Simple interface for Mbed Cloud Client
Embed:
(wiki syntax)
Show/hide line numbers
arm_uc_crypto.h
00001 // ---------------------------------------------------------------------------- 00002 // Copyright 2016-2017 ARM Ltd. 00003 // 00004 // SPDX-License-Identifier: Apache-2.0 00005 // 00006 // Licensed under the Apache License, Version 2.0 (the "License"); 00007 // you may not use this file except in compliance with the License. 00008 // You may obtain a copy of the License at 00009 // 00010 // http://www.apache.org/licenses/LICENSE-2.0 00011 // 00012 // Unless required by applicable law or agreed to in writing, software 00013 // distributed under the License is distributed on an "AS IS" BASIS, 00014 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00015 // See the License for the specific language governing permissions and 00016 // limitations under the License. 00017 // ---------------------------------------------------------------------------- 00018 00019 #ifndef ARM_UPDATE_CRYPTO_H 00020 #define ARM_UPDATE_CRYPTO_H 00021 00022 #ifdef __cplusplus 00023 extern "C" { 00024 #endif 00025 00026 #include "arm_uc_error.h" 00027 #include "arm_uc_types.h" 00028 #include "arm_uc_config.h" 00029 00030 #ifndef ARM_UC_USE_PAL_CRYPTO 00031 #define ARM_UC_USE_PAL_CRYPTO 0 00032 #endif 00033 00034 #if ARM_UC_USE_PAL_CRYPTO 00035 #include "pal.h" 00036 #ifndef palMDHandle_t 00037 #include "pal_Crypto.h" 00038 #endif 00039 00040 typedef palMDHandle_t arm_uc_mdHandle_t; 00041 typedef palMDType_t arm_uc_mdType_t; 00042 typedef struct arm_uc_cipherHandle_t { 00043 palAesHandle_t aes_context; 00044 uint8_t* aes_iv; 00045 } arm_uc_cipherHandle_t; 00046 00047 #define ARM_UC_CU_SHA256 PAL_SHA256 00048 00049 #else // ARM_UC_USE_PAL_CRYPTO 00050 00051 #include "mbedtls/md_internal.h" 00052 #include "mbedtls/sha256.h" 00053 #include "mbedtls/x509_crt.h" 00054 #include "mbedtls/aes.h" 00055 #include "mbedtls/cipher.h" 00056 typedef mbedtls_md_context_t arm_uc_mdHandle_t; 00057 typedef mbedtls_md_type_t arm_uc_mdType_t; 00058 typedef struct arm_uc_cipherHandle_t { 00059 mbedtls_aes_context aes_context; 00060 uint8_t aes_partial[MBEDTLS_MAX_BLOCK_LENGTH]; 00061 uint8_t* aes_iv; 00062 size_t aes_nc_off; 00063 } arm_uc_cipherHandle_t; 00064 00065 #define ARM_UC_CU_SHA256 MBEDTLS_MD_SHA256 00066 00067 #endif // ARM_UC_USE_PAL_CRYPTO 00068 00069 /** 00070 * @brief Verify a public key signature 00071 * @details This function loads a certificate out of `ca`, and validates `hash` using the certificate and `sig`. If the 00072 * certificate used by this function requires a certificate chain validation (i.e. it is not the root of trust, 00073 * or it has not been previously validated), certificate chain validation should be done prior to calling this 00074 * function. 00075 * 00076 * WARNING: this function is to be used only inside a function where its arguments have been error checked. 00077 * WARNING: This is an internal utility function and is not accessible outside of the manifest manager. 00078 * 00079 * @param[in] ca A pointer to a buffer that contains the signing certificate. 00080 * @param[in] hash A pointer to a buffer containing the hash to verify. 00081 * @param[in] sig A pointer to a buffer containing a signature by `ca` 00082 * @retval MFST_ERR_CERT_INVALID when the certificate fails to load 00083 * @retval MFST_ERR_INVALID_SIGNATURE when signature verification fails 00084 * @retval MFST_ERR_NONE for a valid signature 00085 */ 00086 arm_uc_error_t ARM_UC_verifyPkSignature(const arm_uc_buffer_t* ca, const arm_uc_buffer_t* hash, const arm_uc_buffer_t* sig); 00087 arm_uc_error_t ARM_UC_cryptoHashSetup(arm_uc_mdHandle_t* h, arm_uc_mdType_t mdType); 00088 arm_uc_error_t ARM_UC_cryptoHashUpdate(arm_uc_mdHandle_t* h, arm_uc_buffer_t* input); 00089 arm_uc_error_t ARM_UC_cryptoHashFinish(arm_uc_mdHandle_t* h, arm_uc_buffer_t* output); 00090 arm_uc_error_t ARM_UC_cryptoDecryptSetup(arm_uc_cipherHandle_t* h, arm_uc_buffer_t* key, arm_uc_buffer_t* iv, int32_t bits); 00091 arm_uc_error_t ARM_UC_cryptoDecryptUpdate(arm_uc_cipherHandle_t* h, const uint8_t* input_ptr, uint32_t input_size, arm_uc_buffer_t* output); 00092 arm_uc_error_t ARM_UC_cryptoDecryptFinish(arm_uc_cipherHandle_t* h, arm_uc_buffer_t* output); 00093 00094 /** 00095 * @brief Calculate HAMC-SHA256 00096 * 00097 * @param key buffer struct containing the hmac key 00098 * @param input buffer struct containing the input data 00099 * @param output buffer struct to cotain output HMAC, it is safe to use the same buffer 00100 * as input to save memory. The size member of the struct will be set on success. 00101 * 00102 * @return ARM_UC_CU_ERR_NONE on success, error code on failure. 00103 */ 00104 arm_uc_error_t ARM_UC_cryptoHMACSHA256(arm_uc_buffer_t* key, arm_uc_buffer_t* input, arm_uc_buffer_t* output); 00105 00106 /** 00107 * @brief Get a 256 device key. 00108 * 00109 * @param output buffer struct to cotain output device key. 00110 The size member of the struct will be set on success. 00111 * 00112 * @return ARM_UC_CU_ERR_NONE on success, error code on failure. 00113 */ 00114 arm_uc_error_t ARM_UC_getDeviceKey256Bit(arm_uc_buffer_t* output); 00115 00116 /** 00117 * @brief Function to get the device root of trust 00118 * @details The device root of trust should be a 128 bit value. It should never leave the device. 00119 * It should be unique to the device. It should have enough entropy to avoid contentional 00120 * entropy attacks. The porter should implement the following device signature to provide 00121 * device root of trust on different platforms. 00122 * 00123 * @param key_buf buffer to be filled with the device root of trust. 00124 * @param length length of the buffer provided to make sure no overflow occurs. 00125 * 00126 * @return 0 on success, non-zero on failure. 00127 */ 00128 int8_t mbed_cloud_client_get_rot_128bit(uint8_t *key_buf, uint32_t length); 00129 00130 #ifdef __cplusplus 00131 } 00132 #endif 00133 00134 #endif // ARM_UPDATE_CRYPTO_H
Generated on Tue Jul 12 2022 19:01:32 by 1.7.2