ECC key API. More...
Go to the source code of this file.
Macros | |
| #define | ZPC_EC_KEY_TYPE_CCA 0x1f |
| #define | ZPC_EC_KEY_TYPE_EP11 7 |
| #define | ZPC_EC_KEY_TYPE_PVSECRET 9 |
| #define | ZPC_EC_KEY_REENCIPHER_OLD_TO_CURRENT 1 |
| #define | ZPC_EC_KEY_REENCIPHER_CURRENT_TO_NEW 2 |
Functions | |
| int | zpc_ec_key_alloc (struct zpc_ec_key **key) |
| int | zpc_ec_key_set_curve (struct zpc_ec_key *key, zpc_ec_curve_t curve) |
| int | zpc_ec_key_set_type (struct zpc_ec_key *key, int type) |
| int | zpc_ec_key_set_flags (struct zpc_ec_key *key, unsigned int flags) |
| int | zpc_ec_key_set_mkvp (struct zpc_ec_key *key, const char *mkvp) |
| int | zpc_ec_key_set_apqns (struct zpc_ec_key *key, const char *apqns[]) |
| int | zpc_ec_key_import (struct zpc_ec_key *key, const unsigned char *seckey, unsigned int seckeylen) |
| int | zpc_ec_key_import_clear (struct zpc_ec_key *key, const unsigned char *pubkey, unsigned int publen, const unsigned char *privkey, unsigned int privlen) |
| int | zpc_ec_key_export (struct zpc_ec_key *key, unsigned char *seckey, unsigned int *seckeylen) |
| int | zpc_ec_key_export_public (struct zpc_ec_key *key, unsigned char *pubkey, unsigned int *pubkeylen) |
| int | zpc_ec_key_generate (struct zpc_ec_key *key) |
| int | zpc_ec_key_reencipher (struct zpc_ec_key *key, unsigned int reenc) |
| void | zpc_ec_key_free (struct zpc_ec_key **key) |
Detailed Description
ECC key API.
Manage elliptic curve cryptography (ECC) cipher [4] keys.
Definition in file ecc_key.h.
Macro Definition Documentation
◆ ZPC_EC_KEY_TYPE_CCA
◆ ZPC_EC_KEY_TYPE_EP11
◆ ZPC_EC_KEY_TYPE_PVSECRET
◆ ZPC_EC_KEY_REENCIPHER_OLD_TO_CURRENT
◆ ZPC_EC_KEY_REENCIPHER_CURRENT_TO_NEW
Enumeration Type Documentation
◆ zpc_ec_curve_t
◆ zpc_ecsecret_type_t
Function Documentation
◆ zpc_ec_key_alloc()
| int zpc_ec_key_alloc | ( | struct zpc_ec_key ** | key | ) |
Allocate a new EC key object with reference count 1.
- Parameters
-
[in,out] key EC key
- Returns
- 0 on success. Otherwise, a non-zero error code is returned.
◆ zpc_ec_key_set_curve()
| int zpc_ec_key_set_curve | ( | struct zpc_ec_key * | key, |
| zpc_ec_curve_t | curve ) |
Set the EC curve.
- Parameters
-
[in,out] key EC key [in] curve EC curve
- Returns
- 0 on success. Otherwise, a non-zero error code is returned.
◆ zpc_ec_key_set_type()
| int zpc_ec_key_set_type | ( | struct zpc_ec_key * | key, |
| int | type ) |
Set the EC key type.
- Parameters
-
[in,out] key EC key [in] type ZPC_EC_KEY_TYPE_CCA or ZPC_EC_KEY_TYPE_EP11
- Returns
- 0 on success. Otherwise, a non-zero error code is returned.
◆ zpc_ec_key_set_flags()
| int zpc_ec_key_set_flags | ( | struct zpc_ec_key * | key, |
| unsigned int | flags ) |
Set the EC key flags.
- Parameters
-
[in,out] key EC key [in] flags key flags
- Returns
- 0 on success. Otherwise, a non-zero error code is returned.
◆ zpc_ec_key_set_mkvp()
| int zpc_ec_key_set_mkvp | ( | struct zpc_ec_key * | key, |
| const char * | mkvp ) |
Set the EC key Master Key Verification Pattern.
- Parameters
-
[in,out] key EC key [in] mkvp master key verification pattern (8 bytes for CCA keys, 16 or 32 bytes for EP11 keys, only the first 16 bytes are relevant). This function has no effect for keys of type PVSECRET.
- Returns
- 0 on success. Otherwise, a non-zero error code is returned.
