1 /* 2 * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #ifndef _CC_FFCDH_LOCAL_H 8 #define _CC_FFCDH_LOCAL_H 9 10 #include "cc_ffc_domain.h" 11 #include "cc_ffcdh.h" 12 13 #ifdef __cplusplus 14 extern "C" 15 { 16 #endif 17 18 19 /************************ Defines ******************************/ 20 21 22 23 /*! DH Context Validation Tag initial value. * 24 \note low bytes of validation tag are used for setting bits, indicate * 25 that into the context inserted data appropriate to DH Agreement functions * 26 * flow */ 27 #define FFCDH_CTX_VALID_TAG_INIT_VAL 0xFFCD0000 28 29 /*!< DH Context Validation Tag Bits for appropriate steps of functions flow * 30 * according to description in the CCDhCtx_t structure definition. */ 31 #define FFCDH_CTX_VALID_TAG_INITIALIZATION_BIT (1UL<<0) /*!< FFCDH Context is initialised to zero data */ 32 #define FFCDH_CTX_VALID_TAG_SCHEM_PARAM_BIT (1UL<<1) /*!< FFCDH Scheme parameters are set */ 33 #define FFCDH_CTX_VALID_TAG_DOMAIN_BIT (1UL<<2) /*!< FFCDH Domain is set into Context */ 34 #define FFCDH_CTX_VALID_TAG_USER_STAT_KEY_BIT (1UL<<3) /*!< FFCDH user static keys (private and public) are set */ 35 #define FFCDH_CTX_VALID_TAG_USER_EPHEM_KEY_BIT (1UL<<4) /*!< FFCDH user ephemeral keys (private and public) are set */ 36 #define FFCDH_CTX_VALID_TAG_USER_NONCE_BIT (1UL<<5) /*!< FFCDH user Nonce is set */ 37 #define FFCDH_CTX_VALID_TAG_PARTN_STAT_KEY_BIT (1UL<<6) /*!< FFCDH partner static public key */ 38 #define FFCDH_CTX_VALID_TAG_PARTN_EPHEM_KEY_BIT (1UL<<7) /*!< FFCDH partner ephemeral public key is set */ 39 #define FFCDH_CTX_VALID_TAG_PARTN_NONCE_BIT (1UL<<8) /*!< FFCDH partner Nonce is set */ 40 #define FFCDH_CTX_VALID_TAG_USER_INFO_BIT (1UL<<9) /*!< FFCDH UserInfo Data is set */ 41 #define FFCDH_CTX_VALID_TAG_SCHEM_DATA_BIT (1UL<<10) /*!< FFCDH Scheme Data is set */ 42 #define FFCDH_CTX_VALID_TAG_AGREEM_COMPLET_BIT (1UL<<11) /*!< FFCDH Key Agreement is completed */ 43 44 /* All validation bits for Private/Public Keys joined together */ 45 #define FFCDH_CTX_VALID_TAG_ALL_KEYS_BITS \ 46 (FFCDH_CTX_VALID_TAG_USER_STAT_KEY_BIT || \ 47 FFCDH_CTX_VALID_TAG_USER_EPHEM_KEY_BIT || \ 48 FFCDH_CTX_VALID_TAG_USER_NONCE_BIT || \ 49 FFCDH_CTX_VALID_TAG_PARTN_STAT_KEY_BIT || \ 50 FFCDH_CTX_VALID_TAG_PARTN_EPHEM_KEY_BIT || \ 51 FFCDH_CTX_VALID_TAG_PARTN_NONCE_BIT) 52 53 /*!< DH Context Validation Tags for appropriate steps of functions flow * 54 * according to description in the CCDhCtx_t structure definition. */ 55 #define FFCDH_CTX_VALID_TAG_SCHEM_PARAM_SET (FFCDH_CTX_VALID_TAG_INIT_VAL || FFCDH_CTX_VALID_TAG_SCHEM_PARAM_BIT) /*!< DH Scheme parameters are set */ 56 #define FFCDH_CTX_VALID_TAG_DOMAIN_SET (FFCDH_CTX_VALID_TAG_SCHEM_PARAM_SET || FFCDH_CTX_VALID_TAG_DOMAIN_BIT) /*!< DH Domain is set into Context */ 57 #define FFCDH_CTX_VALID_TAG_ALL_KEYS_SET (FFCDH_CTX_VALID_TAG_DOMAIN_SET || FFCDH_CTX_VALID_TAG_ALL_KEYS_BITS) /*!< DH all keys are set */ 58 #define FFCDH_CTX_VALID_TAG_USER_INFO_SET (FFCDH_CTX_VALID_TAG_ALL_KEYS_SET || FFCDH_CTX_VALID_TAG_USER_INFO_BIT) /*!