Jan Korycan
/
WNCInterface
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependencies: WncControllerK64F
Fork of
WNCInterface
by 
Jan Korycan
mbedtls/mbedtls/rsa.h@33:f41d199375f0, 2018-04-05 (annotated)
- Committer:
- korycanjan
- Date:
- Thu Apr 05 03:17:03 2018 +0000
- Revision:
- 33:f41d199375f0
- Parent:
- 12:0071cb144c7a
Better stability
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| JMF | 12:0071cb144c7a | 1 | /** |
| JMF | 12:0071cb144c7a | 2 | * \file rsa.h |
| JMF | 12:0071cb144c7a | 3 | * |
| JMF | 12:0071cb144c7a | 4 | * \brief The RSA public-key cryptosystem |
| JMF | 12:0071cb144c7a | 5 | * |
| JMF | 12:0071cb144c7a | 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved |
| JMF | 12:0071cb144c7a | 7 | * SPDX-License-Identifier: Apache-2.0 |
| JMF | 12:0071cb144c7a | 8 | * |
| JMF | 12:0071cb144c7a | 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
| JMF | 12:0071cb144c7a | 10 | * not use this file except in compliance with the License. |
| JMF | 12:0071cb144c7a | 11 | * You may obtain a copy of the License at |
| JMF | 12:0071cb144c7a | 12 | * |
| JMF | 12:0071cb144c7a | 13 | * http://www.apache.org/licenses/LICENSE-2.0 |
| JMF | 12:0071cb144c7a | 14 | * |
| JMF | 12:0071cb144c7a | 15 | * Unless required by applicable law or agreed to in writing, software |
| JMF | 12:0071cb144c7a | 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| JMF | 12:0071cb144c7a | 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| JMF | 12:0071cb144c7a | 18 | * See the License for the specific language governing permissions and |
| JMF | 12:0071cb144c7a | 19 | * limitations under the License. |
| JMF | 12:0071cb144c7a | 20 | * |
| JMF | 12:0071cb144c7a | 21 | * This file is part of mbed TLS (https://tls.mbed.org) |
| JMF | 12:0071cb144c7a | 22 | */ |
| JMF | 12:0071cb144c7a | 23 | #ifndef MBEDTLS_RSA_H |
| JMF | 12:0071cb144c7a | 24 | #define MBEDTLS_RSA_H |
| JMF | 12:0071cb144c7a | 25 | |
| JMF | 12:0071cb144c7a | 26 | #if !defined(MBEDTLS_CONFIG_FILE) |
| JMF | 12:0071cb144c7a | 27 | #include "config.h" |
| JMF | 12:0071cb144c7a | 28 | #else |
| JMF | 12:0071cb144c7a | 29 | #include MBEDTLS_CONFIG_FILE |
| JMF | 12:0071cb144c7a | 30 | #endif |
| JMF | 12:0071cb144c7a | 31 | |
| JMF | 12:0071cb144c7a | 32 | #include "bignum.h" |
| JMF | 12:0071cb144c7a | 33 | #include "md.h" |
| JMF | 12:0071cb144c7a | 34 | |
| JMF | 12:0071cb144c7a | 35 | #if defined(MBEDTLS_THREADING_C) |
| JMF | 12:0071cb144c7a | 36 | #include "threading.h" |
| JMF | 12:0071cb144c7a | 37 | #endif |
| JMF | 12:0071cb144c7a | 38 | |
| JMF | 12:0071cb144c7a | 39 | /* |
| JMF | 12:0071cb144c7a | 40 | * RSA Error codes |
| JMF | 12:0071cb144c7a | 41 | */ |
| JMF | 12:0071cb144c7a | 42 | #define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 /**< Bad input parameters to function. */ |
| JMF | 12:0071cb144c7a | 43 | #define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100 /**< Input data contains invalid padding and is rejected. */ |
| JMF | 12:0071cb144c7a | 44 | #define MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180 /**< Something failed during generation of a key. */ |
| JMF | 12:0071cb144c7a | 45 | #define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 /**< Key failed to pass the library's validity check. */ |
| JMF | 12:0071cb144c7a | 46 | #define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280 /**< The public key operation failed. */ |
| JMF | 12:0071cb144c7a | 47 | #define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300 /**< The private key operation failed. */ |
| JMF | 12:0071cb144c7a | 48 | #define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */ |
| JMF | 12:0071cb144c7a | 49 | #define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */ |
| JMF | 12:0071cb144c7a | 50 | #define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */ |
| JMF | 12:0071cb144c7a | 51 | |
| JMF | 12:0071cb144c7a | 52 | /* |
| JMF | 12:0071cb144c7a | 53 | * RSA constants |
| JMF | 12:0071cb144c7a | 54 | */ |
| JMF | 12:0071cb144c7a | 55 | #define MBEDTLS_RSA_PUBLIC 0 |
| JMF | 12:0071cb144c7a | 56 | #define MBEDTLS_RSA_PRIVATE 1 |
| JMF | 12:0071cb144c7a | 57 | |
| JMF | 12:0071cb144c7a | 58 | #define MBEDTLS_RSA_PKCS_V15 0 |
| JMF | 12:0071cb144c7a | 59 | #define MBEDTLS_RSA_PKCS_V21 1 |
| JMF | 12:0071cb144c7a | 60 | |
| JMF | 12:0071cb144c7a | 61 | #define MBEDTLS_RSA_SIGN 1 |
| JMF | 12:0071cb144c7a | 62 | #define MBEDTLS_RSA_CRYPT 2 |
| JMF | 12:0071cb144c7a | 63 | |
| JMF | 12:0071cb144c7a | 64 | #define MBEDTLS_RSA_SALT_LEN_ANY -1 |
| JMF | 12:0071cb144c7a | 65 | |
| JMF | 12:0071cb144c7a | 66 | /* |
| JMF | 12:0071cb144c7a | 67 | * The above constants may be used even if the RSA module is compile out, |
| JMF | 12:0071cb144c7a | 68 | * eg for alternative (PKCS#11) RSA implemenations in the PK layers. |
| JMF | 12:0071cb144c7a | 69 | */ |
| JMF | 12:0071cb144c7a | 70 | #if defined(MBEDTLS_RSA_C) |
| JMF | 12:0071cb144c7a | 71 | |
| JMF | 12:0071cb144c7a | 72 | #ifdef __cplusplus |
| JMF | 12:0071cb144c7a | 73 | extern "C" { |
| JMF | 12:0071cb144c7a | 74 | #endif |
| JMF | 12:0071cb144c7a | 75 | |
| JMF | 12:0071cb144c7a | 76 | /** |
| JMF | 12:0071cb144c7a | 77 | * \brief RSA context structure |
| JMF | 12:0071cb144c7a | 78 | */ |
| JMF | 12:0071cb144c7a | 79 | typedef struct |
| JMF | 12:0071cb144c7a | 80 | { |
