Kenji Arai
/
mbed-os_TYBLE16
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: TYBLE16_simple_data_logger TYBLE16_MP3_Air
Embed:
(wiki syntax)
Show/hide line numbers
crypto_extra.h
Go to the documentation of this file.
00001 /** 00002 * \file psa/crypto_extra.h 00003 * 00004 * \brief PSA cryptography module: Mbed TLS vendor extensions 00005 * 00006 * \note This file may not be included directly. Applications must 00007 * include psa/crypto.h. 00008 * 00009 * This file is reserved for vendor-specific definitions. 00010 */ 00011 /* 00012 * Copyright (C) 2018, ARM Limited, All Rights Reserved 00013 * SPDX-License-Identifier: Apache-2.0 00014 * 00015 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00016 * not use this file except in compliance with the License. 00017 * You may obtain a copy of the License at 00018 * 00019 * http://www.apache.org/licenses/LICENSE-2.0 00020 * 00021 * Unless required by applicable law or agreed to in writing, software 00022 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00023 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00024 * See the License for the specific language governing permissions and 00025 * limitations under the License. 00026 * 00027 * This file is part of mbed TLS (https://tls.mbed.org) 00028 */ 00029 00030 #ifndef PSA_CRYPTO_EXTRA_H 00031 #define PSA_CRYPTO_EXTRA_H 00032 00033 #include "mbedtls/platform_util.h" 00034 00035 #ifdef __cplusplus 00036 extern "C" { 00037 #endif 00038 00039 /* UID for secure storage seed */ 00040 #define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52 00041 00042 /* 00043 * Deprecated PSA Crypto error code definitions 00044 */ 00045 #if !defined(MBEDTLS_DEPRECATED_REMOVED) 00046 #define PSA_ERROR_UNKNOWN_ERROR \ 00047 MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_GENERIC_ERROR ) 00048 #define PSA_ERROR_OCCUPIED_SLOT \ 00049 MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_ALREADY_EXISTS ) 00050 #define PSA_ERROR_EMPTY_SLOT \ 00051 MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_DOES_NOT_EXIST ) 00052 #define PSA_ERROR_INSUFFICIENT_CAPACITY \ 00053 MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_INSUFFICIENT_DATA ) 00054 #define PSA_ERROR_TAMPERING_DETECTED \ 00055 MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_CORRUPTION_DETECTED ) 00056 #endif 00057 00058 /** \addtogroup attributes 00059 * @{ 00060 */ 00061 00062 /** \brief Declare the enrollment algorithm for a key. 00063 * 00064 * An operation on a key may indifferently use the algorithm set with 00065 * psa_set_key_algorithm() or with this function. 00066 * 00067 * \param[out] attributes The attribute structure to write to. 00068 * \param alg2 A second algorithm that the key may be used 00069 * for, in addition to the algorithm set with 00070 * psa_set_key_algorithm(). 00071 * 00072 * \warning Setting an enrollment algorithm is not recommended, because 00073 * using the same key with different algorithms can allow some 00074 * attacks based on arithmetic relations between different 00075 * computations made with the same key, or can escalate harmless 00076 * side channels into exploitable ones. Use this function only 00077 * if it is necessary to support a protocol for which it has been 00078 * verified that the usage of the key with multiple algorithms 00079 * is safe. 00080 */ 00081 static inline void psa_set_key_enrollment_algorithm( 00082 psa_key_attributes_t *attributes, 00083 psa_algorithm_t alg2) 00084 { 00085 attributes->core.policy.alg2 = alg2; 00086 } 00087 00088 /** Retrieve the enrollment algorithm policy from key attributes. 00089 * 00090 * \param[in] attributes The key attribute structure to query. 00091 * 00092 * \return The enrollment algorithm stored in the attribute structure. 00093 */ 00094 static inline psa_algorithm_t psa_get_key_enrollment_algorithm( 00095 const psa_key_attributes_t *attributes) 00096 { 00097 return( attributes->core.policy.alg2 ); 00098 } 00099 00100 #if defined(MBEDTLS_PSA_CRYPTO_SE_C) 00101 00102 /** Retrieve the slot number where a key is stored. 00103 * 00104 * A slot number is only defined for keys that are stored in a secure 00105 * element. 