Simple interface for Mbed Cloud Client
pal_plat_Crypto.h File Reference
PAL cryptographic - platform. This file contains cryptographic APIs that need to be implemented in the platform layer. More...
Go to the source code of this file.
Functions | |
palStatus_t | pal_plat_initCrypto (void) |
palStatus_t | pal_plat_cleanupCrypto (void) |
palStatus_t | pal_plat_initAes (palAesHandle_t *aes) |
palStatus_t | pal_plat_freeAes (palAesHandle_t *aes) |
palStatus_t | pal_plat_setAesKey (palAesHandle_t aes, const unsigned char *key, uint32_t keybits, palAesKeyType_t keyTarget) |
palStatus_t | pal_plat_aesCTR (palAesHandle_t aes, const unsigned char *input, unsigned char *output, size_t inLen, unsigned char iv[16], bool zeroOffset) |
palStatus_t | pal_plat_aesECB (palAesHandle_t aes, const unsigned char input[PAL_CRYPT_BLOCK_SIZE], unsigned char output[PAL_CRYPT_BLOCK_SIZE], palAesMode_t mode) |
palStatus_t | pal_plat_sha256 (const unsigned char *input, size_t inLen, unsigned char *output) |
palStatus_t | pal_plat_x509Initiate (palX509Handle_t *x509) |
palStatus_t | pal_plat_x509CertParse (palX509Handle_t x509, const unsigned char *input, size_t inLen) |
palStatus_t | pal_plat_x509CertGetAttribute (palX509Handle_t x509Cert, palX509Attr_t attr, void *output, size_t outLenBytes, size_t *actualOutLenBytes) |
palStatus_t | pal_plat_x509CertVerifyExtended (palX509Handle_t x509Cert, palX509Handle_t x509CertChain, int32_t *verifyResult) |
palStatus_t | pal_plat_x509Free (palX509Handle_t *x509) |
palStatus_t | pal_plat_mdInit (palMDHandle_t *md, palMDType_t mdType) |
palStatus_t | pal_plat_mdUpdate (palMDHandle_t md, const unsigned char *input, size_t inLen) |
palStatus_t | pal_plat_mdGetOutputSize (palMDHandle_t md, size_t *bufferSize) |
palStatus_t | pal_plat_mdFinal (palMDHandle_t md, unsigned char *output) |
palStatus_t | pal_plat_mdFree (palMDHandle_t *md) |
palStatus_t | pal_plat_verifySignature (palX509Handle_t x509, palMDType_t mdType, const unsigned char *hash, size_t hashLen, const unsigned char *sig, size_t sigLen) |
palStatus_t | pal_plat_ASN1GetTag (unsigned char **position, const unsigned char *end, size_t *len, uint8_t tag) |
palStatus_t | pal_plat_CCMInit (palCCMHandle_t *ctx) |
palStatus_t | pal_plat_CCMFree (palCCMHandle_t *ctx) |
palStatus_t | pal_plat_CCMSetKey (palCCMHandle_t ctx, palCipherID_t id, const unsigned char *key, unsigned int keybits) |
palStatus_t | pal_plat_CCMDecrypt (palCCMHandle_t ctx, unsigned char *input, size_t inLen, unsigned char *iv, size_t ivLen, unsigned char *add, size_t addLen, unsigned char *tag, size_t tagLen, unsigned char *output) |
palStatus_t | pal_plat_CCMEncrypt (palCCMHandle_t ctx, unsigned char *input, size_t inLen, unsigned char *iv, size_t ivLen, unsigned char *add, size_t addLen, unsigned char *output, unsigned char *tag, size_t tagLen) |
palStatus_t | pal_plat_CtrDRBGInit (palCtrDrbgCtxHandle_t *ctx) |
palStatus_t | pal_plat_CtrDRBGFree (palCtrDrbgCtxHandle_t *ctx) |
palStatus_t | pal_plat_CtrDRBGSeed (palCtrDrbgCtxHandle_t ctx, const void *seed, size_t len) |
palStatus_t | pal_plat_CtrDRBGGenerate (palCtrDrbgCtxHandle_t ctx, unsigned char *out, size_t len) |
palStatus_t | pal_plat_CtrDRBGGenerateWithAdditional (palCtrDrbgCtxHandle_t ctx, unsigned char *out, size_t len, unsigned char *additional, size_t additionalLen) |
