TuyaOS
crypto_extra.h
浏览该文件的文档.
1
11/*
12 * Copyright The Mbed TLS Contributors
13 * SPDX-License-Identifier: Apache-2.0
14 *
15 * Licensed under the Apache License, Version 2.0 (the "License"); you may
16 * not use this file except in compliance with the License.
17 * You may obtain a copy of the License at
18 *
19 * http://www.apache.org/licenses/LICENSE-2.0
20 *
21 * Unless required by applicable law or agreed to in writing, software
22 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
23 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
24 * See the License for the specific language governing permissions and
25 * limitations under the License.
26 */
27
28#ifndef PSA_CRYPTO_EXTRA_H
29#define PSA_CRYPTO_EXTRA_H
30#include "mbedtls/private_access.h"
31
32#include "mbedtls/platform_util.h"
33
34#include "crypto_types.h"
35#include "crypto_compat.h"
36
37#ifdef __cplusplus
38extern "C" {
39#endif
40
41/* UID for secure storage seed */
42#define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52
43
44/* See mbedtls_config.h for definition */
45#if !defined(MBEDTLS_PSA_KEY_SLOT_COUNT)
46#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
47#endif
48
72static inline void psa_set_key_enrollment_algorithm(
73 psa_key_attributes_t *attributes,
74 psa_algorithm_t alg2)
75{
76 attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) = alg2;
77}
78
85static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
86 const psa_key_attributes_t *attributes)
87{
88 return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) );
89}
90
91#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
92
115psa_status_t psa_get_key_slot_number(
116 const psa_key_attributes_t *attributes,
117 psa_key_slot_number_t *slot_number );
118
142static inline void psa_set_key_slot_number(
143 psa_key_attributes_t *attributes,
144 psa_key_slot_number_t slot_number )
145{
146 attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
147 attributes->MBEDTLS_PRIVATE(slot_number) = slot_number;
148}
149
156static inline void psa_clear_key_slot_number(
157 psa_key_attributes_t *attributes )
158{
159 attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
160}
161
205psa_status_t mbedtls_psa_register_se_key(
206 const psa_key_attributes_t *attributes);
207
208#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
209
221
229{
231 size_t MBEDTLS_PRIVATE(volatile_slots);
234 size_t MBEDTLS_PRIVATE(persistent_slots);
237 size_t MBEDTLS_PRIVATE(external_slots);
240 size_t MBEDTLS_PRIVATE(half_filled_slots);
242 size_t MBEDTLS_PRIVATE(cache_slots);
244 size_t MBEDTLS_PRIVATE(empty_slots);
246 size_t MBEDTLS_PRIVATE(locked_slots);
248 psa_key_id_t MBEDTLS_PRIVATE(max_open_internal_key_id);
250 psa_key_id_t MBEDTLS_PRIVATE(max_open_external_key_id);
252
261
332 size_t seed_size);
333
345#define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x4002)
346
363#define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t)0x7002)
364
366#define PSA_KEY_TYPE_IS_DSA(type) \
367 (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY)
368
369#define PSA_ALG_DSA_BASE ((psa_algorithm_t)0x06000400)
384#define PSA_ALG_DSA(hash_alg) \
385 (PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
386#define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t)0x06000500)
387#define PSA_ALG_DSA_DETERMINISTIC_FLAG PSA_ALG_ECDSA_DETERMINISTIC_FLAG
402#define PSA_ALG_DETERMINISTIC_DSA(hash_alg) \
403 (PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
404#define PSA_ALG_IS_DSA(alg) \
405 (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == \
406 PSA_ALG_DSA_BASE)
407#define PSA_ALG_DSA_IS_DETERMINISTIC(alg) \
408 (((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)
409#define PSA_ALG_IS_DETERMINISTIC_DSA(alg) \
410 (PSA_ALG_IS_DSA(alg) && PSA_ALG_DSA_IS_DETERMINISTIC(alg))
411#define PSA_ALG_IS_RANDOMIZED_DSA(alg) \
412 (PSA_ALG_IS_DSA(alg) && !PSA_ALG_DSA_IS_DETERMINISTIC(alg))
413
414
415/* We need to expand the sample definition of this macro from
416 * the API definition. */
417#undef PSA_ALG_IS_VENDOR_HASH_AND_SIGN
418#define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) \
