Platform Security Architecture — cryptography and keystore interface  beta 2 — 2019-02-22
crypto_values.h
Go to the documentation of this file.
1 
17 /*
18  * Copyright (C) 2018, ARM Limited, All Rights Reserved
19  * SPDX-License-Identifier: Apache-2.0
20  *
21  * Licensed under the Apache License, Version 2.0 (the "License"); you may
22  * not use this file except in compliance with the License.
23  * You may obtain a copy of the License at
24  *
25  * http://www.apache.org/licenses/LICENSE-2.0
26  *
27  * Unless required by applicable law or agreed to in writing, software
28  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
29  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
30  * See the License for the specific language governing permissions and
31  * limitations under the License.
32  *
33  * This file is part of mbed TLS (https://tls.mbed.org)
34  */
35 
36 #ifndef PSA_CRYPTO_VALUES_H
37 #define PSA_CRYPTO_VALUES_H
38 
43 #if !defined(PSA_SUCCESS)
44 /* If PSA_SUCCESS is defined, assume that PSA crypto is being used
45  * together with PSA IPC, which also defines the identifier
46  * PSA_SUCCESS. We must not define PSA_SUCCESS ourselves in that case;
47  * the other error code names don't clash. This is a temporary hack
48  * until we unify error reporting in PSA IPC and PSA crypto.
49  *
50  * Note that psa_defs.h must be included before this header!
51  */
53 #define PSA_SUCCESS ((psa_status_t)0)
54 #endif /* !defined(PSA_SUCCESS) */
55 
61 #define PSA_ERROR_UNKNOWN_ERROR ((psa_status_t)1)
62 
70 #define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)2)
71 
83 #define PSA_ERROR_NOT_PERMITTED ((psa_status_t)3)
84 
95 #define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)4)
96 
103 #define PSA_ERROR_OCCUPIED_SLOT ((psa_status_t)5)
104 
111 #define PSA_ERROR_EMPTY_SLOT ((psa_status_t)6)
112 
123 #define PSA_ERROR_BAD_STATE ((psa_status_t)7)
124 
139 #define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)8)
140 
145 #define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)9)
146 
154 #define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)10)
155 
171 #define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)11)
172 
196 #define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)12)
197 
202 #define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)13)
203 
233 #define PSA_ERROR_TAMPERING_DETECTED ((psa_status_t)14)
234 
252 #define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)15)
253 
262 #define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)16)
263 
278 #define PSA_ERROR_INVALID_PADDING ((psa_status_t)17)
279 
284 #define PSA_ERROR_INSUFFICIENT_CAPACITY ((psa_status_t)18)
285 
288 #define PSA_ERROR_INVALID_HANDLE ((psa_status_t)19)
289 
300 #define PSA_KEY_TYPE_NONE ((psa_key_type_t)0x00000000)
301 
309 #define PSA_KEY_TYPE_VENDOR_FLAG ((psa_key_type_t)0x80000000)
310 
311 #define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t)0x70000000)
312 #define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t)0x40000000)
313 #define PSA_KEY_TYPE_CATEGORY_RAW ((psa_key_type_t)0x50000000)
314 #define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY ((psa_key_type_t)0x60000000)
315 #define PSA_KEY_TYPE_CATEGORY_KEY_PAIR ((psa_key_type_t)0x70000000)
316 
