Jim Carver / Mbed OS mbed-cloud-workshop-connect-PIR

Simulated product dispenser

Dependencies:   HTS221

Fork of mbed-cloud-workshop-connect-HTS221 by Jim Carver

Embed: (wiki syntax)

« Back to documentation index

pal_Crypto.h File Reference
Typedefs | Enumerations | Functions

pal_Crypto.h File Reference

PAL cryptographic. This file contains cryptographic APIs and is part of the PAL service API. It contains a variety of cryptographic APIs, such as:

  • AES-CTR
  • AES-DRBG
  • CMAC
  • Message Digest.
More...

Go to the source code of this file.

Typedefs

typedef enum palAesKeyType palAesKeyType_t
 Key types to be set to the AES engine.
typedef enum palMDType palMDType_t
 Message digest algorithms supported by PAL.
typedef enum palAesMode palAesMode_t
 AES mode for ECB encryption/decryption.
typedef enum palASNTag palASNTag_t
 The supported enum tags by PAL for ASN1.
typedef enum palGroupIndex palGroupIndex_t
 Supported curves.
typedef enum palKeyUsage palKeyUsage_t
 Key usage options.
typedef enum palExtKeyUsage palExtKeyUsage_t
 Extended key usage options.
typedef enum palKeyToCheck palKeyToCheck_t
 Key check options.
typedef enum palX509Attr palX509Attr_t
 Attributes to be retrieved from the x509 cert.

Enumerations

enum  palAesKeyType
 

Key types to be set to the AES engine.

More...
enum  palMDType
 

Message digest algorithms supported by PAL.

More...
enum  palAesMode
 

AES mode for ECB encryption/decryption.

More...
enum  palASNTag
 

The supported enum tags by PAL for ASN1.

More...
enum  palGroupIndex
 

Supported curves.

More...
enum  palKeyUsage
 

Key usage options.

More...
enum  palExtKeyUsage
 

Extended key usage options.

More...
enum  palKeyToCheck
 

Key check options.

More...
enum  palX509Attr
 

Attributes to be retrieved from the x509 cert.

More...

