Mbed TLS v2.28.5
crypto_extra.h
Go to the documentation of this file.
1 
11 /*
12  * Copyright The Mbed TLS Contributors
13  * SPDX-License-Identifier: Apache-2.0
14  *
15  * Licensed under the Apache License, Version 2.0 (the "License"); you may
16  * not use this file except in compliance with the License.
17  * You may obtain a copy of the License at
18  *
19  * http://www.apache.org/licenses/LICENSE-2.0
20  *
21  * Unless required by applicable law or agreed to in writing, software
22  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
23  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
24  * See the License for the specific language governing permissions and
25  * limitations under the License.
26  */
27 
28 #ifndef PSA_CRYPTO_EXTRA_H
29 #define PSA_CRYPTO_EXTRA_H
30 
31 #include "mbedtls/platform_util.h"
32 
33 #include "crypto_types.h"
34 #include "crypto_compat.h"
35 
36 #ifdef __cplusplus
37 extern "C" {
38 #endif
39 
40 /* UID for secure storage seed */
41 #define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52
42 
43 /* See config.h for definition */
44 #if !defined(MBEDTLS_PSA_KEY_SLOT_COUNT)
45 #define MBEDTLS_PSA_KEY_SLOT_COUNT 32
46 #endif
47 
72  psa_key_attributes_t *attributes,
73  psa_algorithm_t alg2)
74 {
75  attributes->core.policy.alg2 = alg2;
76 }
77 
85  const psa_key_attributes_t *attributes)
86 {
87  return attributes->core.policy.alg2;
88 }
89 
90 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
91 
114 psa_status_t psa_get_key_slot_number(
115  const psa_key_attributes_t *attributes,
116  psa_key_slot_number_t *slot_number);
117 
141 static inline void psa_set_key_slot_number(
142  psa_key_attributes_t *attributes,
143  psa_key_slot_number_t slot_number)
144 {
146  attributes->slot_number = slot_number;
147 }
148 
155 static inline void psa_clear_key_slot_number(
156  psa_key_attributes_t *attributes)
157 {
159 }
160 
201 psa_status_t mbedtls_psa_register_se_key(
202  const psa_key_attributes_t *attributes);
203 
204 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
205 
216 void mbedtls_psa_crypto_free(void);
217 
224 typedef struct mbedtls_psa_stats_s {
237  size_t cache_slots;
239  size_t empty_slots;
241  size_t locked_slots;
247 
256 
324 psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
325  size_t seed_size);
326 
338 #define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t) 0x4002)
339 
356 #define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t) 0x7002)
357 
359 #define PSA_KEY_TYPE_IS_DSA(type) \
360  (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY)
361 
362 #define PSA_ALG_DSA_BASE ((psa_algorithm_t) 0x06000400)
363 
377 #define PSA_ALG_DSA(hash_alg) \
378  (PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
379 #define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t) 0x06000500)
380 #define PSA_ALG_DSA_DETERMINISTIC_FLAG PSA_ALG_ECDSA_DETERMINISTIC_FLAG
381 
395 #define PSA_ALG_DETERMINISTIC_DSA(hash_alg) \
396  (PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
397 #define PSA_ALG_IS_DSA(alg) \
398  (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == \
399  PSA_ALG_DSA_BASE)
400 #define PSA_ALG_DSA_IS_DETERMINISTIC(alg) \
401  (((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)
402 #define PSA_ALG_IS_DETERMINISTIC_DSA(alg) \
403  (PSA_ALG_IS_DSA(alg) && PSA_ALG_DSA_IS_DETERMINISTIC(alg))
404 #define PSA_ALG_IS_RANDOMIZED_DSA(alg) \
405  (PSA_ALG_IS_DSA(alg) && !PSA_ALG_DSA_IS_DETERMINISTIC(alg))
406 
407 
408 /* We need to expand the sample definition of this macro from
409  * the API definition. */
410 #undef PSA_ALG_IS_VENDOR_HASH_AND_SIGN
411 #define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) \
412  PSA_ALG_IS_DSA(alg)
413 
426 #define PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t) 0x7e)
427 
428 
496  psa_key_type_t type,
497  const uint8_t *data,
498  size_t data_length);
499 
524  const psa_key_attributes_t *attributes,
525  uint8_t *data,
526  size_t data_size,
527  size_t *data_length);
528 
554 #define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits) \
555  (PSA_KEY_TYPE_IS_RSA(key_type) ? sizeof(int) : \
556  PSA_KEY_TYPE_IS_DH(key_type) ? PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
557  PSA_KEY_TYPE_IS_DSA(key_type) ? PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
558  0)
559 #define PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
560  (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 3 /*without optional parts*/)
561 #define PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
562  (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 2 /*p, g*/ + 34 /*q*/)
563 
570 #if defined(MBEDTLS_ECP_C)
