TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / a8992df78a641eb5008f7946d007da08aba47b6d / . / include / psa / crypto_driver.h
blob: b2e3a1d5fb2f9a6004ece8c7c64f06534fe39725 [file] [log] [blame]
Jaeden Ameroa8992df2018-10-26 15:23:13 +0100[diff] [blame^]1/**
2 * \file psa/crypto_driver.h
3 * \brief Platform Security Architecture cryptographic driver module
4 *
5 * This file describes the PSA Crypto Driver Model, containing functions for
6 * driver developers to implement to enable hardware to be called in a
7 * standardized way by a PSA Cryptographic API implementation. The functions
8 * comprising the driver model, which driver authors implement, are not
9 * intended to be called by application developers.
10 */
11
12/*
13 * Copyright (C) 2018, ARM Limited, All Rights Reserved
14 * SPDX-License-Identifier: Apache-2.0
15 *
16 * Licensed under the Apache License, Version 2.0 (the "License"); you may
17 * not use this file except in compliance with the License.
18 * You may obtain a copy of the License at
19 *
20 * http://www.apache.org/licenses/LICENSE-2.0
21 *
22 * Unless required by applicable law or agreed to in writing, software
23 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
24 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
25 * See the License for the specific language governing permissions and
26 * limitations under the License.
27 */
28#ifndef PSA_CRYPTO_DRIVER_H
29#define PSA_CRYPTO_DRIVER_H
30
31#include <stddef.h>
32#include <stdint.h>
33
34#ifdef __cplusplus
35extern "C" {
36#endif
37
38/** The following types are redefinitions from the psa/crypto.h file.
39 * It is intended that these will be moved to a new common header file to
40 * avoid duplication. They are included here for expediency in publication.
41 */
42typedef uint32_t psa_status_t;
43typedef uint32_t psa_algorithm_t;
44typedef uint8_t psa_encrypt_or_decrypt_t;
45typedef uint32_t psa_key_slot_t;
46typedef uint32_t psa_key_type_t;
47typedef uint32_t psa_key_usage_t;
48
49#define PSA_CRYPTO_DRIVER_ENCRYPT 1
50#define PSA_CRYPTO_DRIVER_DECRYPT 0
51
52/** \defgroup opaque_mac Opaque Message Authentication Code
53 * Generation and authentication of Message Authentication Codes (MACs) using
54 * opaque keys can be done either as a single function call (via the
55 * `psa_drv_mac_opaque_generate_t` or `psa_mac_opaque_verify_t` functions), or in
56 * parts using the following sequence:
57 * - `psa_mac_opaque_setup_t`
58 * - `psa_mac_opaque_update_t`
59 * - `psa_mac_opaque_update_t`
60 * - ...
61 * - `psa_mac_opaque_finish_t` or `psa_mac_opaque_finish_verify_t`
62 *
63 * If a previously started Opaque MAC operation needs to be terminated, it
64 * should be done so by the `psa_mac_opaque_abort_t`. Failure to do so may
65 * result in allocated resources not being freed or in other undefined
66 * behavior.
67 */
68/**@{*/
69/** \brief A function that starts a MAC operation for a PSA Crypto Driver
70 * implementation using an opaque key
71 *
72 * \param[in,out] p_context A structure that will contain the
73 * hardware-specific MAC context
74 * \param[in] key_slot The slot of the key to be used for the
75 * operation
76 * \param[in] algorithm The algorithm to be used to underly the MAC
77 * operation
78 *
79 * \retval PSA_SUCCESS
80 * Success.
81 */
82typedef psa_status_t (*psa_drv_mac_opaque_setup_t)(void *p_context,
83 psa_key_slot_t key_slot,
84 psa_algorithm_t algorithm);
85
86/** \brief A function that continues a previously started MAC operation using
87 * an opaque key
88 *
89 * \param[in,out] p_context A hardware-specific structure for the
90 * previously-established MAC operation to be
91 * continued
92 * \param[in] p_input A buffer containing the message to be appended
93 * to the MAC operation
94 * \param[in] input_length The size in bytes of the input message buffer
95 */
96typedef psa_status_t (*psa_drv_mac_opaque_update_t)(void *p_context,
97 const uint8_t *p_input,
98 size_t input_length);
99
100/** \brief a function that completes a previously started MAC operation by
101 * returning the resulting MAC using an opaque key
102 *
103 * \param[in,out] p_context A hardware-specific structure for the
104 * previously started MAC operation to be
105 * finished
106 * \param[out] p_mac A buffer where the generated MAC will be
107 * placed
108 * \param[in] mac_size The size in bytes of the buffer that has been
109 * allocated for the `output` buffer
110 * \param[out] p_mac_length After completion, will contain the number of
111 * bytes placed in the `p_mac` buffer
112 *
113 * \retval PSA_SUCCESS
114 * Success.
115 */
116typedef psa_status_t (*psa_drv_mac_opaque_finish_t)(void *p_context,
117 uint8_t *p_mac,
118 size_t mac_size,
119 size_t *p_mac_length);
120
121/** \brief A function that completes a previously started MAC operation by
122 * comparing the resulting MAC against a known value using an opaque key
123 *
124 * \param[in,out] p_context A hardware-specific structure for the previously
125 * started MAC operation to be fiinished
126 * \param[in] p_mac The MAC value against which the resulting MAC will
127 * be compared against
128 * \param[in] mac_length The size in bytes of the value stored in `p_mac`
129 *
130 * \retval PSA_SUCCESS
131 * The operation completed successfully and the MACs matched each
132 * other
133 * \retval PSA_ERROR_INVALID_SIGNATURE
134 * The operation completed successfully, but the calculated MAC did
135 * not match the provided MAC
136 */
137typedef psa_status_t (*psa_drv_mac_opaque_finish_verify_t)(void *p_context,
138 const uint8_t *p_mac,
139 size_t mac_length);
140
141/** \brief A function that aborts a previous started opaque-key MAC operation
142
143 * \param[in,out] p_context A hardware-specific structure for the previously
144 * started MAC operation to be aborted
145 */
146typedef psa_status_t (*psa_drv_mac_opaque_abort_t)(void *p_context);
147
148/** \brief A function that performs a MAC operation in one command and returns
149 * the calculated MAC using an opaque key
150 *
151 * \param[in] p_input A buffer containing the message to be MACed
152 * \param[in] input_length The size in bytes of `p_input`
153 * \param[in] key_slot The slot of the key to be used
154 * \param[in] alg The algorithm to be used to underlie the MAC
155 * operation
156 * \param[out] p_mac A buffer where the generated MAC will be
157 * placed
158 * \param[in] mac_size The size in bytes of the `p_mac` buffer
159 * \param[out] p_mac_length After completion, will contain the number of
160 * bytes placed in the `output` buffer
161 *
162 * \retval PSA_SUCCESS
163 * Success.
164 */
165typedef psa_status_t (*psa_drv_mac_opaque_generate_t)(const uint8_t *p_input,
166 size_t input_length,
167 psa_key_slot_t key_slot,
168 psa_algorithm_t alg,
169 uint8_t *p_mac,
170 size_t mac_size,
171 size_t *p_mac_length);
172
173/** \brief A function that performs an MAC operation in one command and
174 * compare the resulting MAC against a known value using an opaque key
175 *
176 * \param[in] p_input A buffer containing the message to be MACed
177 * \param[in] input_length The size in bytes of `input`
178 * \param[in] key_slot The slot of the key to be used
179 * \param[in] alg The algorithm to be used to underlie the MAC
180 * operation
181 * \param[in] p_mac The MAC value against which the resulting MAC will
182 * be compared against
183 * \param[in] mac_length The size in bytes of `mac`
184 *
185 * \retval PSA_SUCCESS
186 * The operation completed successfully and the MACs matched each
187 * other
188 * \retval PSA_ERROR_INVALID_SIGNATURE
189 * The operation completed successfully, but the calculated MAC did
190 * not match the provided MAC
191 */
192typedef psa_status_t (*psa_drv_mac_opaque_verify_t)(const uint8_t *p_input,
193 size_t input_length,
194 psa_key_slot_t key_slot,
195 psa_algorithm_t alg,
196 const uint8_t *p_mac,
197 size_t mac_length);
198
199/** \brief A struct containing all of the function pointers needed to
200 * implement MAC operations using opaque keys.
201 *
202 * PSA Crypto API implementations should populate the table as appropriate
203 * upon startup.
204 *
205 * If one of the functions is not implemented (such as
206 * `psa_drv_mac_opaque_generate_t`), it should be set to NULL.
207 *
208 * Driver implementers should ensure that they implement all of the functions
209 * that make sense for their hardware, and that they provide a full solution
210 * (for example, if they support `p_setup`, they should also support
211 * `p_update` and at least one of `p_finish` or `p_finish_verify`).
