Detailed Description

Interface for Renesas Secure IP (RSIP) functions.

Summary

The RSIP interface provides RSIP functionality.

Data Structures
struct	rsip_wrapped_key_t

struct	rsip_key_update_key_t

struct	rsip_sha_handle_t

struct	rsip_hmac_handle_t

struct	rsip_cfg_t

struct	rsip_api_t

struct	rsip_instance_t

Typedefs
typedef void	rsip_ctrl_t

Enumerations
enum	rsip_alg_t

enum	rsip_key_subtype_t

enum	rsip_key_type_t

enum	rsip_key_pair_type_t

enum	rsip_byte_size_wrapped_key_t

enum	rsip_aes_cipher_mode_t

enum	rsip_aes_aead_mode_t

enum	rsip_aes_mac_mode_t

enum	rsip_hash_type_t

enum	rsip_mgf_type_t

enum	rsip_rsa_salt_length_t

enum	rsip_otf_channel_t

Data Structure Documentation

◆ rsip_wrapped_key_t

struct rsip_wrapped_key_t

Wrapped key structure for all supported algorithms. The struct length of each algorithm is defined by RSIP_BYTE_SIZE_WRAPPED_KEY macro.

Data Fields
uint8_t	alg	Key algorithm.
uint8_t	subtype	Key sub type.
uint8_t	info[2]	Reserved area.
uint8_t	value[]	Variable length array to store the key value.

◆ rsip_key_update_key_t

struct rsip_key_update_key_t

Key Update Key (KUK)

◆ rsip_sha_handle_t

struct rsip_sha_handle_t

Working area for SHA functions. DO NOT MODIFY.

◆ rsip_hmac_handle_t

struct rsip_hmac_handle_t

Working area for HMAC functions. DO NOT MODIFY.

◆ rsip_cfg_t

struct rsip_cfg_t

User configuration structure, used in open function

Data Fields
void const *	p_extend	Hardware-dependent configuration.

◆ rsip_api_t

struct rsip_api_t

RSIP driver structure. General RSIP functions implemented at the HAL layer follow this API.

Data Fields
fsp_err_t(*	open )(rsip_ctrl_t const p_ctrl, rsip_cfg_t const const p_cfg)

fsp_err_t(*	close )(rsip_ctrl_t *const p_ctrl)

fsp_err_t(*	randomNumberGenerate )(rsip_ctrl_t const p_ctrl, uint8_t const p_random)

fsp_err_t(*	keyGenerate )(rsip_ctrl_t const p_ctrl, rsip_key_type_t const key_type, rsip_wrapped_key_t const p_wrapped_key)

fsp_err_t(*	keyPairGenerate )(rsip_ctrl_t const p_ctrl, rsip_key_pair_type_t const key_pair_type, rsip_wrapped_key_t const p_wrapped_public_key, rsip_wrapped_key_t *const p_wrapped_private_key)

fsp_err_t(*	encryptedKeyWrap )(rsip_ctrl_t const p_ctrl, rsip_key_update_key_t const const p_key_update_key, uint8_t const const p_initial_vector, rsip_key_type_t const key_type, uint8_t const const p_encrypted_key, rsip_wrapped_key_t *const p_wrapped_key)

fsp_err_t(*	rfc3394_KeyWrap )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_kek, rsip_wrapped_key_t const const p_wrapped_target_key, uint8_t const p_rfc3394_wrapped_target_key)

fsp_err_t(*	rfc3394_KeyUnwrap )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_kek, rsip_key_type_t const key_type, uint8_t const const p_rfc3394_wrapped_target_key, rsip_wrapped_key_t const p_wrapped_target_key)

fsp_err_t(*	injectedKeyImport )(rsip_key_type_t const key_type, uint8_t const const p_injected_key, rsip_wrapped_key_t const p_wrapped_key, uint32_t const wrapped_key_buffer_length)

fsp_err_t(*	publicKeyExport )(rsip_wrapped_key_t const const p_wrapped_public_key, uint8_t const p_raw_public_key)

fsp_err_t(*	aesCipherInit )(rsip_ctrl_t const p_ctrl, rsip_aes_cipher_mode_t const mode, rsip_wrapped_key_t const const p_wrapped_key, uint8_t const *const p_initial_vector)

fsp_err_t(*	aesCipherUpdate )(rsip_ctrl_t const p_ctrl, uint8_t const const p_input, uint8_t *const p_output, uint32_t const length)

fsp_err_t(*	aesCipherFinish )(rsip_ctrl_t *const p_ctrl)

fsp_err_t(*	aesAeadInit )(rsip_ctrl_t const p_ctrl, rsip_aes_aead_mode_t const mode, rsip_wrapped_key_t const const p_wrapped_key, uint8_t const *const p_nonce, uint32_t const nonce_length)

fsp_err_t(*	aesAeadLengthsSet )(rsip_ctrl_t *const p_ctrl, uint32_t const total_aad_length, uint32_t const total_text_length, uint32_t const tag_length)

fsp_err_t(*	aesAeadAadUpdate )(rsip_ctrl_t const p_ctrl, uint8_t const const p_aad, uint32_t const aad_length)

fsp_err_t(*	aesAeadUpdate )(rsip_ctrl_t const p_ctrl, uint8_t const const p_input, uint32_t const input_length, uint8_t const p_output, uint32_t const p_output_length)

fsp_err_t(*	aesAeadFinish )(rsip_ctrl_t const p_ctrl, uint8_t const p_output, uint32_t const p_output_length, uint8_t const p_tag)

fsp_err_t(*	aesAeadVerify )(rsip_ctrl_t const p_ctrl, uint8_t const p_output, uint32_t const p_output_length, uint8_t const const p_tag, uint32_t const tag_length)

fsp_err_t(*	aesMacInit )(rsip_ctrl_t const p_ctrl, rsip_aes_mac_mode_t const mode, rsip_wrapped_key_t const const p_wrapped_key)

fsp_err_t(*	aesMacUpdate )(rsip_ctrl_t const p_ctrl, uint8_t const const p_message, uint32_t const message_length)

fsp_err_t(*	aesMacSignFinish )(rsip_ctrl_t const p_ctrl, uint8_t const p_mac)

fsp_err_t(*	aesMacVerifyFinish )(rsip_ctrl_t const p_ctrl, uint8_t const const p_mac, uint32_t const mac_length)

fsp_err_t(*	ecdsaSign )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_private_key, uint8_t const const p_hash, uint8_t const p_signature)

fsp_err_t(*	ecdsaVerify )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_public_key, uint8_t const const p_hash, uint8_t const const p_signature)

fsp_err_t(*	rsaEncrypt )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_public_key, uint8_t const const p_plain, uint8_t const p_cipher)

fsp_err_t(*	rsaDecrypt )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_private_key, uint8_t const const p_cipher, uint8_t const p_plain)

fsp_err_t(*	rsaesPkcs1V15Encrypt )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_public_key, uint8_t const const p_plain, uint32_t const plain_length, uint8_t const p_cipher)

