mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-12 19:35:38 +00:00
Merge pull request #178 from ARMmbed/dev/Patater/driver-model-fixes
Update crypto_driver.h for driver model terminology and also to pass CI
This commit is contained in:
Jaeden Amero
GitHub
commit
243794fc38
|
|
@ -2,10 +2,11 @@
|
||||||
* \file psa/crypto_driver.h
|
* \file psa/crypto_driver.h
|
||||||
* \brief Platform Security Architecture cryptographic driver module
|
* \brief Platform Security Architecture cryptographic driver module
|
||||||
*
|
*
|
||||||
* This file describes an API for driver developers to implement to enable
|
* This file describes the PSA Crypto Driver Model, containing functions for
|
||||||
* hardware to be called in a standardized way by a PSA Cryptographic API
|
* driver developers to implement to enable hardware to be called in a
|
||||||
* implementation. The API described is not intended to be called by
|
* standardized way by a PSA Cryptographic API implementation. The functions
|
||||||
* application developers.
|
* comprising the driver model, which driver authors implement, are not
|
||||||
|
* intended to be called by application developers.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -24,19 +25,23 @@
|
||||||
* See the License for the specific language governing permissions and
|
* See the License for the specific language governing permissions and
|
||||||
* limitations under the License.
|
* limitations under the License.
|
||||||
*/
|
*/
|
||||||
#ifndef __PSA_CRYPTO_DRIVER_H__
|
#ifndef PSA_CRYPTO_DRIVER_H
|
||||||
#define __PSA_CRYPTO_DRIVER_H__
|
#define PSA_CRYPTO_DRIVER_H
|
||||||
|
|
||||||
#include <stddef.h>
|
#include <stddef.h>
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
|
#endif
|
||||||
|
|
||||||
/** The following types are redefinitions from the psa/crypto.h file.
|
/** The following types are redefinitions from the psa/crypto.h file.
|
||||||
* It is intended that these will be moved to a new common header file to
|
* It is intended that these will be moved to a new common header file to
|
||||||
* avoid duplication. They are included here for expediency in publication.
|
* avoid duplication. They are included here for expediency in publication.
|
||||||
*/
|
*/
|
||||||
typedef uint32_t psa_status_t;
|
typedef uint32_t psa_status_t;
|
||||||
typedef uint32_t psa_algorithm_t;
|
typedef uint32_t psa_algorithm_t;
|
||||||
typedef uint8_t encrypt_or_decrypt_t;
|
typedef uint8_t psa_encrypt_or_decrypt_t;
|
||||||
typedef uint32_t psa_key_slot_t;
|
typedef uint32_t psa_key_slot_t;
|
||||||
typedef uint32_t psa_key_type_t;
|
typedef uint32_t psa_key_type_t;
|
||||||
typedef uint32_t psa_key_usage_t;
|
typedef uint32_t psa_key_usage_t;
|
||||||
|
|
@ -47,7 +52,7 @@ typedef uint32_t psa_key_usage_t;
|
||||||
/** \defgroup opaque_mac Opaque Message Authentication Code
|
/** \defgroup opaque_mac Opaque Message Authentication Code
|
||||||
* Generation and authentication of Message Authentication Codes (MACs) using
|
* Generation and authentication of Message Authentication Codes (MACs) using
|
||||||
* opaque keys can be done either as a single function call (via the
|
* opaque keys can be done either as a single function call (via the
|
||||||
* `pcd_mac_opaque_generate_t` or `psa_mac_opaque_verify_t` functions), or in
|
* `psa_drv_mac_opaque_generate_t` or `psa_mac_opaque_verify_t` functions), or in
|
||||||
* parts using the following sequence:
|
* parts using the following sequence:
|
||||||
* - `psa_mac_opaque_setup_t`
|
* - `psa_mac_opaque_setup_t`
|
||||||
* - `psa_mac_opaque_update_t`
|
* - `psa_mac_opaque_update_t`
|
||||||
|
|
@ -74,7 +79,7 @@ typedef uint32_t psa_key_usage_t;
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
* Success.
|
* Success.
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_mac_opaque_setup_t)(void *p_context,
|
typedef psa_status_t (*psa_drv_mac_opaque_setup_t)(void *p_context,
|
||||||
psa_key_slot_t key_slot,
|
psa_key_slot_t key_slot,
|
||||||
psa_algorithm_t algorithm);
|
psa_algorithm_t algorithm);
|
||||||
|
|
||||||
|
|
@ -88,7 +93,7 @@ typedef psa_status_t (*pcd_mac_opaque_setup_t)(void *p_context,
|
||||||
* to the MAC operation
|
* to the MAC operation
|
||||||
* \param[in] input_length The size in bytes of the input message buffer
|
* \param[in] input_length The size in bytes of the input message buffer
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_mac_opaque_update_t)(void *p_context,
|
typedef psa_status_t (*psa_drv_mac_opaque_update_t)(void *p_context,
|
||||||
const uint8_t *p_input,
|
const uint8_t *p_input,
|
||||||
size_t input_length);
|
size_t input_length);
|
||||||
|
|
||||||
|
|
@ -108,7 +113,7 @@ typedef psa_status_t (*pcd_mac_opaque_update_t)(void *p_context,
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
* Success.
|
* Success.
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_mac_opaque_finish_t)(void *p_context,
|
typedef psa_status_t (*psa_drv_mac_opaque_finish_t)(void *p_context,
|
||||||
uint8_t *p_mac,
|
uint8_t *p_mac,
|
||||||
size_t mac_size,
|
size_t mac_size,
|
||||||
size_t *p_mac_length);
|
size_t *p_mac_length);
|
||||||
|
|
@ -129,7 +134,7 @@ typedef psa_status_t (*pcd_mac_opaque_finish_t)(void *p_context,
|
||||||
* The operation completed successfully, but the calculated MAC did
|
* The operation completed successfully, but the calculated MAC did
|
||||||
* not match the provided MAC
|
* not match the provided MAC
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_mac_opaque_finish_verify_t)(void *p_context,
|
typedef psa_status_t (*psa_drv_mac_opaque_finish_verify_t)(void *p_context,
|
||||||
const uint8_t *p_mac,
|
const uint8_t *p_mac,
|
||||||
size_t mac_length);
|
size_t mac_length);
|
||||||
|
|
||||||
|
|
@ -138,7 +143,7 @@ typedef psa_status_t (*pcd_mac_opaque_finish_verify_t)(void *p_context,
|
||||||
* \param[in,out] p_context A hardware-specific structure for the previously
|
* \param[in,out] p_context A hardware-specific structure for the previously
|
||||||
* started MAC operation to be aborted
|
* started MAC operation to be aborted
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_mac_opaque_abort_t)(void *p_context);
|
typedef psa_status_t (*psa_drv_mac_opaque_abort_t)(void *p_context);
|
||||||
|
|
||||||
/** \brief A function that performs a MAC operation in one command and returns
|
/** \brief A function that performs a MAC operation in one command and returns
|
||||||
* the calculated MAC using an opaque key
|
* the calculated MAC using an opaque key
|
||||||
|
|
@ -157,7 +162,7 @@ typedef psa_status_t (*pcd_mac_opaque_abort_t)(void *p_context);
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
* Success.
|
* Success.
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_mac_opaque_generate_t)(const uint8_t *p_input,
|
typedef psa_status_t (*psa_drv_mac_opaque_generate_t)(const uint8_t *p_input,
|
||||||
size_t input_length,
|
size_t input_length,
|
||||||
psa_key_slot_t key_slot,
|
psa_key_slot_t key_slot,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
|
|
@ -184,7 +189,7 @@ typedef psa_status_t (*pcd_mac_opaque_generate_t)(const uint8_t *p_input,
|
||||||
* The operation completed successfully, but the calculated MAC did
|
* The operation completed successfully, but the calculated MAC did
|
||||||
* not match the provided MAC
|
* not match the provided MAC
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_mac_opaque_verify_t)(const uint8_t *p_input,
|
typedef psa_status_t (*psa_drv_mac_opaque_verify_t)(const uint8_t *p_input,
|
||||||
size_t input_length,
|
size_t input_length,
|
||||||
psa_key_slot_t key_slot,
|
psa_key_slot_t key_slot,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
|
|
@ -198,7 +203,7 @@ typedef psa_status_t (*pcd_mac_opaque_verify_t)(const uint8_t *p_input,
|
||||||
* upon startup.
|
* upon startup.
|
||||||
*
|
*
|
||||||
* If one of the functions is not implemented (such as
|
* If one of the functions is not implemented (such as
|
||||||
* `pcd_mac_opaque_generate_t`), it should be set to NULL.
|
* `psa_drv_mac_opaque_generate_t`), it should be set to NULL.
|
||||||
*
|
*
|
||||||
* Driver implementers should ensure that they implement all of the functions
|
* Driver implementers should ensure that they implement all of the functions
|
||||||
* that make sense for their hardware, and that they provide a full solution
|
* that make sense for their hardware, and that they provide a full solution
|
||||||
|
|
@ -206,38 +211,38 @@ typedef psa_status_t (*pcd_mac_opaque_verify_t)(const uint8_t *p_input,
|
||||||
* `p_update` and at least one of `p_finish` or `p_finish_verify`).
|
* `p_update` and at least one of `p_finish` or `p_finish_verify`).
