Mbed TLS v3.6.7
Toggle main menu visibility
Loading...
Searching...
No Matches
crypto_values.h
Go to the documentation of this file.
1
22
/*
23
* Copyright The Mbed TLS Contributors
24
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
25
*/
26
27
#ifndef PSA_CRYPTO_VALUES_H
28
#define PSA_CRYPTO_VALUES_H
29
#include "
mbedtls/private_access.h
"
30
34
35
/* PSA error codes */
36
37
/* Error codes are standardized across PSA domains (framework, crypto, storage,
38
* etc.). Do not change the values in this section or even the expansions
39
* of each macro: it must be possible to `#include` both this header
40
* and some other PSA component's headers in the same C source,
41
* which will lead to duplicate definitions of the `PSA_SUCCESS` and
42
* `PSA_ERROR_xxx` macros, which is ok if and only if the macros expand
43
* to the same sequence of tokens.
44
*
45
* If you must add a new
46
* value, check with the Arm PSA framework group to pick one that other
47
* domains aren't already using. */
48
49
/* Tell uncrustify not to touch the constant definitions, otherwise
50
* it might change the spacing to something that is not PSA-compliant
51
* (e.g. adding a space after casts).
52
*
53
* *INDENT-OFF*
54
*/
55
57
#define PSA_SUCCESS ((psa_status_t)0)
58
64
#define PSA_ERROR_GENERIC_ERROR ((psa_status_t)-132)
65
73
#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134)
74
86
#define PSA_ERROR_NOT_PERMITTED ((psa_status_t)-133)
87
98
#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)-138)
99
104
#define PSA_ERROR_ALREADY_EXISTS ((psa_status_t)-139)
105
110
#define PSA_ERROR_DOES_NOT_EXIST ((psa_status_t)-140)
111
126
#define PSA_ERROR_BAD_STATE ((psa_status_t)-137)
127
137
#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135)
138
143
#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141)
144
152
#define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)-142)
153
169
#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)-145)
170
194
#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)-146)
195
200
#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)-147)
201
231
#define PSA_ERROR_CORRUPTION_DETECTED ((psa_status_t)-151)
232
250
#define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)-148)
251
260
#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149)
261
276
#define PSA_ERROR_INVALID_PADDING ((psa_status_t)-150)
277
280
#define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143)
281
285
#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t)-144)
286
289
#define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136)
290
313
#define PSA_ERROR_DATA_CORRUPT ((psa_status_t)-152)
314
329
#define PSA_ERROR_DATA_INVALID ((psa_status_t)-153)
330
336
#define PSA_OPERATION_INCOMPLETE ((psa_status_t)-248)
337
338
/* *INDENT-ON* */
339
341
345
346
/* Note that key type values, including ECC family and DH group values, are
347
* embedded in the persistent key store, as part of key metadata. As a
348
* consequence, they must not be changed (unless the storage format version
349
* changes).
350
*/
351
356
#define PSA_KEY_TYPE_NONE ((psa_key_type_t) 0x0000)
357
365
#define PSA_KEY_TYPE_VENDOR_FLAG ((psa_key_type_t) 0x8000)
366
367
#define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t) 0x7000)
368
#define PSA_KEY_TYPE_CATEGORY_RAW ((psa_key_type_t) 0x1000)
369
#define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t) 0x2000)
370
#define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY ((psa_key_type_t) 0x4000)
371
#define PSA_KEY_TYPE_CATEGORY_KEY_PAIR ((psa_key_type_t) 0x7000)
372
373
#define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR ((psa_key_type_t) 0x3000)
374
379
#define PSA_KEY_TYPE_IS_VENDOR_DEFINED(type) \
380
(((type) & PSA_KEY_TYPE_VENDOR_FLAG) != 0)
381
386
#define PSA_KEY_TYPE_IS_UNSTRUCTURED(type) \
387
(((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_RAW || \
388
((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC)
389
391
#define PSA_KEY_TYPE_IS_ASYMMETRIC(type) \
392
(((type) & PSA_KEY_TYPE_CATEGORY_MASK \
393
& ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR) == \
394
PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)
395
396
#define PSA_KEY_TYPE_IS_PUBLIC_KEY(type) \
397
(((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)
398
400
#define PSA_KEY_TYPE_IS_KEY_PAIR(type) \
401
(((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_KEY_PAIR)
402
412
#define PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(type) \
413
((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
414
424
#define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) \
