Mbed TLS v2.28.7
crypto_values.h
Go to the documentation of this file.
1 
22 /*
23  * Copyright The Mbed TLS Contributors
24  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
25  */
26 
27 #ifndef PSA_CRYPTO_VALUES_H
28 #define PSA_CRYPTO_VALUES_H
29 
34 /* PSA error codes */
35 
36 /* Error codes are standardized across PSA domains (framework, crypto, storage,
37  * etc.). Do not change the values in this section or even the expansions
38  * of each macro: it must be possible to `#include` both this header
39  * and some other PSA component's headers in the same C source,
40  * which will lead to duplicate definitions of the `PSA_SUCCESS` and
41  * `PSA_ERROR_xxx` macros, which is ok if and only if the macros expand
42  * to the same sequence of tokens.
43  *
44  * If you must add a new
45  * value, check with the Arm PSA framework group to pick one that other
46  * domains aren't already using. */
47 
48 /* Tell uncrustify not to touch the constant definitions, otherwise
49  * it might change the spacing to something that is not PSA-compliant
50  * (e.g. adding a space after casts).
51  *
52  * *INDENT-OFF*
53  */
54 
56 #define PSA_SUCCESS ((psa_status_t)0)
57 
63 #define PSA_ERROR_GENERIC_ERROR ((psa_status_t)-132)
64 
72 #define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134)
73 
85 #define PSA_ERROR_NOT_PERMITTED ((psa_status_t)-133)
86 
97 #define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)-138)
98 
103 #define PSA_ERROR_ALREADY_EXISTS ((psa_status_t)-139)
104 
109 #define PSA_ERROR_DOES_NOT_EXIST ((psa_status_t)-140)
110 
125 #define PSA_ERROR_BAD_STATE ((psa_status_t)-137)
126 
136 #define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135)
137 
142 #define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141)
143 
151 #define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)-142)
152 
168 #define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)-145)
169 
193 #define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)-146)
194 
199 #define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)-147)
200 
230 #define PSA_ERROR_CORRUPTION_DETECTED ((psa_status_t)-151)
231 
249 #define PSA_ERROR_INSUFFICIENT_ENTROPY ((psa_status_t)-148)
250 
259 #define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149)
260 
275 #define PSA_ERROR_INVALID_PADDING ((psa_status_t)-150)
276 
279 #define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143)
280 
283 #define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136)
284 
307 #define PSA_ERROR_DATA_CORRUPT ((psa_status_t)-152)
308 
323 #define PSA_ERROR_DATA_INVALID ((psa_status_t)-153)
324 
325 /* *INDENT-ON* */
326 
333 /* Note that key type values, including ECC family and DH group values, are
334  * embedded in the persistent key store, as part of key metadata. As a
335  * consequence, they must not be changed (unless the storage format version
336  * changes).
337  */
338 
343 #define PSA_KEY_TYPE_NONE ((psa_key_type_t) 0x0000)
344 
352 #define PSA_KEY_TYPE_VENDOR_FLAG ((psa_key_type_t) 0x8000)
353 
354 #define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t) 0x7000)
355 #define PSA_KEY_TYPE_CATEGORY_RAW ((psa_key_type_t) 0x1000)
356 #define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t) 0x2000)
357 #define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY ((psa_key_type_t) 0x4000)
358 #define PSA_KEY_TYPE_CATEGORY_KEY_PAIR ((psa_key_type_t) 0x7000)
359 
360 #define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR ((psa_key_type_t) 0x3000)
361 
366 #define PSA_KEY_TYPE_IS_VENDOR_DEFINED(type) \
367  (((type) & PSA_KEY_TYPE_VENDOR_FLAG) != 0)
368 
373 #define PSA_KEY_TYPE_IS_UNSTRUCTURED(type) \
374  (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_RAW || \
375  ((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC)
376 
378 #define PSA_KEY_TYPE_IS_ASYMMETRIC(type) \
379  (((type) & PSA_KEY_TYPE_CATEGORY_MASK \
380  & ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR) == \
381  PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)
382 
383 #define PSA_KEY_TYPE_IS_PUBLIC_KEY(type) \
384  (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)
385 
387 #define PSA_KEY_TYPE_IS_KEY_PAIR(type) \
388  (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_KEY_PAIR)
389 
399 #define PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(type) \
400  ((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
401 
411 #define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) \
