Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1 | /** |
| 2 | * \file rsa.h |
Paul Bakker | e0ccd0a | 2009-01-04 16:27:10 +0000 | [diff] [blame] | 3 | * |
Paul Bakker | 37ca75d | 2011-01-06 12:28:03 +0000 | [diff] [blame] | 4 | * \brief The RSA public-key cryptosystem |
| 5 | * |
Manuel Pégourié-Gonnard | 6fb8187 | 2015-07-27 11:11:48 +0200 | [diff] [blame] | 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved |
Manuel Pégourié-Gonnard | 37ff140 | 2015-09-04 14:21:07 +0200 | [diff] [blame] | 7 | * SPDX-License-Identifier: Apache-2.0 |
| 8 | * |
| 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 10 | * not use this file except in compliance with the License. |
| 11 | * You may obtain a copy of the License at |
| 12 | * |
| 13 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 14 | * |
| 15 | * Unless required by applicable law or agreed to in writing, software |
| 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 18 | * See the License for the specific language governing permissions and |
| 19 | * limitations under the License. |
Paul Bakker | b96f154 | 2010-07-18 20:36:00 +0000 | [diff] [blame] | 20 | * |
Manuel Pégourié-Gonnard | fe44643 | 2015-03-06 13:17:10 +0000 | [diff] [blame] | 21 | * This file is part of mbed TLS (https://tls.mbed.org) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 22 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 23 | #ifndef MBEDTLS_RSA_H |
| 24 | #define MBEDTLS_RSA_H |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 25 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 26 | #if !defined(MBEDTLS_CONFIG_FILE) |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 27 | #include "config.h" |
Manuel Pégourié-Gonnard | cef4ad2 | 2014-04-29 12:39:06 +0200 | [diff] [blame] | 28 | #else |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 29 | #include MBEDTLS_CONFIG_FILE |
Manuel Pégourié-Gonnard | cef4ad2 | 2014-04-29 12:39:06 +0200 | [diff] [blame] | 30 | #endif |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 31 | |
Paul Bakker | 314052f | 2011-08-15 09:07:52 +0000 | [diff] [blame] | 32 | #include "bignum.h" |
Paul Bakker | c70b982 | 2013-04-07 22:00:46 +0200 | [diff] [blame] | 33 | #include "md.h" |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 34 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 35 | #if defined(MBEDTLS_THREADING_C) |
Paul Bakker | c9965dc | 2013-09-29 14:58:17 +0200 | [diff] [blame] | 36 | #include "threading.h" |
| 37 | #endif |
| 38 | |
Paul Bakker | 13e2dfe | 2009-07-28 07:18:38 +0000 | [diff] [blame] | 39 | /* |
| 40 | * RSA Error codes |
| 41 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 42 | #define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 /**< Bad input parameters to function. */ |
| 43 | #define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100 /**< Input data contains invalid padding and is rejected. */ |
| 44 | #define MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180 /**< Something failed during generation of a key. */ |
Manuel Pégourié-Gonnard | eecb43c | 2015-05-12 12:56:41 +0200 | [diff] [blame] | 45 | #define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 /**< Key failed to pass the library's validity check. */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 46 | #define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280 /**< The public key operation failed. */ |
| 47 | #define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300 /**< The private key operation failed. */ |
| 48 | #define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */ |
| 49 | #define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */ |
| 50 | #define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */ |
Hanno Becker | 91c194d | 2017-09-29 12:50:12 +0100 | [diff] [blame] | 51 | #define MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED -0x4500 /**< The requested parameter export is not possible/allowed. */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 52 | |
| 53 | /* |
Paul Bakker | c70b982 | 2013-04-07 22:00:46 +0200 | [diff] [blame] | 54 | * RSA constants |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 55 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 56 | #define MBEDTLS_RSA_PUBLIC 0 |
| 57 | #define MBEDTLS_RSA_PRIVATE 1 |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 58 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 59 | #define MBEDTLS_RSA_PKCS_V15 0 |
| 60 | #define MBEDTLS_RSA_PKCS_V21 1 |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 61 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 62 | #define MBEDTLS_RSA_SIGN 1 |
| 63 | #define MBEDTLS_RSA_CRYPT 2 |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 64 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 65 | #define MBEDTLS_RSA_SALT_LEN_ANY -1 |
Manuel Pégourié-Gonnard | 5ec628a | 2014-06-03 11:44:06 +0200 | [diff] [blame] | 66 | |
Manuel Pégourié-Gonnard | e511ffc | 2013-08-22 17:33:21 +0200 | [diff] [blame] | 67 | /* |
| 68 | * The above constants may be used even if the RSA module is compile out, |
| 69 | * eg for alternative (PKCS#11) RSA implemenations in the PK layers. |
| 70 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 71 | #if defined(MBEDTLS_RSA_C) |
Manuel Pégourié-Gonnard | e511ffc | 2013-08-22 17:33:21 +0200 | [diff] [blame] | 72 | |
Paul Bakker | 407a0da | 2013-06-27 14:29:21 +0200 | [diff] [blame] | 73 | #ifdef __cplusplus |
| 74 | extern "C" { |
| 75 | #endif |
| 76 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 77 | /** |
Hanno Becker | a3ebec2 | 2017-08-23 14:06:24 +0100 | [diff] [blame] | 78 | * Helper functions for RSA-related operations on MPI's. |
| 79 | */ |
| 80 | |
| 81 | /** |
| 82 | * \brief Compute RSA prime moduli P, Q from public modulus N=PQ |
Hanno Becker | b0c5edc | 2017-08-23 22:16:10 +0100 | [diff] [blame] | 83 | * and a pair of private and public key. |
Hanno Becker | a3ebec2 | 2017-08-23 14:06:24 +0100 | [diff] [blame] | 84 | * |
| 85 | * \note This is a 'static' helper function not operating on |
| 86 | * an RSA context. Alternative implementations need not |
| 87 | * overwrite it. |
| 88 | * |
| 89 | * \param N RSA modulus N = PQ, with P, Q to be found |
| 90 | * \param D RSA private exponent |
| 91 | * \param E RSA public exponent |
| 92 | * \param f_rng PRNG to be used for randomization, or NULL |
| 93 | * \param p_rng PRNG context for f_rng, or NULL |
| 94 | * \param P Pointer to MPI holding first prime factor of N on success |
| 95 | * \param Q Pointer to MPI holding second prime factor of N on success |
| 96 | * |
Hanno Becker | ed20361 | 2017-09-29 13:34:25 +0100 | [diff] [blame] | 97 | * \return |
| 98 | * - 0 if successful. In this case, P and Q constitute a |
Hanno Becker | ba5b755 | 2017-10-02 09:55:49 +0100 | [diff] [blame] | 99 | * factorization of N. |
| 100 | * - A non-zero error code otherwise. |
Hanno Becker | a3ebec2 | 2017-08-23 14:06:24 +0100 | [diff] [blame] | 101 | * |
Hanno Becker | a3ebec2 | 2017-08-23 14:06:24 +0100 | [diff] [blame] | 102 | */ |
Hanno Becker | ba5b755 | 2017-10-02 09:55:49 +0100 | [diff] [blame] | 103 | int mbedtls_rsa_deduce_moduli( mbedtls_mpi const *N, mbedtls_mpi const *D, |
| 104 | mbedtls_mpi const *E, int (*f_rng)(void *, unsigned char *, size_t), |
| 105 | void *p_rng, mbedtls_mpi *P, mbedtls_mpi *Q ); |
Hanno Becker | a3ebec2 | 2017-08-23 14:06:24 +0100 | [diff] [blame] | 106 | |
| 107 | /** |
| 108 | * \brief Compute RSA private exponent from |
| 109 | * prime moduli and public key. |
| 110 | * |
| 111 | * \note This is a 'static' helper function not operating on |
| 112 | * an RSA context. Alternative implementations need not |
| 113 | * overwrite it. |
| 114 | * |
| 115 | * \param P First prime factor of RSA modulus |
| 116 | * \param Q Second prime factor of RSA modulus |
| 117 | * \param E RSA public exponent |
| 118 | * \param D Pointer to MPI holding the private exponent on success. |
| 119 | * |
| 120 | * \note This function does not check whether P and Q are primes. |
| 121 | * |
Hanno Becker | ed20361 | 2017-09-29 13:34:25 +0100 | [diff] [blame] | 122 | * \return |
| 123 | * - 0 if successful. In this case, D is set to a simultaneous |
Hanno Becker | a3ebec2 | 2017-08-23 14:06:24 +0100 | [diff] [blame] | 124 | * modular inverse of E modulo both P-1 and Q-1. |
Hanno Becker | bdefff1 | 2017-10-02 09:57:50 +0100 | [diff] [blame^] | 125 | * - A non-zero error code otherwise. |
Hanno Becker | a3ebec2 | 2017-08-23 14:06:24 +0100 | [diff] [blame] | 126 | * |
Hanno Becker | a3ebec2 | 2017-08-23 14:06:24 +0100 | [diff] [blame] | 127 | */ |
Hanno Becker | bdefff1 | 2017-10-02 09:57:50 +0100 | [diff] [blame^] | 128 | int mbedtls_rsa_deduce_private( mbedtls_mpi const *P, mbedtls_mpi const *Q, |
