EIC code displayed by LXR |
|
|
|
|||
File indexing completed on 2025-08-27 09:37:33
0001 /** 0002 * \file psa_util.h 0003 * 0004 * \brief Utility functions for the use of the PSA Crypto library. 0005 */ 0006 /* 0007 * Copyright The Mbed TLS Contributors 0008 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 0009 */ 0010 0011 #ifndef MBEDTLS_PSA_UTIL_H 0012 #define MBEDTLS_PSA_UTIL_H 0013 #include "mbedtls/private_access.h" 0014 0015 #include "mbedtls/build_info.h" 0016 0017 #include "psa/crypto.h" 0018 0019 /* ASN1 defines used in the ECDSA conversion functions. 0020 * Note: intentionally not adding MBEDTLS_ASN1_[PARSE|WRITE]_C guards here 0021 * otherwise error codes would be unknown in test_suite_psa_crypto_util.data.*/ 0022 #include <mbedtls/asn1write.h> 0023 0024 #if defined(MBEDTLS_PSA_CRYPTO_CLIENT) 0025 0026 /** The random generator function for the PSA subsystem. 0027 * 0028 * This function is suitable as the `f_rng` random generator function 0029 * parameter of many `mbedtls_xxx` functions. 0030 * 0031 * The implementation of this function depends on the configuration of the 0032 * library. 0033 * 0034 * \note This function may only be used if the PSA crypto subsystem is active. 0035 * This means that you must call psa_crypto_init() before any call to 0036 * this function, and you must not call this function after calling 0037 * mbedtls_psa_crypto_free(). 0038 * 0039 * \param p_rng This parameter is only kept for backward compatibility 0040 * reasons with legacy `f_rng` functions and it's ignored. 0041 * Set to #MBEDTLS_PSA_RANDOM_STATE or NULL. 0042 * \param output The buffer to fill. It must have room for 0043 * \c output_size bytes. 0044 * \param output_size The number of bytes to write to \p output. 0045 * This function may fail if \p output_size is too 0046 * large. It is guaranteed to accept any output size 0047 * requested by Mbed TLS library functions. The 0048 * maximum request size depends on the library 0049 * configuration. 0050 * 0051 * \return \c 0 on success. 0052 * \return An `MBEDTLS_ERR_ENTROPY_xxx`, 0053 * `MBEDTLS_ERR_PLATFORM_xxx, 0054 * `MBEDTLS_ERR_CTR_DRBG_xxx` or 0055 * `MBEDTLS_ERR_HMAC_DRBG_xxx` on error. 0056 */ 0057 int mbedtls_psa_get_random(void *p_rng, 0058 unsigned char *output, 0059 size_t output_size); 0060 0061 /** The random generator state for the PSA subsystem. 0062 * 0063 * This macro always expands to NULL because the `p_rng` parameter is unused 0064 * in mbedtls_psa_get_random(), but it's kept for interface's backward 0065 * compatibility. 0066 */ 0067 #define MBEDTLS_PSA_RANDOM_STATE NULL 0068 0069 /** \defgroup psa_tls_helpers TLS helper functions 0070 * @{ 0071 */ 0072 #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) 0073 #include <mbedtls/ecp.h> 0074 0075 /** Convert an ECC curve identifier from the Mbed TLS encoding to PSA. 0076 * 0077 * \param grpid An Mbed TLS elliptic curve identifier 0078 * (`MBEDTLS_ECP_DP_xxx`). 0079 * \param[out] bits On success the bit size of the curve; 0 on failure. 0080 * 0081 * \return If the curve is supported in the PSA API, this function 0082 * returns the proper PSA curve identifier 0083 * (`PSA_ECC_FAMILY_xxx`). This holds even if the curve is 0084 * not supported by the ECP module. 0085 * \return \c 0 if the curve is not supported in the PSA API. 0086 */ 0087 psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, 0088 size_t *bits); 0089 0090 /** Convert an ECC curve identifier from the PSA encoding to Mbed TLS. 0091 * 0092 * \param family A PSA elliptic curve family identifier 0093 * (`PSA_ECC_FAMILY_xxx`). 0094 * \param bits The bit-length of a private key on \p curve. 0095 * 0096 * \return If the curve is supported in the PSA API, this function 0097 * returns the corresponding Mbed TLS elliptic curve 0098 * identifier (`MBEDTLS_ECP_DP_xxx`). 0099 * \return #MBEDTLS_ECP_DP_NONE if the combination of \c curve 0100 * and \p bits is not supported. 