├── .gitignore
├── LICENSE
├── README.md
├── README_zh.md
├── app
├── hal_app
│ ├── app_entry.c
│ ├── inc
│ │ └── hal_test.h
│ ├── makefile
│ └── src
│ │ ├── hal_aes_test.c
│ │ ├── hal_hash_test.c
│ │ ├── hal_km_test.c
│ │ ├── hal_rand_test.c
│ │ ├── hal_rsa_test.c
│ │ ├── hal_sm2_test.c
│ │ ├── hal_sst_test.c
│ │ └── hal_test.c
├── id2_app
│ ├── app_entry.c
│ ├── inc
│ │ └── id2_test.h
│ ├── makefile
│ └── src
│ │ ├── id2_client_kpm.c
│ │ ├── id2_client_mesg.c
│ │ └── id2_client_test.c
├── itls_app
│ ├── app_entry.c
│ ├── makefile
│ └── src
│ │ ├── idtls_client.c
│ │ └── itls_client.c
└── makefile
├── doc
└── 《ID2 安全应用指令规范V1.0》.pdf
├── include
├── crypto
│ ├── ali_crypto.h
│ └── ali_crypto_types.h
├── hal
│ ├── ls_hal.h
│ ├── ls_hal_aes.h
│ ├── ls_hal_crypt.h
│ ├── ls_hal_ecc.h
│ ├── ls_hal_hash.h
│ ├── ls_hal_km.h
│ ├── ls_hal_rsa.h
│ ├── ls_hal_sm2.h
│ ├── ls_hal_sm4.h
│ └── ls_hal_sst.h
├── id2
│ ├── id2_client.h
│ ├── id2_client_dpm.h
│ └── id2_client_kpm.h
├── irot
│ ├── km.h
│ ├── puf
│ │ └── irot_hal.h
│ └── se
│ │ └── irot_hal.h
├── itls
│ ├── aes.h
│ ├── aes_alt.h
│ ├── check_config.h
│ ├── cipher.h
│ ├── cipher_internal.h
│ ├── config.h
│ ├── debug.h
│ ├── hal_itls.h
│ ├── md.h
│ ├── md_internal.h
│ ├── net.h
│ ├── net_sockets.h
│ ├── platform.h
│ ├── sha1.h
│ ├── sha1_alt.h
│ ├── sha256.h
│ ├── sha256_alt.h
│ ├── ssl.h
│ ├── ssl_auth.h
│ ├── ssl_ciphersuites.h
│ ├── ssl_internal.h
│ └── timing.h
└── osa
│ └── ls_osa.h
├── make.rules
├── make.settings
├── makefile
├── modules
├── crypto
│ ├── inc
│ │ ├── asn1.h
│ │ ├── asn1write.h
│ │ ├── ecp.h
│ │ ├── oid.h
│ │ └── pk.h
│ ├── makefile
│ └── src
│ │ ├── api_aes.c
│ │ ├── api_ecc.c
│ │ ├── api_hash.c
│ │ ├── api_hmac.c
│ │ ├── api_init.c
│ │ ├── api_pkparse.c
│ │ ├── api_pkwrite.c
│ │ ├── api_rand.c
│ │ ├── api_rsa.c
│ │ ├── api_sm2.c
│ │ ├── api_sm4.c
│ │ ├── asn1parse.c
│ │ ├── asn1write.c
│ │ ├── oid.c
│ │ └── pkparse.c
├── hal
│ ├── crypto
│ │ └── demo
│ │ │ ├── inc
│ │ │ ├── aes.h
│ │ │ ├── asn1.h
│ │ │ ├── bignum.h
│ │ │ ├── bn_mul.h
│ │ │ ├── config.h
│ │ │ ├── ecp.h
│ │ │ ├── md.h
│ │ │ ├── md5.h
│ │ │ ├── oid.h
│ │ │ ├── pk.h
│ │ │ ├── rsa.h
│ │ │ ├── sha1.h
│ │ │ ├── sha256.h
│ │ │ ├── sm2.h
│ │ │ ├── sm3.h
│ │ │ └── sm4.h
│ │ │ └── src
│ │ │ ├── aes.c
│ │ │ ├── bignum.c
│ │ │ ├── ecp.c
│ │ │ ├── ecp_curves.c
│ │ │ ├── ls_hal_aes.c
│ │ │ ├── ls_hal_ecc.c
│ │ │ ├── ls_hal_hash.c
│ │ │ ├── ls_hal_rand.c
│ │ │ ├── ls_hal_rsa.c
│ │ │ ├── ls_hal_sm2.c
│ │ │ ├── ls_hal_sm4.c
│ │ │ ├── md5.c
│ │ │ ├── rsa.c
│ │ │ ├── sha1.c
│ │ │ ├── sha256.c
│ │ │ ├── sm2.c
│ │ │ ├── sm3.c
│ │ │ └── sm4.c
│ ├── km
│ │ └── demo
│ │ │ └── ls_hal_km.c
│ ├── makefile
│ └── sst
│ │ └── demo
│ │ └── ls_hal_sst.c
├── id2
│ ├── lib
│ │ ├── inc
│ │ │ ├── id2_config.h
│ │ │ ├── id2_plat.h
│ │ │ └── id2_priv.h
│ │ ├── makefile
│ │ └── src
│ │ │ ├── id2_client.c
│ │ │ ├── id2_dpm.c
│ │ │ ├── id2_kpm.c
│ │ │ ├── id2_otp.c
│ │ │ ├── id2_plat.c
│ │ │ ├── id2_util.c
│ │ │ └── id2_wrap.c
│ ├── makefile
│ └── stub
│ │ ├── inc
│ │ └── id2_priv.h
│ │ ├── makefile
│ │ └── src
│ │ ├── id2_client.c
│ │ ├── id2_dpm.c
│ │ └── id2_kpm.c
├── irot
│ ├── demo
│ │ ├── makefile
│ │ └── src
│ │ │ └── km_demo.c
│ ├── makefile
│ ├── puf
│ │ ├── chipset
│ │ │ └── demo
│ │ │ │ ├── irot_hal_ecc.c
│ │ │ │ └── mbedtls
│ │ │ │ ├── include
│ │ │ │ └── mbedtls
│ │ │ │ │ ├── asn1.h
│ │ │ │ │ ├── asn1write.h
│ │ │ │ │ ├── bignum.h
│ │ │ │ │ ├── bn_mul.h
│ │ │ │ │ ├── check_config.h
│ │ │ │ │ ├── config.h
│ │ │ │ │ ├── ecdh.h
│ │ │ │ │ ├── ecdsa.h
│ │ │ │ │ ├── ecp.h
│ │ │ │ │ ├── ecp_internal.h
│ │ │ │ │ ├── md.h
│ │ │ │ │ ├── platform.h
│ │ │ │ │ ├── platform_util.h
│ │ │ │ │ └── threading.h
│ │ │ │ └── src
│ │ │ │ ├── asn1parse.c
│ │ │ │ ├── asn1write.c
│ │ │ │ ├── bignum.c
│ │ │ │ ├── ecdh.c
│ │ │ │ ├── ecdsa.c
│ │ │ │ ├── ecp.c
│ │ │ │ ├── ecp_curves.c
│ │ │ │ ├── md.c
│ │ │ │ ├── md_wrap.c
│ │ │ │ ├── platform_util.c
│ │ │ │ └── sha256.c
│ │ ├── inc
│ │ │ ├── chip_config.h
│ │ │ ├── chip_log.h
│ │ │ └── chip_util.h
│ │ ├── makefile
│ │ └── src
│ │ │ ├── chip_util.c
│ │ │ └── km_to_irot.c
│ └── se
│ │ ├── chipset
│ │ ├── demo
│ │ │ ├── chip_config.h
│ │ │ └── irot_hal.c
│ │ └── template
│ │ │ ├── chip_config.h
│ │ │ └── se_driver
│ │ │ └── se_driver.c
│ │ ├── inc
│ │ ├── chip_log.h
│ │ ├── se_driver.h
│ │ └── se_key_list.h
│ │ ├── makefile
│ │ └── src
│ │ ├── core
│ │ ├── km_to_irot.c
│ │ ├── mtk_se_adapter.c
│ │ └── std_se_adapter.c
│ │ └── log
│ │ └── chip_log.c
├── itls
│ ├── makefile
│ └── src
│ │ ├── cipher.c
│ │ ├── cipher_wrap.c
│ │ ├── debug.c
│ │ ├── hal_itls.c
│ │ ├── mbedtls_alt.c
│ │ ├── mbedtls_auth.c
│ │ ├── md.c
│ │ ├── md_wrap.c
│ │ ├── net_sockets.c
│ │ ├── platform.c
│ │ ├── sha1.c
│ │ ├── sha256.c
│ │ ├── ssl_ciphersuites.c
│ │ ├── ssl_cli.c
│ │ ├── ssl_tls.c
│ │ └── timing.c
└── osa
│ ├── demo
│ └── src
│ │ └── ls_osa.c
│ ├── linux
│ └── src
│ │ └── ls_osa.c
│ ├── makefile
│ └── no_os
│ └── src
│ ├── ls_osa.c
│ └── ls_osa_list.h
├── sample
└── id2_sample.c
└── tags
/.gitignore:
--------------------------------------------------------------------------------
1 | *.obj
2 | *.exe
3 | *.log
4 | *.o
5 | *.sln
6 | *.pyc
7 | *.opensdf
8 | *.sdf
9 | *.suo
10 | *.user
11 | ipch/
12 | Debug/
13 | out/
14 | .DS_Store
15 | .netrwhist
16 | *.class
17 | *.cap
18 | *.exp
19 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright (c) 2017-2019 Alibaba Group. All rights reserved.
2 | License-Identifier: Apache-2.0
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License"); you may
5 | not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 | WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 |
16 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # README for ID² Client SDK
2 |
3 |
4 | IoT Device ID(ID²) is a trusted identity identifier for IoT devices, which can not be tampered with, cannot be forged, and is the only security attribute in the world. It is a key infrastructure for the interconnection of everything and the circulation of services.
5 |
6 | ID² Client SDK is used for device-side development and debugging, helping developers to quickly access the ID² open platform. This SDK supports four types of carrier Demo, SE(Secure Element), PUF(Physical Unclonable Function) and MDU(Security Module):
7 |
8 | - Demo carrier: used for the demonstration of ID² device-side functions. For the official product, it must be switched to a secure carrier (Soft-KM, SE, TEE).
9 | - SE carrier: external security chip, ID² pre-burned on the SE chip.
10 | - PUF carrier: external security chip, ID² pre-generated in the PUF chip.
11 | - MDU carrier: security module, ID² key and SDK in the module, the main control calls the function of ID² through A&T commands.
12 |
13 | > |—— app:Encryption and decryption hardware adaptation (HAL) interface and ID² interface test program.
14 | > |—— doc:Related documents, such as ID² directive specifications.
15 | > |—— include:Header file directory.
16 | > |—— makefile:The total compilation script.
17 | > |—— make.rules:The compilation configuration.
18 | > |—— make.settings:ID² configuration, such as debugging information, idle function and carrier selection.
19 | > |—— modules:ID² and ID² dependent modules.
20 | > |—— sample:Sample code.
21 |
22 | # Quick start
23 |
24 | Describe to compile and run ID²Client SDK on Ubuntu; for other compiling environments, please refer to makefile to compile and adapt.
25 |
26 |
27 |
28 | ## Compiler Environment
29 |
30 | Use Ubuntu 14.04 or above.
31 |
32 |
33 | ## Compile configuration
34 |
35 | - make.rules:
36 |
37 | > CROSS_COMPILE: The toolchain used for compilation.
38 | > CFLAGS:The compilation parameters of the compilation tool chain.
39 |
40 | - make.settings:
41 |
42 | > CONFIG_LS_ID2_DEBUG:ID² debugging information switch.
43 | > CONFIG_LS_ID2_OTP:The ID² key is used to dynamically issue the function switch.
44 | > CONFIG_LS_ID2_ROT_TYPE:The type of ID² security carrier, SE|Demo|MDU|PUF.
45 | > CONFIG_LS_ID2_KEY_TYPE:The key type of ID², 3DES|AES|RSA|ECC|SM1|SM2|SM4.
46 | > CONFIG_LS_ID2_ECDP_TYPE: The type of Elliptic Curve Domain Parameter, K-163|K-233|K-283|K-192|K-224|K-256.
47 | > - K-163:sect163k1
48 | > - K-233:sect233k1
49 | > - K-283:sect283k1
50 | > - K-192:secp192k1
51 | > - K-224:secp224k1
52 | > - K-256:secp256k1
53 |
54 |
55 | ## Compile the SDK:
56 |
57 | In the SDK directory, run the following command:
58 |
59 | > $ make clean
60 | > $ make
61 |
62 | The compilation is successful, and the generated static libraries and applications are unified in the out directory of the SDK.
63 |
64 |
65 | ## Run the program:
66 |
67 | In the SDK directory, run the following command:
68 |
69 | > ./out/bin/id2_app
70 |
71 | The test is successful (only device-side interface test, non-real interaction verification), the log displays as follows:
72 |
73 | >
74 | > id2_client_get_id 649: ID2: 000FFFFFDB1D8DC78DDCB800
75 | > id2_client_generate_authcode 170:
76 | > ============ ID² Validation Json Message ============:
77 | > {
78 | > "reportVersion": "1.0.0",
79 | > "sdkVersion": "2.0.0",
80 | > "date": "Aug 23 2019 18:17:13",
81 | > "testContent": [{
82 | > .......
83 | > }]
84 | > }
85 | > id2_client_generate_authcode 186: =====>ID2 Client Generate AuthCode End.
86 |
--------------------------------------------------------------------------------
/README_zh.md:
--------------------------------------------------------------------------------
1 | # README for ID² Client SDK
2 |
3 |
4 | IoT设备身份认证ID²(Internet Device ID),是一种物联网设备的可信身份标识,具备不可篡改、不可伪造、全球唯一的安全属性,是实现万物互联、服务流转的关键基础设施。
5 |
6 | ID² Client SDK是用于设备端开发和调试,帮助开发者快速接入ID²开放平台。此SDK, 支持四种载体Demo, SE(Secure Element), PUF(Physical Unclonable Function)和MDU(安全模组):
7 |
8 | - Demo载体:用于ID²设备端功能的演示,正式产品,需切换到安全载体(Soft-KM, SE, TEE)。
9 | - SE载体:外挂安全芯片,ID²预烧录在SE芯片上。
10 | - PUF载体:外挂安全芯片,ID²在PUF芯片内生成,ID和公钥注册到认证中心。
11 | - MDU载体:安全模组,ID²密钥和SDK在模组中,主控通过A&T指令调用ID²的功能。
12 |
13 | > |—— app:加解密硬件适配(HAL)接口和ID²接口的测试程序。
14 | > |—— doc:相关文档,如ID²指令规范。
15 | > |—— include:头文件目录。
16 | > |—— makefile:总的编译脚本。
17 | > |—— make.rules:编译配置,可配置编译工具链和编译参数。
18 | > |—— make.settings:ID²配置,如调试信息、空发功能和载体选择。
19 | > |—— modules:ID²和ID²依赖的模块。
20 | > |—— sample:示例代码。
21 |
22 |
23 |
24 | # 快速开始
25 | 描述在Ubuntu上编译和运行ID²Client SDK;其他编译环境,请参考makefile进行编译适配。
26 |
27 |
28 | ## 编译环境:
29 | 使用Ubuntu 14.04以上版本。
30 |
31 |
32 | ## 编译配置:
33 |
34 | - make.rules:
35 | > CROSS_COMPILE: 编译使用的工具链。
36 | > CFLAGS:编译工具链的编译参数。
37 |
38 | - make.settings:
39 | > CONFIG_LS_ID2_DEBUG:ID²调试信息的开关。
40 | > CONFIG_LS_ID2_OTP:ID²密钥在使用时动态下发功能的开关。
41 | > CONFIG_LS_ID2_ROT_TYPE:ID²的安全载体的类型,SE|Demo|MDU|PUF。
42 | > CONFIG_LS_ID2_KEY_TYPE:ID²的密钥类型,3DES|AES|RSA|ECC|SM1|SM2|SM4。
43 | > CONFIG_LS_ID2_ECDP_TYPE:ID²的椭圆曲线参数,K-163|K-233|K-283|K-192|K-224|K-256。
44 | > - K-163:sect163k1
45 | > - K-233:sect233k1
46 | > - K-283:sect283k1
47 | > - K-192:secp192k1
48 | > - K-224:secp224k1
49 | > - K-256:secp256k1
50 |
51 |
52 | ## 编译SDK:
53 | 在SDK目录,运行如下命令:
54 | > $ make clean
55 | > $ make
56 |
57 | 编译成功,生成的静态库和应用程序统一放在SDK的out目录。
58 |
59 |
60 | ## 运行程序:
61 | 在SDK目录,运行如下命令:
62 | > ./out/bin/id2_app
63 |
64 |
65 | 测试成功(仅设备端接口测试,非真实交互验证),日志显示如下:
66 | >
67 | > id2_client_get_id 649: ID2: 000FFFFFDB1D8DC78DDCB800
68 | > id2_client_generate_authcode 170:
69 | > ============ ID2 Validation Json Message ============:
70 | > {
71 | > "reportVersion": "1.0.0",
72 | > "sdkVersion": "2.0.0",
73 | > "date": "Aug 23 2019 18:17:13",
74 | > "testContent": [{
75 | > .......
76 | > }]
77 | > }
78 | > id2_client_generate_authcode 186: =====>ID2 Client Generate AuthCode End.
79 |
80 |
81 |
82 |
83 | # 其他:
84 | 更多文档,如设备端适配和自主验证,请查阅官网文档:
85 | https://help.aliyun.com/document_detail/101295.html
86 |
87 |
88 |
89 |
--------------------------------------------------------------------------------
/app/hal_app/app_entry.c:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2017-2019 Alibaba Group Holding Limited
3 | */
4 |
5 | #include "hal_test.h"
6 |
7 | int main(int argc, char *argv[])
8 | {
9 | int ret;
10 |
11 | #if defined(CONFIG_HAL_CRYPTO)
12 | ret = hal_crypto_test();
13 | if (ret < 0) {
14 | HAL_TEST_ERR("hal_crypto test fail!!\n");
15 | return -1;
16 | }
17 | #endif
18 |
19 | ret = hal_sst_test();
20 | if (ret < 0) {
21 | HAL_TEST_ERR("hal_sst test fail!!\n");
22 | return -1;
23 | }
24 |
25 | ret = hal_km_test();
26 | if (ret < 0) {
27 | HAL_TEST_ERR("hal_km test fail!!\n");
28 | return -1;
29 | }
30 |
31 | return 0;
32 | }
33 |
34 |
--------------------------------------------------------------------------------
/app/hal_app/inc/hal_test.h:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (C) 2017-2019 Alibaba Group Holding Limited.
3 | */
4 |
5 | #ifndef _HAL_TEST_H_
6 | #define _HAL_TEST_H_
7 |
8 | #include
9 |
10 | #include "ls_osa.h"
11 |
12 | #define HAL_TEST_INF(_f, _a ...) ls_osa_print("INF %s %d: "_f, __FUNCTION__, __LINE__, ##_a)
13 | #define HAL_TEST_ERR(_f, _a ...) ls_osa_print("ERR %s %d: "_f, __FUNCTION__, __LINE__, ##_a)
14 |
15 | int hal_km_test(void);
16 |
17 | int hal_sst_test(void);
18 |
19 | int hal_aes_test(void);
20 | int hal_rsa_test(void);
21 | int hal_sm2_test(void);
22 | int hal_hash_test(void);
23 | int hal_rand_test(void);
24 | int hal_crypto_test(void);
25 |
26 | int hal_dump_data(const char *name, uint8_t *data, uint32_t size);
27 |
28 | #endif /* _HAL_TEST_H_ */
29 |
--------------------------------------------------------------------------------
/app/hal_app/makefile:
--------------------------------------------------------------------------------
1 |
2 | include ../../make.rules
3 |
4 | CFLAGS += -I./inc
5 | CFLAGS += -I../../include/osa
6 | CFLAGS += -I../../include/hal
7 |
8 | CFLAGS += -DCONFIG_HAL_CRYPTO
9 |
10 | LDFLAGS += -pie
11 |
12 | SRCS := app_entry.c
13 | SRCS += src/hal_test.c
14 | SRCS += src/hal_aes_test.c
15 | SRCS += src/hal_sm2_test.c
16 | SRCS += src/hal_rsa_test.c
17 | SRCS += src/hal_hash_test.c
18 | SRCS += src/hal_rand_test.c
19 | SRCS += src/hal_sst_test.c
20 | SRCS += src/hal_km_test.c
21 |
22 | OBJS := $(patsubst %.cxx,%.o,$(patsubst %.c,%.o,$(SRCS)))
23 |
24 | LIBS += ../../out/libs/libls_hal.a
25 | LIBS += ../../out/libs/libls_osa.a
26 |
27 | OUT := hal_app
28 |
29 | $(OUT): $(OBJS) $(LIBS)
30 | $(CC) $(LDFLAGS) $^ -o $@
31 | %.o: %.c
32 | $(CC) -c $(CFLAGS) $< -o $*.o
33 |
34 | .PHONY: clean
35 | clean:
36 | rm -rf $(OBJS) $(OUT)
37 |
38 |
--------------------------------------------------------------------------------
/app/hal_app/src/hal_rand_test.c:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (C) 2017-2019 Alibaba Group Holding Limited.
3 | */
4 |
5 | #include "ls_hal.h"
6 | #include "hal_test.h"
7 |
8 | #if defined(CONFIG_HAL_CRYPTO)
9 |
10 | int hal_rand_test(void)
11 | {
12 | int ret;
13 | uint8_t buf[16] = {0};
14 |
15 | ret = ls_hal_get_random(buf, 16);
16 | hal_dump_data("random buf", buf, 16);
17 |
18 | ret = ls_hal_get_random(buf, 16);
19 | hal_dump_data("random buf", buf, 16);
20 |
21 | if (ret == HAL_CRYPT_SUCCESS) {
22 | HAL_TEST_INF("==========================> HAL Rand Test Pass.\n\n");
23 | return 0;
24 | } else {
25 | HAL_TEST_INF("==========================> HAL Rand Test Fail.\n\n");
26 | return -1;
27 | }
28 | }
29 |
30 | #endif /* CONFIG_HAL_CRYPTO */
31 |
32 |
--------------------------------------------------------------------------------
/app/hal_app/src/hal_rsa_test.c:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (C) 2017-2019 Alibaba Group Holding Limited.
3 | */
4 |
5 | #include "ls_hal.h"
6 | #include "hal_test.h"
7 |
8 | #if defined(CONFIG_HAL_CRYPTO)
9 |
10 | #define RSA_KEY_LEN (128)
11 |
12 | static const uint8_t RSA_N[128] = {
13 | 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51, 0x87, 0xdc,
14 | 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52, 0xa4,
15 | 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56,
16 | 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3,
17 | 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
18 | 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b,
19 | 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2,
20 | 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1,
21 | 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38,
22 | 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
23 | 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37
24 | };
25 | static const uint8_t RSA_E[3] = { 0x01, 0x00, 0x01 };
26 | static const uint8_t RSA_D[128] = {
27 | 0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51, 0xca, 0x9b,
28 | 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf, 0x88, 0x43, 0x40, 0xae,
29 | 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe, 0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac,
30 | 0x3c, 0x56, 0x8c, 0x8f, 0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8,
31 | 0xc6, 0xa3, 0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
32 | 0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10, 0xce, 0x70,
33 | 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27, 0xa3, 0x95, 0x74, 0x50,
34 | 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c, 0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c,
35 | 0x31, 0xb4, 0xbd, 0x2f, 0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3,
36 | 0x4f, 0x9e, 0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
37 | 0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25
38 | };
39 |
40 | static int blinding(void *rng_state, unsigned char *output, size_t len)
41 | {
42 | memset(output, 0, len);
43 | output[len-1]=1;
44 | return 0;
45 | }
46 |
47 | static int _hal_encrypt_decrypt(void)
48 | {
49 | int ret = 0;
50 | uint8_t src_data[RSA_KEY_LEN];
51 | uint8_t plaintext[RSA_KEY_LEN];
52 | uint8_t ciphertext[RSA_KEY_LEN];
53 | size_t src_size;
54 | void *context = NULL;
55 | void *ctx_keypair = NULL;
56 | size_t ctx_size;
57 |
58 | ctx_size = ls_hal_rsa_get_ctx_size();
59 |
60 | context = ls_osa_malloc(ctx_size);
61 | ret = ls_hal_rsa_init(context);
62 | if (ret != HAL_CRYPT_SUCCESS) {
63 | HAL_TEST_ERR("rsa: init fail(%08x)\n", ret);
64 | goto cleanup;
65 | }
66 |
67 | ctx_keypair = ls_osa_malloc(ctx_size);
68 | ret = ls_hal_rsa_init(ctx_keypair);
69 | if (ret != HAL_CRYPT_SUCCESS) {
70 | HAL_TEST_ERR("rsa: init fail(%08x)\n", ret);
71 | goto cleanup;
72 | }
73 |
74 | src_size = RSA_KEY_LEN;
75 | memset(src_data, 0xa, src_size);
76 |
77 | ret = ls_hal_rsa_init_pubkey(context, RSA_KEY_LEN*8,
78 | RSA_N, 128,
79 | RSA_E, 3);
80 | if (ret) {
81 | HAL_TEST_ERR("failed(0x%08x)\n", ret);
82 | goto cleanup;
83 | }
84 |
85 | ret = ls_hal_rsa_public(context, src_data, ciphertext, RSA_KEY_LEN);
86 | if (ret != HAL_CRYPT_SUCCESS) {
87 | HAL_TEST_ERR("rsa: public encrypt fail(%08x)\n", ret);
88 | goto cleanup;
89 | }
90 |
91 | ret = ls_hal_rsa_init_keypair(ctx_keypair, RSA_KEY_LEN*8,
92 | RSA_N, 128,
93 | NULL, 0,
94 | RSA_D, 128,
95 | NULL, 0,
96 | NULL, 0,
97 | NULL, 0,
98 | NULL, 0,
99 | NULL, 0);
100 | if (ret != HAL_CRYPT_SUCCESS) {
101 | HAL_TEST_ERR("init keypair failed(%08x)\n", ret);
102 | goto cleanup;
103 | }
104 |
105 | ret = ls_hal_rsa_private(ctx_keypair, blinding, ciphertext, plaintext, RSA_KEY_LEN);
106 | if (ret != HAL_CRYPT_SUCCESS) {
107 | HAL_TEST_ERR("rsa: private decrypt fail(%08x)\n", ret);
108 | goto cleanup;
109 | }
110 |
111 | if (memcmp(src_data, plaintext, RSA_KEY_LEN)) {
112 | HAL_TEST_ERR("RSA encrypt/decrypt test fail!\n");
113 | hal_dump_data("plaintext", plaintext, RSA_KEY_LEN);
114 | hal_dump_data("ciphertext", ciphertext, RSA_KEY_LEN);
115 | } else {
116 | HAL_TEST_INF("RSA encrypt/decrypt test success\n");
117 | }
118 |
119 | cleanup:
120 | if (context)
121 | ls_osa_free(context);
122 |
123 | if (ctx_keypair)
124 | ls_osa_free(ctx_keypair);
125 |
126 | return ret;
127 | }
128 |
129 | int hal_rsa_test(void)
130 | {
131 | int ret;
132 | ret = _hal_encrypt_decrypt();
133 | if (ret < 0) {
134 | goto _out;
135 | }
136 |
137 | _out:
138 | if (0 == ret) {
139 | HAL_TEST_INF("=============================> HAL RSA Test Pass.\n\n");
140 | } else {
141 | HAL_TEST_INF("=============================> HAL RSA Test Fail.\n\n");
142 | }
143 |
144 | return ret;
145 | }
146 |
147 | #endif /* CONFIG_HAL_CRYPTO */
148 |
149 |
--------------------------------------------------------------------------------
/app/hal_app/src/hal_test.c:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (C) 2017-2019 Alibaba Group Holding Limited.
