mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-29 11:41:15 +03:00
Merge remote-tracking branch 'origin/development' into development_new
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com> Conflicts: include/mbedtls/check_config.h: nearby edits library/entropy.c: nearby edits programs/random/gen_random_havege.c: modification vs. removal programs/ssl/ssl_test_lib.h: nearby edits programs/test/cpp_dummy_build.cpp: nearby edits visualc/VS2010/mbedTLS.vcxproj: automatically generated file, regenerated with scripts/generate_visualc_files.pl
This commit is contained in:
@ -251,6 +251,10 @@
|
||||
#error "MBEDTLS_ECP_NORMALIZE_MXZ_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_NO_FALLBACK) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
|
||||
#error "MBEDTLS_ECP_NO_FALLBACK defined, but no alternative implementation enabled"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HKDF_C) && !defined(MBEDTLS_MD_C)
|
||||
#error "MBEDTLS_HKDF_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
@ -484,6 +484,11 @@
|
||||
* is still present and it is used for group structures not supported by the
|
||||
* alternative.
|
||||
*
|
||||
* The original implementation can in addition be removed by setting the
|
||||
* MBEDTLS_ECP_NO_FALLBACK option, in which case any function for which the
|
||||
* corresponding MBEDTLS_ECP__FUNCTION_NAME__ALT macro is defined will not be
|
||||
* able to fallback to curves not supported by the alternative implementation.
|
||||
*
|
||||
* Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT
|
||||
* and implementing the following functions:
|
||||
* unsigned char mbedtls_internal_ecp_grp_capable(
|
||||
@ -497,21 +502,28 @@
|
||||
* called before and after each point operation and provide an opportunity to
|
||||
* implement optimized set up and tear down instructions.
|
||||
*
|
||||
* Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and
|
||||
* MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac
|
||||
* function, but will use your mbedtls_internal_ecp_double_jac if the group is
|
||||
* supported (your mbedtls_internal_ecp_grp_capable function returns 1 when
|
||||
* receives it as an argument). If the group is not supported then the original
|
||||
* implementation is used. The other functions and the definition of
|
||||
* mbedtls_ecp_group and mbedtls_ecp_point will not change, so your
|
||||
* implementation of mbedtls_internal_ecp_double_jac and
|
||||
* mbedtls_internal_ecp_grp_capable must be compatible with this definition.
|
||||
* Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and
|
||||
* MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac()
|
||||
* function, but will use your mbedtls_internal_ecp_double_jac() if the group
|
||||
* for the operation is supported by your implementation (i.e. your
|
||||
* mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the
|
||||
* group is not supported by your implementation, then the original mbed TLS
|
||||
* implementation of ecp_double_jac() is used instead, unless this fallback
|
||||
* behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case
|
||||
* ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE).
|
||||
*
|
||||
* The function prototypes and the definition of mbedtls_ecp_group and
|
||||
* mbedtls_ecp_point will not change based on MBEDTLS_ECP_INTERNAL_ALT, so your
|
||||
* implementation of mbedtls_internal_ecp__function_name__ must be compatible
|
||||
* with their definitions.
|
||||
*
|
||||
* Uncomment a macro to enable alternate implementation of the corresponding
|
||||
* function.
|
||||
*/
|
||||
/* Required for all the functions in this section */
|
||||
//#define MBEDTLS_ECP_INTERNAL_ALT
|
||||
/* Turn off software fallback for curves not supported in hardware */
|
||||
//#define MBEDTLS_ECP_NO_FALLBACK
|
||||
/* Support for Weierstrass curves with Jacobi representation */
|
||||
//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
|
||||
//#define MBEDTLS_ECP_ADD_MIXED_ALT
|
||||
@ -1327,6 +1339,22 @@
|
||||
*/
|
||||
#define MBEDTLS_PKCS1_V21
|
||||
|
||||
/** \def MBEDTLS_PSA_CRYPTO_CLIENT
|
||||
*
|
||||
* Enable support for PSA crypto client.
|
||||
*
|
||||
* \note This option allows to include the code necessary for a PSA
|
||||
* crypto client when the PSA crypto implementation is not included in
|
||||
* the library (MBEDTLS_PSA_CRYPTO_C disabled). The code included is the
|
||||
* code to set and get PSA key attributes.
|
||||
* The development of PSA drivers partially relying on the library to
|
||||
* fulfill the hardware gaps is another possible usage of this option.
|
||||
*
|
||||
* \warning This interface is experimental and may change or be removed
|
||||
* without notice.
|
||||
*/
|
||||
//#define MBEDTLS_PSA_CRYPTO_CLIENT
|
||||
|
||||
/** \def MBEDTLS_PSA_CRYPTO_DRIVERS
|
||||
*
|
||||
* Enable support for the experimental PSA crypto driver interface.
|
||||
@ -3622,6 +3650,17 @@
|
||||
*/
|
||||
//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
|
||||
|
||||
/** \def MBEDTLS_PSA_KEY_SLOT_COUNT
|
||||
* Restrict the PSA library to supporting a maximum amount of simultaneously
|
||||
* loaded keys. A loaded key is a key stored by the PSA Crypto core as a
|
||||
* volatile key, or a persistent key which is loaded temporarily by the
|
||||
* library as part of a crypto operation in flight.
|
||||
*
|
||||
* If this option is unset, the library will fall back to a default value of
|
||||
* 32 keys.
|
||||
*/
|
||||
//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
|
||||
|
||||
/* SSL Cache options */
|
||||
//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
|
||||
//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
|
||||
|
@ -220,6 +220,283 @@ extern "C" {
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */
|
||||
#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
|
||||
|
||||
/* If any of the block modes are requested that don't have an
|
||||
* associated HW assist, define PSA_HAVE_SOFT_BLOCK_MODE for checking
|
||||
* in the block cipher key types. */
|
||||
#if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \
|
||||
(defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \
|
||||
(defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \
|
||||
(defined(PSA_WANT_ALG_XTS) && !defined(MBEDTLS_PSA_ACCEL_ALG_XTS)) || \
|
||||
defined(PSA_WANT_ALG_ECB_NO_PADDING) || \
|
||||
(defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
|
||||
(defined(PSA_WANT_ALG_CBC_PKCS7) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \
|
||||
(defined(PSA_WANT_ALG_CMAC) && !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC))
|
||||
#define PSA_HAVE_SOFT_BLOCK_MODE 1
|
||||
#endif
|
||||
|
||||
#if (defined(PSA_WANT_ALG_GCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_GCM)) || \
|
||||
(defined(PSA_WANT_ALG_CCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_CCM))
|
||||
#define PSA_HAVE_SOFT_BLOCK_AEAD 1
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_AES)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
|
||||
#define PSA_HAVE_SOFT_KEY_TYPE_AES 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */
|
||||
#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_AEAD)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
|
||||
#define MBEDTLS_AES_C
|
||||
#endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */
|
||||
#endif /* PSA_WANT_KEY_TYPE_AES */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ARC4)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARC4)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARC4 1
|
||||
#define MBEDTLS_ARC4_C
|
||||
#endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_ARC4 */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ARC4 */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
|
||||
#define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA */
|
||||
#if defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_AEAD)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
|
||||
#define MBEDTLS_CAMELLIA_C
|
||||
#endif /* PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA || PSA_HAVE_SOFT_BLOCK_MODE */
|
||||
#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_DES)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES)
|
||||
#define PSA_HAVE_SOFT_KEY_TYPE_DES 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DES */
|
||||
#if defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_MODE)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
|
||||
#define MBEDTLS_DES_C
|
||||
#endif /*PSA_HAVE_SOFT_KEY_TYPE_DES || PSA_HAVE_SOFT_BLOCK_MODE */
|
||||
#endif /* PSA_WANT_KEY_TYPE_DES */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
|
||||
#define MBEDTLS_CHACHA20_C
|
||||
#endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 */
|
||||
#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
|
||||
|
||||
/* If any of the software block ciphers are selected, define
|
||||
* PSA_HAVE_SOFT_BLOCK_CIPHER, which can be used in any of these
|
||||
* situations. */
|
||||
#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
|
||||
#define PSA_HAVE_SOFT_BLOCK_CIPHER 1
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_STREAM_CIPHER)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
|
||||
#endif /* PSA_WANT_ALG_STREAM_CIPHER */
|
||||
|
||||
#if defined(PSA_WANT_ALG_CBC_MAC)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC)
|
||||
#error "CBC-MAC is not yet supported via the PSA API in Mbed TLS."
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CBC_MAC 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_CBC_MAC */
|
||||
#endif /* PSA_WANT_ALG_CBC_MAC */
|
||||
|
||||
#if defined(PSA_WANT_ALG_CMAC)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
|
||||
#define MBEDTLS_CMAC_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */
|
||||
#endif /* PSA_WANT_ALG_CMAC */
|
||||
|
||||
#if defined(PSA_WANT_ALG_CTR)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CTR) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
|
||||
#define MBEDTLS_CIPHER_MODE_CTR
|
||||
#endif
|
||||
#endif /* PSA_WANT_ALG_CTR */
|
||||
|
||||
#if defined(PSA_WANT_ALG_CFB)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CFB) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
|
||||
#define MBEDTLS_CIPHER_MODE_CFB
|
||||
#endif
|
||||
#endif /* PSA_WANT_ALG_CFB */
|
||||
|
||||
#if defined(PSA_WANT_ALG_OFB)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_OFB) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
|
||||
#define MBEDTLS_CIPHER_MODE_OFB
|
||||
#endif
|
||||
#endif /* PSA_WANT_ALG_OFB */
|
||||
|
||||
#if defined(PSA_WANT_ALG_XTS)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_XTS) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_XTS 1
|
||||
#define MBEDTLS_CIPHER_MODE_XTS
|
||||
#endif
|
||||
#endif /* PSA_WANT_ALG_XTS */
|
||||
|
||||
#if defined(PSA_WANT_ALG_ECB_NO_PADDING)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
|
||||
#define MBEDTLS_CIPHER_MODE_CBC
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
|
||||
#endif
|
||||
#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
|
||||
|
||||
#if defined(PSA_WANT_ALG_CBC_PKCS7)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
|
||||
#define MBEDTLS_CIPHER_MODE_CBC
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
|
||||
#define MBEDTLS_CIPHER_PADDING_PKCS7
|
||||
#endif
|
||||
#endif /* PSA_WANT_ALG_CBC_PKCS7 */
|
||||
|
||||
#if defined(PSA_WANT_ALG_CCM)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
|
||||
#define MBEDTLS_CCM_C
|
||||
#endif
|
||||
#endif /* PSA_WANT_ALG_CCM */
|
||||
|
||||
#if defined(PSA_WANT_ALG_GCM)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
|
||||
#define MBEDTLS_GCM_C
|
||||
#endif
|
||||
#endif /* PSA_WANT_ALG_GCM */
|
||||
|
||||
#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
|
||||
#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
|
||||
#define MBEDTLS_CHACHAPOLY_C
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
|
||||
#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
|
||||
#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
|
||||
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 */
|
||||
#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)
|
||||
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 */
|
||||
#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)
|
||||
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 */
|
||||
#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_MONTGOMERY_255)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)
|
||||
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 */
|
||||
#endif /* PSA_WANT_ECC_MONTGOMERY_255 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_MONTGOMERY_448)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
|
||||
/*
|
||||
* Curve448 is not yet supported via the PSA API in Mbed TLS
|
||||
* (https://github.com/ARMmbed/mbedtls/issues/4249).
|
||||
*/
|
||||
#error "Curve448 is not yet supported via the PSA API in Mbed TLS."
|
||||
#define MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 */
|
||||
#endif /* PSA_WANT_ECC_MONTGOMERY_448 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_192)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)
|
||||
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 */
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_192 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_224)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)
|
||||
#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 */
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_224 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)
|
||||
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 */
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_256 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_384)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)
|
||||
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 */
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_384 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
|
||||
#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 */
|
||||
#endif /* PSA_WANT_ECC_SECP_R1_521 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_K1_192)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)
|
||||
#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 */
|
||||
#endif /* PSA_WANT_ECC_SECP_K1_192 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_K1_224)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
|
||||
/*
|
||||
* SECP224K1 is buggy via the PSA API in Mbed TLS
|
||||
* (https://github.com/ARMmbed/mbedtls/issues/3541).
|
||||
*/
|
||||
#error "SECP224K1 is buggy via the PSA API in Mbed TLS."
|
||||
#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 */
|
||||
#endif /* PSA_WANT_ECC_SECP_K1_224 */
|
||||
|
||||
#if defined(PSA_WANT_ECC_SECP_K1_256)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)
|
||||
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 */
|
||||
#endif /* PSA_WANT_ECC_SECP_K1_256 */
|
||||
|
||||
#else /* MBEDTLS_PSA_CRYPTO_CONFIG */
|
||||
|
||||
/*
|
||||
@ -227,6 +504,16 @@ extern "C" {
|
||||
* is not defined
|
||||
*/
|
||||
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
|
||||
#define PSA_WANT_ALG_CCM 1
|
||||
#endif /* MBEDTLS_CCM_C */
|
||||
|
||||
#if defined(MBEDTLS_CMAC_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
|
||||
#define PSA_WANT_ALG_CMAC 1
|
||||
#endif /* MBEDTLS_CMAC_C */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
|
||||
#define PSA_WANT_ALG_ECDH 1
|
||||
@ -251,6 +538,11 @@ extern "C" {
|
||||
#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
|
||||
#define PSA_WANT_ALG_GCM 1
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
|
||||
#if defined(MBEDTLS_HKDF_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
|
||||
#define PSA_WANT_ALG_HMAC 1
|
||||
@ -261,6 +553,7 @@ extern "C" {
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
|
||||
#define PSA_WANT_ALG_HMAC 1
|
||||
#define PSA_WANT_KEY_TYPE_HMAC
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
|
||||
#define PSA_WANT_ALG_TLS12_PRF 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
|
||||
@ -314,6 +607,7 @@ extern "C" {
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
|
||||
#define PSA_WANT_ALG_SHA_224 1
|
||||
#define PSA_WANT_ALG_SHA_256 1
|
||||
#endif
|
||||
|
||||
@ -326,8 +620,147 @@ extern "C" {
|
||||
#define PSA_WANT_ALG_SHA_512 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
#define PSA_WANT_KEY_TYPE_AES 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ARC4_C)
|
||||
#define PSA_WANT_KEY_TYPE_ARC4 1
|
||||
#define PSA_WANT_ALG_STREAM_CIPHER 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARC4 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CAMELLIA_C)
|
||||
#define PSA_WANT_KEY_TYPE_CAMELLIA 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DES_C)
|
||||
#define PSA_WANT_KEY_TYPE_DES 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CHACHA20_C)
|
||||
#define PSA_WANT_KEY_TYPE_CHACHA20 1
|
||||
#define PSA_WANT_ALG_STREAM_CIPHER 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
|
||||
#if defined(MBEDTLS_CHACHAPOLY_C)
|
||||
#define PSA_WANT_ALG_CHACHA20_POLY1305 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
|
||||
#define PSA_WANT_ALG_CBC_NO_PADDING 1
|
||||
#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
|
||||
#define PSA_WANT_ALG_CBC_PKCS7 1
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \
|
||||
defined(MBEDTLS_CAMELLIA_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
|
||||
#define PSA_WANT_ALG_ECB_NO_PADDING 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
|
||||
#define PSA_WANT_ALG_CFB 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CTR)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
|
||||
#define PSA_WANT_ALG_CTR 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_OFB)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
|
||||
#define PSA_WANT_ALG_OFB 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_XTS 1
|
||||
#define PSA_WANT_ALG_XTS 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
|
||||
#define PSA_WANT_ECC_BRAINPOOL_P_R1_256
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
|
||||
#define PSA_WANT_ECC_BRAINPOOL_P_R1_384
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
|
||||
#define PSA_WANT_ECC_BRAINPOOL_P_R1_512
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
|
||||
#define PSA_WANT_ECC_MONTGOMERY_255
|
||||
#endif
|
||||
|
||||
/* Curve448 is not yet supported via the PSA API (https://github.com/ARMmbed/mbedtls/issues/4249) */
|
||||
#if 0 && defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
|
||||
#define PSA_WANT_ECC_MONTGOMERY_448
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
|
||||
#define PSA_WANT_ECC_SECP_R1_192
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
|
||||
#define PSA_WANT_ECC_SECP_R1_224
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
|
||||
#define PSA_WANT_ECC_SECP_R1_256
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
|
||||
#define PSA_WANT_ECC_SECP_R1_384
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
|
||||
#define PSA_WANT_ECC_SECP_R1_521
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
|
||||
#define PSA_WANT_ECC_SECP_K1_192
|
||||
#endif
|
||||
|
||||
/* SECP224K1 is buggy via the PSA API (https://github.com/ARMmbed/mbedtls/issues/3541) */
|
||||
#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
|
||||
#define PSA_WANT_ECC_SECP_K1_224
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
|
||||
#define PSA_WANT_ECC_SECP_K1_256
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
|
||||
|
||||
/* These features are always enabled. */
|
||||
#define PSA_WANT_KEY_TYPE_DERIVE 1
|
||||
#define PSA_WANT_KEY_TYPE_RAW_DATA 1
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
@ -200,6 +200,13 @@ typedef struct mbedtls_ctr_drbg_context
|
||||
void *p_entropy; /*!< The context for the entropy function. */
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
/* Invariant: the mutex is initialized if and only if f_entropy != NULL.
|
||||
* This means that the mutex is initialized during the initial seeding
|
||||
* in mbedtls_ctr_drbg_seed() and freed in mbedtls_ctr_drbg_free().
