2023-08-29 18:43:32 +02:00
|
|
|
|
/*
|
|
|
|
|
* Copyright (C) 2021 HAW Hamburg
|
|
|
|
|
*
|
|
|
|
|
* This file is subject to the terms and conditions of the GNU Lesser
|
|
|
|
|
* General Public License v2.1. See the file LICENSE in the top level
|
|
|
|
|
* directory for more details.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @ingroup sys_psa_crypto
|
|
|
|
|
* @{
|
|
|
|
|
*
|
|
|
|
|
* @file crypto_values.h
|
|
|
|
|
* @brief Value definitions for PSA Crypto.
|
|
|
|
|
*
|
|
|
|
|
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
|
|
|
|
|
*
|
|
|
|
|
* @note Some of the macros in this file have already been copied here from
|
|
|
|
|
* the PSA API specification, but are not implemented, yet.
|
|
|
|
|
* They are marked by comments that either say "specification-defined"
|
|
|
|
|
* or "implementation-defined".
|
|
|
|
|
* These macros will be implemented successively in the future.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef PSA_CRYPTO_PSA_CRYPTO_VALUES_H
|
|
|
|
|
#define PSA_CRYPTO_PSA_CRYPTO_VALUES_H
|
|
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
|
extern "C" {
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#include "crypto_types.h"
|
2024-10-05 17:34:51 +02:00
|
|
|
|
#include "psa/hash/algorithm.h"
|
|
|
|
|
#include "psa/mac/algorithm.h"
|
|
|
|
|
#include "psa/cipher/algorithm.h"
|
|
|
|
|
#include "psa/aead/algorithm.h"
|
|
|
|
|
#include "psa/key_agreement/algorithm.h"
|
|
|
|
|
#include "psa/key_derivation/algorithm.h"
|
|
|
|
|
#include "psa/asymmetric_encryption/algorithm.h"
|
|
|
|
|
#include "psa/asymmetric_signature/algorithm.h"
|
2023-08-29 18:43:32 +02:00
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Finite-field Diffie-Hellman groups defined for TLS in RFC 7919.
|
|
|
|
|
*
|
|
|
|
|
* @details This family includes groups with the following key sizes (in bits): 2048, 3072, 4096,
|
|
|
|
|
* 6144, 8192. An implementation can support all of these sizes or only a subset.
|
|
|
|
|
*
|
|
|
|
|
* Keys is this group can only be used with the @ref PSA_ALG_FFDH key agreement algorithm.
|
|
|
|
|
*
|
|
|
|
|
* These groups are defined by Negotiated Finite Field Diffie-Hellman Ephemeral Parameters
|
|
|
|
|
* for Transport Layer Security (TLS) [RFC7919](https://tools.ietf.org/html/rfc7919.html)
|
|
|
|
|
* Appendix A.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_DH_FAMILY_RFC7919 ((psa_dh_family_t)0x03)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Brainpool `P` random curves.
|
|
|
|
|
*
|
|
|
|
|
* @details This family comprises the following curves:
|
|
|
|
|
* - `brainpoolP160r1` : @c key_bits = 160 (Deprecated)
|
|
|
|
|
* - `brainpoolP192r1` : @c key_bits = 192
|
|
|
|
|
* - `brainpoolP224r1` : @c key_bits = 224
|
|
|
|
|
* - `brainpoolP256r1` : @c key_bits = 256
|
|
|
|
|
* - `brainpoolP320r1` : @c key_bits = 320
|
|
|
|
|
* - `brainpoolP384r1` : @c key_bits = 384
|
|
|
|
|
* - `brainpoolP512r1` : @c key_bits = 512
|
|
|
|
|
*
|
|
|
|
|
* They are defined in Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and
|
|
|
|
|
* Curve Generation [RFC5639](https://tools.ietf.org/html/rfc5639.html).
|
|
|
|
|
*
|
|
|
|
|
* @warning The 160-bit curve `brainpoolP160r1` is weak and deprecated and is only recommended for
|
|
|
|
|
* use in legacy protocols.
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_DETERMINISTIC_ECDSA
|
|
|
|
|
* - @ref PSA_ALG_ECDSA
|
|
|
|
|
* - @ref PSA_ALG_ECDSA_ANY
|
|
|
|
|
* - @ref PSA_ALG_ECDH (key pair only)
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_ECC_FAMILY_BRAINPOOL_P_R1 ((psa_ecc_family_t)0x30)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Curve used primarily in France and elsewhere in Europe.
|
|
|
|
|
*
|
|
|
|
|
* @details This family comprises one 256-bit curve:
|
|
|
|
|
* - `FRP256v1` : @c key_bits = 256
|
|
|
|
|
*
|
|
|
|
|
* This is defined by Publication d'un paramétrage de courbe elliptique visant des
|
|
|
|
|
* applications de passeport électronique et de l'administration électronique française
|
|
|
|
|
* [FRP](https://www.ssi.gouv.fr/agence/rayonnement-scientifique/
|
|
|
|
|
* publications-scientifiques/articles-ouvrages-actes).
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_DETERMINISTIC_ECDSA
|
|
|
|
|
* - @ref PSA_ALG_ECDSA
|
|
|
|
|
* - @ref PSA_ALG_ECDSA_ANY
|
|
|
|
|
* - @ref PSA_ALG_ECDH (key pair only)
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_ECC_FAMILY_FRP ((psa_ecc_family_t)0x33)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Montgomery curves.
|
|
|
|
|
*
|
|
|
|
|
* @details This family comprises the following Montgomery curves:
|
|
|
|
|
* - `Curve25519` : @c key_bits = 255
|
|
|
|
|
* - `Curve448` : @c key_bits = 448
|
|
|
|
|
*
|
|
|
|
|
* `Curve25519` is defined in Curve25519: new Diffie-Hellman speed records
|
|
|
|
|
* [Curve25519](https://www.iacr.org/archive/pkc2006/39580209/39580209.pdf).
|
|
|
|
|
* `Curve448` is defined in Ed448-Goldilocks, a new elliptic curve
|
|
|
|
|
* [Curve448](https://eprint.iacr.org/2015/625.pdf).
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_ECDH (key pair only)
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_ECC_FAMILY_MONTGOMERY ((psa_ecc_family_t)0x41)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief SEC Koblitz curves over prime fields.
|
|
|
|
|
*
|
|
|
|
|
* @details This family comprises the following curves:
|
|
|
|
|
* - `secp192k1` : @c key_bits = 192
|
|
|
|
|
* - `secp224k1` : @c key_bits = 225
|
|
|
|
|
* - `secp256k1` : @c key_bits = 256
|
|
|
|
|
*
|
|
|
|
|
* They are defined in SEC 2: Recommended Elliptic Curve Domain Parameters
|
|
|
|
|
* [SEC2](https://www.secg.org/sec2-v2.pdf).
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_DETERMINISTIC_ECDSA
|
|
|
|
|
* - @ref PSA_ALG_ECDSA
|
|
|
|
|
* - @ref PSA_ALG_ECDSA_ANY
|
|
|
|
|
* - @ref PSA_ALG_ECDH (key pair only)
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_ECC_FAMILY_SECP_K1 ((psa_ecc_family_t)0x17)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief SEC random curves over prime fields.
|
|
|
|
|
*
|
|
|
|
|
* @details This family comprises the following curves:
|
|
|
|
|
* - `secp192r1` : @c key_bits = 192
|
|
|
|
|
* - `secp224r1` : @c key_bits = 224
|
|
|
|
|
* - `secp256r1` : @c key_bits = 256
|
|
|
|
|
* - `secp384r1` : @c key_bits = 384
|
|
|
|
|
* - `secp521r1` : @c key_bits = 521
|
|
|
|
|
*
|
|
|
|
|
* They are defined in [SEC2](https://www.secg.org/sec2-v2.pdf).
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_DETERMINISTIC_ECDSA
|
|
|
|
|
* - @ref PSA_ALG_ECDSA
|
|
|
|
|
* - @ref PSA_ALG_ECDSA_ANY
|
|
|
|
|
* - @ref PSA_ALG_ECDH (key pair only)
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_ECC_FAMILY_SECP_R1 ((psa_ecc_family_t)0x12)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @warning This family of curves is weak and deprecated.
|
|
|
|
|
*
|
|
|
|
|
* @details This family comprises the following curves:
|
|
|
|
|
* - `secp160r2` : @c key_bits = 160 (Deprecated)
|
|
|
|
|
*
|
|
|
|
|
* It is defined in the superseded SEC 2: Recommended Elliptic Curve Domain Parameters,
|
|
|
|
|
* Version 1.0 [SEC2v1](https://www.secg.org/SEC2-Ver-1.0.pdf).
