Public Key abstraction layer. More...
#include "config.h"
#include "md.h"
#include "rsa.h"
#include "ecp.h"
#include "ecdsa.h"
Go to the source code of this file.
Data Structures | |
struct | mbedtls_pk_rsassa_pss_options |
Options for RSASSA-PSS signature verification. See mbedtls_rsa_rsassa_pss_verify_ext() . More... | |
struct | mbedtls_pk_debug_item |
Item to send to the debug module. More... | |
struct | mbedtls_pk_context |
Public key container. More... | |
Defines | |
#define | MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 |
#define | MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00 |
#define | MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 |
#define | MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00 |
#define | MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80 |
#define | MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 |
#define | MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 |
#define | MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00 |
#define | MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80 |
#define | MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00 |
#define | MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 |
#define | MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 |
#define | MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 |
#define | MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 |
#define | MBEDTLS_ERR_PK_HW_ACCEL_FAILED -0x3880 |
#define | MBEDTLS_PK_DEBUG_MAX_ITEMS 3 |
Typedefs | |
typedef struct mbedtls_pk_info_t | mbedtls_pk_info_t |
Public key information and operations. | |
typedef int(* | mbedtls_pk_rsa_alt_decrypt_func )(void *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len) |
Types for RSA-alt abstraction. | |
typedef int(* | mbedtls_pk_rsa_alt_sign_func )(void *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig) |
typedef size_t(* | mbedtls_pk_rsa_alt_key_len_func )(void *ctx) |
Enumerations | |
enum | mbedtls_pk_type_t { MBEDTLS_PK_NONE = 0, MBEDTLS_PK_RSA, MBEDTLS_PK_ECKEY, MBEDTLS_PK_ECKEY_DH, MBEDTLS_PK_ECDSA, MBEDTLS_PK_RSA_ALT, MBEDTLS_PK_RSASSA_PSS } |
Public key types. More... | |
enum | mbedtls_pk_debug_type { MBEDTLS_PK_DEBUG_NONE = 0, MBEDTLS_PK_DEBUG_MPI, MBEDTLS_PK_DEBUG_ECP } |
Types for interfacing with the debug module. More... | |
Functions | |
static mbedtls_rsa_context * | mbedtls_pk_rsa (const mbedtls_pk_context pk) |
static mbedtls_ecp_keypair * | mbedtls_pk_ec (const mbedtls_pk_context pk) |
const mbedtls_pk_info_t * | mbedtls_pk_info_from_type (mbedtls_pk_type_t pk_type) |
Return information associated with the given PK type. | |
void | mbedtls_pk_init (mbedtls_pk_context *ctx) |
Initialize a mbedtls_pk_context (as NONE). | |
void | mbedtls_pk_free (mbedtls_pk_context *ctx) |
Free a mbedtls_pk_context. | |
int | mbedtls_pk_setup (mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info) |
Initialize a PK context with the information given and allocates the type-specific PK subcontext. | |
int | mbedtls_pk_setup_rsa_alt (mbedtls_pk_context *ctx, void *key, mbedtls_pk_rsa_alt_decrypt_func decrypt_func, mbedtls_pk_rsa_alt_sign_func sign_func, mbedtls_pk_rsa_alt_key_len_func key_len_func) |
Initialize an RSA-alt context. | |
size_t | mbedtls_pk_get_bitlen (const mbedtls_pk_context *ctx) |
Get the size in bits of the underlying key. | |
static size_t | mbedtls_pk_get_len (const mbedtls_pk_context *ctx) |
Get the length in bytes of the underlying key. | |
int | mbedtls_pk_can_do (const mbedtls_pk_context *ctx, mbedtls_pk_type_t type) |
Tell if a context can do the operation given by type. | |
int | mbedtls_pk_verify (mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len) |
Verify signature (including padding if relevant). | |
int | mbedtls_pk_verify_ext (mbedtls_pk_type_t type, const void *options, mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len) |
Verify signature, with options. (Includes verification of the padding depending on type.). | |
int | mbedtls_pk_sign (mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t *sig_len, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
Make signature, including padding if relevant. | |
int | mbedtls_pk_decrypt (mbedtls_pk_context *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, size_t osize, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
Decrypt message (including padding if relevant). | |
int | mbedtls_pk_encrypt (mbedtls_pk_context *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, size_t osize, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
