Mistake on this page?
Report an issue in GitHub or email us
psa_crypto_core.h
1 /*
2  * PSA crypto core internal interfaces
3  */
4 /* Copyright (C) 2018, ARM Limited, All Rights Reserved
5  * SPDX-License-Identifier: Apache-2.0
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License"); you may
8  * not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  *
19  * This file is part of mbed TLS (https://tls.mbed.org)
20  */
21 
22 #ifndef PSA_CRYPTO_CORE_H
23 #define PSA_CRYPTO_CORE_H
24 
25 #if !defined(MBEDTLS_CONFIG_FILE)
26 #include "mbedtls/config.h"
27 #else
28 #include MBEDTLS_CONFIG_FILE
29 #endif
30 
31 #include "psa/crypto.h"
32 #include "psa/crypto_se_driver.h"
33 
34 #include "mbedtls/ecp.h"
35 #include "mbedtls/rsa.h"
36 
37 /** The data structure representing a key slot, containing key material
38  * and metadata for one key.
39  */
40 typedef struct
41 {
43  union
44  {
45  /* Raw-data key (key_type_is_raw_bytes() in psa_crypto.c) */
46  struct raw_data
47  {
48  uint8_t *data;
49  size_t bytes;
50  } raw;
51 #if defined(MBEDTLS_RSA_C)
52  /* RSA public key or key pair */
53  mbedtls_rsa_context *rsa;
54 #endif /* MBEDTLS_RSA_C */
55 #if defined(MBEDTLS_ECP_C)
56  /* EC public key or key pair */
57  mbedtls_ecp_keypair *ecp;
58 #endif /* MBEDTLS_ECP_C */
59 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
60  /* Any key type in a secure element */
61  struct se
62  {
63  psa_key_slot_number_t slot_number;
64  } se;
65 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
66  } data;
68 
69 /* A mask of key attribute flags used only internally.
70  * Currently there aren't any. */
71 #define PSA_KA_MASK_INTERNAL_ONLY ( \
72  0 )
73 
74 /** Test whether a key slot is occupied.
75  *
76  * A key slot is occupied iff the key type is nonzero. This works because
77  * no valid key can have 0 as its key type.
78  *
79  * \param[in] slot The key slot to test.
80  *
81  * \return 1 if the slot is occupied, 0 otherwise.
82  */
83 static inline int psa_is_key_slot_occupied( const psa_key_slot_t *slot )
84 {
85  return( slot->attr.type != 0 );
86 }
87 
88 /** Retrieve flags from psa_key_slot_t::attr::core::flags.
89  *
90  * \param[in] slot The key slot to query.
91  * \param mask The mask of bits to extract.
92  *
93  * \return The key attribute flags in the given slot,
94  * bitwise-anded with \p mask.
95  */
96 static inline uint16_t psa_key_slot_get_flags( const psa_key_slot_t *slot,
97  uint16_t mask )
98 {
99  return( slot->attr.flags & mask );
100 }
101 
102 /** Set flags in psa_key_slot_t::attr::core::flags.
103  *
104  * \param[in,out] slot The key slot to modify.
105  * \param mask The mask of bits to modify.
106  * \param value The new value of the selected bits.
107  */
108 static inline void psa_key_slot_set_flags( psa_key_slot_t *slot,
109  uint16_t mask,
110  uint16_t value )
111 {
112  slot->attr.flags = ( ( ~mask & slot->attr.flags ) |
113  ( mask & value ) );
114 }
115 
116 /** Turn on flags in psa_key_slot_t::attr::core::flags.
117  *
118  * \param[in,out] slot The key slot to modify.
119  * \param mask The mask of bits to set.
120  */
121 static inline void psa_key_slot_set_bits_in_flags( psa_key_slot_t *slot,
122  uint16_t mask )
123 {
124  slot->attr.flags |= mask;
125 }
126 
127 /** Turn off flags in psa_key_slot_t::attr::core::flags.
128  *
129  * \param[in,out] slot The key slot to modify.
130  * \param mask The mask of bits to clear.
131  */
132 static inline void psa_key_slot_clear_bits( psa_key_slot_t *slot,
133  uint16_t mask )
134 {
135  slot->attr.flags &= ~mask;
136 }
137 
138 /** Completely wipe a slot in memory, including its policy.
139  *
140  * Persistent storage is not affected.
141  *
142  * \param[in,out] slot The key slot to wipe.
143  *
144  * \retval PSA_SUCCESS
145  * Success. This includes the case of a key slot that was
146  * already fully wiped.
147  * \retval PSA_ERROR_CORRUPTION_DETECTED
148  */
149 psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot );
150 
151 /** Import key data into a slot.
152  *
153  * `slot->type` must have been set previously.
154  * This function assumes that the slot does not contain any key material yet.
155  * On failure, the slot content is unchanged.
156  *
157  * Persistent storage is not affected.
158  *
159  * \param[in,out] slot The key slot to import data into.
160  * Its `type` field must have previously been set to
161  * the desired key type.
162  * It must not contain any key material yet.
163  * \param[in] data Buffer containing the key material to parse and import.
164  * \param data_length Size of \p data in bytes.
165  *
166  * \retval PSA_SUCCESS
167  * \retval PSA_ERROR_INVALID_ARGUMENT
168  * \retval PSA_ERROR_NOT_SUPPORTED
169  * \retval PSA_ERROR_INSUFFICIENT_MEMORY
170  */
171 psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
172  const uint8_t *data,
173  size_t data_length );
174 
175 #endif /* PSA_CRYPTO_CORE_H */
uint64_t psa_key_slot_number_t
An internal designation of a key slot between the core part of the PSA Crypto implementation and the ...
PSA external cryptoprocessor driver module.
int32_t psa_status_t
Function return status.
The data structure representing a key slot, containing key material and metadata for one key...
Important Information for this Arm website

This site uses cookies to store information on your computer. By continuing to use our site, you consent to our cookies. If you are not happy with the use of these cookies, please review our Cookie Policy to learn how they can be disabled. By disabling cookies, some features of the site will not work.