DTLS_X509=1],
[])
+AC_ARG_WITH(hal,
+ [AS_HELP_STRING([--with-hal],[use a hardware abstraction layer for crypto functions])],
+ [AC_DEFINE(DTLS_CRYPTO_HAL, 1, [Define to 1 if building with Hardware Abstraction Layer])
+ DTLS_CRYPTO_HAL=1],
+ [])
+
CPPFLAGS="${CPPFLAGS} -DDTLSv12 -DWITH_SHA256"
OPT_OBJS="${OPT_OBJS} sha2/sha2.o"
const unsigned char *keyx_params, size_t keyx_params_size,
unsigned char *result_r, unsigned char *result_s);
+int dtls_ecdhe_psk_pre_master_secret(unsigned char *psk, size_t psklen,
+ unsigned char *ecc_priv_key,
+ unsigned char *ecc_pub_key_x,
+ unsigned char *ecc_pub_key_y,
+ size_t ecc_key_size,
+ unsigned char *result,
+ size_t result_len);
+
int dtls_ec_key_from_uint32_asn1(const uint32_t *key, size_t key_size,
unsigned char *buf);
/**
* Called during handshake to check the peer's pubic key in this
* session. If the public key matches the session and should be
- * considerated valid the return value must be @c 0. If not valid,
+ * considered valid the return value must be @c 0. If not valid,
* the return value must be less than zero.
*
* If ECDSA should not be supported, set this pointer to NULL.
*/
int (*is_x509_active)(struct dtls_context_t *ctx);
#endif /* DTLS_X509 */
+
} dtls_handler_t;
/** Holds global information of the DTLS engine. */
--- /dev/null
+/*
+Copyright (c) 2015 Atmel Corporation. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+this list of conditions and the following disclaimer in the documentation
+and/or other materials provided with the distribution.
+
+3. Neither the name of Atmel nor the names of its contributors may be used to
+endorse or promote products derived from this software without specific
+prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file dtls_hal.h
+ * @brief DTLS Hardware Abstraction Layer API and visible structures.
+ */
+
+#ifndef _DTLS_DTLS_HAL_H_
+#define _DTLS_DTLS_HAL_H_
+
+#include <stdint.h>
+#include <stdbool.h>
+
+// Define return values for HAL
+#define HAL_SUCCESS (1)
+#define HAL_FAILURE (0)
+#define ENC_KEY_SIZE (32)
+
+/**
+ * This structure contains callback functions used by tinydtls to
+ * provide a hardware abstraction layer for secure storage .
+ */
+typedef struct {
+
+ /**
+ * Call this function during application initialization to create HAL related resources.
+ *
+ * @param[in] ctx The current DTLS context.
+ * @return HAL_SUCCESS or HAL_FAILURE
+ */
+ int (*HAL_init)(struct dtls_context_t *ctx);
+
+ /**
+ * Call this function during application shut down to clean up any HAL related resources.
+ *
+ * @param[in] ctx The current DTLS context.
+ * @return HAL_SUCCESS or HAL_FAILURE
+ */
+ int (*HAL_finish)(struct dtls_context_t *ctx);
+
+ /**
+ * Call this function to store unsecured data on hardware.
+ *
+ * @param[in] ctx The current DTLS context.
+ * @param[in] p_location_handle The handle to the hardware location to store p_data.
+ * @param[in] p_data The data to store.
+ * @param[in] data_size The size of the data to store.
+ * @return HAL_SUCCESS or HAL_FAILURE
+ */
+ int (*HAL_write_mem)(struct dtls_context_t *ctx,
+ const uint8_t* p_location,
+ const uint8_t* p_data,
+ size_t data_size);
+
+ /**
+ * Call this function to read data from unsecured storage from hardware.
+ *
+ * @param[in] ctx The current DTLS context.
+ * @param[in] p_location_handle The handle to the hardware location to read p_data.
+ * @param[in] p_data The data to read.
+ * @param[inout] data_size IN: The size of the buffer to receive data. OUT: The actual number of bytes read.
+ * @return HAL_SUCCESS or HAL_FAILURE
+ */
+ int (*HAL_read_mem)(struct dtls_context_t *ctx,
+ const uint8_t* p_location,
+ uint8_t* p_data,
+ size_t* dataSize);
+
+ /**
+ * Call this function to store sensitive data in secure hardware.
