mbed TLS v2.28.0
crypto_values.h
Go to the documentation of this file.
1 
17 /*
18  * Copyright The Mbed TLS Contributors
19  * SPDX-License-Identifier: Apache-2.0
20  *
21  * Licensed under the Apache License, Version 2.0 (the "License"); you may
22  * not use this file except in compliance with the License.
23  * You may obtain a copy of the License at
24  *
25  * http://www.apache.org/licenses/LICENSE-2.0
26  *
27  * Unless required by applicable law or agreed to in writing, software
28  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
29  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
30  * See the License for the specific language governing permissions and
31  * limitations under the License.
32  */
33 
34 #ifndef PSA_CRYPTO_VALUES_H
35 #define PSA_CRYPTO_VALUES_H
36 
41 /* PSA error codes */
42 
44 #define PSA_SUCCESS ((psa_status_t)0)
45 
51 #define PSA_ERROR_GENERIC_ERROR ((psa_status_t)-132)
52 
60 #define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134)
61 
73 #define PSA_ERROR_NOT_PERMITTED ((psa_status_t)-133)
74 
85 #define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)-138)
86 
91 #define PSA_ERROR_ALREADY_EXISTS ((psa_status_t)-139)
92 
97 #define PSA_ERROR_DOES_NOT_EXIST ((psa_status_t)-140)
98 
113 #define PSA_ERROR_BAD_STATE ((psa_status_t)-137)
114 
124 #define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135)
125 
130 #define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141)
131 
139 #define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)-142)
140 
156 #define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)-145)
157 
181 #define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)-146)
182 
187 #define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)-147)
188 
218 #define PSA_ERROR_CORRUPTION_DETECTED ((psa_status_t)-151)
219 
237 #define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)-148)
238 
247 #define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149)
248 
263 #define PSA_ERROR_INVALID_PADDING ((psa_status_t)-150)
264 
267 #define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143)
268 
271 #define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136)
272 
295 #define PSA_ERROR_DATA_CORRUPT ((psa_status_t)-152)
296 
311 #define PSA_ERROR_DATA_INVALID ((psa_status_t)-153)
312 
323 #define PSA_KEY_TYPE_NONE ((psa_key_type_t)0x0000)
324 
332 #define PSA_KEY_TYPE_VENDOR_FLAG ((psa_key_type_t)0x8000)
333 
334 #define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t)0x7000)
335 #define PSA_KEY_TYPE_CATEGORY_RAW ((psa_key_type_t)0x1000)
336 #define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t)0x2000)
337 #define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY ((psa_key_type_t)0x4000)
338 #define PSA_KEY_TYPE_CATEGORY_KEY_PAIR ((psa_key_type_t)0x7000)
339 
340 #define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR ((psa_key_type_t)0x3000)
341 
346 #define PSA_KEY_TYPE_IS_VENDOR_DEFINED(type) \
347  (((type) & PSA_KEY_TYPE_VENDOR_FLAG) != 0)
348 
353 #define PSA_KEY_TYPE_IS_UNSTRUCTURED(type) \
354  (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_RAW || \
355  ((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC)
356 
358 #define PSA_KEY_TYPE_IS_ASYMMETRIC(type) \
359  (((type) & PSA_KEY_TYPE_CATEGORY_MASK \
360  & ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR) == \
361  PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)
362 
363 #define PSA_KEY_TYPE_IS_PUBLIC_KEY(type) \
364  (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)
365 
367 #define PSA_KEY_TYPE_IS_KEY_PAIR(type) \
368  (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_KEY_PAIR)
369 
379 #define PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(type) \
380  ((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
381 
391 #define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) \
