crypto.h
Go to the documentation of this file.
1 /*
2  * SPDX-FileCopyrightText: 2021 HAW Hamburg
3  * SPDX-License-Identifier: LGPL-2.1-only
4  */
5 
6 #pragma once
7 
21 #ifdef __cplusplus
22 extern "C" {
23 #endif
24 
25 #include <stdlib.h>
26 #include <string.h>
27 
28 #include "kernel_defines.h"
29 
30 #if IS_USED(MODULE_PSA_SECURE_ELEMENT_CONFIG)
31 #include "psa/crypto_se_config.h"
32 #endif
33 
34 #include "crypto_sizes.h"
35 #include "crypto_struct.h"
36 #include "crypto_values.h"
37 #include "crypto_types.h"
38 
42 #define PSA_CRYPTO_API_VERSION_MAJOR 1
43 
47 #define PSA_CRYPTO_API_VERSION_MINOR 1
48 
55 const char *psa_status_to_humanly_readable(psa_status_t status);
56 
80 psa_status_t psa_crypto_init(void);
81 
82 #if IS_USED(MODULE_PSA_AEAD) || defined(DOXYGEN)
138 psa_status_t psa_aead_encrypt(psa_key_id_t key,
139  psa_algorithm_t alg,
140  const uint8_t *nonce,
141  size_t nonce_length,
142  const uint8_t *additional_data,
143  size_t additional_data_length,
144  const uint8_t *plaintext,
145  size_t plaintext_length,
146  uint8_t *ciphertext,
147  size_t ciphertext_size,
148  size_t *ciphertext_length);
149 
205 psa_status_t psa_aead_decrypt(psa_key_id_t key,
206  psa_algorithm_t alg,
207  const uint8_t *nonce,
208  size_t nonce_length,
209  const uint8_t *additional_data,
210  size_t additional_data_length,
211  const uint8_t *ciphertext,
212  size_t ciphertext_length,
213  uint8_t *plaintext,
214  size_t plaintext_size,
215  size_t *plaintext_length);
216 
274 psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
275  psa_key_id_t key,
276  psa_algorithm_t alg);
277 
335 psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
336  psa_key_id_t key,
337  psa_algorithm_t alg);
338 
374 psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
375  size_t ad_length,
376  size_t plaintext_length);
377 
423 psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
424  uint8_t *nonce,
425  size_t nonce_size,
426  size_t *nonce_length);
427 
471 psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
472  const uint8_t *nonce,
473  size_t nonce_length);
474 
517 psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
518  const uint8_t *input,
519  size_t input_length);
520 
586 psa_status_t psa_aead_update(psa_aead_operation_t *operation,
587  const uint8_t *input,
588  size_t input_length,
589  uint8_t *output,
590  size_t output_size,
591  size_t *output_length);
592 
660 psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
661  uint8_t *ciphertext,
662  size_t ciphertext_size,
663  size_t *ciphertext_length,
664  uint8_t *tag,
665  size_t tag_size,
666  size_t *tag_length);
667 
734 psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
735  uint8_t *plaintext,
736  size_t plaintext_size,
737  size_t *plaintext_length,
738  const uint8_t *tag,
739  size_t tag_length);
740 
766 psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
767 #endif /* MODULE_PSA_AEAD */
768 
769 #if IS_USED(MODULE_PSA_ASYMMETRIC) || defined(DOXYGEN)
821 psa_status_t psa_asymmetric_encrypt(psa_key_id_t key,
822  psa_algorithm_t alg,
823  const uint8_t *input,
824  size_t input_length,
825  const uint8_t *salt,
826  size_t salt_length,
827  uint8_t *output,
828  size_t output_size,
829  size_t *output_length);
830 
883 psa_status_t psa_asymmetric_decrypt(psa_key_id_t key,
884  psa_algorithm_t alg,
885  const uint8_t *input,
886  size_t input_length,
887  const uint8_t *salt,
888  size_t salt_length,
889  uint8_t *output,
890  size_t output_size,
891  size_t *output_length);
892 #endif /* MODULE_PSA_ASYMMETRIC */
893 
894 #if IS_USED(MODULE_PSA_CIPHER) || defined(DOXYGEN)
918 psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation);
919 
