Value definitions for PSA Crypto. More...
Value definitions for PSA Crypto.
Definition in file crypto_values.h.
#include "crypto_types.h"
Go to the source code of this file.
#define | PSA_ALG_CATEGORY_MASK ((psa_algorithm_t)0x7f000000) |
PSA algorithm category mask. | |
#define | PSA_ALG_CATEGORY_HASH ((psa_algorithm_t)0x02000000) |
Category for hash algorithms. | |
#define | PSA_ALG_CATEGORY_MAC ((psa_algorithm_t)0x03000000) |
Category for MAC algorithms. | |
#define | PSA_ALG_CATEGORY_CIPHER ((psa_algorithm_t)0x04000000) |
Category for cipher algorithms. | |
#define | PSA_ALG_CATEGORY_AEAD ((psa_algorithm_t)0x05000000) |
Category for AEAD algorithms. | |
#define | PSA_ALG_CATEGORY_SIGN ((psa_algorithm_t)0x06000000) |
Category for signature algorithms. | |
#define | PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION ((psa_algorithm_t)0x07000000) |
Category for asymmetric encryption algorithms. | |
#define | PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t)0x08000000) |
Category for key derivation algorithms. | |
#define | PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t)0x09000000) |
Category for key agreement algorithms. | |
#define | PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(aead_alg, min_tag_length) /* specification-defined value */ |
Macro to build an AEAD minimum-tag-length wildcard algorithm. | |
#define | PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(aead_alg) |
An AEAD algorithm with the default tag length. | |
#define | PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, tag_length) ((psa_algorithm_t)(((aead_alg) & ~0x003f0000) | (((tag_length) & 0x3f) << 16))) |
Macro to build a AEAD algorithm with a shortened tag. | |
#define | PSA_ALG_ANY_HASH ((psa_algorithm_t)0x020000ff) |
When setting a hash-and-sign algorithm in a key policy, permit any hash algorithm. | |
#define | PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(mac_alg, min_mac_length) /* specification-defined value */ |
Macro to build a MAC minimum-MAC-length wildcard algorithm. | |
#define | PSA_ALG_DETERMINISTIC_ECDSA(hash_alg) ((psa_algorithm_t)(0x06000700 | ((hash_alg) & 0x000000ff))) |
Deterministic ECDSA signature scheme, with hashing. | |
#define | PSA_ALG_FULL_LENGTH_MAC(mac_alg) ((psa_algorithm_t)((mac_alg) & ~0x003f0000)) |
Macro to construct the MAC algorithm with a full length MAC, from a truncated MAC algorithm. | |
#define | PSA_ALG_HKDF(hash_alg) ((psa_algorithm_t)(0x08000100 | ((hash_alg) & 0x000000ff))) |
Macro to build an HKDF algorithm. | |
#define | PSA_ALG_GET_HASH(alg) |
Get the hash used by a composite algorithm. | |
#define | PSA_ALG_HMAC_BASE (0x03800000) |
HMAC Base. | |
#define | PSA_ALG_HMAC(hash_alg) ((psa_algorithm_t)(PSA_ALG_HMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))) |
Macro to build an HMAC message-authentication-code algorithm from an underlying hash algorithm. | |
#define | PSA_ALG_IS_CIPHER(alg) (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_CIPHER) |
Whether the specified algorithm is a symmetric cipher algorithm. | |
#define | PSA_ALG_IS_AEAD(alg) (((alg) & PSA_ALG_CATEGORY_MASK) == 0x05000000) |
Whether the specified algorithm is an authenticated encryption with associated data (AEAD) algorithm. | |
#define | PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) (((alg) & 0x7f400000) == 0x05400000) |
Whether the specified algorithm is an AEAD mode on a block cipher. | |
#define | PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg) (((alg) & PSA_ALG_CATEGORY_MASK) == 0x07000000) |
Whether the specified algorithm is an asymmetric encryption algorithm, also known as public-key encryption algorithm. | |
#define | PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) (((alg) & 0x7fc00000) == 0x03c00000) |
Whether the specified algorithm is a MAC algorithm based on a block cipher. | |
#define | PSA_ALG_IS_DETERMINISTIC_ECDSA(alg) (((alg) & ~0x000000ff) == 0x06000700) |
Whether the specified algorithm is deterministic ECDSA. | |
#define | PSA_ALG_IS_ECDH(alg) (((alg) & 0x7fff0000) == 0x09020000) |
Whether the specified algorithm is an elliptic curve Diffie-Hellman algorithm. | |
#define | PSA_ALG_IS_FFDH(alg) (((alg) & 0x7fff0000) == 0x09010000) |
Whether the specified algorithm is a finite field Diffie-Hellman algorithm. | |
#define | PSA_ALG_IS_ECDSA(alg) (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_SIGN) |
Whether the specified algorithm is ECDSA. | |
#define | PSA_ALG_IS_HASH(alg) (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_HASH) |
Whether the specified algorithm is a hash algorithm. | |
#define | PSA_ALG_HMAC_GET_HASH(hmac_alg) (PSA_ALG_CATEGORY_HASH | ((hmac_alg) & PSA_ALG_HASH_MASK)) |
Get the hash operation of a hmac algorithm. | |
#define | PSA_ALG_IS_HASH_EDDSA(alg) (((alg) & ~0x000000ff) == 0x06000900) |
Whether the specified algorithm is HashEdDSA. | |
#define | PSA_ALG_IS_HASH_AND_SIGN(alg) |
Whether the specified algorithm is a hash-and-sign algorithm that signs exactly the hash value. | |
#define | PSA_ALG_IS_HKDF(alg) (((alg) & ~0x000000ff) == 0x08000100) |
Whether the specified algorithm is an HKDF algorithm. | |
#define | PSA_ALG_IS_HMAC(alg) (((alg) & 0x7fc0ff00) == 0x03800000) |
Whether the specified algorithm is an HMAC algorithm. | |
#define | PSA_ALG_IS_KEY_AGREEMENT(alg) (((alg) & 0x7f000000) == 0x09000000) |
Whether the specified algorithm is a key agreement algorithm. | |
#define | PSA_ALG_IS_KEY_DERIVATION(alg) (((alg) & 0x7f000000) == 0x08000000) |
Whether the specified algorithm is a key derivation algorithm. | |
#define | PSA_ALG_IS_KEY_DERIVATION_STRETCHING(alg) (((alg) & 0x7f800000) == 0x08800000) |
Whether the specified algorithm is a key-stretching or password-hashing algorithm. | |
#define | PSA_ALG_IS_MAC(alg) (((alg) & 0x7f000000) == 0x03000000) |
Whether the specified algorithm is a MAC algorithm. | |
#define | PSA_ALG_IS_PBKDF2_HMAC(alg) (((alg) & ~0x000000ff) == 0x08800100) |
Whether the specified algorithm is a PBKDF2-HMAC algorithm. | |
#define | PSA_ALG_IS_RANDOMIZED_ECDSA(alg) (((alg) & ~0x000000ff) == 0x06000600) |
Whether the specified algorithm is randomized ECDSA. | |
#define | PSA_ALG_IS_RAW_KEY_AGREEMENT(alg) (((alg) & 0x7f00ffff) == 0x09000000) |
Whether the specified algorithm is a raw key agreement algorithm. | |
#define | PSA_ALG_IS_RSA_OAEP(alg) (((alg) & ~0x000000ff) == 0x07000300) |
Whether the specified algorithm is an RSA OAEP encryption algorithm. | |
#define | PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) (((alg) & ~0x000000ff) == 0x06000200) |
Whether the specified algorithm is an RSA PKCS#1 v1.5 signature algorithm. | |
#define | PSA_ALG_IS_RSA_PSS(alg) (((alg) & ~0x000000ff) == 0x06000300) |
Whether the specified algorithm is a RSA PSS signature algorithm. | |
#define | PSA_ALG_IS_RSA_PSS_ANY_SALT(alg) (((alg) & ~0x000000ff) == 0x06001300) |
Whether the specified algorithm is an RSA PSS signature algorithm that permits any salt length. | |
#define | PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg) (((alg) & ~0x000000ff) == 0x06000300) |
Whether the specified algorithm is an RSA PSS signature algorithm that requires the standard salt length. | |
#define | PSA_ALG_IS_SIGN(alg) (((alg) & 0x7f000000) == 0x06000000) |
Whether the specified algorithm is an asymmetric signature algorithm, also known as public-key signature algorithm. | |
#define | PSA_ALG_IS_SIGN_HASH(alg) |
Whether the specified algorithm is a signature algorithm that can be used with psa_sign_hash() and psa_verify_hash(). | |
#define | PSA_ALG_IS_SIGN_MESSAGE(alg) (PSA_ALG_IS_SIGN_HASH(alg) || (alg) == PSA_ALG_PURE_EDDSA) |
Whether the specified algorithm is a signature algorithm that can be used with psa_sign_message() and psa_verify_message(). | |
#define | PSA_ALG_IS_STREAM_CIPHER(alg) (((alg) & 0x7f800000) == 0x04800000) |
Whether the specified algorithm is a stream cipher. | |
#define | PSA_ALG_IS_TLS12_PRF(alg) (((alg) & ~0x000000ff) == 0x08000200) |
Whether the specified algorithm is a TLS-1.2 PRF algorithm. | |
#define | PSA_ALG_IS_TLS12_PSK_TO_MS(alg) (((alg) & ~0x000000ff) == 0x08000300) |
Whether the specified algorithm is a TLS-1.2 PSK to MS algorithm. | |
#define | PSA_ALG_IS_WILDCARD(alg) (PSA_ALG_GET_HASH(alg) == PSA_ALG_HASH_ANY) |
Whether the specified algorithm encoding is a wildcard. | |
#define | PSA_ALG_KEY_AGREEMENT(ka_alg, kdf_alg) ((ka_alg) | (kdf_alg)) |
Macro to build a combined algorithm that chains a key agreement with a key derivation. | |
#define | PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) ((psa_algorithm_t)((alg) & 0xffff0000)) |
Get the raw key agreement algorithm from a full key agreement algorithm. | |
#define | PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) ((psa_algorithm_t)((alg) & 0xfe00ffff)) |
Get the key derivation algorithm used in a full key agreement algorithm. | |
#define | PSA_ALG_NONE ((psa_algorithm_t)0) |
An invalid algorithm identifier value. | |
#define | PSA_ALG_HASH_MASK ((psa_algorithm_t)0x000000ff) |
Hash algorithm mask. | |
#define | PSA_ALG_MD2 ((psa_algorithm_t)0x02000001) |
The MD2 message-digest algorithm. | |
#define | PSA_ALG_MD4 ((psa_algorithm_t)0x02000002) |
The MD4 message-digest algorithm. | |
#define | PSA_ALG_MD5 ((psa_algorithm_t)0x02000003) |
The MD5 message-digest algorithm. | |
#define | PSA_ALG_RIPEMD160 ((psa_algorithm_t)0x02000004) |
The RIPEMD-160 message-digest algorithm. | |
#define | PSA_ALG_SHA_1 ((psa_algorithm_t)0x02000005) |
The SHA-1 message-digest algorithm. | |
#define | PSA_ALG_SHA_224 ((psa_algorithm_t)0x02000008) /** SHA-224 */ |
The SHA-224 message-digest algorithm. | |
#define | PSA_ALG_SHA_256 ((psa_algorithm_t)0x02000009) /** SHA-256 */ |
The SHA-256 message-digest algorithm. | |
#define | PSA_ALG_SHA_384 ((psa_algorithm_t)0x0200000a) /** SHA-384 */ |
The SHA-384 message-digest algorithm. | |
#define | PSA_ALG_SHA_512 ((psa_algorithm_t)0x0200000b) /** SHA-512 */ |
The SHA-512 message-digest algorithm. | |
#define | PSA_ALG_SHA_512_224 ((psa_algorithm_t)0x0200000c) /** SHA-512/224 */ |
The SHA-512/224 message-digest algorithm. | |
#define | PSA_ALG_SHA_512_256 ((psa_algorithm_t)0x0200000d) /** SHA-512/256 */ |
The SHA-512/256 message-digest algorithm. | |
#define | PSA_ALG_SHA3_224 ((psa_algorithm_t)0x02000010) /** SHA-3-224 */ |
The SHA3-224 message-digest algorithm. | |
#define | PSA_ALG_SHA3_256 ((psa_algorithm_t)0x02000011) /** SHA-3-256 */ |
The SHA3-256 message-digest algorithm. | |
#define | PSA_ALG_SHA3_384 ((psa_algorithm_t)0x02000012) /** SHA-3-384 */ |
The SHA3-384 message-digest algorithm. | |
#define | PSA_ALG_SHA3_512 ((psa_algorithm_t)0x02000013) /** SHA-3-512 */ |
The SHA3-512 message-digest algorithm. | |
#define | PSA_ALG_SM3 ((psa_algorithm_t)0x02000014) /** SM3 */ |
The SM3 message-digest algorithm. | |
#define | PSA_ALG_SHAKE256_512 ((psa_algorithm_t)0x02000015) |
The first 512 bits (64 bytes) of the SHAKE256 output. | |
#define | PSA_ALG_CBC_MAC ((psa_algorithm_t)0x03c00100) |
The CBC-MAC message-authentication-code algorithm, constructed over a block cipher. | |
#define | PSA_ALG_CMAC ((psa_algorithm_t)0x03c00200) |
The CMAC message-authentication-code algorithm, constructed over a block cipher. | |
#define | PSA_ALG_CBC_NO_PADDING ((psa_algorithm_t)0x04404000) |
The Cipher Block Chaining (CBC) mode of a block cipher, with no padding. | |
#define | PSA_ALG_CBC_PKCS7 ((psa_algorithm_t)0x04404100) |
The Cipher Block Chaining (CBC) mode of a block cipher, with PKCS#7 padding. | |
#define | PSA_ALG_ECB_NO_PADDING ((psa_algorithm_t)0x04404400) |
The Electronic Codebook (ECB) mode of a block cipher, with no padding. | |
#define | PSA_ALG_XTS ((psa_algorithm_t)0x0440ff00) |
The XEX with Ciphertext Stealing (XTS) cipher mode of a block cipher. | |
#define | PSA_ALG_CTR ((psa_algorithm_t)0x04c01000) |
A stream cipher built using the Counter (CTR) mode of a block cipher. | |
#define | PSA_ALG_CFB ((psa_algorithm_t)0x04c01100) |
A stream cipher built using the Cipher Feedback (CFB) mode of a block cipher. | |
#define | PSA_ALG_OFB ((psa_algorithm_t)0x04c01200) |
A stream cipher built using the Output Feedback (OFB) mode of a block cipher. | |
#define | PSA_ALG_STREAM_CIPHER ((psa_algorithm_t)0x04800100) |
The stream cipher mode of a stream cipher algorithm. | |
#define | PSA_ALG_CHACHA20_POLY1305 ((psa_algorithm_t)0x05100500) |
The ChaCha20-Poly1305 AEAD algorithm. | |
#define | PSA_ALG_CCM ((psa_algorithm_t)0x05500100) |
The Counter with CBC-MAC (CCM) authenticated encryption algorithm. | |
#define | PSA_ALG_GCM ((psa_algorithm_t)0x05500200) |
The Galois/Counter Mode (GCM) authenticated encryption algorithm. | |
#define | PSA_ALG_PBKDF2_AES_CMAC_PRF_128 ((psa_algorithm_t)0x08800200) |
The PBKDF2-AES-CMAC-PRF-128 password-hashing or key-stretching algorithm. | |
#define | PSA_ALG_PBKDF2_HMAC(hash_alg) ((psa_algorithm_t)(0x08800100 | ((hash_alg) & 0x000000ff))) |
Macro to build a PBKDF2-HMAC password-hashing or key-stretching algorithm. | |
#define | PSA_ALG_RSA_PKCS1V15_SIGN_RAW ((psa_algorithm_t)0x06000200) |
The raw RSA PKCS#1 v1.5 signature algorithm, without hashing. | |
#define | PSA_ALG_ECDSA_BASE ((psa_algorithm_t)0x06000600) |
Base of ECDSA algorithms. | |
#define | PSA_ALG_PURE_EDDSA ((psa_algorithm_t)0x06000800) |
Edwards-curve digital signature algorithm without prehashing (PureEdDSA), using standard parameters. | |
#define | PSA_ALG_ECDSA(hash_alg) (PSA_ALG_ECDSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) |
The randomized ECDSA signature scheme, with hashing. | |
#define | PSA_ALG_ECDSA_ANY PSA_ALG_ECDSA_BASE |
The randomized ECDSA signature scheme, without hashing. | |
#define | PSA_ALG_ED25519PH ((psa_algorithm_t)0x0600090B) |
Edwards-curve digital signature algorithm with prehashing (HashEdDSA), using the Edwards25519 curve. | |
#define | PSA_ALG_ED448PH ((psa_algorithm_t)0x06000915) |
Edwards-curve digital signature algorithm with prehashing (HashEdDSA), using the Edwards448 curve. | |
#define | PSA_ALG_RSA_PKCS1V15_CRYPT ((psa_algorithm_t)0x07000200) |
The RSA PKCS#1 v1.5 asymmetric encryption algorithm. | |
#define | PSA_ALG_FFDH ((psa_algorithm_t)0x09010000) |
The finite-field Diffie-Hellman (DH) key agreement algorithm. | |
#define | PSA_ALG_ECDH ((psa_algorithm_t)0x09020000) |
The elliptic curve Diffie-Hellman (ECDH) key agreement algorithm. | |
#define | PSA_ALG_RSA_OAEP(hash_alg) ((psa_algorithm_t)(0x07000300 | ((hash_alg) & 0x000000ff))) |
The RSA OAEP asymmetric encryption algorithm. | |
#define | PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg) ((psa_algorithm_t)(0x06000200 | ((hash_alg) & 0x000000ff))) |
The RSA PKCS#1 v1.5 message signature scheme, with hashing. | |
#define | PSA_ALG_RSA_PSS(hash_alg) ((psa_algorithm_t)(0x06000300 | ((hash_alg) & 0x000000ff))) |
