The RSA public-key cryptosystem. More...

#include "config.h"
#include "bignum.h"
#include "md.h"

Include dependency graph for rsa.h:

This graph shows which files directly or indirectly include this file:

Classes
struct	mbedtls_rsa_context
	RSA context structure. More...

Macros
#define	MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080

#define	MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100

#define	MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180

#define	MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200

#define	MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280

#define	MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300

#define	MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380

#define	MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400

#define	MBEDTLS_ERR_RSA_RNG_FAILED -0x4480

#define	MBEDTLS_RSA_PUBLIC 0

#define	MBEDTLS_RSA_PRIVATE 1

#define	MBEDTLS_RSA_PKCS_V15 0

#define	MBEDTLS_RSA_PKCS_V21 1

#define	MBEDTLS_RSA_SIGN 1

#define	MBEDTLS_RSA_CRYPT 2

#define	MBEDTLS_RSA_SALT_LEN_ANY -1

Functions
void	mbedtls_rsa_init (mbedtls_rsa_context *ctx, int padding, int hash_id)
	Initialize an RSA context. More...

void	mbedtls_rsa_set_padding (mbedtls_rsa_context *ctx, int padding, int hash_id)
	Set padding for an already initialized RSA context See `mbedtls_rsa_init()` for details. More...

int	mbedtls_rsa_gen_key (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void *p_rng, unsigned int nbits, int exponent)
	Generate an RSA keypair. More...

int	mbedtls_rsa_check_pubkey (const mbedtls_rsa_context *ctx)
	Check a public RSA key. More...

int	mbedtls_rsa_check_privkey (const mbedtls_rsa_context *ctx)
	Check a private RSA key. More...

int	mbedtls_rsa_check_pub_priv (const mbedtls_rsa_context pub, const mbedtls_rsa_context prv)
	Check a public-private RSA key pair. Check each of the contexts, and make sure they match. More...

int	mbedtls_rsa_public (mbedtls_rsa_context ctx, const unsigned char input, unsigned char *output)
	Do an RSA public key operation. More...

int	mbedtls_rsa_private (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, const unsigned char input, unsigned char *output)
	Do an RSA private key operation. More...

int	mbedtls_rsa_pkcs1_encrypt (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, size_t ilen, const unsigned char input, unsigned char *output)
	Generic wrapper to perform a PKCS#1 encryption using the mode from the context. Add the message padding, then do an RSA operation. More...

int	mbedtls_rsa_rsaes_pkcs1_v15_encrypt (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, size_t ilen, const unsigned char input, unsigned char *output)
	Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT) More...

int	mbedtls_rsa_rsaes_oaep_encrypt (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, const unsigned char label, size_t label_len, size_t ilen, const unsigned char input, unsigned char output)
	Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT) More...

int	mbedtls_rsa_pkcs1_decrypt (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, size_t olen, const unsigned char input, unsigned char output, size_t output_max_len)
	Generic wrapper to perform a PKCS#1 decryption using the mode from the context. Do an RSA operation, then remove the message padding. More...

int	mbedtls_rsa_rsaes_pkcs1_v15_decrypt (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, size_t olen, const unsigned char input, unsigned char output, size_t output_max_len)
	Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT) More...

int	mbedtls_rsa_rsaes_oaep_decrypt (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, const unsigned char label, size_t label_len, size_t olen, const unsigned char input, unsigned char *output, size_t output_max_len)
	Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT) More...

int	mbedtls_rsa_pkcs1_sign (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char hash, unsigned char *sig)
	Generic wrapper to perform a PKCS#1 signature using the mode from the context. Do a private RSA operation to sign a message digest. More...

int	mbedtls_rsa_rsassa_pkcs1_v15_sign (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char hash, unsigned char *sig)
	Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN) More...

int	mbedtls_rsa_rsassa_pss_sign (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char hash, unsigned char *sig)
	Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN) More...

int	mbedtls_rsa_pkcs1_verify (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char hash, const unsigned char *sig)
	Generic wrapper to perform a PKCS#1 verification using the mode from the context. Do a public RSA operation and check the message digest. More...

int	mbedtls_rsa_rsassa_pkcs1_v15_verify (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char hash, const unsigned char *sig)
	Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY) More...

int	mbedtls_rsa_rsassa_pss_verify (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char hash, const unsigned char *sig)
	Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) (This is the "simple" version.) More...

int	mbedtls_rsa_rsassa_pss_verify_ext (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char hash, mbedtls_md_type_t mgf1_hash_id, int expected_salt_len, const unsigned char *sig)
	Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) (This is the version with "full" options.) More...

int	mbedtls_rsa_copy (mbedtls_rsa_context dst, const mbedtls_rsa_context src)
	Copy the components of an RSA context. More...

void	mbedtls_rsa_free (mbedtls_rsa_context *ctx)
	Free the components of an RSA key. More...

int	mbedtls_rsa_self_test (int verbose)
	Checkup routine. More...

