mbed TLS v2.26.0
crypto_struct.h
Go to the documentation of this file.
1 
36 /*
37  * Copyright The Mbed TLS Contributors
38  * SPDX-License-Identifier: Apache-2.0
39  *
40  * Licensed under the Apache License, Version 2.0 (the "License"); you may
41  * not use this file except in compliance with the License.
42  * You may obtain a copy of the License at
43  *
44  * http://www.apache.org/licenses/LICENSE-2.0
45  *
46  * Unless required by applicable law or agreed to in writing, software
47  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
48  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
49  * See the License for the specific language governing permissions and
50  * limitations under the License.
51  */
52 
53 #ifndef PSA_CRYPTO_STRUCT_H
54 #define PSA_CRYPTO_STRUCT_H
55 
56 #ifdef __cplusplus
57 extern "C" {
58 #endif
59 
60 /* Include the Mbed TLS configuration file, the way Mbed TLS does it
61  * in each of its header files. */
62 #if !defined(MBEDTLS_CONFIG_FILE)
63 #include "mbedtls/config.h"
64 #else
65 #include MBEDTLS_CONFIG_FILE
66 #endif
67 
68 #include "mbedtls/cipher.h"
69 #include "mbedtls/cmac.h"
70 #include "mbedtls/gcm.h"
71 #include "mbedtls/md.h"
72 #include "mbedtls/md2.h"
73 #include "mbedtls/md4.h"
74 #include "mbedtls/md5.h"
75 #include "mbedtls/ripemd160.h"
76 #include "mbedtls/sha1.h"
77 #include "mbedtls/sha256.h"
78 #include "mbedtls/sha512.h"
79 
80 typedef struct {
85  unsigned int id;
87  void* ctx;
89 
91 {
93  union
94  {
95  unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
96 #if defined(MBEDTLS_MD2_C)
98 #endif
99 #if defined(MBEDTLS_MD4_C)
101 #endif
102 #if defined(MBEDTLS_MD5_C)
104 #endif
105 #if defined(MBEDTLS_RIPEMD160_C)
107 #endif
108 #if defined(MBEDTLS_SHA1_C)
110 #endif
111 #if defined(MBEDTLS_SHA256_C)
113 #endif
114 #if defined(MBEDTLS_SHA512_C)
116 #endif
117  } ctx;
118 };
119 
120 #define PSA_HASH_OPERATION_INIT {0, {0}}
121 static inline struct psa_hash_operation_s psa_hash_operation_init( void )
122 {
124  return( v );
125 }
126 
127 #if defined(MBEDTLS_MD_C)
128 typedef struct
129 {
131  struct psa_hash_operation_s hash_ctx;
135 #endif /* MBEDTLS_MD_C */
136 
138 {
140  unsigned int key_set : 1;
141  unsigned int iv_required : 1;
142  unsigned int iv_set : 1;
143  unsigned int has_input : 1;
144  unsigned int is_sign : 1;
145  uint8_t mac_size;
146  union
147  {
148  unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
149 #if defined(MBEDTLS_MD_C)
151 #endif
152 #if defined(MBEDTLS_CMAC_C)
154 #endif
155  } ctx;
156 };
157 
158 #define PSA_MAC_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, {0}}
159 static inline struct psa_mac_operation_s psa_mac_operation_init( void )
160 {
162  return( v );
163 }
164 
166 {
168  unsigned int key_set : 1;
169  unsigned int iv_required : 1;
170  unsigned int iv_set : 1;
171  unsigned int mbedtls_in_use : 1; /* Indicates mbed TLS is handling the operation. */
172  uint8_t iv_size;
173  uint8_t block_size;
174  union
175  {
176  unsigned dummy; /* Enable easier initializing of the union. */
179  } ctx;
180 };
181 
182 #define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, {0}}
184 {
186  return( v );
187 }
188 
190 {
192  unsigned int key_set : 1;
193  unsigned int iv_set : 1;
194  uint8_t iv_size;
195  uint8_t block_size;
196  union
197  {
