|
|
Macros | |
| #define | KEYSTORE_PSA_KEY_USAGE_EXPORT ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_EXPORT) |
| #define | KEYSTORE_PSA_KEY_USAGE_COPY ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_COPY) |
| #define | KEYSTORE_PSA_KEY_USAGE_CACHE ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_CACHE) |
| #define | KEYSTORE_PSA_KEY_USAGE_ENCRYPT ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_ENCRYPT) |
| #define | KEYSTORE_PSA_KEY_USAGE_DECRYPT ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_DECRYPT) |
| #define | KEYSTORE_PSA_KEY_USAGE_SIGN_MESSAGE ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_SIGN_MESSAGE) |
| #define | KEYSTORE_PSA_KEY_USAGE_VERIFY_MESSAGE ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_VERIFY_MESSAGE) |
| #define | KEYSTORE_PSA_KEY_USAGE_SIGN_HASH ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_SIGN_HASH) |
| #define | KEYSTORE_PSA_KEY_USAGE_VERIFY_HASH ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_VERIFY_HASH) |
| #define | KEYSTORE_PSA_KEY_USAGE_DERIVE ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_DERIVE) |
| #define | KEYSTORE_PSA_KEY_USAGE_COPROCESSOR ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_COPROCESSOR) |
| #define KEYSTORE_PSA_KEY_USAGE_EXPORT ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_EXPORT) |
Whether the key may be exported.
A public key or the public part of a key pair may always be exported regardless of the value of this permission flag.
If a key does not have export permission, implementations shall not allow the key to be exported in plain form from the cryptoprocessor, whether through KeyStore_PSA_exportKey() or through a proprietary interface. The key may however be exportable in a wrapped form, i.e. in a form where it is encrypted by another key.
| #define KEYSTORE_PSA_KEY_USAGE_COPY ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_COPY) |
Whether the key may be copied.
This flag allows the use of KeyStore_PSA_copyKey() to make a copy of the key with the same policy or a more restrictive policy.
For lifetimes for which the key is located in a secure element which enforce the non-exportability of keys, copying a key outside the secure element also requires the usage flag KEYSTORE_PSA_KEY_USAGE_EXPORT. Copying the key inside the secure element is permitted with just KEYSTORE_PSA_KEY_USAGE_COPY if the secure element supports it. For keys with the lifetime KEYSTORE_PSA_KEY_LIFETIME_VOLATILE or KEYSTORE_PSA_KEY_LIFETIME_PERSISTENT, the usage flag KEYSTORE_PSA_KEY_USAGE_COPY is sufficient to permit the copy.
| #define KEYSTORE_PSA_KEY_USAGE_CACHE ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_CACHE) |
Whether the key may be cached.
This flag allows the implementation to make additional copies of the key material that are not in storage and not for the purpose of an ongoing operation. Applications can use it as a hint to keep the key around for repeated access. An application can request that cached key material is removed from memory by calling psa_purge_key().
| #define KEYSTORE_PSA_KEY_USAGE_ENCRYPT ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_ENCRYPT) |
Whether the key may be used to encrypt a message.
This flag allows the key to be used for a symmetric encryption operation, for an AEAD encryption-and-authentication operation, or for an asymmetric encryption operation, if otherwise permitted by the key's type and policy.
For a key pair, this concerns the public key.
| #define KEYSTORE_PSA_KEY_USAGE_DECRYPT ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_DECRYPT) |
Whether the key may be used to decrypt a message.
This flag allows the key to be used for a symmetric decryption operation, for an AEAD decryption-and-verification operation, or for an asymmetric decryption operation, if otherwise permitted by the key's type and policy.
For a key pair, this concerns the private key.
| #define KEYSTORE_PSA_KEY_USAGE_SIGN_MESSAGE ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_SIGN_MESSAGE) |
Whether the key may be used to sign a message.
This flag allows the key to be used for a MAC calculation operation or for an asymmetric message signature operation, if otherwise permitted by the keys type and policy.
For a key pair, this concerns the private key.
| #define KEYSTORE_PSA_KEY_USAGE_VERIFY_MESSAGE ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_VERIFY_MESSAGE) |
Whether the key may be used to verify a message.
This flag allows the key to be used for a MAC verification operation or for an asymmetric message signature verification operation, if otherwise permitted by the keys type and policy.
For a key pair, this concerns the public key.
| #define KEYSTORE_PSA_KEY_USAGE_SIGN_HASH ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_SIGN_HASH) |
Whether the key may be used to sign a message hash.
This flag allows the key to be used for an asymmetric signature operation, if otherwise permitted by the key's type and policy.
For a key pair, this concerns the private key.
| #define KEYSTORE_PSA_KEY_USAGE_VERIFY_HASH ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_VERIFY_HASH) |
Whether the key may be used to verify a message hash.
This flag allows the key to be used for an asymmetric signature verification operation, if otherwise permitted by by the key's type and policy.
For a key pair, this concerns the public key.
| #define KEYSTORE_PSA_KEY_USAGE_DERIVE ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_DERIVE) |
Whether the key may be used to derive other keys.
| #define KEYSTORE_PSA_KEY_USAGE_COPROCESSOR ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_COPROCESSOR) |
Whether the key may be used with an external cryptographic coprocessor.
This flag allows a key stored within a secure element to be securely loaded into a cryptographic coprocessor external to the secure element. Typically, the key is stored in a wrapped format and must be unwrapped by the secure element before being sent to the coprocessor for use. For persistent keys, the KEYSTORE_PSA_KEY_USAGE_CACHE flag may also be set to reduce overhead for faster subsequent loading into the coprocessor.