Defines all functions of mcuxClRsa. More...
Functions | |
mcuxClRsa_Status_t | mcuxClRsa_sign (mcuxClSession_Handle_t pSession, const mcuxClRsa_Key *const pKey, mcuxCl_InputBuffer_t pMessageOrDigest, const uint32_t messageLength, const mcuxClRsa_SignVerifyMode pPaddingMode, const uint32_t saltLength, const uint32_t options, mcuxCl_Buffer_t pSignature) |
RSA sign operation. | |
mcuxClRsa_Status_t | mcuxClRsa_verify (mcuxClSession_Handle_t pSession, const mcuxClRsa_Key *const pKey, mcuxCl_InputBuffer_t pMessageOrDigest, const uint32_t messageLength, mcuxCl_Buffer_t pSignature, const mcuxClRsa_SignVerifyMode pVerifyMode, const uint32_t saltLength, const uint32_t options, mcuxCl_Buffer_t pOutput) |
RSA verify operation. | |
mcuxClRsa_Status_t | mcuxClRsa_KeyGeneration_Crt (mcuxClSession_Handle_t pSession, mcuxClKey_Type_t type, mcuxClKey_Protection_t protection, mcuxClKey_Handle_t privKey, uint8_t *pPrivData, uint32_t *const pPrivDataLength, mcuxClKey_Handle_t pubKey, uint8_t *pPubData, uint32_t *const pPubDataLength) |
Generates an RSA key in CRT format. | |
mcuxClRsa_Status_t | mcuxClRsa_KeyGeneration_Plain (mcuxClSession_Handle_t pSession, mcuxClKey_Type_t type, mcuxClKey_Protection_t protection, mcuxClKey_Handle_t privKey, uint8_t *pPrivData, uint32_t *const pPrivDataLength, mcuxClKey_Handle_t pubKey, uint8_t *pPubData, uint32_t *const pPubDataLength) |
RSA key generation of private plain key operation. | |
Defines all functions of mcuxClRsa.
mcuxClRsa_Status_t mcuxClRsa_sign | ( | mcuxClSession_Handle_t | pSession, |
const mcuxClRsa_Key *const | pKey, | ||
mcuxCl_InputBuffer_t | pMessageOrDigest, | ||
const uint32_t | messageLength, | ||
const mcuxClRsa_SignVerifyMode | pPaddingMode, | ||
const uint32_t | saltLength, | ||
const uint32_t | options, | ||
mcuxCl_Buffer_t | pSignature | ||
) |
RSA sign operation.
This function performs an RSA signature generation according to RSASP1, RSASSA-PSS-SIGN or RSASSA-PKCS1-v1_5-SIGN of PKCS #1 v2.2. Based on the passed key type, it is selected, whether to perform this operation using a private plain, a private CRT key, or whether to use a private CRT key and protect the operation against perturbation attacks. Based on the selection of the padding mode, it is determined, whether to perform no padding, or whether to perform one of the supported paddings based on one of the supported hash functions. The supported bit-lengths of the modulus range from 512 to 4096 in multiples of 8. The private exponent is limited to d < n.
[in] | pSession | Pointer to mcuxClSession_Descriptor |
[in] | pKey | Pointer to key structure of type mcuxClRsa_Key |
[in] | pMessageOrDigest | Pointer to buffer, which contains the input to the sign operation |
[in] | messageLength | Byte-length of MessageOrDigest |
[in] | pPaddingMode | Pointer to signing mode of type mcuxClRsa_SignVerifyMode_t |
[in] | saltLength | Byte-length of salt |
[in] | options | Options field |
[out] | pSignature | Pointer to buffer, which contains the result (signature) |
MCUXCLRSA_STATUS_SIGN_OK | Sign operation executed successfully. |
MCUXCLRSA_STATUS_INVALID_INPUT | The input parameters are not valid. |
MCUXCLRSA_STATUS_ERROR | An error occurred during the execution. In that case, expectations for the flow protection are not balanced. |
mcuxClRsa_Status_t mcuxClRsa_verify | ( | mcuxClSession_Handle_t | pSession, |
const mcuxClRsa_Key *const | pKey, | ||
mcuxCl_InputBuffer_t | pMessageOrDigest, | ||
const uint32_t | messageLength, | ||
mcuxCl_Buffer_t | pSignature, | ||
const mcuxClRsa_SignVerifyMode | pVerifyMode, | ||
const uint32_t | saltLength, | ||
const uint32_t | options, | ||
mcuxCl_Buffer_t | pOutput | ||
) |
RSA verify operation.
This function performs an RSA signature verification according to RSAVP1, RSASSA-PSS-VERIFY or RSASSA-PKCS1-v1_5-VERIFY of PKCS #1 v2.2. Based on the selection of the padding mode, it is determined, whether to perform no padding verification, or whether to perform one of the supported padding verifications based on one of the supported hash functions. The supported bit-lengths of the modulus range from 512 to 4096 in multiples of 8. The public exponent is limited to 2 <= e < N.
