include/psa/crypto_builtin_key_derivation.h

0001 /*
0002  *  Context structure declaration of the Mbed TLS software-based PSA drivers
0003  *  called through the PSA Crypto driver dispatch layer.
0004  *  This file contains the context structures of key derivation algorithms
0005  *  which need to rely on other algorithms.
0006  *
0007  * \note This file may not be included directly. Applications must
0008  * include psa/crypto.h.
0009  *
0010  * \note This header and its content are not part of the Mbed TLS API and
0011  * applications must not depend on it. Its main purpose is to define the
0012  * multi-part state objects of the Mbed TLS software-based PSA drivers. The
0013  * definitions of these objects are then used by crypto_struct.h to define the
0014  * implementation-defined types of PSA multi-part state objects.
0015  */
0016 /*
0017  *  Copyright The Mbed TLS Contributors
0018  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
0019  */
0020
0021 #ifndef PSA_CRYPTO_BUILTIN_KEY_DERIVATION_H
0022 #define PSA_CRYPTO_BUILTIN_KEY_DERIVATION_H
0023 #include "mbedtls/private_access.h"
0024
0025 #include <psa/crypto_driver_common.h>
0026
0027 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
0028     defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \
0029     defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
0030 typedef struct {
0031     uint8_t *MBEDTLS_PRIVATE(info);
0032     size_t MBEDTLS_PRIVATE(info_length);
0033 #if PSA_HASH_MAX_SIZE > 0xff
0034 #error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
0035 #endif
0036     uint8_t MBEDTLS_PRIVATE(offset_in_block);
0037     uint8_t MBEDTLS_PRIVATE(block_number);
0038     unsigned int MBEDTLS_PRIVATE(state) : 2;
0039     unsigned int MBEDTLS_PRIVATE(info_set) : 1;
0040     uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE];
0041     uint8_t MBEDTLS_PRIVATE(prk)[PSA_HASH_MAX_SIZE];
0042     struct psa_mac_operation_s MBEDTLS_PRIVATE(hmac);
0043 } psa_hkdf_key_derivation_t;
0044 #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF ||
0045           MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT ||
0046           MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */
0047 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
0048 typedef struct {
0049     uint8_t MBEDTLS_PRIVATE(data)[PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE];
0050 } psa_tls12_ecjpake_to_pms_t;
0051 #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
0052
0053 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
0054     defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
0055 typedef enum {
0056     PSA_TLS12_PRF_STATE_INIT,             /* no input provided */
0057     PSA_TLS12_PRF_STATE_SEED_SET,         /* seed has been set */
0058     PSA_TLS12_PRF_STATE_OTHER_KEY_SET,    /* other key has been set - optional */
0059     PSA_TLS12_PRF_STATE_KEY_SET,          /* key has been set */
0060     PSA_TLS12_PRF_STATE_LABEL_SET,        /* label has been set */
0061     PSA_TLS12_PRF_STATE_OUTPUT            /* output has been started */
0062 } psa_tls12_prf_key_derivation_state_t;
0063
0064 typedef struct psa_tls12_prf_key_derivation_s {
0065 #if PSA_HASH_MAX_SIZE > 0xff
0066 #error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
0067 #endif
0068
0069     /* Indicates how many bytes in the current HMAC block have
0070      * not yet been read by the user. */
0071     uint8_t MBEDTLS_PRIVATE(left_in_block);
0072
0073     /* The 1-based number of the block. */
0074     uint8_t MBEDTLS_PRIVATE(block_number);
0075
0076     psa_tls12_prf_key_derivation_state_t MBEDTLS_PRIVATE(state);
0077
0078     uint8_t *MBEDTLS_PRIVATE(secret);
0079     size_t MBEDTLS_PRIVATE(secret_length);
0080     uint8_t *MBEDTLS_PRIVATE(seed);
0081     size_t MBEDTLS_PRIVATE(seed_length);
0082     uint8_t *MBEDTLS_PRIVATE(label);
0083     size_t MBEDTLS_PRIVATE(label_length);
0084 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
0085     uint8_t *MBEDTLS_PRIVATE(other_secret);
0086     size_t MBEDTLS_PRIVATE(other_secret_length);
0087 #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
0088
0089     uint8_t MBEDTLS_PRIVATE(Ai)[PSA_HASH_MAX_SIZE];
0090
0091     /* `HMAC_hash( prk, A( i ) + seed )` in the notation of RFC 5246, Sect. 5. */
0092     uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE];
0093 } psa_tls12_prf_key_derivation_t;
0094 #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
0095         * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
0096 #if defined(PSA_HAVE_SOFT_PBKDF2)
0097 typedef enum {
0098     PSA_PBKDF2_STATE_INIT,             /* no input provided */
0099     PSA_PBKDF2_STATE_INPUT_COST_SET,   /* input cost has been set */
0100     PSA_PBKDF2_STATE_SALT_SET,         /* salt has been set */
0101     PSA_PBKDF2_STATE_PASSWORD_SET,     /* password has been set */
0102     PSA_PBKDF2_STATE_OUTPUT            /* output has been started */
0103 } psa_pbkdf2_key_derivation_state_t;
0104
0105 typedef struct {
0106     psa_pbkdf2_key_derivation_state_t MBEDTLS_PRIVATE(state);
0107     uint64_t MBEDTLS_PRIVATE(input_cost);
0108     uint8_t *MBEDTLS_PRIVATE(salt);
0109     size_t MBEDTLS_PRIVATE(salt_length);
0110     uint8_t MBEDTLS_PRIVATE(password)[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
0111     size_t MBEDTLS_PRIVATE(password_length);
0112     uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE];
0113     uint8_t MBEDTLS_PRIVATE(bytes_used);
0114     uint32_t MBEDTLS_PRIVATE(block_number);
0115 } psa_pbkdf2_key_derivation_t;
0116 #endif /* PSA_HAVE_SOFT_PBKDF2 */
0117
0118 #endif /* PSA_CRYPTO_BUILTIN_KEY_DERIVATION_H */