1*62c56f98SSadaf Ebrahimi /* 2*62c56f98SSadaf Ebrahimi * PSA FFDH layer on top of Mbed TLS crypto 3*62c56f98SSadaf Ebrahimi */ 4*62c56f98SSadaf Ebrahimi /* 5*62c56f98SSadaf Ebrahimi * Copyright The Mbed TLS Contributors 6*62c56f98SSadaf Ebrahimi * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 7*62c56f98SSadaf Ebrahimi */ 8*62c56f98SSadaf Ebrahimi 9*62c56f98SSadaf Ebrahimi #ifndef PSA_CRYPTO_FFDH_H 10*62c56f98SSadaf Ebrahimi #define PSA_CRYPTO_FFDH_H 11*62c56f98SSadaf Ebrahimi 12*62c56f98SSadaf Ebrahimi #include <psa/crypto.h> 13*62c56f98SSadaf Ebrahimi #include <mbedtls/dhm.h> 14*62c56f98SSadaf Ebrahimi 15*62c56f98SSadaf Ebrahimi /** Perform a key agreement and return the FFDH shared secret. 16*62c56f98SSadaf Ebrahimi * 17*62c56f98SSadaf Ebrahimi * \param[in] attributes The attributes of the key to use for the 18*62c56f98SSadaf Ebrahimi * operation. 19*62c56f98SSadaf Ebrahimi * \param[in] peer_key The buffer containing the key context 20*62c56f98SSadaf Ebrahimi * of the peer's public key. 21*62c56f98SSadaf Ebrahimi * \param[in] peer_key_length Size of the \p peer_key buffer in 22*62c56f98SSadaf Ebrahimi * bytes. 23*62c56f98SSadaf Ebrahimi * \param[in] key_buffer The buffer containing the private key 24*62c56f98SSadaf Ebrahimi * context. 25*62c56f98SSadaf Ebrahimi * \param[in] key_buffer_size Size of the \p key_buffer buffer in 26*62c56f98SSadaf Ebrahimi * bytes. 27*62c56f98SSadaf Ebrahimi * \param[out] shared_secret The buffer to which the shared secret 28*62c56f98SSadaf Ebrahimi * is to be written. 29*62c56f98SSadaf Ebrahimi * \param[in] shared_secret_size Size of the \p shared_secret buffer in 30*62c56f98SSadaf Ebrahimi * bytes. 31*62c56f98SSadaf Ebrahimi * \param[out] shared_secret_length On success, the number of bytes that make 32*62c56f98SSadaf Ebrahimi * up the returned shared secret. 33*62c56f98SSadaf Ebrahimi * \retval #PSA_SUCCESS 34*62c56f98SSadaf Ebrahimi * Success. Shared secret successfully calculated. 35*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_INVALID_ARGUMENT 36*62c56f98SSadaf Ebrahimi * \p key_buffer_size, \p peer_key_length, \p shared_secret_size 37*62c56f98SSadaf Ebrahimi * do not match 38*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription 39*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription 40*62c56f98SSadaf Ebrahimi */ 41*62c56f98SSadaf Ebrahimi psa_status_t mbedtls_psa_ffdh_key_agreement( 42*62c56f98SSadaf Ebrahimi const psa_key_attributes_t *attributes, 43*62c56f98SSadaf Ebrahimi const uint8_t *peer_key, 44*62c56f98SSadaf Ebrahimi size_t peer_key_length, 45*62c56f98SSadaf Ebrahimi const uint8_t *key_buffer, 46*62c56f98SSadaf Ebrahimi size_t key_buffer_size, 47*62c56f98SSadaf Ebrahimi uint8_t *shared_secret, 48*62c56f98SSadaf Ebrahimi size_t shared_secret_size, 49*62c56f98SSadaf Ebrahimi size_t *shared_secret_length); 50*62c56f98SSadaf Ebrahimi 51*62c56f98SSadaf Ebrahimi /** Export a public key or the public part of a DH key pair in binary format. 52*62c56f98SSadaf Ebrahimi * 53*62c56f98SSadaf Ebrahimi * \param[in] attributes The attributes for the key to export. 54*62c56f98SSadaf Ebrahimi * \param[in] key_buffer Material or context of the key to export. 55*62c56f98SSadaf Ebrahimi * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. 56*62c56f98SSadaf Ebrahimi * \param[out] data Buffer where the key data is to be written. 57*62c56f98SSadaf Ebrahimi * \param[in] data_size Size of the \p data buffer in bytes. 58*62c56f98SSadaf Ebrahimi * \param[out] data_length On success, the number of bytes written in 59*62c56f98SSadaf Ebrahimi * \p data 60*62c56f98SSadaf Ebrahimi * 61*62c56f98SSadaf Ebrahimi * \retval #PSA_SUCCESS The public key was exported successfully. 62*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_BUFFER_TOO_SMALL 63*62c56f98SSadaf Ebrahimi * The size of \p key_buffer is too small. 