usage.h File Reference

Key usage definitions for the PSA Crypto API. More...

Detailed Description

Key usage definitions for the PSA Crypto API.

Author

Armin Wolf wolf..nosp@m.armi.nosp@m.n@mai.nosp@m.lbox.nosp@m..tu-d.nosp@m.resd.nosp@m.en.de

Lena Boeckmann lena..nosp@m.boec.nosp@m.kmann.nosp@m.@haw.nosp@m.-hamb.nosp@m.urg..nosp@m.de

Definition in file usage.h.

#include <stdint.h>

Include dependency graph for usage.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

#define	PSA_KEY_USAGE_EXPORT   ((psa_key_usage_t)0x00000001)
	Permission to export the key.
#define	PSA_KEY_USAGE_COPY   ((psa_key_usage_t)0x00000002)
	Permission to copy the key.
#define	PSA_KEY_USAGE_CACHE   ((psa_key_usage_t)0x00000004)
	Permission for the implementation to cache the key.
#define	PSA_KEY_USAGE_ENCRYPT   ((psa_key_usage_t)0x00000100)
	Permission to encrypt a message with the key.
#define	PSA_KEY_USAGE_DECRYPT   ((psa_key_usage_t)0x00000200)
	Permission to decrypt a message with the key.
#define	PSA_KEY_USAGE_SIGN_MESSAGE   ((psa_key_usage_t)0x00000400)
	Permission to sign a message with the key.
#define	PSA_KEY_USAGE_VERIFY_MESSAGE   ((psa_key_usage_t)0x00000800)
	Permission to verify a message signature with the key.
#define	PSA_KEY_USAGE_SIGN_HASH   ((psa_key_usage_t)0x00001000)
	Permission to sign a message hash with the key.
#define	PSA_KEY_USAGE_VERIFY_HASH   ((psa_key_usage_t)0x00002000)
	Permission to verify a message hash with the key.
#define	PSA_KEY_USAGE_DERIVE   ((psa_key_usage_t)0x00004000)
	Permission to derive other keys or produce a password hash from this key.
#define	PSA_KEY_USAGE_VERIFY_DERIVATION   ((psa_key_usage_t)0x00008000)
	Permission to verify the result of a key derivation, including password hashing.
typedef uint32_t	psa_key_usage_t
	Encoding of permitted usage on a key.

Macro Definition Documentation

PSA_KEY_USAGE_CACHE

#define PSA_KEY_USAGE_CACHE   ((psa_key_usage_t)0x00000004)

Permission for the implementation to cache the key.

This flag allows the implementation to make additional copies of the key material that are not in storage and not for the purpose of an ongoing operation. Applications can use it as a hint to keep the key around for repeated access.

An application can request that cached key material is removed from memory by calling psa_purge_key().

The presence of this usage flag when creating a key is a hint:

• An implementation is not required to cache keys that have this usage flag.
• An implementation must not report an error if it does not cache keys.

If this usage flag is not present, the implementation must ensure key material is removed from memory as soon as it is not required for an operation or for maintenance of a volatile key.

This flag must be preserved when reading back the attributes for all keys, regardless of key type or implementation behavior.

Definition at line 89 of file usage.h.

PSA_KEY_USAGE_COPY

#define PSA_KEY_USAGE_COPY   ((psa_key_usage_t)0x00000002)

Permission to copy the key.

This flag allows the use of psa_copy_key() to make a copy of the key with the same policy or a more restrictive policy.

For lifetimes for which the key is located in a secure element which enforce the non-exportability of keys, copying a key outside the secure element also requires the usage flag PSA_KEY_USAGE_EXPORT. Copying the key inside the secure element is permitted with just PSA_KEY_USAGE_COPY if the secure element supports it. For keys with the lifetime PSA_KEY_LIFETIME_VOLATILE or PSA_KEY_LIFETIME_PERSISTENT, the usage flag PSA_KEY_USAGE_COPY is sufficient to permit the copy.

Definition at line 66 of file usage.h.

PSA_KEY_USAGE_DECRYPT

#define PSA_KEY_USAGE_DECRYPT   ((psa_key_usage_t)0x00000200)

Permission to decrypt a message with the key.

This flag allows the key to be used for a symmetric decryption operation, for an AEAD decryption-and-verification operation, or for an asymmetric decryption operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used with the following APIs:

• psa_cipher_decrypt()
• psa_cipher_decrypt_setup()
• psa_aead_decrypt()
• psa_aead_decrypt_setup()
• psa_asymmetric_decrypt()

For a key pair, this concerns the private key.

Definition at line 123 of file usage.h.

PSA_KEY_USAGE_DERIVE

#define PSA_KEY_USAGE_DERIVE   ((psa_key_usage_t)0x00004000)

Permission to derive other keys or produce a password hash from this key.

This flag allows the key to be used for a key derivation operation or for a key agreement operation, if otherwise permitted by the key’s type and policy.

