Lines Matching full:in
8 * space in which the PSA Crypto implementation runs, typically secure
13 * to be called in a standardized way by a PSA Cryptography API
50 * in mind the restrictions on when the persistent data is saved
60 * The size of this buffer is in the \c persistent_data_size field of
85 * psa_drv_se_key_management_t::p_destroy in case an error occurs.
91 /** The size of \c persistent_data in bytes.
101 * afterwards. The driver may store whatever it wants in this field.
108 * \param[in,out] drv_context The driver context structure.
109 * \param[in,out] persistent_data A pointer to the persistent data
113 * for all keys whose lifetime is in this
118 * The core will update the persistent data in storage.
120 * Any other return value prevents the driver from being used in
122 * The core will NOT update the persistent data in storage.
129 /* Mbed TLS with secure element support enabled defines this type in
145 * `psa_drv_se_mac_generate_t` or `psa_drv_se_mac_verify_t` functions), or in
155 * result in allocated resources not being freed or in other undefined
162 * \param[in,out] drv_context The driver context structure.
163 * \param[in,out] op_context A structure that will contain the
165 * \param[in] key_slot The slot of the key to be used for the
167 * \param[in] algorithm The algorithm to be used to underly the MAC
181 * \param[in,out] op_context A hardware-specific structure for the
184 * \param[in] p_input A buffer containing the message to be appended
186 * \param[in] input_length The size in bytes of the input message buffer
195 * \param[in,out] op_context A hardware-specific structure for the
200 * \param[in] mac_size The size in bytes of the buffer that has been
203 * bytes placed in the `p_mac` buffer
216 * \param[in,out] op_context A hardware-specific structure for the previously
218 * \param[in] p_mac The MAC value against which the resulting MAC
220 * \param[in] mac_length The size in bytes of the value stored in `p_mac`
236 * \param[in,out] op_context A hardware-specific structure for the previously
241 /** \brief A function that performs a secure element MAC operation in one
244 * \param[in,out] drv_context The driver context structure.
245 * \param[in] p_input A buffer containing the message to be MACed
246 * \param[in] input_length The size in bytes of `p_input`
247 * \param[in] key_slot The slot of the key to be used
248 * \param[in] alg The algorithm to be used to underlie the MAC
252 * \param[in] mac_size The size in bytes of the `p_mac` buffer
254 * bytes placed in the `output` buffer
268 /** \brief A function that performs a secure element MAC operation in one
271 * \param[in,out] drv_context The driver context structure.
272 * \param[in] p_input A buffer containing the message to be MACed
273 * \param[in] input_length The size in bytes of `input`
274 * \param[in] key_slot The slot of the key to be used
275 * \param[in] alg The algorithm to be used to underlie the MAC
277 * \param[in] p_mac The MAC value against which the resulting MAC will
279 * \param[in] mac_length The size in bytes of `mac`
312 /**The size in bytes of the hardware-specific secure element MAC context
331 /** Function that performs a MAC operation in one call
334 /** Function that performs a MAC and verify operation in one call
342 * Encryption and Decryption using secure element keys in block modes other
343 * than ECB must be done in multiple parts, using the following flow:
353 * to do so may result in allocated resources not being freed or in other
356 * In situations where a PSA Cryptographic API implementation is using a block
366 * \param[in,out] drv_context The driver context structure.
367 * \param[in,out] op_context A structure that will contain the
369 * \param[in] key_slot The slot of the key to be used for the
371 * \param[in] algorithm The algorithm to be used in the cipher
373 * \param[in] direction Indicates whether the operation is an encrypt
388 * Rationale: The `psa_se_cipher_*` operation in the PSA Cryptographic API has
393 * \param[in,out] op_context A structure that contains the previously set up
395 * \param[in] p_iv A buffer containing the initialization vector
396 * \param[in] iv_length The size (in bytes) of the `p_iv` buffer
407 * \param[in,out] op_context A hardware-specific structure for the
409 * \param[in] p_input A buffer containing the data to be
411 * \param[in] input_size The size in bytes of the buffer pointed to
415 * \param[in] output_size The allocated size in bytes of the
418 * of bytes placed in the `p_output` buffer
432 * \param[in,out] op_context A hardware-specific structure for the
436 * \param[in] output_size The allocated size in bytes of the `p_output`
439 * bytes placed in the `p_output` buffer
451 * \param[in,out] op_context A hardware-specific structure for the
462 * \param[in,out] drv_context The driver context structure.
