diff --git a/include/mbedtls/aes_alt.h b/include/mbedtls/aes_alt.h new file mode 100644 index 0000000..7044cf4 --- /dev/null +++ b/include/mbedtls/aes_alt.h @@ -0,0 +1,72 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_AES_ALT_H +#define MBEDTLS_AES_ALT_H + + +#if defined(MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#endif + + +#include +#include + +#if defined(MBEDTLS_AES_ALT) + + +/* padlock.c and aesni.c rely on these values! */ +#define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ +#define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ + +/* Error codes in range 0x0020-0x0022 */ +#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ +#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ + +/* Error codes in range 0x0023-0x0025 */ +#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */ +#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */ + + +/* The Size of the AES context.*/ +#define MBEDTLS_AES_CONTEXT_SIZE_IN_WORDS (29) + + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief AES context structure + * + */ +typedef struct +{ + uint32_t buf[MBEDTLS_AES_CONTEXT_SIZE_IN_WORDS]; +} mbedtls_aes_context; + + +#if defined(MBEDTLS_CIPHER_MODE_XTS) +/** + * \brief The AES XTS context-type definition. + */ +typedef struct mbedtls_aes_xts_context +{ + mbedtls_aes_context crypt; /*!< The AES context to use for AES block + encryption or decryption. */ + mbedtls_aes_context tweak; /*!< The AES context used for tweak + computation. */ +} mbedtls_aes_xts_context; +#endif /* MBEDTLS_CIPHER_MODE_XTS */ + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_AES_ALT */ + +#endif /* MBEDTLS_AES_ALT_H */ diff --git a/include/mbedtls/cc3xx_kmu.h b/include/mbedtls/cc3xx_kmu.h new file mode 100644 index 0000000..834e863 --- /dev/null +++ b/include/mbedtls/cc3xx_kmu.h @@ -0,0 +1,403 @@ +/* + * Copyright (c) 2020 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause + */ + +/**@file + * @defgroup nrf_cc3xx_mbedcrypto nrf_cc3xx_mbedcrypto APIs + * @{ + * @brief nrf_cc3xx_mbedcrypto nrf_cc3xx_mbedcrypto library containing cc3xx + * APIs for the KMU or KDR peripherals. Further documentation can be found on : https://tls.mbed.org + * @} + * + * @defgroup nrf_cc3xx_mbedcrypto_kmu nrf_cc3xx_mbedcrypto KMU APIs + * @ingroup nrf_cc3xx_mbedcrypto + * @{ + * @brief The nrf_cc3xx_mbedcrypto_kmu APIs can be utilized to directly use or derive keys + * from KMU or KDR in ARM CryptoCell devices + */ +#ifndef CC3XX_KMU_H__ +#define CC3XX_KMU_H__ + +#include + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#include "nrf_cc3xx_platform_defines.h" + + +#define MBEDTLS_SHADOW_KEY_KDF_MAX_LABEL_SIZE_IN_BYTES (64) //!< KDF input "label" can be 0 to 64 bytes. +#define MBEDTLS_SHADOW_KEY_KDF_MAX_CONTEXT_SIZE_IN_BYTES (64) //!< KDF input "context" can be 0 to 64 bytes. +#define MBEDTLS_SHADOW_KEY_KDF_MAX_DERIVED_SIZE_IN_BYTES (4080) //!< KDF max length for derived material. + + +#define MBEDTLS_ERR_SHADOW_KEY_KEY_OK (0) //!< The shadow key operation was succesful. +#define MBEDTLS_ERR_SHADOW_KEY_INVALID_SLOT (-1) //!< The shadow key operation used an invalid slot. +#define MBEDTLS_ERR_SHADOW_KEY_INVALID_SIZE (-2) //!< The shadow key was of invalid size. +#define MBEDTLS_ERR_SHADOW_KEY_KDF_INVALID_LABEL (-3) //!< The KDF input label is invalid +#define MBEDTLS_ERR_SHADOW_KEY_KDF_INVALID_CONTEXT (-4) //!< The KDF input context is invalid +#define MBEDTLS_ERR_SHADOW_KEY_KDF_INVALID_INPUT (-5) //!< The KDF input is invalid +#define MBEDTLS_ERR_SHADOW_KEY_INTERNAL_ERROR (-6) //!< KMU/KDF internal error. + +#if defined(MBEDTLS_AES_C) + +#include "mbedtls/aes.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/** @brief Function to configure AES to use one or more KMU key slot for + * encryption + * + * @note A shadow key is not directly accessible, only reference information + * is stored in the context type + * + * @note Replaces the API mbedtls_aes_setkey_enc. + * + * @note Using this API enforces raw key usage of keys in the KMU slots. + * If derived key usage is intended, please use the API + * nrf_cc3xx_platform_kmu_aes_setkey_enc_shadow_key_derived. + * + * @param ctx AES context to set the key by KMU slot + * @param slot_id Identifier of the key slot (0 - 127) + * @param keybits Key size in bits + * + * @returns 0 on success, otherwise a negative number. + */ +int mbedtls_aes_setkey_enc_shadow_key( + mbedtls_aes_context * const ctx, + uint32_t slot_id, + unsigned int keybits); + + +/** @brief Function to configure AES to use one or more KMU key slot for + * decryption + * + * @note A shadow key is not directly accessible, only reference information + * is stored in the context type + * + * @note Replaces the API mbedtls_aes_setkey_dec. + * + * @note Using this API enforces raw key usage of keys in the KMU slots. + * If derived key usage is intended, please use the API + * nrf_cc3xx_platform_kmu_aes_setkey_dec_shadow_key_derived. + * + * @param ctx AES context to set the key by KMU slot. + * @param slot_id Identifier of the key slot (0 - 127). + * @param keybits Key size in bits. + * + * @returns 0 on success, otherwise a negative number. + */ +int mbedtls_aes_setkey_dec_shadow_key( + mbedtls_aes_context * const ctx, + uint32_t slot_id, + unsigned int keybits); + + +/** @brief Function to configure AES to use a key derived from one or more + * slots in KMU for encryption. + * + * @details See mbedtls_derive_kmu_key for details on the KDF function. + * + * @note Replaces the API mbedtls_aes_setkey_dec. + * + * @note The key derivation is executed before each requests to encrypt. + * this function only configures the context to use a derived key. + * + * @note When deriving the key from KMU registers, the derived keys exist + * in SRAM for a brief period of time, before being loaded into the + * write-only CryptoCell HW registers for AES keys before encryption. + * + * @param ctx AES context to set the decryption key by KMU slot. + * @param slot_id Identifier of the key slot (0 - 127). + * @param keybits Key size in bits. + * @param label Label to use for KDF. + * @param label_size Size of the label to use for KDF. + * @param context Context info to use for KDF. + * @param context_size Context info size to use for KDF. + * + * @returns 0 on success, otherwise a negative number. + */ +int mbedtls_aes_setkey_enc_shadow_key_derived( + mbedtls_aes_context * const ctx, + uint32_t slot_id, + unsigned int keybits, + uint8_t const * label, + size_t label_size, + uint8_t const * context, + size_t context_size); + + +/** @brief Function to configure AES to use a key derived from one or more + * slots in KMU for decryption. + * + * @details See mbedtls_derive_kmu_key for details on the KDF function. + * + * @note A shadow key is not directly accessible, only reference information + * is stored in the context type + * @note Replaces the API mbedtls_aes_setkey_enc. + * + * @note The key derivation is executed before each requests to decrypt. + * This function only configures the context to use a derived key. + * + * @note When deriving the key from KMU registers, the derived keys exist + * in SRAM for a brief period of time, before being loaded into the + * write-only CryptoCell HW registers for AES keys before decryption. + * + * @param ctx AES context to set the decryption key by KMU slot. + * @param slot_id Identifier of the key slot (0 - 127). + * @param keybits Key size in bits. + * @param label Label to use for KDF. + * @param label_size Size of the label to use for KDF. + * @param context Context info to use for KDF. + * @param context_size Context info size to use for KDF. + * + * @returns 0 on success, otherwise a negative number. + */ +int mbedtls_aes_setkey_dec_shadow_key_derived( + mbedtls_aes_context * const ctx, + uint32_t slot_id, + unsigned int keybits, + uint8_t const * label, + size_t label_size, + uint8_t const * context, + size_t context_size); + +#ifdef __cplusplus +} +#endif + +#endif /* defined(MBEDTLS_AES_C) */ + + +#if defined(MBEDTLS_CCM_C) + +#include "mbedtls/ccm.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/** @brief Function to configure AES CCM to use one or more KMU key slot as + * encryption key. + * + * @note A shadow key is not directly accessible, only reference information + * is stored in the context type + * + * @note Replaces the API mbedtls_ccm_setkey. + * + * @note Using this API enforces raw key usage of keys in the KMU slots. + * If derived key usage is intended, please use the API + * nrf_cc3xx_platform_kmu_aes_setkey_enc_shadow_key_derived. + * + * @param ctx AES context to set the key by KMU slot. + * @param cipher Cipher id to use. + * @param slot_id Identifier of the key slot (0 - 127). + * @param keybits Key size in bits. + * + * @returns 0 on success, otherwise a negative number. + */ +int mbedtls_ccm_setkey_shadow_key( + mbedtls_ccm_context * const ctx, + mbedtls_cipher_id_t cipher, + uint32_t slot_id, + unsigned int keybits +); + +/** @brief Function to configure AES CCM to use a key derived from one or more + * slots in KMU for encryption. + * + * @details See mbedtls_derive_kmu_key for details on the KDF function. + * + * @note A shadow key is not directly accessible, only reference information + * is stored in the context type + * + * @note Replaces the API mbedtls_ccm_setkey. + * + * @note The key derivation is executed before each requests to decrypt. + * This function only configures the context to use a derived key. + * + * @note When deriving the key from KMU registers, the derived keys exist + * in SRAM for a brief period of time, before being loaded into the + * write-only CryptoCell HW registers for AES keys before decryption. + * + * @param ctx AES context to set the decryption key by KMU slot. + * @param cipher Cipher id to use. + * @param slot_id Identifier of the key slot (0 - 127). + * @param keybits Key size in bits. + * @param label Label to use for KDF. + * @param label_size Size of the label to use for KDF. + * @param context Context info to use for KDF. + * @param context_size Context info size to use for KDF. + * + * @returns 0 on success, otherwise a negative number. + */ +int mbedtls_ccm_setkey_shadow_key_derived( + mbedtls_ccm_context * const ctx, + mbedtls_cipher_id_t cipher, + uint32_t slot_id, + unsigned int keybits, + uint8_t const * label, + size_t label_size, + uint8_t const * context, + size_t context_size +); + +#ifdef __cplusplus +} +#endif + +#endif /* defined(MBEDTLS_CCM_C) */ + +#if defined(MBEDTLS_GCM_C) + +#include "mbedtls/gcm.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/** @brief Function to configure AES GCM to use one or more KMU key slot as + * encryption key. + * + * @note A shadow key is not directly accessible, only reference information + * is stored in the context type + * + * @note Replaces the API mbedtls_gcm_setkey. + * + * @note Using this API enforces raw key usage of keys in the KMU slots. + * If derived key usage is intended, please use the API + * nrf_cc3xx_platform_kmu_aes_setkey_enc_shadow_key_derived. + * + * @param ctx AES context to set the key by KMU slot. + * @param cipher Cipher id to use. + * @param slot_id Identifier of the key slot (0 - 127). + * @param keybits Key size in bits. + * + * @returns 0 on success, otherwise a negative number. + */ +int mbedtls_gcm_setkey_shadow_key( + mbedtls_gcm_context * const ctx, + mbedtls_cipher_id_t cipher, + uint32_t slot_id, + unsigned int keybits +); + +/** @brief Function to configure AES GCM to use a key derived from one or more + * slots in KMU for encryption. + * + * @details See mbedtls_derive_kmu_key for details on the KDF function. + * + * @note A shadow key is not directly accessible, only reference information + * is stored in the context type + * + * @note Replaces the API mbedtls_gcm_setkey. + * + * @note The key derivation is executed before each requests to decrypt. + * this function only configures the context to use a derived key. + * + * @note When deriving the key from KMU registers, the derived keys exist + * in SRAM for a brief period of time, before being loaded into the + * write-only CryptoCell HW registers for AES keys before decryption. + * + * @param ctx AES context to set the decryption key by KMU slot. + * @param cipher Cipher id to use. + * @param slot_id Identifier of the key slot (0 - 127). + * @param keybits Key size in bits. + * @param label Label to use for KDF. + * @param label_size Size of the label to use for KDF. + * @param context Context info to use for KDF. + * @param context_size Context info size to use for KDF. + * + * @returns 0 on success, otherwise a negative number. + */ +int mbedtls_gcm_setkey_shadow_key_derived( + mbedtls_gcm_context * const ctx, + mbedtls_cipher_id_t cipher, + uint32_t slot_id, + unsigned int keybits, + uint8_t const * label, + size_t label_size, + uint8_t const * context, + size_t context_size +); + +#ifdef __cplusplus +} +#endif + +#endif // defined(MBEDTLS_GCM_C) + +#if defined(MBEDTLS_AES_C) + +#include "mbedtls/aes.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/** @brief Function to use CMAC to derive a key stored in KMU/Kdr + * + * @details The KDF is using a PRF function described in the Special publication + * 800-108: Recommendation for Key Derivation Using Pseudorandom Functions + * https://csrc.nist.gov/publications/detail/sp/800-108/final. + * + * This algorithm is described in chapter 5.1 - KDF in Counter Mode + * + * The format of the PRF (the input) is as follows: + * PRF (KI, i || Label || 0x00 || Context || L) + * + * KI: The Key derivation key + * i : The counter value for each iteration of the PRF represented + * as one byte. + * label: A string identifying the purpose of the derived key + * that is up to 64 bytes long. + * 0x00: a single byte delimiter. + * Context: Fixed information about the derived keying material + * that is up to 64 bytes long. + * L : The length of derived key material in bits represented as two + * bytes. + * + * @note On nRF52840 only slot_id == 0 is valid, pointing to the + * Kdr key (also known as a HUK key) loaded into the CryptoCell. + * + * @param slot_id Identifier of the key slot. + * @param keybits Key size in bits. + * @param label Label to use for KDF. + * @param label_size Size of the label to use for KDF. + * @param context Context info to use for KDF. + * @param context_size Context info size to use for KDF. + * @param output Output buffer. + * @param output_size Size of output buffer in bytes. + * + * @returns 0 on success, otherwise a negative number. + */ +int mbedtls_shadow_key_derive(uint32_t slot_id, + unsigned int keybits, + uint8_t const * label, + size_t label_size, + uint8_t const * context, + size_t context_size, + uint8_t * output, + size_t output_size); + +#ifdef __cplusplus +} +#endif + +#endif // defined(MBEDTLS_AES_C) + +#endif /* CC3XX_KMU_H__ */ + +/** @} */ diff --git a/include/mbedtls/ccm_alt.h b/include/mbedtls/ccm_alt.h new file mode 100644 index 0000000..5877e1e --- /dev/null +++ b/include/mbedtls/ccm_alt.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_CCM_ALT_H +#define MBEDTLS_CCM_ALT_H + +#if defined(MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#endif + +#include +#include +#include "mbedtls/cipher.h" + +#if defined (MBEDTLS_CCM_ALT) + +#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to function. */ +#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */ + +/* The Size of the CCM context.*/ +#define MBEDTLS_CCM_CONTEXT_SIZE_IN_WORDS (33) + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief The CCM context-type definition. The CCM context is passed + * to the APIs called. + */ +typedef struct { + uint32_t buf[MBEDTLS_CCM_CONTEXT_SIZE_IN_WORDS]; +} +mbedtls_ccm_context; + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_CCM_ALT */ + +#endif /* MBEDTLS_CCM_ALT_H */ diff --git a/include/mbedtls/chacha20_alt.h b/include/mbedtls/chacha20_alt.h new file mode 100644 index 0000000..2bb7a20 --- /dev/null +++ b/include/mbedtls/chacha20_alt.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_CHACHA20_ALT_H +#define MBEDTLS_CHACHA20_ALT_H + +#if defined(MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#endif + + +#include +#include + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/************************ Defines ******************************/ + +/*! The size of the ChaCha user-context in words. */ +#define MBEDTLS_CHACHA_USER_CTX_SIZE_IN_WORDS 41 +/*! The size of the ChaCha block in Bytes. */ +#define MBEDTLS_CHACHA_BLOCK_SIZE_BYTES 64 +/*! The size of the ChaCha block in Bytes. As defined in rfc7539 */ +#define MBEDTLS_CHACHA_NONCE_SIZE_BYTES 12 +/*! The size of the ChaCha key in Bytes. */ +#define MBEDTLS_CHACHA_KEY_SIZE_BYTES 32 +/*! Internal type to identify 12 byte nonce */ +#define MBEDTLS_CHACHA_NONCE_SIZE_12BYTE_TYPE 1 + +/*! The definition of the 12-Byte array of the nonce buffer. */ +typedef uint8_t mbedtls_chacha_nonce[MBEDTLS_CHACHA_NONCE_SIZE_BYTES]; + +/*! The definition of the key buffer of the ChaCha engine. */ +typedef uint8_t mbedtls_chacha_key[MBEDTLS_CHACHA_KEY_SIZE_BYTES]; + +#if defined(MBEDTLS_CHACHA20_ALT) + +typedef struct +{ + uint32_t buf[MBEDTLS_CHACHA_USER_CTX_SIZE_IN_WORDS]; +} +mbedtls_chacha20_context; + +#endif + +#ifdef __cplusplus +} +#endif + + +#endif /* MBEDTLS_CHACHA20_ALT_H */ diff --git a/include/mbedtls/chachapoly_alt.h b/include/mbedtls/chachapoly_alt.h new file mode 100644 index 0000000..8c288eb --- /dev/null +++ b/include/mbedtls/chachapoly_alt.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_CHACHAPOLY_ALT_H +#define MBEDTLS_CHACHAPOLY_ALT_H + +#if defined(MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#endif + +#include "chacha20_alt.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/************************ Defines ******************************/ +#define CHACHAPOLY_TAG_SIZE_BYTES 16 + +#if defined(MBEDTLS_CHACHAPOLY_ALT) + +typedef struct +{ + mbedtls_chacha20_context chacha20_ctx; /**< The ChaCha20 context. */ +}mbedtls_chachapoly_context; + +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef __cplusplus +} +#endif + + +#endif /* MBEDTLS_CHACHAPOLY_ALT_H */ diff --git a/include/mbedtls/cmac_alt.h b/include/mbedtls/cmac_alt.h new file mode 100644 index 0000000..7967204 --- /dev/null +++ b/include/mbedtls/cmac_alt.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_CMAC_ALT_H +#define MBEDTLS_CMAC_ALT_H + +#if defined(MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#endif + + + +#include +#include + +#if defined(MBEDTLS_CMAC_ALT) + +/* hide internal implementation of the struct. Allocate enough space for it.*/ +#define MBEDTLS_CMAC_CONTEXT_SIZE_IN_WORDS 38 + + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief CMAC cipher context structure + */ +struct mbedtls_cmac_context_t{ + /*! Internal buffer */ + uint32_t buf[MBEDTLS_CMAC_CONTEXT_SIZE_IN_WORDS]; +}; + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_CMAC_ALT */ + +#endif /* MBEDTLS_CMAC_ALT_H */ diff --git a/include/mbedtls/dhm_alt.h b/include/mbedtls/dhm_alt.h new file mode 100644 index 0000000..9a0382d --- /dev/null +++ b/include/mbedtls/dhm_alt.h @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_DHM_ALT_H +#define MBEDTLS_DHM_ALT_H + + +#if defined(MBEDTLS_DHM_ALT) + + +#if defined(MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#endif + +#include + +/* + * DHM Error codes + */ +#define MBEDTLS_ERR_DHM_BAD_INPUT_DATA -0x3080 /**< Bad input parameters. */ +#define MBEDTLS_ERR_DHM_READ_PARAMS_FAILED -0x3100 /**< Reading of the DHM parameters failed. */ +#define MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED -0x3180 /**< Making of the DHM parameters failed. */ +#define MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED -0x3200 /**< Reading of the public values failed. */ +#define MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED -0x3280 /**< Making of the public value failed. */ +#define MBEDTLS_ERR_DHM_CALC_SECRET_FAILED -0x3300 /**< Calculation of the DHM secret failed. */ +#define MBEDTLS_ERR_DHM_INVALID_FORMAT -0x3380 /**< The ASN.1 data is not formatted correctly. */ +#define MBEDTLS_ERR_DHM_ALLOC_FAILED -0x3400 /**< Allocation of memory failed. */ +#define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480 /**< Read or write of file failed. */ +#define MBEDTLS_ERR_DHM_HW_ACCEL_FAILED -0x3500 /**< DHM hardware accelerator failed. */ +#define MBEDTLS_ERR_DHM_SET_GROUP_FAILED -0x3580 /**< Setting the modulus and generator failed. */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief The DHM context structure. + */ +typedef struct +{ + size_t len; /*!< The size of \p P in Bytes. */ + mbedtls_mpi P; /*!< The prime modulus. */ + mbedtls_mpi G; /*!< The generator. */ + mbedtls_mpi X; /*!< Our secret value. */ + mbedtls_mpi GX; /*!< Our public key = \c G^X mod \c P. */ + mbedtls_mpi GY; /*!< The public key of the peer = \c G^Y mod \c P. */ + mbedtls_mpi K; /*!< The shared secret = \c G^(XY) mod \c P. */ + mbedtls_mpi RP; /*!< The cached value = \c R^2 mod \c P. */ + mbedtls_mpi Vi; /*!< The blinding value. */ + mbedtls_mpi Vf; /*!< The unblinding value. */ + mbedtls_mpi pX; /*!< The previous \c X. */ +} +mbedtls_dhm_context; + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_DHM_ALT - use alternative code */ +#endif /* MBEDTLS_DHM_ALT_H - include only once */ diff --git a/include/mbedtls/ecp_alt.h b/include/mbedtls/ecp_alt.h new file mode 100644 index 0000000..3288453 --- /dev/null +++ b/include/mbedtls/ecp_alt.h @@ -0,0 +1,144 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +#ifndef MBEDTLS_ECP_ALT_H +#define MBEDTLS_ECP_ALT_H + +#if defined(MBEDTLS_ECP_ALT) + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * The content of the structure in this ALT implementation is + * exactly the same as ecp.h, but the type must be provided + * here as MBEDTLS_ECP_ALT is set + */ + +/** + * \brief The ECP group structure. + * + * We consider two types of curve equations: + *
  • Short Weierstrass: y^2 = x^3 + A x + B mod P + * (SEC1 + RFC-4492)
    • + *
  • Montgomery: y^2 = x^3 + A x^2 + x mod P (Curve25519, + * Curve448)
+ * In both cases, the generator (\p G) for a prime-order subgroup is fixed. + * + * For Short Weierstrass, this subgroup is the whole curve, and its + * cardinality is denoted by \p N. Our code requires that \p N is an + * odd prime as mbedtls_ecp_mul() requires an odd number, and + * mbedtls_ecdsa_sign() requires that it is prime for blinding purposes. + * + * For Montgomery curves, we do not store \p A, but (A + 2) / 4, + * which is the quantity used in the formulas. Additionally, \p nbits is + * not the size of \p N but the required size for private keys. + * + * If \p modp is NULL, reduction modulo \p P is done using a generic algorithm. + * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the + * range of 0..2^(2*pbits)-1, and transforms it in-place to an integer + * which is congruent mod \p P to the given MPI, and is close enough to \p pbits + * in size, so that it may be efficiently brought in the 0..P-1 range by a few + * additions or subtractions. Therefore, it is only an approximative modular + * reduction. It must return 0 on success and non-zero on failure. + * + * \note Alternative implementations must keep the group IDs distinct. If + * two group structures have the same ID, then they must be + * identical. + * + */ +typedef struct mbedtls_ecp_group +{ + mbedtls_ecp_group_id id; /*!< An internal group identifier. */ + mbedtls_mpi P; /*!< The prime modulus of the base field. */ + mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For + Montgomery curves: (A + 2) / 4. */ + mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation. + For Montgomery curves: unused. */ + mbedtls_ecp_point G; /*!< The generator of the subgroup used. */ + mbedtls_mpi N; /*!< The order of \p G. */ + size_t pbits; /*!< The number of bits in \p P.*/ + size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P. + For Montgomery curves: the number of bits in the + private keys. */ + unsigned int h; /*!< \internal 1 if the constants are static. */ + int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction + mod \p P (see above).*/ + int (*t_pre)(mbedtls_ecp_point *, void *); /*!< Unused. */ + int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */ + void *t_data; /*!< Unused. */ + mbedtls_ecp_point *T; /*!< Pre-computed points for ecp_mul_comb(). */ + size_t T_size; /*!< The number of pre-computed points. */ +} +mbedtls_ecp_group; + +/** + * \name SECTION: Module settings + * + * The configuration options you can set for this module are in this section. + * Either change them in config.h, or define them using the compiler command line. + * \{ + */ + +#if !defined(MBEDTLS_ECP_MAX_BITS) +/** + * The maximum size of the groups, that is, of \c N and \c P. + */ +#define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */ +#endif + +#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 ) +#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 ) + +#if !defined(MBEDTLS_ECP_WINDOW_SIZE) +/* + * Maximum "window" size used for point multiplication. + * Default: 6. + * Minimum value: 2. Maximum value: 7. + * + * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) ) + * points used for point multiplication. This value is directly tied to EC + * peak memory usage, so decreasing it by one should roughly cut memory usage + * by two (if large curves are in use). + * + * Reduction in size may reduce speed, but larger curves are impacted first. + * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1): + * w-size: 6 5 4 3 2 + * 521 145 141 135 120 97 + * 384 214 209 198 177 146 + * 256 320 320 303 262 226 + * 224 475 475 453 398 342 + * 192 640 640 633 587 476 + */ +#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< The maximum window size used. */ +#endif /* MBEDTLS_ECP_WINDOW_SIZE */ + +#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM) +/* + * Trade memory for speed on fixed-point multiplication. + * + * This speeds up repeated multiplication of the generator (that is, the + * multiplication in ECDSA signatures, and half of the multiplications in + * ECDSA verification and ECDHE) by a factor roughly 3 to 4. + * + * The cost is increasing EC peak memory usage by a factor roughly 2. + * + * Change this value to 0 to reduce peak memory usage. + */ +#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */ +#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */ + +/* \} name SECTION: Module settings */ + +#define MBEDTLS_ECP_BUDGET( ops ) /* no-op; for compatibility */ + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_ECP_ALT */ + +#endif /* MBEDTLS_ECP_ALT_H */ diff --git a/include/mbedtls/platform_alt.h b/include/mbedtls/platform_alt.h new file mode 100644 index 0000000..4187e8b --- /dev/null +++ b/include/mbedtls/platform_alt.h @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_PLATFORM_ALT_H +#define MBEDTLS_PLATFORM_ALT_H + +#include +#include + +#if defined(MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) + +#define MBEDTLS_ERR_PLATFORM_SUCCESS (0) +#define MBEDTLS_ERR_PLATFORM_ERROR_PARAM_NULL (-0x7001) +#define MBEDTLS_ERR_PLATFORM_ERROR_INTERNAL (-0x7002) +#define MBEDTLS_ERR_PLATFORM_ERROR_RNG_TEST_FAILED (-0x7003) +#define MBEDTLS_ERR_PLATFORM_ERROR_HW_VERSION_FAILED (-0x7004) +#define MBEDTLS_ERR_PLATFORM_ERROR_PARAM_WRITE_FAILED (-0x7005) +#define MBEDTLS_ERR_PLATFORM_ERROR_MUTEX_NOT_INITIALIZED (-0x7016) +#define MBEDTLS_ERR_PLATFORM_ERROR_MUTEX_FAILED (-0x7017) +#define MBEDTLS_ERR_PLATFORM_ERROR_ENTROPY_NOT_INITIALIZED (-0x7018) +#define MBEDTLS_ERR_PLATFORM_ERROR_ENTROPY_TRNG_TOO_LONG (-0x7019) + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief The platform context structure. + * + */ +typedef struct { + char dummy; /**< A placeholder member, as empty structs are not portable. */ +} +mbedtls_platform_context; + + +/** @brief Function to initialize platform without rng support + * + * Call this function instead of mbedtls_platform_setup if RNG is not required. + * e.g. to conserve code size of improve startup time. + * + * @note It is possible to run mbedtls_platform_setup after calling + * this API if RNG is suddenly required. Calling mbedtls_platform_teardown + * is not required to be used, in this case. + * + * @warning Only deterministic cryptographic is supported if this API is used + * to initalize the HW. + */ +int mbedtls_platform_setup_no_rng(void); + + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ + +#endif /* MBEDTLS_PLATFORM_ALT_H */ diff --git a/include/mbedtls/poly1305_alt.h b/include/mbedtls/poly1305_alt.h new file mode 100644 index 0000000..93d400d --- /dev/null +++ b/include/mbedtls/poly1305_alt.h @@ -0,0 +1,59 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_POLY1305_ALT_H +#define MBEDTLS_POLY1305_ALT_H + +#if defined(MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#endif + + +#ifdef __cplusplus +extern "C" +{ +#endif + +#if defined(MBEDTLS_POLY1305_ALT) + +/************************ defines ****************************/ +/*! The size of the POLY key in words. */ +#define MBEDTLS_POLY_KEY_SIZE_WORDS 8 + +/*! The size of the POLY key in bytes. */ +#define MBEDTLS_POLY_KEY_SIZE_BYTES 32 + +/*! The size of the POLY MAC in words. */ +#define MBEDTLS_POLY_MAC_SIZE_WORDS 4 + +/*! The size of the POLY MAC in bytes. */ +#define MBEDTLS_POLY_MAC_SIZE_BYTES 16 + +/************************ Typedefs ****************************/ +/*! The definition of the ChaCha-MAC buffer. */ +typedef uint32_t mbedtls_poly_mac[MBEDTLS_POLY_MAC_SIZE_WORDS]; + +/*! The definition of the ChaCha-key buffer. */ +typedef uint32_t mbedtls_poly_key[MBEDTLS_POLY_KEY_SIZE_WORDS]; + +typedef struct mbedtls_poly1305_context +{ + uint32_t r[4]; /** The value for 'r' (low 128 bits of the key). */ + uint32_t s[4]; /** The value for 's' (high 128 bits of the key). */ + uint32_t acc[5]; /** The accumulator number. */ + uint8_t queue[16]; /** The current partial block of data. */ + size_t queue_len; /** The number of bytes stored in 'queue'. */ +} +mbedtls_poly1305_context; + +#endif + +#ifdef __cplusplus +} +#endif + + +#endif /* MBEDTLS_POLY1305_ALT_H */ diff --git a/include/mbedtls/rsa_alt.h b/include/mbedtls/rsa_alt.h new file mode 100644 index 0000000..4a3536c --- /dev/null +++ b/include/mbedtls/rsa_alt.h @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_RSA_ALT_H +#define MBEDTLS_RSA_ALT_H + +#if defined(MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined (MBEDTLS_RSA_ALT) + +#include "bignum.h" + +#if defined(MBEDTLS_THREADING_C) +#include "threading.h" +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief The RSA context structure. + * + * \note Direct manipulation of the members of this structure + * is deprecated. All manipulation should instead be done through + * the public interface functions. + */ +typedef struct +{ + int ver; /*!