le_iks_ecc_interface.h

Go to the documentation of this file.
    1 
    2 
    3 /*
    4  * ====================== WARNING ======================
    5  *
    6  * THE CONTENTS OF THIS FILE HAVE BEEN AUTO-GENERATED.
    7  * DO NOT MODIFY IN ANY WAY.
    8  *
    9  * ====================== WARNING ======================
   10  */
   11 
   12 /**
   13  * @page c_iks_ecc IoT Keystore ECC API
   14  *
   15  * @ref le_iks_ecc_interface.h "API Reference"
   16  *
   17  * <HR>
   18  *
   19  * Legato IoT Keystore APIs for performing generation/verification of signatures with ECDSA,
   20  * encryption/decryption of messages using ECIES and shared secret generation with ECDH.
   21  *
   22  * <HR>
   23  *
   24  * Copyright (C) Sierra Wireless Inc.
   25  */
   26 /**
   27  * @file le_iks_ecc_interface.h
   28  *
   29  * Legato @ref c_iks_ecc API
   30  *
   31  * Copyright (C) Sierra Wireless Inc.
   32  */
   33 
   34 #ifndef LE_IKS_ECC_INTERFACE_H_INCLUDE_GUARD
   35 #define LE_IKS_ECC_INTERFACE_H_INCLUDE_GUARD
   36 
   37 
   38 #include "legato.h"
   39 
   40 // Interface specific includes
   41 #include "le_iks_interface.h"
   42 
   43 // Internal includes for this interface
   44 #include "le_iks_ecc_common.h"
   45 /** @addtogroup le_iks_ecc le_iks_ecc API Reference
   46  * @{
   47  * @file le_iks_ecc_common.h
   48  * @file le_iks_ecc_interface.h **/
   49 //--------------------------------------------------------------------------------------------------
   50 /**
   51  * Type for handler called when a server disconnects.
   52  */
   53 //--------------------------------------------------------------------------------------------------
   54 typedef void (*le_iks_ecc_DisconnectHandler_t)(void *);
   55 
   56 //--------------------------------------------------------------------------------------------------
   57 /**
   58  *
   59  * Connect the current client thread to the service providing this API. Block until the service is
   60  * available.
   61  *
   62  * For each thread that wants to use this API, either ConnectService or TryConnectService must be
   63  * called before any other functions in this API.  Normally, ConnectService is automatically called
   64  * for the main thread, but not for any other thread. For details, see @ref apiFilesC_client.
   65  *
   66  * This function is created automatically.
   67  */
   68 //--------------------------------------------------------------------------------------------------
   69 void le_iks_ecc_ConnectService
   70 (
   71     void
   72 );
   73 
   74 //--------------------------------------------------------------------------------------------------
   75 /**
   76  *
   77  * Try to connect the current client thread to the service providing this API. Return with an error
   78  * if the service is not available.
   79  *
   80  * For each thread that wants to use this API, either ConnectService or TryConnectService must be
   81  * called before any other functions in this API.  Normally, ConnectService is automatically called
   82  * for the main thread, but not for any other thread. For details, see @ref apiFilesC_client.
   83  *
   84  * This function is created automatically.
   85  *
   86  * @return
   87  *  - LE_OK if the client connected successfully to the service.
   88  *  - LE_UNAVAILABLE if the server is not currently offering the service to which the client is
   89  *    bound.
   90  *  - LE_NOT_PERMITTED if the client interface is not bound to any service (doesn't have a binding).
   91  *  - LE_COMM_ERROR if the Service Directory cannot be reached.
   92  */
   93 //--------------------------------------------------------------------------------------------------
   94 le_result_t le_iks_ecc_TryConnectService
   95 (
   96     void
   97 );
   98 
   99 //--------------------------------------------------------------------------------------------------
  100 /**
  101  * Set handler called when server disconnection is detected.
  102  *
  103  * When a server connection is lost, call this handler then exit with LE_FATAL.  If a program wants
  104  * to continue without exiting, it should call longjmp() from inside the handler.
  105  */
  106 //--------------------------------------------------------------------------------------------------
