#include "legato.h"
#include "le_limit_common.h"

Macros
#define	IFGEN_TAF_KS_PROTOCOL_ID "a96b6ca7b1cbd694b769cfa50a9357e2"

#define	IFGEN_TAF_KS_MSG_SIZE 4120

#define	TAF_KS_MAX_KEY_ID_SIZE 256

#define	TAF_KS_MAX_SEC_LABEL_SIZE 256

#define	TAF_KS_MAX_PACKET_SIZE 4096

#define	TAF_KS_MAX_AES_NONCE_SIZE 16

#define	TAF_KS_MIN_HMAC_KEY_SIZE 8

#define	TAF_KS_MAX_HMAC_KEY_SIZE 128

Typedefs
typedef struct taf_ks_Key *	taf_ks_KeyRef_t

typedef struct taf_ks_CryptoSession *	taf_ks_CryptoSessionRef_t

Enumerations
enum	taf_ks_RsaKeySize_t { TAF_KS_RSA_SIZE_1024 = 1, TAF_KS_RSA_SIZE_2048 = 2, TAF_KS_RSA_SIZE_3072 = 3, TAF_KS_RSA_SIZE_4096 = 4, TAF_KS_RSA_SIZE_MAX = 5 }

enum	taf_ks_AesKeySize_t { TAF_KS_AES_SIZE_128 = 1, TAF_KS_AES_SIZE_192 = 2, TAF_KS_AES_SIZE_256 = 3, TAF_KS_AES_SIZE_MAX = 4 }

enum	taf_ks_EccKeySize_t { TAF_KS_ECC_SIZE_224 = 1, TAF_KS_ECC_SIZE_256 = 2, TAF_KS_ECC_SIZE_384 = 3, TAF_KS_ECC_SIZE_521 = 4, TAF_KS_ECC_SIZE_MAX = 5 }

enum	taf_ks_KeyUsage_t { TAF_KS_RSA_ENCRYPT_DECRYPT = 0, TAF_KS_RSA_ENCRYPT_ONLY = 1, TAF_KS_RSA_DECRYPT_ONLY = 2, TAF_KS_RSA_SIGN_VERIFY = 3, TAF_KS_RSA_SIGN_ONLY = 4, TAF_KS_RSA_VERIFY_ONLY = 5, TAF_KS_AES_ENCRYPT_DECRYPT = 6, TAF_KS_AES_ENCRYPT_ONLY = 7, TAF_KS_AES_DECRYPT_ONLY = 8, TAF_KS_ECDSA_SIGN_VERIFY = 9, TAF_KS_ECDSA_SIGN_ONLY = 10, TAF_KS_ECDSA_VERIFY_ONLY = 11, TAF_KS_HMAC_SIGN_VERIFY = 12, TAF_KS_HMAC_SIGN_ONLY = 13, TAF_KS_HMAC_VERIFY_ONLY = 14, TAF_KS_KEYUSAGE_MAX = 15 }

enum	taf_ks_CryptoPurpose_t { TAF_KS_CRYPTO_ENCRYPT = 0, TAF_KS_CRYPTO_DECRYPT = 1, TAF_KS_CRYPTO_SIGN = 2, TAF_KS_CRYPTO_VERIFY = 3, TAF_KS_CRYPTO_MAX = 4 }

enum	taf_ks_Digest_t { TAF_KS_DIGEST_MD5 = 1, TAF_KS_DIGEST_SHA1 = 2, TAF_KS_DIGEST_SHA2_224 = 3, TAF_KS_DIGEST_SHA2_256 = 4, TAF_KS_DIGEST_SHA2_384 = 5, TAF_KS_DIGEST_SHA2_512 = 6, TAF_KS_DIGEST_MAX = 7 }

enum	taf_ks_RsaEncPadding_t { TAF_KS_RSA_ENC_PAD_NONE = 0, TAF_KS_RSA_ENC_PAD_PKCS1_V15 = 1, TAF_KS_RSA_ENC_PAD_OAEP_MD5 = 2, TAF_KS_RSA_ENC_PAD_OAEP_SHA1 = 3, TAF_KS_RSA_ENC_PAD_OAEP_SHA2_224 = 4, TAF_KS_RSA_ENC_PAD_OAEP_SHA2_256 = 5, TAF_KS_RSA_ENC_PAD_OAEP_SHA2_384 = 6, TAF_KS_RSA_ENC_PAD_OAEP_SHA2_512 = 7, TAF_KS_RSA_ENC_PAD_MAX = 8 }

enum	taf_ks_RsaSigPadding_t { TAF_KS_RSA_SIG_PAD_NONE = 0, TAF_KS_RSA_SIG_PAD_PKCS1_V15_MD5 = 1, TAF_KS_RSA_SIG_PAD_PKCS1_V15_SHA1 = 2, TAF_KS_RSA_SIG_PAD_PKCS1_V15_SHA2_224 = 3, TAF_KS_RSA_SIG_PAD_PKCS1_V15_SHA2_256 = 4, TAF_KS_RSA_SIG_PAD_PKCS1_V15_SHA2_384 = 5, TAF_KS_RSA_SIG_PAD_PKCS1_V15_SHA2_512 = 6, TAF_KS_RSA_SIG_PAD_PSS_MD5 = 7, TAF_KS_RSA_SIG_PAD_PSS_SHA1 = 8, TAF_KS_RSA_SIG_PAD_PSS_SHA2_224 = 9, TAF_KS_RSA_SIG_PAD_PSS_SHA2_256 = 10, TAF_KS_RSA_SIG_PAD_PSS_SHA2_384 = 11, TAF_KS_RSA_SIG_PAD_PSS_SHA2_512 = 12, TAF_KS_RSA_SIG_PAD_MAX = 13 }

enum	taf_ks_AesBlockMode_t { TAF_KS_AES_MODE_ECB_PAD_NONE = 0, TAF_KS_AES_MODE_ECB_PAD_PKCS7 = 1, TAF_KS_AES_MODE_CBC_PAD_NONE = 2, TAF_KS_AES_MODE_CBC_PAD_PKCS7 = 3, TAF_KS_AES_MODE_CTR = 4, TAF_KS_AES_MODE_GCM = 5, TAF_KS_AES_MODE_MAX = 6 }

