1*32b31808SJens Wiklander /** 2*32b31808SJens Wiklander * \file psa/crypto_struct.h 3*32b31808SJens Wiklander * 4*32b31808SJens Wiklander * \brief PSA cryptography module: Mbed TLS structured type implementations 5*32b31808SJens Wiklander * 6*32b31808SJens Wiklander * \note This file may not be included directly. Applications must 7*32b31808SJens Wiklander * include psa/crypto.h. 8*32b31808SJens Wiklander * 9*32b31808SJens Wiklander * This file contains the definitions of some data structures with 10*32b31808SJens Wiklander * implementation-specific definitions. 11*32b31808SJens Wiklander * 12*32b31808SJens Wiklander * In implementations with isolation between the application and the 13*32b31808SJens Wiklander * cryptography module, it is expected that the front-end and the back-end 14*32b31808SJens Wiklander * would have different versions of this file. 15*32b31808SJens Wiklander * 16*32b31808SJens Wiklander * <h3>Design notes about multipart operation structures</h3> 17*32b31808SJens Wiklander * 18*32b31808SJens Wiklander * For multipart operations without driver delegation support, each multipart 19*32b31808SJens Wiklander * operation structure contains a `psa_algorithm_t alg` field which indicates 20*32b31808SJens Wiklander * which specific algorithm the structure is for. When the structure is not in 21*32b31808SJens Wiklander * use, `alg` is 0. Most of the structure consists of a union which is 22*32b31808SJens Wiklander * discriminated by `alg`. 23*32b31808SJens Wiklander * 24*32b31808SJens Wiklander * For multipart operations with driver delegation support, each multipart 25*32b31808SJens Wiklander * operation structure contains an `unsigned int id` field indicating which 26*32b31808SJens Wiklander * driver got assigned to do the operation. When the structure is not in use, 27*32b31808SJens Wiklander * 'id' is 0. The structure contains also a driver context which is the union 28*32b31808SJens Wiklander * of the contexts of all drivers able to handle the type of multipart 29*32b31808SJens Wiklander * operation. 30*32b31808SJens Wiklander * 31*32b31808SJens Wiklander * Note that when `alg` or `id` is 0, the content of other fields is undefined. 32*32b31808SJens Wiklander * In particular, it is not guaranteed that a freshly-initialized structure 33*32b31808SJens Wiklander * is all-zero: we initialize structures to something like `{0, 0}`, which 34*32b31808SJens Wiklander * is only guaranteed to initializes the first member of the union; 35*32b31808SJens Wiklander * GCC and Clang initialize the whole structure to 0 (at the time of writing), 36*32b31808SJens Wiklander * but MSVC and CompCert don't. 37*32b31808SJens Wiklander * 38*32b31808SJens Wiklander * In Mbed Crypto, multipart operation structures live independently from 39*32b31808SJens Wiklander * the key. This allows Mbed Crypto to free the key objects when destroying 40*32b31808SJens Wiklander * a key slot. If a multipart operation needs to remember the key after 41*32b31808SJens Wiklander * the setup function returns, the operation structure needs to contain a 42*32b31808SJens Wiklander * copy of the key. 43*32b31808SJens Wiklander */ 44*32b31808SJens Wiklander /* 45*32b31808SJens Wiklander * Copyright The Mbed TLS Contributors 46*32b31808SJens Wiklander * SPDX-License-Identifier: Apache-2.0 47*32b31808SJens Wiklander * 48*32b31808SJens Wiklander * Licensed under the Apache License, Version 2.0 (the "License"); you may 49*32b31808SJens Wiklander * not use this file except in compliance with the License. 50*32b31808SJens Wiklander * You may obtain a copy of the License at 51*32b31808SJens Wiklander * 52*32b31808SJens Wiklander * http://www.apache.org/licenses/LICENSE-2.0 53*32b31808SJens Wiklander * 54*32b31808SJens Wiklander * Unless required by applicable law or agreed to in writing, software 55*32b31808SJens Wiklander * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 56*32b31808SJens Wiklander * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 57*32b31808SJens Wiklander * See the License for the specific language governing permissions and 58*32b31808SJens Wiklander * limitations under the License. 