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
struct pcd_mac_opaque_t {
|
typedef struct {
|
||||||
/**The size in bytes of the hardware-specific Opaque-MAC Context structure
|
/**The size in bytes of the hardware-specific Opaque-MAC Context structure
|
||||||
*/
|
*/
|
||||||
size_t context_size;
|
size_t context_size;
|
||||||
/** Function that performs the setup operation
|
/** Function that performs the setup operation
|
||||||
*/
|
*/
|
||||||
pcd_mac_opaque_setup_t *p_setup;
|
psa_drv_mac_opaque_setup_t *p_setup;
|
||||||
/** Function that performs the update operation
|
/** Function that performs the update operation
|
||||||
*/
|
*/
|
||||||
pcd_mac_opaque_update_t *p_update;
|
psa_drv_mac_opaque_update_t *p_update;
|
||||||
/** Function that completes the operation
|
/** Function that completes the operation
|
||||||
*/
|
*/
|
||||||
pcd_mac_opaque_finish_t *p_finish;
|
psa_drv_mac_opaque_finish_t *p_finish;
|
||||||
/** Function that completed a MAC operation with a verify check
|
/** Function that completed a MAC operation with a verify check
|
||||||
*/
|
*/
|
||||||
pcd_mac_opaque_finish_verify_t *p_finish_verify;
|
psa_drv_mac_opaque_finish_verify_t *p_finish_verify;
|
||||||
/** Function that aborts a previoustly started operation
|
/** Function that aborts a previoustly started operation
|
||||||
*/
|
*/
|
||||||
pcd_mac_opaque_abort_t *p_abort;
|
psa_drv_mac_opaque_abort_t *p_abort;
|
||||||
/** Function that performs the MAC operation in one call
|
/** Function that performs the MAC operation in one call
|
||||||
*/
|
*/
|
||||||
pcd_mac_opaque_generate_t *p_mac;
|
psa_drv_mac_opaque_generate_t *p_mac;
|
||||||
/** Function that performs the MAC and verify operation in one call
|
/** Function that performs the MAC and verify operation in one call
|
||||||
*/
|
*/
|
||||||
pcd_mac_opaque_verify_t *p_mac_verify;
|
psa_drv_mac_opaque_verify_t *p_mac_verify;
|
||||||
};
|
} psa_drv_mac_opaque_t;
|
||||||
/**@}*/
|
/**@}*/
|
||||||
|
|
||||||
/** \defgroup transparent_mac Transparent Message Authentication Code
|
/** \defgroup transparent_mac Transparent Message Authentication Code
|
||||||
* Generation and authentication of Message Authentication Codes (MACs) using
|
* Generation and authentication of Message Authentication Codes (MACs) using
|
||||||
* transparent keys can be done either as a single function call (via the
|
* transparent keys can be done either as a single function call (via the
|
||||||
* `pcd_mac_transparent_generate_t` or `psa_mac_transparent_verify_t`
|
* `psa_drv_mac_transparent_generate_t` or `psa_mac_transparent_verify_t`
|
||||||
* functions), or in parts using the following sequence:
|
* functions), or in parts using the following sequence:
|
||||||
* - `psa_mac_transparent_setup_t`
|
* - `psa_mac_transparent_setup_t`
|
||||||
* - `psa_mac_transparent_update_t`
|
* - `psa_mac_transparent_update_t`
|
||||||
|
|
@ -258,7 +263,7 @@ struct pcd_mac_opaque_t {
|
||||||
* The contents of this structure are implementation dependent and are
|
* The contents of this structure are implementation dependent and are
|
||||||
* therefore not described here.
|
* therefore not described here.
|
||||||
*/
|
*/
|
||||||
typedef struct pcd_mac_transparent_context_s pcd_mac_transparent_context_t;
|
typedef struct psa_drv_mac_transparent_context_s psa_drv_mac_transparent_context_t;
|
||||||
|
|
||||||
/** \brief The function prototype for the setup operation of a
|
/** \brief The function prototype for the setup operation of a
|
||||||
* transparent-key MAC operation
|
* transparent-key MAC operation
|
||||||
|
|
@ -266,7 +271,7 @@ typedef struct pcd_mac_transparent_context_s pcd_mac_transparent_context_t;
|
||||||
* Functions that implement the prototype should be named in the following
|
* Functions that implement the prototype should be named in the following
|
||||||
* convention:
|
* convention:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_mac_transparent_<ALGO>_<MAC_VARIANT>_setup
|
* psa_drv_mac_transparent_<ALGO>_<MAC_VARIANT>_setup
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where `ALGO` is the name of the underlying primitive, and `MAC_VARIANT`
|
* Where `ALGO` is the name of the underlying primitive, and `MAC_VARIANT`
|
||||||
* is the specific variant of a MAC operation (such as HMAC or CMAC)
|
* is the specific variant of a MAC operation (such as HMAC or CMAC)
|
||||||
|
|
@ -280,7 +285,7 @@ typedef struct pcd_mac_transparent_context_s pcd_mac_transparent_context_t;
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
* Success.
|
* Success.
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_mac_transparent_setup_t)(pcd_mac_transparent_context_t *p_context,
|
typedef psa_status_t (*psa_drv_mac_transparent_setup_t)(psa_drv_mac_transparent_context_t *p_context,
|
||||||
const uint8_t *p_key,
|
const uint8_t *p_key,
|
||||||
size_t key_length);
|
size_t key_length);
|
||||||
|
|
||||||
|
|
@ -290,7 +295,7 @@ typedef psa_status_t (*pcd_mac_transparent_setup_t)(pcd_mac_transparent_context_
|
||||||
* Functions that implement the prototype should be named in the following
|
* Functions that implement the prototype should be named in the following
|
||||||
* convention:
|
* convention:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_mac_transparent_<ALGO>_<MAC_VARIANT>_update
|
* psa_drv_mac_transparent_<ALGO>_<MAC_VARIANT>_update
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT`
|
* Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT`
|
||||||
* is the specific variant of a MAC operation (such as HMAC or CMAC)
|
* is the specific variant of a MAC operation (such as HMAC or CMAC)
|
||||||
|
|
@ -302,7 +307,7 @@ typedef psa_status_t (*pcd_mac_transparent_setup_t)(pcd_mac_transparent_context_
|
||||||
* to the MAC operation
|
* to the MAC operation
|
||||||
* \param[in] input_length The size in bytes of the input message buffer
|
* \param[in] input_length The size in bytes of the input message buffer
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_mac_transparent_update_t)(pcd_mac_transparent_context_t *p_context,
|
typedef psa_status_t (*psa_drv_mac_transparent_update_t)(psa_drv_mac_transparent_context_t *p_context,
|
||||||
const uint8_t *p_input,
|
const uint8_t *p_input,
|
||||||
size_t input_length);
|
size_t input_length);
|
||||||
|
|
||||||
|
|
@ -312,7 +317,7 @@ typedef psa_status_t (*pcd_mac_transparent_update_t)(pcd_mac_transparent_context
|
||||||
* Functions that implement the prototype should be named in the following
|
* Functions that implement the prototype should be named in the following
|
||||||
* convention:
|
* convention:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_mac_transparent_<ALGO>_<MAC_VARIANT>_finish
|
* psa_drv_mac_transparent_<ALGO>_<MAC_VARIANT>_finish
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
|
* Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
|
||||||
* the specific variant of a MAC operation (such as HMAC or CMAC)
|
* the specific variant of a MAC operation (such as HMAC or CMAC)
|
||||||
|
|
@ -327,7 +332,7 @@ typedef psa_status_t (*pcd_mac_transparent_update_t)(pcd_mac_transparent_context
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
* Success.
|
* Success.