| 129 | mbedtls_mpi const *E, mbedtls_mpi *D ); |
Hanno Becker | a3ebec2 | 2017-08-23 14:06:24 +0100 | [diff] [blame] | 130 | |
| 131 | |
| 132 | /** |
| 133 | * \brief Generate RSA-CRT parameters |
| 134 | * |
| 135 | * \note This is a 'static' helper function not operating on |
| 136 | * an RSA context. Alternative implementations need not |
| 137 | * overwrite it. |
| 138 | * |
| 139 | * \param P First prime factor of N |
| 140 | * \param Q Second prime factor of N |
| 141 | * \param D RSA private exponent |
| 142 | * \param DP Output variable for D modulo P-1 |
| 143 | * \param DQ Output variable for D modulo Q-1 |
| 144 | * \param QP Output variable for the modular inverse of Q modulo P. |
| 145 | * |
| 146 | * \return 0 on success, non-zero error code otherwise. |
| 147 | * |
| 148 | */ |
| 149 | int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, |
| 150 | const mbedtls_mpi *D, mbedtls_mpi *DP, |
| 151 | mbedtls_mpi *DQ, mbedtls_mpi *QP ); |
| 152 | |
| 153 | |
| 154 | /** |
| 155 | * \brief Check validity of core RSA parameters |
| 156 | * |
| 157 | * \note This is a 'static' helper function not operating on |
| 158 | * an RSA context. Alternative implementations need not |
| 159 | * overwrite it. |
| 160 | * |
| 161 | * \param N RSA modulus N = PQ |
| 162 | * \param P First prime factor of N |
| 163 | * \param Q Second prime factor of N |
| 164 | * \param D RSA private exponent |
| 165 | * \param E RSA public exponent |
Hanno Becker | 56bae95 | 2017-09-29 15:33:10 +0100 | [diff] [blame] | 166 | * \param f_rng PRNG to be used for primality check, or NULL |
Hanno Becker | a3ebec2 | 2017-08-23 14:06:24 +0100 | [diff] [blame] | 167 | * \param p_rng PRNG context for f_rng, or NULL |
| 168 | * |
Hanno Becker | ed20361 | 2017-09-29 13:34:25 +0100 | [diff] [blame] | 169 | * \return |
| 170 | * - 0 if the following conditions are satisfied: |
| 171 | * - N = PQ if N,P,Q != NULL |
| 172 | * - D and E are modular inverses modulo P-1 and Q-1 |
| 173 | * if D,E,P,Q != NULL |
| 174 | * - P prime if f_rng, P != NULL |
| 175 | * - Q prime if f_rng, Q != NULL |
Hanno Becker | 750e8b4 | 2017-08-25 07:54:27 +0100 | [diff] [blame] | 176 | * - A non-zero error code otherwise. |
Hanno Becker | a3ebec2 | 2017-08-23 14:06:24 +0100 | [diff] [blame] | 177 | * |
| 178 | * \note The function can be used with a restricted set of arguments |
| 179 | * to perform specific checks only. E.g., calling it with |
| 180 | * (-,P,-,-,-) and a PRNG amounts to a primality check for P. |
Hanno Becker | a3ebec2 | 2017-08-23 14:06:24 +0100 | [diff] [blame] | 181 | */ |
Hanno Becker | 750e8b4 | 2017-08-25 07:54:27 +0100 | [diff] [blame] | 182 | int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, |
| 183 | const mbedtls_mpi *Q, const mbedtls_mpi *D, |
| 184 | const mbedtls_mpi *E, |
| 185 | int (*f_rng)(void *, unsigned char *, size_t), |
| 186 | void *p_rng ); |
Hanno Becker | a3ebec2 | 2017-08-23 14:06:24 +0100 | [diff] [blame] | 187 | |
| 188 | /** |
Hanno Becker | d363799 | 2017-08-25 07:55:03 +0100 | [diff] [blame] | 189 | * \brief Check validity of RSA CRT parameters |
| 190 | * |
| 191 | * \note This is a 'static' helper function not operating on |
| 192 | * an RSA context. Alternative implementations need not |
| 193 | * overwrite it. |
| 194 | * |
| 195 | * \param P First prime factor of RSA modulus |
| 196 | * \param Q Second prime factor of RSA modulus |
| 197 | * \param D RSA private exponent |
| 198 | * \param DP MPI to check for D modulo P-1 |
| 199 | * \param DQ MPI to check for D modulo P-1 |
| 200 | * \param QP MPI to check for the modular inverse of Q modulo P. |
| 201 | * |
Hanno Becker | ed20361 | 2017-09-29 13:34:25 +0100 | [diff] [blame] | 202 | * \return |
| 203 | * - 0 if the following conditions are satisfied: |
| 204 | * - D = DP mod P-1 if P, D, DP != NULL |
| 205 | * - Q = DQ mod P-1 if P, D, DQ != NULL |
| 206 | * - QP = Q^-1 mod P if P, Q, QP != NULL |
| 207 | * - \c MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if check failed, |
| 208 | * potentially including \c MBEDTLS_ERR_MPI_XXX if some |
Hanno Becker | d363799 | 2017-08-25 07:55:03 +0100 | [diff] [blame] | 209 | * MPI calculations failed. |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 210 | * - \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA if insufficient |
Hanno Becker | d363799 | 2017-08-25 07:55:03 +0100 | [diff] [blame] | 211 | * data was provided to check DP, DQ or QP. |
| 212 | * |
| 213 | * \note The function can be used with a restricted set of arguments |
| 214 | * to perform specific checks only. E.g., calling it with the |
| 215 | * parameters (P, -, D, DP, -, -) will check DP = D mod P-1. |
| 216 | */ |
| 217 | int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, |
| 218 | const mbedtls_mpi *D, const mbedtls_mpi *DP, |
| 219 | const mbedtls_mpi *DQ, const mbedtls_mpi *QP ); |
| 220 | |
| 221 | /** |
Hanno Becker | a3ebec2 | 2017-08-23 14:06:24 +0100 | [diff] [blame] | 222 | * Implementation of RSA interface |
| 223 | */ |
| 224 | |
Hanno Becker | ab37731 | 2017-08-23 16:24:51 +0100 | [diff] [blame] | 225 | #if !defined(MBEDTLS_RSA_ALT) |
| 226 | |
Hanno Becker | a3ebec2 | 2017-08-23 14:06:24 +0100 | [diff] [blame] | 227 | /** |
Hanno Becker | 5063cd2 | 2017-09-29 11:49:12 +0100 | [diff] [blame] | 228 | * \brief RSA context structure |
| 229 | * |
| 230 | * \note Direct manipulation of the members of this structure |
| 231 | * is deprecated and will no longer be supported starting |
| 232 | * from the next major release. All manipulation should instead |
| 233 | * be done through the public interface functions. |
| 234 | * |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 235 | */ |
| 236 | typedef struct |
| 237 | { |
| 238 | int ver; /*!< always 0 */ |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 239 | size_t len; /*!< size(N) in chars */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 240 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 241 | mbedtls_mpi N; /*!< public modulus */ |
| 242 | mbedtls_mpi E; /*!< public exponent */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 243 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 244 | mbedtls_mpi D; /*!< private exponent */ |
| 245 | mbedtls_mpi P; /*!< 1st prime factor */ |
| 246 | mbedtls_mpi Q; /*!< 2nd prime factor */ |
Hanno Becker | 1a59e79 | 2017-08-23 07:41:10 +0100 | [diff] [blame] | 247 | |
| 248 | #if !defined(MBEDTLS_RSA_NO_CRT) |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 249 | mbedtls_mpi DP; /*!< D % (P - 1) */ |
| 250 | mbedtls_mpi DQ; /*!< D % (Q - 1) */ |
| 251 | mbedtls_mpi QP; /*!< 1 / (Q % P) */ |
Hanno Becker | 1a59e79 | 2017-08-23 07:41:10 +0100 | [diff] [blame] | 252 | #endif /* MBEDTLS_RSA_NO_CRT */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 253 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 254 | mbedtls_mpi RN; /*!< cached R^2 mod N */ |
Hanno Becker | 1a59e79 | 2017-08-23 07:41:10 +0100 | [diff] [blame] | 255 | |
| 256 | #if !defined(MBEDTLS_RSA_NO_CRT) |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 257 | mbedtls_mpi RP; /*!< cached R^2 mod P */ |
| 258 | mbedtls_mpi RQ; /*!< cached R^2 mod Q */ |
Hanno Becker | 1a59e79 | 2017-08-23 07:41:10 +0100 | [diff] [blame] | 259 | #endif /* MBEDTLS_RSA_NO_CRT */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 260 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 261 | mbedtls_mpi Vi; /*!< cached blinding value */ |
| 262 | mbedtls_mpi Vf; /*!< cached un-blinding value */ |
Manuel Pégourié-Gonnard | ea53a55 | 2013-09-10 13:29:30 +0200 | [diff] [blame] | 263 | |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 264 | int padding; /*!< \c MBEDTLS_RSA_PKCS_V15 for 1.5 padding and |
| 265 | \c MBEDTLS_RSA_PKCS_v21 for OAEP/PSS */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 266 | int hash_id; /*!< Hash identifier of mbedtls_md_type_t as |
| 267 | specified in the mbedtls_md.h header file |
Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 268 | for the EME-OAEP and EMSA-PSS |
| 269 | encoding */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 270 | #if defined(MBEDTLS_THREADING_C) |
| 271 | mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex */ |
Paul Bakker | c9965dc | 2013-09-29 14:58:17 +0200 | [diff] [blame] | 272 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 273 | } |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 274 | mbedtls_rsa_context; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 275 | |
Hanno Becker | ab37731 | 2017-08-23 16:24:51 +0100 | [diff] [blame] | 276 | #else |