00106 * 00107 * This information is only useful if the secure element is not entirely 00108 * managed through the PSA Cryptography API. It is up to the secure 00109 * element driver to decide how PSA slot numbers map to any other interface 00110 * that the secure element may have. 00111 * 00112 * \param[in] attributes The key attribute structure to query. 00113 * \param[out] slot_number On success, the slot number containing the key. 00114 * 00115 * \retval #PSA_SUCCESS 00116 * The key is located in a secure element, and \p *slot_number 00117 * indicates the slot number that contains it. 00118 * \retval #PSA_ERROR_NOT_PERMITTED 00119 * The caller is not permitted to query the slot number. 00120 * Mbed Crypto currently does not return this error. 00121 * \retval #PSA_ERROR_INVALID_ARGUMENT 00122 * The key is not located in a secure element. 00123 */ 00124 psa_status_t psa_get_key_slot_number( 00125 const psa_key_attributes_t *attributes, 00126 psa_key_slot_number_t *slot_number ); 00127 00128 /** Choose the slot number where a key is stored. 00129 * 00130 * This function declares a slot number in the specified attribute 00131 * structure. 00132 * 00133 * A slot number is only meaningful for keys that are stored in a secure 00134 * element. It is up to the secure element driver to decide how PSA slot 00135 * numbers map to any other interface that the secure element may have. 00136 * 00137 * \note Setting a slot number in key attributes for a key creation can 00138 * cause the following errors when creating the key: 00139 * - #PSA_ERROR_NOT_SUPPORTED if the selected secure element does 00140 * not support choosing a specific slot number. 00141 * - #PSA_ERROR_NOT_PERMITTED if the caller is not permitted to 00142 * choose slot numbers in general or to choose this specific slot. 00143 * - #PSA_ERROR_INVALID_ARGUMENT if the chosen slot number is not 00144 * valid in general or not valid for this specific key. 00145 * - #PSA_ERROR_ALREADY_EXISTS if there is already a key in the 00146 * selected slot. 00147 * 00148 * \param[out] attributes The attribute structure to write to. 00149 * \param slot_number The slot number to set. 00150 */ 00151 static inline void psa_set_key_slot_number( 00152 psa_key_attributes_t *attributes, 00153 psa_key_slot_number_t slot_number ) 00154 { 00155 attributes->core.flags |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER; 00156 attributes->slot_number = slot_number; 00157 } 00158 00159 /** Remove the slot number attribute from a key attribute structure. 00160 * 00161 * This function undoes the action of psa_set_key_slot_number(). 00162 * 00163 * \param[out] attributes The attribute structure to write to. 00164 */ 00165 static inline void psa_clear_key_slot_number( 00166 psa_key_attributes_t *attributes ) 00167 { 00168 attributes->core.flags &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER; 00169 } 00170 00171 /** Register a key that is already present in a secure element. 00172 * 00173 * The key must be located in a secure element designated by the 00174 * lifetime field in \p attributes, in the slot set with 00175 * psa_set_key_slot_number() in the attribute structure. 00176 * This function makes the key available through the key identifier 00177 * specified in \p attributes. 00178 * 00179 * \param[in] attributes The attributes of the existing key. 00180 * 00181 * \retval #PSA_SUCCESS 00182 * The key was successfully registered. 00183 * Note that depending on the design of the driver, this may or may 00184 * not guarantee that a key actually exists in the designated slot 00185 * and is compatible with the specified attributes. 00186 * \retval #PSA_ERROR_ALREADY_EXISTS 00187 * There is already a key with the identifier specified in 00188 * \p attributes. 00189 * \retval #PSA_ERROR_NOT_SUPPORTED 00190 * The secure element driver for the specified lifetime does not 00191 * support registering a key. 00192 * \retval #PSA_ERROR_INVALID_ARGUMENT 00193 * \p attributes specifies a lifetime which is not located 00194 * in a secure element. 00195 * \retval #PSA_ERROR_INVALID_ARGUMENT 00196 * No slot number is specified in \p attributes, 00197 * or the specified slot number is not valid. 