This file provides an API for the RSA public-key cryptosystem. More...
Go to the source code of this file.
Classes | |
struct | mbedtls_rsa_context |
The RSA context structure. More... | |
Macros | |
#define | MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 |
#define | MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100 |
#define | MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180 |
#define | MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 |
#define | MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280 |
#define | MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300 |
#define | MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 |
#define | MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 |
#define | MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 |
#define | MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION -0x4500 |
#define | MBEDTLS_ERR_RSA_HW_ACCEL_FAILED -0x4580 |
#define | MBEDTLS_RSA_PUBLIC 0 |
#define | MBEDTLS_RSA_PRIVATE 1 |
#define | MBEDTLS_RSA_PKCS_V15 0 |
#define | MBEDTLS_RSA_PKCS_V21 1 |
#define | MBEDTLS_RSA_SIGN 1 |
#define | MBEDTLS_RSA_CRYPT 2 |
#define | MBEDTLS_RSA_SALT_LEN_ANY -1 |
Typedefs | |
typedef struct mbedtls_rsa_context | mbedtls_rsa_context |
The RSA context structure. More... | |
Functions | |
void | mbedtls_rsa_init (mbedtls_rsa_context *ctx, int padding, int hash_id) |
This function initializes an RSA context. More... | |
int | mbedtls_rsa_import (mbedtls_rsa_context *ctx, const mbedtls_mpi *N, const mbedtls_mpi *P, const mbedtls_mpi *Q, const mbedtls_mpi *D, const mbedtls_mpi *E) |
This function imports a set of core parameters into an RSA context. More... | |
int | mbedtls_rsa_import_raw (mbedtls_rsa_context *ctx, unsigned char const *N, size_t N_len, unsigned char const *P, size_t P_len, unsigned char const *Q, size_t Q_len, unsigned char const *D, size_t D_len, unsigned char const *E, size_t E_len) |
This function imports core RSA parameters, in raw big-endian binary format, into an RSA context. More... | |
int | mbedtls_rsa_complete (mbedtls_rsa_context *ctx) |
This function completes an RSA context from a set of imported core parameters. More... | |
int | mbedtls_rsa_export (const mbedtls_rsa_context *ctx, mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, mbedtls_mpi *D, mbedtls_mpi *E) |
This function exports the core parameters of an RSA key. More... | |
int | mbedtls_rsa_export_raw (const mbedtls_rsa_context *ctx, unsigned char *N, size_t N_len, unsigned char *P, size_t P_len, unsigned char *Q, size_t Q_len, unsigned char *D, size_t D_len, unsigned char *E, size_t E_len) |
This function exports core parameters of an RSA key in raw big-endian binary format. More... | |
int | mbedtls_rsa_export_crt (const mbedtls_rsa_context *ctx, mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP) |
This function exports CRT parameters of a private RSA key. More... | |
void | mbedtls_rsa_set_padding (mbedtls_rsa_context *ctx, int padding, int hash_id) |
This function sets padding for an already initialized RSA context. See mbedtls_rsa_init() for details. More... | |
size_t | mbedtls_rsa_get_len (const mbedtls_rsa_context *ctx) |
This function retrieves the length of RSA modulus in Bytes. More... | |
int | mbedtls_rsa_gen_key (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, unsigned int nbits, int exponent) |
This function generates an RSA keypair. More... | |
int | mbedtls_rsa_check_pubkey (const mbedtls_rsa_context *ctx) |
This function checks if a context contains at least an RSA public key. More... | |
int | mbedtls_rsa_check_privkey (const mbedtls_rsa_context *ctx) |
This function checks if a context contains an RSA private key and perform basic consistency checks. More... | |
int | mbedtls_rsa_check_pub_priv (const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv) |
This function checks a public-private RSA key pair. More... | |
int | mbedtls_rsa_public (mbedtls_rsa_context *ctx, const unsigned char *input, unsigned char *output) |
This function performs an RSA public key operation. More... | |
int | mbedtls_rsa_private (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, const unsigned char *input, unsigned char *output) |
This function performs an RSA private key operation. More... | |
int | mbedtls_rsa_pkcs1_encrypt (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t ilen, const unsigned char *input, unsigned char *output) |
This function adds the message padding, then performs an RSA operation. More... | |
int | mbedtls_rsa_rsaes_pkcs1_v15_encrypt (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t ilen, const unsigned char *input, unsigned char *output) |
This function performs a PKCS#1 v1.5 encryption operation (RSAES-PKCS1-v1_5-ENCRYPT). More... | |
int | mbedtls_rsa_rsaes_oaep_encrypt (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, const unsigned char *label, size_t label_len, size_t ilen, const unsigned char *input, unsigned char *output) |
This function performs a PKCS#1 v2.1 OAEP encryption operation (RSAES-OAEP-ENCRYPT). More... | |
int | mbedtls_rsa_pkcs1_decrypt (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len) |
This function performs an RSA operation, then removes the message padding. More... | |
int | mbedtls_rsa_rsaes_pkcs1_v15_decrypt (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len) |
This function performs a PKCS#1 v1.5 decryption operation (RSAES-PKCS1-v1_5-DECRYPT). More... | |