59*32b31808SJens Wiklander */ 60*32b31808SJens Wiklander 61*32b31808SJens Wiklander #ifndef PSA_CRYPTO_STRUCT_H 62*32b31808SJens Wiklander #define PSA_CRYPTO_STRUCT_H 63*32b31808SJens Wiklander #include "mbedtls/private_access.h" 64*32b31808SJens Wiklander 65*32b31808SJens Wiklander #ifdef __cplusplus 66*32b31808SJens Wiklander extern "C" { 67*32b31808SJens Wiklander #endif 68*32b31808SJens Wiklander 69*32b31808SJens Wiklander /* Include the Mbed TLS configuration file, the way Mbed TLS does it 70*32b31808SJens Wiklander * in each of its header files. */ 71*32b31808SJens Wiklander #include "mbedtls/build_info.h" 72*32b31808SJens Wiklander 73*32b31808SJens Wiklander #include "mbedtls/cmac.h" 74*32b31808SJens Wiklander #include "mbedtls/gcm.h" 75*32b31808SJens Wiklander #include "mbedtls/ccm.h" 76*32b31808SJens Wiklander #include "mbedtls/chachapoly.h" 77*32b31808SJens Wiklander 78*32b31808SJens Wiklander /* Include the context definition for the compiled-in drivers for the primitive 79*32b31808SJens Wiklander * algorithms. */ 80*32b31808SJens Wiklander #include "psa/crypto_driver_contexts_primitives.h" 81*32b31808SJens Wiklander 82*32b31808SJens Wiklander struct psa_hash_operation_s { 83*32b31808SJens Wiklander /** Unique ID indicating which driver got assigned to do the 84*32b31808SJens Wiklander * operation. Since driver contexts are driver-specific, swapping 85*32b31808SJens Wiklander * drivers halfway through the operation is not supported. 86*32b31808SJens Wiklander * ID values are auto-generated in psa_driver_wrappers.h. 87*32b31808SJens Wiklander * ID value zero means the context is not valid or not assigned to 88*32b31808SJens Wiklander * any driver (i.e. the driver context is not active, in use). */ 89*32b31808SJens Wiklander unsigned int MBEDTLS_PRIVATE(id); 90*32b31808SJens Wiklander psa_driver_hash_context_t MBEDTLS_PRIVATE(ctx); 91*32b31808SJens Wiklander }; 92*32b31808SJens Wiklander 93*32b31808SJens Wiklander #define PSA_HASH_OPERATION_INIT { 0, { 0 } } 94*32b31808SJens Wiklander static inline struct psa_hash_operation_s psa_hash_operation_init(void) 95*32b31808SJens Wiklander { 96*32b31808SJens Wiklander const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT; 97*32b31808SJens Wiklander return v; 98*32b31808SJens Wiklander } 99*32b31808SJens Wiklander 100*32b31808SJens Wiklander struct psa_cipher_operation_s { 101*32b31808SJens Wiklander /** Unique ID indicating which driver got assigned to do the 102*32b31808SJens Wiklander * operation. Since driver contexts are driver-specific, swapping 103*32b31808SJens Wiklander * drivers halfway through the operation is not supported. 104*32b31808SJens Wiklander * ID values are auto-generated in psa_crypto_driver_wrappers.h 105*32b31808SJens Wiklander * ID value zero means the context is not valid or not assigned to 106*32b31808SJens Wiklander * any driver (i.e. none of the driver contexts are active). */ 107*32b31808SJens Wiklander unsigned int MBEDTLS_PRIVATE(id); 108*32b31808SJens Wiklander 109*32b31808SJens Wiklander unsigned int MBEDTLS_PRIVATE(iv_required) : 1; 110*32b31808SJens Wiklander unsigned int MBEDTLS_PRIVATE(iv_set) : 1; 111*32b31808SJens Wiklander 112*32b31808SJens Wiklander uint8_t MBEDTLS_PRIVATE(default_iv_length); 113*32b31808SJens Wiklander 114*32b31808SJens Wiklander psa_driver_cipher_context_t MBEDTLS_PRIVATE(ctx); 115*32b31808SJens Wiklander }; 116*32b31808SJens Wiklander 117*32b31808SJens Wiklander #define PSA_CIPHER_OPERATION_INIT { 0, 0, 0, 0, { 0 } } 118*32b31808SJens Wiklander static inline struct psa_cipher_operation_s psa_cipher_operation_init(void) 119*32b31808SJens Wiklander { 120*32b31808SJens Wiklander const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT; 121*32b31808SJens Wiklander return v; 122*32b31808SJens Wiklander } 123*32b31808SJens Wiklander 124*32b31808SJens Wiklander /* Include the context definition for the compiled-in drivers for the composite 125*32b31808SJens Wiklander * algorithms. */ 126*32b31808SJens Wiklander #include "psa/crypto_driver_contexts_composites.h" 127*32b31808SJens Wiklander 128*32b31808SJens Wiklander struct psa_mac_operation_s { 129*32b31808SJens Wiklander /** Unique ID indicating which driver got assigned to do the 130*32b31808SJens Wiklander * operation. Since driver contexts are driver-specific, swapping 131*32b31808SJens Wiklander * drivers halfway through the operation is not supported. 