mbed TLS v3.3.0
Loading...
Searching...
No Matches
crypto_se_driver.h
Go to the documentation of this file.
1
18/*
19 * Copyright The Mbed TLS Contributors
20 * SPDX-License-Identifier: Apache-2.0
21 *
22 * Licensed under the Apache License, Version 2.0 (the "License"); you may
23 * not use this file except in compliance with the License.
24 * You may obtain a copy of the License at
25 *
26 * http://www.apache.org/licenses/LICENSE-2.0
27 *
28 * Unless required by applicable law or agreed to in writing, software
29 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
30 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
31 * See the License for the specific language governing permissions and
32 * limitations under the License.
33 */
34#ifndef PSA_CRYPTO_SE_DRIVER_H
35#define PSA_CRYPTO_SE_DRIVER_H
37
39
40#ifdef __cplusplus
41extern "C" {
42#endif
43
56typedef struct {
101 const void *const MBEDTLS_PRIVATE(persistent_data);
102
108 const size_t MBEDTLS_PRIVATE(persistent_data_size);
109
115 uintptr_t MBEDTLS_PRIVATE(transient_data);
117
137 void *persistent_data,
138 psa_key_location_t location);
139
140#if defined(__DOXYGEN_ONLY__) || !defined(MBEDTLS_PSA_CRYPTO_SE_C)
141/* Mbed Crypto with secure element support enabled defines this type in
142 * crypto_types.h because it is also visible to applications through an
143 * implementation-specific extension.
144 * For the PSA Cryptography specification, this type is only visible
145 * via crypto_se_driver.h. */
149typedef uint64_t psa_key_slot_number_t;
150#endif /* __DOXYGEN_ONLY__ || !MBEDTLS_PSA_CRYPTO_SE_C */
151
186 void *op_context,
187 psa_key_slot_number_t key_slot,
188 psa_algorithm_t algorithm);
189
200typedef psa_status_t (*psa_drv_se_mac_update_t)(void *op_context,
201 const uint8_t *p_input,
202 size_t input_length);
203
220typedef psa_status_t (*psa_drv_se_mac_finish_t)(void *op_context,
221 uint8_t *p_mac,
222 size_t mac_size,
223 size_t *p_mac_length);
224
242 const uint8_t *p_mac,
243 size_t mac_length);
244
251typedef psa_status_t (*psa_drv_se_mac_abort_t)(void *op_context);
252
272 const uint8_t *p_input,
273 size_t input_length,
274 psa_key_slot_number_t key_slot,
275 psa_algorithm_t alg,
276 uint8_t *p_mac,
277 size_t mac_size,
278 size_t *p_mac_length);
279
301 const uint8_t *p_input,
302 size_t input_length,
303 psa_key_slot_number_t key_slot,
304 psa_algorithm_t alg,
305 const uint8_t *p_mac,
306 size_t mac_length);
307
323typedef struct {
327 size_t MBEDTLS_PRIVATE(context_size);
392 void *op_context,
393 psa_key_slot_number_t key_slot,
394 psa_algorithm_t algorithm,
395 psa_encrypt_or_decrypt_t direction);
396
412typedef psa_status_t (*psa_drv_se_cipher_set_iv_t)(void *op_context,
413 const uint8_t *p_iv,
414 size_t iv_length);
415
434typedef psa_status_t (*psa_drv_se_cipher_update_t)(void *op_context,
435 const uint8_t *p_input,
436 size_t input_size,
437 uint8_t *p_output,
438 size_t output_size,
439 size_t *p_output_length);
440
455typedef psa_status_t (*psa_drv_se_cipher_finish_t)(void *op_context,
456 uint8_t *p_output,
457 size_t output_size,
458 size_t *p_output_length);
459
466typedef psa_status_t (*psa_drv_se_cipher_abort_t)(void *op_context);
467
492 psa_key_slot_number_t key_slot,
493 psa_algorithm_t algorithm,
494 psa_encrypt_or_decrypt_t direction,
495 const uint8_t *p_input,
496 size_t input_size,
497 uint8_t *p_output,
498 size_t output_size);
499
510typedef struct {
