#include "mbedtls/config.h"
#include "mbedtls/rsa.h"
#include "mbedtls/oid.h"
#include <string.h>
#include "mbedtls/md.h"
#include <stdlib.h>
#include "mbedtls/platform.h"
#include "arc4_alt.h"
#include "mbedtls/sha1.h"

Include dependency graph for rsa.c:

Macros
#define	RSA_EXPONENT_BLINDING 28

#define	KEY_LEN 128

#define	RSA_N

#define	RSA_E "10001"

#define	RSA_D

#define	RSA_P

#define	RSA_Q

#define	RSA_DP

#define	RSA_DQ

#define	RSA_QP

#define	PT_LEN 24

#define	RSA_PT

Functions
void	mbedtls_rsa_init (mbedtls_rsa_context *ctx, int padding, int hash_id)
	Initialize an RSA context. More...

void	mbedtls_rsa_set_padding (mbedtls_rsa_context *ctx, int padding, int hash_id)
	Set padding for an already initialized RSA context See `mbedtls_rsa_init()` for details. More...

int	mbedtls_rsa_gen_key (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void *p_rng, unsigned int nbits, int exponent)
	Generate an RSA keypair. More...

int	mbedtls_rsa_check_pubkey (const mbedtls_rsa_context *ctx)
	Check a public RSA key. More...

int	mbedtls_rsa_check_privkey (const mbedtls_rsa_context *ctx)
	Check a private RSA key. More...

int	mbedtls_rsa_check_pub_priv (const mbedtls_rsa_context pub, const mbedtls_rsa_context prv)
	Check a public-private RSA key pair. Check each of the contexts, and make sure they match. More...

int	mbedtls_rsa_public (mbedtls_rsa_context ctx, const unsigned char input, unsigned char *output)
	Do an RSA public key operation. More...

static int	rsa_prepare_blinding (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void *p_rng)

int	mbedtls_rsa_private (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, const unsigned char input, unsigned char *output)
	Do an RSA private key operation. More...

static void	mgf_mask (unsigned char dst, size_t dlen, unsigned char src, size_t slen, mbedtls_md_context_t *md_ctx)

int	mbedtls_rsa_rsaes_oaep_encrypt (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, const unsigned char label, size_t label_len, size_t ilen, const unsigned char input, unsigned char output)
	Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT) More...

int	mbedtls_rsa_rsaes_pkcs1_v15_encrypt (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, size_t ilen, const unsigned char input, unsigned char *output)
	Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT) More...

int	mbedtls_rsa_pkcs1_encrypt (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, size_t ilen, const unsigned char input, unsigned char *output)
	Generic wrapper to perform a PKCS#1 encryption using the mode from the context. Add the message padding, then do an RSA operation. More...

int	mbedtls_rsa_rsaes_oaep_decrypt (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, const unsigned char label, size_t label_len, size_t olen, const unsigned char input, unsigned char *output, size_t output_max_len)
	Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT) More...

int	mbedtls_rsa_rsaes_pkcs1_v15_decrypt (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, size_t olen, const unsigned char input, unsigned char output, size_t output_max_len)
	Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT) More...

int	mbedtls_rsa_pkcs1_decrypt (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, size_t olen, const unsigned char input, unsigned char output, size_t output_max_len)
	Generic wrapper to perform a PKCS#1 decryption using the mode from the context. Do an RSA operation, then remove the message padding. More...

int	mbedtls_rsa_rsassa_pss_sign (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char hash, unsigned char *sig)
	Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN) More...

int	mbedtls_rsa_rsassa_pkcs1_v15_sign (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char hash, unsigned char *sig)
	Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN) More...

int	mbedtls_rsa_pkcs1_sign (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char hash, unsigned char *sig)
	Generic wrapper to perform a PKCS#1 signature using the mode from the context. Do a private RSA operation to sign a message digest. More...

int	mbedtls_rsa_rsassa_pss_verify_ext (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char hash, mbedtls_md_type_t mgf1_hash_id, int expected_salt_len, const unsigned char *sig)
	Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) (This is the version with "full" options.) More...