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_mac_transparent_finish_t)(pcd_mac_transparent_context_t *p_context,
|
typedef psa_status_t (*psa_drv_mac_transparent_finish_t)(psa_drv_mac_transparent_context_t *p_context,
|
||||||
uint8_t *p_mac,
|
uint8_t *p_mac,
|
||||||
size_t mac_length);
|
size_t mac_length);
|
||||||
|
|
||||||
|
|
@ -337,7 +342,7 @@ typedef psa_status_t (*pcd_mac_transparent_finish_t)(pcd_mac_transparent_context
|
||||||
* Functions that implement the prototype should be named in the following
|
* Functions that implement the prototype should be named in the following
|
||||||
* convention:
|
* convention:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_mac_transparent_<ALGO>_<MAC_VARIANT>_finish_verify
|
* psa_drv_mac_transparent_<ALGO>_<MAC_VARIANT>_finish_verify
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
|
* Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
|
||||||
* the specific variant of a MAC operation (such as HMAC or CMAC)
|
* the specific variant of a MAC operation (such as HMAC or CMAC)
|
||||||
|
|
@ -353,7 +358,7 @@ typedef psa_status_t (*pcd_mac_transparent_finish_t)(pcd_mac_transparent_context
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
* The operation completed successfully and the comparison matched
|
* The operation completed successfully and the comparison matched
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_mac_transparent_finish_verify_t)(pcd_mac_transparent_context_t *p_context,
|
typedef psa_status_t (*psa_drv_mac_transparent_finish_verify_t)(psa_drv_mac_transparent_context_t *p_context,
|
||||||
const uint8_t *p_mac,
|
const uint8_t *p_mac,
|
||||||
size_t mac_length);
|
size_t mac_length);
|
||||||
|
|
||||||
|
|
@ -363,7 +368,7 @@ typedef psa_status_t (*pcd_mac_transparent_finish_verify_t)(pcd_mac_transparent_
|
||||||
* Functions that implement the prototype should be named in the following
|
* Functions that implement the prototype should be named in the following
|
||||||
* convention:
|
* convention:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_mac_transparent_<ALGO>_<MAC_VARIANT>_abort
|
* psa_drv_mac_transparent_<ALGO>_<MAC_VARIANT>_abort
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
|
* Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
|
||||||
* the specific variant of a MAC operation (such as HMAC or CMAC)
|
* the specific variant of a MAC operation (such as HMAC or CMAC)
|
||||||
|
|
@ -373,7 +378,7 @@ typedef psa_status_t (*pcd_mac_transparent_finish_verify_t)(pcd_mac_transparent_
|
||||||
* aborted
|
* aborted
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_mac_transparent_abort_t)(pcd_mac_transparent_context_t *p_context);
|
typedef psa_status_t (*psa_drv_mac_transparent_abort_t)(psa_drv_mac_transparent_context_t *p_context);
|
||||||
|
|
||||||
/** \brief The function prototype for a one-shot operation of a transparent-key
|
/** \brief The function prototype for a one-shot operation of a transparent-key
|
||||||
* MAC operation
|
* MAC operation
|
||||||
|
|
@ -381,7 +386,7 @@ typedef psa_status_t (*pcd_mac_transparent_abort_t)(pcd_mac_transparent_context_
|
||||||
* Functions that implement the prototype should be named in the following
|
* Functions that implement the prototype should be named in the following
|
||||||
* convention:
|
* convention:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_mac_transparent_<ALGO>_<MAC_VARIANT>
|
* psa_drv_mac_transparent_<ALGO>_<MAC_VARIANT>
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
|
* Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
|
||||||
* the specific variant of a MAC operation (such as HMAC or CMAC)
|
* the specific variant of a MAC operation (such as HMAC or CMAC)
|
||||||
|
|
@ -396,7 +401,7 @@ typedef psa_status_t (*pcd_mac_transparent_abort_t)(pcd_mac_transparent_context_
|
||||||
* upon success
|
* upon success
|
||||||
* \param[in] mac_length The length in bytes of the `p_mac` buffer
|
* \param[in] mac_length The length in bytes of the `p_mac` buffer
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_mac_transparent_t)(const uint8_t *p_input,
|
typedef psa_status_t (*psa_drv_mac_transparent_t)(const uint8_t *p_input,
|
||||||
size_t input_length,
|
size_t input_length,
|
||||||
const uint8_t *p_key,
|
const uint8_t *p_key,
|
||||||
size_t key_length,
|
size_t key_length,
|
||||||
|
|
@ -410,7 +415,7 @@ typedef psa_status_t (*pcd_mac_transparent_t)(const uint8_t *p_input,
|
||||||
* Functions that implement the prototype should be named in the following
|
* Functions that implement the prototype should be named in the following
|
||||||
* convention:
|
* convention:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_mac_transparent_<ALGO>_<MAC_VARIANT>_verify
|
* psa_drv_mac_transparent_<ALGO>_<MAC_VARIANT>_verify
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
|
* Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
|
||||||
* the specific variant of a MAC operation (such as HMAC or CMAC)
|
* the specific variant of a MAC operation (such as HMAC or CMAC)
|
||||||
|
|
@ -427,7 +432,7 @@ typedef psa_status_t (*pcd_mac_transparent_t)(const uint8_t *p_input,
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
* The operation completed successfully and the comparison matched
|
* The operation completed successfully and the comparison matched
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_mac_transparent_verify_t)(const uint8_t *p_input,
|
typedef psa_status_t (*psa_drv_mac_transparent_verify_t)(const uint8_t *p_input,
|
||||||
size_t input_length,
|
size_t input_length,
|
||||||
const uint8_t *p_key,
|
const uint8_t *p_key,
|
||||||
size_t key_length,
|
size_t key_length,
|
||||||
|
|
@ -440,11 +445,11 @@ typedef psa_status_t (*pcd_mac_transparent_verify_t)(const uint8_t *p_input,
|
||||||
*
|
*
|
||||||
* Encryption and Decryption using opaque keys in block modes other than ECB
|
* Encryption and Decryption using opaque keys in block modes other than ECB
|
||||||
* must be done in multiple parts, using the following flow:
|
* must be done in multiple parts, using the following flow:
|
||||||
* - `pcd_cipher_opaque_setup_t`
|
* - `psa_drv_cipher_opaque_setup_t`
|
||||||
* - `pcd_cipher_opaque_set_iv_t` (optional depending upon block mode)
|
* - `psa_drv_cipher_opaque_set_iv_t` (optional depending upon block mode)
|
||||||
* - `pcd_cipher_opaque_update_t`
|
* - `psa_drv_cipher_opaque_update_t`
|
||||||
* - ...
|
* - ...
|
||||||
* - `pcd_cipher_opaque_finish_t`
|
* - `psa_drv_cipher_opaque_finish_t`
|
||||||
|
|
||||||
* If a previously started Opaque Cipher operation needs to be terminated, it
|
* If a previously started Opaque Cipher operation needs to be terminated, it
|
||||||
* should be done so by the `psa_cipher_opaque_abort_t`. Failure to do so may
|
* should be done so by the `psa_cipher_opaque_abort_t`. Failure to do so may
|
||||||
|
|
@ -453,7 +458,7 @@ typedef psa_status_t (*pcd_mac_transparent_verify_t)(const uint8_t *p_input,
|
||||||
*
|
*
|
||||||
* In situations where a PSA Cryptographic API implementation is using a block
|
* In situations where a PSA Cryptographic API implementation is using a block
|
||||||
* mode not-supported by the underlying hardware or driver, it can construct
|
* mode not-supported by the underlying hardware or driver, it can construct
|
||||||
* the block mode itself, while calling the `pcd_cipher_opaque_ecb_t` function
|
* the block mode itself, while calling the `psa_drv_cipher_opaque_ecb_t` function
|
||||||
* pointer for the cipher operations.
|
* pointer for the cipher operations.
|
||||||
*/
|
*/
|
||||||
/**@{*/
|
/**@{*/
|
||||||
|
|
@ -473,18 +478,18 @@ typedef psa_status_t (*pcd_mac_transparent_verify_t)(const uint8_t *p_input,
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
* \retval PSA_ERROR_NOT_SUPPORTED
|
* \retval PSA_ERROR_NOT_SUPPORTED
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_cipher_opaque_setup_t)(void *p_context,
|
typedef psa_status_t (*psa_drv_cipher_opaque_setup_t)(void *p_context,
|
||||||
psa_key_slot_t key_slot,
|
psa_key_slot_t key_slot,
|
||||||
psa_algorithm_t algorithm,
|
psa_algorithm_t algorithm,
|
||||||
encrypt_or_decrypt_t direction);
|
psa_encrypt_or_decrypt_t direction);
|
||||||
|
|
||||||
/** \brief A function pointer that sets the initialization vector (if
|
/** \brief A function pointer that sets the initialization vector (if
|
||||||
* necessary) for an opaque cipher operation
|
* necessary) for an opaque cipher operation
|
||||||
*
|
*
|
||||||
* Rationale: The `psa_cipher_*` function in the PSA Cryptographic API has two
|
* Rationale: The `psa_cipher_*` function in the PSA Cryptographic API has two
|
||||||
* IV functions: one to set the IV, and one to generate it internally. The
|
* IV functions: one to set the IV, and one to generate it internally. The
|
||||||
* generate function is not necessary for the driver API as the PSA Crypto
|
* generate function is not necessary for the drivers to implement as the PSA
|
||||||
* implementation can do the generation using its RNG features.
|
* Crypto implementation can do the generation using its RNG features.
|
||||||
*
|
*
|
||||||
* \param[in,out] p_context A structure that contains the previously set up
|
* \param[in,out] p_context A structure that contains the previously set up
|
||||||
* hardware-specific cipher context
|
* hardware-specific cipher context
|
||||||
|
|
@ -493,7 +498,7 @@ typedef psa_status_t (*pcd_cipher_opaque_setup_t)(void *p_context,
|
||||||
*
|
*
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_cipher_opaque_set_iv_t)(void *p_context,
|
typedef psa_status_t (*psa_drv_cipher_opaque_set_iv_t)(void *p_context,
|
||||||
const uint8_t *p_iv,
|
const uint8_t *p_iv,
|
||||||
size_t iv_length);
|
size_t iv_length);
|
||||||
|
|
||||||
|
|
@ -515,7 +520,7 @@ typedef psa_status_t (*pcd_cipher_opaque_set_iv_t)(void *p_context,
|
||||||
*
|
*
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_cipher_opaque_update_t)(void *p_context,
|
typedef psa_status_t (*psa_drv_cipher_opaque_update_t)(void *p_context,
|
||||||
const uint8_t *p_input,
|
const uint8_t *p_input,
|
||||||
size_t input_size,
|
size_t input_size,
|
||||||
uint8_t *p_output,
|
uint8_t *p_output,
|
||||||
|
|
@ -536,7 +541,7 @@ typedef psa_status_t (*pcd_cipher_opaque_update_t)(void *p_context,
|
||||||
*
|
*
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_cipher_opaque_finish_t)(void *p_context,
|
typedef psa_status_t (*psa_drv_cipher_opaque_finish_t)(void *p_context,
|
||||||
uint8_t *p_output,
|
uint8_t *p_output,
|
||||||
size_t output_size,
|
size_t output_size,
|
||||||
size_t *p_output_length);
|
size_t *p_output_length);
|
||||||
|
|
@ -547,7 +552,7 @@ typedef psa_status_t (*pcd_cipher_opaque_finish_t)(void *p_context,
|
||||||
* \param[in,out] p_context A hardware-specific structure for the
|
* \param[in,out] p_context A hardware-specific structure for the
|
||||||
* previously started cipher operation
|
* previously started cipher operation
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_cipher_opaque_abort_t)(void *p_context);
|
typedef psa_status_t (*psa_drv_cipher_opaque_abort_t)(void *p_context);
|
||||||
|
|
||||||
/** \brief A function that performs the ECB block mode for opaque-key cipher
|
/** \brief A function that performs the ECB block mode for opaque-key cipher
|
||||||
* operations
|
* operations
|
||||||
|
|
@ -571,9 +576,9 @@ typedef psa_status_t (*pcd_cipher_opaque_abort_t)(void *p_context);
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
* \retval PSA_ERROR_NOT_SUPPORTED
|
* \retval PSA_ERROR_NOT_SUPPORTED
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_cipher_opaque_ecb_t)(psa_key_slot_t key_slot,
|
typedef psa_status_t (*psa_drv_cipher_opaque_ecb_t)(psa_key_slot_t key_slot,
|
||||||
psa_algorithm_t algorithm,
|
psa_algorithm_t algorithm,
|
||||||
encrypt_or_decrypt_t direction,
|
psa_encrypt_or_decrypt_t direction,
|
||||||
const uint8_t *p_input,
|
const uint8_t *p_input,
|
||||||
size_t input_size,
|
size_t input_size,
|
||||||
uint8_t *p_output,
|
uint8_t *p_output,
|
||||||
|
|
@ -587,40 +592,40 @@ typedef psa_status_t (*pcd_cipher_opaque_ecb_t)(psa_key_slot_t key_slot,
|
||||||
* appropriate upon startup.