983 psa_status_t psa_cipher_decrypt(psa_key_id_t key,
984  psa_algorithm_t alg,
985  const uint8_t *input,
986  size_t input_length,
987  uint8_t *output,
988  size_t output_size,
989  size_t *output_length);
990 
1046 psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
1047  psa_key_id_t key,
1048  psa_algorithm_t alg);
1049 
1107 psa_status_t psa_cipher_encrypt(psa_key_id_t key,
1108  psa_algorithm_t alg,
1109  const uint8_t *input,
1110  size_t input_length,
1111  uint8_t *output,
1112  size_t output_size,
1113  size_t *output_length);
1114 
1172 psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
1173  psa_key_id_t key,
1174  psa_algorithm_t alg);
1175 
1228 psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
1229  uint8_t *output,
1230  size_t output_size,
1231  size_t *output_length);
1232 
1282 psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
1283  uint8_t *iv,
1284  size_t iv_size,
1285  size_t *iv_length);
1286 
1329 psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
1330  const uint8_t *iv,
1331  size_t iv_length);
1332 
1383 psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
1384  const uint8_t *input,
1385  size_t input_length,
1386  uint8_t *output,
1387  size_t output_size,
1388  size_t *output_length);
1389 #endif /* MODULE_PSA_CIPHER */
1390 
1391 #if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
1483 psa_status_t psa_copy_key(psa_key_id_t source_key,
1484  const psa_key_attributes_t *attributes,
1485  psa_key_id_t *target_key);
1486 
1538 psa_status_t psa_destroy_key(psa_key_id_t key);
1539 
1647 psa_status_t psa_export_key(psa_key_id_t key,
1648  uint8_t *data,
1649  size_t data_size,
1650  size_t *data_length);
1651 
1732 psa_status_t psa_export_public_key(psa_key_id_t key,
1733  uint8_t *data,
1734  size_t data_size,
1735  size_t *data_length);
1736 
1743 psa_status_t psa_builtin_generate_key(const psa_key_attributes_t *attributes, uint8_t *key_buffer,
1744  size_t key_buffer_size, size_t *key_buffer_length);
1745 
1801 psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
1802  psa_key_id_t *key);
1803 #endif /* MODULE_PSA_KEY_MANAGEMENT */
1804 
1817 psa_status_t psa_builtin_generate_random( uint8_t *output,
1818  size_t output_size);
1819 
1842 psa_status_t psa_generate_random(uint8_t *output,
1843  size_t output_size);
1844 
1845 #if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
1856 static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
1857  psa_algorithm_t alg)
1858 {
1859  attributes->policy.alg = alg;
1860 }
1861 
1869 static inline psa_algorithm_t psa_get_key_algorithm(const psa_key_attributes_t *attributes)
1870 {
1871  return attributes->policy.alg;
1872 }
1873 
1884 static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
1885  size_t bits)
1886 {
1887  attributes->bits = bits;
1888 }
1889 
1897 static inline size_t psa_get_key_bits(const psa_key_attributes_t *attributes)
1898 {
1899  return attributes->bits;
1900 }
1901 
1918 static inline void psa_set_key_id(psa_key_attributes_t *attributes, psa_key_id_t id)
1919 {
1920  attributes->id = id;
1921 }
1922 
1932 static inline psa_key_id_t psa_get_key_id(const psa_key_attributes_t *attributes)
1933 {
1934  return attributes->id;
1935 }
1936 
1955 static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
1956  psa_key_lifetime_t lifetime)
1957 {
1958  attributes->lifetime = lifetime;
1959 }
1960 
1968 static inline psa_key_lifetime_t psa_get_key_lifetime(const psa_key_attributes_t *attributes)
1969 {
1970  return attributes->lifetime;
1971 }
1972 
1982 static inline void psa_set_key_type(psa_key_attributes_t *attributes,
1983  psa_key_type_t type)
1984 {
1985  attributes->type = type;
1986 }
1987 
