Google Git
Sign in
pigweed / third_party / github / zephyrproject-rtos / zephyr / d3b7e80ab5f40039fcc4bf1ab8fa5c4aba915ec3 / . / ext / hal / ti / simplelink / source / ti / drivers / ECDH.h
blob: 1a943bbb6fda1e08fed20bb96bf0a230f2a6e171 [file] [log] [blame]
/*
* Copyright (c) 2017, Texas Instruments Incorporated
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* * Neither the name of Texas Instruments Incorporated nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
* EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*!
* @file ECDH.h
*
* @brief TI Driver for Elliptic Curve Diffie-Hellman key agreement scheme.
*
*
* @warning This is a beta API. It may change in future releases.
*
* # Overview #
*
* Elliptic Curve Diffie-Hellman (ECDH) is a key agreement scheme between
* two parties based on the Diffie-Hellman key exchange protocol.
*
* It provides a means of generating a shared secret and derived symmetric key
* between the two parties over an insecure channel.
*
* It does not provide authentication. As such, it does not guarantee that the
* party you are exchanging keys with is truly the party you wish to establish a
* secured channel with.
*
* The two parties each generate a private key and a public key. The private key
* is a random integer in the interval [1, n - 1], where n is the order of a
* previously agreed upon curve. The public key is generated
* by multiplying the private key by the generator point of a previously agreed
* upon elliptic curve such as NISTP256 or Curve 25519. The public key is itself
* a point upon the elliptic curve. Each public key is then transmitted to the
* other party over a potentially insecure channel. The other party's public key
* is then multiplied with the private key, generating a shared secret. This
* shared secret is also a point on the curve. However, the entropy in the secret
* is not spread evenly throughout the shared secret. In order to generate one or more
* shared symmetric keys, the shared secret must be run through a key derivation
* function (KDF) that was previously agreed upon. The key derivation function
* can take many forms, from simply hashing the X coordinate of the shared secret
* with SHA2 and truncating the result to generating multiple symmetric keys with
* HKDF, an HMAC based KDF.
*
* # Usage #
*
* ## Before starting an ECDH operation #
*
* Before starting a CCM operation, the application must do the following:
* - Call ECDH_init() to initialize the driver
* - Call ECDH_Params_init() to initialize the ECDH_Params to default values.
* - Modify the ECDH_Params as desired
* - Call ECDH_open() to open an instance of the driver
*
* ## Generating your public-private key pair #
* To generate a public-private key pair for an agreed upon curve, the application
* must do the following:
* - Generate the keying material for the private key. This keying material must
* be an integer in the interval [1, n - 1], where n is the order of the curve.
* It should be stored in an array with the least significant byte of the integer
* hex representation stored in the lowest address of the array (little-endian).
* The array should be the same length as the curve parameters of the curve used.
* The driver can be configured to validate public and private keys against the
* provided curve.
* - Initialize the private key CryptoKey. CryptoKeys are opaque datastructures and representations
* of keying material and its storage. Depending on how the keying material
* is stored (RAM or flash, key store, key blob), the CryptoKey must be
* initialized differently. The ECDH API can handle all types of CryptoKey.
* However, not all device-specific implementions support all types of CryptoKey.
* Devices without a key store will not support CryptoKeys with keying material
* stored in a key store for example.
* All devices support plaintext CryptoKeys.
* - Initialize a blank CryptoKey for the public key. The CryptoKey will keep track
* of where the keying material for the public key should be copied and how
* long it is. It should have twice the length of the private key.
* - Call ECDH_generatePublicKey(). The generated keying material will be copied
* according the the CryptoKey passed in as the public key parameter. The CryptoKey
* will no longer be considered 'blank' after the operation.
*
* ## Calculating a shared secret #
* After trading public keys with the other party, the application should do the following
* to calculate the shared secret:
* - Initialize a CryptoKey as public key with the keying material received from the other
* party.
* - Initialize a blank CryptoKey with the same size as the previously initialized
* public key.
* - Call ECDH_computeSharedSecret(). The shared secret will be copied to a location
* according to the shared secret CryptoKey passed to the function call.
*
*
* ## Creating one or more symmetric keys from the shared secret #
* After calculating the shared secret between the application and the other party,
* the entropy in the shared secret must be evened out and stretched as needed. The API
* allows for any number of keys to be derived from the shared secret using an application-provided
* key-derivation function. There are uncountable methods and algorithms to stretch an original
* seed entropy (the share secret) to generate symmetric keys.