425
((type) & ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
426
431
#define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t) 0x1001)
432
441
#define PSA_KEY_TYPE_HMAC ((psa_key_type_t) 0x1100)
442
454
#define PSA_KEY_TYPE_DERIVE ((psa_key_type_t) 0x1200)
455
477
#define PSA_KEY_TYPE_PASSWORD ((psa_key_type_t) 0x1203)
478
485
#define PSA_KEY_TYPE_PASSWORD_HASH ((psa_key_type_t) 0x1205)
486
492
#define PSA_KEY_TYPE_PEPPER ((psa_key_type_t) 0x1206)
493
499
#define PSA_KEY_TYPE_AES ((psa_key_type_t) 0x2400)
500
503
#define PSA_KEY_TYPE_ARIA ((psa_key_type_t) 0x2406)
504
514
#define PSA_KEY_TYPE_DES ((psa_key_type_t) 0x2301)
515
518
#define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t) 0x2403)
519
531
#define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t) 0x2004)
532
537
#define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t) 0x4001)
542
#define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t) 0x7001)
544
#define PSA_KEY_TYPE_IS_RSA(type) \
545
(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)
546
547
#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t) 0x4100)
548
#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t) 0x7100)
549
#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t) 0x00ff)
559
#define PSA_KEY_TYPE_ECC_KEY_PAIR(curve) \
560
(PSA_KEY_TYPE_ECC_KEY_PAIR_BASE | (curve))
561
570
#define PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve) \
571
(PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))
572
574
#define PSA_KEY_TYPE_IS_ECC(type) \
575
((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \
576
~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)
577
578
#define PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type) \
579
(((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
580
PSA_KEY_TYPE_ECC_KEY_PAIR_BASE)
581
582
#define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type) \
583
(((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
584
PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)
585
587
#define PSA_KEY_TYPE_ECC_GET_FAMILY(type) \
588
((psa_ecc_family_t) (PSA_KEY_TYPE_IS_ECC(type) ? \
589
((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
590
0))
591
593
#define PSA_ECC_FAMILY_IS_WEIERSTRASS(family) ((family & 0xc0) == 0)
594
607
#define PSA_ECC_FAMILY_SECP_K1 ((psa_ecc_family_t) 0x17)
608
617
#define PSA_ECC_FAMILY_SECP_R1 ((psa_ecc_family_t) 0x12)
618
/* SECP160R2 (SEC2 v1, obsolete, not supported in Mbed TLS) */
619
#define PSA_ECC_FAMILY_SECP_R2 ((psa_ecc_family_t) 0x1b)
620
631
#define PSA_ECC_FAMILY_SECT_K1 ((psa_ecc_family_t) 0x27)
632
643
#define PSA_ECC_FAMILY_SECT_R1 ((psa_ecc_family_t) 0x22)
644
655
#define PSA_ECC_FAMILY_SECT_R2 ((psa_ecc_family_t) 0x2b)
656
667
#define PSA_ECC_FAMILY_BRAINPOOL_P_R1 ((psa_ecc_family_t) 0x30)
668
679
#define PSA_ECC_FAMILY_MONTGOMERY ((psa_ecc_family_t) 0x41)
680
697
#define PSA_ECC_FAMILY_TWISTED_EDWARDS ((psa_ecc_family_t) 0x42)
698
699
#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t) 0x4200)
700
#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t) 0x7200)
701
#define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t) 0x00ff)
707
#define PSA_KEY_TYPE_DH_KEY_PAIR(group) \
708
(PSA_KEY_TYPE_DH_KEY_PAIR_BASE | (group))
709
714
#define PSA_KEY_TYPE_DH_PUBLIC_KEY(group) \
715
(PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE | (group))
716
718
#define PSA_KEY_TYPE_IS_DH(type) \
719
((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \
720
~PSA_KEY_TYPE_DH_GROUP_MASK) == PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE)
721
722
#define PSA_KEY_TYPE_IS_DH_KEY_PAIR(type) \
723
(((type) & ~PSA_KEY_TYPE_DH_GROUP_MASK) == \
724
PSA_KEY_TYPE_DH_KEY_PAIR_BASE)
725
726
#define PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) \
727
(((type) & ~PSA_KEY_TYPE_DH_GROUP_MASK) == \
728
PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE)
729
731
#define PSA_KEY_TYPE_DH_GET_FAMILY(type) \
732
((psa_dh_family_t) (PSA_KEY_TYPE_IS_DH(type) ? \
733
((type) & PSA_KEY_TYPE_DH_GROUP_MASK) : \
734
0))
735
742
#define PSA_DH_FAMILY_RFC7919 ((psa_dh_family_t) 0x03)
743
744
#define PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) \
745
(((type) >> 8) & 7)
746
764
#define PSA_BLOCK_CIPHER_BLOCK_LENGTH(type) \
765
(((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
766
1u << PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) : \
767
0u)
768
769
/* Note that algorithm values are embedded in the persistent key store,
770
* as part of key metadata. As a consequence, they must not be changed
771
* (unless the storage format version changes).
