Mbed TLS v2.28.9
Loading...
Searching...
No Matches
crypto_values.h
Go to the documentation of this file.
1
22/*
23 * Copyright The Mbed TLS Contributors
24 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
25 */
26
27#ifndef PSA_CRYPTO_VALUES_H
28#define PSA_CRYPTO_VALUES_H
29
34/* PSA error codes */
35
36/* Error codes are standardized across PSA domains (framework, crypto, storage,
37 * etc.). Do not change the values in this section or even the expansions
38 * of each macro: it must be possible to `#include` both this header
39 * and some other PSA component's headers in the same C source,
40 * which will lead to duplicate definitions of the `PSA_SUCCESS` and
41 * `PSA_ERROR_xxx` macros, which is ok if and only if the macros expand
42 * to the same sequence of tokens.
43 *
44 * If you must add a new
45 * value, check with the Arm PSA framework group to pick one that other
46 * domains aren't already using. */
47
48/* Tell uncrustify not to touch the constant definitions, otherwise
49 * it might change the spacing to something that is not PSA-compliant
50 * (e.g. adding a space after casts).
51 *
52 * *INDENT-OFF*
53 */
54
56#define PSA_SUCCESS ((psa_status_t)0)
57
63#define PSA_ERROR_GENERIC_ERROR ((psa_status_t)-132)
64
72#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134)
73
85#define PSA_ERROR_NOT_PERMITTED ((psa_status_t)-133)
86
97#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)-138)
98
103#define PSA_ERROR_ALREADY_EXISTS ((psa_status_t)-139)
104
109#define PSA_ERROR_DOES_NOT_EXIST ((psa_status_t)-140)
110
125#define PSA_ERROR_BAD_STATE ((psa_status_t)-137)
126
136#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135)
137
142#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141)
143
151#define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)-142)
152
168#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)-145)
169
193#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)-146)
194
199#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)-147)
200
230#define PSA_ERROR_CORRUPTION_DETECTED ((psa_status_t)-151)
231
249#define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)-148)
250
259#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149)
260
275#define PSA_ERROR_INVALID_PADDING ((psa_status_t)-150)
276
279#define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143)
280
283#define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136)
284
307#define PSA_ERROR_DATA_CORRUPT ((psa_status_t)-152)
308
323#define PSA_ERROR_DATA_INVALID ((psa_status_t)-153)
324
325/* *INDENT-ON* */
326
333/* Note that key type values, including ECC family and DH group values, are
334 * embedded in the persistent key store, as part of key metadata. As a
335 * consequence, they must not be changed (unless the storage format version
336 * changes).
337 */
338
343#define PSA_KEY_TYPE_NONE ((psa_key_type_t) 0x0000)
344
352#define PSA_KEY_TYPE_VENDOR_FLAG ((psa_key_type_t) 0x8000)
353
354#define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t) 0x7000)
355#define PSA_KEY_TYPE_CATEGORY_RAW ((psa_key_type_t) 0x1000)
356#define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t) 0x2000)
357#define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY ((psa_key_type_t) 0x4000)
358#define PSA_KEY_TYPE_CATEGORY_KEY_PAIR ((psa_key_type_t) 0x7000)
359
360#define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR ((psa_key_type_t) 0x3000)
361
366#define PSA_KEY_TYPE_IS_VENDOR_DEFINED(type) \
367 (((type) & PSA_KEY_TYPE_VENDOR_FLAG) != 0)
368
373#define PSA_KEY_TYPE_IS_UNSTRUCTURED(type) \
374 (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_RAW || \
375 ((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC)
376
378#define PSA_KEY_TYPE_IS_ASYMMETRIC(type) \
379 (((type) & PSA_KEY_TYPE_CATEGORY_MASK \
380 & ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR) == \
381 PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)
383#define PSA_KEY_TYPE_IS_PUBLIC_KEY(type) \
384 (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)
387#define PSA_KEY_TYPE_IS_KEY_PAIR(type) \
388 (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_KEY_PAIR)
399#define PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(type) \
400 ((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
411#define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) \