412  ((type) & ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
413 
418 #define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t) 0x1001)
419 
428 #define PSA_KEY_TYPE_HMAC ((psa_key_type_t) 0x1100)
429 
435 #define PSA_KEY_TYPE_DERIVE ((psa_key_type_t) 0x1200)
436 
442 #define PSA_KEY_TYPE_AES ((psa_key_type_t) 0x2400)
443 
446 #define PSA_KEY_TYPE_ARIA ((psa_key_type_t) 0x2406)
447 
457 #define PSA_KEY_TYPE_DES ((psa_key_type_t) 0x2301)
458 
461 #define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t) 0x2403)
462 
467 #define PSA_KEY_TYPE_ARC4 ((psa_key_type_t) 0x2002)
468 
476 #define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t) 0x2004)
477 
482 #define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t) 0x4001)
483 
487 #define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t) 0x7001)
488 
489 #define PSA_KEY_TYPE_IS_RSA(type) \
490  (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)
491 
492 #define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t) 0x4100)
493 #define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t) 0x7100)
494 #define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t) 0x00ff)
495 
504 #define PSA_KEY_TYPE_ECC_KEY_PAIR(curve) \
505  (PSA_KEY_TYPE_ECC_KEY_PAIR_BASE | (curve))
506 
515 #define PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve) \
516  (PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))
517 
519 #define PSA_KEY_TYPE_IS_ECC(type) \
520  ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \
521  ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)
522 
523 #define PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type) \
524  (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
525  PSA_KEY_TYPE_ECC_KEY_PAIR_BASE)
526 
527 #define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type) \
528  (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
529  PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)
530 
532 #define PSA_KEY_TYPE_ECC_GET_FAMILY(type) \
533  ((psa_ecc_family_t) (PSA_KEY_TYPE_IS_ECC(type) ? \
534  ((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
535  0))
536 
545 #define PSA_ECC_FAMILY_SECP_K1 ((psa_ecc_family_t) 0x17)
546 
555 #define PSA_ECC_FAMILY_SECP_R1 ((psa_ecc_family_t) 0x12)
556 /* SECP160R2 (SEC2 v1, obsolete) */
557 #define PSA_ECC_FAMILY_SECP_R2 ((psa_ecc_family_t) 0x1b)
558 
567 #define PSA_ECC_FAMILY_SECT_K1 ((psa_ecc_family_t) 0x27)
568 
577 #define PSA_ECC_FAMILY_SECT_R1 ((psa_ecc_family_t) 0x22)
578 
587 #define PSA_ECC_FAMILY_SECT_R2 ((psa_ecc_family_t) 0x2b)
588 
596 #define PSA_ECC_FAMILY_BRAINPOOL_P_R1 ((psa_ecc_family_t) 0x30)
597 
608 #define PSA_ECC_FAMILY_MONTGOMERY ((psa_ecc_family_t) 0x41)
609 
624 #define PSA_ECC_FAMILY_TWISTED_EDWARDS ((psa_ecc_family_t) 0x42)
625 
626 #define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t) 0x4200)
627 #define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t) 0x7200)
628 #define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t) 0x00ff)
629 
634 #define PSA_KEY_TYPE_DH_KEY_PAIR(group) \
635  (PSA_KEY_TYPE_DH_KEY_PAIR_BASE | (group))
636 
641 #define PSA_KEY_TYPE_DH_PUBLIC_KEY(group) \
642  (PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE | (group))
643 
645 #define PSA_KEY_TYPE_IS_DH(type) \
646  ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \
647  ~PSA_KEY_TYPE_DH_GROUP_MASK) == PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE)
648 
649 #define PSA_KEY_TYPE_IS_DH_KEY_PAIR(type) \
650  (((type) & ~PSA_KEY_TYPE_DH_GROUP_MASK) == \
651  PSA_KEY_TYPE_DH_KEY_PAIR_BASE)
652 
653 #define PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) \
654  (((type) & ~PSA_KEY_TYPE_DH_GROUP_MASK) == \
655  PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE)
656 
658 #define PSA_KEY_TYPE_DH_GET_FAMILY(type) \
659  ((psa_dh_family_t) (PSA_KEY_TYPE_IS_DH(type) ? \
660  ((type) & PSA_KEY_TYPE_DH_GROUP_MASK) : \
661  0))
662 
669 #define PSA_DH_FAMILY_RFC7919 ((psa_dh_family_t) 0x03)
670 
671 #define PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) \
672  (((type) >> 8) & 7)
673 
691 #define PSA_BLOCK_CIPHER_BLOCK_LENGTH(type) \
692  (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
693  1u << PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) : \
694  0u)
695 
696 /* Note that algorithm values are embedded in the persistent key store,
697  * as part of key metadata. As a consequence, they must not be changed
698  * (unless the storage format version changes).
