NXP Reader Library  v17.1.0.2535
Modules | Functions
RSA
Hardware Abstraction Layer » Component : SAM » Command Interface » 05_PublicKeyInfrastructure

SAM commands used for asymmetric RSA key management, signature handling and symmetric key updates based on PKI. More...

Collaboration diagram for RSA:

Modules

 Defines
 Definitions for SAM PKI RSA commands.
 

Functions

phStatus_t phhalHw_Sam_Cmd_PKI_GenerateKeyPair (phhalHw_Sam_DataParams_t *pDataParams, uint8_t bOption, uint8_t bPKI_KeyNo, uint16_t wPKI_Set, uint8_t bPKI_KeyNoCEK, uint8_t bPKI_KeyVCEK, uint8_t bPKI_RefNoKUC, uint8_t bPKI_KeyNoAEK, uint8_t bPKI_KeyVAEK, uint16_t wPKI_NLen, uint16_t wPKI_eLen, uint8_t *pPKI_e)
 Create a pair of a public and private RSA key. More...
 
phStatus_t phhalHw_Sam_Cmd_PKI_ImportKey (phhalHw_Sam_DataParams_t *pDataParams, uint8_t bOption, uint8_t bPKI_KeyNo, uint16_t wPKI_Set, uint8_t bPKI_KeyNoCEK, uint8_t bPKI_KeyVCEK, uint8_t bPKI_RefNoKUC, uint8_t bPKI_KeyNoAEK, uint8_t bPKI_KeyVAEK, uint16_t wPKI_NLen, uint16_t wPKI_eLen, uint16_t wPKI_PLen, uint16_t wPKI_QLen, uint8_t *pPKI_N, uint8_t *pPKI_e, uint8_t *pPKI_p, uint8_t *pPKI_q, uint8_t *pPKI_dP, uint8_t *pPKI_dQ, uint8_t *pPKI_ipq)
 Import a public or private RSA key. More...
 
phStatus_t phhalHw_Sam_Cmd_PKI_ExportPrivateKey (phhalHw_Sam_DataParams_t *pDataParams, uint16_t wOption, uint8_t bPKI_KeyNo, uint8_t **ppKeyData, uint16_t *pKeyDataLen)
 Export a full RSA key entry (i.e including the private key if present). More...
 
phStatus_t phhalHw_Sam_Cmd_PKI_ExportPublicKey (phhalHw_Sam_DataParams_t *pDataParams, uint16_t wOption, uint8_t bPKI_KeyNo, uint8_t **ppKeyData, uint16_t *pKeyDataLen)
 Export the public part of an RSA key pair. More...
 
phStatus_t phhalHw_Sam_Cmd_PKI_UpdateKeyEntries (phhalHw_Sam_DataParams_t *pDataParams, uint8_t bOption, uint8_t bNoOfKeyEntries, uint8_t bHashingAlg, uint8_t bPKI_KeyNo_Enc, uint8_t bPKI_KeyNo_Sign, uint8_t bPKI_KeyNo_Ack, uint8_t *pKeyFrame, uint16_t wKeyFrameLen, uint8_t **ppUpdateACK, uint16_t *pUpdateACKLen)
 The PKI_UpdateKeyEntries can be used to change key entries of the symmetric key storage (KST). More...
 
phStatus_t phhalHw_Sam_Cmd_PKI_EncipherKeyEntries (phhalHw_Sam_DataParams_t *pDataParams, uint16_t wOption, uint8_t bNoOfKeyEntries, uint8_t bHashingAlg, uint8_t bPKI_KeyNo_Enc, uint8_t bPKI_KeyNo_Sign, uint8_t bPKI_KeyNo_Dec, uint8_t bPKI_KeyNo_Verif, uint16_t wPerso_Ctr, uint8_t *pKeyEntries, uint8_t bKeyEntriesLen, uint8_t *pDivInput, uint8_t bDivInputLen, uint8_t **ppEncKeyFrame_Sign, uint16_t *pEncKeyFrame_Sign_Len)
 Prepare a cryptogram (according to Asymmetric Offline Change Cryptogram) for the PKI offline update of KST key entries on a target SAM. More...
 
