Keil Studio Cloud
Mistake on this page?
Report an issue in GitHub or email us
TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h
1 /*
2  * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 /**
8  * \file psa/crypto_types.h
9  *
10  * \brief PSA cryptography module: type aliases.
11  *
12  * \note This file may not be included directly. Applications must
13  * include psa/crypto.h. Drivers must include the appropriate driver
14  * header file.
15  *
16  * This file contains portable definitions of integral types for properties
17  * of cryptographic keys, designations of cryptographic algorithms, and
18  * error codes returned by the library.
19  *
20  * This header file does not declare any function.
21  */
22 
23 #ifndef PSA_CRYPTO_TYPES_H
24 #define PSA_CRYPTO_TYPES_H
25 
26 #include <stdint.h>
27 
28 /** \defgroup error Error codes
29  * @{
30  */
31 
32 /**
33  * \brief Function return status.
34  *
35  * This is either #PSA_SUCCESS (which is zero), indicating success,
36  * or a small negative value indicating that an error occurred. Errors are
37  * encoded as one of the \c PSA_ERROR_xxx values defined here. */
38 /* If #PSA_SUCCESS is already defined, it means that #psa_status_t
39  * is also defined in an external header, so prevent its multiple
40  * definition.
41  */
42 #ifndef PSA_SUCCESS
43 typedef int32_t psa_status_t;
44 #endif
45 
46 /**@}*/
47 
48 /** \defgroup crypto_types Key and algorithm types
49  * @{
50  */
51 
52 /** \brief Encoding of a key type.
53  */
54 typedef uint16_t psa_key_type_t;
55 
56 /** The type of PSA elliptic curve family identifiers.
57  *
58  * The curve identifier is required to create an ECC key using the
59  * PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY()
60  * macros.
61  *
62  * Values defined by this standard will never be in the range 0x80-0xff.
63  * Vendors who define additional families must use an encoding in this range.
64  */
65 typedef uint8_t psa_ecc_family_t;
66 
67 /** The type of PSA Diffie-Hellman group family identifiers.
68  *
69  * The group identifier is required to create an Diffie-Hellman key using the
70  * PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY()
71  * macros.
72  *
73  * Values defined by this standard will never be in the range 0x80-0xff.
74  * Vendors who define additional families must use an encoding in this range.
75  */
76 typedef uint8_t psa_dh_family_t;
77 
78 /** \brief Encoding of a cryptographic algorithm.
79  *
80  * For algorithms that can be applied to multiple key types, this type
81  * does not encode the key type. For example, for symmetric ciphers
82  * based on a block cipher, #psa_algorithm_t encodes the block cipher
83  * mode and the padding mode while the block cipher itself is encoded
84  * via #psa_key_type_t.
85  */
86 typedef uint32_t psa_algorithm_t;
87 
88 /**@}*/
89 
90 /** \defgroup key_lifetimes Key lifetimes
91  * @{
92  */
93 
94 /** Encoding of key lifetimes.
95  *
96  * The lifetime of a key indicates where it is stored and what system actions
97  * may create and destroy it.
98  *
99  * Lifetime values have the following structure:
100  * - Bits 0-7 (#PSA_KEY_LIFETIME_GET_PERSISTENCE(\c lifetime)):
101  * persistence level. This value indicates what device management
102  * actions can cause it to be destroyed. In particular, it indicates
103  * whether the key is _volatile_ or _persistent_.
104  * See ::psa_key_persistence_t for more information.
105  * - Bits 8-31 (#PSA_KEY_LIFETIME_GET_LOCATION(\c lifetime)):
106  * location indicator. This value indicates where the key is stored
107  * and where operations on the key are performed.
108  * See ::psa_key_location_t for more information.
109  *
110  * Volatile keys are automatically destroyed when the application instance
111  * terminates or on a power reset of the device. Persistent keys are
112  * preserved until the application explicitly destroys them or until an
113  * implementation-specific device management event occurs (for example,
114  * a factory reset).
115  *
116  * Persistent keys have a key identifier of type #psa_key_id_t.
