Update PSA API specification to 1.0.0
Generated from the PSA Crypto API Dockerfile at tag psa-crypto-api-1.0.0
diff --git a/docs/html/api/ops/sign.html b/docs/html/api/ops/sign.html
new file mode 100644
index 0000000..c8fb817
--- /dev/null
+++ b/docs/html/api/ops/sign.html
@@ -0,0 +1,708 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+ <title>Asymmetric signature — PSA Crypto API 1.0.0 documentation</title>
+ <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../../',
+ VERSION: '1.0.0',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: true,
+ SOURCELINK_SUFFIX: '.txt'
+ };
+ </script>
+ <script type="text/javascript" src="../../_static/jquery.js"></script>
+ <script type="text/javascript" src="../../_static/underscore.js"></script>
+ <script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="index" title="Index" href="../../genindex.html" />
+ <link rel="search" title="Search" href="../../search.html" />
+ <link rel="next" title="Asymmetric encryption" href="pke.html" />
+ <link rel="prev" title="Key derivation" href="kdf.html" />
+
+ <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+
+ <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+ </head>
+ <body>
+
+
+ <div class="document">
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body" role="main">
+
+ <div class="section" id="asymmetric-signature">
+<span id="sign"></span><h1>Asymmetric signature</h1>
+<div class="section" id="asymmetric-signature-algorithms">
+<span id="sign-algorithms"></span><h2>Asymmetric signature algorithms</h2>
+<div class="section" id="PSA_ALG_RSA_PKCS1V15_SIGN">
+<span id="c.PSA_ALG_RSA_PKCS1V15_SIGN"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code> (macro)</h3>
+<p>RSA PKCS#1 v1.5 signature with hashing.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN" title="PSA_ALG_RSA_PKCS1V15_SIGN">PSA_ALG_RSA_PKCS1V15_SIGN</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a usage policy.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The corresponding RSA PKCS#1 v1.5 signature algorithm.</p>
+<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
+<p class="rubric">Description</p>
+<p>This is the signature scheme defined by <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html">RFC 8017</a> (PKCS#1: RSA Cryptography Specifications) under the name RSASSA-PKCS1-v1_5.</p>
+</div>
+<div class="section" id="PSA_ALG_RSA_PKCS1V15_SIGN_RAW">
+<span id="c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code> (macro)</h3>
+<p>Raw PKCS#1 v1.5 signature.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) 0x06000200))
+</pre>
+<p>The input to this algorithm is the DigestInfo structure used by <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#section-9.2">RFC 8017 §9.2</a> (PKCS#1: RSA Cryptography Specifications), in steps 3–6.</p>
+</div>
+<div class="section" id="PSA_ALG_RSA_PSS">
+<span id="c.PSA_ALG_RSA_PSS"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PSS</span></code> (macro)</h3>
+<p>RSA PSS signature with hashing.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS">PSA_ALG_RSA_PSS</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a usage policy.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The corresponding RSA PSS signature algorithm.</p>
+<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
+<p class="rubric">Description</p>
+<p>This is the signature scheme defined by <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html">RFC 8017</a> (PKCS#1: RSA Cryptography Specifications) under the name RSASSA-PSS, with the message generation function MGF1, and with a salt length equal to the length of the hash. The specified hash algorithm is used to hash the input message, to create the salted hash, and for the mask generation.</p>
+</div>
+<div class="section" id="PSA_ALG_ECDSA">
+<span id="c.PSA_ALG_ECDSA"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code> (macro)</h3>
+<p>ECDSA signature with hashing.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA">PSA_ALG_ECDSA</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a usage policy.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The corresponding ECDSA signature algorithm.</p>
+<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
+<p class="rubric">Description</p>
+<p>This is the <em>Elliptic Curve Digital Signature Algorithm (ECDSA)</em> defined by ANSI X9.62-2005, with a random per-message secret number (<em>k</em>).</p>
+<p>The representation of the signature as a byte string consists of the concatenation of the signature values <em>r</em> and <em>s</em>. Each of <em>r</em> and <em>s</em> is encoded as an <em>N</em>-octet string, where <em>N</em> is the length of the base point of the curve in octets. Each value is represented in big-endian order, with the most significant octet first.</p>
+</div>
+<div class="section" id="PSA_ALG_ECDSA_ANY">
+<span id="c.PSA_ALG_ECDSA_ANY"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA_ANY</span></code> (macro)</h3>
+<p>ECDSA signature without hashing.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_ECDSA_ANY" title="PSA_ALG_ECDSA_ANY">PSA_ALG_ECDSA_ANY</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) 0x06000600))
+</pre>
+<p>This is the same signature scheme as <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA()</span></code></a>, but without specifying a hash algorithm. This algorithm is only recommended to sign or verify a sequence of bytes that are an already-calculated hash. Note that the input is padded with zeros on the left or truncated on the left as required to fit the curve size.</p>
+</div>
+<div class="section" id="PSA_ALG_DETERMINISTIC_ECDSA">
+<span id="c.PSA_ALG_DETERMINISTIC_ECDSA"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code> (macro)</h3>
