mbed TLS v2.28.1
crypto_values.h
Go to the documentation of this file.
1 
22 /*
23  * Copyright The Mbed TLS Contributors
24  * SPDX-License-Identifier: Apache-2.0
25  *
26  * Licensed under the Apache License, Version 2.0 (the "License"); you may
27  * not use this file except in compliance with the License.
28  * You may obtain a copy of the License at
29  *
30  * http://www.apache.org/licenses/LICENSE-2.0
31  *
32  * Unless required by applicable law or agreed to in writing, software
33  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
34  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
35  * See the License for the specific language governing permissions and
36  * limitations under the License.
37  */
38 
39 #ifndef PSA_CRYPTO_VALUES_H
40 #define PSA_CRYPTO_VALUES_H
41 
46 /* PSA error codes */
47 
48 /* Error codes are standardized across PSA domains (framework, crypto, storage,
49  * etc.). Do not change the values in this section or even the expansions
50  * of each macro: it must be possible to `#include` both this header
51  * and some other PSA component's headers in the same C source,
52  * which will lead to duplicate definitions of the `PSA_SUCCESS` and
53  * `PSA_ERROR_xxx` macros, which is ok if and only if the macros expand
54  * to the same sequence of tokens.
55  *
56  * If you must add a new
57  * value, check with the Arm PSA framework group to pick one that other
58  * domains aren't already using. */
59 
61 #define PSA_SUCCESS ((psa_status_t)0)
62 
68 #define PSA_ERROR_GENERIC_ERROR ((psa_status_t)-132)
69 
77 #define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134)
78 
90 #define PSA_ERROR_NOT_PERMITTED ((psa_status_t)-133)
91 
102 #define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)-138)
103 
108 #define PSA_ERROR_ALREADY_EXISTS ((psa_status_t)-139)
109 
114 #define PSA_ERROR_DOES_NOT_EXIST ((psa_status_t)-140)
115 
130 #define PSA_ERROR_BAD_STATE ((psa_status_t)-137)
131 
141 #define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135)
142 
147 #define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141)
148 
156 #define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)-142)
157 
173 #define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)-145)
174 
198 #define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)-146)
199 
204 #define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)-147)
205 
235 #define PSA_ERROR_CORRUPTION_DETECTED ((psa_status_t)-151)
236 
254 #define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)-148)
255 
264 #define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149)
265 
280 #define PSA_ERROR_INVALID_PADDING ((psa_status_t)-150)
281 
284 #define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143)
285 
288 #define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136)
289 
312 #define PSA_ERROR_DATA_CORRUPT ((psa_status_t)-152)
313 
328 #define PSA_ERROR_DATA_INVALID ((psa_status_t)-153)
329 
336 /* Note that key type values, including ECC family and DH group values, are
337  * embedded in the persistent key store, as part of key metadata. As a
338  * consequence, they must not be changed (unless the storage format version
339  * changes).
340  */
341 
346 #define PSA_KEY_TYPE_NONE ((psa_key_type_t)0x0000)
347 
355 #define PSA_KEY_TYPE_VENDOR_FLAG ((psa_key_type_t)0x8000)
356 
357 #define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t)0x7000)
358 #define PSA_KEY_TYPE_CATEGORY_RAW ((psa_key_type_t)0x1000)
359 #define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t)0x2000)
360 #define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY ((psa_key_type_t)0x4000)
361 #define PSA_KEY_TYPE_CATEGORY_KEY_PAIR ((psa_key_type_t)0x7000)
362 
363 #define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR ((psa_key_type_t)0x3000)
364 
369 #define PSA_KEY_TYPE_IS_VENDOR_DEFINED(type) \
370  (((type) & PSA_KEY_TYPE_VENDOR_FLAG) != 0)
371 
376 #define PSA_KEY_TYPE_IS_UNSTRUCTURED(type) \
377  (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_RAW || \
378  ((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC)
379 
381 #define PSA_KEY_TYPE_IS_ASYMMETRIC(type) \
382  (((type) & PSA_KEY_TYPE_CATEGORY_MASK \
383  & ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR) == \
384  PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)
386 #define PSA_KEY_TYPE_IS_PUBLIC_KEY(type) \
387  (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)
390 #define PSA_KEY_TYPE_IS_KEY_PAIR(type) \
391  (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_KEY_PAIR)
