sandbox / mbedtls

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Fork of mbedtls by Christopher Haster

mbedtls/rsa.h@1:24750b9ad5ef, 2016-01-22 (annotated)

Committer:
Christopher Haster
Date:
Fri Jan 22 16:44:49 2016 -0600
Revision:
1:24750b9ad5ef
Initial move of mbedtls to mercurial

Who changed what in which revision?

UserRevisionLine numberNew contents of line
Christopher Haster 1:24750b9ad5ef 1 /**
Christopher Haster 1:24750b9ad5ef 2 * \file rsa.h
Christopher Haster 1:24750b9ad5ef 3 *
Christopher Haster 1:24750b9ad5ef 4 * \brief The RSA public-key cryptosystem
Christopher Haster 1:24750b9ad5ef 5 *
Christopher Haster 1:24750b9ad5ef 6 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Christopher Haster 1:24750b9ad5ef 7 * SPDX-License-Identifier: Apache-2.0
Christopher Haster 1:24750b9ad5ef 8 *
Christopher Haster 1:24750b9ad5ef 9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
Christopher Haster 1:24750b9ad5ef 10 * not use this file except in compliance with the License.
Christopher Haster 1:24750b9ad5ef 11 * You may obtain a copy of the License at
Christopher Haster 1:24750b9ad5ef 12 *
Christopher Haster 1:24750b9ad5ef 13 * http://www.apache.org/licenses/LICENSE-2.0
Christopher Haster 1:24750b9ad5ef 14 *
Christopher Haster 1:24750b9ad5ef 15 * Unless required by applicable law or agreed to in writing, software
Christopher Haster 1:24750b9ad5ef 16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
Christopher Haster 1:24750b9ad5ef 17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Christopher Haster 1:24750b9ad5ef 18 * See the License for the specific language governing permissions and
Christopher Haster 1:24750b9ad5ef 19 * limitations under the License.
Christopher Haster 1:24750b9ad5ef 20 *
Christopher Haster 1:24750b9ad5ef 21 * This file is part of mbed TLS (https://tls.mbed.org)
Christopher Haster 1:24750b9ad5ef 22 */
Christopher Haster 1:24750b9ad5ef 23 #ifndef MBEDTLS_RSA_H
Christopher Haster 1:24750b9ad5ef 24 #define MBEDTLS_RSA_H
Christopher Haster 1:24750b9ad5ef 25
Christopher Haster 1:24750b9ad5ef 26 #if !defined(MBEDTLS_CONFIG_FILE)
Christopher Haster 1:24750b9ad5ef 27 #include "config.h"
Christopher Haster 1:24750b9ad5ef 28 #else
Christopher Haster 1:24750b9ad5ef 29 #include MBEDTLS_CONFIG_FILE
Christopher Haster 1:24750b9ad5ef 30 #endif
Christopher Haster 1:24750b9ad5ef 31
Christopher Haster 1:24750b9ad5ef 32 #include "bignum.h"
Christopher Haster 1:24750b9ad5ef 33 #include "md.h"
Christopher Haster 1:24750b9ad5ef 34
Christopher Haster 1:24750b9ad5ef 35 #if defined(MBEDTLS_THREADING_C)
Christopher Haster 1:24750b9ad5ef 36 #include "threading.h"
Christopher Haster 1:24750b9ad5ef 37 #endif
Christopher Haster 1:24750b9ad5ef 38
Christopher Haster 1:24750b9ad5ef 39 /*
Christopher Haster 1:24750b9ad5ef 40 * RSA Error codes
Christopher Haster 1:24750b9ad5ef 41 */
Christopher Haster 1:24750b9ad5ef 42 #define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 /**< Bad input parameters to function. */
Christopher Haster 1:24750b9ad5ef 43 #define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100 /**< Input data contains invalid padding and is rejected. */
Christopher Haster 1:24750b9ad5ef 44 #define MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180 /**< Something failed during generation of a key. */
Christopher Haster 1:24750b9ad5ef 45 #define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 /**< Key failed to pass the library's validity check. */
Christopher Haster 1:24750b9ad5ef 46 #define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280 /**< The public key operation failed. */
Christopher Haster 1:24750b9ad5ef 47 #define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300 /**< The private key operation failed. */
Christopher Haster 1:24750b9ad5ef 48 #define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */
Christopher Haster 1:24750b9ad5ef 49 #define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */
Christopher Haster 1:24750b9ad5ef 50 #define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */
Christopher Haster 1:24750b9ad5ef 51
Christopher Haster 1:24750b9ad5ef 52 /*
Christopher Haster 1:24750b9ad5ef 53 * RSA constants
Christopher Haster 1:24750b9ad5ef 54 */
Christopher Haster 1:24750b9ad5ef 55 #define MBEDTLS_RSA_PUBLIC 0
Christopher Haster 1:24750b9ad5ef 56 #define MBEDTLS_RSA_PRIVATE 1
Christopher Haster 1:24750b9ad5ef 57
Christopher Haster 1:24750b9ad5ef 58 #define MBEDTLS_RSA_PKCS_V15 0
Christopher Haster 1:24750b9ad5ef 59 #define MBEDTLS_RSA_PKCS_V21 1
Christopher Haster 1:24750b9ad5ef 60
Christopher Haster 1:24750b9ad5ef 61 #define MBEDTLS_RSA_SIGN 1
Christopher Haster 1:24750b9ad5ef 62 #define MBEDTLS_RSA_CRYPT 2
Christopher Haster 1:24750b9ad5ef 63
Christopher Haster 1:24750b9ad5ef 64 #define MBEDTLS_RSA_SALT_LEN_ANY -1
Christopher Haster 1:24750b9ad5ef 65
Christopher Haster 1:24750b9ad5ef 66 /*
Christopher Haster 1:24750b9ad5ef 67 * The above constants may be used even if the RSA module is compile out,
Christopher Haster 1:24750b9ad5ef 68 * eg for alternative (PKCS#11) RSA implemenations in the PK layers.
