Path: blob/master/thirdparty/mbedtls/include/psa/crypto_se_driver.h
9904 views
/**1* \file psa/crypto_se_driver.h2* \brief PSA external cryptoprocessor driver module3*4* This header declares types and function signatures for cryptography5* drivers that access key material via opaque references.6* This is meant for cryptoprocessors that have a separate key storage from the7* space in which the PSA Crypto implementation runs, typically secure8* elements (SEs).9*10* This file is part of the PSA Crypto Driver HAL (hardware abstraction layer),11* containing functions for driver developers to implement to enable hardware12* to be called in a standardized way by a PSA Cryptography API13* implementation. The functions comprising the driver HAL, which driver14* authors implement, are not intended to be called by application developers.15*/1617/*18* Copyright The Mbed TLS Contributors19* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later20*/21#ifndef PSA_CRYPTO_SE_DRIVER_H22#define PSA_CRYPTO_SE_DRIVER_H23#include "mbedtls/private_access.h"2425#include "crypto_driver_common.h"2627#ifdef __cplusplus28extern "C" {29#endif3031/** \defgroup se_init Secure element driver initialization32*/33/**@{*/3435/** \brief Driver context structure36*37* Driver functions receive a pointer to this structure.38* Each registered driver has one instance of this structure.39*40* Implementations must include the fields specified here and41* may include other fields.42*/43typedef struct {44/** A read-only pointer to the driver's persistent data.45*46* Drivers typically use this persistent data to keep track of47* which slot numbers are available. This is only a guideline:48* drivers may use the persistent data for any purpose, keeping49* in mind the restrictions on when the persistent data is saved50* to storage: the persistent data is only saved after calling51* certain functions that receive a writable pointer to the52* persistent data.53*54* The core allocates a memory buffer for the persistent data.55* The pointer is guaranteed to be suitably aligned for any data type,56* like a pointer returned by `malloc` (but the core can use any57* method to allocate the buffer, not necessarily `malloc`).58*59* The size of this buffer is in the \c persistent_data_size field of60* this structure.61*62* Before the driver is initialized for the first time, the content of63* the persistent data is all-bits-zero. After a driver upgrade, if the64* size of the persistent data has increased, the original data is padded65* on the right with zeros; if the size has decreased, the original data66* is truncated to the new size.67*68* This pointer is to read-only data. Only a few driver functions are69* allowed to modify the persistent data. These functions receive a70* writable pointer. These functions are:71* - psa_drv_se_t::p_init72* - psa_drv_se_key_management_t::p_allocate73* - psa_drv_se_key_management_t::p_destroy74*75* The PSA Cryptography core saves the persistent data from one76* session to the next. It does this before returning from API functions77* that call a driver method that is allowed to modify the persistent78* data, specifically:79* - psa_crypto_init() causes a call to psa_drv_se_t::p_init, and may call80* psa_drv_se_key_management_t::p_destroy to complete an action81* that was interrupted by a power failure.82* - Key creation functions cause a call to83* psa_drv_se_key_management_t::p_allocate, and may cause a call to84* psa_drv_se_key_management_t::p_destroy in case an error occurs.85* - psa_destroy_key() causes a call to86* psa_drv_se_key_management_t::p_destroy.87*/88const void *const MBEDTLS_PRIVATE(persistent_data);8990/** The size of \c persistent_data in bytes.91*92* This is always equal to the value of the `persistent_data_size` field93* of the ::psa_drv_se_t structure when the driver is registered.94*/95const size_t MBEDTLS_PRIVATE(persistent_data_size);9697/** Driver transient data.98*99* The core initializes this value to 0 and does not read or modify it100* afterwards. The driver may store whatever it wants in this field.101*/102uintptr_t MBEDTLS_PRIVATE(transient_data);103} psa_drv_se_context_t;104105/** \brief A driver initialization function.106*107* \param[in,out] drv_context The driver context structure.108* \param[in,out] persistent_data A pointer to the persistent data109* that allows writing.110* \param location The location value for which this driver111* is registered. The driver will be invoked112* for all keys whose lifetime is in this113* location.114*115* \retval #PSA_SUCCESS116* The driver is operational.117* The core will update the persistent data in storage.118* \return119* Any other return value prevents the driver from being used in120* this session.121* The core will NOT update the persistent data in storage.122*/123typedef psa_status_t (*psa_drv_se_init_t)(psa_drv_se_context_t *drv_context,124void *persistent_data,125psa_key_location_t location);126127#if defined(__DOXYGEN_ONLY__) || !defined(MBEDTLS_PSA_CRYPTO_SE_C)128/* Mbed TLS with secure element support enabled defines this type in129* crypto_types.h because it is also visible to applications through an130* implementation-specific extension.131* For the PSA Cryptography specification, this type is only visible132* via crypto_se_driver.h. */133/** An internal designation of a key slot between the core part of the134* PSA Crypto implementation and the driver. The meaning of this value135* is driver-dependent. */136typedef uint64_t psa_key_slot_number_t;137#endif /* __DOXYGEN_ONLY__ || !MBEDTLS_PSA_CRYPTO_SE_C */138139/**@}*/140141/** \defgroup se_mac Secure Element Message Authentication Codes142* Generation and authentication of Message Authentication Codes (MACs) using143* a secure element can be done either as a single function call (via the144* `psa_drv_se_mac_generate_t` or `psa_drv_se_mac_verify_t` functions), or in145* parts using the following sequence:146* - `psa_drv_se_mac_setup_t`147* - `psa_drv_se_mac_update_t`148* - `psa_drv_se_mac_update_t`149* - ...150* - `psa_drv_se_mac_finish_t` or `psa_drv_se_mac_finish_verify_t`151*152* If a previously started secure element MAC operation needs to be terminated,153* it should be done so by the `psa_drv_se_mac_abort_t`. Failure to do so may154* result in allocated resources not being freed or in other undefined155* behavior.156*/157/**@{*/158/** \brief A function that starts a secure element MAC operation for a PSA159* Crypto Driver implementation160*161* \param[in,out] drv_context The driver context structure.162* \param[in,out] op_context A structure that will contain the163* hardware-specific MAC context164* \param[in] key_slot The slot of the key to be used for the165* operation166* \param[in] algorithm The algorithm to be used to underly the MAC167* operation168*169* \retval #PSA_SUCCESS170* Success.171*/172typedef psa_status_t (*psa_drv_se_mac_setup_t)(psa_drv_se_context_t *drv_context,173void *op_context,174psa_key_slot_number_t key_slot,175psa_algorithm_t algorithm);176177/** \brief A function that continues a previously started