mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-23 18:25:37 +01:00
Merge pull request #112 from gilles-peskine-arm/psa-remove_domain_parameters
Remove domain parameters from API 1.0
This commit is contained in:
commit
683898c079
@ -105,8 +105,7 @@ psa_status_t psa_crypto_init(void);
|
|||||||
* and its lifetime.
|
* and its lifetime.
|
||||||
* - The key's policy, comprising usage flags and a specification of
|
* - The key's policy, comprising usage flags and a specification of
|
||||||
* the permitted algorithm(s).
|
* the permitted algorithm(s).
|
||||||
* - Information about the key itself: the key type, the key size, and
|
* - Information about the key itself: the key type and its size.
|
||||||
* for some key type additional domain parameters.
|
|
||||||
* - Implementations may define additional attributes.
|
* - Implementations may define additional attributes.
|
||||||
*
|
*
|
||||||
* The actual key material is not considered an attribute of a key.
|
* The actual key material is not considered an attribute of a key.
|
||||||
@ -167,7 +166,7 @@ psa_status_t psa_crypto_init(void);
|
|||||||
*
|
*
|
||||||
* - lifetime: #PSA_KEY_LIFETIME_VOLATILE.
|
* - lifetime: #PSA_KEY_LIFETIME_VOLATILE.
|
||||||
* - key identifier: unspecified.
|
* - key identifier: unspecified.
|
||||||
* - type: \c 0, with no domain parameters.
|
* - type: \c 0.
|
||||||
* - key size: \c 0.
|
* - key size: \c 0.
|
||||||
* - usage flags: \c 0.
|
* - usage flags: \c 0.
|
||||||
* - algorithm: \c 0.
|
* - algorithm: \c 0.
|
||||||
@ -179,8 +178,7 @@ psa_status_t psa_crypto_init(void);
|
|||||||
* location.
|
* location.
|
||||||
* -# Set the key policy with psa_set_key_usage_flags() and
|
* -# Set the key policy with psa_set_key_usage_flags() and
|
||||||
* psa_set_key_algorithm().
|
* psa_set_key_algorithm().
|
||||||
* -# Set the key type with psa_set_key_type(). If the key type requires
|
* -# Set the key type with psa_set_key_type().
|
||||||
* domain parameters, call psa_set_key_domain_parameters() instead.
|
|
||||||
* Skip this step if copying an existing key with psa_copy_key().
|
* Skip this step if copying an existing key with psa_copy_key().
|
||||||
* -# When generating a random key with psa_generate_random_key() or deriving a key
|
* -# When generating a random key with psa_generate_random_key() or deriving a key
|
||||||
* with psa_key_derivation_output_key(), set the desired key size with
|
* with psa_key_derivation_output_key(), set the desired key size with
|
||||||
@ -189,11 +187,11 @@ psa_status_t psa_crypto_init(void);
|
|||||||
* psa_key_derivation_output_key() or psa_copy_key(). This function reads
|
* psa_key_derivation_output_key() or psa_copy_key(). This function reads
|
||||||
* the attribute structure, creates a key with these attributes, and
|
* the attribute structure, creates a key with these attributes, and
|
||||||
* outputs a handle to the newly created key.
|
* outputs a handle to the newly created key.
|
||||||
* -# The attribute structure is now no longer necessary. If you called
|
* -# The attribute structure is now no longer necessary.
|
||||||
* psa_set_key_domain_parameters() earlier, you must call
|
* You may call psa_reset_key_attributes(), although this is optional
|
||||||
* psa_reset_key_attributes() to free any resources used by the
|
* with the workflow presented here because the attributes currently
|
||||||
* domain parameters. Otherwise calling psa_reset_key_attributes()
|
* defined in this specification do not require any additional resources
|
||||||
* is optional.
|
* beyond the structure itself.
|
||||||
*
|
*
|
||||||
* A typical sequence to query a key's attributes is as follows:
|
* A typical sequence to query a key's attributes is as follows:
|
||||||
* -# Call psa_get_key_attributes().
|
* -# Call psa_get_key_attributes().
|
||||||
@ -349,10 +347,7 @@ static psa_algorithm_t psa_get_key_algorithm(
|
|||||||
|
|
||||||
/** Declare the type of a key.
|
/** Declare the type of a key.
|
||||||
*
|
*
|
||||||
* If a type requires domain parameters, you must call
|
* This function overwrites any key type
|
||||||
* psa_set_key_domain_parameters() instead of this function.
|
|
||||||
*
|
|
||||||
* This function overwrites any key type and domain parameters
|
|
||||||
* previously set in \p attributes.
|
* previously set in \p attributes.
|
||||||
*
|
*
|
||||||
* This function may be declared as `static` (i.e. without external
|
* This function may be declared as `static` (i.e. without external
|
||||||
@ -403,97 +398,6 @@ static psa_key_type_t psa_get_key_type(const psa_key_attributes_t *attributes);
|
|||||||
*/
|
*/
|
||||||
static size_t psa_get_key_bits(const psa_key_attributes_t *attributes);
|
static size_t psa_get_key_bits(const psa_key_attributes_t *attributes);
|
||||||
|
|
||||||
/**
|
|
||||||
* \brief Set domain parameters for a key.
|
|
||||||
*
|
|
||||||
* Some key types require additional domain parameters in addition to
|
|
||||||
* the key type identifier and the key size.
|
|
||||||
* The format for the required domain parameters varies by the key type.
|
|
||||||
*
|
|
||||||
* - For RSA keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY or #PSA_KEY_TYPE_RSA_KEYPAIR),
|
|
||||||
* the domain parameter data consists of the public exponent,
|
|
||||||
* represented as a big-endian integer with no leading zeros.
|
|
||||||
* This information is used when generating an RSA key pair.
|
|
||||||
* When importing a key, the public exponent is read from the imported
|
|
||||||
* key data and the exponent recorded in the attribute structure is ignored.
|
|
||||||
* As an exception, the public exponent 65537 is represented by an empty
|
|
||||||
* byte string.
|
|
||||||
* - For DSA keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY or #PSA_KEY_TYPE_DSA_KEYPAIR),
|
|
||||||
* the `Dss-Parms` format as defined by RFC 3279 §2.3.2.
|
|
||||||
* ```
|
|
||||||
* Dss-Parms ::= SEQUENCE {
|
|
||||||
* p INTEGER,
|
|
||||||
* q INTEGER,
|
|
||||||
* g INTEGER
|
|
||||||
* }
|
|
||||||
* ```
|
|
||||||
* - For Diffie-Hellman key exchange keys (#PSA_KEY_TYPE_DH_PUBLIC_KEY or
|
|
||||||
* #PSA_KEY_TYPE_DH_KEYPAIR), the
|
|
||||||
* `DomainParameters` format as defined by RFC 3279 §2.3.3.
|
|
||||||
* ```
|
|
||||||
* DomainParameters ::= SEQUENCE {
|
|
||||||
* p INTEGER, -- odd prime, p=jq +1
|
|
||||||
* g INTEGER, -- generator, g
|
|
||||||
* q INTEGER, -- factor of p-1
|
|
||||||
* j INTEGER OPTIONAL, -- subgroup factor
|
|
||||||
* validationParms ValidationParms OPTIONAL
|
|
||||||
* }
|
|
||||||
* ValidationParms ::= SEQUENCE {
|
|
||||||
* seed BIT STRING,
|
|
||||||
* pgenCounter INTEGER
|
|
||||||
* }
|
|
||||||
* ```
|
|
||||||
*
|
|
||||||
* \note This function may allocate memory or other resources.
|
|
||||||
* Once you have called this function on an attribute structure,
|
|
||||||
* you must call psa_reset_key_attributes() to free these resources.
|
|
||||||
*
|
|
||||||
* \param[in,out] attributes Attribute structure where the specified domain
|
|
||||||
* parameters will be stored.
|
|
||||||
* If this function fails, the content of
|
|
||||||
* \p attributes is not modified.
|
|
||||||
* \param type Key type (a \c PSA_KEY_TYPE_XXX value).
|
|
||||||
* \param[in] data Buffer containing the key domain parameters.
|
|
||||||
* The content of this buffer is interpreted
|
|
||||||
* according to \p type as described above.
|
|
||||||
* \param data_length Size of the \p data buffer in bytes.
|
|
||||||
*
|
|
||||||
* \retval #PSA_SUCCESS
|
|
||||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
|
||||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
|
||||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
|
||||||
*/
|
|
||||||
psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
|
|
||||||
psa_key_type_t type,
|
|
||||||
const uint8_t *data,
|
|
||||||
size_t data_length);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* \brief Get domain parameters for a key.
|
|
||||||
*
|
|
||||||
* Get the domain parameters for a key with this function, if any. The format
|
|
||||||
* of the domain parameters written to \p data is specified in the
|
|
||||||
* documentation for psa_set_key_domain_parameters().
|
|
||||||
*
|
|
||||||
* \param[in] attributes The key attribute structure to query.
|
|
||||||
* \param[out] data On success, the key domain parameters.
|
|
||||||
* \param data_size Size of the \p data buffer in bytes.
|
|
||||||
* The buffer is guaranteed to be large
|
|
||||||
* enough if its size in bytes is at least
|
|
||||||
* the value given by
|
|
||||||
* PSA_KEY_DOMAIN_PARAMETERS_SIZE().
