xiaozhengsheng/HL-PDJ-1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

初始版本

Browse Source
This commit is contained in:
xiaozhengsheng
2025-08-19 09:49:41 +08:00
parent 10f1ddf1c1
commit 6df0f7d96e
2974 changed files with 1712873 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
external/nrf_oberon/include/mbedtls/ecjpake_alt.h vendored Normal file
View File

@@ -0,0 +1,86 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_mbed_tls_ecjpake Oberon Mbed ECJPAKE APIs
* @ingroup nrf_oberon
* @{
* @brief Type declarations for an alternate implementation of EC-JPAKE for mbed TLS.
*/
#ifndef ECJPAKE_ALT_H
#define ECJPAKE_ALT_H
#if defined(MBEDTLS_CONFIG_FILE)
#include MBEDTLS_CONFIG_FILE
#else
#include "mbedtls/config.h"
#endif
#include "mbedtls/ecp.h"
#include "mbedtls/md.h"
#ifdef __cplusplus
extern "C" {
#endif
#define OBERON_ECJPAKE_P256_SECRET_KEY_SIZE (32) //!< ECJPAKE P-256 secret key size in bytes.
#define OBERON_ECJPAKE_P256_PUBLIC_KEY_SIZE (64) //!< ECJPAKE P-256 public key size in bytes.
/* @brief Oberon replacement ECJPAKE context */
typedef struct mbedtls_ecjpake_context {
mbedtls_ecjpake_role role; //!< Role, either client or server.
int point_format; //!< Point format
unsigned char secret[OBERON_ECJPAKE_P256_SECRET_KEY_SIZE]; //!< Secret.
unsigned char s_key2[OBERON_ECJPAKE_P256_SECRET_KEY_SIZE]; //!< Secret key 2.
unsigned char p_key1[OBERON_ECJPAKE_P256_PUBLIC_KEY_SIZE]; //!< Public key 1.
unsigned char p_key2[OBERON_ECJPAKE_P256_PUBLIC_KEY_SIZE]; //!< Public key 2.
unsigned char r_key1[OBERON_ECJPAKE_P256_PUBLIC_KEY_SIZE]; //!< Remote key 1.
unsigned char r_key2[OBERON_ECJPAKE_P256_PUBLIC_KEY_SIZE]; //!< Remote key 2.
unsigned char r_key3[OBERON_ECJPAKE_P256_PUBLIC_KEY_SIZE]; //!< Remote key 3.
} mbedtls_ecjpake_context;
#ifdef __cplusplus
}
#endif
#endif /* #ifndef ECJPAKE_ALT_H */
/** @} */

77
external/nrf_oberon/include/mbedtls/sha1_alt.h vendored Normal file
View File

@@ -0,0 +1,77 @@
/**
* Copyright (c) 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_mbed_tls_sha1 Oberon Mbed TLS SHA-1 type declarations
* @ingroup nrf_oberon
* @{
* @brief Type declarations for an alternate implementation of SHA-1 for mbed TLS.
*/
#ifndef SHA1_ALT_H
#define SHA1_ALT_H
#include <stdint.h>
#if defined(MBEDTLS_CONFIG_FILE)
#include MBEDTLS_CONFIG_FILE
#else
#include "mbedtls/config.h"
#endif
#ifdef __cplusplus
extern "C" {
#endif
#define OBERON_SHA1_CONTEXT_SIZE_WORDS (24) //!< SHA-1 context size in words.
/* @brief Oberon replacement SHA-1 context */
typedef struct mbedtls_sha1_context {
uint32_t data[OBERON_SHA1_CONTEXT_SIZE_WORDS]; //!< Opaque SHA-1 context.
} mbedtls_sha1_context;
#ifdef __cplusplus
}
#endif
#endif /* #ifndef SHA1_ALT_H */
/** @} */

77
external/nrf_oberon/include/mbedtls/sha256_alt.h vendored Normal file
View File

@@ -0,0 +1,77 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_mbed_tls_sha256 Oberon Mbed TLS SHA-256 type declarations
* @ingroup nrf_oberon
* @{
* @brief Type declarations for an alternate implementation of SHA-256 for Mbed TLS.
*/
#ifndef SHA256_ALT_H
#define SHA256_ALT_H
#include <stdint.h>
#if defined(MBEDTLS_CONFIG_FILE)
#include MBEDTLS_CONFIG_FILE
#else
#include "mbedtls/config.h"
#endif
#ifdef __cplusplus
extern "C" {
#endif
#define OCRYPTO_SHA256_CONTEXT_SIZE_WORDS (27) //!< SHA-256 context size in words.
/* @brief Oberon replacement SHA-256 context */
typedef struct mbedtls_sha256_context {
uint32_t data[OCRYPTO_SHA256_CONTEXT_SIZE_WORDS]; //!< Opaque SHA-256 context.
} mbedtls_sha256_context;
#ifdef __cplusplus
}
#endif
#endif /* #ifndef SHA256_ALT_H */
/** @} */

100
external/nrf_oberon/include/ocrypto_aes_cbc.h vendored Normal file
View File

@@ -0,0 +1,100 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_aes_cbc AES CBC APIs
* @ingroup nrf_oberon_aes
* @{
* @brief Type definitions and APIS for AES CBC (AES Cipher Block Chaining)
*
* AES (advanced encryption standard) is a symmetric encryption algorithm standardized by NIST.
* AES transfers a 128-bit block of data into an encrypted block of the same size.
*
* AES-CBC (AES Cipher Block Chaining) is an AES block cipher mode which avoids the problems of the
* ECB mode by xoring each plaintext block with the previous ciphertext block before being encrypted.
*/
#ifndef OCRYPTO_AES_CBC_H
#define OCRYPTO_AES_CBC_H
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* AES-CBC encryption.
*
* @param[out] ct Cyphertext.
* @param pt Plaintext.
* @param pt_len Plaintext length.
* @param key AES key.
* @param size Key size (16, 24, or 32).
* @param iv Initial vector.
*
* @remark @p ct may be same as @p pt.
*/
void ocrypto_aes_cbc_encrypt (
uint8_t* ct, const uint8_t* pt, size_t pt_len, const uint8_t *key, size_t size, const uint8_t iv[16]);
/**
* AES-CBC decryption.
*
* @param[out] pt Plaintext.
* @param ct Cyphertext.
* @param ct_len Cyphertext length.
* @param key AES key.
* @param size Key size (16, 24, or 32).
* @param iv Initial vector.
*
* @remark @p ct may be same as @p pt.
*/
void ocrypto_aes_cbc_decrypt (
uint8_t* pt, const uint8_t* ct, size_t ct_len, const uint8_t *key, size_t size, const uint8_t iv[16]);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_AES_CBC_H */
/** @} */

123
external/nrf_oberon/include/ocrypto_aes_ccm.h vendored Normal file
View File

@@ -0,0 +1,123 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_aes_ccm AES CCM APIs
* @ingroup nrf_oberon_aes
* @{
* @brief Type definitions and APIS for AES CCM (AES counter mode with CBC-MAC)
*
* AES (advanced encryption standard) is a symmetric encryption algorithm standardized by NIST.
* AES transfers a 128-bit block of data into an encrypted block of the same size.
*
* AES-CCM (AES counter mode with CBC-MAC) is an AES mode which effectively turns the block
* cipher into a stream cipher. The AES block cipher primitive is used in CTR mode for
* encryption and decryption. In addition an AES CBC-MAC is used for authentication.
*/
#ifndef OCRYPTO_AES_CCM_H
#define OCRYPTO_AES_CCM_H
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* AES-CCM encryption.
*
* @param[out] ct Cyphertext.
* @param[out] tag Authentication tag.
* @param tag_len Tag length (4, 6, 8, 10, 12, 14, or 16).
* @param pt Plaintext.
* @param pt_len Plaintext length, 0 <= @p pt_len < 2^(8*(15-n_len)).
* @param key AES key.
* @param size Key size (16, 24, or 32).
* @param nonce Nonce.
* @param n_len Nonce length, 7 <= @p n_len <= 13.
* @param aa Additional authentication data.
* @param aa_len Additional authentication data length.
*
* @remark @p ct may be same as @p pt.
*/
void ocrypto_aes_ccm_encrypt (
uint8_t *ct,
uint8_t *tag, size_t tag_len,
const uint8_t *pt, size_t pt_len,
const uint8_t *key, size_t size,
const uint8_t *nonce, size_t n_len,
const uint8_t *aa, size_t aa_len);
/**
* AES-CCM decryption.
*
* @param[out] pt Plaintext.
* @param tag Authentication tag.
* @param tag_len Tag length (4, 6, 8, 10, 12, 14, or 16).
* @param ct Cyphertext.
* @param ct_len Cyphertext length, 0 <= @p ct_len < 2^(8*(15-n_len)).
* @param key AES key.
* @param size Key size (16, 24, or 32).
* @param nonce Nonce.
* @param n_len Nonce length, 7 <= @p n_len <= 13.
* @param aa Additional authentication data.
* @param aa_len Additional authentication data length.
*
* @retval 0 If @p tag is valid.
* @retval -1 Otherwise.
*
* @remark @p ct may be same as @p pt.
*/
int ocrypto_aes_ccm_decrypt (
uint8_t *pt,
const uint8_t *tag, size_t tag_len,
const uint8_t *ct, size_t ct_len,
const uint8_t *key, size_t size,
const uint8_t *nonce, size_t n_len,
const uint8_t *aa, size_t aa_len);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_AES_CCM_H */
/** @} */

106
external/nrf_oberon/include/ocrypto_aes_cmac.h vendored Normal file
View File

@@ -0,0 +1,106 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_aes_cmac AES CMAC APIs
* @ingroup nrf_oberon_aes
* @{
* @brief Type definitions and APIS for AES CMAC (AES Cipher-based Message Authentication Code)
*
* AES (advanced encryption standard) is a symmetric encryption algorithm standardized by NIST.
* AES transfers a 128-bit block of data into an encrypted block of the same size.
*
* AES-CMAC (AES Cipher-based Message Authentication Code) is a block cipher-based message
* authentication code algorithm. The AES block cipher primitive is used in variant of the
* CBC mode to get the authentication tag.
*/
#ifndef OCRYPTO_AES_CMAC_H
#define OCRYPTO_AES_CMAC_H
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* Length of the pseudo random function.
*/
#define ocrypto_aes_cmac_prf128_BYTES (16)
/**
* AES-CMAC authentication algorithm.
*
* @param[out] tag Resulting tag.
* @param tag_len Tag length, 0 < @p tag_len <= 16.
* @param msg Message to authenticate.
* @param msg_len Message length.
* @param key AES key.
* @param size Key size (16, 24, or 32).
*/
void ocrypto_aes_cmac_authenticate (
uint8_t *tag, size_t tag_len,
const uint8_t *msg, size_t msg_len,
const uint8_t *key, size_t size);
/**
* AES-CMAC-PRF-128 pseudo random function algorithm.
*
* @param[out] prf 16 byte PRF output.
* @param msg Message input.
* @param msg_len Message length.
* @param key Key.
* @param key_len Key length.
*/
void ocrypto_aes_cmac_prf128 (
uint8_t prf[ocrypto_aes_cmac_prf128_BYTES],
const uint8_t *msg, size_t msg_len,
const uint8_t *key, size_t key_len);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_AES_CMAC_H */
/** @} */

145
external/nrf_oberon/include/ocrypto_aes_ctr.h vendored Normal file
View File

@@ -0,0 +1,145 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_aes AES - Advanced Encryption Standard APIs
* @ingroup nrf_oberon
* @{
* @brief AES (advanced encryption standard) is a symmetric encryption algorithm standardized by NIST.
* AES transfers a 128-bit block of data into an encrypted block of the same size.
* @}
*
* @defgroup nrf_oberon_aes_ctr AES-CTR - AES Counter Mode
* @ingroup nrf_oberon_aes
* @{
* @brief Type definitions and APIs for AES-CTR (AES Counter mode).
*
* AES (advanced encryption standard) is a symmetric encryption algorithm standardized by NIST.
* AES transfers a 128-bit block of data into an encrypted block of the same size.
*
* AES-CTR (AES counter mode) is an AES mode which effectively turns the block cipher into a stream
* cipher. The AES block encryption is used on a value which is incremented for each new block.
* The resulting cypher stream is then xor combined with the plaintext to get the ciphertext.
* In contrast to AES itself, encryption and decryption operations are identical for AES-CTR.
*/
#ifndef OCRYPTO_AES_CTR_H
#define OCRYPTO_AES_CTR_H
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**@cond */
typedef struct {
uint32_t xkey[60];
uint8_t counter[16];
uint8_t cypher[16];
uint8_t size; // Key size (16, 24, or 32 bytes).
uint32_t valid; // Valid bytes in cypher.
} ocrypto_aes_ctr_ctx;
/**@endcond */
/**@name Incremental AES-CTR encryption/decryption.
*
* This group of functions can be used to incrementally compute the
* AES-CTR encryption/decryption for a given message.
*/
/**@{*/
/**
* AES-CTR initialization.
*
* The context @p ctx is initialized using the given key @p key and initial vector @p iv.
*
* @param[out] ctx Context.
* @param key AES key.
* @param size Key size (16, 24, or 32 bytes).
* @param iv Initial vector.
*/
void ocrypto_aes_ctr_init(ocrypto_aes_ctr_ctx *ctx, const uint8_t *key, size_t size, const uint8_t iv[16]);
/**
* AES-CTR incremental encryption.
*
* The plaintext @p pt is encrypted to the ciphertext @p ct using the context @p ctx.
*
* This function can be called repeatedly until the whole message is processed.
*
* @param ctx Context.
* @param[out] ct Ciphertext.
* @param pt Plaintext.
* @param pt_len Length of @p pt and @p ct.
*
* @remark @p ct and @p pt can point to the same address.
* @remark Initialization of the context @p ctx through
* @c ocrypto_aes_ctr_init is required before this function can be called.
*/
void ocrypto_aes_ctr_encrypt(ocrypto_aes_ctr_ctx *ctx, uint8_t* ct, const uint8_t* pt, size_t pt_len);
/**
* AES-CTR incremental decryption.
*
* The ciphertext @p ct is decrypted to the plaintext @p pt using the context @p ctx.
*
* This function can be called repeatedly until the whole message is processed.
*
* @param ctx Context.
* @param[out] pt Plaintext.
* @param ct Ciphertext.
* @param ct_len Length of @p ct and @p pt.
*
* @remark @p ct and @p pt can point to the same address.
* @remark Initialization of the context @p ctx through
* @c ocrypto_aes_ctr_init is required before this function can be called.
*/
void ocrypto_aes_ctr_decrypt(ocrypto_aes_ctr_ctx *ctx, uint8_t* pt, const uint8_t* ct, size_t ct_len);
/**@}*/
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_AES_CTR_H */
/** @} */

114
external/nrf_oberon/include/ocrypto_aes_eax.h vendored Normal file
View File

@@ -0,0 +1,114 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_aes_eax AES EAX APIs
* @ingroup nrf_oberon_aes
* @{
* @brief Type definitions and APIS for AES EAX (Encrypt-then-authenticate-then-translate)
*
* AES (advanced encryption standard) is a symmetric encryption algorithm standardized by NIST.
* AES transfers a 128-bit block of data into an encrypted block of the same size.
*
* AES-EAX (encrypt-then-authenticate-then-translate) is an AES mode which effectively turns the
* block cipher into a stream cipher. The AES block cipher primitive is used in CTR mode for
* encryption and as OMAC for authentication over each block.
*/
#ifndef OCRYPTO_AES_EAX_H
#define OCRYPTO_AES_EAX_H
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* AES-EAX encryption.
*
* @param[out] ct Cyphertext.
* @param[out] tag Authentication tag.
* @param pt Plaintext.
* @param pt_len Plaintext length.
* @param key AES key.
* @param size Key size (16, 24, or 32 bytes).
* @param iv Initial vector.
* @param iv_len Initial vector length.
* @param aa Additional authentication data.
* @param aa_len Additional authentication data length.
*
* @remark @p ct and @p pt can point to the same address.
*/
void ocrypto_aes_eax_encrypt (
uint8_t* ct, uint8_t tag[16], const uint8_t* pt, size_t pt_len, const uint8_t *key, size_t size,
const uint8_t* iv, size_t iv_len, const uint8_t *aa, size_t aa_len);
/**
* AES-EAX decryption.
*
* @param[out] pt Plaintext.
* @param tag Authentication tag.
* @param ct Cyphertext.
* @param ct_len Cyphertext length.
* @param key AES key.
* @param size Key size (16, 24, or 32 bytes).
* @param iv Initial vector.
* @param iv_len Initial vector length.
* @param aa Additional authentication data.
* @param aa_len Additional authentication data length.
*
* @remark @p ct and @p pt can point to the same address.
*
* @retval 0 If @p tag is valid.
* @retval -1 Otherwise.
*/
int ocrypto_aes_eax_decrypt (
uint8_t* pt, const uint8_t tag[16], const uint8_t* ct, size_t ct_len, const uint8_t *key, size_t size,
const uint8_t* iv, size_t iv_len, const uint8_t *aa, size_t aa_len);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_AES_EAX_H */
/** @} */