Functions
LE_SHARED bool	ifgen_taf_ks_HasLocalBinding (void)

LE_SHARED void	ifgen_taf_ks_InitCommonData (void)

LE_SHARED void	ifgen_taf_ks_CleanupCommonData (le_msg_SessionRef_t _ifgen_sessionRef)

LE_SHARED le_result_t	ifgen_taf_ks_OpenSession (le_msg_SessionRef_t _ifgen_sessionRef, bool isBlocking)

LE_SHARED le_result_t	ifgen_taf_ks_CreateKey (le_msg_SessionRef_t _ifgen_sessionRef, const char LE_NONNULL keyName, taf_ks_KeyUsage_t keyUsage, taf_ks_KeyRef_t keyRefPtr)

LE_SHARED le_result_t	ifgen_taf_ks_GetKey (le_msg_SessionRef_t _ifgen_sessionRef, const char LE_NONNULL keyName, taf_ks_KeyRef_t keyRefPtr)

LE_SHARED le_result_t	ifgen_taf_ks_DeleteKey (le_msg_SessionRef_t _ifgen_sessionRef, taf_ks_KeyRef_t keyRef)

LE_SHARED le_result_t	ifgen_taf_ks_GetKeyUsage (le_msg_SessionRef_t _ifgen_sessionRef, taf_ks_KeyRef_t keyRef, taf_ks_KeyUsage_t *keyUsagePtr)

LE_SHARED le_result_t	ifgen_taf_ks_SetKeyMaxUsesPerBoot (le_msg_SessionRef_t _ifgen_sessionRef, taf_ks_KeyRef_t keyRef, uint32_t value)

LE_SHARED le_result_t	ifgen_taf_ks_SetKeyMinSecondsBetweenOps (le_msg_SessionRef_t _ifgen_sessionRef, taf_ks_KeyRef_t keyRef, uint32_t value)

LE_SHARED le_result_t	ifgen_taf_ks_SetKeyAppData (le_msg_SessionRef_t _ifgen_sessionRef, taf_ks_KeyRef_t keyRef, const uint8_t *dataPtr, size_t dataSize)

LE_SHARED le_result_t	ifgen_taf_ks_SetKeyActiveDateTime (le_msg_SessionRef_t _ifgen_sessionRef, taf_ks_KeyRef_t keyRef, uint64_t value)

LE_SHARED le_result_t	ifgen_taf_ks_SetKeyOriginationExpireDateTime (le_msg_SessionRef_t _ifgen_sessionRef, taf_ks_KeyRef_t keyRef, uint64_t value)

LE_SHARED le_result_t	ifgen_taf_ks_SetKeyUsageExpireDateTime (le_msg_SessionRef_t _ifgen_sessionRef, taf_ks_KeyRef_t keyRef, uint64_t value)

LE_SHARED le_result_t	ifgen_taf_ks_ProvisionRsaEncKeyValue (le_msg_SessionRef_t _ifgen_sessionRef, taf_ks_KeyRef_t keyRef, taf_ks_RsaKeySize_t keySize, taf_ks_RsaEncPadding_t padding, const uint8_t *impDataPtr, size_t impDataSize)

LE_SHARED le_result_t	ifgen_taf_ks_ProvisionRsaSigKeyValue (le_msg_SessionRef_t _ifgen_sessionRef, taf_ks_KeyRef_t keyRef, taf_ks_RsaKeySize_t keySize, taf_ks_RsaSigPadding_t padding, const uint8_t *impDataPtr, size_t impDataSize)

LE_SHARED le_result_t	ifgen_taf_ks_ProvisionEcdsaKeyValue (le_msg_SessionRef_t _ifgen_sessionRef, taf_ks_KeyRef_t keyRef, taf_ks_EccKeySize_t keySize, taf_ks_Digest_t digest, const uint8_t *impDataPtr, size_t impDataSize)

LE_SHARED le_result_t	ifgen_taf_ks_ProvisionAesKeyValue (le_msg_SessionRef_t _ifgen_sessionRef, taf_ks_KeyRef_t keyRef, taf_ks_AesKeySize_t keySize, taf_ks_AesBlockMode_t mode, const uint8_t *impDataPtr, size_t impDataSize)

LE_SHARED le_result_t	ifgen_taf_ks_ProvisionHmacKeyValue (le_msg_SessionRef_t _ifgen_sessionRef, taf_ks_KeyRef_t keyRef, uint32_t keySize, taf_ks_Digest_t digest, const uint8_t *impDataPtr, size_t impDataSize)

LE_SHARED le_result_t	ifgen_taf_ks_ExportKey (le_msg_SessionRef_t _ifgen_sessionRef, taf_ks_KeyRef_t keyRef, const uint8_t appDataPtr, size_t appDataSize, uint8_t expDataPtr, size_t *expDataSizePtr)

LE_SHARED le_result_t	ifgen_taf_ks_CryptoSessionCreate (le_msg_SessionRef_t _ifgen_sessionRef, taf_ks_KeyRef_t keyRef, taf_ks_CryptoSessionRef_t *sessionRefPtr)

LE_SHARED le_result_t	ifgen_taf_ks_CryptoSessionSetAesNonce (le_msg_SessionRef_t _ifgen_sessionRef, taf_ks_CryptoSessionRef_t sessionRef, const uint8_t *dataPtr, size_t dataSize)