  107 LE_FULL_API void le_iks_ecc_SetServerDisconnectHandler
  108 (
  109     le_iks_ecc_DisconnectHandler_t disconnectHandler,
  110     void *contextPtr
  111 );
  112 
  113 //--------------------------------------------------------------------------------------------------
  114 /**
  115  *
  116  * Disconnect the current client thread from the service providing this API.
  117  *
  118  * Normally, this function doesn't need to be called. After this function is called, there's no
  119  * longer a connection to the service, and the functions in this API can't be used. For details, see
  120  * @ref apiFilesC_client.
  121  *
  122  * This function is created automatically.
  123  */
  124 //--------------------------------------------------------------------------------------------------
  125 void le_iks_ecc_DisconnectService
  126 (
  127     void
  128 );
  129 
  130 
  131 //--------------------------------------------------------------------------------------------------
  132 /**
  133  * Generate a shared secret between an ECC private key and an ECC public key.
  134  *
  135  * The private key must be of type LE_IKS_KEY_TYPE_PRIV_ECDH and the public must be of type
  136  * LE_IKS_KEY_TYPE_PUB_ECDH or LE_IKS_KEY_TYPE_PRIV_ECDH.
  137  *
  138  * This function may be used as part of a key exchange protocol.  The shared secret is unpredictable
  139  * (assuming the private portions of both keys are kept secret) but not uniformly distributed and
  140  * should not be used directly as a cryptographic key.
  141  *
  142  * The shared secret is in the format specified by SEC 1, that is the x component of the shared
  143  * point converted to an octet string.
  144  *
  145  * If the buffer is too small to hold the shared secret the shared secret will be truncated to fit.
  146  *
  147  * @return
  148  *      LE_OK if successful.
  149  *      LE_BAD_PARAMETER if either key reference is invalid
  150  *                       or if either key type is invalid
  151  *                       or if two key sizes do not match
  152  *                       or if the secretPtr or secretSizePtr is NULL.
  153  *      LE_FAULT if there was an internal error.
  154  */
  155 //--------------------------------------------------------------------------------------------------
  156 le_result_t le_iks_ecc_Ecdh_GetSharedSecret
  157 (
  158     uint64_t privKeyRef,
  159         ///< [IN] Private key reference.
  160     uint64_t pubKeyRef,
  161         ///< [IN] Publid Key reference.
  162     uint8_t* secretPtr,
  163         ///< [OUT] Buffer to hold the shared secret.
  164     size_t* secretSizePtr
  165         ///< [INOUT]
  166 );
  167 
  168 //--------------------------------------------------------------------------------------------------
  169 /**
  170  * Generate an ECDSA signature on the hash digest of a message.
  171  *
  172  * The key must be a LE_IKS_KEY_TYPE_PRIV_ECDSA key.
  173  *
  174  * The signature is the concatenation of the r and s values (r||s).  The size of the signature is
  175  * twice the key size.  For example if the key is 256 bits in size then the signature will be 64
  176  * bytes.  Note that when the key size is 521 bits, zero-valued high-order padding bits are added to
  177  * the signature values r and s resulting in a signature of 132 bytes.
  178  *
  179  * The hash function used to generate the message digest should be chosen to match the security
  180  * strength of the signing key.  For example, if the key size is 256 bits then SHA256 (or its
  181  * equivalent) should be used.
  182  *
  183  * @return
  184  *      LE_OK if successful.
  185  *      LE_BAD_PARAMETER if the key reference is invalid
  186  *                       or if the key type is invalid
  187  *                       or if digestPtr, signaturePtr or signatureSizePtr are NULL
  188  *      LE_OVERFLOW if the signature buffer is too small.
  189  *      LE_FAULT if there was an internal error.
  190  */
  191 //--------------------------------------------------------------------------------------------------
  192 le_result_t le_iks_ecc_Ecdsa_GenSig
  193 (
  194     uint64_t keyRef,
  195         ///< [IN] Key reference.