int | mbedtls_rsa_rsaes_oaep_decrypt (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, const unsigned char *label, size_t label_len, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len) |
This function performs a PKCS#1 v2.1 OAEP decryption operation (RSAES-OAEP-DECRYPT). More... | |
int | mbedtls_rsa_pkcs1_sign (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig) |
This function performs a private RSA operation to sign a message digest using PKCS#1. More... | |
int | mbedtls_rsa_rsassa_pkcs1_v15_sign (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig) |
This function performs a PKCS#1 v1.5 signature operation (RSASSA-PKCS1-v1_5-SIGN). More... | |
int | mbedtls_rsa_rsassa_pss_sign (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig) |
This function performs a PKCS#1 v2.1 PSS signature operation (RSASSA-PSS-SIGN). More... | |
int | mbedtls_rsa_pkcs1_verify (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig) |
This function performs a public RSA operation and checks the message digest. More... | |
int | mbedtls_rsa_rsassa_pkcs1_v15_verify (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig) |
This function performs a PKCS#1 v1.5 verification operation (RSASSA-PKCS1-v1_5-VERIFY). More... | |
int | mbedtls_rsa_rsassa_pss_verify (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig) |
This function performs a PKCS#1 v2.1 PSS verification operation (RSASSA-PSS-VERIFY). More... | |
int | mbedtls_rsa_rsassa_pss_verify_ext (mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, mbedtls_md_type_t mgf1_hash_id, int expected_salt_len, const unsigned char *sig) |
This function performs a PKCS#1 v2.1 PSS verification operation (RSASSA-PSS-VERIFY). More... | |
int | mbedtls_rsa_copy (mbedtls_rsa_context *dst, const mbedtls_rsa_context *src) |
This function copies the components of an RSA context. More... | |
void | mbedtls_rsa_free (mbedtls_rsa_context *ctx) |
This function frees the components of an RSA key. More... | |
int | mbedtls_rsa_self_test (int verbose) |
The RSA checkup routine. More... | |
This file provides an API for the RSA public-key cryptosystem.
The RSA public-key cryptosystem is defined in Public-Key Cryptography Standards (PKCS) #1 v1.5: RSA Encryption and Public-Key Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography Specifications.
#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 |
Bad input parameters to function.
#define MBEDTLS_ERR_RSA_HW_ACCEL_FAILED -0x4580 |
RSA hardware accelerator failed.
#define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100 |
Input data contains invalid padding and is rejected.
#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 |
Key failed to pass the validity check of the library.
#define MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180 |
Something failed during generation of a key.
#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 |
The output buffer for decryption is not large enough.
#define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300 |
The private key operation failed.
#define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280 |
The public key operation failed.
#define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 |
The random generator failed to generate non-zeros.
#define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION -0x4500 |
The implementation does not offer the requested operation, for example, because of security violations or lack of functionality.
#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 |
The PKCS#1 verification failed.
#define MBEDTLS_RSA_CRYPT 2 |
Identifier for RSA encryption and decryption operations.
#define MBEDTLS_RSA_PKCS_V15 0 |
Use PKCS#1 v1.5 encoding.
#define MBEDTLS_RSA_PKCS_V21 1 |
Use PKCS#1 v2.1 encoding.
#define MBEDTLS_RSA_PRIVATE 1 |
Request public key operation.
#define MBEDTLS_RSA_PUBLIC 0 |
Request private key operation.
#define MBEDTLS_RSA_SALT_LEN_ANY -1 |
#define MBEDTLS_RSA_SIGN 1 |
Identifier for RSA signature operations.
typedef struct mbedtls_rsa_context mbedtls_rsa_context |
The RSA context structure.
int mbedtls_rsa_check_privkey | ( | const mbedtls_rsa_context * | ctx | ) |
This function checks if a context contains an RSA private key and perform basic consistency checks.
ctx | The initialized RSA context to check. |
0
on success. MBEDTLS_ERR_RSA_XXX
error code on failure. int mbedtls_rsa_check_pub_priv | ( | const mbedtls_rsa_context * | pub, |
const mbedtls_rsa_context * | prv | ||
) |
This function checks a public-private RSA key pair.
It checks each of the contexts, and makes sure they match.
pub | The initialized RSA context holding the public key. |
prv | The initialized RSA context holding the private key. |
0
on success. MBEDTLS_ERR_RSA_XXX
error code on failure. int mbedtls_rsa_check_pubkey | ( | const mbedtls_rsa_context * | ctx | ) |
This function checks if a context contains at least an RSA public key.
If the function runs successfully, it is guaranteed that enough information is present to perform an RSA public key operation using mbedtls_rsa_public().
ctx | The initialized RSA context to check. |
0
on success. MBEDTLS_ERR_RSA_XXX
error code on failure. int mbedtls_rsa_complete | ( | mbedtls_rsa_context * | ctx | ) |
This function completes an RSA context from a set of imported core parameters.
To setup an RSA public key, precisely N
and E
must have been imported.
To setup an RSA private key, sufficient information must be present for the other parameters to be derivable.
The default implementation supports the following:
P
, Q
from N
, D
, E
. N
, D
from P
, Q
, E
.Alternative implementations need not support these.