117  * This identifier remains valid throughout the lifetime of the key,
118  * even if the application instance that created the key terminates.
119  * The application can call psa_open_key() to open a persistent key that
120  * it created previously.
121  *
122  * This specification defines two basic lifetime values:
123  * - Keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE are volatile.
124  * All implementations should support this lifetime.
125  * - Keys with the lifetime #PSA_KEY_LIFETIME_PERSISTENT are persistent.
126  * All implementations that have access to persistent storage with
127  * appropriate security guarantees should support this lifetime.
128  */
129 typedef uint32_t psa_key_lifetime_t;
130 
131 /** Encoding of key persistence levels.
132  *
133  * What distinguishes different persistence levels is what device management
134  * events may cause keys to be destroyed. _Volatile_ keys are destroyed
135  * by a power reset. Persistent keys may be destroyed by events such as
136  * a transfer of ownership or a factory reset. What management events
137  * actually affect persistent keys at different levels is outside the
138  * scope of the PSA Cryptography specification.
139  *
140  * This specification defines the following values of persistence levels:
141  * - \c 0 = #PSA_KEY_PERSISTENCE_VOLATILE: volatile key.
142  * A volatile key is automatically destroyed by the implementation when
143  * the application instance terminates. In particular, a volatile key
144  * is automatically destroyed on a power reset of the device.
145  * - \c 1 = #PSA_KEY_PERSISTENCE_DEFAULT:
146  * persistent key with a default lifetime.
147  * Implementations should support this value if they support persistent
148  * keys at all.
149  * Applications should use this value if they have no specific needs that
150  * are only met by implementation-specific features.
151  * - \c 2-127: persistent key with a PSA-specified lifetime.
152  * The PSA Cryptography specification does not define the meaning of these
153  * values, but other PSA specifications may do so.
154  * - \c 128-254: persistent key with a vendor-specified lifetime.
155  * No PSA specification will define the meaning of these values, so
156  * implementations may choose the meaning freely.
157  * As a guideline, higher persistence levels should cause a key to survive
158  * more management events than lower levels.
159  * - \c 255 = #PSA_KEY_PERSISTENCE_READ_ONLY:
160  * read-only or write-once key.
161  * A key with this persistence level cannot be destroyed.
162  * Implementations that support such keys may either allow their creation
163  * through the PSA Cryptography API, preferably only to applications with
164  * the appropriate privilege, or only expose keys created through
165  * implementation-specific means such as a factory ROM engraving process.
166  * Note that keys that are read-only due to policy restrictions
167  * rather than due to physical limitations should not have this
168  * persistence levels.
169  *
170  * \note Key persistence levels are 8-bit values. Key management
171  * interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
172  * encode the persistence as the lower 8 bits of a 32-bit value.
173  */
174 typedef uint8_t psa_key_persistence_t;
175 
176 /** Encoding of key location indicators.
177  *
178  * If an implementation of this API can make calls to external
179  * cryptoprocessors such as secure elements, the location of a key
180  * indicates which secure element performs the operations on the key.
181  * If an implementation offers multiple physical locations for persistent
182  * storage, the location indicator reflects at which physical location
183  * the key is stored.
184  *
185  * This specification defines the following values of location indicators:
186  * - \c 0: primary local storage.
187  * All implementations should support this value.
188  * The primary local storage is typically the same storage area that
189  * contains the key metadata.
190  * - \c 1: primary secure element.
191  * Implementations should support this value if there is a secure element
192  * attached to the operating environment.
193  * As a guideline, secure elements may provide higher resistance against
194  * side channel and physical attacks than the primary local storage, but may
195  * have restrictions on supported key types, sizes, policies and operations
196  * and may have different performance characteristics.
197  * - \c 2-0x7fffff: other locations defined by a PSA specification.
198  * The PSA Cryptography API does not currently assign any meaning to these
199  * locations, but future versions of this specification or other PSA
200  * specifications may do so.
201  * - \c 0x800000-0xffffff: vendor-defined locations.
202  * No PSA specification will assign a meaning to locations in this range.