Detailed Description

The RSA public-key cryptosystem.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

This file is part of mbed TLS (https://tls.mbed.org)

Macro Definition Documentation

◆ MBEDTLS_ERR_RSA_BAD_INPUT_DATA

#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080

Bad input parameters to function.

◆ MBEDTLS_ERR_RSA_INVALID_PADDING

#define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100

Input data contains invalid padding and is rejected.

◆ MBEDTLS_ERR_RSA_KEY_CHECK_FAILED

#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200

Key failed to pass the library's validity check.

◆ MBEDTLS_ERR_RSA_KEY_GEN_FAILED

#define MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180

Something failed during generation of a key.

◆ MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE

#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400

The output buffer for decryption is not large enough.

◆ MBEDTLS_ERR_RSA_PRIVATE_FAILED

#define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300

The private key operation failed.

◆ MBEDTLS_ERR_RSA_PUBLIC_FAILED

#define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280

The public key operation failed.

◆ MBEDTLS_ERR_RSA_RNG_FAILED

#define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480

The random generator failed to generate non-zeros.

◆ MBEDTLS_ERR_RSA_VERIFY_FAILED

#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380

The PKCS#1 verification failed.

◆ MBEDTLS_RSA_CRYPT

#define MBEDTLS_RSA_CRYPT 2

◆ MBEDTLS_RSA_PKCS_V15

#define MBEDTLS_RSA_PKCS_V15 0

◆ MBEDTLS_RSA_PKCS_V21

#define MBEDTLS_RSA_PKCS_V21 1

◆ MBEDTLS_RSA_PRIVATE

#define MBEDTLS_RSA_PRIVATE 1

◆ MBEDTLS_RSA_PUBLIC

#define MBEDTLS_RSA_PUBLIC 0

◆ MBEDTLS_RSA_SALT_LEN_ANY

#define MBEDTLS_RSA_SALT_LEN_ANY -1

◆ MBEDTLS_RSA_SIGN

#define MBEDTLS_RSA_SIGN 1

Function Documentation

◆ mbedtls_rsa_check_privkey()

int mbedtls_rsa_check_privkey ( const mbedtls_rsa_context * ctx )

Check a private RSA key.

Parameters

ctx	RSA context to be checked

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_check_pub_priv()

int mbedtls_rsa_check_pub_priv	(	const mbedtls_rsa_context *	pub,
		const mbedtls_rsa_context *	prv
	)

Check a public-private RSA key pair. Check each of the contexts, and make sure they match.

Parameters

pub	RSA context holding the public key
prv	RSA context holding the private key

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_check_pubkey()

int mbedtls_rsa_check_pubkey ( const mbedtls_rsa_context * ctx )

Check a public RSA key.

Parameters

ctx	RSA context to be checked

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_copy()

int mbedtls_rsa_copy	(	mbedtls_rsa_context *	dst,
		const mbedtls_rsa_context *	src
	)

Copy the components of an RSA context.

Parameters

dst	Destination context
src	Source context

Returns: 0 on success, MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure

Here is the call graph for this function:

◆ mbedtls_rsa_free()

void mbedtls_rsa_free ( mbedtls_rsa_context * ctx )

Free the components of an RSA key.

Parameters

ctx	RSA Context to free

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_gen_key()

int mbedtls_rsa_gen_key	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		unsigned int	nbits,
		int	exponent
	)

Generate an RSA keypair.

Parameters

ctx	RSA context that will hold the key
f_rng	RNG function
p_rng	RNG parameter
nbits	size of the public key in bits
exponent	public exponent (e.g., 65537)

Note: mbedtls_rsa_init() must be called beforehand to setup the RSA context.

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Here is the call graph for this function:

◆ mbedtls_rsa_init()

void mbedtls_rsa_init	(	mbedtls_rsa_context *	ctx,
		int	padding,
		int	hash_id
	)

Initialize an RSA context.

            Note: Set padding to MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
            encryption scheme and the RSASSA-PSS signature scheme.

