11.12.3.4.86. Function Se05x_API_ECDSASign

11.12.3.4.86.1. Function Documentation

smStatus_t Se05x_API_ECDSASign(pSe05xSession_t session_ctx, uint32_t objectID, SE05x_ECSignatureAlgo_t ecSignAlgo, const uint8_t *inputData, size_t inputDataLen, uint8_t *signature, size_t *psignatureLen)

Se05x_API_ECDSASign

The ECDSASign command signs external data using the indicated key pair or private key.

The ECSignatureAlgo indicates the ECDSA algorithm that is used, but the hashing of data always must be done on the host. E.g., if ECSignatureAlgo = SIG_ ECDSA_SHA256, the user must have applied SHA256 on the input data already.

The user must take care of providing the correct input length; i.e., the data input length (TLV[TAG_3]) must match the digest indicated in the signature algorithm (TLV[TAG_2]).

In any case, the APDU payload must be smaller than MAX_APDU_PAYLOAD_LENGTH.

This is performed according to the ECDSA algorithm as specified in [ANSI X9.62]. The signature (a sequence of two integers ‘r’ and ‘s’) as returned in the response adheres to the ASN.1 DER encoded formatting rules for integers.

Command to Applet

Field

Value

Description

CLA

0x80

INS

INS_CRYPTO

SE05x_INS_t

P1

P1_SIGNATURE

See SE05x_P1_t

P2

P2_SIGN

See SE05x_P2_t

Lc

#(Payload)

TLV[TAG_1]

4-byte identifier of EC key pair or private key.

TLV[TAG_2]

1-byte ECSignatureAlgo.

TLV[TAG_3]

Byte array containing input data.

Le

0x00

Expecting ASN.1 signature

R-APDU Body

Value

Description

TLV[TAG_1]

ECDSA Signature in ASN.1 format.

R-APDU Trailer

SW

Description

SW_NO_ERROR

The command is handled successfully.

Parameters
  • [in] session_ctx: Session Context [0:kSE05x_pSession]

  • [in] objectID: objectID [1:kSE05x_TAG_1]

  • [in] ecSignAlgo: ecSignAlgo [2:kSE05x_TAG_2]

  • [in] inputData: inputData [3:kSE05x_TAG_3]

  • [in] inputDataLen: Length of inputData

  • [out] signature: [0:kSE05x_TAG_1]

  • [inout] psignatureLen: Length for signature