Home
last modified time | relevance | path

Searched refs:key (Results 1 – 25 of 233) sorted by relevance

12345678910

/mbedtls-latest/docs/architecture/
Dpsa-keystore-design.md1 PSA key store design
6 This document describes the architecture of the key storage in memory in the Mbed TLS and TF-PSA-Cr…
8 …ess key materials via a key identifier (key ID for short). Applications must first create a key ob…
14 ### Key store and key slots
16key store** consists of a collection of **key slots**. Each key slot contains the metadata for one…
18 A key slot has the type `psa_key_slot_t`. The key store is a global object which is private inside …
22 The following operations allocate a key slot by calling `psa_reserve_free_key_slot()`:
24key object, through means such as import, random generation, deterministic derivation, copy, or re…
25key from storage, or loading a built-in key. This is done through `psa_get_and_lock_key_slot()`, w…
27 The following operations free a key slot by calling `psa_wipe_key_slot()` and, if applicable, `psa_…
[all …]
Dmbed-crypto-storage-specification.md28 * [Persistent transparent keys](#key-file-format-for-0.1.0) designated by a [slot number](#key-name…
35 We do not make any promises regarding key storage, or regarding the nonvolatile random seed file on…
39key is stored in a dedicated file whose name is constructed from the key identifier. The way in wh…
41 The valid values for a key identifier are the range from 1 to 0xfffeffff. This limitation on the ra…
53 The layout of a key file is:
60 * key material length (4 bytes)
61 * key material: output of `psa_export_key`
75 … 1 through 0xfffeffff: [content](#key-file-format-for-0.1.0) of the [key whose identifier is the f…
83 …time configuration value `CRYPTO_STORAGE_FILE_LOCATION` allows storing the key files in a director…
86 …ATION "psa_key_slot_%lu", key_id)` [content](#key-file-format-for-0.1.0) of the [key whose identif…
[all …]
Dpsa-storage-resilience.md5key store. It is possible to create a persistent key and read it back later. This must work even i…
19key creation function in the PSA Crypto API reports to the application that a key has been created…
34key, all key management operations (creation or destruction) on persistent keys rely on a single c…
38 * [Key management for stateful secure element keys](#designing-key-management-for-secure-element-ke…
44 ## Designing key management for secure element keys
46key” to mean a key stored in a stateful secure element, i.e. a secure element that stores keys. Th…
50 **Assumption: driver calls for key management in stateful secure elements are atomic and committing…
56 For a secure element key, key management requires a commitment on both sites. For example, consider…
58 1. The core sends a request to the secure element to create a key.
59 2. The secure element modifies its key store to create the key.
[all …]
/mbedtls-latest/library/
Dssl_ticket.c69 mbedtls_ssl_ticket_key *key = ctx->keys + index; in ssl_ticket_gen_key() local
76 key->generation_time = mbedtls_time(NULL); in ssl_ticket_gen_key()
81 key->lifetime = ctx->ticket_lifetime; in ssl_ticket_gen_key()
83 if ((ret = ctx->f_rng(ctx->p_rng, key->name, sizeof(key->name))) != 0) { in ssl_ticket_gen_key()
94 psa_set_key_algorithm(&attributes, key->alg); in ssl_ticket_gen_key()
95 psa_set_key_type(&attributes, key->key_type); in ssl_ticket_gen_key()
96 psa_set_key_bits(&attributes, key->key_bits); in ssl_ticket_gen_key()
100 PSA_BITS_TO_BYTES(key->key_bits), in ssl_ticket_gen_key()
101 &key->key)); in ssl_ticket_gen_key()
104 ret = mbedtls_cipher_setkey(&key->ctx, buf, in ssl_ticket_gen_key()
[all …]
Ddes.c312 void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE]) in mbedtls_des_key_set_parity()
317 key[i] = odd_parity_table[key[i] / 2]; in mbedtls_des_key_set_parity()
324 int mbedtls_des_key_check_key_parity(const unsigned char key[MBEDTLS_DES_KEY_SIZE]) in mbedtls_des_key_check_key_parity()
329 if (key[i] != odd_parity_table[key[i] / 2]) { in mbedtls_des_key_check_key_parity()
381 int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE]) in mbedtls_des_key_check_weak()
386 if (memcmp(weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0) { in mbedtls_des_key_check_weak()
395 void mbedtls_des_setkey(uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE]) in mbedtls_des_setkey()
400 X = MBEDTLS_GET_UINT32_BE(key, 0); in mbedtls_des_setkey()
401 Y = MBEDTLS_GET_UINT32_BE(key, 4); in mbedtls_des_setkey()
464 int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]) in mbedtls_des_setkey_enc()
[all …]
Dpkwrite.c420 const mbedtls_pk_context *key) in mbedtls_pk_write_pubkey() argument