571 #include <mbedtls/ecp.h>
572 
587  size_t *bits)
588 {
589  switch (grpid) {
591  *bits = 192;
592  return PSA_ECC_FAMILY_SECP_R1;
594  *bits = 224;
595  return PSA_ECC_FAMILY_SECP_R1;
597  *bits = 256;
598  return PSA_ECC_FAMILY_SECP_R1;
600  *bits = 384;
601  return PSA_ECC_FAMILY_SECP_R1;
603  *bits = 521;
604  return PSA_ECC_FAMILY_SECP_R1;
606  *bits = 256;
609  *bits = 384;
612  *bits = 512;
615  *bits = 255;
618  *bits = 192;
619  return PSA_ECC_FAMILY_SECP_K1;
621  *bits = 224;
622  return PSA_ECC_FAMILY_SECP_K1;
624  *bits = 256;
625  return PSA_ECC_FAMILY_SECP_K1;
627  *bits = 448;
629  default:
630  *bits = 0;
631  return 0;
632  }
633 }
634 
655  size_t bits,
656  int bits_is_sloppy);
657 #endif /* MBEDTLS_ECP_C */
658 
665 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
666 
705 psa_status_t mbedtls_psa_external_get_random(
706  mbedtls_psa_external_random_context_t *context,
707  uint8_t *output, size_t output_size, size_t *output_length);
708 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
709 
727 #define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ((psa_key_id_t) 0x7fff0000)
728 
734 #define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ((psa_key_id_t) 0x7fffefff)
735 
740 typedef uint64_t psa_drv_slot_number_t;
741 
742 #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
743 
752 static inline int psa_key_id_is_builtin(psa_key_id_t key_id)
753 {
754  return (key_id >= MBEDTLS_PSA_KEY_ID_BUILTIN_MIN) &&
755  (key_id <= MBEDTLS_PSA_KEY_ID_BUILTIN_MAX);
756 }
757 
802 psa_status_t mbedtls_psa_platform_get_builtin_key(
803  mbedtls_svc_key_id_t key_id,
804  psa_key_lifetime_t *lifetime,
805  psa_drv_slot_number_t *slot_number);
806 #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
807 
810 #ifdef __cplusplus
811 }
812 #endif
813 
814 #endif /* PSA_CRYPTO_EXTRA_H */
static psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, size_t *bits)
Definition: crypto_extra.h:586
void mbedtls_psa_crypto_free(void)
Library deinitialization.
#define PSA_ECC_FAMILY_MONTGOMERY
PSA cryptography module: Backward compatibility aliases.
static void psa_set_key_enrollment_algorithm(psa_key_attributes_t *attributes, psa_algorithm_t alg2)
Declare the enrollment algorithm for a key.
Definition: crypto_extra.h:71
#define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN
Definition: crypto_extra.h:727
This file provides an API for Elliptic Curves over GF(P) (ECP).
psa_algorithm_t alg2
psa_key_attributes_flag_t flags
PSA cryptography module: type aliases.
uint32_t psa_key_id_t
Definition: crypto_types.h:278
psa_core_key_attributes_t core
void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats)
Get statistics about resource consumption related to the PSA keystore.
struct mbedtls_psa_stats_s mbedtls_psa_stats_t
Statistics about resource consumption related to the PSA keystore.
Common and shared functions used by multiple modules in the Mbed TLS library.
psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, size_t seed_size)
Inject an initial entropy seed for the random generator into secure storage.
uint64_t psa_drv_slot_number_t
Definition: crypto_extra.h:740
#define MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER
psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, psa_key_type_t type, const uint8_t *data, size_t data_length)
Set domain parameters for a key.
#define PSA_ECC_FAMILY_BRAINPOOL_P_R1
uint64_t psa_key_slot_number_t
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, size_t bits, int bits_is_sloppy)
static psa_algorithm_t psa_get_key_enrollment_algorithm(const psa_key_attributes_t *attributes)
Definition: crypto_extra.h:84
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: crypto_types.h:137
#define PSA_ECC_FAMILY_SECP_R1
mbedtls_ecp_group_id
Definition: ecp.h:125
uint16_t psa_key_type_t
Encoding of a key type.
Definition: crypto_types.h:81
psa_key_id_t max_open_internal_key_id
Definition: crypto_extra.h:243
#define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX
Definition: crypto_extra.h:734
psa_key_id_t mbedtls_svc_key_id_t
Definition: crypto_types.h:295
psa_key_policy_t policy
psa_status_t psa_get_key_domain_parameters(const psa_key_attributes_t *attributes, uint8_t *data, size_t data_size, size_t *data_length)
Get domain parameters for a key.
#define PSA_ECC_FAMILY_SECP_K1
uint32_t psa_key_lifetime_t
Definition: crypto_types.h:186
psa_key_id_t max_open_external_key_id
Definition: crypto_extra.h:245
uint8_t psa_ecc_family_t
Definition: crypto_types.h:100
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:62
Statistics about resource consumption related to the PSA keystore.
Definition: crypto_extra.h:224