113
external/nrf_oberon/include/ocrypto_aes_gcm.h vendored Normal file
View File

@@ -0,0 +1,113 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_aes_gcm AES GCM - AES Galois/Counter Mode APIs
* @ingroup nrf_oberon_aes
* @{
* @brief Type definitions and APIs for AES-GCM (AES Galois/Counter Mode).
*
* AES (advanced encryption standard) is a symmetric encryption algorithm standardized by NIST.
* AES transfers a 128-bit block of data into an encrypted block of the same size.
*
* AES-GCM (AES Galois/Counter Mode) is an AES mode which effectively turns the block cipher into
* a stream cipher. The AES block cipher primitive is used in CTR mode for encryption and decryption.
* In addition, 128-bit Galois Field multiplication is used for authentication.
*/
#ifndef OCRYPTO_AES_GCM_H
#define OCRYPTO_AES_GCM_H
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* AES-GCM encryption.
*
* @param[out] ct Cyphertext.
* @param[out] tag Authentication tag.
* @param pt Plaintext.
* @param pt_len Plaintext length.
* @param key AES key.
* @param size Key size (16, 24, or 32 bytes).
* @param iv Initial vector.
* @param aa Additional authentication data.
* @param aa_len Additional authentication data length.
*
* @remark @p ct and @p pt can point to the same address.
*/
void ocrypto_aes_gcm_encrypt (
uint8_t* ct, uint8_t tag[16], const uint8_t* pt, size_t pt_len,
const uint8_t *key, size_t size, const uint8_t iv[12], const uint8_t *aa, size_t aa_len);
/**
* AES-GCM decryption.
*
* @param[out] pt Plaintext.
* @param tag Authentication tag.
* @param ct Cyphertext.
* @param ct_len Cyphertext length.
* @param key AES key.
* @param size Key size (16, 24, or 32 bytes).
* @param iv Initial vector.
* @param aa Additional authentication data.
* @param aa_len Additional authentication data length.
*
* @remark @p ct and @p pt can point to the same address.
*
* @retval 0 If @p tag is valid.
* @retval -1 Otherwise.
*/
int ocrypto_aes_gcm_decrypt (
uint8_t* pt, const uint8_t tag[16], const uint8_t* ct, size_t ct_len,
const uint8_t *key, size_t size, const uint8_t iv[12], const uint8_t *aa, size_t aa_len);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_AES_GCM_H */
/** @} */

70
external/nrf_oberon/include/ocrypto_aes_key.h vendored Normal file
View File

@@ -0,0 +1,70 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_aes_key AES key sizes
* @ingroup nrf_oberon_aes
* @{
* @brief Type definition of AES key sizes.
*
* AES (advanced encryption standard) is a symmetric encryption algorithm standardized by NIST.
* AES transfers a 128-bit block of data into an encrypted block of the same size.
*/
#ifndef OCRYPTO_AES_KEY_H
#define OCRYPTO_AES_KEY_H
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
#define ocrypto_aes128_KEY_BYTES ((size_t) 16) //!< AES-128 key size in bytes
#define ocrypto_aes192_KEY_BYTES ((size_t) 24) //!< AES-192 key size in bytes
#define ocrypto_aes256_KEY_BYTES ((size_t) 32) //!< AES-256 key size in bytes
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_AES_KEY_H */
/** @} */

145
external/nrf_oberon/include/ocrypto_chacha20.h vendored Normal file
View File

@@ -0,0 +1,145 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_chacha ChaCha20 APIs
* @ingroup nrf_oberon_chacha_poly
* @{
* @brief Type declaration and APIs for the Chacha20 stream cipher algorithm.
*
* ChaCha20 is a stream cipher developed by Daniel J. Bernstein based on the 20-round cipher
* Salsa20/20.
*
* A 256-bit key is expanded into 2^64 randomly accessible streams, each
* containing 2^64 randomly accessible 64-byte (512-bit) blocks.
*
* The changes from Salsa20/20 to ChaCha20 are designed to improve diffusion per
* round, conjecturally increasing resistance to cryptanalysis, while
* preserving - and often improving - time per round.
*
* @see [RFC 7539 - ChaCha20 and Poly1305 for IETF Protocols](http://tools.ietf.org/html/rfc7539)
* @see [The ChaCha family of stream ciphers](http://cr.yp.to/chacha.html)
*/
#ifndef OCRYPTO_CHACHA20_H
#define OCRYPTO_CHACHA20_H
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* Length of the encryption key.
*/
#define ocrypto_chacha20_KEY_BYTES (32)
/**
* Maximum length of the nonce.
*/
#define ocrypto_chacha20_NONCE_BYTES_MAX (12)
/**
* ChaCha20 cipher stream generator.
*
* The encryption key @p k, the nonce @p n, and the initial block counter
* @p count are used to generate a pseudo random cipher stream.
*
* Possible applications include key generation and random number generation.
*
* @param[out] c Generated cipher stream.
* @param c_len Length of @p c.
* @param n Nonce.
* @param n_len Nonce length. 0 <= @p n_len <= @c ocrypto_chacha20_NONCE_BYTES_MAX.
* @param k Encryption key.
* @param count Initial block counter.
*
* @remark When reusing an encryption key @p k, a different nonce @p n or
* initial block counter @p count must be used.
*
* @remark This function is equivalent to @c chacha20_stream_xor with a
* message @p m consisting of @p c_len zeroes.
*/
void ocrypto_chacha20_stream(
uint8_t *c, size_t c_len,
const uint8_t *n, size_t n_len,
const uint8_t k[ocrypto_chacha20_KEY_BYTES],
uint32_t count);
/**
* ChaCha20 cipher stream encoder.
*
* The message @p m is encrypted by applying the XOR operation with a pseudo
* random cipher stream derived from the encryption key @p k, the nonce @p n, and
* the initial block counter @p count.
*
* Calling the function a second time with the generated ciphertext as input
* message @p m decrypts it back to the original message.
*
* @param[out] c Generated ciphertext. Same length as input message.
* @param m Input message.
* @param m_len Length of @p c and @p m.
* @param n Nonce.
* @param n_len Nonce length. 0 <= @p n_len <= @c ocrypto_chacha20_NONCE_BYTES_MAX.
* @param k Encryption key.
* @param count Initial block counter.
*
* @remark @p c and @p m can point to the same address.
*
* @remark When reusing an encryption key @p k for a different message @p m, a
* different nonce @p n or initial block counter @p count must be used.
*/
void ocrypto_chacha20_stream_xor(
uint8_t *c,
const uint8_t *m, size_t m_len,
const uint8_t *n, size_t n_len,
const uint8_t k[ocrypto_chacha20_KEY_BYTES],
uint32_t count);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_CHACHA20_H */
/** @} */

224
external/nrf_oberon/include/ocrypto_chacha20_poly1305.h vendored Normal file
View File

@@ -0,0 +1,224 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_chacha_poly ChaCha20-Poly1305
* @ingroup nrf_oberon
* @{
* @brief ChaCha20-Poly1305 is an authenticated encryption algorithm with optional
* additional authenticated data developed by Daniel J.Bernstein.
* @}
*
* @defgroup nrf_oberon_chacha_poly_apis ChaCha20-Poly1305 APIs
* @ingroup nrf_oberon_chacha_poly
* @{
* @brief Type declaration and APIs for authenticated encryption and additional data using
* the ChaCha20-Poly1305 algorithm.
*
* ChaCha20-Poly1305 is an authenticated encryption algorithm with optional
* additional authenticated data developed by Daniel J.Bernstein.
*
* The ChaCha20 stream cipher is combined with the Poly1305 authenticator.
*
* @see [RFC 7539 - ChaCha20 and Poly1305 for IETF Protocols](http://tools.ietf.org/html/rfc7539)
*/
#ifndef OCRYPTO_CHACHA20_POLY1305_H
#define OCRYPTO_CHACHA20_POLY1305_H
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* Length of the encryption key.
*/
#define ocrypto_chacha20_poly1305_KEY_BYTES (32)
/**
* Maximum length of the nonce.
*/
#define ocrypto_chacha20_poly1305_NONCE_BYTES_MAX (12)
/**
* Length of the authentication tag.
*/
#define ocrypto_chacha20_poly1305_TAG_BYTES (16)
/**@{*/
/**
* AEAD ChaCha20-Poly1305 encrypt.
*
* The message @p m is encrypted using a ChaCha20 cipher stream derived from the
* encryption key @p k and the nonce @p n. The resulting ciphertext has the same
* length @p m_len as the input message @p m and is put into @p c.
*
* Additionally, the ciphertext @p c is authenticated with a tag that is
* generated with Poly1305 using a unique subkey derived from @p k and @p n, and
* then put into @p tag.
*
* @param[out] tag Generated authentication tag.
* @param[out] c Generated ciphertext. Same length as input message.
* @param m Input message.
* @param m_len Length of @p m and @p c.
* @param n Nonce.
* @param n_len Length of @p n. 0 <= @p n_len <= @c ocrypto_chacha20_poly1305_NONCE_BYTES_MAX.
* @param k Encryption key.
*
* @remark @p c and @p m can point to the same address.
*
* @remark When reusing an encryption key @p k for a different message @p m, a
* different nonce @p n must be used.
*/
void ocrypto_chacha20_poly1305_encrypt(
uint8_t tag[ocrypto_chacha20_poly1305_TAG_BYTES],
uint8_t *c,
const uint8_t *m, size_t m_len,
const uint8_t *n, size_t n_len,
const uint8_t k[ocrypto_chacha20_poly1305_KEY_BYTES]);
/**
* AEAD ChaCha20-Poly1305 encrypt with AAD.
*
* The message @p m is encrypted using a ChaCha20 cipher stream derived from the
* encryption key @p k and the nonce @p n. The resulting ciphertext has the same
* length @p m_len as the input message @p m and is put into @p c.
*
* Additionally, the ciphertext @p c, as well as the additional authenticated
* data @p a, is authenticated with a tag that is generated with Poly1305 using a
* unique subkey derived from @p k and @p n, and then put into @p tag.
*
* @param[out] tag Generated authentication tag.
* @param[out] c Generated ciphertext. Same length as input message.
* @param m Input message.
* @param m_len Length of @p m and @p c.
* @param a Additional authenticated data.
* @param a_len Length of @p a.
* @param n Nonce.
* @param n_len Length of @p n. 0 <= @p n_len <= @c ocrypto_chacha20_poly1305_NONCE_BYTES_MAX.
* @param k Encryption key.
*
* @remark @p c and @p m can point to the same address.
*
* @remark When reusing an encryption key @p k for a different message @p m or
* different additional authenticated data @p a, a different nonce @p n
* must be used.
*/
void ocrypto_chacha20_poly1305_encrypt_aad(
uint8_t tag[ocrypto_chacha20_poly1305_TAG_BYTES],
uint8_t *c,
const uint8_t *m, size_t m_len,
const uint8_t *a, size_t a_len,
const uint8_t *n, size_t n_len,
const uint8_t k[ocrypto_chacha20_poly1305_KEY_BYTES]);
/**@}*/
/**@{*/
/**
* AEAD ChaCha20-Poly1305 decrypt.
*
* If the authentication tag @p tag is valid for the ciphertext @p c, the
* encryption key @p k and the nonce @p n, the ciphertext is decrypted and put
* into @p m. The decrypted message @p m has the same length @p c_len as the
* original ciphertext.
*
* @param tag Received authentication tag.
* @param[out] m Decoded message. Same length as received ciphertext.
* @param c Received ciphertext.
* @param c_len Length of @p c and @p m.
* @param n Nonce.
* @param n_len Length of @p n. 0 <= @p n_len <= @c ocrypto_chacha20_poly1305_NONCE_BYTES_MAX.
* @param k Encryption key.
*
* @retval 0 If @p tag is valid.
* @retval -1 Otherwise.
*
* @remark @p m and @p c can point to the same address.
*/
int ocrypto_chacha20_poly1305_decrypt(
const uint8_t tag[ocrypto_chacha20_poly1305_TAG_BYTES],
uint8_t *m,
const uint8_t *c, size_t c_len,
const uint8_t *n, size_t n_len,
const uint8_t k[ocrypto_chacha20_poly1305_KEY_BYTES]);
/**
* AEAD ChaCha20-Poly1305 decrypt with AAD.
*
* If the authentication tag @p tag is valid for the ciphertext @p c, the
* additional authenticated data @p a, the encryption key @p k and the nonce
* @p n, the ciphertext is decrypted and put into @p m. The decrypted message
* @p m has the same length @p c_len as the original ciphertext.
*
* @param tag Received authentication tag.
* @param[out] m Decoded message. Same length as received ciphertext.
* @param c Received ciphertext.
* @param c_len Length of @p c and @p m.
* @param a Received additional authenticated data.
* @param a_len Length of @p a.
* @param n Nonce.
* @param n_len Length of @p n. 0 <= @p n_len <= @c ocrypto_chacha20_poly1305_NONCE_BYTES_MAX.
* @param k Encryption key.
*
* @retval 0 If @p tag is valid.
* @retval -1 Otherwise.
*
* @remark @p m and @p c can point to the same address.
*/
int ocrypto_chacha20_poly1305_decrypt_aad(
const uint8_t tag[ocrypto_chacha20_poly1305_TAG_BYTES],
uint8_t *m,
const uint8_t *c, size_t c_len,
const uint8_t *a, size_t a_len,
const uint8_t *n, size_t n_len,
const uint8_t k[ocrypto_chacha20_poly1305_KEY_BYTES]);
/**@}*/
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_CHACHA20_POLY1305_H */
/** @} */

244
external/nrf_oberon/include/ocrypto_chacha20_poly1305_inc.h vendored Normal file
View File