  196     const uint8_t* digestPtr,
  197         ///< [IN] Digest to sign.
  198     size_t digestSize,
  199         ///< [IN]
  200     uint8_t* signaturePtr,
  201         ///< [OUT] Buffer to hold the signature.
  202     size_t* signatureSizePtr
  203         ///< [INOUT]
  204 );
  205 
  206 //--------------------------------------------------------------------------------------------------
  207 /**
  208  * Verifies a signature of the hash digest of a message with ECDSA.
  209  *
  210  * The key must be either a LE_IKS_KEY_TYPE_PUB_ECDSA or LE_IKS_KEY_TYPE_PRIV_ECDSA key.
  211  *
  212  * The signature is the concatenation of the r and s values (r||s).  The size of the signature is
  213  * twice the key size.  For example if the key is 256 bits in size then the signature will be 64
  214  * bytes.  Note that when the key size is 521 bits, zero-valued high-order padding bits are added to
  215  * the signature values r and s resulting in a signature of 132 bytes.
  216  *
  217  * @return
  218  *      LE_OK if successful.
  219  *      LE_BAD_PARAMETER if the key reference is invalid
  220  *                       or if the key type is invalid
  221  *                       or if either digestPtr or signaturePtr are NULL.
  222  *      LE_FORMAT_ERROR if signatureSize is incorrect.
  223  *      LE_FAULT if the signature is not valid.
  224  */
  225 //--------------------------------------------------------------------------------------------------
  226 le_result_t le_iks_ecc_Ecdsa_VerifySig
  227 (
  228     uint64_t keyRef,
  229         ///< [IN] Key reference.
  230     const uint8_t* digestPtr,
  231         ///< [IN] Digest of the message.
  232     size_t digestSize,
  233         ///< [IN]
  234     const uint8_t* signaturePtr,
  235         ///< [IN] Signature of the message.
  236     size_t signatureSize
  237         ///< [IN]
  238 );
  239 
  240 //--------------------------------------------------------------------------------------------------
  241 /**
  242  * Encrypts and integrity protects of a short message with ECIES (Elliptic Curve Integrated
  243  * Encryption System).
  244  *
  245  * Hybrid encryption combines an asymmetric encryption system with a symmetric encryption system to
  246  * encrypt messages that can only be decrypted with the holder of the private key.  Hybrid
  247  * encryption is usually accomplished by using a symmetric encryption system to bulk encrypt
  248  * the message and then using the asymmetric encryption system to encrypt the symmetric key.
  249  *
  250  * ECIES provides hybrid encryption through a method that is more efficient than manually performing
  251  * the two step process described above.  Broadly speaking, ECIES performs a key agreement to
  252  * generate a shared secret, the shared secret is then used to generate a symmetric key using a KDF
  253  * (Key Derivation Function).  The symmetric key is then used to bulk encrypt the message.
  254  *
  255  * This implementation of ECIES generally follows the SEC 1 standard but supports modernized
  256  * algorithms for the KDF and bulk encryption.
  257  *
  258  * Either plaintextPtr or aadPtr can be NULL but not both.
  259  *
  260  * @return
  261  *      LE_OK if successful.
  262  *      LE_BAD_PARAMETER if the key reference is invalid
  263  *                       or if the key type is invalid.
  264  *                       or if either labelPtr, aadPtr, plaintextPtr, ciphertextPtr, ephemKeyPtr,
  265  *                         ephemKeySizePtr, saltPtr, saltSizePtr, tagPtr is NULL when they
  266  *                         shouldn't be.
  267  *      LE_OUT_OF_RANGE if the labelSize, aadSize, textSize is invalid.
  268  *      LE_OVERFLOW if either the ciphertextPtr, ephemKeyPtr, saltSizePtr buffer is too small.
  269  *      LE_FAULT if there was an internal error.
  270  */
  271 //--------------------------------------------------------------------------------------------------
  272 le_result_t le_iks_ecc_Ecies_EncryptPacket
  273 (
  274     uint64_t keyRef,
  275         ///< [IN] Key reference.
  276     const uint8_t* labelPtr,
  277         ///< [IN] Label. NULL if not used.
  278     size_t labelSize,
  279         ///< [IN]
  280     const uint8_t* aadPtr,