Functions

palStatus_t pal_initAes (palAesHandle_t *aes)
palStatus_t pal_freeAes (palAesHandle_t *aes)
palStatus_t pal_setAesKey (palAesHandle_t aes, const unsigned char *key, uint32_t keybits, palAesKeyType_t keyTarget)
palStatus_t pal_aesCTR (palAesHandle_t aes, const unsigned char *input, unsigned char *output, size_t inLen, unsigned char iv[16])
palStatus_t pal_aesCTRWithZeroOffset (palAesHandle_t aes, const unsigned char *input, unsigned char *output, size_t inLen, unsigned char iv[16])
palStatus_t pal_aesECB (palAesHandle_t aes, const unsigned char input[PAL_CRYPT_BLOCK_SIZE], unsigned char output[PAL_CRYPT_BLOCK_SIZE], palAesMode_t mode)
palStatus_t pal_sha256 (const unsigned char *input, size_t inLen, unsigned char output[PAL_SHA256_SIZE])
palStatus_t pal_x509Initiate (palX509Handle_t *x509Cert)
palStatus_t pal_x509CertParse (palX509Handle_t x509Cert, const unsigned char *input, size_t inLen)
palStatus_t pal_x509CertGetAttribute (palX509Handle_t x509Cert, palX509Attr_t attr, void *output, size_t outLenBytes, size_t *actualOutLenBytes)
palStatus_t pal_x509CertVerify (palX509Handle_t x509Cert, palX509Handle_t x509CertChain)
palStatus_t pal_x509CertVerifyExtended (palX509Handle_t x509Cert, palX509Handle_t x509CertChain, int32_t *verifyResult)
palStatus_t pal_x509Free (palX509Handle_t *x509Cert)
palStatus_t pal_mdInit (palMDHandle_t *md, palMDType_t mdType)
palStatus_t pal_mdUpdate (palMDHandle_t md, const unsigned char *input, size_t inLen)
palStatus_t pal_mdGetOutputSize (palMDHandle_t md, size_t *bufferSize)
palStatus_t pal_mdFinal (palMDHandle_t md, unsigned char *output)
palStatus_t pal_mdFree (palMDHandle_t *md)
palStatus_t pal_verifySignature (palX509Handle_t x509, palMDType_t mdType, const unsigned char *hash, size_t hashLen, const unsigned char *sig, size_t sigLen)
palStatus_t pal_ASN1GetTag (unsigned char **position, const unsigned char *end, size_t *len, uint8_t tag)
palStatus_t pal_CCMInit (palCCMHandle_t *ctx)
palStatus_t pal_CCMFree (palCCMHandle_t *ctx)
palStatus_t pal_CCMSetKey (palCCMHandle_t ctx, const unsigned char *key, uint32_t keybits, palCipherID_t id)
palStatus_t pal_CCMDecrypt (palCCMHandle_t ctx, unsigned char *input, size_t inLen, unsigned char *iv, size_t ivLen, unsigned char *add, size_t addLen, unsigned char *tag, size_t tagLen, unsigned char *output)
palStatus_t pal_CCMEncrypt (palCCMHandle_t ctx, unsigned char *input, size_t inLen, unsigned char *iv, size_t ivLen, unsigned char *add, size_t addLen, unsigned char *output, unsigned char *tag, size_t tagLen)
palStatus_t pal_CtrDRBGInit (palCtrDrbgCtxHandle_t *ctx, const void *seed, size_t len)
palStatus_t pal_CtrDRBGGenerate (palCtrDrbgCtxHandle_t ctx, unsigned char *out, size_t len)
palStatus_t pal_CtrDRBGFree (palCtrDrbgCtxHandle_t *ctx)
palStatus_t pal_cipherCMAC (const unsigned char *key, size_t keyLenInBits, const unsigned char *input, size_t inputLenInBytes, unsigned char *output)
palStatus_t pal_CMACStart (palCMACHandle_t *ctx, const unsigned char *key, size_t keyLenBits, palCipherID_t cipherID)
palStatus_t pal_CMACUpdate (palCMACHandle_t ctx, const unsigned char *input, size_t inLen)
palStatus_t pal_CMACFinish (palCMACHandle_t *ctx, unsigned char *output, size_t *outLen)
palStatus_t pal_mdHmacSha256 (const unsigned char *key, size_t keyLenInBytes, const unsigned char *input, size_t inputLenInBytes, unsigned char *output, size_t *outputLenInBytes)
palStatus_t pal_ECCheckKey (palCurveHandle_t grp, palECKeyHandle_t key, uint32_t type, bool *verified)
palStatus_t pal_ECKeyNew (palECKeyHandle_t *key)
palStatus_t pal_ECKeyFree (palECKeyHandle_t *key)
palStatus_t pal_parseECPrivateKeyFromDER (const unsigned char *prvDERKey, size_t keyLen, palECKeyHandle_t key)
palStatus_t pal_parseECPublicKeyFromDER (const unsigned char *pubDERKey, size_t keyLen, palECKeyHandle_t key)
palStatus_t pal_writePrivateKeyToDer (palECKeyHandle_t key, unsigned char *derBuffer, size_t bufferSize, size_t *actualSize)
palStatus_t pal_writePublicKeyToDer (palECKeyHandle_t key, unsigned char *derBuffer, size_t bufferSize, size_t *actualSize)
palStatus_t pal_ECKeyGenerateKey (palGroupIndex_t grpID, palECKeyHandle_t key)
palStatus_t pal_ECKeyGetCurve (palECKeyHandle_t key, palGroupIndex_t *grpID)
palStatus_t pal_ECGroupInitAndLoad (palCurveHandle_t *grp, palGroupIndex_t index)
palStatus_t pal_ECGroupFree (palCurveHandle_t *grp)
palStatus_t pal_x509CSRInit (palx509CSRHandle_t *x509CSR)
palStatus_t pal_x509CSRSetSubject (palx509CSRHandle_t x509CSR, const char *subjectName)
palStatus_t pal_x509CSRSetMD (palx509CSRHandle_t x509CSR, palMDType_t mdType)
palStatus_t pal_x509CSRSetKey (palx509CSRHandle_t x509CSR, palECKeyHandle_t pubKey, palECKeyHandle_t prvKey)
palStatus_t pal_x509CSRSetKeyUsage (palx509CSRHandle_t x509CSR, uint32_t keyUsage)
palStatus_t pal_x509CSRSetExtendedKeyUsage (palx509CSRHandle_t x509CSR, uint32_t extKeyUsage)
palStatus_t pal_x509CSRSetExtension (palx509CSRHandle_t x509CSR, const char *oid, size_t oidLen, const unsigned char *value, size_t valueLen)
palStatus_t pal_x509CSRWriteDER (palx509CSRHandle_t x509CSR, unsigned char *derBuf, size_t derBufLen, size_t *actualDerLen)
palStatus_t pal_x509CSRFree (palx509CSRHandle_t *x509CSR)
palStatus_t pal_ECDHComputeKey (const palCurveHandle_t grp, const palECKeyHandle_t peerPublicKey, const palECKeyHandle_t privateKey, palECKeyHandle_t outKey)
palStatus_t pal_ECDSASign (palCurveHandle_t grp, palMDType_t mdType, palECKeyHandle_t prvKey, unsigned char *dgst, uint32_t dgstLen, unsigned char *sig, size_t *sigLen)
palStatus_t pal_ECDSAVerify (palECKeyHandle_t pubKey, unsigned char *dgst, uint32_t dgstLen, unsigned char *sig, size_t sigLen, bool *verified)
palStatus_t pal_x509CertGetHTBS (palX509Handle_t x509Cert, palMDType_t hash_type, unsigned char *output, size_t outLenBytes, size_t *actualOutLenBytes)

Detailed Description

PAL cryptographic. This file contains cryptographic APIs and is part of the PAL service API. It contains a variety of cryptographic APIs, such as:

  • AES-CTR
  • AES-DRBG
  • CMAC
  • Message Digest.

