diff options
Diffstat (limited to 'lib/bt/porting/ext/tinycrypt/include')
15 files changed, 0 insertions, 2444 deletions
diff --git a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/aes.h b/lib/bt/porting/ext/tinycrypt/include/tinycrypt/aes.h deleted file mode 100644 index 885c02e0..00000000 --- a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/aes.h +++ /dev/null @@ -1,130 +0,0 @@ -/* aes.h - TinyCrypt interface to an AES-128 implementation */ - -/* - * Copyright (C) 2017 by Intel Corporation, All Rights Reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * - Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * - Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * - Neither the name of Intel Corporation nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * @file - * @brief -- Interface to an AES-128 implementation. - * - * Overview: AES-128 is a NIST approved block cipher specified in - * FIPS 197. Block ciphers are deterministic algorithms that - * perform a transformation specified by a symmetric key in fixed- - * length data sets, also called blocks. - * - * Security: AES-128 provides approximately 128 bits of security. - * - * Usage: 1) call tc_aes128_set_encrypt/decrypt_key to set the key. - * - * 2) call tc_aes_encrypt/decrypt to process the data. - */ - -#ifndef __TC_AES_H__ -#define __TC_AES_H__ - -#include <stdint.h> - -#ifdef __cplusplus -extern "C" { -#endif - -#define Nb (4) /* number of columns (32-bit words) comprising the state */ -#define Nk (4) /* number of 32-bit words comprising the key */ -#define Nr (10) /* number of rounds */ -#define TC_AES_BLOCK_SIZE (Nb*Nk) -#define TC_AES_KEY_SIZE (Nb*Nk) - -typedef struct tc_aes_key_sched_struct { - unsigned int words[Nb*(Nr+1)]; -} *TCAesKeySched_t; - -/** - * @brief Set AES-128 encryption key - * Uses key k to initialize s - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_CRYPTO_FAIL (0) if: s == NULL or k == NULL - * @note This implementation skips the additional steps required for keys - * larger than 128 bits, and must not be used for AES-192 or - * AES-256 key schedule -- see FIPS 197 for details - * @param s IN/OUT -- initialized struct tc_aes_key_sched_struct - * @param k IN -- points to the AES key - */ -int tc_aes128_set_encrypt_key(TCAesKeySched_t s, const uint8_t *k); - -/** - * @brief AES-128 Encryption procedure - * Encrypts contents of in buffer into out buffer under key; - * schedule s - * @note Assumes s was initialized by aes_set_encrypt_key; - * out and in point to 16 byte buffers - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_CRYPTO_FAIL (0) if: out == NULL or in == NULL or s == NULL - * @param out IN/OUT -- buffer to receive ciphertext block - * @param in IN -- a plaintext block to encrypt - * @param s IN -- initialized AES key schedule - */ -int tc_aes_encrypt(uint8_t *out, const uint8_t *in, - const TCAesKeySched_t s); - -/** - * @brief Set the AES-128 decryption key - * Uses key k to initialize s - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_CRYPTO_FAIL (0) if: s == NULL or k == NULL - * @note This is the implementation of the straightforward inverse cipher - * using the cipher documented in FIPS-197 figure 12, not the - * equivalent inverse cipher presented in Figure 15 - * @warning This routine skips the additional steps required for keys larger - * than 128, and must not be used for AES-192 or AES-256 key - * schedule -- see FIPS 197 for details - * @param s IN/OUT -- initialized struct tc_aes_key_sched_struct - * @param k IN -- points to the AES key - */ -int tc_aes128_set_decrypt_key(TCAesKeySched_t s, const uint8_t *k); - -/** - * @brief AES-128 Encryption procedure - * Decrypts in buffer into out buffer under key schedule s - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_CRYPTO_FAIL (0) if: out is NULL or in is NULL or s is NULL - * @note Assumes s was initialized by aes_set_encrypt_key - * out and in point to 16 byte buffers - * @param out IN/OUT -- buffer to receive ciphertext block - * @param in IN -- a plaintext block to encrypt - * @param s IN -- initialized AES key schedule - */ -int tc_aes_decrypt(uint8_t *out, const uint8_t *in, - const TCAesKeySched_t s); - -#ifdef __cplusplus -} -#endif - -#endif /* __TC_AES_H__ */ diff --git a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/cbc_mode.h b/lib/bt/porting/ext/tinycrypt/include/tinycrypt/cbc_mode.h deleted file mode 100644 index 4a837fd0..00000000 --- a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/cbc_mode.h +++ /dev/null @@ -1,151 +0,0 @@ -/* cbc_mode.h - TinyCrypt interface to a CBC mode implementation */ - -/* - * Copyright (C) 2017 by Intel Corporation, All Rights Reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * - Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * - Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * - Neither the name of Intel Corporation nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * @file - * @brief Interface to a CBC mode implementation. - * - * Overview: CBC (for "cipher block chaining") mode is a NIST approved mode of - * operation defined in SP 800-38a. It can be used with any block - * cipher to provide confidentiality of strings whose lengths are - * multiples of the block_size of the underlying block cipher. - * TinyCrypt hard codes AES as the block cipher. - * - * Security: CBC mode provides data confidentiality given that the maximum - * number q of blocks encrypted under a single key satisfies - * q < 2^63, which is not a practical constraint (it is considered a - * good practice to replace the encryption when q == 2^56). CBC mode - * provides NO data integrity. - * - * CBC mode assumes that the IV value input into the - * tc_cbc_mode_encrypt is randomly generated. The TinyCrypt library - * provides HMAC-PRNG module, which generates suitable IVs. Other - * methods for generating IVs are acceptable, provided that the - * values of the IVs generated appear random to any adversary, - * including someone with complete knowledge of the system design. - * - * The randomness property on which CBC mode's security depends is - * the unpredictability of the IV. Since it is unpredictable, this - * means in practice that CBC mode requires that the IV is stored - * somehow with the ciphertext in order to recover the plaintext. - * - * TinyCrypt CBC encryption prepends the IV to the ciphertext, - * because this affords a more efficient (few buffers) decryption. - * Hence tc_cbc_mode_encrypt assumes the ciphertext buffer is always - * 16 bytes larger than the plaintext buffer. - * - * Requires: AES-128 - * - * Usage: 1) call tc_cbc_mode_encrypt to encrypt data. - * - * 2) call tc_cbc_mode_decrypt to decrypt data. - * - */ - -#ifndef __TC_CBC_MODE_H__ -#define __TC_CBC_MODE_H__ - -#include <tinycrypt/aes.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * @brief CBC encryption procedure - * CBC encrypts inlen bytes of the in buffer into the out buffer - * using the encryption key schedule provided, prepends iv to out - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_CRYPTO_FAIL (0) if: - * out == NULL or - * in == NULL or - * ctr == NULL or - * sched == NULL or - * inlen == 0 or - * (inlen % TC_AES_BLOCK_SIZE) != 0 or - * (outlen % TC_AES_BLOCK_SIZE) != 0 or - * outlen != inlen + TC_AES_BLOCK_SIZE - * @note Assumes: - sched has been configured by aes_set_encrypt_key - * - iv contains a 16 byte random string - * - out buffer is large enough to hold the ciphertext + iv - * - out buffer is a contiguous buffer - * - in holds the plaintext and is a contiguous buffer - * - inlen gives the number of bytes in the in buffer - * @param out IN/OUT -- buffer to receive the ciphertext - * @param outlen IN -- length of ciphertext buffer in bytes - * @param in IN -- plaintext to encrypt - * @param inlen IN -- length of plaintext buffer in bytes - * @param iv IN -- the IV for the this encrypt/decrypt - * @param sched IN -- AES key schedule for this encrypt - */ -int tc_cbc_mode_encrypt(uint8_t *out, unsigned int outlen, const uint8_t *in, - unsigned int inlen, const uint8_t *iv, - const TCAesKeySched_t sched); - -/** - * @brief CBC decryption procedure - * CBC decrypts inlen bytes of the in buffer into the out buffer - * using the provided encryption key schedule - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_CRYPTO_FAIL (0) if: - * out == NULL or - * in == NULL or - * sched == NULL or - * inlen == 0 or - * outlen == 0 or - * (inlen % TC_AES_BLOCK_SIZE) != 0 or - * (outlen % TC_AES_BLOCK_SIZE) != 0 or - * outlen != inlen + TC_AES_BLOCK_SIZE - * @note Assumes:- in == iv + ciphertext, i.e. the iv and the ciphertext are - * contiguous. This allows for a very efficient decryption - * algorithm that would not otherwise be possible - * - sched was configured by aes_set_decrypt_key - * - out buffer is large enough to hold the decrypted plaintext - * and is a contiguous buffer - * - inlen gives the number of bytes in the in buffer - * @param out IN/OUT -- buffer to receive decrypted data - * @param outlen IN -- length of plaintext buffer in bytes - * @param in IN -- ciphertext to decrypt, including IV - * @param inlen IN -- length of ciphertext buffer in bytes - * @param iv IN -- the IV for the this encrypt/decrypt - * @param sched IN -- AES key schedule for this decrypt - * - */ -int tc_cbc_mode_decrypt(uint8_t *out, unsigned int outlen, const uint8_t *in, - unsigned int