 |
Mbed OS Reference
|
|
Mbed OS Reference
|
Public Key abstraction layer. More...
Go to the source code of this file.
Data Structures | |
| struct | mbedtls_pk_rsassa_pss_options |
| Options for RSASSA-PSS signature verification. More... | |
| struct | mbedtls_pk_debug_item |
| Item to send to the debug module. More... | |
| struct | mbedtls_pk_context |
| Public key container. More... | |
Macros | |
| #define | MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 |
| Memory allocation failed. More... | |
| #define | MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00 |
| Type mismatch, eg attempt to encrypt with an ECDSA key. More... | |
| #define | MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 |
| Bad input parameters to function. More... | |
| #define | MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00 |
| Read/write of file failed. More... | |
| #define | MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80 |
| Unsupported key version. More... | |
| #define | MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 |
| Invalid key tag or value. More... | |
| #define | MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 |
| Key algorithm is unsupported (only RSA and EC are supported). More... | |
| #define | MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00 |
| Private key password can't be empty. More... | |
| #define | MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80 |
| Given private key password does not allow for correct decryption. More... | |
| #define | MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00 |
| The pubkey tag or value is invalid (only RSA and EC are supported). More... | |
| #define | MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 |
| The algorithm tag or value is invalid. More... | |
| #define | MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 |
| Elliptic curve is unsupported (only NIST curves are supported). More... | |
| #define | MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 |
| Unavailable feature, e.g. More... | |
| #define | MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 |
| The buffer contains a valid signature followed by more data. More... | |
| #define | MBEDTLS_ERR_PK_HW_ACCEL_FAILED -0x3880 |
| PK hardware accelerator failed. More... | |
| #define | MBEDTLS_PK_SIGNATURE_MAX_SIZE 0 |
| Maximum size of a signature made by mbedtls_pk_sign(). More... | |
| #define | MBEDTLS_PK_DEBUG_MAX_ITEMS 3 |
| Maximum number of item send for debugging, plus 1. More... | |
Typedefs | |
| typedef struct mbedtls_pk_rsassa_pss_options | mbedtls_pk_rsassa_pss_options |
| Options for RSASSA-PSS signature verification. More... | |
| typedef struct mbedtls_pk_debug_item | mbedtls_pk_debug_item |
| Item to send to the debug module. More... | |
| typedef struct mbedtls_pk_info_t | mbedtls_pk_info_t |
| Public key information and operations. More... | |
| typedef struct mbedtls_pk_context | mbedtls_pk_context |
| Public key container. More... | |
Enumerations | |
| enum | mbedtls_pk_type_t { MBEDTLS_PK_NONE =0 , MBEDTLS_PK_RSA , MBEDTLS_PK_ECKEY , MBEDTLS_PK_ECKEY_DH , MBEDTLS_PK_ECDSA , MBEDTLS_PK_RSA_ALT , MBEDTLS_PK_RSASSA_PSS , MBEDTLS_PK_OPAQUE } |
| Public key types. More... | |
| enum | mbedtls_pk_debug_type |
| Types for interfacing with the debug module. More... | |
Functions | |
| const mbedtls_pk_info_t * | mbedtls_pk_info_from_type (mbedtls_pk_type_t pk_type) |
| Return information associated with the given PK type. More... | |
| void | mbedtls_pk_init (mbedtls_pk_context *ctx) |
| Initialize a mbedtls_pk_context (as NONE). More... | |
| void | mbedtls_pk_free (mbedtls_pk_context *ctx) |
| Free the components of a mbedtls_pk_context. More... | |
| int | mbedtls_pk_setup (mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info) |
| Initialize a PK context with the information given and allocates the type-specific PK subcontext. More... | |
| size_t | mbedtls_pk_get_bitlen (const mbedtls_pk_context *ctx) |
| Get the size in bits of the underlying key. More... | |
| int | mbedtls_pk_can_do (const mbedtls_pk_context *ctx, mbedtls_pk_type_t type) |
| Tell if a context can do the operation given by type. More... | |
| int | mbedtls_pk_verify (mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len) |
| Verify signature (including padding if relevant). More... | |
| int | mbedtls_pk_verify_restartable (mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len, mbedtls_pk_restart_ctx *rs_ctx) |
Restartable version of mbedtls_pk_verify() More... | |
| int | mbedtls_pk_verify_ext (mbedtls_pk_type_t type, const void *options, mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len) |
| Verify signature, with options. More... | |
| int | mbedtls_pk_sign (mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t *sig_len, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
| Make signature, including padding if relevant. More... | |
| int | mbedtls_pk_sign_restartable (mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t *sig_len, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_pk_restart_ctx *rs_ctx) |
Restartable version of mbedtls_pk_sign() More... | |
| int | mbedtls_pk_decrypt (mbedtls_pk_context *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, size_t osize, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
| Decrypt message (including padding if relevant). More... | |
| int | mbedtls_pk_encrypt (mbedtls_pk_context *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, size_t osize, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
| Encrypt message (including padding if relevant). More... | |
| int | mbedtls_pk_check_pair (const mbedtls_pk_context *pub, const mbedtls_pk_context *prv) |
| Check if a public-private pair of keys matches. More... | |
| int | mbedtls_pk_debug (const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items) |
| Export debug information. More... | |
| const char * | mbedtls_pk_get_name (const mbedtls_pk_context *ctx) |
| Access the type name. More... | |
| mbedtls_pk_type_t | mbedtls_pk_get_type (const mbedtls_pk_context *ctx) |
| Get the key type. More... | |
Public Key abstraction layer.