402 #define PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(type) \
403  ((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
414 #define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) \
415  ((type) & ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
416 
421 #define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t)0x1001)
422 
431 #define PSA_KEY_TYPE_HMAC ((psa_key_type_t)0x1100)
432 
438 #define PSA_KEY_TYPE_DERIVE ((psa_key_type_t)0x1200)
439 
445 #define PSA_KEY_TYPE_AES ((psa_key_type_t)0x2400)
446 
449 #define PSA_KEY_TYPE_ARIA ((psa_key_type_t)0x2406)
450 
460 #define PSA_KEY_TYPE_DES ((psa_key_type_t)0x2301)
461 
464 #define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t)0x2403)
465 
470 #define PSA_KEY_TYPE_ARC4 ((psa_key_type_t)0x2002)
471 
479 #define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t)0x2004)
480 
485 #define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x4001)
490 #define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t)0x7001)
492 #define PSA_KEY_TYPE_IS_RSA(type) \
493  (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)
494 
495 #define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x4100)
496 #define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t)0x7100)
497 #define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x00ff)
507 #define PSA_KEY_TYPE_ECC_KEY_PAIR(curve) \
508  (PSA_KEY_TYPE_ECC_KEY_PAIR_BASE | (curve))
518 #define PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve) \
519  (PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))
520 
522 #define PSA_KEY_TYPE_IS_ECC(type) \
523  ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \
524  ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)
526 #define PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type) \
527  (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
528  PSA_KEY_TYPE_ECC_KEY_PAIR_BASE)
530 #define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type) \
531  (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
532  PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)
533 
535 #define PSA_KEY_TYPE_ECC_GET_FAMILY(type) \
536  ((psa_ecc_family_t) (PSA_KEY_TYPE_IS_ECC(type) ? \
537  ((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
538  0))
539 
548 #define PSA_ECC_FAMILY_SECP_K1 ((psa_ecc_family_t) 0x17)
549 
558 #define PSA_ECC_FAMILY_SECP_R1 ((psa_ecc_family_t) 0x12)
559 /* SECP160R2 (SEC2 v1, obsolete) */
560 #define PSA_ECC_FAMILY_SECP_R2 ((psa_ecc_family_t) 0x1b)
561 
570 #define PSA_ECC_FAMILY_SECT_K1 ((psa_ecc_family_t) 0x27)
571 
580 #define PSA_ECC_FAMILY_SECT_R1 ((psa_ecc_family_t) 0x22)
581 
590 #define PSA_ECC_FAMILY_SECT_R2 ((psa_ecc_family_t) 0x2b)
591 
599 #define PSA_ECC_FAMILY_BRAINPOOL_P_R1 ((psa_ecc_family_t) 0x30)
600 
611 #define PSA_ECC_FAMILY_MONTGOMERY ((psa_ecc_family_t) 0x41)
612 
627 #define PSA_ECC_FAMILY_TWISTED_EDWARDS ((psa_ecc_family_t) 0x42)
628 
629 #define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t)0x4200)
630 #define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t)0x7200)
631 #define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t)0x00ff)
637 #define PSA_KEY_TYPE_DH_KEY_PAIR(group) \
638  (PSA_KEY_TYPE_DH_KEY_PAIR_BASE | (group))
644 #define PSA_KEY_TYPE_DH_PUBLIC_KEY(group) \
645  (PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE | (group))
646 
648 #define PSA_KEY_TYPE_IS_DH(type) \
649  ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \
650  ~PSA_KEY_TYPE_DH_GROUP_MASK) == PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE)
652 #define PSA_KEY_TYPE_IS_DH_KEY_PAIR(type) \
653  (((type) & ~PSA_KEY_TYPE_DH_GROUP_MASK) == \
654  PSA_KEY_TYPE_DH_KEY_PAIR_BASE)
656 #define PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) \
657  (((type) & ~PSA_KEY_TYPE_DH_GROUP_MASK) == \
658  PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE)
659 
661 #define PSA_KEY_TYPE_DH_GET_FAMILY(type) \
662  ((psa_dh_family_t) (PSA_KEY_TYPE_IS_DH(type) ? \
663  ((type) & PSA_KEY_TYPE_DH_GROUP_MASK) : \
664  0))
665 
672 #define PSA_DH_FAMILY_RFC7919 ((psa_dh_family_t) 0x03)
673 
674 #define PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) \
675  (((type) >> 8) & 7)
694 #define PSA_BLOCK_CIPHER_BLOCK_LENGTH(type) \
695  (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
696  1u << PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) : \
697  0u)
698 
699 /* Note that algorithm values are embedded in the persistent key store,
700  * as part of key metadata. As a consequence, they must not be changed
701  * (unless the storage format version changes).