463 * \param[in] key_slot The slot of the key to be used for the operation
464 * \param[in] algorithm The algorithm to be used in the cipher operation
465 * \param[in] direction Indicates whether the operation is an encrypt or
467 * \param[in] p_input A buffer containing the data to be
469 * \param[in] input_size The size in bytes of the buffer pointed to by
473 * \param[in] output_size The allocated size in bytes of the `p_output`
499 /** The size in bytes of the hardware-specific secure element cipher
526 * keys in a secure element must be done in single function calls.
531 * \brief A function that signs a hash or short message with a private key in
534 * \param[in,out] drv_context The driver context structure.
535 * \param[in] key_slot Key slot of an asymmetric key pair
536 * \param[in] alg A signature algorithm that is compatible
538 * \param[in] p_hash The hash to sign
539 * \param[in] hash_length Size of the `p_hash` buffer in bytes
541 * \param[in] signature_size Size of the `p_signature` buffer in bytes
558 * an asymmetric public key in a secure element
560 * \param[in,out] drv_context The driver context structure.
561 * \param[in] key_slot Key slot of a public key or an asymmetric key
563 * \param[in] alg A signature algorithm that is compatible with
565 * \param[in] p_hash The hash whose signature is to be verified
566 * \param[in] hash_length Size of the `p_hash` buffer in bytes
567 * \param[in] p_signature Buffer containing the signature to verify
568 * \param[in] signature_length Size of the `p_signature` buffer in bytes
583 * key in a secure element
585 * \param[in,out] drv_context The driver context structure.
586 * \param[in] key_slot Key slot of a public key or an asymmetric key
588 * \param[in] alg An asymmetric encryption algorithm that is
590 * \param[in] p_input The message to encrypt
591 * \param[in] input_length Size of the `p_input` buffer in bytes
592 * \param[in] p_salt A salt or label, if supported by the
601 * \param[in] salt_length Size of the `p_salt` buffer in bytes
605 * \param[in] output_size Size of the `p_output` buffer in bytes
624 * key in a secure element.
626 * \param[in,out] drv_context The driver context structure.
627 * \param[in] key_slot Key slot of an asymmetric key pair
628 * \param[in] alg An asymmetric encryption algorithm that is
630 * \param[in] p_input The message to decrypt
631 * \param[in] input_length Size of the `p_input` buffer in bytes
632 * \param[in] p_salt A salt or label, if supported by the
641 * \param[in] salt_length Size of the `p_salt` buffer in bytes
645 * \param[in] output_size Size of the `p_output` buffer in bytes
686 * elements must be done in one function call. While this creates a burden for
687 * implementers as there must be sufficient space in memory for the entire
696 * \param[in,out] drv_context The driver context structure.
697 * \param[in] key_slot Slot containing the key to use.
698 * \param[in] algorithm The AEAD algorithm to compute
701 * \param[in] p_nonce Nonce or IV to use
702 * \param[in] nonce_length Size of the `p_nonce` buffer in bytes
703 * \param[in] p_additional_data Additional data that will be
705 * \param[in] additional_data_length Size of `p_additional_data` in bytes
706 * \param[in] p_plaintext Data that will be authenticated and
708 * \param[in] plaintext_length Size of `p_plaintext` in bytes
716 * \param[in] ciphertext_size Size of the `p_ciphertext` buffer in
718 * \param[out] p_ciphertext_length On success, the size of the output in
739 * \param[in,out] drv_context The driver context structure.
