Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
rsa.h File Reference
The RSA public-key cryptosystem. More...
Go to the source code of this file.
Data Structures | |
struct | mbedtls_rsa_context |
The RSA context structure. More... | |
Functions | |
void | mbedtls_rsa_init (mbedtls_rsa_context *ctx, int padding, int hash_id) |
This function initializes an RSA context. | |
int | mbedtls_rsa_import (mbedtls_rsa_context *ctx, const mbedtls_mpi *N, const mbedtls_mpi *P, const mbedtls_mpi *Q, const mbedtls_mpi *D, const mbedtls_mpi *E) |
This function imports a set of core parameters into an RSA context. | |
int | mbedtls_rsa_import_raw (mbedtls_rsa_context *ctx, unsigned char const *N, size_t N_len, unsigned char const *P, size_t P_len, unsigned char const *Q, size_t Q_len, unsigned char const *D, size_t D_len, unsigned char const *E, size_t E_len) |
This function imports core RSA parameters, in raw big-endian binary format, into an RSA context. | |
int | mbedtls_rsa_complete (mbedtls_rsa_context *ctx) |
This function completes an RSA context from a set of imported core parameters. | |
int | mbedtls_rsa_export (const mbedtls_rsa_context *ctx, mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, mbedtls_mpi *D, mbedtls_mpi *E) |
This function exports the core parameters of an RSA key. | |
int | mbedtls_rsa_export_raw (const mbedtls_rsa_context *ctx, unsigned char *N, size_t N_len, unsigned char *P, size_t P_len, unsigned char *Q, size_t Q_len, unsigned char *D, size_t D_len, unsigned char *E, size_t E_len) |
This function exports core parameters of an RSA key in raw big-endian binary format. | |
int | mbedtls_rsa_export_crt (const mbedtls_rsa_context *ctx, mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP) |
This function exports CRT parameters of a private RSA key. | |
void | mbedtls_rsa_set_padding (mbedtls_rsa_context *ctx, int padding, int hash_id) |
This function sets padding for an already initialized RSA context. | |
size_t | mbedtls_rsa_get_len (const mbedtls_rsa_context *ctx) |
This function retrieves the length of RSA modulus in Bytes. | |
int | mbedtls_rsa_gen_key (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, unsigned int nbits, int exponent) |
This function generates an RSA keypair. | |
int | mbedtls_rsa_check_pubkey (const mbedtls_rsa_context *ctx) |
This function checks if a context contains at least an RSA public key. | |
int | mbedtls_rsa_check_privkey (const mbedtls_rsa_context *ctx) |
This function checks if a context contains an RSA private key and perform basic consistency checks. | |
int | mbedtls_rsa_check_pub_priv (const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv) |
This function checks a public-private RSA key pair. | |
int | mbedtls_rsa_public (mbedtls_rsa_context *ctx, const unsigned char *input, unsigned char *output) |
This function performs an RSA public key operation. | |
int | mbedtls_rsa_private (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, const unsigned char *input, unsigned char *output) |
This function performs an RSA private key operation. | |
int | mbedtls_rsa_pkcs1_encrypt (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t ilen, const unsigned char *input, unsigned char *output) |
This function adds the message padding, then performs an RSA operation. | |
int | mbedtls_rsa_rsaes_pkcs1_v15_encrypt (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t ilen, const unsigned char *input, unsigned char *output) |
This function performs a PKCS#1 v1.5 encryption operation (RSAES-PKCS1-v1_5-ENCRYPT). | |
int | mbedtls_rsa_rsaes_oaep_encrypt (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, const unsigned char *label, size_t label_len, size_t ilen, const unsigned char *input, unsigned char *output) |
This function performs a PKCS#1 v2.1 OAEP encryption operation (RSAES-OAEP-ENCRYPT). | |
int | mbedtls_rsa_pkcs1_decrypt (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len) |
This function performs an RSA operation, then removes the message padding. | |
int | mbedtls_rsa_rsaes_pkcs1_v15_decrypt (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len) |
This function performs a PKCS#1 v1.5 decryption operation (RSAES-PKCS1-v1_5-DECRYPT). | |
int | mbedtls_rsa_rsaes_oaep_decrypt (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, const unsigned char *label, size_t label_len, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len) |
This function performs a PKCS#1 v2.1 OAEP decryption operation (RSAES-OAEP-DECRYPT). | |
int | mbedtls_rsa_pkcs1_sign (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig) |
This function performs a private RSA operation to sign a message digest using PKCS#1. | |