secure element MAC178* operation179*180* \param[in,out] op_context A hardware-specific structure for the181* previously-established MAC operation to be182* updated183* \param[in] p_input A buffer containing the message to be appended184* to the MAC operation185* \param[in] input_length The size in bytes of the input message buffer186*/187typedef psa_status_t (*psa_drv_se_mac_update_t)(void *op_context,188const uint8_t *p_input,189size_t input_length);190191/** \brief a function that completes a previously started secure element MAC192* operation by returning the resulting MAC.193*194* \param[in,out] op_context A hardware-specific structure for the195* previously started MAC operation to be196* finished197* \param[out] p_mac A buffer where the generated MAC will be198* placed199* \param[in] mac_size The size in bytes of the buffer that has been200* allocated for the `output` buffer201* \param[out] p_mac_length After completion, will contain the number of202* bytes placed in the `p_mac` buffer203*204* \retval #PSA_SUCCESS205* Success.206*/207typedef psa_status_t (*psa_drv_se_mac_finish_t)(void *op_context,208uint8_t *p_mac,209size_t mac_size,210size_t *p_mac_length);211212/** \brief A function that completes a previously started secure element MAC213* operation by comparing the resulting MAC against a provided value214*215* \param[in,out] op_context A hardware-specific structure for the previously216* started MAC operation to be finished217* \param[in] p_mac The MAC value against which the resulting MAC218* will be compared against219* \param[in] mac_length The size in bytes of the value stored in `p_mac`220*221* \retval #PSA_SUCCESS222* The operation completed successfully and the MACs matched each223* other224* \retval #PSA_ERROR_INVALID_SIGNATURE225* The operation completed successfully, but the calculated MAC did226* not match the provided MAC227*/228typedef psa_status_t (*psa_drv_se_mac_finish_verify_t)(void *op_context,229const uint8_t *p_mac,230size_t mac_length);231232/** \brief A function that aborts a previous started secure element MAC233* operation234*235* \param[in,out] op_context A hardware-specific structure for the previously236* started MAC operation to be aborted237*/238typedef psa_status_t (*psa_drv_se_mac_abort_t)(void *op_context);239240/** \brief A function that performs a secure element MAC operation in one241* command and returns the calculated MAC242*243* \param[in,out] drv_context The driver context structure.244* \param[in] p_input A buffer containing the message to be MACed245* \param[in] input_length The size in bytes of `p_input`246* \param[in] key_slot The slot of the key to be used247* \param[in] alg The algorithm to be used to underlie the MAC248* operation249* \param[out] p_mac A buffer where the generated MAC will be250* placed251* \param[in] mac_size The size in bytes of the `p_mac` buffer252* \param[out] p_mac_length After completion, will contain the number of253* bytes placed in the `output` buffer254*255* \retval #PSA_SUCCESS256* Success.257*/258typedef psa_status_t (*psa_drv_se_mac_generate_t)(psa_drv_se_context_t *drv_context,259const uint8_t *p_input,260size_t input_length,261psa_key_slot_number_t key_slot,262psa_algorithm_t alg,263uint8_t *p_mac,264size_t mac_size,265size_t *p_mac_length);266267/** \brief A function that performs a secure element MAC operation in one268* command and compares the resulting MAC against a provided value269*270* \param[in,out] drv_context The driver context structure.271* \param[in] p_input A buffer containing the message to be MACed272* \param[in] input_length The size in bytes of `input`273* \param[in] key_slot The slot of the key to be used274* \param[in] alg The algorithm to be used to underlie the MAC275* operation276* \param[in] p_mac The MAC value against which the resulting MAC will277* be compared against278* \param[in] mac_length The size in bytes of `mac`279*280* \retval #PSA_SUCCESS281* The operation completed successfully and the MACs matched each282* other283* \retval #PSA_ERROR_INVALID_SIGNATURE284* The operation completed successfully, but the calculated MAC did285* not match the provided MAC286*/287typedef psa_status_t (*psa_drv_se_mac_verify_t)(psa_drv_se_context_t *drv_context,288const uint8_t *p_input,289size_t input_length,290psa_key_slot_number_t key_slot,291psa_algorithm_t alg,292const uint8_t *p_mac,293size_t mac_length);294295/** \brief A struct containing all of the function pointers needed to296* perform secure element MAC operations297*298* PSA Crypto API implementations should populate the table as appropriate299* upon startup.300*301* If one of the functions is not implemented (such as302* `psa_drv_se_mac_generate_t`), it should be set to NULL.303*304* Driver implementers should ensure that they implement all of the functions305* that make sense for their hardware, and that they provide a full solution306* (for example, if they support `p_setup`, they should also support307* `p_update` and at least one of `p_finish` or `p_finish_verify`).308*309*/310typedef struct {311/**The size in bytes of the hardware-specific secure element MAC context312* structure313*/314size_t MBEDTLS_PRIVATE(context_size);315/** Function that performs a MAC setup operation316*/317psa_drv_se_mac_setup_t MBEDTLS_PRIVATE(p_setup);318/** Function that performs a MAC update operation319*/320psa_drv_se_mac_update_t MBEDTLS_PRIVATE(p_update);321/** Function that completes a MAC operation322*/323psa_drv_se_mac_finish_t MBEDTLS_PRIVATE(p_finish);324/** Function that completes a MAC operation with a verify check325*/326psa_drv_se_mac_finish_verify_t MBEDTLS_PRIVATE(p_finish_verify);327/** Function that aborts a previously started MAC operation328*/329psa_drv_se_mac_abort_t MBEDTLS_PRIVATE(p_abort);330/** Function that performs a MAC operation in one call331*/332psa_drv_se_mac_generate_t MBEDTLS_PRIVATE(p_mac);333/** Function that performs a MAC and verify operation in one call334*/335psa_drv_se_mac_verify_t MBEDTLS_PRIVATE(p_mac_verify);336} psa_drv_se_mac_t;337/**@}*/338339/** \defgroup se_cipher Secure Element Symmetric Ciphers340*341* Encryption and Decryption using secure element keys in block modes other342* than ECB must be done in multiple parts, using the following flow:343* - `psa_drv_se_cipher_setup_t`344* - `psa_drv_se_cipher_set_iv_t` (optional depending upon block mode)345* - `psa_drv_se_cipher_update_t`346* - `psa_drv_se_cipher_update_t`347* - ...348* - `psa_drv_se_cipher_finish_t`349*350* If a previously started secure element Cipher operation needs to be351* terminated, it should be done so by the `psa_drv_se_cipher_abort_t`. Failure352* to do so may result in allocated resources not being freed or in other353* undefined behavior.354*355* In situations where a PSA Cryptographic API implementation is using a block356* mode not-supported by the underlying hardware or driver, it can construct357* the block mode itself, while calling the `psa_drv_se_cipher_ecb_t` function358* for the cipher operations.359*/360/**@{*/361362/** \brief A function that provides the cipher setup