212 *
213 */
214typedef struct {
215 /**The size in bytes of the hardware-specific Opaque-MAC Context structure
216 */
217 size_t context_size;
218 /** Function that performs the setup operation
219 */
220 psa_drv_mac_opaque_setup_t *p_setup;
221 /** Function that performs the update operation
222 */
223 psa_drv_mac_opaque_update_t *p_update;
224 /** Function that completes the operation
225 */
226 psa_drv_mac_opaque_finish_t *p_finish;
227 /** Function that completed a MAC operation with a verify check
228 */
229 psa_drv_mac_opaque_finish_verify_t *p_finish_verify;
230 /** Function that aborts a previoustly started operation
231 */
232 psa_drv_mac_opaque_abort_t *p_abort;
233 /** Function that performs the MAC operation in one call
234 */
235 psa_drv_mac_opaque_generate_t *p_mac;
236 /** Function that performs the MAC and verify operation in one call
237 */
238 psa_drv_mac_opaque_verify_t *p_mac_verify;
239} psa_drv_mac_opaque_t;
240/**@}*/
241
242/** \defgroup transparent_mac Transparent Message Authentication Code
243 * Generation and authentication of Message Authentication Codes (MACs) using
244 * transparent keys can be done either as a single function call (via the
245 * `psa_drv_mac_transparent_generate_t` or `psa_mac_transparent_verify_t`
246 * functions), or in parts using the following sequence:
247 * - `psa_mac_transparent_setup_t`
248 * - `psa_mac_transparent_update_t`
249 * - `psa_mac_transparent_update_t`
250 * - ...
251 * - `psa_mac_transparent_finish_t` or `psa_mac_transparent_finish_verify_t`
252 *
253 * If a previously started Transparent MAC operation needs to be terminated, it
254 * should be done so by the `psa_mac_transparent_abort_t`. Failure to do so may
255 * result in allocated resources not being freed or in other undefined
256 * behavior.
257 *
258 */
259/**@{*/
260
261/** \brief The hardware-specific transparent-key MAC context structure
262 *
263 * The contents of this structure are implementation dependent and are
264 * therefore not described here.
265 */
266typedef struct psa_drv_mac_transparent_context_s psa_drv_mac_transparent_context_t;
267
268/** \brief The function prototype for the setup operation of a
269 * transparent-key MAC operation
270 *
271 * Functions that implement the prototype should be named in the following
272 * convention:
273 * ~~~~~~~~~~~~~{.c}
274 * psa_drv_mac_transparent_<ALGO>_<MAC_VARIANT>_setup
275 * ~~~~~~~~~~~~~
276 * Where `ALGO` is the name of the underlying primitive, and `MAC_VARIANT`
277 * is the specific variant of a MAC operation (such as HMAC or CMAC)
278 *
279 * \param[in,out] p_context A structure that will contain the
280 * hardware-specific MAC context
281 * \param[in] p_key A buffer containing the cleartext key material
282 * to be used in the operation
283 * \param[in] key_length The size in bytes of the key material
284 *
285 * \retval PSA_SUCCESS
286 * Success.
287 */
288typedef psa_status_t (*psa_drv_mac_transparent_setup_t)(psa_drv_mac_transparent_context_t *p_context,
289 const uint8_t *p_key,
290 size_t key_length);
291
292/** \brief The function prototype for the update operation of a
293 * transparent-key MAC operation
294 *
295 * Functions that implement the prototype should be named in the following
296 * convention:
297 * ~~~~~~~~~~~~~{.c}
298 * psa_drv_mac_transparent_<ALGO>_<MAC_VARIANT>_update
299 * ~~~~~~~~~~~~~
300 * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT`
301 * is the specific variant of a MAC operation (such as HMAC or CMAC)
302 *
303 * \param[in,out] p_context A hardware-specific structure for the
304 * previously-established MAC operation to be
305 * continued
306 * \param[in] p_input A buffer containing the message to be appended
307 * to the MAC operation
308 * \param[in] input_length The size in bytes of the input message buffer
309 */
310typedef psa_status_t (*psa_drv_mac_transparent_update_t)(psa_drv_mac_transparent_context_t *p_context,
311 const uint8_t *p_input,
312 size_t input_length);
313
314/** \brief The function prototype for the finish operation of a
315 * transparent-key MAC operation
316 *
317 * Functions that implement the prototype should be named in the following
318 * convention:
319 * ~~~~~~~~~~~~~{.c}
320 * psa_drv_mac_transparent_<ALGO>_<MAC_VARIANT>_finish
321 * ~~~~~~~~~~~~~
322 * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
323 * the specific variant of a MAC operation (such as HMAC or CMAC)
324 *
325 * \param[in,out] p_context A hardware-specific structure for the
326 * previously started MAC operation to be
327 * finished
328 * \param[out] p_mac A buffer where the generated MAC will be placed
329 * \param[in] mac_length The size in bytes of the buffer that has been
330 * allocated for the `p_mac` buffer
331 *
332 * \retval PSA_SUCCESS
333 * Success.
334 */
335typedef psa_status_t (*psa_drv_mac_transparent_finish_t)(psa_drv_mac_transparent_context_t *p_context,
336 uint8_t *p_mac,
337 size_t mac_length);
338
339/** \brief The function prototype for the finish and verify operation of a
340 * transparent-key MAC operation
341 *
342 * Functions that implement the prototype should be named in the following
343 * convention:
344 * ~~~~~~~~~~~~~{.c}
345 * psa_drv_mac_transparent_<ALGO>_<MAC_VARIANT>_finish_verify
346 * ~~~~~~~~~~~~~
347 * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
348 * the specific variant of a MAC operation (such as HMAC or CMAC)
349 *
350 * \param[in,out] p_context A hardware-specific structure for the
351 * previously started MAC operation to be
352 * verified and finished
353 * \param[in] p_mac A buffer containing the MAC that will be used
354 * for verification
355 * \param[in] mac_length The size in bytes of the data in the `p_mac`
356 * buffer
357 *
358 * \retval PSA_SUCCESS
359 * The operation completed successfully and the comparison matched
360 */
361typedef psa_status_t (*psa_drv_mac_transparent_finish_verify_t)(psa_drv_mac_transparent_context_t *p_context,
362 const uint8_t *p_mac,
363 size_t mac_length);
364
365/** \brief The function prototype for the abort operation for a previously
366 * started transparent-key MAC operation
367 *
368 * Functions that implement the prototype should be named in the following
369 * convention:
370 * ~~~~~~~~~~~~~{.c}
371 * psa_drv_mac_transparent_<ALGO>_<MAC_VARIANT>_abort
372 * ~~~~~~~~~~~~~
373 * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
374 * the specific variant of a MAC operation (such as HMAC or CMAC)
375 *
376 * \param[in,out] p_context A hardware-specific structure for the
377 * previously started MAC operation to be
378 * aborted
379 *
380 */
381typedef psa_status_t (*psa_drv_mac_transparent_abort_t)(psa_drv_mac_transparent_context_t *p_context);
382
383/** \brief The function prototype for a one-shot operation of a transparent-key
384 * MAC operation
385 *
386 * Functions that implement the prototype should be named in the following
387 * convention:
388 * ~~~~~~~~~~~~~{.c}
389 * psa_drv_mac_transparent_<ALGO>_<MAC_VARIANT>
390 * ~~~~~~~~~~~~~
391 * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
392 * the specific variant of a MAC operation (such as HMAC or CMAC)
393 *
394 * \param[in] p_input A buffer containing the data to be MACed
395 * \param[in] input_length The length in bytes of the `p_input` data
396 * \param[in] p_key A buffer containing the key material to be used
397 * for the MAC operation
398 * \param[in] key_length The length in bytes of the `p_key` data
399 * \param[in] alg The algorithm to be performed
400 * \param[out] p_mac The buffer where the resulting MAC will be placed
401 * upon success
402 * \param[in] mac_length The length in bytes of the `p_mac` buffer
403 */
404typedef psa_status_t (*psa_drv_mac_transparent_t)(const uint8_t *p_input,
405 size_t input_length,
406 const uint8_t *p_key,
407 size_t key_length,
408 psa_algorithm_t alg,
409 uint8_t *p_mac,
410 size_t mac_length);
411
412/** \brief The function prototype for a one-shot operation of a transparent-key
413 * MAC Verify operation
414 *
415 * Functions that implement the prototype should be named in the following
416 * convention:
417 * ~~~~~~~~~~~~~{.c}
418 * psa_drv_mac_transparent_<ALGO>_<MAC_VARIANT>_verify
419 * ~~~~~~~~~~~~~
420 * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is
421 * the specific variant of a MAC operation (such as HMAC or CMAC)
422 *
423 * \param[in] p_input A buffer containing the data to be MACed
424 * \param[in] input_length The length in bytes of the `p_input` data
425 * \param[in] p_key A buffer containing the key material to be used
426 * for the MAC operation
427 * \param[in] key_length The length in bytes of the `p_key` data
428 * \param[in] alg The algorithm to be performed
429 * \param[in] p_mac The MAC data to be compared
430 * \param[in] mac_length The length in bytes of the `p_mac` buffer
431 *
432 * \retval PSA_SUCCESS
433 * The operation completed successfully and the comparison matched
434 */
435typedef psa_status_t (*psa_drv_mac_transparent_verify_t)(const uint8_t *p_input,
436 size_t input_length,
437 const uint8_t *p_key,
438 size_t key_length,
439 psa_algorithm_t alg,
440 const uint8_t *p_mac,
441 size_t mac_length);
442/**@}*/
443
444/** \defgroup opaque_cipher Opaque Symmetric Ciphers
445 *
446 * Encryption and Decryption using opaque keys in block modes other than ECB
447 * must be done in multiple parts, using the following flow:
448 * - `psa_drv_cipher_opaque_setup_t`
449 * - `psa_drv_cipher_opaque_set_iv_t` (optional depending upon block mode)
450 * - `psa_drv_cipher_opaque_update_t`
451 * - ...
