Device Management Platform Abstraction Layer (PAL) API references | mbed-cloud-client/mbed-client-pal/Source/PAL-Impl/Services-API/pal

Go to the documentation of this file.
 // ----------------------------------------------------------------------------
 // Copyright 2016-2019 ARM Ltd.
 //
 // SPDX-License-Identifier: Apache-2.0
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 // ----------------------------------------------------------------------------
 
 #ifndef _PAL_CRYPTO_H_
 #define _PAL_CRYPTO_H_
 
 #ifndef _PAL_H
     #error "Please do not include this file directly, use pal.h instead"
 #endif
 
 typedef uintptr_t palAesHandle_t;
 typedef uintptr_t palX509Handle_t;
 typedef uintptr_t palMDHandle_t;
 typedef uintptr_t palCCMHandle_t;
 typedef uintptr_t palCMACHandle_t;
 typedef uintptr_t palCtrDrbgCtxHandle_t;
 typedef uintptr_t palCurveHandle_t;
 typedef uintptr_t palGroupIDHandle_t;
 typedef uintptr_t palECKeyHandle_t;
 typedef uintptr_t palSignatureHandle_t;
 typedef uintptr_t palx509CSRHandle_t;
 typedef uintptr_t palKeyHandle_t;
 
 typedef enum palAesKeyType{
     PAL_KEY_TARGET_ENCRYPTION,
     PAL_KEY_TARGET_DECRYPTION
 }palAesKeyType_t;
 
 typedef enum palMDType{
     PAL_SHA256
 }palMDType_t;
 
 typedef enum palAesMode{
     PAL_AES_ENCRYPT,
     PAL_AES_DECRYPT
 }palAesMode_t;
 
 typedef enum palASNTag{
     PAL_ASN1_BOOLEAN                 = 0x01,
     PAL_ASN1_INTEGER                 = 0x02,
     PAL_ASN1_BIT_STRING              = 0x03,
     PAL_ASN1_OCTET_STRING            = 0x04,
     PAL_ASN1_NULL                    = 0x05,
     PAL_ASN1_OID                     = 0x06,
     PAL_ASN1_UTF8_STRING             = 0x0C,
     PAL_ASN1_SEQUENCE                = 0x10,
     PAL_ASN1_SET                     = 0x11,
     PAL_ASN1_PRINTABLE_STRING        = 0x13,
     PAL_ASN1_T61_STRING              = 0x14,
     PAL_ASN1_IA5_STRING              = 0x16,
     PAL_ASN1_UTC_TIME                = 0x17,
     PAL_ASN1_GENERALIZED_TIME        = 0x18,
     PAL_ASN1_UNIVERSAL_STRING        = 0x1C,
     PAL_ASN1_BMP_STRING              = 0x1E,
     PAL_ASN1_PRIMITIVE               = 0x00,
     PAL_ASN1_CONSTRUCTED             = 0x20,
     PAL_ASN1_CONTEXT_SPECIFIC        = 0x80,
 }palASNTag_t;
 
 #define PAL_ASN1_CLASS_BITS 0xC0
 #define PAL_ASN1_TAG_BITS 0x1F
 #define PAL_CRYPT_BLOCK_SIZE 16
 #define PAL_SHA256_SIZE 32
 #define PAL_ECDSA_SECP256R1_SIGNATURE_RAW_SIZE 64
 #define PAL_SECP256R1_MAX_PUB_KEY_RAW_SIZE 65
 #define PAL_ECDSA_SECP256R1_SIGNATURE_DER_SIZE 74
 #define PAL_EC_SECP256R1_MAX_PUB_KEY_DER_SIZE 91
 #define PAL_SECP256R1_RAW_KEY_AGREEMENT_SIZE 32
 
 typedef enum palFormat{
     PAL_POINT_CONVERSION_UNCOMPRESSED
     /*PAL_POINT_CONVERSION_COMPRESSED*/
 }palFormat_t;
 
 typedef enum palCipherID{
     PAL_CIPHER_ID_AES
     /*PAL_CIPHER_ID_DES*/
 }palCipherID_t;
 
 typedef enum palGroupIndex{
     PAL_ECP_DP_NONE,
     PAL_ECP_DP_SECP256R1
 }palGroupIndex_t;
 