412 ((type) & ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
413
418#define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t) 0x1001)
419
428#define PSA_KEY_TYPE_HMAC ((psa_key_type_t) 0x1100)
429
435#define PSA_KEY_TYPE_DERIVE ((psa_key_type_t) 0x1200)
436
442#define PSA_KEY_TYPE_AES ((psa_key_type_t) 0x2400)
443
446#define PSA_KEY_TYPE_ARIA ((psa_key_type_t) 0x2406)
447
457#define PSA_KEY_TYPE_DES ((psa_key_type_t) 0x2301)
458
461#define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t) 0x2403)
462
467#define PSA_KEY_TYPE_ARC4 ((psa_key_type_t) 0x2002)
468
476#define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t) 0x2004)
477
482#define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t) 0x4001)
487#define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t) 0x7001)
489#define PSA_KEY_TYPE_IS_RSA(type) \
490 (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)
491
492#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t) 0x4100)
493#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t) 0x7100)
494#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t) 0x00ff)
504#define PSA_KEY_TYPE_ECC_KEY_PAIR(curve) \
505 (PSA_KEY_TYPE_ECC_KEY_PAIR_BASE | (curve))
515#define PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve) \
516 (PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))
517
519#define PSA_KEY_TYPE_IS_ECC(type) \
520 ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \
521 ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)
523#define PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type) \
524 (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
525 PSA_KEY_TYPE_ECC_KEY_PAIR_BASE)
527#define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type) \
528 (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
529 PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)
530
532#define PSA_KEY_TYPE_ECC_GET_FAMILY(type) \
533 ((psa_ecc_family_t) (PSA_KEY_TYPE_IS_ECC(type) ? \
534 ((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
535 0))
536
549#define PSA_ECC_FAMILY_SECP_K1 ((psa_ecc_family_t) 0x17)
550
559#define PSA_ECC_FAMILY_SECP_R1 ((psa_ecc_family_t) 0x12)
560/* SECP160R2 (SEC2 v1, obsolete, not supported in Mbed TLS) */
561#define PSA_ECC_FAMILY_SECP_R2 ((psa_ecc_family_t) 0x1b)
562
573#define PSA_ECC_FAMILY_SECT_K1 ((psa_ecc_family_t) 0x27)
574
585#define PSA_ECC_FAMILY_SECT_R1 ((psa_ecc_family_t) 0x22)
586
597#define PSA_ECC_FAMILY_SECT_R2 ((psa_ecc_family_t) 0x2b)
598
609#define PSA_ECC_FAMILY_BRAINPOOL_P_R1 ((psa_ecc_family_t) 0x30)
610
621#define PSA_ECC_FAMILY_MONTGOMERY ((psa_ecc_family_t) 0x41)
622
639#define PSA_ECC_FAMILY_TWISTED_EDWARDS ((psa_ecc_family_t) 0x42)
640
641#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t) 0x4200)
642#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t) 0x7200)
643#define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t) 0x00ff)
649#define PSA_KEY_TYPE_DH_KEY_PAIR(group) \
650 (PSA_KEY_TYPE_DH_KEY_PAIR_BASE | (group))
656#define PSA_KEY_TYPE_DH_PUBLIC_KEY(group) \
657 (PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE | (group))
658
660#define PSA_KEY_TYPE_IS_DH(type) \
661 ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \
662 ~PSA_KEY_TYPE_DH_GROUP_MASK) == PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE)
664#define PSA_KEY_TYPE_IS_DH_KEY_PAIR(type) \
665 (((type) & ~PSA_KEY_TYPE_DH_GROUP_MASK) == \
666 PSA_KEY_TYPE_DH_KEY_PAIR_BASE)
668#define PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) \
669 (((type) & ~PSA_KEY_TYPE_DH_GROUP_MASK) == \
670 PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE)
671
673#define PSA_KEY_TYPE_DH_GET_FAMILY(type) \
674 ((psa_dh_family_t) (PSA_KEY_TYPE_IS_DH(type) ? \
675 ((type) & PSA_KEY_TYPE_DH_GROUP_MASK) : \
676 0))
677
684#define PSA_DH_FAMILY_RFC7919 ((psa_dh_family_t) 0x03)
685
686#define PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) \
687 (((type) >> 8) & 7)
706#define PSA_BLOCK_CIPHER_BLOCK_LENGTH(type) \
707 (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
708 1u << PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) : \
709 0u)
710
711/* Note that algorithm values are embedded in the persistent key store,
712 * as part of key metadata. As a consequence, they must not be changed
713 * (unless the storage format version changes).
