40fa684c18
Keep module compatibility with mbedtls 2.x (old LTS branch). A patch has been added to allow compiling after removing all the `psa_*` files from the library folder (will look into upstreaming it). Note: mbedTLS 3.6 finally enabled TLSv1.3 by default, but it requires some module changes, and to enable PSA crypto (new "standard" API specification), so it might be best done in a separate commit/PR.
121 lines
5.2 KiB
C++
121 lines
5.2 KiB
C++
/**
|
|
* \file rsa_internal.h
|
|
*
|
|
* \brief Internal-only RSA public-key cryptosystem API.
|
|
*
|
|
* This file declares RSA-related functions that are to be used
|
|
* only from within the Mbed TLS library itself.
|
|
*
|
|
*/
|
|
/*
|
|
* Copyright The Mbed TLS Contributors
|
|
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
|
*/
|
|
#ifndef MBEDTLS_RSA_INTERNAL_H
|
|
#define MBEDTLS_RSA_INTERNAL_H
|
|
|
|
#include "mbedtls/rsa.h"
|
|
#include "mbedtls/asn1.h"
|
|
|
|
/**
|
|
* \brief Parse a PKCS#1 (ASN.1) encoded private RSA key.
|
|
*
|
|
* \param rsa The RSA context where parsed data will be stored.
|
|
* \param key The buffer that contains the key.
|
|
* \param keylen The length of the key buffer in bytes.
|
|
*
|
|
* \return 0 on success.
|
|
* \return MBEDTLS_ERR_ASN1_xxx in case of ASN.1 parsing errors.
|
|
* \return MBEDTLS_ERR_RSA_xxx in case of RSA internal failures while
|
|
* parsing data.
|
|
* \return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if validity checks on the
|
|
* provided key fail.
|
|
*/
|
|
int mbedtls_rsa_parse_key(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen);
|
|
|
|
/**
|
|
* \brief Parse a PKCS#1 (ASN.1) encoded public RSA key.
|
|
*
|
|
* \param rsa The RSA context where parsed data will be stored.
|
|
* \param key The buffer that contains the key.
|
|
* \param keylen The length of the key buffer in bytes.
|
|
*
|
|
* \return 0 on success.
|
|
* \return MBEDTLS_ERR_ASN1_xxx in case of ASN.1 parsing errors.
|
|
* \return MBEDTLS_ERR_RSA_xxx in case of RSA internal failures while
|
|
* parsing data.
|
|
* \return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if validity checks on the
|
|
* provided key fail.
|
|
*/
|
|
int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen);
|
|
|
|
/**
|
|
* \brief Write a PKCS#1 (ASN.1) encoded private RSA key.
|
|
*
|
|
* \param rsa The RSA context which contains the data to be written.
|
|
* \param start Beginning of the buffer that will be filled with the
|
|
* private key.
|
|
* \param p End of the buffer that will be filled with the private key.
|
|
* On successful return, the referenced pointer will be
|
|
* updated in order to point to the beginning of written data.
|
|
*
|
|
* \return On success, the number of bytes written to the output buffer
|
|
* (i.e. a value > 0).
|
|
* \return MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the RSA context does not
|
|
* contain a valid key pair.
|
|
* \return MBEDTLS_ERR_ASN1_xxx in case of failure while writing to the
|
|
* output buffer.
|
|
*
|
|
* \note The output buffer is filled backward, i.e. starting from its
|
|
* end and moving toward its start.
|
|
*/
|
|
int mbedtls_rsa_write_key(const mbedtls_rsa_context *rsa, unsigned char *start,
|
|
unsigned char **p);
|
|
|
|
/**
|
|
* \brief Parse a PKCS#1 (ASN.1) encoded public RSA key.
|
|
*
|
|
* \param rsa The RSA context which contains the data to be written.
|
|
* \param start Beginning of the buffer that will be filled with the
|
|
* private key.
|
|
* \param p End of the buffer that will be filled with the private key.
|
|
* On successful return, the referenced pointer will be
|
|
* updated in order to point to the beginning of written data.
|
|
*
|
|
* \return On success, the number of bytes written to the output buffer
|
|
* (i.e. a value > 0).
|
|
* \return MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the RSA context does not
|
|
* contain a valid public key.
|
|
* \return MBEDTLS_ERR_ASN1_xxx in case of failure while writing to the
|
|
* output buffer.
|
|
*
|
|
* \note The output buffer is filled backward, i.e. starting from its
|
|
* end and moving toward its start.
|
|
*/
|
|
int mbedtls_rsa_write_pubkey(const mbedtls_rsa_context *rsa, unsigned char *start,
|
|
unsigned char **p);
|
|
|
|
#if defined(MBEDTLS_PKCS1_V21)
|
|
/**
|
|
* \brief This function is analogue to \c mbedtls_rsa_rsassa_pss_sign().
|
|
* The only difference between them is that this function is more flexible
|
|
* on the parameters of \p ctx that are set with \c mbedtls_rsa_set_padding().
|
|
*
|
|
* \note Compared to its counterpart, this function:
|
|
* - does not check the padding setting of \p ctx.
|
|
* - allows the hash_id of \p ctx to be MBEDTLS_MD_NONE,
|
|
* in which case it uses \p md_alg as the hash_id.
|
|
*
|
|
* \note Refer to \c mbedtls_rsa_rsassa_pss_sign() for a description
|
|
* of the functioning and parameters of this function.
|
|
*/
|
|
int mbedtls_rsa_rsassa_pss_sign_no_mode_check(mbedtls_rsa_context *ctx,
|
|
int (*f_rng)(void *, unsigned char *, size_t),
|
|
void *p_rng,
|
|
mbedtls_md_type_t md_alg,
|
|
unsigned int hashlen,
|
|
const unsigned char *hash,
|
|
unsigned char *sig);
|
|
#endif /* MBEDTLS_PKCS1_V21 */
|
|
|
|
#endif /* rsa_internal.h */
|