* - Initialize n blank CryptoKeys in an array. These CryptoKeys is where the generated
* king material will be copied to. The keying material they represent does
* not need to be a contiguous range or even of the same CryptoKey type. The array may
* contain Plaintext, key blob, or key store CryptoKeys. It may contain different types
* of CryptoKeys.
* While the API allows for full flexibility in key material location and length, not all
* key derivation functions support the full scope of flexibility. Check the KDF's documentation
* before using it.
* - Call ECDH_calculateSharedEntropy(). The generated keying material will be copied to a
* location according to the CryptoKeys passed to the function.
*
* ## After a key exchange #
* After the ECDH key exchange completes, the application should either start another operation
* or close the driver by calling ECDH_close()
*
* ## General usage #
* The API expects elliptic curves in short Weierstrass form as defined in
* ti/drivers/types/ECCParams.h. Several commonly used curves are provided.
*
* Public keys and shared secrets are points on an elliptic curve. These points can
* be expressed in several ways. The most common one is in affine coordinates as an
* X,Y pair. The Y value can be omitted when using point compression and doing
* the calculations in the Montgomery domain with X,Z coordinates.
* This API only uses points expressed in affine coordinates. The point is stored as a
* concatenated array of X followed by Y.
*
* ## ECDH Driver Configuration #
*
* In order to use the ECDH APIs, the application is required
* to provide device-specific ECDH configuration in the Board.c file.
* The ECDH driver interface defines a configuration data structure:
*
* @code
* typedef struct ECDH_Config_ {
* void *object;
* void const *hwAttrs;
* } ECDH_Config;
* @endcode
*
* The application must declare an array of ECDH_Config elements, named
* ECDH_config[]. Each element of ECDH_config[] must be populated with
* pointers to a device specific ECDH driver implementation's
* driver object, hardware attributes. The hardware attributes
* define properties such as the ECDH peripheral's base address.
* Each element in ECDH_config[] corresponds to
* an ECDH instance, and none of the elements should have NULL pointers.
* There is no correlation between the index and the
* peripheral designation (such as ECDH0 or ECDH1). For example, it is
* possible to use ECDH_config[0] for ECDH1. Multiple drivers and driver
* instances may all access the same underlying hardware. This is transparent
* to the application. Mutual exclusion is performed automatically by the
* drivers as necessary.
*
* Because the ECDH configuration is very device dependent, you will need to
* check the doxygen for the device specific ECDH implementation. There you
* will find a description of the ECDH hardware attributes. Please also
* refer to the Board.c file of any of your examples to see the ECDH
* configuration.
*
* ## ECDH Parameters #
*
* The #ECDH_Params structure is passed to the ECDH_open() call. If NULL
* is passed for the parameters, ECDH_open() uses default parameters.
* An #ECDH_Params structure is initialized with default values by passing
* it to ECDH_Params_init().
* Some of the ECDH parameters are described below. To see brief descriptions
* of all the parameters, see #ECDH_Params.
*
* ## ECDH Return Behavior
* The ECDH driver supports three return behaviors when processing data: blocking, polling, and
* callback. The ECDH driver defaults to blocking mode, if the application does not set it.
* Once an ECDH driver is opened, the only way to change the return behavior
* is to close and re-open the ECDH instance with the new return behavior.
*
* In blocking mode, a task's code execution is blocked until an ECDH
* operation has completed. This ensures that only one ECDH operation
* operates at a given time. Other tasks requesting ECDH operations while
* a operation is currently taking place are also placed into a blocked
* state. ECDH operations are executed in the order in which they were
* received. In blocking mode, you cannot perform ECDH operations
* in the context of a software or hardware ISR.
*
* In callback mode, an ECDH operation functions asynchronously, which
* means that it does not block code execution. After an ECDH operation
* has been completed, the ECDH driver calls a user-provided hook function.
* Callback mode is supported in the task, SWI, and HWI execution context,
* However, if an ECDH operation is requested while a operation is taking place,
* the call returns an error code.
*
* In polling mode, an ECDH operation behaves the almost the same way as
* in blocking mode. Instead of pending on a semaphore and letting other
* scheduled tasks run, the application task, SWI, or HWI continuously polls
* a flag until the operation completes. If an ECDH operation is
* requested while a operation is taking place, the call returns an error code.
* When starting an ECDH operation in polling mode from HWI or SWI context,
* the ECDH HWI and SWI must be configured to have a higher priority to pre-empt
* the polling context.