|
||||
*
|
||||
* Note that this invariant may change without notice. Do not rely on it
|
||||
* and do not access the mutex directly in application code.
|
||||
*/
|
||||
mbedtls_threading_mutex_t mutex;
|
||||
#endif
|
||||
}
|
||||
@ -264,6 +271,15 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
|
||||
* make a second call to \p f_entropy.
|
||||
*/
|
||||
#endif
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
/**
|
||||
* \note When Mbed TLS is built with threading support,
|
||||
* after this function returns successfully,
|
||||
* it is safe to call mbedtls_ctr_drbg_random()
|
||||
* from multiple threads. Other operations, including
|
||||
* reseeding, are not thread-safe.
|
||||
*/
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
/**
|
||||
* - The \p custom string.
|
||||
*
|
||||
@ -290,6 +306,8 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
|
||||
* the same context unless you call
|
||||
* mbedtls_ctr_drbg_free() and mbedtls_ctr_drbg_init()
|
||||
* again first.
|
||||
* After a failed call to mbedtls_ctr_drbg_seed(),
|
||||
* you must call mbedtls_ctr_drbg_free().
|
||||
* \param f_entropy The entropy callback, taking as arguments the
|
||||
* \p p_entropy context, the buffer to fill, and the
|
||||
* length of the buffer.
|
||||
@ -405,6 +423,11 @@ void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
|
||||
* \brief This function reseeds the CTR_DRBG context, that is
|
||||
* extracts data from the entropy source.
|
||||
*
|
||||
* \note This function is not thread-safe. It is not safe
|
||||
* to call this function if another thread might be
|
||||
* concurrently obtaining random numbers from the same
|
||||
* context or updating or reseeding the same context.
|
||||
*
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param additional Additional data to add to the state. Can be \c NULL.
|
||||
* \param len The length of the additional data.
|
||||
@ -422,6 +445,11 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
|
||||
/**
|
||||
* \brief This function updates the state of the CTR_DRBG context.
|
||||
*
|
||||
* \note This function is not thread-safe. It is not safe
|
||||
* to call this function if another thread might be
|
||||
* concurrently obtaining random numbers from the same
|
||||
* context or updating or reseeding the same context.
|
||||
*
|
||||
* \param ctx The CTR_DRBG context.
|
||||
* \param additional The data to update the state with. This must not be
|
||||
* \c NULL unless \p add_len is \c 0.
|
||||
@ -445,6 +473,11 @@ int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
|
||||
* This function automatically reseeds if the reseed counter is exceeded
|
||||
* or prediction resistance is enabled.
|
||||
*
|
||||
* \note This function is not thread-safe. It is not safe
|
||||
* to call this function if another thread might be
|
||||
* concurrently obtaining random numbers from the same
|
||||
* context or updating or reseeding the same context.
|
||||
*
|
||||
* \param p_rng The CTR_DRBG context. This must be a pointer to a
|
||||
* #mbedtls_ctr_drbg_context structure.
|
||||
* \param output The buffer to fill.
|
||||
@ -473,8 +506,16 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
|
||||
*
|
||||
* This function automatically reseeds if the reseed counter is exceeded
|
||||
* or prediction resistance is enabled.
|
||||
*
|
||||
*
|
||||
*/
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
/**
|
||||
* \note When Mbed TLS is built with threading support,
|
||||
* it is safe to call mbedtls_ctr_drbg_random()
|
||||
* from multiple threads. Other operations, including
|
||||
* reseeding, are not thread-safe.
|
||||
*/
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
/**
|
||||
* \param p_rng The CTR_DRBG context. This must be a pointer to a
|
||||
* #mbedtls_ctr_drbg_context structure.
|
||||
* \param output The buffer to fill.
|
||||
|
@ -80,6 +80,50 @@
|
||||
|
||||
#endif /* MBEDTLS_DEBUG_C */
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_PRINTF_ATTRIBUTE
|
||||
*
|
||||
* Mark a function as having printf attributes, and thus enable checking
|
||||
* via -wFormat and other flags. This does nothing on builds with compilers
|
||||
* that do not support the format attribute
|
||||
*
|
||||
* Module: library/debug.c
|
||||
* Caller:
|
||||
*
|
||||
* This module provides debugging functions.
|
||||
*/
|
||||
#if defined(__has_attribute)
|
||||
#if __has_attribute(format)
|
||||
#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
|
||||
__attribute__((format (printf, string_index, first_to_check)))
|
||||
#else /* __has_attribute(format) */
|
||||
#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
|
||||
#endif /* __has_attribute(format) */
|
||||
#else /* defined(__has_attribute) */
|
||||
#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_PRINTF_SIZET
|
||||
*
|
||||
* MBEDTLS_PRINTF_xxx: Due to issues with older window compilers
|
||||
* and MinGW we need to define the printf specifier for size_t
|
||||
* and long long per platform.
|
||||
*
|
||||
* Module: library/debug.c
|
||||
* Caller:
|
||||
*
|
||||
* This module provides debugging functions.
|
||||
*/
|
||||
#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800)
|
||||
#include <inttypes.h>
|
||||
#define MBEDTLS_PRINTF_SIZET PRIuPTR
|
||||
#define MBEDTLS_PRINTF_LONGLONG "I64d"
|
||||
#else /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800) */
|
||||
#define MBEDTLS_PRINTF_SIZET "zu"
|
||||
#define MBEDTLS_PRINTF_LONGLONG "lld"
|
||||
#endif /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800) */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
@ -118,7 +162,7 @@ void mbedtls_debug_set_threshold( int threshold );
|
||||
*/
|
||||
void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
|
||||
const char *file, int line,
|
||||
const char *format, ... );
|
||||
const char *format, ... ) MBEDTLS_PRINTF_ATTRIBUTE(5, 6);
|
||||
|
||||
/**
|
||||
* \brief Print the return value of a function to the debug output. This
|
||||
|
@ -117,13 +117,15 @@ mbedtls_entropy_source_state;
|
||||
*/
|
||||
typedef struct mbedtls_entropy_context
|
||||
{
|
||||
int accumulator_started;
|
||||
int accumulator_started; /* 0 after init.
|
||||
* 1 after the first update.
|
||||
* -1 after free. */
|
||||
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
|
||||
mbedtls_sha512_context accumulator;
|
||||
#else
|
||||
mbedtls_sha256_context accumulator;
|
||||
#endif
|
||||
int source_count;
|
||||
int source_count; /* Number of entries used in source. */
|
||||
mbedtls_entropy_source_state source[MBEDTLS_ENTROPY_MAX_SOURCES];
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_threading_mutex_t mutex; /*!< mutex */
|
||||
|
@ -101,6 +101,14 @@ typedef struct mbedtls_hmac_drbg_context
|
||||
void *p_entropy; /*!< context for the entropy function */
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
/* Invariant: the mutex is initialized if and only if
|
||||
* md_ctx->md_info != NULL. This means that the mutex is initialized
|
||||
* during the initial seeding in mbedtls_hmac_drbg_seed() or
|
||||
* mbedtls_hmac_drbg_seed_buf() and freed in mbedtls_ctr_drbg_free().
|
||||
*
|
||||
* Note that this invariant may change without notice. Do not rely on it
|
||||
* and do not access the mutex directly in application code.
|
||||
*/
|
||||
mbedtls_threading_mutex_t mutex;
|
||||
#endif
|
||||
} mbedtls_hmac_drbg_context;
|
||||
@ -150,7 +158,17 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
|
||||
* \note During the initial seeding, this function calls
|
||||
* the entropy source to obtain a nonce
|
||||
* whose length is half the entropy length.
|
||||
*
|
||||
*/
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
/**
|
||||
* \note When Mbed TLS is built with threading support,
|
||||
* after this function returns successfully,
|
||||
* it is safe to call mbedtls_hmac_drbg_random()
|
||||
* from multiple threads. Other operations, including
|
||||
* reseeding, are not thread-safe.
|
||||
*/
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
/**
|
||||
* \param ctx HMAC_DRBG context to be seeded.
|
||||
* \param md_info MD algorithm to use for HMAC_DRBG.
|
||||
* \param f_entropy The entropy callback, taking as arguments the
|
||||
@ -189,7 +207,17 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
|
||||
*
|
||||
* This function is meant for use in algorithms that need a pseudorandom
|
||||
* input such as deterministic ECDSA.
|
||||
*
|
||||
*/
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
/**
|
||||
* \note When Mbed TLS is built with threading support,
|
||||
* after this function returns successfully,
|
||||
* it is safe to call mbedtls_hmac_drbg_random()
|
||||
* from multiple threads. Other operations, including
|
||||
* reseeding, are not thread-safe.
|
||||
*/
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
/**
|
||||
* \param ctx HMAC_DRBG context to be initialised.
|
||||
* \param md_info MD algorithm to use for HMAC_DRBG.
|
||||
* \param data Concatenation of the initial entropy string and
|
||||
@ -252,6 +280,11 @@ void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
|
||||
/**
|
||||
* \brief This function updates the state of the HMAC_DRBG context.
|
||||
*
|
||||
* \note This function is not thread-safe. It is not safe
|
||||
* to call this function if another thread might be
|
||||
* concurrently obtaining random numbers from the same
|
||||
* context or updating or reseeding the same context.
|
||||
*
|
||||
* \param ctx The HMAC_DRBG context.
|
||||
* \param additional The data to update the state with.
|
||||
* If this is \c NULL, there is no additional data.
|
||||
@ -268,6 +301,11 @@ int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
|
||||
* \brief This function reseeds the HMAC_DRBG context, that is
|
||||
* extracts data from the entropy source.
|
||||
*
|
||||
* \note This function is not thread-safe. It is not safe
|
||||
* to call this function if another thread might be
|
||||
* concurrently obtaining random numbers from the same
|
||||
* context or updating or reseeding the same context.
|
||||
*
|
||||
* \param ctx The HMAC_DRBG context.
|
||||
* \param additional Additional data to add to the state.
|
||||
* If this is \c NULL, there is no additional data
|
||||
@ -293,6 +331,11 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
|
||||
* This function automatically reseeds if the reseed counter is exceeded
|
||||
* or prediction resistance is enabled.
|
||||
*
|
||||
* \note This function is not thread-safe. It is not safe
|
||||
* to call this function if another thread might be
|
||||
* concurrently obtaining random numbers from the same
|
||||
* context or updating or reseeding the same context.
|
||||
*
|
||||
* \param p_rng The HMAC_DRBG context. This must be a pointer to a
|
||||
* #mbedtls_hmac_drbg_context structure.
|
||||
* \param output The buffer to fill.
|
||||
@ -322,7 +365,16 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng,
|
||||
*
|
||||
* This function automatically reseeds if the reseed counter is exceeded
|
||||
* or prediction resistance is enabled.
|
||||
*
|
||||
*/
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
/**
|
||||
* \note When Mbed TLS is built with threading support,
|
||||
* it is safe to call mbedtls_ctr_drbg_random()
|
||||
* from multiple threads. Other operations, including
|
||||
* reseeding, are not thread-safe.
|
||||
*/
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
/**
|
||||
* \param p_rng The HMAC_DRBG context. This must be a pointer to a
|
||||
* #mbedtls_hmac_drbg_context structure.
|
||||
* \param output The buffer to fill.
|
||||
|
@ -124,6 +124,7 @@ int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char
|
||||
*
|
||||
* \return 0 if successful, or one of:
|
||||
* MBEDTLS_ERR_NET_SOCKET_FAILED,
|
||||
* MBEDTLS_ERR_NET_UNKNOWN_HOST,
|
||||
* MBEDTLS_ERR_NET_BIND_FAILED,
|
||||
* MBEDTLS_ERR_NET_LISTEN_FAILED
|
||||
*
|
||||
@ -143,6 +144,8 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char
|
||||
* can be NULL if client_ip is null
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_NET_SOCKET_FAILED,
|
||||
* MBEDTLS_ERR_NET_BIND_FAILED,
|
||||
* MBEDTLS_ERR_NET_ACCEPT_FAILED, or
|
||||
* MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small,
|
||||
* MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
|
||||
@ -155,6 +158,10 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
|
||||
/**
|
||||
* \brief Check and wait for the context to be ready for read/write
|
||||
*
|
||||
* \note The current implementation of this function uses
|
||||
* select() and returns an error if the file descriptor
|
||||
* is \c FD_SETSIZE or greater.
|
||||
*
|
||||
* \param ctx Socket to check
|
||||
* \param rw Bitflag composed of MBEDTLS_NET_POLL_READ and
|
||||
* MBEDTLS_NET_POLL_WRITE specifying the events
|
||||
@ -236,16 +243,21 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
|
||||
* 'timeout' seconds. If no error occurs, the actual amount
|
||||
* read is returned.
|
||||
*
|
||||
* \note The current implementation of this function uses
|
||||
* select() and returns an error if the file descriptor
|
||||
* is \c FD_SETSIZE or greater.
|
||||
*
|
||||
* \param ctx Socket
|
||||
* \param buf The buffer to write to
|
||||
* \param len Maximum length of the buffer
|
||||
* \param timeout Maximum number of milliseconds to wait for data
|
||||
* 0 means no timeout (wait forever)
|
||||
*
|
||||
* \return the number of bytes received,
|
||||
* or a non-zero error code:
|
||||
* MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
|
||||
* \return The number of bytes received if successful.
|
||||
* MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out.
|
||||
* MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
|
||||
* Another negative error code (MBEDTLS_ERR_NET_xxx)
|
||||
* for other failures.
|
||||
*
|
||||
* \note This function will block (until data becomes available or
|
||||
* timeout is reached) even if the socket is set to
|
||||
|
@ -86,14 +86,14 @@ static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode(
|
||||
case MBEDTLS_MODE_ECB:
|
||||
return( PSA_ALG_ECB_NO_PADDING );
|
||||
case MBEDTLS_MODE_GCM:
|
||||
return( PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, taglen ) );
|
||||
return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, taglen ) );
|
||||
case MBEDTLS_MODE_CCM:
|
||||
return( PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, taglen ) );
|
||||
return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) );
|
||||
case MBEDTLS_MODE_CBC:
|
||||
if( taglen == 0 )
|
||||
return( PSA_ALG_CBC_NO_PADDING );
|
||||
/* Intentional fallthrough for taglen != 0 */
|
||||
/* fallthrough */
|
||||
else
|
||||
return( 0 );
|
||||
default:
|
||||
return( 0 );
|
||||
}
|
||||
@ -151,7 +151,8 @@ static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg
|
||||
case MBEDTLS_MD_RIPEMD160:
|
||||
return( PSA_ALG_RIPEMD160 );
|
||||
#endif
|
||||
case MBEDTLS_MD_NONE: /* Intentional fallthrough */
|
||||
case MBEDTLS_MD_NONE:
|
||||
return( 0 );
|
||||
default:
|
||||
return( 0 );
|
||||
}
|
||||
@ -419,4 +420,90 @@ static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( unsigned char const *src,
|
||||
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/* Expose whatever RNG the PSA subsystem uses to applications using the
|
||||
* mbedtls_xxx API. The declarations and definitions here need to be
|
||||
* consistent with the implementation in library/psa_crypto_random_impl.h.
|
||||
* See that file for implementation documentation. */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
|
||||
/* The type of a `f_rng` random generator function that many library functions
|
||||
* take.
|
||||
*
|
||||
* This type name is not part of the Mbed TLS stable API. It may be renamed
|
||||
* or moved without warning.
|
||||
*/
|
||||
typedef int mbedtls_f_rng_t( void *p_rng, unsigned char *output, size_t output_size );
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
||||
|
||||
/** The random generator function for the PSA subsystem.
|
||||
*
|
||||
* This function is suitable as the `f_rng` random generator function
|
||||
* parameter of many `mbedtls_xxx` functions. Use #MBEDTLS_PSA_RANDOM_STATE
|
||||
* to obtain the \p p_rng parameter.
|
||||
*
|
||||
* The implementation of this function depends on the configuration of the
|
||||
* library.
|
||||
*
|
||||
* \note Depending on the configuration, this may be a function or
|
||||
* a pointer to a function.
|
||||
*
|
||||
* \note This function may only be used if the PSA crypto subsystem is active.
|
||||
* This means that you must call psa_crypto_init() before any call to
|
||||
* this function, and you must not call this function after calling
|
||||
* mbedtls_psa_crypto_free().
|
||||
*
|
||||
* \param p_rng The random generator context. This must be
|
||||
* #MBEDTLS_PSA_RANDOM_STATE. No other state is
|
||||
* supported.
|
||||
* \param output The buffer to fill. It must have room for
|
||||
* \c output_size bytes.
|
||||
* \param output_size The number of bytes to write to \p output.
|
||||
* This function may fail if \p output_size is too
|
||||
* large. It is guaranteed to accept any output size
|
||||
* requested by Mbed TLS library functions. The
|
||||
* maximum request size depends on the library
|
||||
* configuration.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An `MBEDTLS_ERR_ENTROPY_xxx`,
|
||||
* `MBEDTLS_ERR_PLATFORM_xxx,
|
||||
* `MBEDTLS_ERR_CTR_DRBG_xxx` or
|
||||
* `MBEDTLS_ERR_HMAC_DRBG_xxx` on error.
|
||||
*/
|
||||
int mbedtls_psa_get_random( void *p_rng,
|
||||
unsigned char *output,
|
||||
size_t output_size );
|
||||
|
||||
/** The random generator state for the PSA subsystem.
|
||||
*
|
||||
* This macro expands to an expression which is suitable as the `p_rng`
|
||||
* random generator state parameter of many `mbedtls_xxx` functions.
