Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: TYBLE16_simple_data_logger TYBLE16_MP3_Air
CryptoCell RSA encryption and signature schemes
[CryptoCell RSA APIs]
Functions | |
CIMPORT_C CRYSError_t | SaSi_RsaSchemesEncrypt (void *rndState_ptr, SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, CRYS_RSAUserPubKey_t *UserPubKey_ptr, CRYS_RSAPrimeData_t *PrimeData_ptr, CRYS_RSA_HASH_OpMode_t hashFunc, uint8_t *L, uint16_t Llen, CRYS_PKCS1_MGF_t MGF, uint8_t *DataIn_ptr, uint16_t DataInSize, uint8_t *Output_ptr, CRYS_PKCS1_version PKCS1_ver) |
This function implements the Encrypt algorithm, as defined in [PKCS1_2.1] and [PKCS1_1.5]. | |
CIMPORT_C CRYSError_t | SaSi_RsaSchemesDecrypt (CRYS_RSAUserPrivKey_t *UserPrivKey_ptr, CRYS_RSAPrimeData_t *PrimeData_ptr, CRYS_RSA_HASH_OpMode_t hashFunc, uint8_t *L, uint16_t Llen, CRYS_PKCS1_MGF_t MGF, uint8_t *DataIn_ptr, uint16_t DataInSize, uint8_t *Output_ptr, uint16_t *OutputSize_ptr, CRYS_PKCS1_version PKCS1_ver) |
This function implements the Decrypt algorithm, as defined in [PKCS1_2.1] and [PKCS1_1.5]. | |
CIMPORT_C CRYSError_t | SaSi_RsaSign (void *rndState_ptr, SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, CRYS_RSAPrivUserContext_t *UserContext_ptr, CRYS_RSAUserPrivKey_t *UserPrivKey_ptr, CRYS_RSA_HASH_OpMode_t rsaHashMode, CRYS_PKCS1_MGF_t MGF, uint16_t SaltLen, uint8_t *DataIn_ptr, uint32_t DataInSize, uint8_t *Output_ptr, uint16_t *OutputSize_ptr, CRYS_PKCS1_version PKCS1_ver) |
Implements the Signing algorithm, as defined in [PKCS1_1.5] or [PKCS1_2.1], using a single function. | |
CIMPORT_C CRYSError_t | SaSi_RsaVerify (CRYS_RSAPubUserContext_t *UserContext_ptr, CRYS_RSAUserPubKey_t *UserPubKey_ptr, CRYS_RSA_HASH_OpMode_t rsaHashMode, CRYS_PKCS1_MGF_t MGF, uint16_t SaltLen, uint8_t *DataIn_ptr, uint32_t DataInSize, uint8_t *Sig_ptr, CRYS_PKCS1_version PKCS1_ver) |
Implements the RSA signature verification algorithms, in a single function call, as defined in referenced standards [PKCS1_1.5] and [PKCS1_2.1]. |
Function Documentation
CIMPORT_C CRYSError_t SaSi_RsaSchemesDecrypt | ( | CRYS_RSAUserPrivKey_t * | UserPrivKey_ptr, |
CRYS_RSAPrimeData_t * | PrimeData_ptr, | ||
CRYS_RSA_HASH_OpMode_t | hashFunc, | ||
uint8_t * | L, | ||
uint16_t | Llen, | ||
CRYS_PKCS1_MGF_t | MGF, | ||
uint8_t * | DataIn_ptr, | ||
uint16_t | DataInSize, | ||
uint8_t * | Output_ptr, | ||
uint16_t * | OutputSize_ptr, | ||
CRYS_PKCS1_version | PKCS1_ver | ||
) |
This function implements the Decrypt algorithm, as defined in [PKCS1_2.1] and [PKCS1_1.5].
It should not be called directly. Instead, use macros CRYS_RSA_OAEP_Decrypt or CRYS_RSA_PKCS1v15_Decrypt.
- Returns:
- CRYS_OK on success.
- A non-zero value from crys_rsa_error.h or crys_hash_error.h on failure.
