TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 20035e357978a2cbd1f6915bec82534c386b25d0 / . / include / psa / crypto.h
blob: 3eee3822b5e395cdda624ed3cc3c660b6cb48b81 [file] [log] [blame]
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]1/**
2 * \file psa/crypto.h
3 * \brief Platform Security Architecture cryptography module
4 */
5
6#ifndef PSA_CRYPTO_H
7#define PSA_CRYPTO_H
8
9#include "crypto_platform.h"
10
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]11#include <stddef.h>
12
Gilles Peskine62a7e7e2018-02-07 21:54:47 +0100[diff] [blame]13#ifdef __DOXYGEN_ONLY__
14/** \defgroup platform Implementation-specific definitions
15 * @{
16 */
17
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]18/** \brief Key slot number.
19 *
20 * This type represents key slots. It must be an unsigned integral
21 * type.* The choice of type is implementation-dependent.
22 * 0 is not a valid key slot number. The meaning of other values is
23 * implementation dependent.
24 *
25 * At any given point in time, each key slot either contains a
26 * cryptographic object, or is empty. Key slots are persistent:
27 * once set, the cryptographic object remains in the key slot until
28 * explicitly destroyed.
29 */
30typedef _unsigned_integral_type_ psa_key_slot_t;
31
Gilles Peskine62a7e7e2018-02-07 21:54:47 +0100[diff] [blame]32/**@}*/
33#endif
34
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]35#ifdef __cplusplus
36extern "C" {
37#endif
38
39/** \defgroup basic Basic definitions
40 * @{
41 */
42
43/**
44 * \brief Function return status.
45 *
46 * Zero indicates success, anything else indicates an error.
47 */
48typedef enum {
49 /** The action was completed successfully. */
50 PSA_SUCCESS = 0,
51 /** The requested operation or a parameter is not supported
52 by this implementation. */
53 PSA_ERROR_NOT_SUPPORTED,
54 /** The requested action is denied by a policy. */
55 PSA_ERROR_NOT_PERMITTED,
56 /** An output buffer is too small. */
57 PSA_ERROR_BUFFER_TOO_SMALL,
58 /** A slot is occupied, but must be empty to carry out the
59 requested action. */
60 PSA_ERROR_OCCUPIED_SLOT,
61 /** A slot is empty, but must be occupied to carry out the
62 requested action. */
63 PSA_ERROR_EMPTY_SLOT,
64 /** The requested action cannot be performed in the current state. */
65 PSA_ERROR_BAD_STATE,
66 /** The parameters passed to the function are invalid. */
67 PSA_ERROR_INVALID_ARGUMENT,
68 /** There is not enough runtime memory. */
69 PSA_ERROR_INSUFFICIENT_MEMORY,
70 /** There is not enough persistent storage. */
71 PSA_ERROR_INSUFFICIENT_STORAGE,
72 /** There was a communication failure inside the implementation. */
73 PSA_ERROR_COMMUNICATION_FAILURE,
74 /** A hardware failure was detected. */
75 PSA_ERROR_HARDWARE_FAILURE,
76 /** A tampering attempt was detected. */
77 PSA_ERROR_TAMPERING_DETECTED,
78 /** There is not enough entropy to generate random data needed
79 for the requested action. */
80 PSA_ERROR_INSUFFICIENT_ENTROPY,
81 /** The signature or MAC is incorrect. */
82 PSA_ERROR_INVALID_SIGNATURE,
83 /** An error occurred that does not correspond to any defined
84 failure cause. */
85 PSA_ERROR_UNKNOWN_ERROR,
86} psa_status_t;
87
88/**
89 * \brief Library initialization.
90 *
91 * Applications must call this function before calling any other
92 * function in this module.
93 *
94 * Applications may call this function more than once. Once a call
95 * succeeds, subsequent calls are guaranteed to succeed.
96 *
97 * \return * \c PSA_SUCCESS: success.
