ReactOS 0.4.15-dev-7924-g5949c20
pk.c
Go to the documentation of this file.
1/*
2 * Public Key abstraction layer
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6 *
7 * This file is provided under the Apache License 2.0, or the
8 * GNU General Public License v2.0 or later.
9 *
10 * **********
11 * Apache License 2.0:
12 *
13 * Licensed under the Apache License, Version 2.0 (the "License"); you may
14 * not use this file except in compliance with the License.
15 * You may obtain a copy of the License at
16 *
17 * http://www.apache.org/licenses/LICENSE-2.0
18 *
19 * Unless required by applicable law or agreed to in writing, software
20 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
21 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22 * See the License for the specific language governing permissions and
23 * limitations under the License.
24 *
25 * **********
26 *
27 * **********
28 * GNU General Public License v2.0 or later:
29 *
30 * This program is free software; you can redistribute it and/or modify
31 * it under the terms of the GNU General Public License as published by
32 * the Free Software Foundation; either version 2 of the License, or
33 * (at your option) any later version.
34 *
35 * This program is distributed in the hope that it will be useful,
36 * but WITHOUT ANY WARRANTY; without even the implied warranty of
37 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
38 * GNU General Public License for more details.
39 *
40 * You should have received a copy of the GNU General Public License along
41 * with this program; if not, write to the Free Software Foundation, Inc.,
42 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
43 *
44 * **********
45 */
46
47#if !defined(MBEDTLS_CONFIG_FILE)
48#include "mbedtls/config.h"
49#else
50#include MBEDTLS_CONFIG_FILE
51#endif
52
53#if defined(MBEDTLS_PK_C)
54#include "mbedtls/pk.h"
55#include "mbedtls/pk_internal.h"
56
57#include "mbedtls/platform_util.h"
58
59#if defined(MBEDTLS_RSA_C)
60#include "mbedtls/rsa.h"
61#endif
62#if defined(MBEDTLS_ECP_C)
63#include "mbedtls/ecp.h"
64#endif
65#if defined(MBEDTLS_ECDSA_C)
66#include "mbedtls/ecdsa.h"
67#endif
68
69#include <limits.h>
70#include <stdint.h>
71
72/* Parameter validation macros based on platform_util.h */
73#define PK_VALIDATE_RET( cond ) \
74 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
75#define PK_VALIDATE( cond ) \
76 MBEDTLS_INTERNAL_VALIDATE( cond )
77
78/*
79 * Initialise a mbedtls_pk_context
80 */
81void mbedtls_pk_init( mbedtls_pk_context *ctx )
82{
83 PK_VALIDATE( ctx != NULL );
84
85 ctx->pk_info = NULL;
86 ctx->pk_ctx = NULL;
87}
88
89/*
90 * Free (the components of) a mbedtls_pk_context
91 */
92void mbedtls_pk_free( mbedtls_pk_context *ctx )
93{
94 if( ctx == NULL )
95 return;
96
97 if ( ctx->pk_info != NULL )
98 ctx->pk_info->ctx_free_func( ctx->pk_ctx );
99
100 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) );
101}
102
103#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
104/*
105 * Initialize a restart context
106 */
107void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx )
108{
109 PK_VALIDATE( ctx != NULL );
110 ctx->pk_info = NULL;
111 ctx->rs_ctx = NULL;
112}
113
114/*
115 * Free the components of a restart context
116 */
117void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx )
118{
119 if( ctx == NULL || ctx->pk_info == NULL ||
120 ctx->pk_info->rs_free_func == NULL )
121 {
122 return;
123 }
124
125 ctx->pk_info->rs_free_func( ctx->rs_ctx );
126
127 ctx->pk_info = NULL;
128 ctx->rs_ctx = NULL;
129}
130#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
131
132/*
133 * Get pk_info structure from type
134 */
135const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type )
136{
137 switch( pk_type ) {
138#if defined(MBEDTLS_RSA_C)
139 case MBEDTLS_PK_RSA:
140 return( &mbedtls_rsa_info );
141#endif
142#if defined(MBEDTLS_ECP_C)
143 case MBEDTLS_PK_ECKEY:
144 return( &mbedtls_eckey_info );
145 case MBEDTLS_PK_ECKEY_DH:
146 return( &mbedtls_eckeydh_info );
147#endif
148#if defined(MBEDTLS_ECDSA_C)
149 case MBEDTLS_PK_ECDSA:
150 return( &mbedtls_ecdsa_info );
151#endif
152 /* MBEDTLS_PK_RSA_ALT omitted on purpose */
153 default:
154 return( NULL );
155 }
156}
157
158/*
159 * Initialise context
160 */
161int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
162{
163 PK_VALIDATE_RET( ctx != NULL );
164 if( info == NULL || ctx->pk_info != NULL )
165 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
166
