_SECP521R1_SECRET_KEY_LEN 32
/**
\brief ecdh calc secret
\param[in] ecc ecc handle to operate.
\param[in] pubkey Pointer to the A(or B) public key.
\param[out] privkey Pointer to the B(or A) private key.
\param[out] out Pointer to the share secret.
\param[out] len length of the share secret.
\return \ref uint32_t.
\brief ECDH Ctrl Block
*/
typedef struct {
#ifdef CONFIG_SYSTEM_SECURE
#ifdef CONFIG_CSI_V1
aes_handle_t handle;
#endif
#ifdef CONFIG_CSI_V2
// csi_ecdh_t csi_ecdh;
csi_ecc_t csi_ecdh;
#endif
#endif
#if defined(CONFIG_TEE_CA)
#endif
#if defined(CONFIG_SEC_CRYPTO_ECC_SW)
uECC_Curve ecdh_ctx;
#endif
} sc_ecdh_t;
uint32_t sc_ecdh_calc_secret(sc_ecc_t *ecc, uint8_t privkey[32],
uint8_t pubkey[65], uint8_t out[32],
uint32_t *len, sc_ecc_curve_type type) ;
// Function documentation
/**
\brief Initialize ECDH interface. Initializes the resources needed for the ECDH interface
\param[in] ecdh Handle to operate
\param[in] idx Device id
\return Error code
*/
uint32_t sc_ecdh_init(sc_ecdh_t *ecdh, uint32_t idx);
/**
\brief De-initialize ECDH interface. Stops operation and releases the software resources used by the interface
\param[in] ecdh Dandle to operate
\return None
*/
void sc_ecdh_uninit(sc_ecdh_t *ecdh);
/**
\brief Load curve param to engin
\param[in] ecdh Handle to operate
\param[in] type Pointer to \ref sc_curve_type_t
\return Error code
*/
uint32_t sc_ecdh_load_curve(sc_ecdh_t *ecdh, sc_curve_type_t type);
/**
\brief ECDH generate key pairs
\param[in] ecdh Handle to operate
\param[out] privkey Pointer to the private key buf
\param[out] pubkey Pointer to the public key buf
\return Error code
*/
uint32_t sc_ecdh_gen_keypair(sc_ecdh_t *ecdh, uint8_t *prikey, uint8_t *pubkey);
/**
\brief ECDH ECDH generate secret key
\param[in] ecdh Handle to operate
\param[in] privkey Pointer to the private key buf of Alice
\param[in] pubkey Pointer to the public key buf of Bob
\param[out] sk Pointer to the secret key buf
\param[out] sk_len The secret key length
\return Error code
*/
uint32_t sc_ecdh_calc_secret(sc_ecdh_t *ecdh, const uint8_t *privkey, const uint8_t *pubkey,
uint8_t *sk, uint32_t *sk_len);
#ifdef __cplusplus
}
#endif
#endif
#endif /* _SC_CURVE15519_H_ */
#endif /* _SC_ECDH_H_ */

120
lib/sec_library/include/sec_crypto_ecdsa.h Executable file
View File

@@ -0,0 +1,120 @@
/*
* Copyright (C) 2017-2023 Alibaba Group Holding Limited
*/
/******************************************************************************
* @file seccrypt_ecdsa.h
* @brief Header File for ECDSA
* @version V1.0
* @date 11. May 2023
* @model ecdsa
******************************************************************************/
#ifndef _SC_ECDSA_H_
#define _SC_ECDSA_H_
#include <stdint.h>
#include <sec_crypto_errcode.h>
#ifdef CONFIG_SYSTEM_SECURE
// #include "drv/ecdsa.h"
#endif
#ifdef CONFIG_SEC_CRYPTO_ECC_SW
#include "crypto_ecc_dsa.h"
#endif
#ifdef __cplusplus
extern "C" {
#endif
typedef enum {
SC_CURVES_SECP256K1 = 0U, /* SECG curve over a 256 bit prime field */
SC_CURVES_SECP384R1, /* NIST/SECG curve over a 384 bit prime field */
SC_CURVES_SECP521R1, /* NIST/SECG curve over a 521 bit prime field */
SC_CURVES_BRAINPOOL256R1, /* RFC 5639 curve over a 256 prime field */
SC_CURVES_BRAINPOOL256T1, /* RFC 5639 curve over a 256 prime field */
SC_CURVES_BRAINPOOL512R1, /* RFC 5639 curve over a 512 prime field */
SC_CURVES_BRAINPOOL512T1, /* RFC 5639 curve over a 512 prime field */
} sc_curve_type_t;
#define EC_SECP521R1_PRIVATE_KEY_LEN 32
#define EC_SECP521R1_PUBLIC_KEY_LEN 64
#define EC_SECP521R1_DIGEST_LEN 32
#define EC_SECP521R1_SIGNATURE_LEN 64
/**
\brief ECDSA Ctrl Block
*/
typedef struct {
#ifdef CONFIG_SYSTEM_SECURE
#ifdef CONFIG_CSI_V1
aes_handle_t handle;
#endif
#ifdef CONFIG_CSI_V2
// csi_ecdsa_t csi_ecdsa;
#endif
#endif
#if defined(CONFIG_TEE_CA)
#endif
#if defined(CONFIG_SEC_CRYPTO_ECC_SW)
uECC_Curve ecdsa_ctx;
#endif
} sc_ecdsa_t;
// Function documentation
/**
\brief Initialize ECDSA interface. Initializes the resources needed for the ECDSA interface
\param[in] ecdsa Handle to operate
\param[in] idx Device id
\return Error code
*/
uint32_t sc_ecdsa_init(sc_ecdsa_t *ecdsa, uint32_t idx);
/**
\brief De-initialize ECDSA interface. Stops operation and releases the software resources used by the interface
\param[in] ecdsa Dandle to operate
\return None
*/
void sc_ecdsa_uninit(sc_ecdsa_t *ecdsa);
/**
\brief Load curve param to engin
\param[in] ecdsa Handle to operate
\param[in] type Pointer to \ref csi_curve_type_t
\return Error code
*/
uint32_t sc_ecdsa_load_curve(sc_ecdsa_t *ecdsa, sc_curve_type_t type);
/**
\brief Ecdsa Sign
\param[in] ecdsa Handle to operate
\param[in] prikey Pointer to the private key buf
\param[in] prikey_len The private key length
\param[in] dgst Pointer to the digest buf
\param[in] dgst_len The digest length
\param[out] sig Pointer to the signature buf
\param[out] sig_len The signature length
\return Error code
*/
uint32_t sc_ecdsa_sign(sc_ecdsa_t *ecdsa, const uint8_t *prikey, uint32_t prikey_len,
const uint8_t *dgst, uint32_t dgst_len, uint8_t *sig, uint32_t *sig_len);
/**
\brief Ecdsa Verify
\param[in] ecdsa Handle to operate
\param[in] pubkey Pointer to the public key buf
\param[in] prikey_len The public key length
\param[in] dgst Pointer to the digest buf
\param[in] dgst_len The digest length
\param[in] sig Pointer to the signature buf
\param[in] sig_len The signature length
\return Error code
*/
uint32_t sc_ecdsa_verify(sc_ecdsa_t *ecdsa, const uint8_t *pubkey, uint32_t pubkey_len,
const uint8_t *dgst, uint32_t gst_len, const uint8_t *sig, uint32_t sig_len);
#ifdef __cplusplus
}
#endif
#endif /* _SC_ECDSA_H_ */

117
lib/sec_library/include/sec_crypto_gcm.h Normal file
View File

@@ -0,0 +1,117 @@
/*
* Copyright (C) 2017-2020 Alibaba Group Holding Limited
*/
/******************************************************************************
* @file seccrypt_aes.h
* @brief Header File for AES
* @version V1.0
* @date 20. Jul 2020
* @model aes
******************************************************************************/
#ifndef _SC_GCM_H_
#define _SC_GCM_H_
#include "sec_include_config.h"
#include <stdint.h>
#include "sec_crypto_errcode.h"
#ifdef CONFIG_SEC_CRYPTO_AES_SW
#include "crypto_aes.h"
#include <sec_crypto_aes.h>
#endif
#ifdef CONFIG_SEC_CRYPTO_GCM_SW
#include "crypto_gcm.h"
#endif
#ifdef __cplusplus
extern "C" {
#endif
/*Function documentation*/
/**
\brief Initialize AES Interface. Initializes the resources needed for the AES interface
\param[in] aes operate handle
\param[in] idx device id
\return error code \ref uint32_t
*/
uint32_t sc_gcm_init(sc_aes_t *aes, uint32_t idx);
/**
\brief De-initialize AES Interface. stops operation and releases the software resources used by the interface
\param[in] aes handle to operate
\return None
*/
void sc_gcm_uninit(sc_aes_t *aes);
/**
\brief Set encrypt key
\param[in] aes handle to operate
\param[in] key Pointer to the key buf
\param[in] key_len Pointer to \ref sc_aes_key_bits_t
\return error code \ref uint32_t
*/
uint32_t sc_gcm_set_encrypt_key(sc_aes_t *aes, void *key, sc_aes_key_bits_t key_len);
/**
\brief Set decrypt key
\param[in] aes handle to operate
\param[in] key Pointer to the key buf
\param[in] key_len Pointer to \ref sc_aes_key_bits_t
\return error code \ref uint32_t
*/
uint32_t sc_gcm_set_decrypt_key(sc_aes_t *aes, void *key, sc_aes_key_bits_t key_len);
/**
\brief gcm encrypt data
\param[in] aes aes handle to operate
\param[in] length Length of plaintext buffer
\param[in] iv_len Length of iv buffer
\param[in] add Pointer to the add buf, can be NULL
\param[in] add_len Length of add buffer, can ben zero
\param[in] input Pointer to the plaintext buf
\param[in] output Pointer to the cipher buf
\param[in] tag_len Length of tag buffer
\param[in] tag Pointer to the tag buf
\return error code \ref uint32_t
*/
uint32_t sc_gcm_encrypt_and_tag(sc_aes_t *aes, uint32_t length,
const void *iv,
uint32_t iv_len,
const void *add,
uint32_t add_len,
const void *input,
void *output,
uint32_t tag_len,
void *tag);
/**
\brief Aes gcm decrypt
\param[in] aes aes handle to operate
\param[in] length Length of cipher buffer
\param[in] iv Pointer to the iv buf
\param[in] iv_len Length of iv buffer
\param[in] add Pointer to the add buf, can be NULL
\param[in] add_len Length of add buffer, can ben zero
\param[in] input Pointer to the cipher buf
\param[in] output Pointer to the plaintext buf
\param[in] tag_len Length of tag buffer
\param[in] tag Pointer to the tag buf
\return error code \ref uint32_t
*/
uint32_t sc_gcm_auth_decrypt(sc_aes_t *aes, uint32_t length,
const void *iv,
uint32_t iv_len,
const void *add,
uint32_t add_len,
const void *tag,
uint32_t tag_len,
const void *input,
void *output);
#ifdef __cplusplus
}
#endif
#endif /* _SC_AES_H_ */

100
lib/sec_library/include/sec_ecies_crypto.h Normal file
View File

@@ -0,0 +1,100 @@
#ifndef __SEC_ECIES_CRYPTO_H__
#define __SEC_ECIES_CRYPTO_H__
#ifdef _WIN32
#include "win_ctypes.h"
#else
#include <linux/types.h>
#endif
/**
\brief Ecies malloc
\param[in] size
\return error code \ref int
*/
void *csi_ecies_malloc(uint32_t size);
/**
\brief Ecies free
\param[in] buffer
\return error code \ref int
*/
void csi_ecies_free(void *buffer);
/**
\brief Ecies transmit apdu command message
\param[in] ss session handle to operate
\param[in] apdu Pointer to the apdu buf
\param[in] apduLen Length of apdu buffer
\param[out] apduResponse Pointer to the apduResponse buf
\param[out] apduResponseLen Length of apduResponse buffer
\return error code \ref int
*/
int csi_ecies_transmit_apdu(void *ss, const uint8_t *apdu,
uint32_t apduLen, uint8_t *apduResponse, uint32_t *apduResponseLen);
/**
\brief Ecies generate ec key pair
\param[in] ss session handle to operate
\param[out] privateKey Pointer to the private key buf
\param[out] privateKeyLen Length of private key
\param[out] publicKey Pointer to the public key buf
\param[out] publicKeyLen Length of public key
\return error code \ref int
*/
int csi_ecies_generate_keypair(void *ss, uint8_t *privateKey, uint32_t *privateKeyLen,
uint8_t *publicKey, uint32_t *publicKeyLen);
/**
\brief Ecies generate ec share key
\param[in] ss session handle to operate
\param[in] privateKey Pointer to the private key buf
\param[in] privateKeyLen Length of private key
\param[in] publicKey Pointer to the public key buf
\param[in] publicKeyLen Length of public key
\param[out] shareKey Pointer to the share key buf
\param[out] shareKeyLen Length of share key
\return error code \ref int
*/
int csi_ecies_generate_share_key(void *ss, const uint8_t *privateKey, uint32_t privateKeyLen,
const uint8_t *publicKey, uint32_t publicKeyLen, uint8_t *shareKey, uint32_t *shareKeyLen);
/**
\brief Ecies kdf ec share key
\param[in] ss session handle to operate
\param[in] shareKey Pointer to the share key buf
\param[in] shareKeyLen Length of share key
\param[in] encKeyLen Length of encrypt key
\param[out] encKey Pointer to the encrypt key buf
\param[in] macKeyLen Length of mac key
\param[out] macKey Pointer to the mac key buf
\return error code \ref int
*/
int csi_ecies_kdf_key(void *ss, const uint8_t *shareKey, uint32_t shareKeyLen,
uint32_t encKeyLen, uint8_t *encKey, uint32_t macKeyLen, uint8_t *macKey);
/**
\brief Ecies encrypt and generate tag
\param[in] ss session handle to operate
\param[in] length Length of input buffer
\param[in] input Pointer to the input buf
\param[out] output Pointer to the output buf
\param[in] tagLen Length of tag
\param[out] tag Pointer to the tag buf
\return error code \ref int
*/
int csi_ecies_encrypt_and_tag(void *ss, uint32_t length, const uint8_t *input, uint8_t *output,
uint32_t tagLen, uint8_t *tag);
/**
\brief Ecies auth tag and decrypt
\param[in] ss session handle to operate
\param[in] length Length of input buffer
\param[in] tag Pointer to the tag buf
\param[in] tagLen Length of tag
\param[in] input Pointer to the input buf
\param[out] output Pointer to the output buf
\return error code \ref int
*/
int csi_ecies_auth_decrypt(void *ss, uint32_t length, const uint8_t *tag, uint32_t tagLen,
const uint8_t *input, uint8_t *output);
#endif /* __SEC_ECIES_CRYPTO_H__ */

170
lib/sec_library/include/sec_ecies_session.h Normal file
View File

@@ -0,0 +1,170 @@
#ifndef __SEC_ECIES_SESSION_H__
#define __SEC_ECIES_SESSION_H__
#ifdef _WIN32
#include "win_ctypes.h"
#else
#include <linux/types.h>
#endif
#include <stdint.h>
#define ECIES_SDATA_MAX_LEN (1024*1024*16)
#define ECIES_SDATA_RESPONSE_LEN 256
#define ECIES_INIT_COMMAND_LEN 256
#define ECIES_INIT_RESPONSE_LEN 256
#define ECIES_CLOSE_COMMAND_LEN 32
#define ECIES_CLOSE_RESPONSE_LEN 32
#define ECIES_FIXED_COMMAND_LEN 16
#define ECIES_KEY_LEN 128
#define ECIES_TAG_LEN 16
#define ECIES_TAG_LEN 16
#define ECIES_DID_LEN 16
#define ECIES_SEQ_DEFAULT 0x8000E000
#define ECIES_TIMEOUT_TIME 5 /* seconds */
#define ECIES_CLA_INITIALIZE_UPDATE 0x10
#define ECIES_CLA_INITIALIZE_UPDATE_RESPONSE 0x20
#define ECIES_CLA_SDATA_SEND 0x30
#define ECIES_CLA_SDATA_SEND_RESPONSE 0x40
#define ECIES_CLA_SESSION_CLOSE 0x50
#define ECIES_CLA_SESSION_CLOSE_RESPONSE 0x60
#define ECIES_RESPONSE_OK 0x90
#define ECIES_RESPONSE_SESSION_OPENED_ERROR 0x91
#define ECIES_RESPONSE_GEN_KEY_PAIR_ERROR 0x92
#define ECIES_RESPONSE_GEN_SHARE_KEY_ERROR 0x93
#define ECIES_RESPONSE_GEN_AUTH_DECRYPT_ERROR 0x94
#define ECIES_RESPONSE_SESSION_MEM_ERROR 0x95
#define ECIES_RESPONSE_SESSION_SEQ_ERROR 0x96
#define ECIES_RESPONSE_SESSION_SID_ERROR 0x97
#define ECIES_CLA_LEN 0x01
#define ECIES_INS_LEN 0x01
#define ECIES_P0_LEN 0x04
#define ECIES_P1_LEN 0x04
#define ECIES_P2_LEN 0x01
#define ECIES_LC_LEN 0x04
#define ECIES_LE_LEN 0x01
#define ECIES_CLA_OFFSET 0x00
#define ECIES_INS_OFFSET (ECIES_CLA_OFFSET + ECIES_CLA_LEN)
#define ECIES_P0_OFFSET (ECIES_INS_OFFSET + ECIES_INS_LEN)
#define ECIES_P1_OFFSET (ECIES_P0_OFFSET + ECIES_P0_LEN)
#define ECIES_P2_OFFSET (ECIES_P1_OFFSET + ECIES_P1_LEN)
#define ECIES_LC_OFFSET (ECIES_P2_OFFSET + ECIES_P2_LEN)
#define ECIES_DATA_OFFSET (ECIES_LC_OFFSET + ECIES_LC_LEN)
enum {
ECIES_SS_CLOSE = 0,
ECIES_SS_OPEN,
};
typedef struct _ecies_dev {
void *context;
void *transmit;
uint8_t DID[ECIES_DID_LEN];
uint8_t DIDLen;
} ecies_dev;
typedef struct _ecies_session_t {
ecies_dev dev;
uint8_t schemeType;
uint8_t shareKeyLen;
uint8_t encKeyLen;
uint8_t macKeyLen;
uint8_t shareKey[ECIES_KEY_LEN];
uint8_t encKey[ECIES_KEY_LEN];
uint8_t macKey[ECIES_KEY_LEN];
uint32_t sequenceNumber;
uint32_t SID;
uint32_t timeout;
uint32_t isOpen;
} ecies_session_t;
typedef enum {
EC_PRIME256V1_AES_GCM_256 = 0,
}scheme_type;
/**
\brief Ecies host initialization session
\param[in] session session handle to operate
\param[in] context Pointer to the user-defined context
\param[in] transmit Pointer to the user-implemented transfer
\param[in] schemeType Security scheme selection
\param[in] DID Pointer to the device ID buf
\param[in] DIDLen Length of the device ID
\return error code \ref int
*/
int hal_ecies_host_init(ecies_session_t *session, void *context, void *transmit, uint8_t schemeType, uint8_t *DID, uint32_t DIDLen);
/**
\brief Ecies host session
\param[in] session session handle to operate
\return error code \ref int
*/
int hal_ecies_host_session_open(ecies_session_t *session);
/**
\brief Ecies host comm session
\param[in] session session handle to operate
\param[in] data Pointer to the data to be encrypted
\param[in] data_len Length of the data
\return error code \ref int
*/
int hal_ecies_host_session_comm(ecies_session_t *session, uint8_t *data, uint32_t dataLen);
/**
\brief Ecies host close session
\param[in] session session handle to operate
\return error code \ref int
*/
int hal_ecies_host_session_close(ecies_session_t *session);
/**
\brief Ecies host uninitiated session
\param[in] session session handle to operate
\return error code \ref int
*/
int hal_ecies_host_uninit(ecies_session_t *session);
/**
\brief Ecies slave initialization session
\param[in] session session handle to operate
\return error code \ref int
*/
int hal_ecies_slave_init(ecies_session_t *session);
/**
\brief Ecies slave comm session
\param[in] session session handle to operate
\param[in] apdu Pointer to the apdu buf
\param[in] apduLen Length of the apdu buffer
\param[out] apduResponse Pointer to the apduResponse buf
\param[out] apduResponseLen Length of the apduResponseLen buffer
\param[out] out Pointer to the out buf to be decrypted
\param[out] outLen Length of the out buffer
\return error code \ref int
*/
int hal_ecies_slave_session_comm(ecies_session_t *session, uint8_t *apdu, uint32_t apduLen,
uint8_t *apduResponse, uint32_t *apduResponseLen, uint8_t *out, uint32_t *outLen);
/**
\brief Ecies slave uninitiated session
\param[in] session session handle to operate
\return error code \ref int
*/
int hal_ecies_slave_uninit(ecies_session_t *session);
/**
\brief Ecies host get CLA and errcode
\param[in] apduResponse Pointer to the apduResponse buf
\param[in] apduResponseLen Length of the apduResponseLen buffer
\param[out] CLA CLA one byte len
\param[out] errcode Error code one byte len
\return error code \ref int
*/
int hal_ecies_status_get(uint8_t *apduResponse, uint32_t apduResponseLen, uint8_t *CLA, uint8_t *status);
#endif /* __SEC_ECIES_SESSION_H__ */

2
lib/sec_library/include/sec_library.h
View File

@@ -28,6 +28,8 @@
#include "sec_crypto_ecc.h"
#include "sec_crypto_ecdh.h"
#include "csi_sec_img_verify.h"
#include "sec_ecies_crypto.h"
#include "sec_ecies_session.h"
/* NOTE add more header */
#endif /* _SL_H_ */

