Mbed TLS v2.28.7
crypto_extra.h
Go to the documentation of this file.
1 
11 /*
12  * Copyright The Mbed TLS Contributors
13  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
14  */
15 
16 #ifndef PSA_CRYPTO_EXTRA_H
17 #define PSA_CRYPTO_EXTRA_H
18 
19 #include "mbedtls/platform_util.h"
20 
21 #include "crypto_types.h"
22 #include "crypto_compat.h"
23 
24 #ifdef __cplusplus
25 extern "C" {
26 #endif
27 
28 /* UID for secure storage seed */
29 #define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52
30 
31 /* See config.h for definition */
32 #if !defined(MBEDTLS_PSA_KEY_SLOT_COUNT)
33 #define MBEDTLS_PSA_KEY_SLOT_COUNT 32
34 #endif
35 
60  psa_key_attributes_t *attributes,
61  psa_algorithm_t alg2)
62 {
63  attributes->core.policy.alg2 = alg2;
64 }
65 
73  const psa_key_attributes_t *attributes)
74 {
75  return attributes->core.policy.alg2;
76 }
77 
78 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
79 
102 psa_status_t psa_get_key_slot_number(
103  const psa_key_attributes_t *attributes,
104  psa_key_slot_number_t *slot_number);
105 
129 static inline void psa_set_key_slot_number(
130  psa_key_attributes_t *attributes,
131  psa_key_slot_number_t slot_number)
132 {
134  attributes->slot_number = slot_number;
135 }
136 
143 static inline void psa_clear_key_slot_number(
144  psa_key_attributes_t *attributes)
145 {
147 }
148 
189 psa_status_t mbedtls_psa_register_se_key(
190  const psa_key_attributes_t *attributes);
191 
192 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
193 
204 void mbedtls_psa_crypto_free(void);
205 
212 typedef struct mbedtls_psa_stats_s {
225  size_t cache_slots;
227  size_t empty_slots;
229  size_t locked_slots;
235 
244 
312 psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
313  size_t seed_size);
314 
326 #define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t) 0x4002)
327 
344 #define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t) 0x7002)
345 
347 #define PSA_KEY_TYPE_IS_DSA(type) \
348  (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY)
349 
350 #define PSA_ALG_DSA_BASE ((psa_algorithm_t) 0x06000400)
351 
365 #define PSA_ALG_DSA(hash_alg) \
366  (PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
367 #define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t) 0x06000500)
368 #define PSA_ALG_DSA_DETERMINISTIC_FLAG PSA_ALG_ECDSA_DETERMINISTIC_FLAG
369 
383 #define PSA_ALG_DETERMINISTIC_DSA(hash_alg) \
384  (PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
385 #define PSA_ALG_IS_DSA(alg) \
386  (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == \
387  PSA_ALG_DSA_BASE)
388 #define PSA_ALG_DSA_IS_DETERMINISTIC(alg) \
389  (((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)
390 #define PSA_ALG_IS_DETERMINISTIC_DSA(alg) \
391  (PSA_ALG_IS_DSA(alg) && PSA_ALG_DSA_IS_DETERMINISTIC(alg))
392 #define PSA_ALG_IS_RANDOMIZED_DSA(alg) \
393  (PSA_ALG_IS_DSA(alg) && !PSA_ALG_DSA_IS_DETERMINISTIC(alg))
394 
395 
396 /* We need to expand the sample definition of this macro from
397  * the API definition. */
398 #undef PSA_ALG_IS_VENDOR_HASH_AND_SIGN
399 #define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) \
400  PSA_ALG_IS_DSA(alg)
401 
414 #define PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t) 0x7e)
415 
416 
484  psa_key_type_t type,
485  const uint8_t *data,
486  size_t data_length);
487 
512  const psa_key_attributes_t *attributes,
513  uint8_t *data,
514  size_t data_size,
515  size_t *data_length);
516 
542 #define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits) \
543  (PSA_KEY_TYPE_IS_RSA(key_type) ? sizeof(int) : \
544  PSA_KEY_TYPE_IS_DH(key_type) ? PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
545  PSA_KEY_TYPE_IS_DSA(key_type) ? PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
546  0)
547 #define PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
548  (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 3 /*without optional parts*/)
549 #define PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
550  (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 2 /*p, g*/ + 34 /*q*/)
551 
558 #if defined(MBEDTLS_ECP_C)
559 #include <mbedtls/ecp.h>
560 
575  size_t *bits)
576 {
577  switch (grpid) {
579  *bits = 192;
580  return PSA_ECC_FAMILY_SECP_R1;
582  *bits = 224;
583  return PSA_ECC_FAMILY_SECP_R1;
585  *bits = 256;
586  return PSA_ECC_FAMILY_SECP_R1;
588  *bits = 384;
