RA Flexible Software Package Documentation
Release v5.7.0
|
|
Driver for the Secure Crypto Engine (SCE9) on RA MCUs.
This module provides SCE functions in protected mode.
Crypto Peripheral version | Devices |
---|---|
SCE9 (Protected mode) | RA4M2, RA4M3, RA6M4, RA6M5 |
The SCE module supports for the following features.
This module does not require a specific clock configuration.
This module does not use I/O pins.
Start by creating a new project in e² studio or RASC. On the Stacks tab, add New > Security > SCE Protected Mode. For information on how to install and update secure keys, refer to the Application Note R11AN0496.
The SCE intialization sequence can be modified to support a smaller subset of features and allow for a shorter intialization period. This is particularly useful in cases where startup time is important and the cryptographic features that are required are known in advance. The current fast boot configuration option supports the cryptographic primitives requried by MCUBoot including:
The SCE does not support SHA-384 in hardware, so the APIs listed below require the user to create a SHA-384 function for signature generation and verification. To use the APIs listed below, enable SCE_USER_SHA_384_ENABLED on RA Smart Configurator and prepare a function called SCE_USER_SHA_384_FUNCTION. The interface of SCE_USER_SHA_384_FUNCTION, which is called by the following APIs, is described below.
SHA-384 hash calculation is performed for an area extending the number of bytes specified by the argument message_length from the address specified by the argument message. The calculation result should be stored at the address specified by the argument digest.
message | [in] Start address of message |
digest | [in,out] address for storing hash calculation result (48 bytes) |
message_length | [in] Effective byte count of message |
0 | Hash value stored successfully. |
others | Storing of hash value failed. |
This is an example of AES-256 encryption and decryption.
This is an example of ECC secp-256 signature generate and verify.
This is an example of RSA-2048 encryption and decryption.
This is an example of calculating the SHA256 hash.
Data Structures | |
struct | sce_instance_ctrl_t |
struct sce_instance_ctrl_t |
SCE private control block. DO NOT MODIFY. Initialization occurs when R_SCE_Open() is called.
fsp_err_t R_SCE_SHA256_Init | ( | sce_sha_md5_handle_t * | handle | ) |
The R_SCE_SHA256_Init() function performs preparations for the execution of an SHA-256 hash calculation, and writes the result to the first argument, handle. The value of handle is used as an argument in the subsequent R_SCE_SHA256_Update() function and R_SCE_SHA256_Final() function.
[in,out] | handle | SHA handler (work area) |
FSP_SUCCESS | Normal termination |
fsp_err_t R_SCE_SHA256_Update | ( | sce_sha_md5_handle_t * | handle, |
uint8_t * | message, | ||
uint32_t | message_length | ||
) |
The R_SCE_SHA256_Update() function calculates a hash value based on the second argument, message, and the third argument, message_length, and writes the ongoing status to the first argument, handle. After message input is completed, call R_SCE_SHA256_Final().
[in,out] | handle | SHA handler (work area) |
[in] | message | message data area |
[in] | message_length | message data length |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_SHA256_Final | ( | sce_sha_md5_handle_t * | handle, |
uint8_t * | digest, | ||
uint32_t * | digest_length | ||
) |
Using the handle specified in the first argument, handle, the R_SCE_SHA256_Final() function writes the calculation result to the second argument, digest, and writes the length of the calculation result to the third argument, digest_length.
[in,out] | handle | SHA handler (work area) |
[in,out] | digest | hasha data area |
[in,out] | digest_length | hash data length (32bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_SHA256HMAC_GenerateInit | ( | sce_hmac_sha_handle_t * | handle, |
sce_hmac_sha_wrapped_key_t * | wrapped_key | ||
) |
The R_SCE_SHA256HMAC_GenerateInit() function uses the second argument wrapped_key to prepare for execution of SHA256-HMAC calculation, then writes the result to the first argument handle. The argument handle is used by the subsequent R_SCE_SHA256HMAC_GenerateUpdate() function or R_SCE_SHA256HMAC_GenerateFinal() function.
[in,out] | handle | SHA-HMAC handler (work area) |
[in] | wrapped_key | MAC wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | An invalid MAC wrapped key was input. |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
fsp_err_t R_SCE_SHA256HMAC_GenerateUpdate | ( | sce_hmac_sha_handle_t * | handle, |
uint8_t * | message, | ||
uint32_t | message_length | ||
) |
The R_SCE_SHA256HMAC_GenerateUpdate() function uses the handle specified by the first argument handle, calculates a hash value from the second argument message and third argument message_length, then writes the intermediate result to the first argument handle. After message input finishes, call the R_SCE_SHA256HMAC_GenerateFinal() function.
[in,out] | handle | SHA-HMAC handle (work area) |
[in] | message | Message area |
[in] | message_length | Message length |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_SHA256HMAC_GenerateFinal | ( | sce_hmac_sha_handle_t * | handle, |
uint8_t * | mac | ||
) |
The R_SCE_SHA256HMAC_GenerateFinal() function uses the handle specified by the first argument handle and writes the calculation result to the second argument mac.
[in,out] | handle | SHA-HMAC handle (work area) |
[in,out] | mac | HMAC area (32 bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_SHA256HMAC_VerifyInit | ( | sce_hmac_sha_handle_t * | handle, |
sce_hmac_sha_wrapped_key_t * | wrapped_key | ||
) |
The R_SCE_SHA256HMAC_VerifyInit() function uses the second argument wrapped_key to prepare for execution of SHA256-HMAC calculation, then writes the result to the first argument handle. The argument handle is used by the subsequent R_SCE_SHA256HMAC_VerifyUpdate() function or R_SCE_SHA256HMAC_VerifyFinal() function.
[in,out] | handle | SHA-HMAC handler (work area) |
[in] | wrapped_key | MAC wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | An invalid MAC wrapped key was input. |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
fsp_err_t R_SCE_SHA256HMAC_VerifyUpdate | ( | sce_hmac_sha_handle_t * | handle, |
uint8_t * | message, | ||
uint32_t | message_length | ||
) |
The R_SCE_SHA256HMAC_VerifyUpdate() function uses the handle specified by the first argument handle, calculates a hash value from the second argument message and third argument message_length, then writes the intermediate result to the first argument handle. After message input finishes, call the R_SCE_SHA256HMAC_VerifyFinal() function.
[in,out] | handle | SHA-HMAC handle (work area) |
[in] | message | Message area |
[in] | message_length | Message length |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_SHA256HMAC_VerifyFinal | ( | sce_hmac_sha_handle_t * | handle, |
uint8_t * | mac, | ||
uint32_t | mac_length | ||
) |
The R_SCE_SHA256HMAC_VerifyFinal() function uses the handle specified by the first argument handle and verifies the mac value from the second argument mac and third argument mac_length. Input a value in bytes from 4 to 32 as mac_length.
[in,out] | handle | SHA-HMAC handle (work area) |
[in] | mac | HMAC area |
[in] | mac_length | HMAC length |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_RSASSA_PKCS1024_SignatureGenerate | ( | sce_rsa_byte_data_t * | message_hash, |
sce_rsa_byte_data_t * | signature, | ||
sce_rsa1024_private_wrapped_key_t * | wrapped_key, | ||
uint8_t | hash_type | ||
) |
The R_SCE_RSASSA_PKCS1024_SignatureGenerate() function generates, in accordance with RSASSA-PKCS1-V1_5, a signature from the message text or hash value that is input in the first argument, message_hash, using the private wrapped key input to the third argument, wrapped_key, and writes the signature text to the second argument, signature. When a message is specified in the first argument, message_hash->data_type, a hash value is calculated for the message as specified by the fourth argument, hash_type. When specifying a hash value in the first argument, message_hash->data_type, a hash value calculated with a hash algorithm as specified by the fourth argument, hash_type, must be input to message_hash->pdata.
[in] | message_hash | Message or hash value to which to attach signature
|
[in,out] | signature | Signature text storage destination information
|
[in] | wrapped_key | Inputs the 1024-bit RSA private wrapped key. |
[in] | hash_type | Only HW_SCE_RSA_HASH_SHA256 is supported |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is invalid. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_RSASSA_PKCS1024_SignatureVerify | ( | sce_rsa_byte_data_t * | signature, |
sce_rsa_byte_data_t * | message_hash, | ||
sce_rsa1024_public_wrapped_key_t * | wrapped_key, | ||
uint8_t | hash_type | ||
) |
The R_SCE_RSASSA_PKCS1024_SignatureVerify() function verifies, in accordance with RSASSA-PKCS1-V1_5, the signature text input to the first argument signature, and the message text or hash value input to the second argument, message_hash, using the public wrapped key input to the third argument, wrapped_key. When a message is specified in the second argument, message_hash->data_type, a hash value is calculated using the public wrapped key input to the third argument, wrapped_key, and as specified by the fourth argument, hash_type. When specifying a hash value in the second argument, message_hash->data_type, a hash value calculated with a hash algorithm as specified by the fourth argument, hash_type, must be input to message_hash->pdata.
[in] | signature | Signature text information to verify
|
[in] | message_hash | Message text or hash value to verify
|
[in] | wrapped_key | Inputs the 1024-bit RSA public wrapped key. |
[in] | hash_type | Only HW_SCE_RSA_HASH_SHA256 is supported |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_AUTHENTICATION | Authentication failed |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is invalid. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_RSAES_PKCS1024_Encrypt | ( | sce_rsa_byte_data_t * | plain, |
sce_rsa_byte_data_t * | cipher, | ||
sce_rsa1024_public_wrapped_key_t * | wrapped_key | ||
) |
The R_SCE_RSAES_PKCS1024_Encrypt() function RSA-encrypts the plaintext input to the first argument, plain, according to RSAES-PKCS1-V1_5. It writes the encryption result to the second argument, cipher.
[in] | plain | plaintext
|
[in,out] | cipher | ciphertext
|
[in] | wrapped_key | Inputs the 1024-bit RSA public wrapped key. |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Incorrect wrapped key was input. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
fsp_err_t R_SCE_RSAES_PKCS1024_Decrypt | ( | sce_rsa_byte_data_t * | cipher, |
sce_rsa_byte_data_t * | plain, | ||
sce_rsa1024_private_wrapped_key_t * | wrapped_key | ||
) |
The R_SCE_RSAES_PKCS1024_Decrypt() function RSA-decrypts the ciphertext input to the first argument, cipher, according to RSAES-PKCS1-V1_5. It writes the decryption result to the second argument, plain.
[in] | cipher | ciphertext
|
[in,out] | plain | plaintext
|
[in] | wrapped_key | Inputs the 1024-bit RSA private wrapped key. |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Incorrect wrapped key was input. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_RSASSA_PKCS2048_SignatureGenerate | ( | sce_rsa_byte_data_t * | message_hash, |
sce_rsa_byte_data_t * | signature, | ||
sce_rsa2048_private_wrapped_key_t * | wrapped_key, | ||
uint8_t | hash_type | ||
) |
The R_SCE_RSASSA_PKCS2048_SignatureGenerate() function generates, in accordance with RSASSA-PKCS1-V1_5, a signature from the message text or hash value that is input in the first argument, message_hash, using the private wrapped key input to the third argument, wrapped_key, and writes the signature text to the second argument, signature. When a message is specified in the first argument, message_hash->data_type, a hash value is calculated for the message as specified by the fourth argument, hash_type. When specifying a hash value in the first argument, message_hash->data_type, a hash value calculated with a hash algorithm as specified by the fourth argument, hash_type, must be input to message_hash->pdata.
[in] | message_hash | Message or hash value to which to attach signature
|
[in,out] | signature | Signature text storage destination information
|
[in] | wrapped_key | Inputs the 2048-bit RSA private wrapped key. |
[in] | hash_type | Only HW_SCE_RSA_HASH_SHA256 is supported |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is invalid. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_RSASSA_PKCS2048_SignatureVerify | ( | sce_rsa_byte_data_t * | signature, |
sce_rsa_byte_data_t * | message_hash, | ||
sce_rsa2048_public_wrapped_key_t * | wrapped_key, | ||
uint8_t | hash_type | ||
) |
The R_SCE_RSASSA_PKCS2048_SignatureVerify() function verifies, in accordance with RSASSA-PKCS1-V1_5, the signature text input to the first argument signature, and the message text or hash value input to the second argument, message_hash, using the public wrapped key input to the third argument, wrapped_key. When a message is specified in the second argument, message_hash->data_type, a hash value is calculated using the public wrapped key input to the third argument, wrapped_key, and as specified by the fourth argument, hash_type. When specifying a hash value in the second argument, message_hash->data_type, a hash value calculated with a hash algorithm as specified by the fourth argument, hash_type, must be input to message_hash->pdata.
[in] | signature | Signature text information to verify
|
[in] | message_hash | Message text or hash value to verify
|
[in] | wrapped_key | Inputs the 1024-bit RSA public wrapped key. |
[in] | hash_type | Only HW_SCE_RSA_HASH_SHA256 is supported |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_AUTHENTICATION | Authentication failed |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is invalid. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_RSASSA_PKCS3072_SignatureVerify | ( | sce_rsa_byte_data_t * | signature, |
sce_rsa_byte_data_t * | message_hash, | ||
sce_rsa3072_public_wrapped_key_t * | wrapped_key, | ||
uint8_t | hash_type | ||
) |
The R_SCE_RSASSA_PKCS3072_SignatureVerify() function verifies, in accordance with RSASSA-PKCS1-V1_5, the signature text input to the first argument signature, and the message text or hash value input to the second argument, message_hash, using the public wrapped key input to the third argument, wrapped_key. When a message is specified in the second argument, message_hash->data_type, a hash value is calculated using the public wrapped key input to the third argument, wrapped_key, and as specified by the fourth argument, hash_type. When specifying a hash value in the second argument, message_hash->data_type, a hash value calculated with a hash algorithm as specified by the fourth argument, hash_type, must be input to message_hash->pdata.
[in] | signature | Signature text information to verify
|
[in] | message_hash | Message text or hash value to verify
|
[in] | wrapped_key | Inputs the 3072-bit RSA public wrapped key. |
[in] | hash_type | Only HW_SCE_RSA_HASH_SHA256 is supported |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_AUTHENTICATION | Authentication failed |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is invalid. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_RSASSA_PKCS4096_SignatureVerify | ( | sce_rsa_byte_data_t * | signature, |
sce_rsa_byte_data_t * | message_hash, | ||
sce_rsa4096_public_wrapped_key_t * | wrapped_key, | ||
uint8_t | hash_type | ||
) |
The R_SCE_RSASSA_PKCS4096_SignatureVerify() function verifies, in accordance with RSASSA-PKCS1-V1_5, the signature text input to the first argument signature, and the message text or hash value input to the second argument, message_hash, using the public wrapped key input to the third argument, wrapped_key. When a message is specified in the second argument, message_hash->data_type, a hash value is calculated using the public wrapped key input to the third argument, wrapped_key, and as specified by the fourth argument, hash_type. When specifying a hash value in the second argument, message_hash->data_type, a hash value calculated with a hash algorithm as specified by the fourth argument, hash_type, must be input to message_hash->pdata.
