pkcs11.h File Reference

Wrapper for PKCS#11 library libpkcs11-helper. More...

#include "config.h"
#include "x509_crt.h"
#include <pkcs11-helper-1.0/pkcs11h-certificate.h>
Include dependency graph for pkcs11.h:

Go to the source code of this file.

Data Structures

struct  mbedtls_pkcs11_context

Functions

void mbedtls_pkcs11_init (mbedtls_pkcs11_context *ctx)
int mbedtls_pkcs11_x509_cert_bind (mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11h_cert)
int mbedtls_pkcs11_priv_key_bind (mbedtls_pkcs11_context *priv_key, pkcs11h_certificate_t pkcs11_cert)
void mbedtls_pkcs11_priv_key_free (mbedtls_pkcs11_context *priv_key)
int mbedtls_pkcs11_decrypt (mbedtls_pkcs11_context *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len)
 Do an RSA private key decrypt, then remove the message padding.
int mbedtls_pkcs11_sign (mbedtls_pkcs11_context *ctx, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
 Do a private RSA to sign a message digest.
static int mbedtls_ssl_pkcs11_decrypt (void *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len)
static int mbedtls_ssl_pkcs11_sign (void *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
static size_t mbedtls_ssl_pkcs11_key_len (void *ctx)

Detailed Description

Wrapper for PKCS#11 library libpkcs11-helper.

Author:
Adriaan de Jong <dejong@fox-it.com>

Definition in file pkcs11.h.


Function Documentation

int mbedtls_pkcs11_decrypt ( mbedtls_pkcs11_context ctx,
int  mode,
size_t *  olen,
const unsigned char *  input,
unsigned char *  output,
size_t  output_max_len 
)

Do an RSA private key decrypt, then remove the message padding.

Parameters:
ctx PKCS #11 context
mode must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
input buffer holding the encrypted data
output buffer that will hold the plaintext
olen will contain the plaintext length
output_max_len maximum length of the output buffer
Returns:
0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
Note:
The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise an error is thrown.

Referenced by mbedtls_ssl_pkcs11_decrypt().

void mbedtls_pkcs11_init ( mbedtls_pkcs11_context ctx  ) 

Initialize a mbedtls_pkcs11_context. (Just making memory references valid.)

int mbedtls_pkcs11_priv_key_bind ( mbedtls_pkcs11_context priv_key,
pkcs11h_certificate_t  pkcs11_cert 
)

Set up a mbedtls_pkcs11_context storing the given certificate. Note that the mbedtls_pkcs11_context will take over control of the certificate, freeing it when done.

Parameters:
priv_key Private key structure to fill.
pkcs11_cert PKCS #11 helper certificate
Returns:
0 on success
void mbedtls_pkcs11_priv_key_free ( mbedtls_pkcs11_context priv_key  ) 

Free the contents of the given private key context. Note that the structure itself is not freed.

Parameters:
priv_key Private key structure to cleanup
int mbedtls_pkcs11_sign ( mbedtls_pkcs11_context ctx,
int  mode,
mbedtls_md_type_t  md_alg,
unsigned int  hashlen,
const unsigned char *  hash,
unsigned char *  sig 
)

Do a private RSA to sign a message digest.

Parameters:
ctx PKCS #11 context
mode must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
hashlen message digest length (for MBEDTLS_MD_NONE only)
hash buffer holding the message digest
sig buffer that will hold the ciphertext
Returns:
0 if the signing operation was successful, or an MBEDTLS_ERR_RSA_XXX error code
Note:
The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Referenced by mbedtls_ssl_pkcs11_sign().

int mbedtls_pkcs11_x509_cert_bind ( mbedtls_x509_crt cert,
pkcs11h_certificate_t  pkcs11h_cert 
)

Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.

Parameters:
cert X.509 certificate to fill
pkcs11h_cert PKCS #11 helper certificate
Returns:
0 on success.
static int mbedtls_ssl_pkcs11_decrypt ( void *  ctx,
int  mode,
size_t *  olen,
const unsigned char *  input,
unsigned char *  output,
size_t  output_max_len 
) [inline, static]

SSL/TLS wrappers for PKCS#11 functions

Definition at line 171 of file pkcs11.h.

References mbedtls_pkcs11_decrypt().

static size_t mbedtls_ssl_pkcs11_key_len ( void *  ctx  )  [inline, static]

Definition at line 190 of file pkcs11.h.

static int mbedtls_ssl_pkcs11_sign ( void *  ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
mbedtls_md_type_t  md_alg,
unsigned int  hashlen,
const unsigned char *  hash,
unsigned char *  sig 
) [inline, static]

Definition at line 179 of file pkcs11.h.

References mbedtls_pkcs11_sign().


Generated on 10 Aug 2020 for mbed TLS v2.7.16 by  doxygen 1.6.1