int	mbedtls_rsa_rsassa_pss_verify (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char hash, const unsigned char *sig)
	Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) (This is the "simple" version.) More...

int	mbedtls_rsa_rsassa_pkcs1_v15_verify (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char hash, const unsigned char *sig)
	Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY) More...

int	mbedtls_rsa_pkcs1_verify (mbedtls_rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char hash, const unsigned char *sig)
	Generic wrapper to perform a PKCS#1 verification using the mode from the context. Do a public RSA operation and check the message digest. More...

int	mbedtls_rsa_copy (mbedtls_rsa_context dst, const mbedtls_rsa_context src)
	Copy the components of an RSA context. More...

void	mbedtls_rsa_free (mbedtls_rsa_context *ctx)
	Free the components of an RSA key. More...

static int	myrand (void rng_state, unsigned char output, size_t len)

int	mbedtls_rsa_self_test (int verbose)
	Checkup routine. More...

Macro Definition Documentation

◆ KEY_LEN

#define KEY_LEN 128

◆ PT_LEN

#define PT_LEN 24

◆ RSA_D

#define RSA_D

Value:

"24BF6185468786FDD303083D25E64EFC" \
 "66CA472BC44D253102F8B4A9D3BFA750" \
 "91386C0077937FE33FA3252D28855837" \
 "AE1B484A8A9A45F7EE8C0C634F99E8CD" \
 "DF79C5CE07EE72C7F123142198164234" \
 "CABB724CF78B8173B9F880FC86322407" \
 "AF1FEDFDDE2BEB674CA15F3E81A1521E" \
 "071513A1E85B5DFA031F21ECAE91A34D"

◆ RSA_DP

#define RSA_DP

Value:

"C1ACF567564274FB07A0BBAD5D26E298" \
 "3C94D22288ACD763FD8E5600ED4A702D" \
 "F84198A5F06C2E72236AE490C93F07F8" \
 "3CC559CD27BC2D1CA488811730BB5725"

◆ RSA_DQ

#define RSA_DQ

Value:

"4959CBF6F8FEF750AEE6977C155579C7" \
 "D8AAEA56749EA28623272E4F7D0592AF" \
 "7C1F1313CAC9471B5C523BFE592F517B" \
 "407A1BD76C164B93DA2D32A383E58357"

◆ RSA_E

#define RSA_E "10001"

◆ RSA_EXPONENT_BLINDING

#define RSA_EXPONENT_BLINDING 28

◆ RSA_N

#define RSA_N

Value:

"9292758453063D803DD603D5E777D788" \
 "8ED1D5BF35786190FA2F23EBC0848AEA" \
 "DDA92CA6C3D80B32C4D109BE0F36D6AE" \
 "7130B9CED7ACDF54CFC7555AC14EEBAB" \
 "93A89813FBF3C4F8066D2D800F7C38A8" \
 "1AE31942917403FF4946B0A83D3D3E05" \
 "EE57C6F5F5606FB5D4BC6CD34EE0801A" \
 "5E94BB77B07507233A0BC7BAC8F90F79"

◆ RSA_P

#define RSA_P

Value:

"C36D0EB7FCD285223CFB5AABA5BDA3D8" \
 "2C01CAD19EA484A87EA4377637E75500" \
 "FCB2005C5C7DD6EC4AC023CDA285D796" \
 "C3D9E75E1EFC42488BB4F1D13AC30A57"

◆ RSA_PT

#define RSA_PT

Value:

"\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \

"\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD"

◆ RSA_Q

#define RSA_Q

Value:

"C000DF51A7C77AE8D7C7370C1FF55B69" \
 "E211C2B9E5DB1ED0BF61D0D9899620F4" \
 "910E4168387E3C30AA1E00C339A79508" \
 "8452DD96A9A5EA5D9DCA68DA636032AF"

◆ RSA_QP

#define RSA_QP

Value:

"9AE7FBC99546432DF71896FC239EADAE" \
 "F38D18D2B2F0E2DD275AA977E2BF4411" \
 "F5A3B2A5D33605AEBBCCBA7FEB9F2D2F" \
 "A74206CEC169D74BF5A8C50D6F48EA08"

Function Documentation

◆ mbedtls_rsa_check_privkey()

int mbedtls_rsa_check_privkey ( const mbedtls_rsa_context * ctx )

Check a private RSA key.