LE_SHARED le_result_t	ifgen_taf_ks_CryptoSessionSetAppData (le_msg_SessionRef_t _ifgen_sessionRef, taf_ks_CryptoSessionRef_t sessionRef, const uint8_t *dataPtr, size_t dataSize)

LE_SHARED le_result_t	ifgen_taf_ks_CryptoSessionStart (le_msg_SessionRef_t _ifgen_sessionRef, taf_ks_CryptoSessionRef_t sessionRef, taf_ks_CryptoPurpose_t cryptoPurpose)

LE_SHARED le_result_t	ifgen_taf_ks_CryptoSessionProcessAead (le_msg_SessionRef_t _ifgen_sessionRef, taf_ks_CryptoSessionRef_t sessionRef, const uint8_t *dataPtr, size_t dataSize)

LE_SHARED le_result_t	ifgen_taf_ks_CryptoSessionProcess (le_msg_SessionRef_t _ifgen_sessionRef, taf_ks_CryptoSessionRef_t sessionRef, const uint8_t inputDataPtr, size_t inputDataSize, uint8_t outputDataPtr, size_t *outputDataSizePtr)

LE_SHARED le_result_t	ifgen_taf_ks_CryptoSessionEnd (le_msg_SessionRef_t _ifgen_sessionRef, taf_ks_CryptoSessionRef_t sessionRef, const uint8_t inputDataPtr, size_t inputDataSize, uint8_t outputDataPtr, size_t *outputDataSizePtr)

LE_SHARED le_result_t	ifgen_taf_ks_CryptoSessionAbort (le_msg_SessionRef_t _ifgen_sessionRef, taf_ks_CryptoSessionRef_t sessionRef)

Macro Definition Documentation

◆ IFGEN_TAF_KS_PROTOCOL_ID

#define IFGEN_TAF_KS_PROTOCOL_ID "a96b6ca7b1cbd694b769cfa50a9357e2"

◆ IFGEN_TAF_KS_MSG_SIZE

#define IFGEN_TAF_KS_MSG_SIZE 4120

◆ TAF_KS_MAX_KEY_ID_SIZE

#define TAF_KS_MAX_KEY_ID_SIZE 256

The maximum size of the key name in bytes.

◆ TAF_KS_MAX_SEC_LABEL_SIZE

#define TAF_KS_MAX_SEC_LABEL_SIZE 256

The maximum size of the secure label in bytes.

◆ TAF_KS_MAX_PACKET_SIZE

#define TAF_KS_MAX_PACKET_SIZE 4096

The maximum size of the data packet in bytes.

◆ TAF_KS_MAX_AES_NONCE_SIZE

#define TAF_KS_MAX_AES_NONCE_SIZE 16

The maximum nonce or IV size for AES GCM, CBC, or CTR in bytes.

AES GCM nonce size must be fixed length of 12 bytes. AES CBC/CTR IV size must be fixed length of 16 bytes.

◆ TAF_KS_MIN_HMAC_KEY_SIZE

#define TAF_KS_MIN_HMAC_KEY_SIZE 8

The minimum and maximum size for HMAC key in bytes.

◆ TAF_KS_MAX_HMAC_KEY_SIZE

#define TAF_KS_MAX_HMAC_KEY_SIZE 128

Typedef Documentation

◆ taf_ks_KeyRef_t

typedef struct taf_ks_Key* taf_ks_KeyRef_t

Reference for key object.

◆ taf_ks_CryptoSessionRef_t

typedef struct taf_ks_CryptoSession* taf_ks_CryptoSessionRef_t

Reference for cryptographic operation session.

Enumeration Type Documentation

◆ taf_ks_RsaKeySize_t

enum taf_ks_RsaKeySize_t

Defines the supported RSA key size.

Enumerator
TAF_KS_RSA_SIZE_1024	RSA key size is 1024 bit.
TAF_KS_RSA_SIZE_2048	RSA key size is 2048 bit.
TAF_KS_RSA_SIZE_3072	RSA key size is 3072 bit.
TAF_KS_RSA_SIZE_4096	RSA key size is 4096 bit.
TAF_KS_RSA_SIZE_MAX	Indicates the maximum value.

◆ taf_ks_AesKeySize_t

enum taf_ks_AesKeySize_t

Defines the supported AES key size.

Enumerator
TAF_KS_AES_SIZE_128	AES key size is 128 bit.
TAF_KS_AES_SIZE_192	AES key size is 192 bit.
TAF_KS_AES_SIZE_256	AES key size is 256 bit.
TAF_KS_AES_SIZE_MAX	Indicates the maximum value.

◆ taf_ks_EccKeySize_t

enum taf_ks_EccKeySize_t

Defines the supported ECC key size.

Enumerator
TAF_KS_ECC_SIZE_224	NIST/SECG curve over a 224 bit prime field.
TAF_KS_ECC_SIZE_256	NIST/SECG curve over a 256 bit prime field.
TAF_KS_ECC_SIZE_384	NIST/SECG curve over a 384 bit prime field.
TAF_KS_ECC_SIZE_521	NIST/SECG curve over a 521 bit prime field.
TAF_KS_ECC_SIZE_MAX	Indicates the maximum value.

◆ taf_ks_KeyUsage_t

enum taf_ks_KeyUsage_t

Defines the key usage.