1995 static inline psa_key_type_t psa_get_key_type(const psa_key_attributes_t *attributes)
1996 {
1997  return attributes->type;
1998 }
1999 
2011 static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
2012  psa_key_usage_t usage_flags)
2013 {
2014  attributes->policy.usage = usage_flags;
2015 }
2016 
2024 static inline psa_key_usage_t psa_get_key_usage_flags(const psa_key_attributes_t *attributes)
2025 {
2026  return attributes->policy.usage;
2027 }
2028 
2040 static inline void psa_reset_key_attributes(psa_key_attributes_t *attributes)
2041 {
2042  *attributes = psa_key_attributes_init();
2043 }
2044 
2074 psa_status_t psa_get_key_attributes(psa_key_id_t key,
2075  psa_key_attributes_t *attributes);
2076 #endif /* MODULE_PSA_KEY_MANAGEMENT */
2077 
2078 #if IS_USED(MODULE_PSA_HASH) || defined(DOXYGEN)
2104 psa_status_t psa_hash_abort(psa_hash_operation_t *operation);
2105 
2134 psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
2135  psa_hash_operation_t *target_operation);
2136 
2165 psa_status_t psa_hash_compare(psa_algorithm_t alg,
2166  const uint8_t *input,
2167  size_t input_length,
2168  const uint8_t *hash,
2169  size_t hash_length);
2170 
2204 psa_status_t psa_hash_compute(psa_algorithm_t alg,
2205  const uint8_t *input,
2206  size_t input_length,
2207  uint8_t *hash,
2208  size_t hash_size,
2209  size_t *hash_length);
2210 
2252 psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
2253  uint8_t *hash,
2254  size_t hash_size,
2255  size_t *hash_length);
2256 
2293 psa_status_t psa_hash_resume(psa_hash_operation_t *operation,
2294  const uint8_t *hash_state,
2295  size_t hash_state_length);
2296 
2338 psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
2339  psa_algorithm_t alg);
2340 
2416 psa_status_t psa_hash_suspend(psa_hash_operation_t *operation,
2417  uint8_t *hash_state,
2418  size_t hash_state_size,
2419  size_t *hash_state_length);
2420 
2445 psa_status_t psa_hash_update(psa_hash_operation_t *operation,
2446  const uint8_t *input,
2447  size_t input_length);
2448 
2481 psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
2482  const uint8_t *hash,
2483  size_t hash_length);
2484 #endif /* MODULE_PSA_HASH */
2485 
2486 #if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
2534 psa_status_t psa_builtin_import_key(const psa_key_attributes_t *attributes,
2535  const uint8_t *data, size_t data_length,
2536  uint8_t *key_buffer, size_t key_buffer_size,
2537  size_t *key_buffer_length, size_t *bits);
2538 
2625 psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
2626  const uint8_t *data,
2627  size_t data_length,
2628  psa_key_id_t *key);
2629 #endif /* MODULE_PSA_KEY_MANAGEMENT */
2630 
2631 #if IS_USED(MODULE_PSA_KEY_DERIVATION) || defined(DOXYGEN)
2654 psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation);
2655 
2681 psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *operation,
2682  size_t *capacity);
2683 
2730 psa_status_t psa_key_derivation_input_bytes(psa_key_derivation_operation_t *operation,
2731  psa_key_derivation_step_t step,
2732  const uint8_t *data,
2733  size_t data_length);
2734 
2778 psa_status_t psa_key_derivation_input_integer( psa_key_derivation_operation_t *operation,
2779  psa_key_derivation_step_t step,
2780  uint64_t value);
2781 
2847 psa_status_t psa_key_derivation_input_key(psa_key_derivation_operation_t *operation,
2848  psa_key_derivation_step_t step,
2849  psa_key_id_t key);
2850 
2910 psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *operation,
2911  psa_key_derivation_step_t step,
2912  psa_key_id_t private_key,
2913  const uint8_t *peer_key,
2914  size_t peer_key_length);
2915 
2955 psa_status_t psa_key_derivation_output_bytes(psa_key_derivation_operation_t *operation,