320
lib/sec_library/include/soft_crypto/crypto_aes.h Executable file
View File

@@ -0,0 +1,320 @@
/**
* \file aes.h
*
* \brief AES block cipher
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef SC_MBEDTLS_AES_H
#define SC_MBEDTLS_AES_H
#include "crypto_config.h"
#include <stddef.h>
#include <stdint.h>
#include "sec_crypto_errcode.h"
/* padlock.c and aesni.c rely on these values! */
#define MBEDTLS_AES_ENCRYPT 1
#define MBEDTLS_AES_DECRYPT 0
#define SC_MBEDTLS_ERR_AES_INVALID_KEY_LENGTH SC_INVALID_KEY_LENGTH /**< Invalid key length. */
#define SC_MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH SC_INVALID_INPUT_LENGTH /**< Invalid data input length. */
// Regular implementation
//
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief AES context structure
*
* \note buf is able to hold 32 extra bytes, which can be used:
* - for alignment purposes if VIA padlock is used, and/or
* - to simplify key expansion in the 256-bit case by
* generating an extra round key
*/
typedef struct
{
int nr; /*!< number of rounds */
uint32_t *rk; /*!< AES round keys */
uint32_t buf[68]; /*!< unaligned data */
}
sc_mbedtls_aes_context;
/**
* \brief Initialize AES context
*
* \param ctx AES context to be initialized
*/
void sc_mbedtls_aes_init( sc_mbedtls_aes_context *ctx );
/**
* \brief Clear AES context
*
* \param ctx AES context to be cleared
*/
void sc_mbedtls_aes_free( sc_mbedtls_aes_context *ctx );
/**
* \brief AES key schedule (encryption)
*
* \param ctx AES context to be initialized
* \param key encryption key
* \param keybits must be 128, 192 or 256
*
* \return 0 if successful, or SC_MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
*/
int sc_mbedtls_aes_setkey_enc( sc_mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits );
/**
* \brief AES key schedule (decryption)
*
* \param ctx AES context to be initialized
* \param key decryption key
* \param keybits must be 128, 192 or 256
*
* \return 0 if successful, or SC_MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
*/
int sc_mbedtls_aes_setkey_dec( sc_mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits );
/**
* \brief AES-ECB block encryption/decryption
*
* \param ctx AES context
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
* \param input 16-byte input block
* \param output 16-byte output block
*
* \return 0 if successful
*/
int sc_mbedtls_aes_crypt_ecb( sc_mbedtls_aes_context *ctx,
int mode,
const unsigned char input[16],
unsigned char output[16] );
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
* \brief AES-CBC buffer encryption/decryption
* Length should be a multiple of the block
* size (16 bytes)
*
* \note Upon exit, the content of the IV is updated so that you can
* call the function same function again on the following
* block(s) of data and get the same result as if it was
* encrypted in one call. This allows a "streaming" usage.
* If on the other hand you need to retain the contents of the
* IV, you should either save it manually or use the cipher
* module instead.
*
* \param ctx AES context
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
* \param length length of the input data
* \param iv initialization vector (updated after use)
* \param input buffer holding the input data
* \param output buffer holding the output data
*
* \return 0 if successful, or SC_MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
*/
int sc_mbedtls_aes_crypt_cbc( sc_mbedtls_aes_context *ctx,
int mode,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
/**
* \brief AES-CFB128 buffer encryption/decryption.
*
* Note: Due to the nature of CFB you should use the same key schedule for
* both encryption and decryption. So a context initialized with
* sc_mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
*
* \note Upon exit, the content of the IV is updated so that you can
* call the function same function again on the following
* block(s) of data and get the same result as if it was
* encrypted in one call. This allows a "streaming" usage.
* If on the other hand you need to retain the contents of the
* IV, you should either save it manually or use the cipher
* module instead.
*
* \param ctx AES context
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
* \param length length of the input data
* \param iv_off offset in IV (updated after use)
* \param iv initialization vector (updated after use)
* \param input buffer holding the input data
* \param output buffer holding the output data
*
* \return 0 if successful
*/
int sc_mbedtls_aes_crypt_cfb128( sc_mbedtls_aes_context *ctx,
int mode,
size_t length,
size_t *iv_off,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
/**
* \brief AES-CFB8 buffer encryption/decryption.
*
* Note: Due to the nature of CFB you should use the same key schedule for
* both encryption and decryption. So a context initialized with
* sc_mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
*
* \note Upon exit, the content of the IV is updated so that you can
* call the function same function again on the following
* block(s) of data and get the same result as if it was
* encrypted in one call. This allows a "streaming" usage.
* If on the other hand you need to retain the contents of the
* IV, you should either save it manually or use the cipher
* module instead.
*
* \param ctx AES context
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
* \param length length of the input data
* \param iv initialization vector (updated after use)
* \param input buffer holding the input data
* \param output buffer holding the output data
*
* \return 0 if successful
*/
int sc_mbedtls_aes_crypt_cfb8( sc_mbedtls_aes_context *ctx,
int mode,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
#endif /*MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
/**
* \brief AES-CTR buffer encryption/decryption
*
* Warning: You have to keep the maximum use of your counter in mind!
*
* Note: Due to the nature of CTR you should use the same key schedule for
* both encryption and decryption. So a context initialized with
* sc_mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
*
* \param ctx AES context
* \param length The length of the data
* \param nc_off The offset in the current stream_block (for resuming
* within current cipher stream). The offset pointer to
* should be 0 at the start of a stream.
* \param nonce_counter The 128-bit nonce and counter.
* \param stream_block The saved stream-block for resuming. Is overwritten
* by the function.
* \param input The input data stream
* \param output The output data stream
*
* \return 0 if successful
*/
int sc_mbedtls_aes_crypt_ctr( sc_mbedtls_aes_context *ctx,
size_t length,
size_t *nc_off,
unsigned char nonce_counter[16],
unsigned char stream_block[16],
const unsigned char *input,
unsigned char *output );
#endif /* MBEDTLS_CIPHER_MODE_CTR */
/**
* \brief Internal AES block encryption function
* (Only exposed to allow overriding it,
* see MBEDTLS_AES_ENCRYPT_ALT)
*
* \param ctx AES context
* \param input Plaintext block
* \param output Output (ciphertext) block
*
* \return 0 if successful
*/
int sc_mbedtls_internal_aes_encrypt( sc_mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] );
/**
* \brief Internal AES block decryption function
* (Only exposed to allow overriding it,
* see MBEDTLS_AES_DECRYPT_ALT)
*
* \param ctx AES context
* \param input Ciphertext block
* \param output Output (plaintext) block
*
* \return 0 if successful
*/
int sc_mbedtls_internal_aes_decrypt( sc_mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] );
/**
* \brief Internal AES block encryption function
* (Only exposed to allow overriding it,
* see MBEDTLS_AES_ENCRYPT_ALT)
*
* \deprecated Superseded by sc_mbedtls_aes_encrypt_ext() in 2.5.0
*
* \param ctx AES context
* \param input Plaintext block
* \param output Output (ciphertext) block
*/
static inline void sc_mbedtls_aes_encrypt(
sc_mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] )
{
sc_mbedtls_internal_aes_encrypt( ctx, input, output );
}
/**
* \brief Internal AES block decryption function
* (Only exposed to allow overriding it,
* see MBEDTLS_AES_DECRYPT_ALT)
*
* \deprecated Superseded by sc_mbedtls_aes_decrypt_ext() in 2.5.0
*
* \param ctx AES context
* \param input Ciphertext block
* \param output Output (plaintext) block
*/
static inline void sc_mbedtls_aes_decrypt(
sc_mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] )
{
sc_mbedtls_internal_aes_decrypt( ctx, input, output );
}
#ifdef __cplusplus
}
#endif
#endif /* aes.h */

336
lib/sec_library/include/soft_crypto/crypto_asn1.h Executable file
View File

@@ -0,0 +1,336 @@
/**
* \file asn1.h
*
* \brief Generic ASN.1 parsing
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef SC_MBEDTLS_ASN1_H
#define SC_MBEDTLS_ASN1_H
#include "crypto_config.h"
#include <stddef.h>
#include "crypto_bignum.h"
/**
* \addtogroup asn1_module
* \{
*/
/**
* \name ASN1 Error codes
* These error codes are OR'ed to X509 error codes for
* higher error granularity.
* ASN1 is a standard to specify data structures.
* \{
*/
#define SC_MBEDTLS_ERR_ASN1_OUT_OF_DATA SC_INVALID_FORMAT /**< Out of data when parsing an ASN1 data structure. */
#define SC_MBEDTLS_ERR_ASN1_UNEXPECTED_TAG SC_INVALID_FORMAT /**< ASN1 tag was of an unexpected value. */
#define SC_MBEDTLS_ERR_ASN1_INVALID_LENGTH SC_INVALID_FORMAT /**< Error when trying to determine the length or invalid length. */
#define SC_MBEDTLS_ERR_ASN1_LENGTH_MISMATCH SC_INVALID_FORMAT /**< Actual length differs from expected length. */
#define SC_MBEDTLS_ERR_ASN1_INVALID_DATA SC_INVALID_FORMAT /**< Data is invalid. (not used) */
#define SC_MBEDTLS_ERR_ASN1_ALLOC_FAILED SC_INVALID_FORMAT /**< Memory allocation failed */
#define SC_MBEDTLS_ERR_ASN1_BUF_TOO_SMALL SC_INVALID_FORMAT /**< Buffer too small when writing ASN.1 data structure. */
/* \} name */
/**
* \name DER constants
* These constants comply with DER encoded the ANS1 type tags.
* DER encoding uses hexadecimal representation.
* An example DER sequence is:\n
* - 0x02 -- tag indicating INTEGER
* - 0x01 -- length in octets
* - 0x05 -- value
* Such sequences are typically read into \c ::mbedtls_x509_buf.
* \{
*/
#define MBEDTLS_ASN1_BOOLEAN 0x01
#define MBEDTLS_ASN1_INTEGER 0x02
#define MBEDTLS_ASN1_BIT_STRING 0x03
#define MBEDTLS_ASN1_OCTET_STRING 0x04
#define MBEDTLS_ASN1_NULL 0x05
#define MBEDTLS_ASN1_OID 0x06
#define MBEDTLS_ASN1_UTF8_STRING 0x0C
#define MBEDTLS_ASN1_SEQUENCE 0x10
#define MBEDTLS_ASN1_SET 0x11
#define MBEDTLS_ASN1_PRINTABLE_STRING 0x13
#define MBEDTLS_ASN1_T61_STRING 0x14
#define MBEDTLS_ASN1_IA5_STRING 0x16
#define MBEDTLS_ASN1_UTC_TIME 0x17
#define MBEDTLS_ASN1_GENERALIZED_TIME 0x18
#define MBEDTLS_ASN1_UNIVERSAL_STRING 0x1C
#define MBEDTLS_ASN1_BMP_STRING 0x1E
#define MBEDTLS_ASN1_PRIMITIVE 0x00
#define MBEDTLS_ASN1_CONSTRUCTED 0x20
#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80
/* \} name */
/* \} addtogroup asn1_module */
/** Returns the size of the binary string, without the trailing \\0 */
#define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1)
/**
* Compares an sc_mbedtls_asn1_buf structure to a reference OID.
*
* Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a
* 'unsigned char *oid' here!
*/
#define MBEDTLS_OID_CMP(oid_str, oid_buf) \
( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) || \
memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 )
#ifdef __cplusplus
extern "C" {
#endif
/**
* \name Functions to parse ASN.1 data structures
* \{
*/
/**
* Type-length-value structure that allows for ASN1 using DER.
*/
typedef struct sc_mbedtls_asn1_buf
{
int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
size_t len; /**< ASN1 length, in octets. */
unsigned char *p; /**< ASN1 data, e.g. in ASCII. */
}
sc_mbedtls_asn1_buf;
/**
* Container for ASN1 bit strings.
*/
typedef struct sc_mbedtls_asn1_bitstring
{
size_t len; /**< ASN1 length, in octets. */
unsigned char unused_bits; /**< Number of unused bits at the end of the string */
unsigned char *p; /**< Raw ASN1 data for the bit string */
}
sc_mbedtls_asn1_bitstring;
/**
* Container for a sequence of ASN.1 items
*/
typedef struct sc_mbedtls_asn1_sequence
{
sc_mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */
struct sc_mbedtls_asn1_sequence *next; /**< The next entry in the sequence. */
}
sc_mbedtls_asn1_sequence;
/**
* Container for a sequence or list of 'named' ASN.1 data items
*/
typedef struct sc_mbedtls_asn1_named_data
{
sc_mbedtls_asn1_buf oid; /**< The object identifier. */
sc_mbedtls_asn1_buf val; /**< The named value. */
struct sc_mbedtls_asn1_named_data *next; /**< The next entry in the sequence. */
unsigned char next_merged; /**< Merge next item into the current one? */
}
sc_mbedtls_asn1_named_data;
/**
* \brief Get the length of an ASN.1 element.
* Updates the pointer to immediately behind the length.
*
* \param p The position in the ASN.1 data
* \param end End of data
* \param len The variable that will receive the value
*
* \return 0 if successful, SC_MBEDTLS_ERR_ASN1_OUT_OF_DATA on reaching
* end of data, SC_MBEDTLS_ERR_ASN1_INVALID_LENGTH if length is
* unparseable.
*/
int sc_mbedtls_asn1_get_len( unsigned char **p,
const unsigned char *end,
size_t *len );
/**
* \brief Get the tag and length of the tag. Check for the requested tag.
* Updates the pointer to immediately behind the tag and length.
*
* \param p The position in the ASN.1 data
* \param end End of data
* \param len The variable that will receive the length
* \param tag The expected tag
*
* \return 0 if successful, SC_MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if tag did
* not match requested tag, or another specific ASN.1 error code.
*/
int sc_mbedtls_asn1_get_tag( unsigned char **p,
const unsigned char *end,
size_t *len, int tag );
/**
* \brief Retrieve a boolean ASN.1 tag and its value.
* Updates the pointer to immediately behind the full tag.
*
* \param p The position in the ASN.1 data
* \param end End of data
* \param val The variable that will receive the value
*
* \return 0 if successful or a specific ASN.1 error code.
*/
int sc_mbedtls_asn1_get_bool( unsigned char **p,
const unsigned char *end,
int *val );
/**
* \brief Retrieve an integer ASN.1 tag and its value.
* Updates the pointer to immediately behind the full tag.
*
* \param p The position in the ASN.1 data
* \param end End of data
* \param val The variable that will receive the value
*
* \return 0 if successful or a specific ASN.1 error code.
*/
int sc_mbedtls_asn1_get_int( unsigned char **p,
const unsigned char *end,
int *val );
/**
* \brief Retrieve a bitstring ASN.1 tag and its value.
* Updates the pointer to immediately behind the full tag.
*
* \param p The position in the ASN.1 data
* \param end End of data
* \param bs The variable that will receive the value
*
* \return 0 if successful or a specific ASN.1 error code.
*/
int sc_mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
sc_mbedtls_asn1_bitstring *bs);
/**
* \brief Retrieve a bitstring ASN.1 tag without unused bits and its
* value.
* Updates the pointer to the beginning of the bit/octet string.
*
* \param p The position in the ASN.1 data
* \param end End of data
* \param len Length of the actual bit/octect string in bytes
*
* \return 0 if successful or a specific ASN.1 error code.
*/
int sc_mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
size_t *len );
/**
* \brief Parses and splits an ASN.1 "SEQUENCE OF <tag>"
* Updated the pointer to immediately behind the full sequence tag.
*
* \param p The position in the ASN.1 data
* \param end End of data
* \param cur First variable in the chain to fill
* \param tag Type of sequence
*
* \return 0 if successful or a specific ASN.1 error code.
*/
int sc_mbedtls_asn1_get_sequence_of( unsigned char **p,
const unsigned char *end,
sc_mbedtls_asn1_sequence *cur,
int tag);
#if defined(MBEDTLS_BIGNUM_C)
/**
* \brief Retrieve a MPI value from an integer ASN.1 tag.
* Updates the pointer to immediately behind the full tag.
*
* \param p The position in the ASN.1 data
* \param end End of data
* \param X The MPI that will receive the value
*
* \return 0 if successful or a specific ASN.1 or MPI error code.
*/
int sc_mbedtls_asn1_get_mpi( unsigned char **p,
const unsigned char *end,
sc_mbedtls_mpi *X );
#endif /* MBEDTLS_BIGNUM_C */
/**
* \brief Retrieve an AlgorithmIdentifier ASN.1 sequence.
* Updates the pointer to immediately behind the full
* AlgorithmIdentifier.
*
* \param p The position in the ASN.1 data
* \param end End of data
* \param alg The buffer to receive the OID
* \param params The buffer to receive the params (if any)
*
* \return 0 if successful or a specific ASN.1 or MPI error code.
*/
int sc_mbedtls_asn1_get_alg( unsigned char **p,
const unsigned char *end,
sc_mbedtls_asn1_buf *alg, sc_mbedtls_asn1_buf *params );
/**
* \brief Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
* params.
* Updates the pointer to immediately behind the full
* AlgorithmIdentifier.
*
* \param p The position in the ASN.1 data
* \param end End of data
* \param alg The buffer to receive the OID
*
* \return 0 if successful or a specific ASN.1 or MPI error code.
*/
int sc_mbedtls_asn1_get_alg_null( unsigned char **p,
const unsigned char *end,
sc_mbedtls_asn1_buf *alg );
/**
* \brief Find a specific named_data entry in a sequence or list based on
* the OID.
*
* \param list The list to seek through
* \param oid The OID to look for
* \param len Size of the OID
*
* \return NULL if not found, or a pointer to the existing entry.
*/
sc_mbedtls_asn1_named_data *sc_mbedtls_asn1_find_named_data( sc_mbedtls_asn1_named_data *list,
const char *oid, size_t len );
/**
* \brief Free a sc_mbedtls_asn1_named_data entry
*
* \param entry The named data entry to free
*/
void sc_mbedtls_asn1_free_named_data( sc_mbedtls_asn1_named_data *entry );
/**
* \brief Free all entries in a sc_mbedtls_asn1_named_data list
* Head will be set to NULL
*
* \param head Pointer to the head of the list of named data entries to free
*/
void sc_mbedtls_asn1_free_named_data_list( sc_mbedtls_asn1_named_data **head );
#ifdef __cplusplus
}
#endif
#endif /* asn1.h */

16
lib/sec_library/include/soft_crypto/crypto_base64.h Normal file
View File

@@ -0,0 +1,16 @@
/* SPDX-License-Identifier: BSD-2-Clause */
/*
* Copyright (c) 2014, STMicroelectronics International N.V.
*/
#ifndef BASE64_H
#define BASE64_H
#include <stdint.h>
#include <stdbool.h>
#include <stddef.h>
bool _base64_enc(const void *data, size_t size, char *buf, size_t *blen);
bool _base64_dec(const char *data, size_t size, void *buf, size_t *blen);
size_t _base64_enc_len(size_t size);
#endif /* BASE64_H */

670
lib/sec_library/include/soft_crypto/crypto_bignum.h Executable file
View File

