9.2. Key types

9.2.1. Key type encoding

psa_key_type_t (type)

Encoding of a key type.

typedef uint16_t psa_key_type_t;

This is a structured bitfield that identifies the category and type of key. The range of key type values is divided as follows:

PSA_KEY_TYPE_NONE == 0
Reserved as an invalid key type.
0x0001 0x7fff
Specification-defined key types. Key types defined by this standard always have bit 15 clear. Unallocated key type values in this range are reserved for future use.
0x8000 0xffff
Implementation-defined key types. Implementations that define additional key types must use an encoding with bit 15 set. The related support macros will be easier to write if these key encodings also respect the bitwise structure used by standard encodings.

The Algorithm and key type encoding appendix provides a full definition of the key type encoding.

PSA_KEY_TYPE_NONE (macro)

An invalid key type value.

#define PSA_KEY_TYPE_NONE ((psa_key_type_t)0x0000)

Zero is not the encoding of any key type.

9.2.2. Key categories

PSA_KEY_TYPE_IS_UNSTRUCTURED (macro)

Whether a key type is an unstructured array of bytes.

#define PSA_KEY_TYPE_IS_UNSTRUCTURED(type) /* specification-defined value */

Parameters

type
A key type: a value of type psa_key_type_t.

Description

This encompasses both symmetric keys and non-key data.

See Symmetric keys for a list of symmetric key types.

PSA_KEY_TYPE_IS_ASYMMETRIC (macro)

Whether a key type is asymmetric: either a key pair or a public key.

#define PSA_KEY_TYPE_IS_ASYMMETRIC(type) /* specification-defined value */

Parameters

type
A key type: a value of type psa_key_type_t.

Description

See RSA keys for a list of asymmetric key types.

PSA_KEY_TYPE_IS_PUBLIC_KEY (macro)

Whether a key type is the public part of a key pair.

#define PSA_KEY_TYPE_IS_PUBLIC_KEY(type) /* specification-defined value */

Parameters

type
A key type: a value of type psa_key_type_t.

PSA_KEY_TYPE_IS_KEY_PAIR (macro)

Whether a key type is a key pair containing a private part and a public part.

#define PSA_KEY_TYPE_IS_KEY_PAIR(type) /* specification-defined value */

Parameters

type
A key type: a value of type psa_key_type_t.

9.2.3. Symmetric keys

PSA_KEY_TYPE_RAW_DATA (macro)

Raw data.

#define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t)0x1001)

A “key” of this type cannot be used for any cryptographic operation. Applications can use this type to store arbitrary data in the keystore.

The bit size of a raw key must be a non-zero multiple of 8. The maximum size of a raw key is IMPLEMENTATION DEFINED.

Compatible algorithms

PSA_ALG_HKDF (non-secret inputs)
PSA_ALG_TLS12_PRF (non-secret inputs)
PSA_ALG_TLS12_PSK_TO_MS (non-secret inputs)

PSA_KEY_TYPE_HMAC (macro)

HMAC key.

#define PSA_KEY_TYPE_HMAC ((psa_key_type_t)0x1100)

The key policy determines which underlying hash algorithm the key can be used for.

The bit size of an HMAC key must be a non-zero multiple of 8. An HMAC key is typically the same size as the output of the underlying hash algorithm. An HMAC key that is longer than the block size of the underlying hash algorithm will be hashed before use.

When an HMAC key is created that is longer than the block size, it is implementation defined whether the implementation stores the original HMAC key, or the hash of the HMAC key. If the hash of the key is stored, the key size reported by psa_get_key_attributes() will be the size of the hashed key.

Note

PSA_HASH_LENGTH(alg) provides the output size of hash algorithm alg, in bytes.

PSA_HASH_BLOCK_LENGTH(alg) provides the block size of hash algorithm alg, in bytes.

Compatible algorithms

PSA_KEY_TYPE_DERIVE (macro)

A secret for key derivation.

