mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 22:05:42 +01:00
71fd80d279
In preparation for the implementation of the accelerator APIs. This is ramping up to the goal of only storing the export representation in the key slot, and not keeping the crypto implementation-specific representations around. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
178 lines
5.3 KiB
C
178 lines
5.3 KiB
C
/*
|
|
* PSA crypto core internal interfaces
|
|
*/
|
|
/*
|
|
* Copyright (C) 2018, ARM Limited, All Rights Reserved
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
* not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*
|
|
* This file is part of mbed TLS (https://tls.mbed.org)
|
|
*/
|
|
|
|
#ifndef PSA_CRYPTO_CORE_H
|
|
#define PSA_CRYPTO_CORE_H
|
|
|
|
#if !defined(MBEDTLS_CONFIG_FILE)
|
|
#include "mbedtls/config.h"
|
|
#else
|
|
#include MBEDTLS_CONFIG_FILE
|
|
#endif
|
|
|
|
#include "psa/crypto.h"
|
|
#include "psa/crypto_se_driver.h"
|
|
|
|
#include "mbedtls/ecp.h"
|
|
#include "mbedtls/rsa.h"
|
|
|
|
/** The data structure representing a key slot, containing key material
|
|
* and metadata for one key.
|
|
*/
|
|
typedef struct
|
|
{
|
|
psa_core_key_attributes_t attr;
|
|
union
|
|
{
|
|
/* Dynamically allocated key data buffer.
|
|
* Format as specified in psa_export_key(). */
|
|
struct key_data
|
|
{
|
|
uint8_t *data;
|
|
size_t bytes;
|
|
} key;
|
|
#if defined(MBEDTLS_RSA_C)
|
|
/* RSA public key or key pair */
|
|
mbedtls_rsa_context *rsa;
|
|
#endif /* MBEDTLS_RSA_C */
|
|
#if defined(MBEDTLS_ECP_C)
|
|
/* EC public key or key pair */
|
|
mbedtls_ecp_keypair *ecp;
|
|
#endif /* MBEDTLS_ECP_C */
|
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
|
/* Any key type in a secure element */
|
|
struct se
|
|
{
|
|
psa_key_slot_number_t slot_number;
|
|
} se;
|
|
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
|
} data;
|
|
} psa_key_slot_t;
|
|
|
|
/* A mask of key attribute flags used only internally.
|
|
* Currently there aren't any. */
|
|
#define PSA_KA_MASK_INTERNAL_ONLY ( \
|
|
0 )
|
|
|
|
/** Test whether a key slot is occupied.
|
|
*
|
|
* A key slot is occupied iff the key type is nonzero. This works because
|
|
* no valid key can have 0 as its key type.
|
|
*
|
|
* \param[in] slot The key slot to test.
|
|
*
|
|
* \return 1 if the slot is occupied, 0 otherwise.
|
|
*/
|
|
static inline int psa_is_key_slot_occupied( const psa_key_slot_t *slot )
|
|
{
|
|
return( slot->attr.type != 0 );
|
|
}
|
|
|
|
/** Retrieve flags from psa_key_slot_t::attr::core::flags.
|
|
*
|
|
* \param[in] slot The key slot to query.
|
|
* \param mask The mask of bits to extract.
|
|
*
|
|
* \return The key attribute flags in the given slot,
|
|
* bitwise-anded with \p mask.
|
|
*/
|
|
static inline uint16_t psa_key_slot_get_flags( const psa_key_slot_t *slot,
|
|
uint16_t mask )
|
|
{
|
|
return( slot->attr.flags & mask );
|
|
}
|
|
|
|
/** Set flags in psa_key_slot_t::attr::core::flags.
|
|
*
|
|
* \param[in,out] slot The key slot to modify.
|
|
* \param mask The mask of bits to modify.
|
|
* \param value The new value of the selected bits.
|
|
*/
|
|
static inline void psa_key_slot_set_flags( psa_key_slot_t *slot,
|
|
uint16_t mask,
|
|
uint16_t value )
|
|
{
|
|
slot->attr.flags = ( ( ~mask & slot->attr.flags ) |
|
|
( mask & value ) );
|
|
}
|
|
|
|
/** Turn on flags in psa_key_slot_t::attr::core::flags.
|
|
*
|
|
* \param[in,out] slot The key slot to modify.
|
|
* \param mask The mask of bits to set.
|
|
*/
|
|
static inline void psa_key_slot_set_bits_in_flags( psa_key_slot_t *slot,
|
|
uint16_t mask )
|
|
{
|
|
slot->attr.flags |= mask;
|
|
}
|
|
|
|
/** Turn off flags in psa_key_slot_t::attr::core::flags.
|
|
*
|
|
* \param[in,out] slot The key slot to modify.
|
|
* \param mask The mask of bits to clear.
|
|
*/
|
|
static inline void psa_key_slot_clear_bits( psa_key_slot_t *slot,
|
|
uint16_t mask )
|
|
{
|
|
slot->attr.flags &= ~mask;
|
|
}
|
|
|
|
/** Completely wipe a slot in memory, including its policy.
|
|
*
|
|
* Persistent storage is not affected.
|
|
*
|
|
* \param[in,out] slot The key slot to wipe.
|
|
*
|
|
* \retval PSA_SUCCESS
|
|
* Success. This includes the case of a key slot that was
|
|
* already fully wiped.
|
|
* \retval PSA_ERROR_CORRUPTION_DETECTED
|
|
*/
|
|
psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot );
|
|
|
|
/** Import key data into a slot.
|
|
*
|
|
* `slot->type` must have been set previously.
|
|
* This function assumes that the slot does not contain any key material yet.
|
|
* On failure, the slot content is unchanged.
|
|
*
|
|
* Persistent storage is not affected.
|
|
*
|
|
* \param[in,out] slot The key slot to import data into.
|
|
* Its `type` field must have previously been set to
|
|
* the desired key type.
|
|
* It must not contain any key material yet.
|
|
* \param[in] data Buffer containing the key material to parse and import.
|
|
* \param data_length Size of \p data in bytes.
|
|
*
|
|
* \retval PSA_SUCCESS
|
|
* \retval PSA_ERROR_INVALID_ARGUMENT
|
|
* \retval PSA_ERROR_NOT_SUPPORTED
|
|
* \retval PSA_ERROR_INSUFFICIENT_MEMORY
|
|
*/
|
|
psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
|
|
const uint8_t *data,
|
|
size_t data_length );
|
|
|
|
#endif /* PSA_CRYPTO_CORE_H */
|