New functions: asymmetric encrypt/decrypt

This commit is contained in:
Gilles Peskine 2018-03-28 14:18:39 +02:00 committed by itayzafrir
parent 8484565f85
commit 6944f9a831

View file

@ -326,7 +326,8 @@ typedef uint32_t psa_algorithm_t;
#define PSA_ALG_RSA_PKCS1V15_SIGN_RAW ((psa_algorithm_t)0x10010000) #define PSA_ALG_RSA_PKCS1V15_SIGN_RAW ((psa_algorithm_t)0x10010000)
#define PSA_ALG_RSA_PSS_MGF1 ((psa_algorithm_t)0x10020000) #define PSA_ALG_RSA_PSS_MGF1 ((psa_algorithm_t)0x10020000)
#define PSA_ALG_RSA_OAEP ((psa_algorithm_t)0x12020000) #define PSA_ALG_RSA_PKCS1V15_CRYPT ((psa_algorithm_t)0x12010000)
#define PSA_ALG_RSA_OAEP_MGF1_BASE ((psa_algorithm_t)0x12020000)
#define PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg) \ #define PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg) \
(PSA_ALG_RSA_PKCS1V15_SIGN_RAW | ((hash_alg) & PSA_ALG_HASH_MASK)) (PSA_ALG_RSA_PKCS1V15_SIGN_RAW | ((hash_alg) & PSA_ALG_HASH_MASK))
#define PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) \ #define PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) \
@ -1329,6 +1330,114 @@ psa_status_t psa_asymmetric_verify(psa_key_slot_t key,
uint8_t *signature, uint8_t *signature,
size_t signature_size); size_t signature_size);
#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
((void)alg, 0))
#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg)
/**
* \brief Encrypt a short message with a public key.
*
* \param key Key slot containing a public key or an asymmetric
* key pair.
* \param alg An asymmetric encryption algorithm that is
* compatible with the type of \c key.
* \param input The message to encrypt.
* \param input_length Size of the \c input buffer in bytes.
* \param salt A salt or label, if supported by the encryption
* algorithm.
* If the algorithm does not support a
* salt, pass \c NULL.
* If the algorithm supports an optional
* salt and you do not want to pass a salt,
* pass \c NULL.
*
* - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
* supported.
* \param salt_length Size of the \c salt buffer in bytes.
* If \c salt is \c NULL, pass 0.
* \param output Buffer where the encrypted message is to be written.
* \param output_size Size of the \c output buffer in bytes.
* \param output_length On success, the number of bytes
* that make up the returned output.
*
* \retval PSA_SUCCESS
* \retval PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \c output buffer is too small. You can
* determine a sufficient buffer size by calling
* #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg)
* where \c key_type and \c key_bits are the type and bit-size
* respectively of \c key.
* \retval PSA_ERROR_NOT_SUPPORTED
* \retval PSA_ERROR_INVALID_ARGUMENT
* \retval PSA_ERROR_INSUFFICIENT_MEMORY
* \retval PSA_ERROR_COMMUNICATION_FAILURE
* \retval PSA_ERROR_HARDWARE_FAILURE
* \retval PSA_ERROR_TAMPERING_DETECTED
* \retval PSA_ERROR_INSUFFICIENT_ENTROPY
*/
psa_status_t psa_asymmetric_encrypt(psa_key_slot_t key,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
const uint8_t *salt,
size_t salt_length,
uint8_t *output,
size_t output_size,
size_t *output_length);
/**
* \brief Decrypt a short message with a private key.
*
* \param key Key slot containing an asymmetric key pair.
* \param alg An asymmetric encryption algorithm that is
* compatible with the type of \c key.
* \param input The message to decrypt.
* \param input_length Size of the \c input buffer in bytes.
* \param salt A salt or label, if supported by the encryption
* algorithm.
* If the algorithm does not support a
* salt, pass \c NULL.
* If the algorithm supports an optional
* salt and you do not want to pass a salt,
* pass \c NULL.
*
* - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
* supported.
* \param salt_length Size of the \c salt buffer in bytes.
* If \c salt is \c NULL, pass 0.
* \param output Buffer where the encrypted message is to be written.
* \param output_size Size of the \c output buffer in bytes.
* \param output_length On success, the number of bytes
* that make up the returned output.
*
* \retval PSA_SUCCESS
* \retval PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \c output buffer is too small. You can
* determine a sufficient buffer size by calling
* #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg)
* where \c key_type and \c key_bits are the type and bit-size
* respectively of \c key.
* \retval PSA_ERROR_NOT_SUPPORTED
* \retval PSA_ERROR_INVALID_ARGUMENT
* \retval PSA_ERROR_INSUFFICIENT_MEMORY
* \retval PSA_ERROR_COMMUNICATION_FAILURE
* \retval PSA_ERROR_HARDWARE_FAILURE
* \retval PSA_ERROR_TAMPERING_DETECTED
* \retval PSA_ERROR_INSUFFICIENT_ENTROPY
* \retval PSA_ERROR_INVALID_PADDING
*/
psa_status_t psa_asymmetric_decrypt(psa_key_slot_t key,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
const uint8_t *salt,
size_t salt_length,
uint8_t *output,
size_t output_size,
size_t *output_length);
/**@}*/ /**@}*/
#ifdef __cplusplus #ifdef __cplusplus