*
* # Examples #
*
* ## ECDH exchange with plaintext CryptoKeys #
*
* @code
*
* #include <ti/drivers/cryptoutils/cryptokey/CryptoKeyPlaintext.h>
* #include <ti/drivers/ECDH.h>
*
* ...
*
* // Our private key is 0x0000000000000000000000000000000000000000000000000000000000000001
* // In practice, this value should come from a TRNG, PRNG, PUF, or device-specific pre-seeded key
* uint8_t myPrivateKeyingMaterial[32] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
* 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
* 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
* 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
* uint8_t myPublicKeyingMaterial[64] = {0};
* uint8_t theirPublicKeyingMaterial[64] = {0};
* uint8_t sharedSecretKeyingMaterial[64] = {0};
* uint8_t symmetricKeyingMaterial[16] = {0};
*
* CryptoKey myPrivateKey;
* CryptoKey myPublicKey;
* CryptoKey theirPublicKey;
* CryptoKey sharedSecret;
* CryptoKey symmetricKey;
*
* ECDH_Handle ecdhHandle;
*
* int_fast16_t operationResult;
*
* // Since we are using default ECDH_Params, we just pass in NULL for that parameter.
* ecdhHandle = ECDH_open(0, NULL);
*
* if (!ecdhHandle) {
* // Handle error
* }
*
* // Initialize myPrivateKey and myPublicKey
* CryptoKeyPlaintext_initKey(&myPrivateKey, myPrivateKeyingMaterial, sizeof(myPrivateKeyingMaterial));
* CryptoKeyPlaintext_initBlankKey(&myPublicKey, myPublicKeyingMaterial, sizeof(myPublicKeyingMaterial));
*
* // Generate the keying material for myPublicKey and store it in myPublicKeyingMaterial
* operationResult = ECDH_generatePublicKey(ecdhHandle, &ECC_NISTP256, &myPrivateKey, &myPublicKey);
*
* if (operationResult != ECDH_STATUS_SUCCESS) {
* // Handle error
* }
*
* // Now send the content of myPublicKeyingMaterial to theother party,
* // receive their public key, and copy their public keying material to theirPublicKeyingMaterial
*
* // Initialise their public CryptoKey and the shared secret CryptoKey
* CryptoKeyPlaintext_initKey(&theirPublicKey, theirPublicKeyingMaterial, sizeof(theirPublicKeyingMaterial));
* CryptoKeyPlaintext_initBlankKey(&sharedSecret, sharedSecretKeyingMaterial, sizeof(sharedSecretKeyingMaterial));
*
* // Compute the shared secret and copy it to sharedSecretKeyingMaterial
* // The ECC_NISTP256 struct is provided in ti/drivers/types/EccPArams.h and the corresponding device-specific implementation
* operationResult = ECDH_computeSharedSecret(ecdhHandle, &ECC_NISTP256, &myPrivateKey, &theirPublicKey, &sharedSecret);
*
* if (operationResult != ECDH_STATUS_SUCCESS) {
* // Handle error
* }
*
* CryptoKeyPlaintext_initBlankKey(&symmetricKey, symmetricKeyingMaterial, sizeof(symmetricKeyingMaterial));
*
* // Set up a KDF such as HKDF and open the requisite cryptographic primitive driver to implement it
* // HKDF and SHA2 were chosen as an example and may not be available directly
* // Since we only have one symmetric CryptoKey we wish to generate, we can pass it directly to the function
* operationResult = ECDH_calculateSharedEntropy(ecdhHandle, &sharedSecret, KDF_HKDF, sha2Handle, &symmetricKey, 1);
*
* if (operationResult != ECDH_STATUS_SUCCESS) {
* // Handle error
* }
*
* // At this point, you and the other party have both created the content within symmetricKeyingMaterial without
* // someone else listening to your communication channel being able to do so
*
* @endcode
*
*
*/
#ifndef ti_drivers_ECDH__include
#define ti_drivers_ECDH__include
#ifdef __cplusplus
extern "C" {
#endif
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
#include <ti/drivers/cryptoutils/cryptokey/CryptoKey.h>
#include <ti/drivers/cryptoutils/ecc/ECCParams.h>
/**
* @defgroup ECDH_CONTROL ECDH_control command and status codes
* These ECC macros are reservations for ECC.h
* @{
*/
/*!
* Common ECDH_control command code reservation offset.