function for a363* secure element driver364*365* \param[in,out] drv_context The driver context structure.366* \param[in,out] op_context A structure that will contain the367* hardware-specific cipher context.368* \param[in] key_slot The slot of the key to be used for the369* operation370* \param[in] algorithm The algorithm to be used in the cipher371* operation372* \param[in] direction Indicates whether the operation is an encrypt373* or decrypt374*375* \retval #PSA_SUCCESS \emptydescription376* \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription377*/378typedef psa_status_t (*psa_drv_se_cipher_setup_t)(psa_drv_se_context_t *drv_context,379void *op_context,380psa_key_slot_number_t key_slot,381psa_algorithm_t algorithm,382psa_encrypt_or_decrypt_t direction);383384/** \brief A function that sets the initialization vector (if385* necessary) for a secure element cipher operation386*387* Rationale: The `psa_se_cipher_*` operation in the PSA Cryptographic API has388* two IV functions: one to set the IV, and one to generate it internally. The389* generate function is not necessary for the drivers to implement as the PSA390* Crypto implementation can do the generation using its RNG features.391*392* \param[in,out] op_context A structure that contains the previously set up393* hardware-specific cipher context394* \param[in] p_iv A buffer containing the initialization vector395* \param[in] iv_length The size (in bytes) of the `p_iv` buffer396*397* \retval #PSA_SUCCESS \emptydescription398*/399typedef psa_status_t (*psa_drv_se_cipher_set_iv_t)(void *op_context,400const uint8_t *p_iv,401size_t iv_length);402403/** \brief A function that continues a previously started secure element cipher404* operation405*406* \param[in,out] op_context A hardware-specific structure for the407* previously started cipher operation408* \param[in] p_input A buffer containing the data to be409* encrypted/decrypted410* \param[in] input_size The size in bytes of the buffer pointed to411* by `p_input`412* \param[out] p_output The caller-allocated buffer where the413* output will be placed414* \param[in] output_size The allocated size in bytes of the415* `p_output` buffer416* \param[out] p_output_length After completion, will contain the number417* of bytes placed in the `p_output` buffer418*419* \retval #PSA_SUCCESS \emptydescription420*/421typedef psa_status_t (*psa_drv_se_cipher_update_t)(void *op_context,422const uint8_t *p_input,423size_t input_size,424uint8_t *p_output,425size_t output_size,426size_t *p_output_length);427428/** \brief A function that completes a previously started secure element cipher429* operation430*431* \param[in,out] op_context A hardware-specific structure for the432* previously started cipher operation433* \param[out] p_output The caller-allocated buffer where the output434* will be placed435* \param[in] output_size The allocated size in bytes of the `p_output`436* buffer437* \param[out] p_output_length After completion, will contain the number of438* bytes placed in the `p_output` buffer439*440* \retval #PSA_SUCCESS \emptydescription441*/442typedef psa_status_t (*psa_drv_se_cipher_finish_t)(void *op_context,443uint8_t *p_output,444size_t output_size,445size_t *p_output_length);446447/** \brief A function that aborts a previously started secure element cipher448* operation449*450* \param[in,out] op_context A hardware-specific structure for the451* previously started cipher operation452*/453typedef psa_status_t (*psa_drv_se_cipher_abort_t)(void *op_context);454455/** \brief A function that performs the ECB block mode for secure element456* cipher operations457*458* Note: this function should only be used with implementations that do not459* provide a needed higher-level operation.460*461* \param[in,out] drv_context The driver context structure.462* \param[in] key_slot The slot of the key to be used for the operation463* \param[in] algorithm The algorithm to be used in the cipher operation464* \param[in] direction Indicates whether the operation is an encrypt or465* decrypt466* \param[in] p_input A buffer containing the data to be467* encrypted/decrypted468* \param[in] input_size The size in bytes of the buffer pointed to by469* `p_input`470* \param[out] p_output The caller-allocated buffer where the output471* will be placed472* \param[in] output_size The allocated size in bytes of the `p_output`473* buffer474*475* \retval #PSA_SUCCESS \emptydescription476* \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription477*/478typedef psa_status_t (*psa_drv_se_cipher_ecb_t)(psa_drv_se_context_t *drv_context,479psa_key_slot_number_t key_slot,480psa_algorithm_t algorithm,481psa_encrypt_or_decrypt_t direction,482const uint8_t *p_input,483size_t input_size,484uint8_t *p_output,485size_t output_size);486487/**488* \brief A struct containing all of the function pointers needed to implement489* cipher operations using secure elements.490*491* PSA Crypto API implementations should populate instances of the table as492* appropriate upon startup or at build time.493*494* If one of the functions is not implemented (such as495* `psa_drv_se_cipher_ecb_t`), it should be set to NULL.496*/497typedef struct {498/** The size in bytes of the hardware-specific secure element cipher499* context structure500*/501size_t MBEDTLS_PRIVATE(context_size);502/** Function that performs a cipher setup operation */503psa_drv_se_cipher_setup_t MBEDTLS_PRIVATE(p_setup);504/** Function that sets a cipher IV (if necessary) */505psa_drv_se_cipher_set_iv_t MBEDTLS_PRIVATE(p_set_iv);506/** Function that performs a cipher update operation */507psa_drv_se_cipher_update_t MBEDTLS_PRIVATE(p_update);508/** Function that completes a cipher operation */509psa_drv_se_cipher_finish_t MBEDTLS_PRIVATE(p_finish);510/** Function that aborts a cipher operation */511psa_drv_se_cipher_abort_t MBEDTLS_PRIVATE(p_abort);512/** Function that performs ECB mode for a cipher operation513* (Danger: ECB mode should not be used directly by clients of the PSA514* Crypto Client API)515*/516psa_drv_se_cipher_ecb_t MBEDTLS_PRIVATE(p_ecb);517} psa_drv_se_cipher_t;518519/**@}*/520521/** \defgroup se_asymmetric Secure Element Asymmetric Cryptography522*523* Since the amount of data that can (or should) be encrypted or signed using524* asymmetric keys is limited by the key size, asymmetric key operations using525* keys in a secure element must be done in single function calls.526*/527/**@{*/528529/**530* \brief A function that signs a hash or short message with a private key in531* a secure element532*533* \param[in,out] drv_context The driver context structure.534* \param[in] key_slot Key slot of an asymmetric key pair535* \param[in] alg A signature algorithm that is compatible536* with the type of `key`537* \param[in] p_hash The hash to sign538* \param[in] hash_length Size of the `p_hash` buffer in bytes539* \param[out] p_signature Buffer where the signature is to be written540* \param[in] signature_size Size of the `p_signature` buffer in bytes541* \param[out] p_signature_length On success, the number of bytes542* that