Lines Matching +full:results +full:- +full:code
7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
24 * are present in this file as a convenience to generate pretty-printed
27 /** \defgroup platform Implementation-specific definitions
127 * linkage). This function may be provided as a function-like macro,
172 * linkage). This function may be provided as a function-like macro,
187 * linkage). This function may be provided as a function-like macro,
202 * linkage). This function may be provided as a function-like macro,
222 * linkage). This function may be provided as a function-like macro,
234 * linkage). This function may be provided as a function-like macro,
249 * - 0 does not allow any cryptographic operation with the key. The key
250 * may be used for non-cryptographic actions such as exporting (if
252 * - An algorithm value permits this particular algorithm.
253 * - An algorithm wildcard built from #PSA_ALG_ANY_HASH allows the specified
255 * - An algorithm built from #PSA_ALG_AT_LEAST_THIS_LENGTH_MAC allows
259 * - An algorithm built from #PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG
268 * linkage). This function may be provided as a function-like macro,
281 * linkage). This function may be provided as a function-like macro,
297 * linkage). This function may be provided as a function-like macro,
314 * linkage). This function may be provided as a function-like macro,
329 * linkage). This function may be provided as a function-like macro,
341 * linkage). This function may be provided as a function-like macro,
363 * freshly-initialized structure.
375 * It is implementation-dependent whether a failure to initialize
376 * results in this error code.
401 /** Remove non-essential copies of key material from memory.
419 * It is implementation-dependent whether a failure to initialize
420 * results in this error code.
433 * subject to implementation-defined restrictions on key sharing.
448 * - The usage flags on the resulting key are the bitwise-and of the
450 * - If both allow the same algorithm or wildcard-based
452 * - If either of the policies allows an algorithm and the other policy
453 * allows a wildcard-based algorithm policy that includes this algorithm,
455 * - If the policies do not allow any algorithm in common, this function
458 * The effect of this function on implementation-defined attributes is
459 * implementation-defined.
467 * - The key type and size may be 0. If either is
470 * - The key location (the lifetime and, for
473 * - The policy constraints (usage flags and
509 * It is implementation-dependent whether a failure to initialize
510 * results in this error code.
521 * memory and, if applicable, non-volatile storage. Implementations shall
543 * read-only, either due to a policy or due to physical restrictions.
564 * It is implementation-dependent whether a failure to initialize
565 * results in this error code.
643 * It is implementation-dependent whether a failure to initialize
644 * results in this error code.
666 * - For symmetric keys (including MAC keys), the format is the
668 * - For DES, the key data consists of 8 bytes. The parity bits must be
670 * - For Triple-DES, the format is the concatenation of the
672 * - For RSA key pairs (#PSA_KEY_TYPE_RSA_KEY_PAIR), the format
673 * is the non-encrypted DER encoding of the representation defined by
677 * version INTEGER, -- must be 0
678 * modulus INTEGER, -- n
679 * publicExponent INTEGER, -- e
680 * privateExponent INTEGER, -- d
681 * prime1 INTEGER, -- p
682 * prime2 INTEGER, -- q
683 * exponent1 INTEGER, -- d mod (p-1)
684 * exponent2 INTEGER, -- d mod (q-1)
685 * coefficient INTEGER, -- (inverse of q) mod p
688 * - For elliptic curve key pairs (key types for which
690 * a representation of the private value as a `ceiling(m/8)`-byte string
693 * in little-endian order for Montgomery curves (curve types
694 * `PSA_ECC_FAMILY_CURVEXXX`), and in big-endian order for Weierstrass
701 * (a 32-byte string for Edwards25519, a 57-byte string for Edwards448).
702 * - For Diffie-Hellman key exchange key pairs (key types for which
704 * format is the representation of the private key `x` as a big-endian byte
707 * - For public keys (key types for which #PSA_KEY_TYPE_IS_PUBLIC_KEY is
738 * It is implementation-dependent whether a failure to initialize
739 * results in this error code.