phStatus_t phhalHw_Sam_Cmd_PKI_GenerateHash (phhalHw_Sam_DataParams_t *pDataParams, uint16_t wOption, uint8_t bHashingAlg, uint32_t dwMLen, uint8_t *pMessage, uint16_t wMsgLen, uint8_t **ppHash, uint16_t *pHashLen)
 Generate Hash DataFrame from Data. More...
 
phStatus_t phhalHw_Sam_Cmd_PKI_GenerateSignature (phhalHw_Sam_DataParams_t *pDataParams, uint8_t bHashingAlg, uint8_t bPKI_KeyNo_Sign, uint8_t *pHash, uint8_t bHashLen)
 Generate a signature with a given RSA key entry. More...
 
phStatus_t phhalHw_Sam_Cmd_PKI_SendSignature (phhalHw_Sam_DataParams_t *pDataParams, uint8_t **ppSignature, uint16_t *pSignatureLen)
 Get a previously generated signature. More...
 
phStatus_t phhalHw_Sam_Cmd_PKI_VerifySignature (phhalHw_Sam_DataParams_t *pDataParams, uint8_t bPKI_KeyNo_Verif, uint8_t bHashingAlg, uint8_t *pHash, uint8_t bHashLen, uint8_t *pSignature, uint16_t wSignatureLen)
 Verify a hash / signature pair with a given RSA key. More...
 
phStatus_t phhalHw_Sam_Cmd_PKI_EncipherData (phhalHw_Sam_DataParams_t *pDataParams, uint8_t bHashingAlg, uint8_t bPKI_KeyNo_Enc, uint8_t *pPlainData, uint8_t bPlainDataLen, uint8_t **ppEncData, uint16_t *pEncDataLen)
 Performs the offline encryption of plain RSA data. More...
 
phStatus_t phhalHw_Sam_Cmd_PKI_DecipherData (phhalHw_Sam_DataParams_t *pDataParams, uint16_t wOption, uint8_t bHashingAlg, uint8_t bPKI_KeyNo_Dec, uint8_t *pEncData, uint16_t wEncDataLen, uint8_t **ppPlainData, uint16_t *pPlainDataLen)
 Performs the offline decryption of encrypted RSA data. More...
 

Detailed Description

SAM commands used for asymmetric RSA key management, signature handling and symmetric key updates based on PKI.

Function Documentation

◆ phhalHw_Sam_Cmd_PKI_GenerateKeyPair()

phStatus_t phhalHw_Sam_Cmd_PKI_GenerateKeyPair ( phhalHw_Sam_DataParams_t pDataParams,
uint8_t  bOption,
uint8_t  bPKI_KeyNo,
uint16_t  wPKI_Set,
uint8_t  bPKI_KeyNoCEK,
uint8_t  bPKI_KeyVCEK,
uint8_t  bPKI_RefNoKUC,
uint8_t  bPKI_KeyNoAEK,
uint8_t  bPKI_KeyVAEK,
uint16_t  wPKI_NLen,
uint16_t  wPKI_eLen,
uint8_t pPKI_e 
)

Create a pair of a public and private RSA key.

