Mbed TLS v4.0.0
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
crypto_extra.h
Go to the documentation of this file.
1 
11 /*
12  * Copyright The Mbed TLS Contributors
13  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
14  */
15 
16 #ifndef PSA_CRYPTO_EXTRA_H
17 #define PSA_CRYPTO_EXTRA_H
18 #include "mbedtls/private_access.h"
19 
20 #include "crypto_types.h"
21 #include "crypto_compat.h"
22 #include "crypto_values.h"
23 
24 #ifdef __cplusplus
25 extern "C" {
26 #endif
27 
28 /* UID for secure storage seed */
29 #define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52
30 
31 /* See mbedtls_config.h for definition */
32 #if !defined(MBEDTLS_PSA_KEY_SLOT_COUNT)
33 #define MBEDTLS_PSA_KEY_SLOT_COUNT 32
34 #endif
35 
36 /* If the size of static key slots is not explicitly defined by the user, then
37  * set it to the maximum between PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE and
38  * PSA_CIPHER_MAX_KEY_LENGTH.
39  * See mbedtls_config.h for the definition. */
40 #if !defined(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE)
41 #define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE \
42  ((PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE > PSA_CIPHER_MAX_KEY_LENGTH) ? \
43  PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE : PSA_CIPHER_MAX_KEY_LENGTH)
44 #endif /* !MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*/
45 
69 static inline void psa_set_key_enrollment_algorithm(
70  psa_key_attributes_t *attributes,
71  psa_algorithm_t alg2)
72 {
73  attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) = alg2;
74 }
75 
82 static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
83  const psa_key_attributes_t *attributes)
84 {
85  return attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2);
86 }
87 
100 void mbedtls_psa_crypto_free(void);
101 
108 typedef struct mbedtls_psa_stats_s {
110  size_t MBEDTLS_PRIVATE(volatile_slots);
113  size_t MBEDTLS_PRIVATE(persistent_slots);
116  size_t MBEDTLS_PRIVATE(external_slots);
119  size_t MBEDTLS_PRIVATE(half_filled_slots);
121  size_t MBEDTLS_PRIVATE(cache_slots);
123  size_t MBEDTLS_PRIVATE(empty_slots);
125  size_t MBEDTLS_PRIVATE(locked_slots);
127  psa_key_id_t MBEDTLS_PRIVATE(max_open_internal_key_id);
129  psa_key_id_t MBEDTLS_PRIVATE(max_open_external_key_id);
130 } mbedtls_psa_stats_t;
131 
139 void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats);
140 
152 #define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t) 0x4002)
153 
170 #define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t) 0x7002)
171 
173 #define PSA_KEY_TYPE_IS_DSA(type) \
174  (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY)
175 
176 #define PSA_ALG_DSA_BASE ((psa_algorithm_t) 0x06000400)
177 
191 #define PSA_ALG_DSA(hash_alg) \
192  (PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
193 #define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t) 0x06000500)
194 #define PSA_ALG_DSA_DETERMINISTIC_FLAG PSA_ALG_ECDSA_DETERMINISTIC_FLAG
195 
209 #define PSA_ALG_DETERMINISTIC_DSA(hash_alg) \
210  (PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
211 #define PSA_ALG_IS_DSA(alg) \
212  (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == \
213  PSA_ALG_DSA_BASE)
214 #define PSA_ALG_DSA_IS_DETERMINISTIC(alg) \
215  (((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)
216 #define PSA_ALG_IS_DETERMINISTIC_DSA(alg) \
217  (PSA_ALG_IS_DSA(alg) && PSA_ALG_DSA_IS_DETERMINISTIC(alg))
218 #define PSA_ALG_IS_RANDOMIZED_DSA(alg) \
219  (PSA_ALG_IS_DSA(alg) && !PSA_ALG_DSA_IS_DETERMINISTIC(alg))
220 
221 
222 /* We need to expand the sample definition of this macro from