317 #define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR ((psa_key_type_t)0x10000000)
318 
320 #define PSA_KEY_TYPE_IS_VENDOR_DEFINED(type) \
321  (((type) & PSA_KEY_TYPE_VENDOR_FLAG) != 0)
322 
327 #define PSA_KEY_TYPE_IS_UNSTRUCTURED(type) \
328  (((type) & PSA_KEY_TYPE_CATEGORY_MASK & ~(psa_key_type_t)0x10000000) == \
329  PSA_KEY_TYPE_CATEGORY_SYMMETRIC)
330 
332 #define PSA_KEY_TYPE_IS_ASYMMETRIC(type) \
333  (((type) & PSA_KEY_TYPE_CATEGORY_MASK \
334  & ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR) == \
335  PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)
336 
337 #define PSA_KEY_TYPE_IS_PUBLIC_KEY(type) \
338  (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)
339 
341 #define PSA_KEY_TYPE_IS_KEYPAIR(type) \
342  (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_KEY_PAIR)
343 
353 #define PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY(type) \
354  ((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
355 
365 #define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) \
366  ((type) & ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
367 
372 #define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t)0x50000001)
373 
382 #define PSA_KEY_TYPE_HMAC ((psa_key_type_t)0x51000000)
383 
389 #define PSA_KEY_TYPE_DERIVE ((psa_key_type_t)0x52000000)
390 
396 #define PSA_KEY_TYPE_AES ((psa_key_type_t)0x40000001)
397 
407 #define PSA_KEY_TYPE_DES ((psa_key_type_t)0x40000002)
408 
411 #define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t)0x40000003)
412 
417 #define PSA_KEY_TYPE_ARC4 ((psa_key_type_t)0x40000004)
418 
420 #define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x60010000)
421 
422 #define PSA_KEY_TYPE_RSA_KEYPAIR ((psa_key_type_t)0x70010000)
423 
424 #define PSA_KEY_TYPE_IS_RSA(type) \
425  (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)
426 
428 #define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x60020000)
429 
430 #define PSA_KEY_TYPE_DSA_KEYPAIR ((psa_key_type_t)0x70020000)
431 
432 #define PSA_KEY_TYPE_IS_DSA(type) \
433  (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY)
434 
435 #define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x60030000)
436 #define PSA_KEY_TYPE_ECC_KEYPAIR_BASE ((psa_key_type_t)0x70030000)
437 #define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x0000ffff)
438 
439 #define PSA_KEY_TYPE_ECC_KEYPAIR(curve) \
440  (PSA_KEY_TYPE_ECC_KEYPAIR_BASE | (curve))
441 
442 #define PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve) \
443  (PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))
444 
446 #define PSA_KEY_TYPE_IS_ECC(type) \
447  ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) & \
448  ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)
449 
450 #define PSA_KEY_TYPE_IS_ECC_KEYPAIR(type) \
451  (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
452  PSA_KEY_TYPE_ECC_KEYPAIR_BASE)
453 
454 #define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type) \
455  (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
456  PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)
457 
459 #define PSA_KEY_TYPE_GET_CURVE(type) \
460  ((psa_ecc_curve_t) (PSA_KEY_TYPE_IS_ECC(type) ? \
461  ((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
462  0))
463 
464 /* The encoding of curve identifiers is currently aligned with the