589  return PSA_ECC_FAMILY_SECP_R1;
591  *bits = 521;
592  return PSA_ECC_FAMILY_SECP_R1;
594  *bits = 256;
597  *bits = 384;
600  *bits = 512;
603  *bits = 255;
606  *bits = 192;
607  return PSA_ECC_FAMILY_SECP_K1;
609  *bits = 224;
610  return PSA_ECC_FAMILY_SECP_K1;
612  *bits = 256;
613  return PSA_ECC_FAMILY_SECP_K1;
615  *bits = 448;
617  default:
618  *bits = 0;
619  return 0;
620  }
621 }
622 
643  size_t bits,
644  int bits_is_sloppy);
645 #endif /* MBEDTLS_ECP_C */
646 
653 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
654 
693 psa_status_t mbedtls_psa_external_get_random(
694  mbedtls_psa_external_random_context_t *context,
695  uint8_t *output, size_t output_size, size_t *output_length);
696 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
697 
715 #define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ((psa_key_id_t) 0x7fff0000)
716 
722 #define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ((psa_key_id_t) 0x7fffefff)
723 
728 typedef uint64_t psa_drv_slot_number_t;
729 
730 #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
731 
740 static inline int psa_key_id_is_builtin(psa_key_id_t key_id)
741 {
742  return (key_id >= MBEDTLS_PSA_KEY_ID_BUILTIN_MIN) &&
743  (key_id <= MBEDTLS_PSA_KEY_ID_BUILTIN_MAX);
744 }
745 
790 psa_status_t mbedtls_psa_platform_get_builtin_key(
791  mbedtls_svc_key_id_t key_id,
792  psa_key_lifetime_t *lifetime,
793  psa_drv_slot_number_t *slot_number);
794 #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
795 
798 #ifdef __cplusplus
799 }
800 #endif
801 
802 #endif /* PSA_CRYPTO_EXTRA_H */
static psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, size_t *bits)
Definition: crypto_extra.h:574
void mbedtls_psa_crypto_free(void)
Library deinitialization.
#define PSA_ECC_FAMILY_MONTGOMERY
PSA cryptography module: Backward compatibility aliases.
static void psa_set_key_enrollment_algorithm(psa_key_attributes_t *attributes, psa_algorithm_t alg2)
Declare the enrollment algorithm for a key.
Definition: crypto_extra.h:59
#define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN
Definition: crypto_extra.h:715
This file provides an API for Elliptic Curves over GF(P) (ECP).
psa_algorithm_t alg2
psa_key_attributes_flag_t flags
PSA cryptography module: type aliases.
uint32_t psa_key_id_t
Definition: crypto_types.h:266
psa_core_key_attributes_t core
void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats)
Get statistics about resource consumption related to the PSA keystore.
struct mbedtls_psa_stats_s mbedtls_psa_stats_t
Statistics about resource consumption related to the PSA keystore.
Common and shared functions used by multiple modules in the Mbed TLS library.
psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, size_t seed_size)
Inject an initial entropy seed for the random generator into secure storage.
uint64_t psa_drv_slot_number_t
Definition: crypto_extra.h:728
#define MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER
psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, psa_key_type_t type, const uint8_t *data, size_t data_length)
Set domain parameters for a key.
#define PSA_ECC_FAMILY_BRAINPOOL_P_R1
uint64_t psa_key_slot_number_t
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, size_t bits, int bits_is_sloppy)
static psa_algorithm_t psa_get_key_enrollment_algorithm(const psa_key_attributes_t *attributes)
Definition: crypto_extra.h:72
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: crypto_types.h:125
#define PSA_ECC_FAMILY_SECP_R1
mbedtls_ecp_group_id
Definition: ecp.h:113
uint16_t psa_key_type_t
Encoding of a key type.
Definition: crypto_types.h:69
psa_key_id_t max_open_internal_key_id
Definition: crypto_extra.h:231
#define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX
Definition: crypto_extra.h:722
psa_key_id_t mbedtls_svc_key_id_t
Definition: crypto_types.h:283
psa_key_policy_t policy
psa_status_t psa_get_key_domain_parameters(const psa_key_attributes_t *attributes, uint8_t *data, size_t data_size, size_t *data_length)
Get domain parameters for a key.
#define PSA_ECC_FAMILY_SECP_K1
uint32_t psa_key_lifetime_t
Definition: crypto_types.h:174
psa_key_id_t max_open_external_key_id
Definition: crypto_extra.h:233
uint8_t psa_ecc_family_t
Definition: crypto_types.h:88
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:50
Statistics about resource consumption related to the PSA keystore.
Definition: crypto_extra.h:212