Christopher Haster 1:24750b9ad5ef 69 */
Christopher Haster 1:24750b9ad5ef 70 #if defined(MBEDTLS_RSA_C)
Christopher Haster 1:24750b9ad5ef 71
Christopher Haster 1:24750b9ad5ef 72 #ifdef __cplusplus
Christopher Haster 1:24750b9ad5ef 73 extern "C" {
Christopher Haster 1:24750b9ad5ef 74 #endif
Christopher Haster 1:24750b9ad5ef 75
Christopher Haster 1:24750b9ad5ef 76 /**
Christopher Haster 1:24750b9ad5ef 77 * \brief RSA context structure
Christopher Haster 1:24750b9ad5ef 78 */
Christopher Haster 1:24750b9ad5ef 79 typedef struct
Christopher Haster 1:24750b9ad5ef 80 {
Christopher Haster 1:24750b9ad5ef 81 int ver; /*!< always 0 */
Christopher Haster 1:24750b9ad5ef 82 size_t len; /*!< size(N) in chars */
Christopher Haster 1:24750b9ad5ef 83
Christopher Haster 1:24750b9ad5ef 84 mbedtls_mpi N; /*!< public modulus */
Christopher Haster 1:24750b9ad5ef 85 mbedtls_mpi E; /*!< public exponent */
Christopher Haster 1:24750b9ad5ef 86
Christopher Haster 1:24750b9ad5ef 87 mbedtls_mpi D; /*!< private exponent */
Christopher Haster 1:24750b9ad5ef 88 mbedtls_mpi P; /*!< 1st prime factor */
Christopher Haster 1:24750b9ad5ef 89 mbedtls_mpi Q; /*!< 2nd prime factor */
Christopher Haster 1:24750b9ad5ef 90 mbedtls_mpi DP; /*!< D % (P - 1) */
Christopher Haster 1:24750b9ad5ef 91 mbedtls_mpi DQ; /*!< D % (Q - 1) */
Christopher Haster 1:24750b9ad5ef 92 mbedtls_mpi QP; /*!< 1 / (Q % P) */
Christopher Haster 1:24750b9ad5ef 93
Christopher Haster 1:24750b9ad5ef 94 mbedtls_mpi RN; /*!< cached R^2 mod N */
Christopher Haster 1:24750b9ad5ef 95 mbedtls_mpi RP; /*!< cached R^2 mod P */
Christopher Haster 1:24750b9ad5ef 96 mbedtls_mpi RQ; /*!< cached R^2 mod Q */
Christopher Haster 1:24750b9ad5ef 97
Christopher Haster 1:24750b9ad5ef 98 mbedtls_mpi Vi; /*!< cached blinding value */
Christopher Haster 1:24750b9ad5ef 99 mbedtls_mpi Vf; /*!< cached un-blinding value */
Christopher Haster 1:24750b9ad5ef 100
Christopher Haster 1:24750b9ad5ef 101 int padding; /*!< MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
Christopher Haster 1:24750b9ad5ef 102 RSA_PKCS_v21 for OAEP/PSS */
Christopher Haster 1:24750b9ad5ef 103 int hash_id; /*!< Hash identifier of mbedtls_md_type_t as
Christopher Haster 1:24750b9ad5ef 104 specified in the mbedtls_md.h header file
Christopher Haster 1:24750b9ad5ef 105 for the EME-OAEP and EMSA-PSS
Christopher Haster 1:24750b9ad5ef 106 encoding */
Christopher Haster 1:24750b9ad5ef 107 #if defined(MBEDTLS_THREADING_C)
Christopher Haster 1:24750b9ad5ef 108 mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex */
Christopher Haster 1:24750b9ad5ef 109 #endif
Christopher Haster 1:24750b9ad5ef 110 }
Christopher Haster 1:24750b9ad5ef 111 mbedtls_rsa_context;
Christopher Haster 1:24750b9ad5ef 112
Christopher Haster 1:24750b9ad5ef 113 /**
Christopher Haster 1:24750b9ad5ef 114 * \brief Initialize an RSA context
Christopher Haster 1:24750b9ad5ef 115 *
Christopher Haster 1:24750b9ad5ef 116 * Note: Set padding to MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
Christopher Haster 1:24750b9ad5ef 117 * encryption scheme and the RSASSA-PSS signature scheme.
Christopher Haster 1:24750b9ad5ef 118 *
Christopher Haster 1:24750b9ad5ef 119 * \param ctx RSA context to be initialized
Christopher Haster 1:24750b9ad5ef 120 * \param padding MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21
Christopher Haster 1:24750b9ad5ef 121 * \param hash_id MBEDTLS_RSA_PKCS_V21 hash identifier
Christopher Haster 1:24750b9ad5ef 122 *
Christopher Haster 1:24750b9ad5ef 123 * \note The hash_id parameter is actually ignored
Christopher Haster 1:24750b9ad5ef 124 * when using MBEDTLS_RSA_PKCS_V15 padding.