< DH User Info is set */ 59 #define FFCDH_CTX_VALID_TAG_SCHEM_DATA_SET (FFCDH_CTX_VALID_TAG_USER_INFO_SET || FFCDH_CTX_VALID_TAG_SCHEM_DATA_BIT) /*!< DH Scheme Data is set */ 60 #define FFCDH_CTX_VALID_TAG_AGREEM_COMPLETED (FFCDH_CTX_VALID_TAG_KEY_MATERIAL_SET || FFCDH_CTX_VALID_TAG_AGREEM_COMPLET_BIT) /*!< DH Key Agreement is completed */ 61 62 /* the macro converts bit value (0,1) and offset to to appropriate number = bit<<offset. */ 63 #define FFCDH_OFFS_TO_VAL(bit, offset) ((bit) << (offset)) 64 65 #ifdef FFC_FURTHER_USING 66 /*! Offsets of bits defining FFC DH Scheme parameters in Scheme Info variable. 67 * Each enum. value defines offset of the bit, indicating that the named parameter 68 * is needed according to Scheme, user party (U,V) and confirmation role */ 69 typedef enum 70 { 71 FFCDH_DO_CTX_INIT, /*!< do DH context init */ 72 FFCDH_DO_SCHEME_PARAMS, /*!< insert Scheme parameters */ 73 FFCDH_DO_DOMAIN, /*!< insert Domain parameters */ 74 FFCDH_DO_USER_STAT_KEY, /*!< user should have static key */ 75 FFCDH_DO_USER_EPHEM_KEY, /*!< user should have ephemeral key */ 76 FFCDH_DO_USER_NONCE, /*!< user should have Nonce key */ 77 FFCDH_DO_PARTN_STAT_KEY, /*!< partner should have static key */ 78 FFCDH_DO_PARTN_EPHEM_KEY, /*!< partner should have static key */ 79 FFCDH_DO_PARTN_NONCE, /*!< partner should have static key */ 80 FFCDH_DO_CONFIRM_PROVID, /*!< user is confirm provider */ 81 FFCDH_DO_CONFIRM_RECIP, /*!< user is confirm recipient */ 82 83 FFCDH_DO_OFF_MODE, /*!< not allowed value */ 84 FFCDH_DO_PARAMS_LAST = 0x7FFFFFFF 85 } FfcDhSchemeInfoBits_t; 86 87 88 /* Define DH Scheme Info bits for given FFCDH Scheme , user party (U,V) and confirmation role */ 89 /* Scheme: dhHybrid1 */ 90 #define FFCDH_HYBRID1_U ((1UL<<FFCDH_DO_USER_STAT_KEY)||(1<<FFCDH_DO_USER_EPHEM_KEY)|| \ 91 (1<<FFCDH_DO_PARTN_STAT_KEY)||(1<<FFCDH_DO_PARTN_EPHEM_KEY)) 92 #define FFCDH_HYBRID1_V FFCDH_HYBRID1_U 93 /* Scheme: dhEphem: NoConfirm */ 94 #define FFCDH_EPHEM_U ((1UL<<FFCDH_DO_USER_STAT_KEY)||(1<<FFCDH_DO_USER_EPHEM_KEY)|| \ 95 (1<<FFCDH_DO_PARTN_STAT_KEY)||(0<<FFCDH_DO_PARTN_EPHEM_KEY)) 96 #define FFCDH_EPHEM_V FFCDH_EPHEM_U 97 /* Scheme: dhHybridOneFlow_U */ 98 #define FFCDH_HYBRID_ONE_FLOW_U ((1UL<<FFCDH_DO_USER_STAT_KEY)||(1<<FFCDH_DO_USER_EPHEM_KEY)|| \ 99 (1<<FFCDH_DO_PARTN_STAT_KEY)||(0<<FFCDH_DO_PARTN_EPHEM_KEY)) 100 #define FFCDH_HYBRID_ONE_FLOW_V ((1UL<<FFCDH_DO_USER_STAT_KEY)||(0<<FFCDH_DO_USER_EPHEM_KEY)|| \ 101 (1<<FFCDH_DO_PARTN_STAT_KEY)||(1<<FFCDH_DO_PARTN_EPHEM_KEY)) 102 /* Scheme: dhOneFlow_U */ 103 #define FFCDH_ONE_FLOW_U ((0UL<<FFCDH_DO_USER_STAT_KEY)||(1<<FFCDH_DO_USER_EPHEM_KEY)|| \ 104 (1<<FFCDH_DO_PARTN_STAT_KEY)||(0<<FFCDH_DO_PARTN_EPHEM_KEY)) 105 #define FFCDH_ONE_FLOW_V ((1UL<<FFCDH_DO_USER_STAT_KEY)||(0<<FFCDH_DO_USER_EPHEM_KEY)|| \ 106 (0<<FFCDH_DO_PARTN_STAT_KEY)||(1<<FFCDH_DO_PARTN_EPHEM_KEY)) 107 /* Scheme: dhStatic */ 108 #define FFCDH_STATIC_U ((1UL<<FFCDH_DO_USER_STAT_KEY)||(0<<FFCDH_DO_USER_EPHEM_KEY)|| \ 109 (1<<FFCDH_DO_PARTN_STAT_KEY)||(0<<FFCDH_DO_PARTN_EPHEM_KEY)) 110 #define FFCDH_STATIC_V FFCDH_STATIC_U 111 #endif 112 113 114 /************************** Macros ******************************/ 115 116 /* The macro sets uint16 length (len) into bytes-buffer, given by the pointer (ptr) as 117 * 2-bytes big endianness counter, and then promote the pointer by 2 bytes. 