714 */
715
723#define PSA_ALG_VENDOR_FLAG ((psa_algorithm_t) 0x80000000)
724
725#define PSA_ALG_CATEGORY_MASK ((psa_algorithm_t) 0x7f000000)
726#define PSA_ALG_CATEGORY_HASH ((psa_algorithm_t) 0x02000000)
727#define PSA_ALG_CATEGORY_MAC ((psa_algorithm_t) 0x03000000)
728#define PSA_ALG_CATEGORY_CIPHER ((psa_algorithm_t) 0x04000000)
729#define PSA_ALG_CATEGORY_AEAD ((psa_algorithm_t) 0x05000000)
730#define PSA_ALG_CATEGORY_SIGN ((psa_algorithm_t) 0x06000000)
731#define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION ((psa_algorithm_t) 0x07000000)
732#define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t) 0x08000000)
733#define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t) 0x09000000)
734
739#define PSA_ALG_IS_VENDOR_DEFINED(alg) \
740 (((alg) & PSA_ALG_VENDOR_FLAG) != 0)
741
750#define PSA_ALG_IS_HASH(alg) \
751 (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_HASH)
752
761#define PSA_ALG_IS_MAC(alg) \
762 (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_MAC)
763
772#define PSA_ALG_IS_CIPHER(alg) \
773 (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_CIPHER)
774
784#define PSA_ALG_IS_AEAD(alg) \
785 (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_AEAD)
786
796#define PSA_ALG_IS_SIGN(alg) \
797 (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_SIGN)
798
808#define PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg) \
809 (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION)
810
819#define PSA_ALG_IS_KEY_AGREEMENT(alg) \
820 (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_AGREEMENT)
821
830#define PSA_ALG_IS_KEY_DERIVATION(alg) \
831 (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_DERIVATION)
832
834/* *INDENT-OFF* (https://github.com/ARM-software/psa-arch-tests/issues/337) */
835#define PSA_ALG_NONE ((psa_algorithm_t)0)
836/* *INDENT-ON* */
837
838#define PSA_ALG_HASH_MASK ((psa_algorithm_t) 0x000000ff)
840#define PSA_ALG_MD2 ((psa_algorithm_t) 0x02000001)
842#define PSA_ALG_MD4 ((psa_algorithm_t) 0x02000002)
844#define PSA_ALG_MD5 ((psa_algorithm_t) 0x02000003)
846#define PSA_ALG_RIPEMD160 ((psa_algorithm_t) 0x02000004)
848#define PSA_ALG_SHA_1 ((psa_algorithm_t) 0x02000005)
850#define PSA_ALG_SHA_224 ((psa_algorithm_t) 0x02000008)
852#define PSA_ALG_SHA_256 ((psa_algorithm_t) 0x02000009)
854#define PSA_ALG_SHA_384 ((psa_algorithm_t) 0x0200000a)
856#define PSA_ALG_SHA_512 ((psa_algorithm_t) 0x0200000b)
858#define PSA_ALG_SHA_512_224 ((psa_algorithm_t) 0x0200000c)
860#define PSA_ALG_SHA_512_256 ((psa_algorithm_t) 0x0200000d)
862#define PSA_ALG_SHA3_224 ((psa_algorithm_t) 0x02000010)
864#define PSA_ALG_SHA3_256 ((psa_algorithm_t) 0x02000011)
866#define PSA_ALG_SHA3_384 ((psa_algorithm_t) 0x02000012)
868#define PSA_ALG_SHA3_512 ((psa_algorithm_t) 0x02000013)
875#define PSA_ALG_SHAKE256_512 ((psa_algorithm_t) 0x02000015)
876
910#define PSA_ALG_ANY_HASH ((psa_algorithm_t) 0x020000ff)
911
912#define PSA_ALG_MAC_SUBCATEGORY_MASK ((psa_algorithm_t) 0x00c00000)
913#define PSA_ALG_HMAC_BASE ((psa_algorithm_t) 0x03800000)
925#define PSA_ALG_HMAC(hash_alg) \
926 (PSA_ALG_HMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
927
928#define PSA_ALG_HMAC_GET_HASH(hmac_alg) \
929 (PSA_ALG_CATEGORY_HASH | ((hmac_alg) & PSA_ALG_HASH_MASK))
930
941#define PSA_ALG_IS_HMAC(alg) \
942 (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \
943 PSA_ALG_HMAC_BASE)
944
945/* In the encoding of a MAC algorithm, the bits corresponding to
946 * PSA_ALG_MAC_TRUNCATION_MASK encode the length to which the MAC is
947 * truncated. As an exception, the value 0 means the untruncated algorithm,
