*
* | Term |
* Definition |
*
*
*
* | Secure Hash Algorithm (SHA) |
* A cryptographic hash function.
* This function takes a message of an arbitrary length and reduces it to a
* fixed-length residue or message digest after performing a series of
* mathematically defined operations that practically guarantee that any
* change in the message will change the hash value. It is used for message
* authentication by transmitting a message with a hash value appended to it
* and recalculating the message hash value using the same algorithm at the
* recipient's end. If the hashes differ, then the message is corrupted.
* For more information see [Secure Hash standard description]
* (https://csrc.nist.gov/csrc/media/publications/fips/180/2/archive/2002-08-01/documents/fips180-2.pdf).
* |
*
*
* | Plaintext |
* An unencrypted message |
*
*
*
* | Ciphertext |
* An encrypted message |
*
*
*
* | Block Cipher |
* An encryption function for fixed-size blocks of data.
* This function takes a fixed-size key and a block of plaintext data from
* the message and encrypts it to generate ciphertext. Block ciphers are
* reversible. The function performed on a block of encrypted data will
* decrypt that data. |
*
*
*
* | Block Cipher Mode |
* A mode of encrypting a message using block ciphers for messages of an
* arbitrary length. The message is padded so that its length is an integer
* multiple of the block size. ECB (Electronic Code Book), CBC (Cipher Block
* Chaining), and CFB (Cipher Feedback) are all modes of using block ciphers
* to create an encrypted message of an arbitrary length.
* |
*
*
* | Advanced Encryption Standard (AES) |
* The [AES standard] (https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.197.pdf)
* specifies the Rijndael algorithm, a symmetric block
* cipher that can process 128-bit data blocks, using cipher keys with
* 128-, 192-, and 256-bit lengths. Rijndael was designed to handle
* additional block sizes and key lengths. However, they are not adopted in
* this standard. AES is also used for message authentication.
* |
*
*
* | Message Authentication Code (MAC) |
* MACs are used to verify that a received message has not been altered.
* This is done by first computing a MAC value at the sender's end and
* appending it to the transmitted message. When the message is received,
* the MAC is computed again and checked against the MAC value transmitted
* with the message. If they do not match, the message has been altered.
* Either a Hash algorithm (such as SHA) or a block cipher (such as AES) can
* be used to produce the MAC value. Keyed MAC schemes use a Secret Key
* along with the message, thus the Key value must be known to be able to
* compute the MAC value. |
*
*
*
* | Hash Message Authentication Code (HMAC) |
* A specific type of message authentication code (MAC) that involves a
* cryptographic hash function and a secret cryptographic key.
* It computes the MAC value using a Hash algorithm.
* For more information see [The Keyed-Hash Message Authentication Code standard]
* (https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.198-1.pdf)
* |
*
*
* | True Random Number Generator (TRNG) |
* A block that generates a number that is statistically random and based
* on some physical random variation. The number cannot be duplicated by
* running the process again. |
*
*
*
* | Symmetric Key Cryptography |
* Uses a common, known key to encrypt and decrypt messages (a shared
* secret between sender and receiver). An efficient method used for
* encrypting and decrypting messages after the authenticity of the other
* party has been established. AES is well-known symmetric cryptography methods. |
*
*
*
* | Asymmetric Key Cryptography |
* Also referred to as Public Key encryption. To receive a message,
* you publish a very large public key (up to 4096 bits currently). The
* public key is described by the pair (n, e) where n is a product of
* two randomly chosen primes p and q. The exponent e is a random integer
* 1 < e < Q where Q = (p-1) (q-1). The private key d is uniquely defined
* by the integer 1 < d < Q so that ed congruent with 1 (mod Q ). To send
* a message to the publisher of the public key, you encrypt the message
* with the public key. This message can now be decrypted only with the
* private key. The message is now sent over any channel to the recipient
* who can decrypt it with the private (secret) key. The same process is
* used to send messages to the sender of the original message. The
* asymmetric cryptography relies on the mathematical impracticality
* (usually related to the processing power available at any given time)
* of factoring the keys.