|
||||
* It must be used in combination with the random generator function
|
||||
* mbedtls_psa_get_random().
|
||||
*
|
||||
* The implementation of this macro depends on the configuration of the
|
||||
* library. Do not make any assumption on its nature.
|
||||
*/
|
||||
#define MBEDTLS_PSA_RANDOM_STATE NULL
|
||||
|
||||
#else /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
|
||||
|
||||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
#include "mbedtls/ctr_drbg.h"
|
||||
typedef mbedtls_ctr_drbg_context mbedtls_psa_drbg_context_t;
|
||||
static mbedtls_f_rng_t *const mbedtls_psa_get_random = mbedtls_ctr_drbg_random;
|
||||
#elif defined(MBEDTLS_HMAC_DRBG_C)
|
||||
#include "mbedtls/hmac_drbg.h"
|
||||
typedef mbedtls_hmac_drbg_context mbedtls_psa_drbg_context_t;
|
||||
static mbedtls_f_rng_t *const mbedtls_psa_get_random = mbedtls_hmac_drbg_random;
|
||||
#endif
|
||||
extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state;
|
||||
|
||||
#define MBEDTLS_PSA_RANDOM_STATE mbedtls_psa_random_state
|
||||
|
||||
#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
|
||||
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||
|
||||
#endif /* MBEDTLS_PSA_UTIL_H */
|
||||
|
@ -97,7 +97,10 @@ extern "C" {
|
||||
*/
|
||||
typedef struct mbedtls_rsa_context
|
||||
{
|
||||
int ver; /*!< Always 0.*/
|
||||
int ver; /*!< Reserved for internal purposes.
|
||||
* Do not set this field in application
|
||||
* code. Its meaning might change without
|
||||
* notice. */
|
||||
size_t len; /*!< The size of \p N in Bytes. */
|
||||
|
||||
mbedtls_mpi N; /*!< The public modulus. */
|
||||
@ -127,6 +130,7 @@ typedef struct mbedtls_rsa_context
|
||||
mask generating function used in the
|
||||
EME-OAEP and EMSA-PSS encodings. */
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
/* Invariant: the mutex is initialized iff ver != 0. */
|
||||
mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex. */
|
||||
#endif
|
||||
}
|
||||
@ -968,6 +972,59 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
|
||||
const unsigned char *hash,
|
||||
unsigned char *sig );
|
||||
|
||||
/**
|
||||
* \brief This function performs a PKCS#1 v2.1 PSS signature
|
||||
* operation (RSASSA-PSS-SIGN).
|
||||
*
|
||||
* \note The \p hash_id in the RSA context is the one used for the
|
||||
* encoding. \p md_alg in the function call is the type of hash
|
||||
* that is encoded. According to <em>RFC-3447: Public-Key
|
||||
* Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
|
||||
* Specifications</em> it is advised to keep both hashes the
|
||||
* same.
|
||||
*
|
||||
* \note This function enforces that the provided salt length complies
|
||||
* with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1 v2.2) §9.1.1
|
||||
* step 3. The constraint is that the hash length plus the salt
|
||||
* length plus 2 bytes must be at most the key length. If this
|
||||
* constraint is not met, this function returns
|
||||
* #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
|
||||
*
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param f_rng The RNG function. It must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
|
||||
* if \p f_rng doesn't need a context argument.
|
||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||
* \param hashlen The length of the message digest.
|
||||
* Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
|
||||
* \param hash The buffer holding the message digest or raw data.
|
||||
* If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
|
||||
* buffer of length \p hashlen Bytes. If \p md_alg is not
|
||||
* #MBEDTLS_MD_NONE, it must be a readable buffer of length
|
||||
* the size of the hash corresponding to \p md_alg.
|
||||
* \param saltlen The length of the salt that should be used.
|
||||
* If passed #MBEDTLS_RSA_SALT_LEN_ANY, the function will use
|
||||
* the largest possible salt length up to the hash length,
|
||||
* which is the largest permitted by some standards including
|
||||
* FIPS 186-4 §5.5.
|
||||
* \param sig The buffer to hold the signature. This must be a writable
|
||||
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||
* for an 2048-bit RSA modulus. A buffer length of
|
||||
* #MBEDTLS_MPI_MAX_SIZE is always safe.
|
||||
*
|
||||
* \return \c 0 if the signing operation was successful.
|
||||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
mbedtls_md_type_t md_alg,
|
||||
unsigned int hashlen,
|
||||
const unsigned char *hash,
|
||||
int saltlen,
|
||||
unsigned char *sig );
|
||||
|
||||
/**
|
||||
* \brief This function performs a PKCS#1 v2.1 PSS signature
|
||||
* operation (RSASSA-PSS-SIGN).
|
||||
|
@ -46,6 +46,9 @@ extern "C" {
|
||||
typedef struct mbedtls_threading_mutex_t
|
||||
{
|
||||
pthread_mutex_t mutex;
|
||||
/* is_valid is 0 after a failed init or a free, and nonzero after a
|
||||
* successful init. This field is not considered part of the public
|
||||
* API of Mbed TLS and may change without notice. */
|
||||
char is_valid;
|
||||
} mbedtls_threading_mutex_t;
|
||||
#endif
|
||||
|
@ -37,7 +37,7 @@
|
||||
* Major, Minor, Patchlevel
|
||||
*/
|
||||
#define MBEDTLS_VERSION_MAJOR 2
|
||||
#define MBEDTLS_VERSION_MINOR 25
|
||||
#define MBEDTLS_VERSION_MINOR 26
|
||||
#define MBEDTLS_VERSION_PATCH 0
|
||||
|
||||
/**
|
||||
@ -45,9 +45,9 @@
|
||||
* MMNNPP00
|
||||
* Major version | Minor version | Patch version
|
||||
*/
|
||||
#define MBEDTLS_VERSION_NUMBER 0x02190000
|
||||
#define MBEDTLS_VERSION_STRING "2.25.0"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.25.0"
|
||||
#define MBEDTLS_VERSION_NUMBER 0x021A0000
|
||||
#define MBEDTLS_VERSION_STRING "2.26.0"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.26.0"
|
||||
|
||||
#if defined(MBEDTLS_VERSION_C)
|
||||
|
||||
|
@ -90,10 +90,14 @@ extern "C" {
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
|
||||
* \retval #PSA_ERROR_STORAGE_FAILURE
|
||||
* \retval #PSA_ERROR_DATA_INVALID
|
||||
* \retval #PSA_ERROR_DATA_CORRUPT
|
||||
*/
|
||||
psa_status_t psa_crypto_init(void);
|
||||
|
||||
@ -260,6 +264,14 @@ static psa_key_usage_t psa_get_key_usage_flags(
|
||||
* - An algorithm value permits this particular algorithm.
|
||||
* - An algorithm wildcard built from #PSA_ALG_ANY_HASH allows the specified
|
||||
* signature scheme with any hash algorithm.
|
||||
* - An algorithm built from #PSA_ALG_AT_LEAST_THIS_LENGTH_MAC allows
|
||||
* any MAC algorithm from the same base class (e.g. CMAC) which
|
||||
* generates/verifies a MAC length greater than or equal to the length
|
||||
* encoded in the wildcard algorithm.
|
||||
* - An algorithm built from #PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG
|
||||
* allows any AEAD algorithm from the same base class (e.g. CCM) which
|
||||
* generates/verifies a tag length greater than or equal to the length
|
||||
* encoded in the wildcard algorithm.
|
||||
*
|
||||
* This function overwrites any algorithm policy
|
||||
* previously set in \p attributes.
|
||||
@ -368,6 +380,8 @@ static size_t psa_get_key_bits(const psa_key_attributes_t *attributes);
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
||||
* \retval #PSA_ERROR_STORAGE_FAILURE
|
||||
* \retval #PSA_ERROR_DATA_CORRUPT
|
||||
* \retval #PSA_ERROR_DATA_INVALID
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* The library has not been previously initialized by psa_crypto_init().
|
||||
* It is implementation-dependent whether a failure to initialize
|
||||
@ -501,6 +515,8 @@ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key);
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
* \retval #PSA_ERROR_DATA_INVALID
|
||||
* \retval #PSA_ERROR_DATA_CORRUPT
|
||||
* \retval #PSA_ERROR_STORAGE_FAILURE
|
||||
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
@ -540,6 +556,10 @@ psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key,
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* There was an failure in communication with the cryptoprocessor.
|
||||
* The key material may still be present in the cryptoprocessor.
|
||||
* \retval #PSA_ERROR_DATA_INVALID
|
||||
* This error is typically a result of either storage corruption on a
|
||||
* cleartext storage backend, or an attempt to read data that was
|
||||
* written by an incompatible version of the library.
|
||||
* \retval #PSA_ERROR_STORAGE_FAILURE
|
||||
* The storage is corrupted. Implementations shall make a best effort
|
||||
* to erase key material even in this stage, however applications
|
||||
@ -625,6 +645,8 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key);
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_DATA_CORRUPT
|
||||
* \retval #PSA_ERROR_DATA_INVALID
|
||||
* \retval #PSA_ERROR_STORAGE_FAILURE
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
||||
@ -687,6 +709,8 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
|
||||
* For Weierstrass curves, this is the content of the `privateKey` field of
|
||||
* the `ECPrivateKey` format defined by RFC 5915. For Montgomery curves,
|
||||
* the format is defined by RFC 7748, and output is masked according to §5.
|
||||
* For twisted Edwards curves, the private key is as defined by RFC 8032
|
||||
* (a 32-byte string for Edwards25519, a 57-byte string for Edwards448).
|
||||
* - For Diffie-Hellman key exchange key pairs (key types for which
|
||||
* #PSA_KEY_TYPE_IS_DH_KEY_PAIR is true), the
|
||||
* format is the representation of the private key `x` as a big-endian byte
|
||||
@ -713,7 +737,7 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
|
||||
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
||||
* The size of the \p data buffer is too small. You can determine a
|
||||
* sufficient buffer size by calling
|
||||
* #PSA_KEY_EXPORT_MAX_SIZE(\c type, \c bits)
|
||||
* #PSA_EXPORT_KEY_OUTPUT_SIZE(\c type, \c bits)
|
||||
* where \c type is the key type
|
||||
* and \c bits is the key size in bits.
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
@ -752,7 +776,12 @@ psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
|
||||
* modulus INTEGER, -- n
|
||||
* publicExponent INTEGER } -- e
|
||||
* ```
|
||||
* - For elliptic curve public keys (key types for which
|
||||
* - For elliptic curve keys on a twisted Edwards curve (key types for which
|
||||
* #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true and #PSA_KEY_TYPE_GET_CURVE
|
||||
* returns #PSA_ECC_FAMILY_TWISTED_EDWARDS), the public key is as defined
|
||||
* by RFC 8032
|
||||
* (a 32-byte string for Edwards25519, a 57-byte string for Edwards448).
|
||||
* - For other elliptic curve public keys (key types for which
|
||||
* #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true), the format is the uncompressed
|
||||
* representation defined by SEC1 §2.3.3 as the content of an ECPoint.
|
||||
* Let `m` be the bit size associated with the curve, i.e. the bit size of
|
||||
@ -783,7 +812,7 @@ psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
|
||||
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
||||
* The size of the \p data buffer is too small. You can determine a
|
||||
* sufficient buffer size by calling
|
||||
* #PSA_KEY_EXPORT_MAX_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\c type), \c bits)
|
||||
* #PSA_EXPORT_KEY_OUTPUT_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\c type), \c bits)
|
||||
* where \c type is the key type
|
||||
* and \c bits is the key size in bits.
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
@ -822,7 +851,7 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
|
||||
* \param hash_size Size of the \p hash buffer in bytes.
|
||||
* \param[out] hash_length On success, the number of bytes
|
||||
* that make up the hash value. This is always
|
||||
* #PSA_HASH_SIZE(\p alg).
|
||||
* #PSA_HASH_LENGTH(\p alg).
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success.
|
||||
@ -1032,7 +1061,7 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
|
||||
* \param hash_size Size of the \p hash buffer in bytes.
|
||||
* \param[out] hash_length On success, the number of bytes
|
||||
* that make up the hash value. This is always
|
||||
* #PSA_HASH_SIZE(\c alg) where \c alg is the
|
||||
* #PSA_HASH_LENGTH(\c alg) where \c alg is the
|
||||
* hash algorithm that is calculated.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
@ -1041,7 +1070,7 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
|
||||
* The operation state is not valid (it must be active).
|
||||
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
||||
* The size of the \p hash buffer is too small. You can determine a
|
||||
* sufficient buffer size by calling #PSA_HASH_SIZE(\c alg)
|
||||
* sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg)
|
||||
* where \c alg is the hash algorithm that is calculated.
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
@ -1479,7 +1508,7 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
|
||||
* \param mac_size Size of the \p mac buffer in bytes.
|
||||
* \param[out] mac_length On success, the number of bytes
|
||||
* that make up the MAC value. This is always
|
||||
* #PSA_MAC_FINAL_SIZE(\c key_type, \c key_bits, \c alg)
|
||||
* #PSA_MAC_LENGTH(\c key_type, \c key_bits, \c alg)
|
||||
* where \c key_type and \c key_bits are the type and
|
||||
* bit-size respectively of the key and \c alg is the
|
||||
* MAC algorithm that is calculated.
|
||||
@ -1491,7 +1520,7 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
|
||||
* operation).
|
||||
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
||||
* The size of the \p mac buffer is too small. You can determine a
|
||||
* sufficient buffer size by calling PSA_MAC_FINAL_SIZE().
|
||||
* sufficient buffer size by calling PSA_MAC_LENGTH().
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
@ -2818,7 +2847,8 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
|
||||
*
|
||||
* Note that to perform a hash-and-sign signature algorithm, you must
|
||||
* first calculate the hash by calling psa_hash_setup(), psa_hash_update()
|
||||
* and psa_hash_finish(). Then pass the resulting hash as the \p hash
|
||||
* and psa_hash_finish(), or alternatively by calling psa_hash_compute().
|
||||
* Then pass the resulting hash as the \p hash
|
||||
* parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
|
||||
* to determine the hash algorithm to use.
|
||||
*
|
||||
@ -2869,7 +2899,8 @@ psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key,
|
||||
*
|
||||
* Note that to perform a hash-and-sign signature algorithm, you must
|
||||
* first calculate the hash by calling psa_hash_setup(), psa_hash_update()
|
||||
* and psa_hash_finish(). Then pass the resulting hash as the \p hash
|
||||
* and psa_hash_finish(), or alternatively by calling psa_hash_compute().
|
||||
* Then pass the resulting hash as the \p hash
|
||||
* parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
|
||||
* to determine the hash algorithm to use.
|
||||
*
|
||||
@ -3443,7 +3474,8 @@ psa_status_t psa_key_derivation_output_bytes(
|
||||
* state and must be aborted by calling psa_key_derivation_abort().
|
||||
*
|
||||
* How much output is produced and consumed from the operation, and how
|
||||
* the key is derived, depends on the key type:
|
||||
* the key is derived, depends on the key type and on the key size
|
||||
* (denoted \c bits below):
|
||||
*
|
||||
* - For key types for which the key is an arbitrary sequence of bytes
|
||||
* of a given size, this function is functionally equivalent to
|
||||
@ -3453,7 +3485,7 @@ psa_status_t psa_key_derivation_output_bytes(
|
||||
* if the implementation provides an isolation boundary then
|
||||
* the key material is not exposed outside the isolation boundary.
|
||||
* As a consequence, for these key types, this function always consumes
|
||||
* exactly (\p bits / 8) bytes from the operation.
|
||||
* exactly (\c bits / 8) bytes from the operation.
|
||||
* The following key types defined in this specification follow this scheme:
|
||||
*
|
||||
* - #PSA_KEY_TYPE_AES;
|
||||
@ -3474,8 +3506,8 @@ psa_status_t psa_key_derivation_output_bytes(
|
||||
* string and process it as specified in RFC 7748 §5.
|
||||
*
|
||||
* - For key types for which the key is represented by a single sequence of
|
||||
* \p bits bits with constraints as to which bit sequences are acceptable,
|
||||
* this function draws a byte string of length (\p bits / 8) bytes rounded
|
||||
* \c bits bits with constraints as to which bit sequences are acceptable,
|
||||
* this function draws a byte string of length (\c bits / 8) bytes rounded
|
||||
* up to the nearest whole number of bytes. If the resulting byte string
|
||||
* is acceptable, it becomes the key, otherwise the drawn bytes are discarded.
|
||||
* This process is repeated until an acceptable byte string is drawn.
|
||||
@ -3556,6 +3588,8 @@ psa_status_t psa_key_derivation_output_bytes(
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
||||
* \retval #PSA_ERROR_DATA_INVALID
|
||||
* \retval #PSA_ERROR_DATA_CORRUPT
|
||||
* \retval #PSA_ERROR_STORAGE_FAILURE
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* The library has not been previously initialized by psa_crypto_init().
|
||||
@ -3721,6 +3755,8 @@ psa_status_t psa_generate_random(uint8_t *output,
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
|
||||
* \retval #PSA_ERROR_DATA_INVALID
|
||||
* \retval #PSA_ERROR_DATA_CORRUPT
|
||||
* \retval #PSA_ERROR_STORAGE_FAILURE
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* The library has not been previously initialized by psa_crypto_init().
|
||||
|
70
include/psa/crypto_builtin_cipher.h
Normal file
70
include/psa/crypto_builtin_cipher.h
Normal file
@ -0,0 +1,70 @@
|
||||
/*
|
||||
* Context structure declaration of the software-based driver which performs
|
||||
* cipher operations through the PSA Crypto driver dispatch layer.
