From bc96b99b612774141edc9d5bffc225370453127c Mon Sep 17 00:00:00 2001 From: Steve Clark Date: Sun, 20 Sep 2015 16:25:48 -0600 Subject: [PATCH] Refinements to: Hardware abstraction for ECC, RND and encrypted storage Change-Id: I01aaebe96588314e6aebf1f8adcc20ede8d0d6d4 Signed-off-by: Steve Clark Reviewed-on: https://gerrit.iotivity.org/gerrit/2801 Reviewed-by: Woochul Shim Tested-by: jenkins-iotivity Reviewed-by: Sachin Agrawal (cherry picked from commit 4940a9dc23a0a6a2123c727a51128d0f935fe35b) Reviewed-on: https://gerrit.iotivity.org/gerrit/3437 --- extlibs/tinydtls/configure.in | 6 ++ extlibs/tinydtls/crypto.h | 8 ++ extlibs/tinydtls/dtls.h | 3 +- extlibs/tinydtls/dtls_hal.h | 211 +++++++++++++++++++++++++++++++++++++++++ extlibs/tinydtls/ecc/ecc.c | 149 ++++++++++++++++++++++++++++- extlibs/tinydtls/ecc/ecc.h | 140 +++++++++++++++++++++++++++ extlibs/tinydtls/tinydtls.h | 3 + extlibs/tinydtls/tinydtls.h.in | 3 + 8 files changed, 519 insertions(+), 4 deletions(-) create mode 100644 extlibs/tinydtls/dtls_hal.h diff --git a/extlibs/tinydtls/configure.in b/extlibs/tinydtls/configure.in index c3ebbf3..b341497 100644 --- a/extlibs/tinydtls/configure.in +++ b/extlibs/tinydtls/configure.in @@ -75,6 +75,12 @@ AC_ARG_WITH(x509, DTLS_X509=1], []) +AC_ARG_WITH(hal, + [AS_HELP_STRING([--with-hal],[use a hardware abstraction layer for crypto functions])], + [AC_DEFINE(DTLS_CRYPTO_HAL, 1, [Define to 1 if building with Hardware Abstraction Layer]) + DTLS_CRYPTO_HAL=1], + []) + CPPFLAGS="${CPPFLAGS} -DDTLSv12 -DWITH_SHA256" OPT_OBJS="${OPT_OBJS} sha2/sha2.o" diff --git a/extlibs/tinydtls/crypto.h b/extlibs/tinydtls/crypto.h index cade1b2..e101a11 100644 --- a/extlibs/tinydtls/crypto.h +++ b/extlibs/tinydtls/crypto.h @@ -355,6 +355,14 @@ int dtls_ecdsa_verify_sig(const unsigned char *pub_key_x, const unsigned char *keyx_params, size_t keyx_params_size, unsigned char *result_r, unsigned char *result_s); +int dtls_ecdhe_psk_pre_master_secret(unsigned char *psk, size_t psklen, + unsigned char *ecc_priv_key, + unsigned char *ecc_pub_key_x, + unsigned char *ecc_pub_key_y, + size_t ecc_key_size, + unsigned char *result, + size_t result_len); + int dtls_ec_key_from_uint32_asn1(const uint32_t *key, size_t key_size, unsigned char *buf); diff --git a/extlibs/tinydtls/dtls.h b/extlibs/tinydtls/dtls.h index c5a86df..7cdaab2 100644 --- a/extlibs/tinydtls/dtls.h +++ b/extlibs/tinydtls/dtls.h @@ -193,7 +193,7 @@ typedef struct { /** * Called during handshake to check the peer's pubic key in this * session. If the public key matches the session and should be - * considerated valid the return value must be @c 0. If not valid, + * considered valid the return value must be @c 0. If not valid, * the return value must be less than zero. * * If ECDSA should not be supported, set this pointer to NULL. @@ -321,6 +321,7 @@ typedef struct { */ int (*is_x509_active)(struct dtls_context_t *ctx); #endif /* DTLS_X509 */ + } dtls_handler_t; /** Holds global information of the DTLS engine. */ diff --git a/extlibs/tinydtls/dtls_hal.h b/extlibs/tinydtls/dtls_hal.h new file mode 100644 index 0000000..c2ea91f --- /dev/null +++ b/extlibs/tinydtls/dtls_hal.h @@ -0,0 +1,211 @@ +/* +Copyright (c) 2015 Atmel Corporation. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this +list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, +this list of conditions and the following disclaimer in the documentation +and/or other materials provided with the distribution. + +3. Neither the name of Atmel nor the names of its contributors may be used to +endorse or promote products derived from this software without specific +prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, +INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * @file dtls_hal.h + * @brief DTLS Hardware Abstraction Layer API and visible structures. + */ + +#ifndef _DTLS_DTLS_HAL_H_ +#define _DTLS_DTLS_HAL_H_ + +#include +#include + +// Define return values for HAL +#define HAL_SUCCESS (1) +#define HAL_FAILURE (0) +#define ENC_KEY_SIZE (32) + +/** + * This structure contains callback functions used by tinydtls to + * provide a hardware abstraction layer for secure storage . + */ +typedef struct { + + /** + * Call this function during application initialization to create HAL related resources. + * + * @param[in] ctx The current DTLS context. + * @return HAL_SUCCESS or HAL_FAILURE + */ + int (*HAL_init)(struct dtls_context_t *ctx); + + /** + * Call this function during application shut down to clean up any HAL related resources. + * + * @param[in] ctx The current DTLS context. + * @return HAL_SUCCESS or HAL_FAILURE + */ + int (*HAL_finish)(struct dtls_context_t *ctx); + + /** + * Call this function to store unsecured data on hardware. + * + * @param[in] ctx The current DTLS context. + * @param[in] p_location_handle The handle to the hardware location to store p_data. + * @param[in] p_data The data to store. + * @param[in] data_size The size of the data to store. + * @return HAL_SUCCESS or HAL_FAILURE + */ + int (*HAL_write_mem)(struct dtls_context_t *ctx, + const uint8_t* p_location, + const uint8_t* p_data, + size_t data_size); + + /** + * Call this function to read data from unsecured storage from hardware. + * + * @param[in] ctx The current DTLS context. + * @param[in] p_location_handle The handle to the hardware location to read p_data. + * @param[in] p_data The data to read. + * @param[inout] data_size IN: The size of the buffer to receive data. OUT: The actual number of bytes read. + * @return HAL_SUCCESS or HAL_FAILURE + */ + int (*HAL_read_mem)(struct dtls_context_t *ctx, + const uint8_t* p_location, + uint8_t* p_data, + size_t* dataSize); + + /** + * Call this function to store sensitive data in secure hardware. + * Data will be securely stored and encrypted on the wire + * + * @param[in] ctx The current DTLS context. + * @param[in] p_location_handle The handle to the hardware location to store p_data. + * @param[in] p_data The data to store securely. + * @param[in] data_size The size of the data to store securely. + * @return HAL_SUCCESS or HAL_FAILURE + */ + int (*HAL_write_mem_enc)(struct dtls_context_t *ctx, + const uint8_t* p_location, + const uint8_t* p_data, + size_t data_size); + + /** + * Call this function to read sensitive data from secure hardware. + * Data will be read from secure storage and encrypted on the wire + * + * @param[in] ctx The current DTLS context. + * @param[in] p_location_handle The handle to the hardware location to read p_data. + * @param[in] p_data The data to read securely. + * @param[inout] data_size IN: The size of the buffer to receive data. OUT: The actual number of bytes read. + * @return HAL_SUCCESS or HAL_FAILURE + */ + int (*HAL_read_mem_enc)(struct dtls_context_t *ctx, + const uint8_t* p_location, + uint8_t* p_data, + size_t* dataSize); + + /** + * Call this function to generate a unique encryption key that will be used for secure storage. + * This encryption key