NCBI C++ ToolKit
Classes | Macros | Typedefs | Enumerations | Functions
psa_crypto_core.h File Reference
#include "psa/build_info.h"
#include "psa/crypto.h"
#include "psa/crypto_se_driver.h"
+ Include dependency graph for psa_crypto_core.h:
+ This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Go to the SVN repository for this file.

Classes

struct  psa_key_slot_t
 The data structure representing a key slot, containing key material and metadata for one key. More...
 
struct  psa_key_slot_t::key_data
 
struct  psa_crypto_local_input_s
 
struct  psa_crypto_local_output_s
 

Macros

#define PSA_CRYPTO_LOCAL_INPUT_INIT   ((psa_crypto_local_input_t) { NULL, 0 })
 
#define PSA_CRYPTO_LOCAL_OUTPUT_INIT   ((psa_crypto_local_output_t) { NULL, NULL, 0 })
 

Typedefs

typedef struct psa_crypto_local_input_s psa_crypto_local_input_t
 
typedef struct psa_crypto_local_output_s psa_crypto_local_output_t
 

Enumerations

enum  psa_key_slot_state_t { PSA_SLOT_EMPTY = 0 , PSA_SLOT_FILLING , PSA_SLOT_FULL , PSA_SLOT_PENDING_DELETION }
 

Functions

int psa_can_do_hash (psa_algorithm_t hash_alg)
 Tell if PSA is ready for this hash. More...
 
int psa_can_do_cipher (psa_key_type_t key_type, psa_algorithm_t cipher_alg)
 Tell if PSA is ready for this cipher. More...
 
static int psa_key_slot_has_readers (const psa_key_slot_t *slot)
 Test whether a key slot has any registered readers. More...
 
psa_status_t psa_wipe_key_slot (psa_key_slot_t *slot)
 Completely wipe a slot in memory, including its policy. More...
 
psa_status_t psa_allocate_buffer_to_slot (psa_key_slot_t *slot, size_t buffer_length)
 Try to allocate a buffer to an empty key slot. More...
 
psa_status_t psa_remove_key_data_from_memory (psa_key_slot_t *slot)
 Wipe key data from a slot. More...
 
psa_status_t psa_copy_key_material_into_slot (psa_key_slot_t *slot, const uint8_t *data, size_t data_length)
 Copy key data (in export format) into an empty key slot. More...
 
psa_status_t mbedtls_to_psa_error (int ret)
 Convert an Mbed TLS error code to a PSA error code. More...
 
psa_status_t psa_import_key_into_slot (const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length, size_t *bits)
 Import a key in binary format. More...
 
psa_status_t psa_export_key_internal (const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length)
 Export a key in binary format. More...
 
psa_status_t psa_export_public_key_internal (const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length)
 Export a public key or the public part of a key pair in binary format. More...
 
int psa_key_production_parameters_are_default (const psa_key_production_parameters_t *params, size_t params_data_length)
 Whether a key production parameters structure is the default. More...
 
psa_status_t psa_generate_key_internal (const psa_key_attributes_t *attributes, const psa_key_production_parameters_t *params, size_t params_data_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
 Generate a key. More...
 
psa_status_t psa_sign_message_builtin (const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *signature, size_t signature_size, size_t *signature_length)
 Sign a message with a private key. More...
 
psa_status_t psa_verify_message_builtin (const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *signature, size_t signature_length)
 Verify the signature of a message with a public key, using a hash-and-sign verification algorithm. More...
 
psa_status_t psa_sign_hash_builtin (const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length)
 Sign an already-calculated hash with a private key. More...
 
psa_status_t psa_verify_hash_builtin (const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length)
 Verify the signature a hash or short message using a public key. More...
 
psa_status_t psa_validate_unstructured_key_bit_size (psa_key_type_t type, size_t bits)
 Validate the key bit size for unstructured keys. More...
 
psa_status_t psa_key_agreement_raw_builtin (const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *peer_key, size_t peer_key_length, uint8_t *shared_secret, size_t shared_secret_size, size_t *shared_secret_length)
 Perform a key agreement and return the raw shared secret, using built-in raw key agreement functions. More...
 
void mbedtls_psa_interruptible_set_max_ops (uint32_t max_ops)
 Set the maximum number of ops allowed to be executed by an interruptible function in a single call. More...
 
uint32_t mbedtls_psa_interruptible_get_max_ops (void)
 Get the maximum number of ops allowed to be executed by an interruptible function in a single call. More...
 
uint32_t mbedtls_psa_sign_hash_get_num_ops (const mbedtls_psa_sign_hash_interruptible_operation_t *operation)
 Get the number of ops that a hash signing operation has taken for the previous call. More...
 
uint32_t mbedtls_psa_verify_hash_get_num_ops (const mbedtls_psa_verify_hash_interruptible_operation_t *operation)
 Get the number of ops that a hash verification operation has taken for the previous call. More...
 