|
|
||||||
* \param[out] data_length On success, the number of bytes
|
|
||||||
* that make up the key domain parameters data.
|
|
||||||
*
|
|
||||||
* \retval #PSA_SUCCESS
|
|
||||||
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
|
||||||
*/
|
|
||||||
psa_status_t psa_get_key_domain_parameters(
|
|
||||||
const psa_key_attributes_t *attributes,
|
|
||||||
uint8_t *data,
|
|
||||||
size_t data_size,
|
|
||||||
size_t *data_length);
|
|
||||||
|
|
||||||
/** Retrieve the attributes of a key.
|
/** Retrieve the attributes of a key.
|
||||||
*
|
*
|
||||||
* This function first resets the attribute structure as with
|
* This function first resets the attribute structure as with
|
||||||
@ -617,9 +521,8 @@ psa_status_t psa_close_key(psa_key_handle_t handle);
|
|||||||
* \param[out] handle On success, a handle to the newly created key.
|
* \param[out] handle On success, a handle to the newly created key.
|
||||||
* \c 0 on failure.
|
* \c 0 on failure.
|
||||||
* \param[in] data Buffer containing the key data. The content of this
|
* \param[in] data Buffer containing the key data. The content of this
|
||||||
* buffer is interpreted according to the type and,
|
* buffer is interpreted according to the type declared
|
||||||
* if applicable, domain parameters declared in
|
* in \p attributes.
|
||||||
* \p attributes.
|
|
||||||
* All implementations must support at least the format
|
* All implementations must support at least the format
|
||||||
* described in the documentation
|
* described in the documentation
|
||||||
* of psa_export_key() or psa_export_public_key() for
|
* of psa_export_key() or psa_export_public_key() for
|
||||||
@ -738,10 +641,6 @@ psa_status_t psa_destroy_key(psa_key_handle_t handle);
|
|||||||
* coefficient INTEGER, -- (inverse of q) mod p
|
* coefficient INTEGER, -- (inverse of q) mod p
|
||||||
* }
|
* }
|
||||||
* ```
|
* ```
|
||||||
* - For DSA private keys (#PSA_KEY_TYPE_DSA_KEYPAIR), the format is the
|
|
||||||
* representation of the private key `x` as a big-endian byte string. The
|
|
||||||
* length of the byte string is the private key size in bytes (leading zeroes
|
|
||||||
* are not stripped).
|
|
||||||
* - For elliptic curve key pairs (key types for which
|
* - For elliptic curve key pairs (key types for which
|
||||||
* #PSA_KEY_TYPE_IS_ECC_KEYPAIR is true), the format is
|
* #PSA_KEY_TYPE_IS_ECC_KEYPAIR is true), the format is
|
||||||
* a representation of the private value as a `ceiling(m/8)`-byte string
|
* a representation of the private value as a `ceiling(m/8)`-byte string
|
||||||
@ -753,7 +652,8 @@ psa_status_t psa_destroy_key(psa_key_handle_t handle);
|
|||||||
* and `PSA_ECC_CURVE_BRAINPOOL_PXXX`).
|
* and `PSA_ECC_CURVE_BRAINPOOL_PXXX`).
|
||||||
* This is the content of the `privateKey` field of the `ECPrivateKey`
|
* This is the content of the `privateKey` field of the `ECPrivateKey`
|
||||||
* format defined by RFC 5915.
|
* format defined by RFC 5915.
|
||||||
* - For Diffie-Hellman key exchange key pairs (#PSA_KEY_TYPE_DH_KEYPAIR), the
|
* - For Diffie-Hellman key exchange key pairs (key types for which
|
||||||
|
* #PSA_KEY_TYPE_IS_DH_KEYPAIR is true), the
|
||||||
* format is the representation of the private key `x` as a big-endian byte
|
* format is the representation of the private key `x` as a big-endian byte
|
||||||
* string. The length of the byte string is the private key size in bytes
|
* string. The length of the byte string is the private key size in bytes
|
||||||
* (leading zeroes are not stripped).
|
* (leading zeroes are not stripped).
|
||||||
@ -822,11 +722,8 @@ psa_status_t psa_export_key(psa_key_handle_t handle,
|
|||||||
* - The byte 0x04;
|
* - The byte 0x04;
|
||||||
* - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
|
* - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
|
||||||
* - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
|
* - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
|
||||||
* - For DSA public keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY), the format is the
|
* - For Diffie-Hellman key exchange public keys (key types for which
|
||||||
* representation of the public key `y = g^x mod p` as a big-endian byte
|
* #PSA_KEY_TYPE_IS_DH_PUBLIC_KEY is true),
|
||||||
* string. The length of the byte string is the length of the base prime `p`
|
|
||||||
* in bytes.
|
|
||||||
* - For Diffie-Hellman key exchange public keys (#PSA_KEY_TYPE_DH_PUBLIC_KEY),
|
|
||||||
* the format is the representation of the public key `y = g^x mod p` as a
|
* the format is the representation of the public key `y = g^x mod p` as a
|
||||||
* big-endian byte string. The length of the byte string is the length of the
|
* big-endian byte string. The length of the byte string is the length of the
|
||||||
* base prime `p` in bytes.
|
* base prime `p` in bytes.
|
||||||
@ -910,9 +807,6 @@ psa_status_t psa_export_public_key(psa_key_handle_t handle,
|
|||||||
* - The key type and size may be 0. If either is
|
* - The key type and size may be 0. If either is
|
||||||
* nonzero, it must match the corresponding
|
* nonzero, it must match the corresponding
|
||||||
* attribute of the source key.
|
* attribute of the source key.
|
||||||
* - If \p attributes contains domain parameters,
|
|
||||||
* they must match the domain parameters of
|
|
||||||
* the source key.
|
|
||||||
* - The key location (the lifetime and, for
|
* - The key location (the lifetime and, for
|
||||||
* persistent keys, the key identifier) is
|
* persistent keys, the key identifier) is
|
||||||
* used directly.
|
* used directly.
|
||||||
@ -936,7 +830,7 @@ psa_status_t psa_export_public_key(psa_key_handle_t handle,
|
|||||||
* The policy constraints on the source and specified in
|
* The policy constraints on the source and specified in
|
||||||
* \p attributes are incompatible.
|
* \p attributes are incompatible.
|
||||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||||
* \p attributes specifies a key type, domain parameters or key size
|
* \p attributes specifies a key type or key size
|
||||||
* which does not match the attributes of the source key.
|
* which does not match the attributes of the source key.
|
||||||
* \retval #PSA_ERROR_NOT_PERMITTED
|
* \retval #PSA_ERROR_NOT_PERMITTED
|
||||||
* The source key does not have the #PSA_KEY_USAGE_COPY usage flag.
|
* The source key does not have the #PSA_KEY_USAGE_COPY usage flag.
|
||||||
@ -3353,8 +3247,8 @@ psa_status_t psa_key_derivation_output_bytes(
|
|||||||
* discard the first 8 bytes, use the next 8 bytes as the first key,
|
* discard the first 8 bytes, use the next 8 bytes as the first key,
|
||||||
* and continue reading output from the operation to derive the other
|
* and continue reading output from the operation to derive the other
|
||||||
* two keys).
|
* two keys).
|
||||||
* - Finite-field Diffie-Hellman keys (#PSA_KEY_TYPE_DH_KEYPAIR),
|
* - Finite-field Diffie-Hellman keys (#PSA_KEY_TYPE_DH_KEYPAIR(\c group)
|
||||||
* DSA keys (#PSA_KEY_TYPE_DSA_KEYPAIR), and
|
* where \c group designates any Diffie-Hellman group) and
|
||||||
* ECC keys on a Weierstrass elliptic curve
|
* ECC keys on a Weierstrass elliptic curve
|
||||||
* (#PSA_KEY_TYPE_ECC_KEYPAIR(\c curve) where \c curve designates a
|
* (#PSA_KEY_TYPE_ECC_KEYPAIR(\c curve) where \c curve designates a
|
||||||
* Weierstrass curve).
|
* Weierstrass curve).
|
||||||
@ -3529,19 +3423,12 @@ psa_status_t psa_generate_random(uint8_t *output,
|
|||||||
* The key is generated randomly.
|
* The key is generated randomly.
|
||||||
* Its location, policy, type and size are taken from \p attributes.
|
* Its location, policy, type and size are taken from \p attributes.
|
||||||
*
|
*
|
||||||
* If the type requires additional domain parameters, these are taken
|
* The following type-specific considerations apply:
|
||||||
* from \p attributes as well. The following types use domain parameters:
|
* - For RSA keys (#PSA_KEY_TYPE_RSA_KEYPAIR),
|
||||||
* - When generating an RSA key (#PSA_KEY_TYPE_RSA_KEYPAIR),
|
* the public exponent is 65537.
|
||||||
* the default public exponent is 65537. This value is used if
|
* The modulus is a product of two probabilistic primes
|
||||||
* \p attributes was set with psa_set_key_type() or by passing an empty
|
* between 2^{n-1} and 2^n where n is the bit size specified in the
|
||||||
* byte string as domain parameters to psa_set_key_domain_parameters().
