Kenji Arai / mbed-os_TYBLE16

Dependents:   TYBLE16_simple_data_logger TYBLE16_MP3_Air

Embed: (wiki syntax)

« Back to documentation index

CryptoCell RSA encryption and signature schemes

CryptoCell RSA encryption and signature schemes
[CryptoCell RSA APIs]

Functions

CIMPORT_C CRYSError_t SaSi_RsaSchemesEncrypt (void *rndState_ptr, SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, CRYS_RSAUserPubKey_t *UserPubKey_ptr, CRYS_RSAPrimeData_t *PrimeData_ptr, CRYS_RSA_HASH_OpMode_t hashFunc, uint8_t *L, uint16_t Llen, CRYS_PKCS1_MGF_t MGF, uint8_t *DataIn_ptr, uint16_t DataInSize, uint8_t *Output_ptr, CRYS_PKCS1_version PKCS1_ver)
 This function implements the Encrypt algorithm, as defined in [PKCS1_2.1] and [PKCS1_1.5].
CIMPORT_C CRYSError_t SaSi_RsaSchemesDecrypt (CRYS_RSAUserPrivKey_t *UserPrivKey_ptr, CRYS_RSAPrimeData_t *PrimeData_ptr, CRYS_RSA_HASH_OpMode_t hashFunc, uint8_t *L, uint16_t Llen, CRYS_PKCS1_MGF_t MGF, uint8_t *DataIn_ptr, uint16_t DataInSize, uint8_t *Output_ptr, uint16_t *OutputSize_ptr, CRYS_PKCS1_version PKCS1_ver)
 This function implements the Decrypt algorithm, as defined in [PKCS1_2.1] and [PKCS1_1.5].
CIMPORT_C CRYSError_t SaSi_RsaSign (void *rndState_ptr, SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, CRYS_RSAPrivUserContext_t *UserContext_ptr, CRYS_RSAUserPrivKey_t *UserPrivKey_ptr, CRYS_RSA_HASH_OpMode_t rsaHashMode, CRYS_PKCS1_MGF_t MGF, uint16_t SaltLen, uint8_t *DataIn_ptr, uint32_t DataInSize, uint8_t *Output_ptr, uint16_t *OutputSize_ptr, CRYS_PKCS1_version PKCS1_ver)
 Implements the Signing algorithm, as defined in [PKCS1_1.5] or [PKCS1_2.1], using a single function.
CIMPORT_C CRYSError_t SaSi_RsaVerify (CRYS_RSAPubUserContext_t *UserContext_ptr, CRYS_RSAUserPubKey_t *UserPubKey_ptr, CRYS_RSA_HASH_OpMode_t rsaHashMode, CRYS_PKCS1_MGF_t MGF, uint16_t SaltLen, uint8_t *DataIn_ptr, uint32_t DataInSize, uint8_t *Sig_ptr, CRYS_PKCS1_version PKCS1_ver)
 Implements the RSA signature verification algorithms, in a single function call, as defined in referenced standards [PKCS1_1.5] and [PKCS1_2.1].

Function Documentation

CIMPORT_C CRYSError_t SaSi_RsaSchemesDecrypt ( CRYS_RSAUserPrivKey_t UserPrivKey_ptr,
CRYS_RSAPrimeData_t PrimeData_ptr,
CRYS_RSA_HASH_OpMode_t  hashFunc,
uint8_t *  L,
uint16_t  Llen,
CRYS_PKCS1_MGF_t  MGF,
uint8_t *  DataIn_ptr,
uint16_t  DataInSize,
uint8_t *  Output_ptr,
uint16_t *  OutputSize_ptr,
CRYS_PKCS1_version  PKCS1_ver 
)

This function implements the Decrypt algorithm, as defined in [PKCS1_2.1] and [PKCS1_1.5].

It should not be called directly. Instead, use macros CRYS_RSA_OAEP_Decrypt or CRYS_RSA_PKCS1v15_Decrypt.

