Since the amount of data that can (or should) be encrypted or signed using asymmetric keys is limited by the key size, asymmetric key operations using keys in a secure element must be done in single function calls.
|
|
|
struct
|
psa_drv_se_asymmetric_t
|
|
|
A struct containing all of the function pointers needed to implement asymmetric cryptographic operations using secure elements.
|
|
|
|
|
|
typedef
psa_status_t
(*
|
psa_drv_se_asymmetric_sign_t
) (
psa_drv_se_context_t
*drv_context,
psa_key_slot_number_t
key_slot,
psa_algorithm_t
alg, const uint8_t *p_hash, size_t hash_length, uint8_t *p_signature, size_t signature_size, size_t *p_signature_length)
|
|
|
A function that signs a hash or short message with a private key in a secure element.
|
|
|
|
typedef
psa_status_t
(*
|
psa_drv_se_asymmetric_verify_t
) (
psa_drv_se_context_t
*drv_context,
psa_key_slot_number_t
key_slot,
psa_algorithm_t
alg, const uint8_t *p_hash, size_t hash_length, const uint8_t *p_signature, size_t signature_length)
|
|
|
A function that verifies the signature a hash or short message using an asymmetric public key in a secure element.
|
|
|
|
typedef
psa_status_t
(*
|
psa_drv_se_asymmetric_encrypt_t
) (
psa_drv_se_context_t
*drv_context,
psa_key_slot_number_t
key_slot,
psa_algorithm_t
alg, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length)
|
|
|
A function that encrypts a short message with an asymmetric public key in a secure element.
|
|
|
|
typedef
psa_status_t
(*
|
psa_drv_se_asymmetric_decrypt_t
) (
psa_drv_se_context_t
*drv_context,
psa_key_slot_number_t
key_slot,
psa_algorithm_t
alg, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length)
|
|
|
A function that decrypts a short message with an asymmetric private key in a secure element.
|
|
|
◆
psa_drv_se_asymmetric_sign_t
A function that signs a hash or short message with a private key in a secure element.
-
Parameters
-
|
[in,out]
|
drv_context
|
The driver context structure.
|
|
[in]
|
key_slot
|
Key slot of an asymmetric key pair
|
|
[in]
|
alg
|
A signature algorithm that is compatible with the type of
key
|
|
[in]
|
p_hash
|
The hash to sign
|
|
[in]
|
hash_length
|
Size of the
p_hash
buffer in bytes
|
|
[out]
|
p_signature
|
Buffer where the signature is to be written
|
|
[in]
|
signature_size
|
Size of the
p_signature
buffer in bytes
|
|
[out]
|
p_signature_length
|
On success, the number of bytes that make up the returned signature value
|
-
Return values
-
◆
psa_drv_se_asymmetric_verify_t
A function that verifies the signature a hash or short message using an asymmetric public key in a secure element.
-
Parameters
-
|
[in,out]
|
drv_context
|
The driver context structure.
|
|
[in]
|
key_slot
|
Key slot of a public key or an asymmetric key pair
|
|
[in]
|
alg
|
A signature algorithm that is compatible with the type of
key
|
|
[in]
|
p_hash
|
The hash whose signature is to be verified
|
|
[in]
|
hash_length
|
Size of the
p_hash
buffer in bytes
|
|
[in]
|
p_signature
|
Buffer containing the signature to verify
|
|
[in]
|
signature_length
|
Size of the
p_signature
buffer in bytes
|
-
Return values
-
PSA_SUCCESS
|
The signature is valid.
|
◆
psa_drv_se_asymmetric_encrypt_t
A function that encrypts a short message with an asymmetric public key in a secure element.
-
Parameters
-
|
[in,out]
|
drv_context
|
The driver context structure.
|
|
[in]
|
key_slot
|
Key slot of a public key or an asymmetric key pair
|
|
[in]
|
alg
|
An asymmetric encryption algorithm that is compatible with the type of
key
|
|
[in]
|
p_input
|
The message to encrypt
|
|
[in]
|
input_length
|
Size of the
p_input
buffer in bytes
|
|
[in]
|
p_salt
|
A salt or label, if supported by the encryption algorithm If the algorithm does not support a salt, pass
NULL
. If the algorithm supports an optional salt and you do not want to pass a salt, pass
NULL
. For
PSA_ALG_RSA_PKCS1V15_CRYPT
, no salt is supported.
|
|
[in]
|
salt_length
|
Size of the
p_salt
buffer in bytes If
p_salt
is
NULL
, pass 0.
|
|
[out]
|
p_output
|
Buffer where the encrypted message is to be written
|
|
[in]
|
output_size
|
Size of the
p_output
buffer in bytes
|
|
[out]
|
p_output_length
|
On success, the number of bytes that make up the returned output
|
-
Return values
-
◆
psa_drv_se_asymmetric_decrypt_t
A function that decrypts a short message with an asymmetric private key in a secure element.
-
Parameters
-
|
[in,out]
|
drv_context
|
The driver context structure.
|
|
[in]
|
key_slot
|
Key slot of an asymmetric key pair
|
|
[in]
|
alg
|
An asymmetric encryption algorithm that is compatible with the type of
key
|
|
[in]
|
p_input
|
The message to decrypt
|
|
[in]
|
input_length
|
Size of the
p_input
buffer in bytes
|
|
[in]
|
p_salt
|
A salt or label, if supported by the encryption algorithm If the algorithm does not support a salt, pass
NULL
. If the algorithm supports an optional salt and you do not want to pass a salt, pass
NULL
. For
PSA_ALG_RSA_PKCS1V15_CRYPT
, no salt is supported.
|
|
[in]
|
salt_length
|
Size of the
p_salt
buffer in bytes If
p_salt
is
NULL
, pass 0.
|
|
[out]
|
p_output
|
Buffer where the decrypted message is to be written
|
|
[in]
|
output_size
|
Size of the
p_output
buffer in bytes
|
|
[out]
|
p_output_length
|
On success, the number of bytes that make up the returned output
|
-
Return values
-