< always 0 */ + size_t len; /*!< size(N) in chars */ + + mbedtls_mpi N; /*!< public modulus */ + mbedtls_mpi E; /*!< public exponent */ + + mbedtls_mpi D; /*!< private exponent */ + mbedtls_mpi P; /*!< 1st prime factor */ + mbedtls_mpi Q; /*!< 2nd prime factor */ + + mbedtls_mpi DP; /*!< D % (P - 1) */ + mbedtls_mpi DQ; /*!< D % (Q - 1) */ + mbedtls_mpi QP; /*!< 1 / (Q % P) */ + + mbedtls_mpi RN; /*!< cached R^2 mod N */ + + mbedtls_mpi RP; /*!< cached R^2 mod P */ + mbedtls_mpi RQ; /*!< cached R^2 mod Q */ + + mbedtls_mpi Vi; /*!< cached blinding value */ + mbedtls_mpi Vf; /*!< cached un-blinding value */ + + int padding; /*!< MBEDTLS_RSA_PKCS_V15 for 1.5 padding and + MBEDTLS_RSA_PKCS_v21 for OAEP/PSS */ + int hash_id; /*!< Hash identifier of mbedtls_md_type_t as + specified in the mbedtls_md.h header file + for the EME-OAEP and EMSA-PSS + encoding */ +#if defined(MBEDTLS_THREADING_C) + mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex */ +#else + uint8_t dummy[8]; /*!< Ensuring same size when threading is disabled */ +#endif + + mbedtls_mpi NP; /*!< Barrett mod N tag NP for N-modulus */ + mbedtls_mpi BQP; /*!< Barrett mod Q tag QP for Q-factor */ + mbedtls_mpi BPP; /*!< Barrett mod P tag PP for P-factor */ + +} +mbedtls_rsa_context; + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_RSA_ALT */ + +#endif /* MBEDTLS_RSA_ALT_H */ diff --git a/include/mbedtls/sha1_alt.h b/include/mbedtls/sha1_alt.h new file mode 100644 index 0000000..1a8e08c --- /dev/null +++ b/include/mbedtls/sha1_alt.h @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_SHA1_ALT_H +#define MBEDTLS_SHA1_ALT_H + +#include +#include + +#if defined (MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined (MBEDTLS_SHA1_ALT) + +#define SHA_1_CONTEXT_SIZE_IN_WORDS 60 + +#define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief SHA-1 context structure + */ +typedef struct mbedtls_sha1_context { + /*! Internal buffer */ + uint32_t buff[SHA_1_CONTEXT_SIZE_IN_WORDS]; // defined in cc_hash_defs_proj.h +} mbedtls_sha1_context; + +#ifdef __cplusplus +} +#endif +#endif /* MBEDTLS_SHA1_ALT */ + +#endif /* MBEDTLS_SHA1_ALT_H */ diff --git a/include/mbedtls/sha256_alt.h b/include/mbedtls/sha256_alt.h new file mode 100644 index 0000000..301f9b7 --- /dev/null +++ b/include/mbedtls/sha256_alt.h @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_SHA256_ALT_H +#define MBEDTLS_SHA256_ALT_H + +#include +#include + +#if defined (MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined (MBEDTLS_SHA256_ALT) + +#define SHA_256_CONTEXT_SIZE_IN_WORDS 60 + +#define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief SHA-256 context structure + */ +typedef struct mbedtls_sha256_context { + uint32_t reserved; + uint32_t buff[SHA_256_CONTEXT_SIZE_IN_WORDS]; // defined in cc_hash_defs.h +} mbedtls_sha256_context; + +#ifdef __cplusplus +} +#endif +#endif /* MBEDTLS_SHA256_ALT */ + +#endif /* MBEDTLS_SHA256_ALT_H */ diff --git a/include/mbedtls/threading_alt.h b/include/mbedtls/threading_alt.h new file mode 100644 index 0000000..ac2bde6 --- /dev/null +++ b/include/mbedtls/threading_alt.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef MBEDTLS_THREADING_ALT_H +#define MBEDTLS_THREADING_ALT_H + +#include +#include "nrf_cc3xx_platform_mutex.h" + +/** @brief Alternate declaration of mbedtls mutex type + * + * The RTOS may require allocation and freeing of resources + * as the inner type of the mutex is represented by an + * RTOS-friendly void pointer. + */ +typedef nrf_cc3xx_platform_mutex_t mbedtls_threading_mutex_t; + +#endif /* MBEDTLS_THREADING_ALT_H */ diff --git a/include/mbedtls_extra/cc_aes_defs.h b/include/mbedtls_extra/cc_aes_defs.h new file mode 100644 index 0000000..46b2c75 --- /dev/null +++ b/include/mbedtls_extra/cc_aes_defs.h @@ -0,0 +1,160 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + + /*! + @addtogroup cc_aes_defs + @{ + */ + +/*! + @file + @brief This file contains the type definitions that are used by the CryptoCell + AES APIs. + */ + + +#ifndef CC_AES_DEFS_H +#define CC_AES_DEFS_H + +#include "cc_pal_types.h" +#include "cc_aes_defs_proj.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/************************ Defines ******************************/ +/*! The size of the AES block in words. */ +#define CC_AES_CRYPTO_BLOCK_SIZE_IN_WORDS 4 +/*! The size of the AES block in bytes. */ +#define CC_AES_BLOCK_SIZE_IN_BYTES (CC_AES_CRYPTO_BLOCK_SIZE_IN_WORDS * sizeof(uint32_t)) + +/*! The size of the IV buffer in words. */ +#define CC_AES_IV_SIZE_IN_WORDS CC_AES_CRYPTO_BLOCK_SIZE_IN_WORDS +/*! The size of the IV buffer in bytes. */ +#define CC_AES_IV_SIZE_IN_BYTES (CC_AES_IV_SIZE_IN_WORDS * sizeof(uint32_t)) + + +/************************ Enums ********************************/ +/*! The AES operation:
  • Encrypt
  • Decrypt
. */ +typedef enum { + /*! An AES encrypt operation. */ + CC_AES_ENCRYPT = 0, + /*! An AES decrypt operation. */ + CC_AES_DECRYPT = 1, + /*! The maximal number of operations. */ + CC_AES_NUM_OF_ENCRYPT_MODES, + /*! Reserved. */ + CC_AES_ENCRYPT_MODE_LAST = 0x7FFFFFFF +}CCAesEncryptMode_t; + +/*! The AES operation mode. */ +typedef enum { + /*! ECB mode. */ + CC_AES_MODE_ECB = 0, + /*! CBC mode. */ + CC_AES_MODE_CBC = 1, + /*! CBC-MAC mode. */ + CC_AES_MODE_CBC_MAC = 2, + /*! CTR mode. */ + CC_AES_MODE_CTR = 3, + /*! XCBC-MAC mode. */ + CC_AES_MODE_XCBC_MAC = 4, + /*! CMAC mode. */ + CC_AES_MODE_CMAC = 5, + /*! XTS mode. */ + CC_AES_MODE_XTS = 6, + /*! CBC-CTS mode. */ + CC_AES_MODE_CBC_CTS = 7, + /*! OFB mode. */ + CC_AES_MODE_OFB = 8, + + /*! The maximal number of AES modes. */ + CC_AES_NUM_OF_OPERATION_MODES, + /*! Reserved. */ + CC_AES_OPERATION_MODE_LAST = 0x7FFFFFFF +}CCAesOperationMode_t; + +/*! The AES padding type. */ +typedef enum { + /*! No padding. */ + CC_AES_PADDING_NONE = 0, + /*! PKCS7 padding. */ + CC_AES_PADDING_PKCS7 = 1, + /*! The maximal number of AES padding modes. */ + CC_AES_NUM_OF_PADDING_TYPES, + /*! Reserved. */ + CC_AES_PADDING_TYPE_LAST = 0x7FFFFFFF +}CCAesPaddingType_t; + +/*! The AES key type. */ +typedef enum { + /*! The user key. */ + CC_AES_USER_KEY = 0, + /*! The Kplt hardware key. */ + CC_AES_PLATFORM_KEY = 1, + /*! The Kcst hardware key. */ + CC_AES_CUSTOMER_KEY = 2, + /*! The maximal number of AES key types. */ + CC_AES_NUM_OF_KEY_TYPES, + /*! Reserved. */ + CC_AES_KEY_TYPE_LAST = 0x7FFFFFFF +}CCAesKeyType_t; + +/************************ Typedefs ****************************/ + +/*! Defines the IV buffer. A 16-byte array. */ +typedef uint8_t CCAesIv_t[CC_AES_IV_SIZE_IN_BYTES]; + +/*! Defines the AES key data buffer. */ +typedef uint8_t CCAesKeyBuffer_t[CC_AES_KEY_MAX_SIZE_IN_BYTES]; + +/************************ Structs ******************************/ + +/*! + The context prototype of the user. + + The argument type that is passed by the user to the AES APIs. The context + saves the state of the operation, and must be saved by the user until + the end of the API flow. + */ +typedef struct CCAesUserContext_t { + /*! The context buffer for internal usage. */ + uint32_t buff[CC_AES_USER_CTX_SIZE_IN_WORDS] ; +}CCAesUserContext_t; + + +/*! The AES key data of the user. */ +typedef struct CCAesUserKeyData_t { + /*! A pointer to the key. */ + uint8_t * pKey; + /*! The size of the key in bytes. Valid values for XTS mode, if supported: + 32 bytes or 64 bytes, indicating the full size of the double key (2x128 or + 2x256 bit). Valid values for XCBC-MAC mode: 16 bytes, as limited by the + standard. Valid values for all other modes: 16 bytes, 24 bytes, or + 32 bytes. */ + size_t keySize; +}CCAesUserKeyData_t; + +/*! The AES HW key Data. */ +typedef struct CCAesHwKeyData_t { + /*! Slot number. */ + size_t slotNumber; +}CCAesHwKeyData_t; + +#endif /* CC_AES_DEFS_H */ + +#ifdef __cplusplus +} + +#endif + +/*! + @} +*/ diff --git a/include/mbedtls_extra/cc_aes_defs_proj.h b/include/mbedtls_extra/cc_aes_defs_proj.h new file mode 100644 index 0000000..d4a13b0 --- /dev/null +++ b/include/mbedtls_extra/cc_aes_defs_proj.h @@ -0,0 +1,50 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @addtogroup cc_aes_defs_proj + @{ + */ + +/*! + @file + @brief This file contains project definitions that are used for CryptoCell + AES APIs. + */ + +#ifndef CC_AES_DEFS_PROJ_H +#define CC_AES_DEFS_PROJ_H + +#include "cc_pal_types.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/************************ Defines ******************************/ + +/*! The size of the context prototype of the user in words. +See ::CCAesUserContext_t.*/ +#define CC_AES_USER_CTX_SIZE_IN_WORDS (4+8+8+4) + +/*! The maximal size of the AES key in words. */ +#define CC_AES_KEY_MAX_SIZE_IN_WORDS 8 +/*! The maximal size of the AES key in bytes. */ +#define CC_AES_KEY_MAX_SIZE_IN_BYTES (CC_AES_KEY_MAX_SIZE_IN_WORDS * sizeof(uint32_t)) + + +#ifdef __cplusplus +} +#endif + + +/*! + @} + */ + +#endif /* #ifndef CC_AES_DEFS_PROJ_H */ diff --git a/include/mbedtls_extra/cc_bitops.h b/include/mbedtls_extra/cc_bitops.h new file mode 100644 index 0000000..d1b60c5 --- /dev/null +++ b/include/mbedtls_extra/cc_bitops.h @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! @file +@brief This file defines bit-field operations macros. +*/ + +#ifndef _CC_BITOPS_H_ +#define _CC_BITOPS_H_ + + +/*! Defintion of number of 32bit maximum value. */ +#define CC_32BIT_MAX_VALUE (0xFFFFFFFFUL) + +/*! Definition for bitmask */ +#define BITMASK(mask_size) (((mask_size) < 32) ? \ + ((1UL << (mask_size)) - 1) : 0xFFFFFFFFUL) +/*! Definition for bitmask in a given offset. */ +#define BITMASK_AT(mask_size, mask_offset) (BITMASK(mask_size) << (mask_offset)) + +/*! Definition for getting bits value from a word. */ +#define BITFIELD_GET(word, bit_offset, bit_size) \ + (((word) >> (bit_offset)) & BITMASK(bit_size)) +/*! Definition for setting bits value from a word. */ +#define BITFIELD_SET(word, bit_offset, bit_size, new_val) do { \ + word = ((word) & ~BITMASK_AT(bit_size, bit_offset)) | \ + (((new_val) & BITMASK(bit_size)) << (bit_offset)); \ +} while (0) + +/*!Definition for is val aligned to "align" ("align" must be power of 2). */ +#ifndef IS_ALIGNED +#define IS_ALIGNED(val, align) \ + (((uintptr_t)(val) & ((align) - 1)) == 0) +#endif +/*!Definition swap endianity for 32 bits word. */ +#define SWAP_ENDIAN(word) \ + (((word) >> 24) | (((word) & 0x00FF0000) >> 8) | \ + (((word) & 0x0000FF00) << 8) | (((word) & 0x000000FF) << 24)) + +#ifdef BIG__ENDIAN +#define SWAP_TO_LE(word) SWAP_ENDIAN(word) +#define SWAP_TO_BE(word) word +#else +/*! Definition for swapping to LE. */ +#define SWAP_TO_LE(word) word +/*! Definition for swapping to BE. */ +#define SWAP_TO_BE(word) SWAP_ENDIAN(word) +#endif + +/*!Align X to uint32_t size. */ +#ifndef ALIGN_TO_4BYTES +#define ALIGN_TO_4BYTES(x) (((unsigned long)(x) + (CC_32BIT_WORD_SIZE-1)) & ~(CC_32BIT_WORD_SIZE-1)) +#endif + + + +/*! Definition for is val a multiple of "mult" ("mult" must be power of 2). */ +#define IS_MULT(val, mult) \ + (((val) & ((mult) - 1)) == 0) + +/*! Definition for is NULL address. */ +#define IS_NULL_ADDR(adr) \ + (!(adr)) + +#endif /*_CC_BITOPS_H_*/ diff --git a/include/mbedtls_extra/cc_ecpki_types.h b/include/mbedtls_extra/cc_ecpki_types.h new file mode 100644 index 0000000..78c8187 --- /dev/null +++ b/include/mbedtls_extra/cc_ecpki_types.h @@ -0,0 +1,489 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @addtogroup cc_ecpki_types + @{ + */ + +/*! + @file + @brief This file contains all the type definitions that are used for the + CryptoCell ECPKI APIs. + */ + +#ifndef _CC_ECPKI_TYPES_H +#define _CC_ECPKI_TYPES_H + + +#include "cc_bitops.h" +#include "cc_pal_types_plat.h" +#include "cc_hash_defs.h" +#include "cc_pka_defs_hw.h" +#include "cc_pal_compiler.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/************************ Defines ******************************/ +/*! The size of the internal buffer in words. */ +#define CC_PKA_DOMAIN_LLF_BUFF_SIZE_IN_WORDS (10 + 3*CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS) + +/************************************************************************************** + * Enumerators + ***************************************************************************************/ + +/*------------------------------------------------------------------*/ +/*! @brief EC domain idetifiers. + + For more information, see Standards for Efficient Cryptography Group + (SECG): SEC2 Recommended Elliptic Curve Domain Parameters, Version 1.0. +*/ +typedef enum +{ + /* For prime field */ + /*! EC secp192k1. */ + CC_ECPKI_DomainID_secp192k1, + /*! EC secp192r1. */ + CC_ECPKI_DomainID_secp192r1, + /*! EC secp224k1. */ + CC_ECPKI_DomainID_secp224k1, + /*! EC secp224r1. */ + CC_ECPKI_DomainID_secp224r1, + /*! EC secp256k1. */ + CC_ECPKI_DomainID_secp256k1, + /*! EC secp256r1. */ + CC_ECPKI_DomainID_secp256r1, + /*! EC secp384r1. */ + CC_ECPKI_DomainID_secp384r1, + /*! EC secp521r1. */ + CC_ECPKI_DomainID_secp521r1, + /*! Reserved.*/ + CC_ECPKI_DomainID_OffMode, + /*! Reserved.*/ + CC_ECPKI_DomainIDLast = 0x7FFFFFFF, + +}CCEcpkiDomainID_t; + + +/*------------------------------------------------------------------*/ +/*! + @brief Hash operation mode. + + Defines hash modes according to IEEE 1363-2000: IEEE Standard for + Standard Specifications for Public-Key Cryptography. + */ +typedef enum +{ + /*! The message data will be hashed with SHA-1. */ + CC_ECPKI_HASH_SHA1_mode = 0, + /*! The message data will be hashed with SHA-224. */ + CC_ECPKI_HASH_SHA224_mode = 1, + /*! The message data will be hashed with SHA-256. */ + CC_ECPKI_HASH_SHA256_mode = 2, + /*! The message data will be hashed with SHA-384. */ + CC_ECPKI_HASH_SHA384_mode = 3, + /*! The message data will be hashed with SHA-512. */ + CC_ECPKI_HASH_SHA512_mode = 4, + /*! The message data is a digest of SHA-1 and will not be hashed. */ + CC_ECPKI_AFTER_HASH_SHA1_mode = 5, + /*! The message data is a digest of SHA-224 and will not be hashed. */ + CC_ECPKI_AFTER_HASH_SHA224_mode = 6, + /*! The message data is a digest of SHA-256 and will not be hashed. */ + CC_ECPKI_AFTER_HASH_SHA256_mode = 7, + /*! The message data is a digest of SHA-384 and will not be hashed. */ + CC_ECPKI_AFTER_HASH_SHA384_mode = 8, + /*! The message data is a digest of SHA-512 and will not be hashed. */ + CC_ECPKI_AFTER_HASH_SHA512_mode = 9, + /*! The maximal number of hash modes. */ + CC_ECPKI_HASH_NumOfModes, + /*! Reserved. */ + CC_ECPKI_HASH_OpModeLast = 0x7FFFFFFF, + +}CCEcpkiHashOpMode_t; + + +/*---------------------------------------------------*/ +/*! EC point-compression identifiers. +*/ +typedef enum +{ + /*! A compressed point. */ + CC_EC_PointCompressed = 2, + /*! An uncompressed point. */ + CC_EC_PointUncompressed = 4, + /*! An incorrect point-control value. */ + CC_EC_PointContWrong = 5, + /*! A hybrid point. */ + CC_EC_PointHybrid = 6, + /*! Reserved. */ + CC_EC_PointCompresOffMode = 8, + /*! Reserved. */ + CC_ECPKI_PointCompressionLast= 0x7FFFFFFF, +}CCEcpkiPointCompression_t; + +/*----------------------------------------------------*/ +/*! EC key checks. */ +typedef enum { + /*! Check only preliminary input parameters. */ + CheckPointersAndSizesOnly = 0, + /*! Check preliminary input parameters and verify that the EC public-key + point is on the curve. */ + ECpublKeyPartlyCheck = 1, + /*! Check preliminary input parameters, verify that the EC public-key + point is on the curve, and verify that \c EC_GeneratorOrder*PubKey = 0 */ + ECpublKeyFullCheck = 2, + /*! Reserved. */ + PublKeyChecingOffMode, + /*! Reserved. */ + EC_PublKeyCheckModeLast = 0x7FFFFFFF, +}ECPublKeyCheckMode_t; + +/*----------------------------------------------------*/ +/*! SW SCA protection type. */ +typedef enum { + /*! SCA protection inactive. */ + SCAP_Inactive, + /*! SCA protection active. */ + SCAP_Active, + /*! Reserved. */ + SCAP_OFF_MODE, + /*! Reserved. */ + SCAP_LAST = 0x7FFFFFFF +}CCEcpkiScaProtection_t; + +/************************************************************************************** + * EC Domain structure definition + ***************************************************************************************/ + +/*! + @brief The structure containing the EC domain parameters in little-endian + form. + + EC equation: \c Y^2 = \c X^3 + \c A*X + \c B over prime field \p GFp. + */ +typedef struct { + /*! EC modulus: P. */ + uint32_t ecP [CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! EC equation parameter A. */ + uint32_t ecA [CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! EC equation parameter B. */ + uint32_t ecB [CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! Order of generator. */ + uint32_t ecR [CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS + 1]; + /*! EC cofactor EC_Cofactor_K. The coordinates of the EC base point + generator in projective form. */ + uint32_t ecGx [CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! EC cofactor EC_Cofactor_K. The coordinates of the EC base point + generator in projective form. */ + uint32_t ecGy [CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! EC cofactor EC_Cofactor_K. The coordinates of the EC base point + generator in projective form. */ + uint32_t ecH; + /*! Specific fields that are used by the low-level functions.*/ + uint32_t llfBuff[CC_PKA_DOMAIN_LLF_BUFF_SIZE_IN_WORDS]; + /*! The size of fields in bits. */ + uint32_t modSizeInBits; + /*! The size of the order in bits. */ + uint32_t ordSizeInBits; + /*! The size of each inserted Barret tag in words. Zero if not inserted.*/ + uint32_t barrTagSizeInWords; + /*! The EC Domain identifier. */ + CCEcpkiDomainID_t DomainID; + /*! Internal buffer. */ + int8_t name[20]; +}CCEcpkiDomain_t; + + + +/************************************************************************************** + * EC point structures definitions + ***************************************************************************************/ + +/*! The structure containing the EC point in affine coordinates + and little endian form. */ +typedef struct +{ + /*! The X coordinate of the point. */ + uint32_t x[CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! The Y coordinate of the point. */ + uint32_t y[CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + +}CCEcpkiPointAffine_t; + + +/************************************************************************************** + * ECPKI public and private key Structures + ***************************************************************************************/ + +/* --------------------------------------------------------------------- */ +/* .................. The public key structures definitions ............ */ +/* --------------------------------------------------------------------- */ + +/*! The structure containing the public key in affine coordinates.*/ +typedef struct +{ + /*! The X coordinate of the public key.*/ + uint32_t x[CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! The Y coordinate of the public key.*/ + uint32_t y[CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS]; + /*! The EC Domain.*/ + CCEcpkiDomain_t domain; + /*! The point type.*/ + uint32_t pointType; +} CCEcpkiPublKey_t; + + +/*! +@brief The user structure prototype of the EC public key. + +This structure must be saved by the user. It is used as input to ECC functions, +for example, CC_EcdsaVerify(). +*/ +typedef struct CCEcpkiUserPublKey_t +{ + /*! The validation tag. */ + uint32_t valid_tag; + /*! The data of the public key. */ + uint32_t PublKeyDbBuff[(sizeof(CCEcpkiPublKey_t)+3)/4]; +} CCEcpkiUserPublKey_t; + + +/* --------------------------------------------------------------------- */ +/* .................. The private key structures definitions ........... */ +/* --------------------------------------------------------------------- */ + +/*! The structure containing the data of the private key. */ +typedef struct +{ + /*! The data of the private key. */ + uint32_t PrivKey[CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS + 1]; + /*! The EC domain. */ + CCEcpkiDomain_t domain; + /*! The SCA protection mode. */ + CCEcpkiScaProtection_t scaProtection; +}CCEcpkiPrivKey_t; + + +/*! + @brief The user structure prototype of the EC private key. + + This structure must be saved by the user. It is used as input to ECC functions, + for example, CC_EcdsaSign(). + */ +typedef struct CCEcpkiUserPrivKey_t +{ + /*! The validation tag. */ + uint32_t valid_tag; + /*! The data of the private key. */ + uint32_t PrivKeyDbBuff[(sizeof(CCEcpkiPrivKey_t)+3)/4]; +} CCEcpkiUserPrivKey_t; + +/*! The type of the ECDH temporary data. */ +typedef struct CCEcdhTempData_t +{ + /*! Temporary buffers. */ + uint32_t ccEcdhIntBuff[CC_PKA_ECDH_BUFF_MAX_LENGTH_IN_WORDS]; +}CCEcdhTempData_t; + +/*! EC build temporary data. */ +typedef struct CCEcpkiBuildTempData_t +{ + /*! Temporary buffers. */ + uint32_t ccBuildTmpIntBuff[CC_PKA_ECPKI_BUILD_TMP_BUFF_MAX_LENGTH_IN_WORDS]; +}CCEcpkiBuildTempData_t; + + + +/************************************************************************** + * CryptoCell ECDSA context structures + **************************************************************************/ + +/* --------------------------------------------------------------------- */ +/* CryptoCell ECDSA Signing context structure */ +/* --------------------------------------------------------------------- */ +/*! The internal buffer used in the signing process. */ +typedef uint32_t CCEcdsaSignIntBuff_t[CC_PKA_ECDSA_SIGN_BUFF_MAX_LENGTH_IN_WORDS]; + +/*! The context definition for the signing operation. */ +typedef struct +{ + /*! The data of the private key. */ + CCEcpkiUserPrivKey_t ECDSA_SignerPrivKey; + CCHashUserContext_t hash_ctx; + /*! The hash result buffer. */ + CCHashResultBuf_t hashResult; + /*! The size of the hash result in words. */ + uint32_t hashResultSizeWords; + /*! The hash mode. */ + CCEcpkiHashOpMode_t hashMode; + /*! Internal buffer. */ + CCEcdsaSignIntBuff_t ecdsaSignIntBuff; +}EcdsaSignContext_t; + + +/* --------------------------------------------------------------------- */ +/* ECDSA Signing User context database */ +/* --------------------------------------------------------------------- */ + +/*! + @brief The context definition of the user for the signing operation. + + This context saves the state of the operation, and must be saved by the user + until the end of the API flow. + */ +typedef struct CCEcdsaSignUserContext_t +{ + /*! The data of the signing process. */ + uint32_t context_buff [(sizeof(EcdsaSignContext_t)+3)/4]; + /*! The validation tag. */ + uint32_t valid_tag; +} CCEcdsaSignUserContext_t; + + + +/****************************************************************************/ + +/* --------------------------------------------------------------------- */ +/* ECDSA Verifying context structure */ +/* --------------------------------------------------------------------- */ +/*! The internal buffer used in the verification process. */ +typedef uint32_t CCEcdsaVerifyIntBuff_t[CC_PKA_ECDSA_VERIFY_BUFF_MAX_LENGTH_IN_WORDS]; + +/*! The context definition for verification operation. */ +typedef struct +{ + /*! The data of the public key. */ + CCEcpkiUserPublKey_t ECDSA_SignerPublKey; + + CCHashUserContext_t hash_ctx; + /*! The hash result. */ + CCHashResultBuf_t hashResult; + /*! The size of the hash result in words. */ + uint32_t hashResultSizeWords; + /*! The hash mode. */ + CCEcpkiHashOpMode_t hashMode; + /*! Internal buffer. */ + CCEcdsaVerifyIntBuff_t ccEcdsaVerIntBuff; +}EcdsaVerifyContext_t; + + +/* --------------------------------------------------------------------- */ +/* ECDSA Verifying User context database */ +/* --------------------------------------------------------------------- */ +/*! + @brief The context definition of the user for the verification operation. + + The context saves the state of the operation, and must be saved by the user + until the end of the API flow. + */ +typedef struct CCEcdsaVerifyUserContext_t +{ + /*! The data of the verification process. */ + uint32_t context_buff[(sizeof(EcdsaVerifyContext_t)+3)/4]; + /*! The validation tag. */ + uint32_t valid_tag; +}CCEcdsaVerifyUserContext_t; + + +/* --------------------------------------------------------------------- */ +/* .................. key generation temp buffer ........... */ +/* --------------------------------------------------------------------- */ + +/*! The temporary data type of the ECPKI KG. */ +typedef struct CCEcpkiKgTempData_t +{ + /*! Internal buffer. */ + uint32_t ccKGIntBuff[CC_PKA_KG_BUFF_MAX_LENGTH_IN_WORDS]; +}CCEcpkiKgTempData_t; + +/*! The temporary data definition of the ECIES. */ +typedef struct CCEciesTempData_t { + /*! The data of the private key. */ + CCEcpkiUserPrivKey_t PrivKey; + /*! The data of the public key. */ + CCEcpkiUserPublKey_t PublKey; + /*! The public-key data used by conversion from Mbed TLS to CryptoCell. */ + CCEcpkiUserPublKey_t ConvPublKey; + /*! Internal buffer. */ + uint32_t zz[3*CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS + 1]; + /*! Internal buffers. */ + union { + CCEcpkiBuildTempData_t buildTempbuff; + CCEcpkiKgTempData_t KgTempBuff; + CCEcdhTempData_t DhTempBuff; + } tmp; +}CCEciesTempData_t; + + +/* --------------------------------------------------------------------- */ +/* .................. defines for FIPS ........... */ +/* --------------------------------------------------------------------- */ + +/*! The order length for FIPS ECC tests. */ +#define CC_ECPKI_FIPS_ORDER_LENGTH (256/CC_BITS_IN_BYTE) // the order of secp256r1 in bytes + +/*! ECPKI data structures for FIPS certification. */ +typedef struct CCEcpkiKgFipsContext_t +{ + /*! Signing and verification data. */ + union { + CCEcdsaSignUserContext_t signCtx; + CCEcdsaVerifyUserContext_t verifyCtx; + }operationCtx; + /*! Internal buffer. */ + uint32_t signBuff[2*CC_ECPKI_ORDER_MAX_LENGTH_IN_WORDS] ; +}CCEcpkiKgFipsContext_t; + +/*! ECDSA KAT data structures for FIPS certification. + The ECDSA KAT tests are defined for domain 256r1. */ +typedef struct CCEcdsaFipsKatContext_t{ + /*! The key data. */ + union { + /*! The private key data. */ + struct { + CCEcpkiUserPrivKey_t PrivKey; + CCEcdsaSignUserContext_t signCtx; + }userSignData; + /*! The public key data. */ + struct { + CCEcpkiUserPublKey_t PublKey; + union { + CCEcdsaVerifyUserContext_t verifyCtx; + CCEcpkiBuildTempData_t tempData; + }buildOrVerify; + }userVerifyData; + }keyContextData; + /*! Internal buffer. */ + uint8_t signBuff[2*CC_ECPKI_FIPS_ORDER_LENGTH]; +}CCEcdsaFipsKatContext_t; + +/*! ECDH KAT data structures for FIPS certification. */ +typedef struct CCEcdhFipsKatContext_t{ + /*! The public key data. */ + CCEcpkiUserPublKey_t pubKey; + /*! The private key data. */ + CCEcpkiUserPrivKey_t privKey; + /*! Internal buffers. */ + union { + CCEcpkiBuildTempData_t ecpkiTempData; + CCEcdhTempData_t ecdhTempBuff; + }tmpData; + /*! The buffer for the secret key. */ + uint8_t secretBuff[CC_ECPKI_FIPS_ORDER_LENGTH]; +}CCEcdhFipsKatContext_t; + +#ifdef __cplusplus +} +#endif + +/*! + @} + */ +#endif diff --git a/include/mbedtls_extra/cc_error.h b/include/mbedtls_extra/cc_error.h new file mode 100644 index 0000000..fc24358 --- /dev/null +++ b/include/mbedtls_extra/cc_error.h @@ -0,0 +1,299 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + + + +/*! + @addtogroup cc_error + @{ + */ + +/*! + @file + @brief This file defines the error return code types and the numbering spaces + for each module of the layers listed. +*/ + + +#ifndef _CC_ERROR_H +#define _CC_ERROR_H + +#include "cc_pal_types.