Parameters

ctx	RSA context to be checked

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_check_pub_priv()

int mbedtls_rsa_check_pub_priv	(	const mbedtls_rsa_context *	pub,
		const mbedtls_rsa_context *	prv
	)

Check a public-private RSA key pair. Check each of the contexts, and make sure they match.

Parameters

pub	RSA context holding the public key
prv	RSA context holding the private key

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_check_pubkey()

int mbedtls_rsa_check_pubkey ( const mbedtls_rsa_context * ctx )

Check a public RSA key.

Parameters

ctx	RSA context to be checked

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_copy()

int mbedtls_rsa_copy	(	mbedtls_rsa_context *	dst,
		const mbedtls_rsa_context *	src
	)

Copy the components of an RSA context.

Parameters

dst	Destination context
src	Source context

Returns: 0 on success, MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure

Here is the call graph for this function:

◆ mbedtls_rsa_free()

void mbedtls_rsa_free ( mbedtls_rsa_context * ctx )

Free the components of an RSA key.

Parameters

ctx	RSA Context to free

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_gen_key()

int mbedtls_rsa_gen_key	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		unsigned int	nbits,
		int	exponent
	)

Generate an RSA keypair.

Parameters

ctx	RSA context that will hold the key
f_rng	RNG function
p_rng	RNG parameter
nbits	size of the public key in bits
exponent	public exponent (e.g., 65537)

Note: mbedtls_rsa_init() must be called beforehand to setup the RSA context.

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Here is the call graph for this function:

◆ mbedtls_rsa_init()

void mbedtls_rsa_init	(	mbedtls_rsa_context *	ctx,
		int	padding,
		int	hash_id
	)

Initialize an RSA context.

            Note: Set padding to MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
            encryption scheme and the RSASSA-PSS signature scheme.

Parameters

ctx	RSA context to be initialized
padding	MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21
hash_id	MBEDTLS_RSA_PKCS_V21 hash identifier

Note: The hash_id parameter is actually ignored when using MBEDTLS_RSA_PKCS_V15 padding.; Choice of padding mode is strictly enforced for private key operations, since there might be security concerns in mixing padding modes. For public key operations it's merely a default value, which can be overriden by calling specific rsa_rsaes_xxx or rsa_rsassa_xxx functions.; The chosen hash is always used for OEAP encryption. For PSS signatures, it's always used for making signatures, but can be overriden (and always is, if set to MBEDTLS_MD_NONE) for verifying them.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_pkcs1_decrypt()

int mbedtls_rsa_pkcs1_decrypt	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		size_t *	olen,
		const unsigned char *	input,
		unsigned char *	output,
		size_t	output_max_len
	)

Generic wrapper to perform a PKCS#1 decryption using the mode from the context. Do an RSA operation, then remove the message padding.

Parameters

ctx	RSA context
f_rng	RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
olen	will contain the plaintext length
input	buffer holding the encrypted data
output	buffer that will hold the plaintext
output_max_len	maximum length of the output buffer

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The output buffer length output_max_len should be as large as the size ctx->len of ctx->N (eg. 128 bytes if RSA-1024 is used) to be able to hold an arbitrary decrypted message. If it is not large enough to hold the decryption of the particular ciphertext provided, the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.; The input buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_pkcs1_encrypt()

int mbedtls_rsa_pkcs1_encrypt	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		size_t	ilen,
		const unsigned char *	input,
		unsigned char *	output
	)

Generic wrapper to perform a PKCS#1 encryption using the mode from the context. Add the message padding, then do an RSA operation.