Christopher Haster 1:24750b9ad5ef 125 *
Christopher Haster 1:24750b9ad5ef 126 * \note Choice of padding mode is strictly enforced for private key
Christopher Haster 1:24750b9ad5ef 127 * operations, since there might be security concerns in
Christopher Haster 1:24750b9ad5ef 128 * mixing padding modes. For public key operations it's merely
Christopher Haster 1:24750b9ad5ef 129 * a default value, which can be overriden by calling specific
Christopher Haster 1:24750b9ad5ef 130 * rsa_rsaes_xxx or rsa_rsassa_xxx functions.
Christopher Haster 1:24750b9ad5ef 131 *
Christopher Haster 1:24750b9ad5ef 132 * \note The chosen hash is always used for OEAP encryption.
Christopher Haster 1:24750b9ad5ef 133 * For PSS signatures, it's always used for making signatures,
Christopher Haster 1:24750b9ad5ef 134 * but can be overriden (and always is, if set to
Christopher Haster 1:24750b9ad5ef 135 * MBEDTLS_MD_NONE) for verifying them.
Christopher Haster 1:24750b9ad5ef 136 */
Christopher Haster 1:24750b9ad5ef 137 void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 138 int padding,
Christopher Haster 1:24750b9ad5ef 139 int hash_id);
Christopher Haster 1:24750b9ad5ef 140
Christopher Haster 1:24750b9ad5ef 141 /**
Christopher Haster 1:24750b9ad5ef 142 * \brief Set padding for an already initialized RSA context
Christopher Haster 1:24750b9ad5ef 143 * See \c mbedtls_rsa_init() for details.
Christopher Haster 1:24750b9ad5ef 144 *
Christopher Haster 1:24750b9ad5ef 145 * \param ctx RSA context to be set
Christopher Haster 1:24750b9ad5ef 146 * \param padding MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21
Christopher Haster 1:24750b9ad5ef 147 * \param hash_id MBEDTLS_RSA_PKCS_V21 hash identifier
Christopher Haster 1:24750b9ad5ef 148 */
Christopher Haster 1:24750b9ad5ef 149 void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id);
Christopher Haster 1:24750b9ad5ef 150
Christopher Haster 1:24750b9ad5ef 151 /**
Christopher Haster 1:24750b9ad5ef 152 * \brief Generate an RSA keypair
Christopher Haster 1:24750b9ad5ef 153 *
Christopher Haster 1:24750b9ad5ef 154 * \param ctx RSA context that will hold the key
Christopher Haster 1:24750b9ad5ef 155 * \param f_rng RNG function
Christopher Haster 1:24750b9ad5ef 156 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 157 * \param nbits size of the public key in bits
Christopher Haster 1:24750b9ad5ef 158 * \param exponent public exponent (e.g., 65537)
Christopher Haster 1:24750b9ad5ef 159 *
Christopher Haster 1:24750b9ad5ef 160 * \note mbedtls_rsa_init() must be called beforehand to setup
Christopher Haster 1:24750b9ad5ef 161 * the RSA context.
Christopher Haster 1:24750b9ad5ef 162 *
Christopher Haster 1:24750b9ad5ef 163 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 164 */
Christopher Haster 1:24750b9ad5ef 165 int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 166 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 167 void *p_rng,
Christopher Haster 1:24750b9ad5ef 168 unsigned int nbits, int exponent );
Christopher Haster 1:24750b9ad5ef 169
Christopher Haster 1:24750b9ad5ef 170 /**
Christopher Haster 1:24750b9ad5ef 171 * \brief Check a public RSA key
Christopher Haster 1:24750b9ad5ef 172 *
Christopher Haster 1:24750b9ad5ef 173 * \param ctx RSA context to be checked
Christopher Haster 1:24750b9ad5ef 174 *
Christopher Haster 1:24750b9ad5ef 175 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 176 */
Christopher Haster 1:24750b9ad5ef 177 int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx );
Christopher Haster 1:24750b9ad5ef 178
Christopher Haster 1:24750b9ad5ef 179 /**
Christopher Haster 1:24750b9ad5ef 180 * \brief Check a private RSA key
Christopher Haster 1:24750b9ad5ef 181 *
Christopher Haster 1:24750b9ad5ef 182 * \param ctx RSA context to be checked
Christopher Haster 1:24750b9ad5ef 183 *
Christopher Haster 1:24750b9ad5ef 184 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 185 */
Christopher Haster 1:24750b9ad5ef 186 int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx );
Christopher Haster 1:24750b9ad5ef 187
Christopher Haster 1:24750b9ad5ef 188 /**
Christopher Haster 1:24750b9ad5ef 189 * \brief Check a public-private RSA key pair.
Christopher Haster 1:24750b9ad5ef 190 * Check each of the contexts, and make sure they match.
Christopher Haster 1:24750b9ad5ef 191 *
Christopher Haster 1:24750b9ad5ef 192 * \param pub RSA context holding the public key
Christopher Haster 1:24750b9ad5ef 193 * \param prv RSA context holding the private key
Christopher Haster 1:24750b9ad5ef 194 *
Christopher Haster 1:24750b9ad5ef 195 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 196 */
Christopher Haster 1:24750b9ad5ef 197 int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv );
Christopher Haster 1:24750b9ad5ef 198
Christopher Haster 1:24750b9ad5ef 199 /**
Christopher Haster 1:24750b9ad5ef 200 * \brief Do an RSA public key operation
Christopher Haster 1:24750b9ad5ef 201 *
Christopher Haster 1:24750b9ad5ef 202 * \param ctx RSA context
Christopher Haster 1:24750b9ad5ef 203 * \param input input buffer
Christopher Haster 1:24750b9ad5ef 204 * \param output output buffer
Christopher Haster 1:24750b9ad5ef 205 *
Christopher Haster 1:24750b9ad5ef 206 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 207 *
Christopher Haster 1:24750b9ad5ef 208 * \note This function does NOT take care of message
Christopher Haster 1:24750b9ad5ef 209 * padding. Also, be sure to set input[0] = 0 or assure that
Christopher Haster 1:24750b9ad5ef 210 * input is smaller than N.