@@ -0,0 +1,244 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_chacha_poly_inc ChaCha20-Poly1305 incremental APIs
* @ingroup nrf_oberon_chacha_poly
* @{
* @brief Type declaration and APIs for authenticated encryption and additional data using
* the ChaCha20-Poly1305 algorithm in incremental steps.
*
* ChaCha20-Poly1305 is an authenticated encryption algorithm with optional
* additional authenticated data developed by Daniel J.Bernstein.
*
* The ChaCha20 stream cipher is combined with the Poly1305 authenticator.
*
* @see [RFC 7539 - ChaCha20 and Poly1305 for IETF Protocols](http://tools.ietf.org/html/rfc7539)
*/
#ifndef OCRYPTO_CHACHA20_POLY1305_INC_H
#define OCRYPTO_CHACHA20_POLY1305_INC_H
#include <stdint.h>
#include <stddef.h>
#include "ocrypto_chacha20_poly1305.h"
#include "ocrypto_poly1305.h"
#ifdef __cplusplus
extern "C" {
#endif
/**@cond */
typedef struct {
ocrypto_poly1305_ctx auth_ctx;
uint8_t subkey[32];
uint8_t buffer[16];
uint32_t buffer_len;
uint8_t cypher[64];
uint32_t cypher_idx;
uint32_t count;
size_t msg_len;
size_t aad_len;
} ocrypto_chacha20_poly1305_ctx;
/**@endcond */
/**@name Incremental ChaCha20-Poly1305 generator.
*
* This group of functions can be used to incrementally encode and decode using the ChaCha20-Poly1305 stream cypher.
*
* Use pattern:
*
* Encoding:
* @code
* ocrypto_chacha20_poly1305_init(ctx, nonce, nonce_len, key);
* ocrypto_chacha20_poly1305_update_aad(ctx, aad, aad_len, nonce, nonce_len, key);
* ...
* ocrypto_chacha20_poly1305_update_aad(ctx, aad, aad_len, nonce, nonce_len, key);
* ocrypto_chacha20_poly1305_update_enc(ctx, ct, pt, pt_len, nonce, nonce_len, key);
* ...
* ocrypto_chacha20_poly1305_update_enc(ctx, ct, pt, pt_len, nonce, nonce_len, key);
* ocrypto_chacha20_poly1305_final_enc(ctx, tag);
* @endcode
* Decoding:
* @code
* ocrypto_chacha20_poly1305_init(ctx, nonce, nonce_len, key);
* ocrypto_chacha20_poly1305_update_aad(ctx, aad, aad_len, nonce, nonce_len, key);
* ...
* ocrypto_chacha20_poly1305_update_aad(ctx, aad, aad_len, nonce, nonce_len, key);
* ocrypto_chacha20_poly1305_update_dec(ctx, pt, ct, ct_len, nonce, nonce_len, key);
* ...
* ocrypto_chacha20_poly1305_update_dec(ctx, pt, ct, ct_len, nonce, nonce_len, key);
* res = ocrypto_chacha20_poly1305_final_dec(ctx, tag);
* @endcode
*/
/**@{*/
/**
* ChaCha20-Poly1305 initialization.
*
* The generator state @p ctx is initialized by this function.
*
* @param[out] ctx Generator state.
* @param n Nonce.
* @param n_len Length of @p n. 0 <= @p n_len <= @c ocrypto_chacha20_poly1305_NONCE_BYTES_MAX.
* @param k Encryption key.
*/
void ocrypto_chacha20_poly1305_init(
ocrypto_chacha20_poly1305_ctx *ctx,
const uint8_t *n, size_t n_len,
const uint8_t k[ocrypto_chacha20_poly1305_KEY_BYTES]);
/**
* SHA-ChaCha20-Poly1305 incremental aad input.
*
* The generator state @p ctx is updated to include a data chunk @p a.
*
* This function can be called repeatedly until the whole data is processed.
*
* @param ctx Generator state.
* @param a Additional authenticated data.
* @param a_len Length of @p a.
*
* @remark Initialization of the generator state @p ctx through
* @c ocrypto_chacha20_poly1305_init is required before this function can be called.
*
* @remark @c ocrypto_chacha20_poly1305_update_aad must be called before any call to
* @c ocrypto_chacha20_poly1305_update_enc or @c ocrypto_chacha20_poly1305_update_dec.
*/
void ocrypto_chacha20_poly1305_update_aad(
ocrypto_chacha20_poly1305_ctx *ctx,
const uint8_t *a, size_t a_len);
/**
* SHA-ChaCha20-Poly1305 incremental encoder input.
*
* The generator state @p ctx is updated to include a message chunk @p m.
*
* This function can be called repeatedly until the whole message is processed.
*
* @param ctx Generator state.
* @param[out] c Generated ciphertext. Same length as input message.
* @param m Message chunk.
* @param m_len Length of @p m.
* @param n Nonce.
* @param n_len Length of @p n. 0 <= @p n_len <= @c ocrypto_chacha20_poly1305_NONCE_BYTES_MAX.
* @param k Encryption key.
*
* @remark Initialization of the generator state @p ctx through
* @c ocrypto_chacha20_poly1305_init is required before this function can be called.
*
* @remark @c ocrypto_chacha20_poly1305_update_enc must be called after any call to
* @c ocrypto_chacha20_poly1305_update_aad.
*
* @remark @p c and @p m can point to the same address.
*/
void ocrypto_chacha20_poly1305_update_enc(
ocrypto_chacha20_poly1305_ctx *ctx,
uint8_t *c,
const uint8_t *m, size_t m_len,
const uint8_t *n, size_t n_len,
const uint8_t k[ocrypto_chacha20_poly1305_KEY_BYTES]);
/**
* SHA-ChaCha20-Poly1305 incremental decoder input.
*
* The generator state @p ctx is updated to include a cyphertext chunk @p c.
*
* This function can be called repeatedly until the whole cyphertext is processed.
*
* @param ctx Generator state.
* @param[out] m Decoded message. Same length as received ciphertext.
* @param c Cyphertext chunk.
* @param c_len Length of @p c.
* @param n Nonce.
* @param n_len Length of @p n. 0 <= @p n_len <= @c ocrypto_chacha20_poly1305_NONCE_BYTES_MAX.
* @param k Encryption key.
*
* @remark Initialization of the generator state @p ctx through
* @c ocrypto_chacha20_poly1305_init is required before this function can be called.
*
* @remark @c ocrypto_chacha20_poly1305_update_dec must be called after any call to
* @c ocrypto_chacha20_poly1305_update_aad.
*
* @remark @p m and @p c can point to the same address.
*/
void ocrypto_chacha20_poly1305_update_dec(
ocrypto_chacha20_poly1305_ctx *ctx,
uint8_t *m,
const uint8_t *c, size_t c_len,
const uint8_t *n, size_t n_len,
const uint8_t k[ocrypto_chacha20_poly1305_KEY_BYTES]);
/**
* SHA-ChaCha20-Poly1305 final encoder step.
*
* The generator state @p ctx is used to finalize the encryption and generate the tag.
*
* @param ctx Generator state.
* @param[out] tag Generated authentication tag.
*/
void ocrypto_chacha20_poly1305_final_enc(
ocrypto_chacha20_poly1305_ctx *ctx,
uint8_t tag[ocrypto_chacha20_poly1305_TAG_BYTES]);
/**
* SHA-ChaCha20-Poly1305 final decoder step.
*
* The generator state @p ctx is used to finalize the decryption and check the tag.
*
* @param ctx Generator state.
* @param tag Received authentication tag.
*
* @retval 0 If @p tag is valid.
* @retval -1 Otherwise.
*/
int ocrypto_chacha20_poly1305_final_dec(
ocrypto_chacha20_poly1305_ctx *ctx,
const uint8_t tag[ocrypto_chacha20_poly1305_TAG_BYTES]);
/**@}*/
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_CHACHA20_POLY1305_INC_H */
/** @} */

111
external/nrf_oberon/include/ocrypto_constant_time.h vendored Normal file
View File

@@ -0,0 +1,111 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon Oberon cryptographic library
* @{
* @brief Highly optimized cryptographic algorithm implementation for Cortex-M0, Cortex-M4,
* and Cortex-M33. Created by Oberon, under distribution license with Nordic Semiconductor ASA.
* @}
*
* @defgroup nrf_oberon_constant_time Constant time APIs
* @ingroup nrf_oberon
* @{
* @brief Timing-invariant functions to use with cryptography.
*
* Collection of timing-invariant implementations of basic functions.
*/
#ifndef OCRYPTO_CONSTANT_TIME_H
#define OCRYPTO_CONSTANT_TIME_H
#include <stddef.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* Variable length comparison.
*
* @param x Memory region to compare with @p y.
* @param y Memory region to compare with @p x.
* @param length Number of bytes to compare, @p length > 0.
*
* @retval 1 If @p x and @p y point to equal memory regions.
* @retval 0 Otherwise.
*/
int ocrypto_constant_time_equal(const void *x, const void *y, size_t length);
/**
* Variable length compare to zero.
*
* @param x Pointer to memory region that will be compared.
* @param length Number of bytes to compare, @p length > 0.
*
* @retval 1 If @p x is equal to a zero memory region.
* @retval 0 Otherwise.
*/
int ocrypto_constant_time_is_zero(const void *x, size_t length);
/**
* Variable length copy.
*
* @param x Pointer to memory region to copy @p y to.
* @param y Pointer to memory region to copy to @p x.
* @param length Number of bytes to copy, @p length > 0.
*/
void ocrypto_constant_time_copy(void *x, const void *y, size_t length);
/**
* Variable length fill with zero.
*
* @param x Pointer to memory region to be filled with zero.
* @param length Number of bytes to fill, @p length > 0.
*/
void ocrypto_constant_time_fill_zero(void *x, size_t length);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_CONSTANT_TIME_H */
/** @} */

117
external/nrf_oberon/include/ocrypto_curve25519.h vendored Normal file
View File

@@ -0,0 +1,117 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_curve25519 ECC Curve25519 low-level APIs
* @ingroup nrf_oberon
* @{
* @brief Type declarations and APIs for low-level elliptic curve point operations
* based on Curve25519.
*
* Curve25519 is an elliptic curve offering 128 bits of security. It is designed
* for use in the Elliptic Curve Diffie-Hellman (ECDH) key agreement scheme.
*
* @see [RFC 7748 - Elliptic Curves for Security](https://tools.ietf.org/html/rfc7748)
* @see [Curve25519: high-speed elliptic-curve cryptography](http://cr.yp.to/ecdh.html)
*/
#ifndef OCRYPTO_CURVE25519_H
#define OCRYPTO_CURVE25519_H
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* Length of a scalar.
*/
#define ocrypto_curve25519_SCALAR_BYTES (32)
/**
* Length of a curve point.
*/
#define ocrypto_curve25519_BYTES (32)
/**
* Curve25519 scalar multiplication `r = n * basePoint`.
*
* Given a secret key @p n, the corresponding Curve25519 public key is computed
* and put into @p r.
*
* The inverse of this function is difficult to compute.
*
* @param[out] r Resulting curve point.
* @param[in] n Scalar factor.
*
* @remark @p r and @p n can point to the same address.
*/
void ocrypto_curve25519_scalarmult_base(
uint8_t r[ocrypto_curve25519_BYTES],
const uint8_t n[ocrypto_curve25519_SCALAR_BYTES]);
/**
* Curve25519 scalar multiplication `r = n * p`.
*
* A shared secret is computed from the local secret key @p n and another
* party's public key @p p and put into @p r. The same shared secret is
* generated when the other party combines its private key with the local public
* key.
*
* @param[out] r Resulting curve point.
* @param[in] n Scalar factor.
* @param[in] p Point factor.
*
* @remark @p r and @p n can point to the same address.
*/
void ocrypto_curve25519_scalarmult(
uint8_t r[ocrypto_curve25519_BYTES],
const uint8_t n[ocrypto_curve25519_SCALAR_BYTES],
const uint8_t p[ocrypto_curve25519_BYTES]);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_CURVE25519_H */
/** @} */

136
external/nrf_oberon/include/ocrypto_curve_p256.h vendored Normal file
View File

@@ -0,0 +1,136 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_p256 ECC secp256r1 low-level APIs
* @ingroup nrf_oberon
* @{
* @brief Type declarations and APIs for low-level elliptic curve point operations
* based on the NIST secp256r1 curve.
*/
#ifndef OCRYPTO_CURVE_P256_H
#define OCRYPTO_CURVE_P256_H
#include "ocrypto_sc_p256.h"
#ifdef __cplusplus
extern "C" {
#endif
// (x,y) only jacobian coordinates
/**@cond */
typedef struct {
ocrypto_mod_p256 x;
ocrypto_mod_p256 y;
} ocrypto_cp_p256;
/**@endcond */
/** Load r.x from bytes, keep r.y.
*
* @param[out] r Point with r.x loaded, r.y kept.
* @param p x as as array of bytes.
*
* @retval 0 If @p r is a valid curve point.
* @retval -1 Otherwise.
*/
int ocrypto_curve_p256_from32bytes(ocrypto_cp_p256 *r, const uint8_t p[32]);
/** Load point from bytes.
*
* @param[out] r Loaded point.
* @param p Point as array of bytes.
*
* @retval 0 If @p r is a valid curve point.
* @retval -1 Otherwise.
*/
int ocrypto_curve_p256_from64bytes(ocrypto_cp_p256 *r, const uint8_t p[64]);
/** Store p.x to bytes.
*
* @param[out] r x stored as array.
* @param p Point with x to be stored.
*/
void ocrypto_curve_p256_to32bytes(uint8_t r[32], ocrypto_cp_p256 *p);
/** Store p.x to bytes.
*
* @param[out] r Point stored as array.
* @param p Point to be stored.
*/
void ocrypto_curve_p256_to64bytes(uint8_t r[64], ocrypto_cp_p256 *p);
/** P256 scalar multiplication.
*
* r = p * s
* r = [0,0] if p = [0,0] or s mod q = 0
*
* @param[out] r Output point.
* @param p Input point.
* @param s Scalar.
*
* @retval -1 If r = [0,0].
* @retval 0 If 0 < s < q.
* @retval 1 If s > q.
*/
int ocrypto_curve_p256_scalarmult(ocrypto_cp_p256 *r, const ocrypto_cp_p256 *p, const ocrypto_sc_p256 *s);
/** P256 scalar base multiplication.
*
* r = basePoint * s
* r = [0,0] if s mod q = 0
*
* @param[out] r Output point.
* @param s Scalar.
*
* @retval -1 If r = [0,0].
* @retval 0 If 0 < s < q.
* @retval 1 If s > q.
*/
int ocrypto_curve_p256_scalarmult_base(ocrypto_cp_p256 *r, const ocrypto_sc_p256 *s);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_CURVE_P256_H */
/** @} */

98
external/nrf_oberon/include/ocrypto_ecdh_p256.h vendored Normal file
View File

@@ -0,0 +1,98 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_ecdh ECDH APIs
* @ingroup nrf_oberon
* @{
* @brief APIs to do Elliptic Curve Diffie-Hellman using the NIST secp256r1 curve.
*/
#ifndef OCRYPTO_ECDH_P256_H
#define OCRYPTO_ECDH_P256_H
#ifdef __cplusplus
extern "C" {
#endif
#include <stdint.h>
/**
* ECDH P-256 public key generation `r = n * p`.
*
* Given a secret key @p s the corresponding public key is computed and put
* into @p r.
*
* @param[out] r Generated public key.
* @param s Secret key. Must be pre-filled with random data.
*
* @retval 0 If @p s is a valid secret key.
* @retval -1 Otherwise.
*
* @remark @p r may be same as @p s.
*/
int ocrypto_ecdh_p256_public_key(uint8_t r[64], const uint8_t s[32]);
/**
* ECDH P-256 common secret.
*
* The common secret is computed from both the client's public key @p p
* and the server's secret key @p s and put into @p r.
*
* @param[out] r Generated common secret.
* @param s Server private key.
* @param p Client public key.
*
* @retval 0 If @p s is a valid secret key and @p p is a valid public key.
* @retval -1 Otherwise.
*
* @remark @p r may be same as @p s or @p p.
*/
int ocrypto_ecdh_p256_common_secret(uint8_t r[32], const uint8_t s[32], const uint8_t p[64]);
#ifdef __cplusplus
}
#endif
#endif
/** @} */

157
external/nrf_oberon/include/ocrypto_ecdsa_p256.h vendored Normal file
View File

@@ -0,0 +1,157 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_ecdsa ECDSA APIs
* @ingroup nrf_oberon
* @{
* @brief Type declarations and APIs to do Elliptic Curve Digital Signature Algorith using the
* NIST secp256r1 curve.
*/
#ifndef OCRYPTO_ECDSA_P256_H
#define OCRYPTO_ECDSA_P256_H
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* ECDSA P-256 public key generation.
*
* Given a secret key @p sk the corresponding public key is computed and put
* into @p pk.
*
* @param[out] pk Generated public key.
* @param sk Secret key. Must be pre-filled with random data.
*
* @retval 0 If @p sk is a valid secret key.
* @retval -1 Otherwise.
*/
int ocrypto_ecdsa_p256_public_key(
uint8_t pk[64],
const uint8_t sk[32]);
/**
* ECDSA P-256 signature generation.
*
* The message @p m is signed using the secret key @p sk and the ephemeral
* session key @p ek. The signature is put into @p sig.
*
* @param[out] sig Generated signature.
* @param m Input message.
* @param mlen Length of @p m.
* @param sk Secret key.
* @param ek Ephemeral session key.
*
* @retval 0 If @p ek is a valid session key.
* @retval -1 Otherwise.
*/
int ocrypto_ecdsa_p256_sign(
uint8_t sig[64],
const uint8_t *m, size_t mlen,
const uint8_t sk[32],
const uint8_t ek[32]);
/**
* ECDSA P-256 signature generation from SHA256 hash.
*
* The message hash @p hash is signed using the secret key @p sk and the ephemeral
* session key @p ek. The signature is put into @p sig.
*
* @param[out] sig Generated signature.
* @param hash Input hash.
* @param sk Secret key.
* @param ek Ephemeral session key.
*
* @retval 0 If @p ek is a valid session key.
* @retval -1 Otherwise.
*/
int ocrypto_ecdsa_p256_sign_hash(
uint8_t sig[64],
const uint8_t hash[32],
const uint8_t sk[32],
const uint8_t ek[32]);
/**
* ECDSA P-256 signature verification.
*
* The signature @p sig of the input message @p m is verified using the signer's
* public key @p pk.
*
* @param sig Input signature.
* @param m Input message.
* @param mlen Length of @p m.
* @param pk Signer's public key.
*
* @retval 0 If the signature is valid.
* @retval -1 Otherwise.
*/
int ocrypto_ecdsa_p256_verify(
const uint8_t sig[64],
const uint8_t *m, size_t mlen,
const uint8_t pk[64]);
/**
* ECDSA P-256 signature verification from SHA256 hash.
*
* The signature @p sig of the message hash @p hash is verified using the signer's
* public key @p pk.
*
* @param sig Input signature.
* @param hash Input hash.
* @param pk Signer's public key.
*
* @retval 0 If the signature is valid.
* @retval -1 Otherwise.
*/
int ocrypto_ecdsa_p256_verify_hash(
const uint8_t sig[64],
const uint8_t hash[32],
const uint8_t pk[64]);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_ECDSA_P256_H */
/** @} */