| 277 | |
| 278 | #include "rsa_alt.h" |
| 279 | |
| 280 | #endif /* MBEDTLS_RSA_ALT */ |
| 281 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 282 | /** |
| 283 | * \brief Initialize an RSA context |
| 284 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 285 | * Note: Set padding to \c MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP |
Paul Bakker | 9a73632 | 2012-11-14 12:39:52 +0000 | [diff] [blame] | 286 | * encryption scheme and the RSASSA-PSS signature scheme. |
| 287 | * |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 288 | * \param ctx RSA context to be initialized |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 289 | * \param padding \c MBEDTLS_RSA_PKCS_V15 or \c MBEDTLS_RSA_PKCS_V21 |
| 290 | * \param hash_id \c MBEDTLS_RSA_PKCS_V21 hash identifier |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 291 | * |
| 292 | * \note The hash_id parameter is actually ignored |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 293 | * when using \c MBEDTLS_RSA_PKCS_V15 padding. |
Manuel Pégourié-Gonnard | e6d1d82 | 2014-06-02 16:47:02 +0200 | [diff] [blame] | 294 | * |
| 295 | * \note Choice of padding mode is strictly enforced for private key |
| 296 | * operations, since there might be security concerns in |
| 297 | * mixing padding modes. For public key operations it's merely |
| 298 | * a default value, which can be overriden by calling specific |
| 299 | * rsa_rsaes_xxx or rsa_rsassa_xxx functions. |
| 300 | * |
| 301 | * \note The chosen hash is always used for OEAP encryption. |
| 302 | * For PSS signatures, it's always used for making signatures, |
| 303 | * but can be overriden (and always is, if set to |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 304 | * \c MBEDTLS_MD_NONE) for verifying them. |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 305 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 306 | void mbedtls_rsa_init( mbedtls_rsa_context *ctx, |
Hanno Becker | 8fd5548 | 2017-08-23 14:07:48 +0100 | [diff] [blame] | 307 | int padding, |
| 308 | int hash_id); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 309 | |
Hanno Becker | cbb59bc | 2017-08-23 14:11:08 +0100 | [diff] [blame] | 310 | /** |
| 311 | * \brief Import a set of core parameters into an RSA context |
| 312 | * |
| 313 | * \param ctx Initialized RSA context to store parameters |
| 314 | * \param N RSA modulus, or NULL |
| 315 | * \param P First prime factor of N, or NULL |
| 316 | * \param Q Second prime factor of N, or NULL |
| 317 | * \param D Private exponent, or NULL |
| 318 | * \param E Public exponent, or NULL |
| 319 | * |
| 320 | * \note This function can be called multiple times for successive |
| 321 | * imports if the parameters are not simultaneously present. |
| 322 | * Any sequence of calls to this function should be followed |
| 323 | * by a call to \c mbedtls_rsa_complete which will check |
| 324 | * and complete the provided information to a ready-for-use |
| 325 | * public or private RSA key. |
| 326 | * |
| 327 | * \return 0 if successful, non-zero error code on failure. |
| 328 | */ |
| 329 | int mbedtls_rsa_import( mbedtls_rsa_context *ctx, |
| 330 | const mbedtls_mpi *N, |
| 331 | const mbedtls_mpi *P, const mbedtls_mpi *Q, |
| 332 | const mbedtls_mpi *D, const mbedtls_mpi *E ); |
| 333 | |
| 334 | /** |
| 335 | * \brief Import core RSA parameters in raw big-endian |
| 336 | * binary format into an RSA context |
| 337 | * |
| 338 | * \param ctx Initialized RSA context to store parameters |
| 339 | * \param N RSA modulus, or NULL |
| 340 | * \param N_len Byte length of N, ignored if N == NULL |
| 341 | * \param P First prime factor of N, or NULL |
| 342 | * \param P_len Byte length of P, ignored if P == NULL |
| 343 | * \param Q Second prime factor of N, or NULL |
| 344 | * \param Q_len Byte length of Q, ignored if Q == NULL |
| 345 | * \param D Private exponent, or NULL |
| 346 | * \param D_len Byte length of D, ignored if D == NULL |
| 347 | * \param E Public exponent, or NULL |
| 348 | * \param E_len Byte length of E, ignored if E == NULL |
| 349 | * |
| 350 | * \note This function can be called multiple times for successive |
| 351 | * imports if the parameters are not simultaneously present. |
| 352 | * Any sequence of calls to this function should be followed |
| 353 | * by a call to \c mbedtls_rsa_complete which will check |
| 354 | * and complete the provided information to a ready-for-use |
| 355 | * public or private RSA key. |
| 356 | * |
| 357 | * \return 0 if successful, non-zero error code on failure. |
| 358 | */ |
Hanno Becker | cbb59bc | 2017-08-23 14:11:08 +0100 | [diff] [blame] | 359 | int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, |
| 360 | unsigned char *N, size_t N_len, |
| 361 | unsigned char *P, size_t P_len, |
| 362 | unsigned char *Q, size_t Q_len, |
| 363 | unsigned char *D, size_t D_len, |
| 364 | unsigned char *E, size_t E_len ); |
| 365 | |
| 366 | /** |
| 367 | * \brief Attempt to complete an RSA context from |
| 368 | * a set of imported core parameters. |
| 369 | * |
| 370 | * \param ctx Initialized RSA context to store parameters |
| 371 | * \param f_rng RNG function, |
| 372 | * \param p_rng RNG parameter |
| 373 | * |
Hanno Becker | ed20361 | 2017-09-29 13:34:25 +0100 | [diff] [blame] | 374 | * \note |
| 375 | * - To setup an RSA public key, precisely N and E |
| 376 | * must have been imported. |
Hanno Becker | cbb59bc | 2017-08-23 14:11:08 +0100 | [diff] [blame] | 377 | * |
Hanno Becker | ed20361 | 2017-09-29 13:34:25 +0100 | [diff] [blame] | 378 | * - To setup an RSA private key, enough information must be |
| 379 | * present for the other parameters to be efficiently derivable. |
Hanno Becker | cbb59bc | 2017-08-23 14:11:08 +0100 | [diff] [blame] | 380 | * |
Hanno Becker | ed20361 | 2017-09-29 13:34:25 +0100 | [diff] [blame] | 381 | * The default implementation supports the following: |
| 382 | * - Derive P, Q from N, D, E |
| 383 | * - Derive N, D from P, Q, E. |
Hanno Becker | cbb59bc | 2017-08-23 14:11:08 +0100 | [diff] [blame] | 384 | * |
Hanno Becker | ed20361 | 2017-09-29 13:34:25 +0100 | [diff] [blame] | 385 | * - Alternative implementations need not support these |
| 386 | * and may return \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA instead. |
Hanno Becker | cbb59bc | 2017-08-23 14:11:08 +0100 | [diff] [blame] | 387 | * |
| 388 | * \note The PRNG is used for probabilistic algorithms |
| 389 | * like the derivation of P, Q from N, D, E, as |
| 390 | * well as primality checks. |
| 391 | * |
Hanno Becker | 603b8c6 | 2017-08-25 11:03:07 +0100 | [diff] [blame] | 392 | * \return - 0 if successful. In this case, all imported core |
| 393 | * parameters are guaranteed to be sane, the RSA context |
| 394 | * has been fully setup and is ready for use. |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 395 | * - \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted |
Hanno Becker | cbb59bc | 2017-08-23 14:11:08 +0100 | [diff] [blame] | 396 | * derivations failed. |
| 397 | */ |
| 398 | int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, |
| 399 | int (*f_rng)(void *, unsigned char *, size_t), |
| 400 | void *p_rng ); |
| 401 | |
| 402 | /** |
| 403 | * \brief Check if CRT-parameters match core parameters |
| 404 | * |
| 405 | * \param ctx Complete RSA private key context |
| 406 | * \param DP Private exponent modulo P-1, or NULL |
| 407 | * \param DQ Private exponent modulo Q-1, or NULL |
| 408 | * \param QP Modular inverse of Q modulo P, or NULL |
| 409 | * |
| 410 | * \return 0 if successful, testifying that the non-NULL optional |
| 411 | * parameters provided are in accordance with the core |
| 412 | * RSA parameters. Non-zero error code otherwise. |
| 413 | * |
| 414 | * \note This function performs in-place computations on the |
| 415 | * parameters DP, DQ and QP. If modification cannot be |
| 416 | * tolerated, you should make copies with mbedtls_mpi_copy |
| 417 | * before calling this function. |
| 418 | * |
| 419 | */ |
Hanno Becker | d363799 | 2017-08-25 07:55:03 +0100 | [diff] [blame] | 420 | int mbedtls_rsa_check_crt( const mbedtls_rsa_context *ctx, |
Hanno Becker | cbb59bc | 2017-08-23 14:11:08 +0100 | [diff] [blame] | 421 | mbedtls_mpi *DP, |
| 422 | mbedtls_mpi *DQ, |
| 423 | mbedtls_mpi *QP ); |
| 424 | |
| 425 | /** |
| 426 | * \brief Export core parameters of an RSA key |
| 427 | * |
| 428 | * \param ctx Initialized RSA context |
| 429 | * \param N MPI to hold the RSA modulus, or NULL |
| 430 | * \param P MPI to hold the first prime factor of N, or NULL |
| 431 | * \param Q MPI to hold the second prime factor of N, or NULL |