514 size_t MBEDTLS_PRIVATE(context_size);
531
560 psa_key_slot_number_t key_slot,
561 psa_algorithm_t alg,
562 const uint8_t *p_hash,
563 size_t hash_length,
564 uint8_t *p_signature,
565 size_t signature_size,
566 size_t *p_signature_length);
567
586 psa_key_slot_number_t key_slot,
587 psa_algorithm_t alg,
588 const uint8_t *p_hash,
589 size_t hash_length,
590 const uint8_t *p_signature,
591 size_t signature_length);
592
624 psa_key_slot_number_t key_slot,
625 psa_algorithm_t alg,
626 const uint8_t *p_input,
627 size_t input_length,
628 const uint8_t *p_salt,
629 size_t salt_length,
630 uint8_t *p_output,
631 size_t output_size,
632 size_t *p_output_length);
633
664 psa_key_slot_number_t key_slot,
665 psa_algorithm_t alg,
666 const uint8_t *p_input,
667 size_t input_length,
668 const uint8_t *p_salt,
669 size_t salt_length,
670 uint8_t *p_output,
671 size_t output_size,
672 size_t *p_output_length);
673
683typedef struct {
693
737 psa_key_slot_number_t key_slot,
738 psa_algorithm_t algorithm,
739 const uint8_t *p_nonce,
740 size_t nonce_length,
741 const uint8_t *p_additional_data,
742 size_t additional_data_length,
743 const uint8_t *p_plaintext,
744 size_t plaintext_length,
745 uint8_t *p_ciphertext,
746 size_t ciphertext_size,
747 size_t *p_ciphertext_length);
748
779 psa_key_slot_number_t key_slot,
780 psa_algorithm_t algorithm,
781 const uint8_t *p_nonce,
782 size_t nonce_length,
783 const uint8_t *p_additional_data,
784 size_t additional_data_length,
785 const uint8_t *p_ciphertext,
786 size_t ciphertext_length,
787 uint8_t *p_plaintext,
788 size_t plaintext_size,
789 size_t *p_plaintext_length);
790
800typedef struct {
818typedef enum
819{
825#ifndef __DOXYGEN_ONLY__
844#endif
846
912 psa_drv_se_context_t *drv_context,
913 void *persistent_data,
914 const psa_key_attributes_t *attributes,
916 psa_key_slot_number_t *key_slot);
917
958 psa_drv_se_context_t *drv_context,
959 void *persistent_data,
960 const psa_key_attributes_t *attributes,
962 psa_key_slot_number_t key_slot);
963
994 psa_drv_se_context_t *drv_context,
995 psa_key_slot_number_t key_slot,
996 const psa_key_attributes_t *attributes,
997 const uint8_t *data,
998 size_t data_length,
999 size_t *bits);
1000
1020 psa_drv_se_context_t *drv_context,
1021 void *persistent_data,
1022 psa_key_slot_number_t key_slot);
1023
1057 uint8_t *p_data,
1058 size_t data_size,
1059 size_t *p_data_length);
1060
1108 psa_drv_se_context_t *drv_context,
1109 psa_key_slot_number_t key_slot,
1110 const psa_key_attributes_t *attributes,
1111 uint8_t *pubkey, size_t pubkey_size, size_t *pubkey_length);
1112
1122typedef struct {
1138
1203 void *op_context,
1204 psa_algorithm_t kdf_alg,
1205 psa_key_slot_number_t source_key);
1206
1223 uint32_t collateral_id,
1224 const uint8_t *p_collateral,
1225 size_t collateral_size);
1226
1238 psa_key_slot_number_t dest_key);
1239
1252 uint8_t *p_output,
1253 size_t output_size,
1254 size_t *p_output_length);
1255
1265typedef struct {
1267 size_t MBEDTLS_PRIVATE(context_size);
1278
1291typedef struct {
1297 uint32_t MBEDTLS_PRIVATE(hal_version);
1298
1307 size_t MBEDTLS_PRIVATE(persistent_data_size);
1308
1320
1327} psa_drv_se_t;
1328
1331/* 0.0.0 patchlevel 5 */
1332#define PSA_DRV_SE_HAL_VERSION 0x00000005
1333
1387 psa_key_location_t location,
1388 const psa_drv_se_t *methods);
1389
1392#ifdef __cplusplus
1393}
1394#endif
1395
1396#endif /* PSA_CRYPTO_SE_DRIVER_H */
Definitions for all PSA crypto drivers.
