NCBI C++ ToolKit
|
Go to the source code of this file.
Go to the SVN repository for this file.
Classes | |
struct | psa_key_slot_t |
The data structure representing a key slot, containing key material and metadata for one key. More... | |
struct | psa_key_slot_t::key_data |
struct | psa_crypto_local_input_s |
struct | psa_crypto_local_output_s |
Macros | |
#define | PSA_CRYPTO_LOCAL_INPUT_INIT ((psa_crypto_local_input_t) { NULL, 0 }) |
#define | PSA_CRYPTO_LOCAL_OUTPUT_INIT ((psa_crypto_local_output_t) { NULL, NULL, 0 }) |
Typedefs | |
typedef struct psa_crypto_local_input_s | psa_crypto_local_input_t |
typedef struct psa_crypto_local_output_s | psa_crypto_local_output_t |
Enumerations | |
enum | psa_key_slot_state_t { PSA_SLOT_EMPTY = 0 , PSA_SLOT_FILLING , PSA_SLOT_FULL , PSA_SLOT_PENDING_DELETION } |
Functions | |
int | psa_can_do_hash (psa_algorithm_t hash_alg) |
Tell if PSA is ready for this hash. More... | |
int | psa_can_do_cipher (psa_key_type_t key_type, psa_algorithm_t cipher_alg) |
Tell if PSA is ready for this cipher. More... | |
static int | psa_key_slot_has_readers (const psa_key_slot_t *slot) |
Test whether a key slot has any registered readers. More... | |
psa_status_t | psa_wipe_key_slot (psa_key_slot_t *slot) |
Completely wipe a slot in memory, including its policy. More... | |
psa_status_t | psa_allocate_buffer_to_slot (psa_key_slot_t *slot, size_t buffer_length) |
Try to allocate a buffer to an empty key slot. More... | |
psa_status_t | psa_remove_key_data_from_memory (psa_key_slot_t *slot) |
Wipe key data from a slot. More... | |
psa_status_t | psa_copy_key_material_into_slot (psa_key_slot_t *slot, const uint8_t *data, size_t data_length) |
Copy key data (in export format) into an empty key slot. More... | |
psa_status_t | mbedtls_to_psa_error (int ret) |
Convert an Mbed TLS error code to a PSA error code. More... | |
psa_status_t | psa_import_key_into_slot (const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length, size_t *bits) |
Import a key in binary format. More... | |
psa_status_t | psa_export_key_internal (const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length) |
Export a key in binary format. More... | |
psa_status_t | psa_export_public_key_internal (const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length) |
Export a public key or the public part of a key pair in binary format. More... | |
int | psa_custom_key_parameters_are_default (const psa_custom_key_parameters_t *custom, size_t custom_data_length) |
Whether a key custom production parameters structure is the default. More... | |
psa_status_t | psa_generate_key_internal (const psa_key_attributes_t *attributes, const psa_custom_key_parameters_t *custom, const uint8_t *custom_data, size_t custom_data_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) |
Generate a key. More... | |
psa_status_t | psa_sign_message_builtin (const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *signature, size_t signature_size, size_t *signature_length) |
Sign a message with a private key. More... | |
psa_status_t | psa_verify_message_builtin (const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *signature, size_t signature_length) |
Verify the signature of a message with a public key, using a hash-and-sign verification algorithm. More... | |
psa_status_t | psa_sign_hash_builtin (const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length) |
Sign an already-calculated hash with a private key. More... | |
psa_status_t | psa_verify_hash_builtin (const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length) |
Verify the signature a hash or short message using a public key. More... | |
psa_status_t | psa_validate_unstructured_key_bit_size (psa_key_type_t type, size_t bits) |
Validate the key bit size for unstructured keys. More... | |
psa_status_t | psa_key_agreement_raw_builtin (const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *peer_key, size_t peer_key_length, uint8_t *shared_secret, size_t shared_secret_size, size_t *shared_secret_length) |
Perform a key agreement and return the raw shared secret, using built-in raw key agreement functions. More... | |
