1 /* 2 * This file is part of the openHiTLS project. 3 * 4 * openHiTLS is licensed under the Mulan PSL v2. 5 * You can use this software according to the terms and conditions of the Mulan PSL v2. 6 * You may obtain a copy of Mulan PSL v2 at: 7 * 8 * http://license.coscl.org.cn/MulanPSL2 9 * 10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, 11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, 12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. 13 * See the Mulan PSL v2 for more details. 14 */ 15 16 #ifndef CRYPT_H 17 #define CRYPT_H 18 19 #include <stdint.h> 20 #include "hitls_crypt_type.h" 21 #include "tls.h" 22 #include "hitls_crypt_reg.h" 23 24 #ifdef __cplusplus 25 extern "C" { 26 #endif 27 28 /* The maximum length of the RSA signature is 512. The maximum length of the ECC signature does not reach 1024. */ 29 #define MAX_SIGN_SIZE 1024 30 31 /* Used to transfer key derivation parameters. */ 32 typedef struct { 33 HITLS_HashAlgo hashAlgo; /* Hash algorithm */ 34 const uint8_t *secret; /* Initialization key */ 35 uint32_t secretLen; /* Key length */ 36 const uint8_t *label; /* Label */ 37 uint32_t labelLen; /* Label length */ 38 const uint8_t *seed; /* Seed */ 39 uint32_t seedLen; /* Seed length */ 40 HITLS_Lib_Ctx *libCtx; 41 const char *attrName; 42 } CRYPT_KeyDeriveParameters; 43 44 enum HITLS_CryptInfoCmd { 45 HITLS_CRYPT_INFO_CMD_GET_PUBLIC_KEY_LEN = 0, /* Get the length of the public key, param is HITLS_NamedGroup */ 46 HITLS_CRYPT_INFO_CMD_GET_SHARED_KEY_LEN, /* Get the length of the shared key, param is HITLS_NamedGroup */ 47 HITLS_CRYPT_INFO_CMD_GET_CIPHERTEXT_LEN, /* Get the length of the ciphertext, param is HITLS_NamedGroup */ 48 HITLS_CRYPT_INFO_CMD_GET_HASH_LEN, /* Get the length of the hash, param is HITLS_HashAlgo */ 49 }; 50 51 enum HITLS_CryptoCallBack { 52 HITLS_CRYPT_CALLBACK_RAND_BYTES = 0, 53 HITLS_CRYPT_CALLBACK_HMAC_SIZE, 54 HITLS_CRYPT_CALLBACK_HMAC_INIT, 55 HITLS_CRYPT_CALLBACK_HMAC_FREE, 56 HITLS_CRYPT_CALLBACK_HMAC_UPDATE, 57 HITLS_CRYPT_CALLBACK_HMAC_FINAL, 58 HITLS_CRYPT_CALLBACK_HMAC, 59 HITLS_CRYPT_CALLBACK_DIGEST_SIZE, 60 HITLS_CRYPT_CALLBACK_DIGEST_INIT, 61 HITLS_CRYPT_CALLBACK_DIGEST_COPY, 62 HITLS_CRYPT_CALLBACK_DIGEST_FREE, 63 HITLS_CRYPT_CALLBACK_DIGEST_UPDATE, 64 HITLS_CRYPT_CALLBACK_DIGEST_FINAL, 65 HITLS_CRYPT_CALLBACK_DIGEST, 66 HITLS_CRYPT_CALLBACK_ENCRYPT, 67 HITLS_CRYPT_CALLBACK_DECRYPT, 68 69 HITLS_CRYPT_CALLBACK_GENERATE_ECDH_KEY_PAIR, 70 HITLS_CRYPT_CALLBACK_FREE_ECDH_KEY, 71 HITLS_CRYPT_CALLBACK_GET_ECDH_ENCODED_PUBKEY, 72 HITLS_CRYPT_CALLBACK_CALC_ECDH_SHARED_SECRET, 73 HITLS_CRYPT_CALLBACK_SM2_CALC_ECDH_SHARED_SECRET, 74 75 HITLS_CRYPT_CALLBACK_GENERATE_DH_KEY_BY_SECBITS, 76 HITLS_CRYPT_CALLBACK_GENERATE_DH_KEY_BY_PARAMS, 77 HITLS_CRYPT_CALLBACK_DUP_DH_KEY, 78 HITLS_CRYPT_CALLBACK_FREE_DH_KEY, 79 HITLS_CRYPT_CALLBACK_DH_GET_PARAMETERS, 80 HITLS_CRYPT_CALLBACK_GET_DH_ENCODED_PUBKEY, 81 HITLS_CRYPT_CALLBACK_CALC_DH_SHARED_SECRET, 82 83 HITLS_CRYPT_CALLBACK_HKDF_EXTRACT, 84 HITLS_CRYPT_CALLBACK_HKDF_EXPAND, 85 HITLS_CRYPT_CALLBACK_KEM_ENCAPSULATE, 86 HITLS_CRYPT_CALLBACK_KEM_DECAPSULATE, 87 }; 88 89 /** 90 * @brief Generate a random number. 91 * 92 * @param libCtx [IN] Library context, used to manage cryptographic operations. 93 * @param buf [OUT] Random number 94 * @param len [IN] Random number length 95 * 96 * @retval HITLS_SUCCESS succeeded. 