28#ifndef PSA_CRYPTO_EXTRA_H
29#define PSA_CRYPTO_EXTRA_H
42#define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52
45#if !defined(MBEDTLS_PSA_KEY_SLOT_COUNT)
46#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
76 attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) = alg2;
88 return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) );
91#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
142static inline void psa_set_key_slot_number(
147 attributes->MBEDTLS_PRIVATE(slot_number) = slot_number;
156static inline void psa_clear_key_slot_number(
159 attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
342#define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x4002)
360#define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t)0x7002)
363#define PSA_KEY_TYPE_IS_DSA(type) \
364 (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY)
366#define PSA_ALG_DSA_BASE ((psa_algorithm_t)0x06000400)
381#define PSA_ALG_DSA(hash_alg) \
382 (PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
383#define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t)0x06000500)
384#define PSA_ALG_DSA_DETERMINISTIC_FLAG PSA_ALG_ECDSA_DETERMINISTIC_FLAG
399#define PSA_ALG_DETERMINISTIC_DSA(hash_alg) \
400 (PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
401#define PSA_ALG_IS_DSA(alg) \
402 (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == \
404#define PSA_ALG_DSA_IS_DETERMINISTIC(alg) \
405 (((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)
406#define PSA_ALG_IS_DETERMINISTIC_DSA(alg) \
407 (PSA_ALG_IS_DSA(alg) && PSA_ALG_DSA_IS_DETERMINISTIC(alg))
408#define PSA_ALG_IS_RANDOMIZED_DSA(alg) \
409 (PSA_ALG_IS_DSA(alg) && !PSA_ALG_DSA_IS_DETERMINISTIC(alg))
414#undef PSA_ALG_IS_VENDOR_HASH_AND_SIGN
415#define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) \
430#define PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t) 0x7e)
531 size_t *data_length);
558#define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits) \
559 (PSA_KEY_TYPE_IS_RSA(key_type) ? sizeof(int) : \
560 PSA_KEY_TYPE_IS_DH(key_type) ? PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
561 PSA_KEY_TYPE_IS_DSA(key_type) ? PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
563#define PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
564 (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 3 )
565#define PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
566 (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 2 + 34 )
574#if defined(MBEDTLS_ECP_C)
661 int bits_is_sloppy );
670#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
711 mbedtls_psa_external_random_context_t *context,
712 uint8_t *output,
size_t output_size,
size_t *output_length );
732#define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ((psa_key_id_t)0x7fff0000)
739#define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ((psa_key_id_t)0x7fffefff)
747#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
757static inline int psa_key_id_is_builtin(
psa_key_id_t key_id )
819#define PSA_ALG_CATEGORY_PAKE ((psa_algorithm_t)0x0a000000)
830#define PSA_ALG_IS_PAKE(alg) \
831 (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_PAKE)
948#define PSA_ALG_JPAKE ((psa_algorithm_t)0x0a000100)
1007#define PSA_PAKE_ROLE_NONE ((psa_pake_role_t)0x00)
1016#define PSA_PAKE_ROLE_FIRST ((psa_pake_role_t)0x01)
1025#define PSA_PAKE_ROLE_SECOND ((psa_pake_role_t)0x02)
1031#define PSA_PAKE_ROLE_CLIENT ((psa_pake_role_t)0x11)
1037#define PSA_PAKE_ROLE_SERVER ((psa_pake_role_t)0x12)
1057#define PSA_PAKE_PRIMITIVE_TYPE_ECC ((psa_pake_primitive_type_t)0x01)
1077#define PSA_PAKE_PRIMITIVE_TYPE_DH ((psa_pake_primitive_type_t)0x02)
1098#define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits) \
1099 ((pake_bits & 0xFFFF) != pake_bits) ? 0 : \
1100 ((psa_pake_primitive_t) (((pake_type) << 24 | \
1101 (pake_family) << 16) | (pake_bits)))
1115#define PSA_PAKE_STEP_KEY_SHARE ((psa_pake_step_t)0x01)
1132#define PSA_PAKE_STEP_ZK_PUBLIC ((psa_pake_step_t)0x02)
1153#define PSA_PAKE_STEP_ZK_PROOF ((psa_pake_step_t)0x03)
1453 const uint8_t *user_id,
1454 size_t user_id_len );
1495 const uint8_t *peer_id,
1496 size_t peer_id_len );
1598 size_t *output_length );
1651 const uint8_t *input,
1652 size_t input_length );
1763#define PSA_PAKE_OUTPUT_SIZE(alg, primitive, output_step) \
1764 ( alg == PSA_ALG_JPAKE && \
1765 primitive == PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, \
1766 PSA_ECC_FAMILY_SECP_R1, 256) ? \
1768 output_step == PSA_PAKE_STEP_KEY_SHARE ? 65 : \
1769 output_step == PSA_PAKE_STEP_ZK_PUBLIC ? 65 : \
1793#define PSA_PAKE_INPUT_SIZE(alg, primitive, input_step) \
1794 ( alg == PSA_ALG_JPAKE && \
1795 primitive == PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, \
1796 PSA_ECC_FAMILY_SECP_R1, 256) ? \
1798 input_step == PSA_PAKE_STEP_KEY_SHARE ? 65 : \
1799 input_step == PSA_PAKE_STEP_ZK_PUBLIC ? 65 : \
1811#define PSA_PAKE_OUTPUT_MAX_SIZE 65
1820#define PSA_PAKE_INPUT_MAX_SIZE 65
1825#define PSA_PAKE_CIPHER_SUITE_INIT {PSA_ALG_NONE, 0, 0, 0, PSA_ALG_NONE}
1830#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
1831#define PSA_PAKE_OPERATION_INIT {PSA_ALG_NONE, 0, 0, 0, 0, \
1833 PSA_PAKE_ROLE_NONE, {0}, 0, 0, \
1836#define PSA_PAKE_OPERATION_INIT {PSA_ALG_NONE, 0, 0, {0}}
1868 cipher_suite->
bits ) );
1877 cipher_suite->
bits = (uint16_t) (0xFFFF & primitive);
1883 return( cipher_suite->
family );
1889 return( cipher_suite->
bits );
1895 return( cipher_suite->
hash );
1902 cipher_suite->
hash = 0;
1904 cipher_suite->
hash = hash;
1907#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
1912#define MBEDTLS_PSA_PAKE_BUFFER_SIZE ( ( 3 + 1 + 65 + 1 + 65 + 1 + 32 ) * 2 )
1920#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
1932#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
PSA cryptography module: Backward compatibility aliases.