171
external/nrf_oberon/include/ocrypto_ecjpake_p256.h vendored Normal file
View File

@@ -0,0 +1,171 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_ecjpake EC-JPAKE
* @ingroup nrf_oberon
* @{
* @brief Type declaration and APIs for EC-JPAKE.
*
*/
#ifndef OCRYPTO_ECJPAKE_P256_H
#define OCRYPTO_ECJPAKE_P256_H
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* EC-JPAKE-P256 public key and zero knowledge proof generation.
*
* @param[out] X Public key.
* @param[out] V ZKP ephemeral public key.
* @param[out] r ZKP signature.
* @param G Generator. May be NULL to use the default generator.
* @param x Secret key. 0 < x < group order.
* @param v ZKP ephemeral secret key. 0 < v < group order.
* @param id Identity of originator.
* @param id_len Identity length.
*
* @retval 0 If inputs are valid.
* @retval -1 Otherwise.
*/
int ocrypto_ecjpake_get_key(
uint8_t X[64],
uint8_t V[64],
uint8_t r[32],
const uint8_t G[64],
const uint8_t x[32],
const uint8_t v[32],
const char *id, size_t id_len);
/**
* EC-JPAKE-P256 zero knowledge proof verification.
*
* @param G Generator. May be NULL to use the default generator.
* @param X Public key.
* @param V ZKP ephemeral public key.
* @param r ZKP signature.
* @param id Identity of originator.
* @param id_len Identity length.
*
* @retval 0 If proof is valid.
* @retval -1 Otherwise.
*/
int ocrypto_ecjpake_verify_key(
const uint8_t G[64],
const uint8_t X[64],
const uint8_t V[64],
const uint8_t r[32],
const char *id, size_t id_len);
/**
* EC-JPAKE-P256 generator derivation.
*
* @param[out] G Generator.
* @param X1 Public key 1.
* @param X2 Public key 2.
* @param X3 Public key 3.
*
* @retval 0 If the generator is valid.
* @retval -1 Otherwise.
*/
int ocrypto_ecjpake_get_generator(
uint8_t G[64],
const uint8_t X1[64],
const uint8_t X2[64],
const uint8_t X3[64]);
/**
* EC-JPAKE-P256 read shared secret.
*
* @param[out] rs Reduced shared secret.
* @param secret Shared secret.
* @param secret_len Secret length.
*/
void ocrypto_ecjpake_read_shared_secret(
uint8_t rs[32],
const uint8_t *secret, size_t secret_len);
/**
* EC-JPAKE-P256 shared secret handling.
*
* @param[out] xs Client/server secret key.
* @param x2 Secret key 2.
* @param rs Reduced shared secret.
*
* @retval 0 If the derived secret key is valid.
* @retval -1 Otherwise.
*/
int ocrypto_ecjpake_process_shared_secret(
uint8_t xs[32],
const uint8_t x2[32],
const uint8_t rs[32]);
/**
* EC-JPAKE-P256 secret key generation.
*
* @param[out] secret Resulting premaster secret.
* @param Xr Remote client/server public key.
* @param X2 Remote public key 2.
* @param xs Client/server secret key.
* @param x2 Secret key 2.
*
* @retval 0 If the key is valid.
* @retval -1 Otherwise.
*/
int ocrypto_ecjpake_get_secret_key(
uint8_t secret[32],
const uint8_t Xr[64],
const uint8_t X2[64],
const uint8_t xs[32],
const uint8_t x2[32]);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_ECJPAKE_P256_H */
/** @} */

135
external/nrf_oberon/include/ocrypto_ed25519.h vendored Normal file
View File

@@ -0,0 +1,135 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_ed25519 Ed25519 APIs
* @ingroup nrf_oberon
* @{
* @brief Type declarations and APIs for the Ed25519 algorithm.
*
* Ed25519 is a specific implementation of EdDSA, a digital signature scheme.
* EdDSA is based on Twisted Edwards curves and is designed to be faster than
* existing digital signature schemes without sacrificing security. It was
* developed by Daniel J. Bernstein, et al. Ed25519 is intended to provide
* attack resistance comparable to quality 128-bit symmetric ciphers.
*
* @see [Ed25519: high-speed high-security signatures](https://ed25519.cr.yp.to)
*/
#ifndef OCRYPTO_ED25519_H
#define OCRYPTO_ED25519_H
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* Length of a public key.
*/
#define ocrypto_ed25519_PUBLIC_KEY_BYTES (32)
/**
* Length of a secret key.
*/
#define ocrypto_ed25519_SECRET_KEY_BYTES (32)
/**
* Length of a signature.
*/
#define ocrypto_ed25519_BYTES (64)
/**
* Ed25519 signature key pair generation.
*
* Given a secret key @p sk, the corresponding public key is computed and put
* into @p pk. The key pair can then be used to sign and verify message signatures.
*
* @param[out] pk Generated public key.
* @param sk Secret key. Must be pre-filled with random data.
*/
void ocrypto_ed25519_public_key(uint8_t pk[ocrypto_ed25519_PUBLIC_KEY_BYTES],
const uint8_t sk[ocrypto_ed25519_SECRET_KEY_BYTES]);
/**
* Ed25519 signature generate.
*
* The message @p m is signed using the secret key @p sk and the corresponding
* public key @p pk. The signature is put into @p sig.
*
* @param[out] sig Generated signature.
* @param m Input message.
* @param m_len Length of @p m.
* @param sk Secret key.
* @param pk Public key.
*/
void ocrypto_ed25519_sign(uint8_t sig[ocrypto_ed25519_BYTES],
const uint8_t *m, size_t m_len,
const uint8_t sk[ocrypto_ed25519_SECRET_KEY_BYTES],
const uint8_t pk[ocrypto_ed25519_PUBLIC_KEY_BYTES]);
/**
* Ed25519 signature verification.
*
* The signature @p sig of the input message @p m is verified using the signer's
* public key @p pk.
*
* @param sig Input signature.
* @param m Input message.
* @param m_len Length of @p m.
* @param pk Signer's public key.
*
* @retval 0 If the signature is valid.
* @retval -1 Otherwise.
*/
int ocrypto_ed25519_verify(const uint8_t sig[ocrypto_ed25519_BYTES],
const uint8_t *m, size_t m_len,
const uint8_t pk[ocrypto_ed25519_PUBLIC_KEY_BYTES]);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_ED25519_H */
/** @} */

100
external/nrf_oberon/include/ocrypto_hkdf_sha1.h vendored Normal file
View File

@@ -0,0 +1,100 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_hkdf_1 HKDF APIs using SHA-1
* @ingroup nrf_oberon_hkdf
* @{
* @brief Type declaration and APIs for the HKDF-SHA1 algorithm.
*
* HKDF-SHA1 is a key derivation function based on HMAC-SHA1.
*
* @see [RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF)](http://tools.ietf.org/html/rfc5869)
*/
#ifndef OCRYPTO_HKDF_SHA1_H
#define OCRYPTO_HKDF_SHA1_H
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* Maximum length of a derived key.
*/
#define ocrypto_hkdf_sha1_LENGTH_MAX (20)
/**
* Maximum salt length.
*/
#define ocrypto_hkdf_sha1_SALT_LENGTH_MAX (40)
/**
* HKDF-SHA1 algorithm.
*
* A new pseudo-random key of length @p r_len is derived from an input key
* @p key, a salt @p salt and additional information @p info. The new key is put
* into @p r.
*
* @param[out] r Output key.
* @param r_len Length of @p r, 0 < @p r_len <= @c ocrypto_hkdf_sha1_LENGTH_MAX.
* @param key Input key.
* @param key_len Length of @p key.
* @param salt Salt.
* @param salt_len Length of salt @p salt. 0 <= @p salt_len <= @c ocrypto_hkdf_sha1_SALT_LENGTH_MAX.
* @param info Additional information.
* @param info_len Length of @p info.
*/
void ocrypto_hkdf_sha1(
uint8_t* r, size_t r_len,
const uint8_t* key, size_t key_len,
const uint8_t* salt, size_t salt_len,
const uint8_t* info, size_t info_len);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_HKDF_SHA1_H */
/** @} */

107
external/nrf_oberon/include/ocrypto_hkdf_sha256.h vendored Normal file
View File

@@ -0,0 +1,107 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_hkdf HKDF - HMAC based Key Derivation Function
* @ingroup nrf_oberon
* @{
* @brief HKDF is a key derivation function based on HMAC Extract-and-Expand
* @}
*
* @defgroup nrf_oberon_hkdf_256 HKDF APIs using SHA-256
* @ingroup nrf_oberon_hkdf
* @{
* @brief Type declarations and APIs for the HKDF-SHA256 algorithm.
*
* HKDF-SHA256 is a key derivation function based on HMAC-SHA256.
*
* @see [RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF)](http://tools.ietf.org/html/rfc5869)
*/
#ifndef OCRYPTO_HKDF_SHA256_H
#define OCRYPTO_HKDF_SHA256_H
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* Maximum length of a derived key.
*/
#define ocrypto_hkdf_sha256_LENGTH_MAX (32)
/**
* Maximum salt length.
*/
#define ocrypto_hkdf_sha256_SALT_LENGTH_MAX (64)
/**
* HKDF-SHA256 algorithm.
*
* A new pseudo-random key of length @p r_len is derived from an input key
* @p key, a salt @p salt and additional information @p info. The new key is put
* into @p r.
*
* @param[out] r Output key.
* @param r_len Length of @p r, 0 < @p r_len <= @c ocrypto_hkdf_sha256_LENGTH_MAX.
* @param key Input key.
* @param key_len Length of @p key.
* @param salt Salt.
* @param salt_len Length of salt @p salt. 0 <= @p salt_len <= @c ocrypto_hkdf_sha256_SALT_LENGTH_MAX.
* @param info Additional information.
* @param info_len Length of @p info.
*/
void ocrypto_hkdf_sha256(
uint8_t* r, size_t r_len,
const uint8_t* key, size_t key_len,
const uint8_t* salt, size_t salt_len,
const uint8_t* info, size_t info_len);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_HKDF_SHA256_H */
/** @} */

101
external/nrf_oberon/include/ocrypto_hkdf_sha512.h vendored Normal file
View File

@@ -0,0 +1,101 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_hkdf_512 HKDF APIs using SHA-512
* @ingroup nrf_oberon_hkdf
* @{
* @brief Type declaration and APIs for the HKDF-SHA512 algorithm.
*
* HKDF-SHA512 is a key derivation function based on HMAC-SHA512.
*
* @see [RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF)](http://tools.ietf.org/html/rfc5869)
*/
#ifndef OCRYPTO_HKDF_SHA512_H
#define OCRYPTO_HKDF_SHA512_H
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* Maximum length of a derived key.
*/
#define ocrypto_hkdf_sha512_LENGTH_MAX (64)
/**
* Maximum salt length.
*/
#define ocrypto_hkdf_sha512_SALT_LENGTH_MAX (128)
/**
* HKDF-SHA512 algorithm.
*
* A new pseudo-random key of length @p r_len is derived from an input key
* @p key, a salt @p salt and additional information @p info. The new key is put
* into @p r.
*
* @param[out] r Output key.
* @param r_len Length of @p r, 0 < @p r_len <= @c ocrypto_hkdf_sha512_LENGTH_MAX.
* @param key Input key.
* @param key_len Length of @p key.
* @param salt Salt.
* @param salt_len Length of salt @p salt. 0 <= @p salt_len <= @c ocrypto_hkdf_sha512_SALT_LENGTH_MAX.
* @param info Additional information.
* @param info_len Length of @p info.
*/
void ocrypto_hkdf_sha512(
uint8_t* r, size_t r_len,
const uint8_t* key, size_t key_len,
const uint8_t* salt, size_t salt_len,
const uint8_t* info, size_t info_len);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_HKDF_SHA512_H */
/** @} */

118
external/nrf_oberon/include/ocrypto_hmac_sha1.h vendored Normal file
View File

@@ -0,0 +1,118 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_hmac_1 HMAC APIs using SHA-1
* @ingroup nrf_oberon_hmac
* @{
* @brief Type declarations and APIs for the HMAC-SHA1 algorithm.
*
* HMAC-SHA1 is an algorithm for message authentication using the
* cryptographic hash function SHA-1 and a reusable secret key. Users in
* possession of the key can verify the integrity and authenticity of the
* message.
*
* @see [RFC 2104 - HMAC: Keyed-Hashing for Message Authentication](http://tools.ietf.org/html/rfc2104)
*/
#ifndef OCRYPTO_HMAC_SHA1_H
#define OCRYPTO_HMAC_SHA1_H
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* Maximum key length.
*/
#define ocrypto_hmac_sha1_KEY_BYTES_MAX (64)
/**
* Length of the authenticator.
*/
#define ocrypto_hmac_sha1_BYTES (20)
/**
* HMAC-SHA1 algorithm.
*
* The input message @p in is authenticated using the key @p k. The computed
* authenticator is put into @p r. To verify the authenticator, the recipient
* needs to recompute the HMAC authenticator and can then compare it with the
* received authenticator.
*
* @param[out] r HMAC output.
* @param key HMAC key.
* @param key_len Length of @p key. 0 <= @p key_len <= @c ocrypto_hmac_sha1_KEY_BYTES_MAX.
* @param in Input data.
* @param in_len Length of @p in.
*/
void ocrypto_hmac_sha1(
uint8_t r[ocrypto_hmac_sha1_BYTES],
const uint8_t* key, size_t key_len,
const uint8_t* in, size_t in_len);
/**
* HMAC-SHA1 algorithm with AAD.
*
* @param[out] r HMAC output
* @param key HMAC key.
* @param key_len Length of @p key. 0 <= @p key_len <= @c ocrypto_hmac_sha1_KEY_BYTES_MAX.
* @param in Input data.
* @param in_len Length of @p in.
* @param aad Additional authentication data. May be NULL.
* @param aad_len Length of @p aad.
*/
void ocrypto_hmac_sha1_aad(
uint8_t r[20],
const uint8_t* key, size_t key_len,
const uint8_t* in, size_t in_len,
const uint8_t* aad, size_t aad_len);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_HMAC_SHA1_H */
/** @} */

174
external/nrf_oberon/include/ocrypto_hmac_sha256.h vendored Normal file
View File