palStatus_t | pal_plat_cipherCMAC (const unsigned char *key, size_t keyLenInBits, const unsigned char *input, size_t inputLenInBytes, unsigned char *output) |
palStatus_t | pal_plat_CMACStart (palCMACHandle_t *ctx, const unsigned char *key, size_t keyLenBits, palCipherID_t cipherID) |
palStatus_t | pal_plat_CMACUpdate (palCMACHandle_t ctx, const unsigned char *input, size_t inLen) |
palStatus_t | pal_plat_CMACFinish (palCMACHandle_t *ctx, unsigned char *output, size_t *outLen) |
palStatus_t | pal_plat_mdHmacSha256 (const unsigned char *key, size_t keyLenInBytes, const unsigned char *input, size_t inputLenInBytes, unsigned char *output, size_t *outputLenInBytes) |
palStatus_t | pal_plat_ECCheckKey (palCurveHandle_t grp, palECKeyHandle_t key, uint32_t type, bool *verified) |
palStatus_t | pal_plat_ECKeyNew (palECKeyHandle_t *key) |
palStatus_t | pal_plat_ECKeyFree (palECKeyHandle_t *key) |
palStatus_t | pal_plat_parseECPrivateKeyFromDER (const unsigned char *prvDERKey, size_t keyLen, palECKeyHandle_t key) |
palStatus_t | pal_plat_parseECPublicKeyFromDER (const unsigned char *pubDERKey, size_t keyLen, palECKeyHandle_t key) |
palStatus_t | pal_plat_writePrivateKeyToDer (palECKeyHandle_t key, unsigned char *derBuffer, size_t bufferSize, size_t *actualSize) |
palStatus_t | pal_plat_writePublicKeyToDer (palECKeyHandle_t key, unsigned char *derBuffer, size_t bufferSize, size_t *actualSize) |
palStatus_t | pal_plat_ECKeyGenerateKey (palGroupIndex_t grpID, palECKeyHandle_t key) |
palStatus_t | pal_plat_ECKeyGetCurve (palECKeyHandle_t key, palGroupIndex_t *grpID) |
palStatus_t | pal_plat_x509CSRInit (palx509CSRHandle_t *x509CSR) |
palStatus_t | pal_plat_x509CSRSetSubject (palx509CSRHandle_t x509CSR, const char *subjectName) |
palStatus_t | pal_plat_x509CSRSetMD (palx509CSRHandle_t x509CSR, palMDType_t mdType) |
palStatus_t | pal_plat_x509CSRSetKey (palx509CSRHandle_t x509CSR, palECKeyHandle_t pubKey, palECKeyHandle_t prvKey) |
palStatus_t | pal_plat_x509CSRSetKeyUsage (palx509CSRHandle_t x509CSR, uint32_t keyUsage) |
palStatus_t | pal_plat_x509CSRSetExtension (palx509CSRHandle_t x509CSR, const char *oid, size_t oidLen, const unsigned char *value, size_t valueLen) |
palStatus_t | pal_plat_x509CSRWriteDER (palx509CSRHandle_t x509CSR, unsigned char *derBuf, size_t derBufLen, size_t *actualDerLen) |
palStatus_t | pal_plat_x509CSRFree (palx509CSRHandle_t *x509CSR) |
palStatus_t | pal_plat_ECDHComputeKey (const palCurveHandle_t grp, const palECKeyHandle_t peerPublicKey, const palECKeyHandle_t privateKey, palECKeyHandle_t outKey) |
palStatus_t | pal_plat_ECDSASign (palCurveHandle_t grp, palMDType_t mdType, palECKeyHandle_t prvKey, unsigned char *dgst, uint32_t dgstLen, unsigned char *sig, size_t *sigLen) |
palStatus_t | pal_plat_ECDSAVerify (palECKeyHandle_t pubKey, unsigned char *dgst, uint32_t dgstLen, unsigned char *sig, size_t sigLen, bool *verified) |
palStatus_t | pal_plat_ECGroupFree (palCurveHandle_t *grp) |
palStatus_t | pal_plat_ECGroupInitAndLoad (palCurveHandle_t *grp, palGroupIndex_t index) |
Detailed Description
PAL cryptographic - platform. This file contains cryptographic APIs that need to be implemented in the platform layer.
Definition in file pal_plat_Crypto.h.
