From 6944f9a831d0c2a3c7acd4757311f8ad1beac427 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 28 Mar 2018 14:18:39 +0200 Subject: [PATCH] New functions: asymmetric encrypt/decrypt --- include/psa/crypto.h | 111 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 110 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index d4ebcba23..d9c8fed6e 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -326,7 +326,8 @@ typedef uint32_t psa_algorithm_t; #define PSA_ALG_RSA_PKCS1V15_SIGN_RAW ((psa_algorithm_t)0x10010000) #define PSA_ALG_RSA_PSS_MGF1 ((psa_algorithm_t)0x10020000) -#define PSA_ALG_RSA_OAEP ((psa_algorithm_t)0x12020000) +#define PSA_ALG_RSA_PKCS1V15_CRYPT ((psa_algorithm_t)0x12010000) +#define PSA_ALG_RSA_OAEP_MGF1_BASE ((psa_algorithm_t)0x12020000) #define PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg) \ (PSA_ALG_RSA_PKCS1V15_SIGN_RAW | ((hash_alg) & PSA_ALG_HASH_MASK)) #define PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) \ @@ -1329,6 +1330,114 @@ psa_status_t psa_asymmetric_verify(psa_key_slot_t key, uint8_t *signature, size_t signature_size); +#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \ + (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \ + ((void)alg, 0)) +#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \ + PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) + +/** + * \brief Encrypt a short message with a public key. + * + * \param key Key slot containing a public key or an asymmetric + * key pair. + * \param alg An asymmetric encryption algorithm that is + * compatible with the type of \c key. + * \param input The message to encrypt. + * \param input_length Size of the \c input buffer in bytes. + * \param salt A salt or label, if supported by the encryption + * algorithm. + * If the algorithm does not support a + * salt, pass \c NULL. + * If the algorithm supports an optional + * salt and you do not want to pass a salt, + * pass \c NULL. + * + * - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is + * supported. + * \param salt_length Size of the \c salt buffer in bytes. + * If \c salt is \c NULL, pass 0. + * \param output Buffer where the encrypted message is to be written. + * \param output_size Size of the \c output buffer in bytes. + * \param output_length On success, the number of bytes + * that make up the returned output. + * + * \retval PSA_SUCCESS + * \retval PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \c output buffer is too small. You can + * determine a sufficient buffer size by calling + * #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) + * where \c key_type and \c key_bits are the type and bit-size + * respectively of \c key. + * \retval PSA_ERROR_NOT_SUPPORTED + * \retval PSA_ERROR_INVALID_ARGUMENT + * \retval PSA_ERROR_INSUFFICIENT_MEMORY + * \retval PSA_ERROR_COMMUNICATION_FAILURE + * \retval PSA_ERROR_HARDWARE_FAILURE + * \retval PSA_ERROR_TAMPERING_DETECTED + * \retval PSA_ERROR_INSUFFICIENT_ENTROPY + */ +psa_status_t psa_asymmetric_encrypt(psa_key_slot_t key, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *salt, + size_t salt_length, + uint8_t *output, + size_t output_size, + size_t *output_length); + +/** + * \brief Decrypt a short message with a private key. + * + * \param key Key slot containing an asymmetric key pair. + * \param alg An asymmetric encryption algorithm that is + * compatible with the type of \c key. + * \param input The message to decrypt. + * \param input_length Size of the \c input buffer in bytes. + * \param salt A salt or label, if supported by the encryption + * algorithm. + * If the algorithm does not support a + * salt, pass \c NULL. + * If the algorithm supports an optional + * salt and you do not want to pass a salt, + * pass \c NULL. + * + * - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is + * supported. + * \param salt_length Size of the \c salt buffer in bytes. + * If \c salt is \c NULL, pass 0. + * \param output Buffer where the encrypted message is to be written. + * \param output_size Size of the \c output buffer in bytes. + * \param output_length On success, the number of bytes + * that make up the returned output. + * + * \retval PSA_SUCCESS + * \retval PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \c output buffer is too small. You can + * determine a sufficient buffer size by calling + * #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) + * where \c key_type and \c key_bits are the type and bit-size + * respectively of \c key. + * \retval PSA_ERROR_NOT_SUPPORTED + * \retval PSA_ERROR_INVALID_ARGUMENT + * \retval PSA_ERROR_INSUFFICIENT_MEMORY + * \retval PSA_ERROR_COMMUNICATION_FAILURE + * \retval PSA_ERROR_HARDWARE_FAILURE + * \retval PSA_ERROR_TAMPERING_DETECTED + * \retval PSA_ERROR_INSUFFICIENT_ENTROPY + * \retval PSA_ERROR_INVALID_PADDING + */ +psa_status_t psa_asymmetric_decrypt(psa_key_slot_t key, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *salt, + size_t salt_length, + uint8_t *output, + size_t output_size, + size_t *output_length); + /**@}*/ #ifdef __cplusplus