| JMF | 12:0071cb144c7a | 81 | int ver; /*!< always 0 */ |
| JMF | 12:0071cb144c7a | 82 | size_t len; /*!< size(N) in chars */ |
| JMF | 12:0071cb144c7a | 83 | |
| JMF | 12:0071cb144c7a | 84 | mbedtls_mpi N; /*!< public modulus */ |
| JMF | 12:0071cb144c7a | 85 | mbedtls_mpi E; /*!< public exponent */ |
| JMF | 12:0071cb144c7a | 86 | |
| JMF | 12:0071cb144c7a | 87 | mbedtls_mpi D; /*!< private exponent */ |
| JMF | 12:0071cb144c7a | 88 | mbedtls_mpi P; /*!< 1st prime factor */ |
| JMF | 12:0071cb144c7a | 89 | mbedtls_mpi Q; /*!< 2nd prime factor */ |
| JMF | 12:0071cb144c7a | 90 | mbedtls_mpi DP; /*!< D % (P - 1) */ |
| JMF | 12:0071cb144c7a | 91 | mbedtls_mpi DQ; /*!< D % (Q - 1) */ |
| JMF | 12:0071cb144c7a | 92 | mbedtls_mpi QP; /*!< 1 / (Q % P) */ |
| JMF | 12:0071cb144c7a | 93 | |
| JMF | 12:0071cb144c7a | 94 | mbedtls_mpi RN; /*!< cached R^2 mod N */ |
| JMF | 12:0071cb144c7a | 95 | mbedtls_mpi RP; /*!< cached R^2 mod P */ |
| JMF | 12:0071cb144c7a | 96 | mbedtls_mpi RQ; /*!< cached R^2 mod Q */ |
| JMF | 12:0071cb144c7a | 97 | |
| JMF | 12:0071cb144c7a | 98 | mbedtls_mpi Vi; /*!< cached blinding value */ |
| JMF | 12:0071cb144c7a | 99 | mbedtls_mpi Vf; /*!< cached un-blinding value */ |
| JMF | 12:0071cb144c7a | 100 | |
| JMF | 12:0071cb144c7a | 101 | int padding; /*!< MBEDTLS_RSA_PKCS_V15 for 1.5 padding and |
| JMF | 12:0071cb144c7a | 102 | RSA_PKCS_v21 for OAEP/PSS */ |
| JMF | 12:0071cb144c7a | 103 | int hash_id; /*!< Hash identifier of mbedtls_md_type_t as |
| JMF | 12:0071cb144c7a | 104 | specified in the mbedtls_md.h header file |
| JMF | 12:0071cb144c7a | 105 | for the EME-OAEP and EMSA-PSS |
| JMF | 12:0071cb144c7a | 106 | encoding */ |
| JMF | 12:0071cb144c7a | 107 | #if defined(MBEDTLS_THREADING_C) |
| JMF | 12:0071cb144c7a | 108 | mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex */ |
| JMF | 12:0071cb144c7a | 109 | #endif |
| JMF | 12:0071cb144c7a | 110 | } |
| JMF | 12:0071cb144c7a | 111 | mbedtls_rsa_context; |
| JMF | 12:0071cb144c7a | 112 | |
| JMF | 12:0071cb144c7a | 113 | /** |
| JMF | 12:0071cb144c7a | 114 | * \brief Initialize an RSA context |
| JMF | 12:0071cb144c7a | 115 | * |
| JMF | 12:0071cb144c7a | 116 | * Note: Set padding to MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP |
| JMF | 12:0071cb144c7a | 117 | * encryption scheme and the RSASSA-PSS signature scheme. |
| JMF | 12:0071cb144c7a | 118 | * |
| JMF | 12:0071cb144c7a | 119 | * \param ctx RSA context to be initialized |
| JMF | 12:0071cb144c7a | 120 | * \param padding MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21 |
| JMF | 12:0071cb144c7a | 121 | * \param hash_id MBEDTLS_RSA_PKCS_V21 hash identifier |
| JMF | 12:0071cb144c7a | 122 | * |
| JMF | 12:0071cb144c7a | 123 | * \note The hash_id parameter is actually ignored |
| JMF | 12:0071cb144c7a | 124 | * when using MBEDTLS_RSA_PKCS_V15 padding. |
| JMF | 12:0071cb144c7a | 125 | * |
| JMF | 12:0071cb144c7a | 126 | * \note Choice of padding mode is strictly enforced for private key |
| JMF | 12:0071cb144c7a | 127 | * operations, since there might be security concerns in |
| JMF | 12:0071cb144c7a | 128 | * mixing padding modes. For public key operations it's merely |
| JMF | 12:0071cb144c7a | 129 | * a default value, which can be overriden by calling specific |
| JMF | 12:0071cb144c7a | 130 | * rsa_rsaes_xxx or rsa_rsassa_xxx functions. |
| JMF | 12:0071cb144c7a | 131 | * |
| JMF | 12:0071cb144c7a | 132 | * \note The chosen hash is always used for OEAP encryption. |
| JMF | 12:0071cb144c7a | 133 | * For PSS signatures, it's always used for making signatures, |
| JMF | 12:0071cb144c7a | 134 | * but can be overriden (and always is, if set to |
| JMF | 12:0071cb144c7a | 135 | * MBEDTLS_MD_NONE) for verifying them. |
| JMF | 12:0071cb144c7a | 136 | */ |
| JMF | 12:0071cb144c7a | 137 | void mbedtls_rsa_init( mbedtls_rsa_context *ctx, |
| JMF | 12:0071cb144c7a | 138 | int padding, |
| JMF | 12:0071cb144c7a | 139 | int hash_id); |
| JMF | 12:0071cb144c7a | 140 | |
| JMF | 12:0071cb144c7a | 141 | /** |
| JMF | 12:0071cb144c7a | 142 | * \brief Set padding for an already initialized RSA context |
| JMF | 12:0071cb144c7a | 143 | * See \c mbedtls_rsa_init() for details. |
| JMF | 12:0071cb144c7a | 144 | * |
| JMF | 12:0071cb144c7a | 145 | * \param ctx RSA context to be set |
| JMF | 12:0071cb144c7a | 146 | * \param padding MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21 |
| JMF | 12:0071cb144c7a | 147 | * \param hash_id MBEDTLS_RSA_PKCS_V21 hash identifier |
| JMF | 12:0071cb144c7a | 148 | */ |
| JMF | 12:0071cb144c7a | 149 | void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id); |
| JMF | 12:0071cb144c7a | 150 | |
| JMF | 12:0071cb144c7a | 151 | /** |
| JMF | 12:0071cb144c7a | 152 | * \brief Generate an RSA keypair |
| JMF | 12:0071cb144c7a | 153 | * |
| JMF | 12:0071cb144c7a | 154 | * \param ctx RSA context that will hold the key |
| JMF | 12:0071cb144c7a | 155 | * \param f_rng RNG function |
| JMF | 12:0071cb144c7a | 156 | * \param p_rng RNG parameter |
| JMF | 12:0071cb144c7a | 157 | * \param nbits size of the public key in bits |
| JMF | 12:0071cb144c7a | 158 | * \param exponent public exponent (e.g., 65537) |
| JMF | 12:0071cb144c7a | 159 | * |
| JMF | 12:0071cb144c7a | 160 | * \note mbedtls_rsa_init() must be called beforehand to setup |
| JMF | 12:0071cb144c7a | 161 | * the RSA context. |
| JMF | 12:0071cb144c7a | 162 | * |