2956  uint8_t *output,
2957  size_t output_length);
2958 
3113 psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attributes,
3114  psa_key_derivation_operation_t *operation,
3115  psa_key_id_t *key);
3116 
3137 psa_status_t psa_key_derivation_set_capacity(psa_key_derivation_operation_t *operation,
3138  size_t capacity);
3139 
3197 psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
3198  psa_algorithm_t alg);
3199 
3256 psa_status_t psa_key_derivation_verify_bytes(psa_key_derivation_operation_t *operation,
3257  const uint8_t *expected_output,
3258  size_t output_length);
3259 
3319 psa_status_t psa_key_derivation_verify_key(psa_key_derivation_operation_t *operation,
3320  psa_key_id_t expected);
3321 #endif /* PSA_CRYPTO_KEY_DERIVATION */
3322 
3323 #if IS_USED(MODULE_PSA_MAC) || defined(DOXYGEN)
3346 psa_status_t psa_mac_abort(psa_mac_operation_t *operation);
3347 
3399 psa_status_t psa_mac_compute(psa_key_id_t key,
3400  psa_algorithm_t alg,
3401  const uint8_t *input,
3402  size_t input_length,
3403  uint8_t *mac,
3404  size_t mac_size,
3405  size_t *mac_length);
3406 
3455 psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
3456  uint8_t *mac,
3457  size_t mac_size,
3458  size_t *mac_length);
3459 
3516 psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
3517  psa_key_id_t key,
3518  psa_algorithm_t alg);
3519 
3548 psa_status_t psa_mac_update(psa_mac_operation_t *operation,
3549  const uint8_t *input,
3550  size_t input_length);
3551 
3589 psa_status_t psa_mac_verify(psa_key_id_t key,
3590  psa_algorithm_t alg,
3591  const uint8_t *input,
3592  size_t input_length,
3593  const uint8_t *mac,
3594  size_t mac_length);
3595 
3631 psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
3632  const uint8_t *mac,
3633  size_t mac_length);
3634 
3690 psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
3691  psa_key_id_t key,
3692  psa_algorithm_t alg);
3693 #endif /* MODULE_PSA_MAC */
3694 
3695 #if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
3722 psa_status_t psa_purge_key(psa_key_id_t key);
3723 #endif /* MODULE_PSA_KEY_MANAGEMENT */
3724 
3725 #if IS_USED(MODULE_PSA_KEY_AGREEMENT) || defined(DOXYGEN)
3789 psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
3790  psa_key_id_t private_key,
3791  const uint8_t *peer_key,
3792  size_t peer_key_length,
3793  uint8_t *output,
3794  size_t output_size,
3795  size_t *output_length);
3796 #endif /* MODULE_PSA_KEY_AGREEMENT */
3797 
3798 #if IS_USED(MODULE_PSA_ASYMMETRIC) || defined(DOXYGEN)
3867 psa_status_t psa_sign_hash(psa_key_id_t key,
3868  psa_algorithm_t alg,
3869  const uint8_t *hash,
3870  size_t hash_length,
3871  uint8_t *signature,
3872  size_t signature_size,
3873  size_t *signature_length);
3874 
3932 psa_status_t psa_sign_message(psa_key_id_t key,
3933  psa_algorithm_t alg,
3934  const uint8_t *input,
3935  size_t input_length,
3936  uint8_t *signature,
3937  size_t signature_size,
3938  size_t *signature_length);
3939 
4002 psa_status_t psa_verify_hash(psa_key_id_t key,
4003  psa_algorithm_t alg,
4004  const uint8_t *hash,
4005  size_t hash_length,
4006  const uint8_t *signature,
4007  size_t signature_length);
4008 
4058 psa_status_t psa_verify_message(psa_key_id_t key,
4059  psa_algorithm_t alg,
4060  const uint8_t *input,
4061  size_t input_length,
4062  const uint8_t *signature,
4063  size_t signature_length);
4064 #endif /* MODULE_PSA_ASYMMETRIC */
4065 
4066 #ifdef __cplusplus
4067 }
4068 #endif
4069 
psa_algorithm_t
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: algorithm.h:35
psa_key_attributes_init
static psa_key_attributes_t psa_key_attributes_init(void)
Return an initial value for a key attribute object.