132*32b31808SJens Wiklander * ID values are auto-generated in psa_driver_wrappers.h 133*32b31808SJens Wiklander * ID value zero means the context is not valid or not assigned to 134*32b31808SJens Wiklander * any driver (i.e. none of the driver contexts are active). */ 135*32b31808SJens Wiklander unsigned int MBEDTLS_PRIVATE(id); 136*32b31808SJens Wiklander uint8_t MBEDTLS_PRIVATE(mac_size); 137*32b31808SJens Wiklander unsigned int MBEDTLS_PRIVATE(is_sign) : 1; 138*32b31808SJens Wiklander psa_driver_mac_context_t MBEDTLS_PRIVATE(ctx); 139*32b31808SJens Wiklander }; 140*32b31808SJens Wiklander 141*32b31808SJens Wiklander #define PSA_MAC_OPERATION_INIT { 0, 0, 0, { 0 } } 142*32b31808SJens Wiklander static inline struct psa_mac_operation_s psa_mac_operation_init(void) 143*32b31808SJens Wiklander { 144*32b31808SJens Wiklander const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT; 145*32b31808SJens Wiklander return v; 146*32b31808SJens Wiklander } 147*32b31808SJens Wiklander 148*32b31808SJens Wiklander struct psa_aead_operation_s { 149*32b31808SJens Wiklander 150*32b31808SJens Wiklander /** Unique ID indicating which driver got assigned to do the 151*32b31808SJens Wiklander * operation. Since driver contexts are driver-specific, swapping 152*32b31808SJens Wiklander * drivers halfway through the operation is not supported. 153*32b31808SJens Wiklander * ID values are auto-generated in psa_crypto_driver_wrappers.h 154*32b31808SJens Wiklander * ID value zero means the context is not valid or not assigned to 155*32b31808SJens Wiklander * any driver (i.e. none of the driver contexts are active). */ 156*32b31808SJens Wiklander unsigned int MBEDTLS_PRIVATE(id); 157*32b31808SJens Wiklander 158*32b31808SJens Wiklander psa_algorithm_t MBEDTLS_PRIVATE(alg); 159*32b31808SJens Wiklander psa_key_type_t MBEDTLS_PRIVATE(key_type); 160*32b31808SJens Wiklander 161*32b31808SJens Wiklander size_t MBEDTLS_PRIVATE(ad_remaining); 162*32b31808SJens Wiklander size_t MBEDTLS_PRIVATE(body_remaining); 163*32b31808SJens Wiklander 164*32b31808SJens Wiklander unsigned int MBEDTLS_PRIVATE(nonce_set) : 1; 165*32b31808SJens Wiklander unsigned int MBEDTLS_PRIVATE(lengths_set) : 1; 166*32b31808SJens Wiklander unsigned int MBEDTLS_PRIVATE(ad_started) : 1; 167*32b31808SJens Wiklander unsigned int MBEDTLS_PRIVATE(body_started) : 1; 168*32b31808SJens Wiklander unsigned int MBEDTLS_PRIVATE(is_encrypt) : 1; 169*32b31808SJens Wiklander 170*32b31808SJens Wiklander psa_driver_aead_context_t MBEDTLS_PRIVATE(ctx); 171*32b31808SJens Wiklander }; 172*32b31808SJens Wiklander 173*32b31808SJens Wiklander #define PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, { 0 } } 174*32b31808SJens Wiklander static inline struct psa_aead_operation_s psa_aead_operation_init(void) 175*32b31808SJens Wiklander { 176*32b31808SJens Wiklander const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT; 177*32b31808SJens Wiklander return v; 178*32b31808SJens Wiklander } 179*32b31808SJens Wiklander 180*32b31808SJens Wiklander #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ 181*32b31808SJens Wiklander defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ 182*32b31808SJens Wiklander defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) 183*32b31808SJens Wiklander typedef struct { 184*32b31808SJens Wiklander uint8_t *MBEDTLS_PRIVATE(info); 185*32b31808SJens Wiklander size_t MBEDTLS_PRIVATE(info_length); 186*32b31808SJens Wiklander #if PSA_HASH_MAX_SIZE > 0xff 187*32b31808SJens Wiklander #error "PSA_HASH_MAX_SIZE does not fit in uint8_t" 188*32b31808SJens Wiklander #endif 189*32b31808SJens Wiklander uint8_t MBEDTLS_PRIVATE(offset_in_block); 190*32b31808SJens Wiklander uint8_t MBEDTLS_PRIVATE(block_number); 191*32b31808SJens Wiklander unsigned int MBEDTLS_PRIVATE(state) : 2; 192*32b31808SJens Wiklander unsigned int MBEDTLS_PRIVATE(info_set) : 1; 193*32b31808SJens Wiklander uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE]; 194*32b31808SJens Wiklander uint8_t MBEDTLS_PRIVATE(prk)[PSA_HASH_MAX_SIZE]; 195*32b31808SJens Wiklander struct psa_mac_operation_s MBEDTLS_PRIVATE(hmac); 196*32b31808SJens Wiklander } psa_hkdf_key_derivation_t; 197*32b31808SJens Wiklander #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF || 198*32b31808SJens Wiklander MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT || 199*32b31808SJens Wiklander MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */ 200*32b31808SJens Wiklander #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) 201*32b31808SJens Wiklander