00198 * \retval #PSA_ERROR_NOT_PERMITTED 00199 * The caller is not authorized to register the specified key slot. 00200 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY 00201 * \retval #PSA_ERROR_COMMUNICATION_FAILURE 00202 * \retval #PSA_ERROR_HARDWARE_FAILURE 00203 * \retval #PSA_ERROR_CORRUPTION_DETECTED 00204 * \retval #PSA_ERROR_BAD_STATE 00205 * The library has not been previously initialized by psa_crypto_init(). 00206 * It is implementation-dependent whether a failure to initialize 00207 * results in this error code. 00208 */ 00209 psa_status_t mbedtls_psa_register_se_key( 00210 const psa_key_attributes_t *attributes); 00211 00212 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 00213 00214 /**@}*/ 00215 00216 /** 00217 * \brief Library deinitialization. 00218 * 00219 * This function clears all data associated with the PSA layer, 00220 * including the whole key store. 00221 * 00222 * This is an Mbed TLS extension. 00223 */ 00224 void mbedtls_psa_crypto_free( void ); 00225 00226 /** \brief Statistics about 00227 * resource consumption related to the PSA keystore. 00228 * 00229 * \note The content of this structure is not part of the stable API and ABI 00230 * of Mbed Crypto and may change arbitrarily from version to version. 00231 */ 00232 typedef struct mbedtls_psa_stats_s 00233 { 00234 /** Number of slots containing key material for a volatile key. */ 00235 size_t volatile_slots; 00236 /** Number of slots containing key material for a key which is in 00237 * internal persistent storage. */ 00238 size_t persistent_slots; 00239 /** Number of slots containing a reference to a key in a 00240 * secure element. */ 00241 size_t external_slots; 00242 /** Number of slots which are occupied, but do not contain 00243 * key material yet. */ 00244 size_t half_filled_slots; 00245 /** Number of slots that contain cache data. */ 00246 size_t cache_slots; 00247 /** Number of slots that are not used for anything. */ 00248 size_t empty_slots; 00249 /** Largest key id value among open keys in internal persistent storage. */ 00250 psa_app_key_id_t max_open_internal_key_id; 00251 /** Largest key id value among open keys in secure elements. */ 00252 psa_app_key_id_t max_open_external_key_id; 00253 } mbedtls_psa_stats_t; 00254 00255 /** \brief Get statistics about 00256 * resource consumption related to the PSA keystore. 00257 * 00258 * \note When Mbed Crypto is built as part of a service, with isolation 00259 * between the application and the keystore, the service may or 00260 * may not expose this function. 00261 */ 00262 void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats ); 00263 00264 /** 00265 * \brief Inject an initial entropy seed for the random generator into 00266 * secure storage. 00267 * 00268 * This function injects data to be used as a seed for the random generator 00269 * used by the PSA Crypto implementation. On devices that lack a trusted 00270 * entropy source (preferably a hardware random number generator), 00271 * the Mbed PSA Crypto implementation uses this value to seed its 00272 * random generator. 00273 * 00274 * On devices without a trusted entropy source, this function must be 00275 * called exactly once in the lifetime of the device. On devices with 00276 * a trusted entropy source, calling this function is optional. 00277 * In all cases, this function may only be called before calling any 00278 * other function in the PSA Crypto API, including psa_crypto_init(). 00279 * 00280 * When this function returns successfully, it populates a file in 00281 * persistent storage. Once the file has been created, this function 00282 * can no longer succeed. 00283 * 00284 * If any error occurs, this function does not change the system state. 00285 * You can call this function again after correcting the reason for the 00286 * error if possible. 00287 * 00288 * \warning This function **can** fail! Callers MUST check the return status. 00289 * 00290 * \warning If you use this function, you should use it as part of a 00291 * factory provisioning process. The value of the injected seed 00292 * is critical to the security of the device. It must be 00293 * *secret*, *unpredictable* and (statistically) *unique per device*. 