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef PSA_CRYPTO_BUILTIN_CIPHER_H
|
||||
#define PSA_CRYPTO_BUILTIN_CIPHER_H
|
||||
|
||||
#include <psa/crypto_driver_common.h>
|
||||
#include "mbedtls/cipher.h"
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_XTS) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
|
||||
#define MBEDTLS_PSA_BUILTIN_CIPHER 1
|
||||
#endif
|
||||
|
||||
typedef struct {
|
||||
/* Context structure for the Mbed TLS cipher implementation. */
|
||||
psa_algorithm_t alg;
|
||||
uint8_t iv_length;
|
||||
uint8_t block_length;
|
||||
mbedtls_cipher_context_t cipher;
|
||||
} mbedtls_psa_cipher_operation_t;
|
||||
|
||||
#define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}}
|
||||
|
||||
/*
|
||||
* BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY.
|
||||
*/
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
|
||||
typedef mbedtls_psa_cipher_operation_t
|
||||
mbedtls_transparent_test_driver_cipher_operation_t;
|
||||
|
||||
typedef struct {
|
||||
unsigned int initialised : 1;
|
||||
mbedtls_transparent_test_driver_cipher_operation_t ctx;
|
||||
} mbedtls_opaque_test_driver_cipher_operation_t;
|
||||
|
||||
#define MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT \
|
||||
MBEDTLS_PSA_CIPHER_OPERATION_INIT
|
||||
|
||||
#define MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT \
|
||||
{ 0, MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT }
|
||||
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
|
||||
#endif /* PSA_CRYPTO_BUILTIN_CIPHER_H */
|
89
include/psa/crypto_builtin_hash.h
Normal file
89
include/psa/crypto_builtin_hash.h
Normal file
@ -0,0 +1,89 @@
|
||||
/*
|
||||
* Context structure declaration of the software-based driver which performs
|
||||
* hashing through the PSA Crypto driver dispatch layer.
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef PSA_CRYPTO_BUILTIN_HASH_H
|
||||
#define PSA_CRYPTO_BUILTIN_HASH_H
|
||||
|
||||
#include <psa/crypto_driver_common.h>
|
||||
#include "mbedtls/md2.h"
|
||||
#include "mbedtls/md4.h"
|
||||
#include "mbedtls/md5.h"
|
||||
#include "mbedtls/ripemd160.h"
|
||||
#include "mbedtls/sha1.h"
|
||||
#include "mbedtls/sha256.h"
|
||||
#include "mbedtls/sha512.h"
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
|
||||
#define MBEDTLS_PSA_BUILTIN_HASH
|
||||
#endif
|
||||
|
||||
typedef struct
|
||||
{
|
||||
psa_algorithm_t alg;
|
||||
union
|
||||
{
|
||||
unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
|
||||
#if defined(MBEDTLS_MD2_C)
|
||||
mbedtls_md2_context md2;
|
||||
#endif
|
||||
#if defined(MBEDTLS_MD4_C)
|
||||
mbedtls_md4_context md4;
|
||||
#endif
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
mbedtls_md5_context md5;
|
||||
#endif
|
||||
#if defined(MBEDTLS_RIPEMD160_C)
|
||||
mbedtls_ripemd160_context ripemd160;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
mbedtls_sha1_context sha1;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
mbedtls_sha256_context sha256;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
mbedtls_sha512_context sha512;
|
||||
#endif
|
||||
} ctx;
|
||||
} mbedtls_psa_hash_operation_t;
|
||||
|
||||
#define MBEDTLS_PSA_HASH_OPERATION_INIT {0, {0}}
|
||||
|
||||
/*
|
||||
* BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY.
|
||||
*/
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
|
||||
typedef mbedtls_psa_hash_operation_t mbedtls_transparent_test_driver_hash_operation_t;
|
||||
|
||||
#define MBEDTLS_TRANSPARENT_TEST_DRIVER_HASH_OPERATION_INIT MBEDTLS_PSA_HASH_OPERATION_INIT
|
||||
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
|
||||
#endif /* PSA_CRYPTO_BUILTIN_HASH_H */
|
@ -110,6 +110,18 @@ typedef MBEDTLS_PSA_DEPRECATED psa_algorithm_t mbedtls_deprecated_psa_algorithm_
|
||||
MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_SIGNATURE_MAX_SIZE )
|
||||
#define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ) \
|
||||
MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ) )
|
||||
#define PSA_KEY_EXPORT_MAX_SIZE( key_type, key_bits ) \
|
||||
MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_EXPORT_KEY_OUTPUT_SIZE( key_type, key_bits ) )
|
||||
#define PSA_BLOCK_CIPHER_BLOCK_SIZE( type ) \
|
||||
MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_BLOCK_CIPHER_BLOCK_LENGTH( type ) )
|
||||
#define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE \
|
||||
MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE )
|
||||
#define PSA_HASH_SIZE( alg ) \
|
||||
MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_HASH_LENGTH( alg ) )
|
||||
#define PSA_MAC_FINAL_SIZE( key_type, key_bits, alg ) \
|
||||
MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_MAC_LENGTH( key_type, key_bits, alg ) )
|
||||
#define PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN \
|
||||
MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE )
|
||||
|
||||
/*
|
||||
* Deprecated PSA Crypto function names (PSA Crypto API <= 1.0 beta3)
|
||||
@ -249,6 +261,14 @@ MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_verify( psa_key
|
||||
#define PSA_ALG_CHACHA20 \
|
||||
MBEDTLS_DEPRECATED_CONSTANT( psa_algorithm_t, PSA_ALG_STREAM_CIPHER )
|
||||
|
||||
/*
|
||||
* Renamed AEAD tag length macros (PSA Crypto API <= 1.0 beta3)
|
||||
*/
|
||||
#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH( aead_alg ) \
|
||||
MBEDTLS_DEPRECATED_CONSTANT( psa_algorithm_t, PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( aead_alg ) )
|
||||
#define PSA_ALG_AEAD_WITH_TAG_LENGTH( aead_alg, tag_length ) \
|
||||
MBEDTLS_DEPRECATED_CONSTANT( psa_algorithm_t, PSA_ALG_AEAD_WITH_SHORTENED_TAG( aead_alg, tag_length ) )
|
||||
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/** Open a handle to an existing persistent key.
|
||||
@ -293,9 +313,9 @@ MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_verify( psa_key
|
||||
* number of open keys, the number of open key handles, or available
|
||||
* memory.
|
||||
* \retval #PSA_ERROR_DOES_NOT_EXIST
|
||||
* There is no persistent key with key identifier \p id.
|
||||
* There is no persistent key with key identifier \p key.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \p id is not a valid persistent key identifier.
|
||||
* \p key is not a valid persistent key identifier.
|
||||
* \retval #PSA_ERROR_NOT_PERMITTED
|
||||
* The specified key exists, but the application does not have the
|
||||
* permission to access it. Note that this specification does not
|
||||
@ -304,6 +324,8 @@ MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_verify( psa_key
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
||||
* \retval #PSA_ERROR_STORAGE_FAILURE
|
||||
* \retval #PSA_ERROR_DATA_INVALID
|
||||
* \retval #PSA_ERROR_DATA_CORRUPT
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* The library has not been previously initialized by psa_crypto_init().
|
||||
* It is implementation-dependent whether a failure to initialize
|
||||
|
@ -50,14 +50,28 @@
|
||||
#ifndef PSA_CRYPTO_CONFIG_H
|
||||
#define PSA_CRYPTO_CONFIG_H
|
||||
|
||||
/*
|
||||
* CBC-MAC is not yet supported via the PSA API in Mbed TLS.
|
||||
*/
|
||||
//#define PSA_WANT_ALG_CBC_MAC 1
|
||||
#define PSA_WANT_ALG_CBC_NO_PADDING 1
|
||||
#define PSA_WANT_ALG_CBC_PKCS7 1
|
||||
#define PSA_WANT_ALG_CCM 1
|
||||
#define PSA_WANT_ALG_CFB 1
|
||||
#define PSA_WANT_ALG_CHACHA20_POLY1305 1
|
||||
#define PSA_WANT_ALG_CMAC 1
|
||||
#define PSA_WANT_ALG_CTR 1
|
||||
#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
|
||||
#define PSA_WANT_ALG_ECB_NO_PADDING 1
|
||||
#define PSA_WANT_ALG_ECDH 1
|
||||
#define PSA_WANT_ALG_ECDSA 1
|
||||
#define PSA_WANT_ALG_GCM 1
|
||||
#define PSA_WANT_ALG_HKDF 1
|
||||
#define PSA_WANT_ALG_HMAC 1
|
||||
#define PSA_WANT_ALG_MD2 1
|
||||
#define PSA_WANT_ALG_MD4 1
|
||||
#define PSA_WANT_ALG_MD5 1
|
||||
#define PSA_WANT_ALG_OFB 1
|
||||
#define PSA_WANT_ALG_RIPEMD160 1
|
||||
#define PSA_WANT_ALG_RSA_OAEP 1
|
||||
#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
|
||||
@ -68,10 +82,45 @@
|
||||
#define PSA_WANT_ALG_SHA_256 1
|
||||
#define PSA_WANT_ALG_SHA_384 1
|
||||
#define PSA_WANT_ALG_SHA_512 1
|
||||
#define PSA_WANT_ALG_STREAM_CIPHER 1
|
||||
#define PSA_WANT_ALG_TLS12_PRF 1
|
||||
#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
|
||||
#define PSA_WANT_ALG_XTS 1
|
||||
|
||||
#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
|
||||
#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
|
||||
#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
|
||||
#define PSA_WANT_ECC_MONTGOMERY_255 1
|
||||
/*
|
||||
* Curve448 is not yet supported via the PSA API in Mbed TLS
|
||||
* (https://github.com/ARMmbed/mbedtls/issues/4249). Thus, do not enable it by
|
||||
* default.
|
||||
*/
|
||||
//#define PSA_WANT_ECC_MONTGOMERY_448 1
|
||||
#define PSA_WANT_ECC_SECP_K1_192 1
|
||||
/*
|
||||
* SECP224K1 is buggy via the PSA API in Mbed TLS
|
||||
* (https://github.com/ARMmbed/mbedtls/issues/3541). Thus, do not enable it by
|
||||
* default.
|
||||
*/
|
||||
//#define PSA_WANT_ECC_SECP_K1_224 1
|
||||
#define PSA_WANT_ECC_SECP_K1_256 1
|
||||
#define PSA_WANT_ECC_SECP_R1_192 1
|
||||
#define PSA_WANT_ECC_SECP_R1_224 1
|
||||
#define PSA_WANT_ECC_SECP_R1_256 1
|
||||
#define PSA_WANT_ECC_SECP_R1_384 1
|
||||
#define PSA_WANT_ECC_SECP_R1_521 1
|
||||
|
||||
#define PSA_WANT_KEY_TYPE_DERIVE 1
|
||||
#define PSA_WANT_KEY_TYPE_HMAC 1
|
||||
#define PSA_WANT_KEY_TYPE_AES 1
|
||||
#define PSA_WANT_KEY_TYPE_ARC4 1
|
||||
#define PSA_WANT_KEY_TYPE_CAMELLIA 1
|
||||
#define PSA_WANT_KEY_TYPE_CHACHA20 1
|
||||
#define PSA_WANT_KEY_TYPE_DES 1
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1
|
||||
#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
|
||||
#define PSA_WANT_KEY_TYPE_RAW_DATA 1
|
||||
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
|
||||
#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
|
||||
|
||||
|
61
include/psa/crypto_driver_contexts.h
Normal file
61
include/psa/crypto_driver_contexts.h
Normal file
@ -0,0 +1,61 @@
|
||||
/*
|
||||
* Declaration of context structures for use with the PSA driver wrapper
|
||||
* interface.
|
||||
*
|
||||
* Warning: This file will be auto-generated in the future.
|
||||
*/
|
||||
/* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef PSA_CRYPTO_DRIVER_CONTEXTS_H
|
||||
#define PSA_CRYPTO_DRIVER_CONTEXTS_H
|
||||
|
||||
#include "psa/crypto.h"
|
||||
#include "psa/crypto_driver_common.h"
|
||||
|
||||
/* Include the context structure definitions for those drivers that were
|
||||
* declared during the autogeneration process. */
|
||||
|
||||
/* Include the context structure definitions for the Mbed TLS software drivers */
|
||||
#include "psa/crypto_builtin_cipher.h"
|
||||
#include "psa/crypto_builtin_hash.h"
|
||||
|
||||
/* Define the context to be used for an operation that is executed through the
|
||||
* PSA Driver wrapper layer as the union of all possible driver's contexts.
|
||||
*
|
||||
* The union members are the driver's context structures, and the member names
|
||||
* are formatted as `'drivername'_ctx`. This allows for procedural generation
|
||||
* of both this file and the content of psa_crypto_driver_wrappers.c */
|
||||
|
||||
typedef union {
|
||||
unsigned dummy; /* Make sure this structure is always non-empty */
|
||||
mbedtls_psa_hash_operation_t mbedtls_ctx;
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
mbedtls_transparent_test_driver_hash_operation_t test_driver_ctx;
|
||||
#endif
|
||||
} psa_driver_hash_context_t;
|
||||
|
||||
typedef union {
|
||||
unsigned dummy; /* Make sure this structure is always non-empty */
|
||||
mbedtls_psa_cipher_operation_t mbedtls_ctx;
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
mbedtls_transparent_test_driver_cipher_operation_t transparent_test_driver_ctx;
|
||||
mbedtls_opaque_test_driver_cipher_operation_t opaque_test_driver_ctx;
|
||||
#endif
|
||||
} psa_driver_cipher_context_t;
|
||||
|
||||
#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_H */
|
||||
/* End of automatically generated file. */
|
@ -39,6 +39,10 @@ extern "C" {
|
||||
/* UID for secure storage seed */
|
||||
#define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52
|
||||
|
||||
/* See config.h for definition */
|
||||
#if !defined(MBEDTLS_PSA_KEY_SLOT_COUNT)
|
||||
#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
|
||||
#endif
|
||||
|
||||
/** \addtogroup attributes
|
||||
* @{
|
||||
@ -175,6 +179,9 @@ static inline void psa_clear_key_slot_number(
|
||||
* The secure element driver for the specified lifetime does not
|
||||
* support registering a key.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* The identifier in \p attributes is invalid, namely the identifier is
|
||||
* not in the user range.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \p attributes specifies a lifetime which is not located
|
||||
* in a secure element.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
@ -183,8 +190,10 @@ static inline void psa_clear_key_slot_number(
|
||||
* \retval #PSA_ERROR_NOT_PERMITTED
|
||||
* The caller is not authorized to register the specified key slot.
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
* \retval #PSA_ERROR_DATA_INVALID
|
||||
* \retval #PSA_ERROR_DATA_CORRUPT
|
||||
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* The library has not been previously initialized by psa_crypto_init().
|
||||
@ -403,10 +412,9 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
|
||||
|
||||
/* We need to expand the sample definition of this macro from
|
||||
* the API definition. */
|
||||
#undef PSA_ALG_IS_HASH_AND_SIGN
|
||||
#define PSA_ALG_IS_HASH_AND_SIGN(alg) \
|
||||
(PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \
|
||||
PSA_ALG_IS_DSA(alg) || PSA_ALG_IS_ECDSA(alg))
|
||||
#undef PSA_ALG_IS_VENDOR_HASH_AND_SIGN
|
||||
#define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) \
|
||||
PSA_ALG_IS_DSA(alg)
|
||||
|
||||
/**@}*/
|
||||
|
||||
@ -637,16 +645,21 @@ static inline psa_ecc_family_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id gr
|
||||
*
|
||||
* \param curve A PSA elliptic curve identifier
|
||||
* (`PSA_ECC_FAMILY_xxx`).
|
||||
* \param byte_length The byte-length of a private key on \p curve.
|
||||
* \param bits The bit-length of a private key on \p curve.
|
||||
* \param bits_is_sloppy If true, \p bits may be the bit-length rounded up
|
||||
* to the nearest multiple of 8. This allows the caller
|
||||
* to infer the exact curve from the length of a key
|
||||
* which is supplied as a byte string.
|
||||
*
|
||||
* \return The corresponding Mbed TLS elliptic curve identifier
|
||||
* (`MBEDTLS_ECP_DP_xxx`).
|
||||
* \return #MBEDTLS_ECP_DP_NONE if \c curve is not recognized.
|
||||
* \return #MBEDTLS_ECP_DP_NONE if \p byte_length is not
|
||||
* \return #MBEDTLS_ECP_DP_NONE if \p bits is not
|
||||
* correct for \p curve.
|
||||
*/
|
||||
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve,
|
||||
size_t byte_length );
|
||||
size_t bits,
|
||||
int bits_is_sloppy );
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
/**@}*/
|
||||
|
@ -1061,7 +1061,8 @@ typedef psa_status_t (*psa_drv_se_export_key_t)(psa_drv_se_context_t *drv_contex
|
||||
* \brief A function that generates a symmetric or asymmetric key on a secure
|
||||
* element
|
||||
*
|
||||
* If \p type is asymmetric (#PSA_KEY_TYPE_IS_ASYMMETRIC(\p type) = 1),
|
||||
* If the key type \c type recorded in \p attributes
|
||||
* is asymmetric (#PSA_KEY_TYPE_IS_ASYMMETRIC(\c type) = 1),
|
||||
* the driver may export the public key at the time of generation,
|
||||
* in the format documented for psa_export_public_key() by writing it
|
||||
* to the \p pubkey buffer.