392  ((type) & ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
393 
398 #define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t)0x1001)
399 
408 #define PSA_KEY_TYPE_HMAC ((psa_key_type_t)0x1100)
409 
415 #define PSA_KEY_TYPE_DERIVE ((psa_key_type_t)0x1200)
416 
422 #define PSA_KEY_TYPE_AES ((psa_key_type_t)0x2400)
423 
426 #define PSA_KEY_TYPE_ARIA ((psa_key_type_t)0x2406)
427 
437 #define PSA_KEY_TYPE_DES ((psa_key_type_t)0x2301)
438 
441 #define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t)0x2403)
442 
447 #define PSA_KEY_TYPE_ARC4 ((psa_key_type_t)0x2002)
448 
456 #define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t)0x2004)
457 
462 #define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x4001)
463 
467 #define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t)0x7001)
468 
469 #define PSA_KEY_TYPE_IS_RSA(type) \
470  (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)
471 
472 #define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x4100)
473 #define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t)0x7100)
474 #define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x00ff)
475 
484 #define PSA_KEY_TYPE_ECC_KEY_PAIR(curve) \
485  (PSA_KEY_TYPE_ECC_KEY_PAIR_BASE | (curve))
486 
495 #define PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve) \
496  (PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))
497 
499 #define PSA_KEY_TYPE_IS_ECC(type) \
500  ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \
501  ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)
502 
503 #define PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type) \
504  (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
505  PSA_KEY_TYPE_ECC_KEY_PAIR_BASE)
506 
507 #define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type) \
508  (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
509  PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)
510 
512 #define PSA_KEY_TYPE_ECC_GET_FAMILY(type) \
513  ((psa_ecc_family_t) (PSA_KEY_TYPE_IS_ECC(type) ? \
514  ((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
515  0))
516 
525 #define PSA_ECC_FAMILY_SECP_K1 ((psa_ecc_family_t) 0x17)
526 
535 #define PSA_ECC_FAMILY_SECP_R1 ((psa_ecc_family_t) 0x12)
536 /* SECP160R2 (SEC2 v1, obsolete) */
537 #define PSA_ECC_FAMILY_SECP_R2 ((psa_ecc_family_t) 0x1b)
538 
547 #define PSA_ECC_FAMILY_SECT_K1 ((psa_ecc_family_t) 0x27)
548 
557 #define PSA_ECC_FAMILY_SECT_R1 ((psa_ecc_family_t) 0x22)
558 
567 #define PSA_ECC_FAMILY_SECT_R2 ((psa_ecc_family_t) 0x2b)
568 
576 #define PSA_ECC_FAMILY_BRAINPOOL_P_R1 ((psa_ecc_family_t) 0x30)
577 
588 #define PSA_ECC_FAMILY_MONTGOMERY ((psa_ecc_family_t) 0x41)
589 
604 #define PSA_ECC_FAMILY_TWISTED_EDWARDS ((psa_ecc_family_t) 0x42)
605 
606 #define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t)0x4200)
607 #define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t)0x7200)
608 #define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t)0x00ff)
609 
614 #define PSA_KEY_TYPE_DH_KEY_PAIR(group) \
615  (PSA_KEY_TYPE_DH_KEY_PAIR_BASE | (group))
616 
621 #define PSA_KEY_TYPE_DH_PUBLIC_KEY(group) \
622  (PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE | (group))
623 
625 #define PSA_KEY_TYPE_IS_DH(type) \
626  ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \
627  ~PSA_KEY_TYPE_DH_GROUP_MASK) == PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE)
628 
629 #define PSA_KEY_TYPE_IS_DH_KEY_PAIR(type) \
630  (((type) & ~PSA_KEY_TYPE_DH_GROUP_MASK) == \
631  PSA_KEY_TYPE_DH_KEY_PAIR_BASE)
632 
633 #define PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) \
634  (((type) & ~PSA_KEY_TYPE_DH_GROUP_MASK) == \
635  PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE)
636 
638 #define PSA_KEY_TYPE_DH_GET_FAMILY(type) \
639  ((psa_dh_family_t) (PSA_KEY_TYPE_IS_DH(type) ? \