Enumerator
TAF_KS_RSA_ENCRYPT_DECRYPT	RSA key for encryption and decryption.
TAF_KS_RSA_ENCRYPT_ONLY	RSA key for encryption only.
TAF_KS_RSA_DECRYPT_ONLY	RSA key for decryption only.
TAF_KS_RSA_SIGN_VERIFY	RSA key for signing and verification.
TAF_KS_RSA_SIGN_ONLY	RSA key for signing only.
TAF_KS_RSA_VERIFY_ONLY	RSA key for verification only.
TAF_KS_AES_ENCRYPT_DECRYPT	AES key for encryption and decryption.
TAF_KS_AES_ENCRYPT_ONLY	AES key for encryption only.
TAF_KS_AES_DECRYPT_ONLY	AES key for decryption only.
TAF_KS_ECDSA_SIGN_VERIFY	ECDSA key for signing and verification.
TAF_KS_ECDSA_SIGN_ONLY	ECDSA key for signing only.
TAF_KS_ECDSA_VERIFY_ONLY	ECDSA key for verfication only.
TAF_KS_HMAC_SIGN_VERIFY	HMAC for signing and verification.
TAF_KS_HMAC_SIGN_ONLY	HMAC for signing only.
TAF_KS_HMAC_VERIFY_ONLY	HMAC for verification only.
TAF_KS_KEYUSAGE_MAX	Indicates the maximum value.

◆ taf_ks_CryptoPurpose_t

enum taf_ks_CryptoPurpose_t

Defines the purpose for a cryptographic operation session.

Enumerator
TAF_KS_CRYPTO_ENCRYPT	Crypto operation for encryption.
TAF_KS_CRYPTO_DECRYPT	Crypto operation for decryption.
TAF_KS_CRYPTO_SIGN	Crypto operation for signing.
TAF_KS_CRYPTO_VERIFY	Crypto operation for verify.
TAF_KS_CRYPTO_MAX	Indicates the maximum value.

◆ taf_ks_Digest_t

enum taf_ks_Digest_t

Defines the digest algorithms used by RSA, ECC and HMAC.

Enumerator
TAF_KS_DIGEST_MD5	MD5.
TAF_KS_DIGEST_SHA1	SHA1.
TAF_KS_DIGEST_SHA2_224	SHA2-224.
TAF_KS_DIGEST_SHA2_256	SHA2-256.
TAF_KS_DIGEST_SHA2_384	SHA2-384.
TAF_KS_DIGEST_SHA2_512	SHA2-512.
TAF_KS_DIGEST_MAX	Indicates the maximum value.

◆ taf_ks_RsaEncPadding_t

enum taf_ks_RsaEncPadding_t

Defines the padding type for RSA encryption keys.

The specified hash function used in MFG1 is only for OAEP padding.

Enumerator
TAF_KS_RSA_ENC_PAD_NONE	No padding.
TAF_KS_RSA_ENC_PAD_PKCS1_V15	PKCS1 V1.5 padding.
TAF_KS_RSA_ENC_PAD_OAEP_MD5	OAEP with MD5 padding.
TAF_KS_RSA_ENC_PAD_OAEP_SHA1	OAEP with SHA1 padding.
TAF_KS_RSA_ENC_PAD_OAEP_SHA2_224	OAEP with SHA2-224 padding.
TAF_KS_RSA_ENC_PAD_OAEP_SHA2_256	OAEP with SHA2-256 padding.
TAF_KS_RSA_ENC_PAD_OAEP_SHA2_384	OAEP with SHA2-384 padding.
TAF_KS_RSA_ENC_PAD_OAEP_SHA2_512	OAEP with SHA2-512 padding.
TAF_KS_RSA_ENC_PAD_MAX	Indicates the maximum value.

◆ taf_ks_RsaSigPadding_t

enum taf_ks_RsaSigPadding_t

Defines the padding type for RSA signature keys.

The specified hash function used in MFG1 is for both PSS padding and digest to sign.

Enumerator
TAF_KS_RSA_SIG_PAD_NONE	No padding.
TAF_KS_RSA_SIG_PAD_PKCS1_V15_MD5	PKCS1 V1.5 padding, digest is MD5.
TAF_KS_RSA_SIG_PAD_PKCS1_V15_SHA1	PKCS1 V1.5 padding, digest is SHA1.
TAF_KS_RSA_SIG_PAD_PKCS1_V15_SHA2_224	PKCS1 V1.5 padding, digest is SHA2-224.
TAF_KS_RSA_SIG_PAD_PKCS1_V15_SHA2_256	PKCS1 V1.5 padding, digest is SHA2-256.
TAF_KS_RSA_SIG_PAD_PKCS1_V15_SHA2_384	PKCS1 V1.5 padding, digest is SHA2-384.
TAF_KS_RSA_SIG_PAD_PKCS1_V15_SHA2_512	PKCS1 V1.5 padding, digest is SHA2-512.
TAF_KS_RSA_SIG_PAD_PSS_MD5	PSS with MD5 padding, digest is MD5.
TAF_KS_RSA_SIG_PAD_PSS_SHA1	PSS with SHA1 padding, digest is SHA1.
TAF_KS_RSA_SIG_PAD_PSS_SHA2_224	PSS with SHA2-224 padding, digest is SHA2-224.
TAF_KS_RSA_SIG_PAD_PSS_SHA2_256	PSS with SHA2-256 padding, digest is SHA2-256.
TAF_KS_RSA_SIG_PAD_PSS_SHA2_384	PSS with SHA2-384 padding, digest is SHA2-384.
TAF_KS_RSA_SIG_PAD_PSS_SHA2_512	PSS with SHA2-512 padding, digest is SHA2-512.
TAF_KS_RSA_SIG_PAD_MAX	Indicates the maximum value.

◆ taf_ks_AesBlockMode_t

enum taf_ks_AesBlockMode_t

Defines the AES block mode.

Enumerator
TAF_KS_AES_MODE_ECB_PAD_NONE	AES ECB mode without padding.
TAF_KS_AES_MODE_ECB_PAD_PKCS7	AES ECB mode with PKCS7 padding.
TAF_KS_AES_MODE_CBC_PAD_NONE	AES CBC mode without padding.
TAF_KS_AES_MODE_CBC_PAD_PKCS7	AES CBC mode with PKCS7 padding.
TAF_KS_AES_MODE_CTR	AES CTR mode.
TAF_KS_AES_MODE_GCM	AES GCM mode.
TAF_KS_AES_MODE_MAX	Indicates the maximum value.

