psa_crypto_ecp.h 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223
  1. /*
  2. * PSA ECP layer on top of Mbed TLS crypto
  3. */
  4. /*
  5. * Copyright The Mbed TLS Contributors
  6. * SPDX-License-Identifier: Apache-2.0
  7. *
  8. * Licensed under the Apache License, Version 2.0 (the "License"); you may
  9. * not use this file except in compliance with the License.
  10. * You may obtain a copy of the License at
  11. *
  12. * http://www.apache.org/licenses/LICENSE-2.0
  13. *
  14. * Unless required by applicable law or agreed to in writing, software
  15. * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  16. * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  17. * See the License for the specific language governing permissions and
  18. * limitations under the License.
  19. */
  20. #ifndef PSA_CRYPTO_ECP_H
  21. #define PSA_CRYPTO_ECP_H
  22. #include <psa/crypto.h>
  23. #include <mbedtls/ecp.h>
  24. /** Load the contents of a key buffer into an internal ECP representation
  25. *
  26. * \param[in] type The type of key contained in \p data.
  27. * \param[in] curve_bits The nominal bit-size of the curve.
  28. * It must be consistent with the representation
  29. * passed in \p data.
  30. * This can be 0, in which case the bit-size
  31. * is inferred from \p data_length (which is possible
  32. * for all key types and representation formats
  33. * formats that are currently supported or will
  34. * be in the foreseeable future).
  35. * \param[in] data The buffer from which to load the representation.
  36. * \param[in] data_length The size in bytes of \p data.
  37. * \param[out] p_ecp Returns a pointer to an ECP context on success.
  38. * The caller is responsible for freeing both the
  39. * contents of the context and the context itself
  40. * when done.
  41. */
  42. psa_status_t mbedtls_psa_ecp_load_representation( psa_key_type_t type,
  43. size_t curve_bits,
  44. const uint8_t *data,
  45. size_t data_length,
  46. mbedtls_ecp_keypair **p_ecp );
  47. /** Import an ECP key in binary format.
  48. *
  49. * \note The signature of this function is that of a PSA driver
  50. * import_key entry point. This function behaves as an import_key
  51. * entry point as defined in the PSA driver interface specification for
  52. * transparent drivers.
  53. *
  54. * \param[in] attributes The attributes for the key to import.
  55. * \param[in] data The buffer containing the key data in import
  56. * format.
  57. * \param[in] data_length Size of the \p data buffer in bytes.
  58. * \param[out] key_buffer The buffer containing the key data in output
  59. * format.
  60. * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. This
  61. * size is greater or equal to \p data_length.
  62. * \param[out] key_buffer_length The length of the data written in \p
  63. * key_buffer in bytes.
  64. * \param[out] bits The key size in number of bits.
  65. *
  66. * \retval #PSA_SUCCESS The ECP key was imported successfully.
  67. * \retval #PSA_ERROR_INVALID_ARGUMENT
  68. * The key data is not correctly formatted.
  69. * \retval #PSA_ERROR_NOT_SUPPORTED
  70. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  71. * \retval #PSA_ERROR_CORRUPTION_DETECTED
  72. */
  73. psa_status_t mbedtls_psa_ecp_import_key(
  74. const psa_key_attributes_t *attributes,
  75. const uint8_t *data, size_t data_length,
  76. uint8_t *key_buffer, size_t key_buffer_size,
  77. size_t *key_buffer_length, size_t *bits );
  78. /** Export an ECP key to export representation
  79. *
  80. * \param[in] type The type of key (public/private) to export
  81. * \param[in] ecp The internal ECP representation from which to export
  82. * \param[out] data The buffer to export to
  83. * \param[in] data_size The length of the buffer to export to
  84. * \param[out] data_length The amount of bytes written to \p data
  85. */
  86. psa_status_t mbedtls_psa_ecp_export_key( psa_key_type_t type,
  87. mbedtls_ecp_keypair *ecp,
  88. uint8_t *data,
  89. size_t data_size,
  90. size_t *data_length );
  91. /** Export an ECP public key or the public part of an ECP key pair in binary
  92. * format.
  93. *
  94. * \note The signature of this function is that of a PSA driver
  95. * export_public_key entry point. This function behaves as an
  96. * export_public_key entry point as defined in the PSA driver interface
  97. * specification.
  98. *
  99. * \param[in] attributes The attributes for the key to export.
  100. * \param[in] key_buffer Material or context of the key to export.
  101. * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
  102. * \param[out] data Buffer where the key data is to be written.
  103. * \param[in] data_size Size of the \p data buffer in bytes.
  104. * \param[out] data_length On success, the number of bytes written in
  105. * \p data
  106. *
  107. * \retval #PSA_SUCCESS The ECP public key was exported successfully.