203  *
204  * \note Key location indicators are 24-bit values. Key management
205  * interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
206  * encode the location as the upper 24 bits of a 32-bit value.
207  */
208 typedef uint32_t psa_key_location_t;
209 
210 /** Encoding of identifiers of persistent keys.
211  *
212  * - Applications may freely choose key identifiers in the range
213  * #PSA_KEY_ID_USER_MIN to #PSA_KEY_ID_USER_MAX.
214  * - Implementations may define additional key identifiers in the range
215  * #PSA_KEY_ID_VENDOR_MIN to #PSA_KEY_ID_VENDOR_MAX.
216  * - 0 is reserved as an invalid key identifier.
217  * - Key identifiers outside these ranges are reserved for future use.
218  */
219 typedef uint32_t psa_key_id_t;
220 #define PSA_KEY_ID_INIT 0
221 
222 /**@}*/
223 
224 /** \defgroup policy Key policies
225  * @{
226  */
227 
228 /** \brief Encoding of permitted usage on a key. */
229 typedef uint32_t psa_key_usage_t;
230 
231 /**@}*/
232 
233 /** \defgroup attributes Key attributes
234  * @{
235  */
236 
237 /** The type of a structure containing key attributes.
238  *
239  * This is an opaque structure that can represent the metadata of a key
240  * object. Metadata that can be stored in attributes includes:
241  * - The location of the key in storage, indicated by its key identifier
242  * and its lifetime.
243  * - The key's policy, comprising usage flags and a specification of
244  * the permitted algorithm(s).
245  * - Information about the key itself: the key type and its size.
246  * - Implementations may define additional attributes.
247  *
248  * The actual key material is not considered an attribute of a key.
249  * Key attributes do not contain information that is generally considered
250  * highly confidential.
251  *
252  * An attribute structure can be a simple data structure where each function
253  * `psa_set_key_xxx` sets a field and the corresponding function
254  * `psa_get_key_xxx` retrieves the value of the corresponding field.
255  * However, implementations may report values that are equivalent to the
256  * original one, but have a different encoding. For example, an
257  * implementation may use a more compact representation for types where
258  * many bit-patterns are invalid or not supported, and store all values
259  * that it does not support as a special marker value. In such an
260  * implementation, after setting an invalid value, the corresponding
261  * get function returns an invalid value which may not be the one that
262  * was originally stored.
263  *
264  * An attribute structure may contain references to auxiliary resources,
265  * for example pointers to allocated memory or indirect references to
266  * pre-calculated values. In order to free such resources, the application
267  * must call psa_reset_key_attributes(). As an exception, calling
268  * psa_reset_key_attributes() on an attribute structure is optional if
269  * the structure has only been modified by the following functions
270  * since it was initialized or last reset with psa_reset_key_attributes():
271  * - psa_set_key_id()
272  * - psa_set_key_lifetime()
273  * - psa_set_key_type()
274  * - psa_set_key_bits()
275  * - psa_set_key_usage_flags()
276  * - psa_set_key_algorithm()
277  *
278  * Before calling any function on a key attribute structure, the application
279  * must initialize it by any of the following means:
280  * - Set the structure to all-bits-zero, for example:
281  * \code
282  * psa_key_attributes_t attributes;
283  * memset(&attributes, 0, sizeof(attributes));
284  * \endcode
285  * - Initialize the structure to logical zero values, for example:
286  * \code
287  * psa_key_attributes_t attributes = {0};
288  * \endcode
289  * - Initialize the structure to the initializer #PSA_KEY_ATTRIBUTES_INIT,
290  * for example:
291  * \code
292  * psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
293  * \endcode
294  * - Assign the result of the function psa_key_attributes_init()
295  * to the structure, for example:
296  * \code
297  * psa_key_attributes_t attributes;
298  * attributes = psa_key_attributes_init();
299  * \endcode
300  *
301  * A freshly initialized attribute structure contains the following
302  * values:
303  *
304  * - lifetime: #PSA_KEY_LIFETIME_VOLATILE.