699  */
700 
708 #define PSA_ALG_VENDOR_FLAG ((psa_algorithm_t) 0x80000000)
709 
710 #define PSA_ALG_CATEGORY_MASK ((psa_algorithm_t) 0x7f000000)
711 #define PSA_ALG_CATEGORY_HASH ((psa_algorithm_t) 0x02000000)
712 #define PSA_ALG_CATEGORY_MAC ((psa_algorithm_t) 0x03000000)
713 #define PSA_ALG_CATEGORY_CIPHER ((psa_algorithm_t) 0x04000000)
714 #define PSA_ALG_CATEGORY_AEAD ((psa_algorithm_t) 0x05000000)
715 #define PSA_ALG_CATEGORY_SIGN ((psa_algorithm_t) 0x06000000)
716 #define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION ((psa_algorithm_t) 0x07000000)
717 #define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t) 0x08000000)
718 #define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t) 0x09000000)
719 
724 #define PSA_ALG_IS_VENDOR_DEFINED(alg) \
725  (((alg) & PSA_ALG_VENDOR_FLAG) != 0)
726 
735 #define PSA_ALG_IS_HASH(alg) \
736  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_HASH)
737 
746 #define PSA_ALG_IS_MAC(alg) \
747  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_MAC)
748 
757 #define PSA_ALG_IS_CIPHER(alg) \
758  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_CIPHER)
759 
769 #define PSA_ALG_IS_AEAD(alg) \
770  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_AEAD)
771 
781 #define PSA_ALG_IS_SIGN(alg) \
782  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_SIGN)
783 
793 #define PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg) \
794  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION)
795 
804 #define PSA_ALG_IS_KEY_AGREEMENT(alg) \
805  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_AGREEMENT)
806 
815 #define PSA_ALG_IS_KEY_DERIVATION(alg) \
816  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_DERIVATION)
817 
819 /* *INDENT-OFF* (https://github.com/ARM-software/psa-arch-tests/issues/337) */
820 #define PSA_ALG_NONE ((psa_algorithm_t)0)
821 /* *INDENT-ON* */
822 
823 #define PSA_ALG_HASH_MASK ((psa_algorithm_t) 0x000000ff)
824 
825 #define PSA_ALG_MD2 ((psa_algorithm_t) 0x02000001)
826 
827 #define PSA_ALG_MD4 ((psa_algorithm_t) 0x02000002)
828 
829 #define PSA_ALG_MD5 ((psa_algorithm_t) 0x02000003)
830 
831 #define PSA_ALG_RIPEMD160 ((psa_algorithm_t) 0x02000004)
832 
833 #define PSA_ALG_SHA_1 ((psa_algorithm_t) 0x02000005)
834 
835 #define PSA_ALG_SHA_224 ((psa_algorithm_t) 0x02000008)
836 
837 #define PSA_ALG_SHA_256 ((psa_algorithm_t) 0x02000009)
838 
839 #define PSA_ALG_SHA_384 ((psa_algorithm_t) 0x0200000a)
840 
841 #define PSA_ALG_SHA_512 ((psa_algorithm_t) 0x0200000b)
842 
843 #define PSA_ALG_SHA_512_224 ((psa_algorithm_t) 0x0200000c)
844 
845 #define PSA_ALG_SHA_512_256 ((psa_algorithm_t) 0x0200000d)
846 
847 #define PSA_ALG_SHA3_224 ((psa_algorithm_t) 0x02000010)
848 
849 #define PSA_ALG_SHA3_256 ((psa_algorithm_t) 0x02000011)
850 
851 #define PSA_ALG_SHA3_384 ((psa_algorithm_t) 0x02000012)
852 
853 #define PSA_ALG_SHA3_512 ((psa_algorithm_t) 0x02000013)
854 
860 #define PSA_ALG_SHAKE256_512 ((psa_algorithm_t) 0x02000015)
861 
895 #define PSA_ALG_ANY_HASH ((psa_algorithm_t) 0x020000ff)
896 
897 #define PSA_ALG_MAC_SUBCATEGORY_MASK ((psa_algorithm_t) 0x00c00000)
898 #define PSA_ALG_HMAC_BASE ((psa_algorithm_t) 0x03800000)
899 
910 #define PSA_ALG_HMAC(hash_alg) \
911  (PSA_ALG_HMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
912 
913 #define PSA_ALG_HMAC_GET_HASH(hmac_alg) \
914  (PSA_ALG_CATEGORY_HASH | ((hmac_alg) & PSA_ALG_HASH_MASK))
915 
926 #define PSA_ALG_IS_HMAC(alg) \
927  (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \
928  PSA_ALG_HMAC_BASE)
929 
930 /* In the encoding of a MAC algorithm, the bits corresponding to
931  * PSA_ALG_MAC_TRUNCATION_MASK encode the length to which the MAC is
932  * truncated. As an exception, the value 0 means the untruncated algorithm,
