Detailed Description

Interface for Renesas Secure IP (RSIP) functions.

Summary

The RSIP interface provides RSIP functionality.

Data Structures
struct	rsip_wrapped_key_t

struct	rsip_wrapped_mac_t

struct	rsip_wrapped_secret_t

struct	rsip_key_update_key_t

struct	rsip_sha_handle_t

struct	rsip_hmac_handle_t

struct	rsip_kdf_hmac_handle_t

struct	rsip_verified_cert_info_t

struct	rsip_cfg_t

struct	rsip_api_t

struct	rsip_instance_t

Typedefs
typedef void	rsip_ctrl_t

Enumerations
enum	rsip_key_type_t

enum	rsip_key_pair_type_t

enum	rsip_byte_size_wrapped_key_t

enum	rsip_byte_size_encrypted_key_t

enum	rsip_byte_size_wrapped_mac_t

enum	rsip_aes_cipher_mode_t

enum	rsip_aes_aead_mode_t

enum	rsip_aes_mac_mode_t

enum	rsip_hash_type_t

enum	rsip_mgf_type_t

enum	rsip_rsa_salt_length_t

enum	rsip_initial_vector_type_t

enum	rsip_otf_channel_t

Data Structure Documentation

◆ rsip_wrapped_key_t

struct rsip_wrapped_key_t

Wrapped key structure for all supported algorithms. The struct length of each algorithm is defined in rsip_byte_size_wrapped_key_t.

◆ rsip_wrapped_mac_t

struct rsip_wrapped_mac_t

Wrapped MAC structure for KDF APIs.

◆ rsip_wrapped_secret_t

struct rsip_wrapped_secret_t

Wrapped ECDH secret structure for ECDH and KDF APIs.

◆ rsip_key_update_key_t

struct rsip_key_update_key_t

Key Update Key (KUK)

◆ rsip_sha_handle_t

struct rsip_sha_handle_t

Working area for SHA functions. DO NOT MODIFY.

◆ rsip_hmac_handle_t

struct rsip_hmac_handle_t

Working area for HMAC functions. DO NOT MODIFY.

◆ rsip_kdf_hmac_handle_t

struct rsip_kdf_hmac_handle_t

Working area for KDF HMAC functions. DO NOT MODIFY.

◆ rsip_verified_cert_info_t

struct rsip_verified_cert_info_t

Verified certificate information

◆ rsip_cfg_t

struct rsip_cfg_t

User configuration structure, used in open function

Data Fields
void const *	p_extend	Hardware-dependent configuration.

◆ rsip_api_t

struct rsip_api_t

RSIP driver structure. General RSIP functions implemented at the HAL layer follow this API.

Data Fields
fsp_err_t(*	open )(rsip_ctrl_t const p_ctrl, rsip_cfg_t const const p_cfg)

fsp_err_t(*	close )(rsip_ctrl_t *const p_ctrl)

fsp_err_t(*	randomNumberGenerate )(rsip_ctrl_t const p_ctrl, uint8_t const p_random)

fsp_err_t(*	keyGenerate )(rsip_ctrl_t const p_ctrl, rsip_key_type_t const key_type, rsip_wrapped_key_t const p_wrapped_key)

fsp_err_t(*	keyPairGenerate )(rsip_ctrl_t const p_ctrl, rsip_key_pair_type_t const key_pair_type, rsip_wrapped_key_t const p_wrapped_public_key, rsip_wrapped_key_t *const p_wrapped_private_key)

fsp_err_t(*	encryptedKeyWrap )(rsip_ctrl_t const p_ctrl, rsip_key_update_key_t const const p_key_update_key, uint8_t const const p_initial_vector, rsip_key_type_t const key_type, uint8_t const const p_encrypted_key, rsip_wrapped_key_t *const p_wrapped_key)

fsp_err_t(*	rfc3394_KeyWrap )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_kek, rsip_wrapped_key_t const const p_wrapped_target_key, uint8_t const p_rfc3394_wrapped_target_key)

fsp_err_t(*	rfc3394_KeyUnwrap )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_kek, rsip_key_type_t const key_type, uint8_t const const p_rfc3394_wrapped_target_key, rsip_wrapped_key_t const p_wrapped_target_key)

fsp_err_t(*	injectedKeyImport )(rsip_key_type_t const key_type, uint8_t const const p_injected_key, rsip_wrapped_key_t const p_wrapped_key, uint32_t const wrapped_key_buffer_length)

fsp_err_t(*	publicKeyExport )(rsip_wrapped_key_t const const p_wrapped_public_key, uint8_t const p_raw_public_key)

fsp_err_t(*	aesCipherInit )(rsip_ctrl_t const p_ctrl, rsip_aes_cipher_mode_t const mode, rsip_wrapped_key_t const const p_wrapped_key, uint8_t const *const p_initial_vector)

fsp_err_t(*	aesCipherUpdate )(rsip_ctrl_t const p_ctrl, uint8_t const const p_input, uint8_t *const p_output, uint32_t const length)

fsp_err_t(*	aesCipherFinish )(rsip_ctrl_t *const p_ctrl)

fsp_err_t(*	aesAeadInit )(rsip_ctrl_t const p_ctrl, rsip_aes_aead_mode_t const mode, rsip_wrapped_key_t const const p_wrapped_key, uint8_t const *const p_nonce, uint32_t const nonce_length)

fsp_err_t(*	aesAeadLengthsSet )(rsip_ctrl_t *const p_ctrl, uint32_t const total_aad_length, uint32_t const total_text_length, uint32_t const tag_length)

fsp_err_t(*	aesAeadAadUpdate )(rsip_ctrl_t const p_ctrl, uint8_t const const p_aad, uint32_t const aad_length)

fsp_err_t(*	aesAeadUpdate )(rsip_ctrl_t const p_ctrl, uint8_t const const p_input, uint32_t const input_length, uint8_t const p_output, uint32_t const p_output_length)

fsp_err_t(*	aesAeadFinish )(rsip_ctrl_t const p_ctrl, uint8_t const p_output, uint32_t const p_output_length, uint8_t const p_tag)

fsp_err_t(*	aesAeadVerify )(rsip_ctrl_t const p_ctrl, uint8_t const p_output, uint32_t const p_output_length, uint8_t const const p_tag, uint32_t const tag_length)

fsp_err_t(*	aesMacInit )(rsip_ctrl_t const p_ctrl, rsip_aes_mac_mode_t const mode, rsip_wrapped_key_t const const p_wrapped_key)

fsp_err_t(*	aesMacUpdate )(rsip_ctrl_t const p_ctrl, uint8_t const const p_message, uint32_t const message_length)

fsp_err_t(*	aesMacSignFinish )(rsip_ctrl_t const p_ctrl, uint8_t const p_mac)

fsp_err_t(*	aesMacVerifyFinish )(rsip_ctrl_t const p_ctrl, uint8_t const const p_mac, uint32_t const mac_length)

fsp_err_t(*	ecdsaSign )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_private_key, uint8_t const const p_hash, uint8_t const p_signature)

fsp_err_t(*	ecdsaVerify )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_public_key, uint8_t const const p_hash, uint8_t const const p_signature)

fsp_err_t(*	ecdhKeyAgree )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_private_key, rsip_wrapped_key_t const const p_wrapped_public_key, rsip_wrapped_secret_t const p_wrapped_secret)

fsp_err_t(*	ecdhPlainKeyAgree )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_private_key, uint8_t const const p_plain_public_key, rsip_wrapped_secret_t const p_wrapped_secret)

fsp_err_t(*	rsaEncrypt )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_public_key, uint8_t const const p_plain, uint8_t const p_cipher)

fsp_err_t(*	rsaDecrypt )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_private_key, uint8_t const const p_cipher, uint8_t const p_plain)

fsp_err_t(*	rsaesPkcs1V15Encrypt )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_public_key, uint8_t const const p_plain, uint32_t const plain_length, uint8_t const p_cipher)

fsp_err_t(*	rsaesPkcs1V15Decrypt )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_private_key, uint8_t const const p_cipher, uint8_t const p_plain, uint32_t *const p_plain_length, uint32_t const plain_buffer_length)

fsp_err_t(*	rsaesOaepEncrypt )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_public_key, rsip_hash_type_t const hash_function, rsip_mgf_type_t const mask_generation_function, uint8_t const const p_label, uint32_t const label_length, uint8_t const const p_plain, uint32_t const plain_length, uint8_t *const p_cipher)

fsp_err_t(*	rsaesOaepDecrypt )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_private_key, rsip_hash_type_t const hash_function, rsip_mgf_type_t const mask_generation_function, uint8_t const const p_label, uint32_t const label_length, uint8_t const const p_cipher, uint8_t const p_plain, uint32_t const p_plain_length, uint32_t const plain_buffer_length)

fsp_err_t(*	rsassaPkcs1V15Sign )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_private_key, rsip_hash_type_t const hash_function, uint8_t const const p_hash, uint8_t const p_signature)