Definition in file pal_Crypto.h.

Typedef Documentation

typedef enum palAesKeyType palAesKeyType_t

Key types to be set to the AES engine.

typedef enum palAesMode palAesMode_t

AES mode for ECB encryption/decryption.

typedef enum palASNTag palASNTag_t

The supported enum tags by PAL for ASN1.

typedef enum palExtKeyUsage palExtKeyUsage_t

Extended key usage options.

typedef enum palGroupIndex palGroupIndex_t

Supported curves.

typedef enum palKeyToCheck palKeyToCheck_t

Key check options.

typedef enum palKeyUsage palKeyUsage_t

Key usage options.

typedef enum palMDType palMDType_t

Message digest algorithms supported by PAL.

typedef enum palX509Attr palX509Attr_t

Attributes to be retrieved from the x509 cert.

Enumeration Type Documentation

enum palAesKeyType

Key types to be set to the AES engine.

Definition at line 48 of file pal_Crypto.h.

enum palAesMode

AES mode for ECB encryption/decryption.

Definition at line 59 of file pal_Crypto.h.

enum palASNTag

The supported enum tags by PAL for ASN1.

Definition at line 65 of file pal_Crypto.h.

enum palExtKeyUsage

Extended key usage options.

Definition at line 116 of file pal_Crypto.h.

enum palGroupIndex

Supported curves.

Definition at line 103 of file pal_Crypto.h.

enum palKeyToCheck

Key check options.

Definition at line 127 of file pal_Crypto.h.

enum palKeyUsage

Key usage options.

Definition at line 109 of file pal_Crypto.h.

enum palMDType

Message digest algorithms supported by PAL.

Definition at line 54 of file pal_Crypto.h.

enum palX509Attr

Attributes to be retrieved from the x509 cert.

Definition at line 134 of file pal_Crypto.h.

Function Documentation

palStatus_t pal_aesCTR ( palAesHandle_t  aes,
const unsigned char *  input,
unsigned char *  output,
size_t  inLen,
unsigned char  iv[16] 
)

AES-CTR buffer encryption/decryption.

Parameters:
[in]aes,:The AES context.
[in]input,:The input data buffer.
[out]output,:The output data buffer.
[in]inLen,:The input data length.
[in]iv,:The initialization vector for AES-CTR.
Note:
Due to the nature of CTR, you should use the same key schedule for both encryption and decryption. So before calling this function, you MUST set the key by calling `pal_setAesKey()` with key target PAL_KEY_TARGET_ENCRYPTION.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 47 of file pal_Crypto.c.

palStatus_t pal_aesCTRWithZeroOffset ( palAesHandle_t  aes,
const unsigned char *  input,
unsigned char *  output,
size_t  inLen,
unsigned char  iv[16] 
)

AES-CTR buffer encryption/decryption with zero offset.

Parameters:
[in]aes,:The AES context.
[in]input,:The input data buffer.
[out]output,:The output data buffer.
[in]inLen,:The input data length.
[in]iv,:The initialization vector for AES-CTR.
Note:
Due to the nature of CTR, you should use the same key schedule for both encryption and decryption. So before calling this function, you MUST set the key by calling `pal_setAesKey()` with key target PAL_KEY_TARGET_ENCRYPTION.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 56 of file pal_Crypto.c.

palStatus_t pal_aesECB ( palAesHandle_t  aes,
const unsigned char  input[PAL_CRYPT_BLOCK_SIZE],
unsigned char  output[PAL_CRYPT_BLOCK_SIZE],
palAesMode_t  mode 
)

AES-ECB block encryption/decryption.

Parameters:
[in]aes,:The AES context.
[in]input,:A 16-byte input block.
[out]output,:A 16-byte output block.
[in]mode,:PAL_AES_ENCRYPT or PAL_AES_DECRYPT.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 65 of file pal_Crypto.c.

palStatus_t pal_ASN1GetTag ( unsigned char **  position,
const unsigned char *  end,
size_t *  len,
uint8_t  tag 
)

Get the tag and length of the tag, check for the requested tag.
Updates the pointer to immediately after the tag and length.

