Kenji Arai / mbed-os_TYBLE16

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependents:   TYBLE16_simple_data_logger TYBLE16_MP3_Air

Embed: (wiki syntax)

« Back to documentation index

pkcs11.h File Reference
Data Structures | Typedefs | Functions

pkcs11.h File Reference

Wrapper for PKCS#11 library libpkcs11-helper. More...

Go to the source code of this file.

Data Structures

struct  mbedtls_pkcs11_context
 Context for PKCS #11 private keys. More...

Typedefs

typedef struct
mbedtls_pkcs11_context 		mbedtls_pkcs11_context
 Context for PKCS #11 private keys.

Functions

void mbedtls_pkcs11_init (mbedtls_pkcs11_context *ctx)
 Initialize a mbedtls_pkcs11_context.
int mbedtls_pkcs11_x509_cert_bind (mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11h_cert)
 Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.
int mbedtls_pkcs11_priv_key_bind (mbedtls_pkcs11_context *priv_key, pkcs11h_certificate_t pkcs11_cert)
 Set up a mbedtls_pkcs11_context storing the given certificate.
void mbedtls_pkcs11_priv_key_free (mbedtls_pkcs11_context *priv_key)
 Free the contents of the given private key context.
int mbedtls_pkcs11_decrypt (mbedtls_pkcs11_context *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len)
 Do an RSA private key decrypt, then remove the message padding.
int mbedtls_pkcs11_sign (mbedtls_pkcs11_context *ctx, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
 Do a private RSA to sign a message digest.
static int mbedtls_ssl_pkcs11_decrypt (void *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len)
 SSL/TLS wrappers for PKCS#11 functions.

Detailed Description

Wrapper for PKCS#11 library libpkcs11-helper.

Author:
Adriaan de Jong <dejong@fox-it.com>

Definition in file pkcs11.h.

Typedef Documentation

typedef struct mbedtls_pkcs11_context mbedtls_pkcs11_context

Context for PKCS #11 private keys.

Function Documentation

int mbedtls_pkcs11_decrypt ( mbedtls_pkcs11_context ctx,
int  mode,
size_t *  olen,
const unsigned char *  input,
unsigned char *  output,
size_t  output_max_len 
)

Do an RSA private key decrypt, then remove the message padding.

Parameters:
ctxPKCS #11 context
modemust be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
inputbuffer holding the encrypted data
outputbuffer that will hold the plaintext
olenwill contain the plaintext length
output_max_lenmaximum length of the output buffer
Returns:
0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Note:
The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise an error is thrown.

Definition at line 129 of file pkcs11.c.

void mbedtls_pkcs11_init ( mbedtls_pkcs11_context ctx )

Initialize a mbedtls_pkcs11_context.

(Just making memory references valid.)

Definition at line 44 of file pkcs11.c.

int mbedtls_pkcs11_priv_key_bind ( mbedtls_pkcs11_context priv_key,
pkcs11h_certificate_t  pkcs11_cert 
)

Set up a mbedtls_pkcs11_context storing the given certificate.

Note that the mbedtls_pkcs11_context will take over control of the certificate, freeing it when done.

Parameters:
priv_keyPrivate key structure to fill.
pkcs11_certPKCS #11 helper certificate
Returns:
0 on success

Definition at line 98 of file pkcs11.c.

void mbedtls_pkcs11_priv_key_free ( mbedtls_pkcs11_context priv_key )

Free the contents of the given private key context.

Note that the structure itself is not freed.

Parameters:
priv_keyPrivate key structure to cleanup

Definition at line 123 of file pkcs11.c.

int mbedtls_pkcs11_sign ( mbedtls_pkcs11_context ctx,
int  mode,
mbedtls_md_type_t  md_alg,
unsigned int  hashlen,
const unsigned char *  hash,
unsigned char *  sig 
)

Do a private RSA to sign a message digest.

Parameters:
ctxPKCS #11 context
modemust be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
md_alga MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
hashlenmessage digest length (for MBEDTLS_MD_NONE only)
hashbuffer holding the message digest
sigbuffer that will hold the ciphertext
Returns:
0 if the signing operation was successful, or an MBEDTLS_ERR_RSA_XXX error code
Note:
The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Definition at line 167 of file pkcs11.c.

int mbedtls_pkcs11_x509_cert_bind ( mbedtls_x509_crt cert,
pkcs11h_certificate_t  pkcs11h_cert 
)

Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.

Parameters:
certX.509 certificate to fill
pkcs11h_certPKCS #11 helper certificate
Returns:
0 on success.

Definition at line 49 of file pkcs11.c.

static int mbedtls_ssl_pkcs11_decrypt ( void *  ctx,
int  mode,
size_t *  olen,
const unsigned char *  input,
unsigned char *  output,
size_t  output_max_len 
) [static]

SSL/TLS wrappers for PKCS#11 functions.

Definition at line 145 of file pkcs11.h.

Generated on Tue Jul 12 2022 13:55:17 by  doxygen 1.7.2