00294 * You should be generate it randomly using a cryptographically 00295 * secure random generator seeded from trusted entropy sources. 00296 * You should transmit it securely to the device and ensure 00297 * that its value is not leaked or stored anywhere beyond the 00298 * needs of transmitting it from the point of generation to 00299 * the call of this function, and erase all copies of the value 00300 * once this function returns. 00301 * 00302 * This is an Mbed TLS extension. 00303 * 00304 * \note This function is only available on the following platforms: 00305 * * If the compile-time option MBEDTLS_PSA_INJECT_ENTROPY is enabled. 00306 * Note that you must provide compatible implementations of 00307 * mbedtls_nv_seed_read and mbedtls_nv_seed_write. 00308 * * In a client-server integration of PSA Cryptography, on the client side, 00309 * if the server supports this feature. 00310 * \param[in] seed Buffer containing the seed value to inject. 00311 * \param[in] seed_size Size of the \p seed buffer. 00312 * The size of the seed in bytes must be greater 00313 * or equal to both #MBEDTLS_ENTROPY_MIN_PLATFORM 00314 * and #MBEDTLS_ENTROPY_BLOCK_SIZE. 00315 * It must be less or equal to 00316 * #MBEDTLS_ENTROPY_MAX_SEED_SIZE. 00317 * 00318 * \retval #PSA_SUCCESS 00319 * The seed value was injected successfully. The random generator 00320 * of the PSA Crypto implementation is now ready for use. 00321 * You may now call psa_crypto_init() and use the PSA Crypto 00322 * implementation. 00323 * \retval #PSA_ERROR_INVALID_ARGUMENT 00324 * \p seed_size is out of range. 00325 * \retval #PSA_ERROR_STORAGE_FAILURE 00326 * There was a failure reading or writing from storage. 00327 * \retval #PSA_ERROR_NOT_PERMITTED 00328 * The library has already been initialized. It is no longer 00329 * possible to call this function. 00330 */ 00331 psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, 00332 size_t seed_size); 00333 00334 /** \addtogroup crypto_types 00335 * @{ 00336 */ 00337 00338 /** DSA public key. 00339 * 00340 * The import and export format is the 00341 * representation of the public key `y = g^x mod p` as a big-endian byte 00342 * string. The length of the byte string is the length of the base prime `p` 00343 * in bytes. 00344 */ 00345 #define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x60020000) 00346 00347 /** DSA key pair (private and public key). 00348 * 00349 * The import and export format is the 00350 * representation of the private key `x` as a big-endian byte string. The 00351 * length of the byte string is the private key size in bytes (leading zeroes 00352 * are not stripped). 00353 * 00354 * Determinstic DSA key derivation with psa_generate_derived_key follows 00355 * FIPS 186-4 §B.1.2: interpret the byte string as integer 00356 * in big-endian order. Discard it if it is not in the range 00357 * [0, *N* - 2] where *N* is the boundary of the private key domain 00358 * (the prime *p* for Diffie-Hellman, the subprime *q* for DSA, 00359 * or the order of the curve's base point for ECC). 00360 * Add 1 to the resulting integer and use this as the private key *x*. 00361 * 00362 */ 00363 #define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t)0x70020000) 00364 00365 /** Whether a key type is an DSA key (pair or public-only). */ 00366 #define PSA_KEY_TYPE_IS_DSA(type) \ 00367 (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY) 00368 00369 #define PSA_ALG_DSA_BASE ((psa_algorithm_t)0x10040000) 00370 /** DSA signature with hashing. 00371 * 00372 * This is the signature scheme defined by FIPS 186-4, 00373 * with a random per-message secret number (*k*). 00374 * 00375 * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that 00376 * #PSA_ALG_IS_HASH(\p hash_alg) is true). 00377 * This includes #PSA_ALG_ANY_HASH 00378 * when specifying the algorithm in a usage policy. 00379 * 00380 * \return The corresponding DSA signature algorithm. 00381 * \return Unspecified if \p hash_alg is not a supported 00382 * hash algorithm. 