760 * - For RSA public keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY), the DER encoding of
764 * modulus INTEGER, -- n
765 * publicExponent INTEGER } -- e
767 * - For elliptic curve keys on a twisted Edwards curve (key types for which
771 * (a 32-byte string for Edwards25519, a 57-byte string for Edwards448).
772 * - For other elliptic curve public keys (key types for which
777 * - The byte 0x04;
778 * - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
779 * - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
780 * - For Diffie-Hellman key exchange public keys (key types for which
783 * big-endian byte string. The length of the byte string is the length of the
813 * It is implementation-dependent whether a failure to initialize
814 * results in this error code.
857 * It is implementation-dependent whether a failure to initialize
858 * results in this error code.
892 * It is implementation-dependent whether a failure to initialize
893 * results in this error code.
905 * - Set the structure to all-bits-zero, for example:
906 * \code
910 * - Initialize the structure to logical zero values, for example:
911 * \code
914 * - Initialize the structure to the initializer #PSA_HASH_OPERATION_INIT,
916 * \code
919 * - Assign the result of the function psa_hash_operation_init()
921 * \code
926 * This is an implementation-defined \c struct. Applications should not
945 * -# Allocate an operation object which will be passed to all the functions
947 * -# Initialize the operation object with one of the methods described in the
949 * -# Call psa_hash_setup() to specify the algorithm.
950 * -# Call psa_hash_update() zero, one or more times, passing a fragment
953 * -# To calculate the hash, call psa_hash_finish().
964 * - A successful call to psa_hash_finish() or psa_hash_verify().
965 * - A call to psa_hash_abort().
986 * It is implementation-dependent whether a failure to initialize
987 * results in this error code.
1012 * It is implementation-dependent whether a failure to initialize
1013 * results in this error code.
1058 * It is implementation-dependent whether a failure to initialize
1059 * results in this error code.
1099 * It is implementation-dependent whether a failure to initialize
1100 * results in this error code.
1128 * It is implementation-dependent whether a failure to initialize
1129 * results in this error code.
1157 * It is implementation-dependent whether a failure to initialize
1158 * results in this error code.
1169 /** Calculate the MAC (message authentication code) of a message.
1208 * It is implementation-dependent whether a failure to initialize
1209 * results in this error code.
1249 * It is implementation-dependent whether a failure to initialize
1250 * results in this error code.
1263 * - Set the structure to all-bits-zero, for example:
1264 * \code
1268 * - Initialize the structure to logical zero values, for example:
1269 * \code
1272 * - Initialize the structure to the initializer #PSA_MAC_OPERATION_INIT,
1274 * \code
1277 * - Assign the result of the function psa_mac_operation_init()
1279 * \code
1285 * This is an implementation-defined \c struct. Applications should not
1303 * (message authentication code) of a byte string.
1308 * -# Allocate an operation object which will be passed to all the functions
1310 * -# Initialize the operation object with one of the methods described in the
1312 * -# Call psa_mac_sign_setup() to specify the algorithm and key.
1313 * -# Call psa_mac_update() zero, one or more times, passing a fragment
1316 * -# At the end of the message, call psa_mac_sign_finish() to finish
1326 * - A successful call to psa_mac_sign_finish().
1327 * - A call to psa_mac_abort().
1355 * It is implementation-dependent whether a failure to initialize
1356 * results in this error code.
1365 * (message authentication code) of a byte string against an expected value.
1368 * -# Allocate an operation object which will be passed to all the functions
1370 * -# Initialize the operation object with one of the methods described in the
1372 * -# Call psa_mac_verify_setup() to specify the algorithm and key.
1373 * -# Call psa_mac_update() zero, one or more times, passing a fragment
1376 * -# At the end of the message, call psa_mac_verify_finish() to finish
1387 * - A successful call to psa_mac_verify_finish().
1388 * - A call to psa_mac_abort().
1417 * It is implementation-dependent whether a failure to initialize
1418 * results in this error code.
1447 * It is implementation-dependent whether a failure to initialize
1448 * results in this error code.
