33 #if IS_USED(MODULE_PSA_SECURE_ELEMENT_CONFIG)
45 #define PSA_CRYPTO_API_VERSION_MAJOR 1
50 #define PSA_CRYPTO_API_VERSION_MINOR 1
85 #if IS_USED(MODULE_PSA_AEAD) || defined(DOXYGEN)
143 const uint8_t *nonce,
145 const uint8_t *additional_data,
146 size_t additional_data_length,
147 const uint8_t *plaintext,
148 size_t plaintext_length,
150 size_t ciphertext_size,
151 size_t *ciphertext_length);
210 const uint8_t *nonce,
212 const uint8_t *additional_data,
213 size_t additional_data_length,
214 const uint8_t *ciphertext,
215 size_t ciphertext_length,
217 size_t plaintext_size,
218 size_t *plaintext_length);
379 size_t plaintext_length);
429 size_t *nonce_length);
475 const uint8_t *nonce,
476 size_t nonce_length);
521 const uint8_t *input,
522 size_t input_length);
590 const uint8_t *input,
594 size_t *output_length);
665 size_t ciphertext_size,
666 size_t *ciphertext_length,
739 size_t plaintext_size,
740 size_t *plaintext_length,
772 #if IS_USED(MODULE_PSA_ASYMMETRIC) || defined(DOXYGEN)
826 const uint8_t *input,
832 size_t *output_length);
888 const uint8_t *input,
894 size_t *output_length);
897 #if IS_USED(MODULE_PSA_CIPHER) || defined(DOXYGEN)
988 const uint8_t *input,
992 size_t *output_length);
1112 const uint8_t *input,
1113 size_t input_length,
1116 size_t *output_length);
1234 size_t *output_length);
1387 const uint8_t *input,
1388 size_t input_length,
1391 size_t *output_length);
1394 #if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
1653 size_t *data_length);
1738 size_t *data_length);
1747 size_t key_buffer_size,
size_t *key_buffer_length);
1821 size_t output_size);
1846 size_t output_size);
1848 #if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
1890 attributes->
bits = bits;
1902 return attributes->
bits;
1923 attributes->
id = id;
1937 return attributes->
id;
1988 attributes->
type = type;
2000 return attributes->
type;
2081 #if IS_USED(MODULE_PSA_HASH) || defined(DOXYGEN)
2169 const uint8_t *input,
2170 size_t input_length,
2171 const uint8_t *hash,
2172 size_t hash_length);
2208 const uint8_t *input,
2209 size_t input_length,
2212 size_t *hash_length);
2258 size_t *hash_length);
2297 const uint8_t *hash_state,
2298 size_t hash_state_length);
2420 uint8_t *hash_state,
2421 size_t hash_state_size,
2422 size_t *hash_state_length);
2449 const uint8_t *input,
2450 size_t input_length);
2485 const uint8_t *hash,
2486 size_t hash_length);
2489 #if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
2538 const uint8_t *data,
size_t data_length,
2539 uint8_t *key_buffer,
size_t key_buffer_size,
2540 size_t *key_buffer_length,
size_t *bits);
2629 const uint8_t *data,
2634 #if IS_USED(MODULE_PSA_KEY_DERIVATION) || defined(DOXYGEN)
2735 const uint8_t *data,
2736 size_t data_length);
2916 const uint8_t *peer_key,
2917 size_t peer_key_length);
2960 size_t output_length);
3260 const uint8_t *expected_output,
3261 size_t output_length);
3326 #if IS_USED(MODULE_PSA_MAC) || defined(DOXYGEN)
3404 const uint8_t *input,
3405 size_t input_length,
3408 size_t *mac_length);
3461 size_t *mac_length);
3552 const uint8_t *input,
3553 size_t input_length);
3594 const uint8_t *input,
3595 size_t input_length,
3698 #if IS_USED(MODULE_PSA_KEY_MANAGEMENT) || defined(DOXYGEN)
3728 #if IS_USED(MODULE_PSA_KEY_AGREEMENT) || defined(DOXYGEN)
3794 const uint8_t *peer_key,
3795 size_t peer_key_length,
3798 size_t *output_length);
3801 #if IS_USED(MODULE_PSA_ASYMMETRIC) || defined(DOXYGEN)
3872 const uint8_t *hash,
3875 size_t signature_size,
3876 size_t *signature_length);
3937 const uint8_t *input,
3938 size_t input_length,
3940 size_t signature_size,
3941 size_t *signature_length);
4007 const uint8_t *hash,
4009 const uint8_t *signature,
4010 size_t signature_length);
4063 const uint8_t *input,
4064 size_t input_length,
4065 const uint8_t *signature,
4066 size_t signature_length);
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
static psa_key_attributes_t psa_key_attributes_init(void)
Return an initial value for a key attribute object.