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! The definitions of the error number-space used for the different modules */ + +/* ........... Error base numeric mapping definitions ................... */ +/* ----------------------------------------------------------------------- */ + + /*! The error base number for CryptoCell. */ +#define CC_ERROR_BASE 0x00F00000UL + +/*! The error range number assigned for each layer. */ +#define CC_ERROR_LAYER_RANGE 0x00010000UL + +/*! The error range number assigned to each module on its specified layer. */ +#define CC_ERROR_MODULE_RANGE 0x00000100UL + +/* Defines the layer index for the error mapping. */ +/*! The CryptoCell error-layer index. */ +#define CC_LAYER_ERROR_IDX 0x00UL +/*! The error-layer index for low-level functions. */ +#define LLF_LAYER_ERROR_IDX 0x01UL +/*! The generic error-layer index. */ +#define GENERIC_ERROR_IDX 0x05UL + +/* Defines the module index for error mapping */ +/*! The AES error index.*/ +#define AES_ERROR_IDX 0x00UL +/*! The DES error index.*/ +#define DES_ERROR_IDX 0x01UL +/*! The hash error index.*/ +#define HASH_ERROR_IDX 0x02UL +/*! The HMAC error index.*/ +#define HMAC_ERROR_IDX 0x03UL +/*! The RSA error index.*/ +#define RSA_ERROR_IDX 0x04UL +/*! The DH error index.*/ +#define DH_ERROR_IDX 0x05UL +/*! The ECPKI error index.*/ +#define ECPKI_ERROR_IDX 0x08UL +/*! The RND error index.*/ +#define RND_ERROR_IDX 0x0CUL +/*! The Common error index.*/ +#define COMMON_ERROR_IDX 0x0DUL +/*! The KDF error index.*/ +#define KDF_ERROR_IDX 0x11UL +/*! The HKDF error index.*/ +#define HKDF_ERROR_IDX 0x12UL +/*! The AESCCM error index.*/ +#define AESCCM_ERROR_IDX 0x15UL +/*! The FIPS error index.*/ +#define FIPS_ERROR_IDX 0x17UL +/*! The PKA error index.*/ + +#define PKA_MODULE_ERROR_IDX 0x21UL +/*! The ChaCha error index.*/ +#define CHACHA_ERROR_IDX 0x22UL +/*! The EC Montgomery and Edwards error index.*/ +#define EC_MONT_EDW_ERROR_IDX 0x23UL +/*! The ChaCha-POLY error index.*/ +#define CHACHA_POLY_ERROR_IDX 0x24UL +/*! The POLY error index.*/ +#define POLY_ERROR_IDX 0x25UL +/*! The SRP error index.*/ +#define SRP_ERROR_IDX 0x26UL + + +/*! The AESGCM error index.*/ +#define AESGCM_ERROR_IDX 0x27UL + +/*! The AES key-wrap error index.*/ +#define AES_KEYWRAP_ERROR_IDX 0x28UL + +/*! Management error index.*/ +#define MNG_ERROR_IDX 0x29UL + +/*! Production error index.*/ +#define PROD_ERROR_IDX 0x2AUL + +/*! The FFCDH error index. */ +#define FFCDH_ERROR_IDX 0x2BUL +/*! The FFC domain error index. */ +#define FFC_DOMAIN_ERROR_IDX 0x2CUL + +/*! Do not change! Error definition, reserved for Secure Boot ECDSA */ +#define SB_ECC_ERROR_IDX_ 0x2DUL +/*! External DMA error index. */ +#define EXT_DMA_ERROR_IDX 0x2EUL + + + +/* .......... defining the error spaces for each module on each layer ........... */ +/* ------------------------------------------------------------------------------ */ + +/*! The error base address of the AES module - 0x00F00000. */ +#define CC_AES_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * AES_ERROR_IDX ) ) + +/*! The error base address of the DES module - 0x00F00100. */ +#define CC_DES_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * DES_ERROR_IDX ) ) + +/*! The error base address of the hash module - 0x00F00200. */ +#define CC_HASH_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * HASH_ERROR_IDX ) ) + +/*! The error base address of the HMAC module - 0x00F00300. */ +#define CC_HMAC_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * HMAC_ERROR_IDX ) ) + +/*! The error base address of the RSA module - 0x00F00400. */ +#define CC_RSA_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * RSA_ERROR_IDX ) ) + +/*! The error base address of the DH module - 0x00F00500. */ +#define CC_DH_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * DH_ERROR_IDX ) ) + +/*! The error base address of the ECPKI module - 0x00F00800. */ +#define CC_ECPKI_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * ECPKI_ERROR_IDX ) ) + +/*! The error base address of the low-level ECPKI module - 0x00F10800. */ +#define LLF_ECPKI_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * LLF_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * ECPKI_ERROR_IDX ) ) + +/*! The error base address of the RND module - 0x00F00C00. */ +#define CC_RND_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * RND_ERROR_IDX ) ) + +/*! The error base address of the low-level RND module - 0x00F10C00. */ +#define LLF_RND_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * LLF_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * RND_ERROR_IDX ) ) + +/*! The error base address of the common module - 0x00F00D00. */ +#define CC_COMMON_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * COMMON_ERROR_IDX ) ) + +/*! The error base address of the KDF module - 0x00F01100. */ +#define CC_KDF_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * KDF_ERROR_IDX ) ) + +/*! The error base address of the HKDF module - 0x00F01100. */ +#define CC_HKDF_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * HKDF_ERROR_IDX ) ) + +/*! The error base address of the AESCCM module - 0x00F01500. */ +#define CC_AESCCM_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * AESCCM_ERROR_IDX ) ) + +/*! The error base address of the FIPS module - 0x00F01700. */ +#define CC_FIPS_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * FIPS_ERROR_IDX ) ) + +/*! The error base address of the PKA module - 0x00F02100. */ +#define PKA_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * PKA_MODULE_ERROR_IDX ) ) + +/*! The error base address of the ChaCha module - 0x00F02200. */ +#define CC_CHACHA_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * CHACHA_ERROR_IDX ) ) +/*! The error base address of the EC MONT_EDW module - 0x00F02300. */ +#define CC_EC_MONT_EDW_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * EC_MONT_EDW_ERROR_IDX ) ) + +/*! The error base address of the Chacha-POLY module - 0x00F02400. */ +#define CC_CHACHA_POLY_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * CHACHA_POLY_ERROR_IDX ) ) +/*! The error base address of the POLY module - 0x00F02500. */ +#define CC_POLY_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * POLY_ERROR_IDX ) ) + +/*! The error base address of the SRP module - 0x00F02600. */ +#define CC_SRP_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * SRP_ERROR_IDX ) ) + +/*! The error base address of the AESGCM module - 0x00F02700. */ +#define CC_AESGCM_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * AESGCM_ERROR_IDX ) ) + +/*! The error base address of the AES key-wrap module - 0x00F02800. */ +#define CC_AES_KEYWRAP_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * AES_KEYWRAP_ERROR_IDX ) ) + +/*! The error base address of the Management module - 0x00F02900. */ +#define CC_MNG_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * MNG_ERROR_IDX ) ) + +/*! The error base address of the production library - 0x00F02A00 */ +#define CC_PROD_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * PROD_ERROR_IDX ) ) + +/*! The error base address of the FFCDH module - 0x00F02B00. */ +#define CC_FFCDH_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * FFCDH_ERROR_IDX ) ) + +/*! The error base address of the FFCDH module - 0x00F02B00. */ +#define CC_FFC_DOMAIN_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * FFC_DOMAIN_ERROR_IDX ) ) + +/*! The error base address of the External DMA module - 0x00F02B00. */ +#define CC_EXT_DMA_MODULE_ERROR_BASE (CC_ERROR_BASE + \ + (CC_ERROR_LAYER_RANGE * CC_LAYER_ERROR_IDX) + \ + (CC_ERROR_MODULE_RANGE * EXT_DMA_ERROR_IDX ) ) + +/*! The generic error base address of the user - 0x00F50000 */ +#define GENERIC_ERROR_BASE ( CC_ERROR_BASE + (CC_ERROR_LAYER_RANGE * GENERIC_ERROR_IDX) ) +/*! CryptoCell fatal error. */ +#define CC_FATAL_ERROR (GENERIC_ERROR_BASE + 0x00UL) +/*! CryptoCell out of resources error. */ +#define CC_OUT_OF_RESOURCE_ERROR (GENERIC_ERROR_BASE + 0x01UL) +/*! CryptoCell illegal resource value error. */ +#define CC_ILLEGAL_RESOURCE_VAL_ERROR (GENERIC_ERROR_BASE + 0x02UL) + + + +/* ............ The OK (success) definition ....................... */ + +/*! A macro that defines the CryptoCell return value. */ +#define CC_CRYPTO_RETURN_ERROR(retCode, retcodeInfo, funcHandler) \ + ((retCode) == 0 ? CC_OK : funcHandler(retCode, retcodeInfo)) + +/************************ Enums ********************************/ + + +/************************ Typedefs ****************************/ + + +/************************ Structs ******************************/ + + +/************************ Public Variables **********************/ + + +/************************ Public Functions **********************/ + +#ifdef __cplusplus +} +#endif + +/*! +@} + */ + +#endif diff --git a/include/mbedtls_extra/cc_hash_defs.h b/include/mbedtls_extra/cc_hash_defs.h new file mode 100644 index 0000000..9a4e4c7 --- /dev/null +++ b/include/mbedtls_extra/cc_hash_defs.h @@ -0,0 +1,137 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + + +/*! + @addtogroup cc_hash_defs + @{ +*/ + +/*! + @file + @brief This file contains definitions of the CryptoCell hash APIs. + */ + +#ifndef CC_HASH_DEFS_H +#define CC_HASH_DEFS_H + + +#ifdef __cplusplus +extern "C" +{ +#endif + +#include "cc_pal_types.h" +#include "cc_error.h" +#include "cc_hash_defs_proj.h" + +/************************ Defines ******************************/ + +/*! The size of the hash result in words. The maximal size for SHA-512 is +512 bits. */ +#define CC_HASH_RESULT_SIZE_IN_WORDS 16 + +/*! The size of the MD5 digest result in bytes. */ +#define CC_HASH_MD5_DIGEST_SIZE_IN_BYTES 16 + +/*! The size of the MD5 digest result in words. */ +#define CC_HASH_MD5_DIGEST_SIZE_IN_WORDS 4 + +/*! The size of the SHA-1 digest result in bytes. */ +#define CC_HASH_SHA1_DIGEST_SIZE_IN_BYTES 20 + +/*! The size of the SHA-1 digest result in words. */ +#define CC_HASH_SHA1_DIGEST_SIZE_IN_WORDS 5 + +/*! The size of the SHA-224 digest result in words. */ +#define CC_HASH_SHA224_DIGEST_SIZE_IN_WORDS 7 + +/*! The size of the SHA-256 digest result in words. */ +#define CC_HASH_SHA256_DIGEST_SIZE_IN_WORDS 8 + +/*! The size of the SHA-384 digest result in words. */ +#define CC_HASH_SHA384_DIGEST_SIZE_IN_WORDS 12 + +/*! The size of the SHA-512 digest result in words. */ +#define CC_HASH_SHA512_DIGEST_SIZE_IN_WORDS 16 + +/*! The size of the SHA-256 digest result in bytes. */ +#define CC_HASH_SHA224_DIGEST_SIZE_IN_BYTES 28 + +/*! The size of the SHA-256 digest result in bytes. */ +#define CC_HASH_SHA256_DIGEST_SIZE_IN_BYTES 32 + +/*! The size of the SHA-384 digest result in bytes. */ +#define CC_HASH_SHA384_DIGEST_SIZE_IN_BYTES 48 + +/*! The size of the SHA-512 digest result in bytes. */ +#define CC_HASH_SHA512_DIGEST_SIZE_IN_BYTES 64 + +/*! The size of the SHA-1 hash block in words. */ +#define CC_HASH_BLOCK_SIZE_IN_WORDS 16 + +/*! The size of the SHA-1 hash block in bytes. */ +#define CC_HASH_BLOCK_SIZE_IN_BYTES 64 + +/*! The size of the SHA-2 hash block in words. */ +#define CC_HASH_SHA512_BLOCK_SIZE_IN_WORDS 32 + +/*! The size of the SHA-2 hash block in bytes. */ +#define CC_HASH_SHA512_BLOCK_SIZE_IN_BYTES 128 + +/*! The maximal data size for the update operation. */ +#define CC_HASH_UPDATE_DATA_MAX_SIZE_IN_BYTES (1 << 29) + + +/************************ Enums ********************************/ + +/*! The hash operation mode. */ +typedef enum { + /*! SHA-1. */ + CC_HASH_SHA1_mode = 0, + /*! SHA-224. */ + CC_HASH_SHA224_mode = 1, + /*! SHA-256. */ + CC_HASH_SHA256_mode = 2, + /*! SHA-384. */ + CC_HASH_SHA384_mode = 3, + /*! SHA-512. */ + CC_HASH_SHA512_mode = 4, + /*! MD5. */ + CC_HASH_MD5_mode = 5, + /*! The number of hash modes. */ + CC_HASH_NumOfModes, + /*! Reserved. */ + CC_HASH_OperationModeLast= 0x7FFFFFFF, + +}CCHashOperationMode_t; + +/************************ Typedefs *****************************/ + +/*! The hash result buffer. */ +typedef uint32_t CCHashResultBuf_t[CC_HASH_RESULT_SIZE_IN_WORDS]; + +/************************ Structs ******************************/ +/*! + The context prototype of the user. + The argument type that is passed by the user to the hash APIs. + The context saves the state of the operation, and must be saved by the user + until the end of the API flow. +*/ +typedef struct CCHashUserContext_t { + /*! The internal buffer. */ + uint32_t buff[CC_HASH_USER_CTX_SIZE_IN_WORDS]; +}CCHashUserContext_t; + + +#ifdef __cplusplus +} +#endif + +/*! + @} + */ +#endif /* #ifndef CC_HASH_DEFS_H */ diff --git a/include/mbedtls_extra/cc_hash_defs_proj.h b/include/mbedtls_extra/cc_hash_defs_proj.h new file mode 100644 index 0000000..552ff38 --- /dev/null +++ b/include/mbedtls_extra/cc_hash_defs_proj.h @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @addtogroup cc_hash_defs_proj + @{ + */ + + +/*! + @file + @brief This file contains the project-specific definitions of hash APIs. + */ + +#ifndef _CC_HASH_DEFS_PROJ_H +#define _CC_HASH_DEFS_PROJ_H + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/************************ Defines ******************************/ + +/*! The size of the context prototype of the user in words. +See ::CCHashUserContext_t. */ +#define CC_HASH_USER_CTX_SIZE_IN_WORDS 108 + + +#ifdef __cplusplus +} +#endif + +/*! + @} + */ +#endif diff --git a/include/mbedtls_extra/cc_kdf.h b/include/mbedtls_extra/cc_kdf.h new file mode 100644 index 0000000..377e04c --- /dev/null +++ b/include/mbedtls_extra/cc_kdf.h @@ -0,0 +1,199 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef _CC_KDF_H +#define _CC_KDF_H + + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*! +@file +@brief This file defines the API that supports Key derivation function in modes + as defined in Public-Key Cryptography Standards (PKCS) #3: Diffie-Hellman Key Agreement Standard, + ANSI X9.42-2003: Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography, + and ANSI X9.63-2011: Public Key Cryptography for the Financial Services Industry - Key Agreement and Key Transport Using Elliptic Curve + Cryptography. +@defgroup cc_kdf CryptoCell Key Derivation APIs +@{ +@ingroup cryptocell_api + +*/ + +#include "cc_hash_defs.h" + +/************************ Defines ******************************/ + +/*! Shared secret value max size in bytes */ +#define CC_KDF_MAX_SIZE_OF_SHARED_SECRET_VALUE 1024 + +/* Count and max. sizeof OtherInfo entries (pointers to data buffers) */ +/*! Number of other info entries. */ +#define CC_KDF_COUNT_OF_OTHER_INFO_ENTRIES 5 + +/*! Maximal size of keying data in bytes. */ +#define CC_KDF_MAX_SIZE_OF_KEYING_DATA 2048 +/*! Size of KDF counter in bytes */ +#define CC_KDF_COUNTER_SIZE_IN_BYTES 4 + +/************************ Enums ********************************/ + +/*! HASH operation modes */ +typedef enum +{ + /*! SHA1 mode.*/ + CC_KDF_HASH_SHA1_mode = 0, + /*! SHA224 mode.*/ + CC_KDF_HASH_SHA224_mode = 1, + /*! SHA256 mode.*/ + CC_KDF_HASH_SHA256_mode = 2, + /*! SHA384 mode.*/ + CC_KDF_HASH_SHA384_mode = 3, + /*! SHA512 mode.*/ + CC_KDF_HASH_SHA512_mode = 4, + /*! Maximal number of HASH modes. */ + CC_KDF_HASH_NumOfModes, + /*! Reserved.*/ + CC_KDF_HASH_OpModeLast = 0x7FFFFFFF, + +}CCKdfHashOpMode_t; + +/*! Key derivation modes. */ +typedef enum +{ + /*! ASN1 key derivation mode.*/ + CC_KDF_ASN1_DerivMode = 0, + /*! Concatination key derivation mode.*/ + CC_KDF_ConcatDerivMode = 1, + /*! X963 key derivation mode.*/ + CC_KDF_X963_DerivMode = CC_KDF_ConcatDerivMode, + /*! ISO 18033 KDF1 key derivation mode.*/ + CC_KDF_ISO18033_KDF1_DerivMode = 3, + /*! ISO 18033 KDF2 key derivation mode.*/ + CC_KDF_ISO18033_KDF2_DerivMode = 4, + /*! Maximal number of key derivation modes. */ + CC_KDF_DerivFunc_NumOfModes = 5, + /*! Reserved.*/ + CC_KDF_DerivFuncModeLast= 0x7FFFFFFF, + +}CCKdfDerivFuncMode_t; + +/*! Enumerator for the additional information given to the KDF. */ +typedef enum +{ + CC_KDF_ALGORITHM_ID = 0, /*! An identifier (OID), indicating algorithm for which the keying data is used. */ + CC_KDF_PARTY_U_INFO = 1, /*! Optional data of party U .*/ + CC_KDF_PARTY_V_INFO = 2, /*! Optional data of party V. */ + CC_KDF_SUPP_PRIV_INFO = 3, /*! Optional supplied private shared data. */ + CC_KDF_SUPP_PUB_INFO = 4, /*! Optional supplied public shared data. */ + + CC_KDF_MAX_COUNT_OF_ENTRIES, /*! Maximal allowed number of entries in Other Info structure. */ + /*! Reserved.*/ + CC_KDF_ENTRYS_MAX_VAL = 0x7FFFFFFF, + +}CCKdfOtherInfoEntries_t; +/************************ Typedefs ****************************/ + +/*! KDF structure, containing pointers to OtherInfo data entries and sizes. + + The structure contains two arrays: one for data pointers and one for sizes, placed according + to the order given in the the ANSI X9.42-2003: Public Key Cryptography for the Financial Services + Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography standard + and defined in CCKdfOtherInfoEntries_t enumerator. + On KDF ASN1 mode this order is mandatory. On other KDF modes the user may insert + optional OtherInfo simply in one (preferably the first) or in some entries. + If any data entry is not used, then the pointer value and the size must be set to NULL. */ +typedef struct +{ + /*! Pointers to data entries. */ + uint8_t *dataPointers[CC_KDF_MAX_COUNT_OF_ENTRIES]; + /*! Sizes of data entries. */ + uint32_t dataSizes[CC_KDF_MAX_COUNT_OF_ENTRIES]; +}CCKdfOtherInfo_t; + + +/************************ Structs ******************************/ + +/************************ Public Variables **********************/ + +/************************ Public Functions **********************/ + +/****************************************************************/ + +/*********************************************************************************************************/ +/*! + @brief CC_KdfKeyDerivFunc performs key derivation according to one of the modes defined in standards: + ANSI X9.42-2003: Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography, + ANSI X9.63-2011: Public Key Cryptography for the Financial Services Industry - Key Agreement and Key Transport Using Elliptic Curve Cryptography, + ISO/IEC 18033-2:2006: Information technology -- Security techniques -- Encryption algorithms -- Part 2: Asymmetric ciphers. + +The present implementation of the function allows the following operation modes: +
  • CC_KDF_ASN1_DerivMode - mode based on ASN.1 DER encoding;
    • +
  • CC_KDF_ConcatDerivMode - mode based on concatenation;
    • +
  • CC_KDF_X963_DerivMode = CC_KDF_ConcatDerivMode;
    • +
  • CC_KDF_ISO18033_KDF1_DerivMode, CC_KDF_ISO18033_KDF2_DerivMode - specific modes according to +ISO/IEC 18033-2 standard.
+ +The purpose of this function is to derive a keying data from the shared secret value and some +other optional shared information, included in OtherInfo (SharedInfo). + +\note All buffers arguments are represented in Big-Endian format. + +@return CC_OK on success. +@return A non-zero value on failure as defined cc_kdf_error.h or cc_hash_error.h. +*/ +CCError_t CC_KdfKeyDerivFunc( + uint8_t *pZzSecret, /*!< [in] A pointer to shared secret value octet string. */ + size_t zzSecretSize, /*!< [in] The size of the shared secret value in bytes. + The maximal size is defined as: ::CC_KDF_MAX_SIZE_OF_SHARED_SECRET_VALUE. */ + CCKdfOtherInfo_t *pOtherInfo, /*!< [in] A pointer to the structure, containing pointers to the data, shared by + two entities of agreement, depending on KDF mode: +
  • In KDF ASN1 mode OtherInfo includes ASN1 DER encoding of AlgorithmID (mandatory), + and some optional data entries as described in section 7.7.1 of the ANSI X9.42-2003: + Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using + Discrete Logarithm Cryptography standard.
    • +
  • In both ISO/IEC 18033-2:2006: Information technology -- Security techniques -- Encryption algorithms -- Part 2: + Asymmetric ciphers standard: KDF1 and KDF2 modes this parameter is ignored and may be set to NULL.
    • +
  • In other modes it is optional and may be set to NULL.
*/ + CCKdfHashOpMode_t kdfHashMode, /*!< [in] The KDF identifier of hash function to be used. The hash function output + must be at least 160 bits. */ + CCKdfDerivFuncMode_t derivMode, /*!< [in] The enum value, specifies one of above described derivation modes. */ + uint8_t *pKeyingData, /*!< [out] A pointer to the buffer for derived keying data. */ + size_t keyingDataSize /*!< [in] The size in bytes of the keying data to be derived. + The maximal size is defined as :: CC_KDF_MAX_SIZE_OF_KEYING_DATA. */ ); + +/*********************************************************************************************************/ +/*! + CC_KdfAsn1KeyDerivFunc is a macro that performs key derivation according to ASN1 DER encoding method defined + in section 7.2.1 of ANSI X9.42-2003: Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography standard. + For a description of the parameters see ::CC_KdfKeyDerivFunc. +*/ +#define CC_KdfAsn1KeyDerivFunc(ZZSecret_ptr,ZZSecretSize,OtherInfo_ptr,kdfHashMode,KeyingData_ptr,KeyLenInBytes)\ + CC_KdfKeyDerivFunc((ZZSecret_ptr),(ZZSecretSize),(OtherInfo_ptr),(kdfHashMode),CC_KDF_ASN1_DerivMode,(KeyingData_ptr),(KeyLenInBytes)) + + +/*********************************************************************************************************/ +/*! + CC_KdfConcatKeyDerivFunc is a macro that performs key derivation according to concatenation mode defined + in section 7.2.2 of ANSI X9.42-2003: Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography + standard and also meets ANSI X9.63-2011: Public Key Cryptography for the Financial Services Industry - Key Agreement and Key Transport Using Elliptic Curve + Cryptography standard. For a description of the parameters see ::CC_KdfKeyDerivFunc. +*/ +#define CC_KdfConcatKeyDerivFunc(ZZSecret_ptr,ZZSecretSize,OtherInfo_ptr,kdfHashMode,KeyingData_ptr,KeyLenInBytes)\ + CC_KdfKeyDerivFunc((ZZSecret_ptr),(ZZSecretSize),(OtherInfo_ptr),(kdfHashMode),CC_KDF_ConcatDerivMode,(KeyingData_ptr),(KeyLenInBytes)) + + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif diff --git a/include/mbedtls_extra/cc_pal_compiler.h b/include/mbedtls_extra/cc_pal_compiler.h new file mode 100644 index 0000000..d0289c2 --- /dev/null +++ b/include/mbedtls_extra/cc_pal_compiler.h @@ -0,0 +1,210 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @addtogroup cc_pal_compiler + @{ + */ + +/*! + @file + @brief This file contains CryptoCell PAL platform-dependent compiler-related + definitions. + */ + + +#ifndef __CC_PAL_COMPILER_H__ +#define __CC_PAL_COMPILER_H__ + +#ifdef __GNUC__ + +/* *********************** Defines ******************************/ + +/*! Associate a symbol with a link section. */ +#define CC_PAL_COMPILER_SECTION(sectionName) __attribute__((section(sectionName))) + +/*! Mark symbol as used, that is, prevent the garbage collector from +dropping it. */ +#define CC_PAL_COMPILER_KEEP_SYMBOL __attribute__((used)) + +/*! Align a given data item in bytes. */ +#define CC_PAL_COMPILER_ALIGN(alignement) __attribute__((aligned(alignement))) + +/*! Mark a function that never returns. */ +#define CC_PAL_COMPILER_FUNC_NEVER_RETURNS __attribute__((noreturn)) + +/*! Prevent a function from being inlined. */ +#define CC_PAL_COMPILER_FUNC_DONT_INLINE __attribute__((noinline)) + +/*! Given data type might serve as an alias for another data-type pointer. */ +/* (this is used for "superclass" struct casting) */ +#define CC_PAL_COMPILER_TYPE_MAY_ALIAS __attribute__((__may_alias__)) + +/*! Get the size of a structure-type member. */ +#define CC_PAL_COMPILER_SIZEOF_STRUCT_MEMBER(type_name, member_name) \ + sizeof(((type_name *)0)->member_name) + +/*! Definition of assertion. */ +#define CC_ASSERT_CONCAT_(a, b) a##b +/*! Definition of assertion. */ +#define CC_ASSERT_CONCAT(a, b) CC_ASSERT_CONCAT_(a, b) +/*! Definition of assertion. */ +#define CC_PAL_COMPILER_ASSERT(cond, message) \ + enum { CC_ASSERT_CONCAT(assert_line_, __LINE__) = 1/(!!(cond)) } + +#elif defined(__ARM_DSM__) +#define inline + +/*! Associate a symbol with a link section. */ +#define CC_PAL_COMPILER_SECTION(sectionName) __attribute__((section(sectionName))) + +/*! Mark a symbol as used, that is, prevent garbage collector from +dropping it. */ +#define CC_PAL_COMPILER_KEEP_SYMBOL __attribute__((used)) + +/*! Align a given data item in bytes. */ +#define CC_PAL_COMPILER_ALIGN(alignement) __attribute__((aligned(alignement))) + +/*! Mark a function that never returns. */ +#define CC_PAL_COMPILER_FUNC_NEVER_RETURNS __attribute__((noreturn)) + +/*! Prevent a function from being inlined. */ +#define CC_PAL_COMPILER_FUNC_DONT_INLINE __attribute__((noinline)) + +/*! Given data type might serve as an alias for another data-type pointer. */ +/* (this is used for "superclass" struct casting) */ +#define CC_PAL_COMPILER_TYPE_MAY_ALIAS __attribute__((__may_alias__)) + +/*! Get the size of a structure-type member. */ +#define CC_PAL_COMPILER_SIZEOF_STRUCT_MEMBER(type_name, member_name) \ + sizeof(((type_name *)0)->member_name) + +/*! Definition of assertion. */ +#define CC_ASSERT_CONCAT_(a, b) a##b +/*! Definition of assertion. */ +#define CC_ASSERT_CONCAT(a, b) CC_ASSERT_CONCAT_(a, b) +/*! Definition of assertion. */ +#define CC_PAL_COMPILER_ASSERT(cond, message) \ + enum { CC_ASSERT_CONCAT(assert_line_, __LINE__) = 1/(!!(cond)) } + + +#elif defined(__ARM_DS__) +#define inline + +/*! Associate a symbol with a link section. */ +#define CC_PAL_COMPILER_SECTION(sectionName) __attribute__((section(sectionName))) + +/*! Mark a symbol as used, that is, prevent garbage collector from +dropping it. */ +#define CC_PAL_COMPILER_KEEP_SYMBOL __attribute__((used)) + +/*! Align a given data item in bytes. */ +#define CC_PAL_COMPILER_ALIGN(alignement) __attribute__((aligned(alignement))) + +/*! Mark a function that never returns. */ +#define CC_PAL_COMPILER_FUNC_NEVER_RETURNS __attribute__((noreturn)) + +/*! Prevent a function from being inlined. */ +#define CC_PAL_COMPILER_FUNC_DONT_INLINE __attribute__((noinline)) + +/*! Given data type might serve as an alias for another data-type pointer. */ +/* (this is used for "superclass" struct casting) */ +#define CC_PAL_COMPILER_TYPE_MAY_ALIAS + +/*! Get the size of a structure-type member. */ +#define CC_PAL_COMPILER_SIZEOF_STRUCT_MEMBER(type_name, member_name) \ + sizeof(((type_name *)0)->member_name) + +/*! Definition of assertion. */ +#define CC_ASSERT_CONCAT_(a, b) a##b +/*! Definition of assertion. */ +#define CC_ASSERT_CONCAT(a, b) CC_ASSERT_CONCAT_(a, b) +/*! Definition of assertion. */ +#define CC_PAL_COMPILER_ASSERT(cond, message) \ + enum { CC_ASSERT_CONCAT(assert_line_, __LINE__) = 1/(!!(cond)) } + + +#elif defined(__ARM_DS5__) +#define inline __inline + + +/*! Associate a symbol with a link section. */ +#define CC_PAL_COMPILER_SECTION(sectionName) __attribute__((section(sectionName))) + +/*! Mark a symbol as used, that is, prevent garbage collector from +dropping it. */ +#define CC_PAL_COMPILER_KEEP_SYMBOL __attribute__((used)) + +/*! Align a given data item in bytes. */ +#define CC_PAL_COMPILER_ALIGN(alignement) __attribute__((aligned(alignement))) + +/*! Mark a function that never returns. */ +#define CC_PAL_COMPILER_FUNC_NEVER_RETURNS __attribute__((noreturn)) + +/*! Prevent a function from being inlined. */ +#define CC_PAL_COMPILER_FUNC_DONT_INLINE __attribute__((noinline)) + +/*! Given data type might serve as an alias for another data-type pointer. */ +/* (this is used for "superclass" struct casting) */ +#define CC_PAL_COMPILER_TYPE_MAY_ALIAS + +/*! Get the size of a structure-type member. */ +#define CC_PAL_COMPILER_SIZEOF_STRUCT_MEMBER(type_name, member_name) \ + sizeof(((type_name *)0)->member_name) + +/*! Definition of assertion. */ +#define CC_ASSERT_CONCAT_(a, b) a##b +/*! Definition of assertion. */ +#define CC_ASSERT_CONCAT(a, b) CC_ASSERT_CONCAT_(a, b) +/*! Definition of assertion. */ +#define CC_PAL_COMPILER_ASSERT(cond, message) \ + enum { CC_ASSERT_CONCAT(assert_line_, __LINE__) = 1/(!!