doxygen_groups.h 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243
  1. /*!
  2. \defgroup 3DES Algorithms - 3DES
  3. \defgroup AES Algorithms - AES
  4. \defgroup ARC4 Algorithms - ARC4
  5. \defgroup BLAKE2 Algorithms - BLAKE2
  6. \defgroup Camellia Algorithms - Camellia
  7. \defgroup ChaCha Algorithms - ChaCha
  8. \defgroup ChaCha20Poly1305 Algorithms - ChaCha20_Poly1305
  9. \defgroup Crypto Callbacks - CryptoCb
  10. \defgroup Curve25519 Algorithms - Curve25519
  11. \defgroup Curve448 Algorithms - Curve448
  12. \defgroup DSA Algorithms - DSA
  13. \defgroup Diffie-Hellman Algorithms - Diffie-Hellman
  14. \defgroup ECC Algorithms - ECC
  15. \defgroup ED25519 Algorithms - ED25519
  16. \defgroup ED448 Algorithms - ED448
  17. \defgroup ECCSI_Overview Overview of ECCSI
  18. ECCSI (Elliptic Curve-Based Certificateless Signatures for Identity-Based Encryption) is specified in RFC 6507 (https://tools.ietf.org/html/rfc6507).
  19. In Identity-Based cryptography, there is a Key Management Service that generates keys based on an identity for a client.
  20. The private key (SSK) and public key (PVT) are delivered to the signer and the public key (PVT) only delivered to the verifier on request.\n\n
  21. wolfCrypt offers the ability to:
  22. -# Create KMS keys,
  23. -# Generate signing key pairs,
  24. -# Validate signing key pairs,
  25. -# Sign messages and
  26. -# Verify messages.
  27. KMS:
  28. -# Initialize ECCSI Key: wc_InitEccsiKey()
  29. -# Make and save or load ECCSI Key:
  30. -# wc_MakeEccsiKey(), wc_ExportEccsiKey(), wc_ExportEccsiPublicKey() or
  31. -# wc_ImportEccsiKey()
  32. -# Wait for request:
  33. -# Receive signing ID from client.
  34. -# Generate signing key pair from ID: wc_MakeEccsiPair()
  35. -# Encode result:
  36. -# For signer, signing key pair: wc_EncodeEccsiPair()
  37. -# Send KPAK and result
  38. -# Free ECCSI Key: wc_FreeEccsiKey()
  39. Client, signer:
  40. -# Initialize ECCSI Key: wc_InitEccsiKey()
  41. -# (When signing pair not cached) Request KPAK and signing pair from KMS
  42. -# Send signing ID to KMS.
  43. -# Receive signing key pair from KMS.
  44. -# Load KMS Public Key: wc_ImportEccsiPublicKey()
  45. -# Decode signing key pair: wc_DecodeEccsiPair()
  46. -# Validate the key pair: wc_ValidateEccsiPair()
  47. -# (If not done above) Load KMS Public Key: wc_ImportEccsiPublicKey()
  48. -# (If not cached) Calculate hash of the ID and PVT: wc_HashEccsiId()
  49. -# For each message:
  50. -# Set Hash of Identity: wc_SetEccsiHash()
  51. -# Sign message: wc_SignEccsiHash()
  52. -# Send hash ID, message and signature to peer.
  53. -# Free ECCSI Key: wc_FreeEccsiKey()
  54. Client, verifier:
  55. -# Receive hash ID, message and signature from signer.
  56. -# Request KPAK (if not cached) and PVT (if not cached) for hash ID from KMS.
  57. -# Receive KPAK (if not cached) and PVT (if not cached) for hash ID from KMS.
