|
My Project
|
|
My Project
|
Functions | |
| int | wolfSSL_CTX_iotsafe_enable (WOLFSSL_CTX *ctx) |
| This function enables the IoT-Safe support on the given context. More... | |
| int | wolfSSL_iotsafe_on (WOLFSSL *ssl, byte privkey_id, byte ecdh_keypair_slot, byte peer_pubkey_slot, byte peer_cert_slot) |
| This function connects the IoT-Safe TLS callbacks to the given SSL session. More... | |
| int | wolfSSL_iotsafe_on_ex (WOLFSSL *ssl, byte *privkey_id, byte *ecdh_keypair_slot, byte *peer_pubkey_slot, byte *peer_cert_slot, word16 id_size) |
| This function connects the IoT-Safe TLS callbacks to the given SSL session. This is equivalent to wolfSSL_iotsafe_on except that the IDs for the IoT-SAFE slots can be passed by reference, and the length of the ID fields can be specified via the parameter "id_size". More... | |
| void | wolfIoTSafe_SetCSIM_read_cb (wolfSSL_IOTSafe_CSIM_read_cb rf) |
| Associates a read callback for the AT+CSIM commands. This input function is usually associated to a read event of a UART channel communicating with the modem. The read callback associated is global and changes for all the contexts that use IoT-safe support at the same time. More... | |
| void | wolfIoTSafe_SetCSIM_write_cb (wolfSSL_IOTSafe_CSIM_write_cb wf) |
| Associates a write callback for the AT+CSIM commands. This output function is usually associated to a write event on a UART channel communicating with the modem. The write callback associated is global and changes for all the contexts that use IoT-safe support at the same time. More... | |
| int | wolfIoTSafe_GetRandom (unsigned char *out, word32 sz) |
| Generate a random buffer of given size, using the IoT-Safe function GetRandom. This function is automatically used by the wolfCrypt RNG object. More... | |
| int | wolfIoTSafe_GetCert (uint8_t id, unsigned char *output, unsigned long sz) |
| Import a certificate stored in a file on IoT-Safe applet, and store it locally in memory. Works with one-byte file ID field. More... | |
| int | wolfIoTSafe_GetCert_ex (uint8_t *id, uint16_t id_sz, unsigned char *output, unsigned long sz) |
| Import a certificate stored in a file on IoT-Safe applet, and store it locally in memory. Equivalent to wolfIoTSafe_GetCert, except that it can be invoked with a file ID of two or more bytes. More... | |
| int | wc_iotsafe_ecc_import_public (ecc_key *key, byte key_id) |
| Import an ECC 256-bit public key, stored in the IoT-Safe applet, into an ecc_key object. More... | |
| int | wc_iotsafe_ecc_export_public (ecc_key *key, byte key_id) |
| Export an ECC 256-bit public key, from ecc_key object to a writable public-key slot into the IoT-Safe applet. More... | |
| int | wc_iotsafe_ecc_import_public_ex (ecc_key *key, byte *key_id, word16 id_size) |
| Export an ECC 256-bit public key, from ecc_key object to a writable public-key slot into the IoT-Safe applet. Equivalent to wc_iotsafe_ecc_import_public, except that it can be invoked with a key ID of two or more bytes. More... | |
| int | wc_iotsafe_ecc_export_private (ecc_key *key, byte key_id) |
| Export an ECC 256-bit key, from ecc_key object to a writable private-key slot into the IoT-Safe applet. More... | |
| int | wc_iotsafe_ecc_export_private_ex (ecc_key *key, byte *key_id, word16 id_size) |
| Export an ECC 256-bit key, from ecc_key object to a writable private-key slot into the IoT-Safe applet. Equivalent to wc_iotsafe_ecc_export_private, except that it can be invoked with a key ID of two or more bytes. More... | |
| int | wc_iotsafe_ecc_sign_hash (byte *in, word32 inlen, byte *out, word32 *outlen, byte key_id) |
| Sign a pre-computed HASH, using a private key previously stored, or pre-provisioned, in the IoT-Safe applet. More... | |
| int | wc_iotsafe_ecc_sign_hash_ex (byte *in, word32 inlen, byte *out, word32 *outlen, byte *key_id, word16 id_size) |