933  * whatever its length is. The length is encoded in 6 bits, so it can
934  * reach up to 63; the largest MAC is 64 bytes so its trivial truncation
935  * to full length is correctly encoded as 0 and any non-trivial truncation
936  * is correctly encoded as a value between 1 and 63. */
937 #define PSA_ALG_MAC_TRUNCATION_MASK ((psa_algorithm_t) 0x003f0000)
938 #define PSA_MAC_TRUNCATION_OFFSET 16
939 
940 /* In the encoding of a MAC algorithm, the bit corresponding to
941  * #PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG encodes the fact that the algorithm
942  * is a wildcard algorithm. A key with such wildcard algorithm as permitted
943  * algorithm policy can be used with any algorithm corresponding to the
944  * same base class and having a (potentially truncated) MAC length greater or
945  * equal than the one encoded in #PSA_ALG_MAC_TRUNCATION_MASK. */
946 #define PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t) 0x00008000)
947 
981 #define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length) \
982  (((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK | \
983  PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG)) | \
984  ((mac_length) << PSA_MAC_TRUNCATION_OFFSET & PSA_ALG_MAC_TRUNCATION_MASK))
985 
998 #define PSA_ALG_FULL_LENGTH_MAC(mac_alg) \
999  ((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK | \
1000  PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG))
1001 
1013 #define PSA_MAC_TRUNCATED_LENGTH(mac_alg) \
1014  (((mac_alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET)
1015 
1040 #define PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(mac_alg, min_mac_length) \
1041  (PSA_ALG_TRUNCATED_MAC(mac_alg, min_mac_length) | \
1042  PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG)
1043 
1044 #define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t) 0x03c00000)
1045 
1050 #define PSA_ALG_CBC_MAC ((psa_algorithm_t) 0x03c00100)
1051 
1052 #define PSA_ALG_CMAC ((psa_algorithm_t) 0x03c00200)
1053 
1062 #define PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) \
1063  (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \
1064  PSA_ALG_CIPHER_MAC_BASE)
1065 
1066 #define PSA_ALG_CIPHER_STREAM_FLAG ((psa_algorithm_t) 0x00800000)
1067 #define PSA_ALG_CIPHER_FROM_BLOCK_FLAG ((psa_algorithm_t) 0x00400000)
1068 
1081 #define PSA_ALG_IS_STREAM_CIPHER(alg) \
1082  (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_CIPHER_STREAM_FLAG)) == \
1083  (PSA_ALG_CATEGORY_CIPHER | PSA_ALG_CIPHER_STREAM_FLAG))
1084 
1091 #define PSA_ALG_STREAM_CIPHER ((psa_algorithm_t) 0x04800100)
1092 
1100 #define PSA_ALG_CTR ((psa_algorithm_t) 0x04c01000)
1101 
1106 #define PSA_ALG_CFB ((psa_algorithm_t) 0x04c01100)
1107 
1112 #define PSA_ALG_OFB ((psa_algorithm_t) 0x04c01200)
1113 
1120 #define PSA_ALG_XTS ((psa_algorithm_t) 0x0440ff00)
1121 
1140 #define PSA_ALG_ECB_NO_PADDING ((psa_algorithm_t) 0x04404400)
1141 
1149 #define PSA_ALG_CBC_NO_PADDING ((psa_algorithm_t) 0x04404000)
1150 
1157 #define PSA_ALG_CBC_PKCS7 ((psa_algorithm_t) 0x04404100)
1158 
1159 #define PSA_ALG_AEAD_FROM_BLOCK_FLAG ((psa_algorithm_t) 0x00400000)
1160 
1170 #define PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) \
1171  (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_AEAD_FROM_BLOCK_FLAG)) == \
1172  (PSA_ALG_CATEGORY_AEAD | PSA_ALG_AEAD_FROM_BLOCK_FLAG))
1173 
1178 #define PSA_ALG_CCM ((psa_algorithm_t) 0x05500100)
1179 
1184 #define PSA_ALG_GCM ((psa_algorithm_t) 0x05500200)
1185 
1195 #define PSA_ALG_CHACHA20_POLY1305 ((psa_algorithm_t) 0x05100500)
1196 
1197 /* In the encoding of an AEAD algorithm, the bits corresponding to
1198  * PSA_ALG_AEAD_TAG_LENGTH_MASK encode the length of the AEAD tag.