452 * - `psa_drv_cipher_opaque_finish_t`
453
454 * If a previously started Opaque Cipher operation needs to be terminated, it
455 * should be done so by the `psa_cipher_opaque_abort_t`. Failure to do so may
456 * result in allocated resources not being freed or in other undefined
457 * behavior.
458 *
459 * In situations where a PSA Cryptographic API implementation is using a block
460 * mode not-supported by the underlying hardware or driver, it can construct
461 * the block mode itself, while calling the `psa_drv_cipher_opaque_ecb_t` function
462 * pointer for the cipher operations.
463 */
464/**@{*/
465
466/** \brief A function pointer that provides the cipher setup function for
467 * opaque-key operations
468 *
469 * \param[in,out] p_context A structure that will contain the
470 * hardware-specific cipher context.
471 * \param[in] key_slot The slot of the key to be used for the
472 * operation
473 * \param[in] algorithm The algorithm to be used in the cipher
474 * operation
475 * \param[in] direction Indicates whether the operation is an encrypt
476 * or decrypt
477 *
478 * \retval PSA_SUCCESS
479 * \retval PSA_ERROR_NOT_SUPPORTED
480 */
481typedef psa_status_t (*psa_drv_cipher_opaque_setup_t)(void *p_context,
482 psa_key_slot_t key_slot,
483 psa_algorithm_t algorithm,
484 psa_encrypt_or_decrypt_t direction);
485
486/** \brief A function pointer that sets the initialization vector (if
487 * necessary) for an opaque cipher operation
488 *
489 * Rationale: The `psa_cipher_*` function in the PSA Cryptographic API has two
490 * IV functions: one to set the IV, and one to generate it internally. The
491 * generate function is not necessary for the drivers to implement as the PSA
492 * Crypto implementation can do the generation using its RNG features.
493 *
494 * \param[in,out] p_context A structure that contains the previously set up
495 * hardware-specific cipher context
496 * \param[in] p_iv A buffer containing the initialization vector
497 * \param[in] iv_length The size (in bytes) of the `p_iv` buffer
498 *
499 * \retval PSA_SUCCESS
500 */
501typedef psa_status_t (*psa_drv_cipher_opaque_set_iv_t)(void *p_context,
502 const uint8_t *p_iv,
503 size_t iv_length);
504
505/** \brief A function that continues a previously started opaque-key cipher
506 * operation
507 *
508 * \param[in,out] p_context A hardware-specific structure for the
509 * previously started cipher operation
510 * \param[in] p_input A buffer containing the data to be
511 * encrypted/decrypted
512 * \param[in] input_size The size in bytes of the buffer pointed to
513 * by `p_input`
514 * \param[out] p_output The caller-allocated buffer where the
515 * output will be placed
516 * \param[in] output_size The allocated size in bytes of the
517 * `p_output` buffer
518 * \param[out] p_output_length After completion, will contain the number
519 * of bytes placed in the `p_output` buffer
520 *
521 * \retval PSA_SUCCESS
522 */
523typedef psa_status_t (*psa_drv_cipher_opaque_update_t)(void *p_context,
524 const uint8_t *p_input,
525 size_t input_size,
526 uint8_t *p_output,
527 size_t output_size,
528 size_t *p_output_length);
529
530/** \brief A function that completes a previously started opaque-key cipher
531 * operation
532 *
533 * \param[in,out] p_context A hardware-specific structure for the
534 * previously started cipher operation
535 * \param[out] p_output The caller-allocated buffer where the output
536 * will be placed
537 * \param[in] output_size The allocated size in bytes of the `p_output`
538 * buffer
539 * \param[out] p_output_length After completion, will contain the number of
540 * bytes placed in the `p_output` buffer
541 *
542 * \retval PSA_SUCCESS
543 */
544typedef psa_status_t (*psa_drv_cipher_opaque_finish_t)(void *p_context,
545 uint8_t *p_output,
546 size_t output_size,
547 size_t *p_output_length);
548
549/** \brief A function that aborts a previously started opaque-key cipher
550 * operation
551 *
552 * \param[in,out] p_context A hardware-specific structure for the
553 * previously started cipher operation
554 */
555typedef psa_status_t (*psa_drv_cipher_opaque_abort_t)(void *p_context);
556
557/** \brief A function that performs the ECB block mode for opaque-key cipher
558 * operations
559 *
560 * Note: this function should only be used with implementations that do not
561 * provide a needed higher-level operation.
562 *
563 * \param[in] key_slot The slot of the key to be used for the operation
564 * \param[in] algorithm The algorithm to be used in the cipher operation
565 * \param[in] direction Indicates whether the operation is an encrypt or
566 * decrypt
567 * \param[in] p_input A buffer containing the data to be
568 * encrypted/decrypted
569 * \param[in] input_size The size in bytes of the buffer pointed to by
570 * `p_input`
571 * \param[out] p_output The caller-allocated buffer where the output will
572 * be placed
573 * \param[in] output_size The allocated size in bytes of the `p_output`
574 * buffer
575 *
576 * \retval PSA_SUCCESS
577 * \retval PSA_ERROR_NOT_SUPPORTED
578 */
579typedef psa_status_t (*psa_drv_cipher_opaque_ecb_t)(psa_key_slot_t key_slot,
580 psa_algorithm_t algorithm,
581 psa_encrypt_or_decrypt_t direction,
582 const uint8_t *p_input,
583 size_t input_size,
584 uint8_t *p_output,
585 size_t output_size);
586
587/**
588 * \brief A struct containing all of the function pointers needed to implement
589 * cipher operations using opaque keys.
590 *
591 * PSA Crypto API implementations should populate instances of the table as
592 * appropriate upon startup.
593 *
594 * If one of the functions is not implemented (such as
595 * `psa_drv_cipher_opaque_ecb_t`), it should be set to NULL.
596 */
597typedef struct {
598 /** The size in bytes of the hardware-specific Opaque Cipher context
599 * structure
600 */
601 size_t size;
602 /** Function that performs the setup operation */
603 psa_drv_cipher_opaque_setup_t *p_setup;
604 /** Function that sets the IV (if necessary) */
605 psa_drv_cipher_opaque_set_iv_t *p_set_iv;
606 /** Function that performs the update operation */
607 psa_drv_cipher_opaque_update_t *p_update;
608 /** Function that completes the operation */
609 psa_drv_cipher_opaque_finish_t *p_finish;
610 /** Function that aborts the operation */
611 psa_drv_cipher_opaque_abort_t *p_abort;
612 /** Function that performs ECB mode for the cipher
613 * (Danger: ECB mode should not be used directly by clients of the PSA
614 * Crypto Client API)
615 */
616 psa_drv_cipher_opaque_ecb_t *p_ecb;
617} psa_drv_cipher_opaque_t;
618
619/**@}*/
620
621/** \defgroup transparent_cipher Transparent Block Cipher
622 * Encryption and Decryption using transparent keys in block modes other than
623 * ECB must be done in multiple parts, using the following flow:
624 * - `psa_drv_cipher_transparent_setup_t`
625 * - `psa_drv_cipher_transparent_set_iv_t` (optional depending upon block mode)
626 * - `psa_drv_cipher_transparent_update_t`
627 * - ...
628 * - `psa_drv_cipher_transparent_finish_t`
629
630 * If a previously started Transparent Cipher operation needs to be terminated,
631 * it should be done so by the `psa_cipher_transparent_abort_t`. Failure to do
632 * so may result in allocated resources not being freed or in other undefined
633 * behavior.
634 */
635/**@{*/
636
637/** \brief The hardware-specific transparent-key Cipher context structure
638 *
639 * The contents of this structure are implementation dependent and are
640 * therefore not described here.
641 */
642typedef struct psa_drv_cipher_transparent_context_s psa_drv_cipher_transparent_context_t;
643
644/** \brief The function prototype for the setup operation of transparent-key
645 * block cipher operations.
646 * Functions that implement the prototype should be named in the following
647 * conventions:
648 * ~~~~~~~~~~~~~{.c}
649 * psa_drv_cipher_transparent_setup_<CIPHER_NAME>_<MODE>
650 * ~~~~~~~~~~~~~
651 * Where
652 * - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
653 * - `MODE` is the block mode of the cipher operation (i.e. CBC or CTR)
654 * or for stream ciphers:
655 * ~~~~~~~~~~~~~{.c}
656 * psa_drv_cipher_transparent_setup_<CIPHER_NAME>
657 * ~~~~~~~~~~~~~
658 * Where `CIPHER_NAME` is the name of a stream cipher (i.e. RC4)
659 *
660 * \param[in,out] p_context A structure that will contain the
661 * hardware-specific cipher context
662 * \param[in] direction Indicates if the operation is an encrypt or a
663 * decrypt
664 * \param[in] p_key_data A buffer containing the cleartext key material
665 * to be used in the operation
666 * \param[in] key_data_size The size in bytes of the key material
667 *
668 * \retval PSA_SUCCESS
669 */
670typedef psa_status_t (*psa_drv_cipher_transparent_setup_t)(psa_drv_cipher_transparent_context_t *p_context,
671 psa_encrypt_or_decrypt_t direction,
672 const uint8_t *p_key_data,
673 size_t key_data_size);
674
675/** \brief The function prototype for the set initialization vector operation
676 * of transparent-key block cipher operations
677 * Functions that implement the prototype should be named in the following
678 * convention:
679 * ~~~~~~~~~~~~~{.c}
680 * psa_drv_cipher_transparent_set_iv_<CIPHER_NAME>_<MODE>
681 * ~~~~~~~~~~~~~
682 * Where
683 * - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
684 * - `MODE` is the block mode of the cipher operation (i.e. CBC or CTR)
685 *
686 * \param[in,out] p_context A structure that contains the previously setup
687 * hardware-specific cipher context
688 * \param[in] p_iv A buffer containing the initialization vecotr
689 * \param[in] iv_length The size in bytes of the contents of `p_iv`
690 *
691 * \retval PSA_SUCCESS
692 */
693typedef psa_status_t (*psa_drv_cipher_transparent_set_iv_t)(psa_drv_cipher_transparent_context_t *p_context,
694 const uint8_t *p_iv,
695 size_t iv_length);
696
697/** \brief The function prototype for the update operation of transparent-key
698 * block cipher operations.