| 432 | * \param D MPI to hold the private exponent, or NULL |
| 433 | * \param E MPI to hold the public exponent, or NULL |
| 434 | * |
Hanno Becker | ed20361 | 2017-09-29 13:34:25 +0100 | [diff] [blame] | 435 | * \return |
| 436 | * - 0 if successful. In this case, the non-NULL buffers |
| 437 | * pointed to by N, P, Q, D, E are fully written, with |
| 438 | * additional unused space filled leading by 0-bytes. |
| 439 | * - Non-zero return code otherwise. In particular, if |
| 440 | * exporting the requested parameters |
| 441 | * cannot be done because of a lack of functionality |
| 442 | * or because of security policies, the error code |
| 443 | * \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned. |
| 444 | * In this case, the RSA context stays intact and can |
| 445 | * be continued to be used. |
Hanno Becker | 91c194d | 2017-09-29 12:50:12 +0100 | [diff] [blame] | 446 | * |
Hanno Becker | ed20361 | 2017-09-29 13:34:25 +0100 | [diff] [blame] | 447 | * \note Reasons for returning \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED |
Hanno Becker | 91c194d | 2017-09-29 12:50:12 +0100 | [diff] [blame] | 448 | * would be the following: Firstly, it might be that an |
| 449 | * alternative RSA implementation is in use which stores |
| 450 | * the key externally, and which either cannot or should not |
| 451 | * export it into RAM. Alternatively, an implementation |
| 452 | * (regardless of SW or HW) might not support deducing e.g. |
| 453 | * P, Q from N, D, E if the former are not part of the |
| 454 | * implementation. |
Hanno Becker | cbb59bc | 2017-08-23 14:11:08 +0100 | [diff] [blame] | 455 | * |
| 456 | */ |
| 457 | int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, |
| 458 | mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, |
| 459 | mbedtls_mpi *D, mbedtls_mpi *E ); |
| 460 | |
| 461 | /** |
| 462 | * \brief Export core parameters of an RSA key |
| 463 | * in raw big-endian binary format |
| 464 | * |
| 465 | * \param ctx Initialized RSA context |
| 466 | * \param N Byte array to store the RSA modulus, or NULL |
| 467 | * \param N_len Size of buffer for modulus |
| 468 | * \param P Byte array to hold the first prime factor of N, or NULL |
| 469 | * \param P_len Size of buffer for first prime factor |
| 470 | * \param Q Byte array to hold the second prime factor of N, or NULL |
| 471 | * \param Q_len Size of buffer for second prime factor |
| 472 | * \param D Byte array to hold the private exponent, or NULL |
| 473 | * \param D_len Size of buffer for private exponent |
| 474 | * \param E Byte array to hold the public exponent, or NULL |
| 475 | * \param E_len Size of buffer for public exponent |
| 476 | * |
| 477 | * \note The length fields are ignored if the corresponding |
| 478 | * buffer pointers are NULL. |
| 479 | * |
Hanno Becker | ed20361 | 2017-09-29 13:34:25 +0100 | [diff] [blame] | 480 | * \return |
| 481 | * - 0 if successful. In this case, the non-NULL buffers |
| 482 | * pointed to by N, P, Q, D, E are fully written, with |
| 483 | * additional unused space filled leading by 0-bytes. |
| 484 | * - Non-zero return code otherwise. In particular, if |
| 485 | * exporting the requested parameters |
| 486 | * cannot be done because of a lack of functionality |
| 487 | * or because of security policies, the error code |
| 488 | * \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned. |
| 489 | * In this case, the RSA context stays intact and can |
| 490 | * be continued to be used. |
Hanno Becker | cbb59bc | 2017-08-23 14:11:08 +0100 | [diff] [blame] | 491 | * |
Hanno Becker | ed20361 | 2017-09-29 13:34:25 +0100 | [diff] [blame] | 492 | * \note Reasons for returning \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED |
Hanno Becker | 91c194d | 2017-09-29 12:50:12 +0100 | [diff] [blame] | 493 | * would be the following: Firstly, it might be that an |
| 494 | * alternative RSA implementation is in use which stores |
| 495 | * the key externally, and which either cannot or should not |
| 496 | * export it into RAM. Alternatively, an implementation |
| 497 | * (regardless of SW or HW) might not support deducing e.g. |
| 498 | * P, Q from N, D, E if the former are not part of the |
| 499 | * implementation. |
| 500 | * |
| 501 | * |
Hanno Becker | cbb59bc | 2017-08-23 14:11:08 +0100 | [diff] [blame] | 502 | */ |
| 503 | int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, |
| 504 | unsigned char *N, size_t N_len, |
| 505 | unsigned char *P, size_t P_len, |
| 506 | unsigned char *Q, size_t Q_len, |
| 507 | unsigned char *D, size_t D_len, |
| 508 | unsigned char *E, size_t E_len ); |
| 509 | |
| 510 | /** |
| 511 | * \brief Export CRT parameters of a private RSA key |
| 512 | * |
| 513 | * \param ctx Initialized RSA context |
| 514 | * \param DP MPI to hold D modulo P-1, or NULL |
| 515 | * \param DQ MPI to hold D modulo Q-1, or NULL |
| 516 | * \param QP MPI to hold modular inverse of Q modulo P, or NULL |
| 517 | * |
| 518 | * \return 0 if successful, non-zero error code otherwise. |
| 519 | * |
| 520 | * \note Alternative RSA implementations not using CRT-parameters |
| 521 | * internally can implement this function using based on |
| 522 | * \c mbedtls_rsa_deduce_opt. |
| 523 | * |
| 524 | */ |
| 525 | int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, |
| 526 | mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ); |
| 527 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 528 | /** |
Manuel Pégourié-Gonnard | 844a4c0 | 2014-03-10 21:55:35 +0100 | [diff] [blame] | 529 | * \brief Set padding for an already initialized RSA context |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 530 | * See \c mbedtls_rsa_init() for details. |
Manuel Pégourié-Gonnard | 844a4c0 | 2014-03-10 21:55:35 +0100 | [diff] [blame] | 531 | * |
| 532 | * \param ctx RSA context to be set |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 533 | * \param padding \c MBEDTLS_RSA_PKCS_V15 or \c MBEDTLS_RSA_PKCS_V21 |
| 534 | * \param hash_id \c MBEDTLS_RSA_PKCS_V21 hash identifier |
Manuel Pégourié-Gonnard | 844a4c0 | 2014-03-10 21:55:35 +0100 | [diff] [blame] | 535 | */ |
Hanno Becker | 8fd5548 | 2017-08-23 14:07:48 +0100 | [diff] [blame] | 536 | void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, |
| 537 | int hash_id); |
Manuel Pégourié-Gonnard | 844a4c0 | 2014-03-10 21:55:35 +0100 | [diff] [blame] | 538 | |
| 539 | /** |
Hanno Becker | cbb59bc | 2017-08-23 14:11:08 +0100 | [diff] [blame] | 540 | * \brief Get length of RSA modulus in bytes |
| 541 | * |
| 542 | * \param ctx Initialized RSA context |
| 543 | * |
| 544 | * \return Length of RSA modulus, in bytes. |
| 545 | * |
| 546 | */ |
| 547 | size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ); |
| 548 | |
| 549 | /** |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 550 | * \brief Generate an RSA keypair |
| 551 | * |
| 552 | * \param ctx RSA context that will hold the key |
Paul Bakker | 21eb280 | 2010-08-16 11:10:02 +0000 | [diff] [blame] | 553 | * \param f_rng RNG function |
| 554 | * \param p_rng RNG parameter |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 555 | * \param nbits size of the public key in bits |
| 556 | * \param exponent public exponent (e.g., 65537) |
| 557 | * |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 558 | * \note mbedtls_rsa_init() must be called beforehand to setup |
Paul Bakker | 21eb280 | 2010-08-16 11:10:02 +0000 | [diff] [blame] | 559 | * the RSA context. |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 560 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 561 | * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 562 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 563 | int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, |
Hanno Becker | 8fd5548 | 2017-08-23 14:07:48 +0100 | [diff] [blame] | 564 | int (*f_rng)(void *, unsigned char *, size_t), |
| 565 | void *p_rng, |
| 566 | unsigned int nbits, int exponent ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 567 | |
| 568 | /** |
Hanno Becker | 8fd5548 | 2017-08-23 14:07:48 +0100 | [diff] [blame] | 569 | * \brief Check if a context contains an RSA public key |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 570 | * |
| 571 | * \param ctx RSA context to be checked |
| 572 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 573 | * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 574 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 575 | int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 576 | |
| 577 | /** |
Hanno Becker | 8fd5548 | 2017-08-23 14:07:48 +0100 | [diff] [blame] | 578 | * \brief Check if a context contains a complete |