If this function runs successfully, it guarantees that the RSA context can be used for RSA operations without the risk of failure or crash.
ctx | The initialized RSA context holding imported parameters. |
0
on success. int mbedtls_rsa_copy | ( | mbedtls_rsa_context * | dst, |
const mbedtls_rsa_context * | src | ||
) |
This function copies the components of an RSA context.
dst | The destination context. This must be initialized. |
src | The source context. This must be initialized. |
0
on success. int mbedtls_rsa_export | ( | const mbedtls_rsa_context * | ctx, |
mbedtls_mpi * | N, | ||
mbedtls_mpi * | P, | ||
mbedtls_mpi * | Q, | ||
mbedtls_mpi * | D, | ||
mbedtls_mpi * | E | ||
) |
This function exports the core parameters of an RSA key.
If this function runs successfully, the non-NULL buffers pointed to by \p N, \p P, \p Q, \p D, and \p E are fully written, with additional unused space filled leading by zero Bytes. Possible reasons for returning #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:<ul> <li>An alternative RSA implementation is in use, which stores the key externally, and either cannot or should not export it into RAM.</li> <li>A SW or HW implementation might not support a certain deduction. For example, \p P, \p Q from \p N, \p D, and \p E if the former are not part of the implementation.</li></ul> If the function fails due to an unsupported operation, the RSA context stays intact and remains usable.
ctx | The initialized RSA context. |
N | The MPI to hold the RSA modulus. This may be NULL if this field need not be exported. |
P | The MPI to hold the first prime factor of N . This may be NULL if this field need not be exported. |
Q | The MPI to hold the second prime factor of N . This may be NULL if this field need not be exported. |
D | The MPI to hold the private exponent. This may be NULL if this field need not be exported. |
E | The MPI to hold the public exponent. This may be NULL if this field need not be exported. |
0
on success. int mbedtls_rsa_export_crt | ( | const mbedtls_rsa_context * | ctx, |
mbedtls_mpi * | DP, | ||
mbedtls_mpi * | DQ, | ||
mbedtls_mpi * | QP | ||
) |
This function exports CRT parameters of a private RSA key.
ctx | The initialized RSA context. |
DP | The MPI to hold D modulo P-1 , or NULL if it need not be exported. |
DQ | The MPI to hold D modulo Q-1 , or NULL if it need not be exported. |
QP | The MPI to hold modular inverse of Q modulo P , or NULL if it need not be exported. |
0
on success. int mbedtls_rsa_export_raw | ( | const mbedtls_rsa_context * | ctx, |
unsigned char * | N, | ||
size_t | N_len, | ||
unsigned char * | P, | ||
size_t | P_len, | ||
unsigned char * | Q, | ||
size_t | Q_len, | ||
unsigned char * | D, | ||
size_t | D_len, | ||
unsigned char * | E, | ||
size_t | E_len | ||
) |
This function exports core parameters of an RSA key in raw big-endian binary format.
If this function runs successfully, the non-NULL buffers pointed to by N
, P
, Q
, D
, and E
are fully written, with additional unused space filled leading by zero Bytes.
Possible reasons for returning MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:
P
, Q
from N
, D
, and E
if the former are not part of the implementation.If the function fails due to an unsupported operation, the RSA context stays intact and remains usable.
ctx | The initialized RSA context. |
N | The Byte array to store the RSA modulus, or NULL if this field need not be exported. |
N_len | The size of the buffer for the modulus. |
P | The Byte array to hold the first prime factor of N , or NULL if this field need not be exported. |
P_len | The size of the buffer for the first prime factor. |
Q | The Byte array to hold the second prime factor of N , or NULL if this field need not be exported. |
Q_len | The size of the buffer for the second prime factor. |
D | The Byte array to hold the private exponent, or NULL if this field need not be exported. |
D_len | The size of the buffer for the private exponent. |
E | The Byte array to hold the public exponent, or NULL if this field need not be exported. |
E_len | The size of the buffer for the public exponent. |
0
on success. void mbedtls_rsa_free | ( | mbedtls_rsa_context * | ctx | ) |
This function frees the components of an RSA key.
ctx | The RSA context to free. May be NULL , in which case this function is a no-op. If it is not NULL , it must point to an initialized RSA context. |
int mbedtls_rsa_gen_key | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
unsigned int | nbits, | ||
int | exponent | ||
) |
This function generates an RSA keypair.
ctx | The initialized RSA context used to hold the key. |
f_rng | The RNG function to be used for key generation. This must not be NULL . |
p_rng | The RNG context to be passed to f_rng . This may be NULL if f_rng doesn't need a context. |
nbits | The size of the public key in bits. |
exponent | The public exponent to use. For example, 65537 . This must be odd and greater than 1 . |
0
on success. MBEDTLS_ERR_RSA_XXX
error code on failure. size_t mbedtls_rsa_get_len | ( | const mbedtls_rsa_context * | ctx | ) |
This function retrieves the length of RSA modulus in Bytes.
ctx | The initialized RSA context. |
int mbedtls_rsa_import | ( | mbedtls_rsa_context * | ctx, |
const mbedtls_mpi * | N, | ||
const mbedtls_mpi * | P, | ||
const mbedtls_mpi * | Q, | ||
const mbedtls_mpi * | D, | ||
const mbedtls_mpi * | E | ||
) |
This function imports a set of core parameters into an RSA context.