465  * TLS Supported Groups Registry (formerly known as the
466  * TLS EC Named Curve Registry)
467  * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
468  * The values are defined by RFC 8422 and RFC 7027. */
469 #define PSA_ECC_CURVE_SECT163K1 ((psa_ecc_curve_t) 0x0001)
470 #define PSA_ECC_CURVE_SECT163R1 ((psa_ecc_curve_t) 0x0002)
471 #define PSA_ECC_CURVE_SECT163R2 ((psa_ecc_curve_t) 0x0003)
472 #define PSA_ECC_CURVE_SECT193R1 ((psa_ecc_curve_t) 0x0004)
473 #define PSA_ECC_CURVE_SECT193R2 ((psa_ecc_curve_t) 0x0005)
474 #define PSA_ECC_CURVE_SECT233K1 ((psa_ecc_curve_t) 0x0006)
475 #define PSA_ECC_CURVE_SECT233R1 ((psa_ecc_curve_t) 0x0007)
476 #define PSA_ECC_CURVE_SECT239K1 ((psa_ecc_curve_t) 0x0008)
477 #define PSA_ECC_CURVE_SECT283K1 ((psa_ecc_curve_t) 0x0009)
478 #define PSA_ECC_CURVE_SECT283R1 ((psa_ecc_curve_t) 0x000a)
479 #define PSA_ECC_CURVE_SECT409K1 ((psa_ecc_curve_t) 0x000b)
480 #define PSA_ECC_CURVE_SECT409R1 ((psa_ecc_curve_t) 0x000c)
481 #define PSA_ECC_CURVE_SECT571K1 ((psa_ecc_curve_t) 0x000d)
482 #define PSA_ECC_CURVE_SECT571R1 ((psa_ecc_curve_t) 0x000e)
483 #define PSA_ECC_CURVE_SECP160K1 ((psa_ecc_curve_t) 0x000f)
484 #define PSA_ECC_CURVE_SECP160R1 ((psa_ecc_curve_t) 0x0010)
485 #define PSA_ECC_CURVE_SECP160R2 ((psa_ecc_curve_t) 0x0011)
486 #define PSA_ECC_CURVE_SECP192K1 ((psa_ecc_curve_t) 0x0012)
487 #define PSA_ECC_CURVE_SECP192R1 ((psa_ecc_curve_t) 0x0013)
488 #define PSA_ECC_CURVE_SECP224K1 ((psa_ecc_curve_t) 0x0014)
489 #define PSA_ECC_CURVE_SECP224R1 ((psa_ecc_curve_t) 0x0015)
490 #define PSA_ECC_CURVE_SECP256K1 ((psa_ecc_curve_t) 0x0016)
491 #define PSA_ECC_CURVE_SECP256R1 ((psa_ecc_curve_t) 0x0017)
492 #define PSA_ECC_CURVE_SECP384R1 ((psa_ecc_curve_t) 0x0018)
493 #define PSA_ECC_CURVE_SECP521R1 ((psa_ecc_curve_t) 0x0019)
494 #define PSA_ECC_CURVE_BRAINPOOL_P256R1 ((psa_ecc_curve_t) 0x001a)
495 #define PSA_ECC_CURVE_BRAINPOOL_P384R1 ((psa_ecc_curve_t) 0x001b)
496 #define PSA_ECC_CURVE_BRAINPOOL_P512R1 ((psa_ecc_curve_t) 0x001c)
497 #define PSA_ECC_CURVE_CURVE25519 ((psa_ecc_curve_t) 0x001d)
498 #define PSA_ECC_CURVE_CURVE448 ((psa_ecc_curve_t) 0x001e)
499 
501 #define PSA_KEY_TYPE_DH_PUBLIC_KEY ((psa_key_type_t)0x60040000)
502 
503 #define PSA_KEY_TYPE_DH_KEYPAIR ((psa_key_type_t)0x70040000)
504 
506 #define PSA_KEY_TYPE_IS_DH(type) \
507  (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_DH_PUBLIC_KEY)
508 
527 #define PSA_BLOCK_CIPHER_BLOCK_SIZE(type) \
528  ( \
529  (type) == PSA_KEY_TYPE_AES ? 16 : \
530  (type) == PSA_KEY_TYPE_DES ? 8 : \
531  (type) == PSA_KEY_TYPE_CAMELLIA ? 16 : \
532  (type) == PSA_KEY_TYPE_ARC4 ? 1 : \
533  0)
534 
535 #define PSA_ALG_VENDOR_FLAG ((psa_algorithm_t)0x80000000)
536 #define PSA_ALG_CATEGORY_MASK ((psa_algorithm_t)0x7f000000)
537 #define PSA_ALG_CATEGORY_HASH ((psa_algorithm_t)0x01000000)
538 #define PSA_ALG_CATEGORY_MAC ((psa_algorithm_t)0x02000000)
539 #define PSA_ALG_CATEGORY_CIPHER ((psa_algorithm_t)0x04000000)
540 #define PSA_ALG_CATEGORY_AEAD ((psa_algorithm_t)0x06000000)
541 #define PSA_ALG_CATEGORY_SIGN ((psa_algorithm_t)0x10000000)
542 #define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION ((psa_algorithm_t)0x12000000)
543 #define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t)0x20000000)