The RSA PSS message signature scheme, with hashing. | |
#define | PSA_ALG_RSA_PSS_ANY_SALT(hash_alg) ((psa_algorithm_t)(0x06001300 | ((hash_alg) & 0x000000ff))) |
The RSA PSS message signature scheme, with hashing. | |
#define | PSA_ALG_TLS12_PRF(hash_alg) ((psa_algorithm_t)(0x08000200 | ((hash_alg) & 0x000000ff))) |
Macro to build a TLS-1.2 PRF algorithm. | |
#define | PSA_ALG_TLS12_PSK_TO_MS(hash_alg) ((psa_algorithm_t)(0x08000300 | ((hash_alg) & 0x000000ff))) |
Macro to build a TLS-1.2 PSK-to-MasterSecret algorithm. | |
#define | PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length) ((psa_algorithm_t)(((mac_alg) & ~0x003f0000) | (((mac_length) & 0x3f) << 16))) |
Macro to build a truncated MAC algorithm. | |
#define | PSA_DH_FAMILY_RFC7919 ((psa_dh_family_t)0x03) |
Finite-field Diffie-Hellman groups defined for TLS in RFC 7919. | |
#define | PSA_ECC_FAMILY_BRAINPOOL_P_R1 ((psa_ecc_family_t)0x30) |
Brainpool P random curves. | |
#define | PSA_ECC_FAMILY_FRP ((psa_ecc_family_t)0x33) |
Curve used primarily in France and elsewhere in Europe. | |
#define | PSA_ECC_FAMILY_MONTGOMERY ((psa_ecc_family_t)0x41) |
Montgomery curves. | |
#define | PSA_ECC_FAMILY_SECP_K1 ((psa_ecc_family_t)0x17) |
SEC Koblitz curves over prime fields. | |
#define | PSA_ECC_FAMILY_SECP_R1 ((psa_ecc_family_t)0x12) |
SEC random curves over prime fields. | |
#define | PSA_ECC_FAMILY_SECP_R2 ((psa_ecc_family_t)0x1b) |
#define | PSA_ECC_FAMILY_SECT_K1 ((psa_ecc_family_t)0x27) |
SEC Koblitz curves over binary fields. | |
#define | PSA_ECC_FAMILY_SECT_R1 ((psa_ecc_family_t)0x22) |
SEC random curves over binary fields. | |
#define | PSA_ECC_FAMILY_SECT_R2 ((psa_ecc_family_t)0x2b) |
SEC additional random curves over binary fields. | |
#define | PSA_ECC_FAMILY_TWISTED_EDWARDS ((psa_ecc_family_t)0x42) |
Twisted Edwards curves. | |
#define | PSA_KEY_DERIVATION_INPUT_CONTEXT /* implementation-defined value */ |
A context for key derivation. | |
#define | PSA_KEY_DERIVATION_INPUT_COST /* implementation-defined value */ |
A cost parameter for password hashing or key stretching. | |
#define | PSA_KEY_DERIVATION_INPUT_INFO /* implementation-defined value */ |
An information string for key derivation. | |
#define | PSA_KEY_DERIVATION_INPUT_LABEL /* implementation-defined value */ |
A label for key derivation. | |
#define | PSA_KEY_DERIVATION_INPUT_PASSWORD /* implementation-defined value */ |
A low-entropy secret input for password hashing or key stretching. | |
#define | PSA_KEY_DERIVATION_INPUT_SALT /* implementation-defined value */ |
A salt for key derivation. | |
#define | PSA_KEY_DERIVATION_INPUT_SECRET /* implementation-defined value */ |
A high-entropy secret input for key derivation. | |
#define | PSA_KEY_DERIVATION_INPUT_SEED /* implementation-defined value */ |
A seed for key derivation. | |
#define | PSA_KEY_DERIVATION_UNLIMITED_CAPACITY /* implementation-defined value */ |
Use the maximum possible capacity for a key derivation operation. | |
#define | PSA_KEY_ID_NULL ((psa_key_id_t)0) |
The null key identifier. | |
#define | PSA_KEY_ID_USER_MAX ((psa_key_id_t)0x3fffffff) |
The maximum value for a key identifier chosen by the application. | |
#define | PSA_KEY_ID_USER_MIN ((psa_key_id_t)0x00000001) |
The minimum value for a key identifier chosen by the application. | |
#define | PSA_KEY_ID_VENDOR_MAX ((psa_key_id_t)0x7fffffff) |
The maximum value for a key identifier chosen by the implementation. | |
#define | PSA_KEY_ID_VENDOR_MIN ((psa_key_id_t)0x40000000) |
The minimum value for a key identifier chosen by the implementation. | |
#define | PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(persistence, location) ((location) << 8 | (persistence)) |
Construct a lifetime from a persistence level and a location. | |
#define | PSA_KEY_LIFETIME_GET_LOCATION(lifetime) ((psa_key_location_t)((lifetime) >> 8)) |
Extract the location indicator from a key lifetime. | |
#define | PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) ((psa_key_persistence_t)((lifetime) & 0x000000ff)) |
Extract the persistence level from a key lifetime. | |
#define | PSA_KEY_LIFETIME_IS_VOLATILE(lifetime) (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == PSA_KEY_PERSISTENCE_VOLATILE) |
Whether a key lifetime indicates that the key is volatile. | |
#define | PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001) |
The default lifetime for persistent keys. | |
#define | PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t)0x00000000) |
The default lifetime for volatile keys. | |
#define | PSA_KEY_LOCATION_LOCAL_STORAGE ((psa_key_location_t)0x000000) |
The local storage area for persistent keys. | |
#define | PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT ((psa_key_location_t)0x000001) |
The default secure element storage area for persistent keys. | |
#define | PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t)0x800000) |
Mark vendor defined key locations. | |
#define | PSA_KEY_LOCATION_SE_MIN (PSA_KEY_LOCATION_VENDOR_FLAG) |
Minimum location value for secure elements. | |
#define | PSA_KEY_LOCATION_SE_MAX ((psa_key_location_t)0x8000ff) |
Maximum location value for secure elements. | |
#define | PSA_KEY_PERSISTENCE_DEFAULT ((psa_key_persistence_t)0x01) |
The default persistence level for persistent keys. | |
#define | PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t)0xff) |
A persistence level indicating that a key is never destroyed. | |
#define | PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t)0x00) |
The persistence level of volatile keys. | |
#define | PSA_KEY_TYPE_VENDOR_FLAG ((psa_key_type_t)0x8000) |
Vendor-defined key type flag. | |
#define | PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t)0x7000) |
Mask for key type categories. | |
#define | PSA_KEY_TYPE_CATEGORY_RAW ((psa_key_type_t)0x1000) |
Raw key data type. | |
#define | PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t)0x2000) |
Symmetric key type. | |
#define | PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY ((psa_key_type_t)0x4000) |
Asymmetric public key type. | |
#define | PSA_KEY_TYPE_CATEGORY_KEY_PAIR ((psa_key_type_t)0x7000) |
Asymmetric key pair type. | |
#define | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR ((psa_key_type_t)0x3000) |
Asymmetric key pair flag. | |
#define | PSA_KEY_TYPE_AES ((psa_key_type_t)0x2400) |
Key for a cipher, AEAD or MAC algorithm based on the AES block cipher. | |
#define | PSA_KEY_TYPE_ARC4 ((psa_key_type_t)0x2002) |
Key for the ARC4 stream cipher. | |
#define | PSA_KEY_TYPE_ARIA ((psa_key_type_t)0x2406) |
Key for a cipher, AEAD or MAC algorithm based on the ARIA block cipher. | |
#define | PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t)0x2403) |
Key for a cipher, AEAD or MAC algorithm based on the Camellia block cipher. | |
#define | PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t)0x2004) |
Key for the ChaCha20 stream cipher or the ChaCha20-Poly1305 AEAD algorithm. | |
#define | PSA_KEY_TYPE_DERIVE ((psa_key_type_t)0x1200) |
A secret for key derivation. | |
#define | PSA_KEY_TYPE_DES ((psa_key_type_t)0x2301) |
Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES). | |
#define | PSA_KEY_TYPE_DH_GET_FAMILY(type) ((psa_dh_family_t)((type) & 0x00ff)) |
Extract the group family from a Diffie-Hellman key type. | |
#define | PSA_KEY_TYPE_DH_KEY_PAIR(group) ((psa_key_type_t)(0x7200 | (group))) |
Finite-field Diffie-Hellman key pair: both the private key and public key. | |
#define | PSA_KEY_TYPE_DH_PUBLIC_KEY(group) ((psa_key_type_t)(0x4200 | (group))) |
Finite-field Diffie-Hellman public key. | |
#define | PSA_KEY_TYPE_ECC_GET_FAMILY(type) ((psa_ecc_family_t)((type) & 0x00ff)) |
Extract the curve family from an elliptic curve key type. | |
#define | PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x4100) |
Base value for ECC public keys. | |
#define | PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t)0x7100) |
Base value for ECC key pairs. | |
#define | PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x00ff) |
Mask for ECC curves. | |
#define | PSA_KEY_TYPE_ECC_KEY_PAIR(curve) (PSA_KEY_TYPE_ECC_KEY_PAIR_BASE | (curve)) |
Elliptic curve key pair: both the private and public key. | |
#define | PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve) (PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve)) |
Elliptic curve public key. | |
#define | PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve) (PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve)) |
Elliptic curve public key. | |
#define | PSA_KEY_TYPE_IS_ECC(type) ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & 0xff00) == 0x4100) |
Whether a key type is an elliptic curve key, either a key pair or a public key. | |
#define | PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type) (((type) & 0xff00) == 0x7100) |
Whether a key type is an elliptic curve key pair. | |
#define | PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type) (((type) & 0xff00) == 0x4100) |
Whether a key type is an elliptic curve public key. | |
#define | PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) ((psa_key_type_t)((type) & ~0x3000)) |
The public key type corresponding to a key pair type. | |
#define | PSA_KEY_TYPE_HMAC ((psa_key_type_t)0x1100) |
HMAC key. | |
#define | PSA_KEY_TYPE_IS_ASYMMETRIC(type) (((type) & 0x4000) == 0x4000) |
Whether a key type is asymmetric: either a key pair or a public key. | |
#define | PSA_KEY_TYPE_IS_DH(type) ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & 0xff00) == 0x4200) |
Whether a key type is a Diffie-Hellman key, either a key pair or a public key. | |
#define | PSA_KEY_TYPE_IS_DH_KEY_PAIR(type) (((type) & 0xff00) == 0x7200) |
Whether a key type is a Diffie-Hellman key pair. | |
#define | PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) (((type) & 0xff00) == 0x4200) |
Whether a key type is a Diffie-Hellman public key. | |
#define | PSA_KEY_TYPE_IS_KEY_PAIR(type) (((type) & 0x7000) == 0x7000) |
Whether a key type is a key pair containing a private part and a public part. | |
#define | PSA_KEY_TYPE_IS_PUBLIC_KEY(type) (((type) & 0x7000) == 0x4000) |
Whether a key type is the public part of a key pair. | |
#define | PSA_KEY_TYPE_IS_RSA(type) (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == 0x4001) |
Whether a key type is an RSA key. | |
#define | PSA_KEY_TYPE_IS_UNSTRUCTURED(type) (((type) & 0x7000) == 0x1000 || ((type) & 0x7000) == 0x2000) |
Whether a key type is an unstructured array of bytes. | |
#define | PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(type) ((psa_key_type_t)((type) | 0x3000)) |
The key pair type corresponding to a public key type. | |
#define | PSA_KEY_TYPE_NONE ((psa_key_type_t)0x0000) |
An invalid key type value. | |
#define | PSA_KEY_TYPE_PASSWORD ((psa_key_type_t)0x1203) |
A low-entropy secret for password hashing or key derivation. | |
#define | PSA_KEY_TYPE_PASSWORD_HASH ((psa_key_type_t)0x1205) |
A secret value that can be used to verify a password hash. | |
#define | PSA_KEY_TYPE_PEPPER ((psa_key_type_t)0x1206) |
A secret value that can be used when computing a password hash. | |
#define | PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t)0x1001) |
Raw data. | |
#define | PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t)0x7001) |
RSA key pair: both the private and public key. | |
#define | PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x4001) |
RSA public key. | |
#define | PSA_KEY_TYPE_SM4 ((psa_key_type_t)0x2405) |
Key for a cipher, AEAD or MAC algorithm based on the SM4 block cipher. | |
#define | PSA_KEY_USAGE_CACHE ((psa_key_usage_t)0x00000004) |
Permission for the implementation to cache the key. | |
#define | PSA_KEY_USAGE_COPY ((psa_key_usage_t)0x00000002) |
Permission to copy the key. | |
#define | PSA_KEY_USAGE_DECRYPT ((psa_key_usage_t)0x00000200) |
Permission to decrypt a message with the key. | |
#define | PSA_KEY_USAGE_DERIVE ((psa_key_usage_t)0x00004000) |
Permission to derive other keys or produce a password hash from this key. | |
#define | PSA_KEY_USAGE_ENCRYPT ((psa_key_usage_t)0x00000100) |
Permission to encrypt a message with the key. | |
#define | PSA_KEY_USAGE_EXPORT ((psa_key_usage_t)0x00000001) |
Permission to export the key. | |
#define | PSA_KEY_USAGE_SIGN_HASH ((psa_key_usage_t)0x00001000) |
Permission to sign a message hash with the key. | |
#define | PSA_KEY_USAGE_SIGN_MESSAGE ((psa_key_usage_t)0x00000400) |
Permission to sign a message with the key. | |
#define | PSA_KEY_USAGE_VERIFY_DERIVATION ((psa_key_usage_t)0x00008000) |
Permission to verify the result of a key derivation, including password hashing. | |
#define | PSA_KEY_USAGE_VERIFY_HASH ((psa_key_usage_t)0x00002000) |
Permission to verify a message hash with the key. | |
#define | PSA_KEY_USAGE_VERIFY_MESSAGE ((psa_key_usage_t)0x00000800) |
Permission to verify a message signature with the key. | |
#define | PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE /* implementation-defined value */ |
Sufficient output buffer size for psa_raw_key_agreement(), for any of the supported key types and key agreement algorithms. | |
#define | PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) /* implementation-defined value */ |
Sufficient output buffer size for psa_raw_key_agreement(). | |
#define | PSA_SIGNATURE_MAX_SIZE /* implementation-defined value */ |
A sufficient signature buffer size for psa_sign_message() and psa_sign_hash(), for any of the supported key types and asymmetric signature algorithms. | |
#define | PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE /* implementation-defined value */ |
This macro returns the maximum supported length of the PSK for the TLS-1.2 PSK-to-MS key derivation. | |
#define PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG | ( | aead_alg, | |
min_tag_length | |||
) | /* specification-defined value */ |
Macro to build an AEAD minimum-tag-length wildcard algorithm.
A key with a minimum-tag-length AEAD wildcard algorithm as permitted algorithm policy can be used with all AEAD algorithms sharing the same base algorithm, and where the tag length of the specific algorithm is equal to or larger then the minimum tag length specified by the wildcard algorithm.
The AEAD algorithm with a default length tag can be recovered using PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG().
aead_alg | An AEAD algorithm: a value of type psa_algorithm_t such that PSA_ALG_IS_AEAD(aead_alg ) is true. |
min_tag_length | Desired minimum length of the authentication tag in bytes. This must be at least 1 and at most the largest allowed tag length of the algorithm. |
aead_alg
is not a supported AEAD algorithm or if min_tag_length
is less than 1 or too large for the specified AEAD algorithm. Definition at line 96 of file crypto_values.h.