psa_status_t mbedtls_psa_sign_hash_start (mbedtls_psa_sign_hash_interruptible_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length)
 Start signing a hash or short message with a private key, in an interruptible manner. More...
 
psa_status_t mbedtls_psa_sign_hash_complete (mbedtls_psa_sign_hash_interruptible_operation_t *operation, uint8_t *signature, size_t signature_size, size_t *signature_length)
 Continue and eventually complete the action of signing a hash or short message with a private key, in an interruptible manner. More...
 
psa_status_t mbedtls_psa_sign_hash_abort (mbedtls_psa_sign_hash_interruptible_operation_t *operation)
 Abort a sign hash operation. More...
 
psa_status_t mbedtls_psa_verify_hash_start (mbedtls_psa_verify_hash_interruptible_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length)
 Start reading and verifying a hash or short message, in an interruptible manner. More...
 
psa_status_t mbedtls_psa_verify_hash_complete (mbedtls_psa_verify_hash_interruptible_operation_t *operation)
 Continue and eventually complete the action of signing a hash or short message with a private key, in an interruptible manner. More...
 
psa_status_t mbedtls_psa_verify_hash_abort (mbedtls_psa_verify_hash_interruptible_operation_t *operation)
 Abort a verify signed hash operation. More...
 
psa_status_t psa_crypto_local_input_alloc (const uint8_t *input, size_t input_len, psa_crypto_local_input_t *local_input)
 Allocate a local copy of an input buffer and copy the contents into it. More...
 
void psa_crypto_local_input_free (psa_crypto_local_input_t *local_input)
 Free a local copy of an input buffer. More...
 
psa_status_t psa_crypto_local_output_alloc (uint8_t *output, size_t output_len, psa_crypto_local_output_t *local_output)
 Allocate a local copy of an output buffer. More...
 
psa_status_t psa_crypto_local_output_free (psa_crypto_local_output_t *local_output)
 Copy from a local copy of an output buffer back to the original, then free the local copy. More...
 

Macro Definition Documentation

◆ PSA_CRYPTO_LOCAL_INPUT_INIT

#define PSA_CRYPTO_LOCAL_INPUT_INIT   ((psa_crypto_local_input_t) { NULL, 0 })

Definition at line 892 of file psa_crypto_core.h.

◆ PSA_CRYPTO_LOCAL_OUTPUT_INIT

#define PSA_CRYPTO_LOCAL_OUTPUT_INIT   ((psa_crypto_local_output_t) { NULL, NULL, 0 })

Definition at line 922 of file psa_crypto_core.h.

Typedef Documentation

◆ psa_crypto_local_input_t

◆ psa_crypto_local_output_t

Enumeration Type Documentation

◆ psa_key_slot_state_t

Enumerator
PSA_SLOT_EMPTY 
PSA_SLOT_FILLING 
PSA_SLOT_FULL 
PSA_SLOT_PENDING_DELETION 

Definition at line 51 of file psa_crypto_core.h.

Function Documentation

◆ mbedtls_psa_interruptible_get_max_ops()

uint32_t mbedtls_psa_interruptible_get_max_ops ( void  )

Get the maximum number of ops allowed to be executed by an interruptible function in a single call.

Note
The signature of this function is that of a PSA driver interruptible_get_max_ops entry point. This function behaves as an interruptible_get_max_ops entry point as defined in the PSA driver interface specification for transparent drivers.
Returns
Maximum number of ops allowed to be executed by an interruptible function in a single call.

◆ mbedtls_psa_interruptible_set_max_ops()

void mbedtls_psa_interruptible_set_max_ops ( uint32_t  max_ops)

Set the maximum number of ops allowed to be executed by an interruptible function in a single call.

Note
The signature of this function is that of a PSA driver interruptible_set_max_ops entry point. This function behaves as an interruptible_set_max_ops entry point as defined in the PSA driver interface specification for transparent drivers.
Parameters
[in]max_opsThe maximum number of ops to be executed in a single call, this can be a number from 0 to PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED, where 0 is obviously the least amount of work done per call.

◆ mbedtls_psa_sign_hash_abort()

psa_status_t mbedtls_psa_sign_hash_abort ( mbedtls_psa_sign_hash_interruptible_operation_t operation)

Abort a sign hash operation.

Note
The signature of this function is that of a PSA driver sign_hash_abort entry point. This function behaves as a sign_hash_abort entry point as defined in the PSA driver interface specification for transparent drivers.
Parameters
[in]operationThe mbedtls_psa_sign_hash_interruptible_operation_t to abort.
Return values
PSA_SUCCESSThe operation was aborted successfully.

