TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c66ea6a921a2cd63f446e06b80ebd7c3a6ff0c91 / . / include / psa / crypto.h
blob: 7e61565574ee5ad507eb0f522cc3cab7bdfb8336 [file] [log] [blame]
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]1/**
2 * \file psa/crypto.h
3 * \brief Platform Security Architecture cryptography module
4 */
5
6#ifndef PSA_CRYPTO_H
7#define PSA_CRYPTO_H
8
9#include "crypto_platform.h"
10
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]11#include <stddef.h>
12
Gilles Peskine62a7e7e2018-02-07 21:54:47 +0100[diff] [blame]13#ifdef __DOXYGEN_ONLY__
14/** \defgroup platform Implementation-specific definitions
15 * @{
16 */
17
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]18/** \brief Key slot number.
19 *
20 * This type represents key slots. It must be an unsigned integral
21 * type.* The choice of type is implementation-dependent.
22 * 0 is not a valid key slot number. The meaning of other values is
23 * implementation dependent.
24 *
25 * At any given point in time, each key slot either contains a
26 * cryptographic object, or is empty. Key slots are persistent:
27 * once set, the cryptographic object remains in the key slot until
28 * explicitly destroyed.
29 */
30typedef _unsigned_integral_type_ psa_key_slot_t;
31
Gilles Peskine62a7e7e2018-02-07 21:54:47 +0100[diff] [blame]32/**@}*/
33#endif
34
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]35#ifdef __cplusplus
36extern "C" {
37#endif
38
39/** \defgroup basic Basic definitions
40 * @{
41 */
42
43/**
44 * \brief Function return status.
45 *
46 * Zero indicates success, anything else indicates an error.
47 */
48typedef enum {
49 /** The action was completed successfully. */
50 PSA_SUCCESS = 0,
51 /** The requested operation or a parameter is not supported
52 by this implementation. */
53 PSA_ERROR_NOT_SUPPORTED,
54 /** The requested action is denied by a policy. */
55 PSA_ERROR_NOT_PERMITTED,
56 /** An output buffer is too small. */
57 PSA_ERROR_BUFFER_TOO_SMALL,
58 /** A slot is occupied, but must be empty to carry out the
59 requested action. */
60 PSA_ERROR_OCCUPIED_SLOT,
61 /** A slot is empty, but must be occupied to carry out the
62 requested action. */
63 PSA_ERROR_EMPTY_SLOT,
64 /** The requested action cannot be performed in the current state. */
65 PSA_ERROR_BAD_STATE,
66 /** The parameters passed to the function are invalid. */
67 PSA_ERROR_INVALID_ARGUMENT,
68 /** There is not enough runtime memory. */
69 PSA_ERROR_INSUFFICIENT_MEMORY,
70 /** There is not enough persistent storage. */
71 PSA_ERROR_INSUFFICIENT_STORAGE,
72 /** There was a communication failure inside the implementation. */
73 PSA_ERROR_COMMUNICATION_FAILURE,
74 /** A hardware failure was detected. */
75 PSA_ERROR_HARDWARE_FAILURE,
76 /** A tampering attempt was detected. */
77 PSA_ERROR_TAMPERING_DETECTED,
78 /** There is not enough entropy to generate random data needed
79 for the requested action. */
80 PSA_ERROR_INSUFFICIENT_ENTROPY,
81 /** The signature or MAC is incorrect. */
82 PSA_ERROR_INVALID_SIGNATURE,
83 /** An error occurred that does not correspond to any defined
84 failure cause. */
85 PSA_ERROR_UNKNOWN_ERROR,
86} psa_status_t;
87
88/**
89 * \brief Library initialization.
90 *
91 * Applications must call this function before calling any other
92 * function in this module.
93 *
94 * Applications may call this function more than once. Once a call
95 * succeeds, subsequent calls are guaranteed to succeed.
96 *
97 * \return * \c PSA_SUCCESS: success.