|
* appropriate upon startup.
|
||||||
*
|
*
|
||||||
* If one of the functions is not implemented (such as
|
* If one of the functions is not implemented (such as
|
||||||
* `pcd_cipher_opaque_ecb_t`), it should be set to NULL.
|
* `psa_drv_cipher_opaque_ecb_t`), it should be set to NULL.
|
||||||
*/
|
*/
|
||||||
struct pcd_cipher_opaque_t {
|
typedef struct {
|
||||||
/** The size in bytes of the hardware-specific Opaque Cipher context
|
/** The size in bytes of the hardware-specific Opaque Cipher context
|
||||||
* structure
|
* structure
|
||||||
*/
|
*/
|
||||||
size_t size;
|
size_t size;
|
||||||
/** Function that performs the setup operation */
|
/** Function that performs the setup operation */
|
||||||
pcd_cipher_opaque_setup_t *p_setup;
|
psa_drv_cipher_opaque_setup_t *p_setup;
|
||||||
/** Function that sets the IV (if necessary) */
|
/** Function that sets the IV (if necessary) */
|
||||||
pcd_cipher_opaque_set_iv_t *p_set_iv;
|
psa_drv_cipher_opaque_set_iv_t *p_set_iv;
|
||||||
/** Function that performs the update operation */
|
/** Function that performs the update operation */
|
||||||
pcd_cipher_opaque_update_t *p_update;
|
psa_drv_cipher_opaque_update_t *p_update;
|
||||||
/** Function that completes the operation */
|
/** Function that completes the operation */
|
||||||
pcd_cipher_opaque_finish_t *p_finish;
|
psa_drv_cipher_opaque_finish_t *p_finish;
|
||||||
/** Function that aborts the operation */
|
/** Function that aborts the operation */
|
||||||
pcd_cipher_opaque_abort_t *p_abort;
|
psa_drv_cipher_opaque_abort_t *p_abort;
|
||||||
/** Function that performs ECB mode for the cipher
|
/** Function that performs ECB mode for the cipher
|
||||||
* (Danger: ECB mode should not be used directly by clients of the PSA
|
* (Danger: ECB mode should not be used directly by clients of the PSA
|
||||||
* Crypto Client API)
|
* Crypto Client API)
|
||||||
*/
|
*/
|
||||||
pcd_cipher_opaque_ecb_t *p_ecb;
|
psa_drv_cipher_opaque_ecb_t *p_ecb;
|
||||||
};
|
} psa_drv_cipher_opaque_t;
|
||||||
|
|
||||||
/**@}*/
|
/**@}*/
|
||||||
|
|
||||||
/** \defgroup transparent_cipher Transparent Block Cipher
|
/** \defgroup transparent_cipher Transparent Block Cipher
|
||||||
* Encryption and Decryption using transparent keys in block modes other than
|
* Encryption and Decryption using transparent keys in block modes other than
|
||||||
* ECB must be done in multiple parts, using the following flow:
|
* ECB must be done in multiple parts, using the following flow:
|
||||||
* - `pcd_cipher_transparent_setup_t`
|
* - `psa_drv_cipher_transparent_setup_t`
|
||||||
* - `pcd_cipher_transparent_set_iv_t` (optional depending upon block mode)
|
* - `psa_drv_cipher_transparent_set_iv_t` (optional depending upon block mode)
|
||||||
* - `pcd_cipher_transparent_update_t`
|
* - `psa_drv_cipher_transparent_update_t`
|
||||||
* - ...
|
* - ...
|
||||||
* - `pcd_cipher_transparent_finish_t`
|
* - `psa_drv_cipher_transparent_finish_t`
|
||||||
|
|
||||||
* If a previously started Transparent Cipher operation needs to be terminated,
|
* If a previously started Transparent Cipher operation needs to be terminated,
|
||||||
* it should be done so by the `psa_cipher_transparent_abort_t`. Failure to do
|
* it should be done so by the `psa_cipher_transparent_abort_t`. Failure to do
|
||||||
|
|
@ -634,21 +639,21 @@ struct pcd_cipher_opaque_t {
|
||||||
* The contents of this structure are implementation dependent and are
|
* The contents of this structure are implementation dependent and are
|
||||||
* therefore not described here.
|
* therefore not described here.
|
||||||
*/
|
*/
|
||||||
typedef struct pcd_cipher_transparent_context_s pcd_cipher_transparent_context_t;
|
typedef struct psa_drv_cipher_transparent_context_s psa_drv_cipher_transparent_context_t;
|
||||||
|
|
||||||
/** \brief The function prototype for the setup operation of transparent-key
|
/** \brief The function prototype for the setup operation of transparent-key
|
||||||
* block cipher operations.
|
* block cipher operations.
|
||||||
* Functions that implement the prototype should be named in the following
|
* Functions that implement the prototype should be named in the following
|
||||||
* conventions:
|
* conventions:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_cipher_transparent_setup_<CIPHER_NAME>_<MODE>
|
* psa_drv_cipher_transparent_setup_<CIPHER_NAME>_<MODE>
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where
|
* Where
|
||||||
* - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
|
* - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
|
||||||
* - `MODE` is the block mode of the cipher operation (i.e. CBC or CTR)
|
* - `MODE` is the block mode of the cipher operation (i.e. CBC or CTR)
|
||||||
* or for stream ciphers:
|
* or for stream ciphers:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_cipher_transparent_setup_<CIPHER_NAME>
|
* psa_drv_cipher_transparent_setup_<CIPHER_NAME>
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where `CIPHER_NAME` is the name of a stream cipher (i.e. RC4)
|
* Where `CIPHER_NAME` is the name of a stream cipher (i.e. RC4)
|
||||||
*
|
*
|
||||||
|
|
@ -662,8 +667,8 @@ typedef struct pcd_cipher_transparent_context_s pcd_cipher_transparent_context_t
|
||||||
*
|
*
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_cipher_transparent_setup_t)(pcd_cipher_transparent_context_t *p_context,
|
typedef psa_status_t (*psa_drv_cipher_transparent_setup_t)(psa_drv_cipher_transparent_context_t *p_context,
|
||||||
encrypt_or_decrypt_t direction,
|
psa_encrypt_or_decrypt_t direction,
|
||||||
const uint8_t *p_key_data,
|
const uint8_t *p_key_data,
|
||||||
size_t key_data_size);
|
size_t key_data_size);
|
||||||
|
|
||||||
|
|
@ -672,7 +677,7 @@ typedef psa_status_t (*pcd_cipher_transparent_setup_t)(pcd_cipher_transparent_co
|
||||||
* Functions that implement the prototype should be named in the following
|
* Functions that implement the prototype should be named in the following
|
||||||
* convention:
|
* convention:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_cipher_transparent_set_iv_<CIPHER_NAME>_<MODE>
|
* psa_drv_cipher_transparent_set_iv_<CIPHER_NAME>_<MODE>
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where
|
* Where
|
||||||
* - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
|
* - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
|
||||||
|
|
@ -685,7 +690,7 @@ typedef psa_status_t (*pcd_cipher_transparent_setup_t)(pcd_cipher_transparent_co
|
||||||
*
|
*
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_cipher_transparent_set_iv_t)(pcd_cipher_transparent_context_t *p_context,
|
typedef psa_status_t (*psa_drv_cipher_transparent_set_iv_t)(psa_drv_cipher_transparent_context_t *p_context,
|
||||||
const uint8_t *p_iv,
|
const uint8_t *p_iv,
|
||||||
size_t iv_length);
|
size_t iv_length);
|
||||||
|
|
||||||
|
|
@ -695,7 +700,7 @@ typedef psa_status_t (*pcd_cipher_transparent_set_iv_t)(pcd_cipher_transparent_c
|
||||||
* Functions that implement the prototype should be named in the following
|
* Functions that implement the prototype should be named in the following
|
||||||
* convention:
|
* convention:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_cipher_transparent_update_<CIPHER_NAME>_<MODE>
|
* psa_drv_cipher_transparent_update_<CIPHER_NAME>_<MODE>
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where
|
* Where
|
||||||
* - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
|
* - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
|
||||||
|
|
@ -714,7 +719,7 @@ typedef psa_status_t (*pcd_cipher_transparent_set_iv_t)(pcd_cipher_transparent_c
|
||||||
*
|
*
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_cipher_transparent_update_t)(pcd_cipher_transparent_context_t *p_context,
|
typedef psa_status_t (*psa_drv_cipher_transparent_update_t)(psa_drv_cipher_transparent_context_t *p_context,
|
||||||
const uint8_t *p_input,
|
const uint8_t *p_input,
|
||||||
size_t input_size,
|
size_t input_size,
|
||||||
uint8_t *p_output,
|
uint8_t *p_output,
|
||||||
|
|
@ -727,7 +732,7 @@ typedef psa_status_t (*pcd_cipher_transparent_update_t)(pcd_cipher_transparent_c
