sandbox
/
mbedtls
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Fork of
mbedtls
by 
Christopher Haster
Embed:
(wiki syntax)
Show/hide line numbers
rsa.h
Go to the documentation of this file.
00001 /** 00002 * \file rsa.h 00003 * 00004 * \brief The RSA public-key cryptosystem 00005 * 00006 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00007 * SPDX-License-Identifier: Apache-2.0 00008 * 00009 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00010 * not use this file except in compliance with the License. 00011 * You may obtain a copy of the License at 00012 * 00013 * http://www.apache.org/licenses/LICENSE-2.0 00014 * 00015 * Unless required by applicable law or agreed to in writing, software 00016 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00017 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00018 * See the License for the specific language governing permissions and 00019 * limitations under the License. 00020 * 00021 * This file is part of mbed TLS (https://tls.mbed.org) 00022 */ 00023 #ifndef MBEDTLS_RSA_H 00024 #define MBEDTLS_RSA_H 00025 00026 #if !defined(MBEDTLS_CONFIG_FILE) 00027 #include "config.h" 00028 #else 00029 #include MBEDTLS_CONFIG_FILE 00030 #endif 00031 00032 #include "bignum.h" 00033 #include "md.h" 00034 00035 #if defined(MBEDTLS_THREADING_C) 00036 #include "threading.h" 00037 #endif 00038 00039 /* 00040 * RSA Error codes 00041 */ 00042 #define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 /**< Bad input parameters to function. */ 00043 #define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100 /**< Input data contains invalid padding and is rejected. */ 00044 #define MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180 /**< Something failed during generation of a key. */ 00045 #define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 /**< Key failed to pass the library's validity check. */ 00046 #define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280 /**< The public key operation failed. */ 00047 #define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300 /**< The private key operation failed. */ 00048 #define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */ 00049 #define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */ 00050 #define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */ 00051 00052 /* 00053 * RSA constants 00054 */ 00055 #define MBEDTLS_RSA_PUBLIC 0 00056 #define MBEDTLS_RSA_PRIVATE 1 00057 00058 #define MBEDTLS_RSA_PKCS_V15 0 00059 #define MBEDTLS_RSA_PKCS_V21 1 00060 00061 #define MBEDTLS_RSA_SIGN 1 00062 #define MBEDTLS_RSA_CRYPT 2 00063 00064 #define MBEDTLS_RSA_SALT_LEN_ANY -1 00065 00066 /* 00067 * The above constants may be used even if the RSA module is compile out, 00068 * eg for alternative (PKCS#11) RSA implemenations in the PK layers. 00069 */ 00070 #if defined(MBEDTLS_RSA_C) 00071 00072 #ifdef __cplusplus 00073 extern "C" { 00074 #endif 00075 00076 /** 00077 * \brief RSA context structure 00078 */ 00079 typedef struct 00080 { 00081 int ver ; /*!< always 0 */ 00082 size_t len ; /*!< size(N) in chars */ 00083 00084 mbedtls_mpi N ; /*!< public modulus */ 00085 mbedtls_mpi E ; /*!< public exponent */ 00086 00087 mbedtls_mpi D ; /*!< private exponent */ 00088 mbedtls_mpi P ; /*!< 1st prime factor */ 00089 mbedtls_mpi Q ; /*!< 2nd prime factor */ 00090 mbedtls_mpi DP ; /*!< D % (P - 1) */ 00091 mbedtls_mpi DQ ; /*!< D % (Q - 1) */ 00092 mbedtls_mpi QP ; /*!< 1 / (Q % P) */ 00093 00094 mbedtls_mpi RN ; /*!< cached R^2 mod N */ 00095 mbedtls_mpi RP ; /*!< cached R^2 mod P */ 00096 mbedtls_mpi RQ ; /*!< cached R^2 mod Q */ 00097 00098 mbedtls_mpi Vi ; /*!< cached blinding value */ 00099 mbedtls_mpi Vf ; /*!< cached un-blinding value */ 00100 00101 int padding; /*!< MBEDTLS_RSA_PKCS_V15 for 1.5 padding and 00102 RSA_PKCS_v21 for OAEP/PSS */ 00103 int hash_id; /*!< Hash identifier of mbedtls_md_type_t as 00104 specified in the mbedtls_md.h header file 00105 for the EME-OAEP and EMSA-PSS 00106 encoding */ 00107 #if defined(MBEDTLS_THREADING_C) 00108 mbedtls_threading_mutex_t mutex ; /*!