projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[MBEDTLS]
[reactos.git] / reactos / sdk / include / reactos / libs / mbedtls / rsa.h
1 /**
2 * \file rsa.h
3 *
4 * \brief The RSA public-key cryptosystem
5 *
6 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
7 * SPDX-License-Identifier: GPL-2.0
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 *
23 * This file is part of mbed TLS (https://tls.mbed.org)
24 */
25 #ifndef MBEDTLS_RSA_H
26 #define MBEDTLS_RSA_H
27
28 #if !defined(MBEDTLS_CONFIG_FILE)
29 #include "config.h"
30 #else
31 #include MBEDTLS_CONFIG_FILE
32 #endif
33
34 #include "bignum.h"
35 #include "md.h"
36
37 #if defined(MBEDTLS_THREADING_C)
38 #include "threading.h"
39 #endif
40
41 /*
42 * RSA Error codes
43 */
44 #define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 /**< Bad input parameters to function. */
45 #define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100 /**< Input data contains invalid padding and is rejected. */
46 #define MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180 /**< Something failed during generation of a key. */
47 #define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 /**< Key failed to pass the library's validity check. */
48 #define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280 /**< The public key operation failed. */
49 #define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300 /**< The private key operation failed. */
50 #define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */
51 #define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */
52 #define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */
53
54 /*
55 * RSA constants
56 */
57 #define MBEDTLS_RSA_PUBLIC 0
58 #define MBEDTLS_RSA_PRIVATE 1
59
60 #define MBEDTLS_RSA_PKCS_V15 0
61 #define MBEDTLS_RSA_PKCS_V21 1
62
63 #define MBEDTLS_RSA_SIGN 1
64 #define MBEDTLS_RSA_CRYPT 2
65
66 #define MBEDTLS_RSA_SALT_LEN_ANY -1
67
68 /*
69 * The above constants may be used even if the RSA module is compile out,
70 * eg for alternative (PKCS#11) RSA implemenations in the PK layers.
71 */
72 #if defined(MBEDTLS_RSA_C)
73
74 #ifdef __cplusplus
75 extern "C" {
76 #endif
77
78 /**
79 * \brief RSA context structure
80 */
81 typedef struct
82 {
83 int ver; /*!< always 0 */
84 size_t len; /*!< size(N) in chars */
85
86 mbedtls_mpi N; /*!< public modulus */
87 mbedtls_mpi E; /*!< public exponent */
88
89 mbedtls_mpi D; /*!< private exponent */
90 mbedtls_mpi P; /*!< 1st prime factor */
91 mbedtls_mpi Q; /*!< 2nd prime factor */
92 mbedtls_mpi DP; /*!< D % (P - 1) */
93 mbedtls_mpi DQ; /*!< D % (Q - 1) */
94 mbedtls_mpi QP; /*!< 1 / (Q % P) */
95
96 mbedtls_mpi RN; /*!< cached R^2 mod N */
97 mbedtls_mpi RP; /*!< cached R^2 mod P */
98 mbedtls_mpi RQ; /*!< cached R^2 mod Q */
99
100 mbedtls_mpi Vi; /*!< cached blinding value */
101 mbedtls_mpi Vf; /*!< cached un-blinding value */
102
103 int padding; /*!< MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
104 MBEDTLS_RSA_PKCS_v21 for OAEP/PSS */
105 int hash_id; /*!< Hash identifier of mbedtls_md_type_t as
106 specified in the mbedtls_md.h header file
107 for the EME-OAEP and EMSA-PSS
108 encoding */
109 #if defined(MBEDTLS_THREADING_C)
110 mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex */
111 #endif
112 }
113 mbedtls_rsa_context;
114
115 /**
116 * \brief Initialize an RSA context
117 *
118 * Note: Set padding to MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
119 * encryption scheme and the RSASSA-PSS signature scheme.