544 #define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t)0x30000000)
545 
546 #define PSA_ALG_IS_VENDOR_DEFINED(alg) \
547  (((alg) & PSA_ALG_VENDOR_FLAG) != 0)
548 
557 #define PSA_ALG_IS_HASH(alg) \
558  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_HASH)
559 
568 #define PSA_ALG_IS_MAC(alg) \
569  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_MAC)
570 
579 #define PSA_ALG_IS_CIPHER(alg) \
580  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_CIPHER)
581 
591 #define PSA_ALG_IS_AEAD(alg) \
592  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_AEAD)
593 
602 #define PSA_ALG_IS_SIGN(alg) \
603  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_SIGN)
604 
613 #define PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg) \
614  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION)
615 
624 #define PSA_ALG_IS_KEY_AGREEMENT(alg) \
625  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_AGREEMENT)
626 
635 #define PSA_ALG_IS_KEY_DERIVATION(alg) \
636  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_DERIVATION)
637 
638 #define PSA_ALG_HASH_MASK ((psa_algorithm_t)0x000000ff)
639 
640 #define PSA_ALG_MD2 ((psa_algorithm_t)0x01000001)
641 #define PSA_ALG_MD4 ((psa_algorithm_t)0x01000002)
642 #define PSA_ALG_MD5 ((psa_algorithm_t)0x01000003)
643 #define PSA_ALG_RIPEMD160 ((psa_algorithm_t)0x01000004)
644 #define PSA_ALG_SHA_1 ((psa_algorithm_t)0x01000005)
645 
646 #define PSA_ALG_SHA_224 ((psa_algorithm_t)0x01000008)
647 
648 #define PSA_ALG_SHA_256 ((psa_algorithm_t)0x01000009)
649 
650 #define PSA_ALG_SHA_384 ((psa_algorithm_t)0x0100000a)
651 
652 #define PSA_ALG_SHA_512 ((psa_algorithm_t)0x0100000b)
653 
654 #define PSA_ALG_SHA_512_224 ((psa_algorithm_t)0x0100000c)
655 
656 #define PSA_ALG_SHA_512_256 ((psa_algorithm_t)0x0100000d)
657 
658 #define PSA_ALG_SHA3_224 ((psa_algorithm_t)0x01000010)
659 
660 #define PSA_ALG_SHA3_256 ((psa_algorithm_t)0x01000011)
661 
662 #define PSA_ALG_SHA3_384 ((psa_algorithm_t)0x01000012)
663 
664 #define PSA_ALG_SHA3_512 ((psa_algorithm_t)0x01000013)
665 
699 #define PSA_ALG_ANY_HASH ((psa_algorithm_t)0x010000ff)
700 
701 #define PSA_ALG_MAC_SUBCATEGORY_MASK ((psa_algorithm_t)0x00c00000)
702 #define PSA_ALG_HMAC_BASE ((psa_algorithm_t)0x02800000)
703 
714 #define PSA_ALG_HMAC(hash_alg) \
715  (PSA_ALG_HMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
716 
717 #define PSA_ALG_HMAC_GET_HASH(hmac_alg) \
718  (PSA_ALG_CATEGORY_HASH | ((hmac_alg) & PSA_ALG_HASH_MASK))
719 
730 #define PSA_ALG_IS_HMAC(alg) \
731  (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \
732  PSA_ALG_HMAC_BASE)
733 
734 /* In the encoding of a MAC algorithm, the bits corresponding to
735  * PSA_ALG_MAC_TRUNCATION_MASK encode the length to which the MAC is
736  * truncated. As an exception, the value 0 means the untruncated algorithm,
737  * whatever its length is. The length is encoded in 6 bits, so it can
738  * reach up to 63; the largest MAC is 64 bytes so its trivial truncation
739  * to full length is correctly encoded as 0 and any non-trivial truncation
740  * is correctly encoded as a value between 1 and 63. */
741 #define PSA_ALG_MAC_TRUNCATION_MASK ((psa_algorithm_t)0x00003f00)
742 #define PSA_MAC_TRUNCATION_OFFSET 8
743 
777 #define PSA_ALG_TRUNCATED_MAC(alg, mac_length) \