#define PSA_KEY_TYPE_DERIVE ((psa_key_type_t)0x1200)

This key type is for high-entropy secrets only. For low-entropy secrets, PSA_KEY_TYPE_PASSWORD should be used instead.

These keys can be used in the PSA_KEY_DERIVATION_INPUT_SECRET or PSA_KEY_DERIVATION_INPUT_PASSWORD input step of key derivation algorithms.

The key policy determines which key derivation algorithm the key can be used for.

The bit size of a secret for key derivation must be a non-zero multiple of 8. The maximum size of a secret for key derivation is IMPLEMENTATION DEFINED.

Compatible algorithms

PSA_ALG_HKDF (secret input)
PSA_ALG_TLS12_PRF (secret input)

PSA_KEY_TYPE_PASSWORD (macro)

A low-entropy secret for password hashing or key derivation.

#define PSA_KEY_TYPE_PASSWORD ((psa_key_type_t)0x1203)

This key type is suitable for passwords and passphrases which are typically intended to be memorizable by humans, and have a low entropy relative to their size. It can be used for randomly generated or derived keys with maximum or near-maximum entropy, but PSA_KEY_TYPE_DERIVE is more suitable for such keys. It is not suitable for passwords with extremely low entropy, such as numerical PINs.

These keys can be used in the PSA_KEY_DERIVATION_INPUT_PASSWORD input step of key derivation algorithms. Algorithms that accept such an input were designed to accept low-entropy secret and are known as password hashing or key stretching algorithms.

These keys cannot be used in the PSA_KEY_DERIVATION_INPUT_SECRET input step of key derivation algorithms, as the algorithms expect such an input to have high entropy.

The key policy determines which key derivation algorithm the key can be used for, among the permissible subset defined above.

Compatible algorithms

PSA_ALG_PBKDF2_HMAC() (password input)

PSA_KEY_TYPE_PASSWORD_HASH (macro)

A secret value that can be used to verify a password hash.

#define PSA_KEY_TYPE_PASSWORD_HASH ((psa_key_type_t)0x1205)

The key policy determines which key derivation algorithm the key can be used for, among the same permissible subset as for PSA_KEY_TYPE_PASSWORD.

Compatible algorithms

PSA_ALG_PBKDF2_HMAC() (key output and verification)
PSA_ALG_PBKDF2_AES_CMAC_PRF_128 (key output and verification)

PSA_KEY_TYPE_PEPPER (macro)

A secret value that can be used when computing a password hash.

#define PSA_KEY_TYPE_PEPPER ((psa_key_type_t)0x1206)

The key policy determines which key derivation algorithm the key can be used for, among the subset of algorithms that can use pepper.

Compatible algorithms

PSA_KEY_TYPE_AES (macro)

Key for a cipher, AEAD or MAC algorithm based on the AES block cipher.

#define PSA_KEY_TYPE_AES ((psa_key_type_t)0x2400)

The size of the key is related to the AES algorithm variant. For algorithms except the XTS block cipher mode, the following key sizes are used:

  • AES-128 uses a 16-byte key : key_bits = 128
  • AES-192 uses a 24-byte key : key_bits = 192
  • AES-256 uses a 32-byte key : key_bits = 256

For the XTS block cipher mode (PSA_ALG_XTS), the following key sizes are used:

  • AES-128-XTS uses two 16-byte keys : key_bits = 256
  • AES-192-XTS uses two 24-byte keys : key_bits = 384
  • AES-256-XTS uses two 32-byte keys : key_bits = 512

The AES block cipher is defined in FIPS Publication 197: Advanced Encryption Standard (AES) [FIPS197].

Compatible algorithms

PSA_KEY_TYPE_ARIA (macro)

Key for a cipher, AEAD or MAC algorithm based on the ARIA block cipher.

