Defines all functions of mcuxClCss_Ecc. More...
Functions | |
MCUXCLCSS_API mcuxClCss_Status_Protected_t | mcuxClCss_EccKeyGen_Async (mcuxClCss_EccKeyGenOption_t options, mcuxClCss_KeyIndex_t signingKeyIdx, mcuxClCss_KeyIndex_t privateKeyIdx, mcuxClCss_KeyProp_t generatedKeyProperties, uint8_t const *pRandomData, uint8_t *pPublicKey) |
Generates an ECC key pair on the NIST P-256 curve. More... | |
MCUXCLCSS_API mcuxClCss_Status_Protected_t | mcuxClCss_EccKeyExchange_Async (mcuxClCss_KeyIndex_t privateKeyIdx, uint8_t const *pPublicKey, mcuxClCss_KeyIndex_t sharedSecretIdx, mcuxClCss_KeyProp_t sharedSecretProperties) |
Performs a Diffie-Hellman key exchange with an internal ECC private key and an external ECC public key. More... | |
MCUXCLCSS_API mcuxClCss_Status_Protected_t | mcuxClCss_EccSign_Async (mcuxClCss_EccSignOption_t options, mcuxClCss_KeyIndex_t keyIdx, uint8_t const *pInputHash, uint8_t const *pInputMessage, size_t inputMessageLength, uint8_t *pOutput) |
Generates an ECDSA signature of a given message. More... | |
MCUXCLCSS_API mcuxClCss_Status_Protected_t | mcuxClCss_EccVerify_Async (mcuxClCss_EccVerifyOption_t options, uint8_t const *pInputHash, uint8_t const *pInputMessage, size_t inputMessageLength, uint8_t const *pSignatureAndPubKey, uint8_t *pOutput) |
Verifies an ECDSA signature of a given message. More... | |
Defines all functions of mcuxClCss_Ecc.
MCUXCLCSS_API mcuxClCss_Status_Protected_t mcuxClCss_EccKeyGen_Async | ( | mcuxClCss_EccKeyGenOption_t | options, |
mcuxClCss_KeyIndex_t | signingKeyIdx, | ||
mcuxClCss_KeyIndex_t | privateKeyIdx, | ||
mcuxClCss_KeyProp_t | generatedKeyProperties, | ||
uint8_t const * | pRandomData, | ||
uint8_t * | pPublicKey | ||
) |
Generates an ECC key pair on the NIST P-256 curve.
Before execution, CSS will wait until mcuxClCss_HwState_t.drbgentlvl == MCUXCLCSS_STATUS_DRBGENTLVL_HIGH. This can lead to a delay if the DRBG is in a state with less security strength at the time of the call.
Call mcuxClCss_WaitForOperation to complete the operation. The public key will be stored in the standard ANSI X9.62 byte order (big-endian).
[in] | options | The command options. For more information, see mcuxClCss_EccKeyGenOption_t. |
[in] | signingKeyIdx | The index of the key to sign the generated public key. |
[in] | privateKeyIdx | Output key index. |
[in] | generatedKeyProperties | The desired key properties of the generated key. |
[in] | pRandomData | Random data provided by the user. |
[out] | pPublicKey | Pointer to the memory area which receives the public key and optionally the key signature. |
options.kgsign
== MCUXCLCSS_ECC_PUBLICKEY_SIGN_DISABLE signingKeyIdx
is ignored. options.kgsrc
== MCUXCLCSS_ECC_OUTPUTKEY_DETERMINISTIC privateKeyIdx
also defines the key index of the source key material. The source key material will be overwritten by the output public key. options.kgsign_rnd
== MCUXCLCSS_ECC_NO_RANDOM_DATA pRandomData
is ignored. pPublicKey
must be aligned on a 4-byte boundary. MCUXCLCSS_STATUS_SW_INVALID_PARAM | if invalid parameters were specified |
MCUXCLCSS_STATUS_SW_CANNOT_INTERRUPT | if a running operation prevented the request |
MCUXCLCSS_STATUS_OK_WAIT | on successful request |
MCUXCLCSS_API mcuxClCss_Status_Protected_t mcuxClCss_EccKeyExchange_Async | ( | mcuxClCss_KeyIndex_t | privateKeyIdx, |
uint8_t const * | pPublicKey, | ||
mcuxClCss_KeyIndex_t | sharedSecretIdx, | ||
mcuxClCss_KeyProp_t | sharedSecretProperties | ||
) |
Performs a Diffie-Hellman key exchange with an internal ECC private key and an external ECC public key.
Before execution, CSS will wait until mcuxClCss_HwState_t.drbgentlvl == MCUXCLCSS_STATUS_DRBGENTLVL_LOW. This can lead to a delay if the DRBG is in a state with less security strength at the time of the call.
Call mcuxClCss_WaitForOperation to complete the operation. The public key must be stored in the standard ANSI X9.62 byte order (big-endian).