fsp_err_t(*	rsassaPkcs1V15Verify )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_public_key, rsip_hash_type_t const hash_function, uint8_t const const p_hash, uint8_t const const p_signature)

fsp_err_t(*	rsassaPssSign )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_private_key, rsip_hash_type_t const hash_function, rsip_mgf_type_t const mask_generation_function, uint32_t const salt_length, uint8_t const const p_hash, uint8_t const p_signature)

fsp_err_t(*	rsassaPssVerify )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_public_key, rsip_hash_type_t const hash_function, rsip_mgf_type_t const mask_generation_function, uint32_t const salt_length, uint8_t const const p_hash, uint8_t const const p_signature)

fsp_err_t(*	shaCompute )(rsip_ctrl_t const p_ctrl, rsip_hash_type_t const hash_type, uint8_t const const p_message, uint32_t const message_length, uint8_t *const p_digest)

fsp_err_t(*	shaInit )(rsip_ctrl_t *const p_ctrl, rsip_hash_type_t const hash_type)

fsp_err_t(*	shaUpdate )(rsip_ctrl_t const p_ctrl, uint8_t const const p_message, uint32_t const message_length)

fsp_err_t(*	shaFinish )(rsip_ctrl_t const p_ctrl, uint8_t const p_digest)

fsp_err_t(*	shaSuspend )(rsip_ctrl_t const p_ctrl, rsip_sha_handle_t const p_handle)

fsp_err_t(*	shaResume )(rsip_ctrl_t const p_ctrl, rsip_sha_handle_t const const p_handle)

fsp_err_t(*	hmacCompute )(rsip_ctrl_t const p_ctrl, const rsip_wrapped_key_t p_wrapped_key, uint8_t const const p_message, uint32_t const message_length, uint8_t const p_mac)

fsp_err_t(*	hmacVerify )(rsip_ctrl_t const p_ctrl, const rsip_wrapped_key_t p_wrapped_key, uint8_t const const p_message, uint32_t const message_length, uint8_t const const p_mac, uint32_t const mac_length)

fsp_err_t(*	hmacInit )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_key)

fsp_err_t(*	hmacUpdate )(rsip_ctrl_t const p_ctrl, uint8_t const const p_message, uint32_t const message_length)

fsp_err_t(*	hmacSignFinish )(rsip_ctrl_t const p_ctrl, uint8_t const p_mac)

fsp_err_t(*	hmacVerifyFinish )(rsip_ctrl_t const p_ctrl, uint8_t const const p_mac, uint32_t const mac_length)

fsp_err_t(*	hmacSuspend )(rsip_ctrl_t const p_ctrl, rsip_hmac_handle_t const p_handle)

fsp_err_t(*	hmacResume )(rsip_ctrl_t const p_ctrl, rsip_hmac_handle_t const const p_handle)

fsp_err_t(*	pkiEcdsaCertVerify )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_public_key, uint8_t const const p_hash, uint8_t const const p_signature)

fsp_err_t(*	pkiVerifiedCertInfoExport )(rsip_ctrl_t const p_ctrl, rsip_verified_cert_info_t const p_verified_cert_info)

fsp_err_t(*	pkiVerifiedCertInfoImport )(rsip_ctrl_t const p_ctrl, rsip_verified_cert_info_t const const p_verified_cert_info)

fsp_err_t(*	pkiCertKeyImport )(rsip_ctrl_t const p_ctrl, uint8_t const const p_cert, uint32_t const cert_length, rsip_key_type_t const key_type, uint8_t const const p_key_param1, uint32_t const key_param1_length, uint8_t const const p_key_param2, uint32_t const key_param2_length, rsip_hash_type_t const hash_function, rsip_wrapped_key_t *const p_wrapped_public_key)

fsp_err_t(*	kdfMacKeyImport )(rsip_ctrl_t const p_ctrl, rsip_key_type_t const key_type, rsip_wrapped_mac_t const const p_wrapped_mac, uint32_t const kdf_data_length, rsip_wrapped_key_t *const p_wrapped_key)

fsp_err_t(*	kdfEcdhSecretKeyImport )(rsip_ctrl_t const p_ctrl, rsip_key_type_t const key_type, rsip_wrapped_secret_t const const p_wrapped_secret, rsip_wrapped_key_t *const p_wrapped_key)

fsp_err_t(*	kdfhmacInit )(rsip_ctrl_t const p_ctrl, rsip_wrapped_key_t const const p_wrapped_key)

fsp_err_t(*	kdfhmacMacUpdate )(rsip_ctrl_t const p_ctrl, rsip_wrapped_mac_t const const p_wrapped_mac)

fsp_err_t(*	kdfhmacEcdhSecretUpdate )(rsip_ctrl_t const p_ctrl, rsip_wrapped_secret_t const const p_wrapped_secret)

fsp_err_t(*	kdfhmacUpdate )(rsip_ctrl_t const p_ctrl, uint8_t const const p_message, uint32_t const message_length)

fsp_err_t(*	kdfhmacSignFinish )(rsip_ctrl_t const p_ctrl, rsip_wrapped_mac_t const p_wrapped_mac)

fsp_err_t(*	kdfhmacSuspend )(rsip_ctrl_t const p_ctrl, rsip_kdf_hmac_handle_t const p_handle)

fsp_err_t(*	kdfhmacResume )(rsip_ctrl_t const p_ctrl, rsip_kdf_hmac_handle_t const const p_handle)

fsp_err_t(*	kdfMacConcatenate )(rsip_wrapped_mac_t const p_wrapped_mac1, rsip_wrapped_mac_t const const p_wrapped_mac2, uint32_t const wrapped_mac1_buffer_length)

fsp_err_t(*	kdfDerivedKeyImport )(rsip_ctrl_t const p_ctrl, rsip_wrapped_mac_t const const p_wrapped_mac, rsip_key_type_t const key_type, uint32_t const position, rsip_wrapped_key_t *const p_wrapped_key)

fsp_err_t(*	kdfDerivedIvWrap )(rsip_ctrl_t const p_ctrl, rsip_wrapped_mac_t const const p_wrapped_mac, rsip_initial_vector_type_t const initial_vector_type, uint32_t const position, uint8_t const const p_tls_sequence_num, uint8_t const p_wrapped_initial_vector)

fsp_err_t(*	otfInit )(rsip_ctrl_t const p_ctrl, rsip_otf_channel_t const channel, rsip_wrapped_key_t const p_wrapped_key, uint8_t const *const p_seed)

Field Documentation

◆ open

fsp_err_t(* rsip_api_t::open) (rsip_ctrl_t *const p_ctrl, rsip_cfg_t const *const p_cfg)

Enables use of Renesas Secure IP functionality.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_cfg	Pointer to configuration structure.

◆ close

fsp_err_t(* rsip_api_t::close) (rsip_ctrl_t *const p_ctrl)

Disables use of Renesas Secure IP functionality.

Parameters

[in,out] p_ctrl Pointer to control block.

◆ randomNumberGenerate

fsp_err_t(* rsip_api_t::randomNumberGenerate) (rsip_ctrl_t *const p_ctrl, uint8_t *const p_random)

Generates a 128-bit random number.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[out]	p_random	128bit random numbers.

◆ keyGenerate

fsp_err_t(* rsip_api_t::keyGenerate) (rsip_ctrl_t *const p_ctrl, rsip_key_type_t const key_type, rsip_wrapped_key_t *const p_wrapped_key)

Generate a wrapped symmetric key from a random number. In this API, user key input is unnecessary. By encrypting data using the wrapped key is output by this API, dead copying of data can be prevented.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	key_type	Outputs key type.
[out]	p_wrapped_key	Pointer to destination of wrapped key. The length depends on key type. Refer "Key Size Table".

◆ keyPairGenerate

fsp_err_t(* rsip_api_t::keyPairGenerate) (rsip_ctrl_t *const p_ctrl, rsip_key_pair_type_t const key_pair_type, rsip_wrapped_key_t *const p_wrapped_public_key, rsip_wrapped_key_t *const p_wrapped_private_key)

Generate a wrapped asymmetric key pair from a random number. In this API, user key input is unnecessary. By encrypting data using the wrapped key is output by this API, dead copying of data can be prevented.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	key_pair_type	Output key pair type.
[out]	p_wrapped_public_key	Key index for Public Key. The length depends on the key type. Refer "Key Size Table".
[out]	p_wrapped_private_key	Key index for Private Key. The length depends on the key type. Refer "Key Size Table".

◆ encryptedKeyWrap

fsp_err_t(* rsip_api_t::encryptedKeyWrap) (rsip_ctrl_t *const p_ctrl, rsip_key_update_key_t const *const p_key_update_key, uint8_t const *const p_initial_vector, rsip_key_type_t const key_type, uint8_t const *const p_encrypted_key, rsip_wrapped_key_t *const p_wrapped_key)

Decrypt the encrypted user key with Key Update Key (KUK) and wrap it with the Hardware Unique Key (HUK).