(cond)) } + +#elif defined(__ICCARM__) +#define inline __inline + + +/*! Associate a symbol with a link section. */ +#define CC_PAL_COMPILER_SECTION(sectionName) __attribute__((section(sectionName))) + +/*! Mark a symbol as used, that is, prevent garbage collector from +dropping it. */ +#define CC_PAL_COMPILER_KEEP_SYMBOL __attribute__((used)) + +/*! Align a given data item in bytes. */ +#define CC_PAL_COMPILER_ALIGN(alignement) __attribute__((aligned(alignement))) + +/*! Mark a function that never returns. */ +#define CC_PAL_COMPILER_FUNC_NEVER_RETURNS __attribute__((noreturn)) + +/*! Prevent a function from being inlined. */ +#define CC_PAL_COMPILER_FUNC_DONT_INLINE __attribute__((noinline)) + +/*! Given data type might serve as an alias for another data-type pointer. */ +/* (this is used for "superclass" struct casting) */ +#define CC_PAL_COMPILER_TYPE_MAY_ALIAS + +/*! Get the size of a structure-type member. */ +#define CC_PAL_COMPILER_SIZEOF_STRUCT_MEMBER(type_name, member_name) \ + sizeof(((type_name *)0)->member_name) + +/*! Definition of assertion. */ +#define CC_ASSERT_CONCAT_(a, b) a##b +/*! Definition of assertion. */ +#define CC_ASSERT_CONCAT(a, b) CC_ASSERT_CONCAT_(a, b) +/*! Definition of assertion. */ +#define CC_PAL_COMPILER_ASSERT(cond, message) \ + enum { CC_ASSERT_CONCAT(assert_line_, __LINE__) = 1/(!!(cond)) } + +#else +#error Unsupported compiler. +#endif + +/*! + @} + */ + +#endif /*__CC_PAL_COMPILER_H__*/ diff --git a/include/mbedtls_extra/cc_pal_types.h b/include/mbedtls_extra/cc_pal_types.h new file mode 100644 index 0000000..3c60f57 --- /dev/null +++ b/include/mbedtls_extra/cc_pal_types.h @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @addtogroup cc_pal_types + @{ +*/ + +/*! + @file + @brief This file contains definitions and types of CryptoCell PAL platform-dependent APIs. + */ + +#ifndef CC_PAL_TYPES_H +#define CC_PAL_TYPES_H + +#include "cc_pal_types_plat.h" + +/*! Boolean types.*/ +typedef enum { + /*! Boolean false definition.*/ + CC_FALSE = 0, + /*! Boolean true definition.*/ + CC_TRUE = 1 +} CCBool; + +/*! Success definition. */ +#define CC_SUCCESS 0UL +/*! Failure definition. */ +#define CC_FAIL 1UL + +/*! Success (OK) definition. */ +#define CC_OK 0 + +/*! Handles unused parameters in the code, to avoid compilation warnings. */ +#define CC_UNUSED_PARAM(prm) ((void)prm) + +/*! The maximal uint32 value.*/ +#define CC_MAX_UINT32_VAL (0xFFFFFFFF) + + +/* Minimal and Maximal macros */ +#ifdef min +/*! Definition for minimal calculation. */ +#define CC_MIN(a,b) min( a , b ) +#else +/*! Definition for minimal calculation. */ +#define CC_MIN( a , b ) ( ( (a) < (b) ) ? (a) : (b) ) +#endif + +#ifdef max +/*! Definition for maximal calculation. */ +#define CC_MAX(a,b) max( a , b ) +#else +/*! Definition for maximal calculation.. */ +#define CC_MAX( a , b ) ( ( (a) > (b) ) ? (a) : (b) ) +#endif + +/*! This macro calculates the number of full bytes from bits, where seven bits +are one byte. */ +#define CALC_FULL_BYTES(numBits) ((numBits)/CC_BITS_IN_BYTE + (((numBits) & (CC_BITS_IN_BYTE-1)) > 0)) +/*! This macro calculates the number of full 32-bit words from bits, where +31 bits are one word. */ +#define CALC_FULL_32BIT_WORDS(numBits) ((numBits)/CC_BITS_IN_32BIT_WORD + (((numBits) & (CC_BITS_IN_32BIT_WORD-1)) > 0)) +/*! This macro calculates the number of full 32-bit words from bytes, where +three bytes are one word. */ +#define CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) ((sizeBytes)/CC_32BIT_WORD_SIZE + (((sizeBytes) & (CC_32BIT_WORD_SIZE-1)) > 0)) +/*! This macro calculates the number of full 32-bit words from 64-bits +dwords. */ +#define CALC_32BIT_WORDS_FROM_64BIT_DWORD(sizeWords) (sizeWords * CC_32BIT_WORD_IN_64BIT_DWORD) +/*! This macro rounds up bits to 32-bit words. */ +#define ROUNDUP_BITS_TO_32BIT_WORD(numBits) (CALC_FULL_32BIT_WORDS(numBits) * CC_BITS_IN_32BIT_WORD) +/*! This macro rounds up bits to bytes. */ +#define ROUNDUP_BITS_TO_BYTES(numBits) (CALC_FULL_BYTES(numBits) * CC_BITS_IN_BYTE) +/*! This macro rounds up bytes to 32-bit words. */ +#define ROUNDUP_BYTES_TO_32BIT_WORD(sizeBytes) (CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) * CC_32BIT_WORD_SIZE) +/*! Definition of 1 KB in bytes. */ +#define CC_1K_SIZE_IN_BYTES 1024 +/*! Definition of number of bits in a byte. */ +#define CC_BITS_IN_BYTE 8 +/*! Definition of number of bits in a 32-bits word. */ +#define CC_BITS_IN_32BIT_WORD 32 +/*! Definition of number of bytes in a 32-bits word. */ +#define CC_32BIT_WORD_SIZE 4 +/*! Definition of number of 32-bits words in a 64-bits dword. */ +#define CC_32BIT_WORD_IN_64BIT_DWORD 2 + + +/*! + @} +*/ +#endif diff --git a/include/mbedtls_extra/cc_pal_types_plat.h b/include/mbedtls_extra/cc_pal_types_plat.h new file mode 100644 index 0000000..2d90da1 --- /dev/null +++ b/include/mbedtls_extra/cc_pal_types_plat.h @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! @file +@brief This file contains basic platform-dependent type definitions. +*/ +#ifndef _CC_PAL_TYPES_PLAT_H +#define _CC_PAL_TYPES_PLAT_H +/* Host specific types for standard (ISO-C99) compliant platforms */ + +#include +#include +#include + +/*! Type definition for virtual address. */ +typedef uintptr_t CCVirtAddr_t; +/*! Type Definition for boolean variable. */ +typedef uint32_t CCBool_t; +/*! Type definition for return status. */ +typedef uint32_t CCStatus; + +/*! Type definition for error return. */ +#define CCError_t CCStatus +/*! Defines inifinite value, used to define unlimited time frame. */ +#define CC_INFINITE 0xFFFFFFFF + +/*! Type definition for C export. */ +#define CEXPORT_C +/*! Type definition for C import. */ +#define CIMPORT_C + +#endif /*_CC_PAL_TYPES_PLAT_H*/ diff --git a/include/mbedtls_extra/cc_pka_defs_hw.h b/include/mbedtls_extra/cc_pka_defs_hw.h new file mode 100644 index 0000000..20afbab --- /dev/null +++ b/include/mbedtls_extra/cc_pka_defs_hw.h @@ -0,0 +1,93 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @addtogroup cc_pka_defs_hw + @{ + */ + +/*! + @file + @brief This file contains all of the enums and definitions that are used in + PKA APIs. + */ + +#ifndef _CC_PKA_DEFS_HW_H_ +#define _CC_PKA_DEFS_HW_H_ + +#include "cc_pal_types.h" +#include "cc_pka_hw_plat_defs.h" + +/* The valid key sizes in bits for RSA primitives (exponentiation) */ +/*! The maximal RSA modulus size. */ +#define CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS ((CC_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS + CC_PKA_WORD_SIZE_IN_BITS) / CC_BITS_IN_32BIT_WORD ) +/*! The maximal EC modulus size. */ +#define CC_ECPKI_MODUL_MAX_LENGTH_IN_BITS 521 + +/*! The size of the buffers for Barrett modulus tag NP, used in PKI +algorithms. */ +#define CC_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS 5 +/*! The size of the buffers for Barrett modulus tag NP, used in ECC. */ +#define CC_PKA_ECPKI_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS CC_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS +/*! The actual size of Barrett modulus tag NP in words for current +HW platform. */ +#define CC_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS \ + (((CC_PKA_WORD_SIZE_IN_BITS + PKA_EXTRA_BITS - 1) + (CC_BITS_IN_32BIT_WORD - 1)) / CC_BITS_IN_32BIT_WORD ) +/*! The maximal size of the PKA modulus. */ +#define CC_PKA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS +/*! The maximal size of the PKA public-key in words. */ +#define CC_PKA_PUB_KEY_BUFF_SIZE_IN_WORDS (2*CC_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS) +/*! The maximal size of the PKA private-key in words. */ +#define CC_PKA_PRIV_KEY_BUFF_SIZE_IN_WORDS (2*CC_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS) +/*! The maximal size of the PKA KG buffer in words */ +#define CC_PKA_KGDATA_BUFF_SIZE_IN_WORDS (3*CC_PKA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS + 3*CC_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS) + +/*! The maximal size of the EC modulus in words. */ +#define CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS 18 /*!< \internal [(CC_ECPKI_MODUL_MAX_LENGTH_IN_BITS + 31)/(sizeof(uint32_t)) + 1] */ +/*! The maximal size of the EC order in words. */ +#define CC_ECPKI_ORDER_MAX_LENGTH_IN_WORDS (CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS + 1) +/*! The maximal size of the EC domain in words. */ +#define CC_PKA_DOMAIN_BUFF_SIZE_IN_WORDS (2*CC_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS) + +/*! The ECC NAF buffer definitions. */ +#define COUNT_NAF_WORDS_PER_KEY_WORD 8 /*!< \internal Change according to NAF representation (? 2)*/ +/*! The maximal length of the ECC NAF buffer. */ +#define CC_PKA_ECDSA_NAF_BUFF_MAX_LENGTH_IN_WORDS (COUNT_NAF_WORDS_PER_KEY_WORD*CC_ECPKI_ORDER_MAX_LENGTH_IN_WORDS + 1) + +#ifndef CC_SUPPORT_ECC_SCA_SW_PROTECT +/* on fast SCA non protected mode required additional buffers for NAF key */ +/*! The size of the Scalar buffer in words. */ +#define CC_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS (CC_PKA_ECDSA_NAF_BUFF_MAX_LENGTH_IN_WORDS+CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS+2) +#else +/*! The size of the Scalar buffer in words. */ +#define CC_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS 1 /*(4*CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS)*/ +#endif +/*! The size of the ECC temporary buffer in words. */ +#define CC_PKA_ECPKI_BUILD_TMP_BUFF_MAX_LENGTH_IN_WORDS (3*CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS+CC_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS) +/*! The size of the ECC sign temporary buffer in words. */ +#define CC_PKA_ECDSA_SIGN_BUFF_MAX_LENGTH_IN_WORDS (6*CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS+CC_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS) +/*! The size of the ECC ECDH temporary-buffer in words. */ +#define CC_PKA_ECDH_BUFF_MAX_LENGTH_IN_WORDS (2*CC_ECPKI_ORDER_MAX_LENGTH_IN_WORDS + CC_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS) +/*! The size of the PKA KG temporary-buffer in words. */ +#define CC_PKA_KG_BUFF_MAX_LENGTH_IN_WORDS (2*CC_ECPKI_ORDER_MAX_LENGTH_IN_WORDS + CC_PKA_ECPKI_SCALAR_MUL_BUFF_MAX_LENGTH_IN_WORDS) +/*! The size of the ECC verify temporary-buffer in words. */ +#define CC_PKA_ECDSA_VERIFY_BUFF_MAX_LENGTH_IN_WORDS (3*CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS) + +/* *************************************************************************** */ +/*! The maximal size of the modulus buffers for CC_EC_MONT and EC_EDW in +bytes.*/ +#define CC_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_BYTES 32U /*!< \internal for Curve25519 */ +/*! The maximal size of the modulus buffers for CC_EC_MONT and EC_EDW in +words. */ +#define CC_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_WORDS 8U /*!< \internal for Curve25519 */ +/*! The size of the ECC Montgomery temporary buffer in words. */ +#define CC_EC_MONT_TEMP_BUFF_SIZE_IN_32BIT_WORDS (8 * CC_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_WORDS) /*!< \internal Change according to actual requirements */ +/*! The size of the ECC Edwards temporary buffer in words. */ +#define CC_EC_EDW_TEMP_BUFF_SIZE_IN_31BIT_WORDS (8*CC_EC_MONT_EDW_MODULUS_MAX_SIZE_IN_WORDS + (sizeof(CCHashUserContext_t)+CC_32BIT_WORD_SIZE-1)/CC_32BIT_WORD_SIZE) +/*! + @} + */ +#endif /*_CC_PKA_DEFS_HW_H_*/ diff --git a/include/mbedtls_extra/cc_rnd_common.h b/include/mbedtls_extra/cc_rnd_common.h new file mode 100644 index 0000000..9ec29b6 --- /dev/null +++ b/include/mbedtls_extra/cc_rnd_common.h @@ -0,0 +1,246 @@ +/************************************************************************************** +* Copyright (c) 2016-2019, Arm Limited (or its affiliates). All rights reserved * +* * +* This file and the related binary are licensed under the following license: * +* * +* ARM Object Code and Header Files License, v1.0 Redistribution. * +* * +* Redistribution and use of object code, header files, and documentation, without * +* modification, are permitted provided that the following conditions are met: * +* * +* 1) Redistributions must reproduce the above copyright notice and the * +* following disclaimer in the documentation and/or other materials * +* provided with the distribution. * +* * +* 2) Unless to the extent explicitly permitted by law, no reverse * +* engineering, decompilation, or disassembly of is permitted. * +* * +* 3) Redistribution and use is permitted solely for the purpose of * +* developing or executing applications that are targeted for use * +* on an ARM-based product. * +* * +* DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * +* CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT * +* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, * +* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * +* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * +* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +**************************************************************************************/ + +/*! + @addtogroup cc_rnd + @{ + */ + +/*! + @file + @brief This file contains the CryptoCell random-number generation (RNG) APIs. + + The random-number generation module implements NIST Special Publication + 800-90A: Recommendation for Random Number Generation Using Deterministic + Random Bit Generators. + */ + + +#ifndef _CC_RND_COMMON_H +#define _CC_RND_COMMON_H + +#include "cc_error.h" +#include "cc_aes_defs.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/************************ Defines ******************************/ + +/* RND seed and additional input sizes */ +/*! The maximal size of the random seed in words. */ +#define CC_RND_SEED_MAX_SIZE_WORDS 12 +#ifndef USE_MBEDTLS_CRYPTOCELL +#ifndef CC_RND_ADDITINAL_INPUT_MAX_SIZE_WORDS +/*! The maximal size of the additional input-data in words. */ +#define CC_RND_ADDITINAL_INPUT_MAX_SIZE_WORDS CC_RND_SEED_MAX_SIZE_WORDS +#endif +#endif +/* maximal requested size counter (12 bits active) - maximal count +of generated random 128 bit blocks allowed per one request of +Generate function according NIST 800-90 it is (2^12 - 1) = 0x3FFFF */ +/* Max size for one RNG generation (in bits) = + max_num_of_bits_per_request = 2^19 (FIPS 800-90 Tab.3) */ +/*! The maximal size of the generated vector in bits. */ +#define CC_RND_MAX_GEN_VECTOR_SIZE_BITS 0x7FFFF +/*! The maximal size of the generated random vector in bytes. */ +#define CC_RND_MAX_GEN_VECTOR_SIZE_BYTES 0xFFFF +/*! The maximal size of the generated vector in bytes. */ +#define CC_RND_REQUESTED_SIZE_COUNTER 0x3FFFF + +/* Definitions of temp buffer for RND_DMA */ +/*******************************************************************/ +/* Definitions of temp buffer for DMA */ +/*! The size of the temporary buffer in words. */ +#define CC_RND_WORK_BUFFER_SIZE_WORDS 136 + +/*! The definition of the RAM buffer, for internal use in instantiation or +reseeding operations. */ +typedef struct +{ + /*! The internal buffer. */ + uint32_t ccRndIntWorkBuff[CC_RND_WORK_BUFFER_SIZE_WORDS]; +}CCRndWorkBuff_t; + + +/* RND source buffer inner (entrpopy) offset */ +/*! The definition of the internal offset in words. */ +#define CC_RND_TRNG_SRC_INNER_OFFSET_WORDS 2 +/*! The definition of the internal offset in bytes. */ +#define CC_RND_TRNG_SRC_INNER_OFFSET_BYTES (CC_RND_TRNG_SRC_INNER_OFFSET_WORDS*sizeof(uint32_t)) + + +/************************ Enumerators ****************************/ + +/*! The definition of the random operation modes. */ +typedef enum +{ + /*! HW entropy estimation: 800-90B or full. */ + CC_RND_FE = 1, + /*! Reserved. */ + CC_RND_ModeLast = 0x7FFFFFFF, +} CCRndMode_t; + + +/************************ Structs *****************************/ + + +/* The internal state of DRBG mechanism based on AES CTR and CBC-MAC + algorithms. It is set as global data defined by the following + structure */ +/*! + + @brief The structure for the RND state. + This includes internal data that must be saved by the user between boots. + */ +typedef struct +{ +#ifndef USE_MBEDTLS_CRYPTOCELL + /* Seed buffer, consists from concatenated Key||V: max size 12 words */ + /*! The random-seed buffer. */ + uint32_t Seed[CC_RND_SEED_MAX_SIZE_WORDS]; + /* Previous value for continuous test */ + /*! The previous random data, used for continuous test. */ + uint32_t PreviousRandValue[CC_AES_CRYPTO_BLOCK_SIZE_IN_WORDS]; + /* AdditionalInput buffer max size = seed max size words + 4w for padding*/ + /*! The previous additional-input buffer. */ + uint32_t PreviousAdditionalInput[CC_RND_ADDITINAL_INPUT_MAX_SIZE_WORDS+3]; + /*! The additional-input buffer. */ + uint32_t AdditionalInput[CC_RND_ADDITINAL_INPUT_MAX_SIZE_WORDS+4]; + /*! The size of the additional input in words. */ + uint32_t AddInputSizeWords; + /*! The size of the entropy source in words. */ + uint32_t EntropySourceSizeWords; + /*! The Reseed counter (32-bit active). Indicates the number of requests + for entropy since instantiation or reseeding. */ + uint32_t ReseedCounter; + /*! The key size in words, according to security strength: 128 bits: + 4 words. 256 bits: 8 words. */ + uint32_t KeySizeWords; + /* State flag (see definition of StateFlag above), containing bit-fields, defining: + - b'0: instantiation steps: 0 - not done, 1 - done; + - 2b'9,8: working or testing mode: 0 - working, 1 - KAT DRBG test, 2 - + KAT TRNG test; + b'16: flag defining is Previous random valid or not: + 0 - not valid, 1 - valid */ + /*! The state flag used internally in the code. */ + uint32_t StateFlag; + /* validation tag */ + /*! The validation tag used internally in the code. */ + uint32_t ValidTag; + /*! The size of the RND source entropy in bits. */ + uint32_t EntropySizeBits; + +#endif + /*! The TRNG process state used internally in the code. */ + uint32_t TrngProcesState; + +} CCRndState_t; + + +/*! The RND vector-generation function pointer. */ +typedef int (*CCRndGenerateVectWorkFunc_t)( \ + /*! A pointer to the RND-state context. */ + void *rndState_ptr, \ + /*! A pointer to the output buffer. */ + unsigned char *out_ptr, \ + /*! The size of the output in bytes. */ + size_t outSizeBytes + ); + + +/*! The definition of the RND context that includes the CryptoCell + RND state structure, and a function pointer for the RND-generation + function. */ +typedef struct +{ + /*! A pointer to the internal state of the RND. + Note: This pointer should be allocated in a physical and contiguous + memory, that is accessible to the CryptoCell DMA. This pointer should + be allocated and assigned before calling CC_LibInit(). */ + void * rndState; + /*! A pointer to the entropy context. Note: This pointer should be + allocated and assigned before calling CC_LibInit(). */ + void * entropyCtx; + /*! A pointer to the user-given function for generation a random + vector. */ + CCRndGenerateVectWorkFunc_t rndGenerateVectFunc; +} CCRndContext_t; + + + + + +/*****************************************************************************/ +/********************** Public Functions *************************/ +/*****************************************************************************/ + + +/****************************************************************************************/ +/*! + @brief This function sets the RND vector-generation function into the RND + context. + + It is called as part of Arm CryptoCell library initialization, to + set the RND vector generation function into the primary RND context. + + @note It must be called before any other API that requires the RND context as + a parameter. + + @return \c CC_OK on success. + @return A non-zero value from cc_rnd_error.h on failure. + */ +CCError_t CC_RndSetGenerateVectorFunc( + /*! [in/out] A pointer to the RND context buffer that is allocated + by the user, which is used to maintain the RND state, as well as + pointers to the functions used for random vector generation. */ + CCRndContext_t *rndContext_ptr, + /*! [in] A pointer to the \c CC_RndGenerateVector random + vector-generation function. */ + CCRndGenerateVectWorkFunc_t rndGenerateVectFunc +); + + + + +#ifdef __cplusplus +} +#endif + +/*! + @} + */ +#endif /* #ifndef _CC_RND_COMMON_H */ diff --git a/include/mbedtls_extra/cc_rnd_error.h b/include/mbedtls_extra/cc_rnd_error.h new file mode 100644 index 0000000..01fa7ef --- /dev/null +++ b/include/mbedtls_extra/cc_rnd_error.h @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + + +#ifndef _CC_RND_ERROR_H +#define _CC_RND_ERROR_H + +#include "cc_error.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/*! +@file +@brief This file contains the definitions of the CryptoCell RND errors. +@defgroup cc_rnd_error CryptoCell RND specific errors +@{ +@ingroup cc_rnd +*/ + + +/************************ Defines ******************************/ +/*! RND module on the CryptoCell layer base address - 0x00F00C00 */ +/*! Illegal output pointer.*/ +#define CC_RND_DATA_OUT_POINTER_INVALID_ERROR (CC_RND_MODULE_ERROR_BASE + 0x0UL) +/*! Random generation in range failed .*/ +#define CC_RND_CAN_NOT_GENERATE_RAND_IN_RANGE (CC_RND_MODULE_ERROR_BASE + 0x1UL) +/*! CPRNGT test failed.*/ +#define CC_RND_CPRNG_TEST_FAIL_ERROR (CC_RND_MODULE_ERROR_BASE + 0x2UL) +/*! Illegal additional data buffer. */ +#define CC_RND_ADDITIONAL_INPUT_BUFFER_NULL (CC_RND_MODULE_ERROR_BASE + 0x3UL) +/*! Illegal additional data size. */ +#define CC_RND_ADDITIONAL_INPUT_SIZE_ERROR (CC_RND_MODULE_ERROR_BASE + 0x4UL) +/*! Data size overflow. */ +#define CC_RND_DATA_SIZE_OVERFLOW_ERROR (CC_RND_MODULE_ERROR_BASE + 0x5UL) +/*! Illegal vector size. */ +#define CC_RND_VECTOR_SIZE_ERROR (CC_RND_MODULE_ERROR_BASE + 0x6UL) +/*! Reseed counter overflow - in case this error was returned instantiation or reseeding operation must be called. */ +#define CC_RND_RESEED_COUNTER_OVERFLOW_ERROR (CC_RND_MODULE_ERROR_BASE + 0x7UL) +/*! Instantiation was not yet called. */ +#define CC_RND_INSTANTIATION_NOT_DONE_ERROR (CC_RND_MODULE_ERROR_BASE + 0x8UL) +/*! TRNG loss of samples. */ +#define CC_RND_TRNG_LOSS_SAMPLES_ERROR (CC_RND_MODULE_ERROR_BASE + 0x9UL) +/*! TRNG Time exceeded limitations. */ +#define CC_RND_TRNG_TIME_EXCEED_ERROR (CC_RND_MODULE_ERROR_BASE + 0xAUL) +/*! TRNG loss of samples and time exceeded limitations. */ +#define CC_RND_TRNG_LOSS_SAMPLES_AND_TIME_EXCEED_ERROR (CC_RND_MODULE_ERROR_BASE + 0xBUL) +/*! RND is in Known Answer Test mode. */ +#define CC_RND_IS_KAT_MODE_ERROR (CC_RND_MODULE_ERROR_BASE + 0xCUL) +/*! RND operation not supported. */ +#define CC_RND_OPERATION_IS_NOT_SUPPORTED_ERROR (CC_RND_MODULE_ERROR_BASE + 0xDUL) +/*! RND validity check failed. */ +#define CC_RND_STATE_VALIDATION_TAG_ERROR (CC_RND_MODULE_ERROR_BASE + 0xEUL) +/*! RND is not supported. */ +#define CC_RND_IS_NOT_SUPPORTED (CC_RND_MODULE_ERROR_BASE + 0xFUL) + +/*! Illegal generate vector function pointer. */ +#define CC_RND_GEN_VECTOR_FUNC_ERROR (CC_RND_MODULE_ERROR_BASE + 0x14UL) + +/*! Illegal work buffer pointer. */ +#define CC_RND_WORK_BUFFER_PTR_INVALID_ERROR (CC_RND_MODULE_ERROR_BASE + 0x20UL) +/*! Illegal AES key size. */ +#define CC_RND_ILLEGAL_AES_KEY_SIZE_ERROR (CC_RND_MODULE_ERROR_BASE + 0x21UL) +/*! Illegal data pointer. */ +#define CC_RND_ILLEGAL_DATA_PTR_ERROR (CC_RND_MODULE_ERROR_BASE + 0x22UL) +/*! Illegal data size. */ +#define CC_RND_ILLEGAL_DATA_SIZE_ERROR (CC_RND_MODULE_ERROR_BASE + 0x23UL) +/*! Illegal parameter. */ +#define CC_RND_ILLEGAL_PARAMETER_ERROR (CC_RND_MODULE_ERROR_BASE + 0x24UL) +/*! Illegal RND state pointer. */ +#define CC_RND_STATE_PTR_INVALID_ERROR (CC_RND_MODULE_ERROR_BASE + 0x25UL) +/*! TRNG errors. */ +#define CC_RND_TRNG_ERRORS_ERROR (CC_RND_MODULE_ERROR_BASE + 0x26UL) +/*! Illegal context pointer. */ +#define CC_RND_CONTEXT_PTR_INVALID_ERROR (CC_RND_MODULE_ERROR_BASE + 0x27UL) +/*! Illegal output vector pointer. */ +#define CC_RND_VECTOR_OUT_PTR_ERROR (CC_RND_MODULE_ERROR_BASE + 0x30UL) +/*! Illegal output vector size. */ +#define CC_RND_VECTOR_OUT_SIZE_ERROR (CC_RND_MODULE_ERROR_BASE + 0x31UL) +/*! Maximal vector size is too small. */ +#define CC_RND_MAX_VECTOR_IS_TOO_SMALL_ERROR (CC_RND_MODULE_ERROR_BASE + 0x32UL) +/*! Illegal Known Answer Tests parameters. */ +#define CC_RND_KAT_DATA_PARAMS_ERROR (CC_RND_MODULE_ERROR_BASE + 0x33UL) +/*! TRNG Known Answer Test not supported. */ +#define CC_RND_TRNG_KAT_NOT_SUPPORTED_ERROR (CC_RND_MODULE_ERROR_BASE + 0x34UL) +/*! SRAM memory is not defined. */ +#define CC_RND_SRAM_NOT_SUPPORTED_ERROR (CC_RND_MODULE_ERROR_BASE + 0x35UL) +/*! AES operation failure. */ +#define CC_RND_AES_ERROR (CC_RND_MODULE_ERROR_BASE + 0x36UL) +/*! TRNG mode mismatch between PAL and lib */ +#define CC_RND_MODE_MISMATCH_ERROR (CC_RND_MODULE_ERROR_BASE + 0x37UL) + + +/************************ Enums ********************************/ + + +/************************ Typedefs ****************************/ + + +/************************ Structs ******************************/ + + +/************************ Public Variables **********************/ + + +/************************ Public Functions **********************/ + +#ifdef __cplusplus +} +#endif +/** +@} + */ +#endif diff --git a/include/mbedtls_extra/mbedtls_cc_aes_key_wrap.h b/include/mbedtls_extra/mbedtls_cc_aes_key_wrap.h new file mode 100644 index 0000000..9b9ce42 --- /dev/null +++ b/include/mbedtls_extra/mbedtls_cc_aes_key_wrap.h @@ -0,0 +1,135 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @file + @brief This file contains all of the CryptoCell key-wrapping APIs, their enums and definitions. + + The APIs support AES key wrapping as defined in NIST SP 800-38F: Recommendation for + Block Cipher Modes of Operation: Methods for Key Wrapping. + */ + +/*! + @defgroup cc_aes_keywrap CryptoCell AES key-wrapping APIs + @brief Contains CryptoCell key-wrapping APIs. + + See mbedtls_cc_aes_key_wrap.h. + @{ + @ingroup cc_aes + @} + */ + +#ifndef _MBEDTLS_CC_AES_KEY_WRAP_H +#define _MBEDTLS_CC_AES_KEY_WRAP_H + +#include "cc_pal_types.h" +#include "cc_error.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif +/************************ Defines ******************************/ +/*! The size of the AES key-wrapping semiblock in Bytes. */ +#define CC_AES_KEYWRAP_SEMIBLOCK_SIZE_BYTES (CC_AES_BLOCK_SIZE_IN_BYTES >> 1) +/*! The size of the AES key-wrapping semiblock in words. */ +#define CC_AES_KEYWRAP_SEMIBLOCK_SIZE_WORDS (CC_AES_KEYWRAP_SEMIBLOCK_SIZE_BYTES >> 2) +/*! The AES key-wrapping semiblock to Bytes shift. */ +#define CC_AES_KEYWRAP_SEMIBLOCK_TO_BYTES_SHFT 3 +/*! AES key-wrapping with padding (KWP) maximum Bytes of padding. */ +#define CC_AES_KEYWRAP_MAX_PAD_LEN 7 + +/**********************************/ +/** ICVs - Integrity Check Value **/ +/**********************************/ + +/*! The 64-bit default ICV for KW mode. */ +#define CC_AES_KEYWRAP_ICV1 {0xA6A6A6A6, 0xA6A6A6A6} +/*! The 32-bit default ICV for KWP mode. */ +#define CC_AES_KEYWRAP_ICV2 {0xA65959A6, 0x00000000} + +/************************ Typedefs ****************************/ +/*! Supported modes of the AES key-wrapping operation: KW and KWP, as defined in + NIST SP 800-38F: Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping. */ +typedef enum keyWrapMode { + CC_AES_KEYWRAP_KW_MODE = 0, /*!< KW mode. */ + CC_AES_KEYWRAP_KWP_MODE = 1, /*!< KWP mode. */ + CC_AES_KEYWRAP_NUM_OF_MODES = 2, /*!< Allowed number of AES key-wrapping modes. */ + CC_AES_KEYWRAP_RESERVE32B = INT32_MAX /*!< Reserved. */ +}mbedtls_keywrap_mode_t; + + +/******************************************* Public Functions *****************************************/ + +/******************************************************************************************************/ +/******** AES key-wrapping FUNCTION *********/ +/******************************************************************************************************/ + +/*! + @brief This is the AES wrapping or encryption function. + + AES key-wrapping specifies a deterministic authenticated-encryption mode of operation of the + AES, according to NIST SP 800-38F: Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping. + Its purpose is to protect cryptographic keys. + It uses units of 8 Bytes called semiblocks. The minimal number of input semiblocks is: +
  • For KW mode: 2 semiblocks.