223  * the API definition. */
224 #undef PSA_ALG_IS_VENDOR_HASH_AND_SIGN
225 #define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) \
226  PSA_ALG_IS_DSA(alg)
227 
235 #define PSA_PAKE_OPERATION_STAGE_SETUP 0
236 #define PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS 1
237 #define PSA_PAKE_OPERATION_STAGE_COMPUTATION 2
238 
246 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
247 
286 psa_status_t mbedtls_psa_external_get_random(
287  mbedtls_psa_external_random_context_t *context,
288  uint8_t *output, size_t output_size, size_t *output_length);
289 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
290 
308 #define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ((psa_key_id_t) 0x7fff0000)
309 
315 #define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ((psa_key_id_t) 0x7fffefff)
316 
321 typedef uint64_t psa_drv_slot_number_t;
322 
323 #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
324 
333 static inline int psa_key_id_is_builtin(psa_key_id_t key_id)
334 {
335  return (key_id >= MBEDTLS_PSA_KEY_ID_BUILTIN_MIN) &&
336  (key_id <= MBEDTLS_PSA_KEY_ID_BUILTIN_MAX);
337 }
338 
383 psa_status_t mbedtls_psa_platform_get_builtin_key(
384  mbedtls_svc_key_id_t key_id,
385  psa_key_lifetime_t *lifetime,
386  psa_drv_slot_number_t *slot_number);
387 #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
388 
409 #define PSA_ALG_CATEGORY_PAKE ((psa_algorithm_t) 0x0a000000)
410 
420 #define PSA_ALG_IS_PAKE(alg) \
421  (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_PAKE)
422 
423 #define PSA_ALG_JPAKE_BASE ((psa_algorithm_t) 0x0a000100)
424 
550 #define PSA_ALG_JPAKE(hash_alg) \
551  (PSA_ALG_JPAKE_BASE | ((hash_alg) & (PSA_ALG_HASH_MASK)))
552 
562 #define PSA_ALG_IS_JPAKE(alg) \
563  (((alg) & (~(PSA_ALG_HASH_MASK))) == PSA_ALG_JPAKE_BASE)
564 
565 #define PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY_BASE ((psa_key_type_t) 0x4400)
566 #define PSA_KEY_TYPE_SPAKE2P_KEY_PAIR_BASE ((psa_key_type_t) 0x7400)
567 
572 #define PSA_KEY_TYPE_SPAKE2P_KEY_PAIR(curve) \
573  (PSA_KEY_TYPE_SPAKE2P_KEY_PAIR_BASE | (curve))
574 
579 #define PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY(curve) \
580  (PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY_BASE | (curve))
581 
583 #define PSA_KEY_TYPE_IS_SPAKE2P_KEY_PAIR(type) \
584  (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
585  PSA_KEY_TYPE_SPAKE2P_KEY_PAIR_BASE)
586 
588 #define PSA_KEY_TYPE_IS_SPAKE2P_PUBLIC_KEY(type) \
589  (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
590  PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY_BASE)
591 
593 #define PSA_KEY_TYPE_IS_SPAKE2P(type) \
594  ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \
595  ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY_BASE)
596 
597 #define PSA_ALG_SPAKE2P_HMAC_BASE ((psa_algorithm_t) 0x0a000400)
598 
603 #define PSA_ALG_SPAKE2P_HMAC(hash_alg) \
604  (PSA_ALG_SPAKE2P_HMAC_BASE | ((hash_alg) & (PSA_ALG_HASH_MASK)))
605 #define PSA_ALG_IS_SPAKE2P_HMAC(alg) \
606  (((alg) & (~(PSA_ALG_HASH_MASK))) == PSA_ALG_SPAKE2P_HMAC_BASE)
607 
612 #define PSA_ALG_SPAKE2P_CMAC_BASE ((psa_algorithm_t) 0x0a000500)
613 #define PSA_ALG_SPAKE2P_CMAC(hash_alg) \
614  (PSA_ALG_SPAKE2P_CMAC_BASE | ((hash_alg) & (PSA_ALG_HASH_MASK)))
615 #define PSA_ALG_IS_SPAKE2P_CMAC(alg) \
616  (((alg) & (~(PSA_ALG_HASH_MASK))) == PSA_ALG_SPAKE2P_CMAC_BASE)
617 
622 #define PSA_ALG_SPAKE2P_MATTER ((psa_algorithm_t) 0x0a000609)
623 
634 #define PSA_ALG_IS_SPAKE2P(alg) \
635  (PSA_ALG_IS_SPAKE2P_HMAC(alg) || \
636  PSA_ALG_IS_SPAKE2P_CMAC(alg) || \
637  (alg) == PSA_ALG_SPAKE2P_MATTER)
638 