| JMF | 12:0071cb144c7a | 163 | * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code |
| JMF | 12:0071cb144c7a | 164 | */ |
| JMF | 12:0071cb144c7a | 165 | int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, |
| JMF | 12:0071cb144c7a | 166 | int (*f_rng)(void *, unsigned char *, size_t), |
| JMF | 12:0071cb144c7a | 167 | void *p_rng, |
| JMF | 12:0071cb144c7a | 168 | unsigned int nbits, int exponent ); |
| JMF | 12:0071cb144c7a | 169 | |
| JMF | 12:0071cb144c7a | 170 | /** |
| JMF | 12:0071cb144c7a | 171 | * \brief Check a public RSA key |
| JMF | 12:0071cb144c7a | 172 | * |
| JMF | 12:0071cb144c7a | 173 | * \param ctx RSA context to be checked |
| JMF | 12:0071cb144c7a | 174 | * |
| JMF | 12:0071cb144c7a | 175 | * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code |
| JMF | 12:0071cb144c7a | 176 | */ |
| JMF | 12:0071cb144c7a | 177 | int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); |
| JMF | 12:0071cb144c7a | 178 | |
| JMF | 12:0071cb144c7a | 179 | /** |
| JMF | 12:0071cb144c7a | 180 | * \brief Check a private RSA key |
| JMF | 12:0071cb144c7a | 181 | * |
| JMF | 12:0071cb144c7a | 182 | * \param ctx RSA context to be checked |
| JMF | 12:0071cb144c7a | 183 | * |
| JMF | 12:0071cb144c7a | 184 | * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code |
| JMF | 12:0071cb144c7a | 185 | */ |
| JMF | 12:0071cb144c7a | 186 | int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); |
| JMF | 12:0071cb144c7a | 187 | |
| JMF | 12:0071cb144c7a | 188 | /** |
| JMF | 12:0071cb144c7a | 189 | * \brief Check a public-private RSA key pair. |
| JMF | 12:0071cb144c7a | 190 | * Check each of the contexts, and make sure they match. |
| JMF | 12:0071cb144c7a | 191 | * |
| JMF | 12:0071cb144c7a | 192 | * \param pub RSA context holding the public key |
| JMF | 12:0071cb144c7a | 193 | * \param prv RSA context holding the private key |
| JMF | 12:0071cb144c7a | 194 | * |
| JMF | 12:0071cb144c7a | 195 | * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code |
| JMF | 12:0071cb144c7a | 196 | */ |
| JMF | 12:0071cb144c7a | 197 | int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv ); |
| JMF | 12:0071cb144c7a | 198 | |
| JMF | 12:0071cb144c7a | 199 | /** |
| JMF | 12:0071cb144c7a | 200 | * \brief Do an RSA public key operation |
| JMF | 12:0071cb144c7a | 201 | * |
| JMF | 12:0071cb144c7a | 202 | * \param ctx RSA context |
| JMF | 12:0071cb144c7a | 203 | * \param input input buffer |
| JMF | 12:0071cb144c7a | 204 | * \param output output buffer |
| JMF | 12:0071cb144c7a | 205 | * |
| JMF | 12:0071cb144c7a | 206 | * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code |
| JMF | 12:0071cb144c7a | 207 | * |
| JMF | 12:0071cb144c7a | 208 | * \note This function does NOT take care of message |
| JMF | 12:0071cb144c7a | 209 | * padding. Also, be sure to set input[0] = 0 or assure that |
| JMF | 12:0071cb144c7a | 210 | * input is smaller than N. |
| JMF | 12:0071cb144c7a | 211 | * |
| JMF | 12:0071cb144c7a | 212 | * \note The input and output buffers must be large |
| JMF | 12:0071cb144c7a | 213 | * enough (eg. 128 bytes if RSA-1024 is used). |
| JMF | 12:0071cb144c7a | 214 | */ |
| JMF | 12:0071cb144c7a | 215 | int mbedtls_rsa_public( mbedtls_rsa_context *ctx, |
| JMF | 12:0071cb144c7a | 216 | const unsigned char *input, |
| JMF | 12:0071cb144c7a | 217 | unsigned char *output ); |
| JMF | 12:0071cb144c7a | 218 | |
| JMF | 12:0071cb144c7a | 219 | /** |
| JMF | 12:0071cb144c7a | 220 | * \brief Do an RSA private key operation |
| JMF | 12:0071cb144c7a | 221 | * |
| JMF | 12:0071cb144c7a | 222 | * \param ctx RSA context |
| JMF | 12:0071cb144c7a | 223 | * \param f_rng RNG function (Needed for blinding) |
| JMF | 12:0071cb144c7a | 224 | * \param p_rng RNG parameter |
| JMF | 12:0071cb144c7a | 225 | * \param input input buffer |
| JMF | 12:0071cb144c7a | 226 | * \param output output buffer |
| JMF | 12:0071cb144c7a | 227 | * |
| JMF | 12:0071cb144c7a | 228 | * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code |
| JMF | 12:0071cb144c7a | 229 | * |
| JMF | 12:0071cb144c7a | 230 | * \note The input and output buffers must be large |
| JMF | 12:0071cb144c7a | 231 | * enough (eg. 128 bytes if RSA-1024 is used). |
| JMF | 12:0071cb144c7a | 232 | */ |
| JMF | 12:0071cb144c7a | 233 | int mbedtls_rsa_private( mbedtls_rsa_context *ctx, |
| JMF | 12:0071cb144c7a | 234 | int (*f_rng)(void *, unsigned char *, size_t), |
| JMF | 12:0071cb144c7a | 235 | void *p_rng, |
| JMF | 12:0071cb144c7a | 236 | const unsigned char *input, |
| JMF | 12:0071cb144c7a | 237 | unsigned char *output ); |
| JMF | 12:0071cb144c7a | 238 | |
| JMF | 12:0071cb144c7a | 239 | /** |
| JMF | 12:0071cb144c7a | 240 | * \brief Generic wrapper to perform a PKCS#1 encryption using the |
| JMF | 12:0071cb144c7a | 241 | * mode from the context. Add the message padding, then do an |
| JMF | 12:0071cb144c7a | 242 | * RSA operation. |
| JMF | 12:0071cb144c7a | 243 | * |
| JMF | 12:0071cb144c7a | 244 | * \param ctx RSA context |
| JMF | 12:0071cb144c7a | 245 | * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding |
| JMF | 12:0071cb144c7a | 246 | * and MBEDTLS_RSA_PRIVATE) |
| JMF | 12:0071cb144c7a | 247 | * \param p_rng RNG parameter |
| JMF | 12:0071cb144c7a | 248 | * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE |
| JMF | 12:0071cb144c7a | 249 | * \param ilen contains the plaintext length |