3 | */
4 |
5 | #include "hal_test.h"
6 |
7 | int hal_dump_data(const char *name, uint8_t *data, uint32_t size)
8 | {
9 | #if defined(CONFIG_HAL_DEBUG)
10 | size_t i;
11 |
12 | if (data == NULL || size == 0) {
13 | HAL_TEST_ERR("invalid input args\n");
14 | return -1;
15 | }
16 |
17 | HAL_TEST_INF("%s size: %d\n", name, (int)size);
18 |
19 | for (i = 0; i < size - size % 8; i += 8) {
20 | HAL_TEST_INF("%s data: %02x%02x %02x%02x %02x%02x %02x%02x\n", name,
21 | data[i + 0], data[i + 1], data[i + 2], data[i + 3],
22 | data[i + 4], data[i + 5], data[i + 6], data[i + 7]);
23 | }
24 | while (i < size) {
25 | HAL_TEST_INF("%s data: %02x\n", name, data[i]);
26 | i++;
27 | }
28 |
29 | return 0;
30 | #else
31 | (void)name;
32 | (void)data;
33 | (void)size;
34 |
35 | return 0;
36 | #endif
37 | }
38 |
39 | #if defined(CONFIG_HAL_CRYPTO)
40 |
41 | int hal_crypto_test(void)
42 | {
43 | int ret = 0;
44 |
45 | HAL_TEST_INF("HAL Hash Test:\n");
46 | ret = hal_hash_test();
47 | if (ret < 0) {
48 | return ret;
49 | }
50 |
51 | HAL_TEST_INF("HAL Rand Test:\n");
52 | ret = hal_rand_test();
53 | if (ret < 0) {
54 | return ret;
55 | }
56 |
57 | HAL_TEST_INF("HAL AES Test:\n");
58 | ret = hal_aes_test();
59 | if (ret < 0) {
60 | return ret;
61 | }
62 |
63 | HAL_TEST_INF("HAL RSA Test:\n");
64 | ret = hal_rsa_test();
65 | if (ret < 0) {
66 | return ret;
67 | }
68 |
69 | HAL_TEST_INF("HAL SM2 Test:\n");
70 | ret = hal_sm2_test();
71 | if (ret < 0) {
72 | return ret;
73 | }
74 |
75 | return ret;
76 | }
77 |
78 | #endif
79 |
--------------------------------------------------------------------------------
/app/id2_app/app_entry.c:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2017-2019 Alibaba Group Holding Limited
3 | */
4 |
5 | #include "id2_test.h"
6 |
7 | #define SERVER_NAME "itls.cn-shanghai.aliyuncs.com"
8 | #define SERVER_PORT 1883
9 |
10 | #define PRODUCT_KEY "a1WO4Z9qHRw"
11 | #define PRODUCT_SECRET "i113XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
12 |
13 | /* Hex String, getting from id2 console */
14 | #define ID2_AUTH_CODE ""
15 | #define ID2_CIPHER_DATA ""
16 |
17 | static kpm_suite_t kpm_suite = {
18 | /* user-defined index */
19 | LS_KPM_KEY_IDX_INVALID,
20 |
21 | /* kpm defined key info */
22 | LS_KPM_KEY_INFO_AES_128,
23 |
24 | /* import key data, getting from id2 console */
25 | ""
26 | };
27 |
28 | int main(int argc, char *argv[])
29 | {
30 | int ret;
31 | uint32_t timeout_ms = 2000;
32 | uint32_t auth_code_len = 0;
33 | uint32_t cipher_len = 0;
34 | char *auth_code = ID2_AUTH_CODE;
35 | char *cipher_data = ID2_CIPHER_DATA;
36 |
37 | /* 1. id2 client init */
38 | ret = id2_client_init();
39 | if (ret != IROT_SUCCESS) {
40 | ID2_DBG_LOG("id2 client init fail, %d\n", ret);
41 | return -1;
42 | }
43 |
44 | /* 2. check if id2 has been provisioned or not, if not, request id2 from itls server */
45 | ret = id2_client_wrap_do_provisioning(SERVER_NAME,
46 | SERVER_PORT, PRODUCT_KEY, PRODUCT_SECRET, timeout_ms);
47 | if (ret == IROT_ERROR_NOT_SUPPORTED) {
48 | /* do nothing */
49 | } else if (ret != IROT_SUCCESS) {
50 | ID2_DBG_LOG("id2 client do provisioning fail, %d\n", ret);
51 | goto _out;
52 | } else {
53 | /* reach here, meaning that id2 has been provisioned */
54 |
55 | /* id2 client function testing */
56 | ret = id2_client_unit_test();
57 | if (ret < 0) {
58 | ID2_DBG_LOG("id2 client unit test fail!!\n");
59 | goto _out;
60 | }
61 | }
62 |
63 | /* 3. generate authcode */
64 | ret = id2_client_generate_authcode(&kpm_suite);
65 | if (ret < 0) {
66 | ID2_DBG_LOG("id2 client generate authcode fail!!\n");
67 | goto _out;
68 | }
69 |
70 | /* 4. verify id2 server if auth_code correct */
71 | auth_code_len = strlen(auth_code);
72 | if (auth_code_len > ID2_ID_MIN_LEN * 2) {
73 | ret = id2_client_verify_authcode(auth_code, auth_code_len);
74 | if (ret < 0) {
75 | ID2_DBG_LOG("id2 client verify server authcode fail!!\n");
76 | goto _out;
77 | }
78 | }
79 |
80 | /* 5. decrypt data if cipher_data correct */
81 | cipher_len = strlen(cipher_data);
82 | if (cipher_len > ID2_ID_MIN_LEN * 2) {
83 | ret = id2_client_decrypt_data(cipher_data, cipher_len);
84 | if (ret < 0) {
85 | ID2_DBG_LOG("id2 client decrypt data fail!!\n");
86 | goto _out;
87 | }
88 | }
89 |
90 | /* 6. id2 kpm testing if needed */
91 | ret = id2_client_kpm_test(kpm_suite.key_idx, kpm_suite.key_info, kpm_suite.import_data);
92 | if (ret < 0) {
93 | ID2_DBG_LOG("id2 client kpm test fail!!\n");
94 | return -1;
95 | }
96 |
97 | _out:
98 | /* 7. id2 client cleanup */
99 | id2_client_cleanup();
100 |
101 | return ret;
102 | }
103 |
104 |
--------------------------------------------------------------------------------
/app/id2_app/inc/id2_test.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2017-2019 Alibaba Group Holding Limited
3 | */
4 |
5 | #include "ls_osa.h"
6 | #include "id2_client.h"
7 | #include "id2_client_kpm.h"
8 |
9 | #define ID2_DBG_LOG(_f, ...) ls_osa_print("%s %d: " _f,\
10 | __FUNCTION__, __LINE__, ##__VA_ARGS__)
11 |
12 | typedef struct _kpm_suite_t {
13 | uint8_t key_idx;
14 | uint8_t key_info;
15 | char *import_data;
16 | } kpm_suite_t;
17 |
18 | int id2_plat_base64_encode(const uint8_t* input, uint32_t input_len,
19 | uint8_t* output, uint32_t* output_len);
20 |
21 | int id2_client_unit_test(void);
22 | int id2_client_generate_authcode(kpm_suite_t *suite);
23 | int id2_client_verify_authcode(char *auth_code, uint32_t auth_code_len);
24 | int id2_client_decrypt_data(char *cipher_data, uint32_t cipher_len);
25 |
26 | int id2_client_kpm_test(uint8_t key_idx, uint8_t key_info, char *kpm_data);
27 |
28 |
--------------------------------------------------------------------------------
/app/id2_app/makefile:
--------------------------------------------------------------------------------
1 | include ../../make.rules
2 | include ../../make.settings
3 |
4 | CFLAGS += -I./inc
5 | CFLAGS += -I../../include/osa
6 | CFLAGS += -I../../include/id2
7 |
8 | LDFLAGS += -pie
9 |
10 | SRCS := app_entry.c
11 | SRCS += src/id2_client_kpm.c
12 | SRCS += src/id2_client_test.c
13 | SRCS += src/id2_client_mesg.c
14 |
15 | OBJS := $(patsubst %.cxx,%.o,$(patsubst %.c,%.o,$(SRCS)))
16 |
17 | ifeq ($(CONFIG_LS_ID2_ROT_TYPE), MDU)
18 | LIBS := ../../out/libs/libid2_stub.a
19 | LIBS += ../../out/libs/libls_osa.a
20 | else
21 | LIBS := ../../out/libs/libid2.a
22 | LIBS += ../../out/libs/libkm.a
23 | LIBS += ../../out/libs/libicrypt.a
24 | LIBS += ../../out/libs/libls_hal.a
25 | LIBS += ../../out/libs/libls_osa.a
26 | endif
27 |
28 | OUT := id2_app
29 |
30 | $(OUT): $(OBJS) $(LIBS)
31 | $(CC) $(LDFLAGS) $^ -o $@
32 | %.o: %.c
33 | $(CC) -c $(CFLAGS) $< -o $*.o
34 |
35 | .PHONY: clean
36 | clean:
37 | rm -rf $(OBJS) $(OUT)
38 |
39 |
--------------------------------------------------------------------------------
/app/itls_app/app_entry.c:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2017-2019 Alibaba Group Holding Limited
3 | */
4 |
5 | #include
6 | #include
7 |
8 | #include "hal_itls.h"
9 |
10 | #define DEBUG_LEVEL 1
11 |
12 | #if defined(ON_DAILY)
13 | #define PRODUCT_KEY "a1V2WSinkfc"
14 | #define PRODUCT_SECRET "i11xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
15 | #else
16 | #define PRODUCT_KEY "a1WO4Z9qHRw"
17 | #define PRODUCT_SECRET "i11xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
18 | #endif
19 |
20 | extern int itls_client_sample(
21 | char *product_key, char *product_secret, int debug_level);
22 | extern int idtls_client_sample(
23 | char *product_key, char *product_secret, int debug_level);
24 |
25 | int main(int argc, char *argv[])
26 | {
27 | int ret;
28 | uint32_t i, loop_count = 10000;
29 |
30 | printf("===========> iTLS Client Sample start.\n");
31 |
32 | for (i = 0; i < loop_count; i++) {
33 |
34 | printf("===================== iTLS Client Sample - Loop Count: %d\n", i);
35 |
36 | ret = itls_client_sample(
37 | PRODUCT_KEY, PRODUCT_SECRET, DEBUG_LEVEL);
38 | if (ret < 0) {
39 | printf("iTLS Client Sample Failed!\n");
40 | return -1;
41 | }
42 | }
43 |
44 | printf("<=========== iTLS Client Sample End.\n\n");
45 |
46 | #if defined(CONFIG_SSL_DTLS)
47 | printf("===========> iDTLS Client Sample start.\n");
48 | ret = idtls_client_sample(
49 | PRODUCT_KEY, PRODUCT_SECRET, DEBUG_LEVEL);
50 | if (ret < 0) {
51 | printf("iDTLS Client Sample Test Failed!\n");
52 | return -1;
53 | }
54 | printf("<=========== iDTLS Client Sample End.\n\n");
55 | #endif
56 |
57 | return 0;
58 | }
59 |
60 |
--------------------------------------------------------------------------------
/app/itls_app/makefile:
--------------------------------------------------------------------------------
1 | include ../../make.rules
2 | include ../../make.settings
3 |
4 | CFLAGS += -I../../include
5 | CFLAGS += -I../../include/osa
6 | CFLAGS += -I../../include/itls
7 | CFLAGS += -I../../include/crypto
8 |
9 | #CFLAGS += -DON_DAILY
10 |
11 | LDFLAGS += -pie
12 |
13 | SRCS := app_entry.c
14 | SRCS += src/itls_client.c
15 | SRCS += src/idtls_client.c
16 |
17 | OBJS := $(patsubst %.cxx,%.o,$(patsubst %.c,%.o,$(SRCS)))
18 |
19 | ifeq ($(CONFIG_LS_ID2_ROT_TYPE), MDU)
20 | LIBS := ../../out/libs/libitls.a
21 | LIBS += ../../out/libs/libid2_stub.a
22 | LIBS += ../../out/libs/libicrypt.a
23 | LIBS += ../../out/libs/libls_hal.a
24 | LIBS += ../../out/libs/libls_osa.a
25 | else
26 | LIBS := ../../out/libs/libitls.a
27 | LIBS += ../../out/libs/libid2.a
28 | LIBS += ../../out/libs/libkm.a
29 | LIBS += ../../out/libs/libicrypt.a
30 | LIBS += ../../out/libs/libls_hal.a
31 | LIBS += ../../out/libs/libls_osa.a
32 | endif
33 |
34 | OUT := itls_app
35 |
36 | $(OUT): $(OBJS) $(LIBS)
37 | $(CC) $(LDFLAGS) $^ -o $@
38 | %.o: %.c
39 | $(CC) -c $(CFLAGS) $< -o $*.o
40 |
41 | .PHONY: clean
42 | clean:
43 | rm -rf $(OBJS) $(OUT)
44 |
45 |
--------------------------------------------------------------------------------
/app/itls_app/src/itls_client.c:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2017-2019 Alibaba Group Holding Limited
3 | */
4 |
5 | #include "itls/config.h"
6 | #include "itls/net.h"
7 | #include "itls/debug.h"
8 | #include "itls/ssl.h"
9 | #include "itls/hal_itls.h"
10 |
11 | #include "ali_crypto.h"
12 |
13 | #if defined(ON_DAILY)
14 | #define SERVER_PORT 1883
15 | #define SERVER_NAME "iot-test-daily.iot-as-mqtt.unify.aliyuncs.com"
16 | #else
17 | #define SERVER_PORT 1883
18 | #define SERVER_NAME "itls.cn-shanghai.aliyuncs.com"
19 | #endif
20 |
21 | unsigned char mqtt_req_data[] = {
22 | 0x10, 0xa7, 0x01, 0x00, 0x04, 0x4d, 0x51, 0x54,
23 | 0x54, 0x04, 0xc2, 0x00, 0x3c, 0x00, 0x59, 0x42,
24 | 0x66, 0x4b, 0x78, 0x42, 0x44, 0x53, 0x6a, 0x57,
25 | 0x43, 0x48, 0x2e, 0x61, 0x6f, 0x73, 0x5f, 0x6d,
26 | 0x71, 0x74, 0x74, 0x5f, 0x74, 0x65, 0x73, 0x74,
27 | 0x7c, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x6d,
28 | 0x6f, 0x64, 0x65, 0x3d, 0x2d, 0x31, 0x2c, 0x74,
29 | 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70,
30 | 0x3d, 0x32, 0x35, 0x32, 0x34, 0x36, 0x30, 0x38,
31 | 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x2c, 0x73,
32 | 0x69, 0x67, 0x6e, 0x6d, 0x65, 0x74, 0x68, 0x6f,
33 | 0x64, 0x3d, 0x68, 0x6d, 0x61, 0x63, 0x73, 0x68,
34 | 0x61, 0x31, 0x2c, 0x67, 0x77, 0x3d, 0x30, 0x7c,
35 | 0x00, 0x1e, 0x4c, 0x76, 0x55, 0x4d, 0x52, 0x49,
36 | 0x33, 0x57, 0x39, 0x48, 0x31, 0x50, 0x6d, 0x69,
37 | 0x64, 0x74, 0x4d, 0x39, 0x67, 0x42, 0x30, 0x30,
38 | 0x31, 0x30, 0x61, 0x34, 0x66, 0x62, 0x30, 0x31,
39 | 0x00, 0x20, 0x30, 0x34, 0x30, 0x66, 0x36, 0x32,
40 | 0x36, 0x63, 0x34, 0x39, 0x33, 0x38, 0x34, 0x65,
41 | 0x33, 0x30, 0x61, 0x62, 0x35, 0x63, 0x31, 0x66,
42 | 0x61, 0x64, 0x31, 0x32, 0x63, 0x39, 0x61, 0x39,
43 | 0x66, 0x63
44 | };
45 |
46 | static int itls_hal_sample(const char *host, int port,
47 | const char *product_key, const char *product_secret, int debug_level)
48 | {
49 | int ret = 0, len;
50 | char version[16] = {0};
51 | unsigned char buf[1024];
52 | uintptr_t handle;
53 |
54 | hal_itls_get_version(version);
55 | SSL_DBG_LOG("itls version: %s\n", version);
56 |
57 | hal_itls_set_debug_level(debug_level);
58 |
59 | handle = hal_itls_establish(host,
60 | port, product_key, product_secret);
61 | if (handle == (uintptr_t)NULL) {
62 | SSL_DBG_LOG("itls establish fail\n");
63 | ret = -1;
64 | goto _out;
65 | }
66 |
67 | len = sizeof(mqtt_req_data);
68 | memcpy(buf, mqtt_req_data, len);
69 | ret = hal_itls_write(handle, (char *)buf, len, 2000);
70 | if (ret < 0) {
71 | SSL_DBG_LOG("itls write fail, %d\n", ret);
72 | goto _out;
73 | }
74 |
75 | SSL_DBG_LOG("%d bytes written\n", ret);
76 |
77 | ret = hal_itls_read(handle, (char *)buf, len, 2000);
78 | if (ret < 0) {
79 | SSL_DBG_LOG("itls read fail\n");
80 | goto _out;
81 | }
82 |
83 | SSL_DBG_LOG("%d bytes read\n", ret);
84 |
85 | ret = 0;
86 |
87 | _out:
88 | SSL_DBG_LOG("hal itls alert type: %d\n", hal_itls_get_alert_type());
89 |
90 | hal_itls_destroy(handle);
91 |
92 | return ret;
93 | }
94 |
95 | int itls_client_sample(
96 | char *product_key, char *product_secret, int debug_level)
97 | {
98 | int ret;
99 | int port = SERVER_PORT;
100 | char host[128] = {0};
101 |
102 | #if defined(ON_DAILY)
103 | ls_osa_snprintf(host, 128, "%s",SERVER_NAME);
104 | #else
105 | ls_osa_snprintf(host, 128, "%s.%s", product_key, SERVER_NAME);
106 | #endif
107 |
108 | ret = itls_hal_sample(host, port,
109 | product_key, product_secret, debug_level);
110 | if (ret < 0) {
111 | return -1;
112 | }
113 |
114 | return 0;
115 | }
116 |
117 |
118 |
--------------------------------------------------------------------------------
/app/makefile:
--------------------------------------------------------------------------------
1 | include ../make.settings
2 |
3 | .PHONY: bin
4 |
5 | bin:
6 | make -C hal_app
7 | make -C id2_app
8 | make -C itls_app
9 | clean:
10 | make clean -C hal_app
11 | make clean -C id2_app
12 | make clean -C itls_app
13 |
--------------------------------------------------------------------------------
/doc/《ID2 安全应用指令规范V1.0》.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/alibaba/id2_client_sdk/a8955eb7fc7f4b6d33a8d8810aa93ae3bd176007/doc/《ID2 安全应用指令规范V1.0》.pdf
--------------------------------------------------------------------------------
/include/hal/ls_hal.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2017-2019 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef _LS_HAL_H_
6 | #define _LS_HAL_H_
7 |
8 | #include "ls_osa.h"
9 | #include "ls_hal_km.h"
10 | #include "ls_hal_sst.h"
11 | #include "ls_hal_crypt.h"
12 |
13 | #define LS_HAL_LOG(_f, _a ...) \
14 | ls_osa_print("%s %d: "_f, __FUNCTION__, __LINE__, ##_a)
15 |
16 |
17 | #endif /* _LS_HAL_H_ */
18 |
19 |
--------------------------------------------------------------------------------
/include/hal/ls_hal_aes.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2016-2019 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __LS_HAL_AES_H__
6 | #define __LS_HAL_AES_H__
7 |
8 | /********************************************************************/
9 | /* AES HAL CRYPTO API */
10 | /********************************************************************/
11 |
12 | /*
13 | * Return the hal ctx size for hal aes ecb process
14 | * the hal ctx should defined by the user according
15 | * to the user's implementation
16 | */
17 | int ls_hal_aes_ecb_get_size(void);
18 |
19 | /*
20 | * Initialize the hal_ctx
21 | *
22 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
23 | * the size is got through ls_hal_aes_ecb_get_size()
24 | * is_enc[in]: encrypt(1)/decrypt(0) mode
25 | * key[in]: the aes encrypt/decrypt key
26 | * size[in]: key size(byte), the keysize can only be 16/24/32
27 | */
28 | int ls_hal_aes_ecb_init(void *ctx,
29 | int is_enc, const uint8_t *key, size_t size);
30 |
31 | /*
32 | * AES ECB mode process
33 | *
34 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
35 | * the size is got through ls_hal_aes_ecb_get_size()
36 | * src[in]: input buffer
37 | * dst[out]: output buffer
38 | * size[in]: the number of bytes to process,
39 | * must be multiple of AES_BLOCK_SIZE(16)
40 | */
41 | int ls_hal_aes_ecb_process(void *ctx, const uint8_t *src, uint8_t *dst, size_t size);
42 |
43 | /*
44 | * return the hal ctx size for hal aes cbc process
45 | * the hal ctx should defined by the user according
46 | * to the user's implementation
47 | */
48 | int ls_hal_aes_cbc_get_size(void);
49 |
50 | /*
51 | * Initialize the hal_ctx
52 | *
53 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
54 | * the size is got through ls_hal_aes_cbc_get_size()
55 | * is_enc[in]: encrypt(1)/decrypt(0) mode
56 | * key[in]: the aes encrypt/decrypt key
57 | * size[in]: key size(byte), the keysize can only be 16/24/32
58 | * iv[in/out]: initial vector
59 | */
60 | int ls_hal_aes_cbc_init(void *ctx, int is_enc,
61 | const uint8_t *key, size_t key_size, uint8_t iv[16]);
62 |
63 | /*
64 | * AES CBC mode process
65 | *
66 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
67 | * the size is got through ls_hal_aes_cbc_get_size()
68 | * src[in]: input buffer
69 | * dst[out]: output buffer
70 | * size[in]: the number of bytes to process,
71 | * must be multiple of AES_BLOCK_SIZE(16)
72 | */
73 | int ls_hal_aes_cbc_process(void *ctx, const uint8_t *src, uint8_t *dst, size_t size);
74 |
75 | /*
76 | * Return the hal ctx size for hal aes ctr process
77 | * the hal ctx should defined by the user according
78 | * to the user's implementation
79 | */
80 | int ls_hal_aes_ctr_get_size(void);
81 |
82 | /*
83 | * Initialize the hal_ctx
84 | *
85 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
86 | * the size is got through ls_hal_aes_ctr_get_size()
87 | * is_enc[in]: encrypt(1)/decrypt(0) mode
88 | * key[in]: the aes encrypt/decrypt key
89 | * size[in]: key size(byte), the keysize can only be 16/24/32
90 | * iv[in/out]: initial vector
91 | */
92 | int ls_hal_aes_ctr_init(void *ctx, int is_enc,
93 | const uint8_t *key, size_t key_size, uint8_t iv[16]);
94 |
95 | /*
96 | * AES CTR mode process
97 | *
98 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
99 | * the size is got through ls_hal_aes_ctr_get_size()
100 | * src[in]: input buffer
101 | * dst[out]: output buffer
102 | * size[in]: the number of bytes to process
103 | */
104 | int ls_hal_aes_ctr_process(void *ctx, const uint8_t *src, uint8_t *dst, size_t size);
105 |
106 | /*
107 | * Return the hal ctx size for hal aes cfb process
108 | * the hal ctx should defined by the user according
109 | * to the user's implementation
110 | */
111 | int ls_hal_aes_cfb_get_size(void);
112 |
113 | /*
114 | * Initialize the hal_ctx
115 | *
116 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
117 | * the size is got through ls_hal_aes_cfb_get_size()
118 | * is_enc[in]: encrypt(1)/decrypt(0) mode
119 | * key[in]: the aes encrypt/decrypt key
120 | * key_size[in]:key size(byte), the keysize can only be 16/24/32
121 | * iv[in/out]: initial vector
122 | */
123 | int ls_hal_aes_cfb_init(void *ctx, int is_enc,
124 | const uint8_t *key, size_t key_size, uint8_t iv[16]);
125 |
126 | /*
127 | * AES CFB mode process
128 | *
129 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
130 | * the size is got through ls_hal_aes_cfb_get_size()
131 | * src[in]: input buffer
132 | * dst[out]: output buffer
133 | * size[in]: the number of bytes to process(any positive integer)
134 | */
135 | int ls_hal_aes_cfb_process(void *ctx, const uint8_t *src, uint8_t *dst, size_t size);
136 |
137 | /*
138 | * AES CFB-128 mode process
139 | *
140 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
141 | * the size is got through ls_hal_aes_cfb_get_size()
142 | * src[in]: input buffer
143 | * dst[out]: output buffer
144 | * size[in]: the number of bytes to process(any positive integer)
145 | */
146 | int ls_hal_aes_cfb128_process(void *ctx, const uint8_t *src, uint8_t *dst, size_t size);
147 |
148 | #endif // __LS_HAL_AES_H__
149 |
--------------------------------------------------------------------------------
/include/hal/ls_hal_crypt.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2016-2019 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __LS_HAL_CRYPT_H__
6 | #define __LS_HAL_CRYPT_H__
7 |
8 | #include "ls_osa.h"
9 | #include "ls_hal_rsa.h"
10 | #include "ls_hal_aes.h"
11 | #include "ls_hal_hash.h"
12 | #include "ls_hal_sm4.h"
13 | #include "ls_hal_ecc.h"
14 | #include "ls_hal_sm2.h"
15 |
16 | #define HAL_CRYPT_ERROR 0xFFFF0000 /* Generic Error */
17 | #define HAL_CRYPT_BAD_PARAMETERS 0xFFFF0001 /* Bad Parameters */
18 | #define HAL_CRYPT_NOSUPPORT 0xFFFF0002 /* Scheme not support */
19 | #define HAL_CRYPT_INVALID_CONTEXT 0xFFFF0003 /* Invalid context */
20 | #define HAL_CRYPT_INVALID_ARG 0xFFFF0004 /* Invalid argument */
21 | #define HAL_CRYPT_LENGTH_ERR 0xFFFF0005 /* Invalid Length in arguments */
22 | #define HAL_CRYPT_OUTOFMEM 0xFFFF0006 /* Memory alloc NULL */
23 | #define HAL_CRYPT_SHORT_BUFFER 0xFFFF0007 /* Output buffer is too short to store result */
24 | #define HAL_CRYPT_INVALID_AUTH 0xFFFF0008 /* Invalid authentication in verify */
25 | #define HAL_CRYPT_SUCCESS 0 /* Success */
26 |
27 | /*
28 | * Generate random data with len bytes
29 | *
30 | * buf[in/out]: buffer to store the results
31 | * len[in]: size of buffer
32 | */
33 | int ls_hal_get_random(uint8_t *buf, size_t len);
34 |
35 | /*
36 | * NOTE: if you use hw randon generator in ls_hal_get_random(),
37 | * it is not needed to impl this function.
38 | * (just return HAL_CRYPT_SUCCESS)
39 | *
40 | * Set seed for random generator
41 | *
42 | * seed[in]: seed data buffer
43 | * seed_len: length of seed data buffer
44 | */
45 | int ls_hal_set_seed(uint8_t *seed, size_t seed_len);
46 |
47 | #endif /*__LS_HAL_CRYPT_H__ */
48 |
--------------------------------------------------------------------------------
/include/hal/ls_hal_ecc.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2016-2019 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __LS_HAL_ECC_H__
6 | #define __LS_HAL_ECC_H__
7 |
8 | /********************************************************************/
9 | /* ECC HAL CRYPTO API */
10 | /********************************************************************/
11 |
12 | /*
13 | * hal ecc key pair struct definition
14 | *
15 | * x/y/d: ecc key pair elements
16 | *
17 | */
18 | typedef struct _hal_ecc_keypair_t {
19 | size_t key_bytes;
20 | uint8_t *x;
21 | size_t x_size;
22 | uint8_t *y;
23 | size_t y_size;
24 | uint8_t *d;
25 | size_t d_size;
26 | } hal_ecc_keypair_t;
27 |
28 | /*
29 | * Return the hal ecc ctx size for hal ecc process
30 | * the hal ctx should defined by the user according
31 | * to the user's implementation
32 | */
33 | int ls_hal_ecc_get_ctx_size(void);
34 |
35 | /*
36 | * Initialize the hal_ecc_ctx
37 | *
38 | * context[in]: hal_ctx, must be pre-allocated by the caller,
39 | * the size is got through ls_hal_ecc_get_ctx_size()
40 | */
41 | int ls_hal_ecc_init(void *context);
42 |
43 | /*
44 | * Initialize the ctx for ecc public key operation
45 | *
46 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
47 | * the size is got through ls_hal_ecc_get_ctx_size()
48 | * grpid: ecp group id(defined in impl_ecp_group_id)
49 | * x/y: elements required to generate ecc public key
50 | */
51 | int ls_hal_ecc_init_pubkey(void *ctx, int grp_id,
52 | const uint8_t *x, size_t x_size,
53 | const uint8_t *y, size_t y_size);
54 |
55 | /*
56 | * Initialize the ctx for ecc keypair operation
57 | *
58 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
59 | * the size is got through ls_hal_ecc_get_ctx_size()
60 | * grpid: ecp group id(defined in impl_ecp_group_id)
61 | * x/y/d: ecc key pair elements
62 | */
63 | int ls_hal_ecc_init_keypair(void *context, int grp_id,
64 | const uint8_t *x, size_t x_size,
65 | const uint8_t *y, size_t y_size,
66 | const uint8_t *d, size_t d_size);
67 |
68 | /*
69 | * ecc keypair generation
70 | *
71 | * context[in]: hal_ctx, must be pre-allocated by the caller,
72 | * the size is got through ls_hal_ecc_get_ctx_size()
73 | * f_rng: Random function
74 | * p_rng: Random seed
75 | * nbits: number of key bits
76 | * exponent: exponent
77 | * keypair: generated keypair contents (in format of hal_ecc_keypair_t)
78 | */
79 | int ls_hal_ecc_gen_keypair(void *context,
80 | int grp_id,
81 | int (*f_rng)(void *, uint8_t *, size_t),
82 | void *p_rng,
83 | hal_ecc_keypair_t *keypair);
84 |
85 | /**
86 | * \brief Free the components of an SM2 key
87 | *
88 | * \param ctx SM2 Context to free
89 | */
90 | void ls_hal_ecc_cleanup(void *context);
91 |
92 | #endif // __LS_HAL_ECC_H__
93 |
--------------------------------------------------------------------------------
/include/hal/ls_hal_hash.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2016-2019 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __LS_HAL_HASH_H__
6 | #define __LS_HAL_HASH_H__
7 |
8 | /********************************************************************/
9 | /* HASH HAL CRYPTO API */
10 | /********************************************************************/
11 |
12 | // align with hash_type_t(ali_crypt_types.h)
13 | enum {
14 | HAL_TYPE_SHA1 = 1,
15 | HAL_TYPE_SHA224 = 2,
16 | HAL_TYPE_SHA256 = 3,
17 | HAL_TYPE_SHA384 = 4,
18 | HAL_TYPE_SHA512 = 5,
19 | HAL_TYPE_MD5 = 6,
20 | HAL_TYPE_SM3 = 7,
21 | };
22 |
23 | // align with ali_crypt_types.h
24 | enum {
25 | HAL_MD5_HASH_SIZE = 16,
26 | HAL_SHA1_HASH_SIZE = 20,
27 | HAL_SHA224_HASH_SIZE = 28,
28 | HAL_SHA256_HASH_SIZE = 32,
29 | HAL_SM3_HASH_SIZE = 32,
30 | HAL_SHA384_HASH_SIZE = 48,
31 | HAL_SHA512_HASH_SIZE = 64,
32 | };
33 |
34 | /*
35 | * Return the hal md5 ctx size for hal md5 process
36 | * the hal ctx should defined by the user according
37 | * to the user's implementation
38 | */
39 | int ls_hal_md5_get_size(void);
40 |
41 | /*
42 | * Initialize hal md5 ctx
43 | *
44 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
45 | * the size is got through ls_hal_md5_get_size()
46 | */
47 | int ls_hal_md5_init(void *ctx);
48 |
49 | /*
50 | * HAL MD5 update process
51 | *
52 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
53 | * the size is got through ls_hal_md5_get_size()
54 | * src[in]: input buffer
55 | * size[in]: the number of bytes to process
56 | */
57 | int ls_hal_md5_update(void *ctx, const uint8_t *src, size_t size);
58 |
59 | /*
60 | * HAL MD5 finish
61 | *
62 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
63 | * the size is got through ls_hal_md5_get_size()
64 | * digest[out]: the digest output(should always be 16 bytes)
65 | */
66 | int ls_hal_md5_finish(void *ctx, uint8_t digest[16]);
67 |
68 | /*
69 | * Return the hal sha1 ctx size for hal sha1 process
70 | * the hal ctx should defined by the user according
71 | * to the user's implementation
72 | */
73 | int ls_hal_sha1_get_size(void);
74 |
75 | /*
76 | * Initialize hal sha1 ctx
77 | *
78 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
79 | * the size is got through ls_hal_sha1_get_size()
80 | */
81 | int ls_hal_sha1_init(void *ctx);
82 |
83 | /*
84 | * HAL sha1 update process
85 | *
86 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
87 | * the size is got through ls_hal_sha1_get_size()
88 | * src[in]: input buffer
89 | * size[in]: the number of bytes to process
90 | */
91 | int ls_hal_sha1_update(void *ctx, const uint8_t *src, size_t size);
92 |
93 | /*
94 | * HAL SHA1 finish
95 | *
96 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
97 | * the size is got through ls_hal_sha1_get_size()
98 | * digest[out]: the digest output(should always be 20 bytes)
99 | */
100 | int ls_hal_sha1_finish(void *ctx, uint8_t digest[20]);
101 |
102 | /*
103 | * Return the hal sha256 ctx size for hal sha256 process
104 | * the hal ctx should defined by the user according
105 | * to the user's implementation
106 | */
107 | int ls_hal_sha256_get_size(void);
108 |
109 | /*
110 | * Initialize hal sha256 ctx
111 | *
112 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
113 | * the size is got through ls_hal_sha256_get_size()
114 | */
115 | int ls_hal_sha256_init(void *ctx);
116 |
117 | /*
118 | * HAL sha256 update process
119 | *
120 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
121 | * the size is got through ls_hal_sha256_get_size()
122 | * src[in]: input buffer
123 | * size[in]: the number of bytes to process
124 | */
125 | int ls_hal_sha256_update(void *ctx, const uint8_t *src, size_t size);
126 |
127 | /*
128 | * HAL SHA256 finish
129 | *
130 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
131 | * the size is got through ls_hal_sha1_get_size()
132 | * digest[out]: the digest output(should always be 32 bytes)
133 | */
134 | int ls_hal_sha256_finish(void *ctx, uint8_t digest[32]);
135 |
136 | /*
137 | * Return the hal sm3 ctx size for hal sm3 process
138 | * the hal ctx should defined by the user according
139 | * to the user's implementation
140 | */
141 | int ls_hal_sm3_get_size(void);
142 |
143 | /*
144 | * Initialize hal sm3 ctx
145 | *
146 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
147 | * the size is got through ls_hal_sm3_get_size()
148 | */
149 | int ls_hal_sm3_init(void *ctx);
150 |
151 | /*
152 | * hal sm3 update process
153 | *
154 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
155 | * the size is got through ls_hal_sm3_get_size()
156 | * src[in]: input buffer
157 | * size[in]: the number of bytes to process
158 | */
159 | int ls_hal_sm3_update(void *ctx, const uint8_t *src, size_t size);
160 |
161 | /*
162 | * hal sm3 finish
163 | *
164 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
165 | * the size is got through ls_hal_sha1_get_size()
166 | * digest[out]: the digest output(should always be 32 bytes)
167 | */
168 | int ls_hal_sm3_finish(void *ctx, uint8_t digest[32]);
169 |
170 | #endif // __LS_HAL_HASH_H__
171 |
--------------------------------------------------------------------------------
/include/hal/ls_hal_km.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2016-2019 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef _LS_HAL_KM_H_
6 | #define _LS_HAL_KM_H_
7 |
8 | #include
9 |
10 | #define LS_HAL_READ 1
11 | #define LS_HAL_WRITE 2
12 |
13 | /*
14 | * get device unique id
15 | *
16 | * note: if dev_id is NULL and *id_len is 0, return -1
17 | * and set *id_len to the real length of the id
18 | *
19 | * param: out: dev_id: device uinque id should be no longer than 100 byte
20 | * in_out: id_len: device uinque id length
21 | *
22 | * return: 0: success
23 | * -1: fail
24 | *
25 | */
26 | int ls_hal_get_dev_id(uint8_t *dev_id, uint32_t *id_len);
27 |
28 | /*
29 | * open the reserved partition that user has read and write permission
30 | *
31 | * note: if not support file system, return 0 directly
32 | *
33 | * parametr: in: flag: LS_HAL_READ: user only has read permission
34 | * LS_HAL_WRITE: user only has write permission
35 | * LS_HAL_READ | LS_HAL_WRITE: user has read and write permission
36 | *
37 | * return: the new file descriptor: success
38 | * -1: fail
39 | */
40 | int ls_hal_open_rsvd_part(int flag);
41 |
42 | /*
43 | * write reserved partition
44 | *
45 | * parametr: in: fd: file handle, can be ignored if no file system
46 | * offset: the offset of the reserved partition
47 | * data: the data need to write
48 | * data_len: the length of the data need to write
49 | *
50 | * return: 0: success
51 | * -1: fail
52 | */
53 | int ls_hal_write_rsvd_part(int fd, uint32_t offset, void *data, uint32_t data_len);
54 |
55 | /*
56 | * read reserved partition
57 | *
58 | * parametr: in: fd: file handle, can be ignored if no file system