  108. * \retval #PSA_ERROR_NOT_SUPPORTED
  109. * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  110. * \retval #PSA_ERROR_HARDWARE_FAILURE
  111. * \retval #PSA_ERROR_CORRUPTION_DETECTED
  112. * \retval #PSA_ERROR_STORAGE_FAILURE
  113. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  114. */
  115. psa_status_t mbedtls_psa_ecp_export_public_key(
  116. const psa_key_attributes_t *attributes,
  117. const uint8_t *key_buffer, size_t key_buffer_size,
  118. uint8_t *data, size_t data_size, size_t *data_length );
  119. /**
  120. * \brief Generate an ECP key.
  121. *
  122. * \note The signature of the function is that of a PSA driver generate_key
  123. * entry point.
  124. *
  125. * \param[in] attributes The attributes for the ECP key to generate.
  126. * \param[out] key_buffer Buffer where the key data is to be written.
  127. * \param[in] key_buffer_size Size of \p key_buffer in bytes.
  128. * \param[out] key_buffer_length On success, the number of bytes written in
  129. * \p key_buffer.
  130. *
  131. * \retval #PSA_SUCCESS
  132. * The key was successfully generated.
  133. * \retval #PSA_ERROR_NOT_SUPPORTED
  134. * Key length or type not supported.
  135. * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  136. * The size of \p key_buffer is too small.
  137. */
  138. psa_status_t mbedtls_psa_ecp_generate_key(
  139. const psa_key_attributes_t *attributes,
  140. uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
  141. /** Sign an already-calculated hash with ECDSA.
  142. *
  143. * \note The signature of this function is that of a PSA driver
  144. * sign_hash entry point. This function behaves as a sign_hash
  145. * entry point as defined in the PSA driver interface specification for
  146. * transparent drivers.
  147. *
  148. * \param[in] attributes The attributes of the ECC key to use for the
  149. * operation.
  150. * \param[in] key_buffer The buffer containing the ECC key context.
  151. * format.
  152. * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
  153. * \param[in] alg Randomized or deterministic ECDSA algorithm.
  154. * \param[in] hash The hash or message to sign.
  155. * \param[in] hash_length Size of the \p hash buffer in bytes.
  156. * \param[out] signature Buffer where the signature is to be written.
  157. * \param[in] signature_size Size of the \p signature buffer in bytes.
  158. * \param[out] signature_length On success, the number of bytes
  159. * that make up the returned signature value.
  160. *
  161. * \retval #PSA_SUCCESS
  162. * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  163. * The size of the \p signature buffer is too small. You can
  164. * determine a sufficient buffer size by calling
  165. * #PSA_SIGN_OUTPUT_SIZE(\c PSA_KEY_TYPE_ECC_KEY_PAIR, \c key_bits,
  166. * \p alg) where \c key_bits is the bit-size of the ECC key.
  167. * \retval #PSA_ERROR_NOT_SUPPORTED
  168. * \retval #PSA_ERROR_INVALID_ARGUMENT
  169. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  170. * \retval #PSA_ERROR_CORRUPTION_DETECTED
  171. * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
  172. */
  173. psa_status_t mbedtls_psa_ecdsa_sign_hash(
  174. const psa_key_attributes_t *attributes,
  175. const uint8_t *key_buffer, size_t key_buffer_size,
  176. psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
  177. uint8_t *signature, size_t signature_size, size_t *signature_length );
  178. /**
  179. * \brief Verify an ECDSA hash or short message signature.
  180. *
  181. * \note The signature of this function is that of a PSA driver
  182. * verify_hash entry point. This function behaves as a verify_hash
  183. * entry point as defined in the PSA driver interface specification for
  184. * transparent drivers.
  185. *
  186. * \param[in] attributes The attributes of the ECC key to use for the
  187. * operation.
  188. * \param[in] key_buffer The buffer containing the ECC key context.
  189. * format.
  190. * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
  191. * \param[in] alg Randomized or deterministic ECDSA algorithm.
  192. * \param[in] hash The hash or message whose signature is to be
  193. * verified.
  194. * \param[in] hash_length Size of the \p hash buffer in bytes.
  195. * \param[in] signature Buffer containing the signature to verify.
  196. * \param[in] signature_length Size of the \p signature buffer in bytes.
  197. *
  198. * \retval #PSA_SUCCESS
  199. * The signature is valid.
  200. * \retval #PSA_ERROR_INVALID_SIGNATURE
  201. * The calculation was performed successfully, but the passed
  202. * signature is not a valid signature.
  203. * \retval #PSA_ERROR_NOT_SUPPORTED
  204. * \retval #PSA_ERROR_INVALID_ARGUMENT
  205. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  206. */
  207. psa_status_t mbedtls_psa_ecdsa_verify_hash(
  208. const psa_key_attributes_t *attributes,
  209. const uint8_t *key_buffer, size_t key_buffer_size,
  210. psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
  211. const uint8_t *signature, size_t signature_length );
  212. #endif /* PSA_CRYPTO_ECP_H */