Keil Studio Cloud
Mistake on this page?
Report an issue in GitHub or email us
TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h
1 /*
2  * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 /**
8  * \file psa/crypto_types.h
9  *
10  * \brief PSA cryptography module: type aliases.
11  *
12  * \note This file may not be included directly. Applications must
13  * include psa/crypto.h. Drivers must include the appropriate driver
14  * header file.
15  *
16  * This file contains portable definitions of integral types for properties
17  * of cryptographic keys, designations of cryptographic algorithms, and
18  * error codes returned by the library.
19  *
20  * This header file does not declare any function.
21  */
22 
23 #ifndef PSA_CRYPTO_TYPES_H
24 #define PSA_CRYPTO_TYPES_H
25 
26 #include <stdint.h>
27 
28 /** \defgroup error Error codes
29  * @{
30  */
31 
32 /**
33  * \brief Function return status.
34  *
35  * This is either #PSA_SUCCESS (which is zero), indicating success,
36  * or a small negative value indicating that an error occurred. Errors are
37  * encoded as one of the \c PSA_ERROR_xxx values defined here. */
38 /* If #PSA_SUCCESS is already defined, it means that #psa_status_t
39  * is also defined in an external header, so prevent its multiple
40  * definition.
41  */
42 #ifndef PSA_SUCCESS
43 typedef int32_t psa_status_t;
44 #endif
45 
46 /**@}*/
47 
48 /** \defgroup crypto_types Key and algorithm types
49  * @{
50  */
51 
52 /* Integral type representing a key handle. */
53 typedef uint16_t psa_key_handle_t;
54 
55 
56 /** \brief Encoding of a key type.
57  */
58 typedef uint16_t psa_key_type_t;
59 
60 /** The type of PSA elliptic curve family identifiers.
61  *
62  * The curve identifier is required to create an ECC key using the
63  * PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY()
64  * macros.
65  *
66  * Values defined by this standard will never be in the range 0x80-0xff.
67  * Vendors who define additional families must use an encoding in this range.
68  */
69 typedef uint8_t psa_ecc_family_t;
70 
71 /** The type of PSA Diffie-Hellman group family identifiers.
72  *
73  * The group identifier is required to create an Diffie-Hellman key using the
74  * PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY()
75  * macros.
76  *
77  * Values defined by this standard will never be in the range 0x80-0xff.
78  * Vendors who define additional families must use an encoding in this range.
79  */
80 typedef uint8_t psa_dh_family_t;
81 
82 /** \brief Encoding of a cryptographic algorithm.
83  *
84  * For algorithms that can be applied to multiple key types, this type
85  * does not encode the key type. For example, for symmetric ciphers
86  * based on a block cipher, #psa_algorithm_t encodes the block cipher
87  * mode and the padding mode while the block cipher itself is encoded
88  * via #psa_key_type_t.
89  */
90 typedef uint32_t psa_algorithm_t;
91 
92 /**@}*/
93 
94 /** \defgroup key_lifetimes Key lifetimes
95  * @{
96  */
97 
98 /** Encoding of key lifetimes.
99  *
100  * The lifetime of a key indicates where it is stored and what system actions
101  * may create and destroy it.
102  *
103  * Lifetime values have the following structure:
104  * - Bits 0-7 (#PSA_KEY_LIFETIME_GET_PERSISTENCE(\c lifetime)):
105  * persistence level. This value indicates what device management
106  * actions can cause it to be destroyed. In particular, it indicates
107  * whether the key is _volatile_ or _persistent_.
108  * See ::psa_key_persistence_t for more information.
109  * - Bits 8-31 (#PSA_KEY_LIFETIME_GET_LOCATION(\c lifetime)):
110  * location indicator. This value indicates where the key is stored
111  * and where operations on the key are performed.
112  * See ::psa_key_location_t for more information.
113  *
114  * Volatile keys are automatically destroyed when the application instance
115  * terminates or on a power reset of the device. Persistent keys are
116  * preserved until the application explicitly destroys them or until an
117  * implementation-specific device management event occurs (for example,
118  * a factory reset).