426 if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) { in mbedtls_pk_write_pubkey()
427 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(*key), start, p)); in mbedtls_pk_write_pubkey()
431 if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { in mbedtls_pk_write_pubkey()
432 MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, key)); in mbedtls_pk_write_pubkey()
436 if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) { in mbedtls_pk_write_pubkey()
437 MBEDTLS_ASN1_CHK_ADD(len, pk_write_opaque_pubkey(p, start, key)); in mbedtls_pk_write_pubkey()
445 int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *buf, size_t size) in mbedtls_pk_write_pubkey_der() argument
460 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_pk_write_pubkey(&c, buf, key)); in mbedtls_pk_write_pubkey_der()
477 pk_type = pk_get_type_ext(key); in mbedtls_pk_write_pubkey_der()
[all …]
/mbedtls-latest/tests/suites/
Dtest_suite_pkwrite.data1 Public key write check RSA
5 Public key write check RSA (DER)
9 Public key write check RSA 4096
13 Public key write check RSA 4096 (DER)
17 Public key write check EC 192 bits
21 Public key write check EC 192 bits (DER)
25 Public key write check EC 521 bits
29 Public key write check EC 521 bits (DER)
33 Public key write check EC Brainpool 512 bits
37 Public key write check EC Brainpool 512 bits (DER)
[all …]
Dtest_suite_psa_crypto_persistent_key.data2 # stored, this may indicate that the key store is changing in a
6 Format for storage: RSA private key
9 Format for storage: AES-128 key
12 Parse storage: RSA private key
15 Parse storage: AES-128 key
33 Parse storage: truncated key
37 Save maximum-size persistent raw key
41 Save larger than maximum-size persistent raw key
44 Persistent key destroy
48 Persistent key destroy after restart
[all …]
Dtest_suite_nist_kw.function21 unsigned char key[16];
30 memset(key, 0, sizeof(key));
40 key, sizeof(key) * 8,
51 key, sizeof(key) * 8,
75 key, sizeof(key) * 8,
93 key, sizeof(key) * 8,
129 unsigned char key[32];
134 memset(key, 0x2A, sizeof(key));
135 TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key));
137 ret = mbedtls_nist_kw_setkey(&ctx, cipher_id, key, key_size, is_wrap);
[all …]
Dtest_suite_psa_crypto.data55 PSA import AES: bad key size
59 PSA import/export RSA public key: good, 1024-bit
63 PSA import/export RSA public key: good, larger buffer (+1 byte)
67 PSA import/export RSA public key: good, larger buffer (*2-1)
71 PSA import/export RSA public key: good, larger buffer (*2)
75 PSA import/export RSA public key: good, larger buffer (*2+1)
79 PSA import/export RSA public key: export buffer too small
111 PSA import/export RSA public key: good, 1024-bit, opaque
115 PSA import/export RSA public key: good, larger buffer (+1 byte), opaque
119 PSA import/export RSA public key: good, larger buffer (*2-1), opaque
[all …]
Dtest_suite_psa_crypto_slot_management.function8 /**< Close key(s) */
11 /**< Destroy key(s) */
14 /**< Purge key(s) */
20 /**< Close key(s) then terminate and re-initialize */
23 /**< Destroy key(s) then terminate and re-initialize */
26 /**< Purge key(s) then terminate and re-initialize */
43 /** Apply \p invalidate_method to invalidate the specified key:
47 mbedtls_svc_key_id_t key)
50 /* Closing the key invalidate only volatile keys, not persistent ones. */
53 PSA_ASSERT(psa_close_key(key));
[all …]
Dtest_suite_x509write.data3 x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha1":MBE…
7 x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha224":M…
11 x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha256":M…
15 x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha384":M…
19 x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha512":M…
23 x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.md5":MBED…
27 x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.key_usage…
31 x509_csr_check_opaque:"../framework/data_files/server1.key":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL…
35 x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.key_usage…
39 x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.cert_type…
[all …]
Dtest_suite_lms.data2 # This test uses a fixed message, and then generates a private key, signs the
7 # This test uses a NULL zero-length message, and then generates a private key,
13 # limited amount of available test vectors for LMS. The private key is stored in
15 # uses leaf key 0, so must be the first signature generated by the key if the
18 # word at the start of the key/sig. We strip these 4 bytes from the signature
19 # and the public key before including them in a the test data.
