11.12.3.4.84. Function Se05x_API_ECDAASign

11.12.3.4.84.1. Function Documentation

smStatus_t Se05x_API_ECDAASign(pSe05xSession_t session_ctx, uint32_t objectID, SE05x_ECDAASignatureAlgo_t ecdaaSignAlgo, const uint8_t *inputData, size_t inputDataLen, const uint8_t *randomData, size_t randomDataLen, uint8_t *signature, size_t *psignatureLen)

Se05x_API_ECDAASign

The ECDAASign command signs external data using the indicated key pair or private key. This is performed according to ECDAA. The generated signature is:

  • r = random mod n

  • s = (r + T.ds) mod n where d is the private key

The ECDAASignatureAlgo indicates the applied algorithm.

This APDU command should be used with a key identifier linked to TPM_ECC_BN_P256 curve.

Note: The applet allows the random input to be 32 bytes of zeroes; the user must take care that this is not considered as valid input. Only input in the interval [1, n-1] must be considered as valid.

Command to Applet

Field

Value

Description

CLA

0x80

INS

INS_CRYPTO

SE05x_INS_t

P1

P1_SIGNATURE

See SE05x_P1_t

P2

P2_SIGN

See SE05x_P2_t

Lc

#(Payload)

TLV[TAG_1]

4-byte identifier of EC key pair or private key.

TLV[TAG_2]

1-byte ECDAASignatureAlgo

TLV[TAG_3]

T = 32-byte array containing hashed input data.

TLV[TAG_4]

r = 32-byte array containing random data, must be in the interval [1, n-1] where n is the order of the curve.

Le

0x00

Expecting signature

R-APDU Body

Value

Description

TLV[TAG_1]

ECDSA Signature (r concatenated with s).

R-APDU Trailer

SW

Description

SW_NO_ERROR

The command is handled successfully.

Parameters
  • [in] session_ctx: Session Context [0:kSE05x_pSession]

  • [in] objectID: objectID [1:kSE05x_TAG_1]

  • [in] ecdaaSignAlgo: ecdaaSignAlgo [2:kSE05x_TAG_2]

  • [in] inputData: inputData [3:kSE05x_TAG_3]

  • [in] inputDataLen: Length of inputData

  • [in] randomData: randomData [4:kSE05x_TAG_4]

  • [in] randomDataLen: Length of randomData

  • [out] signature: [0:kSE05x_TAG_1]

  • [inout] psignatureLen: Length for signature