mbed TLS v2.28.0
crypto_extra.h
Go to the documentation of this file.
1 
11 /*
12  * Copyright The Mbed TLS Contributors
13  * SPDX-License-Identifier: Apache-2.0
14  *
15  * Licensed under the Apache License, Version 2.0 (the "License"); you may
16  * not use this file except in compliance with the License.
17  * You may obtain a copy of the License at
18  *
19  * http://www.apache.org/licenses/LICENSE-2.0
20  *
21  * Unless required by applicable law or agreed to in writing, software
22  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
23  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
24  * See the License for the specific language governing permissions and
25  * limitations under the License.
26  */
27 
28 #ifndef PSA_CRYPTO_EXTRA_H
29 #define PSA_CRYPTO_EXTRA_H
30 
31 #include "mbedtls/platform_util.h"
32 
33 #include "crypto_types.h"
34 #include "crypto_compat.h"
35 
36 #ifdef __cplusplus
37 extern "C" {
38 #endif
39 
40 /* UID for secure storage seed */
41 #define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52
42 
43 /* See config.h for definition */
44 #if !defined(MBEDTLS_PSA_KEY_SLOT_COUNT)
45 #define MBEDTLS_PSA_KEY_SLOT_COUNT 32
46 #endif
47 
72  psa_key_attributes_t *attributes,
73  psa_algorithm_t alg2)
74 {
75  attributes->core.policy.alg2 = alg2;
76 }
77 
85  const psa_key_attributes_t *attributes)
86 {
87  return( attributes->core.policy.alg2 );
88 }
89 
90 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
91 
114 psa_status_t psa_get_key_slot_number(
115  const psa_key_attributes_t *attributes,
116  psa_key_slot_number_t *slot_number );
117 
141 static inline void psa_set_key_slot_number(
142  psa_key_attributes_t *attributes,
143  psa_key_slot_number_t slot_number )
144 {
146  attributes->slot_number = slot_number;
147 }
148 
155 static inline void psa_clear_key_slot_number(
156  psa_key_attributes_t *attributes )
157 {
159 }
160 
204 psa_status_t mbedtls_psa_register_se_key(
205  const psa_key_attributes_t *attributes);
206 
207 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
208 
219 void mbedtls_psa_crypto_free( void );
220 
227 typedef struct mbedtls_psa_stats_s
228 {
241  size_t cache_slots;
243  size_t empty_slots;
245  size_t locked_slots;
251 
260 
328 psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
329  size_t seed_size);
330 
342 #define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x4002)
343 
360 #define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t)0x7002)
361 
363 #define PSA_KEY_TYPE_IS_DSA(type) \
364  (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY)
365 
366 #define PSA_ALG_DSA_BASE ((psa_algorithm_t)0x06000400)
367 
381 #define PSA_ALG_DSA(hash_alg) \
382  (PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
383 #define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t)0x06000500)
384 #define PSA_ALG_DSA_DETERMINISTIC_FLAG PSA_ALG_ECDSA_DETERMINISTIC_FLAG
385 
399 #define PSA_ALG_DETERMINISTIC_DSA(hash_alg) \
400  (PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
401 #define PSA_ALG_IS_DSA(alg) \
402  (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == \
403  PSA_ALG_DSA_BASE)
404 #define PSA_ALG_DSA_IS_DETERMINISTIC(alg) \
405  (((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)
406 #define PSA_ALG_IS_DETERMINISTIC_DSA(alg) \
407  (PSA_ALG_IS_DSA(alg) && PSA_ALG_DSA_IS_DETERMINISTIC(alg))
408 #define PSA_ALG_IS_RANDOMIZED_DSA(alg) \
409  (PSA_ALG_IS_DSA(alg) && !PSA_ALG_DSA_IS_DETERMINISTIC(alg))
410 
411 
412 /* We need to expand the sample definition of this macro from
413  * the API definition. */
414 #undef PSA_ALG_IS_VENDOR_HASH_AND_SIGN
415 #define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) \
416  PSA_ALG_IS_DSA(alg)
417 
430 #define PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t) 0x7e)
431 
432 
500  psa_key_type_t type,
501  const uint8_t *data,
502  size_t data_length);
503 
528  const psa_key_attributes_t *attributes,
529  uint8_t *data,
530  size_t data_size,
531  size_t *data_length);
532 
558 #define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits) \
559  (PSA_KEY_TYPE_IS_RSA(key_type) ? sizeof(int) : \
560  PSA_KEY_TYPE_IS_DH(key_type) ? PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
561  PSA_KEY_TYPE_IS_DSA(key_type) ? PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
562  0)
563 #define PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
564  (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 3 /*without optional parts*/)
565 #define PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
566  (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 2 /*p, g*/ + 34 /*q*/)
567 
574 #if defined(MBEDTLS_ECP_C)
575 #include <mbedtls/ecp.h>
576 
591  size_t *bits )
592 {
593  switch( grpid )
594  {