typedef struct { 202*32b31808SJens Wiklander uint8_t MBEDTLS_PRIVATE(data)[PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE]; 203*32b31808SJens Wiklander } psa_tls12_ecjpake_to_pms_t; 204*32b31808SJens Wiklander #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ 205*32b31808SJens Wiklander 206*32b31808SJens Wiklander #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ 207*32b31808SJens Wiklander defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) 208*32b31808SJens Wiklander typedef enum { 209*32b31808SJens Wiklander PSA_TLS12_PRF_STATE_INIT, /* no input provided */ 210*32b31808SJens Wiklander PSA_TLS12_PRF_STATE_SEED_SET, /* seed has been set */ 211*32b31808SJens Wiklander PSA_TLS12_PRF_STATE_OTHER_KEY_SET, /* other key has been set - optional */ 212*32b31808SJens Wiklander PSA_TLS12_PRF_STATE_KEY_SET, /* key has been set */ 213*32b31808SJens Wiklander PSA_TLS12_PRF_STATE_LABEL_SET, /* label has been set */ 214*32b31808SJens Wiklander PSA_TLS12_PRF_STATE_OUTPUT /* output has been started */ 215*32b31808SJens Wiklander } psa_tls12_prf_key_derivation_state_t; 216*32b31808SJens Wiklander 217*32b31808SJens Wiklander typedef struct psa_tls12_prf_key_derivation_s { 218*32b31808SJens Wiklander #if PSA_HASH_MAX_SIZE > 0xff 219*32b31808SJens Wiklander #error "PSA_HASH_MAX_SIZE does not fit in uint8_t" 220*32b31808SJens Wiklander #endif 221*32b31808SJens Wiklander 222*32b31808SJens Wiklander /* Indicates how many bytes in the current HMAC block have 223*32b31808SJens Wiklander * not yet been read by the user. */ 224*32b31808SJens Wiklander uint8_t MBEDTLS_PRIVATE(left_in_block); 225*32b31808SJens Wiklander 226*32b31808SJens Wiklander /* The 1-based number of the block. */ 227*32b31808SJens Wiklander uint8_t MBEDTLS_PRIVATE(block_number); 228*32b31808SJens Wiklander 229*32b31808SJens Wiklander psa_tls12_prf_key_derivation_state_t MBEDTLS_PRIVATE(state); 230*32b31808SJens Wiklander 231*32b31808SJens Wiklander uint8_t *MBEDTLS_PRIVATE(secret); 232*32b31808SJens Wiklander size_t MBEDTLS_PRIVATE(secret_length); 233*32b31808SJens Wiklander uint8_t *MBEDTLS_PRIVATE(seed); 234*32b31808SJens Wiklander size_t MBEDTLS_PRIVATE(seed_length); 235*32b31808SJens Wiklander uint8_t *MBEDTLS_PRIVATE(label); 236*32b31808SJens Wiklander size_t MBEDTLS_PRIVATE(label_length); 237*32b31808SJens Wiklander #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) 238*32b31808SJens Wiklander uint8_t *MBEDTLS_PRIVATE(other_secret); 239*32b31808SJens Wiklander size_t MBEDTLS_PRIVATE(other_secret_length); 240*32b31808SJens Wiklander #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ 241*32b31808SJens Wiklander 242*32b31808SJens Wiklander uint8_t MBEDTLS_PRIVATE(Ai)[PSA_HASH_MAX_SIZE]; 243*32b31808SJens Wiklander 244*32b31808SJens Wiklander /* `HMAC_hash( prk, A( i ) + seed )` in the notation of RFC 5246, Sect. 5. */ 245*32b31808SJens Wiklander uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE]; 246*32b31808SJens Wiklander } psa_tls12_prf_key_derivation_t; 247*32b31808SJens Wiklander #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || 248*32b31808SJens Wiklander * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ 249*32b31808SJens Wiklander 250*32b31808SJens Wiklander struct psa_key_derivation_s { 251*32b31808SJens Wiklander psa_algorithm_t MBEDTLS_PRIVATE(alg); 252*32b31808SJens Wiklander unsigned int MBEDTLS_PRIVATE(can_output_key) : 1; 253*32b31808SJens Wiklander size_t MBEDTLS_PRIVATE(capacity); 254*32b31808SJens Wiklander union { 255*32b31808SJens Wiklander /* Make the union non-empty even with no supported algorithms. */ 256*32b31808SJens Wiklander uint8_t MBEDTLS_PRIVATE(dummy); 257*32b31808SJens Wiklander #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ 258*32b31808SJens Wiklander defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ 259*32b31808SJens Wiklander defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) 260*32b31808SJens Wiklander psa_hkdf_key_derivation_t MBEDTLS_PRIVATE(hkdf); 261*32b31808SJens Wiklander #endif 262*32b31808SJens Wiklander #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ 263*32b31808SJens Wiklander defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) 264*32b31808SJens Wiklander psa_tls12_prf_key_derivation_t MBEDTLS_PRIVATE(tls12_prf); 265*32b31808SJens Wiklander #endif 266*32b31808SJens Wiklander #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) 