 typedef enum palKeyUsage{
     PAL_X509_KU_DIGITAL_SIGNATURE = 0x1,
     PAL_X509_KU_NON_REPUDIATION = 0x2,
     PAL_X509_KU_KEY_CERT_SIGN = 0x4,
     PAL_X509_KU_KEY_AGREEMENT = 0x8
 }palKeyUsage_t;
 
 typedef enum palExtKeyUsage {
     PAL_X509_EXT_KU_ANY =              (1 << 0),
     PAL_X509_EXT_KU_SERVER_AUTH =      (1 << 1),
     PAL_X509_EXT_KU_CLIENT_AUTH =      (1 << 2),
     PAL_X509_EXT_KU_CODE_SIGNING =     (1 << 3),
     PAL_X509_EXT_KU_EMAIL_PROTECTION = (1 << 4),
     PAL_X509_EXT_KU_TIME_STAMPING =    (1 << 8),
     PAL_X509_EXT_KU_OCSP_SIGNING =     (1 << 9)
 }palExtKeyUsage_t;
 
 typedef enum palKeyToCheck{
     PAL_CHECK_PRIVATE_KEY = 0x01,
     PAL_CHECK_PUBLIC_KEY = 0x10,
     PAL_CHECK_BOTH_KEYS = 0x11
 }palKeyToCheck_t;
 
 typedef enum palX509Attr{
     PAL_X509_ISSUER_ATTR,
     PAL_X509_SUBJECT_ATTR,
     PAL_X509_CN_ATTR,
     PAL_X509_OU_ATTR,
     PAL_X509_VALID_FROM,
     PAL_X509_VALID_TO,
     PAL_X509_CERT_ID_ATTR,
     PAL_X509_SIGNATUR_ATTR,
     PAL_X509_L_ATTR
 }palX509Attr_t;
 
 #ifndef MBED_CONF_MBED_CLOUD_CLIENT_PSA_SUPPORT
 typedef struct palCryptoBuffer{
     uint8_t* buffer;
     uint32_t size;
 } palCryptoBuffer_t;
 #endif //MBED_CONF_MBED_CLOUD_CLIENT_PSA_SUPPORT
 
 
 /***************************************************/
 /**** PAL Crypto Client APIs ***********************/
 /***************************************************/
 
 palStatus_t pal_initAes(palAesHandle_t *aes);
 
 palStatus_t pal_freeAes(palAesHandle_t *aes);
 
 palStatus_t pal_setAesKey(palAesHandle_t aes, const unsigned char* key, uint32_t keybits, palAesKeyType_t keyTarget);
 
 palStatus_t pal_aesCTR(palAesHandle_t aes, const unsigned char* input, unsigned char* output, size_t inLen, unsigned char iv[16]);
 
 palStatus_t pal_aesCTRWithZeroOffset(palAesHandle_t aes, const unsigned char* input, unsigned char* output, size_t inLen, unsigned char iv[16]);
 
 palStatus_t pal_aesECB(palAesHandle_t aes, const unsigned char input[PAL_CRYPT_BLOCK_SIZE], unsigned char output[PAL_CRYPT_BLOCK_SIZE], palAesMode_t mode);
 
 palStatus_t pal_sha256(const unsigned char* input, size_t inLen, unsigned char output[PAL_SHA256_SIZE]);
 
 palStatus_t pal_x509Initiate(palX509Handle_t* x509Cert);
 
 palStatus_t pal_x509CertParse(palX509Handle_t x509Cert, const unsigned char* input, size_t inLen);
 
 palStatus_t pal_x509CertGetAttribute(palX509Handle_t x509Cert, palX509Attr_t attr, void* output, size_t outLenBytes, size_t* actualOutLenBytes);
 
 palStatus_t pal_x509CertVerify(palX509Handle_t x509Cert, palX509Handle_t x509CertChain);
 
 palStatus_t pal_x509CertVerifyExtended(palX509Handle_t x509Cert, palX509Handle_t x509CertChain, int32_t* verifyResult);
 
 palStatus_t pal_x509CertCheckExtendedKeyUsage(palX509Handle_t x509Cert, palExtKeyUsage_t usage);
 
 palStatus_t pal_x509Free(palX509Handle_t* x509Cert);
 
 palStatus_t pal_mdInit(palMDHandle_t* md, palMDType_t mdType);
 
 palStatus_t pal_mdUpdate(palMDHandle_t md, const unsigned char* input, size_t inLen);
 
 palStatus_t pal_mdGetOutputSize(palMDHandle_t md, size_t* bufferSize);
 