699 *
700 * Functions that implement the prototype should be named in the following
701 * convention:
702 * ~~~~~~~~~~~~~{.c}
703 * psa_drv_cipher_transparent_update_<CIPHER_NAME>_<MODE>
704 * ~~~~~~~~~~~~~
705 * Where
706 * - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
707 * - `MODE` is the block mode of the cipher operation (i.e. CBC or CTR)
708 *
709 * \param[in,out] p_context A hardware-specific structure for the
710 * previously started cipher operation
711 * \param[in] p_input A buffer containing the data to be
712 * encrypted or decrypted
713 * \param[in] input_size The size in bytes of the `p_input` buffer
714 * \param[out] p_output A caller-allocated buffer where the
715 * generated output will be placed
716 * \param[in] output_size The size in bytes of the `p_output` buffer
717 * \param[out] p_output_length After completion, will contain the number
718 * of bytes placed in the `p_output` buffer
719 *
720 * \retval PSA_SUCCESS
721 */
722typedef psa_status_t (*psa_drv_cipher_transparent_update_t)(psa_drv_cipher_transparent_context_t *p_context,
723 const uint8_t *p_input,
724 size_t input_size,
725 uint8_t *p_output,
726 size_t output_size,
727 size_t *p_output_length);
728
729/** \brief The function prototype for the finish operation of transparent-key
730 * block cipher operations.
731 *
732 * Functions that implement the prototype should be named in the following
733 * convention:
734 * ~~~~~~~~~~~~~{.c}
735 * psa_drv_cipher_transparent_finish_<CIPHER_NAME>_<MODE>
736 * ~~~~~~~~~~~~~
737 * Where
738 * - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
739 * - `MODE` is the block mode of the cipher operation (i.e. CBC or CTR)
740 *
741 * \param[in,out] p_context A hardware-specific structure for the
742 * previously started cipher operation
743 * \param[out] p_output A caller-allocated buffer where the generated
744 * output will be placed
745 * \param[in] output_size The size in bytes of the `p_output` buffer
746 * \param[out] p_output_length After completion, will contain the number of
747 * bytes placed in the `p_output` buffer
748 *
749 * \retval PSA_SUCCESS
750 */
751typedef psa_status_t (*psa_drv_cipher_transparent_finish_t)(psa_drv_cipher_transparent_context_t *p_context,
752 uint8_t *p_output,
753 size_t output_size,
754 size_t *p_output_length);
755
756/** \brief The function prototype for the abort operation of transparent-key
757 * block cipher operations.
758 *
759 * Functions that implement the following prototype should be named in the
760 * following convention:
761 * ~~~~~~~~~~~~~{.c}
762 * psa_drv_cipher_transparent_abort_<CIPHER_NAME>_<MODE>
763 * ~~~~~~~~~~~~~
764 * Where
765 * - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES)
766 * - `MODE` is the block mode of the cipher operation (i.e. CBC or CTR)
767 *
768 * \param[in,out] p_context A hardware-specific structure for the
769 * previously started cipher operation
770 *
771 * \retval PSA_SUCCESS
772 */
773typedef psa_status_t (*psa_drv_cipher_transparent_abort_t)(psa_drv_cipher_transparent_context_t *p_context);
774
775/**@}*/
776
777/** \defgroup driver_digest Message Digests
778 *
779 * Generation and authentication of Message Digests (aka hashes) must be done
780 * in parts using the following sequence:
781 * - `psa_hash_setup_t`
782 * - `psa_hash_update_t`
783 * - ...
784 * - `psa_hash_finish_t`
785 *
786 * If a previously started Message Digest operation needs to be terminated
787 * before the `psa_hash_finish_t` operation is complete, it should be aborted
788 * by the `psa_hash_abort_t`. Failure to do so may result in allocated
789 * resources not being freed or in other undefined behavior.
790 */
791/**@{*/
792
793/** \brief The hardware-specific hash context structure
794 *
795 * The contents of this structure are implementation dependent and are
796 * therefore not described here
797 */
798typedef struct psa_drv_hash_context_s psa_drv_hash_context_t;
799
800/** \brief The function prototype for the start operation of a hash (message
801 * digest) operation
802 *
803 * Functions that implement the prototype should be named in the following
804 * convention:
805 * ~~~~~~~~~~~~~{.c}
806 * psa_drv_hash_<ALGO>_setup
807 * ~~~~~~~~~~~~~
808 * Where `ALGO` is the name of the underlying hash function
809 *
810 * \param[in,out] p_context A structure that will contain the
811 * hardware-specific hash context
812 *
813 * \retval PSA_SUCCESS Success.
814 */
815typedef psa_status_t (*psa_drv_hash_setup_t)(psa_drv_hash_context_t *p_context);
816
817/** \brief The function prototype for the update operation of a hash (message
818 * digest) operation
819 *
820 * Functions that implement the prototype should be named in the following
821 * convention:
822 * ~~~~~~~~~~~~~{.c}
823 * psa_drv_hash_<ALGO>_update
824 * ~~~~~~~~~~~~~
825 * Where `ALGO` is the name of the underlying algorithm
826 *
827 * \param[in,out] p_context A hardware-specific structure for the
828 * previously-established hash operation to be
829 * continued
830 * \param[in] p_input A buffer containing the message to be appended
831 * to the hash operation
832 * \param[in] input_length The size in bytes of the input message buffer
833 */
834typedef psa_status_t (*psa_drv_hash_update_t)(psa_drv_hash_context_t *p_context,
835 const uint8_t *p_input,
836 size_t input_length);
837
838/** \brief The prototype for the finish operation of a hash (message digest)
839 * operation
840 *
841 * Functions that implement the prototype should be named in the following
842 * convention:
843 * ~~~~~~~~~~~~~{.c}
844 * psa_drv_hash_<ALGO>_finish
845 * ~~~~~~~~~~~~~
846 * Where `ALGO` is the name of the underlying algorithm
847 *
848 * \param[in,out] p_context A hardware-specific structure for the
849 * previously started hash operation to be
850 * fiinished
851 * \param[out] p_output A buffer where the generated digest will be
852 * placed
853 * \param[in] output_size The size in bytes of the buffer that has been
854 * allocated for the `p_output` buffer
855 * \param[out] p_output_length The number of bytes placed in `p_output` after
856 * success
857 *
858 * \retval PSA_SUCCESS
859 * Success.
860 */
861typedef psa_status_t (*psa_drv_hash_finish_t)(psa_drv_hash_context_t *p_context,
862 uint8_t *p_output,
863 size_t output_size,
864 size_t *p_output_length);
865
866/** \brief The function prototype for the abort operation of a hash (message
867 * digest) operation
868 *
869 * Functions that implement the prototype should be named in the following
870 * convention:
871 * ~~~~~~~~~~~~~{.c}
872 * psa_drv_hash_<ALGO>_abort
873 * ~~~~~~~~~~~~~
874 * Where `ALGO` is the name of the underlying algorithm
875 *
876 * \param[in,out] p_context A hardware-specific structure for the previously
877 * started hash operation to be aborted
878 */
879typedef void (*psa_drv_hash_abort_t)(psa_drv_hash_context_t *p_context);
880
881/**@}*/
882
883
884/** \defgroup opaque_asymmetric Opaque Asymmetric Cryptography
885 *
886 * Since the amount of data that can (or should) be encrypted or signed using
887 * asymmetric keys is limited by the key size, asymmetric key operations using
888 * opaque keys must be done in single function calls.
889 */
890/**@{*/
891
892/**
893 * \brief A function that signs a hash or short message with a private key
894 *
895 * \param[in] key_slot Key slot of an asymmetric key pair
896 * \param[in] alg A signature algorithm that is compatible
897 * with the type of `key`
898 * \param[in] p_hash The hash to sign
899 * \param[in] hash_length Size of the `p_hash` buffer in bytes
900 * \param[out] p_signature Buffer where the signature is to be written
901 * \param[in] signature_size Size of the `p_signature` buffer in bytes
902 * \param[out] p_signature_length On success, the number of bytes
903 * that make up the returned signature value
904 *
905 * \retval PSA_SUCCESS
906 */
907typedef psa_status_t (*psa_drv_asymmetric_opaque_sign_t)(psa_key_slot_t key_slot,
908 psa_algorithm_t alg,
909 const uint8_t *p_hash,
910 size_t hash_length,
911 uint8_t *p_signature,
912 size_t signature_size,
913 size_t *p_signature_length);
914
915/**
916 * \brief A function that verifies the signature a hash or short message using
917 * an asymmetric public key
918 *
919 * \param[in] key_slot Key slot of a public key or an asymmetric key
920 * pair
921 * \param[in] alg A signature algorithm that is compatible with
922 * the type of `key`
923 * \param[in] p_hash The hash whose signature is to be verified
924 * \param[in] hash_length Size of the `p_hash` buffer in bytes
925 * \param[in] p_signature Buffer containing the signature to verify
926 * \param[in] signature_length Size of the `p_signature` buffer in bytes
927 *
928 * \retval PSA_SUCCESS
929 * The signature is valid.