Returns
Status code
Return values
PH_ERR_SUCCESSOperation successful.
PH_ERR_INVALID_DATA_PARAMSpDataParams is NULL.
PH_ERR_INVALID_PARAMETERpPKI_e is NULL.
OtherDepending on implementation and underlaying component.
Parameters
[in]pDataParams[In] Pointer to this layer's parameter structure.
[in]bOption[In] Option for P1 information byte.
[in]bPKI_KeyNo[In] Key reference number of the PKI Key Entry (00h to 01h).
[in]wPKI_Set[In] Configuration settings of the created key entry.
[in]bPKI_KeyNoCEK[In] Key reference number of KST change entry key.
  • 0xFE : No change restriction
  • 0xFF : Entry locked
  • 0x00 - 0x7F: Restricted to specific permanent KST Key Entry
[in]bPKI_KeyVCEK[In] Key version of KST change entry key.
[in]bPKI_RefNoKUC[In] Reference number of key usage counter (00h - 0Fh, FFh).
[in]bPKI_KeyNoAEK[In] Key reference number of KST access entry key.
  • 0xFE : No Access Restrictions
  • 0xFF : Entry Disabled
  • 0x00 - 0x7F : Restricted to specific permanent KST Key Entry
[in]bPKI_KeyVAEK[In] Key version of KST access entry key.
[in]wPKI_NLen[In] RSA key length size in bytes: between 64 and 256 bytes, a multiple of 8 byte.
[in]wPKI_eLen[In] Public exponent length size in bytes between 4 and 256 bytes, a multiple of 4 byte, and shall not be greater than PKI_NLen: between 4 and 256 bytes, a multiple of 4 byte
[in]pPKI_e[In] Public exponent e where eLen is PKI_eLen. It must be an odd integer.

◆ phhalHw_Sam_Cmd_PKI_ImportKey()

phStatus_t phhalHw_Sam_Cmd_PKI_ImportKey ( phhalHw_Sam_DataParams_t pDataParams,
uint8_t  bOption,
uint8_t  bPKI_KeyNo,
uint16_t  wPKI_Set,
uint8_t  bPKI_KeyNoCEK,
uint8_t  bPKI_KeyVCEK,
uint8_t  bPKI_RefNoKUC,
uint8_t  bPKI_KeyNoAEK,
uint8_t  bPKI_KeyVAEK,
uint16_t  wPKI_NLen,
uint16_t  wPKI_eLen,
uint16_t  wPKI_PLen,
uint16_t  wPKI_QLen,
uint8_t pPKI_N,
uint8_t pPKI_e,
uint8_t pPKI_p,
uint8_t pPKI_q,
uint8_t pPKI_dP,
uint8_t pPKI_dQ,
uint8_t pPKI_ipq 
)

Import a public or private RSA key.

Returns
Status code
Return values
PH_ERR_SUCCESSOperation successful.
PH_ERR_INVALID_DATA_PARAMSpDataParams is NULL.
PH_ERR_INVALID_PARAMETER- pPKI_N and pPKI_e are NULL if bOption = Update only key settings
  • pPKI_p, pPKI_q, pPKI_dP, pPKI_dQ and pPKI_ipq are NULL if bOption = Update only key settings and Private Key is included.
OtherDepending on implementation and underlaying component.
Parameters
[in]pDataParams[In] Pointer to this layer's parameter structure.
[in]bOption[In] Option for P1 information byte.
[in]bPKI_KeyNo[In] Key reference number of the PKI Key Entry to update.
  • 0x00 - 0x02: Without private key
  • 0x00 - 0x01: With private key included
[in]wPKI_Set[In] Configuration settings of the imported key entry. It indicates whether a private of public key shall be imported.
[in]bPKI_KeyNoCEK[In] Key reference number of KST change entry key.
  • 0xFE : No change restriction
  • 0xFF : Entry Locked
  • 0x00 - 0x7F: Restricted to specific permanent KST Key Entry
[in]bPKI_KeyVCEK[In] Key version of KST change entry key.
[in]bPKI_RefNoKUC[In] Reference number of key usage counter (00h - 0Fh, FFh).
[in]bPKI_KeyNoAEK[In] Key reference number of KST access entry key
  • 0xFE : No Access Restrictions
  • 0xFF : Entry Disabled
  • 0x00 - 0x7F : Restricted to specific permanent KST Key Entry
[in]bPKI_KeyVAEK[In] Key version of KST access entry key.
[in]wPKI_NLen[In] RSA key length size in bytes: between 64 and 256 bytes, a multiple of 8 byte.
[in]wPKI_eLen[In] Public exponent length size in bytes between 4 and 256 bytes, a multiple of 4 byte, and shall not be greater than PKI_NLen: between 4 and 256 bytes, a multiple of 4 byte.
[in]wPKI_PLen[In] If private key included, the prime p length size in bytes ceil(PKI_pLen / 4) + 2 <= ceil(PKI_NLen / 4).
[in]wPKI_QLen[In] If private key included, the prime q length size in bytes ceil(PKI_qLen/4) + 2 <= ceil(PKI_NLen/4).
[in]pPKI_N[In] If private key included, Modulus N where NLen is PKI_NLen. The most significant 32-bit word of N shall not be equal to zero.
[in]pPKI_e[In] If private key included, Public exponent e where eLen is PKI_eLen. It must be an odd integer.
[in]pPKI_p[In] If private key included, Prime p where pLen is PKI_pLen. The MSB of p shall not be equal to zero.
[in]pPKI_q[In] If private key included, Prime q where pLen is PKI_qLen. The MSB of q shall not be equal to zero.
[in]pPKI_dP[In] If private key included, Private exponent d_p where pLen is PKI_pLen.
[in]pPKI_dQ[In] If private key included, Private exponent d_q where qLen is PKI_qLen.
[in]pPKI_ipq[In] If private key included, Inverse p-1mod(q) where qLen is PKI_qLen.

