include/psa/crypto_compat.h

0001 /**
0002  * \file psa/crypto_compat.h
0003  *
0004  * \brief PSA cryptography module: Backward compatibility aliases
0005  *
0006  * This header declares alternative names for macro and functions.
0007  * New application code should not use these names.
0008  * These names may be removed in a future version of Mbed TLS.
0009  *
0010  * \note This file may not be included directly. Applications must
0011  * include psa/crypto.h.
0012  */
0013 /*
0014  *  Copyright The Mbed TLS Contributors
0015  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
0016  */
0017
0018 #ifndef PSA_CRYPTO_COMPAT_H
0019 #define PSA_CRYPTO_COMPAT_H
0020
0021 #ifdef __cplusplus
0022 extern "C" {
0023 #endif
0024
0025 /*
0026  * To support both openless APIs and psa_open_key() temporarily, define
0027  * psa_key_handle_t to be equal to mbedtls_svc_key_id_t. Do not mark the
0028  * type and its utility macros and functions deprecated yet. This will be done
0029  * in a subsequent phase.
0030  */
0031 typedef mbedtls_svc_key_id_t psa_key_handle_t;
0032
0033 #define PSA_KEY_HANDLE_INIT MBEDTLS_SVC_KEY_ID_INIT
0034
0035 /** Check whether a handle is null.
0036  *
0037  * \param handle  Handle
0038  *
0039  * \return Non-zero if the handle is null, zero otherwise.
0040  */
0041 static inline int psa_key_handle_is_null(psa_key_handle_t handle)
0042 {
0043     return mbedtls_svc_key_id_is_null(handle);
0044 }
0045
0046 /** Open a handle to an existing persistent key.
0047  *
0048  * Open a handle to a persistent key. A key is persistent if it was created
0049  * with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE. A persistent key
0050  * always has a nonzero key identifier, set with psa_set_key_id() when
0051  * creating the key. Implementations may provide additional pre-provisioned
0052  * keys that can be opened with psa_open_key(). Such keys have an application
0053  * key identifier in the vendor range, as documented in the description of
0054  * #psa_key_id_t.
0055  *
0056  * The application must eventually close the handle with psa_close_key() or
0057  * psa_destroy_key() to release associated resources. If the application dies
0058  * without calling one of these functions, the implementation should perform
0059  * the equivalent of a call to psa_close_key().
0060  *
0061  * Some implementations permit an application to open the same key multiple
0062  * times. If this is successful, each call to psa_open_key() will return a
0063  * different key handle.
0064  *
0065  * \note This API is not part of the PSA Cryptography API Release 1.0.0
0066  * specification. It was defined in the 1.0 Beta 3 version of the
0067  * specification but was removed in the 1.0.0 released version. This API is
0068  * kept for the time being to not break applications relying on it. It is not
0069  * deprecated yet but will be in the near future.
0070  *
0071  * \note Applications that rely on opening a key multiple times will not be
0072  * portable to implementations that only permit a single key handle to be
0073  * opened. See also :ref:\`key-handles\`.
0074  *
0075  *
0076  * \param key           The persistent identifier of the key.
0077  * \param[out] handle   On success, a handle to the key.
0078  *
0079  * \retval #PSA_SUCCESS
0080  *         Success. The application can now use the value of `*handle`
0081  *         to access the key.
0082  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
0083  *         The implementation does not have sufficient resources to open the
0084  *         key. This can be due to reaching an implementation limit on the
0085  *         number of open keys, the number of open key handles, or available
0086  *         memory.
0087  * \retval #PSA_ERROR_DOES_NOT_EXIST
0088  *         There is no persistent key with key identifier \p key.
0089  * \retval #PSA_ERROR_INVALID_ARGUMENT
0090  *         \p key is not a valid persistent key identifier.
0091  * \retval #PSA_ERROR_NOT_PERMITTED
0092  *         The specified key exists, but the application does not have the
0093  *         permission to access it. Note that this specification does not
0094  *         define any way to create such a key, but it may be possible
0095  *         through implementation-specific means.
0096  * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
0097  * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
0098  * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
0099  * \retval #PSA_ERROR_DATA_INVALID \emptydescription
0100  * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
0101  * \retval #PSA_ERROR_BAD_STATE
0102  *         The library has not been previously initialized by psa_crypto_init().
0103  *         It is implementation-dependent whether a failure to initialize
0104  *         results in this error code.
0105  */
0106 psa_status_t psa_open_key(mbedtls_svc_key_id_t key,
0107                           psa_key_handle_t *handle);
0108
0109 /** Close a key handle.
0110  *
0111  * If the handle designates a volatile key, this will destroy the key material
0112  * and free all associated resources, just like psa_destroy_key().