930 */
931typedef psa_status_t (*psa_drv_asymmetric_opaque_verify_t)(psa_key_slot_t key_slot,
932 psa_algorithm_t alg,
933 const uint8_t *p_hash,
934 size_t hash_length,
935 const uint8_t *p_signature,
936 size_t signature_length);
937
938/**
939 * \brief A function that encrypts a short message with an asymmetric public
940 * key
941 *
942 * \param[in] key_slot Key slot of a public key or an asymmetric key
943 * pair
944 * \param[in] alg An asymmetric encryption algorithm that is
945 * compatible with the type of `key`
946 * \param[in] p_input The message to encrypt
947 * \param[in] input_length Size of the `p_input` buffer in bytes
948 * \param[in] p_salt A salt or label, if supported by the
949 * encryption algorithm
950 * If the algorithm does not support a
951 * salt, pass `NULL`.
952 * If the algorithm supports an optional
953 * salt and you do not want to pass a salt,
954 * pass `NULL`.
955 * For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
956 * supported.
957 * \param[in] salt_length Size of the `p_salt` buffer in bytes
958 * If `p_salt` is `NULL`, pass 0.
959 * \param[out] p_output Buffer where the encrypted message is to
960 * be written
961 * \param[in] output_size Size of the `p_output` buffer in bytes
962 * \param[out] p_output_length On success, the number of bytes that make up
963 * the returned output
964 *
965 * \retval PSA_SUCCESS
966 */
967typedef psa_status_t (*psa_drv_asymmetric_opaque_encrypt_t)(psa_key_slot_t key_slot,
968 psa_algorithm_t alg,
969 const uint8_t *p_input,
970 size_t input_length,
971 const uint8_t *p_salt,
972 size_t salt_length,
973 uint8_t *p_output,
974 size_t output_size,
975 size_t *p_output_length);
976
977/**
978 * \brief Decrypt a short message with an asymmetric private key.
979 *
980 * \param[in] key_slot Key slot of an asymmetric key pair
981 * \param[in] alg An asymmetric encryption algorithm that is
982 * compatible with the type of `key`
983 * \param[in] p_input The message to decrypt
984 * \param[in] input_length Size of the `p_input` buffer in bytes
985 * \param[in] p_salt A salt or label, if supported by the
986 * encryption algorithm
987 * If the algorithm does not support a
988 * salt, pass `NULL`.
989 * If the algorithm supports an optional
990 * salt and you do not want to pass a salt,
991 * pass `NULL`.
992 * For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
993 * supported.
994 * \param[in] salt_length Size of the `p_salt` buffer in bytes
995 * If `p_salt` is `NULL`, pass 0.
996 * \param[out] p_output Buffer where the decrypted message is to
997 * be written
998 * \param[in] output_size Size of the `p_output` buffer in bytes
999 * \param[out] p_output_length On success, the number of bytes
1000 * that make up the returned output
1001 *
1002 * \retval PSA_SUCCESS
1003 */
1004typedef psa_status_t (*psa_drv_asymmetric_opaque_decrypt_t)(psa_key_slot_t key_slot,
1005 psa_algorithm_t alg,
1006 const uint8_t *p_input,
1007 size_t input_length,
1008 const uint8_t *p_salt,
1009 size_t salt_length,
1010 uint8_t *p_output,
1011 size_t output_size,
1012 size_t *p_output_length);
1013
1014/**
1015 * \brief A struct containing all of the function pointers needed to implement
1016 * asymmetric cryptographic operations using opaque keys.
1017 *
1018 * PSA Crypto API implementations should populate instances of the table as
1019 * appropriate upon startup.
1020 *
1021 * If one of the functions is not implemented, it should be set to NULL.
1022 */
1023typedef struct {
1024 /** Function that performs the asymmetric sign operation */
1025 psa_drv_asymmetric_opaque_sign_t *p_sign;
1026 /** Function that performs the asymmetric verify operation */
1027 psa_drv_asymmetric_opaque_verify_t *p_verify;
1028 /** Function that performs the asymmetric encrypt operation */
1029 psa_drv_asymmetric_opaque_encrypt_t *p_encrypt;
1030 /** Function that performs the asymmetric decrypt operation */
1031 psa_drv_asymmetric_opaque_decrypt_t *p_decrypt;
1032} psa_drv_asymmetric_opaque_t;
1033
1034/**@}*/
1035
1036/** \defgroup transparent_asymmetric Transparent Asymmetric Cryptography
1037 *
1038 * Since the amount of data that can (or should) be encrypted or signed using
1039 * asymmetric keys is limited by the key size, asymmetric key operations using
1040 * transparent keys must be done in single function calls.
1041 */
1042/**@{*/
1043
1044
1045/**
1046 * \brief A function that signs a hash or short message with a transparent
1047 * asymmetric private key
1048 *
1049 * Functions that implement the prototype should be named in the following
1050 * convention:
1051 * ~~~~~~~~~~~~~{.c}
1052 * psa_drv_asymmetric_<ALGO>_sign
1053 * ~~~~~~~~~~~~~
1054 * Where `ALGO` is the name of the signing algorithm
1055 *
1056 * \param[in] p_key A buffer containing the private key
1057 * material
1058 * \param[in] key_size The size in bytes of the `p_key` data
1059 * \param[in] alg A signature algorithm that is compatible
1060 * with the type of `p_key`
1061 * \param[in] p_hash The hash or message to sign
1062 * \param[in] hash_length Size of the `p_hash` buffer in bytes
1063 * \param[out] p_signature Buffer where the signature is to be written
1064 * \param[in] signature_size Size of the `p_signature` buffer in bytes
1065 * \param[out] p_signature_length On success, the number of bytes
1066 * that make up the returned signature value
1067 *
1068 * \retval PSA_SUCCESS
1069 */
1070typedef psa_status_t (*psa_drv_asymmetric_transparent_sign_t)(const uint8_t *p_key,
1071 size_t key_size,
1072 psa_algorithm_t alg,
1073 const uint8_t *p_hash,
1074 size_t hash_length,
1075 uint8_t *p_signature,
1076 size_t signature_size,
1077 size_t *p_signature_length);
1078
1079/**
1080 * \brief A function that verifies the signature a hash or short message using
1081 * a transparent asymmetric public key
1082 *
1083 * Functions that implement the prototype should be named in the following
1084 * convention:
1085 * ~~~~~~~~~~~~~{.c}
1086 * psa_drv_asymmetric_<ALGO>_verify
1087 * ~~~~~~~~~~~~~
1088 * Where `ALGO` is the name of the signing algorithm
1089 *
1090 * \param[in] p_key A buffer containing the public key material
1091 * \param[in] key_size The size in bytes of the `p_key` data
1092 * \param[in] alg A signature algorithm that is compatible with
1093 * the type of `key`
1094 * \param[in] p_hash The hash or message whose signature is to be
1095 * verified
1096 * \param[in] hash_length Size of the `p_hash` buffer in bytes
1097 * \param[in] p_signature Buffer containing the signature to verify
1098 * \param[in] signature_length Size of the `p_signature` buffer in bytes
1099 *
1100 * \retval PSA_SUCCESS
1101 * The signature is valid.
1102 */
1103typedef psa_status_t (*psa_drv_asymmetric_transparent_verify_t)(const uint8_t *p_key,
1104 size_t key_size,
1105 psa_algorithm_t alg,
1106 const uint8_t *p_hash,
1107 size_t hash_length,
1108 const uint8_t *p_signature,
1109 size_t signature_length);
1110
1111/**
1112 * \brief A function that encrypts a short message with a transparent
1113 * asymmetric public key
1114 *
1115 * Functions that implement the prototype should be named in the following
1116 * convention:
1117 * ~~~~~~~~~~~~~{.c}
1118 * psa_drv_asymmetric_<ALGO>_encrypt
1119 * ~~~~~~~~~~~~~
1120 * Where `ALGO` is the name of the encryption algorithm
1121 *
1122 * \param[in] p_key A buffer containing the public key material
1123 * \param[in] key_size The size in bytes of the `p_key` data
1124 * \param[in] alg An asymmetric encryption algorithm that is
1125 * compatible with the type of `key`
1126 * \param[in] p_input The message to encrypt
1127 * \param[in] input_length Size of the `p_input` buffer in bytes
1128 * \param[in] p_salt A salt or label, if supported by the
1129 * encryption algorithm
1130 * If the algorithm does not support a
1131 * salt, pass `NULL`
1132 * If the algorithm supports an optional
1133 * salt and you do not want to pass a salt,
1134 * pass `NULL`.
1135 * For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
1136 * supported.
1137 * \param[in] salt_length Size of the `p_salt` buffer in bytes
1138 * If `p_salt` is `NULL`, pass 0.