| JMF | 12:0071cb144c7a | 250 | * \param input buffer holding the data to be encrypted |
| JMF | 12:0071cb144c7a | 251 | * \param output buffer that will hold the ciphertext |
| JMF | 12:0071cb144c7a | 252 | * |
| JMF | 12:0071cb144c7a | 253 | * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code |
| JMF | 12:0071cb144c7a | 254 | * |
| JMF | 12:0071cb144c7a | 255 | * \note The output buffer must be as large as the size |
| JMF | 12:0071cb144c7a | 256 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| JMF | 12:0071cb144c7a | 257 | */ |
| JMF | 12:0071cb144c7a | 258 | int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, |
| JMF | 12:0071cb144c7a | 259 | int (*f_rng)(void *, unsigned char *, size_t), |
| JMF | 12:0071cb144c7a | 260 | void *p_rng, |
| JMF | 12:0071cb144c7a | 261 | int mode, size_t ilen, |
| JMF | 12:0071cb144c7a | 262 | const unsigned char *input, |
| JMF | 12:0071cb144c7a | 263 | unsigned char *output ); |
| JMF | 12:0071cb144c7a | 264 | |
| JMF | 12:0071cb144c7a | 265 | /** |
| JMF | 12:0071cb144c7a | 266 | * \brief Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT) |
| JMF | 12:0071cb144c7a | 267 | * |
| JMF | 12:0071cb144c7a | 268 | * \param ctx RSA context |
| JMF | 12:0071cb144c7a | 269 | * \param f_rng RNG function (Needed for padding and MBEDTLS_RSA_PRIVATE) |
| JMF | 12:0071cb144c7a | 270 | * \param p_rng RNG parameter |
| JMF | 12:0071cb144c7a | 271 | * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE |
| JMF | 12:0071cb144c7a | 272 | * \param ilen contains the plaintext length |
| JMF | 12:0071cb144c7a | 273 | * \param input buffer holding the data to be encrypted |
| JMF | 12:0071cb144c7a | 274 | * \param output buffer that will hold the ciphertext |
| JMF | 12:0071cb144c7a | 275 | * |
| JMF | 12:0071cb144c7a | 276 | * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code |
| JMF | 12:0071cb144c7a | 277 | * |
| JMF | 12:0071cb144c7a | 278 | * \note The output buffer must be as large as the size |
| JMF | 12:0071cb144c7a | 279 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| JMF | 12:0071cb144c7a | 280 | */ |
| JMF | 12:0071cb144c7a | 281 | int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, |
| JMF | 12:0071cb144c7a | 282 | int (*f_rng)(void *, unsigned char *, size_t), |
| JMF | 12:0071cb144c7a | 283 | void *p_rng, |
| JMF | 12:0071cb144c7a | 284 | int mode, size_t ilen, |
| JMF | 12:0071cb144c7a | 285 | const unsigned char *input, |
| JMF | 12:0071cb144c7a | 286 | unsigned char *output ); |
| JMF | 12:0071cb144c7a | 287 | |
| JMF | 12:0071cb144c7a | 288 | /** |
| JMF | 12:0071cb144c7a | 289 | * \brief Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT) |
| JMF | 12:0071cb144c7a | 290 | * |
| JMF | 12:0071cb144c7a | 291 | * \param ctx RSA context |
| JMF | 12:0071cb144c7a | 292 | * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding |
| JMF | 12:0071cb144c7a | 293 | * and MBEDTLS_RSA_PRIVATE) |
| JMF | 12:0071cb144c7a | 294 | * \param p_rng RNG parameter |
| JMF | 12:0071cb144c7a | 295 | * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE |
| JMF | 12:0071cb144c7a | 296 | * \param label buffer holding the custom label to use |
| JMF | 12:0071cb144c7a | 297 | * \param label_len contains the label length |
| JMF | 12:0071cb144c7a | 298 | * \param ilen contains the plaintext length |
| JMF | 12:0071cb144c7a | 299 | * \param input buffer holding the data to be encrypted |
| JMF | 12:0071cb144c7a | 300 | * \param output buffer that will hold the ciphertext |
| JMF | 12:0071cb144c7a | 301 | * |
| JMF | 12:0071cb144c7a | 302 | * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code |
| JMF | 12:0071cb144c7a | 303 | * |
| JMF | 12:0071cb144c7a | 304 | * \note The output buffer must be as large as the size |
| JMF | 12:0071cb144c7a | 305 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| JMF | 12:0071cb144c7a | 306 | */ |
| JMF | 12:0071cb144c7a | 307 | int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, |
| JMF | 12:0071cb144c7a | 308 | int (*f_rng)(void *, unsigned char *, size_t), |
| JMF | 12:0071cb144c7a | 309 | void *p_rng, |
| JMF | 12:0071cb144c7a | 310 | int mode, |
| JMF | 12:0071cb144c7a | 311 | const unsigned char *label, size_t label_len, |
| JMF | 12:0071cb144c7a | 312 | size_t ilen, |
| JMF | 12:0071cb144c7a | 313 | const unsigned char *input, |
| JMF | 12:0071cb144c7a | 314 | unsigned char *output ); |
| JMF | 12:0071cb144c7a | 315 | |
| JMF | 12:0071cb144c7a | 316 | /** |
| JMF | 12:0071cb144c7a | 317 | * \brief Generic wrapper to perform a PKCS#1 decryption using the |
| JMF | 12:0071cb144c7a | 318 | * mode from the context. Do an RSA operation, then remove |
| JMF | 12:0071cb144c7a | 319 | * the message padding |
| JMF | 12:0071cb144c7a | 320 | * |
| JMF | 12:0071cb144c7a | 321 | * \param ctx RSA context |
| JMF | 12:0071cb144c7a | 322 | * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) |
| JMF | 12:0071cb144c7a | 323 | * \param p_rng RNG parameter |
| JMF | 12:0071cb144c7a | 324 | * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE |
| JMF | 12:0071cb144c7a | 325 | * \param olen will contain the plaintext length |
| JMF | 12:0071cb144c7a | 326 | * \param input buffer holding the encrypted data |
| JMF | 12:0071cb144c7a | 327 | * \param output buffer that will hold the plaintext |
| JMF | 12:0071cb144c7a | 328 | * \param output_max_len maximum length of the output buffer |