@@ -0,0 +1,174 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_hmac HMAC - Hash-based Aessage Authentication Code
* @ingroup nrf_oberon
* @{
* @brief HMAC is a hash-based Message Authentication Code utilizing a secure hash function.
* @}
* @defgroup nrf_oberon_hmac_256 HMAC APIs using SHA-256
* @ingroup nrf_oberon_hmac
* @{
* @brief Type declarations and APIs for the HMAC-SHA256 algorithm.
*
* HMAC-SHA256 is an algorithm for message authentication using the
* cryptographic hash function SHA256 and a reusable secret key. Users in
* possession of the key can verify the integrity and authenticity of the
* message.
*
* @see [RFC 2104 - HMAC: Keyed-Hashing for Message Authentication](http://tools.ietf.org/html/rfc2104)
*/
#ifndef OCRYPTO_HMAC_SHA256_H
#define OCRYPTO_HMAC_SHA256_H
#include <stddef.h>
#include <stdint.h>
#include "include/ocrypto_sha256.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* Maximum key length.
*/
#define ocrypto_hmac_sha256_KEY_BYTES_MAX (64)
/**
* Length of the authenticator.
*/
#define ocrypto_hmac_sha256_BYTES (32)
/**@cond */
typedef struct
{
ocrypto_sha256_ctx hash_ctx;
uint8_t ikey[ocrypto_hmac_sha256_KEY_BYTES_MAX];
uint8_t okey[ocrypto_hmac_sha256_KEY_BYTES_MAX];
uint8_t key[ocrypto_hmac_sha256_KEY_BYTES_MAX];
} ocrypto_hmac_sha256_ctx;
/**@endcond */
/**@name Incremental HMAC-SHA256 generator.
*
* This group of functions can be used to incrementally compute HMAC-SHA256
* for a given message.
*/
/**@{*/
/**
* HMAC-SHA256 initialization.
*
* The generator state @p ctx is initialized by this function.
*
* @param[out] ctx Generator state.
* @param key HMAC key.
* @param key_len Length of @p key.
*/
void ocrypto_hmac_sha256_init(ocrypto_hmac_sha256_ctx * ctx,
const uint8_t* key, size_t key_len);
/**
* HMAC-SHA256 incremental data input.
*
* The generator state @p ctx is updated to hash a message chunk @p in.
*
* This function can be called repeatedly until the whole message is processed.
*
* @param[in,out] ctx Generator state.
* @param in Input data.
* @param in_len Length of @p in.
*
* @remark Initialization of the generator state @p ctx through
* @c ocrypto_hmac_sha256_init is required before this function can be called.
*/
void ocrypto_hmac_sha256_update(ocrypto_hmac_sha256_ctx * ctx,
const uint8_t* in, size_t in_len);
/**
* HMAC-SHA256 output.
*
* The generator state @p ctx is updated to finalize the HMAC calculation.
* The HMAC digest is put into @p r.
*
* @param[in,out] ctx Generator state.
* @param[out] r Generated HMAC digest.
*
* @remark Initialization of the generator state @p ctx through
* @c ocrypto_hmac_sha256_init is required before this function can be called.
*
* @remark After return, the generator state @p ctx must no longer be used with
* @c ocrypto_hmac_sha256_update and @c ocrypto_hmac_sha256_final unless it is
* reinitialized using @c ocrypto_hmac_sha256_init.
*/
void ocrypto_hmac_sha256_final(ocrypto_hmac_sha256_ctx * ctx,
uint8_t r[ocrypto_hmac_sha256_BYTES]);
/**@}*/
/**
* HMAC-SHA256 algorithm.
*
* The input message @p in is authenticated using the key @p k. The computed
* authenticator is put into @p r. To verify the authenticator, the recipient
* needs to recompute the HMAC authenticator and can then compare it with the
* received authenticator.
*
* @param[out] r HMAC output.
* @param key HMAC key.
* @param key_len Length of @p key. 0 <= @p key_len <= @c ocrypto_hmac_sha256_KEY_BYTES_MAX.
* @param in Input data.
* @param in_len Length of @p in.
*/
void ocrypto_hmac_sha256(
uint8_t r[ocrypto_hmac_sha256_BYTES],
const uint8_t* key, size_t key_len,
const uint8_t* in, size_t in_len);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_HMAC_SHA256_H */
/** @} */

169
external/nrf_oberon/include/ocrypto_hmac_sha512.h vendored Normal file
View File

@@ -0,0 +1,169 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_hmac_512 HMAC APIs using SHA-512
* @ingroup nrf_oberon_hmac
* @{
* @brief Type declarations and APIs for the HMAC-SHA512 algorithm.
*
* HMAC-SHA512 is an algorithm for message authentication using the
* cryptographic hash function SHA512 and a reusable secret key. Users in
* possession of the key can verify the integrity and authenticity of the
* message.
*
* @see [RFC 2104 - HMAC: Keyed-Hashing for Message Authentication](http://tools.ietf.org/html/rfc2104)
*/
#ifndef OCRYPTO_HMAC_SHA512_H
#define OCRYPTO_HMAC_SHA512_H
#include <stddef.h>
#include <stdint.h>
#include "include/ocrypto_sha512.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* Maximum key length.
*/
#define ocrypto_hmac_sha512_KEY_BYTES_MAX (128)
/**
* Length of the authenticator.
*/
#define ocrypto_hmac_sha512_BYTES (64)
/**@cond */
typedef struct
{
ocrypto_sha512_ctx hash_ctx;
uint8_t ikey[ocrypto_hmac_sha512_KEY_BYTES_MAX];
uint8_t okey[ocrypto_hmac_sha512_KEY_BYTES_MAX];
uint8_t key[ocrypto_hmac_sha512_KEY_BYTES_MAX];
} ocrypto_hmac_sha512_ctx;
/**@endcond */
/**@name Incremental HMAC-SHA512 generator.
*
* This group of functions can be used to incrementally compute HMAC-SHA512
* for a given message.
*/
/**@{*/
/**
* HMAC-SHA512 initialization.
*
* The generator state @p ctx is initialized by this function.
*
* @param[out] ctx Generator state.
* @param key HMAC key.
* @param key_len Length of @p key.
*/
void ocrypto_hmac_sha512_init(ocrypto_hmac_sha512_ctx * ctx,
const uint8_t* key, size_t key_len);
/**
* HMAC-SHA512 incremental data input.
*
* The generator state @p ctx is updated to hash a message chunk @p in.
*
* This function can be called repeatedly until the whole message is processed.
*
* @param[in,out] ctx Generator state.
* @param in Input data.
* @param in_len Length of @p in.
*
* @remark Initialization of the generator state @p ctx through
* @c ocrypto_hmac_sha512_init is required before this function can be called.
*/
void ocrypto_hmac_sha512_update(ocrypto_hmac_sha512_ctx * ctx,
const uint8_t* in, size_t in_len);
/**
* HMAC-SHA512 output.
*
* The generator state @p ctx is updated to finalize the HMAC calculation.
* The HMAC digest is put into @p r.
*
* @param[in,out] ctx Generator state.
* @param[out] r Generated HMAC digest.
*
* @remark Initialization of the generator state @p ctx through
* @c ocrypto_hmac_sha512_init is required before this function can be called.
*
* @remark After return, the generator state @p ctx must no longer be used with
* @c ocrypto_hmac_sha512_update and @c ocrypto_hmac_sha512_final unless it is
* reinitialized using @c ocrypto_hmac_sha512_init.
*/
void ocrypto_hmac_sha512_final(ocrypto_hmac_sha512_ctx * ctx,
uint8_t r[ocrypto_hmac_sha512_BYTES]);
/**@}*/
/**
* HMAC-SHA512 algorithm.
*
* The input message @p in is authenticated using the key @p k. The computed
* authenticator is put into @p r. To verify the authenticator, the recipient
* needs to recompute the HMAC authenticator and can then compare it with the
* received authenticator.
*
* @param[out] r HMAC output.
* @param key HMAC key.
* @param key_len Length of @p key. 0 <= @p key_len <= @c ocrypto_hmac_sha512_KEY_BYTES_MAX.
* @param in Input data.
* @param in_len Length of @p in.
*/
void ocrypto_hmac_sha512(
uint8_t r[ocrypto_hmac_sha512_BYTES],
const uint8_t* key, size_t key_len,
const uint8_t* in, size_t in_len);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_HMAC_SHA512_H */
/** @} */

176
external/nrf_oberon/include/ocrypto_poly1305.h vendored Normal file
View File

@@ -0,0 +1,176 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_poly1305 Poly1305 APIs
* @ingroup nrf_oberon_chacha_poly
@{
* @brief Type declaration and APIs for the Poly1035 algorithm.
*
* Poly1305 is a message authentication code created by Daniel J.
* Bernstein. It can be used to verify the data integrity and the
* authenticity of a message.
*
* Poly1305 takes a one-time key to produce an authentication tag for a message.
* Since a key can only be used to authenticate a single message, a new key
* needs to be derived for each message.
*
* @see [RFC 7539 - ChaCha20 and Poly1305 for IETF Protocols](http://tools.ietf.org/html/rfc7539)
* @see [Poly1305-AES: a state-of-the-art message-authentication code](http://cr.yp.to/mac.html)
*/
#ifndef OCRYPTO_POLY1305_H
#define OCRYPTO_POLY1305_H
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* Key length.
*/
#define ocrypto_poly1305_KEY_BYTES (32)
/**
* Authenticator length.
*/
#define ocrypto_poly1305_BYTES (16)
/**@cond */
typedef struct {
uint32_t h[5];
} ocrypto_poly1305_ctx;
/**@endcond */
/**@name Incremental Poly1305 generator.
*
* This group of functions can be used to incrementally compute the Poly1305
* authenticator for a given message and key.
*/
/**@{*/
/**
* Poly1305 generator initialize.
*
* The generator state @p ctx is initialized by this function.
*
* @param[out] ctx Generator state.
*/
void ocrypto_poly1305_init(ocrypto_poly1305_ctx *ctx);
/**
* Poly1305 generator.
*
* The generator state @p ctx is updated to authenticate a message chunk @p in
* with a key @p k.
*
* This function can be called repeatedly until the whole message has been
* processed.
*
* @param ctx Generator state.
* @param in Input data.
* @param in_len Length of @p in.
* @param k Encryption key.
*
* @remark Initialization of the generator state @p ctx through
* @c ocrypto_poly1305_init is required before this function can be called.
*
* @remark The same key @p k needs to be supplied for all message chunks.
*/
void ocrypto_poly1305_update(
ocrypto_poly1305_ctx *ctx,
const uint8_t *in, size_t in_len,
const uint8_t k[ocrypto_poly1305_KEY_BYTES]);
/**
* Poly1305 generator output.
*
* The generator state @p ctx is updated to finalize the authenticator for the
* previously processed message chunks with key @p k. The authentication tag is
* put into @p r.
*
* @param ctx Generator state.
* @param[out] r Generated authentication tag.
* @param k Encryption key.
*
* @remark Initialization of the generator state @p ctx through
* @c ocrypto_poly1305_init is required before this function can be called.
*
* @remark The same key @p k needs to be supplied that was used in previous
* @c ocrypto_poly1305_update invocations.
*
* @remark After return, the generator state @p ctx must no longer be used with
* @c ocrypto_poly1305_update and @c ocrypto_poly1305_final unless it is
* reinitialized using @c ocrypto_poly1305_init.
*/
void ocrypto_poly1305_final(
ocrypto_poly1305_ctx *ctx,
uint8_t r[ocrypto_poly1305_BYTES],
const uint8_t k[ocrypto_poly1305_KEY_BYTES]);
/**@}*/
/**
* Poly1305 message authentication tag.
*
* The Poly1305 authentication of a given input message @p in is computed and
* put into @p r.
*
* @param[out] r Generated authentication tag.
* @param in Input data.
* @param in_len Length of @p in.
* @param k Encryption key.
*/
void ocrypto_poly1305(
uint8_t r[ocrypto_poly1305_BYTES],
const uint8_t *in, size_t in_len,
const uint8_t k[ocrypto_poly1305_KEY_BYTES]);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_POLY1305_H */
/**@}*/

