Eric Tsai / mbedtls

Modified mbed TLS headers for AES functionality only to reduce build size

Dependents:   BLE_Gateway_Linker_fix BLE_Gateway

Fork of mbedtls by sandbox

mbedtls/rsa.h@5:f09f5ed830ca, 2017-07-10 (annotated)

Committer:
electronichamsters
Date:
Mon Jul 10 04:00:25 2017 +0000
Revision:
5:f09f5ed830ca
Parent:
1:24750b9ad5ef 
working gateway

Who changed what in which revision?

UserRevisionLine numberNew contents of line
Christopher Haster 1:24750b9ad5ef 1 /**
Christopher Haster 1:24750b9ad5ef 2 * \file rsa.h
Christopher Haster 1:24750b9ad5ef 3 *
Christopher Haster 1:24750b9ad5ef 4 * \brief The RSA public-key cryptosystem
Christopher Haster 1:24750b9ad5ef 5 *
Christopher Haster 1:24750b9ad5ef 6 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Christopher Haster 1:24750b9ad5ef 7 * SPDX-License-Identifier: Apache-2.0
Christopher Haster 1:24750b9ad5ef 8 *
Christopher Haster 1:24750b9ad5ef 9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
Christopher Haster 1:24750b9ad5ef 10 * not use this file except in compliance with the License.
Christopher Haster 1:24750b9ad5ef 11 * You may obtain a copy of the License at
Christopher Haster 1:24750b9ad5ef 12 *
Christopher Haster 1:24750b9ad5ef 13 * http://www.apache.org/licenses/LICENSE-2.0
Christopher Haster 1:24750b9ad5ef 14 *
Christopher Haster 1:24750b9ad5ef 15 * Unless required by applicable law or agreed to in writing, software
Christopher Haster 1:24750b9ad5ef 16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
Christopher Haster 1:24750b9ad5ef 17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Christopher Haster 1:24750b9ad5ef 18 * See the License for the specific language governing permissions and
Christopher Haster 1:24750b9ad5ef 19 * limitations under the License.
Christopher Haster 1:24750b9ad5ef 20 *
Christopher Haster 1:24750b9ad5ef 21 * This file is part of mbed TLS (https://tls.mbed.org)
Christopher Haster 1:24750b9ad5ef 22 */
Christopher Haster 1:24750b9ad5ef 23 #ifndef MBEDTLS_RSA_H
Christopher Haster 1:24750b9ad5ef 24 #define MBEDTLS_RSA_H
Christopher Haster 1:24750b9ad5ef 25
Christopher Haster 1:24750b9ad5ef 26 #if !defined(MBEDTLS_CONFIG_FILE)
Christopher Haster 1:24750b9ad5ef 27 #include "config.h"
Christopher Haster 1:24750b9ad5ef 28 #else
Christopher Haster 1:24750b9ad5ef 29 #include MBEDTLS_CONFIG_FILE
Christopher Haster 1:24750b9ad5ef 30 #endif
Christopher Haster 1:24750b9ad5ef 31
Christopher Haster 1:24750b9ad5ef 32 #include "bignum.h"
Christopher Haster 1:24750b9ad5ef 33 #include "md.h"
Christopher Haster 1:24750b9ad5ef 34
Christopher Haster 1:24750b9ad5ef 35 #if defined(MBEDTLS_THREADING_C)
Christopher Haster 1:24750b9ad5ef 36 #include "threading.h"
Christopher Haster 1:24750b9ad5ef 37 #endif
Christopher Haster 1:24750b9ad5ef 38
Christopher Haster 1:24750b9ad5ef 39 /*
Christopher Haster 1:24750b9ad5ef 40 * RSA Error codes
Christopher Haster 1:24750b9ad5ef 41 */
Christopher Haster 1:24750b9ad5ef 42 #define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 /**< Bad input parameters to function. */
Christopher Haster 1:24750b9ad5ef 43 #define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100 /**< Input data contains invalid padding and is rejected. */
Christopher Haster 1:24750b9ad5ef 44 #define MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180 /**< Something failed during generation of a key. */
Christopher Haster 1:24750b9ad5ef 45 #define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 /**< Key failed to pass the library's validity check. */
Christopher Haster 1:24750b9ad5ef 46 #define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280 /**< The public key operation failed. */
Christopher Haster 1:24750b9ad5ef 47 #define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300 /**< The private key operation failed. */
Christopher Haster 1:24750b9ad5ef 48 #define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */
Christopher Haster 1:24750b9ad5ef 49 #define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */
Christopher Haster 1:24750b9ad5ef 50 #define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */
Christopher Haster 1:24750b9ad5ef 51
Christopher Haster 1:24750b9ad5ef 52 /*
Christopher Haster 1:24750b9ad5ef 53 * RSA constants
Christopher Haster 1:24750b9ad5ef 54 */
Christopher Haster 1:24750b9ad5ef 55 #define MBEDTLS_RSA_PUBLIC 0
Christopher Haster 1:24750b9ad5ef 56 #define MBEDTLS_RSA_PRIVATE 1
Christopher Haster 1:24750b9ad5ef 57
Christopher Haster 1:24750b9ad5ef 58 #define MBEDTLS_RSA_PKCS_V15 0
Christopher Haster 1:24750b9ad5ef 59 #define MBEDTLS_RSA_PKCS_V21 1
Christopher Haster 1:24750b9ad5ef 60
Christopher Haster 1:24750b9ad5ef 61 #define MBEDTLS_RSA_SIGN 1
Christopher Haster 1:24750b9ad5ef 62 #define MBEDTLS_RSA_CRYPT 2
Christopher Haster 1:24750b9ad5ef 63
Christopher Haster 1:24750b9ad5ef 64 #define MBEDTLS_RSA_SALT_LEN_ANY -1
Christopher Haster 1:24750b9ad5ef 65
Christopher Haster 1:24750b9ad5ef 66 /*
Christopher Haster 1:24750b9ad5ef 67 * The above constants may be used even if the RSA module is compile out,
Christopher Haster 1:24750b9ad5ef 68 * eg for alternative (PKCS#11) RSA implemenations in the PK layers.