#define PSA_KEY_TYPE_ARIA ((psa_key_type_t)0x2406)

The size of the key is related to the ARIA algorithm variant. For algorithms except the XTS block cipher mode, the following key sizes are used:

  • ARIA-128 uses a 16-byte key : key_bits = 128
  • ARIA-192 uses a 24-byte key : key_bits = 192
  • ARIA-256 uses a 32-byte key : key_bits = 256

For the XTS block cipher mode (PSA_ALG_XTS), the following key sizes are used:

  • ARIA-128-XTS uses two 16-byte keys : key_bits = 256
  • ARIA-192-XTS uses two 24-byte keys : key_bits = 384
  • ARIA-256-XTS uses two 32-byte keys : key_bits = 512

The ARIA block cipher is defined in A Description of the ARIA Encryption Algorithm [RFC5794].

Compatible algorithms

PSA_KEY_TYPE_DES (macro)

Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).

#define PSA_KEY_TYPE_DES ((psa_key_type_t)0x2301)

The size of the key determines which DES algorithm is used:

  • Single DES uses an 8-byte key : key_bits = 64
  • 2-key 3DES uses a 16-byte key : key_bits = 128
  • 3-key 3DES uses a 24-byte key : key_bits = 192

Warning

Single DES and 2-key 3DES are weak and strongly deprecated and are only recommended for decrypting legacy data.

3-key 3DES is weak and deprecated and is only recommended for use in legacy protocols.

The DES and 3DES block ciphers are defined in NIST Special Publication 800-67: Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher [SP800-67].

Compatible algorithms

PSA_KEY_TYPE_CAMELLIA (macro)

Key for a cipher, AEAD or MAC algorithm based on the Camellia block cipher.

#define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t)0x2403)

The size of the key is related to the Camellia algorithm variant. For algorithms except the XTS block cipher mode, the following key sizes are used:

  • Camellia-128 uses a 16-byte key : key_bits = 128
  • Camellia-192 uses a 24-byte key : key_bits = 192
  • Camellia-256 uses a 32-byte key : key_bits = 256

For the XTS block cipher mode (PSA_ALG_XTS), the following key sizes are used:

  • Camellia-128-XTS uses two 16-byte keys : key_bits = 256
  • Camellia-192-XTS uses two 24-byte keys : key_bits = 384
  • Camellia-256-XTS uses two 32-byte keys : key_bits = 512

The Camellia block cipher is defined in Specification of Camellia — a 128-bit Block Cipher [NTT-CAM] and also described in A Description of the Camellia Encryption Algorithm [RFC3713].

Compatible algorithms

PSA_KEY_TYPE_SM4 (macro)

Key for a cipher, AEAD or MAC algorithm based on the SM4 block cipher.

#define PSA_KEY_TYPE_SM4 ((psa_key_type_t)0x2405)

For algorithms except the XTS block cipher mode, the SM4 key size is 128 bits (16 bytes).

For the XTS block cipher mode (PSA_ALG_XTS), the SM4 key size is 256 bits (two 16-byte keys).

The SM4 block cipher is defined in GM/T 0002-2012: SM4 block cipher algorithm [CSTC0002] (English version [CSTC0002/E]).

Compatible algorithms

PSA_KEY_TYPE_ARC4 (macro)

Key for the ARC4 stream cipher.

#define PSA_KEY_TYPE_ARC4 ((psa_key_type_t)0x2002)

Warning

The ARC4 cipher is weak and deprecated and is only recommended for use in legacy protocols.

The ARC4 cipher supports key sizes between 40 and 2048 bits, that are multiples of 8. (5 to 256 bytes)

Use algorithm PSA_ALG_STREAM_CIPHER to use this key with the ARC4 cipher.

Compatible algorithms

PSA_KEY_TYPE_CHACHA20 (macro)

Key for the ChaCha20 stream cipher or the ChaCha20-Poly1305 AEAD algorithm.

#define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t)0x2004)

The ChaCha20 key size is 256 bits (32 bytes).

Compatible algorithms

9.2.4. RSA keys

PSA_KEY_TYPE_RSA_KEY_PAIR (macro)

RSA key pair: both the private and public key.

