Platform Security Architecture — cryptography and keystore interface  beta 2 — 2019-02-22
crypto.h
Go to the documentation of this file.
1 
5 /*
6  * Copyright (C) 2018, ARM Limited, All Rights Reserved
7  * SPDX-License-Identifier: Apache-2.0
8  *
9  * Licensed under the Apache License, Version 2.0 (the "License"); you may
10  * not use this file except in compliance with the License.
11  * You may obtain a copy of the License at
12  *
13  * http://www.apache.org/licenses/LICENSE-2.0
14  *
15  * Unless required by applicable law or agreed to in writing, software
16  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18  * See the License for the specific language governing permissions and
19  * limitations under the License.
20  */
21 
22 #ifndef PSA_CRYPTO_H
23 #define PSA_CRYPTO_H
24 
25 #include "crypto_platform.h"
26 
27 #include <stddef.h>
28 
29 #ifdef __DOXYGEN_ONLY__
30 /* This __DOXYGEN_ONLY__ block contains mock definitions for things that
31  * must be defined in the crypto_platform.h header. These mock definitions
32  * are present in this file as a convenience to generate pretty-printed
33  * documentation that includes those definitions. */
34 
47 typedef _unsigned_integral_type_ psa_key_handle_t;
48 
50 #endif /* __DOXYGEN_ONLY__ */
51 
52 #ifdef __cplusplus
53 extern "C" {
54 #endif
55 
56 /* The file "crypto_types.h" declares types that encode errors,
57  * algorithms, key types, policies, etc. */
58 #include "crypto_types.h"
59 
60 /* The file "crypto_values.h" declares macros to build and analyze values
61  * of integral types defined in "crypto_types.h". */
62 #include "crypto_values.h"
63 
93 
128 typedef struct psa_key_policy_s psa_key_policy_t;
129 
135 #ifdef __DOXYGEN_ONLY__
136 /* This is an example definition for documentation purposes.
137  * Implementations should define a suitable value in `crypto_struct.h`.
138  */
139 #define PSA_KEY_POLICY_INIT {0}
140 #endif
141 
144 static psa_key_policy_t psa_key_policy_init(void);
145 
159  psa_key_usage_t usage,
160  psa_algorithm_t alg);
161 
169 
177 
208  const psa_key_policy_t *policy);
209 
226  psa_key_policy_t *policy);
227 
251  psa_key_lifetime_t *lifetime);
252 
253 
271 
302  psa_key_id_t id,
303  psa_key_handle_t *handle);
304 
339  psa_key_id_t id,
340  psa_key_handle_t *handle);
341 
361 
421  psa_key_type_t type,
422  const uint8_t *data,
423  size_t data_length);
424 
465 
490  psa_key_type_t *type,
491  size_t *bits);
492 
557  psa_key_type_t type,
558  const uint8_t *data,
559  size_t data_length);
560 
589  uint8_t *data,
590  size_t data_size,
591  size_t *data_length);
592 
676  uint8_t *data,
677  size_t data_size,
678  size_t *data_length);
679 
745  uint8_t *data,
746  size_t data_size,
747  size_t *data_length);
748 
811  psa_key_handle_t target_handle,
812  const psa_key_policy_t *constraint);
813 
845  const uint8_t *input,
846  size_t input_length,
847  uint8_t *hash,
848  size_t hash_size,
849  size_t *hash_length);
850 
874  const uint8_t *input,
875  size_t input_length,
876  const uint8_t *hash,
877  const size_t hash_length);
878 
907 typedef struct psa_hash_operation_s psa_hash_operation_t;
908 
914 #ifdef __DOXYGEN_ONLY__
915 /* This is an example definition for documentation purposes.
916  * Implementations should define a suitable value in `crypto_struct.h`.