◆ mbedtls_psa_sign_hash_complete()

psa_status_t mbedtls_psa_sign_hash_complete ( mbedtls_psa_sign_hash_interruptible_operation_t operation,
uint8_t signature,
size_t  signature_size,
size_t *  signature_length 
)

Continue and eventually complete the action of signing a hash or short message with a private key, in an interruptible manner.

Note
The signature of this function is that of a PSA driver sign_hash_complete entry point. This function behaves as a sign_hash_complete entry point as defined in the PSA driver interface specification for transparent drivers.
Parameters
[in]operationThe mbedtls_psa_sign_hash_interruptible_operation_t to use. This must be initialized first.
[out]signatureBuffer where the signature is to be written.
signature_sizeSize of the signature buffer in bytes. This must be appropriate for the selected algorithm and key.
[out]signature_lengthOn success, the number of bytes that make up the returned signature value.
Return values
PSA_SUCCESSOperation completed successfully
PSA_OPERATION_INCOMPLETEOperation was interrupted due to the setting of psa_interruptible_set_max_ops(), there is still work to be done, please call this function again with the same operation object.
PSA_ERROR_BUFFER_TOO_SMALLThe size of the signature buffer is too small. You can determine a sufficient buffer size by calling PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) where key_type and key_bits are the type and bit-size respectively of key.
PSA_ERROR_NOT_SUPPORTED\emptydescription
PSA_ERROR_INVALID_ARGUMENT\emptydescription
PSA_ERROR_INSUFFICIENT_MEMORY\emptydescription
PSA_ERROR_CORRUPTION_DETECTED\emptydescription
PSA_ERROR_INSUFFICIENT_ENTROPY\emptydescription

◆ mbedtls_psa_sign_hash_get_num_ops()

uint32_t mbedtls_psa_sign_hash_get_num_ops ( const mbedtls_psa_sign_hash_interruptible_operation_t operation)

Get the number of ops that a hash signing operation has taken for the previous call.

If no call or work has taken place, this will return zero.

Note
The signature of this function is that of a PSA driver sign_hash_get_num_ops entry point. This function behaves as an sign_hash_get_num_ops entry point as defined in the PSA driver interface specification for transparent drivers.
Parameters
operationThe mbedtls_psa_sign_hash_interruptible_operation_t to use. This must be initialized first.
Returns
Number of ops that were completed in the last call to mbedtls_psa_sign_hash_complete().

◆ mbedtls_psa_sign_hash_start()

psa_status_t mbedtls_psa_sign_hash_start ( mbedtls_psa_sign_hash_interruptible_operation_t operation,
const psa_key_attributes_t attributes,
const uint8_t key_buffer,
size_t  key_buffer_size,
psa_algorithm_t  alg,
const uint8_t hash,
size_t  hash_length 
)

Start signing a hash or short message with a private key, in an interruptible manner.

Note
The signature of this function is that of a PSA driver sign_hash_start entry point. This function behaves as a sign_hash_start entry point as defined in the PSA driver interface specification for transparent drivers.
Parameters
[in]operationThe mbedtls_psa_sign_hash_interruptible_operation_t to use. This must be initialized first.
[in]attributesThe attributes of the key to use for the operation.
[in]key_bufferThe buffer containing the key context.
[in]key_buffer_sizeSize of the key_buffer buffer in bytes.
[in]algA signature algorithm that is compatible with the type of the key.
[in]hashThe hash or message to sign.
hash_lengthSize of the hash buffer in bytes.
Return values
PSA_SUCCESSThe operation started successfully - call psa_sign_hash_complete() with the same context to complete the operation
PSA_ERROR_INVALID_ARGUMENTAn unsupported, incorrectly formatted or incorrect type of key was used.
PSA_ERROR_NOT_SUPPORTEDEither no internal interruptible operations are currently supported, or the key type is currently unsupported.
PSA_ERROR_INSUFFICIENT_MEMORYThere was insufficient memory to load the key representation.

◆ mbedtls_psa_verify_hash_abort()

psa_status_t mbedtls_psa_verify_hash_abort ( mbedtls_psa_verify_hash_interruptible_operation_t operation)

Abort a verify signed hash operation.

Note
The signature of this function is that of a PSA driver verify_hash_abort entry point. This function behaves as a verify_hash_abort entry point as defined in the PSA driver interface specification for transparent drivers.
Parameters
[in]operationThe mbedtls_psa_verify_hash_interruptible_operation_t to abort.
Return values
PSA_SUCCESSThe operation was aborted successfully.

◆ mbedtls_psa_verify_hash_complete()

psa_status_t mbedtls_psa_verify_hash_complete ( mbedtls_psa_verify_hash_interruptible_operation_t operation)

Continue and eventually complete the action of signing a hash or short message with a private key, in an interruptible manner.

