xref: /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_builtin_composites.h (revision b0563631928755fe864b97785160fb3088e9efdc) 
132b31808SJens Wiklander /*
232b31808SJens Wiklander  *  Context structure declaration of the Mbed TLS software-based PSA drivers
332b31808SJens Wiklander  *  called through the PSA Crypto driver dispatch layer.
432b31808SJens Wiklander  *  This file contains the context structures of those algorithms which need to
532b31808SJens Wiklander  *  rely on other algorithms, i.e. are 'composite' algorithms.
632b31808SJens Wiklander  *
732b31808SJens Wiklander  * \note This file may not be included directly. Applications must
832b31808SJens Wiklander  * include psa/crypto.h.
932b31808SJens Wiklander  *
10*b0563631STom Van Eyck  * \note This header and its content are not part of the Mbed TLS API and
1132b31808SJens Wiklander  * applications must not depend on it. Its main purpose is to define the
1232b31808SJens Wiklander  * multi-part state objects of the Mbed TLS software-based PSA drivers. The
13*b0563631STom Van Eyck  * definitions of these objects are then used by crypto_struct.h to define the
1432b31808SJens Wiklander  * implementation-defined types of PSA multi-part state objects.
1532b31808SJens Wiklander  */
1632b31808SJens Wiklander /*
1732b31808SJens Wiklander  *  Copyright The Mbed TLS Contributors
18*b0563631STom Van Eyck  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
1932b31808SJens Wiklander  */
2032b31808SJens Wiklander 
2132b31808SJens Wiklander #ifndef PSA_CRYPTO_BUILTIN_COMPOSITES_H
2232b31808SJens Wiklander #define PSA_CRYPTO_BUILTIN_COMPOSITES_H
2332b31808SJens Wiklander #include "mbedtls/private_access.h"
2432b31808SJens Wiklander 
2532b31808SJens Wiklander #include <psa/crypto_driver_common.h>
2632b31808SJens Wiklander 
27*b0563631STom Van Eyck #include "mbedtls/cmac.h"
28*b0563631STom Van Eyck #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
29*b0563631STom Van Eyck #include "mbedtls/gcm.h"
30*b0563631STom Van Eyck #endif
31*b0563631STom Van Eyck #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
32*b0563631STom Van Eyck #include "mbedtls/ccm.h"
33*b0563631STom Van Eyck #endif
34*b0563631STom Van Eyck #include "mbedtls/chachapoly.h"
35*b0563631STom Van Eyck 
3632b31808SJens Wiklander /*
3732b31808SJens Wiklander  * MAC multi-part operation definitions.
3832b31808SJens Wiklander  */
3932b31808SJens Wiklander #if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \
4032b31808SJens Wiklander     defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
4132b31808SJens Wiklander #define MBEDTLS_PSA_BUILTIN_MAC
4232b31808SJens Wiklander #endif
4332b31808SJens Wiklander 
4432b31808SJens Wiklander #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
4532b31808SJens Wiklander typedef struct {
4632b31808SJens Wiklander     /** The HMAC algorithm in use */
4732b31808SJens Wiklander     psa_algorithm_t MBEDTLS_PRIVATE(alg);
4832b31808SJens Wiklander     /** The hash context. */
4932b31808SJens Wiklander     struct psa_hash_operation_s hash_ctx;
5032b31808SJens Wiklander     /** The HMAC part of the context. */
5132b31808SJens Wiklander     uint8_t MBEDTLS_PRIVATE(opad)[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
5232b31808SJens Wiklander } mbedtls_psa_hmac_operation_t;
5332b31808SJens Wiklander 
5432b31808SJens Wiklander #define MBEDTLS_PSA_HMAC_OPERATION_INIT { 0, PSA_HASH_OPERATION_INIT, { 0 } }
5532b31808SJens Wiklander #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
5632b31808SJens Wiklander 
5732b31808SJens Wiklander typedef struct {
5832b31808SJens Wiklander     psa_algorithm_t MBEDTLS_PRIVATE(alg);
5932b31808SJens Wiklander     union {
6032b31808SJens Wiklander         unsigned MBEDTLS_PRIVATE(dummy); /* Make the union non-empty even with no supported algorithms. */
6132b31808SJens Wiklander #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
6232b31808SJens Wiklander         mbedtls_psa_hmac_operation_t MBEDTLS_PRIVATE(hmac);
6332b31808SJens Wiklander #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
6432b31808SJens Wiklander #if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
6532b31808SJens Wiklander         mbedtls_cipher_context_t MBEDTLS_PRIVATE(cmac);
6632b31808SJens Wiklander #endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
6732b31808SJens Wiklander     } MBEDTLS_PRIVATE(ctx);
6832b31808SJens Wiklander } mbedtls_psa_mac_operation_t;
6932b31808SJens Wiklander 
7032b31808SJens Wiklander #define MBEDTLS_PSA_MAC_OPERATION_INIT { 0, { 0 } }