917  */
918 #define PSA_HASH_OPERATION_INIT {0}
919 #endif
920 
923 static psa_hash_operation_t psa_hash_operation_init(void);
924 
965  psa_algorithm_t alg);
966 
987  const uint8_t *input,
988  size_t input_length);
989 
1028  uint8_t *hash,
1029  size_t hash_size,
1030  size_t *hash_length);
1031 
1064  const uint8_t *hash,
1065  size_t hash_length);
1066 
1095 
1120 psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
1121  psa_hash_operation_t *target_operation);
1122 
1168  psa_algorithm_t alg,
1169  const uint8_t *input,
1170  size_t input_length,
1171  uint8_t *mac,
1172  size_t mac_size,
1173  size_t *mac_length);
1174 
1203  psa_algorithm_t alg,
1204  const uint8_t *input,
1205  size_t input_length,
1206  const uint8_t *mac,
1207  const size_t mac_length);
1208 
1237 typedef struct psa_mac_operation_s psa_mac_operation_t;
1238 
1244 #ifdef __DOXYGEN_ONLY__
1245 /* This is an example definition for documentation purposes.
1246  * Implementations should define a suitable value in `crypto_struct.h`.
1247  */
1248 #define PSA_MAC_OPERATION_INIT {0}
1249 #endif
1250 
1253 static psa_mac_operation_t psa_mac_operation_init(void);
1254 
1310  psa_key_handle_t handle,
1311  psa_algorithm_t alg);
1312 
1367  psa_key_handle_t handle,
1368  psa_algorithm_t alg);
1369 
1392  const uint8_t *input,
1393  size_t input_length);
1394 
1434  uint8_t *mac,
1435  size_t mac_size,
1436  size_t *mac_length);
1437 
1470  const uint8_t *mac,
1471  size_t mac_length);
1472 
1502 
1545  psa_algorithm_t alg,
1546  const uint8_t *input,
1547  size_t input_length,
1548  uint8_t *output,
1549  size_t output_size,
1550  size_t *output_length);
1551 
1587  psa_algorithm_t alg,
1588  const uint8_t *input,
1589  size_t input_length,
1590  uint8_t *output,
1591  size_t output_size,
1592  size_t *output_length);
1593 
1622 typedef struct psa_cipher_operation_s psa_cipher_operation_t;
1623 
1629 #ifdef __DOXYGEN_ONLY__
1630 /* This is an example definition for documentation purposes.
1631  * Implementations should define a suitable value in `crypto_struct.h`.
1632  */
1633 #define PSA_CIPHER_OPERATION_INIT {0}
1634 #endif
1635 
1638 static psa_cipher_operation_t psa_cipher_operation_init(void);
1639 
1696  psa_key_handle_t handle,
1697  psa_algorithm_t alg);
1698 
1755  psa_key_handle_t handle,
1756  psa_algorithm_t alg);
1757 
1787  unsigned char *iv,
1788  size_t iv_size,
1789  size_t *iv_length);
1790 
1822  const unsigned char *iv,
1823  size_t iv_length);
1824 
1858  const uint8_t *input,
1859  size_t input_length,
1860  unsigned char *output,
1861  size_t output_size,
1862  size_t *output_length);
1863 
1896  uint8_t *output,
1897  size_t output_size,
1898  size_t *output_length);
1899 
1929 
1983  psa_algorithm_t alg,
1984  const uint8_t *nonce,
1985  size_t nonce_length,
1986  const uint8_t *additional_data,
1987  size_t additional_data_length,
1988  const uint8_t *plaintext,
1989  size_t plaintext_length,
1990  uint8_t *ciphertext,
1991  size_t ciphertext_size,
1992  size_t *ciphertext_length);
1993 
2041  psa_algorithm_t alg,
2042  const uint8_t *nonce,
2043  size_t nonce_length,
2044  const uint8_t *additional_data,
2045  size_t additional_data_length,
2046  const uint8_t *ciphertext,
2047  size_t ciphertext_length,
2048  uint8_t *plaintext,
2049  size_t plaintext_size,
2050  size_t *plaintext_length);
2051 
2080 typedef struct psa_aead_operation_s psa_aead_operation_t;
2081 
2087 #ifdef __DOXYGEN_ONLY__
2088 /* This is an example definition for documentation purposes.
2089  * Implementations should define a suitable value in `crypto_struct.h`.
