11.12.3.4.87. Function Se05x_API_ECDSAVerify

11.12.3.4.87.1. Function Documentation

smStatus_t Se05x_API_ECDSAVerify(pSe05xSession_t session_ctx, uint32_t objectID, SE05x_ECSignatureAlgo_t ecSignAlgo, const uint8_t *inputData, size_t inputDataLen, const uint8_t *signature, size_t signatureLen, SE05x_Result_t *presult)

Se05x_API_ECDSAVerify

The ECDSAVerify command verifies whether the signature is correct for a given (hashed) data input using an EC public key or EC key pair’s public key.

The ECSignatureAlgo indicates the ECDSA algorithm that is used, but the hashing of data must always be done on the host. E.g., if ECSignatureAlgo = SIG_ ECDSA_SHA256, the user must have applied SHA256 on the input data already.

The key cannot be passed externally to the command directly. In case users want to use the command to verify signatures using different public keys or the public key value regularly changes, the user should create a transient key object to which the key value is written and then the identifier of that transient secure object can be used by this ECDSAVerify command.

Command to Applet

Field

Value

Description

CLA

0x80

INS

INS_CRYPTO

SE05x_INS_t

P1

P1_SIGNATURE

See SE05x_P1_t

P2

P2_VERIFY

See SE05x_P2_t

Lc

#(Payload)

TLV[TAG_1]

4-byte identifier of the key pair or public key.

TLV[TAG_2]

1-byte ECSignatureAlgo.

TLV[TAG_3]

Byte array containing ASN.1 signature

TLV[TAG_5]

Byte array containing hashed data to compare.

Le

0x03

Expecting TLV with SE05x_Result_t

R-APDU Body

Value

Description

TLV[TAG_1]

Result of the signature verification (SE05x_Result_t).

R-APDU Trailer

SW

Description

SW_NO_ERROR

The command is handled successfully.

SW_CONDITIONS_NOT_SATISFIED

Incorrect data

Parameters
  • [in] session_ctx: Session Context [0:kSE05x_pSession]

  • [in] objectID: objectID [1:kSE05x_TAG_1]

  • [in] ecSignAlgo: ecSignAlgo [2:kSE05x_TAG_2]

  • [in] inputData: inputData [3:kSE05x_TAG_3]

  • [in] inputDataLen: Length of inputData

  • [in] signature: signature [4:kSE05x_TAG_5]

  • [in] signatureLen: Length of signature

  • [out] presult: [0:kSE05x_TAG_1]