702  */
703 
711 #define PSA_ALG_VENDOR_FLAG ((psa_algorithm_t)0x80000000)
712 
713 #define PSA_ALG_CATEGORY_MASK ((psa_algorithm_t)0x7f000000)
714 #define PSA_ALG_CATEGORY_HASH ((psa_algorithm_t)0x02000000)
715 #define PSA_ALG_CATEGORY_MAC ((psa_algorithm_t)0x03000000)
716 #define PSA_ALG_CATEGORY_CIPHER ((psa_algorithm_t)0x04000000)
717 #define PSA_ALG_CATEGORY_AEAD ((psa_algorithm_t)0x05000000)
718 #define PSA_ALG_CATEGORY_SIGN ((psa_algorithm_t)0x06000000)
719 #define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION ((psa_algorithm_t)0x07000000)
720 #define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t)0x08000000)
721 #define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t)0x09000000)
722 
727 #define PSA_ALG_IS_VENDOR_DEFINED(alg) \
728  (((alg) & PSA_ALG_VENDOR_FLAG) != 0)
729 
738 #define PSA_ALG_IS_HASH(alg) \
739  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_HASH)
740 
749 #define PSA_ALG_IS_MAC(alg) \
750  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_MAC)
751 
760 #define PSA_ALG_IS_CIPHER(alg) \
761  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_CIPHER)
762 
772 #define PSA_ALG_IS_AEAD(alg) \
773  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_AEAD)
774 
784 #define PSA_ALG_IS_SIGN(alg) \
785  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_SIGN)
786 
796 #define PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg) \
797  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION)
798 
807 #define PSA_ALG_IS_KEY_AGREEMENT(alg) \
808  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_AGREEMENT)
809 
818 #define PSA_ALG_IS_KEY_DERIVATION(alg) \
819  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_DERIVATION)
820 
822 #define PSA_ALG_NONE ((psa_algorithm_t)0)
823 
824 #define PSA_ALG_HASH_MASK ((psa_algorithm_t)0x000000ff)
826 #define PSA_ALG_MD2 ((psa_algorithm_t)0x02000001)
828 #define PSA_ALG_MD4 ((psa_algorithm_t)0x02000002)
830 #define PSA_ALG_MD5 ((psa_algorithm_t)0x02000003)
832 #define PSA_ALG_RIPEMD160 ((psa_algorithm_t)0x02000004)
834 #define PSA_ALG_SHA_1 ((psa_algorithm_t)0x02000005)
836 #define PSA_ALG_SHA_224 ((psa_algorithm_t)0x02000008)
838 #define PSA_ALG_SHA_256 ((psa_algorithm_t)0x02000009)
840 #define PSA_ALG_SHA_384 ((psa_algorithm_t)0x0200000a)
842 #define PSA_ALG_SHA_512 ((psa_algorithm_t)0x0200000b)
844 #define PSA_ALG_SHA_512_224 ((psa_algorithm_t)0x0200000c)
846 #define PSA_ALG_SHA_512_256 ((psa_algorithm_t)0x0200000d)
848 #define PSA_ALG_SHA3_224 ((psa_algorithm_t)0x02000010)
850 #define PSA_ALG_SHA3_256 ((psa_algorithm_t)0x02000011)
852 #define PSA_ALG_SHA3_384 ((psa_algorithm_t)0x02000012)
854 #define PSA_ALG_SHA3_512 ((psa_algorithm_t)0x02000013)
861 #define PSA_ALG_SHAKE256_512 ((psa_algorithm_t)0x02000015)
862 
896 #define PSA_ALG_ANY_HASH ((psa_algorithm_t)0x020000ff)
897 
898 #define PSA_ALG_MAC_SUBCATEGORY_MASK ((psa_algorithm_t)0x00c00000)
899 #define PSA_ALG_HMAC_BASE ((psa_algorithm_t)0x03800000)
911 #define PSA_ALG_HMAC(hash_alg) \
912  (PSA_ALG_HMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
913 
914 #define PSA_ALG_HMAC_GET_HASH(hmac_alg) \
915  (PSA_ALG_CATEGORY_HASH | ((hmac_alg) & PSA_ALG_HASH_MASK))
916 
927 #define PSA_ALG_IS_HMAC(alg) \
928  (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \
929  PSA_ALG_HMAC_BASE)
930 
931 /* In the encoding of a MAC algorithm, the bits corresponding to
932  * PSA_ALG_MAC_TRUNCATION_MASK encode the length to which the MAC is
933  * truncated. As an exception, the value 0 means the untruncated algorithm,
934  * whatever its length is. The length is encoded in 6 bits, so it can