- Parameters:
-
[in] UserPrivKey_ptr Pointer to the private key data structure of the user. [in] PrimeData_ptr Pointer to a temporary structure that is internally used as workspace for the decryption operation. [in] hashFunc The HASH function to be used. One of the supported SHA-x HASH modes, as defined in CRYS_RSA_HASH_OpMode_t (MD5 is not supported). [in] L The label input pointer. Relevant for [PKCS1_2.1] only. NULL by default. NULL for [PKCS1_1.5]. [in] Llen The label length. Relevant for [PKCS1_2.1] only. Zero by default. Zero for [PKCS1_1.5]. [in] MGF The mask generation function. [PKCS1_2.1] defines MGF1, so the only value allowed here is CRYS_PKCS1_MGF1. [in] DataIn_ptr Pointer to the data to decrypt. [in] DataInSize The size (in bytes) of the data to decrypt. DataSize must be the modulus size. [in] Output_ptr Pointer to the decrypted data. The buffer must be at least PrivKey_ptr->N.len bytes long (i.e. the modulus size in bytes). [in] OutputSize_ptr Pointer to the byte size of the buffer pointed to by Output_buffer. The size must be: - For PKCS #1 v2.1: Modulus size > OutputSize >= (modulus size - 2*HashLen - 2).
- For PKCS #1 v1.5: Modulus size > OutputSize >= (modulus size - 11). The value pointed by OutputSize_ptr is updated after decryption with the actual number of bytes that are loaded to Output_ptr.
[in] PKCS1_ver [PKCS1_1.5] or [PKCS1_2.1], according to the functionality required.
CIMPORT_C CRYSError_t SaSi_RsaSchemesEncrypt | ( | void * | rndState_ptr, |
SaSiRndGenerateVectWorkFunc_t | rndGenerateVectFunc, | ||
CRYS_RSAUserPubKey_t * | UserPubKey_ptr, | ||
CRYS_RSAPrimeData_t * | PrimeData_ptr, | ||
CRYS_RSA_HASH_OpMode_t | hashFunc, | ||
uint8_t * | L, | ||
uint16_t | Llen, | ||
CRYS_PKCS1_MGF_t | MGF, | ||
uint8_t * | DataIn_ptr, | ||
uint16_t | DataInSize, | ||
uint8_t * | Output_ptr, | ||
CRYS_PKCS1_version | PKCS1_ver | ||
) |
This function implements the Encrypt algorithm, as defined in [PKCS1_2.1] and [PKCS1_1.5].
It should not be called directly. Instead, use macros CRYS_RSA_OAEP_Encrypt or CRYS_RSA_PKCS1v15_Encrypt.
- Returns:
- CRYS_OK on success.
- A non-zero value from crys_rsa_error.h, crys_rnd_error.h or crys_hash_error.h on failure.
- Parameters:
-
[in,out] rndState_ptr Pointer to the RND state structure. [in] rndGenerateVectFunc Pointer to the random vector generation function. [in] UserPubKey_ptr Pointer to the public key data structure. [in] PrimeData_ptr Pointer to a temporary structure that is internally used as workspace for the Encryption operation. [in] hashFunc The HASH function to be used. One of the supported SHA-x HASH modes, as defined in CRYS_RSA_HASH_OpMode_t (MD5 is not supported). [in] L The label input pointer. Relevant for [PKCS1_2.1] only. NULL by default. NULL for [PKCS1_1.5]. [in] Llen The label length. Relevant for [PKCS1_2.1] only. Zero by default. Must be <=2048. Zero for [PKCS1_1.5]. [in] MGF The mask generation function. [PKCS1_2.1] defines MGF1, so the only value allowed here is CRYS_PKCS1_MGF1. [in] DataIn_ptr Pointer to the data to encrypt. [in] DataInSize The size (in bytes) of the data to encrypt. The data size must be: - For [PKCS1_2.1], DataSize <= modulus size - 2*HashLen - 2.
- For [PKCS1_1.5], DataSize <= modulus size - 11.
[out] Output_ptr Pointer to the encrypted data. The buffer must be at least modulus size bytes long. [in] PKCS1_ver [PKCS1_1.5] or [PKCS1_2.1], according to the functionality required.
CIMPORT_C CRYSError_t SaSi_RsaSign | ( | void * | rndState_ptr, |
SaSiRndGenerateVectWorkFunc_t | rndGenerateVectFunc, | ||
CRYS_RSAPrivUserContext_t * | UserContext_ptr, | ||
CRYS_RSAUserPrivKey_t * | UserPrivKey_ptr, | ||
CRYS_RSA_HASH_OpMode_t | rsaHashMode, | ||
CRYS_PKCS1_MGF_t | MGF, | ||
uint16_t | SaltLen, | ||
uint8_t * | DataIn_ptr, | ||
uint32_t | DataInSize, | ||
uint8_t * | Output_ptr, | ||
uint16_t * | OutputSize_ptr, | ||
CRYS_PKCS1_version | PKCS1_ver | ||
) |
Implements the Signing algorithm, as defined in [PKCS1_1.5] or [PKCS1_2.1], using a single function.
The input data may be either a non-hashed data or a digest of a hash function. For a non-hashed data, the input data will be hashed using the hash function indicated by CRYS_RSA_HASH_OpMode_t. For a digest, CRYS_RSA_HASH_OpMode_t should indicate the hash function that the input data was created by, and it will not be hashed.