 palStatus_t pal_mdFinal(palMDHandle_t md, unsigned char* output);
 
 palStatus_t pal_mdFree(palMDHandle_t* md);
 
 palStatus_t pal_verifySignature(palX509Handle_t x509, palMDType_t mdType, const unsigned char *hash, size_t hashLen, const unsigned char *sig, size_t sigLen);
 
 palStatus_t pal_ASN1GetTag(unsigned char **position, const unsigned char *end, size_t *len, uint8_t tag);
 
 palStatus_t pal_CCMInit(palCCMHandle_t* ctx);
 
 palStatus_t pal_CCMFree(palCCMHandle_t* ctx);
 
 palStatus_t pal_CCMSetKey(palCCMHandle_t ctx, const unsigned char *key, uint32_t keybits, palCipherID_t id);
 
 palStatus_t pal_CCMDecrypt(palCCMHandle_t ctx, unsigned char* input, size_t inLen,
                             unsigned char* iv, size_t ivLen, unsigned char* add,
                             size_t addLen, unsigned char* tag, size_t tagLen,
                             unsigned char* output);
 
 palStatus_t pal_CCMEncrypt(palCCMHandle_t ctx, unsigned char* input,
                             size_t inLen, unsigned char* iv, size_t ivLen,
                             unsigned char* add, size_t addLen, unsigned char* output,
                             unsigned char* tag, size_t tagLen);
 
 palStatus_t pal_CtrDRBGInit(palCtrDrbgCtxHandle_t* ctx, const void* seed, size_t len);
 
 palStatus_t pal_CtrDRBGIsSeeded(palCtrDrbgCtxHandle_t ctx);
 
 palStatus_t pal_CtrDRBGGenerate(palCtrDrbgCtxHandle_t ctx, unsigned char* out, size_t len);
 
 palStatus_t pal_CtrDRBGFree(palCtrDrbgCtxHandle_t* ctx);
 
 
 palStatus_t pal_cipherCMAC(const unsigned char *key, size_t keyLenInBits, const unsigned char *input, size_t inputLenInBytes, unsigned char *output);
 
 palStatus_t pal_CMACStart(palCMACHandle_t *ctx, const unsigned char *key, size_t keyLenBits, palCipherID_t cipherID);
 
 palStatus_t pal_CMACUpdate(palCMACHandle_t ctx, const unsigned char *input, size_t inLen);
 
 palStatus_t pal_CMACFinish(palCMACHandle_t *ctx, unsigned char *output, size_t* outLen);
 
 palStatus_t pal_mdHmacSha256(const unsigned char *key, size_t keyLenInBytes, const unsigned char *input, size_t inputLenInBytes, unsigned char *output, size_t* outputLenInBytes);
 
 
 palStatus_t pal_ECCheckKey(palCurveHandle_t grp, palECKeyHandle_t key, uint32_t type, bool *verified);
 
 palStatus_t pal_ECKeyNew(palECKeyHandle_t* key);
 
 palStatus_t pal_ECKeyFree(palECKeyHandle_t* key);
 
 palStatus_t pal_newKeyHandle( palKeyHandle_t *keyHandle, size_t key_size); 
 
 
 palStatus_t pal_freeKeyHandle(palKeyHandle_t *keyHandle); 
 
 
 palStatus_t pal_parseECPrivateKeyFromDER(const unsigned char* prvDERKey, size_t keyLen, palECKeyHandle_t key);
 
 palStatus_t pal_parseECPublicKeyFromDER(const unsigned char* pubDERKey, size_t keyLen, palECKeyHandle_t key);
 
 
 palStatus_t pal_parseECPrivateKeyFromHandle(const palKeyHandle_t prvKeyHandle, palECKeyHandle_t ECKeyHandle);
 
 palStatus_t pal_parseECPublicKeyFromHandle(const palKeyHandle_t pubKeyHandle, palECKeyHandle_t ECKeyHandle);
 
 palStatus_t pal_convertRawSignatureToDer(
         const unsigned char         *rawSignature,
         size_t                       rawSignatureSize,
         unsigned char               *derSignatureOut,
         size_t                       derSignatureMaxSize,
         size_t                      *derSignatureActSizeOut);
 
 palStatus_t pal_asymmetricSign(const palECKeyHandle_t privateKeyHanlde, palMDType_t mdType, const unsigned char *hash, size_t hashSize, unsigned char *outSignature, size_t maxSignatureSize, size_t *actualOutSignatureSize);
 
 palStatus_t pal_asymmetricVerify(const palECKeyHandle_t publicKeyHanlde, palMDType_t mdType, const unsigned char *hash, size_t hashSize, const unsigned char *signature, size_t signatureSize);
 