void | mbedtls_psa_interruptible_set_max_ops (uint32_t max_ops) |
Set the maximum number of ops allowed to be executed by an interruptible function in a single call. More... | |
uint32_t | mbedtls_psa_interruptible_get_max_ops (void) |
Get the maximum number of ops allowed to be executed by an interruptible function in a single call. More... | |
uint32_t | mbedtls_psa_sign_hash_get_num_ops (const mbedtls_psa_sign_hash_interruptible_operation_t *operation) |
Get the number of ops that a hash signing operation has taken for the previous call. More... | |
uint32_t | mbedtls_psa_verify_hash_get_num_ops (const mbedtls_psa_verify_hash_interruptible_operation_t *operation) |
Get the number of ops that a hash verification operation has taken for the previous call. More... | |
psa_status_t | mbedtls_psa_sign_hash_start (mbedtls_psa_sign_hash_interruptible_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length) |
Start signing a hash or short message with a private key, in an interruptible manner. More... | |
psa_status_t | mbedtls_psa_sign_hash_complete (mbedtls_psa_sign_hash_interruptible_operation_t *operation, uint8_t *signature, size_t signature_size, size_t *signature_length) |
Continue and eventually complete the action of signing a hash or short message with a private key, in an interruptible manner. More... | |
psa_status_t | mbedtls_psa_sign_hash_abort (mbedtls_psa_sign_hash_interruptible_operation_t *operation) |
Abort a sign hash operation. More... | |
psa_status_t | mbedtls_psa_verify_hash_start (mbedtls_psa_verify_hash_interruptible_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length) |
Start reading and verifying a hash or short message, in an interruptible manner. More... | |
psa_status_t | mbedtls_psa_verify_hash_complete (mbedtls_psa_verify_hash_interruptible_operation_t *operation) |
Continue and eventually complete the action of signing a hash or short message with a private key, in an interruptible manner. More... | |
psa_status_t | mbedtls_psa_verify_hash_abort (mbedtls_psa_verify_hash_interruptible_operation_t *operation) |
Abort a verify signed hash operation. More... | |
psa_status_t | psa_crypto_local_input_alloc (const uint8_t *input, size_t input_len, psa_crypto_local_input_t *local_input) |
Allocate a local copy of an input buffer and copy the contents into it. More... | |
void | psa_crypto_local_input_free (psa_crypto_local_input_t *local_input) |
Free a local copy of an input buffer. More... | |
psa_status_t | psa_crypto_local_output_alloc (uint8_t *output, size_t output_len, psa_crypto_local_output_t *local_output) |
Allocate a local copy of an output buffer. More... | |
psa_status_t | psa_crypto_local_output_free (psa_crypto_local_output_t *local_output) |
Copy from a local copy of an output buffer back to the original, then free the local copy. More... | |
#define PSA_CRYPTO_LOCAL_INPUT_INIT ((psa_crypto_local_input_t) { NULL, 0 }) |
Definition at line 938 of file psa_crypto_core.h.
#define PSA_CRYPTO_LOCAL_OUTPUT_INIT ((psa_crypto_local_output_t) { NULL, NULL, 0 }) |
Definition at line 968 of file psa_crypto_core.h.
typedef struct psa_crypto_local_input_s psa_crypto_local_input_t |
typedef struct psa_crypto_local_output_s psa_crypto_local_output_t |
enum psa_key_slot_state_t |
Enumerator | |
---|---|
PSA_SLOT_EMPTY | |
PSA_SLOT_FILLING | |
PSA_SLOT_FULL | |
PSA_SLOT_PENDING_DELETION |
Definition at line 51 of file psa_crypto_core.h.
uint32_t mbedtls_psa_interruptible_get_max_ops | ( | void | ) |
Get the maximum number of ops allowed to be executed by an interruptible function in a single call.
void mbedtls_psa_interruptible_set_max_ops | ( | uint32_t | max_ops | ) |
Set the maximum number of ops allowed to be executed by an interruptible function in a single call.
[in] | max_ops | The maximum number of ops to be executed in a single call, this can be a number from 0 to PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED, where 0 is obviously the least amount of work done per call. |
psa_status_t mbedtls_psa_sign_hash_abort | ( | mbedtls_psa_sign_hash_interruptible_operation_t * | operation | ) |
Abort a sign hash operation.