int | mbedtls_rsa_rsassa_pkcs1_v15_sign (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig) |
This function performs a PKCS#1 v1.5 signature operation (RSASSA-PKCS1-v1_5-SIGN). | |
int | mbedtls_rsa_rsassa_pss_sign (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig) |
This function performs a PKCS#1 v2.1 PSS signature operation (RSASSA-PSS-SIGN). | |
int | mbedtls_rsa_pkcs1_verify (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig) |
This function performs a public RSA operation and checks the message digest. | |
int | mbedtls_rsa_rsassa_pkcs1_v15_verify (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig) |
This function performs a PKCS#1 v1.5 verification operation (RSASSA-PKCS1-v1_5-VERIFY). | |
int | mbedtls_rsa_rsassa_pss_verify (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig) |
This function performs a PKCS#1 v2.1 PSS verification operation (RSASSA-PSS-VERIFY). | |
int | mbedtls_rsa_rsassa_pss_verify_ext (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, mbedtls_md_type_t mgf1_hash_id, int expected_salt_len, const unsigned char *sig) |
This function performs a PKCS#1 v2.1 PSS verification operation (RSASSA-PSS-VERIFY). | |
int | mbedtls_rsa_copy (mbedtls_rsa_context *dst, const mbedtls_rsa_context *src) |
This function copies the components of an RSA context. | |
void | mbedtls_rsa_free (mbedtls_rsa_context *ctx) |
This function frees the components of an RSA key. | |
int | mbedtls_rsa_self_test (int verbose) |
The RSA checkup routine. |
Detailed Description
The RSA public-key cryptosystem.
For more information, see Public-Key Cryptography Standards (PKCS) #1 v1.5: RSA Encryption and Public-Key Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography Specifications.
Definition in file rsa.h.
Function Documentation
int mbedtls_rsa_check_privkey | ( | const mbedtls_rsa_context * | ctx ) |
This function checks if a context contains an RSA private key and perform basic consistency checks.
- Parameters:
-
ctx The RSA context to check.
- Returns:
0
on success, or anMBEDTLS_ERR_RSA_XXX
error code on failure.
- Note:
- The consistency checks performed by this function not only ensure that mbedtls_rsa_private() can be called successfully on the given context, but that the various parameters are mutually consistent with high probability, in the sense that mbedtls_rsa_public() and mbedtls_rsa_private() are inverses.
- Warning:
- This function should catch accidental misconfigurations like swapping of parameters, but it cannot establish full trust in neither the quality nor the consistency of the key material that was used to setup the given RSA context:
- Consistency: Imported parameters that are irrelevant for the implementation might be silently dropped. If dropped, the current function does not have access to them, and therefore cannot check them. See mbedtls_rsa_complete(). If you want to check the consistency of the entire content of an PKCS1-encoded RSA private key, for example, you should use mbedtls_rsa_validate_params() before setting up the RSA context. Additionally, if the implementation performs empirical checks, these checks substantiate but do not guarantee consistency.
- Quality: This function is not expected to perform extended quality assessments like checking that the prime factors are safe. Additionally, it is the responsibility of the user to ensure the trustworthiness of the source of his RSA parameters, which goes beyond what is effectively checkable by the library.
int mbedtls_rsa_check_pub_priv | ( | const mbedtls_rsa_context * | pub, |
const mbedtls_rsa_context * | prv | ||
) |
This function checks a public-private RSA key pair.
It checks each of the contexts, and makes sure they match.
- Parameters:
-
pub The RSA context holding the public key. prv The RSA context holding the private key.
- Returns:
0
on success, or anMBEDTLS_ERR_RSA_XXX
error code on failure.
int mbedtls_rsa_check_pubkey | ( | const mbedtls_rsa_context * | ctx ) |
This function checks if a context contains at least an RSA public key.
If the function runs successfully, it is guaranteed that enough information is present to perform an RSA public key operation using mbedtls_rsa_public().
- Parameters:
-
ctx The RSA context to check.
- Returns:
0
on success, or anMBEDTLS_ERR_RSA_XXX
error code on failure.
int mbedtls_rsa_complete | ( | mbedtls_rsa_context * | ctx ) |
This function completes an RSA context from a set of imported core parameters.
To setup an RSA public key, precisely N
and E
must have been imported.
To setup an RSA private key, sufficient information must be present for the other parameters to be derivable.