642
external/nrf_oberon/include/ocrypto_rsa.h vendored Normal file
View File

@@ -0,0 +1,642 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_rsa RSA - Rivest-Shamir-Adleman algorithm
* @ingroup nrf_oberon
* @{
* @brief RSA is a number theoretic public-key encryption and signature algorithm.
* @}
* @defgroup nrf_oberon_rsa_api RSA APIs
* @ingroup nrf_oberon_rsa
* @{
* @brief APIs to for RSA encryption/decryption and sign/verify using PKCS1 v1.5, OEAP and PSS.
*
* These functions support RSA encryption and signatures with 1024 and 2048-bit
* modulo and PKCS1 V1.5 padding.
*/
#ifndef OCRYPTO_RSA_H
#define OCRYPTO_RSA_H
#include <stddef.h>
#include <stdint.h>
#include "ocrypto_rsa_key.h"
#ifdef __cplusplus
extern "C" {
#endif
/**@name 1024-bit RSA Functions.
*
* This group of functions is used for 1024-bit RSA.
*/
/**@{*/
/**
* 1024 bit RSA PKCS1 V1.5 encryption.
*
* The message @p m is encrypted to a ciphertext returned in @p c.
*
* @param[out] c The generated 128-byte ciphertext.
* @param m The message to be encrypted.
* @param mlen Length of @p m. 0 <= mlen <= 117.
* @param seed The random seed to be used for the padding.
* @param slen Length of @p seed. @p slen >= 125 - @p mlen.
* @param pk A valid 1024-bit RSA public key.
*
* @retval -1 If the message is too long (mlen > 117).
* @retval -2 If the seed is too short (slen < 125 - mlen).
* @retval 0 Otherwise.
*
* @remark The key @p pk should be initialized with @c ocrypto_rsa1024_init_pub_key.
* @remark The @p seed should consist of non-zero random bytes.
* @remark @p c and @p m can point to the same address.
*/
int ocrypto_rsa1024_pkcs1_v15_encrypt(
uint8_t c[128],
const uint8_t *m, size_t mlen,
const uint8_t *seed, size_t slen,
const ocrypto_rsa1024_pub_key *pk);
/**
* 1024-bit RSA PKCS1 V1.5 decryption.
*
* The ciphertext @p c is decrypted to the message returned in @p m.
*
* @param[out] m The decrypted message. The buffer must be long enough to hold the message.
* @param mlen Length of @p m.
* @param c The 128-byte ciphertext to decrypt.
* @param k A valid 1024-bit RSA secret key.
*
* @retval -1 If decryption failed.
* @retval -2 If the output buffer is too short (mlen < length of message).
* @retval n If a message of length n was successfully decrypted.
*
* @remark The key @p k should be initialized with @c ocrypto_rsa1024_init_key.
* @remark @p m and @p c can point to the same address.
*/
int ocrypto_rsa1024_pkcs1_v15_decrypt(
uint8_t *m, size_t mlen,
const uint8_t c[128],
const ocrypto_rsa1024_key *k);
/**
* 1024-bit RSA PKCS1 V1.5 decryption with CRT acceleration.
*
* The ciphertext @p c is decrypted to the message returned in @p m.
*
* @param[out] m The decrypted message. The buffer must be long enough to hold the message.
* @param mlen Length of @p m.
* @param c The 128-byte ciphertext to decrypt.
* @param k A valid 1024-bit RSA secret key with CRT coefficients.
*
* @retval -1 If decryption failed.
* @retval -2 If the output buffer is too short (mlen < length of message).
* @retval n If a message of length n was successfully decrypted.
*
* @remark The key @p k should be initialized with @c ocrypto_rsa1024_init_crt_key.
* @remark @p m and @p c can point to the same address.
*/
int ocrypto_rsa1024_pkcs1_v15_crt_decrypt(
uint8_t *m, size_t mlen,
const uint8_t c[128],
const ocrypto_rsa1024_crt_key *k);
/**
* 1024-bit RSA OAEP SHA256 encryption.
*
* The message @p m is encrypted to a ciphertext returned in @p c.
*
* @param[out] c The generated 128-byte ciphertext.
* @param m The message to be encrypted.
* @param mlen Length of @p m. 0 <= mlen <= 62.
* @param label The label associated with the message.
* @param llen Length of @p label. May be 0.
* @param seed 32-byte random seed.
* @param pk A valid 1024-bit RSA public key.
*
* @retval -1 If the message is too long (mlen > 62).
* @retval 0 Otherwise.
*
* @remark The key @p pk should be initialized with @c ocrypto_rsa1024_init_pub_key.
* @remark @p c and @p m can point to the same address.
*/
int ocrypto_rsa1024_oaep_sha256_encrypt(
uint8_t c[128],
const uint8_t *m, size_t mlen,
const uint8_t *label, size_t llen,
const uint8_t seed[32],
const ocrypto_rsa1024_pub_key *pk);
/**
* 1024-bit RSA OAEP SHA256 decryption.
*
* The ciphertext @p c is decrypted to the message returned in @p m.
*
* @param[out] m The decrypted message. The buffer must be long enough to hold the message.
* @param mlen Length of @p m.
* @param c The 128-byte ciphertext to decrypt.
* @param label The label associated with the message.
* @param llen Length of @p label. May be 0.
* @param k A valid 1024-bit RSA secret key.
*
* @retval -1 If decryption failed.
* @retval -2 If the output buffer is too short (mlen < length of message).
* @retval n If a message of length n was successfully decrypted.
*
* @remark The key @p k should be initialized with @c ocrypto_rsa1024_init_key.
* @remark @p m and @p c can point to the same address.
*/
int ocrypto_rsa1024_oaep_sha256_decrypt(
uint8_t *m, size_t mlen,
const uint8_t c[128],
const uint8_t *label, size_t llen,
const ocrypto_rsa1024_key *k);
/**
* 1024-bit RSA OAEP SHA256 decryption with CRT acceleration.
*
* The ciphertext @p c is decrypted to the message returned in @p m.
*
* @param[out] m The decrypted message. The buffer must be long enough to hold the message.
* @param mlen Length of @p m.
* @param c The 128-byte ciphertext to decrypt.
* @param label The label associated with the message.
* @param llen Length of @p label. May be 0.
* @param k A valid 1024-bit RSA secret key with CRT coefficients.
*
* @retval -1 If decryption failed.
* @retval -2 If the output buffer is too short (mlen < length of message).
* @retval n If a message of length n was successfully decrypted.
*
* @remark The key @p k should be initialized with @c ocrypto_rsa1024_init_crt_key.
* @remark @p m and @p c can point to the same address.
*/
int ocrypto_rsa1024_oaep_sha256_crt_decrypt(
uint8_t *m, size_t mlen,
const uint8_t c[128],
const uint8_t *label, size_t llen,
const ocrypto_rsa1024_crt_key *k);
/**
* 1024-bit RSA PKCS1 V1.5 SHA-256 sign.
*
* The message @p m is signed and the signature returned in @p s.
*
* @param[out] s The generated 128-byte signature.
* @param m The message to be signed.
* @param mlen Length of @p m.
* @param k A valid 1024-bit RSA secret key.
*
* @return 0
*
* @remark The key @p k should be initialized with @c ocrypto_rsa1024_init_key.
* @remark @p s and @p m can point to the same address.
*/
int ocrypto_rsa1024_pkcs1_v15_sha256_sign(
uint8_t s[128],
const uint8_t *m, size_t mlen,
const ocrypto_rsa1024_key *k);
/**
* 1024-bit RSA PKCS1 V1.5 SHA-256 sign with CRT acceleration.
*
* The message @p m is signed and the signature returned in @p s.
*
* @param[out] s The generated 128-byte signature.
* @param m The message to be signed.
* @param mlen Length of @p m.
* @param k A valid 1024-bit RSA secret key with CRT coefficients.
*
* @return 0
*
* @remark The key @p k should be initialized with @c ocrypto_rsa1024_init_crt_key.
* @remark @p s and @p m can point to the same address.
*/
int ocrypto_rsa1024_pkcs1_v15_sha256_crt_sign(
uint8_t s[128],
const uint8_t *m, size_t mlen,
const ocrypto_rsa1024_crt_key *k);
/**
* 1024-bit RSA PKCS1 V1.5 SHA-256 signature verify.
*
* The signature @p s is verified for a valid signature of message @p m.
*
* @param s The 128-byte signature.
* @param m The signed message.
* @param mlen Length of @p m.
* @param pk A valid 1024-bit RSA public key.
*
* @retval 0 If the signature is valid.
* @retval -1 If verification failed.
*
* @remark The key @p pk should be initialized with @c ocrypto_rsa1024_init_pub_key.
*/
int ocrypto_rsa1024_pkcs1_v15_sha256_verify(
const uint8_t s[128],
const uint8_t *m, size_t mlen,
const ocrypto_rsa1024_pub_key *pk);
/**
* 1024-bit RSA PSS SHA-256 sign.
*
* The message @p m is signed and the signature returned in @p s.
*
* @param[out] s The generated 128-byte signature.
* @param m The message to be signed.
* @param mlen Length of @p m.
* @param salt The salt to be used.
* @param slen Length of @p salt.
* @param k A valid 1024-bit RSA secret key.
*
* @retval -2 If the salt is too long.
* @retval 0 Otherwise.
*
* @remark The key @p k should be initialized with @c ocrypto_rsa1024_init_key.
* @remark @p s and @p m can point to the same address.
*/
int ocrypto_rsa1024_pss_sha256_sign(
uint8_t s[128],
const uint8_t *m, size_t mlen,
const uint8_t *salt, size_t slen,
const ocrypto_rsa1024_key *k);
/**
* 1024-bit RSA PSS SHA-256 sign with CRT acceleration.
*
* The message @p m is signed and the signature returned in @p s.
*
* @param[out] s The generated 128-byte signature.
* @param m The message to be signed.
* @param mlen Length of @p m.
* @param salt The salt to be used.
* @param slen Length of @p salt.
* @param k A valid 1024-bit RSA secret key with CRT coefficients.
*
* @retval -2 If the salt is too long.
* @retval 0 Otherwise.
*
* @remark The key @p k should be initialized with @c ocrypto_rsa1024_init_crt_key.
* @remark @p s and @p m can point to the same address.
*/
int ocrypto_rsa1024_pss_sha256_crt_sign(
uint8_t s[128],
const uint8_t *m, size_t mlen,
const uint8_t *salt, size_t slen,
const ocrypto_rsa1024_crt_key *k);
/**
* 1024-bit RSA PSS SHA-256 signature verify.
*
* The signature @p s is verified for a valid signature of message @p m.
*
* @param s The 128-byte signature.
* @param m The signed message.
* @param mlen Length of @p m.
* @param slen The length of the salt.
* @param pk A valid 1024-bit RSA public key.
*
* @retval 0 If the signature is valid.
* @retval -1 If verification failed.
* @retval -2 If the salt is too long.
*
* @remark The key @p pk should be initialized with @c ocrypto_rsa1024_init_pub_key.
*/
int ocrypto_rsa1024_pss_sha256_verify(
const uint8_t s[128],
const uint8_t *m, size_t mlen,
size_t slen, // salt length
const ocrypto_rsa1024_pub_key *pk);
/**@}*/
/**@name 2048-bit RSA Functions.
*
* This group of functions is used for 2048-bit RSA.
*/
/**@{*/
/**
* 2048-bit RSA PKCS1 V1.5 encryption.
*
* The message @p m is encrypted to a ciphertext returned in @p c.
*
* @param[out] c The generated 256-byte ciphertext.
* @param m The message to be encrypted.
* @param mlen Length of @p m. 0 <= @p mlen <= 245.
* @param seed The random seed to be used for the padding.
* @param slen Length of @p seed. @p slen >= 253 - @p mlen.
* @param pk A valid 2048-bit RSA public key.
*
* @retval -1 If the message is too long (mlen > 245).
* @retval -2 If the seed is too short (slen < 253 - mlen).
* @retval 0 Otherwise.
*
* @remark The key @p pk should be initialized with @c ocrypto_rsa2048_init_pub_key.
* @remark The @p seed should consist of non-zero random bytes.
* @remark @p c and @p m can point to the same address.
*/
int ocrypto_rsa2048_pkcs1_v15_encrypt(
uint8_t c[256],
const uint8_t *m, size_t mlen,
const uint8_t *seed, size_t slen,
const ocrypto_rsa2048_pub_key *pk);
/**
* 2048-bit RSA PKCS1 V1.5 decryption.
*
* The ciphertext @p c is decrypted to the message returned in @p m.
*
* @param[out] m The decrypted message. The buffer must be long enough to hold the message.
* @param mlen Length of @p m.
* @param c The 256-byte ciphertext to decrypt.
* @param k A valid 2048-bit RSA secret key.
* @retval -1 If decryption failed.
* @retval -2 If the output buffer is too short (mlen < length of message).
* @retval n If a message of length n was successfully decrypted.
*
* @remark The key @p k should be initialized with @c ocrypto_rsa2048_init_key.
* @remark @p m and @p c can point to the same address.
*/
int ocrypto_rsa2048_pkcs1_v15_decrypt(
uint8_t *m, size_t mlen,
const uint8_t c[256],
const ocrypto_rsa2048_key *k);
/**
* 2048-bit RSA PKCS1 V1.5 decryption with CRT acceleration.
*
* The ciphertext @p c is decrypted to the message returned in @p m.
*
* @param[out] m The decrypted message. The buffer must be long enough to hold the message.
* @param mlen Length of @p m.
* @param c The 256-byte ciphertext to decrypt.
* @param k A valid 2048-bit RSA secret key with CRT coefficients.
* @retval -1 If decryption failed.
* @retval -2 If the output buffer is too short (mlen < length of message).
* @retval n If a message of length n was successfully decrypted.
*
* @remark The key @p k should be initialized with @c ocrypto_rsa2048_init_crt_key.
* @remark @p m and @p c can point to the same address.
*/
int ocrypto_rsa2048_pkcs1_v15_crt_decrypt(
uint8_t *m, size_t mlen,
const uint8_t c[256],
const ocrypto_rsa2048_crt_key *k);
/**
* 2048-bit RSA OAEP SHA256 encryption.
*
* The message @p m is encrypted to a ciphertext returned in @p c.
*
* @param[out] c The generated 256-byte ciphertext.
* @param m The message to be encrypted.
* @param mlen Length of @p m. 0 <= mlen <= 190.
* @param label The label associated with the message.
* @param llen Length of @p label. May be 0.
* @param seed 32-byte random seed.
* @param pk A valid 2048-bit RSA public key.
*
* @retval -1 If the message is too long (mlen > 190).
* @retval 0 Otherwise.
*
* @remark The key @p pk should be initialized with @c ocrypto_rsa2048_init_pub_key.
* @remark @p c and @p m can point to the same address.
*/
int ocrypto_rsa2048_oaep_sha256_encrypt(
uint8_t c[256],
const uint8_t *m, size_t mlen,
const uint8_t *label, size_t llen,
const uint8_t seed[32],
const ocrypto_rsa2048_pub_key *pk);
/**
* 2048-bit RSA OAEP SHA256 decryption.
*
* The ciphertext @p c is decrypted to the message returned in @p m.
*
* @param[out] m The decrypted message. The buffer must be long enough to hold the message.
* @param mlen Length of @p m.
* @param c The 256-byte ciphertext to decrypt.
* @param label The label associated with the message.
* @param llen Length of @p label. May be 0.
* @param k A valid 2048-bit RSA secret key.
*
* @retval -1 If decryption failed.
* @retval -2 If the output buffer is too short (mlen < length of message).
* @retval n If a message of length n was successfully decrypted.
*
* @remark The key @p k should be initialized with @c ocrypto_rsa2048_init_key.
* @remark @p m and @p c can point to the same address.
*/
int ocrypto_rsa2048_oaep_sha256_decrypt(
uint8_t *m, size_t mlen,
const uint8_t c[256],
const uint8_t *label, size_t llen,
const ocrypto_rsa2048_key *k);
/**
* 2048-bit RSA OAEP SHA256 decryption with CRT acceleration.
*
* The ciphertext @p c is decrypted to the message returned in @p m.
*
* @param[out] m The decrypted message. The buffer must be long enough to hold the message.
* @param mlen Length of @p m.
* @param c The 256-byte ciphertext to decrypt.
* @param label The label associated with the message.
* @param llen Length of @p label. May be 0.
* @param k A valid 2048-bit RSA secret key with CRT coefficients.
*
* @retval -1 If decryption failed.
* @retval -2 If the output buffer is too short (mlen < length of message).
* @retval n If a message of length n was successfully decrypted.
*
* @remark The key @p k should be initialized with @c ocrypto_rsa2048_init_crt_key.
* @remark @p m and @p c can point to the same address.
*/
int ocrypto_rsa2048_oaep_sha256_crt_decrypt(
uint8_t *m, size_t mlen,
const uint8_t c[256],
const uint8_t *label, size_t llen,
const ocrypto_rsa2048_crt_key *k);
/**
* 2048-bit RSA PKCS1 V1.5 SHA-256 sign.
*
* The message @p m is signed and the signature returned in @p s.
*
* @param[out] s The generated 256-byte signature.
* @param m The message to be signed.
* @param mlen Length of @p m.
* @param k A valid 2048-bit RSA secret key.
* @returns 0
*
* @remark The key @p k should be initialized with @c ocrypto_rsa2048_init_key.
* @remark @p s and @p m can point to the same address.
*/
int ocrypto_rsa2048_pkcs1_v15_sha256_sign(
uint8_t s[256],
const uint8_t *m, size_t mlen,
const ocrypto_rsa2048_key *k);
/**
* 2048-bit RSA PKCS1 V1.5 SHA-256 sign with CRT acceleration.
*
* The message @p m is signed and the signature returned in @p s.
*
* @param[out] s The generated 256-byte signature.
* @param m The message to be signed.
* @param mlen Length of @p m.
* @param k A valid 2048-bit RSA secret key with CRT coefficients.
* @returns 0
*
* @remark The key @p k should be initialized with @c ocrypto_rsa2048_init_crt_key.
* @remark @p s and @p m can point to the same address.
*/
int ocrypto_rsa2048_pkcs1_v15_sha256_crt_sign(
uint8_t s[256],
const uint8_t *m, size_t mlen,
const ocrypto_rsa2048_crt_key *k);
/**
* 2048-bit RSA PKCS1 V1.5 SHA-256 signature verify.
*
* The signature @p s is verified for a correct signature of message @p m.
*
* @param s The 256-byte signature.
* @param m The signed message.
* @param mlen Length of @p m.
* @param pk A valid 2048-bit RSA public key.
*
* @retval 0 If the signature is valid.
* @retval -1 If verification failed.
*
* @remark The key @p pk should be initialized with @c ocrypto_rsa2048_init_pub_key.
*/
int ocrypto_rsa2048_pkcs1_v15_sha256_verify(
const uint8_t s[256],
const uint8_t *m, size_t mlen,
const ocrypto_rsa2048_pub_key *pk);
/**
* 2048-bit RSA PSS SHA-256 sign.
*
* The message @p m is signed and the signature returned in @p s.
*
* @param[out] s The generated 256-byte signature.
* @param m The message to be signed.
* @param mlen Length of @p m.
* @param salt The salt to be used.
* @param slen Length of @p salt.
* @param k A valid 2048-bit RSA secret key.
*
* @retval -2 If the salt is too long.
* @retval 0 Otherwise.
*
* @remark The key @p k should be initialized with @c ocrypto_rsa2048_init_key.
* @remark @p s and @p m can point to the same address.
*/
int ocrypto_rsa2048_pss_sha256_sign(
uint8_t s[256],
const uint8_t *m, size_t mlen,
const uint8_t *salt, size_t slen,
const ocrypto_rsa2048_key *k);
/**
* 2048-bit RSA PSS SHA-256 sign with CRT acceleration.
*
* The message @p m is signed and the signature returned in @p s.
*
* @param[out] s The generated 256-byte signature.
* @param m The message to be signed.
* @param mlen Length of @p m.
* @param salt The salt to be used.
* @param slen Length of @p salt.
* @param k A valid 2048-bit RSA secret key with CRT coefficients.
*
* @retval -2 If the salt is too long.
* @retval 0 Otherwise.
*
* @remark The key @p k should be initialized with @c ocrypto_rsa2048_init_crt_key.
* @remark @p s and @p m can point to the same address.
*/
int ocrypto_rsa2048_pss_sha256_crt_sign(
uint8_t s[256],
const uint8_t *m, size_t mlen,
const uint8_t *salt, size_t slen,
const ocrypto_rsa2048_crt_key *k);
/**
* 2048-bit RSA PSS SHA-256 signature verify.
*
* The signature @p s is verified for a valid signature of message @p m.
*
* @param s The 256-byte signature.
* @param m The signed message.
* @param mlen Length of @p m.
* @param slen The length of the salt.
* @param pk A valid 2048-bit RSA public key.
*
* @retval 0 If the signature is valid.
* @retval -1 If verification failed.
* @retval -2 If the salt is too long.
*
* @remark The key @p pk should be initialized with @c ocrypto_rsa2048_init_pub_key.
*/
int ocrypto_rsa2048_pss_sha256_verify(
const uint8_t s[256],
const uint8_t *m, size_t mlen,
size_t slen, // salt length
const ocrypto_rsa2048_pub_key *pk);
/**@}*/
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_RSA_H */
/** @} */