198  unsigned dummy; /* Enable easier initializing of the union. */
200  } ctx;
201 };
202 
203 #define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, {0}}
204 static inline struct psa_aead_operation_s psa_aead_operation_init( void )
205 {
207  return( v );
208 }
209 
210 #if defined(MBEDTLS_MD_C)
211 typedef struct
212 {
213  uint8_t *info;
214  size_t info_length;
216  uint8_t prk[PSA_HASH_MAX_SIZE];
217  uint8_t output_block[PSA_HASH_MAX_SIZE];
218 #if PSA_HASH_MAX_SIZE > 0xff
219 #error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
220 #endif
222  uint8_t block_number;
223  unsigned int state : 2;
224  unsigned int info_set : 1;
226 #endif /* MBEDTLS_MD_C */
227 
228 #if defined(MBEDTLS_MD_C)
229 typedef enum
230 {
231  PSA_TLS12_PRF_STATE_INIT, /* no input provided */
232  PSA_TLS12_PRF_STATE_SEED_SET, /* seed has been set */
233  PSA_TLS12_PRF_STATE_KEY_SET, /* key has been set */
234  PSA_TLS12_PRF_STATE_LABEL_SET, /* label has been set */
235  PSA_TLS12_PRF_STATE_OUTPUT /* output has been started */
237 
239 {
240 #if PSA_HASH_MAX_SIZE > 0xff
241 #error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
242 #endif
243 
244  /* Indicates how many bytes in the current HMAC block have
245  * not yet been read by the user. */
246  uint8_t left_in_block;
247 
248  /* The 1-based number of the block. */
249  uint8_t block_number;
250 
252 
253  uint8_t *seed;
254  size_t seed_length;
255  uint8_t *label;
256  size_t label_length;
259 
260  /* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */
263 #endif /* MBEDTLS_MD_C */
264 
266 {
268  unsigned int can_output_key : 1;
269  size_t capacity;
270  union
271  {
272  /* Make the union non-empty even with no supported algorithms. */
273  uint8_t dummy;
274 #if defined(MBEDTLS_MD_C)
277 #endif
278  } ctx;
279 };
280 
281 /* This only zeroes out the first byte in the union, the rest is unspecified. */
282 #define PSA_KEY_DERIVATION_OPERATION_INIT {0, 0, 0, {0}}
284 {
286  return( v );
287 }
288 
290 {
294 };
296 
297 #define PSA_KEY_POLICY_INIT {0, 0, 0}
298 static inline struct psa_key_policy_s psa_key_policy_init( void )
299 {
300  const struct psa_key_policy_s v = PSA_KEY_POLICY_INIT;
301  return( v );
302 }
303 
304 /* The type used internally for key sizes.
305  * Public interfaces use size_t, but internally we use a smaller type. */
306 typedef uint16_t psa_key_bits_t;
307 /* The maximum value of the type used to represent bit-sizes.
308  * This is used to mark an invalid key size. */
309 #define PSA_KEY_BITS_TOO_LARGE ( (psa_key_bits_t) ( -1 ) )
310 /* The maximum size of a key in bits.
311  * Currently defined as the maximum that can be represented, rounded down
312  * to a whole number of bytes.
313  * This is an uncast value so that it can be used in preprocessor
314  * conditionals. */
315 #define PSA_MAX_KEY_BITS 0xfff8
316 
324 typedef uint16_t psa_key_attributes_flag_t;
325 
326 #define MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER \
327  ( (psa_key_attributes_flag_t) 0x0001 )
328 
329 /* A mask of key attribute flags used externally only.
330  * Only meant for internal checks inside the library. */
331 #define MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY ( \
332  MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER | \
333  0 )
334 
335 /* A mask of key attribute flags used both internally and externally.
