Secure Element Asymmetric Cryptography
Detailed Description
Since the amount of data that can (or should) be encrypted or signed using asymmetric keys is limited by the key size, asymmetric key operations using keys in a secure element must be done in single function calls.
Data Structures | |
struct | psa_drv_se_asymmetric_t |
A struct containing all of the function pointers needed to implement asymmetric cryptographic operations using secure elements. | |
Typedefs | |
typedef psa_status_t(* | psa_drv_se_asymmetric_sign_t) (psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, size_t hash_length, uint8_t *p_signature, size_t signature_size, size_t *p_signature_length) |
A function that signs a hash or short message with a private key in a secure element. | |
typedef psa_status_t(* | psa_drv_se_asymmetric_verify_t) (psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, size_t hash_length, const uint8_t *p_signature, size_t signature_length) |
A function that verifies the signature a hash or short message using an asymmetric public key in a secure element. | |
typedef psa_status_t(* | psa_drv_se_asymmetric_encrypt_t) (psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length) |
A function that encrypts a short message with an asymmetric public key in a secure element. | |
typedef psa_status_t(* | psa_drv_se_asymmetric_decrypt_t) (psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length) |
A function that decrypts a short message with an asymmetric private key in a secure element. | |
Typedef Documentation
typedef psa_status_t(* psa_drv_se_asymmetric_decrypt_t) (psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length) |
A function that decrypts a short message with an asymmetric private key in a secure element.
- Parameters
-
[in,out] drv_context
The driver context structure. [in] key_slot
Key slot of an asymmetric key pair [in] alg
An asymmetric encryption algorithm that is compatible with the type of key
[in] p_input
The message to decrypt [in] input_length
Size of the p_input
buffer in bytes[in] p_salt
A salt or label, if supported by the encryption algorithm If the algorithm does not support a salt, pass NULL
. If the algorithm supports an optional salt and you do not want to pass a salt, passNULL
. For PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is supported.[in] salt_length
Size of the p_salt
buffer in bytes Ifp_salt
isNULL
, pass 0.[out] p_output
Buffer where the decrypted message is to be written [in] output_size
Size of the p_output
buffer in bytes[out] p_output_length
On success, the number of bytes that make up the returned output
- Return values
-
PSA_SUCCESS
Definition at line 662
of file crypto_se_driver.h
.
typedef psa_status_t(* psa_drv_se_asymmetric_encrypt_t) (psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_input, size_t input_length, const uint8_t *p_salt, size_t salt_length, uint8_t *p_output, size_t output_size, size_t *p_output_length) |
A function that encrypts a short message with an asymmetric public key in a secure element.
- Parameters
-
[in,out] drv_context
The driver context structure. [in] key_slot
Key slot of a public key or an asymmetric key pair [in] alg
An asymmetric encryption algorithm that is compatible with the type of key
[in] p_input
The message to encrypt [in] input_length
Size of the p_input
buffer in bytes[in] p_salt
A salt or label, if supported by the encryption algorithm If the algorithm does not support a salt, pass NULL
. If the algorithm supports an optional salt and you do not want to pass a salt, passNULL
. For PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is supported.[in] salt_length
Size of the p_salt
buffer in bytes Ifp_salt
isNULL
, pass 0.[out] p_output
Buffer where the encrypted message is to be written [in] output_size
Size of the p_output
buffer in bytes[out] p_output_length
On success, the number of bytes that make up the returned output
- Return values
-
PSA_SUCCESS
Definition at line 622
of file crypto_se_driver.h
.
typedef psa_status_t(* psa_drv_se_asymmetric_sign_t) (psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, size_t hash_length, uint8_t *p_signature, size_t signature_size, size_t *p_signature_length) |
A function that signs a hash or short message with a private key in a secure element.
- Parameters
-
[in,out] drv_context
The driver context structure. [in] key_slot
Key slot of an asymmetric key pair [in] alg
A signature algorithm that is compatible with the type of key
[in] p_hash
The hash to sign [in] hash_length
Size of the p_hash
buffer in bytes[out] p_signature
Buffer where the signature is to be written [in] signature_size
Size of the p_signature
buffer in bytes[out] p_signature_length
On success, the number of bytes that make up the returned signature value
- Return values
-
PSA_SUCCESS
Definition at line 558
of file crypto_se_driver.h
.
typedef psa_status_t(* psa_drv_se_asymmetric_verify_t) (psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, size_t hash_length, const uint8_t *p_signature, size_t signature_length) |
A function that verifies the signature a hash or short message using an asymmetric public key in a secure element.
- Parameters
-
[in,out] drv_context
The driver context structure. [in] key_slot
Key slot of a public key or an asymmetric key pair [in] alg
A signature algorithm that is compatible with the type of key
[in] p_hash
The hash whose signature is to be verified [in] hash_length
Size of the p_hash
buffer in bytes[in] p_signature
Buffer containing the signature to verify [in] signature_length
Size of the p_signature
buffer in bytes
- Return values
-
PSA_SUCCESS
The signature is valid.
Definition at line 584
of file crypto_se_driver.h
.