Definition: attributes.h:170
psa_verify_hash
psa_status_t psa_verify_hash(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length)
Verify the signature of a hash or short message using a public key.
psa_key_derivation_output_bytes
psa_status_t psa_key_derivation_output_bytes(psa_key_derivation_operation_t *operation, uint8_t *output, size_t output_length)
Read some data from a key derivation operation.
psa_purge_key
psa_status_t psa_purge_key(psa_key_id_t key)
Remove non-essential copies of key material from memory.
psa_cipher_encrypt
psa_status_t psa_cipher_encrypt(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length)
Encrypt a message using a symmetric cipher.
psa_hash_compare
psa_status_t psa_hash_compare(psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *hash, size_t hash_length)
Calculate the hash (digest) of a message and compare it with a reference value.
psa_raw_key_agreement
psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, psa_key_id_t private_key, const uint8_t *peer_key, size_t peer_key_length, uint8_t *output, size_t output_size, size_t *output_length)
Perform a key agreement and return the raw shared secret.
psa_aead_encrypt
psa_status_t psa_aead_encrypt(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *plaintext, size_t plaintext_length, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length)
Process an authenticated encryption operation.
psa_generate_random
psa_status_t psa_generate_random(uint8_t *output, size_t output_size)
Generate random bytes.
psa_asymmetric_decrypt
psa_status_t psa_asymmetric_decrypt(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length)
Decrypt a short message with a private key.
psa_cipher_finish
psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length)
Finish encrypting or decrypting a message in a cipher operation.
psa_sign_message
psa_status_t psa_sign_message(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *signature, size_t signature_size, size_t *signature_length)
Sign a message with a private key.
psa_asymmetric_encrypt
psa_status_t psa_asymmetric_encrypt(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length)
Encrypt a short message with a public key.
psa_cipher_generate_iv
psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, uint8_t *iv, size_t iv_size, size_t *iv_length)
Generate an initialization vector (IV) for a symmetric encryption operation.
psa_crypto_init
psa_status_t psa_crypto_init(void)
Library initialization.
psa_aead_decrypt_setup
psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation, psa_key_id_t key, psa_algorithm_t alg)
Set the key for a multi-part authenticated decryption operation.
psa_cipher_decrypt
psa_status_t psa_cipher_decrypt(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length)
Decrypt a message using a symmetric cipher.
psa_hash_suspend
psa_status_t psa_hash_suspend(psa_hash_operation_t *operation, uint8_t *hash_state, size_t hash_state_size, size_t *hash_state_length)
Halt the hash operation and extract the intermediate state of the hash computation.
psa_hash_clone
psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, psa_hash_operation_t *target_operation)
Clone a hash operation.
psa_sign_hash
psa_status_t psa_sign_hash(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length)
Sign an already-calculated hash with a private key.
psa_set_key_usage_flags
static void psa_set_key_usage_flags(psa_key_attributes_t *attributes, psa_key_usage_t usage_flags)
Declare usage flags for a key.
Definition: crypto.h:2011
psa_hash_finish
psa_status_t psa_hash_finish(psa_hash_operation_t *operation, uint8_t *hash, size_t hash_size, size_t *hash_length)
Finish the calculation of the hash of a message.
psa_key_derivation_key_agreement
psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, psa_key_id_t private_key, const uint8_t *peer_key, size_t peer_key_length)
Perform a key agreement and use the shared secret as input to a key derivation.
psa_status_to_humanly_readable
const char * psa_status_to_humanly_readable(psa_status_t status)
Helper function to convert PSA status values humanly readable.
psa_aead_encrypt_setup
psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, psa_key_id_t key, psa_algorithm_t alg)
Set the key for a multi-part authenticated encryption operation.
