Home
last modified time | relevance | path

Searched +full:for +full:- +full:context (Results 1 – 25 of 420) sorted by relevance

12345678910>>...17

/trusted-firmware-m-latest/docs/integration_guide/
Dnon-secure_client_extension_integration_guide.rst2 Non-secure Client Extension Integration Guide
5 This document introduces TF-M Non-secure Client Extension (NSCE) and how to
6 integrate it with Non-secure Processing Environment (NSPE) RTOS.
9 What is NSCE for
13 between TF-M and NSPE RTOS.
15 - Non-secure context management in TF-M
17 When a NS task calls a secure service, a context is maintained in TF-M. If
18 TF-M supports multiple secure service calls, the context needs to be loaded
22 - Non-secure client ID (NSID) management
24 As per PSA Firmware Framework specification, NSID is required for a secure
[all …]
/trusted-firmware-m-latest/platform/ext/cmsis/CMSIS/CoreValidation/Project/
DValidation.cproject.yml3 # App: CMSIS-Core Validation for Cortex-M
4 - layer: ../Layer/App/Validation_Cortex-M/App.clayer.yml
5 for-context:
6 - +CM0
7 - +CM0plus
8 - +CM3
9 - +CM4
10 - +CM7
11 - +CM23
12 - +CM23S
[all …]
/trusted-firmware-m-latest/secure_fw/spm/ns_client_ext/
Dtfm_ns_ctx.h4 * SPDX-License-Identifier: BSD-3-Clause
13 /* Supported maximum context for NS. Only support single context for now. */
18 /* Non-secure context structure */
20 int32_t nsid; /* Non-secure Client ID, must be < 0 */
21 uint8_t gid; /* Group ID. Threads in same group share one context */
23 uint8_t ref_cnt; /* The number of threads sharing this context */
26 /* Initialize the non-secure context */
30 * Acquire the non-secure context for a non-secure client thread
31 * gid: The group ID of the thread. The threads in one group share one context.
32 * idx: Output buffer to retrieve the index of the allocated context.
[all …]
Dtfm_ns_ctx.c2 * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
4 * SPDX-License-Identifier: BSD-3-Clause
14 * NS context. Initialized to 0.
19 /* Current active NS context index. Default is invalid index */
26 for (i = 0; i < TFM_NS_CONTEXT_MAX; i++) { in init_ns_ctx()
37 /* Only support one context slot for now */ in acquire_ns_ctx()
43 * Go through all context slots to get the context for the given group ID. in acquire_ns_ctx()
44 * It will not take a long time as the context number should be limited. in acquire_ns_ctx()
46 for (i = 0; i < TFM_NS_CONTEXT_MAX; i++) { in acquire_ns_ctx()
47 if (ns_ctx_data[i].ref_cnt > 0) { /* This context has been taken */ in acquire_ns_ctx()
[all …]
/trusted-firmware-m-latest/docs/design_docs/software/
Dtfm_cooperative_scheduling_rules.rst9 TF-M Scheduler - Rules
12 On ArmV8-M CPUs, NSPE and SPE share the same physical processing element(PE). A
13 TF-M enabled systems need to be able to handle asynchronous events (interrupts)
15 decisions. This introduces significant complexity into TF-M. To keep the
17 following set of rules are imposed on the TF-M scheduler design.
27 design for constrained devices
34 Scheduler Rules for context switching between SPE and NSPE
44 - A NSPE interrupt takes control into NSPE from SPE
45 - A SPE interrupt takes control into SPE from NSPE
50 - A NSPE exception handler returns from NSPE to pre-empted SPE context
[all …]
/trusted-firmware-m-latest/interface/include/mbedtls/
Decdsa.h7 * <em>Standards for Efficient Cryptography Group (SECG):
9 * The use of ECDSA for TLS is defined in <em>RFC-4492: Elliptic Curve
10 * Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)</em>.
15 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
28 * \brief Maximum ECDSA signature size for a given curve bit size
33 * \note This macro returns a compile-time constant if its argument
37 * Ecdsa-Sig-Value ::= SEQUENCE {
42 * For each of r and s, the value (V) may include an extra initial "0" bit.