should be stored as a platform resource + * + * @param[in] ctx The current DTLS context. + * @param[out] p_enc_key_out The internally generated unique encryption key that will be used for secure storage. + * This key needs to be stored on the platform. + * @return HAL_SUCCESS or HAL_FAILURE + */ + int (*HAL_init_enckey)(struct dtls_context_t *ctx, + uint8_t p_enc_key_out[ENC_KEY_SIZE]); + + /** + * Call this function to set a unique encryption key that will be used for secure storage. + * This encryption key should be stored as a platform resource + * + * @param[in] ctx The current DTLS context. + * @param[in] p_enc_key_in The encryption key that will be used for secure storage. + * This key needs to be stored on the platform. + * @return HAL_SUCCESS or HAL_FAILURE + */ + int (*HAL_set_enckey)(struct dtls_context_t *ctx, + const uint8_t p_enc_key_in[ENC_KEY_SIZE]); + + /** + * This function is called internally from HAL_read_mem_enc and HAL_write_mem_enc. + * The platform must implement this function to return the encryption key that was + * returned by HAL_init_enckey or HAL_set_enckey. + * + * @param[in] ctx The current DTLS context. + * @param[out] p_enc_key_out The encryption key that is used for secure storage. + * Retrieve from platform in this function. + * @return HAL_SUCCESS or HAL_FAILURE + */ + int (*HAL_get_enckey)(struct dtls_context_t *ctx, + uint8_t p_enc_key_out[ENC_KEY_SIZE]); + + /** + * Call this function to use the hardware to calculate a SHA256 + * + * @param[in] ctx The current DTLS context. + * @param[in] p_msg The message to calculate the SHA256. + * @param[in] msg_size The size of the message to hash. + * @param[out] p_hash The hash of p_msg. + * @return HAL_SUCCESS or HAL_FAILURE + */ + int (*HAL_sha2_calc)(struct dtls_context_t *ctx, + uint8_t *p_msg, + size_t msg_size, + uint8_t p_hash[SHA256_DIGEST_LENGTH]); + + /** + * Call this function to use the hardware key derivation function (KDF) + * + * @param[in] ctx The current DTLS context. + * @param[in] p_seed The seed used to produce the key. + * @param[in] seed_size The size of the message to hash. + * @param[out] p_keyout The key produced by the KDF. + * @param[in] key_size The size of the key to be returned. + * @return HAL_SUCCESS or HAL_FAILURE + */ + int (*HAL_kdf_calc)(struct dtls_context_t *ctx, + const uint8_t* p_seed, + const size_t seed_size, + uint8_t* p_keyout, + const size_t key_size); + + /** + * Call this function to retrieve the specified certificate from hardware + * + * @param[in] ctx The current DTLS context. + * @param[in] cert_id An index into the certificate to returned. + * @param[inout] cert The certificate to be returned. + * @param[inout] cert_size The size of the certificate. + * @return HAL_SUCCESS or HAL_FAILURE + */ + int (*HAL_get_x509_cert)(struct dtls_context_t *ctx, + uint32_t cert_ref, + uint8_t **cert, + size_t *cert_size); + +} dtls_hal_handler_t; + + +#endif /* _DTLS_DTLS_HAL_H_ */ + diff --git a/extlibs/tinydtls/ecc/ecc.c b/extlibs/tinydtls/ecc/ecc.c index c9bd8c5..3de525f 100644 --- a/extlibs/tinydtls/ecc/ecc.c +++ b/extlibs/tinydtls/ecc/ecc.c @@ -321,6 +321,13 @@ static void vli_modInv(uECC_word_t *p_result, uECC_word_t *p_input, uECC_word_t static void vli_square(uECC_word_t *p_result, uECC_word_t *p_left); static void vli_modSquare_fast(uECC_word_t *p_result, uECC_word_t *p_left); #endif +// Function declarations to support the HAL shims +int uECC_make_key_impl(uint8_t p_publicKey[uECC_BYTES*2], uint8_t