psa_mac_update
psa_status_t psa_mac_update(psa_mac_operation_t *operation, const uint8_t *input, size_t input_length)
Add a message fragment to a multi-part MAC operation.
psa_aead_generate_nonce
psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation, uint8_t *nonce, size_t nonce_size, size_t *nonce_length)
Generate a random nonce for an authenticated encryption operation.
psa_aead_set_nonce
psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation, const uint8_t *nonce, size_t nonce_length)
Set the nonce for an authenticated encryption or decryption operation.
psa_builtin_generate_key
psa_status_t psa_builtin_generate_key(const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
Built-in key generation function.
psa_get_key_bits
static size_t psa_get_key_bits(const psa_key_attributes_t *attributes)
Retrieve the key size from key attributes.
Definition: crypto.h:1897
psa_export_key
psa_status_t psa_export_key(psa_key_id_t key, uint8_t *data, size_t data_size, size_t *data_length)
Export a key in binary format.
psa_mac_sign_setup
psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, psa_key_id_t key, psa_algorithm_t alg)
Set up a multi-part MAC calculation operation.
psa_hash_update
psa_status_t psa_hash_update(psa_hash_operation_t *operation, const uint8_t *input, size_t input_length)
Add a message fragment to a multi-part hash operation.
psa_set_key_type
static void psa_set_key_type(psa_key_attributes_t *attributes, psa_key_type_t type)
Declare the type of a key.
Definition: crypto.h:1982
psa_aead_update_ad
psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation, const uint8_t *input, size_t input_length)
Pass additional data to an active AEAD operation.
psa_hash_resume
psa_status_t psa_hash_resume(psa_hash_operation_t *operation, const uint8_t *hash_state, size_t hash_state_length)
Set up a multi-part hash operation using the hash suspend state from a previously suspended hash oper...
psa_mac_verify_setup
psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, psa_key_id_t key, psa_algorithm_t alg)
Set up a multi-part MAC verification operation.
psa_aead_finish
psa_status_t psa_aead_finish(psa_aead_operation_t *operation, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length, uint8_t *tag, size_t tag_size, size_t *tag_length)
Finish encrypting a message in an AEAD operation.
psa_export_public_key
psa_status_t psa_export_public_key(psa_key_id_t key, uint8_t *data, size_t data_size, size_t *data_length)
Export a public key or the public part of a key pair in binary format.
psa_copy_key
psa_status_t psa_copy_key(psa_key_id_t source_key, const psa_key_attributes_t *attributes, psa_key_id_t *target_key)
Make a copy of a key.
psa_hash_verify
psa_status_t psa_hash_verify(psa_hash_operation_t *operation, const uint8_t *hash, size_t hash_length)
Finish the calculation of the hash of a message and compare it with an expected value.
psa_verify_message
psa_status_t psa_verify_message(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *signature, size_t signature_length)
Verify the signature of a message with a public key.
psa_key_derivation_set_capacity
psa_status_t psa_key_derivation_set_capacity(psa_key_derivation_operation_t *operation, size_t capacity)
Set the maximum capacity of a key derivation operation.
psa_hash_setup
psa_status_t psa_hash_setup(psa_hash_operation_t *operation, psa_algorithm_t alg)
Set up a multipart hash operation.
psa_get_key_attributes
psa_status_t psa_get_key_attributes(psa_key_id_t key, psa_key_attributes_t *attributes)
Retrieve the attributes of a key.
psa_builtin_generate_random
psa_status_t psa_builtin_generate_random(uint8_t *output, size_t output_size)
Built-in function for random number generation.
psa_key_derivation_input_bytes
psa_status_t psa_key_derivation_input_bytes(psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, const uint8_t *data, size_t data_length)
Provide an input for key derivation or key agreement.
psa_key_derivation_abort
psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation)
Abort a key derivation operation.
psa_generate_key
psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, psa_key_id_t *key)
Generate a key or key pair.
psa_key_derivation_get_capacity
psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *operation, size_t *capacity)
Retrieve the current capacity of a key derivation operation.
psa_cipher_set_iv
psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length)
Set the initialization vector (IV) for a symmetric encryption or decryption operation.
psa_cipher_decrypt_setup
psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, psa_key_id_t key, psa_algorithm_t alg)
Set the key for a multi-part symmetric decryption operation.
psa_get_key_lifetime
static psa_key_lifetime_t psa_get_key_lifetime(const psa_key_attributes_t *attributes)
Retrieve the lifetime from key attributes.