| Sign a pre-computed HASH, using a private key previously stored, or pre-provisioned, in the IoT-Safe applet. Equivalent to wc_iotsafe_ecc_sign_hash, except that it can be invoked with a key ID of two or more bytes. More... | |
| int | wc_iotsafe_ecc_verify_hash (byte *sig, word32 siglen, byte *hash, word32 hashlen, int *res, byte key_id) |
| Verify an ECC signature against a pre-computed HASH, using a public key previously stored, or pre-provisioned, in the IoT-Safe applet. Result is written to res. 1 is valid, 0 is invalid. Note: Do not use the return value to test for valid. Only use res. More... | |
| int | wc_iotsafe_ecc_verify_hash_ex (byte *sig, word32 siglen, byte *hash, word32 hashlen, int *res, byte *key_id, word16 id_size) |
| Verify an ECC signature against a pre-computed HASH, using a public key previously stored, or pre-provisioned, in the IoT-Safe applet. Result is written to res. 1 is valid, 0 is invalid. Note: Do not use the return value to test for valid. Only use res. Equivalent to wc_iotsafe_ecc_verify_hash, except that it can be invoked with a key ID of two or more bytes. More... | |
| int | wc_iotsafe_ecc_gen_k (byte key_id) |
| Generate an ECC 256-bit keypair and store it in a (writable) slot into the IoT-Safe applet. More... | |
IoT-Safe (IoT-SIM Applet For Secure End-2-End Communication) is a technology that leverage the SIM as robust, scalable and standardized hardware Root of Trust to protect data communication.
IoT-Safe SSL sessions use the SIM as Hardware Security Module, offloading all the crypto public key operations and reducing the attack surface by restricting access to certificate and keys to the SIM.
IoT-Safe support can be enabled on an existing WOLFSSL_CTX context, using wolfSSL_CTX_iotsafe_enable().
Session created within the context can set the parameters for IoT-Safe key and files usage, and enable the public keys callback, with wolfSSL_iotsafe_on().
If compiled in, the module supports IoT-Safe random number generator as source of entropy for wolfCrypt.
| int wc_iotsafe_ecc_export_private | ( | ecc_key * | key, |
| byte | key_id | ||
| ) |
Export an ECC 256-bit key, from ecc_key object to a writable private-key slot into the IoT-Safe applet.
| key | the ecc_key object containing the key to be exported |
| id | The key id in the IoT-Safe applet where the private key will be stored |
| int wc_iotsafe_ecc_export_private_ex | ( | ecc_key * | key, |
| byte * | key_id, | ||
| word16 | id_size | ||
| ) |
Export an ECC 256-bit key, from ecc_key object to a writable private-key slot into the IoT-Safe applet. Equivalent to wc_iotsafe_ecc_export_private, except that it can be invoked with a key ID of two or more bytes.
| key | the ecc_key object containing the key to be exported |
| id | The pointer to the key id in the IoT-Safe applet where the private key will be stored |
| id_size | The key id size |
| int wc_iotsafe_ecc_export_public | ( | ecc_key * | key, |
| byte | key_id | ||
| ) |
Export an ECC 256-bit public key, from ecc_key object to a writable public-key slot into the IoT-Safe applet.
| key | the ecc_key object containing the key to be exported |
| id | The key id in the IoT-Safe applet where the public key will be stored |
| int wc_iotsafe_ecc_gen_k | ( | byte | key_id | ) |
Generate an ECC 256-bit keypair and store it in a (writable) slot into the IoT-Safe applet.
Generate an ECC 256-bit keypair and store it in a (writable) slot into the IoT-Safe applet. Equivalent to wc_iotsafe_ecc_gen_k, except that it can be invoked with a key ID of two or more bytes.
| key_id | The id of the slot where the ECC key pair is stored in the IoT-Safe applet. |
| key_id | The id of the slot where the ECC key pair is stored in the IoT-Safe applet. |
| id_size | The key id size |
| int wc_iotsafe_ecc_import_public | ( | ecc_key * | key, |
| byte | key_id | ||
| ) |
Import an ECC 256-bit public key, stored in the IoT-Safe applet, into an ecc_key object.