59 | * offset: the offset of the reserved partition
60 | * read_len: the length of the data need to read
61 | * out: buffer: the data read from the reserved part
62 |
63 | * return: 0: success
64 | -1: fail
65 | */
66 | int ls_hal_read_rsvd_part(int fd, uint32_t offset, void *buffer, uint32_t read_len);
67 |
68 | /*
69 | * close the file descriptor of reserved partition, if no file system support, return 0 directly
70 | *
71 | * parametr: in: fd: file descriptor of the reserved part
72 |
73 | * return: 0: success
74 | -1: fail
75 | */
76 |
77 | int ls_hal_close_rsvd_part(int fd);
78 |
79 | #endif /* _LS_HAL_KM_H_ */
80 |
81 |
--------------------------------------------------------------------------------
/include/hal/ls_hal_rsa.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2016-2019 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __LS_HAL_RSA_H__
6 | #define __LS_HAL_RSA_H__
7 |
8 | /********************************************************************/
9 | /* HASH HAL CRYPTO API */
10 | /********************************************************************/
11 |
12 | #define MIN_RSA_KEY_SIZE (256)
13 | #define MAX_RSA_KEY_SIZE (2048)
14 |
15 | /*
16 | * hal rsa key pair struct definition
17 | *
18 | * key_bytes: key size
19 | * n/e/d/p/q/dp/dq/qp: rsa key pair elements
20 | *
21 | */
22 | typedef struct _hal_rsa_keypair_t {
23 | size_t key_bytes;
24 | uint8_t *n;
25 | size_t n_size;
26 | uint8_t *e;
27 | size_t e_size;
28 | uint8_t *d;
29 | size_t d_size;
30 | uint8_t *p;
31 | size_t p_size;
32 | uint8_t *q;
33 | size_t q_size;
34 | uint8_t *dp;
35 | size_t dp_size;
36 | uint8_t *dq;
37 | size_t dq_size;
38 | uint8_t *qp;
39 | size_t qp_size;
40 | } hal_rsa_keypair_t;
41 |
42 | /*
43 | * hal rsa public key struct definition
44 | *
45 | * keybytes: key size
46 | * n/e: rsa public key elements
47 | *
48 | */
49 | typedef struct _hal_rsa_pubkey_t {
50 | size_t key_bytes;
51 | uint32_t n_size;
52 | uint32_t e_size;
53 | uint8_t n[(MAX_RSA_KEY_SIZE >> 3)];
54 | uint8_t e[(MAX_RSA_KEY_SIZE >> 3)];
55 | } hal_rsa_pubkey_t;
56 |
57 | /*
58 | * Return the hal rsa ctx size for hal rsa process
59 | * the hal ctx should defined by the user according
60 | * to the user's implementation
61 | */
62 | int ls_hal_rsa_get_ctx_size(void);
63 |
64 | /*
65 | * Initialize the hal_rsa_ctx
66 | *
67 | * context[in]: hal_ctx, must be pre-allocated by the caller,
68 | * the size is got through ls_hal_rsa_get_ctx_size()
69 | */
70 | int ls_hal_rsa_init(const void *context);
71 |
72 | /*
73 | * Initialize the ctx for rsa public key operation
74 | *
75 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
76 | * the size is got through ls_hal_rsa_get_ctx_size()
77 | * keybits: keysize in bit length
78 | * n/e: elements required to generate rsa public key
79 | */
80 | int ls_hal_rsa_init_pubkey(void *ctx, size_t keybits,
81 | const uint8_t *n, size_t n_size,
82 | const uint8_t *e, size_t e_size);
83 |
84 | /*
85 | * Initialize the ctx for rsa keypair operation
86 | *
87 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
88 | * the size is got through ls_hal_rsa_get_ctx_size()
89 | * keybits: keysize in bit length
90 | * n/e/d/p/q/dp/dq/qp: rsa key pair elements
91 | */
92 | int ls_hal_rsa_init_keypair(void *context, size_t keybits,
93 | const uint8_t *n, size_t n_size,
94 | const uint8_t *e, size_t e_size,
95 | const uint8_t *d, size_t d_size,
96 | const uint8_t *p, size_t p_size,
97 | const uint8_t *q, size_t q_size,
98 | const uint8_t *dp, size_t dp_size,
99 | const uint8_t *dq, size_t dq_size,
100 | const uint8_t *qp, size_t qp_size);
101 |
102 | /*
103 | * RSA public key operation
104 | *
105 | * context[in]: hal_ctx, must be pre-allocated by the caller,
106 | * the size is got through ls_hal_rsa_get_ctx_size()
107 | * src[in]: input buffer
108 | * dst[out]: output buffer size
109 | * size[in]: output buffer size (must at least keybits >> 3)
110 | * from ls_hal_rsa_init_keypair
111 | */
112 | int ls_hal_rsa_public(const void *context,
113 | const uint8_t *src, uint8_t *dst,
114 | size_t size);
115 |
116 | /*
117 | * RSA private key operation
118 | *
119 | * context[in]: hal_ctx, must be pre-allocated by the caller,
120 | * the size is got through ls_hal_rsa_get_ctx_size()
121 | * f_rng: Random function
122 | * src[in]: input buffer
123 | * dst[in]: output buffer
124 | * size[in]: output buffer size (must at least keybits >> 3)
125 | * from ls_hal_rsa_init_keypair
126 | */
127 | int ls_hal_rsa_private(const void *context,
128 | int (*f_rng)(void *, uint8_t *, size_t),
129 | const uint8_t *src, uint8_t *dst, size_t size);
130 |
131 | /*
132 | * RSA keypaor generation
133 | *
134 | * context[in]: hal_ctx, must be pre-allocated by the caller,
135 | * the size is got through ls_hal_rsa_get_ctx_size()
136 | * f_rng: Random function
137 | * p_rng: Random seed
138 | * nbits: number of key bits
139 | * exponent: exponent
140 | * keypair: generated keypair contents (in format of hal_rsa_keypair_t)
141 | */
142 | int ls_hal_rsa_gen_keypair(const void *context,
143 | int (*f_rng)(void *, uint8_t *, size_t),
144 | void *p_rng,
145 | unsigned int nbits, int exponent,
146 | void *keypair);
147 |
148 | /**
149 | * \brief Free the components of an RSA key
150 | *
151 | * \param ctx RSA Context to free
152 | */
153 | void ls_hal_rsa_cleanup(const void *context);
154 |
155 | #endif // __LS_HAL_RSA_H__
156 |
--------------------------------------------------------------------------------
/include/hal/ls_hal_sm2.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2016-2019 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __LS_HAL_SM2_H__
6 | #define __LS_HAL_SM2_H__
7 |
8 | /********************************************************************/
9 | /* SM2 HAL CRYPTO API */
10 | /********************************************************************/
11 |
12 | /*
13 | * SM2 public key operation
14 | *
15 | * context[in]: hal_ctx, must be pre-allocated by the caller,
16 | * the size is got through ls_hal_ecc_get_ctx_size()
17 | * src[in]: input buffer
18 | * src_size[in]: input buffer size
19 | * dst[in]: output buffer
20 | * dst_size[in]: output buffer size
21 | */
22 | int ls_hal_sm2_encrypt(void *context,
23 | const uint8_t *src, size_t src_size,
24 | uint8_t *dst, size_t *dst_size);
25 |
26 | /*
27 | * SM2 private key operation
28 | *
29 | * context[in]: hal_ctx, must be pre-allocated by the caller,
30 | * the size is got through ls_hal_ecc_get_ctx_size()
31 | * f_rng: Random function
32 | * src[in]: input buffer
33 | * src_size[in]: input buffer size
34 | * dst[in]: output buffer
35 | * dst_size[in]: output buffer size
36 | */
37 | int ls_hal_sm2_decrypt(void *context,
38 | const uint8_t *src, size_t src_size,
39 | uint8_t *dst, size_t *dst_size);
40 |
41 |
42 | /*
43 | * SM2 msg digest operation
44 | *
45 | * context[in]: hal_ctx, must be pre-allocated by the caller,
46 | * the size is got through ls_hal_ecc_get_ctx_size()
47 | * type: hash type (defined in ls_hal_hash.h)
48 | * id[in]: user identifier (a string, like ALICE123@YAHOO.COM)
49 | * id_size[in]: string length of id
50 | * msg[in]: msg to be signed
51 | * msg_size[in]: msg buffer length in byte
52 | * dsg[out]: digest of input msg
53 | * dsg_size[in/out]: digest buffer size
54 | */
55 | int ls_hal_sm2_msg_digest(void *context,
56 | int type,
57 | const uint8_t *id, size_t id_size,
58 | const uint8_t *msg, size_t msg_size,
59 | uint8_t *dsg, size_t *dsg_size);
60 |
61 | /*
62 | * SM2 sign operation
63 | *
64 | * context[in]: hal_ctx, must be pre-allocated by the caller,
65 | * the size is got through ls_hal_ecc_get_ctx_size()
66 | * src[in]: input buffer
67 | * src_size[in]: input buffer size
68 | * dst[in]: output buffer
69 | * dst_size[in]: output buffer size
70 | */
71 | int ls_hal_sm2_sign(void *context,
72 | const uint8_t *src, size_t src_size,
73 | uint8_t *dst, size_t *dst_size);
74 |
75 | /*
76 | * SM2 verify operation
77 | *
78 | * context[in]: hal_ctx, must be pre-allocated by the caller,
79 | * the size is got through ls_hal_ecc_get_ctx_size()
80 | * src[in]: input buffer
81 | * src_size[in]: input buffer size
82 | * dst[in]: output buffer
83 | * dst_size[in]: output buffer size
84 | */
85 | int ls_hal_sm2_verify(void *context,
86 | const uint8_t *src, size_t src_size,
87 | const uint8_t *dst, size_t dst_size);
88 |
89 |
90 | #endif // __LS_HAL_SM2_H__
91 |
--------------------------------------------------------------------------------
/include/hal/ls_hal_sm4.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2016-2019 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __LS_HAL_SM4_H__
6 | #define __LS_HAL_SM4_H__
7 |
8 | /********************************************************************/
9 | /* SM4 HAL CRYPTO API */
10 | /********************************************************************/
11 |
12 | /*
13 | * Return the hal ctx size for hal aes ecb process
14 | * the hal ctx should defined by the user according
15 | * to the user's implementation
16 | */
17 | int ls_hal_sm4_ecb_get_size(void);
18 |
19 | /*
20 | * Initialize the hal_ctx
21 | *
22 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
23 | * the size is got through ls_hal_sm4_ecb_get_size()
24 | * is_enc[in]: encrypt(1)/decrypt(0) mode
25 | * key[in]: the aes encrypt/decrypt key
26 | * size[in]: key size(byte), the keysize can only be 16/24/32
27 | */
28 | int ls_hal_sm4_ecb_init(void *ctx,
29 | int is_enc, const uint8_t *key, size_t size);
30 |
31 | /*
32 | * AES ECB mode process
33 | *
34 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
35 | * the size is got through ls_hal_sm4_ecb_get_size()
36 | * src[in]: input buffer
37 | * dst[out]: output buffer
38 | * size[in]: the number of bytes to process,
39 | * must be multiple of BLOCK_SIZE(16)
40 | */
41 | int ls_hal_sm4_ecb_process(void *ctx, const uint8_t *src, uint8_t *dst, size_t size);
42 |
43 | /*
44 | * return the hal ctx size for hal aes cbc process
45 | * the hal ctx should defined by the user according
46 | * to the user's implementation
47 | */
48 | int ls_hal_sm4_cbc_get_size(void);
49 |
50 | /*
51 | * Initialize the hal_ctx
52 | *
53 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
54 | * the size is got through ls_hal_sm4_cbc_get_size()
55 | * is_enc[in]: encrypt(1)/decrypt(0) mode
56 | * key[in]: the aes encrypt/decrypt key
57 | * size[in]: key size(byte), the keysize can only be 16/24/32
58 | * iv[in/out]: initial vector
59 | */
60 | int ls_hal_sm4_cbc_init(void *ctx, int is_enc,
61 | const uint8_t *key, size_t key_size, uint8_t iv[16]);
62 |
63 | /*
64 | * AES CBC mode process
65 | *
66 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
67 | * the size is got through ls_hal_sm4_cbc_get_size()
68 | * src[in]: input buffer
69 | * dst[out]: output buffer
70 | * size[in]: the number of bytes to process,
71 | * must be multiple of BLOCK_SIZE(16)
72 | */
73 | int ls_hal_sm4_cbc_process(void *ctx, const uint8_t *src, uint8_t *dst, size_t size);
74 |
75 | /*
76 | * Return the hal ctx size for hal aes ctr process
77 | * the hal ctx should defined by the user according
78 | * to the user's implementation
79 | */
80 | int ls_hal_sm4_ctr_get_size(void);
81 |
82 | /*
83 | * Initialize the hal_ctx
84 | *
85 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
86 | * the size is got through ls_hal_sm4_ctr_get_size()
87 | * is_enc[in]: encrypt(1)/decrypt(0) mode
88 | * key[in]: the aes encrypt/decrypt key
89 | * size[in]: key size(byte), the keysize can only be 16/24/32
90 | * iv[in/out]: initial vector
91 | */
92 | int ls_hal_sm4_ctr_init(void *ctx, int is_enc,
93 | const uint8_t *key, size_t key_size, uint8_t iv[16]);
94 |
95 | /*
96 | * AES CTR mode process
97 | *
98 | * ctx[in]: hal_ctx, must be pre-allocated by the caller,
99 | * the size is got through ls_hal_sm4_ctr_get_size()
100 | * src[in]: input buffer
101 | * dst[out]: output buffer
102 | * size[in]: the number of bytes to process
103 | */
104 | int ls_hal_sm4_ctr_process(void *ctx, const uint8_t *src, uint8_t *dst, size_t size);
105 |
106 | #endif // __LS_HAL_SM4_H__
107 |
--------------------------------------------------------------------------------
/include/hal/ls_hal_sst.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2017-2019 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef _LS_HAL_SST_H_
6 | #define _LS_HAL_SST_H_
7 |
8 | #include
9 |
10 | #ifdef __cplusplus
11 | extern "C"
12 | {
13 | #endif
14 |
15 | /* sst hal error code */
16 | #define SST_HAL_SUCCESS (0x00000000)
17 | #define SST_HAL_ERROR_GENERIC (0xFFFF0000)
18 | #define SST_HAL_ERROR_ITEM_NOT_FOUND (0xFFFF0001)
19 | #define SST_HAL_ERROR_STORAGE_NO_SPACE (0xffff0002)
20 | #define SST_HAL_ERROR_BAD_PARAMETERS (0xffff0003)
21 | #define SST_HAL_ERROR_OUT_OF_MEMORY (0xffff0004)
22 | #define SST_HAL_ERROR_SHORT_BUFFER (0xffff0005)
23 | #define SST_HAL_ERROR_NOT_SUPPORTED (0xffff0006)
24 |
25 | /**
26 | * @brief init the kv module
27 | *
28 | * @note: if no need to init return SST_HAL_SUCCESS
29 | *
30 | * @return see sst hal error code.
31 | */
32 | uint32_t ls_hal_kv_init(void);
33 |
34 | /**
35 | * @brief deinit the kv module
36 | *
37 | * @retrun none
38 | */
39 | void ls_hal_kv_deinit(void);
40 |
41 | /**
42 | * Add a new KV pair.
43 | *
44 | * @note: if KV exist, update KV
45 | *
46 | * @param[in] key the key of the KV pair.
47 | * @param[in] value the value of the KV pair.
48 | * @param[in] len the length of the value.
49 | *
50 | * @return see sst hal error code.
51 | */
52 | uint32_t ls_hal_kv_set(const char *key, const void *value, uint32_t len);
53 |
54 | /**
55 | * Get the KV pair's value stored in buffer by its key.
56 | *
57 | * @note: if buffer is NULL and *buffer_len is 0, return SST_HAL_ERROR_SHORT_BUFFER
58 | * and set *buffer_len to the real length of the value
59 | * @note: if *buffer_len < real length, set *buffer_len = real length and return SST_HAL_ERROR_SHORT_BUFFER
60 | * @note: if key not exist return SST_HAL_ERROR_ITEM_NOT_FOUND
61 | *
62 | * @param[in] key the key of the KV pair to get.
63 | * @param[out] buffer the memory to store the value.
64 | * @param[in-out] buffer_len in: the length of the input buffer.
65 | * out: the real length of the value.
66 | *
67 | * @return see sst hal error code.
68 | */
69 | uint32_t ls_hal_kv_get(const char *key, void *buffer, uint32_t *buffer_len);
70 |
71 | /**
72 | * Delete the KV pair by its key.
73 | *
74 | * @param[in] key the key of the KV pair to delete.
75 | *
76 | * @return see sst hal error code.
77 | */
78 | uint32_t ls_hal_kv_del(const char *key);
79 |
80 | #ifdef __cplusplus
81 | }
82 | #endif
83 |
84 | #endif /* _LS_HAL_SST_H_ */
85 |
86 |
--------------------------------------------------------------------------------
/include/id2/id2_client_dpm.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2020-2022 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __ID2_CLIENT_DPM_H__
6 | #define __ID2_CLIENT_DPM_H__
7 |
8 | #include "id2_client.h"
9 |
10 | #ifdef __cplusplus
11 | extern "C" {
12 | #endif
13 |
14 | /* milli-seconds */
15 | #define ID2_DPM_OTP_STEP_MIN_LEN 180
16 | #define ID2_DPM_OTP_STEP_MAX_LEN 1800
17 |
18 | /* one-time password length */
19 | #define ID2_DPM_OTP_DATA_MIN_LEN 6
20 | #define ID2_DPM_OTP_DATA_MAX_LEN 16
21 |
22 | /**
23 | * @brief Get Time-based One-Time Password.
24 | *
25 | * @param [in] timestamp: Current Unix Time.
26 | * @param [in] index: Password index.
27 | * @param [in] otp_len: Specify the length of password.
28 | * @param [in] otp_step: Specify the step size of password.
29 | * @param [out] otp_data: Specify the buffer to contain output password data.
30 | *
31 | * @return: @see Error Codes.
32 | */
33 | irot_result_t id2_client_dpm_get_totp(uint64_t timestamp, uint32_t index,
34 | uint32_t otp_step, uint32_t otp_len, uint8_t *otp_data);
35 |
36 | /**
37 | * @brief Extract index from password.
38 | *
39 | * @param [in] otp_data: Password data.
40 | * @param [in] otp_len: The length of Password.
41 | * @param [out] index: Password index.
42 | *
43 | * @return: @see Error Codes.
44 | */
45 | irot_result_t id2_client_dpm_get_index(uint8_t *otp_data, uint32_t otp_len, uint32_t *index);
46 |
47 | #ifdef __cplusplus
48 | }
49 | #endif
50 |
51 | #endif /* __ID2_CLIENT_DPM_H__ */
52 |
53 |
--------------------------------------------------------------------------------
/include/irot/puf/irot_hal.h:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (C) 2019 - 2021 Alibaba Group Holding Limited.
3 | */
4 |
5 | #ifndef __IROT_HAL_H__
6 | #define __IROT_HAL_H__
7 |
8 | #include "ls_osa.h"
9 |
10 | #define ID2_ID_VERSION "05"
11 | #define ID2_ID_RESERVE "0000"
12 |
13 | #define ID2_ID_VERS_LEN 2 /* ID version field length in bytes */
14 | #define ID2_ID_VEND_LEN 8 /* ID vendor code field length in bytes */
15 | #define ID2_ID_RSVD_LEN 4 /* ID reserved field length in bytes */
16 | #define ID2_ID_SLEN_LEN 2 /* ID chip uid size field length in bytes */
17 |
18 | /**
19 | * @brief irot hal initialization.
20 | *
21 | * @return 0 - success; -1 - error.
22 | */
23 | int irot_hal_init(void);
24 |
25 | /**
26 | * @brief irot hal cleanup.
27 | */
28 | void irot_hal_cleanup(void);
29 |
30 | /**
31 | * @brief get the unique identifier.
32 | *
33 | * @param[out] id_buf: the output buffer, which is used to store uid.
34 | * @param[inout] id_len: in - the buffer length;
35 | * out - the actual uid length.
36 | *
37 | * @return 0 - success; -1 - error.
38 | */
39 | int irot_hal_get_uid(uint8_t *id_buf, uint32_t *id_len);
40 |
41 | /**
42 | * @brief get the ID2 ID string.
43 | *
44 | * @param[out] id_buf: the output buffer, which is used to store ID2 ID string.
45 | * @param[inout] id_len: in - the buffer length;
46 | * out - the actual ID2 ID length.
47 | *
48 | * @return 0 - success; -1 - error.
49 | */
50 | int irot_hal_get_id2(uint8_t *id_buf, uint32_t *id_len);
51 |
52 | /**
53 | * @brief generate signature with ID2 client private key.
54 | *
55 | * @param[in] msg: the message to be signed.
56 | * @param[in] msg_len: the input message length.
57 | * @param[out] sign: the output buffer, which is used to store signature.
58 | * @param[inout] sign_len: in - the buffer length;
59 | * out - the actual signdature length.
60 | *
61 | * @return 0 - success; -1 - error.
62 | */
63 | int irot_hal_id2_sign(
64 | uint8_t *msg, uint32_t msg_len, uint8_t *sign, uint32_t *sign_len);
65 |
66 | /**
67 | * @brief verify signature with ID2 server public key.
68 | *
69 | * @param[in] msg: the message to be signed.
70 | * @param[in] msg_len: the input message length.
71 | * @param[in] sign: the input signature to be verified.
72 | * @param[in] sign_len: the input signature length.
73 | *
74 | * @return 0 - success; -1 - error.
75 | */
76 | int irot_hal_id2_verify(
77 | uint8_t *msg, uint32_t msg_len, uint8_t *sign, uint32_t sign_len);
78 |
79 | /**
80 | * @brief encrypt data with ID2 server public key.
81 | *
82 | * @param[in] in_data: the input data to be encrypted.
83 | * @param[in] in_len: the input data length.
84 | * @param[out] out_data: the output buffer, which is used to store cipher data.
85 | * @param[inout] out_len: in - the buffer length;
86 | * out - the actual cipher data length.
87 | *
88 | * @return 0 - success; -1 - error.
89 | */
90 | int irot_hal_id2_encrypt(
91 | uint8_t *in_data, uint32_t in_len, uint8_t *out_data, uint32_t *out_len);
92 |
93 | /**
94 | * @brief decrypt cipher data with ID2 client private key.
95 | *
96 | * @param[in] in_data: the input cipher data to be decrypted.
97 | * @param[in] in_len: the input cipher data length.
98 | * @param[out] out_data: the output buffer, which is used to store plaintext data.
99 | * @param[inout] out_len: in - the buffer length
100 | * out - the actual plaintext data length.
101 | *
102 | * @return 0 - success; -1 - error.
103 | */
104 | int irot_hal_id2_decrypt(
105 | uint8_t *in_data, uint32_t in_len, uint8_t *out_data, uint32_t *out_len);
106 |
107 | #endif /* __IROT_HAL_H__ */
108 |
109 |
--------------------------------------------------------------------------------
/include/itls/aes_alt.h:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (C) 2017-2019 Alibaba Group Holding Limited.
3 | */
4 |
5 | #ifndef MBEDTLS_AES_ALT_H
6 | #define MBEDTLS_AES_ALT_H
7 |
8 | #include
9 | #include
10 |
11 | #ifdef __cplusplus
12 | extern "C" {
13 | #endif
14 |
15 | #define AES_STATUS_NONE 0
16 | #define AES_STATUS_INIT 1
17 | #define AES_STATUS_PROCESS 2
18 |
19 | typedef struct
20 | {
21 | size_t reset;
22 | size_t status;
23 | uint8_t key[32];
24 | size_t key_len;
25 | void *ali_ctx;
26 | } mbedtls_aes_context;
27 |
28 | void mbedtls_aes_init_alt( mbedtls_aes_context *ctx );
29 | void mbedtls_aes_free_alt( mbedtls_aes_context *ctx );
30 |
31 | int mbedtls_aes_setkey_enc_alt( mbedtls_aes_context *ctx, const unsigned char *key,
32 | unsigned int keybits );
33 | int mbedtls_aes_setkey_dec_alt( mbedtls_aes_context *ctx, const unsigned char *key,
34 | unsigned int keybits );
35 |
36 | int mbedtls_aes_crypt_ecb_alt( mbedtls_aes_context *ctx,
37 | int mode,
38 | const unsigned char input[16],
39 | unsigned char output[16] );
40 | int mbedtls_aes_crypt_cbc_alt( mbedtls_aes_context *ctx,
41 | int mode,
42 | size_t length,
43 | unsigned char iv[16],
44 | const unsigned char *input,
45 | unsigned char *output );
46 | #ifdef __cplusplus
47 | }
48 | #endif
49 |
50 | #endif /* MBEDTLS_AES_ALT_H */
51 |
--------------------------------------------------------------------------------
/include/itls/cipher_internal.h:
--------------------------------------------------------------------------------
1 | /**
2 | * \file cipher_internal.h
3 | *
4 | * \brief Cipher wrappers.
5 | *
6 | * \author Adriaan de Jong
7 | *
8 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
9 | * SPDX-License-Identifier: Apache-2.0
10 | *
11 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
12 | * not use this file except in compliance with the License.
13 | * You may obtain a copy of the License at
14 | *
15 | * http://www.apache.org/licenses/LICENSE-2.0
16 | *
17 | * Unless required by applicable law or agreed to in writing, software
18 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
19 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 | * See the License for the specific language governing permissions and
21 | * limitations under the License.
22 | *
23 | * This file is part of mbed TLS (https://tls.mbed.org)
24 | */
25 | #ifndef MBEDTLS_CIPHER_WRAP_H
26 | #define MBEDTLS_CIPHER_WRAP_H
27 |
28 | #if !defined(MBEDTLS_CONFIG_FILE)
29 | #include "config.h"
30 | #else
31 | #include MBEDTLS_CONFIG_FILE
32 | #endif
33 |
34 | #include "cipher.h"
35 |
36 | #ifdef __cplusplus
37 | extern "C" {
38 | #endif
39 |
40 | /**
41 | * Base cipher information. The non-mode specific functions and values.
42 | */
43 | struct mbedtls_cipher_base_t
44 | {
45 | /** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */
46 | mbedtls_cipher_id_t cipher;
47 |
48 | /** Encrypt using ECB */
49 | int (*ecb_func)( void *ctx, mbedtls_operation_t mode,
50 | const unsigned char *input, unsigned char *output );
51 |
52 | #if defined(MBEDTLS_CIPHER_MODE_CBC)
53 | /** Encrypt using CBC */
54 | int (*cbc_func)( void *ctx, mbedtls_operation_t mode, size_t length,
55 | unsigned char *iv, const unsigned char *input,
56 | unsigned char *output );
57 | #endif
58 |
59 | #if defined(MBEDTLS_CIPHER_MODE_CFB)
60 | /** Encrypt using CFB (Full length) */
61 | int (*cfb_func)( void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off,
62 | unsigned char *iv, const unsigned char *input,
63 | unsigned char *output );
64 | #endif
65 |
66 | #if defined(MBEDTLS_CIPHER_MODE_CTR)
67 | /** Encrypt using CTR */
68 | int (*ctr_func)( void *ctx, size_t length, size_t *nc_off,
69 | unsigned char *nonce_counter, unsigned char *stream_block,
70 | const unsigned char *input, unsigned char *output );
71 | #endif
72 |
73 | #if defined(MBEDTLS_CIPHER_MODE_STREAM)
74 | /** Encrypt using STREAM */
75 | int (*stream_func)( void *ctx, size_t length,
76 | const unsigned char *input, unsigned char *output );
77 | #endif
78 |
79 | /** Set key for encryption purposes */
80 | int (*setkey_enc_func)( void *ctx, const unsigned char *key,
81 | unsigned int key_bitlen );
82 |
83 | /** Set key for decryption purposes */
84 | int (*setkey_dec_func)( void *ctx, const unsigned char *key,
85 | unsigned int key_bitlen);
86 |
87 | /** Allocate a new context */
88 | void * (*ctx_alloc_func)( void );
89 |
90 | /** Free the given context */
91 | void (*ctx_free_func)( void *ctx );
92 |
93 | };
94 |
95 | typedef struct
96 | {
97 | mbedtls_cipher_type_t type;
98 | const mbedtls_cipher_info_t *info;
99 | } mbedtls_cipher_definition_t;
100 |
101 | extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[];
102 |
103 | extern int mbedtls_cipher_supported[];
104 |
105 | #ifdef __cplusplus
106 | }
107 | #endif
108 |
109 | #endif /* MBEDTLS_CIPHER_WRAP_H */
110 |
--------------------------------------------------------------------------------
/include/itls/config.h:
--------------------------------------------------------------------------------
1 | /**
2 | * \file config.h
3 | *
4 | * \brief Configuration options (set of defines)
5 | *
6 | * This set of compile-time options may be used to enable
7 | * or disable features selectively, and reduce the global
8 | * memory footprint.
9 | *
10 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
11 | * SPDX-License-Identifier: Apache-2.0
12 | *
13 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
14 | * not use this file except in compliance with the License.
15 | * You may obtain a copy of the License at
16 | *
17 | * http://www.apache.org/licenses/LICENSE-2.0
18 | *
19 | * Unless required by applicable law or agreed to in writing, software
20 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
21 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22 | * See the License for the specific language governing permissions and
23 | * limitations under the License.
24 | *
25 | * This file is part of mbed TLS (https://tls.mbed.org)
26 | */
27 |
28 | #ifndef MBEDTLS_CONFIG_H
29 | #define MBEDTLS_CONFIG_H
30 |
31 | /* System support */
32 | #define MBEDTLS_HAVE_ASM
33 | #define MBEDTLS_PLATFORM_C
34 | #define MBEDTLS_PLATFORM_ALT
35 |
36 | /* mbed TLS feature support */
37 | #define MBEDTLS_CIPHER_MODE_CBC
38 | #define MBEDTLS_SSL_PROTO_TLS1_2
39 |
40 | /* mbed TLS modules */
41 | #define MBEDTLS_AES_C
42 | #define MBEDTLS_CIPHER_C
43 | #define MBEDTLS_NET_C
44 | #define MBEDTLS_MD_C
45 | #define MBEDTLS_SHA256_C
46 | #define MBEDTLS_SSL_CLI_C
47 | #define MBEDTLS_SSL_TLS_C
48 | #define MBEDTLS_SSL_SESSION_TICKETS
49 | #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
50 |
51 | /* mbed DTLS modules */
52 | #ifndef CONFIG_SSL_DTLS_NO
53 | #define MBEDTLS_TIMING_C
54 | #define MBEDTLS_SSL_COOKIE_C
55 | #define MBEDTLS_SSL_PROTO_DTLS
56 | #define MBEDTLS_SSL_DTLS_ANTI_REPLAY
57 | #endif /* CONFIG_SSL_DTLS */
58 |
59 | /* iTLS modules */
60 | #define MBEDTLS_SSL_PROTO_ITLS
61 | #define MBEDTLS_KEY_EXCHANGE_ID2_ENABLED
62 |
63 | /* iTLS debug */
64 | #ifndef CONFIG_SSL_DEBUG_NO
65 | #define MBEDTLS_DEBUG_C
66 | #endif
67 |
68 | #define MBEDTLS_NET_ALT
69 | #define MBEDTLS_AES_ALT
70 | #define MBEDTLS_SHA256_ALT
71 | #define MBEDTLS_TIMING_ALT
72 |
73 | #ifdef CONFIG_MAX_CONTENT_LEN
74 | #define MBEDTLS_SSL_MAX_CONTENT_LEN CONFIG_MAX_CONTENT_LEN
75 | #endif
76 |
77 | #include "check_config.h"
78 |
79 | #endif /* MBEDTLS_CONFIG_H */
80 |
--------------------------------------------------------------------------------
/include/itls/hal_itls.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2015-2018 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __HAL_ITLS_H__
6 | #define __HAL_ITLS_H__
7 |
8 | #include
9 |
10 | #ifdef __cplusplus
11 | extern "C"
12 | #endif
13 |
14 | /**
15 | * @brief Get itls library version.
16 | *
17 | * @param [out] version: @n A pointer to a buffer to receive version string.
18 | * @see None.
19 | * @note None.
20 | */
21 | void hal_itls_get_version(char version[16]);
22 |
23 | /**
24 | * @brief Set itls debug levels.
25 | *
26 | * @param [in] debug_level: @n Specify itls debug levels:
27 | * - 0 No debug
28 | * - 1 Error
29 | * - 2 State change
30 | * - 3 Informational
31 | * - 4 Verbose
32 | * @see None.
33 | * @note None.
34 | */
35 | void hal_itls_set_debug_level(uint32_t debug_level);
36 |
37 | /**
38 | * @brief Establish a itls connection.
39 | *
40 | * @param [in] host: @n Specify the hostname(IP) of the itls server
41 | * @param [in] port: @n Specify the port of itls server
42 | * @param [in] product_key @n Specify the product key, terminated with '\0'.
43 | * @param [in] product_secret @n Specify the product secret, terminated with '\0'.
44 | * @return itls handle.
45 | * @see None.
46 | * @note None.
47 | */
48 | uintptr_t hal_itls_establish(
49 | const char *host,
50 | uint32_t port,
51 | const char *product_key,
52 | const char *product_secret);
53 |
54 | /**
55 | * @brief Establish a itls connection in timeout seconds.
56 | *
57 | * @param [in] host: @n Specify the hostname(IP) of the itls server
58 | * @param [in] port: @n Specify the port of itls server
59 | * @param [in] product_key @n Specify the product key, terminated with '\0'.
60 | * @param [in] product_secret @n Specify the product secret, terminated with '\0'.
61 | * @param [in] timeout @n Specify the maximum number of seconds to wait.
62 | * @return itls handle.
63 | * @see None.
64 | * @note None.
65 | */
66 | uintptr_t hal_itls_establish_timeout(
67 | const char *host,
68 | uint32_t port,
69 | const char *product_key,
70 | const char *product_secret,
71 | uint32_t timeout);
72 |
73 | /**
74 | * @brief Get message alert type if hal_itls_establish or hal_itls_establish_timeout fail.
75 | *
76 | * @return message alert type.
77 | * @see extended alert type for id2:
78 | * 160 : id2 generic error
79 | * 161 : id2 no quota
80 | * 162 : id2 is not exist
81 | * 163 : id2 authcode is invalid
82 | * 164 : id2 has not been activated
83 | * 165 : the timestamp used in authcode is expired
84 | * 166 : id2 challenge is invalid
85 | * 167 : not support this operation
86 | * 168 : id2 has been suspended
87 | * 169 : id2 has been discarded
88 | * 170 : permission denied, id2 has been binded to other product key
89 | * 171 : product key is invalid
90 | * 172 : Product key is not exist
91 | * 173 : id2 server is busy
92 | * 174 : the device fingerprint is invalid
93 | * 175 : the device fingerprint is duplicated
94 | * 176 : id2 server random is invalid
95 | * 177 : hash type used in authcode generated is invalid
96 | * 178 : id2 key type is invalid
97 | */
98 | uint32_t hal_itls_get_alert_type(void);
99 |
100 | /**
101 | * @brief Destroy the specific itls connection.
102 | *
103 | * @param[in] handle: @n Handle of the specific connection.
104 | *
105 | * @return The result of destroy ssl
106 | *
107 | * @retval < 0 : Fail.
108 | * @retval 0 : Success.
109 | */
110 | int32_t hal_itls_destroy(uintptr_t handle);
111 |
112 | /**
113 | * @brief Write data into the specific itls connection.
114 | *
115 | * @param [in] handle: @n Handle of a itls connection.
116 | * @param [in] buf: @n A pointer to a buffer containing the data to be transmitted.
117 | * @param [in] len: @n The length, in bytes, of the data pointed to by the 'buf' parameter.