778  (((alg) & ~PSA_ALG_MAC_TRUNCATION_MASK) | \
779  ((mac_length) << PSA_MAC_TRUNCATION_OFFSET & PSA_ALG_MAC_TRUNCATION_MASK))
780 
793 #define PSA_ALG_FULL_LENGTH_MAC(alg) \
794  ((alg) & ~PSA_ALG_MAC_TRUNCATION_MASK)
795 
807 #define PSA_MAC_TRUNCATED_LENGTH(alg) \
808  (((alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET)
809 
810 #define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t)0x02c00000)
811 #define PSA_ALG_CBC_MAC ((psa_algorithm_t)0x02c00001)
812 #define PSA_ALG_CMAC ((psa_algorithm_t)0x02c00002)
813 #define PSA_ALG_GMAC ((psa_algorithm_t)0x02c00003)
814 
823 #define PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) \
824  (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \
825  PSA_ALG_CIPHER_MAC_BASE)
826 
827 #define PSA_ALG_CIPHER_STREAM_FLAG ((psa_algorithm_t)0x00800000)
828 #define PSA_ALG_CIPHER_FROM_BLOCK_FLAG ((psa_algorithm_t)0x00400000)
829 
842 #define PSA_ALG_IS_STREAM_CIPHER(alg) \
843  (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_CIPHER_STREAM_FLAG)) == \
844  (PSA_ALG_CATEGORY_CIPHER | PSA_ALG_CIPHER_STREAM_FLAG))
845 
848 #define PSA_ALG_ARC4 ((psa_algorithm_t)0x04800001)
849 
857 #define PSA_ALG_CTR ((psa_algorithm_t)0x04c00001)
858 
859 #define PSA_ALG_CFB ((psa_algorithm_t)0x04c00002)
860 
861 #define PSA_ALG_OFB ((psa_algorithm_t)0x04c00003)
862 
869 #define PSA_ALG_XTS ((psa_algorithm_t)0x044000ff)
870 
878 #define PSA_ALG_CBC_NO_PADDING ((psa_algorithm_t)0x04600100)
879 
886 #define PSA_ALG_CBC_PKCS7 ((psa_algorithm_t)0x04600101)
887 
890 #define PSA_ALG_CCM ((psa_algorithm_t)0x06001001)
891 
894 #define PSA_ALG_GCM ((psa_algorithm_t)0x06001002)
895 
896 /* In the encoding of a AEAD algorithm, the bits corresponding to
897  * PSA_ALG_AEAD_TAG_LENGTH_MASK encode the length of the AEAD tag.
898  * The constants for default lengths follow this encoding.
899  */
900 #define PSA_ALG_AEAD_TAG_LENGTH_MASK ((psa_algorithm_t)0x00003f00)
901 #define PSA_AEAD_TAG_LENGTH_OFFSET 8
902 
921 #define PSA_ALG_AEAD_WITH_TAG_LENGTH(alg, tag_length) \
922  (((alg) & ~PSA_ALG_AEAD_TAG_LENGTH_MASK) | \
923  ((tag_length) << PSA_AEAD_TAG_LENGTH_OFFSET & \
924  PSA_ALG_AEAD_TAG_LENGTH_MASK))
925 
934 #define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) \
935  ( \
936  PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, PSA_ALG_CCM) \
937  PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, PSA_ALG_GCM) \
938  0)
939 #define PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(alg, ref) \
940  PSA_ALG_AEAD_WITH_TAG_LENGTH(alg, 0) == \
941  PSA_ALG_AEAD_WITH_TAG_LENGTH(ref, 0) ? \
942  ref :
943 
944 #define PSA_ALG_RSA_PKCS1V15_SIGN_BASE ((psa_algorithm_t)0x10020000)
945 
960 #define PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg) \
961  (PSA_ALG_RSA_PKCS1V15_SIGN_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
962 
968 #define PSA_ALG_RSA_PKCS1V15_SIGN_RAW PSA_ALG_RSA_PKCS1V15_SIGN_BASE
969 #define PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) \
970  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PKCS1V15_SIGN_BASE)
971 
972 #define PSA_ALG_RSA_PSS_BASE ((psa_algorithm_t)0x10030000)
973 
991 #define PSA_ALG_RSA_PSS(hash_alg) \
992  (PSA_ALG_RSA_PSS_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
993 #define PSA_ALG_IS_RSA_PSS(alg) \