#define PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG | ( | aead_alg | ) |
An AEAD algorithm with the default tag length.
This macro can be used to construct the AEAD algorithm with default tag length from an AEAD algorithm with a shortened tag. See also PSA_ALG_AEAD_WITH_SHORTENED_TAG().
Compatible key types: The resulting AEAD algorithm is compatible with the same key types as the AEAD algorithm used to construct it.
Definition at line 109 of file crypto_values.h.
#define PSA_ALG_AEAD_WITH_SHORTENED_TAG | ( | aead_alg, | |
tag_length | |||
) | ((psa_algorithm_t)(((aead_alg) & ~0x003f0000) | (((tag_length) & 0x3f) << 16))) |
Macro to build a AEAD algorithm with a shortened tag.
An AEAD algorithm with a shortened tag is similar to the corresponding AEAD algorithm, but has an authentication tag that consists of fewer bytes. Depending on the algorithm, the tag length might affect the calculation of the ciphertext.
The AEAD algorithm with a default length tag can be recovered using PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG().
Compatible key types: The resulting AEAD algorithm is compatible with the same key types as the AEAD algorithm used to construct it.
aead_alg | An AEAD algorithm: a value of type psa_algorithm_t such that PSA_ALG_IS_AEAD(aead_alg ) is true. |
tag_length | Desired length of the authentication tag in bytes. |
aead_alg
is not a supported AEAD algorithm or if tag_length
is not valid for the specified AEAD algorithm. Definition at line 137 of file crypto_values.h.
#define PSA_ALG_ANY_HASH ((psa_algorithm_t)0x020000ff) |
When setting a hash-and-sign algorithm in a key policy, permit any hash algorithm.
This value can be used to form the permitted algorithm attribute of a key policy for a signature algorithm that is parametrized by a hash. A key with this policy can then be used to perform operations using the same signature algorithm parametrized with any supported hash. A signature algorithm created using this macro is a wildcard algorithm, and PSA_ALG_IS_WILDCARD() will return true.
This value must not be used to build other algorithms that are parametrized over a hash. For any valid use of this macro to build an algorithm alg, PSA_ALG_IS_HASH_AND_SIGN(alg) is true. This value must not be used to build an algorithm specification to perform an operation. It is only valid for setting the permitted algorithm in a key policy.
Usage: For example, suppose that PSA_xxx_SIGNATURE
is one of the following macros:
The following sequence of operations shows how PSA_ALG_ANY_HASH can be used in a key policy:
Definition at line 182 of file crypto_values.h.
#define PSA_ALG_AT_LEAST_THIS_LENGTH_MAC | ( | mac_alg, | |
min_mac_length | |||
) | /* specification-defined value */ |
Macro to build a MAC minimum-MAC-length wildcard algorithm.
A key with a minimum-MAC-length MAC wildcard algorithm as permitted algorithm policy can be used with all MAC algorithms sharing the same base algorithm, and where the (potentially truncated) MAC length of the specific algorithm is equal to or larger then the wildcard algorithm’s minimum MAC length.
The untruncated MAC algorithm can be recovered using PSA_ALG_FULL_LENGTH_MAC().
Compatible key types The resulting wildcard MAC algorithm is compatible with the same key types as the MAC algorithm used to construct it.
mac_alg | A MAC algorithm: a value of type psa_algorithm_t such that PSA_ALG_IS_MAC(alg) is true. This can be a truncated or untruncated MAC algorithm. |
min_mac_length | Desired minimum length of the message authentication code in bytes. This must be at most the untruncated length of the MAC and must be at least 1. |
Definition at line 212 of file crypto_values.h.
#define PSA_ALG_CATEGORY_AEAD ((psa_algorithm_t)0x05000000) |
Category for AEAD algorithms.
Definition at line 54 of file crypto_values.h.
#define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION ((psa_algorithm_t)0x07000000) |
Category for asymmetric encryption algorithms.
Definition at line 62 of file crypto_values.h.
#define PSA_ALG_CATEGORY_CIPHER ((psa_algorithm_t)0x04000000) |
Category for cipher algorithms.
Definition at line 50 of file crypto_values.h.
#define PSA_ALG_CATEGORY_HASH ((psa_algorithm_t)0x02000000) |
Category for hash algorithms.
Definition at line 42 of file crypto_values.h.
#define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t)0x09000000) |
Category for key agreement algorithms.
Definition at line 70 of file crypto_values.h.
#define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t)0x08000000) |
Category for key derivation algorithms.
Definition at line 66 of file crypto_values.h.
#define PSA_ALG_CATEGORY_MAC ((psa_algorithm_t)0x03000000) |
Category for MAC algorithms.
Definition at line 46 of file crypto_values.h.
#define PSA_ALG_CATEGORY_MASK ((psa_algorithm_t)0x7f000000) |
PSA algorithm category mask.
Definition at line 37 of file crypto_values.h.
#define PSA_ALG_CATEGORY_SIGN ((psa_algorithm_t)0x06000000) |
Category for signature algorithms.
Definition at line 58 of file crypto_values.h.
#define PSA_ALG_CBC_MAC ((psa_algorithm_t)0x03c00100) |
The CBC-MAC message-authentication-code algorithm, constructed over a block cipher.
The CBC-MAC algorithm must be used with a key for a block cipher. For example, one of PSA_KEY_TYPE_AES.
CBC-MAC is defined as MAC Algorithm 1 in ISO/IEC 9797-1:2011 Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher ISO9797.
Compatible key types
Definition at line 1062 of file crypto_values.h.
#define PSA_ALG_CBC_NO_PADDING ((psa_algorithm_t)0x04404000) |
The Cipher Block Chaining (CBC) mode of a block cipher, with no padding.
The underlying block cipher is determined by the key type. This symmetric cipher mode can only be used with messages whose lengths are a multiple of the block size of the chosen block cipher.
CBC mode requires an initialization vector (IV) that is the same size as the cipher block length.
The CBC block cipher mode is defined in NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques [SP800-38A](https://doi.org/10.6028/NIST.SP.800-38B). @b Compatible @b key @b types - @ref PSA_KEY_TYPE_AES - @ref PSA_KEY_TYPE_ARIA - @ref PSA_KEY_TYPE_DES - @ref PSA_KEY_TYPE_CAMELLIA - @ref PSA_KEY_TYPE_SM4
Definition at line 1106 of file crypto_values.h.
#define PSA_ALG_CBC_PKCS7 ((psa_algorithm_t)0x04404100) |
The Cipher Block Chaining (CBC) mode of a block cipher, with PKCS#7 padding.
The underlying block cipher is determined by the key type.
CBC mode requires an initialization vector (IV) that is the same size as the cipher block length.
The CBC block cipher mode is defined in NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques [SP800-38A](https://doi.org/10.6028/NIST.SP.800-38B). The padding operation is defined by PKCS #7: Cryptographic Message Syntax Version 1.5 [RFC2315](https://tools.ietf.org/html/rfc2315.html) §10.3. @b Compatible @b key @b types - @ref PSA_KEY_TYPE_AES - @ref PSA_KEY_TYPE_ARIA - @ref PSA_KEY_TYPE_DES - @ref PSA_KEY_TYPE_CAMELLIA - @ref PSA_KEY_TYPE_SM4
Definition at line 1131 of file crypto_values.h.
#define PSA_ALG_CCM ((psa_algorithm_t)0x05500100) |
The Counter with CBC-MAC (CCM) authenticated encryption algorithm.
CCM is defined for block ciphers that have a 128-bit block size. The underlying block cipher is determined by the key type.
To use PSA_ALG_CCM with a multi-part AEAD operation, the application must call psa_aead_set_lengths() before providing the nonce, the additional data and plaintext to the operation.
CCM requires a nonce of between 7 and 13 bytes in length. The length of the nonce affects the m
maximum length of the plaintext than can be encrypted or decrypted. If the nonce has length N
, then the plaintext length pLen
is encoded in L = 15 - N
octets, this requires that pLen < 28L
.
The value for L that is used with PSA_ALG_CCM depends on the function used to provide the nonce:
L
to 15 - nonce_length. If the plaintext length cannot be encoded in L
octets, then a PSA_ERROR_INVALID_ARGUMENT error is returned.L
as the smallest integer >= 2
where pLen < 28L
, with pLen
being the plaintext_length provided to psa_aead_set_lengths(). The call to psa_aead_generate_nonce() will generate and return a random nonce of length 15 - L
bytes.CCM supports authentication tag sizes of 4, 6, 8, 10, 12, 14, and 16 bytes. The default tag length is 16. Shortened tag lengths can be requested using PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, tag_length
), where tag_length
is a valid CCM tag length.
The CCM block cipher mode is defined in Counter with CBC-MAC (CCM) RFC3610.
Compatible key types
Definition at line 1430 of file crypto_values.h.
#define PSA_ALG_CFB ((psa_algorithm_t)0x04c01100) |
A stream cipher built using the Cipher Feedback (CFB) mode of a block cipher.
The underlying block cipher is determined by the key type. This is the variant of CFB where each iteration encrypts or decrypts a segment of the input that is the same length as the cipher block size. For example, using PSA_ALG_CFB with a key of type PSA_KEY_TYPE_AES will result in the AES-CFB-128 cipher.
CFB mode requires an initialization vector (IV) that is the same size as the cipher block length.
The CFB block cipher mode is defined in NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques [SP800-38A](https://doi.org/10.6028/NIST.SP.800-38A), using a segment size s equal to the block size b. The definition in [SP800-38A](https://doi.org/10.6028/NIST.SP.800-38A) is extended to allow an incomplete final block of input, in which case the algorithm discards the final bytes of the key stream when encrypting or decrypting the final partial block. @b Compatible @b key @b types - @ref PSA_KEY_TYPE_AES - @ref PSA_KEY_TYPE_ARIA - @ref PSA_KEY_TYPE_DES - @ref PSA_KEY_TYPE_CAMELLIA - @ref PSA_KEY_TYPE_SM4
Definition at line 1276 of file crypto_values.h.
#define PSA_ALG_CHACHA20_POLY1305 ((psa_algorithm_t)0x05100500) |
The ChaCha20-Poly1305 AEAD algorithm.
There are two defined variants of ChaCha20-Poly1305:
The variant used for the AEAD encryption or decryption operation, depends on the nonce provided for an AEAD operation using PSA_ALG_CHACHA20_POLY1305 :
Implementations must support 16-byte tags. It is recommended that truncated tag sizes are rejected.
Compatible key types
Definition at line 1387 of file crypto_values.h.
#define PSA_ALG_CMAC ((psa_algorithm_t)0x03c00200) |
The CMAC message-authentication-code algorithm, constructed over a block cipher.
The CMAC algorithm must be used with a key for a block cipher. For example, when used with a key with type PSA_KEY_TYPE_AES, the resulting operation is AES-CMAC.
CMAC is defined in NIST Special Publication 800-38B: Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication SP800-38B.
Compatible key types
Definition at line 1081 of file crypto_values.h.
#define PSA_ALG_CTR ((psa_algorithm_t)0x04c01000) |
A stream cipher built using the Counter (CTR) mode of a block cipher.
CTR is a stream cipher which is built from a block cipher. The underlying block cipher is determined by the key type. For example, to use AES-128-CTR, use this algorithm with a key of type PSA_KEY_TYPE_AES and a size of 128 bits (16 bytes).
The CTR block cipher mode is defined in NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques [SP800-38A].
CTR mode requires a counter block which is the same size as the cipher block length. The counter block is updated for each block (or a partial final block) that is encrypted or decrypted.
A counter block value must only be used once across all messages encrypted using the same key value. This is typically achieved by splitting the counter block into a nonce, which is unique among all message encrypted with the key, and a counter which is incremented for each block of a message.
For example, when using AES-CTR encryption, which uses a 16-byte block, the application can provide a 12-byte nonce when setting the IV. This leaves 4 bytes for the counter, allowing up to 2^32 blocks (64GB) of message data to be encrypted in each message.
The first counter block is constructed from the initialization vector (IV). The initial counter block is is constructed in the following ways:
During the counter block update operation, the counter block is treated as a single big-endian encoded integer and the update operation increments this integer by 1.
This scheme meets the recommendations in Appendix B of SP800-38A.
@b Compatible @b key @b types - @ref PSA_KEY_TYPE_AES - @ref PSA_KEY_TYPE_ARIA - @ref PSA_KEY_TYPE_DES - @ref PSA_KEY_TYPE_CAMELLIA - @ref PSA_KEY_TYPE_SM4
Definition at line 1245 of file crypto_values.h.
#define PSA_ALG_DETERMINISTIC_ECDSA | ( | hash_alg | ) | ((psa_algorithm_t)(0x06000700 | ((hash_alg) & 0x000000ff))) |
Deterministic ECDSA signature scheme, with hashing.
This algorithm can be used with both the message and hash signature functions.
This is the deterministic ECDSA signature scheme defined by Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) [RFC6979]. The representation of a signature is the same as with @ref PSA_ALG_ECDSA().
In particular, it is impossible to determine whether a signature was produced with deterministic ECDSA or with randomized ECDSA: it is only possible to verify that a signature was made with ECDSA with the private key corresponding to the public key used for the verification.
Compatible key types
family
)family
) (signature verification only)where family is a Weierstrass Elliptic curve family. That is, one of the following values:
hash_alg | A hash algorithm: a value of type psa_algorithm_t such that PSA_ALG_IS_HASH(hash_alg ) is true. This includes PSA_ALG_ANY_HASH when specifying the algorithm in a key policy. |
hash_alg
is not a supported hash algorithm. Definition at line 256 of file crypto_values.h.
#define PSA_ALG_ECB_NO_PADDING ((psa_algorithm_t)0x04404400) |
The Electronic Codebook (ECB) mode of a block cipher, with no padding.
The underlying block cipher is determined by the key type.
This symmetric cipher mode can only be used with messages whose lengths are a multiple of the block size of the chosen block cipher. ECB mode does not accept an initialization vector (IV). When using a multi-part cipher operation with this algorithm, @ref psa_cipher_generate_iv() and @ref psa_cipher_set_iv() must not be called.
The ECB block cipher mode is defined in NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques [SP800-38A](https://doi.org/10.6028/NIST.SP.800-38A). @b Compatible @b key @b types - @ref PSA_KEY_TYPE_AES - @ref PSA_KEY_TYPE_ARIA - @ref PSA_KEY_TYPE_DES - @ref PSA_KEY_TYPE_CAMELLIA - @ref PSA_KEY_TYPE_SM4
Definition at line 1164 of file crypto_values.h.
#define PSA_ALG_ECDH ((psa_algorithm_t)0x09020000) |
The elliptic curve Diffie-Hellman (ECDH) key agreement algorithm.
This algorithm can be used directly in a call to psa_raw_key_agreement(), or combined with a key derivation operation using PSA_ALG_KEY_AGREEMENT() for use with psa_key_derivation_key_agreement().
When used as a key’s permitted algorithm policy, the following uses are permitted:
When used as part of a multi-part key derivation operation, this implements a Diffie-Hellman key agreement scheme using a single elliptic curve key-pair for each participant. This includes the Ephemeral unified model, the Static unified model, and the One-pass Diffie-Hellman schemes. The input step PSA_KEY_DERIVATION_INPUT_SECRET is used when providing the secret and peer keys to the operation.
The shared secret produced by key agreement is the x-coordinate of the shared secret point. It is always ceiling(m / 8)
bytes long where m
is the bit size associated with the curve, i.e. the bit size of the order of the curve’s coordinate field. When m
is not a multiple of 8, the byte containing the most significant bit of the shared secret is padded with zero bits. The byte order is either little-endian or big-endian depending on the curve type.
Z = d_A Q_B = d_B Q_A
in little-endian byte order.m
is 255.m
is 448.PSA_ECC_FAMILY_SECP_XX
, PSA_ECC_FAMILY_SECT_XX
, PSA_ECC_FAMILY_BRAINPOOL_P_R1 and PSA_ECC_FAMILY_FRP) the shared secret is the x-coordinate of Z = h d_A Q_B = h d_B Q_A
in big-endian byte order. This is the Elliptic Curve Cryptography Cofactor Diffie-Hellman primitive defined by SEC 1: Elliptic Curve Cryptography SEC1 §3.3.2 as, and also as ECC CDH by NIST Special Publication 800-56A: Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography SP800-56A §5.7.1.2.PSA_ECC_FAMILY_SECP_XX
, PSA_ECC_FAMILY_BRAINPOOL_P_R1 and PSA_ECC_FAMILY_FRP), the bit size is m = ceiling(log_2(p))
for the field F_p
.PSA_ECC_FAMILY_SECT_XX
), the bit size is m
for the field F_{2^m}
.Z = d_A Q_B = d_B Q_A
(SEC1 §3.3.1) for curves where the cofactor h
is 1. This is true for all curves in the PSA_ECC_FAMILY_SECP_XX
, PSA_ECC_FAMILY_BRAINPOOL_P_R1, and PSA_ECC_FAMILY_FRP families.Compatible key types
family
)where family
is a Weierstrass or Montgomery Elliptic curve family. That is, one of the following values:
PSA_ECC_FAMILY_SECT_XX
PSA_ECC_FAMILY_SECP_XX
Definition at line 1834 of file crypto_values.h.
