GitBucket
Newer
/*
* Copyright (c) 2018-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
*/
/**
* \file
*
* \brief PSA cryptography module: vendor extensions
*
* \note This file may not be included directly. Applications must
* include psa/crypto.h.
*
* This file is reserved for vendor-specific definitions.
*/
#ifndef PSA_CRYPTO_EXTRA_H
#define PSA_CRYPTO_EXTRA_H
#include "psa/crypto_compat.h"
#ifdef __cplusplus
extern "C" {
#endif
/** \brief Declare the enrollment algorithm for a key.
*
* An operation on a key may indifferently use the algorithm set with
* psa_set_key_algorithm() or with this function.
*
* \param[out] attributes The attribute structure to write to.
* \param alg2 A second algorithm that the key may be used
* for, in addition to the algorithm set with
* psa_set_key_algorithm().
*
* \warning Setting an enrollment algorithm is not recommended, because
* using the same key with different algorithms can allow some
* attacks based on arithmetic relations between different
* computations made with the same key, or can escalate harmless
* side channels into exploitable ones. Use this function only
* if it is necessary to support a protocol for which it has been
* verified that the usage of the key with multiple algorithms
* is safe.
*/
static inline void psa_set_key_enrollment_algorithm(
psa_key_attributes_t *attributes,
psa_algorithm_t alg2)
{
attributes->core.policy.alg2 = alg2;
}
#if defined(MBEDTLS_ECP_C)
#include <mbedtls/ecp.h>
/** Convert an ECC curve identifier from the Mbed TLS encoding to PSA.
*
* \note This function is provided solely for the convenience of
* Mbed TLS and may be removed at any time without notice.
*
* \param grpid An Mbed TLS elliptic curve identifier
* (`MBEDTLS_ECP_DP_xxx`).
* \param[out] bits On success, the bit size of the curve.
*
* \return The corresponding PSA elliptic curve identifier
* (`PSA_ECC_FAMILY_xxx`).
* \return \c 0 on failure (\p grpid is not recognized).
*/
static inline psa_ecc_family_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid,
size_t *bits )
{
switch( grpid )
{
case MBEDTLS_ECP_DP_SECP192R1:
*bits = 192;
return( PSA_ECC_FAMILY_SECP_R1 );
case MBEDTLS_ECP_DP_SECP224R1:
*bits = 224;
return( PSA_ECC_FAMILY_SECP_R1 );
case MBEDTLS_ECP_DP_SECP256R1:
*bits = 256;
return( PSA_ECC_FAMILY_SECP_R1 );
case MBEDTLS_ECP_DP_SECP384R1:
*bits = 384;
return( PSA_ECC_FAMILY_SECP_R1 );
case MBEDTLS_ECP_DP_SECP521R1:
*bits = 521;
return( PSA_ECC_FAMILY_SECP_R1 );
case MBEDTLS_ECP_DP_BP256R1:
*bits = 256;
return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
case MBEDTLS_ECP_DP_BP384R1:
*bits = 384;
return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
case MBEDTLS_ECP_DP_BP512R1:
*bits = 512;
return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
case MBEDTLS_ECP_DP_CURVE25519:
*bits = 255;
return( PSA_ECC_FAMILY_MONTGOMERY );
case MBEDTLS_ECP_DP_SECP192K1:
*bits = 192;
return( PSA_ECC_FAMILY_SECP_K1 );
case MBEDTLS_ECP_DP_SECP224K1:
*bits = 224;
return( PSA_ECC_FAMILY_SECP_K1 );
case MBEDTLS_ECP_DP_SECP256K1:
*bits = 256;
return( PSA_ECC_FAMILY_SECP_K1 );
case MBEDTLS_ECP_DP_CURVE448:
*bits = 448;
return( PSA_ECC_FAMILY_MONTGOMERY );
default:
*bits = 0;
return( 0 );
}
}
/** Convert an ECC curve identifier from the PSA encoding to Mbed TLS.
*
* \note This function is provided solely for the convenience of
* Mbed TLS and may be removed at any time without notice.
*
* \param curve A PSA elliptic curve identifier
* (`PSA_ECC_FAMILY_xxx`).
* \param byte_length The byte-length of a private key on \p curve.
*
* \return The corresponding Mbed TLS elliptic curve identifier
* (`MBEDTLS_ECP_DP_xxx`).
* \return #MBEDTLS_ECP_DP_NONE if \c curve is not recognized.
* \return #MBEDTLS_ECP_DP_NONE if \p byte_length is not
* correct for \p curve.
*/
//mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve,
// size_t byte_length );
#endif /* MBEDTLS_ECP_C */
#ifdef __cplusplus
}
#endif
#endif /* PSA_CRYPTO_EXTRA_H */