MCUX CLNS
MCUX Crypto Library Normal Secure
Loading...
Searching...
No Matches
mcuxClSignature_Functions
mcuxClSignature

Interfaces to perform Signature operations in one shot. More...

Functions

mcuxClSignature_Status_t mcuxClSignature_sign (mcuxClSession_Handle_t session, mcuxClKey_Handle_t key, mcuxClSignature_Mode_t mode, mcuxCl_InputBuffer_t pIn, uint32_t inSize, mcuxCl_Buffer_t pSignature, uint32_t *const pSignatureSize)
 One-shot signing function.
mcuxClSignature_Status_t mcuxClSignature_verify_recordParam (mcuxClSession_Handle_t pSession, mcuxClSignature_Mode_t mode, mcuxCl_InputBuffer_t pIn, uint32_t inSize)
 Record signature verification parameters for protection.
mcuxClSignature_Status_t mcuxClSignature_verify (mcuxClSession_Handle_t session, mcuxClKey_Handle_t key, mcuxClSignature_Mode_t mode, mcuxCl_InputBuffer_t pIn, uint32_t inSize, mcuxCl_InputBuffer_t pSignature, uint32_t signatureSize)
 One-shot verification function.

Detailed Description

Interfaces to perform Signature operations in one shot.

Function Documentation

◆ mcuxClSignature_sign()

mcuxClSignature_Status_t mcuxClSignature_sign ( mcuxClSession_Handle_t session,
mcuxClKey_Handle_t key,
mcuxClSignature_Mode_t mode,
mcuxCl_InputBuffer_t pIn,
uint32_t inSize,
mcuxCl_Buffer_t pSignature,
uint32_t *const pSignatureSize )

One-shot signing function.

This function performs a signing operation in one shot. The algorithm to be used will be determined based on the key and mode that are provided.

For example, to perform an ECDSA signing operation over pre-hashed data with a 256-bit private key, the following needs to be provided:

  • ECC256 private key
  • ECDSA mode, pre-hashed data
  • Input data, hash of the data to be signed
  • Output data buffer
Parameters
sessionHandle for the current CL session.
keyKey to be used to sign the data (word-aligned).
modeSignature mode that should be used during the signing operation.
[in]pInPointer to the input buffer that contains the data that needs to be signed.
inSizeNumber of bytes of data in the pIn buffer.
[out]pSignaturePointer to the output buffer where the generated signature needs to be written.
[out]pSignatureSizeWill be set to the number of bytes of data that have been written to the pSignature buffer.
Returns
status
Attention
When used with RSA modes, the function uses PRNG, which has to be initialized prior to calling the function.
Examples
mcuxClEcc_ECDSA_FixedKeys_NIST_P256_example.c, mcuxClEcc_ECDSA_GeneratedKeys_NIST_P256_example.c, mcuxClEcc_EdDSA_Ed25519_example.c, mcuxClEcc_EdDSA_Ed25519ctx_example.c, mcuxClEcc_EdDSA_Ed25519ph_example.c, mcuxClEcc_EdDSA_GenerateSignature_Ed25519_example.c, and mcuxClRsa_Signature_RSASSA_PSS_example.c.

◆ mcuxClSignature_verify_recordParam()

mcuxClSignature_Status_t mcuxClSignature_verify_recordParam ( mcuxClSession_Handle_t pSession,
mcuxClSignature_Mode_t mode,
mcuxCl_InputBuffer_t pIn,
uint32_t inSize )

Record signature verification parameters for protection.

Records signature mode, input data pIn and inSize parameters for additional protection. This function must be called immediately before the mcuxClSignature_verify function call when ECDSA mode is requested. Failure to do so will result in a protection token mismatch during the signature verification.

Note
This function will use the first word of CPU WA (without allocating it) to store the calculated parameter protection value. This will then be used by the mcuxClSignature_verify function to validate parameters.
Parameters
pSessionHandle for the current CL session.
modeSignature mode that should be used during the verification operation.
[in]pInPointer to the input buffer that contains the data that has been signed.
inSizeNumber of bytes of data in the pIn buffer.
Returns
status
Examples
mcuxClEcc_ECDSA_FixedKeys_NIST_P256_example.c, mcuxClEcc_ECDSA_GeneratedKeys_NIST_P256_example.c, mcuxClEcc_ECDSA_VerifyOnly_NIST_P256_example.c, and mcuxClSession_cleanupOnError_example.c.

◆ mcuxClSignature_verify()

mcuxClSignature_Status_t mcuxClSignature_verify ( mcuxClSession_Handle_t session,
mcuxClKey_Handle_t key,
mcuxClSignature_Mode_t mode,
mcuxCl_InputBuffer_t pIn,
uint32_t inSize,
mcuxCl_InputBuffer_t pSignature,
uint32_t signatureSize )

One-shot verification function.

This function performs a signature verification operation in one shot. The algorithm to be used will be determined based on the key and mode that are provided.

For example, to perform an ECDSA signature verification operation with pre-hashed data and a 256-bit public key, the following needs to be provided:

  • ECC256 public key
  • ECDSA mode, pre-hashed data
  • Input data, hash of the data to be verified
  • Signature
Parameters
sessionHandle for the current CL session.
keyKey to be used to verify the pSignature (word-aligned).
modeSignature mode that should be used during the verification operation.
[in]pInPointer to the input buffer that contains the data that has been signed.
inSizeNumber of bytes of data in the pIn buffer.
[in]pSignaturePointer to the buffer that contains the signature that needs to be verified.
signatureSizeNumber of bytes of data in the pSignature buffer.

#if defined(MCUXCL_FEATURE_SIGNATURE_VERIFY_PARAMETER_PROTECTION) && defined(MCUXCL_FEATURE_ECC_ECDSA_VERIFY)

Note
When performing ECDSA signature verification: mode, pIn and inSize parameters require additional protection using mcuxClSignature_verify_recordParam(). This will initialize first word of CPU WA with integrity value required by mcuxClSignature_verify() to validate parameters. #endif
Returns
status
Examples
mcuxClEcc_ECDSA_FixedKeys_NIST_P256_example.c, mcuxClEcc_ECDSA_GeneratedKeys_NIST_P256_example.c, mcuxClEcc_ECDSA_VerifyOnly_NIST_P256_example.c, mcuxClEcc_EdDSA_Ed25519_example.c, mcuxClEcc_EdDSA_Ed25519ctx_example.c, mcuxClEcc_EdDSA_Ed25519ph_example.c, mcuxClEcc_EdDSA_GenerateSignature_Ed25519_example.c, mcuxClRsa_Signature_RSASSA_PSS_example.c, and mcuxClSession_cleanupOnError_example.c.