#define PSA_ALG_ECDSA | ( | hash_alg | ) | (PSA_ALG_ECDSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) |
The randomized ECDSA signature scheme, with hashing.
This algorithm can be used with both the message and hash signature functions.
This algorithm is randomized: each invocation returns a different, equally valid signature.
In particular, it is impossible to determine whether a signature was produced with deterministic ECDSA or with randomized ECDSA: it is only possible to verify that a signature was made with ECDSA with the private key corresponding to the public key used for the verification.
This signature scheme is defined by SEC 1: Elliptic Curve Cryptography SEC1, and also by Public Key Cryptography For The Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA) [X9-62])(https://standards.globalspec.com/std/1955141/ANSI%20X9.62), with a random per-message secret number k
.
The representation of the signature as a byte string consists of the concatenation of the signature values r
and s
. Each of r
and s
is encoded as an N
-octet string, where N
is the length of the base point of the curve in octets. Each value is represented in big-endian order, with the most significant octet first.
Compatible key types
where family is a Weierstrass Elliptic curve family. That is, one of the following values:
PSA_ECC_FAMILY_SECT_XX
PSA_ECC_FAMILY_SECP_XX
hash_alg | A hash algorithm: a value of type psa_algorithm_t such that PSA_ALG_IS_HASH(hash_alg ) is true. This includes PSA_ALG_ANY_HASH when specifying the algorithm in a key policy. |
hash_alg
is not a supported hash algorithm. Definition at line 1631 of file crypto_values.h.
#define PSA_ALG_ECDSA_ANY PSA_ALG_ECDSA_BASE |
The randomized ECDSA signature scheme, without hashing.
This algorithm can be only used with the psa_sign_hash() and psa_verify_hash() functions.
This algorithm is randomized: each invocation returns a different, equally valid signature.
This is the same signature scheme as PSA_ALG_ECDSA(), but without specifying a hash algorithm, and skipping the message hashing operation.
This algorithm is only recommended to sign or verify a sequence of bytes that are an already-calculated hash. Note that the input is padded with zeros on the left or truncated on the right as required to fit the curve size.
Compatible key types
family
)family
) (signature verification only)where family
is a Weierstrass Elliptic curve family. That is, one of the following values:
PSA_ECC_FAMILY_SECT_XX
PSA_ECC_FAMILY_SECP_XX
Definition at line 1661 of file crypto_values.h.
#define PSA_ALG_ECDSA_BASE ((psa_algorithm_t)0x06000600) |
Base of ECDSA algorithms.
Definition at line 1543 of file crypto_values.h.
#define PSA_ALG_ED25519PH ((psa_algorithm_t)0x0600090B) |
Edwards-curve digital signature algorithm with prehashing (HashEdDSA), using the Edwards25519 curve.
This algorithm can be used with both the message and hash signature functions.
This computes the Ed25519ph algorithm as specified in Edwards-Curve Digital Signature Algorithm (EdDSA) [RFC8032](https://tools.ietf.org/html/rfc8032.html) §5.1, and requires an Edwards25519 curve key. An empty string is used as the context. The prehash function is SHA-512. @b Usage This is a hash-and-sign algorithm. To calculate a signature, use one of the following approaches: - Call @ref psa_sign_message() with the message. - Calculate the SHA-512 hash of the message with @ref psa_hash_compute(), or with a multi-part hash operation, using the hash algorithm @ref PSA_ALG_SHA_512. Then sign the calculated hash with @ref psa_sign_hash(). Verifying a signature is similar, using @ref psa_verify_message() or @ref psa_verify_hash() instead of the signature function. @b Compatible @b key @b types - @ref PSA_KEY_TYPE_ECC_KEY_PAIR(@ref PSA_ECC_FAMILY_TWISTED_EDWARDS) - @ref PSA_KEY_TYPE_ECC_PUBLIC_KEY(@ref PSA_ECC_FAMILY_TWISTED_EDWARDS) (signature verification only)
Definition at line 1690 of file crypto_values.h.
#define PSA_ALG_ED448PH ((psa_algorithm_t)0x06000915) |
Edwards-curve digital signature algorithm with prehashing (HashEdDSA), using the Edwards448 curve.
This algorithm can be used with both the message and hash signature functions.
This computes the Ed448ph algorithm as specified in Edwards-Curve Digital Signature Algorithm (EdDSA) [RFC8032](https://tools.ietf.org/html/rfc8032.html) §5.2, and requires an Edwards448 curve key. An empty string is used as the context. The prehash function is the first 64 bytes of the output from SHAKE256. @b Usage This is a hash-and-sign algorithm. To calculate a signature, use one of the following approaches: - Call @ref psa_sign_message() with the message. - Calculate the first 64 bytes of the SHAKE256 output of the message with @ref psa_hash_compute(), or with a multi-part hash operation, using the hash algorithm @ref PSA_ALG_SHAKE256_512. Then sign the calculated hash with @ref psa_sign_hash(). Verifying a signature is similar, using @ref psa_verify_message() or @ref psa_verify_hash() instead of the signature function. @b Compatible @b key @b types - @ref PSA_KEY_TYPE_ECC_KEY_PAIR(@ref PSA_ECC_FAMILY_TWISTED_EDWARDS) - @ref PSA_KEY_TYPE_ECC_PUBLIC_KEY(@ref PSA_ECC_FAMILY_TWISTED_EDWARDS) (signature verification only)
Definition at line 1720 of file crypto_values.h.
#define PSA_ALG_FFDH ((psa_algorithm_t)0x09010000) |
The finite-field Diffie-Hellman (DH) key agreement algorithm.
This algorithm can be used directly in a call to psa_raw_key_agreement(), or combined with a key derivation operation using PSA_ALG_KEY_AGREEMENT() for use with psa_key_derivation_key_agreement().
When used as a key’s permitted algorithm policy, the following uses are permitted:
When used as part of a multi-part key derivation operation, this implements a Diffie-Hellman key agreement scheme using a single Diffie-Hellman key-pair for each participant. This includes the dhEphem
, dhOneFlow
, and dhStatic
schemes. The input step PSA_KEY_DERIVATION_INPUT_SECRET is used when providing the secret and peer keys to the operation.
The shared secret produced by this key agreement algorithm is g^{ab}
in big-endian format. It is ceiling(m / 8)
bytes long where m
is the size of the prime p
in bits.
This key agreement scheme is defined by NIST Special Publication 800-56A: Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography SP800-56A §5.7.1.1 under the name FFC DH.
Compatible key types
Definition at line 1765 of file crypto_values.h.
#define PSA_ALG_FULL_LENGTH_MAC | ( | mac_alg | ) | ((psa_algorithm_t)((mac_alg) & ~0x003f0000)) |
Macro to construct the MAC algorithm with a full length MAC, from a truncated MAC algorithm.
Compatible key types The resulting untruncated MAC algorithm is compatible with the same key types as the MAC algorithm used to construct it.
mac_alg | A MAC algorithm: a value of type psa_algorithm_t such that PSA_ALG_IS_MAC(mac_alg ) is true. This can be a truncated or untruncated MAC algorithm. |
mac_alg
is not a supported MAC algorithm. * Definition at line 274 of file crypto_values.h.
#define PSA_ALG_GCM ((psa_algorithm_t)0x05500200) |
The Galois/Counter Mode (GCM) authenticated encryption algorithm.
GCM is defined for block ciphers that have a 128-bit block size. The underlying block cipher is determined by the key type.
GCM requires a nonce of at least 1 byte in length. The maximum supported nonce size is implementation defined. Calling psa_aead_generate_nonce() will generate a random 12-byte nonce.
GCM supports authentication tag sizes of 4, 8, 12, 13, 14, 15, and 16 bytes. The default tag length is 16. Shortened tag lengths can be requested using PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, tag_length
), where tag_length
is a valid GCM tag length.
The GCM block cipher mode is defined in NIST Special Publication 800-38D: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC SP800-38D.
Compatible key types
Definition at line 1457 of file crypto_values.h.
#define PSA_ALG_GET_HASH | ( | alg | ) |
Get the hash used by a composite algorithm.
The following composite algorithms require a hash algorithm: - @ref PSA_ALG_ECDSA() - @ref PSA_ALG_HKDF() - @ref PSA_ALG_HMAC() - @ref PSA_ALG_RSA_OAEP() - @ref PSA_ALG_IS_RSA_PKCS1V15_SIGN() - @ref PSA_ALG_RSA_PSS() - @ref PSA_ALG_RSA_PSS_ANY_SALT() - @ref PSA_ALG_TLS12_PRF() - @ref PSA_ALG_TLS12_PSK_TO_MS() - @ref PSA_ALG_PBKDF2_HMAC()
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 329 of file crypto_values.h.
#define PSA_ALG_HASH_MASK ((psa_algorithm_t)0x000000ff) |
Hash algorithm mask.
Definition at line 884 of file crypto_values.h.
#define PSA_ALG_HKDF | ( | hash_alg | ) | ((psa_algorithm_t)(0x08000100 | ((hash_alg) & 0x000000ff))) |
Macro to build an HKDF algorithm.
This is the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) specified by HMAC-based Extract-and-Expand Key Derivation Function (HKDF) [RFC5869].
This key derivation algorithm uses the following inputs:
If PSA_KEY_DERIVATION_INPUT_SALT is provided, it must be before PSA_KEY_DERIVATION_INPUT_SECRET. PSA_KEY_DERIVATION_INPUT_INFO can be provided at any time after setup and before starting to generate output.
Each input may only be passed once.
Compatible key types
hash_alg | A hash algorithm: a value of type psa_algorithm_t such that PSA_ALG_IS_HASH(hash_alg ) is true. |
hash_alg
is not a supported hash algorithm. Definition at line 306 of file crypto_values.h.
#define PSA_ALG_HMAC | ( | hash_alg | ) | ((psa_algorithm_t)(PSA_ALG_HMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))) |
Macro to build an HMAC message-authentication-code algorithm from an underlying hash algorithm.
For example, PSA_ALG_HMAC(PSA_ALG_SHA_256) is HMAC-SHA-256. The HMAC construction is defined in HMAC: Keyed-Hashing for Message Authentication [RFC2104].
Compatible key types
hash_alg | A hash algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_HASH(hash_alg ) is true). |
hash_alg
is not a supported hash algorithm. Definition at line 355 of file crypto_values.h.
#define PSA_ALG_HMAC_BASE (0x03800000) |
HMAC Base.
Definition at line 336 of file crypto_values.h.
#define PSA_ALG_HMAC_GET_HASH | ( | hmac_alg | ) | (PSA_ALG_CATEGORY_HASH | ((hmac_alg) & PSA_ALG_HASH_MASK)) |
Get the hash operation of a hmac algorithm.
hmac_alg | HMAC algorithm |
Definition at line 483 of file crypto_values.h.
#define PSA_ALG_IS_AEAD | ( | alg | ) | (((alg) & PSA_ALG_CATEGORY_MASK) == 0x05000000) |
Whether the specified algorithm is an authenticated encryption with associated data (AEAD) algorithm.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 378 of file crypto_values.h.
#define PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER | ( | alg | ) | (((alg) & 0x7f400000) == 0x05400000) |
Whether the specified algorithm is an AEAD mode on a block cipher.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 389 of file crypto_values.h.
#define PSA_ALG_IS_ASYMMETRIC_ENCRYPTION | ( | alg | ) | (((alg) & PSA_ALG_CATEGORY_MASK) == 0x07000000) |
Whether the specified algorithm is an asymmetric encryption algorithm, also known as public-key encryption algorithm.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 401 of file crypto_values.h.
#define PSA_ALG_IS_BLOCK_CIPHER_MAC | ( | alg | ) | (((alg) & 0x7fc00000) == 0x03c00000) |
Whether the specified algorithm is a MAC algorithm based on a block cipher.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 412 of file crypto_values.h.
#define PSA_ALG_IS_CIPHER | ( | alg | ) | (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_CIPHER) |
Whether the specified algorithm is a symmetric cipher algorithm.
alg | An algorithm identifier (value of type psa_algorithm_t). |
Definition at line 366 of file crypto_values.h.
#define PSA_ALG_IS_DETERMINISTIC_ECDSA | ( | alg | ) | (((alg) & ~0x000000ff) == 0x06000700) |
Whether the specified algorithm is deterministic ECDSA.
See also @ref PSA_ALG_IS_ECDSA() and @ref PSA_ALG_IS_RANDOMIZED_ECDSA().
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 425 of file crypto_values.h.
#define PSA_ALG_IS_ECDH | ( | alg | ) | (((alg) & 0x7fff0000) == 0x09020000) |
Whether the specified algorithm is an elliptic curve Diffie-Hellman algorithm.
This includes the raw elliptic curve Diffie-Hellman algorithm as well as elliptic curve Diffie-Hellman followed by any supporter key derivation algorithm.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 439 of file crypto_values.h.
#define PSA_ALG_IS_ECDSA | ( | alg | ) | (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_SIGN) |
Whether the specified algorithm is ECDSA.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 464 of file crypto_values.h.
#define PSA_ALG_IS_FFDH | ( | alg | ) | (((alg) & 0x7fff0000) == 0x09010000) |
Whether the specified algorithm is a finite field Diffie-Hellman algorithm.
This includes the raw finite field Diffie-Hellman algorithm as well as finite-field Diffie-Hellman followed by any supported key derivation algorithm.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 453 of file crypto_values.h.
#define PSA_ALG_IS_HASH | ( | alg | ) | (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_HASH) |
Whether the specified algorithm is a hash algorithm.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 475 of file crypto_values.h.
#define PSA_ALG_IS_HASH_AND_SIGN | ( | alg | ) |
Whether the specified algorithm is a hash-and-sign algorithm that signs exactly the hash value.
This macro identifies algorithms that can be used with psa_sign_hash() that use the exact message hash value as an input the signature operation. For example, if PSA_ALG_IS_HASH_AND_SIGN(alg
) is true, the following call sequence is equivalent to psa_sign_message(key
, alg
, msg
, msg_len
, ...):
This excludes hash-and-sign algorithms that require a encoded or modified hash for the signature step in the algorithm, such as PSA_ALG_RSA_PKCS1V15_SIGN_RAW. For such algorithms, PSA_ALG_IS_SIGN_HASH() is true but PSA_ALG_IS_HASH_AND_SIGN() is false.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 529 of file crypto_values.h.
#define PSA_ALG_IS_HASH_EDDSA | ( | alg | ) | (((alg) & ~0x000000ff) == 0x06000900) |
Whether the specified algorithm is HashEdDSA.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 494 of file crypto_values.h.
#define PSA_ALG_IS_HKDF | ( | alg | ) | (((alg) & ~0x000000ff) == 0x08000100) |
Whether the specified algorithm is an HKDF algorithm.
HKDF is a family of key derivation algorithms that are based on a hash function and the HMAC construction.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 544 of file crypto_values.h.
#define PSA_ALG_IS_HMAC | ( | alg | ) | (((alg) & 0x7fc0ff00) == 0x03800000) |
Whether the specified algorithm is an HMAC algorithm.
HMAC is a family of MAC algorithms that are based on a hash function.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 557 of file crypto_values.h.
#define PSA_ALG_IS_KEY_AGREEMENT | ( | alg | ) | (((alg) & 0x7f000000) == 0x09000000) |
Whether the specified algorithm is a key agreement algorithm.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 568 of file crypto_values.h.
#define PSA_ALG_IS_KEY_DERIVATION | ( | alg | ) | (((alg) & 0x7f000000) == 0x08000000) |
Whether the specified algorithm is a key derivation algorithm.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 579 of file crypto_values.h.
#define PSA_ALG_IS_KEY_DERIVATION_STRETCHING | ( | alg | ) | (((alg) & 0x7f800000) == 0x08800000) |
Whether the specified algorithm is a key-stretching or password-hashing algorithm.
A key-stretching or password-hashing algorithm is a key derivation algorithm that is suitable for use with a low-entropy secret such as a password. Equivalently, it’s a key derivation algorithm that uses a PSA_KEY_DERIVATION_INPUT_PASSWORD input step.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 594 of file crypto_values.h.
#define PSA_ALG_IS_MAC | ( | alg | ) | (((alg) & 0x7f000000) == 0x03000000) |
Whether the specified algorithm is a MAC algorithm.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 605 of file crypto_values.h.