659 typedef uint8_t psa_pake_role_t;
660 
667 typedef uint8_t psa_pake_step_t;
668 
677 typedef uint8_t psa_pake_primitive_type_t;
678 
684 typedef uint8_t psa_pake_family_t;
685 
690 typedef uint32_t psa_pake_primitive_t;
691 
696 #define PSA_PAKE_ROLE_NONE ((psa_pake_role_t) 0x00)
697 
705 #define PSA_PAKE_ROLE_FIRST ((psa_pake_role_t) 0x01)
706 
714 #define PSA_PAKE_ROLE_SECOND ((psa_pake_role_t) 0x02)
715 
720 #define PSA_PAKE_ROLE_CLIENT ((psa_pake_role_t) 0x11)
721 
726 #define PSA_PAKE_ROLE_SERVER ((psa_pake_role_t) 0x12)
727 
746 #define PSA_PAKE_PRIMITIVE_TYPE_ECC ((psa_pake_primitive_type_t) 0x01)
747 
766 #define PSA_PAKE_PRIMITIVE_TYPE_DH ((psa_pake_primitive_type_t) 0x02)
767 
787 #define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits) \
788  (((pake_bits & 0xFFFF) != pake_bits) ? 0 : \
789  ((psa_pake_primitive_t) (((pake_type) << 24 | \
790  (pake_family) << 16) | (pake_bits))))
791 
804 #define PSA_PAKE_STEP_KEY_SHARE ((psa_pake_step_t) 0x01)
805 
821 #define PSA_PAKE_STEP_ZK_PUBLIC ((psa_pake_step_t) 0x02)
822 
842 #define PSA_PAKE_STEP_ZK_PROOF ((psa_pake_step_t) 0x03)
843 
852 #define PSA_PAKE_STEP_CONFIRM ((psa_pake_step_t) 0x04)
853 
876 #define PSA_PAKE_OUTPUT_SIZE(alg, primitive, output_step) \
877  (PSA_ALG_IS_JPAKE(alg) && \
878  primitive == PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, \
879  PSA_ECC_FAMILY_SECP_R1, 256) ? \
880  ( \
881  output_step == PSA_PAKE_STEP_KEY_SHARE ? 65 : \
882  output_step == PSA_PAKE_STEP_ZK_PUBLIC ? 65 : \
883  32 \
884  ) : \
885  0)
886 
906 #define PSA_PAKE_INPUT_SIZE(alg, primitive, input_step) \
907  (PSA_ALG_IS_JPAKE(alg) && \
908  primitive == PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, \
909  PSA_ECC_FAMILY_SECP_R1, 256) ? \
910  ( \
911  input_step == PSA_PAKE_STEP_KEY_SHARE ? 65 : \
912  input_step == PSA_PAKE_STEP_ZK_PUBLIC ? 65 : \
913  32 \
914  ) : \
915  0)
916 
927 #define PSA_PAKE_OUTPUT_MAX_SIZE 65
928 
939 #define PSA_PAKE_INPUT_MAX_SIZE 65
940 
944 #define PSA_PAKE_CIPHER_SUITE_INIT { PSA_ALG_NONE, 0, 0, 0, 0 }
945 
949 #if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
950 #define PSA_PAKE_OPERATION_INIT { 0 }
951 #else
952 #define PSA_PAKE_OPERATION_INIT { 0, PSA_ALG_NONE, 0, PSA_PAKE_OPERATION_STAGE_SETUP, \
953  { 0 }, { { 0 } } }
954 #endif
955 
965 #define PSA_PAKE_CONFIRMED_KEY 0
966 
979 #define PSA_PAKE_UNCONFIRMED_KEY 1
980 
981 struct psa_pake_cipher_suite_s {
982  psa_algorithm_t algorithm;
983  psa_pake_primitive_type_t type;
984  psa_pake_family_t family;
985  uint16_t bits;
986  uint32_t key_confirmation;
987 };
988 
989 struct psa_crypto_driver_pake_inputs_s {
990  uint8_t *MBEDTLS_PRIVATE(password);
991  size_t MBEDTLS_PRIVATE(password_len);
992  uint8_t *MBEDTLS_PRIVATE(user);
993  size_t MBEDTLS_PRIVATE(user_len);
994  uint8_t *MBEDTLS_PRIVATE(peer);
995  size_t MBEDTLS_PRIVATE(peer_len);
996  psa_key_attributes_t MBEDTLS_PRIVATE(attributes);
997  struct psa_pake_cipher_suite_s MBEDTLS_PRIVATE(cipher_suite);
998 };
999 
1000 typedef enum psa_crypto_driver_pake_step {
1001  PSA_JPAKE_STEP_INVALID = 0, /* Invalid step */
1002  PSA_JPAKE_X1_STEP_KEY_SHARE = 1, /* Round 1: input/output key share (for ephemeral private key X1).*/
1003  PSA_JPAKE_X1_STEP_ZK_PUBLIC = 2, /* Round 1: input/output Schnorr NIZKP public key for the X1 key */
1004  PSA_JPAKE_X1_STEP_ZK_PROOF = 3, /* Round 1: input/output Schnorr NIZKP proof for the X1 key */
1005  PSA_JPAKE_X2_STEP_KEY_SHARE = 4, /* Round 1: input/output key share (for ephemeral private key X2).*/
1006  PSA_JPAKE_X2_STEP_ZK_PUBLIC = 5, /* Round 1: input/output Schnorr NIZKP public key for the X2 key */
