TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TS / trusted-services / d6f795fbfc95f9a460976cca1e26d3cfae34493c / . / components / service / crypto / include / psa / crypto_struct.h
blob: 97cdf552883e6eaa2049a83aae8148e625d7469e [file] [log] [blame]
/*
* Copyright (c) 2018-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
*/
/**
* \file psa/crypto_struct.h
*
* \brief PSA cryptography module: structured type implementations
*
* \note This file may not be included directly. Applications must
* include psa/crypto.h.
*
* This file contains the definitions of some data structures with
* implementation-specific definitions.
*
* In implementations with isolation between the application and the
* cryptography module, it is expected that the front-end and the back-end
* would have different versions of this file.
*/
#ifndef PSA_CRYPTO_STRUCT_H
#define PSA_CRYPTO_STRUCT_H
#ifdef __cplusplus
extern "C" {
#endif
/*
* Note that the below structures are different from the decalrations in
* mbed-crypto. This is because TF-M maintains 'front-end' and 'back-end'
* versions of this header. In the front-end version, exported to NS
* clients in interface/include/psa, a crypto operation is defined as an
* opaque handle to a context in the Crypto service. The back-end
* version, directly included from the mbed-crypto repo by the Crypto
* service, contains the full definition of the operation structs.
*
* One of the functions of the Crypto service is to allocate the back-end
* operation contexts in its own partition memory (in crypto_alloc.c),
* and then do the mapping between front-end operation handles passed by
* NS clients and the corresponding back-end operation contexts. The
* advantage of doing it this way is that internal mbed-crypto state is never
* exposed to the NS client.
*/
struct psa_hash_operation_s
{
uint32_t handle;
};
#define PSA_HASH_OPERATION_INIT {0}
static inline struct psa_hash_operation_s psa_hash_operation_init( void )
{
const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT;
return( v );
}
struct psa_mac_operation_s
{
uint32_t handle;
};
#define PSA_MAC_OPERATION_INIT {0}
static inline struct psa_mac_operation_s psa_mac_operation_init( void )
{
const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT;
return( v );
}
struct psa_cipher_operation_s
{
uint32_t handle;
};
#define PSA_CIPHER_OPERATION_INIT {0}
static inline struct psa_cipher_operation_s psa_cipher_operation_init( void )
{
const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT;
return( v );
}
struct psa_aead_operation_s
{
uint32_t handle;
};
#define PSA_AEAD_OPERATION_INIT {0}
static inline struct psa_aead_operation_s psa_aead_operation_init( void )
{
const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
return( v );
}
struct psa_key_derivation_s
{
uint32_t handle;
};
#define PSA_KEY_DERIVATION_OPERATION_INIT {0}
static inline struct psa_key_derivation_s psa_key_derivation_operation_init( void )
{
const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT;
return( v );
}
/* The type used internally for key sizes.
* Public interfaces use size_t, but internally we use a smaller type. */
typedef uint16_t psa_key_bits_t;
/* The maximum value of the type used to represent bit-sizes.
* This is used to mark an invalid key size. */
#define PSA_KEY_BITS_TOO_LARGE ( (psa_key_bits_t) ( -1 ) )
/* The maximum size of a key in bits.
* Currently defined as the maximum that can be represented, rounded down
* to a whole number of bytes.
* This is an uncast value so that it can be used in preprocessor
* conditionals. */
#define PSA_MAX_KEY_BITS 0xfff8
#define PSA_KEY_ATTRIBUTES_INIT PSA_CLIENT_KEY_ATTRIBUTES_INIT
static inline struct psa_client_key_attributes_s psa_key_attributes_init( void )
{
const struct psa_client_key_attributes_s v = PSA_KEY_ATTRIBUTES_INIT;
return( v );
}
static inline void psa_set_key_id(psa_key_attributes_t *attributes,
psa_key_id_t id)
{
attributes->id = id;
if( attributes->lifetime == PSA_KEY_LIFETIME_VOLATILE )
attributes->lifetime = PSA_KEY_LIFETIME_PERSISTENT;
}
static inline psa_key_id_t psa_get_key_id(
const psa_key_attributes_t *attributes)
{
return( attributes->id );
}
static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
psa_key_lifetime_t lifetime)
{
attributes->lifetime = lifetime;
if( lifetime == PSA_KEY_LIFETIME_VOLATILE )
{
attributes->id = 0;
}
}
static inline psa_key_lifetime_t psa_get_key_lifetime(
const psa_key_attributes_t *attributes)
{
return( attributes->lifetime );
}
static inline void psa_extend_key_usage_flags( psa_key_usage_t *usage_flags )
{
if( *usage_flags & PSA_KEY_USAGE_SIGN_HASH )
*usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE;
if( *usage_flags & PSA_KEY_USAGE_VERIFY_HASH )
*usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE;
}
static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
psa_key_usage_t usage_flags)
{
psa_extend_key_usage_flags( &usage_flags );
attributes->usage = usage_flags;
}
static inline psa_key_usage_t psa_get_key_usage_flags(
const psa_key_attributes_t *attributes)
{
return( attributes->usage );
}
static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
psa_algorithm_t alg)
{
attributes->alg = alg;
}
static inline psa_algorithm_t psa_get_key_algorithm(
const psa_key_attributes_t *attributes)
{
return( attributes->alg );
}
static inline void psa_set_key_type(psa_key_attributes_t *attributes,
psa_key_type_t type)
{
attributes->type = type;
}
static inline psa_key_type_t psa_get_key_type(
const psa_key_attributes_t *attributes)
{
return( attributes->type );
}
static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
size_t bits)
{
if( bits > PSA_MAX_KEY_BITS )
attributes->bits = PSA_KEY_BITS_TOO_LARGE;
else
attributes->bits = bits;
}
static inline size_t psa_get_key_bits(
const psa_key_attributes_t *attributes)
{
return( attributes->bits );
}
#ifdef __cplusplus
}
#endif
#endif /* PSA_CRYPTO_STRUCT_H */