mbed TLS v3.3.0
Loading...
Searching...
No Matches
crypto.h
Go to the documentation of this file.
1
5/*
6 * Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 */
21
22#ifndef PSA_CRYPTO_H
23#define PSA_CRYPTO_H
24
25#include "crypto_platform.h"
26
27#include <stddef.h>
28
29#ifdef __DOXYGEN_ONLY__
30/* This __DOXYGEN_ONLY__ block contains mock definitions for things that
31 * must be defined in the crypto_platform.h header. These mock definitions
32 * are present in this file as a convenience to generate pretty-printed
33 * documentation that includes those definitions. */
34
40#endif /* __DOXYGEN_ONLY__ */
41
42#ifdef __cplusplus
43extern "C" {
44#endif
45
46/* The file "crypto_types.h" declares types that encode errors,
47 * algorithms, key types, policies, etc. */
48#include "crypto_types.h"
49
57#define PSA_CRYPTO_API_VERSION_MAJOR 1
58
62#define PSA_CRYPTO_API_VERSION_MINOR 0
63
66/* The file "crypto_values.h" declares macros to build and analyze values
67 * of integral types defined in "crypto_types.h". */
68#include "crypto_values.h"
69
103
119
140static void psa_set_key_id( psa_key_attributes_t *attributes,
142
143#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
158static void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes,
159 mbedtls_key_owner_id_t owner );
160#endif
161
188 psa_key_lifetime_t lifetime);
189
203 const psa_key_attributes_t *attributes);
204
216 const psa_key_attributes_t *attributes);
217
235 psa_key_usage_t usage_flags);
236
248 const psa_key_attributes_t *attributes);
249
281 psa_algorithm_t alg);
282
283
295 const psa_key_attributes_t *attributes);
296
312 psa_key_type_t type);
313
314
330 size_t bits);
331
343
354static size_t psa_get_key_bits(const psa_key_attributes_t *attributes);
355
385 psa_key_attributes_t *attributes);
386
400
429
519 const psa_key_attributes_t *attributes,
520 mbedtls_svc_key_id_t *target_key);
521
522
569
648 const uint8_t *data,
649 size_t data_length,
651
652
653
743 uint8_t *data,
744 size_t data_size,
745 size_t *data_length);
746
818 uint8_t *data,
819 size_t data_size,
820 size_t *data_length);
821
822
823
862 const uint8_t *input,
863 size_t input_length,
864 uint8_t *hash,
865 size_t hash_size,
866 size_t *hash_length);
867
897 const uint8_t *input,
898 size_t input_length,
899 const uint8_t *hash,
900 size_t hash_length);
901
931
941
991 psa_algorithm_t alg);
992
1017 const uint8_t *input,
1018 size_t input_length);
1019
1063 uint8_t *hash,
1064 size_t hash_size,
1065 size_t *hash_length);
1066
1104 const uint8_t *hash,
1105 size_t hash_length);
1106
1133
1162 psa_hash_operation_t *target_operation);
1163
1213 psa_algorithm_t alg,
1214 const uint8_t *input,
1215 size_t input_length,
1216 uint8_t *mac,
1217 size_t mac_size,
1218 size_t *mac_length);
1219
1254 psa_algorithm_t alg,
1255 const uint8_t *input,
1256 size_t input_length,
1257 const uint8_t *mac,
1258 size_t mac_length);
1259
1290
1300
1361 psa_algorithm_t alg);
1362
1423 psa_algorithm_t alg);
1424
1452 const uint8_t *input,
1453 size_t input_length);
1454
1501 uint8_t *mac,
1502 size_t mac_size,
1503 size_t *mac_length);
1504
1544 const uint8_t *mac,
1545 size_t mac_length);
1546
1573
1620 psa_algorithm_t alg,
1621 const uint8_t *input,
1622 size_t input_length,
1623 uint8_t *output,
1624 size_t output_size,
1625 size_t *output_length);
1626
1667 psa_algorithm_t alg,
1668 const uint8_t *input,
1669 size_t input_length,
1670 uint8_t *output,
1671 size_t output_size,
1672 size_t *output_length);
1673
1703
1713
1775 psa_algorithm_t alg);
1776
1838 psa_algorithm_t alg);
1839
1875 uint8_t *iv,
1876 size_t iv_size,
1877 size_t *iv_length);
1878
1916 const uint8_t *iv,
1917 size_t iv_length);
1918
1957 const uint8_t *input,
1958 size_t input_length,
1959 uint8_t *output,
1960 size_t output_size,
1961 size_t *output_length);
1962
2009 uint8_t *output,
2010 size_t output_size,
2011 size_t *output_length);
2012
2039