- Returns:
- CRYS_OK on success.
- A non-zero value from crys_rsa_error.h, crys_rnd_error.h or crys_hash_error.h on failure.
- Parameters:
-
[in,out] rndState_ptr Pointer to the RND state. [in,out] rndGenerateVectFunc Pointer to the RND Generate vector function pointer. [in] UserContext_ptr Pointer to a temporary context for internal use. [in] UserPrivKey_ptr Pointer to the private key data structure of the user. The representation (pair or quintuple) and hence the algorithm (CRT or not CRT) is determined by the Private Key build function - CRYS_RSA_Build_PrivKey or CRYS_RSA_Build_PrivKeyCRT. [in] rsaHashMode One of the supported SHA-x HASH modes, as defined in CRYS_RSA_HASH_OpMode_t. (MD5 is not supported). [in] MGF The mask generation function. [PKCS1_2.1] defines only MGF1, so the only value allowed for [PKCS1_2.1] is CRYS_PKCS1_MGF1. [in] SaltLen The Length of the Salt buffer (relevant for PKCS#1 Ver 2.1 only, typically lengths is 0 or hash Len). FIPS 186-4 requires, that SaltLen <= hash len. If SaltLen > KeySize - hash Len - 2, the function returns an error. [in] DataIn_ptr Pointer to the input data to be signed. The size of the scatter/gather list representing the data buffer is limited to 128 entries, and the size of each entry is limited to 64KB (fragments larger than 64KB are broken into fragments <= 64KB). [in] DataInSize The size (in bytes) of the data to sign. [out] Output_ptr Pointer to the signature. The buffer must be at least PrivKey_ptr->N.len bytes long (i.e. the modulus size in bytes). [in,out] OutputSize_ptr Pointer to the signature size value - the input value is the signature buffer size allocated, the output value is the signature size used. he buffer must be equal to PrivKey_ptr->N.len bytes long (i.e. the modulus size in bytes). [in] PKCS1_ver [PKCS1_1.5] or [PKCS1_2.1], according to the functionality required.
CIMPORT_C CRYSError_t SaSi_RsaVerify | ( | CRYS_RSAPubUserContext_t * | UserContext_ptr, |
CRYS_RSAUserPubKey_t * | UserPubKey_ptr, | ||
CRYS_RSA_HASH_OpMode_t | rsaHashMode, | ||
CRYS_PKCS1_MGF_t | MGF, | ||
uint16_t | SaltLen, | ||
uint8_t * | DataIn_ptr, | ||
uint32_t | DataInSize, | ||
uint8_t * | Sig_ptr, | ||
CRYS_PKCS1_version | PKCS1_ver | ||
) |
Implements the RSA signature verification algorithms, in a single function call, as defined in referenced standards [PKCS1_1.5] and [PKCS1_2.1].
The input data may be either a non-hashed data or a digest of a hash function. For a non-hashed data, the input data will be hashed using the hash function indicated by CRYS_RSA_HASH_OpMode_t. For a digest, CRYS_RSA_HASH_OpMode_t should indicate the hash function that the input data was created by, and it will not be hashed.
- Returns:
- CRYS_OK on success.
- A non-zero value from crys_rsa_error.h or crys_hash_error.h on failure.
- Parameters:
-
[in] UserContext_ptr Pointer to a temporary context for internal use. [in] UserPubKey_ptr Pointer to the public key data structure of the user. [in] rsaHashMode One of the supported SHA-x HASH modes, as defined in CRYS_RSA_HASH_OpMode_t. (MD5 is not supported). [in] MGF The mask generation function. [PKCS1_2.1] defines only MGF1, so the only value allowed for [PKCS_2.1] is CRYS_PKCS1_MGF1. [in] SaltLen The Length of the Salt buffer. Relevant only for [PKCS1_2.1]. Typical lengths are 0 or hash Len (20 for SHA-1). The maximum length allowed is [modulus size - hash Len - 2]. [in] DataIn_ptr Pointer to the input data to be verified. The size of the scatter/gather list representing the data buffer is limited to 128 entries, and the size of each entry is limited to 64KB (fragments larger than 64KB are broken into fragments <= 64KB). [in] DataInSize The size (in bytes) of the data whose signature is to be verified. [in] Sig_ptr Pointer to the signature to be verified. The length of the signature is PubKey_ptr->N.len bytes (i.e. the modulus size in bytes). [in] PKCS1_ver [PKCS1_1.5] or [PKCS1_2.1], according to the functionality required.
Generated on Tue Jul 12 2022 13:55:21 by