+<p>Deterministic ECDSA signature with hashing.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA">PSA_ALG_DETERMINISTIC_ECDSA</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a usage policy.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The corresponding deterministic ECDSA signature algorithm.</p>
+<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
+<p class="rubric">Description</p>
+<p>This is the deterministic ECDSA signature scheme defined by <a class="reference external" href="https://tools.ietf.org/html/rfc6979.html">RFC 6979</a>.</p>
+<p>The representation of a signature is the same as with <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA()</span></code></a>.</p>
+<p>Note that when this algorithm is used for verification, signatures made with randomized ECDSA (<a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code>) with the same private key are accepted. In other words, <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> differs from <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> only for signature, not for verification.</p>
+</div>
+</div>
+<div class="section" id="asymmetric-signature-functions">
+<h2>Asymmetric signature functions</h2>
+<div class="section" id="psa_sign_message">
+<span id="c.psa_sign_message"></span><h3><code class="docutils literal"><span class="pre">psa_sign_message</span></code> (function)</h3>
+<p>Sign a message with a private key. For hash-and-sign algorithms, this includes the hashing step.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message">psa_sign_message</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+ const uint8_t * input,
+ size_t input_length,
+ uint8_t * signature,
+ size_t signature_size,
+ size_t * signature_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to use for the operation. It must be an asymmetric key pair. The key must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An asymmetric signature algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_MESSAGE" title="PSA_ALG_IS_SIGN_MESSAGE"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true), that is compatible with the type of <code class="docutils literal"><span class="pre">key</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
+<dd>The input message to sign.</dd>
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">signature</span></code></dt>
+<dd>Buffer where the signature is to be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">signature_size</span></code></dt>
+<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">signature</span></code> buffer in bytes.
+This must be appropriate for the selected algorithm and key:</p>
+<ul class="last simple">
+<li>The required signature size is <a class="reference internal" href="#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">key_bits</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">key_bits</span></code> are the type and bit-size respectively of <code class="docutils literal"><span class="pre">key</span></code>.</li>
+<li><a class="reference internal" href="#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code></a> evaluates to the maximum signature size of any supported signature algorithm.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">signature_length</span></code></dt>
+<dd>On success, the number of bytes that make up the returned signature value.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd>The size of the <code class="docutils literal"><span class="pre">signature</span></code> buffer is too small.
+<a class="reference internal" href="#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">To perform a multi-part hash-and-sign signature algorithm, first use a <a class="reference internal" href="hashes.html#hash-mp"><span class="std std-ref">multi-part hash operation</span></a> and then pass the resulting hash to <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a>. <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> can be used to determine the hash algorithm to use.</p>
+</div>
+</div>
+<div class="section" id="psa_verify_message">
+<span id="c.psa_verify_message"></span><h3><code class="docutils literal"><span class="pre">psa_verify_message</span></code> (function)</h3>
+<p>Verify the signature of a message with a public key, using a hash-and-sign verification algorithm.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_verify_message" title="psa_verify_message">psa_verify_message</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+ const uint8_t * input,
+ size_t input_length,
+ const uint8_t * signature,
+ size_t signature_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to use for the operation. It must be a public key or an asymmetric key pair. The key must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An asymmetric signature algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_MESSAGE" title="PSA_ALG_IS_SIGN_MESSAGE"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true), that is compatible with the type of <code class="docutils literal"><span class="pre">key</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
+<dd>The message whose signature is to be verified.</dd>
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">signature</span></code></dt>
+<dd>Buffer containing the signature to verify.</dd>
+<dt> <code class="docutils literal"><span class="pre">signature_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">signature</span></code> buffer in bytes.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>The signature is valid.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
+<dd>The calculation was performed successfully, but the passed signature is not a valid signature.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">To perform a multi-part hash-and-sign signature verification algorithm, first use a <a class="reference internal" href="hashes.html#hash-mp"><span class="std std-ref">multi-part hash operation</span></a> to hash the message and then pass the resulting hash to <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a>. <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> can be used to determine the hash algorithm to use.</p>
