Platform Security Architecture — cryptography and keystore interface  Working draft
Macros | Functions
Asymmetric cryptography

Macros

#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits)   (PSA_BITS_TO_BYTES(curve_bits) * 2)
 ECDSA signature size for a given curve bit size. More...
 
#define PSA_RSA_MINIMUM_PADDING_SIZE(alg)
 

Functions

psa_status_t psa_asymmetric_sign (psa_key_slot_t key, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length)
 Sign a hash or short message with a private key. More...
 
psa_status_t psa_asymmetric_verify (psa_key_slot_t key, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length)
 Verify the signature a hash or short message using a public key. More...
 
psa_status_t psa_asymmetric_encrypt (psa_key_slot_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length)
 Encrypt a short message with a public key. More...
 
psa_status_t psa_asymmetric_decrypt (psa_key_slot_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length)
 Decrypt a short message with a private key. More...
 

Detailed Description

Macro Definition Documentation

◆ PSA_ECDSA_SIGNATURE_SIZE

#define PSA_ECDSA_SIGNATURE_SIZE (   curve_bits)    (PSA_BITS_TO_BYTES(curve_bits) * 2)

ECDSA signature size for a given curve bit size.

Parameters
curve_bitsCurve size in bits.
Returns
Signature size in bytes.
Note
This macro returns a compile-time constant if its argument is one.

◆ PSA_RSA_MINIMUM_PADDING_SIZE

#define PSA_RSA_MINIMUM_PADDING_SIZE (   alg)
Value:
(PSA_ALG_IS_RSA_OAEP(alg) ? \
2 * PSA_HASH_FINAL_SIZE(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
11 /*PKCS#1v1.5*/)

Function Documentation

◆ psa_asymmetric_decrypt()

psa_status_t psa_asymmetric_decrypt ( psa_key_slot_t  key,
psa_algorithm_t  alg,
const uint8_t *  input,
size_t  input_length,
const uint8_t *  salt,
size_t  salt_length,
uint8_t *  output,
size_t  output_size,
size_t *  output_length 
)

Decrypt a short message with a private key.

Parameters
keyKey slot containing an asymmetric key pair.
algAn asymmetric encryption algorithm that is compatible with the type of key.
[in]inputThe message to decrypt.
input_lengthSize of the input buffer in bytes.
[in]saltA salt or label, if supported by the encryption algorithm. If the algorithm does not support a salt, pass NULL. If the algorithm supports an optional salt and you do not want to pass a salt, pass NULL.

◆ psa_asymmetric_encrypt()

psa_status_t psa_asymmetric_encrypt ( psa_key_slot_t  key,
psa_algorithm_t  alg,
const uint8_t *  input,
size_t  input_length,
const uint8_t *  salt,
size_t  salt_length,
uint8_t *  output,
size_t  output_size,
size_t *  output_length 
)

Encrypt a short message with a public key.

Parameters
keyKey slot containing a public key or an asymmetric key pair.
algAn asymmetric encryption algorithm that is compatible with the type of key.
[in]inputThe message to encrypt.
input_lengthSize of the input buffer in bytes.
[in]saltA salt or label, if supported by the encryption algorithm. If the algorithm does not support a salt, pass NULL. If the algorithm supports an optional salt and you do not want to pass a salt, pass NULL.

◆ psa_asymmetric_sign()

psa_status_t psa_asymmetric_sign ( psa_key_slot_t  key,
psa_algorithm_t  alg,
const uint8_t *  hash,
size_t  hash_length,
uint8_t *  signature,
size_t  signature_size,
size_t *  signature_length 
)

Sign a hash or short message with a private key.

Note that to perform a hash-and-sign signature algorithm, you must first calculate the hash by calling psa_hash_setup(), psa_hash_update() and psa_hash_finish(). Then pass the resulting hash as the hash parameter to this function. You can use PSA_ALG_SIGN_GET_HASH(alg) to determine the hash algorithm to use.

Parameters
keyKey slot containing an asymmetric key pair.
algA signature algorithm that is compatible with the type of key.
[in]hashThe hash or message to sign.
hash_lengthSize of the hash buffer in bytes.
[out]signatureBuffer where the signature is to be written.
signature_sizeSize of the signature buffer in bytes.
[out]signature_lengthOn success, the number of bytes that make up the returned signature value.
Return values
PSA_SUCCESS
PSA_ERROR_BUFFER_TOO_SMALLThe size of the signature buffer is too small. You can determine a sufficient buffer size by calling PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) where key_type and key_bits are the type and bit-size respectively of key.
PSA_ERROR_NOT_SUPPORTED
PSA_ERROR_INVALID_ARGUMENT
PSA_ERROR_INSUFFICIENT_MEMORY
PSA_ERROR_COMMUNICATION_FAILURE
PSA_ERROR_HARDWARE_FAILURE
PSA_ERROR_TAMPERING_DETECTED
PSA_ERROR_INSUFFICIENT_ENTROPY

◆ psa_asymmetric_verify()

psa_status_t psa_asymmetric_verify ( psa_key_slot_t  key,
psa_algorithm_t  alg,
const uint8_t *  hash,
size_t  hash_length,
const uint8_t *  signature,
size_t  signature_length 
)

Verify the signature a hash or short message using a public key.

Note that to perform a hash-and-sign signature algorithm, you must first calculate the hash by calling psa_hash_setup(), psa_hash_update() and psa_hash_finish(). Then pass the resulting hash as the hash parameter to this function. You can use PSA_ALG_SIGN_GET_HASH(alg) to determine the hash algorithm to use.

Parameters
keyKey slot containing a public key or an asymmetric key pair.
algA signature algorithm that is compatible with the type of key.
[in]hashThe hash or message whose signature is to be verified.
hash_lengthSize of the hash buffer in bytes.
[in]signatureBuffer containing the signature to verify.
signature_lengthSize of the signature buffer in bytes.
Return values
PSA_SUCCESSThe signature is valid.
PSA_ERROR_INVALID_SIGNATUREThe calculation was perfomed successfully, but the passed signature is not a valid signature.
PSA_ERROR_NOT_SUPPORTED
PSA_ERROR_INVALID_ARGUMENT
PSA_ERROR_INSUFFICIENT_MEMORY
PSA_ERROR_COMMUNICATION_FAILURE
PSA_ERROR_HARDWARE_FAILURE
PSA_ERROR_TAMPERING_DETECTED