|
||||||
* Functions that implement the prototype should be named in the following
|
* Functions that implement the prototype should be named in the following
|
||||||
* convention:
|
* convention:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_cipher_transparent_finish_<CIPHER_NAME>_<MODE>
|
* psa_drv_cipher_transparent_finish_<CIPHER_NAME>_<MODE>
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where
|
* Where
|
||||||
* - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
|
* - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
|
||||||
|
|
@ -743,7 +748,7 @@ typedef psa_status_t (*pcd_cipher_transparent_update_t)(pcd_cipher_transparent_c
|
||||||
*
|
*
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_cipher_transparent_finish_t)(pcd_cipher_transparent_context_t *p_context,
|
typedef psa_status_t (*psa_drv_cipher_transparent_finish_t)(psa_drv_cipher_transparent_context_t *p_context,
|
||||||
uint8_t *p_output,
|
uint8_t *p_output,
|
||||||
size_t output_size,
|
size_t output_size,
|
||||||
size_t *p_output_length);
|
size_t *p_output_length);
|
||||||
|
|
@ -754,7 +759,7 @@ typedef psa_status_t (*pcd_cipher_transparent_finish_t)(pcd_cipher_transparent_c
|
||||||
* Functions that implement the following prototype should be named in the
|
* Functions that implement the following prototype should be named in the
|
||||||
* following convention:
|
* following convention:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_cipher_transparent_abort_<CIPHER_NAME>_<MODE>
|
* psa_drv_cipher_transparent_abort_<CIPHER_NAME>_<MODE>
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where
|
* Where
|
||||||
* - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
|
* - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
|
||||||
|
|
@ -765,7 +770,7 @@ typedef psa_status_t (*pcd_cipher_transparent_finish_t)(pcd_cipher_transparent_c
|
||||||
*
|
*
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_cipher_transparent_abort_t)(pcd_cipher_transparent_context_t *p_context);
|
typedef psa_status_t (*psa_drv_cipher_transparent_abort_t)(psa_drv_cipher_transparent_context_t *p_context);
|
||||||
|
|
||||||
/**@}*/
|
/**@}*/
|
||||||
|
|
||||||
|
|
@ -790,7 +795,7 @@ typedef psa_status_t (*pcd_cipher_transparent_abort_t)(pcd_cipher_transparent_co
|
||||||
* The contents of this structure are implementation dependent and are
|
* The contents of this structure are implementation dependent and are
|
||||||
* therefore not described here
|
* therefore not described here
|
||||||
*/
|
*/
|
||||||
typedef struct pcd_hash_context_s pcd_hash_context_t;
|
typedef struct psa_drv_hash_context_s psa_drv_hash_context_t;
|
||||||
|
|
||||||
/** \brief The function prototype for the start operation of a hash (message
|
/** \brief The function prototype for the start operation of a hash (message
|
||||||
* digest) operation
|
* digest) operation
|
||||||
|
|
@ -798,7 +803,7 @@ typedef struct pcd_hash_context_s pcd_hash_context_t;
|
||||||
* Functions that implement the prototype should be named in the following
|
* Functions that implement the prototype should be named in the following
|
||||||
* convention:
|
* convention:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_hash_<ALGO>_setup
|
* psa_drv_hash_<ALGO>_setup
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where `ALGO` is the name of the underlying hash function
|
* Where `ALGO` is the name of the underlying hash function
|
||||||
*
|
*
|
||||||
|
|
@ -807,7 +812,7 @@ typedef struct pcd_hash_context_s pcd_hash_context_t;
|
||||||
*
|
*
|
||||||
* \retval PSA_SUCCESS Success.
|
* \retval PSA_SUCCESS Success.
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_hash_setup_t)(pcd_hash_context_t *p_context);
|
typedef psa_status_t (*psa_drv_hash_setup_t)(psa_drv_hash_context_t *p_context);
|
||||||
|
|
||||||
/** \brief The function prototype for the update operation of a hash (message
|
/** \brief The function prototype for the update operation of a hash (message
|
||||||
* digest) operation
|
* digest) operation
|
||||||
|
|
@ -815,7 +820,7 @@ typedef psa_status_t (*pcd_hash_setup_t)(pcd_hash_context_t *p_context);
|
||||||
* Functions that implement the prototype should be named in the following
|
* Functions that implement the prototype should be named in the following
|
||||||
* convention:
|
* convention:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_hash_<ALGO>_update
|
* psa_drv_hash_<ALGO>_update
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where `ALGO` is the name of the underlying algorithm
|
* Where `ALGO` is the name of the underlying algorithm
|
||||||
*
|
*
|
||||||
|
|
@ -826,7 +831,7 @@ typedef psa_status_t (*pcd_hash_setup_t)(pcd_hash_context_t *p_context);
|
||||||
* to the hash operation
|
* to the hash operation
|
||||||
* \param[in] input_length The size in bytes of the input message buffer
|
* \param[in] input_length The size in bytes of the input message buffer
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_hash_update_t)(pcd_hash_context_t *p_context,
|
typedef psa_status_t (*psa_drv_hash_update_t)(psa_drv_hash_context_t *p_context,
|
||||||
const uint8_t *p_input,
|
const uint8_t *p_input,
|
||||||
size_t input_length);
|
size_t input_length);
|
||||||
|
|
||||||
|
|
@ -836,7 +841,7 @@ typedef psa_status_t (*pcd_hash_update_t)(pcd_hash_context_t *p_context,
|
||||||
* Functions that implement the prototype should be named in the following
|
* Functions that implement the prototype should be named in the following
|
||||||
* convention:
|
* convention:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_hash_<ALGO>_finish
|
* psa_drv_hash_<ALGO>_finish
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where `ALGO` is the name of the underlying algorithm
|
* Where `ALGO` is the name of the underlying algorithm
|
||||||
*
|
*
|
||||||
|
|
@ -853,7 +858,7 @@ typedef psa_status_t (*pcd_hash_update_t)(pcd_hash_context_t *p_context,
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
* Success.
|
* Success.
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_hash_finish_t)(pcd_hash_context_t *p_context,
|
typedef psa_status_t (*psa_drv_hash_finish_t)(psa_drv_hash_context_t *p_context,
|
||||||
uint8_t *p_output,
|
uint8_t *p_output,
|
||||||
size_t output_size,
|
size_t output_size,
|
||||||
size_t *p_output_length);
|
size_t *p_output_length);
|
||||||
|
|
@ -864,14 +869,14 @@ typedef psa_status_t (*pcd_hash_finish_t)(pcd_hash_context_t *p_context,
|
||||||
* Functions that implement the prototype should be named in the following
|
* Functions that implement the prototype should be named in the following
|
||||||
* convention:
|
* convention:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_hash_<ALGO>_abort
|
* psa_drv_hash_<ALGO>_abort
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where `ALGO` is the name of the underlying algorithm
|
* Where `ALGO` is the name of the underlying algorithm
|
||||||
*
|
*
|
||||||
* \param[in,out] p_context A hardware-specific structure for the previously
|
* \param[in,out] p_context A hardware-specific structure for the previously
|
||||||
* started hash operation to be aborted
|
* started hash operation to be aborted
|
||||||
*/
|
*/
|
||||||
typedef void (*pcd_hash_abort_t)(pcd_hash_context_t *p_context);
|
typedef void (*psa_drv_hash_abort_t)(psa_drv_hash_context_t *p_context);
|
||||||
|
|
||||||
/**@}*/
|
/**@}*/
|
||||||
|
|
||||||
|
|
@ -899,7 +904,7 @@ typedef void (*pcd_hash_abort_t)(pcd_hash_context_t *p_context);
|
||||||
*
|
*
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_asymmetric_opaque_sign_t)(psa_key_slot_t key_slot,
|
typedef psa_status_t (*psa_drv_asymmetric_opaque_sign_t)(psa_key_slot_t key_slot,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
const uint8_t *p_hash,
|
const uint8_t *p_hash,
|
||||||
size_t hash_length,
|
size_t hash_length,
|
||||||
|
|
@ -923,7 +928,7 @@ typedef psa_status_t (*pcd_asymmetric_opaque_sign_t)(psa_key_slot_t key_slot,
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
* The signature is valid.
|
* The signature is valid.