Parameters

ctx	RSA context to be initialized
padding	MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21
hash_id	MBEDTLS_RSA_PKCS_V21 hash identifier

Note: The hash_id parameter is actually ignored when using MBEDTLS_RSA_PKCS_V15 padding.; Choice of padding mode is strictly enforced for private key operations, since there might be security concerns in mixing padding modes. For public key operations it's merely a default value, which can be overriden by calling specific rsa_rsaes_xxx or rsa_rsassa_xxx functions.; The chosen hash is always used for OEAP encryption. For PSS signatures, it's always used for making signatures, but can be overriden (and always is, if set to MBEDTLS_MD_NONE) for verifying them.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_pkcs1_decrypt()

int mbedtls_rsa_pkcs1_decrypt	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		size_t *	olen,
		const unsigned char *	input,
		unsigned char *	output,
		size_t	output_max_len
	)

Generic wrapper to perform a PKCS#1 decryption using the mode from the context. Do an RSA operation, then remove the message padding.

Parameters

ctx	RSA context
f_rng	RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
olen	will contain the plaintext length
input	buffer holding the encrypted data
output	buffer that will hold the plaintext
output_max_len	maximum length of the output buffer

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The output buffer length output_max_len should be as large as the size ctx->len of ctx->N (eg. 128 bytes if RSA-1024 is used) to be able to hold an arbitrary decrypted message. If it is not large enough to hold the decryption of the particular ciphertext provided, the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.; The input buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_pkcs1_encrypt()

int mbedtls_rsa_pkcs1_encrypt	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		size_t	ilen,
		const unsigned char *	input,
		unsigned char *	output
	)

Generic wrapper to perform a PKCS#1 encryption using the mode from the context. Add the message padding, then do an RSA operation.

Parameters

ctx	RSA context
f_rng	RNG function (Needed for padding and PKCS#1 v2.1 encoding and MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
ilen	contains the plaintext length
input	buffer holding the data to be encrypted
output	buffer that will hold the ciphertext

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_pkcs1_sign()

int mbedtls_rsa_pkcs1_sign	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		mbedtls_md_type_t	md_alg,
		unsigned int	hashlen,
		const unsigned char *	hash,
		unsigned char *	sig
	)

Generic wrapper to perform a PKCS#1 signature using the mode from the context. Do a private RSA operation to sign a message digest.

Parameters

ctx	RSA context
f_rng	RNG function (Needed for PKCS#1 v2.1 encoding and for MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
md_alg	a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
hashlen	message digest length (for MBEDTLS_MD_NONE only)
hash	buffer holding the message digest
sig	buffer that will hold the ciphertext

Returns: 0 if the signing operation was successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).; In case of PKCS#1 v2.1 encoding, see comments on; mbedtls_rsa_rsassa_pss_sign() for details on md_alg and hash_id.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_pkcs1_verify()

int mbedtls_rsa_pkcs1_verify	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		mbedtls_md_type_t	md_alg,
		unsigned int	hashlen,
		const unsigned char *	hash,
		const unsigned char *	sig
	)

Generic wrapper to perform a PKCS#1 verification using the mode from the context. Do a public RSA operation and check the message digest.

Parameters

ctx	points to an RSA public key
f_rng	RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
md_alg	a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
hashlen	message digest length (for MBEDTLS_MD_NONE only)
hash	buffer holding the message digest
sig	buffer holding the ciphertext

Returns: 0 if the verify operation was successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).; In case of PKCS#1 v2.1 encoding, see comments on mbedtls_rsa_rsassa_pss_verify() about md_alg and hash_id.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_private()

int mbedtls_rsa_private	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		const unsigned char *	input,
		unsigned char *	output
	)

Do an RSA private key operation.

Parameters

ctx	RSA context
f_rng	RNG function (Needed for blinding)
p_rng	RNG parameter
input	input buffer
output	output buffer

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The input and output buffers must be large enough (eg. 128 bytes if RSA-1024 is used).

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_public()

int mbedtls_rsa_public	(	mbedtls_rsa_context *	ctx,
		const unsigned char *	input,
		unsigned char *	output
	)

Do an RSA public key operation.

Parameters

ctx	RSA context
input	input buffer
output	output buffer

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: This function does NOT take care of message padding. Also, be sure to set input[0] = 0 or ensure that input is smaller than N.; The input and output buffers must be large enough (eg. 128 bytes if RSA-1024 is used).