|
* attributes.
|
||||||
* If psa_set_key_domain_parameters() was used to set a non-empty
|
|
||||||
* domain parameter string in \p attributes, this string is read as
|
|
||||||
* a big-endian integer which is used as the public exponent.
|
|
||||||
* - When generating a DSA key (#PSA_KEY_TYPE_DSA_KEYPAIR) or a
|
|
||||||
* Diffie-Hellman key (#PSA_KEY_TYPE_DH_KEYPAIR), the domain parameters
|
|
||||||
* from \p attributes are interpreted as described for
|
|
||||||
* psa_set_key_domain_parameters().
|
|
||||||
*
|
*
|
||||||
* \param[in] attributes The attributes for the new key.
|
* \param[in] attributes The attributes for the new key.
|
||||||
* \param[out] handle On success, a handle to the newly created key.
|
* \param[out] handle On success, a handle to the newly created key.
|
||||||
|
@ -444,6 +444,248 @@ psa_status_t psa_generate_random_key_to_handle(psa_key_handle_t handle,
|
|||||||
|
|
||||||
/**@}*/
|
/**@}*/
|
||||||
|
|
||||||
|
|
||||||
|
/** \addtogroup crypto_types
|
||||||
|
* @{
|
||||||
|
*/
|
||||||
|
|
||||||
|
/** DSA public key.
|
||||||
|
*
|
||||||
|
* The import and export format is the
|
||||||
|
* representation of the public key `y = g^x mod p` as a big-endian byte
|
||||||
|
* string. The length of the byte string is the length of the base prime `p`
|
||||||
|
* in bytes.
|
||||||
|
*/
|
||||||
|
#define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x60020000)
|
||||||
|
|
||||||
|
/** DSA key pair (private and public key).
|
||||||
|
*
|
||||||
|
* The import and export format is the
|
||||||
|
* representation of the private key `x` as a big-endian byte string. The
|
||||||
|
* length of the byte string is the private key size in bytes (leading zeroes
|
||||||
|
* are not stripped).
|
||||||
|
*
|
||||||
|
* Determinstic DSA key derivation with psa_generate_derived_key follows
|
||||||
|
* FIPS 186-4 §B.1.2: interpret the byte string as integer
|
||||||
|
* in big-endian order. Discard it if it is not in the range
|
||||||
|
* [0, *N* - 2] where *N* is the boundary of the private key domain
|
||||||
|
* (the prime *p* for Diffie-Hellman, the subprime *q* for DSA,
|
||||||
|
* or the order of the curve's base point for ECC).
|
||||||
|
* Add 1 to the resulting integer and use this as the private key *x*.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
#define PSA_KEY_TYPE_DSA_KEYPAIR ((psa_key_type_t)0x70020000)
|
||||||
|
|
||||||
|
/** Whether a key type is an DSA key (pair or public-only). */
|
||||||
|
#define PSA_KEY_TYPE_IS_DSA(type) \
|
||||||
|
(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY)
|
||||||
|
|
||||||
|
#define PSA_ALG_DSA_BASE ((psa_algorithm_t)0x10040000)
|
||||||
|
/** DSA signature with hashing.
|
||||||
|
*
|
||||||
|
* This is the signature scheme defined by FIPS 186-4,
|
||||||
|
* with a random per-message secret number (*k*).
|
||||||
|
*
|
||||||
|
* \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
|
||||||
|
* #PSA_ALG_IS_HASH(\p hash_alg) is true).
|
||||||
|
* This includes #PSA_ALG_ANY_HASH
|
||||||
|
* when specifying the algorithm in a usage policy.
|
||||||
|
*
|
||||||
|
* \return The corresponding DSA signature algorithm.
|
||||||
|
* \return Unspecified if \p hash_alg is not a supported
|
||||||
|
* hash algorithm.
|
||||||
|
*/
|
||||||
|
#define PSA_ALG_DSA(hash_alg) \
|
||||||
|
(PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
|
||||||
|
#define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t)0x10050000)
|
||||||
|
#define PSA_ALG_DSA_DETERMINISTIC_FLAG ((psa_algorithm_t)0x00010000)
|
||||||
|
/** Deterministic DSA signature with hashing.
|
||||||
|
*
|
||||||
|
* This is the deterministic variant defined by RFC 6979 of
|
||||||
|
* the signature scheme defined by FIPS 186-4.
|
||||||
|
*
|
||||||
|
* \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
|
||||||
|
* #PSA_ALG_IS_HASH(\p hash_alg) is true).
|
||||||
|
* This includes #PSA_ALG_ANY_HASH
|
||||||
|
* when specifying the algorithm in a usage policy.
|
||||||
|
*
|
||||||
|
* \return The corresponding DSA signature algorithm.
|
||||||
|
* \return Unspecified if \p hash_alg is not a supported
|
||||||
|
* hash algorithm.
|
||||||
|
*/
|
||||||
|
#define PSA_ALG_DETERMINISTIC_DSA(hash_alg) \
|
||||||
|
(PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
|
||||||
|
#define PSA_ALG_IS_DSA(alg) \
|
||||||
|
(((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == \
|
||||||
|
PSA_ALG_DSA_BASE)
|
||||||
|
#define PSA_ALG_DSA_IS_DETERMINISTIC(alg) \
|
||||||
|
(((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)
|
||||||
|
#define PSA_ALG_IS_DETERMINISTIC_DSA(alg) \
|
||||||
|
(PSA_ALG_IS_DSA(alg) && PSA_ALG_DSA_IS_DETERMINISTIC(alg))
|
||||||
|
#define PSA_ALG_IS_RANDOMIZED_DSA(alg) \
|
||||||
|
(PSA_ALG_IS_DSA(alg) && !PSA_ALG_DSA_IS_DETERMINISTIC(alg))
|
||||||
|
|
||||||
|
|
||||||
|
/* We need to expand the sample definition of this macro from
|
||||||
|
* the API definition. */
|
||||||
|
#undef PSA_ALG_IS_HASH_AND_SIGN
|
||||||
|
#define PSA_ALG_IS_HASH_AND_SIGN(alg) \
|
||||||
|
(PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \
|
||||||
|
PSA_ALG_IS_DSA(alg) || PSA_ALG_IS_ECDSA(alg))
|
||||||
|
|
||||||
|
/**@}*/
|
||||||
|
|
||||||
|
/** \addtogroup attributes
|
||||||
|
* @{
|
||||||
|
*/
|
||||||
|
|
||||||
|
/** Custom Diffie-Hellman group.
|
||||||
|
*
|
||||||
|
* For keys of type #PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_GROUP_CUSTOM) or
|
||||||
|
* #PSA_KEY_TYPE_DH_KEYPAIR(#PSA_DH_GROUP_CUSTOM), the group data comes
|
||||||
|
* from domain parameters set by psa_set_key_domain_parameters().
|
||||||
|
*/
|
||||||
|
/* This value is reserved for private use in the TLS named group registry. */
|
||||||
|
#define PSA_DH_GROUP_CUSTOM ((psa_dh_group_t) 0x01fc)
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Set domain parameters for a key.
|
||||||
|
*
|
||||||
|
* Some key types require additional domain parameters in addition to
|
||||||
|
* the key type identifier and the key size. Use this function instead
|
||||||
|
* of psa_set_key_type() when you need to specify domain parameters.
|
||||||
|
*
|
||||||
|
* The format for the required domain parameters varies based on the key type.
|
||||||
|
*
|
||||||
|
* - For RSA keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY or #PSA_KEY_TYPE_RSA_KEYPAIR),
|
||||||
|
* the domain parameter data consists of the public exponent,
|
||||||
|
* represented as a big-endian integer with no leading zeros.
|
||||||
|
* This information is used when generating an RSA key pair.
|
||||||
|
* When importing a key, the public exponent is read from the imported
|
||||||
|
* key data and the exponent recorded in the attribute structure is ignored.
|
||||||
|
* As an exception, the public exponent 65537 is represented by an empty
|
||||||
|
* byte string.
|
||||||
|
* - For DSA keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY or #PSA_KEY_TYPE_DSA_KEYPAIR),
|
||||||
|
* the `Dss-Parms` format as defined by RFC 3279 §2.3.2.
|
||||||
|
* ```
|
||||||
|
* Dss-Parms ::= SEQUENCE {
|
||||||
|
* p INTEGER,
|
||||||
|
* q INTEGER,
|
||||||
|
* g INTEGER
|
||||||
|
* }
|
||||||
|
* ```
|
||||||
|
* - For Diffie-Hellman key exchange keys
|
||||||
|
* (#PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_GROUP_CUSTOM) or
|
||||||
|
* #PSA_KEY_TYPE_DH_KEYPAIR(#PSA_DH_GROUP_CUSTOM)), the
|
||||||
|
* `DomainParameters` format as defined by RFC 3279 §2.3.3.
|
||||||
|
* ```
|
||||||
|
* DomainParameters ::= SEQUENCE {
|
||||||
|
* p INTEGER, -- odd prime, p=jq +1
|
||||||
|
* g INTEGER, -- generator, g
|
||||||
|
* q INTEGER, -- factor of p-1
|
||||||
|
* j INTEGER OPTIONAL, -- subgroup factor
|
||||||
|
* validationParms ValidationParms OPTIONAL
|
||||||
|
* }
|
||||||
|
* ValidationParms ::= SEQUENCE {
|
||||||
|
* seed BIT STRING,
|
||||||
|
* pgenCounter INTEGER
|
||||||
|
* }
|
||||||
|
* ```
|
||||||
|
*
|
||||||
|
* \note This function may allocate memory or other resources.