336  * Currently there aren't any. */
337 #define MBEDTLS_PSA_KA_MASK_DUAL_USE ( \
338  0 )
339 
340 typedef struct
341 {
343  psa_key_bits_t bits;
347  psa_key_attributes_flag_t flags;
349 
350 #define PSA_CORE_KEY_ATTRIBUTES_INIT {PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, MBEDTLS_SVC_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0}
351 
353 {
355 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
356  psa_key_slot_number_t slot_number;
357 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
360 };
361 
362 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
363 #define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0}
364 #else
365 #define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0}
366 #endif
367 
368 static inline struct psa_key_attributes_s psa_key_attributes_init( void )
369 {
371  return( v );
372 }
373 
374 static inline void psa_set_key_id( psa_key_attributes_t *attributes,
376 {
377  psa_key_lifetime_t lifetime = attributes->core.lifetime;
378 
379  attributes->core.id = key;
380 
381  if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
382  {
383  attributes->core.lifetime =
386  PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) );
387  }
388 }
389 
391  const psa_key_attributes_t *attributes)
392 {
393  return( attributes->core.id );
394 }
395 
396 #ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
397 static inline void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes,
398  mbedtls_key_owner_id_t owner )
399 {
400  attributes->core.id.owner = owner;
401 }
402 #endif
403 
404 static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
405  psa_key_lifetime_t lifetime)
406 {
407  attributes->core.lifetime = lifetime;
408  if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
409  {
410 #ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
411  attributes->core.id.key_id = 0;
412 #else
413  attributes->core.id = 0;
414 #endif
415  }
416 }
417 
419  const psa_key_attributes_t *attributes)
420 {
421  return( attributes->core.lifetime );
422 }
423 
424 static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
425  psa_key_usage_t usage_flags)
426 {
427  attributes->core.policy.usage = usage_flags;
428 }
429 
431  const psa_key_attributes_t *attributes)
432 {
433  return( attributes->core.policy.usage );
434 }
435 
436 static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
437  psa_algorithm_t alg)
438 {
439  attributes->core.policy.alg = alg;
440 }
441 
443  const psa_key_attributes_t *attributes)
444 {
445  return( attributes->core.policy.alg );
446 }
447 
448 /* This function is declared in crypto_extra.h, which comes after this
449  * header file, but we need the function here, so repeat the declaration. */
451  psa_key_type_t type,
452  const uint8_t *data,
453  size_t data_length);
454 
455 static inline void psa_set_key_type(psa_key_attributes_t *attributes,
456  psa_key_type_t type)
457 {
458  if( attributes->domain_parameters == NULL )
459  {
460  /* Common case: quick path */
461  attributes->core.type = type;
462  }
463  else
464  {
465  /* Call the bigger function to free the old domain paramteres.
466  * Ignore any errors which may arise due to type requiring
467  * non-default domain parameters, since this function can't
468  * report errors. */
469  (void) psa_set_key_domain_parameters( attributes, type, NULL, 0 );
470  }
471 }
472 
474  const psa_key_attributes_t *attributes)
475 {
476  return( attributes->core.type );
477 }
478 
479 static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
480  size_t bits)
481 {
482  if( bits > PSA_MAX_KEY_BITS )
483  attributes->core.bits = PSA_KEY_BITS_TOO_LARGE;
484  else
485  attributes->core.bits = (psa_key_bits_t) bits;
486 }
487 
488 static inline size_t psa_get_key_bits(
489  const psa_key_attributes_t *attributes)
490 {
491  return( attributes->core.bits );
492 }
493 
494 #ifdef __cplusplus
495 }
496 #endif
497 
498 #endif /* PSA_CRYPTO_STRUCT_H */
unsigned int is_sign
unsigned int key_set
psa_key_lifetime_t lifetime
psa_tls12_prf_key_derivation_t tls12_prf
uint8_t Ai[PSA_HASH_MAX_SIZE]
mbedtls_cipher_context_t cipher
mbedtls_sha1_context sha1
static void psa_set_key_usage_flags(psa_key_attributes_t *attributes, psa_key_usage_t usage_flags)
#define PSA_MAX_KEY_BITS
unsigned int mbedtls_in_use
static psa_key_lifetime_t psa_get_key_lifetime(const psa_key_attributes_t *attributes)
union psa_aead_operation_s::@7 ctx
psa_algorithm_t alg
#define PSA_MAC_OPERATION_INIT
static struct psa_aead_operation_s psa_aead_operation_init(void)
mbedtls_sha256_context sha256
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE
Definition: crypto_sizes.h:100
psa_key_usage_t usage
uint16_t psa_key_bits_t
#define md4
Definition: compat-1.3.h:1997
psa_algorithm_t alg2
psa_tls12_prf_key_derivation_state_t
psa_key_attributes_flag_t flags
psa_algorithm_t alg
static void psa_set_key_id(psa_key_attributes_t *attributes, mbedtls_svc_key_id_t key)
Configuration options (set of defines)
psa_core_key_attributes_t core
unsigned int iv_required
#define PSA_CIPHER_OPERATION_INIT
This file contains CMAC definitions and functions.