fsp_err_t(*	rsaesPkcs1V15Decrypt )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_private_key, uint8_t const const p_cipher, uint8_t const p_plain, uint32_t *const p_plain_length, uint32_t const plain_buffer_length)

fsp_err_t(*	rsaesOaepEncrypt )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_public_key, rsip_hash_type_t const hash_function, rsip_mgf_type_t const mask_generation_function, uint8_t const const p_label, uint32_t const label_length, uint8_t const const p_plain, uint32_t const plain_length, uint8_t *const p_cipher)

fsp_err_t(*	rsaesOaepDecrypt )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_private_key, rsip_hash_type_t const hash_function, rsip_mgf_type_t const mask_generation_function, uint8_t const const p_label, uint32_t const label_length, uint8_t const const p_cipher, uint8_t const p_plain, uint32_t const p_plain_length, uint32_t const plain_buffer_length)

fsp_err_t(*	rsassaPkcs1V15Sign )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_private_key, rsip_hash_type_t const hash_function, uint8_t const const p_hash, uint8_t const p_signature)

fsp_err_t(*	rsassaPkcs1V15Verify )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_public_key, rsip_hash_type_t const hash_function, uint8_t const const p_hash, uint8_t const const p_signature)

fsp_err_t(*	rsassaPssSign )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_private_key, rsip_hash_type_t const hash_function, rsip_mgf_type_t const mask_generation_function, uint32_t const salt_length, uint8_t const const p_hash, uint8_t const p_signature)

fsp_err_t(*	rsassaPssVerify )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_public_key, rsip_hash_type_t const hash_function, rsip_mgf_type_t const mask_generation_function, uint32_t const salt_length, uint8_t const const p_hash, uint8_t const const p_signature)

fsp_err_t(*	shaCompute )(rsip_ctrl_t const p_ctrl, rsip_hash_type_t const hash_type, uint8_t const const p_message, uint32_t const message_length, uint8_t *const p_digest)

fsp_err_t(*	shaInit )(rsip_ctrl_t *const p_ctrl, rsip_hash_type_t const hash_type)

fsp_err_t(*	shaUpdate )(rsip_ctrl_t const p_ctrl, uint8_t const const p_message, uint32_t const message_length)

fsp_err_t(*	shaFinish )(rsip_ctrl_t const p_ctrl, uint8_t const p_digest)

fsp_err_t(*	shaSuspend )(rsip_ctrl_t const p_ctrl, rsip_sha_handle_t const p_handle)

fsp_err_t(*	shaResume )(rsip_ctrl_t const p_ctrl, rsip_sha_handle_t const const p_handle)

fsp_err_t(*	hmacCompute )(rsip_ctrl_t const p_ctrl, const rsip_wrapped_key_t p_wrapped_key, uint8_t const const p_message, uint32_t const message_length, uint8_t const p_mac)

fsp_err_t(*	hmacVerify )(rsip_ctrl_t const p_ctrl, const rsip_wrapped_key_t p_wrapped_key, uint8_t const const p_message, uint32_t const message_length, uint8_t const const p_mac, uint32_t const mac_length)

fsp_err_t(*	hmacInit )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_key)

fsp_err_t(*	hmacUpdate )(rsip_ctrl_t const p_ctrl, uint8_t const const p_message, uint32_t const message_length)

fsp_err_t(*	hmacSignFinish )(rsip_ctrl_t const p_ctrl, uint8_t const p_mac)

fsp_err_t(*	hmacVerifyFinish )(rsip_ctrl_t const p_ctrl, uint8_t const const p_mac, uint32_t const mac_length)

fsp_err_t(*	hmacSuspend )(rsip_ctrl_t const p_ctrl, rsip_hmac_handle_t const p_handle)

fsp_err_t(*	hmacResume )(rsip_ctrl_t const p_ctrl, rsip_hmac_handle_t const const p_handle)

fsp_err_t(*	otfInit )(rsip_ctrl_t const p_ctrl, rsip_otf_channel_t const channel, rsip_wrapped_key_t const p_wrapped_key, uint8_t const *const p_seed)

Field Documentation

◆ open

fsp_err_t(* rsip_api_t::open) (rsip_ctrl_t *const p_ctrl, rsip_cfg_t const *const p_cfg)

Enables use of Renesas Secure IP functionality.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_cfg	Pointer to configuration structure.

◆ close

fsp_err_t(* rsip_api_t::close) (rsip_ctrl_t *const p_ctrl)

Disables use of Renesas Secure IP functionality.

Parameters

[in,out] p_ctrl Pointer to control block.

◆ randomNumberGenerate

fsp_err_t(* rsip_api_t::randomNumberGenerate) (rsip_ctrl_t *const p_ctrl, uint8_t *const p_random)

Generates a 128-bit random number.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[out]	p_random	128bit random numbers.

◆ keyGenerate

fsp_err_t(* rsip_api_t::keyGenerate) (rsip_ctrl_t *const p_ctrl, rsip_key_type_t const key_type, rsip_wrapped_key_t *const p_wrapped_key)

Generate a wrapped symmetric key from a random number. In this API, user key input is unnecessary. By encrypting data using the wrapped key is output by this API, dead copying of data can be prevented.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	key_type	Outputs key type.
[out]	p_wrapped_key	Pointer to destination of wrapped key. The length depends on key type. Refer "Key Size Table".

◆ keyPairGenerate

fsp_err_t(* rsip_api_t::keyPairGenerate) (rsip_ctrl_t *const p_ctrl, rsip_key_pair_type_t const key_pair_type, rsip_wrapped_key_t *const p_wrapped_public_key, rsip_wrapped_key_t *const p_wrapped_private_key)

Generate a wrapped asymmetric key pair from a random number. In this API, user key input is unnecessary. By encrypting data using the wrapped key is output by this API, dead copying of data can be prevented.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	key_pair_type	Output key pair type.
[out]	p_wrapped_public_key	Key index for Public Key. The length depends on the key type. Refer "Key Size Table".
[out]	p_wrapped_private_key	Key index for Private Key. The length depends on the key type. Refer "Key Size Table".

◆ encryptedKeyWrap

fsp_err_t(* rsip_api_t::encryptedKeyWrap) (rsip_ctrl_t *const p_ctrl, rsip_key_update_key_t const *const p_key_update_key, uint8_t const *const p_initial_vector, rsip_key_type_t const key_type, uint8_t const *const p_encrypted_key, rsip_wrapped_key_t *const p_wrapped_key)

Decrypt the encrypted user key with Key Update Key (KUK) and wrap it with the Hardware Unique Key (HUK).

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_key_update_key	Pointer to Key Update Key.
[in]	p_initial_vector	Initialization vector when generating encrypted_key. The length is 16 bytes.
[in]	key_type	Inputs/Outputs key type.
[in]	p_encrypted_key	Encrypted user key. The length depends on the key type. Refer "Key Size Table".
[out]	p_wrapped_key	Pointer to destination of wrapped key. The length depends on key type. Refer "Key Size Table".

