65#if !defined(MBEDTLS_CONFIG_FILE)
68#include MBEDTLS_CONFIG_FILE
71#if defined(MBEDTLS_RSA_C)
80#if defined(MBEDTLS_PKCS1_V21)
84#if defined(MBEDTLS_PKCS1_V15) && !defined(__OpenBSD__) && !defined(__NetBSD__)
88#if defined(MBEDTLS_PLATFORM_C)
92#define mbedtls_printf printf
93#define mbedtls_calloc calloc
94#define mbedtls_free free
97#if !defined(MBEDTLS_RSA_ALT)
100#define RSA_VALIDATE_RET( cond ) \
101 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_RSA_BAD_INPUT_DATA )
102#define RSA_VALIDATE( cond ) \
103 MBEDTLS_INTERNAL_VALIDATE( cond )
105#if defined(MBEDTLS_PKCS1_V15)
107static inline int mbedtls_safer_memcmp(
const void *
a,
const void *
b,
size_t n )
110 const unsigned char *
A = (
const unsigned char *)
a;
111 const unsigned char *
B = (
const unsigned char *)
b;
112 unsigned char diff = 0;
114 for(
i = 0;
i <
n;
i++ )
127 RSA_VALIDATE_RET(
ctx !=
NULL );
145 unsigned char const *
N,
size_t N_len,
146 unsigned char const *
P,
size_t P_len,
147 unsigned char const *Q,
size_t Q_len,
148 unsigned char const *
D,
size_t D_len,
149 unsigned char const *
E,
size_t E_len )
152 RSA_VALIDATE_RET(
ctx !=
NULL );
186 int blinding_needed )
188#if !defined(MBEDTLS_RSA_NO_CRT)
191 ((
void) blinding_needed);
212#if !defined(MBEDTLS_RSA_NO_CRT)
234#if defined(MBEDTLS_RSA_NO_CRT)
251#if defined(MBEDTLS_RSA_NO_CRT)
252 if( is_priv && blinding_needed &&
262#if !defined(MBEDTLS_RSA_NO_CRT)
276 int have_N, have_P, have_Q, have_D, have_E;
277#if !defined(MBEDTLS_RSA_NO_CRT)
278 int have_DP, have_DQ, have_QP;
280 int n_missing, pq_missing, d_missing, is_pub, is_priv;
282 RSA_VALIDATE_RET(
ctx !=
NULL );
290#if !defined(MBEDTLS_RSA_NO_CRT)
306 n_missing = have_P && have_Q && have_D && have_E;
307 pq_missing = have_N && !have_P && !have_Q && have_D && have_E;
308 d_missing = have_P && have_Q && !have_D && have_E;
309 is_pub = have_N && !have_P && !have_Q && !have_D && have_E;
312 is_priv = n_missing || pq_missing || d_missing;
314 if( !is_priv && !is_pub )
321 if( !have_N && have_P && have_Q )
360#if !defined(MBEDTLS_RSA_NO_CRT)
361 if( is_priv && ! ( have_DP && have_DQ && have_QP ) )
374 return( rsa_check_context(
ctx, is_priv, 1 ) );
378 unsigned char *
N,
size_t N_len,
379 unsigned char *
P,
size_t P_len,
380 unsigned char *Q,
size_t Q_len,
381 unsigned char *
D,
size_t D_len,
382 unsigned char *
E,
size_t E_len )
386 RSA_VALIDATE_RET(
ctx !=
NULL );
431 RSA_VALIDATE_RET(
ctx !=
NULL );
475 RSA_VALIDATE_RET(
ctx !=
NULL );
488#if !defined(MBEDTLS_RSA_NO_CRT)
498 DP, DQ, QP ) ) != 0 )
522#if defined(MBEDTLS_THREADING_C)
526 mbedtls_mutex_init( &
ctx->mutex );
541 ctx->hash_id = hash_id;
554#if defined(MBEDTLS_GENPRIME)
563 int (*f_rng)(
void *,
unsigned char *,
size_t),
565 unsigned int nbits,
int exponent )
569 int prime_quality = 0;
570 RSA_VALIDATE_RET(
ctx !=
NULL );
571 RSA_VALIDATE_RET( f_rng !=
NULL );
585 if( nbits < 128 || exponent < 3 || nbits % 2 != 0 )
602 prime_quality, f_rng, p_rng ) );
605 prime_quality, f_rng, p_rng ) );
646#if !defined(MBEDTLS_RSA_NO_CRT)
668 if( ( -
ret & ~0x7f ) == 0 )
683 RSA_VALIDATE_RET(
ctx !=
NULL );
685 if( rsa_check_context(
ctx, 0 , 0 ) != 0 )
708 RSA_VALIDATE_RET(
ctx !=
NULL );
711 rsa_check_context(
ctx, 1 , 1 ) != 0 )
722#if !defined(MBEDTLS_RSA_NO_CRT)
739 RSA_VALIDATE_RET( pub !=
NULL );
740 RSA_VALIDATE_RET( prv !=