948 * whatever its length is. The length is encoded in 6 bits, so it can
949 * reach up to 63; the largest MAC is 64 bytes so its trivial truncation
950 * to full length is correctly encoded as 0 and any non-trivial truncation
951 * is correctly encoded as a value between 1 and 63. */
952#define PSA_ALG_MAC_TRUNCATION_MASK ((psa_algorithm_t) 0x003f0000)
953#define PSA_MAC_TRUNCATION_OFFSET 16
954
955/* In the encoding of a MAC algorithm, the bit corresponding to
956 * #PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG encodes the fact that the algorithm
957 * is a wildcard algorithm. A key with such wildcard algorithm as permitted
958 * algorithm policy can be used with any algorithm corresponding to the
959 * same base class and having a (potentially truncated) MAC length greater or
960 * equal than the one encoded in #PSA_ALG_MAC_TRUNCATION_MASK. */
961#define PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t) 0x00008000)
962
996#define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length) \
997 (((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK | \
998 PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG)) | \
999 ((mac_length) << PSA_MAC_TRUNCATION_OFFSET & PSA_ALG_MAC_TRUNCATION_MASK))
1000
1013#define PSA_ALG_FULL_LENGTH_MAC(mac_alg) \
1014 ((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK | \
1015 PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG))
1016
1028#define PSA_MAC_TRUNCATED_LENGTH(mac_alg) \
1029 (((mac_alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET)
1030
1055#define PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(mac_alg, min_mac_length) \
1056 (PSA_ALG_TRUNCATED_MAC(mac_alg, min_mac_length) | \
1057 PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG)
1058
1059#define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t) 0x03c00000)
1065#define PSA_ALG_CBC_MAC ((psa_algorithm_t) 0x03c00100)
1067#define PSA_ALG_CMAC ((psa_algorithm_t) 0x03c00200)
1068
1077#define PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) \
1078 (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \
1079 PSA_ALG_CIPHER_MAC_BASE)
1080
1081#define PSA_ALG_CIPHER_STREAM_FLAG ((psa_algorithm_t) 0x00800000)
1082#define PSA_ALG_CIPHER_FROM_BLOCK_FLAG ((psa_algorithm_t) 0x00400000)
1083
1096#define PSA_ALG_IS_STREAM_CIPHER(alg) \
1097 (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_CIPHER_STREAM_FLAG)) == \
1098 (PSA_ALG_CATEGORY_CIPHER | PSA_ALG_CIPHER_STREAM_FLAG))
1099
1106#define PSA_ALG_STREAM_CIPHER ((psa_algorithm_t) 0x04800100)
1107
1115#define PSA_ALG_CTR ((psa_algorithm_t) 0x04c01000)
1116
1121#define PSA_ALG_CFB ((psa_algorithm_t) 0x04c01100)
1122
1127#define PSA_ALG_OFB ((psa_algorithm_t) 0x04c01200)
1128
1135#define PSA_ALG_XTS ((psa_algorithm_t) 0x0440ff00)
1136
1155#define PSA_ALG_ECB_NO_PADDING ((psa_algorithm_t) 0x04404400)
1156
1164#define PSA_ALG_CBC_NO_PADDING ((psa_algorithm_t) 0x04404000)
1165
1172#define PSA_ALG_CBC_PKCS7 ((psa_algorithm_t) 0x04404100)
1173
1174#define PSA_ALG_AEAD_FROM_BLOCK_FLAG ((psa_algorithm_t) 0x00400000)
1175
1185#define PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) \
1186 (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_AEAD_FROM_BLOCK_FLAG)) == \
1187 (PSA_ALG_CATEGORY_AEAD | PSA_ALG_AEAD_FROM_BLOCK_FLAG))
1188
1193#define PSA_ALG_CCM ((psa_algorithm_t) 0x05500100)
1194
1199#define PSA_ALG_GCM ((psa_algorithm_t) 0x05500200)
1200
1210#define PSA_ALG_CHACHA20_POLY1305 ((psa_algorithm_t) 0x05100500)
1211
1212/* In the encoding of an AEAD algorithm, the bits corresponding to
1213 * PSA_ALG_AEAD_TAG_LENGTH_MASK encode the length of the AEAD tag.
