PSA PAKE: Add cipher suite structure

PAKE protocols make use of a range of cryptographic schemes and primitives. Standards allow for several options to use for each of them. They call the combination of specific algorithms cipher suites, configurations or options. Cipher suites are represented by a separate data type for several reasons: 1. To allow for individual PAKE protocols to provide pre-defined cipher suites. 2. To organise cipher suites into a unit that can be handled separately from the operation context. The PAKE operation flow is already complex, will be even more so when key confirmation is added. Handling them separately should reduce the surface of the interface the application developer needs to pay attention at any given time. Signed-off-by: Janos Follath <janos.follath@arm.com>
2025-06-15 06:41:43 +03:00 · 2021-03-21 09:42:37 +00:00
parent 38a5d35646
commit 508afeca67
3 changed files with 83 additions and 1 deletions
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@ -461,6 +461,39 @@ static inline size_t psa_get_key_bits(
    return( attributes->core.bits );
 }

+struct psa_pake_cipher_suite_s
+{
+    psa_pake_primitive_t primitive;
+    psa_algorithm_t hash;
+    psa_algorithm_t algorithm1;
+    psa_pake_bits_t bits1;
+    psa_algorithm_t algorithm2;
+    psa_pake_bits_t bits2;
+    psa_pake_cipher_suite_options_t options;
+};
+
+static inline struct psa_pake_cipher_suite_s psa_pake_cipher_suite(
+                                    psa_pake_primitive_t primitive,
+                                    psa_algorithm_t hash,
+                                    psa_algorithm_t algorithm1,
+                                    psa_pake_bits_t bits1,
+                                    psa_algorithm_t algorithm2,
+                                    psa_pake_bits_t bits2,
+                                    psa_pake_cipher_suite_options_t options
+                                    )
+{
+    struct psa_pake_cipher_suite_s cipher_suite;
+
+    cipher_suite.primitive = primitive;
+    cipher_suite.hash = hash;
+    cipher_suite.algorithm1 = algorithm1;
+    cipher_suite.bits1 = bits1;
+    cipher_suite.algorithm2 = algorithm2;
+    cipher_suite.bits2 = bits2;
+    cipher_suite.options = options;
+
+    return cipher_suite;
+}
 #ifdef __cplusplus
 }
 #endif