Christopher Haster 1:24750b9ad5ef 69 */
Christopher Haster 1:24750b9ad5ef 70 #if defined(MBEDTLS_RSA_C)
Christopher Haster 1:24750b9ad5ef 71
Christopher Haster 1:24750b9ad5ef 72 #ifdef __cplusplus
Christopher Haster 1:24750b9ad5ef 73 extern "C" {
Christopher Haster 1:24750b9ad5ef 74 #endif
Christopher Haster 1:24750b9ad5ef 75
Christopher Haster 1:24750b9ad5ef 76 /**
Christopher Haster 1:24750b9ad5ef 77 * \brief RSA context structure
Christopher Haster 1:24750b9ad5ef 78 */
Christopher Haster 1:24750b9ad5ef 79 typedef struct
Christopher Haster 1:24750b9ad5ef 80 {
Christopher Haster 1:24750b9ad5ef 81 int ver; /*!< always 0 */
Christopher Haster 1:24750b9ad5ef 82 size_t len; /*!< size(N) in chars */
Christopher Haster 1:24750b9ad5ef 83
Christopher Haster 1:24750b9ad5ef 84 mbedtls_mpi N; /*!< public modulus */
Christopher Haster 1:24750b9ad5ef 85 mbedtls_mpi E; /*!< public exponent */
Christopher Haster 1:24750b9ad5ef 86
Christopher Haster 1:24750b9ad5ef 87 mbedtls_mpi D; /*!< private exponent */
Christopher Haster 1:24750b9ad5ef 88 mbedtls_mpi P; /*!< 1st prime factor */
Christopher Haster 1:24750b9ad5ef 89 mbedtls_mpi Q; /*!< 2nd prime factor */
Christopher Haster 1:24750b9ad5ef 90 mbedtls_mpi DP; /*!< D % (P - 1) */
Christopher Haster 1:24750b9ad5ef 91 mbedtls_mpi DQ; /*!< D % (Q - 1) */
Christopher Haster 1:24750b9ad5ef 92 mbedtls_mpi QP; /*!< 1 / (Q % P) */
Christopher Haster 1:24750b9ad5ef 93
Christopher Haster 1:24750b9ad5ef 94 mbedtls_mpi RN; /*!< cached R^2 mod N */
Christopher Haster 1:24750b9ad5ef 95 mbedtls_mpi RP; /*!< cached R^2 mod P */
Christopher Haster 1:24750b9ad5ef 96 mbedtls_mpi RQ; /*!< cached R^2 mod Q */
Christopher Haster 1:24750b9ad5ef 97
Christopher Haster 1:24750b9ad5ef 98 mbedtls_mpi Vi; /*!< cached blinding value */
Christopher Haster 1:24750b9ad5ef 99 mbedtls_mpi Vf; /*!< cached un-blinding value */
Christopher Haster 1:24750b9ad5ef 100
Christopher Haster 1:24750b9ad5ef 101 int padding; /*!< MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
Christopher Haster 1:24750b9ad5ef 102 RSA_PKCS_v21 for OAEP/PSS */
Christopher Haster 1:24750b9ad5ef 103 int hash_id; /*!< Hash identifier of mbedtls_md_type_t as
Christopher Haster 1:24750b9ad5ef 104 specified in the mbedtls_md.h header file
Christopher Haster 1:24750b9ad5ef 105 for the EME-OAEP and EMSA-PSS
Christopher Haster 1:24750b9ad5ef 106 encoding */
Christopher Haster 1:24750b9ad5ef 107 #if defined(MBEDTLS_THREADING_C)
Christopher Haster 1:24750b9ad5ef 108 mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex */
Christopher Haster 1:24750b9ad5ef 109 #endif
Christopher Haster 1:24750b9ad5ef 110 }
Christopher Haster 1:24750b9ad5ef 111 mbedtls_rsa_context;
Christopher Haster 1:24750b9ad5ef 112
Christopher Haster 1:24750b9ad5ef 113 /**
Christopher Haster 1:24750b9ad5ef 114 * \brief Initialize an RSA context
Christopher Haster 1:24750b9ad5ef 115 *
Christopher Haster 1:24750b9ad5ef 116 * Note: Set padding to MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
Christopher Haster 1:24750b9ad5ef 117 * encryption scheme and the RSASSA-PSS signature scheme.
Christopher Haster 1:24750b9ad5ef 118 *
Christopher Haster 1:24750b9ad5ef 119 * \param ctx RSA context to be initialized
Christopher Haster 1:24750b9ad5ef 120 * \param padding MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21
Christopher Haster 1:24750b9ad5ef 121 * \param hash_id MBEDTLS_RSA_PKCS_V21 hash identifier
Christopher Haster 1:24750b9ad5ef 122 *
Christopher Haster 1:24750b9ad5ef 123 * \note The hash_id parameter is actually ignored
Christopher Haster 1:24750b9ad5ef 124 * when using MBEDTLS_RSA_PKCS_V15 padding.