1214 * The constants for default lengths follow this encoding.
1215 */
1216#define PSA_ALG_AEAD_TAG_LENGTH_MASK ((psa_algorithm_t) 0x003f0000)
1217#define PSA_AEAD_TAG_LENGTH_OFFSET 16
1218
1219/* In the encoding of an AEAD algorithm, the bit corresponding to
1220 * #PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG encodes the fact that the algorithm
1221 * is a wildcard algorithm. A key with such wildcard algorithm as permitted
1222 * algorithm policy can be used with any algorithm corresponding to the
1223 * same base class and having a tag length greater than or equal to the one
1224 * encoded in #PSA_ALG_AEAD_TAG_LENGTH_MASK. */
1225#define PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t) 0x00008000)
1226
1245#define PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, tag_length) \
1246 (((aead_alg) & ~(PSA_ALG_AEAD_TAG_LENGTH_MASK | \
1247 PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)) | \
1248 ((tag_length) << PSA_AEAD_TAG_LENGTH_OFFSET & \
1249 PSA_ALG_AEAD_TAG_LENGTH_MASK))
1250
1261#define PSA_ALG_AEAD_GET_TAG_LENGTH(aead_alg) \
1262 (((aead_alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> \
1263 PSA_AEAD_TAG_LENGTH_OFFSET)
1264
1273#define PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(aead_alg) \
1274 ( \
1275 PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_CCM) \
1276 PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_GCM) \
1277 PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_CHACHA20_POLY1305) \
1278 0)
1279#define PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, ref) \
1280 PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, 0) == \
1281 PSA_ALG_AEAD_WITH_SHORTENED_TAG(ref, 0) ? \
1282 ref :
1283
1308#define PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(aead_alg, min_tag_length) \
1309 (PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, min_tag_length) | \
1310 PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)
1311
1312#define PSA_ALG_RSA_PKCS1V15_SIGN_BASE ((psa_algorithm_t) 0x06000200)
1328#define PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg) \
1329 (PSA_ALG_RSA_PKCS1V15_SIGN_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1336#define PSA_ALG_RSA_PKCS1V15_SIGN_RAW PSA_ALG_RSA_PKCS1V15_SIGN_BASE
1337#define PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) \
1338 (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PKCS1V15_SIGN_BASE)
1339
1340#define PSA_ALG_RSA_PSS_BASE ((psa_algorithm_t) 0x06000300)
1341#define PSA_ALG_RSA_PSS_ANY_SALT_BASE ((psa_algorithm_t) 0x06001300)
1362#define PSA_ALG_RSA_PSS(hash_alg) \
1363 (PSA_ALG_RSA_PSS_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1364
1380#define PSA_ALG_RSA_PSS_ANY_SALT(hash_alg) \
1381 (PSA_ALG_RSA_PSS_ANY_SALT_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1382
1394#define PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg) \
1395 (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE)
1396
1408#define PSA_ALG_IS_RSA_PSS_ANY_SALT(alg) \
1409 (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_ANY_SALT_BASE)
1410
1426#define PSA_ALG_IS_RSA_PSS(alg) \
1427 (PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg) || \
1428 PSA_ALG_IS_RSA_PSS_ANY_SALT(alg))
1429
1430#define PSA_ALG_ECDSA_BASE ((psa_algorithm_t) 0x06000600)
1451#define PSA_ALG_ECDSA(hash_alg) \
1452 (PSA_ALG_ECDSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1462#define PSA_ALG_ECDSA_ANY PSA_ALG_ECDSA_BASE
1463#define PSA_ALG_DETERMINISTIC_ECDSA_BASE ((psa_algorithm_t) 0x06000700)
1486#define PSA_ALG_DETERMINISTIC_ECDSA(hash_alg) \