596  *bits = 192;
597  return( PSA_ECC_FAMILY_SECP_R1 );
599  *bits = 224;
600  return( PSA_ECC_FAMILY_SECP_R1 );
602  *bits = 256;
603  return( PSA_ECC_FAMILY_SECP_R1 );
605  *bits = 384;
606  return( PSA_ECC_FAMILY_SECP_R1 );
608  *bits = 521;
609  return( PSA_ECC_FAMILY_SECP_R1 );
611  *bits = 256;
614  *bits = 384;
617  *bits = 512;
620  *bits = 255;
621  return( PSA_ECC_FAMILY_MONTGOMERY );
623  *bits = 192;
624  return( PSA_ECC_FAMILY_SECP_K1 );
626  *bits = 224;
627  return( PSA_ECC_FAMILY_SECP_K1 );
629  *bits = 256;
630  return( PSA_ECC_FAMILY_SECP_K1 );
632  *bits = 448;
633  return( PSA_ECC_FAMILY_MONTGOMERY );
634  default:
635  *bits = 0;
636  return( 0 );
637  }
638 }
639 
660  size_t bits,
661  int bits_is_sloppy );
662 #endif /* MBEDTLS_ECP_C */
663 
670 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
671 
710 psa_status_t mbedtls_psa_external_get_random(
711  mbedtls_psa_external_random_context_t *context,
712  uint8_t *output, size_t output_size, size_t *output_length );
713 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
714 
732 #define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ((psa_key_id_t)0x7fff0000)
733 
739 #define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ((psa_key_id_t)0x7fffefff)
740 
745 typedef uint64_t psa_drv_slot_number_t;
746 
747 #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
748 
757 static inline int psa_key_id_is_builtin( psa_key_id_t key_id )
758 {
759  return( ( key_id >= MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ) &&
760  ( key_id <= MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ) );
761 }
762 
807 psa_status_t mbedtls_psa_platform_get_builtin_key(
808  mbedtls_svc_key_id_t key_id,
809  psa_key_lifetime_t *lifetime,
810  psa_drv_slot_number_t *slot_number );
811 #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
812 
815 #ifdef __cplusplus
816 }
817 #endif
818 
819 #endif /* PSA_CRYPTO_EXTRA_H */
static psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, size_t *bits)
Definition: crypto_extra.h:590
void mbedtls_psa_crypto_free(void)
Library deinitialization.
#define PSA_ECC_FAMILY_MONTGOMERY
PSA cryptography module: Backward compatibility aliases.
static void psa_set_key_enrollment_algorithm(psa_key_attributes_t *attributes, psa_algorithm_t alg2)
Declare the enrollment algorithm for a key.
Definition: crypto_extra.h:71
#define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN
Definition: crypto_extra.h:732
This file provides an API for Elliptic Curves over GF(P) (ECP).
psa_algorithm_t alg2
psa_key_attributes_flag_t flags
PSA cryptography module: type aliases.
uint32_t psa_key_id_t
Definition: crypto_types.h:224
psa_core_key_attributes_t core
void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats)
Get statistics about resource consumption related to the PSA keystore.
struct mbedtls_psa_stats_s mbedtls_psa_stats_t
Statistics about resource consumption related to the PSA keystore.
Common and shared functions used by multiple modules in the Mbed TLS library.
psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, size_t seed_size)
Inject an initial entropy seed for the random generator into secure storage.
uint64_t psa_drv_slot_number_t
Definition: crypto_extra.h:745
#define MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER
psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, psa_key_type_t type, const uint8_t *data, size_t data_length)
Set domain parameters for a key.
#define PSA_ECC_FAMILY_BRAINPOOL_P_R1
uint64_t psa_key_slot_number_t
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, size_t bits, int bits_is_sloppy)
static psa_algorithm_t psa_get_key_enrollment_algorithm(const psa_key_attributes_t *attributes)
Definition: crypto_extra.h:84
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: crypto_types.h:105
#define PSA_ECC_FAMILY_SECP_R1
mbedtls_ecp_group_id
Definition: ecp.h:120
uint16_t psa_key_type_t
Encoding of a key type.
Definition: crypto_types.h:73
psa_key_id_t max_open_internal_key_id
Definition: crypto_extra.h:247
#define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX
Definition: crypto_extra.h:739
psa_key_id_t mbedtls_svc_key_id_t
Definition: crypto_types.h:227
psa_key_policy_t policy
psa_status_t psa_get_key_domain_parameters(const psa_key_attributes_t *attributes, uint8_t *data, size_t data_size, size_t *data_length)
Get domain parameters for a key.
#define PSA_ECC_FAMILY_SECP_K1
uint32_t psa_key_lifetime_t
Definition: crypto_types.h:146
psa_key_id_t max_open_external_key_id
Definition: crypto_extra.h:249
uint8_t psa_ecc_family_t
Definition: crypto_types.h:84
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:62
Statistics about resource consumption related to the PSA keystore.
Definition: crypto_extra.h:227