21 # To produce another signature with this message and key (note that the actual
39 # The signature uses leaf key 1, so must be the second signature generated by
40 # the key if the signature is to be reproduced.
42 # To produce another signature with this message and key (note that the actual
[all …]
Dtest_suite_rsa.data37 # Bad padding after performing the public key operation
279 RSA Check empty private key
282 RSA Check Private key #1 (Correct)
285 RSA Check Private key #2 (No P)
288 RSA Check Private key #3 (No Q)
291 RSA Check Private key #4 (No N)
294 RSA Check Private key #5 (No E)
297 RSA Check Private key #6 (No D)
300 RSA Check Private key #7 (No DP)
304 RSA Check Private key #8 (No DQ)
[all …]
Dtest_suite_lmots.data2 # This test uses a fixed message, and then generates a private key, signs the
7 # This test uses a fixed message, and then generates a private key, signs the
12 # This test uses a NULL zero-length message, and then generates a private key,
20 # key is stored in ../framework/data_files/lms_hsslms_sha256_m32_h5_lmots_sha256_n32_w8_prv.
21 # This test uses the same OTS key as the LMS hsslms interop test 1 (leaf 0 of
22 # the LMS key), and the same message.
24 # To produce another signature with this message and key (note that the actual
45 # key is stored in ../framework/data_files/lms_hsslms_sha256_m32_h5_lmots_sha256_n32_w8_prv.
46 # This test uses the same OTS key as the LMS hsslms interop test 2 (leaf 1 of
47 # the LMS key), and the same message.
[all …]
Dtest_suite_psa_crypto.function120 * Or, for a public key, the same structure with only
163 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
169 PSA_ASSERT(psa_import_key(&attributes, key_bytes, key_length, &key));
171 *status = psa_mac_sign_setup(operation, key, alg);
177 TEST_EQUAL(psa_mac_sign_setup(operation, key, alg), *status);
180 psa_destroy_key(key);
184 psa_destroy_key(key);
195 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
201 PSA_ASSERT(psa_import_key(&attributes, key_bytes, key_length, &key));
203 *status = psa_cipher_encrypt_setup(operation, key, alg);
[all …]
Dtest_suite_ccm.function6 * The context must have been set up with the key. */
82 unsigned char key[32];
88 memset(key, 0x2A, sizeof(key));
89 TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key));
91 ret = mbedtls_ccm_setkey(&ctx, cipher_id, key, key_size);
104 unsigned char key[16];
116 memset(key, 0, sizeof(key));
123 key, 8 * sizeof(key)) == 0);
149 unsigned char key[16];
160 memset(key, 0, sizeof(key));
[all …]
Dtest_suite_psa_crypto_slot_management.data125 # We need to avoid existing volatile key IDs. Normally there aren't any
128 # volatile key during initialization for its own use. At the time of
131 # Pick a key id that's in the middle of the volatile key ID range.
133 # volatile key IDs are assigned starting with the lowest value, and when
134 # MBEDTLS_PSA_KEY_STORE_DYNAMIC is disabled and volatile key IDs are assigned
142 Create failure: read-only key
146 Create failure: invalid location for a persistent key
150 Create failure: invalid location for a volatile key
154 Create failure: invalid key id (0) for a persistent key
158 Create failure: invalid key id (1) for a volatile key
[all …]
Dtest_suite_psa_crypto_se_driver_hal_mocks.data13 SE key importing mock test
16 SE key importing mock test: max key bits
19 SE key importing mock test: more than max key bits
22 SE key importing mock test: alloc failed
25 SE key importing mock test: import failed
28 SE key exporting mock test
31 SE key exporting mock test: export failed
34 SE public key exporting mock test
37 SE public key exporting mock test: export failed
40 SE key generating mock test
[all …]
/mbedtls-latest/docs/proposed/
Dpsa-driver-interface.md16 … of a **core** and zero or more **drivers**. The core handles key management, enforces key usage p…
24 …lable for a particular combination of parameters (cryptographic algorithm, key type and size, etc.…
25 …oked for the specific [key location](#lifetimes-and-locations) that the driver is registered for: …
35 …ap keys with a built-in keys but not store user keys; and cryptoprocessors that store key material.