120 *
121 * \param ctx RSA context to be initialized
122 * \param padding MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21
123 * \param hash_id MBEDTLS_RSA_PKCS_V21 hash identifier
124 *
125 * \note The hash_id parameter is actually ignored
126 * when using MBEDTLS_RSA_PKCS_V15 padding.
127 *
128 * \note Choice of padding mode is strictly enforced for private key
129 * operations, since there might be security concerns in
130 * mixing padding modes. For public key operations it's merely
131 * a default value, which can be overriden by calling specific
132 * rsa_rsaes_xxx or rsa_rsassa_xxx functions.
133 *
134 * \note The chosen hash is always used for OEAP encryption.
135 * For PSS signatures, it's always used for making signatures,
136 * but can be overriden (and always is, if set to
137 * MBEDTLS_MD_NONE) for verifying them.
138 */
139 void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
140 int padding,
141 int hash_id);
142
143 /**
144 * \brief Set padding for an already initialized RSA context
145 * See \c mbedtls_rsa_init() for details.
146 *
147 * \param ctx RSA context to be set
148 * \param padding MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21
149 * \param hash_id MBEDTLS_RSA_PKCS_V21 hash identifier
150 */
151 void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id);
152
153 /**
154 * \brief Generate an RSA keypair
155 *
156 * \param ctx RSA context that will hold the key
157 * \param f_rng RNG function
158 * \param p_rng RNG parameter
159 * \param nbits size of the public key in bits
160 * \param exponent public exponent (e.g., 65537)
161 *
162 * \note mbedtls_rsa_init() must be called beforehand to setup
163 * the RSA context.
164 *
165 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
166 */
167 int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
168 int (*f_rng)(void *, unsigned char *, size_t),
169 void *p_rng,
170 unsigned int nbits, int exponent );
171
172 /**
173 * \brief Check a public RSA key
174 *
175 * \param ctx RSA context to be checked
176 *
177 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
178 */
179 int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx );
180
181 /**
182 * \brief Check a private RSA key
183 *
184 * \param ctx RSA context to be checked
185 *
186 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
187 */
188 int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx );
189
190 /**
191 * \brief Check a public-private RSA key pair.
192 * Check each of the contexts, and make sure they match.
193 *
194 * \param pub RSA context holding the public key
195 * \param prv RSA context holding the private key
196 *
197 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
198 */
199 int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv );
200
201 /**
202 * \brief Do an RSA public key operation
203 *
204 * \param ctx RSA context
205 * \param input input buffer
206 * \param output output buffer
207 *
208 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
209 *
210 * \note This function does NOT take care of message
211 * padding. Also, be sure to set input[0] = 0 or ensure that
212 * input is smaller than N.
213 *
214 * \note The input and output buffers must be large
215 * enough (eg. 128 bytes if RSA-1024 is used).
216 */
217 int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
218 const unsigned char *input,
219 unsigned char *output );
220
221 /**
222 * \brief Do an RSA private key operation
223 *
224 * \param ctx RSA context
225 * \param f_rng RNG function (Needed for blinding)
226 * \param p_rng RNG parameter
227 * \param input input buffer
228 * \param output output buffer
229 *
230 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
231 *
232 * \note The input and output buffers must be large
233 * enough (eg. 128 bytes if RSA-1024 is used).
234 */
235 int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
236 int (*f_rng)(void *, unsigned char *, size_t),
237 void *p_rng,
238 const unsigned char *input,
239 unsigned char *output );
240
241 /**
242 * \brief Generic wrapper to perform a PKCS#1 encryption using the
243 * mode from the context. Add the message padding, then do an
244 * RSA operation.