+</div>
+</div>
+<div class="section" id="psa_sign_hash">
+<span id="c.psa_sign_hash"></span><h3><code class="docutils literal"><span class="pre">psa_sign_hash</span></code> (function)</h3>
+<p>Sign an already-calculated hash with a private key.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash">psa_sign_hash</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+ const uint8_t * hash,
+ size_t hash_length,
+ uint8_t * signature,
+ size_t signature_size,
+ size_t * signature_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to use for the operation. It must be an asymmetric key pair. The key must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An asymmetric signature algorithm that separates the hash and sign operations (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_HASH" title="PSA_ALG_IS_SIGN_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true), that is compatible with the type of <code class="docutils literal"><span class="pre">key</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">hash</span></code></dt>
+<dd>The input to sign. This is usually the hash of a message. See the detailed description of this function and the description of individual signature algorithms for a detailed description of acceptable inputs.</dd>
+<dt> <code class="docutils literal"><span class="pre">hash_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">hash</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">signature</span></code></dt>
+<dd>Buffer where the signature is to be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">signature_size</span></code></dt>
+<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">signature</span></code> buffer in bytes.
+This must be appropriate for the selected algorithm and key:</p>
+<ul class="last simple">
+<li>The required signature size is <a class="reference internal" href="#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">key_bits</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">key_bits</span></code> are the type and bit-size respectively of <code class="docutils literal"><span class="pre">key</span></code>.</li>
+<li><a class="reference internal" href="#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code></a> evaluates to the maximum signature size of any supported signature algorithm.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">signature_length</span></code></dt>
+<dd>On success, the number of bytes that make up the returned signature value.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd>The size of the <code class="docutils literal"><span class="pre">signature</span></code> buffer is too small.
+<a class="reference internal" href="#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>With most signature mechanisms that follow the hash-and-sign paradigm, the hash input to this function is the hash of the message to sign. The hash algorithm is encoded in the signature algorithm.</p>
+<p>Some hash-and-sign mechanisms apply a padding or encoding to the hash. In such cases, the encoded hash must be passed to this function. The current version of this specification defines one such signature algorithm: <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code></a>.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">To perform a hash-and-sign algorithm, the hash must be calculated before passing it to this function. This can be done by calling <a class="reference internal" href="hashes.html#c.psa_hash_compute" title="psa_hash_compute"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_compute()</span></code></a> or with a multi-part hash operation. Alternatively, to hash and sign a message in a single call, use <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a>.</p>
+</div>
+</div>
+<div class="section" id="psa_verify_hash">
+<span id="c.psa_verify_hash"></span><h3><code class="docutils literal"><span class="pre">psa_verify_hash</span></code> (function)</h3>
+<p>Verify the signature of a hash or short message using a public key.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash">psa_verify_hash</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+ const uint8_t * hash,
+ size_t hash_length,
+ const uint8_t * signature,
+ size_t signature_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to use for the operation. It must be a public key or an asymmetric key pair. The key must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An asymmetric signature algorithm that separates the hash and sign operations (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_HASH" title="PSA_ALG_IS_SIGN_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true), that is compatible with the type of <code class="docutils literal"><span class="pre">key</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">hash</span></code></dt>
+<dd>The input whose signature is to be verified. This is usually the hash of a message. See the detailed description of this function and the description of individual signature algorithms for a detailed description of acceptable inputs.</dd>
+<dt> <code class="docutils literal"><span class="pre">hash_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">hash</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">signature</span></code></dt>
+<dd>Buffer containing the signature to verify.</dd>
+<dt> <code class="docutils literal"><span class="pre">signature_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">signature</span></code> buffer in bytes.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>The signature is valid.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
