rsa.h File Reference

The RSA public-key cryptosystem. More...

#include "config.h"
#include "bignum.h"
#include "md.h"
Include dependency graph for rsa.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  rsa_context
 RSA context structure. More...

Defines

#define POLARSSL_ERR_RSA_BAD_INPUT_DATA   -0x4080
 Bad input parameters to function.
#define POLARSSL_ERR_RSA_INVALID_PADDING   -0x4100
 Input data contains invalid padding and is rejected.
#define POLARSSL_ERR_RSA_KEY_GEN_FAILED   -0x4180
 Something failed during generation of a key.
#define POLARSSL_ERR_RSA_KEY_CHECK_FAILED   -0x4200
 Key failed to pass the libraries validity check.
#define POLARSSL_ERR_RSA_PUBLIC_FAILED   -0x4280
 The public key operation failed.
#define POLARSSL_ERR_RSA_PRIVATE_FAILED   -0x4300
 The private key operation failed.
#define POLARSSL_ERR_RSA_VERIFY_FAILED   -0x4380
 The PKCS#1 verification failed.
#define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE   -0x4400
 The output buffer for decryption is not large enough.
#define POLARSSL_ERR_RSA_RNG_FAILED   -0x4480
 The random generator failed to generate non-zeros.
#define RSA_PUBLIC   0
#define RSA_PRIVATE   1
#define RSA_PKCS_V15   0
#define RSA_PKCS_V21   1
#define RSA_SIGN   1
#define RSA_CRYPT   2

Functions

void rsa_init (rsa_context *ctx, int padding, int hash_id)
 Initialize an RSA context.
int rsa_gen_key (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, unsigned int nbits, int exponent)
 Generate an RSA keypair.
int rsa_check_pubkey (const rsa_context *ctx)
 Check a public RSA key.
int rsa_check_privkey (const rsa_context *ctx)
 Check a private RSA key.
int rsa_public (rsa_context *ctx, const unsigned char *input, unsigned char *output)
 Do an RSA public key operation.
int rsa_private (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, const unsigned char *input, unsigned char *output)
 Do an RSA private key operation.
int rsa_pkcs1_encrypt (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t ilen, const unsigned char *input, unsigned char *output)
 Generic wrapper to perform a PKCS#1 encryption using the mode from the context.
int rsa_rsaes_pkcs1_v15_encrypt (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t ilen, const unsigned char *input, unsigned char *output)
 Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT).
int rsa_rsaes_oaep_encrypt (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, const unsigned char *label, size_t label_len, size_t ilen, const unsigned char *input, unsigned char *output)
 Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT).
int rsa_pkcs1_decrypt (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len)
 Generic wrapper to perform a PKCS#1 decryption using the mode from the context.
int rsa_rsaes_pkcs1_v15_decrypt (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len)
 Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT).
int rsa_rsaes_oaep_decrypt (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, const unsigned char *label, size_t label_len, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len)
 Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT).
int rsa_pkcs1_sign (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
 Generic wrapper to perform a PKCS#1 signature using the mode from the context.
int rsa_rsassa_pkcs1_v15_sign (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
 Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN).
int rsa_rsassa_pss_sign (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
 Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN).
int rsa_pkcs1_verify (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig)
 Generic wrapper to perform a PKCS#1 verification using the mode from the context.
int rsa_rsassa_pkcs1_v15_verify (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig)
 Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY).
int rsa_rsassa_pss_verify (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig)
 Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY).
int rsa_copy (rsa_context *dst, const rsa_context *src)
 Copy the components of an RSA context.
void rsa_free (rsa_context *ctx)
 Free the components of an RSA key.
int rsa_self_test (int verbose)
 Checkup routine.

Detailed Description

The RSA public-key cryptosystem.

Copyright (C) 2006-2013, Brainspark B.V.

This file is part of PolarSSL (http://www.polarssl.org) Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>

All rights reserved.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

Definition in file rsa.h.


Define Documentation

#define POLARSSL_ERR_RSA_BAD_INPUT_DATA   -0x4080
#define POLARSSL_ERR_RSA_INVALID_PADDING   -0x4100
#define POLARSSL_ERR_RSA_KEY_CHECK_FAILED   -0x4200

Key failed to pass the libraries validity check.