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_DETERMINISTIC_ECDSA
|
|
|
|
|
* - @ref PSA_ALG_ECDSA
|
|
|
|
|
* - @ref PSA_ALG_ECDSA_ANY
|
|
|
|
|
* - @ref PSA_ALG_ECDH (key pair only)
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_ECC_FAMILY_SECP_R2 ((psa_ecc_family_t)0x1b)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief SEC Koblitz curves over binary fields.
|
|
|
|
|
*
|
|
|
|
|
* @details This family comprises the following curves:
|
|
|
|
|
* - `sect163k1` : @c key_bits = 163 (Deprecated)
|
|
|
|
|
* - `sect233k1` : @c key_bits = 233
|
|
|
|
|
* - `sect239k1` : @c key_bits = 239
|
|
|
|
|
* - `sect283k1` : @c key_bits = 283
|
|
|
|
|
* - `sect409k1` : @c key_bits = 409
|
|
|
|
|
* - `sect571k1` : @c key_bits = 571
|
|
|
|
|
*
|
|
|
|
|
* They are defined in [SEC2](https://www.secg.org/sec2-v2.pdf).
|
|
|
|
|
*
|
|
|
|
|
* @warning The 163-bit curve `sect163k1` is weak and deprecated and is only recommended for use in
|
|
|
|
|
* legacy protocols.
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_DETERMINISTIC_ECDSA
|
|
|
|
|
* - @ref PSA_ALG_ECDSA
|
|
|
|
|
* - @ref PSA_ALG_ECDSA_ANY
|
|
|
|
|
* - @ref PSA_ALG_ECDH (key pair only)
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_ECC_FAMILY_SECT_K1 ((psa_ecc_family_t)0x27)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief SEC random curves over binary fields.
|
|
|
|
|
*
|
|
|
|
|
* @details This family comprises the following curves:
|
|
|
|
|
* - `sect163r1` : @c key_bits = 163 (Deprecated)
|
|
|
|
|
* - `sect233r1` : @c key_bits = 233
|
|
|
|
|
* - `sect283r1` : @c key_bits = 283
|
|
|
|
|
* - `sect409r1` : @c key_bits = 409
|
|
|
|
|
* - `sect571r1` : @c key_bits = 571
|
|
|
|
|
*
|
|
|
|
|
* They are defined in [SEC2](https://www.secg.org/sec2-v2.pdf).
|
|
|
|
|
*
|
|
|
|
|
* @warning The 163-bit curve `sect163r1` is weak and deprecated and is only recommended for use in
|
|
|
|
|
* legacy protocols.
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_DETERMINISTIC_ECDSA
|
|
|
|
|
* - @ref PSA_ALG_ECDSA
|
|
|
|
|
* - @ref PSA_ALG_ECDSA_ANY
|
|
|
|
|
* - @ref PSA_ALG_ECDH (key pair only)
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_ECC_FAMILY_SECT_R1 ((psa_ecc_family_t)0x22)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief SEC additional random curves over binary fields.
|
|
|
|
|
*
|
|
|
|
|
* @details This family comprises the following curves:
|
|
|
|
|
* - `sect163r2` : @c key_bits = 163 (Deprecated)
|
|
|
|
|
*
|
|
|
|
|
* It is defined in [SEC2](https://www.secg.org/sec2-v2.pdf).
|
|
|
|
|
*
|
|
|
|
|
* @warning The 163-bit curve `sect163r2` is weak and deprecated and is only recommended for use in
|
|
|
|
|
* legacy protocols.
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_DETERMINISTIC_ECDSA
|
|
|
|
|
* - @ref PSA_ALG_ECDSA
|
|
|
|
|
* - @ref PSA_ALG_ECDSA_ANY
|
|
|
|
|
* - @ref PSA_ALG_ECDH (key pair only)
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_ECC_FAMILY_SECT_R2 ((psa_ecc_family_t)0x2b)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Twisted Edwards curves.
|
|
|
|
|
*
|
|
|
|
|
* @details This family comprises the following twisted Edwards curves:
|
|
|
|
|
* - `Edwards25519` : @c key_bits = 255. This curve is birationally equivalent to
|
|
|
|
|
* `Curve25519`.
|
|
|
|
|
* - `Edwards448` : @c key_bits = 448. This curve is birationally equivalent to `Curve448`.
|
|
|
|
|
*
|
|
|
|
|
* Edwards25519 is defined in Twisted Edwards curves
|
|
|
|
|
* [Ed25519](https://eprint.iacr.org/2008/013.pdf). Edwards448 is defined in
|
|
|
|
|
* Ed448-Goldilocks, a new elliptic curve [Curve448](https://eprint.iacr.org/2015/625.pdf).
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_PURE_EDDSA
|
|
|
|
|
* - @ref PSA_ALG_ED25519PH (Edwards25519 only)
|
|
|
|
|
* - @ref PSA_ALG_ED448PH (Edwards448 only)
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_ECC_FAMILY_TWISTED_EDWARDS ((psa_ecc_family_t)0x42)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief A context for key derivation.
|
|
|
|
|
*
|
|
|
|
|
* @details This is typically a direct input. It can also be a key of type
|
|
|
|
|
* @ref PSA_KEY_TYPE_RAW_DATA.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_DERIVATION_INPUT_CONTEXT /* implementation-defined value */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief A cost parameter for password hashing or key stretching.
|
|
|
|
|
*
|
|
|
|
|
* @details This must be a direct input, passed to @ref psa_key_derivation_input_integer().
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_DERIVATION_INPUT_COST /* implementation-defined value */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief An information string for key derivation.
|
|
|
|
|
*
|
|
|
|
|
* @details This is typically a direct input. It can also be a key of type
|
|
|
|
|
* @ref PSA_KEY_TYPE_RAW_DATA.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_DERIVATION_INPUT_INFO /* implementation-defined value */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief A label for key derivation.
|
|
|
|
|
*
|
|
|
|
|
* @details This is typically a direct input. It can also be a key of type
|
|
|
|
|
* @ref PSA_KEY_TYPE_RAW_DATA.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_DERIVATION_INPUT_LABEL /* implementation-defined value */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief A low-entropy secret input for password hashing or key stretching.
|
|
|
|
|
*
|
|
|
|
|
* @details This is usually a key of type @ref PSA_KEY_TYPE_PASSWORD passed to
|
|
|
|
|
* @ref psa_key_derivation_input_key() or a direct input passed to
|
|
|
|
|
* @ref psa_key_derivation_input_bytes() that is a password or passphrase. It can also be
|
|
|
|
|
* high-entropy secret, for example, a key of type @ref PSA_KEY_TYPE_DERIVE, or the shared
|
|
|
|
|
* secret resulting from a key agreement.
|
|
|
|
|
*
|
|
|
|
|
* If the secret is a direct input, the derivation operation cannot be used to derive
|
|
|
|
|
* keys: the operation will not allow a call to @ref psa_key_derivation_output_key().
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_DERIVATION_INPUT_PASSWORD /* implementation-defined value */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief A salt for key derivation.
|
|
|
|
|
*
|
|
|
|
|
* @details This is typically a direct input. It can also be a key of type
|
|
|
|
|
* @ref PSA_KEY_TYPE_RAW_DATA or @ref PSA_KEY_TYPE_PEPPER.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_DERIVATION_INPUT_SALT /* implementation-defined value */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief A high-entropy secret input for key derivation.
|
|
|
|
|
*
|
|
|
|
|
* @details This is typically a key of type @ref PSA_KEY_TYPE_DERIVE passed to
|
|
|
|
|
* @ref psa_key_derivation_input_key(), or the shared secret resulting from a key
|
|
|
|
|
* agreement obtained via @ref psa_key_derivation_key_agreement().
|
|
|
|
|
*
|
|
|
|
|
* The secret can also be a direct input passed to @ref psa_key_derivation_input_bytes().
|
|
|
|
|
* In this case, the derivation operation cannot be used to derive keys: the operation
|
|
|
|
|
* will not allow a call to @ref psa_key_derivation_output_key().