Note
The signature of this function is that of a PSA driver sign_hash_complete entry point. This function behaves as a sign_hash_complete entry point as defined in the PSA driver interface specification for transparent drivers.
Parameters
[in]operationThe mbedtls_psa_sign_hash_interruptible_operation_t to use. This must be initialized first.
Return values
PSA_SUCCESSOperation completed successfully, and the passed signature is valid.
PSA_OPERATION_INCOMPLETEOperation was interrupted due to the setting of psa_interruptible_set_max_ops(), there is still work to be done, please call this function again with the same operation object.
PSA_ERROR_INVALID_SIGNATUREThe calculation was performed successfully, but the passed signature is not a valid signature.
PSA_ERROR_NOT_SUPPORTED\emptydescription
PSA_ERROR_INVALID_ARGUMENT\emptydescription
PSA_ERROR_INSUFFICIENT_MEMORY\emptydescription

◆ mbedtls_psa_verify_hash_get_num_ops()

uint32_t mbedtls_psa_verify_hash_get_num_ops ( const mbedtls_psa_verify_hash_interruptible_operation_t operation)

Get the number of ops that a hash verification operation has taken for the previous call.

If no call or work has taken place, this will return zero.

Note
The signature of this function is that of a PSA driver verify_hash_get_num_ops entry point. This function behaves as an verify_hash_get_num_ops entry point as defined in the PSA driver interface specification for transparent drivers.
Parameters
operationThe mbedtls_psa_verify_hash_interruptible_operation_t to use. This must be initialized first.
Returns
Number of ops that were completed in the last call to mbedtls_psa_verify_hash_complete().

◆ mbedtls_psa_verify_hash_start()

psa_status_t mbedtls_psa_verify_hash_start ( mbedtls_psa_verify_hash_interruptible_operation_t operation,
const psa_key_attributes_t attributes,
const uint8_t key_buffer,
size_t  key_buffer_size,
psa_algorithm_t  alg,
const uint8_t hash,
size_t  hash_length,
const uint8_t signature,
size_t  signature_length 
)

Start reading and verifying a hash or short message, in an interruptible manner.

Note
The signature of this function is that of a PSA driver verify_hash_start entry point. This function behaves as a verify_hash_start entry point as defined in the PSA driver interface specification for transparent drivers.
Parameters
[in]operationThe mbedtls_psa_verify_hash_interruptible_operation_t to use. This must be initialized first.
[in]attributesThe attributes of the key to use for the operation.
[in]key_bufferThe buffer containing the key context.
[in]key_buffer_sizeSize of the key_buffer buffer in bytes.
[in]algA signature algorithm that is compatible with the type of the key.
[in]hashThe hash whose signature is to be verified.
hash_lengthSize of the hash buffer in bytes.
[in]signatureBuffer containing the signature to verify.
signature_lengthSize of the signature buffer in bytes.
Return values
PSA_SUCCESSThe operation started successfully - call psa_sign_hash_complete() with the same context to complete the operation
PSA_ERROR_INVALID_ARGUMENTAn unsupported or incorrect type of key was used.
PSA_ERROR_NOT_SUPPORTEDEither no internal interruptible operations are currently supported, or the key type is currently unsupported.
PSA_ERROR_INSUFFICIENT_MEMORYThere was insufficient memory either to load the key representation, or to prepare the operation.

◆ mbedtls_to_psa_error()

psa_status_t mbedtls_to_psa_error ( int  ret)

Convert an Mbed TLS error code to a PSA error code.

Note
This function is provided solely for the convenience of Mbed TLS and may be removed at any time without notice.
Parameters
retAn Mbed TLS-thrown error code
Returns
The corresponding PSA error code

◆ psa_allocate_buffer_to_slot()

psa_status_t psa_allocate_buffer_to_slot ( psa_key_slot_t slot,
size_t  buffer_length 
)

Try to allocate a buffer to an empty key slot.

Parameters
[in,out]slotKey slot to attach buffer to.
[in]buffer_lengthRequested size of the buffer.
Return values
PSA_SUCCESSThe buffer has been successfully allocated.
PSA_ERROR_INSUFFICIENT_MEMORYNot enough memory was available for allocation.
PSA_ERROR_ALREADY_EXISTSTrying to allocate a buffer to a non-empty key slot.

◆ psa_can_do_cipher()

int psa_can_do_cipher ( psa_key_type_t  key_type,
psa_algorithm_t  cipher_alg 
)

Tell if PSA is ready for this cipher.

Note
For now, only checks the state of the driver subsystem, not the algorithm. Might do more in the future.
Parameters
cipher_algThe cipher algorithm (ignored for now).
Returns
1 if the driver subsytem is ready, 0 otherwise.

◆ psa_can_do_hash()

int psa_can_do_hash ( psa_algorithm_t  hash_alg)

Tell if PSA is ready for this hash.