57 * \brief The ECDSA context structure.
60 * ECDSA context is not supported; objects of this type
[all …]
Dpk.h8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
36 #define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80
38 #define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00
40 #define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80
42 #define MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00
44 #define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80
46 #define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00
48 #define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80
50 #define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00
51 /** Given private key password does not allow for correct decryption. */
[all …]
Dlms.h4 * \brief This file provides an API for the LMS post-quantum-safe stateful-hash
5 public-key signature scheme as defined in RFC8554 and NIST.SP.200-208.
9 * for IOT firmware upgrades (RFC9019).
13 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
24 #define MBEDTLS_ERR_LMS_BAD_INPUT_DATA -0x0011 /**< Bad data has been input to an LMS function */
25 #define MBEDTLS_ERR_LMS_OUT_OF_PRIVATE_KEYS -0x0013 /**< Specified LMS key has utilised all of its …
26 #define MBEDTLS_ERR_LMS_VERIFY_FAILED -0x0015 /**< LMS signature verification failed */
27 #define MBEDTLS_ERR_LMS_ALLOC_FAILED -0x0017 /**< LMS failed to allocate space for a private ke…
28 #define MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL -0x0019 /**< Input/output buffer is too small to contain r…
30 /* Currently only defined for SHA256, 32 is the max hash output size */
[all …]
Decdh.h6 * The Elliptic Curve Diffie-Hellman (ECDH) protocol is an anonymous
9 * elliptic-curve public–private key pair.
11 * For more information, see <em>NIST SP 800-56A Rev. 2: Recommendation for
12 * Pair-Wise Key Establishment Schemes Using Discrete Logarithm
17 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
29 * Mbed TLS supports two formats for ECDH contexts (#mbedtls_ecdh_context
30 * defined in `ecdh.h`). For most applications, the choice of format makes
35 * (56 bytes on a 32-bit platform). In future versions of the library, it
38 * context fields directly and with restartable ECP operations.
80 * The context used by the default ECDH implementation.
[all …]
Drsa.h4 * \brief This file provides an API for the RSA public-key cryptosystem.
6 * The RSA public-key cryptosystem is defined in <em>Public-Key
8 * and <em>Public-Key Cryptography Standards (PKCS) #1 v2.1:
14 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
33 #define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080
35 #define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100
37 #define MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180
39 #define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200
41 #define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280
43 #define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300
[all …]
Dnist_kw.h4 * \brief This file provides an API for key wrapping (KW) and key wrapping with
5 * padding (KWP) as defined in NIST SP 800-38F.
6 * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf
8 * Key wrapping specifies a deterministic authenticated-encryption mode
9 * of operation, according to <em>NIST SP 800-38F: Recommendation for
10 * Block Cipher Modes of Operation: Methods for Key Wrapping</em>. Its
13 * Its equivalent is RFC 3394 for KW, and RFC 5649 for KWP.
20 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
45 * \brief The key wrapping context-type definition. The key wrapping context is passed
49 * Don't make any assumptions on this context!
[all …]
Dctr_drbg.h4 * \brief This file contains definitions and functions for the
7 * CTR_DRBG is a standardized way of building a PRNG from a block-cipher
8 * in counter mode operation, as defined in <em>NIST SP 800-90A:
9 * Recommendation for Random Number Generation Using Deterministic Random
12 * The Mbed TLS implementation of CTR_DRBG uses AES-256 (default) or AES-128
16 * The security strength as defined in NIST SP 800-90A is
17 * 128 bits when AES-128 is used (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY enabled)
21 * See the documentation of mbedtls_ctr_drbg_seed() for more
26 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
35 /* The CTR_DRBG implementation can either directly call the low-level AES
[all …]
Daes.h6 * The Advanced Encryption Standard (AES) specifies a FIPS-approved
11 * encrypt and decrypt information. For more information, see
13 * <em>ISO/IEC 18033-2:2006: Information technology -- Security
14 * techniques -- Encryption algorithms -- Part 2: Asymmetric
17 * The AES-XTS block mode is standardized by NIST SP 800-38E
18 * <https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38e.pdf>
25 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
42 /* Error codes in range 0x0020-0x0022 */
44 #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020
46 #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022
[all …]
Dhmac_drbg.h7 * in <em>NIST SP 800-90A: Recommendation for Random Number Generation Using
12 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
30 #define MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG -0x0003
32 #define MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG -0x0005
34 #define MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR -0x0007
36 #define MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED -0x0009
41 * The configuration options you can set for this module are in this section.