119  *
120  * Persistent keys have a key identifier of type #psa_key_id_t.
121  * This identifier remains valid throughout the lifetime of the key,
122  * even if the application instance that created the key terminates.
123  * The application can call psa_open_key() to open a persistent key that
124  * it created previously.
125  *
126  * This specification defines two basic lifetime values:
127  * - Keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE are volatile.
128  * All implementations should support this lifetime.
129  * - Keys with the lifetime #PSA_KEY_LIFETIME_PERSISTENT are persistent.
130  * All implementations that have access to persistent storage with
131  * appropriate security guarantees should support this lifetime.
132  */
133 typedef uint32_t psa_key_lifetime_t;
134 
135 /** Encoding of key persistence levels.
136  *
137  * What distinguishes different persistence levels is what device management
138  * events may cause keys to be destroyed. _Volatile_ keys are destroyed
139  * by a power reset. Persistent keys may be destroyed by events such as
140  * a transfer of ownership or a factory reset. What management events
141  * actually affect persistent keys at different levels is outside the
142  * scope of the PSA Cryptography specification.
143  *
144  * This specification defines the following values of persistence levels:
145  * - \c 0 = #PSA_KEY_PERSISTENCE_VOLATILE: volatile key.
146  * A volatile key is automatically destroyed by the implementation when
147  * the application instance terminates. In particular, a volatile key
148  * is automatically destroyed on a power reset of the device.
149  * - \c 1 = #PSA_KEY_PERSISTENCE_DEFAULT:
150  * persistent key with a default lifetime.
151  * Implementations should support this value if they support persistent
152  * keys at all.
153  * Applications should use this value if they have no specific needs that
154  * are only met by implementation-specific features.
155  * - \c 2-127: persistent key with a PSA-specified lifetime.
156  * The PSA Cryptography specification does not define the meaning of these
157  * values, but other PSA specifications may do so.
158  * - \c 128-254: persistent key with a vendor-specified lifetime.
159  * No PSA specification will define the meaning of these values, so
160  * implementations may choose the meaning freely.
161  * As a guideline, higher persistence levels should cause a key to survive
162  * more management events than lower levels.
163  * - \c 255 = #PSA_KEY_PERSISTENCE_READ_ONLY:
164  * read-only or write-once key.
165  * A key with this persistence level cannot be destroyed.
166  * Implementations that support such keys may either allow their creation
167  * through the PSA Cryptography API, preferably only to applications with
168  * the appropriate privilege, or only expose keys created through
169  * implementation-specific means such as a factory ROM engraving process.
170  * Note that keys that are read-only due to policy restrictions
171  * rather than due to physical limitations should not have this
172  * persistence levels.
173  *
174  * \note Key persistence levels are 8-bit values. Key management
175  * interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
176  * encode the persistence as the lower 8 bits of a 32-bit value.
177  */
178 typedef uint8_t psa_key_persistence_t;
179 
180 /** Encoding of key location indicators.
181  *
182  * If an implementation of this API can make calls to external
183  * cryptoprocessors such as secure elements, the location of a key
184  * indicates which secure element performs the operations on the key.
185  * If an implementation offers multiple physical locations for persistent
186  * storage, the location indicator reflects at which physical location
187  * the key is stored.
188  *
189  * This specification defines the following values of location indicators:
190  * - \c 0: primary local storage.
191  * All implementations should support this value.
192  * The primary local storage is typically the same storage area that
193  * contains the key metadata.
194  * - \c 1: primary secure element.
195  * Implementations should support this value if there is a secure element
196  * attached to the operating environment.
197  * As a guideline, secure elements may provide higher resistance against
198  * side channel and physical attacks than the primary local storage, but may
199  * have restrictions on supported key types, sizes, policies and operations
200  * and may have different performance characteristics.
201  * - \c 2-0x7fffff: other locations defined by a PSA specification.
202  * The PSA Cryptography API does not currently assign any meaning to these
203  * locations, but future versions of this specification or other PSA
204  * specifications may do so.
205  * - \c 0x800000-0xffffff: vendor-defined locations.