1139 * \param[out] p_output Buffer where the encrypted message is to
1140 * be written
1141 * \param[in] output_size Size of the `p_output` buffer in bytes
1142 * \param[out] p_output_length On success, the number of bytes
1143 * that make up the returned output
1144 *
1145 * \retval PSA_SUCCESS
1146 */
1147typedef psa_status_t (*psa_drv_asymmetric_transparent_encrypt_t)(const uint8_t *p_key,
1148 size_t key_size,
1149 psa_algorithm_t alg,
1150 const uint8_t *p_input,
1151 size_t input_length,
1152 const uint8_t *p_salt,
1153 size_t salt_length,
1154 uint8_t *p_output,
1155 size_t output_size,
1156 size_t *p_output_length);
1157
1158/**
1159 * \brief Decrypt a short message with a transparent asymmetric private key
1160 *
1161 * Functions that implement the prototype should be named in the following
1162 * convention:
1163 * ~~~~~~~~~~~~~{.c}
1164 * psa_drv_asymmetric_<ALGO>_decrypt
1165 * ~~~~~~~~~~~~~
1166 * Where `ALGO` is the name of the encryption algorithm
1167 *
1168 * \param[in] p_key A buffer containing the private key material
1169 * \param[in] key_size The size in bytes of the `p_key` data
1170 * \param[in] alg An asymmetric encryption algorithm that is
1171 * compatible with the type of `key`
1172 * \param[in] p_input The message to decrypt
1173 * \param[in] input_length Size of the `p_input` buffer in bytes
1174 * \param[in] p_salt A salt or label, if supported by the
1175 * encryption algorithm
1176 * If the algorithm does not support a
1177 * salt, pass `NULL`.
1178 * If the algorithm supports an optional
1179 * salt and you do not want to pass a salt,
1180 * pass `NULL`.
1181 * For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
1182 * supported
1183 * \param[in] salt_length Size of the `p_salt` buffer in bytes
1184 * If `p_salt` is `NULL`, pass 0
1185 * \param[out] p_output Buffer where the decrypted message is to
1186 * be written
1187 * \param[in] output_size Size of the `p_output` buffer in bytes
1188 * \param[out] p_output_length On success, the number of bytes
1189 * that make up the returned output
1190 *
1191 * \retval PSA_SUCCESS
1192 */
1193typedef psa_status_t (*psa_drv_asymmetric_transparent_decrypt_t)(const uint8_t *p_key,
1194 size_t key_size,
1195 psa_algorithm_t alg,
1196 const uint8_t *p_input,
1197 size_t input_length,
1198 const uint8_t *p_salt,
1199 size_t salt_length,
1200 uint8_t *p_output,
1201 size_t output_size,
1202 size_t *p_output_length);
1203
1204/**@}*/
1205
1206/** \defgroup aead_opaque AEAD Opaque
1207 * Authenticated Encryption with Additional Data (AEAD) operations with opaque
1208 * keys must be done in one function call. While this creates a burden for
1209 * implementers as there must be sufficient space in memory for the entire
1210 * message, it prevents decrypted data from being made available before the
1211 * authentication operation is complete and the data is known to be authentic.
1212 */
1213/**@{*/
1214
1215/** \brief Process an authenticated encryption operation using an opaque key
1216 *
1217 * \param[in] key_slot Slot containing the key to use.
1218 * \param[in] algorithm The AEAD algorithm to compute
1219 * (\c PSA_ALG_XXX value such that
1220 * #PSA_ALG_IS_AEAD(`alg`) is true)
1221 * \param[in] p_nonce Nonce or IV to use
1222 * \param[in] nonce_length Size of the `p_nonce` buffer in bytes
1223 * \param[in] p_additional_data Additional data that will be
1224 * authenticated but not encrypted
1225 * \param[in] additional_data_length Size of `p_additional_data` in bytes
1226 * \param[in] p_plaintext Data that will be authenticated and
1227 * encrypted
1228 * \param[in] plaintext_length Size of `p_plaintext` in bytes
1229 * \param[out] p_ciphertext Output buffer for the authenticated and
1230 * encrypted data. The additional data is
1231 * not part of this output. For algorithms
1232 * where the encrypted data and the
1233 * authentication tag are defined as
1234 * separate outputs, the authentication
1235 * tag is appended to the encrypted data.
1236 * \param[in] ciphertext_size Size of the `p_ciphertext` buffer in
1237 * bytes
1238 * \param[out] p_ciphertext_length On success, the size of the output in
1239 * the `p_ciphertext` buffer
1240 *
1241 * \retval #PSA_SUCCESS
1242 * Success.
1243 */
1244typedef psa_status_t (*psa_drv_aead_opaque_encrypt_t)(psa_key_slot_t key_slot,
1245 psa_algorithm_t algorithm,
1246 const uint8_t *p_nonce,
1247 size_t nonce_length,
1248 const uint8_t *p_additional_data,
1249 size_t additional_data_length,
1250 const uint8_t *p_plaintext,
1251 size_t plaintext_length,
1252 uint8_t *p_ciphertext,
1253 size_t ciphertext_size,
1254 size_t *p_ciphertext_length);
1255
1256/** Process an authenticated decryption operation using an opaque key
1257 *
1258 * \param[in] key_slot Slot containing the key to use
1259 * \param[in] algorithm The AEAD algorithm to compute
1260 * (\c PSA_ALG_XXX value such that
1261 * #PSA_ALG_IS_AEAD(`alg`) is true)
1262 * \param[in] p_nonce Nonce or IV to use
1263 * \param[in] nonce_length Size of the `p_nonce` buffer in bytes
1264 * \param[in] p_additional_data Additional data that has been
1265 * authenticated but not encrypted
1266 * \param[in] additional_data_length Size of `p_additional_data` in bytes
1267 * \param[in] p_ciphertext Data that has been authenticated and
1268 * encrypted.
1269 * For algorithms where the encrypted data
1270 * and the authentication tag are defined
1271 * as separate inputs, the buffer must
1272 * contain the encrypted data followed by
1273 * the authentication tag.
1274 * \param[in] ciphertext_length Size of `p_ciphertext` in bytes
1275 * \param[out] p_plaintext Output buffer for the decrypted data
1276 * \param[in] plaintext_size Size of the `p_plaintext` buffer in
1277 * bytes
1278 * \param[out] p_plaintext_length On success, the size of the output in
1279 * the `p_plaintext` buffer
1280 *
1281 * \retval #PSA_SUCCESS
1282 * Success.
1283 */
1284typedef psa_status_t (*psa_drv_aead_opaque_decrypt_t)(psa_key_slot_t key_slot,
1285 psa_algorithm_t algorithm,
1286 const uint8_t *p_nonce,
1287 size_t nonce_length,
1288 const uint8_t *p_additional_data,
1289 size_t additional_data_length,
1290 const uint8_t *p_ciphertext,
1291 size_t ciphertext_length,
1292 uint8_t *p_plaintext,
1293 size_t plaintext_size,
1294 size_t *p_plaintext_length);
1295
1296/**
1297 * \brief A struct containing all of the function pointers needed to implement
1298 * Authenticated Encryption with Additional Data operations using opaque keys
1299 *
1300 * PSA Crypto API implementations should populate instances of the table as
1301 * appropriate upon startup.
1302 *
1303 * If one of the functions is not implemented, it should be set to NULL.
1304 */
1305typedef struct {
1306 /** Function that performs the AEAD encrypt operation */
1307 psa_drv_aead_opaque_encrypt_t *p_encrypt;
1308 /** Function that performs the AEAD decrypt operation */
1309 psa_drv_aead_opaque_decrypt_t *p_decrypt;
1310} psa_drv_aead_opaque_t;
1311/**@}*/
1312
1313/** \defgroup aead_transparent AEAD Transparent
1314 *
1315 * Authenticated Encryption with Additional Data (AEAD) operations with
1316 * transparent keys must be done in one function call. While this creates a
1317 * burden for implementers as there must be sufficient space in memory for the
1318 * entire message, it prevents decrypted data from being made available before
1319 * the authentication operation is complete and the data is known to be
1320 * authentic.
1321 */
1322/**@{*/
1323
1324/** Process an authenticated encryption operation using an opaque key.
1325 *
1326 * Functions that implement the prototype should be named in the following
1327 * convention:
1328 * ~~~~~~~~~~~~~{.c}
1329 * psa_drv_aead_<ALGO>_encrypt
1330 * ~~~~~~~~~~~~~
1331 * Where `ALGO` is the name of the AEAD algorithm
1332 *
1333 * \param[in] p_key A pointer to the key material
1334 * \param[in] key_length The size in bytes of the key material
1335 * \param[in] alg The AEAD algorithm to compute
1336 * (\c PSA_ALG_XXX value such that
1337 * #PSA_ALG_IS_AEAD(`alg`) is true)
1338 * \param[in] nonce Nonce or IV to use
1339 * \param[in] nonce_length Size of the `nonce` buffer in bytes
1340 * \param[in] additional_data Additional data that will be MACed
1341 * but not encrypted.
1342 * \param[in] additional_data_length Size of `additional_data` in bytes
1343 * \param[in] plaintext Data that will be MACed and
1344 * encrypted.
1345 * \param[in] plaintext_length Size of `plaintext` in bytes
1346 * \param[out] ciphertext Output buffer for the authenticated and
1347 * encrypted data. The additional data is
1348 * not part of this output. For algorithms
1349 * where the encrypted data and the
1350 * authentication tag are defined as
1351 * separate outputs, the authentication
1352 * tag is appended to the encrypted data.
