11.12.3.4.85. Function Se05x_API_ECDHGenerateSharedSecret¶
Defined in File se05x_APDU_apis.h
11.12.3.4.85.1. Function Documentation¶
-
smStatus_t
Se05x_API_ECDHGenerateSharedSecret
(pSe05xSession_t session_ctx, uint32_t objectID, const uint8_t *pubKey, size_t pubKeyLen, uint8_t *sharedSecret, size_t *psharedSecretLen)¶ Se05x_API_ECDHGenerateSharedSecret
The ECDHGenerateSharedSecret command generates a shared secret ECC point on the curve using an EC private key on SE05X and an external public key provided by the caller. The output shared secret is returned to the caller.
All curves from ECCurve are supported, except ECC_ED_25519.
Note that ECDHGenerateSharedSecret commands with EC keys using curve ID_ECC_MONT_DH_25519 or ID_ECC_MONT_DH_448 cause NVM write operations for each call. This is not the case for the other curves.
When CONFIG_FIPS_MODE_DISABLED is not set, this function will always return SW_CONDTIONS_NOT_SATISFIED.
The shared secret can only be received when the Secure Object containing the key pair or private key (TLV[TAG_1]) does not contain the policy POLICY_OBJ_FORBID_DERIVED_OUTPUT. If that is the case, the user must provide TLV[TAG_7} to store the shared secret in an HMACKey object. The user is responsible to assign the correct size of the HMACKey object: this must equal the size of the shared secret exactly.
On applet 4.4.0, the policy POLICY_OBJ_FORBID_DERIVED_OUTPUT is not yet verified for this function. It will always be allowed.
Command to Applet
Field
Value
Description
CLA
0x80
INS
INS_CRYPTO
P1
P1_EC
See
SE05x_P1_t
P2
P2_DH
See
SE05x_P2_t
Lc
#(Payload)
Payload
TLV[TAG_1]
4-byte identifier of the key pair or private key.
TLV[TAG_2]
External public key (see
ECKeyRef
).TLV[TAG_7]
4-byte HMACKey identifier to store output. [Optional]
Le
0x00
Expected shared secret length.
R-APDU Body
Value
Description
TLV[TAG_1]
The returned shared secret. [Conditional: only when the input does not contain TLV[TAG_7].}
R-APDU Trailer
SW
Description
SW_NO_ERROR
The command is handled successfully.
- Parameters
[in] session_ctx
: Session Context [0:kSE05x_pSession][in] objectID
: objectID [1:kSE05x_TAG_1][in] pubKey
: pubKey [2:kSE05x_TAG_2][in] pubKeyLen
: Length of pubKey[out] sharedSecret
: [0:kSE05x_TAG_1][inout] psharedSecretLen
: Length for sharedSecret