640  ((type) & PSA_KEY_TYPE_DH_GROUP_MASK) : \
641  0))
642 
649 #define PSA_DH_FAMILY_RFC7919 ((psa_dh_family_t) 0x03)
650 
651 #define PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) \
652  (((type) >> 8) & 7)
653 
671 #define PSA_BLOCK_CIPHER_BLOCK_LENGTH(type) \
672  (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
673  1u << PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) : \
674  0u)
675 
683 #define PSA_ALG_VENDOR_FLAG ((psa_algorithm_t)0x80000000)
684 
685 #define PSA_ALG_CATEGORY_MASK ((psa_algorithm_t)0x7f000000)
686 #define PSA_ALG_CATEGORY_HASH ((psa_algorithm_t)0x02000000)
687 #define PSA_ALG_CATEGORY_MAC ((psa_algorithm_t)0x03000000)
688 #define PSA_ALG_CATEGORY_CIPHER ((psa_algorithm_t)0x04000000)
689 #define PSA_ALG_CATEGORY_AEAD ((psa_algorithm_t)0x05000000)
690 #define PSA_ALG_CATEGORY_SIGN ((psa_algorithm_t)0x06000000)
691 #define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION ((psa_algorithm_t)0x07000000)
692 #define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t)0x08000000)
693 #define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t)0x09000000)
694 
699 #define PSA_ALG_IS_VENDOR_DEFINED(alg) \
700  (((alg) & PSA_ALG_VENDOR_FLAG) != 0)
701 
710 #define PSA_ALG_IS_HASH(alg) \
711  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_HASH)
712 
721 #define PSA_ALG_IS_MAC(alg) \
722  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_MAC)
723 
732 #define PSA_ALG_IS_CIPHER(alg) \
733  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_CIPHER)
734 
744 #define PSA_ALG_IS_AEAD(alg) \
745  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_AEAD)
746 
756 #define PSA_ALG_IS_SIGN(alg) \
757  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_SIGN)
758 
768 #define PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg) \
769  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION)
770 
779 #define PSA_ALG_IS_KEY_AGREEMENT(alg) \
780  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_AGREEMENT)
781 
790 #define PSA_ALG_IS_KEY_DERIVATION(alg) \
791  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_DERIVATION)
792 
794 #define PSA_ALG_NONE ((psa_algorithm_t)0)
795 
796 #define PSA_ALG_HASH_MASK ((psa_algorithm_t)0x000000ff)
797 
798 #define PSA_ALG_MD2 ((psa_algorithm_t)0x02000001)
799 
800 #define PSA_ALG_MD4 ((psa_algorithm_t)0x02000002)
801 
802 #define PSA_ALG_MD5 ((psa_algorithm_t)0x02000003)
803 
804 #define PSA_ALG_RIPEMD160 ((psa_algorithm_t)0x02000004)
805 
806 #define PSA_ALG_SHA_1 ((psa_algorithm_t)0x02000005)
807 
808 #define PSA_ALG_SHA_224 ((psa_algorithm_t)0x02000008)
809 
810 #define PSA_ALG_SHA_256 ((psa_algorithm_t)0x02000009)
811 
812 #define PSA_ALG_SHA_384 ((psa_algorithm_t)0x0200000a)
813 
814 #define PSA_ALG_SHA_512 ((psa_algorithm_t)0x0200000b)
815 
816 #define PSA_ALG_SHA_512_224 ((psa_algorithm_t)0x0200000c)
817 
818 #define PSA_ALG_SHA_512_256 ((psa_algorithm_t)0x0200000d)
819 
820 #define PSA_ALG_SHA3_224 ((psa_algorithm_t)0x02000010)
821 
822 #define PSA_ALG_SHA3_256 ((psa_algorithm_t)0x02000011)
823 
824 #define PSA_ALG_SHA3_384 ((psa_algorithm_t)0x02000012)
825 
826 #define PSA_ALG_SHA3_512 ((psa_algorithm_t)0x02000013)
827 
833 #define PSA_ALG_SHAKE256_512 ((psa_algorithm_t)0x02000015)
834 
868 #define PSA_ALG_ANY_HASH ((psa_algorithm_t)0x020000ff)
869 
870 #define PSA_ALG_MAC_SUBCATEGORY_MASK ((psa_algorithm_t)0x00c00000)
871 #define PSA_ALG_HMAC_BASE ((psa_algorithm_t)0x03800000)
872 
883 #define PSA_ALG_HMAC(hash_alg) \
884  (PSA_ALG_HMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
885 
886 #define PSA_ALG_HMAC_GET_HASH(hmac_alg) \
887  (PSA_ALG_CATEGORY_HASH | ((hmac_alg) & PSA_ALG_HASH_MASK))
888 
899 #define PSA_ALG_IS_HMAC(alg) \
900  (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \
901  PSA_ALG_HMAC_BASE)
902 
903 /* In the encoding of a MAC algorithm, the bits corresponding to