Function Documentation
palStatus_t pal_plat_aesCTR | ( | palAesHandle_t | aes, |
const unsigned char * | input, | ||
unsigned char * | output, | ||
size_t | inLen, | ||
unsigned char | iv[16], | ||
bool | zeroOffset | ||
) |
AES-CTR buffer encryption/decryption.
- Parameters:
-
[in] aes,: AES context. [in] input,: The input data buffer. [out] output,: The output data buffer. [in] inLen,: The length of the input data. [in] iv,: The initialization vector for AES-CTR. [in] zeroOffset,: Send offset value zero to platform function.
- Note:
- Due to the nature of CTR you should use the same key schedule for both encryption and decryption. So before calling this function you MUST call `pal_setAesKey()` with the key target PAL_KEY_TARGET_ENCRYPTION to set the key.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 160 of file pal_plat_Crypto.c.
palStatus_t pal_plat_aesECB | ( | palAesHandle_t | aes, |
const unsigned char | input[PAL_CRYPT_BLOCK_SIZE], | ||
unsigned char | output[PAL_CRYPT_BLOCK_SIZE], | ||
palAesMode_t | mode | ||
) |
AES-ECB block encryption/decryption.
- Parameters:
-
[in] aes,: AES context. [in] input,: A 16-byte input block. [out] output,: A 16-byte output block. [in] mode,: PAL_AES_ENCRYPT or PAL_AES_DECRYPT
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 181 of file pal_plat_Crypto.c.
palStatus_t pal_plat_ASN1GetTag | ( | unsigned char ** | position, |
const unsigned char * | end, | ||
size_t * | len, | ||
uint8_t | tag | ||
) |
Get the tag and its length, check for the requested tag. Updates the pointer to immediately after the tag and length.
- Parameters:
-
[in,out] position,: The position in the ASN.1 data. [in] end,: The end of data. [out] len,: The tag length. [in] tag,: The expected tag.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 741 of file pal_plat_Crypto.c.
palStatus_t pal_plat_CCMDecrypt | ( | palCCMHandle_t | ctx, |
unsigned char * | input, | ||
size_t | inLen, | ||
unsigned char * | iv, | ||
size_t | ivLen, | ||
unsigned char * | add, | ||
size_t | addLen, | ||
unsigned char * | tag, | ||
size_t | tagLen, | ||
unsigned char * | output | ||
) |
CCM buffer authenticated decryption.
- Parameters:
-
[in] ctx,: The CCM context. [in] input A buffer holding the input data. [in] inLen,: The length of the input data. [in] iv,: The initialization vector. [in] ivLen,: The length of the IV. [in] add,: Additional data. [in] addLen,: The length of additional data. [in] tag,: A buffer holding the tag. [in] tag_len,: The length of the tag. [out] output,: A buffer for holding the output data.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 892 of file pal_plat_Crypto.c.
palStatus_t pal_plat_CCMEncrypt | ( | palCCMHandle_t | ctx, |
unsigned char * | input, | ||
size_t | inLen, | ||
unsigned char * | iv, | ||
size_t | ivLen, | ||
unsigned char * | add, | ||
size_t | addLen, | ||
unsigned char * | output, | ||
unsigned char * | tag, | ||
size_t | tagLen | ||
) |
CCM buffer encryption.
- Parameters:
-
[in] ctx,: The CCM context. [in] input A buffer holding the input data. [in] inLen,: The length of the input data. [in] iv,: The initialization vector. [in] ivLen,: The length of the IV. [in] add,: Additional data. [in] addLen,: The length of additional data. [out] output,: A buffer for holding the output data, must be at least 'inLen' bytes wide. [out] tag,: A buffer for holding the tag. [out] tag_len,: The length of the tag to generate in bytes.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 913 of file pal_plat_Crypto.c.
palStatus_t pal_plat_CCMFree | ( | palCCMHandle_t * | ctx ) |
CCM destruction.
- Parameters:
-
[in] ctx,: The CCM context to destroy.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 849 of file pal_plat_Crypto.c.
palStatus_t pal_plat_CCMInit | ( | palCCMHandle_t * | ctx ) |
CCM initialization.
- Parameters:
-
[in] ctx,: The CCM context to be initialized.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 830 of file pal_plat_Crypto.c.
palStatus_t pal_plat_CCMSetKey | ( | palCCMHandle_t | ctx, |
palCipherID_t | id, | ||
const unsigned char * | key, | ||
unsigned int | keybits | ||
) |
CCM set key.