Definition at line 45 of file rsa.h.

Referenced by polarssl_strerror(), rsa_check_privkey(), rsa_check_pubkey(), test_suite_rsa_check_privkey_null(), and verify_int().

#define POLARSSL_ERR_RSA_KEY_GEN_FAILED   -0x4180

Something failed during generation of a key.

Definition at line 44 of file rsa.h.

Referenced by polarssl_strerror(), and rsa_gen_key().

#define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE   -0x4400

The output buffer for decryption is not large enough.

Definition at line 49 of file rsa.h.

Referenced by polarssl_strerror(), rsa_rsaes_oaep_decrypt(), rsa_rsaes_pkcs1_v15_decrypt(), and verify_int().

#define POLARSSL_ERR_RSA_PRIVATE_FAILED   -0x4300

The private key operation failed.

Definition at line 47 of file rsa.h.

Referenced by polarssl_strerror(), and rsa_private().

#define POLARSSL_ERR_RSA_PUBLIC_FAILED   -0x4280

The public key operation failed.

Definition at line 46 of file rsa.h.

Referenced by polarssl_strerror(), and rsa_public().

#define POLARSSL_ERR_RSA_RNG_FAILED   -0x4480

The random generator failed to generate non-zeros.

Definition at line 50 of file rsa.h.

Referenced by polarssl_strerror(), rsa_prepare_blinding(), rsa_rsaes_oaep_encrypt(), rsa_rsaes_pkcs1_v15_encrypt(), rsa_rsassa_pss_sign(), and verify_int().

#define POLARSSL_ERR_RSA_VERIFY_FAILED   -0x4380

The PKCS#1 verification failed.

Definition at line 48 of file rsa.h.

Referenced by polarssl_strerror(), rsa_rsassa_pkcs1_v15_verify(), rsa_rsassa_pss_verify(), rsa_verify_wrap(), and verify_int().

#define RSA_CRYPT   2

Definition at line 62 of file rsa.h.

Referenced by rsa_rsaes_pkcs1_v15_decrypt(), and rsa_rsaes_pkcs1_v15_encrypt().

#define RSA_PKCS_V15   0
#define RSA_PKCS_V21   1
#define RSA_PRIVATE   1
#define RSA_PUBLIC   0
#define RSA_SIGN   1

Function Documentation

int rsa_check_privkey ( const rsa_context ctx  ) 
int rsa_check_pubkey ( const rsa_context ctx  ) 
int rsa_copy ( rsa_context dst,
const rsa_context src 
)

Copy the components of an RSA context.

Parameters:
dst Destination context
src Source context
Returns:
O on success, POLARSSL_ERR_MPI_MALLOC_FAILED on memory allocation failure

Definition at line 1337 of file rsa.c.

References rsa_context::D, rsa_context::DP, rsa_context::DQ, rsa_context::E, rsa_context::hash_id, rsa_context::len, MPI_CHK, mpi_copy(), rsa_context::N, rsa_context::P, rsa_context::padding, rsa_context::Q, rsa_context::QP, rsa_context::RN, rsa_context::RP, rsa_context::RQ, rsa_free(), rsa_context::ver, rsa_context::Vf, and rsa_context::Vi.

Referenced by ssl_set_own_cert_rsa().

void rsa_free ( rsa_context ctx  ) 
int rsa_gen_key ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
unsigned int  nbits,
int  exponent 
)

Generate an RSA keypair.

Parameters:
ctx RSA context that will hold the key
f_rng RNG function
p_rng RNG parameter
nbits size of the public key in bits
exponent public exponent (e.g., 65537)
Note:
rsa_init() must be called beforehand to setup the RSA context.
Returns:
0 if successful, or an POLARSSL_ERR_RSA_XXX error code

Definition at line 68 of file rsa.c.

References rsa_context::D, rsa_context::DP, rsa_context::DQ, rsa_context::E, rsa_context::len, MPI_CHK, mpi_cmp_int(), mpi_cmp_mpi(), mpi_free(), mpi_gcd(), mpi_gen_prime(), mpi_init(), mpi_inv_mod(), mpi_lset(), mpi_mod_mpi(), mpi_msb(), mpi_mul_mpi(), mpi_sub_int(), mpi_swap(), rsa_context::N, rsa_context::P, POLARSSL_ERR_RSA_BAD_INPUT_DATA, POLARSSL_ERR_RSA_KEY_GEN_FAILED, rsa_context::Q, rsa_context::QP, and rsa_free().

