PSA PAKE: Add cipher suite structure
PAKE protocols make use of a range of cryptographic schemes and
primitives. Standards allow for several options to use for each of them.
They call the combination of specific algorithms cipher suites,
configurations or options.
Cipher suites are represented by a separate data type for several
reasons:
1. To allow for individual PAKE protocols to provide pre-defined cipher
suites.
2. To organise cipher suites into a unit that can be handled separately
from the operation context. The PAKE operation flow is already
complex, will be even more so when key confirmation is added.
Handling them separately should reduce the surface of the interface
the application developer needs to pay attention at any given time.
Signed-off-by: Janos Follath <janos.follath@arm.com>
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 47012fd..a4e6cca 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -461,6 +461,39 @@
return( attributes->core.bits );
}
+struct psa_pake_cipher_suite_s
+{
+ psa_pake_primitive_t primitive;
+ psa_algorithm_t hash;
+ psa_algorithm_t algorithm1;
+ psa_pake_bits_t bits1;
+ psa_algorithm_t algorithm2;
+ psa_pake_bits_t bits2;
+ psa_pake_cipher_suite_options_t options;
+};
+
+static inline struct psa_pake_cipher_suite_s psa_pake_cipher_suite(
+ psa_pake_primitive_t primitive,
+ psa_algorithm_t hash,
+ psa_algorithm_t algorithm1,
+ psa_pake_bits_t bits1,
+ psa_algorithm_t algorithm2,
+ psa_pake_bits_t bits2,
+ psa_pake_cipher_suite_options_t options
+ )
+{
+ struct psa_pake_cipher_suite_s cipher_suite;
+
+ cipher_suite.primitive = primitive;
+ cipher_suite.hash = hash;
+ cipher_suite.algorithm1 = algorithm1;
+ cipher_suite.bits1 = bits1;
+ cipher_suite.algorithm2 = algorithm2;
+ cipher_suite.bits2 = bits2;
+ cipher_suite.options = options;
+
+ return cipher_suite;
+}
#ifdef __cplusplus
}
#endif