- Parameters:
-
[in] ctx,: The CCM context. [in] id,: The cipher to use (a 128-bit block cipher). [in] key,: The encryption key. [in] keybits,: The key size in bits (must be acceptable by the cipher).
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 860 of file pal_plat_Crypto.c.
palStatus_t pal_plat_cipherCMAC | ( | const unsigned char * | key, |
size_t | keyLenInBits, | ||
const unsigned char * | input, | ||
size_t | inputLenInBytes, | ||
unsigned char * | output | ||
) |
AES cipher CMAC.
- Parameters:
-
[in] ctx,: The CMAC context to initialize. [in] key,: The encryption key. [in] keyLenInBits,: The key size in bits. [in] input,: A buffer for the input data. [in] inputLenInBytes,: The input data length in bytes. [out] output,: Generic CMAC result.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1025 of file pal_plat_Crypto.c.
palStatus_t pal_plat_cleanupCrypto | ( | void | ) |
Free resources for the Crypto library.
- Note:
- This function must be called in the general PAL cleanup function.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 98 of file pal_plat_Crypto.c.
palStatus_t pal_plat_CMACFinish | ( | palCMACHandle_t * | ctx, |
unsigned char * | output, | ||
size_t * | outLen | ||
) |
Iterative cipher CMAC finish.
- Parameters:
-
[in] ctx,: The CMAC context to initialize. [out] output,: A buffer for the output data. [out] outLen,: The output data length.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1122 of file pal_plat_Crypto.c.
palStatus_t pal_plat_CMACStart | ( | palCMACHandle_t * | ctx, |
const unsigned char * | key, | ||
size_t | keyLenBits, | ||
palCipherID_t | cipherID | ||
) |
Iterative cipher CMAC start.
- Parameters:
-
[in] ctx,: The CMAC context to initialize. [in] key,: The CMAC key. [in] keyLenBits,: The key size in bits. [in] cipherID,: A buffer for the input data.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1049 of file pal_plat_Crypto.c.
palStatus_t pal_plat_CMACUpdate | ( | palCMACHandle_t | ctx, |
const unsigned char * | input, | ||
size_t | inLen | ||
) |
Iterative cipher CMAC update.
- Parameters:
-
[in] ctx,: The CMAC context to initialize. [in] input,: A buffer for the input data. [in] inputLen,: The input data length.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1107 of file pal_plat_Crypto.c.
palStatus_t pal_plat_CtrDRBGFree | ( | palCtrDrbgCtxHandle_t * | ctx ) |
CTR_DRBG destroy.
- Parameters:
-
[in] ctx,: The CTR_DRBG context to destroy.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 954 of file pal_plat_Crypto.c.
palStatus_t pal_plat_CtrDRBGGenerate | ( | palCtrDrbgCtxHandle_t | ctx, |
unsigned char * | out, | ||
size_t | len | ||
) |
CTR_DRBG generate random.
- Parameters:
-
[in] ctx,: The CTR_DRBG context. [in] out,: The buffer to fill. [in] len,: The length of the buffer.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 991 of file pal_plat_Crypto.c.
palStatus_t pal_plat_CtrDRBGGenerateWithAdditional | ( | palCtrDrbgCtxHandle_t | ctx, |
unsigned char * | out, | ||
size_t | len, | ||
unsigned char * | additional, | ||
size_t | additionalLen | ||
) |
CTR_DRBG generate random with additional update input.
- Parameters:
-
[in] ctx,: The CTR_DRBG context. [in] out,: The buffer to fill. [in] len,: The length of the buffer. [in] additional,: Additional data to update with. [in] additionalLen,: Length of additional data.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 997 of file pal_plat_Crypto.c.
palStatus_t pal_plat_CtrDRBGInit | ( | palCtrDrbgCtxHandle_t * | ctx ) |
CTR_DRBG initialization.
- Parameters:
-
[in] ctx,: The CTR_DRBG context to be initialized.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 934 of file pal_plat_Crypto.c.
palStatus_t pal_plat_CtrDRBGSeed | ( | palCtrDrbgCtxHandle_t | ctx, |
const void * | seed, | ||
size_t | len | ||
) |
CTR_DRBG initial seeding.
- Parameters:
-
[in] ctx,: The CTR_DRBG context to be seeded. [in] seed,: The seed data. [in] len,: The seed data length.
- Returns:
- PAL_SUCCESS on success, negative value indicating a specific error code in case of failure.