  281         ///< [IN] AAD chunk. NULL if not used.
  282     size_t aadSize,
  283         ///< [IN]
  284     const uint8_t* plaintextPtr,
  285         ///< [IN] Plaintext chunk. NULL if not used.
  286     size_t plaintextSize,
  287         ///< [IN]
  288     uint8_t* ciphertextPtr,
  289         ///< [OUT] Buffer to hold the ciphertext chunk.
  290     size_t* ciphertextSizePtr,
  291         ///< [INOUT]
  292     uint8_t* ephemKeyPtr,
  293         ///< [OUT] Serialized ephemeral public key.
  294     size_t* ephemKeySizePtr,
  295         ///< [INOUT]
  296     uint8_t* saltPtr,
  297         ///< [OUT] Buffer to hold the salt.
  298     size_t* saltSizePtr,
  299         ///< [INOUT]
  300     uint8_t* tagPtr,
  301         ///< [OUT] Buffer to hold the authentication tag.
  302     size_t* tagSizePtr
  303         ///< [INOUT]
  304 );
  305 
  306 //--------------------------------------------------------------------------------------------------
  307 /**
  308  * Decrypts and checks the integrity of a short message with ECIES (Elliptic Curve Integrated
  309  * Encryption System).
  310  *
  311  * Hybrid encryption combines an asymmetric encryption system with a symmetric encryption system to
  312  * encrypt messages that can only be decrypted with the holder of the private key.  Hybrid
  313  * encryption is usually accomplished by using a symmetric encryption system to bulk encrypt
  314  * the message and then using the asymmetric encryption system to encrypt the symmetric key.
  315  *
  316  * ECIES provides hybrid encryption through a method that is more efficient than manually performing
  317  * the two step process described above.  Broadly speaking, ECIES performs a key agreement to
  318  * generate a shared secret, the shared secret is then used to generate a symmetric key using a KDF
  319  * (Key Derivation Function).  The symmetric key is then used to bulk encrypt the message.
  320  *
  321  * This implementation of ECIES generally follows the SEC 1 standard but supports modernized
  322  * algorithms for the KDF and bulk encryption.
  323  *
  324  * @return
  325  *      LE_OK if successful.
  326  *      LE_BAD_PARAMETER if the key reference is invalid
  327  *                       or if the key reference is invalid
  328  *                       or if either the ephemKeyPtr, saltPtr, aadPtr, plaintextPtr,
  329  *                         ciphertextChunkPtr, tagPtr is NULL when they shouldn't be.
  330  *      LE_OUT_OF_RANGE if the labelSize, aadSize, textSize, tagSize is invalid.
  331  *      LE_OVERFLOW if plaintextPtr buffer is too small.
  332  *      LE_FAULT if there was an internal error.
  333  */
  334 //--------------------------------------------------------------------------------------------------
  335 le_result_t le_iks_ecc_Ecies_DecryptPacket
  336 (
  337     uint64_t keyRef,
  338         ///< [IN] Key reference.
  339     const uint8_t* labelPtr,
  340         ///< [IN] Label. NULL if not used.
  341     size_t labelSize,
  342         ///< [IN]
  343     const uint8_t* aadPtr,
  344         ///< [IN] AAD chunk. NULL if not used.
  345     size_t aadSize,
  346         ///< [IN]
  347     const uint8_t* ephemKeyPtr,
  348         ///< [IN] Serialized ephemeral public key.
  349     size_t ephemKeySize,
  350         ///< [IN]
  351     const uint8_t* saltPtr,
  352         ///< [IN] Salt.
  353     size_t saltSize,
  354         ///< [IN]
  355     const uint8_t* ciphertextPtr,
  356         ///< [IN] Ciphertext chunk.
  357     size_t ciphertextSize,
  358         ///< [IN]
  359     uint8_t* plaintextPtr,
  360         ///< [OUT] Buffer to hold the plaintext chunk.
  361     size_t* plaintextSizePtr,
  362         ///< [INOUT]
  363     const uint8_t* tagPtr,
  364         ///< [IN] Authentication tag.
  365     size_t tagSize
  366         ///< [IN]
  367 );
  368 
  369 //--------------------------------------------------------------------------------------------------
  370 /**
  371  * Starts a process to encrypt and integrity protect a message with ECIES (Elliptic Curve Integrated
  372  * Encryption System).
  373  *
  374  * Hybrid encryption combines an asymmetric encryption system with a symmetric encryption system to