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_key_update_key	Pointer to Key Update Key.
[in]	p_initial_vector	Initialization vector when generating encrypted_key. The length is 16 bytes.
[in]	key_type	Inputs/Outputs key type.
[in]	p_encrypted_key	Encrypted user key. The length depends on the key type. Refer "Key Size Table".
[out]	p_wrapped_key	Pointer to destination of wrapped key. The length depends on key type. Refer "Key Size Table".

◆ rfc3394_KeyWrap

fsp_err_t(* rsip_api_t::rfc3394_KeyWrap) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_kek, rsip_wrapped_key_t const *const p_wrapped_target_key, uint8_t *const p_rfc3394_wrapped_target_key)

This function provides Key Wrap algorithm compliant with RFC3394. Using p_wrapped_kek to wrap p_wrapped_target_key, and output the result to p_rfc3394_wrapped_target_key.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_kek	Pointer to wrapped key-encryption-key used to RFC3394-wrap the target key.
[in]	p_wrapped_target_key	Pointer to wrapped target key to be RFC3394-wrapped.
[out]	p_rfc3394_wrapped_target_key	Pointer to destination of RFC3394-wrapped target key.

◆ rfc3394_KeyUnwrap

fsp_err_t(* rsip_api_t::rfc3394_KeyUnwrap) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_kek, rsip_key_type_t const key_type, uint8_t const *const p_rfc3394_wrapped_target_key, rsip_wrapped_key_t *const p_wrapped_target_key)

This function provides Key Unwrap algorithm compliant with RFC3394. Using p_wrapped_kek to unwrap p_rfc3394_wrapped_target_key, and output the result to p_wrapped_target_key.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_kek	Pointer to wrapped key-encryption-key used to RFC3394-unwrap the target key.
[in]	key_type	Key type of p_rfc3394_wrapped_target_key.
[in]	p_rfc3394_wrapped_target_key	Pointer to AES-wrapped target key to be RFC3394-unwrapped.
[out]	p_wrapped_target_key	Pointer to destination of RFC3394-unwrapped target key.

◆ injectedKeyImport

fsp_err_t(* rsip_api_t::injectedKeyImport) (rsip_key_type_t const key_type, uint8_t const *const p_injected_key, rsip_wrapped_key_t *const p_wrapped_key, uint32_t const wrapped_key_buffer_length)

This function provides the ability to construct structure data "rsip_wrapped_key_t" from injected key data. The value of injected key is not validated in this API. Refer "Key Size Table" for supported key types.

Parameters

[in]	key_type	Key type of p_injected_key.
[in]	p_injected_key	Pointer to key to be injected.
[out]	p_wrapped_key	Pointer to destination of wrapped key.
[in]	wrapped_key_buffer_length	Length of p_wrapped_key destination. It must be equal to or greater than actual wrapped key.

◆ publicKeyExport

fsp_err_t(* rsip_api_t::publicKeyExport) (rsip_wrapped_key_t const *const p_wrapped_public_key, uint8_t *const p_raw_public_key)

Exports public key parameters from a wrapped key.

Parameters

[in]	p_wrapped_public_key	Key index for Public Key. The length depends on the key type. Refer "Key Size Table".
[out]	p_raw_public_key	Pointer to destination of raw public key. The length depends on the key length.

◆ aesCipherInit

fsp_err_t(* rsip_api_t::aesCipherInit) (rsip_ctrl_t *const p_ctrl, rsip_aes_cipher_mode_t const mode, rsip_wrapped_key_t const *const p_wrapped_key, uint8_t const *const p_initial_vector)

Set parameters of AES cipher.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	mode	Block cipher modes of operation for AES.
[in]	p_wrapped_key	Pointer to wrapped key of AES or XTS-AES key.
[in]	p_initial_vector	Pointer to initialization vector (IV) or nonce. The length is 16 bytes. [ECB] Not required [CBC][XTS] IV [CTR] Nonce

◆ aesCipherUpdate

fsp_err_t(* rsip_api_t::aesCipherUpdate) (rsip_ctrl_t *const p_ctrl, uint8_t const *const p_input, uint8_t *const p_output, uint32_t const length)

Encrypt plaintext.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_input	Pointer to input text. The length is given as the argument.
[out]	p_output	Pointer to destination of output text. The length is given as the argument.
[in]	length	Byte length of input and output. [ECB][CBC][CTR] Must be 0 or a multiple of 16. [XTS] Must be 0 or greater than or equal to 16. After an integer not divisible by 16 is input, update can no longer be executed.

◆ aesCipherFinish

fsp_err_t(* rsip_api_t::aesCipherFinish) (rsip_ctrl_t *const p_ctrl)

Finalize AES operation.

Parameters

[in,out] p_ctrl Pointer to control block.

◆ aesAeadInit

fsp_err_t(* rsip_api_t::aesAeadInit) (rsip_ctrl_t *const p_ctrl, rsip_aes_aead_mode_t const mode, rsip_wrapped_key_t const *const p_wrapped_key, uint8_t const *const p_nonce, uint32_t const nonce_length)

Prepares an AES-AEAD function.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	mode	AEAD mode of operation.
[in]	p_wrapped_key	Pointer to wrapped key of AES key.
[in]	p_nonce	Pointer to nonce. The length is nonce_length.
[in]	nonce_length	Byte length of nonce. Input 1 or more.

◆ aesAeadLengthsSet

fsp_err_t(* rsip_api_t::aesAeadLengthsSet) (rsip_ctrl_t *const p_ctrl, uint32_t const total_aad_length, uint32_t const total_text_length, uint32_t const tag_length)

Set text and tag lengths for specific mode.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	total_aad_length	Total AAD length.
[in]	total_text_length	Total input and output text length.
[in]	tag_length	Input or output tag length.

◆ aesAeadAadUpdate

fsp_err_t(* rsip_api_t::aesAeadAadUpdate) (rsip_ctrl_t *const p_ctrl, uint8_t const *const p_aad, uint32_t const aad_length)

Inputs additional authentication data.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_aad	Additional authentication data. The length depends on aad_length.
[in]	aad_length	Byte length of additional authentication data (0 or more bytes). After starting input of plaintext, this value must always be 0.

◆ aesAeadUpdate

fsp_err_t(* rsip_api_t::aesAeadUpdate) (rsip_ctrl_t *const p_ctrl, uint8_t const *const p_input, uint32_t const input_length, uint8_t *const p_output, uint32_t *const p_output_length)

Inputs test and executes encryption and decryption.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_input	Pointer to input text. The length is input_length.
[in]	input_length	Byte length of input text (0 or more bytes).
[out]	p_output	Pointer to destination of output text. The length is p_output_length.
[out]	p_output_length	Pointer to destination of output text length.

◆ aesAeadFinish

fsp_err_t(* rsip_api_t::aesAeadFinish) (rsip_ctrl_t *const p_ctrl, uint8_t *const p_output, uint32_t *const p_output_length, uint8_t *const p_tag)

Finalizes an AES-GCM encryption.

If there is 16-byte fractional data indicated by the total data length of the value of p_plain that was input by R_RSIP_AES_GCM_EncryptUpdate(), this API will output the result of encrypting that fractional data to p_cipher. Here, the portion that does not reach 16 bytes will be padded with zeros.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[out]	p_output	Pointer to destination of output text. The fractional block is output.
[out]	p_output_length	Pointer to destination of output text length.
[out]	p_tag	Pointer to destination of tag for authentication. GCM : The length is 16 bytes. *If a different tag length is required, truncate the 16-byte tag to the required tag length (NIST SP800-38D 7.1). CCM : The length is the value set by the API R_RSIP_AES_AEAD_LengthsSet().

◆ aesAeadVerify

fsp_err_t(* rsip_api_t::aesAeadVerify) (rsip_ctrl_t *const p_ctrl, uint8_t *const p_output, uint32_t *const p_output_length, uint8_t const *const p_tag, uint32_t const tag_length)

Finalizes an AES-GCM decryption.

If there is 16-byte fractional data indicated by the total data length of the value of p_cipher that was input by R_RSIP_AES_GCM_DecryptUpdate(), this API will output the result of decrypting that fractional data to p_cipher. Here, the portion that does not reach 16 bytes will be padded with zeros.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[out]	p_output	Pointer to destination of decrypted data.
[out]	p_output_length	Pointer to destination of decrypted data length.
[in]	p_tag	Pointer to destination of tag for authentication. The length depends on tag_length.
[in]	tag_length	Byte length of tag. Must be 1 to 16.

◆ aesMacInit

fsp_err_t(* rsip_api_t::aesMacInit) (rsip_ctrl_t *const p_ctrl, rsip_aes_mac_mode_t const mode, rsip_wrapped_key_t const *const p_wrapped_key)

Prepares an AES-MAC generation and verification.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	mode	MAC mode of operation
[in]	p_wrapped_key	Pointer to wrapped key of AES key.

◆ aesMacUpdate

fsp_err_t(* rsip_api_t::aesMacUpdate) (rsip_ctrl_t *const p_ctrl, uint8_t const *const p_message, uint32_t const message_length)

Input message. Inside this function, the data that is input by the user is buffered until the input value of p_message exceeds 16 bytes. If the input value, p_message, is not a multiple of 16 bytes, it will be padded within the function.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_message	Pointer to message. The length is message_length.
[in]	message_length	Byte length of message (0 or more bytes).