#define PSA_KEY_ATTRIBUTES_INIT
#define PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)
mbedtls_ripemd160_context ripemd160
RIPE MD-160 message digest.
mbedtls_md5_context md5
psa_operation_driver_context_t driver
static struct psa_key_derivation_s psa_key_derivation_operation_init(void)
#define PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(persistence, location)
psa_algorithm_t alg
psa_algorithm_t alg
The SHA-512 context structure.
Definition: sha512.h:55
uint64_t psa_key_slot_number_t
uint16_t psa_key_attributes_flag_t
#define PSA_HASH_MAX_SIZE
Definition: crypto_sizes.h:99
psa_tls12_prf_key_derivation_state_t state
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: crypto_types.h:105
mbedtls_sha512_context sha512
psa_algorithm_t alg
unsigned int iv_set
#define PSA_KEY_LIFETIME_PERSISTENT
union psa_key_derivation_s::@8 ctx
psa_hmac_internal_data hmac
#define PSA_KEY_LIFETIME_GET_LOCATION(lifetime)
uint32_t psa_key_usage_t
Encoding of permitted usage on a key.
Definition: crypto_types.h:250
This file contains an abstraction interface for use with the cipher primitives provided by the librar...
mbedtls_cipher_context_t cipher
uint16_t psa_key_type_t
Encoding of a key type.
Definition: crypto_types.h:73
#define PSA_KEY_POLICY_INIT
The SHA-256 context structure.
Definition: sha256.h:56
union psa_cipher_operation_s::@6 ctx
#define PSA_KEY_DERIVATION_OPERATION_INIT
psa_hkdf_key_derivation_t hkdf
static psa_algorithm_t psa_get_key_algorithm(const psa_key_attributes_t *attributes)
#define PSA_AEAD_OPERATION_INIT
#define md2
Definition: compat-1.3.h:1987
unsigned int key_set
#define PSA_KEY_BITS_TOO_LARGE
MD4 context structure.
Definition: md4.h:58
static mbedtls_svc_key_id_t psa_get_key_id(const psa_key_attributes_t *attributes)
static psa_key_usage_t psa_get_key_usage_flags(const psa_key_attributes_t *attributes)
This file contains the generic message-digest wrapper.
#define PSA_HASH_OPERATION_INIT
psa_key_id_t mbedtls_svc_key_id_t
Definition: crypto_types.h:227
static struct psa_mac_operation_s psa_mac_operation_init(void)
RIPEMD-160 context structure.
Definition: ripemd160.h:49
mbedtls_svc_key_id_t id
union psa_hash_operation_s::@4 ctx
psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, psa_key_type_t type, const uint8_t *data, size_t data_length)
This file contains SHA-1 definitions and functions.
MD5 context structure.
Definition: md5.h:57
psa_key_policy_t policy
This file contains GCM definitions and functions.
unsigned int can_output_key
static struct psa_key_attributes_s psa_key_attributes_init(void)
The SHA-1 context structure.
Definition: sha1.h:61
This file contains SHA-384 and SHA-512 definitions and functions.
uint8_t output_block[PSA_HASH_MAX_SIZE]
struct psa_tls12_prf_key_derivation_s psa_tls12_prf_key_derivation_t
union psa_mac_operation_s::@5 ctx
static size_t psa_get_key_bits(const psa_key_attributes_t *attributes)
psa_hmac_internal_data hmac
MD2 context structure.
Definition: md2.h:57
static struct psa_cipher_operation_s psa_cipher_operation_init(void)
static void psa_set_key_bits(psa_key_attributes_t *attributes, size_t bits)
static void psa_set_key_lifetime(psa_key_attributes_t *attributes, psa_key_lifetime_t lifetime)
uint32_t psa_key_lifetime_t
Definition: crypto_types.h:146
psa_hmac_internal_data hmac
MD4 message digest algorithm (hash function)
psa_algorithm_t alg
Definition: crypto_struct.h:92
unsigned int has_input
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:62
static void psa_set_key_algorithm(psa_key_attributes_t *attributes, psa_algorithm_t alg)
MD5 message digest algorithm (hash function)
This file contains SHA-224 and SHA-256 definitions and functions.
unsigned int iv_required
static psa_key_type_t psa_get_key_type(const psa_key_attributes_t *attributes)
static void psa_set_key_type(psa_key_attributes_t *attributes, psa_key_type_t type)
MD2 message digest algorithm (hash function)
static struct psa_key_policy_s psa_key_policy_init(void)
static struct psa_hash_operation_s psa_hash_operation_init(void)