994  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE)
995 
996 #define PSA_ALG_DSA_BASE ((psa_algorithm_t)0x10040000)
997 
1011 #define PSA_ALG_DSA(hash_alg) \
1012  (PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1013 #define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t)0x10050000)
1014 #define PSA_ALG_DSA_DETERMINISTIC_FLAG ((psa_algorithm_t)0x00010000)
1015 
1029 #define PSA_ALG_DETERMINISTIC_DSA(hash_alg) \
1030  (PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1031 #define PSA_ALG_IS_DSA(alg) \
1032  (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == \
1033  PSA_ALG_DSA_BASE)
1034 #define PSA_ALG_DSA_IS_DETERMINISTIC(alg) \
1035  (((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)
1036 #define PSA_ALG_IS_DETERMINISTIC_DSA(alg) \
1037  (PSA_ALG_IS_DSA(alg) && PSA_ALG_DSA_IS_DETERMINISTIC(alg))
1038 #define PSA_ALG_IS_RANDOMIZED_DSA(alg) \
1039  (PSA_ALG_IS_DSA(alg) && !PSA_ALG_DSA_IS_DETERMINISTIC(alg))
1040 
1041 #define PSA_ALG_ECDSA_BASE ((psa_algorithm_t)0x10060000)
1042 
1062 #define PSA_ALG_ECDSA(hash_alg) \
1063  (PSA_ALG_ECDSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1064 
1073 #define PSA_ALG_ECDSA_ANY PSA_ALG_ECDSA_BASE
1074 #define PSA_ALG_DETERMINISTIC_ECDSA_BASE ((psa_algorithm_t)0x10070000)
1075 
1097 #define PSA_ALG_DETERMINISTIC_ECDSA(hash_alg) \
1098  (PSA_ALG_DETERMINISTIC_ECDSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1099 #define PSA_ALG_IS_ECDSA(alg) \
1100  (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == \
1101  PSA_ALG_ECDSA_BASE)
1102 #define PSA_ALG_ECDSA_IS_DETERMINISTIC(alg) \
1103  (((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)
1104 #define PSA_ALG_IS_DETERMINISTIC_ECDSA(alg) \
1105  (PSA_ALG_IS_ECDSA(alg) && PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))
1106 #define PSA_ALG_IS_RANDOMIZED_ECDSA(alg) \
1107  (PSA_ALG_IS_ECDSA(alg) && !PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))
1108 
1122 #define PSA_ALG_IS_HASH_AND_SIGN(alg) \
1123  (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \
1124  PSA_ALG_IS_DSA(alg) || PSA_ALG_IS_ECDSA(alg))
1125 
1144 #define PSA_ALG_SIGN_GET_HASH(alg) \
1145  (PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
1146  ((alg) & PSA_ALG_HASH_MASK) == 0 ? /*"raw" algorithm*/ 0 : \
1147  ((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \
1148  0)
1149 
1152 #define PSA_ALG_RSA_PKCS1V15_CRYPT ((psa_algorithm_t)0x12020000)
1153 
1154 #define PSA_ALG_RSA_OAEP_BASE ((psa_algorithm_t)0x12030000)
1155 
1169 #define PSA_ALG_RSA_OAEP(hash_alg) \
1170  (PSA_ALG_RSA_OAEP_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1171 #define PSA_ALG_IS_RSA_OAEP(alg) \
1172  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_OAEP_BASE)
1173 #define PSA_ALG_RSA_OAEP_GET_HASH(alg) \
1174  (PSA_ALG_IS_RSA_OAEP(alg) ? \
1175  ((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \
1176  0)
1177 
1178 #define PSA_ALG_HKDF_BASE ((psa_algorithm_t)0x20000100)
1179 
1199 #define PSA_ALG_HKDF(hash_alg) \
1200  (PSA_ALG_HKDF_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1201 
1212 #define PSA_ALG_IS_HKDF(alg) \
1213  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_BASE)
1214 #define PSA_ALG_HKDF_GET_HASH(hkdf_alg) \
1215  (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
