Asymmetric cryptography#
Functions#
Sign a message with a private key.
Verify the signature of a message with a public key, using a hash-and-sign verification algorithm.
Sign a hash or short message with a private key.
Verify the signature of a hash or short message using a public key.
Encrypt a short message with a public key.
Decrypt a short message with a private key.
Function Documentation#
psa_sign_message#
psa_status_t psa_sign_message (psa_key_id_t key, psa_algorithm_t alg, const uint8_t * input, size_t input_length, uint8_t * signature, size_t signature_size, size_t * signature_length)
Sign a message with a private key.
| [in] | key | Identifier of the key to use for the operation. It must be an asymmetric key pair. The key must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE. |
| [in] | alg | An asymmetric signature algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_SIGN_MESSAGE( |
| [in] | input | The input message to sign. |
| [in] | input_length | Size of the |
| [out] | signature | Buffer where the signature is to be written. |
| [in] | signature_size | Size of the
|
| [out] | signature_length | On success, the number of bytes that make up the returned signature value. |
For hash-and-sign algorithms, this includes the hashing step.
Note
To perform a multi-part hash-and-sign signature algorithm, first use a multi-part hash operation and then pass the resulting hash to psa_sign_hash(). PSA_ALG_GET_HASH(
alg) can be used to determine the hash algorithm to use.
2866 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto.hpsa_verify_message#
psa_status_t psa_verify_message (psa_key_id_t key, psa_algorithm_t alg, const uint8_t * input, size_t input_length, const uint8_t * signature, size_t signature_length)
Verify the signature of a message with a public key, using a hash-and-sign verification algorithm.
| [in] | key | Identifier of the key to use for the operation. It must be a public key or an asymmetric key pair. The key must allow the usage PSA_KEY_USAGE_VERIFY_MESSAGE. |
| [in] | alg | An asymmetric signature algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_SIGN_MESSAGE( |
| [in] | input | The message whose signature is to be verified. |
| [in] | input_length | Size of the |
| [out] | signature | Buffer containing the signature to verify. |
| [in] | signature_length | Size of the |
Note
To perform a multi-part hash-and-sign signature verification algorithm, first use a multi-part hash operation to hash the message and then pass the resulting hash to psa_verify_hash(). PSA_ALG_GET_HASH(
alg) can be used to determine the hash algorithm to use.
2918 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto.hpsa_sign_hash#
psa_status_t psa_sign_hash (psa_key_id_t key, psa_algorithm_t alg, const uint8_t * hash, size_t hash_length, uint8_t * signature, size_t signature_size, size_t * signature_length)
Sign a hash or short message with a private key.
| N/A | key | Identifier of the key to use for the operation. It must be an asymmetric key pair. The key must allow the usage PSA_KEY_USAGE_SIGN_HASH. |
| N/A | alg | A signature algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_SIGN_HASH( |
| [in] | hash | The hash or message to sign. |
| N/A | hash_length | Size of the |
| [out] | signature | Buffer where the signature is to be written. |
| N/A | signature_size | Size of the |
| [out] | signature_length | On success, the number of bytes that make up the returned signature value. |
Note that to perform a hash-and-sign signature algorithm, you must first calculate the hash by calling psa_hash_setup(), psa_hash_update() and psa_hash_finish(), or alternatively by calling psa_hash_compute(). Then pass the resulting hash as the hash parameter to this function. You can use PSA_ALG_SIGN_GET_HASH(alg) to determine the hash algorithm to use.
Note that to perform a hash-and-sign signature algorithm, you must first calculate the hash by calling psa_hash_setup(), psa_hash_update() and psa_hash_finish(), or alternatively by calling psa_hash_compute(). Then pass the resulting hash as the hash parameter to this function. You can use PSA_ALG_SIGN_GET_HASH(alg) to determine the hash algorithm to use.
2969 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto.hpsa_verify_hash#
psa_status_t psa_verify_hash (psa_key_id_t key, psa_algorithm_t alg, const uint8_t * hash, size_t hash_length, const uint8_t * signature, size_t signature_length)
Verify the signature of a hash or short message using a public key.
| N/A | key | Identifier of the key to use for the operation. It must be a public key or an asymmetric key pair. The key must allow the usage PSA_KEY_USAGE_VERIFY_HASH. |
| N/A | alg | A signature algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_SIGN_HASH( |
| [in] | hash | The hash or message whose signature is to be verified. |
| N/A | hash_length | Size of the |
| [in] | signature | Buffer containing the signature to verify. |
| N/A | signature_length | Size of the |
Note that to perform a hash-and-sign signature algorithm, you must first calculate the hash by calling psa_hash_setup(), psa_hash_update() and psa_hash_finish(), or alternatively by calling psa_hash_compute(). Then pass the resulting hash as the hash parameter to this function. You can use PSA_ALG_SIGN_GET_HASH(alg) to determine the hash algorithm to use.
Note that to perform a hash-and-sign signature algorithm, you must first calculate the hash by calling psa_hash_setup(), psa_hash_update() and psa_hash_finish(), or alternatively by calling psa_hash_compute(). Then pass the resulting hash as the hash parameter to this function. You can use PSA_ALG_SIGN_GET_HASH(alg) to determine the hash algorithm to use.
3018 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto.hpsa_asymmetric_encrypt#
psa_status_t psa_asymmetric_encrypt (psa_key_id_t key, psa_algorithm_t alg, const uint8_t * input, size_t input_length, const uint8_t * salt, size_t salt_length, uint8_t * output, size_t output_size, size_t * output_length)
Encrypt a short message with a public key.
| N/A | key | Size of the |
| [out] | alg | Buffer where the encrypted message is to be written. |
| N/A | input | Size of the |
| [out] | input_length | On success, the number of bytes that make up the returned output. |
| [in] | salt | A salt or label, if supported by the encryption algorithm. If the algorithm does not support a salt, pass |
| N/A | salt_length | |
| N/A | output | |
| N/A | output_size | |
| N/A | output_length |
For PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is supported.
For PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is supported.
3076 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto.hpsa_asymmetric_decrypt#
psa_status_t psa_asymmetric_decrypt (psa_key_id_t key, psa_algorithm_t alg, const uint8_t * input, size_t input_length, const uint8_t * salt, size_t salt_length, uint8_t * output, size_t output_size, size_t * output_length)
Decrypt a short message with a private key.
| N/A | key | Size of the |
| [out] | alg | Buffer where the decrypted message is to be written. |
| N/A | input | Size of the |
| [out] | input_length | On success, the number of bytes that make up the returned output. |
| [in] | salt | A salt or label, if supported by the encryption algorithm. If the algorithm does not support a salt, pass |
| N/A | salt_length | |
| N/A | output | |
| N/A | output_size | |
| N/A | output_length |
For PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is supported.
3137 of file util/third_party/trusted-firmware-m/interface/include/psa/crypto.h