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_asymmetric_opaque_verify_t)(psa_key_slot_t key_slot,
|
typedef psa_status_t (*psa_drv_asymmetric_opaque_verify_t)(psa_key_slot_t key_slot,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
const uint8_t *p_hash,
|
const uint8_t *p_hash,
|
||||||
size_t hash_length,
|
size_t hash_length,
|
||||||
|
|
@ -959,7 +964,7 @@ typedef psa_status_t (*pcd_asymmetric_opaque_verify_t)(psa_key_slot_t key_slot,
|
||||||
*
|
*
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_asymmetric_opaque_encrypt_t)(psa_key_slot_t key_slot,
|
typedef psa_status_t (*psa_drv_asymmetric_opaque_encrypt_t)(psa_key_slot_t key_slot,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
const uint8_t *p_input,
|
const uint8_t *p_input,
|
||||||
size_t input_length,
|
size_t input_length,
|
||||||
|
|
@ -996,7 +1001,7 @@ typedef psa_status_t (*pcd_asymmetric_opaque_encrypt_t)(psa_key_slot_t key_slot,
|
||||||
*
|
*
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_asymmetric_opaque_decrypt_t)(psa_key_slot_t key_slot,
|
typedef psa_status_t (*psa_drv_asymmetric_opaque_decrypt_t)(psa_key_slot_t key_slot,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
const uint8_t *p_input,
|
const uint8_t *p_input,
|
||||||
size_t input_length,
|
size_t input_length,
|
||||||
|
|
@ -1015,16 +1020,16 @@ typedef psa_status_t (*pcd_asymmetric_opaque_decrypt_t)(psa_key_slot_t key_slot,
|
||||||
*
|
*
|
||||||
* If one of the functions is not implemented, it should be set to NULL.
|
* If one of the functions is not implemented, it should be set to NULL.
|
||||||
*/
|
*/
|
||||||
struct pcd_asymmetric_opaque_t {
|
typedef struct {
|
||||||
/** Function that performs the asymmetric sign operation */
|
/** Function that performs the asymmetric sign operation */
|
||||||
pcd_asymmetric_opaque_sign_t *p_sign;
|
psa_drv_asymmetric_opaque_sign_t *p_sign;
|
||||||
/** Function that performs the asymmetric verify operation */
|
/** Function that performs the asymmetric verify operation */
|
||||||
pcd_asymmetric_opaque_verify_t *p_verify;
|
psa_drv_asymmetric_opaque_verify_t *p_verify;
|
||||||
/** Function that performs the asymmetric encrypt operation */
|
/** Function that performs the asymmetric encrypt operation */
|
||||||
pcd_asymmetric_opaque_encrypt_t *p_encrypt;
|
psa_drv_asymmetric_opaque_encrypt_t *p_encrypt;
|
||||||
/** Function that performs the asymmetric decrypt operation */
|
/** Function that performs the asymmetric decrypt operation */
|
||||||
pcd_asymmetric_opaque_decrypt_t *p_decrypt;
|
psa_drv_asymmetric_opaque_decrypt_t *p_decrypt;
|
||||||
};
|
} psa_drv_asymmetric_opaque_t;
|
||||||
|
|
||||||
/**@}*/
|
/**@}*/
|
||||||
|
|
||||||
|
|
@ -1044,7 +1049,7 @@ struct pcd_asymmetric_opaque_t {
|
||||||
* Functions that implement the prototype should be named in the following
|
* Functions that implement the prototype should be named in the following
|
||||||
* convention:
|
* convention:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_asymmetric_<ALGO>_sign
|
* psa_drv_asymmetric_<ALGO>_sign
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where `ALGO` is the name of the signing algorithm
|
* Where `ALGO` is the name of the signing algorithm
|
||||||
*
|
*
|
||||||
|
|
@ -1062,7 +1067,7 @@ struct pcd_asymmetric_opaque_t {
|
||||||
*
|
*
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_asymmetric_transparent_sign_t)(const uint8_t *p_key,
|
typedef psa_status_t (*psa_drv_asymmetric_transparent_sign_t)(const uint8_t *p_key,
|
||||||
size_t key_size,
|
size_t key_size,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
const uint8_t *p_hash,
|
const uint8_t *p_hash,
|
||||||
|
|
@ -1078,7 +1083,7 @@ typedef psa_status_t (*pcd_asymmetric_transparent_sign_t)(const uint8_t *p_key,
|
||||||
* Functions that implement the prototype should be named in the following
|
* Functions that implement the prototype should be named in the following
|
||||||
* convention:
|
* convention:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_asymmetric_<ALGO>_verify
|
* psa_drv_asymmetric_<ALGO>_verify
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where `ALGO` is the name of the signing algorithm
|
* Where `ALGO` is the name of the signing algorithm
|
||||||
*
|
*
|
||||||
|
|
@ -1095,7 +1100,7 @@ typedef psa_status_t (*pcd_asymmetric_transparent_sign_t)(const uint8_t *p_key,
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
* The signature is valid.
|
* The signature is valid.
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_asymmetric_transparent_verify_t)(const uint8_t *p_key,
|
typedef psa_status_t (*psa_drv_asymmetric_transparent_verify_t)(const uint8_t *p_key,
|
||||||
size_t key_size,
|
size_t key_size,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
const uint8_t *p_hash,
|
const uint8_t *p_hash,
|
||||||
|
|
@ -1110,7 +1115,7 @@ typedef psa_status_t (*pcd_asymmetric_transparent_verify_t)(const uint8_t *p_key
|
||||||
* Functions that implement the prototype should be named in the following
|
* Functions that implement the prototype should be named in the following
|
||||||
* convention:
|
* convention:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_asymmetric_<ALGO>_encrypt
|
* psa_drv_asymmetric_<ALGO>_encrypt
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where `ALGO` is the name of the encryption algorithm
|
* Where `ALGO` is the name of the encryption algorithm
|
||||||
*
|
*
|
||||||
|
|
@ -1139,7 +1144,7 @@ typedef psa_status_t (*pcd_asymmetric_transparent_verify_t)(const uint8_t *p_key
|
||||||
*
|
*
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_asymmetric_transparent_encrypt_t)(const uint8_t *p_key,
|
typedef psa_status_t (*psa_drv_asymmetric_transparent_encrypt_t)(const uint8_t *p_key,
|
||||||
size_t key_size,
|
size_t key_size,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
const uint8_t *p_input,
|
const uint8_t *p_input,
|
||||||
|
|
@ -1156,7 +1161,7 @@ typedef psa_status_t (*pcd_asymmetric_transparent_encrypt_t)(const uint8_t *p_ke
|
||||||
* Functions that implement the prototype should be named in the following
|
* Functions that implement the prototype should be named in the following
|
||||||
* convention:
|
* convention:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_asymmetric_<ALGO>_decrypt
|
* psa_drv_asymmetric_<ALGO>_decrypt
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where `ALGO` is the name of the encryption algorithm
|
* Where `ALGO` is the name of the encryption algorithm
|
||||||
*
|
*
|
||||||
|
|
@ -1185,7 +1190,7 @@ typedef psa_status_t (*pcd_asymmetric_transparent_encrypt_t)(const uint8_t *p_ke
|
||||||
*
|
*
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_asymmetric_transparent_decrypt_t)(const uint8_t *p_key,
|
typedef psa_status_t (*psa_drv_asymmetric_transparent_decrypt_t)(const uint8_t *p_key,
|
||||||
size_t key_size,
|
size_t key_size,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
const uint8_t *p_input,
|
const uint8_t *p_input,
|
||||||
|
|
@ -1236,7 +1241,7 @@ typedef psa_status_t (*pcd_asymmetric_transparent_decrypt_t)(const uint8_t *p_ke
|
||||||
* \retval #PSA_SUCCESS
|
* \retval #PSA_SUCCESS
|
||||||
* Success.
|
* Success.
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*psa_aead_opaque_encrypt_t)(psa_key_slot_t key_slot,
|
typedef psa_status_t (*psa_drv_aead_opaque_encrypt_t)(psa_key_slot_t key_slot,
|
||||||
psa_algorithm_t algorithm,
|
psa_algorithm_t algorithm,
|
||||||
const uint8_t *p_nonce,
|
const uint8_t *p_nonce,
|
||||||
size_t nonce_length,
|
size_t nonce_length,
|
||||||
|
|
@ -1276,7 +1281,7 @@ typedef psa_status_t (*psa_aead_opaque_encrypt_t)(psa_key_slot_t key_slot,
|
||||||
* \retval #PSA_SUCCESS
|
* \retval #PSA_SUCCESS
|
||||||
* Success.
|
* Success.
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*psa_aead_opaque_decrypt_t)(psa_key_slot_t key_slot,
|
typedef psa_status_t (*psa_drv_aead_opaque_decrypt_t)(psa_key_slot_t key_slot,
|
||||||
psa_algorithm_t algorithm,
|
psa_algorithm_t algorithm,
|
||||||
const uint8_t *p_nonce,
|
const uint8_t *p_nonce,
|
||||||
size_t nonce_length,
|
size_t nonce_length,
|
||||||
|
|
@ -1297,12 +1302,12 @@ typedef psa_status_t (*psa_aead_opaque_decrypt_t)(psa_key_slot_t key_slot,
|
||||||
*
|
*
|
||||||
* If one of the functions is not implemented, it should be set to NULL.
|
* If one of the functions is not implemented, it should be set to NULL.
|
||||||
*/
|
*/
|
||||||
struct psa_aead_opaque_t {
|
typedef struct {
|
||||||
/** Function that performs the AEAD encrypt operation */
|
/** Function that performs the AEAD encrypt operation */
|
||||||
psa_aead_opaque_encrypt_t *p_encrypt;
|
psa_drv_aead_opaque_encrypt_t *p_encrypt;
|
||||||
/** Function that performs the AEAD decrypt operation */
|
/** Function that performs the AEAD decrypt operation */
|
||||||
psa_aead_opaque_decrypt_t *p_decrypt;
|
psa_drv_aead_opaque_decrypt_t *p_decrypt;
|
||||||
};
|
} psa_drv_aead_opaque_t;
|
||||||
/**@}*/
|
/**@}*/
|
||||||
|
|
||||||
/** \defgroup aead_transparent AEAD Transparent
|
/** \defgroup aead_transparent AEAD Transparent
|
||||||
|
|
@ -1321,7 +1326,7 @@ struct psa_aead_opaque_t {
|
||||||
* Functions that implement the prototype should be named in the following
|
* Functions that implement the prototype should be named in the following
|
||||||
* convention:
|
* convention:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_aead_<ALGO>_encrypt
|
* psa_drv_aead_<ALGO>_encrypt
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where `ALGO` is the name of the AEAD algorithm
|
* Where `ALGO` is the name of the AEAD algorithm
|
||||||
*
|
*
|
||||||
|
|
@ -1356,7 +1361,7 @@ struct psa_aead_opaque_t {
|
||||||
* \retval #PSA_SUCCESS
|
* \retval #PSA_SUCCESS
|
||||||
|
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*psa_aead_transparent_encrypt_t)(const uint8_t *p_key,
|
typedef psa_status_t (*psa_drv_aead_transparent_encrypt_t)(const uint8_t *p_key,
|
||||||
size_t key_length,
|
size_t key_length,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
const uint8_t *nonce,
|
const uint8_t *nonce,
|
||||||
|
|
@ -1374,7 +1379,7 @@ typedef psa_status_t (*psa_aead_transparent_encrypt_t)(const uint8_t *p_key,
|
||||||
* Functions that implement the prototype should be named in the following
|
* Functions that implement the prototype should be named in the following
|
||||||
* convention:
|
* convention:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_aead_<ALGO>_decrypt
|
* psa_drv_aead_<ALGO>_decrypt
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
* Where `ALGO` is the name of the AEAD algorithm
|
* Where `ALGO` is the name of the AEAD algorithm
|
||||||
* \param[in] p_key A pointer to the key material
|
* \param[in] p_key A pointer to the key material
|
||||||
|
|
@ -1407,7 +1412,7 @@ typedef psa_status_t (*psa_aead_transparent_encrypt_t)(const uint8_t *p_key,
|
||||||
* \retval #PSA_SUCCESS
|
* \retval #PSA_SUCCESS
|
||||||
* Success.
|
* Success.