1199  * The constants for default lengths follow this encoding.
1200  */
1201 #define PSA_ALG_AEAD_TAG_LENGTH_MASK ((psa_algorithm_t) 0x003f0000)
1202 #define PSA_AEAD_TAG_LENGTH_OFFSET 16
1203 
1204 /* In the encoding of an AEAD algorithm, the bit corresponding to
1205  * #PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG encodes the fact that the algorithm
1206  * is a wildcard algorithm. A key with such wildcard algorithm as permitted
1207  * algorithm policy can be used with any algorithm corresponding to the
1208  * same base class and having a tag length greater than or equal to the one
1209  * encoded in #PSA_ALG_AEAD_TAG_LENGTH_MASK. */
1210 #define PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t) 0x00008000)
1211 
1230 #define PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, tag_length) \
1231  (((aead_alg) & ~(PSA_ALG_AEAD_TAG_LENGTH_MASK | \
1232  PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)) | \
1233  ((tag_length) << PSA_AEAD_TAG_LENGTH_OFFSET & \
1234  PSA_ALG_AEAD_TAG_LENGTH_MASK))
1235 
1246 #define PSA_ALG_AEAD_GET_TAG_LENGTH(aead_alg) \
1247  (((aead_alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> \
1248  PSA_AEAD_TAG_LENGTH_OFFSET)
1249 
1258 #define PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(aead_alg) \
1259  ( \
1260  PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_CCM) \
1261  PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_GCM) \
1262  PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_CHACHA20_POLY1305) \
1263  0)
1264 #define PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, ref) \
1265  PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, 0) == \
1266  PSA_ALG_AEAD_WITH_SHORTENED_TAG(ref, 0) ? \
1267  ref :
1268 
1293 #define PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(aead_alg, min_tag_length) \
1294  (PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, min_tag_length) | \
1295  PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)
1296 
1297 #define PSA_ALG_RSA_PKCS1V15_SIGN_BASE ((psa_algorithm_t) 0x06000200)
1298 
1313 #define PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg) \
1314  (PSA_ALG_RSA_PKCS1V15_SIGN_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1315 
1321 #define PSA_ALG_RSA_PKCS1V15_SIGN_RAW PSA_ALG_RSA_PKCS1V15_SIGN_BASE
1322 #define PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) \
1323  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PKCS1V15_SIGN_BASE)
1324 
1325 #define PSA_ALG_RSA_PSS_BASE ((psa_algorithm_t) 0x06000300)
1326 #define PSA_ALG_RSA_PSS_ANY_SALT_BASE ((psa_algorithm_t) 0x06001300)
1327 
1347 #define PSA_ALG_RSA_PSS(hash_alg) \
1348  (PSA_ALG_RSA_PSS_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1349 
1365 #define PSA_ALG_RSA_PSS_ANY_SALT(hash_alg) \
1366  (PSA_ALG_RSA_PSS_ANY_SALT_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1367 
1379 #define PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg) \
1380  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE)
1381 
1393 #define PSA_ALG_IS_RSA_PSS_ANY_SALT(alg) \
1394  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_ANY_SALT_BASE)
1395 
1411 #define PSA_ALG_IS_RSA_PSS(alg) \
1412  (PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg) || \
1413  PSA_ALG_IS_RSA_PSS_ANY_SALT(alg))
1414 
1415 #define PSA_ALG_ECDSA_BASE ((psa_algorithm_t) 0x06000600)
1416 
1436 #define PSA_ALG_ECDSA(hash_alg) \
1437  (PSA_ALG_ECDSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1438 
1447 #define PSA_ALG_ECDSA_ANY PSA_ALG_ECDSA_BASE
1448 #define PSA_ALG_DETERMINISTIC_ECDSA_BASE ((psa_algorithm_t) 0x06000700)
1449 
1471 #define PSA_ALG_DETERMINISTIC_ECDSA(hash_alg) \
