Defines all functions of mcuxClRsa.
More...
|
mcuxClRsa_Status_Protected_t | mcuxClRsa_sign (mcuxClSession_Handle_t pSession, const mcuxClRsa_Key *const pKey, const uint8_t *const pMessageOrDigest, const uint32_t messageLength, const mcuxClRsa_SignVerifyMode pPaddingMode, const uint32_t saltLength, const uint32_t options, uint8_t *const pSignature) |
| RSA sign operation. More...
|
|
mcuxClRsa_Status_Protected_t | mcuxClRsa_verify (mcuxClSession_Handle_t pSession, const mcuxClRsa_Key *const pKey, const uint8_t *const pMessageOrDigest, const uint32_t messageLength, uint8_t *const pSignature, const mcuxClRsa_SignVerifyMode pVerifyMode, const uint32_t saltLength, const uint32_t options, uint8_t *const pOutput) |
| RSA verify operation. More...
|
|
Defines all functions of mcuxClRsa.
◆ mcuxClRsa_sign()
RSA sign operation.
This function performs an RSA signature generation according to RSASP1, RSASSA-PSS-SIGN or RSASSA-PKCS1-v1_5-SIGN of PKCS #1 v2.2. Based on the passed key type, it is selected, whether to perform this operation using a private plain, a private CRT key, or whether to use a private CRT key and protect the operation against perturbation attacks. Based on the selection of the padding mode, it is determined, whether to perform no padding, or whether to perform one of the supported paddings based on one of the supported hash functions. The supported bit-lengths of the modulus range from 512 to 4096 in multiples of 8. The private exponent is limited to d < n.
- Parameters
-
[in] | pSession | Pointer to mcuxClSession_Descriptor |
[in] | pKey | Pointer to key structure of type mcuxClRsa_Key |
[in] | pMessageOrDigest | Pointer to buffer, which contains the input to the sign operation |
[in] | messageLength | Byte-length of MessageOrDigest |
[in] | pPaddingMode | Pointer to signing mode of type mcuxClRsa_SignVerifyMode_t |
[in] | saltLength | Byte-length of salt |
[in] | options | Options field |
[out] | pSignature | Pointer to buffer, which contains the result (signature) |
- Parameter properties
- pSession:
- The session pointed to by pSession has to be initialized prior to a call to this function.
- pKey:
- The key entries must meet the following conditions:
- pMessageOrDigest:
- The input must meet the following conditions:
- messageLength:
- This value is only regarded in case of option MCUXCLRSA_OPTION_MESSAGE_PLAIN. In case of option MCUXCLRSA_OPTION_MESSAGE_DIGEST, or mode RSASP1, please set to zero.
- pPaddingMode:
- The mode specifies the targeted padding and hashing algorithms. Please set to one of mcuxClRsa_Sign_Modes.
- saltLength:
- This value is only regarded in case of performing a RSASSA-PSS-SIGN operation. Otherwise, please set to zero.
- options:
- This field is used to select options of the sign operation:
- pSignature:
- The output is returned in in big-endian byte order.
- Returns
- Status of the mcuxClRsa_sign operation (see mcuxClRsa_Status_Protected_t)
- Return values
-
- Examples
- mcuxClRsa_sign_NoEncode_example.c, and mcuxClRsa_sign_pss_sha2_256_example.c.
◆ mcuxClRsa_verify()
RSA verify operation.
This function performs an RSA signature verification according to RSAVP1, RSASSA-PSS-VERIFY or RSASSA-PKCS1-v1_5-VERIFY of PKCS #1 v2.2. Based on the selection of the padding mode, it is determined, whether to perform no padding verification, or whether to perform one of the supported padding verifications based on one of the supported hash functions. The supported bit-lengths of the modulus range from 512 to 4096 in multiples of 8. The public exponent is limited to 2 <= e < N.
- Parameters
-
[in] | pSession | Pointer to mcuxClSession_Descriptor |
[in] | pKey | Pointer to key structure of type mcuxClRsa_Key |
[in] | pMessageOrDigest | Pointer to buffer, which contains the input to the verify operation |
[in] | messageLength | Byte-length of MessageOrDigest |
[in] | pSignature | Pointer to buffer, which contains the signature |
[in] | pVerifyMode | Pointer to verification mode of type mcuxClRsa_SignVerifyMode_t |
[in] | saltLength | Byte-length of salt |
[in] | options | Options field |
[out] | pOutput | Pointer to output buffer |
- Parameter properties
- pSession:
- The session pointed to by pSession has to be initialized prior to a call to this function.
- pKey:
- The key entries must meet the following conditions:
- Entry keytype must be set to MCUXCLRSA_KEY_PUBLIC. In case of passing another key type, the function returns MCUXCLRSA_STATUS_INVALID_INPUT. The functions checks, internally, whether the required key entries are not set to NULL. If so, the function returns MCUXCLRSA_STATUS_INVALID_INPUT;
- The supported bit-lengths of the modulus range from 512 to 4096 in multiples of 8;
- It is required that e is greater or equal to 2 and smaller than n.
- pMessageOrDigest:
- The input must meet the following conditions:
- It must be provided in big-endian byte order;
- In case of mode RSAVP1, please set to NULL.
- messageLength:
- This value is only regarded in case of option MCUXCLRSA_OPTION_MESSAGE_PLAIN. In case of option MCUXCLRSA_OPTION_MESSAGE_DIGEST, or mode RSAVP1, please set to zero.
- pSignature:
- The signature must meet the following conditions:
- It must be given in big-endian byte order;
- The signature length is determined by the modulus length (bytelength(n));
- The signature value must be smaller than n. If it is bigger the function returns MCUXCLRSA_STATUS_INVALID_INPUT.
- pVerifyMode:
- The mode specifies the targeted padding verification and hashing algorithms. Please set to one of mcuxClRsa_Verify_Modes.
- saltLength:
- This value is only regarded in case of performing a RSASSA-PSS-VERIFY operation. Otherwise, please set to zero.
- options:
- This field is used to select options of the sign operation:
- pOutput:
- In case of mode RSAVP1 this pointer points to the buffer, where the result will be stored in big-endian byte order. This buffer must have the same byte-length as the modulus. In case of modes RSASSA-PSS-VERIFY and RSASSA-PKCS1-v1_5-VERIFY please set to NULL.
- Returns
- Status of the mcuxClRsa_verify operation (see mcuxClRsa_Status_Protected_t)
- Return values
-
- Examples
- mcuxClRsa_verify_NoVerify_example.c, and mcuxClRsa_verify_pssverify_sha2_256_example.c.