7132b31808SJens Wiklander 
7232b31808SJens Wiklander #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) || \
7332b31808SJens Wiklander     defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) || \
7432b31808SJens Wiklander     defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
7532b31808SJens Wiklander #define MBEDTLS_PSA_BUILTIN_AEAD  1
7632b31808SJens Wiklander #endif
7732b31808SJens Wiklander 
7832b31808SJens Wiklander /* Context structure for the Mbed TLS AEAD implementation. */
7932b31808SJens Wiklander typedef struct {
8032b31808SJens Wiklander     psa_algorithm_t MBEDTLS_PRIVATE(alg);
8132b31808SJens Wiklander     psa_key_type_t MBEDTLS_PRIVATE(key_type);
8232b31808SJens Wiklander 
8332b31808SJens Wiklander     unsigned int MBEDTLS_PRIVATE(is_encrypt) : 1;
8432b31808SJens Wiklander 
8532b31808SJens Wiklander     uint8_t MBEDTLS_PRIVATE(tag_length);
8632b31808SJens Wiklander 
8732b31808SJens Wiklander     union {
8832b31808SJens Wiklander         unsigned dummy; /* Enable easier initializing of the union. */
8932b31808SJens Wiklander #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
9032b31808SJens Wiklander         mbedtls_ccm_context MBEDTLS_PRIVATE(ccm);
9132b31808SJens Wiklander #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
9232b31808SJens Wiklander #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
9332b31808SJens Wiklander         mbedtls_gcm_context MBEDTLS_PRIVATE(gcm);
9432b31808SJens Wiklander #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
9532b31808SJens Wiklander #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
9632b31808SJens Wiklander         mbedtls_chachapoly_context MBEDTLS_PRIVATE(chachapoly);
9732b31808SJens Wiklander #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
9832b31808SJens Wiklander 
9932b31808SJens Wiklander     } ctx;
10032b31808SJens Wiklander 
10132b31808SJens Wiklander } mbedtls_psa_aead_operation_t;
10232b31808SJens Wiklander 
10332b31808SJens Wiklander #define MBEDTLS_PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, { 0 } }
10432b31808SJens Wiklander 
10532b31808SJens Wiklander #include "mbedtls/ecdsa.h"
10632b31808SJens Wiklander 
10732b31808SJens Wiklander /* Context structure for the Mbed TLS interruptible sign hash implementation. */
10832b31808SJens Wiklander typedef struct {
10932b31808SJens Wiklander #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
11032b31808SJens Wiklander     defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \
11132b31808SJens Wiklander     defined(MBEDTLS_ECP_RESTARTABLE)
11232b31808SJens Wiklander     mbedtls_ecdsa_context *MBEDTLS_PRIVATE(ctx);
11332b31808SJens Wiklander     mbedtls_ecdsa_restart_ctx MBEDTLS_PRIVATE(restart_ctx);
11432b31808SJens Wiklander 
11532b31808SJens Wiklander     uint32_t MBEDTLS_PRIVATE(num_ops);
11632b31808SJens Wiklander 
11732b31808SJens Wiklander     size_t MBEDTLS_PRIVATE(coordinate_bytes);
11832b31808SJens Wiklander     psa_algorithm_t MBEDTLS_PRIVATE(alg);
11932b31808SJens Wiklander     mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg);
12032b31808SJens Wiklander     uint8_t MBEDTLS_PRIVATE(hash)[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
12132b31808SJens Wiklander     size_t MBEDTLS_PRIVATE(hash_length);
12232b31808SJens Wiklander 
12332b31808SJens Wiklander #else
12432b31808SJens Wiklander     /* Make the struct non-empty if algs not supported. */
12532b31808SJens Wiklander     unsigned MBEDTLS_PRIVATE(dummy);
12632b31808SJens Wiklander 
12732b31808SJens Wiklander #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
12832b31808SJens Wiklander         * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) &&
12932b31808SJens Wiklander         * defined( MBEDTLS_ECP_RESTARTABLE ) */
13032b31808SJens Wiklander } mbedtls_psa_sign_hash_interruptible_operation_t;
13132b31808SJens Wiklander 
13232b31808SJens Wiklander #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
13332b31808SJens Wiklander     defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \
13432b31808SJens Wiklander     defined(MBEDTLS_ECP_RESTARTABLE)
13532b31808SJens Wiklander #define MBEDTLS_PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { { 0 }, { 0 }, 0, 0, 0, 0, 0, 0 }
13632b31808SJens Wiklander #else
13732b31808SJens Wiklander #define MBEDTLS_PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 }
13832b31808SJens Wiklander #endif
13932b31808SJens Wiklander 
14032b31808SJens Wiklander /* Context structure for the Mbed TLS interruptible verify hash
