mbed TLS v2.28.0
crypto_se_driver.h
Go to the documentation of this file.
1 
18 /*
19  * Copyright The Mbed TLS Contributors
20  * SPDX-License-Identifier: Apache-2.0
21  *
22  * Licensed under the Apache License, Version 2.0 (the "License"); you may
23  * not use this file except in compliance with the License.
24  * You may obtain a copy of the License at
25  *
26  * http://www.apache.org/licenses/LICENSE-2.0
27  *
28  * Unless required by applicable law or agreed to in writing, software
29  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
30  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
31  * See the License for the specific language governing permissions and
32  * limitations under the License.
33  */
34 #ifndef PSA_CRYPTO_SE_DRIVER_H
35 #define PSA_CRYPTO_SE_DRIVER_H
36 
37 #include "crypto_driver_common.h"
38 
39 #ifdef __cplusplus
40 extern "C" {
41 #endif
42 
55 typedef struct {
100  const void *const persistent_data;
101 
107  const size_t persistent_data_size;
108 
114  uintptr_t transient_data;
116 
136  void *persistent_data,
137  psa_key_location_t location);
138 
139 #if defined(__DOXYGEN_ONLY__) || !defined(MBEDTLS_PSA_CRYPTO_SE_C)
140 /* Mbed Crypto with secure element support enabled defines this type in
141  * crypto_types.h because it is also visible to applications through an
142  * implementation-specific extension.
143  * For the PSA Cryptography specification, this type is only visible
144  * via crypto_se_driver.h. */
148 typedef uint64_t psa_key_slot_number_t;
149 #endif /* __DOXYGEN_ONLY__ || !MBEDTLS_PSA_CRYPTO_SE_C */
150 
185  void *op_context,
186  psa_key_slot_number_t key_slot,
187  psa_algorithm_t algorithm);
188 
199 typedef psa_status_t (*psa_drv_se_mac_update_t)(void *op_context,
200  const uint8_t *p_input,
201  size_t input_length);
202 
219 typedef psa_status_t (*psa_drv_se_mac_finish_t)(void *op_context,
220  uint8_t *p_mac,
221  size_t mac_size,
222  size_t *p_mac_length);
223 
240 typedef psa_status_t (*psa_drv_se_mac_finish_verify_t)(void *op_context,
241  const uint8_t *p_mac,
242  size_t mac_length);
243 
250 typedef psa_status_t (*psa_drv_se_mac_abort_t)(void *op_context);
251 
271  const uint8_t *p_input,
272  size_t input_length,
273  psa_key_slot_number_t key_slot,
274  psa_algorithm_t alg,
275  uint8_t *p_mac,
276  size_t mac_size,
277  size_t *p_mac_length);
278 
300  const uint8_t *p_input,
301  size_t input_length,
302  psa_key_slot_number_t key_slot,
303  psa_algorithm_t alg,
304  const uint8_t *p_mac,
305  size_t mac_length);
306 
322 typedef struct {
326  size_t context_size;
391  void *op_context,
392  psa_key_slot_number_t key_slot,
393  psa_algorithm_t algorithm,
394  psa_encrypt_or_decrypt_t direction);
395 
411 typedef psa_status_t (*psa_drv_se_cipher_set_iv_t)(void *op_context,
412  const uint8_t *p_iv,
413  size_t iv_length);
414 
433 typedef psa_status_t (*psa_drv_se_cipher_update_t)(void *op_context,
434  const uint8_t *p_input,
435  size_t input_size,
436  uint8_t *p_output,
437  size_t output_size,
438  size_t *p_output_length);
439 
454 typedef psa_status_t (*psa_drv_se_cipher_finish_t)(void *op_context,
455  uint8_t *p_output,
456  size_t output_size,
457  size_t *p_output_length);
458 
465 typedef psa_status_t (*psa_drv_se_cipher_abort_t)(void *op_context);
466 
491  psa_key_slot_number_t key_slot,
492  psa_algorithm_t algorithm,
493  psa_encrypt_or_decrypt_t direction,
494  const uint8_t *p_input,
495  size_t input_size,
496  uint8_t *p_output,
497  size_t output_size);
498 
509 typedef struct {
513  size_t context_size;
530 
559  psa_key_slot_number_t key_slot,
560  psa_algorithm_t alg,