118 | * @param [in] timeout_ms: @n Specify the timeout value in millisecond.
119 | *
120 | * @retval < 0 : itls connection error occur..
121 | * @retval 0 : No any data be write into the SSL connection in 'timeout_ms' timeout period.
122 | * @retval (0, len] : The total number of bytes be written in 'timeout_ms' timeout period.
123 | * @see None.
124 | */
125 | int32_t hal_itls_write(uintptr_t handle, const char *buf, int len, int timeout_ms);
126 |
127 | /**
128 | * @brief Read data from the specific SSL connection with timeout parameter.
129 | *
130 | * @param [in] handle: @n Handle of a itls connection.
131 | * @param [out] buf: @n A pointer to a buffer to receive incoming data.
132 | * @param [out] len: @n The length, in bytes, of the data pointed to by the 'buf' parameter.
133 | * @param [in] timeout_ms: @n Specify the timeout value in millisecond.
134 | *
135 | * @retval -2 : itls connection error occur.
136 | * @retval -1 : itls connection be closed by remote server.
137 | * @retval 0 : No any data be received in 'timeout_ms' timeout period.
138 | * @retval (0, len] : The total number of bytes be received in 'timeout_ms' timeout period.
139 | * @see None.
140 | */
141 | int32_t hal_itls_read(uintptr_t handle, char *buf, int len, int timeout_ms);
142 |
143 | #ifdef __cplusplus
144 | }
145 | #endif
146 |
147 | #endif /* __HAL_ITLS_H__ */
148 |
--------------------------------------------------------------------------------
/include/itls/md_internal.h:
--------------------------------------------------------------------------------
1 | /**
2 | * \file md_internal.h
3 | *
4 | * \brief Message digest wrappers.
5 | *
6 | * \warning This in an internal header. Do not include directly.
7 | *
8 | * \author Adriaan de Jong
9 | *
10 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
11 | * SPDX-License-Identifier: Apache-2.0
12 | *
13 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
14 | * not use this file except in compliance with the License.
15 | * You may obtain a copy of the License at
16 | *
17 | * http://www.apache.org/licenses/LICENSE-2.0
18 | *
19 | * Unless required by applicable law or agreed to in writing, software
20 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
21 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22 | * See the License for the specific language governing permissions and
23 | * limitations under the License.
24 | *
25 | * This file is part of mbed TLS (https://tls.mbed.org)
26 | */
27 | #ifndef MBEDTLS_MD_WRAP_H
28 | #define MBEDTLS_MD_WRAP_H
29 |
30 | #if !defined(MBEDTLS_CONFIG_FILE)
31 | #include "config.h"
32 | #else
33 | #include MBEDTLS_CONFIG_FILE
34 | #endif
35 |
36 | #include "md.h"
37 |
38 | #ifdef __cplusplus
39 | extern "C" {
40 | #endif
41 |
42 | /**
43 | * Message digest information.
44 | * Allows message digest functions to be called in a generic way.
45 | */
46 | struct mbedtls_md_info_t
47 | {
48 | /** Digest identifier */
49 | mbedtls_md_type_t type;
50 |
51 | /** Name of the message digest */
52 | const char * name;
53 |
54 | /** Output length of the digest function in bytes */
55 | int size;
56 |
57 | /** Block length of the digest function in bytes */
58 | int block_size;
59 |
60 | /** Digest initialisation function */
61 | void (*starts_func)( void *ctx );
62 |
63 | /** Digest update function */
64 | void (*update_func)( void *ctx, const unsigned char *input, size_t ilen );
65 |
66 | /** Digest finalisation function */
67 | void (*finish_func)( void *ctx, unsigned char *output );
68 |
69 | /** Generic digest function */
70 | void (*digest_func)( const unsigned char *input, size_t ilen,
71 | unsigned char *output );
72 |
73 | /** Allocate a new context */
74 | void * (*ctx_alloc_func)( void );
75 |
76 | /** Free the given context */
77 | void (*ctx_free_func)( void *ctx );
78 |
79 | /** Clone state from a context */
80 | void (*clone_func)( void *dst, const void *src );
81 |
82 | /** Internal use only */
83 | void (*process_func)( void *ctx, const unsigned char *input );
84 | };
85 |
86 | #if defined(MBEDTLS_MD2_C)
87 | extern const mbedtls_md_info_t mbedtls_md2_info;
88 | #endif
89 | #if defined(MBEDTLS_MD4_C)
90 | extern const mbedtls_md_info_t mbedtls_md4_info;
91 | #endif
92 | #if defined(MBEDTLS_MD5_C)
93 | extern const mbedtls_md_info_t mbedtls_md5_info;
94 | #endif
95 | #if defined(MBEDTLS_RIPEMD160_C)
96 | extern const mbedtls_md_info_t mbedtls_ripemd160_info;
97 | #endif
98 | #if defined(MBEDTLS_SHA1_C)
99 | extern const mbedtls_md_info_t mbedtls_sha1_info;
100 | #endif
101 | #if defined(MBEDTLS_SHA256_C)
102 | extern const mbedtls_md_info_t mbedtls_sha224_info;
103 | extern const mbedtls_md_info_t mbedtls_sha256_info;
104 | #endif
105 | #if defined(MBEDTLS_SHA512_C)
106 | extern const mbedtls_md_info_t mbedtls_sha384_info;
107 | extern const mbedtls_md_info_t mbedtls_sha512_info;
108 | #endif
109 |
110 | #ifdef __cplusplus
111 | }
112 | #endif
113 |
114 | #endif /* MBEDTLS_MD_WRAP_H */
115 |
--------------------------------------------------------------------------------
/include/itls/net.h:
--------------------------------------------------------------------------------
1 | /**
2 | * \file net.h
3 | *
4 | * \brief Deprecated header file that includes mbedtls/net_sockets.h
5 | *
6 | * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
7 | * SPDX-License-Identifier: Apache-2.0
8 | *
9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 | * not use this file except in compliance with the License.
11 | * You may obtain a copy of the License at
12 | *
13 | * http://www.apache.org/licenses/LICENSE-2.0
14 | *
15 | * Unless required by applicable law or agreed to in writing, software
16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 | * See the License for the specific language governing permissions and
19 | * limitations under the License.
20 | *
21 | * This file is part of mbed TLS (https://tls.mbed.org)
22 | *
23 | * \deprecated Superseded by mbedtls/net_sockets.h
24 | */
25 |
26 | #include "itls/net_sockets.h"
27 |
--------------------------------------------------------------------------------
/include/itls/sha1.h:
--------------------------------------------------------------------------------
1 | /**
2 | * \file sha1.h
3 | *
4 | * \brief SHA-1 cryptographic hash function
5 | *
6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
7 | * SPDX-License-Identifier: Apache-2.0
8 | *
9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 | * not use this file except in compliance with the License.
11 | * You may obtain a copy of the License at
12 | *
13 | * http://www.apache.org/licenses/LICENSE-2.0
14 | *
15 | * Unless required by applicable law or agreed to in writing, software
16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 | * See the License for the specific language governing permissions and
19 | * limitations under the License.
20 | *
21 | * This file is part of mbed TLS (https://tls.mbed.org)
22 | */
23 | #ifndef MBEDTLS_SHA1_H
24 | #define MBEDTLS_SHA1_H
25 |
26 | #if !defined(MBEDTLS_CONFIG_FILE)
27 | #include "config.h"
28 | #else
29 | #include MBEDTLS_CONFIG_FILE
30 | #endif
31 |
32 | #include
33 | #include
34 |
35 | #if !defined(MBEDTLS_SHA1_ALT)
36 | // Regular implementation
37 | //
38 |
39 | #ifdef __cplusplus
40 | extern "C" {
41 | #endif
42 |
43 | /**
44 | * \brief SHA-1 context structure
45 | */
46 | typedef struct {
47 | uint32_t total[2]; /*!< number of bytes processed */
48 | uint32_t state[5]; /*!< intermediate digest state */
49 | unsigned char buffer[64]; /*!< data block being processed */
50 | }
51 | mbedtls_sha1_context;
52 |
53 | /**
54 | * \brief Initialize SHA-1 context
55 | *
56 | * \param ctx SHA-1 context to be initialized
57 | */
58 | void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
59 |
60 | /**
61 | * \brief Clear SHA-1 context
62 | *
63 | * \param ctx SHA-1 context to be cleared
64 | */
65 | void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
66 |
67 | /**
68 | * \brief Clone (the state of) a SHA-1 context
69 | *
70 | * \param dst The destination context
71 | * \param src The context to be cloned
72 | */
73 | void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
74 | const mbedtls_sha1_context *src );
75 |
76 | /**
77 | * \brief SHA-1 context setup
78 | *
79 | * \param ctx context to be initialized
80 | */
81 | void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
82 |
83 | /**
84 | * \brief SHA-1 process buffer
85 | *
86 | * \param ctx SHA-1 context
87 | * \param input buffer holding the data
88 | * \param ilen length of the input data
89 | */
90 | void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen );
91 |
92 | /**
93 | * \brief SHA-1 final digest
94 | *
95 | * \param ctx SHA-1 context
96 | * \param output SHA-1 checksum result
97 | */
98 | void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] );
99 |
100 | /* Internal use */
101 | void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] );
102 |
103 | #ifdef __cplusplus
104 | }
105 | #endif
106 |
107 | #else /* MBEDTLS_SHA1_ALT */
108 | #include "sha1_alt.h"
109 | #endif /* MBEDTLS_SHA1_ALT */
110 |
111 | #ifdef __cplusplus
112 | extern "C" {
113 | #endif
114 |
115 | #if !defined(MBEDTLS_SHA1_ALT)
116 | /**
117 | * \brief Output = SHA-1( input buffer )
118 | *
119 | * \param input buffer holding the data
120 | * \param ilen length of the input data
121 | * \param output SHA-1 checksum result
122 | */
123 | void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] );
124 | #endif /* MBEDTLS_SHA1_ALT */
125 |
126 | /**
127 | * \brief Checkup routine
128 | *
129 | * \return 0 if successful, or 1 if the test failed
130 | */
131 | int mbedtls_sha1_self_test( int verbose );
132 |
133 | #ifdef __cplusplus
134 | }
135 | #endif
136 |
137 | #endif /* mbedtls_sha1.h */
138 |
--------------------------------------------------------------------------------
/include/itls/sha1_alt.h:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (C) 2017-2019 Alibaba Group Holding Limited.
3 | */
4 |
5 | #ifndef MBEDTLS_SHA1_ALT_H
6 | #define MBEDTLS_SHA1_ALT_H
7 |
8 | #include
9 | #include
10 |
11 | #ifdef __cplusplus
12 | extern "C" {
13 | #endif
14 |
15 | typedef struct {
16 | size_t size;
17 | void *ali_ctx;
18 | } mbedtls_sha1_context;
19 |
20 | void mbedtls_sha1_init_alt(mbedtls_sha1_context *ctx);
21 | void mbedtls_sha1_free_alt(mbedtls_sha1_context *ctx);
22 |
23 | void mbedtls_sha1_clone_alt(mbedtls_sha1_context *dst,
24 | const mbedtls_sha1_context *src);
25 |
26 | void mbedtls_sha1_starts_alt(mbedtls_sha1_context *ctx);
27 | void mbedtls_sha1_update_alt(mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen);
28 | void mbedtls_sha1_finish_alt(mbedtls_sha1_context *ctx, unsigned char output[20]);
29 |
30 | void mbedtls_sha1_alt( const unsigned char *input, size_t ilen, unsigned char output[20] );
31 |
32 | #ifdef __cplusplus
33 | }
34 | #endif
35 |
36 | #endif /* MBEDTLS_SHA1_ALT_H */
37 |
--------------------------------------------------------------------------------
/include/itls/sha256.h:
--------------------------------------------------------------------------------
1 | /**
2 | * \file sha256.h
3 | *
4 | * \brief SHA-224 and SHA-256 cryptographic hash function
5 | *
6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
7 | * SPDX-License-Identifier: Apache-2.0
8 | *
9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 | * not use this file except in compliance with the License.
11 | * You may obtain a copy of the License at
12 | *
13 | * http://www.apache.org/licenses/LICENSE-2.0
14 | *
15 | * Unless required by applicable law or agreed to in writing, software
16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 | * See the License for the specific language governing permissions and
19 | * limitations under the License.
20 | *
21 | * This file is part of mbed TLS (https://tls.mbed.org)
22 | */
23 | #ifndef MBEDTLS_SHA256_H
24 | #define MBEDTLS_SHA256_H
25 |
26 | #if !defined(MBEDTLS_CONFIG_FILE)
27 | #include "config.h"
28 | #else
29 | #include MBEDTLS_CONFIG_FILE
30 | #endif
31 |
32 | #include
33 | #include
34 |
35 | #if !defined(MBEDTLS_SHA256_ALT)
36 | // Regular implementation
37 | //
38 |
39 | #ifdef __cplusplus
40 | extern "C" {
41 | #endif
42 |
43 | /**
44 | * \brief SHA-256 context structure
45 | */
46 | typedef struct {
47 | uint32_t total[2]; /*!< number of bytes processed */
48 | uint32_t state[8]; /*!< intermediate digest state */
49 | unsigned char buffer[64]; /*!< data block being processed */
50 | int is224; /*!< 0 => SHA-256, else SHA-224 */
51 | }
52 | mbedtls_sha256_context;
53 |
54 | /**
55 | * \brief Initialize SHA-256 context
56 | *
57 | * \param ctx SHA-256 context to be initialized
58 | */
59 | void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
60 |
61 | /**
62 | * \brief Clear SHA-256 context
63 | *
64 | * \param ctx SHA-256 context to be cleared
65 | */
66 | void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
67 |
68 | /**
69 | * \brief Clone (the state of) a SHA-256 context
70 | *
71 | * \param dst The destination context
72 | * \param src The context to be cloned
73 | */
74 | void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
75 | const mbedtls_sha256_context *src );
76 |
77 | /**
78 | * \brief SHA-256 context setup
79 | *
80 | * \param ctx context to be initialized
81 | * \param is224 0 = use SHA256, 1 = use SHA224
82 | */
83 | void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 );
84 |
85 | /**
86 | * \brief SHA-256 process buffer
87 | *
88 | * \param ctx SHA-256 context
89 | * \param input buffer holding the data
90 | * \param ilen length of the input data
91 | */
92 | void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
93 | size_t ilen );
94 |
95 | /**
96 | * \brief SHA-256 final digest
97 | *
98 | * \param ctx SHA-256 context
99 | * \param output SHA-224/256 checksum result
100 | */
101 | void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] );
102 |
103 | /* Internal use */
104 | void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] );
105 |
106 | #ifdef __cplusplus
107 | }
108 | #endif
109 |
110 | #else /* MBEDTLS_SHA256_ALT */
111 | #include "sha256_alt.h"
112 | #endif /* MBEDTLS_SHA256_ALT */
113 |
114 | #ifdef __cplusplus
115 | extern "C" {
116 | #endif
117 |
118 | #if !defined(MBEDTLS_SHA256_ALT)
119 | /**
120 | * \brief Output = SHA-256( input buffer )
121 | *
122 | * \param input buffer holding the data
123 | * \param ilen length of the input data
124 | * \param output SHA-224/256 checksum result
125 | * \param is224 0 = use SHA256, 1 = use SHA224
126 | */
127 | void mbedtls_sha256( const unsigned char *input, size_t ilen,
128 | unsigned char output[32], int is224 );
129 | #endif /* MBEDTLS_SHA256_ALT */
130 |
131 | /**
132 | * \brief Checkup routine
133 | *
134 | * \return 0 if successful, or 1 if the test failed
135 | */
136 | int mbedtls_sha256_self_test( int verbose );
137 |
138 | #ifdef __cplusplus
139 | }
140 | #endif
141 |
142 | #endif /* mbedtls_sha256.h */
143 |
--------------------------------------------------------------------------------
/include/itls/sha256_alt.h:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (C) 2017-2019 Alibaba Group Holding Limited.
3 | */
4 |
5 | #ifndef MBEDTLS_SHA256_ALT_H
6 | #define MBEDTLS_SHA256_ALT_H
7 |
8 | #include
9 | #include
10 |
11 | #ifdef __cplusplus
12 | extern "C" {
13 | #endif
14 |
15 | typedef struct {
16 | size_t size;
17 | void *ali_ctx;
18 | } mbedtls_sha256_context;
19 |
20 | void mbedtls_sha256_init_alt(mbedtls_sha256_context *ctx);
21 | void mbedtls_sha256_free_alt(mbedtls_sha256_context *ctx);
22 |
23 | void mbedtls_sha256_clone_alt(mbedtls_sha256_context *dst,
24 | const mbedtls_sha256_context *src);
25 |
26 | void mbedtls_sha256_starts_alt(mbedtls_sha256_context *ctx, int is224);
27 | void mbedtls_sha256_update_alt(mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen);
28 | void mbedtls_sha256_finish_alt(mbedtls_sha256_context *ctx, unsigned char output[32]);
29 |
30 | void mbedtls_sha256_alt(const unsigned char *input, size_t ilen, unsigned char output[32], int is224);
31 |
32 | #ifdef __cplusplus
33 | }
34 | #endif
35 |
36 | #endif /* MBEDTLS_SHA256_ALT_H */
37 |
--------------------------------------------------------------------------------
/include/itls/ssl_auth.h:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (C) 2017-2019 Alibaba Group Holding Limited.
3 | */
4 |
5 | #ifndef MBEDTLS_AUTH_H
6 | #define MBEDTLS_AUTH_H
7 |
8 | #include
9 | #include
10 |
11 | #ifdef __cplusplus
12 | extern "C" {
13 | #endif
14 |
15 | /* Key Groups */
16 | #define MBEDTLS_KEY_GROUP_ALIBABA_ID2 (0x10001000)
17 |
18 | int mbedtls_write_auth_extra_ext(
19 | mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen);
20 |
21 | int mbedtls_write_key_id_ext(
22 | mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen);
23 |
24 | int mbedtls_write_auth_code_ext(
25 | mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen);
26 |
27 | int mbedtls_parse_hello_verify_ext(
28 | mbedtls_ssl_context *ssl, unsigned char *buf, size_t len);
29 |
30 | int mbedtls_parse_auth_code_ext(
31 | mbedtls_ssl_context *ssl, unsigned char *buf, size_t len);
32 |
33 | int mbedtls_parse_pre_master_secret_ext(
34 | mbedtls_ssl_context *ssl, unsigned char *buf, size_t len);
35 |
36 | #ifdef __cplusplus
37 | }
38 | #endif
39 |
40 | #endif /* MBEDTLS_AUTH_H */
41 |
--------------------------------------------------------------------------------
/include/itls/timing.h:
--------------------------------------------------------------------------------
1 | /**
2 | * \file timing.h
3 | *
4 | * \brief Portable interface to the CPU cycle counter
5 | *
6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
7 | * SPDX-License-Identifier: Apache-2.0
8 | *
9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 | * not use this file except in compliance with the License.
11 | * You may obtain a copy of the License at
12 | *
13 | * http://www.apache.org/licenses/LICENSE-2.0
14 | *
15 | * Unless required by applicable law or agreed to in writing, software
16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 | * See the License for the specific language governing permissions and
19 | * limitations under the License.
20 | *
21 | * This file is part of mbed TLS (https://tls.mbed.org)
22 | */
23 | #ifndef MBEDTLS_TIMING_H
24 | #define MBEDTLS_TIMING_H
25 |
26 | #if !defined(MBEDTLS_CONFIG_FILE)
27 | #include "itls/config.h"
28 | #else
29 | #include MBEDTLS_CONFIG_FILE
30 | #endif
31 |
32 | #include
33 |
34 | #ifdef __cplusplus
35 | extern "C" {
36 | #endif
37 |
38 | /**
39 | * \brief timer structure
40 | */
41 | struct mbedtls_timing_hr_time
42 | {
43 | unsigned char opaque[32];
44 | };
45 |
46 | /**
47 | * \brief Context for mbedtls_timing_set/get_delay()
48 | */
49 | typedef struct
50 | {
51 | struct mbedtls_timing_hr_time timer;
52 | uint32_t int_ms;
53 | uint32_t fin_ms;
54 | } mbedtls_timing_delay_context;
55 |
56 | extern volatile int mbedtls_timing_alarmed;
57 |
58 | /**
59 | * \brief Return the CPU cycle counter value
60 | *
61 | * \warning This is only a best effort! Do not rely on this!
62 | * In particular, it is known to be unreliable on virtual
63 | * machines.
64 | */
65 | unsigned long mbedtls_timing_hardclock( void );
66 |
67 | /**
68 | * \brief Return the elapsed time in milliseconds
69 | *
70 | * \param val points to a timer structure
71 | * \param reset if set to 1, the timer is restarted
72 | */
73 | unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset );
74 |
75 | /**
76 | * \brief Setup an alarm clock
77 | *
78 | * \param seconds delay before the "mbedtls_timing_alarmed" flag is set
79 | *
80 | * \warning Only one alarm at a time is supported. In a threaded
81 | * context, this means one for the whole process, not one per
82 | * thread.
83 | */
84 | void mbedtls_set_alarm( int seconds );
85 |
86 | /**
87 | * \brief Set a pair of delays to watch
88 | * (See \c mbedtls_timing_get_delay().)
89 | *
90 | * \param data Pointer to timing data
91 | * Must point to a valid \c mbedtls_timing_delay_context struct.
92 | * \param int_ms First (intermediate) delay in milliseconds.
93 | * \param fin_ms Second (final) delay in milliseconds.
94 | * Pass 0 to cancel the current delay.
95 | */
96 | void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
97 |
98 | /**
99 | * \brief Get the status of delays
100 | * (Memory helper: number of delays passed.)
101 | *
102 | * \param data Pointer to timing data
103 | * Must point to a valid \c mbedtls_timing_delay_context struct.
104 | *
105 | * \return -1 if cancelled (fin_ms = 0)
106 | * 0 if none of the delays are passed,
107 | * 1 if only the intermediate delay is passed,
108 | * 2 if the final delay is passed.
109 | */
110 | int mbedtls_timing_get_delay( void *data );
111 |
112 | #ifdef __cplusplus
113 | }
114 | #endif
115 |
116 | #ifdef __cplusplus
117 | extern "C" {
118 | #endif
119 |
120 | #if defined(MBEDTLS_SELF_TEST)
121 | /**
122 | * \brief Checkup routine
123 | *
124 | * \return 0 if successful, or 1 if a test failed
125 | */
126 | int mbedtls_timing_self_test( int verbose );
127 | #endif
128 |
129 | #ifdef __cplusplus
130 | }
131 | #endif
132 |
133 | #endif /* timing.h */
134 |
--------------------------------------------------------------------------------
/make.settings:
--------------------------------------------------------------------------------
1 | #Link ID2 Config
2 |
3 | # ID2 SDK Debug
4 | CONFIG_LS_ID2_DEBUG := N
5 |
6 | # ID2 Field Provisioning
7 | CONFIG_LS_ID2_OTP := Y
8 |
9 | # ID2 Root of Trust Type, SE|Demo|MDU|PUF|KM
10 | CONFIG_LS_ID2_ROT_TYPE := Demo
11 |
12 | # ID2 Key Type, 3DES|AES|RSA|ECC|SM1|SM2|SM4
13 | CONFIG_LS_ID2_KEY_TYPE := AES
14 |
15 | # ID2 EC DP Type, K-163|K-233|K-283|K-192|K-224|K-256
16 | CONFIG_LS_ID2_ECDP_TYPE := K-192
17 |
--------------------------------------------------------------------------------
/makefile:
--------------------------------------------------------------------------------
1 | include ./make.settings
2 |
3 | OSA_PATH := modules/osa
4 | HAL_PATH := modules/hal
5 | ID2_PATH := modules/id2
6 | IROT_PATH := modules/irot
7 | ITLS_PATH := modules/itls
8 | CRYPTO_PATH := modules/crypto
9 | APP_PATH := app
10 | LIB_PATH := out/libs
11 | BIN_PATH := out/bin
12 |
13 | all:
14 | mkdir -p $(LIB_PATH)
15 | mkdir -p $(BIN_PATH)
16 | @echo "Building osa..."
17 | @make -C $(OSA_PATH)
18 | mv $(OSA_PATH)/libls_osa.a $(LIB_PATH)
19 | @echo "Building hal..."
20 | @make -C $(HAL_PATH)
21 | mv $(HAL_PATH)/libls_hal.a $(LIB_PATH)
22 | @echo "Building crypto..."
23 | @make -C $(CRYPTO_PATH)
24 | mv $(CRYPTO_PATH)/libicrypt.a $(LIB_PATH)
25 | @echo "Building id2..."
26 | @make -C $(ID2_PATH)
27 | ifeq ($(CONFIG_LS_ID2_ROT_TYPE), MDU)
28 | mv $(ID2_PATH)/libid2_stub.a $(LIB_PATH)
29 | else
30 | mv $(ID2_PATH)/libid2.a $(LIB_PATH)
31 | endif
32 | @echo "Building irot..."
33 | @make -C $(IROT_PATH)
34 | mv $(IROT_PATH)/libkm.a $(LIB_PATH)
35 | @echo "Building itls..."
36 | @make -C $(ITLS_PATH)
37 | mv $(ITLS_PATH)/libitls.a $(LIB_PATH)
38 | @echo "Building id2 app..."
39 | @make -C $(APP_PATH)
40 | mv $(APP_PATH)/hal_app/hal_app $(BIN_PATH)
41 | mv $(APP_PATH)/id2_app/id2_app $(BIN_PATH)
42 | mv $(APP_PATH)/itls_app/itls_app $(BIN_PATH)
43 |
44 | clean:
45 | rm -rf out
46 | @make clean -C $(OSA_PATH)
47 | @make clean -C $(HAL_PATH)
48 | @make clean -C $(ID2_PATH)
49 | @make clean -C $(IROT_PATH)
50 | @make clean -C $(ITLS_PATH)
51 | @make clean -C $(CRYPTO_PATH)
52 | @make clean -C $(APP_PATH)
53 |
54 |
--------------------------------------------------------------------------------
/modules/crypto/inc/ecp.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2017-2020 Alibaba Group Holding Limited.
3 | */
4 |
5 | #ifndef ECP_H
6 | #define ECP_H
7 |
8 | #include "ls_osa.h"
9 | #include "ali_crypto_types.h"
10 |
11 | /*
12 | * ECP error codes
13 | */
14 | #define ERR_ECP_BAD_INPUT_DATA 0x4F80 /**< Bad input parameters to function. */
15 | #define ERR_ECP_BUFFER_TOO_SMALL 0x4F00 /**< The buffer is too small to write to. */
16 | #define ERR_ECP_FEATURE_UNAVAILABLE 0x4E80 /**< Requested curve not available. */
17 | #define ERR_ECP_VERIFY_FAILED 0x4E00 /**< The signatsure is not valid. */
18 | #define ERR_ECP_DECRYPT_FAILED 0x4E08 /**< The decryption failed. */
19 | #define ERR_ECP_DH_FAILED 0x4E88 /**< The Diffie-Hellman key exchange failed. */
20 | #define ERR_ECP_ALLOC_FAILED 0x4D80 /**< Memory allocation failed. */
21 | #define ERR_ECP_RANDOM_FAILED 0x4D00 /**< Generation of random value, such as (ephemeral) key, failed. */
22 | #define ERR_ECP_INVALID_KEY 0x4C80 /**< Invalid private or public key. */
23 | #define ERR_ECP_SIG_LEN_MISMATCH 0x4C00 /**< Signature is valid but shorter than the user-supplied length. */
24 |
25 | #define ECP_MAX_BITS 521 /**< Maximum bit size of groups */
26 | #define ECP_MAX_BYTES ( ( ECP_MAX_BITS + 7 ) / 8 )
27 | #define ECP_MAX_PT_LEN ( 2 * ECP_MAX_BYTES + 1 )
28 |
29 | #endif /* ecp.h */
--------------------------------------------------------------------------------
/modules/crypto/inc/pk.h:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (C) 2017-2020 Alibaba Group Holding Limited.
3 | */
4 |
5 | #ifndef PK_H
6 | #define PK_H
7 |
8 | #include "ali_crypto.h"
9 |
10 | #define ERR_PK_ALLOC_FAILED 0x3F80 /**< Memory allocation failed. */
11 | #define ERR_PK_TYPE_MISMATCH 0x3F00 /**< Type mismatch, eg attempt to encrypt with an ECDSA key */
12 | #define ERR_PK_BAD_INPUT_DATA 0x3E80 /**< Bad input parameters to function. */
13 | #define ERR_PK_FILE_IO_ERROR 0x3E00 /**< Read/write of file failed. */
14 | #define ERR_PK_KEY_INVALID_VERSION 0x3D80 /**< Unsupported key version */
15 | #define ERR_PK_KEY_INVALID_FORMAT 0x3D00 /**< Invalid key tag or value. */
16 | #define ERR_PK_UNKNOWN_PK_ALG 0x3C80 /**< Key algorithm is unsupported (only RSA and EC are supported). */
17 | #define ERR_PK_PASSWORD_REQUIRED 0x3C00 /**< Private key password can't be empty. */
18 | #define ERR_PK_PASSWORD_MISMATCH 0x3B80 /**< Given private key password does not allow for correct decryption. */
19 | #define ERR_PK_INVALID_PUBKEY 0x3B00 /**< The pubkey tag or value is invalid (only RSA and EC are supported). */
20 | #define ERR_PK_INVALID_ALG 0x3A80 /**< The algorithm tag or value is invalid. */
21 | #define ERR_PK_UNKNOWN_NAMED_CURVE 0x3A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */
22 | #define ERR_PK_FEATURE_UNAVAILABLE 0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */
23 | #define ERR_PK_SIG_LEN_MISMATCH 0x3900 /**< The signature is valid but its length is less than expected. */
24 |
25 | /**
26 | * \brief Public key types
27 | */
28 | typedef enum {
29 | PK_NONE=0,
30 | PK_RSA,
31 | PK_ECKEY,
32 | PK_ECKEY_DH,
33 | PK_ECDSA,
34 | PK_RSA_ALT,
35 | PK_RSASSA_PSS,
36 | } pk_type_t;
37 |
38 | /**
39 | * \brief Public key information and operations
40 | */
41 | typedef struct pk_info_t pk_info_t;
42 |
43 | /**
44 | * \brief Public key container
45 | */
46 | typedef struct
47 | {
48 | const pk_info_t * pk_info; /**< Public key informations */
49 | void * pk_ctx; /**< Underlying public key context */
50 | } pk_context;
51 |
52 | /**
53 | * \brief Parse a SubjectPublicKeyInfo DER structure
54 | *
55 | * \param p the position in the ASN.1 data
56 | * \param end end of the buffer
57 | * \param key the key to fill
58 | *
59 | * \return 0 if successful, or a specific PK error code
60 | */
61 | int pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
62 | icrypt_key_data_t *key );
63 |
64 |
65 | #endif // PK_H
66 |
--------------------------------------------------------------------------------
/modules/crypto/makefile:
--------------------------------------------------------------------------------
1 | include ../../make.rules
2 |
3 | CFLAGS += -I../../include/osa
4 | CFLAGS += -I../../include/hal
5 | CFLAGS += -I../../include/crypto
6 | CFLAGS += -I./inc
7 |
8 | CFLAGS += -DCONFIG_DBG_CRYPT=0
9 | CFLAGS += -DCONFIG_RSA_ENCRYPT
10 | CFLAGS += -DCONFIG_RSA_DECRYPT
11 | CFLAGS += -DCONFIG_RSA_SIGN
12 | CFLAGS += -DCONFIG_RSA_VERIFY
13 | CFLAGS += -DRSA_PADDING_PKCS1_V15
14 | CFLAGS += -DRSA_PADDING_PKCS1_V21
15 |
16 | SRCS := src/api_init.c
17 | SRCS += src/api_aes.c
18 | SRCS += src/api_sm4.c
19 | SRCS += src/api_hash.c
20 | SRCS += src/api_hmac.c
21 | SRCS += src/api_rsa.c
22 | SRCS += src/api_sm2.c
23 | SRCS += src/api_ecc.c
24 | SRCS += src/api_rand.c
25 | SRCS += src/api_pkwrite.c
26 | SRCS += src/api_pkparse.c
27 | SRCS += src/pkparse.c
28 | SRCS += src/asn1write.c
29 | SRCS += src/asn1parse.c
30 | SRCS += src/oid.c
31 |
32 | OBJS := $(patsubst %.cxx,%.o,$(patsubst %.c,%.o,$(SRCS)))
33 |
34 | OUT := libicrypt.a
35 |
36 | all: $(OUT) $(OBJS)
37 |
38 | $(OUT): $(OBJS)
39 | $(AR) -r $(OUT) $(OBJS)
40 |
41 | %.o: %.c
42 | @echo $(CC) $(CFLAGS) $<
43 | $(CC) -c $(CFLAGS) $(CRYPTO_CFLAGS) $< -o $*.o
44 |
45 | clean:
46 | rm -f $(OBJS) $(OUT)
47 |
--------------------------------------------------------------------------------
/modules/crypto/src/api_ecc.c:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (C) 2018 Alibaba Group Holding Limited.
