From b86273a6dc60a450a21841b2b9dc7c825619773a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sat, 20 Mar 2021 14:58:52 +0000 Subject: [PATCH] PSA PAKE: Add integral types Add integral types for the draft version of PSA Crypto API PAKE interface. Signed-off-by: Janos Follath --- include/psa/crypto_types.h | 11 +++++++++++ include/psa/crypto_values.h | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 386c7d794..cd8ac4b1c 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -380,4 +380,15 @@ typedef uint16_t psa_key_derivation_step_t; /**@}*/ +/** \defgroup pake Password-authenticated key exchange + * @{ + */ + +/** \brief Encoding of the side of PAKE */ +typedef uint16_t psa_pake_side_t; + +/** \brief Encoding of the type of input/output for PAKE */ +typedef uint16_t psa_pake_data_t; + +/**@}*/ #endif /* PSA_CRYPTO_TYPES_H */ diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 497bd8f01..3c2b7bec2 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2381,4 +2381,38 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) /**@}*/ +/** \defgroup pake Password-authenticated key exchange + * @{ + */ + +/** The first peer in a balanced PAKE. + * + * Although balanced PAKE protocols are symmetric, some of them needs an + * ordering of peers for the transcript calculations. If the protocol does not + * need this, either #PSA_PAKE_SIDE_FIRST or #PSA_PAKE_SIDE_SECOND are + * accepted. + */ +#define PSA_PAKE_SIDE_FIRST ((psa_pake_side_t)0x0001) + +/** The second peer in a balanced PAKE. + * + * Although balanced PAKE protocols are symmetric, some of them needs an + * ordering of peers for the transcript calculations. If the protocol does not + * need this, either #PSA_PAKE_SIDE_FIRST or #PSA_PAKE_SIDE_SECOND are + * accepted. + */ +#define PSA_PAKE_SIDE_SECOND ((psa_pake_side_t)0x0002) + +/** The client in an augmented PAKE. + * + * Augmented PAKE protocols need to differentiate between client and server. + */ +#define PSA_PAKE_SIDE_CLIENT ((psa_pake_side_t)0x0101) + +/** The server in an augmented PAKE. + * + * Augmented PAKE protocols need to differentiate between client and server. + */ +#define PSA_PAKE_SIDE_SERVER ((psa_pake_side_t)0x0102) +/**@}*/ #endif /* PSA_CRYPTO_VALUES_H */