◆ aesMacSignFinish

fsp_err_t(* rsip_api_t::aesMacSignFinish) (rsip_ctrl_t *const p_ctrl, uint8_t *const p_mac)

Finalizes an AES-CMAC generation.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[out]	p_mac	Pointer to destination of MAC. The length is 16 bytes.

◆ aesMacVerifyFinish

fsp_err_t(* rsip_api_t::aesMacVerifyFinish) (rsip_ctrl_t *const p_ctrl, uint8_t const *const p_mac, uint32_t const mac_length)

Finalizes an AES-CMAC verification.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_mac	Pointer to MAC. The length depends on mac_length.
[in]	mac_length	Byte length of MAC. Must be 2 to 16.

◆ ecdsaSign

fsp_err_t(* rsip_api_t::ecdsaSign) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_private_key, uint8_t const *const p_hash, uint8_t *const p_signature)

Signs a hashed message. The message hash should be generated in advance.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_private_key	Pointer to wrapped key of ECC private key.
[in]	p_hash	Pointer to hash value. The length is as same as the key length.
[out]	p_signature	Pointer to destination of signature (r, s). The length is twice as long as the key length.

◆ ecdsaVerify

fsp_err_t(* rsip_api_t::ecdsaVerify) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_public_key, uint8_t const *const p_hash, uint8_t const *const p_signature)

Verifies a hashed message. The message hash should be generated in advance.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_public_key	Pointer to wrapped key of ECC public key.
[in]	p_hash	Pointer to hash value. The length is as same as the key length.
[in]	p_signature	Pointer to signature (r, s). The length is twice as long as the key length.

◆ ecdhKeyAgree

fsp_err_t(* rsip_api_t::ecdhKeyAgree) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_private_key, rsip_wrapped_key_t const *const p_wrapped_public_key, rsip_wrapped_secret_t *const p_wrapped_secret)

Computes ECDH secret with wrapped private key and wrapped public key.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_private_key	Wrapped secp256r1 private key.
[in]	p_wrapped_public_key	Wrapped secp256r1 public key.
[out]	p_wrapped_secret	Pointer to destination of wrapped secret

◆ ecdhPlainKeyAgree

fsp_err_t(* rsip_api_t::ecdhPlainKeyAgree) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_private_key, uint8_t const *const p_plain_public_key, rsip_wrapped_secret_t *const p_wrapped_secret)

Computes ECDH secret with wrapped private key and plain public key.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_private_key	Wrapped secp256r1 private key.
[in]	p_plain_public_key	Plain secp256r1 public key.
[out]	p_wrapped_secret	Pointer to destination of wrapped secret.

◆ rsaEncrypt

fsp_err_t(* rsip_api_t::rsaEncrypt) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_public_key, uint8_t const *const p_plain, uint8_t *const p_cipher)

Encrypts plaintext with raw RSA.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_public_key	Pointer to wrapped key of RSA public key.
[in]	p_plain	Pointer to plaintext. The length is as same as the key length.
[out]	p_cipher	Pointer to destination of ciphertext. The length is as same as the key length.

◆ rsaDecrypt

fsp_err_t(* rsip_api_t::rsaDecrypt) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_private_key, uint8_t const *const p_cipher, uint8_t *const p_plain)

Decrypts ciphertext with raw RSA.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_private_key	Pointer to wrapped key of RSA private key.
[in]	p_cipher	Pointer to ciphertext. The length is as same as the key length.
[out]	p_plain	Pointer to destination of plaintext. The length is as same as the key length.

◆ rsaesPkcs1V15Encrypt

fsp_err_t(* rsip_api_t::rsaesPkcs1V15Encrypt) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_public_key, uint8_t const *const p_plain, uint32_t const plain_length, uint8_t *const p_cipher)

Encrypts plaintext with RSAES-PKCS1-v1_5.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_public_key	Pointer to wrapped key of RSA public key.
[in]	p_plain	Pointer to plaintext.
[in]	plain_length	Length of plaintext.
[out]	p_cipher	Pointer to destination of ciphertext. The length is as same as the key length.

◆ rsaesPkcs1V15Decrypt

fsp_err_t(* rsip_api_t::rsaesPkcs1V15Decrypt) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_private_key, uint8_t const *const p_cipher, uint8_t *const p_plain, uint32_t *const p_plain_length, uint32_t const plain_buffer_length)

Decrypts with RSAES-PKCS1-v1_5.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_private_key	Pointer to wrapped key of RSA private key.
[in]	p_cipher	Pointer to ciphertext. The length is as same as the key length.
[out]	p_plain	Pointer to destination of plaintext.
[out]	p_plain_length	Pointer to destination of actual plaintext length.
[in]	plain_buffer_length	Length of plaintext destination. It must be equal to or greater than *p_plain_length.

◆ rsaesOaepEncrypt

fsp_err_t(* rsip_api_t::rsaesOaepEncrypt) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_public_key, rsip_hash_type_t const hash_function, rsip_mgf_type_t const mask_generation_function, uint8_t const *const p_label, uint32_t const label_length, uint8_t const *const p_plain, uint32_t const plain_length, uint8_t *const p_cipher)

Encrypts plaintext with RSAES-OAEP.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_public_key	Pointer to wrapped key of RSA public key.
[in]	hash_function	Hash function for label.
[in]	mask_generation_function	Mask generation function in EME-OAEP encoding.
[in]	p_label	Pointer to label. If label_length != 0, p_label must not be NULL.
[in]	label_length	Length of label. Please set 0 or more.
[in]	p_plain	Pointer to plaintext.
[in]	plain_length	Length of plaintext.
[out]	p_cipher	Pointer to destination of ciphertext. The length is as same as the key length.

◆ rsaesOaepDecrypt

fsp_err_t(* rsip_api_t::rsaesOaepDecrypt) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_private_key, rsip_hash_type_t const hash_function, rsip_mgf_type_t const mask_generation_function, uint8_t const *const p_label, uint32_t const label_length, uint8_t const *const p_cipher, uint8_t *const p_plain, uint32_t *const p_plain_length, uint32_t const plain_buffer_length)

Decrypts ciphertext with RSAES-OAEP.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_private_key	Pointer to wrapped key of RSA private key.
[in]	hash_function	Hash function for label.
[in]	mask_generation_function	Mask generation function in EME-OAEP encoding.
[in]	p_label	Pointer to label. If label_length != 0, p_label must not be NULL.
[in]	label_length	Length of label. Please set 0 or more.
[in]	p_cipher	Pointer to ciphertext. The length is as same as the key length.
[out]	p_plain	Pointer to destination of plaintext.
[out]	p_plain_length	Pointer to destination of actual plaintext length.
[in]	plain_buffer_length	Length of plaintext destination. It must be equal to or greater than *p_plain_length.

◆ rsassaPkcs1V15Sign

fsp_err_t(* rsip_api_t::rsassaPkcs1V15Sign) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_private_key, rsip_hash_type_t const hash_function, uint8_t const *const p_hash, uint8_t *const p_signature)

Signs message with RSASSA-PKCS1-v1_5.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_private_key	Pointer to wrapped key of RSA private key.
[in]	hash_function	Hash function in EMSA-PKCS1-v1_5.
[in]	p_hash	Pointer to input hash.
[out]	p_signature	Pointer to destination of signature.

◆ rsassaPkcs1V15Verify

fsp_err_t(* rsip_api_t::rsassaPkcs1V15Verify) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_public_key, rsip_hash_type_t const hash_function, uint8_t const *const p_hash, uint8_t const *const p_signature)

Verifies signature with RSASSA-PKCS1-v1_5.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_public_key	Pointer to wrapped key of RSA public key.
[in]	hash_function	Hash function in EMSA-PKCS1-v1_5.
[in]	p_hash	Pointer to input hash.
[in]	p_signature	Pointer to input signature.

◆ rsassaPssSign

fsp_err_t(* rsip_api_t::rsassaPssSign) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_private_key, rsip_hash_type_t const hash_function, rsip_mgf_type_t const mask_generation_function, uint32_t const salt_length, uint8_t const *const p_hash, uint8_t *const p_signature)

Signs message with RSASSA-PSS.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_private_key	Pointer to wrapped key of RSA private key.
[in]	hash_function	Hash function in EMSA-PSS-ENCODE.
[in]	mask_generation_function	Mask generation function in EMSA-PSS-ENCODE.
[in]	salt_length	Salt length.
[in]	p_hash	Pointer to input hash.
[out]	p_signature	Pointer to destination of signature.