Definition at line 967 of file pal_plat_Crypto.c.
palStatus_t pal_plat_ECCheckKey | ( | palCurveHandle_t | grp, |
palECKeyHandle_t | key, | ||
uint32_t | type, | ||
bool * | verified | ||
) |
Check that the private and/or public key is a valid key and the public key is on this curve.
- Parameters:
-
[in] grp,: The curve/group the point should belong to. [in] key,: A pointer to the struct that holds the keys to check. [in] type,: PAL_CHECK_PRIVATE_KEY/PAL_CHECK_PUBLIC_KEY/PAL_CHECK_BOTH_KEYS [out] verified,: The result of the verification.
- Note:
- The key can contain only private or public key or both.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1238 of file pal_plat_Crypto.c.
palStatus_t pal_plat_ECDHComputeKey | ( | const palCurveHandle_t | grp, |
const palECKeyHandle_t | peerPublicKey, | ||
const palECKeyHandle_t | privateKey, | ||
palECKeyHandle_t | outKey | ||
) |
Compute a shared secret.
- Parameters:
-
[in] grp,: The ECP group. [in] peerPublicKey,: The public key from a peer. [in] privateKey,: The private key. [out] outKey,: The shared secret.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1556 of file pal_plat_Crypto.c.
palStatus_t pal_plat_ECDSASign | ( | palCurveHandle_t | grp, |
palMDType_t | mdType, | ||
palECKeyHandle_t | prvKey, | ||
unsigned char * | dgst, | ||
uint32_t | dgstLen, | ||
unsigned char * | sig, | ||
size_t * | sigLen | ||
) |
Compute the ECDSA signature of a previously hashed message.
- Parameters:
-
[in] grp,: The ECP group. [in] prvKey,: The private signing key- [in] dgst,: The message hash. [in] dgstLen,: The length of the message buffer. [out] sig,: A buffer to hold the computed signature. [out] sigLen,: The length of the computed signature.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1592 of file pal_plat_Crypto.c.
palStatus_t pal_plat_ECDSAVerify | ( | palECKeyHandle_t | pubKey, |
unsigned char * | dgst, | ||
uint32_t | dgstLen, | ||
unsigned char * | sig, | ||
size_t | sigLen, | ||
bool * | verified | ||
) |
Verify the ECDSA signature of a previously hashed message.
- Parameters:
-
[in] pubKey,: The public key for verification. [in] dgst,: The message hash. [in] dgstLen,: The length of the message buffer. [in] sign,: The signature. [in] sig,: A buffer to hold the computed signature. [in] sigLen,: The length of the computed signature. [out] verified,: The boolean to hold the verification result.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1640 of file pal_plat_Crypto.c.
palStatus_t pal_plat_ECGroupFree | ( | palCurveHandle_t * | grp ) |
Free the components of an ECP group.
- Parameters:
-
[in] grp,: The curve/group to free.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1499 of file pal_plat_Crypto.c.
palStatus_t pal_plat_ECGroupInitAndLoad | ( | palCurveHandle_t * | grp, |
palGroupIndex_t | index | ||
) |
ECP group initialize and set a group using well-known domain parameters.
- Parameters:
-
[in] grp,: The destination group. [in] index,: The index in the list of well-known domain parameters.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1511 of file pal_plat_Crypto.c.
palStatus_t pal_plat_ECKeyFree | ( | palECKeyHandle_t * | key ) |
Free the components of a key pair.
- Parameters:
-
[in] key,: The key to free.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1278 of file pal_plat_Crypto.c.
palStatus_t pal_plat_ECKeyGenerateKey | ( | palGroupIndex_t | grpID, |
palECKeyHandle_t | key | ||
) |
Generate a keypair.
- Parameters:
-
[in] grpID,: The ECP group identifier. [in] key,: A handle to the destination keypair.
- Note:
- The `key` parameter must be first allocated by `pal_ECKeyNew()`.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1445 of file pal_plat_Crypto.c.
palStatus_t pal_plat_ECKeyGetCurve | ( | palECKeyHandle_t | key, |
palGroupIndex_t * | grpID | ||
) |
Retrieve the curve ID if it exists in the given key.
- Parameters:
-
[in] key,: The key to retrieve its curve. [out] grpID,: The curve/group ID for the given key. In case of error, this pointer contains "PAL_ECP_DP_NONE".