@@ -0,0 +1,670 @@
/**
* \file bignum.h
*
* \brief Multi-precision integer library
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef SC_MBEDTLS_BIGNUM_H
#define SC_MBEDTLS_BIGNUM_H
#include "crypto_config.h"
#include <stddef.h>
#include <stdint.h>
#include "sec_crypto_errcode.h"
#define SC_MBEDTLS_ERR_MPI_BAD_INPUT_DATA SC_PARAM_INV /**< Bad input parameters to function. */
#define SC_MBEDTLS_ERR_MPI_INVALID_CHARACTER \
SC_PARAM_INV /**< There is an invalid character in the digit string. */
#define SC_MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL SC_BUFFER_TOO_SMALL /**< The buffer is too small to write to. */
#define SC_MBEDTLS_ERR_MPI_NEGATIVE_VALUE \
SC_PARAM_INV /**< The input arguments are negative or result in illegal output. */
#define SC_MBEDTLS_ERR_MPI_DIVISION_BY_ZERO \
SC_PARAM_INV /**< The input argument for division is zero, which is not allowed. */
#define SC_MBEDTLS_ERR_MPI_NOT_ACCEPTABLE SC_PARAM_INV /**< The input arguments are not acceptable. */
#define SC_MBEDTLS_ERR_MPI_ALLOC_FAILED SC_ALLOC_FAILED /**< Memory allocation failed. */
#define SC_MBEDTLS_MPI_CHK(f) \
do { \
if ((ret = f) != 0) \
goto cleanup; \
} while (0)
/*
* Maximum size MPIs are allowed to grow to in number of limbs.
*/
#define SC_MBEDTLS_MPI_MAX_LIMBS 10000
#if !defined(SC_MBEDTLS_MPI_WINDOW_SIZE)
/*
* Maximum window size used for modular exponentiation. Default: 6
* Minimum value: 1. Maximum value: 6.
*
* Result is an array of ( 2 << SC_MBEDTLS_MPI_WINDOW_SIZE ) MPIs used
* for the sliding window calculation. (So 64 by default)
*
* Reduction in size, reduces speed.
*/
#define SC_MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
#endif /* !SC_MBEDTLS_MPI_WINDOW_SIZE */
#if !defined(SC_MBEDTLS_MPI_MAX_SIZE)
/*
* Maximum size of MPIs allowed in bits and bytes for user-MPIs.
* ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits )
*
* Note: Calculations can results temporarily in larger MPIs. So the number
* of limbs required (SC_MBEDTLS_MPI_MAX_LIMBS) is higher.
*/
#define SC_MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
#endif /* !SC_MBEDTLS_MPI_MAX_SIZE */
#define SC_MBEDTLS_MPI_MAX_BITS \
(8 * SC_MBEDTLS_MPI_MAX_SIZE) /**< Maximum number of bits for usable MPIs. */
/*
* When reading from files with sc_mbedtls_mpi_read_file() and writing to files with
* sc_mbedtls_mpi_write_file() the buffer should have space
* for a (short) label, the MPI (in the provided radix), the newline
* characters and the '\0'.
*
* By default we assume at least a 10 char label, a minimum radix of 10
* (decimal) and a maximum of 4096 bit numbers (1234 decimal chars).
* Autosized at compile time for at least a 10 char label, a minimum radix
* of 10 (decimal) for a number of SC_MBEDTLS_MPI_MAX_BITS size.
*
* This used to be statically sized to 1250 for a maximum of 4096 bit
* numbers (1234 decimal chars).
*
* Calculate using the formula:
* SC_MBEDTLS_MPI_RW_BUFFER_SIZE = ceil(SC_MBEDTLS_MPI_MAX_BITS / ln(10) * ln(2)) +
* LabelSize + 6
*/
#define SC_SC_MBEDTLS_MPI_MAX_BITS_SCALE100 (100 * SC_MBEDTLS_MPI_MAX_BITS)
#define SC_MBEDTLS_LN_2_DIV_LN_10_SCALE100 332
#define SC_MBEDTLS_MPI_RW_BUFFER_SIZE \
(((SC_SC_MBEDTLS_MPI_MAX_BITS_SCALE100 + SC_MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / \
SC_MBEDTLS_LN_2_DIV_LN_10_SCALE100) + \
10 + 6)
/*
* Define the base integer type, architecture-wise.
*
* 32-bit integers can be forced on 64-bit arches (eg. for testing purposes)
* by defining SC_MBEDTLS_HAVE_INT32 and undefining MBEDTLS_HAVE_ASM
*/
#define SC_MBEDTLS_HAVE_INT32
typedef int32_t sc_mbedtls_mpi_sint;
typedef uint32_t sc_mbedtls_mpi_uint;
//typedef uint64_t mbedtls_t_udbl;
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief MPI structure
*/
typedef struct {
int s; /*!< integer sign */
size_t n; /*!< total # of limbs */
sc_mbedtls_mpi_uint *p; /*!< pointer to limbs */
} sc_mbedtls_mpi;
/**
* \brief Initialize one MPI (make internal references valid)
* This just makes it ready to be set or freed,
* but does not define a value for the MPI.
*
* \param X One MPI to initialize.
*/
void sc_mbedtls_mpi_init(sc_mbedtls_mpi *X);
/**
* \brief Unallocate one MPI
*
* \param X One MPI to unallocate.
*/
void sc_mbedtls_mpi_free(sc_mbedtls_mpi *X);
/**
* \brief Enlarge to the specified number of limbs
*
* \param X MPI to grow
* \param nblimbs The target number of limbs
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
*/
int sc_mbedtls_mpi_grow(sc_mbedtls_mpi *X, size_t nblimbs);
/**
* \brief Resize down, keeping at least the specified number of limbs
*
* \param X MPI to shrink
* \param nblimbs The minimum number of limbs to keep
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
*/
int sc_mbedtls_mpi_shrink(sc_mbedtls_mpi *X, size_t nblimbs);
/**
* \brief Copy the contents of Y into X
*
* \param X Destination MPI
* \param Y Source MPI
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
*/
int sc_mbedtls_mpi_copy(sc_mbedtls_mpi *X, const sc_mbedtls_mpi *Y);
/**
* \brief Swap the contents of X and Y
*
* \param X First MPI value
* \param Y Second MPI value
*/
void sc_mbedtls_mpi_swap(sc_mbedtls_mpi *X, sc_mbedtls_mpi *Y);
/**
* \brief Safe conditional assignement X = Y if assign is 1
*
* \param X MPI to conditionally assign to
* \param Y Value to be assigned
* \param assign 1: perform the assignment, 0: keep X's original value
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
*
* \note This function is equivalent to
* if( assign ) sc_mbedtls_mpi_copy( X, Y );
* except that it avoids leaking any information about whether
* the assignment was done or not (the above code may leak
* information through branch prediction and/or memory access
* patterns analysis).
*/
int sc_mbedtls_mpi_safe_cond_assign(sc_mbedtls_mpi *X, const sc_mbedtls_mpi *Y,
unsigned char assign);
/**
* \brief Safe conditional swap X <-> Y if swap is 1
*
* \param X First sc_mbedtls_mpi value
* \param Y Second sc_mbedtls_mpi value
* \param assign 1: perform the swap, 0: keep X and Y's original values
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
*
* \note This function is equivalent to
* if( assign ) sc_mbedtls_mpi_swap( X, Y );
* except that it avoids leaking any information about whether
* the assignment was done or not (the above code may leak
* information through branch prediction and/or memory access
* patterns analysis).
*/
int sc_mbedtls_mpi_safe_cond_swap(sc_mbedtls_mpi *X, sc_mbedtls_mpi *Y, unsigned char assign);
/**
* \brief Set value from integer
*
* \param X MPI to set
* \param z Value to use
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
*/
int sc_mbedtls_mpi_lset(sc_mbedtls_mpi *X, sc_mbedtls_mpi_sint z);
/**
* \brief Get a specific bit from X
*
* \param X MPI to use
* \param pos Zero-based index of the bit in X
*
* \return Either a 0 or a 1
*/
int sc_mbedtls_mpi_get_bit(const sc_mbedtls_mpi *X, size_t pos);
/**
* \brief Set a bit of X to a specific value of 0 or 1
*
* \note Will grow X if necessary to set a bit to 1 in a not yet
* existing limb. Will not grow if bit should be set to 0
*
* \param X MPI to use
* \param pos Zero-based index of the bit in X
* \param val The value to set the bit to (0 or 1)
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
* SC_MBEDTLS_ERR_MPI_BAD_INPUT_DATA if val is not 0 or 1
*/
int sc_mbedtls_mpi_set_bit(sc_mbedtls_mpi *X, size_t pos, unsigned char val);
/**
* \brief Return the number of zero-bits before the least significant
* '1' bit
*
* Note: Thus also the zero-based index of the least significant '1' bit
*
* \param X MPI to use
*/
size_t sc_mbedtls_mpi_lsb(const sc_mbedtls_mpi *X);
/**
* \brief Return the number of bits up to and including the most
* significant '1' bit'
*
* Note: Thus also the one-based index of the most significant '1' bit
*
* \param X MPI to use
*/
size_t sc_mbedtls_mpi_bitlen(const sc_mbedtls_mpi *X);
/**
* \brief Return the total size in bytes
*
* \param X MPI to use
*/
size_t sc_mbedtls_mpi_size(const sc_mbedtls_mpi *X);
/**
* \brief Import from an ASCII string
*
* \param X Destination MPI
* \param radix Input numeric base
* \param s Null-terminated string buffer
*
* \return 0 if successful, or a SC_MBEDTLS_ERR_MPI_XXX error code
*/
int sc_mbedtls_mpi_read_string(sc_mbedtls_mpi *X, int radix, const char *s);
/**
* \brief Export into an ASCII string
*
* \param X Source MPI
* \param radix Output numeric base
* \param buf Buffer to write the string to
* \param buflen Length of buf
* \param olen Length of the string written, including final NUL byte
*
* \return 0 if successful, or a SC_MBEDTLS_ERR_MPI_XXX error code.
* *olen is always updated to reflect the amount
* of data that has (or would have) been written.
*
* \note Call this function with buflen = 0 to obtain the
* minimum required buffer size in *olen.
*/
int sc_mbedtls_mpi_write_string(const sc_mbedtls_mpi *X, int radix, char *buf, size_t buflen,
size_t *olen);
/**
* \brief Import X from unsigned binary data, big endian
*
* \param X Destination MPI
* \param buf Input buffer
* \param buflen Input buffer size
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
*/
int sc_mbedtls_mpi_read_binary(sc_mbedtls_mpi *X, const unsigned char *buf, size_t buflen);
/**
* \brief Export X into unsigned binary data, big endian.
* Always fills the whole buffer, which will start with zeros
* if the number is smaller.
*
* \param X Source MPI
* \param buf Output buffer
* \param buflen Output buffer size
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough
*/
int sc_mbedtls_mpi_write_binary(const sc_mbedtls_mpi *X, unsigned char *buf, size_t buflen);
/**
* \brief Left-shift: X <<= count
*
* \param X MPI to shift
* \param count Amount to shift
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
*/
int sc_mbedtls_mpi_shift_l(sc_mbedtls_mpi *X, size_t count);
/**
* \brief Right-shift: X >>= count
*
* \param X MPI to shift
* \param count Amount to shift
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
*/
int sc_mbedtls_mpi_shift_r(sc_mbedtls_mpi *X, size_t count);
/**
* \brief Compare unsigned values
*
* \param X Left-hand MPI
* \param Y Right-hand MPI
*
* \return 1 if |X| is greater than |Y|,
* -1 if |X| is lesser than |Y| or
* 0 if |X| is equal to |Y|
*/
int sc_mbedtls_mpi_cmp_abs(const sc_mbedtls_mpi *X, const sc_mbedtls_mpi *Y);
/**
* \brief Compare signed values
*
* \param X Left-hand MPI
* \param Y Right-hand MPI
*
* \return 1 if X is greater than Y,
* -1 if X is lesser than Y or
* 0 if X is equal to Y
*/
int sc_mbedtls_mpi_cmp_mpi(const sc_mbedtls_mpi *X, const sc_mbedtls_mpi *Y);
/**
* \brief Compare signed values
*
* \param X Left-hand MPI
* \param z The integer value to compare to
*
* \return 1 if X is greater than z,
* -1 if X is lesser than z or
* 0 if X is equal to z
*/
int sc_mbedtls_mpi_cmp_int(const sc_mbedtls_mpi *X, sc_mbedtls_mpi_sint z);
/**
* \brief Unsigned addition: X = |A| + |B|
*
* \param X Destination MPI
* \param A Left-hand MPI
* \param B Right-hand MPI
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
*/
int sc_mbedtls_mpi_add_abs(sc_mbedtls_mpi *X, const sc_mbedtls_mpi *A, const sc_mbedtls_mpi *B);
/**
* \brief Unsigned subtraction: X = |A| - |B|
*
* \param X Destination MPI
* \param A Left-hand MPI
* \param B Right-hand MPI
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B is greater than A
*/
int sc_mbedtls_mpi_sub_abs(sc_mbedtls_mpi *X, const sc_mbedtls_mpi *A, const sc_mbedtls_mpi *B);
/**
* \brief Signed addition: X = A + B
*
* \param X Destination MPI
* \param A Left-hand MPI
* \param B Right-hand MPI
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
*/
int sc_mbedtls_mpi_add_mpi(sc_mbedtls_mpi *X, const sc_mbedtls_mpi *A, const sc_mbedtls_mpi *B);
/**
* \brief Signed subtraction: X = A - B
*
* \param X Destination MPI
* \param A Left-hand MPI
* \param B Right-hand MPI
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
*/
int sc_mbedtls_mpi_sub_mpi(sc_mbedtls_mpi *X, const sc_mbedtls_mpi *A, const sc_mbedtls_mpi *B);
/**
* \brief Signed addition: X = A + b
*
* \param X Destination MPI
* \param A Left-hand MPI
* \param b The integer value to add
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
*/
int sc_mbedtls_mpi_add_int(sc_mbedtls_mpi *X, const sc_mbedtls_mpi *A, sc_mbedtls_mpi_sint b);
/**
* \brief Signed subtraction: X = A - b
*
* \param X Destination MPI
* \param A Left-hand MPI
* \param b The integer value to subtract
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
*/
int sc_mbedtls_mpi_sub_int(sc_mbedtls_mpi *X, const sc_mbedtls_mpi *A, sc_mbedtls_mpi_sint b);
/**
* \brief Baseline multiplication: X = A * B
*
* \param X Destination MPI
* \param A Left-hand MPI
* \param B Right-hand MPI
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
*/
int sc_mbedtls_mpi_mul_mpi(sc_mbedtls_mpi *X, const sc_mbedtls_mpi *A, const sc_mbedtls_mpi *B);
/**
* \brief Baseline multiplication: X = A * b
*
* \param X Destination MPI
* \param A Left-hand MPI
* \param b The unsigned integer value to multiply with
*
* \note b is unsigned
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
*/
int sc_mbedtls_mpi_mul_int(sc_mbedtls_mpi *X, const sc_mbedtls_mpi *A, sc_mbedtls_mpi_uint b);
/**
* \brief Division by sc_mbedtls_mpi: A = Q * B + R
*
* \param Q Destination MPI for the quotient
* \param R Destination MPI for the rest value
* \param A Left-hand MPI
* \param B Right-hand MPI
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
* SC_MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B == 0
*
* \note Either Q or R can be NULL.
*/
int sc_mbedtls_mpi_div_mpi(sc_mbedtls_mpi *Q, sc_mbedtls_mpi *R, const sc_mbedtls_mpi *A,
const sc_mbedtls_mpi *B);
/**
* \brief Division by int: A = Q * b + R
*
* \param Q Destination MPI for the quotient
* \param R Destination MPI for the rest value
* \param A Left-hand MPI
* \param b Integer to divide by
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
* SC_MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b == 0
*
* \note Either Q or R can be NULL.
*/
int sc_mbedtls_mpi_div_int(sc_mbedtls_mpi *Q, sc_mbedtls_mpi *R, const sc_mbedtls_mpi *A,
sc_mbedtls_mpi_sint b);
/**
* \brief Modulo: R = A mod B
*
* \param R Destination MPI for the rest value
* \param A Left-hand MPI
* \param B Right-hand MPI
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
* SC_MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B == 0,
* SC_MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B < 0
*/
int sc_mbedtls_mpi_mod_mpi(sc_mbedtls_mpi *R, const sc_mbedtls_mpi *A, const sc_mbedtls_mpi *B);
/**
* \brief Modulo: r = A mod b
*
* \param r Destination sc_mbedtls_mpi_uint
* \param A Left-hand MPI
* \param b Integer to divide by
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
* SC_MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b == 0,
* SC_MBEDTLS_ERR_MPI_NEGATIVE_VALUE if b < 0
*/
int sc_mbedtls_mpi_mod_int(sc_mbedtls_mpi_uint *r, const sc_mbedtls_mpi *A,
sc_mbedtls_mpi_sint b);
/**
* \brief Sliding-window exponentiation: X = A^E mod N
*
* \param X Destination MPI
* \param A Left-hand MPI
* \param E Exponent MPI
* \param N Modular MPI
* \param _RR Speed-up MPI used for recalculations
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
* SC_MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is negative or even or
* if E is negative
*
* \note _RR is used to avoid re-computing R*R mod N across
* multiple calls, which speeds up things a bit. It can
* be set to NULL if the extra performance is unneeded.
*/
int sc_mbedtls_mpi_exp_mod(sc_mbedtls_mpi *X, const sc_mbedtls_mpi *A, const sc_mbedtls_mpi *E,
const sc_mbedtls_mpi *N, sc_mbedtls_mpi *_RR);
/**
* \brief Fill an MPI X with size bytes of random
*
* \param X Destination MPI
* \param size Size in bytes
* \param f_rng RNG function
* \param p_rng RNG parameter
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
*/
int sc_mbedtls_mpi_fill_random(sc_mbedtls_mpi *X, size_t size,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
/**
* \brief Greatest common divisor: G = gcd(A, B)
*
* \param G Destination MPI
* \param A Left-hand MPI
* \param B Right-hand MPI
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
*/
int sc_mbedtls_mpi_gcd(sc_mbedtls_mpi *G, const sc_mbedtls_mpi *A, const sc_mbedtls_mpi *B);
/**
* \brief Modular inverse: X = A^-1 mod N
*
* \param X Destination MPI
* \param A Left-hand MPI
* \param N Right-hand MPI
*
* \return 0 if successful,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
* SC_MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is <= 1,
SC_MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N.
*/
int sc_mbedtls_mpi_inv_mod(sc_mbedtls_mpi *X, const sc_mbedtls_mpi *A, const sc_mbedtls_mpi *N);
/**
* \brief Miller-Rabin primality test
*
* \param X MPI to check
* \param f_rng RNG function
* \param p_rng RNG parameter
*
* \return 0 if successful (probably prime),
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
* SC_MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if X is not prime
*/
int sc_mbedtls_mpi_is_prime(const sc_mbedtls_mpi *X,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
/**
* \brief Prime number generation
*
* \param X Destination MPI
* \param nbits Required size of X in bits
* ( 3 <= nbits <= SC_MBEDTLS_MPI_MAX_BITS )
* \param dh_flag If 1, then (X-1)/2 will be prime too
* \param f_rng RNG function
* \param p_rng RNG parameter
*
* \return 0 if successful (probably prime),
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
* SC_MBEDTLS_ERR_MPI_BAD_INPUT_DATA if nbits is < 3
*/
int sc_mbedtls_mpi_gen_prime(sc_mbedtls_mpi *X, size_t nbits, int dh_flag,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
*/
int sc_mbedtls_mpi_self_test(int verbose);
#ifdef __cplusplus
}
#endif
#endif /* bignum.h */

70
lib/sec_library/include/soft_crypto/crypto_bn_mul.h Executable file
View File

@@ -0,0 +1,70 @@
/**
* \file bn_mul.h
*
* \brief Multi-precision integer library
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* Multiply source vector [s] with b, add result
* to destination vector [d] and set carry c.
*
* Currently supports:
*
* . IA-32 (386+) . AMD64 / EM64T
* . IA-32 (SSE2) . Motorola 68000
* . PowerPC, 32-bit . MicroBlaze
* . PowerPC, 64-bit . TriCore
* . SPARC v8 . ARM v3+
* . Alpha . MIPS32
* . C, longlong . C, generic
*/
#ifndef SC_MBEDTLS_BN_MUL_H
#define SC_MBEDTLS_BN_MUL_H
#include "crypto_bignum.h"
#if !defined(MULADDC_CORE)
#define MULADDC_INIT \
{ \
sc_mbedtls_mpi_uint s0, s1, b0, b1; \
sc_mbedtls_mpi_uint r0, r1, rx, ry; \
b0 = ( b << biH ) >> biH; \
b1 = ( b >> biH );
#define MULADDC_CORE \
s0 = ( *s << biH ) >> biH; \
s1 = ( *s >> biH ); s++; \
rx = s0 * b1; r0 = s0 * b0; \
ry = s1 * b0; r1 = s1 * b1; \
r1 += ( rx >> biH ); \
r1 += ( ry >> biH ); \
rx <<= biH; ry <<= biH; \
r0 += rx; r1 += (r0 < rx); \
r0 += ry; r1 += (r0 < ry); \
r0 += c; r1 += (r0 < c); \
r0 += *d; r1 += (r0 < *d); \
c = r1; *(d++) = r0;
#define MULADDC_STOP \
}
#endif /* C (generic) */
#endif /* bn_mul.h */

308
lib/sec_library/include/soft_crypto/crypto_ccm.h Normal file
View File

@@ -0,0 +1,308 @@
/**
* \file ccm.h
*
* \brief This file provides an API for the CCM authenticated encryption
* mode for block ciphers.
*
* CCM combines Counter mode encryption with CBC-MAC authentication
* for 128-bit block ciphers.
*
* Input to CCM includes the following elements:
* <ul><li>Payload - data that is both authenticated and encrypted.</li>
* <li>Associated data (Adata) - data that is authenticated but not
* encrypted, For example, a header.</li>
* <li>Nonce - A unique value that is assigned to the payload and the
* associated data.</li></ul>
*
* Definition of CCM:
* http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
* RFC 3610 "Counter with CBC-MAC (CCM)"
*
* Related:
* RFC 5116 "An Interface and Algorithms for Authenticated Encryption"
*
* Definition of CCM*:
* IEEE 802.15.4 - IEEE Standard for Local and metropolitan area networks
* Integer representation is fixed most-significant-octet-first order and
* the representation of octets is most-significant-bit-first order. This is
* consistent with RFC 3610.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef MBEDTLS_CCM_H
#define MBEDTLS_CCM_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "mbedtls/cipher.h"
#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to the function. */
#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */
/* MBEDTLS_ERR_CCM_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */
#ifdef __cplusplus
extern "C" {
#endif
#if !defined(MBEDTLS_CCM_ALT)
// Regular implementation
//
/**
* \brief The CCM context-type definition. The CCM context is passed
* to the APIs called.
*/
typedef struct mbedtls_ccm_context
{
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
}
mbedtls_ccm_context;
#else /* MBEDTLS_CCM_ALT */
#include "ccm_alt.h"
#endif /* MBEDTLS_CCM_ALT */
/**
* \brief This function initializes the specified CCM context,
* to make references valid, and prepare the context
* for sc_mbedtls_ccm_setkey() or sc_mbedtls_ccm_free().
*
* \param ctx The CCM context to initialize. This must not be \c NULL.
*/
void sc_mbedtls_ccm_init( mbedtls_ccm_context *ctx );
/**
* \brief This function initializes the CCM context set in the
* \p ctx parameter and sets the encryption key.
*
* \param ctx The CCM context to initialize. This must be an initialized
* context.
* \param cipher The 128-bit block cipher to use.
* \param key The encryption key. This must not be \c NULL.
* \param keybits The key size in bits. This must be acceptable by the cipher.
*
* \return \c 0 on success.
* \return A CCM or cipher-specific error code on failure.
*/
int sc_mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
mbedtls_cipher_id_t cipher,
const unsigned char *key,
unsigned int keybits );
/**
* \brief This function releases and clears the specified CCM context
* and underlying cipher sub-context.
*
* \param ctx The CCM context to clear. If this is \c NULL, the function
* has no effect. Otherwise, this must be initialized.
*/
void sc_mbedtls_ccm_free( mbedtls_ccm_context *ctx );
/**
* \brief This function encrypts a buffer using CCM.
*
* \note The tag is written to a separate buffer. To concatenate
* the \p tag with the \p output, as done in <em>RFC-3610:
* Counter with CBC-MAC (CCM)</em>, use
* \p tag = \p output + \p length, and make sure that the
* output buffer is at least \p length + \p tag_len wide.
*
* \param ctx The CCM context to use for encryption. This must be
* initialized and bound to a key.
* \param length The length of the input data in Bytes.
* \param iv The initialization vector (nonce). This must be a readable
* buffer of at least \p iv_len Bytes.
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
* \param add The additional data field. If \p add_len is greater than
* zero, \p add must be a readable buffer of at least that
* length.
* \param add_len The length of additional data in Bytes.
* This must be less than `2^16 - 2^8`.
* \param input The buffer holding the input data. If \p length is greater
* than zero, \p input must be a readable buffer of at least
* that length.
* \param output The buffer holding the output data. If \p length is greater
* than zero, \p output must be a writable buffer of at least
* that length.
* \param tag The buffer holding the authentication field. This must be a
* writable buffer of at least \p tag_len Bytes.
* \param tag_len The length of the authentication field to generate in Bytes:
* 4, 6, 8, 10, 12, 14 or 16.
*
* \return \c 0 on success.
* \return A CCM or cipher-specific error code on failure.
*/
int sc_mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len );
/**
* \brief This function encrypts a buffer using CCM*.
*
* \note The tag is written to a separate buffer. To concatenate
* the \p tag with the \p output, as done in <em>RFC-3610:
* Counter with CBC-MAC (CCM)</em>, use
* \p tag = \p output + \p length, and make sure that the
* output buffer is at least \p length + \p tag_len wide.
*
* \note When using this function in a variable tag length context,
* the tag length has to be encoded into the \p iv passed to
* this function.
*
* \param ctx The CCM context to use for encryption. This must be
* initialized and bound to a key.
* \param length The length of the input data in Bytes.
* \param iv The initialization vector (nonce). This must be a readable
* buffer of at least \p iv_len Bytes.
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
* \param add The additional data field. This must be a readable buffer of
* at least \p add_len Bytes.
* \param add_len The length of additional data in Bytes.
* This must be less than 2^16 - 2^8.
* \param input The buffer holding the input data. If \p length is greater
* than zero, \p input must be a readable buffer of at least
* that length.
* \param output The buffer holding the output data. If \p length is greater
* than zero, \p output must be a writable buffer of at least
* that length.
* \param tag The buffer holding the authentication field. This must be a
* writable buffer of at least \p tag_len Bytes.
* \param tag_len The length of the authentication field to generate in Bytes:
* 0, 4, 6, 8, 10, 12, 14 or 16.
*
* \warning Passing \c 0 as \p tag_len means that the message is no
* longer authenticated.
*
* \return \c 0 on success.
* \return A CCM or cipher-specific error code on failure.
*/
int sc_mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len );
/**
* \brief This function performs a CCM authenticated decryption of a
* buffer.
*
* \param ctx The CCM context to use for decryption. This must be
* initialized and bound to a key.
* \param length The length of the input data in Bytes.
* \param iv The initialization vector (nonce). This must be a readable
* buffer of at least \p iv_len Bytes.
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
* \param add The additional data field. This must be a readable buffer
* of at least that \p add_len Bytes..
* \param add_len The length of additional data in Bytes.
* This must be less than 2^16 - 2^8.
* \param input The buffer holding the input data. If \p length is greater
* than zero, \p input must be a readable buffer of at least
* that length.
* \param output The buffer holding the output data. If \p length is greater
* than zero, \p output must be a writable buffer of at least
* that length.
* \param tag The buffer holding the authentication field. This must be a
* readable buffer of at least \p tag_len Bytes.
* \param tag_len The length of the authentication field to generate in Bytes:
* 4, 6, 8, 10, 12, 14 or 16.
*
* \return \c 0 on success. This indicates that the message is authentic.
* \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
* \return A cipher-specific error code on calculation failure.
*/
int sc_mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len );
/**
* \brief This function performs a CCM* authenticated decryption of a
* buffer.
*
* \note When using this function in a variable tag length context,
* the tag length has to be decoded from \p iv and passed to
* this function as \p tag_len. (\p tag needs to be adjusted
* accordingly.)
*
* \param ctx The CCM context to use for decryption. This must be
* initialized and bound to a key.
* \param length The length of the input data in Bytes.
* \param iv The initialization vector (nonce). This must be a readable
* buffer of at least \p iv_len Bytes.
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
* \param add The additional data field. This must be a readable buffer of
* at least that \p add_len Bytes.
* \param add_len The length of additional data in Bytes.
* This must be less than 2^16 - 2^8.
* \param input The buffer holding the input data. If \p length is greater
* than zero, \p input must be a readable buffer of at least
* that length.
* \param output The buffer holding the output data. If \p length is greater
* than zero, \p output must be a writable buffer of at least
* that length.
* \param tag The buffer holding the authentication field. This must be a
* readable buffer of at least \p tag_len Bytes.
* \param tag_len The length of the authentication field in Bytes.
* 0, 4, 6, 8, 10, 12, 14 or 16.
*
* \warning Passing \c 0 as \p tag_len means that the message is nos
* longer authenticated.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
* \return A cipher-specific error code on calculation failure.
*/
int sc_mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len );
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
/**
* \brief The CCM checkup routine.
*
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int sc_mbedtls_ccm_self_test( int verbose );
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
#ifdef __cplusplus
}
#endif
#endif /* MBEDTLS_CCM_H */

1119
lib/sec_library/include/soft_crypto/crypto_cipher.h Normal file
View File

File diff suppressed because it is too large Load Diff

125
lib/sec_library/include/soft_crypto/crypto_cipher_internal.h Normal file
View File