Referenced by pk_genkey().

void rsa_init ( rsa_context ctx,
int  padding,
int  hash_id 
)

Initialize an RSA context.

Note: Set padding to RSA_PKCS_V21 for the RSAES-OAEP encryption scheme and the RSASSA-PSS signature scheme.

Parameters:
ctx RSA context to be initialized
padding RSA_PKCS_V15 or RSA_PKCS_V21
hash_id RSA_PKCS_V21 hash identifier
Note:
The hash_id parameter is actually ignored when using RSA_PKCS_V15 padding.

Definition at line 49 of file rsa.c.

References rsa_context::hash_id, rsa_context::padding, and polarssl_mutex_init.

Referenced by rsa_alloc_wrap(), rsa_self_test(), test_suite_pkcs1_rsaes_oaep_decrypt(), test_suite_pkcs1_rsaes_oaep_encrypt(), test_suite_pkcs1_rsassa_pss_sign(), test_suite_pkcs1_rsassa_pss_verify(), test_suite_rsa_check_privkey(), test_suite_rsa_check_pubkey(), test_suite_rsa_pkcs1_decrypt(), test_suite_rsa_pkcs1_encrypt(), test_suite_rsa_pkcs1_encrypt_bad_rng(), test_suite_rsa_pkcs1_sign(), test_suite_rsa_pkcs1_sign_raw(), test_suite_rsa_pkcs1_verify(), test_suite_rsa_pkcs1_verify_raw(), test_suite_rsa_private(), and test_suite_rsa_public().

int rsa_pkcs1_decrypt ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
size_t *  olen,
const unsigned char *  input,
unsigned char *  output,
size_t  output_max_len 
)

Generic wrapper to perform a PKCS#1 decryption using the mode from the context.

Do an RSA operation, then remove the message padding

Parameters:
ctx RSA context
f_rng RNG function (Only needed for RSA_PRIVATE)
p_rng RNG parameter
mode RSA_PUBLIC or RSA_PRIVATE
olen will contain the plaintext length
input buffer holding the encrypted data
output buffer that will hold the plaintext
output_max_len maximum length of the output buffer
Returns:
0 if successful, or an POLARSSL_ERR_RSA_XXX error code
Note:
The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise an error is thrown.

Definition at line 828 of file rsa.c.

References rsa_context::padding, POLARSSL_ERR_RSA_INVALID_PADDING, RSA_PKCS_V15, RSA_PKCS_V21, rsa_rsaes_oaep_decrypt(), and rsa_rsaes_pkcs1_v15_decrypt().

Referenced by rsa_decrypt_wrap(), RSA_private_decrypt(), RSA_public_decrypt(), rsa_self_test(), test_suite_pkcs1_rsaes_oaep_decrypt(), and test_suite_rsa_pkcs1_decrypt().

int rsa_pkcs1_encrypt ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
size_t  ilen,
const unsigned char *  input,
unsigned char *  output 
)

Generic wrapper to perform a PKCS#1 encryption using the mode from the context.

Add the message padding, then do an RSA operation.

Parameters:
ctx RSA context
f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding and RSA_PRIVATE)
p_rng RNG parameter
mode RSA_PUBLIC or RSA_PRIVATE
ilen contains the plaintext length
input buffer holding the data to be encrypted
output buffer that will hold the ciphertext
Returns:
0 if successful, or an POLARSSL_ERR_RSA_XXX error code
Note:
The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Definition at line 608 of file rsa.c.

References rsa_context::padding, POLARSSL_ERR_RSA_INVALID_PADDING, RSA_PKCS_V15, RSA_PKCS_V21, rsa_rsaes_oaep_encrypt(), and rsa_rsaes_pkcs1_v15_encrypt().

