File psa_util.h
Utility functions for the use of the PSA Crypto library.
Defines
-
MBEDTLS_PSA_RANDOM_STATE
The random generator state for the PSA subsystem.
This macro always expands to NULL because the
p_rng
parameter is unused in mbedtls_psa_get_random(), but it’s kept for interface’s backward compatibility.
Functions
-
int mbedtls_psa_get_random(void *p_rng, unsigned char *output, size_t output_size)
The random generator function for the PSA subsystem.
This function is suitable as the
f_rng
random generator function parameter of manymbedtls_xxx
functions.The implementation of this function depends on the configuration of the library.
Note
This function may only be used if the PSA crypto subsystem is active. This means that you must call psa_crypto_init() before any call to this function, and you must not call this function after calling mbedtls_psa_crypto_free().
- Parameters
p_rng – This parameter is only kept for backward compatibility reasons with legacy
f_rng
functions and it’s ignored. Set to MBEDTLS_PSA_RANDOM_STATE or NULL.output – The buffer to fill. It must have room for
output_size
bytes.output_size – The number of bytes to write to
output
. This function may fail ifoutput_size
is too large. It is guaranteed to accept any output size requested by Mbed TLS library functions. The maximum request size depends on the library configuration.
- Returns
0
on success.- Returns
An
MBEDTLS_ERR_ENTROPY_xxx
,MBEDTLS_ERR_PLATFORM_xxx,
MBEDTLS_ERR_CTR_DRBG_xxxor
MBEDTLS_ERR_HMAC_DRBG_xxx` on error.
-
psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, size_t *bits)
Convert an ECC curve identifier from the Mbed TLS encoding to PSA.
- Parameters
grpid – An Mbed TLS elliptic curve identifier (
MBEDTLS_ECP_DP_xxx
).bits – [out] On success the bit size of the curve; 0 on failure.
- Returns
If the curve is supported in the PSA API, this function returns the proper PSA curve identifier (
PSA_ECC_FAMILY_xxx
). This holds even if the curve is not supported by the ECP module.- Returns
0
if the curve is not supported in the PSA API.
-
mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family, size_t bits)
Convert an ECC curve identifier from the PSA encoding to Mbed TLS.
- Parameters
family – A PSA elliptic curve family identifier (
PSA_ECC_FAMILY_xxx
).bits – The bit-length of a private key on
curve
.
- Returns
If the curve is supported in the PSA API, this function returns the corresponding Mbed TLS elliptic curve identifier (
MBEDTLS_ECP_DP_xxx
).- Returns
MBEDTLS_ECP_DP_NONE if the combination of
curve
andbits
is not supported.
-
static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type)
This function returns the PSA algorithm identifier associated with the given digest type.
Warning
If
md_type
isMBEDTLS_MD_NONE
, this function will not returnPSA_ALG_NONE
, but an invalid algorithm.Warning
This function does not check if the algorithm is supported, it always returns the corresponding identifier.
- Parameters
md_type – The type of digest to search for. Must not be NONE.
- Returns
The PSA algorithm identifier associated with
md_type
, regardless of whether it is supported or not.
-
static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg)
This function returns the given digest type associated with the PSA algorithm identifier.
Warning
This function does not check if the algorithm is supported, it always returns the corresponding identifier.
- Parameters
psa_alg – The PSA algorithm identifier to search for.
- Returns
The MD type associated with
psa_alg
, regardless of whether it is supported or not.
-
int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_len, unsigned char *der, size_t der_size, size_t *der_len)
Convert an ECDSA signature from raw format to DER ASN.1 format.
- Parameters
bits – Size of each coordinate in bits.
raw – Buffer that contains the signature in raw format.
raw_len – Length of
raw
in bytes. This must be PSA_BITS_TO_BYTES(bits) bytes.der – [out] Buffer that will be filled with the converted DER output. It can overlap with raw buffer.
der_size – Size of
der
in bytes. It is enough ifder_size
is at least the size of the actual output. (The size of the output can vary depending on the presence of leading zeros in the data.) You can use MBEDTLS_ECDSA_MAX_SIG_LEN(bits
) to determine a size that is large enough for all signatures for a given value ofbits
.der_len – [out] On success it contains the amount of valid data (in bytes) written to
der
. It’s undefined in case of failure.
-
int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_len, unsigned char *raw, size_t raw_size, size_t *raw_len)
Convert an ECDSA signature from DER ASN.1 format to raw format.
- Parameters
bits – Size of each coordinate in bits.
der – Buffer that contains the signature in DER format.
der_len – Size of
der
in bytes.raw – [out] Buffer that will be filled with the converted raw signature. It can overlap with der buffer.
raw_size – Size of
raw
in bytes. Must be at least 2 * PSA_BITS_TO_BYTES(bits) bytes.raw_len – [out] On success it is updated with the amount of valid data (in bytes) written to
raw
. It’s undefined in case of failure.