@@ -0,0 +1,125 @@
/**
* \file cipher_internal.h
*
* \brief Cipher wrappers.
*
* \author Adriaan de Jong <dejong@fox-it.com>
*/
/*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_CIPHER_WRAP_H
#define MBEDTLS_CIPHER_WRAP_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "crypto_config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "crypto_cipher.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* Base cipher information. The non-mode specific functions and values.
*/
struct mbedtls_cipher_base_t
{
/** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */
mbedtls_cipher_id_t cipher;
/** Encrypt using ECB */
int (*ecb_func)( void *ctx, mbedtls_operation_t mode,
const unsigned char *input, unsigned char *output );
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/** Encrypt using CBC */
int (*cbc_func)( void *ctx, mbedtls_operation_t mode, size_t length,
unsigned char *iv, const unsigned char *input,
unsigned char *output );
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
/** Encrypt using CFB (Full length) */
int (*cfb_func)( void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off,
unsigned char *iv, const unsigned char *input,
unsigned char *output );
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
/** Encrypt using OFB (Full length) */
int (*ofb_func)( void *ctx, size_t length, size_t *iv_off,
unsigned char *iv,
const unsigned char *input,
unsigned char *output );
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
/** Encrypt using CTR */
int (*ctr_func)( void *ctx, size_t length, size_t *nc_off,
unsigned char *nonce_counter, unsigned char *stream_block,
const unsigned char *input, unsigned char *output );
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/** Encrypt or decrypt using XTS. */
int (*xts_func)( void *ctx, mbedtls_operation_t mode, size_t length,
const unsigned char data_unit[16],
const unsigned char *input, unsigned char *output );
#endif
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
/** Encrypt using STREAM */
int (*stream_func)( void *ctx, size_t length,
const unsigned char *input, unsigned char *output );
#endif
/** Set key for encryption purposes */
int (*setkey_enc_func)( void *ctx, const unsigned char *key,
unsigned int key_bitlen );
/** Set key for decryption purposes */
int (*setkey_dec_func)( void *ctx, const unsigned char *key,
unsigned int key_bitlen);
/** Allocate a new context */
void * (*ctx_alloc_func)( void );
/** Free the given context */
void (*ctx_free_func)( void *ctx );
};
typedef struct
{
mbedtls_cipher_type_t type;
const mbedtls_cipher_info_t *info;
} mbedtls_cipher_definition_t;
extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[];
extern int mbedtls_cipher_supported[];
#ifdef __cplusplus
}
#endif
#endif /* MBEDTLS_CIPHER_WRAP_H */

242
lib/sec_library/include/soft_crypto/crypto_cmac.h Normal file
View File

@@ -0,0 +1,242 @@
/**
* \file cmac.h
*
* \brief This file contains CMAC definitions and functions.
*
* The Cipher-based Message Authentication Code (CMAC) Mode for
* Authentication is defined in <em>RFC-4493: The AES-CMAC Algorithm</em>.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef MBEDTLS_CMAC_H
#define MBEDTLS_CMAC_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "mbedtls/cipher.h"
#ifdef __cplusplus
extern "C" {
#endif
/* MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED -0x007A /**< CMAC hardware accelerator failed. */
#define MBEDTLS_AES_BLOCK_SIZE 16
#define MBEDTLS_DES3_BLOCK_SIZE 8
#if defined(MBEDTLS_AES_C)
#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /**< The longest block used by CMAC is that of AES. */
#else
#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /**< The longest block used by CMAC is that of 3DES. */
#endif
#if !defined(MBEDTLS_CMAC_ALT)
/**
* The CMAC context structure.
*/
struct mbedtls_cmac_context_t
{
/** The internal state of the CMAC algorithm. */
unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX];
/** Unprocessed data - either data that was not block aligned and is still
* pending processing, or the final block. */
unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX];
/** The length of data pending processing. */
size_t unprocessed_len;
};
#else /* !MBEDTLS_CMAC_ALT */
#include "cmac_alt.h"
#endif /* !MBEDTLS_CMAC_ALT */
/**
* \brief Initialises and allocat cmac context memory
* Must be called with an initialized cipher context.
*
* \param ctx The cipher context used for the CMAC operation, initialized
* as one of the following types: MBEDTLS_CIPHER_AES_128_ECB,
* MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB,
* or MBEDTLS_CIPHER_DES_EDE3_ECB.
* \return \c 0 on success.
* \return A cipher-specific error code on failure.
*/
int sc_mbedtls_cipher_cmac_setup(mbedtls_cipher_context_t *ctx);
/**
* \brief This function sets the CMAC key, and prepares to authenticate
* the input data.
* Must be called with an initialized cipher context.
*
* \note When the CMAC implementation is supplied by an alternate
* implementation (through #MBEDTLS_CMAC_ALT), some ciphers
* may not be supported by that implementation, and thus
* return an error. Alternate implementations must support
* AES-128 and AES-256, and may support AES-192 and 3DES.
*
* \param ctx The cipher context used for the CMAC operation, initialized
* as one of the following types: MBEDTLS_CIPHER_AES_128_ECB,
* MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB,
* or MBEDTLS_CIPHER_DES_EDE3_ECB.
* \param key The CMAC key.
* \param keybits The length of the CMAC key in bits.
* Must be supported by the cipher.
*
* \return \c 0 on success.
* \return A cipher-specific error code on failure.
*/
int sc_mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
const unsigned char *key, size_t keybits );
/**
* \brief This function feeds an input buffer into an ongoing CMAC
* computation.
*
* It is called between sc_mbedtls_cipher_cmac_starts() or
* sc_mbedtls_cipher_cmac_reset(), and sc_mbedtls_cipher_cmac_finish().
* Can be called repeatedly.
*
* \param ctx The cipher context used for the CMAC operation.
* \param input The buffer holding the input data.
* \param ilen The length of the input data.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails.
*/
int sc_mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
const unsigned char *input, size_t ilen );
/**
* \brief This function finishes the CMAC operation, and writes
* the result to the output buffer.
*
* It is called after sc_mbedtls_cipher_cmac_update().
* It can be followed by sc_mbedtls_cipher_cmac_reset() and
* sc_mbedtls_cipher_cmac_update(), or mbedtls_cipher_free().
*
* \param ctx The cipher context used for the CMAC operation.
* \param output The output buffer for the CMAC checksum result.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails.
*/
int sc_mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
unsigned char *output );
/**
* \brief This function prepares the authentication of another
* message with the same key as the previous CMAC
* operation.
*
* It is called after sc_mbedtls_cipher_cmac_finish()
* and before sc_mbedtls_cipher_cmac_update().
*
* \param ctx The cipher context used for the CMAC operation.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails.
*/
int sc_mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
/**
* \brief This function calculates the full generic CMAC
* on the input buffer with the provided key.
*
* The function allocates the context, performs the
* calculation, and frees the context.
*
* The CMAC result is calculated as
* output = generic CMAC(cmac key, input buffer).
*
* \note When the CMAC implementation is supplied by an alternate
* implementation (through #MBEDTLS_CMAC_ALT), some ciphers
* may not be supported by that implementation, and thus
* return an error. Alternate implementations must support
* AES-128 and AES-256, and may support AES-192 and 3DES.
*
* \param cipher_info The cipher information.
* \param key The CMAC key.
* \param keylen The length of the CMAC key in bits.
* \param input The buffer holding the input data.
* \param ilen The length of the input data.
* \param output The buffer for the generic CMAC result.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails.
*/
int sc_mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
const unsigned char *key, size_t keylen,
const unsigned char *input, size_t ilen,
unsigned char *output );
#if defined(MBEDTLS_AES_C)
/**
* \brief This function implements the AES-CMAC-PRF-128 pseudorandom
* function, as defined in
* <em>RFC-4615: The Advanced Encryption Standard-Cipher-based
* Message Authentication Code-Pseudo-Random Function-128
* (AES-CMAC-PRF-128) Algorithm for the Internet Key
* Exchange Protocol (IKE).</em>
*
* \param key The key to use.
* \param key_len The key length in Bytes.
* \param input The buffer holding the input data.
* \param in_len The length of the input data in Bytes.
* \param output The buffer holding the generated 16 Bytes of
* pseudorandom output.
*
* \return \c 0 on success.
*/
int sc_mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
const unsigned char *input, size_t in_len,
unsigned char output[16] );
#endif /* MBEDTLS_AES_C */
#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )
/**
* \brief The CMAC checkup routine.
*
* \note In case the CMAC routines are provided by an alternative
* implementation (i.e. #MBEDTLS_CMAC_ALT is defined), the
* checkup routine will succeed even if the implementation does
* not support the less widely used AES-192 or 3DES primitives.
* The self-test requires at least AES-128 and AES-256 to be
* supported by the underlying implementation.
*
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int sc_mbedtls_cmac_self_test( int verbose );
#endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
#ifdef __cplusplus
}
#endif
#endif /* MBEDTLS_CMAC_H */

67
lib/sec_library/include/soft_crypto/crypto_config.h Executable file
View File

@@ -0,0 +1,67 @@
/*
* Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites
* Distinguishing features:
* - no bignum, no PK, no X509
* - fully modern and secure (provided the pre-shared keys have high entropy)
* - very low record overhead with CCM-8
* - optimized for low RAM usage
*
* See README.txt for usage instructions.
*/
#ifndef SC_MBEDTLS_CONFIG_H
#define SC_MBEDTLS_CONFIG_H
/* System support */
/* mbed TLS feature support */
#define MBEDTLS_PKCS1_V15
/* mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_BIGNUM_C
#define SC_MBEDTLS_MD_C
//#define MBEDTLS_NET_C
#define MBEDTLS_OID_C
#define MBEDTLS_SHA1_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_RSA_C
#define MBEDTLS_RSA_NO_CRT
#define MBEDTLS_GCM_C
#define MBEDTLS_SELF_TEST
#if !defined (MBEDTLS_DEBUG_C)
/*reduce readonly date size*/
#define CK_REMOVE_UNUSED_FUNCTION_AND_DATA
#endif
#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO
#define MBEDTLS_PLATFORM_TIME_MACRO
#endif /* SC_MBEDTLS_CONFIG_H */

61
lib/sec_library/include/soft_crypto/crypto_constants.h Executable file
View File

@@ -0,0 +1,61 @@
/* constants.h - TinyCrypt interface to constants */
/*
* Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* - Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* - Neither the name of Intel Corporation nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/**
* @file
* @brief -- Interface to constants.
*
*/
#ifndef __TC_CONSTANTS_H__
#define __TC_CONSTANTS_H__
#ifdef __cplusplus
extern "C" {
#endif
#include <stdbool.h>
#ifndef NULL
#define NULL ((void *)0)
#endif
#define TC_CRYPTO_SUCCESS 1
#define TC_CRYPTO_FAIL 0
#define TC_ZERO_BYTE 0x00
#ifdef __cplusplus
}
#endif
#endif /* __TC_CONSTANTS_H__ */

546
lib/sec_library/include/soft_crypto/crypto_ecc.h Executable file
View File

@@ -0,0 +1,546 @@
/* ecc.h - TinyCrypt interface to common ECC functions */
/* Copyright (c) 2014, Kenneth MacKay
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/*
* Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* - Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* - Neither the name of Intel Corporation nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/**
* @file
* @brief -- Interface to common ECC functions.
*
* Overview: This software is an implementation of common functions
* necessary to elliptic curve cryptography. This implementation uses
* curve NIST p-256.
*
* Security: The curve NIST p-256 provides approximately 128 bits of security.
*
*/
#ifndef __TC_UECC_H__
#define __TC_UECC_H__
#include <stdint.h>
#include <linux/types.h>
#ifdef __cplusplus
extern "C" {
#endif
/* Word size (4 bytes considering 32-bits architectures) */
#define uECC_WORD_SIZE 4
/* setting max number of calls to prng: */
#ifndef uECC_RNG_MAX_TRIES
#define uECC_RNG_MAX_TRIES 64
#endif
/* defining data types to store word and bit counts: */
typedef int8_t wordcount_t;
typedef int16_t bitcount_t;
/* defining data type for comparison result: */
typedef int8_t cmpresult_t;
/* defining data type to store ECC coordinate/point in 32bits words: */
typedef unsigned int uECC_word_t;
/* defining data type to store an ECC coordinate/point in 64bits words: */
typedef uint64_t uECC_dword_t;
/* defining masks useful for ecc computations: */
#define HIGH_BIT_SET 0x80000000
#define uECC_WORD_BITS 32
#define uECC_WORD_BITS_SHIFT 5
#define uECC_WORD_BITS_MASK 0x01F
/* Number of words of 32 bits to represent an element of the the curve p-256: */
#define NUM_ECC_WORDS 8
/* Number of bytes to represent an element of the the curve p-256: */
#define NUM_ECC_BYTES (uECC_WORD_SIZE*NUM_ECC_WORDS)
/* structure that represents an elliptic curve (e.g. p256):*/
struct uECC_Curve_t;
typedef const struct uECC_Curve_t * uECC_Curve;
struct uECC_Curve_t {
wordcount_t num_words;
wordcount_t num_bytes;
bitcount_t num_n_bits;
uECC_word_t p[NUM_ECC_WORDS];
uECC_word_t n[NUM_ECC_WORDS];
uECC_word_t G[NUM_ECC_WORDS * 2];
uECC_word_t b[NUM_ECC_WORDS];
void (*double_jacobian)(uECC_word_t * X1, uECC_word_t * Y1, uECC_word_t * Z1, uECC_Curve curve);
void (*x_side)(uECC_word_t *result, const uECC_word_t *x, uECC_Curve curve);
void (*mmod_fast)(uECC_word_t *result, uECC_word_t *product);
};
/*
* @brief computes doubling of point ion jacobian coordinates, in place.
* @param X1 IN/OUT -- x coordinate
* @param Y1 IN/OUT -- y coordinate
* @param Z1 IN/OUT -- z coordinate
* @param curve IN -- elliptic curve
*/
void double_jacobian_default(uECC_word_t * X1, uECC_word_t * Y1,
uECC_word_t * Z1, uECC_Curve curve);
/*
* @brief Computes x^3 + ax + b. result must not overlap x.
* @param result OUT -- x^3 + ax + b
* @param x IN -- value of x
* @param curve IN -- elliptic curve
*/
void x_side_default(uECC_word_t *result, const uECC_word_t *x,
uECC_Curve curve);
/*
* @brief Computes result = product % curve_p
* from http://www.nsa.gov/ia/_files/nist-routines.pdf
* @param result OUT -- product % curve_p
* @param product IN -- value to be reduced mod curve_p
*/
void vli_mmod_fast_secp256r1(unsigned int *result, unsigned int *product);
/* Bytes to words ordering: */
#define BYTES_TO_WORDS_8(a, b, c, d, e, f, g, h) 0x##d##c##b##a, 0x##h##g##f##e
#define BYTES_TO_WORDS_4(a, b, c, d) 0x##d##c##b##a
#define BITS_TO_WORDS(num_bits) \
((num_bits + ((uECC_WORD_SIZE * 8) - 1)) / (uECC_WORD_SIZE * 8))
#define BITS_TO_BYTES(num_bits) ((num_bits + 7) / 8)
/* definition of curve NIST p-256: */
static const struct uECC_Curve_t curve_secp256r1 = {
NUM_ECC_WORDS,
NUM_ECC_BYTES,
256, /* num_n_bits */ {
BYTES_TO_WORDS_8(FF, FF, FF, FF, FF, FF, FF, FF),
BYTES_TO_WORDS_8(FF, FF, FF, FF, 00, 00, 00, 00),
BYTES_TO_WORDS_8(00, 00, 00, 00, 00, 00, 00, 00),
BYTES_TO_WORDS_8(01, 00, 00, 00, FF, FF, FF, FF)
}, {
BYTES_TO_WORDS_8(51, 25, 63, FC, C2, CA, B9, F3),
BYTES_TO_WORDS_8(84, 9E, 17, A7, AD, FA, E6, BC),
BYTES_TO_WORDS_8(FF, FF, FF, FF, FF, FF, FF, FF),
BYTES_TO_WORDS_8(00, 00, 00, 00, FF, FF, FF, FF)
}, {
BYTES_TO_WORDS_8(96, C2, 98, D8, 45, 39, A1, F4),
BYTES_TO_WORDS_8(A0, 33, EB, 2D, 81, 7D, 03, 77),
BYTES_TO_WORDS_8(F2, 40, A4, 63, E5, E6, BC, F8),
BYTES_TO_WORDS_8(47, 42, 2C, E1, F2, D1, 17, 6B),
BYTES_TO_WORDS_8(F5, 51, BF, 37, 68, 40, B6, CB),
BYTES_TO_WORDS_8(CE, 5E, 31, 6B, 57, 33, CE, 2B),
BYTES_TO_WORDS_8(16, 9E, 0F, 7C, 4A, EB, E7, 8E),
BYTES_TO_WORDS_8(9B, 7F, 1A, FE, E2, 42, E3, 4F)
}, {
BYTES_TO_WORDS_8(4B, 60, D2, 27, 3E, 3C, CE, 3B),
BYTES_TO_WORDS_8(F6, B0, 53, CC, B0, 06, 1D, 65),
BYTES_TO_WORDS_8(BC, 86, 98, 76, 55, BD, EB, B3),
BYTES_TO_WORDS_8(E7, 93, 3A, AA, D8, 35, C6, 5A)
},
&double_jacobian_default,
&x_side_default,
&vli_mmod_fast_secp256r1
};
uECC_Curve uECC_secp256r1(void);
/*
* @brief Generates a random integer in the range 0 < random < top.
* Both random and top have num_words words.
* @param random OUT -- random integer in the range 0 < random < top
* @param top IN -- upper limit
* @param num_words IN -- number of words
* @return a random integer in the range 0 < random < top
*/
int uECC_generate_random_int(uECC_word_t *random, const uECC_word_t *top,
wordcount_t num_words);
/* uECC_RNG_Function type
* The RNG function should fill 'size' random bytes into 'dest'. It should
* return 1 if 'dest' was filled with random data, or 0 if the random data could
* not be generated. The filled-in values should be either truly random, or from
* a cryptographically-secure PRNG.
*
* A correctly functioning RNG function must be set (using uECC_set_rng())
* before calling uECC_make_key() or uECC_sign().
*
* Setting a correctly functioning RNG function improves the resistance to
* side-channel attacks for uECC_shared_secret().
*
* A correct RNG function is set by default. If you are building on another
* POSIX-compliant system that supports /dev/random or /dev/urandom, you can
* define uECC_POSIX to use the predefined RNG.
*/
typedef int(*uECC_RNG_Function)(uint8_t *dest, unsigned int size);
/*
* @brief Set the function that will be used to generate random bytes. The RNG
* function should return 1 if the random data was generated, or 0 if the random
* data could not be generated.
*
* @note On platforms where there is no predefined RNG function, this must be
* called before uECC_make_key() or uECC_sign() are used.
*
* @param rng_function IN -- function that will be used to generate random bytes
*/
void uECC_set_rng(uECC_RNG_Function rng_function);
/*
* @brief provides current uECC_RNG_Function.
* @return Returns the function that will be used to generate random bytes.
*/
uECC_RNG_Function uECC_get_rng(void);
/*
* @brief computes the size of a private key for the curve in bytes.
* @param curve IN -- elliptic curve
* @return size of a private key for the curve in bytes.
*/
int uECC_curve_private_key_size(uECC_Curve curve);
/*
* @brief computes the size of a public key for the curve in bytes.
* @param curve IN -- elliptic curve
* @return the size of a public key for the curve in bytes.
*/
int uECC_curve_public_key_size(uECC_Curve curve);
/*
* @brief Compute the corresponding public key for a private key.
* @param private_key IN -- The private key to compute the public key for
* @param public_key OUT -- Will be filled in with the corresponding public key
* @param curve
* @return Returns 1 if key was computed successfully, 0 if an error occurred.
*/
int uECC_compute_public_key(const uint8_t *private_key,
uint8_t *public_key, uECC_Curve curve);
/*
* @brief Compute public-key.
* @return corresponding public-key.
* @param result OUT -- public-key
* @param private_key IN -- private-key
* @param curve IN -- elliptic curve
*/
uECC_word_t EccPoint_compute_public_key(uECC_word_t *result,
uECC_word_t *private_key, uECC_Curve curve);
/*
* @brief Regularize the bitcount for the private key so that attackers cannot
* use a side channel attack to learn the number of leading zeros.
* @return Regularized k
* @param k IN -- private-key
* @param k0 IN/OUT -- regularized k
* @param k1 IN/OUT -- regularized k
* @param curve IN -- elliptic curve
*/
uECC_word_t regularize_k(const uECC_word_t * const k, uECC_word_t *k0,
uECC_word_t *k1, uECC_Curve curve);
/*
* @brief Point multiplication algorithm using Montgomery's ladder with co-Z
* coordinates. See http://eprint.iacr.org/2011/338.pdf.
* @note Result may overlap point.
* @param result OUT -- returns scalar*point
* @param point IN -- elliptic curve point
* @param scalar IN -- scalar
* @param initial_Z IN -- initial value for z
* @param num_bits IN -- number of bits in scalar
* @param curve IN -- elliptic curve
*/
void EccPoint_mult(uECC_word_t * result, const uECC_word_t * point,
const uECC_word_t * scalar, const uECC_word_t * initial_Z,
bitcount_t num_bits, uECC_Curve curve);
/*
* @brief Constant-time comparison to zero - secure way to compare long integers
* @param vli IN -- very long integer
* @param num_words IN -- number of words in the vli
* @return 1 if vli == 0, 0 otherwise.
*/
uECC_word_t uECC_vli_isZero(const uECC_word_t *vli, wordcount_t num_words);
/*
* @brief Check if 'point' is the point at infinity
* @param point IN -- elliptic curve point
* @param curve IN -- elliptic curve
* @return if 'point' is the point at infinity, 0 otherwise.
*/
uECC_word_t EccPoint_isZero(const uECC_word_t *point, uECC_Curve curve);
/*
* @brief computes the sign of left - right, in constant time.
* @param left IN -- left term to be compared
* @param right IN -- right term to be compared
* @param num_words IN -- number of words
* @return the sign of left - right
*/
cmpresult_t uECC_vli_cmp(const uECC_word_t *left, const uECC_word_t *right,
wordcount_t num_words);
/*
* @brief computes sign of left - right, not in constant time.
* @note should not be used if inputs are part of a secret
* @param left IN -- left term to be compared
* @param right IN -- right term to be compared
* @param num_words IN -- number of words
* @return the sign of left - right
*/
cmpresult_t uECC_vli_cmp_unsafe(const uECC_word_t *left, const uECC_word_t *right,
wordcount_t num_words);
/*
* @brief Computes result = (left - right) % mod.
* @note Assumes that (left < mod) and (right < mod), and that result does not
* overlap mod.
* @param result OUT -- (left - right) % mod
* @param left IN -- leftright term in modular subtraction
* @param right IN -- right term in modular subtraction
* @param mod IN -- mod
* @param num_words IN -- number of words
*/
void uECC_vli_modSub(uECC_word_t *result, const uECC_word_t *left,
const uECC_word_t *right, const uECC_word_t *mod,
wordcount_t num_words);
/*
* @brief Computes P' = (x1', y1', Z3), P + Q = (x3, y3, Z3) or
* P => P', Q => P + Q
* @note assumes Input P = (x1, y1, Z), Q = (x2, y2, Z)
* @param X1 IN -- x coordinate of P
* @param Y1 IN -- y coordinate of P
* @param X2 IN -- x coordinate of Q
* @param Y2 IN -- y coordinate of Q
* @param curve IN -- elliptic curve
*/
void XYcZ_add(uECC_word_t * X1, uECC_word_t * Y1, uECC_word_t * X2,
uECC_word_t * Y2, uECC_Curve curve);
/*
* @brief Computes (x1 * z^2, y1 * z^3)
* @param X1 IN -- previous x1 coordinate
* @param Y1 IN -- previous y1 coordinate
* @param Z IN -- z value
* @param curve IN -- elliptic curve
*/
void apply_z(uECC_word_t * X1, uECC_word_t * Y1, const uECC_word_t * const Z,
uECC_Curve curve);
/*
* @brief Check if bit is set.
* @return Returns nonzero if bit 'bit' of vli is set.
* @warning It is assumed that the value provided in 'bit' is within the
* boundaries of the word-array 'vli'.
* @note The bit ordering layout assumed for vli is: {31, 30, ..., 0},
* {63, 62, ..., 32}, {95, 94, ..., 64}, {127, 126,..., 96} for a vli consisting
* of 4 uECC_word_t elements.
*/
uECC_word_t uECC_vli_testBit(const uECC_word_t *vli, bitcount_t bit);
/*
* @brief Computes result = product % mod, where product is 2N words long.
* @param result OUT -- product % mod
* @param mod IN -- module
* @param num_words IN -- number of words
* @warning Currently only designed to work for curve_p or curve_n.
*/
void uECC_vli_mmod(uECC_word_t *result, uECC_word_t *product,
const uECC_word_t *mod, wordcount_t num_words);
/*
* @brief Computes modular product (using curve->mmod_fast)
* @param result OUT -- (left * right) mod % curve_p
* @param left IN -- left term in product
* @param right IN -- right term in product
* @param curve IN -- elliptic curve
*/
void uECC_vli_modMult_fast(uECC_word_t *result, const uECC_word_t *left,
const uECC_word_t *right, uECC_Curve curve);
/*
* @brief Computes result = left - right.
* @note Can modify in place.
* @param result OUT -- left - right
* @param left IN -- left term in subtraction
* @param right IN -- right term in subtraction
* @param num_words IN -- number of words
* @return borrow
*/
uECC_word_t uECC_vli_sub(uECC_word_t *result, const uECC_word_t *left,
const uECC_word_t *right, wordcount_t num_words);
/*
* @brief Constant-time comparison function(secure way to compare long ints)
* @param left IN -- left term in comparison
* @param right IN -- right term in comparison
* @param num_words IN -- number of words
* @return Returns 0 if left == right, 1 otherwise.
*/
uECC_word_t uECC_vli_equal(const uECC_word_t *left, const uECC_word_t *right,
wordcount_t num_words);
/*
* @brief Computes (left * right) % mod
* @param result OUT -- (left * right) % mod
* @param left IN -- left term in product
* @param right IN -- right term in product
* @param mod IN -- mod
* @param num_words IN -- number of words
*/
void uECC_vli_modMult(uECC_word_t *result, const uECC_word_t *left,
const uECC_word_t *right, const uECC_word_t *mod,
wordcount_t num_words);
/*
* @brief Computes (1 / input) % mod
* @note All VLIs are the same size.
* @note See "Euclid's GCD to Montgomery Multiplication to the Great Divide"
* @param result OUT -- (1 / input) % mod
* @param input IN -- value to be modular inverted
* @param mod IN -- mod
* @param num_words -- number of words
*/
void uECC_vli_modInv(uECC_word_t *result, const uECC_word_t *input,
const uECC_word_t *mod, wordcount_t num_words);
/*
* @brief Sets dest = src.
* @param dest OUT -- destination buffer
* @param src IN -- origin buffer
* @param num_words IN -- number of words
*/
void uECC_vli_set(uECC_word_t *dest, const uECC_word_t *src,
wordcount_t num_words);
/*
* @brief Computes (left + right) % mod.
* @note Assumes that (left < mod) and right < mod), and that result does not
* overlap mod.
* @param result OUT -- (left + right) % mod.
* @param left IN -- left term in addition
* @param right IN -- right term in addition
* @param mod IN -- mod
* @param num_words IN -- number of words
*/
void uECC_vli_modAdd(uECC_word_t *result, const uECC_word_t *left,
const uECC_word_t *right, const uECC_word_t *mod,
wordcount_t num_words);
/*
* @brief Counts the number of bits required to represent vli.
* @param vli IN -- very long integer
* @param max_words IN -- number of words
* @return number of bits in given vli
*/
bitcount_t uECC_vli_numBits(const uECC_word_t *vli,
const wordcount_t max_words);
/*
* @brief Erases (set to 0) vli
* @param vli IN -- very long integer
* @param num_words IN -- number of words
*/
void uECC_vli_clear(uECC_word_t *vli, wordcount_t num_words);
/*
* @brief check if it is a valid point in the curve
* @param point IN -- point to be checked
* @param curve IN -- elliptic curve
* @return 0 if point is valid
* @exception returns -1 if it is a point at infinity
* @exception returns -2 if x or y is smaller than p,
* @exception returns -3 if y^2 != x^3 + ax + b.
*/
int uECC_valid_point(const uECC_word_t *point, uECC_Curve curve);
/*
* @brief Check if a public key is valid.
* @param public_key IN -- The public key to be checked.
* @return returns 0 if the public key is valid
* @exception returns -1 if it is a point at infinity
* @exception returns -2 if x or y is smaller than p,
* @exception returns -3 if y^2 != x^3 + ax + b.
* @exception returns -4 if public key is the group generator.
*
* @note Note that you are not required to check for a valid public key before
* using any other uECC functions. However, you may wish to avoid spending CPU
* time computing a shared secret or verifying a signature using an invalid
* public key.
*/
int uECC_valid_public_key(const uint8_t *public_key, uECC_Curve curve);
/*
* @brief Converts an integer in uECC native format to big-endian bytes.
* @param bytes OUT -- bytes representation
* @param num_bytes IN -- number of bytes
* @param native IN -- uECC native representation
*/
void uECC_vli_nativeToBytes(uint8_t *bytes, int num_bytes,
const unsigned int *native);
/*
* @brief Converts big-endian bytes to an integer in uECC native format.
* @param native OUT -- uECC native representation
* @param bytes IN -- bytes representation
* @param num_bytes IN -- number of bytes
*/
void uECC_vli_bytesToNative(unsigned int *native, const uint8_t *bytes,
int num_bytes);
#ifdef __cplusplus
}
#endif
#endif /* __TC_UECC_H__ */