NULL );
761 const unsigned char *
input,
762 unsigned char *output )
767 RSA_VALIDATE_RET(
ctx !=
NULL );
769 RSA_VALIDATE_RET( output !=
NULL );
771 if( rsa_check_context(
ctx, 0 , 0 ) )
776#if defined(MBEDTLS_THREADING_C)
777 if( (
ret = mbedtls_mutex_lock( &
ctx->mutex ) ) != 0 )
794#if defined(MBEDTLS_THREADING_C)
795 if( mbedtls_mutex_unlock( &
ctx->mutex ) != 0 )
814 int (*f_rng)(
void *,
unsigned char *,
size_t),
void *p_rng )
891#define RSA_EXPONENT_BLINDING 28
897 int (*f_rng)(
void *,
unsigned char *,
size_t),
899 const unsigned char *
input,
900 unsigned char *output )
912#if !defined(MBEDTLS_RSA_NO_CRT)
937 RSA_VALIDATE_RET(
ctx !=
NULL );
939 RSA_VALIDATE_RET( output !=
NULL );
941 if( rsa_check_context(
ctx, 1 ,
942 f_rng !=
NULL ) != 0 )
947#if defined(MBEDTLS_THREADING_C)
948 if( (
ret = mbedtls_mutex_lock( &
ctx->mutex ) ) != 0 )
961#if defined(MBEDTLS_RSA_NO_CRT)
969#if !defined(MBEDTLS_RSA_NO_CRT)
1003#if defined(MBEDTLS_RSA_NO_CRT)
1039#if defined(MBEDTLS_RSA_NO_CRT)
1089#if defined(MBEDTLS_THREADING_C)
1090 if( mbedtls_mutex_unlock( &
ctx->mutex ) != 0 )
1100#if defined(MBEDTLS_RSA_NO_CRT)
1110#if !defined(MBEDTLS_RSA_NO_CRT)
1117 if(
ret != 0 &&
ret >= -0x007f )
1123#if defined(MBEDTLS_PKCS1_V21)
1133static int mgf_mask(
unsigned char *
dst,
size_t dlen,
unsigned char *
src,
1166 for(
i = 0;
i < use_len; ++
i )
1181#if defined(MBEDTLS_PKCS1_V21)
1186 int (*f_rng)(
void *,
unsigned char *,
size_t),
1189 const unsigned char *
label,
size_t label_len,
1191 const unsigned char *
input,
1192 unsigned char *output )
1196 unsigned char *
p = output;
1201 RSA_VALIDATE_RET(
ctx !=
NULL );
1204 RSA_VALIDATE_RET( output !=
NULL );
1206 RSA_VALIDATE_RET( label_len == 0 ||
label !=
NULL );
1215 if( md_info ==
NULL )
1222 if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 )
1225 memset( output, 0, olen );
1230 if( (
ret = f_rng( p_rng,
p, hlen ) ) != 0 )
1239 p += olen - 2 * hlen - 2 - ilen;
1248 if( (
ret = mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen,
1253 if( (
ret = mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1,
1269#if defined(MBEDTLS_PKCS1_V15)
1274 int (*f_rng)(
void *,
unsigned char *,
size_t),
1276 int mode,
size_t ilen,
1277 const unsigned char *
input,
1278 unsigned char *output )
1280 size_t nb_pad, olen;
1282 unsigned char *
p = output;
1284 RSA_VALIDATE_RET(
ctx !=
NULL );
1287 RSA_VALIDATE_RET( output !=
NULL );
1296 if( ilen + 11 < ilen || olen < ilen + 11 )
1299 nb_pad = olen - 3 - ilen;
1309 while( nb_pad-- > 0 )
1314 ret = f_rng( p_rng,
p, 1 );
1315 }
while( *
p == 0 && --rng_dl &&
ret == 0 );
1318 if( rng_dl == 0 ||
ret != 0 )
1328 while( nb_pad-- > 0 )
1345 int (*f_rng)(
void *,
unsigned char *,
size_t),
1347 int mode,
size_t ilen,
1348 const unsigned char *
input,
1349 unsigned char *output )
1351 RSA_VALIDATE_RET(
ctx !=
NULL );
1354 RSA_VALIDATE_RET( output !=
NULL );
1357 switch(
ctx->padding )
1359#if defined(MBEDTLS_PKCS1_V15)
1365#if defined(MBEDTLS_PKCS1_V21)
1368 ilen,
input, output );
1376#if defined(MBEDTLS_PKCS1_V21)
1381 int (*f_rng)(
void *,
unsigned char *,
size_t),
1384 const unsigned char *
label,
size_t label_len,
1386 const unsigned char *
input,
1387 unsigned char *output,
1388 size_t output_max_len )
1391 size_t ilen,
i, pad_len;
1392 unsigned char *
p, bad, pad_done;