< Thread-safety mutex */ 00109 #endif 00110 } 00111 mbedtls_rsa_context; 00112 00113 /** 00114 * \brief Initialize an RSA context 00115 * 00116 * Note: Set padding to MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP 00117 * encryption scheme and the RSASSA-PSS signature scheme. 00118 * 00119 * \param ctx RSA context to be initialized 00120 * \param padding MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21 00121 * \param hash_id MBEDTLS_RSA_PKCS_V21 hash identifier 00122 * 00123 * \note The hash_id parameter is actually ignored 00124 * when using MBEDTLS_RSA_PKCS_V15 padding. 00125 * 00126 * \note Choice of padding mode is strictly enforced for private key 00127 * operations, since there might be security concerns in 00128 * mixing padding modes. For public key operations it's merely 00129 * a default value, which can be overriden by calling specific 00130 * rsa_rsaes_xxx or rsa_rsassa_xxx functions. 00131 * 00132 * \note The chosen hash is always used for OEAP encryption. 00133 * For PSS signatures, it's always used for making signatures, 00134 * but can be overriden (and always is, if set to 00135 * MBEDTLS_MD_NONE) for verifying them. 00136 */ 00137 void mbedtls_rsa_init( mbedtls_rsa_context *ctx, 00138 int padding, 00139 int hash_id); 00140 00141 /** 00142 * \brief Set padding for an already initialized RSA context 00143 * See \c mbedtls_rsa_init() for details. 00144 * 00145 * \param ctx RSA context to be set 00146 * \param padding MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21 00147 * \param hash_id MBEDTLS_RSA_PKCS_V21 hash identifier 00148 */ 00149 void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id); 00150 00151 /** 00152 * \brief Generate an RSA keypair 00153 * 00154 * \param ctx RSA context that will hold the key 00155 * \param f_rng RNG function 00156 * \param p_rng RNG parameter 00157 * \param nbits size of the public key in bits 00158 * \param exponent public exponent (e.g., 65537) 00159 * 00160 * \note mbedtls_rsa_init() must be called beforehand to setup 00161 * the RSA context. 00162 * 00163 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code 00164 */ 00165 int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, 00166 int (*f_rng)(void *, unsigned char *, size_t), 00167 void *p_rng, 00168 unsigned int nbits, int exponent ); 00169 00170 /** 00171 * \brief Check a public RSA key 00172 * 00173 * \param ctx RSA context to be checked 00174 * 00175 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code 00176 */ 00177 int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); 00178 00179 /** 00180 * \brief Check a private RSA key 00181 * 00182 * \param ctx RSA context to be checked 00183 * 00184 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code 00185 */ 00186 int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); 00187 00188 /** 00189 * \brief Check a public-private RSA key pair. 00190 * Check each of the contexts, and make sure they match. 00191 * 00192 * \param pub RSA context holding the public key 00193 * \param prv RSA context holding the private key 00194 * 00195 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code 00196 */ 00197 int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv ); 00198 00199 /** 00200 * \brief Do an RSA public key operation 00201 * 00202 * \param ctx RSA context 00203 * \param input input buffer 00204 * \param output output buffer 00205 * 00206 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code 00207 * 00208 * \note This function does NOT take care of message 00209 * padding. Also, be sure to set input[0] = 0 or assure that 00210 * input is smaller than N. 00211 * 00212 * \note The input and output buffers must be large 00213 * enough (eg. 128 bytes if RSA-1024 is used). 00214 */ 00215 int mbedtls_rsa_public( mbedtls_rsa_context *ctx, 00216 const unsigned char *input, 00217 unsigned char *output ); 00218 00219 /** 00220 * \brief Do an RSA private key operation 00221 * 00222 * \param ctx RSA context 00223 * \param f_rng RNG function (Needed for blinding) 00224 * \param p_rng RNG parameter 00225 * \param input input buffer 00226 * \param output output buffer 00227 * 00228 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code 00229 * 00230 * \note The input and output buffers must be large 00231 * enough (eg. 128 bytes if RSA-1024 is used). 