    • +
  • For KWP mode: 1 semiblock.
+ + The maximal size of the output in Bytes is 64KB. This is a system restriction. + The input to key-wrapping includes the following elements: +
  • Payload - text data that is both authenticated and encrypted.
    • +
  • Key - The encryption key for the AES operation.
+ + @return \c CC_OK on success. + @return A non-zero value on failure, as defined in mbedtls_cc_aes_key_wrap_error.h. + */ +CCError_t mbedtls_aes_key_wrap( + mbedtls_keywrap_mode_t keyWrapFlag, /*!< [in] The key-wrapping mode: KW or KWP. */ + uint8_t* keyBuf, /*!< [in] A pointer to AES key-wrapping key. */ + size_t keySize, /*!< [in] The size of the key in Bytes. Valid values are: + 16 Bytes, 24 Bytes, or 32 Bytes. */ + uint8_t* pPlainText, /*!< [in] A pointer to the plain-text data for encryption. The buffer must be contiguous. */ + size_t plainTextSize, /*!< [in] The size of the plain-text data in Bytes. */ + uint8_t* pCipherText, /*!< [out] A pointer to the cipher-text output data. The buffer must be contiguous. */ + size_t* pCipherTextSize /*!< [in/out] Input: A pointer to the size of the cipher-text output data buffer. + Output: The actual size of the cipher-text output data in Bytes. */ +); + +/*! + @brief This is the AES unwrapping or decryption function. + + AES key-wrapping specifies a deterministic authenticated-encryption mode of operation of the + AES, according to NIST SP 800-38F: Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping. + Its purpose is to protect cryptographic keys. + It uses units of 8 Bytes called semiblocks. The minimal number of input semiblocks is: +
  • For KW mode: 2 semiblocks.
    • +
  • For KWP mode: 1 semiblock.
+ The maximal size of the output in bytes is 64KB. This is a system restriction. + Input to key-wrapping includes the following elements: +
  • Payload - text data that is both authenticated and encrypted.
    • +
  • Key - The encryption key for the AES operation.
+ + @return \c CC_OK on success. + @return A non-zero value on failure, as defined in mbedtls_cc_aes_key_wrap_error.h. + */ +CCError_t mbedtls_aes_key_unwrap( + mbedtls_keywrap_mode_t keyWrapFlag, /*!< [in] The enumerator defining the key-wrapping mode: KW or KWP. */ + uint8_t* keyBuf, /*!< [in] A pointer to AES key-wrapping key. */ + size_t keySize, /*!< [in] The size of the key in Bytes. Valid values are: + 16 Bytes, 24 Bytes, or 32 Bytes. */ + uint8_t* pCipherText, /*!< [in] A pointer to the cipher-text data for decryption. The buffer must be contiguous. */ + size_t cipherTextSize, /*!< [in] The size of the cipher-text data in Bytes. */ + uint8_t* pPlainText, /*!< [out] A pointer to the plain-text output data. The buffer must be contiguous. */ + size_t* pPlainTextSize /*!< [in/out] Input: A pointer to the size of the plain-text output data buffer. + Output: The actual size of the plain-text output data in Bytes. */ +); + +#ifdef __cplusplus +} +#endif + +#endif /*#ifndef _MBEDTLS_CC_AES_KEY_WRAP_H*/ diff --git a/include/mbedtls_extra/mbedtls_cc_aes_key_wrap_error.h b/include/mbedtls_extra/mbedtls_cc_aes_key_wrap_error.h new file mode 100644 index 0000000..db48f86 --- /dev/null +++ b/include/mbedtls_extra/mbedtls_cc_aes_key_wrap_error.h @@ -0,0 +1,78 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @file mbedtls_cc_aes_key_wrap_error.h + @brief This file contains the error definitions of the CryptoCell AES key-wrapping APIs. + */ + +/*! + @defgroup cc_aes_keywrap_error Specific errors of the CryptoCell AES key-wrapping APIs + @brief Contains the CryptoCell AES key-wrapping-API error definitions. + + See mbedtls_cc_aes_key_wrap_error.h. + @{ + @ingroup cc_aes_keywrap + @} + */ + +#ifndef _CC_AES_KEYWRAP_ERROR_H +#define _CC_AES_KEYWRAP_ERROR_H + + +#include "cc_error.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/************************ Defines ******************************/ + +/* CryptoCell AES key-wrapping module errors. #CC_AES_KEYWRAP_MODULE_ERROR_BASE = 0x00F02800 */ + +/*! Invalid data-in text pointer. */ +#define CC_AES_KEYWRAP_DATA_IN_POINTER_INVALID_ERROR (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0x00UL) +/*! Invalid data-out text pointer. */ +#define CC_AES_KEYWRAP_DATA_OUT_POINTER_INVALID_ERROR (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0x01UL) +/*! Invalid key pointer. */ +#define CC_AES_KEYWRAP_INVALID_KEY_POINTER_ERROR (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0x02UL) +/*! Invalid key size. */ +#define CC_AES_KEYWRAP_ILLEGAL_KEY_SIZE_ERROR (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0x03UL) +/*! Illegal semiblocks number. */ +#define CC_AES_KEYWRAP_SEMIBLOCKS_NUM_ILLEGAL (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0x04UL) +/*! Invalid parameter pointer. */ +#define CC_AES_KEYWRAP_ILLEGAL_PARAMETER_PTR_ERROR (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0x05UL) +/*! Invalid encryption mode. */ +#define CC_AES_KEYWRAP_INVALID_ENCRYPT_MODE_ERROR (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0x06UL) +/*! Illegal data-in size. */ +#define CC_AES_KEYWRAP_DATA_IN_SIZE_ILLEGAL (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0x07UL) +/*! Illegal data-out size. */ +#define CC_AES_KEYWRAP_DATA_OUT_SIZE_ILLEGAL (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0x08UL) +/*! Illegal key-wrapping mode. */ +#define CC_AES_KEYWRAP_INVALID_KEYWRAP_MODE_ERROR (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0x09UL) +/*! Key Unwrap comparison failure. */ +#define CC_AES_KEYWRAP_UNWRAP_COMPARISON_ERROR (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0x0AUL) + +/*! Not supported. */ +#define CC_AES_KEYWRAP_IS_NOT_SUPPORTED (CC_AES_KEYWRAP_MODULE_ERROR_BASE + 0xFFUL) + +/************************ Enums ********************************/ + +/************************ Typedefs ****************************/ + +/************************ Structs *****************************/ + +/************************ Public Variables *********************/ + +/************************ Public Functions *********************/ + +#ifdef __cplusplus +} +#endif + +#endif /* _CC_AES_KEYWRAP_ERROR_H */ diff --git a/include/mbedtls_extra/mbedtls_cc_ec_mont_edw_error.h b/include/mbedtls_extra/mbedtls_cc_ec_mont_edw_error.h new file mode 100644 index 0000000..e572370 --- /dev/null +++ b/include/mbedtls_extra/mbedtls_cc_ec_mont_edw_error.h @@ -0,0 +1,84 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef _MBEDTLS_CC_EC_MONT_EDW_ERROR_H +#define _MBEDTLS_CC_EC_MONT_EDW_ERROR_H + + +/*! +@file +@brief This file contains the definitions of the CryptoCell ECC-25519 errors. +@defgroup cc_ecmontedw_error CryptoCell ECC-25519 errors +@{ +@ingroup cryptocell_api +*/ + +#include "cc_error.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + +/************************ Defines ******************************/ + +/********************************************************************************************************** + * CryptoCell ECC-25519 MODULE ERRORS base address - 0x00F02100 * + **********************************************************************************************************/ +/*! Illegal input pointer */ +#define CC_EC_EDW_INVALID_INPUT_POINTER_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x00UL) +/*! Illegal input size */ +#define CC_EC_EDW_INVALID_INPUT_SIZE_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x01UL) +/*! Illegal scalar size */ +#define CC_EC_EDW_INVALID_SCALAR_SIZE_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x02UL) +/*! Illegal scalar data */ +#define CC_EC_EDW_INVALID_SCALAR_DATA_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x03UL) +/*! Invalid RND context pointer */ +#define CC_EC_EDW_RND_CONTEXT_PTR_INVALID_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x04UL) +/*! Invalid RND generate vector functions pointer */ +#define CC_EC_EDW_RND_GEN_VECTOR_FUNC_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x05UL) +/*! Signing or verification operation failed */ +#define CC_EC_EDW_SIGN_VERIFY_FAILED_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x20UL) +/*! Illegal input pointer */ +#define CC_EC_MONT_INVALID_INPUT_POINTER_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x30UL) +/*! Illegal input size */ +#define CC_EC_MONT_INVALID_INPUT_SIZE_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x31UL) +/*! Illegal domain id */ +#define CC_EC_MONT_INVALID_DOMAIN_ID_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x32UL) +/*! Internal PKI error */ +#define CC_ECEDW_INTERNAL_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x33UL) +/*! Internal PKI error */ +#define CC_ECMONT_INTERNAL_ERROR (CC_EC_MONT_EDW_MODULE_ERROR_BASE + 0x34UL) + + +/************************************************************************************************************ + * NOT SUPPORTED MODULES ERROR IDs * + ************************************************************************************************************/ +/*! EC montgomery is not supported */ +#define CC_EC_MONT_IS_NOT_SUPPORTED (CC_ECPKI_MODULE_ERROR_BASE + 0xFEUL) +/*! EC edwards is not supported */ +#define CC_EC_EDW_IS_NOT_SUPPORTED (CC_ECPKI_MODULE_ERROR_BASE + 0xFFUL) + + + +/************************ Enums ********************************/ + +/************************ Typedefs ****************************/ + +/************************ Structs ******************************/ + +/************************ Public Variables **********************/ + +/************************ Public Functions **********************/ + +#ifdef __cplusplus +} +#endif +/** +@} +*/ +#endif//_MBEDTLS_CC_EC_MONT_EDW_ERROR_H diff --git a/include/mbedtls_extra/mbedtls_cc_ecies.h b/include/mbedtls_extra/mbedtls_cc_ecies.h new file mode 100644 index 0000000..0cfb323 --- /dev/null +++ b/include/mbedtls_extra/mbedtls_cc_ecies.h @@ -0,0 +1,181 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @addtogroup cc_ecies + @{ +*/ + +/*! + @file mbedtls_cc_ecies.h + + @brief This file contains the CryptoCell Elliptic Curve Integrated Encryption Scheme (ECIES) APIs. + */ + +#ifndef _MBEDTLS_CC_ECIES_H +#define _MBEDTLS_CC_ECIES_H + + +#include "cc_ecpki_types.h" +#include "cc_pal_types_plat.h" +#include "cc_kdf.h" +#include "mbedtls_cc_hkdf.h" +#include "mbedtls/ecp.h" + +#ifdef __cplusplus +extern "C" +{ +#endif +/*! The maximal length of the ECIES cipher in bytes. */ +#define MBEDTLS_ECIES_MAX_CIPHER_LEN_BYTES ((2*CC_ECPKI_MODUL_MAX_LENGTH_IN_WORDS + 1) * sizeof(int)) +/*! The minimal length of the ECIES buffer in bytes. */ +#define MBEDTLS_ECIES_MIN_BUFF_LEN_BYTES (sizeof(CCEciesTempData_t)) + +/*! + @brief A macro for creating and encrypting a secret key. + + For a description of the parameters see ::mbedtls_ecies_kem_encrypt_full. + */ +#define mbedtls_ecies_kem_encrypt(pGrp, pRecipPublKey, kdfDerivMode, kdfHashMode, \ + isSingleHashMode, pSecrKey, secrKeySize, \ + pCipherData, pCipherDataSize, pBuff, buffLen, \ + f_rng, p_rng) \ + mbedtls_ecies_kem_encrypt_full((pGrp), (pRecipPublKey), (kdfDerivMode), (kdfHashMode), \ + (isSingleHashMode), NULL, NULL, (pSecrKey), (secrKeySize), \ + (pCipherData), (pCipherDataSize), (pBuff), (buffLen), \ + f_rng, p_rng) + +/*! + @brief This function creates and encrypts (encapsulates) the secret key of + required size, according to ISO/IEC 18033-2:2006: Information technology + -- Security techniques -- Encryption algorithms -- Part 2: Asymmetric + ciphers, ECIES-KEM Encryption. + + To call this function in applications, the ::mbedtls_ecies_kem_encrypt macro + definition must be used. The function itself has the additional input of the + external ephemeral key pair, used only for testing purposes. + + @note Use KDF2 function mode for compliance with X9.63-2011: Public Key + Cryptography for the Financial Services Industry – Key Agreement and Key + Transport Using Elliptic Curve Cryptography. \par + + @note The term "sender" indicates an entity that creates and + encapsulates the secret key using this function. The term "recipient" + indicates another entity which receives and decrypts the secret key. \par + + @note All public and private keys that are used must relate to the same EC + Domain. \par + + @note The user must verify that the public key of the recipient is + on the elliptic curve before it is used in this function. + + @return CCError_t \c 0 on success. + */ +CCError_t mbedtls_ecies_kem_encrypt_full( + /*! [in] The ECP group to use. */ + mbedtls_ecp_group *pGrp, + /*! [in] A pointer to the public key of the recipient. */ + mbedtls_ecp_point *pRecipUzPublKey, + /*! [in] The KDF function mode to use: KDF1 or KDF2. For more + information, see CCKdfDerivFuncMode_t() in cc_kdf.h. */ + CCKdfDerivFuncMode_t kdfDerivMode, + /*! [in] The used hash function. */ + mbedtls_hkdf_hashmode_t kdfHashMode, + /*! [in] The specific ECIES mode, according to ISO/IEC 18033-2:2006: + Information technology -- Security techniques -- Encryption algorithms + -- Part 2: Asymmetric ciphers - section 10.2: 0: Not-single hash, + or 1: Single hash. */ + uint32_t isSingleHashMode, + /*! [in] A pointer to the ephemeral public key related to the private + key. Must be set to NULL if \p pExtEphUzPrivateKey = NULL. */ + mbedtls_ecp_point *pExtEphUzPublicKey, + /*! [in] The pointer to the external ephemeral private key. This key + is used only for testing the function. In regular use, the pointer + should be set to NULL and then the random key-pair should be generated + internally. */ + mbedtls_mpi *pExtEphUzPrivateKey, + /*! [in] A pointer to the buffer for the secret-key data to be + generated. */ + uint8_t *pSecrKey, + /*! [in] The size of the secret-key data in bytes. */ + size_t secrKeySize, + /*! [in] A pointer to the encrypted cipher text. */ + uint8_t *pCipherData, + /*! [in/out] In: A pointer to the size of the buffer for CipherData + output, or Out: The size of the buffer for CipherData output in + bytes. */ + size_t *pCipherDataSize, + /*! [in] A pointer to the temporary buffer. */ + void *pBuff, + /*! [in] The size of the buffer pointed by \p pBuff. Must not be less + than #MBEDTLS_ECIES_MIN_BUFF_LEN_BYTES. */ + size_t buffLen, + /*! [in] The RNG function required for generating a key pair when + \p pExtEphUzPublicKey and \p pExtEphUzPrivateKey are NULL */ + int (*f_rng)(void *, unsigned char *, size_t), + /*! [in] The RNG parameter. */ + void *p_rng + ); + +/*! + @brief This function decrypts the encapsulated secret key passed by the + sender, according to ISO/IEC 18033-2:2006: Information technology -- + Security techniques -- Encryption algorithms -- Part 2: Asymmetric + ciphers, sec. 10.2.4 - ECIES-KEM Decryption. + + @note The KDF2 function mode must be used for compliance with X9.63-2011: + Public Key Cryptography for the Financial Services Industry – Key Agreement + and Key Transport Using Elliptic Curve Cryptograph. \par + + @note The term "sender" indicates an entity that creates and + encapsulates the secret key using this function. The term "recipient" + indicates another entity which receives and decrypts the secret key. \par + + @note All public and private keys that are used must relate to the same EC + Domain. \par + + @return CCError_t \c 0 on success. + */ +CCError_t mbedtls_ecies_kem_decrypt( + /*! [in] The ECP group to use. */ + mbedtls_ecp_group *pGrp, + /*! [in] A pointer to the private key of the recipient. */ + mbedtls_mpi *pRecipUzPrivKey, + /*! [in] The KDF function mode to use: KDF1 or KDF2. For more + information, see CCKdfDerivFuncMode_t() in cc_kdf.h. */ + CCKdfDerivFuncMode_t kdfDerivMode, + /*! [in] The used hash function. */ + mbedtls_hkdf_hashmode_t kdfHashMode, + /*! [in] The specific ECIES mode definition: 0,1, according to + ISO/IEC 18033-2:2006: Information technology -- Security techniques + -- Encryption algorithms -- Part 2: Asymmetric ciphers - + section 10.2. */ + uint32_t isSingleHashMode, + /*! [in] A pointer to the received encrypted cipher data. */ + uint8_t *pCipherData, + /*! [in] The size of the cipher data in bytes. */ + size_t cipherDataSize, + /*! [in] A pointer to the buffer for the secret-key data to be + generated. */ + uint8_t *pSecrKey, + /*! [in] The size of the secret-key data in bytes. */ + size_t secrKeySize, + /*! [in] A pointer to the temporary buffer. */ + void *pBuff, + /*! [in] The size of the buffer pointed by \p pBuff. Must not be + less than #MBEDTLS_ECIES_MIN_BUFF_LEN_BYTES. */ + size_t buffLen + ); + + +#ifdef __cplusplus +} +#endif + +/*! + @} + */ +#endif diff --git a/include/mbedtls_extra/mbedtls_cc_hkdf.h b/include/mbedtls_extra/mbedtls_cc_hkdf.h new file mode 100644 index 0000000..6c1b7d0 --- /dev/null +++ b/include/mbedtls_extra/mbedtls_cc_hkdf.h @@ -0,0 +1,100 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @file + @brief This file contains the CryptoCell HKDF key-derivation function API. + + This function is as defined in + RFC-5869: HMAC-based Extract-and-Expand Key Derivation Function (HKDF). + */ + +/*! + @defgroup cc_hkdf CryptoCell HKDF key-derivation function API + @brief Contains the CryptoCell HMAC key-derivation function API. See mbedtls_cc_hkdf.h. + + @{ + @ingroup cryptocell_api + @} + */ + +#ifndef _MBEDTLS_CC_HKDF_H +#define _MBEDTLS_CC_HKDF_H + + +#ifdef __cplusplus +extern "C" +{ +#endif + +#include "cc_pal_types.h" + +/*! The maximal size of the HKDF key in words. */ +#define CC_HKDF_MAX_HASH_KEY_SIZE_IN_BYTES 512 + +/*! The maximal size of the HKDF hash-digest in Bytes. */ +#define CC_HKDF_MAX_HASH_DIGEST_SIZE_IN_BYTES CC_HASH_SHA512_DIGEST_SIZE_IN_BYTES + +/************************ Defines ******************************/ + +/************************ Enums ********************************/ +/*! Supported HKDF hash modes. */ +typedef enum +{ + /*! SHA-1 mode. */ + CC_HKDF_HASH_SHA1_mode = 0, + /*! SHA-224 mode. */ + CC_HKDF_HASH_SHA224_mode = 1, + /*! SHA-256 mode. */ + CC_HKDF_HASH_SHA256_mode = 2, + /*! SHA-384 mode. */ + CC_HKDF_HASH_SHA384_mode = 3, + /*! SHA-512 mode. */ + CC_HKDF_HASH_SHA512_mode = 4, + /*! The maximal number of hash modes. */ + CC_HKDF_HASH_NumOfModes, + /*! Reserved. */ + CC_HKDF_HASH_OpModeLast = 0x7FFFFFFF, + +}mbedtls_hkdf_hashmode_t; + +/************************ Typedefs ****************************/ + +/************************ Structs ******************************/ + +/************************ Public Variables **********************/ + +/************************ Public Functions **********************/ + +/****************************************************************/ + + +/*********************************************************************************************************/ +/*! + @brief mbedtls_hkdf_key_derivation() performs the HMAC-based key derivation, as define by + RFC-5869: HMAC-based Extract-and-Expand Key Derivation Function (HKDF). + + @return \c CC_OK on success. + @return A non-zero value on failure as defined in cc_kdf_error.h, or in md.h. +*/ +CCError_t mbedtls_hkdf_key_derivation( + mbedtls_hkdf_hashmode_t HKDFhashMode, /*!< [in] The HKDF identifier of the hash function to be used. */ + uint8_t* Salt_ptr, /*!< [in] A pointer to a non-secret random value. Can be NULL. */ + size_t SaltLen, /*!< [in] The size of the \p Salt_ptr. */ + uint8_t* Ikm_ptr, /*!< [in] A pointer to an input key message. */ + uint32_t IkmLen, /*!< [in] The size of the input key message */ + uint8_t* Info, /*!< [in] A pointer to an optional context and application-specific information. Can be NULL */ + uint32_t InfoLen, /*!< [in] The size of the application-specific information. */ + uint8_t* Okm, /*!< [in] A pointer to an output key material. */ + uint32_t OkmLen, /*!< [in] The size of the output key material. */ + CCBool IsStrongKey /*!< [in] If TRUE, no need to perform the extraction phase. */ +); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/mbedtls_extra/mbedtls_cc_hkdf_error.h b/include/mbedtls_extra/mbedtls_cc_hkdf_error.h new file mode 100644 index 0000000..f322c57 --- /dev/null +++ b/include/mbedtls_extra/mbedtls_cc_hkdf_error.h @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @file + @brief This file contains the error definitions of the CryptoCell HKDF APIs. + */ + +/*! + @defgroup cc_hkdf_error Specific errors of the HKDF key-derivation APIs + @brief Contains the CryptoCell HKDF-API error definitions. See mbedtls_cc_hkdf_error.h. + @{ + @ingroup cc_hkdf + @} + */ + +#ifndef _MBEDTLS_CC_HKDF_ERROR_H +#define _MBEDTLS_CC_HKDF_ERROR_H + +#include "cc_error.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/************************ Defines *******************************/ + +/* The base address for the CryptoCell HKDF module errors - 0x00F01100. */ +/*! Invalid argument. */ +#define CC_HKDF_INVALID_ARGUMENT_POINTER_ERROR (CC_HKDF_MODULE_ERROR_BASE + 0x0UL) +/*! Invalid argument size. */ +#define CC_HKDF_INVALID_ARGUMENT_SIZE_ERROR (CC_HKDF_MODULE_ERROR_BASE + 0x1UL) +/*! Illegal hash mode. */ +#define CC_HKDF_INVALID_ARGUMENT_HASH_MODE_ERROR (CC_HKDF_MODULE_ERROR_BASE + 0x3UL) +/*! HKDF not supported. */ +#define CC_HKDF_IS_NOT_SUPPORTED (CC_HKDF_MODULE_ERROR_BASE + 0xFFUL) + +/************************ Enums *********************************/ + +/************************ Typedefs *****************************/ + +/************************ Structs ******************************/ + +/************************ Public Variables **********************/ + +/************************ Public Functions **********************/ + + + + +#ifdef __cplusplus +} +#endif + +#endif //_MBEDTLS_CC_HKDF_ERROR_H diff --git a/include/mbedtls_extra/mbedtls_cc_srp.h b/include/mbedtls_extra/mbedtls_cc_srp.h new file mode 100644 index 0000000..7282e17 --- /dev/null +++ b/include/mbedtls_extra/mbedtls_cc_srp.h @@ -0,0 +1,397 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + + /*! + @addtogroup cc_srp + @{ + */ + +/*! + @file + @brief This file contains all of the CryptoCell SRP APIs, their enums and + definitions. + */ + +#ifndef _MBEDTLS_CC_SRP_H +#define _MBEDTLS_CC_SRP_H + +#include "cc_pal_types.h" +#include "cc_error.h" +#include "cc_pka_defs_hw.h" +#include "cc_hash_defs.h" +#include "cc_rnd_common.h" + + +#ifdef __cplusplus +extern "C" +{ +#endif + +/*!\internal The following describes the SRP APIs usage for the Device and the Accessory :* + + Device (User) Accessory (Host) +* -------------- ----------------- + + 1. CC_SRP_HK_INIT(CC_SRP_USER, .......) CC_SRP_HK_INIT(CC_SRP_HOST, .....) + + 2. CC_SrpPwdVerCreate(..) + + 3. CC_SrpUserPubKeyCreate(..) CC_SrpHostPubKeyCreate(..) + + 4. CC_SrpUserProofCalc(..) + + 5. CC_SrpHostProofVerifyAndCalc(..) + + 6. CC_SrpUserProofVerify(..) + + 7. CC_SrpClear(..) CC_SrpClear(..) + + */ + +/************************ Defines ******************************/ +/* The SRP modulus sizes. */ +/*! SRP modulus size of 1024 bits. */ +#define CC_SRP_MODULUS_SIZE_1024_BITS 1024 +/*! SRP modulus size of 1536 bits. */ +#define CC_SRP_MODULUS_SIZE_1536_BITS 1536 +/*! SRP modulus size of 2048 bits. */ +#define CC_SRP_MODULUS_SIZE_2048_BITS 2048 +/*! SRP modulus size of 3072 bits. */ +#define CC_SRP_MODULUS_SIZE_3072_BITS 3072 + +/*! The maximal size of the SRP modulus in bits. */ +#define CC_SRP_MAX_MODULUS_IN_BITS CC_SRP_MODULUS_SIZE_3072_BITS +/*! The maximal size of the SRP modulus in bytes. */ +#define CC_SRP_MAX_MODULUS (CC_SRP_MAX_MODULUS_IN_BITS/CC_BITS_IN_BYTE) +/*! The maximal size of the SRP modulus in words. */ +#define CC_SRP_MAX_MODULUS_IN_WORDS (CC_SRP_MAX_MODULUS_IN_BITS/CC_BITS_IN_32BIT_WORD) + +/* SRP private number size range. */ +/*! The minimal size of the SRP private number in bits. */ +#define CC_SRP_PRIV_NUM_MIN_SIZE_IN_BITS (256) +/*! The minimal size of the SRP private number in bytes. */ +#define CC_SRP_PRIV_NUM_MIN_SIZE (CC_SRP_PRIV_NUM_MIN_SIZE_IN_BITS/CC_BITS_IN_BYTE) +/*! The minimal size of the SRP private number in words. */ +#define CC_SRP_PRIV_NUM_MIN_SIZE_IN_WORDS (CC_SRP_PRIV_NUM_MIN_SIZE_IN_BITS/CC_BITS_IN_32BIT_WORD) +/*! The maximal size of the SRP private number in bits. */ +#define CC_SRP_PRIV_NUM_MAX_SIZE_IN_BITS (CC_SRP_MAX_MODULUS_IN_BITS) +/*! The maximal size of the SRP private number in bytes. */ +#define CC_SRP_PRIV_NUM_MAX_SIZE (CC_SRP_PRIV_NUM_MAX_SIZE_IN_BITS/CC_BITS_IN_BYTE) +/*! The maximal size of the SRP private number in words. */ +#define CC_SRP_PRIV_NUM_MAX_SIZE_IN_WORDS (CC_SRP_PRIV_NUM_MAX_SIZE_IN_BITS/CC_BITS_IN_32BIT_WORD) + +/*! The maximal size of the SRP hash digest in words. */ +#define CC_SRP_MAX_DIGEST_IN_WORDS CC_HASH_RESULT_SIZE_IN_WORDS +/*! The maximal size of the SRP hash digest in bytes. */ +#define CC_SRP_MAX_DIGEST (CC_SRP_MAX_DIGEST_IN_WORDS*CC_32BIT_WORD_SIZE) + +/*! The minimal size of the salt in bytes. */ +#define CC_SRP_MIN_SALT_SIZE (8) +/*! The minimal size of the salt in words. */ +#define CC_SRP_MIN_SALT_SIZE_IN_WORDS (CC_SRP_MIN_SALT_SIZE/CC_32BIT_WORD_SIZE) +/*! The maximal size of the salt in bytes. */ +#define CC_SRP_MAX_SALT_SIZE (64) +/*! The maximal size of the salt in words. */ +#define CC_SRP_MAX_SALT_SIZE_IN_WORDS (CC_SRP_MAX_SALT_SIZE/CC_32BIT_WORD_SIZE) + +/************************ Typedefs ****************************/ +/*! The definition of the SRP modulus buffer. */ +typedef uint8_t mbedtls_srp_modulus[CC_SRP_MAX_MODULUS]; + +/*! The definition of the SRP digest buffer. */ +typedef uint8_t mbedtls_srp_digest[CC_SRP_MAX_DIGEST]; + +/*! The definition of the SRP session key. */ +typedef uint8_t mbedtls_srp_sessionKey[2*CC_SRP_MAX_DIGEST]; + +/************************ Enums ********************************/ + +/*! Supported SRP versions. */ +typedef enum { + /*! SRP version 3. */ + CC_SRP_VER_3 = 0, + /*! SRP version 6. */ + CC_SRP_VER_6 = 1, + /*! SRP version 6A. */ + CC_SRP_VER_6A = 2, + /*! SRP version HK. */ + CC_SRP_VER_HK = 3, +/*! The maximal number of supported versions. */ + CC_SRP_NumOfVersions, + /*! Reserved.*/ + CC_SRP_VersionLast= 0x7FFFFFFF, +}mbedtls_srp_version_t; + +/*! SRP entity types. */ +typedef enum { + /*! The host entity, also known as server, verifier, or accessory. */ + CC_SRP_HOST = 1, + /*! The user entity, also known as client, or device. */ + CC_SRP_USER = 2, + /*! The maximal number of entities types. */ + CC_SRP_NumOfEntityType, + /*! Reserved. */ + CC_SRP_EntityLast= 0x7FFFFFFF, +}mbedtls_srp_entity_t; + +/************************ Structs ******************************/ + +/*! + @brief Group parameters for the SRP. + + Defines the modulus and the generator used. + */ +typedef struct mbedtls_srp_group_param { + /*! The SRP modulus. */ + mbedtls_srp_modulus modulus; + /*! The SRP generator. */ + uint8_t gen; + /*! The size of the SRP modulus in bits. */ + size_t modSizeInBits; + /*! The valid SRP Np. */ + uint32_t validNp; + /*! The SRP Np buffer. */ + uint32_t Np[CC_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS]; +}mbedtls_srp_group_param; + +/************************ context Structs ******************************/ +/*! The SRP context prototype */ +typedef struct mbedtls_srp_context { + /*! The SRP entitiy type. */ + mbedtls_srp_entity_t srpType; + /*! The SRP version. */ + mbedtls_srp_version_t srpVer; + /*! The group parameter including the modulus information. */// N, g, Np + mbedtls_srp_group_param groupParam; + /*! The hash mode. */ + CCHashOperationMode_t hashMode; + /*! The hash digest size. */ + size_t hashDigestSize; + /*! The session key size. */ + size_t sessionKeySize; + /*! A pointer to the RND context. */ + CCRndContext_t *pRndCtx; + /*! The modulus. */ // a or b + mbedtls_srp_modulus ephemPriv; + /*! The modulus size. */ + size_t ephemPrivSize; + /*! The user-name digest. */// M + mbedtls_srp_digest userNameDigest; + /*! The cred digest. */ // p + mbedtls_srp_digest credDigest; + /*! The SRP K multiplier. */ // k multiplier + mbedtls_srp_digest kMult; +}mbedtls_srp_context; + + +/************************ SRP common Functions **********************/ +/*****************************************************************************/ +/*! + @brief This function initiates the SRP context. + + @return \c CC_OK on success. + @return A non-zero value on failure as defined in mbedtls_cc_srp_error.h. + */ +CIMPORT_C CCError_t mbedtls_srp_init( + /*! [in] The SRP entity type. */ + mbedtls_srp_entity_t srpType, + /*! [in] The SRP version. */ + mbedtls_srp_version_t srpVer, + /*! [in] A pointer to the SRP modulus, BE Byte buffer. */ + mbedtls_srp_modulus srpModulus, + /*! [in] The SRP generator param. */ + uint8_t srpGen, + /*! [in] The size of the SRP modulus in bits. Valid values are: 1024 + bits, 1536 bits, 2048 bits, or 3072 bits. */ + size_t modSizeInBits, + /*! [in] The hash mode. */ + CCHashOperationMode_t hashMode, + /*! [in] A pointer to the username. */ + uint8_t *pUserName, + /*! [in] The size of the username buffer. Must be larger than 0. */ + size_t userNameSize, + /*! [in] A pointer to the user password. */ + uint8_t *pPwd, + /*! [in] The size of the user-password buffer. Must be larger than 0 + if \p pPwd is valid. */ + size_t pwdSize, + /*! [in] A pointer to the RND context. */ + CCRndContext_t *pRndCtx, + /*! [out] A pointer to the SRP host context. */ + mbedtls_srp_context *pCtx +); + +/*! Macro definition for a specific SRP-initialization function. */ +#define CC_SRP_HK_INIT(srpType, srpModulus, srpGen, modSizeInBits, pUserName, userNameSize, pPwd, pwdSize, pRndCtx, pCtx) \ + mbedtls_srp_init(srpType, CC_SRP_VER_HK, srpModulus, srpGen, modSizeInBits, CC_HASH_SHA512_mode, pUserName, userNameSize, pPwd, pwdSize, pRndCtx, pCtx) + + +/*****************************************************************************/ +/*! + @brief This function calculates \p pSalt and \p pwdVerifier. + + @return \c CC_OK on success. + @return A non-zero value on failure, as defined in mbedtls_cc_srp_error.h, + cc_rnd_error.h. + */ +CIMPORT_C CCError_t mbedtls_srp_pwd_ver_create( + /*! [in] The size of the random salt to generate. The range is between + #CC_SRP_MIN_SALT_SIZE and #CC_SRP_MAX_SALT_SIZE. */ + size_t saltSize, + /*! [out] A pointer to the \p pSalt number (s). */ + uint8_t *pSalt, + /*! [out] A pointer to the password verifier (v). */ + mbedtls_srp_modulus pwdVerifier, + /*! [out] A pointer to the SRP context. */ + mbedtls_srp_context *pCtx +); + + +/*****************************************************************************/ +/*! + @brief This function clears the SRP context. + + @return \c CC_OK on success. + @return A non-zero value on failure, as defined in mbedtls_cc_srp_error.h. + */ +CIMPORT_C CCError_t mbedtls_srp_clear( + /*! [in/out] A pointer to the SRP context. */ + mbedtls_srp_context *pCtx +); + + +/************************ SRP Host Functions **********************/ +/*****************************************************************************/ +/*! + @brief This function generates the public and private host ephemeral keys, + known as B and b in RFC 5054 Using the Secure Remote Password (SRP) + Protocol for TLS Authentication. + + @return \c CC_OK on success. + @return A non-zero value on failure, as defined in mbedtls_cc_srp_error.h or + cc_rnd_error.h. + */ +CIMPORT_C CCError_t mbedtls_srp_host_pub_key_create( + /*! [in] The size of the generated ephemeral private key (b). The range + is between #CC_SRP_PRIV_NUM_MIN_SIZE and #CC_SRP_PRIV_NUM_MAX_SIZE */ + size_t ephemPrivSize, + /*! [in] A pointer to the verifier (v). */ + mbedtls_srp_modulus pwdVerifier, + /*! [out] A pointer to the host ephemeral public key (B). */ + mbedtls_srp_modulus hostPubKeyB, + /*! [in/out] A pointer to the SRP context. */ + mbedtls_srp_context *pCtx +); + + +/*! + @brief This function verifies the user proof, and calculates the host-message + proof. + + @return \c CC_OK on success. + @return A non-zero value on failure, as defined in mbedtls_cc_srp_error.h. + */ +CIMPORT_C CCError_t mbedtls_srp_host_proof_verify_and_calc( + /*! [in] The size of the random salt. The range is between + #CC_SRP_MIN_SALT_SIZE and #CC_SRP_MAX_SALT_SIZE. */ + size_t saltSize, + /*! [in] A pointer to the pSalt number. */ + uint8_t *pSalt, + /*! [in] A pointer to the password verifier (v). */ + mbedtls_srp_modulus pwdVerifier, + /*! [in] A pointer to the ephemeral public key of the user (A). */ + mbedtls_srp_modulus userPubKeyA, + /*! [in] A pointer to the ephemeral public key of the host (B). */ + mbedtls_srp_modulus hostPubKeyB, + /*! [in] A pointer to the SRP user-proof buffer (M1). */ + mbedtls_srp_digest userProof, + /*! [out] A pointer to the SRP host-proof buffer (M2). */ + mbedtls_srp_digest hostProof, + /*! [out] A pointer to the SRP session key (K). */ + mbedtls_srp_sessionKey sessionKey, + /*! [in] A pointer to the SRP context. */ + mbedtls_srp_context *pCtx +); + + + +/************************ SRP User Functions **********************/ +/*****************************************************************************/ +/*! + @brief This function generates public and private user ephemeral keys, known + as A and a in RFC 5054 Using the Secure Remote Password (SRP) Protocol + for TLS Authentication. + + @return \c CC_OK on success. + @return A non-zero value on failure, as defined in mbedtls_cc_srp_error.h or + cc_rnd_error.h. + */ +CIMPORT_C CCError_t mbedtls_srp_user_pub_key_create( + /*! [in] The size of the generated ephemeral private key (a). The range + is between #CC_SRP_PRIV_NUM_MIN_SIZE and #CC_SRP_PRIV_NUM_MAX_SIZE. + The size must be 32 bit aligned */ + size_t ephemPrivSize, + /*! [out] A pointer to the user ephemeral public key (A). */ + mbedtls_srp_modulus userPubKeyA, + /*! [in/out] A pointer to the SRP context. */ + mbedtls_srp_context *pCtx +); + + +/*****************************************************************************/ +/*! + @brief This function calculates the user proof. + + @return \c CC_OK on success. + @return A non-zero value on failure, as defined in mbedtls_cc_srp_error.h. + */ +CIMPORT_C CCError_t mbedtls_srp_user_proof_calc( + /*! [in] The size of the random salt. The range is between + #CC_SRP_MIN_SALT_SIZE and #CC_SRP_MAX_SALT_SIZE. */ + size_t saltSize, + /*! [in] A pointer to the pSalt number. */ + uint8_t *pSalt, + /*! [in] A pointer to the public ephmeral key of the user (A). */ + mbedtls_srp_modulus userPubKeyA, + /*! [in] A pointer to the public ephmeral key of the host (B). */ + mbedtls_srp_modulus hostPubKeyB, + /*! [out] A pointer to the SRP user proof buffer (M1). */ + mbedtls_srp_digest userProof, + /*! [out] A pointer to the SRP session key (K). */ + mbedtls_srp_sessionKey sessionKey, + /*! [out] A pointer to the SRP context. */ + mbedtls_srp_context *pCtx +); + +/*****************************************************************************/ +/*! + @brief This function verifies the host proof. + + @return \c CC_OK on success. + @return A non-zero value on failure, as defined in mbedtls_cc_srp_error.h. + */ +CIMPORT_C CCError_t mbedtls_srp_user_proof_verify( + /*! [in] A pointer to the SRP session key (K). */ + mbedtls_srp_sessionKey sessionKey, + /*! [in] A pointer to the public ephmeral key of the user (A). */ + mbedtls_srp_modulus userPubKeyA, + /*! [in] A pointer to the SRP user proof buffer (M1). */ + mbedtls_srp_digest userProof, + /*! [in] A pointer to the SRP host proof buffer (M2). */ + mbedtls_srp_digest hostProof, + /*! [out] A pointer to the SRP user context. */ + mbedtls_srp_context *pCtx +); + + +#ifdef __cplusplus +} +#endif + +/*! + @} + */ +#endif /* #ifndef _MBEDTLS_CC_SRP_H */ diff --git a/include/mbedtls_extra/mbedtls_cc_srp_error.h b/include/mbedtls_extra/mbedtls_cc_srp_error.h new file mode 100644 index 0000000..9e28780 --- /dev/null +++ b/include/mbedtls_extra/mbedtls_cc_srp_error.h @@ -0,0 +1,62 @@ +/* + * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/*! + @addtogroup cc_srp_errors + @{ + */ + +/*! + @file + @brief This file contains the error definitions of the CryptoCell SRP APIs. + */ + + +#ifndef _MBEDTLS_CC_SRP_ERROR_H +#define _MBEDTLS_CC_SRP_ERROR_H + + +#include "cc_error.