* |
*
*
*
*
* \section group_cryptolite_changelog Changelog
*
* | Version | Changes | Reason for Change |
|---|
*
* | 2.50 |
*
*
* - Support for AES-CCM, AES-CMAC, AES-CBC-MAC & AES multistage for modes ECB, CBC, CFB, CTR added.
* - Support for HKDF added.
* - Support for ECC key pair generation & ECDSA Sign added .
*
* |
* |
*
*
* | 2.40 |
* Updated value of CY_CRYPTOLITE_DEF_TRNG_GARO macro. |
* Usability enhancement. |
*
*
* | 2.30 |
* Updated APIs \ref Cy_Cryptolite_ECC_VerifyHash and \ref Cy_Cryptolite_Aes_Ctr. |
* Support for ECDSA verify for HASHZERO message added and MISRA 2012 violation fix |
*
*
* | 2.20 |
*
*
* - Updated TRNG default config.
*
* |
* |
*
*
* | 2.10 |
*
*
* - Added HMAC-SHA256 & AES(128 bit) support.
* - Added TRNG support.
* - Added RSA signature verification support upto 4096 bit
* - Added ECDSA signature verification support for SECP256R1 & SECP384R1
*
* |
* |
*
*
* | 2.0 |
* Renamed the sha256 context structure from cy_stc_cryptolite_context_sha_t to cy_stc_cryptolite_context_sha256_t |
* |
*
*
* | 1.0 |
* Initial Version |
* |
*
*
* \defgroup group_cryptolite_lld_sha Hash operations (SHA)
* \{
* \defgroup group_cryptolite_lld_sha_functions Functions
* \}
* \defgroup group_cryptolite_lld_mac Message Authentication Code (HMAC, CMAC)
* \{
* \defgroup group_cryptolite_lld_mac_functions Functions
* \}
* \defgroup group_cryptolite_lld_aes Symmetric Key Algorithm (AES)
* \{
* \defgroup group_cryptolite_lld_aes_functions Functions
* \}
* \defgroup group_cryptolite_lld_kdf Key Derivative Function (HKDF)
* \{
* \defgroup group_cryptolite_lld_kdf_functions Functions
* \}
* \defgroup group_cryptolite_lld_asymmetric Asymmetric Key Algorithm (RSA,ECP,ECDSA)
* \{
* \defgroup group_cryptolite_lld_asymmetric_functions Functions
* \}
* \defgroup group_cryptolite_lld_keygen Key Generation (ECP)
* \{
* \defgroup group_cryptolite_lld_keygen_functions Functions
* \}
* \defgroup group_cryptolite_lld_random_number Random Number Generation(TRNG)
* \{
* \defgroup group_cryptolite_lld_rng_functions Functions
* \}
* \defgroup group_cryptolite_lld_vu Vector Unit (VU)
* \{
* \defgroup group_cryptolite_lld_vu_functions Functions
* \}
* \defgroup group_cryptolite_data_structures Common Data Structures
* \defgroup group_cryptolite_enums Common Enumerated Types
* \defgroup group_cryptolite_macros Macros
*/
#if !defined (CY_CRYPTOLITE_H)
#define CY_CRYPTOLITE_H
#include "cy_device.h"
#if defined (CY_IP_MXCRYPTOLITE)
#include "cy_cryptolite_sha256.h"
#include "cy_cryptolite_hmac.h"
#include "cy_cryptolite_ecdsa.h"
#include "cy_cryptolite_rsa.h"
#include "cy_cryptolite_trng.h"
#include "cy_cryptolite_aes.h"
#include "cy_cryptolite_aes_ccm.h"
#include "cy_cryptolite_ecc_key_gen.h"
#include "cy_cryptolite_hkdf.h"
#include "cy_cryptolite_cmac.h"
#endif /* CY_IP_MXCRYPTOLITE */
#endif /* #if !defined (CY_CRYPTOLITE_H) */
/** \} group_cryptolite */
/* [] END OF FILE */