206  * No PSA specification will assign a meaning to locations in this range.
207  *
208  * \note Key location indicators are 24-bit values. Key management
209  * interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
210  * encode the location as the upper 24 bits of a 32-bit value.
211  */
212 typedef uint32_t psa_key_location_t;
213 
214 /** Encoding of identifiers of persistent keys.
215  *
216  * - Applications may freely choose key identifiers in the range
217  * #PSA_KEY_ID_USER_MIN to #PSA_KEY_ID_USER_MAX.
218  * - Implementations may define additional key identifiers in the range
219  * #PSA_KEY_ID_VENDOR_MIN to #PSA_KEY_ID_VENDOR_MAX.
220  * - 0 is reserved as an invalid key identifier.
221  * - Key identifiers outside these ranges are reserved for future use.
222  */
223 typedef uint32_t psa_key_id_t;
224 #define PSA_KEY_ID_INIT 0
225 
226 /**@}*/
227 
228 /** \defgroup policy Key policies
229  * @{
230  */
231 
232 /** \brief Encoding of permitted usage on a key. */
233 typedef uint32_t psa_key_usage_t;
234 
235 /**@}*/
236 
237 /** \defgroup attributes Key attributes
238  * @{
239  */
240 
241 /** The type of a structure containing key attributes.
242  *
243  * This is an opaque structure that can represent the metadata of a key
244  * object. Metadata that can be stored in attributes includes:
245  * - The location of the key in storage, indicated by its key identifier
246  * and its lifetime.
247  * - The key's policy, comprising usage flags and a specification of
248  * the permitted algorithm(s).
249  * - Information about the key itself: the key type and its size.
250  * - Implementations may define additional attributes.
251  *
252  * The actual key material is not considered an attribute of a key.
253  * Key attributes do not contain information that is generally considered
254  * highly confidential.
255  *
256  * An attribute structure can be a simple data structure where each function
257  * `psa_set_key_xxx` sets a field and the corresponding function
258  * `psa_get_key_xxx` retrieves the value of the corresponding field.
259  * However, implementations may report values that are equivalent to the
260  * original one, but have a different encoding. For example, an
261  * implementation may use a more compact representation for types where
262  * many bit-patterns are invalid or not supported, and store all values
263  * that it does not support as a special marker value. In such an
264  * implementation, after setting an invalid value, the corresponding
265  * get function returns an invalid value which may not be the one that
266  * was originally stored.
267  *
268  * An attribute structure may contain references to auxiliary resources,
269  * for example pointers to allocated memory or indirect references to
270  * pre-calculated values. In order to free such resources, the application
271  * must call psa_reset_key_attributes(). As an exception, calling
272  * psa_reset_key_attributes() on an attribute structure is optional if
273  * the structure has only been modified by the following functions
274  * since it was initialized or last reset with psa_reset_key_attributes():
275  * - psa_set_key_id()
276  * - psa_set_key_lifetime()
277  * - psa_set_key_type()
278  * - psa_set_key_bits()
279  * - psa_set_key_usage_flags()
280  * - psa_set_key_algorithm()
281  *
282  * Before calling any function on a key attribute structure, the application
283  * must initialize it by any of the following means:
284  * - Set the structure to all-bits-zero, for example:
285  * \code
286  * psa_key_attributes_t attributes;
287  * memset(&attributes, 0, sizeof(attributes));
288  * \endcode
289  * - Initialize the structure to logical zero values, for example:
290  * \code
291  * psa_key_attributes_t attributes = {0};
292  * \endcode
293  * - Initialize the structure to the initializer #PSA_KEY_ATTRIBUTES_INIT,
294  * for example:
295  * \code
296  * psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
297  * \endcode
298  * - Assign the result of the function psa_key_attributes_init()
299  * to the structure, for example:
300  * \code
301  * psa_key_attributes_t attributes;
302  * attributes = psa_key_attributes_init();
303  * \endcode
304  *
305  * A freshly initialized attribute structure contains the following
306  * values:
307  *
308  * - lifetime: #PSA_KEY_LIFETIME_VOLATILE.