Note
For now, only checks the state of the driver subsystem, not the algorithm. Might do more in the future.
Parameters
hash_algThe hash algorithm (ignored for now).
Returns
1 if the driver subsytem is ready, 0 otherwise.

◆ psa_copy_key_material_into_slot()

psa_status_t psa_copy_key_material_into_slot ( psa_key_slot_t slot,
const uint8_t data,
size_t  data_length 
)

Copy key data (in export format) into an empty key slot.

This function assumes that the slot does not contain any key material yet. On failure, the slot content is unchanged.

Parameters
[in,out]slotKey slot to copy the key into.
[in]dataBuffer containing the key material.
data_lengthSize of the key buffer.
Return values
PSA_SUCCESSThe key has been copied successfully.
PSA_ERROR_INSUFFICIENT_MEMORYNot enough memory was available for allocation of the copy buffer.
PSA_ERROR_ALREADY_EXISTSThere was other key material already present in the slot.

◆ psa_crypto_local_input_alloc()

psa_status_t psa_crypto_local_input_alloc ( const uint8_t input,
size_t  input_len,
psa_crypto_local_input_t local_input 
)

Allocate a local copy of an input buffer and copy the contents into it.

Parameters
[in]inputPointer to input buffer.
[in]input_lenLength of the input buffer.
[out]local_inputPointer to a psa_crypto_local_input_t struct containing a local input copy.
Returns
PSA_SUCCESS, if the buffer was successfully copied.
PSA_ERROR_INSUFFICIENT_MEMORY, if a copy of the buffer cannot be allocated.

◆ psa_crypto_local_input_free()

void psa_crypto_local_input_free ( psa_crypto_local_input_t local_input)

Free a local copy of an input buffer.

Parameters
[in]local_inputPointer to a psa_crypto_local_input_t struct populated by a previous call to psa_crypto_local_input_alloc().

◆ psa_crypto_local_output_alloc()

psa_status_t psa_crypto_local_output_alloc ( uint8_t output,
size_t  output_len,
psa_crypto_local_output_t local_output 
)

Allocate a local copy of an output buffer.

Note
This does not copy any data from the original output buffer but only allocates a buffer whose contents will be copied back to the original in a future call to psa_crypto_local_output_free().
Parameters
[in]outputPointer to output buffer.
[in]output_lenLength of the output buffer.
[out]local_outputPointer to a psa_crypto_local_output_t struct to populate with the local output copy.
Returns
PSA_SUCCESS, if the buffer was successfully copied.
PSA_ERROR_INSUFFICIENT_MEMORY, if a copy of the buffer cannot be allocated.

◆ psa_crypto_local_output_free()

psa_status_t psa_crypto_local_output_free ( psa_crypto_local_output_t local_output)

Copy from a local copy of an output buffer back to the original, then free the local copy.

Parameters
[in]local_outputPointer to a psa_crypto_local_output_t struct populated by a previous call to psa_crypto_local_output_alloc().
Returns
PSA_SUCCESS, if the local output was successfully copied back to the original.
PSA_ERROR_CORRUPTION_DETECTED, if the output could not be copied back to the original.

◆ psa_export_key_internal()

psa_status_t psa_export_key_internal ( const psa_key_attributes_t attributes,
const uint8_t key_buffer,
size_t  key_buffer_size,
uint8_t data,
size_t  data_size,
size_t *  data_length 
)

Export a key in binary format.

Note
The signature of this function is that of a PSA driver export_key entry point. This function behaves as an export_key entry point as defined in the PSA driver interface specification.
Parameters
[in]attributesThe attributes for the key to export.
[in]key_bufferMaterial or context of the key to export.
[in]key_buffer_sizeSize of the key_buffer buffer in bytes.
[out]dataBuffer where the key data is to be written.
[in]data_sizeSize of the data buffer in bytes.
[out]data_lengthOn success, the number of bytes written in data
Return values
PSA_SUCCESSThe key was exported successfully.
PSA_ERROR_NOT_SUPPORTED\emptydescription
PSA_ERROR_COMMUNICATION_FAILURE\emptydescription
PSA_ERROR_HARDWARE_FAILURE\emptydescription
PSA_ERROR_CORRUPTION_DETECTED\emptydescription
PSA_ERROR_STORAGE_FAILURE\emptydescription
PSA_ERROR_INSUFFICIENT_MEMORY\emptydescription

◆ psa_export_public_key_internal()

psa_status_t psa_export_public_key_internal ( const psa_key_attributes_t attributes,
const uint8_t key_buffer,
size_t  key_buffer_size,
uint8_t data,
size_t  data_size,
size_t *  data_length 
)

Export a public key or the public part of a key pair in binary format.