Parameters:
[in,out]position,:The position in the ASN.1 data.
[in]end,:The end of data.
[out]len,:The tag length.
[in]tag,:The expected tag.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 224 of file pal_Crypto.c.

palStatus_t pal_CCMDecrypt ( palCCMHandle_t  ctx,
unsigned char *  input,
size_t  inLen,
unsigned char *  iv,
size_t  ivLen,
unsigned char *  add,
size_t  addLen,
unsigned char *  tag,
size_t  tagLen,
unsigned char *  output 
)

CCM buffer authenticated decryption.

Parameters:
[in]ctx,:The CCM context to be initialized.
[in]inputA buffer holding the input data.
[in]inLen,:The length of the input data.
[in]iv,:The initialization vector.
[in]ivLen,:The length of IV.
[in]add,:Additional data.
[in]addLen,:The length of additional data.
[in]tag,:A buffer holding the tag.
[in]tag_len,:The length of the tag.
[out]output,:A buffer for holding the output data.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 260 of file pal_Crypto.c.

palStatus_t pal_CCMEncrypt ( palCCMHandle_t  ctx,
unsigned char *  input,
size_t  inLen,
unsigned char *  iv,
size_t  ivLen,
unsigned char *  add,
size_t  addLen,
unsigned char *  output,
unsigned char *  tag,
size_t  tagLen 
)

CCM buffer encryption.

Parameters:
[in]ctx,:The CCM context to be initialized.
[in]inputA buffer holding the input data.
[in]inLen,:The length of the input data.
[in]iv,:The initialization vector.
[in]ivLen,:The length of IV.
[in]add,:Additional data.
[in]addLen,:The length of additional data.
[out]output,:A buffer for holding the output data, must be at least `inLen` bytes wide.
[out]tag,:A buffer for holding the tag.
[out]tagLen,:The length of the tag to generate in bytes.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 272 of file pal_Crypto.c.

palStatus_t pal_CCMFree ( palCCMHandle_t *  ctx )

CCM destruction.

Parameters:
[in]ctx,:The CCM context to destroy.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 242 of file pal_Crypto.c.

palStatus_t pal_CCMInit ( palCCMHandle_t *  ctx )

CCM initialization.

Parameters:
[in]ctx,:The CCM context to be initialized.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 233 of file pal_Crypto.c.

palStatus_t pal_CCMSetKey ( palCCMHandle_t  ctx,
const unsigned char *  key,
uint32_t  keybits,
palCipherID_t  id 
)

CCM set key.

Parameters:
[in]ctx,:The CCM context to be initialized.
[in]id,:The cipher to use (a 128-bit block cipher).
[in]key,:The encryption key.
[in]keybits,:The key size in bits (must be acceptable by the cipher).
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 251 of file pal_Crypto.c.

palStatus_t pal_cipherCMAC ( const unsigned char *  key,
size_t  keyLenInBits,
const unsigned char *  input,
size_t  inputLenInBytes,
unsigned char *  output 
)

One shot AES cipher CMAC.

Parameters:
[in]ctx,:The CMAC context to initialize.
[in]key,:The encryption key.
[in]keyLenInBits,:The key size in bits.
[in]input,:A buffer for the input data.
[in]inputLenInBytes,:The input data length in bytes.
[out]output,:The generic CMAC result.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 327 of file pal_Crypto.c.

palStatus_t pal_CMACFinish ( palCMACHandle_t *  ctx,
unsigned char *  output,
size_t *  outLen 
)

Iterative cipher CMAC finish.

Parameters:
[in]ctx,:The CMAC context.
[out]output,:A buffer for the output data.
[out]outLen,:The output data length.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 367 of file pal_Crypto.c.

palStatus_t pal_CMACStart ( palCMACHandle_t *  ctx,
const unsigned char *  key,
size_t  keyLenBits,
palCipherID_t  cipherID 
)

Iterative cipher CMAC start

Parameters:
[in]ctx,:The CMAC context.
[in]key,:The CMAC key.
[in]keyLenBits,:The key size in bits.
[in]cipherID,:A buffer for the input data.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 340 of file pal_Crypto.c.

palStatus_t pal_CMACUpdate ( palCMACHandle_t  ctx,
const unsigned char *  input,
size_t  inLen 
)

Iterative cipher CMAC update.

Parameters:
[in]ctx,:The CMAC context.
[in]input,:A buffer for the input data.
[in]inputLen,:The input data length.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 353 of file pal_Crypto.c.

palStatus_t pal_CtrDRBGFree ( palCtrDrbgCtxHandle_t *  ctx )

CTR_DRBG destroy

Parameters:
[in]ctx,:The CTR_DRBG context to destroy.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 318 of file pal_Crypto.c.

palStatus_t pal_CtrDRBGGenerate ( palCtrDrbgCtxHandle_t  ctx,
unsigned char *  out,
size_t  len 
)

CTR_DRBG pseudo random generation.