904  * PSA_ALG_MAC_TRUNCATION_MASK encode the length to which the MAC is
905  * truncated. As an exception, the value 0 means the untruncated algorithm,
906  * whatever its length is. The length is encoded in 6 bits, so it can
907  * reach up to 63; the largest MAC is 64 bytes so its trivial truncation
908  * to full length is correctly encoded as 0 and any non-trivial truncation
909  * is correctly encoded as a value between 1 and 63. */
910 #define PSA_ALG_MAC_TRUNCATION_MASK ((psa_algorithm_t)0x003f0000)
911 #define PSA_MAC_TRUNCATION_OFFSET 16
912 
913 /* In the encoding of a MAC algorithm, the bit corresponding to
914  * #PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG encodes the fact that the algorithm
915  * is a wildcard algorithm. A key with such wildcard algorithm as permitted
916  * algorithm policy can be used with any algorithm corresponding to the
917  * same base class and having a (potentially truncated) MAC length greater or
918  * equal than the one encoded in #PSA_ALG_MAC_TRUNCATION_MASK. */
919 #define PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t)0x00008000)
920 
954 #define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length) \
955  (((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK | \
956  PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG)) | \
957  ((mac_length) << PSA_MAC_TRUNCATION_OFFSET & PSA_ALG_MAC_TRUNCATION_MASK))
958 
971 #define PSA_ALG_FULL_LENGTH_MAC(mac_alg) \
972  ((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK | \
973  PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG))
974 
986 #define PSA_MAC_TRUNCATED_LENGTH(mac_alg) \
987  (((mac_alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET)
988 
1013 #define PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(mac_alg, min_mac_length) \
1014  ( PSA_ALG_TRUNCATED_MAC(mac_alg, min_mac_length) | \
1015  PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG )
1016 
1017 #define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t)0x03c00000)
1018 
1023 #define PSA_ALG_CBC_MAC ((psa_algorithm_t)0x03c00100)
1024 
1025 #define PSA_ALG_CMAC ((psa_algorithm_t)0x03c00200)
1026 
1035 #define PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) \
1036  (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \
1037  PSA_ALG_CIPHER_MAC_BASE)
1038 
1039 #define PSA_ALG_CIPHER_STREAM_FLAG ((psa_algorithm_t)0x00800000)
1040 #define PSA_ALG_CIPHER_FROM_BLOCK_FLAG ((psa_algorithm_t)0x00400000)
1041 
1054 #define PSA_ALG_IS_STREAM_CIPHER(alg) \
1055  (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_CIPHER_STREAM_FLAG)) == \
1056  (PSA_ALG_CATEGORY_CIPHER | PSA_ALG_CIPHER_STREAM_FLAG))
1057 
1064 #define PSA_ALG_STREAM_CIPHER ((psa_algorithm_t)0x04800100)
1065 
1073 #define PSA_ALG_CTR ((psa_algorithm_t)0x04c01000)
1074 
1079 #define PSA_ALG_CFB ((psa_algorithm_t)0x04c01100)
1080 
1085 #define PSA_ALG_OFB ((psa_algorithm_t)0x04c01200)
1086 
1093 #define PSA_ALG_XTS ((psa_algorithm_t)0x0440ff00)
1094 
1113 #define PSA_ALG_ECB_NO_PADDING ((psa_algorithm_t)0x04404400)
1114 
1122 #define PSA_ALG_CBC_NO_PADDING ((psa_algorithm_t)0x04404000)
1123 
1130 #define PSA_ALG_CBC_PKCS7 ((psa_algorithm_t)0x04404100)
1131 
1132 #define PSA_ALG_AEAD_FROM_BLOCK_FLAG ((psa_algorithm_t)0x00400000)
1133 
1143 #define PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) \
1144  (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_AEAD_FROM_BLOCK_FLAG)) == \
1145  (PSA_ALG_CATEGORY_AEAD | PSA_ALG_AEAD_FROM_BLOCK_FLAG))
1146 
1151 #define PSA_ALG_CCM ((psa_algorithm_t)0x05500100)
1152 
1157 #define PSA_ALG_GCM ((psa_algorithm_t)0x05500200)
1158 
1168 #define PSA_ALG_CHACHA20_POLY1305 ((psa_algorithm_t)0x05100500)
1169 
1170 /* In the encoding of a AEAD algorithm, the bits corresponding to
1171  * PSA_ALG_AEAD_TAG_LENGTH_MASK encode the length of the AEAD tag.
