Keil Studio Cloud
Mistake on this page?
Report an issue in GitHub or email us
TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_extra.h
1 /*
2  * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 /**
8  * \file psa/crypto_extra.h
9  *
10  * \brief PSA cryptography module: vendor extensions
11  *
12  * \note This file may not be included directly. Applications must
13  * include psa/crypto.h.
14  *
15  * This file is reserved for vendor-specific definitions.
16  */
17 
18 #ifndef PSA_CRYPTO_EXTRA_H
19 #define PSA_CRYPTO_EXTRA_H
20 
21 #include "psa/crypto_compat.h"
22 
23 #include "platform/mbed_toolchain.h"
24 
25 #ifdef __cplusplus
26 extern "C" {
27 #endif
28 
29 /** \addtogroup crypto_types
30  * @{
31  */
32 
33 /** DSA public key.
34  *
35  * The import and export format is the
36  * representation of the public key `y = g^x mod p` as a big-endian byte
37  * string. The length of the byte string is the length of the base prime `p`
38  * in bytes.
39  */
40 #define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x4002)
41 
42 /** DSA key pair (private and public key).
43  *
44  * The import and export format is the
45  * representation of the private key `x` as a big-endian byte string. The
46  * length of the byte string is the private key size in bytes (leading zeroes
47  * are not stripped).
48  *
49  * Determinstic DSA key derivation with psa_generate_derived_key follows
50  * FIPS 186-4 §B.1.2: interpret the byte string as integer
51  * in big-endian order. Discard it if it is not in the range
52  * [0, *N* - 2] where *N* is the boundary of the private key domain
53  * (the prime *p* for Diffie-Hellman, the subprime *q* for DSA,
54  * or the order of the curve's base point for ECC).
55  * Add 1 to the resulting integer and use this as the private key *x*.
56  *
57  */
58 #define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t)0x7002)
59 
60 /**@}*/
61 
62 #if defined(MBEDTLS_ECP_C)
63 #include <mbedtls/ecp.h>
64 
65 /** Convert an ECC curve identifier from the Mbed TLS encoding to PSA.
66  *
67  * \note This function is provided solely for the convenience of
68  * Mbed TLS and may be removed at any time without notice.
69  *
70  * \param grpid An Mbed TLS elliptic curve identifier
71  * (`MBEDTLS_ECP_DP_xxx`).
72  * \param[out] bits On success, the bit size of the curve.
73  *
74  * \return The corresponding PSA elliptic curve identifier
75  * (`PSA_ECC_FAMILY_xxx`).
76  * \return \c 0 on failure (\p grpid is not recognized).
77  */
78 static inline psa_ecc_family_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid,
79  size_t *bits )
80 {
81  switch( grpid )
82  {
83  case MBEDTLS_ECP_DP_SECP192R1:
84  *bits = 192;
85  return( PSA_ECC_FAMILY_SECP_R1 );
86  case MBEDTLS_ECP_DP_SECP224R1:
87  *bits = 224;
88  return( PSA_ECC_FAMILY_SECP_R1 );
89  case MBEDTLS_ECP_DP_SECP256R1:
90  *bits = 256;
91  return( PSA_ECC_FAMILY_SECP_R1 );
92  case MBEDTLS_ECP_DP_SECP384R1:
93  *bits = 384;
94  return( PSA_ECC_FAMILY_SECP_R1 );
95  case MBEDTLS_ECP_DP_SECP521R1:
96  *bits = 521;
97  return( PSA_ECC_FAMILY_SECP_R1 );
98  case MBEDTLS_ECP_DP_BP256R1:
99  *bits = 256;
100  return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
101  case MBEDTLS_ECP_DP_BP384R1:
102  *bits = 384;
103  return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
104  case MBEDTLS_ECP_DP_BP512R1:
105  *bits = 512;
106  return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
107  case MBEDTLS_ECP_DP_CURVE25519:
108  *bits = 255;
109  return( PSA_ECC_FAMILY_MONTGOMERY );
110  case MBEDTLS_ECP_DP_SECP192K1:
111  *bits = 192;
112  return( PSA_ECC_FAMILY_SECP_K1 );
113  case MBEDTLS_ECP_DP_SECP224K1:
114  *bits = 224;
115  return( PSA_ECC_FAMILY_SECP_K1 );
116  case MBEDTLS_ECP_DP_SECP256K1:
117  *bits = 256;
118  return( PSA_ECC_FAMILY_SECP_K1 );
119  case MBEDTLS_ECP_DP_CURVE448:
120  *bits = 448;
121  return( PSA_ECC_FAMILY_MONTGOMERY );
122  default:
123  *bits = 0;
124  return( 0 );
125  }
126 }
127 
128 #endif /* MBEDTLS_ECP_C */
129 
130 /** \brief Declare the enrollment algorithm for a key.