[in] | signature | Signature text information to verify
|
[in] | message_hash | Message text or hash value to verify
|
[in] | wrapped_key | Inputs the 1024-bit RSA public wrapped key. |
[in] | hash_type | Only HW_SCE_RSA_HASH_SHA256 is supported |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_AUTHENTICATION | Authentication failed |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is invalid. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_RSAES_PKCS2048_Encrypt | ( | sce_rsa_byte_data_t * | plain, |
sce_rsa_byte_data_t * | cipher, | ||
sce_rsa2048_public_wrapped_key_t * | wrapped_key | ||
) |
The R_SCE_RSAES_PKCS2048_Encrypt() function RSA-encrypts the plaintext input to the first argument, plain, according to RSAES-PKCS1-V1_5. It writes the encryption result to the second argument, cipher.
[in] | plain | plaintext
|
[in,out] | cipher | ciphertext
|
[in] | wrapped_key | Inputs the 2048-bit RSA public wrapped key. |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Incorrect wrapped key was input. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
fsp_err_t R_SCE_RSAES_PKCS2048_Decrypt | ( | sce_rsa_byte_data_t * | cipher, |
sce_rsa_byte_data_t * | plain, | ||
sce_rsa2048_private_wrapped_key_t * | wrapped_key | ||
) |
The R_SCE_RSAES_PKCS2048_Decrypt() function RSA-decrypts the ciphertext input to the first argument, cipher, according to RSAES-PKCS1-V1_5. It writes the decryption result to the second argument, plain.
[in] | cipher | ciphertext
|
[in,out] | plain | plaintext
|
[in] | wrapped_key | Inputs the 1024-bit RSA private wrapped key. |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Incorrect wrapped key was input. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_RSAES_PKCS3072_Encrypt | ( | sce_rsa_byte_data_t * | plain, |
sce_rsa_byte_data_t * | cipher, | ||
sce_rsa3072_public_wrapped_key_t * | wrapped_key | ||
) |
The R_SCE_RSAES_PKCS3072_Encrypt() function RSA-encrypts the plaintext input to the first argument, plain, according to RSAES-PKCS1-V1_5. It writes the encryption result to the second argument, cipher.
[in] | plain | plaintext
|
[in,out] | cipher | ciphertext
|
[in] | wrapped_key | Inputs the 3072-bit RSA public wrapped key. |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Incorrect wrapped key was input. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_RSAES_PKCS4096_Encrypt | ( | sce_rsa_byte_data_t * | plain, |
sce_rsa_byte_data_t * | cipher, | ||
sce_rsa4096_public_wrapped_key_t * | wrapped_key | ||
) |
The R_SCE_RSAES_PKCS4096_Encrypt() function RSA-encrypts the plaintext input to the first argument, plain, according to RSAES-PKCS1-V1_5. It writes the encryption result to the second argument, cipher.
[in] | plain | plaintext
|
[in,out] | cipher | ciphertext
|
[in] | wrapped_key | Inputs the 4096-bit RSA public wrapped key. |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Incorrect wrapped key was input. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_Open | ( | sce_ctrl_t *const | p_ctrl, |
sce_cfg_t const *const | p_cfg | ||
) |
Enables use of SCE functionality.
[in] | p_ctrl | Pointer to control structure. |
[in] | p_cfg | Pointer to pin configuration structure. |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_FAIL | The error-detection self-test failed to terminate normally. |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_RETRY | Indicates that an entropy evaluation failure occurred. Run the function again. |
fsp_err_t R_SCE_Close | ( | sce_ctrl_t *const | p_ctrl | ) |
Stops supply of power to the SCE.
[in] | p_ctrl | Pointer to control structure. |
FSP_SUCCESS | Normal termination |
fsp_err_t R_SCE_SoftwareReset | ( | void | ) |
Software reset to SCE.
Reverts the state to the SCE initial state.
FSP_SUCCESS | Normal termination |
fsp_err_t R_SCE_RandomNumberGenerate | ( | uint32_t * | random | ) |
This API can generate 4 words random number.
[in,out] | random | Stores 4words (16 bytes) random data. |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
fsp_err_t R_SCE_AES128_WrappedKeyGenerate | ( | sce_aes_wrapped_key_t * | wrapped_key | ) |
This API outputs 128-bit AES wrapped key from a random number.
This API generates a wrapped key from a random number in the SCE. Accordingly, user key input is unnecessary. By encrypting data using the wrapped key is output by this API, dead copying of data can be prevented.
[in,out] | wrapped_key | 128-bit AES wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
fsp_err_t R_SCE_AES256_WrappedKeyGenerate | ( | sce_aes_wrapped_key_t * | wrapped_key | ) |
This API outputs 256-bit AES wrapped key from a random number.
This API generates a wrapped key from a random number in the SCE. Accordingly, user key input is unnecessary. By encrypting data using the wrapped key is output by this API, dead copying of data can be prevented.
[in,out] | wrapped_key | 256-bit AES wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
fsp_err_t R_SCE_AES128_EncryptedKeyWrap | ( | uint8_t * | initial_vector, |
uint8_t * | encrypted_key, | ||
sce_key_update_key_t * | key_update_key, | ||
sce_aes_wrapped_key_t * | wrapped_key | ||
) |
This API wraps 128-bit AES key within the user routine.
[in] | initial_vector | Initialization vector when generating encrypted_key |
[in] | encrypted_key | User key encryptedand MAC appended |
[in] | key_update_key | Key update keyring |
[in,out] | wrapped_key | 128-bit AES wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_AES256_EncryptedKeyWrap | ( | uint8_t * | initial_vector, |
uint8_t * | encrypted_key, | ||
sce_key_update_key_t * | key_update_key, | ||
sce_aes_wrapped_key_t * | wrapped_key | ||
) |
This API wraps 256-bit AES key within the user routine.
[in] | initial_vector | Initialization vector when generating encrypted_key |
[in] | encrypted_key | User key encryptedand MAC appended |
[in] | key_update_key | Key update keyring |
[in,out] | wrapped_key | 256-bit AES wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_AES128_RFC3394KeyWrap | ( | sce_aes_wrapped_key_t * | master_key, |
uint32_t | target_key_type, | ||
sce_aes_wrapped_key_t * | target_key, | ||
uint32_t * | rfc3394_wrapped_key | ||
) |
This API wraps 128-bit AES key within the user routine.
[in] | master_key | AES-128 key used for wrapping. |
[in] | target_key_type | Selects key to be wrapped. |
[in] | target_key | Key to be wrapped. |
[out] | rfc3394_wrapped_key | Wrapped key. |
FSP_SUCCESS | Normal termination. |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | Resource conflict. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Input illegal user Key Generation Information. |
FSP_ERR_CRYPTO_SCE_FAIL | Internal error occurred. |
fsp_err_t R_SCE_AES256_RFC3394KeyWrap | ( | sce_aes_wrapped_key_t * | master_key, |
uint32_t | target_key_type, | ||
sce_aes_wrapped_key_t * | target_key, | ||
uint32_t * | rfc3394_wrapped_key | ||
) |
This API wraps 256-bit AES key within the user routine.
[in] | master_key | AES-256 key used for wrapping. |
[in] | target_key_type | Selects key to be wrapped. |
[in] | target_key | Key to be wrapped. |
[out] | rfc3394_wrapped_key | Wrapped key. |
FSP_SUCCESS | Normal termination. |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | Resource conflict. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Input illegal user Key Generation Information. |
FSP_ERR_CRYPTO_SCE_FAIL | Internal error occurred. |
fsp_err_t R_SCE_AES128_RFC3394KeyUnwrap | ( | sce_aes_wrapped_key_t * | master_key, |
uint32_t | target_key_type, | ||
uint32_t * | rfc3394_wrapped_key, | ||
sce_aes_wrapped_key_t * | target_key | ||
) |
This API unwraps 128-bit AES key within the user routine.
[in] | master_key | AES-128 key used for unwrapping. |
[in] | target_key_type | Selects key to be unwrapped. |
[in] | rfc3394_wrapped_key | Wrapped key. |
[out] | target_key | Key to be unwrapped. |
FSP_SUCCESS | Normal termination. |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | Resource conflict. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Input illegal user Key Generation Information. |
FSP_ERR_CRYPTO_SCE_FAIL | Internal error occurred. |
fsp_err_t R_SCE_AES256_RFC3394KeyUnwrap | ( | sce_aes_wrapped_key_t * | master_key, |
uint32_t | target_key_type, | ||
uint32_t * | rfc3394_wrapped_key, | ||
sce_aes_wrapped_key_t * | target_key | ||
) |
This API unwraps 256-bit AES key within the user routine.
[in] | master_key | AES-256 key used for unwrapping. |
[in] | target_key_type | Selects key to be unwrapped. |
[in] | rfc3394_wrapped_key | Wrapped key. |
[out] | target_key | Key to be unwrapped. |
FSP_SUCCESS | Normal termination. |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | Resource conflict. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Input illegal user Key Generation Information. |
FSP_ERR_CRYPTO_SCE_FAIL | Internal error occurred. |
fsp_err_t R_SCE_SHA256HMAC_EncryptedKeyWrap | ( | uint8_t * | initial_vector, |
uint8_t * | encrypted_key, | ||
sce_key_update_key_t * | key_update_key, | ||
sce_hmac_sha_wrapped_key_t * | wrapped_key | ||
) |
This API wraps HMAC-SHA256 key within the user routine.
[in] | initial_vector | Initialization vector when generating encrypted_key |
[in] | encrypted_key | User key encryptedand MAC appended |
[in] | key_update_key | Key update keyring |
[in,out] | wrapped_key | HMAC-SHA256 wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_RSA1024_WrappedKeyPairGenerate | ( | sce_rsa1024_wrapped_pair_key_t * | wrapped_pair_key | ) |
This API outputs a wrapped key pair for a 1024-bit RSA public key and private key pair. These keys are generated from a random value produced internally by the SCE. Consequently, there is no need to input a user key. Dead copying of data can be prevented by encrypting the data using the wrapped key output by this API. A public wrapped key is generated by wrapped_pair_key->pub_key, and a private wrapped key is generated by wrapped_pair_key->priv_key. As the public key exponent, only 0x00010001 is generated.
[in,out] | wrapped_pair_key | User key index for RSA 1024-bit public key and private key pair |
FSP_SUCCESS | Normal end |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. Key generation failed. |
fsp_err_t R_SCE_RSA2048_WrappedKeyPairGenerate | ( | sce_rsa2048_wrapped_pair_key_t * | wrapped_pair_key | ) |
This API outputs a wrapped key pair for a 2048-bit RSA public key and private key pair. These keys are generated from a random value produced internally by the SCE. Consequently, there is no need to input a user key. Dead copying of data can be prevented by encrypting the data using the wrapped key output by this API. A public wrapped key is generated by wrapped_pair_key->pub_key, and a private wrapped key is generated by wrapped_pair_key->priv_key. As the public key exponent, only 0x00010001 is generated.
[in,out] | wrapped_pair_key | User key index for RSA 2048-bit public key and private key pair |
FSP_SUCCESS | Normal end |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. Key generation failed. |
fsp_err_t R_SCE_RSA1024_EncryptedPublicKeyWrap | ( | uint8_t * | initial_vector, |
uint8_t * | encrypted_key, | ||
sce_key_update_key_t * | key_update_key, | ||
sce_rsa1024_public_wrapped_key_t * | wrapped_key | ||
) |
This API wraps 1024-bit RSA public key within the user routine.
[in] | initial_vector | Initialization vector when generating encrypted_key |
[in] | encrypted_key | User key encryptedand MAC appended |
[in] | key_update_key | Key update keyring |
[in,out] | wrapped_key | 1024-bit RSA public wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_RSA1024_EncryptedPrivateKeyWrap | ( | uint8_t * | initial_vector, |
uint8_t * | encrypted_key, | ||
sce_key_update_key_t * | key_update_key, | ||
sce_rsa1024_private_wrapped_key_t * | wrapped_key | ||
) |
This API wraps 1024-bit RSA private key within the user routine.
[in] | initial_vector | Initialization vector when generating encrypted_key |
[in] | encrypted_key | User key encryptedand MAC appended |
[in] | key_update_key | Key update keyring |
[in,out] | wrapped_key | 1024-bit RSA private wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_RSA2048_EncryptedPublicKeyWrap | ( | uint8_t * | initial_vector, |
uint8_t * | encrypted_key, | ||
sce_key_update_key_t * | key_update_key, | ||
sce_rsa2048_public_wrapped_key_t * | wrapped_key | ||
) |
This API wraps 2048-bit RSA public key within the user routine.
[in] | initial_vector | Initialization vector when generating encrypted_key |
[in] | encrypted_key | User key encryptedand MAC appended |
[in] | key_update_key | Key update keyring |
[in,out] | wrapped_key | 1024-bit RSA public wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_RSA2048_EncryptedPrivateKeyWrap | ( | uint8_t * | initial_vector, |
uint8_t * | encrypted_key, | ||
sce_key_update_key_t * | key_update_key, | ||
sce_rsa2048_private_wrapped_key_t * | wrapped_key | ||
) |
This API wraps 2048-bit RSA private key within the user routine.
[in] | initial_vector | Initialization vector when generating encrypted_key |
[in] | encrypted_key | User key encryptedand MAC appended |
[in] | key_update_key | Key update keyring |
[in,out] | wrapped_key | 2048-bit RSA private wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_RSA3072_EncryptedPublicKeyWrap | ( | uint8_t * | initial_vector, |
uint8_t * | encrypted_key, | ||
sce_key_update_key_t * | key_update_key, | ||
sce_rsa3072_public_wrapped_key_t * | wrapped_key | ||
) |
This API wraps 3072-bit RSA public key within the user routine.
[in] | initial_vector | Initialization vector when generating encrypted_key |
[in] | encrypted_key | User key encryptedand MAC appended |
[in] | key_update_key | Key update keyring |
[in,out] | wrapped_key | 3072-bit RSA public wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_RSA4096_EncryptedPublicKeyWrap | ( | uint8_t * | initial_vector, |
uint8_t * | encrypted_key, | ||
sce_key_update_key_t * | key_update_key, | ||
sce_rsa4096_public_wrapped_key_t * | wrapped_key | ||
) |
This API wraps 4096-bit RSA public key within the user routine.
[in] | initial_vector | Initialization vector when generating encrypted_key |
[in] | encrypted_key | User key encryptedand MAC appended |
[in] | key_update_key | Key update keyring |
[in,out] | wrapped_key | 1024-bit RSA public wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_ECC_secp192r1_WrappedKeyPairGenerate | ( | sce_ecc_wrapped_pair_key_t * | wrapped_pair_key | ) |
This is an API for outputting a wrapped key pair for secp192r1 public key and private key pair. These keys are generated from a random number value internally within the SCE. There is therefore no need to input user keys. It is possible to prevent dead copying of data by using the wrapped key output by this API to encrypt the data. The public key index is generated in wrapped_pair_key->pub_key, and the private key index is generated in wrapped_pair_key->priv_key.