psa_status_t psa_verify_hash(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length)
Verify the signature of a hash or short message using a public key.
psa_status_t psa_key_derivation_output_bytes(psa_key_derivation_operation_t *operation, uint8_t *output, size_t output_length)
Read some data from a key derivation operation.
psa_status_t psa_purge_key(psa_key_id_t key)
Remove non-essential copies of key material from memory.
psa_status_t psa_cipher_encrypt(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length)
Encrypt a message using a symmetric cipher.
psa_status_t psa_hash_compare(psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *hash, size_t hash_length)
Calculate the hash (digest) of a message and compare it with a reference value.
psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, psa_key_id_t private_key, const uint8_t *peer_key, size_t peer_key_length, uint8_t *output, size_t output_size, size_t *output_length)
Perform a key agreement and return the raw shared secret.
psa_status_t psa_aead_encrypt(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *plaintext, size_t plaintext_length, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length)
Process an authenticated encryption operation.
psa_status_t psa_generate_random(uint8_t *output, size_t output_size)
Generate random bytes.
psa_status_t psa_asymmetric_decrypt(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length)
Decrypt a short message with a private key.
psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length)
Finish encrypting or decrypting a message in a cipher operation.
psa_status_t psa_sign_message(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *signature, size_t signature_size, size_t *signature_length)
Sign a message with a private key.
psa_status_t psa_asymmetric_encrypt(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length)
Encrypt a short message with a public key.
psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, uint8_t *iv, size_t iv_size, size_t *iv_length)
Generate an initialization vector (IV) for a symmetric encryption operation.
psa_status_t psa_crypto_init(void)
Library initialization.
psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation, psa_key_id_t key, psa_algorithm_t alg)
Set the key for a multi-part authenticated decryption operation.
psa_status_t psa_cipher_decrypt(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length)
Decrypt a message using a symmetric cipher.
psa_status_t psa_hash_suspend(psa_hash_operation_t *operation, uint8_t *hash_state, size_t hash_state_size, size_t *hash_state_length)
Halt the hash operation and extract the intermediate state of the hash computation.
psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, psa_hash_operation_t *target_operation)
Clone a hash operation.
psa_status_t psa_sign_hash(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length)
Sign an already-calculated hash with a private key.
static void psa_set_key_usage_flags(psa_key_attributes_t *attributes, psa_key_usage_t usage_flags)
Declare usage flags for a key.
psa_status_t psa_hash_finish(psa_hash_operation_t *operation, uint8_t *hash, size_t hash_size, size_t *hash_length)
Finish the calculation of the hash of a message.
psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, psa_key_id_t private_key, const uint8_t *peer_key, size_t peer_key_length)
Perform a key agreement and use the shared secret as input to a key derivation.
const char * psa_status_to_humanly_readable(psa_status_t status)
Helper function to convert PSA status values humanly readable.
psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, psa_key_id_t key, psa_algorithm_t alg)
Set the key for a multi-part authenticated encryption operation.
psa_status_t psa_mac_update(psa_mac_operation_t *operation, const uint8_t *input, size_t input_length)
Add a message fragment to a multi-part MAC operation.
psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation, uint8_t *nonce, size_t nonce_size, size_t *nonce_length)
Generate a random nonce for an authenticated encryption operation.
psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation, const uint8_t *nonce, size_t nonce_length)
Set the nonce for an authenticated encryption or decryption operation.
psa_status_t psa_builtin_generate_key(const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
Built-in key generation function.