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_rsaes_oaep_decrypt()

int mbedtls_rsa_rsaes_oaep_decrypt	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		const unsigned char *	label,
		size_t	label_len,
		size_t *	olen,
		const unsigned char *	input,
		unsigned char *	output,
		size_t	output_max_len
	)

Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT)

Parameters

ctx	RSA context
f_rng	RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
label	buffer holding the custom label to use
label_len	contains the label length
olen	will contain the plaintext length
input	buffer holding the encrypted data
output	buffer that will hold the plaintext
output_max_len	maximum length of the output buffer

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The output buffer length output_max_len should be as large as the size ctx->len of ctx->N (eg. 128 bytes if RSA-1024 is used) to be able to hold an arbitrary decrypted message. If it is not large enough to hold the decryption of the particular ciphertext provided, the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.; The input buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_rsaes_oaep_encrypt()

int mbedtls_rsa_rsaes_oaep_encrypt	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		const unsigned char *	label,
		size_t	label_len,
		size_t	ilen,
		const unsigned char *	input,
		unsigned char *	output
	)

Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT)

Parameters

ctx	RSA context
f_rng	RNG function (Needed for padding and PKCS#1 v2.1 encoding and MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
label	buffer holding the custom label to use
label_len	contains the label length
ilen	contains the plaintext length
input	buffer holding the data to be encrypted
output	buffer that will hold the ciphertext

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_rsaes_pkcs1_v15_decrypt()

int mbedtls_rsa_rsaes_pkcs1_v15_decrypt	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		size_t *	olen,
		const unsigned char *	input,
		unsigned char *	output,
		size_t	output_max_len
	)

Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT)

Parameters

ctx	RSA context
f_rng	RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
olen	will contain the plaintext length
input	buffer holding the encrypted data
output	buffer that will hold the plaintext
output_max_len	maximum length of the output buffer

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The output buffer length output_max_len should be as large as the size ctx->len of ctx->N (eg. 128 bytes if RSA-1024 is used) to be able to hold an arbitrary decrypted message. If it is not large enough to hold the decryption of the particular ciphertext provided, the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.; The input buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_rsaes_pkcs1_v15_encrypt()

int mbedtls_rsa_rsaes_pkcs1_v15_encrypt	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		size_t	ilen,
		const unsigned char *	input,
		unsigned char *	output
	)

Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT)

Parameters

ctx	RSA context
f_rng	RNG function (Needed for padding and MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
ilen	contains the plaintext length
input	buffer holding the data to be encrypted
output	buffer that will hold the ciphertext

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_rsassa_pkcs1_v15_sign()

int mbedtls_rsa_rsassa_pkcs1_v15_sign	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		mbedtls_md_type_t	md_alg,
		unsigned int	hashlen,
		const unsigned char *	hash,
		unsigned char *	sig
	)

Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN)

Parameters

ctx	RSA context
f_rng	RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
md_alg	a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
hashlen	message digest length (for MBEDTLS_MD_NONE only)
hash	buffer holding the message digest
sig	buffer that will hold the ciphertext

Returns: 0 if the signing operation was successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_rsassa_pkcs1_v15_verify()

int mbedtls_rsa_rsassa_pkcs1_v15_verify	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		mbedtls_md_type_t	md_alg,
		unsigned int	hashlen,
		const unsigned char *	hash,
		const unsigned char *	sig
	)

Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY)

Parameters

ctx	points to an RSA public key
f_rng	RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
md_alg	a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
hashlen	message digest length (for MBEDTLS_MD_NONE only)
hash	buffer holding the message digest
sig	buffer holding the ciphertext

Returns: 0 if the verify operation was successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_rsassa_pss_sign()

int mbedtls_rsa_rsassa_pss_sign	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		mbedtls_md_type_t	md_alg,
		unsigned int	hashlen,
		const unsigned char *	hash,
		unsigned char *	sig
	)

Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN)

Parameters

ctx	RSA context
f_rng	RNG function (Needed for PKCS#1 v2.1 encoding and for MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
md_alg	a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
hashlen	message digest length (for MBEDTLS_MD_NONE only)
hash	buffer holding the message digest
sig	buffer that will hold the ciphertext

Returns: 0 if the signing operation was successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).; The hash_id in the RSA context is the one used for the encoding. md_alg in the function call is the type of hash that is encoded. According to RFC 3447 it is advised to keep both hashes the same.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_rsassa_pss_verify()

int mbedtls_rsa_rsassa_pss_verify	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		mbedtls_md_type_t	md_alg,
		unsigned int	hashlen,
		const unsigned char *	hash,
		const unsigned char *	sig
	)

Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) (This is the "simple" version.)