131  *
132  * An operation on a key may indifferently use the algorithm set with
133  * psa_set_key_algorithm() or with this function.
134  *
135  * \param[out] attributes The attribute structure to write to.
136  * \param alg2 A second algorithm that the key may be used
137  * for, in addition to the algorithm set with
138  * psa_set_key_algorithm().
139  *
140  * \deprecated This is for backward compatibility only.
141  * Setting an enrollment algorithm is not recommended, because
142  * using the same key with different algorithms can allow some
143  * attacks based on arithmetic relations between different
144  * computations made with the same key, or can escalate harmless
145  * side channels into exploitable ones. Use this function only
146  * if it is necessary to support a protocol for which it has been
147  * verified that the usage of the key with multiple algorithms
148  * is safe.
149  */
150 MBED_DEPRECATED("Setting enrollment algorithm is for backward compatibility and not recommended.")
151 static inline void psa_set_key_enrollment_algorithm(
152  psa_key_attributes_t *attributes,
153  psa_algorithm_t alg2)
154 {
155  attributes->alg2 = alg2;
156 }
157 
158 /** Retrieve the enrollment algorithm policy from key attributes.
159  *
160  * \param[in] attributes The key attribute structure to query.
161  *
162  * \return The enrollment algorithm stored in the attribute structure.
163 
164  * \deprecated This is for backward compatibility only.
165  * Deprecated along with psa_set_key_enrollment_algorithm().
166  */
167 MBED_DEPRECATED("Getting enrollment algorithm is for backward compatibility and not recommended.")
168 static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
169  const psa_key_attributes_t *attributes)
170 {
171  return attributes->alg2;
172 }
173 
174 #ifdef __cplusplus
175 }
176 #endif
177 
178 #endif /* PSA_CRYPTO_EXTRA_H */
psa_key_attributes_s
Definition: TARGET_MBED_PSA_SRV/mbedtls/crypto_struct.h:340
PSA_ECC_FAMILY_MONTGOMERY
#define PSA_ECC_FAMILY_MONTGOMERY
Curve25519 and Curve448.
Definition: TARGET_MBED_PSA_SRV/inc/psa/crypto_values.h:530
psa_set_key_enrollment_algorithm
static void psa_set_key_enrollment_algorithm(psa_key_attributes_t *attributes, psa_algorithm_t alg2)
Declare the enrollment algorithm for a key.
Definition: TARGET_MBED_PSA_SRV/inc/psa/crypto_extra.h:70
PSA_ECC_FAMILY_BRAINPOOL_P_R1
#define PSA_ECC_FAMILY_BRAINPOOL_P_R1
Brainpool P random curves.
Definition: TARGET_MBED_PSA_SRV/inc/psa/crypto_values.h:518
psa_get_key_enrollment_algorithm
static psa_algorithm_t psa_get_key_enrollment_algorithm(const psa_key_attributes_t *attributes)
Retrieve the enrollment algorithm policy from key attributes.
Definition: TARGET_MBED_PSA_SRV/inc/psa/crypto_extra.h:86
psa_algorithm_t
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: TARGET_MBED_PSA_SRV/inc/psa/crypto_types.h:96
PSA_ECC_FAMILY_SECP_R1
#define PSA_ECC_FAMILY_SECP_R1
SEC random curves over prime fields.
Definition: TARGET_MBED_PSA_SRV/inc/psa/crypto_values.h:477
PSA_ECC_FAMILY_SECP_K1
#define PSA_ECC_FAMILY_SECP_K1
SEC Koblitz curves over prime fields.
Definition: TARGET_MBED_PSA_SRV/inc/psa/crypto_values.h:467
psa_ecc_family_t
uint8_t psa_ecc_family_t
The type of PSA elliptic curve family identifiers.
Definition: TARGET_MBED_PSA_SRV/inc/psa/crypto_types.h:75
Important Information for this Arm website

This site uses cookies to store information on your computer. By continuing to use our site, you consent to our cookies. If you are not happy with the use of these cookies, please review our Cookie Policy to learn how they can be disabled. By disabling cookies, some features of the site will not work.