1479 * bit-size respectively of the key and \c alg is the
1496 * It is implementation-dependent whether a failure to initialize
1497 * results in this error code.
1539 * It is implementation-dependent whether a failure to initialize
1540 * results in this error code.
1568 * It is implementation-dependent whether a failure to initialize
1569 * results in this error code.
1615 * It is implementation-dependent whether a failure to initialize
1616 * results in this error code.
1662 * It is implementation-dependent whether a failure to initialize
1663 * results in this error code.
1677 * - Set the structure to all-bits-zero, for example:
1678 * \code
1682 * - Initialize the structure to logical zero values, for example:
1683 * \code
1686 * - Initialize the structure to the initializer #PSA_CIPHER_OPERATION_INIT,
1688 * \code
1691 * - Assign the result of the function psa_cipher_operation_init()
1693 * \code
1698 * This is an implementation-defined \c struct. Applications should not
1717 * -# Allocate an operation object which will be passed to all the functions
1719 * -# Initialize the operation object with one of the methods described in the
1722 * -# Call psa_cipher_encrypt_setup() to specify the algorithm and key.
1723 * -# Call either psa_cipher_generate_iv() or psa_cipher_set_iv() to
1727 * -# Call psa_cipher_update() zero, one or more times, passing a fragment
1729 * -# Call psa_cipher_finish().
1739 * - A successful call to psa_cipher_finish().
1740 * - A call to psa_cipher_abort().
1769 * It is implementation-dependent whether a failure to initialize
1770 * results in this error code.
1780 * -# Allocate an operation object which will be passed to all the functions
1782 * -# Initialize the operation object with one of the methods described in the
1785 * -# Call psa_cipher_decrypt_setup() to specify the algorithm and key.
1786 * -# Call psa_cipher_set_iv() with the IV (initialization vector) for the
1790 * -# Call psa_cipher_update() zero, one or more times, passing a fragment
1792 * -# Call psa_cipher_finish().
1802 * - A successful call to psa_cipher_finish().
1803 * - A call to psa_cipher_abort().
1832 * It is implementation-dependent whether a failure to initialize
1833 * results in this error code.
1870 * It is implementation-dependent whether a failure to initialize
1871 * results in this error code.
1891 * a non-random IV.
1911 * It is implementation-dependent whether a failure to initialize
1912 * results in this error code.
1952 * It is implementation-dependent whether a failure to initialize
1953 * results in this error code.
2004 * It is implementation-dependent whether a failure to initialize
2005 * results in this error code.
2034 * It is implementation-dependent whether a failure to initialize
2035 * results in this error code.
2071 * - A sufficient output size is
2075 * - #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\p
2103 * It is implementation-dependent whether a failure to initialize
2104 * results in this error code.
2142 * - A sufficient output size is
2146 * - #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\p
2176 * It is implementation-dependent whether a failure to initialize
2177 * results in this error code.
2195 * - Set the structure to all-bits-zero, for example:
2196 * \code
2200 * - Initialize the structure to logical zero values, for example:
2201 * \code
2204 * - Initialize the structure to the initializer #PSA_AEAD_OPERATION_INIT,
2206 * \code
2209 * - Assign the result of the function psa_aead_operation_init()
2211 * \code
2216 * This is an implementation-defined \c struct. Applications should not
2235 * -# Allocate an operation object which will be passed to all the functions
2237 * -# Initialize the operation object with one of the methods described in the
2240 * -# Call psa_aead_encrypt_setup() to specify the algorithm and key.
2241 * -# If needed, call psa_aead_set_lengths() to specify the length of the
2245 * -# Call either psa_aead_generate_nonce() or psa_aead_set_nonce() to
2249 * -# Call psa_aead_update_ad() zero, one or more times, passing a fragment
2250 * of the non-encrypted additional authenticated data each time.
2251 * -# Call psa_aead_update() zero, one or more times, passing a fragment
2253 * -# Call psa_aead_finish().