167 if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
168 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
169
170 ctx->pk_info = info;
171
172 return( 0 );
173}
174
175#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
176/*
177 * Initialize an RSA-alt context
178 */
179int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
180 mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
181 mbedtls_pk_rsa_alt_sign_func sign_func,
182 mbedtls_pk_rsa_alt_key_len_func key_len_func )
183{
184 mbedtls_rsa_alt_context *rsa_alt;
185 const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info;
186
187 PK_VALIDATE_RET( ctx != NULL );
188 if( ctx->pk_info != NULL )
189 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
190
191 if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
192 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
193
194 ctx->pk_info = info;
195
196 rsa_alt = (mbedtls_rsa_alt_context *) ctx->pk_ctx;
197
198 rsa_alt->key = key;
199 rsa_alt->decrypt_func = decrypt_func;
200 rsa_alt->sign_func = sign_func;
201 rsa_alt->key_len_func = key_len_func;
202
203 return( 0 );
204}
205#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
206
207/*
208 * Tell if a PK can do the operations of the given type
209 */
210int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type )
211{
212 /* A context with null pk_info is not set up yet and can't do anything.
213 * For backward compatibility, also accept NULL instead of a context
214 * pointer. */
215 if( ctx == NULL || ctx->pk_info == NULL )
216 return( 0 );
217
218 return( ctx->pk_info->can_do( type ) );
219}
220
221/*
222 * Helper for mbedtls_pk_sign and mbedtls_pk_verify
223 */
224static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len )
225{
226 const mbedtls_md_info_t *md_info;
227
228 if( *hash_len != 0 && md_alg == MBEDTLS_MD_NONE )
229 return( 0 );
230
231 if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
232 return( -1 );
233
234 if ( *hash_len != 0 && *hash_len < mbedtls_md_get_size( md_info ) )
235 return ( -1 );
236
237 *hash_len = mbedtls_md_get_size( md_info );
238 return( 0 );
239}
240
241#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
242/*
243 * Helper to set up a restart context if needed
244 */
245static int pk_restart_setup( mbedtls_pk_restart_ctx *ctx,
246 const mbedtls_pk_info_t *info )
247{
248 /* Don't do anything if already set up or invalid */
249 if( ctx == NULL || ctx->pk_info != NULL )
250 return( 0 );
251
252 /* Should never happen when we're called */
253 if( info->rs_alloc_func == NULL || info->rs_free_func == NULL )
254 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
255
256 if( ( ctx->rs_ctx = info->rs_alloc_func() ) == NULL )
257 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
258
259 ctx->pk_info = info;
260
261 return( 0 );
262}
263#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
264
265/*
266 * Verify a signature (restartable)
267 */
268int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
269 mbedtls_md_type_t md_alg,
270 const unsigned char *hash, size_t hash_len,
271 const unsigned char *sig, size_t sig_len,
272 mbedtls_pk_restart_ctx *rs_ctx )
273{
274 PK_VALIDATE_RET( ctx != NULL );
275 PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
276 hash != NULL );
277 PK_VALIDATE_RET( sig != NULL );
278
279 if( ctx->pk_info == NULL ||
280 pk_hashlen_helper( md_alg, &hash_len ) != 0 )
281 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
282
283#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
284 /* optimization: use non-restartable version if restart disabled */
285 if( rs_ctx != NULL &&
286 mbedtls_ecp_restart_is_enabled() &&
287 ctx->pk_info->verify_rs_func != NULL )
288 {
289 int ret;
290
291 if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 )
292 return( ret );
293
294 ret = ctx->pk_info->verify_rs_func( ctx->pk_ctx,
295 md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx );
296
297 if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
298 mbedtls_pk_restart_free( rs_ctx );
299
300 return( ret );
301 }
302#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
303 (void) rs_ctx;
304#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
305
306 if( ctx->pk_info->verify_func == NULL )
307 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
308
309 return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len,
310 sig, sig_len ) );
311}
312
313/*
314 * Verify a signature
315 */
316int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
