CW_CryptoProvider Class Reference

Abstract interface for cryptographic operations used by CW_SecureChannel. More...

#include <CW_CryptoProvider.h>

Inheritance diagram for CW_CryptoProvider:

Public Member Functions
virtual bool	sha256 (const uint8_t *data, size_t len, uint8_t *out)=0
	Compute SHA-256 over a contiguous data buffer.
virtual bool	sha512 (const uint8_t *data, size_t len, uint8_t *out)=0
	Compute SHA-512 over a contiguous data buffer.
virtual uint16_t	aesCbcEncrypt (const uint8_t *in, uint16_t len, uint8_t *out, const uint8_t *key, uint8_t keyLen, uint8_t *iv, bool bitPadding)=0
	AES-CBC encrypt.
virtual uint16_t	aesCbcDecrypt (uint8_t *in, uint16_t len, uint8_t *out, const uint8_t *key, uint8_t keyLen, uint8_t *iv, bool bitPadding)=0
	AES-CBC decrypt.
virtual bool	ecdh (const uint8_t *pubKey, const uint8_t *privKey, uint8_t *secret, CW_Curve curve)=0
	ECDH shared secret computation.
virtual bool	makeKey (uint8_t *pubKey, uint8_t *privKey, CW_Curve curve)=0
	Generate a new EC key pair.
virtual bool	random (uint8_t *dest, unsigned size)=0
	Fill a buffer with cryptographically random bytes.
virtual bool	ecdsaVerify (const uint8_t *pubKey64, const uint8_t *hash, size_t hashLen, const uint8_t *sig, CW_Curve curve)=0
	Verify an ECDSA signature (raw r||s, 64 bytes) against a message hash.
virtual	~CW_CryptoProvider ()

Detailed Description

Abstract interface for cryptographic operations used by CW_SecureChannel.

Decouples the secure channel protocol from any specific crypto library. The concrete ESP32 implementation (ESP32CryptoProvider) wraps mbedTLS (SHA-256/SHA-512/AES-CBC hardware-accelerated on ESP32-S3) and the ESP32 hardware TRNG for random number generation.

Definition at line 45 of file CW_CryptoProvider.h.

Constructor & Destructor Documentation

~CW_CryptoProvider()

virtual CW_CryptoProvider::~CW_CryptoProvider ( )

inlinevirtual

Definition at line 146 of file CW_CryptoProvider.h.

Member Function Documentation

aesCbcDecrypt()

virtual uint16_t CW_CryptoProvider::aesCbcDecrypt ( uint8_t * in, uint16_t len, uint8_t * out, const uint8_t * key, uint8_t keyLen, uint8_t * iv, bool bitPadding )

pure virtual

AES-CBC decrypt.

Parameters

[in]	in	Ciphertext input buffer (non-const; may be modified internally).
[in]	len	Length of the ciphertext.
[out]	out	Plaintext output buffer.
[in]	key	AES key bytes.
[in]	keyLen	AES key length in bytes.
[in,out]	iv	16-byte IV used as decrypt IV.
[in]	bitPadding	true = Bit padding removal; false = Null padding (no removal).

Returns

Length of the plaintext written to out.

Implemented in ArduinoCryptoProvider, and StubCrypto.

aesCbcEncrypt()

virtual uint16_t CW_CryptoProvider::aesCbcEncrypt ( const uint8_t * in, uint16_t len, uint8_t * out, const uint8_t * key, uint8_t keyLen, uint8_t * iv, bool bitPadding )

pure virtual

AES-CBC encrypt.

Parameters

[in]	in	Plaintext input buffer.
[in]	len	Length of the plaintext.
[out]	out	Ciphertext output buffer (must be large enough for padding).
[in]	key	AES key bytes.
[in]	keyLen	AES key length in bytes (16, 24, or 32).
[in,out]	iv	16-byte IV; updated to last cipher block on return.
[in]	bitPadding	true = ISO/IEC 9797-1 Method 2 (Bit) padding; false = Null padding (no padding added).

Returns

Length of the ciphertext written to out.

Implemented in ArduinoCryptoProvider, and StubCrypto.

ecdh()

virtual bool CW_CryptoProvider::ecdh ( const uint8_t * pubKey, const uint8_t * privKey, uint8_t * secret, CW_Curve curve )

pure virtual

ECDH shared secret computation.

Parameters

[in]	pubKey	Remote public key (64 bytes, X||Y, no 0x04 prefix).
[in]	privKey	Local private key (32 bytes).
[out]	secret	32-byte shared secret output.
[in]	curve	Curve identifier (CW_CURVE_SECP256R1 or CW_CURVE_SECP256K1).

Returns

true on success, false otherwise.

Implemented in ArduinoCryptoProvider, and StubCrypto.

ecdsaVerify()

virtual bool CW_CryptoProvider::ecdsaVerify ( const uint8_t * pubKey64, const uint8_t * hash, size_t hashLen, const uint8_t * sig, CW_Curve curve )

pure virtual

Verify an ECDSA signature (raw r||s, 64 bytes) against a message hash.

Parameters

[in]	pubKey64	64-byte public key (X||Y, no 0x04 prefix).
[in]	hash	Message hash buffer.
[in]	hashLen	Length of the hash in bytes.
[in]	sig	64-byte raw signature (r[32]||s[32]).
[in]	curve	Curve identifier for the verification operation.

Returns

true if the signature is valid, false otherwise.

Implemented in ArduinoCryptoProvider, and StubCrypto.

makeKey()

virtual bool CW_CryptoProvider::makeKey ( uint8_t * pubKey, uint8_t * privKey, CW_Curve curve )

pure virtual

Generate a new EC key pair.

Parameters

[out]	pubKey	64-byte public key output (X||Y, no prefix).
[out]	privKey	32-byte private key output.
[in]	curve	Curve identifier (CW_CURVE_SECP256R1 or CW_CURVE_SECP256K1).

Returns

true on success, false otherwise.

Implemented in ArduinoCryptoProvider, and StubCrypto.

random()

virtual bool CW_CryptoProvider::random ( uint8_t * dest, unsigned size )

pure virtual

Fill a buffer with cryptographically random bytes.

Parameters

[out]	dest	Buffer to fill.
[in]	size	Number of bytes to generate.

Returns

true on success, false otherwise.

Implemented in ArduinoCryptoProvider, and StubCrypto.

sha256()

virtual bool CW_CryptoProvider::sha256 ( const uint8_t * data, size_t len, uint8_t * out )

pure virtual

Compute SHA-256 over a contiguous data buffer.

Parameters

[in]	data	Input buffer.
[in]	len	Number of bytes to hash.
[out]	out	32-byte output buffer.

Returns

true on success, false if the underlying hash accelerator faults.

Implemented in ArduinoCryptoProvider, and StubCrypto.

sha512()

virtual bool CW_CryptoProvider::sha512 ( const uint8_t * data, size_t len, uint8_t * out )

pure virtual

Compute SHA-512 over a contiguous data buffer.

Parameters

[in]	data	Input buffer.
[in]	len	Number of bytes to hash.
[out]	out	64-byte output buffer.

Returns

true on success, false if the underlying hash accelerator faults.

Implemented in ArduinoCryptoProvider, and StubCrypto.

---

The documentation for this class was generated from the following file:

• src/cryptnox-sdk-cpp/CW_CryptoProvider.h