Files
openthread/src/core/api/crypto_api.cpp
T
Abtin Keshavarzian 0fbee98fd5 [crypto] simplify AesCcm public APIs and introduce internal Engine (#13215)
This commit refactors the `AesCcm` class to simplify its public interface,
decoupling the high-level API from the underlying cryptographic execution.

Key improvements:
- Redesigned the API from a series of procedural method calls
  (`Init()`, `Header()`, `Payload()`, `Finalize()`) into a unified,
  stateful model. Callers now pre-configure the operation parameters using
  dedicated setters (`SetKey()`, `SetNonce()`, `SetAuthData()`,
  `SetTagLength()`) and execute the entire cryptographic operation in a
  single step via unified `Process()` methods.
- Introduced a nested `Engine` class to encapsulate the low-level AES-CCM
  mathematical and cryptographic state. The `Engine` provides clean internal
  interfaces for both optimized one-shot (single-part) and multi-part
  operations.
- This architectural separation allows the outer `AesCcm` class to focus on
  parameter validation, high-level buffer management, and complex `Message`
  chunk iterations, while the `Engine` remains focused purely on the
  cryptographic core. This also provides a clean extension point to easily
  route one-shot operations to platform-specific hardware acceleration APIs
  in the future.
- Updated `Mac` and `Mle` modules to use the simplified APIs, reducing
   boilerplate code.
- Retained a static `Perform()` wrapper to support the legacy public
  `otCrypto` API.
- Updated unit tests to validate the new stateful interfaces, including
  robust in-place message chunk processing and separate-buffer
  validations.
2026-06-10 10:24:34 -07:00

75 lines
3.0 KiB
C++

/*
* Copyright (c) 2016, The OpenThread Authors.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the copyright holder nor the
* names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/**
* @file
* This file implements the OpenThread Crypto API.
*/
#include "openthread-core-config.h"
#include "crypto/aes_ccm.hpp"
#include "crypto/ecdsa.hpp"
#include "crypto/hmac_sha256.hpp"
#include "instance/instance.hpp"
using namespace ot;
using namespace ot::Crypto;
void otCryptoHmacSha256(const otCryptoKey *aKey, const uint8_t *aBuf, uint16_t aBufLength, otCryptoSha256Hash *aHash)
{
HmacSha256 hmac;
AssertPointerIsNotNull(aBuf);
hmac.Start(AsCoreType(aKey));
hmac.Update(aBuf, aBufLength);
hmac.Finish(AsCoreType(aHash));
}
void otCryptoAesCcm(const otCryptoKey *aKey,
uint8_t aTagLength,
const void *aNonce,
uint8_t aNonceLength,
const void *aHeader,
uint32_t aHeaderLength,
void *aPlainText,
void *aCipherText,
uint32_t aLength,
bool aEncrypt,
void *aTag)
{
AssertPointerIsNotNull(aNonce);
AssertPointerIsNotNull(aPlainText);
AssertPointerIsNotNull(aCipherText);
AssertPointerIsNotNull(aTag);
AesCcm::Perform(aEncrypt ? AesCcm::kEncrypt : AesCcm::kDecrypt, AsCoreType(aKey), aTagLength, aNonce, aNonceLength,
aHeader, aHeaderLength, aPlainText, aCipherText, aLength, aTag);
}