◆ rsassaPssVerify

fsp_err_t(* rsip_api_t::rsassaPssVerify) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_public_key, rsip_hash_type_t const hash_function, rsip_mgf_type_t const mask_generation_function, uint32_t const salt_length, uint8_t const *const p_hash, uint8_t const *const p_signature)

Verifies signature with RSASSA-PSS.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_public_key	Pointer to wrapped key of RSA public key.
[in]	hash_function	Hash function in EMSA-PSS-VERIFY.
[in]	mask_generation_function	Mask generation function in EMSA-PSS-VERIFY.
[in]	salt_length	Salt length.
[in]	p_hash	Pointer to input hash.
[in]	p_signature	Pointer to input signature.

◆ shaCompute

fsp_err_t(* rsip_api_t::shaCompute) (rsip_ctrl_t *const p_ctrl, rsip_hash_type_t const hash_type, uint8_t const *const p_message, uint32_t const message_length, uint8_t *const p_digest)

Generates SHA message digest.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	hash_type	Generating hash type.
[in]	p_message	Pointer to message. The length is message_length.
[in]	message_length	Byte length of message (0 or more bytes).
[out]	p_digest	Pointer to destination of message digest. The length depends on hash type.

◆ shaInit

fsp_err_t(* rsip_api_t::shaInit) (rsip_ctrl_t *const p_ctrl, rsip_hash_type_t const hash_type)

Prepares a SHA generation.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	hash_type	Generating hash type.

◆ shaUpdate

fsp_err_t(* rsip_api_t::shaUpdate) (rsip_ctrl_t *const p_ctrl, uint8_t const *const p_message, uint32_t const message_length)

Inputs message.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_message	Pointer to message. The length is message_length.
[in]	message_length	Byte length of message (0 or more bytes).

◆ shaFinish

fsp_err_t(* rsip_api_t::shaFinish) (rsip_ctrl_t *const p_ctrl, uint8_t *const p_digest)

Finalizes a SHA generation.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[out]	p_digest	Pointer to destination of message digest. The length depends on hash type.

◆ shaSuspend

fsp_err_t(* rsip_api_t::shaSuspend) (rsip_ctrl_t *const p_ctrl, rsip_sha_handle_t *const p_handle)

Suspend SHA generation. This API allows you to suspend processing, for example, if you are in the middle of computing digest value for successive chunks of the message and need to perform another process.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[out]	p_handle	Pointer to destination of SHA control block.

◆ shaResume

fsp_err_t(* rsip_api_t::shaResume) (rsip_ctrl_t *const p_ctrl, rsip_sha_handle_t const *const p_handle)

Resume SHA generation. This API allows you to resume a process that has been suspended by R_RSIP_SHA_Suspend() API.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_handle	Pointer to SHA control block.

◆ hmacCompute

fsp_err_t(* rsip_api_t::hmacCompute) (rsip_ctrl_t *const p_ctrl, const rsip_wrapped_key_t *p_wrapped_key, uint8_t const *const p_message, uint32_t const message_length, uint8_t *const p_mac)

Generates HMAC.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_key	Pointer to wrapped key of HMAC key.
[in]	p_message	Pointer to message. The length is message_length.
[in]	message_length	Byte length of message (0 or more bytes).
[out]	p_mac	Pointer to destination of message digest. The length depends on MAC type.

◆ hmacVerify

fsp_err_t(* rsip_api_t::hmacVerify) (rsip_ctrl_t *const p_ctrl, const rsip_wrapped_key_t *p_wrapped_key, uint8_t const *const p_message, uint32_t const message_length, uint8_t const *const p_mac, uint32_t const mac_length)

Verifies HMAC.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_key	Pointer to wrapped key of HMAC key.
[in]	p_message	Pointer to message. The length is message_length.
[in]	message_length	Byte length of message (0 or more bytes).
[in]	p_mac	Pointer to MAC. The length depends on mac_length.
[in]	mac_length	Byte length of MAC.

◆ hmacInit

fsp_err_t(* rsip_api_t::hmacInit) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_key)

Prepares a HMAC generation.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_key	Pointer to wrapped key of HMAC key.

◆ hmacUpdate

fsp_err_t(* rsip_api_t::hmacUpdate) (rsip_ctrl_t *const p_ctrl, uint8_t const *const p_message, uint32_t const message_length)

Inputs message.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_message	Pointer to message. The length is message_length.
[in]	message_length	Byte length of message (0 or more bytes).

◆ hmacSignFinish

fsp_err_t(* rsip_api_t::hmacSignFinish) (rsip_ctrl_t *const p_ctrl, uint8_t *const p_mac)

Finalizes a HMAC generation.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[out]	p_mac	Pointer to destination of message digest. The length depends on MAC type.

◆ hmacVerifyFinish

fsp_err_t(* rsip_api_t::hmacVerifyFinish) (rsip_ctrl_t *const p_ctrl, uint8_t const *const p_mac, uint32_t const mac_length)

Finalizes a HMAC verification.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_mac	Pointer to MAC. The length depends on mac_length.
[in]	mac_length	Byte length of MAC.

◆ hmacSuspend

fsp_err_t(* rsip_api_t::hmacSuspend) (rsip_ctrl_t *const p_ctrl, rsip_hmac_handle_t *const p_handle)

Suspend HMAC generation. This API allows you to suspend processing, for example, if you are in the middle of computing HMAC for successive chunks of the message and need to perform another process.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[out]	p_handle	Pointer to destination of HMAC control block.

◆ hmacResume

fsp_err_t(* rsip_api_t::hmacResume) (rsip_ctrl_t *const p_ctrl, rsip_hmac_handle_t const *const p_handle)

Resume HMAC generation. This API allows you to resume a process that has been suspended by R_RSIP_HMAC_Suspend() API.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_handle	Pointer to HMAC control block.

◆ pkiEcdsaCertVerify

fsp_err_t(* rsip_api_t::pkiEcdsaCertVerify) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_public_key, uint8_t const *const p_hash, uint8_t const *const p_signature)

Verifies a public key certificate with ECDSA.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_public_key	Pointer to wrapped key of ECC public key.
[in]	p_hash	Pointer to hash value. The length is as same as the key length.
[in]	p_signature	HMAC Pointer to signature (r, s). The length is twice as long as the key length.

◆ pkiVerifiedCertInfoExport

fsp_err_t(* rsip_api_t::pkiVerifiedCertInfoExport) (rsip_ctrl_t *const p_ctrl, rsip_verified_cert_info_t *const p_verified_cert_info)

Exports verified certificate information stored in this driver.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[out]	p_verified_cert_info	Pointer to certificate to be signed

◆ pkiVerifiedCertInfoImport

fsp_err_t(* rsip_api_t::pkiVerifiedCertInfoImport) (rsip_ctrl_t *const p_ctrl, rsip_verified_cert_info_t const *const p_verified_cert_info)

Imports verified certificate information.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_verified_cert_info	Pointer to certificate to be signed

◆ pkiCertKeyImport

fsp_err_t(* rsip_api_t::pkiCertKeyImport) (rsip_ctrl_t *const p_ctrl, uint8_t const *const p_cert, uint32_t const cert_length, rsip_key_type_t const key_type, uint8_t const *const p_key_param1, uint32_t const key_param1_length, uint8_t const *const p_key_param2, uint32_t const key_param2_length, rsip_hash_type_t const hash_function, rsip_wrapped_key_t *const p_wrapped_public_key)

Wraps the public key in the verified public key certificate.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_cert	Pointer to certificate.
[in]	cert_length	Certificate length.
[in]	key_type	Key type of the public key in certificate.
[in]	p_key_param1	Pointer to start address of the public key parameter in certificate. [ECC] Qx
[in]	key_param1_length	Length of key_param1 stored in the certificate.
[in]	p_key_param2	Pointer to start address of the public key parameter in certificate. [ECC] Qy
[in]	key_param2_length	Length of key_param2 stored in the certificate.
[in]	hash_function	The hash function used when verifying certificate signature.
[out]	p_wrapped_public_key	Pointer to wrapped key of public key in the certificate.

◆ kdfMacKeyImport

fsp_err_t(* rsip_api_t::kdfMacKeyImport) (rsip_ctrl_t *const p_ctrl, rsip_key_type_t const key_type, rsip_wrapped_mac_t const *const p_wrapped_mac, uint32_t const kdf_data_length, rsip_wrapped_key_t *const p_wrapped_key)

Converts wrapped data to wrapped HMAC key for KDF.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	key_type	Output HMAC key type for KDF.
[in]	p_wrapped_mac	Pointer to wrapped MAC.
[in]	kdf_data_length	Length of HMAC key to be extracted from MAC.
[out]	p_wrapped_key	Pointer to destination wrapped HMAC key for KDF.

◆ kdfEcdhSecretKeyImport

fsp_err_t(* rsip_api_t::kdfEcdhSecretKeyImport) (rsip_ctrl_t *const p_ctrl, rsip_key_type_t const key_type, rsip_wrapped_secret_t const *const p_wrapped_secret, rsip_wrapped_key_t *const p_wrapped_key)

Converts wrapped ECDH secret to wrapped HMAC key for KDF.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	key_type	Output HMAC key type for KDF.
[in]	p_wrapped_secret	Pointer to wrapped secret.
[out]	p_wrapped_key	Pointer to destination wrapped HMAC key for KDF.