Returns:
CRYS_OK on success.
A non-zero value from crys_rsa_error.h or crys_hash_error.h on failure.
Parameters:
[in]UserPrivKey_ptrPointer to the private key data structure of the user.
[in]PrimeData_ptrPointer to a temporary structure that is internally used as workspace for the decryption operation.
[in]hashFuncThe HASH function to be used. One of the supported SHA-x HASH modes, as defined in CRYS_RSA_HASH_OpMode_t (MD5 is not supported).
[in]LThe label input pointer. Relevant for [PKCS1_2.1] only. NULL by default. NULL for [PKCS1_1.5].
[in]LlenThe label length. Relevant for [PKCS1_2.1] only. Zero by default. Zero for [PKCS1_1.5].
[in]MGFThe mask generation function. [PKCS1_2.1] defines MGF1, so the only value allowed here is CRYS_PKCS1_MGF1.
[in]DataIn_ptrPointer to the data to decrypt.
[in]DataInSizeThe size (in bytes) of the data to decrypt. DataSize must be the modulus size.
[in]Output_ptrPointer to the decrypted data. The buffer must be at least PrivKey_ptr->N.len bytes long (i.e. the modulus size in bytes).
[in]OutputSize_ptrPointer to the byte size of the buffer pointed to by Output_buffer. The size must be:

  • For PKCS #1 v2.1: Modulus size > OutputSize >= (modulus size - 2*HashLen - 2).
  • For PKCS #1 v1.5: Modulus size > OutputSize >= (modulus size - 11). The value pointed by OutputSize_ptr is updated after decryption with the actual number of bytes that are loaded to Output_ptr.
[in]PKCS1_ver[PKCS1_1.5] or [PKCS1_2.1], according to the functionality required.
CIMPORT_C CRYSError_t SaSi_RsaSchemesEncrypt ( void *  rndState_ptr,
SaSiRndGenerateVectWorkFunc_t  rndGenerateVectFunc,
CRYS_RSAUserPubKey_t UserPubKey_ptr,
CRYS_RSAPrimeData_t PrimeData_ptr,
CRYS_RSA_HASH_OpMode_t  hashFunc,
uint8_t *  L,
uint16_t  Llen,
CRYS_PKCS1_MGF_t  MGF,
uint8_t *  DataIn_ptr,
uint16_t  DataInSize,
uint8_t *  Output_ptr,
CRYS_PKCS1_version  PKCS1_ver 
)

This function implements the Encrypt algorithm, as defined in [PKCS1_2.1] and [PKCS1_1.5].

It should not be called directly. Instead, use macros CRYS_RSA_OAEP_Encrypt or CRYS_RSA_PKCS1v15_Encrypt.

Returns:
CRYS_OK on success.
A non-zero value from crys_rsa_error.h, crys_rnd_error.h or crys_hash_error.h on failure.
Parameters:
[in,out]rndState_ptrPointer to the RND state structure.
[in]rndGenerateVectFuncPointer to the random vector generation function.
[in]UserPubKey_ptrPointer to the public key data structure.
[in]PrimeData_ptrPointer to a temporary structure that is internally used as workspace for the Encryption operation.
[in]hashFuncThe HASH function to be used. One of the supported SHA-x HASH modes, as defined in CRYS_RSA_HASH_OpMode_t (MD5 is not supported).
[in]LThe label input pointer. Relevant for [PKCS1_2.1] only. NULL by default. NULL for [PKCS1_1.5].
[in]LlenThe label length. Relevant for [PKCS1_2.1] only. Zero by default. Must be <=2048. Zero for [PKCS1_1.5].
[in]MGFThe mask generation function. [PKCS1_2.1] defines MGF1, so the only value allowed here is CRYS_PKCS1_MGF1.
[in]DataIn_ptrPointer to the data to encrypt.
[in]DataInSizeThe size (in bytes) of the data to encrypt. The data size must be:

  • For [PKCS1_2.1], DataSize <= modulus size - 2*HashLen - 2.
  • For [PKCS1_1.5], DataSize <= modulus size - 11.
[out]Output_ptrPointer to the encrypted data. The buffer must be at least modulus size bytes long.
[in]PKCS1_ver[PKCS1_1.5] or [PKCS1_2.1], according to the functionality required.
CIMPORT_C CRYSError_t SaSi_RsaSign ( void *  rndState_ptr,
SaSiRndGenerateVectWorkFunc_t  rndGenerateVectFunc,
CRYS_RSAPrivUserContext_t UserContext_ptr,
CRYS_RSAUserPrivKey_t UserPrivKey_ptr,
CRYS_RSA_HASH_OpMode_t  rsaHashMode,
CRYS_PKCS1_MGF_t  MGF,
uint16_t  SaltLen,
uint8_t *  DataIn_ptr,
uint32_t  DataInSize,
uint8_t *  Output_ptr,
uint16_t *  OutputSize_ptr,
CRYS_PKCS1_version  PKCS1_ver 
)

Implements the Signing algorithm, as defined in [PKCS1_1.5] or [PKCS1_2.1], using a single function.