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +/************************ Defines ******************************/ + +/* The base address errors of the CryptoCell SRP module - 0x00F02600 */ +/*! Illegal parameter. */ +#define CC_SRP_PARAM_INVALID_ERROR (CC_SRP_MODULE_ERROR_BASE + 0x01UL) +/*! Illegal modulus size. */ +#define CC_SRP_MOD_SIZE_INVALID_ERROR (CC_SRP_MODULE_ERROR_BASE + 0x02UL) +/*! Illegal state (uninitialized) . */ +#define CC_SRP_STATE_UNINITIALIZED_ERROR (CC_SRP_MODULE_ERROR_BASE + 0x03UL) +/*! Result validation error. */ +#define CC_SRP_RESULT_ERROR (CC_SRP_MODULE_ERROR_BASE + 0x04UL) +/*! Invalid parameter. */ +#define CC_SRP_PARAM_ERROR (CC_SRP_MODULE_ERROR_BASE + 0x05UL) +/*! Internal PKI error. */ +#define CC_SRP_INTERNAL_ERROR (CC_SRP_MODULE_ERROR_BASE + 0x06UL) + +/************************ Enums ********************************/ + +/************************ Typedefs ****************************/ + +/************************ Structs *****************************/ + +/************************ Public Variables *********************/ + +/************************ Public Functions *********************/ + +#ifdef __cplusplus +} +#endif + +/*! + @} + */ +#endif //_MBEDTLS_CC_SRP_ERROR_H diff --git a/include/nrf-config-cc310.h b/include/nrf-config-cc310.h new file mode 100644 index 0000000..df0ebe8 --- /dev/null +++ b/include/nrf-config-cc310.h @@ -0,0 +1,3328 @@ +/** + * \file mbedtls_config.h + * + * \brief Configuration options (set of defines) + * + * This set of compile-time options may be used to enable + * or disable features selectively, and reduce the global + * memory footprint. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * This is an optional version symbol that enables comatibility handling of + * config files. + * + * It is equal to the #MBEDTLS_VERSION_NUMBER of the Mbed TLS version that + * introduced the config format we want to be compatible with. + */ +//#define MBEDTLS_CONFIG_VERSION 0x03000000 + +/** + * \name SECTION: System support + * + * This section sets system specific settings. + * \{ + */ + +/** + * \def MBEDTLS_HAVE_ASM + * + * The compiler has support for asm(). + * + * Requires support for asm() in compiler. + * + * Used in: + * library/aria.c + * library/bn_mul.h + * + * Required by: + * MBEDTLS_AESNI_C + * MBEDTLS_PADLOCK_C + * + * Comment to disable the use of assembly code. + */ +#define MBEDTLS_HAVE_ASM + +/** + * \def MBEDTLS_NO_UDBL_DIVISION + * + * The platform lacks support for double-width integer division (64-bit + * division on a 32-bit platform, 128-bit division on a 64-bit platform). + * + * Used in: + * include/mbedtls/bignum.h + * library/bignum.c + * + * The bignum code uses double-width division to speed up some operations. + * Double-width division is often implemented in software that needs to + * be linked with the program. The presence of a double-width integer + * type is usually detected automatically through preprocessor macros, + * but the automatic detection cannot know whether the code needs to + * and can be linked with an implementation of division for that type. + * By default division is assumed to be usable if the type is present. + * Uncomment this option to prevent the use of double-width division. + * + * Note that division for the native integer type is always required. + * Furthermore, a 64-bit type is always required even on a 32-bit + * platform, but it need not support multiplication or division. In some + * cases it is also desirable to disable some double-width operations. For + * example, if double-width division is implemented in software, disabling + * it can reduce code size in some embedded targets. + */ +#define MBEDTLS_NO_UDBL_DIVISION + +/** + * \def MBEDTLS_NO_64BIT_MULTIPLICATION + * + * The platform lacks support for 32x32 -> 64-bit multiplication. + * + * Used in: + * library/poly1305.c + * + * Some parts of the library may use multiplication of two unsigned 32-bit + * operands with a 64-bit result in order to speed up computations. On some + * platforms, this is not available in hardware and has to be implemented in + * software, usually in a library provided by the toolchain. + * + * Sometimes it is not desirable to have to link to that library. This option + * removes the dependency of that library on platforms that lack a hardware + * 64-bit multiplier by embedding a software implementation in Mbed TLS. + * + * Note that depending on the compiler, this may decrease performance compared + * to using the library function provided by the toolchain. + */ +//#define MBEDTLS_NO_64BIT_MULTIPLICATION + +/** + * \def MBEDTLS_HAVE_SSE2 + * + * CPU supports SSE2 instruction set. + * + * Uncomment if the CPU supports SSE2 (IA-32 specific). + */ +//#define MBEDTLS_HAVE_SSE2 + +/** + * \def MBEDTLS_HAVE_TIME + * + * System has time.h and time(). + * The time does not need to be correct, only time differences are used, + * by contrast with MBEDTLS_HAVE_TIME_DATE + * + * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT, + * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and + * MBEDTLS_PLATFORM_STD_TIME. + * + * Comment if your system does not support time functions + */ +//#define MBEDTLS_HAVE_TIME + +/** + * \def MBEDTLS_HAVE_TIME_DATE + * + * System has time.h, time(), and an implementation for + * mbedtls_platform_gmtime_r() (see below). + * The time needs to be correct (not necessarily very accurate, but at least + * the date should be correct). This is used to verify the validity period of + * X.509 certificates. + * + * Comment if your system does not have a correct clock. + * + * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that + * behaves similarly to the gmtime_r() function from the C standard. Refer to + * the documentation for mbedtls_platform_gmtime_r() for more information. + * + * \note It is possible to configure an implementation for + * mbedtls_platform_gmtime_r() at compile-time by using the macro + * MBEDTLS_PLATFORM_GMTIME_R_ALT. + */ +//#define MBEDTLS_HAVE_TIME_DATE + +/** + * \def MBEDTLS_PLATFORM_MEMORY + * + * Enable the memory allocation layer. + * + * By default mbed TLS uses the system-provided calloc() and free(). + * This allows different allocators (self-implemented or provided) to be + * provided to the platform abstraction layer. + * + * Enabling MBEDTLS_PLATFORM_MEMORY without the + * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide + * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and + * free() function pointer at runtime. + * + * Enabling MBEDTLS_PLATFORM_MEMORY and specifying + * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the + * alternate function at compile time. + * + * Requires: MBEDTLS_PLATFORM_C + * + * Enable this layer to allow use of alternative memory allocators. + */ +#define MBEDTLS_PLATFORM_MEMORY + +/** + * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS + * + * Do not assign standard functions in the platform layer (e.g. calloc() to + * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) + * + * This makes sure there are no linking errors on platforms that do not support + * these functions. You will HAVE to provide alternatives, either at runtime + * via the platform_set_xxx() functions or at compile time by setting + * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a + * MBEDTLS_PLATFORM_XXX_MACRO. + * + * Requires: MBEDTLS_PLATFORM_C + * + * Uncomment to prevent default assignment of standard functions in the + * platform layer. + */ +//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS + +/** + * \def MBEDTLS_PLATFORM_EXIT_ALT + * + * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the + * function in the platform abstraction layer. + * + * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will + * provide a function "mbedtls_platform_set_printf()" that allows you to set an + * alternative printf function pointer. + * + * All these define require MBEDTLS_PLATFORM_C to be defined! + * + * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; + * it will be enabled automatically by check_config.h + * + * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as + * MBEDTLS_PLATFORM_XXX_MACRO! + * + * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME + * + * Uncomment a macro to enable alternate implementation of specific base + * platform function + */ +//#define MBEDTLS_PLATFORM_EXIT_ALT +//#define MBEDTLS_PLATFORM_TIME_ALT +//#define MBEDTLS_PLATFORM_FPRINTF_ALT +//#define MBEDTLS_PLATFORM_PRINTF_ALT +//#define MBEDTLS_PLATFORM_SNPRINTF_ALT +//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT +//#define MBEDTLS_PLATFORM_NV_SEED_ALT +#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT + +/** + * \def MBEDTLS_DEPRECATED_WARNING + * + * Mark deprecated functions and features so that they generate a warning if + * used. Functionality deprecated in one version will usually be removed in the + * next version. You can enable this to help you prepare the transition to a + * new major version by making sure your code is not using this functionality. + * + * This only works with GCC and Clang. With other compilers, you may want to + * use MBEDTLS_DEPRECATED_REMOVED + * + * Uncomment to get warnings on using deprecated functions and features. + */ +//#define MBEDTLS_DEPRECATED_WARNING + +/** + * \def MBEDTLS_DEPRECATED_REMOVED + * + * Remove deprecated functions and features so that they generate an error if + * used. Functionality deprecated in one version will usually be removed in the + * next version. You can enable this to help you prepare the transition to a + * new major version by making sure your code is not using this functionality. + * + * Uncomment to get errors on using deprecated functions and features. + */ +//#define MBEDTLS_DEPRECATED_REMOVED + +/* \} name SECTION: System support */ + +/** + * \name SECTION: mbed TLS feature support + * + * This section sets support for features that are or are not needed + * within the modules that are enabled. + * \{ + */ + +/** + * \def MBEDTLS_TIMING_ALT + * + * Uncomment to provide your own alternate implementation for + * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() + * + * Only works if you have MBEDTLS_TIMING_C enabled. + * + * You will need to provide a header "timing_alt.h" and an implementation at + * compile time. + */ +//#define MBEDTLS_TIMING_ALT + +/** + * \def MBEDTLS_AES_ALT + * + * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your + * alternate core implementation of a symmetric crypto, an arithmetic or hash + * module (e.g. platform specific assembly optimized implementations). Keep + * in mind that the function prototypes should remain the same. + * + * This replaces the whole module. If you only want to replace one of the + * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. + * + * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer + * provide the "struct mbedtls_aes_context" definition and omit the base + * function declarations and implementations. "aes_alt.h" will be included from + * "aes.h" to include the new function definitions. + * + * Uncomment a macro to enable alternate implementation of the corresponding + * module. + * + * \warning MD5, DES and SHA-1 are considered weak and their + * use constitutes a security risk. If possible, we recommend + * avoiding dependencies on them, and considering stronger message + * digests and ciphers instead. + * + */ +#define MBEDTLS_AES_ALT +//#define MBEDTLS_ARC4_ALT +//#define MBEDTLS_ARIA_ALT +//#define MBEDTLS_CAMELLIA_ALT +#define MBEDTLS_CCM_ALT +#define MBEDTLS_CHACHA20_ALT +#define MBEDTLS_CHACHAPOLY_ALT +#define MBEDTLS_CMAC_ALT +//#define MBEDTLS_DES_ALT +#define MBEDTLS_DHM_ALT +//#define MBEDTLS_ECJPAKE_ALT +//#define MBEDTLS_GCM_ALT +//#define MBEDTLS_NIST_KW_ALT +//#define MBEDTLS_MD5_ALT +#define MBEDTLS_POLY1305_ALT +//#define MBEDTLS_RIPEMD160_ALT +#define MBEDTLS_RSA_ALT +#define MBEDTLS_SHA1_ALT +#define MBEDTLS_SHA256_ALT +//#define MBEDTLS_SHA512_ALT + +/* + * When replacing the elliptic curve module, pleace consider, that it is + * implemented with two .c files: + * - ecp.c + * - ecp_curves.c + * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT + * macros as described above. The only difference is that you have to make sure + * that you provide functionality for both .c files. + */ +#define MBEDTLS_ECP_ALT + +/** + * \def MBEDTLS_SHA256_PROCESS_ALT + * + * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you + * alternate core implementation of symmetric crypto or hash function. Keep in + * mind that function prototypes should remain the same. + * + * This replaces only one function. The header file from mbed TLS is still + * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. + * + * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will + * no longer provide the mbedtls_sha1_process() function, but it will still provide + * the other function (using your mbedtls_sha1_process() function) and the definition + * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible + * with this definition. + * + * \note If you use the AES_xxx_ALT macros, then it is recommended to also set + * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES + * tables. + * + * Uncomment a macro to enable alternate implementation of the corresponding + * function. + * + * \warning MD5, DES and SHA-1 are considered weak and their use + * constitutes a security risk. If possible, we recommend avoiding + * dependencies on them, and considering stronger message digests + * and ciphers instead. + * + * \warning If both MBEDTLS_ECDSA_SIGN_ALT and MBEDTLS_ECDSA_DETERMINISTIC are + * enabled, then the deterministic ECDH signature functions pass the + * the static HMAC-DRBG as RNG to mbedtls_ecdsa_sign(). Therefore + * alternative implementations should use the RNG only for generating + * the ephemeral key and nothing else. If this is not possible, then + * MBEDTLS_ECDSA_DETERMINISTIC should be disabled and an alternative + * implementation should be provided for mbedtls_ecdsa_sign_det_ext(). + * + */ +//#define MBEDTLS_MD5_PROCESS_ALT +//#define MBEDTLS_RIPEMD160_PROCESS_ALT +//#define MBEDTLS_SHA1_PROCESS_ALT +//#define MBEDTLS_SHA256_PROCESS_ALT +//#define MBEDTLS_SHA512_PROCESS_ALT +//#define MBEDTLS_DES_SETKEY_ALT +//#define MBEDTLS_DES_CRYPT_ECB_ALT +//#define MBEDTLS_DES3_CRYPT_ECB_ALT +//#define MBEDTLS_AES_SETKEY_ENC_ALT +//#define MBEDTLS_AES_SETKEY_DEC_ALT +//#define MBEDTLS_AES_ENCRYPT_ALT +//#define MBEDTLS_AES_DECRYPT_ALT +#define MBEDTLS_ECDH_GEN_PUBLIC_ALT +#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT +#define MBEDTLS_ECDSA_VERIFY_ALT +#define MBEDTLS_ECDSA_SIGN_ALT +#define MBEDTLS_ECDSA_GENKEY_ALT + +/** + * \def MBEDTLS_ECP_INTERNAL_ALT + * + * Expose a part of the internal interface of the Elliptic Curve Point module. + * + * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your + * alternative core implementation of elliptic curve arithmetic. Keep in mind + * that function prototypes should remain the same. + * + * This partially replaces one function. The header file from mbed TLS is still + * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation + * is still present and it is used for group structures not supported by the + * alternative. + * + * The original implementation can in addition be removed by setting the + * MBEDTLS_ECP_NO_FALLBACK option, in which case any function for which the + * corresponding MBEDTLS_ECP__FUNCTION_NAME__ALT macro is defined will not be + * able to fallback to curves not supported by the alternative implementation. + * + * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT + * and implementing the following functions: + * unsigned char mbedtls_internal_ecp_grp_capable( + * const mbedtls_ecp_group *grp ) + * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) + * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp ) + * The mbedtls_internal_ecp_grp_capable function should return 1 if the + * replacement functions implement arithmetic for the given group and 0 + * otherwise. + * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are + * called before and after each point operation and provide an opportunity to + * implement optimized set up and tear down instructions. + * + * Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and + * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac() + * function, but will use your mbedtls_internal_ecp_double_jac() if the group + * for the operation is supported by your implementation (i.e. your + * mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the + * group is not supported by your implementation, then the original mbed TLS + * implementation of ecp_double_jac() is used instead, unless this fallback + * behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case + * ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE). + * + * The function prototypes and the definition of mbedtls_ecp_group and + * mbedtls_ecp_point will not change based on MBEDTLS_ECP_INTERNAL_ALT, so your + * implementation of mbedtls_internal_ecp__function_name__ must be compatible + * with their definitions. + * + * Uncomment a macro to enable alternate implementation of the corresponding + * function. + */ +/* Required for all the functions in this section */ +//#define MBEDTLS_ECP_INTERNAL_ALT +/* Turn off software fallback for curves not supported in hardware */ +//#define MBEDTLS_ECP_NO_FALLBACK +/* Support for Weierstrass curves with Jacobi representation */ +//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT +//#define MBEDTLS_ECP_ADD_MIXED_ALT +//#define MBEDTLS_ECP_DOUBLE_JAC_ALT +//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT +//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT +/* Support for curves with Montgomery arithmetic */ +//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT +//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT +//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT + +/** + * \def MBEDTLS_ENTROPY_HARDWARE_ALT + * + * Uncomment this macro to let mbed TLS use your own implementation of a + * hardware entropy collector. + * + * Your function must be called \c mbedtls_hardware_poll(), have the same + * prototype as declared in library/entropy_poll.h, and accept NULL as first + * argument. + * + * Uncomment to use your own hardware entropy collector. + */ +#define MBEDTLS_ENTROPY_HARDWARE_ALT + +/** + * \def MBEDTLS_AES_ROM_TABLES + * + * Use precomputed AES tables stored in ROM. + * + * Uncomment this macro to use precomputed AES tables stored in ROM. + * Comment this macro to generate AES tables in RAM at runtime. + * + * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb + * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the + * initialization time before the first AES operation can be performed. + * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c + * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded + * performance if ROM access is slower than RAM access. + * + * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. + * + */ +//#define MBEDTLS_AES_ROM_TABLES + +/** + * \def MBEDTLS_AES_FEWER_TABLES + * + * Use less ROM/RAM for AES tables. + * + * Uncommenting this macro omits 75% of the AES tables from + * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES) + * by computing their values on the fly during operations + * (the tables are entry-wise rotations of one another). + * + * Tradeoff: Uncommenting this reduces the RAM / ROM footprint + * by ~6kb but at the cost of more arithmetic operations during + * runtime. Specifically, one has to compare 4 accesses within + * different tables to 4 accesses with additional arithmetic + * operations within the same table. The performance gain/loss + * depends on the system and memory details. + * + * This option is independent of \c MBEDTLS_AES_ROM_TABLES. + * + */ +//#define MBEDTLS_AES_FEWER_TABLES + +/** + * \def MBEDTLS_CAMELLIA_SMALL_MEMORY + * + * Use less ROM for the Camellia implementation (saves about 768 bytes). + * + * Uncomment this macro to use less memory for Camellia. + */ +//#define MBEDTLS_CAMELLIA_SMALL_MEMORY + +/** + * \def MBEDTLS_CHECK_RETURN_WARNING + * + * If this macro is defined, emit a compile-time warning if application code + * calls a function without checking its return value, but the return value + * should generally be checked in portable applications. + * + * This is only supported on platforms where #MBEDTLS_CHECK_RETURN is + * implemented. Otherwise this option has no effect. + * + * Uncomment to get warnings on using fallible functions without checking + * their return value. + * + * \note This feature is a work in progress. + * Warnings will be added to more functions in the future. + * + * \note A few functions are considered critical, and ignoring the return + * value of these functions will trigger a warning even if this + * macro is not defined. To completely disable return value check + * warnings, define #MBEDTLS_CHECK_RETURN with an empty expansion. + */ +//#define MBEDTLS_CHECK_RETURN_WARNING + +/** + * \def MBEDTLS_CIPHER_MODE_CBC + * + * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. + */ +#define MBEDTLS_CIPHER_MODE_CBC + +/** + * \def MBEDTLS_CIPHER_MODE_CFB + * + * Enable Cipher Feedback mode (CFB) for symmetric ciphers. + */ +#define MBEDTLS_CIPHER_MODE_CFB + +/** + * \def MBEDTLS_CIPHER_MODE_CTR + * + * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. + */ +#define MBEDTLS_CIPHER_MODE_CTR + +/** + * \def MBEDTLS_CIPHER_MODE_OFB + * + * Enable Output Feedback mode (OFB) for symmetric ciphers. + */ +#define MBEDTLS_CIPHER_MODE_OFB + +/** + * \def MBEDTLS_CIPHER_MODE_XTS + * + * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES. + */ +//#define MBEDTLS_CIPHER_MODE_XTS + +/** + * \def MBEDTLS_CIPHER_NULL_CIPHER + * + * Enable NULL cipher. + * Warning: Only do so when you know what you are doing. This allows for + * encryption or channels without any security! + * + * To enable the following ciphersuites: + * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA + * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA + * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA + * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 + * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 + * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA + * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 + * MBEDTLS_TLS_RSA_WITH_NULL_SHA + * MBEDTLS_TLS_RSA_WITH_NULL_MD5 + * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA + * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 + * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 + * MBEDTLS_TLS_PSK_WITH_NULL_SHA + * + * Uncomment this macro to enable the NULL cipher and ciphersuites + */ +//#define MBEDTLS_CIPHER_NULL_CIPHER + +/** + * \def MBEDTLS_CIPHER_PADDING_PKCS7 + * + * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for + * specific padding modes in the cipher layer with cipher modes that support + * padding (e.g. CBC) + * + * If you disable all padding modes, only full blocks can be used with CBC. + * + * Enable padding modes in the cipher layer. + */ +#define MBEDTLS_CIPHER_PADDING_PKCS7 +#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS +#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN +#define MBEDTLS_CIPHER_PADDING_ZEROS + +/** \def MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + * + * Uncomment this macro to use a 128-bit key in the CTR_DRBG module. + * By default, CTR_DRBG uses a 256-bit key. + */ +#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + +/** + * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED + * + * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve + * module. By default all supported curves are enabled. + * + * Comment macros to disable the curve and functions for it + */ +/* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */ +#define MBEDTLS_ECP_DP_SECP192R1_ENABLED +#define MBEDTLS_ECP_DP_SECP224R1_ENABLED +#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +#define MBEDTLS_ECP_DP_SECP384R1_ENABLED +#define MBEDTLS_ECP_DP_SECP521R1_ENABLED +#define MBEDTLS_ECP_DP_SECP192K1_ENABLED +#define MBEDTLS_ECP_DP_SECP224K1_ENABLED +#define MBEDTLS_ECP_DP_SECP256K1_ENABLED +#define MBEDTLS_ECP_DP_BP256R1_ENABLED +//#define MBEDTLS_ECP_DP_BP384R1_ENABLED +//#define MBEDTLS_ECP_DP_BP512R1_ENABLED +/* Montgomery curves (supporting ECP) */ +#define MBEDTLS_ECP_DP_CURVE25519_ENABLED +//#define MBEDTLS_ECP_DP_CURVE448_ENABLED + +/** + * \def MBEDTLS_ECP_NIST_OPTIM + * + * Enable specific 'modulo p' routines for each NIST prime. + * Depending on the prime and architecture, makes operations 4 to 8 times + * faster on the corresponding curve. + * + * Comment this macro to disable NIST curves optimisation. + */ +#define MBEDTLS_ECP_NIST_OPTIM + +/** + * \def MBEDTLS_ECP_RESTARTABLE + * + * Enable "non-blocking" ECC operations that can return early and be resumed. + * + * This allows various functions to pause by returning + * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module, + * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in + * order to further progress and eventually complete their operation. This is + * controlled through mbedtls_ecp_set_max_ops() which limits the maximum + * number of ECC operations a function may perform before pausing; see + * mbedtls_ecp_set_max_ops() for more information. + * + * This is useful in non-threaded environments if you want to avoid blocking + * for too long on ECC (and, hence, X.509 or SSL/TLS) operations. + * + * Uncomment this macro to enable restartable ECC computations. + * + * \note This option only works with the default software implementation of + * elliptic curve functionality. It is incompatible with + * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT. + */ +//#define MBEDTLS_ECP_RESTARTABLE + +/** + * \def MBEDTLS_ECDSA_DETERMINISTIC + * + * Enable deterministic ECDSA (RFC 6979). + * Standard ECDSA is "fragile" in the sense that lack of entropy when signing + * may result in a compromise of the long-term signing key. This is avoided by + * the deterministic variant. + * + * Requires: MBEDTLS_HMAC_DRBG_C, MBEDTLS_ECDSA_C + * + * Comment this macro to disable deterministic ECDSA. + */ +#define MBEDTLS_ECDSA_DETERMINISTIC + +/** + * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED + * + * Enable the PSK based ciphersuite modes in SSL / TLS. + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 + */ +#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED + * + * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_DHM_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA + * + * \warning Using DHE constitutes a security risk as it + * is not possible to validate custom DH parameters. + * If possible, it is recommended users should consider + * preferring other methods of key exchange. + * See dhm.h for more details. + * + */ +// #define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED + * + * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_ECDH_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + */ +#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED + * + * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, + * MBEDTLS_X509_CRT_PARSE_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 + */ +#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED + * + * Enable the RSA-only based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, + * MBEDTLS_X509_CRT_PARSE_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + */ +#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED + * + * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, + * MBEDTLS_X509_CRT_PARSE_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + * + * \warning Using DHE constitutes a security risk as it + * is not possible to validate custom DH parameters. + * If possible, it is recommended users should consider + * preferring other methods of key exchange. + * See dhm.h for more details. + * + */ +#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED + * + * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, + * MBEDTLS_X509_CRT_PARSE_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + */ +#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + * + * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 + */ +#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + * + * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 + */ +#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + * + * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_X509_CRT_PARSE_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 + */ +#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED + * + * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. + * + * \warning This is currently experimental. EC J-PAKE support is based on the + * Thread v1.0.0 specification; incompatible changes to the specification + * might still happen. For this reason, this is disabled by default. + * + * Requires: MBEDTLS_ECJPAKE_C + * MBEDTLS_SHA256_C + * MBEDTLS_ECP_DP_SECP256R1_ENABLED + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 + */ +#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED + +/** + * \def MBEDTLS_PK_PARSE_EC_EXTENDED + * + * Enhance support for reading EC keys using variants of SEC1 not allowed by + * RFC 5915 and RFC 5480. + * + * Currently this means parsing the SpecifiedECDomain choice of EC + * parameters (only known groups are supported, not arbitrary domains, to + * avoid validation issues). + * + * Disable if you only need to support RFC 5915 + 5480 key formats. + */ +#define MBEDTLS_PK_PARSE_EC_EXTENDED + +/** + * \def MBEDTLS_ERROR_STRERROR_DUMMY + * + * Enable a dummy error function to make use of mbedtls_strerror() in + * third party libraries