72 * HMAC_DRBG context.
76 * but is implied by the HMAC context */
77 mbedtls_md_context_t MBEDTLS_PRIVATE(md_ctx); /*!< HMAC context (inc. K) */
[all …]
Dsha512.h3 * \brief This file contains SHA-384 and SHA-512 definitions and functions.
5 * The Secure Hash Algorithms 384 and 512 (SHA-384 and SHA-512) cryptographic
6 * hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
10 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
21 /** SHA-512 input data was malformed. */
22 #define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA -0x0075
33 * \brief The SHA-512 context structure.
35 * The structure is used both for SHA-384 and for SHA-512
45 0: Use SHA-512, or 1: Use SHA-384. */
55 * \brief This function initializes a SHA-512 context.
[all …]
Decjpake.h4 * \brief Elliptic curve J-PAKE
8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
15 * J-PAKE is a password-authenticated key exchange that allows deriving a
16 * strong shared secret from a (potentially low entropy) pre-shared
20 * This file implements the Elliptic Curve variant of J-PAKE,
24 * As the J-PAKE algorithm is inherently symmetric, so is our API.
27 * The payloads are serialized in a way suitable for use in TLS, but could
40 * Roles in the EC J-PAKE exchange
50 * EC J-PAKE context structure.
52 * J-PAKE is a symmetric protocol, except for the identifiers used in
[all …]
Dsha256.h4 * \brief This file contains SHA-224 and SHA-256 definitions and functions.
6 * The Secure Hash Algorithms 224 and 256 (SHA-224 and SHA-256) cryptographic
7 * hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
11 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
22 /** SHA-256 input data was malformed. */
23 #define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074
34 * \brief The SHA-256 context structure.
36 * The structure is used both for SHA-256 and for SHA-224
46 0: Use SHA-256, or 1: Use SHA-224. */
56 * \brief This function initializes a SHA-256 context.
[all …]
Dmd.h4 * \brief This file contains the generic functions for message-digest
7 * \author Adriaan de Jong <dejong@fox-it.com>
11 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
24 #define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080
26 #define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100
28 #define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180
30 #define MBEDTLS_ERR_MD_FILE_IO_ERROR -0x5200
39 * \warning MD5 and SHA-1 are considered weak message digests and
44 /* Note: these are aligned with the definitions of PSA_ALG_ macros for hashes,
50 MBEDTLS_MD_RIPEMD160=0x04, /**< The RIPEMD-160 message digest. */
[all …]
/trusted-firmware-m-latest/lib/ext/cryptocell-312-runtime/codesafe/src/psa_driver_api/include/
Dcc3xx_internal_chacha20_poly1305.h2 * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
4 * SPDX-License-Identifier: BSD-3-Clause
11 * perform AEAD using the Chacha20-Poly1305 algorithm
27 * \brief A context type to implement multipart APIs on the Chacha20-Poly1305
29 * driver interface implement it by separately including Chacha20 context
35 ChachaContext_t chacha; /*!< Context of the underlying Chacha20 */
36 PolyState_t poly; /*!< Context of the underlying Poly1305 */
41 bool bAuthenticateInput; /*!< True when input is used for AEAD authent */
46 * after the key has been set on the Chacha20 context
49 * to be used for Poly1305 as part of RFC7539 to be generated through
[all …]
/trusted-firmware-m-latest/interface/include/
Dtfm_ns_client_ext.h4 * SPDX-License-Identifier: BSD-3-Clause
19 /* TF-M NSID Error code */
26 * \brief Initialize the non-secure client extension
28 * \details This function should be called before any other non-secure client
29 * APIs. It gives NSPE the opportunity to initialize the non-secure
30 * client extension in TF-M. Also, NSPE can get the number of allocated
31 * non-secure client context slots in the return value. That is useful
32 * if NSPE wants to decide the group (context) assignment at runtime.