 
 #ifndef MBED_CONF_MBED_CLOUD_CLIENT_PSA_SUPPORT
 
 palStatus_t pal_writePrivateKeyWithHandle(const palKeyHandle_t prvKeyHandle, palECKeyHandle_t ECKeyHandle);
 
 
 palStatus_t pal_writePublicKeyWithHandle(const palKeyHandle_t pubKeyHandle, palECKeyHandle_t ECKeyHandle);
 #endif
 
 palStatus_t pal_writePrivateKeyToDer(palECKeyHandle_t key, unsigned char* derBuffer, size_t bufferSize, size_t* actualSize);
 
 palStatus_t pal_writePublicKeyToDer(palECKeyHandle_t key, unsigned char* derBuffer, size_t bufferSize, size_t* actualSize);
 
 palStatus_t pal_ECKeyGenerateKey(palGroupIndex_t grpID, palECKeyHandle_t key);
 
 palStatus_t pal_ECKeyGetCurve(palECKeyHandle_t key, palGroupIndex_t* grpID);
 
 palStatus_t pal_ECGroupInitAndLoad(palCurveHandle_t* grp, palGroupIndex_t index);
 
 palStatus_t pal_ECGroupFree(palCurveHandle_t* grp);
 
 palStatus_t pal_x509CSRInit(palx509CSRHandle_t *x509CSR);
 
 palStatus_t pal_x509CSRSetSubject(palx509CSRHandle_t x509CSR, const char* subjectName);
 
 palStatus_t pal_x509CSRSetMD(palx509CSRHandle_t x509CSR, palMDType_t mdType);
 
 palStatus_t pal_x509CSRSetKey(palx509CSRHandle_t x509CSR, palECKeyHandle_t pubKey, palECKeyHandle_t prvKey);
 
 palStatus_t pal_x509CSRSetKeyUsage(palx509CSRHandle_t x509CSR, uint32_t keyUsage);
 
 palStatus_t pal_x509CSRSetExtendedKeyUsage(palx509CSRHandle_t x509CSR, uint32_t extKeyUsage);
 
 palStatus_t pal_x509CSRSetExtension(palx509CSRHandle_t x509CSR,const char* oid, size_t oidLen,
                                     const unsigned char* value, size_t valueLen);
 
 palStatus_t pal_x509CSRWriteDER(palx509CSRHandle_t x509CSR, unsigned char* derBuf, size_t derBufLen, size_t* actualDerLen);
 
 palStatus_t pal_x509CSRFromCertWriteDER(palX509Handle_t x509Cert, palx509CSRHandle_t x509CSR, unsigned char* derBuf, size_t derBufLen, size_t* actualDerBufLen);
 
 palStatus_t pal_x509CSRFree(palx509CSRHandle_t *x509CSR);
 
 palStatus_t pal_ECDHComputeKey(const palCurveHandle_t grp, const palECKeyHandle_t peerPublicKey,
                                 const palECKeyHandle_t privateKey, palECKeyHandle_t outKey);
 
 palStatus_t pal_ECDHKeyAgreement(
     const uint8_t               *derPeerPublicKey,
     size_t                       derPeerPublicKeySize,
     const palECKeyHandle_t       privateKeyHandle,
     unsigned char               *rawSharedSecretOut,
     size_t                       rawSharedSecretMaxSize,
     size_t                      *rawSharedSecretActSizeOut);
 
 palStatus_t pal_ECDSASign(palCurveHandle_t grp, palMDType_t mdType, palECKeyHandle_t prvKey, unsigned char* dgst,
                                     uint32_t dgstLen, unsigned char *sig, size_t *sigLen);
 
 palStatus_t pal_ECDSAVerify(palECKeyHandle_t pubKey, unsigned char* dgst, uint32_t dgstLen,
                                     unsigned char* sig, size_t sigLen, bool* verified);
 
 
 palStatus_t pal_x509CertGetHTBS(palX509Handle_t x509Cert, palMDType_t hash_type, unsigned char *output, size_t outLenBytes, size_t* actualOutLenBytes);
 
 #endif //_PAL_CRYPTO_H_
Documentation