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*psa_aead_transparent_decrypt_t)(const uint8_t *p_key,
|
typedef psa_status_t (*psa_drv_aead_transparent_decrypt_t)(const uint8_t *p_key,
|
||||||
size_t key_length,
|
size_t key_length,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
const uint8_t *nonce,
|
const uint8_t *nonce,
|
||||||
|
|
@ -1429,7 +1434,7 @@ typedef psa_status_t (*psa_aead_transparent_decrypt_t)(const uint8_t *p_key,
|
||||||
|
|
||||||
/** \brief A hardware-specific structure for a entropy providing hardware
|
/** \brief A hardware-specific structure for a entropy providing hardware
|
||||||
*/
|
*/
|
||||||
typedef struct pcd_entropy_context_s pcd_entropy_context_t;
|
typedef struct psa_drv_entropy_context_s psa_drv_entropy_context_t;
|
||||||
|
|
||||||
/** \brief Initialize an entropy driver
|
/** \brief Initialize an entropy driver
|
||||||
*
|
*
|
||||||
|
|
@ -1440,7 +1445,7 @@ typedef struct pcd_entropy_context_s pcd_entropy_context_t;
|
||||||
*
|
*
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_entropy_init_t)(pcd_entropy_context_t *p_context);
|
typedef psa_status_t (*psa_drv_entropy_init_t)(psa_drv_entropy_context_t *p_context);
|
||||||
|
|
||||||
/** \brief Get a specified number of bits from the entropy source
|
/** \brief Get a specified number of bits from the entropy source
|
||||||
*
|
*
|
||||||
|
|
@ -1468,7 +1473,7 @@ typedef psa_status_t (*pcd_entropy_init_t)(pcd_entropy_context_t *p_context);
|
||||||
*
|
*
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_entropy_get_bits_t)(pcd_entropy_context_t *p_context,
|
typedef psa_status_t (*psa_drv_entropy_get_bits_t)(psa_drv_entropy_context_t *p_context,
|
||||||
uint8_t *p_buffer,
|
uint8_t *p_buffer,
|
||||||
uint32_t buffer_size,
|
uint32_t buffer_size,
|
||||||
uint32_t *p_received_entropy_bits);
|
uint32_t *p_received_entropy_bits);
|
||||||
|
|
@ -1482,13 +1487,13 @@ typedef psa_status_t (*pcd_entropy_get_bits_t)(pcd_entropy_context_t *p_context,
|
||||||
*
|
*
|
||||||
* If one of the functions is not implemented, it should be set to NULL.
|
* If one of the functions is not implemented, it should be set to NULL.
|
||||||
*/
|
*/
|
||||||
struct pcd_entropy_t {
|
typedef struct {
|
||||||
/** Function that performs initialization for the entropy source */
|
/** Function that performs initialization for the entropy source */
|
||||||
pcd_entropy_init_t *p_init;
|
psa_drv_entropy_init_t *p_init;
|
||||||
/** Function that performs the get_bits operation for the entropy source
|
/** Function that performs the get_bits operation for the entropy source
|
||||||
*/
|
*/
|
||||||
pcd_entropy_get_bits_t *p_get_bits;
|
psa_drv_entropy_get_bits_t *p_get_bits;
|
||||||
};
|
} psa_drv_entropy_t;
|
||||||
/**@}*/
|
/**@}*/
|
||||||
|
|
||||||
/** \defgroup driver_key_management Key Management
|
/** \defgroup driver_key_management Key Management
|
||||||
|
|
@ -1516,7 +1521,7 @@ struct pcd_entropy_t {
|
||||||
* \retval #PSA_SUCCESS
|
* \retval #PSA_SUCCESS
|
||||||
* Success.
|
* Success.
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_opaque_import_key_t)(psa_key_slot_t key_slot,
|
typedef psa_status_t (*psa_drv_opaque_import_key_t)(psa_key_slot_t key_slot,
|
||||||
psa_key_type_t type,
|
psa_key_type_t type,
|
||||||
psa_algorithm_t algorithm,
|
psa_algorithm_t algorithm,
|
||||||
psa_key_usage_t usage,
|
psa_key_usage_t usage,
|
||||||
|
|
@ -1539,7 +1544,7 @@ typedef psa_status_t (*pcd_opaque_import_key_t)(psa_key_slot_t key_slot,
|
||||||
* \retval #PSA_SUCCESS
|
* \retval #PSA_SUCCESS
|
||||||
* The slot's content, if any, has been erased.
|
* The slot's content, if any, has been erased.
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_destroy_key_t)(psa_key_slot_t key);
|
typedef psa_status_t (*psa_drv_destroy_key_t)(psa_key_slot_t key);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Export a key in binary format
|
* \brief Export a key in binary format
|
||||||
|
|
@ -1581,7 +1586,7 @@ typedef psa_status_t (*pcd_destroy_key_t)(psa_key_slot_t key);
|
||||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||||
* \retval #PSA_ERROR_TAMPERING_DETECTED
|
* \retval #PSA_ERROR_TAMPERING_DETECTED
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_export_key_t)(psa_key_slot_t key,
|
typedef psa_status_t (*psa_drv_export_key_t)(psa_key_slot_t key,
|
||||||
uint8_t *p_data,
|
uint8_t *p_data,
|
||||||
size_t data_size,
|
size_t data_size,
|
||||||
size_t *p_data_length);
|
size_t *p_data_length);
|
||||||
|
|
@ -1607,7 +1612,7 @@ typedef psa_status_t (*pcd_export_key_t)(psa_key_slot_t key,
|
||||||
*
|
*
|
||||||
* \retval #PSA_SUCCESS
|
* \retval #PSA_SUCCESS
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_export_public_key_t)(psa_key_slot_t key,
|
typedef psa_status_t (*psa_drv_export_public_key_t)(psa_key_slot_t key,
|
||||||
uint8_t *p_data,
|
uint8_t *p_data,
|
||||||
size_t data_size,
|
size_t data_size,
|
||||||
size_t *p_data_length);
|
size_t *p_data_length);
|
||||||
|
|
@ -1621,16 +1626,16 @@ typedef psa_status_t (*pcd_export_public_key_t)(psa_key_slot_t key,
|
||||||
*
|
*
|
||||||
* If one of the functions is not implemented, it should be set to NULL.
|
* If one of the functions is not implemented, it should be set to NULL.
|
||||||
*/
|
*/
|
||||||
struct pcd_key_management_t {
|
typedef struct {
|
||||||
/** Function that performs the key import operation */
|
/** Function that performs the key import operation */
|
||||||
pcd_opaque_import_key_t *p_import;
|
psa_drv_opaque_import_key_t *p_import;
|
||||||
/** Function that performs the key destroy operation */
|
/** Function that performs the key destroy operation */
|
||||||
pcd_destroy_key_t *p_destroy;
|
psa_drv_destroy_key_t *p_destroy;
|
||||||
/** Function that performs the key export operation */
|
/** Function that performs the key export operation */
|
||||||
pcd_export_key_t *p_export;
|
psa_drv_export_key_t *p_export;
|
||||||
/** Function that perforsm the public key export operation */
|
/** Function that perforsm the public key export operation */
|
||||||
pcd_export_public_key_t *p_export_public;
|
psa_drv_export_public_key_t *p_export_public;
|
||||||
};
|
} psa_drv_key_management_t;
|
||||||
|
|
||||||
/**@}*/
|
/**@}*/
|
||||||
|
|
||||||
|
|
@ -1641,42 +1646,42 @@ struct pcd_key_management_t {
|
||||||
* Key agreement is a part of cryptographic protocols that allows two parties
|
* Key agreement is a part of cryptographic protocols that allows two parties
|
||||||
* to agree on the same key value, but starting from different original key
|
* to agree on the same key value, but starting from different original key
|
||||||
* material.
|
* material.
|
||||||
* The flows are similar, and the PSA Crypto Driver API uses the same functions
|
* The flows are similar, and the PSA Crypto Driver Model uses the same functions
|
||||||
* for both of the flows.
|
* for both of the flows.
|
||||||
*
|
*
|
||||||
* There are two different final functions for the flows,
|
* There are two different final functions for the flows,
|
||||||
* `pcd_key_derivation_derive` and `pcd_key_derivation_export`.
|
* `psa_drv_key_derivation_derive` and `psa_drv_key_derivation_export`.
|
||||||
* `pcd_key_derivation_derive` is used when the key material should be placed
|
* `psa_drv_key_derivation_derive` is used when the key material should be placed
|
||||||
* in a slot on the hardware and not exposed to the caller.