245 *
246 * \param ctx RSA context
247 * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding
248 * and MBEDTLS_RSA_PRIVATE)
249 * \param p_rng RNG parameter
250 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
251 * \param ilen contains the plaintext length
252 * \param input buffer holding the data to be encrypted
253 * \param output buffer that will hold the ciphertext
254 *
255 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
256 *
257 * \note The output buffer must be as large as the size
258 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
259 */
260 int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
261 int (*f_rng)(void *, unsigned char *, size_t),
262 void *p_rng,
263 int mode, size_t ilen,
264 const unsigned char *input,
265 unsigned char *output );
266
267 /**
268 * \brief Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT)
269 *
270 * \param ctx RSA context
271 * \param f_rng RNG function (Needed for padding and MBEDTLS_RSA_PRIVATE)
272 * \param p_rng RNG parameter
273 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
274 * \param ilen contains the plaintext length
275 * \param input buffer holding the data to be encrypted
276 * \param output buffer that will hold the ciphertext
277 *
278 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
279 *
280 * \note The output buffer must be as large as the size
281 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
282 */
283 int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
284 int (*f_rng)(void *, unsigned char *, size_t),
285 void *p_rng,
286 int mode, size_t ilen,
287 const unsigned char *input,
288 unsigned char *output );
289
290 /**
291 * \brief Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT)
292 *
293 * \param ctx RSA context
294 * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding
295 * and MBEDTLS_RSA_PRIVATE)
296 * \param p_rng RNG parameter
297 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
298 * \param label buffer holding the custom label to use
299 * \param label_len contains the label length
300 * \param ilen contains the plaintext length
301 * \param input buffer holding the data to be encrypted
302 * \param output buffer that will hold the ciphertext
303 *
304 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
305 *
306 * \note The output buffer must be as large as the size
307 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
308 */
309 int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
310 int (*f_rng)(void *, unsigned char *, size_t),
311 void *p_rng,
312 int mode,
313 const unsigned char *label, size_t label_len,
314 size_t ilen,
315 const unsigned char *input,
316 unsigned char *output );
317
318 /**
319 * \brief Generic wrapper to perform a PKCS#1 decryption using the
320 * mode from the context. Do an RSA operation, then remove
321 * the message padding
322 *
323 * \param ctx RSA context
324 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
325 * \param p_rng RNG parameter
326 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
327 * \param olen will contain the plaintext length
328 * \param input buffer holding the encrypted data
329 * \param output buffer that will hold the plaintext
330 * \param output_max_len maximum length of the output buffer
331 *
332 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
333 *
334 * \note The output buffer must be as large as the size
335 * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
336 * an error is thrown.
337 */
338 int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
339 int (*f_rng)(void *, unsigned char *, size_t),
340 void *p_rng,
341 int mode, size_t *olen,
342 const unsigned char *input,
343 unsigned char *output,
344 size_t output_max_len );
345
346 /**
347 * \brief Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT)
348 *
349 * \param ctx RSA context
350 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
351 * \param p_rng RNG parameter
352 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
353 * \param olen will contain the plaintext length
354 * \param input buffer holding the encrypted data
355 * \param output buffer that will hold the plaintext
356 * \param output_max_len maximum length of the output buffer
357 *
358 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
359 *
360 * \note The output buffer must be as large as the size
361 * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
362 * an error is thrown.
363 */
364 int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
365 int (*f_rng)(void *, unsigned char *, size_t),
366 void *p_rng,
367 int mode, size_t *olen,
368 const unsigned char *input,
369 unsigned char *output,
370 size_t output_max_len );
371
372 /**
373 * \brief Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT)
374 *
375 * \param ctx RSA context
376 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
377 * \param p_rng RNG parameter
378 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
379 * \param label buffer holding the custom label to use
380 * \param label_len contains the label length
381 * \param olen will contain the plaintext length
382 * \param input buffer holding the encrypted data
383 * \param output buffer that will hold the plaintext
384 * \param output_max_len maximum length of the output buffer
385 *
386 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
387 *
388 * \note The output buffer must be as large as the size
389 * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
390 * an error is thrown.