#define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t)0x7001)

The size of an RSA key is the bit size of the modulus.

Compatible algorithms

PSA_KEY_TYPE_RSA_PUBLIC_KEY (macro)

RSA public key.

#define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x4001)

The size of an RSA key is the bit size of the modulus.

Compatible algorithms

PSA_ALG_RSA_OAEP (encryption only)
PSA_ALG_RSA_PKCS1V15_CRYPT (encryption only)
PSA_ALG_RSA_PKCS1V15_SIGN (signature verification only)
PSA_ALG_RSA_PKCS1V15_SIGN_RAW (signature verification only)
PSA_ALG_RSA_PSS (signature verification only)
PSA_ALG_RSA_PSS_ANY_SALT (signature verification only)

PSA_KEY_TYPE_IS_RSA (macro)

Whether a key type is an RSA key. This includes both key pairs and public keys.

#define PSA_KEY_TYPE_IS_RSA(type) /* specification-defined value */

Parameters

type
A key type: a value of type psa_key_type_t.

9.2.5. Elliptic Curve keys

psa_ecc_family_t (type)

The type of PSA elliptic curve family identifiers.

typedef uint8_t psa_ecc_family_t;

The curve identifier is required to create an ECC key using the PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY() macros.

The specific ECC curve within a family is identified by the key_bits attribute of the key.

The range of Elliptic curve family identifier values is divided as follows:

0x00 0x7f
ECC family identifiers defined by this standard. Unallocated values in this range are reserved for future use.
0x80 0xff
Implementations that define additional families must use an encoding in this range.

PSA_KEY_TYPE_ECC_KEY_PAIR (macro)

Elliptic curve key pair: both the private and public key.

#define PSA_KEY_TYPE_ECC_KEY_PAIR(curve) /* specification-defined value */

Parameters

curve
A value of type psa_ecc_family_t that identifies the ECC curve family to be used.

Description

The size of an elliptic curve key is the bit size associated with the curve, that is, the bit size of q for a curve over a field Fq. See the documentation of each Elliptic curve family for details.

Compatible algorithms

Elliptic curve key pairs can be used in Asymmetric signature and Key agreement algorithms.

The set of compatible algorithms depends on the Elliptic curve key family. See the Elliptic curve family for details.

PSA_KEY_TYPE_ECC_PUBLIC_KEY (macro)

Elliptic curve public key.

#define PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve) /* specification-defined value */

Parameters

curve
A value of type psa_ecc_family_t that identifies the ECC curve family to be used.

Description

The size of an elliptic curve public key is the same as the corresponding private key. See PSA_KEY_TYPE_ECC_KEY_PAIR() and the documentation of each Elliptic curve family for details.

Compatible algorithms

Elliptic curve public keys can be used for verification in Asymmetric signature algorithms.

The set of compatible algorithms depends on the Elliptic curve key family. See each Elliptic curve family for details.

PSA_ECC_FAMILY_SECP_K1 (macro)

SEC Koblitz curves over prime fields.

#define PSA_ECC_FAMILY_SECP_K1 ((psa_ecc_family_t) 0x17)

This family comprises the following curves:

  • secp192k1 : key_bits = 192
  • secp224k1 : key_bits = 225
  • secp256k1 : key_bits = 256

They are defined in SEC 2: Recommended Elliptic Curve Domain Parameters [SEC2].

Compatible algorithms

PSA_ECC_FAMILY_SECP_R1 (macro)

SEC random curves over prime fields.

#define PSA_ECC_FAMILY_SECP_R1 ((psa_ecc_family_t) 0x12)

This family comprises the following curves:

  • secp192r1 : key_bits = 192
  • secp224r1 : key_bits = 224
  • secp256r1 : key_bits = 256
  • secp384r1 : key_bits = 384
  • secp521r1 : key_bits = 521

They are defined in [SEC2].

Compatible algorithms

PSA_ECC_FAMILY_SECP_R2 (macro)

Warning

This family of curves is weak and deprecated.