easier when MBEDTLS_ERROR_C is disabled + * (no effect when MBEDTLS_ERROR_C is enabled). + * + * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're + * not using mbedtls_strerror() or error_strerror() in your application. + * + * Disable if you run into name conflicts and want to really remove the + * mbedtls_strerror() + */ +#define MBEDTLS_ERROR_STRERROR_DUMMY + +/** + * \def MBEDTLS_GENPRIME + * + * Enable the prime-number generation code. + * + * Requires: MBEDTLS_BIGNUM_C + */ +#define MBEDTLS_GENPRIME + +/** + * \def MBEDTLS_FS_IO + * + * Enable functions that use the filesystem. + */ +//#define MBEDTLS_FS_IO + +/** + * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES + * + * Do not add default entropy sources in mbedtls_entropy_init(). + * + * This is useful to have more control over the added entropy sources in an + * application. + * + * Uncomment this macro to prevent loading of default entropy functions. + */ +//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES + +/** + * \def MBEDTLS_NO_PLATFORM_ENTROPY + * + * Do not use built-in platform entropy functions. + * This is useful if your platform does not support + * standards like the /dev/urandom or Windows CryptoAPI. + * + * Uncomment this macro to disable the built-in platform entropy functions. + */ +#define MBEDTLS_NO_PLATFORM_ENTROPY + +/** + * \def MBEDTLS_ENTROPY_FORCE_SHA256 + * + * Force the entropy accumulator to use a SHA-256 accumulator instead of the + * default SHA-512 based one (if both are available). + * + * Requires: MBEDTLS_SHA256_C + * + * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option + * if you have performance concerns. + * + * This option is only useful if both MBEDTLS_SHA256_C and + * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. + */ +#define MBEDTLS_ENTROPY_FORCE_SHA256 + +/** + * \def MBEDTLS_ENTROPY_NV_SEED + * + * Enable the non-volatile (NV) seed file-based entropy source. + * (Also enables the NV seed read/write functions in the platform layer) + * + * This is crucial (if not required) on systems that do not have a + * cryptographic entropy source (in hardware or kernel) available. + * + * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C + * + * \note The read/write functions that are used by the entropy source are + * determined in the platform layer, and can be modified at runtime and/or + * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. + * + * \note If you use the default implementation functions that read a seedfile + * with regular fopen(), please make sure you make a seedfile with the + * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at + * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from + * and written to or you will get an entropy source error! The default + * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE + * bytes from the file. + * + * \note The entropy collector will write to the seed file before entropy is + * given to an external source, to update it. + */ +//#define MBEDTLS_ENTROPY_NV_SEED + +/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER + * + * Enable key identifiers that encode a key owner identifier. + * + * The owner of a key is identified by a value of type ::mbedtls_key_owner_id_t + * which is currently hard-coded to be int32_t. + * + * Note that this option is meant for internal use only and may be removed + * without notice. It is incompatible with MBEDTLS_USE_PSA_CRYPTO. + */ +//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER + +/** + * \def MBEDTLS_MEMORY_DEBUG + * + * Enable debugging of buffer allocator memory issues. Automatically prints + * (to stderr) all (fatal) messages on memory allocation issues. Enables + * function for 'debug output' of allocated memory. + * + * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C + * + * Uncomment this macro to let the buffer allocator print out error messages. + */ +//#define MBEDTLS_MEMORY_DEBUG + +/** + * \def MBEDTLS_MEMORY_BACKTRACE + * + * Include backtrace information with each allocated block. + * + * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C + * GLIBC-compatible backtrace() an backtrace_symbols() support + * + * Uncomment this macro to include backtrace information + */ +//#define MBEDTLS_MEMORY_BACKTRACE + +/** + * \def MBEDTLS_PK_RSA_ALT_SUPPORT + * + * Support external private RSA keys (eg from a HSM) in the PK layer. + * + * Comment this macro to disable support for external private RSA keys. + */ +//#define MBEDTLS_PK_RSA_ALT_SUPPORT + +/** + * \def MBEDTLS_PKCS1_V15 + * + * Enable support for PKCS#1 v1.5 encoding. + * + * Requires: MBEDTLS_RSA_C + * + * This enables support for PKCS#1 v1.5 operations. + */ +#define MBEDTLS_PKCS1_V15 + +/** + * \def MBEDTLS_PKCS1_V21 + * + * Enable support for PKCS#1 v2.1 encoding. + * + * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C + * + * This enables support for RSAES-OAEP and RSASSA-PSS operations. + */ +#define MBEDTLS_PKCS1_V21 + +/** \def MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS + * + * Enable support for platform built-in keys. If you enable this feature, + * you must implement the function mbedtls_psa_platform_get_builtin_key(). + * See the documentation of that function for more information. + * + * Built-in keys are typically derived from a hardware unique key or + * stored in a secure element. + * + * Requires: MBEDTLS_PSA_CRYPTO_C. + * + * \warning This interface is experimental and may change or be removed + * without notice. + */ +//#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS + +/** \def MBEDTLS_PSA_CRYPTO_CLIENT + * + * Enable support for PSA crypto client. + * + * \note This option allows to include the code necessary for a PSA + * crypto client when the PSA crypto implementation is not included in + * the library (MBEDTLS_PSA_CRYPTO_C disabled). The code included is the + * code to set and get PSA key attributes. + * The development of PSA drivers partially relying on the library to + * fulfill the hardware gaps is another possible usage of this option. + * + * \warning This interface is experimental and may change or be removed + * without notice. + */ +//#define MBEDTLS_PSA_CRYPTO_CLIENT + +/** \def MBEDTLS_PSA_CRYPTO_DRIVERS + * + * Enable support for the experimental PSA crypto driver interface. + * + * Requires: MBEDTLS_PSA_CRYPTO_C + * + * \warning This interface is experimental and may change or be removed + * without notice. + */ +//#define MBEDTLS_PSA_CRYPTO_DRIVERS + +/** \def MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG + * + * Make the PSA Crypto module use an external random generator provided + * by a driver, instead of Mbed TLS's entropy and DRBG modules. + * + * \note This random generator must deliver random numbers with cryptographic + * quality and high performance. It must supply unpredictable numbers + * with a uniform distribution. The implementation of this function + * is responsible for ensuring that the random generator is seeded + * with sufficient entropy. If you have a hardware TRNG which is slow + * or delivers non-uniform output, declare it as an entropy source + * with mbedtls_entropy_add_source() instead of enabling this option. + * + * If you enable this option, you must configure the type + * ::mbedtls_psa_external_random_context_t in psa/crypto_platform.h + * and define a function called mbedtls_psa_external_get_random() + * with the following prototype: + * ``` + * psa_status_t mbedtls_psa_external_get_random( + * mbedtls_psa_external_random_context_t *context, + * uint8_t *output, size_t output_size, size_t *output_length); + * ); + * ``` + * The \c context value is initialized to 0 before the first call. + * The function must fill the \c output buffer with \p output_size bytes + * of random data and set \c *output_length to \p output_size. + * + * Requires: MBEDTLS_PSA_CRYPTO_C + * + * \warning If you enable this option, code that uses the PSA cryptography + * interface will not use any of the entropy sources set up for + * the entropy module, nor the NV seed that MBEDTLS_ENTROPY_NV_SEED + * enables. + * + * \note This option is experimental and may be removed without notice. + */ +//#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG + +/** + * \def MBEDTLS_PSA_CRYPTO_SPM + * + * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure + * Partition Manager) integration which separates the code into two parts: a + * NSPE (Non-Secure Process Environment) and an SPE (Secure Process + * Environment). + * + * Module: library/psa_crypto.c + * Requires: MBEDTLS_PSA_CRYPTO_C + * + */ +//#define MBEDTLS_PSA_CRYPTO_SPM + +/** + * \def MBEDTLS_PSA_INJECT_ENTROPY + * + * Enable support for entropy injection at first boot. This feature is + * required on systems that do not have a built-in entropy source (TRNG). + * This feature is currently not supported on systems that have a built-in + * entropy source. + * + * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED + * + */ +//#define MBEDTLS_PSA_INJECT_ENTROPY + +/** + * \def MBEDTLS_RSA_NO_CRT + * + * Do not use the Chinese Remainder Theorem + * for the RSA private operation. + * + * Uncomment this macro to disable the use of CRT in RSA. + * + */ +//#define MBEDTLS_RSA_NO_CRT + +/** + * \def MBEDTLS_SELF_TEST + * + * Enable the checkup functions (*_self_test). + */ +//#define MBEDTLS_SELF_TEST + +/** + * \def MBEDTLS_SHA256_SMALLER + * + * Enable an implementation of SHA-256 that has lower ROM footprint but also + * lower performance. + * + * The default implementation is meant to be a reasonnable compromise between + * performance and size. This version optimizes more aggressively for size at + * the expense of performance. Eg on Cortex-M4 it reduces the size of + * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about + * 30%. + * + * Uncomment to enable the smaller implementation of SHA256. + */ +//#define MBEDTLS_SHA256_SMALLER + +/** + * \def MBEDTLS_SHA512_SMALLER + * + * Enable an implementation of SHA-512 that has lower ROM footprint but also + * lower performance. + * + * Uncomment to enable the smaller implementation of SHA512. + */ +//#define MBEDTLS_SHA512_SMALLER + +/** + * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES + * + * Enable sending of alert messages in case of encountered errors as per RFC. + * If you choose not to send the alert messages, mbed TLS can still communicate + * with other servers, only debugging of failures is harder. + * + * The advantage of not sending alert messages, is that no information is given + * about reasons for failures thus preventing adversaries of gaining intel. + * + * Enable sending of all alert messages + */ +#define MBEDTLS_SSL_ALL_ALERT_MESSAGES + +/** + * \def MBEDTLS_SSL_DTLS_CONNECTION_ID + * + * Enable support for the DTLS Connection ID extension + * (version draft-ietf-tls-dtls-connection-id-05, + * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) + * which allows to identify DTLS connections across changes + * in the underlying transport. + * + * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`, + * `mbedtls_ssl_get_peer_cid()` and `mbedtls_ssl_conf_cid()`. + * See the corresponding documentation for more information. + * + * \warning The Connection ID extension is still in draft state. + * We make no stability promises for the availability + * or the shape of the API controlled by this option. + * + * The maximum lengths of outgoing and incoming CIDs can be configured + * through the options + * - MBEDTLS_SSL_CID_OUT_LEN_MAX + * - MBEDTLS_SSL_CID_IN_LEN_MAX. + * + * Requires: MBEDTLS_SSL_PROTO_DTLS + * + * Uncomment to enable the Connection ID extension. + */ +//#define MBEDTLS_SSL_DTLS_CONNECTION_ID + +/** + * \def MBEDTLS_SSL_ASYNC_PRIVATE + * + * Enable asynchronous external private key operations in SSL. This allows + * you to configure an SSL connection to call an external cryptographic + * module to perform private key operations instead of performing the + * operation inside the library. + * + */ +//#define MBEDTLS_SSL_ASYNC_PRIVATE + +/** + * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION + * + * Enable serialization of the TLS context structures, through use of the + * functions mbedtls_ssl_context_save() and mbedtls_ssl_context_load(). + * + * This pair of functions allows one side of a connection to serialize the + * context associated with the connection, then free or re-use that context + * while the serialized state is persisted elsewhere, and finally deserialize + * that state to a live context for resuming read/write operations on the + * connection. From a protocol perspective, the state of the connection is + * unaffected, in particular this is entirely transparent to the peer. + * + * Note: this is distinct from TLS session resumption, which is part of the + * protocol and fully visible by the peer. TLS session resumption enables + * establishing new connections associated to a saved session with shorter, + * lighter handshakes, while context serialization is a local optimization in + * handling a single, potentially long-lived connection. + * + * Enabling these APIs makes some SSL structures larger, as 64 extra bytes are + * saved after the handshake to allow for more efficient serialization, so if + * you don't need this feature you'll save RAM by disabling it. + * + * Comment to disable the context serialization APIs. + */ +#define MBEDTLS_SSL_CONTEXT_SERIALIZATION + +/** + * \def MBEDTLS_SSL_DEBUG_ALL + * + * Enable the debug messages in SSL module for all issues. + * Debug messages have been disabled in some places to prevent timing + * attacks due to (unbalanced) debugging function calls. + * + * If you need all error reporting you should enable this during debugging, + * but remove this for production servers that should log as well. + * + * Uncomment this macro to report all debug messages on errors introducing + * a timing side-channel. + * + */ +//#define MBEDTLS_SSL_DEBUG_ALL + +/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC + * + * Enable support for Encrypt-then-MAC, RFC 7366. + * + * This allows peers that both support it to use a more robust protection for + * ciphersuites using CBC, providing deep resistance against timing attacks + * on the padding or underlying cipher. + * + * This only affects CBC ciphersuites, and is useless if none is defined. + * + * Requires: MBEDTLS_SSL_PROTO_TLS1_2 + * + * Comment this macro to disable support for Encrypt-then-MAC + */ +#define MBEDTLS_SSL_ENCRYPT_THEN_MAC + +/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET + * + * Enable support for RFC 7627: Session Hash and Extended Master Secret + * Extension. + * + * This was introduced as "the proper fix" to the Triple Handshake familiy of + * attacks, but it is recommended to always use it (even if you disable + * renegotiation), since it actually fixes a more fundamental issue in the + * original SSL/TLS design, and has implications beyond Triple Handshake. + * + * Requires: MBEDTLS_SSL_PROTO_TLS1_2 + * + * Comment this macro to disable support for Extended Master Secret. + */ +#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET + +/** + * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE + * + * This option controls the availability of the API mbedtls_ssl_get_peer_cert() + * giving access to the peer's certificate after completion of the handshake. + * + * Unless you need mbedtls_ssl_peer_cert() in your application, it is + * recommended to disable this option for reduced RAM usage. + * + * \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still + * defined, but always returns \c NULL. + * + * \note This option has no influence on the protection against the + * triple handshake attack. Even if it is disabled, Mbed TLS will + * still ensure that certificates do not change during renegotiation, + * for exaple by keeping a hash of the peer's certificate. + * + * Comment this macro to disable storing the peer's certificate + * after the handshake. + */ +#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE + +/** + * \def MBEDTLS_SSL_RENEGOTIATION + * + * Enable support for TLS renegotiation. + * + * The two main uses of renegotiation are (1) refresh keys on long-lived + * connections and (2) client authentication after the initial handshake. + * If you don't need renegotiation, it's probably better to disable it, since + * it has been associated with security issues in the past and is easy to + * misuse/misunderstand. + * + * Comment this to disable support for renegotiation. + * + * \note Even if this option is disabled, both client and server are aware + * of the Renegotiation Indication Extension (RFC 5746) used to + * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1). + * (See \c mbedtls_ssl_conf_legacy_renegotiation for the + * configuration of this extension). + * + */ +#define MBEDTLS_SSL_RENEGOTIATION + +/** + * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH + * + * Enable support for RFC 6066 max_fragment_length extension in SSL. + * + * Comment this macro to disable support for the max_fragment_length extension + */ +#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH + +/** + * \def MBEDTLS_SSL_PROTO_TLS1_2 + * + * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). + * + * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C + * (Depends on ciphersuites) + * + * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 + */ +#define MBEDTLS_SSL_PROTO_TLS1_2 + +/** + * \def MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL + * + * This macro is used to selectively enable experimental parts + * of the code that contribute to the ongoing development of + * the prototype TLS 1.3 and DTLS 1.3 implementation, and provide + * no other purpose. + * + * \warning TLS 1.3 and DTLS 1.3 aren't yet supported in Mbed TLS, + * and no feature exposed through this macro is part of the + * public API. In particular, features under the control + * of this macro are experimental and don't come with any + * stability guarantees. + * + * Uncomment this macro to enable experimental and partial + * functionality specific to TLS 1.3. + */ +//#define MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL + +/** + * \def MBEDTLS_SSL_PROTO_DTLS + * + * Enable support for DTLS (all available versions). + * + * Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. + * + * Requires: MBEDTLS_SSL_PROTO_TLS1_2 + * + * Comment this macro to disable support for DTLS + */ +#define MBEDTLS_SSL_PROTO_DTLS + +/** + * \def MBEDTLS_SSL_ALPN + * + * Enable support for RFC 7301 Application Layer Protocol Negotiation. + * + * Comment this macro to disable support for ALPN. + */ +#define MBEDTLS_SSL_ALPN + +/** + * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY + * + * Enable support for the anti-replay mechanism in DTLS. + * + * Requires: MBEDTLS_SSL_TLS_C + * MBEDTLS_SSL_PROTO_DTLS + * + * \warning Disabling this is often a security risk! + * See mbedtls_ssl_conf_dtls_anti_replay() for details. + * + * Comment this to disable anti-replay in DTLS. + */ +#define MBEDTLS_SSL_DTLS_ANTI_REPLAY + +/** + * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY + * + * Enable support for HelloVerifyRequest on DTLS servers. + * + * This feature is highly recommended to prevent DTLS servers being used as + * amplifiers in DoS attacks against other hosts. It should always be enabled + * unless you know for sure amplification cannot be a problem in the + * environment in which your server operates. + * + * \warning Disabling this can ba a security risk! (see above) + * + * Requires: MBEDTLS_SSL_PROTO_DTLS + * + * Comment this to disable support for HelloVerifyRequest. + */ +#define MBEDTLS_SSL_DTLS_HELLO_VERIFY + +/** + * \def MBEDTLS_SSL_DTLS_SRTP + * + * Enable support for negotiation of DTLS-SRTP (RFC 5764) + * through the use_srtp extension. + * + * \note This feature provides the minimum functionality required + * to negotiate the use of DTLS-SRTP and to allow the derivation of + * the associated SRTP packet protection key material. + * In particular, the SRTP packet protection itself, as well as the + * demultiplexing of RTP and DTLS packets at the datagram layer + * (see Section 5 of RFC 5764), are not handled by this feature. + * Instead, after successful completion of a handshake negotiating + * the use of DTLS-SRTP, the extended key exporter API + * mbedtls_ssl_conf_export_keys_cb() should be used to implement + * the key exporter described in Section 4.2 of RFC 5764 and RFC 5705 + * (this is implemented in the SSL example programs). + * The resulting key should then be passed to an SRTP stack. + * + * Setting this option enables the runtime API + * mbedtls_ssl_conf_dtls_srtp_protection_profiles() + * through which the supported DTLS-SRTP protection + * profiles can be configured. You must call this API at + * runtime if you wish to negotiate the use of DTLS-SRTP. + * + * Requires: MBEDTLS_SSL_PROTO_DTLS + * + * Uncomment this to enable support for use_srtp extension. + */ +//#define MBEDTLS_SSL_DTLS_SRTP + +/** + * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE + * + * Enable server-side support for clients that reconnect from the same port. + * + * Some clients unexpectedly close the connection and try to reconnect using the + * same source port. This needs special support from the server to handle the + * new connection securely, as described in section 4.2.8 of RFC 6347. This + * flag enables that support. + * + * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY + * + * Comment this to disable support for clients reusing the source port. + */ +#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE + +/** + * \def MBEDTLS_SSL_SESSION_TICKETS + * + * Enable support for RFC 5077 session tickets in SSL. + * Client-side, provides full support for session tickets (maintenance of a + * session store remains the responsibility of the application, though). + * Server-side, you also need to provide callbacks for writing and parsing + * tickets, including authenticated encryption and key management. Example + * callbacks are provided by MBEDTLS_SSL_TICKET_C. + * + * Comment this macro to disable support for SSL session tickets + */ +#define MBEDTLS_SSL_SESSION_TICKETS + +/** + * \def MBEDTLS_SSL_SERVER_NAME_INDICATION + * + * Enable support for RFC 6066 server name indication (SNI) in SSL. + * + * Requires: MBEDTLS_X509_CRT_PARSE_C + * + * Comment this macro to disable support for server name indication in SSL + */ +#define MBEDTLS_SSL_SERVER_NAME_INDICATION + +/** + * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH + * + * When this option is enabled, the SSL buffer will be resized automatically + * based on the negotiated maximum fragment length in each direction. + * + * Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH + */ +//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH + +/** + * \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN + * + * Enable testing of the constant-flow nature of some sensitive functions with + * clang's MemorySanitizer. This causes some existing tests to also test + * this non-functional property of the code under test. + * + * This setting requires compiling with clang -fsanitize=memory. The test + * suites can then be run normally. + * + * \warning This macro is only used for extended testing; it is not considered + * part of the library's API, so it may change or disappear at any time. + * + * Uncomment to enable testing of the constant-flow nature of selected code. + */ +//#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN + +/** + * \def MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND + * + * Enable testing of the constant-flow nature of some sensitive functions with + * valgrind's memcheck tool. This causes some existing tests to also test + * this non-functional property of the code under test. + * + * This setting requires valgrind headers for building, and is only useful for + * testing if the tests suites are run with valgrind's memcheck. This can be + * done for an individual test suite with 'valgrind ./test_suite_xxx', or when + * using CMake, this can be done for all test suites with 'make memcheck'. + * + * \warning This macro is only used for extended testing; it is not considered + * part of the library's API, so it may change or disappear at any time. + * + * Uncomment to enable testing of the constant-flow nature of selected code. + */ +//#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND + +/** + * \def MBEDTLS_TEST_HOOKS + * + * Enable features for invasive testing such as introspection functions and + * hooks for fault injection. This enables additional unit tests. + * + * Merely enabling this feature should not change the behavior of the product. + * It only adds new code, and new branching points where the default behavior + * is the same as when this feature is disabled. + * However, this feature increases the attack surface: there is an added + * risk of vulnerabilities, and more gadgets that can make exploits easier. + * Therefore this feature must never be enabled in production. + * + * See `docs/architecture/testing/mbed-crypto-invasive-testing.md` for more + * information. + * + * Uncomment to enable invasive tests. + */ +//#define MBEDTLS_TEST_HOOKS + +/** + * \def MBEDTLS_THREADING_ALT + * + * Provide your own alternate threading implementation. + * + * Requires: MBEDTLS_THREADING_C + * + * Uncomment this to allow your own alternate threading implementation. + */ +#define MBEDTLS_THREADING_ALT + +/** + * \def MBEDTLS_THREADING_PTHREAD + * + * Enable the pthread wrapper layer for the threading layer. + * + * Requires: MBEDTLS_THREADING_C + * + * Uncomment this to enable pthread mutexes. + */ +//#define MBEDTLS_THREADING_PTHREAD + +/** + * \def MBEDTLS_USE_PSA_CRYPTO + * + * Make the X.509 and TLS library use PSA for cryptographic operations, and + * enable new APIs for using keys handled by PSA Crypto. + * + * \note Development of this option is currently in progress, and parts of Mbed + * TLS's X.509 and TLS modules are not ported to PSA yet. However, these parts + * will still continue to work as usual, so enabling this option should not + * break backwards compatibility. + * + * \note See docs/use-psa-crypto.md for a complete description of what this + * option currently does, and of parts that are not affected by it so far. + * + * \warning This option enables new Mbed TLS APIs which are currently + * considered experimental and may change in incompatible ways at any time. + * That is, the APIs enabled by this option are not covered by the usual + * promises of API stability. + * + * Requires: MBEDTLS_PSA_CRYPTO_C. + * + * Uncomment this to enable internal use of PSA Crypto and new associated APIs. + */ +//#define MBEDTLS_USE_PSA_CRYPTO + +/** + * \def MBEDTLS_PSA_CRYPTO_CONFIG + * + * This setting allows support for cryptographic mechanisms through the PSA + * API to be configured separately from support through the mbedtls API. + * + * Uncomment this to enable use of PSA Crypto configuration settings which + * can be found in include/psa/crypto_config.h. + * + * This feature is still experimental and is not ready for production since + * it is not completed. + */ +//#define MBEDTLS_PSA_CRYPTO_CONFIG + +/** + * \def MBEDTLS_VERSION_FEATURES + * + * Allow run-time checking of compile-time enabled features. Thus allowing users + * to check at run-time if the library is for instance compiled with threading + * support via mbedtls_version_check_feature(). + * + * Requires: MBEDTLS_VERSION_C + * + * Comment this to disable run-time checking and save ROM space + */ +#define MBEDTLS_VERSION_FEATURES + +/** + * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK + * + * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()` + * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure + * the set of trusted certificates through a callback instead of a linked + * list. + * + * This is useful for example in environments where a large number of trusted + * certificates is present and storing them in a linked list isn't efficient + * enough, or when the set of trusted certificates changes frequently. + * + * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and + * `mbedtls_ssl_conf_ca_cb()` for more information. + * + * Uncomment to enable trusted certificate callbacks. + */ +//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK + +/** + * \def MBEDTLS_X509_REMOVE_INFO + * + * Disable mbedtls_x509_*_info() and related APIs. + * + * Uncomment to omit mbedtls_x509_*_info(), as well as mbedtls_debug_print_crt() + * and other functions/constants only used by these functions, thus reducing + * the code footprint by several KB. + */ +//#define MBEDTLS_X509_REMOVE_INFO + +/** + * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT + * + * Enable parsing and verification of X.509 certificates, CRLs and CSRS + * signed with RSASSA-PSS (aka PKCS#1 v2.1). + * + * Comment this macro to disallow using RSASSA-PSS in certificates. + */ +#define MBEDTLS_X509_RSASSA_PSS_SUPPORT +/* \} name SECTION: mbed TLS feature support */ + +/** + * \name SECTION: mbed TLS modules + * + * This section enables or disables entire modules in mbed TLS + * \{ + */ + +/** + * \def MBEDTLS_AESNI_C + * + * Enable AES-NI support on x86-64. + * + * Module: library/aesni.c + * Caller: library/aes.c + * + * Requires: MBEDTLS_HAVE_ASM + * + * This modules adds support for the AES-NI instructions on x86-64 + */ +#define MBEDTLS_AESNI_C + +/** + * \def MBEDTLS_AES_C + * + * Enable the AES block cipher. + * + * Module: library/aes.c + * Caller: library/cipher.c + * library/pem.c + * library/ctr_drbg.c + * + * This module enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA + * + * PEM_PARSE uses AES for decrypting encrypted keys. + */ +#define MBEDTLS_AES_C + +/** + * \def MBEDTLS_ASN1_PARSE_C + * + * Enable the generic ASN1 parser. + * + * Module: library/asn1.c + * Caller: library/x509.c + * library/dhm.c + * library/pkcs12.c + * library/pkcs5.c + * library/pkparse.c + */ +#define MBEDTLS_ASN1_PARSE_C + +/** + * \def MBEDTLS_ASN1_WRITE_C + * + * Enable the generic ASN1 writer. + * + * Module: library/asn1write.c + * Caller: library/ecdsa.c + * library/pkwrite.c + * library/x509_create.c + * library/x509write_crt.c + * library/x509write_csr.c + */ +#define MBEDTLS_ASN1_WRITE_C + +/** + * \def MBEDTLS_BASE64_C + * + * Enable the Base64 module. + * + * Module: library/base64.c + * Caller: library/pem.c + * + * This module is required for PEM support (required by X.509). + */ +#define MBEDTLS_BASE64_C + +/** + * \def MBEDTLS_BIGNUM_C + * + * Enable the multi-precision integer library. + * + * Module: library/bignum.c + * Caller: library/dhm.c + * library/ecp.c + * library/ecdsa.c + * library/rsa.c + * library/rsa_alt_helpers.c + * library/ssl_tls.c + * + * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. + */ +#define MBEDTLS_BIGNUM_C + +/** + * \def MBEDTLS_CAMELLIA_C + * + * Enable the Camellia block cipher. + * + * Module: library/camellia.c + * Caller: library/cipher.c + * + * This module enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 + */ +#define MBEDTLS_CAMELLIA_C + +/** + * \def MBEDTLS_ARIA_C + * + * Enable the ARIA block cipher. + * + * Module: library/aria.c + * Caller: library/cipher.c + * + * This module enables the following ciphersuites (if other requisites are + * enabled as well): + * + * MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 + */ +//#define MBEDTLS_ARIA_C + +/** + * \def MBEDTLS_CCM_C + * + * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. + * + * Module: library/ccm.c + * + * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C + * + * This module enables the AES-CCM ciphersuites, if other requisites are + * enabled as well. + */ +#define MBEDTLS_CCM_C + +/** + * \def MBEDTLS_CHACHA20_C + * + * Enable the ChaCha20 stream cipher. + * + * Module: library/chacha20.c + */ +#define MBEDTLS_CHACHA20_C + +/** + * \def MBEDTLS_CHACHAPOLY_C + * + * Enable the ChaCha20-Poly1305 AEAD algorithm. + * + * Module: library/chachapoly.c + * + * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C + */ +#define MBEDTLS_CHACHAPOLY_C + +/** + * \def MBEDTLS_CIPHER_C + * + * Enable the generic cipher layer. + * + * Module: library/cipher.c + * Caller: library/ssl_tls.c + * + * Uncomment to enable generic cipher wrappers. + */ +#define MBEDTLS_CIPHER_C + +/** + * \def MBEDTLS_CMAC_C + * + * Enable the CMAC (Cipher-based Message Authentication Code) mode for block + * ciphers. + * + * \note When #MBEDTLS_CMAC_ALT is active, meaning that the underlying + * implementation of the CMAC algorithm is provided by an alternate + * implementation, that alternate implementation may opt to not support + * AES-192 or 3DES as underlying block ciphers for the CMAC