2090  */
2091 #define PSA_AEAD_OPERATION_INIT {0}
2092 #endif
2093 
2096 static psa_aead_operation_t psa_aead_operation_init(void);
2097 
2160  psa_key_handle_t handle,
2161  psa_algorithm_t alg);
2162 
2222  psa_key_handle_t handle,
2223  psa_algorithm_t alg);
2224 
2255  unsigned char *nonce,
2256  size_t nonce_size,
2257  size_t *nonce_length);
2258 
2289  const unsigned char *nonce,
2290  size_t nonce_length);
2291 
2327  size_t ad_length,
2328  size_t plaintext_length);
2329 
2369  const uint8_t *input,
2370  size_t input_length);
2371 
2426  const uint8_t *input,
2427  size_t input_length,
2428  unsigned char *output,
2429  size_t output_size,
2430  size_t *output_length);
2431 
2485  uint8_t *ciphertext,
2486  size_t ciphertext_size,
2487  size_t *ciphertext_length,
2488  uint8_t *tag,
2489  size_t tag_size,
2490  size_t *tag_length);
2491 
2528  const uint8_t *tag,
2529  size_t tag_length);
2530 
2560 
2607  psa_algorithm_t alg,
2608  const uint8_t *hash,
2609  size_t hash_length,
2610  uint8_t *signature,
2611  size_t signature_size,
2612  size_t *signature_length);
2613 
2650  psa_algorithm_t alg,
2651  const uint8_t *hash,
2652  size_t hash_length,
2653  const uint8_t *signature,
2654  size_t signature_length);
2655 
2704  psa_algorithm_t alg,
2705  const uint8_t *input,
2706  size_t input_length,
2707  const uint8_t *salt,
2708  size_t salt_length,
2709  uint8_t *output,
2710  size_t output_size,
2711  size_t *output_length);
2712 
2761  psa_algorithm_t alg,
2762  const uint8_t *input,
2763  size_t input_length,
2764  const uint8_t *salt,
2765  size_t salt_length,
2766  uint8_t *output,
2767  size_t output_size,
2768  size_t *output_length);
2769 
2805 typedef struct psa_crypto_generator_s psa_crypto_generator_t;
2806 
2812 #ifdef __DOXYGEN_ONLY__
2813 /* This is an example definition for documentation purposes.
2814  * Implementations should define a suitable value in `crypto_struct.h`.
2815  */
2816 #define PSA_CRYPTO_GENERATOR_INIT {0}
2817 #endif
2818 
2821 static psa_crypto_generator_t psa_crypto_generator_init(void);
2822 
2836  size_t *capacity);
2837 
2852  size_t capacity);
2853 
2880  uint8_t *output,
2881  size_t output_length);
2882 
2933  psa_key_type_t type,
2934  size_t bits,
2935  psa_crypto_generator_t *generator);
2936 
2960 
2968 #define PSA_GENERATOR_UNBRIDLED_CAPACITY ((size_t)(-1))
2969 
3017  psa_algorithm_t alg);
3018 
3056  const uint8_t *data,
3057  size_t data_length);
3058 
3101  psa_key_handle_t handle);
3102 
3158  psa_key_handle_t private_key,
3159  const uint8_t *peer_key,
3160  size_t peer_key_length);
3161 
3211  psa_key_handle_t private_key,
3212  const uint8_t *peer_key,
3213  size_t peer_key_length,
3214  uint8_t *output,
3215  size_t output_size,
3216  size_t *output_length);
3217 
3247 psa_status_t psa_generate_random(uint8_t *output,
3248  size_t output_size);
3249 
3255 typedef struct {
3256  uint32_t e;
3258 
3325  psa_key_type_t type,
3326  size_t bits,
3327  const void *extra,
3328  size_t extra_size);
3329 
3332 #ifdef __cplusplus
3333 }
3334 #endif
3335 
3336 /* The file "crypto_sizes.h" contains definitions for size calculation
3337  * macros whose definitions are implementation-specific. */
3338 #include "crypto_sizes.h"
3339 
3340 /* The file "crypto_struct.h" contains definitions for
3341  * implementation-specific structs that are declared above. */
3342 #include "crypto_struct.h"
3343 
3344 /* The file "crypto_extra.h" contains vendor-specific definitions. This
3345  * can include vendor-defined algorithms, extra functions, etc. */
3346 #include "crypto_extra.h"
3347 
3348 #endif /* PSA_CRYPTO_H */
psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, psa_key_handle_t handle, psa_algorithm_t alg)
psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation, const uint8_t *mac, size_t mac_length)
psa_status_t psa_generate_random(uint8_t *output, size_t output_size)
Generate random bytes.
psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation, unsigned char *nonce, size_t nonce_size, size_t *nonce_length)
psa_status_t psa_export_key(psa_key_handle_t handle, uint8_t *data, size_t data_size, size_t *data_length)
Export a key in binary format.
psa_status_t psa_allocate_key(psa_key_handle_t *handle)
psa_status_t psa_asymmetric_verify(psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length)
Verify the signature a hash or short message using a public key.
psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, psa_key_handle_t handle, psa_algorithm_t alg)
psa_key_usage_t psa_key_policy_get_usage(const psa_key_policy_t *policy)
Retrieve the usage field of a policy structure.
psa_status_t psa_key_agreement_raw_shared_secret(psa_algorithm_t alg, psa_key_handle_t private_key, const uint8_t *peer_key, size_t peer_key_length, uint8_t *output, size_t output_size, size_t *output_length)
psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, psa_key_handle_t handle, psa_algorithm_t alg)
psa_status_t psa_mac_verify(psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *mac, const size_t mac_length)
psa_status_t psa_generate_key(psa_key_handle_t handle, psa_key_type_t type, size_t bits, const void *extra, size_t extra_size)
Generate a key or key pair.
psa_status_t psa_close_key(psa_key_handle_t handle)
psa_status_t psa_cipher_decrypt(psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length)
psa_status_t psa_export_public_key(psa_key_handle_t handle, uint8_t *data, size_t data_size, size_t *data_length)
Export a public key or the public part of a key pair in binary format.
struct psa_aead_operation_s psa_aead_operation_t
Definition: crypto.h:2080
psa_status_t psa_key_derivation_input_bytes(psa_crypto_generator_t *generator, psa_key_derivation_step_t step, const uint8_t *data, size_t data_length)
psa_status_t psa_get_key_domain_parameters(psa_key_handle_t handle, uint8_t *data, size_t data_size, size_t *data_length)
Get domain parameters for a key.
PSA cryptography module: type aliases.
psa_status_t psa_copy_key(psa_key_handle_t source_handle, psa_key_handle_t target_handle, const psa_key_policy_t *constraint)
psa_status_t psa_generator_abort(psa_crypto_generator_t *generator)
uint16_t psa_key_derivation_step_t
Encoding of the step of a key derivation.
Definition: crypto_types.h:106
uint32_t psa_key_id_t
Definition: crypto_types.h:88
psa_status_t psa_hash_compute(psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *hash, size_t hash_size, size_t *hash_length)
psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, const uint8_t *input, size_t input_length, unsigned char *output, size_t output_size, size_t *output_length)
psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation, const unsigned char *iv, size_t iv_length)
psa_status_t psa_generator_read(psa_crypto_generator_t *generator, uint8_t *output, size_t output_length)
psa_status_t psa_hash_update(psa_hash_operation_t *operation, const uint8_t *input, size_t input_length)
psa_status_t psa_hash_compare(psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *hash, const size_t hash_length)
psa_status_t psa_aead_finish(psa_aead_operation_t *operation, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length, uint8_t *tag, size_t tag_size, size_t *tag_length)
psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length)
Encrypt a short message with a public key.
psa_status_t psa_asymmetric_decrypt(psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length)
Decrypt a short message with a private key.
PSA cryptography module: macros to build and analyze integer values.
psa_status_t psa_set_key_domain_parameters(psa_key_handle_t handle, psa_key_type_t type, const uint8_t *data, size_t data_length)
Set domain parameters for a key.
psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation, uint8_t *mac, size_t mac_size, size_t *mac_length)
psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length)
psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, psa_key_handle_t handle, psa_algorithm_t alg)
psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, unsigned char *iv, size_t iv_size, size_t *iv_length)
psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation, const uint8_t *input, size_t input_length)
psa_status_t psa_hash_verify(psa_hash_operation_t *operation, const uint8_t *hash, size_t hash_length)
psa_status_t psa_key_derivation_input_key(psa_crypto_generator_t *generator, psa_key_derivation_step_t step, psa_key_handle_t handle)
psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation, size_t ad_length, size_t plaintext_length)
psa_status_t psa_aead_decrypt(psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length)
psa_status_t psa_generator_import_key(psa_key_handle_t handle, psa_key_type_t type, size_t bits, psa_crypto_generator_t *generator)
psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, psa_hash_operation_t *target_operation)
psa_status_t psa_get_key_policy(psa_key_handle_t handle, psa_key_policy_t *policy)
Get the usage policy for a key slot.
