ReactOS 0.4.16-dev-297-gc569aee
|
Public Key abstraction layer. More...
Go to the source code of this file.
Classes | |
struct | mbedtls_pk_rsassa_pss_options |
Options for RSASSA-PSS signature verification. See mbedtls_rsa_rsassa_pss_verify_ext() More... | |
struct | mbedtls_pk_debug_item |
Item to send to the debug module. More... | |
struct | mbedtls_pk_context |
Public key container. More... | |
Macros | |
#define | MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 |
#define | MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00 |
#define | MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 |
#define | MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00 |
#define | MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80 |
#define | MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 |
#define | MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 |
#define | MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00 |
#define | MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80 |
#define | MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00 |
#define | MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 |
#define | MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 |
#define | MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 |
#define | MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 |
#define | MBEDTLS_ERR_PK_HW_ACCEL_FAILED -0x3880 |
#define | MBEDTLS_PK_DEBUG_MAX_ITEMS 3 |
Typedefs | |
typedef struct mbedtls_pk_rsassa_pss_options | mbedtls_pk_rsassa_pss_options |
Options for RSASSA-PSS signature verification. See mbedtls_rsa_rsassa_pss_verify_ext() | |
typedef struct mbedtls_pk_debug_item | mbedtls_pk_debug_item |
Item to send to the debug module. | |
typedef struct mbedtls_pk_info_t | mbedtls_pk_info_t |
Public key information and operations. | |
typedef struct mbedtls_pk_context | mbedtls_pk_context |
Public key container. | |
typedef void | mbedtls_pk_restart_ctx |
typedef int(* | mbedtls_pk_rsa_alt_decrypt_func) (void *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len) |
Types for RSA-alt abstraction. | |
typedef int(* | mbedtls_pk_rsa_alt_sign_func) (void *ctx, int(*f_rng) (void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig) |
typedef size_t(* | mbedtls_pk_rsa_alt_key_len_func) (void *ctx) |
Enumerations | |
enum | mbedtls_pk_type_t { MBEDTLS_PK_NONE =0 , MBEDTLS_PK_RSA , MBEDTLS_PK_ECKEY , MBEDTLS_PK_ECKEY_DH , MBEDTLS_PK_ECDSA , MBEDTLS_PK_RSA_ALT , MBEDTLS_PK_RSASSA_PSS } |
Public key types. More... | |
enum | mbedtls_pk_debug_type { MBEDTLS_PK_DEBUG_NONE = 0 , MBEDTLS_PK_DEBUG_MPI , MBEDTLS_PK_DEBUG_ECP } |
Types for interfacing with the debug module. More... | |
#define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 |
#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 |
#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 |
#define MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00 |
#define MBEDTLS_ERR_PK_HW_ACCEL_FAILED -0x3880 |
#define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 |
#define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00 |
#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 |
#define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80 |
#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80 |
#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00 |
#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 |
#define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00 |
#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 |
#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 |
#define MBEDTLS_PK_DEBUG_MAX_ITEMS 3 |
Public key container.
Item to send to the debug module.
typedef struct mbedtls_pk_info_t mbedtls_pk_info_t |
typedef void mbedtls_pk_restart_ctx |
Options for RSASSA-PSS signature verification. See mbedtls_rsa_rsassa_pss_verify_ext()
Types for interfacing with the debug module.
Enumerator | |
---|---|
MBEDTLS_PK_DEBUG_NONE | |
MBEDTLS_PK_DEBUG_MPI | |
MBEDTLS_PK_DEBUG_ECP |
Definition at line 127 of file pk.h.
Public key types.
Enumerator | |
---|---|
MBEDTLS_PK_NONE | |
MBEDTLS_PK_RSA | |
MBEDTLS_PK_ECKEY | |
MBEDTLS_PK_ECKEY_DH | |
MBEDTLS_PK_ECDSA | |
MBEDTLS_PK_RSA_ALT | |
MBEDTLS_PK_RSASSA_PSS |
Definition at line 103 of file pk.h.
int mbedtls_pk_can_do | ( | const mbedtls_pk_context * | ctx, |
mbedtls_pk_type_t | type | ||
) |
Tell if a context can do the operation given by type.
ctx | The context to query. It must have been initialized. |
type | The desired type. |
int mbedtls_pk_check_pair | ( | const mbedtls_pk_context * | pub, |
const mbedtls_pk_context * | prv | ||
) |
int mbedtls_pk_debug | ( | const mbedtls_pk_context * | ctx, |
mbedtls_pk_debug_item * | items | ||
) |
Export debug information.