+ * Data will be securely stored and encrypted on the wire
+ *
+ * @param[in] ctx The current DTLS context.
+ * @param[in] p_location_handle The handle to the hardware location to store p_data.
+ * @param[in] p_data The data to store securely.
+ * @param[in] data_size The size of the data to store securely.
+ * @return HAL_SUCCESS or HAL_FAILURE
+ */
+ int (*HAL_write_mem_enc)(struct dtls_context_t *ctx,
+ const uint8_t* p_location,
+ const uint8_t* p_data,
+ size_t data_size);
+
+ /**
+ * Call this function to read sensitive data from secure hardware.
+ * Data will be read from secure storage and encrypted on the wire
+ *
+ * @param[in] ctx The current DTLS context.
+ * @param[in] p_location_handle The handle to the hardware location to read p_data.
+ * @param[in] p_data The data to read securely.
+ * @param[inout] data_size IN: The size of the buffer to receive data. OUT: The actual number of bytes read.
+ * @return HAL_SUCCESS or HAL_FAILURE
+ */
+ int (*HAL_read_mem_enc)(struct dtls_context_t *ctx,
+ const uint8_t* p_location,
+ uint8_t* p_data,
+ size_t* dataSize);
+
+ /**
+ * Call this function to generate a unique encryption key that will be used for secure storage.
+ * This encryption key should be stored as a platform resource
+ *
+ * @param[in] ctx The current DTLS context.
+ * @param[out] p_enc_key_out The internally generated unique encryption key that will be used for secure storage.
+ * This key needs to be stored on the platform.
+ * @return HAL_SUCCESS or HAL_FAILURE
+ */
+ int (*HAL_init_enckey)(struct dtls_context_t *ctx,
+ uint8_t p_enc_key_out[ENC_KEY_SIZE]);
+
+ /**
+ * Call this function to set a unique encryption key that will be used for secure storage.
+ * This encryption key should be stored as a platform resource
+ *
+ * @param[in] ctx The current DTLS context.
+ * @param[in] p_enc_key_in The encryption key that will be used for secure storage.
+ * This key needs to be stored on the platform.
+ * @return HAL_SUCCESS or HAL_FAILURE
+ */
+ int (*HAL_set_enckey)(struct dtls_context_t *ctx,
+ const uint8_t p_enc_key_in[ENC_KEY_SIZE]);
+
+ /**
+ * This function is called internally from HAL_read_mem_enc and HAL_write_mem_enc.
+ * The platform must implement this function to return the encryption key that was
+ * returned by HAL_init_enckey or HAL_set_enckey.
+ *
+ * @param[in] ctx The current DTLS context.
+ * @param[out] p_enc_key_out The encryption key that is used for secure storage.
+ * Retrieve from platform in this function.
+ * @return HAL_SUCCESS or HAL_FAILURE
+ */
+ int (*HAL_get_enckey)(struct dtls_context_t *ctx,
+ uint8_t p_enc_key_out[ENC_KEY_SIZE]);
+
+ /**
+ * Call this function to use the hardware to calculate a SHA256
+ *
+ * @param[in] ctx The current DTLS context.
+ * @param[in] p_msg The message to calculate the SHA256.
+ * @param[in] msg_size The size of the message to hash.
+ * @param[out] p_hash The hash of p_msg.
+ * @return HAL_SUCCESS or HAL_FAILURE
+ */
+ int (*HAL_sha2_calc)(struct dtls_context_t *ctx,
+ uint8_t *p_msg,
+ size_t msg_size,
+ uint8_t p_hash[SHA256_DIGEST_LENGTH]);
+
+ /**
+ * Call this function to use the hardware key derivation function (KDF)
+ *
+ * @param[in] ctx The current DTLS context.
+ * @param[in] p_seed The seed used to produce the key.
+ * @param[in] seed_size The size of the message to hash.
+ * @param[out] p_keyout The key produced by the KDF.
+ * @param[in] key_size The size of the key to be returned.