2263 * - A successful call to psa_aead_finish().
2264 * - A call to psa_aead_abort().
2294 * It is implementation-dependent whether a failure to initialize
2295 * results in this error code.
2305 * -# Allocate an operation object which will be passed to all the functions
2307 * -# Initialize the operation object with one of the methods described in the
2310 * -# Call psa_aead_decrypt_setup() to specify the algorithm and key.
2311 * -# If needed, call psa_aead_set_lengths() to specify the length of the
2315 * -# Call psa_aead_set_nonce() with the nonce for the decryption.
2316 * -# Call psa_aead_update_ad() zero, one or more times, passing a fragment
2317 * of the non-encrypted additional authenticated data each time.
2318 * -# Call psa_aead_update() zero, one or more times, passing a fragment
2320 * -# Call psa_aead_verify().
2330 * - A successful call to psa_aead_verify().
2331 * - A call to psa_aead_abort().
2360 * It is implementation-dependent whether a failure to initialize
2361 * results in this error code.
2399 * It is implementation-dependent whether a failure to initialize
2400 * results in this error code.
2420 * a non-random IV.
2439 * It is implementation-dependent whether a failure to initialize
2440 * results in this error code.
2457 * - For #PSA_ALG_CCM, calling this function is required.
2458 * - For the other AEAD algorithms defined in this specification, calling
2460 * - For vendor-defined algorithm, refer to the vendor documentation.
2466 * \param ad_length Size of the non-encrypted additional
2484 * It is implementation-dependent whether a failure to initialize
2485 * results in this error code.
2532 * It is implementation-dependent whether a failure to initialize
2533 * results in this error code.
2554 * - Do not use the output in any way other than storing it in a
2562 * - In particular, do not copy the output anywhere but to a
2581 * - A sufficient output size is
2587 * - #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p
2616 * It is implementation-dependent whether a failure to initialize
2617 * results in this error code.
2636 * - \p ciphertext contains trailing ciphertext that was buffered from
2638 * - \p tag contains the authentication tag.
2650 * - A sufficient output size is
2655 * - #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE evaluates to
2665 * - The exact tag size is #PSA_AEAD_TAG_LENGTH(\c
2668 * bit-size of the key, and \c alg is the
2671 * - #PSA_AEAD_TAG_MAX_SIZE evaluates to the
2702 * It is implementation-dependent whether a failure to initialize
2703 * results in this error code.
2720 * - The additional data consisting of the concatenation of the inputs
2722 * - The ciphertext consisting of the concatenation of the inputs passed to
2724 * - The tag passed to this function call.
2746 * - A sufficient output size is
2751 * - #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE evaluates to
2785 * It is implementation-dependent whether a failure to initialize
2786 * results in this error code.
2817 * It is implementation-dependent whether a failure to initialize
2818 * results in this error code.
2829 * \brief Sign a message with a private key. For hash-and-sign algorithms,
2832 * \note To perform a multi-part hash-and-sign signature algorithm, first use
2833 * a multi-part hash operation and then pass the resulting hash to
2850 * - The required signature size is
2853 * bit-size respectively of key.
2854 * - #PSA_SIGNATURE_MAX_SIZE evaluates to the
2869 * where \c key_type and \c key_bits are the type and bit-size
2883 * It is implementation-dependent whether a failure to initialize
2884 * results in this error code.
2895 * a hash-and-sign verification algorithm.
2897 * \note To perform a multi-part hash-and-sign signature verification
2898 * algorithm, first use a multi-part hash operation to hash the message
2935 * It is implementation-dependent whether a failure to initialize
2936 * results in this error code.
2948 * Note that to perform a hash-and-sign signature algorithm, you must
2976 * where \c key_type and \c key_bits are the type and bit-size
2988 * It is implementation-dependent whether a failure to initialize
2989 * results in this error code.
3002 * Note that to perform a hash-and-sign signature algorithm, you must
3039 * It is implementation-dependent whether a failure to initialize
3040 * results in this error code.