Parameters

ctx	RSA context
f_rng	RNG function (Needed for padding and PKCS#1 v2.1 encoding and MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
ilen	contains the plaintext length
input	buffer holding the data to be encrypted
output	buffer that will hold the ciphertext

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_pkcs1_sign()

int mbedtls_rsa_pkcs1_sign	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		mbedtls_md_type_t	md_alg,
		unsigned int	hashlen,
		const unsigned char *	hash,
		unsigned char *	sig
	)

Generic wrapper to perform a PKCS#1 signature using the mode from the context. Do a private RSA operation to sign a message digest.

Parameters

ctx	RSA context
f_rng	RNG function (Needed for PKCS#1 v2.1 encoding and for MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
md_alg	a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
hashlen	message digest length (for MBEDTLS_MD_NONE only)
hash	buffer holding the message digest
sig	buffer that will hold the ciphertext

Returns: 0 if the signing operation was successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).; In case of PKCS#1 v2.1 encoding, see comments on; mbedtls_rsa_rsassa_pss_sign() for details on md_alg and hash_id.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_pkcs1_verify()

int mbedtls_rsa_pkcs1_verify	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		mbedtls_md_type_t	md_alg,
		unsigned int	hashlen,
		const unsigned char *	hash,
		const unsigned char *	sig
	)

Generic wrapper to perform a PKCS#1 verification using the mode from the context. Do a public RSA operation and check the message digest.

Parameters

ctx	points to an RSA public key
f_rng	RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
md_alg	a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
hashlen	message digest length (for MBEDTLS_MD_NONE only)
hash	buffer holding the message digest
sig	buffer holding the ciphertext

Returns: 0 if the verify operation was successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).; In case of PKCS#1 v2.1 encoding, see comments on mbedtls_rsa_rsassa_pss_verify() about md_alg and hash_id.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_private()

int mbedtls_rsa_private	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		const unsigned char *	input,
		unsigned char *	output
	)

Do an RSA private key operation.

Parameters

ctx	RSA context
f_rng	RNG function (Needed for blinding)
p_rng	RNG parameter
input	input buffer
output	output buffer

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The input and output buffers must be large enough (eg. 128 bytes if RSA-1024 is used).

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_public()

int mbedtls_rsa_public	(	mbedtls_rsa_context *	ctx,
		const unsigned char *	input,
		unsigned char *	output
	)

Do an RSA public key operation.

Parameters

ctx	RSA context
input	input buffer
output	output buffer

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: This function does NOT take care of message padding. Also, be sure to set input[0] = 0 or ensure that input is smaller than N.; The input and output buffers must be large enough (eg. 128 bytes if RSA-1024 is used).

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_rsaes_oaep_decrypt()

int mbedtls_rsa_rsaes_oaep_decrypt	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		const unsigned char *	label,
		size_t	label_len,
		size_t *	olen,
		const unsigned char *	input,
		unsigned char *	output,
		size_t	output_max_len
	)

Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT)

Parameters

ctx	RSA context
f_rng	RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
label	buffer holding the custom label to use
label_len	contains the label length
olen	will contain the plaintext length
input	buffer holding the encrypted data
output	buffer that will hold the plaintext
output_max_len	maximum length of the output buffer

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The output buffer length output_max_len should be as large as the size ctx->len of ctx->N (eg. 128 bytes if RSA-1024 is used) to be able to hold an arbitrary decrypted message. If it is not large enough to hold the decryption of the particular ciphertext provided, the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.; The input buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_rsaes_oaep_encrypt()

int mbedtls_rsa_rsaes_oaep_encrypt	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		const unsigned char *	label,
		size_t	label_len,
		size_t	ilen,
		const unsigned char *	input,
		unsigned char *	output
	)

Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT)

Parameters

ctx	RSA context
f_rng	RNG function (Needed for padding and PKCS#1 v2.1 encoding and MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
label	buffer holding the custom label to use
label_len	contains the label length
ilen	contains the plaintext length
input	buffer holding the data to be encrypted
output	buffer that will hold the ciphertext

