| Gilles Peskine | e59236f | 2018-01-27 23:32:46 +0100 | [diff] [blame] | 1 | /** |
| 2 | * \file psa/crypto.h |
| 3 | * \brief Platform Security Architecture cryptography module |
| 4 | */ |
| 5 | |
| 6 | #ifndef PSA_CRYPTO_H |
| 7 | #define PSA_CRYPTO_H |
| 8 | |
| 9 | #include "crypto_platform.h" |
| 10 | |
| Gilles Peskine | 2f9c4dc | 2018-01-28 13:16:24 +0100 | [diff] [blame^] | 11 | #include <stddef.h> |
| 12 | |
| Gilles Peskine | 62a7e7e | 2018-02-07 21:54:47 +0100 | [diff] [blame] | 13 | #ifdef __DOXYGEN_ONLY__ |
| 14 | /** \defgroup platform Implementation-specific definitions |
| 15 | * @{ |
| 16 | */ |
| 17 | |
| Gilles Peskine | 2f9c4dc | 2018-01-28 13:16:24 +0100 | [diff] [blame^] | 18 | /** \brief Key slot number. |
| 19 | * |
| 20 | * This type represents key slots. It must be an unsigned integral |
| 21 | * type.* The choice of type is implementation-dependent. |
| 22 | * 0 is not a valid key slot number. The meaning of other values is |
| 23 | * implementation dependent. |
| 24 | * |
| 25 | * At any given point in time, each key slot either contains a |
| 26 | * cryptographic object, or is empty. Key slots are persistent: |
| 27 | * once set, the cryptographic object remains in the key slot until |
| 28 | * explicitly destroyed. |
| 29 | */ |
| 30 | typedef _unsigned_integral_type_ psa_key_slot_t; |
| 31 | |
| Gilles Peskine | 62a7e7e | 2018-02-07 21:54:47 +0100 | [diff] [blame] | 32 | /**@}*/ |
| 33 | #endif |
| 34 | |
| Gilles Peskine | e59236f | 2018-01-27 23:32:46 +0100 | [diff] [blame] | 35 | #ifdef __cplusplus |
| 36 | extern "C" { |
| 37 | #endif |
| 38 | |
| 39 | /** \defgroup basic Basic definitions |
| 40 | * @{ |
| 41 | */ |
| 42 | |
| 43 | /** |
| 44 | * \brief Function return status. |
| 45 | * |
| 46 | * Zero indicates success, anything else indicates an error. |
| 47 | */ |
| 48 | typedef enum { |
| 49 | /** The action was completed successfully. */ |
| 50 | PSA_SUCCESS = 0, |
| 51 | /** The requested operation or a parameter is not supported |
| 52 | by this implementation. */ |
| 53 | PSA_ERROR_NOT_SUPPORTED, |
| 54 | /** The requested action is denied by a policy. */ |
| 55 | PSA_ERROR_NOT_PERMITTED, |
| 56 | /** An output buffer is too small. */ |
| 57 | PSA_ERROR_BUFFER_TOO_SMALL, |
| 58 | /** A slot is occupied, but must be empty to carry out the |
| 59 | requested action. */ |
| 60 | PSA_ERROR_OCCUPIED_SLOT, |
| 61 | /** A slot is empty, but must be occupied to carry out the |
| 62 | requested action. */ |
| 63 | PSA_ERROR_EMPTY_SLOT, |
| 64 | /** The requested action cannot be performed in the current state. */ |
| 65 | PSA_ERROR_BAD_STATE, |
| 66 | /** The parameters passed to the function are invalid. */ |
| 67 | PSA_ERROR_INVALID_ARGUMENT, |
| 68 | /** There is not enough runtime memory. */ |
| 69 | PSA_ERROR_INSUFFICIENT_MEMORY, |
| 70 | /** There is not enough persistent storage. */ |
| 71 | PSA_ERROR_INSUFFICIENT_STORAGE, |
| 72 | /** There was a communication failure inside the implementation. */ |
| 73 | PSA_ERROR_COMMUNICATION_FAILURE, |
| 74 | /** A hardware failure was detected. */ |
| 75 | PSA_ERROR_HARDWARE_FAILURE, |
| 76 | /** A tampering attempt was detected. */ |
| 77 | PSA_ERROR_TAMPERING_DETECTED, |
| 78 | /** There is not enough entropy to generate random data needed |
| 79 | for the requested action. */ |
| 80 | PSA_ERROR_INSUFFICIENT_ENTROPY, |
| 81 | /** The signature or MAC is incorrect. */ |
| 82 | PSA_ERROR_INVALID_SIGNATURE, |
| 83 | /** An error occurred that does not correspond to any defined |
| 84 | failure cause. */ |
| 85 | PSA_ERROR_UNKNOWN_ERROR, |
| 86 | } psa_status_t; |
| 87 | |
| 88 | /** |
| 89 | * \brief Library initialization. |
| 90 | * |
| 91 | * Applications must call this function before calling any other |
| 92 | * function in this module. |
| 93 | * |
| 94 | * Applications may call this function more than once. Once a call |
| 95 | * succeeds, subsequent calls are guaranteed to succeed. |
| 96 | * |
| 97 | * \return * \c PSA_SUCCESS: success. |
| 98 | * * \c PSA_ERROR_INSUFFICIENT_MEMORY |