p_privateKey[uECC_BYTES]); +int uECC_shared_secret_impl(const uint8_t p_publicKey[uECC_BYTES*2], const uint8_t p_privateKey[uECC_BYTES], uint8_t p_secret[uECC_BYTES]); +int uECC_sign_impl(const uint8_t p_privateKey[uECC_BYTES], const uint8_t p_hash[uECC_BYTES], uint8_t p_signature[uECC_BYTES*2]); +int uECC_verify_impl(const uint8_t p_publicKey[uECC_BYTES*2], const uint8_t p_hash[uECC_BYTES], const uint8_t p_signature[uECC_BYTES*2]); +int uECC_ecdhe_impl(const uint8_t p_public_key_in[uECC_BYTES*2], uint8_t p_public_key_out[uECC_BYTES*2], uint8_t p_secret[uECC_BYTES]); +int uECC_get_pubkey_impl(const uint8_t p_key_handle[uECC_BYTES], uint8_t p_public_key[uECC_BYTES*2]); #if (defined(_WIN32) || defined(_WIN64)) /* Windows */ @@ -394,6 +401,8 @@ static int default_RNG(uint8_t *p_dest, unsigned p_size) #endif +/////////////////////////////////////////////////////// +// Functions to set the callbacks for crypto operations static uECC_RNG_Function g_rng = &default_RNG; void uECC_set_rng(uECC_RNG_Function p_rng) @@ -401,6 +410,51 @@ void uECC_set_rng(uECC_RNG_Function p_rng) g_rng = p_rng; } +static uECC_make_key_Function g_make_key_cb = &uECC_make_key_impl; + +void uECC_set_make_key_cb(uECC_make_key_Function p_make_key_cb) +{ + g_make_key_cb = p_make_key_cb; +} + +static uECC_shared_secret_Function g_shared_secret_cb = &uECC_shared_secret_impl; + +void uECC_set_shared_secret_cb(uECC_shared_secret_Function p_shared_secret_cb) +{ + g_shared_secret_cb = p_shared_secret_cb; +} + +static uECC_sign_Function g_sign_cb = &uECC_sign_impl; + +void uECC_set_sign_cb(uECC_sign_Function p_sign_cb) +{ + g_sign_cb = p_sign_cb; +} + +static uECC_verify_Function g_verify_cb = &uECC_verify_impl; + +void uECC_set_verify_cb(uECC_verify_Function p_verify_cb) +{ + g_verify_cb = p_verify_cb; +} + +static uECC_ecdhe_Function g_ecdhe_cb = &uECC_ecdhe_impl; + +void uECC_set_ecdhe_cb(uECC_ecdhe_Function p_ecdhe_cb) +{ + g_ecdhe_cb = p_ecdhe_cb; +} + +static uECC_get_pubkey_Function g_get_pubkey_cb = &uECC_get_pubkey_impl; + +void uECC_set_get_pubkey_cb(uECC_get_pubkey_Function p_get_pubkey_cb) +{ + g_get_pubkey_cb = p_get_pubkey_cb; +} + +/////////////////////////////////////////////////////// + + #ifdef __GNUC__ /* Only support GCC inline asm for now */ #if (uECC_ASM && (uECC_PLATFORM == uECC_avr)) #include "asm_avr.inc" @@ -1773,8 +1827,97 @@ static void vli_bytesToNative(uint64_t *p_native, const uint8_t *p_bytes) #endif /* uECC_WORD_SIZE */ +// Safe calls to the callback functions int uECC_make_key(uint8_t p_publicKey[uECC_BYTES*2], uint8_t p_privateKey[uECC_BYTES]) { + // Check for a valid function pointer + if (g_make_key_cb != NULL) + { + return g_make_key_cb(p_publicKey, p_privateKey); + } + else + { + return uECC_make_key_impl(p_publicKey, p_privateKey); + } +} + +int uECC_shared_secret(const uint8_t p_publicKey[uECC_BYTES*2], const uint8_t p_privateKey[uECC_BYTES], uint8_t p_secret[uECC_BYTES]) +{ + // Check for a valid function pointer + if (g_shared_secret_cb != NULL) + { + return g_shared_secret_cb(p_publicKey, p_privateKey, p_secret); + } + else + { + return uECC_shared_secret_impl(p_publicKey, p_privateKey, p_secret); + } +} + +int uECC_sign(const uint8_t p_privateKey[uECC_BYTES], const uint8_t p_hash[uECC_BYTES], uint8_t p_signature[uECC_BYTES*2]) +{ + // Check for a valid function pointer + if (g_sign_cb != NULL) + { + return g_sign_cb(p_privateKey, p_hash, p_signature); + } + else + { + return