935  * reach up to 63; the largest MAC is 64 bytes so its trivial truncation
936  * to full length is correctly encoded as 0 and any non-trivial truncation
937  * is correctly encoded as a value between 1 and 63. */
938 #define PSA_ALG_MAC_TRUNCATION_MASK ((psa_algorithm_t)0x003f0000)
939 #define PSA_MAC_TRUNCATION_OFFSET 16
940 
941 /* In the encoding of a MAC algorithm, the bit corresponding to
942  * #PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG encodes the fact that the algorithm
943  * is a wildcard algorithm. A key with such wildcard algorithm as permitted
944  * algorithm policy can be used with any algorithm corresponding to the
945  * same base class and having a (potentially truncated) MAC length greater or
946  * equal than the one encoded in #PSA_ALG_MAC_TRUNCATION_MASK. */
947 #define PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t)0x00008000)
948 
982 #define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length) \
983  (((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK | \
984  PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG)) | \
985  ((mac_length) << PSA_MAC_TRUNCATION_OFFSET & PSA_ALG_MAC_TRUNCATION_MASK))
986 
999 #define PSA_ALG_FULL_LENGTH_MAC(mac_alg) \
1000  ((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK | \
1001  PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG))
1002 
1014 #define PSA_MAC_TRUNCATED_LENGTH(mac_alg) \
1015  (((mac_alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET)
1016 
1041 #define PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(mac_alg, min_mac_length) \
1042  ( PSA_ALG_TRUNCATED_MAC(mac_alg, min_mac_length) | \
1043  PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG )
1044 
1045 #define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t)0x03c00000)
1051 #define PSA_ALG_CBC_MAC ((psa_algorithm_t)0x03c00100)
1053 #define PSA_ALG_CMAC ((psa_algorithm_t)0x03c00200)
1054 
1063 #define PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) \
1064  (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \
1065  PSA_ALG_CIPHER_MAC_BASE)
1066 
1067 #define PSA_ALG_CIPHER_STREAM_FLAG ((psa_algorithm_t)0x00800000)
1068 #define PSA_ALG_CIPHER_FROM_BLOCK_FLAG ((psa_algorithm_t)0x00400000)
1069 
1082 #define PSA_ALG_IS_STREAM_CIPHER(alg) \
1083  (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_CIPHER_STREAM_FLAG)) == \
1084  (PSA_ALG_CATEGORY_CIPHER | PSA_ALG_CIPHER_STREAM_FLAG))
1085 
1092 #define PSA_ALG_STREAM_CIPHER ((psa_algorithm_t)0x04800100)
1093 
1101 #define PSA_ALG_CTR ((psa_algorithm_t)0x04c01000)
1102 
1107 #define PSA_ALG_CFB ((psa_algorithm_t)0x04c01100)
1108 
1113 #define PSA_ALG_OFB ((psa_algorithm_t)0x04c01200)
1114 
1121 #define PSA_ALG_XTS ((psa_algorithm_t)0x0440ff00)
1122 
1141 #define PSA_ALG_ECB_NO_PADDING ((psa_algorithm_t)0x04404400)
1142 
1150 #define PSA_ALG_CBC_NO_PADDING ((psa_algorithm_t)0x04404000)
1151 
1158 #define PSA_ALG_CBC_PKCS7 ((psa_algorithm_t)0x04404100)
1159 
1160 #define PSA_ALG_AEAD_FROM_BLOCK_FLAG ((psa_algorithm_t)0x00400000)
1161 
1171 #define PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) \
1172  (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_AEAD_FROM_BLOCK_FLAG)) == \
1173  (PSA_ALG_CATEGORY_AEAD | PSA_ALG_AEAD_FROM_BLOCK_FLAG))
1174 
1179 #define PSA_ALG_CCM ((psa_algorithm_t)0x05500100)
1180 
1185 #define PSA_ALG_GCM ((psa_algorithm_t)0x05500200)
1186 
1196 #define PSA_ALG_CHACHA20_POLY1305 ((psa_algorithm_t)0x05100500)
1197 
1198 /* In the encoding of a AEAD algorithm, the bits corresponding to
1199  * PSA_ALG_AEAD_TAG_LENGTH_MASK encode the length of the AEAD tag.