3 | */
4 |
5 | #include "ali_crypto.h"
6 | #include "ls_hal_crypt.h"
7 |
8 | static int myrand(void *rng_state, unsigned char *output, size_t len)
9 | {
10 | int ret = 0;
11 | long long time_ms = ls_osa_get_time_ms();
12 |
13 | ret = ls_hal_set_seed((uint8_t *)&time_ms, sizeof(long long));
14 | if (ret != HAL_CRYPT_SUCCESS) {
15 | CRYPTO_ERR_LOG("set seed failed(0x%08x)\n", ret);
16 | return ret;
17 | }
18 |
19 | ret = ls_hal_get_random(output, len);
20 | if (ret != HAL_CRYPT_SUCCESS) {
21 | CRYPTO_ERR_LOG("gen rand failed(%08x)\n", ret);
22 | return ret;
23 | }
24 | return ret;
25 | }
26 |
27 | ali_crypto_result ali_ecc_init_key(ecc_key_t *key,
28 | ecc_key_type_t type,
29 | ecp_curve_id_t curve,
30 | uint8_t *x, size_t x_size,
31 | uint8_t *y, size_t y_size,
32 | uint8_t *d, size_t d_size)
33 | {
34 | // x, y must be valid
35 | if (type == ECC_PUBKEY) {
36 | if (x == NULL || x_size == 0 || y == NULL || y_size == 0) {
37 | CRYPTO_ERR_LOG("invalid x/y\n");
38 | return ALI_CRYPTO_INVALID_ARG;
39 | }
40 | }
41 |
42 | // check curve id
43 | if (curve <= 0 || curve > ECP_DP_SMP256R2) {
44 | CRYPTO_ERR_LOG("invalid curve id(%d)\n", curve);
45 | return ALI_CRYPTO_INVALID_ARG;
46 | }
47 |
48 | // init ecc key
49 | key->curve = curve;
50 | key->x = NULL;
51 | key->y = NULL;
52 | key->d = NULL;
53 |
54 | if (type == ECC_PUBKEY || type == ECC_KEYPAIR) {
55 | _MALLOC_COPY(key->x, x, x_size);
56 | key->x_size = x_size;
57 | _MALLOC_COPY(key->y, y, y_size);
58 | key->y_size = y_size;
59 |
60 | if (type == ECC_KEYPAIR) {
61 | if (d == NULL || d_size == 0) {
62 | CRYPTO_ERR_LOG("invalid d\n");
63 | return ALI_CRYPTO_INVALID_ARG;
64 | }
65 |
66 | _MALLOC_COPY(key->d, d, d_size);
67 | key->d_size = d_size;
68 | }
69 |
70 | return ALI_CRYPTO_SUCCESS;
71 | } else {
72 | CRYPTO_ERR_LOG("invalid type value(%d)\n", type);
73 | return ALI_CRYPTO_INVALID_ARG;
74 | }
75 |
76 | cleanup:
77 | _FREE_BUF(key->x);
78 | _FREE_BUF(key->y);
79 | _FREE_BUF(key->d);
80 | return ALI_CRYPTO_OUTOFMEM;
81 | }
82 |
83 | void ali_ecc_clean(ecc_key_t *key)
84 | {
85 | if (key) {
86 | // free x/y/d
87 | _FREE_BUF(key->x);
88 | _FREE_BUF(key->y);
89 | _FREE_BUF(key->d);
90 | }
91 | return;
92 | }
93 |
94 | ali_crypto_result ali_ecc_gen_keypair(ecp_curve_id_t curve,
95 | ecc_key_t *key)
96 | {
97 | ali_crypto_result result = ALI_CRYPTO_SUCCESS;
98 | int ret = 0;
99 | void * hal_ctx;
100 | hal_ecc_keypair_t kp;
101 |
102 | if (curve <= 0 || curve > ECP_DP_SMP256R2) {
103 | CRYPTO_ERR_LOG("invalid curve type(%d)\n", curve);
104 | return ALI_CRYPTO_INVALID_ARG;
105 | }
106 |
107 | if (key == NULL) {
108 | CRYPTO_ERR_LOG("invalid key\n");
109 | return ALI_CRYPTO_INVALID_ARG;
110 | }
111 | key->curve = curve;
112 |
113 | // allocate hal ctx
114 | hal_ctx = (void *)ls_osa_malloc(ls_hal_ecc_get_ctx_size());
115 | if (hal_ctx == NULL) {
116 | CRYPTO_ERR_LOG("malloc %d failed\n", ls_hal_rsa_get_ctx_size());
117 | return ALI_CRYPTO_OUTOFMEM;
118 | }
119 |
120 | // init hal_ctx
121 | ret = ls_hal_ecc_init(hal_ctx);
122 | if (ret) {
123 | CRYPTO_DBG_LOG("hal_ctx init failed(0x%08x)\n", ret);
124 | result = ALI_CRYPTO_ERROR;
125 | goto cleanup;
126 | }
127 |
128 | ret = ls_hal_ecc_gen_keypair(hal_ctx, curve, myrand, NULL, &kp);
129 | if (ret) {
130 | CRYPTO_ERR_LOG("gen keypair failed(%d)\n", ret);
131 | result = ALI_CRYPTO_ERROR;
132 | goto cleanup;
133 | }
134 |
135 | key->x = kp.x;
136 | key->x_size = kp.x_size;
137 | key->y = kp.y;
138 | key->y_size = kp.y_size;
139 | key->d = kp.d;
140 | key->d_size = kp.d_size;
141 |
142 | cleanup:
143 | // free hal_ctx
144 | if (hal_ctx) {
145 | ls_hal_ecc_cleanup(hal_ctx);
146 | ls_osa_free(hal_ctx);
147 | }
148 |
149 | return result;
150 | }
151 |
--------------------------------------------------------------------------------
/modules/crypto/src/api_init.c:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (C) 2017 Alibaba Group Holding Limited.
3 | */
4 |
5 | #include "ali_crypto.h"
6 | #include "ls_hal_crypt.h"
7 |
8 | ali_crypto_result ali_crypto_init(void)
9 | {
10 | return ALI_CRYPTO_SUCCESS;
11 | }
12 |
13 | void ali_crypto_cleanup(void)
14 | {
15 | return;
16 | }
17 |
18 |
--------------------------------------------------------------------------------
/modules/crypto/src/api_pkparse.c:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (C) 2017-2020 Alibaba Group Holding Limited.
3 | */
4 |
5 | #include "ali_crypto.h"
6 | #include "pk.h"
7 | #include "oid.h"
8 | #include "asn1.h"
9 |
10 | // parse ASN1(DER) format of RSA public key
11 | ali_crypto_result ali_pk_parse_public_key(uint8_t *buf, size_t size, icrypt_key_data_t *key)
12 | {
13 | ali_crypto_result result = ALI_CRYPTO_SUCCESS;
14 | int ret;
15 | unsigned char *p;
16 |
17 | if (!key) {
18 | CRYPTO_ERR_LOG("NULL key\n");
19 | return ALI_CRYPTO_INVALID_ARG;
20 | }
21 |
22 | p = (unsigned char *) buf;
23 |
24 | ret = pk_parse_subpubkey(&p, p + size, key);
25 | if (ret) {
26 | CRYPTO_ERR_LOG("failed 0x%08x\n", ret);
27 | result = ALI_CRYPTO_ERROR;
28 | }
29 |
30 | return result;
31 | }
32 |
--------------------------------------------------------------------------------
/modules/crypto/src/api_rand.c:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (C) 2017 Alibaba Group Holding Limited.
3 | */
4 |
5 | #include "ali_crypto.h"
6 | #include "ls_hal_crypt.h"
7 |
8 | ali_crypto_result ali_rand_gen(uint8_t *buf, size_t len)
9 | {
10 | int ret = HAL_CRYPT_SUCCESS;
11 |
12 | if (buf == NULL || len == 0) {
13 | CRYPTO_ERR_LOG("invalid input args!\n");
14 | return ALI_CRYPTO_INVALID_ARG;
15 | }
16 |
17 | ret = ls_hal_get_random(buf, len);
18 | if (ret != HAL_CRYPT_SUCCESS) {
19 | CRYPTO_ERR_LOG("hal get random failed(0x%08x)\n", ret);
20 | return ALI_CRYPTO_ERROR;
21 | }
22 |
23 | return ALI_CRYPTO_SUCCESS;
24 | }
25 |
26 | ali_crypto_result ali_seed(uint8_t *seed, size_t seed_len)
27 | {
28 | int ret = HAL_CRYPT_SUCCESS;
29 |
30 | if (seed == NULL || seed_len == 0) {
31 | CRYPTO_DBG_LOG("invalid input args!\n");
32 | return ALI_CRYPTO_INVALID_ARG;
33 | }
34 |
35 | ret = ls_hal_set_seed(seed, seed_len);
36 | if (ret != HAL_CRYPT_SUCCESS) {
37 | CRYPTO_ERR_LOG("failed(0x%08x)\n", ret);
38 | return ALI_CRYPTO_ERROR;
39 | }
40 |
41 | return ALI_CRYPTO_SUCCESS;
42 | }
43 |
--------------------------------------------------------------------------------
/modules/crypto/src/asn1write.c:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (C) 2017-2020 Alibaba Group Holding Limited.
3 | */
4 |
5 | /* ASN.1 buffer writing functionality */
6 |
7 | #include "ali_crypto.h"
8 | #include "asn1write.h"
9 |
10 | int asn1_write_len( unsigned char **p, unsigned char *start, size_t len )
11 | {
12 | if( len < 0x80 )
13 | {
14 | if( *p - start < 1 )
15 | return -ALI_CRYPTO_SHORT_BUFFER;
16 |
17 | *--(*p) = (unsigned char) len;
18 | return( 1 );
19 | }
20 |
21 | if( len <= 0xFF )
22 | {
23 | if( *p - start < 2 )
24 | return -ALI_CRYPTO_SHORT_BUFFER;
25 |
26 | *--(*p) = (unsigned char) len;
27 | *--(*p) = 0x81;
28 | return( 2 );
29 | }
30 |
31 | if( len <= 0xFFFF )
32 | {
33 | if( *p - start < 3 )
34 | return -ALI_CRYPTO_SHORT_BUFFER;
35 |
36 | *--(*p) = ( len ) & 0xFF;
37 | *--(*p) = ( len >> 8 ) & 0xFF;
38 | *--(*p) = 0x82;
39 | return( 3 );
40 | }
41 |
42 | if( len <= 0xFFFFFF )
43 | {
44 | if( *p - start < 4 )
45 | return -ALI_CRYPTO_SHORT_BUFFER;
46 |
47 | *--(*p) = ( len ) & 0xFF;
48 | *--(*p) = ( len >> 8 ) & 0xFF;
49 | *--(*p) = ( len >> 16 ) & 0xFF;
50 | *--(*p) = 0x83;
51 | return( 4 );
52 | }
53 |
54 | if( len <= 0xFFFFFFFF )
55 | {
56 | if( *p - start < 5 )
57 | return -ALI_CRYPTO_SHORT_BUFFER;
58 |
59 | *--(*p) = ( len ) & 0xFF;
60 | *--(*p) = ( len >> 8 ) & 0xFF;
61 | *--(*p) = ( len >> 16 ) & 0xFF;
62 | *--(*p) = ( len >> 24 ) & 0xFF;
63 | *--(*p) = 0x84;
64 | return( 5 );
65 | }
66 |
67 | return ALI_CRYPTO_LENGTH_ERR;
68 | }
69 |
70 | int asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag )
71 | {
72 | if( *p - start < 1 )
73 | return -ALI_CRYPTO_SHORT_BUFFER;
74 |
75 | *--(*p) = tag;
76 |
77 | return( 1 );
78 | }
79 |
80 | int asn1_write_int( unsigned char **p, unsigned char *start, int val )
81 | {
82 | int ret;
83 | size_t len = 0;
84 |
85 | // TODO negative values and values larger than 128
86 | // DER format assumes 2s complement for numbers, so the leftmost bit
87 | // should be 0 for positive numbers and 1 for negative numbers.
88 | //
89 | if( *p - start < 1 )
90 | return -ALI_CRYPTO_SHORT_BUFFER;
91 |
92 | len += 1;
93 | *--(*p) = val;
94 |
95 | if( val > 0 && **p & 0x80 )
96 | {
97 | if( *p - start < 1 )
98 | return -ALI_CRYPTO_SHORT_BUFFER;
99 |
100 | *--(*p) = 0x00;
101 | len += 1;
102 | }
103 |
104 | ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
105 | ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_INTEGER ) );
106 |
107 | return( (int) len );
108 | }
109 |
110 | // from asn1_write_mpi
111 | int asn1_write_buffer( unsigned char **p, unsigned char *start, const uint8_t *x, size_t size )
112 | {
113 | int ret;
114 | size_t len = 0;
115 |
116 | // Write the MPI
117 | len = size;
118 |
119 | if( *p < start || (size_t)( *p - start ) < len )
120 | return -ALI_CRYPTO_SHORT_BUFFER;
121 |
122 | (*p) -= len;
123 | memcpy(*p, x, len);
124 |
125 | // DER format assumes 2s complement for numbers, so the leftmost bit
126 | // should be 0 for positive numbers and 1 for negative numbers.
127 | //
128 | //if( X->s ==1 && **p & 0x80 )
129 | // x buff only contains unsigned buffer(so alway positive)
130 | if (**p & 0x80)
131 | {
132 | if( *p - start < 1 )
133 | return -ALI_CRYPTO_SHORT_BUFFER;
134 |
135 | *--(*p) = 0x00;
136 | len += 1;
137 | }
138 |
139 | ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
140 | ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_INTEGER ) );
141 |
142 | ret = (int) len;
143 |
144 | return( ret );
145 | }
146 |
147 | int asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
148 | const unsigned char *buf, size_t size )
149 | {
150 | size_t len = 0;
151 |
152 | if( *p < start || (size_t)( *p - start ) < size )
153 | return -ALI_CRYPTO_SHORT_BUFFER;
154 |
155 | len = size;
156 | (*p) -= len;
157 | memcpy( *p, buf, len );
158 |
159 | return( (int) len );
160 | }
161 |
162 | int asn1_write_null( unsigned char **p, unsigned char *start )
163 | {
164 | int ret;
165 | size_t len = 0;
166 |
167 | // Write NULL
168 | //
169 | ASN1_CHK_ADD( len, asn1_write_len( p, start, 0) );
170 | ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_NULL ) );
171 |
172 | return( (int) len );
173 | }
174 |
175 | int asn1_write_oid( unsigned char **p, unsigned char *start,
176 | const char *oid, size_t oid_len )
177 | {
178 | int ret;
179 | size_t len = 0;
180 |
181 | ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start,
182 | (const unsigned char *) oid, oid_len ) );
183 | ASN1_CHK_ADD( len , asn1_write_len( p, start, len ) );
184 | ASN1_CHK_ADD( len , asn1_write_tag( p, start, ASN1_OID ) );
185 |
186 | return( (int) len );
187 | }
188 |
189 | int asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start,
190 | const char *oid, size_t oid_len,
191 | size_t par_len )
192 | {
193 | int ret;
194 | size_t len = 0;
195 |
196 | if( par_len == 0 )
197 | ASN1_CHK_ADD( len, asn1_write_null( p, start ) );
198 | else
199 | len += par_len;
200 |
201 | ASN1_CHK_ADD( len, asn1_write_oid( p, start, oid, oid_len ) );
202 |
203 | ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
204 | ASN1_CHK_ADD( len, asn1_write_tag( p, start,
205 | ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
206 |
207 | return( (int) len );
208 | }
--------------------------------------------------------------------------------
/modules/crypto/src/oid.c:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (C) 2017-2020 Alibaba Group Holding Limited.
3 | */
4 |
5 | #include "oid.h"
6 |
7 | /*
8 | * Macro to automatically add the size of #define'd OIDs
9 | */
10 | #define ADD_LEN(s) s, OID_SIZE(s)
11 |
12 | /*
13 | * Macro to generate an internal function for oid_XXX_from_asn1() (used by
14 | * the other functions)
15 | */
16 | #define FN_OID_TYPED_FROM_ASN1( TYPE_T, NAME, LIST ) \
17 | static const TYPE_T * oid_ ## NAME ## _from_asn1( const asn1_buf *oid ) \
18 | { \
19 | const TYPE_T *p = LIST; \
20 | const oid_descriptor_t *cur = (const oid_descriptor_t *) p; \
21 | if( p == NULL || oid == NULL ) return( NULL ); \
22 | while( cur->asn1 != NULL ) { \
23 | if( cur->asn1_len == oid->len && \
24 | memcmp( cur->asn1, oid->p, oid->len ) == 0 ) { \
25 | return( p ); \
26 | } \
27 | p++; \
28 | cur = (const oid_descriptor_t *) p; \
29 | } \
30 | return( NULL ); \
31 | }
32 |
33 | /*
34 | * Macro to generate a function for retrieving a single attribute from an
35 | * oid_descriptor_t wrapper.
36 | */
37 | #define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
38 | int FN_NAME( const asn1_buf *oid, ATTR1_TYPE * ATTR1 ) \
39 | { \
40 | const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
41 | if( data == NULL ) return( ERR_OID_NOT_FOUND ); \
42 | *ATTR1 = data->ATTR1; \
43 | return( 0 ); \
44 | }
45 |
46 | /*
47 | * Macro to generate a function for retrieving the OID based on a single
48 | * attribute from a mbedtls_oid_descriptor_t wrapper.
49 | */
50 | #define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1) \
51 | int FN_NAME( ATTR1_TYPE ATTR1, const char **oid, size_t *olen ) \
52 | { \
53 | const TYPE_T *cur = LIST; \
54 | while( cur->descriptor.asn1 != NULL ) { \
55 | if( cur->ATTR1 == ATTR1 ) { \
56 | *oid = cur->descriptor.asn1; \
57 | *olen = cur->descriptor.asn1_len; \
58 | return( 0 ); \
59 | } \
60 | cur++; \
61 | } \
62 | return( ERR_OID_NOT_FOUND ); \
63 | }
64 |
65 | /*
66 | * For PublicKeyInfo (PKCS1, RFC 5480)
67 | */
68 | typedef struct {
69 | oid_descriptor_t descriptor;
70 | pk_type_t pk_alg;
71 | } oid_pk_alg_t;
72 |
73 | static const oid_pk_alg_t oid_pk_alg[] =
74 | {
75 | {
76 | { ADD_LEN( OID_PKCS1_RSA ), "rsaEncryption", "RSA" },
77 | PK_RSA,
78 | },
79 | {
80 | { ADD_LEN( OID_EC_ALG_UNRESTRICTED ), "id-ecPublicKey", "Generic EC key" },
81 | PK_ECKEY,
82 | },
83 | {
84 | { NULL, 0, NULL, NULL },
85 | PK_NONE,
86 | },
87 | };
88 |
89 | FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg)
90 | FN_OID_GET_ATTR1(oid_get_pk_alg, oid_pk_alg_t, pk_alg, pk_type_t, pk_alg)
91 |
92 | /*
93 | * For namedCurve (RFC 5480)
94 | */
95 | typedef struct {
96 | oid_descriptor_t descriptor;
97 | ecp_curve_id_t grp_id;
98 | } oid_ecp_grp_t;
99 |
100 | static const oid_ecp_grp_t oid_ecp_grp[] =
101 | {
102 | #if defined(ECP_DP_SMP256R1_ENABLED)
103 | {
104 | { ADD_LEN( OID_EC_GRP_SMP265R1 ), "smp256r1","smp256r1" },
105 | ECP_DP_SMP256R1,
106 | },
107 | #endif // IMPL_ECP_DP_SMP256R1_ENABLED
108 | };
109 |
110 | FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp)
111 | FN_OID_GET_ATTR1(oid_get_ec_grp, oid_ecp_grp_t, grp_id, ecp_curve_id_t, grp_id)
112 | FN_OID_GET_OID_BY_ATTR1(oid_get_oid_by_ec_grp, oid_ecp_grp_t, oid_ecp_grp, ecp_curve_id_t, grp_id)
113 |
114 |
115 | /*
116 | * For digestAlgorithm
117 | */
118 | typedef struct {
119 | oid_descriptor_t descriptor;
120 | hash_type_t md_alg;
121 | } oid_md_alg_t;
122 |
123 | static const oid_md_alg_t oid_md_alg[] =
124 | {
125 | {
126 | { ADD_LEN( OID_DIGEST_ALG_MD5 ), "id-md5", "MD5" },
127 | MD5,
128 | },
129 | {
130 | { ADD_LEN( OID_DIGEST_ALG_SHA1 ), "id-sha1", "SHA-1" },
131 | SHA1,
132 | },
133 | {
134 | { ADD_LEN( OID_DIGEST_ALG_SHA224 ), "id-sha224", "SHA-224" },
135 | SHA224,
136 | },
137 | {
138 | { ADD_LEN( OID_DIGEST_ALG_SHA256 ), "id-sha256", "SHA-256" },
139 | SHA256,
140 | },
141 | {
142 | { ADD_LEN( OID_DIGEST_ALG_SHA384 ), "id-sha384", "SHA-384" },
143 | SHA384,
144 | },
145 | {
146 | { ADD_LEN( OID_DIGEST_ALG_SHA512 ), "id-sha512", "SHA-512" },
147 | SHA512,
148 | },
149 | {
150 | { NULL, 0, NULL, NULL },
151 | HASH_NONE,
152 | },
153 | };
154 |
155 | FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg)
156 | FN_OID_GET_ATTR1(oid_get_md_alg, oid_md_alg_t, md_alg, hash_type_t, md_alg)
157 | FN_OID_GET_OID_BY_ATTR1(oid_get_oid_by_md, oid_md_alg_t, oid_md_alg, hash_type_t, md_alg)
--------------------------------------------------------------------------------
/modules/hal/crypto/demo/inc/config.h:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (C) 2017-2019 Alibaba Group Holding Limited.
3 | **/
4 |
5 | #ifndef _DEMO_CONFIG_H
6 | #define _DEMO_CONFIG_H
7 |
8 | /* RSA */
9 | #define ALI_ALGO_CIPHER_C
10 | #define CONFIG_ALGO_GENPRIME
11 | #define CONFIG_AES_ROM_TABLES
12 |
13 | #ifndef PLATFORM_ANDROID
14 | #define ALI_ALGO_HAVE_ASM
15 | #endif // PLATFORM_ANDROID
16 |
17 | /* HASH */
18 | #define ALI_ALGO_MD_C
19 |
20 | /* SM2 */
21 | #define IMPL_ECP_NIST_OPTIM
22 | #define IMPL_ECP_DP_SMP256R1_ENABLED
23 |
24 | #endif /* _DEMO_CONFIG_H */
25 |
--------------------------------------------------------------------------------
/modules/hal/crypto/demo/inc/md5.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2016-2019 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __MD5_H__
6 | #define __MD5_H__
7 |
8 | #include "ls_osa.h"
9 |
10 | #ifdef __cplusplus
11 | extern "C" {
12 | #endif
13 |
14 | /**
15 | * \brief MD5 context structure
16 | */
17 | typedef struct {
18 | uint32_t total[2]; /*!< number of bytes processed */
19 | uint32_t state[4]; /*!< intermediate digest state */
20 | unsigned char buffer[64]; /*!< data block being processed */
21 | } impl_md5_context;
22 |
23 | typedef struct {
24 | impl_md5_context context;
25 | } impl_md5_ctx_t;
26 |
27 | /**
28 | * \brief Initialize MD5 context
29 | *
30 | * \param ctx MD5 context to be initialized
31 | */
32 | void impl_md5_init(impl_md5_context *ctx);
33 |
34 | /**
35 | * \brief Clear MD5 context
36 | *
37 | * \param ctx MD5 context to be cleared
38 | */
39 | void impl_md5_free(impl_md5_context *ctx);
40 |
41 | /**
42 | * \brief Clone (the state of) an MD5 context
43 | *
44 | * \param dst The destination context
45 | * \param src The context to be cloned
46 | */
47 | void impl_md5_clone(impl_md5_context *dst,
48 | const impl_md5_context *src);
49 |
50 | /**
51 | * \brief MD5 context setup
52 | *
53 | * \param ctx context to be initialized
54 | */
55 | void impl_md5_starts(impl_md5_context *ctx);
56 |
57 | /**
58 | * \brief MD5 process buffer
59 | *
60 | * \param ctx MD5 context
61 | * \param input buffer holding the data
62 | * \param ilen length of the input data
63 | */
64 | void impl_md5_update(impl_md5_context *ctx, const unsigned char *input, size_t ilen);
65 |
66 | /**
67 | * \brief MD5 final digest
68 | *
69 | * \param ctx MD5 context
70 | * \param output MD5 checksum result
71 | */
72 | void impl_md5_finish(impl_md5_context *ctx, unsigned char output[16]);
73 |
74 | /* Internal use */
75 | void impl_md5_process(impl_md5_context *ctx, const unsigned char data[64]);
76 |
77 | #ifdef __cplusplus
78 | }
79 | #endif
80 |
81 | #endif /* __MD5_H__ */
82 |
--------------------------------------------------------------------------------
/modules/hal/crypto/demo/inc/sha1.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2016-2019 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __SHA1_H__
6 | #define __SHA1_H__
7 |
8 | #include "ls_osa.h"
9 |
10 | #ifdef __cplusplus
11 | extern "C" {
12 | #endif
13 |
14 | /**
15 | * \brief SHA-1 context structure
16 | */
17 | typedef struct {
18 | uint32_t total[2]; /*!< number of bytes processed */
19 | uint32_t state[5]; /*!< intermediate digest state */
20 | unsigned char buffer[64]; /*!< data block being processed */
21 | } impl_sha1_context;
22 |
23 | typedef struct {
24 | impl_sha1_context context;
25 | } impl_sha1_ctx_t;
26 |
27 | /**
28 | * \brief Initialize SHA-1 context
29 | *
30 | * \param ctx SHA-1 context to be initialized
31 | */
32 | void impl_sha1_init(impl_sha1_context *ctx);
33 |
34 | /**
35 | * \brief Clear SHA-1 context
36 | *
37 | * \param ctx SHA-1 context to be cleared
38 | */
39 | void impl_sha1_free(impl_sha1_context *ctx);
40 |
41 | /**
42 | * \brief Clone (the state of) a SHA-1 context
43 | *
44 | * \param dst The destination context
45 | * \param src The context to be cloned
46 | */
47 | void impl_sha1_clone(impl_sha1_context *dst,
48 | const impl_sha1_context *src);
49 |
50 | /**
51 | * \brief SHA-1 context setup
52 | *
53 | * \param ctx context to be initialized
54 | */
55 | void impl_sha1_starts(impl_sha1_context *ctx);
56 |
57 | /**
58 | * \brief SHA-1 process buffer
59 | *
60 | * \param ctx SHA-1 context
61 | * \param input buffer holding the data
62 | * \param ilen length of the input data
63 | */
64 | void impl_sha1_update(impl_sha1_context *ctx, const unsigned char *input, size_t ilen);
65 |
66 | /**
67 | * \brief SHA-1 final digest
68 | *
69 | * \param ctx SHA-1 context
70 | * \param output SHA-1 checksum result
71 | */
72 | void impl_sha1_finish(impl_sha1_context *ctx, unsigned char output[20]);
73 |
74 | /* Internal use */
75 | void impl_sha1_process(impl_sha1_context *ctx, const unsigned char data[64]);
76 |
77 | #ifdef __cplusplus
78 | }
79 | #endif
80 |
81 | #endif /* __SHA1_H__ */
82 |
--------------------------------------------------------------------------------
/modules/hal/crypto/demo/inc/sha256.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2016-2019 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __SHA256_H__
6 | #define __SHA256_H__
7 |
8 | #include "ls_osa.h"
9 |
10 | #ifdef __cplusplus
11 | extern "C" {
12 | #endif
13 |
14 | /**
15 | * \brief SHA-256 context structure
16 | */
17 | typedef struct {
18 | uint32_t total[2]; /*!< number of bytes processed */
19 | uint32_t state[8]; /*!< intermediate digest state */
20 | unsigned char buffer[64]; /*!< data block being processed */
21 | int is224; /*!< 0 => SHA-256, else SHA-224 */
22 | } impl_sha256_context;
23 |
24 | typedef struct {
25 | impl_sha256_context context;
26 | } impl_sha256_ctx_t;
27 |
28 | /**
29 | * \brief Initialize SHA-256 context
30 | *
31 | * \param ctx SHA-256 context to be initialized
32 | */
33 | void impl_sha256_init(impl_sha256_context *ctx);
34 |
35 | /**
36 | * \brief Clear SHA-256 context
37 | *
38 | * \param ctx SHA-256 context to be cleared
39 | */
40 | void impl_sha256_free(impl_sha256_context *ctx);
41 |
42 | /**
43 | * \brief Clone (the state of) a SHA-256 context
44 | *
45 | * \param dst The destination context
46 | * \param src The context to be cloned
47 | */
48 | void impl_sha256_clone(impl_sha256_context *dst,
49 | const impl_sha256_context *src);
50 |
51 | /**
52 | * \brief SHA-256 context setup
53 | *
54 | * \param ctx context to be initialized
55 | * \param is224 0 = use SHA256, 1 = use SHA224
56 | */
57 | void impl_sha256_starts(impl_sha256_context *ctx, int is224);
58 |
59 | /**
60 | * \brief SHA-256 process buffer
61 | *
62 | * \param ctx SHA-256 context
63 | * \param input buffer holding the data
64 | * \param ilen length of the input data
65 | */
66 | void impl_sha256_update(impl_sha256_context *ctx, const unsigned char *input,
67 | size_t ilen);
68 |
69 | /**
70 | * \brief SHA-256 final digest
71 | *
72 | * \param ctx SHA-256 context
73 | * \param output SHA-224/256 checksum result
74 | */
75 | void impl_sha256_finish(impl_sha256_context *ctx, unsigned char output[32]);
76 |
77 | /* Internal use */
78 | void impl_sha256_process(impl_sha256_context *ctx, const unsigned char data[64]);
79 |
80 | #ifdef __cplusplus
81 | }
82 | #endif
83 |
84 | #endif /* __SHA256_H__ */
85 |
--------------------------------------------------------------------------------
/modules/hal/crypto/demo/inc/sm2.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2018 Alibaba Group Holding Limited.
3 | */
4 |
5 | #ifndef SM2_H
6 | #define SM2_H
7 |
8 | #include "ecp.h"
9 |
10 | #ifdef __cplusplus
11 | extern "C" {
12 | #endif
13 |
14 | #define IMPL_SM2_KEY_LEN (32)
15 |
16 | /**
17 | * \brief Compute key derive function
18 | * \param K shared key to be returned
19 | * \param klen the bit length of K
20 | * \param Z the input data
21 | * \param zlen the byte length of Z
22 | *
23 | */
24 | void KDF( unsigned char *K, size_t klen, const unsigned char *Z, size_t zlen );
25 |
26 | int impl_sm2_sign( impl_ecp_keypair *context,
27 | const unsigned char *src, size_t src_size,
28 | uint8_t *sig, size_t *sig_size,
29 | int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
30 |
31 | int impl_sm2_verify( impl_ecp_keypair *context,
32 | const uint8_t *src, size_t src_size,
33 | const uint8_t *sig, size_t sig_size );
34 |
35 | int impl_sm2_encrypt( impl_ecp_keypair *ctx,
36 | const unsigned char *src, size_t src_size,
37 | unsigned char *dst, size_t *dst_size,
38 | int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
39 |
40 | int impl_sm2_decrypt( impl_ecp_keypair *ctx,
41 | const unsigned char *C, size_t clen,
42 | unsigned char *M, size_t *mlen );
43 |
44 | int impl_sm2dh_compute_shared( impl_ecp_group *grp,
45 | impl_mpi *K, const size_t secret_size,
46 | const impl_mpi *ZA, const impl_mpi *ZB,
47 | const impl_mpi *dA, const impl_mpi *rA,
48 | const impl_ecp_point *RA,
49 | const impl_ecp_point *RB,
50 | const impl_ecp_point *PB );
51 | /*
52 | * derive sm2 public key from d
53 | */
54 | int impl_sm2_derive_p( impl_ecp_keypair *context,
55 | unsigned char *dst, size_t *dst_size);
56 |
57 | #ifdef __cplusplus
58 | }
59 | #endif
60 |
61 | #endif /* sm2.h */
62 |
--------------------------------------------------------------------------------
/modules/hal/crypto/demo/inc/sm3.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2016-2019 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __SM3_H__
6 | #define __SM3_H__
7 |
8 | #include "ls_osa.h"
9 |
10 | #ifdef __cplusplus
11 | extern "C" {
12 | #endif
13 |
14 | #define IMPL_SM3_HASH_LEN (32)
15 |
16 | /**
17 | * \brief SM3 context structure
18 | */
19 | typedef struct {
20 | uint32_t total[2]; /*!< number of bytes processed */
21 | uint32_t state[8]; /*!< intermediate digest state */
22 | uint8_t buffer[64]; /*!< data block being processed */
23 | } impl_sm3_context;
24 |
25 | typedef struct {
26 | impl_sm3_context context;
27 | } impl_sm3_ctx_t;
28 |
29 | /**
30 | * \brief Initialize SM3 context
31 | *
32 | * \param ctx SM3 context to be initialized
33 | */
34 | void impl_sm3_init(impl_sm3_context *ctx);
35 |
36 | /**
37 | * \brief Clear SM3 context
38 | *
39 | * \param ctx SM3 context to be cleared
40 | */
41 | void impl_sm3_free(impl_sm3_context *ctx);
42 |
43 | /**
44 | * \brief Clone (the state of) a SM3 context
45 | *
46 | * \param dst The destination context
47 | * \param src The context to be cloned
48 | */
49 | void impl_sm3_clone(impl_sm3_context *dst,
50 | const impl_sm3_context *src);
51 |
52 | /**
53 | * \brief SM3 context setup
54 | *
55 | * \param ctx context to be initialized
56 | */
57 | void impl_sm3_starts(impl_sm3_context *ctx);
58 |
59 | /**
60 | * \brief SM3 process buffer
61 | *
62 | * \param ctx SM3 context
63 | * \param input buffer holding the data
64 | * \param ilen length of the input data
65 | */
66 | void impl_sm3_update(impl_sm3_context *ctx, const uint8_t *input, size_t ilen);
67 |
68 | /**
69 | * \brief SM3 final digest
70 | *
71 | * \param ctx SM3 context
72 | * \param output SM3 checksum result
73 | */
74 | void impl_sm3_finish(impl_sm3_context *ctx, uint8_t output[20]);
75 |
76 | /* Internal use */
77 | void impl_sm3_process(impl_sm3_context *ctx, const uint8_t data[64]);
78 |
79 | #ifdef __cplusplus
80 | }
81 | #endif
82 |
83 | #endif /* __SM3_H__ */
84 |
--------------------------------------------------------------------------------
/modules/hal/crypto/demo/inc/sm4.h:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (C) 2017-2019 Alibaba Group Holding Limited.