118 * Note: Dst buffer should be given by pointer (not by buffer name). */ 119 #define FFCDH_SET_LENGTH(ptr, len) \ 120 (ptr)[0] = ((len)>>1) & 0xFF; (ptr)[1] = (len) & 0xFF; \ 121 (ptr) += CC_FFCDH_LENGTH_COUNTER_SIZE_IN_BYTES; 122 /* The macro reads length (2 bytes BE number) from bytes-buffer into uint16 value 123 * and promotes pointer to next buffer (sub-entry). 124 * Note: Dst buffer should be given by pointer (not by buffer name). */ 125 #define FFCDH_GET_LENGTH(ptr) (((uint16_t)((ptr)[0])<< 8) | (ptr)[1]); \ 126 (ptr) += CC_FFCDH_LENGTH_COUNTER_SIZE_IN_BYTES; 127 #define FFCDH_SET_OFFSET(prevOffset, prevDataSize) ((prevOffset) + (prevDataSize) + CC_FFCDH_LENGTH_COUNTER_SIZE_IN_BYTES) 128 /* macro sets offset depending on condition value which shall be 1 or 0. If it is 1, 129 * then prevDataSize is added to offset, else - not added. All sizes are uint16_t values. */ 130 #define FFCDH_COND_SET_OFFSET(prevOffset, prevDataSize, conditionVal) \ 131 ((prevOffset) + CC_FFCDH_LENGTH_COUNTER_SIZE_IN_BYTES + ((prevDataSize) & (uint16_t)((0UL - (conditionVal)) & 0xFFFFUL))) 132 133 /* Macros for checking DH Context validation tag according to 134 * DH functions flow stage. In other words, check that all required 135 * previous stages (functions calls) are done. If all is done, the macro 136 * returns 0, else returns 1. 137 */ 138 #define FFCDH_CHECK_CTX_VALID_TAG_BITS(validTag, checkBits) (((validTag) & (checkBits)) != (checkBits)) 139 140 /* enumerator, defining parameters */ 141 typedef enum 142 { 143 FFCDH_NO_PARAM, 144 FFCDH_DO_PARAM, 145 FFCDH_PARAM_DONE 146 }FfcDhParamsSetting_t; 147 148 149 /************************ Structures ******************************/ 150 151 152 /*! Structure, defining which FFC DH parameters are involved in the Scheme 153 according to Scheme ID, user party (U,V) and confirmation role. If some 154 member of the structure is equal to 1, then appropriate parameter is 155 needed and if 0 - not. */ 156 typedef struct 157 { 158 uint32_t doUserStatKey; 159 uint32_t doUserEphemKey; 160 uint32_t doUserNonce; 161 uint32_t doPartnerStatKey; 162 uint32_t doPartnerEphemKey; 163 uint32_t doPartnerNonce; 164 uint32_t doConfirmProvid; 165 uint32_t doConfirmRecip; 166 167 }FfcDhSchemeInfo_t; 168 169 170 /*! Structure, defining sizes and offsets of OtherInfo sub-entries 171 * inside the KdfBuffer buffer, placed in the DH context (see SP 56A, sec. 5.8.1.2, 5.8.1.2.1). 172 * extendOtherInfo = counter||ZZ||AlgId||PartyUInfo||PartyVinfo||suppPublInfo||suppPrivInfo; 173 * Each PartyInfo = PartyId||StatPublKeyInfo||EphemKeyInfo||nonce||OtherPartyData 174 * Note: - Each sub-entry includes 2-bytes, defining its size. 175 * - If any sub-entry is not used then its size should be set to 0 and data - empty. 176 * - size of the structure - 21 word = 84 bytes. */ 177 typedef struct 178 { 179 uint32_t kdfCounterOffset; /*!