◆ phhalHw_Sam_Cmd_PKI_ExportPrivateKey()

phStatus_t phhalHw_Sam_Cmd_PKI_ExportPrivateKey ( phhalHw_Sam_DataParams_t pDataParams,
uint16_t  wOption,
uint8_t  bPKI_KeyNo,
uint8_t **  ppKeyData,
uint16_t pKeyDataLen 
)

Export a full RSA key entry (i.e including the private key if present).

A successful host authentication in the LC using SAM_AuthenticateHost with a Host Key is required to execute the PKI_ExportPrivateKey command. This needs to be done with the Host Key referenced by the PKI_KeyNoCEK and PKI_KeyVCEK of the targeted key entry.

Returns
Status code
Return values
PH_ERR_SUCCESSOperation successful.
PH_ERR_SUCCESS_CHAININGOperation successful. More data available to receive from SAM.
PH_ERR_INVALID_DATA_PARAMSpDataParams is NULL.
PH_ERR_INVALID_PARAMETERpKeyDataLen is NULL
OtherDepending on implementation and underlaying component.
Parameters
[in]pDataParams[In] Pointer to this layer's parameter structure.
[in]wOption[In] Option for AEK selection and differentiating between first part and last part of data.
[in]bPKI_KeyNo[In] Key reference number of the PKI Key Entry (00h to 01h).
[out]ppKeyData[Out] Received Private Key information from SAM.
[out]pKeyDataLen[Out] Length of bytes available in ppKeyData buffer.

◆ phhalHw_Sam_Cmd_PKI_ExportPublicKey()

phStatus_t phhalHw_Sam_Cmd_PKI_ExportPublicKey ( phhalHw_Sam_DataParams_t pDataParams,
uint16_t  wOption,
uint8_t  bPKI_KeyNo,
uint8_t **  ppKeyData,
uint16_t pKeyDataLen 
)

Export the public part of an RSA key pair.

Returns
Status code
Return values
PH_ERR_SUCCESSOperation successful.
PH_ERR_SUCCESS_CHAININGOperation successful. More data available to receive from SAM.
PH_ERR_INVALID_DATA_PARAMSpDataParams is NULL.
PH_ERR_INVALID_PARAMETERpKeyDataLen is NULL
OtherDepending on implementation and underlaying component.
Parameters
[in]pDataParams[In] Pointer to this layer's parameter structure.
[in]wOption[In] Option for AEK selection and differentiating between first part and last part of data.
  • Access Entry Key (PKI_KeyNoAEK, PKI_KeyVAEK) received from SAM
  • Should be combined with the above option
[in]bPKI_KeyNo[In] Key reference number of the PKI Key Entry (00h to 02h).
[out]ppKeyData[Out] Received Public Key information from SAM.
[out]pKeyDataLen[Out] Length of bytes available in ppKeyData buffer.