1399 RSA_VALIDATE_RET(
ctx !=
NULL );
1402 RSA_VALIDATE_RET( output_max_len == 0 || output !=
NULL );
1403 RSA_VALIDATE_RET( label_len == 0 ||
label !=
NULL );
1405 RSA_VALIDATE_RET( olen !=
NULL );
1415 if( ilen < 16 || ilen >
sizeof(
buf ) )
1419 if( md_info ==
NULL )
1425 if( 2 * hlen + 2 > ilen )
1449 if( (
ret = mgf_mask(
buf + 1, hlen,
buf + hlen + 1, ilen - hlen - 1,
1452 (
ret = mgf_mask(
buf + hlen + 1, ilen - hlen - 1,
buf + 1, hlen,
1476 for(
i = 0;
i < hlen;
i++ )
1477 bad |= lhash[
i] ^ *
p++;
1483 for(
i = 0;
i < ilen - 2 * hlen - 2;
i++ )
1486 pad_len += ((pad_done | (
unsigned char)-pad_done) >> 7) ^ 1;
1504 if( ilen - (
p -
buf ) > output_max_len )
1510 *olen = ilen - (
p -
buf);
1522#if defined(MBEDTLS_PKCS1_V15)
1528static unsigned all_or_nothing_int(
unsigned value )
1532#if defined(_MSC_VER)
1533#pragma warning( push )
1534#pragma warning( disable : 4146 )
1537#if defined(_MSC_VER)
1538#pragma warning( pop )
1552static unsigned size_greater_than(
size_t size,
size_t max )
1555 return( (
max -
size ) >> (
sizeof(
size_t ) * 8 - 1 ) );
1568static unsigned if_int(
unsigned cond,
unsigned if1,
unsigned if0 )
1570 unsigned mask = all_or_nothing_int( cond );
1571 return( (
mask & if1 ) | (~
mask & if0 ) );
1590static void mem_move_to_left(
void *
start,
1594 volatile unsigned char *
buf =
start;
1618 int (*f_rng)(
void *,
unsigned char *,
size_t),
1620 int mode,
size_t *olen,
1621 const unsigned char *
input,
1622 unsigned char *output,
1623 size_t output_max_len )
1626 size_t ilen,
i, plaintext_max_size;
1638 size_t pad_count = 0;
1640 unsigned char pad_done = 0;
1641 size_t plaintext_size = 0;
1642 unsigned output_too_large;
1644 RSA_VALIDATE_RET(
ctx !=
NULL );
1647 RSA_VALIDATE_RET( output_max_len == 0 || output !=
NULL );
1649 RSA_VALIDATE_RET( olen !=
NULL );
1652 plaintext_max_size = ( output_max_len > ilen - 11 ?
1659 if( ilen < 16 || ilen >
sizeof(
buf ) )
1681 for(
i = 2;
i < ilen;
i++ )
1683 pad_done |= ((
buf[
i] | (
unsigned char)-
buf[
i]) >> 7) ^ 1;
1684 pad_count += ((pad_done | (
unsigned char)-pad_done) >> 7) ^ 1;
1696 for(
i = 2;
i < ilen;
i++ )
1698 pad_done |= if_int(
buf[
i], 0, 1 );
1699 pad_count += if_int( pad_done, 0, 1 );
1700 bad |= if_int( pad_done, 0,
buf[
i] ^ 0xFF );
1705 bad |= if_int( pad_done, 0, 1 );
1708 bad |= size_greater_than( 8, pad_count );
1717 plaintext_size = if_int( bad,
1718 (
unsigned) plaintext_max_size,
1719 (
unsigned) ( ilen - pad_count - 3 ) );
1723 output_too_large = size_greater_than( plaintext_size,
1724 plaintext_max_size );
1741 bad = all_or_nothing_int( bad | output_too_large );
1742 for(
i = 11;
i < ilen;
i++ )
1749 plaintext_size = if_int( output_too_large,
1750 (
unsigned) plaintext_max_size,
1751 (
unsigned) plaintext_size );
1759 mem_move_to_left(
buf + ilen - plaintext_max_size,
1761 plaintext_max_size - plaintext_size );
1765 memcpy( output,
buf + ilen - plaintext_max_size, plaintext_max_size );
1771 *olen = plaintext_size;
1784 int (*f_rng)(
void *,
unsigned char *,
size_t),
1786 int mode,
size_t *olen,
1787 const unsigned char *
input,
1788 unsigned char *output,
1789 size_t output_max_len)
1791 RSA_VALIDATE_RET(
ctx !=
NULL );
1794 RSA_VALIDATE_RET( output_max_len == 0 || output !=
NULL );
1796 RSA_VALIDATE_RET( olen !=
NULL );
1798 switch(
ctx->padding )