inlen, const uint8_t *iv, - const TCAesKeySched_t sched); - -#ifdef __cplusplus -} -#endif - -#endif /* __TC_CBC_MODE_H__ */ diff --git a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/ccm_mode.h b/lib/bt/porting/ext/tinycrypt/include/tinycrypt/ccm_mode.h deleted file mode 100644 index 69c798e2..00000000 --- a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/ccm_mode.h +++ /dev/null @@ -1,211 +0,0 @@ -/* ccm_mode.h - TinyCrypt interface to a CCM mode implementation */ - -/* - * Copyright (C) 2017 by Intel Corporation, All Rights Reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * - Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * - Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * - Neither the name of Intel Corporation nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * @file - * @brief Interface to a CCM mode implementation. - * - * Overview: CCM (for "Counter with CBC-MAC") mode is a NIST approved mode of - * operation defined in SP 800-38C. - * - * TinyCrypt CCM implementation accepts: - * - * 1) Both non-empty payload and associated data (it encrypts and - * authenticates the payload and also authenticates the associated - * data); - * 2) Non-empty payload and empty associated data (it encrypts and - * authenticates the payload); - * 3) Non-empty associated data and empty payload (it degenerates to - * an authentication mode on the associated data). - * - * TinyCrypt CCM implementation accepts associated data of any length - * between 0 and (2^16 - 2^8) bytes. - * - * Security: The mac length parameter is an important parameter to estimate the - * security against collision attacks (that aim at finding different - * messages that produce the same authentication tag). TinyCrypt CCM - * implementation accepts any even integer between 4 and 16, as - * suggested in SP 800-38C. - * - * RFC-3610, which also specifies CCM, presents a few relevant - * security suggestions, such as: it is recommended for most - * applications to use a mac length greater than 8. Besides, the - * usage of the same nonce for two different messages which are - * encrypted with the same key destroys the security of CCM mode. - * - * Requires: AES-128 - * - * Usage: 1) call tc_ccm_config to configure. - * - * 2) call tc_ccm_mode_encrypt to encrypt data and generate tag. - * - * 3) call tc_ccm_mode_decrypt to decrypt data and verify tag. - */ - -#ifndef __TC_CCM_MODE_H__ -#define __TC_CCM_MODE_H__ - -#include <tinycrypt/aes.h> -#include <stddef.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/* max additional authenticated size in bytes: 2^16 - 2^8 = 65280 */ -#define TC_CCM_AAD_MAX_BYTES 0xff00 - -/* max message size in bytes: 2^(8L) = 2^16 = 65536 */ -#define TC_CCM_PAYLOAD_MAX_BYTES 0x10000 - -/* struct tc_ccm_mode_struct represents the state of a CCM computation */ -typedef struct tc_ccm_mode_struct { - TCAesKeySched_t sched; /* AES key schedule */ - uint8_t *nonce; /* nonce required by CCM */ - unsigned int mlen; /* mac length in bytes (parameter t in SP-800 38C) */ -} *TCCcmMode_t; - -/** - * @brief CCM configuration procedure - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_CRYPTO_FAIL (0) if: - * c == NULL or - * sched == NULL or - * nonce == NULL or - * mlen != {4, 6, 8, 10, 12, 16} - * @param c -- CCM state - * @param sched IN -- AES key schedule - * @param nonce IN - nonce - * @param nlen -- nonce length in bytes - * @param mlen -- mac length in bytes (parameter t in SP-800 38C) - */ -int tc_ccm_config(TCCcmMode_t c, TCAesKeySched_t sched, uint8_t *nonce, - unsigned int nlen, unsigned int mlen); - -/** - * @brief CCM tag generation and encryption procedure - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_CRYPTO_FAIL (0) if: - * out == NULL or - * c == NULL or - * ((plen > 0) and (payload == NULL)) or - * ((alen > 0) and (associated_data == NULL)) or - * (alen >= TC_CCM_AAD_MAX_BYTES) or - * (plen >= TC_CCM_PAYLOAD_MAX_BYTES) or - * (olen < plen + maclength) - * - * @param out OUT -- encrypted data - * @param olen IN -- output length in bytes - * @param associated_data IN -- associated data - * @param alen IN -- associated data length in bytes - * @param payload IN -- payload - * @param plen IN -- payload length in bytes - * @param c IN -- CCM state - * - * @note: out buffer should be at least (plen + c->mlen) bytes long. - * - * @note: The sequence b for encryption is formatted as follows: - * b = [FLAGS | nonce | counter ], where: - * FLAGS is 1 byte long - * nonce is 13 bytes long - * counter is 2 bytes long - * The byte FLAGS is composed by the following 8 bits: - * 0-2 bits: used to represent the value of q-1 - * 3-7 btis: always 0's - * - * @note: The sequence b for authentication is formatted as follows: - * b = [FLAGS | nonce | length(mac length)], where: - * FLAGS is 1 byte long - * nonce is 13 bytes long - * length(mac length) is 2 bytes long - * The byte FLAGS is composed by the following 8 bits: - * 0-2 bits: used to represent the value of q-1 - * 3-5 bits: mac length (encoded as: (mlen-2)/2) - * 6: Adata (0 if alen == 0, and 1 otherwise) - * 7: always 0 - */ -int tc_ccm_generation_encryption(uint8_t *out, unsigned int olen, - const uint8_t *associated_data, - unsigned int alen, const uint8_t *payload, - unsigned int plen, TCCcmMode_t c); - -/** - * @brief CCM decryption and tag verification procedure - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_CRYPTO_FAIL (0) if: - * out == NULL or - * c == NULL or - * ((plen > 0) and (payload == NULL)) or - * ((alen > 0) and (associated_data == NULL)) or - * (alen >= TC_CCM_AAD_MAX_BYTES) or - * (plen >= TC_CCM_PAYLOAD_MAX_BYTES) or - * (olen < plen - c->mlen) - * - * @param out OUT -- decrypted data - * @param associated_data IN -- associated data - * @param alen IN -- associated data length in bytes - * @param payload IN -- payload - * @param plen IN -- payload length in bytes - * @param c IN -- CCM state - * - * @note: out buffer should be at least (plen - c->mlen) bytes long. - * - * @note: The sequence b for encryption is formatted as follows: - * b = [FLAGS | nonce | counter ], where: - * FLAGS is 1 byte long - * nonce is 13 bytes long - * counter is 2 bytes long - * The byte FLAGS is composed by the following 8 bits: - * 0-2 bits: used to represent the value of q-1 - * 3-7 btis: always 0's - * - * @note: The sequence b for authentication is formatted as follows: - * b = [FLAGS | nonce | length(mac length)], where: - * FLAGS is 1 byte long - * nonce is 13 bytes long - * length(mac length) is 2 bytes long - * The byte FLAGS is composed by the following 8 bits: - * 0-2 bits: used to represent the value of q-1 - * 3-5 bits: mac length (encoded as: (mlen-2)/2) - * 6: Adata (0 if alen == 0, and 1 otherwise) - * 7: always 0 - */ -int tc_ccm_decryption_verification(uint8_t *out, unsigned int olen, - const uint8_t *associated_data, - unsigned int alen, const uint8_t *payload, unsigned int plen, - TCCcmMode_t c); - -#ifdef __cplusplus -} -#endif - -#endif /* __TC_CCM_MODE_H__ */ diff --git a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/cmac_mode.h b/lib/bt/porting/ext/tinycrypt/include/tinycrypt/cmac_mode.h deleted file mode 100644 index f44b0a53..00000000 --- a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/cmac_mode.h +++ /dev/null @@ -1,194 +0,0 @@ -/* cmac_mode.h -- interface to a CMAC implementation */ - -/* - * Copyright (C) 2017 by Intel Corporation, All Rights Reserved - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * - Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * - Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * - Neither the name of Intel Corporation nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * @file - * @brief Interface to a CMAC implementation. - * - * Overview: CMAC is defined NIST in SP 800-38B, and is the standard algorithm - * for computing a MAC using a block cipher. It can compute the MAC - * for a byte string of any length. It is distinguished from CBC-MAC - * in the processing of the final message block; CMAC uses a - * different technique to compute the final message block is full - * size or only partial, while CBC-MAC uses the same technique for - * both. This difference permits CMAC to be applied to variable - * length messages, while all messages authenticated by CBC-MAC must - * be the same length. - * - * Security: AES128-CMAC mode of operation offers 64 bits of security against - * collision attacks. Note however that an external attacker cannot - * generate the tags him/herself without knowing the MAC key. In this - * sense, to attack the collision property of AES128-CMAC, an - * external attacker would need the cooperation of the legal user to - * produce an exponentially high number of tags (e.g. 2^64) to - * finally be able to look for collisions and benefit from them. As - * an extra precaution, the current implementation allows to at most - * 2^48 calls to the tc_cmac_update function before re-calling - * tc_cmac_setup (allowing a new key to be set), as suggested in - * Appendix B of SP 800-38B. - * - * Requires: AES-128 - * - * Usage: This implementation provides a "scatter-gather" interface, so that - * the CMAC value can be computed incrementally over a message - * scattered in different segments throughout memory. Experience shows - * this style of interface tends to minimize the burden of programming - * correctly. Like all symmetric key operations, it is