include/psa/crypto_types.h

0001 /**
0002  * \file psa/crypto_types.h
0003  *
0004  * \brief PSA cryptography module: type aliases.
0005  *
0006  * \note This file may not be included directly. Applications must
0007  * include psa/crypto.h. Drivers must include the appropriate driver
0008  * header file.
0009  *
0010  * This file contains portable definitions of integral types for properties
0011  * of cryptographic keys, designations of cryptographic algorithms, and
0012  * error codes returned by the library.
0013  *
0014  * This header file does not declare any function.
0015  */
0016 /*
0017  *  Copyright The Mbed TLS Contributors
0018  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
0019  */
0020
0021 #ifndef PSA_CRYPTO_TYPES_H
0022 #define PSA_CRYPTO_TYPES_H
0023
0024 /*
0025  * Include the build-time configuration information header. Here, we do not
0026  * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
0027  * is basically just an alias to it. This is to ease the maintenance of the
0028  * TF-PSA-Crypto repository which has a different build system and
0029  * configuration.
0030  */
0031 #include "psa/build_info.h"
0032
0033 /* Define the MBEDTLS_PRIVATE macro. */
0034 #include "mbedtls/private_access.h"
0035
0036 #if defined(MBEDTLS_PSA_CRYPTO_PLATFORM_FILE)
0037 #include MBEDTLS_PSA_CRYPTO_PLATFORM_FILE
0038 #else
0039 #include "crypto_platform.h"
0040 #endif
0041
0042 #include <stdint.h>
0043
0044 /** \defgroup error Error codes
0045  * @{
0046  */
0047
0048 /**
0049  * \brief Function return status.
0050  *
0051  * This is either #PSA_SUCCESS (which is zero), indicating success,
0052  * or a small negative value indicating that an error occurred. Errors are
0053  * encoded as one of the \c PSA_ERROR_xxx values defined here. */
0054 /* If #PSA_SUCCESS is already defined, it means that #psa_status_t
0055  * is also defined in an external header, so prevent its multiple
0056  * definition.
0057  */
0058 #ifndef PSA_SUCCESS
0059 typedef int32_t psa_status_t;
0060 #endif
0061
0062 /**@}*/
0063
0064 /** \defgroup crypto_types Key and algorithm types
0065  * @{
0066  */
0067
0068 /** \brief Encoding of a key type.
0069  *
0070  * Values of this type are generally constructed by macros called
0071  * `PSA_KEY_TYPE_xxx`.
0072  *
0073  * \note Values of this type are encoded in the persistent key store.
0074  *       Any changes to existing values will require bumping the storage
0075  *       format version and providing a translation when reading the old
0076  *       format.
0077  */
0078 typedef uint16_t psa_key_type_t;
0079
0080 /** The type of PSA elliptic curve family identifiers.
0081  *
0082  * Values of this type are generally constructed by macros called
0083  * `PSA_ECC_FAMILY_xxx`.
0084  *
0085  * The curve identifier is required to create an ECC key using the
0086  * PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY()
0087  * macros.
0088  *
0089  * Values defined by this standard will never be in the range 0x80-0xff.
0090  * Vendors who define additional families must use an encoding in this range.
0091  *
0092  * \note Values of this type are encoded in the persistent key store.
0093  *       Any changes to existing values will require bumping the storage
0094  *       format version and providing a translation when reading the old
0095  *       format.
0096  */
0097 typedef uint8_t psa_ecc_family_t;
0098
0099 /** The type of PSA Diffie-Hellman group family identifiers.
0100  *
0101  * Values of this type are generally constructed by macros called
0102  * `PSA_DH_FAMILY_xxx`.
0103  *
0104  * The group identifier is required to create a Diffie-Hellman key using the
0105  * PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY()
0106  * macros.
0107  *
0108  * Values defined by this standard will never be in the range 0x80-0xff.
0109  * Vendors who define additional families must use an encoding in this range.
0110  *
0111  * \note Values of this type are encoded in the persistent key store.
0112  *       Any changes to existing values will require bumping the storage
0113  *       format version and providing a translation when reading the old
0114  *       format.
0115  */
0116 typedef uint8_t psa_dh_family_t;
0117
0118 /** \brief Encoding of a cryptographic algorithm.
0119  *
0120  * Values of this type are generally constructed by macros called
0121  * `PSA_ALG_xxx`.