[in,out] | wrapped_pair_key | Wrapped pair key for secp192r1 public key and private key pair |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_ECC_secp224r1_WrappedKeyPairGenerate | ( | sce_ecc_wrapped_pair_key_t * | wrapped_pair_key | ) |
This is an API for outputting a wrapped key pair for secp224r1 public key and private key pair. These keys are generated from a random number value internally within the SCE. There is therefore no need to input user keys. It is possible to prevent dead copying of data by using the wrapped key output by this API to encrypt the data. The public key index is generated in wrapped_pair_key->pub_key, and the private key index is generated in wrapped_pair_key->priv_key.
[in,out] | wrapped_pair_key | Wrapped pair key for secp224r1 public key and private key pair |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_ECC_secp256r1_WrappedKeyPairGenerate | ( | sce_ecc_wrapped_pair_key_t * | wrapped_pair_key | ) |
This is an API for outputting a wrapped key pair for secp256r1 public key and private key pair. These keys are generated from a random number value internally within the SCE. There is therefore no need to input user keys. It is possible to prevent dead copying of data by using the wrapped key output by this API to encrypt the data. The public key index is generated in wrapped_pair_key->pub_key, and the private key index is generated in wrapped_pair_key->priv_key.
[in,out] | wrapped_pair_key | Wrapped pair key for secp256r1 public key and private key pair |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_ECC_secp384r1_WrappedKeyPairGenerate | ( | sce_ecc_wrapped_pair_key_t * | wrapped_pair_key | ) |
This is an API for outputting a wrapped key pair for secp384r1 public key and private key pair. These keys are generated from a random number value internally within the SCE. There is therefore no need to input user keys. It is possible to prevent dead copying of data by using the wrapped key output by this API to encrypt the data. The public key index is generated in wrapped_pair_key->pub_key, and the private key index is generated in wrapped_pair_key->priv_key.
[in,out] | wrapped_pair_key | Wrapped pair key for secp384r1 public key and private key pair |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_ECC_secp192r1_EncryptedPublicKeyWrap | ( | uint8_t * | initial_vector, |
uint8_t * | encrypted_key, | ||
sce_key_update_key_t * | key_update_key, | ||
sce_ecc_public_wrapped_key_t * | wrapped_key | ||
) |
This API wraps secp192r1 public key within the user routine.
[in] | initial_vector | Initialization vector when generating encrypted_key |
[in] | encrypted_key | User key encryptedand MAC appended |
[in] | key_update_key | Key update keyring |
[in,out] | wrapped_key | secp192r1 public wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_ECC_secp224r1_EncryptedPublicKeyWrap | ( | uint8_t * | initial_vector, |
uint8_t * | encrypted_key, | ||
sce_key_update_key_t * | key_update_key, | ||
sce_ecc_public_wrapped_key_t * | wrapped_key | ||
) |
This API wraps secp224r1 public key within the user routine.
[in] | initial_vector | Initialization vector when generating encrypted_key |
[in] | encrypted_key | User key encryptedand MAC appended |
[in] | key_update_key | Key update keyring |
[in,out] | wrapped_key | secp224r1 public wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_ECC_secp256r1_EncryptedPublicKeyWrap | ( | uint8_t * | initial_vector, |
uint8_t * | encrypted_key, | ||
sce_key_update_key_t * | key_update_key, | ||
sce_ecc_public_wrapped_key_t * | wrapped_key | ||
) |
This API wraps secp256r1 public key within the user routine.
[in] | initial_vector | Initialization vector when generating encrypted_key |
[in] | encrypted_key | User key encryptedand MAC appended |
[in] | key_update_key | Key update keyring |
[in,out] | wrapped_key | secp256r1 public wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_ECC_secp384r1_EncryptedPublicKeyWrap | ( | uint8_t * | initial_vector, |
uint8_t * | encrypted_key, | ||
sce_key_update_key_t * | key_update_key, | ||
sce_ecc_public_wrapped_key_t * | wrapped_key | ||
) |
This API wraps secp384r1 public key within the user routine.
[in] | initial_vector | Initialization vector when generating encrypted_key |
[in] | encrypted_key | User key encryptedand MAC appended |
[in] | key_update_key | Key update keyring |
[in,out] | wrapped_key | secp384r1 public wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_ECC_secp192r1_EncryptedPrivateKeyWrap | ( | uint8_t * | initial_vector, |
uint8_t * | encrypted_key, | ||
sce_key_update_key_t * | key_update_key, | ||
sce_ecc_private_wrapped_key_t * | wrapped_key | ||
) |
This API wraps secp192r1 private key within the user routine.
[in] | initial_vector | Initialization vector when generating encrypted_key |
[in] | encrypted_key | User key encryptedand MAC appended |
[in] | key_update_key | Key update keyring |
[in,out] | wrapped_key | secp192r1 private wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_ECC_secp224r1_EncryptedPrivateKeyWrap | ( | uint8_t * | initial_vector, |
uint8_t * | encrypted_key, | ||
sce_key_update_key_t * | key_update_key, | ||
sce_ecc_private_wrapped_key_t * | wrapped_key | ||
) |
This API wraps secp224r1 private key within the user routine.
[in] | initial_vector | Initialization vector when generating encrypted_key |
[in] | encrypted_key | User key encryptedand MAC appended |
[in] | key_update_key | Key update keyring |
[in,out] | wrapped_key | secp224r1 private wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_ECC_secp256r1_EncryptedPrivateKeyWrap | ( | uint8_t * | initial_vector, |
uint8_t * | encrypted_key, | ||
sce_key_update_key_t * | key_update_key, | ||
sce_ecc_private_wrapped_key_t * | wrapped_key | ||
) |
This API wraps secp256r1 private key within the user routine.
[in] | initial_vector | Initialization vector when generating encrypted_key |
[in] | encrypted_key | User key encryptedand MAC appended |
[in] | key_update_key | Key update keyring |
[in,out] | wrapped_key | secp256r1 private wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_ECC_secp384r1_EncryptedPrivateKeyWrap | ( | uint8_t * | initial_vector, |
uint8_t * | encrypted_key, | ||
sce_key_update_key_t * | key_update_key, | ||
sce_ecc_private_wrapped_key_t * | wrapped_key | ||
) |
This API wraps secp384r1 private key within the user routine.
[in] | initial_vector | Initialization vector when generating encrypted_key |
[in] | encrypted_key | User key encryptedand MAC appended |
[in] | key_update_key | Key update keyring |
[in,out] | wrapped_key | secp384r1 private wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_TLS_RootCertificateRSA2048PublicKeyInstall | ( | uint8_t * | encrypted_provisioning_key, |
uint8_t * | initial_vector, | ||
uint8_t * | encrypted_key, | ||
sce_tls_ca_certification_public_wrapped_key_t * | wrapped_key | ||
) |
Generate TLS RSA Public key index data
[in] | encrypted_provisioning_key | the provisioning key includes encrypted CBC/CBC-MAC key for user key |
[in] | initial_vector | the initial_vector for user key CBC encrypt |
[in] | encrypted_key | the user key encrypted with AES128-ECB mode |
[out] | wrapped_key | the user Key Generation Information (141 words) of RSA2048 bit |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate | ( | sce_tls_p256_ecc_wrapped_key_t * | tls_p256_ecc_wrapped_key, |
uint8_t * | ephemeral_ecdh_public_key | ||
) |
Generate TLS ECC key pair
[in] | tls_p256_ecc_wrapped_key | P256 ECC key index for TLS |
[in] | ephemeral_ecdh_public_key | ephemeral ECDH public key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_ECDSA_secp192r1_SignatureGenerate | ( | sce_ecdsa_byte_data_t * | message_hash, |
sce_ecdsa_byte_data_t * | signature, | ||
sce_ecc_private_wrapped_key_t * | wrapped_key | ||
) |
When a message is specified in the first argument, message_hash->data_type, a SHA-256 hash of the message text input as the first argument, message_hash->pdata, is calculated, and the signature text is written to the second argument, signature, in accordance with secp192r1 using the private wrapped key input as the third argument, wrapped_key.
When a hash value is specified in the first argument, message_hash->data_type, the signature text for the first 24 bytes of the SHA-256 hash value input to the first argument, message_hash->pdata, is written to the second argument, signature, in accordance with secp192r1 using the private wrapped key input as the third argument, wrapped_key.
[in] | message_hash | Message or hash value to which to attach signature
|
[in,out] | signature | Signature text storage destination information
|
[in] | wrapped_key | Input wrapped key of secp192r1 private key. |
FSP_SUCCESS | Normal end |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource required by the processing is in use by other processing. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is invalid. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_ECDSA_secp224r1_SignatureGenerate | ( | sce_ecdsa_byte_data_t * | message_hash, |
sce_ecdsa_byte_data_t * | signature, | ||
sce_ecc_private_wrapped_key_t * | wrapped_key | ||
) |
When a message is specified in the first argument, message_hash->data_type, a SHA-256 hash of the message text input as the first argument, message_hash->pdata, is calculated, and the signature text is written to the second argument, signature, in accordance with secp224r1 using the private wrapped key input as the third argument, wrapped_key.
When a hash value is specified in the first argument, message_hash->data_type, the signature text for the first 28 bytes of the SHA-256 hash value input to the first argument, message_hash->pdata, is written to the second argument, signature, in accordance with secp224r1 using the private wrapped key input as the third argument, wrapped_key.
[in] | message_hash | Message or hash value to which to attach signature
|
[in,out] | signature | Signature text storage destination information
|
[in] | wrapped_key | Input wrapped key of secp224r1 private key. |
FSP_SUCCESS | Normal end |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource required by the processing is in use by other processing. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is invalid. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_ECDSA_secp256r1_SignatureGenerate | ( | sce_ecdsa_byte_data_t * | message_hash, |
sce_ecdsa_byte_data_t * | signature, | ||
sce_ecc_private_wrapped_key_t * | wrapped_key | ||
) |
When a message is specified in the first argument, message_hash->data_type, a SHA-256 hash of the message text input as the first argument, message_hash->pdata, is calculated, and the signature text is written to the second argument, signature, in accordance with secp256r1 using the private wrapped key input as the third argument, wrapped_key.
When a hash value is specified in the first argument, message_hash->data_type, the signature text for the first 32 bytes of the SHA-256 hash value input to the first argument, message_hash->pdata, is written to the second argument, signature, in accordance with secp256r1 using the private wrapped key input as the third argument, wrapped_key.
[in] | message_hash | Message or hash value to which to attach signature
|
[in,out] | signature | Signature text storage destination information
|
[in] | wrapped_key | Input wrapped key of secp256r1 private key. |
FSP_SUCCESS | Normal end |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource required by the processing is in use by other processing. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is invalid. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_ECDSA_secp384r1_SignatureGenerate | ( | sce_ecdsa_byte_data_t * | message_hash, |
sce_ecdsa_byte_data_t * | signature, | ||
sce_ecc_private_wrapped_key_t * | wrapped_key | ||
) |
When a message is specified in the first argument, message_hash->data_type, a SHA-384 hash of the message text input as the first argument, message_hash->pdata, is calculated, and the signature text is written to the second argument, signature, in accordance with secp384r1 using the private wrapped key input as the third argument, wrapped_key.
To use message input, prepare a user-defined function for SHA384.
When a hash value is specified in the first argument, message_hash->data_type, the signature text for the first 48 bytes of the SHA-384 hash value input to the first argument, message_hash->pdata, is written to the second argument, signature, in accordance with secp384r1 using the private wrapped key input as the third argument, wrapped_key.
[in] | message_hash | Message or hash value to which to attach signature
|
[in,out] | signature | Signature text storage destination information
|
[in] | wrapped_key | Input wrapped key of secp384r1 private key. |
FSP_SUCCESS | Normal end |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource required by the processing is in use by other processing. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is invalid. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_ECDSA_secp192r1_SignatureVerify | ( | sce_ecdsa_byte_data_t * | signature, |
sce_ecdsa_byte_data_t * | message_hash, | ||
sce_ecc_public_wrapped_key_t * | wrapped_key | ||
) |
When a message is specified in the second argument, message_hash->data_type, a SHA-256 hash of the message text input as the second argument, message_hash->pdata, is calculated, and the signature text input to the first argument, signature, is validated in accordance with secp192r1 using the public wrapped key input as the third argument, wrapped_key.
When a hash value is specified in the second argument, message_hash->data_type, the signature text for the first 24 bytes of the SHA-256 hash value input to the second argument, message_hash->pdata, input to the first argument, signature, is validated in accordance with secp192r1 using the public wrapped key input as the third argument, wrapped_key.
[in] | signature | Signature text information to be verified
|
[in,out] | message_hash | Message or hash value to be verified
|
[in] | wrapped_key | Input wrapped key of secp192r1 public key. |
FSP_SUCCESS | Normal end |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource required by the processing is in use by other processing. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred or signature verification failed. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is invalid. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_ECDSA_secp224r1_SignatureVerify | ( | sce_ecdsa_byte_data_t * | signature, |
sce_ecdsa_byte_data_t * | message_hash, | ||
sce_ecc_public_wrapped_key_t * | wrapped_key | ||
) |
When a message is specified in the second argument, message_hash->data_type, a SHA-256 hash of the message text input as the second argument, message_hash->pdata, is calculated, and the signature text input to the first argument, signature, is validated in accordance with secp224r1 using the public wrapped key input as the third argument, wrapped_key.
When a hash value is specified in the second argument, message_hash->data_type, the signature text for the first 28 bytes of the SHA-256 hash value input to the second argument, message_hash->pdata, input to the first argument, signature, is validated in accordance with secp224r1 using the public wrapped key input as the third argument, wrapped_key.
[in] | signature | Signature text information to be verified
|
[in,out] | message_hash | Message or hash value to be verified
|
[in] | wrapped_key | Input wrapped key of secp224r1 public key. |
FSP_SUCCESS | Normal end |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource required by the processing is in use by other processing. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred or signature verification failed. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is invalid. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_ECDSA_secp256r1_SignatureVerify | ( | sce_ecdsa_byte_data_t * | signature, |
sce_ecdsa_byte_data_t * | message_hash, | ||
sce_ecc_public_wrapped_key_t * | wrapped_key | ||
) |
When a message is specified in the second argument, message_hash->data_type, a SHA-256 hash of the message text input as the second argument, message_hash->pdata, is calculated, and the signature text input to the first argument, signature, is validated in accordance with secp256r1 using the public wrapped key input as the third argument, wrapped_key.
When a hash value is specified in the second argument, message_hash->data_type, the signature text for the first 32 bytes of the SHA-256 hash value input to the second argument, message_hash->pdata, input to the first argument, signature, is validated in accordance with secp256r1 using the public wrapped key input as the third argument, wrapped_key.