This flag must be present on keys used with the following APIs:

• psa_key_derivation_key_agreement()
• psa_raw_key_agreement()

If this flag is present on all keys used in calls to psa_key_derivation_input_key() for a key derivation operation, then it permits calling psa_key_derivation_output_bytes() or psa_key_derivation_output_key() at the end of the operation.

Definition at line 202 of file usage.h.

PSA_KEY_USAGE_ENCRYPT

#define PSA_KEY_USAGE_ENCRYPT   ((psa_key_usage_t)0x00000100)

Permission to encrypt a message with the key.

This flag allows the key to be used for a symmetric encryption operation, for an AEAD encryption-and-authentication operation, or for an asymmetric encryption operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used with the following APIs:

• psa_cipher_encrypt()
• psa_cipher_encrypt_setup()
• psa_aead_encrypt()
• psa_aead_encrypt_setup()
• psa_asymmetric_encrypt()

For a key pair, this concerns the public key.

Definition at line 106 of file usage.h.

PSA_KEY_USAGE_EXPORT

#define PSA_KEY_USAGE_EXPORT   ((psa_key_usage_t)0x00000001)

Permission to export the key.

This flag allows the use of psa_export_key() to export a key from the cryptoprocessor. A public key or the public part of a key pair can always be exported regardless of the value of this permission flag.

This flag can also be required to copy a key using psa_copy_key() outside of a secure element. See also PSA_KEY_USAGE_COPY.

If a key does not have export permission, implementations must not allow the key to be exported in plain form from the cryptoprocessor, whether through psa_export_key() or through a proprietary interface. The key might still be exportable in a wrapped form, i.e. in a form where it is encrypted by another key.

Definition at line 51 of file usage.h.

PSA_KEY_USAGE_SIGN_HASH

#define PSA_KEY_USAGE_SIGN_HASH   ((psa_key_usage_t)0x00001000)

Permission to sign a message hash with the key.

This flag allows the key to be used to sign a message hash as part of an asymmetric signature operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used when calling psa_sign_hash().

This flag automatically sets PSA_KEY_USAGE_SIGN_MESSAGE : if an application sets the flag PSA_KEY_USAGE_SIGN_HASH when creating a key, then the key always has the permissions conveyed by PSA_KEY_USAGE_SIGN_MESSAGE, and the flag PSA_KEY_USAGE_SIGN_MESSAGE will also be present when the application queries the usage flags of the key.

For a key pair, this concerns the private key.

Definition at line 168 of file usage.h.

PSA_KEY_USAGE_SIGN_MESSAGE

#define PSA_KEY_USAGE_SIGN_MESSAGE   ((psa_key_usage_t)0x00000400)

Permission to sign a message with the key.

This flag allows the key to be used for a MAC calculation operation or for an asymmetric message signature operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used with the following APIs:

• psa_mac_compute()
• psa_mac_sign_setup()
• psa_sign_message()

For a key pair, this concerns the private key.

Definition at line 137 of file usage.h.

PSA_KEY_USAGE_VERIFY_DERIVATION

#define PSA_KEY_USAGE_VERIFY_DERIVATION   ((psa_key_usage_t)0x00008000)

Permission to verify the result of a key derivation, including password hashing.

This flag allows the key to be used in a key derivation operation, if otherwise permitted by the key’s type and policy.

This flag must be present on keys used with psa_key_derivation_verify_key().

If this flag is present on all keys used in calls to psa_key_derivation_input_key() for a key derivation operation, then it permits calling psa_key_derivation_verify_bytes() or psa_key_derivation_verify_key() at the end of the operation.

Definition at line 217 of file usage.h.

PSA_KEY_USAGE_VERIFY_HASH

#define PSA_KEY_USAGE_VERIFY_HASH   ((psa_key_usage_t)0x00002000)

Permission to verify a message hash with the key.

This flag allows the key to be used to verify a message hash as part of an asymmetric signature verification operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used when calling psa_verify_hash().

This flag automatically sets PSA_KEY_USAGE_VERIFY_MESSAGE : if an application sets the flag PSA_KEY_USAGE_VERIFY_HASH when creating a key, then the key always has the permissions conveyed by PSA_KEY_USAGE_VERIFY_MESSAGE, and the flag PSA_KEY_USAGE_VERIFY_MESSAGE will also be present when the application queries the usage flags of the key.

For a key pair, this concerns the public key.

Definition at line 185 of file usage.h.

PSA_KEY_USAGE_VERIFY_MESSAGE

#define PSA_KEY_USAGE_VERIFY_MESSAGE   ((psa_key_usage_t)0x00000800)

Permission to verify a message signature with the key.

This flag allows the key to be used for a MAC verification operation or for an asymmetric message signature verification operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used with the following APIs:

• psa_mac_verify()
• psa_mac_verify_setup()
• psa_verify_message()

For a key pair, this concerns the public key.

Definition at line 151 of file usage.h.

Typedef Documentation

psa_key_usage_t

typedef uint32_t psa_key_usage_t

Encoding of permitted usage on a key.

Definition at line 34 of file usage.h.