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_DERIVATION_INPUT_SECRET /* implementation-defined value */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief A seed for key derivation.
|
|
|
|
|
*
|
|
|
|
|
* @details This is typically a direct input. It can also be a key of type
|
|
|
|
|
* @ref PSA_KEY_TYPE_RAW_DATA.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_DERIVATION_INPUT_SEED /* implementation-defined value */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Use the maximum possible capacity for a key derivation operation.
|
|
|
|
|
*
|
|
|
|
|
* @details Use this value as the capacity argument when setting up a key derivation to specify
|
|
|
|
|
* that the operation will use the maximum possible capacity. The value of the maximum
|
|
|
|
|
* possible capacity depends on the key derivation algorithm.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_DERIVATION_UNLIMITED_CAPACITY \
|
|
|
|
|
/* implementation-defined value */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief The null key identifier.
|
|
|
|
|
*
|
|
|
|
|
* @details The null key identifier is always invalid, except when used without in a call to
|
|
|
|
|
* @ref psa_destroy_key() which will return @ref PSA_SUCCESS.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_ID_NULL ((psa_key_id_t)0)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief The maximum value for a key identifier chosen by the application.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_ID_USER_MAX ((psa_key_id_t)0x3fffffff)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief The minimum value for a key identifier chosen by the application.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_ID_USER_MIN ((psa_key_id_t)0x00000001)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief The maximum value for a key identifier chosen by the implementation.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_ID_VENDOR_MAX ((psa_key_id_t)0x7fffffff)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief The minimum value for a key identifier chosen by the implementation.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_ID_VENDOR_MIN ((psa_key_id_t)0x40000000)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Construct a lifetime from a persistence level and a location.
|
|
|
|
|
*
|
|
|
|
|
* @param persistence The persistence level: a value of type @ref psa_key_persistence_t.
|
|
|
|
|
* @param location The location indicator: a value of type @ref psa_key_location_t.
|
|
|
|
|
*
|
|
|
|
|
* @return The constructed lifetime value.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(persistence, location) \
|
|
|
|
|
((location) << 8 | (persistence))
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Extract the location indicator from a key lifetime.
|
|
|
|
|
*
|
|
|
|
|
* @param lifetime The lifetime value to query: a value of type @ref psa_key_lifetime_t.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_LIFETIME_GET_LOCATION(lifetime) \
|
|
|
|
|
((psa_key_location_t)((lifetime) >> 8))
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Extract the persistence level from a key lifetime.
|
|
|
|
|
*
|
|
|
|
|
* @param lifetime The lifetime value to query: a value of type @ref psa_key_lifetime_t.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) \
|
|
|
|
|
((psa_key_persistence_t)((lifetime) & 0x000000ff))
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Whether a key lifetime indicates that the key is volatile.
|
|
|
|
|
*
|
|
|
|
|
* A volatile key is automatically destroyed by the implementation when the application
|
|
|
|
|
* instance terminates. In particular, a volatile key is automatically destroyed on a
|
|
|
|
|
* power reset of the device.
|
|
|
|
|
*
|
|
|
|
|
* A key that is not volatile is persistent. Persistent keys are preserved until the
|
|
|
|
|
* application explicitly destroys them or until an implementation-specific device
|
|
|
|
|
* management event occurs, for example, a factory reset.
|
|
|
|
|
*
|
|
|
|
|
* @param lifetime The lifetime value to query: a value of type @ref psa_key_lifetime_t.
|
|
|
|
|
*
|
|
|
|
|
* @return 1 if the key is volatile, otherwise 0.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_LIFETIME_IS_VOLATILE(lifetime) \
|
|
|
|
|
(PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == PSA_KEY_PERSISTENCE_VOLATILE)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief The default lifetime for persistent keys.
|
|
|
|
|
*
|
|
|
|
|
* @details A persistent key remains in storage until it is explicitly destroyed or until the
|
|
|
|
|
* corresponding storage area is wiped. This specification does not define any mechanism
|
|
|
|
|
* to wipe a storage area. Implementations are permitted to provide their own mechanism,
|
|
|
|
|
* for example, to perform a factory reset, to prepare for device refurbishment, or to
|
|
|
|
|
* uninstall an application.
|
|
|
|
|
*
|
|
|
|
|
* This lifetime value is the default storage area for the calling application.
|
|
|
|
|
* Implementations can offer other storage areas designated by other lifetime values as
|
|
|
|
|
* implementation-specific extensions.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief The default lifetime for volatile keys.
|
|
|
|
|
*
|
|
|
|
|
* @details A volatile key only exists as long as its identifier is not destroyed. The key material
|
|
|
|
|
* is guaranteed to be erased on a power reset.
|
|
|
|
|
*
|
|
|
|
|
* A key with this lifetime is typically stored in the RAM area of the PSA Crypto
|
|
|
|
|
* subsystem. However this is an implementation choice. If an implementation stores data
|
|
|
|
|
* about the key in a non-volatile memory, it must release all the resources associated
|
|
|
|
|
* with the key and erase the key material if the calling application terminates.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t)0x00000000)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief The local storage area for persistent keys.
|
|
|
|
|
*
|
|
|
|
|
* @details This storage area is available on all systems that can store persistent keys without
|
|
|
|
|
* delegating the storage to a third-party cryptoprocessor.
|
|
|
|
|
*
|
|
|
|
|
* See @ref psa_key_location_t for more information.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_LOCATION_LOCAL_STORAGE ((psa_key_location_t)0x000000)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief The default secure element storage area for persistent keys.
|
|
|
|
|
*
|
|
|
|
|
* @details This storage location is available on systems that have one or more secure elements
|
|
|
|
|
* that are able to store keys.
|
|
|
|
|
*
|
|
|
|
|
* Vendor-defined locations must be provided by the system for storing keys in additional
|
|
|
|
|
* secure elements.
|
|
|
|
|
*
|
|
|
|
|
* See @ref psa_key_location_t for more information.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT ((psa_key_location_t)0x000001)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Mark vendor defined key locations
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t)0x800000)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Minimum location value for secure elements
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_LOCATION_SE_MIN (PSA_KEY_LOCATION_VENDOR_FLAG)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Maximum location value for secure elements
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_LOCATION_SE_MAX ((psa_key_location_t)0x8000ff)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief The default persistence level for persistent keys.
|
|
|
|
|
*
|
|
|
|
|
* @details See @ref psa_key_persistence_t for more information.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_PERSISTENCE_DEFAULT ((psa_key_persistence_t)0x01)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief A persistence level indicating that a key is never destroyed.
|
|
|
|
|
*
|
|
|
|
|
* @details See @ref psa_key_persistence_t for more information.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t)0xff)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief The persistence level of volatile keys.
|
|
|
|
|
*
|
|
|
|
|
* @details See @ref psa_key_persistence_t for more information.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t)0x00)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Vendor-defined key type flag.
|
|
|
|
|
*
|
|
|
|
|
* @details Key types defined by this standard will never have the
|
|
|
|
|
* @ref PSA_KEY_TYPE_VENDOR_FLAG bit set. Vendors who define additional key types
|
|
|
|
|
* must use an encoding with the @ref PSA_KEY_TYPE_VENDOR_FLAG bit set and should
|
|
|
|
|
* respect the bitwise structure used by standard encodings whenever practical.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_VENDOR_FLAG ((psa_key_type_t)0x8000)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Mask for key type categories
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t)0x7000)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Raw key data type
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_CATEGORY_RAW ((psa_key_type_t)0x1000)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Symmetric key type
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t)0x2000)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Asymmetric public key type
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY ((psa_key_type_t)0x4000)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Asymmetric key pair type
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_CATEGORY_KEY_PAIR ((psa_key_type_t)0x7000)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Asymmetric key pair flag
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR ((psa_key_type_t)0x3000)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Key for a cipher, AEAD or MAC algorithm based on the AES block cipher.
|
|
|
|
|
*
|
|
|
|
|
* @details The size of the key is related to the AES algorithm variant. For algorithms except the
|
|
|
|
|
* XTS block cipher mode, the following key sizes are used:
|
|
|
|
|
* - AES-128 uses a 16-byte key : @c key_bits = 128
|
|
|
|
|
* - AES-192 uses a 24-byte key : @c key_bits = 192
|
|
|
|
|
* - AES-256 uses a 32-byte key : @c key_bits = 256
|
|
|
|
|
*
|
|
|
|
|
* For the XTS block cipher mode (@ref PSA_ALG_XTS), the following key sizes are used:
|
|
|
|
|
* - AES-128-XTS uses two 16-byte keys : @c key_bits = 256
|
|
|
|
|
* - AES-192-XTS uses two 24-byte keys : @c key_bits = 384
|
|
|
|
|
* - AES-256-XTS uses two 32-byte keys : @c key_bits = 512
|
|
|
|
|
*
|
|
|
|
|
* The AES block cipher is defined in FIPS Publication 197: Advanced Encryption Standard
|
|
|
|
|
* (AES) [FIPS197](https://doi.org/10.6028/NIST.FIPS.197).