The default implementation supports the following:
-
Derive
P
,Q
fromN
,D
,E
. -
Derive
N
,D
fromP
,Q
,E
.
Alternative implementations need not support these.
If this function runs successfully, it guarantees that the RSA context can be used for RSA operations without the risk of failure or crash.
- Parameters:
-
ctx The initialized RSA context holding imported parameters.
- Returns:
0
on success, or MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted derivations failed.
- Warning:
- This function need not perform consistency checks for the imported parameters. In particular, parameters that are not needed by the implementation might be silently discarded and left unchecked. To check the consistency of the key material, see mbedtls_rsa_check_privkey().
int mbedtls_rsa_copy | ( | mbedtls_rsa_context * | dst, |
const mbedtls_rsa_context * | src | ||
) |
int mbedtls_rsa_export | ( | const mbedtls_rsa_context * | ctx, |
mbedtls_mpi * | N, | ||
mbedtls_mpi * | P, | ||
mbedtls_mpi * | Q, | ||
mbedtls_mpi * | D, | ||
mbedtls_mpi * | E | ||
) |
This function exports the core parameters of an RSA key.
If this function runs successfully, the non-NULL buffers pointed to by N
, P
, Q
, D
, and E
are fully written, with additional unused space filled leading by zero Bytes.
Possible reasons for returning MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION:
- An alternative RSA implementation is in use, which stores the key externally, and either cannot or should not export it into RAM.
-
A SW or HW implementation might not support a certain deduction. For example,
P
,Q
fromN
,D
, andE
if the former are not part of the implementation.
If the function fails due to an unsupported operation, the RSA context stays intact and remains usable.
- Parameters:
-
ctx The initialized RSA context. N The MPI to hold the RSA modulus, or NULL. P The MPI to hold the first prime factor of N
, or NULL.Q The MPI to hold the second prime factor of N
, or NULL.D The MPI to hold the private exponent, or NULL. E The MPI to hold the public exponent, or NULL.
- Returns:
0
on success, MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION if exporting the requested parameters cannot be done due to missing functionality or because of security policies, or a non-zero return code on any other failure.
int mbedtls_rsa_export_crt | ( | const mbedtls_rsa_context * | ctx, |
mbedtls_mpi * | DP, | ||
mbedtls_mpi * | DQ, | ||
mbedtls_mpi * | QP | ||
) |
This function exports CRT parameters of a private RSA key.
- Parameters:
-
ctx The initialized RSA context. DP The MPI to hold D modulo P-1, or NULL. DQ The MPI to hold D modulo Q-1, or NULL. QP The MPI to hold modular inverse of Q modulo P, or NULL.
- Returns:
0
on success, non-zero error code otherwise.
- Note:
- Alternative RSA implementations not using CRT-parameters internally can implement this function based on mbedtls_rsa_deduce_opt().
int mbedtls_rsa_export_raw | ( | const mbedtls_rsa_context * | ctx, |
unsigned char * | N, | ||
size_t | N_len, | ||
unsigned char * | P, | ||
size_t | P_len, | ||
unsigned char * | Q, | ||
size_t | Q_len, | ||
unsigned char * | D, | ||
size_t | D_len, | ||
unsigned char * | E, | ||
size_t | E_len | ||
) |
This function exports core parameters of an RSA key in raw big-endian binary format.
If this function runs successfully, the non-NULL buffers pointed to by N
, P
, Q
, D
, and E
are fully written, with additional unused space filled leading by zero Bytes.
Possible reasons for returning MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION:
- An alternative RSA implementation is in use, which stores the key externally, and either cannot or should not export it into RAM.
-
A SW or HW implementation might not support a certain deduction. For example,
P
,Q
fromN
,D
, andE
if the former are not part of the implementation.
If the function fails due to an unsupported operation, the RSA context stays intact and remains usable.
- Parameters:
-
ctx The initialized RSA context. N The Byte array to store the RSA modulus, or NULL. N_len The size of the buffer for the modulus. P The Byte array to hold the first prime factor of N
, or NULL.P_len The size of the buffer for the first prime factor. Q The Byte array to hold the second prime factor of N
, or NULL.Q_len The size of the buffer for the second prime factor. D The Byte array to hold the private exponent, or NULL. D_len The size of the buffer for the private exponent. E The Byte array to hold the public exponent, or NULL. E_len The size of the buffer for the public exponent.
- Note:
- The length fields are ignored if the corresponding buffer pointers are NULL.