uECC_sign_impl(p_privateKey, p_hash, p_signature); + } +} + +int uECC_verify(const uint8_t p_publicKey[uECC_BYTES*2], const uint8_t p_hash[uECC_BYTES], const uint8_t p_signature[uECC_BYTES*2]) +{ + // Check for a valid function pointer + if (g_verify_cb != NULL) + { + return g_verify_cb(p_publicKey, p_hash, p_signature); + } + else + { + return uECC_verify_impl(p_publicKey, p_hash, p_signature); + } +} + +int uECC_ecdhe(const uint8_t p_public_key_in[uECC_BYTES*2], uint8_t p_public_key_out[uECC_BYTES*2], uint8_t p_secret[uECC_BYTES]) +{ + // Check for a valid function pointer + if (g_ecdhe_cb != NULL) + { + return g_ecdhe_cb(p_public_key_in, p_public_key_out, p_secret); + } + else + { + return uECC_ecdhe_impl(p_public_key_in, p_public_key_out, p_secret); + } +} + +int uECC_get_pubkey(const uint8_t p_key_handle[uECC_BYTES], uint8_t p_public_key[uECC_BYTES*2]) +{ + // Check for a valid function pointer + if (g_get_pubkey_cb != NULL) + { + return g_get_pubkey_cb(p_key_handle, p_public_key); + } + else + { + return uECC_get_pubkey_impl(p_key_handle, p_public_key); + } +} + +int uECC_ecdhe_impl(const uint8_t p_public_key_in[uECC_BYTES*2], uint8_t p_public_key_out[uECC_BYTES*2], uint8_t p_secret[uECC_BYTES]) +{ + return 0; +} + +int uECC_get_pubkey_impl(const uint8_t p_key_handle[uECC_BYTES], uint8_t p_public_key[uECC_BYTES*2]) +{ + return 0; +} + +int uECC_make_key_impl(uint8_t p_publicKey[uECC_BYTES*2], uint8_t p_privateKey[uECC_BYTES]) +{ EccPoint l_public; uECC_word_t l_private[uECC_WORDS]; uECC_word_t l_tries = 0; @@ -1808,7 +1951,7 @@ int uECC_make_key(uint8_t p_publicKey[uECC_BYTES*2], uint8_t p_privateKey[uECC_B return 1; } -int uECC_shared_secret(const uint8_t p_publicKey[uECC_BYTES*2], const uint8_t p_privateKey[uECC_BYTES], uint8_t p_secret[uECC_BYTES]) +int uECC_shared_secret_impl(const uint8_t p_publicKey[uECC_BYTES*2], const uint8_t p_privateKey[uECC_BYTES], uint8_t p_secret[uECC_BYTES]) { EccPoint l_public; uECC_word_t l_private[uECC_WORDS]; @@ -2143,7 +2286,7 @@ static void vli_modMult_n(uECC_word_t *p_result, uECC_word_t *p_left, uECC_word_ } #endif /* (uECC_CURVE != uECC_secp160r1) */ -int uECC_sign(const uint8_t p_privateKey[uECC_BYTES], const uint8_t p_hash[uECC_BYTES], uint8_t p_signature[uECC_BYTES*2]) +int uECC_sign_impl(const uint8_t p_privateKey[uECC_BYTES], const uint8_t p_hash[uECC_BYTES], uint8_t p_signature[uECC_BYTES*2]) { uECC_word_t k[uECC_N_WORDS]; uECC_word_t l_tmp[uECC_N_WORDS]; @@ -2242,7 +2385,7 @@ static bitcount_t smax(bitcount_t a, bitcount_t b) return (a > b ? a : b); } -int uECC_verify(const uint8_t p_publicKey[uECC_BYTES*2], const uint8_t p_hash[uECC_BYTES], const uint8_t p_signature[uECC_BYTES*2]) +int uECC_verify_impl(const uint8_t p_publicKey[uECC_BYTES*2], const uint8_t p_hash[uECC_BYTES], const uint8_t p_signature[uECC_BYTES*2]) { uECC_word_t u1[uECC_N_WORDS], u2[uECC_N_WORDS]; uECC_word_t z[uECC_N_WORDS]; diff --git a/extlibs/tinydtls/ecc/ecc.h b/extlibs/tinydtls/ecc/ecc.h index 92e1313..dd09ce6 100644 --- a/extlibs/tinydtls/ecc/ecc.h +++ b/extlibs/tinydtls/ecc/ecc.h @@ -84,6 +84,146 @@ Inputs: */ void uECC_set_rng(uECC_RNG_Function p_rng); +////////////////////////////////////////// +// DTLS_CRYPTO_HAL +/** +* Call this function to create a unique public-private key pair in secure hardware +* +* @param[out] p_publicKey The public key that is associated with the private key that was just created. +* @param[out] p_privateKeyHandle A handle that is used to point to the private key stored in hardware. +* @return 