1216 
1217 #define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x20000200)
1218 
1240 #define PSA_ALG_TLS12_PRF(hash_alg) \
1241  (PSA_ALG_TLS12_PRF_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1242 
1251 #define PSA_ALG_IS_TLS12_PRF(alg) \
1252  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PRF_BASE)
1253 #define PSA_ALG_TLS12_PRF_GET_HASH(hkdf_alg) \
1254  (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
1255 
1256 #define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t)0x20000300)
1257 
1280 #define PSA_ALG_TLS12_PSK_TO_MS(hash_alg) \
1281  (PSA_ALG_TLS12_PSK_TO_MS_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1282 
1291 #define PSA_ALG_IS_TLS12_PSK_TO_MS(alg) \
1292  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PSK_TO_MS_BASE)
1293 #define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg) \
1294  (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
1295 
1296 #define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t)0x080fffff)
1297 #define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t)0x10f00000)
1298 
1313 #define PSA_ALG_KEY_AGREEMENT(ka_alg, kdf_alg) \
1314  ((ka_alg) | (kdf_alg))
1315 
1316 #define PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) \
1317  (((alg) & PSA_ALG_KEY_DERIVATION_MASK) | PSA_ALG_CATEGORY_KEY_DERIVATION)
1318 
1319 #define PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) \
1320  (((alg) & PSA_ALG_KEY_AGREEMENT_MASK) | PSA_ALG_CATEGORY_KEY_AGREEMENT)
1321 
1336 #define PSA_ALG_IS_RAW_KEY_AGREEMENT(alg) \
1337  (PSA_ALG_IS_KEY_AGREEMENT(alg) && \
1338  PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) == PSA_ALG_CATEGORY_KEY_DERIVATION)
1339 
1340 #define PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT(alg) \
1341  ((PSA_ALG_IS_KEY_DERIVATION(alg) || PSA_ALG_IS_KEY_AGREEMENT(alg)))
1342 
1351 #define PSA_ALG_FFDH ((psa_algorithm_t)0x30100000)
1352 
1364 #define PSA_ALG_IS_FFDH(alg) \
1365  (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH)
1366 
1392 #define PSA_ALG_ECDH ((psa_algorithm_t)0x30200000)
1393 
1407 #define PSA_ALG_IS_ECDH(alg) \
1408  (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH)
1409 
1423 #define PSA_ALG_IS_WILDCARD(alg) \
1424  (PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
1425  PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH : \
1426  (alg) == PSA_ALG_ANY_HASH)
1427 
1437 #define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t)0x00000000)
1438 
1451 #define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001)
1452 
1470 #define PSA_KEY_USAGE_EXPORT ((psa_key_usage_t)0x00000001)
1471 
1481 #define PSA_KEY_USAGE_ENCRYPT ((psa_key_usage_t)0x00000100)
1482 
1492 #define PSA_KEY_USAGE_DECRYPT ((psa_key_usage_t)0x00000200)
1493 
1502 #define PSA_KEY_USAGE_SIGN ((psa_key_usage_t)0x00000400)
1503 
1512 #define PSA_KEY_USAGE_VERIFY ((psa_key_usage_t)0x00000800)
1513 
1516 #define PSA_KEY_USAGE_DERIVE ((psa_key_usage_t)0x00001000)
1517 
1528 #define PSA_KDF_STEP_SECRET ((psa_key_derivation_step_t)0x0101)
1529 
1534 #define PSA_KDF_STEP_LABEL ((psa_key_derivation_step_t)0x0201)
1535 
1540 #define PSA_KDF_STEP_SALT ((psa_key_derivation_step_t)0x0202)
1541 
1546 #define PSA_KDF_STEP_INFO ((psa_key_derivation_step_t)0x0203)
1547 
1550 #endif /* PSA_CRYPTO_VALUES_H */