1200  * The constants for default lengths follow this encoding.
1201  */
1202 #define PSA_ALG_AEAD_TAG_LENGTH_MASK ((psa_algorithm_t)0x003f0000)
1203 #define PSA_AEAD_TAG_LENGTH_OFFSET 16
1204 
1205 /* In the encoding of an AEAD algorithm, the bit corresponding to
1206  * #PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG encodes the fact that the algorithm
1207  * is a wildcard algorithm. A key with such wildcard algorithm as permitted
1208  * algorithm policy can be used with any algorithm corresponding to the
1209  * same base class and having a tag length greater than or equal to the one
1210  * encoded in #PSA_ALG_AEAD_TAG_LENGTH_MASK. */
1211 #define PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t)0x00008000)
1212 
1231 #define PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, tag_length) \
1232  (((aead_alg) & ~(PSA_ALG_AEAD_TAG_LENGTH_MASK | \
1233  PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)) | \
1234  ((tag_length) << PSA_AEAD_TAG_LENGTH_OFFSET & \
1235  PSA_ALG_AEAD_TAG_LENGTH_MASK))
1236 
1247 #define PSA_ALG_AEAD_GET_TAG_LENGTH(aead_alg) \
1248  (((aead_alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> \
1249  PSA_AEAD_TAG_LENGTH_OFFSET )
1250 
1259 #define PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(aead_alg) \
1260  ( \
1261  PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_CCM) \
1262  PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_GCM) \
1263  PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_CHACHA20_POLY1305) \
1264  0)
1265 #define PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, ref) \
1266  PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, 0) == \
1267  PSA_ALG_AEAD_WITH_SHORTENED_TAG(ref, 0) ? \
1268  ref :
1269 
1294 #define PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(aead_alg, min_tag_length) \
1295  ( PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, min_tag_length) | \
1296  PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG )
1297 
1298 #define PSA_ALG_RSA_PKCS1V15_SIGN_BASE ((psa_algorithm_t)0x06000200)
1314 #define PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg) \
1315  (PSA_ALG_RSA_PKCS1V15_SIGN_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1322 #define PSA_ALG_RSA_PKCS1V15_SIGN_RAW PSA_ALG_RSA_PKCS1V15_SIGN_BASE
1323 #define PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) \
1324  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PKCS1V15_SIGN_BASE)
1325 
1326 #define PSA_ALG_RSA_PSS_BASE ((psa_algorithm_t)0x06000300)
1327 #define PSA_ALG_RSA_PSS_ANY_SALT_BASE ((psa_algorithm_t)0x06001300)
1346 #define PSA_ALG_RSA_PSS(hash_alg) \
1347  (PSA_ALG_RSA_PSS_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1348 
1364 #define PSA_ALG_RSA_PSS_ANY_SALT(hash_alg) \
1365  (PSA_ALG_RSA_PSS_ANY_SALT_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1366 
1378 #define PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg) \
1379  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE)
1380 
1392 #define PSA_ALG_IS_RSA_PSS_ANY_SALT(alg) \
1393  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_ANY_SALT_BASE)
1394 
1410 #define PSA_ALG_IS_RSA_PSS(alg) \
1411  (PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg) || \
1412  PSA_ALG_IS_RSA_PSS_ANY_SALT(alg))
1413 
1414 #define PSA_ALG_ECDSA_BASE ((psa_algorithm_t)0x06000600)
1435 #define PSA_ALG_ECDSA(hash_alg) \
1436  (PSA_ALG_ECDSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1446 #define PSA_ALG_ECDSA_ANY PSA_ALG_ECDSA_BASE
1447 #define PSA_ALG_DETERMINISTIC_ECDSA_BASE ((psa_algorithm_t)0x06000700)
1470 #define PSA_ALG_DETERMINISTIC_ECDSA(hash_alg) \