[in] | operation | The mbedtls_psa_sign_hash_interruptible_operation_t to abort. |
PSA_SUCCESS | The operation was aborted successfully. |
psa_status_t mbedtls_psa_sign_hash_complete | ( | mbedtls_psa_sign_hash_interruptible_operation_t * | operation, |
uint8_t * | signature, | ||
size_t | signature_size, | ||
size_t * | signature_length | ||
) |
Continue and eventually complete the action of signing a hash or short message with a private key, in an interruptible manner.
[in] | operation | The mbedtls_psa_sign_hash_interruptible_operation_t to use. This must be initialized first. |
[out] | signature | Buffer where the signature is to be written. |
signature_size | Size of the signature buffer in bytes. This must be appropriate for the selected algorithm and key. | |
[out] | signature_length | On success, the number of bytes that make up the returned signature value. |
PSA_SUCCESS | Operation completed successfully |
PSA_OPERATION_INCOMPLETE | Operation was interrupted due to the setting of psa_interruptible_set_max_ops() , there is still work to be done, please call this function again with the same operation object. |
PSA_ERROR_BUFFER_TOO_SMALL | The size of the signature buffer is too small. You can determine a sufficient buffer size by calling PSA_SIGN_OUTPUT_SIZE(key_type , key_bits , alg ) where key_type and key_bits are the type and bit-size respectively of key . |
PSA_ERROR_NOT_SUPPORTED | \emptydescription |
PSA_ERROR_INVALID_ARGUMENT | \emptydescription |
PSA_ERROR_INSUFFICIENT_MEMORY | \emptydescription |
PSA_ERROR_CORRUPTION_DETECTED | \emptydescription |
PSA_ERROR_INSUFFICIENT_ENTROPY | \emptydescription |
uint32_t mbedtls_psa_sign_hash_get_num_ops | ( | const mbedtls_psa_sign_hash_interruptible_operation_t * | operation | ) |
Get the number of ops that a hash signing operation has taken for the previous call.
If no call or work has taken place, this will return zero.
operation | The mbedtls_psa_sign_hash_interruptible_operation_t to use. This must be initialized first. |
mbedtls_psa_sign_hash_complete()
. psa_status_t mbedtls_psa_sign_hash_start | ( | mbedtls_psa_sign_hash_interruptible_operation_t * | operation, |
const psa_key_attributes_t * | attributes, | ||
const uint8_t * | key_buffer, | ||
size_t | key_buffer_size, | ||
psa_algorithm_t | alg, | ||
const uint8_t * | hash, | ||
size_t | hash_length | ||
) |
Start signing a hash or short message with a private key, in an interruptible manner.
[in] | operation | The mbedtls_psa_sign_hash_interruptible_operation_t to use. This must be initialized first. |
[in] | attributes | The attributes of the key to use for the operation. |
[in] | key_buffer | The buffer containing the key context. |
[in] | key_buffer_size | Size of the key_buffer buffer in bytes. |
[in] | alg | A signature algorithm that is compatible with the type of the key. |
[in] | hash | The hash or message to sign. |
hash_length | Size of the hash buffer in bytes. |
PSA_SUCCESS | The operation started successfully - call psa_sign_hash_complete() with the same context to complete the operation |
PSA_ERROR_INVALID_ARGUMENT | An unsupported, incorrectly formatted or incorrect type of key was used. |
PSA_ERROR_NOT_SUPPORTED | Either no internal interruptible operations are currently supported, or the key type is currently unsupported. |
PSA_ERROR_INSUFFICIENT_MEMORY | There was insufficient memory to load the key representation. |
psa_status_t mbedtls_psa_verify_hash_abort | ( | mbedtls_psa_verify_hash_interruptible_operation_t * | operation | ) |
Abort a verify signed hash operation.
[in] | operation | The mbedtls_psa_verify_hash_interruptible_operation_t to abort. |
PSA_SUCCESS | The operation was aborted successfully. |
psa_status_t mbedtls_psa_verify_hash_complete | ( | mbedtls_psa_verify_hash_interruptible_operation_t * | operation | ) |
Continue and eventually complete the action of signing a hash or short message with a private key, in an interruptible manner.