Parameters

ctx	points to an RSA public key
f_rng	RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
md_alg	a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
hashlen	message digest length (for MBEDTLS_MD_NONE only)
hash	buffer holding the message digest
sig	buffer holding the ciphertext

Returns: 0 if the verify operation was successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).; The hash_id in the RSA context is the one used for the verification. md_alg in the function call is the type of hash that is verified. According to RFC 3447 it is advised to keep both hashes the same. If hash_id in the RSA context is unset, the md_alg from the function call is used.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_rsassa_pss_verify_ext()

int mbedtls_rsa_rsassa_pss_verify_ext	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		mbedtls_md_type_t	md_alg,
		unsigned int	hashlen,
		const unsigned char *	hash,
		mbedtls_md_type_t	mgf1_hash_id,
		int	expected_salt_len,
		const unsigned char *	sig
	)

Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) (This is the version with "full" options.)

Parameters

ctx	points to an RSA public key
f_rng	RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
md_alg	a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
hashlen	message digest length (for MBEDTLS_MD_NONE only)
hash	buffer holding the message digest
mgf1_hash_id	message digest used for mask generation
expected_salt_len	Length of the salt used in padding, use MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length
sig	buffer holding the ciphertext

Returns: 0 if the verify operation was successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).; The hash_id in the RSA context is ignored.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_self_test()

int mbedtls_rsa_self_test ( int verbose )

Checkup routine.

Returns: 0 if successful, or 1 if the test failed

Here is the call graph for this function:

◆ mbedtls_rsa_set_padding()

void mbedtls_rsa_set_padding	(	mbedtls_rsa_context *	ctx,
		int	padding,
		int	hash_id
	)

Set padding for an already initialized RSA context See mbedtls_rsa_init() for details.

Parameters

ctx	RSA context to be set
padding	MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21
hash_id	MBEDTLS_RSA_PKCS_V21 hash identifier

Here is the caller graph for this function:

Classes

Macros

Functions

Detailed Description

Macro Definition Documentation

◆ MBEDTLS_ERR_RSA_BAD_INPUT_DATA

◆ MBEDTLS_ERR_RSA_INVALID_PADDING

◆ MBEDTLS_ERR_RSA_KEY_CHECK_FAILED

◆ MBEDTLS_ERR_RSA_KEY_GEN_FAILED

◆ MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE

◆ MBEDTLS_ERR_RSA_PRIVATE_FAILED

◆ MBEDTLS_ERR_RSA_PUBLIC_FAILED

◆ MBEDTLS_ERR_RSA_RNG_FAILED

◆ MBEDTLS_ERR_RSA_VERIFY_FAILED

◆ MBEDTLS_RSA_CRYPT

◆ MBEDTLS_RSA_PKCS_V15

◆ MBEDTLS_RSA_PKCS_V21

◆ MBEDTLS_RSA_PRIVATE

◆ MBEDTLS_RSA_PUBLIC

◆ MBEDTLS_RSA_SALT_LEN_ANY

◆ MBEDTLS_RSA_SIGN

Function Documentation

◆ mbedtls_rsa_check_privkey()

◆ mbedtls_rsa_check_pub_priv()

◆ mbedtls_rsa_check_pubkey()

◆ mbedtls_rsa_copy()

◆ mbedtls_rsa_free()

◆ mbedtls_rsa_gen_key()

◆ mbedtls_rsa_init()

◆ mbedtls_rsa_pkcs1_decrypt()

◆ mbedtls_rsa_pkcs1_encrypt()

◆ mbedtls_rsa_pkcs1_sign()

◆ mbedtls_rsa_pkcs1_verify()

◆ mbedtls_rsa_private()

◆ mbedtls_rsa_public()

◆ mbedtls_rsa_rsaes_oaep_decrypt()

◆ mbedtls_rsa_rsaes_oaep_encrypt()

◆ mbedtls_rsa_rsaes_pkcs1_v15_decrypt()

◆ mbedtls_rsa_rsaes_pkcs1_v15_encrypt()

◆ mbedtls_rsa_rsassa_pkcs1_v15_sign()

◆ mbedtls_rsa_rsassa_pkcs1_v15_verify()

◆ mbedtls_rsa_rsassa_pss_sign()

◆ mbedtls_rsa_rsassa_pss_verify()

◆ mbedtls_rsa_rsassa_pss_verify_ext()

◆ mbedtls_rsa_self_test()

◆ mbedtls_rsa_set_padding()