1172  * The constants for default lengths follow this encoding.
1173  */
1174 #define PSA_ALG_AEAD_TAG_LENGTH_MASK ((psa_algorithm_t)0x003f0000)
1175 #define PSA_AEAD_TAG_LENGTH_OFFSET 16
1176 
1177 /* In the encoding of an AEAD algorithm, the bit corresponding to
1178  * #PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG encodes the fact that the algorithm
1179  * is a wildcard algorithm. A key with such wildcard algorithm as permitted
1180  * algorithm policy can be used with any algorithm corresponding to the
1181  * same base class and having a tag length greater than or equal to the one
1182  * encoded in #PSA_ALG_AEAD_TAG_LENGTH_MASK. */
1183 #define PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t)0x00008000)
1184 
1203 #define PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, tag_length) \
1204  (((aead_alg) & ~(PSA_ALG_AEAD_TAG_LENGTH_MASK | \
1205  PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)) | \
1206  ((tag_length) << PSA_AEAD_TAG_LENGTH_OFFSET & \
1207  PSA_ALG_AEAD_TAG_LENGTH_MASK))
1208 
1219 #define PSA_ALG_AEAD_GET_TAG_LENGTH(aead_alg) \
1220  (((aead_alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> \
1221  PSA_AEAD_TAG_LENGTH_OFFSET )
1222 
1231 #define PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(aead_alg) \
1232  ( \
1233  PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_CCM) \
1234  PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_GCM) \
1235  PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_CHACHA20_POLY1305) \
1236  0)
1237 #define PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, ref) \
1238  PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, 0) == \
1239  PSA_ALG_AEAD_WITH_SHORTENED_TAG(ref, 0) ? \
1240  ref :
1241 
1266 #define PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(aead_alg, min_tag_length) \
1267  ( PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, min_tag_length) | \
1268  PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG )
1269 
1270 #define PSA_ALG_RSA_PKCS1V15_SIGN_BASE ((psa_algorithm_t)0x06000200)
1271 
1286 #define PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg) \
1287  (PSA_ALG_RSA_PKCS1V15_SIGN_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1288 
1294 #define PSA_ALG_RSA_PKCS1V15_SIGN_RAW PSA_ALG_RSA_PKCS1V15_SIGN_BASE
1295 #define PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) \
1296  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PKCS1V15_SIGN_BASE)
1297 
1298 #define PSA_ALG_RSA_PSS_BASE ((psa_algorithm_t)0x06000300)
1299 #define PSA_ALG_RSA_PSS_ANY_SALT_BASE ((psa_algorithm_t)0x06001300)
1300 
1318 #define PSA_ALG_RSA_PSS(hash_alg) \
1319  (PSA_ALG_RSA_PSS_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1320 
1336 #define PSA_ALG_RSA_PSS_ANY_SALT(hash_alg) \
1337  (PSA_ALG_RSA_PSS_ANY_SALT_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1338 
1350 #define PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg) \
1351  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE)
1352 
1364 #define PSA_ALG_IS_RSA_PSS_ANY_SALT(alg) \
1365  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_ANY_SALT_BASE)
1366 
1382 #define PSA_ALG_IS_RSA_PSS(alg) \
1383  (PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg) || \
1384  PSA_ALG_IS_RSA_PSS_ANY_SALT(alg))
1385 
1386 #define PSA_ALG_ECDSA_BASE ((psa_algorithm_t)0x06000600)
1387 
1407 #define PSA_ALG_ECDSA(hash_alg) \
1408  (PSA_ALG_ECDSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1409 