1007  PSA_JPAKE_X2_STEP_ZK_PROOF = 6, /* Round 1: input/output Schnorr NIZKP proof for the X2 key */
1008  PSA_JPAKE_X2S_STEP_KEY_SHARE = 7, /* Round 2: output X2S key (our key) */
1009  PSA_JPAKE_X2S_STEP_ZK_PUBLIC = 8, /* Round 2: output Schnorr NIZKP public key for the X2S key (our key) */
1010  PSA_JPAKE_X2S_STEP_ZK_PROOF = 9, /* Round 2: output Schnorr NIZKP proof for the X2S key (our key) */
1011  PSA_JPAKE_X4S_STEP_KEY_SHARE = 10, /* Round 2: input X4S key (from peer) */
1012  PSA_JPAKE_X4S_STEP_ZK_PUBLIC = 11, /* Round 2: input Schnorr NIZKP public key for the X4S key (from peer) */
1013  PSA_JPAKE_X4S_STEP_ZK_PROOF = 12 /* Round 2: input Schnorr NIZKP proof for the X4S key (from peer) */
1014 } psa_crypto_driver_pake_step_t;
1015 
1016 typedef enum psa_jpake_round {
1017  PSA_JPAKE_FIRST = 0,
1018  PSA_JPAKE_SECOND = 1,
1019  PSA_JPAKE_FINISHED = 2
1020 } psa_jpake_round_t;
1021 
1022 typedef enum psa_jpake_io_mode {
1023  PSA_JPAKE_INPUT = 0,
1024  PSA_JPAKE_OUTPUT = 1
1025 } psa_jpake_io_mode_t;
1026 
1027 struct psa_jpake_computation_stage_s {
1028  /* The J-PAKE round we are currently on */
1029  psa_jpake_round_t MBEDTLS_PRIVATE(round);
1030  /* The 'mode' we are currently in (inputting or outputting) */
1031  psa_jpake_io_mode_t MBEDTLS_PRIVATE(io_mode);
1032  /* The number of completed inputs so far this round */
1033  uint8_t MBEDTLS_PRIVATE(inputs);
1034  /* The number of completed outputs so far this round */
1035  uint8_t MBEDTLS_PRIVATE(outputs);
1036  /* The next expected step (KEY_SHARE, ZK_PUBLIC or ZK_PROOF) */
1037  psa_pake_step_t MBEDTLS_PRIVATE(step);
1038 };
1039 
1040 #define PSA_JPAKE_EXPECTED_INPUTS(round) ((round) == PSA_JPAKE_FINISHED ? 0 : \
1041  ((round) == PSA_JPAKE_FIRST ? 2 : 1))
1042 #define PSA_JPAKE_EXPECTED_OUTPUTS(round) ((round) == PSA_JPAKE_FINISHED ? 0 : \
1043  ((round) == PSA_JPAKE_FIRST ? 2 : 1))
1044 
1045 struct psa_pake_operation_s {
1046 #if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
1047  mbedtls_psa_client_handle_t handle;
1048 #else
1049 
1055  unsigned int MBEDTLS_PRIVATE(id);
1056  /* Algorithm of the PAKE operation */
1057  psa_algorithm_t MBEDTLS_PRIVATE(alg);
1058  /* A primitive of type compatible with algorithm */
1059  psa_pake_primitive_t MBEDTLS_PRIVATE(primitive);
1060  /* Stage of the PAKE operation: waiting for the setup, collecting inputs
1061  * or computing. */
1062  uint8_t MBEDTLS_PRIVATE(stage);
1063  /* Holds computation stage of the PAKE algorithms. */
1064  union {
1065  uint8_t MBEDTLS_PRIVATE(dummy);
1066 #if defined(PSA_WANT_ALG_JPAKE)
1067  struct psa_jpake_computation_stage_s MBEDTLS_PRIVATE(jpake);
1068 #endif
1069  } MBEDTLS_PRIVATE(computation_stage);
1070  union {
1071  psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx);
1072  struct psa_crypto_driver_pake_inputs_s MBEDTLS_PRIVATE(inputs);
1073  } MBEDTLS_PRIVATE(data);
1074 #endif
1075 };
1076 
1087 typedef struct psa_pake_cipher_suite_s psa_pake_cipher_suite_t;
1088 
1091 static psa_pake_cipher_suite_t psa_pake_cipher_suite_init(void);
1092 
1099 static psa_algorithm_t psa_pake_cs_get_algorithm(
1100  const psa_pake_cipher_suite_t *cipher_suite);
1101 
1116 static void psa_pake_cs_set_algorithm(psa_pake_cipher_suite_t *cipher_suite,
1117  psa_algorithm_t algorithm);
1118 
1125 static psa_pake_primitive_t psa_pake_cs_get_primitive(
1126  const psa_pake_cipher_suite_t *cipher_suite);
1127 
1141 static void psa_pake_cs_set_primitive(psa_pake_cipher_suite_t *cipher_suite,
1142  psa_pake_primitive_t primitive);
1143 
1150 static psa_pake_family_t psa_pake_cs_get_family(
1151  const psa_pake_cipher_suite_t *cipher_suite);
1152 