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1475 of file pal_plat_Crypto.c.
palStatus_t pal_plat_ECKeyNew | ( | palECKeyHandle_t * | key ) |
Allocate key context and initialize a key pair (as an invalid one).
[in] key: The key pair context to initialize
- Returns:
- PAL_SUCCESS on success, negative value indicating a specific error code in case of failure.
Definition at line 1259 of file pal_plat_Crypto.c.
palStatus_t pal_plat_freeAes | ( | palAesHandle_t * | aes ) |
Free AES context.
- Parameters:
-
[in,out] aes,: AES context to be deallocated.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 124 of file pal_plat_Crypto.c.
palStatus_t pal_plat_initAes | ( | palAesHandle_t * | aes ) |
Initialize AES context.
- Parameters:
-
[in,out] aes,: AES context to be initialized.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 103 of file pal_plat_Crypto.c.
palStatus_t pal_plat_initCrypto | ( | void | ) |
Initiate the Crypto library. Initialization may not be required for some crypto libraries. In such cases, the implementation may be empty.
- Note:
- This function must be called in the general PAL initializtion function.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 93 of file pal_plat_Crypto.c.
palStatus_t pal_plat_mdFinal | ( | palMDHandle_t | md, |
unsigned char * | output | ||
) |
Generic message digest final digest.
- Parameters:
-
[in] md,: The MD context. [in] output,: The generic message digest checksum result.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 679 of file pal_plat_Crypto.c.
palStatus_t pal_plat_mdFree | ( | palMDHandle_t * | md ) |
Free and clear the MD context.
- Parameters:
-
[in,out] md,: The AES context to be freed.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 702 of file pal_plat_Crypto.c.
palStatus_t pal_plat_mdGetOutputSize | ( | palMDHandle_t | md, |
size_t * | bufferSize | ||
) |
Generic message digest output buffer size getter.
- Parameters:
-
[in] md,: The MD context. [out] bufferSize,: A pointer to hold the output size of the` pal_mdFinal()` for the given handle.
- Note:
- You SHOULD call this function before calling `pal_mdFinal()`.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 661 of file pal_plat_Crypto.c.
palStatus_t pal_plat_mdHmacSha256 | ( | const unsigned char * | key, |
size_t | keyLenInBytes, | ||
const unsigned char * | input, | ||
size_t | inputLenInBytes, | ||
unsigned char * | output, | ||
size_t * | outputLenInBytes | ||
) |
One shot md HMAC.
- Parameters:
-
[in] key,: The encryption key. [in] keyLenInBytes,: The key size in bytes. [in] input,: A buffer for the input data. [in] inputLenInBytes,: The input data length in bytes. [out] output,: The generic HMAC result. [out] outputLenInBytes,: Size of the HMAC result (optional).
- Note:
- Expects output to be 32 bytes long
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1146 of file pal_plat_Crypto.c.
palStatus_t pal_plat_mdInit | ( | palMDHandle_t * | md, |
palMDType_t | mdType | ||
) |
Initialize an MD context and set up the required data according to the given algorithm.
- Parameters:
-
[in,out] md,: The MD context to be initialized. [in] mdType,: The MD algorithm.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 553 of file pal_plat_Crypto.c.
palStatus_t pal_plat_mdUpdate | ( | palMDHandle_t | md, |
const unsigned char * | input, | ||
size_t | inLen | ||
) |
Generic message digest process buffer.
- Parameters:
-
[in] md,: The MD context. [in] input,: A buffer holding the input data. [in] inLen,: The length of the input data.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 638 of file pal_plat_Crypto.c.
palStatus_t pal_plat_parseECPrivateKeyFromDER | ( | const unsigned char * | prvDERKey, |
size_t | keyLen, | ||
palECKeyHandle_t | key | ||
) |
Parse a DER encoded private key.
- Parameters:
-
[in] prvDERKey,: A buffer that holds the DER encoded private key. [in] keyLen,: The key length. [out] key,: A handle for the context that holds the parsed key.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1314 of file pal_plat_Crypto.c.
palStatus_t pal_plat_parseECPublicKeyFromDER | ( | const unsigned char * | pubDERKey, |
size_t | keyLen, | ||
palECKeyHandle_t | key | ||
) |
Parse a DER encoded public key.