  58. -# Initialize ECCSI Key: wc_InitEccsiKey()
  59. -# Load KMS Public Key: wc_ImportEccsiPublicKey()
  60. -# Decode PVT: wc_DecodeEccsiPvtFromSig()
  61. -# Calculate hash of the ID and PVT: wc_HashEccsiId()
  62. -# Set ECCSI key pair: wc_SetEccsiPair()
  63. -# Verify signature of message: wc_VerifyEccsiHash()
  64. -# Free ECCSI Key: wc_FreeEccsiKey()
  65. \defgroup ECCSI_Setup Setup ECCSI Key
  66. Operations for establinshing an ECCSI key.
  67. Initialize ECCSI Key before use (wc_InitEccsiKey()).\n
  68. Initialize ECCSI Key before use (wc_InitEccsiKey_ex()) for use with a curve other than P256.\n
  69. Either make a new key (wc_MakeEccsiKey()), import an existing key (wc_ImportEccsiKey()) or import existing private key (wc_ImportEccsiPrivateKey()) and public key (wc_ImportEccsiPublicKey()).\n
  70. Export the key (wc_ExportEccsiKey()) after making a new key for future use.\n
  71. Export the private key (wc_ExportEccsiPrivateKey()) after making a new key for future use.\n
  72. Export the public key (wc_ExportEccsiPublicKey()) from KMS to pass to client.\n
  73. Import the public key (wc_ImportEccsiPublicKey()) into client.\n
  74. Free the ECCSI Key (wc_FreeEccsiKey()) when finished.
  75. \defgroup ECCSI_Operations Operations for Signing and Verifying with ECCSI Key
  76. These operations are for signing and verifying with ECCSI keys.
  77. Make an ECCSI key pair (wc_MakeEccsiPair()) with the signer's ID for use when signing.\n
  78. Validate the ECCSI key pair (wc_ValidateEccsiPair()) with the signer's ID.\n
  79. Validate the ECCSI Public Validation Token (PVT) (wc_ValidateEccsiPvt()).\n
  80. Encode the ECCSI key pair (wc_EncodeEccsiPair()) for transfer to client.\n
  81. Encode the ECCSI SSK (wc_EncodeEccsiSsk()) for transfer to client.\n
  82. Encode the ECCSI PVT (wc_EncodeEccsiPvt()) for transfer to verifier.\n
  83. Decode the ECCSI key pair (wc_DecodeEccsiPair()) on client for signing.\n
  84. Decode the ECCSI SSK (wc_DecodeEccsiSsk()) on client for signing.\n
  85. Decode the ECCSI PVT (wc_DecodeEccsiPvt()) on client for signing.\n
  86. Decode the ECCSI PVT from the signature (wc_DecodeEccsiPvtFromSig()) on client for verifying.\n
  87. Calculate hash of the ID (wc_HashEccsiId()) for signing/verifying using ID and Public Validation Token (PVT).\n
  88. Sign (wc_SignEccsiHash()) a message with the hash of the ID and the Secret Signing Key (SSK) and Public Validation Token (PVT).\n
  89. Verify (wc_VerifyEccsiHash()) a message with the hash of the signer's ID.
  90. \defgroup SAKKE_Overview Overview of SAKKE Key
  91. SAKKE (Sakai-Kasahara Key Encryption) is specified in RFC 6508 (https://tools.ietf.org/html/rfc6508).
  92. SAKKE is used to transfer a secret to a peer using Identity Based cryptography.\n
  93. The Key Management Service (KMS) is responsible for issuing Receiver Secret %Keys (RSKs).
  94. Data up to (2^hashlen)^hashlen bytes of data can be transferred.\n
  95. The sender must know the identity of the receiver and the KMS Public Key.\n
  96. The receiver must have obtained a Receiver Secret Key (RSK) for the identity from a KMS in order to derive the secret.
  97. KMS:
  98. -# Initialize SAKKE Key: wc_InitSakkeKey()
  99. -# Make and save or load SAKKE Key:
  100. -# wc_MakeSakkeKey(), wc_ExportSakkeKey(), wc_ExportSakkePublicKey() or
  101. -# wc_ImportSakkeKey()
  102. -# Wait for request:
  103. -# Make an RSK base on ID for the client: wc_MakeSakkeRsk()
  104. -# Encode RSK for transfer to client: wc_EncodeSakkeRsk()
  105. -# Free SAKKE Key: wc_FreeSakkeKey()
  106. Key Exchange, Peer A:
  107. -# Initialize SAKKE Key: wc_InitSakkeKey()
  108. -# Load KMS Public Key: wc_ImportSakkePublicKey()
  109. -# Generate a random SSV: wc_GenerateSakkeSSV()
  110. -# Set the identity of Peer B: wc_SetSakkeIdentity()
  111. -# Make an encapsulated SSV and auth data: wc_MakeSakkeEncapsulatedSSV()
  112. -# Send encapsulated data to Peer B
  113. -# Free SAKKE Key: wc_FreeSakkeKey()
  114. Key Exchange, Peer B:
  115. -# Receive encapsulated data.