|
||||||
|
* Once you have called this function on an attribute structure,
|
||||||
|
* you must call psa_reset_key_attributes() to free these resources.
|
||||||
|
*
|
||||||
|
* \note This is an experimental extension to the interface. It may change
|
||||||
|
* in future versions of the library.
|
||||||
|
*
|
||||||
|
* \param[in,out] attributes Attribute structure where the specified domain
|
||||||
|
* parameters will be stored.
|
||||||
|
* If this function fails, the content of
|
||||||
|
* \p attributes is not modified.
|
||||||
|
* \param type Key type (a \c PSA_KEY_TYPE_XXX value).
|
||||||
|
* \param[in] data Buffer containing the key domain parameters.
|
||||||
|
* The content of this buffer is interpreted
|
||||||
|
* according to \p type as described above.
|
||||||
|
* \param data_length Size of the \p data buffer in bytes.
|
||||||
|
*
|
||||||
|
* \retval #PSA_SUCCESS
|
||||||
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||||
|
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||||
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||||
|
*/
|
||||||
|
psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
|
||||||
|
psa_key_type_t type,
|
||||||
|
const uint8_t *data,
|
||||||
|
size_t data_length);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Get domain parameters for a key.
|
||||||
|
*
|
||||||
|
* Get the domain parameters for a key with this function, if any. The format
|
||||||
|
* of the domain parameters written to \p data is specified in the
|
||||||
|
* documentation for psa_set_key_domain_parameters().
|
||||||
|
*
|
||||||
|
* \note This is an experimental extension to the interface. It may change
|
||||||
|
* in future versions of the library.
|
||||||
|
*
|
||||||
|
* \param[in] attributes The key attribute structure to query.
|
||||||
|
* \param[out] data On success, the key domain parameters.
|
||||||
|
* \param data_size Size of the \p data buffer in bytes.
|
||||||
|
* The buffer is guaranteed to be large
|
||||||
|
* enough if its size in bytes is at least
|
||||||
|
* the value given by
|
||||||
|
* PSA_KEY_DOMAIN_PARAMETERS_SIZE().
|
||||||
|
* \param[out] data_length On success, the number of bytes
|
||||||
|
* that make up the key domain parameters data.
|
||||||
|
*
|
||||||
|
* \retval #PSA_SUCCESS
|
||||||
|
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
||||||
|
*/
|
||||||
|
psa_status_t psa_get_key_domain_parameters(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
uint8_t *data,
|
||||||
|
size_t data_size,
|
||||||
|
size_t *data_length);
|
||||||
|
|
||||||
|
/** Safe output buffer size for psa_get_key_domain_parameters().
|
||||||
|
*
|
||||||
|
* This macro returns a compile-time constant if its arguments are
|
||||||
|
* compile-time constants.
|
||||||
|
*
|
||||||
|
* \warning This function may call its arguments multiple times or
|
||||||
|
* zero times, so you should not pass arguments that contain
|
||||||
|
* side effects.
|
||||||
|
*
|
||||||
|
* \note This is an experimental extension to the interface. It may change
|
||||||
|
* in future versions of the library.
|
||||||
|
*
|
||||||
|
* \param key_type A supported key type.
|
||||||
|
* \param key_bits The size of the key in bits.
|
||||||
|
*
|
||||||
|
* \return If the parameters are valid and supported, return
|
||||||
|
* a buffer size in bytes that guarantees that
|
||||||
|
* psa_get_key_domain_parameters() will not fail with
|
||||||
|
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
||||||
|
* If the parameters are a valid combination that is not supported
|
||||||
|
* by the implementation, this macro shall return either a
|
||||||
|
* sensible size or 0.
|
||||||
|
* If the parameters are not valid, the
|
||||||
|
* return value is unspecified.
|
||||||
|
*/
|
||||||
|
#define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits) \
|
||||||
|
(PSA_KEY_TYPE_IS_RSA(key_type) ? sizeof(int) : \
|
||||||
|
PSA_KEY_TYPE_IS_DH(key_type) ? PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
|
||||||
|
PSA_KEY_TYPE_IS_DSA(key_type) ? PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
|
||||||
|
0)
|
||||||
|
#define PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
|
||||||
|
(4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 3 /*without optional parts*/)
|
||||||
|
#define PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
|
||||||
|
(4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 2 /*p, g*/ + 34 /*q*/)
|
||||||
|
|
||||||
|
/**@}*/
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
@ -447,7 +447,7 @@
|
|||||||
* psa_asymmetric_sign() will not fail with
|
* psa_asymmetric_sign() will not fail with
|
||||||
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
||||||
* If the parameters are a valid combination that is not supported
|
* If the parameters are a valid combination that is not supported
|
||||||
* by the implementation, this macro either shall return either a
|
* by the implementation, this macro shall return either a
|
||||||
* sensible size or 0.
|
* sensible size or 0.
|
||||||
* If the parameters are not valid, the
|
* If the parameters are not valid, the
|
||||||
* return value is unspecified.
|
* return value is unspecified.
|
||||||
@ -478,7 +478,7 @@
|
|||||||
* psa_asymmetric_encrypt() will not fail with
|
* psa_asymmetric_encrypt() will not fail with
|
||||||
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
||||||
* If the parameters are a valid combination that is not supported
|
* If the parameters are a valid combination that is not supported
|
||||||
* by the implementation, this macro either shall return either a
|
* by the implementation, this macro shall return either a
|
||||||
* sensible size or 0.
|
* sensible size or 0.
|
||||||
* If the parameters are not valid, the
|
* If the parameters are not valid, the
|
||||||
* return value is unspecified.
|
* return value is unspecified.
|
||||||
@ -509,7 +509,7 @@
|
|||||||
* psa_asymmetric_decrypt() will not fail with
|
* psa_asymmetric_decrypt() will not fail with
|
||||||
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
||||||
* If the parameters are a valid combination that is not supported
|
* If the parameters are a valid combination that is not supported
|
||||||
* by the implementation, this macro either shall return either a
|
* by the implementation, this macro shall return either a
|
||||||
* sensible size or 0.
|
* sensible size or 0.
|
||||||
* If the parameters are not valid, the
|
* If the parameters are not valid, the
|
||||||
* return value is unspecified.
|
* return value is unspecified.
|
||||||
@ -680,7 +680,7 @@
|
|||||||
* psa_asymmetric_sign() will not fail with
|
* psa_asymmetric_sign() will not fail with
|
||||||
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
||||||
* If the parameters are a valid combination that is not supported
|
* If the parameters are a valid combination that is not supported
|
||||||
* by the implementation, this macro either shall return either a
|
* by the implementation, this macro shall return either a
|
||||||
* sensible size or 0.
|
* sensible size or 0.
|
||||||
* If the parameters are not valid, the
|
* If the parameters are not valid, the
|
||||||
* return value is unspecified.
|
* return value is unspecified.
|
||||||
@ -695,36 +695,4 @@
|
|||||||
PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
|
PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
|
||||||
0)
|
0)
|
||||||
|
|
||||||
/** Safe output buffer size for psa_get_key_domain_parameters().
|
|
||||||
*
|
|
||||||
* This macro returns a compile-time constant if its arguments are
|
|
||||||
* compile-time constants.
|
|
||||||
*
|
|
||||||
* \warning This function may call its arguments multiple times or
|
|
||||||
* zero times, so you should not pass arguments that contain
|
|
||||||
* side effects.
|
|
||||||
*
|
|
||||||
* \param key_type A supported key type.
|
|
||||||
* \param key_bits The size of the key in bits.
|
|
||||||
*
|
|
||||||
* \return If the parameters are valid and supported, return
|
|
||||||
* a buffer size in bytes that guarantees that
|
|
||||||
* psa_get_key_domain_parameters() will not fail with
|
|
||||||
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
|
||||||
* If the parameters are a valid combination that is not supported
|
|
||||||
* by the implementation, this macro either shall return either a
|
|
||||||
* sensible size or 0.
|
|
||||||
* If the parameters are not valid, the
|
|
||||||
* return value is unspecified.