Referenced by rsa_encrypt_wrap(), RSA_private_encrypt(), RSA_public_encrypt(), rsa_self_test(), test_suite_pkcs1_rsaes_oaep_encrypt(), test_suite_rsa_pkcs1_encrypt(), and test_suite_rsa_pkcs1_encrypt_bad_rng().

int rsa_pkcs1_sign ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
md_type_t  md_alg,
unsigned int  hashlen,
const unsigned char *  hash,
unsigned char *  sig 
)

Generic wrapper to perform a PKCS#1 signature using the mode from the context.

Do a private RSA operation to sign a message digest

Parameters:
ctx RSA context
f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for RSA_PRIVATE)
p_rng RNG parameter
mode RSA_PUBLIC or RSA_PRIVATE
md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
hashlen message digest length (for POLARSSL_MD_NONE only)
hash buffer holding the message digest
sig buffer that will hold the ciphertext
Returns:
0 if the signing operation was successful, or an POLARSSL_ERR_RSA_XXX error code
Note:
The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).
In case of PKCS#1 v2.1 encoding keep in mind that the hash_id in the RSA context is the one used for the encoding. hash_id in the function call is the type of hash that is encoded. According to RFC 3447 it is advised to keep both hashes the same.

Definition at line 1044 of file rsa.c.

References rsa_context::padding, POLARSSL_ERR_RSA_INVALID_PADDING, RSA_PKCS_V15, RSA_PKCS_V21, rsa_rsassa_pkcs1_v15_sign(), and rsa_rsassa_pss_sign().

Referenced by rsa_self_test(), rsa_sign_wrap(), test_suite_pkcs1_rsassa_pss_sign(), test_suite_rsa_pkcs1_sign(), and test_suite_rsa_pkcs1_sign_raw().

int rsa_pkcs1_verify ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
md_type_t  md_alg,
unsigned int  hashlen,
const unsigned char *  hash,
const unsigned char *  sig 
)

Generic wrapper to perform a PKCS#1 verification using the mode from the context.

Do a public RSA operation and check the message digest

Parameters:
ctx points to an RSA public key
f_rng RNG function (Only needed for RSA_PRIVATE)
p_rng RNG parameter
mode RSA_PUBLIC or RSA_PRIVATE
md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
hashlen message digest length (for POLARSSL_MD_NONE only)
hash buffer holding the message digest
sig buffer holding the ciphertext
Returns:
0 if the verify operation was successful, or an POLARSSL_ERR_RSA_XXX error code
Note:
The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).
In case of PKCS#1 v2.1 encoding keep in mind that the hash_id in the RSA context is the one used for the verification. hash_id in the function call is the type of hash that is verified. According to RFC 3447 it is advised to keep both hashes the same.

Definition at line 1306 of file rsa.c.

References rsa_context::padding, POLARSSL_ERR_RSA_INVALID_PADDING, RSA_PKCS_V15, RSA_PKCS_V21, rsa_rsassa_pkcs1_v15_verify(), and rsa_rsassa_pss_verify().

Referenced by rsa_self_test(), rsa_verify_wrap(), test_suite_pkcs1_rsassa_pss_verify(), test_suite_rsa_pkcs1_verify(), and test_suite_rsa_pkcs1_verify_raw().

int rsa_private ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
const unsigned char *  input,
unsigned char *  output 
)

Do an RSA private key operation.

Parameters:
ctx RSA context
f_rng RNG function (Needed for blinding)
p_rng RNG parameter
input input buffer
output output buffer
Returns:
0 if successful, or an POLARSSL_ERR_RSA_XXX error code
Note:
The input and output buffers must be large enough (eg. 128 bytes if RSA-1024 is used).

Definition at line 319 of file rsa.c.

References rsa_context::D, rsa_context::DP, rsa_context::DQ, rsa_context::len, mpi_add_mpi(), MPI_CHK, mpi_cmp_mpi(), mpi_exp_mod(), mpi_free(), mpi_init(), mpi_mod_mpi(), mpi_mul_mpi(), mpi_read_binary(), mpi_sub_mpi(), mpi_write_binary(), rsa_context::N, rsa_context::P, POLARSSL_ERR_RSA_BAD_INPUT_DATA, POLARSSL_ERR_RSA_PRIVATE_FAILED, rsa_context::Q, rsa_context::QP, rsa_context::RN, rsa_context::RP, rsa_context::RQ, rsa_prepare_blinding(), rsa_context::Vf, and rsa_context::Vi.

