File psa_util.h

Utility functions for the use of the PSA Crypto library.

Defines

MBEDTLS_PSA_RANDOM_STATE

The random generator state for the PSA subsystem.

This macro always expands to NULL because the p_rng parameter is unused in mbedtls_psa_get_random(), but it’s kept for interface’s backward compatibility.

Functions

int mbedtls_psa_get_random(void *p_rng, unsigned char *output, size_t output_size)

The random generator function for the PSA subsystem.

This function is suitable as the f_rng random generator function parameter of many mbedtls_xxx functions.

The implementation of this function depends on the configuration of the library.

Note

This function may only be used if the PSA crypto subsystem is active. This means that you must call psa_crypto_init() before any call to this function, and you must not call this function after calling mbedtls_psa_crypto_free().

Parameters

  • p_rng – This parameter is only kept for backward compatibility reasons with legacy f_rng functions and it’s ignored. Set to MBEDTLS_PSA_RANDOM_STATE or NULL.

  • output – The buffer to fill. It must have room for output_size bytes.

  • output_size – The number of bytes to write to output. This function may fail if output_size is too large. It is guaranteed to accept any output size requested by Mbed TLS library functions. The maximum request size depends on the library configuration.

Returns

0 on success.

Returns

An MBEDTLS_ERR_ENTROPY_xxx, MBEDTLS_ERR_PLATFORM_xxx, MBEDTLS_ERR_CTR_DRBG_xxxor MBEDTLS_ERR_HMAC_DRBG_xxx` on error.

psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, size_t *bits)

Convert an ECC curve identifier from the Mbed TLS encoding to PSA.

Parameters

  • grpid – An Mbed TLS elliptic curve identifier (MBEDTLS_ECP_DP_xxx).

  • bits[out] On success the bit size of the curve; 0 on failure.

Returns

If the curve is supported in the PSA API, this function returns the proper PSA curve identifier (PSA_ECC_FAMILY_xxx). This holds even if the curve is not supported by the ECP module.

Returns

0 if the curve is not supported in the PSA API.

mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family, size_t bits)

Convert an ECC curve identifier from the PSA encoding to Mbed TLS.

Parameters

  • family – A PSA elliptic curve family identifier (PSA_ECC_FAMILY_xxx).

  • bits – The bit-length of a private key on curve.

Returns

If the curve is supported in the PSA API, this function returns the corresponding Mbed TLS elliptic curve identifier (MBEDTLS_ECP_DP_xxx).

Returns

MBEDTLS_ECP_DP_NONE if the combination of curve and bits is not supported.

static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type)

This function returns the PSA algorithm identifier associated with the given digest type.

Warning

If md_type is MBEDTLS_MD_NONE, this function will not return PSA_ALG_NONE, but an invalid algorithm.

Warning

This function does not check if the algorithm is supported, it always returns the corresponding identifier.

Parameters

md_type – The type of digest to search for. Must not be NONE.

Returns

The PSA algorithm identifier associated with md_type, regardless of whether it is supported or not.

static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg)

This function returns the given digest type associated with the PSA algorithm identifier.

Warning

This function does not check if the algorithm is supported, it always returns the corresponding identifier.

Parameters

psa_alg – The PSA algorithm identifier to search for.

Returns

The MD type associated with psa_alg, regardless of whether it is supported or not.

int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_len, unsigned char *der, size_t der_size, size_t *der_len)

Convert an ECDSA signature from raw format to DER ASN.1 format.

Parameters

  • bits – Size of each coordinate in bits.

  • raw – Buffer that contains the signature in raw format.

  • raw_len – Length of raw in bytes. This must be PSA_BITS_TO_BYTES(bits) bytes.

  • der[out] Buffer that will be filled with the converted DER output. It can overlap with raw buffer.

  • der_size – Size of der in bytes. It is enough if der_size is at least the size of the actual output. (The size of the output can vary depending on the presence of leading zeros in the data.) You can use MBEDTLS_ECDSA_MAX_SIG_LEN(bits) to determine a size that is large enough for all signatures for a given value of bits.

  • der_len[out] On success it contains the amount of valid data (in bytes) written to der. It’s undefined in case of failure.

int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_len, unsigned char *raw, size_t raw_size, size_t *raw_len)

Convert an ECDSA signature from DER ASN.1 format to raw format.

Parameters

  • bits – Size of each coordinate in bits.

  • der – Buffer that contains the signature in DER format.

  • der_len – Size of der in bytes.

  • raw[out] Buffer that will be filled with the converted raw signature. It can overlap with der buffer.

  • raw_size – Size of raw in bytes. Must be at least 2 * PSA_BITS_TO_BYTES(bits) bytes.

  • raw_len[out] On success it is updated with the amount of valid data (in bytes) written to raw. It’s undefined in case of failure.