1353 * \param[in] ciphertext_size Size of the `ciphertext` buffer in
1354 * bytes
1355 * This must be at least
1356 * #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(`alg`,
1357 * `plaintext_length`).
1358 * \param[out] ciphertext_length On success, the size of the output in
1359 * the `ciphertext` buffer
1360 *
1361 * \retval #PSA_SUCCESS
1362
1363 */
1364typedef psa_status_t (*psa_drv_aead_transparent_encrypt_t)(const uint8_t *p_key,
1365 size_t key_length,
1366 psa_algorithm_t alg,
1367 const uint8_t *nonce,
1368 size_t nonce_length,
1369 const uint8_t *additional_data,
1370 size_t additional_data_length,
1371 const uint8_t *plaintext,
1372 size_t plaintext_length,
1373 uint8_t *ciphertext,
1374 size_t ciphertext_size,
1375 size_t *ciphertext_length);
1376
1377/** Process an authenticated decryption operation using an opaque key.
1378 *
1379 * Functions that implement the prototype should be named in the following
1380 * convention:
1381 * ~~~~~~~~~~~~~{.c}
1382 * psa_drv_aead_<ALGO>_decrypt
1383 * ~~~~~~~~~~~~~
1384 * Where `ALGO` is the name of the AEAD algorithm
1385 * \param[in] p_key A pointer to the key material
1386 * \param[in] key_length The size in bytes of the key material
1387 * \param[in] alg The AEAD algorithm to compute
1388 * (\c PSA_ALG_XXX value such that
1389 * #PSA_ALG_IS_AEAD(`alg`) is true)
1390 * \param[in] nonce Nonce or IV to use
1391 * \param[in] nonce_length Size of the `nonce` buffer in bytes
1392 * \param[in] additional_data Additional data that has been MACed
1393 * but not encrypted
1394 * \param[in] additional_data_length Size of `additional_data` in bytes
1395 * \param[in] ciphertext Data that has been MACed and
1396 * encrypted
1397 * For algorithms where the encrypted data
1398 * and the authentication tag are defined
1399 * as separate inputs, the buffer must
1400 * contain the encrypted data followed by
1401 * the authentication tag.
1402 * \param[in] ciphertext_length Size of `ciphertext` in bytes
1403 * \param[out] plaintext Output buffer for the decrypted data
1404 * \param[in] plaintext_size Size of the `plaintext` buffer in
1405 * bytes
1406 * This must be at least
1407 * #PSA_AEAD_DECRYPT_OUTPUT_SIZE(`alg`,
1408 * `ciphertext_length`).
1409 * \param[out] plaintext_length On success, the size of the output
1410 * in the \b plaintext buffer
1411 *
1412 * \retval #PSA_SUCCESS
1413 * Success.
1414 */
1415typedef psa_status_t (*psa_drv_aead_transparent_decrypt_t)(const uint8_t *p_key,
1416 size_t key_length,
1417 psa_algorithm_t alg,
1418 const uint8_t *nonce,
1419 size_t nonce_length,
1420 const uint8_t *additional_data,
1421 size_t additional_data_length,
1422 const uint8_t *ciphertext,
1423 size_t ciphertext_length,
1424 uint8_t *plaintext,
1425 size_t plaintext_size,
1426 size_t *plaintext_length);
1427
1428/**@}*/
1429
1430
1431/** \defgroup driver_rng Entropy Generation
1432 */
1433/**@{*/
1434
1435/** \brief A hardware-specific structure for a entropy providing hardware
1436 */
1437typedef struct psa_drv_entropy_context_s psa_drv_entropy_context_t;
1438
1439/** \brief Initialize an entropy driver
1440 *
1441 *
1442 * \param[in,out] p_context A hardware-specific structure
1443 * containing any context information for
1444 * the implementation
1445 *
1446 * \retval PSA_SUCCESS
1447 */
1448typedef psa_status_t (*psa_drv_entropy_init_t)(psa_drv_entropy_context_t *p_context);
1449
1450/** \brief Get a specified number of bits from the entropy source
1451 *
1452 * It retrives `buffer_size` bytes of data from the entropy source. The entropy
1453 * source will always fill the provided buffer to its full size, however, most
1454 * entropy sources have biases, and the actual amount of entropy contained in
1455 * the buffer will be less than the number of bytes.
1456 * The driver will return the actual number of bytes of entropy placed in the
1457 * buffer in `p_received_entropy_bytes`.
1458 * A PSA Crypto API implementation will likely feed the output of this function
1459 * into a Digital Random Bit Generator (DRBG), and typically has a minimum
1460 * amount of entropy that it needs.
1461 * To accomplish this, the PSA Crypto implementation should be designed to call
1462 * this function multiple times until it has received the required amount of
1463 * entropy from the entropy source.
1464 *
1465 * \param[in,out] p_context A hardware-specific structure
1466 * containing any context information
1467 * for the implementation
1468 * \param[out] p_buffer A caller-allocated buffer for the
1469 * retrieved entropy to be placed in
1470 * \param[in] buffer_size The allocated size of `p_buffer`
1471 * \param[out] p_received_entropy_bits The amount of entropy (in bits)
1472 * actually provided in `p_buffer`
1473 *
1474 * \retval PSA_SUCCESS
1475 */
1476typedef psa_status_t (*psa_drv_entropy_get_bits_t)(psa_drv_entropy_context_t *p_context,
1477 uint8_t *p_buffer,
1478 uint32_t buffer_size,
1479 uint32_t *p_received_entropy_bits);
1480
1481/**
1482 * \brief A struct containing all of the function pointers needed to interface
1483 * to an entropy source
1484 *
1485 * PSA Crypto API implementations should populate instances of the table as
1486 * appropriate upon startup.
1487 *
1488 * If one of the functions is not implemented, it should be set to NULL.
1489 */
1490typedef struct {
1491 /** Function that performs initialization for the entropy source */
1492 psa_drv_entropy_init_t *p_init;
1493 /** Function that performs the get_bits operation for the entropy source
1494 */
1495 psa_drv_entropy_get_bits_t *p_get_bits;
1496} psa_drv_entropy_t;
1497/**@}*/
1498
1499/** \defgroup driver_key_management Key Management
1500 * Currently, key management is limited to importing keys in the clear,
1501 * destroying keys, and exporting keys in the clear.
1502 * Whether a key may be exported is determined by the key policies in place
1503 * on the key slot.
1504 */
1505/**@{*/
1506
1507/** \brief Import a key in binary format
1508 *
1509 * This function can support any output from psa_export_key(). Refer to the
1510 * documentation of psa_export_key() for the format for each key type.
1511 *
1512 * \param[in] key_slot Slot where the key will be stored
1513 * This must be a valid slot for a key of the chosen
1514 * type. It must be unoccupied.
1515 * \param[in] type Key type (a \c PSA_KEY_TYPE_XXX value)
1516 * \param[in] algorithm Key algorithm (a \c PSA_ALG_XXX value)
1517 * \param[in] usage The allowed uses of the key
1518 * \param[in] p_data Buffer containing the key data
1519 * \param[in] data_length Size of the `data` buffer in bytes
1520 *
1521 * \retval #PSA_SUCCESS
1522 * Success.
1523 */
1524typedef psa_status_t (*psa_drv_opaque_import_key_t)(psa_key_slot_t key_slot,
1525 psa_key_type_t type,
1526 psa_algorithm_t algorithm,
1527 psa_key_usage_t usage,
1528 const uint8_t *p_data,
1529 size_t data_length);
1530
1531/**
1532 * \brief Destroy a key and restore the slot to its default state
1533 *
1534 * This function destroys the content of the key slot from both volatile
1535 * memory and, if applicable, non-volatile storage. Implementations shall
1536 * make a best effort to ensure that any previous content of the slot is
1537 * unrecoverable.
1538 *
1539 * This function also erases any metadata such as policies. It returns the
1540 * specified slot to its default state.
1541 *
1542 * \param[in] key_slot The key slot to erase.
1543 *
1544 * \retval #PSA_SUCCESS
1545 * The slot's content, if any, has been erased.
1546 */
1547typedef psa_status_t (*psa_drv_destroy_key_t)(psa_key_slot_t key);
1548
1549/**
1550 * \brief Export a key in binary format
1551 *
1552 * The output of this function can be passed to psa_import_key() to
1553 * create an equivalent object.
1554 *
1555 * If a key is created with `psa_import_key()` and then exported with
1556 * this function, it is not guaranteed that the resulting data is
1557 * identical: the implementation may choose a different representation
1558 * of the same key if the format permits it.
1559 *
1560 * For standard key types, the output format is as follows:
1561 *
1562 * - For symmetric keys (including MAC keys), the format is the
1563 * raw bytes of the key.
1564 * - For DES, the key data consists of 8 bytes. The parity bits must be
1565 * correct.
1566 * - For Triple-DES, the format is the concatenation of the
1567 * two or three DES keys.
1568 * - For RSA key pairs (#PSA_KEY_TYPE_RSA_KEYPAIR), the format
1569 * is the non-encrypted DER representation defined by PKCS\#1 (RFC 8017)
1570 * as RSAPrivateKey.
1571 * - For RSA public keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY), the format
1572 * is the DER representation defined by RFC 5280 as SubjectPublicKeyInfo.
1573 *
1574 * \param[in] key Slot whose content is to be exported. This must
1575 * be an occupied key slot.
1576 * \param[out] p_data Buffer where the key data is to be written.