  375  * encrypt messages that can only be decrypted with the holder of the private key.  Hybrid
  376  * encryption is usually accomplished by using a symmetric encryption system to bulk encrypt
  377  * the message and then using the asymmetric encryption system to encrypt the symmetric key.
  378  *
  379  * This implementation of ECIES generally follows the SEC 1 standard but supports modernized
  380  * algorithms for the KDF and bulk encryption.
  381  *
  382  * To encrypt a long packet the following sequence should be used:
  383  *
  384  * Ecies_StartEncrypt()  // Start the encryption process.
  385  * Ecies_ProcessAad()    // Call zero or more times until all AAD data is processed.
  386  * Ecies_Encrypt()       // Call zero or more times until all plaintext is encrypted.
  387  * Ecies_DoneEncrypt()   // Complete the process and obtain the authentication tag.
  388  *
  389  * Calling this function will cancel any previously started process using the same session.
  390  *
  391  * The session must have been created with the public key used for encryption.
  392  *
  393  * The AAD and plaintext are optional but they cannot both be omitted.  All AAD must be processed
  394  * before plaintext processing begins.
  395  *
  396  * An optional label associated with the message can be added.
  397  *
  398  * The public portion of the ephemeral key used during the encrytion process is stored in the
  399  * ephemKeyPtr buffer.  It is encoded as an ECPoint as described in RFC5480.
  400  *
  401  * A random salt is used during the encryption process only if the KDF requires it.  Currently,
  402  * only HKDF requires a salt.  If present the salt will be the same size as the hash function output
  403  * size.  If no salt is used saltPtr is set to NULL.
  404  *
  405  * @return
  406  *      LE_OK if successful.
  407  *      LE_BAD_PARAMETER if the session reference is invalid
  408  *                       or if the key type is invalid
  409  *                       or if either the ephemKeyPtr, ephemKeySizePtr, saltPtr or saltSizePtr
  410  *                         is NULL.
  411  *      LE_OUT_OF_RANGE if the labelSize is too big.
  412  *      LE_OVERFLOW if any of the output buffers are too small.
  413  *      LE_FAULT if there was an internal error.
  414  */
  415 //--------------------------------------------------------------------------------------------------
  416 le_result_t le_iks_ecc_Ecies_StartEncrypt
  417 (
  418     uint64_t session,
  419         ///< [IN] Session reference.
  420     const uint8_t* labelPtr,
  421         ///< [IN] Label. NULL if not used.
  422     size_t labelSize,
  423         ///< [IN]
  424     uint8_t* ephemKeyPtr,
  425         ///< [OUT] Serialized ephemeral public key.
  426     size_t* ephemKeySizePtr,
  427         ///< [INOUT]
  428     uint8_t* saltPtr,
  429         ///< [OUT] Buffer to hold the salt.
  430     size_t* saltSizePtr
  431         ///< [INOUT]
  432 );
  433 
  434 //--------------------------------------------------------------------------------------------------
  435 /**
  436  * Process a chunk of AAD (Additional Authenticated Data).  Either Ecies_StartEncrypt() or
  437  * Ecies_StartDecrypt() must have been previously called to start either an encryption or
  438  * decryption process.
  439  *
  440  * @return
  441  *      LE_OK if successful.
  442  *      LE_BAD_PARAMETER if the session reference is invalid
  443  *                       or if the key type is invalid
  444  *                       or if aadChunkPtr is NULL.
  445  *      LE_OUT_OF_RANGE if aadChunkSize is too big.
  446  *      LE_FAULT if an encryption or decryption process was not started or
  447  *                            plaintext/ciphertext processing has already started.
  448  */
  449 //--------------------------------------------------------------------------------------------------
  450 le_result_t le_iks_ecc_Ecies_ProcessAad
  451 (
  452     uint64_t session,
  453         ///< [IN] Session reference.
  454     const uint8_t* aadChunkPtr,
  455         ///< [IN] AAD chunk.
  456     size_t aadChunkSize
  457         ///< [IN]
  458 );
  459 
  460 //--------------------------------------------------------------------------------------------------
