CryptoKeyKeyStore_PSA.h

Go to the documentation of this file.

/*
 * Copyright (c) 2022, Texas Instruments Incorporated
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * *  Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * *  Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * *  Neither the name of Texas Instruments Incorporated nor the names of
 *    its contributors may be used to endorse or promote products derived
 *    from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#ifndef ti_drivers_CryptoKeyKeyStore_PSA__include
#define ti_drivers_CryptoKeyKeyStore_PSA__include

#if (TFM_ENABLED == 0) || defined(TFM_PSA_API) /* TFM_PSA_API indicates this is a TF-M build */
    #include <third_party/mbedcrypto/include/psa/crypto.h>
#else
    #include <third_party/tfm/interface/include/psa/crypto.h>
#endif /* #if (TFM_ENABLED == 0) || defined(TFM_PSA_API) */

#ifdef __cplusplus
extern "C" {
#endif

typedef psa_key_usage_t KeyStore_PSA_KeyUsage;

typedef psa_key_lifetime_t KeyStore_PSA_KeyLifetime;

#define KEYSTORE_PSA_STATUS_SUCCESS ((int_fast16_t)PSA_SUCCESS)

#define KEYSTORE_PSA_STATUS_GENERIC_ERROR ((int_fast16_t)PSA_ERROR_GENERIC_ERROR)

#define KEYSTORE_PSA_STATUS_NOT_SUPPORTED ((int_fast16_t)PSA_ERROR_NOT_SUPPORTED)

#define KEYSTORE_PSA_STATUS_NOT_PERMITTED ((int_fast16_t)PSA_ERROR_NOT_PERMITTED)

#define KEYSTORE_PSA_STATUS_INVALID_KEY_ID ((int_fast16_t)PSA_ERROR_INVALID_HANDLE)

#define KEYSTORE_PSA_STATUS_BUFFER_TOO_SMALL ((int_fast16_t)PSA_ERROR_BUFFER_TOO_SMALL)

#define KEYSTORE_PSA_STATUS_ALREADY_EXISTS ((int_fast16_t)PSA_ERROR_ALREADY_EXISTS)

#define KEYSTORE_PSA_STATUS_DOES_NOT_EXIST ((int_fast16_t)PSA_ERROR_DOES_NOT_EXIST)

#define KEYSTORE_PSA_STATUS_BAD_STATE ((int_fast16_t)PSA_ERROR_BAD_STATE)

#define KEYSTORE_PSA_STATUS_INVALID_ARGUMENT ((int_fast16_t)PSA_ERROR_INVALID_ARGUMENT)

#define KEYSTORE_PSA_STATUS_INSUFFICIENT_MEMORY ((int_fast16_t)PSA_ERROR_INSUFFICIENT_MEMORY)

#define KEYSTORE_PSA_STATUS_INSUFFICIENT_STORAGE ((int_fast16_t)PSA_ERROR_INSUFFICIENT_STORAGE)

#define KEYSTORE_PSA_STATUS_COMMUNICATION_FAILURE ((int_fast16_t)PSA_ERROR_COMMUNICATION_FAILURE)

#define KEYSTORE_PSA_STATUS_STORAGE_FAILURE ((int_fast16_t)PSA_ERROR_STORAGE_FAILURE)

#define KEYSTORE_PSA_STATUS_HARDWARE_FAILURE ((int_fast16_t)PSA_ERROR_HARDWARE_FAILURE)

#define KEYSTORE_PSA_STATUS_INSUFFICIENT_ENTROPY ((int_fast16_t)PSA_ERROR_INSUFFICIENT_ENTROPY)

#define KEYSTORE_PSA_STATUS_CORRUPTION_DETECTED ((int_fast16_t)PSA_ERROR_CORRUPTION_DETECTED)

#define KEYSTORE_PSA_STATUS_RESOURCE_UNAVAILABLE ((int_fast16_t)-250)

typedef psa_key_type_t KeyStore_PSA_KeyType;

#define KEYSTORE_PSA_KEY_TYPE_RAW_DATA ((KeyStore_PSA_KeyType)PSA_KEY_TYPE_RAW_DATA)

