mbed TLS v2.2.0
|
Public Key abstraction layer.
Public Key abstraction layer: wrapper functions.
Copyright (C) 2006-2015, ARM Limited, All Rights Reserved SPDX-License-Identifier: Apache-2.0
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
This file is part of mbed TLS (https://tls.mbed.org)
Definition in file pk.h.
Go to the source code of this file.
Data Structures | |
struct | mbedtls_pk_rsassa_pss_options |
Options for RSASSA-PSS signature verification. More... | |
struct | mbedtls_pk_debug_item |
Item to send to the debug module. More... | |
struct | mbedtls_pk_context |
Public key container. More... | |
Macros | |
#define | MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 |
Memory allocation failed. More... | |
#define | MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00 |
Type mismatch, eg attempt to encrypt with an ECDSA key. More... | |
#define | MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 |
Bad input parameters to function. More... | |
#define | MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00 |
Read/write of file failed. More... | |
#define | MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80 |
Unsupported key version. More... | |
#define | MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 |
Invalid key tag or value. More... | |
#define | MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 |
Key algorithm is unsupported (only RSA and EC are supported). More... | |
#define | MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00 |
Private key password can't be empty. More... | |
#define | MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80 |
Given private key password does not allow for correct decryption. More... | |
#define | MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00 |
The pubkey tag or value is invalid (only RSA and EC are supported). More... | |
#define | MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 |
The algorithm tag or value is invalid. More... | |
#define | MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 |
Elliptic curve is unsupported (only NIST curves are supported). More... | |
#define | MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 |
Unavailable feature, e.g. More... | |
#define | MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 |
The signature is valid but its length is less than expected. More... | |
#define | MBEDTLS_PK_DEBUG_MAX_ITEMS 3 |
Maximum number of item send for debugging, plus 1. More... | |
Typedefs | |
typedef struct mbedtls_pk_info_t | mbedtls_pk_info_t |
Public key information and operations. More... | |
Enumerations | |
enum | mbedtls_pk_type_t { MBEDTLS_PK_NONE =0, MBEDTLS_PK_RSA, MBEDTLS_PK_ECKEY, MBEDTLS_PK_ECKEY_DH, MBEDTLS_PK_ECDSA, MBEDTLS_PK_RSA_ALT, MBEDTLS_PK_RSASSA_PSS } |
Public key types. More... | |
enum | mbedtls_pk_debug_type { MBEDTLS_PK_DEBUG_NONE = 0, MBEDTLS_PK_DEBUG_MPI, MBEDTLS_PK_DEBUG_ECP } |
Types for interfacing with the debug module. More... | |
Functions | |
const mbedtls_pk_info_t * | mbedtls_pk_info_from_type (mbedtls_pk_type_t pk_type) |
Return information associated with the given PK type. More... | |
void | mbedtls_pk_init (mbedtls_pk_context *ctx) |
Initialize a mbedtls_pk_context (as NONE) More... | |
void | mbedtls_pk_free (mbedtls_pk_context *ctx) |
Free a mbedtls_pk_context. More... | |
int | mbedtls_pk_setup (mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info) |
Initialize a PK context with the information given and allocates the type-specific PK subcontext. More... | |
size_t | mbedtls_pk_get_bitlen (const mbedtls_pk_context *ctx) |
Get the size in bits of the underlying key. More... | |
static size_t | mbedtls_pk_get_len (const mbedtls_pk_context *ctx) |
Get the length in bytes of the underlying key. More... | |
int | mbedtls_pk_can_do (const mbedtls_pk_context *ctx, mbedtls_pk_type_t type) |
Tell if a context can do the operation given by type. More... | |
int | mbedtls_pk_verify (mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len) |
Verify signature (including padding if relevant). More... | |
int | mbedtls_pk_verify_ext (mbedtls_pk_type_t type, const void *options, mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len) |
Verify signature, with options. More... | |
int | mbedtls_pk_sign (mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t *sig_len, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
Make signature, including padding if relevant. More... | |
int | mbedtls_pk_decrypt (mbedtls_pk_context *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, size_t osize, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
Decrypt message (including padding if relevant). More... | |
int | mbedtls_pk_encrypt (mbedtls_pk_context *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, size_t osize, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
Encrypt message (including padding if relevant). More... | |
int | mbedtls_pk_check_pair (const mbedtls_pk_context *pub, const mbedtls_pk_context *prv) |
Check if a public-private pair of keys matches. More... | |
int | mbedtls_pk_debug (const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items) |
Export debug information. More... | |
const char * | mbedtls_pk_get_name (const mbedtls_pk_context *ctx) |
Access the type name. More... | |
mbedtls_pk_type_t | mbedtls_pk_get_type (const mbedtls_pk_context *ctx) |
Get the key type. More... | |
#define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 |
#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 |
#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 |
#define MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00 |
#define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 |
#define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00 |
#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 |
#define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80 |
#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80 |
#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00 |
#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 |
#define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00 |
#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 |
#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 |
#define MBEDTLS_PK_DEBUG_MAX_ITEMS 3 |
typedef struct mbedtls_pk_info_t mbedtls_pk_info_t |
enum mbedtls_pk_type_t |
int mbedtls_pk_can_do | ( | const mbedtls_pk_context * | ctx, |
mbedtls_pk_type_t | type | ||
) |
Tell if a context can do the operation given by type.