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_CBC_MAC
|
|
|
|
|
* - @ref PSA_ALG_CMAC
|
|
|
|
|
* - @ref PSA_ALG_CTR
|
|
|
|
|
* - @ref PSA_ALG_CFB
|
|
|
|
|
* - @ref PSA_ALG_OFB
|
|
|
|
|
* - @ref PSA_ALG_XTS
|
|
|
|
|
* - @ref PSA_ALG_CBC_NO_PADDING
|
|
|
|
|
* - @ref PSA_ALG_CBC_PKCS7
|
|
|
|
|
* - @ref PSA_ALG_ECB_NO_PADDING
|
|
|
|
|
* - @ref PSA_ALG_CCM
|
|
|
|
|
* - @ref PSA_ALG_GCM
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_AES ((psa_key_type_t)0x2400)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Key for the ARC4 stream cipher.
|
|
|
|
|
*
|
|
|
|
|
* @warning The ARC4 cipher is weak and deprecated and is only recommended for use in legacy
|
|
|
|
|
* protocols.
|
|
|
|
|
*
|
|
|
|
|
* @details The ARC4 cipher supports key sizes between 40 and 2048 bits, that are multiples of 8.
|
|
|
|
|
* (5 to 256 bytes)
|
|
|
|
|
*
|
|
|
|
|
* Use algorithm @ref PSA_ALG_STREAM_CIPHER to use this key with the ARC4 cipher.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_ARC4 ((psa_key_type_t)0x2002)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Key for a cipher, AEAD or MAC algorithm based on the ARIA block cipher.
|
|
|
|
|
*
|
|
|
|
|
* The size of the key is related to the ARIA algorithm variant. For algorithms except the
|
|
|
|
|
* XTS block cipher mode, the following key sizes are used:
|
|
|
|
|
* - ARIA-128 uses a 16-byte key : @c key_bits = 128
|
|
|
|
|
* - ARIA-192 uses a 24-byte key : @c key_bits = 192
|
|
|
|
|
* - ARIA-256 uses a 32-byte key : @c key_bits = 256
|
|
|
|
|
*
|
|
|
|
|
* For the XTS block cipher mode (@ref PSA_ALG_XTS), the following key sizes are used:
|
|
|
|
|
* - ARIA-128-XTS uses two 16-byte keys : @c key_bits = 256
|
|
|
|
|
* - ARIA-192-XTS uses two 24-byte keys : @c key_bits = 384
|
|
|
|
|
* - ARIA-256-XTS uses two 32-byte keys : @c key_bits = 512
|
|
|
|
|
*
|
|
|
|
|
* The ARIA block cipher is defined in A Description of the ARIA Encryption Algorithm
|
|
|
|
|
* [RFC5794](https://datatracker.ietf.org/doc/html/rfc5794).
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_CBC_MAC
|
|
|
|
|
* - @ref PSA_ALG_CMAC
|
|
|
|
|
* - @ref PSA_ALG_CTR
|
|
|
|
|
* - @ref PSA_ALG_CFB
|
|
|
|
|
* - @ref PSA_ALG_OFB
|
|
|
|
|
* - @ref PSA_ALG_XTS
|
|
|
|
|
* - @ref PSA_ALG_CBC_NO_PADDING
|
|
|
|
|
* - @ref PSA_ALG_CBC_PKCS7
|
|
|
|
|
* - @ref PSA_ALG_ECB_NO_PADDING
|
|
|
|
|
* - @ref PSA_ALG_CCM
|
|
|
|
|
* - @ref PSA_ALG_GCM
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_ARIA ((psa_key_type_t)0x2406)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Key for a cipher, AEAD or MAC algorithm based on the Camellia block cipher.
|
|
|
|
|
*
|
|
|
|
|
* @details The size of the key is related to the Camellia algorithm variant. For algorithms except
|
|
|
|
|
* the XTS block cipher mode, the following key sizes are used:
|
|
|
|
|
* - Camellia-128 uses a 16-byte key : @c key_bits = 128
|
|
|
|
|
* - Camellia-192 uses a 24-byte key : @c key_bits = 192
|
|
|
|
|
* - Camellia-256 uses a 32-byte key : @c key_bits = 256
|
|
|
|
|
*
|
|
|
|
|
* For the XTS block cipher mode (@ref PSA_ALG_XTS), the following key sizes are used:
|
|
|
|
|
* - Camellia-128-XTS uses two 16-byte keys : @c key_bits = 256
|
|
|
|
|
* - Camellia-192-XTS uses two 24-byte keys : @c key_bits = 384
|
|
|
|
|
* - Camellia-256-XTS uses two 32-byte keys : @c key_bits = 512
|
|
|
|
|
*
|
|
|
|
|
* The Camellia block cipher is defined in Specification of Camellia — a 128-bit Block
|
|
|
|
|
* Cipher [NTT-CAM](https://info.isl.ntt.co.jp/crypt/eng/camellia/specifications) and
|
|
|
|
|
* also described in A Description of the Camellia Encryption
|
|
|
|
|
* Algorithm [RFC3713](https://tools.ietf.org/html/rfc3713).
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_CBC_MAC
|
|
|
|
|
* - @ref PSA_ALG_CMAC
|
|
|
|
|
* - @ref PSA_ALG_CTR
|
|
|
|
|
* - @ref PSA_ALG_CFB
|
|
|
|
|
* - @ref PSA_ALG_OFB
|
|
|
|
|
* - @ref PSA_ALG_XTS
|
|
|
|
|
* - @ref PSA_ALG_CBC_NO_PADDING
|
|
|
|
|
* - @ref PSA_ALG_CBC_PKCS7
|
|
|
|
|
* - @ref PSA_ALG_ECB_NO_PADDING
|
|
|
|
|
* - @ref PSA_ALG_CCM
|
|
|
|
|
* - @ref PSA_ALG_GCM
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t)0x2403)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Key for the ChaCha20 stream cipher or the ChaCha20-Poly1305 AEAD algorithm.
|
|
|
|
|
*
|
|
|
|
|
* @details The ChaCha20 key size is 256 bits (32 bytes).
|
|
|
|
|
* - Use algorithm @ref PSA_ALG_STREAM_CIPHER to use this key with the ChaCha20 cipher for
|
|
|
|
|
* unauthenticated encryption. See @ref PSA_ALG_STREAM_CIPHER for details of this
|
|
|
|
|
* algorithm.
|
|
|
|
|
* - Use algorithm @ref PSA_ALG_CHACHA20_POLY1305 to use this key with the ChaCha20 cipher
|
|
|
|
|
* and Poly1305 authenticator for AEAD. See @ref PSA_ALG_CHACHA20_POLY1305 for details
|
|
|
|
|
* of this algorithm.
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_STREAM_CIPHER
|
|
|
|
|
* - @ref PSA_ALG_CHACHA20_POLY1305
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t)0x2004)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief A secret for key derivation.
|
|
|
|
|
*
|
|
|
|
|
* @details This key type is for high-entropy secrets only. For low-entropy secrets,
|
|
|
|
|
* @ref PSA_KEY_TYPE_PASSWORD should be used instead.
|
|
|
|
|
*
|
|
|
|
|
* These keys can be used in the @ref PSA_KEY_DERIVATION_INPUT_SECRET or
|
|
|
|
|
* @ref PSA_KEY_DERIVATION_INPUT_PASSWORD input step of key derivation algorithms.
|
|
|
|
|
*
|
|
|
|
|
* The key policy determines which key derivation algorithm the key can be used for.
|
|
|
|
|
*
|
|
|
|
|
* The bit size of a secret for key derivation must be a non-zero multiple of 8. The
|
|
|
|
|
* maximum size of a secret for key derivation is implementation defined.
