New functions: asymmetric encrypt/decrypt
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index d4ebcba..d9c8fed 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -326,7 +326,8 @@
#define PSA_ALG_RSA_PKCS1V15_SIGN_RAW ((psa_algorithm_t)0x10010000)
#define PSA_ALG_RSA_PSS_MGF1 ((psa_algorithm_t)0x10020000)
-#define PSA_ALG_RSA_OAEP ((psa_algorithm_t)0x12020000)
+#define PSA_ALG_RSA_PKCS1V15_CRYPT ((psa_algorithm_t)0x12010000)
+#define PSA_ALG_RSA_OAEP_MGF1_BASE ((psa_algorithm_t)0x12020000)
#define PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg) \
(PSA_ALG_RSA_PKCS1V15_SIGN_RAW | ((hash_alg) & PSA_ALG_HASH_MASK))
#define PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) \
@@ -1329,6 +1330,114 @@
uint8_t *signature,
size_t signature_size);
+#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
+ (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
+ ((void)alg, 0))
+#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
+ PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg)
+
+/**
+ * \brief Encrypt a short message with a public key.
+ *
+ * \param key Key slot containing a public key or an asymmetric
+ * key pair.
+ * \param alg An asymmetric encryption algorithm that is
+ * compatible with the type of \c key.
+ * \param input The message to encrypt.
+ * \param input_length Size of the \c input buffer in bytes.
+ * \param salt A salt or label, if supported by the encryption
+ * algorithm.
+ * If the algorithm does not support a
+ * salt, pass \c NULL.
+ * If the algorithm supports an optional
+ * salt and you do not want to pass a salt,
+ * pass \c NULL.
+ *
+ * - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
+ * supported.
+ * \param salt_length Size of the \c salt buffer in bytes.
+ * If \c salt is \c NULL, pass 0.
+ * \param output Buffer where the encrypted message is to be written.
+ * \param output_size Size of the \c output buffer in bytes.
+ * \param output_length On success, the number of bytes
+ * that make up the returned output.
+ *
+ * \retval PSA_SUCCESS
+ * \retval PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \c output buffer is too small. You can
+ * determine a sufficient buffer size by calling
+ * #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg)
+ * where \c key_type and \c key_bits are the type and bit-size
+ * respectively of \c key.
+ * \retval PSA_ERROR_NOT_SUPPORTED
+ * \retval PSA_ERROR_INVALID_ARGUMENT
+ * \retval PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval PSA_ERROR_HARDWARE_FAILURE
+ * \retval PSA_ERROR_TAMPERING_DETECTED
+ * \retval PSA_ERROR_INSUFFICIENT_ENTROPY
+ */
+psa_status_t psa_asymmetric_encrypt(psa_key_slot_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *salt,
+ size_t salt_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
+
+/**
+ * \brief Decrypt a short message with a private key.
+ *
+ * \param key Key slot containing an asymmetric key pair.
+ * \param alg An asymmetric encryption algorithm that is
+ * compatible with the type of \c key.
+ * \param input The message to decrypt.
+ * \param input_length Size of the \c input buffer in bytes.
+ * \param salt A salt or label, if supported by the encryption
+ * algorithm.
+ * If the algorithm does not support a
+ * salt, pass \c NULL.
+ * If the algorithm supports an optional
+ * salt and you do not want to pass a salt,
+ * pass \c NULL.
+ *
+ * - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
+ * supported.
+ * \param salt_length Size of the \c salt buffer in bytes.
+ * If \c salt is \c NULL, pass 0.
+ * \param output Buffer where the encrypted message is to be written.
+ * \param output_size Size of the \c output buffer in bytes.
+ * \param output_length On success, the number of bytes
+ * that make up the returned output.
+ *
+ * \retval PSA_SUCCESS
+ * \retval PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \c output buffer is too small. You can
+ * determine a sufficient buffer size by calling
+ * #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg)
+ * where \c key_type and \c key_bits are the type and bit-size
+ * respectively of \c key.
+ * \retval PSA_ERROR_NOT_SUPPORTED
+ * \retval PSA_ERROR_INVALID_ARGUMENT
+ * \retval PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval PSA_ERROR_HARDWARE_FAILURE
+ * \retval PSA_ERROR_TAMPERING_DETECTED
+ * \retval PSA_ERROR_INSUFFICIENT_ENTROPY
+ * \retval PSA_ERROR_INVALID_PADDING
+ */
+psa_status_t psa_asymmetric_decrypt(psa_key_slot_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *salt,
+ size_t salt_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
+
/**@}*/
#ifdef __cplusplus