#define PSA_ALG_IS_PBKDF2_HMAC | ( | alg | ) | (((alg) & ~0x000000ff) == 0x08800100) |
Whether the specified algorithm is a PBKDF2-HMAC algorithm.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 616 of file crypto_values.h.
#define PSA_ALG_IS_RANDOMIZED_ECDSA | ( | alg | ) | (((alg) & ~0x000000ff) == 0x06000600) |
Whether the specified algorithm is randomized ECDSA.
See also PSA_ALG_IS_ECDSA() and PSA_ALG_IS_DETERMINISTIC_ECDSA().
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 629 of file crypto_values.h.
#define PSA_ALG_IS_RAW_KEY_AGREEMENT | ( | alg | ) | (((alg) & 0x7f00ffff) == 0x09000000) |
Whether the specified algorithm is a raw key agreement algorithm.
A raw key agreement algorithm is one that does not specify a key derivation function. Usually, raw key agreement algorithms are constructed directly with a PSA_ALG_xxx macro while non-raw key agreement algorithms are constructed with PSA_ALG_KEY_AGREEMENT().
The raw key agreement algorithm can be extracted from a full key agreement algorithm identifier using PSA_ALG_KEY_AGREEMENT_GET_BASE().
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 648 of file crypto_values.h.
#define PSA_ALG_IS_RSA_OAEP | ( | alg | ) | (((alg) & ~0x000000ff) == 0x07000300) |
Whether the specified algorithm is an RSA OAEP encryption algorithm.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 659 of file crypto_values.h.
#define PSA_ALG_IS_RSA_PKCS1V15_SIGN | ( | alg | ) | (((alg) & ~0x000000ff) == 0x06000200) |
Whether the specified algorithm is an RSA PKCS#1 v1.5 signature algorithm.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 670 of file crypto_values.h.
#define PSA_ALG_IS_RSA_PSS | ( | alg | ) | (((alg) & ~0x000000ff) == 0x06000300) |
Whether the specified algorithm is a RSA PSS signature algorithm.
This macro returns 1 for algorithms constructed using either PSA_ALG_RSA_PSS() or PSA_ALG_RSA_PSS_ANY_SALT().
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 684 of file crypto_values.h.
#define PSA_ALG_IS_RSA_PSS_ANY_SALT | ( | alg | ) | (((alg) & ~0x000000ff) == 0x06001300) |
Whether the specified algorithm is an RSA PSS signature algorithm that permits any salt length.
An RSA PSS signature algorithm that permits any salt length is constructed using PSA_ALG_RSA_PSS_ANY_SALT().
See also PSA_ALG_IS_RSA_PSS() and PSA_ALG_IS_RSA_PSS_STANDARD_SALT().
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 701 of file crypto_values.h.
#define PSA_ALG_IS_RSA_PSS_STANDARD_SALT | ( | alg | ) | (((alg) & ~0x000000ff) == 0x06000300) |
Whether the specified algorithm is an RSA PSS signature algorithm that requires the standard salt length.
An RSA PSS signature algorithm that requires the standard salt length is constructed using PSA_ALG_RSA_PSS().
See also PSA_ALG_IS_RSA_PSS() and PSA_ALG_IS_RSA_PSS_ANY_SALT().
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 718 of file crypto_values.h.
#define PSA_ALG_IS_SIGN | ( | alg | ) | (((alg) & 0x7f000000) == 0x06000000) |
Whether the specified algorithm is an asymmetric signature algorithm, also known as public-key signature algorithm.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 730 of file crypto_values.h.
#define PSA_ALG_IS_SIGN_HASH | ( | alg | ) |
Whether the specified algorithm is a signature algorithm that can be used with psa_sign_hash() and psa_verify_hash().
This includes all algorithms such that PSA_ALG_IS_HASH_AND_SIGN() is true, as well as signature algorithms for which the input to psa_sign_hash() or psa_verify_hash() is not directly a hash, such as PSA_ALG_IS_RSA_PKCS1V15_SIGN.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 748 of file crypto_values.h.
#define PSA_ALG_IS_SIGN_MESSAGE | ( | alg | ) | (PSA_ALG_IS_SIGN_HASH(alg) || (alg) == PSA_ALG_PURE_EDDSA) |
Whether the specified algorithm is a signature algorithm that can be used with psa_sign_message() and psa_verify_message().
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 763 of file crypto_values.h.
#define PSA_ALG_IS_STREAM_CIPHER | ( | alg | ) | (((alg) & 0x7f800000) == 0x04800000) |
Whether the specified algorithm is a stream cipher.
A stream cipher is a symmetric cipher that encrypts or decrypts messages by applying a bitwise-xor with a stream of bytes that is generated from a key.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 777 of file crypto_values.h.
#define PSA_ALG_IS_TLS12_PRF | ( | alg | ) | (((alg) & ~0x000000ff) == 0x08000200) |
Whether the specified algorithm is a TLS-1.2 PRF algorithm.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 788 of file crypto_values.h.
#define PSA_ALG_IS_TLS12_PSK_TO_MS | ( | alg | ) | (((alg) & ~0x000000ff) == 0x08000300) |
Whether the specified algorithm is a TLS-1.2 PSK to MS algorithm.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 799 of file crypto_values.h.
#define PSA_ALG_IS_WILDCARD | ( | alg | ) | (PSA_ALG_GET_HASH(alg) == PSA_ALG_HASH_ANY) |
Whether the specified algorithm encoding is a wildcard.
Wildcard algorithm values can only be used to set the permitted algorithm field in a key policy, wildcard values cannot be used to perform an operation.
See PSA_ALG_ANY_HASH for example of how a wildcard algorithm can be used in a key policy.
alg | An algorithm identifier: a value of type psa_algorithm_t. |
Definition at line 816 of file crypto_values.h.
#define PSA_ALG_KEY_AGREEMENT | ( | ka_alg, | |
kdf_alg | |||
) | ((ka_alg) | (kdf_alg)) |
Macro to build a combined algorithm that chains a key agreement with a key derivation.
A combined key agreement algorithm is used with a multi-part key derivation operation, using a call to psa_key_derivation_key_agreement().
The component parts of a key agreement algorithm can be extracted using PSA_ALG_KEY_AGREEMENT_GET_BASE() and PSA_ALG_KEY_AGREEMENT_GET_KDF().
Compatible key types The resulting combined key agreement algorithm is compatible with the same key types as the raw key agreement algorithm used to construct it.
ka_alg | A key agreement algorithm: a value of type psa_algorithm_t such that PSA_ALG_IS_KEY_AGREEMENT(ka_alg ) is true. |
kdf_alg | A key derivation algorithm: a value of type psa_algorithm_t such that PSA_ALG_IS_KEY_DERIVATION(kdf_alg ) is true. |
Definition at line 841 of file crypto_values.h.
#define PSA_ALG_KEY_AGREEMENT_GET_BASE | ( | alg | ) | ((psa_algorithm_t)((alg) & 0xffff0000)) |
Get the raw key agreement algorithm from a full key agreement algorithm.
See also PSA_ALG_KEY_AGREEMENT() and PSA_ALG_KEY_AGREEMENT_GET_KDF().
alg | A key agreement algorithm: a value of type psa_algorithm_t such that PSA_ALG_IS_KEY_AGREEMENT(alg ) is true. |
alg
is a key agreement algorithm. Unspecified if alg is not a key agreement algorithm or if it is not supported by the implementation. Definition at line 856 of file crypto_values.h.
#define PSA_ALG_KEY_AGREEMENT_GET_KDF | ( | alg | ) | ((psa_algorithm_t)((alg) & 0xfe00ffff)) |
Get the key derivation algorithm used in a full key agreement algorithm.
See also PSA_ALG_KEY_AGREEMENT() and PSA_ALG_KEY_AGREEMENT_GET_BASE().
alg | A key agreement algorithm: a value of type psa_algorithm_t such that PSA_ALG_IS_KEY_AGREEMENT(alg ) is true. |
alg
is a key agreement algorithm. Unspecified if alg is not a key agreement algorithm or if it is not supported by the implementation. Definition at line 871 of file crypto_values.h.
#define PSA_ALG_MD2 ((psa_algorithm_t)0x02000001) |
The MD2 message-digest algorithm.
MD2 is defined in The MD2 Message-Digest Algorithm RFC1319.
Definition at line 895 of file crypto_values.h.
#define PSA_ALG_MD4 ((psa_algorithm_t)0x02000002) |
The MD4 message-digest algorithm.
MD4 is defined in The MD4 Message-Digest Algorithm RFC1320.
Definition at line 906 of file crypto_values.h.
#define PSA_ALG_MD5 ((psa_algorithm_t)0x02000003) |
The MD5 message-digest algorithm.
MD5 is defined in The MD5 Message-Digest Algorithm RFC1321.
Definition at line 917 of file crypto_values.h.
#define PSA_ALG_NONE ((psa_algorithm_t)0) |
An invalid algorithm identifier value.
Zero is not the encoding of any algorithm.
Definition at line 879 of file crypto_values.h.
#define PSA_ALG_OFB ((psa_algorithm_t)0x04c01200) |
A stream cipher built using the Output Feedback (OFB) mode of a block cipher.
The underlying block cipher is determined by the key type.
OFB mode requires an initialization vector (IV) that is the same size as the cipher block length. OFB mode requires that the IV is a nonce, and must be unique for each use of the mode with the same key.
The OFB block cipher mode is defined in NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques [SP800-38A](https://doi.org/10.6028/NIST.SP.800-38A). @b Compatible @b key @b types - @ref PSA_KEY_TYPE_AES - @ref PSA_KEY_TYPE_ARIA - @ref PSA_KEY_TYPE_DES - @ref PSA_KEY_TYPE_CAMELLIA - @ref PSA_KEY_TYPE_SM4
Definition at line 1300 of file crypto_values.h.
#define PSA_ALG_PBKDF2_AES_CMAC_PRF_128 ((psa_algorithm_t)0x08800200) |
The PBKDF2-AES-CMAC-PRF-128 password-hashing or key-stretching algorithm.
PBKDF2 is specified by PKCS #5: Password-Based Cryptography Specification Version 2.1 RFC8018 §5.2. This algorithm specifies the PBKDF2 algorithm using the AES-CMAC-PRF-128 pseudo-random function specified by RFC4615.
This key derivation algorithm uses the same inputs as PSA_ALG_PBKDF2_HMAC() with the same constraints.
Compatible key types
Definition at line 1477 of file crypto_values.h.
#define PSA_ALG_PBKDF2_HMAC | ( | hash_alg | ) | ((psa_algorithm_t)(0x08800100 | ((hash_alg) & 0x000000ff))) |
Macro to build a PBKDF2-HMAC password-hashing or key-stretching algorithm.
PBKDF2 is specified by PKCS #5: Password-Based Cryptography Specification Version 2.1 RFC8018 §5.2. This macro constructs a PBKDF2 algorithm that uses a pseudo-random function based on HMAC with the specified hash.
This key derivation algorithm uses the following inputs, which must be provided in the following order:
Compatible key types
hash_alg | A hash algorithm: a value of type psa_algorithm_t such that PSA_ALG_IS_HASH(hash_alg ) is true. |
PBKDF2-HMAC-XXX
algorithm. For example, PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256) is the algorithm identifier for PBKDF2-HMAC-SHA-256
. Unspecified if hash_alg
is not a supported hash algorithm. Definition at line 1513 of file crypto_values.h.
#define PSA_ALG_PURE_EDDSA ((psa_algorithm_t)0x06000800) |
Edwards-curve digital signature algorithm without prehashing (PureEdDSA), using standard parameters.
This algorithm can be only used with the psa_sign_message() and psa_verify_message() functions.
This is the PureEdDSA digital signature algorithm defined by Edwards-Curve Digital Signature Algorithm (EdDSA) RFC8032, using standard parameters.
PureEdDSA requires an elliptic curve key on a twisted Edwards curve. The following curves are supported:
Compatible key types
Definition at line 1580 of file crypto_values.h.
#define PSA_ALG_RIPEMD160 ((psa_algorithm_t)0x02000004) |
The RIPEMD-160 message-digest algorithm.
RIPEMD-160 is defined in RIPEMD-160: A Strengthened Version of RIPEMD, and also in ISO/IEC 10118-3:2018 IT Security techniques — Hash-functions — Part 3: Dedicated hash-functions ISO10118.
Definition at line 926 of file crypto_values.h.
#define PSA_ALG_RSA_OAEP | ( | hash_alg | ) | ((psa_algorithm_t)(0x07000300 | ((hash_alg) & 0x000000ff))) |
The RSA OAEP asymmetric encryption algorithm.
This encryption scheme is defined by RFC8017 §7.1 under the name RSAES-OAEP, with the following options:
Compatible key types
hash_alg | A hash algorithm: a value of type psa_algorithm_t such that PSA_ALG_IS_HASH(hash_alg ) is true. The hash algorithm is used for MGF1. |
hash_alg
is not a supported hash algorithm. Definition at line 1858 of file crypto_values.h.
#define PSA_ALG_RSA_PKCS1V15_CRYPT ((psa_algorithm_t)0x07000200) |
The RSA PKCS#1 v1.5 asymmetric encryption algorithm.
This encryption scheme is defined by PKCS #1: RSA Cryptography Specifications Version 2.2 RFC8017 §7.2 under the name RSAES-PKCS-v1_5.
Compatible key types
Definition at line 1733 of file crypto_values.h.
#define PSA_ALG_RSA_PKCS1V15_SIGN | ( | hash_alg | ) | ((psa_algorithm_t)(0x06000200 | ((hash_alg) & 0x000000ff))) |
The RSA PKCS#1 v1.5 message signature scheme, with hashing.
This algorithm can be used with both the message and hash signature functions.
This signature scheme is defined by PKCS #1: RSA Cryptography Specifications Version 2.2 [RFC8017](https://tools.ietf.org/html/rfc8017.html) §8.2 under the name RSASSA-PKCS1-v1_5. When used with @ref psa_sign_hash() or @ref psa_verify_hash(), the provided hash parameter is used as `H` from step 2 onwards in the message encoding algorithm EMSA-PKCS1-V1_5-ENCODE() in [RFC8017](https://tools.ietf.org/html/rfc8017.html) §9.2. `H` is usually the message digest, using the @c hash_alg hash algorithm. @b Compatible @b key @b types - @ref PSA_KEY_TYPE_RSA_KEY_PAIR - @ref PSA_KEY_TYPE_RSA_PUBLIC_KEY (signature verification only)
hash_alg | A hash algorithm: a value of type psa_algorithm_t such that PSA_ALG_IS_HASH(hash_alg ) is true. This includes PSA_ALG_ANY_HASH when specifying the algorithm in a key policy. |
hash_alg
is not a supported hash algorithm. Definition at line 1886 of file crypto_values.h.
#define PSA_ALG_RSA_PKCS1V15_SIGN_RAW ((psa_algorithm_t)0x06000200) |
The raw RSA PKCS#1 v1.5 signature algorithm, without hashing.
This algorithm can be only used with the psa_sign_hash() and psa_verify_hash() functions. This signature scheme is defined by PKCS #1: RSA Cryptography Specifications Version 2.2 RFC8017 §8.2 under the name RSASSA-PKCS1-v1_5.
The hash parameter to psa_sign_hash() or psa_verify_hash() is used as T
from step 3 onwards in the message encoding algorithm EMSA-PKCS1-V1_5-ENCODE() in RFC8017 §9.2.0 T
is the DER encoding of the DigestInfo structure normally produced by step 2 in the message encoding algorithm.
The wildcard key policy PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) also permits a key to be used with the PSA_ALG_RSA_PKCS1V15_SIGN_RAW signature algorithm.
Compatible key types
Definition at line 1538 of file crypto_values.h.
#define PSA_ALG_RSA_PSS | ( | hash_alg | ) | ((psa_algorithm_t)(0x06000300 | ((hash_alg) & 0x000000ff))) |
The RSA PSS message signature scheme, with hashing.
This algorithm can be used with both the message and hash signature functions.
This algorithm is randomized: each invocation returns a different, equally valid signature. This is the signature scheme defined by [RFC8017](https://tools.ietf.org/html/rfc8017.html) §8.1 under the name RSASSA-PSS, with the following options: - The mask generation function is MGF1 defined by [RFC8017](https://tools.ietf.org/html/rfc8017.html) Appendix B. - When creating a signature, the salt length is equal to the length of the hash, or the largest possible salt length for the algorithm and key size if that is smaller than the hash length. - When verifying a signature, the salt length must be equal to the length of the hash, or the largest possible salt length for the algorithm and key size if that is smaller than the hash length. - The specified hash algorithm is used to hash the input message, to create the salted hash, and for the mask generation.
Compatible key types
Definition at line 1918 of file crypto_values.h.
#define PSA_ALG_RSA_PSS_ANY_SALT | ( | hash_alg | ) | ((psa_algorithm_t)(0x06001300 | ((hash_alg) & 0x000000ff))) |
The RSA PSS message signature scheme, with hashing.