|
|
||||||
*/
|
|
||||||
#define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits) \
|
|
||||||
(PSA_KEY_TYPE_IS_RSA(key_type) ? sizeof(int) : \
|
|
||||||
PSA_KEY_TYPE_IS_DH(key_type) ? PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
|
|
||||||
PSA_KEY_TYPE_IS_DSA(key_type) ? PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
|
|
||||||
0)
|
|
||||||
#define PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
|
|
||||||
(4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 3 /*without optional parts*/)
|
|
||||||
#define PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
|
|
||||||
(4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 2 /*p, g*/ + 34 /*q*/)
|
|
||||||
|
|
||||||
#endif /* PSA_CRYPTO_SIZES_H */
|
#endif /* PSA_CRYPTO_SIZES_H */
|
||||||
|
@ -331,6 +331,13 @@ static inline psa_algorithm_t psa_get_key_algorithm(
|
|||||||
return( attributes->policy.alg );
|
return( attributes->policy.alg );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* This function is declared in crypto_extra.h, which comes after this
|
||||||
|
* header file, but we need the function here, so repeat the declaration. */
|
||||||
|
psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
|
||||||
|
psa_key_type_t type,
|
||||||
|
const uint8_t *data,
|
||||||
|
size_t data_length);
|
||||||
|
|
||||||
static inline void psa_set_key_type(psa_key_attributes_t *attributes,
|
static inline void psa_set_key_type(psa_key_attributes_t *attributes,
|
||||||
psa_key_type_t type)
|
psa_key_type_t type)
|
||||||
{
|
{
|
||||||
|
@ -68,6 +68,9 @@ typedef uint32_t psa_key_type_t;
|
|||||||
/** The type of PSA elliptic curve identifiers. */
|
/** The type of PSA elliptic curve identifiers. */
|
||||||
typedef uint16_t psa_ecc_curve_t;
|
typedef uint16_t psa_ecc_curve_t;
|
||||||
|
|
||||||
|
/** The type of PSA Diffie-Hellman group identifiers. */
|
||||||
|
typedef uint16_t psa_dh_group_t;
|
||||||
|
|
||||||
/** \brief Encoding of a cryptographic algorithm.
|
/** \brief Encoding of a cryptographic algorithm.
|
||||||
*
|
*
|
||||||
* For algorithms that can be applied to multiple key types, this type
|
* For algorithms that can be applied to multiple key types, this type
|
||||||
|
@ -419,14 +419,6 @@
|
|||||||
#define PSA_KEY_TYPE_IS_RSA(type) \
|
#define PSA_KEY_TYPE_IS_RSA(type) \
|
||||||
(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)
|
(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)
|
||||||
|
|
||||||
/** DSA public key. */
|
|
||||||
#define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x60020000)
|
|
||||||
/** DSA key pair (private and public key). */
|
|
||||||
#define PSA_KEY_TYPE_DSA_KEYPAIR ((psa_key_type_t)0x70020000)
|
|
||||||
/** Whether a key type is an DSA key (pair or public-only). */
|
|
||||||
#define PSA_KEY_TYPE_IS_DSA(type) \
|
|
||||||
(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY)
|
|
||||||
|
|
||||||
#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x60030000)
|
#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x60030000)
|
||||||
#define PSA_KEY_TYPE_ECC_KEYPAIR_BASE ((psa_key_type_t)0x70030000)
|
#define PSA_KEY_TYPE_ECC_KEYPAIR_BASE ((psa_key_type_t)0x70030000)
|
||||||
#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x0000ffff)
|
#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x0000ffff)
|
||||||
@ -492,14 +484,45 @@
|
|||||||
#define PSA_ECC_CURVE_CURVE25519 ((psa_ecc_curve_t) 0x001d)
|
#define PSA_ECC_CURVE_CURVE25519 ((psa_ecc_curve_t) 0x001d)
|
||||||
#define PSA_ECC_CURVE_CURVE448 ((psa_ecc_curve_t) 0x001e)
|
#define PSA_ECC_CURVE_CURVE448 ((psa_ecc_curve_t) 0x001e)
|
||||||
|
|
||||||
/** Diffie-Hellman key exchange public key. */
|
#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t)0x60040000)
|
||||||
#define PSA_KEY_TYPE_DH_PUBLIC_KEY ((psa_key_type_t)0x60040000)
|
#define PSA_KEY_TYPE_DH_KEYPAIR_BASE ((psa_key_type_t)0x70040000)
|
||||||
/** Diffie-Hellman key exchange key pair (private and public key). */
|
#define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t)0x0000ffff)
|
||||||
#define PSA_KEY_TYPE_DH_KEYPAIR ((psa_key_type_t)0x70040000)
|
/** Diffie-Hellman key pair. */
|
||||||
/** Whether a key type is a Diffie-Hellman key exchange key (pair or
|
#define PSA_KEY_TYPE_DH_KEYPAIR(group) \
|
||||||
* public-only). */
|
(PSA_KEY_TYPE_DH_KEYPAIR_BASE | (group))
|
||||||
#define PSA_KEY_TYPE_IS_DH(type) \
|
/** Diffie-Hellman public key. */
|
||||||
(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_DH_PUBLIC_KEY)
|
#define PSA_KEY_TYPE_DH_PUBLIC_KEY(group) \
|
||||||
|
(PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE | (group))
|
||||||
|
|
||||||
|
/** Whether a key type is a Diffie-Hellman key (pair or public-only). */
|
||||||
|
#define PSA_KEY_TYPE_IS_DH(type) \
|
||||||
|
((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) & \
|
||||||
|
~PSA_KEY_TYPE_DH_GROUP_MASK) == PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE)
|
||||||
|
/** Whether a key type is a Diffie-Hellman key pair. */
|
||||||
|
#define PSA_KEY_TYPE_IS_DH_KEYPAIR(type) \
|
||||||
|
(((type) & ~PSA_KEY_TYPE_DH_GROUP_MASK) == \
|
||||||
|
PSA_KEY_TYPE_DH_KEYPAIR_BASE)
|
||||||
|
/** Whether a key type is a Diffie-Hellman public key. */
|
||||||
|
#define PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) \
|
||||||
|
(((type) & ~PSA_KEY_TYPE_DH_GROUP_MASK) == \
|
||||||
|
PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE)
|
||||||
|
|
||||||
|
/** Extract the group from a Diffie-Hellman key type. */
|
||||||
|
#define PSA_KEY_TYPE_GET_GROUP(type) \
|
||||||
|
((psa_dh_group_t) (PSA_KEY_TYPE_IS_DH(type) ? \
|
||||||
|
((type) & PSA_KEY_TYPE_DH_GROUP_MASK) : \
|
||||||
|
0))
|
||||||
|
|
||||||
|
/* The encoding of group identifiers is currently aligned with the
|
||||||
|
* TLS Supported Groups Registry (formerly known as the
|
||||||
|
* TLS EC Named Curve Registry)
|
||||||
|
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
|
||||||
|
* The values are defined by RFC 7919. */
|
||||||
|
#define PSA_DH_GROUP_FFDHE2048 ((psa_dh_group_t) 0x0100)
|
||||||
|
#define PSA_DH_GROUP_FFDHE3072 ((psa_dh_group_t) 0x0101)
|
||||||
|
#define PSA_DH_GROUP_FFDHE4096 ((psa_dh_group_t) 0x0102)
|
||||||
|
#define PSA_DH_GROUP_FFDHE6144 ((psa_dh_group_t) 0x0103)
|
||||||
|
#define PSA_DH_GROUP_FFDHE8192 ((psa_dh_group_t) 0x0104)
|
||||||
|
|
||||||
/** The block size of a block cipher.
|
/** The block size of a block cipher.
|
||||||
*
|
*
|
||||||
@ -667,7 +690,6 @@
|
|||||||
*
|
*
|
||||||
* That is, suppose that `PSA_xxx_SIGNATURE` is one of the following macros:
|
* That is, suppose that `PSA_xxx_SIGNATURE` is one of the following macros:
|
||||||
* - #PSA_ALG_RSA_PKCS1V15_SIGN, #PSA_ALG_RSA_PSS,
|
* - #PSA_ALG_RSA_PKCS1V15_SIGN, #PSA_ALG_RSA_PSS,
|
||||||
* - #PSA_ALG_DSA, #PSA_ALG_DETERMINISTIC_DSA,
|
|
||||||
* - #PSA_ALG_ECDSA, #PSA_ALG_DETERMINISTIC_ECDSA.
|
* - #PSA_ALG_ECDSA, #PSA_ALG_DETERMINISTIC_ECDSA.
|
||||||
* Then you may create and use a key as follows:
|
* Then you may create and use a key as follows:
|
||||||
* - Set the key usage field using #PSA_ALG_ANY_HASH, for example:
|
* - Set the key usage field using #PSA_ALG_ANY_HASH, for example:
|
||||||
@ -1028,51 +1050,6 @@
|
|||||||
#define PSA_ALG_IS_RSA_PSS(alg) \
|
#define PSA_ALG_IS_RSA_PSS(alg) \
|
||||||
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE)
|
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE)
|
||||||
|
|
||||||
#define PSA_ALG_DSA_BASE ((psa_algorithm_t)0x10040000)
|
|
||||||
/** DSA signature with hashing.
|
|
||||||
*
|
|
||||||
* This is the signature scheme defined by FIPS 186-4,
|
|
||||||
* with a random per-message secret number (*k*).
|
|
||||||
*
|
|
||||||
* \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
|
|
||||||
* #PSA_ALG_IS_HASH(\p hash_alg) is true).
|
|
||||||
* This includes #PSA_ALG_ANY_HASH
|
|
||||||
* when specifying the algorithm in a usage policy.
|
|
||||||
*
|
|
||||||
* \return The corresponding DSA signature algorithm.
|
|
||||||
* \return Unspecified if \p hash_alg is not a supported
|
|
||||||
* hash algorithm.