0101 */ 0102 mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family, 0103 size_t bits); 0104 #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ 0105 0106 /** 0107 * \brief This function returns the PSA algorithm identifier 0108 * associated with the given digest type. 0109 * 0110 * \param md_type The type of digest to search for. Must not be NONE. 0111 * 0112 * \warning If \p md_type is \c MBEDTLS_MD_NONE, this function will 0113 * not return \c PSA_ALG_NONE, but an invalid algorithm. 0114 * 0115 * \warning This function does not check if the algorithm is 0116 * supported, it always returns the corresponding identifier. 0117 * 0118 * \return The PSA algorithm identifier associated with \p md_type, 0119 * regardless of whether it is supported or not. 0120 */ 0121 static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type) 0122 { 0123 return PSA_ALG_CATEGORY_HASH | (psa_algorithm_t) md_type; 0124 } 0125 0126 /** 0127 * \brief This function returns the given digest type 0128 * associated with the PSA algorithm identifier. 0129 * 0130 * \param psa_alg The PSA algorithm identifier to search for. 0131 * 0132 * \warning This function does not check if the algorithm is 0133 * supported, it always returns the corresponding identifier. 0134 * 0135 * \return The MD type associated with \p psa_alg, 0136 * regardless of whether it is supported or not. 0137 */ 0138 static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg) 0139 { 0140 return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK); 0141 } 0142 #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ 0143 0144 #if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) 0145 0146 /** Convert an ECDSA signature from raw format to DER ASN.1 format. 0147 * 0148 * \param bits Size of each coordinate in bits. 0149 * \param raw Buffer that contains the signature in raw format. 0150 * \param raw_len Length of \p raw in bytes. This must be 0151 * PSA_BITS_TO_BYTES(bits) bytes. 0152 * \param[out] der Buffer that will be filled with the converted DER 0153 * output. It can overlap with raw buffer. 0154 * \param der_size Size of \p der in bytes. It is enough if \p der_size 0155 * is at least the size of the actual output. (The size 0156 * of the output can vary depending on the presence of 0157 * leading zeros in the data.) You can use 0158 * #MBEDTLS_ECDSA_MAX_SIG_LEN(\p bits) to determine a 0159 * size that is large enough for all signatures for a 0160 * given value of \p bits. 0161 * \param[out] der_len On success it contains the amount of valid data 0162 * (in bytes) written to \p der. It's undefined 0163 * in case of failure. 0164 */ 0165 int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_len, 0166 unsigned char *der, size_t der_size, size_t *der_len); 0167 0168 /** Convert an ECDSA signature from DER ASN.1 format to raw format. 0169 * 0170 * \param bits Size of each coordinate in bits. 0171 * \param der Buffer that contains the signature in DER format. 0172 * \param der_len Size of \p der in bytes. 0173 * \param[out] raw Buffer that will be filled with the converted raw 0174 * signature. It can overlap with der buffer. 0175 * \param raw_size Size of \p raw in bytes. Must be at least 0176 * 2 * PSA_BITS_TO_BYTES(bits) bytes. 0177 * \param[out] raw_len On success it is updated with the amount of valid 0178 * data (in bytes) written to \p raw. It's undefined 0179 * in case of failure. 0180 */ 0181 int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_len, 0182 unsigned char *raw, size_t raw_size, size_t *raw_len); 0183 0184 #endif /* MBEDTLS_PSA_UTIL_HAVE_ECDSA */ 0185 0186 /**@}*/ 0187 0188 #endif /* MBEDTLS_PSA_UTIL_H */
| [ Source navigation ] | [ Diff markup ] | [ Identifier search ] | [ general search ] |
|
This page was automatically generated by the 2.3.7 LXR engine. The LXR team |
|