| 99 | * * \c PSA_ERROR_COMMUNICATION_FAILURE |
| 100 | * * \c PSA_ERROR_HARDWARE_FAILURE |
| 101 | * * \c PSA_ERROR_TAMPERING_DETECTED |
| 102 | * * \c PSA_ERROR_INSUFFICIENT_ENTROPY |
| 103 | */ |
| 104 | psa_status_t psa_crypto_init(void); |
| 105 | |
| 106 | /**@}*/ |
| 107 | |
| Gilles Peskine | 2f9c4dc | 2018-01-28 13:16:24 +0100 | [diff] [blame^] | 108 | /** \defgroup crypto_types Key and algorithm types |
| 109 | * @{ |
| 110 | */ |
| 111 | |
| 112 | typedef uint32_t psa_key_type_t; |
| 113 | |
| 114 | #define PSA_KEY_TYPE_NONE 0x00000000 |
| 115 | #define PSA_KEY_TYPE_RAW_DATA 0x00000001 |
| 116 | #define PSA_KEY_TYPE_RSA 0x40000001 |
| 117 | #define PSA_KEY_TYPE_ECC_BASE 0x40010000 |
| 118 | |
| 119 | #define PSA_KEY_TYPE_VENDOR_FLAG 0x80000000 |
| 120 | #define PSA_KEY_TYPE_ASYMMETRIC_FLAG 0x40000000 |
| 121 | #define PSA_KEY_TYPE_ECC_TEST_MASK 0x7fff0000 |
| 122 | #define PSA_KEY_TYPE_ECC_TEST_VALUE 0x40010000 |
| 123 | |
| 124 | #define PSA_KEY_TYPE_IS_VENDOR(type) \ |
| 125 | (((type) & PSA_KEY_TYPE_VENDOR_FLAG) != 0) |
| 126 | #define PSA_KEY_TYPE_IS_ASYMMETRIC(type) \ |
| 127 | (((type) & PSA_KEY_TYPE_ASYMMETRIC_FLAG) != 0) |
| 128 | #define PSA_KEY_TYPE_IS_ECC(type) \ |
| 129 | (((type) & PSA_KEY_TYPE_ECC_TEST_MASK) == PSA_KEY_TYPE_ECC_TEST_VALUE) |
| 130 | |
| 131 | typedef uint32_t psa_algorithm_type_t; |
| 132 | |
| 133 | /**@}*/ |
| 134 | |
| 135 | /** \defgroup key_management Key management |
| 136 | * @{ |
| 137 | */ |
| 138 | |
| 139 | /** |
| 140 | * \brief Import a key in binary format. |
| 141 | * |
| 142 | * This function supports any output from psa_export_key(). |
| 143 | * |
| 144 | * \return * \c PSA_SUCCESS: success. |
| 145 | * * \c PSA_ERROR_NOT_SUPPORTED |
| 146 | * * \c PSA_ERROR_INVALID_ARGUMENT |
| 147 | * * \c PSA_ERROR_INSUFFICIENT_MEMORY |
| 148 | * * \c PSA_ERROR_COMMUNICATION_FAILURE |
| 149 | * * \c PSA_ERROR_HARDWARE_FAILURE |
| 150 | * * \c PSA_ERROR_TAMPERING_DETECTED |
| 151 | */ |
| 152 | psa_status_t psa_import_key(psa_key_slot_t key, |
| 153 | psa_key_type_t type, |
| 154 | const uint8_t *data, |
| 155 | size_t data_length); |
| 156 | |
| 157 | /** |
| 158 | * \brief Destroy a key. |
| 159 | * |
| 160 | * \return * \c PSA_SUCCESS: success. |
| 161 | * * \c PSA_ERROR_EMPTY_SLOT |
| 162 | * * \c PSA_ERROR_COMMUNICATION_FAILURE |
| 163 | * * \c PSA_ERROR_HARDWARE_FAILURE |
| 164 | * * \c PSA_ERROR_TAMPERING_DETECTED |
| 165 | */ |
| 166 | psa_status_t psa_destroy_key(psa_key_slot_t key); |
| 167 | |
| 168 | /** |
| 169 | * \brief Get basic metadata about a key. |
| 170 | * |
| 171 | * \return * \c PSA_SUCCESS: success. |
| 172 | * * \c PSA_ERROR_EMPTY_SLOT |
| 173 | * * \c PSA_ERROR_COMMUNICATION_FAILURE |
| 174 | * * \c PSA_ERROR_HARDWARE_FAILURE |
| 175 | * * \c PSA_ERROR_TAMPERING_DETECTED |
| 176 | */ |
| 177 | psa_status_t psa_get_key_information(psa_key_slot_t key, |
| 178 | psa_key_type_t *type, |
| 179 | size_t *bits); |
| 180 | |
| 181 | /** |
| 182 | * \brief Export a key in binary format. |
| 183 | * |
| 184 | * The output of this function can be passed to psa_import_key() to |
| 185 | * create an equivalent object. |
| 186 | * |
| 187 | * If a key is created with psa_import_key() and then exported with |
| 188 | * this function, it is not guaranteed that the resulting data is |
| 189 | * identical: the implementation may choose a different representation |
| 190 | * of the same key. |
| 191 | * |
| 192 | * \return * \c PSA_SUCCESS: success. |
| 193 | * * \c PSA_ERROR_EMPTY_SLOT |
| 194 | * * \c PSA_ERROR_COMMUNICATION_FAILURE |
| 195 | * * \c PSA_ERROR_HARDWARE_FAILURE |
| 196 | * * \c PSA_ERROR_TAMPERING_DETECTED |
| 197 | */ |
| 198 | psa_status_t psa_export_key(psa_key_slot_t key, |
| 199 | uint8_t *data, |
| 200 | size_t data_size, |
| 201 | size_t *data_length); |
| 202 | |
| 203 | /**@}*/ |
| 204 | |
| Gilles Peskine | e59236f | 2018-01-27 23:32:46 +0100 | [diff] [blame] | 205 | #ifdef __cplusplus |
| 206 | } |
| 207 | #endif |
| 208 | |
| 209 | #include "crypto_extra.h" |
| 210 | |
| 211 | #endif /* PSA_CRYPTO_H */ |