|
||||
@ -1364,20 +1365,22 @@ typedef struct {
|
||||
*
|
||||
* \return #PSA_SUCCESS
|
||||
* The driver was successfully registered. Applications can now
|
||||
* use \p lifetime to access keys through the methods passed to
|
||||
* use \p location to access keys through the methods passed to
|
||||
* this function.
|
||||
* \return #PSA_ERROR_BAD_STATE
|
||||
* This function was called after the initialization of the
|
||||
* cryptography module, and this implementation does not support
|
||||
* driver registration at this stage.
|
||||
* \return #PSA_ERROR_ALREADY_EXISTS
|
||||
* There is already a registered driver for this value of \p lifetime.
|
||||
* There is already a registered driver for this value of \p location.
|
||||
* \return #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \p lifetime is a reserved value.
|
||||
* \p location is a reserved value.
|
||||
* \return #PSA_ERROR_NOT_SUPPORTED
|
||||
* `methods->hal_version` is not supported by this implementation.
|
||||
* \return #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* \return #PSA_ERROR_NOT_PERMITTED
|
||||
* \return #PSA_ERROR_STORAGE_FAILURE
|
||||
* \return #PSA_ERROR_DATA_CORRUPT
|
||||
*/
|
||||
psa_status_t psa_register_se_driver(
|
||||
psa_key_location_t location,
|
||||
|
@ -65,11 +65,9 @@
|
||||
*
|
||||
* \return The hash size for the specified hash algorithm.
|
||||
* If the hash algorithm is not recognized, return 0.
|
||||
* An implementation may return either 0 or the correct size
|
||||
* for a hash algorithm that it recognizes, but does not support.
|
||||
*/
|
||||
#define PSA_HASH_SIZE(alg) \
|
||||
( \
|
||||
#define PSA_HASH_LENGTH(alg) \
|
||||
( \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \
|
||||
@ -91,9 +89,8 @@
|
||||
*
|
||||
* Maximum size of a hash.
|
||||
*
|
||||
* This macro must expand to a compile-time constant integer. This value
|
||||
* should be the maximum size of a hash supported by the implementation,
|
||||
* in bytes, and must be no smaller than this maximum.
|
||||
* This macro expands to a compile-time constant integer. This value
|
||||
* is the maximum size of a hash in bytes.
|
||||
*/
|
||||
/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
|
||||
* 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
|
||||
@ -110,9 +107,8 @@
|
||||
*
|
||||
* Maximum size of a MAC.
|
||||
*
|
||||
* This macro must expand to a compile-time constant integer. This value
|
||||
* should be the maximum size of a MAC supported by the implementation,
|
||||
* in bytes, and must be no smaller than this maximum.
|
||||
* This macro expands to a compile-time constant integer. This value
|
||||
* is the maximum size of a MAC in bytes.
|
||||
*/
|
||||
/* All non-HMAC MACs have a maximum size that's smaller than the
|
||||
* minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
|
||||
@ -132,15 +128,18 @@
|
||||
* tag that can be distinguished from the rest of
|
||||
* the ciphertext, return 0.
|
||||
* If the AEAD algorithm is not recognized, return 0.
|
||||
* An implementation may return either 0 or a
|
||||
* correct size for an AEAD algorithm that it
|
||||
* recognizes, but does not support.
|
||||
*/
|
||||
#define PSA_AEAD_TAG_LENGTH(alg) \
|
||||
(PSA_ALG_IS_AEAD(alg) ? \
|
||||
(((alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> PSA_AEAD_TAG_LENGTH_OFFSET) : \
|
||||
0)
|
||||
|
||||
/** The maximum tag size for all supported AEAD algorithms, in bytes.
|
||||
*
|
||||
* See also #PSA_AEAD_TAG_LENGTH(\p alg).
|
||||
*/
|
||||
#define PSA_AEAD_TAG_MAX_SIZE 16
|
||||
|
||||
/* The maximum size of an RSA key on this implementation, in bits.
|
||||
* This is a vendor-specific macro.
|
||||
*
|
||||
@ -188,10 +187,11 @@
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
|
||||
#endif
|
||||
|
||||
/** \def PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN
|
||||
/** This macro returns the maximum supported length of the PSK for the
|
||||
* TLS-1.2 PSK-to-MS key derivation
|
||||
* (#PSA_ALG_TLS12_PSK_TO_MS(\c hash_alg)).
|
||||
*
|
||||
* This macro returns the maximum length of the PSK supported
|
||||
* by the TLS-1.2 PSK-to-MS key derivation.
|
||||
* The maximum supported length does not depend on the chosen hash algorithm.
|
||||
*
|
||||
* Quoting RFC 4279, Sect 5.3:
|
||||
* TLS implementations supporting these ciphersuites MUST support
|
||||
@ -200,17 +200,21 @@
|
||||
* keys is RECOMMENDED.
|
||||
*
|
||||
* Therefore, no implementation should define a value smaller than 64
|
||||
* for #PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN.
|
||||
* for #PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE.
|
||||
*/
|
||||
#define PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN 128
|
||||
#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128
|
||||
|
||||
/** The maximum size of a block cipher supported by the implementation. */
|
||||
#define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE 16
|
||||
/** The maximum size of a block cipher. */
|
||||
#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16
|
||||
|
||||
/** The size of the output of psa_mac_sign_finish(), in bytes.
|
||||
*
|
||||
* This is also the MAC size that psa_mac_verify_finish() expects.
|
||||
*
|
||||
* \warning This macro may evaluate its arguments multiple times or
|
||||
* zero times, so you should not pass arguments that contain
|
||||
* side effects.
|
||||
*
|
||||
* \param key_type The type of the MAC key.
|
||||
* \param key_bits The size of the MAC key in bits.
|
||||
* \param alg A MAC algorithm (\c PSA_ALG_XXX value such that
|
||||
@ -224,10 +228,10 @@
|
||||
* \return Unspecified if the key parameters are not consistent
|
||||
* with the algorithm.
|
||||
*/
|
||||
#define PSA_MAC_FINAL_SIZE(key_type, key_bits, alg) \
|
||||
((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
|
||||
PSA_ALG_IS_HMAC(alg) ? PSA_HASH_SIZE(PSA_ALG_HMAC_GET_HASH(alg)) : \
|
||||
PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : \
|
||||
#define PSA_MAC_LENGTH(key_type, key_bits, alg) \
|
||||
((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
|
||||
PSA_ALG_IS_HMAC(alg) ? PSA_HASH_LENGTH(PSA_ALG_HMAC_GET_HASH(alg)) : \
|
||||
PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
|
||||
((void)(key_type), (void)(key_bits), 0))
|
||||
|
||||
/** The maximum size of the output of psa_aead_encrypt(), in bytes.
|
||||
@ -237,6 +241,10 @@
|
||||
* insufficient buffer size. Depending on the algorithm, the actual size of
|
||||
* the ciphertext may be smaller.
|
||||
*
|
||||
* \warning This macro may evaluate its arguments multiple times or
|
||||
* zero times, so you should not pass arguments that contain
|
||||
* side effects.
|
||||
*
|
||||
* \param alg An AEAD algorithm
|
||||
* (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_AEAD(\p alg) is true).
|
||||
@ -245,15 +253,33 @@
|
||||
* \return The AEAD ciphertext size for the specified
|
||||
* algorithm.
|
||||
* If the AEAD algorithm is not recognized, return 0.
|
||||
* An implementation may return either 0 or a
|
||||
* correct size for an AEAD algorithm that it
|
||||
* recognizes, but does not support.
|
||||
*/
|
||||
#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \
|
||||
(PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
|
||||
(plaintext_length) + PSA_AEAD_TAG_LENGTH(alg) : \
|
||||
0)
|
||||
|
||||
/** A sufficient output buffer size for psa_aead_encrypt(), for any of the
|
||||
* supported key types and AEAD algorithms.
|
||||
*
|
||||
* If the size of the ciphertext buffer is at least this large, it is guaranteed
|
||||
* that psa_aead_encrypt() will not fail due to an insufficient buffer size.
|
||||
*
|
||||
* \note This macro returns a compile-time constant if its arguments are
|
||||
* compile-time constants.
|
||||
*
|
||||
* See also #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\p alg, \p plaintext_length).
|
||||
*
|
||||
* \param plaintext_length Size of the plaintext in bytes.
|
||||
*
|
||||
* \return A sufficient output buffer size for any of the
|
||||
* supported key types and AEAD algorithms.
|
||||
*
|
||||
*/
|
||||
#define PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(plaintext_length) \
|
||||
((plaintext_length) + PSA_AEAD_TAG_MAX_SIZE)
|
||||
|
||||
|
||||
/** The maximum size of the output of psa_aead_decrypt(), in bytes.
|
||||
*
|
||||
* If the size of the plaintext buffer is at least this large, it is
|
||||
@ -261,6 +287,10 @@
|
||||
* insufficient buffer size. Depending on the algorithm, the actual size of
|
||||
* the plaintext may be smaller.
|
||||
*
|
||||
* \warning This macro may evaluate its arguments multiple times or
|
||||
* zero times, so you should not pass arguments that contain
|
||||
* side effects.
|
||||
*
|
||||
* \param alg An AEAD algorithm
|
||||
* (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_AEAD(\p alg) is true).
|
||||
@ -269,15 +299,79 @@
|
||||
* \return The AEAD ciphertext size for the specified
|
||||
* algorithm.
|
||||
* If the AEAD algorithm is not recognized, return 0.
|
||||
* An implementation may return either 0 or a
|
||||
* correct size for an AEAD algorithm that it
|
||||
* recognizes, but does not support.
|
||||
*/
|
||||
#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \
|
||||
(PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
|
||||
(ciphertext_length) - PSA_AEAD_TAG_LENGTH(alg) : \
|
||||
0)
|
||||
|
||||
/** A sufficient output buffer size for psa_aead_decrypt(), for any of the
|
||||
* supported key types and AEAD algorithms.
|
||||
*
|
||||
* If the size of the plaintext buffer is at least this large, it is guaranteed
|
||||
* that psa_aead_decrypt() will not fail due to an insufficient buffer size.
|
||||
*
|
||||
* \note This macro returns a compile-time constant if its arguments are
|
||||
* compile-time constants.
|
||||
*
|
||||
* See also #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\p alg, \p ciphertext_length).
|
||||
*
|
||||
* \param ciphertext_length Size of the ciphertext in bytes.
|
||||
*
|
||||
* \return A sufficient output buffer size for any of the
|
||||
* supported key types and AEAD algorithms.
|
||||
*
|
||||
*/
|
||||
#define PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(ciphertext_length) \
|
||||
(ciphertext_length)
|
||||
|
||||
/** The default nonce size for an AEAD algorithm, in bytes.
|
||||
*
|
||||
* This macro can be used to allocate a buffer of sufficient size to
|
||||
* store the nonce output from #psa_aead_generate_nonce().
|
||||
*
|
||||
* See also #PSA_AEAD_NONCE_MAX_SIZE.
|
||||
*
|
||||
* \note This is not the maximum size of nonce supported as input to
|
||||
* #psa_aead_set_nonce(), #psa_aead_encrypt() or #psa_aead_decrypt(),
|
||||
* just the default size that is generated by #psa_aead_generate_nonce().
|
||||
*
|
||||
* \warning This macro may evaluate its arguments multiple times or
|
||||
* zero times, so you should not pass arguments that contain
|
||||
* side effects.
|
||||
*
|
||||
* \param key_type A symmetric key type that is compatible with
|
||||
* algorithm \p alg.
|
||||
*
|
||||
* \param alg An AEAD algorithm (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_AEAD(\p alg) is true).
|
||||
*
|
||||
* \return The default nonce size for the specified key type and algorithm.
|
||||
* If the key type or AEAD algorithm is not recognized,
|
||||
* or the parameters are incompatible, return 0.
|
||||
*/
|
||||
#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
|
||||
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \
|
||||
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CCM ? 13 : \
|
||||
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_GCM ? 12 : \
|
||||
0 : \
|
||||
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
|
||||
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CHACHA20_POLY1305 ? 12 : \
|
||||
0)
|
||||
|
||||
/** The maximum default nonce size among all supported pairs of key types and
|
||||
* AEAD algorithms, in bytes.
|
||||
*
|
||||
* This is equal to or greater than any value that #PSA_AEAD_NONCE_LENGTH()
|
||||
* may return.
|
||||
*
|
||||
* \note This is not the maximum size of nonce supported as input to
|
||||
* #psa_aead_set_nonce(), #psa_aead_encrypt() or #psa_aead_decrypt(),
|
||||
* just the largest size that may be generated by
|
||||
* #psa_aead_generate_nonce().
|
||||
*/
|
||||
#define PSA_AEAD_NONCE_MAX_SIZE 13
|
||||
|
||||
/** A sufficient output buffer size for psa_aead_update().
|
||||
*
|
||||
* If the size of the output buffer is at least this large, it is
|
||||
@ -285,6 +379,10 @@
|
||||
* insufficient buffer size. The actual size of the output may be smaller
|
||||
* in any given call.
|
||||
*
|
||||
* \warning This macro may evaluate its arguments multiple times or
|
||||
* zero times, so you should not pass arguments that contain
|
||||
* side effects.
|
||||
*
|
||||
* \param alg An AEAD algorithm
|
||||
* (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_AEAD(\p alg) is true).
|
||||
@ -293,19 +391,29 @@
|
||||
* \return A sufficient output buffer size for the specified
|
||||
* algorithm.
|
||||
* If the AEAD algorithm is not recognized, return 0.
|
||||
* An implementation may return either 0 or a
|
||||
* correct size for an AEAD algorithm that it
|
||||
* recognizes, but does not support.
|
||||
*/
|
||||
/* For all the AEAD modes defined in this specification, it is possible
|
||||
* to emit output without delay. However, hardware may not always be
|
||||
* capable of this. So for modes based on a block cipher, allow the
|
||||
* implementation to delay the output until it has a full block. */
|
||||
#define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \
|
||||
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
|
||||
PSA_ROUND_UP_TO_MULTIPLE(PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE, (input_length)) : \
|
||||
#define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \
|
||||
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
|
||||
PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)) : \
|
||||
(input_length))
|
||||
|
||||
/** A sufficient output buffer size for psa_aead_update(), for any of the
|
||||
* supported key types and AEAD algorithms.
|
||||
*
|
||||
* If the size of the output buffer is at least this large, it is guaranteed
|
||||
* that psa_aead_update() will not fail due to an insufficient buffer size.
|
||||
*
|
||||
* See also #PSA_AEAD_UPDATE_OUTPUT_SIZE(\p alg, \p input_length).
|
||||
*
|
||||
* \param input_length Size of the input in bytes.
|
||||
*/
|
||||
#define PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_length) \
|
||||
(PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)))
|
||||
|
||||
/** A sufficient ciphertext buffer size for psa_aead_finish().
|
||||
*
|
||||
* If the size of the ciphertext buffer is at least this large, it is
|
||||
@ -320,15 +428,19 @@
|
||||
* \return A sufficient ciphertext buffer size for the
|
||||
* specified algorithm.
|
||||
* If the AEAD algorithm is not recognized, return 0.
|
||||
* An implementation may return either 0 or a
|
||||
* correct size for an AEAD algorithm that it
|
||||
* recognizes, but does not support.
|
||||
*/
|
||||
#define PSA_AEAD_FINISH_OUTPUT_SIZE(alg) \
|
||||
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
|
||||
PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE : \
|
||||
PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
|
||||
0)
|
||||
|
||||
/** A sufficient ciphertext buffer size for psa_aead_finish(), for any of the
|
||||
* supported key types and AEAD algorithms.
|
||||
*
|
||||
* See also #PSA_AEAD_FINISH_OUTPUT_SIZE(\p alg).
|
||||
*/
|
||||
#define PSA_AEAD_FINISH_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
|
||||
|
||||
/** A sufficient plaintext buffer size for psa_aead_verify().
|
||||
*
|
||||
* If the size of the plaintext buffer is at least this large, it is
|
||||
@ -343,18 +455,22 @@
|
||||
* \return A sufficient plaintext buffer size for the
|
||||
* specified algorithm.
|
||||
* If the AEAD algorithm is not recognized, return 0.
|
||||
* An implementation may return either 0 or a
|
||||
* correct size for an AEAD algorithm that it
|
||||
* recognizes, but does not support.
|
||||
*/
|
||||
#define PSA_AEAD_VERIFY_OUTPUT_SIZE(alg) \
|
||||
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
|
||||
PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE : \
|
||||
PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
|
||||
0)
|
||||
|
||||
/** A sufficient plaintext buffer size for psa_aead_verify(), for any of the
|
||||
* supported key types and AEAD algorithms.
|
||||
*
|
||||
* See also #PSA_AEAD_VERIFY_OUTPUT_SIZE(\p alg).
|
||||
*/
|
||||
#define PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
|
||||
|
||||
#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
|
||||
(PSA_ALG_IS_RSA_OAEP(alg) ? \
|
||||
2 * PSA_HASH_SIZE(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
|
||||
2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
|
||||
11 /*PKCS#1v1.5*/)
|
||||
|
||||
/**
|
||||
@ -388,9 +504,8 @@
|
||||
* a buffer size in bytes that guarantees that
|
||||
* psa_sign_hash() will not fail with
|
||||
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
||||
* If the parameters are a valid combination that is not supported
|
||||
* by the implementation, this macro shall return either a
|
||||
* sensible size or 0.
|
||||
* If the parameters are a valid combination that is not supported,
|
||||
* return either a sensible size or 0.
|
||||
* If the parameters are not valid, the
|
||||
* return value is unspecified.
|
||||
*/
|
||||
@ -406,9 +521,8 @@
|
||||
*
|
||||
* Maximum size of an asymmetric signature.