| JMF | 12:0071cb144c7a | 329 | * |
| JMF | 12:0071cb144c7a | 330 | * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code |
| JMF | 12:0071cb144c7a | 331 | * |
| JMF | 12:0071cb144c7a | 332 | * \note The output buffer must be as large as the size |
| JMF | 12:0071cb144c7a | 333 | * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise |
| JMF | 12:0071cb144c7a | 334 | * an error is thrown. |
| JMF | 12:0071cb144c7a | 335 | */ |
| JMF | 12:0071cb144c7a | 336 | int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, |
| JMF | 12:0071cb144c7a | 337 | int (*f_rng)(void *, unsigned char *, size_t), |
| JMF | 12:0071cb144c7a | 338 | void *p_rng, |
| JMF | 12:0071cb144c7a | 339 | int mode, size_t *olen, |
| JMF | 12:0071cb144c7a | 340 | const unsigned char *input, |
| JMF | 12:0071cb144c7a | 341 | unsigned char *output, |
| JMF | 12:0071cb144c7a | 342 | size_t output_max_len ); |
| JMF | 12:0071cb144c7a | 343 | |
| JMF | 12:0071cb144c7a | 344 | /** |
| JMF | 12:0071cb144c7a | 345 | * \brief Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT) |
| JMF | 12:0071cb144c7a | 346 | * |
| JMF | 12:0071cb144c7a | 347 | * \param ctx RSA context |
| JMF | 12:0071cb144c7a | 348 | * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) |
| JMF | 12:0071cb144c7a | 349 | * \param p_rng RNG parameter |
| JMF | 12:0071cb144c7a | 350 | * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE |
| JMF | 12:0071cb144c7a | 351 | * \param olen will contain the plaintext length |
| JMF | 12:0071cb144c7a | 352 | * \param input buffer holding the encrypted data |
| JMF | 12:0071cb144c7a | 353 | * \param output buffer that will hold the plaintext |
| JMF | 12:0071cb144c7a | 354 | * \param output_max_len maximum length of the output buffer |
| JMF | 12:0071cb144c7a | 355 | * |
| JMF | 12:0071cb144c7a | 356 | * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code |
| JMF | 12:0071cb144c7a | 357 | * |
| JMF | 12:0071cb144c7a | 358 | * \note The output buffer must be as large as the size |
| JMF | 12:0071cb144c7a | 359 | * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise |
| JMF | 12:0071cb144c7a | 360 | * an error is thrown. |
| JMF | 12:0071cb144c7a | 361 | */ |
| JMF | 12:0071cb144c7a | 362 | int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, |
| JMF | 12:0071cb144c7a | 363 | int (*f_rng)(void *, unsigned char *, size_t), |
| JMF | 12:0071cb144c7a | 364 | void *p_rng, |
| JMF | 12:0071cb144c7a | 365 | int mode, size_t *olen, |
| JMF | 12:0071cb144c7a | 366 | const unsigned char *input, |
| JMF | 12:0071cb144c7a | 367 | unsigned char *output, |
| JMF | 12:0071cb144c7a | 368 | size_t output_max_len ); |
| JMF | 12:0071cb144c7a | 369 | |
| JMF | 12:0071cb144c7a | 370 | /** |
| JMF | 12:0071cb144c7a | 371 | * \brief Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT) |
| JMF | 12:0071cb144c7a | 372 | * |
| JMF | 12:0071cb144c7a | 373 | * \param ctx RSA context |
| JMF | 12:0071cb144c7a | 374 | * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) |
| JMF | 12:0071cb144c7a | 375 | * \param p_rng RNG parameter |
| JMF | 12:0071cb144c7a | 376 | * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE |
| JMF | 12:0071cb144c7a | 377 | * \param label buffer holding the custom label to use |
| JMF | 12:0071cb144c7a | 378 | * \param label_len contains the label length |
| JMF | 12:0071cb144c7a | 379 | * \param olen will contain the plaintext length |
| JMF | 12:0071cb144c7a | 380 | * \param input buffer holding the encrypted data |
| JMF | 12:0071cb144c7a | 381 | * \param output buffer that will hold the plaintext |
| JMF | 12:0071cb144c7a | 382 | * \param output_max_len maximum length of the output buffer |
| JMF | 12:0071cb144c7a | 383 | * |
| JMF | 12:0071cb144c7a | 384 | * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code |
| JMF | 12:0071cb144c7a | 385 | * |
| JMF | 12:0071cb144c7a | 386 | * \note The output buffer must be as large as the size |
| JMF | 12:0071cb144c7a | 387 | * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise |
| JMF | 12:0071cb144c7a | 388 | * an error is thrown. |
| JMF | 12:0071cb144c7a | 389 | */ |
| JMF | 12:0071cb144c7a | 390 | int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, |
| JMF | 12:0071cb144c7a | 391 | int (*f_rng)(void *, unsigned char *, size_t), |
| JMF | 12:0071cb144c7a | 392 | void *p_rng, |
| JMF | 12:0071cb144c7a | 393 | int mode, |
| JMF | 12:0071cb144c7a | 394 | const unsigned char *label, size_t label_len, |
| JMF | 12:0071cb144c7a | 395 | size_t *olen, |
| JMF | 12:0071cb144c7a | 396 | const unsigned char *input, |
| JMF | 12:0071cb144c7a | 397 | unsigned char *output, |
| JMF | 12:0071cb144c7a | 398 | size_t output_max_len ); |
| JMF | 12:0071cb144c7a | 399 | |
| JMF | 12:0071cb144c7a | 400 | /** |
| JMF | 12:0071cb144c7a | 401 | * \brief Generic wrapper to perform a PKCS#1 signature using the |
| JMF | 12:0071cb144c7a | 402 | * mode from the context. Do a private RSA operation to sign |
| JMF | 12:0071cb144c7a | 403 | * a message digest |
| JMF | 12:0071cb144c7a | 404 | * |
| JMF | 12:0071cb144c7a | 405 | * \param ctx RSA context |
| JMF | 12:0071cb144c7a | 406 | * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for |
| JMF | 12:0071cb144c7a | 407 | * MBEDTLS_RSA_PRIVATE) |
| JMF | 12:0071cb144c7a | 408 | * \param p_rng RNG parameter |
| JMF | 12:0071cb144c7a | 409 | * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE |
| JMF | 12:0071cb144c7a | 410 | * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) |
| JMF | 12:0071cb144c7a | 411 | * \param hashlen message digest length (for MBEDTLS_MD_NONE only) |
| JMF | 12:0071cb144c7a | 412 | * \param hash buffer holding the message digest |
| JMF | 12:0071cb144c7a | 413 | * \param sig buffer that will hold the ciphertext |
| JMF | 12:0071cb144c7a | 414 | * |
| JMF | 12:0071cb144c7a | 415 | * \return 0 if the signing operation was successful, |
| JMF | 12:0071cb144c7a | 416 | * or an MBEDTLS_ERR_RSA_XXX error code |
| JMF | 12:0071cb144c7a | 417 | * |
| JMF | 12:0071cb144c7a | 418 | * \note The "sig" buffer must be as large as the size |
| JMF | 12:0071cb144c7a | 419 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| JMF | 12:0071cb144c7a | 420 | * |
| JMF | 12:0071cb144c7a | 421 | * \note In case of PKCS#1 v2.1 encoding, see comments on |
| JMF | 12:0071cb144c7a | 422 | * \note \c mbedtls_rsa_rsassa_pss_sign() for details on md_alg and hash_id. |
| JMF | 12:0071cb144c7a | 423 | */ |
| JMF | 12:0071cb144c7a | 424 | int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, |
| JMF | 12:0071cb144c7a | 425 | int (*f_rng)(void *, unsigned char *, size_t), |
| JMF | 12:0071cb144c7a | 426 | void *p_rng, |
| JMF | 12:0071cb144c7a | 427 | int mode, |
| JMF | 12:0071cb144c7a | 428 | mbedtls_md_type_t md_alg, |
| JMF | 12:0071cb144c7a | 429 | unsigned int hashlen, |
| JMF | 12:0071cb144c7a | 430 | const unsigned char *hash, |
| JMF | 12:0071cb144c7a | 431 | unsigned char *sig ); |
| JMF | 12:0071cb144c7a | 432 | |
| JMF | 12:0071cb144c7a | 433 | /** |
| JMF | 12:0071cb144c7a | 434 | * \brief Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN) |
| JMF | 12:0071cb144c7a | 435 | * |
| JMF | 12:0071cb144c7a | 436 | * \param ctx RSA context |
| JMF | 12:0071cb144c7a | 437 | * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) |
| JMF | 12:0071cb144c7a | 438 | * \param p_rng RNG parameter |
| JMF | 12:0071cb144c7a | 439 | * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE |
| JMF | 12:0071cb144c7a | 440 | * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) |
| JMF | 12:0071cb144c7a | 441 | * \param hashlen message digest length (for MBEDTLS_MD_NONE only) |
| JMF | 12:0071cb144c7a | 442 | * \param hash buffer holding the message digest |
| JMF | 12:0071cb144c7a | 443 | * \param sig buffer that will hold the ciphertext |
| JMF | 12:0071cb144c7a | 444 | * |
| JMF | 12:0071cb144c7a | 445 | * \return 0 if the signing operation was successful, |
| JMF | 12:0071cb144c7a | 446 | * or an MBEDTLS_ERR_RSA_XXX error code |
| JMF | 12:0071cb144c7a | 447 | * |
| JMF | 12:0071cb144c7a | 448 | * \note The "sig" buffer must be as large as the size |
| JMF | 12:0071cb144c7a | 449 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| JMF | 12:0071cb144c7a | 450 | */ |
| JMF | 12:0071cb144c7a | 451 | int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, |
| JMF | 12:0071cb144c7a | 452 | int (*f_rng)(void *, unsigned char *, size_t), |
| JMF | 12:0071cb144c7a | 453 | void *p_rng, |
| JMF | 12:0071cb144c7a | 454 | int mode, |
| JMF | 12:0071cb144c7a | 455 | mbedtls_md_type_t md_alg, |
| JMF | 12:0071cb144c7a | 456 | unsigned int hashlen, |
| JMF | 12:0071cb144c7a | 457 | const unsigned char *hash, |
| JMF | 12:0071cb144c7a | 458 | unsigned char *sig ); |
| JMF | 12:0071cb144c7a | 459 | |
| JMF | 12:0071cb144c7a | 460 | /** |
| JMF | 12:0071cb144c7a | 461 | * \brief Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN) |
| JMF | 12:0071cb144c7a | 462 | * |
| JMF | 12:0071cb144c7a | 463 | * \param ctx RSA context |
| JMF | 12:0071cb144c7a | 464 | * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for |
| JMF | 12:0071cb144c7a | 465 | * MBEDTLS_RSA_PRIVATE) |
| JMF | 12:0071cb144c7a | 466 | * \param p_rng RNG parameter |
| JMF | 12:0071cb144c7a | 467 | * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE |
| JMF | 12:0071cb144c7a | 468 | * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) |
| JMF | 12:0071cb144c7a | 469 | * \param hashlen message digest length (for MBEDTLS_MD_NONE only) |
| JMF | 12:0071cb144c7a | 470 | * \param hash buffer holding the message digest |
| JMF | 12:0071cb144c7a | 471 | * \param sig buffer that will hold the ciphertext |
| JMF | 12:0071cb144c7a | 472 | * |
| JMF | 12:0071cb144c7a | 473 | * \return 0 if the signing operation was successful, |
| JMF | 12:0071cb144c7a | 474 | * or an MBEDTLS_ERR_RSA_XXX error code |
| JMF | 12:0071cb144c7a | 475 | * |
| JMF | 12:0071cb144c7a | 476 | * \note The "sig" buffer must be as large as the size |
| JMF | 12:0071cb144c7a | 477 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| JMF | 12:0071cb144c7a | 478 | * |
| JMF | 12:0071cb144c7a | 479 | * \note The hash_id in the RSA context is the one used for the |
| JMF | 12:0071cb144c7a | 480 | * encoding. md_alg in the function call is the type of hash |
| JMF | 12:0071cb144c7a | 481 | * that is encoded. According to RFC 3447 it is advised to |
| JMF | 12:0071cb144c7a | 482 | * keep both hashes the same. |
| JMF | 12:0071cb144c7a | 483 | */ |
| JMF | 12:0071cb144c7a | 484 | int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, |
| JMF | 12:0071cb144c7a | 485 | int (*f_rng)(void *, unsigned char *, size_t), |
| JMF | 12:0071cb144c7a | 486 | void *p_rng, |
| JMF | 12:0071cb144c7a | 487 | int mode, |