◆ rfc3394_KeyWrap

fsp_err_t(* rsip_api_t::rfc3394_KeyWrap) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_kek, rsip_wrapped_key_t const *const p_wrapped_target_key, uint8_t *const p_rfc3394_wrapped_target_key)

This function provides Key Wrap algorithm compliant with RFC3394. Using p_wrapped_kek to wrap p_wrapped_target_key, and output the result to p_rfc3394_wrapped_target_key.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_kek	Pointer to wrapped key-encryption-key used to RFC3394-wrap the target key.
[in]	p_wrapped_target_key	Pointer to wrapped target key to be RFC3394-wrapped.
[out]	p_rfc3394_wrapped_target_key	Pointer to destination of RFC3394-wrapped target key.

◆ rfc3394_KeyUnwrap

fsp_err_t(* rsip_api_t::rfc3394_KeyUnwrap) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_kek, rsip_key_type_t const key_type, uint8_t const *const p_rfc3394_wrapped_target_key, rsip_wrapped_key_t *const p_wrapped_target_key)

This function provides Key Unwrap algorithm compliant with RFC3394. Using p_wrapped_kek to unwrap p_rfc3394_wrapped_target_key, and output the result to p_wrapped_target_key.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_kek	Pointer to wrapped key-encryption-key used to RFC3394-unwrap the target key.
[in]	key_type	Key type of p_rfc3394_wrapped_target_key.
[in]	p_rfc3394_wrapped_target_key	Pointer to AES-wrapped target key to be RFC3394-unwrapped.
[out]	p_wrapped_target_key	Pointer to destination of RFC3394-unwrapped target key.

◆ injectedKeyImport

fsp_err_t(* rsip_api_t::injectedKeyImport) (rsip_key_type_t const key_type, uint8_t const *const p_injected_key, rsip_wrapped_key_t *const p_wrapped_key, uint32_t const wrapped_key_buffer_length)

This function provides the ability to construct structure data "rsip_wrapped_key_t" from injected key data. The value of injected key is not validated in this API. Refer "Key Size Table" for supported key types.

Parameters

[in]	key_type	Key type of p_injected_key.
[in]	p_injected_key	Pointer to key to be injected.
[out]	p_wrapped_key	Pointer to destination of wrapped key.
[in]	wrapped_key_buffer_length	Length of p_wrapped_key destination. It must be equal to or greater than actual wrapped key.

◆ publicKeyExport

fsp_err_t(* rsip_api_t::publicKeyExport) (rsip_wrapped_key_t const *const p_wrapped_public_key, uint8_t *const p_raw_public_key)

Exports public key parameters from a wrapped key.

Parameters

[in]	p_wrapped_public_key	Key index for Public Key. The length depends on the key type. Refer "Key Size Table".
[out]	p_raw_public_key	Pointer to destination of raw public key. The length depends on the key length.

◆ aesCipherInit

fsp_err_t(* rsip_api_t::aesCipherInit) (rsip_ctrl_t *const p_ctrl, rsip_aes_cipher_mode_t const mode, rsip_wrapped_key_t const *const p_wrapped_key, uint8_t const *const p_initial_vector)

Set parameters of AES cipher.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	mode	Block cipher modes of operation for AES.
[in]	p_wrapped_key	Pointer to wrapped key of AES or XTS-AES key.
[in]	p_initial_vector	Pointer to initialization vector (IV) or nonce. The length is 16 bytes. [ECB] Not required [CBC][XTS] IV [CTR] Nonce

◆ aesCipherUpdate

fsp_err_t(* rsip_api_t::aesCipherUpdate) (rsip_ctrl_t *const p_ctrl, uint8_t const *const p_input, uint8_t *const p_output, uint32_t const length)

Encrypt plaintext.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_input	Pointer to input text. The length is given as the argument.
[out]	p_output	Pointer to destination of output text. The length is given as the argument.
[in]	length	Byte length of input and output. [ECB][CBC][CTR] Must be 0 or a multiple of 16. [XTS] Must be 0 or greater than or equal to 16. After an integer not divisible by 16 is input, update can no longer be executed.

◆ aesCipherFinish

fsp_err_t(* rsip_api_t::aesCipherFinish) (rsip_ctrl_t *const p_ctrl)

Finalize AES operation.

Parameters

[in,out] p_ctrl Pointer to control block.

◆ aesAeadInit

fsp_err_t(* rsip_api_t::aesAeadInit) (rsip_ctrl_t *const p_ctrl, rsip_aes_aead_mode_t const mode, rsip_wrapped_key_t const *const p_wrapped_key, uint8_t const *const p_nonce, uint32_t const nonce_length)

Prepares an AES-AEAD function.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	mode	AEAD mode of operation.
[in]	p_wrapped_key	Pointer to wrapped key of AES key.
[in]	p_nonce	Pointer to nonce. The length is nonce_length.
[in]	nonce_length	Byte length of nonce. Input 1 or more.

◆ aesAeadLengthsSet

fsp_err_t(* rsip_api_t::aesAeadLengthsSet) (rsip_ctrl_t *const p_ctrl, uint32_t const total_aad_length, uint32_t const total_text_length, uint32_t const tag_length)

Set text and tag lengths for specific mode.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	total_aad_length	Total AAD length.
[in]	total_text_length	Total input and output text length.
[in]	tag_length	Input or output tag length.

◆ aesAeadAadUpdate

fsp_err_t(* rsip_api_t::aesAeadAadUpdate) (rsip_ctrl_t *const p_ctrl, uint8_t const *const p_aad, uint32_t const aad_length)

Inputs additional authentication data.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_aad	Additional authentication data. The length depends on aad_length.
[in]	aad_length	Byte length of additional authentication data (0 or more bytes). After starting input of plaintext, this value must always be 0.

◆ aesAeadUpdate

fsp_err_t(* rsip_api_t::aesAeadUpdate) (rsip_ctrl_t *const p_ctrl, uint8_t const *const p_input, uint32_t const input_length, uint8_t *const p_output, uint32_t *const p_output_length)

Inputs test and executes encryption and decryption.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_input	Pointer to input text. The length is input_length.
[in]	input_length	Byte length of input text (0 or more bytes).
[out]	p_output	Pointer to destination of output text. The length is p_output_length.
[out]	p_output_length	Pointer to destination of output text length.

◆ aesAeadFinish

fsp_err_t(* rsip_api_t::aesAeadFinish) (rsip_ctrl_t *const p_ctrl, uint8_t *const p_output, uint32_t *const p_output_length, uint8_t *const p_tag)

Finalizes an AES-GCM encryption.

If there is 16-byte fractional data indicated by the total data length of the value of p_plain that was input by R_RSIP_AES_GCM_EncryptUpdate(), this API will output the result of encrypting that fractional data to p_cipher. Here, the portion that does not reach 16 bytes will be padded with zeros.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[out]	p_output	Pointer to destination of output text. The fractional block is output.
[out]	p_output_length	Pointer to destination of output text length.
[out]	p_tag	Pointer to destination of tag for authentication. GCM : The length is 16 bytes. *If a different tag length is required, truncate the 16-byte tag to the required tag length (NIST SP800-38D 7.1). CCM : The length is the value set by the API R_RSIP_AES_AEAD_LengthsSet().