Christopher Haster 1:24750b9ad5ef 211 *
Christopher Haster 1:24750b9ad5ef 212 * \note The input and output buffers must be large
Christopher Haster 1:24750b9ad5ef 213 * enough (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 214 */
Christopher Haster 1:24750b9ad5ef 215 int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 216 const unsigned char *input,
Christopher Haster 1:24750b9ad5ef 217 unsigned char *output );
Christopher Haster 1:24750b9ad5ef 218
Christopher Haster 1:24750b9ad5ef 219 /**
Christopher Haster 1:24750b9ad5ef 220 * \brief Do an RSA private key operation
Christopher Haster 1:24750b9ad5ef 221 *
Christopher Haster 1:24750b9ad5ef 222 * \param ctx RSA context
Christopher Haster 1:24750b9ad5ef 223 * \param f_rng RNG function (Needed for blinding)
Christopher Haster 1:24750b9ad5ef 224 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 225 * \param input input buffer
Christopher Haster 1:24750b9ad5ef 226 * \param output output buffer
Christopher Haster 1:24750b9ad5ef 227 *
Christopher Haster 1:24750b9ad5ef 228 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 229 *
Christopher Haster 1:24750b9ad5ef 230 * \note The input and output buffers must be large
Christopher Haster 1:24750b9ad5ef 231 * enough (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 232 */
Christopher Haster 1:24750b9ad5ef 233 int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 234 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 235 void *p_rng,
Christopher Haster 1:24750b9ad5ef 236 const unsigned char *input,
Christopher Haster 1:24750b9ad5ef 237 unsigned char *output );
Christopher Haster 1:24750b9ad5ef 238
Christopher Haster 1:24750b9ad5ef 239 /**
Christopher Haster 1:24750b9ad5ef 240 * \brief Generic wrapper to perform a PKCS#1 encryption using the
Christopher Haster 1:24750b9ad5ef 241 * mode from the context. Add the message padding, then do an
Christopher Haster 1:24750b9ad5ef 242 * RSA operation.
Christopher Haster 1:24750b9ad5ef 243 *
Christopher Haster 1:24750b9ad5ef 244 * \param ctx RSA context
Christopher Haster 1:24750b9ad5ef 245 * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding
Christopher Haster 1:24750b9ad5ef 246 * and MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 247 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 248 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 249 * \param ilen contains the plaintext length
Christopher Haster 1:24750b9ad5ef 250 * \param input buffer holding the data to be encrypted
Christopher Haster 1:24750b9ad5ef 251 * \param output buffer that will hold the ciphertext
Christopher Haster 1:24750b9ad5ef 252 *
Christopher Haster 1:24750b9ad5ef 253 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 254 *
Christopher Haster 1:24750b9ad5ef 255 * \note The output buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 256 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 257 */
Christopher Haster 1:24750b9ad5ef 258 int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 259 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 260 void *p_rng,
Christopher Haster 1:24750b9ad5ef 261 int mode, size_t ilen,
Christopher Haster 1:24750b9ad5ef 262 const unsigned char *input,
Christopher Haster 1:24750b9ad5ef 263 unsigned char *output );
Christopher Haster 1:24750b9ad5ef 264
Christopher Haster 1:24750b9ad5ef 265 /**
Christopher Haster 1:24750b9ad5ef 266 * \brief Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT)
Christopher Haster 1:24750b9ad5ef 267 *
Christopher Haster 1:24750b9ad5ef 268 * \param ctx RSA context
Christopher Haster 1:24750b9ad5ef 269 * \param f_rng RNG function (Needed for padding and MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 270 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 271 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 272 * \param ilen contains the plaintext length
Christopher Haster 1:24750b9ad5ef 273 * \param input buffer holding the data to be encrypted
Christopher Haster 1:24750b9ad5ef 274 * \param output buffer that will hold the ciphertext
Christopher Haster 1:24750b9ad5ef 275 *
Christopher Haster 1:24750b9ad5ef 276 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 277 *
Christopher Haster 1:24750b9ad5ef 278 * \note The output buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 279 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 280 */
Christopher Haster 1:24750b9ad5ef 281 int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 282 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 283 void *p_rng,
Christopher Haster 1:24750b9ad5ef 284 int mode, size_t ilen,
Christopher Haster 1:24750b9ad5ef 285 const unsigned char *input,
Christopher Haster 1:24750b9ad5ef 286 unsigned char *output );
Christopher Haster 1:24750b9ad5ef 287
Christopher Haster 1:24750b9ad5ef 288 /**
Christopher Haster 1:24750b9ad5ef 289 * \brief Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT)
Christopher Haster 1:24750b9ad5ef 290 *
Christopher Haster 1:24750b9ad5ef 291 * \param ctx RSA context
Christopher Haster 1:24750b9ad5ef 292 * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding
Christopher Haster 1:24750b9ad5ef 293 * and MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 294 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 295 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 296 * \param label buffer holding the custom label to use
Christopher Haster 1:24750b9ad5ef 297 * \param label_len contains the label length
Christopher Haster 1:24750b9ad5ef 298 * \param ilen contains the plaintext length
Christopher Haster 1:24750b9ad5ef 299 * \param input buffer holding the data to be encrypted