  461 /**
  462  * Encrypt a chunk of plaintext.  Ecies_StartEncrypt() must have been previously called to
  463  * start an encryption process.
  464  *
  465  * @return
  466  *      LE_OK if successful.
  467  *      LE_BAD_PARAMETER if the session reference is invalid
  468  *                       or if the key type is invalid
  469  *                       or if plaintextChunkPtr or ciphertextChunkPtr is NULL.
  470  *      LE_OUT_OF_RANGE if textSize is too big.
  471  *      LE_FAULT if an encryption process has not started.
  472  */
  473 //--------------------------------------------------------------------------------------------------
  474 le_result_t le_iks_ecc_Ecies_Encrypt
  475 (
  476     uint64_t session,
  477         ///< [IN] Session reference.
  478     const uint8_t* plaintextChunkPtr,
  479         ///< [IN] Plaintext chunk. NULL if not used.
  480     size_t plaintextChunkSize,
  481         ///< [IN]
  482     uint8_t* ciphertextChunkPtr,
  483         ///< [OUT] Buffer to hold the ciphertext chunk.
  484     size_t* ciphertextChunkSizePtr
  485         ///< [INOUT]
  486 );
  487 
  488 //--------------------------------------------------------------------------------------------------
  489 /**
  490  * Complete encryption and calculate the authentication tag.
  491  *
  492  * The maximum tag size depends on the symmetric algorithm used.  If the supplied buffer is
  493  * larger than or equal to the maximum authentication tag size then the full authentication tag is
  494  * copied to the buffer and the rest of the buffer is left unmodified.  If the supplied buffer is
  495  * smaller than the maximum tag size then the tag will be truncated.  However, all tags produced
  496  * using the same key must use the same tag size.  It is up to the caller to ensure this.
  497  *
  498  * @return
  499  *      LE_OK if successful.
  500  *      LE_BAD_PARAMETER if the session reference is invalid
  501  *                       or if the key type is invalid
  502  *                       or if tagPtr is NULL.
  503  *      LE_OVERFLOW if the tagPtr buffer is too small.
  504  *      LE_FAULT if an encryption process has not started or no data
  505  *                            (AAD and plaintext) has been processed.
  506  */
  507 //--------------------------------------------------------------------------------------------------
  508 le_result_t le_iks_ecc_Ecies_DoneEncrypt
  509 (
  510     uint64_t session,
  511         ///< [IN] Session reference.
  512     uint8_t* tagPtr,
  513         ///< [OUT] Buffer to hold the authentication tag.
  514     size_t* tagSizePtr
  515         ///< [INOUT]
  516 );
  517 
  518 //--------------------------------------------------------------------------------------------------
  519 /**
  520  * Starts a process to decrypt and check the integrity of a message with ECIES (Elliptic Curve
  521  * Integrated Encryption System).
  522  *
  523  * Hybrid encryption combines an asymmetric encryption system with a symmetric encryption system to
  524  * encrypt (possibly long) messages that can only be decrypted with the holder of the private key.
  525  * Hybrid encryption is usually accomplished by using a symmetric encryption system to bulk encrypt
  526  * the message and then using the asymmetric encryption system to encrypt the symmetric key.
  527  *
  528  * ECIES provides hybrid encryption through a method that is more efficient than manually performing
  529  * the two step process described above.  Broadly speaking, ECIES performs a key agreement to
  530  * generate a shared secret, the shared secret is then used to generate a symmetric key using a KDF
  531  * (Key Derivation Function).  The symmetric key is then used to bulk encrypt the message.
  532  *
  533  * This implementation of ECIES generally follows the SEC 1 standard but supports modernized
  534  * algorithms for the KDF and bulk encryption.
  535  *
  536  * To decrypt a long packet the following sequence should be used:
  537  *
  538  * Ecies_StartDecrypt()  // Start the decryption process.
  539  * Ecies_ProcessAad()    // Call zero or more times until all AAD data is processed.
  540  * Ecies_Decrypt()       // Call zero or more times until all ciphertext is decrypted.