- Returns:
0
on success, MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION if exporting the requested parameters cannot be done due to missing functionality or because of security policies, or a non-zero return code on any other failure.
void mbedtls_rsa_free | ( | mbedtls_rsa_context * | ctx ) |
int mbedtls_rsa_gen_key | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
unsigned int | nbits, | ||
int | exponent | ||
) |
This function generates an RSA keypair.
- Parameters:
-
ctx The RSA context used to hold the key. f_rng The RNG function. p_rng The RNG parameter. nbits The size of the public key in bits. exponent The public exponent. For example, 65537.
- Note:
- mbedtls_rsa_init() must be called before this function, to set up the RSA context.
- Returns:
0
on success, or anMBEDTLS_ERR_RSA_XXX
error code on failure.
size_t mbedtls_rsa_get_len | ( | const mbedtls_rsa_context * | ctx ) |
int mbedtls_rsa_import | ( | mbedtls_rsa_context * | ctx, |
const mbedtls_mpi * | N, | ||
const mbedtls_mpi * | P, | ||
const mbedtls_mpi * | Q, | ||
const mbedtls_mpi * | D, | ||
const mbedtls_mpi * | E | ||
) |
This function imports a set of core parameters into an RSA context.
- Parameters:
-
ctx The initialized RSA context to store the parameters in. N The RSA modulus, or NULL. P The first prime factor of N
, or NULL.Q The second prime factor of N
, or NULL.D The private exponent, or NULL. E The public exponent, or NULL.
- Note:
- This function can be called multiple times for successive imports, if the parameters are not simultaneously present.
Any sequence of calls to this function should be followed by a call to mbedtls_rsa_complete(), which checks and completes the provided information to a ready-for-use public or private RSA key.
- Note:
- See mbedtls_rsa_complete() for more information on which parameters are necessary to set up a private or public RSA key.
- The imported parameters are copied and need not be preserved for the lifetime of the RSA context being set up.
- Returns:
0
on success, or a non-zero error code on failure.
int mbedtls_rsa_import_raw | ( | mbedtls_rsa_context * | ctx, |
unsigned char const * | N, | ||
size_t | N_len, | ||
unsigned char const * | P, | ||
size_t | P_len, | ||
unsigned char const * | Q, | ||
size_t | Q_len, | ||
unsigned char const * | D, | ||
size_t | D_len, | ||
unsigned char const * | E, | ||
size_t | E_len | ||
) |
This function imports core RSA parameters, in raw big-endian binary format, into an RSA context.
- Parameters:
-
ctx The initialized RSA context to store the parameters in. N The RSA modulus, or NULL. N_len The Byte length of N
, ignored ifN
== NULL.P The first prime factor of N
, or NULL.P_len The Byte length of P
, ignored ifP
== NULL.Q The second prime factor of N
, or NULL.Q_len The Byte length of Q
, ignored ifQ
== NULL.D The private exponent, or NULL. D_len The Byte length of D
, ignored ifD
== NULL.E The public exponent, or NULL. E_len The Byte length of E
, ignored ifE
== NULL.
- Note:
- This function can be called multiple times for successive imports, if the parameters are not simultaneously present.
Any sequence of calls to this function should be followed by a call to mbedtls_rsa_complete(), which checks and completes the provided information to a ready-for-use public or private RSA key.
- Note:
- See mbedtls_rsa_complete() for more information on which parameters are necessary to set up a private or public RSA key.
- The imported parameters are copied and need not be preserved for the lifetime of the RSA context being set up.
- Returns:
0
on success, or a non-zero error code on failure.
void mbedtls_rsa_init | ( | mbedtls_rsa_context * | ctx, |
int | padding, | ||
int | hash_id | ||
) |
This function initializes an RSA context.
- Note:
- Set padding to MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP encryption scheme and the RSASSA-PSS signature scheme.
- Parameters:
-
ctx The RSA context to initialize. padding Selects padding mode: MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21. hash_id The hash identifier of mbedtls_md_type_t type, if padding
is MBEDTLS_RSA_PKCS_V21.
- Note:
- The
hash_id
parameter is ignored when using MBEDTLS_RSA_PKCS_V15 padding. -
The choice of padding mode is strictly enforced for private key operations, since there might be security concerns in mixing padding modes. For public key operations it is a default value, which can be overriden by calling specific
rsa_rsaes_xxx
orrsa_rsassa_xxx
functions. -
The hash selected in
hash_id
is always used for OEAP encryption. For PSS signatures, it is always used for making signatures, but can be overriden for verifying them. If set to MBEDTLS_MD_NONE, it is always overriden.
int mbedtls_rsa_pkcs1_decrypt | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
size_t * | olen, | ||
const unsigned char * | input, | ||
unsigned char * | output, | ||
size_t | output_max_len | ||
) |
This function performs an RSA operation, then removes the message padding.