1472  (PSA_ALG_DETERMINISTIC_ECDSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1473 #define PSA_ALG_ECDSA_DETERMINISTIC_FLAG ((psa_algorithm_t) 0x00000100)
1474 #define PSA_ALG_IS_ECDSA(alg) \
1475  (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_ECDSA_DETERMINISTIC_FLAG) == \
1476  PSA_ALG_ECDSA_BASE)
1477 #define PSA_ALG_ECDSA_IS_DETERMINISTIC(alg) \
1478  (((alg) & PSA_ALG_ECDSA_DETERMINISTIC_FLAG) != 0)
1479 #define PSA_ALG_IS_DETERMINISTIC_ECDSA(alg) \
1480  (PSA_ALG_IS_ECDSA(alg) && PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))
1481 #define PSA_ALG_IS_RANDOMIZED_ECDSA(alg) \
1482  (PSA_ALG_IS_ECDSA(alg) && !PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))
1483 
1512 #define PSA_ALG_PURE_EDDSA ((psa_algorithm_t) 0x06000800)
1513 
1514 #define PSA_ALG_HASH_EDDSA_BASE ((psa_algorithm_t) 0x06000900)
1515 #define PSA_ALG_IS_HASH_EDDSA(alg) \
1516  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HASH_EDDSA_BASE)
1517 
1539 #define PSA_ALG_ED25519PH \
1540  (PSA_ALG_HASH_EDDSA_BASE | (PSA_ALG_SHA_512 & PSA_ALG_HASH_MASK))
1541 
1564 #define PSA_ALG_ED448PH \
1565  (PSA_ALG_HASH_EDDSA_BASE | (PSA_ALG_SHAKE256_512 & PSA_ALG_HASH_MASK))
1566 
1567 /* Default definition, to be overridden if the library is extended with
1568  * more hash-and-sign algorithms that we want to keep out of this header
1569  * file. */
1570 #define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) 0
1571 
1589 #define PSA_ALG_IS_SIGN_HASH(alg) \
1590  (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \
1591  PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) || \
1592  PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg))
1593 
1605 #define PSA_ALG_IS_SIGN_MESSAGE(alg) \
1606  (PSA_ALG_IS_SIGN_HASH(alg) || (alg) == PSA_ALG_PURE_EDDSA)
1607 
1634 #define PSA_ALG_IS_HASH_AND_SIGN(alg) \
1635  (PSA_ALG_IS_SIGN_HASH(alg) && \
1636  ((alg) & PSA_ALG_HASH_MASK) != 0)
1637 
1656 #define PSA_ALG_SIGN_GET_HASH(alg) \
1657  (PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
1658  ((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \
1659  0)
1660 
1670 #define PSA_ALG_RSA_PKCS1V15_CRYPT ((psa_algorithm_t) 0x07000200)
1671 
1672 #define PSA_ALG_RSA_OAEP_BASE ((psa_algorithm_t) 0x07000300)
1673 
1687 #define PSA_ALG_RSA_OAEP(hash_alg) \
1688  (PSA_ALG_RSA_OAEP_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1689 #define PSA_ALG_IS_RSA_OAEP(alg) \
1690  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_OAEP_BASE)
1691 #define PSA_ALG_RSA_OAEP_GET_HASH(alg) \
1692  (PSA_ALG_IS_RSA_OAEP(alg) ? \
1693  ((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \
1694  0)
1695 
1696 #define PSA_ALG_HKDF_BASE ((psa_algorithm_t) 0x08000100)
1697 
1717 #define PSA_ALG_HKDF(hash_alg) \
1718  (PSA_ALG_HKDF_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1719 
1730 #define PSA_ALG_IS_HKDF(alg) \
1731  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_BASE)
1732 #define PSA_ALG_HKDF_GET_HASH(hkdf_alg) \
1733  (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
1734 
1735 #define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t) 0x08000200)
1736 
1762 #define PSA_ALG_TLS12_PRF(hash_alg) \
1763  (PSA_ALG_TLS12_PRF_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1764 
1773 #define PSA_ALG_IS_TLS12_PRF(alg) \
1774  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PRF_BASE)
1775 #define PSA_ALG_TLS12_PRF_GET_HASH(hkdf_alg) \
1776  (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
1777 
1778 #define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t) 0x08000300)
1779 
1808 #define PSA_ALG_TLS12_PSK_TO_MS(hash_alg) \
1809  (PSA_ALG_TLS12_PSK_TO_MS_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