129
lib/sec_library/include/soft_crypto/crypto_ecc_dh.h Executable file
View File

@@ -0,0 +1,129 @@
/* ecc_dh.h - TinyCrypt interface to EC-DH implementation */
/*
* Copyright (c) 2014, Kenneth MacKay
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/* Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* - Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* - Neither the name of Intel Corporation nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/**
* @file
* @brief -- Interface to EC-DH implementation.
*
* Overview: This software is an implementation of EC-DH. This implementation
* uses curve NIST p-256.
*
* Security: The curve NIST p-256 provides approximately 128 bits of security.
*/
#ifndef __TC_ECC_DH_H__
#define __TC_ECC_DH_H__
#include <crypto_ecc.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Create a public/private key pair.
* @return returns TC_CRYPTO_SUCCESS (1) if the key pair was generated successfully
* returns TC_CRYPTO_FAIL (0) if error while generating key pair
*
* @param p_public_key OUT -- Will be filled in with the public key. Must be at
* least 2 * the curve size (in bytes) long. For curve secp256r1, p_public_key
* must be 64 bytes long.
* @param p_private_key OUT -- Will be filled in with the private key. Must be as
* long as the curve order (for secp256r1, p_private_key must be 32 bytes long).
*
* @note side-channel countermeasure: algorithm strengthened against timing
* attack.
* @warning A cryptographically-secure PRNG function must be set (using
* uECC_set_rng()) before calling uECC_make_key().
*/
int uECC_make_key(uint8_t *p_public_key, uint8_t *p_private_key, uECC_Curve curve);
/**
* @brief Create a public/private key pair given a specific d.
*
* @note THIS FUNCTION SHOULD BE CALLED ONLY FOR TEST PURPOSES. Refer to
* uECC_make_key() function for real applications.
*/
int uECC_make_key_with_d(uint8_t *p_public_key, uint8_t *p_private_key,
unsigned int *d, uECC_Curve curve);
/**
* @brief Compute a shared secret given your secret key and someone else's
* public key.
* @return returns TC_CRYPTO_SUCCESS (1) if the shared secret was computed successfully
* returns TC_CRYPTO_FAIL (0) otherwise
*
* @param p_secret OUT -- Will be filled in with the shared secret value. Must be
* the same size as the curve size (for curve secp256r1, secret must be 32 bytes
* long.
* @param p_public_key IN -- The public key of the remote party.
* @param p_private_key IN -- Your private key.
*
* @warning It is recommended to use the output of uECC_shared_secret() as the
* input of a recommended Key Derivation Function (see NIST SP 800-108) in
* order to produce a cryptographically secure symmetric key.
*/
int uECC_shared_secret(const uint8_t *p_public_key, const uint8_t *p_private_key,
uint8_t *p_secret, uECC_Curve curve);
#ifdef __cplusplus
}
#endif
#endif /* __TC_ECC_DH_H__ */

137
lib/sec_library/include/soft_crypto/crypto_ecc_dsa.h Executable file
View File

@@ -0,0 +1,137 @@
/* ecc_dh.h - TinyCrypt interface to EC-DSA implementation */
/*
* Copyright (c) 2014, Kenneth MacKay
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/*
* Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* - Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* - Neither the name of Intel Corporation nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/**
* @file
* @brief -- Interface to EC-DSA implementation.
*
* Overview: This software is an implementation of EC-DSA. This implementation
* uses curve NIST p-256.
*
* Security: The curve NIST p-256 provides approximately 128 bits of security.
*
* Usage: - To sign: Compute a hash of the data you wish to sign (SHA-2 is
* recommended) and pass it in to ecdsa_sign function along with your
* private key and a random number. You must use a new non-predictable
* random number to generate each new signature.
* - To verify a signature: Compute the hash of the signed data using
* the same hash as the signer and pass it to this function along with
* the signer's public key and the signature values (r and s).
*/
#ifndef __TC_ECC_DSA_H__
#define __TC_ECC_DSA_H__
#include <crypto_ecc.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Generate an ECDSA signature for a given hash value.
* @return returns TC_CRYPTO_SUCCESS (1) if the signature generated successfully
* returns TC_CRYPTO_FAIL (0) if an error occurred.
*
* @param p_private_key IN -- Your private key.
* @param p_message_hash IN -- The hash of the message to sign.
* @param p_hash_size IN -- The size of p_message_hash in bytes.
* @param p_signature OUT -- Will be filled in with the signature value. Must be
* at least 2 * curve size long (for secp256r1, signature must be 64 bytes long).
*
* @warning A cryptographically-secure PRNG function must be set (using
* uECC_set_rng()) before calling uECC_sign().
* @note Usage: Compute a hash of the data you wish to sign (SHA-2 is
* recommended) and pass it in to this function along with your private key.
* @note side-channel countermeasure: algorithm strengthened against timing
* attack.
*/
int uECC_sign(const uint8_t *p_private_key, const uint8_t *p_message_hash,
unsigned p_hash_size, uint8_t *p_signature, uECC_Curve curve);
/*
* THIS FUNCTION SHOULD BE CALLED FOR TEST PURPOSES ONLY.
* Refer to uECC_sign() function for real applications.
*/
int uECC_sign_with_k(const uint8_t *private_key, const uint8_t *message_hash,
unsigned int hash_size, uECC_word_t *k, uint8_t *signature,
uECC_Curve curve);
/**
* @brief Verify an ECDSA signature.
* @return returns TC_SUCCESS (1) if the signature is valid
* returns TC_FAIL (0) if the signature is invalid.
*
* @param p_public_key IN -- The signer's public key.
* @param p_message_hash IN -- The hash of the signed data.
* @param p_hash_size IN -- The size of p_message_hash in bytes.
* @param p_signature IN -- The signature values.
*
* @note Usage: Compute the hash of the signed data using the same hash as the
* signer and pass it to this function along with the signer's public key and
* the signature values (hash_size and signature).
*/
int uECC_verify(const uint8_t *p_public_key, const uint8_t *p_message_hash,
unsigned int p_hash_size, const uint8_t *p_signature, uECC_Curve curve);
#ifdef __cplusplus
}
#endif
#endif /* __TC_ECC_DSA_H__ */

81
lib/sec_library/include/soft_crypto/crypto_ecc_platform_specific.h Executable file
View File

@@ -0,0 +1,81 @@
/* uECC_platform_specific.h - Interface to platform specific functions*/
/* Copyright (c) 2014, Kenneth MacKay
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.*/
/*
* Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* - Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* - Neither the name of Intel Corporation nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* uECC_platform_specific.h -- Interface to platform specific functions
*/
#ifndef __UECC_PLATFORM_SPECIFIC_H_
#define __UECC_PLATFORM_SPECIFIC_H_
/*
* The RNG function should fill 'size' random bytes into 'dest'. It should
* return 1 if 'dest' was filled with random data, or 0 if the random data could
* not be generated. The filled-in values should be either truly random, or from
* a cryptographically-secure PRNG.
*
* A cryptographically-secure PRNG function must be set (using uECC_set_rng())
* before calling uECC_make_key() or uECC_sign().
*
* Setting a cryptographically-secure PRNG function improves the resistance to
* side-channel attacks for uECC_shared_secret().
*
* A correct PRNG function is set by default (default_RNG_defined = 1) and works
* for some platforms, such as Unix and Linux. For other platforms, you may need
* to provide another PRNG function.
*/
#define default_RNG_defined 1
int default_CSPRNG(uint8_t *dest, unsigned int size);
#endif /* __UECC_PLATFORM_SPECIFIC_H_ */

324
lib/sec_library/include/soft_crypto/crypto_gcm.h Normal file
View File

@@ -0,0 +1,324 @@
/**
* \file gcm.h
*
* \brief This file contains GCM definitions and functions.
*
* The Galois/Counter Mode (GCM) for 128-bit block ciphers is defined
* in <em>D. McGrew, J. Viega, The Galois/Counter Mode of Operation
* (GCM), Natl. Inst. Stand. Technol.</em>
*
* For more information on GCM, see <em>NIST SP 800-38D: Recommendation for
* Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC</em>.
*
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef MBEDTLS_GCM_H
#define MBEDTLS_GCM_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "crypto_config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "crypto_cipher.h"
#include <stdint.h>
#define MBEDTLS_GCM_ENCRYPT 1
#define MBEDTLS_GCM_DECRYPT 0
#define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 /**< Authenticated decryption failed. */
/* MBEDTLS_ERR_GCM_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED -0x0013 /**< GCM hardware accelerator failed. */
#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */
#ifdef __cplusplus
extern "C" {
#endif
#if !defined(MBEDTLS_GCM_ALT)
/**
* \brief The GCM context structure.
*/
typedef struct mbedtls_gcm_context
{
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
uint64_t HL[16]; /*!< Precalculated HTable low. */
uint64_t HH[16]; /*!< Precalculated HTable high. */
uint64_t len; /*!< The total length of the encrypted data. */
uint64_t add_len; /*!< The total length of the additional data. */
unsigned char base_ectr[16]; /*!< The first ECTR for tag. */
unsigned char y[16]; /*!< The Y working value. */
unsigned char buf[16]; /*!< The buf working value. */
int mode; /*!< The operation to perform:
#MBEDTLS_GCM_ENCRYPT or
#MBEDTLS_GCM_DECRYPT. */
}
mbedtls_gcm_context;
#else /* !MBEDTLS_GCM_ALT */
#include "gcm_alt.h"
#endif /* !MBEDTLS_GCM_ALT */
/**
* \brief This function initializes the specified GCM context,
* to make references valid, and prepares the context
* for sc_mbedtls_gcm_setkey() or sc_mbedtls_gcm_free().
*
* The function does not bind the GCM context to a particular
* cipher, nor set the key. For this purpose, use
* sc_mbedtls_gcm_setkey().
*
* \param ctx The GCM context to initialize. This must not be \c NULL.
*/
void sc_mbedtls_gcm_init( mbedtls_gcm_context *ctx );
/**
* \brief This function associates a GCM context with a
* cipher algorithm and a key.
*
* \param ctx The GCM context. This must be initialized.
* \param cipher The 128-bit block cipher to use.
* \param key The encryption key. This must be a readable buffer of at
* least \p keybits bits.
* \param keybits The key size in bits. Valid options are:
* <ul><li>128 bits</li>
* <li>192 bits</li>
* <li>256 bits</li></ul>
*
* \return \c 0 on success.
* \return A cipher-specific error code on failure.
*/
int sc_mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
mbedtls_cipher_id_t cipher,
const unsigned char *key,
unsigned int keybits );
/**
* \brief This function performs GCM encryption or decryption of a buffer.
*
* \note For encryption, the output buffer can be the same as the
* input buffer. For decryption, the output buffer cannot be
* the same as input buffer. If the buffers overlap, the output
* buffer must trail at least 8 Bytes behind the input buffer.
*
* \warning When this function performs a decryption, it outputs the
* authentication tag and does not verify that the data is
* authentic. You should use this function to perform encryption
* only. For decryption, use sc_mbedtls_gcm_auth_decrypt() instead.
*
* \param ctx The GCM context to use for encryption or decryption. This
* must be initialized.
* \param mode The operation to perform:
* - #MBEDTLS_GCM_ENCRYPT to perform authenticated encryption.
* The ciphertext is written to \p output and the
* authentication tag is written to \p tag.
* - #MBEDTLS_GCM_DECRYPT to perform decryption.
* The plaintext is written to \p output and the
* authentication tag is written to \p tag.
* Note that this mode is not recommended, because it does
* not verify the authenticity of the data. For this reason,
* you should use sc_mbedtls_gcm_auth_decrypt() instead of
* calling this function in decryption mode.
* \param length The length of the input data, which is equal to the length
* of the output data.
* \param iv The initialization vector. This must be a readable buffer of
* at least \p iv_len Bytes.
* \param iv_len The length of the IV.
* \param add The buffer holding the additional data. This must be of at
* least that size in Bytes.
* \param add_len The length of the additional data.
* \param input The buffer holding the input data. If \p length is greater
* than zero, this must be a readable buffer of at least that
* size in Bytes.
* \param output The buffer for holding the output data. If \p length is greater
* than zero, this must be a writable buffer of at least that
* size in Bytes.
* \param tag_len The length of the tag to generate.
* \param tag The buffer for holding the tag. This must be a writable
* buffer of at least \p tag_len Bytes.
*
* \return \c 0 if the encryption or decryption was performed
* successfully. Note that in #MBEDTLS_GCM_DECRYPT mode,
* this does not indicate that the data is authentic.
* \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
* not valid or a cipher-specific error code if the encryption
* or decryption failed.
*/
int sc_mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
int mode,
size_t length,
const unsigned char *iv,
size_t iv_len,
const unsigned char *add,
size_t add_len,
const unsigned char *input,
unsigned char *output,
size_t tag_len,
unsigned char *tag );
/**
* \brief This function performs a GCM authenticated decryption of a
* buffer.
*
* \note For decryption, the output buffer cannot be the same as
* input buffer. If the buffers overlap, the output buffer
* must trail at least 8 Bytes behind the input buffer.
*
* \param ctx The GCM context. This must be initialized.
* \param length The length of the ciphertext to decrypt, which is also
* the length of the decrypted plaintext.
* \param iv The initialization vector. This must be a readable buffer
* of at least \p iv_len Bytes.
* \param iv_len The length of the IV.
* \param add The buffer holding the additional data. This must be of at
* least that size in Bytes.
* \param add_len The length of the additional data.
* \param tag The buffer holding the tag to verify. This must be a
* readable buffer of at least \p tag_len Bytes.
* \param tag_len The length of the tag to verify.
* \param input The buffer holding the ciphertext. If \p length is greater
* than zero, this must be a readable buffer of at least that
* size.
* \param output The buffer for holding the decrypted plaintext. If \p length
* is greater than zero, this must be a writable buffer of at
* least that size.
*
* \return \c 0 if successful and authenticated.
* \return #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match.
* \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
* not valid or a cipher-specific error code if the decryption
* failed.
*/
int sc_mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
size_t length,
const unsigned char *iv,
size_t iv_len,
const unsigned char *add,
size_t add_len,
const unsigned char *tag,
size_t tag_len,
const unsigned char *input,
unsigned char *output );
/**
* \brief This function starts a GCM encryption or decryption
* operation.
*
* \param ctx The GCM context. This must be initialized.
* \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or
* #MBEDTLS_GCM_DECRYPT.
* \param iv The initialization vector. This must be a readable buffer of
* at least \p iv_len Bytes.
* \param iv_len The length of the IV.
* \param add The buffer holding the additional data, or \c NULL
* if \p add_len is \c 0.
* \param add_len The length of the additional data. If \c 0,
* \p add may be \c NULL.
*
* \return \c 0 on success.
*/
int sc_mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
int mode,
const unsigned char *iv,
size_t iv_len,
const unsigned char *add,
size_t add_len );
/**
* \brief This function feeds an input buffer into an ongoing GCM
* encryption or decryption operation.
*
* ` The function expects input to be a multiple of 16
* Bytes. Only the last call before calling
* sc_mbedtls_gcm_finish() can be less than 16 Bytes.
*
* \note For decryption, the output buffer cannot be the same as
* input buffer. If the buffers overlap, the output buffer
* must trail at least 8 Bytes behind the input buffer.
*
* \param ctx The GCM context. This must be initialized.
* \param length The length of the input data. This must be a multiple of
* 16 except in the last call before sc_mbedtls_gcm_finish().
* \param input The buffer holding the input data. If \p length is greater
* than zero, this must be a readable buffer of at least that
* size in Bytes.
* \param output The buffer for holding the output data. If \p length is
* greater than zero, this must be a writable buffer of at
* least that size in Bytes.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
*/
int sc_mbedtls_gcm_update( mbedtls_gcm_context *ctx,
size_t length,
const unsigned char *input,
unsigned char *output );
/**
* \brief This function finishes the GCM operation and generates
* the authentication tag.
*
* It wraps up the GCM stream, and generates the
* tag. The tag can have a maximum length of 16 Bytes.
*
* \param ctx The GCM context. This must be initialized.
* \param tag The buffer for holding the tag. This must be a writable
* buffer of at least \p tag_len Bytes.
* \param tag_len The length of the tag to generate. This must be at least
* four.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
*/
int sc_mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
unsigned char *tag,
size_t tag_len );
/**
* \brief This function clears a GCM context and the underlying
* cipher sub-context.
*
* \param ctx The GCM context to clear. If this is \c NULL, the call has
* no effect. Otherwise, this must be initialized.
*/
void sc_mbedtls_gcm_free( mbedtls_gcm_context *ctx );
#if defined(MBEDTLS_SELF_TEST)
/**
* \brief The GCM checkup routine.
*
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int sc_mbedtls_gcm_self_test( int verbose );
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus
}
#endif
#endif /* gcm.h */