|
|
||||||
*/
|
|
||||||
#define PSA_ALG_DSA(hash_alg) \
|
|
||||||
(PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
|
|
||||||
#define PSA_ALG_DETERMINISTIC_DSA_BASE ((psa_algorithm_t)0x10050000)
|
|
||||||
#define PSA_ALG_DSA_DETERMINISTIC_FLAG ((psa_algorithm_t)0x00010000)
|
|
||||||
/** Deterministic DSA signature with hashing.
|
|
||||||
*
|
|
||||||
* This is the deterministic variant defined by RFC 6979 of
|
|
||||||
* the signature scheme defined by FIPS 186-4.
|
|
||||||
*
|
|
||||||
* \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
|
|
||||||
* #PSA_ALG_IS_HASH(\p hash_alg) is true).
|
|
||||||
* This includes #PSA_ALG_ANY_HASH
|
|
||||||
* when specifying the algorithm in a usage policy.
|
|
||||||
*
|
|
||||||
* \return The corresponding DSA signature algorithm.
|
|
||||||
* \return Unspecified if \p hash_alg is not a supported
|
|
||||||
* hash algorithm.
|
|
||||||
*/
|
|
||||||
#define PSA_ALG_DETERMINISTIC_DSA(hash_alg) \
|
|
||||||
(PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
|
|
||||||
#define PSA_ALG_IS_DSA(alg) \
|
|
||||||
(((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == \
|
|
||||||
PSA_ALG_DSA_BASE)
|
|
||||||
#define PSA_ALG_DSA_IS_DETERMINISTIC(alg) \
|
|
||||||
(((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)
|
|
||||||
#define PSA_ALG_IS_DETERMINISTIC_DSA(alg) \
|
|
||||||
(PSA_ALG_IS_DSA(alg) && PSA_ALG_DSA_IS_DETERMINISTIC(alg))
|
|
||||||
#define PSA_ALG_IS_RANDOMIZED_DSA(alg) \
|
|
||||||
(PSA_ALG_IS_DSA(alg) && !PSA_ALG_DSA_IS_DETERMINISTIC(alg))
|
|
||||||
|
|
||||||
#define PSA_ALG_ECDSA_BASE ((psa_algorithm_t)0x10060000)
|
#define PSA_ALG_ECDSA_BASE ((psa_algorithm_t)0x10060000)
|
||||||
/** ECDSA signature with hashing.
|
/** ECDSA signature with hashing.
|
||||||
*
|
*
|
||||||
@ -1156,7 +1133,7 @@
|
|||||||
*/
|
*/
|
||||||
#define PSA_ALG_IS_HASH_AND_SIGN(alg) \
|
#define PSA_ALG_IS_HASH_AND_SIGN(alg) \
|
||||||
(PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \
|
(PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \
|
||||||
PSA_ALG_IS_DSA(alg) || PSA_ALG_IS_ECDSA(alg))
|
PSA_ALG_IS_ECDSA(alg))
|
||||||
|
|
||||||
/** Get the hash used by a hash-and-sign signature algorithm.
|
/** Get the hash used by a hash-and-sign signature algorithm.
|
||||||
*
|
*
|
||||||
|
@ -64,6 +64,7 @@ static void append_integer(char **buffer, size_t buffer_size,
|
|||||||
|
|
||||||
/* The code of these function is automatically generated and included below. */
|
/* The code of these function is automatically generated and included below. */
|
||||||
static const char *psa_ecc_curve_name(psa_ecc_curve_t curve);
|
static const char *psa_ecc_curve_name(psa_ecc_curve_t curve);
|
||||||
|
static const char *psa_dh_group_name(psa_dh_group_t group);
|
||||||
static const char *psa_hash_algorithm_name(psa_algorithm_t hash_alg);
|
static const char *psa_hash_algorithm_name(psa_algorithm_t hash_alg);
|
||||||
|
|
||||||
static void append_with_curve(char **buffer, size_t buffer_size,
|
static void append_with_curve(char **buffer, size_t buffer_size,
|
||||||
@ -84,6 +85,24 @@ static void append_with_curve(char **buffer, size_t buffer_size,
|
|||||||
append(buffer, buffer_size, required_size, ")", 1);
|
append(buffer, buffer_size, required_size, ")", 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void append_with_group(char **buffer, size_t buffer_size,
|
||||||
|
size_t *required_size,
|
||||||
|
const char *string, size_t length,
|
||||||
|
psa_dh_group_t group)
|
||||||
|
{
|
||||||
|
const char *group_name = psa_dh_group_name(group);
|
||||||
|
append(buffer, buffer_size, required_size, string, length);
|
||||||
|
append(buffer, buffer_size, required_size, "(", 1);
|
||||||
|
if (group_name != NULL) {
|
||||||
|
append(buffer, buffer_size, required_size,
|
||||||
|
group_name, strlen(group_name));
|
||||||
|
} else {
|
||||||
|
append_integer(buffer, buffer_size, required_size,
|
||||||
|
"0x%04x", group);
|
||||||
|
}
|
||||||
|
append(buffer, buffer_size, required_size, ")", 1);
|
||||||
|
}
|
||||||
|
|
||||||
typedef const char *(*psa_get_algorithm_name_func_ptr)(psa_algorithm_t alg);
|
typedef const char *(*psa_get_algorithm_name_func_ptr)(psa_algorithm_t alg);
|
||||||
|
|
||||||
static void append_with_alg(char **buffer, size_t buffer_size,
|
static void append_with_alg(char **buffer, size_t buffer_size,
|
||||||
@ -137,6 +156,23 @@ static int psa_snprint_ecc_curve(char *buffer, size_t buffer_size,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int psa_snprint_dh_group(char *buffer, size_t buffer_size,
|
||||||
|
psa_dh_group_t group)
|
||||||
|
{
|
||||||
|
const char *name = psa_dh_group_name(group);
|
||||||
|
if (name == NULL) {
|
||||||
|
return snprintf(buffer, buffer_size, "0x%04x", (unsigned) group);
|
||||||
|
} else {
|
||||||
|
size_t length = strlen(name);
|
||||||
|
if (length < buffer_size) {
|
||||||
|
memcpy(buffer, name, length + 1);
|
||||||
|
return (int) length;
|
||||||
|
} else {
|
||||||
|
return (int) buffer_size;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
static void usage(const char *program_name)
|
static void usage(const char *program_name)
|
||||||
{
|
{
|
||||||
printf("Usage: %s TYPE VALUE [VALUE...]\n",
|
printf("Usage: %s TYPE VALUE [VALUE...]\n",
|
||||||
@ -145,6 +181,7 @@ static void usage(const char *program_name)
|
|||||||
printf("Supported types (with = between aliases):\n");
|
printf("Supported types (with = between aliases):\n");
|
||||||
printf(" alg=algorithm Algorithm (psa_algorithm_t)\n");
|
printf(" alg=algorithm Algorithm (psa_algorithm_t)\n");
|
||||||
printf(" curve=ecc_curve Elliptic curve identifier (psa_ecc_curve_t)\n");
|
printf(" curve=ecc_curve Elliptic curve identifier (psa_ecc_curve_t)\n");
|
||||||
|
printf(" group=dh_group Diffie-Hellman group identifier (psa_dh_group_t)\n");
|
||||||
printf(" type=key_type Key type (psa_key_type_t)\n");
|
printf(" type=key_type Key type (psa_key_type_t)\n");
|
||||||
printf(" usage=key_usage Key usage (psa_key_usage_t)\n");
|
printf(" usage=key_usage Key usage (psa_key_usage_t)\n");
|
||||||
printf(" error=status Status code (psa_status_t)\n");
|
printf(" error=status Status code (psa_status_t)\n");
|
||||||
@ -188,6 +225,7 @@ int process_signed(signed_value_type type, long min, long max, char **argp)
|
|||||||
typedef enum {
|
typedef enum {
|
||||||
TYPE_ALGORITHM,
|
TYPE_ALGORITHM,
|
||||||
TYPE_ECC_CURVE,
|
TYPE_ECC_CURVE,
|
||||||
|
TYPE_DH_GROUP,
|
||||||
TYPE_KEY_TYPE,
|
TYPE_KEY_TYPE,
|
||||||
TYPE_KEY_USAGE,
|
TYPE_KEY_USAGE,
|
||||||
} unsigned_value_type;
|
} unsigned_value_type;
|
||||||
@ -216,6 +254,10 @@ int process_unsigned(unsigned_value_type type, unsigned long max, char **argp)
|
|||||||
psa_snprint_ecc_curve(buffer, sizeof(buffer),
|
psa_snprint_ecc_curve(buffer, sizeof(buffer),
|
||||||
(psa_ecc_curve_t) value);
|
(psa_ecc_curve_t) value);
|
||||||
break;
|
break;
|
||||||
|
case TYPE_DH_GROUP:
|
||||||
|
psa_snprint_dh_group(buffer, sizeof(buffer),
|
||||||
|
(psa_dh_group_t) value);
|
||||||
|
break;
|
||||||
case TYPE_KEY_TYPE:
