ext/lib/crypto: Update TinyCrypt to version 0.2.6

https://github.com/01org/tinycrypt

At revision c7b1dca2b27070dfb5f92e56dab7a91a7afee18c, version 0.2.5

At revision e6cffb820b91578d9816fc0bcc8f72f32f6ee76b, version 0.2.6

Any changes to the local version should include Zephyr's TinyCrypt

maintainer in the review.  That can be found via the git history.

#define NULL ((void *)0)

#endif

#ifndef bool

enum {false, true} bool;

#endif

#define TC_CRYPTO_SUCCESS 1

#define TC_CRYPTO_FAIL 0

extern "C" {

#endif

/* Word size (4 bytes considering 32-bits architectures) */

#define WORD_SIZE 4

/* Number of words of 32 bits to represent an element of the the curve p-256: */

#define NUM_ECC_DIGITS 8

/* Number of bytes to represent an element of the the curve p-256: */

#define NUM_ECC_BYTES (4*NUM_ECC_DIGITS)

#define NUM_ECC_BYTES (WORD_SIZE*NUM_ECC_DIGITS)

/* struct to represent a point of the curve (uses X and Y coordinates): */

typedef struct EccPoint {

 * @param p_right IN -- buffer p_right in (p_left * p_right) % p_mod.

 * @param p_mod IN -- module.

 * @param p_barrett IN -- used for Barrett reduction.

 * @note Side-channel countermeasure: algorithm strengthened against timing

 * attack.

 */

void vli_modMult(uint32_t *p_result, uint32_t *p_left, uint32_t *p_right,

		uint32_t *p_mod, uint32_t *p_barrett);

 * @param p_input IN -- buffer p_input in (1/p_intput) % p_mod.

 * @param p_mod IN -- module.

 * @param p_barrett IN -- used for Barrett reduction.

 * @note Side-channel countermeasure: algorithm strengthened against timing

 * attack.

 */

void vli_modInv(uint32_t *p_result, uint32_t *p_input,

		uint32_t *p_mod, uint32_t *p_barrett);

/*

 * @brief modular reduction based on Barrett's method

 * @param p_result OUT -- p_product % p_mod.

 * @param p_product IN -- buffer p_product in (p_product % p_mod).

 * @param p_mod IN -- buffer p_mod in (p_product % p_mod).

 * @param p_barrett -- used for Barrett reduction.

 * @note Side-channel countermeasure: algorithm strengthened against timing

 * attack.

 */

void vli_mmod_barrett(

    uint32_t *p_result,

    uint32_t *p_product,

    uint32_t *p_mod,

    uint32_t *p_barrett);

/*

 * @brief Check if a point is zero.

 * @return Returns 1 if p_point is the point at infinity, 0 otherwise.

 * @param p_result OUT -- Product of p_point by p_scalar.

 * @param p_point IN -- Elliptic curve point

 * @param p_scalar IN -- Scalar integer

 * @note Side-channel countermeasure: algorithm strengthened against timing

 * attack.

 */

void EccPoint_mult_safe(EccPointJacobi *p_result, EccPoint *p_point,

		uint32_t *p_scalar);

/*

 * @brief Fast elliptic curve scalar multiplication with result in Jacobi

 * coordinates

 * @note non constant time

 * @param p_result OUT -- Product of p_point by p_scalar.

 * @param p_point IN -- Elliptic curve point

 * @param p_scalar IN -- Scalar integer

 * @note algorithm NOT strengthened against timing attack.

 */

void EccPoint_mult(EccPointJacobi *p_result, EccPoint *p_point,

void EccPoint_mult_unsafe(

    EccPointJacobi *p_result,

    EccPoint *p_point,

    uint32_t *p_scalar);

/*

/**

 * @brief Create a public/private key pair.

 * @return returns TC_CRYPTO_SUCCESS (1) if the key pair was generated successfully

 * @return returns TC_CRYPTO_SUCCESS (1) if key pair was generated successfully

 *         returns TC_CRYPTO_FAIL (0) if:

 *                the private key is 0

 *

 *

 * @note You must use a new non-predictable random number to generate each

 * new key pair.

 * @note p_random must have NUM_ECC_DIGITS*2 bits of entropy to eliminate

 * bias in keys.

 *

 * @note side-channel countermeasure: algorithm strengthened against timing

 * attack.

 */

int32_t ecc_make_key(EccPoint *p_publicKey,

		     uint32_t p_privateKey[NUM_ECC_DIGITS],

		     uint32_t p_random[NUM_ECC_DIGITS]);

		     uint32_t p_random[2 * NUM_ECC_DIGITS]);

/**

 * @brief Determine whether or not a given point is on the chosen elliptic curve

 *         returns -2 if:  curve_p - p_publicKey->x != 1 or

 *                            curve_p - p_publicKey->y != 1

 *         returns -3 if: y^2 != x^3 + ax + b

 *         returns -4 if: public key is the group generator

 *

 * @param p_publicKey IN -- The point to be checked.

 */

int32_t ecc_valid_public_key(EccPoint *p_publicKey);

/**

 * @brief Compute a shared secret given your secret key and someone else's

 * public key.

 * @return returns TC_CRYPTO_SUCCESS (1) if the shared secret was computed successfully

 * @return returns TC_CRYPTO_SUCCESS (1) if the secret was computed successfully

 *         returns TC_CRYPTO_FAIL (0) otherwise

 *

 * @param p_secret OUT -- The shared secret value.

 * attacks. The random multiplier should probably be different for each

 * invocation of ecdh_shared_secret().

 *

 * @note It is recommended that you hash the result of ecdh_shared_secret before

 * using it for symmetric encryption or HMAC. If you do not hash the shared

 * secret, you must call ecc_valid_public_key() to verify that the remote side's

 * public key is valid. If this is not done, an attacker could create a public

 * key that would cause your use of the shared secret to leak information about

 * the private key.

 * @warning It is recommended to use the output of ecdh_shared_secret() as the

 * input of a recommended Key Derivation Function (see NIST SP 800-108) in

 * order to produce a symmetric key.

 */

int32_t ecdh_shared_secret(uint32_t p_secret[NUM_ECC_DIGITS], EccPoint *p_publicKey,

			   uint32_t p_privateKey[NUM_ECC_DIGITS]);

 *                ctx == NULL or

 *                key == NULL or

 *                taglen != TC_SHA256_DIGEST_SIZE

 *  @note 'ctx' is erased before exiting (this must never be changed/removed).

 *  @note Assumes the tag bufer is at least sizeof(hmac_tag_size(state)) bytes

 *  state has been initialized by tc_hmac_init

 *  @param tag IN/OUT -- buffer to receive computed HMAC tag