◆ aesAeadVerify

fsp_err_t(* rsip_api_t::aesAeadVerify) (rsip_ctrl_t *const p_ctrl, uint8_t *const p_output, uint32_t *const p_output_length, uint8_t const *const p_tag, uint32_t const tag_length)

Finalizes an AES-GCM decryption.

If there is 16-byte fractional data indicated by the total data length of the value of p_cipher that was input by R_RSIP_AES_GCM_DecryptUpdate(), this API will output the result of decrypting that fractional data to p_cipher. Here, the portion that does not reach 16 bytes will be padded with zeros.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[out]	p_output	Pointer to destination of decrypted data.
[out]	p_output_length	Pointer to destination of decrypted data length.
[in]	p_tag	Pointer to destination of tag for authentication.The length depends on tag_length.
[in]	tag_length	Byte length of tag. Must be 1 to 16.

◆ aesMacInit

fsp_err_t(* rsip_api_t::aesMacInit) (rsip_ctrl_t *const p_ctrl, rsip_aes_mac_mode_t const mode, rsip_wrapped_key_t const *const p_wrapped_key)

Prepares an AES-MAC generation and verification.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	mode	MAC mode of operation
[in]	p_wrapped_key	Pointer to wrapped key of AES key.

◆ aesMacUpdate

fsp_err_t(* rsip_api_t::aesMacUpdate) (rsip_ctrl_t *const p_ctrl, uint8_t const *const p_message, uint32_t const message_length)

Input message. Inside this function, the data that is input by the user is buffered until the input value of p_message exceeds 16 bytes. If the input value, p_message, is not a multiple of 16 bytes, it will be padded within the function.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_message	Pointer to message. The length is message_length.
[in]	message_length	Byte length of message (0 or more bytes).

◆ aesMacSignFinish

fsp_err_t(* rsip_api_t::aesMacSignFinish) (rsip_ctrl_t *const p_ctrl, uint8_t *const p_mac)

Finalizes an AES-CMAC generation.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[out]	p_mac	Pointer to destination of MAC. The length is 16 bytes.

◆ aesMacVerifyFinish

fsp_err_t(* rsip_api_t::aesMacVerifyFinish) (rsip_ctrl_t *const p_ctrl, uint8_t const *const p_mac, uint32_t const mac_length)

Finalizes an AES-CMAC verification.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_mac	Pointer to MAC. The length depends on mac_length.
[in]	mac_length	Byte length of MAC. Must be 2 to 16.

◆ ecdsaSign

fsp_err_t(* rsip_api_t::ecdsaSign) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_private_key, uint8_t const *const p_hash, uint8_t *const p_signature)

Signs a hashed message. The message hash should be generated in advance.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_private_key	Pointer to wrapped key of ECC private key.
[in]	p_hash	Pointer to hash value. The length is as same as the key length.
[out]	p_signature	Pointer to destination of signature (r, s). The length is twice as long as the key length.

◆ ecdsaVerify

fsp_err_t(* rsip_api_t::ecdsaVerify) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_public_key, uint8_t const *const p_hash, uint8_t const *const p_signature)

Verifies a hashed message. The message hash should be generated in advance.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_public_key	Pointer to wrapped key of ECC public key.
[in]	p_hash	Pointer to hash value. The length is as same as the key length.
[in]	p_signature	Pointer to signature (r, s).The length is twice as long as the key length.

◆ rsaEncrypt

fsp_err_t(* rsip_api_t::rsaEncrypt) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_public_key, uint8_t const *const p_plain, uint8_t *const p_cipher)

Encrypts plaintext with raw RSA.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_public_key	Pointer to wrapped key of RSA public key.
[in]	p_plain	Pointer to plaintext. The length is as same as the key length.
[out]	p_cipher	Pointer to destination of ciphertext. The length is as same as the key length.

◆ rsaDecrypt

fsp_err_t(* rsip_api_t::rsaDecrypt) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_private_key, uint8_t const *const p_cipher, uint8_t *const p_plain)

Decrypts ciphertext with raw RSA.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_private_key	Pointer to wrapped key of RSA private key.
[in]	p_cipher	Pointer to ciphertext. The length is as same as the key length.
[out]	p_plain	Pointer to destination of plaintext. The length is as same as the key length.

◆ rsaesPkcs1V15Encrypt

fsp_err_t(* rsip_api_t::rsaesPkcs1V15Encrypt) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_public_key, uint8_t const *const p_plain, uint32_t const plain_length, uint8_t *const p_cipher)

Encrypts plaintext with RSAES-PKCS1-v1_5.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_public_key	Pointer to wrapped key of RSA public key.
[in]	p_plain	Pointer to plaintext.
[in]	plain_length	Length of plaintext.
[out]	p_cipher	Pointer to destination of ciphertext. The length is as same as the key length.

◆ rsaesPkcs1V15Decrypt

fsp_err_t(* rsip_api_t::rsaesPkcs1V15Decrypt) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_private_key, uint8_t const *const p_cipher, uint8_t *const p_plain, uint32_t *const p_plain_length, uint32_t const plain_buffer_length)

Decrypts with RSAES-PKCS1-v1_5.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_private_key	Pointer to wrapped key of RSA private key.
[in]	p_cipher	Pointer to ciphertext. The length is as same as the key length.
[out]	p_plain	Pointer to destination of plaintext.
[out]	p_plain_length	Pointer to destination of actual plaintext length.
[in]	plain_buffer_length	Length of plaintext destination. It must be equal to or greater than *p_plain_length.

◆ rsaesOaepEncrypt

fsp_err_t(* rsip_api_t::rsaesOaepEncrypt) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_public_key, rsip_hash_type_t const hash_function, rsip_mgf_type_t const mask_generation_function, uint8_t const *const p_label, uint32_t const label_length, uint8_t const *const p_plain, uint32_t const plain_length, uint8_t *const p_cipher)

Encrypts plaintext with RSAES-OAEP.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_public_key	Pointer to wrapped key of RSA public key.
[in]	hash_function	Hash function for label.
[in]	mask_generation_function	Mask generation function in EME-OAEP encoding.
[in]	p_label	Pointer to label. If label_length != 0, p_label must not be NULL.
[in]	label_length	Length of label. Please set 0 or more.
[in]	p_plain	Pointer to plaintext.
[in]	plain_length	Length of plaintext.
[out]	p_cipher	Pointer to destination of ciphertext. The length is as same as the key length.