Christopher Haster 1:24750b9ad5ef 300 * \param output buffer that will hold the ciphertext
Christopher Haster 1:24750b9ad5ef 301 *
Christopher Haster 1:24750b9ad5ef 302 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 303 *
Christopher Haster 1:24750b9ad5ef 304 * \note The output buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 305 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 306 */
Christopher Haster 1:24750b9ad5ef 307 int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 308 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 309 void *p_rng,
Christopher Haster 1:24750b9ad5ef 310 int mode,
Christopher Haster 1:24750b9ad5ef 311 const unsigned char *label, size_t label_len,
Christopher Haster 1:24750b9ad5ef 312 size_t ilen,
Christopher Haster 1:24750b9ad5ef 313 const unsigned char *input,
Christopher Haster 1:24750b9ad5ef 314 unsigned char *output );
Christopher Haster 1:24750b9ad5ef 315
Christopher Haster 1:24750b9ad5ef 316 /**
Christopher Haster 1:24750b9ad5ef 317 * \brief Generic wrapper to perform a PKCS#1 decryption using the
Christopher Haster 1:24750b9ad5ef 318 * mode from the context. Do an RSA operation, then remove
Christopher Haster 1:24750b9ad5ef 319 * the message padding
Christopher Haster 1:24750b9ad5ef 320 *
Christopher Haster 1:24750b9ad5ef 321 * \param ctx RSA context
Christopher Haster 1:24750b9ad5ef 322 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 323 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 324 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 325 * \param olen will contain the plaintext length
Christopher Haster 1:24750b9ad5ef 326 * \param input buffer holding the encrypted data
Christopher Haster 1:24750b9ad5ef 327 * \param output buffer that will hold the plaintext
Christopher Haster 1:24750b9ad5ef 328 * \param output_max_len maximum length of the output buffer
Christopher Haster 1:24750b9ad5ef 329 *
Christopher Haster 1:24750b9ad5ef 330 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 331 *
Christopher Haster 1:24750b9ad5ef 332 * \note The output buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 333 * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
Christopher Haster 1:24750b9ad5ef 334 * an error is thrown.
Christopher Haster 1:24750b9ad5ef 335 */
Christopher Haster 1:24750b9ad5ef 336 int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 337 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 338 void *p_rng,
Christopher Haster 1:24750b9ad5ef 339 int mode, size_t *olen,
Christopher Haster 1:24750b9ad5ef 340 const unsigned char *input,
Christopher Haster 1:24750b9ad5ef 341 unsigned char *output,
Christopher Haster 1:24750b9ad5ef 342 size_t output_max_len );
Christopher Haster 1:24750b9ad5ef 343
Christopher Haster 1:24750b9ad5ef 344 /**
Christopher Haster 1:24750b9ad5ef 345 * \brief Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT)
Christopher Haster 1:24750b9ad5ef 346 *
Christopher Haster 1:24750b9ad5ef 347 * \param ctx RSA context
Christopher Haster 1:24750b9ad5ef 348 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 349 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 350 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 351 * \param olen will contain the plaintext length
Christopher Haster 1:24750b9ad5ef 352 * \param input buffer holding the encrypted data
Christopher Haster 1:24750b9ad5ef 353 * \param output buffer that will hold the plaintext
Christopher Haster 1:24750b9ad5ef 354 * \param output_max_len maximum length of the output buffer
Christopher Haster 1:24750b9ad5ef 355 *
Christopher Haster 1:24750b9ad5ef 356 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 357 *
Christopher Haster 1:24750b9ad5ef 358 * \note The output buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 359 * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
Christopher Haster 1:24750b9ad5ef 360 * an error is thrown.
Christopher Haster 1:24750b9ad5ef 361 */
Christopher Haster 1:24750b9ad5ef 362 int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 363 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 364 void *p_rng,
Christopher Haster 1:24750b9ad5ef 365 int mode, size_t *olen,
Christopher Haster 1:24750b9ad5ef 366 const unsigned char *input,
Christopher Haster 1:24750b9ad5ef 367 unsigned char *output,
Christopher Haster 1:24750b9ad5ef 368 size_t output_max_len );
Christopher Haster 1:24750b9ad5ef 369
Christopher Haster 1:24750b9ad5ef 370 /**
Christopher Haster 1:24750b9ad5ef 371 * \brief Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT)
Christopher Haster 1:24750b9ad5ef 372 *
Christopher Haster 1:24750b9ad5ef 373 * \param ctx RSA context
Christopher Haster 1:24750b9ad5ef 374 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 375 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 376 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 377 * \param label buffer holding the custom label to use
Christopher Haster 1:24750b9ad5ef 378 * \param label_len contains the label length
Christopher Haster 1:24750b9ad5ef 379 * \param olen will contain the plaintext length
Christopher Haster 1:24750b9ad5ef 380 * \param input buffer holding the encrypted data
Christopher Haster 1:24750b9ad5ef 381 * \param output buffer that will hold the plaintext
Christopher Haster 1:24750b9ad5ef 382 * \param output_max_len maximum length of the output buffer
Christopher Haster 1:24750b9ad5ef 383 *
Christopher Haster 1:24750b9ad5ef 384 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 385 *
Christopher Haster 1:24750b9ad5ef 386 * \note The output buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 387 * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
Christopher Haster 1:24750b9ad5ef 388 * an error is thrown.