317 const unsigned char *hash, size_t hash_len,
318 const unsigned char *sig, size_t sig_len )
319{
320 return( mbedtls_pk_verify_restartable( ctx, md_alg, hash, hash_len,
321 sig, sig_len, NULL ) );
322}
323
324/*
325 * Verify a signature with options
326 */
327int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
328 mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
329 const unsigned char *hash, size_t hash_len,
330 const unsigned char *sig, size_t sig_len )
331{
332 PK_VALIDATE_RET( ctx != NULL );
333 PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
334 hash != NULL );
335 PK_VALIDATE_RET( sig != NULL );
336
337 if( ctx->pk_info == NULL )
338 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
339
340 if( ! mbedtls_pk_can_do( ctx, type ) )
341 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
342
343 if( type == MBEDTLS_PK_RSASSA_PSS )
344 {
345#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
346 int ret;
347 const mbedtls_pk_rsassa_pss_options *pss_opts;
348
349#if SIZE_MAX > UINT_MAX
350 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
351 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
352#endif /* SIZE_MAX > UINT_MAX */
353
354 if( options == NULL )
355 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
356
357 pss_opts = (const mbedtls_pk_rsassa_pss_options *) options;
358
359 if( sig_len < mbedtls_pk_get_len( ctx ) )
360 return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
361
362 ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ),
363 NULL, NULL, MBEDTLS_RSA_PUBLIC,
364 md_alg, (unsigned int) hash_len, hash,
365 pss_opts->mgf1_hash_id,
366 pss_opts->expected_salt_len,
367 sig );
368 if( ret != 0 )
369 return( ret );
370
371 if( sig_len > mbedtls_pk_get_len( ctx ) )
372 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
373
374 return( 0 );
375#else
376 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
377#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */
378 }
379
380 /* General case: no options */
381 if( options != NULL )
382 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
383
384 return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) );
385}
386
387/*
388 * Make a signature (restartable)
389 */
390int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
391 mbedtls_md_type_t md_alg,
392 const unsigned char *hash, size_t hash_len,
393 unsigned char *sig, size_t *sig_len,
394 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
395 mbedtls_pk_restart_ctx *rs_ctx )
396{
397 PK_VALIDATE_RET( ctx != NULL );
398 PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
399 hash != NULL );
400 PK_VALIDATE_RET( sig != NULL );
401
402 if( ctx->pk_info == NULL ||
403 pk_hashlen_helper( md_alg, &hash_len ) != 0 )
404 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
405
406#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
407 /* optimization: use non-restartable version if restart disabled */
408 if( rs_ctx != NULL &&
409 mbedtls_ecp_restart_is_enabled() &&
410 ctx->pk_info->sign_rs_func != NULL )
411 {
412 int ret;
413
414 if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 )
415 return( ret );
416
417 ret = ctx->pk_info->sign_rs_func( ctx->pk_ctx, md_alg,
418 hash, hash_len, sig, sig_len, f_rng, p_rng, rs_ctx->rs_ctx );
419
420 if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
421 mbedtls_pk_restart_free( rs_ctx );
422
423 return( ret );
424 }
425#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
426 (void) rs_ctx;
427#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
428
429 if( ctx->pk_info->sign_func == NULL )
430 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
431
432 return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len,
433 sig, sig_len, f_rng, p_rng ) );
434}
435
436/*
437 * Make a signature
438 */
439int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
440 const unsigned char *hash, size_t hash_len,
441 unsigned char *sig, size_t *sig_len,
442 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
443{
444 return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len,
445 sig, sig_len, f_rng, p_rng, NULL ) );
446}
447
448/*
449 * Decrypt message
450 */
451int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
452 const unsigned char *input, size_t ilen,
453 unsigned char *output, size_t *olen, size_t osize,
454 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
455{
456 PK_VALIDATE_RET( ctx != NULL );
457 PK_VALIDATE_RET( input != NULL || ilen == 0 );