It is the generic wrapper for performing a PKCS#1 decryption operation using the mode
from the context.
- Parameters:
-
ctx The RSA context. f_rng The RNG function. Only needed for MBEDTLS_RSA_PRIVATE. p_rng The RNG parameter. mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE. olen The length of the plaintext. input The buffer holding the encrypted data. output The buffer used to hold the plaintext. output_max_len The maximum length of the output buffer.
- Note:
- Alternative implementations of RSA need not support mode being set to MBEDTLS_RSA_PUBLIC and might instead return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- Returns:
0
on success, or anMBEDTLS_ERR_RSA_XXX
error code on failure.
- Note:
- The output buffer length
output_max_len
should be as large as the sizectx->len
ofctx->N
(for example, 128 Bytes if RSA-1024 is used) to be able to hold an arbitrary decrypted message. If it is not large enough to hold the decryption of the particular ciphertext provided, the function returnsMBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
. -
The input buffer must be as large as the size of
ctx->N
. For example, 128 Bytes if RSA-1024 is used.
int mbedtls_rsa_pkcs1_encrypt | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
size_t | ilen, | ||
const unsigned char * | input, | ||
unsigned char * | output | ||
) |
This function adds the message padding, then performs an RSA operation.
It is the generic wrapper for performing a PKCS#1 encryption operation using the mode
from the context.
- Parameters:
-
ctx The RSA context. f_rng The RNG function. Needed for padding, PKCS#1 v2.1 encoding, and MBEDTLS_RSA_PRIVATE. p_rng The RNG parameter. mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE. ilen The length of the plaintext. input The buffer holding the data to encrypt. output The buffer used to hold the ciphertext.
- Note:
- Alternative implementations of RSA need not support mode being set to MBEDTLS_RSA_PRIVATE and might instead return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- Returns:
0
on success, or anMBEDTLS_ERR_RSA_XXX
error code on failure.
- Note:
- The input and output buffers must be as large as the size of
ctx->N
. For example, 128 Bytes if RSA-1024 is used.
int mbedtls_rsa_pkcs1_sign | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
mbedtls_md_type_t | md_alg, | ||
unsigned int | hashlen, | ||
const unsigned char * | hash, | ||
unsigned char * | sig | ||
) |
This function performs a private RSA operation to sign a message digest using PKCS#1.
It is the generic wrapper for performing a PKCS#1 signature using the mode
from the context.
- Parameters:
-
ctx The RSA context. f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for MBEDTLS_RSA_PRIVATE. p_rng The RNG parameter. mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE. md_alg The message-digest algorithm used to hash the original data. Use MBEDTLS_MD_NONE for signing raw data. hashlen The length of the message digest. Only used if md_alg
is MBEDTLS_MD_NONE.hash The buffer holding the message digest. sig The buffer to hold the ciphertext.
- Note:
- Alternative implementations of RSA need not support mode being set to MBEDTLS_RSA_PUBLIC and might instead return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- Returns:
0
if the signing operation was successful, or anMBEDTLS_ERR_RSA_XXX
error code on failure.
- Note:
- The
sig
buffer must be as large as the size ofctx->N
. For example, 128 Bytes if RSA-1024 is used. -
For PKCS#1 v2.1 encoding, see comments on mbedtls_rsa_rsassa_pss_sign() for details on
md_alg
andhash_id
.
int mbedtls_rsa_pkcs1_verify | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
mbedtls_md_type_t | md_alg, | ||
unsigned int | hashlen, | ||
const unsigned char * | hash, | ||
const unsigned char * | sig | ||
) |
This function performs a public RSA operation and checks the message digest.
This is the generic wrapper for performing a PKCS#1 verification using the mode from the context.
- Parameters:
-
ctx The RSA public key context. f_rng The RNG function. Only needed for MBEDTLS_RSA_PRIVATE. p_rng The RNG parameter. mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE. md_alg The message-digest algorithm used to hash the original data. Use MBEDTLS_MD_NONE for signing raw data. hashlen The length of the message digest. Only used if md_alg
is MBEDTLS_MD_NONE.hash The buffer holding the message digest. sig The buffer holding the ciphertext.