280
external/nrf_oberon/include/ocrypto_rsa_key.h vendored Normal file
View File

@@ -0,0 +1,280 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_rsa_key RSA key APIs
* @ingroup nrf_oberon_rsa
* @{
* @brief Type declarations for RSA APIs.
*
* RSA is a number theoretic public-key encryption and signature algorithm.
*
* These functions support the setup of 1024 and 2048 RSA secret and public keys.
*/
#ifndef OCRYPTO_RSA_KEY_H
#define OCRYPTO_RSA_KEY_H
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* The Public RSA Exponent.
*/
#define PUB_EXP 65537 // 2^16 + 1
/**@name 1024-bit RSA Keys
*
* This group of keys is used for 1024-bit RSA.
*/
/**@{*/
/**
* 1024-bit RSA public key.
*/
typedef struct {
/**@cond */
uint32_t n[32];
// e = 65537
/**@endcond */
} ocrypto_rsa1024_pub_key;
/**
* 1024 bit RSA secret key.
*/
typedef struct {
/**@cond */
uint32_t n[32];
uint32_t d[32]; // x^(e*d) mod n == x
/**@endcond */
} ocrypto_rsa1024_key;
/**
* 1024-bit RSA secret key with CRT coefficients.
*/
typedef struct {
/**@cond */
uint32_t n[32];
uint32_t p[16], q[16]; // primes, p*q = n
uint32_t dp[16], dq[16]; // d mod (p-1), d mod (q-1)
uint32_t qinv[16]; // 1/q mod p
/**@endcond */
} ocrypto_rsa1024_crt_key;
/**@}*/
/**@name 2048-bit RSA Keys
*
* This group of keys is used for 2048-bit RSA.
*/
/**@{*/
/**
* 2048-bit RSA public key.
*/
typedef struct {
/**@cond */
uint32_t n[64];
// e = 65537
/**@endcond */
} ocrypto_rsa2048_pub_key;
/**
* 2048-bit RSA secret key.
*/
typedef struct {
/**@cond */
uint32_t n[64];
uint32_t d[64]; // x^(e*d) mod n == x
/**@endcond */
} ocrypto_rsa2048_key;
/**
* 2048-bit RSA secret key with CRT coefficients.
*/
typedef struct {
/**@cond */
uint32_t n[64];
uint32_t p[32], q[32]; // primes, p*q = n
uint32_t dp[32], dq[32]; // d mod (p-1), d mod (q-1)
uint32_t qinv[32]; // 1/q mod p
/**@endcond */
} ocrypto_rsa2048_crt_key;
/**@}*/
/**@name 1024-bit RSA key setup
*
* This group of functions is used for 1024-bit RSA key setup.
*/
/**@{*/
/**
* 1024-bit RSA public key setup.
*
* @param[out] k The initialized public key.
* @param n The RSA modulus. Must be exactly 1024 bits.
* @param nlen Length of @p n.
*
* @retval -1 If the input length is invalid.
* @retval 0 Otherwise.
*
* @remark The public exponent is fixed at 65537.
*/
int ocrypto_rsa1024_init_pub_key(
ocrypto_rsa1024_pub_key *k,
const uint8_t *n, size_t nlen);
/**
* 1024-bit RSA secret key setup.
*
* @param[out] k The initialized public key.
* @param n The RSA modulus. Must be exactly 1024 bits.
* @param nlen Length of @p n.
* @param d The secret exponent. Must be <= 1024 bits.
* @param dlen Length of @p d.
*
* @retval -1 If the input length is invalid.
* @retval 0 Otherwise.
*/
int ocrypto_rsa1024_init_key(
ocrypto_rsa1024_key *k,
const uint8_t *n, size_t nlen,
const uint8_t *d, size_t dlen);
/**
* 1024-bit RSA secret key setup with CRT coefficients.
*
* @param[out] k The initialized secret key.
* @param p The 1. RSA prime. Must be exactly 512 bits.
* @param plen Length of @p p.
* @param q The 2. RSA prime. Must be exactly 512 bits.
* @param qlen Length of @p q.
* @param dp The 1. CRT exponent. dp = d mod (p-1).
* @param dplen Length of @p dp.
* @param dq The 2. CRT exponent. dq = d mod (q-1).
* @param dqlen Length of @p dq.
* @param qinv The CRT coefficient. qinv = 1/q mod p.
* @param qilen Length of @p qinv.
*
* @retval -1 If the input length is invalid.
* @retval 0 Otherwise.
*/
int ocrypto_rsa1024_init_crt_key(
ocrypto_rsa1024_crt_key *k,
const uint8_t *p, size_t plen,
const uint8_t *q, size_t qlen,
const uint8_t *dp, size_t dplen,
const uint8_t *dq, size_t dqlen,
const uint8_t *qinv, size_t qilen);
/**@}*/
/**@name 2048-bit RSA key setup
*
* This group of functions is used for 2048-bit RSA key setup.
*/
/**@{*/
/**
* 2048-bit RSA public key setup.
*
* @param[out] k The initialized public key.
* @param n The RSA modulus. Must be exactly 2048 bits.
* @param nlen Length of @p n.
*
* @retval -1 If the input length is invalid.
* @retval 0 Otherwise.
*
* @remark The public exponent is fixed at 65537.
*/
int ocrypto_rsa2048_init_pub_key(
ocrypto_rsa2048_pub_key *k,
const uint8_t *n, size_t nlen);
/**
* 2048-bit RSA secret key setup.
*
* @param[out] k The initialized public key.
* @param n The RSA modulus. Must be exactly 2048 bits.
* @param nlen Length of @p n.
* @param d The secret exponent. Must be <= 2048 bits.
* @param dlen Length of @p d.
*
* @retval -1 If the input length is invalid.
* @retval 0 Otherwise.
*/
int ocrypto_rsa2048_init_key(ocrypto_rsa2048_key *k,
const uint8_t *n, size_t nlen,
const uint8_t *d, size_t dlen);
/**
* 2048-bit RSA secret key setup with CRT coefficients.
*
* @param[out] k The initialized secret key.
* @param p The 1. RSA prime. Must be exactly 1024 bits.
* @param plen Length of @p p.
* @param q The 2. RSA prime. Must be exactly 1024 bits.
* @param qlen Length of @p q.
* @param dp The 1. CRT exponent. dp = d mod (p-1).
* @param dplen Length of @p dp.
* @param dq The 2. CRT exponent. dq = d mod (q-1).
* @param dqlen Length of @p dq.
* @param qinv The CRT coefficient. qinv = 1/q mod p.
* @param qilen Length of @p qinv.
*
* @retval -1 If the input length is invalid.
* @retval 0 Otherwise.
*/
int ocrypto_rsa2048_init_crt_key(
ocrypto_rsa2048_crt_key *k,
const uint8_t *p, size_t plen,
const uint8_t *q, size_t qlen,
const uint8_t *dp, size_t dplen,
const uint8_t *dq, size_t dqlen,
const uint8_t *qinv, size_t qilen);
/**@}*/
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_RSA_KEY_H */
/** @} */

63
external/nrf_oberon/include/ocrypto_sc_p256.h vendored Normal file
View File

@@ -0,0 +1,63 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef OCRYPTO_SC_P256_H
#define OCRYPTO_SC_P256_H
#ifdef __cplusplus
extern "C" {
#endif
#include <stdint.h>
// P-256 scalar modulo group order
/**@cond */
typedef struct
{
uint32_t w[8]; // little endian
}
ocrypto_sc_p256;
/**@endcond */
#ifdef __cplusplus
}
#endif
#endif

156
external/nrf_oberon/include/ocrypto_sha1.h vendored Normal file
View File

@@ -0,0 +1,156 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_sha_1 SHA-1 APIs
* @ingroup nrf_oberon
* @{
* @brief Type declarations and APIs for the SHA-1 algorithm.
*
* A fixed-sized message digest is computed from variable length input data.
* The function is practically impossible to revert, and small changes in the
* input message lead to major changes in the message digest.
*
* SHA-1 is no longer considered secure against well-funded opponents;
* replacement by SHA-2 or SHA-3 is recommended.
*/
#ifndef OCRYPTO_SHA1_H
#define OCRYPTO_SHA1_H
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* Length of SHA-1 hash.
*/
#define ocrypto_sha1_BYTES (20)
/**@cond */
typedef struct {
uint32_t h[5];
uint8_t padded[64];
uint32_t length;
size_t bytes;
} ocrypto_sha1_ctx;
/**@endcond */
/**@name Incremental SHA-1 generator.
*
* This group of functions can be used to incrementally compute the SHA-1
* hash for a given message.
*/
/**@{*/
/**
* SHA-1 initialization.
*
* The generator state @p ctx is initialized by this function.
*
* @param[out] ctx Generator state.
*/
void ocrypto_sha1_init(
ocrypto_sha1_ctx *ctx);
/**
* SHA-1 incremental data input.
*
* The generator state @p ctx is updated to hash a message chunk @p in.
*
* This function can be called repeatedly until the whole message is processed.
*
* @param ctx Generator state.
* @param in Input data.
* @param in_len Length of @p in.
*
* @remark Initialization of the generator state @p ctx through
* @c ocrypto_sha1_init is required before this function can be called.
*/
void ocrypto_sha1_update(
ocrypto_sha1_ctx *ctx,
const uint8_t *in, size_t in_len);
/**
* SHA-1 output.
*
* The generator state @p ctx is updated to finalize the hash for the previously
* processed message chunks. The hash is put into @p r.
*
* @param ctx Generator state.
* @param[out] r Generated hash value.
*
* @remark Initialization of the generator state @p ctx through
* @c ocrypto_sha1_init is required before this function can be called.
*
* @remark After return, the generator state @p ctx must no longer be used with
* @c ocrypto_sha1_update and @c ocrypto_sha1_final unless it is
* reinitialized using @c ocrypto_sha1_init.
*/
void ocrypto_sha1_final(
ocrypto_sha1_ctx *ctx,
uint8_t r[ocrypto_sha1_BYTES]);
/**@}*/
/**
* SHA-1 hash.
*
* The SHA-1 hash of a given input message @p in is computed and put into @p r.
*
* @param[out] r Generated hash.
* @param in Input data.
* @param in_len Length of @p in.
*/
void ocrypto_sha1(
uint8_t r[ocrypto_sha1_BYTES],
const uint8_t *in, size_t in_len);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_SHA1_H */
/** @} */

154
external/nrf_oberon/include/ocrypto_sha256.h vendored Normal file
View File

@@ -0,0 +1,154 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_sha_256 SHA-256 APIs
* @ingroup nrf_oberon
* @{
* @brief Type declarations and APIs for the SHA-256 algorithm.
*
* SHA-256 is part of the SHA-2 family that is a set of cryptographic hash
* functions designed by the NSA. It is the successor of the SHA-1 algorithm.
*
* A fixed-sized message digest is computed from variable length input data.
* The function is practically impossible to revert, and small changes in the
* input message lead to major changes in the message digest.
*/
#ifndef OCRYPTO_SHA256_H
#define OCRYPTO_SHA256_H
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* Length of SHA-256 hash.
*/
#define ocrypto_sha256_BYTES (32)
/**@cond */
typedef struct {
uint32_t h[8];
uint8_t padded[64];
uint32_t length;
size_t bytes;
} ocrypto_sha256_ctx;
/**@endcond */
/**@name Incremental SHA-256 generator
*
* This group of functions can be used to incrementally compute the SHA-256
* hash for a given message.
*/
/**@{*/
/**
* SHA-256 initialization.
*
* The generator state @p ctx is initialized by this function.
*
* @param[out] ctx Generator state.
*/
void ocrypto_sha256_init(
ocrypto_sha256_ctx *ctx);
/**
* SHA-256 incremental data input.
*
* The generator state @p ctx is updated to hash a message chunk @p in.
*
* This function can be called repeatedly until the whole message is processed.
*
* @param ctx Generator state.
* @param in Input data.
* @param in_len Length of @p in.
*
* @remark Initialization of the generator state @p ctx through
* @c ocrypto_sha256_init is required before this function can be called.
*/
void ocrypto_sha256_update(
ocrypto_sha256_ctx *ctx,
const uint8_t *in, size_t in_len);
/**
* SHA-256 output.
*
* The generator state @p ctx is updated to finalize the hash for the previously
* processed message chunks. The hash is put into @p r.
*
* @param ctx Generator state.
* @param[out] r Generated hash value.
*
* @remark Initialization of the generator state @p ctx through
* @c ocrypto_sha256_init is required before this function can be called.
*
* @remark After return, the generator state @p ctx must no longer be used with
* @c ocrypto_sha256_update and @c ocrypto_sha256_final unless it is
* reinitialized using @c ocrypto_sha256_init.
*/
void ocrypto_sha256_final(
ocrypto_sha256_ctx *ctx,
uint8_t r[ocrypto_sha256_BYTES]);
/**@}*/
/**
* SHA-256 hash.
*
* The SHA-256 hash of a given input message @p in is computed and put into @p r.
*
* @param[out] r Generated hash.
* @param in Input data.
* @param in_len Length of @p in.
*/
void ocrypto_sha256(
uint8_t r[ocrypto_sha256_BYTES],
const uint8_t *in, size_t in_len);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_SHA256_H */
/** @} */

155
external/nrf_oberon/include/ocrypto_sha512.h vendored Normal file
View File

@@ -0,0 +1,155 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_sha_512 SHA-512 APIs
* @ingroup nrf_oberon
* @{
* @brief Type declarations and APIs for the SHA-512 algorithm.
*
* SHA-512 is part of the SHA-2 family that is a set of cryptographic hash
* functions designed by the NSA. It is the successor of the SHA-1 algorithm.
*
* A fixed-sized message digest is computed from variable length input data.
* The function is practically impossible to revert, and small changes in the
* input message lead to major changes in the message digest.
*/
#ifndef OCRYPTO_SHA512_H
#define OCRYPTO_SHA512_H
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* Length of SHA-512 hash.
*/
#define ocrypto_sha512_BYTES (64)
/**@cond */
typedef struct {
uint64_t h[8];
uint8_t padded[128];
uint32_t length;
size_t bytes;
} ocrypto_sha512_ctx;
/**@endcond */
/**@name Incremental SHA-512 generator
*
* This group of functions can be used to incrementally compute the SHA-512
* hash for a given message.
*/
/**@{*/
/**
* SHA-512 initialization.
*
* The generator state @p ctx is initialized by this function.
*
* @param[out] ctx Generator state.
*/
void ocrypto_sha512_init(
ocrypto_sha512_ctx *ctx);
/**
* SHA-512 incremental data input.
*
* The generator state @p ctx is updated to hash a message chunk @p in.
*
* This function can be called repeatedly until the whole message is processed.
*
* @param ctx Generator state.
* @param in Input data.
* @param in_len Length of @p in.
*
* @remark Initialization of the generator state @p ctx through
* @c ocrypto_sha512_init is required before this function can be called.
*/
void ocrypto_sha512_update(
ocrypto_sha512_ctx *ctx,
const uint8_t *in, size_t in_len);
/**
* SHA-512 output.
*
* The generator state @p ctx is updated to finalize the hash for the previously
* processed message chunks. The hash is put into @p r.
*
* @param ctx Generator state.
* @param[out] r Generated hash value.
*
* @remark Initialization of the generator state @p ctx through
* @c ocrypto_sha512_init is required before this function can be called.
*
* @remark After return, the generator state @p ctx must no longer be used with
* @c ocrypto_sha512_update and @c ocrypto_sha512_final unless it is
* reinitialized using @c ocrypto_sha512_init.
*/
void ocrypto_sha512_final(
ocrypto_sha512_ctx *ctx,
uint8_t r[ocrypto_sha512_BYTES]);
/**@}*/
/**
* SHA-512 hash.
*
* The SHA-512 hash of a given input message @p in is computed and put into @p r.
*
* @param[out] r Generated hash.
* @param in Input data.
* @param in_len Length of @p in.
*/
void ocrypto_sha512(
uint8_t r[ocrypto_sha512_BYTES],
const uint8_t *in, size_t in_len);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_SHA512_H */
/** @} */