| key | the ecc_key object that will contain the key imported from the IoT-Safe applet |
| id | The key id in the IoT-Safe applet where the public key is stored |
| int wc_iotsafe_ecc_import_public_ex | ( | ecc_key * | key, |
| byte * | key_id, | ||
| word16 | id_size | ||
| ) |
Export an ECC 256-bit public key, from ecc_key object to a writable public-key slot into the IoT-Safe applet. Equivalent to wc_iotsafe_ecc_import_public, except that it can be invoked with a key ID of two or more bytes.
| key | the ecc_key object containing the key to be exported |
| id | The pointer to the key id in the IoT-Safe applet where the public key will be stored |
| id_size | The key id size |
| int wc_iotsafe_ecc_sign_hash | ( | byte * | in, |
| word32 | inlen, | ||
| byte * | out, | ||
| word32 * | outlen, | ||
| byte | key_id | ||
| ) |
Sign a pre-computed HASH, using a private key previously stored, or pre-provisioned, in the IoT-Safe applet.
| in | pointer to the buffer containing the message hash to sign |
| inlen | length of the message hash to sign |
| out | buffer in which to store the generated signature |
| outlen | max length of the output buffer. Will store the bytes |
| id | key id in the IoT-Safe applet for the slot containing the private key to sign the payload written to out upon successfully generating a message signature |
| int wc_iotsafe_ecc_sign_hash_ex | ( | byte * | in, |
| word32 | inlen, | ||
| byte * | out, | ||
| word32 * | outlen, | ||
| byte * | key_id, | ||
| word16 | id_size | ||
| ) |
Sign a pre-computed HASH, using a private key previously stored, or pre-provisioned, in the IoT-Safe applet. Equivalent to wc_iotsafe_ecc_sign_hash, except that it can be invoked with a key ID of two or more bytes.
| in | pointer to the buffer containing the message hash to sign |
| inlen | length of the message hash to sign |
| out | buffer in which to store the generated signature |
| outlen | max length of the output buffer. Will store the bytes |
| id | pointer to a key id in the IoT-Safe applet for the slot containing the private key to sign the payload written to out upon successfully generating a message signature |
| id_size | The key id size |
| int wc_iotsafe_ecc_verify_hash | ( | byte * | sig, |
| word32 | siglen, | ||
| byte * | hash, | ||
| word32 | hashlen, | ||
| int * | res, | ||
| byte | key_id | ||
| ) |
Verify an ECC signature against a pre-computed HASH, using a public key previously stored, or pre-provisioned, in the IoT-Safe applet. Result is written to res. 1 is valid, 0 is invalid. Note: Do not use the return value to test for valid. Only use res.
| sig | buffer containing the signature to verify |
| hash | The hash (message digest) that was signed |
| hashlen | The length of the hash (octets) |
| res | Result of signature, 1==valid, 0==invalid |
| key_id | The id of the slot where the public ECC key is stored in the IoT-Safe applet |
| int wc_iotsafe_ecc_verify_hash_ex | ( | byte * | sig, |
| word32 | siglen, | ||
| byte * | hash, | ||
| word32 | hashlen, | ||
| int * | res, | ||
| byte * | key_id, | ||
| word16 | id_size | ||
| ) |
Verify an ECC signature against a pre-computed HASH, using a public key previously stored, or pre-provisioned, in the IoT-Safe applet. Result is written to res. 1 is valid, 0 is invalid. Note: Do not use the return value to test for valid. Only use res. Equivalent to wc_iotsafe_ecc_verify_hash, except that it can be invoked with a key ID of two or more bytes.
| sig | buffer containing the signature to verify |
| hash | The hash (message digest) that was signed |
| hashlen | The length of the hash (octets) |
| res | Result of signature, 1==valid, 0==invalid |
| key_id | The id of the slot where the public ECC key is stored in the IoT-Safe applet |
| id_size | The key id size |
| int wolfIoTSafe_GetCert | ( | uint8_t | id, |
| unsigned char * | output, | ||
| unsigned long | sz | ||
| ) |
Import a certificate stored in a file on IoT-Safe applet, and store it locally in memory. Works with one-byte file ID field.
| id | The file id in the IoT-Safe applet where the certificate is stored |
| output | the buffer where the certificate will be imported |
| sz | the maximum size available in the buffer output |
Example
| int wolfIoTSafe_GetCert_ex | ( | uint8_t * | id, |
| uint16_t | id_sz, | ||
| unsigned char * | output, | ||
| unsigned long | sz | ||
| ) |
Import a certificate stored in a file on IoT-Safe applet, and store it locally in memory. Equivalent to wolfIoTSafe_GetCert, except that it can be invoked with a file ID of two or more bytes.