97 * @retval HITLS_UNREGISTERED_CALLBACK Unregistered callback 98 * @retval HITLS_CRYPT_ERR_GENRATE_RANDOM Failed to generate a random number. 99 */ 100 int32_t SAL_CRYPT_Rand(HITLS_Lib_Ctx *libCtx, uint8_t *buf, uint32_t len); 101 102 /** 103 * @brief Obtain the HMAC length. 104 * 105 * @param hashAlgo [IN] hash algorithm 106 * 107 * @return HMAC length 108 */ 109 uint32_t SAL_CRYPT_HmacSize(HITLS_HashAlgo hashAlgo); 110 111 /** 112 * @brief Initialize the HMAC context. 113 * 114 * This function initializes the HMAC (Hash-based Message Authentication Code) context 115 * using the specified hash algorithm and key. It prepares the necessary state for 116 * subsequent HMAC operations. 117 * 118 * @param libCtx [IN] Library context, used to manage cryptographic operations. 119 * @param attrName [IN] Attribute name, used to configure the cryptographic 120 * algorithm provided by the algorithm provider 121 * @param hashAlgo [IN] Hash algorithm to be used in the HMAC operation, e.g., HITLS_SHA256. 122 * @param key [IN] Secret key used for HMAC calculation. 123 * @param len [IN] Length of the secret key in bytes. 124 * 125 * @return HMAC context 126 * Returns a pointer to the initialized HMAC context. 127 * Returns NULL if the initialization fails. 128 */ 129 HITLS_HMAC_Ctx *SAL_CRYPT_HmacInit(HITLS_Lib_Ctx *libCtx, const char *attrName, 130 HITLS_HashAlgo hashAlgo, const uint8_t *key, uint32_t len); 131 132 /** 133 * @brief ReInitialize the HMAC context. 134 * 135 * @param ctx [IN] HMAC context 136 * 137 * @retval HITLS_SUCCESS succeeded. 138 */ 139 int32_t SAL_CRYPT_HmacReInit(HITLS_HMAC_Ctx *ctx); 140 141 /** 142 * @brief Release the HMAC context. 143 * 144 * @param hmac [IN] HMAC context 145 */ 146 void SAL_CRYPT_HmacFree(HITLS_HMAC_Ctx *hmac); 147 148 /** 149 * @brief Add the HMAC input data. 150 * 151 * @param hmac [IN] HMAC context 152 * @param data [IN] Input data 153 * @param len [IN] Input data length 154 * 155 * @retval HITLS_SUCCESS succeeded. 156 * @retval HITLS_UNREGISTERED_CALLBACK Unregistered callback 157 * @retval HITLS_CRYPT_ERR_HMAC The HMAC operation fails. 158 */ 159 int32_t SAL_CRYPT_HmacUpdate(HITLS_HMAC_Ctx *hmac, const uint8_t *data, uint32_t len); 160 161 /** 162 * @brief Calculate the HMAC result. 163 * 164 * @param hmac [IN] HMAC context 165 * @param out [OUT] Output data 166 * @param len [IN/OUT] IN: Maximum length of data padding OUT: Output data length 167 * 168 * @retval HITLS_SUCCESS succeeded. 169 * @retval HITLS_UNREGISTERED_CALLBACK Unregistered callback 170 * @retval HITLS_CRYPT_ERR_HMAC The HMAC operation fails. 171 */ 172 int32_t SAL_CRYPT_HmacFinal(HITLS_HMAC_Ctx *hmac, uint8_t *out, uint32_t *len); 173 174 /** 175 * @brief HMAC function 176 * 177 * This function calculates the HMAC (Hash-based Message Authentication Code) using the specified hash algorithm and key. 178 * It takes input data and produces an output HMAC value. 179 * 180 * @param libCtx [IN] Library context, used to manage cryptographic operations. 181 * @param attrName [IN] Attribute name, used to configure the cryptographic 182 * algorithm provided by the algorithm provider 183 * @param hashAlgo [IN] Hash algorithm to be used in the HMAC operation, e.g., HITLS_SHA256. 184 * @param key [IN] Secret key used for HMAC calculation. 