[in] | operation | The mbedtls_psa_sign_hash_interruptible_operation_t to use. This must be initialized first. |
PSA_SUCCESS | Operation completed successfully, and the passed signature is valid. |
PSA_OPERATION_INCOMPLETE | Operation was interrupted due to the setting of psa_interruptible_set_max_ops() , there is still work to be done, please call this function again with the same operation object. |
PSA_ERROR_INVALID_SIGNATURE | The calculation was performed successfully, but the passed signature is not a valid signature. |
PSA_ERROR_NOT_SUPPORTED | \emptydescription |
PSA_ERROR_INVALID_ARGUMENT | \emptydescription |
PSA_ERROR_INSUFFICIENT_MEMORY | \emptydescription |
uint32_t mbedtls_psa_verify_hash_get_num_ops | ( | const mbedtls_psa_verify_hash_interruptible_operation_t * | operation | ) |
Get the number of ops that a hash verification operation has taken for the previous call.
If no call or work has taken place, this will return zero.
operation | The mbedtls_psa_verify_hash_interruptible_operation_t to use. This must be initialized first. |
mbedtls_psa_verify_hash_complete()
. psa_status_t mbedtls_psa_verify_hash_start | ( | mbedtls_psa_verify_hash_interruptible_operation_t * | operation, |
const psa_key_attributes_t * | attributes, | ||
const uint8_t * | key_buffer, | ||
size_t | key_buffer_size, | ||
psa_algorithm_t | alg, | ||
const uint8_t * | hash, | ||
size_t | hash_length, | ||
const uint8_t * | signature, | ||
size_t | signature_length | ||
) |
Start reading and verifying a hash or short message, in an interruptible manner.
[in] | operation | The mbedtls_psa_verify_hash_interruptible_operation_t to use. This must be initialized first. |
[in] | attributes | The attributes of the key to use for the operation. |
[in] | key_buffer | The buffer containing the key context. |
[in] | key_buffer_size | Size of the key_buffer buffer in bytes. |
[in] | alg | A signature algorithm that is compatible with the type of the key. |
[in] | hash | The hash whose signature is to be verified. |
hash_length | Size of the hash buffer in bytes. | |
[in] | signature | Buffer containing the signature to verify. |
signature_length | Size of the signature buffer in bytes. |
PSA_SUCCESS | The operation started successfully - call psa_sign_hash_complete() with the same context to complete the operation |
PSA_ERROR_INVALID_ARGUMENT | An unsupported or incorrect type of key was used. |
PSA_ERROR_NOT_SUPPORTED | Either no internal interruptible operations are currently supported, or the key type is currently unsupported. |
PSA_ERROR_INSUFFICIENT_MEMORY | There was insufficient memory either to load the key representation, or to prepare the operation. |
psa_status_t mbedtls_to_psa_error | ( | int | ret | ) |
Convert an Mbed TLS error code to a PSA error code.
ret | An Mbed TLS-thrown error code |
psa_status_t psa_allocate_buffer_to_slot | ( | psa_key_slot_t * | slot, |
size_t | buffer_length | ||
) |
Try to allocate a buffer to an empty key slot.
[in,out] | slot | Key slot to attach buffer to. |
[in] | buffer_length | Requested size of the buffer. |
PSA_SUCCESS | The buffer has been successfully allocated. |
PSA_ERROR_INSUFFICIENT_MEMORY | Not enough memory was available for allocation. |
PSA_ERROR_ALREADY_EXISTS | Trying to allocate a buffer to a non-empty key slot. |
int psa_can_do_cipher | ( | psa_key_type_t | key_type, |
psa_algorithm_t | cipher_alg | ||
) |
Tell if PSA is ready for this cipher.
cipher_alg | The cipher algorithm (ignored for now). |
int psa_can_do_hash | ( | psa_algorithm_t | hash_alg | ) |
Tell if PSA is ready for this hash.
hash_alg | The hash algorithm (ignored for now). |
psa_status_t psa_copy_key_material_into_slot | ( | psa_key_slot_t * | slot, |
const uint8_t * | data, | ||
size_t | data_length | ||
) |
Copy key data (in export format) into an empty key slot.
This function assumes that the slot does not contain any key material yet. On failure, the slot content is unchanged.