1487 (PSA_ALG_DETERMINISTIC_ECDSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1488#define PSA_ALG_ECDSA_DETERMINISTIC_FLAG ((psa_algorithm_t) 0x00000100)
1489#define PSA_ALG_IS_ECDSA(alg) \
1490 (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_ECDSA_DETERMINISTIC_FLAG) == \
1491 PSA_ALG_ECDSA_BASE)
1492#define PSA_ALG_ECDSA_IS_DETERMINISTIC(alg) \
1493 (((alg) & PSA_ALG_ECDSA_DETERMINISTIC_FLAG) != 0)
1494#define PSA_ALG_IS_DETERMINISTIC_ECDSA(alg) \
1495 (PSA_ALG_IS_ECDSA(alg) && PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))
1496#define PSA_ALG_IS_RANDOMIZED_ECDSA(alg) \
1497 (PSA_ALG_IS_ECDSA(alg) && !PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))
1498
1527#define PSA_ALG_PURE_EDDSA ((psa_algorithm_t) 0x06000800)
1528
1529#define PSA_ALG_HASH_EDDSA_BASE ((psa_algorithm_t) 0x06000900)
1530#define PSA_ALG_IS_HASH_EDDSA(alg) \
1531 (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HASH_EDDSA_BASE)
1532
1554#define PSA_ALG_ED25519PH \
1555 (PSA_ALG_HASH_EDDSA_BASE | (PSA_ALG_SHA_512 & PSA_ALG_HASH_MASK))
1556
1579#define PSA_ALG_ED448PH \
1580 (PSA_ALG_HASH_EDDSA_BASE | (PSA_ALG_SHAKE256_512 & PSA_ALG_HASH_MASK))
1581
1582/* Default definition, to be overridden if the library is extended with
1583 * more hash-and-sign algorithms that we want to keep out of this header
1584 * file. */
1585#define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) 0
1586
1604#define PSA_ALG_IS_SIGN_HASH(alg) \
1605 (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \
1606 PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) || \
1607 PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg))
1608
1620#define PSA_ALG_IS_SIGN_MESSAGE(alg) \
1621 (PSA_ALG_IS_SIGN_HASH(alg) || (alg) == PSA_ALG_PURE_EDDSA)
1622
1649#define PSA_ALG_IS_HASH_AND_SIGN(alg) \
1650 (PSA_ALG_IS_SIGN_HASH(alg) && \
1651 ((alg) & PSA_ALG_HASH_MASK) != 0)
1652
1671#define PSA_ALG_SIGN_GET_HASH(alg) \
1672 (PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
1673 ((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \
1674 0)
1675
1685#define PSA_ALG_RSA_PKCS1V15_CRYPT ((psa_algorithm_t) 0x07000200)
1686
1687#define PSA_ALG_RSA_OAEP_BASE ((psa_algorithm_t) 0x07000300)
1702#define PSA_ALG_RSA_OAEP(hash_alg) \
1703 (PSA_ALG_RSA_OAEP_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1704#define PSA_ALG_IS_RSA_OAEP(alg) \
1705 (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_OAEP_BASE)
1706#define PSA_ALG_RSA_OAEP_GET_HASH(alg) \
1707 (PSA_ALG_IS_RSA_OAEP(alg) ? \
1708 ((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \
1709 0)
1710
1711#define PSA_ALG_HKDF_BASE ((psa_algorithm_t) 0x08000100)
1732#define PSA_ALG_HKDF(hash_alg) \
1733 (PSA_ALG_HKDF_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1745#define PSA_ALG_IS_HKDF(alg) \
1746 (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_BASE)
1747#define PSA_ALG_HKDF_GET_HASH(hkdf_alg) \
1748 (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
1749
1750#define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t) 0x08000200)
1777#define PSA_ALG_TLS12_PRF(hash_alg) \
1778 (PSA_ALG_TLS12_PRF_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1779
1788#define PSA_ALG_IS_TLS12_PRF(alg) \
1789 (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PRF_BASE)
1790#define PSA_ALG_TLS12_PRF_GET_HASH(hkdf_alg) \
1791 (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
1792
1793#define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t) 0x08000300)
1823#define PSA_ALG_TLS12_PSK_TO_MS(hash_alg) \
1824 (PSA_ALG_TLS12_PSK_TO_MS_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1825