◆ rsaesOaepDecrypt

fsp_err_t(* rsip_api_t::rsaesOaepDecrypt) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_private_key, rsip_hash_type_t const hash_function, rsip_mgf_type_t const mask_generation_function, uint8_t const *const p_label, uint32_t const label_length, uint8_t const *const p_cipher, uint8_t *const p_plain, uint32_t *const p_plain_length, uint32_t const plain_buffer_length)

Decrypts ciphertext with RSAES-OAEP.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_private_key	Pointer to wrapped key of RSA private key.
[in]	hash_function	Hash function for label.
[in]	mask_generation_function	Mask generation function in EME-OAEP encoding.
[in]	p_label	Pointer to label. If label_length != 0, p_label must not be NULL.
[in]	label_length	Length of label. Please set 0 or more.
[in]	p_cipher	Pointer to ciphertext. The length is as same as the key length.
[out]	p_plain	Pointer to destination of plaintext.
[out]	p_plain_length	Pointer to destination of actual plaintext length.
[in]	plain_buffer_length	Length of plaintext destination. It must be equal to or greater than *p_plain_length.

◆ rsassaPkcs1V15Sign

fsp_err_t(* rsip_api_t::rsassaPkcs1V15Sign) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_private_key, rsip_hash_type_t const hash_function, uint8_t const *const p_hash, uint8_t *const p_signature)

Signs message with RSASSA-PKCS1-v1_5.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_private_key	Pointer to wrapped key of RSA private key.
[in]	hash_function	Hash function in EMSA-PKCS1-v1_5.
[in]	p_hash	Pointer to input hash.
[out]	p_signature	Pointer to destination of signature.

◆ rsassaPkcs1V15Verify

fsp_err_t(* rsip_api_t::rsassaPkcs1V15Verify) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_public_key, rsip_hash_type_t const hash_function, uint8_t const *const p_hash, uint8_t const *const p_signature)

Verifies signature with RSASSA-PKCS1-v1_5.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_public_key	Pointer to wrapped key of RSA public key.
[in]	hash_function	Hash function in EMSA-PKCS1-v1_5.
[in]	p_hash	Pointer to input hash.
[in]	p_signature	Pointer to input signature.

◆ rsassaPssSign

fsp_err_t(* rsip_api_t::rsassaPssSign) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_private_key, rsip_hash_type_t const hash_function, rsip_mgf_type_t const mask_generation_function, uint32_t const salt_length, uint8_t const *const p_hash, uint8_t *const p_signature)

Signs message with RSASSA-PSS.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_private_key	Pointer to wrapped key of RSA private key.
[in]	hash_function	Hash function in EMSA-PSS-ENCODE.
[in]	mask_generation_function	Mask generation function in EMSA-PSS-ENCODE.
[in]	salt_length	Salt length.
[in]	p_hash	Pointer to input hash.
[out]	p_signature	Pointer to destination of signature.

◆ rsassaPssVerify

fsp_err_t(* rsip_api_t::rsassaPssVerify) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_public_key, rsip_hash_type_t const hash_function, rsip_mgf_type_t const mask_generation_function, uint32_t const salt_length, uint8_t const *const p_hash, uint8_t const *const p_signature)

Verifies signature with RSASSA-PSS.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_public_key	Pointer to wrapped key of RSA public key.
[in]	hash_function	Hash function in EMSA-PSS-VERIFY.
[in]	mask_generation_function	Mask generation function in EMSA-PSS-VERIFY.
[in]	salt_length	Salt length.
[in]	p_hash	Pointer to input hash.
[in]	p_signature	Pointer to input signature.

◆ shaCompute

fsp_err_t(* rsip_api_t::shaCompute) (rsip_ctrl_t *const p_ctrl, rsip_hash_type_t const hash_type, uint8_t const *const p_message, uint32_t const message_length, uint8_t *const p_digest)

Generates SHA message digest.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	hash_type	Generating hash type.
[in]	p_message	Pointer to message. The length is message_length.
[in]	message_length	Byte length of message (0 or more bytes).
[out]	p_digest	Pointer to destination of message digest. The length depends on hash type.

◆ shaInit

fsp_err_t(* rsip_api_t::shaInit) (rsip_ctrl_t *const p_ctrl, rsip_hash_type_t const hash_type)

Prepares a SHA generation.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	hash_type	Generating hash type.

◆ shaUpdate

fsp_err_t(* rsip_api_t::shaUpdate) (rsip_ctrl_t *const p_ctrl, uint8_t const *const p_message, uint32_t const message_length)

Inputs message.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_message	Pointer to message. The length is message_length.
[in]	message_length	Byte length of message (0 or more bytes).

◆ shaFinish

fsp_err_t(* rsip_api_t::shaFinish) (rsip_ctrl_t *const p_ctrl, uint8_t *const p_digest)

Finalizes a SHA generation.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[out]	p_digest	Pointer to destination of message digest. The length depends on hash type.

◆ shaSuspend

fsp_err_t(* rsip_api_t::shaSuspend) (rsip_ctrl_t *const p_ctrl, rsip_sha_handle_t *const p_handle)

Suspend SHA generation. This API allows you to suspend processing, for example, if you are in the middle of computing digest value for successive chunks of the message and need to perform another process.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[out]	p_handle	Pointer to destination of SHA control block.

◆ shaResume

fsp_err_t(* rsip_api_t::shaResume) (rsip_ctrl_t *const p_ctrl, rsip_sha_handle_t const *const p_handle)

Resume SHA generation. This API allows you to resume a process that has been suspended by R_RSIP_SHA_Suspend() API.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_handle	Pointer to SHA control block.

◆ hmacCompute

fsp_err_t(* rsip_api_t::hmacCompute) (rsip_ctrl_t *const p_ctrl, const rsip_wrapped_key_t *p_wrapped_key, uint8_t const *const p_message, uint32_t const message_length, uint8_t *const p_mac)

Generates HMAC.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_key	Pointer to wrapped key of HMAC key.
[in]	p_message	Pointer to message. The length is message_length.
[in]	message_length	Byte length of message (0 or more bytes).
[out]	p_mac	Pointer to destination of message digest. The length depends on MAC type.

◆ hmacVerify

fsp_err_t(* rsip_api_t::hmacVerify) (rsip_ctrl_t *const p_ctrl, const rsip_wrapped_key_t *p_wrapped_key, uint8_t const *const p_message, uint32_t const message_length, uint8_t const *const p_mac, uint32_t const mac_length)

Verifies HMAC.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_key	Pointer to wrapped key of HMAC key.
[in]	p_message	Pointer to message. The length is message_length.
[in]	message_length	Byte length of message (0 or more bytes).
[in]	p_mac	Pointer to MAC. The length depends on mac_length.
[in]	mac_length	Byte length of MAC.

◆ hmacInit

fsp_err_t(* rsip_api_t::hmacInit) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_key)

Prepares a HMAC generation.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_key	Pointer to wrapped key of HMAC key.

◆ hmacUpdate

fsp_err_t(* rsip_api_t::hmacUpdate) (rsip_ctrl_t *const p_ctrl, uint8_t const *const p_message, uint32_t const message_length)

Inputs message.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_message	Pointer to message. The length is message_length.
[in]	message_length	Byte length of message (0 or more bytes).