psa_encrypt_or_decrypt_t
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: crypto_types.h:138
psa_status_t(* psa_drv_se_key_derivation_export_t)(void *op_context, uint8_t *p_output, size_t output_size, size_t *p_output_length)
A function that performs the final step of a secure element key agreement and place the generated key...
psa_status_t(* psa_drv_se_key_derivation_derive_t)(void *op_context, psa_key_slot_number_t dest_key)
A function that performs the final secure element key derivation step and place the generated key mat...
psa_status_t(* psa_drv_se_key_derivation_collateral_t)(void *op_context, uint32_t collateral_id, const uint8_t *p_collateral, size_t collateral_size)
A function that provides collateral (parameters) needed for a secure element key derivation or key ag...
psa_status_t(* psa_drv_se_key_derivation_setup_t)(psa_drv_se_context_t *drv_context, void *op_context, psa_algorithm_t kdf_alg, psa_key_slot_number_t source_key)
A function that Sets up a secure element key derivation operation by specifying the algorithm and the...
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:63
uint32_t psa_key_location_t
Definition: crypto_types.h:264
psa_status_t(* psa_drv_se_aead_encrypt_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t algorithm, const uint8_t *p_nonce, size_t nonce_length, const uint8_t *p_additional_data, size_t additional_data_length, const uint8_t *p_plaintext, size_t plaintext_length, uint8_t *p_ciphertext, size_t ciphertext_size, size_t *p_ciphertext_length)
A function that performs a secure element authenticated encryption operation.
psa_status_t(* psa_drv_se_aead_decrypt_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t algorithm, const uint8_t *p_nonce, size_t nonce_length, const uint8_t *p_additional_data, size_t additional_data_length, const uint8_t *p_ciphertext, size_t ciphertext_length, uint8_t *p_plaintext, size_t plaintext_size, size_t *p_plaintext_length)
psa_status_t(* psa_drv_se_asymmetric_decrypt_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length)
A function that decrypts a short message with an asymmetric private key in a secure element.
psa_status_t(* psa_drv_se_asymmetric_encrypt_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length)
A function that encrypts a short message with an asymmetric public key in a secure element.
psa_status_t(* psa_drv_se_asymmetric_sign_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, size_t hash_length, uint8_t *p_signature, size_t signature_size, size_t *p_signature_length)
A function that signs a hash or short message with a private key in a secure element.
psa_status_t(* psa_drv_se_asymmetric_verify_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, size_t hash_length, const uint8_t *p_signature, size_t signature_length)
A function that verifies the signature a hash or short message using an asymmetric public key in a se...
psa_status_t(* psa_drv_se_cipher_finish_t)(void *op_context, uint8_t *p_output, size_t output_size, size_t *p_output_length)
A function that completes a previously started secure element cipher operation.
psa_status_t(* psa_drv_se_cipher_abort_t)(void *op_context)
A function that aborts a previously started secure element cipher operation.
psa_status_t(* psa_drv_se_cipher_set_iv_t)(void *op_context, const uint8_t *p_iv, size_t iv_length)
A function that sets the initialization vector (if necessary) for a secure element cipher operation.
psa_status_t(* psa_drv_se_cipher_setup_t)(psa_drv_se_context_t *drv_context, void *op_context, psa_key_slot_number_t key_slot, psa_algorithm_t algorithm, psa_encrypt_or_decrypt_t direction)
A function that provides the cipher setup function for a secure element driver.
psa_status_t(* psa_drv_se_cipher_ecb_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t algorithm, psa_encrypt_or_decrypt_t direction, const uint8_t *p_input, size_t input_size, uint8_t *p_output, size_t output_size)
A function that performs the ECB block mode for secure element cipher operations.
psa_status_t(* psa_drv_se_cipher_update_t)(void *op_context, const uint8_t *p_input, size_t input_size, uint8_t *p_output, size_t output_size, size_t *p_output_length)
A function that continues a previously started secure element cipher operation.
