pal_Crypto.h File Reference

Key types to be set to the AES engine.

AES mode for ECB encryption/decryption.

The supported enum tags by PAL for ASN1.

Extended key usage options.

Supported curves.

Key check options.

Key usage options.

Message digest algorithms supported by PAL.

Attributes to be retrieved from the x509 cert.

Key types to be set to the AES engine.

Definition at line 48 of file pal_Crypto.h.

AES mode for ECB encryption/decryption.

Definition at line 59 of file pal_Crypto.h.

The supported enum tags by PAL for ASN1.

Definition at line 65 of file pal_Crypto.h.

Extended key usage options.

Definition at line 116 of file pal_Crypto.h.

Supported curves.

Definition at line 103 of file pal_Crypto.h.

Key check options.

Definition at line 127 of file pal_Crypto.h.

Key usage options.

Definition at line 109 of file pal_Crypto.h.

Message digest algorithms supported by PAL.

Definition at line 54 of file pal_Crypto.h.

Attributes to be retrieved from the x509 cert.

Definition at line 134 of file pal_Crypto.h.

AES-CTR buffer encryption/decryption.

Parameters:

[in]	aes,:	The AES context.
[in]	input,:	The input data buffer.
[out]	output,:	The output data buffer.
[in]	inLen,:	The input data length.
[in]	iv,:	The initialization vector for AES-CTR.

Note:

Due to the nature of CTR, you should use the same key schedule for both encryption and decryption. So before calling this function, you MUST set the key by calling `pal_setAesKey()` with key target PAL_KEY_TARGET_ENCRYPTION.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 47 of file pal_Crypto.c.

AES-CTR buffer encryption/decryption with zero offset.

Parameters:

[in]	aes,:	The AES context.
[in]	input,:	The input data buffer.
[out]	output,:	The output data buffer.
[in]	inLen,:	The input data length.
[in]	iv,:	The initialization vector for AES-CTR.

Note:

Due to the nature of CTR, you should use the same key schedule for both encryption and decryption. So before calling this function, you MUST set the key by calling `pal_setAesKey()` with key target PAL_KEY_TARGET_ENCRYPTION.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 56 of file pal_Crypto.c.

AES-ECB block encryption/decryption.

Parameters:

[in]	aes,:	The AES context.
[in]	input,:	A 16-byte input block.
[out]	output,:	A 16-byte output block.
[in]	mode,:	PAL_AES_ENCRYPT or PAL_AES_DECRYPT.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 65 of file pal_Crypto.c.

Get the tag and length of the tag, check for the requested tag.
Updates the pointer to immediately after the tag and length.

Parameters:

[in,out]	position,:	The position in the ASN.1 data.
[in]	end,:	The end of data.
[out]	len,:	The tag length.
[in]	tag,:	The expected tag.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 224 of file pal_Crypto.c.

CCM buffer authenticated decryption.

Parameters:

[in]	ctx,:	The CCM context to be initialized.
[in]	input	A buffer holding the input data.
[in]	inLen,:	The length of the input data.
[in]	iv,:	The initialization vector.
[in]	ivLen,:	The length of IV.
[in]	add,:	Additional data.
[in]	addLen,:	The length of additional data.
[in]	tag,:	A buffer holding the tag.
[in]	tag_len,:	The length of the tag.
[out]	output,:	A buffer for holding the output data.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 260 of file pal_Crypto.c.

CCM buffer encryption.

Parameters:

[in]	ctx,:	The CCM context to be initialized.
[in]	input	A buffer holding the input data.
[in]	inLen,:	The length of the input data.
[in]	iv,:	The initialization vector.
[in]	ivLen,:	The length of IV.
[in]	add,:	Additional data.
[in]	addLen,:	The length of additional data.
[out]	output,:	A buffer for holding the output data, must be at least `inLen` bytes wide.
[out]	tag,:	A buffer for holding the tag.
[out]	tagLen,:	The length of the tag to generate in bytes.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 272 of file pal_Crypto.c.

CCM destruction.

Parameters:

[in]

ctx,:

The CCM context to destroy.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 242 of file pal_Crypto.c.

CCM initialization.

Parameters:

[in]

ctx,:

The CCM context to be initialized.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 233 of file pal_Crypto.c.

CCM set key.

Parameters:

[in]	ctx,:	The CCM context to be initialized.
[in]	id,:	The cipher to use (a 128-bit block cipher).
[in]	key,:	The encryption key.
[in]	keybits,:	The key size in bits (must be acceptable by the cipher).

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 251 of file pal_Crypto.c.

One shot AES cipher CMAC.