Parameters:
[in]ctx,:The CTR_DRBG context.
[out]output,:The buffer to fill.
[in]len,:The length of the buffer.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 308 of file pal_Crypto.c.

palStatus_t pal_CtrDRBGInit ( palCtrDrbgCtxHandle_t *  ctx,
const void *  seed,
size_t  len 
)

Initiate CTR_DRBG context with given seed.

Parameters:
[in]ctx,:The CTR_DRBG context to be seeded.
[in]seed,:The seed data.
[in]len,:The seed data length..
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 284 of file pal_Crypto.c.

palStatus_t pal_ECCheckKey ( palCurveHandle_t  grp,
palECKeyHandle_t  key,
uint32_t  type,
bool *  verified 
)

Check that the private and/or public key is a valid and the public key is on this curve.

Parameters:
[in]grp,:The curve/group that the point should belong to.
[in]key,:A pointer to a struct holding the raw data of the keys to check.
[in]type,:PAL_CHECK_PRIVATE_KEY/PAL_CHECK_PUBLIC_KEY/PAL_CHECK_BOTH_KEYS from `palKeyToCheck_t`.
[out]verified,:The result of verification.
Note:
The key can contain only private or public key or both.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 390 of file pal_Crypto.c.

palStatus_t pal_ECDHComputeKey ( const palCurveHandle_t  grp,
const palECKeyHandle_t  peerPublicKey,
const palECKeyHandle_t  privateKey,
palECKeyHandle_t  outKey 
)

Compute the shared secret using elliptic curve Diffie–Hellman.

Parameters:
[in]grp,:The ECP group.
[in]peerPublicKey,:The public key from a peer.
[in]key,:The private key.
[out]out,:The shared secret.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 605 of file pal_Crypto.c.

palStatus_t pal_ECDSASign ( palCurveHandle_t  grp,
palMDType_t  mdType,
palECKeyHandle_t  prvKey,
unsigned char *  dgst,
uint32_t  dgstLen,
unsigned char *  sig,
size_t *  sigLen 
)

Compute the ECDSA signature of a previously hashed message.

Parameters:
[in]grp,:The ECP group.
[in]prvKey,:The private signing key.
[in]dgst,:The message hash.
[in]dgstLen,:The length ofthe message buffer.
[out]sig,:A buffer to hold the computed signature.
[out]sigLen,:The length of the computed signature.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 615 of file pal_Crypto.c.

palStatus_t pal_ECDSAVerify ( palECKeyHandle_t  pubKey,
unsigned char *  dgst,
uint32_t  dgstLen,
unsigned char *  sig,
size_t  sigLen,
bool *  verified 
)

Verify the ECDSA signature of a previously hashed message.

Parameters:
[in]pubKey,:The public key for verification.
[in]dgst,:The message hash.
[in]dgstLen,:The length of the message buffer.
[in]sign,:The signature.
[in]sig,:A buffer to hold the computed signature.
[in]sigLen,:The length of the computed signature.
[out]verified,:A boolean to hold the verification result.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 625 of file pal_Crypto.c.

palStatus_t pal_ECGroupFree ( palCurveHandle_t *  grp )

Free the ECP group context.

Parameters:
[in]grp,:The curve/group to free.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 461 of file pal_Crypto.c.

palStatus_t pal_ECGroupInitAndLoad ( palCurveHandle_t *  grp,
palGroupIndex_t  index 
)

ECP group initialize and set a group using well-known domain parameters.

Parameters:
[in]grp,:The destination group.
[in]index,:The index in the list of well-known domain parameters.
Returns:
PAL_SUCCESS on success, negative value indicating a specific error code in case of failure.

Definition at line 452 of file pal_Crypto.c.

palStatus_t pal_ECKeyFree ( palECKeyHandle_t *  key )

Release private/public key context related memory.

Parameters:
[in]key,:A handle for the key context to be freed.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 408 of file pal_Crypto.c.

palStatus_t pal_ECKeyGenerateKey ( palGroupIndex_t  grpID,
palECKeyHandle_t  key 
)

Generate a key pair for a given curve.

Parameters:
[in]grpID,:The ECP group identifier.
[in,out]key,:The destination key pair handle.
Note:
The `key` parameter must be first allocated by `pal_ECKeyNew()`.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 470 of file pal_Crypto.c.

palStatus_t pal_ECKeyGetCurve ( palECKeyHandle_t  key,
palGroupIndex_t grpID 
)

Retrieve the curve ID if it exists in the given key.