◆ hmacSignFinish

fsp_err_t(* rsip_api_t::hmacSignFinish) (rsip_ctrl_t *const p_ctrl, uint8_t *const p_mac)

Finalizes a HMAC generation.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[out]	p_mac	Pointer to destination of message digest. The length depends on MAC type.

◆ hmacVerifyFinish

fsp_err_t(* rsip_api_t::hmacVerifyFinish) (rsip_ctrl_t *const p_ctrl, uint8_t const *const p_mac, uint32_t const mac_length)

Finalizes a HMAC verification.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_mac	Pointer to MAC. The length depends on mac_length.
[in]	mac_length	Byte length of MAC.

◆ hmacSuspend

fsp_err_t(* rsip_api_t::hmacSuspend) (rsip_ctrl_t *const p_ctrl, rsip_hmac_handle_t *const p_handle)

Suspend HMAC generation. This API allows you to suspend processing, for example, if you are in the middle of computing HMAC for successive chunks of the message and need to perform another process.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[out]	p_handle	Pointer to destination of HMAC control block.

◆ hmacResume

fsp_err_t(* rsip_api_t::hmacResume) (rsip_ctrl_t *const p_ctrl, rsip_hmac_handle_t const *const p_handle)

Resume HMAC generation. This API allows you to resume a process that has been suspended by R_RSIP_HMAC_Suspend() API.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_handle	Pointer to HMAC control block.

◆ otfInit

fsp_err_t(* rsip_api_t::otfInit) (rsip_ctrl_t *const p_ctrl, rsip_otf_channel_t const channel, rsip_wrapped_key_t *const p_wrapped_key, uint8_t const *const p_seed)

Initialize on-the-fly decryption on RSIP.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	channel	Channel number.
[in]	p_wrapped_key	Pointer to wrapped AES key.
[in]	p_seed	Pointer to seed.

◆ rsip_instance_t

struct rsip_instance_t

This structure encompasses everything that is needed to use an instance of this interface.

Data Fields
rsip_ctrl_t *	p_ctrl	Pointer to the control structure for this instance.
rsip_cfg_t const *	p_cfg	Pointer to the configuration structure for this instance.
rsip_api_t const *	p_api	Pointer to the API structure for this instance.

Typedef Documentation

◆ rsip_ctrl_t

typedef void rsip_ctrl_t

RSIP Control block. Allocate an instance specific control block to pass into the API calls.

Implemented as

rsip_instance_ctrl_t

Enumeration Type Documentation

◆ rsip_alg_t

enum rsip_alg_t

Key algorithms

Enumerator
RSIP_ALG_INVALID	Invalid.
RSIP_ALG_AES	AES.
RSIP_ALG_XTS_AES	XTS-AES.
RSIP_ALG_CHACHA	ChaCha.
RSIP_ALG_ECC_PUBLIC	ECC public key.
RSIP_ALG_ECC_PRIVATE	ECC private key.
RSIP_ALG_RSA_PUBLIC	RSA public key.
RSIP_ALG_RSA_PRIVATE	RSA private key.
RSIP_ALG_HMAC	HMAC.

◆ rsip_key_subtype_t

enum rsip_key_subtype_t

Key sub type

Enumerator
RSIP_KEY_INVALID	Invalid key.
RSIP_KEY_AES_128	AES-128.
RSIP_KEY_AES_192	AES-192.
RSIP_KEY_AES_256	AES-256.
RSIP_KEY_CHACHA_CHACHA20	ChaCha20.
RSIP_KEY_ECC_SECP256R1	secp256r1
RSIP_KEY_ECC_SECP384R1	secp384r1
RSIP_KEY_ECC_SECP521R1	secp521r1
RSIP_KEY_ECC_SECP256K1	secp256k1
RSIP_KEY_ECC_BRAINPOOLP256R1	brainpoolP256r1
RSIP_KEY_ECC_BRAINPOOLP384R1	brainpoolP384r1
RSIP_KEY_ECC_BRAINPOOLP512R1	brainpoolP512r1
RSIP_KEY_ECC_EDWARDS25519	edwards25519
RSIP_KEY_RSA_1024	RSA-1024.
RSIP_KEY_RSA_2048	RSA-2048.
RSIP_KEY_RSA_3072	RSA-3072.
RSIP_KEY_RSA_4096	RSA-4096.
RSIP_KEY_HMAC_SHA1	HMAC-SHA1.
RSIP_KEY_HMAC_SHA224	HMAC-SHA224.
RSIP_KEY_HMAC_SHA256	HMAC-SHA256.

