| Tom Rini | 0344c60 | 2024-10-08 13:56:50 -0600 | [diff] [blame^] | 1 | /** |
| 2 | * \file rsa_internal.h |
| 3 | * |
| 4 | * \brief Internal-only RSA public-key cryptosystem API. |
| 5 | * |
| 6 | * This file declares RSA-related functions that are to be used |
| 7 | * only from within the Mbed TLS library itself. |
| 8 | * |
| 9 | */ |
| 10 | /* |
| 11 | * Copyright The Mbed TLS Contributors |
| 12 | * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later |
| 13 | */ |
| 14 | #ifndef MBEDTLS_RSA_INTERNAL_H |
| 15 | #define MBEDTLS_RSA_INTERNAL_H |
| 16 | |
| 17 | #include "mbedtls/rsa.h" |
| 18 | #include "mbedtls/asn1.h" |
| 19 | |
| 20 | /** |
| 21 | * \brief Parse a PKCS#1 (ASN.1) encoded private RSA key. |
| 22 | * |
| 23 | * \param rsa The RSA context where parsed data will be stored. |
| 24 | * \param key The buffer that contains the key. |
| 25 | * \param keylen The length of the key buffer in bytes. |
| 26 | * |
| 27 | * \return 0 on success. |
| 28 | * \return MBEDTLS_ERR_ASN1_xxx in case of ASN.1 parsing errors. |
| 29 | * \return MBEDTLS_ERR_RSA_xxx in case of RSA internal failures while |
| 30 | * parsing data. |
| 31 | * \return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if validity checks on the |
| 32 | * provided key fail. |
| 33 | */ |
| 34 | int mbedtls_rsa_parse_key(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen); |
| 35 | |
| 36 | /** |
| 37 | * \brief Parse a PKCS#1 (ASN.1) encoded public RSA key. |
| 38 | * |
| 39 | * \param rsa The RSA context where parsed data will be stored. |
| 40 | * \param key The buffer that contains the key. |
| 41 | * \param keylen The length of the key buffer in bytes. |
| 42 | * |
| 43 | * \return 0 on success. |
| 44 | * \return MBEDTLS_ERR_ASN1_xxx in case of ASN.1 parsing errors. |
| 45 | * \return MBEDTLS_ERR_RSA_xxx in case of RSA internal failures while |
| 46 | * parsing data. |
| 47 | * \return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if validity checks on the |
| 48 | * provided key fail. |
| 49 | */ |
| 50 | int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen); |
| 51 | |
| 52 | /** |
| 53 | * \brief Write a PKCS#1 (ASN.1) encoded private RSA key. |
| 54 | * |
| 55 | * \param rsa The RSA context which contains the data to be written. |
| 56 | * \param start Beginning of the buffer that will be filled with the |
| 57 | * private key. |
| 58 | * \param p End of the buffer that will be filled with the private key. |
| 59 | * On successful return, the referenced pointer will be |
| 60 | * updated in order to point to the beginning of written data. |
| 61 | * |
| 62 | * \return On success, the number of bytes written to the output buffer |
| 63 | * (i.e. a value > 0). |
| 64 | * \return MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the RSA context does not |
| 65 | * contain a valid key pair. |
| 66 | * \return MBEDTLS_ERR_ASN1_xxx in case of failure while writing to the |
| 67 | * output buffer. |
| 68 | * |
| 69 | * \note The output buffer is filled backward, i.e. starting from its |
| 70 | * end and moving toward its start. |
| 71 | */ |
| 72 | int mbedtls_rsa_write_key(const mbedtls_rsa_context *rsa, unsigned char *start, |
| 73 | unsigned char **p); |
| 74 | |
| 75 | /** |
| 76 | * \brief Parse a PKCS#1 (ASN.1) encoded public RSA key. |
| 77 | * |
| 78 | * \param rsa The RSA context which contains the data to be written. |
| 79 | * \param start Beginning of the buffer that will be filled with the |
| 80 | * private key. |
| 81 | * \param p End of the buffer that will be filled with the private key. |
| 82 | * On successful return, the referenced pointer will be |
| 83 | * updated in order to point to the beginning of written data. |
| 84 | * |
| 85 | * \return On success, the number of bytes written to the output buffer |
| 86 | * (i.e. a value > 0). |
| 87 | * \return MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the RSA context does not |
| 88 | * contain a valid public key. |
| 89 | * \return MBEDTLS_ERR_ASN1_xxx in case of failure while writing to the |
| 90 | * output buffer. |
| 91 | * |
| 92 | * \note The output buffer is filled backward, i.e. starting from its |
| 93 | * end and moving toward its start. |
| 94 | */ |
| 95 | int mbedtls_rsa_write_pubkey(const mbedtls_rsa_context *rsa, unsigned char *start, |
| 96 | unsigned char **p); |
| 97 | |
| 98 | #if defined(MBEDTLS_PKCS1_V21) |
| 99 | /** |
| 100 | * \brief This function is analogue to \c mbedtls_rsa_rsassa_pss_sign(). |
| 101 | * The only difference between them is that this function is more flexible |
| 102 | * on the parameters of \p ctx that are set with \c mbedtls_rsa_set_padding(). |
| 103 | * |
| 104 | * \note Compared to its counterpart, this function: |
| 105 | * - does not check the padding setting of \p ctx. |
| 106 | * - allows the hash_id of \p ctx to be MBEDTLS_MD_NONE, |
| 107 | * in which case it uses \p md_alg as the hash_id. |
| 108 | * |
| 109 | * \note Refer to \c mbedtls_rsa_rsassa_pss_sign() for a description |
| 110 | * of the functioning and parameters of this function. |
| 111 | */ |
| 112 | int mbedtls_rsa_rsassa_pss_sign_no_mode_check(mbedtls_rsa_context *ctx, |
| 113 | int (*f_rng)(void *, unsigned char *, size_t), |
| 114 | void *p_rng, |
| 115 | mbedtls_md_type_t md_alg, |
| 116 | unsigned int hashlen, |
| 117 | const unsigned char *hash, |
| 118 | unsigned char *sig); |
| 119 | #endif /* MBEDTLS_PKCS1_V21 */ |
| 120 | |
| 121 | #endif /* rsa_internal.h */ |