561  const uint8_t *p_hash,
562  size_t hash_length,
563  uint8_t *p_signature,
564  size_t signature_size,
565  size_t *p_signature_length);
566 
585  psa_key_slot_number_t key_slot,
586  psa_algorithm_t alg,
587  const uint8_t *p_hash,
588  size_t hash_length,
589  const uint8_t *p_signature,
590  size_t signature_length);
591 
623  psa_key_slot_number_t key_slot,
624  psa_algorithm_t alg,
625  const uint8_t *p_input,
626  size_t input_length,
627  const uint8_t *p_salt,
628  size_t salt_length,
629  uint8_t *p_output,
630  size_t output_size,
631  size_t *p_output_length);
632 
663  psa_key_slot_number_t key_slot,
664  psa_algorithm_t alg,
665  const uint8_t *p_input,
666  size_t input_length,
667  const uint8_t *p_salt,
668  size_t salt_length,
669  uint8_t *p_output,
670  size_t output_size,
671  size_t *p_output_length);
672 
682 typedef struct {
692 
736  psa_key_slot_number_t key_slot,
737  psa_algorithm_t algorithm,
738  const uint8_t *p_nonce,
739  size_t nonce_length,
740  const uint8_t *p_additional_data,
741  size_t additional_data_length,
742  const uint8_t *p_plaintext,
743  size_t plaintext_length,
744  uint8_t *p_ciphertext,
745  size_t ciphertext_size,
746  size_t *p_ciphertext_length);
747 
778  psa_key_slot_number_t key_slot,
779  psa_algorithm_t algorithm,
780  const uint8_t *p_nonce,
781  size_t nonce_length,
782  const uint8_t *p_additional_data,
783  size_t additional_data_length,
784  const uint8_t *p_ciphertext,
785  size_t ciphertext_length,
786  uint8_t *p_plaintext,
787  size_t plaintext_size,
788  size_t *p_plaintext_length);
789 
799 typedef struct {
817 typedef enum
818 {
824 #ifndef __DOXYGEN_ONLY__
825 
843 #endif
845 
911  psa_drv_se_context_t *drv_context,
912  void *persistent_data,
913  const psa_key_attributes_t *attributes,
915  psa_key_slot_number_t *key_slot);
916 
957  psa_drv_se_context_t *drv_context,
958  void *persistent_data,
959  const psa_key_attributes_t *attributes,
961  psa_key_slot_number_t key_slot);
962 
993  psa_drv_se_context_t *drv_context,
994  psa_key_slot_number_t key_slot,
995  const psa_key_attributes_t *attributes,
996  const uint8_t *data,
997  size_t data_length,
998  size_t *bits);
999 
1019  psa_drv_se_context_t *drv_context,
1020  void *persistent_data,
1021  psa_key_slot_number_t key_slot);
1022 
1056  uint8_t *p_data,
1057  size_t data_size,
1058  size_t *p_data_length);
1059 
1107  psa_drv_se_context_t *drv_context,
1108  psa_key_slot_number_t key_slot,
1109  const psa_key_attributes_t *attributes,
1110  uint8_t *pubkey, size_t pubkey_size, size_t *pubkey_length);
1111 
1121 typedef struct {
1137 
1202  void *op_context,
1203  psa_algorithm_t kdf_alg,
1204  psa_key_slot_number_t source_key);
1205 
1222  uint32_t collateral_id,
1223  const uint8_t *p_collateral,
1224  size_t collateral_size);
1225 
1237  psa_key_slot_number_t dest_key);
1238 
1251  uint8_t *p_output,
1252  size_t output_size,
1253  size_t *p_output_length);
1254 
1264 typedef struct {
1277 
1290 typedef struct {
1296  uint32_t hal_version;
1297 
1307 
1319 
1326 } psa_drv_se_t;
1327 
1330 /* 0.0.0 patchlevel 5 */
1331 #define PSA_DRV_SE_HAL_VERSION 0x00000005
1332 
1386  psa_key_location_t location,
1387  const psa_drv_se_t *methods);
1388 
1391 #ifdef __cplusplus
1392 }
1393 #endif
1394 
1395 #endif /* PSA_CRYPTO_SE_DRIVER_H */
psa_status_t(* psa_drv_se_mac_generate_t)(psa_drv_se_context_t *drv_context, const uint8_t *p_input, size_t input_length, psa_key_slot_number_t key_slot, psa_algorithm_t alg, uint8_t *p_mac, size_t mac_size, size_t *p_mac_length)
A function that performs a secure element MAC operation in one command and returns the calculated MAC...