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_rsaes_pkcs1_v15_decrypt()

int mbedtls_rsa_rsaes_pkcs1_v15_decrypt	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		size_t *	olen,
		const unsigned char *	input,
		unsigned char *	output,
		size_t	output_max_len
	)

Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT)

Parameters

ctx	RSA context
f_rng	RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
olen	will contain the plaintext length
input	buffer holding the encrypted data
output	buffer that will hold the plaintext
output_max_len	maximum length of the output buffer

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The output buffer length output_max_len should be as large as the size ctx->len of ctx->N (eg. 128 bytes if RSA-1024 is used) to be able to hold an arbitrary decrypted message. If it is not large enough to hold the decryption of the particular ciphertext provided, the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.; The input buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_rsaes_pkcs1_v15_encrypt()

int mbedtls_rsa_rsaes_pkcs1_v15_encrypt	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		size_t	ilen,
		const unsigned char *	input,
		unsigned char *	output
	)

Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT)

Parameters

ctx	RSA context
f_rng	RNG function (Needed for padding and MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
ilen	contains the plaintext length
input	buffer holding the data to be encrypted
output	buffer that will hold the ciphertext

Returns: 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_rsassa_pkcs1_v15_sign()

int mbedtls_rsa_rsassa_pkcs1_v15_sign	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		mbedtls_md_type_t	md_alg,
		unsigned int	hashlen,
		const unsigned char *	hash,
		unsigned char *	sig
	)

Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN)

Parameters

ctx	RSA context
f_rng	RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
md_alg	a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
hashlen	message digest length (for MBEDTLS_MD_NONE only)
hash	buffer holding the message digest
sig	buffer that will hold the ciphertext

Returns: 0 if the signing operation was successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_rsassa_pkcs1_v15_verify()

int mbedtls_rsa_rsassa_pkcs1_v15_verify	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		mbedtls_md_type_t	md_alg,
		unsigned int	hashlen,
		const unsigned char *	hash,
		const unsigned char *	sig
	)

Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY)

Parameters

ctx	points to an RSA public key
f_rng	RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
md_alg	a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
hashlen	message digest length (for MBEDTLS_MD_NONE only)
hash	buffer holding the message digest
sig	buffer holding the ciphertext

Returns: 0 if the verify operation was successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_rsassa_pss_sign()

int mbedtls_rsa_rsassa_pss_sign	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		mbedtls_md_type_t	md_alg,
		unsigned int	hashlen,
		const unsigned char *	hash,
		unsigned char *	sig
	)

Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN)

Parameters

ctx	RSA context
f_rng	RNG function (Needed for PKCS#1 v2.1 encoding and for MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
md_alg	a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
hashlen	message digest length (for MBEDTLS_MD_NONE only)
hash	buffer holding the message digest
sig	buffer that will hold the ciphertext

Returns: 0 if the signing operation was successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).; The hash_id in the RSA context is the one used for the encoding. md_alg in the function call is the type of hash that is encoded. According to RFC 3447 it is advised to keep both hashes the same.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_rsassa_pss_verify()

int mbedtls_rsa_rsassa_pss_verify	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		mbedtls_md_type_t	md_alg,
		unsigned int	hashlen,
		const unsigned char *	hash,
		const unsigned char *	sig
	)

Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) (This is the "simple" version.)

Parameters

ctx	points to an RSA public key
f_rng	RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
md_alg	a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
hashlen	message digest length (for MBEDTLS_MD_NONE only)
hash	buffer holding the message digest
sig	buffer holding the ciphertext

Returns: 0 if the verify operation was successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).; The hash_id in the RSA context is the one used for the verification. md_alg in the function call is the type of hash that is verified. According to RFC 3447 it is advised to keep both hashes the same. If hash_id in the RSA context is unset, the md_alg from the function call is used.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_rsassa_pss_verify_ext()

int mbedtls_rsa_rsassa_pss_verify_ext	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng,
		int	mode,
		mbedtls_md_type_t	md_alg,
		unsigned int	hashlen,
		const unsigned char *	hash,
		mbedtls_md_type_t	mgf1_hash_id,
		int	expected_salt_len,
		const unsigned char *	sig
	)

Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) (This is the version with "full" options.)