+<dd>The calculation was performed successfully, but the passed signature is not a valid signature.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>With most signature mechanisms that follow the hash-and-sign paradigm, the hash input to this function is the hash of the message to sign. The hash algorithm is encoded in the signature algorithm.</p>
+<p>Some hash-and-sign mechanisms apply a padding or encoding to the hash. In such cases, the encoded hash must be passed to this function. The current version of this specification defines one such signature algorithm: <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code></a>.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">To perform a hash-and-sign verification algorithm, the hash must be calculated before passing it to this function. This can be done by calling <a class="reference internal" href="hashes.html#c.psa_hash_compute" title="psa_hash_compute"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_compute()</span></code></a> or with a multi-part hash operation. Alternatively, to hash and verify a message signature in a single call, use <a class="reference internal" href="#c.psa_verify_message" title="psa_verify_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_message()</span></code></a>.</p>
+</div>
+</div>
+</div>
+<div class="section" id="support-macros">
+<h2>Support macros</h2>
+<div class="section" id="PSA_ALG_IS_SIGN_MESSAGE">
+<span id="c.PSA_ALG_IS_SIGN_MESSAGE"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a signature algorithm that can be used with <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a> and <a class="reference internal" href="#c.psa_verify_message" title="psa_verify_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_message()</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_MESSAGE" title="PSA_ALG_IS_SIGN_MESSAGE">PSA_ALG_IS_SIGN_MESSAGE</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a signature algorithm that can be used to sign a message. <code class="docutils literal"><span class="pre">0</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a signature algorithm that can only be used to sign an already-calculated hash. <code class="docutils literal"><span class="pre">0</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a signature algorithm. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_SIGN_HASH">
+<span id="c.PSA_ALG_IS_SIGN_HASH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_HASH</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a signature algorithm that can be used with <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> and <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_HASH" title="PSA_ALG_IS_SIGN_HASH">PSA_ALG_IS_SIGN_HASH</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a signature algorithm that can be used to sign a hash. <code class="docutils literal"><span class="pre">0</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a signature algorithm that can only be used to sign a message. <code class="docutils literal"><span class="pre">0</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a signature algorithm. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_RSA_PKCS1V15_SIGN">
+<span id="c.PSA_ALG_IS_RSA_PKCS1V15_SIGN"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN</span></code> (macro)</h3>
+<p>Whether the specified algorithm is an RSA PKCS#1 v1.5 signature algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_RSA_PKCS1V15_SIGN" title="PSA_ALG_IS_RSA_PKCS1V15_SIGN">PSA_ALG_IS_RSA_PKCS1V15_SIGN</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an RSA PKCS#1 v1.5 signature algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
+<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_RSA_PSS">
+<span id="c.PSA_ALG_IS_RSA_PSS"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PSS</span></code> (macro)</h3>
+<p>Whether the specified algorithm is an RSA PSS signature algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_RSA_PSS" title="PSA_ALG_IS_RSA_PSS">PSA_ALG_IS_RSA_PSS</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an RSA PSS signature algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
+<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_ECDSA">
+<span id="c.PSA_ALG_IS_ECDSA"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_ECDSA</span></code> (macro)</h3>
+<p>Whether the specified algorithm is ECDSA.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_ECDSA" title="PSA_ALG_IS_ECDSA">PSA_ALG_IS_ECDSA</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an ECDSA algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
+<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_DETERMINISTIC_ECDSA">
+<span id="c.PSA_ALG_IS_DETERMINISTIC_ECDSA"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_DETERMINISTIC_ECDSA</span></code> (macro)</h3>
+<p>Whether the specified algorithm is deterministic ECDSA.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_DETERMINISTIC_ECDSA" title="PSA_ALG_IS_DETERMINISTIC_ECDSA">PSA_ALG_IS_DETERMINISTIC_ECDSA</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a deterministic ECDSA algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
+<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>See also <a class="reference internal" href="#c.PSA_ALG_IS_ECDSA" title="PSA_ALG_IS_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_ECDSA()</span></code></a> and <a class="reference internal" href="#c.PSA_ALG_IS_RANDOMIZED_ECDSA" title="PSA_ALG_IS_RANDOMIZED_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_RANDOMIZED_ECDSA()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_RANDOMIZED_ECDSA">
+<span id="c.PSA_ALG_IS_RANDOMIZED_ECDSA"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_RANDOMIZED_ECDSA</span></code> (macro)</h3>