Christopher Haster 1:24750b9ad5ef 125 *
Christopher Haster 1:24750b9ad5ef 126 * \note Choice of padding mode is strictly enforced for private key
Christopher Haster 1:24750b9ad5ef 127 * operations, since there might be security concerns in
Christopher Haster 1:24750b9ad5ef 128 * mixing padding modes. For public key operations it's merely
Christopher Haster 1:24750b9ad5ef 129 * a default value, which can be overriden by calling specific
Christopher Haster 1:24750b9ad5ef 130 * rsa_rsaes_xxx or rsa_rsassa_xxx functions.
Christopher Haster 1:24750b9ad5ef 131 *
Christopher Haster 1:24750b9ad5ef 132 * \note The chosen hash is always used for OEAP encryption.
Christopher Haster 1:24750b9ad5ef 133 * For PSS signatures, it's always used for making signatures,
Christopher Haster 1:24750b9ad5ef 134 * but can be overriden (and always is, if set to
Christopher Haster 1:24750b9ad5ef 135 * MBEDTLS_MD_NONE) for verifying them.
Christopher Haster 1:24750b9ad5ef 136 */
Christopher Haster 1:24750b9ad5ef 137 void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 138 int padding,
Christopher Haster 1:24750b9ad5ef 139 int hash_id);
Christopher Haster 1:24750b9ad5ef 140
Christopher Haster 1:24750b9ad5ef 141 /**
Christopher Haster 1:24750b9ad5ef 142 * \brief Set padding for an already initialized RSA context
Christopher Haster 1:24750b9ad5ef 143 * See \c mbedtls_rsa_init() for details.
Christopher Haster 1:24750b9ad5ef 144 *
Christopher Haster 1:24750b9ad5ef 145 * \param ctx RSA context to be set
Christopher Haster 1:24750b9ad5ef 146 * \param padding MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21
Christopher Haster 1:24750b9ad5ef 147 * \param hash_id MBEDTLS_RSA_PKCS_V21 hash identifier
Christopher Haster 1:24750b9ad5ef 148 */
Christopher Haster 1:24750b9ad5ef 149 void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id);
Christopher Haster 1:24750b9ad5ef 150
Christopher Haster 1:24750b9ad5ef 151 /**
Christopher Haster 1:24750b9ad5ef 152 * \brief Generate an RSA keypair
Christopher Haster 1:24750b9ad5ef 153 *
Christopher Haster 1:24750b9ad5ef 154 * \param ctx RSA context that will hold the key
Christopher Haster 1:24750b9ad5ef 155 * \param f_rng RNG function
Christopher Haster 1:24750b9ad5ef 156 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 157 * \param nbits size of the public key in bits
Christopher Haster 1:24750b9ad5ef 158 * \param exponent public exponent (e.g., 65537)
Christopher Haster 1:24750b9ad5ef 159 *
Christopher Haster 1:24750b9ad5ef 160 * \note mbedtls_rsa_init() must be called beforehand to setup
Christopher Haster 1:24750b9ad5ef 161 * the RSA context.
Christopher Haster 1:24750b9ad5ef 162 *
Christopher Haster 1:24750b9ad5ef 163 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 164 */
Christopher Haster 1:24750b9ad5ef 165 int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 166 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 167 void *p_rng,
Christopher Haster 1:24750b9ad5ef 168 unsigned int nbits, int exponent );
Christopher Haster 1:24750b9ad5ef 169
Christopher Haster 1:24750b9ad5ef 170 /**
Christopher Haster 1:24750b9ad5ef 171 * \brief Check a public RSA key
Christopher Haster 1:24750b9ad5ef 172 *
Christopher Haster 1:24750b9ad5ef 173 * \param ctx RSA context to be checked
Christopher Haster 1:24750b9ad5ef 174 *
Christopher Haster 1:24750b9ad5ef 175 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 176 */
Christopher Haster 1:24750b9ad5ef 177 int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx );
Christopher Haster 1:24750b9ad5ef 178
Christopher Haster 1:24750b9ad5ef 179 /**
Christopher Haster 1:24750b9ad5ef 180 * \brief Check a private RSA key
Christopher Haster 1:24750b9ad5ef 181 *
Christopher Haster 1:24750b9ad5ef 182 * \param ctx RSA context to be checked
Christopher Haster 1:24750b9ad5ef 183 *
Christopher Haster 1:24750b9ad5ef 184 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 185 */
Christopher Haster 1:24750b9ad5ef 186 int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx );
Christopher Haster 1:24750b9ad5ef 187
Christopher Haster 1:24750b9ad5ef 188 /**
Christopher Haster 1:24750b9ad5ef 189 * \brief Check a public-private RSA key pair.
Christopher Haster 1:24750b9ad5ef 190 * Check each of the contexts, and make sure they match.
Christopher Haster 1:24750b9ad5ef 191 *
Christopher Haster 1:24750b9ad5ef 192 * \param pub RSA context holding the public key
Christopher Haster 1:24750b9ad5ef 193 * \param prv RSA context holding the private key
Christopher Haster 1:24750b9ad5ef 194 *
Christopher Haster 1:24750b9ad5ef 195 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 196 */
Christopher Haster 1:24750b9ad5ef 197 int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv );
Christopher Haster 1:24750b9ad5ef 198
Christopher Haster 1:24750b9ad5ef 199 /**
Christopher Haster 1:24750b9ad5ef 200 * \brief Do an RSA public key operation
Christopher Haster 1:24750b9ad5ef 201 *
Christopher Haster 1:24750b9ad5ef 202 * \param ctx RSA context
Christopher Haster 1:24750b9ad5ef 203 * \param input input buffer
Christopher Haster 1:24750b9ad5ef 204 * \param output output buffer
Christopher Haster 1:24750b9ad5ef 205 *
Christopher Haster 1:24750b9ad5ef 206 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 207 *
Christopher Haster 1:24750b9ad5ef 208 * \note This function does NOT take care of message
Christopher Haster 1:24750b9ad5ef 209 * padding. Also, be sure to set input[0] = 0 or assure that
Christopher Haster 1:24750b9ad5ef 210 * input is smaller than N.