64*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription 65*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription 66*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription 67*62c56f98SSadaf Ebrahimi */ 68*62c56f98SSadaf Ebrahimi psa_status_t mbedtls_psa_ffdh_export_public_key( 69*62c56f98SSadaf Ebrahimi const psa_key_attributes_t *attributes, 70*62c56f98SSadaf Ebrahimi const uint8_t *key_buffer, 71*62c56f98SSadaf Ebrahimi size_t key_buffer_size, 72*62c56f98SSadaf Ebrahimi uint8_t *data, 73*62c56f98SSadaf Ebrahimi size_t data_size, 74*62c56f98SSadaf Ebrahimi size_t *data_length); 75*62c56f98SSadaf Ebrahimi 76*62c56f98SSadaf Ebrahimi /** 77*62c56f98SSadaf Ebrahimi * \brief Generate DH key. 78*62c56f98SSadaf Ebrahimi * 79*62c56f98SSadaf Ebrahimi * \note The signature of the function is that of a PSA driver generate_key 80*62c56f98SSadaf Ebrahimi * entry point. 81*62c56f98SSadaf Ebrahimi * 82*62c56f98SSadaf Ebrahimi * \param[in] attributes The attributes for the key to generate. 83*62c56f98SSadaf Ebrahimi * \param[out] key_buffer Buffer where the key data is to be written. 84*62c56f98SSadaf Ebrahimi * \param[in] key_buffer_size Size of \p key_buffer in bytes. 85*62c56f98SSadaf Ebrahimi * \param[out] key_buffer_length On success, the number of bytes written in 86*62c56f98SSadaf Ebrahimi * \p key_buffer. 87*62c56f98SSadaf Ebrahimi * 88*62c56f98SSadaf Ebrahimi * \retval #PSA_SUCCESS 89*62c56f98SSadaf Ebrahimi * The key was generated successfully. 90*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_NOT_SUPPORTED 91*62c56f98SSadaf Ebrahimi * Key size in bits is invalid. 92*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_BUFFER_TOO_SMALL 93*62c56f98SSadaf Ebrahimi * The size of \p key_buffer is too small. 94*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription 95*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription 96*62c56f98SSadaf Ebrahimi */ 97*62c56f98SSadaf Ebrahimi psa_status_t mbedtls_psa_ffdh_generate_key( 98*62c56f98SSadaf Ebrahimi const psa_key_attributes_t *attributes, 99*62c56f98SSadaf Ebrahimi uint8_t *key_buffer, 100*62c56f98SSadaf Ebrahimi size_t key_buffer_size, 101*62c56f98SSadaf Ebrahimi size_t *key_buffer_length); 102*62c56f98SSadaf Ebrahimi 103*62c56f98SSadaf Ebrahimi /** 104*62c56f98SSadaf Ebrahimi * \brief Import DH key. 105*62c56f98SSadaf Ebrahimi * 106*62c56f98SSadaf Ebrahimi * \note The signature of the function is that of a PSA driver import_key 107*62c56f98SSadaf Ebrahimi * entry point. 108*62c56f98SSadaf Ebrahimi * 109*62c56f98SSadaf Ebrahimi * \param[in] attributes The attributes for the key to import. 110*62c56f98SSadaf Ebrahimi * \param[in] data The buffer containing the key data in import 111*62c56f98SSadaf Ebrahimi * format. 112*62c56f98SSadaf Ebrahimi * \param[in] data_length Size of the \p data buffer in bytes. 113*62c56f98SSadaf Ebrahimi * \param[out] key_buffer The buffer containing the key data in output 114*62c56f98SSadaf Ebrahimi * format. 115*62c56f98SSadaf Ebrahimi * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. This 116*62c56f98SSadaf Ebrahimi * size is greater or equal to \p data_length. 117*62c56f98SSadaf Ebrahimi * \param[out] key_buffer_length The length of the data written in \p 118*62c56f98SSadaf Ebrahimi * key_buffer in bytes. 119*62c56f98SSadaf Ebrahimi * \param[out] bits The key size in number of bits. 120*62c56f98SSadaf Ebrahimi * 121*62c56f98SSadaf Ebrahimi * \retval #PSA_SUCCESS 122*62c56f98SSadaf Ebrahimi * The key was generated successfully. 123*62c56f98SSadaf Ebrahimi * \retval #PSA_ERROR_BUFFER_TOO_SMALL 124*62c56f98SSadaf Ebrahimi * The size of \p key_buffer is too small. 125*62c56f98SSadaf Ebrahimi */ 126*62c56f98SSadaf Ebrahimi psa_status_t mbedtls_psa_ffdh_import_key( 127*62c56f98SSadaf Ebrahimi const psa_key_attributes_t *attributes, 128*62c56f98SSadaf Ebrahimi const uint8_t *data, size_t data_length, 129*62c56f98SSadaf Ebrahimi uint8_t *key_buffer, size_t key_buffer_size, 130*62c56f98SSadaf Ebrahimi size_t *key_buffer_length, size_t *bits); 131*62c56f98SSadaf Ebrahimi 132*62c56f98SSadaf Ebrahimi #endif /* PSA_CRYPTO_FFDH_H */ 133