Any sequence of calls to this function should be followed by a call to mbedtls_rsa_complete(), which checks and completes the provided information to a ready-for-use public or private RSA key.
ctx | The initialized RSA context to store the parameters in. |
N | The RSA modulus. This may be NULL . |
P | The first prime factor of N . This may be NULL . |
Q | The second prime factor of N . This may be NULL . |
D | The private exponent. This may be NULL . |
E | The public exponent. This may be NULL . |
0
on success. int mbedtls_rsa_import_raw | ( | mbedtls_rsa_context * | ctx, |
unsigned char const * | N, | ||
size_t | N_len, | ||
unsigned char const * | P, | ||
size_t | P_len, | ||
unsigned char const * | Q, | ||
size_t | Q_len, | ||
unsigned char const * | D, | ||
size_t | D_len, | ||
unsigned char const * | E, | ||
size_t | E_len | ||
) |
This function imports core RSA parameters, in raw big-endian binary format, into an RSA context.
Any sequence of calls to this function should be followed by a call to mbedtls_rsa_complete(), which checks and completes the provided information to a ready-for-use public or private RSA key.
ctx | The initialized RSA context to store the parameters in. |
N | The RSA modulus. This may be NULL . |
N_len | The Byte length of N ; it is ignored if N == NULL. |
P | The first prime factor of N . This may be NULL . |
P_len | The Byte length of P ; it ns ignored if P == NULL. |
Q | The second prime factor of N . This may be NULL . |
Q_len | The Byte length of Q ; it is ignored if Q == NULL. |
D | The private exponent. This may be NULL . |
D_len | The Byte length of D ; it is ignored if D == NULL. |
E | The public exponent. This may be NULL . |
E_len | The Byte length of E ; it is ignored if E == NULL. |
0
on success. void mbedtls_rsa_init | ( | mbedtls_rsa_context * | ctx, |
int | padding, | ||
int | hash_id | ||
) |
This function initializes an RSA context.
hash_id
parameter is ignored when using MBEDTLS_RSA_PKCS_V15 padding.rsa_rsaes_xxx
or rsa_rsassa_xxx
functions.hash_id
is always used for OEAP encryption. For PSS signatures, it is always used for making signatures, but can be overriden for verifying them. If set to MBEDTLS_MD_NONE, it is always overriden.ctx | The RSA context to initialize. This must not be NULL . |
padding | The padding mode to use. This must be either MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21. |
hash_id | The hash identifier of mbedtls_md_type_t type, if padding is MBEDTLS_RSA_PKCS_V21. It is unused otherwise. |
int mbedtls_rsa_pkcs1_decrypt | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
size_t * | olen, | ||
const unsigned char * | input, | ||
unsigned char * | output, | ||
size_t | output_max_len | ||
) |
This function performs an RSA operation, then removes the message padding.
It is the generic wrapper for performing a PKCS#1 decryption operation using the mode
from the context.
output_max_len
should be as large as the size ctx->len
of ctx->N
(for example, 128 Bytes if RSA-1024 is used) to be able to hold an arbitrary decrypted message. If it is not large enough to hold the decryption of the particular ciphertext provided, the function returns MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
.mode
argument and have it implicitly set to MBEDTLS_RSA_PRIVATE.ctx | The initialized RSA context to use. |
f_rng | The RNG function. If mode is MBEDTLS_RSA_PRIVATE, this is used for blinding and should be provided; see mbedtls_rsa_private() for more. If mode is MBEDTLS_RSA_PUBLIC, it is ignored. |
p_rng | The RNG context to be passed to f_rng . This may be NULL if f_rng is NULL or doesn't need a context. |
mode | The mode of operation. This must be either MBEDTLS_RSA_PRIVATE or MBEDTLS_RSA_PUBLIC (deprecated). |
olen | The address at which to store the length of the plaintext. This must not be NULL . |
input | The ciphertext buffer. This must be a readable buffer of length ctx->len Bytes. For example, 256 Bytes for an 2048-bit RSA modulus. |
output | The buffer used to hold the plaintext. This must be a writable buffer of length output_max_len Bytes. |
output_max_len | The length in Bytes of the output buffer output . |
0
on success. MBEDTLS_ERR_RSA_XXX
error code on failure. int mbedtls_rsa_pkcs1_encrypt | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
size_t | ilen, | ||
const unsigned char * | input, | ||
unsigned char * | output | ||
) |
This function adds the message padding, then performs an RSA operation.
It is the generic wrapper for performing a PKCS#1 encryption operation using the mode
from the context.
mode
argument and have it implicitly set to MBEDTLS_RSA_PUBLIC.ctx | The initialized RSA context to use. |
f_rng | The RNG to use. It is mandatory for PKCS#1 v2.1 padding encoding, and for PKCS#1 v1.5 padding encoding when used with mode set to MBEDTLS_RSA_PUBLIC. For PKCS#1 v1.5 padding encoding and mode set to MBEDTLS_RSA_PRIVATE, it is used for blinding and should be provided in this case; see mbedtls_rsa_private() for more. |
p_rng | The RNG context to be passed to f_rng . May be NULL if f_rng is NULL or if f_rng doesn't need a context argument. |
mode | The mode of operation. This must be either MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE (deprecated). |
ilen | The length of the plaintext in Bytes. |
input | The input data to encrypt. This must be a readable buffer of size ilen Bytes. This must not be NULL . |
output | The output buffer. This must be a writable buffer of length ctx->len Bytes. For example, 256 Bytes for an 2048-bit RSA modulus. |
0
on success. MBEDTLS_ERR_RSA_XXX
error code on failure. int mbedtls_rsa_pkcs1_sign | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
mbedtls_md_type_t | md_alg, | ||
unsigned int | hashlen, | ||
const unsigned char * | hash, | ||
unsigned char * | sig | ||
) |
This function performs a private RSA operation to sign a message digest using PKCS#1.
