Mbed TLS v2.28.9
Loading...
Searching...
No Matches
crypto_struct.h
Go to the documentation of this file.
1
44/*
45 * Copyright The Mbed TLS Contributors
46 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
47 */
48
49#ifndef PSA_CRYPTO_STRUCT_H
50#define PSA_CRYPTO_STRUCT_H
51
52#ifdef __cplusplus
53extern "C" {
54#endif
55
56/* Include the Mbed TLS configuration file, the way Mbed TLS does it
57 * in each of its header files. */
58#if !defined(MBEDTLS_CONFIG_FILE)
59#include "mbedtls/config.h"
60#else
61#include MBEDTLS_CONFIG_FILE
62#endif
63
64#include "mbedtls/cmac.h"
65#include "mbedtls/gcm.h"
66
67/* Include the context definition for the compiled-in drivers for the primitive
68 * algorithms. */
70
81
82#define PSA_HASH_OPERATION_INIT { 0, { 0 } }
84{
86 return v;
87}
88
96 unsigned int id;
97
98 unsigned int iv_required : 1;
99 unsigned int iv_set : 1;
100
102
104};
105
106#define PSA_CIPHER_OPERATION_INIT { 0, 0, 0, 0, { 0 } }
108{
110 return v;
111}
112
113/* Include the context definition for the compiled-in drivers for the composite
114 * algorithms. */
116
124 unsigned int id;
125 uint8_t mac_size;
126 unsigned int is_sign : 1;
128};
129
130#define PSA_MAC_OPERATION_INIT { 0, 0, 0, { 0 } }
132{
134 return v;
135}
136
139 unsigned int key_set : 1;
140 unsigned int iv_set : 1;
141 uint8_t iv_size;
142 uint8_t block_size;
143 union {
144 unsigned dummy; /* Enable easier initializing of the union. */
147};
148
149#define PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, 0, { 0 } }
151{
153 return v;
154}
155
156#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
157typedef struct {
158 uint8_t *info;
160#if PSA_HASH_MAX_SIZE > 0xff
161#error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
162#endif
165 unsigned int state : 2;
166 unsigned int info_set : 1;
167 uint8_t output_block[PSA_HASH_MAX_SIZE];
168 uint8_t prk[PSA_HASH_MAX_SIZE];
171#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */
172
173#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
174 defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
175typedef enum {
176 PSA_TLS12_PRF_STATE_INIT, /* no input provided */
177 PSA_TLS12_PRF_STATE_SEED_SET, /* seed has been set */
178 PSA_TLS12_PRF_STATE_KEY_SET, /* key has been set */
179 PSA_TLS12_PRF_STATE_LABEL_SET, /* label has been set */
180 PSA_TLS12_PRF_STATE_OUTPUT /* output has been started */
182
184#if PSA_HASH_MAX_SIZE > 0xff
185#error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
186#endif
187
188 /* Indicates how many bytes in the current HMAC block have
189 * not yet been read by the user. */
191
192 /* The 1-based number of the block. */
194
196
197 uint8_t *secret;
199 uint8_t *seed;
201 uint8_t *label;
203
205
206 /* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */
209#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
210 * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
211
214 unsigned int can_output_key : 1;
215 size_t capacity;
216 union {
217 /* Make the union non-empty even with no supported algorithms. */
218 uint8_t dummy;
219#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
221#endif
222#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
223 defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
225#endif
227};
228
229/* This only zeroes out the first byte in the union, the rest is unspecified. */
230#define PSA_KEY_DERIVATION_OPERATION_INIT { 0, 0, 0, { 0 } }
232{
234 return v;
235}
236
243
244#define PSA_KEY_POLICY_INIT { 0, 0, 0 }
245static inline struct psa_key_policy_s psa_key_policy_init(void)
246{
247 const struct psa_key_policy_s v = PSA_KEY_POLICY_INIT;
248 return v;
249}
250
251/* The type used internally for key sizes.
252 * Public interfaces use size_t, but internally we use a smaller type. */
253typedef uint16_t psa_key_bits_t;
254/* The maximum value of the type used to represent bit-sizes.
255 * This is used to mark an invalid key size. */
256#define PSA_KEY_BITS_TOO_LARGE ((psa_key_bits_t) (-1))
257/* The maximum size of a key in bits.
258 * Currently defined as the maximum that can be represented, rounded down
259 * to a whole number of bytes.