[in] | signature | Signature text information to be verified
|
[in,out] | message_hash | Message or hash value to be verified
|
[in] | wrapped_key | Input wrapped key of secp256r1 public key. |
FSP_SUCCESS | Normal end |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource required by the processing is in use by other processing. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred or signature verification failed. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is invalid. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_ECDSA_secp384r1_SignatureVerify | ( | sce_ecdsa_byte_data_t * | signature, |
sce_ecdsa_byte_data_t * | message_hash, | ||
sce_ecc_public_wrapped_key_t * | wrapped_key | ||
) |
When a message is specified in the second argument, message_hash->data_type, a SHA-256 hash of the message text input as the second argument, message_hash->pdata, is calculated, and the signature text input to the first argument, signature, is validated in accordance with secp384r1 using the public wrapped key input as the third argument, wrapped_key.
To use message input, prepare a user-defined function for SHA384.
When a hash value is specified in the second argument, message_hash->data_type, the signature text for the first 48 bytes of the SHA-256 hash value input to the second argument, message_hash->pdata, input to the first argument, signature, is validated in accordance with secp384r1 using the public wrapped key input as the third argument, wrapped_key.
[in] | signature | Signature text information to be verified
|
[in,out] | message_hash | Message or hash value to be verified
|
[in] | wrapped_key | Input wrapped key of secp384r1 public key. |
FSP_SUCCESS | Normal end |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource required by the processing is in use by other processing. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred or signature verification failed. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is invalid. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_ECDH_secp256r1_Init | ( | sce_ecdh_handle_t * | handle, |
uint32_t | key_type, | ||
uint32_t | use_key_id | ||
) |
The R_SCE_ECDH_secp256r1_Init() function prepares to perform ECDH key exchange computation and writes the result to the first argument, handle. The succeeding functions R_SCE_ECDH_secp256r1_PublicKeySign(), R_SCE_ECDH_secp256r1_PublicKeyVerify(), R_SCE_ECDH_secp256r1_SharedSecretCalculate(), and R_SCE_ECDH_secp256r1_KeyDerivation() use handle as an argument.
Use the second argument, key_type, to select the type of ECDH key exchange. When ECDHE is selected, the R_SCE_ECDH_secp256r1_PublicKeySign() function uses the SCE's random number generation functionality to generate an secp256r1 key pair. When ECDH is selected, keys installed beforehand are used for key exchange.
Input 1 as the third argument, use_key_id, to use key_id when key exchange is performed. key_id is for applications conforming to the DLMS/COSEM standard for smart meters.
[in,out] | handle | ECDH handler (work area) |
[in] | key_type | Key exchange type (0: ECDHE, 1: ECDH, 2:ECDH(AES-GCM-128 with IV)) |
[in] | use_key_id | 0: key_id not used, 1: key_id used |
FSP_SUCCESS | Normal end |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is invalid. |
fsp_err_t R_SCE_ECDH_secp256r1_PublicKeySign | ( | sce_ecdh_handle_t * | handle, |
sce_ecc_public_wrapped_key_t * | ecc_public_wrapped_key, | ||
sce_ecc_private_wrapped_key_t * | ecc_private_wrapped_key, | ||
uint8_t * | public_key, | ||
sce_ecdsa_byte_data_t * | signature, | ||
sce_ecc_private_wrapped_key_t * | wrapped_key | ||
) |
The R_SCE_ECDH_secp256r1_PublicKeySign() function calculates a signature for a public key user wrapped key used for ECDH key exchange.
If ECDHE is specified by the key_type argument of the R_SCE_ECDH_secp256r1_Init() function, the SCE's random number generation functionality is used to generate an secp256r1 key pair. The public key is output to public_key and the private key is output to wrapped_key.
If ECDH is specified by the key_type argument of the R_SCE_ECDH_secp256r1_Init() function, the public key input as ecc_public_wrapped_key is output to public_key and nothing is output to wrapped_key.
The succeeding function R_SCE_ECDH_secp256r1_SharedSecretCalculate() uses the first argument, handle, as an argument. R_SCE_ECDH_secp256r1_SharedSecretCalculate() function uses wrapped_key as input to calculate Z.
[in,out] | handle | ECDH handler (work area) When using key_id, input handle->key_id after running R_SCE_ECDH_secp256r1_Init(). |
[in] | ecc_public_wrapped_key | For ECDHE, input a null pointer. For ECDH, input the wrapped key of a secp256r1 public key. |
[in] | ecc_private_wrapped_key | secp256r1 private key for signature generation |
[in,out] | public_key | User secp256r1 public key (512-bit) for key exchange. When using key_id, key_id (8-bit) || public key (512-bit) || 0 padding (24-bit) |
[in,out] | signature | Signature text storage destination information
|
[in,out] | wrapped_key | For ECDHE, a private wrapped key generated from a random number. Not output for ECDH. |
FSP_SUCCESS | Normal end |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource required by the processing is in use by other processing. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_ECDH_secp256r1_PublicKeyVerify | ( | sce_ecdh_handle_t * | handle, |
sce_ecc_public_wrapped_key_t * | ecc_public_wrapped_key, | ||
uint8_t * | public_key_data, | ||
sce_ecdsa_byte_data_t * | signature, | ||
sce_ecc_public_wrapped_key_t * | wrapped_key | ||
) |
The R_SCE_ECDH_secp256r1_PublicKeyVerify() function verifies the signature of the secp256r1 public key of the other ECDH key exchange party. If the signature is correct, it outputs the public wrapped key to the fifth argument. The first argument, handle, is used as an argument in the subsequent function R_SCE_ECDH_secp256r1_SharedSecretCalculate(). R_SCE_ECDH_secp256r1_SharedSecretCalculate() uses wrapped_key as input to calculate Z.
[in,out] | handle | ECDH handler (work area) |
[in] | ecc_public_wrapped_key | Public wrapped key area for signature verification |
[in] | public_key_data | secp256r1 public key (512-bit). When key_id is used: key_id (8-bit) || public key (512-bit) |
[in] | signature | ECDSA secp256r1 signature of ecc_public_wrapped_key |
[in,out] | wrapped_key | wrapped key of ecc_public_wrapped_key |
FSP_SUCCESS | Normal end |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource required by the processing is in use by other processing. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred or signature verification failed. |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_ECDH_secp256r1_PublicKeyReadWithoutSignature | ( | sce_ecdh_handle_t * | handle, |
uint8_t * | public_key_data, | ||
sce_ecc_public_wrapped_key_t * | wrapped_key | ||
) |
The R_SCE_ECDH_secp256r1_PublicKeyReadWithoutSignature() function reads the secp256r1 public key of the other ECDH key exchange party and outputs the public wrapped key to the third argument. The first argument, handle, is used as an argument in the subsequent function R_SCE_ECDH_secp256r1_SharedSecretCalculate(). R_SCE_ECDH_secp256r1_SharedSecretCalculate() uses wrapped_key as input to calculate Z. This API does not verify signature of public_key_data, please protect this data by upper layer software.
[in,out] | handle | ECDH handler (work area) |
[in] | public_key_data | secp256r1 public key (512-bit). When key_id is used: key_id (8-bit) || public key (512-bit) |
[in,out] | wrapped_key | wrapped key of public_key_data |
FSP_SUCCESS | Normal end |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource required by the processing is in use by other processing. |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_ECDH_secp256r1_SharedSecretCalculate | ( | sce_ecdh_handle_t * | handle, |
sce_ecc_public_wrapped_key_t * | ecc_public_wrapped_key, | ||
sce_ecc_private_wrapped_key_t * | ecc_private_wrapped_key, | ||
sce_ecdh_wrapped_key_t * | shared_secret_wrapped_key | ||
) |
The R_SCE_ECDH_secp256r1_SharedSecretCalculate() function uses the ECDH key exchange algorithm to output the wrapped key of the shared secret Z derived from the public key of the other key exchange party and your own private key. Input as the second argument, ecc_public_wrapped_key, the public wrapped key whose signature was verified by R_SCE_ECDH_secp256r1_PublicKeyVerify(). When key_type of R_SCE_ECDH_secp256r1_Init() is 0, input as the third argument, ecc_private_wrapped_key, the private wrapped key generated from a random number by R_SCE_ECDH_secp256r1_PublicKeySign(), and when key_type is other than 0, input the private wrapped key that forms a pair with the second argument of R_SCE_ECDH_secp256r1_PublicKeySign(). The subsequent R_SCE_ECDH_secp256r1_KeyDerivation() function uses shared_secret_wrapped_key as key material for outputting the wrapped key.
[in,out] | handle | ECDH handler (work area) |
[in] | ecc_public_wrapped_key | Public wrapped key whose signature was verified by R_SCE_ECDH_secp256r1_PublicKeyVerify() |
[in] | ecc_private_wrapped_key | Private wrapped key |
[in,out] | shared_secret_wrapped_key | Wrapped key of shared secret Z calculated by ECDH key exchange |
FSP_SUCCESS | Normal end |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource required by the processing is in use by other processing. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_ECDH_secp256r1_KeyDerivation | ( | sce_ecdh_handle_t * | handle, |
sce_ecdh_wrapped_key_t * | shared_secret_wrapped_key, | ||
uint32_t | key_type, | ||
uint32_t | kdf_type, | ||
uint8_t * | other_info, | ||
uint32_t | other_info_length, | ||
sce_hmac_sha_wrapped_key_t * | salt_wrapped_key, | ||
sce_aes_wrapped_key_t * | wrapped_key | ||
) |
The R_SCE_ECDH_secp256r1_KeyDerivation() function uses the shared secret "Z (shared_secret_index)" calculated by the R_SCE_ECDH_secp256r1_SharedSecretCalculate() function as the key material to derive the wrapped key specified by the third argument, key_type. The key derivation algorithm is one-step key derivation as defined in NIST SP800-56C. Either SHA-256 or SHA-256 HMAC is specified by the fourth argument, kdf_type. When SHA-256 HMAC is specified, the wrapped key output by the R_SCE_SHA256HMAC_EncryptedKeyWrap() function is specified as the seventh argument, salt_wrapped_key. Enter a fixed value for deriving a key shared with the key exchange partner in the fifth argument, other_info. A wrapped key corresponding to key_type is output as the eighth argument, wrapped_key. The correspondences between the types of derived wrapped_key and the functions with which they can be used as listed below.
[in,out] | handle | ECDH handler (work area) |
[in] | shared_secret_wrapped_key | Z wrapped key calculated by R_SCE_ECDH_secp256r1_SharedSecretCalculate |
[in] | key_type | Derived key type (0: AES-128, 1: AES-256, 2:SHA256-HMAC, 3: AES-GCM-128 with IV) |
[in] | kdf_type | Algorithm used for key derivation calculation (0: SHA-256, 1:SHA256-HMAC) |
[in] | other_info | Additional data used for key derivation calculation: AlgorithmID || PartyUInfo || PartyVInfo |
[in] | other_info_length | Data length of other_info (up to 147 byte units) |
[in] | salt_wrapped_key | Salt wrapped key (Input NULL when kdf_type is 0.) |
[in,out] | wrapped_key | Wrapped key corresponding to key_type. When the value of key_type is 2, an SHA256-HMAC wrapped key is output. wrapped_key can be specified by casting the start address of the area reserved beforehand by the sce_hmac_sha_wrapped_key_t type with the (sce_aes_wrapped_key_t*) type. |
FSP_SUCCESS | Normal end |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource required by the processing is in use by other processing. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
FSP_ERR_CRYPTO_SCE_FAIL | Internal error occurred. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES128ECB_EncryptInit | ( | sce_aes_handle_t * | handle, |
sce_aes_wrapped_key_t * | wrapped_key | ||
) |
The R_SCE_AES128ECB_EncryptInit() function performs preparations for the execution of an AES calculation, and writes the result to the first argument, handle. The value of handle is used as an argument in the subsequent R_SCE_AES128ECB_EncryptUpdate() function and R_SCE_AES128ECB_EncryptFinal() function.
[in,out] | handle | AES handler (work area) |
[in] | wrapped_key | 128-bit AES wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Input illegal wrapped key. |
FSP_ERR_CRYPTO_SCE_FAIL | Internal error occurred. |
fsp_err_t R_SCE_AES128ECB_EncryptUpdate | ( | sce_aes_handle_t * | handle, |
uint8_t * | plain, | ||
uint8_t * | cipher, | ||
uint32_t | plain_length | ||
) |
The R_SCE_AES128ECB_EncryptUpdate() function encrypts the second argument, plain, utilizing the key index stored in the handle specified in the first argument, handle, and writes the ongoing status to this first argument. In addition, it writes the encryption result to the third argument, cipher. After plaintext input is completed, call R_SCE_AES128ECB_EncryptFinal().
Specify areas for plain and cipher that do not overlap. For plain and cipher, specify RAM addresses that are multiples of 4.
[in,out] | handle | AES handler (work area) |
[in] | plain | plaintext data area |
[in,out] | cipher | ciphertext data area |
[in,out] | plain_length | plaintext data length (must be a multiple of 16) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES128ECB_EncryptFinal | ( | sce_aes_handle_t * | handle, |
uint8_t * | cipher, | ||
uint32_t * | cipher_length | ||
) |
Using the handle specified in the first argument, handle, the R_SCE_AES128ECB_EncryptFinal() function writes the calculation result to the second argument, cipher, and writes the length of the calculation result to the third argument, cipher_length. The original intent was for a portion of the encryption result that was not a multiple of 16 bytes to be written to the second argument. However, as a result of the restriction that only multiples of 16 can be input to the Update function, nothing is ever written to cipher, and 0 is always written to cipher_length. The arguments cipher and cipher_length are provided for compatibility in anticipation of the time when this restriction is lifted.
[in,out] | handle | AES handler (work area) |
[in,out] | cipher | ciphertext data area (nothing ever written here) |
[in,out] | cipher_length | ciphertext data length (0 always written here) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES128ECB_DecryptInit | ( | sce_aes_handle_t * | handle, |
sce_aes_wrapped_key_t * | wrapped_key | ||
) |
The R_SCE_AES128ECB_DecryptInit() function performs preparations for the execution of an AES calculation, and writes the result to the first argument, handle. The value of handle is used as an argument in the subsequent R_SCE_AES128ECB_DecryptUpdate() function and R_SCE_AES128ECB_DecryptFinal() function.
[in,out] | handle | AES handler (work area) |
[in] | wrapped_key | 128-bit AES wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Input illegal wrapped key. |
FSP_ERR_CRYPTO_SCE_FAIL | Internal error occurred. |
fsp_err_t R_SCE_AES128ECB_DecryptUpdate | ( | sce_aes_handle_t * | handle, |
uint8_t * | cipher, | ||
uint8_t * | plain, | ||
uint32_t | cipher_length | ||
) |
The R_SCE_AES128ECB_DecryptUpdate() function decrypts the second argument, cipher, utilizing the key index stored in the handle specified in the first argument, handle, and writes the ongoing status to this first argument. In addition, it writes the decryption result to the third argument, plain. After plaintext input is completed, call R_SCE_AES128ECB_DecryptFinal().