419 PSA_ALG_IS_DSA(alg)
420
433#define PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t) 0x7e)
434
435
503 psa_key_type_t type,
504 const uint8_t *data,
505 size_t data_length);
506
531 const psa_key_attributes_t *attributes,
532 uint8_t *data,
533 size_t data_size,
534 size_t *data_length);
535
561#define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits) \
562 (PSA_KEY_TYPE_IS_RSA(key_type) ? sizeof(int) : \
563 PSA_KEY_TYPE_IS_DH(key_type) ? PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
564 PSA_KEY_TYPE_IS_DSA(key_type) ? PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
565 0)
566#define PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
567 (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 3 /*without optional parts*/)
568#define PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
569 (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 2 /*p, g*/ + 34 /*q*/)
570
577#if defined(MBEDTLS_ECP_C)
578#include <mbedtls/ecp.h>
579
593static inline psa_ecc_family_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid,
594 size_t *bits )
595{
596 switch( grpid )
597 {
598 case MBEDTLS_ECP_DP_SECP192R1:
599 *bits = 192;
600 return( PSA_ECC_FAMILY_SECP_R1 );
601 case MBEDTLS_ECP_DP_SECP224R1:
602 *bits = 224;
603 return( PSA_ECC_FAMILY_SECP_R1 );
604 case MBEDTLS_ECP_DP_SECP256R1:
605 *bits = 256;
606 return( PSA_ECC_FAMILY_SECP_R1 );
607 case MBEDTLS_ECP_DP_SECP384R1:
608 *bits = 384;
609 return( PSA_ECC_FAMILY_SECP_R1 );
610 case MBEDTLS_ECP_DP_SECP521R1:
611 *bits = 521;
612 return( PSA_ECC_FAMILY_SECP_R1 );
613 case MBEDTLS_ECP_DP_BP256R1:
614 *bits = 256;
616 case MBEDTLS_ECP_DP_BP384R1:
617 *bits = 384;
619 case MBEDTLS_ECP_DP_BP512R1:
620 *bits = 512;
622 case MBEDTLS_ECP_DP_CURVE25519:
623 *bits = 255;
625 case MBEDTLS_ECP_DP_SECP192K1:
626 *bits = 192;
627 return( PSA_ECC_FAMILY_SECP_K1 );
628 case MBEDTLS_ECP_DP_SECP224K1:
629 *bits = 224;
630 return( PSA_ECC_FAMILY_SECP_K1 );
631 case MBEDTLS_ECP_DP_SECP256K1:
632 *bits = 256;
633 return( PSA_ECC_FAMILY_SECP_K1 );
634 case MBEDTLS_ECP_DP_CURVE448:
635 *bits = 448;
637 default:
638 *bits = 0;
639 return( 0 );
640 }
641}
642
662mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve,
663 size_t bits,
664 int bits_is_sloppy );
665#endif /* MBEDTLS_ECP_C */
666
673#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
713psa_status_t mbedtls_psa_external_get_random(
714 mbedtls_psa_external_random_context_t *context,
715 uint8_t *output, size_t output_size, size_t *output_length );
716#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
717
735#define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ((psa_key_id_t)0x7fff0000)
736
742#define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ((psa_key_id_t)0x7fffefff)
743
748typedef uint64_t psa_drv_slot_number_t;
749
750#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
760static inline int psa_key_id_is_builtin( psa_key_id_t key_id )
761{
762 return( ( key_id >= MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ) &&
763 ( key_id <= MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ) );
764}
765
810psa_status_t mbedtls_psa_platform_get_builtin_key(
811 mbedtls_svc_key_id_t key_id,
812 psa_key_lifetime_t *lifetime,
813 psa_drv_slot_number_t *slot_number );
814#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
815
822#define PSA_ALG_CATEGORY_PAKE ((psa_algorithm_t)0x0a000000)
823
833#define PSA_ALG_IS_PAKE(alg) \
834 (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_PAKE)
835
951#define PSA_ALG_JPAKE ((psa_algorithm_t)0x0a000100)
952
972typedef uint8_t psa_pake_side_t;
973
980typedef uint8_t psa_pake_step_t;
981
991
997typedef uint8_t psa_pake_family_t;
998
1003typedef uint32_t psa_pake_primitive_t;
1004
1012#define PSA_PAKE_SIDE_FIRST ((psa_pake_side_t)0x01)
1013
1021#define PSA_PAKE_SIDE_SECOND ((psa_pake_side_t)0x02)
1022
1027#define PSA_PAKE_SIDE_CLIENT ((psa_pake_side_t)0x11)
1028
1033#define PSA_PAKE_SIDE_SERVER ((psa_pake_side_t)0x12)
1034
1053#define PSA_PAKE_PRIMITIVE_TYPE_ECC ((psa_pake_primitive_type_t)0x01)
1054
1073#define PSA_PAKE_PRIMITIVE_TYPE_DH ((psa_pake_primitive_type_t)0x02)