|
case TYPE_KEY_TYPE:
|
||||||
psa_snprint_key_type(buffer, sizeof(buffer),
|
psa_snprint_key_type(buffer, sizeof(buffer),
|
||||||
(psa_key_type_t) value);
|
(psa_key_type_t) value);
|
||||||
@ -252,6 +294,9 @@ int main(int argc, char *argv[])
|
|||||||
} else if (!strcmp(argv[1], "curve") || !strcmp(argv[1], "ecc_curve")) {
|
} else if (!strcmp(argv[1], "curve") || !strcmp(argv[1], "ecc_curve")) {
|
||||||
return process_unsigned(TYPE_ECC_CURVE, (psa_ecc_curve_t) (-1),
|
return process_unsigned(TYPE_ECC_CURVE, (psa_ecc_curve_t) (-1),
|
||||||
argv + 2);
|
argv + 2);
|
||||||
|
} else if (!strcmp(argv[1], "group") || !strcmp(argv[1], "dh_group")) {
|
||||||
|
return process_unsigned(TYPE_DH_GROUP, (psa_dh_group_t) (-1),
|
||||||
|
argv + 2);
|
||||||
} else if (!strcmp(argv[1], "type") || !strcmp(argv[1], "key_type")) {
|
} else if (!strcmp(argv[1], "type") || !strcmp(argv[1], "key_type")) {
|
||||||
return process_unsigned(TYPE_KEY_TYPE, (psa_key_type_t) (-1),
|
return process_unsigned(TYPE_KEY_TYPE, (psa_key_type_t) (-1),
|
||||||
argv + 2);
|
argv + 2);
|
||||||
|
@ -22,6 +22,14 @@ static const char *psa_ecc_curve_name(psa_ecc_curve_t curve)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static const char *psa_dh_group_name(psa_dh_group_t group)
|
||||||
|
{
|
||||||
|
switch (group) {
|
||||||
|
%(dh_group_cases)s
|
||||||
|
default: return NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
static const char *psa_hash_algorithm_name(psa_algorithm_t hash_alg)
|
static const char *psa_hash_algorithm_name(psa_algorithm_t hash_alg)
|
||||||
{
|
{
|
||||||
switch (hash_alg) {
|
switch (hash_alg) {
|
||||||
@ -145,6 +153,12 @@ key_type_from_curve_template = '''if (%(tester)s(type)) {
|
|||||||
PSA_KEY_TYPE_GET_CURVE(type));
|
PSA_KEY_TYPE_GET_CURVE(type));
|
||||||
} else '''
|
} else '''
|
||||||
|
|
||||||
|
key_type_from_group_template = '''if (%(tester)s(type)) {
|
||||||
|
append_with_group(&buffer, buffer_size, &required_size,
|
||||||
|
"%(builder)s", %(builder_length)s,
|
||||||
|
PSA_KEY_TYPE_GET_GROUP(type));
|
||||||
|
} else '''
|
||||||
|
|
||||||
algorithm_from_hash_template = '''if (%(tester)s(core_alg)) {
|
algorithm_from_hash_template = '''if (%(tester)s(core_alg)) {
|
||||||
append(&buffer, buffer_size, &required_size,
|
append(&buffer, buffer_size, &required_size,
|
||||||
"%(builder)s(", %(builder_length)s + 1);
|
"%(builder)s(", %(builder_length)s + 1);
|
||||||
@ -169,7 +183,9 @@ class MacroCollector:
|
|||||||
self.statuses = set()
|
self.statuses = set()
|
||||||
self.key_types = set()
|
self.key_types = set()
|
||||||
self.key_types_from_curve = {}
|
self.key_types_from_curve = {}
|
||||||
|
self.key_types_from_group = {}
|
||||||
self.ecc_curves = set()
|
self.ecc_curves = set()
|
||||||
|
self.dh_groups = set()
|
||||||
self.algorithms = set()
|
self.algorithms = set()
|
||||||
self.hash_algorithms = set()
|
self.hash_algorithms = set()
|
||||||
self.ka_algorithms = set()
|
self.ka_algorithms = set()
|
||||||
@ -206,8 +222,12 @@ class MacroCollector:
|
|||||||
self.key_types.add(name)
|
self.key_types.add(name)
|
||||||
elif name.startswith('PSA_KEY_TYPE_') and parameter == 'curve':
|
elif name.startswith('PSA_KEY_TYPE_') and parameter == 'curve':
|
||||||
self.key_types_from_curve[name] = name[:13] + 'IS_' + name[13:]
|
self.key_types_from_curve[name] = name[:13] + 'IS_' + name[13:]
|
||||||
|
elif name.startswith('PSA_KEY_TYPE_') and parameter == 'group':
|
||||||
|
self.key_types_from_group[name] = name[:13] + 'IS_' + name[13:]
|
||||||
elif name.startswith('PSA_ECC_CURVE_') and not parameter:
|
elif name.startswith('PSA_ECC_CURVE_') and not parameter:
|
||||||
self.ecc_curves.add(name)
|
self.ecc_curves.add(name)
|
||||||
|
elif name.startswith('PSA_DH_GROUP_') and not parameter:
|
||||||
|
self.dh_groups.add(name)
|
||||||
elif name.startswith('PSA_ALG_') and not parameter:
|
elif name.startswith('PSA_ALG_') and not parameter:
|
||||||
if name in ['PSA_ALG_ECDSA_BASE',
|
if name in ['PSA_ALG_ECDSA_BASE',
|
||||||
'PSA_ALG_RSA_PKCS1V15_SIGN_BASE']:
|
'PSA_ALG_RSA_PKCS1V15_SIGN_BASE']:
|
||||||
@ -265,6 +285,10 @@ class MacroCollector:
|
|||||||
return '\n '.join(map(self.make_return_case,
|
return '\n '.join(map(self.make_return_case,
|
||||||
sorted(self.ecc_curves)))
|
sorted(self.ecc_curves)))
|
||||||
|
|
||||||
|
def make_dh_group_cases(self):
|
||||||
|
return '\n '.join(map(self.make_return_case,
|
||||||
|
sorted(self.dh_groups)))
|
||||||
|
|
||||||
def make_key_type_cases(self):
|
def make_key_type_cases(self):
|
||||||
return '\n '.join(map(self.make_append_case,
|
return '\n '.join(map(self.make_append_case,
|
||||||
sorted(self.key_types)))
|
sorted(self.key_types)))
|
||||||
@ -274,11 +298,21 @@ class MacroCollector:
|
|||||||
'builder_length': len(builder),
|
'builder_length': len(builder),
|
||||||
'tester': tester}
|
'tester': tester}
|
||||||
|
|
||||||
def make_key_type_code(self):
|
def make_key_type_from_group_code(self, builder, tester):
|
||||||
|
return key_type_from_group_template % {'builder': builder,
|
||||||
|
'builder_length': len(builder),
|
||||||
|
'tester': tester}
|
||||||
|
|
||||||
|
def make_ecc_key_type_code(self):
|
||||||
d = self.key_types_from_curve
|
d = self.key_types_from_curve
|
||||||
make = self.make_key_type_from_curve_code
|
make = self.make_key_type_from_curve_code
|
||||||
return ''.join([make(k, d[k]) for k in sorted(d.keys())])
|
return ''.join([make(k, d[k]) for k in sorted(d.keys())])
|
||||||
|
|
||||||
|
def make_dh_key_type_code(self):
|
||||||
|
d = self.key_types_from_group
|
||||||
|
make = self.make_key_type_from_group_code
|
||||||
|
return ''.join([make(k, d[k]) for k in sorted(d.keys())])
|
||||||
|
|
||||||
def make_hash_algorithm_cases(self):
|
def make_hash_algorithm_cases(self):
|
||||||
return '\n '.join(map(self.make_return_case,
|
return '\n '.join(map(self.make_return_case,
|
||||||
sorted(self.hash_algorithms)))
|
sorted(self.hash_algorithms)))
|
||||||
@ -309,8 +343,10 @@ class MacroCollector:
|
|||||||
data = {}
|
data = {}
|
||||||
data['status_cases'] = self.make_status_cases()
|
data['status_cases'] = self.make_status_cases()
|
||||||
data['ecc_curve_cases'] = self.make_ecc_curve_cases()
|
data['ecc_curve_cases'] = self.make_ecc_curve_cases()
|
||||||
|
data['dh_group_cases'] = self.make_dh_group_cases()
|
||||||
data['key_type_cases'] = self.make_key_type_cases()
|
data['key_type_cases'] = self.make_key_type_cases()
|
||||||
data['key_type_code'] = self.make_key_type_code()
|
data['key_type_code'] = (self.make_ecc_key_type_code() +
|
||||||
|
self.make_dh_key_type_code())
|
||||||
data['hash_algorithm_cases'] = self.make_hash_algorithm_cases()
|
data['hash_algorithm_cases'] = self.make_hash_algorithm_cases()
|
||||||
data['ka_algorithm_cases'] = self.make_ka_algorithm_cases()
|
data['ka_algorithm_cases'] = self.make_ka_algorithm_cases()
|
||||||
data['algorithm_cases'] = self.make_algorithm_cases()
|
data['algorithm_cases'] = self.make_algorithm_cases()
|
||||||
|
@ -58,6 +58,7 @@ when applicable.'''