1834#define PSA_ALG_IS_TLS12_PSK_TO_MS(alg) \
1835 (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PSK_TO_MS_BASE)
1836#define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg) \
1837 (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
1838
1839#define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t) 0xfe00ffff)
1840#define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t) 0xffff0000)
1841
1856#define PSA_ALG_KEY_AGREEMENT(ka_alg, kdf_alg) \
1857 ((ka_alg) | (kdf_alg))
1858
1859#define PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) \
1860 (((alg) & PSA_ALG_KEY_DERIVATION_MASK) | PSA_ALG_CATEGORY_KEY_DERIVATION)
1861
1862#define PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) \
1863 (((alg) & PSA_ALG_KEY_AGREEMENT_MASK) | PSA_ALG_CATEGORY_KEY_AGREEMENT)
1864
1879#define PSA_ALG_IS_RAW_KEY_AGREEMENT(alg) \
1880 (PSA_ALG_IS_KEY_AGREEMENT(alg) && \
1881 PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) == PSA_ALG_CATEGORY_KEY_DERIVATION)
1882
1883#define PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT(alg) \
1884 ((PSA_ALG_IS_KEY_DERIVATION(alg) || PSA_ALG_IS_KEY_AGREEMENT(alg)))
1885
1893#define PSA_ALG_FFDH ((psa_algorithm_t) 0x09010000)
1894
1907#define PSA_ALG_IS_FFDH(alg) \
1908 (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH)
1909
1935#define PSA_ALG_ECDH ((psa_algorithm_t) 0x09020000)
1936
1951#define PSA_ALG_IS_ECDH(alg) \
1952 (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH)
1953
1967#define PSA_ALG_IS_WILDCARD(alg) \
1968 (PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
1969 PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH : \
1970 PSA_ALG_IS_MAC(alg) ? \
1971 (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0 : \
1972 PSA_ALG_IS_AEAD(alg) ? \
1973 (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0 : \
1974 (alg) == PSA_ALG_ANY_HASH)
1975
1982/* Note that location and persistence level values are embedded in the
1983 * persistent key store, as part of key metadata. As a consequence, they
1984 * must not be changed (unless the storage format version changes).
1985 */
1986
1998#define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t) 0x00000000)
1999
2012#define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t) 0x00000001)
2013
2018#define PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t) 0x00)
2019
2024#define PSA_KEY_PERSISTENCE_DEFAULT ((psa_key_persistence_t) 0x01)
2025
2030#define PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t) 0xff)
2031
2032#define PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) \
2033 ((psa_key_persistence_t) ((lifetime) & 0x000000ff))
2034
2035#define PSA_KEY_LIFETIME_GET_LOCATION(lifetime) \
2036 ((psa_key_location_t) ((lifetime) >> 8))
2037
2054#define PSA_KEY_LIFETIME_IS_VOLATILE(lifetime) \
2055 (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
2056 PSA_KEY_PERSISTENCE_VOLATILE)
2057
2075#define PSA_KEY_LIFETIME_IS_READ_ONLY(lifetime) \
2076 (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
2077 PSA_KEY_PERSISTENCE_READ_ONLY)
2078
2088#define PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(persistence, location) \
2089 ((location) << 8 | (persistence))
2090
2098#define PSA_KEY_LOCATION_LOCAL_STORAGE ((psa_key_location_t) 0x000000)
2099
2100#define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t) 0x800000)
2101
2102/* Note that key identifier values are embedded in the
2103 * persistent key store, as part of key metadata. As a consequence, they
2104 * must not be changed (unless the storage format version changes).