1810 
1819 #define PSA_ALG_IS_TLS12_PSK_TO_MS(alg) \
1820  (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PSK_TO_MS_BASE)
1821 #define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg) \
1822  (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
1823 
1824 #define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t) 0xfe00ffff)
1825 #define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t) 0xffff0000)
1826 
1841 #define PSA_ALG_KEY_AGREEMENT(ka_alg, kdf_alg) \
1842  ((ka_alg) | (kdf_alg))
1843 
1844 #define PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) \
1845  (((alg) & PSA_ALG_KEY_DERIVATION_MASK) | PSA_ALG_CATEGORY_KEY_DERIVATION)
1846 
1847 #define PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) \
1848  (((alg) & PSA_ALG_KEY_AGREEMENT_MASK) | PSA_ALG_CATEGORY_KEY_AGREEMENT)
1849 
1864 #define PSA_ALG_IS_RAW_KEY_AGREEMENT(alg) \
1865  (PSA_ALG_IS_KEY_AGREEMENT(alg) && \
1866  PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) == PSA_ALG_CATEGORY_KEY_DERIVATION)
1867 
1868 #define PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT(alg) \
1869  ((PSA_ALG_IS_KEY_DERIVATION(alg) || PSA_ALG_IS_KEY_AGREEMENT(alg)))
1870 
1878 #define PSA_ALG_FFDH ((psa_algorithm_t) 0x09010000)
1879 
1892 #define PSA_ALG_IS_FFDH(alg) \
1893  (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH)
1894 
1920 #define PSA_ALG_ECDH ((psa_algorithm_t) 0x09020000)
1921 
1936 #define PSA_ALG_IS_ECDH(alg) \
1937  (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH)
1938 
1952 #define PSA_ALG_IS_WILDCARD(alg) \
1953  (PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
1954  PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH : \
1955  PSA_ALG_IS_MAC(alg) ? \
1956  (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0 : \
1957  PSA_ALG_IS_AEAD(alg) ? \
1958  (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0 : \
1959  (alg) == PSA_ALG_ANY_HASH)
1960 
1967 /* Note that location and persistence level values are embedded in the
1968  * persistent key store, as part of key metadata. As a consequence, they
1969  * must not be changed (unless the storage format version changes).
1970  */
1971 
1983 #define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t) 0x00000000)
1984 
1997 #define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t) 0x00000001)
1998 
2003 #define PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t) 0x00)
2004 
2009 #define PSA_KEY_PERSISTENCE_DEFAULT ((psa_key_persistence_t) 0x01)
2010 
2015 #define PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t) 0xff)
2016 
2017 #define PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) \
2018  ((psa_key_persistence_t) ((lifetime) & 0x000000ff))
2019 
2020 #define PSA_KEY_LIFETIME_GET_LOCATION(lifetime) \
2021  ((psa_key_location_t) ((lifetime) >> 8))
2022 
2039 #define PSA_KEY_LIFETIME_IS_VOLATILE(lifetime) \
2040  (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
2041  PSA_KEY_PERSISTENCE_VOLATILE)
2042 
2060 #define PSA_KEY_LIFETIME_IS_READ_ONLY(lifetime) \
2061  (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
2062  PSA_KEY_PERSISTENCE_READ_ONLY)
2063 
2073 #define PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(persistence, location) \
2074  ((location) << 8 | (persistence))
2075 
2083 #define PSA_KEY_LOCATION_LOCAL_STORAGE ((psa_key_location_t) 0x000000)
2084 
2085 #define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t) 0x800000)
2086 
2087 /* Note that key identifier values are embedded in the
2088  * persistent key store, as part of key metadata. As a consequence, they
2089  * must not be changed (unless the storage format version changes).