458 PK_VALIDATE_RET( output != NULL || osize == 0 );
459 PK_VALIDATE_RET( olen != NULL );
460
461 if( ctx->pk_info == NULL )
462 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
463
464 if( ctx->pk_info->decrypt_func == NULL )
465 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
466
467 return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen,
468 output, olen, osize, f_rng, p_rng ) );
469}
470
471/*
472 * Encrypt message
473 */
474int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
475 const unsigned char *input, size_t ilen,
476 unsigned char *output, size_t *olen, size_t osize,
477 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
478{
479 PK_VALIDATE_RET( ctx != NULL );
480 PK_VALIDATE_RET( input != NULL || ilen == 0 );
481 PK_VALIDATE_RET( output != NULL || osize == 0 );
482 PK_VALIDATE_RET( olen != NULL );
483
484 if( ctx->pk_info == NULL )
485 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
486
487 if( ctx->pk_info->encrypt_func == NULL )
488 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
489
490 return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen,
491 output, olen, osize, f_rng, p_rng ) );
492}
493
494/*
495 * Check public-private key pair
496 */
497int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv )
498{
499 PK_VALIDATE_RET( pub != NULL );
500 PK_VALIDATE_RET( prv != NULL );
501
502 if( pub->pk_info == NULL ||
503 prv->pk_info == NULL ||
504 prv->pk_info->check_pair_func == NULL )
505 {
506 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
507 }
508
509 if( prv->pk_info->type == MBEDTLS_PK_RSA_ALT )
510 {
511 if( pub->pk_info->type != MBEDTLS_PK_RSA )
512 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
513 }
514 else
515 {
516 if( pub->pk_info != prv->pk_info )
517 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
518 }
519
520 return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) );
521}
522
523/*
524 * Get key size in bits
525 */
526size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx )
527{
528 /* For backward compatibility, accept NULL or a context that
529 * isn't set up yet, and return a fake value that should be safe. */
530 if( ctx == NULL || ctx->pk_info == NULL )
531 return( 0 );
532
533 return( ctx->pk_info->get_bitlen( ctx->pk_ctx ) );
534}
535
536/*
537 * Export debug information
538 */
539int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items )
540{
541 PK_VALIDATE_RET( ctx != NULL );
542 if( ctx->pk_info == NULL )
543 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
544
545 if( ctx->pk_info->debug_func == NULL )
546 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
547
548 ctx->pk_info->debug_func( ctx->pk_ctx, items );
549 return( 0 );
550}
551
552/*
553 * Access the PK type name
554 */
555const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx )
556{
557 if( ctx == NULL || ctx->pk_info == NULL )
558 return( "invalid PK" );
559
560 return( ctx->pk_info->name );
561}
562
563/*
564 * Access the PK type
565 */
566mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx )
567{
568 if( ctx == NULL || ctx->pk_info == NULL )
569 return( MBEDTLS_PK_NONE );
570
571 return( ctx->pk_info->type );
572}
573
574#endif /* MBEDTLS_PK_C */
NULL
#define NULL
Definition: types.h:112
ecdsa.h
This file contains ECDSA definitions and functions.
ecp.h
This file provides an API for Elliptic Curves over GF(P) (ECP).
MBEDTLS_ERR_ECP_IN_PROGRESS
#define MBEDTLS_ERR_ECP_IN_PROGRESS
Definition: ecp.h:87
type
GLuint GLuint GLsizei GLenum type
Definition: gl.h:1545
input
GLenum GLenum GLenum input
Definition: glext.h:9031
UINT_MAX
#define UINT_MAX
Definition: limits.h:41
mbedtls_md_type_t
mbedtls_md_type_t
Supported message digests.
Definition: md.h:83
MBEDTLS_MD_NONE
@ MBEDTLS_MD_NONE
Definition: md.h:84
mbedtls_md_get_size
unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info)
This function extracts the message-digest size from the message-digest information structure.
items
static TCHAR * items[]
Definition: page1.c:45
pk.h
Public Key abstraction layer.
mbedtls_pk_rsa_alt_decrypt_func
int(* mbedtls_pk_rsa_alt_decrypt_func)(void *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len)
Types for RSA-alt abstraction.
Definition: pk.h:205
mbedtls_pk_debug
int mbedtls_pk_debug(const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items)
Export debug information.
mbedtls_pk_get_len
static size_t mbedtls_pk_get_len(const mbedtls_pk_context *ctx)
Get the length in bytes of the underlying key.