3068 * - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
3085 * where \c key_type and \c key_bits are the type and bit-size
3097 * It is implementation-dependent whether a failure to initialize
3098 * results in this error code.
3128 * - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
3145 * where \c key_type and \c key_bits are the type and bit-size
3158 * It is implementation-dependent whether a failure to initialize
3159 * results in this error code.
3181 * - Set the structure to all-bits-zero, for example:
3182 * \code
3186 * - Initialize the structure to logical zero values, for example:
3187 * \code
3190 * - Initialize the structure to the initializer #PSA_KEY_DERIVATION_OPERATION_INIT,
3192 * \code
3195 * - Assign the result of the function psa_key_derivation_operation_init()
3197 * \code
3202 * This is an implementation-defined \c struct. Applications should not
3226 * -# Start with an initialized object of type #psa_key_derivation_operation_t.
3227 * -# Call psa_key_derivation_setup() to select the algorithm.
3228 * -# Provide the inputs for the key derivation by calling
3232 * -# Optionally set the operation's maximum capacity with
3236 * -# To derive a key, call psa_key_derivation_output_key() or
3242 * -# Clean up the key derivation operation object with
3274 * It is implementation-dependent whether a failure to initialize
3275 * results in this error code.
3297 * It is implementation-dependent whether a failure to initialize
3298 * results in this error code.
3325 * It is implementation-dependent whether a failure to initialize
3326 * results in this error code.
3339 #define PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ((size_t) (-1))
3348 * non-secret inputs. To pass a secret input, which should be in a key
3378 * It is implementation-dependent whether a failure to initialize
3379 * results in this error code.
3395 * This function is used for inputs which are fixed-size non-negative
3421 * It is implementation-dependent whether a failure to initialize
3422 * results in this error code.
3436 * secret inputs or for non-secret personalization strings kept in the key
3437 * store. To pass a non-secret parameter which is not in the key store,
3458 * - psa_key_derivation_output_bytes() if each input was either a direct input
3460 * - psa_key_derivation_output_key() or psa_key_derivation_output_key_ext()
3465 * - psa_key_derivation_verify_bytes() if each input was either a direct input
3467 * - psa_key_derivation_verify_key() under the same conditions as
3489 * It is implementation-dependent whether a failure to initialize
3490 * results in this error code.
3557 * It is implementation-dependent whether a failure to initialize
3558 * results in this error code.
3604 * It is implementation-dependent whether a failure to initialize
3605 * results in this error code.
3632 * - For key types for which the key is an arbitrary sequence of bytes
3643 * - #PSA_KEY_TYPE_AES;
3644 * - #PSA_KEY_TYPE_ARIA;
3645 * - #PSA_KEY_TYPE_CAMELLIA;
3646 * - #PSA_KEY_TYPE_DERIVE;
3647 * - #PSA_KEY_TYPE_HMAC;
3648 * - #PSA_KEY_TYPE_PASSWORD_HASH.
3650 * - For ECC keys on a Montgomery elliptic curve
3656 * - Curve25519 (#PSA_ECC_FAMILY_MONTGOMERY, 255 bits): draw a 32-byte
3658 * - Curve448 (#PSA_ECC_FAMILY_MONTGOMERY, 448 bits): draw a 56-byte
3661 * - For key types for which the key is represented by a single sequence of
3671 * - #PSA_KEY_TYPE_DES.
3672 * Force-set the parity bits, but discard forbidden weak keys.
3673 * For 2-key and 3-key triple-DES, the three keys are generated
3674 * successively (for example, for 3-key triple-DES,
3679 * - Finite-field Diffie-Hellman keys (#PSA_KEY_TYPE_DH_KEY_PAIR(\c group)
3680 * where \c group designates any Diffie-Hellman group) and
3685 * in big-endian order. Discard it if it is not in the range
3686 * [0, *N* - 2] where *N* is the boundary of the private key domain
3687 * (the prime *p* for Diffie-Hellman, the subprime *q* for DSA,
3691 * the methods titled "key-pair generation by testing candidates"
3692 * in NIST SP 800-56A §5.6.1.1.4 for Diffie-Hellman,
3693 * in FIPS 186-4 §B.1.2 for DSA, and
3694 * in NIST SP 800-56A §5.6.1.2.2 or
3695 * FIPS 186-4 §B.4.2 for elliptic curve keys.