#define KEYSTORE_PSA_KEY_TYPE_HMAC ((KeyStore_PSA_KeyType)PSA_KEY_TYPE_HMAC)

#define KEYSTORE_PSA_KEY_TYPE_DERIVE ((KeyStore_PSA_KeyType)PSA_KEY_TYPE_DERIVE)

#define KEYSTORE_PSA_KEY_TYPE_AES ((KeyStore_PSA_KeyType)PSA_KEY_TYPE_AES)

#define KEYSTORE_PSA_KEY_TYPE_DES ((KeyStore_PSA_KeyType)PSA_KEY_TYPE_DES)

#define KEYSTORE_PSA_KEY_TYPE_CAMELLIA ((KeyStore_PSA_KeyType)PSA_KEY_TYPE_CAMELLIA)

#define KEYSTORE_PSA_KEY_TYPE_ARC4 ((KeyStore_PSA_KeyType)PSA_KEY_TYPE_ARC4)

#define KEYSTORE_PSA_KEY_TYPE_CHACHA20 ((KeyStore_PSA_KeyType)PSA_KEY_TYPE_CHACHA20)

#define KEYSTORE_PSA_KEY_TYPE_RSA_PUBLIC_KEY ((KeyStore_PSA_KeyType)PSA_KEY_TYPE_RSA_PUBLIC_KEY)

#define KEYSTORE_PSA_KEY_TYPE_RSA_KEY_PAIR   ((KeyStore_PSA_KeyType)PSA_KEY_TYPE_RSA_KEY_PAIR)

#define PSA_KEY_TYPE_IS_RSA(type)            (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)

#define KEYSTORE_PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((KeyStore_PSA_KeyType)PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)
#define KEYSTORE_PSA_KEY_TYPE_ECC_KEY_PAIR_BASE   ((KeyStore_PSA_KeyType)PSA_KEY_TYPE_ECC_KEY_PAIR_BASE)

typedef psa_algorithm_t KeyStore_PSA_Algorithm;

#define KEYSTORE_PSA_ALG_SHA_224     ((KeyStore_PSA_Algorithm)PSA_ALG_SHA_224)

#define KEYSTORE_PSA_ALG_SHA_256     ((KeyStore_PSA_Algorithm)PSA_ALG_SHA_256)

#define KEYSTORE_PSA_ALG_SHA_384     ((KeyStore_PSA_Algorithm)PSA_ALG_SHA_384)

#define KEYSTORE_PSA_ALG_SHA_512     ((KeyStore_PSA_Algorithm)PSA_ALG_SHA_512)

#define KEYSTORE_PSA_ALG_SHA_512_224 ((KeyStore_PSA_Algorithm)PSA_ALG_SHA_512_224)

#define KEYSTORE_PSA_ALG_SHA_512_256 ((KeyStore_PSA_Algorithm)PSA_ALG_SHA_512_256)

#define KEYSTORE_PSA_ALG_CBC_MAC ((KeyStore_PSA_Algorithm)PSA_ALG_CBC_MAC)

#define KEYSTORE_PSA_ALG_CMAC    ((KeyStore_PSA_Algorithm)PSA_ALG_CMAC)

#define KEYSTORE_PSA_ALG_CTR ((KeyStore_PSA_Algorithm)PSA_ALG_CTR)

#define KEYSTORE_PSA_ALG_CBC_NO_PADDING ((KeyStore_PSA_Algorithm)PSA_ALG_CBC_NO_PADDING)

#define KEYSTORE_PSA_ALG_CCM ((KeyStore_PSA_Algorithm)PSA_ALG_CCM)

#define KEYSTORE_PSA_ALG_GCM ((KeyStore_PSA_Algorithm)PSA_ALG_GCM)

#define KEYSTORE_PSA_ALG_CHACHA20_POLY1305 ((KeyStore_PSA_Algorithm)PSA_ALG_CHACHA20_POLY1305)

#define KEYSTORE_PSA_ALG_ECDH ((KeyStore_PSA_Algorithm)PSA_ALG_ECDH)