|
||||
*
|
||||
* This macro must expand to a compile-time constant integer. This value
|
||||
* should be the maximum size of a signature supported by the implementation,
|
||||
* in bytes, and must be no smaller than this maximum.
|
||||
* This macro expands to a compile-time constant integer. This value
|
||||
* is the maximum size of a signature in bytes.
|
||||
*/
|
||||
#define PSA_SIGNATURE_MAX_SIZE \
|
||||
(PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \
|
||||
@ -435,9 +549,8 @@
|
||||
* a buffer size in bytes that guarantees that
|
||||
* psa_asymmetric_encrypt() will not fail with
|
||||
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
||||
* If the parameters are a valid combination that is not supported
|
||||
* by the implementation, this macro shall return either a
|
||||
* sensible size or 0.
|
||||
* If the parameters are a valid combination that is not supported,
|
||||
* return either a sensible size or 0.
|
||||
* If the parameters are not valid, the
|
||||
* return value is unspecified.
|
||||
*/
|
||||
@ -446,6 +559,15 @@
|
||||
((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
|
||||
0)
|
||||
|
||||
/** A sufficient output buffer size for psa_asymmetric_encrypt(), for any
|
||||
* supported asymmetric encryption.
|
||||
*
|
||||
* See also #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\p key_type, \p key_bits, \p alg).
|
||||
*/
|
||||
/* This macro assumes that RSA is the only supported asymmetric encryption. */
|
||||
#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE \
|
||||
(PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
|
||||
|
||||
/** Sufficient output buffer size for psa_asymmetric_decrypt().
|
||||
*
|
||||
* This macro returns a sufficient buffer size for a plaintext produced using
|
||||
@ -466,9 +588,8 @@
|
||||
* a buffer size in bytes that guarantees that
|
||||
* psa_asymmetric_decrypt() will not fail with
|
||||
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
||||
* If the parameters are a valid combination that is not supported
|
||||
* by the implementation, this macro shall return either a
|
||||
* sensible size or 0.
|
||||
* If the parameters are a valid combination that is not supported,
|
||||
* return either a sensible size or 0.
|
||||
* If the parameters are not valid, the
|
||||
* return value is unspecified.
|
||||
*/
|
||||
@ -477,6 +598,16 @@
|
||||
PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
|
||||
0)
|
||||
|
||||
/** A sufficient output buffer size for psa_asymmetric_decrypt(), for any
|
||||
* supported asymmetric decryption.
|
||||
*
|
||||
* This macro assumes that RSA is the only supported asymmetric encryption.
|
||||
*
|
||||
* See also #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\p key_type, \p key_bits, \p alg).
|
||||
*/
|
||||
#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE \
|
||||
(PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
|
||||
|
||||
/* Maximum size of the ASN.1 encoding of an INTEGER with the specified
|
||||
* number of bits.
|
||||
*
|
||||
@ -587,12 +718,13 @@
|
||||
#define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \
|
||||
(PSA_BITS_TO_BYTES(key_bits))
|
||||
|
||||
/** Sufficient output buffer size for psa_export_key() or psa_export_public_key().
|
||||
/** Sufficient output buffer size for psa_export_key() or
|
||||
* psa_export_public_key().
|
||||
*
|
||||
* This macro returns a compile-time constant if its arguments are
|
||||
* compile-time constants.
|
||||
*
|
||||
* \warning This function may call its arguments multiple times or
|
||||
* \warning This macro may evaluate its arguments multiple times or
|
||||
* zero times, so you should not pass arguments that contain
|
||||
* side effects.
|
||||
*
|
||||
@ -605,7 +737,7 @@
|
||||
* if (status != PSA_SUCCESS) handle_error(...);
|
||||
* psa_key_type_t key_type = psa_get_key_type(&attributes);
|
||||
* size_t key_bits = psa_get_key_bits(&attributes);
|
||||
* size_t buffer_size = PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits);
|
||||
* size_t buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits);
|
||||
* psa_reset_key_attributes(&attributes);
|
||||
* uint8_t *buffer = malloc(buffer_size);
|
||||
* if (buffer == NULL) handle_error(...);
|
||||
@ -614,18 +746,46 @@
|
||||
* if (status != PSA_SUCCESS) handle_error(...);
|
||||
* \endcode
|
||||
*
|
||||
* For psa_export_public_key(), calculate the buffer size from the
|
||||
* public key type. You can use the macro #PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR
|
||||
* to convert a key pair type to the corresponding public key type.
|
||||
* \param key_type A supported key type.
|
||||
* \param key_bits The size of the key in bits.
|
||||
*
|
||||
* \return If the parameters are valid and supported, return
|
||||
* a buffer size in bytes that guarantees that
|
||||
* psa_export_key() or psa_export_public_key() will not fail with
|
||||
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
||||
* If the parameters are a valid combination that is not supported,
|
||||
* return either a sensible size or 0.
|
||||
* If the parameters are not valid, the return value is unspecified.
|
||||
*/
|
||||
#define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \
|
||||
(PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
|
||||
(key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
|
||||
(key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
|
||||
(key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
|
||||
(key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
|
||||
PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
|
||||
PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
|
||||
0)
|
||||
|
||||
/** Sufficient output buffer size for psa_export_public_key().
|
||||
*
|
||||
* This macro returns a compile-time constant if its arguments are
|
||||
* compile-time constants.
|
||||
*
|
||||
* \warning This macro may evaluate its arguments multiple times or
|
||||
* zero times, so you should not pass arguments that contain
|
||||
* side effects.
|
||||
*
|
||||
* The following code illustrates how to allocate enough memory to export
|
||||
* a public key by querying the key type and size at runtime.
|
||||
* \code{c}
|
||||
* psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
* psa_status_t status;
|
||||
* status = psa_get_key_attributes(key, &attributes);
|
||||
* if (status != PSA_SUCCESS) handle_error(...);
|
||||
* psa_key_type_t key_type = psa_get_key_type(&attributes);
|
||||
* psa_key_type_t public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(key_type);
|
||||
* size_t key_bits = psa_get_key_bits(&attributes);
|
||||
* size_t buffer_size = PSA_KEY_EXPORT_MAX_SIZE(public_key_type, key_bits);
|
||||
* size_t buffer_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits);
|
||||
* psa_reset_key_attributes(&attributes);
|
||||
* uint8_t *buffer = malloc(buffer_size);
|
||||
* if (buffer == NULL) handle_error(...);
|
||||
@ -634,71 +794,96 @@
|
||||
* if (status != PSA_SUCCESS) handle_error(...);
|
||||
* \endcode
|
||||
*
|
||||
* \param key_type A supported key type.
|
||||
* \param key_bits The size of the key in bits.
|
||||
* \param key_type A public key or key pair key type.
|
||||
* \param key_bits The size of the key in bits.
|
||||
*
|
||||
* \return If the parameters are valid and supported, return
|
||||
* a buffer size in bytes that guarantees that
|
||||
* psa_sign_hash() will not fail with
|
||||
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
||||
* If the parameters are a valid combination that is not supported
|
||||
* by the implementation, this macro shall return either a
|
||||
* sensible size or 0.
|
||||
* If the parameters are not valid, the
|
||||
* return value is unspecified.
|
||||
* \return If the parameters are valid and supported, return
|
||||
* a buffer size in bytes that guarantees that
|
||||
* psa_export_public_key() will not fail with
|
||||
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
||||
* If the parameters are a valid combination that is not
|
||||
* supported, return either a sensible size or 0.
|
||||
* If the parameters are not valid,
|
||||
* the return value is unspecified.
|
||||
*
|
||||
* If the parameters are valid and supported,
|
||||
* return the same result as
|
||||
* #PSA_EXPORT_KEY_OUTPUT_SIZE(
|
||||
* \p #PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\p key_type),
|
||||
* \p key_bits).
|
||||
*/
|
||||
#define PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits) \
|
||||
(PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
|
||||
(key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
|
||||
(key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
|
||||
(key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
|
||||
(key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
|
||||
PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
|
||||
PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
|
||||
#define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \
|
||||
(PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
|
||||
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
|
||||
0)
|
||||
|
||||
/** The default nonce size for an AEAD algorithm, in bytes.
|
||||
/** Sufficient buffer size for exporting any asymmetric key pair.
|
||||
*
|
||||
* This macro can be used to allocate a buffer of sufficient size to
|
||||
* store the nonce output from #psa_aead_generate_nonce().
|
||||
* This macro expands to a compile-time constant integer. This value is
|
||||
* a sufficient buffer size when calling psa_export_key() to export any
|
||||
* asymmetric key pair, regardless of the exact key type and key size.
|
||||
*
|
||||
* See also #PSA_AEAD_NONCE_MAX_SIZE.
|
||||
* See also #PSA_EXPORT_KEY_OUTPUT_SIZE(\p key_type, \p key_bits).
|
||||
*/
|
||||
#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
|
||||
(PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
|
||||
PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
|
||||
PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
|
||||
PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
|
||||
|
||||
/** Sufficient buffer size for exporting any asymmetric public key.
|
||||
*
|
||||
* \note This is not the maximum size of nonce supported as input to #psa_aead_set_nonce(),
|
||||
* #psa_aead_encrypt() or #psa_aead_decrypt(), just the default size that is generated by
|
||||
* #psa_aead_generate_nonce().
|
||||
* This macro expands to a compile-time constant integer. This value is
|
||||
* a sufficient buffer size when calling psa_export_key() or
|
||||
* psa_export_public_key() to export any asymmetric public key,
|
||||
* regardless of the exact key type and key size.
|
||||
*
|
||||
* See also #PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(\p key_type, \p key_bits).
|
||||
*/
|
||||
#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
|
||||
(PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
|
||||
PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
|
||||
PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
|
||||
PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
|
||||
|
||||
/** Sufficient output buffer size for psa_raw_key_agreement().
|
||||
*
|
||||
* This macro returns a compile-time constant if its arguments are
|
||||
* compile-time constants.
|
||||
*
|
||||
* \warning This macro may evaluate its arguments multiple times or
|
||||
* zero times, so you should not pass arguments that contain
|
||||
* side effects.
|
||||
*
|
||||
* \param key_type A symmetric key type that is compatible with algorithm \p alg.
|
||||
* See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE.
|
||||
*
|
||||
* \param alg An AEAD algorithm (\c PSA_ALG_XXX value such that #PSA_ALG_IS_AEAD(\p alg) is true).
|
||||
* \param key_type A supported key type.
|
||||
* \param key_bits The size of the key in bits.
|
||||
*
|
||||
* \return The default nonce size for the specified key type and algorithm.
|
||||
* If the key type or AEAD algorithm is not recognized,
|
||||
* or the parameters are incompatible, return 0.
|
||||
* An implementation can return either 0 or a correct size for a key type
|
||||
* and AEAD algorithm that it recognizes, but does not support.
|
||||
* \return If the parameters are valid and supported, return
|
||||
* a buffer size in bytes that guarantees that
|
||||
* psa_raw_key_agreement() will not fail with
|
||||
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
||||
* If the parameters are a valid combination that
|
||||
* is not supported, return either a sensible size or 0.
|
||||
* If the parameters are not valid,
|
||||
* the return value is unspecified.
|
||||
*/
|
||||
#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
|
||||
(PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) == 16 && \
|
||||
(PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_CCM || \
|
||||
PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_GCM) ? 12 : \
|
||||
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
|
||||
PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_CHACHA20_POLY1305 ? 12 : \
|
||||
/* FFDH is not yet supported in PSA. */
|
||||
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \
|
||||
(PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? \
|
||||
PSA_BITS_TO_BYTES(key_bits) : \
|
||||
0)
|
||||
|
||||
/** The maximum default nonce size among all supported pairs of key types and AEAD algorithms, in bytes.
|
||||
/** Maximum size of the output from psa_raw_key_agreement().
|
||||
*
|
||||
* This is equal to or greater than any value that #PSA_AEAD_NONCE_LENGTH() may return.
|
||||
* This macro expands to a compile-time constant integer. This value is the
|
||||
* maximum size of the output any raw key agreement algorithm, in bytes.
|
||||
*
|
||||
* \note This is not the maximum size of nonce supported as input to #psa_aead_set_nonce(),
|
||||
* #psa_aead_encrypt() or #psa_aead_decrypt(), just the largest size that may be generated by
|
||||
* #psa_aead_generate_nonce().
|
||||
* See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(\p key_type, \p key_bits).
|
||||
*/
|
||||
#define PSA_AEAD_NONCE_MAX_SIZE 12
|
||||
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE \
|
||||
(PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS))
|
||||
|
||||
/** The default IV size for a cipher algorithm, in bytes.
|
||||
*
|
||||
@ -723,17 +908,15 @@
|
||||
* If the algorithm does not use an IV, return 0.
|
||||
* If the key type or cipher algorithm is not recognized,
|
||||
* or the parameters are incompatible, return 0.
|
||||
* An implementation can return either 0 or a correct size for a key type
|
||||
* and cipher algorithm that it recognizes, but does not support.
|
||||
*/
|
||||
#define PSA_CIPHER_IV_LENGTH(key_type, alg) \
|
||||
(PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) > 1 && \
|
||||
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1 && \
|
||||
((alg) == PSA_ALG_CTR || \
|
||||
(alg) == PSA_ALG_CFB || \
|
||||
(alg) == PSA_ALG_OFB || \
|
||||
(alg) == PSA_ALG_XTS || \
|
||||
(alg) == PSA_ALG_CBC_NO_PADDING || \
|
||||
(alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : \
|
||||
(alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
|
||||
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
|
||||
(alg) == PSA_ALG_STREAM_CIPHER ? 12 : \
|
||||
0)
|
||||
@ -744,4 +927,163 @@
|
||||
*/
|
||||
#define PSA_CIPHER_IV_MAX_SIZE 16
|
||||
|
||||
/** The maximum size of the output of psa_cipher_encrypt(), in bytes.
|
||||
*
|
||||
* If the size of the output buffer is at least this large, it is guaranteed
|
||||
* that psa_cipher_encrypt() will not fail due to an insufficient buffer size.
|
||||
* Depending on the algorithm, the actual size of the output might be smaller.
|
||||
*
|
||||
* See also #PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(\p input_length).
|
||||
*
|
||||
* \warning This macro may evaluate its arguments multiple times or
|
||||
* zero times, so you should not pass arguments that contain
|
||||
* side effects.
|
||||
*
|
||||
* \param key_type A symmetric key type that is compatible with algorithm
|
||||
* alg.
|
||||
* \param alg A cipher algorithm (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_CIPHER(\p alg) is true).
|
||||
* \param input_length Size of the input in bytes.
|
||||
*
|
||||
* \return A sufficient output size for the specified key type and
|
||||
* algorithm. If the key type or cipher algorithm is not
|
||||
* recognized, or the parameters are incompatible,
|
||||
* return 0.
|
||||
*/
|
||||
#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
|
||||
(alg == PSA_ALG_CBC_PKCS7 ? \
|
||||
PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
|
||||
(input_length) + 1) + \
|
||||
PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
|
||||
(PSA_ALG_IS_CIPHER(alg) ? \
|
||||
(input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
|
||||
0))
|
||||
|
||||
/** A sufficient output buffer size for psa_cipher_encrypt(), for any of the
|
||||
* supported key types and cipher algorithms.
|
||||
*
|
||||
* If the size of the output buffer is at least this large, it is guaranteed
|
||||
* that psa_cipher_encrypt() will not fail due to an insufficient buffer size.
|
||||
*
|
||||
* See also #PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(\p key_type, \p alg, \p input_length).
|
||||
*
|
||||
* \param input_length Size of the input in bytes.
|
||||
*
|
||||
*/
|
||||
#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
|
||||
(PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
|
||||
(input_length) + 1) + \
|
||||
PSA_CIPHER_IV_MAX_SIZE)
|
||||
|
||||
/** The maximum size of the output of psa_cipher_decrypt(), in bytes.
|
||||
*
|
||||
* If the size of the output buffer is at least this large, it is guaranteed
|
||||
* that psa_cipher_decrypt() will not fail due to an insufficient buffer size.
|
||||
* Depending on the algorithm, the actual size of the output might be smaller.
|
||||
*
|
||||
* See also #PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(\p input_length).
|
||||
*
|
||||
* \param key_type A symmetric key type that is compatible with algorithm
|
||||
* alg.
|
||||
* \param alg A cipher algorithm (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_CIPHER(\p alg) is true).
|
||||
* \param input_length Size of the input in bytes.
|
||||
*
|
||||
* \return A sufficient output size for the specified key type and
|
||||
* algorithm. If the key type or cipher algorithm is not
|
||||
* recognized, or the parameters are incompatible,
|
||||
* return 0.
|
||||
*/
|
||||
#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
|
||||
(PSA_ALG_IS_CIPHER(alg) && \
|
||||
((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
|
||||
(input_length) : \
|
||||
0)
|
||||
|
||||
/** A sufficient output buffer size for psa_cipher_decrypt(), for any of the
|
||||
* supported key types and cipher algorithms.
|
||||
*
|
||||
* If the size of the output buffer is at least this large, it is guaranteed
|
||||
* that psa_cipher_decrypt() will not fail due to an insufficient buffer size.
|
||||
*
|
||||
* See also #PSA_CIPHER_DECRYPT_OUTPUT_SIZE(\p key_type, \p alg, \p input_length).
|
||||
*
|
||||
* \param input_length Size of the input in bytes.
|
||||
*/
|
||||
#define PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_length) \
|
||||
(input_length)
|
||||
|
||||
/** A sufficient output buffer size for psa_cipher_update().