Parameters:

[in]	ctx,:	The CMAC context to initialize.
[in]	key,:	The encryption key.
[in]	keyLenInBits,:	The key size in bits.
[in]	input,:	A buffer for the input data.
[in]	inputLenInBytes,:	The input data length in bytes.
[out]	output,:	The generic CMAC result.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 327 of file pal_Crypto.c.

Iterative cipher CMAC finish.

Parameters:

[in]	ctx,:	The CMAC context.
[out]	output,:	A buffer for the output data.
[out]	outLen,:	The output data length.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 367 of file pal_Crypto.c.

Iterative cipher CMAC start

Parameters:

[in]	ctx,:	The CMAC context.
[in]	key,:	The CMAC key.
[in]	keyLenBits,:	The key size in bits.
[in]	cipherID,:	A buffer for the input data.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 340 of file pal_Crypto.c.

Iterative cipher CMAC update.

Parameters:

[in]	ctx,:	The CMAC context.
[in]	input,:	A buffer for the input data.
[in]	inputLen,:	The input data length.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 353 of file pal_Crypto.c.

CTR_DRBG destroy

Parameters:

[in]

ctx,:

The CTR_DRBG context to destroy.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 318 of file pal_Crypto.c.

CTR_DRBG pseudo random generation.

Parameters:

[in]	ctx,:	The CTR_DRBG context.
[out]	output,:	The buffer to fill.
[in]	len,:	The length of the buffer.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 308 of file pal_Crypto.c.

Initiate CTR_DRBG context with given seed.

Parameters:

[in]	ctx,:	The CTR_DRBG context to be seeded.
[in]	seed,:	The seed data.
[in]	len,:	The seed data length..

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 284 of file pal_Crypto.c.

Check that the private and/or public key is a valid and the public key is on this curve.

Parameters:

[in]	grp,:	The curve/group that the point should belong to.
[in]	key,:	A pointer to a struct holding the raw data of the keys to check.
[in]	type,:	PAL_CHECK_PRIVATE_KEY/PAL_CHECK_PUBLIC_KEY/PAL_CHECK_BOTH_KEYS from `palKeyToCheck_t`.
[out]	verified,:	The result of verification.

Note:

The key can contain only private or public key or both.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 390 of file pal_Crypto.c.

Compute the shared secret using elliptic curve Diffie–Hellman.

Parameters:

[in]	grp,:	The ECP group.
[in]	peerPublicKey,:	The public key from a peer.
[in]	key,:	The private key.
[out]	out,:	The shared secret.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 605 of file pal_Crypto.c.

Compute the ECDSA signature of a previously hashed message.

Parameters:

[in]	grp,:	The ECP group.
[in]	prvKey,:	The private signing key.
[in]	dgst,:	The message hash.
[in]	dgstLen,:	The length ofthe message buffer.
[out]	sig,:	A buffer to hold the computed signature.
[out]	sigLen,:	The length of the computed signature.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 615 of file pal_Crypto.c.

Verify the ECDSA signature of a previously hashed message.

Parameters:

[in]	pubKey,:	The public key for verification.
[in]	dgst,:	The message hash.
[in]	dgstLen,:	The length of the message buffer.
[in]	sign,:	The signature.
[in]	sig,:	A buffer to hold the computed signature.
[in]	sigLen,:	The length of the computed signature.
[out]	verified,:	A boolean to hold the verification result.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 625 of file pal_Crypto.c.

Free the ECP group context.

Parameters:

[in]

grp,:

The curve/group to free.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 461 of file pal_Crypto.c.

ECP group initialize and set a group using well-known domain parameters.

Parameters:

[in]	grp,:	The destination group.
[in]	index,:	The index in the list of well-known domain parameters.

Returns:

PAL_SUCCESS on success, negative value indicating a specific error code in case of failure.

Definition at line 452 of file pal_Crypto.c.

Release private/public key context related memory.

Parameters:

[in]

key,:

A handle for the key context to be freed.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 408 of file pal_Crypto.c.

Generate a key pair for a given curve.

Parameters:

[in]	grpID,:	The ECP group identifier.
[in,out]	key,:	The destination key pair handle.

Note:

The `key` parameter must be first allocated by `pal_ECKeyNew()`.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 470 of file pal_Crypto.c.

Retrieve the curve ID if it exists in the given key.

Parameters:

[in]	key,:	The key to retrieve its curve.
[out]	grpID,:	The curve/group ID for the given key. In case of error, this pointer contains PAL_ECP_DP_NONE.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 479 of file pal_Crypto.c.

Allocate key context and initialize a key pair (as an invalid one).

Parameters:

[in]

key,:

The key to initialize.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 399 of file pal_Crypto.c.

Free AES context.

Parameters:

[in,out]

aes,:

The AES context to be deallocated.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 29 of file pal_Crypto.c.