+ * @return HAL_SUCCESS or HAL_FAILURE
+ */
+ int (*HAL_kdf_calc)(struct dtls_context_t *ctx,
+ const uint8_t* p_seed,
+ const size_t seed_size,
+ uint8_t* p_keyout,
+ const size_t key_size);
+
+ /**
+ * Call this function to retrieve the specified certificate from hardware
+ *
+ * @param[in] ctx The current DTLS context.
+ * @param[in] cert_id An index into the certificate to returned.
+ * @param[inout] cert The certificate to be returned.
+ * @param[inout] cert_size The size of the certificate.
+ * @return HAL_SUCCESS or HAL_FAILURE
+ */
+ int (*HAL_get_x509_cert)(struct dtls_context_t *ctx,
+ uint32_t cert_ref,
+ uint8_t **cert,
+ size_t *cert_size);
+
+} dtls_hal_handler_t;
+
+
+#endif /* _DTLS_DTLS_HAL_H_ */
+
static void vli_square(uECC_word_t *p_result, uECC_word_t *p_left);
static void vli_modSquare_fast(uECC_word_t *p_result, uECC_word_t *p_left);
#endif
+// Function declarations to support the HAL shims
+int uECC_make_key_impl(uint8_t p_publicKey[uECC_BYTES*2], uint8_t p_privateKey[uECC_BYTES]);
+int uECC_shared_secret_impl(const uint8_t p_publicKey[uECC_BYTES*2], const uint8_t p_privateKey[uECC_BYTES], uint8_t p_secret[uECC_BYTES]);
+int uECC_sign_impl(const uint8_t p_privateKey[uECC_BYTES], const uint8_t p_hash[uECC_BYTES], uint8_t p_signature[uECC_BYTES*2]);
+int uECC_verify_impl(const uint8_t p_publicKey[uECC_BYTES*2], const uint8_t p_hash[uECC_BYTES], const uint8_t p_signature[uECC_BYTES*2]);
+int uECC_ecdhe_impl(const uint8_t p_public_key_in[uECC_BYTES*2], uint8_t p_public_key_out[uECC_BYTES*2], uint8_t p_secret[uECC_BYTES]);
+int uECC_get_pubkey_impl(const uint8_t p_key_handle[uECC_BYTES], uint8_t p_public_key[uECC_BYTES*2]);
#if (defined(_WIN32) || defined(_WIN64))
/* Windows */
#endif
+///////////////////////////////////////////////////////
+// Functions to set the callbacks for crypto operations
static uECC_RNG_Function g_rng = &default_RNG;
void uECC_set_rng(uECC_RNG_Function p_rng)
g_rng = p_rng;
}
+static uECC_make_key_Function g_make_key_cb = &uECC_make_key_impl;
+
+void uECC_set_make_key_cb(uECC_make_key_Function p_make_key_cb)
+{
+ g_make_key_cb = p_make_key_cb;
+}
+
+static uECC_shared_secret_Function g_shared_secret_cb = &uECC_shared_secret_impl;
+
+void uECC_set_shared_secret_cb(uECC_shared_secret_Function p_shared_secret_cb)
+{
+ g_shared_secret_cb = p_shared_secret_cb;
+}
+
+static uECC_sign_Function g_sign_cb = &uECC_sign_impl;
+
+void uECC_set_sign_cb(uECC_sign_Function p_sign_cb)
+{
+ g_sign_cb = p_sign_cb;
+}
+
+static uECC_verify_Function g_verify_cb = &uECC_verify_impl;
+
+void uECC_set_verify_cb(uECC_verify_Function p_verify_cb)
+{
+ g_verify_cb = p_verify_cb;
+}
+
+static uECC_ecdhe_Function g_ecdhe_cb = &uECC_ecdhe_impl;
+
+void uECC_set_ecdhe_cb(uECC_ecdhe_Function p_ecdhe_cb)
+{
+ g_ecdhe_cb = p_ecdhe_cb;
+}
+
+static uECC_get_pubkey_Function g_get_pubkey_cb = &uECC_get_pubkey_impl;
+
+void uECC_set_get_pubkey_cb(uECC_get_pubkey_Function p_get_pubkey_cb)
+{
+ g_get_pubkey_cb = p_get_pubkey_cb;
+}
+
+///////////////////////////////////////////////////////
+
+
#ifdef __GNUC__ /* Only support GCC inline asm for now */
#if (uECC_ASM && (uECC_PLATFORM == uECC_avr))
#include "asm_avr.inc"
#endif /* uECC_WORD_SIZE */
+// Safe calls to the callback functions