- Note:
- Alternative implementations of RSA need not support mode being set to MBEDTLS_RSA_PRIVATE and might instead return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- Returns:
0
if the verify operation was successful, or anMBEDTLS_ERR_RSA_XXX
error code on failure.
- Note:
- The
sig
buffer must be as large as the size ofctx->N
. For example, 128 Bytes if RSA-1024 is used. -
For PKCS#1 v2.1 encoding, see comments on mbedtls_rsa_rsassa_pss_verify() about
md_alg
andhash_id
.
int mbedtls_rsa_private | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
const unsigned char * | input, | ||
unsigned char * | output | ||
) |
This function performs an RSA private key operation.
- Parameters:
-
ctx The RSA context. f_rng The RNG function. Needed for blinding. p_rng The RNG parameter. input The input buffer. output The output buffer.
- Returns:
0
on success, or anMBEDTLS_ERR_RSA_XXX
error code on failure.
- Note:
- The input and output buffers must be large enough. For example, 128 Bytes if RSA-1024 is used.
int mbedtls_rsa_public | ( | mbedtls_rsa_context * | ctx, |
const unsigned char * | input, | ||
unsigned char * | output | ||
) |
This function performs an RSA public key operation.
- Parameters:
-
ctx The RSA context. input The input buffer. output The output buffer.
- Returns:
0
on success, or anMBEDTLS_ERR_RSA_XXX
error code on failure.
- Note:
- This function does not handle message padding.
-
Make sure to set
input
[0] = 0 or ensure that input is smaller thanN
. - The input and output buffers must be large enough. For example, 128 Bytes if RSA-1024 is used.
int mbedtls_rsa_rsaes_oaep_decrypt | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
const unsigned char * | label, | ||
size_t | label_len, | ||
size_t * | olen, | ||
const unsigned char * | input, | ||
unsigned char * | output, | ||
size_t | output_max_len | ||
) |
This function performs a PKCS#1 v2.1 OAEP decryption operation (RSAES-OAEP-DECRYPT).
- Parameters:
-
ctx The RSA context. f_rng The RNG function. Only needed for MBEDTLS_RSA_PRIVATE. p_rng The RNG parameter. mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE. label The buffer holding the custom label to use. label_len The length of the label. olen The length of the plaintext. input The buffer holding the encrypted data. output The buffer to hold the plaintext. output_max_len The maximum length of the output buffer.
- Note:
- Alternative implementations of RSA need not support mode being set to MBEDTLS_RSA_PUBLIC and might instead return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- Returns:
0
on success, or anMBEDTLS_ERR_RSA_XXX
error code on failure.
- Note:
- The output buffer length
output_max_len
should be as large as the sizectx->len
ofctx->N
, for example, 128 Bytes if RSA-1024 is used, to be able to hold an arbitrary decrypted message. If it is not large enough to hold the decryption of the particular ciphertext provided, the function returns MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. -
The input buffer must be as large as the size of
ctx->N
. For example, 128 Bytes if RSA-1024 is used.
int mbedtls_rsa_rsaes_oaep_encrypt | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
const unsigned char * | label, | ||
size_t | label_len, | ||
size_t | ilen, | ||
const unsigned char * | input, | ||
unsigned char * | output | ||
) |
This function performs a PKCS#1 v2.1 OAEP encryption operation (RSAES-OAEP-ENCRYPT).
- Parameters:
-
ctx The RSA context. f_rng The RNG function. Needed for padding and PKCS#1 v2.1 encoding and MBEDTLS_RSA_PRIVATE. p_rng The RNG parameter. mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE. label The buffer holding the custom label to use. label_len The length of the label. ilen The length of the plaintext. input The buffer holding the data to encrypt. output The buffer used to hold the ciphertext.
- Note:
- Alternative implementations of RSA need not support mode being set to MBEDTLS_RSA_PRIVATE and might instead return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- Returns:
0
on success, or anMBEDTLS_ERR_RSA_XXX
error code on failure.
- Note:
- The output buffer must be as large as the size of ctx->N. For example, 128 Bytes if RSA-1024 is used.
int mbedtls_rsa_rsaes_pkcs1_v15_decrypt | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
size_t * | olen, | ||
const unsigned char * | input, | ||
unsigned char * | output, | ||
size_t | output_max_len | ||
) |
This function performs a PKCS#1 v1.5 decryption operation (RSAES-PKCS1-v1_5-DECRYPT).