Referenced by rsa_rsaes_oaep_decrypt(), rsa_rsaes_oaep_encrypt(), rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_pkcs1_v15_encrypt(), rsa_rsassa_pkcs1_v15_sign(), rsa_rsassa_pkcs1_v15_verify(), rsa_rsassa_pss_sign(), rsa_rsassa_pss_verify(), and test_suite_rsa_private().

int rsa_public ( rsa_context ctx,
const unsigned char *  input,
unsigned char *  output 
)

Do an RSA public key operation.

Parameters:
ctx RSA context
input input buffer
output output buffer
Returns:
0 if successful, or an POLARSSL_ERR_RSA_XXX error code
Note:
This function does NOT take care of message padding. Also, be sure to set input[0] = 0 or assure that input is smaller than N.
The input and output buffers must be large enough (eg. 128 bytes if RSA-1024 is used).

Definition at line 228 of file rsa.c.

References rsa_context::E, rsa_context::len, MPI_CHK, mpi_cmp_mpi(), mpi_exp_mod(), mpi_free(), mpi_init(), mpi_read_binary(), mpi_write_binary(), rsa_context::N, POLARSSL_ERR_RSA_BAD_INPUT_DATA, POLARSSL_ERR_RSA_PUBLIC_FAILED, and rsa_context::RN.

Referenced by rsa_rsaes_oaep_decrypt(), rsa_rsaes_oaep_encrypt(), rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_pkcs1_v15_encrypt(), rsa_rsassa_pkcs1_v15_sign(), rsa_rsassa_pkcs1_v15_verify(), rsa_rsassa_pss_sign(), rsa_rsassa_pss_verify(), and test_suite_rsa_public().

int rsa_rsaes_oaep_decrypt ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
const unsigned char *  label,
size_t  label_len,
size_t *  olen,
const unsigned char *  input,
unsigned char *  output,
size_t  output_max_len 
)

Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT).

Parameters:
ctx RSA context
f_rng RNG function (Only needed for RSA_PRIVATE)
p_rng RNG parameter
mode RSA_PUBLIC or RSA_PRIVATE
label buffer holding the custom label to use
label_len contains the label length
olen will contain the plaintext length
input buffer holding the encrypted data
output buffer that will hold the plaintext
output_max_len maximum length of the output buffer
Returns:
0 if successful, or an POLARSSL_ERR_RSA_XXX error code
Note:
The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise an error is thrown.

Definition at line 638 of file rsa.c.

References rsa_context::hash_id, rsa_context::len, md(), md_free_ctx(), md_get_size(), md_info_from_type(), md_init_ctx(), mgf_mask(), rsa_context::padding, POLARSSL_ERR_RSA_BAD_INPUT_DATA, POLARSSL_ERR_RSA_INVALID_PADDING, POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE, POLARSSL_MD_MAX_SIZE, POLARSSL_MPI_MAX_SIZE, RSA_PKCS_V21, rsa_private(), rsa_public(), and RSA_PUBLIC.

Referenced by rsa_pkcs1_decrypt().

int rsa_rsaes_oaep_encrypt ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
const unsigned char *  label,
size_t  label_len,
size_t  ilen,
const unsigned char *  input,
unsigned char *  output 
)

Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT).

Parameters:
ctx RSA context
f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding and RSA_PRIVATE)
p_rng RNG parameter
mode RSA_PUBLIC or RSA_PRIVATE
label buffer holding the custom label to use
label_len contains the label length
ilen contains the plaintext length
input buffer holding the data to be encrypted
output buffer that will hold the ciphertext
Returns:
0 if successful, or an POLARSSL_ERR_RSA_XXX error code
Note:
The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Definition at line 474 of file rsa.c.

References rsa_context::hash_id, rsa_context::len, md(), md_free_ctx(), md_get_size(), md_info_from_type(), md_init_ctx(), mgf_mask(), rsa_context::padding, POLARSSL_ERR_RSA_BAD_INPUT_DATA, POLARSSL_ERR_RSA_RNG_FAILED, RSA_PKCS_V21, rsa_private(), rsa_public(), and RSA_PUBLIC.