[in] | pSession | Pointer to mcuxClSession_Descriptor |
[in] | pKey | Pointer to key structure of type mcuxClRsa_Key |
[in] | pMessageOrDigest | Pointer to buffer, which contains the input to the verify operation |
[in] | messageLength | Byte-length of MessageOrDigest |
[in] | pSignature | Pointer to buffer, which contains the signature |
[in] | pVerifyMode | Pointer to verification mode of type mcuxClRsa_SignVerifyMode_t |
[in] | saltLength | Byte-length of salt |
[in] | options | Options field |
[out] | pOutput | Pointer to output buffer |
MCUXCLRSA_STATUS_VERIFY_OK | Verify operation executed successfully. |
MCUXCLRSA_STATUS_VERIFYPRIMITIVE_OK | Verification primitive operation executed successfully. |
MCUXCLRSA_STATUS_INVALID_INPUT | The input parameters are not valid. |
MCUXCLRSA_STATUS_VERIFY_FAILED | The signature verification failed. |
MCUXCLRSA_STATUS_ERROR | An error occurred during the execution. In that case, expectations for the flow protection are not balanced. |
mcuxClRsa_Status_t mcuxClRsa_KeyGeneration_Crt | ( | mcuxClSession_Handle_t | pSession, |
mcuxClKey_Type_t | type, | ||
mcuxClKey_Protection_t | protection, | ||
mcuxClKey_Handle_t | privKey, | ||
uint8_t * | pPrivData, | ||
uint32_t *const | pPrivDataLength, | ||
mcuxClKey_Handle_t | pubKey, | ||
uint8_t * | pPubData, | ||
uint32_t *const | pPubDataLength | ||
) |
Generates an RSA key in CRT format.
This function for given public exponent and key size generates an RSA private key in CRT representation (p, q, dp, dq, qInv) and computes the modulus n.
Primes p and q are generated based on the method specified in the FIPS 186-4, Appendix B.3.3 using probabilistic primality test with the probability of not being prime less than 2^(-125). The public exponent is restricted to (FIPS compliant) odd values in the range 2^16 < e < 2^256 (i.e. including 0x10001). The bit-length of the key size is limited to 2048, 3072 and 4096. The keys generated by this function are FIPS 186-4 compliant provided their length is either 2048 or 3072 bits and the exponent value is an odd integer between 2^16 and 2^256.
The two key handles are linked with each other using mcuxClKey_linkKeyPair.
[in] | pSession | Pointer to mcuxClSession_Descriptor |
[in] | type | Type of the key |
[in] | protection | Protection and flush mechanism that must be applied to the generated key. |
[out] | privKey | Key handle for the generated private key |
[out] | pPrivData | Pointer to the buffer where the generated private CRT key data needs to be written |
[out] | pPrivDataLength | Will be set by the number of bytes of data that have been written to the pPrivData buffer |
[out] | pubKey | Key handle for the generated public key |
[out] | pPubData | Pointer to the buffer where the generated public key data needs to be written |
[out] | pPubDataLength | Will be set by the number of bytes of data that have been written to the pPubData buffer |
pPrivData
buffer. pPubData
buffer. MCUXCLRSA_STATUS_KEYGENERATION_OK | RSA key generation operation executed successfully. |
MCUXCLRSA_STATUS_INVALID_INPUT | The input parameters are not valid. |
MCUXCLRSA_STATUS_KEYGENERATION_ITERATIONSEXCEEDED | RSA key generation exceeds the limit of iterations to generate a prime. |
MCUXCLRSA_STATUS_ERROR | An error occurred during the execution. In that case, expectations for the flow protection are not balanced. |
mcuxClRsa_Status_t mcuxClRsa_KeyGeneration_Plain | ( | mcuxClSession_Handle_t | pSession, |
mcuxClKey_Type_t | type, | ||
mcuxClKey_Protection_t | protection, | ||
mcuxClKey_Handle_t | privKey, | ||
uint8_t * | pPrivData, | ||
uint32_t *const | pPrivDataLength, | ||
mcuxClKey_Handle_t | pubKey, | ||
uint8_t * | pPubData, | ||
uint32_t *const | pPubDataLength | ||
) |
RSA key generation of private plain key operation.
This function for given public exponent and key size generates RSA private key in in plain from (d, n).
Private exponent d is computed with the requirements specified in the FIPS 186-4, Appendix B.3.1. Primes p and q are generated based on the method specified in the FIPS 186-4, Appendix B.3.3 using probabilistic primality test with the probability of not being prime less than 2^(-125). The public exponent is restricted to (FIPS compliant) odd values in the range 2^16 < e < 2^256 (i.e. including 0x10001). The bit-length of the key size is limited to 2048, 3072 and 4096. The keys generated by this function are FIPS 186-4 compliant provided their length is either 2048 or 3072 bits and the exponent value is an odd integer between 2^16 and 2^256.
The two key handles are linked with each other using mcuxClKey_linkKeyPair.
[in] | pSession | Pointer to mcuxClSession_Descriptor |
[in] | type | Type of the key |
[in] | protection | Protection and flush mechanism that must be applied to the generated key |
[out] | privKey | Key handle for the generated private key |
[out] | pPrivData | Pointer to the buffer where the generated private plain key data needs to be written |
[out] | pPrivDataLength | Will be set by the number of bytes of data that have been written to the pPrivData buffer |
[out] | pubKey | Key handle for the generated public key |
[out] | pPubData | Pointer to the buffer where the generated public key data needs to be written |
[out] | pPubDataLength | Will be set by the number of bytes of data that have been written to the pPubData buffer |
pPrivData
buffer. pPubData
buffer. MCUXCLRSA_STATUS_KEYGENERATION_OK | RSA key generation operation executed successfully. |
MCUXCLRSA_STATUS_INVALID_INPUT | The input parameters are not valid. |
MCUXCLRSA_STATUS_KEYGENERATION_ITERATIONSEXCEEDED | RSA key generation exceeds the limit of iterations to generate a prime. |
MCUXCLRSA_STATUS_ERROR | An error occurred during the execution. In that case, expectations for the flow protection are not balanced. |