- Parameters:
-
[in] pubDERKey,: A buffer that holds the DER encoded public key. [in] keyLen,: The key length. [out] key,: A handle for the context that holds the parsed key.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1349 of file pal_plat_Crypto.c.
palStatus_t pal_plat_setAesKey | ( | palAesHandle_t | aes, |
const unsigned char * | key, | ||
uint32_t | keybits, | ||
palAesKeyType_t | keyTarget | ||
) |
Set AES key context for encryption or decryption.
- Parameters:
-
[in] aes,: AES context. [in] key,: AES key. [in] keybits,: The size of the key in bits. [in] keyTarget,: The key target (encryption/decryption).
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 137 of file pal_plat_Crypto.c.
palStatus_t pal_plat_sha256 | ( | const unsigned char * | input, |
size_t | inLen, | ||
unsigned char * | output | ||
) |
Process SHA256 over the input buffer.
- Parameters:
-
[in] input,: A buffer for the input data. [in] inLen,: The length of the input data. [out] output,: SHA256 checksum result.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 196 of file pal_plat_Crypto.c.
palStatus_t pal_plat_verifySignature | ( | palX509Handle_t | x509, |
palMDType_t | mdType, | ||
const unsigned char * | hash, | ||
size_t | hashLen, | ||
const unsigned char * | sig, | ||
size_t | sigLen | ||
) |
Verify the signature.
- Parameters:
-
[in] x509,: The certificate context that holds the PK data. [in] mdType,: The MD algorithm used. [in] hash,: The hash of the message to sign. [in] hashLen,: The hash length. [in] sig,: The signature to verify. [in] sigLen,: The signature length.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 714 of file pal_plat_Crypto.c.
palStatus_t pal_plat_writePrivateKeyToDer | ( | palECKeyHandle_t | key, |
unsigned char * | derBuffer, | ||
size_t | bufferSize, | ||
size_t * | actualSize | ||
) |
Encode the given private key from the key handle to the DER buffer.
- Parameters:
-
[in] key,: A handle to the private key. [out] derBuffer,: A buffer to hold the result of the DER encoding. [in] bufferSize,: The size of the allocated buffer. [out] actualSize,: The actual size of the written data.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1405 of file pal_plat_Crypto.c.
palStatus_t pal_plat_writePublicKeyToDer | ( | palECKeyHandle_t | key, |
unsigned char * | derBuffer, | ||
size_t | bufferSize, | ||
size_t * | actualSize | ||
) |
Encode the given public key from the key handle to the DER buffer.
- Parameters:
-
[in] key,: A handle to the public key. [out] derBuffer,: A buffer to hold the result of the DER encoding. [in] bufferSize,: The size of the allocated buffer. [out] actualSize,: The actual size of the written data.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1425 of file pal_plat_Crypto.c.
palStatus_t pal_plat_x509CertGetAttribute | ( | palX509Handle_t | x509Cert, |
palX509Attr_t | attr, | ||
void * | output, | ||
size_t | outLenBytes, | ||
size_t * | actualOutLenBytes | ||
) |
Get attributes from the parsed certificate.
- Parameters:
-
[in] x509Cert,: The parsed certificate. [in] attr,: The required attribute. [out] output,: A buffer to hold the attribute value. [in] outLenBytes,: The size of the allocated buffer. [out] actualOutLenBytes,: The actual size of the attribute.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 358 of file pal_plat_Crypto.c.
palStatus_t pal_plat_x509CertParse | ( | palX509Handle_t | x509, |
const unsigned char * | input, | ||
size_t | inLen | ||
) |
Parse one or more certificates and add them to the chained list.
- Parameters:
-
[in] x509Cert,: The start of the chain. [in] input,: A buffer holding the certificate data in PEM or DER format. [in] inLen,: The size of the input buffer.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 223 of file pal_plat_Crypto.c.
palStatus_t pal_plat_x509CertVerifyExtended | ( | palX509Handle_t | x509Cert, |
palX509Handle_t | x509CertChain, | ||
int32_t * | verifyResult | ||
) |
Verify one or more X509 DER formatted certificates.
- Parameters:
-
[in] x509Cert,: A handle holding the parsed certificate. [in] x509CertChain,: The start of the chain to verify the X509 DER certificate with. (Optional) [out] verifyResult,: bitmask of errors that cause the failure, this value is relevant ONLY in case that the return value of the function is `PAL_ERR_X509_CERT_VERIFY_FAILED`.