Christopher Haster 1:24750b9ad5ef 211 *
Christopher Haster 1:24750b9ad5ef 212 * \note The input and output buffers must be large
Christopher Haster 1:24750b9ad5ef 213 * enough (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 214 */
Christopher Haster 1:24750b9ad5ef 215 int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 216 const unsigned char *input,
Christopher Haster 1:24750b9ad5ef 217 unsigned char *output );
Christopher Haster 1:24750b9ad5ef 218
Christopher Haster 1:24750b9ad5ef 219 /**
Christopher Haster 1:24750b9ad5ef 220 * \brief Do an RSA private key operation
Christopher Haster 1:24750b9ad5ef 221 *
Christopher Haster 1:24750b9ad5ef 222 * \param ctx RSA context
Christopher Haster 1:24750b9ad5ef 223 * \param f_rng RNG function (Needed for blinding)
Christopher Haster 1:24750b9ad5ef 224 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 225 * \param input input buffer
Christopher Haster 1:24750b9ad5ef 226 * \param output output buffer
Christopher Haster 1:24750b9ad5ef 227 *
Christopher Haster 1:24750b9ad5ef 228 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 229 *
Christopher Haster 1:24750b9ad5ef 230 * \note The input and output buffers must be large
Christopher Haster 1:24750b9ad5ef 231 * enough (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 232 */
Christopher Haster 1:24750b9ad5ef 233 int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 234 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 235 void *p_rng,
Christopher Haster 1:24750b9ad5ef 236 const unsigned char *input,
Christopher Haster 1:24750b9ad5ef 237 unsigned char *output );
Christopher Haster 1:24750b9ad5ef 238
Christopher Haster 1:24750b9ad5ef 239 /**
Christopher Haster 1:24750b9ad5ef 240 * \brief Generic wrapper to perform a PKCS#1 encryption using the
Christopher Haster 1:24750b9ad5ef 241 * mode from the context. Add the message padding, then do an
Christopher Haster 1:24750b9ad5ef 242 * RSA operation.
Christopher Haster 1:24750b9ad5ef 243 *
Christopher Haster 1:24750b9ad5ef 244 * \param ctx RSA context
Christopher Haster 1:24750b9ad5ef 245 * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding
Christopher Haster 1:24750b9ad5ef 246 * and MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 247 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 248 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 249 * \param ilen contains the plaintext length
Christopher Haster 1:24750b9ad5ef 250 * \param input buffer holding the data to be encrypted
Christopher Haster 1:24750b9ad5ef 251 * \param output buffer that will hold the ciphertext
Christopher Haster 1:24750b9ad5ef 252 *
Christopher Haster 1:24750b9ad5ef 253 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 254 *
Christopher Haster 1:24750b9ad5ef 255 * \note The output buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 256 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 257 */
Christopher Haster 1:24750b9ad5ef 258 int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 259 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 260 void *p_rng,
Christopher Haster 1:24750b9ad5ef 261 int mode, size_t ilen,
Christopher Haster 1:24750b9ad5ef 262 const unsigned char *input,
Christopher Haster 1:24750b9ad5ef 263 unsigned char *output );
Christopher Haster 1:24750b9ad5ef 264
Christopher Haster 1:24750b9ad5ef 265 /**
Christopher Haster 1:24750b9ad5ef 266 * \brief Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT)
Christopher Haster 1:24750b9ad5ef 267 *
Christopher Haster 1:24750b9ad5ef 268 * \param ctx RSA context
Christopher Haster 1:24750b9ad5ef 269 * \param f_rng RNG function (Needed for padding and MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 270 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 271 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 272 * \param ilen contains the plaintext length
Christopher Haster 1:24750b9ad5ef 273 * \param input buffer holding the data to be encrypted
Christopher Haster 1:24750b9ad5ef 274 * \param output buffer that will hold the ciphertext
Christopher Haster 1:24750b9ad5ef 275 *
Christopher Haster 1:24750b9ad5ef 276 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 277 *
Christopher Haster 1:24750b9ad5ef 278 * \note The output buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 279 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 280 */
Christopher Haster 1:24750b9ad5ef 281 int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 282 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 283 void *p_rng,
Christopher Haster 1:24750b9ad5ef 284 int mode, size_t ilen,
Christopher Haster 1:24750b9ad5ef 285 const unsigned char *input,
Christopher Haster 1:24750b9ad5ef 286 unsigned char *output );
Christopher Haster 1:24750b9ad5ef 287
Christopher Haster 1:24750b9ad5ef 288 /**
Christopher Haster 1:24750b9ad5ef 289 * \brief Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT)
Christopher Haster 1:24750b9ad5ef 290 *
Christopher Haster 1:24750b9ad5ef 291 * \param ctx RSA context
Christopher Haster 1:24750b9ad5ef 292 * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding
Christopher Haster 1:24750b9ad5ef 293 * and MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 294 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 295 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 296 * \param label buffer holding the custom label to use
Christopher Haster 1:24750b9ad5ef 297 * \param label_len contains the label length
Christopher Haster 1:24750b9ad5ef 298 * \param ilen contains the plaintext length
Christopher Haster 1:24750b9ad5ef 299 * \param input buffer holding the data to be encrypted