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_HKDF (secret input)
|
|
|
|
|
* - @ref PSA_ALG_TLS12_PRF (secret input)
|
|
|
|
|
* - @ref PSA_ALG_TLS12_PSK_TO_MS (secret input)
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_DERIVE ((psa_key_type_t)0x1200)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).
|
|
|
|
|
*
|
|
|
|
|
* @details The size of the key determines which DES algorithm is used:
|
|
|
|
|
* - Single DES uses an 8-byte key : @c key_bits = 64
|
|
|
|
|
* - 2-key 3DES uses a 16-byte key : @c key_bits = 128
|
|
|
|
|
* - 3-key 3DES uses a 24-byte key : @c key_bits = 192
|
|
|
|
|
*
|
|
|
|
|
* @warning Single DES and 2-key 3DES are weak and strongly deprecated and are only recommended for
|
|
|
|
|
* decrypting legacy data.
|
|
|
|
|
* 3-key 3DES is weak and deprecated and is only recommended for use in legacy protocols.
|
|
|
|
|
*
|
|
|
|
|
* The DES and 3DES block ciphers are defined in NIST Special Publication 800-67:
|
|
|
|
|
* Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher
|
|
|
|
|
* [SP800-67](https://doi.org/10.6028/NIST.SP.800-67r2).
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_CBC_MAC
|
|
|
|
|
* - @ref PSA_ALG_CMAC
|
|
|
|
|
* - @ref PSA_ALG_CTR
|
|
|
|
|
* - @ref PSA_ALG_CFB
|
|
|
|
|
* - @ref PSA_ALG_OFB
|
|
|
|
|
* - @ref PSA_ALG_XTS
|
|
|
|
|
* - @ref PSA_ALG_CBC_NO_PADDING
|
|
|
|
|
* - @ref PSA_ALG_CBC_PKCS7
|
|
|
|
|
* - @ref PSA_ALG_ECB_NO_PADDING
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_DES ((psa_key_type_t)0x2301)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Extract the group family from a Diffie-Hellman key type.
|
|
|
|
|
*
|
|
|
|
|
* @param type A Diffie-Hellman key type: a value of type @ref psa_key_type_t such that
|
|
|
|
|
* @ref PSA_KEY_TYPE_IS_DH(@p type) is true.
|
|
|
|
|
*
|
|
|
|
|
* @return The Diffie-Hellman group family id, if type is a supported Diffie-Hellman key.
|
|
|
|
|
* Unspecified if type is not a supported Diffie-Hellman key.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_DH_GET_FAMILY(type) \
|
|
|
|
|
((psa_dh_family_t)((type) & 0x00ff))
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Finite-field Diffie-Hellman key pair: both the private key and public key.
|
|
|
|
|
*
|
|
|
|
|
* @details @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_FFDH
|
|
|
|
|
*
|
|
|
|
|
* @param group A value of type @ref psa_dh_family_t that identifies the Diffie-Hellman group
|
|
|
|
|
* family to be used.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_DH_KEY_PAIR(group) \
|
|
|
|
|
((psa_key_type_t)(0x7200 | (group)))
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Finite-field Diffie-Hellman public key.
|
|
|
|
|
*
|
|
|
|
|
* @details @b Compatible @b algorithms
|
|
|
|
|
* None. Finite-field Diffie-Hellman public keys are exported to use in a key agreement
|
|
|
|
|
* algorithm, and the peer key is provided to the @ref PSA_ALG_FFDH key agreement
|
|
|
|
|
* algorithm as a buffer of key data.
|
|
|
|
|
*
|
|
|
|
|
* @param group A value of type @ref psa_dh_family_t that identifies the Diffie-Hellman group
|
|
|
|
|
* family to be used.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_DH_PUBLIC_KEY(group) \
|
|
|
|
|
((psa_key_type_t)(0x4200 | (group)))
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Extract the curve family from an elliptic curve key type.
|
|
|
|
|
*
|
|
|
|
|
* @param type An elliptic curve key type: a value of type @ref psa_key_type_t such that
|
|
|
|
|
* @ref PSA_KEY_TYPE_IS_ECC(@p type) is true.
|
|
|
|
|
*
|
|
|
|
|
* @return The elliptic curve family id, if type is a supported elliptic curve key.
|
|
|
|
|
* Unspecified if type is not a supported elliptic curve key.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_ECC_GET_FAMILY(type) \
|
|
|
|
|
((psa_ecc_family_t)((type) & 0x00ff))
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Base value for ECC public keys
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x4100)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Base value for ECC key pairs
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t)0x7100)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Mask for ECC curves
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x00ff)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Elliptic curve key pair: both the private and public key.
|
|
|
|
|
*
|
|
|
|
|
* @details The size of an elliptic curve key is the bit size associated with the curve, that is,
|
|
|
|
|
* the bit size of q for a curve over a field Fq. See the documentation of each Elliptic
|
|
|
|
|
* curve family for details.
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - Elliptic curve key pairs can be used in Asymmetric signature and Key agreement
|
|
|
|
|
* algorithms.
|
|
|
|
|
* - The set of compatible algorithms depends on the Elliptic curve key family. See the
|
|
|
|
|
* Elliptic curve family for details.
|
|
|
|
|
*
|
|
|
|
|
* @param curve A value of type @ref psa_ecc_family_t that identifies the ECC curve to be used.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_ECC_KEY_PAIR(curve) \
|
|
|
|
|
(PSA_KEY_TYPE_ECC_KEY_PAIR_BASE | (curve))
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Elliptic curve public key.
|
|
|
|
|
*
|
|
|
|
|
* @details The size of an elliptic curve public key is the same as the corresponding private key.
|
|
|
|
|
* See @ref PSA_KEY_TYPE_ECC_KEY_PAIR() and the documentation of each Elliptic curve
|
|
|
|
|
* family for details.
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* Elliptic curve public keys can be used for verification in asymmetric signature
|
|
|
|
|
* algorithms.
|
|
|
|
|
* The set of compatible algorithms depends on the elliptic curve key family. See each
|
|
|
|
|
* elliptic curve family for details.
|
|
|
|
|
*
|
|
|
|
|
* @param curve A value of type @ref psa_ecc_family_t that identifies the ECC curve to be used.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve) \
|
|
|
|
|
(PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Elliptic curve public key.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve) \
|
|
|
|
|
(PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Whether a key type is an elliptic curve key, either a key pair or a public key.
|
|
|
|
|
*
|
|
|
|
|
* @param type A key type: a value of type @ref psa_key_type_t.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_IS_ECC(type) \
|
|
|
|
|
((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & 0xff00) == 0x4100)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Whether a key type is an elliptic curve key pair.
|
|
|
|
|
*
|
|
|
|
|
* @param type A key type: a value of type @ref psa_key_type_t.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type) \
|
|
|
|
|
(((type) & 0xff00) == 0x7100)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Whether a key type is an elliptic curve public key.
|
|
|
|
|
*
|
|
|
|
|
* @param type A key type: a value of type @ref psa_key_type_t.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type) \
|
|
|
|
|
(((type) & 0xff00) == 0x4100)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief The public key type corresponding to a key pair type.
|
|
|
|
|
* You may also pass a key pair type as type, it will be left unchanged.
|
|
|
|
|
*
|
|
|
|
|
* @param type A public key type or key pair type.
|
|
|
|
|
*
|
|
|
|
|
* @return The corresponding public key type.
|
|
|
|
|
* If type is not a public key or a key pair, the return value is undefined.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) \
|
|
|
|
|
((psa_key_type_t)((type) & ~0x3000))
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief HMAC key.
|
|
|
|
|
*
|
|
|
|
|
* @details The key policy determines which underlying hash algorithm the key can be used for.
|
|
|
|
|
*
|
|
|
|
|
* The bit size of an HMAC key must be a non-zero multiple of 8. An HMAC key is typically
|
|
|
|
|
* the same size as the output of the underlying hash algorithm. An HMAC key that is
|
|
|
|
|
* longer than the block size of the underlying hash algorithm will be hashed before use.
|
|
|
|
|
*
|
|
|
|
|
* When an HMAC key is created that is longer than the block size, it is implementation
|
|
|
|
|
* defined whether the implementation stores the original HMAC key, or the hash of the
|
|
|
|
|
* HMAC key. If the hash of the key is stored, the key size reported by
|
|
|
|
|
* @ref psa_get_key_attributes() will be the size of the hashed key.
|
|
|
|
|
*
|
|
|
|
|
* @note @ref PSA_HASH_LENGTH(@p alg) provides the output size of hash algorithm @c alg,
|
|
|
|
|
* in bytes.
|
|
|
|
|
* @ref PSA_HASH_BLOCK_LENGTH(@p alg) provides the block size of hash algorithm
|
|
|
|
|
* @c alg, in bytes.