1418 #define PSA_ALG_ECDSA_ANY PSA_ALG_ECDSA_BASE
1419 #define PSA_ALG_DETERMINISTIC_ECDSA_BASE ((psa_algorithm_t)0x06000700)
1420 
1442 #define PSA_ALG_DETERMINISTIC_ECDSA(hash_alg) \
1443  (PSA_ALG_DETERMINISTIC_ECDSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1444 #define PSA_ALG_ECDSA_DETERMINISTIC_FLAG ((psa_algorithm_t)0x00000100)
1445 #define PSA_ALG_IS_ECDSA(alg) \
1446  (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_ECDSA_DETERMINISTIC_FLAG) == \
1447  PSA_ALG_ECDSA_BASE)
1448 #define PSA_ALG_ECDSA_IS_DETERMINISTIC(alg) \
1449  (((alg) & PSA_ALG_ECDSA_DETERMINISTIC_FLAG) != 0)
1450 #define PSA_ALG_IS_DETERMINISTIC_ECDSA(alg) \
1451  (PSA_ALG_IS_ECDSA(alg) && PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))
1452 #define PSA_ALG_IS_RANDOMIZED_ECDSA(alg) \
1453  (PSA_ALG_IS_ECDSA(alg) && !PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))
1454 
1483 #define PSA_ALG_PURE_EDDSA ((psa_algorithm_t)0x06000800)
1484 
1485 #define PSA_ALG_HASH_EDDSA_BASE ((psa_algorithm_t)0x06000900)
1486 #define PSA_ALG_IS_HASH_EDDSA(alg) \
1487  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HASH_EDDSA_BASE)
1488 
1510 #define PSA_ALG_ED25519PH \
1511  (PSA_ALG_HASH_EDDSA_BASE | (PSA_ALG_SHA_512 & PSA_ALG_HASH_MASK))
1512 
1535 #define PSA_ALG_ED448PH \
1536  (PSA_ALG_HASH_EDDSA_BASE | (PSA_ALG_SHAKE256_512 & PSA_ALG_HASH_MASK))
1537 
1538 /* Default definition, to be overridden if the library is extended with
1539  * more hash-and-sign algorithms that we want to keep out of this header
1540  * file. */
1541 #define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) 0
1542 
1560 #define PSA_ALG_IS_SIGN_HASH(alg) \
1561  (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \
1562  PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) || \
1563  PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg))
1564 
1576 #define PSA_ALG_IS_SIGN_MESSAGE(alg) \
1577  (PSA_ALG_IS_SIGN_HASH(alg) || (alg) == PSA_ALG_PURE_EDDSA )
1578 
1605 #define PSA_ALG_IS_HASH_AND_SIGN(alg) \
1606  (PSA_ALG_IS_SIGN_HASH(alg) && \
1607  ((alg) & PSA_ALG_HASH_MASK) != 0)
1608 
1627 #define PSA_ALG_SIGN_GET_HASH(alg) \
1628  (PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
1629  ((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \
1630  0)
1631 
1634 #define PSA_ALG_RSA_PKCS1V15_CRYPT ((psa_algorithm_t)0x07000200)
1635 
1636 #define PSA_ALG_RSA_OAEP_BASE ((psa_algorithm_t)0x07000300)
1637 
1651 #define PSA_ALG_RSA_OAEP(hash_alg) \
1652  (PSA_ALG_RSA_OAEP_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1653 #define PSA_ALG_IS_RSA_OAEP(alg) \
1654  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_OAEP_BASE)
1655 #define PSA_ALG_RSA_OAEP_GET_HASH(alg) \
1656  (PSA_ALG_IS_RSA_OAEP(alg) ? \
1657  ((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \
1658  0)
1659 
1660 #define PSA_ALG_HKDF_BASE ((psa_algorithm_t)0x08000100)
1661 
1681 #define PSA_ALG_HKDF(hash_alg) \
1682  (PSA_ALG_HKDF_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1683 
1694 #define PSA_ALG_IS_HKDF(alg) \
1695  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_BASE)
1696 #define PSA_ALG_HKDF_GET_HASH(hkdf_alg) \
1697  (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
1698 
1699 #define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x08000200)
1700 
1726 #define PSA_ALG_TLS12_PRF(hash_alg) \
1727  (PSA_ALG_TLS12_PRF_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1728 
1737 #define PSA_ALG_IS_TLS12_PRF(alg) \
1738  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PRF_BASE)