  541  * Ecies_DoneDecrypt()   // Complete the process and check the authentication tag.
  542  *
  543  * Calling this function will cancel any previously started process using the same session.
  544  *
  545  * The same label, ephemeral public key and salt used for encryption must be provided.
  546  *
  547  * @warning
  548  *      While decrypting long packets in this 'streaming' fashion plaintext chunks are released to
  549  *      the caller before they are verified for integrity.  Ie. the caller will not know the
  550  *      plaintext is correct until DoneDecrypt() is called.  The caller therefore must
  551  *      not release or make use of any plaintext chunks until after DoneDecrypt() returns
  552  *      with LE_OK.
  553  *
  554  * @return
  555  *      LE_OK if successful.
  556  *      LE_BAD_PARAMETER if the session reference is invalid
  557  *                       or if the session key type or ephemeral key is invalid
  558  *                       or if either the ephemKeyPtr or saltPtr is NULL.
  559  *      LE_OUT_OF_RANGE if either the labelSize is too big or the saltSize or ephemKeySize is
  560  *                       incorrect.
  561  *      LE_FAULT if there was an internal error.
  562  */
  563 //--------------------------------------------------------------------------------------------------
  564 le_result_t le_iks_ecc_Ecies_StartDecrypt
  565 (
  566     uint64_t session,
  567         ///< [IN] Session reference.
  568     const uint8_t* labelPtr,
  569         ///< [IN] Label. NULL if not used.
  570     size_t labelSize,
  571         ///< [IN]
  572     const uint8_t* ephemKeyPtr,
  573         ///< [IN] Serialized ephemeral public key.
  574     size_t ephemKeySize,
  575         ///< [IN]
  576     const uint8_t* saltPtr,
  577         ///< [IN] Salt.
  578     size_t saltSize
  579         ///< [IN]
  580 );
  581 
  582 //--------------------------------------------------------------------------------------------------
  583 /**
  584  * Decrypt a chunk of ciphertext.  Ecies_StartDecrypt() must have been previously called to
  585  * start a decryption process.
  586  *
  587  * @return
  588  *      LE_OK if successful.
  589  *      LE_BAD_PARAMETER if the session reference is invalid
  590  *                       or if the key type is invalid
  591  *                       or if plaintextChunkPtr or ciphertextChunkPtr is NULL.
  592  *      LE_OUT_OF_RANGE if textSize is too big.
  593  *      LE_FAULT if a decryption process has not started.
  594  */
  595 //--------------------------------------------------------------------------------------------------
  596 le_result_t le_iks_ecc_Ecies_Decrypt
  597 (
  598     uint64_t session,
  599         ///< [IN] Session reference.
  600     const uint8_t* ciphertextChunkPtr,
  601         ///< [IN] Ciphertext chunk.
  602     size_t ciphertextChunkSize,
  603         ///< [IN]
  604     uint8_t* plaintextChunkPtr,
  605         ///< [OUT] Buffer to hold the plaintext chunk.
  606     size_t* plaintextChunkSizePtr
  607         ///< [INOUT]
  608 );
  609 
  610 //--------------------------------------------------------------------------------------------------
  611 /**
  612  * Complete decryption and verify the integrity.
  613  *
  614  * @return
  615  *      LE_OK if successful.
  616  *      LE_BAD_PARAMETER if the session reference is invalid
  617  *                       or if the key type is invalid
  618  *                       or if tagPtr is NULL.
  619  *      LE_FAULT if a decryption process has not started or no data (AAD and
  620  *                 ciphertext) has been processed
  621  *               or the integrity check failed.
  622  */
  623 //--------------------------------------------------------------------------------------------------
  624 le_result_t le_iks_ecc_Ecies_DoneDecrypt
  625 (
  626     uint64_t session,
  627         ///< [IN] Session reference.
  628     const uint8_t* tagPtr,
  629         ///< [IN] Authentication tag.
  630     size_t tagSize
  631         ///< [IN]
  632 );
  633 
  634 /** @} **/
  635 
  636 #endif // LE_IKS_ECC_INTERFACE_H_INCLUDE_GUARD
le_iks_ecc_DisconnectService
void le_iks_ecc_DisconnectService(void)