98 * * \c PSA_ERROR_INSUFFICIENT_MEMORY
99 * * \c PSA_ERROR_COMMUNICATION_FAILURE
100 * * \c PSA_ERROR_HARDWARE_FAILURE
101 * * \c PSA_ERROR_TAMPERING_DETECTED
102 * * \c PSA_ERROR_INSUFFICIENT_ENTROPY
103 */
104psa_status_t psa_crypto_init(void);
105
106/**@}*/
107
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]108/** \defgroup crypto_types Key and algorithm types
109 * @{
110 */
111
112typedef uint32_t psa_key_type_t;
113
114#define PSA_KEY_TYPE_NONE 0x00000000
115#define PSA_KEY_TYPE_RAW_DATA 0x00000001
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame^]116#define PSA_KEY_TYPE_RSA_PUBLIC_KEY 0x40000001
117#define PSA_KEY_TYPE_RSA_KEYPAIR 0x60000001
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]118#define PSA_KEY_TYPE_ECC_BASE 0x40010000
119
120#define PSA_KEY_TYPE_VENDOR_FLAG 0x80000000
121#define PSA_KEY_TYPE_ASYMMETRIC_FLAG 0x40000000
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame^]122#define PSA_KEY_TYPE_ASYMMETRIC_MASK 0x60000000
123#define PSA_KEY_TYPE_ASYMMETRIC_MASK_PUBLIC 0x40000000
124#define PSA_KEY_TYPE_ASYMMETRIC_MASK_KEYPAIR 0x60000000
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]125#define PSA_KEY_TYPE_ECC_TEST_MASK 0x7fff0000
126#define PSA_KEY_TYPE_ECC_TEST_VALUE 0x40010000
127
128#define PSA_KEY_TYPE_IS_VENDOR(type) \
129 (((type) & PSA_KEY_TYPE_VENDOR_FLAG) != 0)
130#define PSA_KEY_TYPE_IS_ASYMMETRIC(type) \
131 (((type) & PSA_KEY_TYPE_ASYMMETRIC_FLAG) != 0)
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame^]132#define PSA_KEY_TYPE_IS_PUBLIC_KEY(type) \
133 (((type) & PSA_KEY_TYPE_ASYMMETRIC_MASK) == PSA_KEY_TYPE_ASYMMETRIC_MASK_PUBLIC)
134#define PSA_KEY_TYPE_IS_KEYPAIR(type) \
135 (((type) & PSA_KEY_TYPE_ASYMMETRIC_MASK) == PSA_KEY_TYPE_ASYMMETRIC_MASK_KEYPAIR)
136#define PSA_KEY_TYPE_IS_ECC(type) \
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]137 (((type) & PSA_KEY_TYPE_ECC_TEST_MASK) == PSA_KEY_TYPE_ECC_TEST_VALUE)
138
139typedef uint32_t psa_algorithm_type_t;
140
141/**@}*/
142
143/** \defgroup key_management Key management
144 * @{
145 */
146
147/**
148 * \brief Import a key in binary format.
149 *
150 * This function supports any output from psa_export_key().
151 *
152 * \return * \c PSA_SUCCESS: success.
153 * * \c PSA_ERROR_NOT_SUPPORTED
154 * * \c PSA_ERROR_INVALID_ARGUMENT
155 * * \c PSA_ERROR_INSUFFICIENT_MEMORY
156 * * \c PSA_ERROR_COMMUNICATION_FAILURE
157 * * \c PSA_ERROR_HARDWARE_FAILURE
158 * * \c PSA_ERROR_TAMPERING_DETECTED
159 */
160psa_status_t psa_import_key(psa_key_slot_t key,
161 psa_key_type_t type,
162 const uint8_t *data,
163 size_t data_length);
164
165/**
166 * \brief Destroy a key.
167 *
168 * \return * \c PSA_SUCCESS: success.
169 * * \c PSA_ERROR_EMPTY_SLOT
170 * * \c PSA_ERROR_COMMUNICATION_FAILURE
171 * * \c PSA_ERROR_HARDWARE_FAILURE
172 * * \c PSA_ERROR_TAMPERING_DETECTED
173 */
174psa_status_t psa_destroy_key(psa_key_slot_t key);
175
176/**
177 * \brief Get basic metadata about a key.
178 *
179 * \return * \c PSA_SUCCESS: success.
180 * * \c PSA_ERROR_EMPTY_SLOT
181 * * \c PSA_ERROR_COMMUNICATION_FAILURE
182 * * \c PSA_ERROR_HARDWARE_FAILURE
183 * * \c PSA_ERROR_TAMPERING_DETECTED
184 */
185psa_status_t psa_get_key_information(psa_key_slot_t key,
186 psa_key_type_t *type,
187 size_t *bits);
188
189/**
190 * \brief Export a key in binary format.
191 *
192 * The output of this function can be passed to psa_import_key() to
193 * create an equivalent object.
194 *
195 * If a key is created with psa_import_key() and then exported with
196 * this function, it is not guaranteed that the resulting data is
197 * identical: the implementation may choose a different representation
198 * of the same key.
199 *
200 * \return * \c PSA_SUCCESS: success.
201 * * \c PSA_ERROR_EMPTY_SLOT
202 * * \c PSA_ERROR_COMMUNICATION_FAILURE
203 * * \c PSA_ERROR_HARDWARE_FAILURE
204 * * \c PSA_ERROR_TAMPERING_DETECTED
205 */
206psa_status_t psa_export_key(psa_key_slot_t key,
207 uint8_t *data,
208 size_t data_size,
209 size_t *data_length);
210
211/**@}*/
212
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]213#ifdef __cplusplus
214}
215#endif
216
217#include "crypto_extra.h"
218
219#endif /* PSA_CRYPTO_H */