The input data may be either a non-hashed data or a digest of a hash function. For a non-hashed data, the input data will be hashed using the hash function indicated by CRYS_RSA_HASH_OpMode_t. For a digest, CRYS_RSA_HASH_OpMode_t should indicate the hash function that the input data was created by, and it will not be hashed.

Returns:
CRYS_OK on success.
A non-zero value from crys_rsa_error.h, crys_rnd_error.h or crys_hash_error.h on failure.
Parameters:
[in,out]rndState_ptrPointer to the RND state.
[in,out]rndGenerateVectFuncPointer to the RND Generate vector function pointer.
[in]UserContext_ptrPointer to a temporary context for internal use.
[in]UserPrivKey_ptrPointer to the private key data structure of the user. The representation (pair or quintuple) and hence the algorithm (CRT or not CRT) is determined by the Private Key build function - CRYS_RSA_Build_PrivKey or CRYS_RSA_Build_PrivKeyCRT.
[in]rsaHashModeOne of the supported SHA-x HASH modes, as defined in CRYS_RSA_HASH_OpMode_t. (MD5 is not supported).
[in]MGFThe mask generation function. [PKCS1_2.1] defines only MGF1, so the only value allowed for [PKCS1_2.1] is CRYS_PKCS1_MGF1.
[in]SaltLenThe Length of the Salt buffer (relevant for PKCS#1 Ver 2.1 only, typically lengths is 0 or hash Len). FIPS 186-4 requires, that SaltLen <= hash len. If SaltLen > KeySize - hash Len - 2, the function returns an error.
[in]DataIn_ptrPointer to the input data to be signed. The size of the scatter/gather list representing the data buffer is limited to 128 entries, and the size of each entry is limited to 64KB (fragments larger than 64KB are broken into fragments <= 64KB).
[in]DataInSizeThe size (in bytes) of the data to sign.
[out]Output_ptrPointer to the signature. The buffer must be at least PrivKey_ptr->N.len bytes long (i.e. the modulus size in bytes).
[in,out]OutputSize_ptrPointer to the signature size value - the input value is the signature buffer size allocated, the output value is the signature size used. he buffer must be equal to PrivKey_ptr->N.len bytes long (i.e. the modulus size in bytes).
[in]PKCS1_ver[PKCS1_1.5] or [PKCS1_2.1], according to the functionality required.
CIMPORT_C CRYSError_t SaSi_RsaVerify ( CRYS_RSAPubUserContext_t UserContext_ptr,
CRYS_RSAUserPubKey_t UserPubKey_ptr,
CRYS_RSA_HASH_OpMode_t  rsaHashMode,
CRYS_PKCS1_MGF_t  MGF,
uint16_t  SaltLen,
uint8_t *  DataIn_ptr,
uint32_t  DataInSize,
uint8_t *  Sig_ptr,
CRYS_PKCS1_version  PKCS1_ver 
)

Implements the RSA signature verification algorithms, in a single function call, as defined in referenced standards [PKCS1_1.5] and [PKCS1_2.1].

The input data may be either a non-hashed data or a digest of a hash function. For a non-hashed data, the input data will be hashed using the hash function indicated by CRYS_RSA_HASH_OpMode_t. For a digest, CRYS_RSA_HASH_OpMode_t should indicate the hash function that the input data was created by, and it will not be hashed.

Returns:
CRYS_OK on success.
A non-zero value from crys_rsa_error.h or crys_hash_error.h on failure.
Parameters:
[in]UserContext_ptrPointer to a temporary context for internal use.
[in]UserPubKey_ptrPointer to the public key data structure of the user.
[in]rsaHashModeOne of the supported SHA-x HASH modes, as defined in CRYS_RSA_HASH_OpMode_t. (MD5 is not supported).
[in]MGFThe mask generation function. [PKCS1_2.1] defines only MGF1, so the only value allowed for [PKCS_2.1] is CRYS_PKCS1_MGF1.
[in]SaltLenThe Length of the Salt buffer. Relevant only for [PKCS1_2.1]. Typical lengths are 0 or hash Len (20 for SHA-1). The maximum length allowed is [modulus size - hash Len - 2].
[in]DataIn_ptrPointer to the input data to be verified. The size of the scatter/gather list representing the data buffer is limited to 128 entries, and the size of each entry is limited to 64KB (fragments larger than 64KB are broken into fragments <= 64KB).
[in]DataInSizeThe size (in bytes) of the data whose signature is to be verified.
[in]Sig_ptrPointer to the signature to be verified. The length of the signature is PubKey_ptr->N.len bytes (i.e. the modulus size in bytes).
[in]PKCS1_ver[PKCS1_1.5] or [PKCS1_2.1], according to the functionality required.