3697 * - For other key types, including #PSA_KEY_TYPE_RSA_KEY_PAIR,
3699 * implementation-defined.
3712 * and `params_data_length == 0` (i.e. `params->data` is empty).
3759 * It is implementation-dependent whether a failure to initialize
3760 * results in this error code.
3772 * Mbed TLS currently does not currently support any non-default production
3794 * Length of `params->data` in bytes.
3834 * It is implementation-dependent whether a failure to initialize
3835 * results in this error code.
3853 * This is functionally equivalent to the following code:
3854 * \code
3894 * It is implementation-dependent whether a failure to initialize
3895 * results in this error code.
3959 * It is implementation-dependent whether a failure to initialize
3960 * results in this error code.
3986 * It is implementation-dependent whether a failure to initialize
3987 * results in this error code.
3994 * \warning The raw result of a key agreement algorithm such as finite-field
3995 * Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should
4039 * It is implementation-dependent whether a failure to initialize
4040 * results in this error code.
4077 * It is implementation-dependent whether a failure to initialize
4078 * results in this error code.
4091 * The following type-specific considerations apply:
4092 * - For RSA keys (#PSA_KEY_TYPE_RSA_KEY_PAIR),
4095 * between 2^{n-1} and 2^n where n is the bit size specified in the
4100 * and `params_data_length == 0` (i.e. `params->data` is empty).
4128 * It is implementation-dependent whether a failure to initialize
4129 * results in this error code.
4142 * - RSA keys: generation with a custom public exponent.
4154 * Length of `params->data` in bytes.
4180 * It is implementation-dependent whether a failure to initialize
4181 * results in this error code.
4199 * - Set the structure to all-bits-zero, for example:
4200 * \code
4204 * - Initialize the structure to logical zero values, for example:
4205 * \code
4208 * - Initialize the structure to the initializer
4210 * \code
4214 * - Assign the result of the function
4217 * \code
4222 * This is an implementation-defined \c struct. Applications should not
4232 * - Set the structure to all-bits-zero, for example:
4233 * \code
4237 * - Initialize the structure to logical zero values, for example:
4238 * \code
4241 * - Initialize the structure to the initializer
4243 * \code
4247 * - Assign the result of the function
4250 * \code
4255 * This is an implementation-defined \c struct. Applications should not
4292 * error code; or to call the relevant abort
4298 * real-time system needs a guarantee of not
4303 * time. On a non-real-time system, the
4319 * call results in immediate return with no ops
4362 * \note This interface is guaranteed re-entrant and
4363 * thus may be called from driver code.
4455 * The operation started successfully - call \c psa_sign_hash_complete()
4477 * It is implementation-dependent whether a failure to initialize
4478 * results in this error code.
4526 * - The required signature size is
4529 * key_bits are the type and bit-size
4531 * - #PSA_SIGNATURE_MAX_SIZE evaluates to the
4549 * where \c key_type and \c key_bits are the type and bit-size
4570 * implementation-dependent whether a failure to initialize results in
4571 * this error code.
4612 * It is implementation-dependent whether a failure to initialize
4613 * results in this error code.
4666 * The operation started successfully - please call \c
4689 * It is implementation-dependent whether a failure to initialize
4690 * results in this error code.
4766 * implementation-dependent whether a failure to initialize results in
4767 * this error code.
4806 * It is implementation-dependent whether a failure to initialize
4807 * results in this error code.
4820 * macros whose definitions are implementation-specific. */
4824 * implementation-specific structs that are declared above. */
4831 /* The file "crypto_extra.h" contains vendor-specific definitions. This
4832 * can include vendor-defined algorithms, extra functions, etc. */