1800#if defined(MBEDTLS_PKCS1_V15)
1803 input, output, output_max_len );
1806#if defined(MBEDTLS_PKCS1_V21)
1809 olen,
input, output,
1818#if defined(MBEDTLS_PKCS1_V21)
1823 int (*f_rng)(
void *,
unsigned char *,
size_t),
1827 unsigned int hashlen,
1828 const unsigned char *
hash,
1829 unsigned char *sig )
1832 unsigned char *
p = sig;
1834 size_t slen, min_slen, hlen,
offset = 0;
1839 RSA_VALIDATE_RET(
ctx !=
NULL );
1845 RSA_VALIDATE_RET( sig !=
NULL );
1859 if( md_info ==
NULL )
1866 if( md_info ==
NULL )
1877 min_slen = hlen - 2;
1878 if( olen < hlen + min_slen + 2 )
1880 else if( olen >= hlen + hlen + 2 )
1883 slen = olen - hlen - 2;
1888 if( (
ret = f_rng( p_rng, salt, slen ) ) != 0 )
1893 p += olen - hlen - slen - 2;
1924 sig[0] &= 0xFF >> ( olen * 8 - msb );
1943#if defined(MBEDTLS_PKCS1_V15)
1967 unsigned int hashlen,
1968 const unsigned char *
hash,
1970 unsigned char *
dst )
1972 size_t oid_size = 0;
1973 size_t nb_pad = dst_len;
1974 unsigned char *
p =
dst;
1975 const char *oid =
NULL;
1981 if( md_info ==
NULL )
1991 if( 8 + hashlen + oid_size >= 0x80 ||
1992 10 + hashlen < hashlen ||
1993 10 + hashlen + oid_size < 10 + hashlen )
2004 if( nb_pad < 10 + hashlen + oid_size )
2006 nb_pad -= 10 + hashlen + oid_size;
2010 if( nb_pad < hashlen )
2018 if( nb_pad < 3 + 8 )
2053 *
p++ = (
unsigned char)( 0x08 + oid_size + hashlen );
2055 *
p++ = (
unsigned char)( 0x04 + oid_size );
2057 *
p++ = (
unsigned char) oid_size;
2063 *
p++ = (
unsigned char) hashlen;
2069 if(
p !=
dst + dst_len )
2082 int (*f_rng)(
void *,
unsigned char *,
size_t),
2086 unsigned int hashlen,
2087 const unsigned char *
hash,
2088 unsigned char *sig )
2091 unsigned char *sig_try =
NULL, *verif =
NULL;
2093 RSA_VALIDATE_RET(
ctx !=
NULL );
2099 RSA_VALIDATE_RET( sig !=
NULL );
2108 if( (
ret = rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen,
hash,
2109 ctx->len, sig ) ) != 0 )
2129 if( sig_try ==
NULL )
2142 if( mbedtls_safer_memcmp( verif, sig,
ctx->len ) != 0 )
2162 int (*f_rng)(
void *,
unsigned char *,
size_t),
2166 unsigned int hashlen,
2167 const unsigned char *
hash,
2168 unsigned char *sig )
2170 RSA_VALIDATE_RET(
ctx !=
NULL );
2176 RSA_VALIDATE_RET( sig !=
NULL );
2178 switch(
ctx->padding )
2180#if defined(MBEDTLS_PKCS1_V15)
2183 hashlen,
hash, sig );
2186#if defined(MBEDTLS_PKCS1_V21)
2189 hashlen,
hash, sig );
2197#if defined(MBEDTLS_PKCS1_V21)
2202 int (*f_rng)(
void *,
unsigned char *,
size_t),
2206 unsigned int hashlen,
2207 const unsigned char *
hash,
2209 int expected_salt_len,
2210 const unsigned char *sig )
2215 unsigned char *hash_start;
2217 unsigned char zeros[8];
2219 size_t observed_salt_len, msb;
2224 RSA_VALIDATE_RET(
ctx !=
NULL );
2227 RSA_VALIDATE_RET( sig !=
NULL );
2237 if( siglen < 16 || siglen >
sizeof(
buf ) )
2249 if(
buf[siglen - 1] != 0xBC )
2256 if( md_info ==
NULL )
2263 if( md_info ==
NULL )
2275 if(
buf[0] >> ( 8 - siglen * 8 + msb ) )
2285 if( siglen < hlen + 2 )
2287 hash_start =
p + siglen - hlen - 1;
2293 ret = mgf_mask(
p, siglen - hlen - 1, hash_start, hlen, &md_ctx );
2297 buf[0] &= 0xFF >> ( siglen * 8 - msb );
2299 while(
p < hash_start - 1 && *
p == 0 )
2308 observed_salt_len = hash_start -
p;
2311 observed_salt_len != (
size_t) expected_salt_len )
2352 int (*f_rng)(
void *,
unsigned char *,
size_t),
2356 unsigned int hashlen,