1739 #define PSA_ALG_TLS12_PRF_GET_HASH(hkdf_alg) \
1740  (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
1741 
1742 #define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t)0x08000300)
1743 
1772 #define PSA_ALG_TLS12_PSK_TO_MS(hash_alg) \
1773  (PSA_ALG_TLS12_PSK_TO_MS_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1774 
1783 #define PSA_ALG_IS_TLS12_PSK_TO_MS(alg) \
1784  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PSK_TO_MS_BASE)
1785 #define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg) \
1786  (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
1787 
1788 #define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t)0xfe00ffff)
1789 #define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t)0xffff0000)
1790 
1805 #define PSA_ALG_KEY_AGREEMENT(ka_alg, kdf_alg) \
1806  ((ka_alg) | (kdf_alg))
1807 
1808 #define PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) \
1809  (((alg) & PSA_ALG_KEY_DERIVATION_MASK) | PSA_ALG_CATEGORY_KEY_DERIVATION)
1810 
1811 #define PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) \
1812  (((alg) & PSA_ALG_KEY_AGREEMENT_MASK) | PSA_ALG_CATEGORY_KEY_AGREEMENT)
1813 
1828 #define PSA_ALG_IS_RAW_KEY_AGREEMENT(alg) \
1829  (PSA_ALG_IS_KEY_AGREEMENT(alg) && \
1830  PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) == PSA_ALG_CATEGORY_KEY_DERIVATION)
1831 
1832 #define PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT(alg) \
1833  ((PSA_ALG_IS_KEY_DERIVATION(alg) || PSA_ALG_IS_KEY_AGREEMENT(alg)))
1834 
1842 #define PSA_ALG_FFDH ((psa_algorithm_t)0x09010000)
1843 
1856 #define PSA_ALG_IS_FFDH(alg) \
1857  (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH)
1858 
1884 #define PSA_ALG_ECDH ((psa_algorithm_t)0x09020000)
1885 
1900 #define PSA_ALG_IS_ECDH(alg) \
1901  (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH)
1902 
1916 #define PSA_ALG_IS_WILDCARD(alg) \
1917  (PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
1918  PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH : \
1919  PSA_ALG_IS_MAC(alg) ? \
1920  (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0 : \
1921  PSA_ALG_IS_AEAD(alg) ? \
1922  (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0 : \
1923  (alg) == PSA_ALG_ANY_HASH)
1924 
1942 #define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t)0x00000000)
1943 
1956 #define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001)
1957 
1962 #define PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t)0x00)
1963 
1968 #define PSA_KEY_PERSISTENCE_DEFAULT ((psa_key_persistence_t)0x01)
1969 
1974 #define PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t)0xff)
1975 
1976 #define PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) \
1977  ((psa_key_persistence_t)((lifetime) & 0x000000ff))
1978 
1979 #define PSA_KEY_LIFETIME_GET_LOCATION(lifetime) \
1980  ((psa_key_location_t)((lifetime) >> 8))
1981 
1998 #define PSA_KEY_LIFETIME_IS_VOLATILE(lifetime) \
1999  (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
2000  PSA_KEY_PERSISTENCE_VOLATILE)
2001 
2019 #define PSA_KEY_LIFETIME_IS_READ_ONLY(lifetime) \
2020  (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
2021  PSA_KEY_PERSISTENCE_READ_ONLY)
2022 
2032 #define PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(persistence, location) \
2033  ((location) << 8 | (persistence))
2034 
2042 #define PSA_KEY_LOCATION_LOCAL_STORAGE ((psa_key_location_t)0x000000)
2043 
2044 #define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t)0x800000)