341
lib/sec_library/include/soft_crypto/crypto_md.h Executable file
View File

@@ -0,0 +1,341 @@
/**
* \file md.h
*
* \brief Generic message digest wrapper
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef SC_SC_MBEDTLS_MD_H
#define SC_SC_MBEDTLS_MD_H
#include <stddef.h>
#include "sec_crypto_errcode.h"
#define SC_MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE SC_FEATURE_UNAVAILABLE /**< The selected feature is not available. */
#define SC_MBEDTLS_ERR_MD_BAD_INPUT_DATA SC_BAD_INPUT_DATA /**< Bad input parameters to function. */
#define SC_MBEDTLS_ERR_MD_ALLOC_FAILED SC_ALLOC_FAILED /**< Failed to allocate memory. */
#define SC_MBEDTLS_ERR_MD_FILE_IO_ERROR SC_FAIL /**< Opening or reading of file failed. */
#ifdef __cplusplus
extern "C" {
#endif
typedef enum {
SC_MBEDTLS_MD_NONE=0,
SC_MBEDTLS_MD_MD2,
SC_MBEDTLS_MD_MD4,
SC_MBEDTLS_MD_MD5,
SC_MBEDTLS_MD_SHA1,
SC_MBEDTLS_MD_SHA224,
SC_MBEDTLS_MD_SHA256,
SC_MBEDTLS_MD_SHA384,
SC_MBEDTLS_MD_SHA512,
SC_MBEDTLS_MD_RIPEMD160,
} sc_mbedtls_md_type_t;
#if defined(MBEDTLS_SHA512_C)
#define SC_MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */
#else
#define SC_MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 or less */
#endif
/**
* Opaque struct defined in md_internal.h
*/
typedef struct sc_mbedtls_md_info_t sc_mbedtls_md_info_t;
/**
* Generic message digest context.
*/
typedef struct {
/** Information about the associated message digest */
const sc_mbedtls_md_info_t *md_info;
/** Digest-specific context */
void *md_ctx;
/** HMAC part of the context */
void *hmac_ctx;
} sc_mbedtls_md_context_t;
/**
* \brief Returns the list of digests supported by the generic digest module.
*
* \return a statically allocated array of digests, the last entry
* is 0.
*/
const int *sc_mbedtls_md_list( void );
/**
* \brief Returns the message digest information associated with the
* given digest name.
*
* \param md_name Name of the digest to search for.
*
* \return The message digest information associated with md_name or
* NULL if not found.
*/
const sc_mbedtls_md_info_t *sc_mbedtls_md_info_from_string( const char *md_name );
/**
* \brief Returns the message digest information associated with the
* given digest type.
*
* \param md_type type of digest to search for.
*
* \return The message digest information associated with md_type or
* NULL if not found.
*/
const sc_mbedtls_md_info_t *sc_mbedtls_md_info_from_type( sc_mbedtls_md_type_t md_type );
/**
* \brief Initialize a md_context (as NONE)
* This should always be called first.
* Prepares the context for sc_mbedtls_md_setup() or sc_mbedtls_md_free().
*/
void sc_mbedtls_md_init( sc_mbedtls_md_context_t *ctx );
/**
* \brief Free and clear the internal structures of ctx.
* Can be called at any time after sc_mbedtls_md_init().
* Mandatory once sc_mbedtls_md_setup() has been called.
*/
void sc_mbedtls_md_free( sc_mbedtls_md_context_t *ctx );
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
#else
#define MBEDTLS_DEPRECATED
#endif
/**
* \brief Select MD to use and allocate internal structures.
* Should be called after sc_mbedtls_md_init() or sc_mbedtls_md_free().
* Makes it necessary to call sc_mbedtls_md_free() later.
*
* \deprecated Superseded by sc_mbedtls_md_setup() in 2.0.0
*
* \param ctx Context to set up.
* \param md_info Message digest to use.
*
* \returns \c 0 on success,
* \c SC_MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
* \c SC_MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
*/
int sc_mbedtls_md_init_ctx( sc_mbedtls_md_context_t *ctx, const sc_mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
#undef MBEDTLS_DEPRECATED
#endif /* MBEDTLS_DEPRECATED_REMOVED */
/**
* \brief Select MD to use and allocate internal structures.
* Should be called after sc_mbedtls_md_init() or sc_mbedtls_md_free().
* Makes it necessary to call sc_mbedtls_md_free() later.
*
* \param ctx Context to set up.
* \param md_info Message digest to use.
* \param hmac 0 to save some memory if HMAC will not be used,
* non-zero is HMAC is going to be used with this context.
*
* \returns \c 0 on success,
* \c SC_MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
* \c SC_MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
*/
int sc_mbedtls_md_setup( sc_mbedtls_md_context_t *ctx, const sc_mbedtls_md_info_t *md_info, int hmac );
/**
* \brief Clone the state of an MD context
*
* \note The two contexts must have been setup to the same type
* (cloning from SHA-256 to SHA-512 make no sense).
*
* \warning Only clones the MD state, not the HMAC state! (for now)
*
* \param dst The destination context
* \param src The context to be cloned
*
* \return \c 0 on success,
* \c SC_MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure.
*/
int sc_mbedtls_md_clone( sc_mbedtls_md_context_t *dst,
const sc_mbedtls_md_context_t *src );
/**
* \brief Returns the size of the message digest output.
*
* \param md_info message digest info
*
* \return size of the message digest output in bytes.
*/
unsigned char sc_mbedtls_md_get_size( const sc_mbedtls_md_info_t *md_info );
/**
* \brief Returns the type of the message digest output.
*
* \param md_info message digest info
*
* \return type of the message digest output.
*/
sc_mbedtls_md_type_t sc_mbedtls_md_get_type( const sc_mbedtls_md_info_t *md_info );
/**
* \brief Returns the name of the message digest output.
*
* \param md_info message digest info
*
* \return name of the message digest output.
*/
const char *sc_mbedtls_md_get_name( const sc_mbedtls_md_info_t *md_info );
/**
* \brief Prepare the context to digest a new message.
* Generally called after sc_mbedtls_md_setup() or sc_mbedtls_md_finish().
* Followed by sc_mbedtls_md_update().
*
* \param ctx generic message digest context.
*
* \returns 0 on success, SC_MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
* verification fails.
*/
int sc_mbedtls_md_starts( sc_mbedtls_md_context_t *ctx );
/**
* \brief Generic message digest process buffer
* Called between sc_mbedtls_md_starts() and sc_mbedtls_md_finish().
* May be called repeatedly.
*
* \param ctx Generic message digest context
* \param input buffer holding the datal
* \param ilen length of the input data
*
* \returns 0 on success, SC_MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
* verification fails.
*/
int sc_mbedtls_md_update( sc_mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
/**
* \brief Generic message digest final digest
* Called after sc_mbedtls_md_update().
* Usually followed by sc_mbedtls_md_free() or sc_mbedtls_md_starts().
*
* \param ctx Generic message digest context
* \param output Generic message digest checksum result
*
* \returns 0 on success, SC_MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
* verification fails.
*/
int sc_mbedtls_md_finish( sc_mbedtls_md_context_t *ctx, unsigned char *output );
/**
* \brief Output = message_digest( input buffer )
*
* \param md_info message digest info
* \param input buffer holding the data
* \param ilen length of the input data
* \param output Generic message digest checksum result
*
* \returns 0 on success, SC_MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
* verification fails.
*/
int sc_mbedtls_md( const sc_mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
unsigned char *output );
/**
* \brief Set HMAC key and prepare to authenticate a new message.
* Usually called after sc_mbedtls_md_setup() or sc_mbedtls_md_hmac_finish().
*
* \param ctx HMAC context
* \param key HMAC secret key
* \param keylen length of the HMAC key in bytes
*
* \returns 0 on success, SC_MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
* verification fails.
*/
int sc_mbedtls_md_hmac_starts( sc_mbedtls_md_context_t *ctx, const unsigned char *key,
size_t keylen );
/**
* \brief Generic HMAC process buffer.
* Called between sc_mbedtls_md_hmac_starts() or sc_mbedtls_md_hmac_reset()
* and sc_mbedtls_md_hmac_finish().
* May be called repeatedly.
*
* \param ctx HMAC context
* \param input buffer holding the data
* \param ilen length of the input data
*
* \returns 0 on success, SC_MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
* verification fails.
*/
int sc_mbedtls_md_hmac_update( sc_mbedtls_md_context_t *ctx, const unsigned char *input,
size_t ilen );
/**
* \brief Output HMAC.
* Called after sc_mbedtls_md_hmac_update().
* Usually followed by sc_mbedtls_md_hmac_reset(),
* sc_mbedtls_md_hmac_starts(), or sc_mbedtls_md_free().
*
* \param ctx HMAC context
* \param output Generic HMAC checksum result
*
* \returns 0 on success, SC_MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
* verification fails.
*/
int sc_mbedtls_md_hmac_finish( sc_mbedtls_md_context_t *ctx, unsigned char *output);
/**
* \brief Prepare to authenticate a new message with the same key.
* Called after sc_mbedtls_md_hmac_finish() and before
* sc_mbedtls_md_hmac_update().
*
* \param ctx HMAC context to be reset
*
* \returns 0 on success, SC_MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
* verification fails.
*/
int sc_mbedtls_md_hmac_reset( sc_mbedtls_md_context_t *ctx );
/**
* \brief Output = Generic_HMAC( hmac key, input buffer )
*
* \param md_info message digest info
* \param key HMAC secret key
* \param keylen length of the HMAC key in bytes
* \param input buffer holding the data
* \param ilen length of the input data
* \param output Generic HMAC-result
*
* \returns 0 on success, SC_MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
* verification fails.
*/
int sc_mbedtls_md_hmac( const sc_mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
const unsigned char *input, size_t ilen,
unsigned char *output );
/* Internal use */
int sc_mbedtls_md_process( sc_mbedtls_md_context_t *ctx, const unsigned char *data );
#ifdef __cplusplus
}
#endif
#endif /* SC_SC_MBEDTLS_MD_H */

92
lib/sec_library/include/soft_crypto/crypto_md_internal.h Executable file
View File

@@ -0,0 +1,92 @@
/**
* \file md_internal.h
*
* \brief Message digest wrappers.
*
* \warning This in an internal header. Do not include directly.
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef SC_SC_MBEDTLS_MD_WRAP_H
#define SC_SC_MBEDTLS_MD_WRAP_H
#include "crypto_config.h"
#include "crypto_md.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* Message digest information.
* Allows message digest functions to be called in a generic way.
*/
struct sc_mbedtls_md_info_t
{
/** Digest identifier */
sc_mbedtls_md_type_t type;
/** Name of the message digest */
const char * name;
/** Output length of the digest function in bytes */
int size;
/** Block length of the digest function in bytes */
int block_size;
/** Digest initialisation function */
void (*starts_func)( void *ctx );
/** Digest update function */
void (*update_func)( void *ctx, const unsigned char *input, size_t ilen );
/** Digest finalisation function */
void (*finish_func)( void *ctx, unsigned char *output );
/** Generic digest function */
void (*digest_func)( const unsigned char *input, size_t ilen,
unsigned char *output );
/** Allocate a new context */
void * (*ctx_alloc_func)( void );
/** Free the given context */
void (*ctx_free_func)( void *ctx );
/** Clone state from a context */
void (*clone_func)( void *dst, const void *src );
/** Internal use only */
void (*process_func)( void *ctx, const unsigned char *input );
};
extern const sc_mbedtls_md_info_t sc_mbedtls_sha1_info;
//#if defined(CONFIG_SEC_CRYPTO_SHA_SW)
extern const sc_mbedtls_md_info_t sc_mbedtls_sha224_info;
extern const sc_mbedtls_md_info_t sc_mbedtls_sha256_info;
//#endif
#ifdef __cplusplus
}
#endif
#endif /* SC_SC_MBEDTLS_MD_WRAP_H */

614
lib/sec_library/include/soft_crypto/crypto_oid.h Executable file
View File

@@ -0,0 +1,614 @@
/**
* \file oid.h
*
* \brief Object Identifier (OID) database
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef SC_MBEDTLS_OID_H
#define SC_MBEDTLS_OID_H
#include "crypto_config.h"
#include "crypto_asn1.h"
#include <stddef.h>
#include "crypto_md.h"
#define SC_MBEDTLS_ERR_OID_NOT_FOUND SC_INVALID_FORMAT /**< OID is not found. */
#define SC_MBEDTLS_ERR_OID_BUF_TOO_SMALL SC_BUFFER_TOO_SMALL /**< output buffer is too small */
/*
* Top level OID tuples
*/
#define MBEDTLS_OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */
#define MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x2b" /* {iso(1) identified-organization(3)} */
#define MBEDTLS_OID_ISO_CCITT_DS "\x55" /* {joint-iso-ccitt(2) ds(5)} */
#define MBEDTLS_OID_ISO_ITU_COUNTRY "\x60" /* {joint-iso-itu-t(2) country(16)} */
/*
* ISO Member bodies OID parts
*/
#define MBEDTLS_OID_COUNTRY_US "\x86\x48" /* {us(840)} */
#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */
#define MBEDTLS_OID_RSA_COMPANY \
MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
#define MBEDTLS_OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */
#define MBEDTLS_OID_ANSI_X9_62 \
MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US MBEDTLS_OID_ORG_ANSI_X9_62
/*
* ISO Identified organization OID parts
*/
#define MBEDTLS_OID_ORG_DOD "\x06" /* {dod(6)} */
#define MBEDTLS_OID_ORG_OIW "\x0e"
#define MBEDTLS_OID_OIW_SECSIG MBEDTLS_OID_ORG_OIW "\x03"
#define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02"
#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
#define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */
#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM
#define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */
#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST
/*
* ISO ITU OID parts
*/
#define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */
#define MBEDTLS_OID_ISO_ITU_US_ORG \
MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US \
MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
#define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */
#define MBEDTLS_OID_GOV \
MBEDTLS_OID_ISO_ITU_US_ORG \
MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
#define MBEDTLS_OID_ORG_NETSCAPE "\x86\xF8\x42" /* {netscape(113730)} */
#define MBEDTLS_OID_NETSCAPE \
MBEDTLS_OID_ISO_ITU_US_ORG \
MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */
/* ISO arc for standard certificate and CRL extensions */
#define MBEDTLS_OID_ID_CE \
MBEDTLS_OID_ISO_CCITT_DS \
"\x1D" /**< id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} */
/**
* Private Internet Extensions
* { iso(1) identified-organization(3) dod(6) internet(1)
* security(5) mechanisms(5) pkix(7) }
*/
#define MBEDTLS_OID_PKIX MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01\x05\x05\x07"
/*
* Arc for standard naming attributes
*/
#define MBEDTLS_OID_AT \
MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
#define MBEDTLS_OID_AT_CN MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
#define MBEDTLS_OID_AT_SUR_NAME \
MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
#define MBEDTLS_OID_AT_SERIAL_NUMBER \
MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
#define MBEDTLS_OID_AT_COUNTRY \
MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
#define MBEDTLS_OID_AT_LOCALITY \
MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
#define MBEDTLS_OID_AT_STATE MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
#define MBEDTLS_OID_AT_ORGANIZATION \
MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
#define MBEDTLS_OID_AT_ORG_UNIT \
MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
#define MBEDTLS_OID_AT_TITLE MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
#define MBEDTLS_OID_AT_POSTAL_ADDRESS \
MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
#define MBEDTLS_OID_AT_POSTAL_CODE \
MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
#define MBEDTLS_OID_AT_GIVEN_NAME \
MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
#define MBEDTLS_OID_AT_INITIALS \
MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
#define MBEDTLS_OID_AT_GENERATION_QUALIFIER \
MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER \
MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
#define MBEDTLS_OID_AT_DN_QUALIFIER \
MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
#define MBEDTLS_OID_AT_PSEUDONYM \
MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
#define MBEDTLS_OID_DOMAIN_COMPONENT \
"\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
/*
* OIDs for standard certificate extensions
*/
#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER \
MBEDTLS_OID_ID_CE \
"\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */
#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER \
MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */
#define MBEDTLS_OID_KEY_USAGE \
MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } */
#define MBEDTLS_OID_CERTIFICATE_POLICIES \
MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */
#define MBEDTLS_OID_POLICY_MAPPINGS \
MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } */
#define MBEDTLS_OID_SUBJECT_ALT_NAME \
MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } */
#define MBEDTLS_OID_ISSUER_ALT_NAME \
MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } */
#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS \
MBEDTLS_OID_ID_CE \
"\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */
#define MBEDTLS_OID_BASIC_CONSTRAINTS \
MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } */
#define MBEDTLS_OID_NAME_CONSTRAINTS \
MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } */
#define MBEDTLS_OID_POLICY_CONSTRAINTS \
MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } */
#define MBEDTLS_OID_EXTENDED_KEY_USAGE \
MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS \
MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */
#define MBEDTLS_OID_INIHIBIT_ANYPOLICY \
MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */
#define MBEDTLS_OID_FRESHEST_CRL \
MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */
/*
* Netscape certificate extensions
*/
#define MBEDTLS_OID_NS_CERT MBEDTLS_OID_NETSCAPE "\x01"
#define MBEDTLS_OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT "\x01"
#define MBEDTLS_OID_NS_BASE_URL MBEDTLS_OID_NS_CERT "\x02"
#define MBEDTLS_OID_NS_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x03"
#define MBEDTLS_OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x04"
#define MBEDTLS_OID_NS_RENEWAL_URL MBEDTLS_OID_NS_CERT "\x07"
#define MBEDTLS_OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CERT "\x08"
#define MBEDTLS_OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_CERT "\x0C"
#define MBEDTLS_OID_NS_COMMENT MBEDTLS_OID_NS_CERT "\x0D"
#define MBEDTLS_OID_NS_DATA_TYPE MBEDTLS_OID_NETSCAPE "\x02"
#define MBEDTLS_OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_DATA_TYPE "\x05"
/*
* OIDs for CRL extensions
*/
#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_ID_CE "\x10"
#define MBEDTLS_OID_CRL_NUMBER \
MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
/*
* X.509 v3 Extended key usage OIDs
*/
#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE \
MBEDTLS_OID_EXTENDED_KEY_USAGE \
"\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
#define MBEDTLS_OID_KP MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
#define MBEDTLS_OID_SERVER_AUTH \
MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
#define MBEDTLS_OID_CLIENT_AUTH \
MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
#define MBEDTLS_OID_CODE_SIGNING \
MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
#define MBEDTLS_OID_EMAIL_PROTECTION \
MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
#define MBEDTLS_OID_TIME_STAMPING \
MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
#define MBEDTLS_OID_OCSP_SIGNING \
MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
/*
* PKCS definition OIDs
*/
#define MBEDTLS_OID_PKCS \
MBEDTLS_OID_RSA_COMPANY \
"\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
#define MBEDTLS_OID_PKCS1 \
MBEDTLS_OID_PKCS \
"\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
#define MBEDTLS_OID_PKCS5 \
MBEDTLS_OID_PKCS \
"\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
#define MBEDTLS_OID_PKCS9 \
MBEDTLS_OID_PKCS \
"\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
#define MBEDTLS_OID_PKCS12 \
MBEDTLS_OID_PKCS \
"\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */
/*
* PKCS#1 OIDs
*/
#define MBEDTLS_OID_PKCS1_RSA \
MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
#define MBEDTLS_OID_PKCS1_MD2 MBEDTLS_OID_PKCS1 "\x02" /**< md2WithRSAEncryption ::= { pkcs-1 2 } */
#define MBEDTLS_OID_PKCS1_MD4 MBEDTLS_OID_PKCS1 "\x03" /**< md4WithRSAEncryption ::= { pkcs-1 3 } */
#define MBEDTLS_OID_PKCS1_MD5 MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */
#define MBEDTLS_OID_PKCS1_SHA1 \
MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */
#define MBEDTLS_OID_PKCS1_SHA224 \
MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */
#define MBEDTLS_OID_PKCS1_SHA256 \
MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */
#define MBEDTLS_OID_PKCS1_SHA384 \
MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */
#define MBEDTLS_OID_PKCS1_SHA512 \
MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */
#define MBEDTLS_OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D"
#define MBEDTLS_OID_PKCS9_EMAIL \
MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
/* RFC 4055 */
#define MBEDTLS_OID_RSASSA_PSS MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
#define MBEDTLS_OID_MGF1 MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
/*
* Digest algorithms
*/
#define MBEDTLS_OID_DIGEST_ALG_MD2 \
MBEDTLS_OID_RSA_COMPANY \
"\x02\x02" /**< id-sc_mbedtls_md2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } */
#define MBEDTLS_OID_DIGEST_ALG_MD4 \
MBEDTLS_OID_RSA_COMPANY \
"\x02\x04" /**< id-sc_mbedtls_md4 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 4 } */
#define MBEDTLS_OID_DIGEST_ALG_MD5 \
MBEDTLS_OID_RSA_COMPANY \
"\x02\x05" /**< id-sc_mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA1 \
MBEDTLS_OID_ISO_IDENTIFIED_ORG \
MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-sc_mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA224 \
MBEDTLS_OID_GOV \
"\x03\x04\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA256 \
MBEDTLS_OID_GOV \
"\x03\x04\x02\x01" /**< id-sc_mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA384 \
MBEDTLS_OID_GOV \
"\x03\x04\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
#define MBEDTLS_OID_DIGEST_ALG_SHA512 \
MBEDTLS_OID_GOV \
"\x03\x04\x02\x03" /**< id-sc_mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
#define SC_MBEDTLS_OID_HMAC_SHA1 \
MBEDTLS_OID_RSA_COMPANY \
"\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
/*
* Encryption algorithms
*/
#define MBEDTLS_OID_DES_CBC \
MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG \
"\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
#define MBEDTLS_OID_DES_EDE3_CBC \
MBEDTLS_OID_RSA_COMPANY \
"\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
/*
* PKCS#5 OIDs
*/
#define MBEDTLS_OID_PKCS5_PBKDF2 \
MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */
#define MBEDTLS_OID_PKCS5_PBES2 \
MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */
#define MBEDTLS_OID_PKCS5_PBMAC1 \
MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */
/*
* PKCS#5 PBES1 algorithms
*/
#define MBEDTLS_OID_PKCS5_PBE_MD2_DES_CBC \
MBEDTLS_OID_PKCS5 "\x01" /**< pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} */
#define MBEDTLS_OID_PKCS5_PBE_MD2_RC2_CBC \
MBEDTLS_OID_PKCS5 "\x04" /**< pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4} */
#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC \
MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC \
MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC \
MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC \
MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
/*
* PKCS#8 OIDs
*/
#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ \
MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */
/*
* PKCS#12 PBE OIDs
*/
#define MBEDTLS_OID_PKCS12_PBE \
MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128 \
MBEDTLS_OID_PKCS12_PBE \
"\x01" /**< pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1} */
#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_40 \
MBEDTLS_OID_PKCS12_PBE \
"\x02" /**< pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2} */
#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC \
MBEDTLS_OID_PKCS12_PBE \
"\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC \
MBEDTLS_OID_PKCS12_PBE \
"\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC \
MBEDTLS_OID_PKCS12_PBE \
"\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC \
MBEDTLS_OID_PKCS12_PBE \
"\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
/*
* EC key algorithms from RFC 5480
*/
/* id-ecPublicKey OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */
#define MBEDTLS_OID_EC_ALG_UNRESTRICTED MBEDTLS_OID_ANSI_X9_62 "\x02\01"
/* id-ecDH OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132)
* schemes(1) ecdh(12) } */
#define MBEDTLS_OID_EC_ALG_ECDH MBEDTLS_OID_CERTICOM "\x01\x0c"
/*
* ECParameters namedCurve identifiers, from RFC 5480, RFC 5639, and SEC2
*/
/* secp192r1 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */
#define MBEDTLS_OID_EC_GRP_SECP192R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01"
/* secp224r1 OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132) curve(0) 33 } */
#define MBEDTLS_OID_EC_GRP_SECP224R1 MBEDTLS_OID_CERTICOM "\x00\x21"
/* secp256r1 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 } */
#define MBEDTLS_OID_EC_GRP_SECP256R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07"
/* secp384r1 OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132) curve(0) 34 } */
#define MBEDTLS_OID_EC_GRP_SECP384R1 MBEDTLS_OID_CERTICOM "\x00\x22"
/* secp521r1 OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132) curve(0) 35 } */
#define MBEDTLS_OID_EC_GRP_SECP521R1 MBEDTLS_OID_CERTICOM "\x00\x23"
/* secp192k1 OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132) curve(0) 31 } */
#define MBEDTLS_OID_EC_GRP_SECP192K1 MBEDTLS_OID_CERTICOM "\x00\x1f"
/* secp224k1 OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132) curve(0) 32 } */
#define MBEDTLS_OID_EC_GRP_SECP224K1 MBEDTLS_OID_CERTICOM "\x00\x20"
/* secp256k1 OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) certicom(132) curve(0) 10 } */
#define MBEDTLS_OID_EC_GRP_SECP256K1 MBEDTLS_OID_CERTICOM "\x00\x0a"
/* RFC 5639 4.1
* ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1)
* identified-organization(3) teletrust(36) algorithm(3) signature-
* algorithm(3) ecSign(2) 8}
* ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1}
* versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */
#define MBEDTLS_OID_EC_BRAINPOOL_V1 MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01"
/* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */
#define MBEDTLS_OID_EC_GRP_BP256R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07"
/* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */
#define MBEDTLS_OID_EC_GRP_BP384R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B"
/* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */
#define MBEDTLS_OID_EC_GRP_BP512R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D"
/*
* SEC1 C.1
*
* prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
* id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1)}
*/
#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62 "\x01"
#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01"
/*
* ECDSA signature identifiers, from RFC 5480
*/
#define MBEDTLS_OID_ANSI_X9_62_SIG MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */
#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */
#define MBEDTLS_OID_ECDSA_SHA1 MBEDTLS_OID_ANSI_X9_62_SIG "\x01"
/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
* ecdsa-with-SHA2(3) 1 } */
#define MBEDTLS_OID_ECDSA_SHA224 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01"
/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
* ecdsa-with-SHA2(3) 2 } */
#define MBEDTLS_OID_ECDSA_SHA256 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02"
/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
* ecdsa-with-SHA2(3) 3 } */
#define MBEDTLS_OID_ECDSA_SHA384 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03"
/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
* ecdsa-with-SHA2(3) 4 } */
#define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04"
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Base OID descriptor structure
*/
typedef struct {
const char *asn1; /*!< OID ASN.1 representation */
size_t asn1_len; /*!< length of asn1 */
const char *name; /*!< official name (e.g. from RFC) */
const char *description; /*!< human friendly description */
} sc_mbedtls_oid_descriptor_t;
/**
* \brief Translate an ASN.1 OID into its numeric representation
* (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549")
*
* \param buf buffer to put representation in
* \param size size of the buffer
* \param oid OID to translate
*
* \return Length of the string written (excluding final NULL) or
* SC_MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error
*/
int sc_mbedtls_oid_get_numeric_string(char *buf, size_t size, const sc_mbedtls_asn1_buf *oid);
/**
* \brief Translate an X.509 attribute type OID into the short name
* (e.g. the OID for an X520 Common Name into "CN")
*
* \param oid OID to use
* \param short_name place to store the string pointer
*
* \return 0 if successful, or SC_MBEDTLS_ERR_OID_NOT_FOUND
*/
int sc_mbedtls_oid_get_attr_short_name(const sc_mbedtls_asn1_buf *oid, const char **short_name);
//TODO
//hyphon
#if 0
/**
* \brief Translate PublicKeyAlgorithm OID into pk_type
*
* \param oid OID to use
* \param pk_alg place to store public key algorithm
*
* \return 0 if successful, or SC_MBEDTLS_ERR_OID_NOT_FOUND
*/
int sc_mbedtls_oid_get_pk_alg( const sc_mbedtls_asn1_buf *oid, sc_mbedtls_pk_type_t *pk_alg );
/**
* \brief Translate pk_type into PublicKeyAlgorithm OID
*
* \param pk_alg Public key type to look for
* \param oid place to store ASN.1 OID string pointer
* \param olen length of the OID
*
* \return 0 if successful, or SC_MBEDTLS_ERR_OID_NOT_FOUND
*/
int sc_mbedtls_oid_get_oid_by_pk_alg( sc_mbedtls_pk_type_t pk_alg,
const char **oid, size_t *olen );
#endif //hyphon
#if defined(SC_MBEDTLS_MD_C)
/**
* \brief Translate SignatureAlgorithm OID into description
*
* \param oid OID to use
* \param desc place to store string pointer
*
* \return 0 if successful, or SC_MBEDTLS_ERR_OID_NOT_FOUND
*/
int sc_mbedtls_oid_get_sig_alg_desc(const sc_mbedtls_asn1_buf *oid, const char **desc);
/**
* \brief Translate hash algorithm OID into md_type
*
* \param oid OID to use
* \param md_alg place to store message digest algorithm
*
* \return 0 if successful, or SC_MBEDTLS_ERR_OID_NOT_FOUND
*/
int sc_mbedtls_oid_get_md_alg(const sc_mbedtls_asn1_buf *oid, sc_mbedtls_md_type_t *md_alg);
#endif /* SC_MBEDTLS_MD_C */
/**
* \brief Translate Extended Key Usage OID into description
*
* \param oid OID to use
* \param desc place to store string pointer
*
* \return 0 if successful, or SC_MBEDTLS_ERR_OID_NOT_FOUND
*/
int sc_mbedtls_oid_get_extended_key_usage(const sc_mbedtls_asn1_buf *oid, const char **desc);
/**
* \brief Translate md_type into hash algorithm OID
*
* \param md_alg message digest algorithm
* \param oid place to store ASN.1 OID string pointer
* \param olen length of the OID
*
* \return 0 if successful, or SC_MBEDTLS_ERR_OID_NOT_FOUND
*/
int sc_mbedtls_oid_get_oid_by_md(sc_mbedtls_md_type_t md_alg, const char **oid, size_t *olen);
#if defined(MBEDTLS_CIPHER_C)
/**
* \brief Translate encryption algorithm OID into cipher_type
*
* \param oid OID to use
* \param cipher_alg place to store cipher algorithm
*
* \return 0 if successful, or SC_MBEDTLS_ERR_OID_NOT_FOUND
*/
int sc_mbedtls_oid_get_cipher_alg(const sc_mbedtls_asn1_buf *oid,
sc_mbedtls_cipher_type_t * cipher_alg);
#endif /* MBEDTLS_CIPHER_C */
#if defined(MBEDTLS_PKCS12_C)
/**
* \brief Translate PKCS#12 PBE algorithm OID into md_type and
* cipher_type
*
* \param oid OID to use
* \param md_alg place to store message digest algorithm
* \param cipher_alg place to store cipher algorithm
*
* \return 0 if successful, or SC_MBEDTLS_ERR_OID_NOT_FOUND
*/
int sc_mbedtls_oid_get_pkcs12_pbe_alg(const sc_mbedtls_asn1_buf *oid,
sc_mbedtls_md_type_t * md_alg,
sc_mbedtls_cipher_type_t * cipher_alg);
#endif /* MBEDTLS_PKCS12_C */
#ifdef __cplusplus
}
#endif
#endif /* oid.h */