0122  *
0123  * For algorithms that can be applied to multiple key types, this type
0124  * does not encode the key type. For example, for symmetric ciphers
0125  * based on a block cipher, #psa_algorithm_t encodes the block cipher
0126  * mode and the padding mode while the block cipher itself is encoded
0127  * via #psa_key_type_t.
0128  *
0129  * \note Values of this type are encoded in the persistent key store.
0130  *       Any changes to existing values will require bumping the storage
0131  *       format version and providing a translation when reading the old
0132  *       format.
0133  */
0134 typedef uint32_t psa_algorithm_t;
0135
0136 /**@}*/
0137
0138 /** \defgroup key_lifetimes Key lifetimes
0139  * @{
0140  */
0141
0142 /** Encoding of key lifetimes.
0143  *
0144  * The lifetime of a key indicates where it is stored and what system actions
0145  * may create and destroy it.
0146  *
0147  * Lifetime values have the following structure:
0148  * - Bits 0-7 (#PSA_KEY_LIFETIME_GET_PERSISTENCE(\c lifetime)):
0149  *   persistence level. This value indicates what device management
0150  *   actions can cause it to be destroyed. In particular, it indicates
0151  *   whether the key is _volatile_ or _persistent_.
0152  *   See ::psa_key_persistence_t for more information.
0153  * - Bits 8-31 (#PSA_KEY_LIFETIME_GET_LOCATION(\c lifetime)):
0154  *   location indicator. This value indicates which part of the system
0155  *   has access to the key material and can perform operations using the key.
0156  *   See ::psa_key_location_t for more information.
0157  *
0158  * Volatile keys are automatically destroyed when the application instance
0159  * terminates or on a power reset of the device. Persistent keys are
0160  * preserved until the application explicitly destroys them or until an
0161  * integration-specific device management event occurs (for example,
0162  * a factory reset).
0163  *
0164  * Persistent keys have a key identifier of type #mbedtls_svc_key_id_t.
0165  * This identifier remains valid throughout the lifetime of the key,
0166  * even if the application instance that created the key terminates.
0167  * The application can call psa_open_key() to open a persistent key that
0168  * it created previously.
0169  *
0170  * The default lifetime of a key is #PSA_KEY_LIFETIME_VOLATILE. The lifetime
0171  * #PSA_KEY_LIFETIME_PERSISTENT is supported if persistent storage is
0172  * available. Other lifetime values may be supported depending on the
0173  * library configuration.
0174  *
0175  * Values of this type are generally constructed by macros called
0176  * `PSA_KEY_LIFETIME_xxx`.
0177  *
0178  * \note Values of this type are encoded in the persistent key store.
0179  *       Any changes to existing values will require bumping the storage
0180  *       format version and providing a translation when reading the old
0181  *       format.
0182  */
0183 typedef uint32_t psa_key_lifetime_t;
0184
0185 /** Encoding of key persistence levels.
0186  *
0187  * What distinguishes different persistence levels is what device management
0188  * events may cause keys to be destroyed. _Volatile_ keys are destroyed
0189  * by a power reset. Persistent keys may be destroyed by events such as
0190  * a transfer of ownership or a factory reset. What management events
0191  * actually affect persistent keys at different levels is outside the
0192  * scope of the PSA Cryptography specification.
0193  *
0194  * The PSA Cryptography specification defines the following values of
0195  * persistence levels:
0196  * - \c 0 = #PSA_KEY_PERSISTENCE_VOLATILE: volatile key.
0197  *   A volatile key is automatically destroyed by the implementation when
0198  *   the application instance terminates. In particular, a volatile key
0199  *   is automatically destroyed on a power reset of the device.
0200  * - \c 1 = #PSA_KEY_PERSISTENCE_DEFAULT:
0201  *   persistent key with a default lifetime.
0202  * - \c 2-254: currently not supported by Mbed TLS.
0203  * - \c 255 = #PSA_KEY_PERSISTENCE_READ_ONLY:
0204  *   read-only or write-once key.
0205  *   A key with this persistence level cannot be destroyed.
0206  *   Mbed TLS does not currently offer a way to create such keys, but
0207  *   integrations of Mbed TLS can use it for built-in keys that the
0208  *   application cannot modify (for example, a hardware unique key (HUK)).
0209  *
0210  * \note Key persistence levels are 8-bit values. Key management
0211  *       interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
0212  *       encode the persistence as the lower 8 bits of a 32-bit value.