Christopher Haster 1:24750b9ad5ef 300 * \param output buffer that will hold the ciphertext
Christopher Haster 1:24750b9ad5ef 301 *
Christopher Haster 1:24750b9ad5ef 302 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 303 *
Christopher Haster 1:24750b9ad5ef 304 * \note The output buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 305 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 306 */
Christopher Haster 1:24750b9ad5ef 307 int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 308 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 309 void *p_rng,
Christopher Haster 1:24750b9ad5ef 310 int mode,
Christopher Haster 1:24750b9ad5ef 311 const unsigned char *label, size_t label_len,
Christopher Haster 1:24750b9ad5ef 312 size_t ilen,
Christopher Haster 1:24750b9ad5ef 313 const unsigned char *input,
Christopher Haster 1:24750b9ad5ef 314 unsigned char *output );
Christopher Haster 1:24750b9ad5ef 315
Christopher Haster 1:24750b9ad5ef 316 /**
Christopher Haster 1:24750b9ad5ef 317 * \brief Generic wrapper to perform a PKCS#1 decryption using the
Christopher Haster 1:24750b9ad5ef 318 * mode from the context. Do an RSA operation, then remove
Christopher Haster 1:24750b9ad5ef 319 * the message padding
Christopher Haster 1:24750b9ad5ef 320 *
Christopher Haster 1:24750b9ad5ef 321 * \param ctx RSA context
Christopher Haster 1:24750b9ad5ef 322 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 323 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 324 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 325 * \param olen will contain the plaintext length
Christopher Haster 1:24750b9ad5ef 326 * \param input buffer holding the encrypted data
Christopher Haster 1:24750b9ad5ef 327 * \param output buffer that will hold the plaintext
Christopher Haster 1:24750b9ad5ef 328 * \param output_max_len maximum length of the output buffer
Christopher Haster 1:24750b9ad5ef 329 *
Christopher Haster 1:24750b9ad5ef 330 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 331 *
Christopher Haster 1:24750b9ad5ef 332 * \note The output buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 333 * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
Christopher Haster 1:24750b9ad5ef 334 * an error is thrown.
Christopher Haster 1:24750b9ad5ef 335 */
Christopher Haster 1:24750b9ad5ef 336 int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 337 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 338 void *p_rng,
Christopher Haster 1:24750b9ad5ef 339 int mode, size_t *olen,
Christopher Haster 1:24750b9ad5ef 340 const unsigned char *input,
Christopher Haster 1:24750b9ad5ef 341 unsigned char *output,
Christopher Haster 1:24750b9ad5ef 342 size_t output_max_len );
Christopher Haster 1:24750b9ad5ef 343
Christopher Haster 1:24750b9ad5ef 344 /**
Christopher Haster 1:24750b9ad5ef 345 * \brief Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT)
Christopher Haster 1:24750b9ad5ef 346 *
Christopher Haster 1:24750b9ad5ef 347 * \param ctx RSA context
Christopher Haster 1:24750b9ad5ef 348 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 349 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 350 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 351 * \param olen will contain the plaintext length
Christopher Haster 1:24750b9ad5ef 352 * \param input buffer holding the encrypted data
Christopher Haster 1:24750b9ad5ef 353 * \param output buffer that will hold the plaintext
Christopher Haster 1:24750b9ad5ef 354 * \param output_max_len maximum length of the output buffer
Christopher Haster 1:24750b9ad5ef 355 *
Christopher Haster 1:24750b9ad5ef 356 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 357 *
Christopher Haster 1:24750b9ad5ef 358 * \note The output buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 359 * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
Christopher Haster 1:24750b9ad5ef 360 * an error is thrown.
Christopher Haster 1:24750b9ad5ef 361 */
Christopher Haster 1:24750b9ad5ef 362 int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 363 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 364 void *p_rng,
Christopher Haster 1:24750b9ad5ef 365 int mode, size_t *olen,
Christopher Haster 1:24750b9ad5ef 366 const unsigned char *input,
Christopher Haster 1:24750b9ad5ef 367 unsigned char *output,
Christopher Haster 1:24750b9ad5ef 368 size_t output_max_len );
Christopher Haster 1:24750b9ad5ef 369
Christopher Haster 1:24750b9ad5ef 370 /**
Christopher Haster 1:24750b9ad5ef 371 * \brief Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT)
Christopher Haster 1:24750b9ad5ef 372 *
Christopher Haster 1:24750b9ad5ef 373 * \param ctx RSA context
Christopher Haster 1:24750b9ad5ef 374 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 375 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 376 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 377 * \param label buffer holding the custom label to use
Christopher Haster 1:24750b9ad5ef 378 * \param label_len contains the label length
Christopher Haster 1:24750b9ad5ef 379 * \param olen will contain the plaintext length
Christopher Haster 1:24750b9ad5ef 380 * \param input buffer holding the encrypted data
Christopher Haster 1:24750b9ad5ef 381 * \param output buffer that will hold the plaintext
Christopher Haster 1:24750b9ad5ef 382 * \param output_max_len maximum length of the output buffer
Christopher Haster 1:24750b9ad5ef 383 *
Christopher Haster 1:24750b9ad5ef 384 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 385 *
Christopher Haster 1:24750b9ad5ef 386 * \note The output buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 387 * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
Christopher Haster 1:24750b9ad5ef 388 * an error is thrown.
