1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
/*!
\ingroup PSA
\brief This function enables PSA support on the given context.
\param ctx pointer to the WOLFSSL_CTX object on which the PSA support must be enabled
\return WOLFSSL_SUCCESS on success
\return BAD_FUNC_ARG if ctx == NULL
_Example_
\code
WOLFSSL_CTX *ctx;
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
if (!ctx)
return NULL;
ret = wolfSSL_CTX_psa_enable(ctx);
if (ret != WOLFSSL_SUCCESS)
printf("can't enable PSA on ctx");
\endcode
\sa wolfSSL_set_psa_ctx
*/
int ;
/*!
\ingroup PSA
\brief This function setup the PSA context for the given SSL session
\param ssl pointer to the WOLFSSL where the ctx will be enabled
\param ctx pointer to a struct psa_ssl_ctx (must be unique for a ssl session)
\return WOLFSSL_SUCCESS on success
\return BAD_FUNC_ARG if ssl or ctx are NULL
This function setup the PSA context for the TLS callbacks to the given SSL
session. At the end of the session, the resources used by the context
should be freed using wolfSSL_free_psa_ctx().
_Example_
\code
// Create new ssl session
WOLFSSL *ssl;
struct psa_ssl_ctx psa_ctx = { 0 };
ssl = wolfSSL_new(ctx);
if (!ssl)
return NULL;
// setup PSA context
ret = wolfSSL_set_psa_ctx(ssl, ctx);
\endcode
\sa wolfSSL_psa_set_private_key_id
\sa wolfSSL_psa_free_psa_ctx
*/
int ;
/*!
\ingroup PSA
\brief This function releases the resources used by a PSA context
\param ctx pointer to a struct psa_ssl_ctx
\sa wolfSSL_set_psa_ctx
*/
void ;
/*!
\ingroup PSA
\brief This function set the private key used by an SSL session
\param ctx pointer to a struct psa_ssl_ctx
\param id PSA id of the key to be used as private key
_Example_
\code
// Create new ssl session
WOLFSSL *ssl;
struct psa_ssl_ctx psa_ctx = { 0 };
psa_key_id_t key_id;
// key provisioning already done
get_private_key_id(&key_id);
ssl = wolfSSL_new(ctx);
if (!ssl)
return NULL;
wolfSSL_psa_set_private_key_id(&psa_ctx, key_id);
wolfSSL_set_psa_ctx(ssl, ctx);
\endcode
\sa wolfSSL_set_psa_ctx
*/
int ;
/*!
\ingroup PSA
\brief This function generates random bytes using the PSA crypto API.
This is a wrapper around the PSA random number generation functions.
\return 0 On success
\return Negative value on error
\param out pointer to buffer to store random bytes
\param sz number of random bytes to generate
_Example_
\code
byte random[32];
int ret = wc_psa_get_random(random, sizeof(random));
if (ret != 0) {
// error generating random bytes
}
\endcode
\sa wc_RNG_GenerateBlock
*/
int ;
/*!
\ingroup PSA
\brief This function performs AES encryption or decryption using the
PSA crypto API. It supports various AES modes through the algorithm
parameter.
\return 0 On success
\return Negative value on error
\param aes pointer to initialized Aes structure
\param input pointer to input data buffer
\param output pointer to output data buffer
\param length length of data to process
\param alg PSA algorithm identifier specifying the AES mode
\param direction encryption (1) or decryption (0)
_Example_
\code
Aes aes;
byte key[16] = { }; // AES key
byte input[16] = { }; // plaintext
byte output[16];
wc_AesInit(&aes, NULL, INVALID_DEVID);
wc_AesSetKey(&aes, key, sizeof(key), NULL, AES_ENCRYPTION);
int ret = wc_psa_aes_encrypt_decrypt(&aes, input, output,
sizeof(input),
PSA_ALG_ECB_NO_PADDING, 1);
\endcode
\sa wc_AesEncrypt
\sa wc_AesDecrypt
*/
int ;