session - * oriented. - * - * To begin a CMAC session, use tc_cmac_setup to initialize a struct - * tc_cmac_struct with encryption key and buffer. Our implementation - * always assume that the AES key to be the same size as the block - * cipher block size. Once setup, this data structure can be used for - * many CMAC computations. - * - * Once the state has been setup with a key, computing the CMAC of - * some data requires three steps: - * - * (1) first use tc_cmac_init to initialize a new CMAC computation. - * (2) next mix all of the data into the CMAC computation state using - * tc_cmac_update. If all of the data resides in a single data - * segment then only one tc_cmac_update call is needed; if data - * is scattered throughout memory in n data segments, then n calls - * will be needed. CMAC IS ORDER SENSITIVE, to be able to detect - * attacks that swap bytes, so the order in which data is mixed - * into the state is critical! - * (3) Once all of the data for a message has been mixed, use - * tc_cmac_final to compute the CMAC tag value. - * - * Steps (1)-(3) can be repeated as many times as you want to CMAC - * multiple messages. A practical limit is 2^48 1K messages before you - * have to change the key. - * - * Once you are done computing CMAC with a key, it is a good idea to - * destroy the state so an attacker cannot recover the key; use - * tc_cmac_erase to accomplish this. - */ - -#ifndef __TC_CMAC_MODE_H__ -#define __TC_CMAC_MODE_H__ - -#include <tinycrypt/aes.h> - -#include <stddef.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/* padding for last message block */ -#define TC_CMAC_PADDING 0x80 - -/* struct tc_cmac_struct represents the state of a CMAC computation */ -typedef struct tc_cmac_struct { -/* initialization vector */ - uint8_t iv[TC_AES_BLOCK_SIZE]; -/* used if message length is a multiple of block_size bytes */ - uint8_t K1[TC_AES_BLOCK_SIZE]; -/* used if message length isn't a multiple block_size bytes */ - uint8_t K2[TC_AES_BLOCK_SIZE]; -/* where to put bytes that didn't fill a block */ - uint8_t leftover[TC_AES_BLOCK_SIZE]; -/* identifies the encryption key */ - unsigned int keyid; -/* next available leftover location */ - unsigned int leftover_offset; -/* AES key schedule */ - TCAesKeySched_t sched; -/* calls to tc_cmac_update left before re-key */ - uint64_t countdown; -} *TCCmacState_t; - -/** - * @brief Configures the CMAC state to use the given AES key - * @return returns TC_CRYPTO_SUCCESS (1) after having configured the CMAC state - * returns TC_CRYPTO_FAIL (0) if: - * s == NULL or - * key == NULL - * - * @param s IN/OUT -- the state to set up - * @param key IN -- the key to use - * @param sched IN -- AES key schedule - */ -int tc_cmac_setup(TCCmacState_t s, const uint8_t *key, - TCAesKeySched_t sched); - -/** - * @brief Erases the CMAC state - * @return returns TC_CRYPTO_SUCCESS (1) after having configured the CMAC state - * returns TC_CRYPTO_FAIL (0) if: - * s == NULL - * - * @param s IN/OUT -- the state to erase - */ -int tc_cmac_erase(TCCmacState_t s); - -/** - * @brief Initializes a new CMAC computation - * @return returns TC_CRYPTO_SUCCESS (1) after having initialized the CMAC state - * returns TC_CRYPTO_FAIL (0) if: - * s == NULL - * - * @param s IN/OUT -- the state to initialize - */ -int tc_cmac_init(TCCmacState_t s); - -/** - * @brief Incrementally computes CMAC over the next data segment - * @return returns TC_CRYPTO_SUCCESS (1) after successfully updating the CMAC state - * returns TC_CRYPTO_FAIL (0) if: - * s == NULL or - * if data == NULL when dlen > 0 - * - * @param s IN/OUT -- the CMAC state - * @param data IN -- the next data segment to MAC - * @param dlen IN -- the length of data in bytes - */ -int tc_cmac_update(TCCmacState_t s, const uint8_t *data, size_t dlen); - -/** - * @brief Generates the tag from the CMAC state - * @return returns TC_CRYPTO_SUCCESS (1) after successfully generating the tag - * returns TC_CRYPTO_FAIL (0) if: - * tag == NULL or - * s == NULL - * - * @param tag OUT -- the CMAC tag - * @param s IN -- CMAC state - */ -int tc_cmac_final(uint8_t *tag, TCCmacState_t s); - -#ifdef __cplusplus -} -#endif - -#endif /* __TC_CMAC_MODE_H__ */ diff --git a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/constants.h b/lib/bt/porting/ext/tinycrypt/include/tinycrypt/constants.h deleted file mode 100644 index 965490e0..00000000 --- a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/constants.h +++ /dev/null @@ -1,61 +0,0 @@ -/* constants.h - TinyCrypt interface to constants */ - -/* - * Copyright (C) 2017 by Intel Corporation, All Rights Reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * - Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * - Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * - Neither the name of Intel Corporation nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * @file - * @brief -- Interface to constants. - * - */ - -#ifndef __TC_CONSTANTS_H__ -#define __TC_CONSTANTS_H__ - -#ifdef __cplusplus -extern "C" { -#endif - -#include <stdbool.h> - -#ifndef NULL -#define NULL ((void *)0) -#endif - -#define TC_CRYPTO_SUCCESS 1 -#define TC_CRYPTO_FAIL 0 - -#define TC_ZERO_BYTE 0x00 - -#ifdef __cplusplus -} -#endif - -#endif /* __TC_CONSTANTS_H__ */ diff --git a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/ctr_mode.h b/lib/bt/porting/ext/tinycrypt/include/tinycrypt/ctr_mode.h deleted file mode 100644 index dc221f9e..00000000 --- a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/ctr_mode.h +++ /dev/null @@ -1,108 +0,0 @@ -/* ctr_mode.h - TinyCrypt interface to CTR mode */ - -/* - * Copyright (C) 2017 by Intel Corporation, All Rights Reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * - Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * - Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * - Neither the name of Intel Corporation nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * @file - * @brief Interface to CTR mode. - * - * Overview: CTR (pronounced "counter") mode is a NIST approved mode of - * operation defined in SP 800-38a. It can be used with any - * block cipher to provide confidentiality of strings of any - * length. TinyCrypt hard codes AES128 as the block cipher. - * - * Security: CTR mode achieves confidentiality only if the counter value is - * never reused with a same encryption key. If the counter is - * repeated, than an adversary might be able to defeat the scheme. - * - * A usual method to ensure different counter values refers to - * initialize the counter in a given value (0, for example) and - * increases it every time a new block is enciphered. This naturally - * leaves to a limitation on the number q of blocks that can be - * enciphered using a same key: q < 2^(counter size). - * - * TinyCrypt uses a counter of 32 bits. This means that after 2^32 - * block encryptions, the counter will be reused (thus losing CBC - * security). 2^32 block encryptions should be enough for most of - * applications targeting constrained devices. Applications intended - * to encrypt a larger number of blocks must replace the key after - * 2^32 block encryptions. - * - * CTR mode provides NO data integrity. - * - * Requires: AES-128 - * - * Usage: 1) call tc_ctr_mode to process the data to encrypt/decrypt. - * - */ - -#ifndef __TC_CTR_MODE_H__ -#define __TC_CTR_MODE_H__ - -#include <tinycrypt/aes.h> -#include <tinycrypt/constants.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * @brief CTR mode encryption/decryption procedure. - * CTR mode encrypts (or decrypts) inlen bytes from in buffer into out buffer - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_CRYPTO_FAIL (0) if: - * out == NULL or - * in == NULL or - * ctr == NULL or - * sched == NULL or - * inlen == 0 or - * outlen == 0 or - * inlen != outlen - * @note Assumes:- The current value in ctr has NOT been used with sched - * - out points to inlen bytes - * - in points to inlen bytes - * - ctr is an integer counter in littleEndian format - * - sched was initialized by aes_set_encrypt_key - * @param out OUT -- produced ciphertext (plaintext) - * @param outlen IN -- length of ciphertext buffer in bytes - * @param in IN -- data to encrypt (or decrypt) - * @param inlen IN -- length of input data in bytes - * @param ctr IN/OUT -- the current counter value - * @param sched IN -- an initialized AES key schedule - */ -int tc_ctr_mode(uint8_t *out, unsigned int outlen, const uint8_t *in, - unsigned int inlen, uint8_t *ctr, const TCAesKeySched_t sched); - -#ifdef __cplusplus -} -#endif - -#endif /* __TC_CTR_MODE_H__ */ diff --git a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/ctr_prng.h b/lib/bt/porting/ext/tinycrypt/include/tinycrypt/ctr_prng.h deleted file mode 100644 index 69cbe020..00000000 --- a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/ctr_prng.h +++ /dev/null @@ -1,166 +0,0 @@ -/* ctr_prng.h - TinyCrypt interface to a CTR-PRNG implementation */ - -/* - * Copyright (c) 2016, Chris Morrison - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * @file - * @brief Interface to a CTR-PRNG implementation. - * - * Overview: A pseudo-random number generator (PRNG) generates a sequence - * of numbers that have a distribution close to the one expected - * for a sequence of truly random numbers. The NIST Special - * Publication 800-90A specifies several mechanisms to generate - * sequences of pseudo random numbers, including the CTR-PRNG one - * which is based on AES. TinyCrypt implements CTR-PRNG with - * AES-128. - * - * Security: A cryptographically secure PRNG depends on the existence of an - * entropy source to provide a truly random seed as well as the - * security of the primitives used as the building blocks (AES-128 - * in this instance). - * - * Requires: - AES-128 - * - * Usage: 1) call tc_ctr_prng_init to seed the prng context - * - * 2) call tc_ctr_prng_reseed to mix in additional entropy into - * the prng context - * - * 3) call tc_ctr_prng_generate to output the pseudo-random data - * - * 4) call tc_ctr_prng_uninstantiate to zero out the prng context - */ - -#ifndef __TC_CTR_PRNG_H__ -#define __TC_CTR_PRNG_H__ - -#include <tinycrypt/aes.h> - -#define TC_CTR_PRNG_RESEED_REQ -1 - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct { - /* updated each time another BLOCKLEN_BYTES bytes are produced */ - uint8_t V[TC_AES_BLOCK_SIZE]; - - /* updated whenever the PRNG is reseeded */ - struct tc_aes_key_sched_struct key; - - /* number of requests since initialization/reseeding */ - uint64_t reseedCount; -} TCCtrPrng_t; - - -/** - * @brief CTR-PRNG initialization procedure - * Initializes prng context with entropy and personalization string (if any) - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_CRYPTO_FAIL (0) if: - * ctx == NULL, - * entropy == NULL, - * entropyLen < (TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE) - * @note Only the first (TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE) bytes of - * both the entropy and personalization inputs are used - - * supplying additional bytes has no effect. - * @param ctx IN/OUT -- the PRNG context to initialize - * @param entropy IN -- entropy used to seed the PRNG - * @param entropyLen IN -- entropy length in bytes - * @param personalization IN -- personalization string used to seed the PRNG - * (may be null) - * @param plen IN -- personalization length in bytes - * - */ -int tc_ctr_prng_init(TCCtrPrng_t * const ctx, - uint8_t const * const entropy, - unsigned int entropyLen, - uint8_t const * const personalization, - unsigned int pLen); - -/** - * @brief CTR-PRNG reseed procedure - * Mixes entropy and additional_input into the prng context - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_CRYPTO_FAIL (0) if: - * ctx == NULL, - * entropy == NULL, - * entropylen < (TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE) - * @note It is better to reseed an existing prng context rather than - * re-initialise, so that any existing entropy in the context is - * presereved. This offers some protection against undetected failures - * of the entropy source. - * @note Assumes tc_ctr_prng_init has been called for ctx - * @param ctx IN/OUT -- the PRNG state - * @param entropy IN -- entropy to mix into the prng - * @param entropylen IN -- length of entropy in bytes - * @param additional_input IN -- additional input to the prng (may be null) - * @param additionallen IN -- additional input length in bytes - */ -int tc_ctr_prng_reseed(TCCtrPrng_t * const ctx, - uint8_t const * const entropy, - unsigned int entropyLen, - uint8_t const * const additional_input, - unsigned int additionallen); - -/** - * @brief CTR-PRNG generate procedure - * Generates outlen pseudo-random bytes into out buffer, updates prng - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_CTR_PRNG_RESEED_REQ (-1) if a reseed is needed - * returns TC_CRYPTO_FAIL (0) if: - * ctx == NULL, - * out == NULL, - * outlen >= 2^16 - * @note Assumes tc_ctr_prng_init has been called for ctx - * @param ctx IN/OUT -- the PRNG context - * @param additional_input IN -- additional input to the prng (may be null) - * @param additionallen IN -- additional input length in bytes - * @param out IN/OUT -- buffer to receive output - * @param outlen IN -- size of out buffer in bytes - */ -int tc_ctr_prng_generate(TCCtrPrng_t * const ctx, - uint8_t const * const additional_input, - unsigned int additionallen, - uint8_t * const out, - unsigned int outlen); - -/** - * @brief CTR-PRNG uninstantiate procedure - * Zeroes the internal state of the supplied prng context - * @return none - * @param ctx IN/OUT -- the PRNG context - */ -void tc_ctr_prng_uninstantiate(TCCtrPrng_t * const ctx); - -#ifdef __cplusplus -} -#endif - -#endif /* __TC_CTR_PRNG_H__ */ diff --git a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/ecc.h b/lib/bt/porting/ext/tinycrypt/include/tinycrypt/ecc.h deleted file mode 100644 index e8357320..00000000 --- a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/ecc.h +++ /dev/null @@ -1,545 +0,0 @@ -/* ecc.h - TinyCrypt interface to common ECC functions */ - -/* Copyright (c) 2014, Kenneth MacKay - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * Copyright (C) 2017 by Intel Corporation, All Rights Reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * - Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * - Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * - Neither the name of Intel Corporation nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * @file - * @brief -- Interface to common ECC functions. - * - * Overview: This software is an implementation of common functions - * necessary to elliptic curve cryptography. This implementation uses - * curve NIST p-256. - * - * Security: The curve NIST p-256 provides approximately 128 bits of security. - * - */ - -#ifndef __TC_UECC_H__ -#define __TC_UECC_H__ - -#include <stdint.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/* Word size (4 bytes considering 32-bits architectures) */ -#define uECC_WORD_SIZE 4 - -/* setting max number of calls to prng: */ -#ifndef uECC_RNG_MAX_TRIES -#define uECC_RNG_MAX_TRIES 64 -#endif - -/* defining data types to store word and bit counts: */ -typedef int8_t wordcount_t; -typedef int16_t bitcount_t; -/* defining data type for comparison result: */ -typedef int8_t cmpresult_t; -/* defining data type to store ECC coordinate/point in 32bits words: */ -typedef unsigned int uECC_word_t; -/* defining data type to store an ECC coordinate/point in 64bits words: */ -typedef uint64_t uECC_dword_t; - -/* defining masks useful for ecc computations: */ -#define HIGH_BIT_SET 0x80000000 -#define uECC_WORD_BITS 32 -#define uECC_WORD_BITS_SHIFT 5 -#define uECC_WORD_BITS_MASK 0x01F - -/* Number of words of 32 bits to represent an element of the the curve p-256: */ -#define NUM_ECC_WORDS 8 -/* Number of bytes to represent an element of the the curve p-256: */ -#define NUM_ECC_BYTES (uECC_WORD_SIZE*NUM_ECC_WORDS) - -/* structure that represents an elliptic curve (e.g. p256):*/ -struct uECC_Curve_t; -typedef const struct uECC_Curve_t * uECC_Curve; -struct uECC_Curve_t { - wordcount_t num_words; - wordcount_t num_bytes; - bitcount_t num_n_bits; - uECC_word_t p[NUM_ECC_WORDS]; - uECC_word_t n[NUM_ECC_WORDS]; - uECC_word_t G[NUM_ECC_WORDS * 2]; - uECC_word_t b[NUM_ECC_WORDS]; - void (*double_jacobian)(uECC_word_t * X1, uECC_word_t * Y1, uECC_word_t * Z1, - uECC_Curve curve); - void (*x_side)(uECC_word_t *result, const uECC_word_t *x, uECC_Curve curve); - void (*mmod_fast)(uECC_word_t *result, uECC_word_t *product); -}; - -/* - * @brief computes doubling of point ion jacobian coordinates, in place. - * @param X1 IN/OUT -- x coordinate - * @param Y1 IN/OUT -- y coordinate - * @param Z1 IN/OUT -- z coordinate - * @param curve IN -- elliptic curve - */ -void double_jacobian_default(uECC_word_t * X1, uECC_word_t * Y1, - uECC_word_t * Z1, uECC_Curve curve); - -/* - * @brief Computes x^3 + ax + b. result must not overlap x. - * @param result OUT -- x^3 + ax + b - * @param x IN -- value of x - * @param curve IN -- elliptic curve - */ -void x_side_default(uECC_word_t *result, const uECC_word_t *x, - uECC_Curve curve); - -/* - * @brief Computes result = product % curve_p - * from http://www.nsa.gov/ia/_files/nist-routines.pdf - * @param result OUT -- product % curve_p - * @param product IN -- value to be reduced mod curve_p - */ -void vli_mmod_fast_secp256r1(unsigned int *result, unsigned int *product); - -/* Bytes to words ordering: */ -#define BYTES_TO_WORDS_8(a, b, c, d, e, f, g, h) 0x##d##c##b##a, 0x##h##g##f##e -#define BYTES_TO_WORDS_4(a, b, c, d) 0x##d##c##b##a -#define BITS_TO_WORDS(num_bits) \ - ((num_bits + ((uECC_WORD_SIZE * 8) - 1)) / (uECC_WORD_SIZE * 8)) -#define BITS_TO_BYTES(num_bits) ((num_bits + 7) / 8) - -/* definition of curve NIST p-256: */ -static const struct uECC_Curve_t curve_secp256r1 = { - NUM_ECC_WORDS, - NUM_ECC_BYTES, - 256, /* num_n_bits */ { - BYTES_TO_WORDS_8(FF, FF, FF, FF, FF, FF, FF, FF), - BYTES_TO_WORDS_8(FF, FF, FF, FF, 00, 00, 00, 00), - BYTES_TO_WORDS_8(00, 00, 00, 00, 00, 00, 00, 00), - BYTES_TO_WORDS_8(01, 00, 00, 00, FF, FF, FF, FF) - }, { - BYTES_TO_WORDS_8(51, 25, 63, FC, C2, CA, B9, F3), - BYTES_TO_WORDS_8(84, 9E, 17, A7, AD, FA, E6, BC), - BYTES_TO_WORDS_8(FF, FF, FF, FF, FF, FF, FF, FF), - BYTES_TO_WORDS_8(00, 00, 00, 00, FF, FF, FF, FF) - }, { - BYTES_TO_WORDS_8(96, C2, 98, D8, 45, 39, A1, F4), - BYTES_TO_WORDS_8(A0, 33, EB, 2D, 81, 7D, 03, 77), - BYTES_TO_WORDS_8(F2, 40, A4, 63, E5, E6, BC, F8), - BYTES_TO_WORDS_8(47, 42, 2C, E1, F2, D1, 17, 6B), - - BYTES_TO_WORDS_8(F5, 51, BF, 37, 68, 40, B6, CB), - BYTES_TO_WORDS_8(CE, 5E, 31, 6B, 57, 33, CE, 2B), - BYTES_TO_WORDS_8(16, 9E, 0F, 7C, 4A, EB, E7, 8E), - BYTES_TO_WORDS_8(9B, 7F, 1A, FE, E2, 42, E3, 4F) - }, { - BYTES_TO_WORDS_8(4B, 60, D2, 