< KDF counter offset */ 180 uint32_t sharedSecrOffset; /*!< offset of the Algorithm ID data */ 181 182 /* Other Info Entries */ 183 uint32_t algIdOffset; /*!< offset of the Algorithm ID data */ 184 uint32_t userIdOffset; /*!< offset of the userIdOffset = userInfo */ 185 uint32_t userStatPublKeyOffset; /*!< offset of the static public key. */ 186 uint32_t userEphemPublKeyOffset; /*!< offset of the ephemeral key. */ 187 uint32_t userNonceOffset; /*!< offset of nonce (if present) */ 188 uint32_t userOtherDataOffset; /*!< offset of user other (additional) data */ 189 190 uint32_t partnIdOffset; /*!< offset of the partnIdOffset = partnInfo */ 191 uint32_t partnStatPublKeyOffset; /*!< offset of the static public key. */ 192 uint32_t partnEphemPublKeyOffset; /*!< offset of the ephemeral key. */ 193 uint32_t partnNonceOffset; /*!< offset of nonce (if present) */ 194 uint32_t partnOtherDataOffset; /*!< offset of partner other (additional) data */ 195 196 uint32_t suppPublInfoOffset; /*!< offset of supplied public Info data */ 197 uint32_t suppPrivInfoOffset; /*!< offset of supplied private Info data */ 198 199 /* data entries sizes in bytes */ 200 uint32_t sharedSecrSize; /*!< size of the Algorithm ID data */ 201 uint32_t algIdSize; /*!< offset of the Algorithm ID data */ 202 uint32_t userInfoSize; /*!< full size of user data */ 203 uint32_t partnInfoSize; /*!< full size of partner data */ 204 uint32_t suppPublInfoSize; /*!< size of supplied public Info data */ 205 uint32_t suppPrivInfoSize; /*!< size of supplied private Info data */ 206 207 }FfcDhSchemeDataOffsets_t; 208 209 210 211 212 213 /**************************************************************/ 214 /*! DH Key Agreement context structure, used in DH functions. 215 The context contains appropriate parameters and data in accordance with NIST SP 800-56A Rev. 2 standard 216 and this implementation definitions. 217 \note Some buffers for internal using of functions may be set on tmpBuff structure in the context. 218 \note The domain parameters and keys are saved in arrays with little endianness order of bytes and words 219 (i.e. LS byte/word are right most) with indication of entry size. 220 \note Public keys, when are used in KDF and MAC calculations, are presented as big endianness bytes arrays 221 with constant size, equalled to field size, and leading zeros, if existed. 222 \note Max.size of Context: 223 */ 224 typedef struct 225 { 226 uint32_t validTag; /*!< the context validation tag, indicates that the context and its members are set 227 according to current stage of DH functions flow. The bits of LS Bytes of validTag 228 indicate, that appropriate function was done or data inserted (1 - done, 0 - not done): 229 b'0 - context initialised to zero; 230 b'1 - DH Scheme parameters (DH Scheme, HASH mode, KDF mode, user party, 231 confirmation mode etc.) are inserted; 232 b'2 - FFC Domain is inserted; 233 b'3,4 - user's static/ephemeral keys, needed by the Scheme, are inserted; 234 b'5,6 - partner's static/ephemeral keys, needed by the Scheme, are inserted; 235 b'7 - PartyUInfo, PartyVInfo and Confirmation TextU, TextV are inserted; 236 b'8 - Shared Secret Keying Material and user's MacTag are calculated; 237 b'9 - calculating of expected partner's MacTag and its comparing with the 238 value, received from the partner, are done. */ 239 240 /*! DH FFC Domain parameters structure (p,q,g,{seed,genCounter}. */ 241 CCFfcDomain_t ffcDomain; // 636 bytes 242 /*! FFC DH Key Agreement Scheme parameters */ 243 CCFfcDhSchemeId_t dhSchemeId; /*!< enumerator ID of used FFC DH Key Agreement Scheme (see sec. 6, table 12). */ 244 CCFfcDhKdfModeSp56A_t kdfMode; /*!< enumerator ID of used KDF function supported KDF, based on 245 HASH or HMAC algorithms. */ 246 CCFfcHashOpMode_t ffcHashMode; /*!< enumerator ID of used SHA-x HASH mode, supported by the 247 product (Note: MD5 is not supported). */ 248 CCFfcDhUserPartyIs_t userParty; /*!< enumerator, defining user (i.e. the function's caller) party in DH Agreement (U or V). */ 249 CCFfcDhUserConfirmMode_t confirmMode; /*!< enumerator, defining confirmation mode of each party: is it provider 250 or/and recipient, according to sec. 5.9. */ 251 CCFfcParamSetId_t ffcParamSet; /*!< enumerator, defining the set of FFC domain parameters 252 according to SP 56A rev.2 section 5.5.1.1, tab.1. and FIPS 186-4 sec.4.2. */ 253 /*! Internal structure "schemeInfo": each its member indicates that appropriate scheme parameter or operation is required 254 according to chosen Scheme, user party (U,V) and Confirmation role. Size of buffer 8*sizeof(uint32_t). */ 255 FfcDhSchemeInfo_t schemeInfo; 256 257 uint32_t hmacSaltSizeBytes; 258 uint32_t hmacSalt[CC_FFCDH_MAX_SIZE_OF_HMAC_SALT_BUFF_BYTES/CC_32BIT_WORD_SIZE]; 259 uint32_t nonceSize; /* size of nonce, agreed by both parties: shall be = order size, if exist, or 0 otherwise */ 260 261 /*! Derived secret keying data and keying material sizes (in bytes) and buffer for it placing. */ 262 uint32_t secretKeyingDataSize; /* size keying data to be derived and used as result output secretKeyingData. */ 263 /*! the derived Keying material, which consists (parsed) from two keys: HMAC Key (of size = size of HASH, 264 * used in confirmation) and secretKeyingData of above stated size */ 265 uint8_t derivedKeyingMaterial[CC_FFCDH_MAX_SIZE_OF_KEYING_MATERIAL_BYTES]; 266 uint32_t derivedKeyingMaterialSize; /* size in bytes). */ 267 268 /*! User's private static, ephemeral keys and Nonce (if present): 269 * Note: Size of each one of private keys buffer is equaled to actual FFC generator order size; 270 * bytes and words order is little endianness and leading zeros are present. */ 271 uint32_t statPrivKeySizeBytes; 272 uint32_t statPrivKey[CC_FFCDH_MAX_GENER_ORDER_SIZE_IN_WORDS]; /*!< user's static private key. */ 273 uint32_t ephemPrivKeySizeBytes; 274 uint32_t ephemPrivKey[CC_FFCDH_MAX_GENER_ORDER_SIZE_IN_WORDS]; /*!