00383 */ 00384 #define PSA_ALG_DSA(hash_alg) \ 00385 (PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) 00386 #define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t)0x10050000) 00387 #define PSA_ALG_DSA_DETERMINISTIC_FLAG ((psa_algorithm_t)0x00010000) 00388 /** Deterministic DSA signature with hashing. 00389 * 00390 * This is the deterministic variant defined by RFC 6979 of 00391 * the signature scheme defined by FIPS 186-4. 00392 * 00393 * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that 00394 * #PSA_ALG_IS_HASH(\p hash_alg) is true). 00395 * This includes #PSA_ALG_ANY_HASH 00396 * when specifying the algorithm in a usage policy. 00397 * 00398 * \return The corresponding DSA signature algorithm. 00399 * \return Unspecified if \p hash_alg is not a supported 00400 * hash algorithm. 00401 */ 00402 #define PSA_ALG_DETERMINISTIC_DSA(hash_alg) \ 00403 (PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) 00404 #define PSA_ALG_IS_DSA(alg) \ 00405 (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == \ 00406 PSA_ALG_DSA_BASE) 00407 #define PSA_ALG_DSA_IS_DETERMINISTIC(alg) \ 00408 (((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0) 00409 #define PSA_ALG_IS_DETERMINISTIC_DSA(alg) \ 00410 (PSA_ALG_IS_DSA(alg) && PSA_ALG_DSA_IS_DETERMINISTIC(alg)) 00411 #define PSA_ALG_IS_RANDOMIZED_DSA(alg) \ 00412 (PSA_ALG_IS_DSA(alg) && !PSA_ALG_DSA_IS_DETERMINISTIC(alg)) 00413 00414 00415 /* We need to expand the sample definition of this macro from 00416 * the API definition. */ 00417 #undef PSA_ALG_IS_HASH_AND_SIGN 00418 #define PSA_ALG_IS_HASH_AND_SIGN(alg) \ 00419 (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \ 00420 PSA_ALG_IS_DSA(alg) || PSA_ALG_IS_ECDSA(alg)) 00421 00422 /**@}*/ 00423 00424 /** \addtogroup attributes 00425 * @{ 00426 */ 00427 00428 /** Custom Diffie-Hellman group. 00429 * 00430 * For keys of type #PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_GROUP_CUSTOM) or 00431 * #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_GROUP_CUSTOM), the group data comes 00432 * from domain parameters set by psa_set_key_domain_parameters(). 00433 */ 00434 /* This value is a deprecated value meaning an explicit curve in the IANA 00435 * registry. */ 00436 #define PSA_DH_GROUP_CUSTOM ((psa_dh_group_t) 0xff01) 00437 00438 00439 /** 00440 * \brief Set domain parameters for a key. 00441 * 00442 * Some key types require additional domain parameters in addition to 00443 * the key type identifier and the key size. Use this function instead 00444 * of psa_set_key_type() when you need to specify domain parameters. 00445 * 00446 * The format for the required domain parameters varies based on the key type. 00447 * 00448 * - For RSA keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY or #PSA_KEY_TYPE_RSA_KEY_PAIR), 00449 * the domain parameter data consists of the public exponent, 00450 * represented as a big-endian integer with no leading zeros. 00451 * This information is used when generating an RSA key pair. 00452 * When importing a key, the public exponent is read from the imported 00453 * key data and the exponent recorded in the attribute structure is ignored. 00454 * As an exception, the public exponent 65537 is represented by an empty 00455 * byte string. 00456 * - For DSA keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY or #PSA_KEY_TYPE_DSA_KEY_PAIR), 00457 * the `Dss-Parms` format as defined by RFC 3279 §2.3.2. 00458 * ``` 00459 * Dss-Parms ::= SEQUENCE { 00460 * p INTEGER, 00461 * q INTEGER, 00462 * g INTEGER 00463 * } 00464 * ``` 00465 * - For Diffie-Hellman key exchange keys 00466 * (#PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_GROUP_CUSTOM) or 00467 * #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_GROUP_CUSTOM)), the 00468 * `DomainParameters` format as defined by RFC 3279 §2.3.3. 00469 * ``` 00470 * DomainParameters ::= SEQUENCE { 00471 * p INTEGER, -- odd prime, p=jq +1 00472 * g INTEGER, -- generator, g 00473 * q INTEGER, -- factor of p-1 00474 * j INTEGER OPTIONAL, -- subgroup factor 00475 * validationParms ValidationParms OPTIONAL 00476 * } 00477 * ValidationParms ::= SEQUENCE { 00478 * seed BIT STRING, 00479 * pgenCounter INTEGER 00480 * } 00481 * ``` 00482 * 00483 * \note This function may allocate memory or other resources. 