267*32b31808SJens Wiklander psa_tls12_ecjpake_to_pms_t MBEDTLS_PRIVATE(tls12_ecjpake_to_pms); 268*32b31808SJens Wiklander #endif 269*32b31808SJens Wiklander } MBEDTLS_PRIVATE(ctx); 270*32b31808SJens Wiklander }; 271*32b31808SJens Wiklander 272*32b31808SJens Wiklander /* This only zeroes out the first byte in the union, the rest is unspecified. */ 273*32b31808SJens Wiklander #define PSA_KEY_DERIVATION_OPERATION_INIT { 0, 0, 0, { 0 } } 274*32b31808SJens Wiklander static inline struct psa_key_derivation_s psa_key_derivation_operation_init( 275*32b31808SJens Wiklander void) 276*32b31808SJens Wiklander { 277*32b31808SJens Wiklander const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT; 278*32b31808SJens Wiklander return v; 279*32b31808SJens Wiklander } 280*32b31808SJens Wiklander 281*32b31808SJens Wiklander struct psa_key_policy_s { 282*32b31808SJens Wiklander psa_key_usage_t MBEDTLS_PRIVATE(usage); 283*32b31808SJens Wiklander psa_algorithm_t MBEDTLS_PRIVATE(alg); 284*32b31808SJens Wiklander psa_algorithm_t MBEDTLS_PRIVATE(alg2); 285*32b31808SJens Wiklander }; 286*32b31808SJens Wiklander typedef struct psa_key_policy_s psa_key_policy_t; 287*32b31808SJens Wiklander 288*32b31808SJens Wiklander #define PSA_KEY_POLICY_INIT { 0, 0, 0 } 289*32b31808SJens Wiklander static inline struct psa_key_policy_s psa_key_policy_init(void) 290*32b31808SJens Wiklander { 291*32b31808SJens Wiklander const struct psa_key_policy_s v = PSA_KEY_POLICY_INIT; 292*32b31808SJens Wiklander return v; 293*32b31808SJens Wiklander } 294*32b31808SJens Wiklander 295*32b31808SJens Wiklander /* The type used internally for key sizes. 296*32b31808SJens Wiklander * Public interfaces use size_t, but internally we use a smaller type. */ 297*32b31808SJens Wiklander typedef uint16_t psa_key_bits_t; 298*32b31808SJens Wiklander /* The maximum value of the type used to represent bit-sizes. 299*32b31808SJens Wiklander * This is used to mark an invalid key size. */ 300*32b31808SJens Wiklander #define PSA_KEY_BITS_TOO_LARGE ((psa_key_bits_t) -1) 301*32b31808SJens Wiklander /* The maximum size of a key in bits. 302*32b31808SJens Wiklander * Currently defined as the maximum that can be represented, rounded down 303*32b31808SJens Wiklander * to a whole number of bytes. 304*32b31808SJens Wiklander * This is an uncast value so that it can be used in preprocessor 305*32b31808SJens Wiklander * conditionals. */ 306*32b31808SJens Wiklander #define PSA_MAX_KEY_BITS 0xfff8 307*32b31808SJens Wiklander 308*32b31808SJens Wiklander /** A mask of flags that can be stored in key attributes. 309*32b31808SJens Wiklander * 310*32b31808SJens Wiklander * This type is also used internally to store flags in slots. Internal 311*32b31808SJens Wiklander * flags are defined in library/psa_crypto_core.h. Internal flags may have 312*32b31808SJens Wiklander * the same value as external flags if they are properly handled during 313*32b31808SJens Wiklander * key creation and in psa_get_key_attributes. 314*32b31808SJens Wiklander */ 315*32b31808SJens Wiklander typedef uint16_t psa_key_attributes_flag_t; 316*32b31808SJens Wiklander 317*32b31808SJens Wiklander #define MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER \ 318*32b31808SJens Wiklander ((psa_key_attributes_flag_t) 0x0001) 319*32b31808SJens Wiklander 320*32b31808SJens Wiklander /* A mask of key attribute flags used externally only. 321*32b31808SJens Wiklander * Only meant for internal checks inside the library. */ 322*32b31808SJens Wiklander #define MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY ( \ 323*32b31808SJens Wiklander MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER | \ 324*32b31808SJens Wiklander 0) 325*32b31808SJens Wiklander 326*32b31808SJens Wiklander /* A mask of key attribute flags used both internally and externally. 