#define MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER
PSA cryptography module: type aliases.
This file provides an API for Elliptic Curves over GF(P) (ECP).
@ MBEDTLS_ECP_DP_SECP192K1
@ MBEDTLS_ECP_DP_SECP384R1
@ MBEDTLS_ECP_DP_CURVE448
@ MBEDTLS_ECP_DP_CURVE25519
@ MBEDTLS_ECP_DP_SECP256K1
@ MBEDTLS_ECP_DP_SECP224R1
@ MBEDTLS_ECP_DP_SECP521R1
@ MBEDTLS_ECP_DP_SECP224K1
@ MBEDTLS_ECP_DP_SECP192R1
@ MBEDTLS_ECP_DP_SECP256R1
static psa_algorithm_t psa_get_key_enrollment_algorithm(const psa_key_attributes_t *attributes)
psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, psa_key_type_t type, const uint8_t *data, size_t data_length)
Set domain parameters for a key.
psa_status_t psa_get_key_domain_parameters(const psa_key_attributes_t *attributes, uint8_t *data, size_t data_size, size_t *data_length)
Get domain parameters for a key.
static void psa_set_key_enrollment_algorithm(psa_key_attributes_t *attributes, psa_algorithm_t alg2)
Declare the enrollment algorithm for a key.
#define PSA_ECC_FAMILY_MONTGOMERY
#define PSA_ECC_FAMILY_SECP_R1
#define PSA_ECC_FAMILY_SECP_K1
uint16_t psa_key_type_t
Encoding of a key type.
#define PSA_ALG_IS_PAKE(alg)
#define PSA_ECC_FAMILY_BRAINPOOL_P_R1
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
#define PSA_ALG_IS_HASH(alg)
int32_t psa_status_t
Function return status.
uint32_t psa_key_lifetime_t
psa_key_id_t mbedtls_svc_key_id_t
static uint16_t psa_pake_cs_get_bits(const psa_pake_cipher_suite_t *cipher_suite)
psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, mbedtls_svc_key_id_t password)
static psa_pake_primitive_t psa_pake_cs_get_primitive(const psa_pake_cipher_suite_t *cipher_suite)
psa_status_t psa_pake_abort(psa_pake_operation_t *operation)
psa_status_t psa_pake_input(psa_pake_operation_t *operation, psa_pake_step_t step, const uint8_t *input, size_t input_length)
uint32_t psa_pake_primitive_t
Encoding of the primitive associated with the PAKE.
static void psa_pake_cs_set_hash(psa_pake_cipher_suite_t *cipher_suite, psa_algorithm_t hash)
psa_status_t psa_pake_setup(psa_pake_operation_t *operation, const psa_pake_cipher_suite_t *cipher_suite)
psa_status_t psa_pake_output(psa_pake_operation_t *operation, psa_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length)
psa_status_t psa_pake_set_user(psa_pake_operation_t *operation, const uint8_t *user_id, size_t user_id_len)
static void psa_pake_cs_set_primitive(psa_pake_cipher_suite_t *cipher_suite, psa_pake_primitive_t primitive)
static psa_pake_cipher_suite_t psa_pake_cipher_suite_init(void)
static void psa_pake_cs_set_algorithm(psa_pake_cipher_suite_t *cipher_suite, psa_algorithm_t algorithm)
uint8_t psa_pake_role_t
Encoding of the application role of PAKE.
static psa_pake_family_t psa_pake_cs_get_family(const psa_pake_cipher_suite_t *cipher_suite)
psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation, const uint8_t *peer_id, size_t peer_id_len)
static psa_pake_operation_t psa_pake_operation_init(void)
uint8_t psa_pake_primitive_type_t
psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation, psa_key_derivation_operation_t *output)
uint8_t psa_pake_family_t
Encoding of the family of the primitive associated with the PAKE.
static psa_algorithm_t psa_pake_cs_get_algorithm(const psa_pake_cipher_suite_t *cipher_suite)
#define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits)
psa_status_t psa_pake_set_role(psa_pake_operation_t *operation, psa_pake_role_t role)
static psa_algorithm_t psa_pake_cs_get_hash(const psa_pake_cipher_suite_t *cipher_suite)
#define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX
uint64_t psa_drv_slot_number_t
#define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN
static psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, size_t *bits)
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, size_t bits, int bits_is_sloppy)
uint64_t psa_key_slot_number_t
Macro wrapper for struct's members.
#define MBEDTLS_PRIVATE(member)
Statistics about resource consumption related to the PSA keystore.
psa_algorithm_t algorithm
psa_pake_primitive_type_t type
mbedtls_ecjpake_context ecjpake