1 upon success, 0 if an error occurred. +*/ +typedef int (*uECC_make_key_Function)(uint8_t p_publicKey[uECC_BYTES*2], uint8_t p_privateKeyHandle[uECC_BYTES]); + +/** +* Set the callback function that will be used to generate a public-private key pair. +* This function will replace uECC_make_key. +* +* @param[in] p_make_key_cb The function that will be used to generate a public-private key pair. +*/ +void uECC_set_make_key_cb(uECC_make_key_Function p_make_key_cb); + +/** +* Call this function to sign a hash using a hardware protected private key. +* +* @param[in] p_privateKeyHandle A handle that is used to point to the private key stored in hardware. +* @param[in] p_hash The hash to sign. +* @param[out] p_signature The signature that is produced in hardware by the private key.. +* @return 1 upon success, 0 if an error occurred. +*/ +typedef int (*uECC_sign_Function)(uint8_t p_privateKeyHandle[uECC_BYTES], const uint8_t p_hash[uECC_BYTES], uint8_t p_signature[uECC_BYTES*2]); + +/** +* Set the callback function that will be used to sign. +* This function will replace uECC_sign. +* +* @param[in] p_sign_cb The function that will be used to sign. +*/ +void uECC_set_sign_cb(uECC_sign_Function p_sign_cb); + +/** +* Call this function to verify a signature using the public key and hash that was signed. +* +* @param[in] p_publicKey The public key that is associated with the private key that produced the signature. +* @param[in] p_hash The hash that was signed. +* @param[in] p_signature The signature that was produced the private key that is associated with p_public_key +* @return 1 upon success, 0 if an error occurred. +*/ +typedef int (*uECC_verify_Function)(const uint8_t p_publicKey[uECC_BYTES*2], const uint8_t p_hash[uECC_BYTES], const uint8_t p_signature[uECC_BYTES*2]); + +/** +* Set the callback function that will be used to verify. +* This function will replace uECC_verify. +* +* @param[in] p_verify_cb The function that will be used to verify. +*/ +void uECC_set_verify_cb(uECC_verify_Function p_verify_cb); + +/** +* Call this function to produce an ECDH shared key using the public key of the other node. +* A hardware protected private key will be used for the point multiply +* +* @param[in] p_publicKey The public key from the other node used for communication. +* @param[in] p_privateKeyHandle A handle that is used to point to the private key stored in hardware. +* @param[out] p_secret The pre-master key that is produced by the point multiply with p_public_key and our private key +* @return 1 upon success, 0 if an error occurred. +*/ +typedef int (*uECC_shared_secret_Function)(const uint8_t p_publicKey[uECC_BYTES*2], const uint8_t p_privateKeyHandle[uECC_BYTES], uint8_t p_secret[uECC_BYTES]); + +/** +* Set the callback function that will be used to produce a shared secret. +* This function will replace uECC_shared_secret. +* +* @param[in] p_make_key_cb The function that will be used to generate the shared secret. +*/ +void uECC_set_shared_secret_cb(uECC_shared_secret_Function p_shared_secret_cb); + +/** +* Call this function to produce a shared key using the public key of the other node. +* An ephemeral private key will be created in secure hardware that will be used for the point multiply +* +* @param[in] p_public_key The public key from the other node used for communication. +* @param[out] p_public_key_out The ephemeral public key that will be used in the point multiply. +* @param[out] p_secret The pre-master