[in,out] | slot | Key slot to copy the key into. |
[in] | data | Buffer containing the key material. |
data_length | Size of the key buffer. |
PSA_SUCCESS | The key has been copied successfully. |
PSA_ERROR_INSUFFICIENT_MEMORY | Not enough memory was available for allocation of the copy buffer. |
PSA_ERROR_ALREADY_EXISTS | There was other key material already present in the slot. |
psa_status_t psa_crypto_local_input_alloc | ( | const uint8_t * | input, |
size_t | input_len, | ||
psa_crypto_local_input_t * | local_input | ||
) |
Allocate a local copy of an input buffer and copy the contents into it.
[in] | input | Pointer to input buffer. |
[in] | input_len | Length of the input buffer. |
[out] | local_input | Pointer to a psa_crypto_local_input_t struct containing a local input copy. |
void psa_crypto_local_input_free | ( | psa_crypto_local_input_t * | local_input | ) |
Free a local copy of an input buffer.
[in] | local_input | Pointer to a psa_crypto_local_input_t struct populated by a previous call to psa_crypto_local_input_alloc(). |
psa_status_t psa_crypto_local_output_alloc | ( | uint8_t * | output, |
size_t | output_len, | ||
psa_crypto_local_output_t * | local_output | ||
) |
Allocate a local copy of an output buffer.
[in] | output | Pointer to output buffer. |
[in] | output_len | Length of the output buffer. |
[out] | local_output | Pointer to a psa_crypto_local_output_t struct to populate with the local output copy. |
psa_status_t psa_crypto_local_output_free | ( | psa_crypto_local_output_t * | local_output | ) |
Copy from a local copy of an output buffer back to the original, then free the local copy.
[in] | local_output | Pointer to a psa_crypto_local_output_t struct populated by a previous call to psa_crypto_local_output_alloc(). |
int psa_custom_key_parameters_are_default | ( | const psa_custom_key_parameters_t * | custom, |
size_t | custom_data_length | ||
) |
Whether a key custom production parameters structure is the default.
Calls to a key generation driver with non-default custom production parameters require a driver supporting custom production parameters.
[in] | custom | The key custom production parameters to check. |
custom_data_length | Size of the associated variable-length data in bytes. |
psa_status_t psa_export_key_internal | ( | const psa_key_attributes_t * | attributes, |
const uint8_t * | key_buffer, | ||
size_t | key_buffer_size, | ||
uint8_t * | data, | ||
size_t | data_size, | ||
size_t * | data_length | ||
) |
Export a key in binary format.
[in] | attributes | The attributes for the key to export. |
[in] | key_buffer | Material or context of the key to export. |
[in] | key_buffer_size | Size of the key_buffer buffer in bytes. |
[out] | data | Buffer where the key data is to be written. |
[in] | data_size | Size of the data buffer in bytes. |
[out] | data_length | On success, the number of bytes written in data |
PSA_SUCCESS | The key was exported successfully. |
PSA_ERROR_NOT_SUPPORTED | \emptydescription |
PSA_ERROR_COMMUNICATION_FAILURE | \emptydescription |
PSA_ERROR_HARDWARE_FAILURE | \emptydescription |
PSA_ERROR_CORRUPTION_DETECTED | \emptydescription |
PSA_ERROR_STORAGE_FAILURE | \emptydescription |
PSA_ERROR_INSUFFICIENT_MEMORY | \emptydescription |
psa_status_t psa_export_public_key_internal | ( | const psa_key_attributes_t * | attributes, |
const uint8_t * | key_buffer, | ||
size_t | key_buffer_size, | ||
uint8_t * | data, | ||
size_t | data_size, | ||
size_t * | data_length | ||
) |
Export a public key or the public part of a key pair in binary format.
[in] | attributes | The attributes for the key to export. |
[in] | key_buffer | Material or context of the key to export. |
[in] | key_buffer_size | Size of the key_buffer buffer in bytes. |
[out] | data | Buffer where the key data is to be written. |
[in] | data_size | Size of the data buffer in bytes. |
[out] | data_length | On success, the number of bytes written in data |
PSA_SUCCESS | The public key was exported successfully. |
PSA_ERROR_NOT_SUPPORTED | \emptydescription |
PSA_ERROR_COMMUNICATION_FAILURE | \emptydescription |
PSA_ERROR_HARDWARE_FAILURE | \emptydescription |
PSA_ERROR_CORRUPTION_DETECTED | \emptydescription |
PSA_ERROR_STORAGE_FAILURE | \emptydescription |
PSA_ERROR_INSUFFICIENT_MEMORY | \emptydescription |
psa_status_t psa_generate_key_internal | ( | const psa_key_attributes_t * | attributes, |
const psa_custom_key_parameters_t * | custom, | ||
const uint8_t * | custom_data, | ||
size_t | custom_data_length, | ||
uint8_t * | key_buffer, | ||
size_t | key_buffer_size, | ||
size_t * | key_buffer_length | ||
) |
Generate a key.