* ECC driver implementations should offset command codes with ECDH_CMD_RESERVED
* growing positively
*
* Example implementation specific command codes:
* @code
* #define ECCXYZ_CMD_COMMAND0 ECDH_CMD_RESERVED + 0
* #define ECCXYZ_CMD_COMMAND1 ECDH_CMD_RESERVED + 1
* @endcode
*/
#define ECDH_CMD_RESERVED (32)
/*!
* Common ECDH_control status code reservation offset.
* ECC driver implementations should offset status codes with
* ECDH_STATUS_RESERVED growing negatively.
*
* Example implementation specific status codes:
* @code
* #define ECCXYZ_STATUS_ERROR0 ECDH_STATUS_RESERVED - 0
* #define ECCXYZ_STATUS_ERROR1 ECDH_STATUS_RESERVED - 1
* #define ECCXYZ_STATUS_ERROR2 ECDH_STATUS_RESERVED - 2
* @endcode
*/
#define ECDH_STATUS_RESERVED (-32)
/**
* @defgroup ECDH_STATUS Status Codes
* ECDH_STATUS_* macros are general status codes returned by ECC functions
* @{
* @ingroup ECDH_CONTROL
*/
/*!
* @brief Successful status code.
*
* Function return ECDH_STATUS_SUCCESS if the control code was executed
* successfully.
*/
#define ECDH_STATUS_SUCCESS (0)
/*!
* @brief Generic error status code.
*
* Functions return ECDH_STATUS_ERROR if the control code was not executed
* successfully.
*/
#define ECDH_STATUS_ERROR (-1)
/*!
* @brief An error status code returned by ECDH_control() for undefined
* command codes.
*
* ECDH_control() returns ECDH_STATUS_UNDEFINEDCMD if the control code is not
* recognized by the driver implementation.
*/
#define ECDH_STATUS_UNDEFINEDCMD (-2)
/*!
* @brief An error status code returned if the hardware or software resource
* is currently unavailable.
*
* ECC driver implementations may have hardware or software limitations on how
* many clients can simultaneously perform operations. This status code is returned
* if the mutual exclusion mechanism signals that an operation cannot currently be performed.
*/
#define ECDH_STATUS_RESOURCE_UNAVAILABLE (-3)
/*!
* @brief The result of the operation is the point at infinity.
*
* The operation yielded the point at infinity on this curve. This point is
* not permitted for further use in ECC operations.
*/
#define ECDH_STATUS_RESULT_POINT_AT_INFINITY (-4)
/*!
* @brief The private key passed in is larger than the order of the curve.
*
* Private keys must be integers in the interval [1, n - 1], where n is the
* order of the curve.
*/
#define ECDH_STATUS_RESULT_PRIVATE_KEY_LARGER_THAN_ORDER (-5)
/*!
* @brief The public key of the other party does not lie upon the curve.
*
* The public key received from the other party does not lie upon the agreed upon
* curve.
*/
#define ECDH_STATUS_RESULT_PUBLIC_KEY_NOT_ON_CURVE (-6)
/** @}*/
/**
* @defgroup ECDH_CMD Command Codes
* ECDH_CMD_* macros are general command codes for ECDH_control(). Not all ECC
* driver implementations support these command codes.
* @{
* @ingroup ECDH_CONTROL
*/
/* Add ECDH_CMD_<commands> here */
/** @}*/
/** @}*/
/*!
* @brief A handle that is returned from an ECDH_open() call.
*/
typedef struct ECDH_Config_ *ECDH_Handle;
/*!
* @brief The definition of a callback function used by the ECC driver
* when used in ::ECDH_RETURN_BEHAVIOR_CALLBACK
*
* @param handle Handle of the client that started the ECC operation.
*
* @param operationStatus The result of the ECC operation. May contain an error code
* if the result is the point at infinity for example.
*/
typedef void (*ECDH_CallbackFxn) (ECDH_Handle handle, int_fast16_t operationStatus);
/*!
* @brief The way in which ECC function calls return after performing an
* encryption + authentication or decryption + verification operation.
*
* Not all ECC operations exhibit the specified return behavor. Functions that do not
* require significant computation and cannot offload that computation to a background thread
* behave like regular functions. Which functions exhibit the specfied return behavior is not
* implementation dependent. Specifically, a software-backed implementation run on the same
* CPU as the application will emulate the return behavior while not actually offloading
* the computation to the background thread.
*
* ECC functions exhibiting the specified return behavior have restrictions on the
* context from which they may be called.