static size_t psa_get_key_bits(const psa_key_attributes_t *attributes)
Retrieve the key size from key attributes.
psa_status_t psa_export_key(psa_key_id_t key, uint8_t *data, size_t data_size, size_t *data_length)
Export a key in binary format.
psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, psa_key_id_t key, psa_algorithm_t alg)
Set up a multi-part MAC calculation operation.
psa_status_t psa_hash_update(psa_hash_operation_t *operation, const uint8_t *input, size_t input_length)
Add a message fragment to a multi-part hash operation.
static void psa_set_key_type(psa_key_attributes_t *attributes, psa_key_type_t type)
Declare the type of a key.
psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation, const uint8_t *input, size_t input_length)
Pass additional data to an active AEAD operation.
psa_status_t psa_hash_resume(psa_hash_operation_t *operation, const uint8_t *hash_state, size_t hash_state_length)
Set up a multi-part hash operation using the hash suspend state from a previously suspended hash oper...
psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, psa_key_id_t key, psa_algorithm_t alg)
Set up a multi-part MAC verification operation.
psa_status_t psa_aead_finish(psa_aead_operation_t *operation, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length, uint8_t *tag, size_t tag_size, size_t *tag_length)
Finish encrypting a message in an AEAD operation.
psa_status_t psa_export_public_key(psa_key_id_t key, uint8_t *data, size_t data_size, size_t *data_length)
Export a public key or the public part of a key pair in binary format.
psa_status_t psa_copy_key(psa_key_id_t source_key, const psa_key_attributes_t *attributes, psa_key_id_t *target_key)
Make a copy of a key.
psa_status_t psa_hash_verify(psa_hash_operation_t *operation, const uint8_t *hash, size_t hash_length)
Finish the calculation of the hash of a message and compare it with an expected value.
psa_status_t psa_verify_message(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *signature, size_t signature_length)
Verify the signature of a message with a public key.
psa_status_t psa_key_derivation_set_capacity(psa_key_derivation_operation_t *operation, size_t capacity)
Set the maximum capacity of a key derivation operation.
psa_status_t psa_hash_setup(psa_hash_operation_t *operation, psa_algorithm_t alg)
Set up a multipart hash operation.
psa_status_t psa_get_key_attributes(psa_key_id_t key, psa_key_attributes_t *attributes)
Retrieve the attributes of a key.
psa_status_t psa_builtin_generate_random(uint8_t *output, size_t output_size)
Built-in function for random number generation.
psa_status_t psa_key_derivation_input_bytes(psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, const uint8_t *data, size_t data_length)
Provide an input for key derivation or key agreement.
psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation)
Abort a key derivation operation.
psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, psa_key_id_t *key)
Generate a key or key pair.
psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *operation, size_t *capacity)
Retrieve the current capacity of a key derivation operation.
psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length)
Set the initialization vector (IV) for a symmetric encryption or decryption operation.
psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, psa_key_id_t key, psa_algorithm_t alg)
Set the key for a multi-part symmetric decryption operation.
static psa_key_lifetime_t psa_get_key_lifetime(const psa_key_attributes_t *attributes)
Retrieve the lifetime from key attributes.
static psa_key_usage_t psa_get_key_usage_flags(const psa_key_attributes_t *attributes)
Retrieve the usage flags from key attributes.
psa_status_t psa_mac_verify(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *mac, size_t mac_length)
Calculate the MAC of a message and compare it with a reference value.
psa_status_t psa_key_derivation_input_key(psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, psa_key_id_t key)
Provide an input for key derivation in the form of a key.
psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
Abort a cipher operation.
psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
Abort a hash operation.
psa_status_t psa_aead_decrypt(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length)
Process an authenticated decryption operation.
static void psa_set_key_lifetime(psa_key_attributes_t *attributes, psa_key_lifetime_t lifetime)
Set the location of a persistent key.
psa_status_t psa_key_derivation_verify_key(psa_key_derivation_operation_t *operation, psa_key_id_t expected)
Compare output data from a key derivation operation to an expected value stored in a key.
psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation, psa_algorithm_t alg)
Set up a key derivation operation.