1577 * \param[in] data_size Size of the `p_data` buffer in bytes.
1578 * \param[out] p_data_length On success, the number of bytes
1579 * that make up the key data.
1580 *
1581 * \retval #PSA_SUCCESS
1582 * \retval #PSA_ERROR_EMPTY_SLOT
1583 * \retval #PSA_ERROR_NOT_PERMITTED
1584 * \retval #PSA_ERROR_NOT_SUPPORTED
1585 * \retval #PSA_ERROR_COMMUNICATION_FAILURE
1586 * \retval #PSA_ERROR_HARDWARE_FAILURE
1587 * \retval #PSA_ERROR_TAMPERING_DETECTED
1588 */
1589typedef psa_status_t (*psa_drv_export_key_t)(psa_key_slot_t key,
1590 uint8_t *p_data,
1591 size_t data_size,
1592 size_t *p_data_length);
1593
1594/**
1595 * \brief Export a public key or the public part of a key pair in binary format
1596 *
1597 * The output of this function can be passed to psa_import_key() to
1598 * create an object that is equivalent to the public key.
1599 *
1600 * For standard key types, the output format is as follows:
1601 *
1602 * - For RSA keys (#PSA_KEY_TYPE_RSA_KEYPAIR or #PSA_KEY_TYPE_RSA_PUBLIC_KEY),
1603 * the format is the DER representation of the public key defined by RFC 5280
1604 * as SubjectPublicKeyInfo.
1605 *
1606 * \param[in] key_slot Slot whose content is to be exported. This must
1607 * be an occupied key slot.
1608 * \param[out] p_data Buffer where the key data is to be written.
1609 * \param[in] data_size Size of the `data` buffer in bytes.
1610 * \param[out] p_data_length On success, the number of bytes
1611 * that make up the key data.
1612 *
1613 * \retval #PSA_SUCCESS
1614 */
1615typedef psa_status_t (*psa_drv_export_public_key_t)(psa_key_slot_t key,
1616 uint8_t *p_data,
1617 size_t data_size,
1618 size_t *p_data_length);
1619
1620/**
1621 * \brief A struct containing all of the function pointers needed to for key
1622 * management using opaque keys
1623 *
1624 * PSA Crypto API implementations should populate instances of the table as
1625 * appropriate upon startup.
1626 *
1627 * If one of the functions is not implemented, it should be set to NULL.
1628 */
1629typedef struct {
1630 /** Function that performs the key import operation */
1631 psa_drv_opaque_import_key_t *p_import;
1632 /** Function that performs the key destroy operation */
1633 psa_drv_destroy_key_t *p_destroy;
1634 /** Function that performs the key export operation */
1635 psa_drv_export_key_t *p_export;
1636 /** Function that perforsm the public key export operation */
1637 psa_drv_export_public_key_t *p_export_public;
1638} psa_drv_key_management_t;
1639
1640/**@}*/
1641
1642/** \defgroup driver_derivation Key Derivation and Agreement
1643 * Key derivation is the process of generating new key material using an
1644 * existing key and additional parameters, iterating through a basic
1645 * cryptographic function, such as a hash.
1646 * Key agreement is a part of cryptographic protocols that allows two parties
1647 * to agree on the same key value, but starting from different original key
1648 * material.
1649 * The flows are similar, and the PSA Crypto Driver Model uses the same functions
1650 * for both of the flows.
1651 *
1652 * There are two different final functions for the flows,
1653 * `psa_drv_key_derivation_derive` and `psa_drv_key_derivation_export`.
1654 * `psa_drv_key_derivation_derive` is used when the key material should be placed
1655 * in a slot on the hardware and not exposed to the caller.
1656 * `psa_drv_key_derivation_export` is used when the key material should be returned
1657 * to the PSA Cryptographic API implementation.
1658 *
1659 * Different key derivation algorithms require a different number of inputs.
1660 * Instead of having an API that takes as input variable length arrays, which
1661 * can be problemmatic to manage on embedded platforms, the inputs are passed
1662 * to the driver via a function, `psa_drv_key_derivation_collateral`, that is
1663 * called multiple times with different `collateral_id`s. Thus, for a key
1664 * derivation algorithm that required 3 paramter inputs, the flow would look
1665 * something like:
1666 * ~~~~~~~~~~~~~{.c}
1667 * psa_drv_key_derivation_setup(kdf_algorithm, source_key, dest_key_size_bytes);
1668 * psa_drv_key_derivation_collateral(kdf_algorithm_collateral_id_0,
1669 * p_collateral_0,
1670 * collateral_0_size);
1671 * psa_drv_key_derivation_collateral(kdf_algorithm_collateral_id_1,
1672 * p_collateral_1,
1673 * collateral_1_size);
1674 * psa_drv_key_derivation_collateral(kdf_algorithm_collateral_id_2,
1675 * p_collateral_2,
1676 * collateral_2_size);
1677 * psa_drv_key_derivation_derive();
1678 * ~~~~~~~~~~~~~
1679 *
1680 * key agreement example:
1681 * ~~~~~~~~~~~~~{.c}
1682 * psa_drv_key_derivation_setup(alg, source_key. dest_key_size_bytes);
1683 * psa_drv_key_derivation_collateral(DHE_PUBKEY, p_pubkey, pubkey_size);
1684 * psa_drv_key_derivation_export(p_session_key,
1685 * session_key_size,
1686 * &session_key_length);
1687 * ~~~~~~~~~~~~~
1688 */
1689/**@{*/
1690
1691/** \brief The hardware-specific key derivation context structure
1692 *
1693 * The contents of this structure are implementation dependent and are
1694 * therefore not described here
1695 */
1696typedef struct psa_drv_key_derivation_context_s psa_drv_key_derivation_context_t;
1697
1698/** \brief Set up a key derivation operation by specifying the algorithm and
1699 * the source key sot
1700 *
1701 * \param[in,out] p_context A hardware-specific structure containing any
1702 * context information for the implementation
1703 * \param[in] kdf_alg The algorithm to be used for the key derivation
1704 * \param[in] souce_key The key to be used as the source material for the
1705 * key derivation
1706 *
1707 * \retval PSA_SUCCESS
1708 */
1709typedef psa_status_t (*psa_drv_key_derivation_setup_t)(psa_drv_key_derivation_context_t *p_context,
1710 psa_algorithm_t kdf_alg,
1711 psa_key_slot_t source_key);
1712
1713/** \brief Provide collateral (parameters) needed for a key derivation or key
1714 * agreement operation
1715 *
1716 * Since many key derivation algorithms require multiple parameters, it is
1717 * expeced that this function may be called multiple times for the same
1718 * operation, each with a different algorithm-specific `collateral_id`
1719 *
1720 * \param[in,out] p_context A hardware-specific structure containing any
1721 * context information for the implementation
1722 * \param[in] collateral_id An ID for the collateral being provided
1723 * \param[in] p_collateral A buffer containing the collateral data
1724 * \param[in] collateral_size The size in bytes of the collateral
1725 *
1726 * \retval PSA_SUCCESS
1727 */
1728typedef psa_status_t (*psa_drv_key_derivation_collateral_t)(psa_drv_key_derivation_context_t *p_context,
1729 uint32_t collateral_id,
1730 const uint8_t *p_collateral,
1731 size_t collateral_size);
1732
1733/** \brief Perform the final key derivation step and place the generated key
1734 * material in a slot
1735 * \param[in,out] p_context A hardware-specific structure containing any
1736 * context information for the implementation
1737 * \param[in] dest_key The slot where the generated key material
1738 * should be placed
1739 *
1740 * \retval PSA_SUCCESS
1741 */
1742typedef psa_status_t (*psa_drv_key_derivation_derive_t)(psa_drv_key_derivation_context_t *p_context,
1743 psa_key_slot_t dest_key);
1744
1745/** \brief Perform the final step of a key agreement and place the generated
1746 * key material in a buffer
1747 *
1748 * \param[out] p_output Buffer in which to place the generated key
1749 * material
1750 * \param[in] output_size The size in bytes of `p_output`
1751 * \param[out] p_output_length Upon success, contains the number of bytes of
1752 * key material placed in `p_output`
1753 *
1754 * \retval PSA_SUCCESS
1755 */
1756typedef psa_status_t (*psa_drv_key_derivation_export_t)(uint8_t *p_output,
1757 size_t output_size,
1758 size_t *p_output_length);
1759
1760/**
1761 * \brief A struct containing all of the function pointers needed to for key
1762 * derivation and agreement
1763 *
1764 * PSA Crypto API implementations should populate instances of the table as
1765 * appropriate upon startup.
1766 *
1767 * If one of the functions is not implemented, it should be set to NULL.
1768 */
1769typedef struct {
1770 /** Function that performs the key derivation setup */
1771 psa_drv_key_derivation_setup_t *p_setup;
1772 /** Function that sets the key derivation collateral */
1773 psa_drv_key_derivation_collateral_t *p_collateral;
1774 /** Function that performs the final key derivation step */
1775 psa_drv_key_derivation_derive_t *p_derive;
1776 /** Function that perforsm the final key derivation or agreement and
1777 * exports the key */
1778 psa_drv_key_derivation_export_t *p_export;
1779} psa_drv_key_derivation_t;
1780
1781/**@}*/
1782
1783#ifdef __cplusplus
1784}
1785#endif
1786
1787#endif /* PSA_CRYPTO_DRIVER_H */