Doug Anson / mbedTLSLibrary

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependents:   HTTPClient-SSL WS_SERVER

Embed: (wiki syntax)

« Back to documentation index

pkcs11.h File Reference
Data Structures | Functions

pkcs11.h File Reference

Wrapper for PKCS#11 library libpkcs11-helper. More...

Go to the source code of this file.

Data Structures

struct  pkcs11_context
 Context for PKCS #11 private keys. More...

Functions

int pkcs11_x509_cert_init (x509_crt *cert, pkcs11h_certificate_t pkcs11h_cert)
 Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.
int pkcs11_priv_key_init (pkcs11_context *priv_key, pkcs11h_certificate_t pkcs11_cert)
 Initialise a pkcs11_context, storing the given certificate.
void pkcs11_priv_key_free (pkcs11_context *priv_key)
 Free the contents of the given private key context.
int pkcs11_decrypt (pkcs11_context *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len)
 Do an RSA private key decrypt, then remove the message padding.
int pkcs11_sign (pkcs11_context *ctx, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
 Do a private RSA to sign a message digest.
static int ssl_pkcs11_decrypt (void *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len)
 SSL/TLS wrappers for PKCS#11 functions.

Detailed Description

Wrapper for PKCS#11 library libpkcs11-helper.

Author:
Adriaan de Jong <dejong@fox-it.com>

Copyright (C) 2006-2014, ARM Limited, All Rights Reserved

This file is part of mbed TLS (https://tls.mbed.org)

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

Definition in file pkcs11.h.

Function Documentation

int pkcs11_decrypt ( pkcs11_context ctx,
int  mode,
size_t *  olen,
const unsigned char *  input,
unsigned char *  output,
size_t  output_max_len 
)

Do an RSA private key decrypt, then remove the message padding.

Parameters:
ctxPKCS #11 context
modemust be RSA_PRIVATE, for compatibility with rsa.c's signature
inputbuffer holding the encrypted data
outputbuffer that will hold the plaintext
olenwill contain the plaintext length
output_max_lenmaximum length of the output buffer
Returns:
0 if successful, or an POLARSSL_ERR_RSA_XXX error code
Note:
The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise an error is thrown.

Definition at line 123 of file pkcs11.c.

void pkcs11_priv_key_free ( pkcs11_context priv_key )

Free the contents of the given private key context.

Note that the structure itself is not freed.

Parameters:
priv_keyPrivate key structure to cleanup

Definition at line 117 of file pkcs11.c.

int pkcs11_priv_key_init ( pkcs11_context priv_key,
pkcs11h_certificate_t  pkcs11_cert 
)

Initialise a pkcs11_context, storing the given certificate.

Note that the pkcs11_context will take over control of the certificate, freeing it when done.

Parameters:
priv_keyPrivate key structure to fill.
pkcs11_certPKCS #11 helper certificate
Returns:
0 on success

Definition at line 92 of file pkcs11.c.

int pkcs11_sign ( pkcs11_context ctx,
int  mode,
md_type_t  md_alg,
unsigned int  hashlen,
const unsigned char *  hash,
unsigned char *  sig 
)

Do a private RSA to sign a message digest.

Parameters:
ctxPKCS #11 context
modemust be RSA_PRIVATE, for compatibility with rsa.c's signature
md_alga POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
hashlenmessage digest length (for POLARSSL_MD_NONE only)
hashbuffer holding the message digest
sigbuffer that will hold the ciphertext
Returns:
0 if the signing operation was successful, or an POLARSSL_ERR_RSA_XXX error code
Note:
The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Definition at line 161 of file pkcs11.c.

int pkcs11_x509_cert_init ( x509_crt cert,
pkcs11h_certificate_t  pkcs11h_cert 
)

Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.

Parameters:
certX.509 certificate to fill
pkcs11h_certPKCS #11 helper certificate
Returns:
0 on success.

Definition at line 43 of file pkcs11.c.

static int ssl_pkcs11_decrypt ( void *  ctx,
int  mode,
size_t *  olen,
const unsigned char *  input,
unsigned char *  output,
size_t  output_max_len 
) [static]

SSL/TLS wrappers for PKCS#11 functions.

Definition at line 141 of file pkcs11.h.

Generated on Tue Jul 12 2022 13:50:40 by  doxygen 1.7.2