772
*/
773
781
#define PSA_ALG_VENDOR_FLAG ((psa_algorithm_t) 0x80000000)
782
783
#define PSA_ALG_CATEGORY_MASK ((psa_algorithm_t) 0x7f000000)
784
#define PSA_ALG_CATEGORY_HASH ((psa_algorithm_t) 0x02000000)
785
#define PSA_ALG_CATEGORY_MAC ((psa_algorithm_t) 0x03000000)
786
#define PSA_ALG_CATEGORY_CIPHER ((psa_algorithm_t) 0x04000000)
787
#define PSA_ALG_CATEGORY_AEAD ((psa_algorithm_t) 0x05000000)
788
#define PSA_ALG_CATEGORY_SIGN ((psa_algorithm_t) 0x06000000)
789
#define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION ((psa_algorithm_t) 0x07000000)
790
#define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t) 0x08000000)
791
#define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t) 0x09000000)
792
797
#define PSA_ALG_IS_VENDOR_DEFINED(alg) \
798
(((alg) & PSA_ALG_VENDOR_FLAG) != 0)
799
808
#define PSA_ALG_IS_HASH(alg) \
809
(((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_HASH)
810
819
#define PSA_ALG_IS_MAC(alg) \
820
(((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_MAC)
821
830
#define PSA_ALG_IS_CIPHER(alg) \
831
(((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_CIPHER)
832
842
#define PSA_ALG_IS_AEAD(alg) \
843
(((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_AEAD)
844
854
#define PSA_ALG_IS_SIGN(alg) \
855
(((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_SIGN)
856
866
#define PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg) \
867
(((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION)
868
877
#define PSA_ALG_IS_KEY_AGREEMENT(alg) \
878
(((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_AGREEMENT)
879
888
#define PSA_ALG_IS_KEY_DERIVATION(alg) \
889
(((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_DERIVATION)
890
905
#define PSA_ALG_IS_KEY_DERIVATION_STRETCHING(alg) \
906
(PSA_ALG_IS_KEY_DERIVATION(alg) && \
907
(alg) & PSA_ALG_KEY_DERIVATION_STRETCHING_FLAG)
908
910
/* *INDENT-OFF* (https://github.com/ARM-software/psa-arch-tests/issues/337) */
911
#define PSA_ALG_NONE ((psa_algorithm_t)0)
912
/* *INDENT-ON* */
913
914
#define PSA_ALG_HASH_MASK ((psa_algorithm_t) 0x000000ff)
916
#define PSA_ALG_MD5 ((psa_algorithm_t) 0x02000003)
918
#define PSA_ALG_RIPEMD160 ((psa_algorithm_t) 0x02000004)
920
#define PSA_ALG_SHA_1 ((psa_algorithm_t) 0x02000005)
922
#define PSA_ALG_SHA_224 ((psa_algorithm_t) 0x02000008)
924
#define PSA_ALG_SHA_256 ((psa_algorithm_t) 0x02000009)
926
#define PSA_ALG_SHA_384 ((psa_algorithm_t) 0x0200000a)
928
#define PSA_ALG_SHA_512 ((psa_algorithm_t) 0x0200000b)
930
#define PSA_ALG_SHA_512_224 ((psa_algorithm_t) 0x0200000c)
932
#define PSA_ALG_SHA_512_256 ((psa_algorithm_t) 0x0200000d)
934
#define PSA_ALG_SHA3_224 ((psa_algorithm_t) 0x02000010)
936
#define PSA_ALG_SHA3_256 ((psa_algorithm_t) 0x02000011)
938
#define PSA_ALG_SHA3_384 ((psa_algorithm_t) 0x02000012)
940
#define PSA_ALG_SHA3_512 ((psa_algorithm_t) 0x02000013)
947
#define PSA_ALG_SHAKE256_512 ((psa_algorithm_t) 0x02000015)
948
982
#define PSA_ALG_ANY_HASH ((psa_algorithm_t) 0x020000ff)
983
984
#define PSA_ALG_MAC_SUBCATEGORY_MASK ((psa_algorithm_t) 0x00c00000)
985
#define PSA_ALG_HMAC_BASE ((psa_algorithm_t) 0x03800000)
997
#define PSA_ALG_HMAC(hash_alg) \
998
(PSA_ALG_HMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
999
1000
#define PSA_ALG_HMAC_GET_HASH(hmac_alg) \
1001
(PSA_ALG_CATEGORY_HASH | ((hmac_alg) & PSA_ALG_HASH_MASK))
1002
1013
#define PSA_ALG_IS_HMAC(alg) \
1014
(((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \
1015
PSA_ALG_HMAC_BASE)
1016
1017
/* In the encoding of a MAC algorithm, the bits corresponding to
1018
* PSA_ALG_MAC_TRUNCATION_MASK encode the length to which the MAC is
1019
* truncated. As an exception, the value 0 means the untruncated algorithm,
1020
* whatever its length is. The length is encoded in 6 bits, so it can
1021
* reach up to 63; the largest MAC is 64 bytes so its trivial truncation
1022
* to full length is correctly encoded as 0 and any non-trivial truncation
1023
* is correctly encoded as a value between 1 and 63. */
1024
#define PSA_ALG_MAC_TRUNCATION_MASK ((psa_algorithm_t) 0x003f0000)
1025
#define PSA_MAC_TRUNCATION_OFFSET 16
1026
1027
/* In the encoding of a MAC algorithm, the bit corresponding to
1028
* #PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG encodes the fact that the algorithm
1029
* is a wildcard algorithm. A key with such wildcard algorithm as permitted
1030
* algorithm policy can be used with any algorithm corresponding to the
1031
* same base class and having a (potentially truncated) MAC length greater or
1032
* equal than the one encoded in #PSA_ALG_MAC_TRUNCATION_MASK. */
1033
#define PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t) 0x00008000)
1034
1068
#define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length) \