260 * This is an uncast value so that it can be used in preprocessor
261 * conditionals. */
262#define PSA_MAX_KEY_BITS 0xfff8
263
272
273#define MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER \
274 ((psa_key_attributes_flag_t) 0x0001)
275
276/* A mask of key attribute flags used externally only.
277 * Only meant for internal checks inside the library. */
278#define MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY ( \
279 MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER | \
280 0)
281
282/* A mask of key attribute flags used both internally and externally.
283 * Currently there aren't any. */
284#define MBEDTLS_PSA_KA_MASK_DUAL_USE ( \
285 0)
286
295
296#define PSA_CORE_KEY_ATTRIBUTES_INIT { PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, \
297 MBEDTLS_SVC_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0 }
298
301#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
302 psa_key_slot_number_t slot_number;
303#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
306};
307
308#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
309#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0 }
310#else
311#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0 }
312#endif
313
315{
317 return v;
318}
319
320static inline void psa_set_key_id(psa_key_attributes_t *attributes,
322{
323 psa_key_lifetime_t lifetime = attributes->core.lifetime;
324
325 attributes->core.id = key;
326
327 if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
328 attributes->core.lifetime =
332 }
333}
334
336 const psa_key_attributes_t *attributes)
337{
338 return attributes->core.id;
339}
340
341#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
342static inline void mbedtls_set_key_owner_id(psa_key_attributes_t *attributes,
343 mbedtls_key_owner_id_t owner)
344{
345 attributes->core.id.owner = owner;
346}
347#endif
348
349static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
350 psa_key_lifetime_t lifetime)
351{
352 attributes->core.lifetime = lifetime;
353 if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
354#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
355 attributes->core.id.key_id = 0;
356#else
357 attributes->core.id = 0;
358#endif
359 }
360}
361
363 const psa_key_attributes_t *attributes)
364{
365 return attributes->core.lifetime;
366}
367
368static inline void psa_extend_key_usage_flags(psa_key_usage_t *usage_flags)
369{
370 if (*usage_flags & PSA_KEY_USAGE_SIGN_HASH) {
371 *usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE;
372 }
373
374 if (*usage_flags & PSA_KEY_USAGE_VERIFY_HASH) {
375 *usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE;
376 }
377}
378
379static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
380 psa_key_usage_t usage_flags)
381{
382 psa_extend_key_usage_flags(&usage_flags);
383 attributes->core.policy.usage = usage_flags;
384}
385
387 const psa_key_attributes_t *attributes)
388{
389 return attributes->core.policy.usage;
390}
391
392static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
393 psa_algorithm_t alg)
394{
395 attributes->core.policy.alg = alg;
396}
397
399 const psa_key_attributes_t *attributes)
400{
401 return attributes->core.policy.alg;
402}
403
404/* This function is declared in crypto_extra.h, which comes after this
405 * header file, but we need the function here, so repeat the declaration. */
407 psa_key_type_t type,
408 const uint8_t *data,
409 size_t data_length);
410
411static inline void psa_set_key_type(psa_key_attributes_t *attributes,
412 psa_key_type_t type)
413{
414 if (attributes->domain_parameters == NULL) {
415 /* Common case: quick path */
416 attributes->core.type = type;
417 } else {
418 /* Call the bigger function to free the old domain parameters.
419 * Ignore any errors which may arise due to type requiring
420 * non-default domain parameters, since this function can't
421 * report errors. */
422 (void) psa_set_key_domain_parameters(attributes, type, NULL, 0);
423 }
424}
425
427 const psa_key_attributes_t *attributes)
428{
429 return attributes->core.type;
430}
431
432static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
433 size_t bits)
434{
435 if (bits > PSA_MAX_KEY_BITS) {
436 attributes->core.bits = PSA_KEY_BITS_TOO_LARGE;
437 } else {
438 attributes->core.bits = (psa_key_bits_t) bits;
439 }
440}
441
442static inline size_t psa_get_key_bits(
443 const psa_key_attributes_t *attributes)
444{
445 return attributes->core.bits;
446}
447
448#ifdef __cplusplus
449}
450#endif
451
452#endif /* PSA_CRYPTO_STRUCT_H */
This file contains CMAC definitions and functions.