00484 * Once you have called this function on an attribute structure, 00485 * you must call psa_reset_key_attributes() to free these resources. 00486 * 00487 * \note This is an experimental extension to the interface. It may change 00488 * in future versions of the library. 00489 * 00490 * \param[in,out] attributes Attribute structure where the specified domain 00491 * parameters will be stored. 00492 * If this function fails, the content of 00493 * \p attributes is not modified. 00494 * \param type Key type (a \c PSA_KEY_TYPE_XXX value). 00495 * \param[in] data Buffer containing the key domain parameters. 00496 * The content of this buffer is interpreted 00497 * according to \p type as described above. 00498 * \param data_length Size of the \p data buffer in bytes. 00499 * 00500 * \retval #PSA_SUCCESS 00501 * \retval #PSA_ERROR_INVALID_ARGUMENT 00502 * \retval #PSA_ERROR_NOT_SUPPORTED 00503 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY 00504 */ 00505 psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, 00506 psa_key_type_t type, 00507 const uint8_t *data, 00508 size_t data_length); 00509 00510 /** 00511 * \brief Get domain parameters for a key. 00512 * 00513 * Get the domain parameters for a key with this function, if any. The format 00514 * of the domain parameters written to \p data is specified in the 00515 * documentation for psa_set_key_domain_parameters(). 00516 * 00517 * \note This is an experimental extension to the interface. It may change 00518 * in future versions of the library. 00519 * 00520 * \param[in] attributes The key attribute structure to query. 00521 * \param[out] data On success, the key domain parameters. 00522 * \param data_size Size of the \p data buffer in bytes. 00523 * The buffer is guaranteed to be large 00524 * enough if its size in bytes is at least 00525 * the value given by 00526 * PSA_KEY_DOMAIN_PARAMETERS_SIZE(). 00527 * \param[out] data_length On success, the number of bytes 00528 * that make up the key domain parameters data. 00529 * 00530 * \retval #PSA_SUCCESS 00531 * \retval #PSA_ERROR_BUFFER_TOO_SMALL 00532 */ 00533 psa_status_t psa_get_key_domain_parameters( 00534 const psa_key_attributes_t *attributes, 00535 uint8_t *data, 00536 size_t data_size, 00537 size_t *data_length); 00538 00539 /** Safe output buffer size for psa_get_key_domain_parameters(). 00540 * 00541 * This macro returns a compile-time constant if its arguments are 00542 * compile-time constants. 00543 * 00544 * \warning This function may call its arguments multiple times or 00545 * zero times, so you should not pass arguments that contain 00546 * side effects. 00547 * 00548 * \note This is an experimental extension to the interface. It may change 00549 * in future versions of the library. 00550 * 00551 * \param key_type A supported key type. 00552 * \param key_bits The size of the key in bits. 00553 * 00554 * \return If the parameters are valid and supported, return 00555 * a buffer size in bytes that guarantees that 00556 * psa_get_key_domain_parameters() will not fail with 00557 * #PSA_ERROR_BUFFER_TOO_SMALL. 00558 * If the parameters are a valid combination that is not supported 00559 * by the implementation, this macro shall return either a 00560 * sensible size or 0. 00561 * If the parameters are not valid, the 00562 * return value is unspecified. 00563 */ 00564 #define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits) \ 00565 (PSA_KEY_TYPE_IS_RSA(key_type) ? sizeof(int) : \ 00566 PSA_KEY_TYPE_IS_DH(key_type) ? PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \ 00567 PSA_KEY_TYPE_IS_DSA(key_type) ? PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \ 00568 0) 00569 #define PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \ 00570 (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 3 /*without optional parts*/) 00571 #define PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \ 00572 (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 2 /*p, g*/ + 34 /*q*/) 00573 00574 /**@}*/ 00575 00576 #ifdef __cplusplus 00577 } 00578 #endif 00579 00580 #endif /* PSA_CRYPTO_EXTRA_H */
Generated on Tue Jul 12 2022 13:54:14 by
1.7.2