ext/lib/crypto: Update TinyCrypt to version 0.2.6

#define NULL ((void *)0)

#endif

#ifndef bool

enum {false, true} bool;

#endif

#define TC_CRYPTO_SUCCESS 1

#define TC_CRYPTO_FAIL 0

extern "C" {

#endif

/* Word size (4 bytes considering 32-bits architectures) */

#define WORD_SIZE 4

/* Number of words of 32 bits to represent an element of the the curve p-256: */

#define NUM_ECC_DIGITS 8

/* Number of bytes to represent an element of the the curve p-256: */

#define NUM_ECC_BYTES (4*NUM_ECC_DIGITS)

#define NUM_ECC_BYTES (WORD_SIZE*NUM_ECC_DIGITS)

/* struct to represent a point of the curve (uses X and Y coordinates): */

typedef struct EccPoint {

 * @param p_right IN -- buffer p_right in (p_left * p_right) % p_mod.

 * @param p_mod IN -- module.

 * @param p_barrett IN -- used for Barrett reduction.

 * @note Side-channel countermeasure: algorithm strengthened against timing

 * attack.

 */

void vli_modMult(uint32_t *p_result, uint32_t *p_left, uint32_t *p_right,

		uint32_t *p_mod, uint32_t *p_barrett);

 * @param p_input IN -- buffer p_input in (1/p_intput) % p_mod.

 * @param p_mod IN -- module.

 * @param p_barrett IN -- used for Barrett reduction.

 * @note Side-channel countermeasure: algorithm strengthened against timing

 * attack.

 */

void vli_modInv(uint32_t *p_result, uint32_t *p_input,

		uint32_t *p_mod, uint32_t *p_barrett);

/*

 * @brief modular reduction based on Barrett's method

 * @param p_result OUT -- p_product % p_mod.

 * @param p_product IN -- buffer p_product in (p_product % p_mod).

 * @param p_mod IN -- buffer p_mod in (p_product % p_mod).

 * @param p_barrett -- used for Barrett reduction.

 * @note Side-channel countermeasure: algorithm strengthened against timing

 * attack.

 */

void vli_mmod_barrett(

    uint32_t *p_result,

    uint32_t *p_product,

    uint32_t *p_mod,

    uint32_t *p_barrett);

/*

 * @brief Check if a point is zero.

 * @return Returns 1 if p_point is the point at infinity, 0 otherwise.

 * @param p_result OUT -- Product of p_point by p_scalar.

 * @param p_point IN -- Elliptic curve point

 * @param p_scalar IN -- Scalar integer

 * @note Side-channel countermeasure: algorithm strengthened against timing

 * attack.

 */

void EccPoint_mult_safe(EccPointJacobi *p_result, EccPoint *p_point,

		uint32_t *p_scalar);

/*

 * @brief Fast elliptic curve scalar multiplication with result in Jacobi

 * coordinates

 * @note non constant time

 * @param p_result OUT -- Product of p_point by p_scalar.

 * @param p_point IN -- Elliptic curve point

 * @param p_scalar IN -- Scalar integer

 * @note algorithm NOT strengthened against timing attack.

 */

void EccPoint_mult(EccPointJacobi *p_result, EccPoint *p_point,

void EccPoint_mult_unsafe(

    EccPointJacobi *p_result,

    EccPoint *p_point,

    uint32_t *p_scalar);

/*

/**

 * @brief Create a public/private key pair.

 * @return returns TC_CRYPTO_SUCCESS (1) if the key pair was generated successfully

 * @return returns TC_CRYPTO_SUCCESS (1) if key pair was generated successfully

 *         returns TC_CRYPTO_FAIL (0) if:

 *                the private key is 0

 *

 *

 * @note You must use a new non-predictable random number to generate each

 * new key pair.

 * @note p_random must have NUM_ECC_DIGITS*2 bits of entropy to eliminate

 * bias in keys.

 *

 * @note side-channel countermeasure: algorithm strengthened against timing

 * attack.