|
* in a slot on the hardware and not exposed to the caller.
|
||||||
* `pcd_key_derivation_export` is used when the key material should be returned
|
* `psa_drv_key_derivation_export` is used when the key material should be returned
|
||||||
* to the PSA Cryptographic API implementation.
|
* to the PSA Cryptographic API implementation.
|
||||||
*
|
*
|
||||||
* Different key derivation algorithms require a different number of inputs.
|
* Different key derivation algorithms require a different number of inputs.
|
||||||
* Instead of having an API that takes as input variable length arrays, which
|
* Instead of having an API that takes as input variable length arrays, which
|
||||||
* can be problemmatic to manage on embedded platforms, the inputs are passed
|
* can be problemmatic to manage on embedded platforms, the inputs are passed
|
||||||
* to the driver via a function, `pcd_key_derivation_collateral`, that is
|
* to the driver via a function, `psa_drv_key_derivation_collateral`, that is
|
||||||
* called multiple times with different `collateral_id`s. Thus, for a key
|
* called multiple times with different `collateral_id`s. Thus, for a key
|
||||||
* derivation algorithm that required 3 paramter inputs, the flow would look
|
* derivation algorithm that required 3 paramter inputs, the flow would look
|
||||||
* something like:
|
* something like:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_key_derivation_setup(kdf_algorithm, source_key, dest_key_size_bytes);
|
* psa_drv_key_derivation_setup(kdf_algorithm, source_key, dest_key_size_bytes);
|
||||||
* pcd_key_derivation_collateral(kdf_algorithm_collateral_id_0,
|
* psa_drv_key_derivation_collateral(kdf_algorithm_collateral_id_0,
|
||||||
* p_collateral_0,
|
* p_collateral_0,
|
||||||
* collateral_0_size);
|
* collateral_0_size);
|
||||||
* pcd_key_derivation_collateral(kdf_algorithm_collateral_id_1,
|
* psa_drv_key_derivation_collateral(kdf_algorithm_collateral_id_1,
|
||||||
* p_collateral_1,
|
* p_collateral_1,
|
||||||
* collateral_1_size);
|
* collateral_1_size);
|
||||||
* pcd_key_derivation_collateral(kdf_algorithm_collateral_id_2,
|
* psa_drv_key_derivation_collateral(kdf_algorithm_collateral_id_2,
|
||||||
* p_collateral_2,
|
* p_collateral_2,
|
||||||
* collateral_2_size);
|
* collateral_2_size);
|
||||||
* pcd_key_derivation_derive();
|
* psa_drv_key_derivation_derive();
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
*
|
*
|
||||||
* key agreement example:
|
* key agreement example:
|
||||||
* ~~~~~~~~~~~~~{.c}
|
* ~~~~~~~~~~~~~{.c}
|
||||||
* pcd_key_derivation_setup(alg, source_key. dest_key_size_bytes);
|
* psa_drv_key_derivation_setup(alg, source_key. dest_key_size_bytes);
|
||||||
* pcd_key_derivation_collateral(DHE_PUBKEY, p_pubkey, pubkey_size);
|
* psa_drv_key_derivation_collateral(DHE_PUBKEY, p_pubkey, pubkey_size);
|
||||||
* pcd_key_derivation_export(p_session_key,
|
* psa_drv_key_derivation_export(p_session_key,
|
||||||
* session_key_size,
|
* session_key_size,
|
||||||
* &session_key_length);
|
* &session_key_length);
|
||||||
* ~~~~~~~~~~~~~
|
* ~~~~~~~~~~~~~
|
||||||
|
|
@ -1688,7 +1693,7 @@ struct pcd_key_management_t {
|
||||||
* The contents of this structure are implementation dependent and are
|
* The contents of this structure are implementation dependent and are
|
||||||
* therefore not described here
|
* therefore not described here
|
||||||
*/
|
*/
|
||||||
typedef struct pcd_key_derivation_context_s pcd_key_derivation_context_t;
|
typedef struct psa_drv_key_derivation_context_s psa_drv_key_derivation_context_t;
|
||||||
|
|
||||||
/** \brief Set up a key derivation operation by specifying the algorithm and
|
/** \brief Set up a key derivation operation by specifying the algorithm and
|
||||||
* the source key sot
|
* the source key sot
|
||||||
|
|
@ -1701,7 +1706,7 @@ typedef struct pcd_key_derivation_context_s pcd_key_derivation_context_t;
|
||||||
*
|
*
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_key_derivation_setup_t)(pcd_key_derivation_context_t *p_context,
|
typedef psa_status_t (*psa_drv_key_derivation_setup_t)(psa_drv_key_derivation_context_t *p_context,
|
||||||
psa_algorithm_t kdf_alg,
|
psa_algorithm_t kdf_alg,
|
||||||
psa_key_slot_t source_key);
|
psa_key_slot_t source_key);
|
||||||
|
|
||||||
|
|
@ -1720,7 +1725,7 @@ typedef psa_status_t (*pcd_key_derivation_setup_t)(pcd_key_derivation_context_t
|
||||||
*
|
*
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_key_derivation_collateral_t)(pcd_key_derivation_context_t *p_context,
|
typedef psa_status_t (*psa_drv_key_derivation_collateral_t)(psa_drv_key_derivation_context_t *p_context,
|
||||||
uint32_t collateral_id,
|
uint32_t collateral_id,
|
||||||
const uint8_t *p_collateral,
|
const uint8_t *p_collateral,
|
||||||
size_t collateral_size);
|
size_t collateral_size);
|
||||||
|
|
@ -1734,7 +1739,7 @@ typedef psa_status_t (*pcd_key_derivation_collateral_t)(pcd_key_derivation_conte
|
||||||
*
|
*
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_key_derivation_derive_t)(pcd_key_derivation_context_t *p_context,
|
typedef psa_status_t (*psa_drv_key_derivation_derive_t)(psa_drv_key_derivation_context_t *p_context,
|
||||||
psa_key_slot_t dest_key);
|
psa_key_slot_t dest_key);
|
||||||
|
|
||||||
/** \brief Perform the final step of a key agreement and place the generated
|
/** \brief Perform the final step of a key agreement and place the generated
|
||||||
|
|
@ -1748,7 +1753,7 @@ typedef psa_status_t (*pcd_key_derivation_derive_t)(pcd_key_derivation_context_t
|
||||||
*
|
*
|
||||||
* \retval PSA_SUCCESS
|
* \retval PSA_SUCCESS
|
||||||
*/
|
*/
|
||||||
typedef psa_status_t (*pcd_key_derivation_export_t)(uint8_t *p_output,
|
typedef psa_status_t (*psa_drv_key_derivation_export_t)(uint8_t *p_output,
|
||||||
size_t output_size,
|
size_t output_size,
|
||||||
size_t *p_output_length);
|
size_t *p_output_length);
|
||||||
|
|
||||||
|
|
@ -1761,18 +1766,22 @@ typedef psa_status_t (*pcd_key_derivation_export_t)(uint8_t *p_output,
|
||||||
*
|
*
|
||||||
* If one of the functions is not implemented, it should be set to NULL.
|
* If one of the functions is not implemented, it should be set to NULL.
|
||||||
*/
|
*/
|
||||||
struct pcd_key_derivation_t {
|
typedef struct {
|
||||||
/** Function that performs the key derivation setup */
|
/** Function that performs the key derivation setup */
|
||||||
pcd_key_derivation_setup_t *p_setup;
|
psa_drv_key_derivation_setup_t *p_setup;
|
||||||
/** Function that sets the key derivation collateral */
|
/** Function that sets the key derivation collateral */
|
||||||
pcd_key_derivation_collateral_t *p_collateral;
|
psa_drv_key_derivation_collateral_t *p_collateral;
|
||||||
/** Function that performs the final key derivation step */
|
/** Function that performs the final key derivation step */
|
||||||
pcd_key_derivation_derive_t *p_derive;
|
psa_drv_key_derivation_derive_t *p_derive;
|
||||||
/** Function that perforsm the final key derivation or agreement and
|
/** Function that perforsm the final key derivation or agreement and
|
||||||
* exports the key */
|
* exports the key */
|
||||||
pcd_key_derivation_export_t *p_export;
|
psa_drv_key_derivation_export_t *p_export;
|
||||||
};
|
} psa_drv_key_derivation_t;
|
||||||
|
|
||||||
/**@}*/
|
/**@}*/
|
||||||
|
|
||||||
#endif // __PSA_CRYPTO_DRIVER_H__
|
#ifdef __cplusplus
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#endif /* PSA_CRYPTO_DRIVER_H */
|
||||||
|
|
|
||||||
|
|
@ -225,6 +225,7 @@
|
||||||
<ClInclude Include="..\..\include\mbedtls\x509_csr.h" />
|
<ClInclude Include="..\..\include\mbedtls\x509_csr.h" />
|
||||||
<ClInclude Include="..\..\include\mbedtls\xtea.h" />
|
<ClInclude Include="..\..\include\mbedtls\xtea.h" />
|
||||||
<ClInclude Include="..\..\include\psa\crypto.h" />
|
<ClInclude Include="..\..\include\psa\crypto.h" />
|
||||||
|
<ClInclude Include="..\..\include\psa\crypto_driver.h" />
|
||||||
<ClInclude Include="..\..\include\psa\crypto_extra.h" />
|
<ClInclude Include="..\..\include\psa\crypto_extra.h" />
|
||||||
<ClInclude Include="..\..\include\psa\crypto_platform.h" />
|
<ClInclude Include="..\..\include\psa\crypto_platform.h" />
|
||||||
<ClInclude Include="..\..\include\psa\crypto_sizes.h" />
|
<ClInclude Include="..\..\include\psa\crypto_sizes.h" />
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue