Crypto - Platform#
This module includes the platform abstraction for Crypto.
Modules#
Enumerations#
Defines the key types.
Defines the key algorithms.
Defines the key usage flags.
Defines the key storage types.
Typedefs#
This datatype represents the key reference.
Represents a SHA-256 hash.
Variables#
Functions#
Initialize the Crypto module.
Import a key into PSA ITS.
Export a key stored in PSA ITS.
Destroy a key stored in PSA ITS.
Check if the key ref passed has an associated key in PSA ITS.
Initialize the HMAC operation.
Uninitialize the HMAC operation.
Start HMAC operation.
Update the HMAC operation with new input.
Complete the HMAC operation.
Initialise the AES operation.
Set the key for AES operation.
Encrypt the given data.
Free the AES context.
Initialise the HKDF context.
Perform HKDF Expand step.
Perform HKDF Extract step.
Uninitialize the HKDF context.
Initialise the SHA-256 operation.
Uninitialize the SHA-256 operation.
Start SHA-256 operation.
Update SHA-256 operation with new input.
Finish SHA-256 operation.
Initialize cryptographically-secure pseudorandom number generator (CSPRNG).
Deinitialize cryptographically-secure pseudorandom number generator (CSPRNG).
Fills a given buffer with cryptographically secure random bytes.
Generate and populate the output buffer with a new ECDSA key-pair.
Get the associated public key from the input context.
Calculate the ECDSA signature for a hashed message using the private key from the input context.
Use the key from the input context to verify the ECDSA signature of a hashed message.
Calculate the ECDSA signature for a hashed message using the Key reference passed.
Get the associated public key from the key reference passed.
Generate and import a new ECDSA key-pair at reference passed.
Use the keyref to verify the ECDSA signature of a hashed message.
Perform PKCS#5 PBKDF2 using CMAC (AES-CMAC-PRF-128).
Macros#
Length of SHA256 hash (in bytes).
Max buffer size (in bytes) for representing the EDCSA key-pair in DER format.
Buffer size (in bytes) for representing the EDCSA public key.
Buffer size (in bytes) for representing the EDCSA signature.
Max PBKDF2 SALT length: salt prefix (6) + extended panid (8) + network name (16)
Enumeration Documentation#
otCryptoKeyType#
otCryptoKeyType
Defines the key types.
Enumerator | |
---|---|
OT_CRYPTO_KEY_TYPE_RAW | Key Type: Raw Data. |
OT_CRYPTO_KEY_TYPE_AES | Key Type: AES. |
OT_CRYPTO_KEY_TYPE_HMAC | Key Type: HMAC. |
OT_CRYPTO_KEY_TYPE_ECDSA | Key Type: ECDSA. |
59
of file include/openthread/platform/crypto.h
otCryptoKeyAlgorithm#
otCryptoKeyAlgorithm
Defines the key algorithms.
Enumerator | |
---|---|
OT_CRYPTO_KEY_ALG_VENDOR | Key Algorithm: Vendor Defined. |
OT_CRYPTO_KEY_ALG_AES_ECB | Key Algorithm: AES ECB. |
OT_CRYPTO_KEY_ALG_HMAC_SHA_256 | Key Algorithm: HMAC SHA-256. |
OT_CRYPTO_KEY_ALG_ECDSA | Key Algorithm: ECDSA. |
70
of file include/openthread/platform/crypto.h
@10#
@10
Defines the key usage flags.
Enumerator | |
---|---|
OT_CRYPTO_KEY_USAGE_NONE | Key Usage: Key Usage is empty. |
OT_CRYPTO_KEY_USAGE_EXPORT | Key Usage: Key can be exported. |
OT_CRYPTO_KEY_USAGE_ENCRYPT | Key Usage: Encryption (vendor defined). |
OT_CRYPTO_KEY_USAGE_DECRYPT | Key Usage: AES ECB. |
OT_CRYPTO_KEY_USAGE_SIGN_HASH | Key Usage: Sign Hash. |
OT_CRYPTO_KEY_USAGE_VERIFY_HASH | Key Usage: Verify Hash. |
81
of file include/openthread/platform/crypto.h
otCryptoKeyStorage#
otCryptoKeyStorage
Defines the key storage types.
Enumerator | |
---|---|
OT_CRYPTO_KEY_STORAGE_VOLATILE | Key Persistence: Key is volatile. |
OT_CRYPTO_KEY_STORAGE_PERSISTENT | Key Persistence: Key is persistent. |
94
of file include/openthread/platform/crypto.h
Typedef Documentation#
otCryptoKeyRef#
typedef uint32_t otCryptoKeyRef
This datatype represents the key reference.
103
of file include/openthread/platform/crypto.h
otCryptoKey#
typedef struct otCryptoKey otCryptoKey
115
of file include/openthread/platform/crypto.h
otCryptoContext#
typedef struct otCryptoContext otCryptoContext
126
of file include/openthread/platform/crypto.h
otPlatCryptoSha256Hash#
typedef struct otPlatCryptoSha256Hash otPlatCryptoSha256Hash
Represents a SHA-256 hash.
147
of file include/openthread/platform/crypto.h
otPlatCryptoEcdsaKeyPair#
typedef struct otPlatCryptoEcdsaKeyPair otPlatCryptoEcdsaKeyPair
165
of file include/openthread/platform/crypto.h
otPlatCryptoEcdsaPublicKey#
typedef struct otPlatCryptoEcdsaPublicKey otPlatCryptoEcdsaPublicKey
185
of file include/openthread/platform/crypto.h
otPlatCryptoEcdsaSignature#
typedef struct otPlatCryptoEcdsaSignature otPlatCryptoEcdsaSignature
206
of file include/openthread/platform/crypto.h
Variable Documentation#
OT_TOOL_PACKED_END#
OT_TOOL_PACKED_BEGIN struct otPlatCryptoEcdsaSignature OT_TOOL_PACKED_END
142
of file include/openthread/platform/crypto.h
Function Documentation#
otPlatCryptoInit#
void otPlatCryptoInit (void )
Initialize the Crypto module.
N/A |
216
of file include/openthread/platform/crypto.h
otPlatCryptoImportKey#
otError otPlatCryptoImportKey (otCryptoKeyRef * aKeyRef, otCryptoKeyType aKeyType, otCryptoKeyAlgorithm aKeyAlgorithm, int aKeyUsage, otCryptoKeyStorage aKeyPersistence, const uint8_t * aKey, size_t aKeyLen)
Import a key into PSA ITS.
[inout] | aKeyRef | Pointer to the key ref to be used for crypto operations. |
[in] | aKeyType | Key Type encoding for the key. |
[in] | aKeyAlgorithm | Key algorithm encoding for the key. |
[in] | aKeyUsage | Key Usage encoding for the key (combinations of |
[in] | aKeyPersistence | Key Persistence for this key |
[in] | aKey | Actual key to be imported. |
[in] | aKeyLen | Length of the key to be imported. |
Note
If OT_CRYPTO_KEY_STORAGE_PERSISTENT is passed for aKeyPersistence then
aKeyRef
is input and platform should use the given aKeyRef and MUST not change it.
If OT_CRYPTO_KEY_STORAGE_VOLATILE is passed for aKeyPersistence then aKeyRef
is output, the initial value does not matter and platform API MUST update it to return the new key ref.
This API is only used by OT core when OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE
is enabled.
241
of file include/openthread/platform/crypto.h
otPlatCryptoExportKey#
otError otPlatCryptoExportKey (otCryptoKeyRef aKeyRef, uint8_t * aBuffer, size_t aBufferLen, size_t * aKeyLen)
Export a key stored in PSA ITS.
[in] | aKeyRef | The key ref to be used for crypto operations. |
[out] | aBuffer | Pointer to the buffer where key needs to be exported. |
[in] | aBufferLen | Length of the buffer passed to store the exported key. |
[out] | aKeyLen | Pointer to return the length of the exported key. |
Note
This API is only used by OT core when
OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE
is enabled.
263
of file include/openthread/platform/crypto.h
otPlatCryptoDestroyKey#
otError otPlatCryptoDestroyKey (otCryptoKeyRef aKeyRef)
Destroy a key stored in PSA ITS.
[in] | aKeyRef | The key ref to be destroyed |
Note
This API is only used by OT core when
OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE
is enabled.
275
of file include/openthread/platform/crypto.h
otPlatCryptoHasKey#
bool otPlatCryptoHasKey (otCryptoKeyRef aKeyRef)
Check if the key ref passed has an associated key in PSA ITS.
[in] | aKeyRef | The Key Ref to check. |
Note
This API is only used by OT core when
OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE
is enabled.
287
of file include/openthread/platform/crypto.h
otPlatCryptoHmacSha256Init#
otError otPlatCryptoHmacSha256Init (otCryptoContext * aContext)
Initialize the HMAC operation.
[in] | aContext | Context for HMAC operation. |
Note
The platform driver shall point the context to the correct object such as psa_mac_operation_t or mbedtls_md_context_t.
301
of file include/openthread/platform/crypto.h
otPlatCryptoHmacSha256Deinit#
otError otPlatCryptoHmacSha256Deinit (otCryptoContext * aContext)
Uninitialize the HMAC operation.
[in] | aContext | Context for HMAC operation. |
312
of file include/openthread/platform/crypto.h
otPlatCryptoHmacSha256Start#
otError otPlatCryptoHmacSha256Start (otCryptoContext * aContext, const otCryptoKey * aKey)
Start HMAC operation.
[in] | aContext | Context for HMAC operation. |
[in] | aKey | Key material to be used for HMAC operation. |
324
of file include/openthread/platform/crypto.h
otPlatCryptoHmacSha256Update#
otError otPlatCryptoHmacSha256Update (otCryptoContext * aContext, const void * aBuf, uint16_t aBufLength)
Update the HMAC operation with new input.
[in] | aContext | Context for HMAC operation. |
[in] | aBuf | A pointer to the input buffer. |
[in] | aBufLength | The length of |
337
of file include/openthread/platform/crypto.h
otPlatCryptoHmacSha256Finish#
otError otPlatCryptoHmacSha256Finish (otCryptoContext * aContext, uint8_t * aBuf, size_t aBufLength)
Complete the HMAC operation.
[in] | aContext | Context for HMAC operation. |
[out] | aBuf | A pointer to the output buffer. |
[in] | aBufLength | The length of |
350
of file include/openthread/platform/crypto.h
otPlatCryptoAesInit#
otError otPlatCryptoAesInit (otCryptoContext * aContext)
Initialise the AES operation.
[in] | aContext | Context for AES operation. |
Note
The platform driver shall point the context to the correct object such as psa_key_id or mbedtls_aes_context_t.
365
of file include/openthread/platform/crypto.h
otPlatCryptoAesSetKey#
otError otPlatCryptoAesSetKey (otCryptoContext * aContext, const otCryptoKey * aKey)
Set the key for AES operation.
[in] | aContext | Context for AES operation. |
[out] | aKey | Key to use for AES operation. |
377
of file include/openthread/platform/crypto.h
otPlatCryptoAesEncrypt#
otError otPlatCryptoAesEncrypt (otCryptoContext * aContext, const uint8_t * aInput, uint8_t * aOutput)
Encrypt the given data.
[in] | aContext | Context for AES operation. |
[in] | aInput | Pointer to the input buffer. |
[in] | aOutput | Pointer to the output buffer. |
390
of file include/openthread/platform/crypto.h
otPlatCryptoAesFree#
otError otPlatCryptoAesFree (otCryptoContext * aContext)
Free the AES context.
[in] | aContext | Context for AES operation. |
401
of file include/openthread/platform/crypto.h
otPlatCryptoHkdfInit#
otError otPlatCryptoHkdfInit (otCryptoContext * aContext)
Initialise the HKDF context.
[in] | aContext | Context for HKDF operation. |
Note
The platform driver shall point the context to the correct object such as psa_key_derivation_operation_t or HmacSha256::Hash
415
of file include/openthread/platform/crypto.h
otPlatCryptoHkdfExpand#
otError otPlatCryptoHkdfExpand (otCryptoContext * aContext, const uint8_t * aInfo, uint16_t aInfoLength, uint8_t * aOutputKey, uint16_t aOutputKeyLength)
Perform HKDF Expand step.
[in] | aContext | Operation context for HKDF operation. |
[in] | aInfo | Pointer to the Info sequence. |
[in] | aInfoLength | Length of the Info sequence. |
[out] | aOutputKey | Pointer to the output Key. |
[in] | aOutputKeyLength | Size of the output key buffer. |
430
of file include/openthread/platform/crypto.h
otPlatCryptoHkdfExtract#
otError otPlatCryptoHkdfExtract (otCryptoContext * aContext, const uint8_t * aSalt, uint16_t aSaltLength, const otCryptoKey * aInputKey)
Perform HKDF Extract step.
[in] | aContext | Operation context for HKDF operation. |
[in] | aSalt | Pointer to the Salt for HKDF. |
[in] | aSaltLength | Length of Salt. |
[in] | aInputKey | Pointer to the input key. |
447
of file include/openthread/platform/crypto.h
otPlatCryptoHkdfDeinit#
otError otPlatCryptoHkdfDeinit (otCryptoContext * aContext)
Uninitialize the HKDF context.
[in] | aContext | Context for HKDF operation. |
461
of file include/openthread/platform/crypto.h
otPlatCryptoSha256Init#
otError otPlatCryptoSha256Init (otCryptoContext * aContext)
Initialise the SHA-256 operation.
[in] | aContext | Context for SHA-256 operation. |
Note
The platform driver shall point the context to the correct object such as psa_hash_operation_t or mbedtls_sha256_context.
476
of file include/openthread/platform/crypto.h
otPlatCryptoSha256Deinit#
otError otPlatCryptoSha256Deinit (otCryptoContext * aContext)
Uninitialize the SHA-256 operation.
[in] | aContext | Context for SHA-256 operation. |
487
of file include/openthread/platform/crypto.h
otPlatCryptoSha256Start#
otError otPlatCryptoSha256Start (otCryptoContext * aContext)
Start SHA-256 operation.
[in] | aContext | Context for SHA-256 operation. |
498
of file include/openthread/platform/crypto.h
otPlatCryptoSha256Update#
otError otPlatCryptoSha256Update (otCryptoContext * aContext, const void * aBuf, uint16_t aBufLength)
Update SHA-256 operation with new input.
[in] | aContext | Context for SHA-256 operation. |
[in] | aBuf | A pointer to the input buffer. |
[in] | aBufLength | The length of |
511
of file include/openthread/platform/crypto.h
otPlatCryptoSha256Finish#
otError otPlatCryptoSha256Finish (otCryptoContext * aContext, uint8_t * aHash, uint16_t aHashSize)
Finish SHA-256 operation.
[in] | aContext | Context for SHA-256 operation. |
[in] | aHash | A pointer to the output buffer, where hash needs to be stored. |
[in] | aHashSize | The length of |
524
of file include/openthread/platform/crypto.h
otPlatCryptoRandomInit#
void otPlatCryptoRandomInit (void )
Initialize cryptographically-secure pseudorandom number generator (CSPRNG).
N/A |
529
of file include/openthread/platform/crypto.h
otPlatCryptoRandomDeinit#
void otPlatCryptoRandomDeinit (void )
Deinitialize cryptographically-secure pseudorandom number generator (CSPRNG).
N/A |
534
of file include/openthread/platform/crypto.h
otPlatCryptoRandomGet#
otError otPlatCryptoRandomGet (uint8_t * aBuffer, uint16_t aSize)
Fills a given buffer with cryptographically secure random bytes.
[out] | aBuffer | A pointer to a buffer to fill with the random bytes. |
[in] | aSize | Size of buffer (number of bytes to fill). |
545
of file include/openthread/platform/crypto.h
otPlatCryptoEcdsaGenerateKey#
otError otPlatCryptoEcdsaGenerateKey (otPlatCryptoEcdsaKeyPair * aKeyPair)
Generate and populate the output buffer with a new ECDSA key-pair.
[out] | aKeyPair | A pointer to an ECDSA key-pair structure to store the generated key-pair. |
557
of file include/openthread/platform/crypto.h
otPlatCryptoEcdsaGetPublicKey#
otError otPlatCryptoEcdsaGetPublicKey (const otPlatCryptoEcdsaKeyPair * aKeyPair, otPlatCryptoEcdsaPublicKey * aPublicKey)
Get the associated public key from the input context.
[in] | aKeyPair | A pointer to an ECDSA key-pair structure where the key-pair is stored. |
[out] | aPublicKey | A pointer to an ECDSA public key structure to store the public key. |
569
of file include/openthread/platform/crypto.h
otPlatCryptoEcdsaSign#
otError otPlatCryptoEcdsaSign (const otPlatCryptoEcdsaKeyPair * aKeyPair, const otPlatCryptoSha256Hash * aHash, otPlatCryptoEcdsaSignature * aSignature)
Calculate the ECDSA signature for a hashed message using the private key from the input context.
[in] | aKeyPair | A pointer to an ECDSA key-pair structure where the key-pair is stored. |
[in] | aHash | A pointer to a SHA-256 hash structure where the hash value for signature calculation is stored. |
[out] | aSignature | A pointer to an ECDSA signature structure to output the calculated signature. |
Uses the deterministic digital signature generation procedure from RFC 6979.
586
of file include/openthread/platform/crypto.h
otPlatCryptoEcdsaVerify#
otError otPlatCryptoEcdsaVerify (const otPlatCryptoEcdsaPublicKey * aPublicKey, const otPlatCryptoSha256Hash * aHash, const otPlatCryptoEcdsaSignature * aSignature)
Use the key from the input context to verify the ECDSA signature of a hashed message.
[in] | aPublicKey | A pointer to an ECDSA public key structure where the public key for signature verification is stored. |
[in] | aHash | A pointer to a SHA-256 hash structure where the hash value for signature verification is stored. |
[in] | aSignature | A pointer to an ECDSA signature structure where the signature value to be verified is stored. |
605
of file include/openthread/platform/crypto.h
otPlatCryptoEcdsaSignUsingKeyRef#
otError otPlatCryptoEcdsaSignUsingKeyRef (otCryptoKeyRef aKeyRef, const otPlatCryptoSha256Hash * aHash, otPlatCryptoEcdsaSignature * aSignature)
Calculate the ECDSA signature for a hashed message using the Key reference passed.
[in] | aKeyRef | Key Reference to the slot where the key-pair is stored. |
[in] | aHash | A pointer to a SHA-256 hash structure where the hash value for signature calculation is stored. |
[out] | aSignature | A pointer to an ECDSA signature structure to output the calculated signature. |
Uses the deterministic digital signature generation procedure from RFC 6979.
Note
This API is only used by OT core when
OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE
is enabled.
626
of file include/openthread/platform/crypto.h
otPlatCryptoEcdsaExportPublicKey#
otError otPlatCryptoEcdsaExportPublicKey (otCryptoKeyRef aKeyRef, otPlatCryptoEcdsaPublicKey * aPublicKey)
Get the associated public key from the key reference passed.