1471  (PSA_ALG_DETERMINISTIC_ECDSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1472 #define PSA_ALG_ECDSA_DETERMINISTIC_FLAG ((psa_algorithm_t)0x00000100)
1473 #define PSA_ALG_IS_ECDSA(alg) \
1474  (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_ECDSA_DETERMINISTIC_FLAG) == \
1475  PSA_ALG_ECDSA_BASE)
1476 #define PSA_ALG_ECDSA_IS_DETERMINISTIC(alg) \
1477  (((alg) & PSA_ALG_ECDSA_DETERMINISTIC_FLAG) != 0)
1478 #define PSA_ALG_IS_DETERMINISTIC_ECDSA(alg) \
1479  (PSA_ALG_IS_ECDSA(alg) && PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))
1480 #define PSA_ALG_IS_RANDOMIZED_ECDSA(alg) \
1481  (PSA_ALG_IS_ECDSA(alg) && !PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))
1482 
1511 #define PSA_ALG_PURE_EDDSA ((psa_algorithm_t)0x06000800)
1512 
1513 #define PSA_ALG_HASH_EDDSA_BASE ((psa_algorithm_t)0x06000900)
1514 #define PSA_ALG_IS_HASH_EDDSA(alg) \
1515  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HASH_EDDSA_BASE)
1516 
1538 #define PSA_ALG_ED25519PH \
1539  (PSA_ALG_HASH_EDDSA_BASE | (PSA_ALG_SHA_512 & PSA_ALG_HASH_MASK))
1540 
1563 #define PSA_ALG_ED448PH \
1564  (PSA_ALG_HASH_EDDSA_BASE | (PSA_ALG_SHAKE256_512 & PSA_ALG_HASH_MASK))
1565 
1566 /* Default definition, to be overridden if the library is extended with
1567  * more hash-and-sign algorithms that we want to keep out of this header
1568  * file. */
1569 #define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) 0
1570 
1588 #define PSA_ALG_IS_SIGN_HASH(alg) \
1589  (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \
1590  PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) || \
1591  PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg))
1592 
1604 #define PSA_ALG_IS_SIGN_MESSAGE(alg) \
1605  (PSA_ALG_IS_SIGN_HASH(alg) || (alg) == PSA_ALG_PURE_EDDSA )
1606 
1633 #define PSA_ALG_IS_HASH_AND_SIGN(alg) \
1634  (PSA_ALG_IS_SIGN_HASH(alg) && \
1635  ((alg) & PSA_ALG_HASH_MASK) != 0)
1636 
1655 #define PSA_ALG_SIGN_GET_HASH(alg) \
1656  (PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
1657  ((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \
1658  0)
1659 
1662 #define PSA_ALG_RSA_PKCS1V15_CRYPT ((psa_algorithm_t)0x07000200)
1663 
1664 #define PSA_ALG_RSA_OAEP_BASE ((psa_algorithm_t)0x07000300)
1679 #define PSA_ALG_RSA_OAEP(hash_alg) \
1680  (PSA_ALG_RSA_OAEP_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1681 #define PSA_ALG_IS_RSA_OAEP(alg) \
1682  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_OAEP_BASE)
1683 #define PSA_ALG_RSA_OAEP_GET_HASH(alg) \
1684  (PSA_ALG_IS_RSA_OAEP(alg) ? \
1685  ((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \
1686  0)
1687 
1688 #define PSA_ALG_HKDF_BASE ((psa_algorithm_t)0x08000100)
1709 #define PSA_ALG_HKDF(hash_alg) \
1710  (PSA_ALG_HKDF_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1722 #define PSA_ALG_IS_HKDF(alg) \
1723  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_BASE)
1724 #define PSA_ALG_HKDF_GET_HASH(hkdf_alg) \
1725  (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
1726 
1727 #define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x08000200)
1754 #define PSA_ALG_TLS12_PRF(hash_alg) \
1755  (PSA_ALG_TLS12_PRF_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1756 
1765 #define PSA_ALG_IS_TLS12_PRF(alg) \
1766  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PRF_BASE)
1767 #define PSA_ALG_TLS12_PRF_GET_HASH(hkdf_alg) \
1768  (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
1769 
1770 #define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t)0x08000300)
1800 #define PSA_ALG_TLS12_PSK_TO_MS(hash_alg) \
1801  (PSA_ALG_TLS12_PSK_TO_MS_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1802 