1069
(((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK | \
1070
PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG)) | \
1071
((mac_length) << PSA_MAC_TRUNCATION_OFFSET & PSA_ALG_MAC_TRUNCATION_MASK))
1072
1085
#define PSA_ALG_FULL_LENGTH_MAC(mac_alg) \
1086
((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK | \
1087
PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG))
1088
1100
#define PSA_MAC_TRUNCATED_LENGTH(mac_alg) \
1101
(((mac_alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET)
1102
1127
#define PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(mac_alg, min_mac_length) \
1128
(PSA_ALG_TRUNCATED_MAC(mac_alg, min_mac_length) | \
1129
PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG)
1130
1131
#define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t) 0x03c00000)
1137
#define PSA_ALG_CBC_MAC ((psa_algorithm_t) 0x03c00100)
1139
#define PSA_ALG_CMAC ((psa_algorithm_t) 0x03c00200)
1140
1149
#define PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) \
1150
(((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \
1151
PSA_ALG_CIPHER_MAC_BASE)
1152
1153
#define PSA_ALG_CIPHER_STREAM_FLAG ((psa_algorithm_t) 0x00800000)
1154
#define PSA_ALG_CIPHER_FROM_BLOCK_FLAG ((psa_algorithm_t) 0x00400000)
1155
1168
#define PSA_ALG_IS_STREAM_CIPHER(alg) \
1169
(((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_CIPHER_STREAM_FLAG)) == \
1170
(PSA_ALG_CATEGORY_CIPHER | PSA_ALG_CIPHER_STREAM_FLAG))
1171
1177
#define PSA_ALG_STREAM_CIPHER ((psa_algorithm_t) 0x04800100)
1178
1186
#define PSA_ALG_CTR ((psa_algorithm_t) 0x04c01000)
1187
1192
#define PSA_ALG_CFB ((psa_algorithm_t) 0x04c01100)
1193
1198
#define PSA_ALG_OFB ((psa_algorithm_t) 0x04c01200)
1199
1206
#define PSA_ALG_XTS ((psa_algorithm_t) 0x0440ff00)
1207
1226
#define PSA_ALG_ECB_NO_PADDING ((psa_algorithm_t) 0x04404400)
1227
1235
#define PSA_ALG_CBC_NO_PADDING ((psa_algorithm_t) 0x04404000)
1236
1243
#define PSA_ALG_CBC_PKCS7 ((psa_algorithm_t) 0x04404100)
1244
1245
#define PSA_ALG_AEAD_FROM_BLOCK_FLAG ((psa_algorithm_t) 0x00400000)
1246
1256
#define PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) \
1257
(((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_AEAD_FROM_BLOCK_FLAG)) == \
1258
(PSA_ALG_CATEGORY_AEAD | PSA_ALG_AEAD_FROM_BLOCK_FLAG))
1259
1264
#define PSA_ALG_CCM ((psa_algorithm_t) 0x05500100)
1265
1275
#define PSA_ALG_CCM_STAR_NO_TAG ((psa_algorithm_t) 0x04c01300)
1276
1281
#define PSA_ALG_GCM ((psa_algorithm_t) 0x05500200)
1282
1292
#define PSA_ALG_CHACHA20_POLY1305 ((psa_algorithm_t) 0x05100500)
1293
1294
/* In the encoding of an AEAD algorithm, the bits corresponding to
1295
* PSA_ALG_AEAD_TAG_LENGTH_MASK encode the length of the AEAD tag.
1296
* The constants for default lengths follow this encoding.
1297
*/
1298
#define PSA_ALG_AEAD_TAG_LENGTH_MASK ((psa_algorithm_t) 0x003f0000)
1299
#define PSA_AEAD_TAG_LENGTH_OFFSET 16
1300
1301
/* In the encoding of an AEAD algorithm, the bit corresponding to
1302
* #PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG encodes the fact that the algorithm
1303
* is a wildcard algorithm. A key with such wildcard algorithm as permitted
1304
* algorithm policy can be used with any algorithm corresponding to the
1305
* same base class and having a tag length greater than or equal to the one
1306
* encoded in #PSA_ALG_AEAD_TAG_LENGTH_MASK. */
1307
#define PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t) 0x00008000)
1308
1327
#define PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, tag_length) \
1328
(((aead_alg) & ~(PSA_ALG_AEAD_TAG_LENGTH_MASK | \
1329
PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)) | \
1330
((tag_length) << PSA_AEAD_TAG_LENGTH_OFFSET & \
1331
PSA_ALG_AEAD_TAG_LENGTH_MASK))
1332
1343
#define PSA_ALG_AEAD_GET_TAG_LENGTH(aead_alg) \
1344
(((aead_alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> \
1345
PSA_AEAD_TAG_LENGTH_OFFSET)
1346
1355
#define PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(aead_alg) \
1356
( \
1357
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_CCM) \
1358
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_GCM) \
1359
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_CHACHA20_POLY1305) \
1360
0)
1361
#define PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, ref) \
1362
PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, 0) == \
1363
PSA_ALG_AEAD_WITH_SHORTENED_TAG(ref, 0) ? \
1364
ref :
1365
1390
#define PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(aead_alg, min_tag_length) \
1391
(PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, min_tag_length) | \
1392
PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)
1393
1394
#define PSA_ALG_RSA_PKCS1V15_SIGN_BASE ((psa_algorithm_t) 0x06000200)
1410