Definition: crypto.h:1968
psa_get_key_usage_flags
static psa_key_usage_t psa_get_key_usage_flags(const psa_key_attributes_t *attributes)
Retrieve the usage flags from key attributes.
Definition: crypto.h:2024
psa_mac_verify
psa_status_t psa_mac_verify(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *mac, size_t mac_length)
Calculate the MAC of a message and compare it with a reference value.
psa_key_derivation_input_key
psa_status_t psa_key_derivation_input_key(psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, psa_key_id_t key)
Provide an input for key derivation in the form of a key.
psa_cipher_abort
psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
Abort a cipher operation.
psa_hash_abort
psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
Abort a hash operation.
psa_aead_decrypt
psa_status_t psa_aead_decrypt(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length)
Process an authenticated decryption operation.
psa_set_key_lifetime
static void psa_set_key_lifetime(psa_key_attributes_t *attributes, psa_key_lifetime_t lifetime)
Set the location of a persistent key.
Definition: crypto.h:1955
psa_key_derivation_verify_key
psa_status_t psa_key_derivation_verify_key(psa_key_derivation_operation_t *operation, psa_key_id_t expected)
Compare output data from a key derivation operation to an expected value stored in a key.
psa_key_derivation_setup
psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation, psa_algorithm_t alg)
Set up a key derivation operation.
psa_builtin_import_key
psa_status_t psa_builtin_import_key(const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length, size_t *bits)
Built-in key import function.
psa_key_derivation_input_integer
psa_status_t psa_key_derivation_input_integer(psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, uint64_t value)
Provide a numeric input for key derivation or key agreement.
psa_mac_sign_finish
psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation, uint8_t *mac, size_t mac_size, size_t *mac_length)
Finish the calculation of the MAC of a message.
psa_get_key_algorithm
static psa_algorithm_t psa_get_key_algorithm(const psa_key_attributes_t *attributes)
Retrieve the permitted algorithm policy from key attributes.
Definition: crypto.h:1869
psa_cipher_update
psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length)
Encrypt or decrypt a message fragment in an active cipher operation.
psa_cipher_encrypt_setup
psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, psa_key_id_t key, psa_algorithm_t alg)
Set the key for a multi-part symmetric encryption operation.
psa_hash_compute
psa_status_t psa_hash_compute(psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *hash, size_t hash_size, size_t *hash_length)
Calculate the hash (digest) of a message.
psa_mac_verify_finish
psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation, const uint8_t *mac, size_t mac_length)
Finish the calculation of the MAC of a message and compare it with an expected value.
psa_mac_abort
psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
Abort a MAC operation.
psa_import_key
psa_status_t psa_import_key(const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, psa_key_id_t *key)
Import a key in binary format.
psa_key_derivation_output_key
psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attributes, psa_key_derivation_operation_t *operation, psa_key_id_t *key)
Derive a key from an ongoing key derivation operation.
psa_aead_set_lengths
psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation, size_t ad_length, size_t plaintext_length)
Declare the lengths of the message and additional data for AEAD.
psa_set_key_id
static void psa_set_key_id(psa_key_attributes_t *attributes, psa_key_id_t id)
Declare a key as persistent and set its key identifier.
Definition: crypto.h:1918
psa_get_key_id
static psa_key_id_t psa_get_key_id(const psa_key_attributes_t *attributes)
Retrieve the key identifier from key attributes.