ctx | The PK context to use. It must have been initialized. |
items | Place to write debug items |
int mbedtls_pk_decrypt | ( | mbedtls_pk_context * | ctx, |
const unsigned char * | input, | ||
size_t | ilen, | ||
unsigned char * | output, | ||
size_t * | olen, | ||
size_t | osize, | ||
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng | ||
) |
Decrypt message (including padding if relevant).
ctx | The PK context to use. It must have been set up with a private key. |
input | Input to decrypt |
ilen | Input size |
output | Decrypted output |
olen | Decrypted message length |
osize | Size of the output buffer |
f_rng | RNG function |
p_rng | RNG parameter |
|
inlinestatic |
int mbedtls_pk_encrypt | ( | mbedtls_pk_context * | ctx, |
const unsigned char * | input, | ||
size_t | ilen, | ||
unsigned char * | output, | ||
size_t * | olen, | ||
size_t | osize, | ||
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng | ||
) |
Encrypt message (including padding if relevant).
ctx | The PK context to use. It must have been set up. |
input | Message to encrypt |
ilen | Message size |
output | Encrypted output |
olen | Encrypted output length |
osize | Size of the output buffer |
f_rng | RNG function |
p_rng | RNG parameter |
void mbedtls_pk_free | ( | mbedtls_pk_context * | ctx | ) |
Free the components of a mbedtls_pk_context.
ctx | The context to clear. It must have been initialized. If this is NULL , this function does nothing. |
size_t mbedtls_pk_get_bitlen | ( | const mbedtls_pk_context * | ctx | ) |
|
inlinestatic |
Get the length in bytes of the underlying key.
ctx | The context to query. It must have been initialized. |
const char * mbedtls_pk_get_name | ( | const mbedtls_pk_context * | ctx | ) |
Access the type name.
ctx | The PK context to use. It must have been initialized. |
mbedtls_pk_type_t mbedtls_pk_get_type | ( | const mbedtls_pk_context * | ctx | ) |
Get the key type.
ctx | The PK context to use. It must have been initialized. |
const mbedtls_pk_info_t * mbedtls_pk_info_from_type | ( | mbedtls_pk_type_t | pk_type | ) |
Return information associated with the given PK type.
pk_type | PK type to search for. |
void mbedtls_pk_init | ( | mbedtls_pk_context * | ctx | ) |
Initialize a mbedtls_pk_context (as NONE).
ctx | The context to initialize. This must not be NULL . |
int mbedtls_pk_parse_key | ( | mbedtls_pk_context * | ctx, |
const unsigned char * | key, | ||
size_t | keylen, | ||
const unsigned char * | pwd, | ||
size_t | pwdlen | ||
) |
Parse a private key in PEM or DER format.
ctx | The PK context to fill. It must have been initialized but not set up. |
key | Input buffer to parse. The buffer must contain the input exactly, with no extra trailing material. For PEM, the buffer must contain a null-terminated string. |
keylen | Size of key in bytes. For PEM data, this includes the terminating null byte, so keylen must be equal to strlen(key) + 1 . |
pwd | Optional password for decryption. Pass NULL if expecting a non-encrypted key. Pass a string of pwdlen bytes if expecting an encrypted key; a non-encrypted key will also be accepted. The empty password is not supported. |
pwdlen | Size of the password in bytes. Ignored if pwd is NULL . |
int mbedtls_pk_parse_public_key | ( | mbedtls_pk_context * | ctx, |
const unsigned char * | key, | ||
size_t | keylen | ||
) |
Parse a public key in PEM or DER format.
ctx | The PK context to fill. It must have been initialized but not set up. |
key | Input buffer to parse. The buffer must contain the input exactly, with no extra trailing material. For PEM, the buffer must contain a null-terminated string. |
keylen | Size of key in bytes. For PEM data, this includes the terminating null byte, so keylen must be equal to strlen(key) + 1 . |
|
inlinestatic |
int mbedtls_pk_setup | ( | mbedtls_pk_context * | ctx, |
const mbedtls_pk_info_t * | info | ||
) |
Initialize a PK context with the information given and allocates the type-specific PK subcontext.
ctx | Context to initialize. It must not have been set up yet (type MBEDTLS_PK_NONE). |
info | Information to use |
mbedtls_pk_setup_rsa_alt()
instead. int mbedtls_pk_setup_rsa_alt | ( | mbedtls_pk_context * | ctx, |
void * | key, | ||
mbedtls_pk_rsa_alt_decrypt_func | decrypt_func, | ||
mbedtls_pk_rsa_alt_sign_func | sign_func, | ||
mbedtls_pk_rsa_alt_key_len_func | key_len_func | ||
) |
Initialize an RSA-alt context.