367
lib/sec_library/include/soft_crypto/crypto_platform.h Normal file
View File

@@ -0,0 +1,367 @@
/**
* \file platform.h
*
* \brief This file contains the definitions and functions of the
* Mbed TLS platform abstraction layer.
*
* The platform abstraction layer removes the need for the library
* to directly link to standard C library functions or operating
* system services, making the library easier to port and embed.
* Application developers and users of the library can provide their own
* implementations of these functions, or implementations specific to
* their platform, which can be statically linked to the library or
* dynamically configured at runtime.
*/
/*
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_PLATFORM_H
#define MBEDTLS_PLATFORM_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "crypto_config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_HAVE_TIME)
#include "crypto_platform_time.h"
#endif
#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070 /**< Hardware accelerator failed */
#define MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED -0x0072 /**< The requested feature is not supported by the platform */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
* Either change them in config.h or define them on the compiler command line.
* \{
*/
#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
#include <stdio.h>
#include <stdlib.h>
// #include <time.h>
#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
#if defined(_WIN32)
#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use. */
#else
#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< The default \c snprintf function to use. */
#endif
#endif
#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< The default \c printf function to use. */
#endif
#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< The default \c fprintf function to use. */
#endif
#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< The default \c calloc function to use. */
#endif
#if !defined(MBEDTLS_PLATFORM_STD_FREE)
#define MBEDTLS_PLATFORM_STD_FREE free /**< The default \c free function to use. */
#endif
#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
#define MBEDTLS_PLATFORM_STD_EXIT exit /**< The default \c exit function to use. */
#endif
#if !defined(MBEDTLS_PLATFORM_STD_TIME)
#define MBEDTLS_PLATFORM_STD_TIME time /**< The default \c time function to use. */
#endif
#if !defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS /**< The default exit value to use. */
#endif
#if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /**< The default exit value to use. */
#endif
#if defined(MBEDTLS_FS_IO)
#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read
#endif
#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write
#endif
#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE)
#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile"
#endif
#endif /* MBEDTLS_FS_IO */
#else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
#include MBEDTLS_PLATFORM_STD_MEM_HDR
#endif
#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
/* \} name SECTION: Module settings */
/*
* The function pointers for calloc and free.
*/
#if defined(MBEDTLS_PLATFORM_MEMORY)
#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO
#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO
#else
/* For size_t */
#include <stddef.h>
extern void *mbedtls_calloc( size_t n, size_t size );
extern void mbedtls_free( void *ptr );
/**
* \brief This function dynamically sets the memory-management
* functions used by the library, during runtime.
*
* \param calloc_func The \c calloc function implementation.
* \param free_func The \c free function implementation.
*
* \return \c 0.
*/
int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
void (*free_func)( void * ) );
#endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */
#else /* !MBEDTLS_PLATFORM_MEMORY */
#define mbedtls_free free
#define mbedtls_calloc calloc
#endif /* MBEDTLS_PLATFORM_MEMORY && !MBEDTLS_PLATFORM_{FREE,CALLOC}_MACRO */
/*
* The function pointers for fprintf
*/
#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
/* We need FILE * */
#include <stdio.h>
extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... );
/**
* \brief This function dynamically configures the fprintf
* function that is called when the
* mbedtls_fprintf() function is invoked by the library.
*
* \param fprintf_func The \c fprintf function implementation.
*
* \return \c 0.
*/
int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *,
... ) );
#else
#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
#define mbedtls_fprintf MBEDTLS_PLATFORM_FPRINTF_MACRO
#else
#define mbedtls_fprintf fprintf
#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
/*
* The function pointers for printf
*/
#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
extern int (*mbedtls_printf)( const char *format, ... );
/**
* \brief This function dynamically configures the snprintf
* function that is called when the mbedtls_snprintf()
* function is invoked by the library.
*
* \param printf_func The \c printf function implementation.
*
* \return \c 0 on success.
*/
int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) );
#else /* !MBEDTLS_PLATFORM_PRINTF_ALT */
#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
#define mbedtls_printf MBEDTLS_PLATFORM_PRINTF_MACRO
#else
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
/*
* The function pointers for snprintf
*
* The snprintf implementation should conform to C99:
* - it *must* always correctly zero-terminate the buffer
* (except when n == 0, then it must leave the buffer untouched)
* - however it is acceptable to return -1 instead of the required length when
* the destination buffer is too short.
*/
#if defined(_WIN32)
/* For Windows (inc. MSYS2), we provide our own fixed implementation */
int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... );
#endif
#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... );
/**
* \brief This function allows configuring a custom
* \c snprintf function pointer.
*
* \param snprintf_func The \c snprintf function implementation.
*
* \return \c 0 on success.
*/
int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
const char * format, ... ) );
#else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
#define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO
#else
#define mbedtls_snprintf MBEDTLS_PLATFORM_STD_SNPRINTF
#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
/*
* The function pointers for exit
*/
#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
extern void (*mbedtls_exit)( int status );
/**
* \brief This function dynamically configures the exit
* function that is called when the mbedtls_exit()
* function is invoked by the library.
*
* \param exit_func The \c exit function implementation.
*
* \return \c 0 on success.
*/
int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
#else
#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
#define mbedtls_exit MBEDTLS_PLATFORM_EXIT_MACRO
#else
#define mbedtls_exit exit
#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
/*
* The default exit values
*/
#if defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
#define MBEDTLS_EXIT_SUCCESS MBEDTLS_PLATFORM_STD_EXIT_SUCCESS
#else
#define MBEDTLS_EXIT_SUCCESS 0
#endif
#if defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
#define MBEDTLS_EXIT_FAILURE MBEDTLS_PLATFORM_STD_EXIT_FAILURE
#else
#define MBEDTLS_EXIT_FAILURE 1
#endif
/*
* The function pointers for reading from and writing a seed file to
* Non-Volatile storage (NV) in a platform-independent way
*
* Only enabled when the NV seed entropy source is enabled
*/
#if defined(MBEDTLS_ENTROPY_NV_SEED)
#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
/* Internal standard platform definitions */
int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len );
int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len );
#endif
#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
extern int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len );
extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len );
/**
* \brief This function allows configuring custom seed file writing and
* reading functions.
*
* \param nv_seed_read_func The seed reading function implementation.
* \param nv_seed_write_func The seed writing function implementation.
*
* \return \c 0 on success.
*/
int mbedtls_platform_set_nv_seed(
int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ),
int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len )
);
#else
#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \
defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
#define mbedtls_nv_seed_read MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
#define mbedtls_nv_seed_write MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
#else
#define mbedtls_nv_seed_read mbedtls_platform_std_nv_seed_read
#define mbedtls_nv_seed_write mbedtls_platform_std_nv_seed_write
#endif
#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
#endif /* MBEDTLS_ENTROPY_NV_SEED */
#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
/**
* \brief The platform context structure.
*
* \note This structure may be used to assist platform-specific
* setup or teardown operations.
*/
typedef struct mbedtls_platform_context
{
char dummy; /**< A placeholder member, as empty structs are not portable. */
}
mbedtls_platform_context;
#else
#include "platform_alt.h"
#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
/**
* \brief This function performs any platform-specific initialization
* operations.
*
* \note This function should be called before any other library functions.
*
* Its implementation is platform-specific, and unless
* platform-specific code is provided, it does nothing.
*
* \note The usage and necessity of this function is dependent on the platform.
*
* \param ctx The platform context.
*
* \return \c 0 on success.
*/
int mbedtls_platform_setup( mbedtls_platform_context *ctx );
/**
* \brief This function performs any platform teardown operations.
*
* \note This function should be called after every other Mbed TLS module
* has been correctly freed using the appropriate free function.
*
* Its implementation is platform-specific, and unless
* platform-specific code is provided, it does nothing.
*
* \note The usage and necessity of this function is dependent on the platform.
*
* \param ctx The platform context.
*
*/
void mbedtls_platform_teardown( mbedtls_platform_context *ctx );
#ifdef __cplusplus
}
#endif
#endif /* platform.h */

82
lib/sec_library/include/soft_crypto/crypto_platform_time.h Normal file
View File

@@ -0,0 +1,82 @@
/**
* \file platform_time.h
*
* \brief mbed TLS Platform time abstraction
*/
/*
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_PLATFORM_TIME_H
#define MBEDTLS_PLATFORM_TIME_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "crypto_config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#ifdef __cplusplus
extern "C" {
#endif
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
* Either change them in config.h or define them on the compiler command line.
* \{
*/
/*
* The time_t datatype
*/
#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO)
typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t;
#else
/* For time_t */
#include <time.h>
typedef time_t mbedtls_time_t;
#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
/*
* The function pointers for time
*/
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time );
/**
* \brief Set your own time function pointer
*
* \param time_func the time function implementation
*
* \return 0
*/
int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) );
#else
#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
#define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO
#else
#define mbedtls_time time
#endif /* MBEDTLS_PLATFORM_TIME_MACRO */
#endif /* MBEDTLS_PLATFORM_TIME_ALT */
#ifdef __cplusplus
}
#endif
#endif /* platform_time.h */

185
lib/sec_library/include/soft_crypto/crypto_platform_util.h Normal file
View File

@@ -0,0 +1,185 @@
/**
* \file platform_util.h
*
* \brief Common and shared functions used by multiple modules in the Mbed TLS
* library.
*/
/*
* Copyright (C) 2018, Arm Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_PLATFORM_UTIL_H
#define MBEDTLS_PLATFORM_UTIL_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "crypto_config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <stddef.h>
#if defined(MBEDTLS_HAVE_TIME_DATE)
#include "crypto_platform_time.h"
#include <time.h>
#endif /* MBEDTLS_HAVE_TIME_DATE */
#ifdef __cplusplus
extern "C" {
#endif
#if defined(MBEDTLS_CHECK_PARAMS)
#if defined(MBEDTLS_PARAM_FAILED)
/** An alternative definition of MBEDTLS_PARAM_FAILED has been set in config.h.
*
* This flag can be used to check whether it is safe to assume that
* MBEDTLS_PARAM_FAILED() will expand to a call to mbedtls_param_failed().
*/
#define MBEDTLS_PARAM_FAILED_ALT
#else /* MBEDTLS_PARAM_FAILED */
#define MBEDTLS_PARAM_FAILED( cond ) \
mbedtls_param_failed( #cond, __FILE__, __LINE__ )
/**
* \brief User supplied callback function for parameter validation failure.
* See #MBEDTLS_CHECK_PARAMS for context.
*
* This function will be called unless an alternative treatement
* is defined through the #MBEDTLS_PARAM_FAILED macro.
*
* This function can return, and the operation will be aborted, or
* alternatively, through use of setjmp()/longjmp() can resume
* execution in the application code.
*
* \param failure_condition The assertion that didn't hold.
* \param file The file where the assertion failed.
* \param line The line in the file where the assertion failed.
*/
void mbedtls_param_failed( const char *failure_condition,
const char *file,
int line );
#endif /* MBEDTLS_PARAM_FAILED */
/* Internal macro meant to be called only from within the library. */
#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) \
do { \
if( !(cond) ) \
{ \
MBEDTLS_PARAM_FAILED( cond ); \
return( ret ); \
} \
} while( 0 )
/* Internal macro meant to be called only from within the library. */
#define MBEDTLS_INTERNAL_VALIDATE( cond ) \
do { \
if( !(cond) ) \
{ \
MBEDTLS_PARAM_FAILED( cond ); \
return; \
} \
} while( 0 )
#else /* MBEDTLS_CHECK_PARAMS */
/* Internal macros meant to be called only from within the library. */
#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 )
#define MBEDTLS_INTERNAL_VALIDATE( cond ) do { } while( 0 )
#endif /* MBEDTLS_CHECK_PARAMS */
/* Internal helper macros for deprecating API constants. */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
/* Deliberately don't (yet) export MBEDTLS_DEPRECATED here
* to avoid conflict with other headers which define and use
* it, too. We might want to move all these definitions here at
* some point for uniformity. */
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t;
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \
( (mbedtls_deprecated_string_constant_t) ( VAL ) )
MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \
( (mbedtls_deprecated_numeric_constant_t) ( VAL ) )
#undef MBEDTLS_DEPRECATED
#else /* MBEDTLS_DEPRECATED_WARNING */
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL
#endif /* MBEDTLS_DEPRECATED_WARNING */
#endif /* MBEDTLS_DEPRECATED_REMOVED */
/**
* \brief Securely zeroize a buffer
*
* The function is meant to wipe the data contained in a buffer so
* that it can no longer be recovered even if the program memory
* is later compromised. Call this function on sensitive data
* stored on the stack before returning from a function, and on
* sensitive data stored on the heap before freeing the heap
* object.
*
* It is extremely difficult to guarantee that calls to
* mbedtls_platform_zeroize() are not removed by aggressive
* compiler optimizations in a portable way. For this reason, Mbed
* TLS provides the configuration option
* MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
* mbedtls_platform_zeroize() to use a suitable implementation for
* their platform and needs
*
* \param buf Buffer to be zeroized
* \param len Length of the buffer in bytes
*
*/
void mbedtls_platform_zeroize( void *buf, size_t len );
#if defined(MBEDTLS_HAVE_TIME_DATE)
/**
* \brief Platform-specific implementation of gmtime_r()
*
* The function is a thread-safe abstraction that behaves
* similarly to the gmtime_r() function from Unix/POSIX.
*
* Mbed TLS will try to identify the underlying platform and
* make use of an appropriate underlying implementation (e.g.
* gmtime_r() for POSIX and gmtime_s() for Windows). If this is
* not possible, then gmtime() will be used. In this case, calls
* from the library to gmtime() will be guarded by the mutex
* mbedtls_threading_gmtime_mutex if MBEDTLS_THREADING_C is
* enabled. It is recommended that calls from outside the library
* are also guarded by this mutex.
*
* If MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, then Mbed TLS will
* unconditionally use the alternative implementation for
* mbedtls_platform_gmtime_r() supplied by the user at compile time.
*
* \param tt Pointer to an object containing time (in seconds) since the
* epoch to be converted
* \param tm_buf Pointer to an object where the results will be stored
*
* \return Pointer to an object of type struct tm on success, otherwise
* NULL
*/
struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
struct tm *tm_buf );
#endif /* MBEDTLS_HAVE_TIME_DATE */
#ifdef __cplusplus
}
#endif
#endif /* MBEDTLS_PLATFORM_UTIL_H */