1159 static uint16_t psa_pake_cs_get_bits(
1160  const psa_pake_cipher_suite_t *cipher_suite);
1161 
1169 static uint32_t psa_pake_cs_get_key_confirmation(const psa_pake_cipher_suite_t *cipher_suite);
1170 
1182 static void psa_pake_cs_set_key_confirmation(psa_pake_cipher_suite_t *cipher_suite,
1183  uint32_t key_confirmation);
1184 
1213 typedef struct psa_pake_operation_s psa_pake_operation_t;
1214 
1216 typedef struct psa_crypto_driver_pake_inputs_s psa_crypto_driver_pake_inputs_t;
1217 
1219 typedef struct psa_jpake_computation_stage_s psa_jpake_computation_stage_t;
1220 
1223 static psa_pake_operation_t psa_pake_operation_init(void);
1224 
1235 psa_status_t psa_crypto_driver_pake_get_password_len(
1236  const psa_crypto_driver_pake_inputs_t *inputs,
1237  size_t *password_len);
1238 
1251 psa_status_t psa_crypto_driver_pake_get_password(
1252  const psa_crypto_driver_pake_inputs_t *inputs,
1253  uint8_t *buffer, size_t buffer_size, size_t *buffer_length);
1254 
1265 psa_status_t psa_crypto_driver_pake_get_user_len(
1266  const psa_crypto_driver_pake_inputs_t *inputs,
1267  size_t *user_len);
1268 
1279 psa_status_t psa_crypto_driver_pake_get_peer_len(
1280  const psa_crypto_driver_pake_inputs_t *inputs,
1281  size_t *peer_len);
1282 
1297 psa_status_t psa_crypto_driver_pake_get_user(
1298  const psa_crypto_driver_pake_inputs_t *inputs,
1299  uint8_t *user_id, size_t user_id_size, size_t *user_id_len);
1300 
1315 psa_status_t psa_crypto_driver_pake_get_peer(
1316  const psa_crypto_driver_pake_inputs_t *inputs,
1317  uint8_t *peer_id, size_t peer_id_size, size_t *peer_id_length);
1318 
1329 psa_status_t psa_crypto_driver_pake_get_cipher_suite(
1330  const psa_crypto_driver_pake_inputs_t *inputs,
1331  psa_pake_cipher_suite_t *cipher_suite);
1332 
1431 psa_status_t psa_pake_setup(psa_pake_operation_t *operation,
1432  mbedtls_svc_key_id_t password_key,
1433  const psa_pake_cipher_suite_t *cipher_suite);
1434 
1476 psa_status_t psa_pake_set_user(psa_pake_operation_t *operation,
1477  const uint8_t *user_id,
1478  size_t user_id_len);
1479 
1522 psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation,
1523  const uint8_t *peer_id,
1524  size_t peer_id_len);
1525 
1564 psa_status_t psa_pake_set_role(psa_pake_operation_t *operation,
1565  psa_pake_role_t role);
1566 
1598 psa_status_t psa_pake_set_context(psa_pake_operation_t *operation,
1599  const uint8_t *context,
1600  size_t context_len);
1601 
1657 psa_status_t psa_pake_output(psa_pake_operation_t *operation,
1658  psa_pake_step_t step,
1659  uint8_t *output,
1660  size_t output_size,
1661  size_t *output_length);
1662 
1712 psa_status_t psa_pake_input(psa_pake_operation_t *operation,
1713  psa_pake_step_t step,
1714  const uint8_t *input,
1715  size_t input_length);
1716 
1842 psa_status_t psa_pake_get_shared_key(psa_pake_operation_t *operation,
1843  const psa_key_attributes_t *attributes,
1844  mbedtls_svc_key_id_t *key);
1845 
1870 psa_status_t psa_pake_abort(psa_pake_operation_t *operation);
1871 
1874 static inline psa_algorithm_t psa_pake_cs_get_algorithm(
1875  const psa_pake_cipher_suite_t *cipher_suite)
1876 {
1877  return cipher_suite->algorithm;
1878 }
1879 
1880 static inline void psa_pake_cs_set_algorithm(
1881  psa_pake_cipher_suite_t *cipher_suite,
1882  psa_algorithm_t algorithm)
1883 {
1884  if (!PSA_ALG_IS_PAKE(algorithm)) {
1885  cipher_suite->algorithm = 0;
1886  } else {
1887  cipher_suite->algorithm = algorithm;
1888  }
1889 }
1890 
1891 static inline psa_pake_primitive_t psa_pake_cs_get_primitive(
1892  const psa_pake_cipher_suite_t *cipher_suite)
1893 {