< user's ephemeral private key. */ 275 276 // uint32_t userInfoSize, partnInfoSize; 277 /*! User and partner public keys: static, ephemeral and nonce (if present): 278 * userStaticPublic, userEphemerPublic keys and nonce, 279 * Max.size of two structures: 2*(2*ModSize + OrderSize + 3w) = 520 bytes*/ 280 // CCFfcDhCtxPublKeys_t userPublKeys; // max.size: 2*ModSize + OrderSize + 8 = 520 bytes 281 // CCFfcDhCtxPublKeys_t partnPublKeys; // max.size 2*256+8 = 520 bytes 282 // The structure userPublKeys includes: 283 uint32_t userIdSizeBytes; /*!< user's ID actual size in bytes */ 284 uint8_t userId[CC_FFCDH_MAX_SIZE_OF_PARTY_ID_BYTES]; /*!< user's ID. */ 285 uint32_t userStatPublKeySizeBytes; /*!< user's static ephemeral public key size in bytes */ 286 uint32_t userStatPublKey[CC_FFCDH_MAX_MOD_SIZE_IN_WORDS]; /*!< user's static ephemeral public key. */ 287 uint32_t userEphemPublKeySizeBytes; /*!< user's ephemeral public key size in bytes */ 288 uint32_t userEphemPublKey[CC_FFCDH_MAX_MOD_SIZE_IN_WORDS]; /*!< user's ephemeral public key. */ 289 uint32_t userNonceSizeBytes; /*!< actual size of user's Nonce {0 if not inserted) */ 290 uint8_t userNonce[CC_FFCDH_MAX_GENER_ORDER_SIZE_IN_BYTES]; /*!< user's Nonce */ 291 uint32_t userConfirmTextSize; /*!< [in] optional size of Text data of partyU, in bytes. */ 292 uint8_t userConfirmText[CC_FFCDH_MAX_SIZE_OF_CONFIRM_TEXT_DATA_BYTES]; /*!< confirmation Text of the User. */ 293 294 /*! Partner's public key/keys: static and ephemeral (if present): */ 295 // The structure partnPublKeys includes: 296 uint32_t partnerIdSizeBytes; /*!< user's ID actual size in bytes */ 297 uint8_t partnerId[CC_FFCDH_MAX_SIZE_OF_PARTY_ID_BYTES]; /*!< user's ID. */ 298 uint32_t partnerStatPublKeySizeBytes; /*!< partner's static ephemeral public key size in bytes */ 299 uint32_t partnerStatPublKey[CC_FFCDH_MAX_MOD_SIZE_IN_WORDS]; /*!< partner's static ephemeral public key. */ 300 uint32_t partnerEphemPublKeySizeBytes; /*!< partner's ephemeral public key size in bytes */ 301 uint32_t partnerEphemPublKey[CC_FFCDH_MAX_MOD_SIZE_IN_WORDS]; /*!< partner's ephemeral public key. */ 302 uint32_t partnerNonceSizeBytes; /*!< partner's's Nonce */ 303 uint8_t partnerNonce[CC_FFCDH_MAX_GENER_ORDER_SIZE_IN_BYTES]; /*!< partner Nonce */ 304 uint32_t partnerConfirmTextSize; /*!< [in] size of the Text data of the partner, in bytes. */ 305 uint8_t partnerConfirmText[CC_FFCDH_MAX_SIZE_OF_CONFIRM_TEXT_DATA_BYTES]; /*!< confirmation Text of the Partner. */ 306 307 /* buffers to be included in DH KDF data and OtherInfo data */ 308 // uint8_t commonBuffForKdf[CC_FFCDH_MAX_SIZE_OF_OTHER_INFO_COMMON_BUFF]; /* KdfCounter || Zz || AlgId */ 309 // uint8_t userInfo[CC_FFCDH_MAX_SIZE_OF_PARTY_INFO_BYTES]; /* user Info: userId||userStatPublKey||userephemerPublKey||userNonce */ 310 // uint8_t partnerInfo[CC_FFCDH_MAX_SIZE_OF_PARTY_INFO_BYTES]; /* partner Info: partnerId||partnerStatPublKey||partnerEphemerPublKey||partnerNonce */ 311 // uint8_t supplPublInfo[CC_FFCDH_MAX_SIZE_OF_OTHER_INFO_SUPPL_ENTRY_BYTES]; /* supplied public data known for both parties */ 312 // uint8_t supplPrivInfo[CC_FFCDH_MAX_SIZE_OF_OTHER_INFO_SUPPL_ENTRY_BYTES]; /* supplied private data known for both parties */ 313 314 315 316 /*! FFC DH extended Data buffer, containing data used for extraction secret keying material by KDF function. 