391 */
392 int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
393 int (*f_rng)(void *, unsigned char *, size_t),
394 void *p_rng,
395 int mode,
396 const unsigned char *label, size_t label_len,
397 size_t *olen,
398 const unsigned char *input,
399 unsigned char *output,
400 size_t output_max_len );
401
402 /**
403 * \brief Generic wrapper to perform a PKCS#1 signature using the
404 * mode from the context. Do a private RSA operation to sign
405 * a message digest
406 *
407 * \param ctx RSA context
408 * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for
409 * MBEDTLS_RSA_PRIVATE)
410 * \param p_rng RNG parameter
411 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
412 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
413 * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
414 * \param hash buffer holding the message digest
415 * \param sig buffer that will hold the ciphertext
416 *
417 * \return 0 if the signing operation was successful,
418 * or an MBEDTLS_ERR_RSA_XXX error code
419 *
420 * \note The "sig" buffer must be as large as the size
421 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
422 *
423 * \note In case of PKCS#1 v2.1 encoding, see comments on
424 * \note \c mbedtls_rsa_rsassa_pss_sign() for details on md_alg and hash_id.
425 */
426 int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
427 int (*f_rng)(void *, unsigned char *, size_t),
428 void *p_rng,
429 int mode,
430 mbedtls_md_type_t md_alg,
431 unsigned int hashlen,
432 const unsigned char *hash,
433 unsigned char *sig );
434
435 /**
436 * \brief Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN)
437 *
438 * \param ctx RSA context
439 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
440 * \param p_rng RNG parameter
441 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
442 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
443 * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
444 * \param hash buffer holding the message digest
445 * \param sig buffer that will hold the ciphertext
446 *
447 * \return 0 if the signing operation was successful,
448 * or an MBEDTLS_ERR_RSA_XXX error code
449 *
450 * \note The "sig" buffer must be as large as the size
451 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
452 */
453 int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
454 int (*f_rng)(void *, unsigned char *, size_t),
455 void *p_rng,
456 int mode,
457 mbedtls_md_type_t md_alg,
458 unsigned int hashlen,
459 const unsigned char *hash,
460 unsigned char *sig );
461
462 /**
463 * \brief Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN)
464 *
465 * \param ctx RSA context
466 * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for
467 * MBEDTLS_RSA_PRIVATE)
468 * \param p_rng RNG parameter
469 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
470 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
471 * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
472 * \param hash buffer holding the message digest
473 * \param sig buffer that will hold the ciphertext
474 *
475 * \return 0 if the signing operation was successful,
476 * or an MBEDTLS_ERR_RSA_XXX error code
477 *
478 * \note The "sig" buffer must be as large as the size
479 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
480 *
481 * \note The hash_id in the RSA context is the one used for the
482 * encoding. md_alg in the function call is the type of hash
483 * that is encoded. According to RFC 3447 it is advised to
484 * keep both hashes the same.
485 */
486 int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
487 int (*f_rng)(void *, unsigned char *, size_t),
488 void *p_rng,
489 int mode,
490 mbedtls_md_type_t md_alg,
491 unsigned int hashlen,
492 const unsigned char *hash,
493 unsigned char *sig );
494
495 /**
496 * \brief Generic wrapper to perform a PKCS#1 verification using the
497 * mode from the context. Do a public RSA operation and check
498 * the message digest
499 *
500 * \param ctx points to an RSA public key
501 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
502 * \param p_rng RNG parameter
503 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
504 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
505 * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
506 * \param hash buffer holding the message digest
507 * \param sig buffer holding the ciphertext
508 *
509 * \return 0 if the verify operation was successful,
510 * or an MBEDTLS_ERR_RSA_XXX error code
511 *
512 * \note The "sig" buffer must be as large as the size
513 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
514 *
515 * \note In case of PKCS#1 v2.1 encoding, see comments on
516 * \c mbedtls_rsa_rsassa_pss_verify() about md_alg and hash_id.