2357 const unsigned char *
hash,
2358 const unsigned char *sig )
2361 RSA_VALIDATE_RET(
ctx !=
NULL );
2364 RSA_VALIDATE_RET( sig !=
NULL );
2374 md_alg, hashlen,
hash,
2381#if defined(MBEDTLS_PKCS1_V15)
2386 int (*f_rng)(
void *,
unsigned char *,
size_t),
2390 unsigned int hashlen,
2391 const unsigned char *
hash,
2392 const unsigned char *sig )
2396 unsigned char *encoded =
NULL, *encoded_expected =
NULL;
2398 RSA_VALIDATE_RET(
ctx !=
NULL );
2401 RSA_VALIDATE_RET( sig !=
NULL );
2422 if( (
ret = rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen,
hash, sig_len,
2423 encoded_expected ) ) != 0 )
2440 if( (
ret = mbedtls_safer_memcmp( encoded, encoded_expected,
2449 if( encoded !=
NULL )
2455 if( encoded_expected !=
NULL )
2469 int (*f_rng)(
void *,
unsigned char *,
size_t),
2473 unsigned int hashlen,
2474 const unsigned char *
hash,
2475 const unsigned char *sig )
2477 RSA_VALIDATE_RET(
ctx !=
NULL );
2480 RSA_VALIDATE_RET( sig !=
NULL );
2485 switch(
ctx->padding )
2487#if defined(MBEDTLS_PKCS1_V15)
2490 hashlen,
hash, sig );
2493#if defined(MBEDTLS_PKCS1_V21)
2496 hashlen,
hash, sig );
2510 RSA_VALIDATE_RET(
dst !=
NULL );
2511 RSA_VALIDATE_RET(
src !=
NULL );
2522#if !defined(MBEDTLS_RSA_NO_CRT)
2535 dst->padding =
src->padding;
2536 dst->hash_id =
src->hash_id;
2562#if !defined(MBEDTLS_RSA_NO_CRT)
2570#if defined(MBEDTLS_THREADING_C)
2574 mbedtls_mutex_free( &
ctx->mutex );
2582#if defined(MBEDTLS_SELF_TEST)
2591#define RSA_N "9292758453063D803DD603D5E777D788" \
2592 "8ED1D5BF35786190FA2F23EBC0848AEA" \
2593 "DDA92CA6C3D80B32C4D109BE0F36D6AE" \
2594 "7130B9CED7ACDF54CFC7555AC14EEBAB" \
2595 "93A89813FBF3C4F8066D2D800F7C38A8" \
2596 "1AE31942917403FF4946B0A83D3D3E05" \
2597 "EE57C6F5F5606FB5D4BC6CD34EE0801A" \
2598 "5E94BB77B07507233A0BC7BAC8F90F79"
2600#define RSA_E "10001"
2602#define RSA_D "24BF6185468786FDD303083D25E64EFC" \
2603 "66CA472BC44D253102F8B4A9D3BFA750" \
2604 "91386C0077937FE33FA3252D28855837" \
2605 "AE1B484A8A9A45F7EE8C0C634F99E8CD" \
2606 "DF79C5CE07EE72C7F123142198164234" \
2607 "CABB724CF78B8173B9F880FC86322407" \
2608 "AF1FEDFDDE2BEB674CA15F3E81A1521E" \
2609 "071513A1E85B5DFA031F21ECAE91A34D"
2611#define RSA_P "C36D0EB7FCD285223CFB5AABA5BDA3D8" \
2612 "2C01CAD19EA484A87EA4377637E75500" \
2613 "FCB2005C5C7DD6EC4AC023CDA285D796" \
2614 "C3D9E75E1EFC42488BB4F1D13AC30A57"
2616#define RSA_Q "C000DF51A7C77AE8D7C7370C1FF55B69" \
2617 "E211C2B9E5DB1ED0BF61D0D9899620F4" \
2618 "910E4168387E3C30AA1E00C339A79508" \
2619 "8452DD96A9A5EA5D9DCA68DA636032AF"
2622#define RSA_PT "\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \
2623 "\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD"
2625#if defined(MBEDTLS_PKCS1_V15)
2626static int myrand(
void *rng_state,
unsigned char *output,
size_t len )
2628#if !defined(__OpenBSD__) && !defined(__NetBSD__)
2631 if( rng_state !=
NULL )
2634 for(
i = 0;
i <
len; ++
i )
2637 if( rng_state !=
NULL )
2640 arc4random_buf( output,
len );
2650int mbedtls_rsa_self_test(
int verbose )
2653#if defined(MBEDTLS_PKCS1_V15)
2656 unsigned char rsa_plaintext[PT_LEN];
2657 unsigned char rsa_decrypted[PT_LEN];
2658 unsigned char rsa_ciphertext[KEY_LEN];
2659#if defined(MBEDTLS_SHA1_C)
2660 unsigned char sha1sum[20];
2697 memcpy( rsa_plaintext, RSA_PT, PT_LEN );
2700 PT_LEN, rsa_plaintext,
2701 rsa_ciphertext ) != 0 )