[in] | attributes | The attributes for the key to generate. |
[in] | custom | Custom parameters for the key generation. |
[in] | custom_data | Variable-length data associated with custom . |
custom_data_length | Length of `custom_data` in bytes. | |
[out] | key_buffer | Buffer where the key data is to be written. |
[in] | key_buffer_size | Size of key_buffer in bytes. |
[out] | key_buffer_length | On success, the number of bytes written in key_buffer . |
PSA_SUCCESS | The key was generated successfully. |
PSA_ERROR_INVALID_ARGUMENT | \emptydescription |
PSA_ERROR_NOT_SUPPORTED | Key size in bits or type not supported. |
PSA_ERROR_BUFFER_TOO_SMALL | The size of key_buffer is too small. |
psa_status_t psa_import_key_into_slot | ( | const psa_key_attributes_t * | attributes, |
const uint8_t * | data, | ||
size_t | data_length, | ||
uint8_t * | key_buffer, | ||
size_t | key_buffer_size, | ||
size_t * | key_buffer_length, | ||
size_t * | bits | ||
) |
Import a key in binary format.
[in] | attributes | The attributes for the key to import. |
[in] | data | The buffer containing the key data in import format. |
[in] | data_length | Size of the data buffer in bytes. |
[out] | key_buffer | The buffer to contain the key data in output format upon successful return. |
[in] | key_buffer_size | Size of the key_buffer buffer in bytes. This size is greater or equal to data_length . |
[out] | key_buffer_length | The length of the data written in key_buffer in bytes. |
[out] | bits | The key size in number of bits. |
PSA_SUCCESS | The key was imported successfully. |
PSA_ERROR_INVALID_ARGUMENT | The key data is not correctly formatted. |
PSA_ERROR_NOT_SUPPORTED | \emptydescription |
PSA_ERROR_INSUFFICIENT_MEMORY | \emptydescription |
PSA_ERROR_CORRUPTION_DETECTED | \emptydescription |
psa_status_t psa_key_agreement_raw_builtin | ( | const psa_key_attributes_t * | attributes, |
const uint8_t * | key_buffer, | ||
size_t | key_buffer_size, | ||
psa_algorithm_t | alg, | ||
const uint8_t * | peer_key, | ||
size_t | peer_key_length, | ||
uint8_t * | shared_secret, | ||
size_t | shared_secret_size, | ||
size_t * | shared_secret_length | ||
) |
Perform a key agreement and return the raw shared secret, using built-in raw key agreement functions.
[in] | attributes | The attributes of the key to use for the operation. |
[in] | key_buffer | The buffer containing the private key context. |
[in] | key_buffer_size | Size of the key_buffer buffer in bytes. |
[in] | alg | A key agreement algorithm that is compatible with the type of the key. |
[in] | peer_key | The buffer containing the key context of the peer's public key. |
[in] | peer_key_length | Size of the peer_key buffer in bytes. |
[out] | shared_secret | The buffer to which the shared secret is to be written. |
[in] | shared_secret_size | Size of the shared_secret buffer in bytes. |
[out] | shared_secret_length | On success, the number of bytes that make up the returned shared secret. |
PSA_SUCCESS | Success. Shared secret successfully calculated. |
PSA_ERROR_INVALID_HANDLE | \emptydescription |
PSA_ERROR_NOT_PERMITTED | \emptydescription |
PSA_ERROR_INVALID_ARGUMENT | alg is not a key agreement algorithm, or private_key is not compatible with alg , or peer_key is not valid for alg or not compatible with private_key . |
PSA_ERROR_BUFFER_TOO_SMALL | shared_secret_size is too small |
PSA_ERROR_NOT_SUPPORTED | alg is not a supported key agreement algorithm. |
PSA_ERROR_INSUFFICIENT_MEMORY | \emptydescription |
PSA_ERROR_COMMUNICATION_FAILURE | \emptydescription |
PSA_ERROR_HARDWARE_FAILURE | \emptydescription |
PSA_ERROR_CORRUPTION_DETECTED | \emptydescription |
PSA_ERROR_STORAGE_FAILURE | \emptydescription |
PSA_ERROR_BAD_STATE | \emptydescription |
|
inlinestatic |
Test whether a key slot has any registered readers.