#define PSA_ECC_FAMILY_SECP_R2 ((psa_ecc_family_t) 0x1b)

This family comprises the following curves:

  • secp160r2 : key_bits = 160 (Deprecated)

It is defined in the superseded SEC 2: Recommended Elliptic Curve Domain Parameters, Version 1.0 [SEC2v1].

Compatible algorithms

PSA_ECC_FAMILY_SECT_K1 (macro)

SEC Koblitz curves over binary fields.

#define PSA_ECC_FAMILY_SECT_K1 ((psa_ecc_family_t) 0x27)

This family comprises the following curves:

  • sect163k1 : key_bits = 163 (Deprecated)
  • sect233k1 : key_bits = 233
  • sect239k1 : key_bits = 239
  • sect283k1 : key_bits = 283
  • sect409k1 : key_bits = 409
  • sect571k1 : key_bits = 571

They are defined in [SEC2].

Warning

The 163-bit curve sect163k1 is weak and deprecated and is only recommended for use in legacy protocols.

Compatible algorithms

PSA_ECC_FAMILY_SECT_R1 (macro)

SEC random curves over binary fields.

#define PSA_ECC_FAMILY_SECT_R1 ((psa_ecc_family_t) 0x22)

This family comprises the following curves:

  • sect163r1 : key_bits = 163 (Deprecated)
  • sect233r1 : key_bits = 233
  • sect283r1 : key_bits = 283
  • sect409r1 : key_bits = 409
  • sect571r1 : key_bits = 571

They are defined in [SEC2].

Warning

The 163-bit curve sect163r1 is weak and deprecated and is only recommended for use in legacy protocols.

Compatible algorithms

PSA_ECC_FAMILY_SECT_R2 (macro)

SEC additional random curves over binary fields.

#define PSA_ECC_FAMILY_SECT_R2 ((psa_ecc_family_t) 0x2b)

This family comprises the following curves:

  • sect163r2 : key_bits = 163 (Deprecated)

It is defined in [SEC2].

Warning

The 163-bit curve sect163r2 is weak and deprecated and is only recommended for use in legacy protocols.

Compatible algorithms

PSA_ECC_FAMILY_BRAINPOOL_P_R1 (macro)

Brainpool P random curves.

#define PSA_ECC_FAMILY_BRAINPOOL_P_R1 ((psa_ecc_family_t) 0x30)

This family comprises the following curves:

  • brainpoolP160r1 : key_bits = 160 (Deprecated)
  • brainpoolP192r1 : key_bits = 192
  • brainpoolP224r1 : key_bits = 224
  • brainpoolP256r1 : key_bits = 256
  • brainpoolP320r1 : key_bits = 320
  • brainpoolP384r1 : key_bits = 384
  • brainpoolP512r1 : key_bits = 512

They are defined in Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation [RFC5639].

Warning

The 160-bit curve brainpoolP160r1 is weak and deprecated and is only recommended for use in legacy protocols.

Compatible algorithms

PSA_ECC_FAMILY_FRP (macro)

Curve used primarily in France and elsewhere in Europe.

#define PSA_ECC_FAMILY_FRP ((psa_ecc_family_t) 0x33)

This family comprises one 256-bit curve:

  • FRP256v1 : key_bits = 256

This is defined by Publication d'un paramétrage de courbe elliptique visant des applications de passeport électronique et de l'administration électronique française [FRP].

Compatible algorithms

PSA_ECC_FAMILY_MONTGOMERY (macro)

Montgomery curves.

#define PSA_ECC_FAMILY_MONTGOMERY ((psa_ecc_family_t) 0x41)

This family comprises the following Montgomery curves:

  • Curve25519 : key_bits = 255
  • Curve448 : key_bits = 448

Curve25519 is defined in Curve25519: new Diffie-Hellman speed records [Curve25519]. Curve448 is defined in Ed448-Goldilocks, a new elliptic curve [Curve448].