00232 */ 00233 int mbedtls_rsa_private( mbedtls_rsa_context *ctx, 00234 int (*f_rng)(void *, unsigned char *, size_t), 00235 void *p_rng, 00236 const unsigned char *input, 00237 unsigned char *output ); 00238 00239 /** 00240 * \brief Generic wrapper to perform a PKCS#1 encryption using the 00241 * mode from the context. Add the message padding, then do an 00242 * RSA operation. 00243 * 00244 * \param ctx RSA context 00245 * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding 00246 * and MBEDTLS_RSA_PRIVATE) 00247 * \param p_rng RNG parameter 00248 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE 00249 * \param ilen contains the plaintext length 00250 * \param input buffer holding the data to be encrypted 00251 * \param output buffer that will hold the ciphertext 00252 * 00253 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code 00254 * 00255 * \note The output buffer must be as large as the size 00256 * of ctx->N (eg. 128 bytes if RSA-1024 is used). 00257 */ 00258 int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, 00259 int (*f_rng)(void *, unsigned char *, size_t), 00260 void *p_rng, 00261 int mode, size_t ilen, 00262 const unsigned char *input, 00263 unsigned char *output ); 00264 00265 /** 00266 * \brief Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT) 00267 * 00268 * \param ctx RSA context 00269 * \param f_rng RNG function (Needed for padding and MBEDTLS_RSA_PRIVATE) 00270 * \param p_rng RNG parameter 00271 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE 00272 * \param ilen contains the plaintext length 00273 * \param input buffer holding the data to be encrypted 00274 * \param output buffer that will hold the ciphertext 00275 * 00276 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code 00277 * 00278 * \note The output buffer must be as large as the size 00279 * of ctx->N (eg. 128 bytes if RSA-1024 is used). 00280 */ 00281 int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, 00282 int (*f_rng)(void *, unsigned char *, size_t), 00283 void *p_rng, 00284 int mode, size_t ilen, 00285 const unsigned char *input, 00286 unsigned char *output ); 00287 00288 /** 00289 * \brief Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT) 00290 * 00291 * \param ctx RSA context 00292 * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding 00293 * and MBEDTLS_RSA_PRIVATE) 00294 * \param p_rng RNG parameter 00295 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE 00296 * \param label buffer holding the custom label to use 00297 * \param label_len contains the label length 00298 * \param ilen contains the plaintext length 00299 * \param input buffer holding the data to be encrypted 00300 * \param output buffer that will hold the ciphertext 00301 * 00302 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code 00303 * 00304 * \note The output buffer must be as large as the size 00305 * of ctx->N (eg. 128 bytes if RSA-1024 is used). 00306 */ 00307 int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, 00308 int (*f_rng)(void *, unsigned char *, size_t), 00309 void *p_rng, 00310 int mode, 00311 const unsigned char *label, size_t label_len, 00312 size_t ilen, 00313 const unsigned char *input, 00314 unsigned char *output ); 00315 00316 /** 00317 * \brief Generic wrapper to perform a PKCS#1 decryption using the 00318 * mode from the context. Do an RSA operation, then remove 00319 * the message padding 00320 * 00321 * \param ctx RSA context 00322 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) 00323 * \param p_rng RNG parameter 00324 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE 00325 * \param olen will contain the plaintext length 00326 * \param input buffer holding the encrypted data 00327 * \param output buffer that will hold the plaintext 00328 * \param output_max_len maximum length of the output buffer 00329 * 00330 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code 00331 * 00332 * \note The output buffer must be as large as the size 00333 * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise 00334 * an error is thrown. 