327*32b31808SJens Wiklander * Currently there aren't any. */ 328*32b31808SJens Wiklander #define MBEDTLS_PSA_KA_MASK_DUAL_USE ( \ 329*32b31808SJens Wiklander 0) 330*32b31808SJens Wiklander 331*32b31808SJens Wiklander typedef struct { 332*32b31808SJens Wiklander psa_key_type_t MBEDTLS_PRIVATE(type); 333*32b31808SJens Wiklander psa_key_bits_t MBEDTLS_PRIVATE(bits); 334*32b31808SJens Wiklander psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime); 335*32b31808SJens Wiklander mbedtls_svc_key_id_t MBEDTLS_PRIVATE(id); 336*32b31808SJens Wiklander psa_key_policy_t MBEDTLS_PRIVATE(policy); 337*32b31808SJens Wiklander psa_key_attributes_flag_t MBEDTLS_PRIVATE(flags); 338*32b31808SJens Wiklander } psa_core_key_attributes_t; 339*32b31808SJens Wiklander 340*32b31808SJens Wiklander #define PSA_CORE_KEY_ATTRIBUTES_INIT { PSA_KEY_TYPE_NONE, 0, \ 341*32b31808SJens Wiklander PSA_KEY_LIFETIME_VOLATILE, \ 342*32b31808SJens Wiklander MBEDTLS_SVC_KEY_ID_INIT, \ 343*32b31808SJens Wiklander PSA_KEY_POLICY_INIT, 0 } 344*32b31808SJens Wiklander 345*32b31808SJens Wiklander struct psa_key_attributes_s { 346*32b31808SJens Wiklander psa_core_key_attributes_t MBEDTLS_PRIVATE(core); 347*32b31808SJens Wiklander #if defined(MBEDTLS_PSA_CRYPTO_SE_C) 348*32b31808SJens Wiklander psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number); 349*32b31808SJens Wiklander #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 350*32b31808SJens Wiklander void *MBEDTLS_PRIVATE(domain_parameters); 351*32b31808SJens Wiklander size_t MBEDTLS_PRIVATE(domain_parameters_size); 352*32b31808SJens Wiklander }; 353*32b31808SJens Wiklander 354*32b31808SJens Wiklander #if defined(MBEDTLS_PSA_CRYPTO_SE_C) 355*32b31808SJens Wiklander #define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0 } 356*32b31808SJens Wiklander #else 357*32b31808SJens Wiklander #define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0 } 358*32b31808SJens Wiklander #endif 359*32b31808SJens Wiklander 360*32b31808SJens Wiklander static inline struct psa_key_attributes_s psa_key_attributes_init(void) 361*32b31808SJens Wiklander { 362*32b31808SJens Wiklander const struct psa_key_attributes_s v = PSA_KEY_ATTRIBUTES_INIT; 363*32b31808SJens Wiklander return v; 364*32b31808SJens Wiklander } 365*32b31808SJens Wiklander 366*32b31808SJens Wiklander static inline void psa_set_key_id(psa_key_attributes_t *attributes, 367*32b31808SJens Wiklander mbedtls_svc_key_id_t key) 368*32b31808SJens Wiklander { 369*32b31808SJens Wiklander psa_key_lifetime_t lifetime = attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime); 370*32b31808SJens Wiklander 371*32b31808SJens Wiklander attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = key; 372*32b31808SJens Wiklander 373*32b31808SJens Wiklander if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) { 374*32b31808SJens Wiklander attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) = 375*32b31808SJens Wiklander PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( 376*32b31808SJens Wiklander PSA_KEY_LIFETIME_PERSISTENT, 377*32b31808SJens Wiklander PSA_KEY_LIFETIME_GET_LOCATION(lifetime)); 378*32b31808SJens Wiklander } 379*32b31808SJens Wiklander } 380*32b31808SJens Wiklander 381*32b31808SJens Wiklander static inline mbedtls_svc_key_id_t psa_get_key_id( 382*32b31808SJens Wiklander const psa_key_attributes_t *attributes) 383*32b31808SJens Wiklander { 384*32b31808SJens Wiklander return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id); 385*32b31808SJens Wiklander } 386*32b31808SJens Wiklander 387*32b31808SJens Wiklander #ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 388*32b31808SJens Wiklander static inline void mbedtls_set_key_owner_id(psa_key_attributes_t *attributes, 389*32b31808SJens Wiklander mbedtls_key_owner_id_t owner) 390*32b31808SJens Wiklander { 391*32b31808SJens Wiklander attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(owner) = owner; 392*32b31808SJens Wiklander } 393*32b31808SJens Wiklander #endif 394*32b31808SJens Wiklander 395*32b31808SJens Wiklander static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes, 396*32b31808SJens Wiklander psa_key_lifetime_t lifetime) 397*32b31808SJens Wiklander { 398*32b31808SJens Wiklander attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) = lifetime; 399*32b31808SJens Wiklander if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) { 400*32b31808SJens Wiklander #ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 401*32b31808SJens Wiklander attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(key_id) = 0; 402*32b31808SJens Wiklander #else 403*32b31808SJens Wiklander attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = 0; 404*32b31808SJens Wiklander #endif 405*32b31808SJens Wiklander } 406*32b31808SJens Wiklander } 407*32b31808SJens Wiklander 408*32b31808SJens Wiklander static inline psa_key_lifetime_t psa_get_key_lifetime( 409*32b31808SJens