◆ phhalHw_Sam_Cmd_PKI_UpdateKeyEntries()

phStatus_t phhalHw_Sam_Cmd_PKI_UpdateKeyEntries ( phhalHw_Sam_DataParams_t pDataParams,
uint8_t  bOption,
uint8_t  bNoOfKeyEntries,
uint8_t  bHashingAlg,
uint8_t  bPKI_KeyNo_Enc,
uint8_t  bPKI_KeyNo_Sign,
uint8_t  bPKI_KeyNo_Ack,
uint8_t pKeyFrame,
uint16_t  wKeyFrameLen,
uint8_t **  ppUpdateACK,
uint16_t pUpdateACKLen 
)

The PKI_UpdateKeyEntries can be used to change key entries of the symmetric key storage (KST).

  • Executing this command does not use the protection based on the Key Access Control, hence the addressed KST Key Entry’s change entry key (KeyNoCEK) is ignored. Instead the command’s execution is protected by asymmetric techniques using the PKI support of the SAM.
  • The SAM supports the update of up to three key entries with PKI_UpdateKeyEntries. The SAM will limit the number of key entries according to the key size and the hashing function used for OAEP padding.
Returns
Status code
Return values
PH_ERR_SUCCESSOperation successful.
PH_ERR_SUCCESS_CHAININGOperation successful, chaining ongoing.
PH_ERR_INVALID_DATA_PARAMSpDataParams is NULL.
PH_ERR_INVALID_PARAMETERpKeyFrame and pUpdateACKLen are NULL
OtherDepending on implementation and underlaying component.
Parameters
[in]pDataParams[In] Pointer to this layer's parameter structure.
[in]bOption[In] Option for AEK selection and differentiating between first part and last part of data.
  • Acknowledge key number. Option to include Le byte and Acknowledge key number to command frame for receiving the UpdateAck data from Sam hardware.
  • Should be combined with the above option
[in]bNoOfKeyEntries[In] Number of key entries to include in the cryptogram
  • 0x00: RFU
  • 0x01: 1 Key Entry
  • 0x02: 2 Key Entry
  • 0x03: 3 Key Entry
[in]bHashingAlg[In] Hashing algorithm selection (for padding MGFs and digital signature).
[in]bPKI_KeyNo_Enc[In] Key reference number of the PKI Key Entry to be used for decryption (00h to 01h).
[in]bPKI_KeyNo_Sign[In] Key reference number of the PKI Key Entry to be used for signature verification (00h to 02h).
[in]bPKI_KeyNo_Ack[In] Key reference number of the PKI Key Entry to be used for acknowledge signature generation (00h to 01h).
[in]pKeyFrame[In] Buffer containing the RSA encrypted key entries and the signature (EncKeyFrame || Signature).
  • EncKeyFrame: RSA encrypted key frame as RSA_E ( KPKI_KeyNo_Enc , Change_Ctr || KeyNo1 || ProMas1 || NewEntry1 [|| KeyNo2 || ProMas2 || NewEntry2 [|| KeyNo3 || ProMas3 || New Entry3]]) where LenE is the PKI_NLen of the PKI_KeyNo_Enc key entry.
  • Signature: RSA digital signature as RSA_S ( KPKI_KeyNo_Sign , PKI_KeyNo_Enc || PKI_KeyNo_Sign || EncKeyFrame) where LenS is the PKI_NLen of the PKI_KeyNo_Sign key entry
[in]wKeyFrameLen[In] Length of bytes available in wKeyFrameLen buffer.
[out]ppUpdateACK[Out] Buffer containing the RSA encrypted Acknowledge signature.
[out]pUpdateACKLen[Out] Length of bytes available in ppUpdateACK buffer.