00335 */ 00336 int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, 00337 int (*f_rng)(void *, unsigned char *, size_t), 00338 void *p_rng, 00339 int mode, size_t *olen, 00340 const unsigned char *input, 00341 unsigned char *output, 00342 size_t output_max_len ); 00343 00344 /** 00345 * \brief Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT) 00346 * 00347 * \param ctx RSA context 00348 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) 00349 * \param p_rng RNG parameter 00350 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE 00351 * \param olen will contain the plaintext length 00352 * \param input buffer holding the encrypted data 00353 * \param output buffer that will hold the plaintext 00354 * \param output_max_len maximum length of the output buffer 00355 * 00356 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code 00357 * 00358 * \note The output buffer must be as large as the size 00359 * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise 00360 * an error is thrown. 00361 */ 00362 int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, 00363 int (*f_rng)(void *, unsigned char *, size_t), 00364 void *p_rng, 00365 int mode, size_t *olen, 00366 const unsigned char *input, 00367 unsigned char *output, 00368 size_t output_max_len ); 00369 00370 /** 00371 * \brief Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT) 00372 * 00373 * \param ctx RSA context 00374 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) 00375 * \param p_rng RNG parameter 00376 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE 00377 * \param label buffer holding the custom label to use 00378 * \param label_len contains the label length 00379 * \param olen will contain the plaintext length 00380 * \param input buffer holding the encrypted data 00381 * \param output buffer that will hold the plaintext 00382 * \param output_max_len maximum length of the output buffer 00383 * 00384 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code 00385 * 00386 * \note The output buffer must be as large as the size 00387 * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise 00388 * an error is thrown. 00389 */ 00390 int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, 00391 int (*f_rng)(void *, unsigned char *, size_t), 00392 void *p_rng, 00393 int mode, 00394 const unsigned char *label, size_t label_len, 00395 size_t *olen, 00396 const unsigned char *input, 00397 unsigned char *output, 00398 size_t output_max_len ); 00399 00400 /** 00401 * \brief Generic wrapper to perform a PKCS#1 signature using the 00402 * mode from the context. Do a private RSA operation to sign 00403 * a message digest 00404 * 00405 * \param ctx RSA context 00406 * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for 00407 * MBEDTLS_RSA_PRIVATE) 00408 * \param p_rng RNG parameter 00409 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE 00410 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) 00411 * \param hashlen message digest length (for MBEDTLS_MD_NONE only) 00412 * \param hash buffer holding the message digest 00413 * \param sig buffer that will hold the ciphertext 00414 * 00415 * \return 0 if the signing operation was successful, 00416 * or an MBEDTLS_ERR_RSA_XXX error code 00417 * 00418 * \note The "sig" buffer must be as large as the size 00419 * of ctx->N (eg. 128 bytes if RSA-1024 is used). 00420 * 00421 * \note In case of PKCS#1 v2.1 encoding, see comments on 00422 * \note \c mbedtls_rsa_rsassa_pss_sign() for details on md_alg and hash_id. 00423 */ 00424 int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, 00425 int (*f_rng)(void *, unsigned char *, size_t), 00426 void *p_rng, 00427 int mode, 00428 mbedtls_md_type_t md_alg, 00429 unsigned int hashlen, 00430 const unsigned char *hash, 00431 unsigned char *sig ); 00432 00433 /** 00434 * \brief Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN) 00435 * 00436 * \param ctx RSA context 00437 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) 00438 * \param p_rng RNG parameter 00439 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE 00440 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) 00441 * \param hashlen message digest length (for MBEDTLS_MD_NONE only) 00442 * \param hash buffer holding the message digest 00443 * \param sig buffer that will hold the ciphertext 00444 * 00445 * \return 0 if the signing operation was successful, 00446 * or an MBEDTLS_ERR_RSA_XXX error code 00447 * 00448 * \note The "sig" buffer must be as large as the size 00449 * of ctx->N (eg. 128 bytes if RSA-1024 is used). 