psa_drv_se_mac_generate_t p_mac
const psa_drv_se_aead_t * aead
psa_drv_se_key_derivation_derive_t p_derive
psa_encrypt_or_decrypt_t
const void *const persistent_data
psa_drv_se_cipher_setup_t p_setup
const psa_drv_se_key_derivation_t * derivation
psa_drv_se_mac_update_t p_update
psa_drv_se_key_derivation_collateral_t p_collateral
psa_drv_se_aead_encrypt_t p_encrypt
psa_status_t(* psa_drv_se_aead_decrypt_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t algorithm, const uint8_t *p_nonce, size_t nonce_length, const uint8_t *p_additional_data, size_t additional_data_length, const uint8_t *p_ciphertext, size_t ciphertext_length, uint8_t *p_plaintext, size_t plaintext_size, size_t *p_plaintext_length)
psa_drv_se_cipher_finish_t p_finish
psa_status_t(* psa_drv_se_cipher_update_t)(void *op_context, const uint8_t *p_input, size_t input_size, uint8_t *p_output, size_t output_size, size_t *p_output_length)
A function that continues a previously started secure element cipher operation.
psa_status_t(* psa_drv_se_asymmetric_sign_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, size_t hash_length, uint8_t *p_signature, size_t signature_size, size_t *p_signature_length)
A function that signs a hash or short message with a private key in a secure element.
psa_drv_se_allocate_key_t p_allocate
psa_status_t(* psa_drv_se_key_derivation_export_t)(void *op_context, uint8_t *p_output, size_t output_size, size_t *p_output_length)
A function that performs the final step of a secure element key agreement and place the generated key...
psa_status_t(* psa_drv_se_mac_finish_verify_t)(void *op_context, const uint8_t *p_mac, size_t mac_length)
A function that completes a previously started secure element MAC operation by comparing the resultin...
A struct containing all of the function pointers needed to for secure element key management...
const psa_drv_se_asymmetric_t * asymmetric
psa_drv_se_validate_slot_number_t p_validate_slot_number
psa_drv_se_mac_finish_t p_finish
psa_drv_se_cipher_set_iv_t p_set_iv
psa_status_t(* psa_drv_se_cipher_finish_t)(void *op_context, uint8_t *p_output, size_t output_size, size_t *p_output_length)
A function that completes a previously started secure element cipher operation.
psa_drv_se_asymmetric_verify_t p_verify
psa_status_t(* psa_drv_se_mac_abort_t)(void *op_context)
A function that aborts a previous started secure element MAC operation.
psa_status_t(* psa_drv_se_mac_verify_t)(psa_drv_se_context_t *drv_context, const uint8_t *p_input, size_t input_length, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_mac, size_t mac_length)
A function that performs a secure element MAC operation in one command and compares the resulting MAC...
uint32_t psa_key_location_t
Definition: crypto_types.h:213
psa_status_t(* psa_drv_se_export_key_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key, uint8_t *p_data, size_t data_size, size_t *p_data_length)
A function that exports a secure element key in binary format.
psa_drv_se_mac_setup_t p_setup
psa_status_t(* psa_drv_se_asymmetric_decrypt_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length)
A function that decrypts a short message with an asymmetric private key in a secure element...
const psa_drv_se_cipher_t * cipher
psa_status_t(* psa_drv_se_validate_slot_number_t)(psa_drv_se_context_t *drv_context, void *persistent_data, const psa_key_attributes_t *attributes, psa_key_creation_method_t method, psa_key_slot_number_t key_slot)
A function that determines whether a slot number is valid for a key.
psa_drv_se_mac_finish_verify_t p_finish_verify
Driver context structure.
A struct containing all of the function pointers needed to implement cipher operations using secure e...
psa_status_t(* psa_drv_se_import_key_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, size_t *bits)
A function that imports a key into a secure element in binary format.
uint64_t psa_key_slot_number_t
A struct containing all of the function pointers needed to implement asymmetric cryptographic operati...
psa_status_t psa_register_se_driver(psa_key_location_t location, const psa_drv_se_t *methods)
psa_drv_se_import_key_t p_import
psa_status_t(* psa_drv_se_cipher_setup_t)(psa_drv_se_context_t *drv_context, void *op_context, psa_key_slot_number_t key_slot, psa_algorithm_t algorithm, psa_encrypt_or_decrypt_t direction)
A function that provides the cipher setup function for a secure element driver.
psa_drv_se_export_key_t p_export
psa_status_t(* psa_drv_se_generate_key_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, const psa_key_attributes_t *attributes, uint8_t *pubkey, size_t pubkey_size, size_t *pubkey_length)
A function that generates a symmetric or asymmetric key on a secure element.