Christopher Haster 1:24750b9ad5ef 389 */
Christopher Haster 1:24750b9ad5ef 390 int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 391 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 392 void *p_rng,
Christopher Haster 1:24750b9ad5ef 393 int mode,
Christopher Haster 1:24750b9ad5ef 394 const unsigned char *label, size_t label_len,
Christopher Haster 1:24750b9ad5ef 395 size_t *olen,
Christopher Haster 1:24750b9ad5ef 396 const unsigned char *input,
Christopher Haster 1:24750b9ad5ef 397 unsigned char *output,
Christopher Haster 1:24750b9ad5ef 398 size_t output_max_len );
Christopher Haster 1:24750b9ad5ef 399
Christopher Haster 1:24750b9ad5ef 400 /**
Christopher Haster 1:24750b9ad5ef 401 * \brief Generic wrapper to perform a PKCS#1 signature using the
Christopher Haster 1:24750b9ad5ef 402 * mode from the context. Do a private RSA operation to sign
Christopher Haster 1:24750b9ad5ef 403 * a message digest
Christopher Haster 1:24750b9ad5ef 404 *
Christopher Haster 1:24750b9ad5ef 405 * \param ctx RSA context
Christopher Haster 1:24750b9ad5ef 406 * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for
Christopher Haster 1:24750b9ad5ef 407 * MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 408 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 409 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 410 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
Christopher Haster 1:24750b9ad5ef 411 * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
Christopher Haster 1:24750b9ad5ef 412 * \param hash buffer holding the message digest
Christopher Haster 1:24750b9ad5ef 413 * \param sig buffer that will hold the ciphertext
Christopher Haster 1:24750b9ad5ef 414 *
Christopher Haster 1:24750b9ad5ef 415 * \return 0 if the signing operation was successful,
Christopher Haster 1:24750b9ad5ef 416 * or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 417 *
Christopher Haster 1:24750b9ad5ef 418 * \note The "sig" buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 419 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 420 *
Christopher Haster 1:24750b9ad5ef 421 * \note In case of PKCS#1 v2.1 encoding, see comments on
Christopher Haster 1:24750b9ad5ef 422 * \note \c mbedtls_rsa_rsassa_pss_sign() for details on md_alg and hash_id.
Christopher Haster 1:24750b9ad5ef 423 */
Christopher Haster 1:24750b9ad5ef 424 int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 425 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 426 void *p_rng,
Christopher Haster 1:24750b9ad5ef 427 int mode,
Christopher Haster 1:24750b9ad5ef 428 mbedtls_md_type_t md_alg,
Christopher Haster 1:24750b9ad5ef 429 unsigned int hashlen,
Christopher Haster 1:24750b9ad5ef 430 const unsigned char *hash,
Christopher Haster 1:24750b9ad5ef 431 unsigned char *sig );
Christopher Haster 1:24750b9ad5ef 432
Christopher Haster 1:24750b9ad5ef 433 /**
Christopher Haster 1:24750b9ad5ef 434 * \brief Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN)
Christopher Haster 1:24750b9ad5ef 435 *
Christopher Haster 1:24750b9ad5ef 436 * \param ctx RSA context
Christopher Haster 1:24750b9ad5ef 437 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 438 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 439 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 440 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
Christopher Haster 1:24750b9ad5ef 441 * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
Christopher Haster 1:24750b9ad5ef 442 * \param hash buffer holding the message digest
Christopher Haster 1:24750b9ad5ef 443 * \param sig buffer that will hold the ciphertext
Christopher Haster 1:24750b9ad5ef 444 *
Christopher Haster 1:24750b9ad5ef 445 * \return 0 if the signing operation was successful,
Christopher Haster 1:24750b9ad5ef 446 * or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 447 *
Christopher Haster 1:24750b9ad5ef 448 * \note The "sig" buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 449 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 450 */
Christopher Haster 1:24750b9ad5ef 451 int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 452 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 453 void *p_rng,
Christopher Haster 1:24750b9ad5ef 454 int mode,
Christopher Haster 1:24750b9ad5ef 455 mbedtls_md_type_t md_alg,
Christopher Haster 1:24750b9ad5ef 456 unsigned int hashlen,
Christopher Haster 1:24750b9ad5ef 457 const unsigned char *hash,
Christopher Haster 1:24750b9ad5ef 458 unsigned char *sig );
Christopher Haster 1:24750b9ad5ef 459
Christopher Haster 1:24750b9ad5ef 460 /**
Christopher Haster 1:24750b9ad5ef 461 * \brief Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN)
Christopher Haster 1:24750b9ad5ef 462 *
Christopher Haster 1:24750b9ad5ef 463 * \param ctx RSA context
Christopher Haster 1:24750b9ad5ef 464 * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for
Christopher Haster 1:24750b9ad5ef 465 * MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 466 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 467 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 468 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
Christopher Haster 1:24750b9ad5ef 469 * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
Christopher Haster 1:24750b9ad5ef 470 * \param hash buffer holding the message digest
Christopher Haster 1:24750b9ad5ef 471 * \param sig buffer that will hold the ciphertext
Christopher Haster 1:24750b9ad5ef 472 *
Christopher Haster 1:24750b9ad5ef 473 * \return 0 if the signing operation was successful,
Christopher Haster 1:24750b9ad5ef 474 * or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 475 *
Christopher Haster 1:24750b9ad5ef 476 * \note The "sig" buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 477 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 478 *
Christopher Haster 1:24750b9ad5ef 479 * \note The hash_id in the RSA context is the one used for the
Christopher Haster 1:24750b9ad5ef 480 * encoding. md_alg in the function call is the type of hash
Christopher Haster 1:24750b9ad5ef 481 * that is encoded. According to RFC 3447 it is advised to
Christopher Haster 1:24750b9ad5ef 482 * keep both hashes the same.