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_HMAC
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_HMAC ((psa_key_type_t)0x1100)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Whether a key type is asymmetric: either a key pair or a public key.
|
|
|
|
|
*
|
|
|
|
|
* @param type A key type: a value of type @ref psa_key_type_t.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_IS_ASYMMETRIC(type) \
|
|
|
|
|
(((type) & 0x4000) == 0x4000)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Whether a key type is a Diffie-Hellman key, either a key pair or a public key.
|
|
|
|
|
*
|
|
|
|
|
* @param type A key type: a value of type @ref psa_key_type_t.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_IS_DH(type) \
|
|
|
|
|
((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & 0xff00) == 0x4200)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Whether a key type is a Diffie-Hellman key pair.
|
|
|
|
|
*
|
|
|
|
|
* @param type A key type: a value of type @ref psa_key_type_t.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_IS_DH_KEY_PAIR(type) \
|
|
|
|
|
(((type) & 0xff00) == 0x7200)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Whether a key type is a Diffie-Hellman public key.
|
|
|
|
|
*
|
|
|
|
|
* @param type A key type: a value of type @ref psa_key_type_t.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) \
|
|
|
|
|
(((type) & 0xff00) == 0x4200)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Whether a key type is a key pair containing a private part and a public part.
|
|
|
|
|
*
|
|
|
|
|
* @param type A key type: a value of type @ref psa_key_type_t.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_IS_KEY_PAIR(type) \
|
|
|
|
|
(((type) & 0x7000) == 0x7000)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Whether a key type is the public part of a key pair.
|
|
|
|
|
*
|
|
|
|
|
* @param type A key type: a value of type @ref psa_key_type_t.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#define PSA_KEY_TYPE_IS_PUBLIC_KEY(type) \
|
|
|
|
|
(((type) & 0x7000) == 0x4000)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Whether a key type is an RSA key. This includes both key pairs and public keys.
|
|
|
|
|
*
|
|
|
|
|
* @param type A key type: a value of type @ref psa_key_type_t.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_IS_RSA(type) \
|
|
|
|
|
(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == 0x4001)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Whether a key type is an unstructured array of bytes.
|
|
|
|
|
* This encompasses both symmetric keys and non-key data.
|
|
|
|
|
*
|
|
|
|
|
* @param type A key type: a value of type @ref psa_key_type_t.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_IS_UNSTRUCTURED(type) \
|
|
|
|
|
(((type) & 0x7000) == 0x1000 || ((type) & 0x7000) == 0x2000)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief The key pair type corresponding to a public key type.
|
|
|
|
|
*
|
|
|
|
|
* @details If type is a key pair type, it will be left unchanged.
|
|
|
|
|
*
|
|
|
|
|
* @param type A public key type or key pair type.
|
|
|
|
|
*
|
|
|
|
|
* @return The corresponding key pair type. If type is not a public key or a key pair, the return
|
|
|
|
|
* value is undefined.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(type) \
|
|
|
|
|
((psa_key_type_t)((type) | 0x3000))
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief An invalid key type value.
|
|
|
|
|
*
|
|
|
|
|
* @details Zero is not the encoding of any key type.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_NONE ((psa_key_type_t)0x0000)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief A low-entropy secret for password hashing or key derivation.
|
|
|
|
|
*
|
|
|
|
|
* @details This key type is suitable for passwords and passphrases which are typically intended to
|
|
|
|
|
* be memorizable by humans, and have a low entropy relative to their size. It can be used
|
|
|
|
|
* for randomly generated or derived keys with maximum or near-maximum entropy, but
|
|
|
|
|
* @ref PSA_KEY_TYPE_DERIVE is more suitable for such keys. It is not suitable for
|
|
|
|
|
* passwords with extremely low entropy, such as numerical PINs.
|
|
|
|
|
*
|
|
|
|
|
* These keys can be used in the @ref PSA_KEY_DERIVATION_INPUT_PASSWORD input step of key
|
|
|
|
|
* derivation algorithms. Algorithms that accept such an input were designed to accept
|
|
|
|
|
* low-entropy secret and are known as password hashing or key stretching algorithms.
|
|
|
|
|
*
|
|
|
|
|
* These keys cannot be used in the @ref PSA_KEY_DERIVATION_INPUT_SECRET input step of key
|
|
|
|
|
* derivation algorithms, as the algorithms expect such an input to have high entropy.
|
|
|
|
|
*
|
|
|
|
|
* The key policy determines which key derivation algorithm the key can be used for, among
|
|
|
|
|
* the permissible subset defined above.
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_PBKDF2_HMAC() (password input)
|
|
|
|
|
* - @ref PSA_ALG_PBKDF2_AES_CMAC_PRF_128 (password input)
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_PASSWORD ((psa_key_type_t)0x1203)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief A secret value that can be used to verify a password hash.
|
|
|
|
|
*
|
|
|
|
|
* @details The key policy determines which key derivation algorithm the key can be used for, among
|
|
|
|
|
* the same permissible subset as for @ref PSA_KEY_TYPE_PASSWORD.
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_PBKDF2_HMAC() (key output and verification)
|
|
|
|
|
* - @ref PSA_ALG_PBKDF2_AES_CMAC_PRF_128 (key output and verification)
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_PASSWORD_HASH ((psa_key_type_t)0x1205)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief A secret value that can be used when computing a password hash.
|
|
|
|
|
*
|
|
|
|
|
* @details The key policy determines which key derivation algorithm the key can be used for, among
|
|
|
|
|
* the subset of algorithms that can use pepper.
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_PBKDF2_HMAC() (salt input)
|
|
|
|
|
* - @ref PSA_ALG_PBKDF2_AES_CMAC_PRF_128 (salt input)
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_PEPPER ((psa_key_type_t)0x1206)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Raw data.
|
|
|
|
|
*
|
|
|
|
|
* @details A “key” of this type cannot be used for any cryptographic operation. Applications can
|
|
|
|
|
* use this type to store arbitrary data in the keystore.
|
|
|
|
|
*
|
|
|
|
|
* The bit size of a raw key must be a non-zero multiple of 8. The maximum size of a raw
|
|
|
|
|
* key is implementation defined.
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_HKDF (non-secret inputs)
|
|
|
|
|
* - @ref PSA_ALG_TLS12_PRF (non-secret inputs)
|
|
|
|
|
* - @ref PSA_ALG_TLS12_PSK_TO_MS (non-secret inputs)
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t)0x1001)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief RSA key pair: both the private and public key.
|
|
|
|
|
*
|
|
|
|
|
* @details The size of an RSA key is the bit size of the modulus.
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_RSA_OAEP
|
|
|
|
|
* - @ref PSA_ALG_RSA_PKCS1V15_CRYPT
|
|
|
|
|
* - @ref PSA_ALG_RSA_PKCS1V15_SIGN
|
|
|
|
|
* - @ref PSA_ALG_RSA_PKCS1V15_SIGN_RAW
|
|
|
|
|
* - @ref PSA_ALG_RSA_PSS
|
|
|
|
|
* - @ref PSA_ALG_RSA_PSS_ANY_SALT
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t)0x7001)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief RSA public key.
|
|
|
|
|
*
|
|
|
|
|
* @details The size of an RSA key is the bit size of the modulus.