Parameters:
[in]key,:The key to retrieve its curve.
[out]grpID,:The curve/group ID for the given key. In case of error, this pointer contains PAL_ECP_DP_NONE.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 479 of file pal_Crypto.c.

palStatus_t pal_ECKeyNew ( palECKeyHandle_t *  key )

Allocate key context and initialize a key pair (as an invalid one).

Parameters:
[in]key,:The key to initialize.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 399 of file pal_Crypto.c.

palStatus_t pal_freeAes ( palAesHandle_t *  aes )

Free AES context.

Parameters:
[in,out]aes,:The AES context to be deallocated.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 29 of file pal_Crypto.c.

palStatus_t pal_initAes ( palAesHandle_t *  aes )

Initialize AES context

Parameters:
[in,out]aes,:The AES context to be initialized.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 20 of file pal_Crypto.c.

palStatus_t pal_mdFinal ( palMDHandle_t  md,
unsigned char *  output 
)

Generic message digest final calculation.

Parameters:
[in]md,:The MD context.
[out]ouput,:The checksum result of the generic message digest.
Note:
`pal_mdGetOutputSize()` SHOULD be called before calling `pal_mdFinal()` to get the needed size for the ouptut.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 193 of file pal_Crypto.c.

palStatus_t pal_mdFree ( palMDHandle_t *  md )

Free and clear the MD context.

Parameters:
[in,out]md,:The MD context to be free.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 202 of file pal_Crypto.c.

palStatus_t pal_mdGetOutputSize ( palMDHandle_t  md,
size_t *  bufferSize 
)

Generic message digest output buffer size getter.

Parameters:
[in]md,:The MD context.
[out]bufferSize,:A pointer to hold the output size of the `pal_mdFinal()` for the given handle.
Note:
This function SHOULD be called before calling `pal_mdFinal()`.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 184 of file pal_Crypto.c.

palStatus_t pal_mdHmacSha256 ( const unsigned char *  key,
size_t  keyLenInBytes,
const unsigned char *  input,
size_t  inputLenInBytes,
unsigned char *  output,
size_t *  outputLenInBytes 
)

One shot md HMAC.

Parameters:
[in]key,:The encryption key.
[in]keyLenInBytes,:The key size in bytes.
[in]input,:A buffer for the input data.
[in]inputLenInBytes,:The input data length in bytes.
[out]output,:The generic HMAC result.
[out]outputLenInBytes,:Size of the HMAC result (optional).
Note:
Expects output to be 32 bytes long
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 381 of file pal_Crypto.c.

palStatus_t pal_mdInit ( palMDHandle_t *  md,
palMDType_t  mdType 
)

Initialize the MD context and set up the required data according to the given algorithm.

Parameters:
[in,out]md,:The MD context to be initialized.
[in]mdType,:The MD algorithm.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 166 of file pal_Crypto.c.

palStatus_t pal_mdUpdate ( palMDHandle_t  md,
const unsigned char *  input,
size_t  inLen 
)

Generic message digest process buffer.

Parameters:
[in]md,:The MD context.
[in]input,:A buffer holding the input data.
[in]inLen,:The length of the input data.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 175 of file pal_Crypto.c.

palStatus_t pal_parseECPrivateKeyFromDER ( const unsigned char *  prvDERKey,
size_t  keyLen,
palECKeyHandle_t  key 
)

Parse DER encoded private key.

Parameters:
[in]prvDERKey,:A buffer that holds the DER encoded private key.
[in]keyLen,:The key length.
[out]key,:A handle for the context that holds the parsed key.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 417 of file pal_Crypto.c.

palStatus_t pal_parseECPublicKeyFromDER ( const unsigned char *  pubDERKey,
size_t  keyLen,
palECKeyHandle_t  key 
)

Parse DER encoded public key.

Parameters:
[in]pubDERKey,:A buffer that holds the DER encoded public key.
[in]keyLen,:The key length.
[out]key,:A handle for the context that holds the parsed key.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 426 of file pal_Crypto.c.

palStatus_t pal_setAesKey ( palAesHandle_t  aes,
const unsigned char *  key,
uint32_t  keybits,
palAesKeyType_t  keyTarget 
)

Set AES key context for encryption or decryption.

Parameters:
[in]aes,:The AES context.
[in]key,:The AES key.
[in]keybits,:The size of the key in bits.
[in]keyTarget,:The key target (encryption/decryption).
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 38 of file pal_Crypto.c.

palStatus_t pal_sha256 ( const unsigned char *  input,
size_t  inLen,
unsigned char  output[PAL_SHA256_SIZE] 
)

Process SHA256 over the input buffer.