Initialize AES context

Parameters:

[in,out]

aes,:

The AES context to be initialized.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 20 of file pal_Crypto.c.

Generic message digest final calculation.

Parameters:

[in]	md,:	The MD context.
[out]	ouput,:	The checksum result of the generic message digest.

Note:

`pal_mdGetOutputSize()` SHOULD be called before calling `pal_mdFinal()` to get the needed size for the ouptut.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 193 of file pal_Crypto.c.

Free and clear the MD context.

Parameters:

[in,out]

md,:

The MD context to be free.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 202 of file pal_Crypto.c.

Generic message digest output buffer size getter.

Parameters:

[in]	md,:	The MD context.
[out]	bufferSize,:	A pointer to hold the output size of the `pal_mdFinal()` for the given handle.

Note:

This function SHOULD be called before calling `pal_mdFinal()`.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 184 of file pal_Crypto.c.

One shot md HMAC.

Parameters:

[in]	key,:	The encryption key.
[in]	keyLenInBytes,:	The key size in bytes.
[in]	input,:	A buffer for the input data.
[in]	inputLenInBytes,:	The input data length in bytes.
[out]	output,:	The generic HMAC result.
[out]	outputLenInBytes,:	Size of the HMAC result (optional).

Note:

Expects output to be 32 bytes long

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 381 of file pal_Crypto.c.

Initialize the MD context and set up the required data according to the given algorithm.

Parameters:

[in,out]	md,:	The MD context to be initialized.
[in]	mdType,:	The MD algorithm.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 166 of file pal_Crypto.c.

Generic message digest process buffer.

Parameters:

[in]	md,:	The MD context.
[in]	input,:	A buffer holding the input data.
[in]	inLen,:	The length of the input data.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 175 of file pal_Crypto.c.

Parse DER encoded private key.

Parameters:

[in]	prvDERKey,:	A buffer that holds the DER encoded private key.
[in]	keyLen,:	The key length.
[out]	key,:	A handle for the context that holds the parsed key.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 417 of file pal_Crypto.c.

Parse DER encoded public key.

Parameters:

[in]	pubDERKey,:	A buffer that holds the DER encoded public key.
[in]	keyLen,:	The key length.
[out]	key,:	A handle for the context that holds the parsed key.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 426 of file pal_Crypto.c.

Set AES key context for encryption or decryption.

Parameters:

[in]	aes,:	The AES context.
[in]	key,:	The AES key.
[in]	keybits,:	The size of the key in bits.
[in]	keyTarget,:	The key target (encryption/decryption).

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 38 of file pal_Crypto.c.

Process SHA256 over the input buffer.

Parameters:

[in]	input,:	A buffer for the input data.
[in]	inLen,:	The length of the input data.
[out]	output,:	The SHA256 checksum result.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Verify the signature.

Parameters:

[in]	x509,:	The certificate context that holds the PK data.
[in]	mdType,:	The MD algorithm used.
[in]	hash,:	The hash of the message to sign.
[in]	hashLen,:	The hash length.
[in]	sig,:	The signature to verify.
[in]	sigLen,:	The signature length.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 211 of file pal_Crypto.c.

Encode given private key from key handle to DER buffer.

Parameters:

[in]	key,:	A handle to the private key.
[out]	derBuffer,:	A buffer to hold the result of the DER encoding.
[in]	bufferSize,:	The size of the allocated buffer.
[out]	actualSize,:	The actual size of the written data.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 435 of file pal_Crypto.c.

Encode given public key from key handle to DER buffer.

Parameters:

[in]	key,:	A handle to the public key.
[out]	derBuffer,:	A buffer to hold the result of the DER encoding.
[in]	bufferSize,:	The size of the allocated buffer.
[out]	actualSize,:	The actual size of the written data.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 444 of file pal_Crypto.c.

Get attributes from the parsed certificate.

Parameters:

[in]	x509Cert,:	The parsed certificate.
[in]	attr,:	The required attribute.
[out]	output,:	A buffer to hold the attribute value.
[in]	outLenBytes,:	The size of the allocated buffer.
[out]	actualOutLenBytes,:	The actual size of the attribute.

Note:

In case of PAL_ERR_BUFFER_TOO_SMALL, the required size is assigned into the `actualOutLen` parameter.

`PAL_X509_CERT_ID_ATTR` required 33 bytes buffer size.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 109 of file pal_Crypto.c.