2108 psa_algorithm_t alg,
2109 const uint8_t *nonce,
2110 size_t nonce_length,
2111 const uint8_t *additional_data,
2112 size_t additional_data_length,
2113 const uint8_t *plaintext,
2114 size_t plaintext_length,
2115 uint8_t *ciphertext,
2116 size_t ciphertext_size,
2117 size_t *ciphertext_length);
2118
2181 psa_algorithm_t alg,
2182 const uint8_t *nonce,
2183 size_t nonce_length,
2184 const uint8_t *additional_data,
2185 size_t additional_data_length,
2186 const uint8_t *ciphertext,
2187 size_t ciphertext_length,
2188 uint8_t *plaintext,
2189 size_t plaintext_size,
2190 size_t *plaintext_length);
2191
2221
2231
2300 psa_algorithm_t alg);
2301
2366 psa_algorithm_t alg);
2367
2404 uint8_t *nonce,
2405 size_t nonce_size,
2406 size_t *nonce_length);
2407
2444 const uint8_t *nonce,
2445 size_t nonce_length);
2446
2489 size_t ad_length,
2490 size_t plaintext_length);
2491
2537 const uint8_t *input,
2538 size_t input_length);
2539
2621 const uint8_t *input,
2622 size_t input_length,
2623 uint8_t *output,
2624 size_t output_size,
2625 size_t *output_length);
2626
2707 uint8_t *ciphertext,
2708 size_t ciphertext_size,
2709 size_t *ciphertext_length,
2710 uint8_t *tag,
2711 size_t tag_size,
2712 size_t *tag_length);
2713
2790 uint8_t *plaintext,
2791 size_t plaintext_size,
2792 size_t *plaintext_length,
2793 const uint8_t *tag,
2794 size_t tag_length);
2795
2822
2888 psa_algorithm_t alg,
2889 const uint8_t * input,
2890 size_t input_length,
2891 uint8_t * signature,
2892 size_t signature_size,
2893 size_t * signature_length );
2894
2940 psa_algorithm_t alg,
2941 const uint8_t * input,
2942 size_t input_length,
2943 const uint8_t * signature,
2944 size_t signature_length );
2945
2993 psa_algorithm_t alg,
2994 const uint8_t *hash,
2995 size_t hash_length,
2996 uint8_t *signature,
2997 size_t signature_size,
2998 size_t *signature_length);
2999
3044 psa_algorithm_t alg,
3045 const uint8_t *hash,
3046 size_t hash_length,
3047 const uint8_t *signature,
3048 size_t signature_length);
3049
3102 psa_algorithm_t alg,
3103 const uint8_t *input,
3104 size_t input_length,
3105 const uint8_t *salt,
3106 size_t salt_length,
3107 uint8_t *output,
3108 size_t output_size,
3109 size_t *output_length);
3110
3163 psa_algorithm_t alg,
3164 const uint8_t *input,
3165 size_t input_length,
3166 const uint8_t *salt,
3167 size_t salt_length,
3168 uint8_t *output,
3169 size_t output_size,
3170 size_t *output_length);
3171
3208
3218
3279 psa_algorithm_t alg);
3280
3301 const psa_key_derivation_operation_t *operation,
3302 size_t *capacity);
3303
3330 size_t capacity);
3331
3339#define PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ((size_t)(-1))
3340
3384 const uint8_t *data,
3385 size_t data_length);
3386
3427 uint64_t value);
3428
3495
3562 mbedtls_svc_key_id_t private_key,
3563 const uint8_t *peer_key,
3564 size_t peer_key_length);
3565
3608 uint8_t *output,
3609 size_t output_length);
3610
3757 const psa_key_attributes_t *attributes,
3760
3816 const uint8_t *expected_output,
3817 size_t output_length);
3818
3880 psa_key_id_t expected);
3881
3907
3959 mbedtls_svc_key_id_t private_key,
3960 const uint8_t *peer_key,
3961 size_t peer_key_length,
3962 uint8_t *output,
3963 size_t output_size,
3964 size_t *output_length);
3965
3997 size_t output_size);
3998
4045
4048#ifdef __cplusplus
4049}
4050#endif
4051
4052/* The file "crypto_sizes.h" contains definitions for size calculation
4053 * macros whose definitions are implementation-specific. */
4054#include "crypto_sizes.h"
4055
4056/* The file "crypto_struct.h" contains definitions for
4057 * implementation-specific structs that are declared above. */
4058#include "crypto_struct.h"
4059
4060/* The file "crypto_extra.h" contains vendor-specific definitions. This
4061 * can include vendor-defined algorithms, extra functions, etc. */
4062#include "crypto_extra.h"
4063
4064#endif /* PSA_CRYPTO_H */
PSA cryptography module: Mbed TLS vendor extensions.