0213  *
0214  * \note Values of this type are encoded in the persistent key store.
0215  *       Any changes to existing values will require bumping the storage
0216  *       format version and providing a translation when reading the old
0217  *       format.
0218  */
0219 typedef uint8_t psa_key_persistence_t;
0220
0221 /** Encoding of key location indicators.
0222  *
0223  * If an integration of Mbed TLS can make calls to external
0224  * cryptoprocessors such as secure elements, the location of a key
0225  * indicates which secure element performs the operations on the key.
0226  * Depending on the design of the secure element, the key
0227  * material may be stored either in the secure element, or
0228  * in wrapped (encrypted) form alongside the key metadata in the
0229  * primary local storage.
0230  *
0231  * The PSA Cryptography API specification defines the following values of
0232  * location indicators:
0233  * - \c 0: primary local storage.
0234  *   This location is always available.
0235  *   The primary local storage is typically the same storage area that
0236  *   contains the key metadata.
0237  * - \c 1: primary secure element.
0238  *   Integrations of Mbed TLS should support this value if there is a secure
0239  *   element attached to the operating environment.
0240  *   As a guideline, secure elements may provide higher resistance against
0241  *   side channel and physical attacks than the primary local storage, but may
0242  *   have restrictions on supported key types, sizes, policies and operations
0243  *   and may have different performance characteristics.
0244  * - \c 2-0x7fffff: other locations defined by a PSA specification.
0245  *   The PSA Cryptography API does not currently assign any meaning to these
0246  *   locations, but future versions of that specification or other PSA
0247  *   specifications may do so.
0248  * - \c 0x800000-0xffffff: vendor-defined locations.
0249  *   No PSA specification will assign a meaning to locations in this range.
0250  *
0251  * \note Key location indicators are 24-bit values. Key management
0252  *       interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
0253  *       encode the location as the upper 24 bits of a 32-bit value.
0254  *
0255  * \note Values of this type are encoded in the persistent key store.
0256  *       Any changes to existing values will require bumping the storage
0257  *       format version and providing a translation when reading the old
0258  *       format.
0259  */
0260 typedef uint32_t psa_key_location_t;
0261
0262 /** Encoding of identifiers of persistent keys.
0263  *
0264  * - Applications may freely choose key identifiers in the range
0265  *   #PSA_KEY_ID_USER_MIN to #PSA_KEY_ID_USER_MAX.
0266  * - The implementation may define additional key identifiers in the range
0267  *   #PSA_KEY_ID_VENDOR_MIN to #PSA_KEY_ID_VENDOR_MAX.
0268  * - 0 is reserved as an invalid key identifier.
0269  * - Key identifiers outside these ranges are reserved for future use.
0270  *
0271  * \note Values of this type are encoded in the persistent key store.
0272  *       Any changes to how values are allocated must require careful
0273  *       consideration to allow backward compatibility.
0274  */
0275 typedef uint32_t psa_key_id_t;
0276
0277 /** Encoding of key identifiers as seen inside the PSA Crypto implementation.
0278  *
0279  * When PSA Crypto is built as a library inside an application, this type
0280  * is identical to #psa_key_id_t. When PSA Crypto is built as a service
0281  * that can store keys on behalf of multiple clients, this type
0282  * encodes the #psa_key_id_t value seen by each client application as
0283  * well as extra information that identifies the client that owns
0284  * the key.
0285  *
0286  * \note Values of this type are encoded in the persistent key store.
0287  *       Any changes to existing values will require bumping the storage
0288  *       format version and providing a translation when reading the old
0289  *       format.
0290  */
0291 #if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
0292 typedef psa_key_id_t mbedtls_svc_key_id_t;
0293
0294 #else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
0295 /* Implementation-specific: The Mbed TLS library can be built as
0296  * part of a multi-client service that exposes the PSA Cryptography API in each
0297  * client and encodes the client identity in the key identifier argument of
0298  * functions such as psa_open_key().
0299  */
0300 typedef struct {
0301     psa_key_id_t MBEDTLS_PRIVATE(key_id);
0302     mbedtls_key_owner_id_t MBEDTLS_PRIVATE(owner);
0303 } mbedtls_svc_key_id_t;
0304
0305 #endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
0306
0307 /**@}*/
0308
0309 /** \defgroup policy Key policies
0310  * @{
0311  */
0312
0313 /** \brief Encoding of permitted usage on a key.