00450 */ 00451 int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, 00452 int (*f_rng)(void *, unsigned char *, size_t), 00453 void *p_rng, 00454 int mode, 00455 mbedtls_md_type_t md_alg, 00456 unsigned int hashlen, 00457 const unsigned char *hash, 00458 unsigned char *sig ); 00459 00460 /** 00461 * \brief Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN) 00462 * 00463 * \param ctx RSA context 00464 * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for 00465 * MBEDTLS_RSA_PRIVATE) 00466 * \param p_rng RNG parameter 00467 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE 00468 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) 00469 * \param hashlen message digest length (for MBEDTLS_MD_NONE only) 00470 * \param hash buffer holding the message digest 00471 * \param sig buffer that will hold the ciphertext 00472 * 00473 * \return 0 if the signing operation was successful, 00474 * or an MBEDTLS_ERR_RSA_XXX error code 00475 * 00476 * \note The "sig" buffer must be as large as the size 00477 * of ctx->N (eg. 128 bytes if RSA-1024 is used). 00478 * 00479 * \note The hash_id in the RSA context is the one used for the 00480 * encoding. md_alg in the function call is the type of hash 00481 * that is encoded. According to RFC 3447 it is advised to 00482 * keep both hashes the same. 00483 */ 00484 int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, 00485 int (*f_rng)(void *, unsigned char *, size_t), 00486 void *p_rng, 00487 int mode, 00488 mbedtls_md_type_t md_alg, 00489 unsigned int hashlen, 00490 const unsigned char *hash, 00491 unsigned char *sig ); 00492 00493 /** 00494 * \brief Generic wrapper to perform a PKCS#1 verification using the 00495 * mode from the context. Do a public RSA operation and check 00496 * the message digest 00497 * 00498 * \param ctx points to an RSA public key 00499 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) 00500 * \param p_rng RNG parameter 00501 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE 00502 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) 00503 * \param hashlen message digest length (for MBEDTLS_MD_NONE only) 00504 * \param hash buffer holding the message digest 00505 * \param sig buffer holding the ciphertext 00506 * 00507 * \return 0 if the verify operation was successful, 00508 * or an MBEDTLS_ERR_RSA_XXX error code 00509 * 00510 * \note The "sig" buffer must be as large as the size 00511 * of ctx->N (eg. 128 bytes if RSA-1024 is used). 00512 * 00513 * \note In case of PKCS#1 v2.1 encoding, see comments on 00514 * \c mbedtls_rsa_rsassa_pss_verify() about md_alg and hash_id. 00515 */ 00516 int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, 00517 int (*f_rng)(void *, unsigned char *, size_t), 00518 void *p_rng, 00519 int mode, 00520 mbedtls_md_type_t md_alg, 00521 unsigned int hashlen, 00522 const unsigned char *hash, 00523 const unsigned char *sig ); 00524 00525 /** 00526 * \brief Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY) 00527 * 00528 * \param ctx points to an RSA public key 00529 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) 00530 * \param p_rng RNG parameter 00531 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE 00532 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) 00533 * \param hashlen message digest length (for MBEDTLS_MD_NONE only) 00534 * \param hash buffer holding the message digest 00535 * \param sig buffer holding the ciphertext 00536 * 00537 * \return 0 if the verify operation was successful, 00538 * or an MBEDTLS_ERR_RSA_XXX error code 00539 * 00540 * \note The "sig" buffer must be as large as the size 00541 * of ctx->N (eg. 128 bytes if RSA-1024 is used). 