28#ifndef PSA_CRYPTO_EXTRA_H
29#define PSA_CRYPTO_EXTRA_H
30#include "mbedtls/private_access.h"
32#include "mbedtls/platform_util.h"
42#define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52
45#if !defined(MBEDTLS_PSA_KEY_SLOT_COUNT)
46#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
72static inline void psa_set_key_enrollment_algorithm(
76 attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) = alg2;
88 return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) );
91#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
142static inline void psa_set_key_slot_number(
146 attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
147 attributes->MBEDTLS_PRIVATE(slot_number) = slot_number;
156static inline void psa_clear_key_slot_number(
159 attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
345#define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x4002)
363#define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t)0x7002)
366#define PSA_KEY_TYPE_IS_DSA(type) \
367 (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY)
369#define PSA_ALG_DSA_BASE ((psa_algorithm_t)0x06000400)
384#define PSA_ALG_DSA(hash_alg) \
385 (PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
386#define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t)0x06000500)
387#define PSA_ALG_DSA_DETERMINISTIC_FLAG PSA_ALG_ECDSA_DETERMINISTIC_FLAG
402#define PSA_ALG_DETERMINISTIC_DSA(hash_alg) \
403 (PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
404#define PSA_ALG_IS_DSA(alg) \
405 (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == \
407#define PSA_ALG_DSA_IS_DETERMINISTIC(alg) \
408 (((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)
409#define PSA_ALG_IS_DETERMINISTIC_DSA(alg) \
410 (PSA_ALG_IS_DSA(alg) && PSA_ALG_DSA_IS_DETERMINISTIC(alg))
411#define PSA_ALG_IS_RANDOMIZED_DSA(alg) \
412 (PSA_ALG_IS_DSA(alg) && !PSA_ALG_DSA_IS_DETERMINISTIC(alg))
417#undef PSA_ALG_IS_VENDOR_HASH_AND_SIGN
418#define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) \
433#define PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t) 0x7e)
534 size_t *data_length);
561#define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits) \
562 (PSA_KEY_TYPE_IS_RSA(key_type) ? sizeof(int) : \
563 PSA_KEY_TYPE_IS_DH(key_type) ? PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
564 PSA_KEY_TYPE_IS_DSA(key_type) ? PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
566#define PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
567 (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 3 )
568#define PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
569 (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 2 + 34 )
577#if defined(MBEDTLS_ECP_C)
578#include <mbedtls/ecp.h>
593static inline psa_ecc_family_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid,
598 case MBEDTLS_ECP_DP_SECP192R1:
601 case MBEDTLS_ECP_DP_SECP224R1:
604 case MBEDTLS_ECP_DP_SECP256R1:
607 case MBEDTLS_ECP_DP_SECP384R1:
610 case MBEDTLS_ECP_DP_SECP521R1:
613 case MBEDTLS_ECP_DP_BP256R1:
616 case MBEDTLS_ECP_DP_BP384R1:
619 case MBEDTLS_ECP_DP_BP512R1:
622 case MBEDTLS_ECP_DP_CURVE25519:
625 case MBEDTLS_ECP_DP_SECP192K1:
628 case MBEDTLS_ECP_DP_SECP224K1:
631 case MBEDTLS_ECP_DP_SECP256K1:
634 case MBEDTLS_ECP_DP_CURVE448:
664 int bits_is_sloppy );
673#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
714 mbedtls_psa_external_random_context_t *context,
715 uint8_t *output,
size_t output_size,
size_t *output_length );
735#define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ((psa_key_id_t)0x7fff0000)
742#define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ((psa_key_id_t)0x7fffefff)
750#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
760static inline int psa_key_id_is_builtin(
psa_key_id_t key_id )
811 mbedtls_svc_key_id_t key_id,
822#define PSA_ALG_CATEGORY_PAKE ((psa_algorithm_t)0x0a000000)
833#define PSA_ALG_IS_PAKE(alg) \
834 (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_PAKE)
951#define PSA_ALG_JPAKE ((psa_algorithm_t)0x0a000100)
1012#define PSA_PAKE_SIDE_FIRST ((psa_pake_side_t)0x01)
1021#define PSA_PAKE_SIDE_SECOND ((psa_pake_side_t)0x02)
1027#define PSA_PAKE_SIDE_CLIENT ((psa_pake_side_t)0x11)
1033#define PSA_PAKE_SIDE_SERVER ((psa_pake_side_t)0x12)
1053#define PSA_PAKE_PRIMITIVE_TYPE_ECC ((psa_pake_primitive_type_t)0x01)
1073#define PSA_PAKE_PRIMITIVE_TYPE_DH ((psa_pake_primitive_type_t)0x02)
1094#define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits) \
1095 ((pake_bits & 0xFFFF) != pake_bits) ? 0 : \
1096 ((psa_pake_primitive_t) (((pake_type) << 24 | \
1097 (pake_family) << 16) | (pake_bits)))
1111#define PSA_PAKE_STEP_KEY_SHARE ((psa_pake_step_t)0x01)
1128#define PSA_PAKE_STEP_ZK_PUBLIC ((psa_pake_step_t)0x02)
1149#define PSA_PAKE_STEP_ZK_PROOF ((psa_pake_step_t)0x03)
1189static void psa_pake_cs_set_algorithm(
1221static void psa_pake_cs_set_primitive(
1262static void psa_pake_cs_set_hash(
1405 mbedtls_svc_key_id_t password);
1444 const uint8_t *user_id,
1445 size_t user_id_len);
1486 const uint8_t *peer_id,
1487 size_t peer_id_len);
1578 size_t *output_length);
1623 size_t input_length);
1705#define PSA_PAKE_OUTPUT_SIZE(alg, primitive, output_step) 0
1726#define PSA_PAKE_INPUT_SIZE(alg, primitive, input_step) 0
1735#define PSA_PAKE_OUTPUT_MAX_SIZE 0
1744#define PSA_PAKE_INPUT_MAX_SIZE 0
1758 return(cipher_suite->algorithm);
1761static inline void psa_pake_cs_set_algorithm(
1766 cipher_suite->algorithm = 0;
1768 cipher_suite->algorithm = algorithm;
1775 cipher_suite->bits));
1778static inline void psa_pake_cs_set_primitive(
1784 cipher_suite->bits = (uint16_t) (0xFFFF & primitive);
1790 return(cipher_suite->hash);
1793static inline void psa_pake_cs_set_hash(
1798 cipher_suite->hash = 0;
1800 cipher_suite->hash = hash;
1814#define PSA_PAKE_OPERATION_INIT {0, {0}}
PSA cryptography module: Backward compatibility aliases
PSA cryptography module: type aliases.
psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, psa_key_type_t type, const uint8_t *data, size_t data_length)
Set domain parameters for a key.
psa_status_t psa_get_key_domain_parameters(const psa_key_attributes_t *attributes, uint8_t *data, size_t data_size, size_t *data_length)
Get domain parameters for a key.
#define PSA_ECC_FAMILY_MONTGOMERY
Definition: crypto_values.h:627
#define PSA_ECC_FAMILY_SECP_R1
Definition: crypto_values.h:574
#define PSA_ECC_FAMILY_SECP_K1
Definition: crypto_values.h:564
uint16_t psa_key_type_t
Encoding of a key type.
Definition: crypto_types.h:74
#define PSA_ALG_IS_PAKE(alg)
Definition: crypto_extra.h:833
#define PSA_ECC_FAMILY_BRAINPOOL_P_R1
Definition: crypto_values.h:615
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: crypto_types.h:106
#define PSA_ALG_IS_HASH(alg)
Definition: crypto_values.h:749
uint8_t psa_ecc_family_t
Definition: crypto_types.h:85
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:63
uint32_t psa_key_id_t
Definition: crypto_types.h:225
uint32_t psa_key_lifetime_t
Definition: crypto_types.h:147
psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, mbedtls_svc_key_id_t password)
psa_status_t psa_pake_input(psa_pake_operation_t *operation, psa_pake_step_t step, uint8_t *input, size_t input_length)
uint32_t psa_pake_primitive_t
Encoding of the primitive associated with the PAKE.
Definition: crypto_extra.h:1003
uint8_t psa_pake_side_t
Encoding of the side of PAKE
Definition: crypto_extra.h:972
psa_status_t psa_pake_output(psa_pake_operation_t *operation, psa_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length)
psa_status_t psa_pake_set_user(psa_pake_operation_t *operation, const uint8_t *user_id, size_t user_id_len)
psa_status_t psa_pake_set_side(psa_pake_operation_t *operation, psa_pake_side_t side)
psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation, const uint8_t *peer_id, size_t peer_id_len)
uint8_t psa_pake_step_t
Definition: crypto_extra.h:980
uint8_t psa_pake_primitive_type_t
Definition: crypto_extra.h:990
psa_status_t psa_pake_setup(psa_pake_operation_t *operation, psa_pake_cipher_suite_t cipher_suite)
psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation, psa_key_derivation_operation_t *output)
uint8_t psa_pake_family_t
Encoding of the family of the primitive associated with the PAKE.
Definition: crypto_extra.h:997
#define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits)
Definition: crypto_extra.h:1094
#define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX
Definition: crypto_extra.h:742
uint64_t psa_drv_slot_number_t
Definition: crypto_extra.h:748
#define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN
Definition: crypto_extra.h:735
uint64_t psa_key_slot_number_t
Definition: crypto_se_driver.h:149
Statistics about resource consumption related to the PSA keystore.
Definition: crypto_extra.h:229
size_t MBEDTLS_PRIVATE(volatile_slots)
psa_key_id_t MBEDTLS_PRIVATE(max_open_external_key_id)
size_t MBEDTLS_PRIVATE(locked_slots)
size_t MBEDTLS_PRIVATE(empty_slots)
psa_key_id_t MBEDTLS_PRIVATE(max_open_internal_key_id)
size_t MBEDTLS_PRIVATE(half_filled_slots)
size_t MBEDTLS_PRIVATE(external_slots)
size_t MBEDTLS_PRIVATE(persistent_slots)
size_t MBEDTLS_PRIVATE(cache_slots)
Definition: crypto_struct.h:338
Definition: crypto_struct.h:244
Definition: crypto_extra.h:1747
Definition: crypto_extra.h:1804