◆ kdfhmacInit

fsp_err_t(* rsip_api_t::kdfhmacInit) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_key_t const *const p_wrapped_key)

Prepares a HMAC generation.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_key	Pointer to wrapped key of HMAC key.

◆ kdfhmacMacUpdate

fsp_err_t(* rsip_api_t::kdfhmacMacUpdate) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_mac_t const *const p_wrapped_mac)

Inputs wrapped MAC as a message.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_mac	Pointer to wrapped MAC.

◆ kdfhmacEcdhSecretUpdate

fsp_err_t(* rsip_api_t::kdfhmacEcdhSecretUpdate) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_secret_t const *const p_wrapped_secret)

Inputs wrapped ECDH secret as a message.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_secret	Pointer to wrapped secret.

◆ kdfhmacUpdate

fsp_err_t(* rsip_api_t::kdfhmacUpdate) (rsip_ctrl_t *const p_ctrl, uint8_t const *const p_message, uint32_t const message_length)

Inputs message.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_message	Pointer to message. The length is message_length.
[in]	message_length	Byte length of message (0 or more bytes).

◆ kdfhmacSignFinish

fsp_err_t(* rsip_api_t::kdfhmacSignFinish) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_mac_t *const p_wrapped_mac)

Finalizes a HMAC generation.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[out]	p_wrapped_mac	Pointer to destination of wrapped MAC.

◆ kdfhmacSuspend

fsp_err_t(* rsip_api_t::kdfhmacSuspend) (rsip_ctrl_t *const p_ctrl, rsip_kdf_hmac_handle_t *const p_handle)

Suspends HMAC operation.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[out]	p_handle	Pointer to destination of KDF HMAC control block.

◆ kdfhmacResume

fsp_err_t(* rsip_api_t::kdfhmacResume) (rsip_ctrl_t *const p_ctrl, rsip_kdf_hmac_handle_t const *const p_handle)

Resumes HMAC operation suspended by R_RSIP_KDF_HMAC_Suspend().

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_handle	Pointer to KDF HMAC control block.

◆ kdfMacConcatenate

fsp_err_t(* rsip_api_t::kdfMacConcatenate) (rsip_wrapped_mac_t *const p_wrapped_mac1, rsip_wrapped_mac_t const *const p_wrapped_mac2, uint32_t const wrapped_mac1_buffer_length)

Concatenates two wrapped MACs.

Parameters

[in,out]	p_wrapped_mac1	Pointer to first MAC (MAC1).
[in]	p_wrapped_mac2	Pointer to second MAC (MAC2).
[in]	wrapped_mac1_buffer_length	Length of wrapped_mac1 buffer. It must be equal to or greater than MAC1 \|\| MAC2.

◆ kdfDerivedKeyImport

fsp_err_t(* rsip_api_t::kdfDerivedKeyImport) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_mac_t const *const p_wrapped_mac, rsip_key_type_t const key_type, uint32_t const position, rsip_wrapped_key_t *const p_wrapped_key)

Outputs a wrapped key from KDF output.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_mac	Pointer to wrapped data of concatenated MAC.
[in]	key_type	Output key type.
[in]	position	Start position of output key value in concatenated MAC.
[out]	p_wrapped_key	Pointer to destination of wrapped key.

◆ kdfDerivedIvWrap

fsp_err_t(* rsip_api_t::kdfDerivedIvWrap) (rsip_ctrl_t *const p_ctrl, rsip_wrapped_mac_t const *const p_wrapped_mac, rsip_initial_vector_type_t const initial_vector_type, uint32_t const position, uint8_t const *const p_tls_sequence_num, uint8_t *const p_wrapped_initial_vector)

Outputs a initial vector from KDF output.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	p_wrapped_mac	Pointer to wrapped data of concatenated MAC.
[in]	initial_vector_type	Initial vector type.
[in]	position	Start position of output data value in concatenated MAC.
[in]	p_tls_sequence_num	TLS sequence number. This argument is valid only for TLS-related data type.
[out]	p_wrapped_initial_vector	Pointer to destination of wrapped initial vector.

◆ otfInit

fsp_err_t(* rsip_api_t::otfInit) (rsip_ctrl_t *const p_ctrl, rsip_otf_channel_t const channel, rsip_wrapped_key_t *const p_wrapped_key, uint8_t const *const p_seed)

Initialize on-the-fly decryption on RSIP.

Parameters

[in,out]	p_ctrl	Pointer to control block.
[in]	channel	Channel number.
[in]	p_wrapped_key	Pointer to wrapped AES key.
[in]	p_seed	Pointer to seed.

◆ rsip_instance_t

struct rsip_instance_t

This structure encompasses everything that is needed to use an instance of this interface.

Data Fields
rsip_ctrl_t *	p_ctrl	Pointer to the control structure for this instance.
rsip_cfg_t const *	p_cfg	Pointer to the configuration structure for this instance.
rsip_api_t const *	p_api	Pointer to the API structure for this instance.

Typedef Documentation

◆ rsip_ctrl_t

typedef void rsip_ctrl_t

RSIP Control block. Allocate an instance specific control block to pass into the API calls.

Implemented as

rsip_instance_ctrl_t

Enumeration Type Documentation

◆ rsip_key_type_t

enum rsip_key_type_t

Key types

Enumerator
RSIP_KEY_TYPE_INVALID	Invalid key.
RSIP_KEY_TYPE_AES_128	AES-128.
RSIP_KEY_TYPE_AES_192	AES-192.
RSIP_KEY_TYPE_AES_256	AES-256.
RSIP_KEY_TYPE_XTS_AES_128	XTS-AES-128.
RSIP_KEY_TYPE_XTS_AES_256	XTS-AES-256.
RSIP_KEY_TYPE_CHACHA20	ChaCha20.
RSIP_KEY_TYPE_ECC_SECP256R1_PUBLIC	secp256r1 public key (also known as NIST P-256, prime256v1)
RSIP_KEY_TYPE_ECC_SECP384R1_PUBLIC	secp384r1 public key (also known as NIST P-384)
RSIP_KEY_TYPE_ECC_SECP521R1_PUBLIC	secp521r1 public key (also known as NIST P-521)
RSIP_KEY_TYPE_ECC_SECP256K1_PUBLIC	secp256k1 public key
RSIP_KEY_TYPE_ECC_BRAINPOOLP256R1_PUBLIC	brainpoolP256r1 public key
RSIP_KEY_TYPE_ECC_BRAINPOOLP384R1_PUBLIC	brainpoolP384r1 public key
RSIP_KEY_TYPE_ECC_BRAINPOOLP512R1_PUBLIC	brainpoolP512r1 public key
RSIP_KEY_TYPE_ECC_EDWARDS25519_PUBLIC	edwards25519 public key
RSIP_KEY_TYPE_ECC_SECP256R1_PRIVATE	secp256r1 private key (also known as NIST P-256, prime256v1)
RSIP_KEY_TYPE_ECC_SECP384R1_PRIVATE	secp384r1 private key (also known as NIST P-384)
RSIP_KEY_TYPE_ECC_SECP521R1_PRIVATE	secp521r1 private key (also known as NIST P-521)
RSIP_KEY_TYPE_ECC_SECP256K1_PRIVATE	secp256k1 private key
RSIP_KEY_TYPE_ECC_BRAINPOOLP256R1_PRIVATE	brainpoolP256r1 private key
RSIP_KEY_TYPE_ECC_BRAINPOOLP384R1_PRIVATE	brainpoolP384r1 private key
RSIP_KEY_TYPE_ECC_BRAINPOOLP512R1_PRIVATE	brainpoolP512r1 private key
RSIP_KEY_TYPE_ECC_EDWARDS25519_PRIVATE	edwards25519 private key
RSIP_KEY_TYPE_RSA_1024_PUBLIC	RSA-1024 public key.
RSIP_KEY_TYPE_RSA_2048_PUBLIC	RSA-2048 public key.
RSIP_KEY_TYPE_RSA_3072_PUBLIC	RSA-3072 public key.
RSIP_KEY_TYPE_RSA_4096_PUBLIC	RSA-4096 public key.
RSIP_KEY_TYPE_RSA_1024_PRIVATE	RSA-1024 private key.
RSIP_KEY_TYPE_RSA_2048_PRIVATE	RSA-2048 private key.
RSIP_KEY_TYPE_RSA_3072_PRIVATE	RSA-3072 private key.
RSIP_KEY_TYPE_RSA_4096_PRIVATE	RSA-4096 private key.
RSIP_KEY_TYPE_HMAC_SHA1	HMAC-SHA1.
RSIP_KEY_TYPE_HMAC_SHA224	HMAC-SHA224.
RSIP_KEY_TYPE_HMAC_SHA256	HMAC-SHA256.
RSIP_KEY_TYPE_HMAC_SHA384	HMAC-SHA384.
RSIP_KEY_TYPE_HMAC_SHA512	HMAC-SHA512.