27, 3E, 3C, CE, 3B), - BYTES_TO_WORDS_8(F6, B0, 53, CC, B0, 06, 1D, 65), - BYTES_TO_WORDS_8(BC, 86, 98, 76, 55, BD, EB, B3), - BYTES_TO_WORDS_8(E7, 93, 3A, AA, D8, 35, C6, 5A) - }, - &double_jacobian_default, - &x_side_default, - &vli_mmod_fast_secp256r1 -}; - -uECC_Curve uECC_secp256r1(void); - -/* - * @brief Generates a random integer in the range 0 < random < top. - * Both random and top have num_words words. - * @param random OUT -- random integer in the range 0 < random < top - * @param top IN -- upper limit - * @param num_words IN -- number of words - * @return a random integer in the range 0 < random < top - */ -int uECC_generate_random_int(uECC_word_t *random, const uECC_word_t *top, - wordcount_t num_words); - - -/* uECC_RNG_Function type - * The RNG function should fill 'size' random bytes into 'dest'. It should - * return 1 if 'dest' was filled with random data, or 0 if the random data could - * not be generated. The filled-in values should be either truly random, or from - * a cryptographically-secure PRNG. - * - * A correctly functioning RNG function must be set (using uECC_set_rng()) - * before calling uECC_make_key() or uECC_sign(). - * - * Setting a correctly functioning RNG function improves the resistance to - * side-channel attacks for uECC_shared_secret(). - * - * A correct RNG function is set by default. If you are building on another - * POSIX-compliant system that supports /dev/random or /dev/urandom, you can - * define uECC_POSIX to use the predefined RNG. - */ -typedef int(*uECC_RNG_Function)(uint8_t *dest, unsigned int size); - -/* - * @brief Set the function that will be used to generate random bytes. The RNG - * function should return 1 if the random data was generated, or 0 if the random - * data could not be generated. - * - * @note On platforms where there is no predefined RNG function, this must be - * called before uECC_make_key() or uECC_sign() are used. - * - * @param rng_function IN -- function that will be used to generate random bytes - */ -void uECC_set_rng(uECC_RNG_Function rng_function); - -/* - * @brief provides current uECC_RNG_Function. - * @return Returns the function that will be used to generate random bytes. - */ -uECC_RNG_Function uECC_get_rng(void); - -/* - * @brief computes the size of a private key for the curve in bytes. - * @param curve IN -- elliptic curve - * @return size of a private key for the curve in bytes. - */ -int uECC_curve_private_key_size(uECC_Curve curve); - -/* - * @brief computes the size of a public key for the curve in bytes. - * @param curve IN -- elliptic curve - * @return the size of a public key for the curve in bytes. - */ -int uECC_curve_public_key_size(uECC_Curve curve); - -/* - * @brief Compute the corresponding public key for a private key. - * @param private_key IN -- The private key to compute the public key for - * @param public_key OUT -- Will be filled in with the corresponding public key - * @param curve - * @return Returns 1 if key was computed successfully, 0 if an error occurred. - */ -int uECC_compute_public_key(const uint8_t *private_key, - uint8_t *public_key, uECC_Curve curve); - -/* - * @brief Compute public-key. - * @return corresponding public-key. - * @param result OUT -- public-key - * @param private_key IN -- private-key - * @param curve IN -- elliptic curve - */ -uECC_word_t EccPoint_compute_public_key(uECC_word_t *result, - uECC_word_t *private_key, uECC_Curve curve); - -/* - * @brief Regularize the bitcount for the private key so that attackers cannot - * use a side channel attack to learn the number of leading zeros. - * @return Regularized k - * @param k IN -- private-key - * @param k0 IN/OUT -- regularized k - * @param k1 IN/OUT -- regularized k - * @param curve IN -- elliptic curve - */ -uECC_word_t regularize_k(const uECC_word_t * const k, uECC_word_t *k0, - uECC_word_t *k1, uECC_Curve curve); - -/* - * @brief Point multiplication algorithm using Montgomery's ladder with co-Z - * coordinates. See http://eprint.iacr.org/2011/338.pdf. - * @note Result may overlap point. - * @param result OUT -- returns scalar*point - * @param point IN -- elliptic curve point - * @param scalar IN -- scalar - * @param initial_Z IN -- initial value for z - * @param num_bits IN -- number of bits in scalar - * @param curve IN -- elliptic curve - */ -void EccPoint_mult(uECC_word_t * result, const uECC_word_t * point, - const uECC_word_t * scalar, const uECC_word_t * initial_Z, - bitcount_t num_bits, uECC_Curve curve); - -/* - * @brief Constant-time comparison to zero - secure way to compare long integers - * @param vli IN -- very long integer - * @param num_words IN -- number of words in the vli - * @return 1 if vli == 0, 0 otherwise. - */ -uECC_word_t uECC_vli_isZero(const uECC_word_t *vli, wordcount_t num_words); - -/* - * @brief Check if 'point' is the point at infinity - * @param point IN -- elliptic curve point - * @param curve IN -- elliptic curve - * @return if 'point' is the point at infinity, 0 otherwise. - */ -uECC_word_t EccPoint_isZero(const uECC_word_t *point, uECC_Curve curve); - -/* - * @brief computes the sign of left - right, in constant time. - * @param left IN -- left term to be compared - * @param right IN -- right term to be compared - * @param num_words IN -- number of words - * @return the sign of left - right - */ -cmpresult_t uECC_vli_cmp(const uECC_word_t *left, const uECC_word_t *right, - wordcount_t num_words); - -/* - * @brief computes sign of left - right, not in constant time. - * @note should not be used if inputs are part of a secret - * @param left IN -- left term to be compared - * @param right IN -- right term to be compared - * @param num_words IN -- number of words - * @return the sign of left - right - */ -cmpresult_t uECC_vli_cmp_unsafe(const uECC_word_t *left, const uECC_word_t *right, - wordcount_t num_words); - -/* - * @brief Computes result = (left - right) % mod. - * @note Assumes that (left < mod) and (right < mod), and that result does not - * overlap mod. - * @param result OUT -- (left - right) % mod - * @param left IN -- leftright term in modular subtraction - * @param right IN -- right term in modular subtraction - * @param mod IN -- mod - * @param num_words IN -- number of words - */ -void uECC_vli_modSub(uECC_word_t *result, const uECC_word_t *left, - const uECC_word_t *right, const uECC_word_t *mod, - wordcount_t num_words); - -/* - * @brief Computes P' = (x1', y1', Z3), P + Q = (x3, y3, Z3) or - * P => P', Q => P + Q - * @note assumes Input P = (x1, y1, Z), Q = (x2, y2, Z) - * @param X1 IN -- x coordinate of P - * @param Y1 IN -- y coordinate of P - * @param X2 IN -- x coordinate of Q - * @param Y2 IN -- y coordinate of Q - * @param curve IN -- elliptic curve - */ -void XYcZ_add(uECC_word_t * X1, uECC_word_t * Y1, uECC_word_t * X2, - uECC_word_t * Y2, uECC_Curve curve); - -/* - * @brief Computes (x1 * z^2, y1 * z^3) - * @param X1 IN -- previous x1 coordinate - * @param Y1 IN -- previous y1 coordinate - * @param Z IN -- z value - * @param curve IN -- elliptic curve - */ -void apply_z(uECC_word_t * X1, uECC_word_t * Y1, const uECC_word_t * const Z, - uECC_Curve curve); - -/* - * @brief Check if bit is set. - * @return Returns nonzero if bit 'bit' of vli is set. - * @warning It is assumed that the value provided in 'bit' is within the - * boundaries of the word-array 'vli'. - * @note The bit ordering layout assumed for vli is: {31, 30, ..., 0}, - * {63, 62, ..., 32}, {95, 94, ..., 64}, {127, 126,..., 96} for a vli consisting - * of 4 uECC_word_t elements. - */ -uECC_word_t uECC_vli_testBit(const uECC_word_t *vli, bitcount_t bit); - -/* - * @brief Computes result = product % mod, where product is 2N words long. - * @param result OUT -- product % mod - * @param mod IN -- module - * @param num_words IN -- number of words - * @warning Currently only designed to work for curve_p or curve_n. - */ -void uECC_vli_mmod(uECC_word_t *result, uECC_word_t *product, - const uECC_word_t *mod, wordcount_t num_words); - -/* - * @brief Computes modular product (using curve->mmod_fast) - * @param result OUT -- (left * right) mod % curve_p - * @param left IN -- left term in product - * @param right IN -- right term in product - * @param curve IN -- elliptic curve - */ -void uECC_vli_modMult_fast(uECC_word_t *result, const uECC_word_t *left, - const uECC_word_t *right, uECC_Curve curve); - -/* - * @brief Computes result = left - right. - * @note Can modify in place. - * @param result OUT -- left - right - * @param left IN -- left term in subtraction - * @param right IN -- right term in subtraction - * @param num_words IN -- number of words - * @return borrow - */ -uECC_word_t uECC_vli_sub(uECC_word_t *result, const uECC_word_t *left, - const uECC_word_t *right, wordcount_t num_words); - -/* - * @brief Constant-time comparison function(secure way to compare long ints) - * @param left IN -- left term in comparison - * @param right IN -- right term in comparison - * @param num_words IN -- number of words - * @return Returns 0 if left == right, 1 otherwise. - */ -uECC_word_t uECC_vli_equal(const uECC_word_t *left, const uECC_word_t *right, - wordcount_t num_words); - -/* - * @brief Computes (left * right) % mod - * @param result OUT -- (left * right) % mod - * @param left IN -- left term in product - * @param right IN -- right term in product - * @param mod IN -- mod - * @param num_words IN -- number of words - */ -void uECC_vli_modMult(uECC_word_t *result, const uECC_word_t *left, - const uECC_word_t *right, const uECC_word_t *mod, - wordcount_t num_words); - -/* - * @brief Computes (1 / input) % mod - * @note All VLIs are the same size. - * @note See "Euclid's GCD to Montgomery Multiplication to the Great Divide" - * @param result OUT -- (1 / input) % mod - * @param input IN -- value to be modular inverted - * @param mod IN -- mod - * @param num_words -- number of words - */ -void uECC_vli_modInv(uECC_word_t *result, const uECC_word_t *input, - const uECC_word_t *mod, wordcount_t num_words); - -/* - * @brief Sets dest = src. - * @param dest OUT -- destination buffer - * @param src IN -- origin buffer - * @param num_words IN -- number of words - */ -void uECC_vli_set(uECC_word_t *dest, const uECC_word_t *src, - wordcount_t num_words); - -/* - * @brief Computes (left + right) % mod. - * @note Assumes that (left < mod) and right < mod), and that result does not - * overlap mod. - * @param result OUT -- (left + right) % mod. - * @param left IN -- left term in addition - * @param right IN -- right term in addition - * @param mod IN -- mod - * @param num_words IN -- number of words - */ -void uECC_vli_modAdd(uECC_word_t *result, const uECC_word_t *left, - const uECC_word_t *right, const uECC_word_t *mod, - wordcount_t num_words); - -/* - * @brief Counts the number of bits required to represent vli. - * @param vli IN -- very long integer - * @param max_words IN -- number of words - * @return number of bits in given vli - */ -bitcount_t uECC_vli_numBits(const uECC_word_t *vli, - const wordcount_t max_words); - -/* - * @brief Erases (set to 0) vli - * @param vli IN -- very long integer - * @param num_words IN -- number of words - */ -void uECC_vli_clear(uECC_word_t *vli, wordcount_t num_words); - -/* - * @brief check if it is a valid point in the curve - * @param point IN -- point to be checked - * @param curve IN -- elliptic curve - * @return 0 if point is valid - * @exception returns -1 if it is a point at infinity - * @exception returns -2 if x or y is smaller than p, - * @exception returns -3 if y^2 != x^3 + ax + b. - */ -int uECC_valid_point(const uECC_word_t *point, uECC_Curve curve); - -/* - * @brief Check if a public key is valid. - * @param public_key IN -- The public key to be checked. - * @return returns 0 if the public key is valid - * @exception returns -1 if it is a point at infinity - * @exception returns -2 if x or y is smaller than p, - * @exception returns -3 if y^2 != x^3 + ax + b. - * @exception returns -4 if public key is the group generator. - * - * @note Note that you are not required to check for a valid public key before - * using any other uECC functions. However, you may wish to avoid spending CPU - * time computing a shared secret or verifying a signature using an invalid - * public key. - */ -int uECC_valid_public_key(const uint8_t *public_key, uECC_Curve curve); - - /* - * @brief Converts an integer in uECC native format to big-endian bytes. - * @param bytes OUT -- bytes representation - * @param num_bytes IN -- number of bytes - * @param native IN -- uECC native representation - */ -void uECC_vli_nativeToBytes(uint8_t *bytes, int num_bytes, - const unsigned int *native); - -/* - * @brief Converts big-endian bytes to an integer in uECC native format. - * @param native OUT -- uECC native representation - * @param bytes IN -- bytes representation - * @param num_bytes IN -- number of bytes - */ -void uECC_vli_bytesToNative(unsigned int *native, const uint8_t *bytes, - int num_bytes); - -#ifdef __cplusplus -} -#endif - -#endif /* __TC_UECC_H__ */ diff --git a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/ecc_dh.h b/lib/bt/porting/ext/tinycrypt/include/tinycrypt/ecc_dh.h deleted file mode 100644 index b828e195..00000000 --- a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/ecc_dh.h +++ /dev/null @@ -1,131 +0,0 @@ -/* ecc_dh.h - TinyCrypt interface to EC-DH implementation */ - -/* - * Copyright (c) 2014, Kenneth MacKay - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/* Copyright (C) 2017 by Intel Corporation, All Rights Reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * - Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * - Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * - Neither the name of Intel Corporation nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * @file - * @brief -- Interface to EC-DH implementation. - * - * Overview: This software is an implementation of EC-DH. This implementation - * uses curve NIST p-256. - * - * Security: The curve NIST p-256 provides approximately 128 bits of security. - */ - -#ifndef __TC_ECC_DH_H__ -#define __TC_ECC_DH_H__ - -#include <tinycrypt/ecc.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * @brief Create a public/private key pair. - * @return returns TC_CRYPTO_SUCCESS (1) if the key pair was generated successfully - * returns TC_CRYPTO_FAIL (0) if error while generating key pair - * - * @param p_public_key OUT -- Will be filled in with the public key. Must be at - * least 2 * the curve size (in bytes) long. For curve secp256r1, p_public_key - * must be 64 bytes long. - * @param p_private_key OUT -- Will be filled in with the private key. Must be as - * long as the curve order (for secp256r1, p_private_key must be 32 bytes long). - * - * @note side-channel countermeasure: algorithm strengthened against timing - * attack. - * @warning A cryptographically-secure PRNG function must be set (using - * uECC_set_rng()) before calling uECC_make_key(). - */ -int uECC_make_key(uint8_t *p_public_key, uint8_t *p_private_key, uECC_Curve curve); - -#ifdef ENABLE_TESTS - -/** - * @brief Create a public/private key pair given a specific d. - * - * @note THIS FUNCTION SHOULD BE CALLED ONLY FOR TEST PURPOSES. Refer to - * uECC_make_key() function for real applications. - */ -int uECC_make_key_with_d(uint8_t *p_public_key, uint8_t *p_private_key, - unsigned int *d, uECC_Curve curve); -#endif - -/** - * @brief Compute a shared secret given your secret key and someone else's - * public key. - * @return returns TC_CRYPTO_SUCCESS (1) if the shared secret was computed successfully - * returns TC_CRYPTO_FAIL (0) otherwise - * - * @param p_secret OUT -- Will be filled in with the shared secret value. Must be - * the same size as the curve size (for curve secp256r1, secret must be 32 bytes - * long. - * @param p_public_key IN -- The public key of the remote party. - * @param p_private_key IN -- Your private key. - * - * @warning It is recommended to use the output of uECC_shared_secret() as the - * input of a recommended Key Derivation Function (see NIST SP 800-108) in - * order to produce a cryptographically secure symmetric key. - */ -int uECC_shared_secret(const uint8_t *p_public_key, const uint8_t *p_private_key, - uint8_t *p_secret, uECC_Curve curve); - -#ifdef __cplusplus -} -#endif - -#endif /* __TC_ECC_DH_H__ */ diff --git a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/ecc_dsa.h b/lib/bt/porting/ext/tinycrypt/include/tinycrypt/ecc_dsa.h deleted file mode 100644 index aca00bc9..00000000 --- a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/ecc_dsa.h +++ /dev/null @@ -1,139 +0,0 @@ -/* ecc_dh.h - TinyCrypt interface to EC-DSA implementation */ - -/* - * Copyright (c) 2014, Kenneth MacKay - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * Copyright (C) 2017 by Intel Corporation, All Rights Reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * - Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * - Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * - Neither the name of Intel Corporation nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * @file - * @brief -- Interface to EC-DSA implementation. - * - * Overview: This software is an implementation of EC-DSA. This implementation - * uses curve NIST p-256. - * - * Security: The curve NIST p-256 provides approximately 128 bits of security. - * - * Usage: - To sign: Compute a hash of the data you wish to sign (SHA-2 is - * recommended) and pass it in to ecdsa_sign function along with your - * private key and a random number. You must use a new non-predictable - * random number to generate each new signature. - * - To verify a signature: Compute the hash of the signed data using - * the same hash as the signer and pass it to this function along with - * the signer's public key and the signature values (r and s). - */ - -#ifndef __TC_ECC_DSA_H__ -#define __TC_ECC_DSA_H__ - -#include <tinycrypt/ecc.