◆ phhalHw_Sam_Cmd_PKI_EncipherKeyEntries()

phStatus_t phhalHw_Sam_Cmd_PKI_EncipherKeyEntries ( phhalHw_Sam_DataParams_t pDataParams,
uint16_t  wOption,
uint8_t  bNoOfKeyEntries,
uint8_t  bHashingAlg,
uint8_t  bPKI_KeyNo_Enc,
uint8_t  bPKI_KeyNo_Sign,
uint8_t  bPKI_KeyNo_Dec,
uint8_t  bPKI_KeyNo_Verif,
uint16_t  wPerso_Ctr,
uint8_t pKeyEntries,
uint8_t  bKeyEntriesLen,
uint8_t pDivInput,
uint8_t  bDivInputLen,
uint8_t **  ppEncKeyFrame_Sign,
uint16_t pEncKeyFrame_Sign_Len 
)

Prepare a cryptogram (according to Asymmetric Offline Change Cryptogram) for the PKI offline update of KST key entries on a target SAM.

Returns
Status code
Return values
PH_ERR_SUCCESSOperation successful.
PH_ERR_SUCCESS_CHAININGOperation successful, chaining ongoing.
PH_ERR_INVALID_DATA_PARAMSpDataParams is NULL.
PH_ERR_INVALID_PARAMETERpKeyEntries, pDivInput and pEncKeyFrame_Sign_Len are NULL
OtherDepending on implementation and underlaying component.
Parameters
[in]pDataParams[In] Pointer to this layer's parameter structure.
[in]wOption[In] Option to differentiate between the command frame to be exchanged.
  • Receive first part of information from SAM
  • Receive intermediate or final part of information from SAM
  • For enabling or disabling of key diversification. Should be combined with the above options
[in]bNoOfKeyEntries[In] Number of key entries to include in the cryptogram
  • 0x00: RFU
  • 0x01: 1 Key Entry
  • 0x02: 2 Key Entry
  • 0x03: 3 Key Entry
[in]bHashingAlg[In] Hashing algorithm selection (for padding MGFs and digital signature).
[in]bPKI_KeyNo_Enc[In] Key reference number of the PKI Key Entry to be used for the cryptogram encryption (00h to 02h).
[in]bPKI_KeyNo_Sign[In] Key reference number of the PKI Key Entry to be used for the cryptogram signature generation (00h to 01h).
[in]bPKI_KeyNo_Dec[In] Key reference number of the PKI Key Entry that will be used for decryption in the target SAM (00h to 01h).
[in]bPKI_KeyNo_Verif[In] Key reference number of the PKI Key Entry that will be used for signature verification in the target SAM (00h to 02h).
[in]wPerso_Ctr[In] Targeted offline change counter data.
[in]pKeyEntries[In] Key entry descriptions
  • PersoKeyNo: Key reference number of the KST Key Entry to include in the cryptogram
    • NVM Key: 0x00 - 0x7F
    • RAM Key: 0x#0 - 0xE3
  • KeyNo: Key reference number of the KST Key Entry in the target SAM (0x00 - 0x7F)
[in]bKeyEntriesLen[In] Length of bytes available in pKeyEntries buffer.
[in]pDivInput[In] Diversification input for key diversification. (1 to 31 byte(s) input).
[in]bDivInputLen[In] Length of bytes available in pDivInput buffer.
[out]ppEncKeyFrame_Sign[Out] The Encrypted Key frame and Signature as returned by Sam hardware.
  • EncKeyFrame: RSA encrypted key frame as RSA_E ( KPKI_KeyNo_Enc, Perso_Ctr || KeyNo1 || ProMas1 || NewEntry1 [|| KeyNo2 || ProMas2 || NewEntry2 [|| KeyNo3 || ProMas3 || New Entry3]]) where LenE is the PKI_NLen of the PKI_KeyNo_Enc key entry
  • Signature: RSA digital signature as RSA_S ( KPKI_KeyNo_Sign, PKI_KeyNo_Dec || PKI_KeyNo_Verif || EncKeyFrame) where LenS is the PKI_NLen of the PKI_KeyNo_Sign key entry
[out]pEncKeyFrame_Sign_Len[Out] Length of bytes available in ppEncKeyFrame_Sign buffer.