psa_status_t(* psa_drv_se_init_t)(psa_drv_se_context_t *drv_context, void *persistent_data, psa_key_location_t location)
A driver initialization function.
uint64_t psa_key_slot_number_t
psa_status_t(* psa_drv_se_validate_slot_number_t)(psa_drv_se_context_t *drv_context, void *persistent_data, const psa_key_attributes_t *attributes, psa_key_creation_method_t method, psa_key_slot_number_t key_slot)
A function that determines whether a slot number is valid for a key.
psa_status_t(* psa_drv_se_generate_key_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, const psa_key_attributes_t *attributes, uint8_t *pubkey, size_t pubkey_size, size_t *pubkey_length)
A function that generates a symmetric or asymmetric key on a secure element.
psa_status_t(* psa_drv_se_export_key_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key, uint8_t *p_data, size_t data_size, size_t *p_data_length)
A function that exports a secure element key in binary format.
psa_key_creation_method_t
psa_status_t(* psa_drv_se_import_key_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, size_t *bits)
A function that imports a key into a secure element in binary format.
psa_status_t(* psa_drv_se_allocate_key_t)(psa_drv_se_context_t *drv_context, void *persistent_data, const psa_key_attributes_t *attributes, psa_key_creation_method_t method, psa_key_slot_number_t *key_slot)
A function that allocates a slot for a key.
psa_status_t(* psa_drv_se_destroy_key_t)(psa_drv_se_context_t *drv_context, void *persistent_data, psa_key_slot_number_t key_slot)
A function that destroys a secure element key and restore the slot to its default state.
@ PSA_KEY_CREATION_COPY
@ PSA_KEY_CREATION_IMPORT
@ PSA_KEY_CREATION_DERIVE
@ PSA_KEY_CREATION_GENERATE
@ PSA_KEY_CREATION_REGISTER
psa_status_t(* psa_drv_se_mac_setup_t)(psa_drv_se_context_t *drv_context, void *op_context, psa_key_slot_number_t key_slot, psa_algorithm_t algorithm)
A function that starts a secure element MAC operation for a PSA Crypto Driver implementation.
psa_status_t(* psa_drv_se_mac_update_t)(void *op_context, const uint8_t *p_input, size_t input_length)
A function that continues a previously started secure element MAC operation.
psa_status_t(* psa_drv_se_mac_finish_verify_t)(void *op_context, const uint8_t *p_mac, size_t mac_length)
A function that completes a previously started secure element MAC operation by comparing the resultin...
psa_status_t(* psa_drv_se_mac_abort_t)(void *op_context)
A function that aborts a previous started secure element MAC operation.
psa_status_t(* psa_drv_se_mac_verify_t)(psa_drv_se_context_t *drv_context, const uint8_t *p_input, size_t input_length, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_mac, size_t mac_length)
A function that performs a secure element MAC operation in one command and compares the resulting MAC...
psa_status_t(* psa_drv_se_mac_finish_t)(void *op_context, uint8_t *p_mac, size_t mac_size, size_t *p_mac_length)
a function that completes a previously started secure element MAC operation by returning the resultin...
psa_status_t(* psa_drv_se_mac_generate_t)(psa_drv_se_context_t *drv_context, const uint8_t *p_input, size_t input_length, psa_key_slot_number_t key_slot, psa_algorithm_t alg, uint8_t *p_mac, size_t mac_size, size_t *p_mac_length)
A function that performs a secure element MAC operation in one command and returns the calculated MAC...
psa_status_t psa_register_se_driver(psa_key_location_t location, const psa_drv_se_t *methods)
Macro wrapper for struct's members.
#define MBEDTLS_PRIVATE(member)
A struct containing all of the function pointers needed to implement secure element Authenticated Enc...
A struct containing all of the function pointers needed to implement asymmetric cryptographic operati...
A struct containing all of the function pointers needed to implement cipher operations using secure e...
Driver context structure.
A struct containing all of the function pointers needed to for secure element key derivation and agre...
A struct containing all of the function pointers needed to for secure element key management.
A struct containing all of the function pointers needed to perform secure element MAC operations.