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: crypto_types.h:105
psa_status_t(* psa_drv_se_cipher_abort_t)(void *op_context)
A function that aborts a previously started secure element cipher operation.
uint32_t hal_version
psa_drv_se_cipher_abort_t p_abort
psa_status_t(* psa_drv_se_destroy_key_t)(psa_drv_se_context_t *drv_context, void *persistent_data, psa_key_slot_number_t key_slot)
A function that destroys a secure element key and restore the slot to its default state...
psa_drv_se_cipher_update_t p_update
psa_status_t(* psa_drv_se_asymmetric_verify_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, size_t hash_length, const uint8_t *p_signature, size_t signature_length)
A function that verifies the signature a hash or short message using an asymmetric public key in a se...
psa_drv_se_aead_decrypt_t p_decrypt
psa_status_t(* psa_drv_se_init_t)(psa_drv_se_context_t *drv_context, void *persistent_data, psa_key_location_t location)
A driver initialization function.
A struct containing all of the function pointers needed to perform secure element MAC operations...
psa_drv_se_mac_verify_t p_mac_verify
psa_drv_se_asymmetric_sign_t p_sign
psa_status_t(* psa_drv_se_key_derivation_setup_t)(psa_drv_se_context_t *drv_context, void *op_context, psa_algorithm_t kdf_alg, psa_key_slot_number_t source_key)
A function that Sets up a secure element key derivation operation by specifying the algorithm and the...
psa_status_t(* psa_drv_se_asymmetric_encrypt_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length)
A function that encrypts a short message with an asymmetric public key in a secure element...
psa_drv_se_init_t p_init
psa_drv_se_asymmetric_encrypt_t p_encrypt
psa_status_t(* psa_drv_se_key_derivation_collateral_t)(void *op_context, uint32_t collateral_id, const uint8_t *p_collateral, size_t collateral_size)
A function that provides collateral (parameters) needed for a secure element key derivation or key ag...
psa_drv_se_mac_abort_t p_abort
psa_status_t(* psa_drv_se_mac_update_t)(void *op_context, const uint8_t *p_input, size_t input_length)
A function that continues a previously started secure element MAC operation.
A struct containing all of the function pointers needed to for secure element key derivation and agre...
const size_t persistent_data_size
A struct containing all of the function pointers needed to implement secure element Authenticated Enc...
const psa_drv_se_key_management_t * key_management
psa_drv_se_destroy_key_t p_destroy
psa_status_t(* psa_drv_se_key_derivation_derive_t)(void *op_context, psa_key_slot_number_t dest_key)
A function that performs the final secure element key derivation step and place the generated key mat...
psa_status_t(* psa_drv_se_mac_setup_t)(psa_drv_se_context_t *drv_context, void *op_context, psa_key_slot_number_t key_slot, psa_algorithm_t algorithm)
A function that starts a secure element MAC operation for a PSA Crypto Driver implementation.
psa_drv_se_cipher_ecb_t p_ecb
Definitions for all PSA crypto drivers.
psa_status_t(* psa_drv_se_allocate_key_t)(psa_drv_se_context_t *drv_context, void *persistent_data, const psa_key_attributes_t *attributes, psa_key_creation_method_t method, psa_key_slot_number_t *key_slot)
A function that allocates a slot for a key.
psa_drv_se_key_derivation_setup_t p_setup
size_t persistent_data_size
psa_status_t(* psa_drv_se_cipher_set_iv_t)(void *op_context, const uint8_t *p_iv, size_t iv_length)
A function that sets the initialization vector (if necessary) for an secure element cipher operation...
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:62
psa_drv_se_asymmetric_decrypt_t p_decrypt
psa_key_creation_method_t
const psa_drv_se_mac_t * mac
psa_status_t(* psa_drv_se_aead_encrypt_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t algorithm, const uint8_t *p_nonce, size_t nonce_length, const uint8_t *p_additional_data, size_t additional_data_length, const uint8_t *p_plaintext, size_t plaintext_length, uint8_t *p_ciphertext, size_t ciphertext_size, size_t *p_ciphertext_length)
A function that performs a secure element authenticated encryption operation.
psa_status_t(* psa_drv_se_cipher_ecb_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t algorithm, psa_encrypt_or_decrypt_t direction, const uint8_t *p_input, size_t input_size, uint8_t *p_output, size_t output_size)
A function that performs the ECB block mode for secure element cipher operations. ...
psa_drv_se_export_key_t p_export_public
psa_drv_se_generate_key_t p_generate
psa_status_t(* psa_drv_se_mac_finish_t)(void *op_context, uint8_t *p_mac, size_t mac_size, size_t *p_mac_length)
a function that completes a previously started secure element MAC operation by returning the resultin...
psa_drv_se_key_derivation_export_t p_export