1894  return PSA_PAKE_PRIMITIVE(cipher_suite->type, cipher_suite->family,
1895  cipher_suite->bits);
1896 }
1897 
1898 static inline void psa_pake_cs_set_primitive(
1899  psa_pake_cipher_suite_t *cipher_suite,
1900  psa_pake_primitive_t primitive)
1901 {
1902  cipher_suite->type = (psa_pake_primitive_type_t) (primitive >> 24);
1903  cipher_suite->family = (psa_pake_family_t) (0xFF & (primitive >> 16));
1904  cipher_suite->bits = (uint16_t) (0xFFFF & primitive);
1905 }
1906 
1907 static inline psa_pake_family_t psa_pake_cs_get_family(
1908  const psa_pake_cipher_suite_t *cipher_suite)
1909 {
1910  return cipher_suite->family;
1911 }
1912 
1913 static inline uint16_t psa_pake_cs_get_bits(
1914  const psa_pake_cipher_suite_t *cipher_suite)
1915 {
1916  return cipher_suite->bits;
1917 }
1918 
1919 
1920 static inline uint32_t psa_pake_cs_get_key_confirmation(const psa_pake_cipher_suite_t *cipher_suite)
1921 {
1922  return cipher_suite->key_confirmation;
1923 }
1924 
1925 static inline void psa_pake_cs_set_key_confirmation(psa_pake_cipher_suite_t *cipher_suite,
1926  uint32_t key_confirmation)
1927 {
1928  cipher_suite->key_confirmation = key_confirmation;
1929 }
1930 
1931 static inline struct psa_pake_cipher_suite_s psa_pake_cipher_suite_init(void)
1932 {
1933  const struct psa_pake_cipher_suite_s v = PSA_PAKE_CIPHER_SUITE_INIT;
1934  return v;
1935 }
1936 
1937 static inline struct psa_pake_operation_s psa_pake_operation_init(void)
1938 {
1939  const struct psa_pake_operation_s v = PSA_PAKE_OPERATION_INIT;
1940  return v;
1941 }
1942 
1943 #ifdef __cplusplus
1944 }
1945 #endif
1946 
1947 #endif /* PSA_CRYPTO_EXTRA_H */
PSA_JPAKE_X2_STEP_ZK_PROOF
Definition: crypto_extra.h:1007
psa_pake_primitive_t
uint32_t psa_pake_primitive_t
Encoding of the primitive associated with the PAKE.
Definition: crypto_extra.h:690
psa_key_attributes_s
Definition: crypto_struct.h:260
psa_pake_step_t
uint8_t psa_pake_step_t
Definition: crypto_extra.h:667
psa_pake_cipher_suite_init
static psa_pake_cipher_suite_t psa_pake_cipher_suite_init(void)
Definition: crypto_extra.h:1931
psa_pake_output
psa_status_t psa_pake_output(psa_pake_operation_t *operation, psa_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length)
mbedtls_psa_crypto_free
void mbedtls_psa_crypto_free(void)
Library deinitialization.
psa_pake_set_role
psa_status_t psa_pake_set_role(psa_pake_operation_t *operation, psa_pake_role_t role)
psa_key_id_is_builtin
static int psa_key_id_is_builtin(psa_key_id_t key_id)
Definition: crypto_extra.h:333
PSA_JPAKE_X2S_STEP_ZK_PUBLIC
Definition: crypto_extra.h:1009
psa_pake_abort
psa_status_t psa_pake_abort(psa_pake_operation_t *operation)
crypto_compat.h
PSA cryptography module: Backward compatibility aliases.
psa_set_key_enrollment_algorithm
static void psa_set_key_enrollment_algorithm(psa_key_attributes_t *attributes, psa_algorithm_t alg2)
Declare the enrollment algorithm for a key.
Definition: crypto_extra.h:69
MBEDTLS_PSA_KEY_ID_BUILTIN_MIN
#define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN
Definition: crypto_extra.h:308
PSA_JPAKE_X2S_STEP_KEY_SHARE
Definition: crypto_extra.h:1008
psa_pake_cs_get_algorithm
static psa_algorithm_t psa_pake_cs_get_algorithm(const psa_pake_cipher_suite_t *cipher_suite)
Definition: crypto_extra.h:1874
psa_pake_cipher_suite_s::type
psa_pake_primitive_type_t type
Definition: crypto_extra.h:983
psa_pake_get_shared_key
psa_status_t psa_pake_get_shared_key(psa_pake_operation_t *operation, const psa_key_attributes_t *attributes, mbedtls_svc_key_id_t *key)
PSA_PAKE_OPERATION_INIT
#define PSA_PAKE_OPERATION_INIT
Definition: crypto_extra.h:952
crypto_types.h
PSA cryptography module: type aliases.