| 579 | * and valid RSA private key. |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 580 | * |
| 581 | * \param ctx RSA context to be checked |
| 582 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 583 | * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 584 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 585 | int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 586 | |
| 587 | /** |
Manuel Pégourié-Gonnard | 2f8d1f9 | 2014-11-06 14:02:51 +0100 | [diff] [blame] | 588 | * \brief Check a public-private RSA key pair. |
| 589 | * Check each of the contexts, and make sure they match. |
| 590 | * |
| 591 | * \param pub RSA context holding the public key |
| 592 | * \param prv RSA context holding the private key |
| 593 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 594 | * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code |
Manuel Pégourié-Gonnard | 2f8d1f9 | 2014-11-06 14:02:51 +0100 | [diff] [blame] | 595 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 596 | int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv ); |
Manuel Pégourié-Gonnard | 2f8d1f9 | 2014-11-06 14:02:51 +0100 | [diff] [blame] | 597 | |
| 598 | /** |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 599 | * \brief Do an RSA public key operation |
| 600 | * |
| 601 | * \param ctx RSA context |
| 602 | * \param input input buffer |
| 603 | * \param output output buffer |
| 604 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 605 | * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 606 | * |
| 607 | * \note This function does NOT take care of message |
Brian J Murray | 2adecba | 2016-11-06 04:45:15 -0800 | [diff] [blame] | 608 | * padding. Also, be sure to set input[0] = 0 or ensure that |
Paul Bakker | 619467a | 2009-03-28 23:26:51 +0000 | [diff] [blame] | 609 | * input is smaller than N. |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 610 | * |
| 611 | * \note The input and output buffers must be large |
| 612 | * enough (eg. 128 bytes if RSA-1024 is used). |
| 613 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 614 | int mbedtls_rsa_public( mbedtls_rsa_context *ctx, |
Paul Bakker | ff60ee6 | 2010-03-16 21:09:09 +0000 | [diff] [blame] | 615 | const unsigned char *input, |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 616 | unsigned char *output ); |
| 617 | |
| 618 | /** |
| 619 | * \brief Do an RSA private key operation |
| 620 | * |
| 621 | * \param ctx RSA context |
Paul Bakker | 548957d | 2013-08-30 10:30:02 +0200 | [diff] [blame] | 622 | * \param f_rng RNG function (Needed for blinding) |
| 623 | * \param p_rng RNG parameter |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 624 | * \param input input buffer |
| 625 | * \param output output buffer |
| 626 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 627 | * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 628 | * |
| 629 | * \note The input and output buffers must be large |
| 630 | * enough (eg. 128 bytes if RSA-1024 is used). |
| 631 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 632 | int mbedtls_rsa_private( mbedtls_rsa_context *ctx, |
Paul Bakker | 548957d | 2013-08-30 10:30:02 +0200 | [diff] [blame] | 633 | int (*f_rng)(void *, unsigned char *, size_t), |
| 634 | void *p_rng, |
Paul Bakker | ff60ee6 | 2010-03-16 21:09:09 +0000 | [diff] [blame] | 635 | const unsigned char *input, |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 636 | unsigned char *output ); |
| 637 | |
| 638 | /** |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 639 | * \brief Generic wrapper to perform a PKCS#1 encryption using the |
| 640 | * mode from the context. Add the message padding, then do an |
| 641 | * RSA operation. |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 642 | * |
| 643 | * \param ctx RSA context |
Paul Bakker | 548957d | 2013-08-30 10:30:02 +0200 | [diff] [blame] | 644 | * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 645 | * and \c MBEDTLS_RSA_PRIVATE) |
Paul Bakker | 21eb280 | 2010-08-16 11:10:02 +0000 | [diff] [blame] | 646 | * \param p_rng RNG parameter |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 647 | * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE |
Paul Bakker | 592457c | 2009-04-01 19:01:43 +0000 | [diff] [blame] | 648 | * \param ilen contains the plaintext length |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 649 | * \param input buffer holding the data to be encrypted |
| 650 | * \param output buffer that will hold the ciphertext |
| 651 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 652 | * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 653 | * |
| 654 | * \note The output buffer must be as large as the size |
| 655 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| 656 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 657 | int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, |
Paul Bakker | a3d195c | 2011-11-27 21:07:34 +0000 | [diff] [blame] | 658 | int (*f_rng)(void *, unsigned char *, size_t), |
Paul Bakker | 21eb280 | 2010-08-16 11:10:02 +0000 | [diff] [blame] | 659 | void *p_rng, |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 660 | int mode, size_t ilen, |
Paul Bakker | ff60ee6 | 2010-03-16 21:09:09 +0000 | [diff] [blame] | 661 | const unsigned char *input, |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 662 | unsigned char *output ); |
| 663 | |
| 664 | /** |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 665 | * \brief Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT) |
| 666 | * |
| 667 | * \param ctx RSA context |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 668 | * \param f_rng RNG function (Needed for padding and \c MBEDTLS_RSA_PRIVATE) |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 669 | * \param p_rng RNG parameter |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 670 | * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 671 | * \param ilen contains the plaintext length |
| 672 | * \param input buffer holding the data to be encrypted |
| 673 | * \param output buffer that will hold the ciphertext |
| 674 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 675 | * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 676 | * |
| 677 | * \note The output buffer must be as large as the size |
| 678 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| 679 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 680 | int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 681 | int (*f_rng)(void *, unsigned char *, size_t), |
| 682 | void *p_rng, |
| 683 | int mode, size_t ilen, |
| 684 | const unsigned char *input, |
| 685 | unsigned char *output ); |
| 686 | |
| 687 | /** |
| 688 | * \brief Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT) |
| 689 | * |
| 690 | * \param ctx RSA context |
Paul Bakker | 548957d | 2013-08-30 10:30:02 +0200 | [diff] [blame] | 691 | * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 692 | * and \c MBEDTLS_RSA_PRIVATE) |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 693 | * \param p_rng RNG parameter |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 694 | * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE |
Paul Bakker | a43231c | 2013-02-28 17:33:49 +0100 | [diff] [blame] | 695 | * \param label buffer holding the custom label to use |
| 696 | * \param label_len contains the label length |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 697 | * \param ilen contains the plaintext length |
| 698 | * \param input buffer holding the data to be encrypted |
| 699 | * \param output buffer that will hold the ciphertext |
| 700 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 701 | * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 702 | * |
| 703 | * \note The output buffer must be as large as the size |
| 704 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| 705 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 706 | int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 707 | int (*f_rng)(void *, unsigned char *, size_t), |
| 708 | void *p_rng, |
Paul Bakker | a43231c | 2013-02-28 17:33:49 +0100 | [diff] [blame] | 709 | int mode, |
| 710 | const unsigned char *label, size_t label_len, |
| 711 | size_t ilen, |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 712 | const unsigned char *input, |
| 713 | unsigned char *output ); |
| 714 | |
| 715 | /** |
| 716 | * \brief Generic wrapper to perform a PKCS#1 decryption using the |
| 717 | * mode from the context. Do an RSA operation, then remove |
| 718 | * the message padding |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 719 | * |
| 720 | * \param ctx RSA context |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 721 | * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) |
