mbed TLS v2.26.0
|
PSA cryptography module: Mbed TLS vendor extensions. More...
Go to the source code of this file.
Data Structures | |
struct | mbedtls_psa_stats_s |
Statistics about resource consumption related to the PSA keystore. More... | |
Macros | |
#define | PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52 |
#define | PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x4002) |
#define | PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t)0x7002) |
#define | PSA_KEY_TYPE_IS_DSA(type) (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY) |
#define | PSA_ALG_DSA_BASE ((psa_algorithm_t)0x06000400) |
#define | PSA_ALG_DSA(hash_alg) (PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) |
#define | PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t)0x06000500) |
#define | PSA_ALG_DSA_DETERMINISTIC_FLAG PSA_ALG_ECDSA_DETERMINISTIC_FLAG |
#define | PSA_ALG_DETERMINISTIC_DSA(hash_alg) (PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) |
#define | PSA_ALG_IS_DSA(alg) |
#define | PSA_ALG_DSA_IS_DETERMINISTIC(alg) (((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0) |
#define | PSA_ALG_IS_DETERMINISTIC_DSA(alg) (PSA_ALG_IS_DSA(alg) && PSA_ALG_DSA_IS_DETERMINISTIC(alg)) |
#define | PSA_ALG_IS_RANDOMIZED_DSA(alg) (PSA_ALG_IS_DSA(alg) && !PSA_ALG_DSA_IS_DETERMINISTIC(alg)) |
#define | PSA_ALG_IS_HASH_AND_SIGN(alg) |
#define | PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t) 0x7e) |
#define | PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits) |
#define | PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 3 /*without optional parts*/) |
#define | PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 2 /*p, g*/ + 34 /*q*/) |
SECTION: Module configuration options | |
This section allows for the setting of module specific sizes and configuration options. The default values are already present in the relevant header files and should suffice for the regular use cases. Our advice is to enable options and change their values here only if you have a good reason and know the consequences. Please check the respective header file for documentation on these parameters (to prevent duplicate documentation). | |
#define | MBEDTLS_PSA_KEY_SLOT_COUNT 32 |
This macro is invoked by the library when an invalid parameter is detected that is only checked with #MBEDTLS_CHECK_PARAMS (see the documentation of that option for context). More... | |
Typedefs | |
typedef struct mbedtls_psa_stats_s | mbedtls_psa_stats_t |
Statistics about resource consumption related to the PSA keystore. More... | |
Functions | |
static void | psa_set_key_enrollment_algorithm (psa_key_attributes_t *attributes, psa_algorithm_t alg2) |
Declare the enrollment algorithm for a key. More... | |
static psa_algorithm_t | psa_get_key_enrollment_algorithm (const psa_key_attributes_t *attributes) |
void | mbedtls_psa_crypto_free (void) |
Library deinitialization. More... | |
void | mbedtls_psa_get_stats (mbedtls_psa_stats_t *stats) |
Get statistics about resource consumption related to the PSA keystore. More... | |
psa_status_t | mbedtls_psa_inject_entropy (const uint8_t *seed, size_t seed_size) |
Inject an initial entropy seed for the random generator into secure storage. More... | |
psa_status_t | psa_set_key_domain_parameters (psa_key_attributes_t *attributes, psa_key_type_t type, const uint8_t *data, size_t data_length) |
Set domain parameters for a key. More... | |
psa_status_t | psa_get_key_domain_parameters (const psa_key_attributes_t *attributes, uint8_t *data, size_t data_size, size_t *data_length) |
Get domain parameters for a key. More... | |
static psa_ecc_family_t | mbedtls_ecc_group_to_psa (mbedtls_ecp_group_id grpid, size_t *bits) |
mbedtls_ecp_group_id | mbedtls_ecc_group_of_psa (psa_ecc_family_t curve, size_t bits, int bits_is_sloppy) |
PSA cryptography module: Mbed TLS vendor extensions.
This file is reserved for vendor-specific definitions.
Definition in file crypto_extra.h.
#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 |
This macro is invoked by the library when an invalid parameter is detected that is only checked with #MBEDTLS_CHECK_PARAMS (see the documentation of that option for context).
When you leave this undefined here, the library provides a default definition. If the macro #MBEDTLS_CHECK_PARAMS_ASSERT is defined, the default definition is assert(cond)
, otherwise the default definition calls a function mbedtls_param_failed(). This function is declared in platform_util.h
for the benefit of the library, but you need to define in your application.
When you define this here, this replaces the default definition in platform_util.h (which no longer declares the function mbedtls_param_failed()) and it is your responsibility to make sure this macro expands to something suitable (in particular, that all the necessary declarations are visible from within the library - you can ensure that by providing them in this file next to the macro definition). If you define this macro to call assert
, also define #MBEDTLS_CHECK_PARAMS_ASSERT so that library source files include <assert.h>
.
Note that you may define this macro to expand to nothing, in which case you don't have to worry about declarations or definitions. However, you will then be notified about invalid parameters only in non-void functions, and void function will just silently return early on invalid parameters, which partially negates the benefits of enabling #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged.
cond | The expression that should evaluate to true, but doesn't. Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the PSA crypto subsystem. |
If this option is unset:
If this option is unset, the library will fall back to a default value of 32 keys.
Definition at line 44 of file crypto_extra.h.
#define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52 |
Definition at line 40 of file crypto_extra.h.
typedef struct mbedtls_psa_stats_s mbedtls_psa_stats_t |
Statistics about resource consumption related to the PSA keystore.
void mbedtls_psa_crypto_free | ( | void | ) |
Library deinitialization.
This function clears all data associated with the PSA layer, including the whole key store.
This is an Mbed TLS extension.
void mbedtls_psa_get_stats | ( | mbedtls_psa_stats_t * | stats | ) |
Get statistics about resource consumption related to the PSA keystore.
psa_status_t mbedtls_psa_inject_entropy | ( | const uint8_t * | seed, |
size_t | seed_size | ||
) |
Inject an initial entropy seed for the random generator into secure storage.
This function injects data to be used as a seed for the random generator used by the PSA Crypto implementation. On devices that lack a trusted entropy source (preferably a hardware random number generator), the Mbed PSA Crypto implementation uses this value to seed its random generator.
On devices without a trusted entropy source, this function must be called exactly once in the lifetime of the device. On devices with a trusted entropy source, calling this function is optional. In all cases, this function may only be called before calling any other function in the PSA Crypto API, including psa_crypto_init().
When this function returns successfully, it populates a file in persistent storage. Once the file has been created, this function can no longer succeed.
If any error occurs, this function does not change the system state. You can call this function again after correcting the reason for the error if possible.
This is an Mbed TLS extension.
[in] | seed | Buffer containing the seed value to inject. |
[in] | seed_size | Size of the seed buffer. The size of the seed in bytes must be greater or equal to both MBEDTLS_ENTROPY_MIN_PLATFORM and MBEDTLS_ENTROPY_BLOCK_SIZE. It must be less or equal to MBEDTLS_ENTROPY_MAX_SEED_SIZE. |
PSA_SUCCESS | The seed value was injected successfully. The random generator of the PSA Crypto implementation is now ready for use. You may now call psa_crypto_init() and use the PSA Crypto implementation. |
PSA_ERROR_INVALID_ARGUMENT | seed_size is out of range. |
PSA_ERROR_STORAGE_FAILURE | There was a failure reading or writing from storage. |
PSA_ERROR_NOT_PERMITTED | The library has already been initialized. It is no longer possible to call this function. |