98 * * \c PSA_ERROR_INSUFFICIENT_MEMORY
99 * * \c PSA_ERROR_COMMUNICATION_FAILURE
100 * * \c PSA_ERROR_HARDWARE_FAILURE
101 * * \c PSA_ERROR_TAMPERING_DETECTED
102 * * \c PSA_ERROR_INSUFFICIENT_ENTROPY
103 */
104psa_status_t psa_crypto_init(void);
105
106/**@}*/
107
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]108/** \defgroup crypto_types Key and algorithm types
109 * @{
110 */
111
112typedef uint32_t psa_key_type_t;
113
114#define PSA_KEY_TYPE_NONE 0x00000000
115#define PSA_KEY_TYPE_RAW_DATA 0x00000001
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]116#define PSA_KEY_TYPE_RSA_PUBLIC_KEY 0x40000001
117#define PSA_KEY_TYPE_RSA_KEYPAIR 0x60000001
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]118#define PSA_KEY_TYPE_ECC_BASE 0x40010000
119
120#define PSA_KEY_TYPE_VENDOR_FLAG 0x80000000
121#define PSA_KEY_TYPE_ASYMMETRIC_FLAG 0x40000000
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]122#define PSA_KEY_TYPE_ASYMMETRIC_MASK 0x60000000
123#define PSA_KEY_TYPE_ASYMMETRIC_MASK_PUBLIC 0x40000000
124#define PSA_KEY_TYPE_ASYMMETRIC_MASK_KEYPAIR 0x60000000
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]125#define PSA_KEY_TYPE_ECC_TEST_MASK 0x7fff0000
126#define PSA_KEY_TYPE_ECC_TEST_VALUE 0x40010000
127
128#define PSA_KEY_TYPE_IS_VENDOR(type) \
129 (((type) & PSA_KEY_TYPE_VENDOR_FLAG) != 0)
130#define PSA_KEY_TYPE_IS_ASYMMETRIC(type) \
131 (((type) & PSA_KEY_TYPE_ASYMMETRIC_FLAG) != 0)
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]132#define PSA_KEY_TYPE_IS_PUBLIC_KEY(type) \
133 (((type) & PSA_KEY_TYPE_ASYMMETRIC_MASK) == PSA_KEY_TYPE_ASYMMETRIC_MASK_PUBLIC)
134#define PSA_KEY_TYPE_IS_KEYPAIR(type) \
135 (((type) & PSA_KEY_TYPE_ASYMMETRIC_MASK) == PSA_KEY_TYPE_ASYMMETRIC_MASK_KEYPAIR)
136#define PSA_KEY_TYPE_IS_ECC(type) \
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]137 (((type) & PSA_KEY_TYPE_ECC_TEST_MASK) == PSA_KEY_TYPE_ECC_TEST_VALUE)
138
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame^]139typedef uint32_t psa_algorithm_t;
140
141#define PSA_ALG_HASH_BITS 0x01000000
142#define PSA_ALG_RSA_HASH_MASK 0x000000ff
143#define PSA_ALG_MD2 0x01000001
144#define PSA_ALG_MD4 0x01000002
145#define PSA_ALG_MD5 0x01000003
146#define PSA_ALG_SHA_256_128 0x01000004
147#define PSA_ALG_RIPEMD160 0x01000005
148#define PSA_ALG_SHA_1 0x01000006
149#define PSA_ALG_SHA_256_160 0x01000007
150#define PSA_ALG_SHA_224 0x01000008
151#define PSA_ALG_SHA_256 0x01000009
152#define PSA_ALG_SHA_384 0x0100000a
153#define PSA_ALG_SHA_512 0x0100000b
154#define PSA_ALG_SHA_512_224 0x0100000c
155#define PSA_ALG_SHA_512_256 0x0100000d
156#define PSA_ALG_SHA3_224 0x01000010
157#define PSA_ALG_SHA3_256 0x01000011
158#define PSA_ALG_SHA3_384 0x01000012
159#define PSA_ALG_SHA3_512 0x01000013
160
161#define PSA_ALG_RSA_PKCS1V15_RAW 0x40000100
162#define PSA_ALG_RSA_PSS_MGF1 0x40000200
163#define PSA_ALG_RSA_OAEP 0x40000300
164#define PSA_ALG_RSA_PKCS1V15(hash_alg) \
165 (PSA_ALG_RSA_PKCS1V15_RAW | ((hash_alg) & PSA_ALG_RSA_HASH_MASK))
166#define PSA_ALG_IS_RSA_PKCS1V15(alg) \
167 (((alg) & 0x7fffff00) == PSA_ALG_RSA_PKCS1V15_RAW)
168#define PSA_ALG_RSA_GET_HASH(alg) \
169 (((alg) & PSA_ALG_RSA_HASH_MASK) | PSA_ALG_HASH_BITS)
170
171#define PSA_ALG_VENDOR_FLAG 0x80000000
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]172
173/**@}*/
174
175/** \defgroup key_management Key management
176 * @{
177 */
178
179/**
180 * \brief Import a key in binary format.