◆ zpc_ec_key_set_apqns()
| int zpc_ec_key_set_apqns | ( | struct zpc_ec_key * | key, |
| const char * | apqns[] ) |
Set the EC key APQNs
- Parameters
-
[in,out] key EC key [in] apqns NULL-terminated APQN list This function has no effect for keys of type PVSECRET.
- Returns
- 0 on success. Otherwise, a non-zero error code is returned.
◆ zpc_ec_key_import()
| int zpc_ec_key_import | ( | struct zpc_ec_key * | key, |
| const unsigned char * | seckey, | ||
| unsigned int | seckeylen ) |
Import an EC secure-key. Depending on the key type (CCA or EP11), the secure key buffer must contain either a CCA secure key token or an EP11 secure key structure. For EP11 type keys, a SubjectPublicKeyInfo encoding (SPKI) of the related public EC key may be appended to the secure key data.
- Parameters
-
[in,out] key EC key [in] seckey EC secure-key [in] seckeylen EC key secure-length [bytes]
- Returns
- 0 on success. Otherwise, a non-zero error code is returned.
◆ zpc_ec_key_import_clear()
| int zpc_ec_key_import_clear | ( | struct zpc_ec_key * | key, |
| const unsigned char * | pubkey, | ||
| unsigned int | publen, | ||
| const unsigned char * | privkey, | ||
| unsigned int | privlen ) |
Import an EC clear-key pair. At least one of the key parts must be non-NULL. A NULL key part leaves a previously set key part untouched, so it is e.g. possible to first import a secure key using the zpc_ec_key_import() function, and then adding the corresponding public key with a subsequent zpc_ec_import_clear() call. No integrity check is performed on the imported key material, except of a plausibility check on the length of the provided key parts. The application is responsible for providing valid key parts or pairs. Public keys are considered to be the concatenated X and Y values without a leading 0x04 byte that would indicate an uncompressed public key. For PVSECRET type keys it is possible to add the public key to the key object by importing the clear public key. The privkey parm must be NULL and privlen must be 0 when doing this.
- Parameters
-
[in,out] key EC key [in] pubkey an uncompressed EC public key (can be NULL) [in] publen EC public key length [bytes] [in] privkey EC private key (can be NULL) [in] privlen EC private key length [bytes]
- Returns
- 0 on success. Otherwise, a non-zero error code is returned.
◆ zpc_ec_key_export()
| int zpc_ec_key_export | ( | struct zpc_ec_key * | key, |
| unsigned char * | seckey, | ||
| unsigned int * | seckeylen ) |
Export an EC secure-key. Depending on the key type (CCA or EP11), the secure key is either a CCA secure key token or an EP11 secure key structure. For EP11 type keys, a SubjectPublicKeyInfo encoding (SPKI) of the related public EC key is appended to the secure key data if the key object has a public key.
- Parameters
-
[in,out] key EC key [out] seckey EC secure-key [in,out] seckeylen secure EC secure-key length [bytes]
- Returns
- 0 on success. Otherwise, a non-zero error code is returned.
◆ zpc_ec_key_export_public()
| int zpc_ec_key_export_public | ( | struct zpc_ec_key * | key, |
| unsigned char * | pubkey, | ||
| unsigned int * | pubkeylen ) |
Export an EC public-key.
- Parameters
-
[in,out] key EC key [out] pubkey uncompressed EC public-key (can be NULL to obtain the length only) The output buffer contains the concatenated X and Y values of the public key without a leading byte indicating an uncompressed key. [in,out] pubkeylen EC public-key length [bytes]
- Returns
- 0 on success. Otherwise, a non-zero error code is returned.
◆ zpc_ec_key_generate()
| int zpc_ec_key_generate | ( | struct zpc_ec_key * | key | ) |
Generate an EC secure-key.
- Parameters
-
[in,out] key EC key
- Returns
- 0 on success. Otherwise, a non-zero error code is returned.
◆ zpc_ec_key_reencipher()
| int zpc_ec_key_reencipher | ( | struct zpc_ec_key * | key, |
| unsigned int | reenc ) |
Reencipher an EC secure-key.
- Parameters
-
[in,out] key EC key [in] reenc ZPC_EC_KEY_REENCIPHER_OLD_TO_CURRENT or ZPC_EC_KEY_REENCIPHER_CURRENT_TO_NEW This function is not applicable for pvsecret-type keys and returns ZPC_ERROR_KEYTYPE when called for such keys.
- Returns
- 0 on success. Otherwise, a non-zero error code is returned.
◆ zpc_ec_key_free()
| void zpc_ec_key_free | ( | struct zpc_ec_key ** | key | ) |
Decrease the reference count of an EC key object and free it the count reaches 0.
- Parameters
-
[in,out] key EC key
Generated by
1.15.0