◆ rsip_key_pair_type_t

enum rsip_key_pair_type_t

Key pair types

Enumerator
RSIP_KEY_PAIR_TYPE_INVALID	Invalid key pair type.
RSIP_KEY_PAIR_TYPE_ECC_SECP256R1	secp256r1 key pair (also known as NIST P-256, prime256v1)
RSIP_KEY_PAIR_TYPE_ECC_SECP384R1	secp384r1 key pair (also known as NIST P-384)
RSIP_KEY_PAIR_TYPE_ECC_SECP521R1	secp521r1 key pair (also known as NIST P-521)
RSIP_KEY_PAIR_TYPE_ECC_SECP256K1	secp256k1 key pair
RSIP_KEY_PAIR_TYPE_ECC_BRAINPOOLP256R1	brainpoolP256r1 key pair
RSIP_KEY_PAIR_TYPE_ECC_BRAINPOOLP384R1	brainpoolP384r1 key pair
RSIP_KEY_PAIR_TYPE_ECC_BRAINPOOLP512R1	brainpoolP512r1 key pair
RSIP_KEY_PAIR_TYPE_ECC_EDWARDS25519	edwards25519 key pair
RSIP_KEY_PAIR_TYPE_RSA_1024	RSA-1024 key pair.
RSIP_KEY_PAIR_TYPE_RSA_2048	RSA-2048 key pair.
RSIP_KEY_PAIR_TYPE_RSA_3072	RSA-3072 key pair.
RSIP_KEY_PAIR_TYPE_RSA_4096	RSA-4096 key pair.

◆ rsip_byte_size_wrapped_key_t

enum rsip_byte_size_wrapped_key_t

Byte size of wrapped key

Enumerator
RSIP_BYTE_SIZE_WRAPPED_KEY_AES_128	AES-128.
RSIP_BYTE_SIZE_WRAPPED_KEY_AES_192	AES-192.
RSIP_BYTE_SIZE_WRAPPED_KEY_AES_256	AES-256.
RSIP_BYTE_SIZE_WRAPPED_KEY_XTS_AES_128	XTS-AES-128.
RSIP_BYTE_SIZE_WRAPPED_KEY_XTS_AES_256	XTS-AES-256.
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_SECP256R1_PUBLIC	secp256r1 public key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_SECP384R1_PUBLIC	secp384r1 public key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_SECP521R1_PUBLIC	secp521r1 public key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_SECP256K1_PUBLIC	secp256k1 public key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_BRAINPOOLP256R1_PUBLIC	brainpoolP256r1 public key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_BRAINPOOLP384R1_PUBLIC	brainpoolP384r1 public key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_BRAINPOOLP512R1_PUBLIC	brainpoolP512r1 public key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_EDWARDS25519_PUBLIC	edwards25519 public key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_SECP256R1_PRIVATE	secp256r1 private key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_SECP384R1_PRIVATE	secp384r1 private key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_SECP521R1_PRIVATE	secp521r1 private key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_SECP256K1_PRIVATE	secp256k1 private key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_BRAINPOOLP256R1_PRIVATE	brainpoolP256r1 private key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_BRAINPOOLP384R1_PRIVATE	brainpoolP384r1 private key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_BRAINPOOLP512R1_PRIVATE	brainpoolP512r1 private key
RSIP_BYTE_SIZE_WRAPPED_KEY_ECC_EDWARDS25519_PRIVATE	edwards25519 private key
RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_1024_PUBLIC	RSA-1024 public key.
RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_2048_PUBLIC	RSA-2048 public key.
RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_3072_PUBLIC	RSA-3072 public key.
RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_4096_PUBLIC	RSA-4096 public key.
RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_1024_PRIVATE	RSA-1024 private key.
RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_2048_PRIVATE	RSA-2048 private key.
RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_3072_PRIVATE	RSA-3072 private key.
RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_4096_PRIVATE	RSA-4096 private key.
RSIP_BYTE_SIZE_WRAPPED_KEY_HMAC_SHA1	HMAC-SHA1.
RSIP_BYTE_SIZE_WRAPPED_KEY_HMAC_SHA224	HMAC-SHA224.
RSIP_BYTE_SIZE_WRAPPED_KEY_HMAC_SHA256	HMAC-SHA256.
RSIP_BYTE_SIZE_WRAPPED_KEY_HMAC_SHA384	HMAC-SHA384.
RSIP_BYTE_SIZE_WRAPPED_KEY_HMAC_SHA512	HMAC-SHA512.
RSIP_BYTE_SIZE_WRAPPED_KEY_KDF_HMAC_SHA256	KDF HMAC-SHA256.
RSIP_BYTE_SIZE_WRAPPED_KEY_KDF_HMAC_SHA384	KDF HMAC-SHA384.
RSIP_BYTE_SIZE_WRAPPED_KEY_KDF_HMAC_SHA512	KDF HMAC-SHA512.
RSIP_BYTE_SIZE_WRAPPED_KEY_TLS12_PREMASTER_SECRET	TLS1.2 premaster secret.

◆ rsip_byte_size_encrypted_key_t

enum rsip_byte_size_encrypted_key_t

Byte size of encrypted key

Enumerator
RSIP_BYTE_SIZE_ENCRYPTED_KEY_AES_128	AES-128.
RSIP_BYTE_SIZE_ENCRYPTED_KEY_AES_192	AES-192.
RSIP_BYTE_SIZE_ENCRYPTED_KEY_AES_256	AES-256.
RSIP_BYTE_SIZE_ENCRYPTED_KEY_XTS_AES_128	XTS-AES-128.
RSIP_BYTE_SIZE_ENCRYPTED_KEY_XTS_AES_256	XTS-AES-256.
RSIP_BYTE_SIZE_ENCRYPTED_KEY_ECC_SECP256R1_PUBLIC	secp256r1 public key
RSIP_BYTE_SIZE_ENCRYPTED_KEY_ECC_SECP384R1_PUBLIC	secp384r1 public key
RSIP_BYTE_SIZE_ENCRYPTED_KEY_ECC_SECP521R1_PUBLIC	secp521r1 public key
RSIP_BYTE_SIZE_ENCRYPTED_KEY_ECC_SECP256K1_PUBLIC	secp256k1 public key
RSIP_BYTE_SIZE_ENCRYPTED_KEY_ECC_BRAINPOOLP256R1_PUBLIC	brainpoolP256r1 public key
RSIP_BYTE_SIZE_ENCRYPTED_KEY_ECC_BRAINPOOLP384R1_PUBLIC	brainpoolP384r1 public key
RSIP_BYTE_SIZE_ENCRYPTED_KEY_ECC_BRAINPOOLP512R1_PUBLIC	brainpoolP512r1 public key
RSIP_BYTE_SIZE_ENCRYPTED_KEY_ECC_EDWARDS25519_PUBLIC	edwards25519 public key
RSIP_BYTE_SIZE_ENCRYPTED_KEY_ECC_SECP256R1_PRIVATE	secp256r1 private key
RSIP_BYTE_SIZE_ENCRYPTED_KEY_ECC_SECP384R1_PRIVATE	secp384r1 private key
RSIP_BYTE_SIZE_ENCRYPTED_KEY_ECC_SECP521R1_PRIVATE	secp521r1 private key
RSIP_BYTE_SIZE_ENCRYPTED_KEY_ECC_SECP256K1_PRIVATE	secp256k1 private key
RSIP_BYTE_SIZE_ENCRYPTED_KEY_ECC_BRAINPOOLP256R1_PRIVATE	brainpoolP256r1 private key
RSIP_BYTE_SIZE_ENCRYPTED_KEY_ECC_BRAINPOOLP384R1_PRIVATE	brainpoolP384r1 private key
RSIP_BYTE_SIZE_ENCRYPTED_KEY_ECC_BRAINPOOLP512R1_PRIVATE	brainpoolP512r1 private key
RSIP_BYTE_SIZE_ENCRYPTED_KEY_ECC_EDWARDS25519_PRIVATE	edwards25519 private key
RSIP_BYTE_SIZE_ENCRYPTED_KEY_RSA_1024_PUBLIC	RSA-1024 public key.
RSIP_BYTE_SIZE_ENCRYPTED_KEY_RSA_2048_PUBLIC	RSA-2048 public key.
RSIP_BYTE_SIZE_ENCRYPTED_KEY_RSA_3072_PUBLIC	RSA-3072 public key.
RSIP_BYTE_SIZE_ENCRYPTED_KEY_RSA_4096_PUBLIC	RSA-4096 public key.
RSIP_BYTE_SIZE_ENCRYPTED_KEY_RSA_1024_PRIVATE	RSA-1024 private key.
RSIP_BYTE_SIZE_ENCRYPTED_KEY_RSA_2048_PRIVATE	RSA-2048 private key.
RSIP_BYTE_SIZE_ENCRYPTED_KEY_RSA_3072_PRIVATE	RSA-3072 private key.
RSIP_BYTE_SIZE_ENCRYPTED_KEY_RSA_4096_PRIVATE	RSA-4096 private key.
RSIP_BYTE_SIZE_ENCRYPTED_KEY_HMAC_SHA1	HMAC-SHA1.
RSIP_BYTE_SIZE_ENCRYPTED_KEY_HMAC_SHA224	HMAC-SHA224.
RSIP_BYTE_SIZE_ENCRYPTED_KEY_HMAC_SHA256	HMAC-SHA256.
RSIP_BYTE_SIZE_ENCRYPTED_KEY_HMAC_SHA384	HMAC-SHA384.
RSIP_BYTE_SIZE_ENCRYPTED_KEY_HMAC_SHA512	HMAC-SHA512.