Paul Bakker | 548957d | 2013-08-30 10:30:02 +0200 | [diff] [blame] | 722 | * \param p_rng RNG parameter |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 723 | * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE |
Paul Bakker | 4d8ca70 | 2011-08-09 10:31:05 +0000 | [diff] [blame] | 724 | * \param olen will contain the plaintext length |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 725 | * \param input buffer holding the encrypted data |
| 726 | * \param output buffer that will hold the plaintext |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 727 | * \param output_max_len maximum length of the output buffer |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 728 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 729 | * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 730 | * |
Hanno Becker | 248ae6d | 2017-05-04 11:27:39 +0100 | [diff] [blame] | 731 | * \note The output buffer length \c output_max_len should be |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 732 | * as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes |
Hanno Becker | 248ae6d | 2017-05-04 11:27:39 +0100 | [diff] [blame] | 733 | * if RSA-1024 is used) to be able to hold an arbitrary |
| 734 | * decrypted message. If it is not large enough to hold |
Hanno Becker | cbb59bc | 2017-08-23 14:11:08 +0100 | [diff] [blame] | 735 | * the decryption of the particular ciphertext provided, |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 736 | * the function will return \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. |
Hanno Becker | 248ae6d | 2017-05-04 11:27:39 +0100 | [diff] [blame] | 737 | * |
| 738 | * \note The input buffer must be as large as the size |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 739 | * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 740 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 741 | int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, |
Paul Bakker | 548957d | 2013-08-30 10:30:02 +0200 | [diff] [blame] | 742 | int (*f_rng)(void *, unsigned char *, size_t), |
| 743 | void *p_rng, |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 744 | int mode, size_t *olen, |
Paul Bakker | ff60ee6 | 2010-03-16 21:09:09 +0000 | [diff] [blame] | 745 | const unsigned char *input, |
Paul Bakker | 060c568 | 2009-01-12 21:48:39 +0000 | [diff] [blame] | 746 | unsigned char *output, |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 747 | size_t output_max_len ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 748 | |
| 749 | /** |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 750 | * \brief Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT) |
| 751 | * |
| 752 | * \param ctx RSA context |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 753 | * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) |
Paul Bakker | 548957d | 2013-08-30 10:30:02 +0200 | [diff] [blame] | 754 | * \param p_rng RNG parameter |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 755 | * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 756 | * \param olen will contain the plaintext length |
| 757 | * \param input buffer holding the encrypted data |
| 758 | * \param output buffer that will hold the plaintext |
| 759 | * \param output_max_len maximum length of the output buffer |
| 760 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 761 | * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 762 | * |
Hanno Becker | 248ae6d | 2017-05-04 11:27:39 +0100 | [diff] [blame] | 763 | * \note The output buffer length \c output_max_len should be |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 764 | * as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes |
Hanno Becker | 248ae6d | 2017-05-04 11:27:39 +0100 | [diff] [blame] | 765 | * if RSA-1024 is used) to be able to hold an arbitrary |
| 766 | * decrypted message. If it is not large enough to hold |
Hanno Becker | cbb59bc | 2017-08-23 14:11:08 +0100 | [diff] [blame] | 767 | * the decryption of the particular ciphertext provided, |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 768 | * the function will return \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. |
Hanno Becker | 248ae6d | 2017-05-04 11:27:39 +0100 | [diff] [blame] | 769 | * |
| 770 | * \note The input buffer must be as large as the size |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 771 | * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 772 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 773 | int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, |
Paul Bakker | 548957d | 2013-08-30 10:30:02 +0200 | [diff] [blame] | 774 | int (*f_rng)(void *, unsigned char *, size_t), |
| 775 | void *p_rng, |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 776 | int mode, size_t *olen, |
| 777 | const unsigned char *input, |
| 778 | unsigned char *output, |
| 779 | size_t output_max_len ); |
| 780 | |
| 781 | /** |
| 782 | * \brief Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT) |
| 783 | * |
| 784 | * \param ctx RSA context |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 785 | * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) |
Paul Bakker | 548957d | 2013-08-30 10:30:02 +0200 | [diff] [blame] | 786 | * \param p_rng RNG parameter |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 787 | * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE |
Paul Bakker | a43231c | 2013-02-28 17:33:49 +0100 | [diff] [blame] | 788 | * \param label buffer holding the custom label to use |
| 789 | * \param label_len contains the label length |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 790 | * \param olen will contain the plaintext length |
| 791 | * \param input buffer holding the encrypted data |
| 792 | * \param output buffer that will hold the plaintext |
| 793 | * \param output_max_len maximum length of the output buffer |
| 794 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 795 | * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 796 | * |
Hanno Becker | 248ae6d | 2017-05-04 11:27:39 +0100 | [diff] [blame] | 797 | * \note The output buffer length \c output_max_len should be |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 798 | * as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes |
Hanno Becker | 248ae6d | 2017-05-04 11:27:39 +0100 | [diff] [blame] | 799 | * if RSA-1024 is used) to be able to hold an arbitrary |
| 800 | * decrypted message. If it is not large enough to hold |
Hanno Becker | 8fd5548 | 2017-08-23 14:07:48 +0100 | [diff] [blame] | 801 | * the decryption of the particular ciphertext provided, |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 802 | * the function will return \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. |
Hanno Becker | 248ae6d | 2017-05-04 11:27:39 +0100 | [diff] [blame] | 803 | * |
Hanno Becker | 8fd5548 | 2017-08-23 14:07:48 +0100 | [diff] [blame] | 804 | * \note The input buffer must be as large as the size |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 805 | * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 806 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 807 | int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, |
Paul Bakker | 548957d | 2013-08-30 10:30:02 +0200 | [diff] [blame] | 808 | int (*f_rng)(void *, unsigned char *, size_t), |
| 809 | void *p_rng, |
Paul Bakker | a43231c | 2013-02-28 17:33:49 +0100 | [diff] [blame] | 810 | int mode, |
| 811 | const unsigned char *label, size_t label_len, |
| 812 | size_t *olen, |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 813 | const unsigned char *input, |
| 814 | unsigned char *output, |
| 815 | size_t output_max_len ); |
| 816 | |
| 817 | /** |
| 818 | * \brief Generic wrapper to perform a PKCS#1 signature using the |
| 819 | * mode from the context. Do a private RSA operation to sign |
| 820 | * a message digest |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 821 | * |
| 822 | * \param ctx RSA context |
Paul Bakker | 548957d | 2013-08-30 10:30:02 +0200 | [diff] [blame] | 823 | * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 824 | * \c MBEDTLS_RSA_PRIVATE) |
Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 825 | * \param p_rng RNG parameter |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 826 | * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE |
| 827 | * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE for |
| 828 | * signing raw data) |
| 829 | * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 830 | * \param hash buffer holding the message digest |
| 831 | * \param sig buffer that will hold the ciphertext |
| 832 | * |