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * @brief Generate an ECDSA signature for a given hash value. - * @return returns TC_CRYPTO_SUCCESS (1) if the signature generated successfully - * returns TC_CRYPTO_FAIL (0) if an error occurred. - * - * @param p_private_key IN -- Your private key. - * @param p_message_hash IN -- The hash of the message to sign. - * @param p_hash_size IN -- The size of p_message_hash in bytes. - * @param p_signature OUT -- Will be filled in with the signature value. Must be - * at least 2 * curve size long (for secp256r1, signature must be 64 bytes long). - * - * @warning A cryptographically-secure PRNG function must be set (using - * uECC_set_rng()) before calling uECC_sign(). - * @note Usage: Compute a hash of the data you wish to sign (SHA-2 is - * recommended) and pass it in to this function along with your private key. - * @note side-channel countermeasure: algorithm strengthened against timing - * attack. - */ -int uECC_sign(const uint8_t *p_private_key, const uint8_t *p_message_hash, - unsigned p_hash_size, uint8_t *p_signature, uECC_Curve curve); - -#ifdef ENABLE_TESTS -/* - * THIS FUNCTION SHOULD BE CALLED FOR TEST PURPOSES ONLY. - * Refer to uECC_sign() function for real applications. - */ -int uECC_sign_with_k(const uint8_t *private_key, const uint8_t *message_hash, - unsigned int hash_size, uECC_word_t *k, uint8_t *signature, - uECC_Curve curve); -#endif - -/** - * @brief Verify an ECDSA signature. - * @return returns TC_SUCCESS (1) if the signature is valid - * returns TC_FAIL (0) if the signature is invalid. - * - * @param p_public_key IN -- The signer's public key. - * @param p_message_hash IN -- The hash of the signed data. - * @param p_hash_size IN -- The size of p_message_hash in bytes. - * @param p_signature IN -- The signature values. - * - * @note Usage: Compute the hash of the signed data using the same hash as the - * signer and pass it to this function along with the signer's public key and - * the signature values (hash_size and signature). - */ -int uECC_verify(const uint8_t *p_public_key, const uint8_t *p_message_hash, - unsigned int p_hash_size, const uint8_t *p_signature, uECC_Curve curve); - -#ifdef __cplusplus -} -#endif - -#endif /* __TC_ECC_DSA_H__ */ diff --git a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/ecc_platform_specific.h b/lib/bt/porting/ext/tinycrypt/include/tinycrypt/ecc_platform_specific.h deleted file mode 100644 index a55adf4f..00000000 --- a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/ecc_platform_specific.h +++ /dev/null @@ -1,81 +0,0 @@ -/* uECC_platform_specific.h - Interface to platform specific functions*/ - -/* Copyright (c) 2014, Kenneth MacKay - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE.*/ - -/* - * Copyright (C) 2017 by Intel Corporation, All Rights Reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * - Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * - Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * - Neither the name of Intel Corporation nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - * - * uECC_platform_specific.h -- Interface to platform specific functions - */ - -#ifndef __UECC_PLATFORM_SPECIFIC_H_ -#define __UECC_PLATFORM_SPECIFIC_H_ - -/* - * The RNG function should fill 'size' random bytes into 'dest'. It should - * return 1 if 'dest' was filled with random data, or 0 if the random data could - * not be generated. The filled-in values should be either truly random, or from - * a cryptographically-secure PRNG. - * - * A cryptographically-secure PRNG function must be set (using uECC_set_rng()) - * before calling uECC_make_key() or uECC_sign(). - * - * Setting a cryptographically-secure PRNG function improves the resistance to - * side-channel attacks for uECC_shared_secret(). - * - * A correct PRNG function is set by default (default_RNG_defined = 1) and works - * for some platforms, such as Unix and Linux. For other platforms, you may need - * to provide another PRNG function. -*/ -#define default_RNG_defined 0 - -int default_CSPRNG(uint8_t *dest, unsigned int size); - -#endif /* __UECC_PLATFORM_SPECIFIC_H_ */ diff --git a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/hmac.h b/lib/bt/porting/ext/tinycrypt/include/tinycrypt/hmac.h deleted file mode 100644 index 3a081494..00000000 --- a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/hmac.h +++ /dev/null @@ -1,139 +0,0 @@ -/* hmac.h - TinyCrypt interface to an HMAC implementation */ - -/* - * Copyright (C) 2017 by Intel Corporation, All Rights Reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * - Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * - Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * - Neither the name of Intel Corporation nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * @file - * @brief Interface to an HMAC implementation. - * - * Overview: HMAC is a message authentication code based on hash functions. - * TinyCrypt hard codes SHA-256 as the hash function. A message - * authentication code based on hash functions is also called a - * keyed cryptographic hash function since it performs a - * transformation specified by a key in an arbitrary length data - * set into a fixed length data set (also called tag). - * - * Security: The security of the HMAC depends on the length of the key and - * on the security of the hash function. Note that HMAC primitives - * are much less affected by collision attacks than their - * corresponding hash functions. - * - * Requires: SHA-256 - * - * Usage: 1) call tc_hmac_set_key to set the HMAC key. - * - * 2) call tc_hmac_init to initialize a struct hash_state before - * processing the data. - * - * 3) call tc_hmac_update to process the next input segment; - * tc_hmac_update can be called as many times as needed to process - * all of the segments of the input; the order is important. - * - * 4) call tc_hmac_final to out put the tag. - */ - -#ifndef __TC_HMAC_H__ -#define __TC_HMAC_H__ - -#include <tinycrypt/sha256.h> - -#ifdef __cplusplus -extern "C" { -#endif - -struct tc_hmac_state_struct { - /* the internal state required by h */ - struct tc_sha256_state_struct hash_state; - /* HMAC key schedule */ - uint8_t key[2*TC_SHA256_BLOCK_SIZE]; -}; -typedef struct tc_hmac_state_struct *TCHmacState_t; - -/** - * @brief HMAC set key procedure - * Configures ctx to use key - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_CRYPTO_FAIL (0) if - * ctx == NULL or - * key == NULL or - * key_size == 0 - * @param ctx IN/OUT -- the struct tc_hmac_state_struct to initial - * @param key IN -- the HMAC key to configure - * @param key_size IN -- the HMAC key size - */ -int tc_hmac_set_key(TCHmacState_t ctx, const uint8_t *key, - unsigned int key_size); - -/** - * @brief HMAC init procedure - * Initializes ctx to begin the next HMAC operation - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_CRYPTO_FAIL (0) if: ctx == NULL or key == NULL - * @param ctx IN/OUT -- struct tc_hmac_state_struct buffer to init - */ -int tc_hmac_init(TCHmacState_t ctx); - -/** - * @brief HMAC update procedure - * Mixes data_length bytes addressed by data into state - * @return returns TC_CRYPTO_SUCCCESS (1) - * returns TC_CRYPTO_FAIL (0) if: ctx == NULL or key == NULL - * @note Assumes state has been initialized by tc_hmac_init - * @param ctx IN/OUT -- state of HMAC computation so far - * @param data IN -- data to incorporate into state - * @param data_length IN -- size of data in bytes - */ -int tc_hmac_update(TCHmacState_t ctx, const void *data, - unsigned int data_length); - -/** - * @brief HMAC final procedure - * Writes the HMAC tag into the tag buffer - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_CRYPTO_FAIL (0) if: - * tag == NULL or - * ctx == NULL or - * key == NULL or - * taglen != TC_SHA256_DIGEST_SIZE - * @note ctx is erased before exiting. This should never be changed/removed. - * @note Assumes the tag bufer is at least sizeof(hmac_tag_size(state)) bytes - * state has been initialized by tc_hmac_init - * @param tag IN/OUT -- buffer to receive computed HMAC tag - * @param taglen IN -- size of tag in bytes - * @param ctx IN/OUT -- the HMAC state for computing tag - */ -int tc_hmac_final(uint8_t *tag, unsigned int taglen, TCHmacState_t ctx); - -#ifdef __cplusplus -} -#endif - -#endif /*__TC_HMAC_H__*/ diff --git a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/hmac_prng.h b/lib/bt/porting/ext/tinycrypt/include/tinycrypt/hmac_prng.h deleted file mode 100644 index ad12cbbf..00000000 --- a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/hmac_prng.h +++ /dev/null @@ -1,164 +0,0 @@ -/* hmac_prng.h - TinyCrypt interface to an HMAC-PRNG implementation */ - -/* - * Copyright (C) 2017 by Intel Corporation, All Rights Reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * - Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * - Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * - Neither the name of Intel Corporation nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * @file - * @brief Interface to an HMAC-PRNG implementation. - * - * Overview: A pseudo-random number generator (PRNG) generates a sequence - * of numbers that have a distribution close to the one expected - * for a sequence of truly random numbers. The NIST Special - * Publication 800-90A specifies several mechanisms to generate - * sequences of pseudo random numbers, including the HMAC-PRNG one - * which is based on HMAC. TinyCrypt implements HMAC-PRNG with - * certain modifications from the NIST SP 800-90A spec. - * - * Security: A cryptographically secure PRNG depends on the existence of an - * entropy source to provide a truly random seed as well as the - * security of the primitives used as the building blocks (HMAC and - * SHA256, for TinyCrypt). - * - * The NIST SP 800-90A standard tolerates a null personalization, - * while TinyCrypt requires a non-null personalization. This is - * because a personalization string (the host name concatenated - * with a time stamp, for example) is easily computed and might be - * the last line of defense against failure of the entropy source. - * - * Requires: - SHA-256 - * - HMAC - * - * Usage: 1) call tc_hmac_prng_init to set the HMAC key and process the - * personalization data. - * - * 2) call tc_hmac_prng_reseed