int uECC_make_key(uint8_t p_publicKey[uECC_BYTES*2], uint8_t p_privateKey[uECC_BYTES])
{
+ // Check for a valid function pointer
+ if (g_make_key_cb != NULL)
+ {
+ return g_make_key_cb(p_publicKey, p_privateKey);
+ }
+ else
+ {
+ return uECC_make_key_impl(p_publicKey, p_privateKey);
+ }
+}
+
+int uECC_shared_secret(const uint8_t p_publicKey[uECC_BYTES*2], const uint8_t p_privateKey[uECC_BYTES], uint8_t p_secret[uECC_BYTES])
+{
+ // Check for a valid function pointer
+ if (g_shared_secret_cb != NULL)
+ {
+ return g_shared_secret_cb(p_publicKey, p_privateKey, p_secret);
+ }
+ else
+ {
+ return uECC_shared_secret_impl(p_publicKey, p_privateKey, p_secret);
+ }
+}
+
+int uECC_sign(const uint8_t p_privateKey[uECC_BYTES], const uint8_t p_hash[uECC_BYTES], uint8_t p_signature[uECC_BYTES*2])
+{
+ // Check for a valid function pointer
+ if (g_sign_cb != NULL)
+ {
+ return g_sign_cb(p_privateKey, p_hash, p_signature);
+ }
+ else
+ {
+ return uECC_sign_impl(p_privateKey, p_hash, p_signature);
+ }
+}
+
+int uECC_verify(const uint8_t p_publicKey[uECC_BYTES*2], const uint8_t p_hash[uECC_BYTES], const uint8_t p_signature[uECC_BYTES*2])
+{
+ // Check for a valid function pointer
+ if (g_verify_cb != NULL)
+ {
+ return g_verify_cb(p_publicKey, p_hash, p_signature);
+ }
+ else
+ {
+ return uECC_verify_impl(p_publicKey, p_hash, p_signature);
+ }
+}
+
+int uECC_ecdhe(const uint8_t p_public_key_in[uECC_BYTES*2], uint8_t p_public_key_out[uECC_BYTES*2], uint8_t p_secret[uECC_BYTES])
+{
+ // Check for a valid function pointer
+ if (g_ecdhe_cb != NULL)
+ {
+ return g_ecdhe_cb(p_public_key_in, p_public_key_out, p_secret);
+ }
+ else
+ {
+ return uECC_ecdhe_impl(p_public_key_in, p_public_key_out, p_secret);
+ }
+}
+
+int uECC_get_pubkey(const uint8_t p_key_handle[uECC_BYTES], uint8_t p_public_key[uECC_BYTES*2])
+{
+ // Check for a valid function pointer
+ if (g_get_pubkey_cb != NULL)
+ {
+ return g_get_pubkey_cb(p_key_handle, p_public_key);
+ }
+ else
+ {
+ return uECC_get_pubkey_impl(p_key_handle, p_public_key);
+ }
+}
+
+int uECC_ecdhe_impl(const uint8_t p_public_key_in[uECC_BYTES*2], uint8_t p_public_key_out[uECC_BYTES*2], uint8_t p_secret[uECC_BYTES])
+{
+ return 0;
+}
+
+int uECC_get_pubkey_impl(const uint8_t p_key_handle[uECC_BYTES], uint8_t p_public_key[uECC_BYTES*2])
+{
+ return 0;
+}
+
+int uECC_make_key_impl(uint8_t p_publicKey[uECC_BYTES*2], uint8_t p_privateKey[uECC_BYTES])
+{
EccPoint l_public;
uECC_word_t l_private[uECC_WORDS];
uECC_word_t l_tries = 0;
return 1;
}
-int uECC_shared_secret(const uint8_t p_publicKey[uECC_BYTES*2], const uint8_t p_privateKey[uECC_BYTES], uint8_t p_secret[uECC_BYTES])
+int uECC_shared_secret_impl(const uint8_t p_publicKey[uECC_BYTES*2], const uint8_t p_privateKey[uECC_BYTES], uint8_t p_secret[uECC_BYTES])
{
EccPoint l_public;
uECC_word_t l_private[uECC_WORDS];
}
#endif /* (uECC_CURVE != uECC_secp160r1) */
-int uECC_sign(const uint8_t p_privateKey[uECC_BYTES], const uint8_t p_hash[uECC_BYTES], uint8_t p_signature[uECC_BYTES*2])
+int uECC_sign_impl(const uint8_t p_privateKey[uECC_BYTES], const uint8_t p_hash[uECC_BYTES], uint8_t p_signature[uECC_BYTES*2])
{
uECC_word_t k[uECC_N_WORDS];
uECC_word_t l_tmp[uECC_N_WORDS];
return (a > b ? a : b);
}
-int uECC_verify(const uint8_t p_publicKey[uECC_BYTES*2], const uint8_t p_hash[uECC_BYTES], const uint8_t p_signature[uECC_BYTES*2])