2714 &
len, rsa_ciphertext, rsa_decrypted,
2715 sizeof(rsa_decrypted) ) != 0 )
2724 if(
memcmp( rsa_decrypted, rsa_plaintext,
len ) != 0 )
2736#if defined(MBEDTLS_SHA1_C)
2750 sha1sum, rsa_ciphertext ) != 0 )
2764 sha1sum, rsa_ciphertext ) != 0 )
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
#define MBEDTLS_MPI_MAX_SIZE
int mbedtls_mpi_read_string(mbedtls_mpi *X, int radix, const char *s)
Import an MPI from an ASCII string.
int mbedtls_mpi_sub_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)
Perform a signed subtraction of MPIs: X = A - B.
int mbedtls_mpi_sub_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b)
Perform a signed subtraction of an MPI and an integer: X = A - b.
int mbedtls_mpi_add_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b)
Perform a signed addition of an MPI and an integer: X = A + b.
#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
int mbedtls_mpi_copy(mbedtls_mpi *X, const mbedtls_mpi *Y)
Make a copy of an MPI.
#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA
@ MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR
size_t mbedtls_mpi_size(const mbedtls_mpi *X)
Return the total size of an MPI value in bytes.
int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR)
Perform a sliding-window exponentiation: X = A^E mod N.
int mbedtls_mpi_div_mpi(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B)
Perform a division with remainder of two MPIs: A = Q * B + R.
int mbedtls_mpi_add_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)
Perform a signed addition of MPIs: X = A + B.
void mbedtls_mpi_swap(mbedtls_mpi *X, mbedtls_mpi *Y)
Swap the contents of two MPIs.
int mbedtls_mpi_lset(mbedtls_mpi *X, mbedtls_mpi_sint z)
Store integer value in MPI.
size_t mbedtls_mpi_bitlen(const mbedtls_mpi *X)
Return the number of bits up to and including the most significant bit of value 1.
int mbedtls_mpi_read_binary(mbedtls_mpi *X, const unsigned char *buf, size_t buflen)
Import an MPI from unsigned big endian binary data.
int mbedtls_mpi_cmp_mpi(const mbedtls_mpi *X, const mbedtls_mpi *Y)
Compare two MPIs.
int mbedtls_mpi_mod_mpi(mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B)
Perform a modular reduction. R = A mod B.
int mbedtls_mpi_fill_random(mbedtls_mpi *X, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Fill an MPI with a number of random bytes.
int mbedtls_mpi_gen_prime(mbedtls_mpi *X, size_t nbits, int flags, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate a prime number.
void mbedtls_mpi_init(mbedtls_mpi *X)
Initialize an MPI context.
#define MBEDTLS_ERR_MPI_ALLOC_FAILED
int mbedtls_mpi_mul_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)
Perform a multiplication of two MPIs: X = A * B.
#define MBEDTLS_MPI_CHK(f)
int mbedtls_mpi_inv_mod(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N)
Compute the modular inverse: X = A^-1 mod N.
int mbedtls_mpi_get_bit(const mbedtls_mpi *X, size_t pos)
Get a specific bit from an MPI.
void mbedtls_mpi_free(mbedtls_mpi *X)
This function frees the components of an MPI context.
int mbedtls_mpi_write_binary(const mbedtls_mpi *X, unsigned char *buf, size_t buflen)
Export an MPI into unsigned big endian binary data of fixed size.
int mbedtls_mpi_cmp_int(const mbedtls_mpi *X, mbedtls_mpi_sint z)
Compare an MPI with an integer.