305  * - key identifier: 0 (which is not a valid key identifier).
306  * - type: \c 0 (meaning that the type is unspecified).
307  * - key size: \c 0 (meaning that the size is unspecified).
308  * - usage flags: \c 0 (which allows no usage except exporting a public key).
309  * - algorithm: \c 0 (which allows no cryptographic usage, but allows
310  * exporting).
311  *
312  * A typical sequence to create a key is as follows:
313  * -# Create and initialize an attribute structure.
314  * -# If the key is persistent, call psa_set_key_id().
315  * Also call psa_set_key_lifetime() to place the key in a non-default
316  * location.
317  * -# Set the key policy with psa_set_key_usage_flags() and
318  * psa_set_key_algorithm().
319  * -# Set the key type with psa_set_key_type().
320  * Skip this step if copying an existing key with psa_copy_key().
321  * -# When generating a random key with psa_generate_key() or deriving a key
322  * with psa_key_derivation_output_key(), set the desired key size with
323  * psa_set_key_bits().
324  * -# Call a key creation function: psa_import_key(), psa_generate_key(),
325  * psa_key_derivation_output_key() or psa_copy_key(). This function reads
326  * the attribute structure, creates a key with these attributes, and
327  * outputs a key identifier to the newly created key.
328  * -# The attribute structure is now no longer necessary.
329  * You may call psa_reset_key_attributes(), although this is optional
330  * with the workflow presented here because the attributes currently
331  * defined in this specification do not require any additional resources
332  * beyond the structure itself.
333  *
334  * A typical sequence to query a key's attributes is as follows:
335  * -# Call psa_get_key_attributes().
336  * -# Call `psa_get_key_xxx` functions to retrieve the attribute(s) that
337  * you are interested in.
338  * -# Call psa_reset_key_attributes() to free any resources that may be
339  * used by the attribute structure.
340  *
341  * Once a key has been created, it is impossible to change its attributes.
342  */
343 typedef struct psa_client_key_attributes_s psa_key_attributes_t;
344 
345 /**@}*/
346 
347 /** \defgroup derivation Key derivation
348  * @{
349  */
350 
351 /** \brief Encoding of the step of a key derivation. */
352 typedef uint16_t psa_key_derivation_step_t;
353 
354 /**@}*/
355 
356 #endif /* PSA_CRYPTO_TYPES_H */
psa_key_attributes_s
Definition: TARGET_MBED_PSA_SRV/mbedtls/crypto_struct.h:352
psa_key_persistence_t
uint8_t psa_key_persistence_t
Encoding of key persistence levels.
Definition: TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h:174
psa_key_derivation_step_t
uint16_t psa_key_derivation_step_t
Encoding of the step of a key derivation.
Definition: TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h:352
psa_key_id_t
uint32_t psa_key_id_t
Encoding of identifiers of persistent keys.
Definition: TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h:219
psa_dh_family_t
uint8_t psa_dh_family_t
The type of PSA Diffie-Hellman group family identifiers.
Definition: TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h:76
psa_key_location_t
uint32_t psa_key_location_t
Encoding of key location indicators.
Definition: TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h:208
psa_client_key_attributes_s
Definition: crypto_client_struct.h:32
psa_algorithm_t
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h:86
psa_key_usage_t
uint32_t psa_key_usage_t
Encoding of permitted usage on a key.
Definition: TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h:229
psa_key_type_t
uint16_t psa_key_type_t
Encoding of a key type.
Definition: TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h:54
psa_key_lifetime_t
uint32_t psa_key_lifetime_t
Encoding of key lifetimes.
Definition: TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h:129
psa_ecc_family_t
uint8_t psa_ecc_family_t
The type of PSA elliptic curve family identifiers.
Definition: TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h:65
psa_status_t
int32_t psa_status_t
Function return status.
Definition: TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_types.h:43
Important Information for this Arm website

This site uses cookies to store information on your computer. By continuing to use our site, you consent to our cookies. If you are not happy with the use of these cookies, please review our Cookie Policy to learn how they can be disabled. By disabling cookies, some features of the site will not work.