Encrypt message (including padding if relevant). | |
int | mbedtls_pk_check_pair (const mbedtls_pk_context *pub, const mbedtls_pk_context *prv) |
Check if a public-private pair of keys matches. | |
int | mbedtls_pk_debug (const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items) |
Export debug information. | |
const char * | mbedtls_pk_get_name (const mbedtls_pk_context *ctx) |
Access the type name. | |
mbedtls_pk_type_t | mbedtls_pk_get_type (const mbedtls_pk_context *ctx) |
Get the key type. | |
int | mbedtls_pk_parse_key (mbedtls_pk_context *ctx, const unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen) |
Parse a private key in PEM or DER format. | |
int | mbedtls_pk_parse_public_key (mbedtls_pk_context *ctx, const unsigned char *key, size_t keylen) |
Parse a public key in PEM or DER format. | |
int | mbedtls_pk_parse_keyfile (mbedtls_pk_context *ctx, const char *path, const char *password) |
Load and parse a private key. | |
int | mbedtls_pk_parse_public_keyfile (mbedtls_pk_context *ctx, const char *path) |
Load and parse a public key. | |
int | mbedtls_pk_write_key_der (mbedtls_pk_context *ctx, unsigned char *buf, size_t size) |
Write a private key to a PKCS#1 or SEC1 DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer. | |
int | mbedtls_pk_write_pubkey_der (mbedtls_pk_context *ctx, unsigned char *buf, size_t size) |
Write a public key to a SubjectPublicKeyInfo DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer. | |
int | mbedtls_pk_write_pubkey_pem (mbedtls_pk_context *ctx, unsigned char *buf, size_t size) |
Write a public key to a PEM string. | |
int | mbedtls_pk_write_key_pem (mbedtls_pk_context *ctx, unsigned char *buf, size_t size) |
Write a private key to a PKCS#1 or SEC1 PEM string. | |
int | mbedtls_pk_parse_subpubkey (unsigned char **p, const unsigned char *end, mbedtls_pk_context *pk) |
Parse a SubjectPublicKeyInfo DER structure. | |
int | mbedtls_pk_write_pubkey (unsigned char **p, unsigned char *start, const mbedtls_pk_context *key) |
Write a subjectPublicKey to ASN.1 data Note: function works backwards in data buffer. | |
int | mbedtls_pk_load_file (const char *path, unsigned char **buf, size_t *n) |
Public Key abstraction layer.
Definition in file pk.h.
#define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 |
#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 |
#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 |
#define MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00 |
#define MBEDTLS_ERR_PK_HW_ACCEL_FAILED -0x3880 |
#define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 |
#define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00 |
#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 |
#define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80 |
#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80 |
#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00 |
#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 |
#define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00 |
#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 |
#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 |
#define MBEDTLS_PK_DEBUG_MAX_ITEMS 3 |
typedef struct mbedtls_pk_info_t mbedtls_pk_info_t |
typedef int(* mbedtls_pk_rsa_alt_decrypt_func)(void *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len) |
typedef size_t(* mbedtls_pk_rsa_alt_key_len_func)(void *ctx) |
typedef int(* mbedtls_pk_rsa_alt_sign_func)(void *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig) |
enum mbedtls_pk_type_t |
int mbedtls_pk_can_do | ( | const mbedtls_pk_context * | ctx, | |
mbedtls_pk_type_t | type | |||
) |
Tell if a context can do the operation given by type.
ctx | Context to test | |
type | Target type |
int mbedtls_pk_check_pair | ( | const mbedtls_pk_context * | pub, | |
const mbedtls_pk_context * | prv | |||
) |
Check if a public-private pair of keys matches.
pub | Context holding a public key. | |
prv | Context holding a private (and public) key. |
int mbedtls_pk_debug | ( | const mbedtls_pk_context * | ctx, | |
mbedtls_pk_debug_item * | items | |||
) |
Export debug information.
ctx | Context to use | |
items | Place to write debug items |
int mbedtls_pk_decrypt | ( | mbedtls_pk_context * | ctx, | |
const unsigned char * | input, | |||
size_t | ilen, | |||
unsigned char * | output, | |||
size_t * | olen, | |||
size_t | osize, | |||
int(*)(void *, unsigned char *, size_t) | f_rng, | |||
void * | p_rng | |||
) |
Decrypt message (including padding if relevant).