#define PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg) \
1411
(PSA_ALG_RSA_PKCS1V15_SIGN_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1412
1418
#define PSA_ALG_RSA_PKCS1V15_SIGN_RAW PSA_ALG_RSA_PKCS1V15_SIGN_BASE
1419
#define PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) \
1420
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PKCS1V15_SIGN_BASE)
1421
1422
#define PSA_ALG_RSA_PSS_BASE ((psa_algorithm_t) 0x06000300)
1423
#define PSA_ALG_RSA_PSS_ANY_SALT_BASE ((psa_algorithm_t) 0x06001300)
1444
#define PSA_ALG_RSA_PSS(hash_alg) \
1445
(PSA_ALG_RSA_PSS_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1446
1462
#define PSA_ALG_RSA_PSS_ANY_SALT(hash_alg) \
1463
(PSA_ALG_RSA_PSS_ANY_SALT_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1464
1476
#define PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg) \
1477
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE)
1478
1490
#define PSA_ALG_IS_RSA_PSS_ANY_SALT(alg) \
1491
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_ANY_SALT_BASE)
1492
1508
#define PSA_ALG_IS_RSA_PSS(alg) \
1509
(PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg) || \
1510
PSA_ALG_IS_RSA_PSS_ANY_SALT(alg))
1511
1512
#define PSA_ALG_ECDSA_BASE ((psa_algorithm_t) 0x06000600)
1533
#define PSA_ALG_ECDSA(hash_alg) \
1534
(PSA_ALG_ECDSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1535
1544
#define PSA_ALG_ECDSA_ANY PSA_ALG_ECDSA_BASE
1545
#define PSA_ALG_DETERMINISTIC_ECDSA_BASE ((psa_algorithm_t) 0x06000700)
1568
#define PSA_ALG_DETERMINISTIC_ECDSA(hash_alg) \
1569
(PSA_ALG_DETERMINISTIC_ECDSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1570
#define PSA_ALG_ECDSA_DETERMINISTIC_FLAG ((psa_algorithm_t) 0x00000100)
1571
#define PSA_ALG_IS_ECDSA(alg) \
1572
(((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_ECDSA_DETERMINISTIC_FLAG) == \
1573
PSA_ALG_ECDSA_BASE)
1574
#define PSA_ALG_ECDSA_IS_DETERMINISTIC(alg) \
1575
(((alg) & PSA_ALG_ECDSA_DETERMINISTIC_FLAG) != 0)
1576
#define PSA_ALG_IS_DETERMINISTIC_ECDSA(alg) \
1577
(PSA_ALG_IS_ECDSA(alg) && PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))
1578
#define PSA_ALG_IS_RANDOMIZED_ECDSA(alg) \
1579
(PSA_ALG_IS_ECDSA(alg) && !PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))
1580
1609
#define PSA_ALG_PURE_EDDSA ((psa_algorithm_t) 0x06000800)
1610
1611
#define PSA_ALG_HASH_EDDSA_BASE ((psa_algorithm_t) 0x06000900)
1612
#define PSA_ALG_IS_HASH_EDDSA(alg) \
1613
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HASH_EDDSA_BASE)
1614
1636
#define PSA_ALG_ED25519PH \
1637
(PSA_ALG_HASH_EDDSA_BASE | (PSA_ALG_SHA_512 & PSA_ALG_HASH_MASK))
1638
1661
#define PSA_ALG_ED448PH \
1662
(PSA_ALG_HASH_EDDSA_BASE | (PSA_ALG_SHAKE256_512 & PSA_ALG_HASH_MASK))
1663
1664
/* Default definition, to be overridden if the library is extended with
1665
* more hash-and-sign algorithms that we want to keep out of this header
1666
* file. */
1667
#define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) 0
1668
1686
#define PSA_ALG_IS_SIGN_HASH(alg) \
1687
(PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \
1688
PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) || \
1689
PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg))
1690
1702
#define PSA_ALG_IS_SIGN_MESSAGE(alg) \
1703
(PSA_ALG_IS_SIGN_HASH(alg) || (alg) == PSA_ALG_PURE_EDDSA)
1704
1731
#define PSA_ALG_IS_HASH_AND_SIGN(alg) \
1732
(PSA_ALG_IS_SIGN_HASH(alg) && \
1733
((alg) & PSA_ALG_HASH_MASK) != 0)
1734
1753
#define PSA_ALG_SIGN_GET_HASH(alg) \
1754
(PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
1755
((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \
1756
0)
1757
1766
#define PSA_ALG_RSA_PKCS1V15_CRYPT ((psa_algorithm_t) 0x07000200)
1767
1768
#define PSA_ALG_RSA_OAEP_BASE ((psa_algorithm_t) 0x07000300)
1783
#define PSA_ALG_RSA_OAEP(hash_alg) \
1784
(PSA_ALG_RSA_OAEP_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1785
#define PSA_ALG_IS_RSA_OAEP(alg) \
1786
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_OAEP_BASE)
1787
#define PSA_ALG_RSA_OAEP_GET_HASH(alg) \
1788
(PSA_ALG_IS_RSA_OAEP(alg) ? \
1789
((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \
1790
0)
1791
1792
#define PSA_ALG_HKDF_BASE ((psa_algorithm_t) 0x08000100)
1819
#define PSA_ALG_HKDF(hash_alg) \
1820
(PSA_ALG_HKDF_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1821
1832
#define PSA_ALG_IS_HKDF(alg) \
1833
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_BASE)
1834
#define PSA_ALG_HKDF_GET_HASH(hkdf_alg) \
1835
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
1836
1837
#define PSA_ALG_HKDF_EXTRACT_BASE ((psa_algorithm_t) 0x08000400)
1870
#define PSA_ALG_HKDF_EXTRACT(hash_alg) \
1871
(PSA_ALG_HKDF_EXTRACT_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1872
1883