- Parameters:
-
ctx The RSA context. f_rng The RNG function. Only needed for MBEDTLS_RSA_PRIVATE. p_rng The RNG parameter. mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE. olen The length of the plaintext. input The buffer holding the encrypted data. output The buffer to hold the plaintext. output_max_len The maximum length of the output buffer.
- Note:
- Alternative implementations of RSA need not support mode being set to MBEDTLS_RSA_PUBLIC and might instead return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- Returns:
0
on success, or anMBEDTLS_ERR_RSA_XXX
error code on failure.
- Note:
- The output buffer length
output_max_len
should be as large as the sizectx->len
ofctx->N
, for example, 128 Bytes if RSA-1024 is used, to be able to hold an arbitrary decrypted message. If it is not large enough to hold the decryption of the particular ciphertext provided, the function returns MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. -
The input buffer must be as large as the size of
ctx->N
. For example, 128 Bytes if RSA-1024 is used.
int mbedtls_rsa_rsaes_pkcs1_v15_encrypt | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
size_t | ilen, | ||
const unsigned char * | input, | ||
unsigned char * | output | ||
) |
This function performs a PKCS#1 v1.5 encryption operation (RSAES-PKCS1-v1_5-ENCRYPT).
- Parameters:
-
ctx The RSA context. f_rng The RNG function. Needed for padding and MBEDTLS_RSA_PRIVATE. p_rng The RNG parameter. mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE. ilen The length of the plaintext. input The buffer holding the data to encrypt. output The buffer used to hold the ciphertext.
- Note:
- Alternative implementations of RSA need not support mode being set to MBEDTLS_RSA_PRIVATE and might instead return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- Returns:
0
on success, or anMBEDTLS_ERR_RSA_XXX
error code on failure.
- Note:
- The output buffer must be as large as the size of
ctx->N
. For example, 128 Bytes if RSA-1024 is used.
int mbedtls_rsa_rsassa_pkcs1_v15_sign | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
mbedtls_md_type_t | md_alg, | ||
unsigned int | hashlen, | ||
const unsigned char * | hash, | ||
unsigned char * | sig | ||
) |
This function performs a PKCS#1 v1.5 signature operation (RSASSA-PKCS1-v1_5-SIGN).
- Parameters:
-
ctx The RSA context. f_rng The RNG function. Only needed for MBEDTLS_RSA_PRIVATE. p_rng The RNG parameter. mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE. md_alg The message-digest algorithm used to hash the original data. Use MBEDTLS_MD_NONE for signing raw data. hashlen The length of the message digest. Only used if md_alg
is MBEDTLS_MD_NONE.hash The buffer holding the message digest. sig The buffer to hold the ciphertext.
- Note:
- Alternative implementations of RSA need not support mode being set to MBEDTLS_RSA_PUBLIC and might instead return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- Returns:
0
if the signing operation was successful, or anMBEDTLS_ERR_RSA_XXX
error code on failure.
- Note:
- The
sig
buffer must be as large as the size ofctx->N
. For example, 128 Bytes if RSA-1024 is used.
int mbedtls_rsa_rsassa_pkcs1_v15_verify | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
mbedtls_md_type_t | md_alg, | ||
unsigned int | hashlen, | ||
const unsigned char * | hash, | ||
const unsigned char * | sig | ||
) |
This function performs a PKCS#1 v1.5 verification operation (RSASSA-PKCS1-v1_5-VERIFY).
- Parameters:
-
ctx The RSA public key context. f_rng The RNG function. Only needed for MBEDTLS_RSA_PRIVATE. p_rng The RNG parameter. mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE. md_alg The message-digest algorithm used to hash the original data. Use MBEDTLS_MD_NONE for signing raw data. hashlen The length of the message digest. Only used if md_alg
is MBEDTLS_MD_NONE.hash The buffer holding the message digest. sig The buffer holding the ciphertext.
- Note:
- Alternative implementations of RSA need not support mode being set to MBEDTLS_RSA_PRIVATE and might instead return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- Returns:
0
if the verify operation was successful, or anMBEDTLS_ERR_RSA_XXX
error code on failure.
- Note:
- The
sig
buffer must be as large as the size ofctx->N
. For example, 128 Bytes if RSA-1024 is used.
int mbedtls_rsa_rsassa_pss_sign | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
mbedtls_md_type_t | md_alg, | ||
unsigned int | hashlen, | ||
const unsigned char * | hash, | ||
unsigned char * | sig | ||
) |
This function performs a PKCS#1 v2.1 PSS signature operation (RSASSA-PSS-SIGN).