185 * @param keyLen [IN] Length of the secret key in bytes. 186 * @param in [IN] Input data to be processed for HMAC calculation. 187 * @param inLen [IN] Length of the input data in bytes. 188 * @param out [OUT] Buffer to store the calculated HMAC output. 189 * @param outLen [IN/OUT] IN: Maximum length of the output buffer. OUT: Actual length of the calculated HMAC output. 190 * 191 * @retval HITLS_SUCCESS succeeded. 192 * @retval HITLS_UNREGISTERED_CALLBACK Unregistered callback 193 * @retval HITLS_CRYPT_ERR_HMAC The HMAC operation fails. 194 */ 195 int32_t SAL_CRYPT_Hmac(HITLS_Lib_Ctx *libCtx, const char *attrName, 196 HITLS_HashAlgo hashAlgo, const uint8_t *key, uint32_t keyLen, 197 const uint8_t *in, uint32_t inLen, uint8_t *out, uint32_t *outLen); 198 199 /** 200 * @brief PRF function 201 * 202 * @param input [IN] Key derivation parameter 203 * @param md [OUT] Output key 204 * @param outLen [OUT] Output key length 205 * 206 * @retval HITLS_SUCCESS succeeded. 207 * @retval HITLS_UNREGISTERED_CALLBACK Unregistered callback 208 * @retval HITLS_CRYPT_ERR_HMAC The HMAC operation fails. 209 * @retval HITLS_MEMALLOC_FAIL Memory application failed. 210 */ 211 int32_t SAL_CRYPT_PRF(CRYPT_KeyDeriveParameters *input, uint8_t *out, uint32_t outLen); 212 213 /** 214 * @brief Obtain the hash length. 215 * 216 * @param hashAlgo [IN] Hash algorithm 217 * 218 * @return Hash length 219 */ 220 uint32_t SAL_CRYPT_DigestSize(HITLS_HashAlgo hashAlgo); 221 222 /** 223 * @brief Initialize the hash context. 224 * 225 * This function initializes a new hash context using the specified hash algorithm. 226 * 227 * @param libCtx [IN] Library context, used to manage cryptographic operations. 228 * @param attrName [IN] Attribute name, used to configure the cryptographic 229 * algorithm provided by the algorithm provider 230 * @param hashAlgo [IN] hash algorithm 231 * The hash algorithm to be used for the calculation. This can be 232 * one of the predefined hash algorithms, such as HITLS_SHA256. 233 * 234 * @return hash context 235 * Returns a pointer to the initialized hash context. 236 * Returns NULL if the initialization fails, for example, if there is not 237 * enough memory available or if the specified hash algorithm is not supported. 238 */ 239 HITLS_HASH_Ctx *SAL_CRYPT_DigestInit(HITLS_Lib_Ctx *libCtx, const char *attrName, HITLS_HashAlgo hashAlgo); 240 241 /** 242 * @brief Copy the hash context. 243 * 244 * @param ctx [IN] hash Context 245 * 246 * @return hash context 247 */ 248 HITLS_HASH_Ctx *SAL_CRYPT_DigestCopy(HITLS_HASH_Ctx *ctx); 249 250 /** 251 * @brief Release the hash context. 252 * 253 * @param ctx [IN] hash Context 254 */ 255 void SAL_CRYPT_DigestFree(HITLS_HASH_Ctx *ctx); 256 257 /** 258 * @brief Add the hash input data. 259 * 260 * @param ctx [IN] hash Context 261 * @param data [IN] Input data 262 * @param len [IN] Length of the input data 263 * 264 * @retval HITLS_SUCCESS succeeded. 265 * @retval HITLS_UNREGISTERED_CALLBACK Unregistered callback 266 * @retval HITLS_CRYPT_ERR_DIGEST hash operation failed. 267 */ 268 int32_t SAL_CRYPT_DigestUpdate(HITLS_HASH_Ctx *ctx, const uint8_t *data, uint32_t len); 269 270 /** 271 * @brief Calculate the hash result. 272 * 273 * @param ctx [IN] hash context 274 * @param out [OUT] Output data 275 * @param len [IN/OUT] IN: Maximum length of data padding OUT: Length of output data 276 * 277 * @retval HITLS_SUCCESS succeeded. 