le_result_t
le_result_t
Definition: le_basics.h:46


le_iks_ecc_Ecies_EncryptPacket
le_result_t le_iks_ecc_Ecies_EncryptPacket(uint64_t keyRef, const uint8_t *labelPtr, size_t labelSize, const uint8_t *aadPtr, size_t aadSize, const uint8_t *plaintextPtr, size_t plaintextSize, uint8_t *ciphertextPtr, size_t *ciphertextSizePtr, uint8_t *ephemKeyPtr, size_t *ephemKeySizePtr, uint8_t *saltPtr, size_t *saltSizePtr, uint8_t *tagPtr, size_t *tagSizePtr)


le_iks_ecc_Ecdsa_GenSig
le_result_t le_iks_ecc_Ecdsa_GenSig(uint64_t keyRef, const uint8_t *digestPtr, size_t digestSize, uint8_t *signaturePtr, size_t *signatureSizePtr)


le_iks_ecc_Ecies_DecryptPacket
le_result_t le_iks_ecc_Ecies_DecryptPacket(uint64_t keyRef, const uint8_t *labelPtr, size_t labelSize, const uint8_t *aadPtr, size_t aadSize, const uint8_t *ephemKeyPtr, size_t ephemKeySize, const uint8_t *saltPtr, size_t saltSize, const uint8_t *ciphertextPtr, size_t ciphertextSize, uint8_t *plaintextPtr, size_t *plaintextSizePtr, const uint8_t *tagPtr, size_t tagSize)


le_iks_ecc_ConnectService
void le_iks_ecc_ConnectService(void)


le_iks_ecc_Ecies_StartDecrypt
le_result_t le_iks_ecc_Ecies_StartDecrypt(uint64_t session, const uint8_t *labelPtr, size_t labelSize, const uint8_t *ephemKeyPtr, size_t ephemKeySize, const uint8_t *saltPtr, size_t saltSize)


le_iks_ecc_Ecies_StartEncrypt
le_result_t le_iks_ecc_Ecies_StartEncrypt(uint64_t session, const uint8_t *labelPtr, size_t labelSize, uint8_t *ephemKeyPtr, size_t *ephemKeySizePtr, uint8_t *saltPtr, size_t *saltSizePtr)


le_iks_ecc_Ecies_Encrypt
le_result_t le_iks_ecc_Ecies_Encrypt(uint64_t session, const uint8_t *plaintextChunkPtr, size_t plaintextChunkSize, uint8_t *ciphertextChunkPtr, size_t *ciphertextChunkSizePtr)


le_iks_ecc_Ecies_DoneEncrypt
le_result_t le_iks_ecc_Ecies_DoneEncrypt(uint64_t session, uint8_t *tagPtr, size_t *tagSizePtr)


le_iks_ecc_common.h


le_iks_ecc_Ecies_DoneDecrypt
le_result_t le_iks_ecc_Ecies_DoneDecrypt(uint64_t session, const uint8_t *tagPtr, size_t tagSize)


le_iks_ecc_Ecdh_GetSharedSecret
le_result_t le_iks_ecc_Ecdh_GetSharedSecret(uint64_t privKeyRef, uint64_t pubKeyRef, uint8_t *secretPtr, size_t *secretSizePtr)


le_iks_ecc_Ecies_ProcessAad
le_result_t le_iks_ecc_Ecies_ProcessAad(uint64_t session, const uint8_t *aadChunkPtr, size_t aadChunkSize)


LE_FULL_API
#define LE_FULL_API
Definition: le_apiFeatures.h:40


le_iks_ecc_Ecies_Decrypt
le_result_t le_iks_ecc_Ecies_Decrypt(uint64_t session, const uint8_t *ciphertextChunkPtr, size_t ciphertextChunkSize, uint8_t *plaintextChunkPtr, size_t *plaintextChunkSizePtr)



le_iks_ecc_DisconnectHandler_t
void(* le_iks_ecc_DisconnectHandler_t)(void *)
Definition: le_iks_ecc_interface.h:54


le_iks_interface.h


le_iks_ecc_SetServerDisconnectHandler
LE_FULL_API void le_iks_ecc_SetServerDisconnectHandler(le_iks_ecc_DisconnectHandler_t disconnectHandler, void *contextPtr)


le_iks_ecc_Ecdsa_VerifySig
le_result_t le_iks_ecc_Ecdsa_VerifySig(uint64_t keyRef, const uint8_t *digestPtr, size_t digestSize, const uint8_t *signaturePtr, size_t signatureSize)


le_iks_ecc_TryConnectService
le_result_t le_iks_ecc_TryConnectService(void)