Referenced by rsa_pkcs1_encrypt().

int rsa_rsaes_pkcs1_v15_decrypt ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
size_t *  olen,
const unsigned char *  input,
unsigned char *  output,
size_t  output_max_len 
)

Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT).

Parameters:
ctx RSA context
f_rng RNG function (Only needed for RSA_PRIVATE)
p_rng RNG parameter
mode RSA_PUBLIC or RSA_PRIVATE
olen will contain the plaintext length
input buffer holding the encrypted data
output buffer that will hold the plaintext
output_max_len maximum length of the output buffer
Returns:
0 if successful, or an POLARSSL_ERR_RSA_XXX error code
Note:
The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise an error is thrown.

Definition at line 732 of file rsa.c.

References rsa_context::len, rsa_context::padding, POLARSSL_ERR_RSA_BAD_INPUT_DATA, POLARSSL_ERR_RSA_INVALID_PADDING, POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE, POLARSSL_MPI_MAX_SIZE, RSA_CRYPT, RSA_PKCS_V15, RSA_PRIVATE, rsa_private(), rsa_public(), RSA_PUBLIC, and RSA_SIGN.

Referenced by rsa_pkcs1_decrypt().

int rsa_rsaes_pkcs1_v15_encrypt ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
size_t  ilen,
const unsigned char *  input,
unsigned char *  output 
)

Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT).

Parameters:
ctx RSA context
f_rng RNG function (Needed for padding and RSA_PRIVATE)
p_rng RNG parameter
mode RSA_PUBLIC or RSA_PRIVATE
ilen contains the plaintext length
input buffer holding the data to be encrypted
output buffer that will hold the ciphertext
Returns:
0 if successful, or an POLARSSL_ERR_RSA_XXX error code
Note:
The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Definition at line 546 of file rsa.c.

References rsa_context::len, rsa_context::padding, POLARSSL_ERR_RSA_BAD_INPUT_DATA, POLARSSL_ERR_RSA_RNG_FAILED, RSA_CRYPT, RSA_PKCS_V15, rsa_private(), rsa_public(), RSA_PUBLIC, and RSA_SIGN.

Referenced by rsa_pkcs1_encrypt().

int rsa_rsassa_pkcs1_v15_sign ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
md_type_t  md_alg,
unsigned int  hashlen,
const unsigned char *  hash,
unsigned char *  sig 
)

Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN).

Parameters:
ctx RSA context
f_rng RNG function (Only needed for RSA_PRIVATE)
p_rng RNG parameter
mode RSA_PUBLIC or RSA_PRIVATE
md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
hashlen message digest length (for POLARSSL_MD_NONE only)
hash buffer holding the message digest
sig buffer that will hold the ciphertext
Returns:
0 if the signing operation was successful, or an POLARSSL_ERR_RSA_XXX error code
Note:
The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Definition at line 961 of file rsa.c.

References ASN1_CONSTRUCTED, ASN1_NULL, ASN1_OCTET_STRING, ASN1_OID, ASN1_SEQUENCE, rsa_context::len, md_get_size(), md_info_from_type(), oid_get_oid_by_md(), rsa_context::padding, POLARSSL_ERR_RSA_BAD_INPUT_DATA, POLARSSL_MD_NONE, RSA_PKCS_V15, rsa_private(), rsa_public(), RSA_PUBLIC, and RSA_SIGN.

Referenced by rsa_pkcs1_sign().

int rsa_rsassa_pkcs1_v15_verify ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
md_type_t  md_alg,
unsigned int  hashlen,
const unsigned char *  hash,
const unsigned char *  sig 
)

Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY).

Parameters:
ctx points to an RSA public key
f_rng RNG function (Only needed for RSA_PRIVATE)
p_rng RNG parameter
mode RSA_PUBLIC or RSA_PRIVATE
md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
hashlen message digest length (for POLARSSL_MD_NONE only)
hash buffer holding the message digest
sig buffer holding the ciphertext
Returns:
0 if the verify operation was successful, or an POLARSSL_ERR_RSA_XXX error code
Note:
The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Definition at line 1189 of file rsa.c.