Christopher Haster 1:24750b9ad5ef 389 */
Christopher Haster 1:24750b9ad5ef 390 int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 391 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 392 void *p_rng,
Christopher Haster 1:24750b9ad5ef 393 int mode,
Christopher Haster 1:24750b9ad5ef 394 const unsigned char *label, size_t label_len,
Christopher Haster 1:24750b9ad5ef 395 size_t *olen,
Christopher Haster 1:24750b9ad5ef 396 const unsigned char *input,
Christopher Haster 1:24750b9ad5ef 397 unsigned char *output,
Christopher Haster 1:24750b9ad5ef 398 size_t output_max_len );
Christopher Haster 1:24750b9ad5ef 399
Christopher Haster 1:24750b9ad5ef 400 /**
Christopher Haster 1:24750b9ad5ef 401 * \brief Generic wrapper to perform a PKCS#1 signature using the
Christopher Haster 1:24750b9ad5ef 402 * mode from the context. Do a private RSA operation to sign
Christopher Haster 1:24750b9ad5ef 403 * a message digest
Christopher Haster 1:24750b9ad5ef 404 *
Christopher Haster 1:24750b9ad5ef 405 * \param ctx RSA context
Christopher Haster 1:24750b9ad5ef 406 * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for
Christopher Haster 1:24750b9ad5ef 407 * MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 408 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 409 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 410 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
Christopher Haster 1:24750b9ad5ef 411 * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
Christopher Haster 1:24750b9ad5ef 412 * \param hash buffer holding the message digest
Christopher Haster 1:24750b9ad5ef 413 * \param sig buffer that will hold the ciphertext
Christopher Haster 1:24750b9ad5ef 414 *
Christopher Haster 1:24750b9ad5ef 415 * \return 0 if the signing operation was successful,
Christopher Haster 1:24750b9ad5ef 416 * or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 417 *
Christopher Haster 1:24750b9ad5ef 418 * \note The "sig" buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 419 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 420 *
Christopher Haster 1:24750b9ad5ef 421 * \note In case of PKCS#1 v2.1 encoding, see comments on
Christopher Haster 1:24750b9ad5ef 422 * \note \c mbedtls_rsa_rsassa_pss_sign() for details on md_alg and hash_id.
Christopher Haster 1:24750b9ad5ef 423 */
Christopher Haster 1:24750b9ad5ef 424 int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 425 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 426 void *p_rng,
Christopher Haster 1:24750b9ad5ef 427 int mode,
Christopher Haster 1:24750b9ad5ef 428 mbedtls_md_type_t md_alg,
Christopher Haster 1:24750b9ad5ef 429 unsigned int hashlen,
Christopher Haster 1:24750b9ad5ef 430 const unsigned char *hash,
Christopher Haster 1:24750b9ad5ef 431 unsigned char *sig );
Christopher Haster 1:24750b9ad5ef 432
Christopher Haster 1:24750b9ad5ef 433 /**
Christopher Haster 1:24750b9ad5ef 434 * \brief Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN)
Christopher Haster 1:24750b9ad5ef 435 *
Christopher Haster 1:24750b9ad5ef 436 * \param ctx RSA context
Christopher Haster 1:24750b9ad5ef 437 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 438 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 439 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 440 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
Christopher Haster 1:24750b9ad5ef 441 * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
Christopher Haster 1:24750b9ad5ef 442 * \param hash buffer holding the message digest
Christopher Haster 1:24750b9ad5ef 443 * \param sig buffer that will hold the ciphertext
Christopher Haster 1:24750b9ad5ef 444 *
Christopher Haster 1:24750b9ad5ef 445 * \return 0 if the signing operation was successful,
Christopher Haster 1:24750b9ad5ef 446 * or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 447 *
Christopher Haster 1:24750b9ad5ef 448 * \note The "sig" buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 449 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 450 */
Christopher Haster 1:24750b9ad5ef 451 int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 452 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 453 void *p_rng,
Christopher Haster 1:24750b9ad5ef 454 int mode,
Christopher Haster 1:24750b9ad5ef 455 mbedtls_md_type_t md_alg,
Christopher Haster 1:24750b9ad5ef 456 unsigned int hashlen,
Christopher Haster 1:24750b9ad5ef 457 const unsigned char *hash,
Christopher Haster 1:24750b9ad5ef 458 unsigned char *sig );
Christopher Haster 1:24750b9ad5ef 459
Christopher Haster 1:24750b9ad5ef 460 /**
Christopher Haster 1:24750b9ad5ef 461 * \brief Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN)
Christopher Haster 1:24750b9ad5ef 462 *
Christopher Haster 1:24750b9ad5ef 463 * \param ctx RSA context
Christopher Haster 1:24750b9ad5ef 464 * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for
Christopher Haster 1:24750b9ad5ef 465 * MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 466 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 467 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 468 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
Christopher Haster 1:24750b9ad5ef 469 * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
Christopher Haster 1:24750b9ad5ef 470 * \param hash buffer holding the message digest
Christopher Haster 1:24750b9ad5ef 471 * \param sig buffer that will hold the ciphertext
Christopher Haster 1:24750b9ad5ef 472 *
Christopher Haster 1:24750b9ad5ef 473 * \return 0 if the signing operation was successful,
Christopher Haster 1:24750b9ad5ef 474 * or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 475 *
Christopher Haster 1:24750b9ad5ef 476 * \note The "sig" buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 477 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 478 *
Christopher Haster 1:24750b9ad5ef 479 * \note The hash_id in the RSA context is the one used for the
Christopher Haster 1:24750b9ad5ef 480 * encoding. md_alg in the function call is the type of hash
Christopher Haster 1:24750b9ad5ef 481 * that is encoded. According to RFC 3447 it is advised to
Christopher Haster 1:24750b9ad5ef 482 * keep both hashes the same.
