/* * Copyright (c) 2018-2020, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * */ /** * \file * * \brief PSA cryptography module: vendor extensions * * \note This file may not be included directly. Applications must * include psa/crypto.h. * * This file is reserved for vendor-specific definitions. */ #ifndef PSA_CRYPTO_EXTRA_H #define PSA_CRYPTO_EXTRA_H #include "psa/crypto_compat.h" #ifdef __cplusplus extern "C" { #endif /** \brief Declare the enrollment algorithm for a key. * * An operation on a key may indifferently use the algorithm set with * psa_set_key_algorithm() or with this function. * * \param[out] attributes The attribute structure to write to. * \param alg2 A second algorithm that the key may be used * for, in addition to the algorithm set with * psa_set_key_algorithm(). * * \warning Setting an enrollment algorithm is not recommended, because * using the same key with different algorithms can allow some * attacks based on arithmetic relations between different * computations made with the same key, or can escalate harmless * side channels into exploitable ones. Use this function only * if it is necessary to support a protocol for which it has been * verified that the usage of the key with multiple algorithms * is safe. */ static inline void psa_set_key_enrollment_algorithm( psa_key_attributes_t *attributes, psa_algorithm_t alg2) { attributes->core.policy.alg2 = alg2; } #if defined(MBEDTLS_ECP_C) #include <mbedtls/ecp.h> /** Convert an ECC curve identifier from the Mbed TLS encoding to PSA. * * \note This function is provided solely for the convenience of * Mbed TLS and may be removed at any time without notice. * * \param grpid An Mbed TLS elliptic curve identifier * (`MBEDTLS_ECP_DP_xxx`). * \param[out] bits On success, the bit size of the curve. * * \return The corresponding PSA elliptic curve identifier * (`PSA_ECC_FAMILY_xxx`). * \return \c 0 on failure (\p grpid is not recognized). */ static inline psa_ecc_family_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid, size_t *bits ) { switch( grpid ) { case MBEDTLS_ECP_DP_SECP192R1: *bits = 192; return( PSA_ECC_FAMILY_SECP_R1 ); case MBEDTLS_ECP_DP_SECP224R1: *bits = 224; return( PSA_ECC_FAMILY_SECP_R1 ); case MBEDTLS_ECP_DP_SECP256R1: *bits = 256; return( PSA_ECC_FAMILY_SECP_R1 ); case MBEDTLS_ECP_DP_SECP384R1: *bits = 384; return( PSA_ECC_FAMILY_SECP_R1 ); case MBEDTLS_ECP_DP_SECP521R1: *bits = 521; return( PSA_ECC_FAMILY_SECP_R1 ); case MBEDTLS_ECP_DP_BP256R1: *bits = 256; return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 ); case MBEDTLS_ECP_DP_BP384R1: *bits = 384; return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 ); case MBEDTLS_ECP_DP_BP512R1: *bits = 512; return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 ); case MBEDTLS_ECP_DP_CURVE25519: *bits = 255; return( PSA_ECC_FAMILY_MONTGOMERY ); case MBEDTLS_ECP_DP_SECP192K1: *bits = 192; return( PSA_ECC_FAMILY_SECP_K1 ); case MBEDTLS_ECP_DP_SECP224K1: *bits = 224; return( PSA_ECC_FAMILY_SECP_K1 ); case MBEDTLS_ECP_DP_SECP256K1: *bits = 256; return( PSA_ECC_FAMILY_SECP_K1 ); case MBEDTLS_ECP_DP_CURVE448: *bits = 448; return( PSA_ECC_FAMILY_MONTGOMERY ); default: *bits = 0; return( 0 ); } } /** Convert an ECC curve identifier from the PSA encoding to Mbed TLS. * * \note This function is provided solely for the convenience of * Mbed TLS and may be removed at any time without notice. * * \param curve A PSA elliptic curve identifier * (`PSA_ECC_FAMILY_xxx`). * \param byte_length The byte-length of a private key on \p curve. * * \return The corresponding Mbed TLS elliptic curve identifier * (`MBEDTLS_ECP_DP_xxx`). * \return #MBEDTLS_ECP_DP_NONE if \c curve is not recognized. * \return #MBEDTLS_ECP_DP_NONE if \p byte_length is not * correct for \p curve. */ //mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve, // size_t byte_length ); #endif /* MBEDTLS_ECP_C */ #ifdef __cplusplus } #endif #endif /* PSA_CRYPTO_EXTRA_H */