517 */
518 int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
519 int (*f_rng)(void *, unsigned char *, size_t),
520 void *p_rng,
521 int mode,
522 mbedtls_md_type_t md_alg,
523 unsigned int hashlen,
524 const unsigned char *hash,
525 const unsigned char *sig );
526
527 /**
528 * \brief Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY)
529 *
530 * \param ctx points to an RSA public key
531 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
532 * \param p_rng RNG parameter
533 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
534 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
535 * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
536 * \param hash buffer holding the message digest
537 * \param sig buffer holding the ciphertext
538 *
539 * \return 0 if the verify operation was successful,
540 * or an MBEDTLS_ERR_RSA_XXX error code
541 *
542 * \note The "sig" buffer must be as large as the size
543 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
544 */
545 int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
546 int (*f_rng)(void *, unsigned char *, size_t),
547 void *p_rng,
548 int mode,
549 mbedtls_md_type_t md_alg,
550 unsigned int hashlen,
551 const unsigned char *hash,
552 const unsigned char *sig );
553
554 /**
555 * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
556 * (This is the "simple" version.)
557 *
558 * \param ctx points to an RSA public key
559 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
560 * \param p_rng RNG parameter
561 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
562 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
563 * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
564 * \param hash buffer holding the message digest
565 * \param sig buffer holding the ciphertext
566 *
567 * \return 0 if the verify operation was successful,
568 * or an MBEDTLS_ERR_RSA_XXX error code
569 *
570 * \note The "sig" buffer must be as large as the size
571 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
572 *
573 * \note The hash_id in the RSA context is the one used for the
574 * verification. md_alg in the function call is the type of
575 * hash that is verified. According to RFC 3447 it is advised to
576 * keep both hashes the same. If hash_id in the RSA context is
577 * unset, the md_alg from the function call is used.
578 */
579 int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
580 int (*f_rng)(void *, unsigned char *, size_t),
581 void *p_rng,
582 int mode,
583 mbedtls_md_type_t md_alg,
584 unsigned int hashlen,
585 const unsigned char *hash,
586 const unsigned char *sig );
587
588 /**
589 * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
590 * (This is the version with "full" options.)
591 *
592 * \param ctx points to an RSA public key
593 * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
594 * \param p_rng RNG parameter
595 * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
596 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
597 * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
598 * \param hash buffer holding the message digest
599 * \param mgf1_hash_id message digest used for mask generation
600 * \param expected_salt_len Length of the salt used in padding, use
601 * MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length
602 * \param sig buffer holding the ciphertext
603 *
604 * \return 0 if the verify operation was successful,
605 * or an MBEDTLS_ERR_RSA_XXX error code
606 *
607 * \note The "sig" buffer must be as large as the size
608 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
609 *
610 * \note The hash_id in the RSA context is ignored.
611 */
612 int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
613 int (*f_rng)(void *, unsigned char *, size_t),
614 void *p_rng,
615 int mode,
616 mbedtls_md_type_t md_alg,
617 unsigned int hashlen,
618 const unsigned char *hash,
619 mbedtls_md_type_t mgf1_hash_id,
620 int expected_salt_len,
621 const unsigned char *sig );
622
623 /**
624 * \brief Copy the components of an RSA context
625 *
626 * \param dst Destination context
627 * \param src Source context
628 *
629 * \return 0 on success,
630 * MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure
631 */
632 int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src );
633
634 /**
635 * \brief Free the components of an RSA key
636 *
637 * \param ctx RSA Context to free
638 */
639 void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
640
641 /**
642 * \brief Checkup routine
643 *
644 * \return 0 if successful, or 1 if the test failed
645 */
646 int mbedtls_rsa_self_test( int verbose );
647
648 #ifdef __cplusplus
649 }
650 #endif
651
652 #endif /* MBEDTLS_RSA_C */
653
654 #endif /* rsa.h */
A free Windows-compatible Operating System