#define PSA_ALG_IS_HKDF_EXTRACT(alg) \
1884
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXTRACT_BASE)
1885
1886
#define PSA_ALG_HKDF_EXPAND_BASE ((psa_algorithm_t) 0x08000500)
1912
#define PSA_ALG_HKDF_EXPAND(hash_alg) \
1913
(PSA_ALG_HKDF_EXPAND_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1914
1925
#define PSA_ALG_IS_HKDF_EXPAND(alg) \
1926
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXPAND_BASE)
1927
1938
#define PSA_ALG_IS_ANY_HKDF(alg) \
1939
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_BASE || \
1940
((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXTRACT_BASE || \
1941
((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXPAND_BASE)
1942
1943
#define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t) 0x08000200)
1970
#define PSA_ALG_TLS12_PRF(hash_alg) \
1971
(PSA_ALG_TLS12_PRF_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1972
1981
#define PSA_ALG_IS_TLS12_PRF(alg) \
1982
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PRF_BASE)
1983
#define PSA_ALG_TLS12_PRF_GET_HASH(hkdf_alg) \
1984
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
1985
1986
#define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t) 0x08000300)
2040
#define PSA_ALG_TLS12_PSK_TO_MS(hash_alg) \
2041
(PSA_ALG_TLS12_PSK_TO_MS_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
2042
2051
#define PSA_ALG_IS_TLS12_PSK_TO_MS(alg) \
2052
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PSK_TO_MS_BASE)
2053
#define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg) \
2054
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
2055
2056
/* The TLS 1.2 ECJPAKE-to-PMS KDF. It takes the shared secret K (an EC point
2057
* in case of EC J-PAKE) and calculates SHA256(K.X) that the rest of TLS 1.2
2058
* will use to derive the session secret, as defined by step 2 of
2059
* https://datatracker.ietf.org/doc/html/draft-cragie-tls-ecjpake-01#section-8.7.
2060
* Uses PSA_ALG_SHA_256.
2061
* This function takes a single input:
2062
* #PSA_KEY_DERIVATION_INPUT_SECRET is the shared secret K from EC J-PAKE.
2063
* The only supported curve is secp256r1 (the 256-bit curve in
2064
* #PSA_ECC_FAMILY_SECP_R1), so the input must be exactly 65 bytes.
2065
* The output has to be read as a single chunk of 32 bytes, defined as
2066
* PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE.
2067
*/
2068
#define PSA_ALG_TLS12_ECJPAKE_TO_PMS ((psa_algorithm_t) 0x08000609)
2069
2070
/* This flag indicates whether the key derivation algorithm is suitable for
2071
* use on low-entropy secrets such as password - these algorithms are also
2072
* known as key stretching or password hashing schemes. These are also the
2073
* algorithms that accepts inputs of type #PSA_KEY_DERIVATION_INPUT_PASSWORD.
2074
*
2075
* Those algorithms cannot be combined with a key agreement algorithm.
2076
*/
2077
#define PSA_ALG_KEY_DERIVATION_STRETCHING_FLAG ((psa_algorithm_t) 0x00800000)
2078
2079
#define PSA_ALG_PBKDF2_HMAC_BASE ((psa_algorithm_t) 0x08800100)
2106
#define PSA_ALG_PBKDF2_HMAC(hash_alg) \
2107
(PSA_ALG_PBKDF2_HMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
2108
2117
#define PSA_ALG_IS_PBKDF2_HMAC(alg) \
2118
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_PBKDF2_HMAC_BASE)
2119
#define PSA_ALG_PBKDF2_HMAC_GET_HASH(pbkdf2_alg) \
2120
(PSA_ALG_CATEGORY_HASH | ((pbkdf2_alg) & PSA_ALG_HASH_MASK))
2121
2130
#define PSA_ALG_PBKDF2_AES_CMAC_PRF_128 ((psa_algorithm_t) 0x08800200)
2131
2132
#define PSA_ALG_IS_PBKDF2(kdf_alg) \
2133
(PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || \
2134
((kdf_alg) == PSA_ALG_PBKDF2_AES_CMAC_PRF_128))
2135
2136
#define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t) 0xfe00ffff)
2137
#define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t) 0xffff0000)
2138
2153
#define PSA_ALG_KEY_AGREEMENT(ka_alg, kdf_alg) \
2154
((ka_alg) | (kdf_alg))
2155
2156
#define PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) \
2157
(((alg) & PSA_ALG_KEY_DERIVATION_MASK) | PSA_ALG_CATEGORY_KEY_DERIVATION)
2158
2159
#define PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) \
2160
(((alg) & PSA_ALG_KEY_AGREEMENT_MASK) | PSA_ALG_CATEGORY_KEY_AGREEMENT)
2161
2176
#define PSA_ALG_IS_RAW_KEY_AGREEMENT(alg) \
2177
(PSA_ALG_IS_KEY_AGREEMENT(alg) && \
2178
PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) == PSA_ALG_CATEGORY_KEY_DERIVATION)
2179
2180
#define PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT(alg) \
2181
((PSA_ALG_IS_KEY_DERIVATION(alg) || PSA_ALG_IS_KEY_AGREEMENT(alg)))
2182
2190
#define PSA_ALG_FFDH ((psa_algorithm_t) 0x09010000)
2191
2204
#define PSA_ALG_IS_FFDH(alg) \
2205
(PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH)
2206
2232
#define PSA_ALG_ECDH ((psa_algorithm_t) 0x09020000)
2233
2248
#define PSA_ALG_IS_ECDH(alg) \