278 * @retval HITLS_UNREGISTERED_CALLBACK Unregistered callback 279 * @retval HITLS_CRYPT_ERR_DIGEST hash operation failed. 280 */ 281 int32_t SAL_CRYPT_DigestFinal(HITLS_HASH_Ctx *ctx, uint8_t *out, uint32_t *len); 282 283 /** 284 * @brief Calculate the hash. 285 * 286 * This function calculates the hash of the input data using the specified hash algorithm. 287 * It takes input data and produces an output hash value. 288 * 289 * @param libCtx [IN] Library context, used to manage cryptographic operations. 290 * @param attrName [IN] Attribute name, used to configure the cryptographic 291 * algorithm provided by the algorithm provider 292 * @param hashAlgo [IN] hash algorithm 293 * The hash algorithm to be used for the calculation. This can be 294 * one of the predefined hash algorithms, such as HITLS_SHA256. 295 * @param in [IN] Input data 296 * The data to be hashed. This can be any sequence of bytes. 297 * @param inLen [IN] Length of the input data 298 * The length of the input data in bytes. 299 * @param out [OUT] Output data 300 * The buffer where the calculated hash value will be stored. 301 * The buffer must be large enough to hold the entire hash value. 302 * @param outLen [IN/OUT] IN: Maximum length of data padding OUT: Length of output data 303 * On input, this parameter specifies the maximum length of the output buffer. 304 * On output, it contains the actual length of the calculated hash value. 305 * 306 * @retval HITLS_SUCCESS succeeded. 307 * @retval HITLS_UNREGISTERED_CALLBACK Unregistered callback 308 * @retval HITLS_CRYPT_ERR_DIGEST hash operation failed. 309 */ 310 int32_t SAL_CRYPT_Digest(HITLS_Lib_Ctx *libCtx, const char *attrName, 311 HITLS_HashAlgo hashAlgo, const uint8_t *in, uint32_t inLen, uint8_t *out, uint32_t *outLen); 312 313 /** 314 * @brief Encryption 315 * 316 * @param libCtx [IN] Library context, used to manage cryptographic operations. 317 * @param attrName [IN] Attribute name, used to configure the cryptographic 318 * algorithm provided by the algorithm provider 319 * @param cipher [IN] Key parameters 320 * @param in [IN] Plaintext data 321 * @param inLen [IN] Length of the plaintext data 322 * @param out [OUT] Ciphertext data 323 * @param outLen [IN/OUT] IN: Maximum length of data padding OUT: Length of ciphertext data 324 * 325 * @retval HITLS_SUCCESS succeeded. 326 * @retval HITLS_UNREGISTERED_CALLBACK Unregistered callback 327 * @retval HITLS_CRYPT_ERR_ENCRYPT Encryption failed. 328 */ 329 int32_t SAL_CRYPT_Encrypt(HITLS_Lib_Ctx *libCtx, const char *attrName, 330 const HITLS_CipherParameters *cipher, const uint8_t *in, uint32_t inLen, 331 uint8_t *out, uint32_t *outLen); 332 333 /** 334 * @brief Decrypt 335 * 336 * @param libCtx [IN] Library context, used to manage cryptographic operations. 337 * @param attrName [IN] Attribute name, used to configure the cryptographic 338 * algorithm provided by the algorithm provider 339 * @param cipher [IN] Key parameters 340 * @param in [IN] Ciphertext data 341 * @param inLen [IN] Length of the ciphertext data 342 * @param out [OUT] Plaintext data 343 * @param outLen [IN/OUT] IN: Maximum length of data padding OUT: Length of plaintext data 344 * 345 * @retval HITLS_SUCCESS succeeded. 