| 833 | * \return 0 if the signing operation was successful, |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 834 | * or an \c MBEDTLS_ERR_RSA_XXX error code |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 835 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 836 | * \note The \c sig buffer must be as large as the size |
| 837 | * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). |
Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 838 | * |
Manuel Pégourié-Gonnard | e6d1d82 | 2014-06-02 16:47:02 +0200 | [diff] [blame] | 839 | * \note In case of PKCS#1 v2.1 encoding, see comments on |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 840 | * \note \c mbedtls_rsa_rsassa_pss_sign() for details on |
| 841 | * \c md_alg and \c hash_id. |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 842 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 843 | int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, |
Paul Bakker | a3d195c | 2011-11-27 21:07:34 +0000 | [diff] [blame] | 844 | int (*f_rng)(void *, unsigned char *, size_t), |
Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 845 | void *p_rng, |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 846 | int mode, |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 847 | mbedtls_md_type_t md_alg, |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 848 | unsigned int hashlen, |
Paul Bakker | ff60ee6 | 2010-03-16 21:09:09 +0000 | [diff] [blame] | 849 | const unsigned char *hash, |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 850 | unsigned char *sig ); |
| 851 | |
| 852 | /** |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 853 | * \brief Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN) |
| 854 | * |
| 855 | * \param ctx RSA context |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 856 | * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) |
Paul Bakker | 548957d | 2013-08-30 10:30:02 +0200 | [diff] [blame] | 857 | * \param p_rng RNG parameter |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 858 | * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE |
| 859 | * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE |
| 860 | * for signing raw data) |
| 861 | * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 862 | * \param hash buffer holding the message digest |
| 863 | * \param sig buffer that will hold the ciphertext |
| 864 | * |
| 865 | * \return 0 if the signing operation was successful, |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 866 | * or an \c MBEDTLS_ERR_RSA_XXX error code |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 867 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 868 | * \note The \c sig buffer must be as large as the size |
| 869 | * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 870 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 871 | int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, |
Paul Bakker | 548957d | 2013-08-30 10:30:02 +0200 | [diff] [blame] | 872 | int (*f_rng)(void *, unsigned char *, size_t), |
| 873 | void *p_rng, |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 874 | int mode, |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 875 | mbedtls_md_type_t md_alg, |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 876 | unsigned int hashlen, |
| 877 | const unsigned char *hash, |
| 878 | unsigned char *sig ); |
| 879 | |
| 880 | /** |
| 881 | * \brief Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN) |
| 882 | * |
| 883 | * \param ctx RSA context |
Paul Bakker | 548957d | 2013-08-30 10:30:02 +0200 | [diff] [blame] | 884 | * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 885 | * \c MBEDTLS_RSA_PRIVATE) |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 886 | * \param p_rng RNG parameter |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 887 | * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE |
| 888 | * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE |
| 889 | * for signing raw data) |
| 890 | * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 891 | * \param hash buffer holding the message digest |
| 892 | * \param sig buffer that will hold the ciphertext |
| 893 | * |
| 894 | * \return 0 if the signing operation was successful, |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 895 | * or an \c MBEDTLS_ERR_RSA_XXX error code |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 896 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 897 | * \note The \c sig buffer must be as large as the size |
| 898 | * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 899 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 900 | * \note The \c hash_id in the RSA context is the one used for the |
| 901 | * encoding. \c md_alg in the function call is the type of hash |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 902 | * that is encoded. According to RFC 3447 it is advised to |
| 903 | * keep both hashes the same. |
| 904 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 905 | int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 906 | int (*f_rng)(void *, unsigned char *, size_t), |
| 907 | void *p_rng, |
| 908 | int mode, |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 909 | mbedtls_md_type_t md_alg, |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 910 | unsigned int hashlen, |
| 911 | const unsigned char *hash, |
| 912 | unsigned char *sig ); |
| 913 | |
| 914 | /** |
| 915 | * \brief Generic wrapper to perform a PKCS#1 verification using the |
| 916 | * mode from the context. Do a public RSA operation and check |
| 917 | * the message digest |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 918 | * |
| 919 | * \param ctx points to an RSA public key |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 920 | * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) |
Paul Bakker | 548957d | 2013-08-30 10:30:02 +0200 | [diff] [blame] | 921 | * \param p_rng RNG parameter |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 922 | * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE |
| 923 | * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE for signing raw data) |
| 924 | * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 925 | * \param hash buffer holding the message digest |
| 926 | * \param sig buffer holding the ciphertext |
| 927 | * |
| 928 | * \return 0 if the verify operation was successful, |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 929 | * or an \c MBEDTLS_ERR_RSA_XXX error code |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 930 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 931 | * \note The \c sig buffer must be as large as the size |
| 932 | * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). |
Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 933 | * |
Manuel Pégourié-Gonnard | e6d1d82 | 2014-06-02 16:47:02 +0200 | [diff] [blame] | 934 | * \note In case of PKCS#1 v2.1 encoding, see comments on |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 935 | * \c mbedtls_rsa_rsassa_pss_verify() about md_alg and hash_id. |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 936 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 937 | int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, |
Paul Bakker | 548957d | 2013-08-30 10:30:02 +0200 | [diff] [blame] | 938 | int (*f_rng)(void *, unsigned char *, size_t), |
| 939 | void *p_rng, |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 940 | int mode, |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 941 | mbedtls_md_type_t md_alg, |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 942 | unsigned int hashlen, |
Paul Bakker | ff60ee6 | 2010-03-16 21:09:09 +0000 | [diff] [blame] | 943 | const unsigned char *hash, |
Manuel Pégourié-Gonnard | cc0a9d0 | 2013-08-12 11:34:35 +0200 | [diff] [blame] | 944 | const unsigned char *sig ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 945 | |
| 946 | /** |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 947 | * \brief Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY) |
| 948 | * |
| 949 | * \param ctx points to an RSA public key |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 950 | * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) |
Paul Bakker | 548957d | 2013-08-30 10:30:02 +0200 | [diff] [blame] | 951 | * \param p_rng RNG parameter |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 952 | * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE |
| 953 | * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE |
| 954 | * for signing raw data) |
| 955 | * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 956 | * \param hash buffer holding the message digest |