|
||||
*
|
||||
* If the size of the output buffer is at least this large, it is guaranteed
|
||||
* that psa_cipher_update() will not fail due to an insufficient buffer size.
|
||||
* The actual size of the output might be smaller in any given call.
|
||||
*
|
||||
* See also #PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(\p input_length).
|
||||
*
|
||||
* \param key_type A symmetric key type that is compatible with algorithm
|
||||
* alg.
|
||||
* \param alg A cipher algorithm (PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_CIPHER(\p alg) is true).
|
||||
* \param input_length Size of the input in bytes.
|
||||
*
|
||||
* \return A sufficient output size for the specified key type and
|
||||
* algorithm. If the key type or cipher algorithm is not
|
||||
* recognized, or the parameters are incompatible, return 0.
|
||||
*/
|
||||
#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
|
||||
(PSA_ALG_IS_CIPHER(alg) ? \
|
||||
(((alg) == PSA_ALG_CBC_PKCS7 || \
|
||||
(alg) == PSA_ALG_CBC_NO_PADDING || \
|
||||
(alg) == PSA_ALG_ECB_NO_PADDING) ? \
|
||||
PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
|
||||
input_length) : \
|
||||
(input_length)) : \
|
||||
0)
|
||||
|
||||
/** A sufficient output buffer size for psa_cipher_update(), for any of the
|
||||
* supported key types and cipher algorithms.
|
||||
*
|
||||
* If the size of the output buffer is at least this large, it is guaranteed
|
||||
* that psa_cipher_update() will not fail due to an insufficient buffer size.
|
||||
*
|
||||
* See also #PSA_CIPHER_UPDATE_OUTPUT_SIZE(\p key_type, \p alg, \p input_length).
|
||||
*
|
||||
* \param input_length Size of the input in bytes.
|
||||
*/
|
||||
#define PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input_length) \
|
||||
(PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, input_length))
|
||||
|
||||
/** A sufficient ciphertext buffer size for psa_cipher_finish().
|
||||
*
|
||||
* If the size of the ciphertext buffer is at least this large, it is
|
||||
* guaranteed that psa_cipher_finish() will not fail due to an insufficient
|
||||
* ciphertext buffer size. The actual size of the output might be smaller in
|
||||
* any given call.
|
||||
*
|
||||
* See also #PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE().
|
||||
*
|
||||
* \param key_type A symmetric key type that is compatible with algorithm
|
||||
* alg.
|
||||
* \param alg A cipher algorithm (PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_CIPHER(\p alg) is true).
|
||||
* \return A sufficient output size for the specified key type and
|
||||
* algorithm. If the key type or cipher algorithm is not
|
||||
* recognized, or the parameters are incompatible, return 0.
|
||||
*/
|
||||
#define PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg) \
|
||||
(PSA_ALG_IS_CIPHER(alg) ? \
|
||||
(alg == PSA_ALG_CBC_PKCS7 ? \
|
||||
PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
|
||||
0) : \
|
||||
0)
|
||||
|
||||
/** A sufficient ciphertext buffer size for psa_cipher_finish(), for any of the
|
||||
* supported key types and cipher algorithms.
|
||||
*
|
||||
* See also #PSA_CIPHER_FINISH_OUTPUT_SIZE(\p key_type, \p alg).
|
||||
*/
|
||||
#define PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE \
|
||||
(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
|
||||
|
||||
#endif /* PSA_CRYPTO_SIZES_H */
|
||||
|
@ -65,56 +65,22 @@ extern "C" {
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "mbedtls/cipher.h"
|
||||
#include "mbedtls/cmac.h"
|
||||
#include "mbedtls/gcm.h"
|
||||
#include "mbedtls/md.h"
|
||||
#include "mbedtls/md2.h"
|
||||
#include "mbedtls/md4.h"
|
||||
#include "mbedtls/md5.h"
|
||||
#include "mbedtls/ripemd160.h"
|
||||
#include "mbedtls/sha1.h"
|
||||
#include "mbedtls/sha256.h"
|
||||
#include "mbedtls/sha512.h"
|
||||
|
||||
typedef struct {
|
||||
/** Unique ID indicating which driver got assigned to do the
|
||||
* operation. Since driver contexts are driver-specific, swapping
|
||||
* drivers halfway through the operation is not supported.
|
||||
* ID values are auto-generated in psa_driver_wrappers.h */
|
||||
unsigned int id;
|
||||
/** Context structure for the assigned driver, when id is not zero. */
|
||||
void* ctx;
|
||||
} psa_operation_driver_context_t;
|
||||
/* Include the context definition for the compiled-in drivers */
|
||||
#include "psa/crypto_driver_contexts.h"
|
||||
|
||||
struct psa_hash_operation_s
|
||||
{
|
||||
psa_algorithm_t alg;
|
||||
union
|
||||
{
|
||||
unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
|
||||
#if defined(MBEDTLS_MD2_C)
|
||||
mbedtls_md2_context md2;
|
||||
#endif
|
||||
#if defined(MBEDTLS_MD4_C)
|
||||
mbedtls_md4_context md4;
|
||||
#endif
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
mbedtls_md5_context md5;
|
||||
#endif
|
||||
#if defined(MBEDTLS_RIPEMD160_C)
|
||||
mbedtls_ripemd160_context ripemd160;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
mbedtls_sha1_context sha1;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
mbedtls_sha256_context sha256;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
mbedtls_sha512_context sha512;
|
||||
#endif
|
||||
} ctx;
|
||||
/** Unique ID indicating which driver got assigned to do the
|
||||
* operation. Since driver contexts are driver-specific, swapping
|
||||
* drivers halfway through the operation is not supported.
|
||||
* ID values are auto-generated in psa_driver_wrappers.h
|
||||
* ID value zero means the context is not valid or not assigned to
|
||||
* any driver (i.e. none of the driver contexts are active). */
|
||||
unsigned int id;
|
||||
psa_driver_hash_context_t ctx;
|
||||
};
|
||||
|
||||
#define PSA_HASH_OPERATION_INIT {0, {0}}
|
||||
@ -127,6 +93,8 @@ static inline struct psa_hash_operation_s psa_hash_operation_init( void )
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
typedef struct
|
||||
{
|
||||
/** The HMAC algorithm in use */
|
||||
psa_algorithm_t alg;
|
||||
/** The hash context. */
|
||||
struct psa_hash_operation_s hash_ctx;
|
||||
/** The HMAC part of the context. */
|
||||
@ -164,22 +132,23 @@ static inline struct psa_mac_operation_s psa_mac_operation_init( void )
|
||||
|
||||
struct psa_cipher_operation_s
|
||||
{
|
||||
psa_algorithm_t alg;
|
||||
unsigned int key_set : 1;
|
||||
/** Unique ID indicating which driver got assigned to do the
|
||||
* operation. Since driver contexts are driver-specific, swapping
|
||||
* drivers halfway through the operation is not supported.
|
||||
* ID values are auto-generated in psa_crypto_driver_wrappers.h
|
||||
* ID value zero means the context is not valid or not assigned to
|
||||
* any driver (i.e. none of the driver contexts are active). */
|
||||
unsigned int id;
|
||||
|
||||
unsigned int iv_required : 1;
|
||||
unsigned int iv_set : 1;
|
||||
unsigned int mbedtls_in_use : 1; /* Indicates mbed TLS is handling the operation. */
|
||||
uint8_t iv_size;
|
||||
uint8_t block_size;
|
||||
union
|
||||
{
|
||||
unsigned dummy; /* Enable easier initializing of the union. */
|
||||
mbedtls_cipher_context_t cipher;
|
||||
psa_operation_driver_context_t driver;
|
||||
} ctx;
|
||||
|
||||
uint8_t default_iv_length;
|
||||
|
||||
psa_driver_cipher_context_t ctx;
|
||||
};
|
||||
|
||||
#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, {0}}
|
||||
#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, {0}}
|
||||
static inline struct psa_cipher_operation_s psa_cipher_operation_init( void )
|
||||
{
|
||||
const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT;
|
||||
@ -228,11 +197,11 @@ typedef struct
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
typedef enum
|
||||
{
|
||||
TLS12_PRF_STATE_INIT, /* no input provided */
|
||||
TLS12_PRF_STATE_SEED_SET, /* seed has been set */
|
||||
TLS12_PRF_STATE_KEY_SET, /* key has been set */
|
||||
TLS12_PRF_STATE_LABEL_SET, /* label has been set */
|
||||
TLS12_PRF_STATE_OUTPUT /* output has been started */
|
||||
PSA_TLS12_PRF_STATE_INIT, /* no input provided */
|
||||
PSA_TLS12_PRF_STATE_SEED_SET, /* seed has been set */
|
||||
PSA_TLS12_PRF_STATE_KEY_SET, /* key has been set */
|
||||
PSA_TLS12_PRF_STATE_LABEL_SET, /* label has been set */
|
||||
PSA_TLS12_PRF_STATE_OUTPUT /* output has been started */
|
||||
} psa_tls12_prf_key_derivation_state_t;
|
||||
|
||||
typedef struct psa_tls12_prf_key_derivation_s
|
||||
|
@ -35,6 +35,13 @@
|
||||
|
||||
#include "crypto_platform.h"
|
||||
|
||||
/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
|
||||
* is defined as well to include all PSA code.
|
||||
*/
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
#define MBEDTLS_PSA_CRYPTO_CLIENT
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
/** \defgroup error Error codes
|
||||
|
@ -270,6 +270,46 @@
|
||||
*/
|
||||
#define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136)
|
||||
|
||||
/** Stored data has been corrupted.
|
||||
*
|
||||
* This error indicates that some persistent storage has suffered corruption.
|
||||
* It does not indicate the following situations, which have specific error
|
||||
* codes:
|
||||
*
|
||||
* - A corruption of volatile memory - use #PSA_ERROR_CORRUPTION_DETECTED.
|
||||
* - A communication error between the cryptoprocessor and its external
|
||||
* storage - use #PSA_ERROR_COMMUNICATION_FAILURE.
|
||||
* - When the storage is in a valid state but is full - use
|
||||
* #PSA_ERROR_INSUFFICIENT_STORAGE.
|
||||
* - When the storage fails for other reasons - use
|
||||
* #PSA_ERROR_STORAGE_FAILURE.
|
||||
* - When the stored data is not valid - use #PSA_ERROR_DATA_INVALID.
|
||||
*
|
||||
* \note A storage corruption does not indicate that any data that was
|
||||
* previously read is invalid. However this previously read data might no
|
||||
* longer be readable from storage.
|
||||
*
|
||||
* When a storage failure occurs, it is no longer possible to ensure the
|
||||
* global integrity of the keystore.
|
||||
*/
|
||||
#define PSA_ERROR_DATA_CORRUPT ((psa_status_t)-152)
|
||||
|
||||
/** Data read from storage is not valid for the implementation.
|
||||
*
|
||||
* This error indicates that some data read from storage does not have a valid
|
||||
* format. It does not indicate the following situations, which have specific
|
||||
* error codes:
|
||||
*
|
||||
* - When the storage or stored data is corrupted - use #PSA_ERROR_DATA_CORRUPT
|
||||
* - When the storage fails for other reasons - use #PSA_ERROR_STORAGE_FAILURE
|
||||
* - An invalid argument to the API - use #PSA_ERROR_INVALID_ARGUMENT
|
||||
*
|
||||
* This error is typically a result of either storage corruption on a
|
||||
* cleartext storage backend, or an attempt to read data that was
|
||||
* written by an incompatible version of the library.
|
||||
*/
|
||||
#define PSA_ERROR_DATA_INVALID ((psa_status_t)-153)
|
||||
|
||||
/**@}*/
|
||||
|
||||
/** \defgroup crypto_types Key and algorithm types
|
||||
@ -363,7 +403,7 @@
|
||||
* used for.
|
||||
*
|
||||
* HMAC keys should generally have the same size as the underlying hash.
|
||||
* This size can be calculated with #PSA_HASH_SIZE(\c alg) where
|
||||
* This size can be calculated with #PSA_HASH_LENGTH(\c alg) where
|
||||
* \c alg is the HMAC algorithm or the underlying hash algorithm. */
|
||||
#define PSA_KEY_TYPE_HMAC ((psa_key_type_t)0x1100)
|
||||
|
||||
@ -383,8 +423,8 @@
|
||||
|
||||
/** Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).
|
||||
*
|
||||
* The size of the key can be 8 bytes (single DES), 16 bytes (2-key 3DES) or
|
||||
* 24 bytes (3-key 3DES).
|
||||
* The size of the key can be 64 bits (single DES), 128 bits (2-key 3DES) or
|
||||
* 192 bits (3-key 3DES).
|
||||
*
|
||||
* Note that single DES and 2-key 3DES are weak and strongly
|
||||
* deprecated and should only be used to decrypt legacy data. 3-key 3DES
|
||||
@ -411,9 +451,15 @@
|
||||
*/
|
||||
#define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t)0x2004)
|
||||
|
||||
/** RSA public key. */
|
||||
/** RSA public key.
|
||||
*
|
||||
* The size of an RSA key is the bit size of the modulus.
|
||||
*/
|
||||
#define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x4001)
|
||||
/** RSA key pair (private and public key). */
|
||||
/** RSA key pair (private and public key).
|
||||
*
|
||||
* The size of an RSA key is the bit size of the modulus.
|
||||
*/
|
||||
#define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t)0x7001)
|
||||
/** Whether a key type is an RSA key (pair or public-only). */
|
||||
#define PSA_KEY_TYPE_IS_RSA(type) \
|
||||
@ -423,6 +469,10 @@
|
||||
#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t)0x7100)
|
||||
#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x00ff)
|
||||
/** Elliptic curve key pair.
|
||||
*
|
||||
* The size of an elliptic curve key is the bit size associated with the curve,
|
||||
* i.e. the bit size of *q* for a curve over a field *F<sub>q</sub>*.
|
||||
* See the documentation of `PSA_ECC_FAMILY_xxx` curve families for details.
|
||||
*
|
||||
* \param curve A value of type ::psa_ecc_family_t that
|
||||
* identifies the ECC curve to be used.
|
||||
@ -430,6 +480,10 @@
|
||||
#define PSA_KEY_TYPE_ECC_KEY_PAIR(curve) \
|
||||
(PSA_KEY_TYPE_ECC_KEY_PAIR_BASE | (curve))
|
||||
/** Elliptic curve public key.
|
||||
*
|
||||
* The size of an elliptic curve public key is the same as the corresponding
|
||||
* private key (see #PSA_KEY_TYPE_ECC_KEY_PAIR and the documentation of
|
||||
* `PSA_ECC_FAMILY_xxx` curve families).
|
||||
*
|
||||
* \param curve A value of type ::psa_ecc_family_t that
|
||||
* identifies the ECC curve to be used.
|
||||
@ -529,6 +583,22 @@
|
||||
*/
|
||||
#define PSA_ECC_FAMILY_MONTGOMERY ((psa_ecc_family_t) 0x41)
|
||||
|
||||
/** The twisted Edwards curves Ed25519 and Ed448.
|
||||
*
|
||||
* These curves are suitable for EdDSA (#PSA_ALG_PURE_EDDSA for both curves,
|
||||
* #PSA_ALG_ED25519PH for the 255-bit curve,
|
||||
* #PSA_ALG_ED448PH for the 448-bit curve).
|
||||
*
|
||||
* This family comprises the following twisted Edwards curves:
|
||||
* - 255-bit: Edwards25519, the twisted Edwards curve birationally equivalent
|
||||
* to Curve25519.
|
||||
* Bernstein et al., _Twisted Edwards curves_, Africacrypt 2008.
|
||||
* - 448-bit: Edwards448, the twisted Edwards curve birationally equivalent
|
||||
* to Curve448.
|
||||
* Hamburg, _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015.
|
||||
*/
|
||||
#define PSA_ECC_FAMILY_TWISTED_EDWARDS ((psa_ecc_family_t) 0x42)
|
||||
|
||||
#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t)0x4200)
|
||||
#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t)0x7200)
|
||||
#define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t)0x00ff)
|
||||
@ -594,9 +664,9 @@
|
||||
*
|
||||
* \warning This macro may evaluate its argument multiple times.
|
||||
*/
|
||||
#define PSA_BLOCK_CIPHER_BLOCK_SIZE(type) \
|
||||
#define PSA_BLOCK_CIPHER_BLOCK_LENGTH(type) \
|
||||
(((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
|
||||
1u << PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) : \
|
||||
1u << PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) : \
|
||||
0u)
|
||||
|
||||
/** Vendor-defined algorithm flag.
|
||||
@ -747,6 +817,13 @@
|
||||
#define PSA_ALG_SHA3_384 ((psa_algorithm_t)0x02000012)
|
||||
/** SHA3-512 */
|
||||
#define PSA_ALG_SHA3_512 ((psa_algorithm_t)0x02000013)
|
||||
/** The first 512 bits (64 bytes) of the SHAKE256 output.
|
||||
*
|
||||
* This is the prehashing for Ed448ph (see #PSA_ALG_ED448PH). For other
|
||||
* scenarios where a hash function based on SHA3/SHAKE is desired, SHA3-512
|
||||
* has the same output size and a (theoretically) higher security strength.
|
||||
*/
|
||||
#define PSA_ALG_SHAKE256_512 ((psa_algorithm_t)0x02000015)
|
||||
|
||||
/** In a hash-and-sign algorithm policy, allow any hash algorithm.