ctx | PK context to use - must hold a private key | |
input | Input to decrypt | |
ilen | Input size | |
output | Decrypted output | |
olen | Decrypted message length | |
osize | Size of the output buffer | |
f_rng | RNG function | |
p_rng | RNG parameter |
static mbedtls_ecp_keypair* mbedtls_pk_ec | ( | const mbedtls_pk_context | pk | ) | [inline, static] |
int mbedtls_pk_encrypt | ( | mbedtls_pk_context * | ctx, | |
const unsigned char * | input, | |||
size_t | ilen, | |||
unsigned char * | output, | |||
size_t * | olen, | |||
size_t | osize, | |||
int(*)(void *, unsigned char *, size_t) | f_rng, | |||
void * | p_rng | |||
) |
Encrypt message (including padding if relevant).
ctx | PK context to use | |
input | Message to encrypt | |
ilen | Message size | |
output | Encrypted output | |
olen | Encrypted output length | |
osize | Size of the output buffer | |
f_rng | RNG function | |
p_rng | RNG parameter |
void mbedtls_pk_free | ( | mbedtls_pk_context * | ctx | ) |
Free a mbedtls_pk_context.
size_t mbedtls_pk_get_bitlen | ( | const mbedtls_pk_context * | ctx | ) |
Get the size in bits of the underlying key.
ctx | Context to use |
Referenced by mbedtls_pk_get_len().
static size_t mbedtls_pk_get_len | ( | const mbedtls_pk_context * | ctx | ) | [inline, static] |
Get the length in bytes of the underlying key.
ctx | Context to use |
Definition at line 272 of file pk.h.
References mbedtls_pk_get_bitlen().
const char* mbedtls_pk_get_name | ( | const mbedtls_pk_context * | ctx | ) |
Access the type name.
ctx | Context to use |
mbedtls_pk_type_t mbedtls_pk_get_type | ( | const mbedtls_pk_context * | ctx | ) |
Get the key type.
ctx | Context to use |
const mbedtls_pk_info_t* mbedtls_pk_info_from_type | ( | mbedtls_pk_type_t | pk_type | ) |
Return information associated with the given PK type.
pk_type | PK type to search for. |
void mbedtls_pk_init | ( | mbedtls_pk_context * | ctx | ) |
Initialize a mbedtls_pk_context (as NONE).
int mbedtls_pk_load_file | ( | const char * | path, | |
unsigned char ** | buf, | |||
size_t * | n | |||
) |
int mbedtls_pk_parse_key | ( | mbedtls_pk_context * | ctx, | |
const unsigned char * | key, | |||
size_t | keylen, | |||
const unsigned char * | pwd, | |||
size_t | pwdlen | |||
) |
Parse a private key in PEM or DER format.
ctx | key to be initialized | |
key | input buffer | |
keylen | size of the buffer (including the terminating null byte for PEM data) | |
pwd | password for decryption (optional) | |
pwdlen | size of the password |
int mbedtls_pk_parse_keyfile | ( | mbedtls_pk_context * | ctx, | |
const char * | path, | |||
const char * | password | |||
) |
Load and parse a private key.
ctx | key to be initialized | |
path | filename to read the private key from | |
password | password to decrypt the file (can be NULL) |
int mbedtls_pk_parse_public_key | ( | mbedtls_pk_context * | ctx, | |
const unsigned char * | key, | |||
size_t | keylen | |||
) |
Parse a public key in PEM or DER format.
ctx | key to be initialized | |
key | input buffer | |
keylen | size of the buffer (including the terminating null byte for PEM data) |
int mbedtls_pk_parse_public_keyfile | ( | mbedtls_pk_context * | ctx, | |
const char * | path | |||
) |
Load and parse a public key.
ctx | key to be initialized | |
path | filename to read the public key from |
int mbedtls_pk_parse_subpubkey | ( | unsigned char ** | p, | |
const unsigned char * | end, | |||
mbedtls_pk_context * | pk | |||
) |
Parse a SubjectPublicKeyInfo DER structure.
p | the position in the ASN.1 data | |
end | end of the buffer | |
pk | the key to fill |
static mbedtls_rsa_context* mbedtls_pk_rsa | ( | const mbedtls_pk_context | pk | ) | [inline, static] |
int mbedtls_pk_setup | ( | mbedtls_pk_context * | ctx, | |
const mbedtls_pk_info_t * | info | |||
) |
Initialize a PK context with the information given and allocates the type-specific PK subcontext.