Function Documentation

◆ ifgen_taf_ks_HasLocalBinding()

LE_SHARED bool ifgen_taf_ks_HasLocalBinding ( void )

Get if this client bound locally.

◆ ifgen_taf_ks_InitCommonData()

LE_SHARED void ifgen_taf_ks_InitCommonData ( void )

Init data that is common across all threads

◆ ifgen_taf_ks_CleanupCommonData()

LE_SHARED void ifgen_taf_ks_CleanupCommonData ( le_msg_SessionRef_t _ifgen_sessionRef )

Cleanup the data of a session

◆ ifgen_taf_ks_OpenSession()

LE_SHARED le_result_t ifgen_taf_ks_OpenSession	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		bool	isBlocking
	)

Perform common initialization and open a session

◆ ifgen_taf_ks_CreateKey()

LE_SHARED le_result_t ifgen_taf_ks_CreateKey	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		const char *LE_NONNULL	keyName,
		taf_ks_KeyUsage_t	keyUsage,
		taf_ks_KeyRef_t *	keyRefPtr
	)

Creates a new key.

Returns

LE_OK – Succeeded.
LE_BAD_PARAMETER – Bad parameters.
LE_NOT_PERMITTED – Key already exists.
LE_FAULT – Error.

Parameters

[in]	keyName	Key name.
[in]	keyUsage	Key usage.
[out]	keyRefPtr	Key reference.

◆ ifgen_taf_ks_GetKey()

LE_SHARED le_result_t ifgen_taf_ks_GetKey	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		const char *LE_NONNULL	keyName,
		taf_ks_KeyRef_t *	keyRefPtr
	)

Gets a key by key name.

Returns

LE_OK – Succeeded.
LE_BAD_PARAMETER – Bad parameters.
LE_NOT_FOUND – The key does not exist or is not provisioned.
LE_FAULT – Error.

Parameters

[in]	keyName	Key name.
[out]	keyRefPtr	Key reference.

◆ ifgen_taf_ks_DeleteKey()

LE_SHARED le_result_t ifgen_taf_ks_DeleteKey	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		taf_ks_KeyRef_t	keyRef
	)

Deletes a key by key reference.

Returns

LE_OK – Succeeded.
LE_NOT_FOUND – Key does not exist.
LE_NOT_PERMITTED – Key has a running cryptography session.
LE_FAULT – Error.

Parameters

[in] keyRef Key reference.

◆ ifgen_taf_ks_GetKeyUsage()

LE_SHARED le_result_t ifgen_taf_ks_GetKeyUsage	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		taf_ks_KeyRef_t	keyRef,
		taf_ks_KeyUsage_t *	keyUsagePtr
	)

Gets a key's usage.

Returns

LE_OK – Succeeded.
LE_BAD_PARAMETER – Bad parameters.
LE_NOT_FOUND – Key does not exist.
LE_FAULT – Error.

Parameters

[in]	keyRef	Key reference.
[out]	keyUsagePtr	Key usage.

◆ ifgen_taf_ks_SetKeyMaxUsesPerBoot()

LE_SHARED le_result_t ifgen_taf_ks_SetKeyMaxUsesPerBoot	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		taf_ks_KeyRef_t	keyRef,
		uint32_t	value
	)

Sets the maximum number of times a key may be used between system reboots.

Returns

LE_OK – Succeeded.
LE_NOT_FOUND – Key does not exist.
LE_NOT_PERMITTED – Key is already provisioned.

Parameters

[in]	keyRef	Key reference.
[in]	value	Uses per boot.

◆ ifgen_taf_ks_SetKeyMinSecondsBetweenOps()

LE_SHARED le_result_t ifgen_taf_ks_SetKeyMinSecondsBetweenOps	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		taf_ks_KeyRef_t	keyRef,
		uint32_t	value
	)

Sets the minimum amount of time that elapses between allowed operations using a key.

Returns

LE_OK – Succeeded.
LE_NOT_FOUND – Key does not exist.
LE_NOT_PERMITTED – Key is already provisioned.

Parameters

[in]	keyRef	Key reference.
[in]	value	Seconds interval between allowed operations.

◆ ifgen_taf_ks_SetKeyAppData()

LE_SHARED le_result_t ifgen_taf_ks_SetKeyAppData	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		taf_ks_KeyRef_t	keyRef,
		const uint8_t *	dataPtr,
		size_t	dataSize
	)

Sets application data to the key.

When this attribute is provided to the key, the same data must be also provided through taf_ks_CryptoSessionSetAppData() for each cryptographic operation using the key.

Returns

LE_OK – Succeeded.
LE_BAD_PARAMETER – Bad parameters.
LE_NOT_FOUND – Key does not exist.
LE_NOT_PERMITTED – Key is already provisioned.

Parameters

[in]	keyRef	Key reference.
[in]	dataPtr	Data buffer to hold the application data.
[in]	dataSize

◆ ifgen_taf_ks_SetKeyActiveDateTime()

LE_SHARED le_result_t ifgen_taf_ks_SetKeyActiveDateTime	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		taf_ks_KeyRef_t	keyRef,
		uint64_t	value
	)

Sets the date and time at which the key becomes active. Any attempt to use the key prior to this time will fail.

Returns

LE_OK – Succeeded.
LE_NOT_FOUND – Key does not exist.
LE_NOT_PERMITTED – Key is already provisioned.

Parameters

[in]	keyRef	Key reference.
[in]	value	Milliseconds since January 1, 1970.

◆ ifgen_taf_ks_SetKeyOriginationExpireDateTime()

LE_SHARED le_result_t ifgen_taf_ks_SetKeyOriginationExpireDateTime	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		taf_ks_KeyRef_t	keyRef,
		uint64_t	value
	)

Sets the date and time at which the key expires for signing and encryption. Any attempt to use a key for signing or encryption after this time will fail.