+<p>Whether the specified algorithm is randomized ECDSA.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_RANDOMIZED_ECDSA" title="PSA_ALG_IS_RANDOMIZED_ECDSA">PSA_ALG_IS_RANDOMIZED_ECDSA</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a randomized ECDSA algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
+<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>See also <a class="reference internal" href="#c.PSA_ALG_IS_ECDSA" title="PSA_ALG_IS_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_ECDSA()</span></code></a> and <a class="reference internal" href="#c.PSA_ALG_IS_DETERMINISTIC_ECDSA" title="PSA_ALG_IS_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_DETERMINISTIC_ECDSA()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_HASH_AND_SIGN">
+<span id="c.PSA_ALG_IS_HASH_AND_SIGN"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a hash-and-sign algorithm that signs exactly the hash value.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_HASH_AND_SIGN" title="PSA_ALG_IS_HASH_AND_SIGN">PSA_ALG_IS_HASH_AND_SIGN</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a hash-and-sign algorithm that signs exactly the hash value, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>This macro identifies algorithms that can be used with <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> that use the exact message hash value as an input the signature operation. This excludes hash-and-sign algorithms that require a encoded or modified hash for the signature step in the algorithm, such as <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_ALG_ANY_HASH">
+<span id="c.PSA_ALG_ANY_HASH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code> (macro)</h3>
+<p>In a hash-and-sign algorithm policy, allow any hash algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH">PSA_ALG_ANY_HASH</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x020000ff)
+</pre>
+<p>This value can be used to form the algorithm usage field of a policy for a signature algorithm that is parametrized by a hash. A key with this policy can then be used to perform operations using the same signature algorithm parametrized with any supported hash.
+A signature algorithm policy created using this macro is a wildcard policy, and <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_WILDCARD" title="PSA_ALG_IS_WILDCARD"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_WILDCARD()</span></code></a> will return true.</p>
+<p>This value must not be used to build other algorithms that are parametrized over a hash. For any valid use of this macro to build an algorithm <code class="docutils literal"><span class="pre">alg</span></code>, <a class="reference internal" href="#c.PSA_ALG_IS_HASH_AND_SIGN" title="PSA_ALG_IS_HASH_AND_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</p>
+<p>This value must not be used to build an algorithm specification to perform an operation. It is only valid to build policies.</p>
+<p class="rubric">Usage</p>
+<p>For example, suppose that <code class="docutils literal"><span class="pre">PSA_xxx_SIGNATURE</span></code> is one of the following macros:</p>
+<ul class="simple">
+<li><a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN" title="PSA_ALG_RSA_PKCS1V15_SIGN"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code></a></li>
+<li><a class="reference internal" href="#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PSS</span></code></a></li>
+<li><a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a></li>
+<li><a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a></li>
+</ul>
+<p>The following sequence of operations shows how <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> can be used in a key policy:</p>
+<ul>
+<li><p class="first">Set the key usage field using <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a>, for example:</p>
+<pre class="literal-block">
+<a class="reference internal" href="../keys/usage.html#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags">psa_set_key_usage_flags</a>(&attributes, <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE">PSA_KEY_USAGE_SIGN_MESSAGE</a>); // or VERIFY_MESSAGE
+<a class="reference internal" href="../keys/algorithms.html#c.psa_set_key_algorithm" title="psa_set_key_algorithm">psa_set_key_algorithm</a>(&attributes, PSA_xxx_SIGNATURE(<a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH">PSA_ALG_ANY_HASH</a>));
+</pre>
+</li>
+<li><p class="first">Import or generate key material.</p>
+</li>
+<li><p class="first">Call <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a> or <a class="reference internal" href="#c.psa_verify_message" title="psa_verify_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_message()</span></code></a>, passing an algorithm built from <code class="docutils literal"><span class="pre">PSA_xxx_SIGNATURE</span></code> and a specific hash. Each call to sign or verify a message can use a different hash algorithm.</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message">psa_sign_message</a>(key, PSA_xxx_SIGNATURE(<a class="reference internal" href="hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256">PSA_ALG_SHA_256</a>), ...);
+<a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message">psa_sign_message</a>(key, PSA_xxx_SIGNATURE(<a class="reference internal" href="hashes.html#c.PSA_ALG_SHA_512" title="PSA_ALG_SHA_512">PSA_ALG_SHA_512</a>), ...);
+<a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message">psa_sign_message</a>(key, PSA_xxx_SIGNATURE(<a class="reference internal" href="hashes.html#c.PSA_ALG_SHA3_256" title="PSA_ALG_SHA3_256">PSA_ALG_SHA3_256</a>), ...);
+</pre>
+</li>
+</ul>
+</div>
+<div class="section" id="PSA_SIGN_OUTPUT_SIZE">
+<span id="c.PSA_SIGN_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE</span></code> (macro)</h3>
+<p>Sufficient signature buffer size for <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a> and <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE">PSA_SIGN_OUTPUT_SIZE</a>(key_type, key_bits, alg) \