346 * @retval HITLS_UNREGISTERED_CALLBACK Unregistered callback 347 * @retval HITLS_CRYPT_ERR_DECRYPT decryption failure 348 */ 349 int32_t SAL_CRYPT_Decrypt(HITLS_Lib_Ctx *libCtx, const char *attrName, 350 const HITLS_CipherParameters *cipher, const uint8_t *in, uint32_t inLen, 351 uint8_t *out, uint32_t *outLen); 352 353 /** 354 * @brief Release the cipher ctx. 355 * 356 * @param ctx [IN] cipher ctx handle 357 */ 358 void SAL_CRYPT_CipherFree(HITLS_Cipher_Ctx *ctx); 359 360 /** 361 * @brief Generate the ECDH key pair. 362 * 363 * @param curveParams [IN] Elliptic curve parameter 364 * 365 * @return Key handle 366 */ 367 HITLS_CRYPT_Key *SAL_CRYPT_GenEcdhKeyPair(TLS_Ctx *ctx, const HITLS_ECParameters *curveParams); 368 369 /** 370 * @brief Release the ECDH key. 371 * 372 * @param key [IN] Key handle 373 */ 374 void SAL_CRYPT_FreeEcdhKey(HITLS_CRYPT_Key *key); 375 376 /** 377 * @brief Obtain the ECDH public key data. 378 * 379 * @param key [IN] Key handle 380 * @param pubKeyBuf [OUT] Public key data 381 * @param bufLen [IN] Maximum length of data padding. 382 * @param usedLen [OUT] Public key data length 383 * 384 * @retval HITLS_SUCCESS succeeded. 385 * @retval HITLS_UNREGISTERED_CALLBACK Unregistered callback 386 * @retval HITLS_CRYPT_ERR_ENCODE_ECDH_KEY Failed to obtain the public key data. 387 */ 388 int32_t SAL_CRYPT_EncodeEcdhPubKey(HITLS_CRYPT_Key *key, uint8_t *pubKeyBuf, uint32_t bufLen, uint32_t *usedLen); 389 390 /** 391 * @brief Calculate the ECDH shared key. 392 * 393 * @param libCtx [IN] Library context, used to manage cryptographic operations. 394 * @param attrName [IN] Attribute name, used to configure the cryptographic 395 * algorithm provided by the algorithm provider 396 * @param key [IN] Local key handle 397 * @param peerPubkey [IN] Peer public key data 398 * @param pubKeyLen [IN] Public key data length 399 * @param sharedSecret [OUT] Shared key 400 * @param sharedSecretLen [IN/OUT] IN: Maximum length of data padding OUT: length of the shared key 401 * 402 * @retval HITLS_SUCCESS succeeded. 403 * @retval HITLS_UNREGISTERED_CALLBACK Unregistered callback 404 * @retval HITLS_CRYPT_ERR_CALC_SHARED_KEY Failed to calculate the shared key. 405 */ 406 int32_t SAL_CRYPT_CalcEcdhSharedSecret(HITLS_Lib_Ctx *libCtx, const char *attrName, 407 HITLS_CRYPT_Key *key, uint8_t *peerPubkey, uint32_t pubKeyLen, 408 uint8_t *sharedSecret, uint32_t *sharedSecretLen); 409 410 /** 411 * @brief SM2 calculates the ECDH shared key. 412 * 413 * @param libCtx [IN] Library context, used to manage cryptographic operations. 414 * @param attrName [IN] Attribute name, used to configure the cryptographic 415 * algorithm provided by the algorithm provider 416 * @param sm2ShareKeyParam [IN] Parameters required for calculating the shared key 417 * @param sharedSecret [OUT] Shared key 418 * @param sharedSecretLen [IN/OUT] IN: Maximum length of data padding OUT: length of the shared key 419 * 420 * @retval HITLS_SUCCESS succeeded. 421 * @retval HITLS_UNREGISTERED_CALLBACK Unregistered callback 422 * @retval HITLS_CRYPT_ERR_CALC_SHARED_KEY Failed to calculate the shared key. 423 */ 424 int32_t SAL_CRYPT_CalcSm2dhSharedSecret(HITLS_Lib_Ctx *libCtx, const char *attrName, 425 HITLS_Sm2GenShareKeyParameters *sm2ShareKeyParam, uint8_t *sharedSecret, 426 uint32_t *sharedSecretLen); 427 428 /** 429 * @brief Generate a DH key pair. 430 * 431 * @param ctx [IN] TLS context 432 * @param secbits [IN] Key security level 433 * 434 * @return Key handle 435 */ 436 HITLS_CRYPT_Key *SAL_CRYPT_GenerateDhKeyBySecbits(TLS_Ctx *ctx, 437 int32_t secBits); 438 439 /** 440 * @brief Generate a DH key pair. 441 * 442 * @param libCtx [IN] Library context, used to manage cryptographic operations. 