Compatible algorithms

PSA_ALG_ECDH (key pair only)

PSA_ECC_FAMILY_TWISTED_EDWARDS (macro)

Twisted Edwards curves.

#define PSA_ECC_FAMILY_TWISTED_EDWARDS ((psa_ecc_family_t) 0x42)

This family comprises the following twisted Edwards curves:

  • Edwards25519 : key_bits = 255. This curve is birationally equivalent to Curve25519.
  • Edwards448 : key_bits = 448. This curve is birationally equivalent to Curve448.

Edwards25519 is defined in Twisted Edwards curves [Ed25519]. Edwards448 is defined in Ed448-Goldilocks, a new elliptic curve [Curve448].

Compatible algorithms

PSA_ALG_ED25519PH (Edwards25519 only)
PSA_ALG_ED448PH (Edwards448 only)

PSA_KEY_TYPE_IS_ECC (macro)

Whether a key type is an elliptic curve key, either a key pair or a public key.

#define PSA_KEY_TYPE_IS_ECC(type) /* specification-defined value */

Parameters

type
A key type: a value of type psa_key_type_t.

PSA_KEY_TYPE_IS_ECC_KEY_PAIR (macro)

Whether a key type is an elliptic curve key pair.

#define PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type) /* specification-defined value */

Parameters

type
A key type: a value of type psa_key_type_t.

PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY (macro)

Whether a key type is an elliptic curve public key.

#define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type) /* specification-defined value */

Parameters

type
A key type: a value of type psa_key_type_t.

PSA_KEY_TYPE_ECC_GET_FAMILY (macro)

Extract the curve family from an elliptic curve key type.

#define PSA_KEY_TYPE_ECC_GET_FAMILY(type) /* specification-defined value */

Parameters

type
An elliptic curve key type: a value of type psa_key_type_t such that PSA_KEY_TYPE_IS_ECC(type) is true.

Returns: psa_ecc_family_t

The elliptic curve family id, if type is a supported elliptic curve key. Unspecified if type is not a supported elliptic curve key.

9.2.6. Diffie Hellman keys

psa_dh_family_t (type)

The type of PSA finite-field Diffie-Hellman group family identifiers.

typedef uint8_t psa_dh_family_t;

The group family identifier is required to create a finite-field Diffie-Hellman key using the PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY() macros.

The specific Diffie-Hellman group within a family is identified by the key_bits attribute of the key.

The range of Diffie-Hellman group family identifier values is divided as follows:

0x00 0x7f
DH group family identifiers defined by this standard. Unallocated values in this range are reserved for future use.
0x80 0xff
Implementations that define additional families must use an encoding in this range.

PSA_KEY_TYPE_DH_KEY_PAIR (macro)

Finite-field Diffie-Hellman key pair: both the private key and public key.

#define PSA_KEY_TYPE_DH_KEY_PAIR(group) /* specification-defined value */

Parameters

group
A value of type psa_dh_family_t that identifies the Diffie-Hellman group family to be used.

Compatible algorithms

PSA_KEY_TYPE_DH_PUBLIC_KEY (macro)

Finite-field Diffie-Hellman public key.

#define PSA_KEY_TYPE_DH_PUBLIC_KEY(group) /* specification-defined value */

Parameters

group
A value of type psa_dh_family_t that identifies the Diffie-Hellman group family to be used.

Compatible algorithms

None. Finite-field Diffie-Hellman public keys are exported to use in a key agreement algorithm, and the peer key is provided to the PSA_ALG_FFDH key agreement algorithm as a buffer of key data.

PSA_DH_FAMILY_RFC7919 (macro)

Finite-field Diffie-Hellman groups defined for TLS in RFC 7919.

#define PSA_DH_FAMILY_RFC7919 ((psa_dh_family_t) 0x03)

This family includes groups with the following key sizes (in bits): 2048, 3072, 4096, 6144, 8192. An implementation can support all of these sizes or only a subset.