PSA cryptography module: Mbed TLS platform definitions.
PSA cryptography module: Mbed TLS buffer size macros.
PSA cryptography module: Mbed TLS structured type implementations.
PSA cryptography module: type aliases.
PSA cryptography module: macros to build and analyze integer values.
psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg)
psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg)
static psa_mac_operation_t psa_mac_operation_init(void)
psa_status_t psa_mac_update(psa_mac_operation_t *operation, const uint8_t *input, size_t input_length)
psa_status_t psa_mac_compute(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *mac, size_t mac_size, size_t *mac_length)
psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation, uint8_t *mac, size_t mac_size, size_t *mac_length)
psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation, const uint8_t *mac, size_t mac_length)
psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *mac, size_t mac_length)
psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg)
static psa_aead_operation_t psa_aead_operation_init(void)
psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation, uint8_t *nonce, size_t nonce_size, size_t *nonce_length)
psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation, const uint8_t *nonce, size_t nonce_length)
psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation, const uint8_t *input, size_t input_length)
psa_status_t psa_aead_finish(psa_aead_operation_t *operation, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length, uint8_t *tag, size_t tag_size, size_t *tag_length)
psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg)
psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation, size_t ad_length, size_t plaintext_length)
psa_status_t psa_aead_verify(psa_aead_operation_t *operation, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length, const uint8_t *tag, size_t tag_length)
psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *plaintext, size_t plaintext_length, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length)
psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length)
psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
psa_status_t psa_aead_update(psa_aead_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length)
psa_status_t psa_verify_message(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *signature, size_t signature_length)
Verify the signature of a message with a public key, using a hash-and-sign verification algorithm.
psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length)
Decrypt a short message with a private key.
psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length)
Sign a hash or short message with a private key.
psa_status_t psa_sign_message(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *signature, size_t signature_size, size_t *signature_length)
Sign a message with a private key. For hash-and-sign algorithms, this includes the hashing step.
psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length)
Encrypt a short message with a public key.
psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length)
Verify the signature of a hash or short message using a public key.
static psa_key_attributes_t psa_key_attributes_init(void)
void psa_reset_key_attributes(psa_key_attributes_t *attributes)
static void psa_set_key_usage_flags(psa_key_attributes_t *attributes, psa_key_usage_t usage_flags)
static size_t psa_get_key_bits(const psa_key_attributes_t *attributes)
static void psa_set_key_type(psa_key_attributes_t *attributes, psa_key_type_t type)
static psa_key_lifetime_t psa_get_key_lifetime(const psa_key_attributes_t *attributes)
static psa_key_usage_t psa_get_key_usage_flags(const psa_key_attributes_t *attributes)
static void psa_set_key_lifetime(psa_key_attributes_t *attributes, psa_key_lifetime_t lifetime)
static psa_algorithm_t psa_get_key_algorithm(const psa_key_attributes_t *attributes)
psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key, psa_key_attributes_t *attributes)
static void psa_set_key_id(psa_key_attributes_t *attributes, mbedtls_svc_key_id_t key)
static psa_key_type_t psa_get_key_type(const psa_key_attributes_t *attributes)
static void psa_set_key_algorithm(psa_key_attributes_t *attributes, psa_algorithm_t alg)
static void psa_set_key_bits(psa_key_attributes_t *attributes, size_t bits)
static mbedtls_svc_key_id_t psa_get_key_id(const psa_key_attributes_t *attributes)
static psa_cipher_operation_t psa_cipher_operation_init(void)
psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length)
psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, uint8_t *iv, size_t iv_size, size_t *iv_length)
psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg)
psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length)
psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length)
psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg)
psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length)
psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length)
uint16_t psa_key_type_t
Encoding of a key type.