make up the returned signature value543*544* \retval #PSA_SUCCESS \emptydescription545*/546typedef psa_status_t (*psa_drv_se_asymmetric_sign_t)(psa_drv_se_context_t *drv_context,547psa_key_slot_number_t key_slot,548psa_algorithm_t alg,549const uint8_t *p_hash,550size_t hash_length,551uint8_t *p_signature,552size_t signature_size,553size_t *p_signature_length);554555/**556* \brief A function that verifies the signature a hash or short message using557* an asymmetric public key in a secure element558*559* \param[in,out] drv_context The driver context structure.560* \param[in] key_slot Key slot of a public key or an asymmetric key561* pair562* \param[in] alg A signature algorithm that is compatible with563* the type of `key`564* \param[in] p_hash The hash whose signature is to be verified565* \param[in] hash_length Size of the `p_hash` buffer in bytes566* \param[in] p_signature Buffer containing the signature to verify567* \param[in] signature_length Size of the `p_signature` buffer in bytes568*569* \retval #PSA_SUCCESS570* The signature is valid.571*/572typedef psa_status_t (*psa_drv_se_asymmetric_verify_t)(psa_drv_se_context_t *drv_context,573psa_key_slot_number_t key_slot,574psa_algorithm_t alg,575const uint8_t *p_hash,576size_t hash_length,577const uint8_t *p_signature,578size_t signature_length);579580/**581* \brief A function that encrypts a short message with an asymmetric public582* key in a secure element583*584* \param[in,out] drv_context The driver context structure.585* \param[in] key_slot Key slot of a public key or an asymmetric key586* pair587* \param[in] alg An asymmetric encryption algorithm that is588* compatible with the type of `key`589* \param[in] p_input The message to encrypt590* \param[in] input_length Size of the `p_input` buffer in bytes591* \param[in] p_salt A salt or label, if supported by the592* encryption algorithm593* If the algorithm does not support a594* salt, pass `NULL`.595* If the algorithm supports an optional596* salt and you do not want to pass a salt,597* pass `NULL`.598* For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is599* supported.600* \param[in] salt_length Size of the `p_salt` buffer in bytes601* If `p_salt` is `NULL`, pass 0.602* \param[out] p_output Buffer where the encrypted message is to603* be written604* \param[in] output_size Size of the `p_output` buffer in bytes605* \param[out] p_output_length On success, the number of bytes that make up606* the returned output607*608* \retval #PSA_SUCCESS \emptydescription609*/610typedef psa_status_t (*psa_drv_se_asymmetric_encrypt_t)(psa_drv_se_context_t *drv_context,611psa_key_slot_number_t key_slot,612psa_algorithm_t alg,613const uint8_t *p_input,614size_t input_length,615const uint8_t *p_salt,616size_t salt_length,617uint8_t *p_output,618size_t output_size,619size_t *p_output_length);620621/**622* \brief A function that decrypts a short message with an asymmetric private623* key in a secure element.624*625* \param[in,out] drv_context The driver context structure.626* \param[in] key_slot Key slot of an asymmetric key pair627* \param[in] alg An asymmetric encryption algorithm that is628* compatible with the type of `key`629* \param[in] p_input The message to decrypt630* \param[in] input_length Size of the `p_input` buffer in bytes631* \param[in] p_salt A salt or label, if supported by the632* encryption algorithm633* If the algorithm does not support a634* salt, pass `NULL`.635* If the algorithm supports an optional636* salt and you do not want to pass a salt,637* pass `NULL`.638* For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is639* supported.640* \param[in] salt_length Size of the `p_salt` buffer in bytes641* If `p_salt` is `NULL`, pass 0.642* \param[out] p_output Buffer where the decrypted message is to643* be written644* \param[in] output_size Size of the `p_output` buffer in bytes645* \param[out] p_output_length On success, the number of bytes646* that make up the returned output647*648* \retval #PSA_SUCCESS \emptydescription649*/650typedef psa_status_t (*psa_drv_se_asymmetric_decrypt_t)(psa_drv_se_context_t *drv_context,651psa_key_slot_number_t key_slot,652psa_algorithm_t alg,653const uint8_t *p_input,654size_t input_length,655const uint8_t *p_salt,656size_t salt_length,657uint8_t *p_output,658size_t output_size,659size_t *p_output_length);660661/**662* \brief A struct containing all of the function pointers needed to implement663* asymmetric cryptographic operations using secure elements.664*665* PSA Crypto API implementations should populate instances of the table as666* appropriate upon startup or at build time.667*668* If one of the functions is not implemented, it should be set to NULL.669*/670typedef struct {671/** Function that performs an asymmetric sign operation */672psa_drv_se_asymmetric_sign_t MBEDTLS_PRIVATE(p_sign);673/** Function that performs an asymmetric verify operation */674psa_drv_se_asymmetric_verify_t MBEDTLS_PRIVATE(p_verify);675/** Function that performs an asymmetric encrypt operation */676psa_drv_se_asymmetric_encrypt_t MBEDTLS_PRIVATE(p_encrypt);677/** Function that performs an asymmetric decrypt operation */678psa_drv_se_asymmetric_decrypt_t MBEDTLS_PRIVATE(p_decrypt);679} psa_drv_se_asymmetric_t;680681/**@}*/682683/** \defgroup se_aead Secure Element Authenticated Encryption with Additional Data684* Authenticated Encryption with Additional Data (AEAD) operations with secure685* elements must be done in one function call. While this creates a burden for686* implementers as there must be sufficient space in memory for the entire687* message, it prevents decrypted data from being made available before the688* authentication operation is complete and the data is known to be authentic.689*/690/**@{*/691692/** \brief A function that performs a secure element authenticated encryption693* operation694*695* \param[in,out] drv_context The driver context structure.696* \param[in] key_slot Slot containing the key to use.697* \param[in] algorithm The AEAD algorithm to compute698* (\c PSA_ALG_XXX value such that699* #PSA_ALG_IS_AEAD(`alg`) is true)700* \param[in] p_nonce Nonce or IV to use701* \param[in] nonce_length Size of the `p_nonce` buffer in bytes702* \param[in] p_additional_data Additional data that will be703* authenticated but not encrypted704* \param[in] additional_data_length Size of `p_additional_data` in bytes705* \param[in] p_plaintext Data that will be authenticated and706* encrypted707* \param[in] plaintext_length Size of `p_plaintext` in bytes708* \param[out] p_ciphertext Output buffer for the authenticated and709* encrypted data. The additional data is710* not part of this output. For algorithms711* where the encrypted data and the712* authentication tag are defined as713* separate outputs, the authentication714* tag is appended to the encrypted data.715* \param[in] ciphertext_size Size of the `p_ciphertext` buffer in716* bytes717* \param[out] p_ciphertext_length On success, the size of the output in718* the `p_ciphertext` buffer719*720* \retval #PSA_SUCCESS721* Success.722*/723typedef psa_status_t (*psa_drv_se_aead_encrypt_t)(psa_drv_se_context_t *drv_context,724psa_key_slot_number_t key_slot,725psa_algorithm_t algorithm,726const uint8_t *p_nonce,727size_t nonce_length,728const uint8_t *p_additional_data,729size_t additional_data_length,730const uint8_t *p_plaintext,731size_t plaintext_length,732uint8_t *p_ciphertext,733size_t ciphertext_size,734size_t *p_ciphertext_length);735736/** A function that performs a secure element authenticated decryption operation737*738* \param[in,out] drv_context The driver context structure.739* \param[in] key_slot Slot containing the key to use740* \param[in] algorithm The AEAD algorithm to compute741* (\c PSA_ALG_XXX value such that742* #PSA_ALG_IS_AEAD(`alg`) is true)743* \param[in] p_nonce Nonce or IV to use744* \param[in] nonce_length Size of the `p_nonce` buffer in bytes745* \param[in] p_additional_data Additional data that has been746* authenticated but not encrypted747* \param[in] additional_data_length Size of `p_additional_data` in bytes748* \param[in] p_ciphertext Data that has been authenticated and749* encrypted.750* For algorithms where the encrypted data751* and the authentication tag are defined752* as separate inputs, the buffer must753* contain the encrypted data followed by754* the authentication tag.755* \param[in] ciphertext_length Size of `p_ciphertext` in bytes756* \param[out] p_plaintext Output buffer for the decrypted data757* \param[in] plaintext_size Size of the `p_plaintext` buffer in758* bytes759* \param[out] p_plaintext_length On success, the size of the output in760* the `p_plaintext` buffer761*762* \retval #PSA_SUCCESS763* Success.764*/765typedef psa_status_t (*psa_drv_se_aead_decrypt_t)(psa_drv_se_context_t *drv_context,766psa_key_slot_number_t key_slot,767psa_algorithm_t algorithm,768const uint8_t *p_nonce,769size_t nonce_length,770const uint8_t *p_additional_data,771size_t additional_data_length,772const uint8_t *p_ciphertext,773size_t ciphertext_length,774uint8_t *p_plaintext,775size_t plaintext_size,776size_t *p_plaintext_length);777778/**779* \brief A struct containing all of the function pointers needed to implement780* secure element Authenticated Encryption with Additional Data operations781*782* PSA Crypto API implementations should populate instances of the table as783* appropriate upon startup.784*785* If one of the functions is not implemented, it should be set to NULL.786*/787typedef struct {788/** Function that performs the AEAD encrypt operation */789psa_drv_se_aead_encrypt_t MBEDTLS_PRIVATE(p_encrypt);790/** Function that performs the AEAD decrypt operation */791psa_drv_se_aead_decrypt_t MBEDTLS_PRIVATE(p_decrypt);792} psa_drv_se_aead_t;793/**@}*/794795/** \defgroup se_key_management Secure Element Key Management796* Currently, key management is limited to importing keys in the clear,797* destroying keys, and exporting keys in the clear.798* Whether a key may be exported is determined by the key policies in place799* on the key slot.800*/801/**@{*/802803/** An enumeration indicating how a key is created.804*/805typedef enum {806PSA_KEY_CREATION_IMPORT, /**< During psa_import_key() */807PSA_KEY_CREATION_GENERATE, /**< During psa_generate_key() */808PSA_KEY_CREATION_DERIVE, /**< During psa_key_derivation_output_key() */809PSA_KEY_CREATION_COPY, /**< During psa_copy_key() */810811#ifndef __DOXYGEN_ONLY__812/** A key is being registered with mbedtls_psa_register_se_key().813*814* The core only passes this value to815* psa_drv_se_key_management_t::p_validate_slot_number, not to816* psa_drv_se_key_management_t::p_allocate. The call to817* `p_validate_slot_number` is not followed by any other call to the818* driver: the key is considered successfully registered if the call to819* `p_validate_slot_number` succeeds, or if `p_validate_slot_number` is820* null.821*822* With this creation method, the driver must return #PSA_SUCCESS if823* the given attributes are compatible with the existing key in the slot,824* and #PSA_ERROR_DOES_NOT_EXIST if the driver can determine that there825* is no key with the specified slot number.826*827* This is an Mbed TLS extension.828*/829PSA_KEY_CREATION_REGISTER,830#endif831} psa_key_creation_method_t;832833/** \brief A function that allocates a slot for a key.834*835* To create a key in a specific slot in a secure element, the core836* first calls this function to determine a valid slot number,837* then calls a function to create the key material in that slot.838* In nominal conditions (that is, if no error occurs),839* the effect of a call to a key creation function in the PSA Cryptography840* API with a lifetime that places the key in a secure element is the841* following:842* -# The core calls psa_drv_se_key_management_t::p_allocate843* (or in some implementations844* psa_drv_se_key_management_t::p_validate_slot_number). The driver845* selects (or validates) a suitable slot number given the key attributes846* and the state of the secure element.847* -# The core calls a key creation function in the driver.848*849* The key creation functions in the PSA Cryptography API are:850* - psa_import_key(), which causes851* a call to `p_allocate` with \p method = #PSA_KEY_CREATION_IMPORT852* then a call to psa_drv_se_key_management_t::p_import.853* - psa_generate_key(), which causes854* a call to `p_allocate` with \p method = #PSA_KEY_CREATION_GENERATE855* then a call to psa_drv_se_key_management_t::p_import.856* - psa_key_derivation_output_key(), which causes857* a call to `p_allocate` with \p method = #PSA_KEY_CREATION_DERIVE858* then a call to psa_drv_se_key_derivation_t::p_derive.859* - psa_copy_key(), which causes860* a call to `p_allocate` with \p method = #PSA_KEY_CREATION_COPY861* then a call to psa_drv_se_key_management_t::p_export.862*863* In case of errors, other behaviors are possible.864* - If the PSA Cryptography subsystem dies after the first step,865* for example because the device has lost power abruptly,866* the second step may never happen, or may happen after a reset867* and re-initialization. Alternatively, after a reset and868* re-initialization, the core may call869* psa_drv_se_key_management_t::p_destroy on the slot number that870* was allocated (or validated) instead of calling a key creation function.871* - If an error occurs, the core may call872* psa_drv_se_key_management_t::p_destroy on the slot number that873* was allocated (or validated) instead of calling a key creation function.874*875* Errors and system resets also have an impact on the driver's persistent876* data. If a reset happens before the overall key creation process is877* completed (before or after the second step above), it is unspecified878* whether the persistent data after the reset is identical to what it879* was before or after the call to `p_allocate` (or `p_validate_slot_number`).880*881* \param[in,out] drv_context The driver context structure.882* \param[in,out] persistent_data A pointer to the persistent data883* that allows writing.884* \param[in] attributes Attributes of the key.885* \param method The way in which the key is being