2045 
2048 #define PSA_KEY_ID_NULL ((psa_key_id_t)0)
2049 
2051 #define PSA_KEY_ID_USER_MIN ((psa_key_id_t)0x00000001)
2052 
2054 #define PSA_KEY_ID_USER_MAX ((psa_key_id_t)0x3fffffff)
2055 
2057 #define PSA_KEY_ID_VENDOR_MIN ((psa_key_id_t)0x40000000)
2058 
2060 #define PSA_KEY_ID_VENDOR_MAX ((psa_key_id_t)0x7fffffff)
2061 
2062 
2063 #if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
2064 
2065 #define MBEDTLS_SVC_KEY_ID_INIT ( (psa_key_id_t)0 )
2066 #define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( id )
2067 #define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( 0 )
2068 
2075  unsigned int unused, psa_key_id_t key_id )
2076 {
2077  (void)unused;
2078 
2079  return( key_id );
2080 }
2081 
2090  mbedtls_svc_key_id_t id2 )
2091 {
2092  return( id1 == id2 );
2093 }
2094 
2102 {
2103  return( key == 0 );
2104 }
2105 
2106 #else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
2107 
2108 #define MBEDTLS_SVC_KEY_ID_INIT ( (mbedtls_svc_key_id_t){ 0, 0 } )
2109 #define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( ( id ).key_id )
2110 #define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( ( id ).owner )
2111 
2118  mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id )
2119 {
2120  return( (mbedtls_svc_key_id_t){ .key_id = key_id,
2121  .owner = owner_id } );
2122 }
2123 
2131 static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1,
2132  mbedtls_svc_key_id_t id2 )
2133 {
2134  return( ( id1.key_id == id2.key_id ) &&
2135  mbedtls_key_owner_id_equal( id1.owner, id2.owner ) );
2136 }
2137 
2144 static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
2145 {
2146  return( key.key_id == 0 );
2147 }
2148 
2149 #endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
2150 
2168 #define PSA_KEY_USAGE_EXPORT ((psa_key_usage_t)0x00000001)
2169 
2184 #define PSA_KEY_USAGE_COPY ((psa_key_usage_t)0x00000002)
2185 
2195 #define PSA_KEY_USAGE_ENCRYPT ((psa_key_usage_t)0x00000100)
2196 
2206 #define PSA_KEY_USAGE_DECRYPT ((psa_key_usage_t)0x00000200)
2207 
2216 #define PSA_KEY_USAGE_SIGN_MESSAGE ((psa_key_usage_t)0x00000400)
2217 
2226 #define PSA_KEY_USAGE_VERIFY_MESSAGE ((psa_key_usage_t)0x00000800)
2227 
2236 #define PSA_KEY_USAGE_SIGN_HASH ((psa_key_usage_t)0x00001000)
2237 
2246 #define PSA_KEY_USAGE_VERIFY_HASH ((psa_key_usage_t)0x00002000)
2247 
2250 #define PSA_KEY_USAGE_DERIVE ((psa_key_usage_t)0x00004000)
2251 
2270 #define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t)0x0101)
2271 
2277 #define PSA_KEY_DERIVATION_INPUT_LABEL ((psa_key_derivation_step_t)0x0201)
2278 
2284 #define PSA_KEY_DERIVATION_INPUT_SALT ((psa_key_derivation_step_t)0x0202)
2285 
2291 #define PSA_KEY_DERIVATION_INPUT_INFO ((psa_key_derivation_step_t)0x0203)
2292 
2298 #define PSA_KEY_DERIVATION_INPUT_SEED ((psa_key_derivation_step_t)0x0204)
2299 
2306 /* Helper macros */
2307 
2319 #define MBEDTLS_PSA_ALG_AEAD_EQUAL(aead_alg_1, aead_alg_2) \
2320  (!(((aead_alg_1) ^ (aead_alg_2)) & \
2321  ~(PSA_ALG_AEAD_TAG_LENGTH_MASK | PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)))
2322 
2325 #endif /* PSA_CRYPTO_VALUES_H */
uint32_t psa_key_id_t
Definition: crypto_types.h:224
static mbedtls_svc_key_id_t mbedtls_svc_key_id_make(unsigned int unused, psa_key_id_t key_id)
psa_key_id_t mbedtls_svc_key_id_t
Definition: crypto_types.h:227
static int mbedtls_svc_key_id_equal(mbedtls_svc_key_id_t id1, mbedtls_svc_key_id_t id2)
static int mbedtls_svc_key_id_is_null(mbedtls_svc_key_id_t key)