Christopher Haster 1:24750b9ad5ef 483 */
Christopher Haster 1:24750b9ad5ef 484 int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 485 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 486 void *p_rng,
Christopher Haster 1:24750b9ad5ef 487 int mode,
Christopher Haster 1:24750b9ad5ef 488 mbedtls_md_type_t md_alg,
Christopher Haster 1:24750b9ad5ef 489 unsigned int hashlen,
Christopher Haster 1:24750b9ad5ef 490 const unsigned char *hash,
Christopher Haster 1:24750b9ad5ef 491 unsigned char *sig );
Christopher Haster 1:24750b9ad5ef 492
Christopher Haster 1:24750b9ad5ef 493 /**
Christopher Haster 1:24750b9ad5ef 494 * \brief Generic wrapper to perform a PKCS#1 verification using the
Christopher Haster 1:24750b9ad5ef 495 * mode from the context. Do a public RSA operation and check
Christopher Haster 1:24750b9ad5ef 496 * the message digest
Christopher Haster 1:24750b9ad5ef 497 *
Christopher Haster 1:24750b9ad5ef 498 * \param ctx points to an RSA public key
Christopher Haster 1:24750b9ad5ef 499 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 500 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 501 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 502 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
Christopher Haster 1:24750b9ad5ef 503 * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
Christopher Haster 1:24750b9ad5ef 504 * \param hash buffer holding the message digest
Christopher Haster 1:24750b9ad5ef 505 * \param sig buffer holding the ciphertext
Christopher Haster 1:24750b9ad5ef 506 *
Christopher Haster 1:24750b9ad5ef 507 * \return 0 if the verify operation was successful,
Christopher Haster 1:24750b9ad5ef 508 * or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 509 *
Christopher Haster 1:24750b9ad5ef 510 * \note The "sig" buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 511 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 512 *
Christopher Haster 1:24750b9ad5ef 513 * \note In case of PKCS#1 v2.1 encoding, see comments on
Christopher Haster 1:24750b9ad5ef 514 * \c mbedtls_rsa_rsassa_pss_verify() about md_alg and hash_id.
Christopher Haster 1:24750b9ad5ef 515 */
Christopher Haster 1:24750b9ad5ef 516 int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 517 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 518 void *p_rng,
Christopher Haster 1:24750b9ad5ef 519 int mode,
Christopher Haster 1:24750b9ad5ef 520 mbedtls_md_type_t md_alg,
Christopher Haster 1:24750b9ad5ef 521 unsigned int hashlen,
Christopher Haster 1:24750b9ad5ef 522 const unsigned char *hash,
Christopher Haster 1:24750b9ad5ef 523 const unsigned char *sig );
Christopher Haster 1:24750b9ad5ef 524
Christopher Haster 1:24750b9ad5ef 525 /**
Christopher Haster 1:24750b9ad5ef 526 * \brief Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY)
Christopher Haster 1:24750b9ad5ef 527 *
Christopher Haster 1:24750b9ad5ef 528 * \param ctx points to an RSA public key
Christopher Haster 1:24750b9ad5ef 529 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 530 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 531 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 532 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
Christopher Haster 1:24750b9ad5ef 533 * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
Christopher Haster 1:24750b9ad5ef 534 * \param hash buffer holding the message digest
Christopher Haster 1:24750b9ad5ef 535 * \param sig buffer holding the ciphertext
Christopher Haster 1:24750b9ad5ef 536 *
Christopher Haster 1:24750b9ad5ef 537 * \return 0 if the verify operation was successful,
Christopher Haster 1:24750b9ad5ef 538 * or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 539 *
Christopher Haster 1:24750b9ad5ef 540 * \note The "sig" buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 541 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 542 */
Christopher Haster 1:24750b9ad5ef 543 int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 544 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 545 void *p_rng,
Christopher Haster 1:24750b9ad5ef 546 int mode,
Christopher Haster 1:24750b9ad5ef 547 mbedtls_md_type_t md_alg,
Christopher Haster 1:24750b9ad5ef 548 unsigned int hashlen,
Christopher Haster 1:24750b9ad5ef 549 const unsigned char *hash,
Christopher Haster 1:24750b9ad5ef 550 const unsigned char *sig );
Christopher Haster 1:24750b9ad5ef 551
Christopher Haster 1:24750b9ad5ef 552 /**
Christopher Haster 1:24750b9ad5ef 553 * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
Christopher Haster 1:24750b9ad5ef 554 * (This is the "simple" version.)
Christopher Haster 1:24750b9ad5ef 555 *
Christopher Haster 1:24750b9ad5ef 556 * \param ctx points to an RSA public key
Christopher Haster 1:24750b9ad5ef 557 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 558 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 559 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 560 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
Christopher Haster 1:24750b9ad5ef 561 * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
Christopher Haster 1:24750b9ad5ef 562 * \param hash buffer holding the message digest
Christopher Haster 1:24750b9ad5ef 563 * \param sig buffer holding the ciphertext
Christopher Haster 1:24750b9ad5ef 564 *
Christopher Haster 1:24750b9ad5ef 565 * \return 0 if the verify operation was successful,
Christopher Haster 1:24750b9ad5ef 566 * or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 567 *
Christopher Haster 1:24750b9ad5ef 568 * \note The "sig" buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 569 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 570 *
Christopher Haster 1:24750b9ad5ef 571 * \note The hash_id in the RSA context is the one used for the
Christopher Haster 1:24750b9ad5ef 572 * verification. md_alg in the function call is the type of
Christopher Haster 1:24750b9ad5ef 573 * hash that is verified. According to RFC 3447 it is advised to
Christopher Haster 1:24750b9ad5ef 574 * keep both hashes the same. If hash_id in the RSA context is
Christopher Haster 1:24750b9ad5ef 575 * unset, the md_alg from the function call is used.