82 …atory for opaque drivers): information about the [representation of keys](#key-format-for-opaque-d…
90 … certain class of cryptographic mechanisms. The capability specifies which key types and algorithm…
96key type specification](#key-type-specifications). If specified, the core will invoke this capabil…
97 … involving a key with one of the specified key sizes. If omitted, the core will invoke this capabi…
111 * If the mechanism involves a key:
112 …* either the key is transparent (its location is `PSA_KEY_LOCATION_LOCAL_STORAGE`) and the driver …
[all …]
/mbedtls-latest/tests/src/
Dpsa_exercise_key.c41 static int check_key_attributes_sanity(mbedtls_svc_key_id_t key, in check_key_attributes_sanity() argument
50 psa_status_t status = psa_get_key_attributes(key, &attributes); in check_key_attributes_sanity()
120 static int exercise_mac_key(mbedtls_svc_key_id_t key, in exercise_mac_key() argument
136 status = psa_mac_sign_setup(&operation, key, alg); in exercise_mac_key()
155 status = psa_mac_verify_setup(&operation, key, alg); in exercise_mac_key()
175 static int exercise_cipher_key(mbedtls_svc_key_id_t key, in exercise_cipher_key() argument
192 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); in exercise_cipher_key()
197 status = psa_cipher_encrypt_setup(&operation, key, alg); in exercise_cipher_key()
225 status = psa_cipher_decrypt_setup(&operation, key, alg); in exercise_cipher_key()
263 static int exercise_aead_key(mbedtls_svc_key_id_t key, in exercise_aead_key() argument
[all …]
/mbedtls-latest/include/psa/
Dcrypto.h137 mbedtls_svc_key_id_t key);
381 psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key,
425 psa_status_t psa_purge_key(mbedtls_svc_key_id_t key);
570 psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key);
652 mbedtls_svc_key_id_t *key);
744 psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
819 psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
1214 psa_status_t psa_mac_compute(mbedtls_svc_key_id_t key,
1255 psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key,
1362 mbedtls_svc_key_id_t key,
[all …]
/mbedtls-latest/docs/
Dpsa-transition.md35 * Mbed TLS legacy APIs require key material to be present in the application memory. The PSA Crypto…
80 Apart from keys, as described in “[Key management](#key-management)” below, APIs that need to prese…
88key take a parameter of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/deve…
90 To use a key:
92key object with a key creation function. The two most common ones are [`psa_import_key`](https://m…
93 2. Use the key as desired, passing the key identifier obtained during the key creation.
94 3. Finally destroy the key object with [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects…
96key management](#cipher-key-management)”, “[MAC key management](#mac-key-management)”, “[Key lifec…
98key material, call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/…
100 Note that a key consumes a key store entry, which is distinct from heap memory, until it is destroy…
[all …]
/mbedtls-latest/docs/architecture/psa-migration/
Dpsa-legacy-bridges.md61 * Creating a key with the legacy API and consuming it in the PSA API.
62 * Creating a key with the PSA API and consuming it in the legacy API.
94 Hashes are often used as building blocks for other mechanisms (HMAC, signatures, key derivation, et…
118 The legacy API only has generic support for two key types: RSA and ECC, via the pk module. ECC keys…
120 An RSA or ECC key can potentially be used for different algorithms in the scope of the pk module:
123 * ECC: ECDSA signature (randomized or deterministic), ECDH key agreement (via `mbedtls_pk_ec`).
127 …re does not seem to be a need to convert between legacy and PSA asymmetric key types on their own.…
139 * Simultaneously supporting **a key type and an algorithm**.
145 #### Using a legacy key pair or public key with PSA
147 …rios where an application has a legacy key pair or public key (`mbedtls_pk_context`) and needs to …
[all …]
/mbedtls-latest/docs/architecture/psa-thread-safety/
Dpsa-thread-safety.md5 As of Mbed TLS 3.6, an MVP for making the [PSA Crypto key management API](https://arm-software.gith…
10 …- Slot states are described in the [Key slot states](#key-slot-states) section. They guarantee saf…
11 …l mutex, as described in [Key store consistency and abstraction function](#key-store-consistency-a…
12 …destruction guarantees](#key-destruction-guarantees), with an implementation discussed in [Key des…
15 - Some multithreaded testing of the key management API has been added, this is outlined in [Testing…
25 * The [Current strategy](#current-strategy) section describes how thread-safety of key management a…
43 …onditions, deadlocks or livelocks when concurrently calling any set of PSA key management function…
49 When only considering key management functions: Mbed TLS 3.6 abides by the minimum expectation for …
53 …PSA 1.2 specification, Mbed TLS 3.6 abides by these when only considering [key management function…
60 > - Any call where the same key identifier is a parameter to the call.
[all …]

12345678910