operation. + * + * Module: library/cmac.c + * + * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C + * + */ +#define MBEDTLS_CMAC_C + +/** + * \def MBEDTLS_CTR_DRBG_C + * + * Enable the CTR_DRBG AES-based random generator. + * The CTR_DRBG generator uses AES-256 by default. + * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above. + * + * \note To achieve a 256-bit security strength with CTR_DRBG, + * you must use AES-256 *and* use sufficient entropy. + * See ctr_drbg.h for more details. + * + * Module: library/ctr_drbg.c + * Caller: + * + * Requires: MBEDTLS_AES_C + * + * This module provides the CTR_DRBG AES random number generator. + */ +#define MBEDTLS_CTR_DRBG_C + +/** + * \def MBEDTLS_DEBUG_C + * + * Enable the debug functions. + * + * Module: library/debug.c + * Caller: library/ssl_cli.c + * library/ssl_srv.c + * library/ssl_tls.c + * + * This module provides debugging functions. + */ +//#define MBEDTLS_DEBUG_C + +/** + * \def MBEDTLS_DES_C + * + * Enable the DES block cipher. + * + * Module: library/des.c + * Caller: library/pem.c + * library/cipher.c + * + * PEM_PARSE uses DES/3DES for decrypting encrypted keys. + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers instead. + */ +#define MBEDTLS_DES_C + +/** + * \def MBEDTLS_DHM_C + * + * Enable the Diffie-Hellman-Merkle module. + * + * Module: library/dhm.c + * Caller: library/ssl_cli.c + * library/ssl_srv.c + * + * This module is used by the following key exchanges: + * DHE-RSA, DHE-PSK + * + * \warning Using DHE constitutes a security risk as it + * is not possible to validate custom DH parameters. + * If possible, it is recommended users should consider + * preferring other methods of key exchange. + * See dhm.h for more details. + * + */ +#define MBEDTLS_DHM_C + +/** + * \def MBEDTLS_ECDH_C + * + * Enable the elliptic curve Diffie-Hellman library. + * + * Module: library/ecdh.c + * Caller: library/ssl_cli.c + * library/ssl_srv.c + * + * This module is used by the following key exchanges: + * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK + * + * Requires: MBEDTLS_ECP_C + */ +#define MBEDTLS_ECDH_C + +/** + * \def MBEDTLS_ECDSA_C + * + * Enable the elliptic curve DSA library. + * + * Module: library/ecdsa.c + * Caller: + * + * This module is used by the following key exchanges: + * ECDHE-ECDSA + * + * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C, + * and at least one MBEDTLS_ECP_DP_XXX_ENABLED for a + * short Weierstrass curve. + */ +#define MBEDTLS_ECDSA_C + +/** + * \def MBEDTLS_ECJPAKE_C + * + * Enable the elliptic curve J-PAKE library. + * + * \note EC J-PAKE support is based on the Thread v1.0.0 specification. + * It has not been reviewed for compliance with newer standards such as + * Thread v1.1 or RFC 8236. + * + * Module: library/ecjpake.c + * Caller: + * + * This module is used by the following key exchanges: + * ECJPAKE + * + * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C + */ +#define MBEDTLS_ECJPAKE_C + +/** + * \def MBEDTLS_ECP_C + * + * Enable the elliptic curve over GF(p) library. + * + * Module: library/ecp.c + * Caller: library/ecdh.c + * library/ecdsa.c + * library/ecjpake.c + * + * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED + */ +#define MBEDTLS_ECP_C + +/** + * \def MBEDTLS_ENTROPY_C + * + * Enable the platform-specific entropy code. + * + * Module: library/entropy.c + * Caller: + * + * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C + * + * This module provides a generic entropy pool + */ +#define MBEDTLS_ENTROPY_C + +/** + * \def MBEDTLS_ERROR_C + * + * Enable error code to error string conversion. + * + * Module: library/error.c + * Caller: + * + * This module enables mbedtls_strerror(). + */ +#define MBEDTLS_ERROR_C + +/** + * \def MBEDTLS_GCM_C + * + * Enable the Galois/Counter Mode (GCM). + * + * Module: library/gcm.c + * + * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_ARIA_C + * + * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other + * requisites are enabled as well. + */ +//#define MBEDTLS_GCM_C + +/** + * \def MBEDTLS_HKDF_C + * + * Enable the HKDF algorithm (RFC 5869). + * + * Module: library/hkdf.c + * Caller: + * + * Requires: MBEDTLS_MD_C + * + * This module adds support for the Hashed Message Authentication Code + * (HMAC)-based key derivation function (HKDF). + */ +#define MBEDTLS_HKDF_C + +/** + * \def MBEDTLS_HMAC_DRBG_C + * + * Enable the HMAC_DRBG random generator. + * + * Module: library/hmac_drbg.c + * Caller: + * + * Requires: MBEDTLS_MD_C + * + * Uncomment to enable the HMAC_DRBG random number geerator. + */ +#define MBEDTLS_HMAC_DRBG_C + +/** + * \def MBEDTLS_NIST_KW_C + * + * Enable the Key Wrapping mode for 128-bit block ciphers, + * as defined in NIST SP 800-38F. Only KW and KWP modes + * are supported. At the moment, only AES is approved by NIST. + * + * Module: library/nist_kw.c + * + * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C + */ +#define MBEDTLS_NIST_KW_C + +/** + * \def MBEDTLS_MD_C + * + * Enable the generic message digest layer. + * + * Module: library/md.c + * Caller: + * + * Uncomment to enable generic message digest wrappers. + */ +#define MBEDTLS_MD_C + +/** + * \def MBEDTLS_MD5_C + * + * Enable the MD5 hash algorithm. + * + * Module: library/md5.c + * Caller: library/md.c + * library/pem.c + * library/ssl_tls.c + * + * This module is required for TLS 1.2 depending on the handshake parameters. + * Further, it is used for checking MD5-signed certificates, and for PBKDF1 + * when decrypting PEM-encoded encrypted keys. + * + * \warning MD5 is considered a weak message digest and its use constitutes a + * security risk. If possible, we recommend avoiding dependencies on + * it, and considering stronger message digests instead. + * + */ +//#define MBEDTLS_MD5_C + +/** + * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C + * + * Enable the buffer allocator implementation that makes use of a (stack) + * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() + * calls) + * + * Module: library/memory_buffer_alloc.c + * + * Requires: MBEDTLS_PLATFORM_C + * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) + * + * Enable this module to enable the buffer memory allocator. + */ +#define MBEDTLS_MEMORY_BUFFER_ALLOC_C + +/** + * \def MBEDTLS_NET_C + * + * Enable the TCP and UDP over IPv6/IPv4 networking routines. + * + * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) + * and Windows. For other platforms, you'll want to disable it, and write your + * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). + * + * \note See also our Knowledge Base article about porting to a new + * environment: + * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS + * + * Module: library/net_sockets.c + * + * This module provides networking routines. + */ +//#define MBEDTLS_NET_C + +/** + * \def MBEDTLS_OID_C + * + * Enable the OID database. + * + * Module: library/oid.c + * Caller: library/asn1write.c + * library/pkcs5.c + * library/pkparse.c + * library/pkwrite.c + * library/rsa.c + * library/x509.c + * library/x509_create.c + * library/x509_crl.c + * library/x509_crt.c + * library/x509_csr.c + * library/x509write_crt.c + * library/x509write_csr.c + * + * This modules translates between OIDs and internal values. + */ +#define MBEDTLS_OID_C + +/** + * \def MBEDTLS_PADLOCK_C + * + * Enable VIA Padlock support on x86. + * + * Module: library/padlock.c + * Caller: library/aes.c + * + * Requires: MBEDTLS_HAVE_ASM + * + * This modules adds support for the VIA PadLock on x86. + */ +//#define MBEDTLS_PADLOCK_C + +/** + * \def MBEDTLS_PEM_PARSE_C + * + * Enable PEM decoding / parsing. + * + * Module: library/pem.c + * Caller: library/dhm.c + * library/pkparse.c + * library/x509_crl.c + * library/x509_crt.c + * library/x509_csr.c + * + * Requires: MBEDTLS_BASE64_C + * + * This modules adds support for decoding / parsing PEM files. + */ +#define MBEDTLS_PEM_PARSE_C + +/** + * \def MBEDTLS_PEM_WRITE_C + * + * Enable PEM encoding / writing. + * + * Module: library/pem.c + * Caller: library/pkwrite.c + * library/x509write_crt.c + * library/x509write_csr.c + * + * Requires: MBEDTLS_BASE64_C + * + * This modules adds support for encoding / writing PEM files. + */ +#define MBEDTLS_PEM_WRITE_C + +/** + * \def MBEDTLS_PK_C + * + * Enable the generic public (asymetric) key layer. + * + * Module: library/pk.c + * Caller: library/ssl_tls.c + * library/ssl_cli.c + * library/ssl_srv.c + * + * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C + * + * Uncomment to enable generic public key wrappers. + */ +#define MBEDTLS_PK_C + +/** + * \def MBEDTLS_PK_PARSE_C + * + * Enable the generic public (asymetric) key parser. + * + * Module: library/pkparse.c + * Caller: library/x509_crt.c + * library/x509_csr.c + * + * Requires: MBEDTLS_PK_C + * + * Uncomment to enable generic public key parse functions. + */ +#define MBEDTLS_PK_PARSE_C + +/** + * \def MBEDTLS_PK_WRITE_C + * + * Enable the generic public (asymetric) key writer. + * + * Module: library/pkwrite.c + * Caller: library/x509write.c + * + * Requires: MBEDTLS_PK_C + * + * Uncomment to enable generic public key write functions. + */ +#define MBEDTLS_PK_WRITE_C + +/** + * \def MBEDTLS_PKCS5_C + * + * Enable PKCS#5 functions. + * + * Module: library/pkcs5.c + * + * Requires: MBEDTLS_MD_C + * + * This module adds support for the PKCS#5 functions. + */ +#define MBEDTLS_PKCS5_C + +/** + * \def MBEDTLS_PKCS12_C + * + * Enable PKCS#12 PBE functions. + * Adds algorithms for parsing PKCS#8 encrypted private keys + * + * Module: library/pkcs12.c + * Caller: library/pkparse.c + * + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C + * + * This module enables PKCS#12 functions. + */ +#define MBEDTLS_PKCS12_C + +/** + * \def MBEDTLS_PLATFORM_C + * + * Enable the platform abstraction layer that allows you to re-assign + * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). + * + * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT + * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned + * above to be specified at runtime or compile time respectively. + * + * \note This abstraction layer must be enabled on Windows (including MSYS2) + * as other module rely on it for a fixed snprintf implementation. + * + * Module: library/platform.c + * Caller: Most other .c files + * + * This module enables abstraction of common (libc) functions. + */ +#define MBEDTLS_PLATFORM_C + +/** + * \def MBEDTLS_POLY1305_C + * + * Enable the Poly1305 MAC algorithm. + * + * Module: library/poly1305.c + * Caller: library/chachapoly.c + */ +#define MBEDTLS_POLY1305_C + +/** + * \def MBEDTLS_PSA_CRYPTO_C + * + * Enable the Platform Security Architecture cryptography API. + * + * Module: library/psa_crypto.c + * + * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C, + * or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C, + * or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. + * + */ +#define MBEDTLS_PSA_CRYPTO_C + +/** + * \def MBEDTLS_PSA_CRYPTO_SE_C + * + * Enable secure element support in the Platform Security Architecture + * cryptography API. + * + * \warning This feature is not yet suitable for production. It is provided + * for API evaluation and testing purposes only. + * + * Module: library/psa_crypto_se.c + * + * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C + * + */ +//#define MBEDTLS_PSA_CRYPTO_SE_C + +/** + * \def MBEDTLS_PSA_CRYPTO_STORAGE_C + * + * Enable the Platform Security Architecture persistent key storage. + * + * Module: library/psa_crypto_storage.c + * + * Requires: MBEDTLS_PSA_CRYPTO_C, + * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of + * the PSA ITS interface + */ +#define MBEDTLS_PSA_CRYPTO_STORAGE_C + +/** + * \def MBEDTLS_PSA_ITS_FILE_C + * + * Enable the emulation of the Platform Security Architecture + * Internal Trusted Storage (PSA ITS) over files. + * + * Module: library/psa_its_file.c + * + * Requires: MBEDTLS_FS_IO + */ +//#define MBEDTLS_PSA_ITS_FILE_C + +/** + * \def MBEDTLS_RIPEMD160_C + * + * Enable the RIPEMD-160 hash algorithm. + * + * Module: library/ripemd160.c + * Caller: library/md.c + * + */ +//#define MBEDTLS_RIPEMD160_C + +/** + * \def MBEDTLS_RSA_C + * + * Enable the RSA public-key cryptosystem. + * + * Module: library/rsa.c + * library/rsa_alt_helpers.c + * Caller: library/ssl_cli.c + * library/ssl_srv.c + * library/ssl_tls.c + * library/x509.c + * + * This module is used by the following key exchanges: + * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK + * + * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C + */ +#define MBEDTLS_RSA_C + +/** + * \def MBEDTLS_SHA1_C + * + * Enable the SHA1 cryptographic hash algorithm. + * + * Module: library/sha1.c + * Caller: library/md.c + * library/ssl_cli.c + * library/ssl_srv.c + * library/ssl_tls.c + * library/x509write_crt.c + * + * This module is required for TLS 1.2 depending on the handshake parameters, + * and for SHA1-signed certificates. + * + * \warning SHA-1 is considered a weak message digest and its use constitutes + * a security risk. If possible, we recommend avoiding dependencies + * on it, and considering stronger message digests instead. + * + */ +#define MBEDTLS_SHA1_C + +/** + * \def MBEDTLS_SHA224_C + * + * Enable the SHA-224 cryptographic hash algorithm. + * + * Requires: MBEDTLS_SHA256_C. The library does not currently support enabling + * SHA-224 without SHA-256. + * + * Module: library/sha256.c + * Caller: library/md.c + * library/ssl_cookie.c + * + * This module adds support for SHA-224. + */ +#define MBEDTLS_SHA224_C + +/** + * \def MBEDTLS_SHA256_C + * + * Enable the SHA-256 cryptographic hash algorithm. + * + * Requires: MBEDTLS_SHA224_C. The library does not currently support enabling + * SHA-256 without SHA-224. + * + * Module: library/sha256.c + * Caller: library/entropy.c + * library/md.c + * library/ssl_cli.c + * library/ssl_srv.c + * library/ssl_tls.c + * + * This module adds support for SHA-256. + * This module is required for the SSL/TLS 1.2 PRF function. + */ +#define MBEDTLS_SHA256_C + +/** + * \def MBEDTLS_SHA384_C + * + * Enable the SHA-384 cryptographic hash algorithm. + * + * Requires: MBEDTLS_SHA512_C + * + * Module: library/sha512.c + * Caller: library/md.c + * library/ssl_cli.c + * library/ssl_srv.c + * + * Comment to disable SHA-384 + */ +// #define MBEDTLS_SHA384_C + +/** + * \def MBEDTLS_SHA512_C + * + * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. + * + * Module: library/sha512.c + * Caller: library/entropy.c + * library/md.c + * library/ssl_cli.c + * library/ssl_srv.c + * + * This module adds support for SHA-384 and SHA-512. + */ +// #define MBEDTLS_SHA512_C + +/** + * \def MBEDTLS_SSL_CACHE_C + * + * Enable simple SSL cache implementation. + * + * Module: library/ssl_cache.c + * Caller: + * + * Requires: MBEDTLS_SSL_CACHE_C + */ +#define MBEDTLS_SSL_CACHE_C + +/** + * \def MBEDTLS_SSL_COOKIE_C + * + * Enable basic implementation of DTLS cookies for hello verification. + * + * Module: library/ssl_cookie.c + * Caller: + */ +#define MBEDTLS_SSL_COOKIE_C + +/** + * \def MBEDTLS_SSL_TICKET_C + * + * Enable an implementation of TLS server-side callbacks for session tickets. + * + * Module: library/ssl_ticket.c + * Caller: + * + * Requires: MBEDTLS_CIPHER_C + */ +#define MBEDTLS_SSL_TICKET_C + +/** + * \def MBEDTLS_SSL_CLI_C + * + * Enable the SSL/TLS client code. + * + * Module: library/ssl_cli.c + * Caller: + * + * Requires: MBEDTLS_SSL_TLS_C + * + * This module is required for SSL/TLS client support. + */ +#define MBEDTLS_SSL_CLI_C + +/** + * \def MBEDTLS_SSL_SRV_C + * + * Enable the SSL/TLS server code. + * + * Module: library/ssl_srv.c + * Caller: + * + * Requires: MBEDTLS_SSL_TLS_C + * + * This module is required for SSL/TLS server support. + */ +#define MBEDTLS_SSL_SRV_C + +/** + * \def MBEDTLS_SSL_TLS_C + * + * Enable the generic SSL/TLS code. + * + * Module: library/ssl_tls.c + * Caller: library/ssl_cli.c + * library/ssl_srv.c + * + * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C + * and at least one of the MBEDTLS_SSL_PROTO_XXX defines + * + * This module is required for SSL/TLS. + */ +#define MBEDTLS_SSL_TLS_C + +/** + * \def MBEDTLS_THREADING_C + * + * Enable the threading abstraction layer. + * By default mbed TLS assumes it is used in a non-threaded environment or that + * contexts are not shared between threads. If you do intend to use contexts + * between threads, you will need to enable this layer to prevent race + * conditions. See also our Knowledge Base article about threading: + * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading + * + * Module: library/threading.c + * + * This allows different threading implementations (self-implemented or + * provided). + * + * You will have to enable either MBEDTLS_THREADING_ALT or + * MBEDTLS_THREADING_PTHREAD. + * + * Enable this layer to allow use of mutexes within mbed TLS + */ +#define MBEDTLS_THREADING_C + +/** + * \def MBEDTLS_TIMING_C + * + * Enable the semi-portable timing interface. + * + * \note The provided implementation only works on POSIX/Unix (including Linux, + * BSD and OS X) and Windows. On other platforms, you can either disable that + * module and provide your own implementations of the callbacks needed by + * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide + * your own implementation of the whole module by setting + * \c MBEDTLS_TIMING_ALT in the current file. + * + * \note See also our Knowledge Base article about porting to a new + * environment: + * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS + * + * Module: library/timing.c + */ +//#define MBEDTLS_TIMING_C + +/** + * \def MBEDTLS_VERSION_C + * + * Enable run-time version information. + * + * Module: library/version.c + * + * This module provides run-time version information. + */ +#define MBEDTLS_VERSION_C + +/** + * \def MBEDTLS_X509_USE_C + * + * Enable X.509 core for using certificates. + * + * Module: library/x509.c + * Caller: library/x509_crl.c + * library/x509_crt.c + * library/x509_csr.c + * + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, + * MBEDTLS_PK_PARSE_C + * + * This module is required for the X.509 parsing modules. + */ +#define MBEDTLS_X509_USE_C + +/** + * \def MBEDTLS_X509_CRT_PARSE_C + * + * Enable X.509 certificate parsing. + * + * Module: library/x509_crt.c + * Caller: library/ssl_cli.c + * library/ssl_srv.c + * library/ssl_tls.c + * + * Requires: MBEDTLS_X509_USE_C + * + * This module is required for X.509 certificate parsing. + */ +#define MBEDTLS_X509_CRT_PARSE_C + +/** + * \def MBEDTLS_X509_CRL_PARSE_C + * + * Enable X.509 CRL parsing. + * + * Module: library/x509_crl.c + * Caller: library/x509_crt.c + * + * Requires: MBEDTLS_X509_USE_C + * + * This module is required for X.509 CRL parsing. + */ +#define MBEDTLS_X509_CRL_PARSE_C + +/** + * \def MBEDTLS_X509_CSR_PARSE_C + * + * Enable X.509 Certificate Signing Request (CSR) parsing. + * + * Module: library/x509_csr.c + * Caller: library/x509_crt_write.c + * + * Requires: MBEDTLS_X509_USE_C + * + * This module is used for reading X.509 certificate request. + */ +#define MBEDTLS_X509_CSR_PARSE_C + +/** + * \def MBEDTLS_X509_CREATE_C + * + * Enable X.509 core for creating certificates. + * + * Module: library/x509_create.c + * + * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C + * + * This module is the basis for creating X.509 certificates and CSRs. + */ +#define MBEDTLS_X509_CREATE_C + +/** + * \def MBEDTLS_X509_CRT_WRITE_C + * + * Enable creating X.509 certificates. + * + * Module: library/x509_crt_write.c + * + * Requires: MBEDTLS_X509_CREATE_C + * + * This module is required for X.509 certificate creation. + */ +#define MBEDTLS_X509_CRT_WRITE_C + +/** + * \def MBEDTLS_X509_CSR_WRITE_C + * + * Enable creating X.509 Certificate Signing Requests (CSR). + * + * Module: library/x509_csr_write.c + * + * Requires: MBEDTLS_X509_CREATE_C + * + * This module is required for X.509 certificate request writing. + */ +#define MBEDTLS_X509_CSR_WRITE_C + +/* \} name SECTION: mbed TLS modules */ + +/** + * \name SECTION: Module configuration options + * + * This section allows for the setting of module specific sizes and + * configuration options. The default values are already present in the + * relevant header files and should suffice for the regular use cases. + * + * Our advice is to enable options and change their values here + * only if you have a good reason and know the consequences. + * + * Please check the respective header file for documentation on these + * parameters (to prevent duplicate documentation). + * \{ + */ + +/* MPI / BIGNUM options */ +//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */ +//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ + +/* CTR_DRBG options */ +//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ +/*! Maximal reseed counter - indicates maximal number of +requests allowed between reseeds; according to NIST 800-90 +it is (2^48 - 1), our restriction is : (int - 0xFFFF - 0xF).*/ +#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 0xFFF0 /**< Interval before reseed is performed by default */ +//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ +//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ +//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ + +/* HMAC_DRBG options */ +//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ +//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ +//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ +//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ + +/* ECP options */ +//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ +//#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ +//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ + +/* Entropy options */ +#define MBEDTLS_ENTROPY_MAX_SOURCES 1 /**< Maximum number of sources supported */ +#define MBEDTLS_ENTROPY_MAX_GATHER 144 /**< Maximum amount requested from entropy sources */ +//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ + +/* Memory buffer allocator options */ +//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ + +/* Platform options */ +//#define MBEDTLS_PLATFORM_STD_MEM_HDR /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ +//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ +//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ +/* Note: your snprintf must correctly zero-terminate the buffer! */ +//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ + +/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ +/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ +//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ +//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ +//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ +/* Note: your snprintf must correctly zero-terminate the buffer! */ +//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf /**< Default vsnprintf macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ +//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ + +/** \def MBEDTLS_CHECK_RETURN + * + * This macro is used at the beginning of the declaration of a function + * to indicate that its return value should be checked. It should + * instruct the compiler to emit a warning or an error if the function + * is called without checking its return value. + * + * There is a default implementation for popular compilers in platform_util.h. + * You can override the default implementation by defining your own here. + * + * If the implementation here is empty, this will effectively disable the + * checking of functions' return values. + */ +//#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__)) + +/** \def MBEDTLS_IGNORE_RETURN + * + * This macro requires one argument, which should be a C function call. + * If that function call would cause a #MBEDTLS_CHECK_RETURN warning, this + * warning is suppressed. + */ +//#define MBEDTLS_IGNORE_RETURN( result ) ((void) !(result)) + +/* PSA options */ +/** + * Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the + * PSA crypto subsystem. + * + * If this option is unset: + * - If CTR_DRBG is available, the PSA subsystem uses it rather than HMAC_DRBG. + * - Otherwise, the PSA subsystem uses HMAC_DRBG with either + * #MBEDTLS_MD_SHA512 or #MBEDTLS_MD_SHA256 based on availability and + * on unspecified heuristics. + */ +#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256 + +/** \def MBEDTLS_PSA_KEY_SLOT_COUNT + * Restrict the PSA library to supporting a maximum amount of simultaneously + * loaded keys. A loaded key is a key stored by the PSA Crypto core as a + * volatile key, or a persistent key which is loaded temporarily by the + * library as part of a crypto operation in flight. + * + * If this option is unset, the library will fall back to a default value of + * 32 keys. + */ +//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 + +/* SSL Cache options */ +//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ +//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ + +/* SSL options */ + +/** \def MBEDTLS_SSL_IN_CONTENT_LEN + * + * Maximum length (in bytes) of incoming plaintext fragments. + * + * This determines the size of the incoming TLS I/O buffer in such a way + * that it is capable of holding the specified amount of plaintext data, + * regardless of the protection mechanism used. + * + * \note When using a value less than the default of 16KB on the client, it is + * recommended to use the Maximum Fragment Length (MFL) extension to + * inform the server about this limitation. On the server, there + * is no supported, standardized way of informing the client about + * restriction on the maximum size of incoming messages, and unless + * the limitation has been communicated by other means, it is recommended + * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN + * while keeping the default value of 16KB for the incoming buffer. + * + * Uncomment to set the maximum plaintext size of the incoming I/O buffer. + */ +//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 + +/** \def MBEDTLS_SSL_CID_IN_LEN_MAX + * + * The maximum length of CIDs used for incoming DTLS messages. + * + */ +//#define MBEDTLS_SSL_CID_IN_LEN_MAX 32 + +/** \def MBEDTLS_SSL_CID_OUT_LEN_MAX + * + * The maximum length of CIDs used for outgoing DTLS messages. + * + */ +//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32 + +/** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY + * + * This option controls the use of record plaintext padding + * in TLS 1.3 and when using the Connection ID extension in DTLS 1.2. + * + * The padding will always be chosen so that the length of the + * padded plaintext is a multiple of the value of this option. + * + * Note: A value of \c 1 means that no padding will be used + * for outgoing records. + * + * Note: On systems lacking division instructions, + * a power of two should be preferred. + */ +//#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 + +/** \def MBEDTLS_SSL_OUT_CONTENT_LEN + * + * Maximum length (in bytes) of outgoing plaintext fragments. + * + * This determines the size of the outgoing TLS I/O buffer in such a way + * that it is capable of holding the specified amount of plaintext data, + * regardless of the protection mechanism used. + * + * It is possible to save RAM by setting a smaller outward buffer, while keeping + * the default inward 16384 byte buffer to conform to the TLS specification. + * + * The minimum required outward buffer size is determined by the handshake + * protocol's usage. Handshaking will fail if the outward buffer is too small. + * The specific size requirement depends on the configured ciphers and any + * certificate data which is sent during the handshake. + * + * Uncomment to set the maximum plaintext size of the outgoing I/O buffer. + */ +//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 + +/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING + * + * Maximum number of heap-allocated bytes for the purpose of + * DTLS handshake message reassembly and future message buffering. + * + * This should be at least 9/8 * MBEDTLS_SSL_IN_CONTENT_LEN + * to account for a reassembled handshake message of maximum size, + * together with its reassembly bitmap. + * + * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default) + * should be sufficient for all practical situations as it allows + * to reassembly a large handshake message (such as a certificate) + * while buffering multiple smaller handshake messages. + * + */ +//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 + +//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ +//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ + +/** \def MBEDTLS_TLS_EXT_CID + * + * At the time of writing, the CID extension has not been assigned its + * final value. Set this configuration option to make Mbed TLS use a + * different value. + * + * A future minor revision of Mbed TLS may change the default value of + * this option to match evolving standards and usage. + */ +//#define MBEDTLS_TLS_EXT_CID 254 + +/** + * Complete list of ciphersuites to use, in order of preference. + * + * \warning No dependency checking is done on that field! This option can only + * be used to restrict the set of available ciphersuites. It is your + * responsibility to make sure the needed modules are active. + * + * Use this to save a few hundred bytes of ROM (default ordering of all + * available ciphersuites) and a few to a few hundred bytes of RAM. + * + * The value below is only an example, not the default. + */ +//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + +/* X509 options */ +//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ +//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ + +/** + * Uncomment the macro to let mbed TLS use your alternate implementation of + * mbedtls_platform_zeroize(). This replaces the default implementation in + * platform_util.c. + * + * mbedtls_platform_zeroize() is a widely used function across the library to + * zero a block of memory. The implementation is expected to be secure in the + * sense that it has been written to prevent the compiler from removing calls + * to mbedtls_platform_zeroize() as part of redundant code elimination + * optimizations. However, it is difficult to guarantee that calls to + * mbedtls_platform_zeroize() will not be optimized by the compiler as older + * versions of the C language standards do not provide a secure implementation + * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to + * configure their own implementation of mbedtls_platform_zeroize(), for + * example by using directives specific to their compiler, features from newer + * C standards (e.g using memset_s() in C11) or calling a secure memset() from + * their system (e.g explicit_bzero() in BSD). + */ +//#define MBEDTLS_PLATFORM_ZEROIZE_ALT + +/** + * Uncomment the macro to let Mbed TLS use your alternate implementation of + * mbedtls_platform_gmtime_r(). This replaces the default implementation in + * platform_util.c. + * + * gmtime() is not a thread-safe function as defined in the C standard. The + * library will try to use safer implementations of this function, such as + * gmtime_r() when available. However, if Mbed TLS cannot identify the target + * system, the implementation of mbedtls_platform_gmtime_r() will default to + * using the standard gmtime(). In this case, calls from the library to + * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex + * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the + * library are also guarded with this mutex to avoid race conditions. However, + * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will + * unconditionally use the implementation for mbedtls_platform_gmtime_r() + * supplied at compile time. + */ +//#define MBEDTLS_PLATFORM_GMTIME_R_ALT + +/** + * Enable the verified implementations of ECDH primitives from Project Everest + * (currently only Curve25519). This feature changes the layout of ECDH + * contexts and therefore is a compatibility break for applications that access + * fields of a mbedtls_ecdh_context structure directly. See also + * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h. + */ +//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED + + +#define PSA_CRYPTO_DRIVER_CC3XX +/* \} name SECTION: Customisation configuration options */ + +/* Target and application specific configurations + * + * Allow user to override any previous default. + * + */ +#if defined(MBEDTLS_USER_CONFIG_FILE) +#include MBEDTLS_USER_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#include "mbedtls/config_psa.h" +#endif + +#include "mbedtls/check_config.h" diff --git a/lib/libnrf_cc310_core_0.9.14.a b/lib/libnrf_cc310_core_0.9.14.a new file mode 100644 index 0000000..fdfb513 Binary files /dev/null and b/lib/libnrf_cc310_core_0.9.14.a differ