[in] | aKeyRef | Key Reference to the slot where the key-pair is stored. |
[out] | aPublicKey | A pointer to an ECDSA public key structure to store the public key. |
The public key is stored differently depending on the crypto backend library being used (OPENTHREAD_CONFIG_CRYPTO_LIB).
This API must make sure to return the public key as a byte sequence representation of an uncompressed curve point (RFC 6605 - sec 4)
Note
This API is only used by OT core when
OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE
is enabled.
648
of file include/openthread/platform/crypto.h
otPlatCryptoEcdsaGenerateAndImportKey#
otError otPlatCryptoEcdsaGenerateAndImportKey (otCryptoKeyRef aKeyRef)
Generate and import a new ECDSA key-pair at reference passed.
[in] | aKeyRef | Key Reference to the slot where the key-pair is stored. |
Note
This API is only used by OT core when
OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE
is enabled.
662
of file include/openthread/platform/crypto.h
otPlatCryptoEcdsaVerifyUsingKeyRef#
otError otPlatCryptoEcdsaVerifyUsingKeyRef (otCryptoKeyRef aKeyRef, const otPlatCryptoSha256Hash * aHash, const otPlatCryptoEcdsaSignature * aSignature)
Use the keyref to verify the ECDSA signature of a hashed message.
[in] | aKeyRef | Key Reference to the slot where the key-pair is stored. |
[in] | aHash | A pointer to a SHA-256 hash structure where the hash value for signature verification is stored. |
[in] | aSignature | A pointer to an ECDSA signature structure where the signature value to be verified is stored. |
Note
This API is only used by OT core when
OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE
is enabled.
680
of file include/openthread/platform/crypto.h
otPlatCryptoPbkdf2GenerateKey#
otError otPlatCryptoPbkdf2GenerateKey (const uint8_t * aPassword, uint16_t aPasswordLen, const uint8_t * aSalt, uint16_t aSaltLen, uint32_t aIterationCounter, uint16_t aKeyLen, uint8_t * aKey)
Perform PKCS#5 PBKDF2 using CMAC (AES-CMAC-PRF-128).
[in] | aPassword | Password to use when generating key. |
[in] | aPasswordLen | Length of password. |
[in] | aSalt | Salt to use when generating key. |
[in] | aSaltLen | Length of salt. |
[in] | aIterationCounter | Iteration count. |
[in] | aKeyLen | Length of generated key in bytes. |
[out] | aKey | A pointer to the generated key. |
700
of file include/openthread/platform/crypto.h
Macro Definition Documentation#
OT_CRYPTO_SHA256_HASH_SIZE#
#define OT_CRYPTO_SHA256_HASH_SIZEValue:
32
Length of SHA256 hash (in bytes).
131
of file include/openthread/platform/crypto.h
OT_CRYPTO_ECDSA_MAX_DER_SIZE#
#define OT_CRYPTO_ECDSA_MAX_DER_SIZEValue:
125
Max buffer size (in bytes) for representing the EDCSA key-pair in DER format.
152
of file include/openthread/platform/crypto.h
OT_CRYPTO_ECDSA_PUBLIC_KEY_SIZE#
#define OT_CRYPTO_ECDSA_PUBLIC_KEY_SIZEValue:
64
Buffer size (in bytes) for representing the EDCSA public key.
170
of file include/openthread/platform/crypto.h
OT_CRYPTO_ECDSA_SIGNATURE_SIZE#
#define OT_CRYPTO_ECDSA_SIGNATURE_SIZEValue:
64
Buffer size (in bytes) for representing the EDCSA signature.
190
of file include/openthread/platform/crypto.h
OT_CRYPTO_PBDKF2_MAX_SALT_SIZE#
#define OT_CRYPTO_PBDKF2_MAX_SALT_SIZEValue:
30
Max PBKDF2 SALT length: salt prefix (6) + extended panid (8) + network name (16)
211
of file include/openthread/platform/crypto.h