0314  *
0315  * Values of this type are generally constructed as bitwise-ors of macros
0316  * called `PSA_KEY_USAGE_xxx`.
0317  *
0318  * \note Values of this type are encoded in the persistent key store.
0319  *       Any changes to existing values will require bumping the storage
0320  *       format version and providing a translation when reading the old
0321  *       format.
0322  */
0323 typedef uint32_t psa_key_usage_t;
0324
0325 /**@}*/
0326
0327 /** \defgroup attributes Key attributes
0328  * @{
0329  */
0330
0331 /** The type of a structure containing key attributes.
0332  *
0333  * This is an opaque structure that can represent the metadata of a key
0334  * object. Metadata that can be stored in attributes includes:
0335  * - The location of the key in storage, indicated by its key identifier
0336  *   and its lifetime.
0337  * - The key's policy, comprising usage flags and a specification of
0338  *   the permitted algorithm(s).
0339  * - Information about the key itself: the key type and its size.
0340  * - Additional implementation-defined attributes.
0341  *
0342  * The actual key material is not considered an attribute of a key.
0343  * Key attributes do not contain information that is generally considered
0344  * highly confidential.
0345  *
0346  * An attribute structure works like a simple data structure where each function
0347  * `psa_set_key_xxx` sets a field and the corresponding function
0348  * `psa_get_key_xxx` retrieves the value of the corresponding field.
0349  * However, a future version of the library  may report values that are
0350  * equivalent to the original one, but have a different encoding. Invalid
0351  * values may be mapped to different, also invalid values.
0352  *
0353  * An attribute structure may contain references to auxiliary resources,
0354  * for example pointers to allocated memory or indirect references to
0355  * pre-calculated values. In order to free such resources, the application
0356  * must call psa_reset_key_attributes(). As an exception, calling
0357  * psa_reset_key_attributes() on an attribute structure is optional if
0358  * the structure has only been modified by the following functions
0359  * since it was initialized or last reset with psa_reset_key_attributes():
0360  * - psa_set_key_id()
0361  * - psa_set_key_lifetime()
0362  * - psa_set_key_type()
0363  * - psa_set_key_bits()
0364  * - psa_set_key_usage_flags()
0365  * - psa_set_key_algorithm()
0366  *
0367  * Before calling any function on a key attribute structure, the application
0368  * must initialize it by any of the following means:
0369  * - Set the structure to all-bits-zero, for example:
0370  *   \code
0371  *   psa_key_attributes_t attributes;
0372  *   memset(&attributes, 0, sizeof(attributes));
0373  *   \endcode
0374  * - Initialize the structure to logical zero values, for example:
0375  *   \code
0376  *   psa_key_attributes_t attributes = {0};
0377  *   \endcode
0378  * - Initialize the structure to the initializer #PSA_KEY_ATTRIBUTES_INIT,
0379  *   for example:
0380  *   \code
0381  *   psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
0382  *   \endcode
0383  * - Assign the result of the function psa_key_attributes_init()
0384  *   to the structure, for example:
0385  *   \code
0386  *   psa_key_attributes_t attributes;
0387  *   attributes = psa_key_attributes_init();
0388  *   \endcode
0389  *
0390  * A freshly initialized attribute structure contains the following
0391  * values:
0392  *
0393  * - lifetime: #PSA_KEY_LIFETIME_VOLATILE.
0394  * - key identifier: 0 (which is not a valid key identifier).
0395  * - type: \c 0 (meaning that the type is unspecified).
0396  * - key size: \c 0 (meaning that the size is unspecified).
0397  * - usage flags: \c 0 (which allows no usage except exporting a public key).
0398  * - algorithm: \c 0 (which allows no cryptographic usage, but allows
0399  *   exporting).
0400  *
0401  * A typical sequence to create a key is as follows:
0402  * -# Create and initialize an attribute structure.
0403  * -# If the key is persistent, call psa_set_key_id().
0404  *    Also call psa_set_key_lifetime() to place the key in a non-default
0405  *    location.
0406  * -# Set the key policy with psa_set_key_usage_flags() and
0407  *    psa_set_key_algorithm().
0408  * -# Set the key type with psa_set_key_type().
0409  *    Skip this step if copying an existing key with psa_copy_key().