|
||||
*
|
||||
@ -826,6 +903,14 @@
|
||||
#define PSA_ALG_MAC_TRUNCATION_MASK ((psa_algorithm_t)0x003f0000)
|
||||
#define PSA_MAC_TRUNCATION_OFFSET 16
|
||||
|
||||
/* In the encoding of a MAC algorithm, the bit corresponding to
|
||||
* #PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG encodes the fact that the algorithm
|
||||
* is a wildcard algorithm. A key with such wildcard algorithm as permitted
|
||||
* algorithm policy can be used with any algorithm corresponding to the
|
||||
* same base class and having a (potentially truncated) MAC length greater or
|
||||
* equal than the one encoded in #PSA_ALG_MAC_TRUNCATION_MASK. */
|
||||
#define PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t)0x00008000)
|
||||
|
||||
/** Macro to build a truncated MAC algorithm.
|
||||
*
|
||||
* A truncated MAC algorithm is identical to the corresponding MAC
|
||||
@ -844,7 +929,7 @@
|
||||
* for policy comparison purposes.
|
||||
*
|
||||
* \param mac_alg A MAC algorithm identifier (value of type
|
||||
* #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg)
|
||||
* #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p mac_alg)
|
||||
* is true). This may be a truncated or untruncated
|
||||
* MAC algorithm.
|
||||
* \param mac_length Desired length of the truncated MAC in bytes.
|
||||
@ -855,43 +940,73 @@
|
||||
*
|
||||
* \return The corresponding MAC algorithm with the specified
|
||||
* length.
|
||||
* \return Unspecified if \p alg is not a supported
|
||||
* \return Unspecified if \p mac_alg is not a supported
|
||||
* MAC algorithm or if \p mac_length is too small or
|
||||
* too large for the specified MAC algorithm.
|
||||
*/
|
||||
#define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length) \
|
||||
(((mac_alg) & ~PSA_ALG_MAC_TRUNCATION_MASK) | \
|
||||
#define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length) \
|
||||
(((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK | \
|
||||
PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG)) | \
|
||||
((mac_length) << PSA_MAC_TRUNCATION_OFFSET & PSA_ALG_MAC_TRUNCATION_MASK))
|
||||
|
||||
/** Macro to build the base MAC algorithm corresponding to a truncated
|
||||
* MAC algorithm.
|
||||
*
|
||||
* \param mac_alg A MAC algorithm identifier (value of type
|
||||
* #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg)
|
||||
* #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p mac_alg)
|
||||
* is true). This may be a truncated or untruncated
|
||||
* MAC algorithm.
|
||||
*
|
||||
* \return The corresponding base MAC algorithm.
|
||||
* \return Unspecified if \p alg is not a supported
|
||||
* \return Unspecified if \p mac_alg is not a supported
|
||||
* MAC algorithm.
|
||||
*/
|
||||
#define PSA_ALG_FULL_LENGTH_MAC(mac_alg) \
|
||||
((mac_alg) & ~PSA_ALG_MAC_TRUNCATION_MASK)
|
||||
#define PSA_ALG_FULL_LENGTH_MAC(mac_alg) \
|
||||
((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK | \
|
||||
PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG))
|
||||
|
||||
/** Length to which a MAC algorithm is truncated.
|
||||
*
|
||||
* \param mac_alg A MAC algorithm identifier (value of type
|
||||
* #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg)
|
||||
* #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p mac_alg)
|
||||
* is true).
|
||||
*
|
||||
* \return Length of the truncated MAC in bytes.
|
||||
* \return 0 if \p alg is a non-truncated MAC algorithm.
|
||||
* \return Unspecified if \p alg is not a supported
|
||||
* \return 0 if \p mac_alg is a non-truncated MAC algorithm.
|
||||
* \return Unspecified if \p mac_alg is not a supported
|
||||
* MAC algorithm.
|
||||
*/
|
||||
#define PSA_MAC_TRUNCATED_LENGTH(mac_alg) \
|
||||
(((mac_alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET)
|
||||
|
||||
/** Macro to build a MAC minimum-MAC-length wildcard algorithm.
|
||||
*
|
||||
* A minimum-MAC-length MAC wildcard algorithm permits all MAC algorithms
|
||||
* sharing the same base algorithm, and where the (potentially truncated) MAC
|
||||
* length of the specific algorithm is equal to or larger then the wildcard
|
||||
* algorithm's minimum MAC length.
|
||||
*
|
||||
* \note When setting the minimum required MAC length to less than the
|
||||
* smallest MAC length allowed by the base algorithm, this effectively
|
||||
* becomes an 'any-MAC-length-allowed' policy for that base algorithm.
|
||||
*
|
||||
* \param mac_alg A MAC algorithm identifier (value of type
|
||||
* #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p mac_alg)
|
||||
* is true).
|
||||
* \param min_mac_length Desired minimum length of the message authentication
|
||||
* code in bytes. This must be at most the untruncated
|
||||
* length of the MAC and must be at least 1.
|
||||
*
|
||||
* \return The corresponding MAC wildcard algorithm with the
|
||||
* specified minimum length.
|
||||
* \return Unspecified if \p mac_alg is not a supported MAC
|
||||
* algorithm or if \p min_mac_length is less than 1 or
|
||||
* too large for the specified MAC algorithm.
|
||||
*/
|
||||
#define PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(mac_alg, min_mac_length) \
|
||||
( PSA_ALG_TRUNCATED_MAC(mac_alg, min_mac_length) | \
|
||||
PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG )
|
||||
|
||||
#define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t)0x03c00000)
|
||||
/** The CBC-MAC construction over a block cipher
|
||||
*
|
||||
@ -1052,6 +1167,14 @@
|
||||
#define PSA_ALG_AEAD_TAG_LENGTH_MASK ((psa_algorithm_t)0x003f0000)
|
||||
#define PSA_AEAD_TAG_LENGTH_OFFSET 16
|
||||
|
||||
/* In the encoding of an AEAD algorithm, the bit corresponding to
|
||||
* #PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG encodes the fact that the algorithm
|
||||
* is a wildcard algorithm. A key with such wildcard algorithm as permitted
|
||||
* algorithm policy can be used with any algorithm corresponding to the
|
||||
* same base class and having a tag length greater than or equal to the one
|
||||
* encoded in #PSA_ALG_AEAD_TAG_LENGTH_MASK. */
|
||||
#define PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t)0x00008000)
|
||||
|
||||
/** Macro to build a shortened AEAD algorithm.
|
||||
*
|
||||
* A shortened AEAD algorithm is similar to the corresponding AEAD
|
||||
@ -1060,40 +1183,83 @@
|
||||
* of the ciphertext.
|
||||
*
|
||||
* \param aead_alg An AEAD algorithm identifier (value of type
|
||||
* #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p alg)
|
||||
* #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p aead_alg)
|
||||
* is true).
|
||||
* \param tag_length Desired length of the authentication tag in bytes.
|
||||
*
|
||||
* \return The corresponding AEAD algorithm with the specified
|
||||
* length.
|
||||
* \return Unspecified if \p alg is not a supported
|
||||
* \return Unspecified if \p aead_alg is not a supported
|
||||
* AEAD algorithm or if \p tag_length is not valid
|
||||
* for the specified AEAD algorithm.
|
||||
*/
|
||||
#define PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, tag_length) \
|
||||
(((aead_alg) & ~PSA_ALG_AEAD_TAG_LENGTH_MASK) | \
|
||||
#define PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, tag_length) \
|
||||
(((aead_alg) & ~(PSA_ALG_AEAD_TAG_LENGTH_MASK | \
|
||||
PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)) | \
|
||||
((tag_length) << PSA_AEAD_TAG_LENGTH_OFFSET & \
|
||||
PSA_ALG_AEAD_TAG_LENGTH_MASK))
|
||||
|
||||
/** Retrieve the tag length of a specified AEAD algorithm
|
||||
*
|
||||
* \param aead_alg An AEAD algorithm identifier (value of type
|
||||
* #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p aead_alg)
|
||||
* is true).
|
||||
*
|
||||
* \return The tag length specified by the input algorithm.
|
||||
* \return Unspecified if \p aead_alg is not a supported
|
||||
* AEAD algorithm.
|
||||
*/
|
||||
#define PSA_ALG_AEAD_GET_TAG_LENGTH(aead_alg) \
|
||||
(((aead_alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> \
|
||||
PSA_AEAD_TAG_LENGTH_OFFSET )
|
||||
|
||||
/** Calculate the corresponding AEAD algorithm with the default tag length.
|
||||
*
|
||||
* \param aead_alg An AEAD algorithm (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_AEAD(\p alg) is true).
|
||||
* #PSA_ALG_IS_AEAD(\p aead_alg) is true).
|
||||
*
|
||||
* \return The corresponding AEAD algorithm with the default
|
||||
* tag length for that algorithm.
|
||||
*/
|
||||
#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(aead_alg) \
|
||||
#define PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(aead_alg) \
|
||||
( \
|
||||
PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH_CASE(aead_alg, PSA_ALG_CCM) \
|
||||
PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH_CASE(aead_alg, PSA_ALG_GCM) \
|
||||
PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH_CASE(aead_alg, PSA_ALG_CHACHA20_POLY1305) \
|
||||
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_CCM) \
|
||||
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_GCM) \
|
||||
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_CHACHA20_POLY1305) \
|
||||
0)
|
||||
#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH_CASE(aead_alg, ref) \
|
||||
PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, 0) == \
|
||||
PSA_ALG_AEAD_WITH_TAG_LENGTH(ref, 0) ? \
|
||||
#define PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, ref) \
|
||||
PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, 0) == \
|
||||
PSA_ALG_AEAD_WITH_SHORTENED_TAG(ref, 0) ? \
|
||||
ref :
|
||||
|
||||
/** Macro to build an AEAD minimum-tag-length wildcard algorithm.
|
||||
*
|
||||
* A minimum-tag-length AEAD wildcard algorithm permits all AEAD algorithms
|
||||
* sharing the same base algorithm, and where the tag length of the specific
|
||||
* algorithm is equal to or larger then the minimum tag length specified by the
|
||||
* wildcard algorithm.
|
||||
*
|
||||
* \note When setting the minimum required tag length to less than the
|
||||
* smallest tag length allowed by the base algorithm, this effectively
|
||||
* becomes an 'any-tag-length-allowed' policy for that base algorithm.
|
||||
*
|
||||
* \param aead_alg An AEAD algorithm identifier (value of type
|
||||
* #psa_algorithm_t such that
|
||||
* #PSA_ALG_IS_AEAD(\p aead_alg) is true).
|
||||
* \param min_tag_length Desired minimum length of the authentication tag in
|
||||
* bytes. This must be at least 1 and at most the largest
|
||||
* allowed tag length of the algorithm.
|
||||
*
|
||||
* \return The corresponding AEAD wildcard algorithm with the
|
||||
* specified minimum length.
|
||||
* \return Unspecified if \p aead_alg is not a supported
|
||||
* AEAD algorithm or if \p min_tag_length is less than 1
|
||||
* or too large for the specified AEAD algorithm.
|
||||
*/
|
||||
#define PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(aead_alg, min_tag_length) \
|
||||
( PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, min_tag_length) | \
|
||||
PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG )
|
||||
|
||||
#define PSA_ALG_RSA_PKCS1V15_SIGN_BASE ((psa_algorithm_t)0x06000200)
|
||||
/** RSA PKCS#1 v1.5 signature with hashing.
|
||||
*
|
||||
@ -1215,6 +1381,94 @@
|
||||
#define PSA_ALG_IS_RANDOMIZED_ECDSA(alg) \
|
||||
(PSA_ALG_IS_ECDSA(alg) && !PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))
|
||||
|
||||
/** Edwards-curve digital signature algorithm without prehashing (PureEdDSA),
|
||||
* using standard parameters.
|
||||
*
|
||||
* Contexts are not supported in the current version of this specification
|
||||
* because there is no suitable signature interface that can take the
|
||||
* context as a parameter. A future version of this specification may add
|
||||
* suitable functions and extend this algorithm to support contexts.
|
||||
*
|
||||
* PureEdDSA requires an elliptic curve key on a twisted Edwards curve.
|
||||
* In this specification, the following curves are supported:
|
||||
* - #PSA_ECC_FAMILY_TWISTED_EDWARDS, 255-bit: Ed25519 as specified
|
||||
* in RFC 8032.
|
||||
* The curve is Edwards25519.
|
||||
* The hash function used internally is SHA-512.
|
||||
* - #PSA_ECC_FAMILY_TWISTED_EDWARDS, 448-bit: Ed448 as specified
|
||||
* in RFC 8032.
|
||||
* The curve is Edwards448.
|
||||
* The hash function used internally is the first 114 bytes of the
|
||||
* SHAKE256 output.
|
||||
*
|
||||
* This algorithm can be used with psa_sign_message() and
|
||||
* psa_verify_message(). Since there is no prehashing, it cannot be used
|
||||
* with psa_sign_hash() or psa_verify_hash().
|
||||
*
|
||||
* The signature format is the concatenation of R and S as defined by
|
||||
* RFC 8032 §5.1.6 and §5.2.6 (a 64-byte string for Ed25519, a 114-byte
|
||||
* string for Ed448).
|
||||
*/
|
||||
#define PSA_ALG_PURE_EDDSA ((psa_algorithm_t)0x06000800)
|
||||
|
||||
#define PSA_ALG_HASH_EDDSA_BASE ((psa_algorithm_t)0x06000900)
|
||||
#define PSA_ALG_IS_HASH_EDDSA(alg) \
|
||||
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HASH_EDDSA_BASE)
|
||||
|
||||
/** Edwards-curve digital signature algorithm with prehashing (HashEdDSA),
|
||||
* using SHA-512 and the Edwards25519 curve.
|
||||
*
|
||||
* See #PSA_ALG_PURE_EDDSA regarding context support and the signature format.
|
||||
*
|
||||
* This algorithm is Ed25519 as specified in RFC 8032.
|
||||
* The curve is Edwards25519.
|
||||
* The prehash is SHA-512.
|
||||
* The hash function used internally is SHA-512.
|
||||
*
|
||||
* This is a hash-and-sign algorithm: to calculate a signature,
|
||||
* you can either:
|
||||
* - call psa_sign_message() on the message;
|
||||
* - or calculate the SHA-512 hash of the message
|
||||
* with psa_hash_compute()
|
||||
* or with a multi-part hash operation started with psa_hash_setup(),
|
||||
* using the hash algorithm #PSA_ALG_SHA_512,
|
||||
* then sign the calculated hash with psa_sign_hash().
|
||||
* Verifying a signature is similar, using psa_verify_message() or
|
||||
* psa_verify_hash() instead of the signature function.
|
||||
*/
|
||||
#define PSA_ALG_ED25519PH \
|
||||
(PSA_ALG_HASH_EDDSA_BASE | (PSA_ALG_SHA_512 & PSA_ALG_HASH_MASK))
|
||||
|
||||
/** Edwards-curve digital signature algorithm with prehashing (HashEdDSA),
|
||||
* using SHAKE256 and the Edwards448 curve.
|
||||
*
|
||||
* See #PSA_ALG_PURE_EDDSA regarding context support and the signature format.
|
||||
*
|
||||
* This algorithm is Ed448 as specified in RFC 8032.
|
||||
* The curve is Edwards448.
|
||||
* The prehash is the first 64 bytes of the SHAKE256 output.
|
||||
* The hash function used internally is the first 114 bytes of the
|
||||
* SHAKE256 output.
|
||||
*
|
||||
* This is a hash-and-sign algorithm: to calculate a signature,
|
||||
* you can either:
|
||||
* - call psa_sign_message() on the message;
|
||||
* - or calculate the first 64 bytes of the SHAKE256 output of the message
|
||||
* with psa_hash_compute()
|
||||
* or with a multi-part hash operation started with psa_hash_setup(),
|
||||
* using the hash algorithm #PSA_ALG_SHAKE256_512,
|
||||
* then sign the calculated hash with psa_sign_hash().
|
||||
* Verifying a signature is similar, using psa_verify_message() or
|
||||
* psa_verify_hash() instead of the signature function.
|
||||
*/
|
||||
#define PSA_ALG_ED448PH \
|
||||
(PSA_ALG_HASH_EDDSA_BASE | (PSA_ALG_SHAKE256_512 & PSA_ALG_HASH_MASK))
|
||||
|
||||
/* Default definition, to be overridden if the library is extended with
|
||||
* more hash-and-sign algorithms that we want to keep out of this header
|
||||
* file. */
|
||||
#define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) 0
|
||||
|
||||
/** Whether the specified algorithm is a hash-and-sign algorithm.
|
||||
*
|
||||
* Hash-and-sign algorithms are asymmetric (public-key) signature algorithms
|
||||
@ -1230,7 +1484,8 @@
|
||||
*/
|
||||
#define PSA_ALG_IS_HASH_AND_SIGN(alg) \
|
||||
(PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \
|
||||
PSA_ALG_IS_ECDSA(alg))
|
||||
PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) || \
|
||||
PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg))
|
||||
|
||||
/** Get the hash used by a hash-and-sign signature algorithm.
|
||||
*
|
||||
@ -1540,9 +1795,13 @@
|
||||
* \return This macro may return either 0 or 1 if \c alg is not a supported
|
||||
* algorithm identifier.
|
||||
*/
|
||||
#define PSA_ALG_IS_WILDCARD(alg) \
|
||||
(PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
|
||||
PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH : \
|
||||
#define PSA_ALG_IS_WILDCARD(alg) \
|
||||
(PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
|
||||
PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH : \
|
||||
PSA_ALG_IS_MAC(alg) ? \
|
||||
(alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0 : \
|
||||
PSA_ALG_IS_AEAD(alg) ? \
|
||||
(alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0 : \
|
||||
(alg) == PSA_ALG_ANY_HASH)
|
||||
|
||||
/**@}*/
|
||||
|
Reference in New Issue
Block a user