ctx | Context to test |
type | Target type |
int mbedtls_pk_check_pair | ( | const mbedtls_pk_context * | pub, |
const mbedtls_pk_context * | prv | ||
) |
Check if a public-private pair of keys matches.
pub | Context holding a public key. |
prv | Context holding a private (and public) key. |
int mbedtls_pk_debug | ( | const mbedtls_pk_context * | ctx, |
mbedtls_pk_debug_item * | items | ||
) |
Export debug information.
ctx | Context to use |
items | Place to write debug items |
int mbedtls_pk_decrypt | ( | mbedtls_pk_context * | ctx, |
const unsigned char * | input, | ||
size_t | ilen, | ||
unsigned char * | output, | ||
size_t * | olen, | ||
size_t | osize, | ||
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng | ||
) |
Decrypt message (including padding if relevant).
ctx | PK context to use - must hold a private key |
input | Input to decrypt |
ilen | Input size |
output | Decrypted output |
olen | Decrypted message length |
osize | Size of the output buffer |
f_rng | RNG function |
p_rng | RNG parameter |
int mbedtls_pk_encrypt | ( | mbedtls_pk_context * | ctx, |
const unsigned char * | input, | ||
size_t | ilen, | ||
unsigned char * | output, | ||
size_t * | olen, | ||
size_t | osize, | ||
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng | ||
) |
Encrypt message (including padding if relevant).
ctx | PK context to use |
input | Message to encrypt |
ilen | Message size |
output | Encrypted output |
olen | Encrypted output length |
osize | Size of the output buffer |
f_rng | RNG function |
p_rng | RNG parameter |
void mbedtls_pk_free | ( | mbedtls_pk_context * | ctx | ) |
Free a mbedtls_pk_context.
size_t mbedtls_pk_get_bitlen | ( | const mbedtls_pk_context * | ctx | ) |
Get the size in bits of the underlying key.
ctx | Context to use |
Referenced by mbedtls_pk_get_len().
|
inlinestatic |
Get the length in bytes of the underlying key.
ctx | Context to use |
Definition at line 243 of file pk.h.
References mbedtls_pk_get_bitlen().
const char* mbedtls_pk_get_name | ( | const mbedtls_pk_context * | ctx | ) |
Access the type name.
ctx | Context to use |
mbedtls_pk_type_t mbedtls_pk_get_type | ( | const mbedtls_pk_context * | ctx | ) |
Get the key type.
ctx | Context to use |
const mbedtls_pk_info_t* mbedtls_pk_info_from_type | ( | mbedtls_pk_type_t | pk_type | ) |
Return information associated with the given PK type.
pk_type | PK type to search for. |
void mbedtls_pk_init | ( | mbedtls_pk_context * | ctx | ) |
Initialize a mbedtls_pk_context (as NONE)
int mbedtls_pk_setup | ( | mbedtls_pk_context * | ctx, |
const mbedtls_pk_info_t * | info | ||
) |
Initialize a PK context with the information given and allocates the type-specific PK subcontext.
ctx | Context to initialize. Must be empty (type NONE). |
info | Information to use |
mbedtls_pk_setup_rsa_alt()
instead. int mbedtls_pk_sign | ( | mbedtls_pk_context * | ctx, |
mbedtls_md_type_t | md_alg, | ||
const unsigned char * | hash, | ||
size_t | hash_len, | ||
unsigned char * | sig, | ||
size_t * | sig_len, | ||
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng | ||
) |
Make signature, including padding if relevant.
ctx | PK context to use - must hold a private key |
md_alg | Hash algorithm used (see notes) |
hash | Hash of the message to sign |
hash_len | Hash length or 0 (see notes) |
sig | Place to write the signature |
sig_len | Number of bytes written |
f_rng | RNG function |
p_rng | RNG parameter |
int mbedtls_pk_verify | ( | mbedtls_pk_context * | ctx, |
mbedtls_md_type_t | md_alg, | ||
const unsigned char * | hash, | ||
size_t | hash_len, | ||
const unsigned char * | sig, | ||
size_t | sig_len | ||
) |
Verify signature (including padding if relevant).
ctx | PK context to use |
md_alg | Hash algorithm used (see notes) |
hash | Hash of the message to sign |
hash_len | Hash length or 0 (see notes) |
sig | Signature to verify |
sig_len | Signature length |
mbedtls_pk_verify_ext
( MBEDTLS_PK_RSASSA_PSS, ... ) to verify RSASSA_PSS signatures.int mbedtls_pk_verify_ext | ( | mbedtls_pk_type_t | type, |
const void * | options, | ||
mbedtls_pk_context * | ctx, | ||
mbedtls_md_type_t | md_alg, | ||
const unsigned char * | hash, | ||
size_t | hash_len, | ||
const unsigned char * | sig, | ||
size_t | sig_len | ||
) |
Verify signature, with options.
(Includes verification of the padding depending on type.)
type | Signature type (inc. possible padding type) to verify |
options | Pointer to type-specific options, or NULL |
ctx | PK context to use |
md_alg | Hash algorithm used (see notes) |
hash | Hash of the message to sign |
hash_len | Hash length or 0 (see notes) |
sig | Signature to verify |
sig_len | Signature length |