◆ phhalHw_Sam_Cmd_PKI_GenerateHash()

phStatus_t phhalHw_Sam_Cmd_PKI_GenerateHash ( phhalHw_Sam_DataParams_t pDataParams,
uint16_t  wOption,
uint8_t  bHashingAlg,
uint32_t  dwMLen,
uint8_t pMessage,
uint16_t  wMsgLen,
uint8_t **  ppHash,
uint16_t pHashLen 
)

Generate Hash DataFrame from Data.

Returns
Status code
Return values
PH_ERR_SUCCESSOperation successful.
PH_ERR_SUCCESS_CHAININGOperation successful, chaining ongoing.
PH_ERR_INVALID_DATA_PARAMSpDataParams is NULL.
PH_ERR_INVALID_PARAMETERpMessage and pHashLen are NULL
OtherDepending on implementation and underlaying component.
Parameters
[in]pDataParams[In] Pointer to this layer's parameter structure.
[in]wOption[In] Buffering Options:
[in]bHashingAlg[In] Hashing algorithm selection (for padding MGFs and digital signature).
[in]dwMLen[In] Overall message length (4 byte).
[in]pMessage[In] Message chunk to be hashed.
[in]wMsgLen[In] Length of bytes available in pMessage buffer.
[out]ppHash[Out] Buffer containing the hash after sending the last message chunk.
[out]pHashLen[Out] Length of bytes available in pHashLen buffer.

◆ phhalHw_Sam_Cmd_PKI_GenerateSignature()

phStatus_t phhalHw_Sam_Cmd_PKI_GenerateSignature ( phhalHw_Sam_DataParams_t pDataParams,
uint8_t  bHashingAlg,
uint8_t  bPKI_KeyNo_Sign,
uint8_t pHash,
uint8_t  bHashLen 
)

Generate a signature with a given RSA key entry.

Returns
Status code
Return values
PH_ERR_SUCCESSOperation successful.
PH_ERR_INVALID_DATA_PARAMSpDataParams is NULL.
PH_ERR_INVALID_PARAMETERpHash is NULL
Parameters
[in]pDataParams[In] Pointer to this layer's parameter structure.
[in]bHashingAlg[In] Hashing algorithm selection (for padding MGFs and digital signature).
[in]bPKI_KeyNo_Sign[In] Key reference number of the PKI Key Entry to be used for the cryptogram signature generation (00h to 01h).
[in]pHash[In] Hash message to be signed.
[in]bHashLen[In] Length of bytes available in pHash buffer.

◆ phhalHw_Sam_Cmd_PKI_SendSignature()

phStatus_t phhalHw_Sam_Cmd_PKI_SendSignature ( phhalHw_Sam_DataParams_t pDataParams,
uint8_t **  ppSignature,
uint16_t pSignatureLen 
)

Get a previously generated signature.

Returns
Status code
Return values
PH_ERR_SUCCESSOperation successful.
PH_ERR_INVALID_DATA_PARAMSpDataParams is NULL.
PH_ERR_INVALID_PARAMETERpHash is NULL
Parameters
[in]pDataParams[In] Pointer to this layer's parameter structure.
[out]ppSignature[Out] The signature received from Sam hardware.
[out]pSignatureLen[Out] Length of bytes available in ppSignature buffer.

◆ phhalHw_Sam_Cmd_PKI_VerifySignature()

phStatus_t phhalHw_Sam_Cmd_PKI_VerifySignature ( phhalHw_Sam_DataParams_t pDataParams,
uint8_t  bPKI_KeyNo_Verif,
uint8_t  bHashingAlg,
uint8_t pHash,
uint8_t  bHashLen,
uint8_t pSignature,
uint16_t  wSignatureLen 
)

Verify a hash / signature pair with a given RSA key.