It is the generic wrapper for performing a PKCS#1 signature using the mode
from the context.
sig
buffer must be as large as the size of ctx->N
. For example, 128 Bytes if RSA-1024 is used.md_alg
and hash_id
.mode
argument and have it implicitly set to MBEDTLS_RSA_PRIVATE.ctx | The initialized RSA context to use. |
f_rng | The RNG function to use. If the padding mode is PKCS#1 v2.1, this must be provided. If the padding mode is PKCS#1 v1.5 and mode is MBEDTLS_RSA_PRIVATE, it is used for blinding and should be provided; see mbedtls_rsa_private() for more more. It is ignored otherwise. |
p_rng | The RNG context to be passed to f_rng . This may be NULL if f_rng is NULL or doesn't need a context argument. |
mode | The mode of operation. This must be either MBEDTLS_RSA_PRIVATE or MBEDTLS_RSA_PUBLIC (deprecated). |
md_alg | The message-digest algorithm used to hash the original data. Use MBEDTLS_MD_NONE for signing raw data. |
hashlen | The length of the message digest. Ths is only used if md_alg is MBEDTLS_MD_NONE. |
hash | The buffer holding the message digest or raw data. If md_alg is MBEDTLS_MD_NONE, this must be a readable buffer of length hashlen Bytes. If md_alg is not MBEDTLS_MD_NONE, it must be a readable buffer of length the size of the hash corresponding to md_alg . |
sig | The buffer to hold the signature. This must be a writable buffer of length ctx->len Bytes. For example, 256 Bytes for an 2048-bit RSA modulus. |
0
if the signing operation was successful. MBEDTLS_ERR_RSA_XXX
error code on failure. int mbedtls_rsa_pkcs1_verify | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
mbedtls_md_type_t | md_alg, | ||
unsigned int | hashlen, | ||
const unsigned char * | hash, | ||
const unsigned char * | sig | ||
) |
This function performs a public RSA operation and checks the message digest.
This is the generic wrapper for performing a PKCS#1 verification using the mode from the context.
md_alg
and hash_id
.mode
argument and have it set to MBEDTLS_RSA_PUBLIC.ctx | The initialized RSA public key context to use. |
f_rng | The RNG function to use. If mode is MBEDTLS_RSA_PRIVATE, this is used for blinding and should be provided; see mbedtls_rsa_private() for more. Otherwise, it is ignored. |
p_rng | The RNG context to be passed to f_rng . This may be NULL if f_rng is NULL or doesn't need a context. |
mode | The mode of operation. This must be either MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE (deprecated). |
md_alg | The message-digest algorithm used to hash the original data. Use MBEDTLS_MD_NONE for signing raw data. |
hashlen | The length of the message digest. This is only used if md_alg is MBEDTLS_MD_NONE. |
hash | The buffer holding the message digest or raw data. If md_alg is MBEDTLS_MD_NONE, this must be a readable buffer of length hashlen Bytes. If md_alg is not MBEDTLS_MD_NONE, it must be a readable buffer of length the size of the hash corresponding to md_alg . |
sig | The buffer holding the signature. This must be a readable buffer of length ctx->len Bytes. For example, 256 Bytes for an 2048-bit RSA modulus. |
0
if the verify operation was successful. MBEDTLS_ERR_RSA_XXX
error code on failure. int mbedtls_rsa_private | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
const unsigned char * | input, | ||
unsigned char * | output | ||
) |
This function performs an RSA private key operation.
ctx | The initialized RSA context to use. |
f_rng | The RNG function, used for blinding. It is discouraged and deprecated to pass NULL here, in which case blinding will be omitted. |
p_rng | The RNG context to pass to f_rng . This may be NULL if f_rng is NULL or if f_rng doesn't need a context. |
input | The input buffer. This must be a readable buffer of length ctx->len Bytes. For example, 256 Bytes for an 2048-bit RSA modulus. |
output | The output buffer. This must be a writable buffer of length ctx->len Bytes. For example, 256 Bytes for an 2048-bit RSA modulus. |
0
on success. MBEDTLS_ERR_RSA_XXX
error code on failure. int mbedtls_rsa_public | ( | mbedtls_rsa_context * | ctx, |
const unsigned char * | input, | ||
unsigned char * | output | ||
) |
This function performs an RSA public key operation.