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_RSA_OAEP (encryption only)
|
|
|
|
|
* - @ref PSA_ALG_RSA_PKCS1V15_CRYPT (encryption only)
|
|
|
|
|
* - @ref PSA_ALG_RSA_PKCS1V15_SIGN (signature verification only)
|
|
|
|
|
* - @ref PSA_ALG_RSA_PKCS1V15_SIGN_RAW (signature verification only)
|
|
|
|
|
* - @ref PSA_ALG_RSA_PSS (signature verification only)
|
|
|
|
|
* - @ref PSA_ALG_RSA_PSS_ANY_SALT (signature verification only)
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x4001)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Key for a cipher, AEAD or MAC algorithm based on the SM4 block cipher.
|
|
|
|
|
*
|
|
|
|
|
* @details For algorithms except the XTS block cipher mode, the SM4 key size is 128 bits
|
|
|
|
|
* (16 bytes).
|
|
|
|
|
*
|
|
|
|
|
* For the XTS block cipher mode (@ref PSA_ALG_XTS), the SM4 key size is 256 bits
|
|
|
|
|
* (two 16-byte keys).
|
|
|
|
|
*
|
|
|
|
|
* The SM4 block cipher is defined in GM/T 0002-2012: SM4 block cipher algorithm
|
|
|
|
|
* [CSTC0002](http://www.gmbz.org.cn/main/viewfile/20180108015408199368.html)
|
|
|
|
|
* (English version [CSTC0002/E](http://www.gmbz.org.cn/main/postDetail.html?
|
|
|
|
|
* id=20180404044052)).
|
|
|
|
|
*
|
|
|
|
|
* @b Compatible @b algorithms
|
|
|
|
|
* - @ref PSA_ALG_CBC_MAC
|
|
|
|
|
* - @ref PSA_ALG_CMAC
|
|
|
|
|
* - @ref PSA_ALG_CTR
|
|
|
|
|
* - @ref PSA_ALG_CFB
|
|
|
|
|
* - @ref PSA_ALG_OFB
|
|
|
|
|
* - @ref PSA_ALG_XTS
|
|
|
|
|
* - @ref PSA_ALG_CBC_NO_PADDING
|
|
|
|
|
* - @ref PSA_ALG_CBC_PKCS7
|
|
|
|
|
* - @ref PSA_ALG_ECB_NO_PADDING
|
|
|
|
|
* - @ref PSA_ALG_CCM
|
|
|
|
|
* - @ref PSA_ALG_GCM
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_TYPE_SM4 ((psa_key_type_t)0x2405)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Permission for the implementation to cache the key.
|
|
|
|
|
*
|
|
|
|
|
* @details This flag allows the implementation to make additional copies of the key material that
|
|
|
|
|
* are not in storage and not for the purpose of an ongoing operation. Applications can
|
|
|
|
|
* use it as a hint to keep the key around for repeated access.
|
|
|
|
|
*
|
|
|
|
|
* An application can request that cached key material is removed from memory by calling
|
|
|
|
|
* @ref psa_purge_key().
|
|
|
|
|
*
|
|
|
|
|
* The presence of this usage flag when creating a key is a hint:
|
|
|
|
|
* - An implementation is not required to cache keys that have this usage flag.
|
|
|
|
|
* - An implementation must not report an error if it does not cache keys.
|
|
|
|
|
*
|
|
|
|
|
* If this usage flag is not present, the implementation must ensure key material is
|
|
|
|
|
* removed from memory as soon as it is not required for an operation or for maintenance
|
|
|
|
|
* of a volatile key.
|
|
|
|
|
*
|
|
|
|
|
* This flag must be preserved when reading back the attributes for all keys, regardless
|
|
|
|
|
* of key type or implementation behavior.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_USAGE_CACHE ((psa_key_usage_t)0x00000004)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Permission to copy the key.
|
|
|
|
|
*
|
|
|
|
|
* @details This flag allows the use of @ref psa_copy_key() to make a copy of the key with the same
|
|
|
|
|
* policy or a more restrictive policy.
|
|
|
|
|
*
|
|
|
|
|
* For lifetimes for which the key is located in a secure element which enforce the
|
|
|
|
|
* non-exportability of keys, copying a key outside the secure element also requires the
|
|
|
|
|
* usage flag @ref PSA_KEY_USAGE_EXPORT. Copying the key inside the secure element is
|
|
|
|
|
* permitted with just @ref PSA_KEY_USAGE_COPY if the secure element supports it. For keys
|
|
|
|
|
* with the lifetime @ref PSA_KEY_LIFETIME_VOLATILE or @ref PSA_KEY_LIFETIME_PERSISTENT,
|
|
|
|
|
* the usage flag @ref PSA_KEY_USAGE_COPY is sufficient to permit the copy.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_USAGE_COPY ((psa_key_usage_t)0x00000002)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Permission to decrypt a message with the key.
|
|
|
|
|
*
|
|
|
|
|
* @details This flag allows the key to be used for a symmetric decryption operation, for an AEAD
|
|
|
|
|
* decryption-and-verification operation, or for an asymmetric decryption operation, if
|
|
|
|
|
* otherwise permitted by the key’s type and policy. The flag must be present on keys used
|
|
|
|
|
* with the following APIs:
|
|
|
|
|
* - @ref psa_cipher_decrypt()
|
|
|
|
|
* - @ref psa_cipher_decrypt_setup()
|
|
|
|
|
* - @ref psa_aead_decrypt()
|
|
|
|
|
* - @ref psa_aead_decrypt_setup()
|
|
|
|
|
* - @ref psa_asymmetric_decrypt()
|
|
|
|
|
*
|
|
|
|
|
* For a key pair, this concerns the private key.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_USAGE_DECRYPT ((psa_key_usage_t)0x00000200)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Permission to derive other keys or produce a password hash from this key.
|
|
|
|
|
*
|
|
|
|
|
* @details This flag allows the key to be used for a key derivation operation or for a key
|
|
|
|
|
* agreement operation, if otherwise permitted by the key’s type and policy.
|
|
|
|
|
*
|
|
|
|
|
* This flag must be present on keys used with the following APIs:
|
|
|
|
|
* - @ref psa_key_derivation_key_agreement()
|
|
|
|
|
* - @ref psa_raw_key_agreement()
|
|
|
|
|
*
|
|
|
|
|
* If this flag is present on all keys used in calls to
|
|
|
|
|
* @ref psa_key_derivation_input_key() for a key derivation operation, then it permits
|
|
|
|
|
* calling @ref psa_key_derivation_output_bytes() or @ref psa_key_derivation_output_key()
|
|
|
|
|
* at the end of the operation.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_USAGE_DERIVE ((psa_key_usage_t)0x00004000)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Permission to encrypt a message with the key.
|
|
|
|
|
*
|
|
|
|
|
* @details This flag allows the key to be used for a symmetric encryption operation, for an AEAD
|
|
|
|
|
* encryption-and-authentication operation, or for an asymmetric encryption operation, if
|
|
|
|
|
* otherwise permitted by the key’s type and policy. The flag must be present on keys used
|
|
|
|
|
* with the following APIs:
|
|
|
|
|
* - @ref psa_cipher_encrypt()
|
|
|
|
|
* - @ref psa_cipher_encrypt_setup()
|
|
|
|
|
* - @ref psa_aead_encrypt()
|
|
|
|
|
* - @ref psa_aead_encrypt_setup()
|
|
|
|
|
* - @ref psa_asymmetric_encrypt()
|
|
|
|
|
*
|
|
|
|
|
* For a key pair, this concerns the public key.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_USAGE_ENCRYPT ((psa_key_usage_t)0x00000100)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Permission to export the key.
|
|
|
|
|
*
|
|
|
|
|
* @details This flag allows the use of @ref psa_export_key() to export a key from the
|
|
|
|
|
* cryptoprocessor. A public key or the public part of a key pair can always be exported
|
|
|
|
|
* regardless of the value of this permission flag.
|
|
|
|
|
*
|
|
|
|
|
* This flag can also be required to copy a key using @ref psa_copy_key() outside of a
|
|
|
|
|
* secure element. See also @ref PSA_KEY_USAGE_COPY.