Returns
Status code
Return values
PH_ERR_SUCCESSOperation successful.
PH_ERR_INVALID_DATA_PARAMSpDataParams is NULL.
PH_ERR_INVALID_PARAMETERpHash and pSignature are NULL
Parameters
[in]pDataParams[In] Pointer to this layer's parameter structure.
[in]bPKI_KeyNo_Verif[In] Key reference number of the PKI Key Entry to be used for the cryptogram signature verification (00h to 02h)
[in]bHashingAlg[In] Hashing algorithm selection (for padding MGFs and digital signature).
[in]pHash[In] Hash message to be signed.
[in]bHashLen[In] Length of bytes available in pHash buffer.
[in]pSignature[In] RSA digital signature where NLen is the PKI_NLen of the PKI_KeyNo key entry
[in]wSignatureLen[In] Length of bytes available in pSignature buffer.

◆ phhalHw_Sam_Cmd_PKI_EncipherData()

phStatus_t phhalHw_Sam_Cmd_PKI_EncipherData ( phhalHw_Sam_DataParams_t pDataParams,
uint8_t  bHashingAlg,
uint8_t  bPKI_KeyNo_Enc,
uint8_t pPlainData,
uint8_t  bPlainDataLen,
uint8_t **  ppEncData,
uint16_t pEncDataLen 
)

Performs the offline encryption of plain RSA data.

Returns
Status code
Return values
PH_ERR_SUCCESSOperation successful.
PH_ERR_INVALID_DATA_PARAMSpDataParams is NULL.
PH_ERR_INVALID_PARAMETERpPlainData and pEncDataLen are NULL
OtherDepending on implementation and underlaying component.
Parameters
[in]pDataParams[In] Pointer to this layer's parameter structure.
[in]bHashingAlg[In] Hashing algorithm selection (for padding MGFs and digital signature).
[in]bPKI_KeyNo_Enc[In] Key reference number of the PKI Key Entry to be used for encryption (00h to 02h).
[in]pPlainData[In] RSA Plain Data to be encrypted where mLen (wPlainDataLen) is restricted by the PKI_NLen of the PKI_KeyNo_Enc key entry and the output length of the hash function
[in]bPlainDataLen[In] Length of bytes available in pPlainData buffer.
[out]ppEncData[Out] RSA encrypted data as EncData = RSA_E ( KPKI_KeyNo_Enc , PlainData) where LenE is the PKI_NLen of the PKI_KeyNo_Enc key entry.
[out]pEncDataLen[Out] Length of bytes available in ppEncData buffer.

◆ phhalHw_Sam_Cmd_PKI_DecipherData()

phStatus_t phhalHw_Sam_Cmd_PKI_DecipherData ( phhalHw_Sam_DataParams_t pDataParams,
uint16_t  wOption,
uint8_t  bHashingAlg,
uint8_t  bPKI_KeyNo_Dec,
uint8_t pEncData,
uint16_t  wEncDataLen,
uint8_t **  ppPlainData,
uint16_t pPlainDataLen 
)

Performs the offline decryption of encrypted RSA data.

Returns
Status code
Return values
PH_ERR_SUCCESSOperation successful.
PH_ERR_INVALID_DATA_PARAMSpDataParams is NULL.
PH_ERR_INVALID_PARAMETERpEncData and pPlainDataLen are NULL
OtherDepending on implementation and underlaying component.
Parameters
[in]pDataParams[In] Pointer to this layer's parameter structure.
[in]wOption[In] Option parameter:
[in]bHashingAlg[In] Hashing algorithm selection (for padding MGFs and digital signature).
[in]bPKI_KeyNo_Dec[In] Key reference number of the PKI Key Entry to be used for decryption (00h to 01h).
[in]pEncData[In] RSA encrypted data as EncData = RSA_E ( KPKI_KeyNo_Enc , PlainData) where LenE is the PKI_NLen of the PKI_KeyNo_Enc key entry
[in]wEncDataLen[In] Length of bytes available in pEncData buffer.
[in]ppPlainData[In] RSA decrypted data as PlainData= RSA_D ( KPKI_KeyNo_Enc , EncData) where mLen is limited by the PKI_NLen of the PKI_Key No_Enc key entry and the output length of the hash function
[in]pPlainDataLen[In] Length of bytes available in ppPlainData buffer.