*
* | | Task | Hwi | Swi |
* |--------------------------------|-------|-------|-------|
* |ECDH_RETURN_BEHAVIOR_CALLBACK | X | X | X |
* |ECDH_RETURN_BEHAVIOR_BLOCKING | X | | |
* |ECDH_RETURN_BEHAVIOR_POLLING | X | X | X |
*
*/
typedef enum ECDH_ReturnBehavior_ {
ECDH_RETURN_BEHAVIOR_CALLBACK = 1, /*!< The function call will return immediately while the
* ECC operation goes on in the background. The registered
* callback function is called after the operation completes.
* The context the callback function is called (task, HWI, SWI)
* is implementation-dependent.
*/
ECDH_RETURN_BEHAVIOR_BLOCKING = 2, /*!< The function call will block while ECC operation goes
* on in the background. ECC operation results are available
* after the function returns.
*/
ECDH_RETURN_BEHAVIOR_POLLING = 4, /*!< The function call will continuously poll a flag while ECC
* operation goes on in the background. ECC operation results
* are available after the function returns.
*/
} ECDH_ReturnBehavior;
/*!
* @brief ECC Parameters
*
* ECC Parameters are used to with the ECDH_open() call. Default values for
* these parameters are set using ECDH_Params_init().
*
* @sa ECDH_Params_init()
*/
typedef struct ECDH_Params_ {
bool doNotValidateKeys; /*!< Whether or not to validate public and private keys in operations. */
ECDH_ReturnBehavior returnBehavior; /*!< Blocking, callback, or polling return behavior */
ECDH_CallbackFxn callbackFxn; /*!< Callback function pointer */
uint32_t timeout;
void *custom; /*!< Custom argument used by driver
* implementation
*/
} ECDH_Params;
/*!
* @brief ECC Global configuration
*
* The ECDH_Config structure contains a set of pointers used to characterize
* the ECC driver implementation.
*
* This structure needs to be defined before calling ECDH_init() and it must
* not be changed thereafter.
*
* @sa ECDH_init()
*/
typedef struct ECDH_Config_ {
/*! Pointer to a driver specific data object */
void *object;
/*! Pointer to a driver specific hardware attributes structure */
void const *hwAttrs;
} ECDH_Config;
/*!
* @brief Function that implements a key derivation function (KDF)
*
* Key derivation functions take a string of random entropy as their input and generate
* a deterministic pseudo-random bit stream of arbitrary length. Specialised KDFs may
* produce outputs of fixed length or with maximum lengths.
*
* @param [in] driverHandle Handle of the of the driver used to execute the crypto
* primitive underlying the KDF. This primitive could be a
* cryptographic hash or a block cipher.
*
* @param [in] seedEntropy The entropy used to seed the KDF. Reusing the same seed
* will yield the same pseudo-random bit stream.
*
* @param [in] seedEntropyLength Length of the seed entropy.
*
* @param [out] derivedKeys The CryptoKeys seeded with deterministic pseudo-random output of the KDF.
*
* @param [in] derivedKeysCount The number of keys to seed.
*/
typedef int_fast16_t (*ECDH_KDFFxn) (void *driverHandle, const uint8_t *seedEntropy, size_t seedEntropyLength, CryptoKey derivedKeys[], uint32_t derivedKeysCount);
/*!
* @brief Default ECDH_Params structure
*
* @sa ECDH_Params_init()
*/
extern const ECDH_Params ECDH_defaultParams;
/*!
* @brief This function initializes the ECC module.
*
* @pre The ECDH_config structure must exist and be persistent before this
* function can be called. This function must also be called before
* any other ECC driver APIs. This function call does not modify any
* peripheral registers.
*/
void ECDH_init(void);
/*!
* @brief Function to initialize the ECDH_Params struct to its defaults
*
* @param params An pointer to ECDH_Params structure for
* initialization
*
* Defaults values are:
* returnBehavior = ECDH_RETURN_BEHAVIOR_BLOCKING
* callbackFxn = NULL
* timeout = SemaphoreP_WAIT_FOREVER
* custom = NULL
*/
void ECDH_Params_init(ECDH_Params *params);
/*!
* @brief This function opens a given ECC peripheral.
*
* @pre ECC controller has been initialized using ECDH_init()
*
* @param index Logical peripheral number for the ECC indexed into
* the ECDH_config table
*
* @param params Pointer to an parameter block, if NULL it will use
* default values.
*
* @return A ECDH_Handle on success or a NULL on an error or if it has been
* opened already.