This variant permits any salt length for signature verification.
This algorithm can be used with both the message and hash signature functions.
This algorithm is randomized: each invocation returns a different, equally valid signature. This is the signature scheme defined by [RFC8017](https://tools.ietf.org/html/rfc8017.html) §8.1 under the name RSASSA-PSS, with the following options: - The mask generation function is MGF1 defined by [RFC8017](https://tools.ietf.org/html/rfc8017.html) Appendix B. - When creating a signature, the salt length is equal to the length of the hash, or the largest possible salt length for the algorithm and key size if that is smaller than the hash length. - When verifying a signature, any salt length permitted by the RSASSA-PSS signature algorithm is accepted. - The specified hash algorithm is used to hash the input message, to create the salted hash, and for the mask generation.
Compatible key types
Definition at line 1951 of file crypto_values.h.
#define PSA_ALG_SHA3_224 ((psa_algorithm_t)0x02000010) /** SHA-3-224 */ |
The SHA3-224 message-digest algorithm.
SHA3-224 is defined in FIPS Publication 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions FIPS202.
Definition at line 993 of file crypto_values.h.
#define PSA_ALG_SHA3_256 ((psa_algorithm_t)0x02000011) /** SHA-3-256 */ |
The SHA3-256 message-digest algorithm.
SHA3-256 is defined in FIPS202.
Definition at line 1000 of file crypto_values.h.
#define PSA_ALG_SHA3_384 ((psa_algorithm_t)0x02000012) /** SHA-3-384 */ |
The SHA3-384 message-digest algorithm.
SHA3-384 is defined in FIPS202.
Definition at line 1007 of file crypto_values.h.
#define PSA_ALG_SHA3_512 ((psa_algorithm_t)0x02000013) /** SHA-3-512 */ |
The SHA3-512 message-digest algorithm.
SHA3-512 is defined in FIPS202.
Definition at line 1014 of file crypto_values.h.
#define PSA_ALG_SHA_1 ((psa_algorithm_t)0x02000005) |
The SHA-1 message-digest algorithm.
SHA-1 is defined in FIPS Publication 180-4: Secure Hash Standard (SHS) FIPS180-4.
Definition at line 937 of file crypto_values.h.
#define PSA_ALG_SHA_224 ((psa_algorithm_t)0x02000008) /** SHA-224 */ |
The SHA-224 message-digest algorithm.
SHA-224 is defined in FIPS Publication 180-4: Secure Hash Standard (SHS) FIPS180-4.
Definition at line 945 of file crypto_values.h.
#define PSA_ALG_SHA_256 ((psa_algorithm_t)0x02000009) /** SHA-256 */ |
The SHA-256 message-digest algorithm.
SHA-256 is defined in FIPS Publication 180-4: Secure Hash Standard (SHS) FIPS180-4.
Definition at line 953 of file crypto_values.h.
#define PSA_ALG_SHA_384 ((psa_algorithm_t)0x0200000a) /** SHA-384 */ |
The SHA-384 message-digest algorithm.
SHA-384 is defined in FIPS Publication 180-4: Secure Hash Standard (SHS) FIPS180-4.
Definition at line 961 of file crypto_values.h.
#define PSA_ALG_SHA_512 ((psa_algorithm_t)0x0200000b) /** SHA-512 */ |
The SHA-512 message-digest algorithm.
SHA-512 is defined in FIPS Publication 180-4: Secure Hash Standard (SHS) FIPS180-4.
Definition at line 969 of file crypto_values.h.
#define PSA_ALG_SHA_512_224 ((psa_algorithm_t)0x0200000c) /** SHA-512/224 */ |
The SHA-512/224 message-digest algorithm.
SHA-512-224 is defined in FIPS Publication 180-4: Secure Hash Standard (SHS) FIPS180-4.
Definition at line 977 of file crypto_values.h.
#define PSA_ALG_SHA_512_256 ((psa_algorithm_t)0x0200000d) /** SHA-512/256 */ |
The SHA-512/256 message-digest algorithm.
SHA-512-256 is defined in FIPS Publication 180-4: Secure Hash Standard (SHS) FIPS180-4.
Definition at line 985 of file crypto_values.h.
#define PSA_ALG_SHAKE256_512 ((psa_algorithm_t)0x02000015) |
The first 512 bits (64 bytes) of the SHAKE256 output.
This is the prehashing for Ed448ph (see PSA_ALG_ED448PH).
SHAKE256 is defined in [FIPS202](https://doi.org/10.6028/NIST.FIPS.202).
Definition at line 1039 of file crypto_values.h.
#define PSA_ALG_SM3 ((psa_algorithm_t)0x02000014) /** SM3 */ |
The SM3 message-digest algorithm.
SM3 is defined in ISO/IEC 10118-3:2018 IT Security techniques — Hash-functions — Part 3: Dedicated hash-functions ISO10118, and also in GM/T 0004-2012: SM3 cryptographic hash algorithm CSTC0004 (English version CSTC0004/E).
Definition at line 1026 of file crypto_values.h.
#define PSA_ALG_STREAM_CIPHER ((psa_algorithm_t)0x04800100) |
The stream cipher mode of a stream cipher algorithm.
The underlying stream cipher is determined by the key type. The ARC4 and ChaCha20 ciphers use this algorithm identifier.
ARC4 To use ARC4, use a key type of PSA_KEY_TYPE_ARC4 and algorithm id PSA_ALG_STREAM_CIPHER.
The ARC4 cipher does not use an initialization vector (IV). When using a multi-part cipher operation with the PSA_ALG_STREAM_CIPHER algorithm and an ARC4 key, psa_cipher_generate_iv() and psa_cipher_set_iv() must not be called.
ChaCha20 To use ChaCha20, use a key type of PSA_KEY_TYPE_CHACHA20 and algorithm id PSA_ALG_STREAM_CIPHER.
Implementations must support the variant that is defined in ChaCha20 and Poly1305 for IETF Protocols RFC7539 §2.4, which has a 96-bit nonce and a 32-bit counter. Implementations can optionally also support the original variant, as defined in ChaCha, a variant of Salsa20 CHACHA20, which has a 64-bit nonce and a 64-bit counter. Except where noted, the RFC7539 variant must be used.
ChaCha20 defines a nonce and an initial counter to be provided to the encryption and decryption operations. When using a ChaCha20 key with the PSA_ALG_STREAM_CIPHER algorithm, these values are provided using the initialization vector (IV) functions in the following ways:
Compatible key types
Definition at line 1358 of file crypto_values.h.
#define PSA_ALG_TLS12_PRF | ( | hash_alg | ) | ((psa_algorithm_t)(0x08000200 | ((hash_alg) & 0x000000ff))) |
Macro to build a TLS-1.2 PRF algorithm.
TLS 1.2 uses a custom pseudorandom function (PRF) for key schedule, specified in The Transport Layer Security (TLS) Protocol Version 1.2 RFC5246 §5. It is based on HMAC and can be used with either SHA-256 or SHA-384.
This key derivation algorithm uses the following inputs, which must be passed in the order given here:
Each input may only be passed once.
For the application to TLS-1.2 key expansion:
ServerHello.Random
+ ClientHello.Random
.key expansion
.Compatible key types
hash_alg | A hash algorithm: a value of type psa_algorithm_t such that PSA_ALG_IS_HASH(hash_alg ) is true. |
PSA_ALG_SHA_256
) represents the TLS 1.2 PRF using HMAC-SHA-256. Unspecified if hash_alg
is not a supported hash algorithm. Definition at line 1986 of file crypto_values.h.
#define PSA_ALG_TLS12_PSK_TO_MS | ( | hash_alg | ) | ((psa_algorithm_t)(0x08000300 | ((hash_alg) & 0x000000ff))) |
Macro to build a TLS-1.2 PSK-to-MasterSecret algorithm.
In a pure-PSK handshake in TLS 1.2, the master secret (MS) is derived from the pre-shared key (PSK) through the application of padding (Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) RFC4279 §2) and the TLS-1.2 PRF (The Transport Layer Security (TLS) Protocol Version 1.2 RFC5246 §5). The latter is based on HMAC and can be used with either SHA-256 or SHA-384.
This key derivation algorithm uses the following inputs, which must be passed in the order given here:
Each input may only be passed once.
For the application to TLS-1.2:
ClientHello.Random
+ ServerHello.Random
.Compatible key types
Definition at line 2017 of file crypto_values.h.
#define PSA_ALG_TRUNCATED_MAC | ( | mac_alg, | |
mac_length | |||
) | ((psa_algorithm_t)(((mac_alg) & ~0x003f0000) | (((mac_length) & 0x3f) << 16))) |
Macro to build a truncated MAC algorithm.
A truncated MAC algorithm is identical to the corresponding MAC algorithm except that the MAC value for the truncated algorithm consists of only the first mac_length bytes of the MAC value for the untruncated algorithm.
The untruncated MAC algorithm can be recovered using PSA_ALG_FULL_LENGTH_MAC().
Compatible key types The resulting truncated MAC algorithm is compatible with the same key types as the MAC algorithm used to construct it.
mac_alg | A MAC algorithm: a value of type psa_algorithm_t such that PSA_ALG_IS_MAC(mac_alg ) is true. This can be a truncated or untruncated MAC algorithm. |
mac_length | Desired length of the truncated MAC in bytes. This must be at most the untruncated length of the MAC and must be at least an implementation-specified minimum. The implementation-specified minimum must not be zero. |
mac_alg
is not a supported MAC algorithm or if mac_length
is too small or too large for the specified MAC algorithm. Definition at line 2053 of file crypto_values.h.
#define PSA_ALG_XTS ((psa_algorithm_t)0x0440ff00) |
The XEX with Ciphertext Stealing (XTS) cipher mode of a block cipher.
XTS is a cipher mode which is built from a block cipher, designed for use in disk encryption. It requires at least one full cipher block length of input, but beyond this minimum the input does not need to be a whole number of blocks.
XTS mode uses two keys for the underlying block cipher. These are provided by using a key that is twice the normal key size for the cipher. For example, to use AES-256-XTS the application must create a key with type PSA_KEY_TYPE_AES and bit size 512.
XTS mode requires an initialization vector (IV) that is the same size as the cipher block length. The IV for XTS is typically defined to be the sector number of the disk block being encrypted or decrypted.
The XTS block cipher mode is defined in 1619-2018 — IEEE Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices IEEE-XTS.
Compatible key types
Definition at line 1192 of file crypto_values.h.
#define PSA_DH_FAMILY_RFC7919 ((psa_dh_family_t)0x03) |
Finite-field Diffie-Hellman groups defined for TLS in RFC 7919.
This family includes groups with the following key sizes (in bits): 2048, 3072, 4096, 6144, 8192. An implementation can support all of these sizes or only a subset.
Keys is this group can only be used with the PSA_ALG_FFDH key agreement algorithm.
These groups are defined by Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS) RFC7919 Appendix A.
Definition at line 2068 of file crypto_values.h.
#define PSA_ECC_FAMILY_BRAINPOOL_P_R1 ((psa_ecc_family_t)0x30) |
Brainpool P
random curves.
This family comprises the following curves:
brainpoolP160r1
: key_bits
= 160 (Deprecated)brainpoolP192r1
: key_bits
= 192brainpoolP224r1
: key_bits
= 224brainpoolP256r1
: key_bits
= 256brainpoolP320r1
: key_bits
= 320brainpoolP384r1
: key_bits
= 384brainpoolP512r1
: key_bits
= 512They are defined in Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation RFC5639.
brainpoolP160r1
is weak and deprecated and is only recommended for use in legacy protocols.Compatible algorithms
Definition at line 2094 of file crypto_values.h.
#define PSA_ECC_FAMILY_FRP ((psa_ecc_family_t)0x33) |
Curve used primarily in France and elsewhere in Europe.
This family comprises one 256-bit curve:
FRP256v1
: key_bits
= 256This is defined by Publication d'un paramétrage de courbe elliptique visant des applications de passeport électronique et de l'administration électronique française FRP.
Compatible algorithms
Definition at line 2113 of file crypto_values.h.
#define PSA_ECC_FAMILY_MONTGOMERY ((psa_ecc_family_t)0x41) |
Montgomery curves.
This family comprises the following Montgomery curves:
Curve25519
: key_bits
= 255Curve448
: key_bits
= 448Curve25519
is defined in Curve25519: new Diffie-Hellman speed records Curve25519. Curve448
is defined in Ed448-Goldilocks, a new elliptic curve Curve448.
Compatible algorithms
Definition at line 2130 of file crypto_values.h.
#define PSA_ECC_FAMILY_SECP_K1 ((psa_ecc_family_t)0x17) |
SEC Koblitz curves over prime fields.
This family comprises the following curves:
secp192k1
: key_bits
= 192secp224k1
: key_bits
= 225secp256k1
: key_bits
= 256They are defined in SEC 2: Recommended Elliptic Curve Domain Parameters SEC2.
Compatible algorithms
Definition at line 2149 of file crypto_values.h.
#define PSA_ECC_FAMILY_SECP_R1 ((psa_ecc_family_t)0x12) |
SEC random curves over prime fields.
This family comprises the following curves:
secp192r1
: key_bits
= 192secp224r1
: key_bits
= 224secp256r1
: key_bits
= 256secp384r1
: key_bits
= 384secp521r1
: key_bits
= 521They are defined in SEC2.
Compatible algorithms
Definition at line 2169 of file crypto_values.h.
#define PSA_ECC_FAMILY_SECP_R2 ((psa_ecc_family_t)0x1b) |
This family comprises the following curves:
secp160r2
: key_bits
= 160 (Deprecated)It is defined in the superseded SEC 2: Recommended Elliptic Curve Domain Parameters, Version 1.0 SEC2v1.
Compatible algorithms
Definition at line 2186 of file crypto_values.h.
#define PSA_ECC_FAMILY_SECT_K1 ((psa_ecc_family_t)0x27) |
SEC Koblitz curves over binary fields.
This family comprises the following curves:
sect163k1
: key_bits
= 163 (Deprecated)sect233k1
: key_bits
= 233sect239k1
: key_bits
= 239sect283k1
: key_bits
= 283sect409k1
: key_bits
= 409sect571k1
: key_bits
= 571They are defined in SEC2.
sect163k1
is weak and deprecated and is only recommended for use in legacy protocols.Compatible algorithms
Definition at line 2210 of file crypto_values.h.
#define PSA_ECC_FAMILY_SECT_R1 ((psa_ecc_family_t)0x22) |
SEC random curves over binary fields.
This family comprises the following curves:
sect163r1
: key_bits
= 163 (Deprecated)sect233r1
: key_bits
= 233sect283r1
: key_bits
= 283sect409r1
: key_bits
= 409sect571r1
: key_bits
= 571They are defined in SEC2.
sect163r1
is weak and deprecated and is only recommended for use in legacy protocols.Compatible algorithms
Definition at line 2233 of file crypto_values.h.
#define PSA_ECC_FAMILY_SECT_R2 ((psa_ecc_family_t)0x2b) |
SEC additional random curves over binary fields.
This family comprises the following curves:
sect163r2
: key_bits
= 163 (Deprecated)It is defined in SEC2.
sect163r2
is weak and deprecated and is only recommended for use in legacy protocols.Compatible algorithms
Definition at line 2252 of file crypto_values.h.
#define PSA_ECC_FAMILY_TWISTED_EDWARDS ((psa_ecc_family_t)0x42) |
Twisted Edwards curves.
This family comprises the following twisted Edwards curves:
Edwards25519
: key_bits
= 255. This curve is birationally equivalent to Curve25519
.Edwards448
: key_bits
= 448. This curve is birationally equivalent to Curve448
.Edwards25519 is defined in Twisted Edwards curves Ed25519. Edwards448 is defined in Ed448-Goldilocks, a new elliptic curve Curve448.
Compatible algorithms
Definition at line 2271 of file crypto_values.h.
#define PSA_KEY_DERIVATION_INPUT_CONTEXT /* implementation-defined value */ |
A context for key derivation.
This is typically a direct input. It can also be a key of type PSA_KEY_TYPE_RAW_DATA.
Definition at line 2279 of file crypto_values.h.
#define PSA_KEY_DERIVATION_INPUT_COST /* implementation-defined value */ |
A cost parameter for password hashing or key stretching.
This must be a direct input, passed to psa_key_derivation_input_integer().
Definition at line 2286 of file crypto_values.h.
#define PSA_KEY_DERIVATION_INPUT_INFO /* implementation-defined value */ |
An information string for key derivation.
This is typically a direct input. It can also be a key of type PSA_KEY_TYPE_RAW_DATA.
Definition at line 2294 of file crypto_values.h.
#define PSA_KEY_DERIVATION_INPUT_LABEL /* implementation-defined value */ |
A label for key derivation.
This is typically a direct input. It can also be a key of type PSA_KEY_TYPE_RAW_DATA.
