Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / pigweed / b7b38c239b69f349a85bdf9a968e1ac7b733a771 / . / pw_crypto / docs.rst
blob: 817bcbc32d1dc961080b5e29083bb434594f5f3b [file] [log] [blame]
Ali Zhang6a23acf2021-06-21 15:55:48 -0700[diff] [blame]1.. _module-pw_crypto:
2
Ali Zhang6a23acf2021-06-21 15:55:48 -0700[diff] [blame]3pw_crypto
Ali Zhangef68dc62021-06-25 16:25:44 -0700[diff] [blame]4=========
Ali Zhang6a23acf2021-06-21 15:55:48 -0700[diff] [blame]5A set of safe (read: easy to use, hard to misuse) crypto APIs.
6
7.. attention::
8
9 This module is under construction.
10
Ali Zhangef68dc62021-06-25 16:25:44 -0700[diff] [blame]11The following crypto services are provided by this module.
Ali Zhang6a23acf2021-06-21 15:55:48 -0700[diff] [blame]12
Ali Zhangef68dc62021-06-25 16:25:44 -0700[diff] [blame]131. Digesting a message with `SHA256`_.
142. Verifying a digital signature signed with `ECDSA`_ over the NIST P256 curve.
153. Many more to come ...
Ali Zhang6a23acf2021-06-21 15:55:48 -0700[diff] [blame]16
Ali Zhangef68dc62021-06-25 16:25:44 -0700[diff] [blame]17SHA256
18------
19
20.. attention::
21
22 The SHA256 crypto service is under construction.
23
Ali Zhang6a23acf2021-06-21 15:55:48 -0700[diff] [blame]24Usage
Ali Zhangef68dc62021-06-25 16:25:44 -0700[diff] [blame]25^^^^^
Ali Zhang6a23acf2021-06-21 15:55:48 -0700[diff] [blame]26
Ali Zhangef68dc62021-06-25 16:25:44 -0700[diff] [blame]271. Obtaining a oneshot digest.
Ali Zhang6a23acf2021-06-21 15:55:48 -0700[diff] [blame]28
29.. code-block:: cpp
30
31 #include "pw_crypto/sha256.h"
32
33 std::byte digest[32];
34 Status status = pw::crypto::sha256::Digest(message, digest);
35
Ali Zhangef68dc62021-06-25 16:25:44 -0700[diff] [blame]362. Digesting a long, potentially non-contiguous message.
Ali Zhang6a23acf2021-06-21 15:55:48 -0700[diff] [blame]37
38.. code-block:: cpp
39
40 #include "pw_crypto/sha256.h"
41
42 std::byte digest[32];
43 auto h = pw::crypto::sha256::Sha256();
44
45 while (/* chunk ← Get next chunk of message */) {
46 h.Update(chunk);
47 }
48
49 Status status = h.Final(digest);
50
Ali Zhangef68dc62021-06-25 16:25:44 -0700[diff] [blame]51Configuration
52^^^^^^^^^^^^^
53
54The SHA256 crypto service can be backed by a few different crypto libraries as configured below.
55
56EmbedTLS
57
58.. code-block:: sh
59
60 # Install and configure MbedTLS
61 pw package install mbedtls
62 gn gen out --args='dir_pw_third_party_mbedtls="//.environment/packages/mbedtls" pw_crypto_SHA256_BACKEND="//pw_crypto:sha256_mbedtls"'
63
64 ninja -C out
65
66ECDSA
67-----
68
69.. attention::
70
71 The ECDSA crypto service is under construction.
72
73Usage
74^^^^^
75
761. Verifying a digital signature signed with ECDSA over the NIST P256 curve.
Ali Zhang6a23acf2021-06-21 15:55:48 -0700[diff] [blame]77
78.. code-block:: cpp
79
80 #include "pw_crypto/sha256.h"
81
82 std::byte digest[32];
83 auto status = pw::crypto::sha256::Digest(message, digest);
84
85 if (!status.ok()) {
86 // handle errors.
87 }
88
Ali Zhangb7b38c22021-07-07 11:39:50 -0700[diff] [blame^]89 bool valid = pw::crypto::ecdsa::VerifyP256Signature(public_key, digest, signature).ok();
Ali Zhang6a23acf2021-06-21 15:55:48 -0700[diff] [blame]90
Ali Zhangef68dc62021-06-25 16:25:44 -0700[diff] [blame]912. Verifying a digital signature signed with ECDSA over the NIST P256 curve, with a long and/or non-contiguous message.
Ali Zhang6a23acf2021-06-21 15:55:48 -0700[diff] [blame]92
93.. code-block:: cpp
94
95 #include "pw_crypto/sha256.h"
96
97 std::byte digest[32];
98 auto h = pw::crypto::sha256::Sha256();
99
100 while (/* chunk ← Get the next chunk of message */) {
101 h.Update(chunk);
102 }
103
104 auto status = h.Final(digest);
Ali Zhangb7b38c22021-07-07 11:39:50 -0700[diff] [blame^]105 bool valid = status.ok() && pw::crypto::ecdsa::VerifyP256Signature(public_key, digest, signature).ok();