310
external/nrf_oberon/include/ocrypto_srp.h vendored Normal file
View File

@@ -0,0 +1,310 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_srp SRP - Secure Remote Password APIs
* @ingroup nrf_oberon
* @{
* @brief Type declarations and APIs for the SRP key agreement protocol.
*
* SRP is an augmented password-authenticated key agreement protocol,
* specifically designed to work around existing patents. SRP allows the use of
* user names and passwords over unencrypted channels and supplies a shared
* secret at the end of the authentication sequence that can be used to generate
* encryption keys.
*
* An eavesdropper or man in the middle cannot obtain enough information to be
* able to brute force guess a password without further interactions with the
* parties for each guess.
*
* The server does not store password-equivalent data. This means that an
* attacker who steals the server data cannot masquerade as the client unless
* they first perform a brute force search for the password.
*
* The specific variant implemented here is SRP-6 3072 bit SHA-512.
*
* @see [RFC 5054 - Using the Secure Remote Password (SRP) Protocol for TLS Authentication](https://tools.ietf.org/html/rfc5054)
* @see [The Stanford SRP Homepage](http://srp.stanford.edu)
*
* **Basic protocol overview**
*
* *Setup*
* 1. Server generates a username / password combination together with a salt.
* 2. Server derives a password verifier (see #ocrypto_srp_verifier).
* 3. The username, salt and verifier are stored and required to open sessions.
* The original password is no longer needed.
*
* *Session opening*
* 1. Client sends a username and the public key of an ephemeral key pair to the
* server.
* 2. Server sends the salt and the public key of another ephemeral key pair to
* the client (see #ocrypto_srp_public_key).
* 3. Client and Server both compute the session key from this information (see
* #ocrypto_srp_scrambling_parameter, #ocrypto_srp_premaster_secret,
* #ocrypto_srp_session_key).
* 4. Client sends proof of the session key to the server.
* 5. Server validates proof (see #ocrypto_srp_proof_m1), then sends proof of the
* session key to the client (see #ocrypto_srp_proof_m2).
* 6. Client validates proof. Both parties know that they share the same private
* session key.
*/
#ifndef OCRYPTO_SRP_H
#define OCRYPTO_SRP_H
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* Salt length.
*/
#define ocrypto_srp_SALT_BYTES (16)
/**
* Password verifier length.
*/
#define ocrypto_srp_VERIFIER_BYTES (384)
/**
* Secret key length.
*/
#define ocrypto_srp_SECRET_KEY_BYTES (32)
/**
* Public key length.
*/
#define ocrypto_srp_PUBLIC_KEY_BYTES (384)
/**
* Scrambling parameter length.
*/
#define ocrypto_srp_SCRAMBLING_PARAMETER_BYTES (64)
/**
* Premaster secret length.
*/
#define ocrypto_srp_PREMASTER_SECRET_BYTES (384)
/**
* Session key length.
*/
#define ocrypto_srp_SESSION_KEY_BYTES (64)
/**
* Proof length.
*/
#define ocrypto_srp_PROOF_BYTES (64)
/**@name SRP-6 Password verifier generation
*
* A password verifier is generated from a user name and a password. The
* password @p pass may be discarded, as only the verifier is used during later
* computations.
*/
/**@{*/
/**
* SRP-6 Password Verifier.
*
* The verifier is generated for a given user name @p user, a password @p pass
* and salt @p salt.
*
* @param[out] v Generated password verifier, must be 32-bit aligned.
* @param salt Salt.
* @param user User name.
* @param user_len Length of @p user.
* @param pass Password.
* @param pass_len Length of @p pass.
*/
void ocrypto_srp_verifier(
uint8_t v[ocrypto_srp_VERIFIER_BYTES],
const uint8_t salt[ocrypto_srp_SALT_BYTES],
const uint8_t *user, size_t user_len,
const uint8_t *pass, size_t pass_len);
/**@}*/
/**@name SRP-6 Public key generation
*
* An ephemeral keypair can be generated based on the password verifier to be
* used when opening a new session.
*/
/**@{*/
/**
* SRP-6 Public Key.
*
* The public key for a given private key @p priv_b is generated using the
* password verifier @p v and put into @p pub_b.
*
* @param[out] pub_b Generated public key, must be 32-bit aligned.
* @param priv_b Private key.
* @param v Password verifier.
*/
void ocrypto_srp_public_key(
uint8_t pub_b[ocrypto_srp_PUBLIC_KEY_BYTES],
const uint8_t priv_b[ocrypto_srp_SECRET_KEY_BYTES],
const uint8_t v[ocrypto_srp_VERIFIER_BYTES]);
/**@}*/
/**@name SRP-6 Session key generation
*
* A premaster secret can be derived from both the client's and server's public
* keys, the server's private key and the password verifier. A shared session
* key can be generated from this premaster secret.
*/
/**@{*/
/**
* SRP-6 Scrambling Parameter.
*
* The scrambling parameter is computed from both the client's public key
* @p pub_a and the server's public key @p pub_b. The scrambling parameter
* is required to compute the premaster secret.
*
* @param[out] u Generated scrambling parameter.
* @param pub_a Client public key.
* @param pub_b Server public key.
*/
void ocrypto_srp_scrambling_parameter(
uint8_t u[ocrypto_srp_SCRAMBLING_PARAMETER_BYTES],
const uint8_t pub_a[ocrypto_srp_PUBLIC_KEY_BYTES],
const uint8_t pub_b[ocrypto_srp_PUBLIC_KEY_BYTES]);
/**
* SRP-6 Premaster Secret.
*
* The premaster secret between the client and the server is computed using the
* client public key @p pub_a, the server private key @p priv_b, the scrambling
* parameter @p u and the password verifier @p v. If the client public key
* @p pub_a is valid, the premaster secret is then put into @p s. The premaster
* secret can be used to generate encryption keys.
*
* @param[out] s Generated premaster secret, must be 32-bit aligned.
* @param pub_a Client public key.
* @param priv_b Server private key.
* @param u Scrambling parameter; generated with @c srp_scrambling_parameter.
* @param v Password verifier.
*
* @retval 0 If @p pub_a is a valid public key.
* @retval 1 Otherwise.
*/
int ocrypto_srp_premaster_secret(
uint8_t s[ocrypto_srp_PREMASTER_SECRET_BYTES],
const uint8_t pub_a[ocrypto_srp_PUBLIC_KEY_BYTES],
const uint8_t priv_b[ocrypto_srp_SECRET_KEY_BYTES],
const uint8_t u[ocrypto_srp_SCRAMBLING_PARAMETER_BYTES],
const uint8_t v[ocrypto_srp_VERIFIER_BYTES]);
/**
* SRP-6 SRP Session Key.
*
* Generates the shared SRP session key from the premaster secret @p s and puts
* it into @p k.
*
* @param[out] k Generated SRP session key.
* @param s Premaster secret.
*/
void ocrypto_srp_session_key(
uint8_t k[ocrypto_srp_SESSION_KEY_BYTES],
const uint8_t s[ocrypto_srp_PREMASTER_SECRET_BYTES]);
/**@}*/
/**@name SRP-6 Proof exchange
*
* Proofs are exchanged from client to server and vice versa to ensure that both
* parties computed the same shared session key. The proofs only match if the
* correct password is used by the client.
*/
/**@{*/
/**
* SRP-6 Proof M1 (client to server).
*
* A proof is generated by the client and sent to the server to assert that the
* client is in possession of the shared session key @p k. The server also
* generates the proof. Only if the proofs match, the process can continue.
* The proof is based on the salt @p salt, the client public key @p pub_a,
* the server public key @p pub_b and the shared session key @p k.
*
* @param[out] m1 Generated proof.
* @param user User name.
* @param user_len Length of @p user.
* @param salt Salt.
* @param pub_a Client public key.
* @param pub_b Server public key.
* @param k Session key.
*/
void ocrypto_srp_proof_m1(
uint8_t m1[ocrypto_srp_PROOF_BYTES],
const uint8_t *user, size_t user_len,
const uint8_t salt[ocrypto_srp_SALT_BYTES],
const uint8_t pub_a[ocrypto_srp_PUBLIC_KEY_BYTES],
const uint8_t pub_b[ocrypto_srp_PUBLIC_KEY_BYTES],
const uint8_t k[ocrypto_srp_SESSION_KEY_BYTES]);
/**
* SRP-6 Proof M2 (server to client).
*
* A second proof is generated by the server and sent back to the client to
* assert that the server is in possession of the shared session key @p k. The
* client also generates the proof. If the proofs match, both parties can assume
* that they share the same session key @p k. The second proof is based on the
* client public key @p pub_a, the first proof @p m1 and the session key @p k.
*
* @param[out] m2 Generated proof.
* @param pub_a Client public key.
* @param m1 First proof. Generated with @c srp_proof_m1.
* @param k Session key.
*/
void ocrypto_srp_proof_m2(
uint8_t m2[ocrypto_srp_PROOF_BYTES],
const uint8_t pub_a[ocrypto_srp_PUBLIC_KEY_BYTES],
const uint8_t m1[ocrypto_srp_PROOF_BYTES],
const uint8_t k[ocrypto_srp_SESSION_KEY_BYTES]);
/**@}*/
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_SRP_H */
/** @} */

205
external/nrf_oberon/include/ocrypto_srtp.h vendored Normal file
View File

@@ -0,0 +1,205 @@
/**
* Copyright (c) 2019 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**@file
* @defgroup nrf_oberon_srpt SRPT - Secure Real-Time Transport Protocol APIs
* @ingroup nrf_oberon
* @{
* @brief Type declarations and APIs for SRTP - Secure Real-time Transport Protocol.
*/
#ifndef OCRYPTO_SRTP_H
#define OCRYPTO_SRTP_H
#include <stddef.h>
#include <stdint.h>
#include "ocrypto_aes_key.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* SRTP Authentication Key Size.
*/
#define ocrypto_srtp_AuthKeySize (20)
/**
* SRTP Salt Size.
*/
#define ocrypto_srtp_SaltSize (14)
/**
* SRTP Maximum Key Size.
*/
#define ocrypto_srtp_MaxKeySize (ocrypto_aes256_KEY_BYTES)
/**
* SRTP Context.
*/
typedef struct {
/**
* Key size [bytes].
*/
uint32_t keySize;
/**
* Tag size [bytes].
*/
uint32_t tagSize;
/**
* Session encryption key (max 256 bits).
*/
uint8_t encrKey[ocrypto_srtp_MaxKeySize];
/**
* Session authentication key
* 160 bits.
*/
uint8_t authKey[ocrypto_srtp_AuthKeySize];
/**
* Session salt
* 112 bits.
*/
uint8_t saltKey[ocrypto_srtp_SaltSize];
} ocrypto_srtp_context;
/**
* Setup SRTP contexts.
*
* @param[out] srtpContext SRTP context to be setup.
* @param[out] srtcpContext SRTCP context to be setup.
* @param key Master key.
* @param keySize Size of the master key (16, 24, or 32 bytes)
* @param salt Master salt.
* @param tagSize Size of the authentication tag.
* @param ssrc Synchronization source.
*/
void ocrypto_srtp_setupContext(
ocrypto_srtp_context *srtpContext,
ocrypto_srtp_context *srtcpContext,
const uint8_t *key,
uint32_t keySize,
const uint8_t *salt,
uint32_t tagSize,
uint32_t ssrc);
/**
* Encrypt SRTP packet.
*
* The final packet consists of @p numHeaderBytes encrypted in place, followed
* by @p numDataBytes copied from @p dataBytes during encryption.
*
* @param srtpContext SRTP context.
* @param[in,out] packet Encrypted packet.
* @param dataBytes Data bytes to be encrypted.
* @param numHeaderBytes Number of header bytes.
* @param numDataBytes Number of data bytes.
* @param index Packet index.
*/
void ocrypto_srtp_encrypt(
const ocrypto_srtp_context *srtpContext,
uint8_t *packet,
const uint8_t *dataBytes,
size_t numHeaderBytes,
size_t numDataBytes,
uint32_t index);
/**
* Decrypt SRTP packet.
*
* @param srtpContext SRTP context.
* @param[out] data Decrypted data.
* @param packetBytes Packet bytes.
* @param numPacketBytes Number of packet bytes.
* @param index Packet index.
*/
void ocrypto_srtp_decrypt(
const ocrypto_srtp_context *srtpContext,
uint8_t *data,
const uint8_t *packetBytes,
size_t numPacketBytes,
uint32_t index);
/**
* Generate SRTP authentication tag from bytes and index.
*
* @param context SRTP context.
* @param[out] tag Authentication tag generated.
* @param bytes Byte buffer.
* @param numBytes Number of bytes in buffer.
* @param index Index.
*/
void ocrypto_srtp_authenticate(
const ocrypto_srtp_context *context,
uint8_t *tag,
const uint8_t *bytes,
size_t numBytes,
uint32_t index);
/**
* Check SRTP authentication tag against bytes and index.
*
* @param context SRTP context.
* @param tag Tag.
* @param bytes Byte buffer.
* @param numBytes Number of bytes in buffer.
* @param index Index.
*
* @retval 1 If the tag is valid.
* @retval 0 Otherwise.
*/
int ocrypto_srtp_verifyAuthentication(
const ocrypto_srtp_context *context,
const uint8_t *tag,
const uint8_t *bytes,
size_t numBytes,
uint32_t index);
#ifdef __cplusplus
}
#endif
#endif /* #ifndef OCRYPTO_SRTP_H */
/** @} */

BIN
external/nrf_oberon/lib/cortex-m0/soft-float/short-wchar/oberon_3.0.6.lib vendored Normal file
View File

Binary file not shown.

BIN
external/nrf_oberon/lib/cortex-m0/soft-float/short-wchar/oberon_mbedtls_3.0.6.lib vendored Normal file
View File

Binary file not shown.

BIN
external/nrf_oberon/lib/cortex-m33+nodsp/soft-float/short-wchar/oberon_3.0.6.lib vendored Normal file
View File

Binary file not shown.

BIN
external/nrf_oberon/lib/cortex-m33+nodsp/soft-float/short-wchar/oberon_mbedtls_3.0.6.lib vendored Normal file
View File

Binary file not shown.

BIN
external/nrf_oberon/lib/cortex-m33/hard-float/short-wchar/oberon_3.0.6.lib vendored Normal file
View File

Binary file not shown.

BIN
external/nrf_oberon/lib/cortex-m33/hard-float/short-wchar/oberon_mbedtls_3.0.6.lib vendored Normal file
View File

Binary file not shown.

BIN
external/nrf_oberon/lib/cortex-m33/soft-float/short-wchar/oberon_3.0.6.lib vendored Normal file
View File

Binary file not shown.

BIN
external/nrf_oberon/lib/cortex-m33/soft-float/short-wchar/oberon_mbedtls_3.0.6.lib vendored Normal file
View File

Binary file not shown.

BIN
external/nrf_oberon/lib/cortex-m4/hard-float/short-wchar/oberon_3.0.6.lib vendored Normal file
View File

Binary file not shown.

BIN
external/nrf_oberon/lib/cortex-m4/hard-float/short-wchar/oberon_mbedtls_3.0.6.lib vendored Normal file
View File

Binary file not shown.

BIN
external/nrf_oberon/lib/cortex-m4/soft-float/short-wchar/oberon_3.0.6.lib vendored Normal file
View File

Binary file not shown.

BIN
external/nrf_oberon/lib/cortex-m4/soft-float/short-wchar/oberon_mbedtls_3.0.6.lib vendored Normal file
View File

Binary file not shown.

37
external/nrf_oberon/lib/license.txt vendored Normal file
View File

@@ -0,0 +1,37 @@
Copyright (c) 2016 - 2020, Nordic Semiconductor ASA
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
2. Redistributions in binary form, except as embedded into a Nordic
Semiconductor ASA integrated circuit in a product or a software update for
such product, must reproduce the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or other
materials provided with the distribution.
3. Neither the name of Nordic Semiconductor ASA nor the names of its
contributors may be used to endorse or promote products derived from this
software without specific prior written permission.
4. This software, with or without modification, must only be used with a
Nordic Semiconductor ASA integrated circuit.
5. Any software provided in binary form under this license must not be reverse
engineered, decompiled, modified and/or disassembled.
THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

37
external/nrf_oberon/license.txt vendored Normal file
View File

@@ -0,0 +1,37 @@
Copyright (c) 2016 - 2020, Nordic Semiconductor ASA
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
2. Redistributions in binary form, except as embedded into a Nordic
Semiconductor ASA integrated circuit in a product or a software update for
such product, must reproduce the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or other
materials provided with the distribution.
3. Neither the name of Nordic Semiconductor ASA nor the names of its
contributors may be used to endorse or promote products derived from this
software without specific prior written permission.
4. This software, with or without modification, must only be used with a
Nordic Semiconductor ASA integrated circuit.
5. Any software provided in binary form under this license must not be reverse
engineered, decompiled, modified and/or disassembled.
THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.