Definition at line 2302 of file crypto_values.h.
#define PSA_KEY_DERIVATION_INPUT_PASSWORD /* implementation-defined value */ |
A low-entropy secret input for password hashing or key stretching.
This is usually a key of type PSA_KEY_TYPE_PASSWORD passed to psa_key_derivation_input_key() or a direct input passed to psa_key_derivation_input_bytes() that is a password or passphrase. It can also be high-entropy secret, for example, a key of type PSA_KEY_TYPE_DERIVE, or the shared secret resulting from a key agreement.
If the secret is a direct input, the derivation operation cannot be used to derive keys: the operation will not allow a call to psa_key_derivation_output_key().
Definition at line 2316 of file crypto_values.h.
#define PSA_KEY_DERIVATION_INPUT_SALT /* implementation-defined value */ |
A salt for key derivation.
This is typically a direct input. It can also be a key of type PSA_KEY_TYPE_RAW_DATA or PSA_KEY_TYPE_PEPPER.
Definition at line 2324 of file crypto_values.h.
#define PSA_KEY_DERIVATION_INPUT_SECRET /* implementation-defined value */ |
A high-entropy secret input for key derivation.
This is typically a key of type PSA_KEY_TYPE_DERIVE passed to psa_key_derivation_input_key(), or the shared secret resulting from a key agreement obtained via psa_key_derivation_key_agreement().
The secret can also be a direct input passed to psa_key_derivation_input_bytes(). In this case, the derivation operation cannot be used to derive keys: the operation will not allow a call to psa_key_derivation_output_key().
Definition at line 2337 of file crypto_values.h.
#define PSA_KEY_DERIVATION_INPUT_SEED /* implementation-defined value */ |
A seed for key derivation.
This is typically a direct input. It can also be a key of type PSA_KEY_TYPE_RAW_DATA.
Definition at line 2345 of file crypto_values.h.
#define PSA_KEY_DERIVATION_UNLIMITED_CAPACITY /* implementation-defined value */ |
Use the maximum possible capacity for a key derivation operation.
Use this value as the capacity argument when setting up a key derivation to specify that the operation will use the maximum possible capacity. The value of the maximum possible capacity depends on the key derivation algorithm.
Definition at line 2354 of file crypto_values.h.
#define PSA_KEY_ID_NULL ((psa_key_id_t)0) |
The null key identifier.
The null key identifier is always invalid, except when used without in a call to psa_destroy_key() which will return PSA_SUCCESS.
Definition at line 2363 of file crypto_values.h.
#define PSA_KEY_ID_USER_MAX ((psa_key_id_t)0x3fffffff) |
The maximum value for a key identifier chosen by the application.
Definition at line 2368 of file crypto_values.h.
#define PSA_KEY_ID_USER_MIN ((psa_key_id_t)0x00000001) |
The minimum value for a key identifier chosen by the application.
Definition at line 2373 of file crypto_values.h.
#define PSA_KEY_ID_VENDOR_MAX ((psa_key_id_t)0x7fffffff) |
The maximum value for a key identifier chosen by the implementation.
Definition at line 2378 of file crypto_values.h.
#define PSA_KEY_ID_VENDOR_MIN ((psa_key_id_t)0x40000000) |
The minimum value for a key identifier chosen by the implementation.
Definition at line 2383 of file crypto_values.h.
#define PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION | ( | persistence, | |
location | |||
) | ((location) << 8 | (persistence)) |
Construct a lifetime from a persistence level and a location.
persistence | The persistence level: a value of type psa_key_persistence_t. |
location | The location indicator: a value of type psa_key_location_t. |
Definition at line 2393 of file crypto_values.h.
#define PSA_KEY_LIFETIME_GET_LOCATION | ( | lifetime | ) | ((psa_key_location_t)((lifetime) >> 8)) |
Extract the location indicator from a key lifetime.
lifetime | The lifetime value to query: a value of type psa_key_lifetime_t. |
Definition at line 2401 of file crypto_values.h.
#define PSA_KEY_LIFETIME_GET_PERSISTENCE | ( | lifetime | ) | ((psa_key_persistence_t)((lifetime) & 0x000000ff)) |
Extract the persistence level from a key lifetime.
lifetime | The lifetime value to query: a value of type psa_key_lifetime_t. |
Definition at line 2409 of file crypto_values.h.
#define PSA_KEY_LIFETIME_IS_VOLATILE | ( | lifetime | ) | (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == PSA_KEY_PERSISTENCE_VOLATILE) |
Whether a key lifetime indicates that the key is volatile.
A volatile key is automatically destroyed by the implementation when the application instance terminates. In particular, a volatile key is automatically destroyed on a power reset of the device. A key that is not volatile is persistent. Persistent keys are preserved until the application explicitly destroys them or until an implementation-specific device management event occurs, for example, a factory reset.
lifetime | The lifetime value to query: a value of type psa_key_lifetime_t. |
Definition at line 2427 of file crypto_values.h.
#define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001) |
The default lifetime for persistent keys.
A persistent key remains in storage until it is explicitly destroyed or until the corresponding storage area is wiped. This specification does not define any mechanism to wipe a storage area. Implementations are permitted to provide their own mechanism, for example, to perform a factory reset, to prepare for device refurbishment, or to uninstall an application.
This lifetime value is the default storage area for the calling application. Implementations can offer other storage areas designated by other lifetime values as implementation-specific extensions.
Definition at line 2443 of file crypto_values.h.
#define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t)0x00000000) |
The default lifetime for volatile keys.
A volatile key only exists as long as its identifier is not destroyed. The key material is guaranteed to be erased on a power reset.
A key with this lifetime is typically stored in the RAM area of the PSA Crypto subsystem. However this is an implementation choice. If an implementation stores data about the key in a non-volatile memory, it must release all the resources associated with the key and erase the key material if the calling application terminates.
Definition at line 2456 of file crypto_values.h.
#define PSA_KEY_LOCATION_LOCAL_STORAGE ((psa_key_location_t)0x000000) |
The local storage area for persistent keys.
This storage area is available on all systems that can store persistent keys without delegating the storage to a third-party cryptoprocessor.
See psa_key_location_t for more information.
Definition at line 2466 of file crypto_values.h.
#define PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT ((psa_key_location_t)0x000001) |
The default secure element storage area for persistent keys.
This storage location is available on systems that have one or more secure elements that are able to store keys.
Vendor-defined locations must be provided by the system for storing keys in additional secure elements.
See psa_key_location_t for more information.
Definition at line 2479 of file crypto_values.h.
#define PSA_KEY_LOCATION_SE_MAX ((psa_key_location_t)0x8000ff) |
Maximum location value for secure elements.
Definition at line 2494 of file crypto_values.h.
#define PSA_KEY_LOCATION_SE_MIN (PSA_KEY_LOCATION_VENDOR_FLAG) |
Minimum location value for secure elements.
Definition at line 2489 of file crypto_values.h.
#define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t)0x800000) |
Mark vendor defined key locations.
Definition at line 2484 of file crypto_values.h.
#define PSA_KEY_PERSISTENCE_DEFAULT ((psa_key_persistence_t)0x01) |
The default persistence level for persistent keys.
See psa_key_persistence_t for more information.
Definition at line 2501 of file crypto_values.h.
#define PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t)0xff) |
A persistence level indicating that a key is never destroyed.
See psa_key_persistence_t for more information.
Definition at line 2508 of file crypto_values.h.
#define PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t)0x00) |
The persistence level of volatile keys.
See psa_key_persistence_t for more information.
Definition at line 2515 of file crypto_values.h.
#define PSA_KEY_TYPE_AES ((psa_key_type_t)0x2400) |
Key for a cipher, AEAD or MAC algorithm based on the AES block cipher.
The size of the key is related to the AES algorithm variant. For algorithms except the XTS block cipher mode, the following key sizes are used:
key_bits
= 128key_bits
= 192key_bits
= 256For the XTS block cipher mode (PSA_ALG_XTS), the following key sizes are used:
key_bits
= 256key_bits
= 384key_bits
= 512The AES block cipher is defined in FIPS Publication 197: Advanced Encryption Standard (AES) FIPS197.
Compatible algorithms
Definition at line 2587 of file crypto_values.h.
#define PSA_KEY_TYPE_ARC4 ((psa_key_type_t)0x2002) |
Key for the ARC4 stream cipher.
The ARC4 cipher supports key sizes between 40 and 2048 bits, that are multiples of 8. (5 to 256 bytes)
Use algorithm PSA_ALG_STREAM_CIPHER to use this key with the ARC4 cipher.
Definition at line 2600 of file crypto_values.h.
#define PSA_KEY_TYPE_ARIA ((psa_key_type_t)0x2406) |
Key for a cipher, AEAD or MAC algorithm based on the ARIA block cipher.
The size of the key is related to the ARIA algorithm variant. For algorithms except the XTS block cipher mode, the following key sizes are used: - ARIA-128 uses a 16-byte key : @c key_bits = 128 - ARIA-192 uses a 24-byte key : @c key_bits = 192 - ARIA-256 uses a 32-byte key : @c key_bits = 256 For the XTS block cipher mode (@ref PSA_ALG_XTS), the following key sizes are used: - ARIA-128-XTS uses two 16-byte keys : @c key_bits = 256 - ARIA-192-XTS uses two 24-byte keys : @c key_bits = 384 - ARIA-256-XTS uses two 32-byte keys : @c key_bits = 512 The ARIA block cipher is defined in A Description of the ARIA Encryption Algorithm [RFC5794](https://datatracker.ietf.org/doc/html/rfc5794). @b Compatible @b algorithms - @ref PSA_ALG_CBC_MAC - @ref PSA_ALG_CMAC - @ref PSA_ALG_CTR - @ref PSA_ALG_CFB - @ref PSA_ALG_OFB - @ref PSA_ALG_XTS - @ref PSA_ALG_CBC_NO_PADDING - @ref PSA_ALG_CBC_PKCS7 - @ref PSA_ALG_ECB_NO_PADDING - @ref PSA_ALG_CCM - @ref PSA_ALG_GCM
Definition at line 2632 of file crypto_values.h.
#define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t)0x2403) |
Key for a cipher, AEAD or MAC algorithm based on the Camellia block cipher.
The size of the key is related to the Camellia algorithm variant. For algorithms except the XTS block cipher mode, the following key sizes are used:
key_bits
= 128key_bits
= 192key_bits
= 256For the XTS block cipher mode (PSA_ALG_XTS), the following key sizes are used:
key_bits
= 256key_bits
= 384key_bits
= 512The Camellia block cipher is defined in Specification of Camellia — a 128-bit Block Cipher NTT-CAM and also described in A Description of the Camellia Encryption Algorithm RFC3713.
Compatible algorithms
Definition at line 2666 of file crypto_values.h.
#define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR ((psa_key_type_t)0x3000) |
Asymmetric key pair flag.
Definition at line 2555 of file crypto_values.h.
#define PSA_KEY_TYPE_CATEGORY_KEY_PAIR ((psa_key_type_t)0x7000) |
Asymmetric key pair type.
Definition at line 2550 of file crypto_values.h.
#define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t)0x7000) |
Mask for key type categories.
Definition at line 2530 of file crypto_values.h.
#define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY ((psa_key_type_t)0x4000) |
Asymmetric public key type.
Definition at line 2545 of file crypto_values.h.
#define PSA_KEY_TYPE_CATEGORY_RAW ((psa_key_type_t)0x1000) |
Raw key data type.
Definition at line 2535 of file crypto_values.h.
#define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t)0x2000) |
Symmetric key type.
Definition at line 2540 of file crypto_values.h.
#define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t)0x2004) |
Key for the ChaCha20 stream cipher or the ChaCha20-Poly1305 AEAD algorithm.
The ChaCha20 key size is 256 bits (32 bytes).
Compatible algorithms
Definition at line 2683 of file crypto_values.h.
#define PSA_KEY_TYPE_DERIVE ((psa_key_type_t)0x1200) |
A secret for key derivation.
This key type is for high-entropy secrets only. For low-entropy secrets, PSA_KEY_TYPE_PASSWORD should be used instead.
These keys can be used in the PSA_KEY_DERIVATION_INPUT_SECRET or PSA_KEY_DERIVATION_INPUT_PASSWORD input step of key derivation algorithms.
The key policy determines which key derivation algorithm the key can be used for.
The bit size of a secret for key derivation must be a non-zero multiple of 8. The maximum size of a secret for key derivation is implementation defined.
Compatible algorithms
Definition at line 2704 of file crypto_values.h.
#define PSA_KEY_TYPE_DES ((psa_key_type_t)0x2301) |
Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).
The size of the key determines which DES algorithm is used:
key_bits
= 64key_bits
= 128key_bits
= 192The DES and 3DES block ciphers are defined in NIST Special Publication 800-67: Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher SP800-67.
Compatible algorithms
Definition at line 2733 of file crypto_values.h.
#define PSA_KEY_TYPE_DH_GET_FAMILY | ( | type | ) | ((psa_dh_family_t)((type) & 0x00ff)) |
Extract the group family from a Diffie-Hellman key type.
type | A Diffie-Hellman key type: a value of type psa_key_type_t such that PSA_KEY_TYPE_IS_DH(type ) is true. |
Definition at line 2744 of file crypto_values.h.
#define PSA_KEY_TYPE_DH_KEY_PAIR | ( | group | ) | ((psa_key_type_t)(0x7200 | (group))) |
Finite-field Diffie-Hellman key pair: both the private key and public key.
Compatible algorithms
group | A value of type psa_dh_family_t that identifies the Diffie-Hellman group family to be used. |
Definition at line 2756 of file crypto_values.h.
#define PSA_KEY_TYPE_DH_PUBLIC_KEY | ( | group | ) | ((psa_key_type_t)(0x4200 | (group))) |
Finite-field Diffie-Hellman public key.
Compatible algorithms None. Finite-field Diffie-Hellman public keys are exported to use in a key agreement algorithm, and the peer key is provided to the PSA_ALG_FFDH key agreement algorithm as a buffer of key data.
group | A value of type psa_dh_family_t that identifies the Diffie-Hellman group family to be used. |
Definition at line 2770 of file crypto_values.h.
#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x00ff) |
Mask for ECC curves.
Definition at line 2798 of file crypto_values.h.
#define PSA_KEY_TYPE_ECC_GET_FAMILY | ( | type | ) | ((psa_ecc_family_t)((type) & 0x00ff)) |
Extract the curve family from an elliptic curve key type.
type | An elliptic curve key type: a value of type psa_key_type_t such that PSA_KEY_TYPE_IS_ECC(type ) is true. |
Definition at line 2782 of file crypto_values.h.
#define PSA_KEY_TYPE_ECC_KEY_PAIR | ( | curve | ) | (PSA_KEY_TYPE_ECC_KEY_PAIR_BASE | (curve)) |
Elliptic curve key pair: both the private and public key.
The size of an elliptic curve key is the bit size associated with the curve, that is, the bit size of q for a curve over a field Fq. See the documentation of each Elliptic curve family for details.
Compatible algorithms
curve | A value of type psa_ecc_family_t that identifies the ECC curve to be used. |
Definition at line 2815 of file crypto_values.h.
#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t)0x7100) |
Base value for ECC key pairs.
Definition at line 2793 of file crypto_values.h.
#define PSA_KEY_TYPE_ECC_PUBLIC_KEY | ( | curve | ) | (PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve)) |
Elliptic curve public key.
The size of an elliptic curve public key is the same as the corresponding private key. See PSA_KEY_TYPE_ECC_KEY_PAIR() and the documentation of each Elliptic curve family for details.
Compatible algorithms Elliptic curve public keys can be used for verification in asymmetric signature algorithms. The set of compatible algorithms depends on the elliptic curve key family. See each elliptic curve family for details.
curve | A value of type psa_ecc_family_t that identifies the ECC curve to be used. |
Definition at line 2833 of file crypto_values.h.
#define PSA_KEY_TYPE_ECC_PUBLIC_KEY | ( | curve | ) | (PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve)) |
Elliptic curve public key.
The size of an elliptic curve public key is the same as the corresponding private key. See PSA_KEY_TYPE_ECC_KEY_PAIR() and the documentation of each Elliptic curve family for details.
Compatible algorithms Elliptic curve public keys can be used for verification in asymmetric signature algorithms. The set of compatible algorithms depends on the elliptic curve key family. See each elliptic curve family for details.
curve | A value of type psa_ecc_family_t that identifies the ECC curve to be used. |
Definition at line 2833 of file crypto_values.h.
#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x4100) |
Base value for ECC public keys.
Definition at line 2788 of file crypto_values.h.
#define PSA_KEY_TYPE_HMAC ((psa_key_type_t)0x1100) |
HMAC key.
The key policy determines which underlying hash algorithm the key can be used for.