◆ rsip_key_type_t

enum rsip_key_type_t

Key types

Enumerator
RSIP_KEY_TYPE_INVALID	Invalid key.
RSIP_KEY_TYPE_AES_128	AES-128.
RSIP_KEY_TYPE_AES_192	AES-192.
RSIP_KEY_TYPE_AES_256	AES-256.
RSIP_KEY_TYPE_RSA_2048_PUBLIC	RSA-2048 public key.
RSIP_KEY_TYPE_RSA_2048_PRIVATE	RSA-2048 private key.
RSIP_KEY_TYPE_RSA_3072_PUBLIC	RSA-2048 public key.
RSIP_KEY_TYPE_RSA_3072_PRIVATE	RSA-2048 private key.
RSIP_KEY_TYPE_RSA_4096_PUBLIC	RSA-2048 public key.
RSIP_KEY_TYPE_RSA_4096_PRIVATE	RSA-2048 private key.
RSIP_KEY_TYPE_ECC_SECP256R1_PUBLIC	secp256r1 public key (also known as NIST P-256, prime256v1)
RSIP_KEY_TYPE_ECC_SECP256R1_PRIVATE	secp256r1 private key (also known as NIST P-256, prime256v1)
RSIP_KEY_TYPE_ECC_SECP384R1_PUBLIC	secp384r1 public key (also known as NIST P-256, prime256v1)
RSIP_KEY_TYPE_ECC_SECP384R1_PRIVATE	secp384r1 private key (also known as NIST P-256, prime256v1)
RSIP_KEY_TYPE_ECC_BRAINPOOLP256R1_PUBLIC	brainpool256r1 public key
RSIP_KEY_TYPE_ECC_BRAINPOOLP256R1_PRIVATE	brainpool256r1 private key
RSIP_KEY_TYPE_ECC_BRAINPOOLP384R1_PUBLIC	brainpool256r1 public key
RSIP_KEY_TYPE_ECC_BRAINPOOLP384R1_PRIVATE	brainpool256r1 private key
RSIP_KEY_TYPE_ECC_SECP256K1_PUBLIC	secp256k1 public key
RSIP_KEY_TYPE_ECC_SECP256K1_PRIVATE	secp256k1 private key
RSIP_KEY_TYPE_INVALID	Invalid key.
RSIP_KEY_TYPE_AES_128	AES-128.
RSIP_KEY_TYPE_AES_192	AES-192.
RSIP_KEY_TYPE_AES_256	AES-256.
RSIP_KEY_TYPE_XTS_AES_128	XTS-AES-128.
RSIP_KEY_TYPE_XTS_AES_256	XTS-AES-256.
RSIP_KEY_TYPE_CHACHA20	ChaCha20.
RSIP_KEY_TYPE_ECC_SECP256R1_PUBLIC	secp256r1 public key (also known as NIST P-256, prime256v1)
RSIP_KEY_TYPE_ECC_SECP384R1_PUBLIC	secp384r1 public key (also known as NIST P-384)
RSIP_KEY_TYPE_ECC_SECP521R1_PUBLIC	secp521r1 public key (also known as NIST P-521)
RSIP_KEY_TYPE_ECC_SECP256K1_PUBLIC	secp256k1 public key
RSIP_KEY_TYPE_ECC_BRAINPOOLP256R1_PUBLIC	brainpoolP256r1 public key
RSIP_KEY_TYPE_ECC_BRAINPOOLP384R1_PUBLIC	brainpoolP384r1 public key
RSIP_KEY_TYPE_ECC_BRAINPOOLP512R1_PUBLIC	brainpoolP512r1 public key
RSIP_KEY_TYPE_ECC_EDWARDS25519_PUBLIC	edwards25519 public key
RSIP_KEY_TYPE_ECC_SECP256R1_PRIVATE	secp256r1 private key (also known as NIST P-256, prime256v1)
RSIP_KEY_TYPE_ECC_SECP384R1_PRIVATE	secp384r1 private key (also known as NIST P-384)
RSIP_KEY_TYPE_ECC_SECP521R1_PRIVATE	secp521r1 private key (also known as NIST P-521)
RSIP_KEY_TYPE_ECC_SECP256K1_PRIVATE	secp256k1 private key
RSIP_KEY_TYPE_ECC_BRAINPOOLP256R1_PRIVATE	brainpoolP256r1 private key
RSIP_KEY_TYPE_ECC_BRAINPOOLP384R1_PRIVATE	brainpoolP384r1 private key
RSIP_KEY_TYPE_ECC_BRAINPOOLP512R1_PRIVATE	brainpoolP512r1 private key
RSIP_KEY_TYPE_ECC_EDWARDS25519_PRIVATE	edwards25519 private key
RSIP_KEY_TYPE_RSA_1024_PUBLIC	RSA-1024 public key.
RSIP_KEY_TYPE_RSA_2048_PUBLIC	RSA-2048 public key.
RSIP_KEY_TYPE_RSA_3072_PUBLIC	RSA-3072 public key.
RSIP_KEY_TYPE_RSA_4096_PUBLIC	RSA-4096 public key.
RSIP_KEY_TYPE_RSA_1024_PRIVATE	RSA-1024 private key.
RSIP_KEY_TYPE_RSA_2048_PRIVATE	RSA-2048 private key.
RSIP_KEY_TYPE_RSA_3072_PRIVATE	RSA-3072 private key.
RSIP_KEY_TYPE_RSA_4096_PRIVATE	RSA-4096 private key.
RSIP_KEY_TYPE_HMAC_SHA1	HMAC-SHA1.
RSIP_KEY_TYPE_HMAC_SHA224	HMAC-SHA224.
RSIP_KEY_TYPE_HMAC_SHA256	HMAC-SHA256.

◆ rsip_key_pair_type_t

enum rsip_key_pair_type_t

Key pair types

Enumerator
RSIP_KEY_PAIR_TYPE_INVALID	Invalid key pair type.
RSIP_KEY_PAIR_TYPE_ECC_SECP256R1	secp256r1 key pair (also known as NIST P-256, prime256v1)
RSIP_KEY_PAIR_TYPE_ECC_SECP384R1	secp384r1 key pair (also known as NIST P-384)
RSIP_KEY_PAIR_TYPE_ECC_SECP521R1	secp521r1 key pair (also known as NIST P-521)
RSIP_KEY_PAIR_TYPE_ECC_SECP256K1	secp256k1 key pair
RSIP_KEY_PAIR_TYPE_ECC_BRAINPOOLP256R1	brainpoolP256r1 key pair
RSIP_KEY_PAIR_TYPE_ECC_BRAINPOOLP384R1	brainpoolP384r1 key pair
RSIP_KEY_PAIR_TYPE_ECC_BRAINPOOLP512R1	brainpoolP512r1 key pair
RSIP_KEY_PAIR_TYPE_ECC_EDWARDS25519	edwards25519 key pair
RSIP_KEY_PAIR_TYPE_RSA_1024	RSA-1024 key pair.
RSIP_KEY_PAIR_TYPE_RSA_2048	RSA-2048 key pair.
RSIP_KEY_PAIR_TYPE_RSA_3072	RSA-3072 key pair.
RSIP_KEY_PAIR_TYPE_RSA_4096	RSA-4096 key pair.

◆ rsip_byte_size_wrapped_key_t

enum rsip_byte_size_wrapped_key_t

Byte size of wrapped key

Enumerator
RSIP_BYTE_SIZE_WRAPPED_KEY_AES_128	AES-128.
RSIP_BYTE_SIZE_WRAPPED_KEY_AES_192	AES-192.
RSIP_BYTE_SIZE_WRAPPED_KEY_AES_256	AES-256.
RSIP_BYTE_SIZE_WRAPPED_KEY_XTS_AES_128	XTS-AES-128.
RSIP_BYTE_SIZE_WRAPPED_KEY_XTS_AES_256	XTS-AES-256.
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_SECP256R1_PUBLIC	secp256r1 public key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_SECP384R1_PUBLIC	secp384r1 public key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_SECP521R1_PUBLIC	secp521r1 public key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_SECP256K1_PUBLIC	secp256k1 public key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_BRAINPOOLP256R1_PUBLIC	brainpoolP256r1 public key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_BRAINPOOLP384R1_PUBLIC	brainpoolP384r1 public key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_BRAINPOOLP512R1_PUBLIC	brainpoolP512r1 public key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_EDWARDS25519_PUBLIC	edwards25519 public key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_SECP256R1_PRIVATE	secp256r1 private key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_SECP384R1_PRIVATE	secp384r1 private key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_SECP521R1_PRIVATE	secp521r1 private key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_SECP256K1_PRIVATE	secp256k1 private key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_BRAINPOOLP256R1_PRIVATE	brainpoolP256r1 private key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_BRAINPOOLP384R1_PRIVATE	brainpoolP384r1 private key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_BRAINPOOLP512R1_PRIVATE	brainpoolP512r1 private key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_EDWARDS25519_PRIVATE	edwards25519 private key
RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_1024_PUBLIC	RSA-1024 public key.
RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_2048_PUBLIC	RSA-2048 public key.
RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_3072_PUBLIC	RSA-3072 public key.
RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_4096_PUBLIC	RSA-4096 public key.
RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_1024_PRIVATE	RSA-1024 private key.
RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_2048_PRIVATE	RSA-2048 private key.
RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_3072_PRIVATE	RSA-3072 private key.
RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_4096_PRIVATE	RSA-4096 private key.
RSIP_BYTE_SIZE_WRAPPED_KEY_HMAC_SHA1	HMAC-SHA1 private key.
RSIP_BYTE_SIZE_WRAPPED_KEY_HMAC_SHA224	HMAC-SHA224 private key.
RSIP_BYTE_SIZE_WRAPPED_KEY_HMAC_SHA256	HMAC-SHA256 private key.