| id | Pointer to the file id in the IoT-Safe applet where the certificate is stored |
| id_sz | Size of the file id in bytes |
| output | the buffer where the certificate will be imported |
| sz | the maximum size available in the buffer output |
Example
| int wolfIoTSafe_GetRandom | ( | unsigned char * | out, |
| word32 | sz | ||
| ) |
Generate a random buffer of given size, using the IoT-Safe function GetRandom. This function is automatically used by the wolfCrypt RNG object.
| out | the buffer where the random sequence of bytes is stored. |
| sz | the size of the random sequence to generate, in bytes |
| void wolfIoTSafe_SetCSIM_read_cb | ( | wolfSSL_IOTSafe_CSIM_read_cb | rf | ) |
Associates a read callback for the AT+CSIM commands. This input function is usually associated to a read event of a UART channel communicating with the modem. The read callback associated is global and changes for all the contexts that use IoT-safe support at the same time.
| rf | Read callback associated to a UART read event. The callback function takes two arguments (buf, len) and return the number of characters read, up to len. When a newline is encountered, the callback should return the number of characters received so far, including the newline character. |
Example
| void wolfIoTSafe_SetCSIM_write_cb | ( | wolfSSL_IOTSafe_CSIM_write_cb | wf | ) |
Associates a write callback for the AT+CSIM commands. This output function is usually associated to a write event on a UART channel communicating with the modem. The write callback associated is global and changes for all the contexts that use IoT-safe support at the same time.
| rf | Write callback associated to a UART write event. The callback function takes two arguments (buf, len) and return the number of characters written, up to len. |
Example
| int wolfSSL_CTX_iotsafe_enable | ( | WOLFSSL_CTX * | ctx | ) |
This function enables the IoT-Safe support on the given context.
| ctx | pointer to the WOLFSSL_CTX object on which the IoT-safe support must be enabled |
Example
| int wolfSSL_iotsafe_on | ( | WOLFSSL * | ssl, |
| byte | privkey_id, | ||
| byte | ecdh_keypair_slot, | ||
| byte | peer_pubkey_slot, | ||
| byte | peer_cert_slot | ||
| ) |
This function connects the IoT-Safe TLS callbacks to the given SSL session.
This should be called to connect a SSL session to IoT-Safe applet when the ID of the slots are one-byte long. If IoT-SAFE slots have an ID of two or more bytes, wolfSSL_iotsafe_on_ex() should be used instead.
| ssl | pointer to the WOLFSSL object where the callbacks will be enabled |
| privkey_id | id of the iot-safe applet slot containing the private key for the host |
| ecdh_keypair_slot | id of the iot-safe applet slot to store the ECDH keypair |
| peer_pubkey_slot | id of the iot-safe applet slot to store the other endpoint's public key for ECDH |
| peer_cert_slot | id of the iot-safe applet slot to store the other endpoint's public key for verification |
Example
| int wolfSSL_iotsafe_on_ex | ( | WOLFSSL * | ssl, |
| byte * | privkey_id, | ||
| byte * | ecdh_keypair_slot, | ||
| byte * | peer_pubkey_slot, | ||
| byte * | peer_cert_slot, | ||
| word16 | id_size | ||
| ) |
This function connects the IoT-Safe TLS callbacks to the given SSL session. This is equivalent to wolfSSL_iotsafe_on except that the IDs for the IoT-SAFE slots can be passed by reference, and the length of the ID fields can be specified via the parameter "id_size".
| ssl | pointer to the WOLFSSL object where the callbacks will be enabled |
| privkey_id | pointer to the id of the iot-safe applet slot containing the private key for the host |
| ecdh_keypair_slot | pointer to the id of the iot-safe applet slot to store the ECDH keypair |
| peer_pubkey_slot | pointer to the of id the iot-safe applet slot to store the other endpoint's public key for ECDH |
| peer_cert_slot | pointer to the id of the iot-safe applet slot to store the other endpoint's public key for verification |
| id_size | size of each slot ID |
Example
1.9.1