Definition: crypto_types.h:82
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: crypto_types.h:138
uint16_t psa_key_derivation_step_t
Encoding of the step of a key derivation.
Definition: crypto_types.h:461
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:63
psa_status_t psa_hash_compare(psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *hash, size_t hash_length)
psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, psa_hash_operation_t *target_operation)
psa_status_t psa_hash_finish(psa_hash_operation_t *operation, uint8_t *hash, size_t hash_size, size_t *hash_length)
static psa_hash_operation_t psa_hash_operation_init(void)
psa_status_t psa_hash_update(psa_hash_operation_t *operation, const uint8_t *input, size_t input_length)
psa_status_t psa_hash_verify(psa_hash_operation_t *operation, const uint8_t *hash, size_t hash_length)
psa_status_t psa_hash_setup(psa_hash_operation_t *operation, psa_algorithm_t alg)
psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
psa_status_t psa_hash_compute(psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *hash, size_t hash_size, size_t *hash_length)
psa_status_t psa_import_key(const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, mbedtls_svc_key_id_t *key)
Import a key in binary format.
psa_status_t psa_export_key(mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size, size_t *data_length)
Export a key in binary format.
psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size, size_t *data_length)
Export a public key or the public part of a key pair in binary format.
psa_status_t psa_crypto_init(void)
Library initialization.
psa_status_t psa_key_derivation_output_bytes(psa_key_derivation_operation_t *operation, uint8_t *output, size_t output_length)
psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, mbedtls_svc_key_id_t private_key, const uint8_t *peer_key, size_t peer_key_length, uint8_t *output, size_t output_size, size_t *output_length)
psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, mbedtls_svc_key_id_t private_key, const uint8_t *peer_key, size_t peer_key_length)
psa_status_t psa_key_derivation_set_capacity(psa_key_derivation_operation_t *operation, size_t capacity)
static psa_key_derivation_operation_t psa_key_derivation_operation_init(void)
psa_status_t psa_key_derivation_input_bytes(psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, const uint8_t *data, size_t data_length)
psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation)
psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *operation, size_t *capacity)
psa_status_t psa_key_derivation_input_key(psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, mbedtls_svc_key_id_t key)
psa_status_t psa_key_derivation_verify_key(psa_key_derivation_operation_t *operation, psa_key_id_t expected)
psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation, psa_algorithm_t alg)
psa_status_t psa_key_derivation_input_integer(psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, uint64_t value)
psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attributes, psa_key_derivation_operation_t *operation, mbedtls_svc_key_id_t *key)
psa_status_t psa_key_derivation_verify_bytes(psa_key_derivation_operation_t *operation, const uint8_t *expected_output, size_t output_length)
uint32_t psa_key_id_t
Definition: crypto_types.h:279
uint32_t psa_key_lifetime_t
Definition: crypto_types.h:187
psa_key_id_t mbedtls_svc_key_id_t
Definition: crypto_types.h:296
psa_status_t psa_purge_key(mbedtls_svc_key_id_t key)
psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key)
Destroy a key.
psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key, const psa_key_attributes_t *attributes, mbedtls_svc_key_id_t *target_key)
uint32_t psa_key_usage_t
Encoding of permitted usage on a key.
Definition: crypto_types.h:328
psa_status_t psa_generate_random(uint8_t *output, size_t output_size)
Generate random bytes.
psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, mbedtls_svc_key_id_t *key)
Generate a key or key pair.