Definition: pk.h:313
mbedtls_pk_sign_restartable
int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t *sig_len, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_pk_restart_ctx *rs_ctx)
Restartable version of mbedtls_pk_sign()
mbedtls_pk_can_do
int mbedtls_pk_can_do(const mbedtls_pk_context *ctx, mbedtls_pk_type_t type)
Tell if a context can do the operation given by type.
mbedtls_pk_type_t
mbedtls_pk_type_t
Public key types.
Definition: pk.h:103
MBEDTLS_PK_NONE
@ MBEDTLS_PK_NONE
Definition: pk.h:104
MBEDTLS_PK_ECDSA
@ MBEDTLS_PK_ECDSA
Definition: pk.h:108
MBEDTLS_PK_RSASSA_PSS
@ MBEDTLS_PK_RSASSA_PSS
Definition: pk.h:110
MBEDTLS_PK_RSA_ALT
@ MBEDTLS_PK_RSA_ALT
Definition: pk.h:109
MBEDTLS_PK_RSA
@ MBEDTLS_PK_RSA
Definition: pk.h:105
MBEDTLS_PK_ECKEY_DH
@ MBEDTLS_PK_ECKEY_DH
Definition: pk.h:107
MBEDTLS_PK_ECKEY
@ MBEDTLS_PK_ECKEY
Definition: pk.h:106
mbedtls_pk_decrypt
int mbedtls_pk_decrypt(mbedtls_pk_context *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, size_t osize, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Decrypt message (including padding if relevant).
mbedtls_pk_rsa
static mbedtls_rsa_context * mbedtls_pk_rsa(const mbedtls_pk_context pk)
Definition: pk.h:182
mbedtls_pk_sign
int mbedtls_pk_sign(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t *sig_len, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Make signature, including padding if relevant.
MBEDTLS_ERR_PK_TYPE_MISMATCH
#define MBEDTLS_ERR_PK_TYPE_MISMATCH
Definition: pk.h:79
mbedtls_pk_setup
int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info)
Initialize a PK context with the information given and allocates the type-specific PK subcontext.
mbedtls_pk_verify_ext
int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options, mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len)
Verify signature, with options. (Includes verification of the padding depending on type....
mbedtls_pk_check_pair
int mbedtls_pk_check_pair(const mbedtls_pk_context *pub, const mbedtls_pk_context *prv)
Check if a public-private pair of keys matches.
mbedtls_pk_init
void mbedtls_pk_init(mbedtls_pk_context *ctx)
Initialize a mbedtls_pk_context (as NONE).
mbedtls_pk_info_from_type
const mbedtls_pk_info_t * mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type)
Return information associated with the given PK type.
mbedtls_pk_verify_restartable
int mbedtls_pk_verify_restartable(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len, mbedtls_pk_restart_ctx *rs_ctx)
Restartable version of mbedtls_pk_verify()
MBEDTLS_ERR_PK_BAD_INPUT_DATA
#define MBEDTLS_ERR_PK_BAD_INPUT_DATA
Definition: pk.h:80
mbedtls_pk_get_type
mbedtls_pk_type_t mbedtls_pk_get_type(const mbedtls_pk_context *ctx)
Get the key type.
mbedtls_pk_setup_rsa_alt
int mbedtls_pk_setup_rsa_alt(mbedtls_pk_context *ctx, void *key, mbedtls_pk_rsa_alt_decrypt_func decrypt_func, mbedtls_pk_rsa_alt_sign_func sign_func, mbedtls_pk_rsa_alt_key_len_func key_len_func)
Initialize an RSA-alt context.
MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
Definition: pk.h:91
mbedtls_pk_verify
int mbedtls_pk_verify(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len)
Verify signature (including padding if relevant).
mbedtls_pk_rsa_alt_key_len_func
size_t(* mbedtls_pk_rsa_alt_key_len_func)(void *ctx)
Definition: pk.h:212
mbedtls_pk_free
void mbedtls_pk_free(mbedtls_pk_context *ctx)
Free the components of a mbedtls_pk_context.
mbedtls_pk_rsa_alt_sign_func
int(* mbedtls_pk_rsa_alt_sign_func)(void *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
Definition: pk.h:208
MBEDTLS_ERR_PK_ALLOC_FAILED
#define MBEDTLS_ERR_PK_ALLOC_FAILED
Definition: pk.h:78
mbedtls_pk_encrypt
int mbedtls_pk_encrypt(mbedtls_pk_context *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, size_t osize, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Encrypt message (including padding if relevant).
MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE
#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE
Definition: pk.h:90
mbedtls_pk_get_name
const char * mbedtls_pk_get_name(const mbedtls_pk_context *ctx)
Access the type name.
pk_internal.h
Public Key abstraction layer: wrapper functions.
mbedtls_rsa_alt_info
const mbedtls_pk_info_t mbedtls_rsa_alt_info
mbedtls_rsa_info
const mbedtls_pk_info_t mbedtls_rsa_info
mbedtls_ecdsa_info
const mbedtls_pk_info_t mbedtls_ecdsa_info
mbedtls_eckeydh_info
const mbedtls_pk_info_t mbedtls_eckeydh_info
mbedtls_eckey_info
const mbedtls_pk_info_t mbedtls_eckey_info
mbedtls_platform_zeroize
void mbedtls_platform_zeroize(void *buf, size_t len)
Securely zeroize a buffer.
Definition: platform_util.c:98
platform_util.h
Common and shared functions used by multiple modules in the Mbed TLS library.
rsa.h
This file provides an API for the RSA public-key cryptosystem.
MBEDTLS_RSA_PUBLIC
#define MBEDTLS_RSA_PUBLIC
Definition: rsa.h:94
MBEDTLS_ERR_RSA_VERIFY_FAILED
#define MBEDTLS_ERR_RSA_VERIFY_FAILED
Definition: rsa.h:80
mbedtls_rsa_rsassa_pss_verify_ext
int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, mbedtls_md_type_t mgf1_hash_id, int expected_salt_len, const unsigned char *sig)
This function performs a PKCS#1 v2.1 PSS verification operation (RSASSA-PSS-VERIFY).
mbedtls_md_info_from_type
#define mbedtls_md_info_from_type
Definition: schannel_mbedtls_lazyload.h:172
mbedtls_pk_get_bitlen
#define mbedtls_pk_get_bitlen
Definition: schannel_mbedtls_lazyload.h:173
config.h
Configuration options (set of defines)
hash
Definition: _hash_fun.h:40
key
Definition: copy.c:22
mbedtls_md_info_t
Definition: md_internal.h:73
mbedtls_pk_context
Public key container.
Definition: pk.h:156
mbedtls_pk_context::pk_info
const mbedtls_pk_info_t * pk_info
Definition: pk.h:157
mbedtls_pk_context::pk_ctx
void * pk_ctx
Definition: pk.h:158
mbedtls_pk_debug_item
Item to send to the debug module.
Definition: pk.h:138
mbedtls_pk_info_t
Definition: pk_internal.h:62
mbedtls_pk_info_t::type
mbedtls_pk_type_t type
Definition: pk_internal.h:64
mbedtls_pk_info_t::check_pair_func
int(* check_pair_func)(const void *pub, const void *prv)
Definition: pk_internal.h:115
mbedtls_pk_rsassa_pss_options
Options for RSASSA-PSS signature verification. See mbedtls_rsa_rsassa_pss_verify_ext()
Definition: pk.h:118
mbedtls_pk_rsassa_pss_options::expected_salt_len
int expected_salt_len
Definition: pk.h:120
mbedtls_pk_rsassa_pss_options::mgf1_hash_id
mbedtls_md_type_t mgf1_hash_id
Definition: pk.h:119
mbedtls_rsa_alt_context
Definition: pk_internal.h:138
mbedtls_rsa_alt_context::key
void * key
Definition: pk_internal.h:139
mbedtls_rsa_alt_context::key_len_func
mbedtls_pk_rsa_alt_key_len_func key_len_func
Definition: pk_internal.h:142
mbedtls_rsa_alt_context::decrypt_func
mbedtls_pk_rsa_alt_decrypt_func decrypt_func
Definition: pk_internal.h:140
mbedtls_rsa_alt_context::sign_func
mbedtls_pk_rsa_alt_sign_func sign_func
Definition: pk_internal.h:141
ret
int ret
Definition: wcstombs-tests.c:31