+int uECC_verify_impl(const uint8_t p_publicKey[uECC_BYTES*2], const uint8_t p_hash[uECC_BYTES], const uint8_t p_signature[uECC_BYTES*2])
{
uECC_word_t u1[uECC_N_WORDS], u2[uECC_N_WORDS];
uECC_word_t z[uECC_N_WORDS];
*/
void uECC_set_rng(uECC_RNG_Function p_rng);
+//////////////////////////////////////////
+// DTLS_CRYPTO_HAL
+/**
+* Call this function to create a unique public-private key pair in secure hardware
+*
+* @param[out] p_publicKey The public key that is associated with the private key that was just created.
+* @param[out] p_privateKeyHandle A handle that is used to point to the private key stored in hardware.
+* @return 1 upon success, 0 if an error occurred.
+*/
+typedef int (*uECC_make_key_Function)(uint8_t p_publicKey[uECC_BYTES*2], uint8_t p_privateKeyHandle[uECC_BYTES]);
+
+/**
+* Set the callback function that will be used to generate a public-private key pair.
+* This function will replace uECC_make_key.
+*
+* @param[in] p_make_key_cb The function that will be used to generate a public-private key pair.
+*/
+void uECC_set_make_key_cb(uECC_make_key_Function p_make_key_cb);
+
+/**
+* Call this function to sign a hash using a hardware protected private key.
+*
+* @param[in] p_privateKeyHandle A handle that is used to point to the private key stored in hardware.
+* @param[in] p_hash The hash to sign.
+* @param[out] p_signature The signature that is produced in hardware by the private key..
+* @return 1 upon success, 0 if an error occurred.
+*/
+typedef int (*uECC_sign_Function)(uint8_t p_privateKeyHandle[uECC_BYTES], const uint8_t p_hash[uECC_BYTES], uint8_t p_signature[uECC_BYTES*2]);
+
+/**
+* Set the callback function that will be used to sign.
+* This function will replace uECC_sign.
+*
+* @param[in] p_sign_cb The function that will be used to sign.
+*/
+void uECC_set_sign_cb(uECC_sign_Function p_sign_cb);
+
+/**
+* Call this function to verify a signature using the public key and hash that was signed.
+*
+* @param[in] p_publicKey The public key that is associated with the private key that produced the signature.
+* @param[in] p_hash The hash that was signed.
+* @param[in] p_signature The signature that was produced the private key that is associated with p_public_key
+* @return 1 upon success, 0 if an error occurred.
+*/
+typedef int (*uECC_verify_Function)(const uint8_t p_publicKey[uECC_BYTES*2], const uint8_t p_hash[uECC_BYTES], const uint8_t p_signature[uECC_BYTES*2]);
+
+/**
+* Set the callback function that will be used to verify.
+* This function will replace uECC_verify.
+*
+* @param[in] p_verify_cb The function that will be used to verify.
+*/
+void uECC_set_verify_cb(uECC_verify_Function p_verify_cb);
+
+/**
+* Call this function to produce an ECDH shared key using the public key of the other node.
+* A hardware protected private key will be used for the point multiply
+*
+* @param[in] p_publicKey The public key from the other node used for communication.
+* @param[in] p_privateKeyHandle A handle that is used to point to the private key stored in hardware.
+* @param[out] p_secret The pre-master key that is produced by the point multiply with p_public_key and our private key
+* @return 1 upon success, 0 if an error occurred.