Configuration options (set of defines)
#define PSA_HASH_MAX_SIZE
#define PSA_KEY_BITS_TOO_LARGE
static void psa_set_key_usage_flags(psa_key_attributes_t *attributes, psa_key_usage_t usage_flags)
static struct psa_aead_operation_s psa_aead_operation_init(void)
uint16_t psa_key_bits_t
static size_t psa_get_key_bits(const psa_key_attributes_t *attributes)
#define PSA_KEY_POLICY_INIT
static void psa_set_key_type(psa_key_attributes_t *attributes, psa_key_type_t type)
static struct psa_key_attributes_s psa_key_attributes_init(void)
uint16_t psa_key_attributes_flag_t
static struct psa_cipher_operation_s psa_cipher_operation_init(void)
static struct psa_key_derivation_s psa_key_derivation_operation_init(void)
psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, psa_key_type_t type, const uint8_t *data, size_t data_length)
struct psa_tls12_prf_key_derivation_s psa_tls12_prf_key_derivation_t
#define PSA_MAX_KEY_BITS
static psa_key_lifetime_t psa_get_key_lifetime(const psa_key_attributes_t *attributes)
static psa_key_usage_t psa_get_key_usage_flags(const psa_key_attributes_t *attributes)
static void psa_extend_key_usage_flags(psa_key_usage_t *usage_flags)
static struct psa_mac_operation_s psa_mac_operation_init(void)
static void psa_set_key_lifetime(psa_key_attributes_t *attributes, psa_key_lifetime_t lifetime)
static psa_algorithm_t psa_get_key_algorithm(const psa_key_attributes_t *attributes)
static struct psa_hash_operation_s psa_hash_operation_init(void)
static void psa_set_key_id(psa_key_attributes_t *attributes, mbedtls_svc_key_id_t key)
static psa_key_type_t psa_get_key_type(const psa_key_attributes_t *attributes)
static void psa_set_key_algorithm(psa_key_attributes_t *attributes, psa_algorithm_t alg)
psa_tls12_prf_key_derivation_state_t
@ PSA_TLS12_PRF_STATE_SEED_SET
@ PSA_TLS12_PRF_STATE_LABEL_SET
@ PSA_TLS12_PRF_STATE_OUTPUT
@ PSA_TLS12_PRF_STATE_KEY_SET
@ PSA_TLS12_PRF_STATE_INIT
static void psa_set_key_bits(psa_key_attributes_t *attributes, size_t bits)
static mbedtls_svc_key_id_t psa_get_key_id(const psa_key_attributes_t *attributes)
static struct psa_key_policy_s psa_key_policy_init(void)
This file contains GCM definitions and functions.
#define PSA_MAC_OPERATION_INIT
#define PSA_AEAD_OPERATION_INIT
#define PSA_KEY_ATTRIBUTES_INIT
#define PSA_CIPHER_OPERATION_INIT
uint16_t psa_key_type_t
Encoding of a key type.
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
int32_t psa_status_t
Function return status.
#define PSA_HASH_OPERATION_INIT
#define PSA_KEY_DERIVATION_OPERATION_INIT
#define PSA_KEY_LIFETIME_PERSISTENT
#define PSA_KEY_LIFETIME_GET_LOCATION(lifetime)
#define PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)
uint32_t psa_key_lifetime_t
psa_key_id_t mbedtls_svc_key_id_t
#define PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(persistence, location)
#define PSA_KEY_USAGE_SIGN_HASH
#define PSA_KEY_USAGE_SIGN_MESSAGE
uint32_t psa_key_usage_t
Encoding of permitted usage on a key.
#define PSA_KEY_USAGE_VERIFY_MESSAGE
#define PSA_KEY_USAGE_VERIFY_HASH
uint64_t psa_key_slot_number_t
union psa_aead_operation_s::@006266061114174214326143130172251172061333060230 ctx
psa_algorithm_t alg
mbedtls_cipher_context_t cipher
psa_driver_cipher_context_t ctx
mbedtls_svc_key_id_t id
psa_key_lifetime_t lifetime
psa_key_attributes_flag_t flags
psa_driver_hash_context_t ctx
psa_core_key_attributes_t core
unsigned int can_output_key
union psa_key_derivation_s::@114373255226177111123040370032155040125216004053 ctx
psa_algorithm_t alg
psa_hkdf_key_derivation_t hkdf
psa_tls12_prf_key_derivation_t tls12_prf
psa_key_usage_t usage
psa_algorithm_t alg2
psa_algorithm_t alg
psa_driver_mac_context_t ctx
psa_tls12_prf_key_derivation_state_t state
uint8_t Ai[PSA_HASH_MAX_SIZE]
uint8_t output_block[PSA_HASH_MAX_SIZE]