309  * - key identifier: 0 (which is not a valid key identifier).
310  * - type: \c 0 (meaning that the type is unspecified).
311  * - key size: \c 0 (meaning that the size is unspecified).
312  * - usage flags: \c 0 (which allows no usage except exporting a public key).
313  * - algorithm: \c 0 (which allows no cryptographic usage, but allows
314  * exporting).
315  *
316  * A typical sequence to create a key is as follows:
317  * -# Create and initialize an attribute structure.
318  * -# If the key is persistent, call psa_set_key_id().
319  * Also call psa_set_key_lifetime() to place the key in a non-default
320  * location.
321  * -# Set the key policy with psa_set_key_usage_flags() and
322  * psa_set_key_algorithm().
323  * -# Set the key type with psa_set_key_type().
324  * Skip this step if copying an existing key with psa_copy_key().
325  * -# When generating a random key with psa_generate_key() or deriving a key
326  * with psa_key_derivation_output_key(), set the desired key size with
327  * psa_set_key_bits().
328  * -# Call a key creation function: psa_import_key(), psa_generate_key(),
329  * psa_key_derivation_output_key() or psa_copy_key(). This function reads
330  * the attribute structure, creates a key with these attributes, and
331  * outputs a handle to the newly created key.
332  * -# The attribute structure is now no longer necessary.
333  * You may call psa_reset_key_attributes(), although this is optional
334  * with the workflow presented here because the attributes currently
335  * defined in this specification do not require any additional resources
336  * beyond the structure itself.
337  *
338  * A typical sequence to query a key's attributes is as follows:
339  * -# Call psa_get_key_attributes().
340  * -# Call `psa_get_key_xxx` functions to retrieve the attribute(s) that
341  * you are interested in.
342  * -# Call psa_reset_key_attributes() to free any resources that may be
343  * used by the attribute structure.
344  *
345  * Once a key has been created, it is impossible to change its attributes.
346  */
347 typedef struct psa_client_key_attributes_s psa_key_attributes_t;
348 
349 /**@}*/
350 
351 /** \defgroup derivation Key derivation
352  * @{
353  */
354 
355 /** \brief Encoding of the step of a key derivation. */
356 typedef uint16_t psa_key_derivation_step_t;
357 
358 /**@}*/
359 
360 #endif /* PSA_CRYPTO_TYPES_H */
psa_key_attributes_s
Definition: TARGET_MBED_PSA_SRV/mbedtls/crypto_struct.h:340
psa_key_persistence_t
uint8_t psa_key_persistence_t
Encoding of key persistence levels.
Definition: TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h:178
psa_key_derivation_step_t
uint16_t psa_key_derivation_step_t
Encoding of the step of a key derivation.
Definition: TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h:356
psa_key_id_t
uint32_t psa_key_id_t
Encoding of identifiers of persistent keys.
Definition: TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h:223
psa_dh_family_t
uint8_t psa_dh_family_t
The type of PSA Diffie-Hellman group family identifiers.
Definition: TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h:80
psa_key_location_t
uint32_t psa_key_location_t
Encoding of key location indicators.
Definition: TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h:212
psa_client_key_attributes_s
Definition: crypto_client_struct.h:32
psa_algorithm_t
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h:90
psa_key_usage_t
uint32_t psa_key_usage_t
Encoding of permitted usage on a key.
Definition: TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h:233
psa_key_type_t
uint16_t psa_key_type_t
Encoding of a key type.
Definition: TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h:58
psa_key_lifetime_t
uint32_t psa_key_lifetime_t
Encoding of key lifetimes.
Definition: TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h:133
psa_ecc_family_t
uint8_t psa_ecc_family_t
The type of PSA elliptic curve family identifiers.
Definition: TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h:69
psa_status_t
int32_t psa_status_t
Function return status.
Definition: TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h:43
Important Information for this Arm website

This site uses cookies to store information on your computer. By continuing to use our site, you consent to our cookies. If you are not happy with the use of these cookies, please review our Cookie Policy to learn how they can be disabled. By disabling cookies, some features of the site will not work.