*
* @sa ECDH_init()
* @sa ECDH_close()
*/
ECDH_Handle ECDH_open(uint_least8_t index, ECDH_Params *params);
/*!
* @brief Function to close a ECC peripheral specified by the ECC handle
*
* @pre ECDH_open() has to be called first.
*
* @param handle A ECC handle returned from ECDH_open()
*
* @sa ECDH_open()
*/
void ECDH_close(ECDH_Handle handle);
/*!
* @brief Function performs implementation specific features on a given
* ECDH_Handle.
*
* Commands for ECDH_control can originate from ECC.h or from implementation
* specific ECC*.h (_ECCCC26XX.h_, _EECCSP432.h_, etc.. ) files.
* While commands from ECC.h are API portable across driver implementations,
* not all implementations may support all these commands.
* Conversely, commands from driver implementation specific ECC*.h files add
* unique driver capabilities but are not API portable across all ECC driver
* implementations.
*
* Commands supported by ECC.h follow an ECDH_CMD_\<cmd\> naming
* convention.<br>
* Commands supported by ECC*.h follow an ECC*_CMD_\<cmd\> naming
* convention.<br>
* Each control command defines @b arg differently. The types of @b arg are
* documented with each command.
*
* See @ref ECDH_CMD "ECDH_control command codes" for command codes.
*
* See @ref ECDH_STATUS "ECDH_control return status codes" for status codes.
*
* @pre ECDH_open() has to be called first.
*
* @param handle A ECC handle returned from ECDH_open()
*
* @param cmd ECC.h or ECC*.h commands.
*
* @param args An optional R/W (read/write) command argument
* accompanied with cmd
*
* @return Implementation specific return codes. Negative values indicate
* unsuccessful operations.
*
* @sa ECDH_open()
*/
int_fast16_t ECDH_control(ECDH_Handle handle, uint32_t cmd, void *args);
/*!
* @brief Generates a public key for use in key agreement.
*
* ECDH_generateKey() can be used for generating ephemeral keys.
*
* @param handle A ECC handle returned from ECDH_open()
* @param eccParams A pointer to the elliptic curve parameters for myPrivateKey
* @param myPrivateKey A pointer to the private ECC key from which the new public key will be generated. (maybe your static key)
* @param myPublicKey A pointer to a public ECC key which has been initialized blank. Newly generated
* key will be placed in this location.
*
* \post ECDH_computeSharedSecret()
*
*/
int_fast16_t ECDH_generatePublicKey(ECDH_Handle handle, const ECCParams_CurveParams *eccParams, const CryptoKey *myPrivateKey, CryptoKey *myPublicKey);
/*!
* @brief Computes a shared secret
*
* This secret can be used to generate shared keys for encryption and authentication.
*
* @param handle A ECC handle returned from ECDH_open()
* @param eccParams A pointer to the elliptic curve parameters for myPrivateKey (if ECDH_generateKey() was used, this should be the same private key)
* @param myPrivateKey A pointer to the private ECC key which will be used in to compute the shared secret
* @param theirPublicKey A pointer to the public key of the party with whom the shared secret will be generated
* @param sharedSecret A pointer to a CryptoKey which has been initialized blank. The shared secret will be placed here.
*
* \post ECDH_calculateSharedEntropy()
*/
int_fast16_t ECDH_computeSharedSecret(ECDH_Handle handle, const ECCParams_CurveParams *eccParams, const CryptoKey *myPrivateKey, const CryptoKey *theirPublicKey, CryptoKey *sharedSecret);
/*!
* @brief Calculates key material
*
* \pre ECDH_computeSharedSecret()
*
* @param handle A ECC handle returned from ECDH_open()
*
* @param sharedSecret The shared secret produced by ECDH_calculateSharedEntropy()
*
* @param kdf A pointer to the key derivation function to be used
*
* @param kdfPrimitiveDriverHandle A pointer to the handle of a driver of a cryptographic primitive used to implement the KDF
*
* @param derivedKeys A an array of CryptoKeys to seed with calculated entropy
*
* @param derivedKeysCount The number of CryptoKeys to seed with calculated entropy
*
*/
int_fast16_t ECDH_calculateSharedEntropy(ECDH_Handle handle, const CryptoKey *sharedSecret, const ECDH_KDFFxn kdf, void *kdfPrimitiveDriverHandle, CryptoKey derivedKeys[], uint32_t derivedKeysCount);
#ifdef __cplusplus
}
#endif
#endif /* ti_drivers_ECDH__include */