created.886* \param[out] key_slot Slot where the key will be stored.887* This must be a valid slot for a key of the888* chosen type. It must be unoccupied.889*890* \retval #PSA_SUCCESS891* Success.892* The core will record \c *key_slot as the key slot where the key893* is stored and will update the persistent data in storage.894* \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription895* \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription896*/897typedef psa_status_t (*psa_drv_se_allocate_key_t)(898psa_drv_se_context_t *drv_context,899void *persistent_data,900const psa_key_attributes_t *attributes,901psa_key_creation_method_t method,902psa_key_slot_number_t *key_slot);903904/** \brief A function that determines whether a slot number is valid905* for a key.906*907* To create a key in a specific slot in a secure element, the core908* first calls this function to validate the choice of slot number,909* then calls a function to create the key material in that slot.910* See the documentation of #psa_drv_se_allocate_key_t for more details.911*912* As of the PSA Cryptography API specification version 1.0, there is no way913* for applications to trigger a call to this function. However some914* implementations offer the capability to create or declare a key in915* a specific slot via implementation-specific means, generally for the916* sake of initial device provisioning or onboarding. Such a mechanism may917* be added to a future version of the PSA Cryptography API specification.918*919* This function may update the driver's persistent data through920* \p persistent_data. The core will save the updated persistent data at the921* end of the key creation process. See the description of922* ::psa_drv_se_allocate_key_t for more information.923*924* \param[in,out] drv_context The driver context structure.925* \param[in,out] persistent_data A pointer to the persistent data926* that allows writing.927* \param[in] attributes Attributes of the key.928* \param method The way in which the key is being created.929* \param[in] key_slot Slot where the key is to be stored.930*931* \retval #PSA_SUCCESS932* The given slot number is valid for a key with the given933* attributes.934* \retval #PSA_ERROR_INVALID_ARGUMENT935* The given slot number is not valid for a key with the936* given attributes. This includes the case where the slot937* number is not valid at all.938* \retval #PSA_ERROR_ALREADY_EXISTS939* There is already a key with the specified slot number.940* Drivers may choose to return this error from the key941* creation function instead.942*/943typedef psa_status_t (*psa_drv_se_validate_slot_number_t)(944psa_drv_se_context_t *drv_context,945void *persistent_data,946const psa_key_attributes_t *attributes,947psa_key_creation_method_t method,948psa_key_slot_number_t key_slot);949950/** \brief A function that imports a key into a secure element in binary format951*952* This function can support any output from psa_export_key(). Refer to the953* documentation of psa_export_key() for the format for each key type.954*955* \param[in,out] drv_context The driver context structure.956* \param key_slot Slot where the key will be stored.957* This must be a valid slot for a key of the958* chosen type. It must be unoccupied.959* \param[in] attributes The key attributes, including the lifetime,960* the key type and the usage policy.961* Drivers should not access the key size stored962* in the attributes: it may not match the963* data passed in \p data.964* Drivers can call psa_get_key_lifetime(),965* psa_get_key_type(),966* psa_get_key_usage_flags() and967* psa_get_key_algorithm() to access this968* information.969* \param[in] data Buffer containing the key data.970* \param[in] data_length Size of the \p data buffer in bytes.971* \param[out] bits On success, the key size in bits. The driver972* must determine this value after parsing the973* key according to the key type.974* This value is not used if the function fails.975*976* \retval #PSA_SUCCESS977* Success.978*/979typedef psa_status_t (*psa_drv_se_import_key_t)(980psa_drv_se_context_t *drv_context,981psa_key_slot_number_t key_slot,982const psa_key_attributes_t *attributes,983const uint8_t *data,984size_t data_length,985size_t *bits);986987/**988* \brief A function that destroys a secure element key and restore the slot to989* its default state990*991* This function destroys the content of the key from a secure element.992* Implementations shall make a best effort to ensure that any previous content993* of the slot is unrecoverable.994*995* This function returns the specified slot to its default state.996*997* \param[in,out] drv_context The driver context structure.998* \param[in,out] persistent_data A pointer to the persistent data999* that allows writing.1000* \param key_slot The key slot to erase.1001*1002* \retval #PSA_SUCCESS1003* The slot's content, if any, has been erased.1004*/1005typedef psa_status_t (*psa_drv_se_destroy_key_t)(1006psa_drv_se_context_t *drv_context,1007void *persistent_data,1008psa_key_slot_number_t key_slot);10091010/**1011* \brief A function that exports a secure element key in binary format1012*1013* The output of this function can be passed to psa_import_key() to1014* create an equivalent object.1015*1016* If a key is created with `psa_import_key()` and then exported with1017* this function, it is not guaranteed that the resulting data is1018* identical: the implementation may choose a different representation1019* of the same key if the format permits it.1020*1021* This function should generate output in the same format that1022* `psa_export_key()` does. Refer to the1023* documentation of `psa_export_key()` for the format for each key type.1024*1025* \param[in,out] drv_context The driver context structure.1026* \param[in] key Slot whose content is to be exported. This must1027* be an occupied key slot.1028* \param[out] p_data Buffer where the key data is to be written.1029* \param[in] data_size Size of the `p_data` buffer in bytes.1030* \param[out] p_data_length On success, the number of bytes1031* that make up the key data.1032*1033* \retval #PSA_SUCCESS \emptydescription1034* \retval #PSA_ERROR_DOES_NOT_EXIST \emptydescription1035* \retval #PSA_ERROR_NOT_PERMITTED \emptydescription1036* \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription1037* \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription1038* \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription1039* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription1040*/1041typedef psa_status_t (*psa_drv_se_export_key_t)(psa_drv_se_context_t *drv_context,1042psa_key_slot_number_t key,1043uint8_t *p_data,1044size_t data_size,1045size_t *p_data_length);10461047/**1048* \brief A function that generates a symmetric or asymmetric key on a secure1049* element1050*1051* If the key type \c type recorded in \p attributes1052* is asymmetric (#PSA_KEY_TYPE_IS_ASYMMETRIC(\c type) = 1),1053* the driver may export the public key at the time of generation,1054* in the format documented for psa_export_public_key() by writing