The bit size of an HMAC key must be a non-zero multiple of 8. An HMAC key is typically the same size as the output of the underlying hash algorithm. An HMAC key that is longer than the block size of the underlying hash algorithm will be hashed before use. When an HMAC key is created that is longer than the block size, it is implementation defined whether the implementation stores the original HMAC key, or the hash of the HMAC key. If the hash of the key is stored, the key size reported by @ref psa_get_key_attributes() will be the size of the hashed key.
alg
) provides the output size of hash algorithm alg
, in bytes. PSA_HASH_BLOCK_LENGTH(alg
) provides the block size of hash algorithm alg
, in bytes.Compatible algorithms
Definition at line 2900 of file crypto_values.h.
#define PSA_KEY_TYPE_IS_ASYMMETRIC | ( | type | ) | (((type) & 0x4000) == 0x4000) |
Whether a key type is asymmetric: either a key pair or a public key.
type | A key type: a value of type psa_key_type_t. |
Definition at line 2907 of file crypto_values.h.
#define PSA_KEY_TYPE_IS_DH | ( | type | ) | ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & 0xff00) == 0x4200) |
Whether a key type is a Diffie-Hellman key, either a key pair or a public key.
type | A key type: a value of type psa_key_type_t. |
Definition at line 2915 of file crypto_values.h.
#define PSA_KEY_TYPE_IS_DH_KEY_PAIR | ( | type | ) | (((type) & 0xff00) == 0x7200) |
Whether a key type is a Diffie-Hellman key pair.
type | A key type: a value of type psa_key_type_t. |
Definition at line 2923 of file crypto_values.h.
#define PSA_KEY_TYPE_IS_DH_PUBLIC_KEY | ( | type | ) | (((type) & 0xff00) == 0x4200) |
Whether a key type is a Diffie-Hellman public key.
type | A key type: a value of type psa_key_type_t. |
Definition at line 2931 of file crypto_values.h.
#define PSA_KEY_TYPE_IS_ECC | ( | type | ) | ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & 0xff00) == 0x4100) |
Whether a key type is an elliptic curve key, either a key pair or a public key.
type | A key type: a value of type psa_key_type_t. |
Definition at line 2847 of file crypto_values.h.
#define PSA_KEY_TYPE_IS_ECC_KEY_PAIR | ( | type | ) | (((type) & 0xff00) == 0x7100) |
Whether a key type is an elliptic curve key pair.
type | A key type: a value of type psa_key_type_t. |
Definition at line 2855 of file crypto_values.h.
#define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY | ( | type | ) | (((type) & 0xff00) == 0x4100) |
Whether a key type is an elliptic curve public key.
type | A key type: a value of type psa_key_type_t. |
Definition at line 2863 of file crypto_values.h.
#define PSA_KEY_TYPE_IS_KEY_PAIR | ( | type | ) | (((type) & 0x7000) == 0x7000) |
Whether a key type is a key pair containing a private part and a public part.
type | A key type: a value of type psa_key_type_t. |
Definition at line 2939 of file crypto_values.h.
#define PSA_KEY_TYPE_IS_PUBLIC_KEY | ( | type | ) | (((type) & 0x7000) == 0x4000) |
Whether a key type is the public part of a key pair.
type | A key type: a value of type psa_key_type_t. |
Definition at line 2948 of file crypto_values.h.
#define PSA_KEY_TYPE_IS_RSA | ( | type | ) | (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == 0x4001) |
Whether a key type is an RSA key.
This includes both key pairs and public keys.
type | A key type: a value of type psa_key_type_t. |
Definition at line 2956 of file crypto_values.h.
#define PSA_KEY_TYPE_IS_UNSTRUCTURED | ( | type | ) | (((type) & 0x7000) == 0x1000 || ((type) & 0x7000) == 0x2000) |
Whether a key type is an unstructured array of bytes.
This encompasses both symmetric keys and non-key data.
type | A key type: a value of type psa_key_type_t. |
Definition at line 2965 of file crypto_values.h.
#define PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY | ( | type | ) | ((psa_key_type_t)((type) | 0x3000)) |
The key pair type corresponding to a public key type.
If type is a key pair type, it will be left unchanged.
type | A public key type or key pair type. |
Definition at line 2978 of file crypto_values.h.
#define PSA_KEY_TYPE_NONE ((psa_key_type_t)0x0000) |
An invalid key type value.
Zero is not the encoding of any key type.
Definition at line 2986 of file crypto_values.h.
#define PSA_KEY_TYPE_PASSWORD ((psa_key_type_t)0x1203) |
A low-entropy secret for password hashing or key derivation.
This key type is suitable for passwords and passphrases which are typically intended to be memorizable by humans, and have a low entropy relative to their size. It can be used for randomly generated or derived keys with maximum or near-maximum entropy, but PSA_KEY_TYPE_DERIVE is more suitable for such keys. It is not suitable for passwords with extremely low entropy, such as numerical PINs.
These keys can be used in the PSA_KEY_DERIVATION_INPUT_PASSWORD input step of key derivation algorithms. Algorithms that accept such an input were designed to accept low-entropy secret and are known as password hashing or key stretching algorithms.
These keys cannot be used in the PSA_KEY_DERIVATION_INPUT_SECRET input step of key derivation algorithms, as the algorithms expect such an input to have high entropy.
The key policy determines which key derivation algorithm the key can be used for, among the permissible subset defined above.
Compatible algorithms
Definition at line 3011 of file crypto_values.h.
#define PSA_KEY_TYPE_PASSWORD_HASH ((psa_key_type_t)0x1205) |
A secret value that can be used to verify a password hash.
The key policy determines which key derivation algorithm the key can be used for, among the same permissible subset as for PSA_KEY_TYPE_PASSWORD.
Compatible algorithms
Definition at line 3023 of file crypto_values.h.
#define PSA_KEY_TYPE_PEPPER ((psa_key_type_t)0x1206) |
A secret value that can be used when computing a password hash.
The key policy determines which key derivation algorithm the key can be used for, among the subset of algorithms that can use pepper.
Compatible algorithms
Definition at line 3035 of file crypto_values.h.
#define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR | ( | type | ) | ((psa_key_type_t)((type) & ~0x3000)) |
The public key type corresponding to a key pair type.
You may also pass a key pair type as type, it will be left unchanged.
type | A public key type or key pair type. |
Definition at line 2875 of file crypto_values.h.
#define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t)0x1001) |
Raw data.
A “key” of this type cannot be used for any cryptographic operation. Applications can use this type to store arbitrary data in the keystore.
The bit size of a raw key must be a non-zero multiple of 8. The maximum size of a raw key is implementation defined.
Compatible algorithms
Definition at line 3051 of file crypto_values.h.
#define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t)0x7001) |
RSA key pair: both the private and public key.
The size of an RSA key is the bit size of the modulus.
@b Compatible @b algorithms - @ref PSA_ALG_RSA_OAEP - @ref PSA_ALG_RSA_PKCS1V15_CRYPT - @ref PSA_ALG_RSA_PKCS1V15_SIGN - @ref PSA_ALG_RSA_PKCS1V15_SIGN_RAW - @ref PSA_ALG_RSA_PSS - @ref PSA_ALG_RSA_PSS_ANY_SALT
Definition at line 3066 of file crypto_values.h.
#define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x4001) |
RSA public key.
The size of an RSA key is the bit size of the modulus.
@b Compatible @b algorithms - @ref PSA_ALG_RSA_OAEP (encryption only) - @ref PSA_ALG_RSA_PKCS1V15_CRYPT (encryption only) - @ref PSA_ALG_RSA_PKCS1V15_SIGN (signature verification only) - @ref PSA_ALG_RSA_PKCS1V15_SIGN_RAW (signature verification only) - @ref PSA_ALG_RSA_PSS (signature verification only) - @ref PSA_ALG_RSA_PSS_ANY_SALT (signature verification only)
Definition at line 3081 of file crypto_values.h.
#define PSA_KEY_TYPE_SM4 ((psa_key_type_t)0x2405) |
Key for a cipher, AEAD or MAC algorithm based on the SM4 block cipher.
For algorithms except the XTS block cipher mode, the SM4 key size is 128 bits (16 bytes).
For the XTS block cipher mode (PSA_ALG_XTS), the SM4 key size is 256 bits (two 16-byte keys).
The SM4 block cipher is defined in GM/T 0002-2012: SM4 block cipher algorithm CSTC0002 (English version CSTC0002/E).
Compatible algorithms
Definition at line 3110 of file crypto_values.h.
#define PSA_KEY_TYPE_VENDOR_FLAG ((psa_key_type_t)0x8000) |
Vendor-defined key type flag.
Key types defined by this standard will never have the PSA_KEY_TYPE_VENDOR_FLAG bit set. Vendors who define additional key types must use an encoding with the PSA_KEY_TYPE_VENDOR_FLAG bit set and should respect the bitwise structure used by standard encodings whenever practical.
Definition at line 2525 of file crypto_values.h.
#define PSA_KEY_USAGE_CACHE ((psa_key_usage_t)0x00000004) |
Permission for the implementation to cache the key.
This flag allows the implementation to make additional copies of the key material that are not in storage and not for the purpose of an ongoing operation. Applications can use it as a hint to keep the key around for repeated access.
An application can request that cached key material is removed from memory by calling psa_purge_key().
The presence of this usage flag when creating a key is a hint:
If this usage flag is not present, the implementation must ensure key material is removed from memory as soon as it is not required for an operation or for maintenance of a volatile key.
This flag must be preserved when reading back the attributes for all keys, regardless of key type or implementation behavior.
Definition at line 3133 of file crypto_values.h.
#define PSA_KEY_USAGE_COPY ((psa_key_usage_t)0x00000002) |
Permission to copy the key.
This flag allows the use of psa_copy_key() to make a copy of the key with the same policy or a more restrictive policy.
For lifetimes for which the key is located in a secure element which enforce the non-exportability of keys, copying a key outside the secure element also requires the usage flag PSA_KEY_USAGE_EXPORT. Copying the key inside the secure element is permitted with just PSA_KEY_USAGE_COPY if the secure element supports it. For keys with the lifetime PSA_KEY_LIFETIME_VOLATILE or PSA_KEY_LIFETIME_PERSISTENT, the usage flag PSA_KEY_USAGE_COPY is sufficient to permit the copy.
Definition at line 3148 of file crypto_values.h.
#define PSA_KEY_USAGE_DECRYPT ((psa_key_usage_t)0x00000200) |
Permission to decrypt a message with the key.
This flag allows the key to be used for a symmetric decryption operation, for an AEAD decryption-and-verification operation, or for an asymmetric decryption operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used with the following APIs:
For a key pair, this concerns the private key.
Definition at line 3165 of file crypto_values.h.
#define PSA_KEY_USAGE_DERIVE ((psa_key_usage_t)0x00004000) |
Permission to derive other keys or produce a password hash from this key.
This flag allows the key to be used for a key derivation operation or for a key agreement operation, if otherwise permitted by the key’s type and policy.
This flag must be present on keys used with the following APIs:
If this flag is present on all keys used in calls to psa_key_derivation_input_key() for a key derivation operation, then it permits calling psa_key_derivation_output_bytes() or psa_key_derivation_output_key() at the end of the operation.
Definition at line 3182 of file crypto_values.h.
#define PSA_KEY_USAGE_ENCRYPT ((psa_key_usage_t)0x00000100) |
Permission to encrypt a message with the key.
This flag allows the key to be used for a symmetric encryption operation, for an AEAD encryption-and-authentication operation, or for an asymmetric encryption operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used with the following APIs:
For a key pair, this concerns the public key.
Definition at line 3199 of file crypto_values.h.
#define PSA_KEY_USAGE_EXPORT ((psa_key_usage_t)0x00000001) |
Permission to export the key.
This flag allows the use of psa_export_key() to export a key from the cryptoprocessor. A public key or the public part of a key pair can always be exported regardless of the value of this permission flag.
This flag can also be required to copy a key using psa_copy_key() outside of a secure element. See also PSA_KEY_USAGE_COPY.
If a key does not have export permission, implementations must not allow the key to be exported in plain form from the cryptoprocessor, whether through psa_export_key() or through a proprietary interface. The key might still be exportable in a wrapped form, i.e. in a form where it is encrypted by another key.
Definition at line 3216 of file crypto_values.h.
#define PSA_KEY_USAGE_SIGN_HASH ((psa_key_usage_t)0x00001000) |
Permission to sign a message hash with the key.
This flag allows the key to be used to sign a message hash as part of an asymmetric signature operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used when calling psa_sign_hash().
This flag automatically sets PSA_KEY_USAGE_SIGN_MESSAGE : if an application sets the flag PSA_KEY_USAGE_SIGN_HASH when creating a key, then the key always has the permissions conveyed by PSA_KEY_USAGE_SIGN_MESSAGE, and the flag PSA_KEY_USAGE_SIGN_MESSAGE will also be present when the application queries the usage flags of the key.
For a key pair, this concerns the private key.
Definition at line 3233 of file crypto_values.h.
#define PSA_KEY_USAGE_SIGN_MESSAGE ((psa_key_usage_t)0x00000400) |
Permission to sign a message with the key.
This flag allows the key to be used for a MAC calculation operation or for an asymmetric message signature operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used with the following APIs:
For a key pair, this concerns the private key.
Definition at line 3247 of file crypto_values.h.
#define PSA_KEY_USAGE_VERIFY_DERIVATION ((psa_key_usage_t)0x00008000) |
Permission to verify the result of a key derivation, including password hashing.
This flag allows the key to be used in a key derivation operation, if otherwise permitted by the key’s type and policy.
This flag must be present on keys used with psa_key_derivation_verify_key().
If this flag is present on all keys used in calls to psa_key_derivation_input_key() for a key derivation operation, then it permits calling psa_key_derivation_verify_bytes() or psa_key_derivation_verify_key() at the end of the operation.
Definition at line 3262 of file crypto_values.h.
#define PSA_KEY_USAGE_VERIFY_HASH ((psa_key_usage_t)0x00002000) |
Permission to verify a message hash with the key.
This flag allows the key to be used to verify a message hash as part of an asymmetric signature verification operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used when calling psa_verify_hash().
This flag automatically sets PSA_KEY_USAGE_VERIFY_MESSAGE : if an application sets the flag PSA_KEY_USAGE_VERIFY_HASH when creating a key, then the key always has the permissions conveyed by PSA_KEY_USAGE_VERIFY_MESSAGE, and the flag PSA_KEY_USAGE_VERIFY_MESSAGE will also be present when the application queries the usage flags of the key.
For a key pair, this concerns the public key.
Definition at line 3279 of file crypto_values.h.
#define PSA_KEY_USAGE_VERIFY_MESSAGE ((psa_key_usage_t)0x00000800) |
Permission to verify a message signature with the key.
This flag allows the key to be used for a MAC verification operation or for an asymmetric message signature verification operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used with the following APIs:
For a key pair, this concerns the public key.
Definition at line 3293 of file crypto_values.h.
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE /* implementation-defined value */ |
Sufficient output buffer size for psa_raw_key_agreement(), for any of the supported key types and key agreement algorithms.
If the size of the output buffer is at least this large, it is guaranteed that psa_raw_key_agreement() will not fail due to an insufficient buffer size.
See also PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE().
Definition at line 3304 of file crypto_values.h.
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE | ( | key_type, | |
key_bits | |||
) | /* implementation-defined value */ |
Sufficient output buffer size for psa_raw_key_agreement().
If the size of the output buffer is at least this large, it is guaranteed that psa_raw_key_agreement() will not fail due to an insufficient buffer size. The actual size of the output might be smaller in any given call.
See also PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE.
key_type | A supported key type. |
key_bits | The size of the key in bits. |
Definition at line 3323 of file crypto_values.h.
#define PSA_SIGNATURE_MAX_SIZE /* implementation-defined value */ |
A sufficient signature buffer size for psa_sign_message() and psa_sign_hash(), for any of the supported key types and asymmetric signature algorithms.
If the size of the signature buffer is at least this large, it is guaranteed that psa_sign_message() and psa_sign_hash() will not fail due to an insufficient buffer size.
See also PSA_SIGN_OUTPUT_SIZE().
Definition at line 3337 of file crypto_values.h.
#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE /* implementation-defined value */ |
This macro returns the maximum supported length of the PSK for the TLS-1.2 PSK-to-MS key derivation.
This implementation-defined value specifies the maximum length for the PSK input used with a PSA_ALG_TLS12_PSK_TO_MS() key agreement algorithm.
Quoting Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) RFC4279 §5.3: TLS implementations supporting these cipher suites MUST support arbitrary PSK identities up to 128 octets in length, and arbitrary PSKs up to 64 octets in length. Supporting longer identities and keys is RECOMMENDED.
Therefore, it is recommended that implementations define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE with a value greater than or equal to 64.
Definition at line 3355 of file crypto_values.h.