Returns

LE_OK – Succeeded.
LE_NOT_FOUND – Key does not exist.
LE_NOT_PERMITTED – Key is already provisioned.

Parameters

[in]	keyRef	Key reference.
[in]	value	Milliseconds since January 1, 1970.

◆ ifgen_taf_ks_SetKeyUsageExpireDateTime()

LE_SHARED le_result_t ifgen_taf_ks_SetKeyUsageExpireDateTime	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		taf_ks_KeyRef_t	keyRef,
		uint64_t	value
	)

Sets the date and time at which the key expires for verification and decryption. Any attempt to use a key for verification and decryption after this time will fail.

Returns

LE_OK – Succeeded.
LE_NOT_FOUND – Key does not exist.
LE_NOT_PERMITTED – Key is already provisioned.

Parameters

[in]	keyRef	Key reference.
[in]	value	Milliseconds since January 1, 1970.

◆ ifgen_taf_ks_ProvisionRsaEncKeyValue()

LE_SHARED le_result_t ifgen_taf_ks_ProvisionRsaEncKeyValue	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		taf_ks_KeyRef_t	keyRef,
		taf_ks_RsaKeySize_t	keySize,
		taf_ks_RsaEncPadding_t	padding,
		const uint8_t *	impDataPtr,
		size_t	impDataSize
	)

Provisons or imports a RSA encryption key value to the newly created key.

The impData parameter, if provided, shall hold PKCS#8 DER format of RSA key data for import.

Returns

LE_OK – Succeeded.
LE_BAD_PARAMETER – Bad parameters.
LE_NOT_FOUND – Key does not exist.
LE_NOT_PERMITTED – Key is already provisioned, is not suitable for this provision, or is not created by the client.
LE_FAULT – Error.

Parameters

[in]	keyRef	Key reference.
[in]	keySize	Key size. Shall match the import key size if impData is provided.
[in]	padding	Padding type of RSA encryption key.
[in]	impDataPtr	Imported key data.
[in]	impDataSize

◆ ifgen_taf_ks_ProvisionRsaSigKeyValue()

LE_SHARED le_result_t ifgen_taf_ks_ProvisionRsaSigKeyValue	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		taf_ks_KeyRef_t	keyRef,
		taf_ks_RsaKeySize_t	keySize,
		taf_ks_RsaSigPadding_t	padding,
		const uint8_t *	impDataPtr,
		size_t	impDataSize
	)

Provisions or imports a RSA signing key value to the newly created key.

The impData parameter, if provided, shall hold PKCS#8 DER format of RSA key data for import.

Returns

LE_OK – Succeeded.
LE_BAD_PARAMETER – Bad parameters.
LE_NOT_FOUND – Key does not exist.
LE_NOT_PERMITTED – Key is already provisioned, is not suitable for this provision, or is not created by the client.
LE_FAULT – Error.

Parameters

[in]	keyRef	Key reference.
[in]	keySize	Key size. Shall match the import key size if impData is provided.
[in]	padding	Padding type of RSA signing key.
[in]	impDataPtr	Imported key data.
[in]	impDataSize

◆ ifgen_taf_ks_ProvisionEcdsaKeyValue()

LE_SHARED le_result_t ifgen_taf_ks_ProvisionEcdsaKeyValue	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		taf_ks_KeyRef_t	keyRef,
		taf_ks_EccKeySize_t	keySize,
		taf_ks_Digest_t	digest,
		const uint8_t *	impDataPtr,
		size_t	impDataSize
	)

Provisions or imports an ECDSA key value to the newly created key.

The impData parameter, if provided, shall hold PKCS#8 DER format of ECDSA key data for import.

Returns

LE_OK – Succeeded.
LE_BAD_PARAMETER – Bad parameters.
LE_NOT_FOUND – Key does not exist.
LE_NOT_PERMITTED – Key is already provisioned, is not suitable for this provision, or is not created by the client.
LE_FAULT – Error.

Parameters

[in]	keyRef	Key reference.
[in]	keySize	Key size. Shall match the import key size if impData is provided.
[in]	digest	Digest.
[in]	impDataPtr	Imported key data.
[in]	impDataSize

◆ ifgen_taf_ks_ProvisionAesKeyValue()

LE_SHARED le_result_t ifgen_taf_ks_ProvisionAesKeyValue	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		taf_ks_KeyRef_t	keyRef,
		taf_ks_AesKeySize_t	keySize,
		taf_ks_AesBlockMode_t	mode,
		const uint8_t *	impDataPtr,
		size_t	impDataSize
	)

Provisions or imports an AES key value to the newly created key.

The impData parameter, if provided, shall hold the AES raw key data for import.

Returns

LE_OK – Succeeded.
LE_BAD_PARAMETER – Bad parameters.
LE_NOT_FOUND – Key does not exist.
LE_NOT_PERMITTED – Key is already provisioned, is not suitable for this provision, or is not created by the client.
LE_FAULT – Error.

Parameters

[in]	keyRef	Key reference.
[in]	keySize	Key size. Shall match the import key size if impData is provided.
[in]	mode	AES block mode.
[in]	impDataPtr	Imported key data.
[in]	impDataSize

◆ ifgen_taf_ks_ProvisionHmacKeyValue()

LE_SHARED le_result_t ifgen_taf_ks_ProvisionHmacKeyValue	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		taf_ks_KeyRef_t	keyRef,
		uint32_t	keySize,
		taf_ks_Digest_t	digest,
		const uint8_t *	impDataPtr,
		size_t	impDataSize
	)

Provisions or imports a HMAC key value to the newly created key.

The impData parameter, if provided, shall hold the HMAC raw key data for import.

Returns

LE_OK – Succeeded.
LE_BAD_PARAMETER – Bad parameters.
LE_NOT_FOUND – Key does not exist.
LE_NOT_PERMITTED – Key is already provisioned, is not suitable for this provision, or is not created by the client.
LE_FAULT – Error.