/* The encoding of curve identifiers is currently aligned with the
 * TLS Supported Groups Registry (formerly known as the
 * TLS EC Named Curve Registry)
 * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
 * The values are defined by RFC 8422 and RFC 7027. */
#define KEYSTORE_PSA_ECC_CURVE_SECT163K1     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECT163K1)
#define KEYSTORE_PSA_ECC_CURVE_SECT163R1     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECT163R1)
#define KEYSTORE_PSA_ECC_CURVE_SECT163R2     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECT163R2)
#define KEYSTORE_PSA_ECC_CURVE_SECT193R1     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECT193R1)
#define KEYSTORE_PSA_ECC_CURVE_SECT193R2     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECT193R2)
#define KEYSTORE_PSA_ECC_CURVE_SECT233K1     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECT233K1)
#define KEYSTORE_PSA_ECC_CURVE_SECT233R1     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECT233R1)
#define KEYSTORE_PSA_ECC_CURVE_SECT239K1     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECT239K1)
#define KEYSTORE_PSA_ECC_CURVE_SECT283K1     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECT283K1)
#define KEYSTORE_PSA_ECC_CURVE_SECT283R1     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECT283R1)
#define KEYSTORE_PSA_ECC_CURVE_SECT409K1     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECT409K1)
#define KEYSTORE_PSA_ECC_CURVE_SECT409R1     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECT409R1)
#define KEYSTORE_PSA_ECC_CURVE_SECT571K1     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECT571K1)
#define KEYSTORE_PSA_ECC_CURVE_SECT571R1     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECT571R1)
#define KEYSTORE_PSA_ECC_CURVE_SECP160K1     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECP160K1)
#define KEYSTORE_PSA_ECC_CURVE_SECP160R1     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECP160R1)
#define KEYSTORE_PSA_ECC_CURVE_SECP160R2     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECP160R2)
#define KEYSTORE_PSA_ECC_CURVE_SECP192K1     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECP192K1)
#define KEYSTORE_PSA_ECC_CURVE_SECP192R1     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECP192R1)
#define KEYSTORE_PSA_ECC_CURVE_SECP224K1     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECP224K1)
#define KEYSTORE_PSA_ECC_CURVE_SECP224R1     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECP224R1)
#define KEYSTORE_PSA_ECC_CURVE_SECP256K1     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECP256K1)
#define KEYSTORE_PSA_ECC_CURVE_SECP256R1     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECP256R1)
#define KEYSTORE_PSA_ECC_CURVE_SECP384R1     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECP384R1)
#define KEYSTORE_PSA_ECC_CURVE_SECP521R1     ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_SECP521R1)
#define KEYSTRORE_ECC_CURVE_BRAINPOOL_P256R1 ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_BRAINPOOL_P256R1)
#define KEYSTRORE_ECC_CURVE_BRAINPOOL_P384R1 ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_BRAINPOOL_P384R1)
#define KEYSTRORE_ECC_CURVE_BRAINPOOL_P512R1 ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_BRAINPOOL_P512R1)

#define KEYSTORE_PSA_ECC_CURVE_CURVE25519    ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_CURVE25519)

#define KEYSTORE_PSA_ECC_CURVE_CURVE448      ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_CURVE448)

#define KEYSTORE_PSA_ECC_CURVE_VENDOR_MIN ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_VENDOR_MIN)

#define KEYSTORE_PSA_ECC_CURVE_VENDOR_MAX ((KeyStore_PSA_KeyType)PSA_ECC_CURVE_VENDOR_MAX)

/* Volatile Key Limit [1, PSA_KEY_SLOT_COUNT] for TF-Mv1.1
 * Upper limit for volatile keys, PSA_KEY_SLOT_COUNT (32) is the size of global slot array in mbedcrypto3.1
 */
#if (TFM_ENABLED == 0) || defined(TFM_PSA_API) /* TFM_PSA_API indicates this is a TF-M build */
    #define KEYSTORE_PSA_MAX_VOLATILE_KEY_ID PSA_KEY_SLOT_COUNT
#else
    /*
     * PSA_KEY_SLOT_COUNT is not available in TF-M's crypto.h so we must
     * hardcode it to match the value in mbedCrypto's header.
     */
    #define KEYSTORE_PSA_MAX_VOLATILE_KEY_ID 32
#endif