0410  * -# When generating a random key with psa_generate_key() or deriving a key
0411  *    with psa_key_derivation_output_key(), set the desired key size with
0412  *    psa_set_key_bits().
0413  * -# Call a key creation function: psa_import_key(), psa_generate_key(),
0414  *    psa_key_derivation_output_key() or psa_copy_key(). This function reads
0415  *    the attribute structure, creates a key with these attributes, and
0416  *    outputs a key identifier to the newly created key.
0417  * -# The attribute structure is now no longer necessary.
0418  *    You may call psa_reset_key_attributes(), although this is optional
0419  *    with the workflow presented here because the attributes currently
0420  *    defined in this specification do not require any additional resources
0421  *    beyond the structure itself.
0422  *
0423  * A typical sequence to query a key's attributes is as follows:
0424  * -# Call psa_get_key_attributes().
0425  * -# Call `psa_get_key_xxx` functions to retrieve the attribute(s) that
0426  *    you are interested in.
0427  * -# Call psa_reset_key_attributes() to free any resources that may be
0428  *    used by the attribute structure.
0429  *
0430  * Once a key has been created, it is impossible to change its attributes.
0431  */
0432 typedef struct psa_key_attributes_s psa_key_attributes_t;
0433
0434
0435 #ifndef __DOXYGEN_ONLY__
0436 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
0437 /* Mbed TLS defines this type in crypto_types.h because it is also
0438  * visible to applications through an implementation-specific extension.
0439  * For the PSA Cryptography specification, this type is only visible
0440  * via crypto_se_driver.h. */
0441 typedef uint64_t psa_key_slot_number_t;
0442 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
0443 #endif /* !__DOXYGEN_ONLY__ */
0444
0445 /**@}*/
0446
0447 /** \defgroup derivation Key derivation
0448  * @{
0449  */
0450
0451 /** \brief Encoding of the step of a key derivation.
0452  *
0453  * Values of this type are generally constructed by macros called
0454  * `PSA_KEY_DERIVATION_INPUT_xxx`.
0455  */
0456 typedef uint16_t psa_key_derivation_step_t;
0457
0458 /** \brief Custom parameters for key generation or key derivation.
0459  *
0460  * This is a structure type with at least the following field:
0461  *
0462  * - \c flags: an unsigned integer type. 0 for the default production parameters.
0463  *
0464  * Functions that take such a structure as input also take an associated
0465  * input buffer \c custom_data of length \c custom_data_length.
0466  *
0467  * The interpretation of this structure and the associated \c custom_data
0468  * parameter depend on the type of the created key.
0469  *
0470  * - #PSA_KEY_TYPE_RSA_KEY_PAIR:
0471  *     - \c flags: must be 0.
0472  *     - \c custom_data: the public exponent, in little-endian order.
0473  *       This must be an odd integer and must not be 1.
0474  *       Implementations must support 65537, should support 3 and may
0475  *       support other values.
0476  *       When not using a driver, Mbed TLS supports values up to \c INT_MAX.
0477  *       If this is empty, the default value 65537 is used.
0478  * - Other key types: reserved for future use. \c flags must be 0.
0479  */
0480 typedef struct psa_custom_key_parameters_s psa_custom_key_parameters_t;
0481
0482 /** \brief Custom parameters for key generation or key derivation.
0483  *
0484  * This is a structure type with at least the following fields:
0485  *
0486  * - \c flags: an unsigned integer type. 0 for the default production parameters.
0487  * - \c data: a flexible array of bytes.
0488  *
0489  * The interpretation of this structure depend on the type of the
0490  * created key.
0491  *
0492  * - #PSA_KEY_TYPE_RSA_KEY_PAIR:
0493  *     - \c flags: must be 0.
0494  *     - \c data: the public exponent, in little-endian order.
0495  *       This must be an odd integer and must not be 1.
0496  *       Implementations must support 65537, should support 3 and may
0497  *       support other values.
0498  *       When not using a driver, Mbed TLS supports values up to \c INT_MAX.
0499  *       If this is empty or if the custom production parameters are omitted
0500  *       altogether, the default value 65537 is used.
0501  * - Other key types: reserved for future use. \c flags must be 0.
0502  *
0503  */
0504 typedef struct psa_key_production_parameters_s psa_key_production_parameters_t;
0505
0506 /**@}*/
0507
0508 #endif /* PSA_CRYPTO_TYPES_H */