- Parameters:
-
ctx The RSA context. f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for MBEDTLS_RSA_PRIVATE. p_rng The RNG parameter. mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE. md_alg The message-digest algorithm used to hash the original data. Use MBEDTLS_MD_NONE for signing raw data. hashlen The length of the message digest. Only used if md_alg
is MBEDTLS_MD_NONE.hash The buffer holding the message digest. sig The buffer to hold the ciphertext.
- Note:
- Alternative implementations of RSA need not support mode being set to MBEDTLS_RSA_PUBLIC and might instead return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- Returns:
0
if the signing operation was successful, or anMBEDTLS_ERR_RSA_XXX
error code on failure.
- Note:
- The
sig
buffer must be as large as the size ofctx->N
. For example, 128 Bytes if RSA-1024 is used. -
The
hash_id
in the RSA context is the one used for the encoding.md_alg
in the function call is the type of hash that is encoded. According to RFC-3447: Public-Key Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography Specifications it is advised to keep both hashes the same.
int mbedtls_rsa_rsassa_pss_verify | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
mbedtls_md_type_t | md_alg, | ||
unsigned int | hashlen, | ||
const unsigned char * | hash, | ||
const unsigned char * | sig | ||
) |
This function performs a PKCS#1 v2.1 PSS verification operation (RSASSA-PSS-VERIFY).
The hash function for the MGF mask generating function is that specified in the RSA context.
- Parameters:
-
ctx The RSA public key context. f_rng The RNG function. Only needed for MBEDTLS_RSA_PRIVATE. p_rng The RNG parameter. mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE. md_alg The message-digest algorithm used to hash the original data. Use MBEDTLS_MD_NONE for signing raw data. hashlen The length of the message digest. Only used if md_alg
is MBEDTLS_MD_NONE.hash The buffer holding the message digest. sig The buffer holding the ciphertext.
- Note:
- Alternative implementations of RSA need not support mode being set to MBEDTLS_RSA_PRIVATE and might instead return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- Returns:
0
if the verify operation was successful, or anMBEDTLS_ERR_RSA_XXX
error code on failure.
- Note:
- The
sig
buffer must be as large as the size ofctx->N
. For example, 128 Bytes if RSA-1024 is used. -
The
hash_id
in the RSA context is the one used for the verification.md_alg
in the function call is the type of hash that is verified. According to RFC-3447: Public-Key Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography Specifications it is advised to keep both hashes the same. Ifhash_id
in the RSA context is unset, themd_alg
from the function call is used.
int mbedtls_rsa_rsassa_pss_verify_ext | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
mbedtls_md_type_t | md_alg, | ||
unsigned int | hashlen, | ||
const unsigned char * | hash, | ||
mbedtls_md_type_t | mgf1_hash_id, | ||
int | expected_salt_len, | ||
const unsigned char * | sig | ||
) |
This function performs a PKCS#1 v2.1 PSS verification operation (RSASSA-PSS-VERIFY).
The hash function for the MGF mask generating function is that specified in mgf1_hash_id
.
- Parameters:
-
ctx The RSA public key context. f_rng The RNG function. Only needed for MBEDTLS_RSA_PRIVATE. p_rng The RNG parameter. mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE. md_alg The message-digest algorithm used to hash the original data. Use MBEDTLS_MD_NONE for signing raw data. hashlen The length of the message digest. Only used if md_alg
is MBEDTLS_MD_NONE.hash The buffer holding the message digest. mgf1_hash_id The message digest used for mask generation. expected_salt_len The length of the salt used in padding. Use MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length. sig The buffer holding the ciphertext.
- Returns:
0
if the verify operation was successful, or anMBEDTLS_ERR_RSA_XXX
error code on failure.
- Note:
- The
sig
buffer must be as large as the size ofctx->N
. For example, 128 Bytes if RSA-1024 is used. -
The
hash_id
in the RSA context is ignored.
int mbedtls_rsa_self_test | ( | int | verbose ) |
void mbedtls_rsa_set_padding | ( | mbedtls_rsa_context * | ctx, |
int | padding, | ||
int | hash_id | ||
) |
This function sets padding for an already initialized RSA context.
See mbedtls_rsa_init() for details.
- Parameters:
-
ctx The RSA context to be set. padding Selects padding mode: MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21. hash_id The MBEDTLS_RSA_PKCS_V21 hash identifier.
Generated on Tue Jul 12 2022 18:18:59 by