1074
1094#define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits) \
1095 ((pake_bits & 0xFFFF) != pake_bits) ? 0 : \
1096 ((psa_pake_primitive_t) (((pake_type) << 24 | \
1097 (pake_family) << 16) | (pake_bits)))
1098
1111#define PSA_PAKE_STEP_KEY_SHARE ((psa_pake_step_t)0x01)
1112
1128#define PSA_PAKE_STEP_ZK_PUBLIC ((psa_pake_step_t)0x02)
1129
1149#define PSA_PAKE_STEP_ZK_PROOF ((psa_pake_step_t)0x03)
1150
1158
1169static psa_algorithm_t psa_pake_cs_get_algorithm(
1170 const psa_pake_cipher_suite_t* cipher_suite
1171 );
1172
1189static void psa_pake_cs_set_algorithm(
1190 psa_pake_cipher_suite_t* cipher_suite,
1191 psa_algorithm_t algorithm
1192 );
1193
1204static psa_pake_primitive_t psa_pake_cs_get_primitive(
1205 const psa_pake_cipher_suite_t* cipher_suite
1206 );
1207
1221static void psa_pake_cs_set_primitive(
1222 psa_pake_cipher_suite_t* cipher_suite,
1223 psa_pake_primitive_t primitive
1224 );
1225
1238static psa_algorithm_t psa_pake_cs_get_hash(
1239 const psa_pake_cipher_suite_t* cipher_suite
1240 );
1241
1262static void psa_pake_cs_set_hash(
1263 psa_pake_cipher_suite_t* cipher_suite,
1264 psa_algorithm_t hash
1265 );
1266
1296
1299static psa_pake_operation_t psa_pake_operation_init(void);
1300
1365 psa_pake_cipher_suite_t cipher_suite);
1366
1405 mbedtls_svc_key_id_t password);
1406
1444 const uint8_t *user_id,
1445 size_t user_id_len);
1446
1486 const uint8_t *peer_id,
1487 size_t peer_id_len);
1488
1526 psa_pake_side_t side);
1527
1575 psa_pake_step_t step,
1576 uint8_t *output,
1577 size_t output_size,
1578 size_t *output_length);
1579
1621 psa_pake_step_t step,
1622 uint8_t *input,
1623 size_t input_length);
1624
1683
1705#define PSA_PAKE_OUTPUT_SIZE(alg, primitive, output_step) 0
1706
1726#define PSA_PAKE_INPUT_SIZE(alg, primitive, input_step) 0
1727
1735#define PSA_PAKE_OUTPUT_MAX_SIZE 0
1736
1744#define PSA_PAKE_INPUT_MAX_SIZE 0
1745
1747{
1748 psa_algorithm_t algorithm;
1750 psa_pake_family_t family;
1751 uint16_t bits;
1752 psa_algorithm_t hash;
1753};
1754
1755static inline psa_algorithm_t psa_pake_cs_get_algorithm(
1756 const psa_pake_cipher_suite_t *cipher_suite)
1757{
1758 return(cipher_suite->algorithm);
1759}
1760
1761static inline void psa_pake_cs_set_algorithm(
1762 psa_pake_cipher_suite_t *cipher_suite,
1763 psa_algorithm_t algorithm)
1764{
1765 if(!PSA_ALG_IS_PAKE(algorithm))
1766 cipher_suite->algorithm = 0;
1767 else
1768 cipher_suite->algorithm = algorithm;
1769}
1770
1771static inline psa_pake_primitive_t psa_pake_cs_get_primitive(
1772 const psa_pake_cipher_suite_t *cipher_suite)
1773{
1774 return(PSA_PAKE_PRIMITIVE(cipher_suite->type, cipher_suite->family,
1775 cipher_suite->bits));
1776}
1777
1778static inline void psa_pake_cs_set_primitive(
1779 psa_pake_cipher_suite_t *cipher_suite,
1780 psa_pake_primitive_t primitive)
1781{
1782 cipher_suite->type = (psa_pake_primitive_type_t) (primitive >> 24);
1783 cipher_suite->family = (psa_pake_family_t) (0xFF & (primitive >> 16));
1784 cipher_suite->bits = (uint16_t) (0xFFFF & primitive);
1785}
1786
1787static inline psa_algorithm_t psa_pake_cs_get_hash(
1788 const psa_pake_cipher_suite_t *cipher_suite)
1789{
1790 return(cipher_suite->hash);
1791}
1792
1793static inline void psa_pake_cs_set_hash(
1794 psa_pake_cipher_suite_t *cipher_suite,
1795 psa_algorithm_t hash)
1796{
1797 if(!PSA_ALG_IS_HASH(hash))
1798 cipher_suite->hash = 0;
1799 else
1800 cipher_suite->hash = hash;
1801}
1802
1804{
1805 psa_algorithm_t alg;
1806 union
1807 {
1808 /* Make the union non-empty even with no supported algorithms. */
1809 uint8_t dummy;
1810 } ctx;
1811};
1812
1813/* This only zeroes out the first byte in the union, the rest is unspecified. */
1814#define PSA_PAKE_OPERATION_INIT {0, {0}}
1815static inline struct psa_pake_operation_s psa_pake_operation_init(void)
1816{
1817 const struct psa_pake_operation_s v = PSA_PAKE_OPERATION_INIT;
1818 return(v);
1819}
1820
1821#ifdef __cplusplus
1822}
1823#endif
1824
1825#endif /* PSA_CRYPTO_EXTRA_H */
PSA cryptography module: Backward compatibility aliases
void mbedtls_psa_crypto_free(void)
Library deinitialization.