it1055* to the \p pubkey buffer.1056* This is optional, intended for secure elements that output the1057* public key at generation time and that cannot export the public key1058* later. Drivers that do not need this feature should leave1059* \p *pubkey_length set to 0 and should1060* implement the psa_drv_key_management_t::p_export_public function.1061* Some implementations do not support this feature, in which case1062* \p pubkey is \c NULL and \p pubkey_size is 0.1063*1064* \param[in,out] drv_context The driver context structure.1065* \param key_slot Slot where the key will be stored.1066* This must be a valid slot for a key of the1067* chosen type. It must be unoccupied.1068* \param[in] attributes The key attributes, including the lifetime,1069* the key type and size, and the usage policy.1070* Drivers can call psa_get_key_lifetime(),1071* psa_get_key_type(), psa_get_key_bits(),1072* psa_get_key_usage_flags() and1073* psa_get_key_algorithm() to access this1074* information.1075* \param[out] pubkey A buffer where the driver can write the1076* public key, when generating an asymmetric1077* key pair.1078* This is \c NULL when generating a symmetric1079* key or if the core does not support1080* exporting the public key at generation time.1081* \param pubkey_size The size of the `pubkey` buffer in bytes.1082* This is 0 when generating a symmetric1083* key or if the core does not support1084* exporting the public key at generation time.1085* \param[out] pubkey_length On entry, this is always 0.1086* On success, the number of bytes written to1087* \p pubkey. If this is 0 or unchanged on return,1088* the core will not read the \p pubkey buffer,1089* and will instead call the driver's1090* psa_drv_key_management_t::p_export_public1091* function to export the public key when needed.1092*/1093typedef psa_status_t (*psa_drv_se_generate_key_t)(1094psa_drv_se_context_t *drv_context,1095psa_key_slot_number_t key_slot,1096const psa_key_attributes_t *attributes,1097uint8_t *pubkey, size_t pubkey_size, size_t *pubkey_length);10981099/**1100* \brief A struct containing all of the function pointers needed to for secure1101* element key management1102*1103* PSA Crypto API implementations should populate instances of the table as1104* appropriate upon startup or at build time.1105*1106* If one of the functions is not implemented, it should be set to NULL.1107*/1108typedef struct {1109/** Function that allocates a slot for a key. */1110psa_drv_se_allocate_key_t MBEDTLS_PRIVATE(p_allocate);1111/** Function that checks the validity of a slot for a key. */1112psa_drv_se_validate_slot_number_t MBEDTLS_PRIVATE(p_validate_slot_number);1113/** Function that performs a key import operation */1114psa_drv_se_import_key_t MBEDTLS_PRIVATE(p_import);1115/** Function that performs a generation */1116psa_drv_se_generate_key_t MBEDTLS_PRIVATE(p_generate);1117/** Function that performs a key destroy operation */1118psa_drv_se_destroy_key_t MBEDTLS_PRIVATE(p_destroy);1119/** Function that performs a key export operation */1120psa_drv_se_export_key_t MBEDTLS_PRIVATE(p_export);1121/** Function that performs a public key export operation */1122psa_drv_se_export_key_t MBEDTLS_PRIVATE(p_export_public);1123} psa_drv_se_key_management_t;11241125/**@}*/11261127/** \defgroup driver_derivation Secure Element Key Derivation and Agreement1128* Key derivation is the process of generating new key material using an1129* existing key and additional parameters, iterating through a basic1130* cryptographic function, such as a hash.1131* Key agreement is a part of cryptographic protocols that allows two parties1132* to agree on the same key value, but starting from different original key1133* material.1134* The flows are similar, and the PSA Crypto Driver Model uses the same functions1135* for both of the flows.1136*1137* There are two different final functions for the flows,1138* `psa_drv_se_key_derivation_derive` and `psa_drv_se_key_derivation_export`.1139* `psa_drv_se_key_derivation_derive` is used when the key material should be1140* placed in a slot on the hardware and not exposed to the caller.1141* `psa_drv_se_key_derivation_export` is used when the key material should be1142* returned to the PSA Cryptographic API implementation.1143*1144* Different key derivation algorithms require a different number of inputs.1145* Instead of having an API that takes as input variable length arrays, which1146* can be problematic to manage on embedded platforms, the inputs are passed1147* to the driver via a function, `psa_drv_se_key_derivation_collateral`, that1148* is called multiple times with different `collateral_id`s. Thus, for a key1149* derivation algorithm that required 3 parameter inputs, the flow would look1150* something like:1151* ~~~~~~~~~~~~~{.c}1152* psa_drv_se_key_derivation_setup(kdf_algorithm, source_key, dest_key_size_bytes);1153* psa_drv_se_key_derivation_collateral(kdf_algorithm_collateral_id_0,1154* p_collateral_0,1155* collateral_0_size);1156* psa_drv_se_key_derivation_collateral(kdf_algorithm_collateral_id_1,1157* p_collateral_1,1158* collateral_1_size);1159* psa_drv_se_key_derivation_collateral(kdf_algorithm_collateral_id_2,1160* p_collateral_2,1161* collateral_2_size);1162* psa_drv_se_key_derivation_derive();1163* ~~~~~~~~~~~~~1164*1165* key agreement example:1166* ~~~~~~~~~~~~~{.c}1167* psa_drv_se_key_derivation_setup(alg, source_key. dest_key_size_bytes);1168* psa_drv_se_key_derivation_collateral(DHE_PUBKEY, p_pubkey, pubkey_size);1169* psa_drv_se_key_derivation_export(p_session_key,1170* session_key_size,1171* &session_key_length);1172* ~~~~~~~~~~~~~1173*/1174/**@{*/11751176/** \brief A function that Sets up a secure element key derivation operation by1177* specifying the algorithm and the source key sot1178*1179* \param[in,out] drv_context The driver context structure.1180* \param[in,out] op_context A hardware-specific structure containing any1181* context information for the implementation1182* \param[in] kdf_alg The algorithm to be used for the key derivation1183* \param[in] source_key The key to be used as the source material for1184* the key derivation1185*1186* \retval #PSA_SUCCESS \emptydescription1187*/1188typedef psa_status_t (*psa_drv_se_key_derivation_setup_t)(psa_drv_se_context_t *drv_context,1189void *op_context,1190psa_algorithm_t kdf_alg,1191psa_key_slot_number_t source_key);11921193/** \brief A function that provides collateral (parameters) needed for a secure1194* element key derivation or key agreement operation1195*1196* Since many key derivation algorithms require multiple parameters, it is1197* expected that this function may be called multiple times for the same1198* operation, each with a different algorithm-specific `collateral_id`1199*1200* \param[in,out] op_context A hardware-specific structure containing any1201* context information for the implementation1202* \param[in] collateral_id An ID for the collateral being provided1203* \param[in] p_collateral A buffer containing the collateral data1204* \param[in] collateral_size The size in bytes of the