Mbed TLS v3.6.0
|
PSA cryptography module: Mbed TLS vendor extensions. More...
Go to the source code of this file.
Data Structures | |
struct | mbedtls_psa_stats_s |
Statistics about resource consumption related to the PSA keystore. More... | |
struct | psa_pake_cipher_suite_s |
struct | psa_crypto_driver_pake_inputs_s |
struct | psa_jpake_computation_stage_s |
struct | psa_pake_operation_s |
Typedefs | |
typedef struct mbedtls_psa_stats_s | mbedtls_psa_stats_t |
Statistics about resource consumption related to the PSA keystore. | |
typedef uint64_t | psa_drv_slot_number_t |
typedef uint8_t | psa_pake_role_t |
Encoding of the application role of PAKE. | |
typedef uint8_t | psa_pake_step_t |
typedef uint8_t | psa_pake_primitive_type_t |
typedef uint8_t | psa_pake_family_t |
Encoding of the family of the primitive associated with the PAKE. | |
typedef uint32_t | psa_pake_primitive_t |
Encoding of the primitive associated with the PAKE. | |
typedef struct psa_pake_cipher_suite_s | psa_pake_cipher_suite_t |
typedef struct psa_pake_operation_s | psa_pake_operation_t |
typedef struct psa_crypto_driver_pake_inputs_s | psa_crypto_driver_pake_inputs_t |
typedef struct psa_jpake_computation_stage_s | psa_jpake_computation_stage_t |
typedef enum psa_crypto_driver_pake_step | psa_crypto_driver_pake_step_t |
typedef enum psa_jpake_round | psa_jpake_round_t |
typedef enum psa_jpake_io_mode | psa_jpake_io_mode_t |
Enumerations | |
enum | psa_crypto_driver_pake_step { PSA_JPAKE_STEP_INVALID = 0 , PSA_JPAKE_X1_STEP_KEY_SHARE = 1 , PSA_JPAKE_X1_STEP_ZK_PUBLIC = 2 , PSA_JPAKE_X1_STEP_ZK_PROOF = 3 , PSA_JPAKE_X2_STEP_KEY_SHARE = 4 , PSA_JPAKE_X2_STEP_ZK_PUBLIC = 5 , PSA_JPAKE_X2_STEP_ZK_PROOF = 6 , PSA_JPAKE_X2S_STEP_KEY_SHARE = 7 , PSA_JPAKE_X2S_STEP_ZK_PUBLIC = 8 , PSA_JPAKE_X2S_STEP_ZK_PROOF = 9 , PSA_JPAKE_X4S_STEP_KEY_SHARE = 10 , PSA_JPAKE_X4S_STEP_ZK_PUBLIC = 11 , PSA_JPAKE_X4S_STEP_ZK_PROOF = 12 } |
enum | psa_jpake_round { PSA_JPAKE_FIRST = 0 , PSA_JPAKE_SECOND = 1 , PSA_JPAKE_FINISHED = 2 } |
enum | psa_jpake_io_mode { PSA_JPAKE_INPUT = 0 , PSA_JPAKE_OUTPUT = 1 } |
PSA cryptography module: Mbed TLS vendor extensions.
This file is reserved for vendor-specific definitions.
Definition in file crypto_extra.h.
#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 |
Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the PSA crypto subsystem.
If this option is unset:
Restrict the PSA library to supporting a maximum amount of simultaneously loaded keys. A loaded key is a key stored by the PSA Crypto core as a volatile key, or a persistent key which is loaded temporarily by the library as part of a crypto operation in flight.
If this option is unset, the library will fall back to a default value of 32 keys.
Definition at line 32 of file crypto_extra.h.
#define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52 |
Definition at line 28 of file crypto_extra.h.
#define PSA_JPAKE_EXPECTED_INPUTS | ( | round | ) |
Definition at line 1830 of file crypto_extra.h.
#define PSA_JPAKE_EXPECTED_OUTPUTS | ( | round | ) |
Definition at line 1832 of file crypto_extra.h.
#define PSA_PAKE_CIPHER_SUITE_INIT { PSA_ALG_NONE, 0, 0, 0, PSA_ALG_NONE } |
Returns a suitable initializer for a PAKE cipher suite object of type psa_pake_cipher_suite_t.
Definition at line 1698 of file crypto_extra.h.
#define PSA_PAKE_INPUT_MAX_SIZE 65 |
Input buffer size for psa_pake_input() for any of the supported PAKE algorithm and primitive suites and input step.
This macro must expand to a compile-time constant integer.
The value of this macro must be at least as large as the largest value returned by PSA_PAKE_INPUT_SIZE()
See also PSA_PAKE_INPUT_SIZE(alg
, primitive
, output_step
).
Definition at line 1693 of file crypto_extra.h.
#define PSA_PAKE_INPUT_SIZE | ( | alg, | |
primitive, | |||
input_step | |||
) |
A sufficient input buffer size for psa_pake_input().