3 | **/
4 |
5 | #ifndef SM4_H
6 | #define SM4_H
7 |
8 | #include "ls_osa.h"
9 |
10 | /* padlock.c rely on these values! */
11 | #define IMPL_SM4_ENCRYPT 1
12 | #define IMPL_SM4_DECRYPT 0
13 |
14 | #define SM4_INVALID_KEY_LENGTH -0x0020 /* Invalid key length. */
15 | #define SM4_INVALID_INPUT_LENGTH -0x0022 /* Invalid data input length. */
16 |
17 | #define CHASKEY_BLOCK_SIZE 16
18 | #define SM4_BLOCK_SIZE 16
19 | #define SM4_IV_SIZE 16
20 |
21 | #ifdef __cplusplus
22 | extern "C" {
23 | #endif
24 |
25 | /**
26 | * \brief SM4 context structure
27 | *
28 | * \note buf is able to hold extra bytes, which can be used:
29 | * - for alignment purposes if VIA padlock is used
30 | * - to simplify key expansion
31 | */
32 | typedef struct
33 | {
34 | int nr; /*!< number of rounds */
35 | uint32_t *rk; /*!< SM4 round keys */
36 | uint32_t buf[68]; /*!< unaligned data */
37 | }
38 | impl_sm4_context;
39 |
40 | typedef enum _impl_sm4_type_t {
41 | HAL_SM4_ECB = 0,
42 | HAL_SM4_CBC = 1,
43 | HAL_SM4_CTR = 2,
44 | } impl_sm4_type_t;
45 |
46 | typedef struct {
47 | uint32_t mode;
48 | impl_sm4_type_t type;
49 | uint8_t iv[SM4_IV_SIZE];
50 | size_t offset;
51 | uint8_t stream_block[CHASKEY_BLOCK_SIZE];
52 | impl_sm4_context ctx;
53 | } impl_sm4_ctx_t;
54 |
55 | /**
56 | * \brief Initialize SM4 context
57 | *
58 | * \param ctx SM4 context to be initialized
59 | */
60 | void impl_sm4_init(impl_sm4_context *ctx);
61 |
62 | /**
63 | * \brief Clear SM4 context
64 | *
65 | * \param ctx SM4 context to be cleared
66 | */
67 | void impl_sm4_free(impl_sm4_context *ctx);
68 |
69 | /**
70 | * \brief SM4 key schedule
71 | *
72 | * \param ctx SM4 context to be initialized
73 | * \param key encryption or decryption key
74 | * \param keybits must be 128
75 | *
76 | * \return 0 if successful, or SM4_INVALID_KEY_LENGTH
77 | */
78 | int impl_sm4_setkey(impl_sm4_context *ctx,
79 | const unsigned char *key,
80 | unsigned int keybits );
81 | /**
82 | * \brief SM4-ECB block encryption/decryption
83 | *
84 | * \param ctx SM4 context
85 | * \param mode ALI_ALGO_SM4_ENCRYPT or ALI_ALGO_SM4_DECRYPT
86 | * \param input 16-byte input block
87 | * \param output 16-byte output block
88 | *
89 | * \return 0 if successful
90 | */
91 | int impl_sm4_crypt_ecb(impl_sm4_context *ctx,
92 | int mode,
93 | const unsigned char input[16],
94 | unsigned char output[16] );
95 |
96 | /**
97 | * \brief SM4-CBC block encryption/decryption
98 | *
99 | * \param ctx SM4 context
100 | * \param mode ALI_ALGO_SM4_ENCRYPT or ALI_ALGO_SM4_DECRYPT
101 | * \param length length of the input data
102 | * \param iv initialization vector (updated after use)
103 | * \param input 16-byte input block
104 | * \param output 16-byte output block
105 | *
106 | * \return 0 if successful
107 | */
108 | int impl_sm4_crypt_cbc(impl_sm4_context *ctx,
109 | int mode,
110 | size_t length,
111 | unsigned char iv[16],
112 | const unsigned char *input,
113 | unsigned char *output);
114 |
115 | /**
116 | * \brief SM4-CTR block encryption/decryption
117 | *
118 | * Warning: You have to keep the maximum use of your counter in mind!
119 | *
120 | * Note: Due to the nature of CTR you should use the same key schedule for
121 | * both encryption and decryption. So a context initialized with
122 | * ali_algo_sm4_setkey_enc() for both ALI_ALGO_SM4_ENCRYPT and ALI_ALGO_SM4_DECRYPT.
123 | *
124 | * \param ctx SM4 context
125 | * \param length The length of the data
126 | * \param nc_off The offset in the current stream_block (for resuming
127 | * within current cipher stream). The offset pointer to
128 | * should be 0 at the start of a stream.
129 | * \param nonce_counter The 128-bit nonce and counter.
130 | * \param stream_block The saved stream-block for resuming. Is overwritten
131 | * by the function.
132 | * \param input The input data stream
133 | * \param output The output data stream
134 | *
135 | * \return 0 if successful
136 | */
137 | int impl_sm4_crypt_ctr(impl_sm4_context *ctx,
138 | size_t length, size_t *nc_off,
139 | unsigned char nonce_counter[16],
140 | unsigned char stream_block[16],
141 | const unsigned char *input,
142 | unsigned char *output);
143 |
144 | #ifdef __cplusplus
145 | }
146 | #endif
147 |
148 | #endif /* sm4.h */
149 |
--------------------------------------------------------------------------------
/modules/hal/crypto/demo/src/ls_hal_ecc.c:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2016-2020 Alibaba Group Holding Limited
3 | */
4 |
5 | #include "ls_hal.h"
6 | #include "ecp.h"
7 |
8 | int ls_hal_ecc_get_ctx_size(void)
9 | {
10 | return sizeof(impl_ecp_keypair);
11 | }
12 |
13 | int ls_hal_ecc_init(void *context)
14 | {
15 | int ret = 0;
16 | impl_ecp_keypair *ctx;
17 | if (context == NULL) {
18 | LS_HAL_LOG("ls_hal_rsa_init failed\n");
19 | return HAL_CRYPT_BAD_PARAMETERS;
20 | }
21 |
22 | ctx = (impl_ecp_keypair *) context;
23 | impl_ecp_keypair_init(ctx);
24 | return ret;
25 | }
26 |
27 | void ls_hal_ecc_cleanup(void *context)
28 | {
29 | impl_ecp_keypair_free(context);
30 | }
31 |
32 | int ls_hal_ecc_init_pubkey(void *context, int grp_id,
33 | const uint8_t *x, size_t x_size,
34 | const uint8_t *y, size_t y_size)
35 | {
36 | impl_ecp_point *pt = NULL;
37 | impl_ecp_keypair *ctx = NULL;
38 | int ret = 0;
39 |
40 | if (context == NULL) {
41 | LS_HAL_LOG("invalid ctx\n");
42 | return HAL_CRYPT_INVALID_CONTEXT;
43 | }
44 |
45 | ctx = (impl_ecp_keypair *)context;
46 | pt = &ctx->Q;
47 |
48 | // init ecp group
49 | impl_ecp_group_init(&ctx->grp);
50 | HAL_MPI_CHK(impl_ecp_group_load(&ctx->grp, grp_id));
51 | // init public
52 | impl_ecp_point_init( pt );
53 | HAL_MPI_CHK(impl_mpi_read_binary(&pt->X, x, x_size));
54 | HAL_MPI_CHK(impl_mpi_read_binary(&pt->Y, y, y_size));
55 | HAL_MPI_CHK(impl_mpi_lset(&pt->Z, 1));
56 | // init secret
57 | ctx->d.p = NULL;
58 |
59 | cleanup:
60 | if (ret) {
61 | LS_HAL_LOG("failed(0x%08x)\n", ret);
62 | return HAL_CRYPT_ERROR;
63 | }
64 | return ret;
65 | }
66 |
67 | int ls_hal_ecc_init_keypair(void *context, int grp_id,
68 | const uint8_t *x, size_t x_size,
69 | const uint8_t *y, size_t y_size,
70 | const uint8_t *d, size_t d_size)
71 | {
72 | impl_ecp_keypair *ctx = NULL;
73 | impl_ecp_point *pt = NULL;
74 | impl_mpi *secret = NULL;
75 | int ret = 0;
76 |
77 | if (context == NULL) {
78 | LS_HAL_LOG("invalid ctx\n");
79 | return HAL_CRYPT_INVALID_CONTEXT;
80 | }
81 |
82 | ctx = (impl_ecp_keypair *)context;
83 | pt = &ctx->Q;
84 | secret = &ctx->d;
85 |
86 | // init ecp group
87 | impl_ecp_group_init(&ctx->grp);
88 | HAL_MPI_CHK(impl_ecp_group_load(&ctx->grp, grp_id));
89 | // int public
90 | impl_ecp_point_init( pt );
91 | HAL_MPI_CHK(impl_mpi_read_binary(&pt->X, x, x_size));
92 | HAL_MPI_CHK(impl_mpi_read_binary(&pt->Y, y, y_size));
93 | HAL_MPI_CHK(impl_mpi_lset(&pt->Z, 1));
94 | // int private
95 | HAL_MPI_CHK(impl_mpi_read_binary(secret, d, d_size));
96 |
97 | cleanup:
98 | if (ret) {
99 | LS_HAL_LOG("failed(0x%08x)\n", ret);
100 | return HAL_CRYPT_ERROR;
101 | }
102 | return ret;
103 | }
104 |
105 | int ls_hal_ecc_gen_keypair(void *context,
106 | int grp_id,
107 | int (*f_rng)(void *, uint8_t *, size_t),
108 | void *p_rng,
109 | hal_ecc_keypair_t *kp)
110 | {
111 | int ret = 0;
112 | impl_ecp_keypair *ctx;
113 |
114 | if (context == NULL) {
115 | LS_HAL_LOG("invalid context\n");
116 | return HAL_CRYPT_INVALID_CONTEXT;
117 | }
118 |
119 | if (kp == NULL) {
120 | LS_HAL_LOG("invalid keypair\n");
121 | return HAL_CRYPT_INVALID_ARG;
122 | }
123 |
124 | ctx = (impl_ecp_keypair *) context;
125 | ret = impl_ecp_gen_key(grp_id, ctx, f_rng, p_rng);
126 | if (ret) {
127 | LS_HAL_LOG("failed(0x%08x)\n", ret);
128 | return HAL_CRYPT_ERROR;
129 | }
130 |
131 | // convert ctx to keypair
132 | kp->x_size = impl_mpi_size(&(ctx->Q.X));
133 | kp->x = (uint8_t *)ls_osa_malloc(kp->x_size);
134 | if (!kp->x) {
135 | LS_HAL_LOG("malloc %ld failed\n", kp->x_size);
136 | ret = HAL_CRYPT_OUTOFMEM;
137 | goto cleanup;
138 | }
139 | HAL_MPI_CHK( impl_mpi_write_binary(&(ctx->Q.X), kp->x, kp->x_size));
140 |
141 | kp->y_size = impl_mpi_size(&(ctx->Q.Y));
142 | kp->y = (uint8_t *)ls_osa_malloc(kp->y_size);
143 | if (!kp->y) {
144 | LS_HAL_LOG("malloc %ld failed\n", kp->y_size);
145 | ret = HAL_CRYPT_OUTOFMEM;
146 | goto cleanup;
147 | }
148 | HAL_MPI_CHK( impl_mpi_write_binary(&(ctx->Q.Y), kp->y, kp->y_size));
149 |
150 | kp->d_size = impl_mpi_size(&(ctx->d));
151 | kp->d = (uint8_t *)ls_osa_malloc(kp->d_size);
152 | if (!kp->d) {
153 | LS_HAL_LOG("malloc %ld failed\n", kp->d_size);
154 | ret = HAL_CRYPT_OUTOFMEM;
155 | goto cleanup;
156 | }
157 | HAL_MPI_CHK( impl_mpi_write_binary(&(ctx->d), kp->d, kp->d_size));
158 |
159 | cleanup:
160 | if (ret) {
161 | if (kp->x) {
162 | ls_osa_free(kp->x);
163 | }
164 | if (kp->y) {
165 | ls_osa_free(kp->y);
166 | }
167 | if (kp->d) {
168 | ls_osa_free(kp->d);
169 | }
170 | }
171 | return ret;
172 | }
173 |
--------------------------------------------------------------------------------
/modules/hal/crypto/demo/src/ls_hal_hash.c:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2016-2019 Alibaba Group Holding Limited
3 | */
4 |
5 | #include "ls_hal.h"
6 | #include "md5.h"
7 | #include "sha1.h"
8 | #include "sha256.h"
9 | #include "sm3.h"
10 |
11 | int ls_hal_md5_get_size(void)
12 | {
13 | int size = sizeof(impl_md5_ctx_t);
14 | return size;
15 | }
16 |
17 | int ls_hal_md5_init(void *ctx)
18 | {
19 | impl_md5_ctx_t *impl_ctx;
20 |
21 | if (ctx == NULL) {
22 | LS_HAL_LOG("invalid ctx\n");
23 | return HAL_CRYPT_INVALID_CONTEXT;
24 | }
25 |
26 | impl_ctx = (impl_md5_ctx_t *)ctx;
27 |
28 | impl_md5_init(&impl_ctx->context);
29 | impl_md5_starts(&impl_ctx->context);
30 |
31 | return HAL_CRYPT_SUCCESS;
32 | }
33 |
34 | int ls_hal_md5_update(void *ctx, const uint8_t *src, size_t size)
35 | {
36 | impl_md5_ctx_t *impl_ctx;
37 |
38 | if (ctx == NULL) {
39 | LS_HAL_LOG("invalid ctx\n");
40 | return HAL_CRYPT_INVALID_CONTEXT;
41 | }
42 |
43 | if (src == NULL && size != 0) {
44 | LS_HAL_LOG("src is NULL and non-zero size\n");
45 | return HAL_CRYPT_INVALID_ARG;
46 | }
47 |
48 | impl_ctx = (impl_md5_ctx_t *)ctx;
49 |
50 | impl_md5_update(&impl_ctx->context, src, size);
51 |
52 | return HAL_CRYPT_SUCCESS;
53 | }
54 |
55 | int ls_hal_md5_finish(void *ctx, uint8_t digest[16])
56 | {
57 | impl_md5_ctx_t *impl_ctx;
58 |
59 | if (ctx == NULL) {
60 | LS_HAL_LOG("invalid ctx\n");
61 | return HAL_CRYPT_INVALID_CONTEXT;
62 | }
63 |
64 | impl_ctx = (impl_md5_ctx_t *)ctx;
65 |
66 | impl_md5_finish(&impl_ctx->context, digest);
67 |
68 | return HAL_CRYPT_SUCCESS;
69 | }
70 |
71 | int ls_hal_sha1_get_size(void)
72 | {
73 | int size = sizeof(impl_sha1_ctx_t);
74 | return size;
75 | }
76 |
77 | int ls_hal_sha1_init(void *ctx)
78 | {
79 | impl_sha1_ctx_t *impl_ctx;
80 |
81 | if (ctx == NULL) {
82 | LS_HAL_LOG("invalid ctx\n");
83 | return HAL_CRYPT_INVALID_CONTEXT;
84 | }
85 |
86 | impl_ctx = (impl_sha1_ctx_t *)ctx;
87 |
88 | impl_sha1_init(&impl_ctx->context);
89 | impl_sha1_starts(&impl_ctx->context);
90 |
91 | return HAL_CRYPT_SUCCESS;
92 | }
93 |
94 | int ls_hal_sha1_update(void *ctx, const uint8_t *src, size_t size)
95 | {
96 | impl_sha1_ctx_t *impl_ctx;
97 |
98 | if (ctx == NULL) {
99 | LS_HAL_LOG("invalid ctx\n");
100 | return HAL_CRYPT_INVALID_CONTEXT;
101 | }
102 |
103 | if (src == NULL && size != 0) {
104 | LS_HAL_LOG("NULL src and non-zero size\n");
105 | return HAL_CRYPT_INVALID_ARG;
106 | }
107 |
108 | impl_ctx = (impl_sha1_ctx_t *)ctx;
109 | impl_sha1_update(&impl_ctx->context, src, size);
110 |
111 | return HAL_CRYPT_SUCCESS;
112 | }
113 |
114 | int ls_hal_sha1_finish(void *ctx, uint8_t digest[20])
115 | {
116 | impl_sha1_ctx_t * impl_ctx;
117 |
118 | if (ctx == NULL) {
119 | LS_HAL_LOG("invalid ctx\n");
120 | return HAL_CRYPT_INVALID_CONTEXT;
121 | }
122 |
123 | impl_ctx = (impl_sha1_ctx_t *)ctx;
124 |
125 | impl_sha1_finish(&impl_ctx->context, digest);
126 |
127 | return HAL_CRYPT_SUCCESS;
128 | }
129 |
130 | int ls_hal_sha256_get_size(void)
131 | {
132 | return sizeof(impl_sha256_ctx_t);
133 | }
134 |
135 | int ls_hal_sha256_init(void *ctx)
136 | {
137 | impl_sha256_ctx_t *impl_ctx;
138 |
139 | if (ctx == NULL) {
140 | LS_HAL_LOG("invalid ctx\n");
141 | return HAL_CRYPT_INVALID_CONTEXT;
142 | }
143 |
144 | impl_ctx = (impl_sha256_ctx_t *)ctx;
145 |
146 | impl_sha256_init(&impl_ctx->context);
147 | impl_sha256_starts(&impl_ctx->context, 0);
148 |
149 | return HAL_CRYPT_SUCCESS;
150 | }
151 |
152 | int ls_hal_sha256_update(void *ctx, const uint8_t *src, size_t size)
153 | {
154 | impl_sha256_ctx_t *impl_ctx;
155 |
156 | if (ctx == NULL) {
157 | LS_HAL_LOG("invalid ctx\n");
158 | return HAL_CRYPT_INVALID_CONTEXT;
159 | }
160 |
161 | impl_ctx = (impl_sha256_ctx_t *)ctx;
162 |
163 | impl_sha256_update(&impl_ctx->context, src, size);
164 |
165 | return HAL_CRYPT_SUCCESS;
166 | }
167 |
168 | int ls_hal_sha256_finish(void *ctx, uint8_t digest[32])
169 | {
170 | impl_sha256_ctx_t *impl_ctx;
171 |
172 | if (ctx == NULL) {
173 | LS_HAL_LOG("invalid ctx\n");
174 | return HAL_CRYPT_INVALID_CONTEXT;
175 | }
176 |
177 | impl_ctx = (impl_sha256_ctx_t *)ctx;
178 |
179 | impl_sha256_finish(&impl_ctx->context, digest);
180 |
181 | return HAL_CRYPT_SUCCESS;
182 | }
183 |
184 | int ls_hal_sm3_get_size(void)
185 | {
186 | return sizeof(impl_sm3_ctx_t);
187 | }
188 |
189 | int ls_hal_sm3_init(void *ctx)
190 | {
191 | impl_sm3_ctx_t *impl_ctx;
192 |
193 | if (ctx == NULL) {
194 | LS_HAL_LOG("invalid ctx\n");
195 | return HAL_CRYPT_INVALID_CONTEXT;
196 | }
197 |
198 | impl_ctx = (impl_sm3_ctx_t *)ctx;
199 |
200 | impl_sm3_init(&impl_ctx->context);
201 | impl_sm3_starts(&impl_ctx->context);
202 |
203 | return HAL_CRYPT_SUCCESS;
204 | }
205 |
206 | int ls_hal_sm3_update(void *ctx, const uint8_t *src, size_t size)
207 | {
208 | impl_sm3_ctx_t *impl_ctx;
209 |
210 | if (ctx == NULL) {
211 | LS_HAL_LOG("invalid ctx\n");
212 | return HAL_CRYPT_INVALID_CONTEXT;
213 | }
214 |
215 | impl_ctx = (impl_sm3_ctx_t *)ctx;
216 |
217 | impl_sm3_update(&impl_ctx->context, src, size);
218 |
219 | return HAL_CRYPT_SUCCESS;
220 | }
221 |
222 | int ls_hal_sm3_finish(void *ctx, uint8_t digest[32])
223 | {
224 | impl_sm3_ctx_t *impl_ctx;
225 |
226 | if (ctx == NULL) {
227 | LS_HAL_LOG("invalid ctx\n");
228 | return HAL_CRYPT_INVALID_CONTEXT;
229 | }
230 |
231 | impl_ctx = (impl_sm3_ctx_t *)ctx;
232 |
233 | impl_sm3_finish(&impl_ctx->context, digest);
234 |
235 | return HAL_CRYPT_SUCCESS;
236 | }
237 |
--------------------------------------------------------------------------------
/modules/hal/crypto/demo/src/ls_hal_rand.c:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2016-2019 Alibaba Group Holding Limited
3 | */
4 |
5 | #include "ls_hal.h"
6 |
7 | static uint32_t randseed = 12345;
8 |
9 | static uint32_t _crypt_rand_word(void)
10 | {
11 | return (randseed = randseed * 1664525 + 1013904223);
12 | }
13 |
14 | static void _rand_gen(uint8_t *buf, size_t len)
15 | {
16 | uint32_t i;
17 | uint32_t tmp;
18 |
19 | tmp = _crypt_rand_word();
20 | for (i = 0; i < len; i++) {
21 | if ((i & 3) == 0) {
22 | tmp = _crypt_rand_word();
23 | }
24 | buf[i] = ((tmp >> ((i & 3) << 3)) & 0xff);
25 | }
26 | }
27 |
28 | int ls_hal_get_random(uint8_t *buf, size_t len)
29 | {
30 | if (buf == NULL || len == 0) {
31 | LS_HAL_LOG("invalid input args\n");
32 | return HAL_CRYPT_BAD_PARAMETERS;
33 | }
34 |
35 | // gen rand
36 | _rand_gen(buf, len);
37 |
38 | return HAL_CRYPT_SUCCESS;
39 | }
40 |
41 | int ls_hal_set_seed(uint8_t *seed, size_t seed_len)
42 | {
43 | uint32_t i, tmp = 0;
44 |
45 | if (seed == NULL || seed_len == 0) {
46 | LS_HAL_LOG("invalid input args!\n");
47 | return HAL_CRYPT_INVALID_ARG;
48 | }
49 |
50 | for (i = 0; i < (seed_len - seed_len % 4); i += 4) {
51 | tmp ^= seed[i];
52 | tmp ^= seed[i + 1] << 8;
53 | tmp ^= seed[i + 2] << 16;
54 | tmp ^= seed[i + 3] << 24;
55 | }
56 |
57 | while (i < seed_len) {
58 | tmp ^= seed[i++];
59 | }
60 |
61 | randseed = tmp;
62 | return HAL_CRYPT_SUCCESS;
63 | }
64 |
65 |
--------------------------------------------------------------------------------
/modules/hal/makefile:
--------------------------------------------------------------------------------
1 | include ../../make.rules
2 |
3 | CFLAGS += -I../../include/osa
4 | CFLAGS += -I../../include/hal
5 | CFLAGS += -I./crypto/demo/inc
6 |
7 | ifeq ($(BUILD_SYS), __LINUX__)
8 | CFLAGS += -D__DEMO__
9 | else ifeq ($(BUILD_SYS), __ANDROID__)
10 | CFLAGS += -D__DEMO__
11 | endif
12 |
13 | SRCS := km/demo/ls_hal_km.c
14 | SRCS += sst/demo/ls_hal_sst.c
15 | SRCS += crypto/demo/src/ls_hal_aes.c
16 | SRCS += crypto/demo/src/ls_hal_sm4.c
17 | SRCS += crypto/demo/src/ls_hal_hash.c
18 | SRCS += crypto/demo/src/ls_hal_rand.c
19 | SRCS += crypto/demo/src/ls_hal_rsa.c
20 | SRCS += crypto/demo/src/ls_hal_sm2.c
21 | SRCS += crypto/demo/src/ls_hal_ecc.c
22 | SRCS += crypto/demo/src/aes.c
23 | SRCS += crypto/demo/src/sm4.c
24 | SRCS += crypto/demo/src/md5.c
25 | SRCS += crypto/demo/src/sha1.c
26 | SRCS += crypto/demo/src/sha256.c
27 | SRCS += crypto/demo/src/bignum.c
28 | SRCS += crypto/demo/src/rsa.c
29 | SRCS += crypto/demo/src/sm2.c
30 | SRCS += crypto/demo/src/sm3.c
31 | SRCS += crypto/demo/src/ecp.c
32 | SRCS += crypto/demo/src/ecp_curves.c
33 |
34 | OBJS := $(patsubst %.cxx,%.o,$(patsubst %.c,%.o,$(SRCS)))
35 |
36 | OUT := libls_hal.a
37 |
38 | $(OUT): $(OBJS)
39 | $(AR) -r $(OUT) $(OBJS)
40 | %.o: %.c
41 | $(CC) -c $(CFLAGS) $< -o $*.o
42 |
43 | clean:
44 | rm -f $(OBJS) .elf $(OUT)
45 |
--------------------------------------------------------------------------------
/modules/id2/lib/inc/id2_config.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2015-2017 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __ID2_CONFIG_H__
6 | #define __ID2_CONFIG_H__
7 |
8 | ////////////////////////////////////////////////////////////////////////////////
9 |
10 | #define ID2_KEY_TYPE_NON 0
11 | #define ID2_KEY_TYPE_3DES 1
12 | #define ID2_KEY_TYPE_AES 2
13 | #define ID2_KEY_TYPE_RSA 3
14 | #define ID2_KEY_TYPE_ECC 4
15 | #define ID2_KEY_TYPE_SM1 5
16 | #define ID2_KEY_TYPE_SM2 6
17 | #define ID2_KEY_TYPE_SM4 7
18 |
19 | #define ID2_HASH_TYPE_SHA256 2
20 | #define ID2_HASH_TYPE_SM3 3
21 |
22 | ////////////////////////////////////////////////////////////////////////////////
23 |
24 | #if (CONFIG_ID2_KEY_TYPE == ID2_KEY_TYPE_SM1 || \
25 | CONFIG_ID2_KEY_TYPE == ID2_KEY_TYPE_SM2 || \
26 | CONFIG_ID2_KEY_TYPE == ID2_KEY_TYPE_SM4)
27 | #define CONFIG_ID2_HASH_TYPE ID2_HASH_TYPE_SM3
28 | #endif
29 |
30 | #ifndef CONFIG_ID2_HASH_TYPE
31 | #define CONFIG_ID2_HASH_TYPE ID2_HASH_TYPE_SHA256
32 | #endif
33 |
34 | ////////////////////////////////////////////////////////////////////////////////
35 |
36 | #if (CONFIG_ID2_KEY_TYPE != ID2_KEY_TYPE_3DES && \
37 | CONFIG_ID2_KEY_TYPE != ID2_KEY_TYPE_AES && \
38 | CONFIG_ID2_KEY_TYPE != ID2_KEY_TYPE_RSA && \
39 | CONFIG_ID2_KEY_TYPE != ID2_KEY_TYPE_ECC && \
40 | CONFIG_ID2_KEY_TYPE != ID2_KEY_TYPE_SM1 && \
41 | CONFIG_ID2_KEY_TYPE != ID2_KEY_TYPE_SM2 && \
42 | CONFIG_ID2_KEY_TYPE != ID2_KEY_TYPE_SM4)
43 | #error "CONFIG_ID2_KEY_TYPE error."
44 | #endif
45 |
46 | #if (CONFIG_ID2_HASH_TYPE != ID2_HASH_TYPE_SHA256 && \
47 | CONFIG_ID2_HASH_TYPE != ID2_HASH_TYPE_SM3)
48 | #error "CONFIG_ID2_HASH_TYPE error."
49 | #endif
50 |
51 | #if defined(CONFIG_ID2_OTP)
52 | #if (CONFIG_ID2_KEY_TYPE != ID2_KEY_TYPE_AES && \
53 | CONFIG_ID2_KEY_TYPE != ID2_KEY_TYPE_SM4)
54 | #error "CONFIG_ID2_OTP_X_MODE error, which is only supported for AES and SM4."
55 | #endif
56 |
57 | #if (CONFIG_ID2_KEY_TYPE == ID2_KEY_TYPE_SM4)
58 | #define CONFIG_ID2_OTP_X_MODE
59 | #endif
60 | #endif
61 |
62 | ////////////////////////////////////////////////////////////////////////////////
63 |
64 | #endif /* __ID2_CONFIG_H__ */
65 |
--------------------------------------------------------------------------------
/modules/id2/lib/inc/id2_plat.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2015-2017 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __ID2_PLAT_H__
6 | #define __ID2_PLAT_H__
7 |
8 | #include
9 |
10 | #ifdef __cplusplus
11 | extern "C" {
12 | #endif
13 |
14 | typedef enum
15 | {
16 | DIGEST_TYPE_SHA1 = 0x00,
17 | DIGEST_TYPE_SHA224 = 0x01,
18 | DIGEST_TYPE_SHA256 = 0x02,
19 | DIGEST_TYPE_SHA384 = 0x03,
20 | DIGEST_TYPE_SHA512 = 0x04,
21 | DIGEST_TYPE_SM3 = 0x05,
22 | } digest_t;
23 |
24 | int id2_plat_get_random(uint8_t* buf, uint32_t len);
25 |
26 | int id2_plat_hash_sum(const uint8_t* in, uint32_t in_len,
27 | uint8_t* out, uint32_t* out_len, digest_t type);
28 |
29 | int id2_plat_base64_encode(const uint8_t* input, uint32_t input_len,
30 | uint8_t* output, uint32_t* output_len);
31 |
32 | int id2_plat_base64_decode(const uint8_t* input, uint32_t input_len,
33 | uint8_t* output, uint32_t* output_len);
34 |
35 | #ifdef __cplusplus
36 | }
37 | #endif
38 |
39 | #endif /* __ID2_PLAT_H__ */
40 |
41 |
--------------------------------------------------------------------------------
/modules/id2/lib/inc/id2_priv.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2015-2017 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __ID2_PRIV_H__
6 | #define __ID2_PRIV_H__
7 |
8 | #include "ls_osa.h"
9 | #include "id2_config.h"
10 |
11 | #if defined(CONFIG_ID2_DEBUG)
12 | #define id2_log_debug(_f, ...) ls_osa_print("%s %d: " _f,\
13 | __FUNCTION__, __LINE__, ##__VA_ARGS__)
14 | #else
15 | #define id2_log_debug(_f, ...)