Parameters

[in]	keyRef	Key reference.
[in]	keySize	Key size. Shall match the import key size if impData is provided.
[in]	digest	Digest.
[in]	impDataPtr	Imported key data.
[in]	impDataSize

◆ ifgen_taf_ks_ExportKey()

LE_SHARED le_result_t ifgen_taf_ks_ExportKey	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		taf_ks_KeyRef_t	keyRef,
		const uint8_t *	appDataPtr,
		size_t	appDataSize,
		uint8_t *	expDataPtr,
		size_t *	expDataSizePtr
	)

Exports a key into the specified key data format.

For asymmetric key exports the x.509 DER format (SubjectPublicKeyInfo) public key. Currently symmetric key exports are not supported.

Returns

LE_OK – Succeeded.
LE_BAD_PARAMETER – Bad parameter(s).
LE_NOT_FOUND – Key does not exist.
LE_NOT_PERMITTED – Key is not provisioned or the key is not created by the client.
LE_FAULT – Error.

Parameters

[in]	keyRef	Key reference.
[in]	appDataPtr	Data buffer to hold the application data.
[in]	appDataSize
[out]	expDataPtr	Exported key data.
[in,out]	expDataSizePtr

◆ ifgen_taf_ks_CryptoSessionCreate()

LE_SHARED le_result_t ifgen_taf_ks_CryptoSessionCreate	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		taf_ks_KeyRef_t	keyRef,
		taf_ks_CryptoSessionRef_t *	sessionRefPtr
	)

Creates a cryptographic operation session for a key.

Returns

LE_OK – Succeeded.
LE_BAD_PARAMETER – Bad parameters.
LE_NOT_FOUND – Key does not exist.
LE_NOT_PERMITTED – Key is not provisioned.

Parameters

[in]	keyRef	Key to use for this cryptographic session.
[out]	sessionRefPtr	Session reference.

◆ ifgen_taf_ks_CryptoSessionSetAesNonce()

LE_SHARED le_result_t ifgen_taf_ks_CryptoSessionSetAesNonce	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		taf_ks_CryptoSessionRef_t	sessionRef,
		const uint8_t *	dataPtr,
		size_t	dataSize
	)

Sets the nonce or IVs for AES GCM, CBC, CTR for a cryptographic session. For AES GCM the nonce size must be 12 bytes, for AES CBC, CTR the IV must be 16 bytes.

Returns

LE_OK – Succeeded.
LE_BAD_PARAMETER – Bad parameters.
LE_NOT_FOUND – Session or key does not exist.
LE_NOT_PERMITTED – Key is not provisioned or the session is not created by the client.

Parameters

[in]	sessionRef	Session reference.
[in]	dataPtr	Data buffer to hold the nonce or IV.
[in]	dataSize

◆ ifgen_taf_ks_CryptoSessionSetAppData()

LE_SHARED le_result_t ifgen_taf_ks_CryptoSessionSetAppData	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		taf_ks_CryptoSessionRef_t	sessionRef,
		const uint8_t *	dataPtr,
		size_t	dataSize
	)

Sets the application data for a cryptographic session.

This API must be called before taf_ks_CryptoSessionStart() if the key has set the attribute of application data by taf_ks_SetKeyAppData().

Returns

LE_OK – Succeeded.
LE_BAD_PARAMETER – Bad parameters.
LE_NOT_FOUND – Session or key does not exist.
LE_NOT_PERMITTED – Key is not provisioned or the session is not created by the client.

Parameters

[in]	sessionRef	Session reference.
[in]	dataPtr	Data buffer to hold the application data.
[in]	dataSize

◆ ifgen_taf_ks_CryptoSessionStart()

LE_SHARED le_result_t ifgen_taf_ks_CryptoSessionStart	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		taf_ks_CryptoSessionRef_t	sessionRef,
		taf_ks_CryptoPurpose_t	cryptoPurpose
	)

Starts the cryptographic session for the given operation. The cryptographic session is automatically deleted if an error occurs.

Returns

LE_OK – Succeeded.
LE_BAD_PARAMETER – Bad parameters.
LE_NOT_FOUND – Session or key does not exist.
LE_NOT_PERMITTED – Key is not provisioned or the session is not created by the client.
LE_DUPLICATE – Session is already started.
LE_FAULT – Error.

Parameters

[in]	sessionRef	Session reference.
[in]	cryptoPurpose	Cryptographic operation purpose.

◆ ifgen_taf_ks_CryptoSessionProcessAead()

LE_SHARED le_result_t ifgen_taf_ks_CryptoSessionProcessAead	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		taf_ks_CryptoSessionRef_t	sessionRef,
		const uint8_t *	dataPtr,
		size_t	dataSize
	)

Provides AEAD to an AES GCM crypto session started with taf_ks_CryptoSessionStart(). This API can be called multiple times before taf_ks_CryptoSessionProcess() and the cryptographic session will be automatically deleted if an error occurs.

Returns

LE_OK – Succeeded.
LE_BAD_PARAMETER – Bad parameters.
LE_NOT_FOUND – Session or key does not exist.
LE_NOT_PERMITTED – Key is not provisioned, the session is not created by the client, or the session is not started.
LE_FAULT – Error.

Parameters

[in]	sessionRef	Session reference.
[in]	dataPtr	Data buffer to hold the AEAD data.
[in]	dataSize

◆ ifgen_taf_ks_CryptoSessionProcess()

LE_SHARED le_result_t ifgen_taf_ks_CryptoSessionProcess	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		taf_ks_CryptoSessionRef_t	sessionRef,
		const uint8_t *	inputDataPtr,
		size_t	inputDataSize,
		uint8_t *	outputDataPtr,
		size_t *	outputDataSizePtr
	)

Provides data to, and possibly receives output from, a running cryptographic session started with taf_ks_CryptoSessionStart(). It can be called multiple times before taf_ks_CryptoSessionEnd() is called. The crypto session is automatically deleted if an error occurs.