+ <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
+<dd>An asymmetric key type. This can be a key pair type or a public key type.</dd>
+<dt> <code class="docutils literal"><span class="pre">key_bits</span></code></dt>
+<dd>The size of the key in bits.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The signature algorithm.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a> and <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> will not fail with <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a>. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or <code class="docutils literal"><span class="pre">0</span></code>. If the parameters are not valid, the return value is unspecified.</p>
+<p class="rubric">Description</p>
+<p>This macro returns a sufficient buffer size for a signature using a key of the specified type and size, with the specified algorithm. Note that the actual size of the signature might be smaller, as some algorithms produce a variable-size signature.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">This function might evaluate its arguments multiple times or zero times. Providing arguments that have side effects will result in implementation-specific behavior, and is non-portable.</p>
+</div>
+<p>See also <a class="reference internal" href="#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_SIGNATURE_MAX_SIZE">
+<span id="c.PSA_SIGNATURE_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code> (macro)</h3>
+<p>Maximum size of an asymmetric signature.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE">PSA_SIGNATURE_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>This macro must expand to a compile-time constant integer.
+It is recommended that this value is the maximum size of an asymmetric signature supported by the implementation, in bytes. The value must not be smaller than this maximum.</p>
+<p>See also <a class="reference internal" href="#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE()</span></code></a>.</p>
+</div>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+ <div class="sphinxsidebarwrapper">
+ <h3><a href="../../index.html">Table Of Contents</a></h3>
+ <ul>
+<li><a class="reference internal" href="#">Asymmetric signature</a><ul>
+<li><a class="reference internal" href="#asymmetric-signature-algorithms">Asymmetric signature algorithms</a><ul>
+<li><a class="reference internal" href="#PSA_ALG_RSA_PKCS1V15_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_RSA_PSS"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PSS</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_ECDSA_ANY"><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA_ANY</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_DETERMINISTIC_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code> (macro)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#asymmetric-signature-functions">Asymmetric signature functions</a><ul>
+<li><a class="reference internal" href="#psa_sign_message"><code class="docutils literal"><span class="pre">psa_sign_message</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_verify_message"><code class="docutils literal"><span class="pre">psa_verify_message</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_sign_hash"><code class="docutils literal"><span class="pre">psa_sign_hash</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_verify_hash"><code class="docutils literal"><span class="pre">psa_verify_hash</span></code> (function)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#support-macros">Support macros</a><ul>
+<li><a class="reference internal" href="#PSA_ALG_IS_SIGN_MESSAGE"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_SIGN_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_HASH</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_RSA_PSS"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PSS</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ECDSA</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_DETERMINISTIC_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_DETERMINISTIC_ECDSA</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_RANDOMIZED_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RANDOMIZED_ECDSA</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_HASH_AND_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_ANY_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_SIGN_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_SIGNATURE_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code> (macro)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+ <li><a href="../../index.html">Documentation overview</a><ul>
+ <li><a href="index.html">Cryptographic operation reference</a><ul>
+ <li>Previous: <a href="kdf.html" title="previous chapter">Key derivation</a></li>
+ <li>Next: <a href="pke.html" title="next chapter">Asymmetric encryption</a></li>
+ </ul></li>
+ </ul></li>
+</ul>
+</div>
+ <div role="note" aria-label="source link">
+ <h3>This Page</h3>
+ <ul class="this-page-menu">
+ <li><a href="../../_sources/api/ops/sign.rst.txt"
+ rel="nofollow">Show Source</a></li>
+ </ul>
+ </div>
+<div id="searchbox" style="display: none" role="search">
+ <h3>Quick search</h3>
+ <form class="search" action="../../search.html" method="get">
+ <div><input type="text" name="q" /></div>
+ <div><input type="submit" value="Go" /></div>
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+ </div>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ <div class="footer">
+ © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+
+ |
+ Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+ & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+
+ |
+ <a href="../../_sources/api/ops/sign.rst.txt"
+ rel="nofollow">Page source</a>
+ </div>
+
+
+
+
+ </body>
+</html>
\ No newline at end of file