ctx | The initialized RSA context to use. |
input | The input buffer. This must be a readable buffer of length ctx->len Bytes. For example, 256 Bytes for an 2048-bit RSA modulus. |
output | The output buffer. This must be a writable buffer of length ctx->len Bytes. For example, 256 Bytes for an 2048-bit RSA modulus. |
input
[0] = 0 or ensure that input is smaller than N
.0
on success. MBEDTLS_ERR_RSA_XXX
error code on failure. int mbedtls_rsa_rsaes_oaep_decrypt | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
const unsigned char * | label, | ||
size_t | label_len, | ||
size_t * | olen, | ||
const unsigned char * | input, | ||
unsigned char * | output, | ||
size_t | output_max_len | ||
) |
This function performs a PKCS#1 v2.1 OAEP decryption operation (RSAES-OAEP-DECRYPT).
output_max_len
should be as large as the size ctx->len
of ctx->N
, for example, 128 Bytes if RSA-1024 is used, to be able to hold an arbitrary decrypted message. If it is not large enough to hold the decryption of the particular ciphertext provided, the function returns MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.mode
argument and have it implicitly set to MBEDTLS_RSA_PRIVATE.ctx | The initialized RSA context to use. |
f_rng | The RNG function. If mode is MBEDTLS_RSA_PRIVATE, this is used for blinding and should be provided; see mbedtls_rsa_private() for more. If mode is MBEDTLS_RSA_PUBLIC, it is ignored. |
p_rng | The RNG context to be passed to f_rng . This may be NULL if f_rng is NULL or doesn't need a context. |
mode | The mode of operation. This must be either MBEDTLS_RSA_PRIVATE or MBEDTLS_RSA_PUBLIC (deprecated). |
label | The buffer holding the custom label to use. This must be a readable buffer of length label_len Bytes. It may be NULL if label_len is 0 . |
label_len | The length of the label in Bytes. |
olen | The address at which to store the length of the plaintext. This must not be NULL . |
input | The ciphertext buffer. This must be a readable buffer of length ctx->len Bytes. For example, 256 Bytes for an 2048-bit RSA modulus. |
output | The buffer used to hold the plaintext. This must be a writable buffer of length output_max_len Bytes. |
output_max_len | The length in Bytes of the output buffer output . |
0
on success. MBEDTLS_ERR_RSA_XXX
error code on failure. int mbedtls_rsa_rsaes_oaep_encrypt | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
const unsigned char * | label, | ||
size_t | label_len, | ||
size_t | ilen, | ||
const unsigned char * | input, | ||
unsigned char * | output | ||
) |
This function performs a PKCS#1 v2.1 OAEP encryption operation (RSAES-OAEP-ENCRYPT).
mode
argument and have it implicitly set to MBEDTLS_RSA_PUBLIC.ctx | The initnialized RSA context to use. |
f_rng | The RNG function to use. This is needed for padding generation and must be provided. |
p_rng | The RNG context to be passed to f_rng . This may be NULL if f_rng doesn't need a context argument. |
mode | The mode of operation. This must be either MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE (deprecated). |
label | The buffer holding the custom label to use. This must be a readable buffer of length label_len Bytes. It may be NULL if label_len is 0 . |
label_len | The length of the label in Bytes. |
ilen | The length of the plaintext buffer input in Bytes. |
input | The input data to encrypt. This must be a readable buffer of size ilen Bytes. This must not be NULL . |
output | The output buffer. This must be a writable buffer of length ctx->len Bytes. For example, 256 Bytes for an 2048-bit RSA modulus. |
0
on success. MBEDTLS_ERR_RSA_XXX
error code on failure. int mbedtls_rsa_rsaes_pkcs1_v15_decrypt | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
size_t * | olen, | ||
const unsigned char * | input, | ||
unsigned char * | output, | ||
size_t | output_max_len | ||
) |
This function performs a PKCS#1 v1.5 decryption operation (RSAES-PKCS1-v1_5-DECRYPT).
output_max_len
should be as large as the size ctx->len
of ctx->N
, for example, 128 Bytes if RSA-1024 is used, to be able to hold an arbitrary decrypted message. If it is not large enough to hold the decryption of the particular ciphertext provided, the function returns MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.mode
argument and have it implicitly set to MBEDTLS_RSA_PRIVATE.ctx | The initialized RSA context to use. |
f_rng | The RNG function. If mode is MBEDTLS_RSA_PRIVATE, this is used for blinding and should be provided; see mbedtls_rsa_private() for more. If mode is MBEDTLS_RSA_PUBLIC, it is ignored. |
p_rng | The RNG context to be passed to f_rng . This may be NULL if f_rng is NULL or doesn't need a context. |
mode | The mode of operation. This must be either MBEDTLS_RSA_PRIVATE or MBEDTLS_RSA_PUBLIC (deprecated). |
olen | The address at which to store the length of the plaintext. This must not be NULL . |
input | The ciphertext buffer. This must be a readable buffer of length ctx->len Bytes. For example, 256 Bytes for an 2048-bit RSA modulus. |
output | The buffer used to hold the plaintext. This must be a writable buffer of length output_max_len Bytes. |
output_max_len | The length in Bytes of the output buffer output . |
0
on success. MBEDTLS_ERR_RSA_XXX
error code on failure. int mbedtls_rsa_rsaes_pkcs1_v15_encrypt | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
size_t | ilen, | ||
const unsigned char * | input, | ||
unsigned char * | output | ||
) |
This function performs a PKCS#1 v1.5 encryption operation (RSAES-PKCS1-v1_5-ENCRYPT).