Definition: crypto.h:1932
psa_aead_verify
psa_status_t psa_aead_verify(psa_aead_operation_t *operation, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length, const uint8_t *tag, size_t tag_length)
Finish authenticating and decrypting a message in an AEAD operation.
psa_get_key_type
static psa_key_type_t psa_get_key_type(const psa_key_attributes_t *attributes)
Retrieve the key type from key attributes.
Definition: crypto.h:1995
psa_aead_abort
psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
Abort an AEAD operation.
psa_set_key_algorithm
static void psa_set_key_algorithm(psa_key_attributes_t *attributes, psa_algorithm_t alg)
Declare the permitted algorithm policy for a key.
Definition: crypto.h:1856
psa_key_derivation_verify_bytes
psa_status_t psa_key_derivation_verify_bytes(psa_key_derivation_operation_t *operation, const uint8_t *expected_output, size_t output_length)
Compare output data from a key derivation operation to an expected value.
psa_destroy_key
psa_status_t psa_destroy_key(psa_key_id_t key)
Destroy a key.
psa_set_key_bits
static void psa_set_key_bits(psa_key_attributes_t *attributes, size_t bits)
Declare the size of a key.
Definition: crypto.h:1884
psa_aead_update
psa_status_t psa_aead_update(psa_aead_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length)
Encrypt or decrypt a message fragment in an active AEAD operation.
psa_reset_key_attributes
static void psa_reset_key_attributes(psa_key_attributes_t *attributes)
Reset a key attribute object to a freshly initialized state.
Definition: crypto.h:2040
psa_mac_compute
psa_status_t psa_mac_compute(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *mac, size_t mac_size, size_t *mac_length)
Calculate the message authentication code (MAC) of a message.
crypto_se_config.h
Define structures für SE slot configurations.
crypto_sizes.h
Size definitions for PSA Crypto.
crypto_struct.h
Structure definitions for PSA Crypto.
crypto_types.h
Type definitions for PSA Crypto.
crypto_values.h
Value definitions for PSA Crypto.
psa_key_id_t
uint32_t psa_key_id_t
Key identifier.
Definition: id.h:33
kernel_defines.h
Common macros and compiler attributes/pragmas configuration.
psa_key_lifetime_t
uint32_t psa_key_lifetime_t
Encoding of key lifetimes.
Definition: lifetime.h:63
psa_status_t
int32_t psa_status_t
Status code type used for all PSA Certified APIs.
Definition: error.h:37
psa_key_type_t
uint16_t psa_key_type_t
Encoding of a key type.
Definition: type.h:41
psa_aead_operation_s
Structure storing an AEAD operation context.
Definition: types.h:30
psa_cipher_operation_s
Structure storing a cipher operation context.
Definition: types.h:81
psa_hash_operation_s
Structure containing a hash context and algorithm.
Definition: types.h:82
psa_key_attributes_s
Structure storing key attributes.
Definition: attributes.h:48
psa_key_attributes_s::id
psa_key_id_t id
Key identifier.
Definition: attributes.h:52
psa_key_attributes_s::bits
psa_key_bits_t bits
Size of key in bits.
Definition: attributes.h:50
psa_key_attributes_s::policy
psa_key_policy_t policy
Key usage policy.
Definition: attributes.h:53
psa_key_attributes_s::type
psa_key_type_t type
Type of key.
Definition: attributes.h:49
psa_key_attributes_s::lifetime
psa_key_lifetime_t lifetime
Lifetime of key.
Definition: attributes.h:51
psa_key_derivation_operation_s
Structure storing a key derivation context.
Definition: types.h:35
psa_key_policy_s::usage
psa_key_usage_t usage
Key usage policy.
Definition: attributes.h:36
psa_key_policy_s::alg
psa_algorithm_t alg
Algorithm for key usage.
Definition: attributes.h:37
psa_mac_operation_s
Structure containing a MAC operation context.
Definition: types.h:30
psa_key_derivation_step_t
uint16_t psa_key_derivation_step_t
Encoding of the step of a key derivation.
Definition: types.h:28
psa_key_usage_t
uint32_t psa_key_usage_t
Encoding of permitted usage on a key.
Definition: usage.h:30