1811 #define PSA_ALG_IS_TLS12_PSK_TO_MS(alg) \
1812  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PSK_TO_MS_BASE)
1813 #define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg) \
1814  (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
1815 
1816 #define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t)0xfe00ffff)
1817 #define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t)0xffff0000)
1818 
1833 #define PSA_ALG_KEY_AGREEMENT(ka_alg, kdf_alg) \
1834  ((ka_alg) | (kdf_alg))
1835 
1836 #define PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) \
1837  (((alg) & PSA_ALG_KEY_DERIVATION_MASK) | PSA_ALG_CATEGORY_KEY_DERIVATION)
1838 
1839 #define PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) \
1840  (((alg) & PSA_ALG_KEY_AGREEMENT_MASK) | PSA_ALG_CATEGORY_KEY_AGREEMENT)
1841 
1856 #define PSA_ALG_IS_RAW_KEY_AGREEMENT(alg) \
1857  (PSA_ALG_IS_KEY_AGREEMENT(alg) && \
1858  PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) == PSA_ALG_CATEGORY_KEY_DERIVATION)
1859 
1860 #define PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT(alg) \
1861  ((PSA_ALG_IS_KEY_DERIVATION(alg) || PSA_ALG_IS_KEY_AGREEMENT(alg)))
1862 
1870 #define PSA_ALG_FFDH ((psa_algorithm_t)0x09010000)
1871 
1884 #define PSA_ALG_IS_FFDH(alg) \
1885  (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH)
1886 
1912 #define PSA_ALG_ECDH ((psa_algorithm_t)0x09020000)
1913 
1928 #define PSA_ALG_IS_ECDH(alg) \
1929  (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH)
1930 
1944 #define PSA_ALG_IS_WILDCARD(alg) \
1945  (PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
1946  PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH : \
1947  PSA_ALG_IS_MAC(alg) ? \
1948  (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0 : \
1949  PSA_ALG_IS_AEAD(alg) ? \
1950  (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0 : \
1951  (alg) == PSA_ALG_ANY_HASH)
1952 
1959 /* Note that location and persistence level values are embedded in the
1960  * persistent key store, as part of key metadata. As a consequence, they
1961  * must not be changed (unless the storage format version changes).
1962  */
1963 
1975 #define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t)0x00000000)
1976 
1989 #define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001)
1990 
1995 #define PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t)0x00)
1996 
2001 #define PSA_KEY_PERSISTENCE_DEFAULT ((psa_key_persistence_t)0x01)
2002 
2007 #define PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t)0xff)
2008 
2009 #define PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) \
2010  ((psa_key_persistence_t)((lifetime) & 0x000000ff))
2011 
2012 #define PSA_KEY_LIFETIME_GET_LOCATION(lifetime) \
2013  ((psa_key_location_t)((lifetime) >> 8))
2014 
2031 #define PSA_KEY_LIFETIME_IS_VOLATILE(lifetime) \
2032  (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
2033  PSA_KEY_PERSISTENCE_VOLATILE)
2034 
2052 #define PSA_KEY_LIFETIME_IS_READ_ONLY(lifetime) \
2053  (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
2054  PSA_KEY_PERSISTENCE_READ_ONLY)
2055 
2065 #define PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(persistence, location) \
2066  ((location) << 8 | (persistence))
2067 
2075 #define PSA_KEY_LOCATION_LOCAL_STORAGE ((psa_key_location_t)0x000000)
2076 
2077 #define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t)0x800000)
2078 
2079 /* Note that key identifier values are embedded in the
2080  * persistent key store, as part of key metadata. As a consequence, they
2081  * must not be changed (unless the storage format version changes).