Note
The signature of this function is that of a PSA driver export_public_key entry point. This function behaves as an export_public_key entry point as defined in the PSA driver interface specification.
Parameters
[in]attributesThe attributes for the key to export.
[in]key_bufferMaterial or context of the key to export.
[in]key_buffer_sizeSize of the key_buffer buffer in bytes.
[out]dataBuffer where the key data is to be written.
[in]data_sizeSize of the data buffer in bytes.
[out]data_lengthOn success, the number of bytes written in data
Return values
PSA_SUCCESSThe public key was exported successfully.
PSA_ERROR_NOT_SUPPORTED\emptydescription
PSA_ERROR_COMMUNICATION_FAILURE\emptydescription
PSA_ERROR_HARDWARE_FAILURE\emptydescription
PSA_ERROR_CORRUPTION_DETECTED\emptydescription
PSA_ERROR_STORAGE_FAILURE\emptydescription
PSA_ERROR_INSUFFICIENT_MEMORY\emptydescription

◆ psa_generate_key_internal()

psa_status_t psa_generate_key_internal ( const psa_key_attributes_t attributes,
const psa_key_production_parameters_t params,
size_t  params_data_length,
uint8_t key_buffer,
size_t  key_buffer_size,
size_t *  key_buffer_length 
)

Generate a key.

Note
The signature of the function is that of a PSA driver generate_key entry point.
Parameters
[in]attributesThe attributes for the key to generate.
[in]paramsThe production parameters from psa_generate_key_ext().
params_data_lengthThe size of `params->data` in bytes.
[out]key_bufferBuffer where the key data is to be written.
[in]key_buffer_sizeSize of key_buffer in bytes.
[out]key_buffer_lengthOn success, the number of bytes written in key_buffer.
Return values
PSA_SUCCESSThe key was generated successfully.
PSA_ERROR_INVALID_ARGUMENT\emptydescription
PSA_ERROR_NOT_SUPPORTEDKey size in bits or type not supported.
PSA_ERROR_BUFFER_TOO_SMALLThe size of key_buffer is too small.

◆ psa_import_key_into_slot()

psa_status_t psa_import_key_into_slot ( const psa_key_attributes_t attributes,
const uint8_t data,
size_t  data_length,
uint8_t key_buffer,
size_t  key_buffer_size,
size_t *  key_buffer_length,
size_t *  bits 
)

Import a key in binary format.

Note
The signature of this function is that of a PSA driver import_key entry point. This function behaves as an import_key entry point as defined in the PSA driver interface specification for transparent drivers.
Parameters
[in]attributesThe attributes for the key to import.
[in]dataThe buffer containing the key data in import format.
[in]data_lengthSize of the data buffer in bytes.
[out]key_bufferThe buffer to contain the key data in output format upon successful return.
[in]key_buffer_sizeSize of the key_buffer buffer in bytes. This size is greater or equal to data_length.
[out]key_buffer_lengthThe length of the data written in key_buffer in bytes.
[out]bitsThe key size in number of bits.
Return values
PSA_SUCCESSThe key was imported successfully.
PSA_ERROR_INVALID_ARGUMENTThe key data is not correctly formatted.
PSA_ERROR_NOT_SUPPORTED\emptydescription
PSA_ERROR_INSUFFICIENT_MEMORY\emptydescription
PSA_ERROR_CORRUPTION_DETECTED\emptydescription

◆ psa_key_agreement_raw_builtin()

psa_status_t psa_key_agreement_raw_builtin ( const psa_key_attributes_t attributes,
const uint8_t key_buffer,
size_t  key_buffer_size,
psa_algorithm_t  alg,
const uint8_t peer_key,
size_t  peer_key_length,
uint8_t shared_secret,
size_t  shared_secret_size,
size_t *  shared_secret_length 
)

Perform a key agreement and return the raw shared secret, using built-in raw key agreement functions.

Note
The signature of this function is that of a PSA driver key_agreement entry point. This function behaves as a key_agreement entry point as defined in the PSA driver interface specification for transparent drivers.
Parameters
[in]attributesThe attributes of the key to use for the operation.
[in]key_bufferThe buffer containing the private key context.
[in]key_buffer_sizeSize of the key_buffer buffer in bytes.
[in]algA key agreement algorithm that is compatible with the type of the key.
[in]peer_keyThe buffer containing the key context of the peer's public key.
[in]peer_key_lengthSize of the peer_key buffer in bytes.
[out]shared_secretThe buffer to which the shared secret is to be written.
[in]shared_secret_sizeSize of the shared_secret buffer in bytes.
[out]shared_secret_lengthOn success, the number of bytes that make up the returned shared secret.
Return values
PSA_SUCCESSSuccess. Shared secret successfully calculated.
PSA_ERROR_INVALID_HANDLE\emptydescription
PSA_ERROR_NOT_PERMITTED\emptydescription
PSA_ERROR_INVALID_ARGUMENTalg is not a key agreement algorithm, or private_key is not compatible with alg, or peer_key is not valid for alg or not compatible with private_key.
PSA_ERROR_BUFFER_TOO_SMALLshared_secret_size is too small
PSA_ERROR_NOT_SUPPORTEDalg is not a supported key agreement algorithm.
PSA_ERROR_INSUFFICIENT_MEMORY\emptydescription
PSA_ERROR_COMMUNICATION_FAILURE\emptydescription
PSA_ERROR_HARDWARE_FAILURE\emptydescription
PSA_ERROR_CORRUPTION_DETECTED\emptydescription
PSA_ERROR_STORAGE_FAILURE\emptydescription
PSA_ERROR_BAD_STATE\emptydescription