443 * @param attrName [IN] Attribute name, used to configure the cryptographic 444 * algorithm provided by the algorithm provider 445 * @param p [IN] p Parameter 446 * @param plen [IN] p Parameter length 447 * @param g [IN] g Parameter 448 * @param glen [IN] g Parameter length 449 * 450 * @return Key handle 451 */ 452 HITLS_CRYPT_Key *SAL_CRYPT_GenerateDhKeyByParams(HITLS_Lib_Ctx *libCtx, 453 const char *attrName, uint8_t *p, uint16_t plen, uint8_t *g, uint16_t glen); 454 455 /** 456 * @brief Deep Copy DH Key Pair 457 * 458 * @param key [IN] Key handle 459 * 460 * @return Key handle 461 */ 462 HITLS_CRYPT_Key *SAL_CRYPT_DupDhKey(HITLS_CRYPT_Key *key); 463 464 /** 465 * @brief Release the DH key. 466 * 467 * @param key [IN] Key handle 468 */ 469 void SAL_CRYPT_FreeDhKey(HITLS_CRYPT_Key *key); 470 471 /** 472 * @brief Obtain the DH parameter. 473 * 474 * @param key [IN] Key handle 475 * @param p [OUT] p Parameter 476 * @param plen [IN/OUT] IN: Maximum length of data padding OUT: p Parameter length 477 * @param g [OUT] g Parameter 478 * @param glen [IN/OUT] IN: Maximum length of data padding OUT: g Parameter length 479 * 480 * @return HITLS_SUCCESS succeeded. 481 */ 482 int32_t SAL_CRYPT_GetDhParameters(HITLS_CRYPT_Key *key, uint8_t *p, uint16_t *plen, 483 uint8_t *g, uint16_t *glen); 484 485 /** 486 * @brief Obtain the DH public key data. 487 * 488 * @param key [IN] Key handle 489 * @param pubKeyBuf [OUT] Public key data 490 * @param bufLen [IN] Maximum length of data padding. 491 * @param usedLen [OUT] Public key data length 492 * 493 * @retval HITLS_SUCCESS succeeded. 494 * @retval HITLS_UNREGISTERED_CALLBACK Unregistered callback 495 * @retval HITLS_CRYPT_ERR_ENCODE_DH_KEY Failed to obtain the public key data. 496 */ 497 int32_t SAL_CRYPT_EncodeDhPubKey(HITLS_CRYPT_Key *key, uint8_t *pubKeyBuf, uint32_t bufLen, uint32_t *usedLen); 498 499 /** 500 * @brief Calculate the DH shared key. 501 * 502 * @param libCtx [IN] Library context, used to manage cryptographic operations. 503 * @param attrName [IN] Attribute name, used to configure the cryptographic 504 * algorithm provided by the algorithm provider 505 * @param key [IN] Local key handle 506 * @param peerPubkey [IN] Peer public key data 507 * @param pubKeyLen [IN] Public key data length 508 * @param sharedSecret [OUT] Shared key 509 * @param sharedSecretLen [IN/OUT] IN: Maximum length of data padding OUT: length of the shared key 510 * 511 * @retval HITLS_SUCCESS succeeded. 512 * @retval HITLS_UNREGISTERED_CALLBACK Unregistered callback 513 * @retval HITLS_CRYPT_ERR_CALC_SHARED_KEY Failed to calculate the shared key. 514 */ 515 int32_t SAL_CRYPT_CalcDhSharedSecret(HITLS_Lib_Ctx *libCtx, const char *attrName, 516 HITLS_CRYPT_Key *key, uint8_t *peerPubkey, uint32_t pubKeyLen, 517 uint8_t *sharedSecret, uint32_t *sharedSecretLen); 518 519 /** 520 * @brief HKDF-Extract 521 * 522 * @param libCtx [IN] Library context, used to manage cryptographic operations. 