Definition in file pk.h.
| #define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 |
| #define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00 |
| #define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 |
| #define MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00 |
| #define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80 |
| #define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 |
| #define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 |
| #define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00 |
| #define MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80 |
| #define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00 |
| #define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 |
| #define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 |
| #define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 |
| #define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 |
| #define MBEDTLS_ERR_PK_HW_ACCEL_FAILED -0x3880 |
| #define MBEDTLS_PK_SIGNATURE_MAX_SIZE 0 |
Maximum size of a signature made by mbedtls_pk_sign().
| #define MBEDTLS_PK_DEBUG_MAX_ITEMS 3 |
| typedef struct mbedtls_pk_rsassa_pss_options mbedtls_pk_rsassa_pss_options |
Options for RSASSA-PSS signature verification.
| typedef struct mbedtls_pk_debug_item mbedtls_pk_debug_item |
Item to send to the debug module.
| typedef struct mbedtls_pk_info_t mbedtls_pk_info_t |
| typedef struct mbedtls_pk_context mbedtls_pk_context |
Public key container.
| enum mbedtls_pk_type_t |
| const mbedtls_pk_info_t * mbedtls_pk_info_from_type | ( | mbedtls_pk_type_t | pk_type | ) |
Return information associated with the given PK type.
| pk_type | PK type to search for. |
| void mbedtls_pk_init | ( | mbedtls_pk_context * | ctx | ) |
Initialize a mbedtls_pk_context (as NONE).
| ctx | The context to initialize. This must not be NULL. |
| void mbedtls_pk_free | ( | mbedtls_pk_context * | ctx | ) |
Free the components of a mbedtls_pk_context.
| ctx | The context to clear. It must have been initialized. If this is NULL, this function does nothing. |
| int mbedtls_pk_setup | ( | mbedtls_pk_context * | ctx, |
| const mbedtls_pk_info_t * | info | ||
| ) |
Initialize a PK context with the information given and allocates the type-specific PK subcontext.
| ctx | Context to initialize. It must not have been set up yet (type MBEDTLS_PK_NONE). |
| info | Information to use |
mbedtls_pk_setup_rsa_alt() instead. | size_t mbedtls_pk_get_bitlen | ( | const mbedtls_pk_context * | ctx | ) |
Get the size in bits of the underlying key.
| ctx | The context to query. It must have been initialized. |
| int mbedtls_pk_can_do | ( | const mbedtls_pk_context * | ctx, |
| mbedtls_pk_type_t | type | ||
| ) |
Tell if a context can do the operation given by type.
| ctx | The context to query. It must have been initialized. |
| type | The desired type. |
| int mbedtls_pk_verify | ( | mbedtls_pk_context * | ctx, |
| mbedtls_md_type_t | md_alg, | ||
| const unsigned char * | hash, | ||
| size_t | hash_len, | ||
| const unsigned char * | sig, | ||
| size_t | sig_len | ||
| ) |
Verify signature (including padding if relevant).
| ctx | The PK context to use. It must have been set up. |
| md_alg | Hash algorithm used (see notes) |
| hash | Hash of the message to sign |
| hash_len | Hash length or 0 (see notes) |
| sig | Signature to verify |
| sig_len | Signature length |
siglen, or a specific error code.mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... ) to verify RSASSA_PSS signatures.| int mbedtls_pk_verify_restartable | ( | mbedtls_pk_context * | ctx, |
| mbedtls_md_type_t | md_alg, | ||
| const unsigned char * | hash, | ||
| size_t | hash_len, | ||
| const unsigned char * | sig, | ||
| size_t | sig_len, | ||
| mbedtls_pk_restart_ctx * | rs_ctx | ||
| ) |
Restartable version of mbedtls_pk_verify()
mbedtls_pk_verify(), but can return early and restart according to the limit set with mbedtls_ecp_set_max_ops() to reduce blocking for ECC operations. For RSA, same as mbedtls_pk_verify().| ctx | The PK context to use. It must have been set up. |
| md_alg | Hash algorithm used (see notes) |
| hash | Hash of the message to sign |
| hash_len | Hash length or 0 (see notes) |
| sig | Signature to verify |
| sig_len | Signature length |
| rs_ctx | Restart context (NULL to disable restart) |
mbedtls_pk_verify(), or mbedtls_ecp_set_max_ops(). | int mbedtls_pk_verify_ext | ( | mbedtls_pk_type_t | type, |
| const void * | options, | ||
| mbedtls_pk_context * | ctx, | ||
| mbedtls_md_type_t | md_alg, | ||
| const unsigned char * | hash, | ||
| size_t | hash_len, | ||
| const unsigned char * | sig, | ||
| size_t | sig_len | ||
| ) |
Verify signature, with options.
