Group psa_tls_helpers

group TLS helper functions

Defines

MBEDTLS_ECDSA_DER_MAX_SIG_LEN(bits)

Maximum size of a DER-encoded ECDSA signature for a given curve bit size.

Note

This macro returns a compile-time constant if its argument is one. It may evaluate its argument multiple times.

Parameters:

  • bits – Curve size in bits.

Returns:

Maximum signature size in bytes.

MBEDTLS_ECDSA_DER_MAX_LEN

The maximal size of a DER-encoded ECDSA signature in Bytes.

Functions

static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type)

This function returns the PSA algorithm identifier associated with the given digest type.

Warning

If md_type is MBEDTLS_MD_NONE, this function will not return PSA_ALG_NONE, but an invalid algorithm.

Warning

This function does not check if the algorithm is supported, it always returns the corresponding identifier.

Parameters:

md_type – The type of digest to search for. Must not be NONE.

Returns:

The PSA algorithm identifier associated with md_type, regardless of whether it is supported or not.

static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg)

This function returns the given digest type associated with the PSA algorithm identifier.

Warning

This function does not check if the algorithm is supported, it always returns the corresponding identifier.

Parameters:

psa_alg – The PSA algorithm identifier to search for.

Returns:

The MD type associated with psa_alg, regardless of whether it is supported or not.

int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_len, unsigned char *der, size_t der_size, size_t *der_len)

Convert an ECDSA signature from raw format to DER ASN.1 format.

Note

The behavior is undefined if der is null, even if der_size is 0.

Parameters:

  • bits – Size of each coordinate in bits.

  • raw – Buffer that contains the signature in raw format.

  • raw_len – Length of raw in bytes. This must be PSA_BITS_TO_BYTES(bits) bytes.

  • der[out] Buffer that will be filled with the converted DER output. It can overlap with raw buffer.

  • der_size – Size of der in bytes. It is enough if der_size is at least the size of the actual output. (The size of the output can vary depending on the presence of leading zeros in the data.) You can use MBEDTLS_ECDSA_DER_MAX_SIG_LEN(bits) to determine a size that is large enough for all signatures for a given value of bits.

  • der_len[out] On success it contains the amount of valid data (in bytes) written to der. It’s undefined in case of failure.

Returns:

0 if successful.

Returns:

PSA_ERROR_BUFFER_TOO_SMALL if der_size is too small or if bits is larger than the largest supported curve.

Returns:

MBEDTLS_ERR_ASN1_INVALID_DATA if one of the numbers in the signature is 0.

int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_len, unsigned char *raw, size_t raw_size, size_t *raw_len)

Convert an ECDSA signature from DER ASN.1 format to raw format.

Parameters:

  • bits – Size of each coordinate in bits.

  • der – Buffer that contains the signature in DER format.

  • der_len – Size of der in bytes.

  • raw[out] Buffer that will be filled with the converted raw signature. It can overlap with der buffer.

  • raw_size – Size of raw in bytes. Must be at least 2 * PSA_BITS_TO_BYTES(bits) bytes.

  • raw_len[out] On success it is updated with the amount of valid data (in bytes) written to raw. It’s undefined in case of failure.

Returns:

0 if successful.

Returns:

PSA_ERROR_BUFFER_TOO_SMALL if raw_size is too small or if bits is larger than the largest supported curve.

Returns:

MBEDTLS_ERR_ASN1_INVALID_DATA if the data in der is inconsistent with bits.

Returns:

An MBEDTLS_ERR_ASN1_xxx error code if der is malformed.