0113  *
0114  * If this is the last open handle to a persistent key, then closing the handle
0115  * will free all resources associated with the key in volatile memory. The key
0116  * data in persistent storage is not affected and can be opened again later
0117  * with a call to psa_open_key().
0118  *
0119  * Closing the key handle makes the handle invalid, and the key handle
0120  * must not be used again by the application.
0121  *
0122  * \note This API is not part of the PSA Cryptography API Release 1.0.0
0123  * specification. It was defined in the 1.0 Beta 3 version of the
0124  * specification but was removed in the 1.0.0 released version. This API is
0125  * kept for the time being to not break applications relying on it. It is not
0126  * deprecated yet but will be in the near future.
0127  *
0128  * \note If the key handle was used to set up an active
0129  * :ref:\`multipart operation <multipart-operations>\`, then closing the
0130  * key handle can cause the multipart operation to fail. Applications should
0131  * maintain the key handle until after the multipart operation has finished.
0132  *
0133  * \param handle        The key handle to close.
0134  *                      If this is \c 0, do nothing and return \c PSA_SUCCESS.
0135  *
0136  * \retval #PSA_SUCCESS
0137  *         \p handle was a valid handle or \c 0. It is now closed.
0138  * \retval #PSA_ERROR_INVALID_HANDLE
0139  *         \p handle is not a valid handle nor \c 0.
0140  * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
0141  * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
0142  * \retval #PSA_ERROR_BAD_STATE
0143  *         The library has not been previously initialized by psa_crypto_init().
0144  *         It is implementation-dependent whether a failure to initialize
0145  *         results in this error code.
0146  */
0147 psa_status_t psa_close_key(psa_key_handle_t handle);
0148
0149 /** \addtogroup attributes
0150  * @{
0151  */
0152
0153 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
0154 /** Custom Diffie-Hellman group.
0155  *
0156  * Mbed TLS does not support custom DH groups.
0157  *
0158  * \deprecated This value is not useful, so this macro will be removed in
0159  *             a future version of the library.
0160  */
0161 #define PSA_DH_FAMILY_CUSTOM                                            \
0162     ((psa_dh_family_t) MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(0x7e))
0163
0164 /**
0165  * \brief Set domain parameters for a key.
0166  *
0167  * \deprecated  Mbed TLS no longer supports any domain parameters.
0168  *              This function only does the equivalent of
0169  *              psa_set_key_type() and will be removed in a future version
0170  *              of the library.
0171  *
0172  * \param[in,out] attributes    Attribute structure where \p type will be set.
0173  * \param type                  Key type (a \c PSA_KEY_TYPE_XXX value).
0174  * \param[in] data              Ignored.
0175  * \param data_length           Must be 0.
0176  *
0177  * \retval #PSA_SUCCESS \emptydescription
0178  * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
0179  */
0180 static inline psa_status_t MBEDTLS_DEPRECATED psa_set_key_domain_parameters(
0181     psa_key_attributes_t *attributes,
0182     psa_key_type_t type, const uint8_t *data, size_t data_length)
0183 {
0184     (void) data;
0185     if (data_length != 0) {
0186         return PSA_ERROR_NOT_SUPPORTED;
0187     }
0188     psa_set_key_type(attributes, type);
0189     return PSA_SUCCESS;
0190 }
0191
0192 /**
0193  * \brief Get domain parameters for a key.
0194  *
0195  * \deprecated  Mbed TLS no longer supports any domain parameters.
0196  *              This function alwaya has an empty output and will be
0197  *              removed in a future version of the library.
0198
0199  * \param[in] attributes        Ignored.
0200  * \param[out] data             Ignored.
0201  * \param data_size             Ignored.
0202  * \param[out] data_length      Set to 0.
0203  *
0204  * \retval #PSA_SUCCESS \emptydescription
0205  */
0206 static inline psa_status_t MBEDTLS_DEPRECATED psa_get_key_domain_parameters(
0207     const psa_key_attributes_t *attributes,
0208     uint8_t *data, size_t data_size, size_t *data_length)
0209 {
0210     (void) attributes;
0211     (void) data;
0212     (void) data_size;
0213     *data_length = 0;
0214     return PSA_SUCCESS;
0215 }
0216
0217 /** Safe output buffer size for psa_get_key_domain_parameters().
0218  *
0219  */
0220 #define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits)      \
0221     MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(1u)
0222 #endif /* MBEDTLS_DEPRECATED_REMOVED */
0223
0224 /**@}*/
0225
0226 #ifdef __cplusplus
0227 }
0228 #endif
0229
0230 #endif /* PSA_CRYPTO_COMPAT_H */