[in] | privateKeyIdx | The private key index. |
[in] | pPublicKey | Pointer to the public key of a third party. |
[in] | sharedSecretIdx | The index in the CSSv2 keystore that receives the shared secret that is generated by the ECDH operation. |
[in] | sharedSecretProperties | The desired key properties of the shared secret. |
pPublicKey
MCUXCLCSS_STATUS_SW_INVALID_PARAM | if invalid parameters were specified |
MCUXCLCSS_STATUS_SW_CANNOT_INTERRUPT | if a running operation prevented the request |
MCUXCLCSS_STATUS_OK_WAIT | on successful request |
MCUXCLCSS_API mcuxClCss_Status_Protected_t mcuxClCss_EccSign_Async | ( | mcuxClCss_EccSignOption_t | options, |
mcuxClCss_KeyIndex_t | keyIdx, | ||
uint8_t const * | pInputHash, | ||
uint8_t const * | pInputMessage, | ||
size_t | inputMessageLength, | ||
uint8_t * | pOutput | ||
) |
Generates an ECDSA signature of a given message.
The curve is NIST P-256. The message hash, must be stored in the standard ANSI X9.62 format. If the message is provided in plain, no prior conversion is necessary. The signature will be stored in the standard ANSI X9.62 byte order (big-endian).
Before execution, CSS will wait until mcuxClCss_HwState_t.drbgentlvl == MCUXCLCSS_STATUS_DRBGENTLVL_HIGH. This can lead to a delay if the DRBG is in a state with less security strength at the time of the call.
Call mcuxClCss_WaitForOperation to complete the operation.
[in] | options | The command options. For more information, see mcuxClCss_EccSignOption_t. |
[in] | keyIdx | The private key index. |
[in] | pInputHash | The hash of the message to sign in X9.62 format. |
[in] | pInputMessage | The message to sign. |
[in] | inputMessageLength | Size of pInputMessage in bytes. |
[out] | pOutput | Pointer to the memory area which receives the generated signature in X9.62 format. (64 bytes) |
options.echashchl
== MCUXCLCSS_ECC_HASHED pInputHash
is used, and it must be aligned on a 4-byte boundary. pInputMessage
is ignored. options.echashchl
== MCUXCLCSS_ECC_NOT_HASHED pInputHash
is ignored. pInputMessage
and inputMessageLength
are used. pOptput
must be aligned on a 4-byte boundary. MCUXCLCSS_STATUS_SW_INVALID_PARAM | if invalid parameters were specified |
MCUXCLCSS_STATUS_SW_CANNOT_INTERRUPT | if a running operation prevented the request |
MCUXCLCSS_STATUS_OK_WAIT | on successful request |
MCUXCLCSS_API mcuxClCss_Status_Protected_t mcuxClCss_EccVerify_Async | ( | mcuxClCss_EccVerifyOption_t | options, |
uint8_t const * | pInputHash, | ||
uint8_t const * | pInputMessage, | ||
size_t | inputMessageLength, | ||
uint8_t const * | pSignatureAndPubKey, | ||
uint8_t * | pOutput | ||
) |
Verifies an ECDSA signature of a given message.
The curve is NIST P-256. The message hash, must be stored in the standard ANSI X9.62 format. If the message is provided in plain, no prior conversion is necessary. The signature and public key must be stored in the standard ANSI X9.62 byte order (big-endian).
Before execution, CSS will wait until mcuxClCss_HwState_t.drbgentlvl == MCUXCLCSS_STATUS_DRBGENTLVL_LOW. This can lead to a delay if the DRBG is in a state with less security strength at the time of the call.
Call mcuxClCss_WaitForOperation to complete the operation.
[in] | options | The command options. For more information, see mcuxClCss_EccVerifyOption_t. |
[in] | pInputHash | The hash of the signed message in X9.62 format. |
[in] | pInputMessage | The message to sign. |
[in] | inputMessageLength | Size of pInputMessage in bytes. |
[in] | pSignatureAndPubKey | Pointer to the memory area which contains the concatenation of the signature and the public key. |
[out] | pOutput | Pointer to the memory area which will receive the recalculated value of the R component in case of a successful signature verification. |
options.echashchl
== MCUXCLCSS_ECC_HASHED pInputHash
is used, and it must be aligned on a 4-byte boundary. pInputMessage
is ignored. options.echashchl
== MCUXCLCSS_ECC_NOT_HASHED pInputHash
is ignored. pInputMessage
and inputMessageLength
are used. pSignatureAndPubKey
pOutput
pSignatureAndPublicKey
. MCUXCLCSS_STATUS_SW_INVALID_PARAM | if invalid parameters were specified |
MCUXCLCSS_STATUS_SW_CANNOT_INTERRUPT | if a running operation prevented the request |
MCUXCLCSS_STATUS_OK_WAIT | on successful request |