int mbedtls_mpi_gcd(mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B)
Compute the greatest common divisor: G = gcd(A, B)
#define G(r, i, a, b, c, d)
static void cleanup(void)
unsigned int(__cdecl typeof(jpeg_read_scanlines))(struct jpeg_decompress_struct *
GLuint GLuint GLsizei count
GLboolean GLboolean GLboolean b
GLenum GLuint GLenum GLsizei const GLchar * buf
GLboolean GLboolean GLboolean GLboolean a
GLenum GLenum GLenum input
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
#define MBEDTLS_ASN1_OCTET_STRING
#define MBEDTLS_ASN1_SEQUENCE
#define MBEDTLS_ASN1_CONSTRUCTED
#define MBEDTLS_ASN1_NULL
_Check_return_ int __cdecl rand(void)
This file contains the generic message-digest wrapper.
int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac)
This function selects the message digest algorithm to use, and allocates internal structures.
mbedtls_md_type_t
Supported message digests.
int mbedtls_md_starts(mbedtls_md_context_t *ctx)
This function starts a message-digest computation.
int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, unsigned char *output)
This function calculates the message-digest of a buffer, with respect to a configurable message-diges...
int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen)
This function feeds an input buffer into an ongoing message-digest computation.
#define MBEDTLS_MD_MAX_SIZE
void mbedtls_md_init(mbedtls_md_context_t *ctx)
This function initializes a message-digest context without binding it to a particular message-digest ...
int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output)
This function finishes the digest operation, and writes the result to the output buffer.
unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info)
This function extracts the message-digest size from the message-digest information structure.
void mbedtls_md_free(mbedtls_md_context_t *ctx)
This function clears the internal structure of ctx and frees any embedded internal structure,...
#define memcpy(s1, s2, n)
struct task_struct * current
static const WCHAR label[]
static const DWORD padding[]
Object Identifier (OID) database.
int mbedtls_oid_get_oid_by_md(mbedtls_md_type_t md_alg, const char **oid, size_t *olen)
Translate md_type into hash algorithm OID.
static unsigned __int64 next
This file provides an API for the RSA public-key cryptosystem.
#define MBEDTLS_RSA_PRIVATE
int mbedtls_rsa_pkcs1_encrypt(mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t ilen, const unsigned char *input, unsigned char *output)
This function adds the message padding, then performs an RSA operation.
int mbedtls_rsa_complete(mbedtls_rsa_context *ctx)
This function completes an RSA context from a set of imported core parameters.
#define MBEDTLS_RSA_PUBLIC
int mbedtls_rsa_pkcs1_verify(mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig)
This function performs a public RSA operation and checks the message digest.
void mbedtls_rsa_init(mbedtls_rsa_context *ctx, int padding, int hash_id)
This function initializes an RSA context.
int mbedtls_rsa_rsassa_pkcs1_v15_verify(mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig)
This function performs a PKCS#1 v1.5 verification operation (RSASSA-PKCS1-v1_5-VERIFY).
#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
int mbedtls_rsa_import(mbedtls_rsa_context *ctx, const mbedtls_mpi *N, const mbedtls_mpi *P, const mbedtls_mpi *Q, const mbedtls_mpi *D, const mbedtls_mpi *E)
This function imports a set of core parameters into an RSA context.
int mbedtls_rsa_check_pub_priv(const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv)
This function checks a public-private RSA key pair.
#define MBEDTLS_ERR_RSA_VERIFY_FAILED
int mbedtls_rsa_import_raw(mbedtls_rsa_context *ctx, unsigned char const *N, size_t N_len, unsigned char const *P, size_t P_len, unsigned char const *Q, size_t Q_len, unsigned char const *D, size_t D_len, unsigned char const *E, size_t E_len)
This function imports core RSA parameters, in raw big-endian binary format, into an RSA context.
int mbedtls_rsa_private(mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, const unsigned char *input, unsigned char *output)
This function performs an RSA private key operation.
int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, unsigned int nbits, int exponent)
This function generates an RSA keypair.
#define MBEDTLS_RSA_PKCS_V15
int mbedtls_rsa_pkcs1_sign(mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
This function performs a private RSA operation to sign a message digest using PKCS#1.
size_t mbedtls_rsa_get_len(const mbedtls_rsa_context *ctx)
This function retrieves the length of RSA modulus in Bytes.
int mbedtls_rsa_rsaes_pkcs1_v15_encrypt(mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t ilen, const unsigned char *input, unsigned char *output)
This function performs a PKCS#1 v1.5 encryption operation (RSAES-PKCS1-v1_5-ENCRYPT).
int mbedtls_rsa_rsaes_pkcs1_v15_decrypt(mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len)
This function performs a PKCS#1 v1.5 decryption operation (RSAES-PKCS1-v1_5-DECRYPT).
int mbedtls_rsa_pkcs1_decrypt(mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len)
This function performs an RSA operation, then removes the message padding.
int mbedtls_rsa_export(const mbedtls_rsa_context *ctx, mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, mbedtls_mpi *D, mbedtls_mpi *E)
This function exports the core parameters of an RSA key.
int mbedtls_rsa_export_raw(const mbedtls_rsa_context *ctx, unsigned char *N, size_t N_len, unsigned char *P, size_t P_len, unsigned char *Q, size_t Q_len, unsigned char *D, size_t D_len, unsigned char *E, size_t E_len)
This function exports core parameters of an RSA key in raw big-endian binary format.