collateral1205*1206* \retval #PSA_SUCCESS \emptydescription1207*/1208typedef psa_status_t (*psa_drv_se_key_derivation_collateral_t)(void *op_context,1209uint32_t collateral_id,1210const uint8_t *p_collateral,1211size_t collateral_size);12121213/** \brief A function that performs the final secure element key derivation1214* step and place the generated key material in a slot1215*1216* \param[in,out] op_context A hardware-specific structure containing any1217* context information for the implementation1218* \param[in] dest_key The slot where the generated key material1219* should be placed1220*1221* \retval #PSA_SUCCESS \emptydescription1222*/1223typedef psa_status_t (*psa_drv_se_key_derivation_derive_t)(void *op_context,1224psa_key_slot_number_t dest_key);12251226/** \brief A function that performs the final step of a secure element key1227* agreement and place the generated key material in a buffer1228*1229* \param[out] p_output Buffer in which to place the generated key1230* material1231* \param[in] output_size The size in bytes of `p_output`1232* \param[out] p_output_length Upon success, contains the number of bytes of1233* key material placed in `p_output`1234*1235* \retval #PSA_SUCCESS \emptydescription1236*/1237typedef psa_status_t (*psa_drv_se_key_derivation_export_t)(void *op_context,1238uint8_t *p_output,1239size_t output_size,1240size_t *p_output_length);12411242/**1243* \brief A struct containing all of the function pointers needed to for secure1244* element key derivation and agreement1245*1246* PSA Crypto API implementations should populate instances of the table as1247* appropriate upon startup.1248*1249* If one of the functions is not implemented, it should be set to NULL.1250*/1251typedef struct {1252/** The driver-specific size of the key derivation context */1253size_t MBEDTLS_PRIVATE(context_size);1254/** Function that performs a key derivation setup */1255psa_drv_se_key_derivation_setup_t MBEDTLS_PRIVATE(p_setup);1256/** Function that sets key derivation collateral */1257psa_drv_se_key_derivation_collateral_t MBEDTLS_PRIVATE(p_collateral);1258/** Function that performs a final key derivation step */1259psa_drv_se_key_derivation_derive_t MBEDTLS_PRIVATE(p_derive);1260/** Function that performs a final key derivation or agreement and1261* exports the key */1262psa_drv_se_key_derivation_export_t MBEDTLS_PRIVATE(p_export);1263} psa_drv_se_key_derivation_t;12641265/**@}*/12661267/** \defgroup se_registration Secure element driver registration1268*/1269/**@{*/12701271/** A structure containing pointers to all the entry points of a1272* secure element driver.1273*1274* Future versions of this specification may add extra substructures at1275* the end of this structure.1276*/1277typedef struct {1278/** The version of the driver HAL that this driver implements.1279* This is a protection against loading driver binaries built against1280* a different version of this specification.1281* Use #PSA_DRV_SE_HAL_VERSION.1282*/1283uint32_t MBEDTLS_PRIVATE(hal_version);12841285/** The size of the driver's persistent data in bytes.1286*1287* This can be 0 if the driver does not need persistent data.1288*1289* See the documentation of psa_drv_se_context_t::persistent_data1290* for more information about why and how a driver can use1291* persistent data.1292*/1293size_t MBEDTLS_PRIVATE(persistent_data_size);12941295/** The driver initialization function.1296*1297* This function is called once during the initialization of the1298* PSA Cryptography subsystem, before any other function of the1299* driver is called. If this function returns a failure status,1300* the driver will be unusable, at least until the next system reset.1301*1302* If this field is \c NULL, it is equivalent to a function that does1303* nothing and returns #PSA_SUCCESS.1304*/1305psa_drv_se_init_t MBEDTLS_PRIVATE(p_init);13061307const psa_drv_se_key_management_t *MBEDTLS_PRIVATE(key_management);1308const psa_drv_se_mac_t *MBEDTLS_PRIVATE(mac);1309const psa_drv_se_cipher_t *MBEDTLS_PRIVATE(cipher);1310const psa_drv_se_aead_t *MBEDTLS_PRIVATE(aead);1311const psa_drv_se_asymmetric_t *MBEDTLS_PRIVATE(asymmetric);1312const psa_drv_se_key_derivation_t *MBEDTLS_PRIVATE(derivation);1313} psa_drv_se_t;13141315/** The current version of the secure element driver HAL.1316*/1317/* 0.0.0 patchlevel 5 */1318#define PSA_DRV_SE_HAL_VERSION 0x0000000513191320/** Register an external cryptoprocessor (secure element) driver.1321*1322* This function is only intended to be used by driver code, not by1323* application code. In implementations with separation between the1324* PSA cryptography module and applications, this function should1325* only be available to callers that run in the same memory space as1326* the cryptography module, and should not be exposed to applications1327* running in a different memory space.1328*1329* This function may be called before psa_crypto_init(). It is1330* implementation-defined whether this function may be called1331* after psa_crypto_init().1332*1333* \note Implementations store metadata about keys including the lifetime1334* value, which contains the driver's location indicator. Therefore,1335* from one instantiation of the PSA Cryptography1336* library to the next one, if there is a key in storage with a certain1337* lifetime value, you must always register the same driver (or an1338* updated version that communicates with the same secure element)1339* with the same location value.1340*1341* \param location The location value through which this driver will1342* be exposed to applications.1343* This driver will be used for all keys such that1344* `location == #PSA_KEY_LIFETIME_GET_LOCATION( lifetime )`.1345* The value #PSA_KEY_LOCATION_LOCAL_STORAGE is reserved1346* and may not be used for drivers. Implementations1347* may reserve other values.1348* \param[in] methods The method table of the driver. This structure must1349* remain valid for as long as the cryptography1350* module keeps running. It is typically a global1351* constant.1352*1353* \return #PSA_SUCCESS1354* The driver was successfully registered. Applications can now1355* use \p location to access keys through the methods passed to1356* this function.1357* \return #PSA_ERROR_BAD_STATE1358* This function was called after the initialization of the1359* cryptography module, and this implementation does not support1360* driver registration at this stage.1361* \return #PSA_ERROR_ALREADY_EXISTS1362* There is already a registered driver for this value of \p location.1363* \return #PSA_ERROR_INVALID_ARGUMENT1364* \p location is a reserved value.1365* \return #PSA_ERROR_NOT_SUPPORTED1366* `methods->hal_version` is not supported by this implementation.1367* \return #PSA_ERROR_INSUFFICIENT_MEMORY1368* \return #PSA_ERROR_NOT_PERMITTED1369* \return #PSA_ERROR_STORAGE_FAILURE1370* \return #PSA_ERROR_DATA_CORRUPT1371*/1372psa_status_t psa_register_se_driver(1373psa_key_location_t location,1374const psa_drv_se_t *methods);13751376/**@}*/13771378#ifdef __cplusplus1379}1380#endif13811382#endif /* PSA_CRYPTO_SE_DRIVER_H */138313841385