/* Macro to obtain size of struct member */
#define MEMBER_SIZE(type, member) sizeof(((type *)0)->member)

#define KEYSTORE_PSA_KEY_LIFETIME_VOLATILE ((KeyStore_PSA_KeyLifetime)PSA_KEY_LIFETIME_VOLATILE)

#define KEYSTORE_PSA_KEY_LIFETIME_PERSISTENT ((KeyStore_PSA_KeyLifetime)PSA_KEY_LIFETIME_PERSISTENT)

#define KEYSTORE_PSA_KEY_ID_NULL ((KeyStore_PSA_KeyFileId)0x0)

#define KEYSTORE_PSA_KEY_ID_USER_MIN ((KeyStore_PSA_KeyFileId)PSA_KEY_ID_USER_MIN)

#define KEYSTORE_PSA_KEY_ID_PERSISTENT_USER_MIN 0x41

#define KEYSTORE_PSA_KEY_ID_WITH_CERTIFICATE_USER_MAX 0x1fffffff

#define KEYSTORE_PSA_KEY_ID_CERTIFICATE_BIT (1 << 29)

#define KEYSTORE_PSA_KEY_ID_VENDOR_MIN ((KeyStore_PSA_KeyFileId)PSA_KEY_ID_VENDOR_MIN)

#define KEYSTORE_PSA_KEY_ID_VENDOR_MAX ((KeyStore_PSA_KeyFileId)PSA_KEY_ID_VENDOR_MAX)

#define KEYSTORE_PSA_DEFAULT_OWNER -1

#define KEYSTORE_PSA_KEY_USAGE_EXPORT ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_EXPORT)

#define KEYSTORE_PSA_KEY_USAGE_COPY ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_COPY)

#define KEYSTORE_PSA_KEY_USAGE_ENCRYPT ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_ENCRYPT)

#define KEYSTORE_PSA_KEY_USAGE_DECRYPT ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_DECRYPT)

#define KEYSTORE_PSA_KEY_USAGE_SIGN_HASH ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_SIGN_HASH)

#define KEYSTORE_PSA_KEY_USAGE_VERIFY_HASH ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_VERIFY_HASH)

#define KEYSTORE_PSA_KEY_USAGE_DERIVE ((KeyStore_PSA_KeyUsage)PSA_KEY_USAGE_DERIVE)

#if (TFM_ENABLED == 0) || defined(TFM_PSA_API) /* TFM_PSA_API indicates this is a TF-M build */

    #if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
/* Building for the PSA Crypto service on a PSA platform. */
/* A key owner is a PSA partition identifier. */
typedef psa_key_owner_id_t KeyStore_PSA_key_owner_id_t;
    #endif /* defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) */

typedef psa_key_file_id_t KeyStore_PSA_KeyFileId;

typedef psa_key_attributes_t KeyStore_PSA_KeyAttributes;

    #define KEYSTORE_PSA_KEY_ATTRIBUTES_INIT PSA_KEY_ATTRIBUTES_INIT

    #if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
        #define GET_KEY_ID(keyID, ID) \
            keyID.key_id = ID;        \
            keyID.owner  = KEYSTORE_PSA_DEFAULT_OWNER;

        #define SET_KEY_ID(ID, keyID) ID = keyID.key_id
    #else
        #define GET_KEY_ID(keyID, ID) keyID = ID

        #define SET_KEY_ID(ID, keyID) ID = keyID
    #endif /* defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) */

#else

typedef psa_key_id_t KeyStore_PSA_KeyFileId;

    #define GET_KEY_ID(keyID, ID) keyID = ID
    #define SET_KEY_ID(ID, keyID) ID = keyID

/* This is the client view of the `key_attributes` structure. Only
 * fields which need to be set by the PSA crypto client are present.
 * The PSA crypto service will maintain a different version of the
 * data structure internally. */
typedef struct psa_client_key_attributes_s KeyStore_PSA_KeyAttributes;

    #define KEYSTORE_PSA_KEY_ATTRIBUTES_INIT PSA_CLIENT_KEY_ATTRIBUTES_INIT
#endif /* #if (TFM_ENABLED == 0) || defined(TFM_PSA_API) */