| 957 | * \param sig buffer holding the ciphertext |
| 958 | * |
| 959 | * \return 0 if the verify operation was successful, |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 960 | * or an \c MBEDTLS_ERR_RSA_XXX error code |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 961 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 962 | * \note The \c sig buffer must be as large as the size |
| 963 | * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 964 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 965 | int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, |
Paul Bakker | 548957d | 2013-08-30 10:30:02 +0200 | [diff] [blame] | 966 | int (*f_rng)(void *, unsigned char *, size_t), |
| 967 | void *p_rng, |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 968 | int mode, |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 969 | mbedtls_md_type_t md_alg, |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 970 | unsigned int hashlen, |
| 971 | const unsigned char *hash, |
Manuel Pégourié-Gonnard | cc0a9d0 | 2013-08-12 11:34:35 +0200 | [diff] [blame] | 972 | const unsigned char *sig ); |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 973 | |
| 974 | /** |
| 975 | * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) |
Manuel Pégourié-Gonnard | 5ec628a | 2014-06-03 11:44:06 +0200 | [diff] [blame] | 976 | * (This is the "simple" version.) |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 977 | * |
| 978 | * \param ctx points to an RSA public key |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 979 | * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) |
Paul Bakker | 548957d | 2013-08-30 10:30:02 +0200 | [diff] [blame] | 980 | * \param p_rng RNG parameter |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 981 | * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE |
| 982 | * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE for signing raw data) |
| 983 | * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 984 | * \param hash buffer holding the message digest |
| 985 | * \param sig buffer holding the ciphertext |
| 986 | * |
| 987 | * \return 0 if the verify operation was successful, |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 988 | * or an \c MBEDTLS_ERR_RSA_XXX error code |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 989 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 990 | * \note The \c sig buffer must be as large as the size |
| 991 | * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 992 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 993 | * \note The \c hash_id in the RSA context is the one used for the |
| 994 | * verification. \c md_alg in the function call is the type of |
Paul Bakker | b9e4e2c | 2014-05-01 14:18:25 +0200 | [diff] [blame] | 995 | * hash that is verified. According to RFC 3447 it is advised to |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 996 | * keep both hashes the same. If \c hash_id in the RSA context is |
| 997 | * unset, the \c md_alg from the function call is used. |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 998 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 999 | int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, |
Paul Bakker | 548957d | 2013-08-30 10:30:02 +0200 | [diff] [blame] | 1000 | int (*f_rng)(void *, unsigned char *, size_t), |
| 1001 | void *p_rng, |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 1002 | int mode, |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1003 | mbedtls_md_type_t md_alg, |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 1004 | unsigned int hashlen, |
| 1005 | const unsigned char *hash, |
Manuel Pégourié-Gonnard | cc0a9d0 | 2013-08-12 11:34:35 +0200 | [diff] [blame] | 1006 | const unsigned char *sig ); |
Paul Bakker | b386913 | 2013-02-28 17:21:01 +0100 | [diff] [blame] | 1007 | |
| 1008 | /** |
Manuel Pégourié-Gonnard | 5ec628a | 2014-06-03 11:44:06 +0200 | [diff] [blame] | 1009 | * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) |
| 1010 | * (This is the version with "full" options.) |
| 1011 | * |
| 1012 | * \param ctx points to an RSA public key |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 1013 | * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) |
Manuel Pégourié-Gonnard | 5ec628a | 2014-06-03 11:44:06 +0200 | [diff] [blame] | 1014 | * \param p_rng RNG parameter |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 1015 | * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE |
| 1016 | * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE for signing raw data) |
| 1017 | * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) |
Manuel Pégourié-Gonnard | 5ec628a | 2014-06-03 11:44:06 +0200 | [diff] [blame] | 1018 | * \param hash buffer holding the message digest |
| 1019 | * \param mgf1_hash_id message digest used for mask generation |
| 1020 | * \param expected_salt_len Length of the salt used in padding, use |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 1021 | * \c MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length |
Manuel Pégourié-Gonnard | 5ec628a | 2014-06-03 11:44:06 +0200 | [diff] [blame] | 1022 | * \param sig buffer holding the ciphertext |
| 1023 | * |
| 1024 | * \return 0 if the verify operation was successful, |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 1025 | * or an \c MBEDTLS_ERR_RSA_XXX error code |
Manuel Pégourié-Gonnard | 5ec628a | 2014-06-03 11:44:06 +0200 | [diff] [blame] | 1026 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 1027 | * \note The \c sig buffer must be as large as the size |
| 1028 | * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). |
Manuel Pégourié-Gonnard | 5ec628a | 2014-06-03 11:44:06 +0200 | [diff] [blame] | 1029 | * |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 1030 | * \note The \c hash_id in the RSA context is ignored. |
Manuel Pégourié-Gonnard | 5ec628a | 2014-06-03 11:44:06 +0200 | [diff] [blame] | 1031 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1032 | int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, |
Manuel Pégourié-Gonnard | 5ec628a | 2014-06-03 11:44:06 +0200 | [diff] [blame] | 1033 | int (*f_rng)(void *, unsigned char *, size_t), |
| 1034 | void *p_rng, |
| 1035 | int mode, |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1036 | mbedtls_md_type_t md_alg, |
Manuel Pégourié-Gonnard | 5ec628a | 2014-06-03 11:44:06 +0200 | [diff] [blame] | 1037 | unsigned int hashlen, |
| 1038 | const unsigned char *hash, |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1039 | mbedtls_md_type_t mgf1_hash_id, |
Manuel Pégourié-Gonnard | 5ec628a | 2014-06-03 11:44:06 +0200 | [diff] [blame] | 1040 | int expected_salt_len, |
| 1041 | const unsigned char *sig ); |
| 1042 | |
| 1043 | /** |
Manuel Pégourié-Gonnard | 3053f5b | 2013-08-14 13:39:57 +0200 | [diff] [blame] | 1044 | * \brief Copy the components of an RSA context |
| 1045 | * |
| 1046 | * \param dst Destination context |
| 1047 | * \param src Source context |
| 1048 | * |
Manuel Pégourié-Gonnard | 81abefd | 2015-05-29 12:53:47 +0200 | [diff] [blame] | 1049 | * \return 0 on success, |
Hanno Becker | 4b2f691 | 2017-09-29 13:34:55 +0100 | [diff] [blame] | 1050 | * \c MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure |
Manuel Pégourié-Gonnard | 3053f5b | 2013-08-14 13:39:57 +0200 | [diff] [blame] | 1051 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1052 | int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ); |
Manuel Pégourié-Gonnard | 3053f5b | 2013-08-14 13:39:57 +0200 | [diff] [blame] | 1053 | |
| 1054 | /** |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1055 | * \brief Free the components of an RSA key |
Paul Bakker | 13e2dfe | 2009-07-28 07:18:38 +0000 | [diff] [blame] | 1056 | * |
| 1057 | * \param ctx RSA Context to free |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1058 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1059 | void mbedtls_rsa_free( mbedtls_rsa_context *ctx ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1060 | |
| 1061 | /** |
| 1062 | * \brief Checkup routine |
| 1063 | * |
| 1064 | * \return 0 if successful, or 1 if the test failed |
| 1065 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1066 | int mbedtls_rsa_self_test( int verbose ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1067 | |
| 1068 | #ifdef __cplusplus |
| 1069 | } |
| 1070 | #endif |
| 1071 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1072 | #endif /* MBEDTLS_RSA_C */ |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 1073 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1074 | #endif /* rsa.h */ |