2249
(PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH)
2250
2264
#define PSA_ALG_IS_WILDCARD(alg) \
2265
(PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
2266
PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH : \
2267
PSA_ALG_IS_MAC(alg) ? \
2268
(alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0 : \
2269
PSA_ALG_IS_AEAD(alg) ? \
2270
(alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0 : \
2271
(alg) == PSA_ALG_ANY_HASH)
2272
2282
#define PSA_ALG_GET_HASH(alg) \
2283
(((alg) & 0x000000ff) == 0 ? ((psa_algorithm_t) 0) : 0x02000000 | ((alg) & 0x000000ff))
2284
2286
2290
2291
/* Note that location and persistence level values are embedded in the
2292
* persistent key store, as part of key metadata. As a consequence, they
2293
* must not be changed (unless the storage format version changes).
2294
*/
2295
2307
#define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t) 0x00000000)
2308
2321
#define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t) 0x00000001)
2322
2327
#define PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t) 0x00)
2328
2333
#define PSA_KEY_PERSISTENCE_DEFAULT ((psa_key_persistence_t) 0x01)
2334
2339
#define PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t) 0xff)
2340
2341
#define PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) \
2342
((psa_key_persistence_t) ((lifetime) & 0x000000ff))
2343
2344
#define PSA_KEY_LIFETIME_GET_LOCATION(lifetime) \
2345
((psa_key_location_t) ((lifetime) >> 8))
2346
2363
#define PSA_KEY_LIFETIME_IS_VOLATILE(lifetime) \
2364
(PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
2365
PSA_KEY_PERSISTENCE_VOLATILE)
2366
2384
#define PSA_KEY_LIFETIME_IS_READ_ONLY(lifetime) \
2385
(PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
2386
PSA_KEY_PERSISTENCE_READ_ONLY)
2387
2397
#define PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(persistence, location) \
2398
((location) << 8 | (persistence))
2399
2407
#define PSA_KEY_LOCATION_LOCAL_STORAGE ((psa_key_location_t) 0x000000)
2408
2409
#define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t) 0x800000)
2410
2411
/* Note that key identifier values are embedded in the
2412
* persistent key store, as part of key metadata. As a consequence, they
2413
* must not be changed (unless the storage format version changes).
2414
*/
2415
2418
/* *INDENT-OFF* (https://github.com/ARM-software/psa-arch-tests/issues/337) */
2419
#define PSA_KEY_ID_NULL ((psa_key_id_t)0)
2420
/* *INDENT-ON* */
2423
#define PSA_KEY_ID_USER_MIN ((psa_key_id_t) 0x00000001)
2426
#define PSA_KEY_ID_USER_MAX ((psa_key_id_t) 0x3fffffff)
2429
#define PSA_KEY_ID_VENDOR_MIN ((psa_key_id_t) 0x40000000)
2432
#define PSA_KEY_ID_VENDOR_MAX ((psa_key_id_t) 0x7fffffff)
2433
2434
2435
#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
2436
2437
#define MBEDTLS_SVC_KEY_ID_INIT ((psa_key_id_t) 0)
2438
#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) (id)
2439
#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(id) (0)
2440
2446
static
inline
mbedtls_svc_key_id_t
mbedtls_svc_key_id_make
(
2447
unsigned
int
unused,
psa_key_id_t
key_id)
2448
{
2449
(void) unused;
2450
2451
return
key_id;
2452
}
2453
2461
static
inline
int
mbedtls_svc_key_id_equal
(
mbedtls_svc_key_id_t
id1,
2462
mbedtls_svc_key_id_t
id2)
2463
{
2464
return
id1 == id2;
2465
}
2466
2473
static
inline
int
mbedtls_svc_key_id_is_null
(
mbedtls_svc_key_id_t
key)
2474
{
2475
return
key == 0;
2476
}
2477
2478
#else
/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
2479
2480
#define MBEDTLS_SVC_KEY_ID_INIT ((mbedtls_svc_key_id_t){ 0, 0 })
2481
#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) ((id).MBEDTLS_PRIVATE(key_id))
2482
#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(id) ((id).MBEDTLS_PRIVATE(owner))
2483
2489
static
inline
mbedtls_svc_key_id_t
mbedtls_svc_key_id_make
(
2490
mbedtls_key_owner_id_t owner_id,
psa_key_id_t
key_id)
2491
{
2492
return
(
mbedtls_svc_key_id_t
){ .MBEDTLS_PRIVATE(key_id) = key_id,
2493
.MBEDTLS_PRIVATE(owner) = owner_id };
2494
}
2495
2503
static
inline
int
mbedtls_svc_key_id_equal
(
mbedtls_svc_key_id_t
id1,
2504
mbedtls_svc_key_id_t
id2)
2505
{
2506
return
(id1.MBEDTLS_PRIVATE(key_id) == id2.MBEDTLS_PRIVATE(key_id)) &&
2507
mbedtls_key_owner_id_equal(id1.MBEDTLS_PRIVATE(owner), id2.MBEDTLS_PRIVATE(owner));
2508
}
2509
2516
static
inline
int
mbedtls_svc_key_id_is_null
(
mbedtls_svc_key_id_t
key)
2517
{
2518
return
key.MBEDTLS_PRIVATE(key_id) == 0;
2519
}
2520
2521
#endif
/* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
2522
2524
2528
2529
/* Note that key usage flags are embedded in the
2530
* persistent key store, as part of key metadata. As a consequence, they
2531
* must not be changed (unless the storage format version changes).