181 *
182 * This function supports any output from psa_export_key().
183 *
184 * \return * \c PSA_SUCCESS: success.
185 * * \c PSA_ERROR_NOT_SUPPORTED
186 * * \c PSA_ERROR_INVALID_ARGUMENT
187 * * \c PSA_ERROR_INSUFFICIENT_MEMORY
188 * * \c PSA_ERROR_COMMUNICATION_FAILURE
189 * * \c PSA_ERROR_HARDWARE_FAILURE
190 * * \c PSA_ERROR_TAMPERING_DETECTED
191 */
192psa_status_t psa_import_key(psa_key_slot_t key,
193 psa_key_type_t type,
194 const uint8_t *data,
195 size_t data_length);
196
197/**
198 * \brief Destroy a key.
199 *
200 * \return * \c PSA_SUCCESS: success.
201 * * \c PSA_ERROR_EMPTY_SLOT
202 * * \c PSA_ERROR_COMMUNICATION_FAILURE
203 * * \c PSA_ERROR_HARDWARE_FAILURE
204 * * \c PSA_ERROR_TAMPERING_DETECTED
205 */
206psa_status_t psa_destroy_key(psa_key_slot_t key);
207
208/**
209 * \brief Get basic metadata about a key.
210 *
211 * \return * \c PSA_SUCCESS: success.
212 * * \c PSA_ERROR_EMPTY_SLOT
213 * * \c PSA_ERROR_COMMUNICATION_FAILURE
214 * * \c PSA_ERROR_HARDWARE_FAILURE
215 * * \c PSA_ERROR_TAMPERING_DETECTED
216 */
217psa_status_t psa_get_key_information(psa_key_slot_t key,
218 psa_key_type_t *type,
219 size_t *bits);
220
221/**
222 * \brief Export a key in binary format.
223 *
224 * The output of this function can be passed to psa_import_key() to
225 * create an equivalent object.
226 *
227 * If a key is created with psa_import_key() and then exported with
228 * this function, it is not guaranteed that the resulting data is
229 * identical: the implementation may choose a different representation
230 * of the same key.
231 *
232 * \return * \c PSA_SUCCESS: success.
233 * * \c PSA_ERROR_EMPTY_SLOT
234 * * \c PSA_ERROR_COMMUNICATION_FAILURE
235 * * \c PSA_ERROR_HARDWARE_FAILURE
236 * * \c PSA_ERROR_TAMPERING_DETECTED
237 */
238psa_status_t psa_export_key(psa_key_slot_t key,
239 uint8_t *data,
240 size_t data_size,
241 size_t *data_length);
242
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame^]243
244/**@}*/
245
246/** \defgroup asymmetric Asymmetric cryptography
247 * @{
248 */
249
250/**
251 * \brief Sign a hash or short message with a private key.
252 *
253 */
254psa_status_t psa_asymmetric_sign(psa_key_slot_t key,
255 psa_algorithm_t alg,
256 const uint8_t *hash,
257 size_t hash_length,
258 const uint8_t *salt,
259 size_t salt_length,
260 uint8_t *signature,
261 size_t signature_size,
262 size_t *signature_length);
263
264/**
265 * \brief Verify the signature a hash or short message using a public key.
266 *
267 */
268psa_status_t psa_asymmetric_verify(psa_key_slot_t key,
269 psa_algorithm_t alg,
270 const uint8_t *hash,
271 size_t hash_length,
272 const uint8_t *salt,
273 size_t salt_length,
274 uint8_t *signature,
275 size_t signature_size);
276
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]277/**@}*/
278
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]279#ifdef __cplusplus
280}
281#endif
282
283#include "crypto_extra.h"
284
285#endif /* PSA_CRYPTO_H */