(Includes verification of the padding depending on type.)
| type | Signature type (inc. possible padding type) to verify |
| options | Pointer to type-specific options, or NULL |
| ctx | The PK context to use. It must have been set up. |
| md_alg | Hash algorithm used (see notes) |
| hash | Hash of the message to sign |
| hash_len | Hash length or 0 (see notes) |
| sig | Signature to verify |
| sig_len | Signature length |
siglen, or a specific error code.| int mbedtls_pk_sign | ( | mbedtls_pk_context * | ctx, |
| mbedtls_md_type_t | md_alg, | ||
| const unsigned char * | hash, | ||
| size_t | hash_len, | ||
| unsigned char * | sig, | ||
| size_t * | sig_len, | ||
| int(*)(void *, unsigned char *, size_t) | f_rng, | ||
| void * | p_rng | ||
| ) |
Make signature, including padding if relevant.
| ctx | The PK context to use. It must have been set up with a private key. |
| md_alg | Hash algorithm used (see notes) |
| hash | Hash of the message to sign |
| hash_len | Hash length or 0 (see notes) |
| sig | Place to write the signature. It must have enough room for the signature. MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough. You may use a smaller buffer if it is large enough given the key type. |
| sig_len | On successful return, the number of bytes written to sig. |
| f_rng | RNG function |
| p_rng | RNG parameter |
| int mbedtls_pk_sign_restartable | ( | mbedtls_pk_context * | ctx, |
| mbedtls_md_type_t | md_alg, | ||
| const unsigned char * | hash, | ||
| size_t | hash_len, | ||
| unsigned char * | sig, | ||
| size_t * | sig_len, | ||
| int(*)(void *, unsigned char *, size_t) | f_rng, | ||
| void * | p_rng, | ||
| mbedtls_pk_restart_ctx * | rs_ctx | ||
| ) |
Restartable version of mbedtls_pk_sign()
mbedtls_pk_sign(), but can return early and restart according to the limit set with mbedtls_ecp_set_max_ops() to reduce blocking for ECC operations. For RSA, same as mbedtls_pk_sign().| ctx | The PK context to use. It must have been set up with a private key. |
| md_alg | Hash algorithm used (see notes for mbedtls_pk_sign()) |
| hash | Hash of the message to sign |
| hash_len | Hash length or 0 (see notes for mbedtls_pk_sign()) |
| sig | Place to write the signature. It must have enough room for the signature. MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough. You may use a smaller buffer if it is large enough given the key type. |
| sig_len | On successful return, the number of bytes written to sig. |
| f_rng | RNG function |
| p_rng | RNG parameter |
| rs_ctx | Restart context (NULL to disable restart) |
mbedtls_pk_sign(). mbedtls_ecp_set_max_ops(). | int mbedtls_pk_decrypt | ( | mbedtls_pk_context * | ctx, |
| const unsigned char * | input, | ||
| size_t | ilen, | ||
| unsigned char * | output, | ||
| size_t * | olen, | ||
| size_t | osize, | ||
| int(*)(void *, unsigned char *, size_t) | f_rng, | ||
| void * | p_rng | ||
| ) |
Decrypt message (including padding if relevant).
| ctx | The PK context to use. It must have been set up with a private key. |
| input | Input to decrypt |
| ilen | Input size |
| output | Decrypted output |
| olen | Decrypted message length |
| osize | Size of the output buffer |
| f_rng | RNG function |
| p_rng | RNG parameter |
| int mbedtls_pk_encrypt | ( | mbedtls_pk_context * | ctx, |
| const unsigned char * | input, | ||
| size_t | ilen, | ||
| unsigned char * | output, | ||
| size_t * | olen, | ||
| size_t | osize, | ||
| int(*)(void *, unsigned char *, size_t) | f_rng, | ||
| void * | p_rng | ||
| ) |
Encrypt message (including padding if relevant).
| ctx | The PK context to use. It must have been set up. |
| input | Message to encrypt |
| ilen | Message size |
| output | Encrypted output |
| olen | Encrypted output length |
| osize | Size of the output buffer |
| f_rng | RNG function |
| p_rng | RNG parameter |
| int mbedtls_pk_check_pair | ( | const mbedtls_pk_context * | pub, |
| const mbedtls_pk_context * | prv | ||
| ) |
Check if a public-private pair of keys matches.
| pub | Context holding a public key. |
| prv | Context holding a private (and public) key. |
0 on success (keys were checked and match each other). | int mbedtls_pk_debug | ( | const mbedtls_pk_context * | ctx, |
| mbedtls_pk_debug_item * | items | ||
| ) |
Export debug information.
| ctx | The PK context to use. It must have been initialized. |
| items | Place to write debug items |
| const char * mbedtls_pk_get_name | ( | const mbedtls_pk_context * | ctx | ) |
Access the type name.
| ctx | The PK context to use. It must have been initialized. |
| mbedtls_pk_type_t mbedtls_pk_get_type | ( | const mbedtls_pk_context * | ctx | ) |
Get the key type.
| ctx | The PK context to use. It must have been initialized. |
1.9.5