00542 */ 00543 int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, 00544 int (*f_rng)(void *, unsigned char *, size_t), 00545 void *p_rng, 00546 int mode, 00547 mbedtls_md_type_t md_alg, 00548 unsigned int hashlen, 00549 const unsigned char *hash, 00550 const unsigned char *sig ); 00551 00552 /** 00553 * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) 00554 * (This is the "simple" version.) 00555 * 00556 * \param ctx points to an RSA public key 00557 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) 00558 * \param p_rng RNG parameter 00559 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE 00560 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) 00561 * \param hashlen message digest length (for MBEDTLS_MD_NONE only) 00562 * \param hash buffer holding the message digest 00563 * \param sig buffer holding the ciphertext 00564 * 00565 * \return 0 if the verify operation was successful, 00566 * or an MBEDTLS_ERR_RSA_XXX error code 00567 * 00568 * \note The "sig" buffer must be as large as the size 00569 * of ctx->N (eg. 128 bytes if RSA-1024 is used). 00570 * 00571 * \note The hash_id in the RSA context is the one used for the 00572 * verification. md_alg in the function call is the type of 00573 * hash that is verified. According to RFC 3447 it is advised to 00574 * keep both hashes the same. If hash_id in the RSA context is 00575 * unset, the md_alg from the function call is used. 00576 */ 00577 int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, 00578 int (*f_rng)(void *, unsigned char *, size_t), 00579 void *p_rng, 00580 int mode, 00581 mbedtls_md_type_t md_alg, 00582 unsigned int hashlen, 00583 const unsigned char *hash, 00584 const unsigned char *sig ); 00585 00586 /** 00587 * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) 00588 * (This is the version with "full" options.) 00589 * 00590 * \param ctx points to an RSA public key 00591 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) 00592 * \param p_rng RNG parameter 00593 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE 00594 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) 00595 * \param hashlen message digest length (for MBEDTLS_MD_NONE only) 00596 * \param hash buffer holding the message digest 00597 * \param mgf1_hash_id message digest used for mask generation 00598 * \param expected_salt_len Length of the salt used in padding, use 00599 * MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length 00600 * \param sig buffer holding the ciphertext 00601 * 00602 * \return 0 if the verify operation was successful, 00603 * or an MBEDTLS_ERR_RSA_XXX error code 00604 * 00605 * \note The "sig" buffer must be as large as the size 00606 * of ctx->N (eg. 128 bytes if RSA-1024 is used). 00607 * 00608 * \note The hash_id in the RSA context is ignored. 00609 */ 00610 int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, 00611 int (*f_rng)(void *, unsigned char *, size_t), 00612 void *p_rng, 00613 int mode, 00614 mbedtls_md_type_t md_alg, 00615 unsigned int hashlen, 00616 const unsigned char *hash, 00617 mbedtls_md_type_t mgf1_hash_id, 00618 int expected_salt_len, 00619 const unsigned char *sig ); 00620 00621 /** 00622 * \brief Copy the components of an RSA context 00623 * 00624 * \param dst Destination context 00625 * \param src Source context 00626 * 00627 * \return 0 on success, 00628 * MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure 00629 */ 00630 int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ); 00631 00632 /** 00633 * \brief Free the components of an RSA key 00634 * 00635 * \param ctx RSA Context to free 00636 */ 00637 void mbedtls_rsa_free( mbedtls_rsa_context *ctx ); 00638 00639 /** 00640 * \brief Checkup routine 00641 * 00642 * \return 0 if successful, or 1 if the test failed 00643 */ 00644 int mbedtls_rsa_self_test( int verbose ); 00645 00646 #ifdef __cplusplus 00647 } 00648 #endif 00649 00650 #endif /* MBEDTLS_RSA_C */ 00651 00652 #endif /* rsa.h */
Generated on Tue Jul 12 2022 12:52:46 by
1.7.2