Specify areas for plain and cipher that do not overlap. For plain and cipher, specify RAM addresses that are multiples of 4.
[in,out] | handle | AES handler (work area) |
[in] | cipher | ciphertext data area |
[in,out] | plain | plaintext data area |
[in,out] | cipher_length | ciphertext data length (must be a multiple of 16) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES128ECB_DecryptFinal | ( | sce_aes_handle_t * | handle, |
uint8_t * | plain, | ||
uint32_t * | plain_length | ||
) |
Using the handle specified in the first argument, handle, the R_SCE_AES128ECB_DecryptFinal() function writes the calculation result to the second argument, plain, and writes the length of the calculation result to the third argument, plain_length. The original intent was for a portion of the decryption result that was not a multiple of 16 bytes to be written to the second argument. However, as a result of the restriction that only multiples of 16 can be input to the Update function, nothing is ever written to plain, and 0 is always written to plain_length. The arguments plain and plain_length are provided for compatibility in anticipation of the time when this restriction is lifted.
[in,out] | handle | AES handler (work area) |
[in,out] | plain | plaintext data area (nothing ever written here) |
[in,out] | plain_length | plaintext data length (0 always written here) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES256ECB_EncryptInit | ( | sce_aes_handle_t * | handle, |
sce_aes_wrapped_key_t * | wrapped_key | ||
) |
The R_SCE_AES256ECB_EncryptInit() function performs preparations for the execution of an AES calculation, and writes the result to the first argument, handle. The value of handle is used as an argument in the subsequent R_SCE_AES256ECB_EncryptUpdate() function and R_SCE_AES256ECB_EncryptFinal() function.
[in,out] | handle | AES handler (work area) |
[in] | wrapped_key | 128-bit AES wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Input illegal wrapped key. |
FSP_ERR_CRYPTO_SCE_FAIL | Internal error occurred. |
fsp_err_t R_SCE_AES256ECB_EncryptUpdate | ( | sce_aes_handle_t * | handle, |
uint8_t * | plain, | ||
uint8_t * | cipher, | ||
uint32_t | plain_length | ||
) |
The R_SCE_AES256ECB_EncryptUpdate() function encrypts the second argument, plain, utilizing the key index stored in the handle specified in the first argument, handle, and writes the ongoing status to this first argument. In addition, it writes the encryption result to the third argument, cipher. After plaintext input is completed, call R_SCE_AES256ECB_EncryptFinal().
Specify areas for plain and cipher that do not overlap. For plain and cipher, specify RAM addresses that are multiples of 4.
[in,out] | handle | AES handler (work area) |
[in] | plain | plaintext data area |
[in,out] | cipher | ciphertext data area |
[in,out] | plain_length | plaintext data length (must be a multiple of 16) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES256ECB_EncryptFinal | ( | sce_aes_handle_t * | handle, |
uint8_t * | cipher, | ||
uint32_t * | cipher_length | ||
) |
Using the handle specified in the first argument, handle, the R_SCE_AES256ECB_EncryptFinal() function writes the calculation result to the second argument, cipher, and writes the length of the calculation result to the third argument, cipher_length. The original intent was for a portion of the encryption result that was not a multiple of 16 bytes to be written to the second argument. However, as a result of the restriction that only multiples of 16 can be input to the Update function, nothing is ever written to cipher, and 0 is always written to cipher_length. The arguments cipher and cipher_length are provided for compatibility in anticipation of the time when this restriction is lifted.
[in,out] | handle | AES handler (work area) |
[in,out] | cipher | ciphertext data area (nothing ever written here) |
[in,out] | cipher_length | ciphertext data length (0 always written here) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES256ECB_DecryptInit | ( | sce_aes_handle_t * | handle, |
sce_aes_wrapped_key_t * | wrapped_key | ||
) |
The R_SCE_AES128ECB_DecryptInit() function performs preparations for the execution of an AES calculation, and writes the result to the first argument, handle. The value of handle is used as an argument in the subsequent R_SCE_AES128ECB_DecryptUpdate() function and R_SCE_AES128ECB_DecryptFinal() function.
[in,out] | handle | AES handler (work area) |
[in] | wrapped_key | 128-bit AES wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Input illegal wrapped key. |
FSP_ERR_CRYPTO_SCE_FAIL | Internal error occurred. |
fsp_err_t R_SCE_AES256ECB_DecryptUpdate | ( | sce_aes_handle_t * | handle, |
uint8_t * | cipher, | ||
uint8_t * | plain, | ||
uint32_t | cipher_length | ||
) |
The R_SCE_AES256ECB_DecryptUpdate() function decrypts the second argument, cipher, utilizing the key index stored in the handle specified in the first argument, handle, and writes the ongoing status to this first argument. In addition, it writes the decryption result to the third argument, plain. After plaintext input is completed, call R_SCE_AES256ECB_DecryptFinal().
Specify areas for plain and cipher that do not overlap. For plain and cipher, specify RAM addresses that are multiples of 4.
[in,out] | handle | AES handler (work area) |
[in] | cipher | ciphertext data area |
[in,out] | plain | plaintext data area |
[in,out] | cipher_length | ciphertext data length (must be a multiple of 16) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES256ECB_DecryptFinal | ( | sce_aes_handle_t * | handle, |
uint8_t * | plain, | ||
uint32_t * | plain_length | ||
) |
Using the handle specified in the first argument, handle, the R_SCE_AES256ECB_DecryptFinal() function writes the calculation result to the second argument, plain, and writes the length of the calculation result to the third argument, plain_length. The original intent was for a portion of the decryption result that was not a multiple of 16 bytes to be written to the second argument. However, as a result of the restriction that only multiples of 16 can be input to the Update function, nothing is ever written to plain, and 0 is always written to plain_length. The arguments plain and plain_length are provided for compatibility in anticipation of the time when this restriction is lifted.
[in,out] | handle | AES handler (work area) |
[in,out] | plain | plaintext data area (nothing ever written here) |
[in,out] | plain_length | plaintext data length (0 always written here) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES128CBC_EncryptInit | ( | sce_aes_handle_t * | handle, |
sce_aes_wrapped_key_t * | wrapped_key, | ||
uint8_t * | initial_vector | ||
) |
The R_SCE_AES128CBC_EncryptInit() function performs preparations for the execution of an AES calculation, and writes the result to the first argument, handle. The value of handle is used as an argument in the subsequent R_SCE_AES128CBC_EncryptUpdate() function and R_SCE_AES128CBC_EncryptFinal() function.
[in,out] | handle | AES handler (work area) |
[in] | wrapped_key | 128-bit AES wrapped key |
[in] | initial_vector | initialization vector area (16byte) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Input illegal wrapped key. |
FSP_ERR_CRYPTO_SCE_FAIL | Internal error occurred. |
fsp_err_t R_SCE_AES128CBC_EncryptUpdate | ( | sce_aes_handle_t * | handle, |
uint8_t * | plain, | ||
uint8_t * | cipher, | ||
uint32_t | plain_length | ||
) |
The R_SCE_AES128CBC_EncryptUpdate() function encrypts the second argument, plain, utilizing the key index stored in the handle specified in the first argument, handle, and writes the ongoing status to this first argument. In addition, it writes the encryption result to the third argument, cipher. After plaintext input is completed, call R_SCE_AES128CBC_EncryptFinal().
Specify areas for plain and cipher that do not overlap. For plain and cipher, specify RAM addresses that are multiples of 4.
[in,out] | handle | AES handler (work area) |
[in] | plain | plaintext data area |
[in,out] | cipher | ciphertext data area |
[in,out] | plain_length | plaintext data length (must be a multiple of 16) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES128CBC_EncryptFinal | ( | sce_aes_handle_t * | handle, |
uint8_t * | cipher, | ||
uint32_t * | cipher_length | ||
) |
Using the handle specified in the first argument, handle, the R_SCE_AES128CBC_EncryptFinal() function writes the calculation result to the second argument, cipher, and writes the length of the calculation result to the third argument, cipher_length. The original intent was for a portion of the encryption result that was not a multiple of 16 bytes to be written to the second argument. However, as a result of the restriction that only multiples of 16 can be input to the Update function, nothing is ever written to cipher, and 0 is always written to cipher_length. The arguments cipher and cipher_length are provided for compatibility in anticipation of the time when this restriction is lifted.
[in,out] | handle | AES handler (work area) |
[in,out] | cipher | ciphertext data area (nothing ever written here) |
[in,out] | cipher_length | ciphertext data length (0 always written here) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES128CBC_DecryptInit | ( | sce_aes_handle_t * | handle, |
sce_aes_wrapped_key_t * | wrapped_key, | ||
uint8_t * | initial_vector | ||
) |
The R_SCE_AES128CBC_DecryptInit() function performs preparations for the execution of an AES calculation, and writes the result to the first argument, handle. The value of handle is used as an argument in the subsequent R_SCE_AES128CBC_DecryptUpdate() function and R_SCE_AES128CBC_DecryptFinal() function.
[in,out] | handle | AES handler (work area) |
[in] | wrapped_key | 128-bit AES wrapped key |
[in] | initial_vector | initialization vector area (16byte) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Input illegal wrapped key. |
FSP_ERR_CRYPTO_SCE_FAIL | Internal error occurred. |
fsp_err_t R_SCE_AES128CBC_DecryptUpdate | ( | sce_aes_handle_t * | handle, |
uint8_t * | cipher, | ||
uint8_t * | plain, | ||
uint32_t | cipher_length | ||
) |
The R_SCE_AES128CBC_DecryptUpdate() function decrypts the second argument, cipher, utilizing the key index stored in the handle specified in the first argument, handle, and writes the ongoing status to this first argument. In addition, it writes the decryption result to the third argument, plain. After plaintext input is completed, call R_SCE_AES128CBC_DecryptFinal().
Specify areas for plain and cipher that do not overlap. For plain and cipher, specify RAM addresses that are multiples of 4.
[in,out] | handle | AES handler (work area) |
[in] | cipher | ciphertext data area |
[in,out] | plain | plaintext data area |
[in,out] | cipher_length | ciphertext data length (must be a multiple of 16) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES128CBC_DecryptFinal | ( | sce_aes_handle_t * | handle, |
uint8_t * | plain, | ||
uint32_t * | plain_length | ||
) |
Using the handle specified in the first argument, handle, the R_SCE_AES128CBC_DecryptFinal() function writes the calculation result to the second argument, plain, and writes the length of the calculation result to the third argument, plain_length. The original intent was for a portion of the decryption result that was not a multiple of 16 bytes to be written to the second argument. However, as a result of the restriction that only multiples of 16 can be input to the Update function, nothing is ever written to plain, and 0 is always written to plain_length. The arguments plain and plain_length are provided for compatibility in anticipation of the time when this restriction is lifted.
[in,out] | handle | AES handler (work area) |
[in,out] | plain | plaintext data area (nothing ever written here) |
[in,out] | plain_length | plaintext data length (0 always written here) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES256CBC_EncryptInit | ( | sce_aes_handle_t * | handle, |
sce_aes_wrapped_key_t * | wrapped_key, | ||
uint8_t * | initial_vector | ||
) |
The R_SCE_AES256CBC_EncryptInit() function performs preparations for the execution of an AES calculation, and writes the result to the first argument, handle. The value of handle is used as an argument in the subsequent R_SCE_AES256CBC_EncryptUpdate() function and R_SCE_AES256CBC_EncryptFinal() function.
[in,out] | handle | AES handler (work area) |
[in] | wrapped_key | 256-bit AES wrapped key |
[in] | initial_vector | initial vector area (16byte) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Input illegal wrapped key. |
FSP_ERR_CRYPTO_SCE_FAIL | Internal error occurred. |
fsp_err_t R_SCE_AES256CBC_EncryptUpdate | ( | sce_aes_handle_t * | handle, |
uint8_t * | plain, | ||
uint8_t * | cipher, | ||
uint32_t | plain_length | ||
) |
The R_SCE_AES256CBC_EncryptUpdate() function encrypts the second argument, plain, utilizing the key index stored in the handle specified in the first argument, handle, and writes the ongoing status to this first argument. In addition, it writes the encryption result to the third argument, cipher. After plaintext input is completed, call R_SCE_AES256CBC_EncryptFinal().
Specify areas for plain and cipher that do not overlap. For plain and cipher, specify RAM addresses that are multiples of 4.
[in,out] | handle | AES handler (work area) |
[in] | plain | plaintext data area |
[in,out] | cipher | ciphertext data area |
[in,out] | plain_length | plaintext data length (must be a multiple of 16) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES256CBC_EncryptFinal | ( | sce_aes_handle_t * | handle, |
uint8_t * | cipher, | ||
uint32_t * | cipher_length | ||
) |
Using the handle specified in the first argument, handle, the R_SCE_AES256CBC_EncryptFinal() function writes the calculation result to the second argument, cipher, and writes the length of the calculation result to the third argument, cipher_length. The original intent was for a portion of the encryption result that was not a multiple of 16 bytes to be written to the second argument. However, as a result of the restriction that only multiples of 16 can be input to the Update function, nothing is ever written to cipher, and 0 is always written to cipher_length. The arguments cipher and cipher_length are provided for compatibility in anticipation of the time when this restriction is lifted.
[in,out] | handle | AES handler (work area) |
[in,out] | cipher | ciphertext data area (nothing ever written here) |
[in,out] | cipher_length | ciphertext data length (0 always written here) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES256CBC_DecryptInit | ( | sce_aes_handle_t * | handle, |
sce_aes_wrapped_key_t * | wrapped_key, | ||
uint8_t * | initial_vector | ||
) |
The R_SCE_AES256CBC_DecryptInit() function performs preparations for the execution of an AES calculation, and writes the result to the first argument, handle. The value of handle is used as an argument in the subsequent R_SCE_AES256CBC_DecryptUpdate() function and R_SCE_AES256CBC_DecryptFinal() function.
[in,out] | handle | AES handler (work area) |
[in] | wrapped_key | 256-bit AES wrapped key |
[in] | initial_vector | initialization vector area (16byte) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Input illegal wrapped key. |
FSP_ERR_CRYPTO_SCE_FAIL | Internal error occurred. |
fsp_err_t R_SCE_AES256CBC_DecryptUpdate | ( | sce_aes_handle_t * | handle, |
uint8_t * | cipher, | ||
uint8_t * | plain, | ||
uint32_t | cipher_length | ||
) |
The R_SCE_AES256CBC_DecryptUpdate() function decrypts the second argument, cipher, utilizing the key index stored in the handle specified in the first argument, handle, and writes the ongoing status to this first argument. In addition, it writes the decryption result to the third argument, plain. After plaintext input is completed, call R_SCE_AES256CBC_DecryptFinal().
Specify areas for plain and cipher that do not overlap. For plain and cipher, specify RAM addresses that are multiples of 4.