+*/
+typedef int (*uECC_shared_secret_Function)(const uint8_t p_publicKey[uECC_BYTES*2], const uint8_t p_privateKeyHandle[uECC_BYTES], uint8_t p_secret[uECC_BYTES]);
+
+/**
+* Set the callback function that will be used to produce a shared secret.
+* This function will replace uECC_shared_secret.
+*
+* @param[in] p_make_key_cb The function that will be used to generate the shared secret.
+*/
+void uECC_set_shared_secret_cb(uECC_shared_secret_Function p_shared_secret_cb);
+
+/**
+* Call this function to produce a shared key using the public key of the other node.
+* An ephemeral private key will be created in secure hardware that will be used for the point multiply
+*
+* @param[in] p_public_key The public key from the other node used for communication.
+* @param[out] p_public_key_out The ephemeral public key that will be used in the point multiply.
+* @param[out] p_secret The pre-master key that is produced by the point multiply with p_public_key and our private key
+* @return 1 upon success, 0 if an error occurred.
+*/
+typedef int (*uECC_ecdhe_Function)(const uint8_t p_public_key_in[uECC_BYTES*2],
+ uint8_t p_public_key_out[uECC_BYTES*2],
+ uint8_t p_secret[uECC_BYTES]);
+
+/**
+* Set the callback function that will be used to produce a ECDHE shared secret.
+*
+* @param[in] p_ecdhe_cb The function that will be used to generate the ECDHE shared secret.
+*/
+void uECC_set_ecdhe_cb(uECC_ecdhe_Function p_ecdhe_cb);
+
+/**
+* Call this function to return the public key for an existing private key.
+*
+* @param[out] p_key_handle A handle that is used to point to the private key stored in hardware.
+* The public key that is associated with this private key will be returned
+* @param[out] p_public_key The public key that is associated with the private key that was just created.
+* @return 1 upon success, 0 if an error occurred.
+*/
+typedef int (*uECC_get_pubkey_Function)(const uint8_t p_key_handle[uECC_BYTES],
+ uint8_t p_public_key[uECC_BYTES*2]);
+
+/**
+* Set the callback function that will be used to return the public key for an existing private key.
+*
+* @param[in] p_get_pubkey_cb The function that will be used to return the public key for an existing private key.
+*/
+void uECC_set_get_pubkey_cb(uECC_get_pubkey_Function p_get_pubkey_cb);
+
+
+/**
+* Call this function to produce a shared key using the public key of the other node.
+* An ephemeral private key will be created that will be used for the point multiply
+*
+* @param[in] p_public_key The public key from the other node used for communication.
+* @param[out] p_public_key_out The ephemeral public key that will be used in the point multiply.
+* @param[out] p_secret The pre-master key that is produced by the point multiply with p_public_key and our private key
+* @return 1 upon success, 0 if an error occurred.
+*/
+int uECC_ecdhe(const uint8_t p_public_key_in[uECC_BYTES*2],
+ uint8_t p_public_key_out[uECC_BYTES*2],
+ uint8_t p_secret[uECC_BYTES]);
+
+/**
+* Call this function to return the public key for an existing private key.
+*
+* @param[out] p_key_handle A handle that is used to point to the private key stored in hardware.
+* The public key that is associated with this private key will be returned
+* @param[out] p_public_key The public key that is associated with the private key that was just created.
+* @return 1 upon success, 0 if an error occurred.
+*/
+int uECC_get_pubkey(const uint8_t p_key_handle[uECC_BYTES],
+ uint8_t p_public_key[uECC_BYTES*2]);
+
+//////////////////////////////////////////
+
+
/* uECC_make_key() function.
Create a public/private key pair.
/** Define to 1 if building with X.509 support */
#define DTLS_X509 1
+/** Define to 1 if building with Hardware Abstraction Layer */
+#define DTLS_CRYPTO_HAL 0
+
#endif /* _DTLS_TINYDTLS_H_ */
/** Define to 1 if building with X.509 support */
#undef DTLS_X509
+/** Define to 1 if building with crypto hardware abstraction support */
+#undef DTLS_CRYPTO_HAL
+
#endif /* _DTLS_TINYDTLS_H_ */