Wiklander const psa_key_attributes_t *attributes) 410*32b31808SJens Wiklander { 411*32b31808SJens Wiklander return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime); 412*32b31808SJens Wiklander } 413*32b31808SJens Wiklander 414*32b31808SJens Wiklander static inline void psa_extend_key_usage_flags(psa_key_usage_t *usage_flags) 415*32b31808SJens Wiklander { 416*32b31808SJens Wiklander if (*usage_flags & PSA_KEY_USAGE_SIGN_HASH) { 417*32b31808SJens Wiklander *usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE; 418*32b31808SJens Wiklander } 419*32b31808SJens Wiklander 420*32b31808SJens Wiklander if (*usage_flags & PSA_KEY_USAGE_VERIFY_HASH) { 421*32b31808SJens Wiklander *usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE; 422*32b31808SJens Wiklander } 423*32b31808SJens Wiklander } 424*32b31808SJens Wiklander 425*32b31808SJens Wiklander static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes, 426*32b31808SJens Wiklander psa_key_usage_t usage_flags) 427*32b31808SJens Wiklander { 428*32b31808SJens Wiklander psa_extend_key_usage_flags(&usage_flags); 429*32b31808SJens Wiklander attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) = usage_flags; 430*32b31808SJens Wiklander } 431*32b31808SJens Wiklander 432*32b31808SJens Wiklander static inline psa_key_usage_t psa_get_key_usage_flags( 433*32b31808SJens Wiklander const psa_key_attributes_t *attributes) 434*32b31808SJens Wiklander { 435*32b31808SJens Wiklander return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage); 436*32b31808SJens Wiklander } 437*32b31808SJens Wiklander 438*32b31808SJens Wiklander static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes, 439*32b31808SJens Wiklander psa_algorithm_t alg) 440*32b31808SJens Wiklander { 441*32b31808SJens Wiklander attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) = alg; 442*32b31808SJens Wiklander } 443*32b31808SJens Wiklander 444*32b31808SJens Wiklander static inline psa_algorithm_t psa_get_key_algorithm( 445*32b31808SJens Wiklander const psa_key_attributes_t *attributes) 446*32b31808SJens Wiklander { 447*32b31808SJens Wiklander return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg); 448*32b31808SJens Wiklander } 449*32b31808SJens Wiklander 450*32b31808SJens Wiklander /* This function is declared in crypto_extra.h, which comes after this 451*32b31808SJens Wiklander * header file, but we need the function here, so repeat the declaration. */ 452*32b31808SJens Wiklander psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, 453*32b31808SJens Wiklander psa_key_type_t type, 454*32b31808SJens Wiklander const uint8_t *data, 455*32b31808SJens Wiklander size_t data_length); 456*32b31808SJens Wiklander 457*32b31808SJens Wiklander static inline void psa_set_key_type(psa_key_attributes_t *attributes, 458*32b31808SJens Wiklander psa_key_type_t type) 459*32b31808SJens Wiklander { 460*32b31808SJens Wiklander if (attributes->MBEDTLS_PRIVATE(domain_parameters) == NULL) { 461*32b31808SJens Wiklander /* Common case: quick path */ 462*32b31808SJens Wiklander attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type) = type; 463*32b31808SJens Wiklander } else { 464*32b31808SJens Wiklander /* Call the bigger function to free the old domain parameters. 465*32b31808SJens Wiklander * Ignore any errors which may arise due to type requiring 466*32b31808SJens Wiklander * non-default domain parameters, since this function can't 467*32b31808SJens Wiklander * report errors. */ 468*32b31808SJens Wiklander (void) psa_set_key_domain_parameters(attributes, type, NULL, 0); 469*32b31808SJens Wiklander } 470*32b31808SJens Wiklander } 471*32b31808SJens Wiklander 472*32b31808SJens Wiklander static inline psa_key_type_t psa_get_key_type( 473*32b31808SJens Wiklander const psa_key_attributes_t *attributes) 474*32b31808SJens Wiklander { 475*32b31808SJens Wiklander return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type); 476*32b31808SJens Wiklander } 477*32b31808SJens Wiklander 478*32b31808SJens Wiklander static inline void psa_set_key_bits(psa_key_attributes_t *attributes, 479*32b31808SJens Wiklander size_t bits) 480*32b31808SJens Wiklander { 481*32b31808SJens Wiklander if (bits > PSA_MAX_KEY_BITS) { 482*32b31808SJens Wiklander attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = PSA_KEY_BITS_TOO_LARGE; 483*32b31808SJens Wiklander } else { 484*32b31808SJens Wiklander attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = (psa_key_bits_t) bits; 485*32b31808SJens Wiklander } 486*32b31808SJens Wiklander } 487*32b31808SJens Wiklander 488*32b31808SJens Wiklander static inline size_t psa_get_key_bits( 489*32b31808SJens Wiklander const psa_key_attributes_t *attributes) 490*32b31808SJens Wiklander { 491*32b31808SJens Wiklander return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits); 492*32b31808SJens Wiklander } 493*32b31808SJens Wiklander 494*32b31808SJens Wiklander /** 495*32b31808SJens Wiklander * \brief The context for PSA interruptible hash signing. 