[in,out] | handle | AES handler (work area) |
[in] | cipher | ciphertext data area |
[in,out] | plain | plaintext data area |
[in,out] | cipher_length | ciphertext data length (must be a multiple of 16) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES256CBC_DecryptFinal | ( | sce_aes_handle_t * | handle, |
uint8_t * | plain, | ||
uint32_t * | plain_length | ||
) |
Using the handle specified in the first argument, handle, the R_SCE_AES256CBC_DecryptFinal() function writes the calculation result to the second argument, plain, and writes the length of the calculation result to the third argument, plain_length. The original intent was for a portion of the decryption result that was not a multiple of 16 bytes to be written to the second argument. However, as a result of the restriction that only multiples of 16 can be input to the Update function, nothing is ever written to plain, and 0 is always written to plain_length. The arguments plain and plain_length are provided for compatibility in anticipation of the time when this restriction is lifted.
[in,out] | handle | AES handler (work area) |
[in,out] | plain | plaintext data area (nothing ever written here) |
[in,out] | plain_length | plaintext data length (0 always written here) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES128GCM_EncryptInit | ( | sce_gcm_handle_t * | handle, |
sce_aes_wrapped_key_t * | wrapped_key, | ||
uint8_t * | initial_vector, | ||
uint32_t | initial_vector_length | ||
) |
The R_SCE_AES128GCM_EncryptInit() function performs preparations for the execution of an GCM calculation, and writes the result to the first argument, handle. The value of handle is used as an argument in the subsequent R_SCE_AES128GCM_EncryptUpdate() function and R_SCE_AES128GCM_EncryptFinal() function.
[in,out] | handle | AES-GCM handler (work area) |
[in] | wrapped_key | 128-bit AES wrapped key |
[in] | initial_vector | initialization vector area (initial_vector_length byte) |
[in] | initial_vector_length | initialization vector length (1 ore more bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_AES128GCM_EncryptUpdate | ( | sce_gcm_handle_t * | handle, |
uint8_t * | plain, | ||
uint8_t * | cipher, | ||
uint32_t | plain_data_length, | ||
uint8_t * | aad, | ||
uint32_t | aad_length | ||
) |
The R_SCE_AES128GCM_EncryptUpdate() function encrypts the plaintext specified in the second argument, plain, in GCM mode using the values specified for wrapped_key and initial_vector in R_SCE_AES128GCM_EncryptInit(), along with the additional authentication data specified in the fifth argument, aad. Inside this function, the data that is input by the user is buffered until the input values of aad and plain exceed 16 bytes. After the input data from plain reaches 16 bytes or more, the encryption result is output to the ciphertext data area specified in the third argument, cipher. The lengths of the plain and aad data to input are respectively specified in the fourth argument, plain_data_length, and the sixth argument, aad_length. For these, specify not the total byte count for the aad and plain input data, but rather the data length to input when the user calls this function. If the input values plain and aad are not divisible by 16 bytes, they will be padded inside the function. First process the data that is input from aad, and then process the data that is input from plain. If aad data is input after starting to input plain data, an error will occur. If aad data and plain data are input to this function at the same time, the aad data will be processed, and then the function will transition to the plain data input state.
Specify areas for plain and cipher that do not overlap. For plain, cipher, initial_vector, and aad, specify RAM addresses that are multiples of 4
[in,out] | handle | AES-GCM handler (work area) |
[in] | plain | plaintext data area |
[in,out] | cipher | ciphertext data area |
[in] | plain_data_length | plaintext data length (0 or more bytes) |
[in] | aad | additional authentication data (aad_length byte) |
[in] | aad_length | additional authentication data length (0 or more bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PARAMETER | After the data from plain was input, an invalid handle was input from aad. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES128GCM_EncryptFinal | ( | sce_gcm_handle_t * | handle, |
uint8_t * | cipher, | ||
uint32_t * | cipher_data_length, | ||
uint8_t * | atag | ||
) |
If there is 16-byte fractional data indicated by the total data length of the value of plain that was input by R_SCE_AES128GCM_EncryptUpdate (), the R_SCE_AES128GCM_EncryptFinal() function will output the result of encrypting that fractional data to the ciphertext data area specified in the second argument, cipher. Here, the portion that does not reach 16 bytes will be padded with zeros. The authentication tag is output to the fourth argument, atag. For cipher and atag, specify RAM addresses that are multiples of 4.
[in,out] | handle | AES-GCM handler (work area) |
[in,out] | cipher | ciphertext data area (cipher_data_length byte) |
[in,out] | cipher_data_length | ciphertext data length (0 always written here) |
[in,out] | atag | authentication tag area |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES128GCM_DecryptInit | ( | sce_gcm_handle_t * | handle, |
sce_aes_wrapped_key_t * | wrapped_key, | ||
uint8_t * | initial_vector, | ||
uint32_t | initial_vector_length | ||
) |
The R_SCE_AES128GCM_DecryptInit() function performs preparations for the execution of an GCM calculation, and writes the result to the first argument, handle. The value of handle is used as an argument in the subsequent R_SCE_AES128GCM_DecryptUpdate() function and R_SCE_AES128GCM_DecryptFinal() function.
[in,out] | handle | AES-GCM handler (work area) |
[in] | wrapped_key | 128-bit AES wrapped key |
[in] | initial_vector | initialization vector area (initial_vector_length byte) |
[in] | initial_vector_length | initialization vector length (1 ore more bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_AES128GCM_DecryptUpdate | ( | sce_gcm_handle_t * | handle, |
uint8_t * | cipher, | ||
uint8_t * | plain, | ||
uint32_t | cipher_data_length, | ||
uint8_t * | aad, | ||
uint32_t | aad_length | ||
) |
The R_SCE_AES128GCM_DecryptUpdate() function decrypts the ciphertext specified in the second argument, cipher, in GCM mode using the values specified for wrapped_key and initial_vector in R_SCE_AES128GCM_DecryptInit(), along with the additional authentication data specified in the fifth argument, aad. Inside this function, the data that is input by the user is buffered until the input values of aad and plain exceed 16 bytes. After the input data from cipher reaches 16 bytes or more, the decryption result is output to the plaintext data area specified in the third argument, plain. The lengths of the cipher and aad data to input are respectively specified in the fourth argument, cipher_data_length, and the sixth argument, aad_length. For these, specify not the total byte count for the aad and cipher input data, but rather the data length to input when the user calls this function. If the input values cipher and aad are not divisible by 16 bytes, they will be padded inside the function. First process the data that is input from aad, and then process the data that is input from cipher. If aad data is input after starting to input cipher data, an error will occur. If aad data and cipher data are input to this function at the same time, the aad data will be processed, and then the function will transition to the cipher data input state. Specify areas for plain and cipher that do not overlap. For plain, cipher, stage, initial_vector, and aad, specify RAM addresses that are multiples of 4.
[in,out] | handle | AES-GCM handler (work area) |
[in,out] | cipher | ciphertext data area |
[in] | plain | plaintext data area |
[in] | cipher_data_length | ciphertext data length (0 or more bytes) |
[in] | aad | additional authentication data (aad_length byte) |
[in] | aad_length | additional authentication data length (0 or more bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PARAMETER | After the data from plain was input, an invalid handle was input from aad. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES128GCM_DecryptFinal | ( | sce_gcm_handle_t * | handle, |
uint8_t * | plain, | ||
uint32_t * | plain_data_length, | ||
uint8_t * | atag, | ||
uint32_t | atag_length | ||
) |
The R_SCE_AES128GCM_DecryptFinal() function decrypts, in GCM mode, the fractional ciphertext specified by R_SCE_AES128GCM_DecryptUpdate() that does not reach 16 bytes, and ends GCM decryption. The encryption data and authentication tag are respectively output to the plaintext data area specified in the second argument, plain, and the authentication tag area specified in the fourth argument, atag. The decoded data length is output to the third argument, plain_data_length. If authentication fails, the return value will be TSIP_ERR_AUTHENTICATION. For the fourth argument, atag, input 16 bytes or less. If it is less than 16 bytes, it will be padded with zeros inside the function. For plain and atag, specify RAM addresses that are multiples of 4.
[in,out] | handle | AES-GCM handler (work area) |
[in,out] | plain | plaintext data area (cipher_data_length byte) |
[in,out] | plain_data_length | plaintext data length (0 always written here) |
[in,out] | atag | authentication tag area (atag_length byte) |
[in] | atag_length | authentication tag length (4,8,12,13,14,15,16 bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_AUTHENTICATION | Authentication failed |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES256GCM_EncryptInit | ( | sce_gcm_handle_t * | handle, |
sce_aes_wrapped_key_t * | wrapped_key, | ||
uint8_t * | initial_vector, | ||
uint32_t | initial_vector_length | ||
) |
The R_SCE_AES256GCM_EncryptInit() function performs preparations for the execution of an GCM calculation, and writes the result to the first argument, handle. The value of handle is used as an argument in the subsequent R_SCE_AES256GCM_EncryptUpdate() function and R_SCE_AES256GCM_EncryptFinal() function.
[in,out] | handle | AES-GCM handler (work area) |
[in] | wrapped_key | 256-bit AES wrapped key |
[in] | initial_vector | initialization vector area (initial_vector_length byte) |
[in] | initial_vector_length | initialization vector length (1 ore more bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_AES256GCM_EncryptUpdate | ( | sce_gcm_handle_t * | handle, |
uint8_t * | plain, | ||
uint8_t * | cipher, | ||
uint32_t | plain_data_length, | ||
uint8_t * | aad, | ||
uint32_t | aad_length | ||
) |
The R_SCE_AES256GCM_EncryptUpdate() function encrypts the plaintext specified in the second argument, plain, in GCM mode using the values specified for wrapped_key and initial_vector in R_SCE_AES256GCM_EncryptInit(), along with the additional authentication data specified in the fifth argument, aad. Inside this function, the data that is input by the user is buffered until the input values of aad and plain exceed 16 bytes. After the input data from plain reaches 16 bytes or more, the encryption result is output to the ciphertext data area specified in the third argument, cipher. The lengths of the plain and aad data to input are respectively specified in the fourth argument, plain_data_length, and the sixth argument, aad_length. For these, specify not the total byte count for the aad and plain input data, but rather the data length to input when the user calls this function. If the input values plain and aad are not divisible by 16 bytes, they will be padded inside the function. First process the data that is input from aad, and then process the data that is input from plain. If aad data is input after starting to input plain data, an error will occur. If aad data and plain data are input to this function at the same time, the aad data will be processed, and then the function will transition to the plain data input state.
Specify areas for plain and cipher that do not overlap. For plain, cipher, initial_vector, and aad, specify RAM addresses that are multiples of 4
[in,out] | handle | AES-GCM handler (work area) |
[in] | plain | plaintext data area |
[in,out] | cipher | ciphertext data area |
[in] | plain_data_length | plaintext data length (0 or more bytes) |
[in] | aad | additional authentication data (aad_length byte) |
[in] | aad_length | additional authentication data length (0 or more bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PARAMETER | After the data from plain was input, an invalid handle was input from aad. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES256GCM_EncryptFinal | ( | sce_gcm_handle_t * | handle, |
uint8_t * | cipher, | ||
uint32_t * | cipher_data_length, | ||
uint8_t * | atag | ||
) |
If there is 16-byte fractional data indicated by the total data length of the value of plain that was input by R_SCE_AES256GCM_EncryptUpdate (), the R_SCE_AES256GCM_EncryptFinal() function will output the result of encrypting that fractional data to the ciphertext data area specified in the second argument, cipher. Here, the portion that does not reach 16 bytes will be padded with zeros. The authentication tag is output to the fourth argument, atag. For cipher and atag, specify RAM addresses that are multiples of 4.
[in,out] | handle | AES-GCM handler (work area) |
[in,out] | cipher | ciphertext data area (cipher_data_length byte) |
[in,out] | cipher_data_length | ciphertext data length (0 always written here) |
[in,out] | atag | authentication tag area |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES256GCM_DecryptInit | ( | sce_gcm_handle_t * | handle, |
sce_aes_wrapped_key_t * | wrapped_key, | ||
uint8_t * | initial_vector, | ||
uint32_t | initial_vector_length | ||
) |
The R_SCE_AES256GCM_DecryptInit() function performs preparations for the execution of an GCM calculation, and writes the result to the first argument, handle. The value of handle is used as an argument in the subsequent R_SCE_AES256GCM_DecryptUpdate() function and R_SCE_AES256GCM_DecryptFinal() function.
[in,out] | handle | AES-GCM handler (work area) |
[in] | wrapped_key | 256-bit AES wrapped key |
[in] | initial_vector | initialization vector area (initial_vector_length byte) |
[in] | initial_vector_length | initialization vector length (1 ore more bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_AES256GCM_DecryptUpdate | ( | sce_gcm_handle_t * | handle, |
uint8_t * | cipher, | ||
uint8_t * | plain, | ||
uint32_t | cipher_data_length, | ||
uint8_t * | aad, | ||
uint32_t | aad_length | ||
) |
The R_SCE_AES256GCM_DecryptUpdate() function decrypts the ciphertext specified in the second argument, cipher, in GCM mode using the values specified for wrapped_key and initial_vector in R_SCE_AES256GCM_DecryptInit(), along with the additional authentication data specified in the fifth argument, aad. Inside this function, the data that is input by the user is buffered until the input values of aad and plain exceed 16 bytes. After the input data from cipher reaches 16 bytes or more, the decryption result is output to the plaintext data area specified in the third argument, plain. The lengths of the cipher and aad data to input are respectively specified in the fourth argument, cipher_data_length, and the sixth argument, aad_length. For these, specify not the total byte count for the aad and cipher input data, but rather the data length to input when the user calls this function. If the input values cipher and aad are not divisible by 16 bytes, they will be padded inside the function. First process the data that is input from aad, and then process the data that is input from cipher. If aad data is input after starting to input cipher data, an error will occur. If aad data and cipher data are input to this function at the same time, the aad data will be processed, and then the function will transition to the cipher data input state. Specify areas for plain and cipher that do not overlap. For plain, cipher, stage, initial_vector, and aad, specify RAM addresses that are multiples of 4.
[in,out] | handle | AES-GCM handler (work area) |
[in,out] | cipher | ciphertext data area |
[in] | plain | plaintext data area |
[in] | cipher_data_length | ciphertext data length (0 or more bytes) |
[in] | aad | additional authentication data (aad_length byte) |
[in] | aad_length | additional authentication data length (0 or more bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PARAMETER | After the data from plain was input, an invalid handle was input from aad. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES256GCM_DecryptFinal | ( | sce_gcm_handle_t * | handle, |
uint8_t * | plain, | ||
uint32_t * | plain_data_length, | ||
uint8_t * | atag, | ||
uint32_t | atag_length | ||
) |
The R_SCE_AES256GCM_DecryptFinal() function decrypts, in GCM mode, the fractional ciphertext specified by R_SCE_AES256GCM_DecryptUpdate() that does not reach 16 bytes, and ends GCM decryption. The encryption data and authentication tag are respectively output to the plaintext data area specified in the second argument, plain, and the authentication tag area specified in the fourth argument, atag. The decoded data length is output to the third argument, plain_data_length. If authentication fails, the return value will be TSIP_ERR_AUTHENTICATION. For the fourth argument, atag, input 16 bytes or less. If it is less than 16 bytes, it will be padded with zeros inside the function. For plain and atag, specify RAM addresses that are multiples of 4.