uint32_t e
Definition: crypto.h:3256
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: crypto_types.h:74
struct psa_hash_operation_s psa_hash_operation_t
Definition: crypto.h:907
psa_status_t psa_aead_encrypt(psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *plaintext, size_t plaintext_length, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length)
psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
psa_status_t psa_hash_setup(psa_hash_operation_t *operation, psa_algorithm_t alg)
psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation, psa_key_handle_t handle, psa_algorithm_t alg)
uint32_t psa_key_usage_t
Encoding of permitted usage on a key.
Definition: crypto_types.h:97
struct psa_key_policy_s psa_key_policy_t
Definition: crypto.h:128
psa_status_t psa_destroy_key(psa_key_handle_t handle)
Destroy a key.
void psa_key_policy_set_usage(psa_key_policy_t *policy, psa_key_usage_t usage, psa_algorithm_t alg)
Set the standard fields of a policy structure.
psa_status_t psa_crypto_init(void)
Library initialization.
_unsigned_integral_type_ psa_key_handle_t
Key handle.
Definition: crypto.h:47
psa_status_t psa_mac_compute(psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *mac, size_t mac_size, size_t *mac_length)
PSA cryptography module: Mbed TLS buffer size macros.
psa_status_t psa_key_agreement(psa_crypto_generator_t *generator, psa_key_derivation_step_t step, psa_key_handle_t private_key, const uint8_t *peer_key, size_t peer_key_length)
psa_status_t psa_open_key(psa_key_lifetime_t lifetime, psa_key_id_t id, psa_key_handle_t *handle)
psa_status_t psa_mac_update(psa_mac_operation_t *operation, const uint8_t *input, size_t input_length)
psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation, const unsigned char *nonce, size_t nonce_length)
psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
psa_status_t psa_get_key_lifetime(psa_key_handle_t handle, psa_key_lifetime_t *lifetime)
Retrieve the lifetime of an open key.
psa_status_t psa_aead_update(psa_aead_operation_t *operation, const uint8_t *input, size_t input_length, unsigned char *output, size_t output_size, size_t *output_length)
struct psa_cipher_operation_s psa_cipher_operation_t
Definition: crypto.h:1622
uint32_t psa_key_type_t
Encoding of a key type.
Definition: crypto_types.h:61
psa_status_t psa_aead_verify(psa_aead_operation_t *operation, const uint8_t *tag, size_t tag_length)
struct psa_mac_operation_s psa_mac_operation_t
Definition: crypto.h:1237
psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy)
Retrieve the algorithm field of a policy structure.
uint32_t psa_key_lifetime_t
Definition: crypto_types.h:84
psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator, size_t *capacity)
psa_status_t psa_set_key_policy(psa_key_handle_t handle, const psa_key_policy_t *policy)
Set the usage policy on a key slot.
psa_status_t psa_create_key(psa_key_lifetime_t lifetime, psa_key_id_t id, psa_key_handle_t *handle)
psa_status_t psa_import_key(psa_key_handle_t handle, psa_key_type_t type, const uint8_t *data, size_t data_length)
Import a key in binary format.
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:51
psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
psa_status_t psa_set_generator_capacity(psa_crypto_generator_t *generator, size_t capacity)
psa_status_t psa_cipher_encrypt(psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length)
psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, psa_key_handle_t handle, psa_algorithm_t alg)
psa_status_t psa_key_derivation_setup(psa_crypto_generator_t *generator, psa_algorithm_t alg)
psa_status_t psa_get_key_information(psa_key_handle_t handle, psa_key_type_t *type, size_t *bits)
Get basic metadata about a key.
psa_status_t psa_asymmetric_sign(psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length)
Sign a hash or short message with a private key.
struct psa_crypto_generator_s psa_crypto_generator_t
Definition: crypto.h:2805
psa_status_t psa_hash_finish(psa_hash_operation_t *operation, uint8_t *hash, size_t hash_size, size_t *hash_length)
Definition: crypto.h:3255