mode
argument and have it implicitly set to MBEDTLS_RSA_PUBLIC.ctx | The initialized RSA context to use. |
f_rng | The RNG function to use. It is needed for padding generation if mode is MBEDTLS_RSA_PUBLIC. If mode is MBEDTLS_RSA_PRIVATE (discouraged), it is used for blinding and should be provided; see mbedtls_rsa_private(). |
p_rng | The RNG context to be passed to f_rng . This may be NULL if f_rng is NULL or if f_rng doesn't need a context argument. |
mode | The mode of operation. This must be either MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE (deprecated). |
ilen | The length of the plaintext in Bytes. |
input | The input data to encrypt. This must be a readable buffer of size ilen Bytes. This must not be NULL . |
output | The output buffer. This must be a writable buffer of length ctx->len Bytes. For example, 256 Bytes for an 2048-bit RSA modulus. |
0
on success. MBEDTLS_ERR_RSA_XXX
error code on failure. int mbedtls_rsa_rsassa_pkcs1_v15_sign | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
mbedtls_md_type_t | md_alg, | ||
unsigned int | hashlen, | ||
const unsigned char * | hash, | ||
unsigned char * | sig | ||
) |
This function performs a PKCS#1 v1.5 signature operation (RSASSA-PKCS1-v1_5-SIGN).
mode
argument and have it implicitly set to MBEDTLS_RSA_PRIVATE.ctx | The initialized RSA context to use. |
f_rng | The RNG function. If mode is MBEDTLS_RSA_PRIVATE, this is used for blinding and should be provided; see mbedtls_rsa_private() for more. If mode is MBEDTLS_RSA_PUBLIC, it is ignored. |
p_rng | The RNG context to be passed to f_rng . This may be NULL if f_rng is NULL or doesn't need a context argument. |
mode | The mode of operation. This must be either MBEDTLS_RSA_PRIVATE or MBEDTLS_RSA_PUBLIC (deprecated). |
md_alg | The message-digest algorithm used to hash the original data. Use MBEDTLS_MD_NONE for signing raw data. |
hashlen | The length of the message digest. Ths is only used if md_alg is MBEDTLS_MD_NONE. |
hash | The buffer holding the message digest or raw data. If md_alg is MBEDTLS_MD_NONE, this must be a readable buffer of length hashlen Bytes. If md_alg is not MBEDTLS_MD_NONE, it must be a readable buffer of length the size of the hash corresponding to md_alg . |
sig | The buffer to hold the signature. This must be a writable buffer of length ctx->len Bytes. For example, 256 Bytes for an 2048-bit RSA modulus. |
0
if the signing operation was successful. MBEDTLS_ERR_RSA_XXX
error code on failure. int mbedtls_rsa_rsassa_pkcs1_v15_verify | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
mbedtls_md_type_t | md_alg, | ||
unsigned int | hashlen, | ||
const unsigned char * | hash, | ||
const unsigned char * | sig | ||
) |
This function performs a PKCS#1 v1.5 verification operation (RSASSA-PKCS1-v1_5-VERIFY).
mode
argument and have it set to MBEDTLS_RSA_PUBLIC.ctx | The initialized RSA public key context to use. |
f_rng | The RNG function to use. If mode is MBEDTLS_RSA_PRIVATE, this is used for blinding and should be provided; see mbedtls_rsa_private() for more. Otherwise, it is ignored. |
p_rng | The RNG context to be passed to f_rng . This may be NULL if f_rng is NULL or doesn't need a context. |
mode | The mode of operation. This must be either MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE (deprecated). |
md_alg | The message-digest algorithm used to hash the original data. Use MBEDTLS_MD_NONE for signing raw data. |
hashlen | The length of the message digest. This is only used if md_alg is MBEDTLS_MD_NONE. |
hash | The buffer holding the message digest or raw data. If md_alg is MBEDTLS_MD_NONE, this must be a readable buffer of length hashlen Bytes. If md_alg is not MBEDTLS_MD_NONE, it must be a readable buffer of length the size of the hash corresponding to md_alg . |
sig | The buffer holding the signature. This must be a readable buffer of length ctx->len Bytes. For example, 256 Bytes for an 2048-bit RSA modulus. |
0
if the verify operation was successful. MBEDTLS_ERR_RSA_XXX
error code on failure. int mbedtls_rsa_rsassa_pss_sign | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
mbedtls_md_type_t | md_alg, | ||
unsigned int | hashlen, | ||
const unsigned char * | hash, | ||
unsigned char * | sig | ||
) |
This function performs a PKCS#1 v2.1 PSS signature operation (RSASSA-PSS-SIGN).