  116. -# Initialize SAKKE Key: wc_InitSakkeKey()
  117. -# Load KMS Public Key: wc_ImportSakkePublicKey()
  118. -# Decode RSK transferred from KMS or stored locally: wc_DecodeSakkeRsk()
  119. -# [Optional] Validate RSK before first use: wc_ValidateSakkeRsk()
  120. -# Set the identity: wc_SetSakkeIdentity()
  121. -# Set the RSK and, optionally precomputation table: wc_SetSakkeRsk()
  122. -# Derive SSV with auth data: wc_DeriveSakkeSSV()
  123. -# Free SAKKE Key: wc_FreeSakkeKey()
  124. Transfer secret, Peer A:
  125. -# Initialize SAKKE Key: wc_InitSakkeKey()
  126. -# Load KMS Public Key: wc_ImportSakkePublicKey()
  127. -# Set the identity of Peer B: wc_SetSakkeIdentity()
  128. -# Make an encapsulation of the SSV and auth data: wc_MakeSakkeEncapsulatedSSV()
  129. -# Send encapsulated data to Peer B
  130. -# Free SAKKE Key: wc_FreeSakkeKey()
  131. Transfer secret, Peer B:
  132. -# Initialize SAKKE Key: wc_InitSakkeKey()
  133. -# Load KMS Public Key: wc_ImportSakkePublicKey()
  134. -# Decode RSK transferred from KMS or stored locally: wc_DecodeSakkeRsk()
  135. -# [Optional] Validate RSK before first use: wc_ValidateSakkeRsk()
  136. -# Receive encapsulated data.
  137. -# Set the identity: wc_SetSakkeIdentity()
  138. -# Set the RSK and, optionally precomputation table: wc_SetSakkeRsk()
  139. -# Derive SSV and auth data: wc_DeriveSakkeSSV()
  140. -# Free SAKKE Key: wc_FreeSakkeKey()
  141. \defgroup SAKKE_Setup Setup SAKKE Key
  142. Operations for establishing a SAKKE key.
  143. Initialization SAKKE Key before use (wc_InitSakkeKey() or wc_InitSakkeKey_ex()).\n
  144. Either make a new key (wc_MakeSakkeKey()) or import an existing key (wc_ImportSakkeKey()).\n
  145. Export the key (wc_ExportSakkeKey()) after making a new key for future use.\n
  146. If only the private part of the KMS SAKKE Key is available, make the public key (wc_MakeSakkePublicKey()).\n
  147. Export the private key (wc_ExportSakkePrivateKey()) from KMS from storage.\n
  148. Import the private key (wc_ImportSakkePrivateKey()) into KMS from storage.\n
  149. Export the public key (wc_ExportSakkePublicKey()) from KMS to pass to client.\n
  150. Import the public key (wc_ImportSakkePublicKey()) into client.\n
  151. Set the identity to use (wc_SetSakkeIdentity()) into client.\n
  152. Free the SAKKE Key (wc_FreeSakkeKey()) when finished.
  153. \defgroup SAKKE_RSK Operations on/with SAKKE RSK
  154. These operations make, validate, encode and decode a Receiver Secret Key (RSK).
  155. An RSK is required to derive an SSV (see wc_DeriveSakkeSSV()).\n
  156. On the KMS, make an RSK (wc_MakeSakkeRsk()) from the client's ID.\n
  157. On the client, validate the RSK (wc_ValidateSakkeRsk()) with the ID.\n
  158. Encode the RSK (wc_EncodeSakkeRsk()) to pass to client or for storage.\n
  159. Decode the RSK (wc_DecodeSakkeRsk()) on the client when needed.\n
  160. Import the RSK (wc_ImportSakkeRsk()) on the client when needed.\n
  161. Set the RSK and, optionally, a pre-computation table (wc_SetSakkeRsk()) on the client when needed.
  162. \defgroup SAKKE_Operations Operations using SAKKE Key
  163. These operations transfer a Shared Secret Value (SSV) from one client to another. The SSV may be randomly generated.