key that is produced by the point multiply with p_public_key and our private key +* @return 1 upon success, 0 if an error occurred. +*/ +typedef int (*uECC_ecdhe_Function)(const uint8_t p_public_key_in[uECC_BYTES*2], + uint8_t p_public_key_out[uECC_BYTES*2], + uint8_t p_secret[uECC_BYTES]); + +/** +* Set the callback function that will be used to produce a ECDHE shared secret. +* +* @param[in] p_ecdhe_cb The function that will be used to generate the ECDHE shared secret. +*/ +void uECC_set_ecdhe_cb(uECC_ecdhe_Function p_ecdhe_cb); + +/** +* Call this function to return the public key for an existing private key. +* +* @param[out] p_key_handle A handle that is used to point to the private key stored in hardware. +* The public key that is associated with this private key will be returned +* @param[out] p_public_key The public key that is associated with the private key that was just created. +* @return 1 upon success, 0 if an error occurred. +*/ +typedef int (*uECC_get_pubkey_Function)(const uint8_t p_key_handle[uECC_BYTES], + uint8_t p_public_key[uECC_BYTES*2]); + +/** +* Set the callback function that will be used to return the public key for an existing private key. +* +* @param[in] p_get_pubkey_cb The function that will be used to return the public key for an existing private key. +*/ +void uECC_set_get_pubkey_cb(uECC_get_pubkey_Function p_get_pubkey_cb); + + +/** +* Call this function to produce a shared key using the public key of the other node. +* An ephemeral private key will be created that will be used for the point multiply +* +* @param[in] p_public_key The public key from the other node used for communication. +* @param[out] p_public_key_out The ephemeral public key that will be used in the point multiply. +* @param[out] p_secret The pre-master key that is produced by the point multiply with p_public_key and our private key +* @return 1 upon success, 0 if an error occurred. +*/ +int uECC_ecdhe(const uint8_t p_public_key_in[uECC_BYTES*2], + uint8_t p_public_key_out[uECC_BYTES*2], + uint8_t p_secret[uECC_BYTES]); + +/** +* Call this function to return the public key for an existing private key. +* +* @param[out] p_key_handle A handle that is used to point to the private key stored in hardware. +* The public key that is associated with this private key will be returned +* @param[out] p_public_key The public key that is associated with the private key that was just created. +* @return 1 upon success, 0 if an error occurred. +*/ +int uECC_get_pubkey(const uint8_t p_key_handle[uECC_BYTES], + uint8_t p_public_key[uECC_BYTES*2]); + +////////////////////////////////////////// + + /* uECC_make_key() function. Create a public/private key pair. diff --git a/extlibs/tinydtls/tinydtls.h b/extlibs/tinydtls/tinydtls.h index dd27c55..ac849ef 100644 --- a/extlibs/tinydtls/tinydtls.h +++ b/extlibs/tinydtls/tinydtls.h @@ -45,4 +45,7 @@ /** Define to 1 if building with X.509 support */ #define DTLS_X509 1 +/** Define to 1 if building with Hardware Abstraction Layer */ +#define DTLS_CRYPTO_HAL 0 + #endif /* _DTLS_TINYDTLS_H_ */ diff --git a/extlibs/tinydtls/tinydtls.h.in b/extlibs/tinydtls/tinydtls.h.in index 10a8d9a..a267ad6 100644 --- a/extlibs/tinydtls/tinydtls.h.in +++ b/extlibs/tinydtls/tinydtls.h.in @@ -44,4 +44,7 @@ /** Define to 1 if building with X.509 support */ #undef DTLS_X509 +/** Define to 1 if building with crypto hardware abstraction support */ +#undef DTLS_CRYPTO_HAL + #endif /* _DTLS_TINYDTLS_H_ */ -- 2.7.4