Parameters:
[in]input,:A buffer for the input data.
[in]inLen,:The length of the input data.
[out]output,:The SHA256 checksum result.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
palStatus_t pal_verifySignature ( palX509Handle_t  x509,
palMDType_t  mdType,
const unsigned char *  hash,
size_t  hashLen,
const unsigned char *  sig,
size_t  sigLen 
)

Verify the signature.

Parameters:
[in]x509,:The certificate context that holds the PK data.
[in]mdType,:The MD algorithm used.
[in]hash,:The hash of the message to sign.
[in]hashLen,:The hash length.
[in]sig,:The signature to verify.
[in]sigLen,:The signature length.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 211 of file pal_Crypto.c.

palStatus_t pal_writePrivateKeyToDer ( palECKeyHandle_t  key,
unsigned char *  derBuffer,
size_t  bufferSize,
size_t *  actualSize 
)

Encode given private key from key handle to DER buffer.

Parameters:
[in]key,:A handle to the private key.
[out]derBuffer,:A buffer to hold the result of the DER encoding.
[in]bufferSize,:The size of the allocated buffer.
[out]actualSize,:The actual size of the written data.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 435 of file pal_Crypto.c.

palStatus_t pal_writePublicKeyToDer ( palECKeyHandle_t  key,
unsigned char *  derBuffer,
size_t  bufferSize,
size_t *  actualSize 
)

Encode given public key from key handle to DER buffer.

Parameters:
[in]key,:A handle to the public key.
[out]derBuffer,:A buffer to hold the result of the DER encoding.
[in]bufferSize,:The size of the allocated buffer.
[out]actualSize,:The actual size of the written data.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 444 of file pal_Crypto.c.

palStatus_t pal_x509CertGetAttribute ( palX509Handle_t  x509Cert,
palX509Attr_t  attr,
void *  output,
size_t  outLenBytes,
size_t *  actualOutLenBytes 
)

Get attributes from the parsed certificate.

Parameters:
[in]x509Cert,:The parsed certificate.
[in]attr,:The required attribute.
[out]output,:A buffer to hold the attribute value.
[in]outLenBytes,:The size of the allocated buffer.
[out]actualOutLenBytes,:The actual size of the attribute.
Note:
In case of PAL_ERR_BUFFER_TOO_SMALL, the required size is assigned into the `actualOutLen` parameter.
`PAL_X509_CERT_ID_ATTR` required 33 bytes buffer size.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 109 of file pal_Crypto.c.

palStatus_t pal_x509CertGetHTBS ( palX509Handle_t  x509Cert,
palMDType_t  hash_type,
unsigned char *  output,
size_t  outLenBytes,
size_t *  actualOutLenBytes 
)

Calculate the hash of the To Be Signed part of an X509 certificate. This function may be used to validate a certificate signature: Simply retrieve this hash, verify the signature using this hash, the public key and the signature of the X509

Parameters:
[in]x509Cert,:Handle to the certificate to hash the TBS (to be signed part).
[in]hash_type,:The hash type. Currently only PAL_SHA256 supported
[out]output,:Pointer to a buffer that will contain the hash digest. This buffer must be at least the size of the digest. If hash_type is PAL_SHA256, then buffer pointed to by output must be at least 32 bytes.
[in]outLenBytes,:The size of the buffer pointed to by output. Must be at least the size of the digest
[out]actualOutLenBytes,:Size of the digest copied to output. In case of success, will always be the length of the hash digest
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 635 of file pal_Crypto.c.

palStatus_t pal_x509CertParse ( palX509Handle_t  x509Cert,
const unsigned char *  input,
size_t  inLen 
)

Parse one or more certificates and add them to the chained list.

Parameters:
[in]x509Cert,:The beginning of the chain.
[in]input,:A buffer holding the certificate data in PEM or DER format.
[in]inLen,:The size of the input buffer.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 96 of file pal_Crypto.c.

palStatus_t pal_x509CertVerify ( palX509Handle_t  x509Cert,
palX509Handle_t  x509CertChain 
)

Verify one or more X509 DER formatted certificates.

Parameters:
[in]x509Cert,:A handle holding the parsed certificate.
[in]x509Cert,:The beginning of the chain to verify the X509 DER certificate with. (Optional)
Returns:
PAL_SUCCESS on success. In case of failure:
  • PAL_ERR_X509_BADCERT_EXPIRED
  • PAL_ERR_X509_BADCERT_FUTURE
  • PAL_ERR_X509_BADCERT_BAD_MD
  • PAL_ERR_X509_BADCERT_BAD_PK
  • PAL_ERR_X509_BADCERT_NOT_TRUSTED
  • PAL_ERR_X509_BADCERT_BAD_KEY

Definition at line 138 of file pal_Crypto.c.

palStatus_t pal_x509CertVerifyExtended ( palX509Handle_t  x509Cert,
palX509Handle_t  x509CertChain,
int32_t *  verifyResult 
)

Verify one or more X509 DER formatted certificates.