16 | #endif
17 |
18 | #define id2_log_info(_f, ...) ls_osa_print("%s %d: " _f,\
19 | __FUNCTION__, __LINE__, ##__VA_ARGS__)
20 | #define id2_log_error(_f, ...) ls_osa_print("%s %d: %s: " _f,\
21 | __FUNCTION__, __LINE__, "ERROR", ##__VA_ARGS__)
22 |
23 | #define ID2_KEY_NAME "id2_key"
24 | #define ID2_KEY_NAME_LEN 7
25 |
26 | #define ID2_AES_IV_LEN 16
27 | #define ID2_SM4_IV_LEN 16
28 |
29 | enum
30 | {
31 | ID2_DES_BLOCK_SIZE = 0x08,
32 | ID2_AES_BLOCK_SIZE = 0x10,
33 | ID2_RSA_BLOCK_SIZE = 0x80,
34 | ID2_SM1_BLOCK_SIZE = 0x10,
35 | ID2_SM4_BLOCK_SIZE = 0x10,
36 | };
37 |
38 | int is_id2_client_inited(void);
39 |
40 | int id2_is_hex_char(char c);
41 | int id2_hex_to_char(uint8_t hex);
42 | int id2_char_to_hex(char c);
43 |
44 | int id2_hex_to_string(const uint8_t* in, uint32_t in_len, uint8_t* out, uint32_t* out_len);
45 | int id2_string_to_hex(const uint8_t* in, uint32_t in_len, uint8_t* out, uint32_t* out_len);
46 |
47 | void id2_log_hex_dump(const char* name, const uint8_t* data, uint32_t len);
48 |
49 | #endif /* __ID2_PRIV_H__ */
50 |
51 |
--------------------------------------------------------------------------------
/modules/id2/lib/makefile:
--------------------------------------------------------------------------------
1 | include ../../../make.rules
2 | include ../../../make.settings
3 |
4 | CFLAGS += -I./inc
5 | CFLAGS += -I../../../include/osa
6 | CFLAGS += -I../../../include/id2
7 | CFLAGS += -I../../../include/irot
8 | CFLAGS += -I../../../include/crypto
9 |
10 | ifeq ($(CONFIG_LS_ID2_DEBUG), Y)
11 | CFLAGS += -DCONFIG_ID2_DEBUG
12 | endif
13 |
14 | ifeq ($(CONFIG_LS_ID2_OTP), Y)
15 | CFLAGS += -DCONFIG_ID2_OTP
16 | endif
17 |
18 | ifeq ($(CONFIG_LS_ID2_KEY_TYPE), 3DES)
19 | CFLAGS += -DCONFIG_ID2_KEY_TYPE=ID2_KEY_TYPE_3DES
20 | else ifeq ($(CONFIG_LS_ID2_KEY_TYPE), AES)
21 | CFLAGS += -DCONFIG_ID2_KEY_TYPE=ID2_KEY_TYPE_AES
22 | else ifeq ($(CONFIG_LS_ID2_KEY_TYPE), RSA)
23 | CFLAGS += -DCONFIG_ID2_KEY_TYPE=ID2_KEY_TYPE_RSA
24 | else ifeq ($(CONFIG_LS_ID2_KEY_TYPE), ECC)
25 | CFLAGS += -DCONFIG_ID2_KEY_TYPE=ID2_KEY_TYPE_ECC
26 | else ifeq ($(CONFIG_LS_ID2_KEY_TYPE), SM1)
27 | CFLAGS += -DCONFIG_ID2_KEY_TYPE=ID2_KEY_TYPE_SM1
28 | else ifeq ($(CONFIG_LS_ID2_KEY_TYPE), SM2)
29 | CFLAGS += -DCONFIG_ID2_KEY_TYPE=ID2_KEY_TYPE_SM2
30 | else ifeq ($(CONFIG_LS_ID2_KEY_TYPE), SM4)
31 | CFLAGS += -DCONFIG_ID2_KEY_TYPE=ID2_KEY_TYPE_SM4
32 | else
33 | CFLAGS += -DCONFIG_ID2_KEY_TYPE=ID2_KEY_TYPE_NON
34 | endif
35 |
36 | SRCS += src/id2_client.c
37 | SRCS += src/id2_dpm.c
38 | SRCS += src/id2_kpm.c
39 | SRCS += src/id2_otp.c
40 | SRCS += src/id2_wrap.c
41 | SRCS += src/id2_plat.c
42 | SRCS += src/id2_util.c
43 |
44 | OBJS := $(patsubst %.cxx,%.o,$(patsubst %.c,%.o,$(SRCS)))
45 |
46 | OUT := ../libid2.a
47 |
48 | $(OUT): $(OBJS)
49 | $(AR) -r $(OUT) $(OBJS)
50 | %.o: %.c
51 | $(CC) -c $(CFLAGS) $< -o $*.o
52 |
53 | clean:
54 | rm -f $(OBJS) .elf $(OUT)
55 |
--------------------------------------------------------------------------------
/modules/id2/lib/src/id2_util.c:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2015-2017 Alibaba Group Holding Limited
3 | */
4 |
5 | #include "id2_priv.h"
6 |
7 | const static char* const string_table = "0123456789ABCDEF";
8 |
9 | int id2_is_hex_char(char c)
10 | {
11 | if (c >= '0' && c <= '9') {
12 | return 1;
13 | } else if (c >= 'a' && c <= 'f') {
14 | return 1;
15 | } else if (c >= 'A' && c <= 'F') {
16 | return 1;
17 | }
18 |
19 | return 0;
20 | }
21 |
22 | /* 0, 1, 2, ... -> "0123456789ABCDEF" */
23 | int id2_hex_to_char(uint8_t hex)
24 | {
25 | int ch = -1;
26 |
27 | if (hex <= 0x0F) {
28 | ch = string_table[hex];
29 | }
30 |
31 | return ch;
32 | }
33 |
34 | /* "0123456789ABCDEF" -> 0, 1, 2, ... */
35 | int id2_char_to_hex(char c)
36 | {
37 | int hex = -1;
38 |
39 | if (c >= '0' && c <= '9') {
40 | hex = c - '0';
41 | } else if (c >= 'a' && c <= 'f') {
42 | hex = c - 'a' + 10;
43 | } else if (c >= 'A' && c <= 'F') {
44 | hex = c - 'A' + 10;
45 | }
46 |
47 | return hex;
48 | }
49 |
50 | int id2_hex_to_string(const uint8_t* in, uint32_t in_len, uint8_t* out, uint32_t* out_len)
51 | {
52 | int32_t i;
53 | uint8_t temp;
54 | uint8_t high, low;
55 |
56 | for (i = in_len - 1; i >= 0; i--) {
57 | temp = in[i];
58 | high = (temp >> 4) & 0x0F;
59 | low = (temp >> 0) & 0x0F;
60 |
61 | out[i * 2] = string_table[high];
62 | out[i * 2 + 1] = string_table[low];
63 | }
64 |
65 | *out_len = in_len * 2;
66 |
67 | return 0;
68 | }
69 |
70 | int id2_string_to_hex(const uint8_t* in, uint32_t in_len, uint8_t* out, uint32_t* out_len)
71 | {
72 | uint32_t i = 0;
73 | int high, low;
74 |
75 | if (in == NULL || out == NULL || in_len % 2 != 0) {
76 | return -1;
77 | }
78 |
79 | if (*out_len * 2 < in_len) {
80 | return -1;
81 | }
82 |
83 | while (i < in_len) {
84 | high = id2_char_to_hex(in[i]);
85 | if (high < 0) {
86 | return -1;
87 | }
88 |
89 | low = id2_char_to_hex(in[i + 1]);
90 | if (low < 0) {
91 | return -1;
92 | }
93 |
94 | out[i >> 1] = (uint8_t)((high << 4) | (low & 0x0F));
95 | i += 2;
96 | }
97 |
98 | *out_len = in_len >> 1;
99 |
100 | return 0;
101 | }
102 |
103 | #if defined(CONFIG_ID2_DEBUG)
104 | void id2_log_hex_dump(const char* name, const uint8_t* data, uint32_t len)
105 | {
106 | uint32_t i;
107 | char buf[80];
108 | int pos;
109 | int col_size = 16;
110 |
111 | if (name) {
112 | id2_log_debug("%s [length = %d]\n", name, len);
113 | }
114 | i = 0;
115 | pos = 0;
116 | memset(buf, 0x00, sizeof(buf));
117 | while (i < len) {
118 | pos += ls_osa_snprintf(buf + pos, sizeof(buf) - pos, "%02X ", data[i]);
119 | i++;
120 | if (i % col_size == 0x00) {
121 | pos += ls_osa_snprintf(buf + pos, sizeof(buf) - pos, "\n");
122 | id2_log_debug("%s", buf);
123 | pos = 0;
124 | } else if (i % col_size == (col_size >> 1)) {
125 | pos += ls_osa_snprintf(buf + pos, sizeof(buf) - pos, " ");
126 | }
127 | }
128 |
129 | if (pos > 0) {
130 | if (i % col_size == 0x00) {
131 | id2_log_debug("%s", buf);
132 | } else {
133 | id2_log_debug("%s\n", buf);
134 | }
135 | }
136 |
137 | return;
138 | }
139 | #else
140 | void id2_log_hex_dump(const char* name, const uint8_t* data, uint32_t len)
141 | {
142 | (void)name;
143 | (void)data;
144 | (void)len;
145 |
146 | return;
147 | }
148 | #endif
149 |
150 |
--------------------------------------------------------------------------------
/modules/id2/makefile:
--------------------------------------------------------------------------------
1 | include ../../make.settings
2 |
3 | .PHONY: lib
4 |
5 | lib:
6 | ifeq ($(CONFIG_LS_ID2_ROT_TYPE), MDU)
7 | make -C stub
8 | else
9 | make -C lib
10 | endif
11 |
12 | clean:
13 | make clean -C stub
14 | make clean -C lib
15 |
--------------------------------------------------------------------------------
/modules/id2/stub/inc/id2_priv.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2019-2021 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __ID2_PRIV_H__
6 | #define __ID2_PRIV_H__
7 |
8 | #include "ls_osa.h"
9 |
10 | #if defined(CONFIG_ID2_DEBUG)
11 | #define id2_log_debug(_f, ...) ls_osa_print("%s %d: " _f,\
12 | __FUNCTION__, __LINE__, ##__VA_ARGS__)
13 | #else
14 | #define id2_log_debug(_f, ...)
15 | #endif
16 |
17 | #define id2_log_info(_f, ...) ls_osa_print("%s %d: " _f,\
18 | __FUNCTION__, __LINE__, ##__VA_ARGS__)
19 | #define id2_log_error(_f, ...) ls_osa_print("%s %d: %s: " _f,\
20 | __FUNCTION__, __LINE__, "ERROR", ##__VA_ARGS__)
21 |
22 | #endif /* __ID2_PRIV_H__ */
23 |
24 |
--------------------------------------------------------------------------------
/modules/id2/stub/makefile:
--------------------------------------------------------------------------------
1 | include ../../../make.rules
2 | include ../../../make.settings
3 |
4 | CFLAGS += -I./inc
5 | CFLAGS += -I../../../include/osa
6 | CFLAGS += -I../../../include/id2
7 |
8 | ifeq ($(CONFIG_LS_ID2_DEBUG), Y)
9 | CFLAGS += -DCONFIG_ID2_DEBUG
10 | endif
11 |
12 | SRCS += src/id2_client.c
13 | SRCS += src/id2_dpm.c
14 | SRCS += src/id2_kpm.c
15 |
16 | OBJS := $(patsubst %.cxx,%.o,$(patsubst %.c,%.o,$(SRCS)))
17 |
18 | OUT := ../libid2_stub.a
19 |
20 | $(OUT): $(OBJS)
21 | $(AR) -r $(OUT) $(OBJS)
22 | %.o: %.c
23 | $(CC) -c $(CFLAGS) $< -o $*.o
24 |
25 | clean:
26 | rm -f $(OBJS) .elf $(OUT)
27 |
--------------------------------------------------------------------------------
/modules/id2/stub/src/id2_dpm.c:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2020-2022 Alibaba Group Holding Limited
3 | */
4 |
5 | #include "id2_priv.h"
6 | #include "id2_client_dpm.h"
7 |
8 |
9 | irot_result_t id2_client_dpm_get_totp(uint64_t timestamp, uint32_t index,
10 | uint32_t otp_step, uint32_t otp_len, uint8_t *otp_data)
11 | {
12 | id2_log_info("not supported!\n");
13 |
14 | return IROT_ERROR_NOT_SUPPORTED;
15 | }
16 |
17 | irot_result_t id2_client_dpm_get_index(uint8_t *otp_data, uint32_t otp_len, uint32_t *index)
18 | {
19 | id2_log_info("not supported!\n");
20 |
21 | return IROT_ERROR_NOT_SUPPORTED;
22 | }
23 |
24 |
--------------------------------------------------------------------------------
/modules/id2/stub/src/id2_kpm.c:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2020-2022 Alibaba Group Holding Limited
3 | */
4 |
5 | #include "id2_priv.h"
6 | #include "id2_client_kpm.h"
7 |
8 | irot_result_t id2_client_kpm_get_prov_stat(uint8_t key_idx, bool *is_prov)
9 | {
10 | id2_log_info("not supported!\n");
11 |
12 | return IROT_ERROR_NOT_SUPPORTED;
13 | }
14 |
15 | irot_result_t id2_client_kpm_get_key_type(uint8_t key_idx, uint32_t *key_type)
16 | {
17 | id2_log_info("not supported!\n");
18 |
19 | return IROT_ERROR_NOT_SUPPORTED;
20 | }
21 |
22 | irot_result_t id2_client_kpm_get_auth_code(uint8_t key_idx, uint8_t key_info,
23 | uint8_t mode, char *random, uint8_t *auth_code, uint32_t *auth_code_len)
24 | {
25 | id2_log_info("not supported!\n");
26 |
27 | return IROT_ERROR_NOT_SUPPORTED;
28 | }
29 |
30 | irot_result_t id2_client_kpm_import_key(uint8_t key_idx, uint8_t *data, uint32_t size)
31 | {
32 | id2_log_info("not supported!\n");
33 |
34 | return IROT_ERROR_NOT_SUPPORTED;
35 | }
36 |
37 | irot_result_t id2_client_kpm_delete_key(uint8_t key_idx)
38 | {
39 | id2_log_info("not supported!\n");
40 |
41 | return IROT_ERROR_NOT_SUPPORTED;
42 | }
43 |
44 | irot_result_t id2_client_kpm_export_pub_key(uint8_t key_idx, uint8_t *data, uint32_t *size)
45 | {
46 | id2_log_info("not supported!\n");
47 |
48 | return IROT_ERROR_NOT_SUPPORTED;
49 | }
50 |
51 | irot_result_t id2_client_kpm_encrypt(uint8_t key_idx, uint8_t cipher_suite, uint8_t padding_type,
52 | uint8_t *iv, uint32_t iv_len,
53 | uint8_t *in_data, uint32_t in_len, uint8_t *out_data, uint32_t *out_len)
54 | {
55 | id2_log_info("not supported!\n");
56 |
57 | return IROT_ERROR_NOT_SUPPORTED;
58 | }
59 |
60 | irot_result_t id2_client_kpm_decrypt(uint8_t key_idx, uint8_t cipher_suite, uint8_t padding_type,
61 | uint8_t *iv, uint32_t iv_len,
62 | uint8_t *in_data, uint32_t in_len, uint8_t *out_data, uint32_t *out_len)
63 | {
64 | id2_log_info("not supported!\n");
65 |
66 | return IROT_ERROR_NOT_SUPPORTED;
67 | }
68 |
69 | irot_result_t id2_client_kpm_sign(uint8_t key_idx, uint8_t *msg, uint32_t msg_len, uint8_t *sign, uint32_t *sign_len)
70 | {
71 | id2_log_info("not supported!\n");
72 |
73 | return IROT_ERROR_NOT_SUPPORTED;
74 | }
75 |
76 | irot_result_t id2_client_kpm_verify(uint8_t key_idx, uint8_t *msg, uint32_t msg_len, uint8_t *sign, uint32_t sign_len)
77 | {
78 | id2_log_info("not supported!\n");
79 |
80 | return IROT_ERROR_NOT_SUPPORTED;
81 | }
82 |
83 |
--------------------------------------------------------------------------------
/modules/irot/demo/makefile:
--------------------------------------------------------------------------------
1 | include ../../../make.rules
2 |
3 | CFLAGS += -I../../../include/osa
4 | CFLAGS += -I../../../include/irot
5 | CFLAGS += -I../../../include/hal
6 | CFLAGS += -I../../../include/crypto
7 |
8 | SRCS := src/km_demo.c
9 |
10 | OBJS := $(patsubst %.cxx,%.o,$(patsubst %.c,%.o,$(SRCS)))
11 |
12 | OUT := ../libkm.a
13 |
14 | $(OUT): $(OBJS)
15 | $(AR) -r $(OUT) $(OBJS)
16 | $(RANLIB) $(OUT)
17 | %.o: %.c
18 | $(CC) -c $(CFLAGS) $< -o $*.o
19 |
20 | clean:
21 | rm -f $(OBJS) .elf $(OUT)
22 |
--------------------------------------------------------------------------------
/modules/irot/makefile:
--------------------------------------------------------------------------------
1 | include ../../make.settings
2 |
3 | .PHONY: lib
4 |
5 | $(info $(CONFIG_LS_ID2_ROT_TYPE))
6 |
7 | lib:
8 | ifeq ($(CONFIG_LS_ID2_ROT_TYPE), SE)
9 | make -C se
10 | else ifeq ($(CONFIG_LS_ID2_ROT_TYPE), PUF)
11 | make -C puf
12 | else ifeq ($(CONFIG_LS_ID2_ROT_TYPE), KM)
13 | make -C km
14 | else
15 | make -C demo
16 | endif
17 |
18 | clean:
19 | make clean -C se
20 | make clean -C puf
21 | make clean -C demo
22 | ifeq ($(CONFIG_LS_ID2_ROT_TYPE), KM)
23 | make clean -C km
24 | endif
25 |
--------------------------------------------------------------------------------
/modules/irot/puf/chipset/demo/mbedtls/include/mbedtls/config.h:
--------------------------------------------------------------------------------
1 | /**
2 | * \file config.h
3 | *
4 | * \brief Configuration options (set of defines)
5 | *
6 | * This set of compile-time options may be used to enable
7 | * or disable features selectively, and reduce the global
8 | * memory footprint.
9 | */
10 | /*
11 | * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
12 | * SPDX-License-Identifier: Apache-2.0
13 | *
14 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
15 | * not use this file except in compliance with the License.
16 | * You may obtain a copy of the License at
17 | *
18 | * http://www.apache.org/licenses/LICENSE-2.0
19 | *
20 | * Unless required by applicable law or agreed to in writing, software
21 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
22 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
23 | * See the License for the specific language governing permissions and
24 | * limitations under the License.
25 | *
26 | * This file is part of mbed TLS (https://tls.mbed.org)
27 | */
28 |
29 | #ifndef MBEDTLS_CONFIG_H
30 | #define MBEDTLS_CONFIG_H
31 |
32 | #define MBEDTLS_ECP_DP_SECP192K1_ENABLED
33 | #define MBEDTLS_ECP_DP_SECP224K1_ENABLED
34 | #define MBEDTLS_ECP_DP_SECP256K1_ENABLED
35 | #define MBEDTLS_ECP_NIST_OPTIM
36 | #define MBEDTLS_BIGNUM_C
37 | #define MBEDTLS_ECDH_C
38 | #define MBEDTLS_ECDSA_C
39 | #define MBEDTLS_ECP_C
40 |
41 | #define MBEDTLS_ASN1_PARSE_C
42 | #define MBEDTLS_ASN1_WRITE_C
43 |
44 | #define MBEDTLS_PLATFORM_C
45 |
46 | #include "check_config.h"
47 |
48 | #endif /* MBEDTLS_CONFIG_H */
49 |
--------------------------------------------------------------------------------
/modules/irot/puf/chipset/demo/mbedtls/include/mbedtls/platform_util.h:
--------------------------------------------------------------------------------
1 | /**
2 | * \file platform_util.h
3 | *
4 | * \brief Common and shared functions used by multiple modules in the Mbed TLS
5 | * library.
6 | */
7 | /*
8 | * Copyright (C) 2018, Arm Limited, All Rights Reserved
9 | * SPDX-License-Identifier: Apache-2.0
10 | *
11 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
12 | * not use this file except in compliance with the License.
13 | * You may obtain a copy of the License at
14 | *
15 | * http://www.apache.org/licenses/LICENSE-2.0
16 | *
17 | * Unless required by applicable law or agreed to in writing, software
18 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
19 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 | * See the License for the specific language governing permissions and
21 | * limitations under the License.
22 | *
23 | * This file is part of Mbed TLS (https://tls.mbed.org)
24 | */
25 | #ifndef MBEDTLS_PLATFORM_UTIL_H
26 | #define MBEDTLS_PLATFORM_UTIL_H
27 |
28 | #if !defined(MBEDTLS_CONFIG_FILE)
29 | #include "mbedtls/config.h"
30 | #else
31 | #include MBEDTLS_CONFIG_FILE
32 | #endif
33 |
34 | #include
35 | #if defined(MBEDTLS_HAVE_TIME_DATE)
36 | #include "mbedtls/platform_time.h"
37 | #include
38 | #endif /* MBEDTLS_HAVE_TIME_DATE */
39 |
40 | #ifdef __cplusplus
41 | extern "C" {
42 | #endif
43 |
44 | /**
45 | * \brief Securely zeroize a buffer
46 | *
47 | * The function is meant to wipe the data contained in a buffer so
48 | * that it can no longer be recovered even if the program memory
49 | * is later compromised. Call this function on sensitive data
50 | * stored on the stack before returning from a function, and on
51 | * sensitive data stored on the heap before freeing the heap
52 | * object.
53 | *
54 | * It is extremely difficult to guarantee that calls to
55 | * mbedtls_platform_zeroize() are not removed by aggressive
56 | * compiler optimizations in a portable way. For this reason, Mbed
57 | * TLS provides the configuration option
58 | * MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
59 | * mbedtls_platform_zeroize() to use a suitable implementation for
60 | * their platform and needs
61 | *
62 | * \param buf Buffer to be zeroized
63 | * \param len Length of the buffer in bytes
64 | *
65 | */
66 | void mbedtls_platform_zeroize( void *buf, size_t len );
67 |
68 | #if defined(MBEDTLS_HAVE_TIME_DATE)
69 | /**
70 | * \brief Platform-specific implementation of gmtime_r()
71 | *
72 | * The function is a thread-safe abstraction that behaves
73 | * similarly to the gmtime_r() function from Unix/POSIX.
74 | *
75 | * Mbed TLS will try to identify the underlying platform and
76 | * make use of an appropriate underlying implementation (e.g.
77 | * gmtime_r() for POSIX and gmtime_s() for Windows). If this is
78 | * not possible, then gmtime() will be used. In this case, calls
79 | * from the library to gmtime() will be guarded by the mutex
80 | * mbedtls_threading_gmtime_mutex if MBEDTLS_THREADING_C is
81 | * enabled. It is recommended that calls from outside the library
82 | * are also guarded by this mutex.
83 | *
84 | * If MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, then Mbed TLS will
85 | * unconditionally use the alternative implementation for
86 | * mbedtls_platform_gmtime_r() supplied by the user at compile time.
87 | *
88 | * \param tt Pointer to an object containing time (in seconds) since the
89 | * epoch to be converted
90 | * \param tm_buf Pointer to an object where the results will be stored
91 | *
92 | * \return Pointer to an object of type struct tm on success, otherwise
93 | * NULL
94 | */
95 | struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
96 | struct tm *tm_buf );
97 | #endif /* MBEDTLS_HAVE_TIME_DATE */
98 |
99 | #ifdef __cplusplus
100 | }
101 | #endif
102 |
103 | #endif /* MBEDTLS_PLATFORM_UTIL_H */
104 |
--------------------------------------------------------------------------------
/modules/irot/puf/chipset/demo/mbedtls/include/mbedtls/threading.h:
--------------------------------------------------------------------------------
1 | /**
2 | * \file threading.h
3 | *
4 | * \brief Threading abstraction layer
5 | */
6 | /*
7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8 | * SPDX-License-Identifier: Apache-2.0
9 | *
10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
11 | * not use this file except in compliance with the License.
12 | * You may obtain a copy of the License at
13 | *
14 | * http://www.apache.org/licenses/LICENSE-2.0
15 | *
16 | * Unless required by applicable law or agreed to in writing, software
17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 | * See the License for the specific language governing permissions and
20 | * limitations under the License.
21 | *
22 | * This file is part of mbed TLS (https://tls.mbed.org)
23 | */
24 | #ifndef MBEDTLS_THREADING_H
25 | #define MBEDTLS_THREADING_H
26 |
27 | #if !defined(MBEDTLS_CONFIG_FILE)
28 | #include "config.h"
29 | #else
30 | #include MBEDTLS_CONFIG_FILE
31 | #endif
32 |
33 | #include
34 |
35 | #ifdef __cplusplus
36 | extern "C" {
37 | #endif
38 |
39 | /* MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE is deprecated and should not be
40 | * used. */
41 | #define MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE -0x001A /**< The selected feature is not available. */
42 |
43 | #define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA -0x001C /**< Bad input parameters to function. */
44 | #define MBEDTLS_ERR_THREADING_MUTEX_ERROR -0x001E /**< Locking / unlocking / free failed with error code. */
45 |
46 | #if defined(MBEDTLS_THREADING_PTHREAD)
47 | #include
48 | typedef struct mbedtls_threading_mutex_t
49 | {
50 | pthread_mutex_t mutex;
51 | char is_valid;
52 | } mbedtls_threading_mutex_t;
53 | #endif
54 |
55 | #if defined(MBEDTLS_THREADING_ALT)
56 | /* You should define the mbedtls_threading_mutex_t type in your header */
57 | #include "threading_alt.h"
58 |
59 | /**
60 | * \brief Set your alternate threading implementation function
61 | * pointers and initialize global mutexes. If used, this
62 | * function must be called once in the main thread before any
63 | * other mbed TLS function is called, and
64 | * mbedtls_threading_free_alt() must be called once in the main
65 | * thread after all other mbed TLS functions.
66 | *
67 | * \note mutex_init() and mutex_free() don't return a status code.
68 | * If mutex_init() fails, it should leave its argument (the
69 | * mutex) in a state such that mutex_lock() will fail when
70 | * called with this argument.
71 | *
72 | * \param mutex_init the init function implementation
73 | * \param mutex_free the free function implementation
74 | * \param mutex_lock the lock function implementation
75 | * \param mutex_unlock the unlock function implementation
76 | */
77 | void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ),
78 | void (*mutex_free)( mbedtls_threading_mutex_t * ),
79 | int (*mutex_lock)( mbedtls_threading_mutex_t * ),
80 | int (*mutex_unlock)( mbedtls_threading_mutex_t * ) );
81 |
82 | /**
83 | * \brief Free global mutexes.
84 | */
85 | void mbedtls_threading_free_alt( void );
86 | #endif /* MBEDTLS_THREADING_ALT */
87 |
88 | #if defined(MBEDTLS_THREADING_C)
89 | /*
90 | * The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock
91 | *
92 | * All these functions are expected to work or the result will be undefined.
93 | */
94 | extern void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t *mutex );
95 | extern void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t *mutex );
96 | extern int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t *mutex );
97 | extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
98 |
99 | /*
100 | * Global mutexes
101 | */
102 | #if defined(MBEDTLS_FS_IO)
103 | extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
104 | #endif
105 |
106 | #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
107 | /* This mutex may or may not be used in the default definition of
108 | * mbedtls_platform_gmtime_r(), but in order to determine that,
109 | * we need to check POSIX features, hence modify _POSIX_C_SOURCE.
110 | * With the current approach, this declaration is orphaned, lacking
111 | * an accompanying definition, in case mbedtls_platform_gmtime_r()
112 | * doesn't need it, but that's not a problem. */
113 | extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
114 | #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
115 |
116 | #endif /* MBEDTLS_THREADING_C */
117 |
118 | #ifdef __cplusplus
119 | }
120 | #endif
121 |
122 | #endif /* threading.h */
123 |
--------------------------------------------------------------------------------
/modules/irot/puf/chipset/demo/mbedtls/src/platform_util.c:
--------------------------------------------------------------------------------
1 | /*
2 | * Common and shared functions used by multiple modules in the Mbed TLS
3 | * library.
4 | *
5 | * Copyright (C) 2018, Arm Limited, All Rights Reserved
6 | * SPDX-License-Identifier: Apache-2.0
7 | *
8 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 | * not use this file except in compliance with the License.
10 | * You may obtain a copy of the License at
11 | *
12 | * http://www.apache.org/licenses/LICENSE-2.0
13 | *
14 | * Unless required by applicable law or agreed to in writing, software
15 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 | * See the License for the specific language governing permissions and
18 | * limitations under the License.
19 | *
20 | * This file is part of Mbed TLS (https://tls.mbed.org)
21 | */
22 |
23 | /*
24 | * Ensure gmtime_r is available even with -std=c99; must be defined before
25 | * config.h, which pulls in glibc's features.h. Harmless on other platforms.
26 | */
27 | #if !defined(_POSIX_C_SOURCE)
28 | #define _POSIX_C_SOURCE 200112L
29 | #endif
30 |
31 | #if !defined(MBEDTLS_CONFIG_FILE)
32 | #include "mbedtls/config.h"
33 | #else
34 | #include MBEDTLS_CONFIG_FILE
35 | #endif
36 |
37 | #include "mbedtls/platform_util.h"
38 | #include "mbedtls/threading.h"
39 |
40 | #include
41 | #include
42 |
43 | #if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
44 | /*
45 | * This implementation should never be optimized out by the compiler
46 | *
47 | * This implementation for mbedtls_platform_zeroize() was inspired from Colin
48 | * Percival's blog article at:
49 | *
50 | * http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html
51 | *
52 | * It uses a volatile function pointer to the standard memset(). Because the
53 | * pointer is volatile the compiler expects it to change at
54 | * any time and will not optimize out the call that could potentially perform
55 | * other operations on the input buffer instead of just setting it to 0.
56 | * Nevertheless, as pointed out by davidtgoldblatt on Hacker News
57 | * (refer to http://www.daemonology.net/blog/2014-09-05-erratum.html for
58 | * details), optimizations of the following form are still possible:
59 | *
60 | * if( memset_func != memset )
61 | * memset_func( buf, 0, len );
62 | *
63 | * Note that it is extremely difficult to guarantee that
64 | * mbedtls_platform_zeroize() will not be optimized out by aggressive compilers
65 | * in a portable way. For this reason, Mbed TLS also provides the configuration
66 | * option MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
67 | * mbedtls_platform_zeroize() to use a suitable implementation for their
68 | * platform and needs.
69 | */
70 | static void * (* const volatile memset_func)( void *, int, size_t ) = memset;
71 |
72 | void mbedtls_platform_zeroize( void *buf, size_t len )
73 | {
74 | memset_func( buf, 0, len );
75 | }
76 | #endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
77 |
78 | #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
79 | #include
80 | #if !defined(_WIN32) && (defined(unix) || \
81 | defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
82 | defined(__MACH__)))
83 | #include
84 | #endif /* !_WIN32 && (unix || __unix || __unix__ ||
85 | * (__APPLE__ && __MACH__)) */
86 |
87 | #if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \
88 | ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \
89 | _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) )
90 | /*
91 | * This is a convenience shorthand macro to avoid checking the long
92 | * preprocessor conditions above. Ideally, we could expose this macro in
93 | * platform_util.h and simply use it in platform_util.c, threading.c and
94 | * threading.h. However, this macro is not part of the Mbed TLS public API, so
95 | * we keep it private by only defining it in this file
96 | */
97 | #if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) )
98 | #define PLATFORM_UTIL_USE_GMTIME
99 | #endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */
100 |
101 | #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \
102 | ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \
103 | _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */
104 |
105 | struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
106 | struct tm *tm_buf )
107 | {
108 | #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
109 | return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL );
110 | #elif !defined(PLATFORM_UTIL_USE_GMTIME)
111 | return( gmtime_r( tt, tm_buf ) );
112 | #else
113 | struct tm *lt;
114 |
115 | #if defined(MBEDTLS_THREADING_C)
116 | if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 )
117 | return( NULL );
118 | #endif /* MBEDTLS_THREADING_C */
119 |
120 | lt = gmtime( tt );
121 |
122 | if( lt != NULL )
123 | {
124 | memcpy( tm_buf, lt, sizeof( struct tm ) );
125 | }
126 |
127 | #if defined(MBEDTLS_THREADING_C)
128 | if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 )
129 | return( NULL );
130 | #endif /* MBEDTLS_THREADING_C */
131 |
132 | return( ( lt == NULL ) ? NULL : tm_buf );
133 | #endif /* _WIN32 && !EFIX64 && !EFI32 */
134 | }
135 | #endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */
136 |
--------------------------------------------------------------------------------
/modules/irot/puf/inc/chip_config.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2018 - 2021 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __CHIP_CONFIG_H__
6 | #define __CHIP_CONFIG_H__
7 |
8 | ////////////////////////////////////////////////////////////////////////////////
9 |
10 | #define CHIP_KEY_TYPE_NON 0
11 | #define CHIP_KEY_TYPE_3DES 1
12 | #define CHIP_KEY_TYPE_AES 2
13 | #define CHIP_KEY_TYPE_RSA 3
14 | #define CHIP_KEY_TYPE_ECC 4
15 | #define CHIP_KEY_TYPE_SM1 5
16 | #define CHIP_KEY_TYPE_SM2 6
17 | #define CHIP_KEY_TYPE_SM4 7
18 |
19 | #define CHIP_ECDP_TYPE_SECT163K1 1
20 | #define CHIP_ECDP_TYPE_SECT233K1 2
21 | #define CHIP_ECDP_TYPE_SECT283K1 3
22 | #define CHIP_ECDP_TYPE_SECP192K1 4
23 | #define CHIP_ECDP_TYPE_SECP224K1 5
24 | #define CHIP_ECDP_TYPE_SECP256K1 6
25 |
26 | #ifndef CONFIG_CHIP_ECDP_TYPE
27 | #define CONFIG_CHIP_ECDP_TYPE CHIP_ECDP_TYPE_SECP192K1
28 | #endif
29 |
30 | ////////////////////////////////////////////////////////////////////////////////
31 |
32 | #if (CONFIG_CHIP_KEY_TYPE != CHIP_KEY_TYPE_ECC)
33 | #error "CONFIG_CHIP_KEY_TYPE is error.";
34 | #endif
35 |
36 | #if (CONFIG_CHIP_ECDP_TYPE != CHIP_ECDP_TYPE_SECT163K1 && \
37 | CONFIG_CHIP_ECDP_TYPE != CHIP_ECDP_TYPE_SECT233K1 && \
38 | CONFIG_CHIP_ECDP_TYPE != CHIP_ECDP_TYPE_SECT283K1 && \
39 | CONFIG_CHIP_ECDP_TYPE != CHIP_ECDP_TYPE_SECP192K1 && \
40 | CONFIG_CHIP_ECDP_TYPE != CHIP_ECDP_TYPE_SECP224K1 && \
41 | CONFIG_CHIP_ECDP_TYPE != CHIP_ECDP_TYPE_SECP256K1)
42 | #error "CONFIG_CHIP_ECDP_TYPE is error.";
43 | #endif
44 |
45 | ////////////////////////////////////////////////////////////////////////////////
46 |
47 | #endif /* __CHIP_CONFIG_H__ */
48 |
49 |
--------------------------------------------------------------------------------
/modules/irot/puf/inc/chip_log.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2019 - 2021 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __CHIP_LOG_H__
6 | #define __CHIP_LOG_H__
7 |
8 | #include "ls_osa.h"
9 | #include "chip_config.h"
10 |
11 | #define chip_log_error(_f, _a ...) ls_osa_print("E %s %d: " _f , \
12 | __FUNCTION__, __LINE__, ##_a)
13 |
14 | #define chip_log_info(_f, _a ...) ls_osa_print("I %s %d: " _f , \
15 | __FUNCTION__, __LINE__, ##_a)
16 |
17 | #if defined(CONFIG_CHIP_DEBUG)
18 |
19 | #define chip_log_debug(_f, _a ...) ls_osa_print("D %s %d: " _f , \
20 | __FUNCTION__, __LINE__, ##_a)
21 | #else
22 |
23 | #define chip_log_debug(_f, _a ...)