#define MBEDTLS_ERR_RSA_RNG_FAILED
int mbedtls_rsa_copy(mbedtls_rsa_context *dst, const mbedtls_rsa_context *src)
This function copies the components of an RSA context.
int mbedtls_rsa_rsassa_pss_verify(mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig)
This function performs a PKCS#1 v2.1 PSS verification operation (RSASSA-PSS-VERIFY).
void mbedtls_rsa_free(mbedtls_rsa_context *ctx)
This function frees the components of an RSA key.
#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
#define MBEDTLS_RSA_PKCS_V21
int mbedtls_rsa_export_crt(const mbedtls_rsa_context *ctx, mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP)
This function exports CRT parameters of a private RSA key.
int mbedtls_rsa_public(mbedtls_rsa_context *ctx, const unsigned char *input, unsigned char *output)
This function performs an RSA public key operation.
int mbedtls_rsa_check_privkey(const mbedtls_rsa_context *ctx)
This function checks if a context contains an RSA private key and perform basic consistency checks.
#define MBEDTLS_RSA_SALT_LEN_ANY
#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA
int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, mbedtls_md_type_t mgf1_hash_id, int expected_salt_len, const unsigned char *sig)
This function performs a PKCS#1 v2.1 PSS verification operation (RSASSA-PSS-VERIFY).
int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, const unsigned char *label, size_t label_len, size_t ilen, const unsigned char *input, unsigned char *output)
This function performs a PKCS#1 v2.1 OAEP encryption operation (RSAES-OAEP-ENCRYPT).
#define MBEDTLS_RSA_CRYPT
int mbedtls_rsa_check_pubkey(const mbedtls_rsa_context *ctx)
This function checks if a context contains at least an RSA public key.
void mbedtls_rsa_set_padding(mbedtls_rsa_context *ctx, int padding, int hash_id)
This function sets padding for an already initialized RSA context. See mbedtls_rsa_init() for details...
#define MBEDTLS_ERR_RSA_INVALID_PADDING
#define MBEDTLS_ERR_RSA_KEY_GEN_FAILED
#define MBEDTLS_ERR_RSA_PUBLIC_FAILED
int mbedtls_rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
This function performs a PKCS#1 v2.1 PSS signature operation (RSASSA-PSS-SIGN).
int mbedtls_rsa_rsassa_pkcs1_v15_sign(mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
This function performs a PKCS#1 v1.5 signature operation (RSASSA-PKCS1-v1_5-SIGN).
#define MBEDTLS_ERR_RSA_PRIVATE_FAILED
int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, const unsigned char *label, size_t label_len, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len)
This function performs a PKCS#1 v2.1 OAEP decryption operation (RSAES-OAEP-DECRYPT).
Context-independent RSA helper functions.
int mbedtls_rsa_deduce_private_exponent(mbedtls_mpi const *P, mbedtls_mpi const *Q, mbedtls_mpi const *E, mbedtls_mpi *D)
Compute RSA private exponent from prime moduli and public key.
int mbedtls_rsa_validate_params(const mbedtls_mpi *N, const mbedtls_mpi *P, const mbedtls_mpi *Q, const mbedtls_mpi *D, const mbedtls_mpi *E, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Check validity of core RSA parameters.
int mbedtls_rsa_deduce_primes(mbedtls_mpi const *N, mbedtls_mpi const *E, mbedtls_mpi const *D, mbedtls_mpi *P, mbedtls_mpi *Q)
Compute RSA prime moduli P, Q from public modulus N=PQ and a pair of private and public key.
int mbedtls_rsa_deduce_crt(const mbedtls_mpi *P, const mbedtls_mpi *Q, const mbedtls_mpi *D, mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP)
Generate RSA-CRT parameters.
int mbedtls_rsa_validate_crt(const mbedtls_mpi *P, const mbedtls_mpi *Q, const mbedtls_mpi *D, const mbedtls_mpi *DP, const mbedtls_mpi *DQ, const mbedtls_mpi *QP)
Check validity of RSA CRT parameters.
#define mbedtls_md_info_from_type
Configuration options (set of defines)
This file contains SHA-1 definitions and functions.
int mbedtls_sha1_ret(const unsigned char *input, size_t ilen, unsigned char output[20])
This function calculates the SHA-1 checksum of a buffer.
const mbedtls_md_info_t * md_info
The RSA context structure.
#define MBEDTLS_ERR_THREADING_MUTEX_ERROR