Calculate the hash of the To Be Signed part of an X509 certificate. This function may be used to validate a certificate signature: Simply retrieve this hash, verify the signature using this hash, the public key and the signature of the X509

Parameters:

[in]	x509Cert,:	Handle to the certificate to hash the TBS (to be signed part).
[in]	hash_type,:	The hash type. Currently only PAL_SHA256 supported
[out]	output,:	Pointer to a buffer that will contain the hash digest. This buffer must be at least the size of the digest. If hash_type is PAL_SHA256, then buffer pointed to by output must be at least 32 bytes.
[in]	outLenBytes,:	The size of the buffer pointed to by output. Must be at least the size of the digest
[out]	actualOutLenBytes,:	Size of the digest copied to output. In case of success, will always be the length of the hash digest

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 635 of file pal_Crypto.c.

Parse one or more certificates and add them to the chained list.

Parameters:

[in]	x509Cert,:	The beginning of the chain.
[in]	input,:	A buffer holding the certificate data in PEM or DER format.
[in]	inLen,:	The size of the input buffer.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 96 of file pal_Crypto.c.

Verify one or more X509 DER formatted certificates.

Parameters:

[in]	x509Cert,:	A handle holding the parsed certificate.
[in]	x509Cert,:	The beginning of the chain to verify the X509 DER certificate with. (Optional)

Returns:

PAL_SUCCESS on success. In case of failure:

• PAL_ERR_X509_BADCERT_EXPIRED
• PAL_ERR_X509_BADCERT_FUTURE
• PAL_ERR_X509_BADCERT_BAD_MD
• PAL_ERR_X509_BADCERT_BAD_PK
• PAL_ERR_X509_BADCERT_NOT_TRUSTED
• PAL_ERR_X509_BADCERT_BAD_KEY

Definition at line 138 of file pal_Crypto.c.

Verify one or more X509 DER formatted certificates.

Parameters:

[in]	x509Cert,:	A handle holding the parsed certificate.
[in]	x509Cert,:	The beginning of the chain to verify the X509 DER certificate with. (Optional)
[out]	verifyResult,:	bitmask of errors that cause the failure, this value is relevant ONLY in case that the return value of the function is `PAL_ERR_X509_CERT_VERIFY_FAILED`.

Returns:

PAL_SUCCESS on success. In case of failure returns `PAL_ERR_X509_CERT_VERIFY_FAILED`.

in order to turn off the MSB bit.

Definition at line 122 of file pal_Crypto.c.

Free the x509 CSR context.

Parameters:

[in]

x509CSR,:

The CSR context to free.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 592 of file pal_Crypto.c.

Allocate and initialize x509 CSR context.

Parameters:

[in]

x509CSR,:

The CSR context to allocate and initialize.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 488 of file pal_Crypto.c.

Set the extended key usage extension.

Parameters:

[in]	x509CSR,:	The CSR context to use.
[in]	extKeyUsage,:	The extended key usage flags, should be taken from `palExtKeyUsage_t`.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 553 of file pal_Crypto.c.

Generic function to add to the CSR.

Parameters:

[in]	x509CSR,:	The CSR context to use.
[in]	oid,:	The OID of the extension.
[in]	oidLen,:	The OID length.
[in]	value,:	The value of the extension OCTET STRING.
[in]	valueLen,:	The value length.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 566 of file pal_Crypto.c.

Set the key for a CSR.

Parameters:

[in]	x509CSR,:	The CSR context to use.
[in]	pubKey,:	The public key to include. To use a key pair handle, see the note.
[in]	prvKey,:	The public key to sign with.

Note:

To use key pair, send it as `pubKey` and NULL as `prvKey`.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 514 of file pal_Crypto.c.

Set the key usage extension flags.

Parameters:

[in]	x509CSR,:	The CSR context to use.
[in]	keyUsage,:	The key usage flags, should be taken from `palKeyUsage_t`.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 540 of file pal_Crypto.c.

Set the MD algorithm to use for the signature.

Parameters:

[in]	x509CSR,:	The CSR context to use.
[in]	mdType,:	The MD algorithm to use.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 527 of file pal_Crypto.c.

Set the subject name for a CSR. Subject names should contain a comma-separated list of OIDs and values.

Parameters:

[in]	x509CSR,:	The CSR context to use.
[in]	subjectName,:	The subject name to set

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 501 of file pal_Crypto.c.

Write a CSR to a DER structure

Parameters:

[in]	x509CSR,:	The CSR context to use.
[in]	derBuf,:	A buffer to write to.
[in]	derBufLen,:	The buffer length.
[in]	actualDerLen,:	The actual length of the written data.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 579 of file pal_Crypto.c.

Deallocate all certificate data.

Parameters:

[in,out]

x509Cert,:

The certificate chain to free.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 153 of file pal_Crypto.c.

Initialize a certificate (chain) context.

Parameters:

[in,out]

x509Cert,:

The certificate chain to initialize.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 83 of file pal_Crypto.c.