References ASN1_CONSTRUCTED, asn1_get_tag(), ASN1_NULL, ASN1_OCTET_STRING, ASN1_OID, ASN1_SEQUENCE, _asn1_buf::len, rsa_context::len, md_get_size(), md_info_from_type(), oid_get_md_alg(), _asn1_buf::p, rsa_context::padding, POLARSSL_ERR_RSA_BAD_INPUT_DATA, POLARSSL_ERR_RSA_INVALID_PADDING, POLARSSL_ERR_RSA_VERIFY_FAILED, POLARSSL_MD_NONE, POLARSSL_MPI_MAX_SIZE, RSA_PKCS_V15, rsa_private(), rsa_public(), RSA_PUBLIC, and RSA_SIGN.

Referenced by rsa_pkcs1_verify().

int rsa_rsassa_pss_sign ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
md_type_t  md_alg,
unsigned int  hashlen,
const unsigned char *  hash,
unsigned char *  sig 
)

Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN).

Parameters:
ctx RSA context
f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for RSA_PRIVATE)
p_rng RNG parameter
mode RSA_PUBLIC or RSA_PRIVATE
md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
hashlen message digest length (for POLARSSL_MD_NONE only)
hash buffer holding the message digest
sig buffer that will hold the ciphertext
Returns:
0 if the signing operation was successful, or an POLARSSL_ERR_RSA_XXX error code
Note:
The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).
In case of PKCS#1 v2.1 encoding keep in mind that the hash_id in the RSA context is the one used for the encoding. hash_id in the function call is the type of hash that is encoded. According to RFC 3447 it is advised to keep both hashes the same.

Definition at line 860 of file rsa.c.

References rsa_context::hash_id, rsa_context::len, md_finish(), md_free_ctx(), md_get_size(), md_info_from_type(), md_init_ctx(), md_starts(), md_update(), mgf_mask(), mpi_msb(), rsa_context::N, rsa_context::padding, POLARSSL_ERR_RSA_BAD_INPUT_DATA, POLARSSL_ERR_RSA_RNG_FAILED, POLARSSL_MD_MAX_SIZE, POLARSSL_MD_NONE, RSA_PKCS_V21, rsa_private(), rsa_public(), RSA_PUBLIC, salt, and slen.

Referenced by rsa_pkcs1_sign().

int rsa_rsassa_pss_verify ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
md_type_t  md_alg,
unsigned int  hashlen,
const unsigned char *  hash,
const unsigned char *  sig 
)

Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY).

Do a public RSA and check the message digest

Parameters:
ctx points to an RSA public key
f_rng RNG function (Only needed for RSA_PRIVATE)
p_rng RNG parameter
mode RSA_PUBLIC or RSA_PRIVATE
md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
hashlen message digest length (for POLARSSL_MD_NONE only)
hash buffer holding the message digest
sig buffer holding the ciphertext
Returns:
0 if the verify operation was successful, or an POLARSSL_ERR_RSA_XXX error code
Note:
The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).
In case of PKCS#1 v2.1 encoding keep in mind that the hash_id in the RSA context is the one used for the verification. hash_id in the function call is the type of hash that is verified. According to RFC 3447 it is advised to keep both hashes the same.

Definition at line 1076 of file rsa.c.

References rsa_context::hash_id, rsa_context::len, md_finish(), md_free_ctx(), md_get_size(), md_info_from_type(), md_init_ctx(), md_starts(), md_update(), mgf_mask(), mpi_msb(), rsa_context::N, rsa_context::padding, POLARSSL_ERR_RSA_BAD_INPUT_DATA, POLARSSL_ERR_RSA_INVALID_PADDING, POLARSSL_ERR_RSA_VERIFY_FAILED, POLARSSL_MD_MAX_SIZE, POLARSSL_MD_NONE, POLARSSL_MPI_MAX_SIZE, RSA_PKCS_V21, rsa_private(), rsa_public(), RSA_PUBLIC, and slen.

Referenced by rsa_pkcs1_verify().

int rsa_self_test ( int  verbose  ) 

Generated on 9 Apr 2014 for PolarSSL v1.3.2 by  doxygen 1.6.1