645
lib/sec_library/include/soft_crypto/crypto_rsa.h Executable file
View File

@@ -0,0 +1,645 @@
/**
* \file rsa.h
*
* \brief The RSA public-key cryptosystem
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef SC_MBEDTLS_RSA_H
#define SC_MBEDTLS_RSA_H
#include "crypto_config.h"
#include "crypto_bignum.h"
#include "crypto_md.h"
#include "sec_crypto_errcode.h"
/*
* RSA Error codes
*/
#define SC_MBEDTLS_ERR_RSA_BAD_INPUT_DATA SC_BAD_INPUT_DATA /**< Bad input parameters to function. */
#define SC_MBEDTLS_ERR_RSA_INVALID_PADDING SC_INVALID_PADDING /**< Input data contains invalid padding and is rejected. */
#define SC_MBEDTLS_ERR_RSA_KEY_GEN_FAILED SC_KEY_GEN_FAILED /**< Something failed during generation of a key. */
#define SC_MBEDTLS_ERR_RSA_KEY_CHECK_FAILED SC_KEY_CHECK_FAILED /**< Key failed to pass the library's validity check. */
#define SC_MBEDTLS_ERR_RSA_PUBLIC_FAILED SC_PUBLIC_FAILED /**< The public key operation failed. */
#define SC_MBEDTLS_ERR_RSA_PRIVATE_FAILED SC_PRIVATE_FAILED /**< The private key operation failed. */
#define SC_MBEDTLS_ERR_RSA_VERIFY_FAILED SC_VERIFY_FAILED /**< The PKCS#1 verification failed. */
#define SC_MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE SC_OUTPUT_TOO_LARGE /**< The output buffer for decryption is not large enough. */
#define SC_MBEDTLS_ERR_RSA_RNG_FAILED SC_RNG_FAILED /**< The random generator failed to generate non-zeros. */
/*
* RSA constants
*/
#define SC_MBEDTLS_RSA_PUBLIC 0
#define SC_MBEDTLS_RSA_PRIVATE 1
#define SC_MBEDTLS_RSA_PKCS_V15 0
#define SC_MBEDTLS_RSA_PKCS_V21 1
#define SC_MBEDTLS_RSA_SIGN 1
#define SC_MBEDTLS_RSA_CRYPT 2
#define SC_MBEDTLS_RSA_SALT_LEN_ANY -1
/*
* The above constants may be used even if the RSA module is compile out,
* eg for alternative (PKCS#11) RSA implemenations in the PK layers.
*/
#if defined(MBEDTLS_RSA_C)
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief RSA context structure
*/
typedef struct
{
int ver; /*!< always 0 */
size_t len; /*!< size(N) in chars */
sc_mbedtls_mpi N; /*!< public modulus */
sc_mbedtls_mpi E; /*!< public exponent */
sc_mbedtls_mpi D; /*!< private exponent */
sc_mbedtls_mpi P; /*!< 1st prime factor */
sc_mbedtls_mpi Q; /*!< 2nd prime factor */
sc_mbedtls_mpi DP; /*!< D % (P - 1) */
sc_mbedtls_mpi DQ; /*!< D % (Q - 1) */
sc_mbedtls_mpi QP; /*!< 1 / (Q % P) */
sc_mbedtls_mpi RN; /*!< cached R^2 mod N */
sc_mbedtls_mpi RP; /*!< cached R^2 mod P */
sc_mbedtls_mpi RQ; /*!< cached R^2 mod Q */
sc_mbedtls_mpi Vi; /*!< cached blinding value */
sc_mbedtls_mpi Vf; /*!< cached un-blinding value */
int padding; /*!< SC_MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
MBEDTLS_RSA_PKCS_v21 for OAEP/PSS */
int hash_id; /*!< Hash identifier of sc_mbedtls_md_type_t as
specified in the sc_mbedtls_md.h header file
for the EME-OAEP and EMSA-PSS
encoding */
#if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex */
#endif
}
sc_mbedtls_rsa_context;
/**
* \brief Initialize an RSA context
*
* Note: Set padding to SC_MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
* encryption scheme and the RSASSA-PSS signature scheme.
*
* \param ctx RSA context to be initialized
* \param padding SC_MBEDTLS_RSA_PKCS_V15 or SC_MBEDTLS_RSA_PKCS_V21
* \param hash_id SC_MBEDTLS_RSA_PKCS_V21 hash identifier
*
* \note The hash_id parameter is actually ignored
* when using SC_MBEDTLS_RSA_PKCS_V15 padding.
*
* \note Choice of padding mode is strictly enforced for private key
* operations, since there might be security concerns in
* mixing padding modes. For public key operations it's merely
* a default value, which can be overriden by calling specific
* rsa_rsaes_xxx or rsa_rsassa_xxx functions.
*
* \note The chosen hash is always used for OEAP encryption.
* For PSS signatures, it's always used for making signatures,
* but can be overriden (and always is, if set to
* SC_MBEDTLS_MD_NONE) for verifying them.
*/
void sc_mbedtls_rsa_init( sc_mbedtls_rsa_context *ctx,
int padding,
int hash_id);
/**
* \brief Set padding for an already initialized RSA context
* See \c sc_mbedtls_rsa_init() for details.
*
* \param ctx RSA context to be set
* \param padding SC_MBEDTLS_RSA_PKCS_V15 or SC_MBEDTLS_RSA_PKCS_V21
* \param hash_id SC_MBEDTLS_RSA_PKCS_V21 hash identifier
*/
void sc_mbedtls_rsa_set_padding( sc_mbedtls_rsa_context *ctx, int padding, int hash_id);
/**
* \brief Generate an RSA keypair
*
* \param ctx RSA context that will hold the key
* \param f_rng RNG function
* \param p_rng RNG parameter
* \param nbits size of the public key in bits
* \param exponent public exponent (e.g., 65537)
*
* \note sc_mbedtls_rsa_init() must be called beforehand to setup
* the RSA context.
*
* \return 0 if successful, or an SC_MBEDTLS_ERR_RSA_XXX error code
*/
int sc_mbedtls_rsa_gen_key( sc_mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
unsigned int nbits, int exponent );
/**
* \brief Check a public RSA key
*
* \param ctx RSA context to be checked
*
* \return 0 if successful, or an SC_MBEDTLS_ERR_RSA_XXX error code
*/
int sc_mbedtls_rsa_check_pubkey( const sc_mbedtls_rsa_context *ctx );
/**
* \brief Check a private RSA key
*
* \param ctx RSA context to be checked
*
* \return 0 if successful, or an SC_MBEDTLS_ERR_RSA_XXX error code
*/
int sc_mbedtls_rsa_check_privkey( const sc_mbedtls_rsa_context *ctx );
/**
* \brief Check a public-private RSA key pair.
* Check each of the contexts, and make sure they match.
*
* \param pub RSA context holding the public key
* \param prv RSA context holding the private key
*
* \return 0 if successful, or an SC_MBEDTLS_ERR_RSA_XXX error code
*/
int sc_mbedtls_rsa_check_pub_priv( const sc_mbedtls_rsa_context *pub, const sc_mbedtls_rsa_context *prv );
/**
* \brief Do an RSA public key operation
*
* \param ctx RSA context
* \param input input buffer
* \param output output buffer
*
* \return 0 if successful, or an SC_MBEDTLS_ERR_RSA_XXX error code
*
* \note This function does NOT take care of message
* padding. Also, be sure to set input[0] = 0 or ensure that
* input is smaller than N.
*
* \note The input and output buffers must be large
* enough (eg. 128 bytes if RSA-1024 is used).
*/
int sc_mbedtls_rsa_public( sc_mbedtls_rsa_context *ctx,
const unsigned char *input,
unsigned char *output );
/**
* \brief Do an RSA private key operation
*
* \param ctx RSA context
* \param f_rng RNG function (Needed for blinding)
* \param p_rng RNG parameter
* \param input input buffer
* \param output output buffer
*
* \return 0 if successful, or an SC_MBEDTLS_ERR_RSA_XXX error code
*
* \note The input and output buffers must be large
* enough (eg. 128 bytes if RSA-1024 is used).
*/
int sc_mbedtls_rsa_private( sc_mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
const unsigned char *input,
unsigned char *output );
/**
* \brief Generic wrapper to perform a PKCS#1 encryption using the
* mode from the context. Add the message padding, then do an
* RSA operation.
*
* \param ctx RSA context
* \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding
* and SC_MBEDTLS_RSA_PRIVATE)
* \param p_rng RNG parameter
* \param mode SC_MBEDTLS_RSA_PUBLIC or SC_MBEDTLS_RSA_PRIVATE
* \param ilen contains the plaintext length
* \param input buffer holding the data to be encrypted
* \param output buffer that will hold the ciphertext
*
* \return 0 if successful, or an SC_MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*/
int sc_mbedtls_rsa_pkcs1_encrypt( sc_mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode, size_t ilen,
const unsigned char *input,
unsigned char *output );
/**
* \brief Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT)
*
* \param ctx RSA context
* \param f_rng RNG function (Needed for padding and SC_MBEDTLS_RSA_PRIVATE)
* \param p_rng RNG parameter
* \param mode SC_MBEDTLS_RSA_PUBLIC or SC_MBEDTLS_RSA_PRIVATE
* \param ilen contains the plaintext length
* \param input buffer holding the data to be encrypted
* \param output buffer that will hold the ciphertext
*
* \return 0 if successful, or an SC_MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*/
int sc_mbedtls_rsa_rsaes_pkcs1_v15_encrypt( sc_mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode, size_t ilen,
const unsigned char *input,
unsigned char *output );
/**
* \brief Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT)
*
* \param ctx RSA context
* \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding
* and SC_MBEDTLS_RSA_PRIVATE)
* \param p_rng RNG parameter
* \param mode SC_MBEDTLS_RSA_PUBLIC or SC_MBEDTLS_RSA_PRIVATE
* \param label buffer holding the custom label to use
* \param label_len contains the label length
* \param ilen contains the plaintext length
* \param input buffer holding the data to be encrypted
* \param output buffer that will hold the ciphertext
*
* \return 0 if successful, or an SC_MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*/
int sc_mbedtls_rsa_rsaes_oaep_encrypt( sc_mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode,
const unsigned char *label, size_t label_len,
size_t ilen,
const unsigned char *input,
unsigned char *output );
/**
* \brief Generic wrapper to perform a PKCS#1 decryption using the
* mode from the context. Do an RSA operation, then remove
* the message padding
*
* \param ctx RSA context
* \param f_rng RNG function (Only needed for SC_MBEDTLS_RSA_PRIVATE)
* \param p_rng RNG parameter
* \param mode SC_MBEDTLS_RSA_PUBLIC or SC_MBEDTLS_RSA_PRIVATE
* \param olen will contain the plaintext length
* \param input buffer holding the encrypted data
* \param output buffer that will hold the plaintext
* \param output_max_len maximum length of the output buffer
*
* \return 0 if successful, or an SC_MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
* an error is thrown.
*/
int sc_mbedtls_rsa_pkcs1_decrypt( sc_mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode, size_t *olen,
const unsigned char *input,
unsigned char *output,
size_t output_max_len );
/**
* \brief Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT)
*
* \param ctx RSA context
* \param f_rng RNG function (Only needed for SC_MBEDTLS_RSA_PRIVATE)
* \param p_rng RNG parameter
* \param mode SC_MBEDTLS_RSA_PUBLIC or SC_MBEDTLS_RSA_PRIVATE
* \param olen will contain the plaintext length
* \param input buffer holding the encrypted data
* \param output buffer that will hold the plaintext
* \param output_max_len maximum length of the output buffer
*
* \return 0 if successful, or an SC_MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
* an error is thrown.
*/
int sc_mbedtls_rsa_rsaes_pkcs1_v15_decrypt( sc_mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode, size_t *olen,
const unsigned char *input,
unsigned char *output,
size_t output_max_len );
/**
* \brief Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT)
*
* \param ctx RSA context
* \param f_rng RNG function (Only needed for SC_MBEDTLS_RSA_PRIVATE)
* \param p_rng RNG parameter
* \param mode SC_MBEDTLS_RSA_PUBLIC or SC_MBEDTLS_RSA_PRIVATE
* \param label buffer holding the custom label to use
* \param label_len contains the label length
* \param olen will contain the plaintext length
* \param input buffer holding the encrypted data
* \param output buffer that will hold the plaintext
* \param output_max_len maximum length of the output buffer
*
* \return 0 if successful, or an SC_MBEDTLS_ERR_RSA_XXX error code
*
* \note The output buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
* an error is thrown.
*/
int sc_mbedtls_rsa_rsaes_oaep_decrypt( sc_mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode,
const unsigned char *label, size_t label_len,
size_t *olen,
const unsigned char *input,
unsigned char *output,
size_t output_max_len );
/**
* \brief Generic wrapper to perform a PKCS#1 signature using the
* mode from the context. Do a private RSA operation to sign
* a message digest
*
* \param ctx RSA context
* \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for
* SC_MBEDTLS_RSA_PRIVATE)
* \param p_rng RNG parameter
* \param mode SC_MBEDTLS_RSA_PUBLIC or SC_MBEDTLS_RSA_PRIVATE
* \param md_alg a SC_MBEDTLS_MD_XXX (use SC_MBEDTLS_MD_NONE for signing raw data)
* \param hashlen message digest length (for SC_MBEDTLS_MD_NONE only)
* \param hash buffer holding the message digest
* \param sig buffer that will hold the ciphertext
*
* \return 0 if the signing operation was successful,
* or an SC_MBEDTLS_ERR_RSA_XXX error code
*
* \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*
* \note In case of PKCS#1 v2.1 encoding, see comments on
* \note \c sc_mbedtls_rsa_rsassa_pss_sign() for details on md_alg and hash_id.
*/
int sc_mbedtls_rsa_pkcs1_sign( sc_mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode,
sc_mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig );
/**
* \brief Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN)
*
* \param ctx RSA context
* \param f_rng RNG function (Only needed for SC_MBEDTLS_RSA_PRIVATE)
* \param p_rng RNG parameter
* \param mode SC_MBEDTLS_RSA_PUBLIC or SC_MBEDTLS_RSA_PRIVATE
* \param md_alg a SC_MBEDTLS_MD_XXX (use SC_MBEDTLS_MD_NONE for signing raw data)
* \param hashlen message digest length (for SC_MBEDTLS_MD_NONE only)
* \param hash buffer holding the message digest
* \param sig buffer that will hold the ciphertext
*
* \return 0 if the signing operation was successful,
* or an SC_MBEDTLS_ERR_RSA_XXX error code
*
* \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*/
int sc_mbedtls_rsa_rsassa_pkcs1_v15_sign( sc_mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode,
sc_mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig );
/**
* \brief Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN)
*
* \param ctx RSA context
* \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for
* SC_MBEDTLS_RSA_PRIVATE)
* \param p_rng RNG parameter
* \param mode SC_MBEDTLS_RSA_PUBLIC or SC_MBEDTLS_RSA_PRIVATE
* \param md_alg a SC_MBEDTLS_MD_XXX (use SC_MBEDTLS_MD_NONE for signing raw data)
* \param hashlen message digest length (for SC_MBEDTLS_MD_NONE only)
* \param hash buffer holding the message digest
* \param sig buffer that will hold the ciphertext
*
* \return 0 if the signing operation was successful,
* or an SC_MBEDTLS_ERR_RSA_XXX error code
*
* \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*
* \note The hash_id in the RSA context is the one used for the
* encoding. md_alg in the function call is the type of hash
* that is encoded. According to RFC 3447 it is advised to
* keep both hashes the same.
*/
int sc_mbedtls_rsa_rsassa_pss_sign( sc_mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode,
sc_mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig );
/**
* \brief Generic wrapper to perform a PKCS#1 verification using the
* mode from the context. Do a public RSA operation and check
* the message digest
*
* \param ctx points to an RSA public key
* \param f_rng RNG function (Only needed for SC_MBEDTLS_RSA_PRIVATE)
* \param p_rng RNG parameter
* \param mode SC_MBEDTLS_RSA_PUBLIC or SC_MBEDTLS_RSA_PRIVATE
* \param md_alg a SC_MBEDTLS_MD_XXX (use SC_MBEDTLS_MD_NONE for signing raw data)
* \param hashlen message digest length (for SC_MBEDTLS_MD_NONE only)
* \param hash buffer holding the message digest
* \param sig buffer holding the ciphertext
*
* \return 0 if the verify operation was successful,
* or an SC_MBEDTLS_ERR_RSA_XXX error code
*
* \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*
* \note In case of PKCS#1 v2.1 encoding, see comments on
* \c sc_mbedtls_rsa_rsassa_pss_verify() about md_alg and hash_id.
*/
int sc_mbedtls_rsa_pkcs1_verify( sc_mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode,
sc_mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
const unsigned char *sig );
/**
* \brief Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY)
*
* \param ctx points to an RSA public key
* \param f_rng RNG function (Only needed for SC_MBEDTLS_RSA_PRIVATE)
* \param p_rng RNG parameter
* \param mode SC_MBEDTLS_RSA_PUBLIC or SC_MBEDTLS_RSA_PRIVATE
* \param md_alg a SC_MBEDTLS_MD_XXX (use SC_MBEDTLS_MD_NONE for signing raw data)
* \param hashlen message digest length (for SC_MBEDTLS_MD_NONE only)
* \param hash buffer holding the message digest
* \param sig buffer holding the ciphertext
*
* \return 0 if the verify operation was successful,
* or an SC_MBEDTLS_ERR_RSA_XXX error code
*
* \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*/
int sc_mbedtls_rsa_rsassa_pkcs1_v15_verify( sc_mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode,
sc_mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
const unsigned char *sig );
/**
* \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
* (This is the "simple" version.)
*
* \param ctx points to an RSA public key
* \param f_rng RNG function (Only needed for SC_MBEDTLS_RSA_PRIVATE)
* \param p_rng RNG parameter
* \param mode SC_MBEDTLS_RSA_PUBLIC or SC_MBEDTLS_RSA_PRIVATE
* \param md_alg a SC_MBEDTLS_MD_XXX (use SC_MBEDTLS_MD_NONE for signing raw data)
* \param hashlen message digest length (for SC_MBEDTLS_MD_NONE only)
* \param hash buffer holding the message digest
* \param sig buffer holding the ciphertext
*
* \return 0 if the verify operation was successful,
* or an SC_MBEDTLS_ERR_RSA_XXX error code
*
* \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*
* \note The hash_id in the RSA context is the one used for the
* verification. md_alg in the function call is the type of
* hash that is verified. According to RFC 3447 it is advised to
* keep both hashes the same. If hash_id in the RSA context is
* unset, the md_alg from the function call is used.
*/
int sc_mbedtls_rsa_rsassa_pss_verify( sc_mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode,
sc_mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
const unsigned char *sig );
/**
* \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
* (This is the version with "full" options.)
*
* \param ctx points to an RSA public key
* \param f_rng RNG function (Only needed for SC_MBEDTLS_RSA_PRIVATE)
* \param p_rng RNG parameter
* \param mode SC_MBEDTLS_RSA_PUBLIC or SC_MBEDTLS_RSA_PRIVATE
* \param md_alg a SC_MBEDTLS_MD_XXX (use SC_MBEDTLS_MD_NONE for signing raw data)
* \param hashlen message digest length (for SC_MBEDTLS_MD_NONE only)
* \param hash buffer holding the message digest
* \param mgf1_hash_id message digest used for mask generation
* \param expected_salt_len Length of the salt used in padding, use
* SC_MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length
* \param sig buffer holding the ciphertext
*
* \return 0 if the verify operation was successful,
* or an SC_MBEDTLS_ERR_RSA_XXX error code
*
* \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*
* \note The hash_id in the RSA context is ignored.
*/
int sc_mbedtls_rsa_rsassa_pss_verify_ext( sc_mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode,
sc_mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
sc_mbedtls_md_type_t mgf1_hash_id,
int expected_salt_len,
const unsigned char *sig );
/**
* \brief Copy the components of an RSA context
*
* \param dst Destination context
* \param src Source context
*
* \return 0 on success,
* SC_MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure
*/
int sc_mbedtls_rsa_copy( sc_mbedtls_rsa_context *dst, const sc_mbedtls_rsa_context *src );
/**
* \brief Free the components of an RSA key
*
* \param ctx RSA Context to free
*/
void sc_mbedtls_rsa_free( sc_mbedtls_rsa_context *ctx );
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
*/
int sc_mbedtls_rsa_self_test( int verbose );
int rsa_rand(void *rng_state, unsigned char *output, size_t len);
#ifdef __cplusplus
}
#endif
#endif /* MBEDTLS_RSA_C */
#endif /* rsa.h */

111
lib/sec_library/include/soft_crypto/crypto_sha1.h Executable file
View File

@@ -0,0 +1,111 @@
/**
* \file sha1.h
*
* \brief SHA-1 cryptographic hash function
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef SC_MBEDTLS_SHA1_H
#define SC_MBEDTLS_SHA1_H
#include "crypto_config.h"
#include <stddef.h>
#include <stdint.h>
#include <linux/types.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief SHA-1 context structure
*/
typedef struct
{
uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[5]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */
}
sc_mbedtls_sha1_context;
/**
* \brief Initialize SHA-1 context
*
* \param ctx SHA-1 context to be initialized
*/
void sc_mbedtls_sha1_init( sc_mbedtls_sha1_context *ctx );
/**
* \brief Clear SHA-1 context
*
* \param ctx SHA-1 context to be cleared
*/
void sc_mbedtls_sha1_free( sc_mbedtls_sha1_context *ctx );
/**
* \brief Clone (the state of) a SHA-1 context
*
* \param dst The destination context
* \param src The context to be cloned
*/
void sc_mbedtls_sha1_clone( sc_mbedtls_sha1_context *dst,
const sc_mbedtls_sha1_context *src );
/**
* \brief SHA-1 context setup
*
* \param ctx context to be initialized
*/
void sc_mbedtls_sha1_starts( sc_mbedtls_sha1_context *ctx );
/**
* \brief SHA-1 process buffer
*
* \param ctx SHA-1 context
* \param input buffer holding the data
* \param ilen length of the input data
*/
void sc_mbedtls_sha1_update( sc_mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen );
/**
* \brief SHA-1 final digest
*
* \param ctx SHA-1 context
* \param output SHA-1 checksum result
*/
void sc_mbedtls_sha1_finish( sc_mbedtls_sha1_context *ctx, unsigned char output[20] );
/* Internal use */
void sc_mbedtls_sha1_process( sc_mbedtls_sha1_context *ctx, const unsigned char data[64] );
/**
* \brief Output = SHA-1( input buffer )
*
* \param input buffer holding the data
* \param ilen length of the input data
* \param output SHA-1 checksum result
*/
void sc_mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] );
#ifdef __cplusplus
}
#endif
#endif /* sc_mbedtls_sha1.h */

113
lib/sec_library/include/soft_crypto/crypto_sha256.h Executable file
View File

@@ -0,0 +1,113 @@
/**
* \file sha256.h
*
* \brief SHA-224 and SHA-256 cryptographic hash function
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef SC_MBEDTLS_SHA256_H
#define SC_MBEDTLS_SHA256_H
#include "crypto_config.h"
#include <stddef.h>
#include <stdint.h>
#include <linux/types.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief SHA-256 context structure
*/
typedef struct {
uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[8]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */
int is224; /*!< 0 => SHA-256, else SHA-224 */
} sc_mbedtls_sha256_context;
/**
* \brief Initialize SHA-256 context
*
* \param ctx SHA-256 context to be initialized
*/
void sc_mbedtls_sha256_init(sc_mbedtls_sha256_context *ctx);
/**
* \brief Clear SHA-256 context
*
* \param ctx SHA-256 context to be cleared
*/
void sc_mbedtls_sha256_free(sc_mbedtls_sha256_context *ctx);
/**
* \brief Clone (the state of) a SHA-256 context
*
* \param dst The destination context
* \param src The context to be cloned
*/
void sc_mbedtls_sha256_clone(sc_mbedtls_sha256_context * dst,
const sc_mbedtls_sha256_context *src);
/**
* \brief SHA-256 context setup
*
* \param ctx context to be initialized
* \param is224 0 = use SHA256, 1 = use SHA224
*/
void sc_mbedtls_sha256_starts(sc_mbedtls_sha256_context *ctx, int is224);
/**
* \brief SHA-256 process buffer
*
* \param ctx SHA-256 context
* \param input buffer holding the data
* \param ilen length of the input data
*/
void sc_mbedtls_sha256_update(sc_mbedtls_sha256_context *ctx, const unsigned char *input,
size_t ilen);
/**
* \brief SHA-256 final digest
*
* \param ctx SHA-256 context
* \param output SHA-224/256 checksum result
*/
void sc_mbedtls_sha256_finish(sc_mbedtls_sha256_context *ctx, unsigned char output[32]);
/* Internal use */
void sc_mbedtls_sha256_process(sc_mbedtls_sha256_context *ctx, const unsigned char data[64]);
/**
* \brief Output = SHA-256( input buffer )
*
* \param input buffer holding the data
* \param ilen length of the input data
* \param output SHA-224/256 checksum result
* \param is224 0 = use SHA256, 1 = use SHA224
*/
void sc_mbedtls_sha256(const unsigned char *input, size_t ilen, unsigned char output[32],
int is224);
#ifdef __cplusplus
}
#endif
#endif /* sc_mbedtls_sha256.h */

121
lib/sec_library/include/soft_crypto/crypto_utils.h Executable file
View File

@@ -0,0 +1,121 @@
/* utils.h - TinyCrypt interface to platform-dependent run-time operations */
/*
* Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* - Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* - Neither the name of Intel Corporation nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/**
* @file
* @brief Interface to platform-dependent run-time operations.
*
*/
#ifndef __TC_UTILS_H__
#define __TC_UTILS_H__
#include <stdint.h>
#include <stddef.h>
#include <string.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Copy the the buffer 'from' to the buffer 'to'.
* @return returns TC_CRYPTO_SUCCESS (1)
* returns TC_CRYPTO_FAIL (0) if:
* from_len > to_len.
*
* @param to OUT -- destination buffer
* @param to_len IN -- length of destination buffer
* @param from IN -- origin buffer
* @param from_len IN -- length of origin buffer
*/
unsigned int _copy(uint8_t *to, unsigned int to_len,
const uint8_t *from, unsigned int from_len);
/**
* @brief Set the value 'val' into the buffer 'to', 'len' times.
*
* @param to OUT -- destination buffer
* @param val IN -- value to be set in 'to'
* @param len IN -- number of times the value will be copied
*/
void _set(void *to, uint8_t val, unsigned int len);
/**
* @brief Set the value 'val' into the buffer 'to', 'len' times, in a way
* which does not risk getting optimized out by the compiler
* In cases where the compiler does not set __GNUC__ and where the
* optimization level removes the memset, it may be necessary to
* implement a _set_secure function and define the
* TINYCRYPT_ARCH_HAS_SET_SECURE, which then can ensure that the
* memset does not get optimized out.
*
* @param to OUT -- destination buffer
* @param val IN -- value to be set in 'to'
* @param len IN -- number of times the value will be copied
*/
#ifdef TINYCRYPT_ARCH_HAS_SET_SECURE
extern void _set_secure(void *to, uint8_t val, unsigned int len);
#else /* ! TINYCRYPT_ARCH_HAS_SET_SECURE */
static inline void _set_secure(void *to, uint8_t val, unsigned int len)
{
(void) memset(to, val, len);
#ifdef __GNUC__
__asm__ __volatile__("" :: "g"(to) : "memory");
#endif /* __GNUC__ */
}
#endif /* TINYCRYPT_ARCH_HAS_SET_SECURE */
/*
* @brief AES specific doubling function, which utilizes
* the finite field used by AES.
* @return Returns a^2
*
* @param a IN/OUT -- value to be doubled
*/
uint8_t _double_byte(uint8_t a);
/*
* @brief Constant-time algorithm to compare if two sequences of bytes are equal
* @return Returns 0 if equal, and non-zero otherwise
*
* @param a IN -- sequence of bytes a
* @param b IN -- sequence of bytes b
* @param size IN -- size of sequences a and b
*/
int _compare(const uint8_t *a, const uint8_t *b, size_t size);
#ifdef __cplusplus
}
#endif
#endif /* __TC_UTILS_H__ */

BIN
lib/sec_library/libsec_library.a
View File

Binary file not shown.