ctx | Context to initialize. It must not have been set up yet (type MBEDTLS_PK_NONE). |
key | RSA key pointer |
decrypt_func | Decryption function |
sign_func | Signing function |
key_len_func | Function returning key length in bytes |
mbedtls_pk_setup()
for RSA-alt. int mbedtls_pk_sign | ( | mbedtls_pk_context * | ctx, |
mbedtls_md_type_t | md_alg, | ||
const unsigned char * | hash, | ||
size_t | hash_len, | ||
unsigned char * | sig, | ||
size_t * | sig_len, | ||
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng | ||
) |
Make signature, including padding if relevant.
ctx | The PK context to use. It must have been set up with a private key. |
md_alg | Hash algorithm used (see notes) |
hash | Hash of the message to sign |
hash_len | Hash length or 0 (see notes) |
sig | Place to write the signature |
sig_len | Number of bytes written |
f_rng | RNG function |
p_rng | RNG parameter |
sig
buffer size must be of at least max(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)
bytes. int mbedtls_pk_sign_restartable | ( | mbedtls_pk_context * | ctx, |
mbedtls_md_type_t | md_alg, | ||
const unsigned char * | hash, | ||
size_t | hash_len, | ||
unsigned char * | sig, | ||
size_t * | sig_len, | ||
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
mbedtls_pk_restart_ctx * | rs_ctx | ||
) |
Restartable version of mbedtls_pk_sign()
mbedtls_pk_sign()
, but can return early and restart according to the limit set with mbedtls_ecp_set_max_ops()
to reduce blocking for ECC operations. For RSA, same as mbedtls_pk_sign()
.sig
buffer size must be of at least max(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)
bytes.ctx | The PK context to use. It must have been set up with a private key. |
md_alg | Hash algorithm used (see notes) |
hash | Hash of the message to sign |
hash_len | Hash length or 0 (see notes) |
sig | Place to write the signature |
sig_len | Number of bytes written |
f_rng | RNG function |
p_rng | RNG parameter |
rs_ctx | Restart context (NULL to disable restart) |
mbedtls_pk_sign()
, or mbedtls_ecp_set_max_ops()
. int mbedtls_pk_verify | ( | mbedtls_pk_context * | ctx, |
mbedtls_md_type_t | md_alg, | ||
const unsigned char * | hash, | ||
size_t | hash_len, | ||
const unsigned char * | sig, | ||
size_t | sig_len | ||
) |
Verify signature (including padding if relevant).
ctx | The PK context to use. It must have been set up. |
md_alg | Hash algorithm used (see notes) |
hash | Hash of the message to sign |
hash_len | Hash length or 0 (see notes) |
sig | Signature to verify |
sig_len | Signature length |
siglen
, or a specific error code.mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
to verify RSASSA_PSS signatures.int mbedtls_pk_verify_ext | ( | mbedtls_pk_type_t | type, |
const void * | options, | ||
mbedtls_pk_context * | ctx, | ||
mbedtls_md_type_t | md_alg, | ||
const unsigned char * | hash, | ||
size_t | hash_len, | ||
const unsigned char * | sig, | ||
size_t | sig_len | ||
) |
Verify signature, with options. (Includes verification of the padding depending on type.)
type | Signature type (inc. possible padding type) to verify |
options | Pointer to type-specific options, or NULL |
ctx | The PK context to use. It must have been set up. |
md_alg | Hash algorithm used (see notes) |
hash | Hash of the message to sign |
hash_len | Hash length or 0 (see notes) |
sig | Signature to verify |
sig_len | Signature length |
siglen
, or a specific error code.int mbedtls_pk_verify_restartable | ( | mbedtls_pk_context * | ctx, |
mbedtls_md_type_t | md_alg, | ||
const unsigned char * | hash, | ||
size_t | hash_len, | ||
const unsigned char * | sig, | ||
size_t | sig_len, | ||
mbedtls_pk_restart_ctx * | rs_ctx | ||
) |
Restartable version of mbedtls_pk_verify()
mbedtls_pk_verify()
, but can return early and restart according to the limit set with mbedtls_ecp_set_max_ops()
to reduce blocking for ECC operations. For RSA, same as mbedtls_pk_verify()
.ctx | The PK context to use. It must have been set up. |
md_alg | Hash algorithm used (see notes) |
hash | Hash of the message to sign |
hash_len | Hash length or 0 (see notes) |
sig | Signature to verify |
sig_len | Signature length |
rs_ctx | Restart context (NULL to disable restart) |
mbedtls_pk_verify()
, or mbedtls_ecp_set_max_ops()
.