The value returned by this macro is guaranteed to be large enough for any valid input to psa_pake_input() in an operation with the specified parameters.
See also PSA_PAKE_INPUT_MAX_SIZE
alg | A PAKE algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_PAKE(alg ) is true). |
primitive | A primitive of type psa_pake_primitive_t that is compatible with algorithm alg . |
input_step | A value of type psa_pake_step_t that is valid for the algorithm alg . |
Definition at line 1660 of file crypto_extra.h.
#define PSA_PAKE_OPERATION_INIT |
Returns a suitable initializer for a PAKE operation object of type psa_pake_operation_t.
Definition at line 1706 of file crypto_extra.h.
#define PSA_PAKE_OUTPUT_MAX_SIZE 65 |
Output buffer size for psa_pake_output() for any of the supported PAKE algorithm and primitive suites and output step.
This macro must expand to a compile-time constant integer.
The value of this macro must be at least as large as the largest value returned by PSA_PAKE_OUTPUT_SIZE()
See also PSA_PAKE_OUTPUT_SIZE(alg
, primitive
, output_step
).
Definition at line 1681 of file crypto_extra.h.
#define PSA_PAKE_OUTPUT_SIZE | ( | alg, | |
primitive, | |||
output_step | |||
) |
A sufficient output buffer size for psa_pake_output().
If the size of the output buffer is at least this large, it is guaranteed that psa_pake_output() will not fail due to an insufficient output buffer size. The actual size of the output might be smaller in any given call.
See also PSA_PAKE_OUTPUT_MAX_SIZE
alg | A PAKE algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_PAKE(alg ) is true). |
primitive | A primitive of type psa_pake_primitive_t that is compatible with algorithm alg . |
output_step | A value of type psa_pake_step_t that is valid for the algorithm alg . |
Definition at line 1630 of file crypto_extra.h.
typedef struct mbedtls_psa_stats_s mbedtls_psa_stats_t |
Statistics about resource consumption related to the PSA keystore.
typedef enum psa_crypto_driver_pake_step psa_crypto_driver_pake_step_t |
typedef enum psa_jpake_io_mode psa_jpake_io_mode_t |
typedef enum psa_jpake_round psa_jpake_round_t |
Definition at line 1790 of file crypto_extra.h.
enum psa_jpake_io_mode |
Enumerator | |
---|---|
PSA_JPAKE_INPUT | |
PSA_JPAKE_OUTPUT |
Definition at line 1812 of file crypto_extra.h.
enum psa_jpake_round |
Enumerator | |
---|---|
PSA_JPAKE_FIRST | |
PSA_JPAKE_SECOND | |
PSA_JPAKE_FINISHED |
Definition at line 1806 of file crypto_extra.h.
void mbedtls_psa_crypto_free | ( | void | ) |
Library deinitialization.
This function clears all data associated with the PSA layer, including the whole key store. This function is not thread safe, it wipes every key slot regardless of state and reader count. It should only be called when no slot is in use.
This is an Mbed TLS extension.
void mbedtls_psa_get_stats | ( | mbedtls_psa_stats_t * | stats | ) |
Get statistics about resource consumption related to the PSA keystore.
psa_status_t mbedtls_psa_inject_entropy | ( | const uint8_t * | seed, |
size_t | seed_size | ||
) |
Inject an initial entropy seed for the random generator into secure storage.
This function injects data to be used as a seed for the random generator used by the PSA Crypto implementation. On devices that lack a trusted entropy source (preferably a hardware random number generator), the Mbed PSA Crypto implementation uses this value to seed its random generator.
On devices without a trusted entropy source, this function must be called exactly once in the lifetime of the device. On devices with a trusted entropy source, calling this function is optional. In all cases, this function may only be called before calling any other function in the PSA Crypto API, including psa_crypto_init().
When this function returns successfully, it populates a file in persistent storage. Once the file has been created, this function can no longer succeed.
If any error occurs, this function does not change the system state. You can call this function again after correcting the reason for the error if possible.
This is an Mbed TLS extension.
[in] | seed | Buffer containing the seed value to inject. |
[in] | seed_size | Size of the seed buffer. The size of the seed in bytes must be greater or equal to both MBEDTLS_ENTROPY_BLOCK_SIZE and the value of MBEDTLS_ENTROPY_MIN_PLATFORM in library/entropy_poll.h in the Mbed TLS source code. It must be less or equal to MBEDTLS_ENTROPY_MAX_SEED_SIZE. |
PSA_SUCCESS | The seed value was injected successfully. The random generator of the PSA Crypto implementation is now ready for use. You may now call psa_crypto_init() and use the PSA Crypto implementation. |
PSA_ERROR_INVALID_ARGUMENT | seed_size is out of range. |
PSA_ERROR_STORAGE_FAILURE | There was a failure reading or writing from storage. |
PSA_ERROR_NOT_PERMITTED | The library has already been initialized. It is no longer possible to call this function. |