496*32b31808SJens Wiklander */ 497*32b31808SJens Wiklander struct psa_sign_hash_interruptible_operation_s { 498*32b31808SJens Wiklander /** Unique ID indicating which driver got assigned to do the 499*32b31808SJens Wiklander * operation. Since driver contexts are driver-specific, swapping 500*32b31808SJens Wiklander * drivers halfway through the operation is not supported. 501*32b31808SJens Wiklander * ID values are auto-generated in psa_crypto_driver_wrappers.h 502*32b31808SJens Wiklander * ID value zero means the context is not valid or not assigned to 503*32b31808SJens Wiklander * any driver (i.e. none of the driver contexts are active). */ 504*32b31808SJens Wiklander unsigned int MBEDTLS_PRIVATE(id); 505*32b31808SJens Wiklander 506*32b31808SJens Wiklander psa_driver_sign_hash_interruptible_context_t MBEDTLS_PRIVATE(ctx); 507*32b31808SJens Wiklander 508*32b31808SJens Wiklander unsigned int MBEDTLS_PRIVATE(error_occurred) : 1; 509*32b31808SJens Wiklander 510*32b31808SJens Wiklander uint32_t MBEDTLS_PRIVATE(num_ops); 511*32b31808SJens Wiklander }; 512*32b31808SJens Wiklander 513*32b31808SJens Wiklander #define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0, 0 } 514*32b31808SJens Wiklander 515*32b31808SJens Wiklander static inline struct psa_sign_hash_interruptible_operation_s 516*32b31808SJens Wiklander psa_sign_hash_interruptible_operation_init(void) 517*32b31808SJens Wiklander { 518*32b31808SJens Wiklander const struct psa_sign_hash_interruptible_operation_s v = 519*32b31808SJens Wiklander PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT; 520*32b31808SJens Wiklander 521*32b31808SJens Wiklander return v; 522*32b31808SJens Wiklander } 523*32b31808SJens Wiklander 524*32b31808SJens Wiklander /** 525*32b31808SJens Wiklander * \brief The context for PSA interruptible hash verification. 526*32b31808SJens Wiklander */ 527*32b31808SJens Wiklander struct psa_verify_hash_interruptible_operation_s { 528*32b31808SJens Wiklander /** Unique ID indicating which driver got assigned to do the 529*32b31808SJens Wiklander * operation. Since driver contexts are driver-specific, swapping 530*32b31808SJens Wiklander * drivers halfway through the operation is not supported. 531*32b31808SJens Wiklander * ID values are auto-generated in psa_crypto_driver_wrappers.h 532*32b31808SJens Wiklander * ID value zero means the context is not valid or not assigned to 533*32b31808SJens Wiklander * any driver (i.e. none of the driver contexts are active). */ 534*32b31808SJens Wiklander unsigned int MBEDTLS_PRIVATE(id); 535*32b31808SJens Wiklander 536*32b31808SJens Wiklander psa_driver_verify_hash_interruptible_context_t MBEDTLS_PRIVATE(ctx); 537*32b31808SJens Wiklander 538*32b31808SJens Wiklander unsigned int MBEDTLS_PRIVATE(error_occurred) : 1; 539*32b31808SJens Wiklander 540*32b31808SJens Wiklander uint32_t MBEDTLS_PRIVATE(num_ops); 541*32b31808SJens Wiklander }; 542*32b31808SJens Wiklander 543*32b31808SJens Wiklander #define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0, 0 } 544*32b31808SJens Wiklander 545*32b31808SJens Wiklander static inline struct psa_verify_hash_interruptible_operation_s 546*32b31808SJens Wiklander psa_verify_hash_interruptible_operation_init(void) 547*32b31808SJens Wiklander { 548*32b31808SJens Wiklander const struct psa_verify_hash_interruptible_operation_s v = 549*32b31808SJens Wiklander PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT; 550*32b31808SJens Wiklander 551*32b31808SJens Wiklander return v; 552*32b31808SJens Wiklander } 553*32b31808SJens Wiklander 554*32b31808SJens Wiklander #ifdef __cplusplus 555*32b31808SJens Wiklander } 556*32b31808SJens Wiklander #endif 557*32b31808SJens Wiklander 558*32b31808SJens Wiklander #endif /* PSA_CRYPTO_STRUCT_H */ 559