Christopher Haster 1:24750b9ad5ef 483 */
Christopher Haster 1:24750b9ad5ef 484 int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 485 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 486 void *p_rng,
Christopher Haster 1:24750b9ad5ef 487 int mode,
Christopher Haster 1:24750b9ad5ef 488 mbedtls_md_type_t md_alg,
Christopher Haster 1:24750b9ad5ef 489 unsigned int hashlen,
Christopher Haster 1:24750b9ad5ef 490 const unsigned char *hash,
Christopher Haster 1:24750b9ad5ef 491 unsigned char *sig );
Christopher Haster 1:24750b9ad5ef 492
Christopher Haster 1:24750b9ad5ef 493 /**
Christopher Haster 1:24750b9ad5ef 494 * \brief Generic wrapper to perform a PKCS#1 verification using the
Christopher Haster 1:24750b9ad5ef 495 * mode from the context. Do a public RSA operation and check
Christopher Haster 1:24750b9ad5ef 496 * the message digest
Christopher Haster 1:24750b9ad5ef 497 *
Christopher Haster 1:24750b9ad5ef 498 * \param ctx points to an RSA public key
Christopher Haster 1:24750b9ad5ef 499 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 500 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 501 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 502 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
Christopher Haster 1:24750b9ad5ef 503 * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
Christopher Haster 1:24750b9ad5ef 504 * \param hash buffer holding the message digest
Christopher Haster 1:24750b9ad5ef 505 * \param sig buffer holding the ciphertext
Christopher Haster 1:24750b9ad5ef 506 *
Christopher Haster 1:24750b9ad5ef 507 * \return 0 if the verify operation was successful,
Christopher Haster 1:24750b9ad5ef 508 * or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 509 *
Christopher Haster 1:24750b9ad5ef 510 * \note The "sig" buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 511 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 512 *
Christopher Haster 1:24750b9ad5ef 513 * \note In case of PKCS#1 v2.1 encoding, see comments on
Christopher Haster 1:24750b9ad5ef 514 * \c mbedtls_rsa_rsassa_pss_verify() about md_alg and hash_id.
Christopher Haster 1:24750b9ad5ef 515 */
Christopher Haster 1:24750b9ad5ef 516 int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 517 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 518 void *p_rng,
Christopher Haster 1:24750b9ad5ef 519 int mode,
Christopher Haster 1:24750b9ad5ef 520 mbedtls_md_type_t md_alg,
Christopher Haster 1:24750b9ad5ef 521 unsigned int hashlen,
Christopher Haster 1:24750b9ad5ef 522 const unsigned char *hash,
Christopher Haster 1:24750b9ad5ef 523 const unsigned char *sig );
Christopher Haster 1:24750b9ad5ef 524
Christopher Haster 1:24750b9ad5ef 525 /**
Christopher Haster 1:24750b9ad5ef 526 * \brief Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY)
Christopher Haster 1:24750b9ad5ef 527 *
Christopher Haster 1:24750b9ad5ef 528 * \param ctx points to an RSA public key
Christopher Haster 1:24750b9ad5ef 529 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 530 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 531 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 532 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
Christopher Haster 1:24750b9ad5ef 533 * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
Christopher Haster 1:24750b9ad5ef 534 * \param hash buffer holding the message digest
Christopher Haster 1:24750b9ad5ef 535 * \param sig buffer holding the ciphertext
Christopher Haster 1:24750b9ad5ef 536 *
Christopher Haster 1:24750b9ad5ef 537 * \return 0 if the verify operation was successful,
Christopher Haster 1:24750b9ad5ef 538 * or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 539 *
Christopher Haster 1:24750b9ad5ef 540 * \note The "sig" buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 541 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 542 */
Christopher Haster 1:24750b9ad5ef 543 int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 544 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 545 void *p_rng,
Christopher Haster 1:24750b9ad5ef 546 int mode,
Christopher Haster 1:24750b9ad5ef 547 mbedtls_md_type_t md_alg,
Christopher Haster 1:24750b9ad5ef 548 unsigned int hashlen,
Christopher Haster 1:24750b9ad5ef 549 const unsigned char *hash,
Christopher Haster 1:24750b9ad5ef 550 const unsigned char *sig );
Christopher Haster 1:24750b9ad5ef 551
Christopher Haster 1:24750b9ad5ef 552 /**
Christopher Haster 1:24750b9ad5ef 553 * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
Christopher Haster 1:24750b9ad5ef 554 * (This is the "simple" version.)
Christopher Haster 1:24750b9ad5ef 555 *
Christopher Haster 1:24750b9ad5ef 556 * \param ctx points to an RSA public key
Christopher Haster 1:24750b9ad5ef 557 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 558 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 559 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 560 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
Christopher Haster 1:24750b9ad5ef 561 * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
Christopher Haster 1:24750b9ad5ef 562 * \param hash buffer holding the message digest
Christopher Haster 1:24750b9ad5ef 563 * \param sig buffer holding the ciphertext
Christopher Haster 1:24750b9ad5ef 564 *
Christopher Haster 1:24750b9ad5ef 565 * \return 0 if the verify operation was successful,
Christopher Haster 1:24750b9ad5ef 566 * or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 567 *
Christopher Haster 1:24750b9ad5ef 568 * \note The "sig" buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 569 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 570 *
Christopher Haster 1:24750b9ad5ef 571 * \note The hash_id in the RSA context is the one used for the
Christopher Haster 1:24750b9ad5ef 572 * verification. md_alg in the function call is the type of
Christopher Haster 1:24750b9ad5ef 573 * hash that is verified. According to RFC 3447 it is advised to
Christopher Haster 1:24750b9ad5ef 574 * keep both hashes the same. If hash_id in the RSA context is
Christopher Haster 1:24750b9ad5ef 575 * unset, the md_alg from the function call is used.