psa_status_t psa_builtin_import_key(const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length, size_t *bits)
Built-in key import function.
psa_status_t psa_key_derivation_input_integer(psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, uint64_t value)
Provide a numeric input for key derivation or key agreement.
psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation, uint8_t *mac, size_t mac_size, size_t *mac_length)
Finish the calculation of the MAC of a message.
static psa_algorithm_t psa_get_key_algorithm(const psa_key_attributes_t *attributes)
Retrieve the permitted algorithm policy from key attributes.
psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length)
Encrypt or decrypt a message fragment in an active cipher operation.
psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, psa_key_id_t key, psa_algorithm_t alg)
Set the key for a multi-part symmetric encryption operation.
psa_status_t psa_hash_compute(psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *hash, size_t hash_size, size_t *hash_length)
Calculate the hash (digest) of a message.
psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation, const uint8_t *mac, size_t mac_length)
Finish the calculation of the MAC of a message and compare it with an expected value.
psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
Abort a MAC operation.
psa_status_t psa_import_key(const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, psa_key_id_t *key)
Import a key in binary format.
psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attributes, psa_key_derivation_operation_t *operation, psa_key_id_t *key)
Derive a key from an ongoing key derivation operation.
psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation, size_t ad_length, size_t plaintext_length)
Declare the lengths of the message and additional data for AEAD.
static void psa_set_key_id(psa_key_attributes_t *attributes, psa_key_id_t id)
Declare a key as persistent and set its key identifier.
static psa_key_id_t psa_get_key_id(const psa_key_attributes_t *attributes)
Retrieve the key identifier from key attributes.
psa_status_t psa_aead_verify(psa_aead_operation_t *operation, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length, const uint8_t *tag, size_t tag_length)
Finish authenticating and decrypting a message in an AEAD operation.
static psa_key_type_t psa_get_key_type(const psa_key_attributes_t *attributes)
Retrieve the key type from key attributes.
psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
Abort an AEAD operation.
static void psa_set_key_algorithm(psa_key_attributes_t *attributes, psa_algorithm_t alg)
Declare the permitted algorithm policy for a key.
psa_status_t psa_key_derivation_verify_bytes(psa_key_derivation_operation_t *operation, const uint8_t *expected_output, size_t output_length)
Compare output data from a key derivation operation to an expected value.
psa_status_t psa_destroy_key(psa_key_id_t key)
Destroy a key.
static void psa_set_key_bits(psa_key_attributes_t *attributes, size_t bits)
Declare the size of a key.
psa_status_t psa_aead_update(psa_aead_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length)
Encrypt or decrypt a message fragment in an active AEAD operation.
static void psa_reset_key_attributes(psa_key_attributes_t *attributes)
Reset a key attribute object to a freshly initialized state.
psa_status_t psa_mac_compute(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *mac, size_t mac_size, size_t *mac_length)
Calculate the message authentication code (MAC) of a message.
Define structures für SE slot configurations.
Size definitions for PSA Crypto.
Structure definitions for PSA Crypto.
Type definitions for PSA Crypto.
Value definitions for PSA Crypto.
uint32_t psa_key_id_t
Key identifier.
Common macros and compiler attributes/pragmas configuration.
uint32_t psa_key_lifetime_t
Encoding of key lifetimes.
int32_t psa_status_t
Status code type used for all PSA Certified APIs.
uint16_t psa_key_type_t
Encoding of a key type.
Structure storing an AEAD operation context.
Structure storing a cipher operation context.
Structure containing a hash context and algorithm.
Structure storing key attributes.
psa_key_id_t id
Key identifier.
psa_key_bits_t bits
Size of key in bits.
psa_key_policy_t policy
Key usage policy.
psa_key_type_t type
Type of key.
psa_key_lifetime_t lifetime
Lifetime of key.
Structure storing a key derivation context.
psa_key_usage_t usage
Key usage policy.
psa_algorithm_t alg
Algorithm for key usage.
Structure containing a MAC operation context.
uint16_t psa_key_derivation_step_t
Encoding of the step of a key derivation.
uint32_t psa_key_usage_t
Encoding of permitted usage on a key.
1.9.1