- Note:
- In case platform doesn't support multipule errors for certificate verification, please return `PAL_ERR_X509_CERT_VERIFY_FAILED` and the reason should be specified in the `verifyResult`
- Returns:
- PAL_SUCCESS on success. In case of failure returns `PAL_ERR_X509_CERT_VERIFY_FAILED`.
please DO NOT change errors order
Definition at line 482 of file pal_plat_Crypto.c.
palStatus_t pal_plat_x509CSRFree | ( | palx509CSRHandle_t * | x509CSR ) |
Free the x509 CSR context.
- Parameters:
-
[in] x509CSR,: The CSR context to free.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1850 of file pal_plat_Crypto.c.
palStatus_t pal_plat_x509CSRInit | ( | palx509CSRHandle_t * | x509CSR ) |
Allocate and initialize the x509 CSR context.
- Parameters:
-
[in] x509CSR,: The CSR context to allocate and initialize.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1673 of file pal_plat_Crypto.c.
palStatus_t pal_plat_x509CSRSetExtension | ( | palx509CSRHandle_t | x509CSR, |
const char * | oid, | ||
size_t | oidLen, | ||
const unsigned char * | value, | ||
size_t | valueLen | ||
) |
Generic function to add to the CSR.
- Parameters:
-
[in] x509CSR,: The CSR context to use. [in] oid,: The OID of the extension. [in] oidLen,: The OID length. [in] value,: The value of the extension OCTET STRING. [in] valueLen,: The value length.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1814 of file pal_plat_Crypto.c.
palStatus_t pal_plat_x509CSRSetKey | ( | palx509CSRHandle_t | x509CSR, |
palECKeyHandle_t | pubKey, | ||
palECKeyHandle_t | prvKey | ||
) |
Set the key for a CSR.
- Parameters:
-
[in] x509CSR,: The CSR context to use. [in] pubKey,: The public key to include. To use the keypair handle, see the note. [in] prvKey,: The public key to sign with.
- Note:
- To use the keypair, please send it as `pubKey` and NULL as `prvKey`.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1719 of file pal_plat_Crypto.c.
palStatus_t pal_plat_x509CSRSetKeyUsage | ( | palx509CSRHandle_t | x509CSR, |
uint32_t | keyUsage | ||
) |
Set the key usage extension flags.
- Parameters:
-
[in] x509CSR,: The CSR context to use. [in] keyUsage,: The key usage flags that should be taken from `palKeyUsage_t`.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1779 of file pal_plat_Crypto.c.
palStatus_t pal_plat_x509CSRSetMD | ( | palx509CSRHandle_t | x509CSR, |
palMDType_t | mdType | ||
) |
Set the MD algorithm to use for the signature.
- Parameters:
-
[in] x509CSR,: The CSR context to use. [in] mdType,: The MD algorithm to use.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1757 of file pal_plat_Crypto.c.
palStatus_t pal_plat_x509CSRSetSubject | ( | palx509CSRHandle_t | x509CSR, |
const char * | subjectName | ||
) |
Set the subject name for a CSR. The subject names should contain a comma-separated list of OIDs and values.
- Parameters:
-
[in] x509CSR,: The CSR context to use. [in] subjectName,: The subject name to set.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 1691 of file pal_plat_Crypto.c.
palStatus_t pal_plat_x509CSRWriteDER | ( | palx509CSRHandle_t | x509CSR, |
unsigned char * | derBuf, | ||
size_t | derBufLen, | ||
size_t * | actualDerLen | ||
) |
Write a CSR to a DER structure.
- Parameters:
-
[in] x509CSR,: The CSR context to use. [in] derBuf,: A buffer to write to. [in] derBufLen,: The buffer length. [in] actualDerLen,: The actual length of the written data.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
mbedtls_x509write_csr_der() returns the size of the written CSR
we need to check if the length larger than zero
Definition at line 1828 of file pal_plat_Crypto.c.
palStatus_t pal_plat_x509Free | ( | palX509Handle_t * | x509 ) |
Deallocate all certificate data.
- Parameters:
-
[in,out] x509,: The certificate chain to free.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 539 of file pal_plat_Crypto.c.
palStatus_t pal_plat_x509Initiate | ( | palX509Handle_t * | x509 ) |
Initialize a certificate (chain) context.
- Parameters:
-
[in,out] x509Cert,: The certificate chain to initialize.
- Returns:
- PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.
Definition at line 203 of file pal_plat_Crypto.c.
Generated on Tue Jul 12 2022 19:01:38 by 1.7.2