24 |
25 | #endif
26 |
27 | void chip_dump_buf(const char* name, uint8_t* data, uint32_t len);
28 |
29 | #endif /* __CHIP_LOG_H__ */
30 |
--------------------------------------------------------------------------------
/modules/irot/puf/inc/chip_util.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2019-2021 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __CHIP_UTIL_H__
6 | #define __CHIP_UTIL_H__
7 |
8 | #include "ls_osa.h"
9 |
10 | #define DIGEST_MAX_SIZE 64
11 |
12 | #define DIGEST_SHA256_SIZE 32
13 |
14 | typedef enum {
15 | DIGEST_TYPE_SHA1 = 0x01,
16 | DIGEST_TYPE_SHA256 = 0x02,
17 | DIGEST_TYPE_SM3 = 0x03,
18 | } digest_t;
19 |
20 | int chip_string_to_hex(const char *in, uint32_t in_len, uint8_t *out, uint32_t *out_len);
21 |
22 | int chip_hex_to_string(const uint8_t *in, uint32_t in_len, char *out, uint32_t *out_len);
23 |
24 | int chip_hash_digest(uint8_t* in, uint32_t in_len,
25 | uint8_t* out, uint32_t* out_len, digest_t type);
26 |
27 | int chip_hmac_digest(uint8_t* key, uint32_t key_len,
28 | uint8_t *in, uint32_t in_len,
29 | uint8_t *out, uint32_t* out_len, digest_t type);
30 |
31 | #endif /* __CHIP_UTIL_H__ */
32 |
--------------------------------------------------------------------------------
/modules/irot/puf/makefile:
--------------------------------------------------------------------------------
1 | include ../../../make.rules
2 | include ../../../make.settings
3 |
4 | CHIP_NAME := demo
5 |
6 | CFLAGS += -I../../../include/osa
7 | CFLAGS += -I../../../include/irot
8 | CFLAGS += -I../../../include/irot/puf
9 | CFLAGS += -I../../../include/crypto
10 |
11 | CFLAGS += -I./inc
12 |
13 | ifeq ($(CONFIG_LS_ID2_DEBUG), Y)
14 | CFLAGS += -DCONFIG_CHIP_DEBUG
15 | endif
16 |
17 | ifeq ($(CONFIG_LS_ID2_KEY_TYPE), ECC)
18 | CFLAGS += -DCONFIG_CHIP_KEY_TYPE=CHIP_KEY_TYPE_ECC
19 |
20 | ifeq ($(CONFIG_LS_ID2_ECDP_TYPE), K-163)
21 | CFLAGS += -DCONFIG_CHIP_ECDP_TYPE=CHIP_ECDP_TYPE_SECT163K1
22 | else ifeq ($(CONFIG_LS_ID2_ECDP_TYPE), K-233)
23 | CFLAGS += -DCONFIG_CHIP_ECDP_TYPE=CHIP_ECDP_TYPE_SECT233K1
24 | else ifeq ($(CONFIG_LS_ID2_ECDP_TYPE), K-283)
25 | CFLAGS += -DCONFIG_CHIP_ECDP_TYPE=CHIP_ECDP_TYPE_SECT283K1
26 | else ifeq ($(CONFIG_LS_ID2_ECDP_TYPE), K-192)
27 | CFLAGS += -DCONFIG_CHIP_ECDP_TYPE=CHIP_ECDP_TYPE_SECP192K1
28 | else ifeq ($(CONFIG_LS_ID2_ECDP_TYPE), K-224)
29 | CFLAGS += -DCONFIG_CHIP_ECDP_TYPE=CHIP_ECDP_TYPE_SECP224K1
30 | else ifeq ($(CONFIG_LS_ID2_ECDP_TYPE), K-256)
31 | CFLAGS += -DCONFIG_CHIP_ECDP_TYPE=CHIP_ECDP_TYPE_SECP256K1
32 | endif
33 |
34 | else
35 | CFLAGS += -DCONFIG_CHIP_KEY_TYPE=CHIP_KEY_TYPE_NON
36 | endif
37 |
38 | SRCS := src/km_to_irot.c
39 | SRCS += src/chip_util.c
40 | SRCS += chipset/$(CHIP_NAME)/irot_hal_ecc.c
41 |
42 | ifeq ($(CHIP_NAME), demo)
43 | CFLAGS += -I./chipset/demo/mbedtls/include
44 |
45 | SRCS += chipset/demo/mbedtls/src/ecp.c
46 | SRCS += chipset/demo/mbedtls/src/ecp_curves.c
47 | SRCS += chipset/demo/mbedtls/src/ecdh.c
48 | SRCS += chipset/demo/mbedtls/src/ecdsa.c
49 | SRCS += chipset/demo/mbedtls/src/bignum.c
50 | SRCS += chipset/demo/mbedtls/src/platform_util.c
51 | SRCS += chipset/demo/mbedtls/src/asn1parse.c
52 | SRCS += chipset/demo/mbedtls/src/asn1write.c
53 | endif
54 |
55 | OBJS := $(patsubst %.cxx,%.o,$(patsubst %.c,%.o,$(SRCS)))
56 |
57 | OUT := ../libkm.a
58 |
59 | $(OUT): $(OBJS)
60 | $(AR) -r $(OUT) $(OBJS)
61 | %.o: %.c
62 | $(CC) -c $(CFLAGS) $< -o $*.o
63 |
64 | clean:
65 | rm -f $(OBJS) .elf $(OUT)
66 |
--------------------------------------------------------------------------------
/modules/irot/puf/src/chip_util.c:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (C) 2019-2021 Alibaba Group Holding Limited.
3 | */
4 |
5 | #include "chip_log.h"
6 | #include "chip_util.h"
7 |
8 | #include "ali_crypto.h"
9 |
10 | static char* const string_table = "0123456789ABCDEF";
11 |
12 | static int char_to_hex(char c)
13 | {
14 | int hex = -1;
15 |
16 | if (c >= '0' && c <= '9') {
17 | hex = c - '0';
18 | } else if (c >= 'a' && c <= 'f') {
19 | hex = c - 'a' + 10;
20 | } else if (c >= 'A' && c <= 'F') {
21 | hex = c - 'A' + 10;
22 | }
23 |
24 | return hex;
25 | }
26 |
27 | int chip_string_to_hex(const char *in, uint32_t in_len, uint8_t *out, uint32_t *out_len)
28 | {
29 | uint32_t i = 0;
30 | int high, low;
31 |
32 | if (in == NULL || out == NULL ||
33 | in_len % 2 != 0 || out_len == NULL) {
34 | chip_log_error("invalid input args\n");
35 | return -1;
36 | }
37 |
38 | if (*out_len * 2 < in_len) {
39 | chip_log_error("short buffer, %d %d\n", *out_len * 2, in_len);
40 | return -1;
41 | }
42 |
43 | while (i < in_len) {
44 | high = char_to_hex(in[i]);
45 | if (high < 0) {
46 | return -1;
47 | }
48 |
49 | low = char_to_hex(in[i + 1]);
50 | if (low < 0) {
51 | return -1;
52 | }
53 |
54 | out[i >> 1] = (uint8_t)((high << 4) | (low & 0x0F));
55 | i += 2;
56 | }
57 |
58 | *out_len = in_len >> 1;
59 |
60 | return 0;
61 | }
62 |
63 | int chip_hex_to_string(const uint8_t *in, uint32_t in_len, char *out, uint32_t *out_len)
64 | {
65 | int32_t i;
66 | uint8_t temp;
67 | uint8_t high, low;
68 |
69 | if (in == NULL || in_len == 0 ||
70 | out == NULL || out_len == NULL) {
71 | chip_log_error("invalid input args\n");
72 | return -1;
73 | }
74 |
75 | if (*out_len < 2 * in_len) {
76 | chip_log_error("short buffer, %d %d\n", *out_len, 2 * in_len);
77 | return -1;
78 | }
79 |
80 | for (i = in_len - 1; i >= 0; i--) {
81 | temp = in[i];
82 | high = (temp >> 4) & 0x0F;
83 | low = (temp >> 0) & 0x0F;
84 |
85 | out[i * 2] = string_table[high];
86 | out[i * 2 + 1] = string_table[low];
87 | }
88 |
89 | *out_len = in_len * 2;
90 |
91 | return 0;
92 | }
93 |
94 | int chip_hash_digest(uint8_t *in, uint32_t in_len,
95 | uint8_t *out, uint32_t *out_len, digest_t type)
96 | {
97 | uint32_t result;
98 | hash_type_t hash_type;
99 |
100 | if (in == NULL || in_len == 0 ||
101 | out == NULL || out_len == NULL) {
102 | chip_log_error("invalid input args\n");
103 | return -1;
104 | }
105 |
106 | if (type != DIGEST_TYPE_SHA256) {
107 | chip_log_error("not support this type, %d\n", type);
108 | return -1;
109 | } else {
110 | hash_type = SHA256;
111 | }
112 |
113 | if (*out_len < DIGEST_SHA256_SIZE) {
114 | chip_log_error("short buffer, %d %d\n", *out_len, DIGEST_SHA256_SIZE);
115 | return -1;
116 | } else {
117 | *out_len = DIGEST_SHA256_SIZE;
118 | }
119 |
120 | result = ali_hash_digest(hash_type, in, in_len, out);
121 | if (result != ALI_CRYPTO_SUCCESS) {
122 | chip_log_error("ali_hash_digest fail, 0x%x\n", result);
123 | return -1;
124 | }
125 |
126 | return 0;
127 | }
128 |
129 | int chip_hmac_digest(uint8_t *key, uint32_t key_len,
130 | uint8_t *in, uint32_t in_len,
131 | uint8_t *out, uint32_t *out_len, digest_t type)
132 | {
133 | uint32_t result;
134 | hash_type_t hash_type;
135 |
136 | if (key == NULL || key_len == 0 ||
137 | in == NULL || in_len == 0 ||
138 | out == NULL || out_len == NULL) {
139 | chip_log_error("invalid input args\n");
140 | return -1;
141 | }
142 |
143 | if (type != DIGEST_TYPE_SHA256) {
144 | chip_log_error("not support this type, %d\n", type);
145 | return -1;
146 | } else {
147 | hash_type = SHA256;
148 | }
149 |
150 | if (*out_len < DIGEST_SHA256_SIZE) {
151 | chip_log_error("short buffer, %d %d\n", *out_len, DIGEST_SHA256_SIZE);
152 | return -1;
153 | } else {
154 | *out_len = DIGEST_SHA256_SIZE;
155 | }
156 |
157 | result = ali_hmac_digest(hash_type,
158 | key, key_len, in, in_len, out);
159 | if (result != ALI_CRYPTO_SUCCESS) {
160 | chip_log_error("ali_hmac_digest fail, 0x%x\n", result);
161 | return -1;
162 | }
163 |
164 | return 0;
165 | }
166 |
167 | #if defined(CONFIG_CHIP_DEBUG)
168 | void chip_dump_buf(const char *name, uint8_t *buf, uint32_t len)
169 | {
170 | char *str = NULL;
171 | uint32_t str_len;
172 |
173 | if (buf == NULL || len == 0) {
174 | return;
175 | }
176 |
177 | str_len = 2 * len;
178 | str = ls_osa_malloc(str_len + 1);
179 | if (str == NULL) {
180 | ls_osa_print("out of mem, %d\n", str_len + 1);
181 | return;
182 | } else {
183 | memset(str, 0, str_len + 1);
184 | }
185 |
186 | chip_hex_to_string(buf, len, str, &str_len);
187 |
188 | ls_osa_print("%s[len = %d]: %s\n", name, len, str);
189 |
190 | ls_osa_free(str);
191 |
192 | return;
193 | }
194 |
195 | #else
196 |
197 | void chip_dump_buf(const char *name, uint8_t *buf, uint32_t len)
198 | {
199 | (void)name;
200 | (void)buf;
201 | (void)len;
202 |
203 | return;
204 | }
205 |
206 | #endif
207 |
208 |
--------------------------------------------------------------------------------
/modules/irot/se/chipset/demo/chip_config.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2015-2017 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __CHIP_CONFIG_H__
6 | #define __CHIP_CONFIG_H__
7 |
8 | ////////////////////////////////////////////////////////////////////////////////
9 |
10 | #define CONFIG_CHIP_DEBUG
11 | #define CONFIG_CHIP_SEND_SELECT_COMMAND
12 |
13 | ////////////////////////////////////////////////////////////////////////////////
14 |
15 | #define CHIP_KEY_TYPE_NON 0
16 | #define CHIP_KEY_TYPE_3DES 1
17 | #define CHIP_KEY_TYPE_AES 2
18 | #define CHIP_KEY_TYPE_RSA 3
19 | #define CHIP_KEY_TYPE_ECC 4
20 | #define CHIP_KEY_TYPE_SM1 5
21 | #define CHIP_KEY_TYPE_SM2 6
22 | #define CHIP_KEY_TYPE_SM4 7
23 |
24 | #define CHIP_TYPE_SE_STD_CMD 1
25 | #define CHIP_TYPE_SE_MTK_CMD 2
26 | #define CHIP_TYPE_SE_STD_HAL 3
27 |
28 | #ifndef CONFIG_CHIP_TYPE
29 | #define CONFIG_CHIP_TYPE CHIP_TYPE_SE_STD_HAL
30 | #endif
31 |
32 | ////////////////////////////////////////////////////////////////////////////////
33 |
34 | #if (CONFIG_CHIP_KEY_TYPE != CHIP_KEY_TYPE_3DES && \
35 | CONFIG_CHIP_KEY_TYPE != CHIP_KEY_TYPE_AES && \
36 | CONFIG_CHIP_KEY_TYPE != CHIP_KEY_TYPE_RSA && \
37 | CONFIG_CHIP_KEY_TYPE != CHIP_KEY_TYPE_SM1 && \
38 | CONFIG_CHIP_KEY_TYPE != CHIP_KEY_TYPE_SM2 && \
39 | CONFIG_CHIP_KEY_TYPE != CHIP_KEY_TYPE_SM4)
40 | #error "CONFIG_CHIP_KEY_TYPE error.";
41 | #endif
42 |
43 | ////////////////////////////////////////////////////////////////////////////////
44 |
45 | #endif /* __CHIP_CONFIG_H__ */
46 |
47 |
--------------------------------------------------------------------------------
/modules/irot/se/chipset/template/chip_config.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2015-2017 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __CHIP_CONFIG_H__
6 | #define __CHIP_CONFIG_H__
7 |
8 | ////////////////////////////////////////////////////////////////////////////////
9 |
10 | #define CONFIG_CHIP_DEBUG
11 | #define CONFIG_CHIP_SEND_SELECT_COMMAND
12 |
13 | ////////////////////////////////////////////////////////////////////////////////
14 |
15 | #define CHIP_KEY_TYPE_NON 0
16 | #define CHIP_KEY_TYPE_3DES 1
17 | #define CHIP_KEY_TYPE_AES 2
18 | #define CHIP_KEY_TYPE_RSA 3
19 | #define CHIP_KEY_TYPE_ECC 4
20 | #define CHIP_KEY_TYPE_SM1 5
21 | #define CHIP_KEY_TYPE_SM2 6
22 | #define CHIP_KEY_TYPE_SM4 7
23 |
24 | #define CHIP_TYPE_SE_STD_CMD 1
25 | #define CHIP_TYPE_SE_MTK_CMD 2
26 |
27 | #ifndef CONFIG_CHIP_TYPE
28 | #define CONFIG_CHIP_TYPE CHIP_TYPE_SE_STD_CMD
29 | #endif
30 |
31 | ////////////////////////////////////////////////////////////////////////////////
32 |
33 | #if (CONFIG_CHIP_KEY_TYPE != CHIP_KEY_TYPE_3DES && \
34 | CONFIG_CHIP_KEY_TYPE != CHIP_KEY_TYPE_AES && \
35 | CONFIG_CHIP_KEY_TYPE != CHIP_KEY_TYPE_RSA && \
36 | CONFIG_CHIP_KEY_TYPE != CHIP_KEY_TYPE_SM1 && \
37 | CONFIG_CHIP_KEY_TYPE != CHIP_KEY_TYPE_SM2 && \
38 | CONFIG_CHIP_KEY_TYPE != CHIP_KEY_TYPE_SM4)
39 | #error "CONFIG_CHIP_KEY_TYPE error.";
40 | #endif
41 |
42 | #if (CONFIG_CHIP_TYPE != CHIP_TYPE_SE_STD_CMD && CONFIG_CHIP_TYPE != CHIP_TYPE_SE_MTK_CMD)
43 | #error "CONFIG_CHIP_TYPE error.";
44 | #endif
45 |
46 | ////////////////////////////////////////////////////////////////////////////////
47 |
48 | #endif /* __CHIP_CONFIG_H__ */
49 |
50 |
--------------------------------------------------------------------------------
/modules/irot/se/chipset/template/se_driver/se_driver.c:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2015-2017 Alibaba Group Holding Limited
3 | */
4 |
5 | #include "se_driver.h"
6 | #include "chip_log.h"
7 |
8 | #ifdef WIN32
9 |
10 | #include
11 | #include
12 |
13 | static const char* g_readerName = "OMNIKEY Smart Card Reader USB 0";
14 | static SCARDCONTEXT g_scardContext;
15 | static SCARDHANDLE g_hCard;
16 | static const SCARD_IO_REQUEST* g_lpIoSendPci;
17 |
18 | typedef struct {
19 | int counter;
20 | } State;
21 |
22 | irot_result_t se_open_session(void** handle)
23 | {
24 | LONG lRet;
25 | DWORD dwPro;
26 | State* pState;
27 |
28 | lRet = SCardEstablishContext(SCARD_SCOPE_USER, NULL, NULL, &g_scardContext);
29 | if (lRet != SCARD_S_SUCCESS) {
30 | return IROT_ERROR_COMMUNICATION;
31 | }
32 |
33 | dwPro = SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1;
34 | lRet = SCardConnect(g_scardContext, g_readerName, SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1, &g_hCard, &dwPro);
35 | if (lRet != SCARD_S_SUCCESS) {
36 | return IROT_ERROR_COMMUNICATION;
37 | }
38 |
39 | switch (dwPro) {
40 | case SCARD_PROTOCOL_T0: {
41 | g_lpIoSendPci = SCARD_PCI_T0;
42 | break;
43 | }
44 | case SCARD_PROTOCOL_T1: {
45 | g_lpIoSendPci = SCARD_PCI_T1;
46 | break;
47 | }
48 | default:
49 | g_lpIoSendPci = SCARD_PCI_RAW;
50 | break;
51 | }
52 |
53 | pState = (State*)malloc(sizeof(State));
54 | pState->counter = 0;
55 | *handle = pState;
56 |
57 | return IROT_SUCCESS;
58 | }
59 |
60 | irot_result_t se_transmit(void* handle, const uint8_t* cmd_apdu, uint32_t cmd_len, uint8_t* rsp_buf, uint32_t* rsp_len)
61 | {
62 | LONG lRet;
63 | State* pState;
64 |
65 | pState = (State*)handle;
66 | pState->counter++;
67 |
68 | printf("==> APDU Command Counter: %d\n", pState->counter);
69 | lRet = SCardTransmit(g_hCard, g_lpIoSendPci, cmd_apdu, cmd_len, NULL, rsp_buf, (LPDWORD)rsp_len);
70 | if (lRet != SCARD_S_SUCCESS) {
71 | return IROT_ERROR_COMMUNICATION;
72 | }
73 |
74 | return IROT_SUCCESS;
75 | }
76 |
77 | irot_result_t se_close_session(void* handle)
78 | {
79 | LONG lRet;
80 | State* pState;
81 |
82 | pState = (State*)handle;
83 | free(pState);
84 |
85 | lRet = SCardDisconnect(g_hCard, SCARD_UNPOWER_CARD);
86 | if (lRet != SCARD_S_SUCCESS) {
87 | return IROT_ERROR_COMMUNICATION;
88 | }
89 |
90 | lRet = SCardReleaseContext(g_scardContext);
91 | if (lRet != SCARD_S_SUCCESS) {
92 | return IROT_ERROR_COMMUNICATION;
93 | }
94 |
95 | return IROT_SUCCESS;
96 | }
97 |
98 | #else
99 |
100 | irot_result_t se_open_session(void** handle)
101 | {
102 | return IROT_SUCCESS;
103 | }
104 |
105 | irot_result_t se_transmit(void* handle, const uint8_t* cmd_apdu, const uint32_t cmd_len, uint8_t* rsp_buf, uint32_t* rsp_len)
106 | {
107 | /* implements SE transmit on your chip! */
108 | chip_log_info("se transmit not implemented !!!\n");
109 |
110 | memset(rsp_buf, 0x00, *rsp_len);
111 | *rsp_len = 0x10;
112 |
113 | return IROT_SUCCESS;
114 | }
115 |
116 | irot_result_t se_close_session(void* handle)
117 | {
118 | return IROT_SUCCESS;
119 | }
120 |
121 | #endif
122 |
123 |
--------------------------------------------------------------------------------
/modules/irot/se/inc/chip_log.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2015-2017 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __CHIP_LOG_H__
6 | #define __CHIP_LOG_H__
7 |
8 | #include "ls_osa.h"
9 | #include "chip_config.h"
10 |
11 | #define __TAG__ "ID2=>"
12 |
13 | #if defined(CONFIG_CHIP_DEBUG)
14 | #define chip_log_debug(_f, ...) ls_osa_print("%s "_f, __TAG__, ##__VA_ARGS__)
15 | #else
16 | #define chip_log_debug(_f, ...)
17 | #endif
18 |
19 | #define chip_log_info(_f, ...) ls_osa_print("%s "_f, __TAG__, ##__VA_ARGS__)
20 | #define chip_log_error(_f, ...) ls_osa_print("ERROR: %s "_f, __TAG__, ##__VA_ARGS__)
21 |
22 | void chip_log_hex_dump(const char* name, const uint8_t* data, uint32_t len);
23 |
24 | #endif /* __CHIP_LOG_H__ */
25 |
--------------------------------------------------------------------------------
/modules/irot/se/inc/se_driver.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2015-2017 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef __SE_DRIVER_H__
6 | #define __SE_DRIVER_H__
7 |
8 | #include "irot_hal.h"
9 |
10 | #ifdef __cplusplus
11 | extern "C"
12 | #endif
13 |
14 | /**
15 | * @brief open session and connect to SE.
16 | *
17 | * @param handle
18 | *
19 | * @return @see error code definitions.
20 | */
21 | irot_result_t se_open_session(void **handle);
22 |
23 | /**
24 | * @brief transmit APDU to SE.
25 | *
26 | * @param handle
27 | * @param cmd_apdu Command APDU(ISO7816-4).
28 | * @param cmd_len Command APDU length
29 | * @param rsp_buf response APDU buffer.
30 | * @param rsp_len input with response APDU buffer length, output with real response APDU length (SW in last two bytes).
31 | *
32 | * @return @see error code definitions.
33 | */
34 | irot_result_t se_transmit(void *handle, const uint8_t *cmd_apdu, uint32_t cmd_len, uint8_t *rsp_buf, uint32_t *rsp_len);
35 |
36 | /**
37 | * @brief close session and disconnect to SE.
38 | *
39 | * @param handle
40 | *
41 | * @return @see error code definitions.
42 | */
43 | irot_result_t se_close_session(void *handle);
44 |
45 | #ifdef __cplusplus
46 | }
47 | #endif
48 |
49 | #endif /* __SE_DRIVER_H__ */
50 |
51 |
--------------------------------------------------------------------------------
/modules/irot/se/inc/se_key_list.h:
--------------------------------------------------------------------------------
1 | #ifndef _SE_KEY_LIST_H_
2 | #define _SE_KEY_LIST_H_
3 |
4 | #include "irot_hal.h"
5 |
6 | #define ID2_CLIENT_KEY_NAME "id2_key"
7 | #define CTID_CLIENT_KEY_NAME "ID2IntStr_01"
8 |
9 | typedef struct _key_index_t {
10 | char *key_name;
11 | uint8_t key_id;
12 | } key_index_t;
13 |
14 | const key_index_t key_list[] = {
15 | {ID2_CLIENT_KEY_NAME, ID2_CLIENT_KEY_ID},
16 | {CTID_CLIENT_KEY_NAME, CTID_CLIENT_KEY_ID},
17 | };
18 |
19 | #endif /* _SE_KEY_LIST_H_ */
20 |
21 |
--------------------------------------------------------------------------------
/modules/irot/se/makefile:
--------------------------------------------------------------------------------
1 | include ../../../make.rules
2 | include ../../../make.settings
3 |
4 | CHIP_NAME := template
5 | #CHIP_NAME := demo
6 |
7 | CFLAGS += -I../../../include/osa
8 | CFLAGS += -I../../../include/irot
9 | CFLAGS += -I../../../include/irot/se
10 | CFLAGS += -I../../../include/crypto
11 |
12 | CFLAGS += -I./inc
13 | CFLAGS += -I./chipset/$(CHIP_NAME)
14 |
15 | ifeq ($(CONFIG_LS_ID2_KEY_TYPE), 3DES)
16 | CFLAGS += -DCONFIG_CHIP_KEY_TYPE=CHIP_KEY_TYPE_3DES
17 | else ifeq ($(CONFIG_LS_ID2_KEY_TYPE), RSA)
18 | CFLAGS += -DCONFIG_CHIP_KEY_TYPE=CHIP_KEY_TYPE_RSA
19 | else ifeq ($(CONFIG_LS_ID2_KEY_TYPE), AES)
20 | CFLAGS += -DCONFIG_CHIP_KEY_TYPE=CHIP_KEY_TYPE_AES
21 | else ifeq ($(CONFIG_LS_ID2_KEY_TYPE), SM1)
22 | CFLAGS += -DCONFIG_CHIP_KEY_TYPE=CHIP_KEY_TYPE_SM1
23 | else ifeq ($(CONFIG_LS_ID2_KEY_TYPE), SM2)
24 | CFLAGS += -DCONFIG_CHIP_KEY_TYPE=CHIP_KEY_TYPE_SM2
25 | else ifeq ($(CONFIG_LS_ID2_KEY_TYPE), SM4)
26 | CFLAGS += -DCONFIG_CHIP_KEY_TYPE=CHIP_KEY_TYPE_SM4
27 | else
28 | CFLAGS += -DCONFIG_CHIP_KEY_TYPE=CHIP_KEY_TYPE_NON
29 | endif
30 |
31 | SRCS := src/core/km_to_irot.c
32 | SRCS += src/log/chip_log.c
33 |
34 | ifeq ($(CHIP_NAME), template)
35 | CFLAGS += -DCONFIG_CHIP_TYPE=CHIP_TYPE_SE_STD_CMD
36 | SRCS += src/core/std_se_adapter.c
37 | SRCS += chipset/template/se_driver/se_driver.c
38 | else ifeq ($(CHIP_NAME), demo)
39 | CFLAGS += -DCONFIG_CHIP_TYPE=CHIP_TYPE_SE_STD_HAL
40 | CFLAGS += -I$(TOP)/include/icrypto
41 | SRCS += chipset/demo/irot_hal.c
42 | endif
43 |
44 | OBJS := $(patsubst %.cxx,%.o,$(patsubst %.c,%.o,$(SRCS)))
45 |
46 | OUT := ../libkm.a
47 |
48 | $(OUT): $(OBJS)
49 | $(AR) -r $(OUT) $(OBJS)
50 | %.o: %.c
51 | $(CC) -c $(CFLAGS) $< -o $*.o
52 |
53 | clean:
54 | rm -f $(OBJS) .elf $(OUT)
55 |
--------------------------------------------------------------------------------
/modules/irot/se/src/log/chip_log.c:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2015-2017 Alibaba Group Holding Limited
3 | */
4 |
5 | #include "chip_log.h"
6 |
7 | #define COL_SIZE 0x10
8 |
9 | #if defined(CONFIG_CHIP_DEBUG)
10 |
11 | void chip_log_hex_dump(const char* name, const uint8_t* data, uint32_t len)
12 | {
13 | uint32_t i;
14 | char buf[80];
15 | int pos;
16 |
17 | if (name) {
18 | chip_log_debug("%s [length = 0x%04x]\n", name, len);
19 | }
20 | i = 0;
21 | pos = 0;
22 | memset(buf, 0x00, sizeof(buf));
23 | while (i < len) {
24 | pos += ls_osa_snprintf(buf + pos, sizeof(buf) - pos, "%02X ", data[i]);
25 | i++;
26 | if (i % COL_SIZE == 0x00) {
27 | pos += ls_osa_snprintf(buf + pos, sizeof(buf) - pos, "\n");
28 | chip_log_debug("%s", buf);
29 | pos = 0;
30 | } else if (i % COL_SIZE == (COL_SIZE >> 1)) {
31 | pos += ls_osa_snprintf(buf + pos, sizeof(buf) - pos, " ");
32 | }
33 | }
34 |
35 | if (pos > 0) {
36 | if (i % COL_SIZE == 0x00) {
37 | chip_log_debug("%s", buf);
38 | } else {
39 | chip_log_debug("%s\n", buf);
40 | }
41 | }
42 | }
43 |
44 | #else /* CONFIG_CHIP_DEBUG */
45 |
46 | void chip_log_hex_dump(const char* name, const uint8_t* data, uint32_t len)
47 | {
48 | (void)name;
49 | (void)data;
50 | (void)len;
51 |
52 | return;
53 | }
54 |
55 | #endif /* CONFIG_CHIP_DEBUG */
56 |
--------------------------------------------------------------------------------
/modules/itls/makefile:
--------------------------------------------------------------------------------
1 | include ../../make.rules
2 | include ../../make.settings
3 |
4 | CFLAGS += -I../../include
5 | CFLAGS += -I../../include/osa
6 | CFLAGS += -I../../include/id2
7 | CFLAGS += -I../../include/itls
8 | CFLAGS += -I../../include/crypto
9 |
10 | ifeq ($(CONFIG_LS_ID2_DEBUG), N)
11 | CFLAGS += -DCONFIG_SSL_DEBUG_NO
12 | endif
13 |
14 | CFLAGS += -DCONFIG_SSL_DTLS_NO
15 |
16 | SRCS := src/platform.c
17 | SRCS += src/debug.c
18 | SRCS += src/timing.c
19 | SRCS += src/cipher.c
20 | SRCS += src/cipher_wrap.c
21 | SRCS += src/md.c
22 | SRCS += src/md_wrap.c
23 | SRCS += src/sha1.c
24 | SRCS += src/sha256.c
25 | SRCS += src/ssl_cli.c
26 | SRCS += src/ssl_tls.c
27 | SRCS += src/ssl_ciphersuites.c
28 | SRCS += src/mbedtls_auth.c
29 | SRCS += src/net_sockets.c
30 | SRCS += src/mbedtls_alt.c
31 |
32 | ifeq ($(BUILD_SYS), __LINUX__)
33 | SRCS += src/hal_itls.c
34 | else ifeq ($(BUILD_SYS), __ANDROID__)
35 | SRCS += src/hal_itls.c
36 | endif
37 |
38 | OBJS := $(patsubst %.cxx,%.o,$(patsubst %.c,%.o,$(SRCS)))
39 |
40 | OUT := libitls.a
41 |
42 | $(OUT): $(OBJS)
43 | $(AR) -r $(OUT) $(OBJS)
44 | %.o: %.c
45 | $(CC) -c $(CFLAGS) $< -o $*.o
46 |
47 | clean:
48 | rm -f $(OBJS) .elf $(OUT)
49 |
--------------------------------------------------------------------------------
/modules/osa/makefile:
--------------------------------------------------------------------------------
1 | include ../../make.rules
2 |
3 | OS_NAME := demo
4 |
5 | CFLAGS += -I../../include/osa
6 |
7 | ifeq ($(BUILD_SYS), __LINUX__)
8 | CFLAGS += -D__DEMO__
9 | else ifeq ($(BUILD_SYS), __ANDROID__)
10 | CFLAGS += -D__DEMO__
11 | CFLAGS += -DCONFIG_LS_OS_ANDROID
12 | endif
13 |
14 | SRCS := $(OS_NAME)/src/ls_osa.c
15 |
16 | OBJS := $(patsubst %.cxx,%.o,$(patsubst %.c,%.o,$(SRCS)))
17 |
18 | OUT := libls_osa.a
19 |
20 | $(OUT): $(OBJS)
21 | $(AR) -r $(OUT) $(OBJS)
22 | %.o: %.c
23 | $(CC) -c $(CFLAGS) $< -o $*.o
24 |
25 | clean:
26 | rm -f $(OBJS) .elf $(OUT)
27 |
--------------------------------------------------------------------------------
/modules/osa/no_os/src/ls_osa_list.h:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (C) 2017-2019 Alibaba Group Holding Limited
3 | */
4 |
5 | #ifndef _LS_OSA_LIST_H_
6 | #define _LS_OSA_LIST_H_
7 |
8 | #include "ls_osa.h"
9 |
10 | typedef unsigned long ulong_t;
11 |
12 | typedef struct _ls_osa_list_t {
13 | struct _ls_osa_list_t *next;
14 | struct _ls_osa_list_t *prev;
15 | } ls_osa_list_t;
16 |
17 | static inline void ls_osa_list_init(ls_osa_list_t *head)
18 | {
19 | head->prev = head;
20 | head->next = head;
21 | }
22 |
23 | static inline void ls_osa_list_add(ls_osa_list_t *head, ls_osa_list_t *node)
24 | {
25 | node->next = head->next;
26 | head->next->prev = node;
27 | head->next = node;
28 | node->prev = head;
29 | }
30 |
31 | static inline void ls_osa_list_add_tail(ls_osa_list_t *head, ls_osa_list_t *node)
32 | {
33 | node->prev = head->prev;
34 | head->prev->next = node;
35 | head->prev = node;
36 | node->next = head;
37 | }
38 |
39 | static inline void ls_osa_list_del(ls_osa_list_t *node)
40 | {
41 | node->prev->next = node->next;
42 | node->next->prev = node->prev;
43 | node->prev = node->next = 0;
44 | }
45 |
46 | #define ls_osa_list_empty(list) ((list)->next == list)
47 |
48 | #define ls_osa_list_entry(addr, type, member) ({ \
49 | type tmp; \
50 | ulong_t offset = (ulong_t)(&tmp.member) - (ulong_t)&tmp; \
51 | (type *)((ulong_t)addr - offset); \
52 | })
53 |
54 | #define ls_osa_list_iterate(head, entry) \
55 | for ((entry) = (head)->next; (entry) != (head); (entry) = (entry)->next)
56 |
57 | #define ls_osa_list_iterate_safe(head, entry, n) \
58 | for (entry = (head)->next, n = entry->next; entry != (head); \
59 | entry = n, n = entry->next)
60 |
61 | #endif /* _LS_OSA_LIST_H_ */
62 |
--------------------------------------------------------------------------------