Parameters:
[in]x509Cert,:A handle holding the parsed certificate.
[in]x509Cert,:The beginning of the chain to verify the X509 DER certificate with. (Optional)
[out]verifyResult,:bitmask of errors that cause the failure, this value is relevant ONLY in case that the return value of the function is `PAL_ERR_X509_CERT_VERIFY_FAILED`.
Returns:
PAL_SUCCESS on success. In case of failure returns `PAL_ERR_X509_CERT_VERIFY_FAILED`.

in order to turn off the MSB bit.

Definition at line 122 of file pal_Crypto.c.

palStatus_t pal_x509CSRFree ( palx509CSRHandle_t *  x509CSR )

Free the x509 CSR context.

Parameters:
[in]x509CSR,:The CSR context to free.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 592 of file pal_Crypto.c.

palStatus_t pal_x509CSRInit ( palx509CSRHandle_t *  x509CSR )

Allocate and initialize x509 CSR context.

Parameters:
[in]x509CSR,:The CSR context to allocate and initialize.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 488 of file pal_Crypto.c.

palStatus_t pal_x509CSRSetExtendedKeyUsage ( palx509CSRHandle_t  x509CSR,
uint32_t  extKeyUsage 
)

Set the extended key usage extension.

Parameters:
[in]x509CSR,:The CSR context to use.
[in]extKeyUsage,:The extended key usage flags, should be taken from `palExtKeyUsage_t`.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 553 of file pal_Crypto.c.

palStatus_t pal_x509CSRSetExtension ( palx509CSRHandle_t  x509CSR,
const char *  oid,
size_t  oidLen,
const unsigned char *  value,
size_t  valueLen 
)

Generic function to add to the CSR.

Parameters:
[in]x509CSR,:The CSR context to use.
[in]oid,:The OID of the extension.
[in]oidLen,:The OID length.
[in]value,:The value of the extension OCTET STRING.
[in]valueLen,:The value length.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 566 of file pal_Crypto.c.

palStatus_t pal_x509CSRSetKey ( palx509CSRHandle_t  x509CSR,
palECKeyHandle_t  pubKey,
palECKeyHandle_t  prvKey 
)

Set the key for a CSR.

Parameters:
[in]x509CSR,:The CSR context to use.
[in]pubKey,:The public key to include. To use a key pair handle, see the note.
[in]prvKey,:The public key to sign with.
Note:
To use key pair, send it as `pubKey` and NULL as `prvKey`.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 514 of file pal_Crypto.c.

palStatus_t pal_x509CSRSetKeyUsage ( palx509CSRHandle_t  x509CSR,
uint32_t  keyUsage 
)

Set the key usage extension flags.

Parameters:
[in]x509CSR,:The CSR context to use.
[in]keyUsage,:The key usage flags, should be taken from `palKeyUsage_t`.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 540 of file pal_Crypto.c.

palStatus_t pal_x509CSRSetMD ( palx509CSRHandle_t  x509CSR,
palMDType_t  mdType 
)

Set the MD algorithm to use for the signature.

Parameters:
[in]x509CSR,:The CSR context to use.
[in]mdType,:The MD algorithm to use.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 527 of file pal_Crypto.c.

palStatus_t pal_x509CSRSetSubject ( palx509CSRHandle_t  x509CSR,
const char *  subjectName 
)

Set the subject name for a CSR. Subject names should contain a comma-separated list of OIDs and values.

Parameters:
[in]x509CSR,:The CSR context to use.
[in]subjectName,:The subject name to set
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 501 of file pal_Crypto.c.

palStatus_t pal_x509CSRWriteDER ( palx509CSRHandle_t  x509CSR,
unsigned char *  derBuf,
size_t  derBufLen,
size_t *  actualDerLen 
)

Write a CSR to a DER structure

Parameters:
[in]x509CSR,:The CSR context to use.
[in]derBuf,:A buffer to write to.
[in]derBufLen,:The buffer length.
[in]actualDerLen,:The actual length of the written data.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 579 of file pal_Crypto.c.

palStatus_t pal_x509Free ( palX509Handle_t *  x509Cert )

Deallocate all certificate data.

Parameters:
[in,out]x509Cert,:The certificate chain to free.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 153 of file pal_Crypto.c.

palStatus_t pal_x509Initiate ( palX509Handle_t *  x509Cert )

Initialize a certificate (chain) context.

Parameters:
[in,out]x509Cert,:The certificate chain to initialize.
Returns:
PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 83 of file pal_Crypto.c.

Generated on Tue Jul 12 2022 19:12:18 by  doxygen 1.7.2