Christopher Haster 1:24750b9ad5ef 576 */
Christopher Haster 1:24750b9ad5ef 577 int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 578 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 579 void *p_rng,
Christopher Haster 1:24750b9ad5ef 580 int mode,
Christopher Haster 1:24750b9ad5ef 581 mbedtls_md_type_t md_alg,
Christopher Haster 1:24750b9ad5ef 582 unsigned int hashlen,
Christopher Haster 1:24750b9ad5ef 583 const unsigned char *hash,
Christopher Haster 1:24750b9ad5ef 584 const unsigned char *sig );
Christopher Haster 1:24750b9ad5ef 585
Christopher Haster 1:24750b9ad5ef 586 /**
Christopher Haster 1:24750b9ad5ef 587 * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
Christopher Haster 1:24750b9ad5ef 588 * (This is the version with "full" options.)
Christopher Haster 1:24750b9ad5ef 589 *
Christopher Haster 1:24750b9ad5ef 590 * \param ctx points to an RSA public key
Christopher Haster 1:24750b9ad5ef 591 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
Christopher Haster 1:24750b9ad5ef 592 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 593 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
Christopher Haster 1:24750b9ad5ef 594 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
Christopher Haster 1:24750b9ad5ef 595 * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
Christopher Haster 1:24750b9ad5ef 596 * \param hash buffer holding the message digest
Christopher Haster 1:24750b9ad5ef 597 * \param mgf1_hash_id message digest used for mask generation
Christopher Haster 1:24750b9ad5ef 598 * \param expected_salt_len Length of the salt used in padding, use
Christopher Haster 1:24750b9ad5ef 599 * MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length
Christopher Haster 1:24750b9ad5ef 600 * \param sig buffer holding the ciphertext
Christopher Haster 1:24750b9ad5ef 601 *
Christopher Haster 1:24750b9ad5ef 602 * \return 0 if the verify operation was successful,
Christopher Haster 1:24750b9ad5ef 603 * or an MBEDTLS_ERR_RSA_XXX error code
Christopher Haster 1:24750b9ad5ef 604 *
Christopher Haster 1:24750b9ad5ef 605 * \note The "sig" buffer must be as large as the size
Christopher Haster 1:24750b9ad5ef 606 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
Christopher Haster 1:24750b9ad5ef 607 *
Christopher Haster 1:24750b9ad5ef 608 * \note The hash_id in the RSA context is ignored.
Christopher Haster 1:24750b9ad5ef 609 */
Christopher Haster 1:24750b9ad5ef 610 int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
Christopher Haster 1:24750b9ad5ef 611 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 612 void *p_rng,
Christopher Haster 1:24750b9ad5ef 613 int mode,
Christopher Haster 1:24750b9ad5ef 614 mbedtls_md_type_t md_alg,
Christopher Haster 1:24750b9ad5ef 615 unsigned int hashlen,
Christopher Haster 1:24750b9ad5ef 616 const unsigned char *hash,
Christopher Haster 1:24750b9ad5ef 617 mbedtls_md_type_t mgf1_hash_id,
Christopher Haster 1:24750b9ad5ef 618 int expected_salt_len,
Christopher Haster 1:24750b9ad5ef 619 const unsigned char *sig );
Christopher Haster 1:24750b9ad5ef 620
Christopher Haster 1:24750b9ad5ef 621 /**
Christopher Haster 1:24750b9ad5ef 622 * \brief Copy the components of an RSA context
Christopher Haster 1:24750b9ad5ef 623 *
Christopher Haster 1:24750b9ad5ef 624 * \param dst Destination context
Christopher Haster 1:24750b9ad5ef 625 * \param src Source context
Christopher Haster 1:24750b9ad5ef 626 *
Christopher Haster 1:24750b9ad5ef 627 * \return 0 on success,
Christopher Haster 1:24750b9ad5ef 628 * MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure
Christopher Haster 1:24750b9ad5ef 629 */
Christopher Haster 1:24750b9ad5ef 630 int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src );
Christopher Haster 1:24750b9ad5ef 631
Christopher Haster 1:24750b9ad5ef 632 /**
Christopher Haster 1:24750b9ad5ef 633 * \brief Free the components of an RSA key
Christopher Haster 1:24750b9ad5ef 634 *
Christopher Haster 1:24750b9ad5ef 635 * \param ctx RSA Context to free
Christopher Haster 1:24750b9ad5ef 636 */
Christopher Haster 1:24750b9ad5ef 637 void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
Christopher Haster 1:24750b9ad5ef 638
Christopher Haster 1:24750b9ad5ef 639 /**
Christopher Haster 1:24750b9ad5ef 640 * \brief Checkup routine
Christopher Haster 1:24750b9ad5ef 641 *
Christopher Haster 1:24750b9ad5ef 642 * \return 0 if successful, or 1 if the test failed
Christopher Haster 1:24750b9ad5ef 643 */
Christopher Haster 1:24750b9ad5ef 644 int mbedtls_rsa_self_test( int verbose );
Christopher Haster 1:24750b9ad5ef 645
Christopher Haster 1:24750b9ad5ef 646 #ifdef __cplusplus
Christopher Haster 1:24750b9ad5ef 647 }
Christopher Haster 1:24750b9ad5ef 648 #endif
Christopher Haster 1:24750b9ad5ef 649
Christopher Haster 1:24750b9ad5ef 650 #endif /* MBEDTLS_RSA_C */
Christopher Haster 1:24750b9ad5ef 651
Christopher Haster 1:24750b9ad5ef 652 #endif /* rsa.h */