 */

int32_t ecc_make_key(EccPoint *p_publicKey,

		     uint32_t p_privateKey[NUM_ECC_DIGITS],

		     uint32_t p_random[NUM_ECC_DIGITS]);

		     uint32_t p_random[2 * NUM_ECC_DIGITS]);

/**

 * @brief Determine whether or not a given point is on the chosen elliptic curve

 *         returns -2 if:  curve_p - p_publicKey->x != 1 or

 *                            curve_p - p_publicKey->y != 1

 *         returns -3 if: y^2 != x^3 + ax + b

 *         returns -4 if: public key is the group generator

 *

 * @param p_publicKey IN -- The point to be checked.

 */

int32_t ecc_valid_public_key(EccPoint *p_publicKey);

/**

 * @brief Compute a shared secret given your secret key and someone else's

 * public key.

 * @return returns TC_CRYPTO_SUCCESS (1) if the shared secret was computed successfully

 * @return returns TC_CRYPTO_SUCCESS (1) if the secret was computed successfully

 *         returns TC_CRYPTO_FAIL (0) otherwise

 *

 * @param p_secret OUT -- The shared secret value.

 * attacks. The random multiplier should probably be different for each

 * invocation of ecdh_shared_secret().

 *

 * @note It is recommended that you hash the result of ecdh_shared_secret before

 * using it for symmetric encryption or HMAC. If you do not hash the shared

 * secret, you must call ecc_valid_public_key() to verify that the remote side's

 * public key is valid. If this is not done, an attacker could create a public

 * key that would cause your use of the shared secret to leak information about

 * the private key.

 * @warning It is recommended to use the output of ecdh_shared_secret() as the

 * input of a recommended Key Derivation Function (see NIST SP 800-108) in

 * order to produce a symmetric key.

 */

int32_t ecdh_shared_secret(uint32_t p_secret[NUM_ECC_DIGITS], EccPoint *p_publicKey,

			   uint32_t p_privateKey[NUM_ECC_DIGITS]);

 *                ctx == NULL or

 *                key == NULL or

 *                taglen != TC_SHA256_DIGEST_SIZE

 *  @note 'ctx' is erased before exiting (this must never be changed/removed).

 *  @note Assumes the tag bufer is at least sizeof(hmac_tag_size(state)) bytes

 *  state has been initialized by tc_hmac_init

 *  @param tag IN/OUT -- buffer to receive computed HMAC tag

	}

}

/* Returns nonzero if bit p_bit of p_vli is set. */

/* Returns nonzero if bit p_bit of p_vli is set.

 * It is assumed that the value provided in 'bit' is within

 * the boundaries of the word-array 'p_vli'.*/

static uint32_t vli_testBit(uint32_t *p_vli, uint32_t p_bit)

{

	return (p_vli[p_bit / 32] & (1 << (p_bit % 32)));

}

/* Computes p_result = p_product % curve_p using Barrett reduction. */

static void vli_mmod_barrett(uint32_t *p_result, uint32_t *p_product,

void vli_mmod_barrett(uint32_t *p_result, uint32_t *p_product,

			     uint32_t *p_mod, uint32_t *p_barrett)

{

	uint32_t i;

 *

 * p_result = p_scalar * p_point.

 */

void EccPoint_mult(EccPointJacobi *p_result, EccPoint *p_point, uint32_t *p_scalar)

void EccPoint_mult_safe(EccPointJacobi *p_result, EccPoint *p_point, uint32_t *p_scalar)

{

	int32_t i;

	}

}

/* Ellptic curve scalar multiplication with result in Jacobi coordinates */

/* p_result = p_scalar * p_point */

void EccPoint_mult_unsafe(EccPointJacobi *p_result, EccPoint *p_point, uint32_t *p_scalar)

{

  int i;

  EccPointJacobi p_point_jacobi;

  EccPoint_fromAffine(p_result, p_point);

  EccPoint_fromAffine(&p_point_jacobi, p_point);

  for(i = vli_numBits(p_scalar) - 2; i >= 0; i--)

  {

    EccPoint_double(p_result);

    if (vli_testBit(p_scalar, i))

    {

      EccPoint_add(p_result, &p_point_jacobi);

    }

  }

}

/* -------- Conversions between big endian and little endian: -------- */

void ecc_bytes2native(uint32_t p_native[NUM_ECC_DIGITS],