If multi-threading is enabled, the caller must hold the global key slot mutex.
[in] | slot | The key slot to test. |
Definition at line 214 of file psa_crypto_core.h.
References psa_key_slot_t::occupied, and psa_key_slot_t::var.
psa_status_t psa_remove_key_data_from_memory | ( | psa_key_slot_t * | slot | ) |
Wipe key data from a slot.
Preserves metadata such as the policy.
psa_status_t psa_sign_hash_builtin | ( | const psa_key_attributes_t * | attributes, |
const uint8_t * | key_buffer, | ||
size_t | key_buffer_size, | ||
psa_algorithm_t | alg, | ||
const uint8_t * | hash, | ||
size_t | hash_length, | ||
uint8_t * | signature, | ||
size_t | signature_size, | ||
size_t * | signature_length | ||
) |
Sign an already-calculated hash with a private key.
[in] | attributes | The attributes of the key to use for the operation. |
[in] | key_buffer | The buffer containing the key context. |
[in] | key_buffer_size | Size of the key_buffer buffer in bytes. |
[in] | alg | A signature algorithm that is compatible with the type of the key. |
[in] | hash | The hash or message to sign. |
[in] | hash_length | Size of the hash buffer in bytes. |
[out] | signature | Buffer where the signature is to be written. |
[in] | signature_size | Size of the signature buffer in bytes. |
[out] | signature_length | On success, the number of bytes that make up the returned signature value. |
PSA_SUCCESS | \emptydescription |
PSA_ERROR_BUFFER_TOO_SMALL | The size of the signature buffer is too small. You can determine a sufficient buffer size by calling PSA_SIGN_OUTPUT_SIZE(key_type , key_bits , alg ) where key_type and key_bits are the type and bit-size respectively of the key. |
PSA_ERROR_NOT_SUPPORTED | \emptydescription |
PSA_ERROR_INVALID_ARGUMENT | \emptydescription |
PSA_ERROR_INSUFFICIENT_MEMORY | \emptydescription |
PSA_ERROR_CORRUPTION_DETECTED | \emptydescription |
PSA_ERROR_INSUFFICIENT_ENTROPY | \emptydescription |
psa_status_t psa_sign_message_builtin | ( | const psa_key_attributes_t * | attributes, |
const uint8_t * | key_buffer, | ||
size_t | key_buffer_size, | ||
psa_algorithm_t | alg, | ||
const uint8_t * | input, | ||
size_t | input_length, | ||
uint8_t * | signature, | ||
size_t | signature_size, | ||
size_t * | signature_length | ||
) |
Sign a message with a private key.
For hash-and-sign algorithms, this includes the hashing step.
[in] | attributes | The attributes of the key to use for the operation. |
[in] | key_buffer | The buffer containing the key context. |
[in] | key_buffer_size | Size of the key_buffer buffer in bytes. |
[in] | alg | A signature algorithm that is compatible with the type of the key. |
[in] | input | The input message to sign. |
[in] | input_length | Size of the input buffer in bytes. |
[out] | signature | Buffer where the signature is to be written. |
[in] | signature_size | Size of the signature buffer in bytes. |
[out] | signature_length | On success, the number of bytes that make up the returned signature value. |
PSA_SUCCESS | \emptydescription |
PSA_ERROR_BUFFER_TOO_SMALL | The size of the signature buffer is too small. You can determine a sufficient buffer size by calling PSA_SIGN_OUTPUT_SIZE(key_type , key_bits , alg ) where key_type and key_bits are the type and bit-size respectively of the key. |
PSA_ERROR_NOT_SUPPORTED | \emptydescription |
PSA_ERROR_INVALID_ARGUMENT | \emptydescription |
PSA_ERROR_INSUFFICIENT_MEMORY | \emptydescription |
PSA_ERROR_CORRUPTION_DETECTED | \emptydescription |
PSA_ERROR_INSUFFICIENT_ENTROPY | \emptydescription |
psa_status_t psa_validate_unstructured_key_bit_size | ( | psa_key_type_t | type, |
size_t | bits | ||
) |
Validate the key bit size for unstructured keys.