#define KEYSTORE_PSA_PREPROVISIONED_AREA_ADDR 0x0000

#define KEYSTORE_PSA_PREPROVISIONED_AREA_SIZE (0x700) /* 1792 B */

#define KEYSTORE_PSA_PRE_PROVISIONED_KEY_EXPORT_FLAG        0xAAAA
#define KEYSTORE_PSA_PRE_PROVISIONED_KEY_EXPORT_FLAG_LENGTH (sizeof(KEYSTORE_PSA_PRE_PROVISIONED_KEY_EXPORT_FLAG))
#define KEYSTORE_PSA_PRE_PROVISIONED_KEY_NO_EXPORT_FLAG     0xA5A5

#define KEYSTORE_PSA_PREPROVISIONED_KEYS_EMPTY 0xFFFF

#define KEYSTORE_PSA_PRE_PROVISIONED_KEY_MAGIC_HEADER        "HUK\0KEY"
#define KEYSTORE_PSA_PRE_PROVISIONED_KEYS_END                0
#define KEYSTORE_PSA_PRE_PROVISIONED_KEY_MAGIC_HEADER_LENGTH (sizeof(KEYSTORE_PSA_PRE_PROVISIONED_KEY_MAGIC_HEADER))
#define KEYSTORE_PSA_PRE_PROVISIONED_KEYS_END_LENGTH         (sizeof(KEYSTORE_PSA_PRE_PROVISIONED_KEYS_END))
#define KEYSTORE_PSA_MAX_PREPROVISIONED_KEYS                 0x10

#define KEYSTORE_PSA_PRE_PROVISIONED_KEY_VALID_LIFETIME   0xAAAA
#define KEYSTORE_PSA_PRE_PROVISIONED_KEY_INVALID_LIFETIME 0x8888

#define KEYSTORE_PSA_PRE_PROVISIONED_KEY_ID_MAX 0x40
#define KEYSTORE_PSA_PRE_PROVISIONED_KEY_ID_MIN 0x21
#define KEYSTORE_PSA_PRE_PROVISIONED_CERTIFICATE_ID_MAX \
    (KEYSTORE_PSA_PRE_PROVISIONED_KEY_ID_MAX | KEYSTORE_PSA_KEY_ID_CERTIFICATE_BIT)
#define KEYSTORE_PSA_PRE_PROVISIONED_CERTIFICATE_ID_MIN \
    (KEYSTORE_PSA_PRE_PROVISIONED_KEY_ID_MIN | KEYSTORE_PSA_KEY_ID_CERTIFICATE_BIT)

#define KEYSTORE_PSA_PRE_PROVISIONED_ATTESTATION_PUB_KEY_ID 0x40
#define KEYSTORE_PSA_PRE_PROVISIONED_ATTESTATION_PRI_KEY_ID 0X3F
#define KEYSTORE_PSA_PRE_PROVISIONED_ATTESTATION_CERTIFICATE_ID \
    (KEYSTORE_PSA_PRE_PROVISIONED_ATTESTATION_PUB_KEY_ID | KEYSTORE_PSA_KEY_ID_CERTIFICATE_BIT)

typedef struct
{
    uint8_t header[KEYSTORE_PSA_PRE_PROVISIONED_KEY_MAGIC_HEADER_LENGTH];
    uint32_t lifetime;
    KeyStore_PSA_KeyFileId id;
    uint32_t export;
    KeyStore_PSA_Algorithm alg;
    KeyStore_PSA_KeyUsage usage;
    uint32_t keyLength;
} KeyStore_PreProvisionedKeyMetaData;

#define KEYSTORE_PRE_PROVISIONED_KEY_METADATA_SIZE sizeof(KeyStore_PreProvisionedKeyMetaData)

typedef struct
{
    KeyStore_PreProvisionedKeyMetaData meta;
    uint8_t *keyMaterial;
    uint32_t fletcher;
} KeyStore_preProvisionedKeyStorageFormat;