◆ psa_key_production_parameters_are_default()

int psa_key_production_parameters_are_default ( const psa_key_production_parameters_t params,
size_t  params_data_length 
)

Whether a key production parameters structure is the default.

Calls to a key generation driver with non-default production parameters require a driver supporting custom production parameters.

Parameters
[in]paramsThe key production parameters to check.
params_data_lengthSize of `params->data` in bytes.

◆ psa_key_slot_has_readers()

static int psa_key_slot_has_readers ( const psa_key_slot_t slot)
inlinestatic

Test whether a key slot has any registered readers.

If multi-threading is enabled, the caller must hold the global key slot mutex.

Parameters
[in]slotThe key slot to test.
Returns
1 if the slot has any registered readers, 0 otherwise.

Definition at line 170 of file psa_crypto_core.h.

References psa_key_slot_t::registered_readers.

◆ psa_remove_key_data_from_memory()

psa_status_t psa_remove_key_data_from_memory ( psa_key_slot_t slot)

Wipe key data from a slot.

Preserves metadata such as the policy.

◆ psa_sign_hash_builtin()

psa_status_t psa_sign_hash_builtin ( const psa_key_attributes_t attributes,
const uint8_t key_buffer,
size_t  key_buffer_size,
psa_algorithm_t  alg,
const uint8_t hash,
size_t  hash_length,
uint8_t signature,
size_t  signature_size,
size_t *  signature_length 
)

Sign an already-calculated hash with a private key.

Note
The signature of this function is that of a PSA driver sign_hash entry point. This function behaves as a sign_hash entry point as defined in the PSA driver interface specification for transparent drivers.
Parameters
[in]attributesThe attributes of the key to use for the operation.
[in]key_bufferThe buffer containing the key context.
[in]key_buffer_sizeSize of the key_buffer buffer in bytes.
[in]algA signature algorithm that is compatible with the type of the key.
[in]hashThe hash or message to sign.
[in]hash_lengthSize of the hash buffer in bytes.
[out]signatureBuffer where the signature is to be written.
[in]signature_sizeSize of the signature buffer in bytes.
[out]signature_lengthOn success, the number of bytes that make up the returned signature value.
Return values
PSA_SUCCESS\emptydescription
PSA_ERROR_BUFFER_TOO_SMALLThe size of the signature buffer is too small. You can determine a sufficient buffer size by calling PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) where key_type and key_bits are the type and bit-size respectively of the key.
PSA_ERROR_NOT_SUPPORTED\emptydescription
PSA_ERROR_INVALID_ARGUMENT\emptydescription
PSA_ERROR_INSUFFICIENT_MEMORY\emptydescription
PSA_ERROR_CORRUPTION_DETECTED\emptydescription
PSA_ERROR_INSUFFICIENT_ENTROPY\emptydescription

◆ psa_sign_message_builtin()

psa_status_t psa_sign_message_builtin ( const psa_key_attributes_t attributes,
const uint8_t key_buffer,
size_t  key_buffer_size,
psa_algorithm_t  alg,
const uint8_t input,
size_t  input_length,
uint8_t signature,
size_t  signature_size,
size_t *  signature_length 
)

Sign a message with a private key.

For hash-and-sign algorithms, this includes the hashing step.

Note
The signature of this function is that of a PSA driver sign_message entry point. This function behaves as a sign_message entry point as defined in the PSA driver interface specification for transparent drivers.
This function will call the driver for psa_sign_hash and go through driver dispatch again.
Parameters
[in]attributesThe attributes of the key to use for the operation.
[in]key_bufferThe buffer containing the key context.
[in]key_buffer_sizeSize of the key_buffer buffer in bytes.
[in]algA signature algorithm that is compatible with the type of the key.
[in]inputThe input message to sign.
[in]input_lengthSize of the input buffer in bytes.
[out]signatureBuffer where the signature is to be written.
[in]signature_sizeSize of the signature buffer in bytes.
[out]signature_lengthOn success, the number of bytes that make up the returned signature value.
Return values
PSA_SUCCESS\emptydescription
PSA_ERROR_BUFFER_TOO_SMALLThe size of the signature buffer is too small. You can determine a sufficient buffer size by calling PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) where key_type and key_bits are the type and bit-size respectively of the key.
PSA_ERROR_NOT_SUPPORTED\emptydescription
PSA_ERROR_INVALID_ARGUMENT\emptydescription
PSA_ERROR_INSUFFICIENT_MEMORY\emptydescription
PSA_ERROR_CORRUPTION_DETECTED\emptydescription
PSA_ERROR_INSUFFICIENT_ENTROPY\emptydescription

◆ psa_validate_unstructured_key_bit_size()

psa_status_t psa_validate_unstructured_key_bit_size ( psa_key_type_t  type,
size_t  bits 
)

Validate the key bit size for unstructured keys.