◆ rsip_byte_size_wrapped_mac_t

enum rsip_byte_size_wrapped_mac_t

Byte size of wrapped key

Enumerator
RSIP_BYTE_SIZE_WRAPPED_MAC_HEADER	Header.
RSIP_BYTE_SIZE_WRAPPED_MAC_HMAC_SHA256	A block of HMAC-SHA256.
RSIP_BYTE_SIZE_WRAPPED_MAC_HMAC_SHA384	A block of HMAC-SHA384.
RSIP_BYTE_SIZE_WRAPPED_MAC_HMAC_SHA512	A block of HMAC-SHA512.

◆ rsip_aes_cipher_mode_t

enum rsip_aes_cipher_mode_t

Block cipher modes of operation for AES

Enumerator
RSIP_AES_CIPHER_MODE_ECB_ENC	Electronic Codebook (ECB) mode encryption.
RSIP_AES_CIPHER_MODE_ECB_DEC	Electronic Codebook (ECB) mode decryption.
RSIP_AES_CIPHER_MODE_CBC_ENC	Cipher Block Chaining (CBC) mode encryption.
RSIP_AES_CIPHER_MODE_CBC_DEC	Cipher Block Chaining (CBC) mode decryption.
RSIP_AES_CIPHER_MODE_CTR	Counter (CTR) mode encryption or decryption.
RSIP_AES_CIPHER_MODE_XTS_ENC	XEX-based tweaked-codebook mode with ciphertext stealing (XTS) encryption.
RSIP_AES_CIPHER_MODE_XTS_DEC	XEX-based tweaked-codebook mode with ciphertext stealing (XTS) decryption.
RSIP_AES_CIPHER_MODE_CBC_ENC_WRAPPED_IV	Cipher Block Chaining (CBC) mode encryption with wrapped IV.
RSIP_AES_CIPHER_MODE_CBC_DEC_WRAPPED_IV	Cipher Block Chaining (CBC) mode decryption with wrapped IV.

◆ rsip_aes_aead_mode_t

enum rsip_aes_aead_mode_t

AEAD modes of operation for AES

Enumerator
RSIP_AES_AEAD_MODE_GCM_ENC	Galois/Counter Mode (GCM) encryption.
RSIP_AES_AEAD_MODE_GCM_DEC	Galois/Counter Mode (GCM) decryption.
RSIP_AES_AEAD_MODE_CCM_ENC	Counter with CBC-MAC (CCM) encryption.
RSIP_AES_AEAD_MODE_CCM_DEC	Counter with CBC-MAC (CCM) decryption.
RSIP_AES_AEAD_MODE_GCM_ENC_WRAPPED_IV	Galois/Counter Mode (GCM) encryption with wrapped IV.
RSIP_AES_AEAD_MODE_GCM_DEC_WRAPPED_IV	Galois/Counter Mode (GCM) decryption with wrapped IV.

◆ rsip_aes_mac_mode_t

enum rsip_aes_mac_mode_t

MAC modes of operation for AES

Enumerator
RSIP_AES_MAC_MODE_CMAC	Cipher-based MAC (CMAC)

◆ rsip_hash_type_t

enum rsip_hash_type_t

Hash type

Enumerator
RSIP_HASH_TYPE_SHA1	SHA-1.
RSIP_HASH_TYPE_SHA224	SHA-224.
RSIP_HASH_TYPE_SHA256	SHA-256.
RSIP_HASH_TYPE_SHA384	SHA-384.
RSIP_HASH_TYPE_SHA512	SHA-512.
RSIP_HASH_TYPE_SHA512_224	SHA-512/224.
RSIP_HASH_TYPE_SHA512_256	SHA-512/256.

◆ rsip_mgf_type_t

enum rsip_mgf_type_t

MGF type

Enumerator
RSIP_MGF_TYPE_MGF1_SHA1	MGF1 with SHA-1.
RSIP_MGF_TYPE_MGF1_SHA224	MGF1 with SHA-224.
RSIP_MGF_TYPE_MGF1_SHA256	MGF1 with SHA-256.
RSIP_MGF_TYPE_MGF1_SHA384	MGF1 with SHA-384.
RSIP_MGF_TYPE_MGF1_SHA512	MGF1 with SHA-512.
RSIP_MGF_TYPE_MGF1_SHA512_224	MGF1 with SHA-512/224.
RSIP_MGF_TYPE_MGF1_SHA512_256	MGF1 with SHA-512/256.

◆ rsip_rsa_salt_length_t

enum rsip_rsa_salt_length_t

RSA salt length

Enumerator
RSIP_RSA_SALT_LENGTH_AUTO	When signing, the salt length is set to RSIP_RSA_SALT_LENGTH_MAX or RSIP_RSA_SALT_LENGTH_HASH, whichever is shorter. When verifying, the salt length is detected automatically.
RSIP_RSA_SALT_LENGTH_HASH	The salt length is set to the hash length.
RSIP_RSA_SALT_LENGTH_MAX	The salt length is set to emLen - hLen - 2, where emLen is the same as the key length and hLen is the hash length.

◆ rsip_initial_vector_type_t

enum rsip_initial_vector_type_t

IV data types

Enumerator
RSIP_INITIAL_VECTOR_TYPE_AES_16_BYTE	Wrapped AES initial vector (unprocessed)
RSIP_INITIAL_VECTOR_TYPE_AES_TLS12_CBC	Wrapped AES initial vector (TLS1.2 AES-CBC)
RSIP_INITIAL_VECTOR_TYPE_AES_TLS12_AEAD	Wrapped AES nonce (TLS1.2 AES AEAD)
RSIP_INITIAL_VECTOR_TYPE_AES_TLS13_AEAD	Wrapped AES nonce (TLS1.3 AES AEAD)

◆ rsip_otf_channel_t

enum rsip_otf_channel_t

Channel number of on-the-fly decryption module.

Enumerator
RSIP_OTF_CHANNEL_0	Channel 0.
RSIP_OTF_CHANNEL_1	Channel 1.

Detailed Description

Summary

Data Structures

Typedefs

Enumerations

Data Structure Documentation

◆ rsip_wrapped_key_t

◆ rsip_wrapped_mac_t

◆ rsip_wrapped_secret_t

◆ rsip_key_update_key_t

◆ rsip_sha_handle_t

◆ rsip_hmac_handle_t

◆ rsip_kdf_hmac_handle_t

◆ rsip_verified_cert_info_t

◆ rsip_cfg_t

◆ rsip_api_t

Data Fields

Field Documentation

◆ open

◆ close

◆ randomNumberGenerate

◆ keyGenerate

◆ keyPairGenerate

◆ encryptedKeyWrap

◆ rfc3394_KeyWrap

◆ rfc3394_KeyUnwrap

◆ injectedKeyImport

◆ publicKeyExport

◆ aesCipherInit

◆ aesCipherUpdate

◆ aesCipherFinish

◆ aesAeadInit

◆ aesAeadLengthsSet

◆ aesAeadAadUpdate

◆ aesAeadUpdate

◆ aesAeadFinish

◆ aesAeadVerify

◆ aesMacInit

◆ aesMacUpdate

◆ aesMacSignFinish

◆ aesMacVerifyFinish

◆ ecdsaSign

◆ ecdsaVerify

◆ ecdhKeyAgree

◆ ecdhPlainKeyAgree

◆ rsaEncrypt

◆ rsaDecrypt

◆ rsaesPkcs1V15Encrypt

◆ rsaesPkcs1V15Decrypt

◆ rsaesOaepEncrypt

◆ rsaesOaepDecrypt

◆ rsassaPkcs1V15Sign

◆ rsassaPkcs1V15Verify

◆ rsassaPssSign

◆ rsassaPssVerify

◆ shaCompute

◆ shaInit

◆ shaUpdate

◆ shaFinish

◆ shaSuspend

◆ shaResume

◆ hmacCompute

◆ hmacVerify

◆ hmacInit

◆ hmacUpdate

◆ hmacSignFinish

◆ hmacVerifyFinish

◆ hmacSuspend

◆ hmacResume

◆ pkiEcdsaCertVerify

◆ pkiVerifiedCertInfoExport

◆ pkiVerifiedCertInfoImport

◆ pkiCertKeyImport

◆ kdfMacKeyImport

◆ kdfEcdhSecretKeyImport

◆ kdfhmacInit

◆ kdfhmacMacUpdate

◆ kdfhmacEcdhSecretUpdate

◆ kdfhmacUpdate

◆ kdfhmacSignFinish