34 * \param[in] ctx_requested The number of non-secure context requested from the
35 * NS entity. If request maximum available context, then set it to 0.
[all …]
/trusted-firmware-m-latest/lib/ext/t_cose/inc/
Dt_cose_mac0_sign.h2 * Copyright (c) 2018-2019, Laurence Lundblade. All rights reserved.
3 * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
5 * SPDX-License-Identifier: BSD-3-Clause
24 * configured for the particular device.
26 * It has no value for security at all. Data signed this way MUST NOT
32 * This mode is very useful for testing because all the code except
34 * MAC algorithm was run. This can be used for end-end system
35 * testing all the way to a server or relying party, not just for
42 * This is the context for creating a \c COSE_Mac0 structure. The caller
65 * \param[in] context The t_cose signing context.
[all …]
Dt_cose_sign1_sign.h4 * Copyright (c) 2018-2019, Laurence Lundblade. All rights reserved.
6 * SPDX-License-Identifier: BSD-3-Clause
8 * See BSD-3-Clause license in README.md
27 * \brief Create a \c COSE_Sign1 message, usually for EAT or CWT Token.
37 * - [QCBOR](https://github.com/laurencelundblade/QCBOR)
38 * - <stdint.h>, <string.h>, <stddef.h>
39 * - Hash functions like SHA-256
40 * - Signing functions like ECDSA
44 * it for different cryptographic libraries. This means that different
50 * This implementation has a mode where a CBOR-format payload can be
[all …]
Dt_cose_mac0_verify.h3 * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
5 * SPDX-License-Identifier: BSD-3-Clause
21 * Context for tag verification. It is about 24 bytes on a
22 * 64-bit machine and 12 bytes on a 32-bit machine.
32 * \brief Initialize for \c COSE_Mac0 message verification.
34 * \param[in,out] context The context to initialize.
37 * This must be called before using the verification context.
40 t_cose_mac0_verify_init(struct t_cose_mac0_verify_ctx *context,
45 * \brief Set key for \c COSE_Mac0 message verification.
47 * \param[in,out] context The context of COSE_Mac0 verification
[all …]
/trusted-firmware-m-latest/lib/ext/cryptocell-312-runtime/codesafe/src/psa_driver_api/src/
Dcc3xx_internal_ccm.c2 * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
4 * SPDX-License-Identifier: BSD-3-Clause
11 * perform AEAD using the AES-CCM algorithm
27 /* AES-CCM* Security levels (ieee-802.15.4-2011, Table 58) */
52 ctx->dir = direction; in ccm_setkey()
56 ctx->keySizeId = KEY_SIZE_128_BIT; in ccm_setkey()
60 ctx->keySizeId = KEY_SIZE_192_BIT; in ccm_setkey()
63 ctx->keySizeId = KEY_SIZE_256_BIT; in ccm_setkey()
70 CC_PalMemCopy(ctx->keyBuf, key, PSA_BITS_TO_BYTES(key_bits)); in ccm_setkey()
83 /* The security level field for AES-CCM* as defined in ieee-802.15.4-2011, in ccm_get_security_level()
[all …]
/trusted-firmware-m-latest/lib/ext/cryptocell-312-runtime/host/src/cc3x_lib/
Dcc_lib.h2 * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
4 * SPDX-License-Identifier: BSD-3-Clause
32 /*! Definitions for error returns from ::CC_LibInit or ::CC_LibFini functions. */
36 /*! Illegal context pointer.*/
38 /*! Illegal work-buffer pointer.*/
57 /*! Internal definition for the product register. */
59 /*! Internal definition for the product register size. */
68 It must be called once per CryptoCell cold-boot cycle.
69 Among other initializations, this function initializes the CTR-DRBG context,
70 including the TRNG seeding. An initialized DRBG context is required for
[all …]

12345678910>>...17