Keys is this group can only be used with the PSA_ALG_FFDH key agreement algorithm.

These groups are defined by Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS) [RFC7919] Appendix A.

PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY (macro)

The key pair type corresponding to a public key type.

#define PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(type) \
    /* specification-defined value */

Parameters

type
A public key type or key pair type.

Returns

The corresponding key pair type. If type is not a public key or a key pair, the return value is undefined.

Description

If type is a key pair type, it will be left unchanged.

PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR (macro)

The public key type corresponding to a key pair type.

#define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) \
    /* specification-defined value */

Parameters

type
A public key type or key pair type.

Returns

The corresponding public key type. If type is not a public key or a key pair, the return value is undefined.

Description

If type is a public key type, it will be left unchanged.

PSA_KEY_TYPE_IS_DH (macro)

Whether a key type is a Diffie-Hellman key, either a key pair or a public key.

#define PSA_KEY_TYPE_IS_DH(type) /* specification-defined value */

Parameters

type
A key type: a value of type psa_key_type_t.

PSA_KEY_TYPE_IS_DH_KEY_PAIR (macro)

Whether a key type is a Diffie-Hellman key pair.

#define PSA_KEY_TYPE_IS_DH_KEY_PAIR(type) /* specification-defined value */

Parameters

type
A key type: a value of type psa_key_type_t.

PSA_KEY_TYPE_IS_DH_PUBLIC_KEY (macro)

Whether a key type is a Diffie-Hellman public key.

#define PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) /* specification-defined value */

Parameters

type
A key type: a value of type psa_key_type_t.

PSA_KEY_TYPE_DH_GET_FAMILY (macro)

Extract the group family from a Diffie-Hellman key type.

#define PSA_KEY_TYPE_DH_GET_FAMILY(type) /* specification-defined value */

Parameters

type
A Diffie-Hellman key type: a value of type psa_key_type_t such that PSA_KEY_TYPE_IS_DH(type) is true.

Returns: psa_dh_family_t

The Diffie-Hellman group family id, if type is a supported Diffie-Hellman key. Unspecified if type is not a supported Diffie-Hellman key.

9.2.7. Attribute accessors

psa_set_key_type (function)

Declare the type of a key.

void psa_set_key_type(psa_key_attributes_t * attributes,
                      psa_key_type_t type);

Parameters

attributes
The attribute object to write to.
type
The key type to write. If this is PSA_KEY_TYPE_NONE, the key type in attributes becomes unspecified.

Returns: void

Description

This function overwrites any key type previously set in attributes.

Implementation note

This is a simple accessor function that is not required to validate its inputs. It can be efficiently implemented as a static inline function or a function-like-macro.

psa_get_key_type (function)

Retrieve the key type from key attributes.

psa_key_type_t psa_get_key_type(const psa_key_attributes_t * attributes);

Parameters

attributes
The key attribute object to query.

Returns: psa_key_type_t

The key type stored in the attribute object.

Description

Implementation note

This is a simple accessor function that is not required to validate its inputs. It can be efficiently implemented as a static inline function or a function-like-macro.

psa_get_key_bits (function)

Retrieve the key size from key attributes.

size_t psa_get_key_bits(const psa_key_attributes_t * attributes);

Parameters

attributes
The key attribute object to query.

Returns: size_t

The key size stored in the attribute object, in bits.

Description

Implementation note

This is a simple accessor function that is not required to validate its inputs. It can be efficiently implemented as a static inline function or a function-like-macro.

psa_set_key_bits (function)

Declare the size of a key.

void psa_set_key_bits(psa_key_attributes_t * attributes,
                      size_t bits);

Parameters

attributes
The attribute object to write to.
bits
The key size in bits. If this is 0, the key size in attributes becomes unspecified. Keys of size 0 are not supported.

Returns: void

Description

This function overwrites any key size previously set in attributes.

Implementation note

This is a simple accessor function that is not required to validate its inputs. It can be efficiently implemented as a static inline function or a function-like-macro.