[in] | type | The key type |
[in] | bits | The number of bits of the key |
PSA_SUCCESS | The key type and size are valid. |
PSA_ERROR_INVALID_ARGUMENT | The size in bits of the key is not valid. |
PSA_ERROR_NOT_SUPPORTED | The type and/or the size in bits of the key or the combination of the two is not supported. |
psa_status_t psa_verify_hash_builtin | ( | const psa_key_attributes_t * | attributes, |
const uint8_t * | key_buffer, | ||
size_t | key_buffer_size, | ||
psa_algorithm_t | alg, | ||
const uint8_t * | hash, | ||
size_t | hash_length, | ||
const uint8_t * | signature, | ||
size_t | signature_length | ||
) |
Verify the signature a hash or short message using a public key.
[in] | attributes | The attributes of the key to use for the operation. |
[in] | key_buffer | The buffer containing the key context. |
[in] | key_buffer_size | Size of the key_buffer buffer in bytes. |
[in] | alg | A signature algorithm that is compatible with the type of the key. |
[in] | hash | The hash or message whose signature is to be verified. |
[in] | hash_length | Size of the hash buffer in bytes. |
[in] | signature | Buffer containing the signature to verify. |
[in] | signature_length | Size of the signature buffer in bytes. |
PSA_SUCCESS | The signature is valid. |
PSA_ERROR_INVALID_SIGNATURE | The calculation was performed successfully, but the passed signature is not a valid signature. |
PSA_ERROR_NOT_SUPPORTED | \emptydescription |
PSA_ERROR_INVALID_ARGUMENT | \emptydescription |
PSA_ERROR_INSUFFICIENT_MEMORY | \emptydescription |
psa_status_t psa_verify_message_builtin | ( | const psa_key_attributes_t * | attributes, |
const uint8_t * | key_buffer, | ||
size_t | key_buffer_size, | ||
psa_algorithm_t | alg, | ||
const uint8_t * | input, | ||
size_t | input_length, | ||
const uint8_t * | signature, | ||
size_t | signature_length | ||
) |
Verify the signature of a message with a public key, using a hash-and-sign verification algorithm.
[in] | attributes | The attributes of the key to use for the operation. |
[in] | key_buffer | The buffer containing the key context. |
[in] | key_buffer_size | Size of the key_buffer buffer in bytes. |
[in] | alg | A signature algorithm that is compatible with the type of the key. |
[in] | input | The message whose signature is to be verified. |
[in] | input_length | Size of the input buffer in bytes. |
[in] | signature | Buffer containing the signature to verify. |
[in] | signature_length | Size of the signature buffer in bytes. |
PSA_SUCCESS | The signature is valid. |
PSA_ERROR_INVALID_SIGNATURE | The calculation was performed successfully, but the passed signature is not a valid signature. |
PSA_ERROR_NOT_SUPPORTED | \emptydescription |
PSA_ERROR_INVALID_ARGUMENT | \emptydescription |
PSA_ERROR_INSUFFICIENT_MEMORY | \emptydescription |
psa_status_t psa_wipe_key_slot | ( | psa_key_slot_t * | slot | ) |
Completely wipe a slot in memory, including its policy.
Persistent storage is not affected. Sets the slot's state to PSA_SLOT_EMPTY. If multi-threading is enabled, the caller must hold the global key slot mutex.
[in,out] | slot | The key slot to wipe. |
PSA_SUCCESS | The slot has been successfully wiped. |
PSA_ERROR_CORRUPTION_DETECTED | The slot's state was PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION, and the amount of registered readers was not equal to 1. Or, the slot's state was PSA_SLOT_EMPTY. Or, the slot's state was PSA_SLOT_FILLING, and the amount of registered readers was not equal to 0. |