2090  */
2091 
2094 /* *INDENT-OFF* (https://github.com/ARM-software/psa-arch-tests/issues/337) */
2095 #define PSA_KEY_ID_NULL ((psa_key_id_t)0)
2096 /* *INDENT-ON* */
2099 #define PSA_KEY_ID_USER_MIN ((psa_key_id_t) 0x00000001)
2100 
2102 #define PSA_KEY_ID_USER_MAX ((psa_key_id_t) 0x3fffffff)
2103 
2105 #define PSA_KEY_ID_VENDOR_MIN ((psa_key_id_t) 0x40000000)
2106 
2108 #define PSA_KEY_ID_VENDOR_MAX ((psa_key_id_t) 0x7fffffff)
2109 
2110 
2111 #if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
2112 
2113 #define MBEDTLS_SVC_KEY_ID_INIT ((psa_key_id_t) 0)
2114 #define MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) (id)
2115 #define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(id) (0)
2116 
2123  unsigned int unused, psa_key_id_t key_id)
2124 {
2125  (void) unused;
2126 
2127  return key_id;
2128 }
2129 
2139 {
2140  return id1 == id2;
2141 }
2142 
2150 {
2151  return key == 0;
2152 }
2153 
2154 #else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
2155 
2156 #define MBEDTLS_SVC_KEY_ID_INIT ((mbedtls_svc_key_id_t){ 0, 0 })
2157 #define MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) ((id).key_id)
2158 #define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(id) ((id).owner)
2159 
2166  mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id)
2167 {
2168  return (mbedtls_svc_key_id_t){ .key_id = key_id,
2169  .owner = owner_id };
2170 }
2171 
2179 static inline int mbedtls_svc_key_id_equal(mbedtls_svc_key_id_t id1,
2181 {
2182  return (id1.key_id == id2.key_id) &&
2183  mbedtls_key_owner_id_equal(id1.owner, id2.owner);
2184 }
2185 
2192 static inline int mbedtls_svc_key_id_is_null(mbedtls_svc_key_id_t key)
2193 {
2194  return key.key_id == 0;
2195 }
2196 
2197 #endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
2198 
2205 /* Note that key usage flags are embedded in the
2206  * persistent key store, as part of key metadata. As a consequence, they
2207  * must not be changed (unless the storage format version changes).
2208  */
2209 
2221 #define PSA_KEY_USAGE_EXPORT ((psa_key_usage_t) 0x00000001)
2222 
2237 #define PSA_KEY_USAGE_COPY ((psa_key_usage_t) 0x00000002)
2238 
2248 #define PSA_KEY_USAGE_ENCRYPT ((psa_key_usage_t) 0x00000100)
2249 
2259 #define PSA_KEY_USAGE_DECRYPT ((psa_key_usage_t) 0x00000200)
2260 
2269 #define PSA_KEY_USAGE_SIGN_MESSAGE ((psa_key_usage_t) 0x00000400)
2270 
2279 #define PSA_KEY_USAGE_VERIFY_MESSAGE ((psa_key_usage_t) 0x00000800)
2280 
2289 #define PSA_KEY_USAGE_SIGN_HASH ((psa_key_usage_t) 0x00001000)
2290 
2299 #define PSA_KEY_USAGE_VERIFY_HASH ((psa_key_usage_t) 0x00002000)
2300 
2303 #define PSA_KEY_USAGE_DERIVE ((psa_key_usage_t) 0x00004000)
2304 
2311 /* Key input steps are not embedded in the persistent storage, so you can
2312  * change them if needed: it's only an ABI change. */
2313 
2326 #define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t) 0x0101)
2327 
2333 #define PSA_KEY_DERIVATION_INPUT_LABEL ((psa_key_derivation_step_t) 0x0201)
2334 
2340 #define PSA_KEY_DERIVATION_INPUT_SALT ((psa_key_derivation_step_t) 0x0202)
2341 
2347 #define PSA_KEY_DERIVATION_INPUT_INFO ((psa_key_derivation_step_t) 0x0203)
2348 
2354 #define PSA_KEY_DERIVATION_INPUT_SEED ((psa_key_derivation_step_t) 0x0204)
2355 
2362 /* Helper macros */
2363 
2375 #define MBEDTLS_PSA_ALG_AEAD_EQUAL(aead_alg_1, aead_alg_2) \
2376  (!(((aead_alg_1) ^ (aead_alg_2)) & \
2377  ~(PSA_ALG_AEAD_TAG_LENGTH_MASK | PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)))
2378 
2381 #endif /* PSA_CRYPTO_VALUES_H */
uint32_t psa_key_id_t
Definition: crypto_types.h:266
static mbedtls_svc_key_id_t mbedtls_svc_key_id_make(unsigned int unused, psa_key_id_t key_id)
psa_key_id_t mbedtls_svc_key_id_t
Definition: crypto_types.h:283
static int mbedtls_svc_key_id_equal(mbedtls_svc_key_id_t id1, mbedtls_svc_key_id_t id2)
static int mbedtls_svc_key_id_is_null(mbedtls_svc_key_id_t key)