to process the seed and additional - * input. - * - * 3) call tc_hmac_prng_generate to out put the pseudo-random data. - */ - -#ifndef __TC_HMAC_PRNG_H__ -#define __TC_HMAC_PRNG_H__ - -#include <tinycrypt/sha256.h> -#include <tinycrypt/hmac.h> - -#ifdef __cplusplus -extern "C" { -#endif - -#define TC_HMAC_PRNG_RESEED_REQ -1 - -struct tc_hmac_prng_struct { - /* the HMAC instance for this PRNG */ - struct tc_hmac_state_struct h; - /* the PRNG key */ - uint8_t key[TC_SHA256_DIGEST_SIZE]; - /* PRNG state */ - uint8_t v[TC_SHA256_DIGEST_SIZE]; - /* calls to tc_hmac_prng_generate left before re-seed */ - unsigned int countdown; -}; - -typedef struct tc_hmac_prng_struct *TCHmacPrng_t; - -/** - * @brief HMAC-PRNG initialization procedure - * Initializes prng with personalization, disables tc_hmac_prng_generate - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_CRYPTO_FAIL (0) if: - * prng == NULL, - * personalization == NULL, - * plen > MAX_PLEN - * @note Assumes: - personalization != NULL. - * The personalization is a platform unique string (e.g., the host - * name) and is the last line of defense against failure of the - * entropy source - * @warning NIST SP 800-90A specifies 3 items as seed material during - * initialization: entropy seed, personalization, and an optional - * nonce. TinyCrypts requires instead a non-null personalization - * (which is easily computed) and indirectly requires an entropy - * seed (since the reseed function is mandatorily called after - * init) - * @param prng IN/OUT -- the PRNG state to initialize - * @param personalization IN -- personalization string - * @param plen IN -- personalization length in bytes - */ -int tc_hmac_prng_init(TCHmacPrng_t prng, - const uint8_t *personalization, - unsigned int plen); - -/** - * @brief HMAC-PRNG reseed procedure - * Mixes seed into prng, enables tc_hmac_prng_generate - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_CRYPTO_FAIL (0) if: - * prng == NULL, - * seed == NULL, - * seedlen < MIN_SLEN, - * seendlen > MAX_SLEN, - * additional_input != (const uint8_t *) 0 && additionallen == 0, - * additional_input != (const uint8_t *) 0 && additionallen > MAX_ALEN - * @note Assumes:- tc_hmac_prng_init has been called for prng - * - seed has sufficient entropy. - * - * @param prng IN/OUT -- the PRNG state - * @param seed IN -- entropy to mix into the prng - * @param seedlen IN -- length of seed in bytes - * @param additional_input IN -- additional input to the prng - * @param additionallen IN -- additional input length in bytes - */ -int tc_hmac_prng_reseed(TCHmacPrng_t prng, const uint8_t *seed, - unsigned int seedlen, const uint8_t *additional_input, - unsigned int additionallen); - -/** - * @brief HMAC-PRNG generate procedure - * Generates outlen pseudo-random bytes into out buffer, updates prng - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_HMAC_PRNG_RESEED_REQ (-1) if a reseed is needed - * returns TC_CRYPTO_FAIL (0) if: - * out == NULL, - * prng == NULL, - * outlen == 0, - * outlen >= MAX_OUT - * @note Assumes tc_hmac_prng_init has been called for prng - * @param out IN/OUT -- buffer to receive output - * @param outlen IN -- size of out buffer in bytes - * @param prng IN/OUT -- the PRNG state - */ -int tc_hmac_prng_generate(uint8_t *out, unsigned int outlen, TCHmacPrng_t prng); - -#ifdef __cplusplus -} -#endif - -#endif /* __TC_HMAC_PRNG_H__ */ diff --git a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/sha256.h b/lib/bt/porting/ext/tinycrypt/include/tinycrypt/sha256.h deleted file mode 100644 index af5e8baf..00000000 --- a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/sha256.h +++ /dev/null @@ -1,129 +0,0 @@ -/* sha256.h - TinyCrypt interface to a SHA-256 implementation */ - -/* - * Copyright (C) 2017 by Intel Corporation, All Rights Reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * - Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * - Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * - Neither the name of Intel Corporation nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * @file - * @brief Interface to a SHA-256 implementation. - * - * Overview: SHA-256 is a NIST approved cryptographic hashing algorithm - * specified in FIPS 180. A hash algorithm maps data of arbitrary - * size to data of fixed length. - * - * Security: SHA-256 provides 128 bits of security against collision attacks - * and 256 bits of security against pre-image attacks. SHA-256 does - * NOT behave like a random oracle, but it can be used as one if - * the string being hashed is prefix-free encoded before hashing. - * - * Usage: 1) call tc_sha256_init to initialize a struct - * tc_sha256_state_struct before hashing a new string. - * - * 2) call tc_sha256_update to hash the next string segment; - * tc_sha256_update can be called as many times as needed to hash - * all of the segments of a string; the order is important. - * - * 3) call tc_sha256_final to out put the digest from a hashing - * operation. - */ - -#ifndef __TC_SHA256_H__ -#define __TC_SHA256_H__ - -#include <stddef.h> -#include <stdint.h> - -#ifdef __cplusplus -extern "C" { -#endif - -#define TC_SHA256_BLOCK_SIZE (64) -#define TC_SHA256_DIGEST_SIZE (32) -#define TC_SHA256_STATE_BLOCKS (TC_SHA256_DIGEST_SIZE/4) - -struct tc_sha256_state_struct { - unsigned int iv[TC_SHA256_STATE_BLOCKS]; - uint64_t bits_hashed; - uint8_t leftover[TC_SHA256_BLOCK_SIZE]; - size_t leftover_offset; -}; - -typedef struct tc_sha256_state_struct *TCSha256State_t; - -/** - * @brief SHA256 initialization procedure - * Initializes s - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_CRYPTO_FAIL (0) if s == NULL - * @param s Sha256 state struct - */ -int tc_sha256_init(TCSha256State_t s); - -/** - * @brief SHA256 update procedure - * Hashes data_length bytes addressed by data into state s - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_CRYPTO_FAIL (0) if: - * s == NULL, - * s->iv == NULL, - * data == NULL - * @note Assumes s has been initialized by tc_sha256_init - * @warning The state buffer 'leftover' is left in memory after processing - * If your application intends to have sensitive data in this - * buffer, remind to erase it after the data has been processed - * @param s Sha256 state struct - * @param data message to hash - * @param datalen length of message to hash - */ -int tc_sha256_update (TCSha256State_t s, const uint8_t *data, size_t datalen); - -/** - * @brief SHA256 final procedure - * Inserts the completed hash computation into digest - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_CRYPTO_FAIL (0) if: - * s == NULL, - * s->iv == NULL, - * digest == NULL - * @note Assumes: s has been initialized by tc_sha256_init - * digest points to at least TC_SHA256_DIGEST_SIZE bytes - * @warning The state buffer 'leftover' is left in memory after processing - * If your application intends to have sensitive data in this - * buffer, remind to erase it after the data has been processed - * @param digest unsigned eight bit integer - * @param Sha256 state struct - */ -int tc_sha256_final(uint8_t *digest, TCSha256State_t s); - -#ifdef __cplusplus -} -#endif - -#endif /* __TC_SHA256_H__ */ diff --git a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/utils.h b/lib/bt/porting/ext/tinycrypt/include/tinycrypt/utils.h deleted file mode 100644 index bab5c320..00000000 --- a/lib/bt/porting/ext/tinycrypt/include/tinycrypt/utils.h +++ /dev/null @@ -1,95 +0,0 @@ -/* utils.h - TinyCrypt interface to platform-dependent run-time operations */ - -/* - * Copyright (C) 2017 by Intel Corporation, All Rights Reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * - Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * - Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * - Neither the name of Intel Corporation nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * @file - * @brief Interface to platform-dependent run-time operations. - * - */ - -#ifndef __TC_UTILS_H__ -#define __TC_UTILS_H__ - -#include <stdint.h> -#include <stddef.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * @brief Copy the the buffer 'from' to the buffer 'to'. - * @return returns TC_CRYPTO_SUCCESS (1) - * returns TC_CRYPTO_FAIL (0) if: - * from_len > to_len. - * - * @param to OUT -- destination buffer - * @param to_len IN -- length of destination buffer - * @param from IN -- origin buffer - * @param from_len IN -- length of origin buffer - */ -unsigned int _copy(uint8_t *to, unsigned int to_len, - const uint8_t *from, unsigned int from_len); - -/** - * @brief Set the value 'val' into the buffer 'to', 'len' times. - * - * @param to OUT -- destination buffer - * @param val IN -- value to be set in 'to' - * @param len IN -- number of times the value will be copied - */ -void _set(void *to, uint8_t val, unsigned int len); - -/* - * @brief AES specific doubling function, which utilizes - * the finite field used by AES. - * @return Returns a^2 - * - * @param a IN/OUT -- value to be doubled - */ -uint8_t _double_byte(uint8_t a); - -/* - * @brief Constant-time algorithm to compare if two sequences of bytes are equal - * @return Returns 0 if equal, and non-zero otherwise - * - * @param a IN -- sequence of bytes a - * @param b IN -- sequence of bytes b - * @param size IN -- size of sequences a and b - */ -int _compare(const uint8_t *a, const uint8_t *b, size_t size); - -#ifdef __cplusplus -} -#endif - -#endif /* __TC_UTILS_H__ */ |