|
|||||||
self.statuses = set(['PSA_SUCCESS'])
|
self.statuses = set(['PSA_SUCCESS'])
|
||||||
self.algorithms = set(['0xffffffff'])
|
self.algorithms = set(['0xffffffff'])
|
||||||
self.ecc_curves = set(['0xffff'])
|
self.ecc_curves = set(['0xffff'])
|
||||||
|
self.dh_groups = set(['0xffff'])
|
||||||
self.key_types = set(['0xffffffff'])
|
self.key_types = set(['0xffffffff'])
|
||||||
self.key_usage_flags = set(['0x80000000'])
|
self.key_usage_flags = set(['0x80000000'])
|
||||||
# Hard-coded value for unknown algorithms
|
# Hard-coded value for unknown algorithms
|
||||||
@ -74,6 +75,7 @@ when applicable.'''
|
|||||||
'ERROR': self.statuses,
|
'ERROR': self.statuses,
|
||||||
'ALG': self.algorithms,
|
'ALG': self.algorithms,
|
||||||
'CURVE': self.ecc_curves,
|
'CURVE': self.ecc_curves,
|
||||||
|
'GROUP': self.dh_groups,
|
||||||
'KEY_TYPE': self.key_types,
|
'KEY_TYPE': self.key_types,
|
||||||
'KEY_USAGE': self.key_usage_flags,
|
'KEY_USAGE': self.key_usage_flags,
|
||||||
}
|
}
|
||||||
@ -94,6 +96,7 @@ Call this after parsing all the inputs.'''
|
|||||||
self.arguments_for['kdf_alg'] = sorted(self.kdf_algorithms)
|
self.arguments_for['kdf_alg'] = sorted(self.kdf_algorithms)
|
||||||
self.arguments_for['aead_alg'] = sorted(self.aead_algorithms)
|
self.arguments_for['aead_alg'] = sorted(self.aead_algorithms)
|
||||||
self.arguments_for['curve'] = sorted(self.ecc_curves)
|
self.arguments_for['curve'] = sorted(self.ecc_curves)
|
||||||
|
self.arguments_for['group'] = sorted(self.dh_groups)
|
||||||
|
|
||||||
def format_arguments(self, name, arguments):
|
def format_arguments(self, name, arguments):
|
||||||
'''Format a macro call with arguments..'''
|
'''Format a macro call with arguments..'''
|
||||||
@ -184,6 +187,8 @@ where each argument takes each possible value at least once.'''
|
|||||||
self.key_types.add(argument)
|
self.key_types.add(argument)
|
||||||
elif function == 'ecc_key_types':
|
elif function == 'ecc_key_types':
|
||||||
self.ecc_curves.add(argument)
|
self.ecc_curves.add(argument)
|
||||||
|
elif function == 'dh_key_types':
|
||||||
|
self.dh_groups.add(argument)
|
||||||
|
|
||||||
# Regex matching a *.data line containing a test function call and
|
# Regex matching a *.data line containing a test function call and
|
||||||
# its arguments. The actual definition is partly positional, but this
|
# its arguments. The actual definition is partly positional, but this
|
||||||
@ -299,6 +304,7 @@ not as expected.'''
|
|||||||
for type, names in [('status', inputs.statuses),
|
for type, names in [('status', inputs.statuses),
|
||||||
('algorithm', inputs.algorithms),
|
('algorithm', inputs.algorithms),
|
||||||
('ecc_curve', inputs.ecc_curves),
|
('ecc_curve', inputs.ecc_curves),
|
||||||
|
('dh_group', inputs.dh_groups),
|
||||||
('key_type', inputs.key_types),
|
('key_type', inputs.key_types),
|
||||||
('key_usage', inputs.key_usage_flags)]:
|
('key_usage', inputs.key_usage_flags)]:
|
||||||
c, e = do_test(options, inputs, type, names)
|
c, e = do_test(options, inputs, type, names)
|
||||||
|
@ -454,3 +454,19 @@ ecc_key_types:PSA_ECC_CURVE_CURVE25519:255
|
|||||||
ECC key types: Curve448
|
ECC key types: Curve448
|
||||||
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
|
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||||
ecc_key_types:PSA_ECC_CURVE_CURVE448:448
|
ecc_key_types:PSA_ECC_CURVE_CURVE448:448
|
||||||
|
|
||||||
|
DH group types: FFDHE2048
|
||||||
|
dh_key_types:PSA_DH_GROUP_FFDHE2048:2048
|
||||||
|
|
||||||
|
DH group types: FFDHE3072
|
||||||
|
dh_key_types:PSA_DH_GROUP_FFDHE3072:2048
|
||||||
|
|
||||||
|
DH group types: FFDHE4096
|
||||||
|
dh_key_types:PSA_DH_GROUP_FFDHE4096:2048
|
||||||
|
|
||||||
|
DH group types: FFDHE6144
|
||||||
|
dh_key_types:PSA_DH_GROUP_FFDHE6144:2048
|
||||||
|
|
||||||
|
DH group types: FFDHE8192
|
||||||
|
dh_key_types:PSA_DH_GROUP_FFDHE8192:2048
|
||||||
|
|
||||||
|
@ -49,6 +49,7 @@
|
|||||||
#define KEY_TYPE_IS_RSA ( 1u << 4 )
|
#define KEY_TYPE_IS_RSA ( 1u << 4 )
|
||||||
#define KEY_TYPE_IS_DSA ( 1u << 5 )
|
#define KEY_TYPE_IS_DSA ( 1u << 5 )
|
||||||
#define KEY_TYPE_IS_ECC ( 1u << 6 )
|
#define KEY_TYPE_IS_ECC ( 1u << 6 )
|
||||||
|
#define KEY_TYPE_IS_DH ( 1u << 7 )
|
||||||
|
|
||||||
#define TEST_CLASSIFICATION_MACRO( flag, alg, flags ) \
|
#define TEST_CLASSIFICATION_MACRO( flag, alg, flags ) \
|
||||||
TEST_ASSERT( PSA_##flag( alg ) == !! ( ( flags ) & flag ) )
|
TEST_ASSERT( PSA_##flag( alg ) == !! ( ( flags ) & flag ) )
|
||||||
@ -91,6 +92,7 @@ void key_type_classification( psa_key_type_t type, unsigned flags )
|
|||||||
TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_KEYPAIR, type, flags );
|
TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_KEYPAIR, type, flags );
|
||||||
TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_RSA, type, flags );
|
TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_RSA, type, flags );
|
||||||
TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_ECC, type, flags );
|
TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_ECC, type, flags );
|
||||||
|
TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_DH, type, flags );
|
||||||
|
|
||||||
/* Macros with derived semantics */
|
/* Macros with derived semantics */
|
||||||
TEST_EQUAL( PSA_KEY_TYPE_IS_ASYMMETRIC( type ),
|
TEST_EQUAL( PSA_KEY_TYPE_IS_ASYMMETRIC( type ),
|
||||||
@ -102,6 +104,12 @@ void key_type_classification( psa_key_type_t type, unsigned flags )
|
|||||||
TEST_EQUAL( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ),
|
TEST_EQUAL( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ),
|
||||||
( PSA_KEY_TYPE_IS_ECC( type ) &&
|
( PSA_KEY_TYPE_IS_ECC( type ) &&
|
||||||
PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) );
|
PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) );
|
||||||
|
TEST_EQUAL( PSA_KEY_TYPE_IS_DH_KEYPAIR( type ),
|
||||||
|
( PSA_KEY_TYPE_IS_DH( type ) &&
|
||||||
|
PSA_KEY_TYPE_IS_KEYPAIR( type ) ) );
|
||||||
|
TEST_EQUAL( PSA_KEY_TYPE_IS_DH_PUBLIC_KEY( type ),
|
||||||
|
( PSA_KEY_TYPE_IS_DH( type ) &&
|
||||||
|
PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) );
|
||||||
|
|
||||||
exit: ;
|
exit: ;
|
||||||
}
|
}
|
||||||
@ -457,3 +465,22 @@ void ecc_key_types( int curve_arg, int curve_bits_arg )
|
|||||||
TEST_ASSERT( curve_bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS );
|
TEST_ASSERT( curve_bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS );
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
|
/* BEGIN_CASE depends_on:MBEDTLS_DHM_C */
|
||||||
|
void dh_key_types( int group_arg, int group_bits_arg )
|
||||||
|
{
|
||||||
|
psa_dh_group_t group = group_arg;
|
||||||
|
size_t group_bits = group_bits_arg;
|
||||||
|
psa_key_type_t public_type = PSA_KEY_TYPE_DH_PUBLIC_KEY( group );
|
||||||
|
psa_key_type_t pair_type = PSA_KEY_TYPE_DH_KEYPAIR( group );
|
||||||
|
|
||||||
|
test_key_type( public_type, KEY_TYPE_IS_DH | KEY_TYPE_IS_PUBLIC_KEY );
|
||||||
|
test_key_type( pair_type, KEY_TYPE_IS_DH | KEY_TYPE_IS_KEYPAIR );
|
||||||
|
|
||||||
|
TEST_EQUAL( PSA_KEY_TYPE_GET_GROUP( public_type ), group );
|
||||||
|
TEST_EQUAL( PSA_KEY_TYPE_GET_GROUP( pair_type ), group );
|
||||||
|
|
||||||
|
/* We have nothing to validate about the group size yet. */
|
||||||
|
(void) group_bits;
|
||||||
|
}
|
||||||
|
/* END_CASE */
|
||||||
|
Loading…
Reference in New Issue
Block a user