2532
*/
2533
2545
#define PSA_KEY_USAGE_EXPORT ((psa_key_usage_t) 0x00000001)
2546
2561
#define PSA_KEY_USAGE_COPY ((psa_key_usage_t) 0x00000002)
2562
2572
#define PSA_KEY_USAGE_ENCRYPT ((psa_key_usage_t) 0x00000100)
2573
2583
#define PSA_KEY_USAGE_DECRYPT ((psa_key_usage_t) 0x00000200)
2584
2593
#define PSA_KEY_USAGE_SIGN_MESSAGE ((psa_key_usage_t) 0x00000400)
2594
2603
#define PSA_KEY_USAGE_VERIFY_MESSAGE ((psa_key_usage_t) 0x00000800)
2604
2613
#define PSA_KEY_USAGE_SIGN_HASH ((psa_key_usage_t) 0x00001000)
2614
2623
#define PSA_KEY_USAGE_VERIFY_HASH ((psa_key_usage_t) 0x00002000)
2624
2637
#define PSA_KEY_USAGE_DERIVE ((psa_key_usage_t) 0x00004000)
2638
2652
#define PSA_KEY_USAGE_VERIFY_DERIVATION ((psa_key_usage_t) 0x00008000)
2653
2655
2659
2660
/* Key input steps are not embedded in the persistent storage, so you can
2661
* change them if needed: it's only an ABI change. */
2662
2678
#define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t) 0x0101)
2679
2696
#define PSA_KEY_DERIVATION_INPUT_PASSWORD ((psa_key_derivation_step_t) 0x0102)
2697
2705
#define PSA_KEY_DERIVATION_INPUT_OTHER_SECRET \
2706
((psa_key_derivation_step_t) 0x0103)
2707
2713
#define PSA_KEY_DERIVATION_INPUT_LABEL ((psa_key_derivation_step_t) 0x0201)
2714
2721
#define PSA_KEY_DERIVATION_INPUT_SALT ((psa_key_derivation_step_t) 0x0202)
2722
2728
#define PSA_KEY_DERIVATION_INPUT_INFO ((psa_key_derivation_step_t) 0x0203)
2729
2735
#define PSA_KEY_DERIVATION_INPUT_SEED ((psa_key_derivation_step_t) 0x0204)
2736
2741
#define PSA_KEY_DERIVATION_INPUT_COST ((psa_key_derivation_step_t) 0x0205)
2742
2744
2748
2749
/* Helper macros */
2750
2762
#define MBEDTLS_PSA_ALG_AEAD_EQUAL(aead_alg_1, aead_alg_2) \
2763
(!(((aead_alg_1) ^ (aead_alg_2)) & \
2764
~(PSA_ALG_AEAD_TAG_LENGTH_MASK | PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)))
2765
2767
2769
2773
2778
#define PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED UINT32_MAX
2779
2781
2782
#endif
/* PSA_CRYPTO_VALUES_H */
mbedtls_svc_key_id_make
static mbedtls_svc_key_id_t mbedtls_svc_key_id_make(unsigned int unused, psa_key_id_t key_id)
Definition
crypto_values.h:2446
psa_key_id_t
uint32_t psa_key_id_t
Definition
crypto_types.h:275
mbedtls_svc_key_id_is_null
static int mbedtls_svc_key_id_is_null(mbedtls_svc_key_id_t key)
Definition
crypto_values.h:2473
mbedtls_svc_key_id_t
psa_key_id_t mbedtls_svc_key_id_t
Definition
crypto_types.h:292
mbedtls_svc_key_id_equal
static int mbedtls_svc_key_id_equal(mbedtls_svc_key_id_t id1, mbedtls_svc_key_id_t id2)
Definition
crypto_values.h:2461
private_access.h
Macro wrapper for struct's members.
include
psa
crypto_values.h
Generated on
for Mbed TLS v3.6.7 by
1.17.0