void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats)
Get statistics about resource consumption related to the PSA keystore.
struct mbedtls_psa_stats_s mbedtls_psa_stats_t
Statistics about resource consumption related to the PSA keystore.
psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, size_t seed_size)
Inject an initial entropy seed for the random generator into secure storage.
PSA cryptography module: type aliases.
psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, psa_key_type_t type, const uint8_t *data, size_t data_length)
Set domain parameters for a key.
psa_status_t psa_get_key_domain_parameters(const psa_key_attributes_t *attributes, uint8_t *data, size_t data_size, size_t *data_length)
Get domain parameters for a key.
#define PSA_ECC_FAMILY_MONTGOMERY
Definition: crypto_values.h:627
#define PSA_ECC_FAMILY_SECP_R1
Definition: crypto_values.h:574
#define PSA_ECC_FAMILY_SECP_K1
Definition: crypto_values.h:564
uint16_t psa_key_type_t
Encoding of a key type.
Definition: crypto_types.h:74
#define PSA_ALG_IS_PAKE(alg)
Definition: crypto_extra.h:833
#define PSA_ECC_FAMILY_BRAINPOOL_P_R1
Definition: crypto_values.h:615
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: crypto_types.h:106
#define PSA_ALG_IS_HASH(alg)
Definition: crypto_values.h:749
uint8_t psa_ecc_family_t
Definition: crypto_types.h:85
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:63
uint32_t psa_key_id_t
Definition: crypto_types.h:225
uint32_t psa_key_lifetime_t
Definition: crypto_types.h:147
psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, mbedtls_svc_key_id_t password)
psa_status_t psa_pake_input(psa_pake_operation_t *operation, psa_pake_step_t step, uint8_t *input, size_t input_length)
uint32_t psa_pake_primitive_t
Encoding of the primitive associated with the PAKE.
Definition: crypto_extra.h:1003
uint8_t psa_pake_side_t
Encoding of the side of PAKE
Definition: crypto_extra.h:972
psa_status_t psa_pake_output(psa_pake_operation_t *operation, psa_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length)
psa_status_t psa_pake_set_user(psa_pake_operation_t *operation, const uint8_t *user_id, size_t user_id_len)
psa_status_t psa_pake_set_side(psa_pake_operation_t *operation, psa_pake_side_t side)
psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation, const uint8_t *peer_id, size_t peer_id_len)
uint8_t psa_pake_step_t
Definition: crypto_extra.h:980
uint8_t psa_pake_primitive_type_t
Definition: crypto_extra.h:990
psa_status_t psa_pake_setup(psa_pake_operation_t *operation, psa_pake_cipher_suite_t cipher_suite)
psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation, psa_key_derivation_operation_t *output)
uint8_t psa_pake_family_t
Encoding of the family of the primitive associated with the PAKE.
Definition: crypto_extra.h:997
#define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits)
Definition: crypto_extra.h:1094
#define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX
Definition: crypto_extra.h:742
uint64_t psa_drv_slot_number_t
Definition: crypto_extra.h:748
#define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN
Definition: crypto_extra.h:735
uint64_t psa_key_slot_number_t
Definition: crypto_se_driver.h:149
Statistics about resource consumption related to the PSA keystore.
Definition: crypto_extra.h:229
size_t MBEDTLS_PRIVATE(volatile_slots)
psa_key_id_t MBEDTLS_PRIVATE(max_open_external_key_id)
size_t MBEDTLS_PRIVATE(locked_slots)
size_t MBEDTLS_PRIVATE(empty_slots)
psa_key_id_t MBEDTLS_PRIVATE(max_open_internal_key_id)
size_t MBEDTLS_PRIVATE(half_filled_slots)
size_t MBEDTLS_PRIVATE(external_slots)
size_t MBEDTLS_PRIVATE(persistent_slots)
size_t MBEDTLS_PRIVATE(cache_slots)
Definition: crypto_struct.h:338
Definition: crypto_struct.h:244
Definition: crypto_extra.h:1747
Definition: crypto_extra.h:1804