Parameters

ctx	points to an RSA public key
f_rng	RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
p_rng	RNG parameter
mode	MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
md_alg	a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
hashlen	message digest length (for MBEDTLS_MD_NONE only)
hash	buffer holding the message digest
mgf1_hash_id	message digest used for mask generation
expected_salt_len	Length of the salt used in padding, use MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length
sig	buffer holding the ciphertext

Returns: 0 if the verify operation was successful, or an MBEDTLS_ERR_RSA_XXX error code

Note: The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).; The hash_id in the RSA context is ignored.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_rsa_self_test()

int mbedtls_rsa_self_test ( int verbose )

Checkup routine.

Returns: 0 if successful, or 1 if the test failed

Here is the call graph for this function:

◆ mbedtls_rsa_set_padding()

void mbedtls_rsa_set_padding	(	mbedtls_rsa_context *	ctx,
		int	padding,
		int	hash_id
	)

Set padding for an already initialized RSA context See mbedtls_rsa_init() for details.

Parameters

ctx	RSA context to be set
padding	MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21
hash_id	MBEDTLS_RSA_PKCS_V21 hash identifier

Here is the caller graph for this function:

◆ mgf_mask()

static void mgf_mask	(	unsigned char *	dst,
		size_t	dlen,
		unsigned char *	src,
		size_t	slen,
		mbedtls_md_context_t *	md_ctx
	)

static

Generate and apply the MGF1 operation (from PKCS#1 v2.1) to a buffer.

Parameters

dst	buffer to mask
dlen	length of destination buffer
src	source of the mask generation
slen	length of the source buffer
md_ctx	message digest context to use

Here is the call graph for this function:

Here is the caller graph for this function:

◆ myrand()

static int myrand	(	void *	rng_state,
		unsigned char *	output,
		size_t	len
	)

static

Here is the caller graph for this function:

◆ rsa_prepare_blinding()

static int rsa_prepare_blinding	(	mbedtls_rsa_context *	ctx,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng
	)

static

Here is the call graph for this function:

Here is the caller graph for this function:

Macros

Functions

Macro Definition Documentation

◆ KEY_LEN

◆ PT_LEN

◆ RSA_D

◆ RSA_DP

◆ RSA_DQ

◆ RSA_E

◆ RSA_EXPONENT_BLINDING

◆ RSA_N

◆ RSA_P

◆ RSA_PT

◆ RSA_Q

◆ RSA_QP

Function Documentation

◆ mbedtls_rsa_check_privkey()

◆ mbedtls_rsa_check_pub_priv()

◆ mbedtls_rsa_check_pubkey()

◆ mbedtls_rsa_copy()

◆ mbedtls_rsa_free()

◆ mbedtls_rsa_gen_key()

◆ mbedtls_rsa_init()

◆ mbedtls_rsa_pkcs1_decrypt()

◆ mbedtls_rsa_pkcs1_encrypt()

◆ mbedtls_rsa_pkcs1_sign()

◆ mbedtls_rsa_pkcs1_verify()

◆ mbedtls_rsa_private()

◆ mbedtls_rsa_public()

◆ mbedtls_rsa_rsaes_oaep_decrypt()

◆ mbedtls_rsa_rsaes_oaep_encrypt()

◆ mbedtls_rsa_rsaes_pkcs1_v15_decrypt()

◆ mbedtls_rsa_rsaes_pkcs1_v15_encrypt()

◆ mbedtls_rsa_rsassa_pkcs1_v15_sign()

◆ mbedtls_rsa_rsassa_pkcs1_v15_verify()

◆ mbedtls_rsa_rsassa_pss_sign()

◆ mbedtls_rsa_rsassa_pss_verify()

◆ mbedtls_rsa_rsassa_pss_verify_ext()

◆ mbedtls_rsa_self_test()

◆ mbedtls_rsa_set_padding()

◆ mgf_mask()

◆ myrand()

◆ rsa_prepare_blinding()