| JMF | 12:0071cb144c7a | 488 | mbedtls_md_type_t md_alg, |
| JMF | 12:0071cb144c7a | 489 | unsigned int hashlen, |
| JMF | 12:0071cb144c7a | 490 | const unsigned char *hash, |
| JMF | 12:0071cb144c7a | 491 | unsigned char *sig ); |
| JMF | 12:0071cb144c7a | 492 | |
| JMF | 12:0071cb144c7a | 493 | /** |
| JMF | 12:0071cb144c7a | 494 | * \brief Generic wrapper to perform a PKCS#1 verification using the |
| JMF | 12:0071cb144c7a | 495 | * mode from the context. Do a public RSA operation and check |
| JMF | 12:0071cb144c7a | 496 | * the message digest |
| JMF | 12:0071cb144c7a | 497 | * |
| JMF | 12:0071cb144c7a | 498 | * \param ctx points to an RSA public key |
| JMF | 12:0071cb144c7a | 499 | * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) |
| JMF | 12:0071cb144c7a | 500 | * \param p_rng RNG parameter |
| JMF | 12:0071cb144c7a | 501 | * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE |
| JMF | 12:0071cb144c7a | 502 | * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) |
| JMF | 12:0071cb144c7a | 503 | * \param hashlen message digest length (for MBEDTLS_MD_NONE only) |
| JMF | 12:0071cb144c7a | 504 | * \param hash buffer holding the message digest |
| JMF | 12:0071cb144c7a | 505 | * \param sig buffer holding the ciphertext |
| JMF | 12:0071cb144c7a | 506 | * |
| JMF | 12:0071cb144c7a | 507 | * \return 0 if the verify operation was successful, |
| JMF | 12:0071cb144c7a | 508 | * or an MBEDTLS_ERR_RSA_XXX error code |
| JMF | 12:0071cb144c7a | 509 | * |
| JMF | 12:0071cb144c7a | 510 | * \note The "sig" buffer must be as large as the size |
| JMF | 12:0071cb144c7a | 511 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| JMF | 12:0071cb144c7a | 512 | * |
| JMF | 12:0071cb144c7a | 513 | * \note In case of PKCS#1 v2.1 encoding, see comments on |
| JMF | 12:0071cb144c7a | 514 | * \c mbedtls_rsa_rsassa_pss_verify() about md_alg and hash_id. |
| JMF | 12:0071cb144c7a | 515 | */ |
| JMF | 12:0071cb144c7a | 516 | int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, |
| JMF | 12:0071cb144c7a | 517 | int (*f_rng)(void *, unsigned char *, size_t), |
| JMF | 12:0071cb144c7a | 518 | void *p_rng, |
| JMF | 12:0071cb144c7a | 519 | int mode, |
| JMF | 12:0071cb144c7a | 520 | mbedtls_md_type_t md_alg, |
| JMF | 12:0071cb144c7a | 521 | unsigned int hashlen, |
| JMF | 12:0071cb144c7a | 522 | const unsigned char *hash, |
| JMF | 12:0071cb144c7a | 523 | const unsigned char *sig ); |
| JMF | 12:0071cb144c7a | 524 | |
| JMF | 12:0071cb144c7a | 525 | /** |
| JMF | 12:0071cb144c7a | 526 | * \brief Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY) |
| JMF | 12:0071cb144c7a | 527 | * |
| JMF | 12:0071cb144c7a | 528 | * \param ctx points to an RSA public key |
| JMF | 12:0071cb144c7a | 529 | * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) |
| JMF | 12:0071cb144c7a | 530 | * \param p_rng RNG parameter |
| JMF | 12:0071cb144c7a | 531 | * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE |
| JMF | 12:0071cb144c7a | 532 | * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) |
| JMF | 12:0071cb144c7a | 533 | * \param hashlen message digest length (for MBEDTLS_MD_NONE only) |
| JMF | 12:0071cb144c7a | 534 | * \param hash buffer holding the message digest |
| JMF | 12:0071cb144c7a | 535 | * \param sig buffer holding the ciphertext |
| JMF | 12:0071cb144c7a | 536 | * |
| JMF | 12:0071cb144c7a | 537 | * \return 0 if the verify operation was successful, |
| JMF | 12:0071cb144c7a | 538 | * or an MBEDTLS_ERR_RSA_XXX error code |
| JMF | 12:0071cb144c7a | 539 | * |
| JMF | 12:0071cb144c7a | 540 | * \note The "sig" buffer must be as large as the size |
| JMF | 12:0071cb144c7a | 541 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| JMF | 12:0071cb144c7a | 542 | */ |
| JMF | 12:0071cb144c7a | 543 | int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, |
| JMF | 12:0071cb144c7a | 544 | int (*f_rng)(void *, unsigned char *, size_t), |
| JMF | 12:0071cb144c7a | 545 | void *p_rng, |
| JMF | 12:0071cb144c7a | 546 | int mode, |
| JMF | 12:0071cb144c7a | 547 | mbedtls_md_type_t md_alg, |
| JMF | 12:0071cb144c7a | 548 | unsigned int hashlen, |
| JMF | 12:0071cb144c7a | 549 | const unsigned char *hash, |
| JMF | 12:0071cb144c7a | 550 | const unsigned char *sig ); |
| JMF | 12:0071cb144c7a | 551 | |
| JMF | 12:0071cb144c7a | 552 | /** |
| JMF | 12:0071cb144c7a | 553 | * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) |
| JMF | 12:0071cb144c7a | 554 | * (This is the "simple" version.) |
| JMF | 12:0071cb144c7a | 555 | * |
| JMF | 12:0071cb144c7a | 556 | * \param ctx points to an RSA public key |
| JMF | 12:0071cb144c7a | 557 | * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) |
| JMF | 12:0071cb144c7a | 558 | * \param p_rng RNG parameter |
| JMF | 12:0071cb144c7a | 559 | * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE |
| JMF | 12:0071cb144c7a | 560 | * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) |
| JMF | 12:0071cb144c7a | 561 | * \param hashlen message digest length (for MBEDTLS_MD_NONE only) |
| JMF | 12:0071cb144c7a | 562 | * \param hash buffer holding the message digest |
| JMF | 12:0071cb144c7a | 563 | * \param sig buffer holding the ciphertext |
| JMF | 12:0071cb144c7a | 564 | * |
| JMF | 12:0071cb144c7a | 565 | * \return 0 if the verify operation was successful, |
| JMF | 12:0071cb144c7a | 566 | * or an MBEDTLS_ERR_RSA_XXX error code |
| JMF | 12:0071cb144c7a | 567 | * |
