Doug Anson
mbed TLS library
Dependents: HTTPClient-SSL WS_SERVER
pkcs11.c File Reference
Wrapper for PKCS#11 library libpkcs11-helper. More...
Go to the source code of this file.
Functions | |
| int | pkcs11_x509_cert_init (x509_crt *cert, pkcs11h_certificate_t pkcs11_cert) |
| Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate. | |
| int | pkcs11_priv_key_init (pkcs11_context *priv_key, pkcs11h_certificate_t pkcs11_cert) |
| Initialise a pkcs11_context, storing the given certificate. | |
| void | pkcs11_priv_key_free (pkcs11_context *priv_key) |
| Free the contents of the given private key context. | |
| int | pkcs11_decrypt (pkcs11_context *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len) |
| Do an RSA private key decrypt, then remove the message padding. | |
| int | pkcs11_sign (pkcs11_context *ctx, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig) |
| Do a private RSA to sign a message digest. | |
Detailed Description
Wrapper for PKCS#11 library libpkcs11-helper.
Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
This file is part of mbed TLS (https://tls.mbed.org)
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Definition in file pkcs11.c.
Function Documentation
| int pkcs11_decrypt | ( | pkcs11_context * | ctx, |
| int | mode, | ||
| size_t * | olen, | ||
| const unsigned char * | input, | ||
| unsigned char * | output, | ||
| size_t | output_max_len | ||
| ) |
Do an RSA private key decrypt, then remove the message padding.
- Parameters:
-
ctx PKCS #11 context mode must be RSA_PRIVATE, for compatibility with rsa.c's signature input buffer holding the encrypted data output buffer that will hold the plaintext olen will contain the plaintext length output_max_len maximum length of the output buffer
- Returns:
- 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
- Note:
- The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise an error is thrown.
| void pkcs11_priv_key_free | ( | pkcs11_context * | priv_key ) |
| int pkcs11_priv_key_init | ( | pkcs11_context * | priv_key, |
| pkcs11h_certificate_t | pkcs11_cert | ||
| ) |
Initialise a pkcs11_context, storing the given certificate.
Note that the pkcs11_context will take over control of the certificate, freeing it when done.
- Parameters:
-
priv_key Private key structure to fill. pkcs11_cert PKCS #11 helper certificate
- Returns:
- 0 on success
| int pkcs11_sign | ( | pkcs11_context * | ctx, |
| int | mode, | ||
| md_type_t | md_alg, | ||
| unsigned int | hashlen, | ||
| const unsigned char * | hash, | ||
| unsigned char * | sig | ||
| ) |
Do a private RSA to sign a message digest.
- Parameters:
-
ctx PKCS #11 context mode must be RSA_PRIVATE, for compatibility with rsa.c's signature md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data) hashlen message digest length (for POLARSSL_MD_NONE only) hash buffer holding the message digest sig buffer that will hold the ciphertext
- Returns:
- 0 if the signing operation was successful, or an POLARSSL_ERR_RSA_XXX error code
- Note:
- The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).
| int pkcs11_x509_cert_init | ( | x509_crt * | cert, |
| pkcs11h_certificate_t | pkcs11h_cert | ||
| ) |
Generated on Tue Jul 12 2022 13:50:40 by
1.7.2