Returns

LE_OK – Succeeded.
LE_BAD_PARAMETER – Bad parameters.
LE_NOT_FOUND – Session or the key does not exist.
LE_NOT_PERMITTED – Key is not provisioned, the session is not created by the client, or the session is not started.
LE_FAULT – Error.

Parameters

[in]	sessionRef	Session reference.
[in]	inputDataPtr	InputData can be one of the following cases. Plain text for encryption session. Cipher text for decryption session. Message to sign for signing session. Message to verify for verification session.
[in]	inputDataSize
[out]	outputDataPtr	OutputData can be one of the following cases. Encrypted data for encryption session. Decrypted data for decryption session. Shall set NULL for signing and verification sessions.
[in,out]	outputDataSizePtr

◆ ifgen_taf_ks_CryptoSessionEnd()

LE_SHARED le_result_t ifgen_taf_ks_CryptoSessionEnd	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		taf_ks_CryptoSessionRef_t	sessionRef,
		const uint8_t *	inputDataPtr,
		size_t	inputDataSize,
		uint8_t *	outputDataPtr,
		size_t *	outputDataSizePtr
	)

Finalizes the cryptographic session started with taf_ks_CryptoSessionStart(). This API shall be called once all input data is processed by taf_ks_CryptoSessionProcess(). The cryptographic session will be deleted automatically.

Returns

LE_OK – Succeeded.
LE_NOT_FOUND – Session or key does not exist.
LE_NOT_PERMITTED – Key is not provisioned, the session is not created by the client, or the session is not started.
LE_FAULT – Error.

Parameters

[in]	sessionRef	Session reference.
[in]	inputDataPtr	Signature to verify for verification session and shall set to NULL for other sessions.
[in]	inputDataSize
[out]	outputDataPtr	OutputData can be one of the following cases. Encrypted data for encryption session. Decrypted data for decryption session. Signature for signing session. Shall set to NULL for verfication session.
[in,out]	outputDataSizePtr

◆ ifgen_taf_ks_CryptoSessionAbort()

LE_SHARED le_result_t ifgen_taf_ks_CryptoSessionAbort	(	le_msg_SessionRef_t	_ifgen_sessionRef,
		taf_ks_CryptoSessionRef_t	sessionRef
	)

Aborts the cryptographic session started with taf_ks_CryptoSessionStart(). The cryptographic session will be deleted automatically.

Returns

LE_OK – Succeeded.
LE_NOT_FOUND – Session or key does not exist.
LE_NOT_PERMITTED – Key is not provisioned, the session is not created by the client, or the session is not started.
LE_FAULT – Error.

Parameters

[in] sessionRef Session reference.

Macros

Typedefs

Enumerations

Functions

Macro Definition Documentation

◆ IFGEN_TAF_KS_PROTOCOL_ID

◆ IFGEN_TAF_KS_MSG_SIZE

◆ TAF_KS_MAX_KEY_ID_SIZE

◆ TAF_KS_MAX_SEC_LABEL_SIZE

◆ TAF_KS_MAX_PACKET_SIZE

◆ TAF_KS_MAX_AES_NONCE_SIZE

◆ TAF_KS_MIN_HMAC_KEY_SIZE

◆ TAF_KS_MAX_HMAC_KEY_SIZE

Typedef Documentation

◆ taf_ks_KeyRef_t

◆ taf_ks_CryptoSessionRef_t

Enumeration Type Documentation

◆ taf_ks_RsaKeySize_t

◆ taf_ks_AesKeySize_t

◆ taf_ks_EccKeySize_t

◆ taf_ks_KeyUsage_t

◆ taf_ks_CryptoPurpose_t

◆ taf_ks_Digest_t

◆ taf_ks_RsaEncPadding_t

◆ taf_ks_RsaSigPadding_t

◆ taf_ks_AesBlockMode_t

Function Documentation

◆ ifgen_taf_ks_HasLocalBinding()

◆ ifgen_taf_ks_InitCommonData()

◆ ifgen_taf_ks_CleanupCommonData()

◆ ifgen_taf_ks_OpenSession()

◆ ifgen_taf_ks_CreateKey()

◆ ifgen_taf_ks_GetKey()

◆ ifgen_taf_ks_DeleteKey()

◆ ifgen_taf_ks_GetKeyUsage()

◆ ifgen_taf_ks_SetKeyMaxUsesPerBoot()

◆ ifgen_taf_ks_SetKeyMinSecondsBetweenOps()

◆ ifgen_taf_ks_SetKeyAppData()

◆ ifgen_taf_ks_SetKeyActiveDateTime()

◆ ifgen_taf_ks_SetKeyOriginationExpireDateTime()

◆ ifgen_taf_ks_SetKeyUsageExpireDateTime()

◆ ifgen_taf_ks_ProvisionRsaEncKeyValue()

◆ ifgen_taf_ks_ProvisionRsaSigKeyValue()

◆ ifgen_taf_ks_ProvisionEcdsaKeyValue()

◆ ifgen_taf_ks_ProvisionAesKeyValue()

◆ ifgen_taf_ks_ProvisionHmacKeyValue()

◆ ifgen_taf_ks_ExportKey()

◆ ifgen_taf_ks_CryptoSessionCreate()

◆ ifgen_taf_ks_CryptoSessionSetAesNonce()

◆ ifgen_taf_ks_CryptoSessionSetAppData()

◆ ifgen_taf_ks_CryptoSessionStart()

◆ ifgen_taf_ks_CryptoSessionProcessAead()

◆ ifgen_taf_ks_CryptoSessionProcess()

◆ ifgen_taf_ks_CryptoSessionEnd()

◆ ifgen_taf_ks_CryptoSessionAbort()