psa_pake_operation_s
Definition: crypto_extra.h:1045
psa_pake_cs_get_bits
static uint16_t psa_pake_cs_get_bits(const psa_pake_cipher_suite_t *cipher_suite)
Definition: crypto_extra.h:1913
PSA_ALG_IS_PAKE
#define PSA_ALG_IS_PAKE(alg)
Definition: crypto_extra.h:420
psa_pake_cipher_suite_s::bits
uint16_t bits
Definition: crypto_extra.h:985
psa_key_id_t
uint32_t psa_key_id_t
Definition: crypto_types.h:268
PSA_JPAKE_X2_STEP_ZK_PUBLIC
Definition: crypto_extra.h:1006
psa_crypto_driver_pake_inputs_s
Definition: crypto_extra.h:989
psa_jpake_round
psa_jpake_round
Definition: crypto_extra.h:1016
psa_crypto_driver_pake_get_user
psa_status_t psa_crypto_driver_pake_get_user(const psa_crypto_driver_pake_inputs_t *inputs, uint8_t *user_id, size_t user_id_size, size_t *user_id_len)
PSA_JPAKE_X1_STEP_ZK_PROOF
Definition: crypto_extra.h:1004
mbedtls_psa_get_stats
void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats)
Get statistics about resource consumption related to the PSA keystore.
mbedtls_psa_stats_t
struct mbedtls_psa_stats_s mbedtls_psa_stats_t
Statistics about resource consumption related to the PSA keystore.
psa_crypto_driver_pake_get_peer_len
psa_status_t psa_crypto_driver_pake_get_peer_len(const psa_crypto_driver_pake_inputs_t *inputs, size_t *peer_len)
psa_pake_cs_set_primitive
static void psa_pake_cs_set_primitive(psa_pake_cipher_suite_t *cipher_suite, psa_pake_primitive_t primitive)
Definition: crypto_extra.h:1898
mbedtls_psa_platform_get_builtin_key
psa_status_t mbedtls_psa_platform_get_builtin_key(mbedtls_svc_key_id_t key_id, psa_key_lifetime_t *lifetime, psa_drv_slot_number_t *slot_number)
psa_pake_cs_set_key_confirmation
static void psa_pake_cs_set_key_confirmation(psa_pake_cipher_suite_t *cipher_suite, uint32_t key_confirmation)
Definition: crypto_extra.h:1925
PSA_PAKE_CIPHER_SUITE_INIT
#define PSA_PAKE_CIPHER_SUITE_INIT
Definition: crypto_extra.h:944
psa_pake_family_t
uint8_t psa_pake_family_t
Encoding of the family of the primitive associated with the PAKE.
Definition: crypto_extra.h:684
crypto_values.h
PSA cryptography module: macros to build and analyze integer values.
PSA_JPAKE_FIRST
Definition: crypto_extra.h:1017
psa_drv_slot_number_t
uint64_t psa_drv_slot_number_t
Definition: crypto_extra.h:321
mbedtls_psa_external_random_context_t
Definition: crypto_platform.h:79
psa_get_key_enrollment_algorithm
static psa_algorithm_t psa_get_key_enrollment_algorithm(const psa_key_attributes_t *attributes)
Definition: crypto_extra.h:82
mbedtls_svc_key_id_t
Definition: crypto_types.h:293
psa_crypto_driver_pake_get_password_len
psa_status_t psa_crypto_driver_pake_get_password_len(const psa_crypto_driver_pake_inputs_t *inputs, size_t *password_len)
psa_algorithm_t
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: crypto_types.h:127
psa_pake_cs_get_family
static psa_pake_family_t psa_pake_cs_get_family(const psa_pake_cipher_suite_t *cipher_suite)
Definition: crypto_extra.h:1907
psa_jpake_computation_stage_s
Definition: crypto_extra.h:1027
psa_pake_primitive_type_t
uint8_t psa_pake_primitive_type_t
Definition: crypto_extra.h:677
psa_jpake_io_mode_t
enum psa_jpake_io_mode psa_jpake_io_mode_t
psa_jpake_round_t
enum psa_jpake_round psa_jpake_round_t
psa_pake_cipher_suite_s
Definition: crypto_extra.h:981
psa_crypto_driver_pake_get_password
psa_status_t psa_crypto_driver_pake_get_password(const psa_crypto_driver_pake_inputs_t *inputs, uint8_t *buffer, size_t buffer_size, size_t *buffer_length)
PSA_JPAKE_FINISHED
Definition: crypto_extra.h:1019
psa_pake_cs_get_key_confirmation
static uint32_t psa_pake_cs_get_key_confirmation(const psa_pake_cipher_suite_t *cipher_suite)
Definition: crypto_extra.h:1920
PSA_JPAKE_X2_STEP_KEY_SHARE