[in,out] | handle | AES-GCM handler (work area) |
[in,out] | plain | plaintext data area (cipher_data_length byte) |
[in,out] | plain_data_length | plaintext data length (0 always written here) |
[in,out] | atag | authentication tag area (atag_length byte) |
[in] | atag_length | authentication tag length (4,8,12,13,14,15,16 bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_AUTHENTICATION | Authentication failed |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES128CCM_EncryptInit | ( | sce_ccm_handle_t * | handle, |
sce_aes_wrapped_key_t * | wrapped_key, | ||
uint8_t * | nonce, | ||
uint32_t | nonce_length, | ||
uint8_t * | adata, | ||
uint8_t | a_length, | ||
uint32_t | payload_length, | ||
uint32_t | mac_length | ||
) |
The R_SCE_AES128CCM_EncryptInit() function prepares to perform CCM computation and writes the result to the first argument, handle. The succeeding functions R_SCE_AES128CCM_EncryptUpdate() and R_SCE_AES128CCM_EncryptFinal() use handle as an argument.
[in,out] | handle | AES-CCM handler (work area) |
[in] | wrapped_key | 128-bit AES wrapped key |
[in] | nonce | Nonce |
[in] | nonce_length | Nonce data length (7 to 13 bytes) |
[in] | adata | additional authentication data |
[in] | a_length | additional authentication data length (0 to 110 bytes) |
[in] | payload_length | Payload length (any number of bytes) |
[in] | mac_length | MAC length (4, 6, 8, 10, 12, 14, or 16 bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_AES128CCM_EncryptUpdate | ( | sce_ccm_handle_t * | handle, |
uint8_t * | plain, | ||
uint8_t * | cipher, | ||
uint32_t | plain_length | ||
) |
The R_SCE_AES128CCM_EncryptUpdate() function encrypts the plaintext specified in the second argument, plain, in CCM mode using the values specified by wrapped_key, nonce, and adata in R_SCE_AES128CCM_EncryptInit(). This function buffers internally the data input by the user until the input value of plain exceeds 16 bytes. Once the amount of plain input data is 16 bytes or greater, the encrypted result is output to cipher, which is specified in the third argument. Use payload_length in R_SCE_AES128CCM_EncryptInit() to specify the total data length of plain that will be input. Use plain_length in this function to specify the data length to be input when the user calls this function. If the input value of plain is less than 16 bytes, the function performs padding internally.
Ensure that the areas allocated to plain and cipher do not overlap. Also, specify RAM addresses that are multiples of 4 for plain and cipher.
[in,out] | handle | AES-CCM handler (work area) |
[in] | plain | plaintext data area |
[in,out] | cipher | ciphertext data area |
[in] | plain_length | plaintext data length |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
fsp_err_t R_SCE_AES128CCM_EncryptFinal | ( | sce_ccm_handle_t * | handle, |
uint8_t * | cipher, | ||
uint32_t * | cipher_length, | ||
uint8_t * | mac, | ||
uint32_t | mac_length | ||
) |
If the data length of plain input in R_SCE_AES128CCM_EncryptUpdate() results in leftover data after 16 bytes, the R_SCE_AES128CCM_EncryptFinal() function outputs the leftover encrypted data to cipher, which is specified in the second argument. The MAC value is output to the fourth argument, mac. Set the fifth argument, mac_length to the same value as that specified for the argument mac_length in Aes128CcmEncryptInit(). Also, specify RAM addresses that are multiples of 4 for cipher and mac.
[in,out] | handle | AES-CCM handler (work area) |
[in,out] | cipher | ciphertext data area |
[in,out] | cipher_length | ciphertext data length |
[in,out] | mac | MAC area |
[in] | mac_length | MAC length (4, 6, 8, 10, 12, 14, or 16 bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_AES128CCM_DecryptInit | ( | sce_ccm_handle_t * | handle, |
sce_aes_wrapped_key_t * | wrapped_key, | ||
uint8_t * | nonce, | ||
uint32_t | nonce_length, | ||
uint8_t * | adata, | ||
uint8_t | a_length, | ||
uint32_t | payload_length, | ||
uint32_t | mac_length | ||
) |
The R_SCE_AES128CCM_DecryptInit() function prepares to perform CCM computation and writes the result to the first argument, handle. The succeeding functions R_SCE_AES128CCM_DecryptUpdate() and R_SCE_AES128CCM_DecryptFinal() use handle as an argument.
[in,out] | handle | AES-CCM handler (work area) |
[in] | wrapped_key | 128-bit AES wrapped key |
[in] | nonce | Nonce |
[in] | nonce_length | Nonce data length (7 to 13 bytes) |
[in] | adata | additional authentication data |
[in] | a_length | additional authentication data length (0 to 110 bytes) |
[in] | payload_length | Payload length (any number of bytes) |
[in] | mac_length | MAC length (4, 6, 8, 10, 12, 14, or 16 bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_AES128CCM_DecryptUpdate | ( | sce_ccm_handle_t * | handle, |
uint8_t * | cipher, | ||
uint8_t * | plain, | ||
uint32_t | cipher_length | ||
) |
The R_SCE_AES128CCM_DecryptUpdate() function decrypts the ciphertext specified by the second argument, cipher, in CCM mode using the values specified by wrapped_key, nonce, and adata in in R_SCE_AES128CCM_DecryptInit(). This function buffers internally the data input by the user until the input value of cipher exceeds 16 bytes. Once the amount of cipher input data is 16 bytes or greater, the decrypted result is output to plain, which is specified in the third argument. Use payload_length in R_SCE_AES128CCM_DecryptInit() to specify the total data length of cipher that will be input. Use cipher_length in this function to specify the data length to be input when the user calls this function. If the input value of cipher is less than 16 bytes, the function performs padding internally.
Ensure that the areas allocated to cipher and plain do not overlap. Also, specify RAM addresses that are multiples of 4 for cipher and plain.
[in,out] | handle | AES-CCM handler (work area) |
[in] | cipher | ciphertext data area |
[in,out] | plain | plaintext data area |
[in] | cipher_length | ciphertext data length |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
fsp_err_t R_SCE_AES128CCM_DecryptFinal | ( | sce_ccm_handle_t * | handle, |
uint8_t * | plain, | ||
uint32_t * | plain_length, | ||
uint8_t * | mac, | ||
uint32_t | mac_length | ||
) |
If the data length of cipher input in R_SCE_AES128GCM_DecryptUpdate() results in leftover data after 16 bytes, the R_SCE_AES128GCM_DecryptFinal() function outputs the leftover decrypted data to cipher, which is specified in the second argument. In addition, the function verifies the fourth argument, mac. Set the fifth argument, mac_length, to the same value as that specified for the argument mac_length in Aes128CcmDecryptInit().
[in,out] | handle | AES-CCM handler (work area) |
[in,out] | plain | plaintext data area |
[in,out] | plain_length | plaintext data length |
[in] | mac | MAC area |
[in] | mac_length | MAC length (4, 6, 8, 10, 12, 14, or 16 bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_FAIL | Internal error, or authentication failed. |
fsp_err_t R_SCE_AES256CCM_EncryptInit | ( | sce_ccm_handle_t * | handle, |
sce_aes_wrapped_key_t * | wrapped_key, | ||
uint8_t * | nonce, | ||
uint32_t | nonce_length, | ||
uint8_t * | adata, | ||
uint8_t | a_length, | ||
uint32_t | payload_length, | ||
uint32_t | mac_length | ||
) |
The R_SCE_AES256CCM_EncryptInit() function prepares to perform CCM computation and writes the result to the first argument, handle. The succeeding functions R_SCE_AES256CCM_EncryptUpdate() and R_SCE_AES256CCM_EncryptFinal() use handle as an argument.
[in,out] | handle | AES-CCM handler (work area) |
[in] | wrapped_key | 256-bit AES wrapped key |
[in] | nonce | Nonce |
[in] | nonce_length | Nonce data length (7 to 13 bytes) |
[in] | adata | additional authentication data |
[in] | a_length | additional authentication data length (0 to 110 bytes) |
[in] | payload_length | Payload length (any number of bytes) |
[in] | mac_length | MAC length (4, 6, 8, 10, 12, 14, or 16 bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_AES256CCM_EncryptUpdate | ( | sce_ccm_handle_t * | handle, |
uint8_t * | plain, | ||
uint8_t * | cipher, | ||
uint32_t | plain_length | ||
) |
The R_SCE_AES256CCM_EncryptUpdate() function encrypts the plaintext specified in the second argument, plain, in CCM mode using the values specified by wrapped_key, nonce, and adata in R_SCE_AES256CCM_EncryptInit(). This function buffers internally the data input by the user until the input value of plain exceeds 16 bytes. Once the amount of plain input data is 16 bytes or greater, the encrypted result is output to cipher, which is specified in the third argument. Use payload_length in R_SCE_AES256CCM_EncryptInit() to specify the total data length of plain that will be input. Use plain_length in this function to specify the data length to be input when the user calls this function. If the input value of plain is less than 16 bytes, the function performs padding internally.
Ensure that the areas allocated to plain and cipher do not overlap. Also, specify RAM addresses that are multiples of 4 for plain and cipher.
[in,out] | handle | AES-CCM handler (work area) |
[in] | plain | plaintext data area |
[in,out] | cipher | ciphertext data area |
[in] | plain_length | plaintext data length |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
fsp_err_t R_SCE_AES256CCM_EncryptFinal | ( | sce_ccm_handle_t * | handle, |
uint8_t * | cipher, | ||
uint32_t * | cipher_length, | ||
uint8_t * | mac, | ||
uint32_t | mac_length | ||
) |
If the data length of plain input in R_SCE_AES256CCM_EncryptUpdate() results in leftover data after 16 bytes, the R_SCE_AES256CCM_EncryptFinal() function outputs the leftover encrypted data to cipher, which is specified in the second argument. The MAC value is output to the fourth argument, mac. Set the fifth argument, mac_length to the same value as that specified for the argument mac_length in Aes256CcmEncryptInit(). Also, specify RAM addresses that are multiples of 4 for cipher and mac.
[in,out] | handle | AES-CCM handler (work area) |
[in,out] | cipher | ciphertext data area |
[in,out] | cipher_length | ciphertext data length |
[in,out] | mac | MAC area |
[in] | mac_length | MAC length (4, 6, 8, 10, 12, 14, or 16 bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_AES256CCM_DecryptInit | ( | sce_ccm_handle_t * | handle, |
sce_aes_wrapped_key_t * | wrapped_key, | ||
uint8_t * | nonce, | ||
uint32_t | nonce_length, | ||
uint8_t * | adata, | ||
uint8_t | a_length, | ||
uint32_t | payload_length, | ||
uint32_t | mac_length | ||
) |
The R_SCE_AES256CCM_DecryptInit() function prepares to perform CCM computation and writes the result to the first argument, handle. The succeeding functions R_SCE_AES256CCM_DecryptUpdate() and R_SCE_AES256CCM_DecryptFinal() use handle as an argument.
[in,out] | handle | AES-CCM handler (work area) |
[in] | wrapped_key | 256-bit AES wrapped key |
[in] | nonce | Nonce |
[in] | nonce_length | Nonce data length (7 to 13 bytes) |
[in] | adata | additional authentication data |
[in] | a_length | additional authentication data length (0 to 110 bytes) |
[in] | payload_length | Payload length (any number of bytes) |
[in] | mac_length | MAC length (4, 6, 8, 10, 12, 14, or 16 bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_AES256CCM_DecryptUpdate | ( | sce_ccm_handle_t * | handle, |
uint8_t * | cipher, | ||
uint8_t * | plain, | ||
uint32_t | cipher_length | ||
) |
The R_SCE_AES256CCM_DecryptUpdate() function decrypts the ciphertext specified by the second argument, cipher, in CCM mode using the values specified by wrapped_key, nonce, and adata in in R_SCE_AES256CCM_DecryptInit(). This function buffers internally the data input by the user until the input value of cipher exceeds 16 bytes. Once the amount of cipher input data is 16 bytes or greater, the decrypted result is output to plain, which is specified in the third argument. Use payload_length in R_SCE_AES256CCM_DecryptInit() to specify the total data length of cipher that will be input. Use cipher_length in this function to specify the data length to be input when the user calls this function. If the input value of cipher is less than 16 bytes, the function performs padding internally.
Ensure that the areas allocated to cipher and plain do not overlap. Also, specify RAM addresses that are multiples of 4 for cipher and plain.
[in,out] | handle | AES-CCM handler (work area) |
[in] | cipher | ciphertext data area |
[in,out] | plain | plaintext data area |
[in] | cipher_length | ciphertext data length |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
fsp_err_t R_SCE_AES256CCM_DecryptFinal | ( | sce_ccm_handle_t * | handle, |
uint8_t * | plain, | ||
uint32_t * | plain_length, | ||
uint8_t * | mac, | ||
uint32_t | mac_length | ||
) |
If the data length of cipher input in R_SCE_AES256GCM_DecryptUpdate() results in leftover data after 16 bytes, the R_SCE_AES256GCM_DecryptFinal() function outputs the leftover decrypted data to cipher, which is specified in the second argument. In addition, the function verifies the fourth argument, mac. Set the fifth argument, mac_length, to the same value as that specified for the argument mac_length in Aes256CcmDecryptInit().
[in,out] | handle | AES-CCM handler (work area) |
[in,out] | plain | plaintext data area |
[in,out] | plain_length | plaintext data length |
[in] | mac | MAC area |
[in] | mac_length | MAC length (4, 6, 8, 10, 12, 14, or 16 bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
FSP_ERR_CRYPTO_SCE_PARAMETER | Input data is illegal. |
FSP_ERR_CRYPTO_SCE_FAIL | Internal error, or authentication failed. |
fsp_err_t R_SCE_AES128CMAC_GenerateInit | ( | sce_cmac_handle_t * | handle, |
sce_aes_wrapped_key_t * | wrapped_key | ||
) |
The R_SCE_AES128CMAC_GenerateInit() function performs preparations for the execution of an CMAC calculation, and writes the result to the first argument, handle. The value of handle is used as an argument in the subsequent R_SCE_AES128CMAC_GenerateUpdate() function and R_SCE_AES128CMAC_GenerateFinal() function.