Note
Check that the bit size is acceptable for a given key type for unstructured keys.
Parameters
[in]typeThe key type
[in]bitsThe number of bits of the key
Return values
PSA_SUCCESSThe key type and size are valid.
PSA_ERROR_INVALID_ARGUMENTThe size in bits of the key is not valid.
PSA_ERROR_NOT_SUPPORTEDThe type and/or the size in bits of the key or the combination of the two is not supported.

◆ psa_verify_hash_builtin()

psa_status_t psa_verify_hash_builtin ( const psa_key_attributes_t attributes,
const uint8_t key_buffer,
size_t  key_buffer_size,
psa_algorithm_t  alg,
const uint8_t hash,
size_t  hash_length,
const uint8_t signature,
size_t  signature_length 
)

Verify the signature a hash or short message using a public key.

Note
The signature of this function is that of a PSA driver verify_hash entry point. This function behaves as a verify_hash entry point as defined in the PSA driver interface specification for transparent drivers.
Parameters
[in]attributesThe attributes of the key to use for the operation.
[in]key_bufferThe buffer containing the key context.
[in]key_buffer_sizeSize of the key_buffer buffer in bytes.
[in]algA signature algorithm that is compatible with the type of the key.
[in]hashThe hash or message whose signature is to be verified.
[in]hash_lengthSize of the hash buffer in bytes.
[in]signatureBuffer containing the signature to verify.
[in]signature_lengthSize of the signature buffer in bytes.
Return values
PSA_SUCCESSThe signature is valid.
PSA_ERROR_INVALID_SIGNATUREThe calculation was performed successfully, but the passed signature is not a valid signature.
PSA_ERROR_NOT_SUPPORTED\emptydescription
PSA_ERROR_INVALID_ARGUMENT\emptydescription
PSA_ERROR_INSUFFICIENT_MEMORY\emptydescription

◆ psa_verify_message_builtin()

psa_status_t psa_verify_message_builtin ( const psa_key_attributes_t attributes,
const uint8_t key_buffer,
size_t  key_buffer_size,
psa_algorithm_t  alg,
const uint8_t input,
size_t  input_length,
const uint8_t signature,
size_t  signature_length 
)

Verify the signature of a message with a public key, using a hash-and-sign verification algorithm.

Note
The signature of this function is that of a PSA driver verify_message entry point. This function behaves as a verify_message entry point as defined in the PSA driver interface specification for transparent drivers.
This function will call the driver for psa_verify_hash and go through driver dispatch again.
Parameters
[in]attributesThe attributes of the key to use for the operation.
[in]key_bufferThe buffer containing the key context.
[in]key_buffer_sizeSize of the key_buffer buffer in bytes.
[in]algA signature algorithm that is compatible with the type of the key.
[in]inputThe message whose signature is to be verified.
[in]input_lengthSize of the input buffer in bytes.
[in]signatureBuffer containing the signature to verify.
[in]signature_lengthSize of the signature buffer in bytes.
Return values
PSA_SUCCESSThe signature is valid.
PSA_ERROR_INVALID_SIGNATUREThe calculation was performed successfully, but the passed signature is not a valid signature.
PSA_ERROR_NOT_SUPPORTED\emptydescription
PSA_ERROR_INVALID_ARGUMENT\emptydescription
PSA_ERROR_INSUFFICIENT_MEMORY\emptydescription

◆ psa_wipe_key_slot()

psa_status_t psa_wipe_key_slot ( psa_key_slot_t slot)

Completely wipe a slot in memory, including its policy.

Persistent storage is not affected. Sets the slot's state to PSA_SLOT_EMPTY. If multi-threading is enabled, the caller must hold the global key slot mutex.

Parameters
[in,out]slotThe key slot to wipe.
Return values
PSA_SUCCESSThe slot has been successfully wiped.
PSA_ERROR_CORRUPTION_DETECTEDThe slot's state was PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION, and the amount of registered readers was not equal to 1. Or, the slot's state was PSA_SLOT_EMPTY. Or, the slot's state was PSA_SLOT_FILLING, and the amount of registered readers was not equal to 0.
Modified on Wed Apr 24 14:19:57 2024 by modify_doxy.py rev. 669887