#define KEYSTORE_PSA_PREPROVISIONED_KEY_FORMAT_INIT                                                                 \
    {                                                                                                               \
        KEYSTORE_PSA_PRE_PROVISIONED_KEY_MAGIC_HEADER, 0, KEYSTORE_PSA_PRE_PROVISIONED_KEY_EXPORT_FLAG, 0, 0, 0, 0, \
            KEYSTORE_PSA_PRE_PROVISIONED_KEYS_END, 0                                                                \
    }

typedef struct
{
    uint8_t *addr;
    KeyStore_PSA_KeyFileId id;
    KeyStore_PSA_Algorithm alg;
    KeyStore_PSA_KeyUsage usage;
    uint32_t export;
    uint32_t keyLength;
} KeyStore_PSA_preProvisionedKeyIDs;

void KeyStore_PSA_setKeyId(KeyStore_PSA_KeyAttributes *attributes, KeyStore_PSA_KeyFileId key);

void KeyStore_PSA_setKeyLifetime(KeyStore_PSA_KeyAttributes *attributes, KeyStore_PSA_KeyLifetime lifetime);

KeyStore_PSA_KeyFileId KeyStore_PSA_getKeyId(KeyStore_PSA_KeyAttributes *attributes);

KeyStore_PSA_KeyLifetime KeyStore_PSA_getKeyLifetime(KeyStore_PSA_KeyAttributes *attributes);

void KeyStore_PSA_setKeyUsageFlags(KeyStore_PSA_KeyAttributes *attributes, KeyStore_PSA_KeyUsage usage_flags);

KeyStore_PSA_KeyUsage KeyStore_PSA_getKeyUsageFlags(KeyStore_PSA_KeyAttributes *attributes);

void KeyStore_PSA_setKeyAlgorithm(KeyStore_PSA_KeyAttributes *attributes, KeyStore_PSA_Algorithm alg);

KeyStore_PSA_Algorithm KeyStore_PSA_getKeyAlgorithm(KeyStore_PSA_KeyAttributes *attributes);

void KeyStore_PSA_setKeyType(KeyStore_PSA_KeyAttributes *attributes, KeyStore_PSA_KeyType type);

void KeyStore_PSA_setKeyBits(KeyStore_PSA_KeyAttributes *attributes, size_t bits);

KeyStore_PSA_KeyType KeyStore_PSA_getKeyType(KeyStore_PSA_KeyAttributes *attributes);

size_t KeyStore_PSA_getKeyBits(KeyStore_PSA_KeyAttributes *attributes);

void KeyStore_PSA_resetKeyAttributes(KeyStore_PSA_KeyAttributes *attributes);

int_fast16_t KeyStore_PSA_exportCertificate(KeyStore_PSA_KeyFileId key,
                                            uint8_t *data,
                                            size_t dataSize,
                                            size_t *dataLength);

int_fast16_t KeyStore_PSA_exportPublicKey(KeyStore_PSA_KeyFileId key,
                                          uint8_t *data,
                                          size_t dataSize,
                                          size_t *dataLength);

int_fast16_t KeyStore_PSA_exportKey(KeyStore_PSA_KeyFileId key, uint8_t *data, size_t dataSize, size_t *dataLength);

int_fast16_t KeyStore_PSA_importCertificate(KeyStore_PSA_KeyAttributes *attributes,
                                            KeyStore_PSA_KeyFileId *key,
                                            uint8_t *data,
                                            size_t dataLength);

int_fast16_t KeyStore_PSA_importKey(KeyStore_PSA_KeyAttributes *attributes,
                                    uint8_t *data,
                                    size_t dataLength,
                                    KeyStore_PSA_KeyFileId *key);

int_fast16_t KeyStore_PSA_getKeyAttributes(KeyStore_PSA_KeyFileId key, KeyStore_PSA_KeyAttributes *attributes);

int_fast16_t KeyStore_PSA_purgeKey(KeyStore_PSA_KeyFileId key);

int_fast16_t KeyStore_PSA_destroyCertificate(KeyStore_PSA_KeyFileId key);

int_fast16_t KeyStore_PSA_destroyKey(KeyStore_PSA_KeyFileId key);

#ifdef __cplusplus
}
#endif

#endif /* ti_drivers_KeyStore_PSA__include */