◆ rsip_aes_cipher_mode_t

enum rsip_aes_cipher_mode_t

Block cipher modes of operation for AES

Enumerator
RSIP_AES_CIPHER_MODE_ECB_ENC	Electronic Codebook (ECB) encryption.
RSIP_AES_CIPHER_MODE_ECB_DEC	Electronic Codebook (ECB) decryption.
RSIP_AES_CIPHER_MODE_CBC_ENC	Cipher Block Chaining (CBC) mode encryption.
RSIP_AES_CIPHER_MODE_CBC_DEC	Cipher Block Chaining (CBC) mode decryption.
RSIP_AES_CIPHER_MODE_CTR	Counter (CTR) encryption and decryption.
RSIP_AES_CIPHER_MODE_XTS_ENC	XEX-based tweaked-codebook mode with ciphertext stealing (XTS) encryption.
RSIP_AES_CIPHER_MODE_XTS_DEC	XEX-based tweaked-codebook mode with ciphertext stealing (XTS) decryption.

◆ rsip_aes_aead_mode_t

enum rsip_aes_aead_mode_t

AEAD modes of operation for AES

Enumerator
RSIP_AES_AEAD_MODE_GCM_ENC	Galois/Counter Mode (GCM) encryption.
RSIP_AES_AEAD_MODE_GCM_DEC	Galois/Counter Mode (GCM) decryption.
RSIP_AES_AEAD_MODE_CCM_ENC	Counter with CBC-MAC (CCM) encryption.
RSIP_AES_AEAD_MODE_CCM_DEC	Counter with CBC-MAC (CCM) decryption.

◆ rsip_aes_mac_mode_t

enum rsip_aes_mac_mode_t

MAC modes of operation for AES

Enumerator
RSIP_AES_MAC_MODE_CMAC	Cipher-based MAC (CMAC)

◆ rsip_hash_type_t

enum rsip_hash_type_t

Hash type

Enumerator
RSIP_HASH_TYPE_SHA1	SHA-1.
RSIP_HASH_TYPE_SHA224	SHA-224.
RSIP_HASH_TYPE_SHA256	SHA-256.
RSIP_HASH_TYPE_SHA384	SHA-384.
RSIP_HASH_TYPE_SHA512	SHA-512.
RSIP_HASH_TYPE_SHA512_224	SHA-512/224.
RSIP_HASH_TYPE_SHA512_256	SHA-512/256.

◆ rsip_mgf_type_t

enum rsip_mgf_type_t

MGF type

Enumerator
RSIP_MGF_TYPE_MGF1_SHA1	MGF1 with SHA-1.
RSIP_MGF_TYPE_MGF1_SHA224	MGF1 with SHA-224.
RSIP_MGF_TYPE_MGF1_SHA256	MGF1 with SHA-256.
RSIP_MGF_TYPE_MGF1_SHA384	MGF1 with SHA-384.
RSIP_MGF_TYPE_MGF1_SHA512	MGF1 with SHA-512.
RSIP_MGF_TYPE_MGF1_SHA512_224	MGF1 with SHA-512/224.
RSIP_MGF_TYPE_MGF1_SHA512_256	MGF1 with SHA-512/256.

◆ rsip_rsa_salt_length_t

enum rsip_rsa_salt_length_t

RSA salt length

Enumerator
RSIP_RSA_SALT_LENGTH_AUTO	When signing, the salt length is set to RSIP_RSA_SALT_LENGTH_MAX or RSIP_RSA_SALT_LENGTH_HASH, whichever is shorter. When verifying, the salt length is detected automatically.
RSIP_RSA_SALT_LENGTH_HASH	The salt length is set to the hash length.
RSIP_RSA_SALT_LENGTH_MAX	The salt length is set to emLen - hLen - 2, where emLen is the same as the key length and hLen is the hash length.

◆ rsip_otf_channel_t

enum rsip_otf_channel_t

Enumerator
RSIP_OTF_CHANNEL_0	Channel 0.
RSIP_OTF_CHANNEL_1	Channel 1.

Detailed Description

Summary

Data Structures

Typedefs

Enumerations

Data Structure Documentation

◆ rsip_wrapped_key_t

◆ rsip_key_update_key_t

◆ rsip_sha_handle_t

◆ rsip_hmac_handle_t

◆ rsip_cfg_t

◆ rsip_api_t

Data Fields

Field Documentation

◆ open

◆ close

◆ randomNumberGenerate

◆ keyGenerate

◆ keyPairGenerate

◆ encryptedKeyWrap

◆ rfc3394_KeyWrap

◆ rfc3394_KeyUnwrap

◆ injectedKeyImport

◆ publicKeyExport

◆ aesCipherInit

◆ aesCipherUpdate

◆ aesCipherFinish

◆ aesAeadInit

◆ aesAeadLengthsSet

◆ aesAeadAadUpdate

◆ aesAeadUpdate

◆ aesAeadFinish

◆ aesAeadVerify

◆ aesMacInit

◆ aesMacUpdate

◆ aesMacSignFinish

◆ aesMacVerifyFinish

◆ ecdsaSign

◆ ecdsaVerify

◆ rsaEncrypt

◆ rsaDecrypt

◆ rsaesPkcs1V15Encrypt

◆ rsaesPkcs1V15Decrypt

◆ rsaesOaepEncrypt

◆ rsaesOaepDecrypt

◆ rsassaPkcs1V15Sign

◆ rsassaPkcs1V15Verify

◆ rsassaPssSign

◆ rsassaPssVerify

◆ shaCompute

◆ shaInit

◆ shaUpdate

◆ shaFinish

◆ shaSuspend

◆ shaResume

◆ hmacCompute

◆ hmacVerify

◆ hmacInit

◆ hmacUpdate

◆ hmacSignFinish

◆ hmacVerifyFinish

◆ hmacSuspend

◆ hmacResume

◆ otfInit

◆ rsip_instance_t

Typedef Documentation

◆ rsip_ctrl_t

Enumeration Type Documentation

◆ rsip_alg_t

◆ rsip_key_subtype_t

◆ rsip_key_type_t

◆ rsip_key_pair_type_t

◆ rsip_byte_size_wrapped_key_t

◆ rsip_aes_cipher_mode_t

◆ rsip_aes_aead_mode_t

◆ rsip_aes_mac_mode_t

◆ rsip_hash_type_t

◆ rsip_mgf_type_t

◆ rsip_rsa_salt_length_t

◆ rsip_otf_channel_t