Secure Element Asymmetric Cryptography#

Since the amount of data that can (or should) be encrypted or signed using asymmetric keys is limited by the key size, asymmetric key operations using keys in a secure element must be done in single function calls.

Modules#

psa_drv_se_asymmetric_t

Typedefs#

typedef psa_status_t(*
psa_drv_se_asymmetric_sign_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, size_t hash_length, uint8_t *p_signature, size_t signature_size, size_t *p_signature_length)

A function that signs a hash or short message with a private key in a secure element.

typedef psa_status_t(*
psa_drv_se_asymmetric_verify_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, size_t hash_length, const uint8_t *p_signature, size_t signature_length)

A function that verifies the signature a hash or short message using an asymmetric public key in a secure element.

typedef psa_status_t(*
psa_drv_se_asymmetric_encrypt_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length)

A function that encrypts a short message with an asymmetric public key in a secure element.

typedef psa_status_t(*
psa_drv_se_asymmetric_decrypt_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length)

A function that decrypts a short message with an asymmetric private key in a secure element.

Typedef Documentation#

psa_drv_se_asymmetric_sign_t#

typedef psa_status_t(* psa_drv_se_asymmetric_sign_t) (psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, size_t hash_length, uint8_t *p_signature, size_t signature_size, size_t *p_signature_length) )(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, size_t hash_length, uint8_t *p_signature, size_t signature_size, size_t *p_signature_length)

A function that signs a hash or short message with a private key in a secure element.

Parameters
[inout]drv_context

The driver context structure.

[in]key_slot

Key slot of an asymmetric key pair

[in]alg

A signature algorithm that is compatible with the type of key

[in]p_hash

The hash to sign

[in]hash_length

Size of the p_hash buffer in bytes

[out]p_signature

Buffer where the signature is to be written

[in]signature_size

Size of the p_signature buffer in bytes

[out]p_signature_length

On success, the number of bytes that make up the returned signature value


Definition at line 559 of file util/third_party/mbedtls/include/psa/crypto_se_driver.h

psa_drv_se_asymmetric_verify_t#

typedef psa_status_t(* psa_drv_se_asymmetric_verify_t) (psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, size_t hash_length, const uint8_t *p_signature, size_t signature_length) )(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, size_t hash_length, const uint8_t *p_signature, size_t signature_length)

A function that verifies the signature a hash or short message using an asymmetric public key in a secure element.

Parameters
[inout]drv_context

The driver context structure.

[in]key_slot

Key slot of a public key or an asymmetric key pair

[in]alg

A signature algorithm that is compatible with the type of key

[in]p_hash

The hash whose signature is to be verified

[in]hash_length

Size of the p_hash buffer in bytes

[in]p_signature

Buffer containing the signature to verify

[in]signature_length

Size of the p_signature buffer in bytes


Definition at line 585 of file util/third_party/mbedtls/include/psa/crypto_se_driver.h

psa_drv_se_asymmetric_encrypt_t#

typedef psa_status_t(* psa_drv_se_asymmetric_encrypt_t) (psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length) )(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length)

A function that encrypts a short message with an asymmetric public key in a secure element.

Parameters
[inout]drv_context

The driver context structure.

[in]key_slot

Key slot of a public key or an asymmetric key pair

[in]alg

An asymmetric encryption algorithm that is compatible with the type of key

[in]p_input

The message to encrypt

[in]input_length

Size of the p_input buffer in bytes

[in]p_salt

A salt or label, if supported by the encryption algorithm If the algorithm does not support a salt, pass NULL. If the algorithm supports an optional salt and you do not want to pass a salt, pass NULL. For PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is supported.

[in]salt_length

Size of the p_salt buffer in bytes If p_salt is NULL, pass 0.

[out]p_output

Buffer where the encrypted message is to be written

[in]output_size

Size of the p_output buffer in bytes

[out]p_output_length

On success, the number of bytes that make up the returned output


Definition at line 623 of file util/third_party/mbedtls/include/psa/crypto_se_driver.h

psa_drv_se_asymmetric_decrypt_t#

typedef psa_status_t(* psa_drv_se_asymmetric_decrypt_t) (psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length) )(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length)

A function that decrypts a short message with an asymmetric private key in a secure element.

Parameters
[inout]drv_context

The driver context structure.

[in]key_slot

Key slot of an asymmetric key pair

[in]alg

An asymmetric encryption algorithm that is compatible with the type of key

[in]p_input

The message to decrypt

[in]input_length

Size of the p_input buffer in bytes

[in]p_salt

A salt or label, if supported by the encryption algorithm If the algorithm does not support a salt, pass NULL. If the algorithm supports an optional salt and you do not want to pass a salt, pass NULL. For PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is supported.

[in]salt_length

Size of the p_salt buffer in bytes If p_salt is NULL, pass 0.

[out]p_output

Buffer where the decrypted message is to be written

[in]output_size

Size of the p_output buffer in bytes

[out]p_output_length

On success, the number of bytes that make up the returned output


Definition at line 663 of file util/third_party/mbedtls/include/psa/crypto_se_driver.h