ctx | Context to initialize. Must be empty (type NONE). | |
info | Information to use |
mbedtls_pk_setup_rsa_alt()
instead. int mbedtls_pk_setup_rsa_alt | ( | mbedtls_pk_context * | ctx, | |
void * | key, | |||
mbedtls_pk_rsa_alt_decrypt_func | decrypt_func, | |||
mbedtls_pk_rsa_alt_sign_func | sign_func, | |||
mbedtls_pk_rsa_alt_key_len_func | key_len_func | |||
) |
Initialize an RSA-alt context.
ctx | Context to initialize. Must be empty (type NONE). | |
key | RSA key pointer | |
decrypt_func | Decryption function | |
sign_func | Signing function | |
key_len_func | Function returning key length in bytes |
mbedtls_pk_setup()
for RSA-alt. int mbedtls_pk_sign | ( | mbedtls_pk_context * | ctx, | |
mbedtls_md_type_t | md_alg, | |||
const unsigned char * | hash, | |||
size_t | hash_len, | |||
unsigned char * | sig, | |||
size_t * | sig_len, | |||
int(*)(void *, unsigned char *, size_t) | f_rng, | |||
void * | p_rng | |||
) |
Make signature, including padding if relevant.
ctx | PK context to use - must hold a private key | |
md_alg | Hash algorithm used (see notes) | |
hash | Hash of the message to sign | |
hash_len | Hash length or 0 (see notes) | |
sig | Place to write the signature | |
sig_len | Number of bytes written | |
f_rng | RNG function | |
p_rng | RNG parameter |
sig
buffer size must be of at least `max(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)` bytes. int mbedtls_pk_verify | ( | mbedtls_pk_context * | ctx, | |
mbedtls_md_type_t | md_alg, | |||
const unsigned char * | hash, | |||
size_t | hash_len, | |||
const unsigned char * | sig, | |||
size_t | sig_len | |||
) |
Verify signature (including padding if relevant).
ctx | PK context to use | |
md_alg | Hash algorithm used (see notes) | |
hash | Hash of the message to sign | |
hash_len | Hash length or 0 (see notes) | |
sig | Signature to verify | |
sig_len | Signature length |
siglen
, or a specific error code.mbedtls_pk_verify_ext
( MBEDTLS_PK_RSASSA_PSS, ... ) to verify RSASSA_PSS signatures.int mbedtls_pk_verify_ext | ( | mbedtls_pk_type_t | type, | |
const void * | options, | |||
mbedtls_pk_context * | ctx, | |||
mbedtls_md_type_t | md_alg, | |||
const unsigned char * | hash, | |||
size_t | hash_len, | |||
const unsigned char * | sig, | |||
size_t | sig_len | |||
) |
Verify signature, with options. (Includes verification of the padding depending on type.).
type | Signature type (inc. possible padding type) to verify | |
options | Pointer to type-specific options, or NULL | |
ctx | PK context to use | |
md_alg | Hash algorithm used (see notes) | |
hash | Hash of the message to sign | |
hash_len | Hash length or 0 (see notes) | |
sig | Signature to verify | |
sig_len | Signature length |
siglen
, or a specific error code.int mbedtls_pk_write_key_der | ( | mbedtls_pk_context * | ctx, | |
unsigned char * | buf, | |||
size_t | size | |||
) |
Write a private key to a PKCS#1 or SEC1 DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer.
ctx | private to write away | |
buf | buffer to write to | |
size | size of the buffer |
int mbedtls_pk_write_key_pem | ( | mbedtls_pk_context * | ctx, | |
unsigned char * | buf, | |||
size_t | size | |||
) |
Write a private key to a PKCS#1 or SEC1 PEM string.
ctx | private to write away | |
buf | buffer to write to | |
size | size of the buffer |
int mbedtls_pk_write_pubkey | ( | unsigned char ** | p, | |
unsigned char * | start, | |||
const mbedtls_pk_context * | key | |||
) |
Write a subjectPublicKey to ASN.1 data Note: function works backwards in data buffer.
p | reference to current position pointer | |
start | start of the buffer (for bounds-checking) | |
key | public key to write away |
int mbedtls_pk_write_pubkey_der | ( | mbedtls_pk_context * | ctx, | |
unsigned char * | buf, | |||
size_t | size | |||
) |
Write a public key to a SubjectPublicKeyInfo DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer.
ctx | public key to write away | |
buf | buffer to write to | |
size | size of the buffer |
int mbedtls_pk_write_pubkey_pem | ( | mbedtls_pk_context * | ctx, | |
unsigned char * | buf, | |||
size_t | size | |||
) |
Write a public key to a PEM string.
ctx | public key to write away | |
buf | buffer to write to | |
size | size of the buffer |