2105 */
2106
2109/* *INDENT-OFF* (https://github.com/ARM-software/psa-arch-tests/issues/337) */
2110#define PSA_KEY_ID_NULL ((psa_key_id_t)0)
2111/* *INDENT-ON* */
2114#define PSA_KEY_ID_USER_MIN ((psa_key_id_t) 0x00000001)
2117#define PSA_KEY_ID_USER_MAX ((psa_key_id_t) 0x3fffffff)
2120#define PSA_KEY_ID_VENDOR_MIN ((psa_key_id_t) 0x40000000)
2123#define PSA_KEY_ID_VENDOR_MAX ((psa_key_id_t) 0x7fffffff)
2124
2125
2126#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
2127
2128#define MBEDTLS_SVC_KEY_ID_INIT ((psa_key_id_t) 0)
2129#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) (id)
2130#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(id) (0)
2131
2138 unsigned int unused, psa_key_id_t key_id)
2139{
2140 (void) unused;
2141
2142 return key_id;
2143}
2144
2154{
2155 return id1 == id2;
2156}
2157
2165{
2166 return key == 0;
2167}
2168
2169#else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
2170
2171#define MBEDTLS_SVC_KEY_ID_INIT ((mbedtls_svc_key_id_t){ 0, 0 })
2172#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) ((id).key_id)
2173#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(id) ((id).owner)
2174
2181 mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id)
2182{
2183 return (mbedtls_svc_key_id_t){ .key_id = key_id,
2184 .owner = owner_id };
2185}
2186
2196{
2197 return (id1.key_id == id2.key_id) &&
2198 mbedtls_key_owner_id_equal(id1.owner, id2.owner);
2199}
2200
2208{
2209 return key.key_id == 0;
2210}
2211
2212#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
2213
2220/* Note that key usage flags are embedded in the
2221 * persistent key store, as part of key metadata. As a consequence, they
2222 * must not be changed (unless the storage format version changes).
2223 */
2224
2236#define PSA_KEY_USAGE_EXPORT ((psa_key_usage_t) 0x00000001)
2237
2252#define PSA_KEY_USAGE_COPY ((psa_key_usage_t) 0x00000002)
2253
2263#define PSA_KEY_USAGE_ENCRYPT ((psa_key_usage_t) 0x00000100)
2264
2274#define PSA_KEY_USAGE_DECRYPT ((psa_key_usage_t) 0x00000200)
2275
2284#define PSA_KEY_USAGE_SIGN_MESSAGE ((psa_key_usage_t) 0x00000400)
2285
2294#define PSA_KEY_USAGE_VERIFY_MESSAGE ((psa_key_usage_t) 0x00000800)
2295
2304#define PSA_KEY_USAGE_SIGN_HASH ((psa_key_usage_t) 0x00001000)
2305
2314#define PSA_KEY_USAGE_VERIFY_HASH ((psa_key_usage_t) 0x00002000)
2315
2318#define PSA_KEY_USAGE_DERIVE ((psa_key_usage_t) 0x00004000)
2319
2326/* Key input steps are not embedded in the persistent storage, so you can
2327 * change them if needed: it's only an ABI change. */
2328
2341#define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t) 0x0101)
2342
2348#define PSA_KEY_DERIVATION_INPUT_LABEL ((psa_key_derivation_step_t) 0x0201)
2349
2355#define PSA_KEY_DERIVATION_INPUT_SALT ((psa_key_derivation_step_t) 0x0202)
2356
2362#define PSA_KEY_DERIVATION_INPUT_INFO ((psa_key_derivation_step_t) 0x0203)
2363
2369#define PSA_KEY_DERIVATION_INPUT_SEED ((psa_key_derivation_step_t) 0x0204)
2370
2377/* Helper macros */
2378
2390#define MBEDTLS_PSA_ALG_AEAD_EQUAL(aead_alg_1, aead_alg_2) \
2391 (!(((aead_alg_1) ^ (aead_alg_2)) & \
2392 ~(PSA_ALG_AEAD_TAG_LENGTH_MASK | PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)))
2393
2396#endif /* PSA_CRYPTO_VALUES_H */
static mbedtls_svc_key_id_t mbedtls_svc_key_id_make(unsigned int unused, psa_key_id_t key_id)
uint32_t psa_key_id_t
static int mbedtls_svc_key_id_is_null(mbedtls_svc_key_id_t key)
psa_key_id_t mbedtls_svc_key_id_t
static int mbedtls_svc_key_id_equal(mbedtls_svc_key_id_t id1, mbedtls_svc_key_id_t id2)