Christopher Haster 1:24750b9ad5ef 576 */
Christopher Haster 1:24750b9ad5ef 577 int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 578 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 579 void *p_rng,
Christopher Haster 1:24750b9ad5ef 580 int mode,
Christopher Haster 1:24750b9ad5ef 581 mbedtls_md_type_t md_alg,
Christopher Haster 1:24750b9ad5ef 582 unsigned int hashlen,
Christopher Haster 1:24750b9ad5ef 583 const unsigned char *hash,
Christopher Haster 1:24750b9ad5ef 584 const unsigned char *sig );
Christopher Haster 1:24750b9ad5ef 585
Christopher Haster 1:24750b9ad5ef 586 /**
Christopher Haster 1:24750b9ad5ef 587 * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
Christopher Haster 1:24750b9ad5ef 588 * (This is the version with "full" options.)
Christopher Haster 1:24750b9ad5ef 589 *
Christopher Haster 1:24750b9ad5ef 590 * \param ctx points to an RSA public key
Christopher Haster 1:24750b9ad5ef 591 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 592 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 593 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 594 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
Christopher Haster 1:24750b9ad5ef 595 * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
Christopher Haster 1:24750b9ad5ef 596 * \param hash buffer holding the message digest
Christopher Haster 1:24750b9ad5ef 597 * \param mgf1_hash_id message digest used for mask generation
Christopher Haster 1:24750b9ad5ef 598 * \param expected_salt_len Length of the salt used in padding, use
Christopher Haster 1:24750b9ad5ef 599 * MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length
Christopher Haster 1:24750b9ad5ef 600 * \param sig buffer holding the ciphertext
Christopher Haster 1:24750b9ad5ef 601 *
Christopher Haster 1:24750b9ad5ef 602 * \return 0 if the verify operation was successful,
Christopher Haster 1:24750b9ad5ef 603 * or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 604 *
Christopher Haster 1:24750b9ad5ef 605 * \note The "sig" buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 606 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 607 *
Christopher Haster 1:24750b9ad5ef 608 * \note The hash_id in the RSA context is ignored.
Christopher Haster 1:24750b9ad5ef 609 */
Christopher Haster 1:24750b9ad5ef 610 int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 611 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 612 void *p_rng,
Christopher Haster 1:24750b9ad5ef 613 int mode,
Christopher Haster 1:24750b9ad5ef 614 mbedtls_md_type_t md_alg,
Christopher Haster 1:24750b9ad5ef 615 unsigned int hashlen,
Christopher Haster 1:24750b9ad5ef 616 const unsigned char *hash,
Christopher Haster 1:24750b9ad5ef 617 mbedtls_md_type_t mgf1_hash_id,
Christopher Haster 1:24750b9ad5ef 618 int expected_salt_len,
Christopher Haster 1:24750b9ad5ef 619 const unsigned char *sig );
Christopher Haster 1:24750b9ad5ef 620
Christopher Haster 1:24750b9ad5ef 621 /**
Christopher Haster 1:24750b9ad5ef 622 * \brief Copy the components of an RSA context
Christopher Haster 1:24750b9ad5ef 623 *
Christopher Haster 1:24750b9ad5ef 624 * \param dst Destination context
Christopher Haster 1:24750b9ad5ef 625 * \param src Source context
Christopher Haster 1:24750b9ad5ef 626 *
Christopher Haster 1:24750b9ad5ef 627 * \return 0 on success,
Christopher Haster 1:24750b9ad5ef 628 * MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure
Christopher Haster 1:24750b9ad5ef 629 */
Christopher Haster 1:24750b9ad5ef 630 int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src );
Christopher Haster 1:24750b9ad5ef 631
Christopher Haster 1:24750b9ad5ef 632 /**
Christopher Haster 1:24750b9ad5ef 633 * \brief Free the components of an RSA key
Christopher Haster 1:24750b9ad5ef 634 *
Christopher Haster 1:24750b9ad5ef 635 * \param ctx RSA Context to free
Christopher Haster 1:24750b9ad5ef 636 */
Christopher Haster 1:24750b9ad5ef 637 void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
Christopher Haster 1:24750b9ad5ef 638
Christopher Haster 1:24750b9ad5ef 639 /**
Christopher Haster 1:24750b9ad5ef 640 * \brief Checkup routine
Christopher Haster 1:24750b9ad5ef 641 *
Christopher Haster 1:24750b9ad5ef 642 * \return 0 if successful, or 1 if the test failed
Christopher Haster 1:24750b9ad5ef 643 */
Christopher Haster 1:24750b9ad5ef 644 int mbedtls_rsa_self_test( int verbose );
Christopher Haster 1:24750b9ad5ef 645
Christopher Haster 1:24750b9ad5ef 646 #ifdef __cplusplus
Christopher Haster 1:24750b9ad5ef 647 }
Christopher Haster 1:24750b9ad5ef 648 #endif
Christopher Haster 1:24750b9ad5ef 649
Christopher Haster 1:24750b9ad5ef 650 #endif /* MBEDTLS_RSA_C */
Christopher Haster 1:24750b9ad5ef 651
Christopher Haster 1:24750b9ad5ef 652 #endif /* rsa.h */