|
|
|
|
|
*
|
|
|
|
|
* If a key does not have export permission, implementations must not allow the key to be
|
|
|
|
|
* exported in plain form from the cryptoprocessor, whether through @ref psa_export_key()
|
|
|
|
|
* or through a proprietary interface. The key might still be exportable in a wrapped
|
|
|
|
|
* form, i.e. in a form where it is encrypted by another key.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_USAGE_EXPORT ((psa_key_usage_t)0x00000001)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Permission to sign a message hash with the key.
|
|
|
|
|
*
|
|
|
|
|
* @details This flag allows the key to be used to sign a message hash as part of an asymmetric
|
|
|
|
|
* signature operation, if otherwise permitted by the key’s type and policy. The flag must
|
|
|
|
|
* be present on keys used when calling @ref psa_sign_hash().
|
|
|
|
|
*
|
|
|
|
|
* This flag automatically sets @ref PSA_KEY_USAGE_SIGN_MESSAGE : if an application sets
|
|
|
|
|
* the flag @ref PSA_KEY_USAGE_SIGN_HASH when creating a key, then the key always has the
|
|
|
|
|
* permissions conveyed by @ref PSA_KEY_USAGE_SIGN_MESSAGE, and the flag
|
|
|
|
|
* @ref PSA_KEY_USAGE_SIGN_MESSAGE will also be present when the application queries the
|
|
|
|
|
* usage flags of the key.
|
|
|
|
|
*
|
|
|
|
|
* For a key pair, this concerns the private key.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_USAGE_SIGN_HASH ((psa_key_usage_t)0x00001000)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Permission to sign a message with the key.
|
|
|
|
|
*
|
|
|
|
|
* @details This flag allows the key to be used for a MAC calculation operation or for an
|
|
|
|
|
* asymmetric message signature operation, if otherwise permitted by the key’s type and
|
|
|
|
|
* policy. The flag must be present on keys used with the following APIs:
|
|
|
|
|
* - @ref psa_mac_compute()
|
|
|
|
|
* - @ref psa_mac_sign_setup()
|
|
|
|
|
* - @ref psa_sign_message()
|
|
|
|
|
*
|
|
|
|
|
* For a key pair, this concerns the private key.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_USAGE_SIGN_MESSAGE ((psa_key_usage_t)0x00000400)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Permission to verify the result of a key derivation, including password hashing.
|
|
|
|
|
*
|
|
|
|
|
* @details This flag allows the key to be used in a key derivation operation, if otherwise
|
|
|
|
|
* permitted by the key’s type and policy.
|
|
|
|
|
*
|
|
|
|
|
* This flag must be present on keys used with @ref psa_key_derivation_verify_key().
|
|
|
|
|
*
|
|
|
|
|
* If this flag is present on all keys used in calls to
|
|
|
|
|
* @ref psa_key_derivation_input_key() for a key derivation operation, then it permits
|
|
|
|
|
* calling @ref psa_key_derivation_verify_bytes() or @ref psa_key_derivation_verify_key()
|
|
|
|
|
* at the end of the operation.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_USAGE_VERIFY_DERIVATION ((psa_key_usage_t)0x00008000)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Permission to verify a message hash with the key.
|
|
|
|
|
*
|
|
|
|
|
* @details This flag allows the key to be used to verify a message hash as part of an asymmetric
|
|
|
|
|
* signature verification operation, if otherwise permitted by the key’s type and policy.
|
|
|
|
|
* The flag must be present on keys used when calling @ref psa_verify_hash().
|
|
|
|
|
*
|
|
|
|
|
* This flag automatically sets @ref PSA_KEY_USAGE_VERIFY_MESSAGE : if an application sets
|
|
|
|
|
* the flag @ref PSA_KEY_USAGE_VERIFY_HASH when creating a key, then the key always has
|
|
|
|
|
* the permissions conveyed by @ref PSA_KEY_USAGE_VERIFY_MESSAGE, and the flag
|
|
|
|
|
* @ref PSA_KEY_USAGE_VERIFY_MESSAGE will also be present when the application queries the
|
|
|
|
|
* usage flags of the key.
|
|
|
|
|
*
|
|
|
|
|
* For a key pair, this concerns the public key.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_USAGE_VERIFY_HASH ((psa_key_usage_t)0x00002000)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Permission to verify a message signature with the key.
|
|
|
|
|
*
|
|
|
|
|
* @details This flag allows the key to be used for a MAC verification operation or for an
|
|
|
|
|
* asymmetric message signature verification operation, if otherwise permitted by the
|
|
|
|
|
* key’s type and policy. The flag must be present on keys used with the following APIs:
|
|
|
|
|
* - @ref psa_mac_verify()
|
|
|
|
|
* - @ref psa_mac_verify_setup()
|
|
|
|
|
* - @ref psa_verify_message()
|
|
|
|
|
*
|
|
|
|
|
* For a key pair, this concerns the public key.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_KEY_USAGE_VERIFY_MESSAGE ((psa_key_usage_t)0x00000800)
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Sufficient output buffer size for @ref psa_raw_key_agreement(), for any of the
|
|
|
|
|
* supported key types and key agreement algorithms.
|
|
|
|
|
*
|
|
|
|
|
* @details If the size of the output buffer is at least this large, it is guaranteed that
|
|
|
|
|
* @ref psa_raw_key_agreement() will not fail due to an insufficient buffer size.
|
|
|
|
|
*
|
|
|
|
|
* See also @ref PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE().
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE \
|
|
|
|
|
/* implementation-defined value */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Sufficient output buffer size for @ref psa_raw_key_agreement().
|
|
|
|
|
*
|
|
|
|
|
* @details If the size of the output buffer is at least this large, it is guaranteed that
|
|
|
|
|
* @ref psa_raw_key_agreement() will not fail due to an insufficient buffer size.
|
|
|
|
|
* The actual size of the output might be smaller in any given call.
|
|
|
|
|
*
|
|
|
|
|
* See also @ref PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE.
|
|
|
|
|
*
|
|
|
|
|
* @param key_type A supported key type.
|
|
|
|
|
* @param key_bits The size of the key in bits.
|
|
|
|
|
*
|
|
|
|
|
* @return A sufficient output buffer size for the specified key type and size.
|
|
|
|
|
* 0 if key type is not supported.
|
|
|
|
|
* If the parameters are not valid, the return value is unspecified.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \
|
|
|
|
|
/* implementation-defined value */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief A sufficient signature buffer size for @ref psa_sign_message() and
|
|
|
|
|
* @ref psa_sign_hash(), for any of the supported key types and asymmetric signature
|
|
|
|
|
* algorithms.
|
|
|
|
|
*
|
|
|
|
|
* @details If the size of the signature buffer is at least this large, it is guaranteed that
|
|
|
|
|
* @ref psa_sign_message() and @ref psa_sign_hash() will not fail due to an insufficient
|
|
|
|
|
* buffer size.
|
|
|
|
|
*
|
|
|
|
|
* See also @ref PSA_SIGN_OUTPUT_SIZE().
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_SIGNATURE_MAX_SIZE /* implementation-defined value */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief This macro returns the maximum supported length of the PSK for the TLS-1.2 PSK-to-MS
|
|
|
|
|
* key derivation.
|
|
|
|
|
*
|
|
|
|
|
* @details This implementation-defined value specifies the maximum length for the PSK input used
|
|
|
|
|
* with a @ref PSA_ALG_TLS12_PSK_TO_MS() key agreement algorithm.
|
|
|
|
|
*
|
|
|
|
|
* Quoting Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)
|
|
|
|
|
* [RFC4279](https://tools.ietf.org/html/rfc4279.html) §5.3:
|
|
|
|
|
* TLS implementations supporting these cipher suites MUST support arbitrary PSK
|
|
|
|
|
* identities up to 128 octets in length, and arbitrary PSKs up to 64 octets in length.
|
|
|
|
|
* Supporting longer identities and keys is RECOMMENDED.
|
|
|
|
|
*
|
|
|
|
|
* Therefore, it is recommended that implementations define
|
|
|
|
|
* @ref PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE with a value greater than or equal to 64.
|
|
|
|
|
*/
|
|
|
|
|
#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE /* implementation-defined value */
|
|
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#endif /* PSA_CRYPTO_PSA_CRYPTO_VALUES_H */
|
|
|
|
|
/** @} */
|