2082  */
2083 
2086 #define PSA_KEY_ID_NULL ((psa_key_id_t)0)
2089 #define PSA_KEY_ID_USER_MIN ((psa_key_id_t)0x00000001)
2092 #define PSA_KEY_ID_USER_MAX ((psa_key_id_t)0x3fffffff)
2095 #define PSA_KEY_ID_VENDOR_MIN ((psa_key_id_t)0x40000000)
2098 #define PSA_KEY_ID_VENDOR_MAX ((psa_key_id_t)0x7fffffff)
2099 
2100 
2101 #if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
2102 
2103 #define MBEDTLS_SVC_KEY_ID_INIT ( (psa_key_id_t)0 )
2104 #define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( id )
2105 #define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( 0 )
2106 
2113  unsigned int unused, psa_key_id_t key_id )
2114 {
2115  (void)unused;
2116 
2117  return( key_id );
2118 }
2119 
2128  mbedtls_svc_key_id_t id2 )
2129 {
2130  return( id1 == id2 );
2131 }
2132 
2140 {
2141  return( key == 0 );
2142 }
2143 
2144 #else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
2145 
2146 #define MBEDTLS_SVC_KEY_ID_INIT ( (mbedtls_svc_key_id_t){ 0, 0 } )
2147 #define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( ( id ).key_id )
2148 #define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( ( id ).owner )
2149 
2156  mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id )
2157 {
2158  return( (mbedtls_svc_key_id_t){ .key_id = key_id,
2159  .owner = owner_id } );
2160 }
2161 
2169 static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1,
2170  mbedtls_svc_key_id_t id2 )
2171 {
2172  return( ( id1.key_id == id2.key_id ) &&
2173  mbedtls_key_owner_id_equal( id1.owner, id2.owner ) );
2174 }
2175 
2182 static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
2183 {
2184  return( key.key_id == 0 );
2185 }
2186 
2187 #endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
2188 
2195 /* Note that key usage flags are embedded in the
2196  * persistent key store, as part of key metadata. As a consequence, they
2197  * must not be changed (unless the storage format version changes).
2198  */
2199 
2211 #define PSA_KEY_USAGE_EXPORT ((psa_key_usage_t)0x00000001)
2212 
2227 #define PSA_KEY_USAGE_COPY ((psa_key_usage_t)0x00000002)
2228 
2238 #define PSA_KEY_USAGE_ENCRYPT ((psa_key_usage_t)0x00000100)
2239 
2249 #define PSA_KEY_USAGE_DECRYPT ((psa_key_usage_t)0x00000200)
2250 
2259 #define PSA_KEY_USAGE_SIGN_MESSAGE ((psa_key_usage_t)0x00000400)
2260 
2269 #define PSA_KEY_USAGE_VERIFY_MESSAGE ((psa_key_usage_t)0x00000800)
2270 
2279 #define PSA_KEY_USAGE_SIGN_HASH ((psa_key_usage_t)0x00001000)
2280 
2289 #define PSA_KEY_USAGE_VERIFY_HASH ((psa_key_usage_t)0x00002000)
2290 
2293 #define PSA_KEY_USAGE_DERIVE ((psa_key_usage_t)0x00004000)
2294 
2301 /* Key input steps are not embedded in the persistent storage, so you can
2302  * change them if needed: it's only an ABI change. */
2303 
2316 #define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t)0x0101)
2317 
2323 #define PSA_KEY_DERIVATION_INPUT_LABEL ((psa_key_derivation_step_t)0x0201)
2324 
2330 #define PSA_KEY_DERIVATION_INPUT_SALT ((psa_key_derivation_step_t)0x0202)
2331 
2337 #define PSA_KEY_DERIVATION_INPUT_INFO ((psa_key_derivation_step_t)0x0203)
2338 
2344 #define PSA_KEY_DERIVATION_INPUT_SEED ((psa_key_derivation_step_t)0x0204)
2345 
2352 /* Helper macros */
2353 
2365 #define MBEDTLS_PSA_ALG_AEAD_EQUAL(aead_alg_1, aead_alg_2) \
2366  (!(((aead_alg_1) ^ (aead_alg_2)) & \
2367  ~(PSA_ALG_AEAD_TAG_LENGTH_MASK | PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)))
2368 
2371 #endif /* PSA_CRYPTO_VALUES_H */
static mbedtls_svc_key_id_t mbedtls_svc_key_id_make(unsigned int unused, psa_key_id_t key_id)
uint32_t psa_key_id_t
Definition: crypto_types.h:278
static int mbedtls_svc_key_id_is_null(mbedtls_svc_key_id_t key)
psa_key_id_t mbedtls_svc_key_id_t
Definition: crypto_types.h:295
static int mbedtls_svc_key_id_equal(mbedtls_svc_key_id_t id1, mbedtls_svc_key_id_t id2)