317 * The buffer includes: Counter||SharedSecretZz||OtherInfo data. See sec. 5.8.1, 5.8.1.1, 5.8.1.2. */ 318 uint8_t extendDataBuffer[CC_FFCDH_MAX_SIZE_OF_KDF_DATA_BUFFER_BYTES]; 319 uint32_t currInsertedDataSize; 320 uint32_t otherInfoSize; 321 322 // CCFfcDhOtherInfo_t otherInfoBuff; /*!< buffer, containing "other data", shared by both key agreement 323 // parties and constructed according to concatenation method, described 324 // in sec. 5.8.1 of said standard current implementation requirements. 325 // For detailed description see CCFfcDhOtherInfo_t definition. 326 // Max.size 884 bytes. */ 327 328 /*! Structure, containing offsets and sizes of parties Info in OterInfo buffer (in bytes) */ 329 FfcDhSchemeDataOffsets_t dataOffsets; 330 331 // CCFfcDhConfirmMacData_t macData; /*!< buffer for confirmation data, ordered according 332 // to sec. 5.9, 5.9.1.1 and party role (U,V). Max size 614 bytes. */ 333 // CCFfcDhConfirmMacData_t macDataV; /*!< structure, containing confirmation data ordered by provider V, 334 // according to sec. 5.9, 5.9.1.1 */ 335 /*! FFC DH Key Agreement Scheme MacTags */ 336 CCHashResultBuf_t userMacTag; /*!< buffer for calculation confirmation MacTag of user as provider. */ 337 CCHashResultBuf_t partnerMacTag; /*!< buffer for calculation confirmation MacTag of partner as provider. */ 338 uint32_t macTagSize; /*!< size in bytes of confirmation MacTag-s */ 339 /*! Temp buffer, used in internal calculations */ 340 CCFfcDhTemp_t tmpBuff; /*!< [in] structure, containing internal temp buffers, used in DH functions, 341 such as Derived Keying Data, offsets of specific entries in otherInfo, MacData , 342 work space buffers etc. */ 343 } DhContext_t; 344 345 346 /* Check Context size: print error message if the size is not correct */ 347 #define DH_LOCAL_CONTEXT_SIZE_BYTES \ 348 ROUNDUP_BYTES_TO_32BIT_WORD((FFC_DOMAIN_SIZE_BYTES + CC_FFCDH_MAX_SIZE_OF_HMAC_SALT_BUFF_BYTES + CC_FFCDH_MAX_SIZE_OF_KEYING_MATERIAL_BYTES + \ 349 4*CC_FFCDH_MAX_GENER_ORDER_SIZE_IN_BYTES/*2priv,2nonce*/ + 2*CC_FFCDH_MAX_SIZE_OF_PARTY_ID_BYTES + 4*CC_FFCDH_MAX_MOD_SIZE_IN_BYTES + \ 350 CC_FFCDH_MAX_SIZE_OF_KDF_DATA_BUFFER_BYTES + 2*CC_HASH_RESULT_SIZE_IN_WORDS*CC_32BIT_WORD_SIZE/*MacTags*/ + 32/*schemeInfo*/ + \ 351 84/*dataOffsets*/ + 2*CC_FFCDH_MAX_SIZE_OF_CONFIRM_TEXT_DATA_BYTES + 26*CC_32BIT_WORD_SIZE/*separ.words*/ + CC_FFCDH_CTX_TMP_BUFF_MAX_SIZE_IN_WORDS*CC_32BIT_WORD_SIZE)) 352 353 #if (CC_FFCDH_CONTEXT_BUFF_SIZE_IN_BYTES != DH_LOCAL_CONTEXT_SIZE_BYTES) 354 #error CC_FFCDH_CONTEXT_SIZE_IN_WORDS defined not correct. 355 #endif 356 357 /* Data base array, indicating combination of parameters and operations, required by different Schemes. 358 * 359 * This 3-dimensional array contains structures of mentioned above parameters appropriates, for each Schemes. 360 */ 361 //FfcDhSchemeInfo_t ffcdhSchemeMatrix[CC_FFCDH_SCHEM_NUM_OFF_MODE][CC_FFCDH_PARTY_NUM_OFF_MODE][CC_FFCDH_CONFIRM_NUM_OFF_MODE]; 362 // 363 //#define FFCDH_SCHEMES_MATRIX 364 365 366 367 368 #ifdef __cplusplus 369 } 370 #endif 371 372 #endif 373 374