| JMF | 12:0071cb144c7a | 568 | * \note The "sig" buffer must be as large as the size |
| JMF | 12:0071cb144c7a | 569 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| JMF | 12:0071cb144c7a | 570 | * |
| JMF | 12:0071cb144c7a | 571 | * \note The hash_id in the RSA context is the one used for the |
| JMF | 12:0071cb144c7a | 572 | * verification. md_alg in the function call is the type of |
| JMF | 12:0071cb144c7a | 573 | * hash that is verified. According to RFC 3447 it is advised to |
| JMF | 12:0071cb144c7a | 574 | * keep both hashes the same. If hash_id in the RSA context is |
| JMF | 12:0071cb144c7a | 575 | * unset, the md_alg from the function call is used. |
| JMF | 12:0071cb144c7a | 576 | */ |
| JMF | 12:0071cb144c7a | 577 | int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, |
| JMF | 12:0071cb144c7a | 578 | int (*f_rng)(void *, unsigned char *, size_t), |
| JMF | 12:0071cb144c7a | 579 | void *p_rng, |
| JMF | 12:0071cb144c7a | 580 | int mode, |
| JMF | 12:0071cb144c7a | 581 | mbedtls_md_type_t md_alg, |
| JMF | 12:0071cb144c7a | 582 | unsigned int hashlen, |
| JMF | 12:0071cb144c7a | 583 | const unsigned char *hash, |
| JMF | 12:0071cb144c7a | 584 | const unsigned char *sig ); |
| JMF | 12:0071cb144c7a | 585 | |
| JMF | 12:0071cb144c7a | 586 | /** |
| JMF | 12:0071cb144c7a | 587 | * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) |
| JMF | 12:0071cb144c7a | 588 | * (This is the version with "full" options.) |
| JMF | 12:0071cb144c7a | 589 | * |
| JMF | 12:0071cb144c7a | 590 | * \param ctx points to an RSA public key |
| JMF | 12:0071cb144c7a | 591 | * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) |
| JMF | 12:0071cb144c7a | 592 | * \param p_rng RNG parameter |
| JMF | 12:0071cb144c7a | 593 | * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE |
| JMF | 12:0071cb144c7a | 594 | * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) |
| JMF | 12:0071cb144c7a | 595 | * \param hashlen message digest length (for MBEDTLS_MD_NONE only) |
| JMF | 12:0071cb144c7a | 596 | * \param hash buffer holding the message digest |
| JMF | 12:0071cb144c7a | 597 | * \param mgf1_hash_id message digest used for mask generation |
| JMF | 12:0071cb144c7a | 598 | * \param expected_salt_len Length of the salt used in padding, use |
| JMF | 12:0071cb144c7a | 599 | * MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length |
| JMF | 12:0071cb144c7a | 600 | * \param sig buffer holding the ciphertext |
| JMF | 12:0071cb144c7a | 601 | * |
| JMF | 12:0071cb144c7a | 602 | * \return 0 if the verify operation was successful, |
| JMF | 12:0071cb144c7a | 603 | * or an MBEDTLS_ERR_RSA_XXX error code |
| JMF | 12:0071cb144c7a | 604 | * |
| JMF | 12:0071cb144c7a | 605 | * \note The "sig" buffer must be as large as the size |
| JMF | 12:0071cb144c7a | 606 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| JMF | 12:0071cb144c7a | 607 | * |
| JMF | 12:0071cb144c7a | 608 | * \note The hash_id in the RSA context is ignored. |
| JMF | 12:0071cb144c7a | 609 | */ |
| JMF | 12:0071cb144c7a | 610 | int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, |
| JMF | 12:0071cb144c7a | 611 | int (*f_rng)(void *, unsigned char *, size_t), |
| JMF | 12:0071cb144c7a | 612 | void *p_rng, |
| JMF | 12:0071cb144c7a | 613 | int mode, |
| JMF | 12:0071cb144c7a | 614 | mbedtls_md_type_t md_alg, |
| JMF | 12:0071cb144c7a | 615 | unsigned int hashlen, |
| JMF | 12:0071cb144c7a | 616 | const unsigned char *hash, |
| JMF | 12:0071cb144c7a | 617 | mbedtls_md_type_t mgf1_hash_id, |
| JMF | 12:0071cb144c7a | 618 | int expected_salt_len, |
| JMF | 12:0071cb144c7a | 619 | const unsigned char *sig ); |
| JMF | 12:0071cb144c7a | 620 | |
| JMF | 12:0071cb144c7a | 621 | /** |
| JMF | 12:0071cb144c7a | 622 | * \brief Copy the components of an RSA context |
| JMF | 12:0071cb144c7a | 623 | * |
| JMF | 12:0071cb144c7a | 624 | * \param dst Destination context |
| JMF | 12:0071cb144c7a | 625 | * \param src Source context |
| JMF | 12:0071cb144c7a | 626 | * |
| JMF | 12:0071cb144c7a | 627 | * \return 0 on success, |
| JMF | 12:0071cb144c7a | 628 | * MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure |
| JMF | 12:0071cb144c7a | 629 | */ |
| JMF | 12:0071cb144c7a | 630 | int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ); |
| JMF | 12:0071cb144c7a | 631 | |
| JMF | 12:0071cb144c7a | 632 | /** |
| JMF | 12:0071cb144c7a | 633 | * \brief Free the components of an RSA key |
| JMF | 12:0071cb144c7a | 634 | * |
| JMF | 12:0071cb144c7a | 635 | * \param ctx RSA Context to free |
| JMF | 12:0071cb144c7a | 636 | */ |
| JMF | 12:0071cb144c7a | 637 | void mbedtls_rsa_free( mbedtls_rsa_context *ctx ); |
| JMF | 12:0071cb144c7a | 638 | |
| JMF | 12:0071cb144c7a | 639 | /** |
| JMF | 12:0071cb144c7a | 640 | * \brief Checkup routine |
| JMF | 12:0071cb144c7a | 641 | * |
| JMF | 12:0071cb144c7a | 642 | * \return 0 if successful, or 1 if the test failed |
| JMF | 12:0071cb144c7a | 643 | */ |
| JMF | 12:0071cb144c7a | 644 | int mbedtls_rsa_self_test( int verbose ); |
| JMF | 12:0071cb144c7a | 645 | |
| JMF | 12:0071cb144c7a | 646 | #ifdef __cplusplus |
| JMF | 12:0071cb144c7a | 647 | } |
| JMF | 12:0071cb144c7a | 648 | #endif |
| JMF | 12:0071cb144c7a | 649 | |
| JMF | 12:0071cb144c7a | 650 | #endif /* MBEDTLS_RSA_C */ |
| JMF | 12:0071cb144c7a | 651 | |
| JMF | 12:0071cb144c7a | 652 | #endif /* rsa.h */ |