Definition: crypto_extra.h:1005
psa_crypto_driver_pake_step
psa_crypto_driver_pake_step
Definition: crypto_extra.h:1000
psa_pake_set_context
psa_status_t psa_pake_set_context(psa_pake_operation_t *operation, const uint8_t *context, size_t context_len)
PSA_JPAKE_OUTPUT
Definition: crypto_extra.h:1024
psa_pake_cipher_suite_s::key_confirmation
uint32_t key_confirmation
Definition: crypto_extra.h:986
psa_pake_set_user
psa_status_t psa_pake_set_user(psa_pake_operation_t *operation, const uint8_t *user_id, size_t user_id_len)
PSA_PAKE_PRIMITIVE
#define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits)
Definition: crypto_extra.h:787
psa_pake_cs_set_algorithm
static void psa_pake_cs_set_algorithm(psa_pake_cipher_suite_t *cipher_suite, psa_algorithm_t algorithm)
Definition: crypto_extra.h:1880
MBEDTLS_PSA_KEY_ID_BUILTIN_MAX
#define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX
Definition: crypto_extra.h:315
PSA_JPAKE_X4S_STEP_KEY_SHARE
Definition: crypto_extra.h:1011
psa_jpake_io_mode
psa_jpake_io_mode
Definition: crypto_extra.h:1022
psa_pake_cs_get_primitive
static psa_pake_primitive_t psa_pake_cs_get_primitive(const psa_pake_cipher_suite_t *cipher_suite)
Definition: crypto_extra.h:1891
psa_pake_operation_init
static psa_pake_operation_t psa_pake_operation_init(void)
Definition: crypto_extra.h:1937
PSA_JPAKE_INPUT
Definition: crypto_extra.h:1023
PSA_JPAKE_X4S_STEP_ZK_PUBLIC
Definition: crypto_extra.h:1012
psa_pake_input
psa_status_t psa_pake_input(psa_pake_operation_t *operation, psa_pake_step_t step, const uint8_t *input, size_t input_length)
PSA_JPAKE_X2S_STEP_ZK_PROOF
Definition: crypto_extra.h:1010
psa_crypto_driver_pake_get_user_len
psa_status_t psa_crypto_driver_pake_get_user_len(const psa_crypto_driver_pake_inputs_t *inputs, size_t *user_len)
psa_pake_cipher_suite_s::family
psa_pake_family_t family
Definition: crypto_extra.h:984
psa_pake_role_t
uint8_t psa_pake_role_t
Encoding of the application role of PAKE.
Definition: crypto_extra.h:659
psa_pake_setup
psa_status_t psa_pake_setup(psa_pake_operation_t *operation, mbedtls_svc_key_id_t password_key, const psa_pake_cipher_suite_t *cipher_suite)
PSA_JPAKE_X4S_STEP_ZK_PROOF
Definition: crypto_extra.h:1013
psa_crypto_driver_pake_get_cipher_suite
psa_status_t psa_crypto_driver_pake_get_cipher_suite(const psa_crypto_driver_pake_inputs_t *inputs, psa_pake_cipher_suite_t *cipher_suite)
psa_key_lifetime_t
uint32_t psa_key_lifetime_t
Definition: crypto_types.h:176
psa_pake_set_peer
psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation, const uint8_t *peer_id, size_t peer_id_len)
PSA_JPAKE_SECOND
Definition: crypto_extra.h:1018
PSA_JPAKE_X1_STEP_ZK_PUBLIC
Definition: crypto_extra.h:1003
psa_status_t
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:52
PSA_JPAKE_STEP_INVALID
Definition: crypto_extra.h:1001
psa_crypto_driver_pake_step_t
enum psa_crypto_driver_pake_step psa_crypto_driver_pake_step_t
psa_driver_pake_context_t
Definition: crypto_driver_contexts_composites.h:143
psa_pake_cipher_suite_s::algorithm
psa_algorithm_t algorithm
Definition: crypto_extra.h:982
psa_crypto_driver_pake_get_peer
psa_status_t psa_crypto_driver_pake_get_peer(const psa_crypto_driver_pake_inputs_t *inputs, uint8_t *peer_id, size_t peer_id_size, size_t *peer_id_length)
mbedtls_psa_external_get_random
psa_status_t mbedtls_psa_external_get_random(mbedtls_psa_external_random_context_t *context, uint8_t *output, size_t output_size, size_t *output_length)
PSA_JPAKE_X1_STEP_KEY_SHARE
Definition: crypto_extra.h:1002
mbedtls_psa_stats_s
Statistics about resource consumption related to the PSA keystore.
Definition: crypto_extra.h:108
Generated on Thu Feb 5 2026 15:22:17 for Mbed TLS v4.0.0 by   doxygen 1.8.6