523 * @param attrName [IN] Attribute name, used to configure the cryptographic 524 * algorithm provided by the algorithm provider 525 * @param input [IN] Input key material 526 * @param prk [OUT] Output key 527 * @param prkLen [IN/OUT] IN: Maximum buffer length OUT: Output key length 528 * 529 * @retval HITLS_SUCCESS succeeded. 530 * @retval HITLS_UNREGISTERED_CALLBACK Unregistered callback 531 * @retval HITLS_CRYPT_ERR_HKDF_EXTRACT calculation fails. 532 */ 533 int32_t SAL_CRYPT_HkdfExtract(HITLS_Lib_Ctx *libCtx, const char *attrName, 534 HITLS_CRYPT_HkdfExtractInput *input, uint8_t *prk, uint32_t *prkLen); 535 536 /** 537 * @brief HKDF-Expand 538 * 539 * @param libCtx [IN] Library context, used to manage cryptographic operations. 540 * @param attrName [IN] Attribute name, used to configure the cryptographic 541 * algorithm provided by the algorithm provider 542 * @param input [IN] Input key material 543 * @param okm [OUT] Output key 544 * @param okmLen [IN] Output key length 545 * 546 * @retval HITLS_SUCCESS succeeded. 547 * @retval HITLS_UNREGISTERED_CALLBACK Unregistered callback 548 * @retval HITLS_CRYPT_ERR_HKDF_EXPAND calculation fails. 549 */ 550 int32_t SAL_CRYPT_HkdfExpand(HITLS_Lib_Ctx *libCtx, const char *attrName, 551 HITLS_CRYPT_HkdfExpandInput *input, uint8_t *okm, uint32_t okmLen); 552 553 /** 554 * @brief HKDF-ExpandLabel 555 * 556 * @param deriveInfo [IN] Key derivation parameters, including hash algorithm, secret, label, seed, etc. 557 * @param outSecret [OUT] Output key buffer 558 * @param outLen [IN] Output key length 559 * 560 * @retval HITLS_SUCCESS succeeded. 561 * @retval HITLS_UNREGISTERED_CALLBACK Unregistered callback 562 * @retval HITLS_CRYPT_ERR_HKDF_EXTRACT calculation fails. 563 * @retval HITLS_MEMCPY_FAIL Memory copy failure 564 */ 565 int32_t SAL_CRYPT_HkdfExpandLabel(CRYPT_KeyDeriveParameters *deriveInfo, 566 uint8_t *outSecret, uint32_t outLen); 567 568 /** 569 * @brief Get cryptographic information about length 570 * 571 * @param ctx [IN] TLS context 572 * @param cmd [IN] Command type, see enum HITLS_CryptInfoCmd 573 * @param param [IN] Input parameter 574 * 575 * @return Returns key length and other info, returns 0 on failure 576 */ 577 uint32_t SAL_CRYPT_GetCryptLength(const TLS_Ctx *ctx, int32_t cmd, int32_t param); 578 579 /** 580 * @brief Encapsulate a shared secret using KEM 581 * 582 * @param ctx [IN] TLS context 583 * @param params [IN/OUT] KEM encapsulation parameters 584 * 585 * @retval HITLS_SUCCESS succeeded. 586 */ 587 int32_t SAL_CRYPT_KemEncapsulate(TLS_Ctx *ctx, HITLS_KemEncapsulateParams *params); 588 589 /** 590 * @brief KEM: Decapsulate the ciphertext to recover shared secret 591 * 592 * @param key [IN] Key handle 593 * @param ciphertext [IN] Ciphertext buffer 594 * @param ciphertextLen [IN] Ciphertext length 595 * @param sharedSecret [OUT] Shared secret buffer 596 * @param sharedSecretLen [IN/OUT] IN: Maximum shared secret buffer length OUT: Actual shared secret length 597 * 598 * @retval HITLS_SUCCESS succeeded. 599 * @retval HITLS_UNREGISTERED_CALLBACK Unregistered callback 600 * @retval HITLS_CRYPT_ERR_KEM_DECAP Failed to decapsulate ciphertext 601 */ 602 int32_t SAL_CRYPT_KemDecapsulate(HITLS_CRYPT_Key *key, const uint8_t *ciphertext, uint32_t ciphertextLen, 603 uint8_t *sharedSecret, uint32_t *sharedSecretLen); 604 605 606 #ifdef __cplusplus 607 } 608 #endif 609 #endif 610