Hardware-Accelerated Asymmetric Cryptography

Detailed Description

Since the amount of data that can (or should) be encrypted or signed using asymmetric keys is limited by the key size, hardware-accelerated asymmetric key operations must be done in single function calls.

Typedefs

typedef psa_status_t(* psa_drv_accel_asymmetric_sign_t) (const uint8_t *p_key, size_t key_size, psa_algorithm_t alg, psa_key_type_t key_type, const uint8_t *p_hash, size_t hash_length, uint8_t *p_signature, size_t signature_size, size_t *p_signature_length)
 The function prototype for the hardware-accelerated asymmetric sign operation.
 
typedef psa_status_t(* psa_drv_accel_asymmetric_verify_t) (const uint8_t *p_key, size_t key_size, psa_algorithm_t alg, psa_key_type_t key_type, const uint8_t *p_hash, size_t hash_length, const uint8_t *p_signature, size_t signature_length)
 The function prototype for the hardware-accelerated signature verify operation.
 
typedef psa_status_t(* psa_drv_accel_asymmetric_encrypt_t) (const uint8_t *p_key, size_t key_size, psa_algorithm_t alg, psa_key_type_t key_type, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length)
 The function prototype for the hardware-accelerated asymmetric encrypt operation.
 
typedef psa_status_t(* psa_drv_accel_asymmetric_decrypt_t) (const uint8_t *p_key, size_t key_size, psa_algorithm_t alg, psa_key_type_t key_type, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length)
 The function prototype for the hardware=acce;erated asymmetric decrypt operation.
 

Typedef Documentation

typedef psa_status_t(* psa_drv_accel_asymmetric_decrypt_t) (const uint8_t *p_key, size_t key_size, psa_algorithm_t alg, psa_key_type_t key_type, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length)

The function prototype for the hardware=acce;erated asymmetric decrypt operation.

Functions that implement this prototype should be named in the following convention:

  • ~~~~~~~~~~~~~{.c} psa_drv_accel_asymmetric_<ALGO>_decrypt
  • ~~~~~~~~~~~~~ Where ALGO is the name of the encryption algorithm

    This function supports any asymmetric-key output from psa_export_key() as the buffer in p_key. Refer to the documentation of psa_export_key() for the formats.

    Parameters
    [in]p_keyA buffer containing the private key material
    [in]key_sizeThe size in bytes of the p_key data
    [in]algAn asymmetric encryption algorithm that is compatible with the type of key
    [in]p_inputThe message to decrypt
    [in]input_lengthSize of the p_input buffer in bytes
    [in]p_saltA salt or label, if supported by the encryption algorithm If the algorithm does not support a salt, pass NULL. If the algorithm supports an optional salt and you do not want to pass a salt, pass NULL. For PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is supported
    [in]salt_lengthSize of the p_salt buffer in bytes If p_salt is NULL, pass 0
    [out]p_outputBuffer where the decrypted message is to be written
    [in]output_sizeSize of the p_output buffer in bytes
    [out]p_output_lengthOn success, the number of bytes that make up the returned output
    Return values
    PSA_SUCCESS

Definition at line 805 of file crypto_accel_driver.h.

typedef psa_status_t(* psa_drv_accel_asymmetric_encrypt_t) (const uint8_t *p_key, size_t key_size, psa_algorithm_t alg, psa_key_type_t key_type, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length)

The function prototype for the hardware-accelerated asymmetric encrypt operation.

Functions that implement this prototype should be named in the following convention:

  • ~~~~~~~~~~~~~{.c} psa_drv_accel_asymmetric_<ALGO>_encrypt
  • ~~~~~~~~~~~~~ Where ALGO is the name of the encryption algorithm

    This function supports any output from psa_export_public_key() as the buffer in p_key. Refer to the documentation of psa_export_public_key() for the format of public keys and to the documentation of psa_export_key() for the format for other key types.

    Parameters
    [in]p_keyA buffer containing the public key material
    [in]key_sizeThe size in bytes of the p_key data
    [in]algAn asymmetric encryption algorithm that is compatible with the type of key
    [in]p_inputThe message to encrypt
    [in]input_lengthSize of the p_input buffer in bytes
    [in]p_saltA salt or label, if supported by the encryption algorithm If the algorithm does not support a salt, pass NULL If the algorithm supports an optional salt and you do not want to pass a salt, pass NULL. For PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is supported.
    [in]salt_lengthSize of the p_salt buffer in bytes If p_salt is NULL, pass 0.
    [out]p_outputBuffer where the encrypted message is to be written
    [in]output_sizeSize of the p_output buffer in bytes
    [out]p_output_lengthOn success, the number of bytes that make up the returned output
    Return values
    PSA_SUCCESS

Definition at line 753 of file crypto_accel_driver.h.

typedef psa_status_t(* psa_drv_accel_asymmetric_sign_t) (const uint8_t *p_key, size_t key_size, psa_algorithm_t alg, psa_key_type_t key_type, const uint8_t *p_hash, size_t hash_length, uint8_t *p_signature, size_t signature_size, size_t *p_signature_length)

The function prototype for the hardware-accelerated asymmetric sign operation.

Functions that implement this prototype should be named in the following convention:

  • ~~~~~~~~~~~~~{.c} psa_drv_accel_asymmetric_<ALGO>_sign
  • ~~~~~~~~~~~~~ Where ALGO is the name of the signing algorithm

    This function supports any asymmetric-key output from psa_export_key() as the buffer in p_key. Refer to the documentation of psa_export_key() for the formats.

    Parameters
    [in]p_keyA buffer containing the private key material
    [in]key_sizeThe size in bytes of the p_key data
    [in]algA signature algorithm that is compatible with the type of p_key
    [in]p_hashThe hash or message to sign
    [in]hash_lengthSize of the p_hash buffer in bytes
    [out]p_signatureBuffer where the signature is to be written
    [in]signature_sizeSize of the p_signature buffer in bytes
    [out]p_signature_lengthOn success, the number of bytes that make up the returned signature value
    Return values
    PSA_SUCCESS

Definition at line 664 of file crypto_accel_driver.h.

typedef psa_status_t(* psa_drv_accel_asymmetric_verify_t) (const uint8_t *p_key, size_t key_size, psa_algorithm_t alg, psa_key_type_t key_type, const uint8_t *p_hash, size_t hash_length, const uint8_t *p_signature, size_t signature_length)

The function prototype for the hardware-accelerated signature verify operation.

Functions that implement this prototype should be named in the following convention:

  • ~~~~~~~~~~~~~{.c} psa_drv_accel_asymmetric_<ALGO>_verify
  • ~~~~~~~~~~~~~ Where ALGO is the name of the signing algorithm

    This function supports any output from psa_export_public_key() as the buffer in p_key. Refer to the documentation of psa_export_public_key() for the format of public keys and to the documentation of psa_export_key() for the format for other key types.

    Parameters
    [in]p_keyA buffer containing the public key material
    [in]key_sizeThe size in bytes of the p_key data
    [in]algA signature algorithm that is compatible with the type of key
    [in]p_hashThe hash or message whose signature is to be verified
    [in]hash_lengthSize of the p_hash buffer in bytes
    [in]p_signatureBuffer containing the signature to verify
    [in]signature_lengthSize of the p_signature buffer in bytes
    Return values
    PSA_SUCCESSThe signature is valid.

Definition at line 703 of file crypto_accel_driver.h.