Secure Element Asymmetric Cryptography

Description

Since the amount of data that can (or should) be encrypted or signed using asymmetric keys is limited by the key size, asymmetric key operations using keys in a secure element must be done in single function calls.

Data Structures

struct  psa_drv_se_asymmetric_t
 A struct containing all of the function pointers needed to implement asymmetric cryptographic operations using secure elements.
 

Typedefs

typedef psa_status_t(* psa_drv_se_asymmetric_sign_t) (psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, size_t hash_length, uint8_t *p_signature, size_t signature_size, size_t *p_signature_length)
 A function that signs a hash or short message with a private key in a secure element.
 
typedef psa_status_t(* psa_drv_se_asymmetric_verify_t) (psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, size_t hash_length, const uint8_t *p_signature, size_t signature_length)
 A function that verifies the signature a hash or short message using an asymmetric public key in a secure element.
 
typedef psa_status_t(* psa_drv_se_asymmetric_encrypt_t) (psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length)
 A function that encrypts a short message with an asymmetric public key in a secure element.
 
typedef psa_status_t(* psa_drv_se_asymmetric_decrypt_t) (psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length)
 A function that decrypts a short message with an asymmetric private key in a secure element.
 

Typedef Documentation

◆ psa_drv_se_asymmetric_sign_t

typedef psa_status_t(* psa_drv_se_asymmetric_sign_t) (psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, size_t hash_length, uint8_t *p_signature, size_t signature_size, size_t *p_signature_length)

A function that signs a hash or short message with a private key in a secure element.

Parameters
[in,out]drv_contextThe driver context structure.
[in]key_slotKey slot of an asymmetric key pair
[in]algA signature algorithm that is compatible with the type of key
[in]p_hashThe hash to sign
[in]hash_lengthSize of the p_hash buffer in bytes
[out]p_signatureBuffer where the signature is to be written
[in]signature_sizeSize of the p_signature buffer in bytes
[out]p_signature_lengthOn success, the number of bytes that make up the returned signature value
Return values
PSA_SUCCESS

◆ psa_drv_se_asymmetric_verify_t

typedef psa_status_t(* psa_drv_se_asymmetric_verify_t) (psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, size_t hash_length, const uint8_t *p_signature, size_t signature_length)

A function that verifies the signature a hash or short message using an asymmetric public key in a secure element.

Parameters
[in,out]drv_contextThe driver context structure.
[in]key_slotKey slot of a public key or an asymmetric key pair
[in]algA signature algorithm that is compatible with the type of key
[in]p_hashThe hash whose signature is to be verified
[in]hash_lengthSize of the p_hash buffer in bytes
[in]p_signatureBuffer containing the signature to verify
[in]signature_lengthSize of the p_signature buffer in bytes
Return values
PSA_SUCCESSThe signature is valid.

◆ psa_drv_se_asymmetric_encrypt_t

typedef psa_status_t(* psa_drv_se_asymmetric_encrypt_t) (psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length)

A function that encrypts a short message with an asymmetric public key in a secure element.

Parameters
[in,out]drv_contextThe driver context structure.
[in]key_slotKey slot of a public key or an asymmetric key pair
[in]algAn asymmetric encryption algorithm that is compatible with the type of key
[in]p_inputThe message to encrypt
[in]input_lengthSize of the p_input buffer in bytes
[in]p_saltA salt or label, if supported by the encryption algorithm If the algorithm does not support a salt, pass NULL. If the algorithm supports an optional salt and you do not want to pass a salt, pass NULL. For PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is supported.
[in]salt_lengthSize of the p_salt buffer in bytes If p_salt is NULL, pass 0.
[out]p_outputBuffer where the encrypted message is to be written
[in]output_sizeSize of the p_output buffer in bytes
[out]p_output_lengthOn success, the number of bytes that make up the returned output
Return values
PSA_SUCCESS

◆ psa_drv_se_asymmetric_decrypt_t

typedef psa_status_t(* psa_drv_se_asymmetric_decrypt_t) (psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length)

A function that decrypts a short message with an asymmetric private key in a secure element.

Parameters
[in,out]drv_contextThe driver context structure.
[in]key_slotKey slot of an asymmetric key pair
[in]algAn asymmetric encryption algorithm that is compatible with the type of key
[in]p_inputThe message to decrypt
[in]input_lengthSize of the p_input buffer in bytes
[in]p_saltA salt or label, if supported by the encryption algorithm If the algorithm does not support a salt, pass NULL. If the algorithm supports an optional salt and you do not want to pass a salt, pass NULL. For PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is supported.
[in]salt_lengthSize of the p_salt buffer in bytes If p_salt is NULL, pass 0.
[out]p_outputBuffer where the decrypted message is to be written
[in]output_sizeSize of the p_output buffer in bytes
[out]p_output_lengthOn success, the number of bytes that make up the returned output
Return values
PSA_SUCCESS