740 * \param[in] key_slot Slot containing the key to use
741 * \param[in] algorithm The AEAD algorithm to compute
744 * \param[in] p_nonce Nonce or IV to use
745 * \param[in] nonce_length Size of the `p_nonce` buffer in bytes
746 * \param[in] p_additional_data Additional data that has been
748 * \param[in] additional_data_length Size of `p_additional_data` in bytes
749 * \param[in] p_ciphertext Data that has been authenticated and
756 * \param[in] ciphertext_length Size of `p_ciphertext` in bytes
758 * \param[in] plaintext_size Size of the `p_plaintext` buffer in
760 * \param[out] p_plaintext_length On success, the size of the output in
797 * Currently, key management is limited to importing keys in the clear,
798 * destroying keys, and exporting keys in the clear.
799 * Whether a key may be exported is determined by the key policies in place
824 * the given attributes are compatible with the existing key in the slot,
836 * To create a key in a specific slot in a secure element, the core
838 * then calls a function to create the key material in that slot.
839 * In nominal conditions (that is, if no error occurs),
840 * the effect of a call to a key creation function in the PSA Cryptography
841 * API with a lifetime that places the key in a secure element is the
844 * (or in some implementations
848 * -# The core calls a key creation function in the driver.
850 * The key creation functions in the PSA Cryptography API are:
864 * In case of errors, other behaviors are possible.
882 * \param[in,out] drv_context The driver context structure.
883 * \param[in,out] persistent_data A pointer to the persistent data
885 * \param[in] attributes Attributes of the key.
886 * \param method The way in which the key is being created.
894 * is stored and will update the persistent data in storage.
908 * To create a key in a specific slot in a secure element, the core
910 * then calls a function to create the key material in that slot.
915 * implementations offer the capability to create or declare a key in
925 * \param[in,out] drv_context The driver context structure.
926 * \param[in,out] persistent_data A pointer to the persistent data
928 * \param[in] attributes Attributes of the key.
929 * \param method The way in which the key is being created.
930 * \param[in] key_slot Slot where the key is to be stored.
951 /** \brief A function that imports a key into a secure element in binary format
956 * \param[in,out] drv_context The driver context structure.
960 * \param[in] attributes The key attributes, including the lifetime,
963 * in the attributes: it may not match the
964 * data passed in \p data.
970 * \param[in] data Buffer containing the key data.
971 * \param[in] data_length Size of the \p data buffer in bytes.
972 * \param[out] bits On success, the key size in bits. The driver
998 * \param[in,out] drv_context The driver context structure.
999 * \param[in,out] persistent_data A pointer to the persistent data
1012 * \brief A function that exports a secure element key in binary format
1022 * This function should generate output in the same format that
1026 * \param[in,out] drv_context The driver context structure.
1027 * \param[in] key Slot whose content is to be exported. This must
1030 * \param[in] data_size Size of the `p_data` buffer in bytes.
1052 * If the key type \c type recorded in \p attributes
1055 * in the format documented for psa_export_public_key() by writing it
1062 * Some implementations do not support this feature, in which case
1065 * \param[in,out] drv_context The driver context structure.
1069 * \param[in] attributes The key attributes, including the lifetime,
1082 * \param pubkey_size The size of the `pubkey` buffer in bytes.
1141 * placed in a slot on the hardware and not exposed to the caller.
1180 * \param[in,out] drv_context The driver context structure.
1181 * \param[in,out] op_context A hardware-specific structure containing any
1183 * \param[in] kdf_alg The algorithm to be used for the key derivation
1184 * \param[in] source_key The key to be used as the source material for
1201 * \param[in,out] op_context A hardware-specific structure containing any
1203 * \param[in] collateral_id An ID for the collateral being provided
1204 * \param[in] p_collateral A buffer containing the collateral data
1205 * \param[in] collateral_size The size in bytes of the collateral
1215 * step and place the generated key material in a slot
1217 * \param[in,out] op_context A hardware-specific structure containing any
1219 * \param[in] dest_key The slot where the generated key material
1228 * agreement and place the generated key material in a buffer
1230 * \param[out] p_output Buffer in which to place the generated key
1232 * \param[in] output_size The size in bytes of `p_output`
1234 * key material placed in `p_output`
1286 /** The size of the driver's persistent data in bytes.
1324 * application code. In implementations with separation between the
1326 * only be available to callers that run in the same memory space as
1328 * running in a different memory space.
1337 * library to the next one, if there is a key in storage with a certain
1349 * \param[in] methods The method table of the driver. This structure must