  164. Calculate the size of the authentication data (wc_GetSakkeAuthSize()) to determine where the SSV starts in a buffer.\n
  165. Make the intermediate point I (wc_MakeSakkePointI()) to speed making an encapsulated and deriving SSV.\n
  166. Get intermediate point I (wc_GetSakkePointI()) for storage.\n
  167. Set intermediate point I (wc_SetSakkePointI()) from storage.\n
  168. Generate a pre-computation table for intermediate point I (wc_GenerateSakkePointITable()) to further enhance performance. Store as necessary.\n
  169. Set the pre-computation table for intermediate point I (wc_SetSakkePointITable()) to further enhance performance.\n
  170. Clear the pre-computation table for intermediate point I (wc_ClearSakkePointITable()) to remove reference to external table pointer.\n
  171. Make an encapsulated SSV (wc_MakeSakkeEncapsulatedSSV()) to share with another client. Data in SSV is modified.\n
  172. Generate a random SSV (wc_GenerateSakkeSSV()) for key exchange.\n
  173. Derive the SSV, (wc_DeriveSakkeSSV()) on the recipient from the encapsulated SSV.
  174. \defgroup HMAC Algorithms - HMAC
  175. \defgroup MD2 Algorithms - MD2
  176. \defgroup MD4 Algorithms - MD4
  177. \defgroup MD5 Algorithms - MD5
  178. \defgroup PKCS7 Algorithms - PKCS7
  179. \defgroup PKCS11 Algorithms - PKCS11
  180. \defgroup Password Algorithms - Password Based
  181. \defgroup Poly1305 Algorithms - Poly1305
  182. \defgroup RIPEMD Algorithms - RIPEMD
  183. \defgroup RSA Algorithms - RSA
  184. \defgroup SHA Algorithms - SHA 128/224/256/384/512
  185. \defgroup SipHash Algorithm - SipHash
  186. \defgroup SRP Algorithms - SRP
  187. \defgroup ASN ASN.1
  188. \defgroup Base_Encoding Base Encoding
  189. \defgroup CertManager CertManager API
  190. \defgroup Compression Compression
  191. \defgroup Error Error Reporting
  192. \defgroup IoTSafe IoT-Safe Module
  193. IoT-Safe (IoT-SIM Applet For Secure End-2-End Communication) is a technology that leverage the SIM as robust,
  194. scalable and standardized hardware Root of Trust to protect data communication.
  195. IoT-Safe SSL sessions use the SIM as Hardware Security Module, offloading all the crypto public
  196. key operations and reducing the attack surface by restricting access to certificate and keys
  197. to the SIM.
  198. IoT-Safe support can be enabled on an existing WOLFSSL_CTX contex, using wolfSSL_CTX_iotsafe_enable().\n
  199. Session created within the context can set the parameters for IoT-Safe key and files usage, and enable
  200. the public keys callback, with wolfSSL_iotsafe_on().
  201. If compiled in, the module supports IoT-Safe random number generator as source of entropy for wolfCrypt.
  202. \defgroup PSA Platform Security Architecture (PSA) API
  203. \defgroup Keys Key and Cert Conversion
  204. \defgroup Logging Logging
  205. \defgroup Math Math API
  206. \defgroup Memory Memory Handling
  207. \defgroup Random Random Number Generation
  208. \defgroup Signature Signature API
  209. \defgroup openSSL OpenSSL API
  210. \defgroup wolfCrypt wolfCrypt Init and Cleanup
  211. \defgroup TLS wolfSSL Initialization/Shutdown
  212. \defgroup CertsKeys wolfSSL Certificates and Keys
  213. \defgroup Setup wolfSSL Context and Session Set Up
  214. \defgroup IO wolfSSL Connection, Session, and I/O
  215. \defgroup Debug wolfSSL Error Handling and Reporting
  216. */