14132b31808SJens Wiklander  * implementation.*/
14232b31808SJens Wiklander typedef struct {
14332b31808SJens Wiklander #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
14432b31808SJens Wiklander     defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \
14532b31808SJens Wiklander     defined(MBEDTLS_ECP_RESTARTABLE)
14632b31808SJens Wiklander 
14732b31808SJens Wiklander     mbedtls_ecdsa_context *MBEDTLS_PRIVATE(ctx);
14832b31808SJens Wiklander     mbedtls_ecdsa_restart_ctx MBEDTLS_PRIVATE(restart_ctx);
14932b31808SJens Wiklander 
15032b31808SJens Wiklander     uint32_t MBEDTLS_PRIVATE(num_ops);
15132b31808SJens Wiklander 
15232b31808SJens Wiklander     uint8_t MBEDTLS_PRIVATE(hash)[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
15332b31808SJens Wiklander     size_t MBEDTLS_PRIVATE(hash_length);
15432b31808SJens Wiklander 
15532b31808SJens Wiklander     mbedtls_mpi MBEDTLS_PRIVATE(r);
15632b31808SJens Wiklander     mbedtls_mpi MBEDTLS_PRIVATE(s);
15732b31808SJens Wiklander 
15832b31808SJens Wiklander #else
15932b31808SJens Wiklander     /* Make the struct non-empty if algs not supported. */
16032b31808SJens Wiklander     unsigned MBEDTLS_PRIVATE(dummy);
16132b31808SJens Wiklander 
16232b31808SJens Wiklander #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
16332b31808SJens Wiklander         * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) &&
16432b31808SJens Wiklander         * defined( MBEDTLS_ECP_RESTARTABLE ) */
16532b31808SJens Wiklander 
16632b31808SJens Wiklander } mbedtls_psa_verify_hash_interruptible_operation_t;
16732b31808SJens Wiklander 
16832b31808SJens Wiklander #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
16932b31808SJens Wiklander     defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \
17032b31808SJens Wiklander     defined(MBEDTLS_ECP_RESTARTABLE)
17132b31808SJens Wiklander #define MBEDTLS_VERIFY_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { { 0 }, { 0 }, 0, 0, 0, 0, { 0 }, \
17232b31808SJens Wiklander         { 0 } }
17332b31808SJens Wiklander #else
17432b31808SJens Wiklander #define MBEDTLS_VERIFY_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 }
17532b31808SJens Wiklander #endif
17632b31808SJens Wiklander 
17732b31808SJens Wiklander 
17832b31808SJens Wiklander /* EC-JPAKE operation definitions */
17932b31808SJens Wiklander 
18032b31808SJens Wiklander #include "mbedtls/ecjpake.h"
18132b31808SJens Wiklander 
18232b31808SJens Wiklander #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
18332b31808SJens Wiklander #define MBEDTLS_PSA_BUILTIN_PAKE  1
18432b31808SJens Wiklander #endif
18532b31808SJens Wiklander 
18632b31808SJens Wiklander /* Note: the format for mbedtls_ecjpake_read/write function has an extra
18732b31808SJens Wiklander  * length byte for each step, plus an extra 3 bytes for ECParameters in the
18832b31808SJens Wiklander  * server's 2nd round. */
18932b31808SJens Wiklander #define MBEDTLS_PSA_JPAKE_BUFFER_SIZE ((3 + 1 + 65 + 1 + 65 + 1 + 32) * 2)
19032b31808SJens Wiklander 
19132b31808SJens Wiklander typedef struct {
19232b31808SJens Wiklander     psa_algorithm_t MBEDTLS_PRIVATE(alg);
19332b31808SJens Wiklander 
19432b31808SJens Wiklander     uint8_t *MBEDTLS_PRIVATE(password);
19532b31808SJens Wiklander     size_t MBEDTLS_PRIVATE(password_len);
19632b31808SJens Wiklander #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
197*b0563631STom Van Eyck     mbedtls_ecjpake_role MBEDTLS_PRIVATE(role);
19832b31808SJens Wiklander     uint8_t MBEDTLS_PRIVATE(buffer[MBEDTLS_PSA_JPAKE_BUFFER_SIZE]);
19932b31808SJens Wiklander     size_t MBEDTLS_PRIVATE(buffer_length);
20032b31808SJens Wiklander     size_t MBEDTLS_PRIVATE(buffer_offset);
20132b31808SJens Wiklander #endif
20232b31808SJens Wiklander     /* Context structure for the Mbed TLS EC-JPAKE implementation. */
20332b31808SJens Wiklander     union {
20432b31808SJens Wiklander         unsigned int MBEDTLS_PRIVATE(dummy);
20532b31808SJens Wiklander #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
20632b31808SJens Wiklander         mbedtls_ecjpake_context MBEDTLS_PRIVATE(jpake);
20732b31808SJens Wiklander #endif
20832b31808SJens Wiklander     } MBEDTLS_PRIVATE(ctx);
20932b31808SJens Wiklander 
21032b31808SJens Wiklander } mbedtls_psa_pake_operation_t;
21132b31808SJens Wiklander 
21232b31808SJens Wiklander #define MBEDTLS_PSA_PAKE_OPERATION_INIT { { 0 } }
21332b31808SJens Wiklander 
21432b31808SJens Wiklander #endif /* PSA_CRYPTO_BUILTIN_COMPOSITES_H */
215