hash_id
in the RSA context is the one used for the encoding. md_alg
in the function call is the type of hash that is encoded. According to RFC-3447: Public-Key Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography Specifications it is advised to keep both hashes the same.mode
argument and have it implicitly set to MBEDTLS_RSA_PRIVATE.ctx | The initialized RSA context to use. |
f_rng | The RNG function. It must not be NULL . |
p_rng | The RNG context to be passed to f_rng . This may be NULL if f_rng doesn't need a context argument. |
mode | The mode of operation. This must be either MBEDTLS_RSA_PRIVATE or MBEDTLS_RSA_PUBLIC (deprecated). |
md_alg | The message-digest algorithm used to hash the original data. Use MBEDTLS_MD_NONE for signing raw data. |
hashlen | The length of the message digest. Ths is only used if md_alg is MBEDTLS_MD_NONE. |
hash | The buffer holding the message digest or raw data. If md_alg is MBEDTLS_MD_NONE, this must be a readable buffer of length hashlen Bytes. If md_alg is not MBEDTLS_MD_NONE, it must be a readable buffer of length the size of the hash corresponding to md_alg . |
sig | The buffer to hold the signature. This must be a writable buffer of length ctx->len Bytes. For example, 256 Bytes for an 2048-bit RSA modulus. |
0
if the signing operation was successful. MBEDTLS_ERR_RSA_XXX
error code on failure. int mbedtls_rsa_rsassa_pss_verify | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
mbedtls_md_type_t | md_alg, | ||
unsigned int | hashlen, | ||
const unsigned char * | hash, | ||
const unsigned char * | sig | ||
) |
This function performs a PKCS#1 v2.1 PSS verification operation (RSASSA-PSS-VERIFY).
The hash function for the MGF mask generating function is that specified in the RSA context.
hash_id
in the RSA context is the one used for the verification. md_alg
in the function call is the type of hash that is verified. According to RFC-3447: Public-Key Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography Specifications it is advised to keep both hashes the same. If hash_id
in the RSA context is unset, the md_alg
from the function call is used.mode
argument and have it implicitly set to MBEDTLS_RSA_PUBLIC.ctx | The initialized RSA public key context to use. |
f_rng | The RNG function to use. If mode is MBEDTLS_RSA_PRIVATE, this is used for blinding and should be provided; see mbedtls_rsa_private() for more. Otherwise, it is ignored. |
p_rng | The RNG context to be passed to f_rng . This may be NULL if f_rng is NULL or doesn't need a context. |
mode | The mode of operation. This must be either MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE (deprecated). |
md_alg | The message-digest algorithm used to hash the original data. Use MBEDTLS_MD_NONE for signing raw data. |
hashlen | The length of the message digest. This is only used if md_alg is MBEDTLS_MD_NONE. |
hash | The buffer holding the message digest or raw data. If md_alg is MBEDTLS_MD_NONE, this must be a readable buffer of length hashlen Bytes. If md_alg is not MBEDTLS_MD_NONE, it must be a readable buffer of length the size of the hash corresponding to md_alg . |
sig | The buffer holding the signature. This must be a readable buffer of length ctx->len Bytes. For example, 256 Bytes for an 2048-bit RSA modulus. |
0
if the verify operation was successful. MBEDTLS_ERR_RSA_XXX
error code on failure. int mbedtls_rsa_rsassa_pss_verify_ext | ( | mbedtls_rsa_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
int | mode, | ||
mbedtls_md_type_t | md_alg, | ||
unsigned int | hashlen, | ||
const unsigned char * | hash, | ||
mbedtls_md_type_t | mgf1_hash_id, | ||
int | expected_salt_len, | ||
const unsigned char * | sig | ||
) |
This function performs a PKCS#1 v2.1 PSS verification operation (RSASSA-PSS-VERIFY).
The hash function for the MGF mask generating function is that specified in mgf1_hash_id
.
sig
buffer must be as large as the size of ctx->N
. For example, 128 Bytes if RSA-1024 is used.hash_id
in the RSA context is ignored.ctx | The initialized RSA public key context to use. |
f_rng | The RNG function to use. If mode is MBEDTLS_RSA_PRIVATE, this is used for blinding and should be provided; see mbedtls_rsa_private() for more. Otherwise, it is ignored. |
p_rng | The RNG context to be passed to f_rng . This may be NULL if f_rng is NULL or doesn't need a context. |
mode | The mode of operation. This must be either MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE. |
md_alg | The message-digest algorithm used to hash the original data. Use MBEDTLS_MD_NONE for signing raw data. |
hashlen | The length of the message digest. This is only used if md_alg is MBEDTLS_MD_NONE. |
hash | The buffer holding the message digest or raw data. If md_alg is MBEDTLS_MD_NONE, this must be a readable buffer of length hashlen Bytes. If md_alg is not MBEDTLS_MD_NONE, it must be a readable buffer of length the size of the hash corresponding to md_alg . |
mgf1_hash_id | The message digest used for mask generation. |
expected_salt_len | The length of the salt used in padding. Use MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length. |
sig | The buffer holding the signature. This must be a readable buffer of length ctx->len Bytes. For example, 256 Bytes for an 2048-bit RSA modulus. |
0
if the verify operation was successful. MBEDTLS_ERR_RSA_XXX
error code on failure. int mbedtls_rsa_self_test | ( | int | verbose | ) |
The RSA checkup routine.
0
on success. 1
on failure. void mbedtls_rsa_set_padding | ( | mbedtls_rsa_context * | ctx, |
int | padding, | ||
int | hash_id | ||
) |
This function sets padding for an already initialized RSA context. See mbedtls_rsa_init() for details.
ctx | The initialized RSA context to be configured. |
padding | The padding mode to use. This must be either MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21. |
hash_id | The MBEDTLS_RSA_PKCS_V21 hash identifier. |