You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# User-defined Crypto Ciphersuites Used by Azure IoT Sample
1
+
# User-defined Crypto Ciphersuite Used by Azure IoT Sample
2
2
3
3
## Introduction
4
4
5
-
[Azure RTOS NetX Crypto](https://learn.microsoft.com/en-us/azure/rtos/netx/netx-crypto/chapter1) is the default crypto ciphersuite used by [Azure RTOS NetX Secure](https://learn.microsoft.com/en-us/azure/rtos/netx-duo/netx-secure-tls/chapter1) TLS stack in [Azure IoT Sample](https://github.com/azure-rtos/samples). If clients want to use different crypto algorithm implementation, such as hardware security engine, TF-M PSA, or PKCS#11 based crypto methods, this user guide will show how to implement user-defined crypto ciphersuite and integrate it with Azure IoT Sample.
5
+
[Azure RTOS NetX Crypto](https://learn.microsoft.com/azure/rtos/netx/netx-crypto/chapter1) is the default crypto ciphersuite used by [Azure RTOS NetX Secure](https://learn.microsoft.com/azure/rtos/netx-duo/netx-secure-tls/chapter1) TLS stack in [Azure IoT Sample](https://github.com/azure-rtos/samples). If clients want to use different crypto algorithm implementation, such as hardware security engine, TF-M PSA, or PKCS#11 based crypto methods, this user guide will show how to implement user-defined crypto ciphersuite and integrate it with Azure IoT Sample.
6
6
7
7
## General Process
8
8
9
9
There are four steps to implement and utilize a user-defined crypto ciphersuite.
10
10
11
-
1. Declare a [NX_CRYPTO_METHOD](https://github.com/azure-rtos/netxduo/blob/a69a06e35da0ac763b363388f555b508b0cd84b7/crypto_libraries/inc/nx_crypto.h#L320) struct for your crypto algorithm, which contains initialization, cleanup and crypto operations function pointers for the crypto method in use.
11
+
1. Declare a [NX_CRYPTO_METHOD](https://github.com/azure-rtos/netxduo/blob/master/crypto_libraries/inc/nx_crypto.h#L320) struct for your crypto algorithm, which contains initialization, cleanup and crypto operations function pointers for the crypto method in use.
12
12
13
13
2. Define initialization, cleanup and crypto operation functions for this crypto method.
14
14
@@ -20,13 +20,11 @@ There are four steps to implement and utilize a user-defined crypto ciphersuite.
20
20
21
21
[The STMicroelectronics B-U585I-IOT02A sample project](https://github.com/azure-rtos/samples/releases/download/v6.1_rel/Azure_RTOS_6.1_B-U585I-IOT02A_IAR_Samples_Beta_2021_10_01.zip) implements [TF-M PSA](https://www.trustedfirmware.org/projects/tf-m/) based ECDSA crypto ciphersuite for TLS device authentication. We will use it an an example to demonstrate the above process.
22
22
23
-
<p>
24
-
All the changed files are under the path <em>B-U585I-IOT02A\Projects\B-U585I-IOT02A\Applications\TFM\TFM_Appli\NonSecure\Projects\B-U585I-IOT02A\Applications\TFM\TFM_Appli\NonSecure</em>.
25
-
</p>
23
+
All the changed files are under the path *B-U585I-IOT02A\Projects\B-U585I-IOT02A\Applications\TFM\TFM_Appli\NonSecure\Projects\B-U585I-IOT02A\Applications\TFM\TFM_Appli\NonSecure*.
26
24
27
-
1. In <em>psa_crypto_ciphersuites/nx_crypto_psa_crypto_ciphersuites.c</em>, declare NX_CRYPTO_METHOD struct `crypto_method_ecdsa_psa_crypto` for PSA based ECDSA crypto method.
25
+
1. In *psa_crypto_ciphersuites/nx_crypto_psa_crypto_ciphersuites.c*, declare NX_CRYPTO_METHOD struct `crypto_method_ecdsa_psa_crypto` for PSA based ECDSA crypto method.
28
26
29
-
<pre>
27
+
```c
30
28
NX_CRYPTO_METHOD crypto_method_ecdsa_psa_crypto =
31
29
{
32
30
NX_CRYPTO_DIGITAL_SIGNATURE_ECDSA, /* ECDSA crypto algorithm name */
2. In <em>psa_crypto_ciphersuites/nx_crypto_ecdsa_psa_crypto.c</em>, define initialization, cleanup and crypto operations for this crypto method.
42
+
2. In *psa_crypto_ciphersuites/nx_crypto_ecdsa_psa_crypto.c*, define initialization, cleanup and crypto operations for this crypto method.
45
43
-`_nx_crypto_method_ecdsa_psa_crypto_init()` for parameter check and metadata initialization;
46
44
-`_nx_crypto_method_ecdsa_psa_crypto_cleanup()` for metadata clean up;
47
45
-`_nx_crypto_method_ecdsa_psa_crypto_operation()` to perform ECDSA operations, including ECDSA signature, verify, EC curve setting, with [PSA crypto APIs](https://armmbed.github.io/mbed-crypto/html/index.html).
48
46
49
-
3. In <em>psa_crypto_ciphersuites/nx_crypto_ecdsa_psa_crypto.h</em>, define a struct 'NX_CRYPTO_ECDSA_PSA_CRYPTO' to save metadata used by crypto functions, such as scrtch buffer, psa key handle, etc.
47
+
3. In *psa_crypto_ciphersuites/nx_crypto_ecdsa_psa_crypto.h*, define a struct `NX_CRYPTO_ECDSA_PSA_CRYPTO` to save metadata used by crypto functions, such as scrtch buffer, psa key handle, etc.
50
48
51
-
4. In <em>Src/nx_azure_iot_ciphersuites.c</em>, add this new defined NX_CRYPTO_METHOD <b>`crypto_method_ecdsa_psa_crypto`</b> into `_nx_azure_iot_tls_supported_crypto[]`.
49
+
4. In *Src/nx_azure_iot_ciphersuites.c*, add this newly defined NX_CRYPTO_METHOD `crypto_method_ecdsa_psa_crypto` into `_nx_azure_iot_tls_supported_crypto[]`.
0 commit comments