Wrapper for PKCS#11 library libpkcs11-helper. More...
#include "config.h"
#include "x509_crt.h"
#include <pkcs11-helper-1.0/pkcs11h-certificate.h>
Go to the source code of this file.
Data Structures | |
struct | mbedtls_pkcs11_context |
Functions | |
void | mbedtls_pkcs11_init (mbedtls_pkcs11_context *ctx) |
int | mbedtls_pkcs11_x509_cert_bind (mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11h_cert) |
int | mbedtls_pkcs11_priv_key_bind (mbedtls_pkcs11_context *priv_key, pkcs11h_certificate_t pkcs11_cert) |
void | mbedtls_pkcs11_priv_key_free (mbedtls_pkcs11_context *priv_key) |
int | mbedtls_pkcs11_decrypt (mbedtls_pkcs11_context *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len) |
Do an RSA private key decrypt, then remove the message padding. | |
int | mbedtls_pkcs11_sign (mbedtls_pkcs11_context *ctx, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig) |
Do a private RSA to sign a message digest. | |
static int | mbedtls_ssl_pkcs11_decrypt (void *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len) |
static int | mbedtls_ssl_pkcs11_sign (void *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig) |
static size_t | mbedtls_ssl_pkcs11_key_len (void *ctx) |
Wrapper for PKCS#11 library libpkcs11-helper.
Definition in file pkcs11.h.
int mbedtls_pkcs11_decrypt | ( | mbedtls_pkcs11_context * | ctx, | |
int | mode, | |||
size_t * | olen, | |||
const unsigned char * | input, | |||
unsigned char * | output, | |||
size_t | output_max_len | |||
) |
Do an RSA private key decrypt, then remove the message padding.
ctx | PKCS #11 context | |
mode | must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature | |
input | buffer holding the encrypted data | |
output | buffer that will hold the plaintext | |
olen | will contain the plaintext length | |
output_max_len | maximum length of the output buffer |
Referenced by mbedtls_ssl_pkcs11_decrypt().
void mbedtls_pkcs11_init | ( | mbedtls_pkcs11_context * | ctx | ) |
Initialize a mbedtls_pkcs11_context. (Just making memory references valid.)
int mbedtls_pkcs11_priv_key_bind | ( | mbedtls_pkcs11_context * | priv_key, | |
pkcs11h_certificate_t | pkcs11_cert | |||
) |
Set up a mbedtls_pkcs11_context storing the given certificate. Note that the mbedtls_pkcs11_context will take over control of the certificate, freeing it when done.
priv_key | Private key structure to fill. | |
pkcs11_cert | PKCS #11 helper certificate |
void mbedtls_pkcs11_priv_key_free | ( | mbedtls_pkcs11_context * | priv_key | ) |
Free the contents of the given private key context. Note that the structure itself is not freed.
priv_key | Private key structure to cleanup |
int mbedtls_pkcs11_sign | ( | mbedtls_pkcs11_context * | ctx, | |
int | mode, | |||
mbedtls_md_type_t | md_alg, | |||
unsigned int | hashlen, | |||
const unsigned char * | hash, | |||
unsigned char * | sig | |||
) |
Do a private RSA to sign a message digest.
ctx | PKCS #11 context | |
mode | must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature | |
md_alg | a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) | |
hashlen | message digest length (for MBEDTLS_MD_NONE only) | |
hash | buffer holding the message digest | |
sig | buffer that will hold the ciphertext |
Referenced by mbedtls_ssl_pkcs11_sign().
int mbedtls_pkcs11_x509_cert_bind | ( | mbedtls_x509_crt * | cert, | |
pkcs11h_certificate_t | pkcs11h_cert | |||
) |
Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.
cert | X.509 certificate to fill | |
pkcs11h_cert | PKCS #11 helper certificate |
static int mbedtls_ssl_pkcs11_decrypt | ( | void * | ctx, | |
int | mode, | |||
size_t * | olen, | |||
const unsigned char * | input, | |||
unsigned char * | output, | |||
size_t | output_max_len | |||
) | [inline, static] |
SSL/TLS wrappers for PKCS#11 functions
Definition at line 171 of file pkcs11.h.
References mbedtls_pkcs11_decrypt().
static size_t mbedtls_ssl_pkcs11_key_len | ( | void * | ctx | ) | [inline, static] |
static int mbedtls_ssl_pkcs11_sign | ( | void * | ctx, | |
int(*)(void *, unsigned char *, size_t) | f_rng, | |||
void * | p_rng, | |||
int | mode, | |||
mbedtls_md_type_t | md_alg, | |||
unsigned int | hashlen, | |||
const unsigned char * | hash, | |||
unsigned char * | sig | |||
) | [inline, static] |
Definition at line 179 of file pkcs11.h.
References mbedtls_pkcs11_sign().