[in,out] | handle | AES-CMAC handler (work area) |
[in] | wrapped_key | 128-bit AES wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_FAIL | Internal error occurred. |
fsp_err_t R_SCE_AES128CMAC_GenerateUpdate | ( | sce_cmac_handle_t * | handle, |
uint8_t * | message, | ||
uint32_t | message_length | ||
) |
The R_SCE_AES128CMAC_GenerateUpdate() function performs MAC value generation based on the message specified in the second argument, message, using the value specified for wrapped_key in R_SCE_AES128CMAC_GenerateInit(). Inside this function, the data that is input by the user is buffered until the input value of message exceeds 16 bytes. The length of the message data to input is specified in the third argument, message_len. For these, input not the total byte count for message input data, but rather the message data length to input when the user calls this function. If the input value, message, is not a multiple of 16 bytes, it will be padded within the function. For message, specify a RAM address that are multiples of 4.
[in,out] | handle | AES-CMAC handler (work area) |
[in] | message | message data area (message_length byte) |
[in] | message_length | message data length (0 or more bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES128CMAC_GenerateFinal | ( | sce_cmac_handle_t * | handle, |
uint8_t * | mac | ||
) |
The R_SCE_AES128CMAC_GenerateFinal() function outputs the MAC value to the MAC data area specified in the second argument, mac, and ends CMAC mode.
[in,out] | handle | AES-CMAC handler (work area) |
[in,out] | mac | MAC data area (16byte) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
FSP_ERR_CRYPTO_SCE_AUTHENTICATION | Not used. |
fsp_err_t R_SCE_AES128CMAC_VerifyInit | ( | sce_cmac_handle_t * | handle, |
sce_aes_wrapped_key_t * | wrapped_key | ||
) |
The R_SCE_AES128CMAC_VerifyInit() function performs preparations for the execution of a CMAC calculation, and writes the result to the first argument, handle. The value of handle is used as an argumentin the subsequent R_SCE_AES128CMAC_VerifyUpdate() function and R_SCE_AES128CMAC_VerifyFinal() function.
[in,out] | handle | AES-CMAC handler (work area) |
[in] | wrapped_key | 128-bit AES wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_FAIL | Internal error occurred. |
fsp_err_t R_SCE_AES128CMAC_VerifyUpdate | ( | sce_cmac_handle_t * | handle, |
uint8_t * | message, | ||
uint32_t | message_length | ||
) |
The R_SCE_AES128CMAC_VerifyUpdate() function performs MAC value generation based on the message specified in the second argument, message, using the value specified for wrapped_key in R_SCE_AES128CMAC_VerifyInit(). Inside this function, the data that is input by the user is buffered until the input value of message exceeds 16 bytes. The length of the message data to input is specified in the third argument, message_len. For these, input not the total byte count for message input data, but rather the message data length to input when the user calls this function. If the input value, message, is not a multiple of 16 bytes, it will be padded within the function. For message, specify a RAM address that are multiples of 4.
[in,out] | handle | AES-CMAC handler (work area) |
[in] | message | message data area (message_length byte) |
[in] | message_length | message data length (0 or more bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES128CMAC_VerifyFinal | ( | sce_cmac_handle_t * | handle, |
uint8_t * | mac, | ||
uint32_t | mac_length | ||
) |
The R_SCE_AES128CMAC_VerifyFinal() function inputs the MAC value in the MAC data area specified in the second argument, mac, and verifies the MAC value. If authentication fails, the return value will be TSIP_ERR_AUTHENTICATION. If the MAC value is less than 16 bytes, it will be padded with zeros inside the function.
[in,out] | handle | AES-CMAC handler (work area) |
[in,out] | mac | MAC data area (mac_length byte) |
[in,out] | mac_length | MAC data length (2 to 16 bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_AUTHENTICATION | Authentication failed |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES256CMAC_GenerateInit | ( | sce_cmac_handle_t * | handle, |
sce_aes_wrapped_key_t * | wrapped_key | ||
) |
The R_SCE_AES256CMAC_GenerateInit() function performs preparations for the execution of an CMAC calculation, and writes the result to the first argument, handle. The value of handle is used as an argument in the subsequent R_SCE_AES256CMAC_GenerateUpdate() function and R_SCE_AES256CMAC_GenerateFinal() function.
[in,out] | handle | AES-CMAC handler (work area) |
[in] | wrapped_key | 256-bit AES wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_FAIL | Internal error occurred. |
fsp_err_t R_SCE_AES256CMAC_GenerateUpdate | ( | sce_cmac_handle_t * | handle, |
uint8_t * | message, | ||
uint32_t | message_length | ||
) |
The R_SCE_AES256CMAC_GenerateUpdate() function performs MAC value generation based on the message specified in the second argument, message, using the value specified for wrapped_key in R_SCE_AES256CMAC_GenerateInit(). Inside this function, the data that is input by the user is buffered until the input value of message exceeds 16 bytes. The length of the message data to input is specified in the third argument, message_len. For these, input not the total byte count for message input data, but rather the message data length to input when the user calls this function. If the input value, message, is not a multiple of 16 bytes, it will be padded within the function. For message, specify a RAM address that are multiples of 4.
[in,out] | handle | AES-CMAC handler (work area) |
[in] | message | message data area (message_length byte) |
[in] | message_length | message data length (0 or more bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES256CMAC_GenerateFinal | ( | sce_cmac_handle_t * | handle, |
uint8_t * | mac | ||
) |
The R_SCE_AES256CMAC_GenerateFinal() function outputs the MAC value to the MAC data area specified in the second argument, mac, and ends CMAC mode.
[in,out] | handle | AES-CMAC handler (work area) |
[in,out] | mac | MAC data area (16byte) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
FSP_ERR_CRYPTO_SCE_AUTHENTICATION | Not used. |
fsp_err_t R_SCE_AES256CMAC_VerifyInit | ( | sce_cmac_handle_t * | handle, |
sce_aes_wrapped_key_t * | wrapped_key | ||
) |
The R_SCE_AES256CMAC_VerifyInit() function performs preparations for the execution of a CMAC calculation, and writes the result to the first argument, handle. The value of handle is used as an argumentin the subsequent R_SCE_AES256CMAC_VerifyUpdate() function and R_SCE_AES256CMAC_VerifyFinal() function.
[in,out] | handle | AES-CMAC handler (work area) |
[in] | wrapped_key | 256-bit AES wrapped key |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_KEY_SET_FAIL | Invalid wrapped key was input. |
FSP_ERR_CRYPTO_SCE_FAIL | Internal error occurred. |
fsp_err_t R_SCE_AES256CMAC_VerifyUpdate | ( | sce_cmac_handle_t * | handle, |
uint8_t * | message, | ||
uint32_t | message_length | ||
) |
The R_SCE_AES256CMAC_VerifyUpdate() function performs MAC value generation based on the message specified in the second argument, message, using the value specified for wrapped_key in R_SCE_AES256CMAC_VerifyInit(). Inside this function, the data that is input by the user is buffered until the input value of message exceeds 16 bytes. The length of the message data to input is specified in the third argument, message_len. For these, input not the total byte count for message input data, but rather the message data length to input when the user calls this function. If the input value, message, is not a multiple of 16 bytes, it will be padded within the function. For message, specify a RAM address that are multiples of 4.
[in,out] | handle | AES-CMAC handler (work area) |
[in] | message | message data area (message_length byte) |
[in] | message_length | message data length (0 or more bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_AES256CMAC_VerifyFinal | ( | sce_cmac_handle_t * | handle, |
uint8_t * | mac, | ||
uint32_t | mac_length | ||
) |
The R_SCE_AES256CMAC_VerifyFinal() function inputs the MAC value in the MAC data area specified in the second argument, mac, and verifies the MAC value. If authentication fails, the return value will be TSIP_ERR_AUTHENTICATION. If the MAC value is less than 16 bytes, it will be padded with zeros inside the function.
[in,out] | handle | AES-CMAC handler (work area) |
[in,out] | mac | MAC data area (mac_length byte) |
[in,out] | mac_length | MAC data length (2 to 16 bytes) |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
FSP_ERR_CRYPTO_SCE_AUTHENTICATION | Authentication failed |
FSP_ERR_CRYPTO_SCE_PARAMETER | An invalid handle was input. |
FSP_ERR_CRYPTO_SCE_PROHIBIT_FUNCTION | An invalid function was called. |
fsp_err_t R_SCE_TLS_RootCertificateVerify | ( | uint32_t | public_key_type, |
uint8_t * | certificate, | ||
uint32_t | certificate_length, | ||
uint32_t | public_key_n_start_position, | ||
uint32_t | public_key_n_end_position, | ||
uint32_t | public_key_e_start_position, | ||
uint32_t | public_key_e_end_position, | ||
uint8_t * | signature, | ||
uint32_t * | encrypted_root_public_key | ||
) |
Verify root CA certificate.
[in] | public_key_type | key type |
[in] | certificate | certificates. |
[in] | certificate_length | byte size of certificates. |
[in] | public_key_n_start_position | start position of public key n. |
[in] | public_key_n_end_position | end position of public key n. |
[in] | public_key_e_start_position | start position of public key e. |
[in] | public_key_e_end_position | end position of public key e. |
[in] | signature | signature for certificates. |
[out] | encrypted_root_public_key | public key for RSA 2048bit. |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_TLS_CertificateVerify | ( | uint32_t | public_key_type, |
uint32_t * | encrypted_input_public_key, | ||
uint8_t * | certificate, | ||
uint32_t | certificate_length, | ||
uint8_t * | signature, | ||
uint32_t | public_key_n_start_position, | ||
uint32_t | public_key_n_end_position, | ||
uint32_t | public_key_e_start_position, | ||
uint32_t | public_key_e_end_position, | ||
uint32_t * | encrypted_output_public_key | ||
) |
Verify server certificate and intermediate certificate.
[in] | public_key_type | key type |
[in] | encrypted_input_public_key | public key. |
[in] | certificate | certificates. |
[in] | certificate_length | byte size of certificates. |
[in] | signature | signature for certificates. |
[in] | public_key_n_start_position | start position of public key n. |
[in] | public_key_n_end_position | end position of public key n. |
[in] | public_key_e_start_position | start position of public key e. |
[in] | public_key_e_end_position | end position of public key e. |
[out] | encrypted_output_public_key | public key for RSA 2048bit. |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_TLS_PreMasterSecretGenerateForRSA2048 | ( | uint32_t * | sce_pre_master_secret | ) |
Generate encrypted pre-master secret.
[out] | sce_pre_master_secret | pre-master secret value for SCE. |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
fsp_err_t R_SCE_TLS_MasterSecretGenerate | ( | uint32_t | select_cipher_suite, |
uint32_t * | sce_pre_master_secret, | ||
uint8_t * | client_random, | ||
uint8_t * | server_random, | ||
uint32_t * | sce_master_secret | ||
) |
Generate encrypted master secret.
[in] | select_cipher_suite | cipher suite type |
[in] | sce_pre_master_secret | pre-master secret value for SCE. |
[in] | client_random | random value reported ClientHello. |
[in] | server_random | random value reported ServerHello. |
[out] | sce_master_secret | master secret value with SCE-specific conversion. |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_TLS_PreMasterSecretEncryptWithRSA2048 | ( | uint32_t * | encrypted_public_key, |
uint32_t * | sce_pre_master_secret, | ||
uint8_t * | encrypted_pre_master_secret | ||
) |
Output the result encrypted pre-master secret with RSA 2048bit
[in] | encrypted_public_key | public key data. |
[in] | sce_pre_master_secret | pre-master secret value. |
[out] | encrypted_pre_master_secret | the value encrypted pre-master secret. |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_TLS_SessionKeyGenerate | ( | uint32_t | select_cipher_suite, |
uint32_t * | sce_master_secret, | ||
uint8_t * | client_random, | ||
uint8_t * | server_random, | ||
uint8_t * | nonce_explicit, | ||
sce_hmac_sha_wrapped_key_t * | client_mac_wrapped_key, | ||
sce_hmac_sha_wrapped_key_t * | server_mac_wrapped_key, | ||
sce_aes_wrapped_key_t * | client_crypto_wrapped_key, | ||
sce_aes_wrapped_key_t * | server_crypto_wrapped_key, | ||
uint8_t * | client_initial_vector, | ||
uint8_t * | server_initial_vector | ||
) |
Output various key information.
[in] | select_cipher_suite | Key suite information number. |
[in] | sce_master_secret | master secret value. |
[in] | client_random | random value reported ClientHello. |
[in] | server_random | random value reported ServerHello. |
[in] | nonce_explicit | nonce value |
[out] | client_mac_wrapped_key | the mac key during communication from client to server. |
[out] | server_mac_wrapped_key | the mac key during communication from server to client. |
[out] | client_crypto_wrapped_key | the crypto key during communication from client to server. |
[out] | server_crypto_wrapped_key | the crypto key during communication from server to client. |
[in] | client_initial_vector | not use. |
[in] | server_initial_vector | not use. |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_TLS_VerifyDataGenerate | ( | uint32_t | select_verify_data, |
uint32_t * | sce_master_secret, | ||
uint8_t * | hand_shake_hash, | ||
uint8_t * | verify_data | ||
) |
Generate verify data.
[in] | select_verify_data | Select Client/Server data. |
[in] | sce_master_secret | master secret data. |
[in] | hand_shake_hash | TLS hand shake message SHA256 HASH value. |
[out] | verify_data | verify data. |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_TLS_ServerKeyExchangeVerify | ( | uint32_t | public_key_type, |
uint8_t * | client_random, | ||
uint8_t * | server_random, | ||
uint8_t * | server_ephemeral_ecdh_public_key, | ||
uint8_t * | server_key_exchange_signature, | ||
uint32_t * | encrypted_public_key, | ||
uint32_t * | encrypted_ephemeral_ecdh_public_key | ||
) |
Retrives ECDH public key.
[in] | public_key_type | key type |
[in] | client_random | random value reported ClientHello. |
[in] | server_random | random value reported ServerHello. |
[in] | server_ephemeral_ecdh_public_key | Ephemeral ECDH public key from Server. |
[in] | server_key_exchange_signature | Server Key Exchange sigunature. |
[in] | encrypted_public_key | encrypted public key. |
[out] | encrypted_ephemeral_ecdh_public_key | encrypted Ephemeral ECDH public key. |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |
fsp_err_t R_SCE_TLS_PreMasterSecretGenerateForECC_secp256r1 | ( | uint32_t * | encrypted_public_key, |
sce_tls_p256_ecc_wrapped_key_t * | tls_p256_ecc_wrapped_key, | ||
uint32_t * | sce_pre_master_secret | ||
) |
Generate encrypted pre-master secret.
[in] | encrypted_public_key | encrypted public key |
[in] | tls_p256_ecc_wrapped_key | P-256 ECC key index. |
[out] | sce_pre_master_secret | encrypted pre-master secret value for SCE. |
FSP_SUCCESS | Normal termination |
FSP_ERR_CRYPTO_SCE_RESOURCE_CONFLICT | A resource conflict occurred because a hardware resource needed by the processing routine was in use by another processing routine. |
FSP_ERR_CRYPTO_SCE_FAIL | An internal error occurred. |