Lines Matching +full:- +full:a
4 * \brief This file provides an API for the RSA public-key cryptosystem.
6 * The RSA public-key cryptosystem is defined in <em>Public-Key
8 * and <em>Public-Key Cryptography Standards (PKCS) #1 v2.1:
14 * SPDX-License-Identifier: Apache-2.0
18 * You may obtain a copy of the License at
20 * http://www.apache.org/licenses/LICENSE-2.0
44 #define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 /**< Bad input parameters to fun…
45 #define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100 /**< Input data contains invalid…
46 …MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180 /**< Something failed during generation…
47 #define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 /**< Key failed to pass the vali…
48 #define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280 /**< The public key operation fa…
49 #define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300 /**< The private key operation f…
50 #define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification fai…
51 #define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decry…
52 …DTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to genera…
64 #define MBEDTLS_RSA_SALT_LEN_ANY -1
97 mbedtls_mpi MBEDTLS_PRIVATE(DP); /*!< <code>D % (P - 1)</code>. */
98 mbedtls_mpi MBEDTLS_PRIVATE(DQ); /*!< <code>D % (Q - 1)</code>. */
107 mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The cached un-blinding value. */
115 EME-OAEP and EMSA-PSS encodings. */
118 mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< Thread-safety mutex. */
143 * \note Set padding to #MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
144 * encryption scheme and the RSASSA-PSS signature scheme.
152 * a default value, which can be overridden by calling specific
177 * \brief This function imports a set of core parameters into an
184 * by a call to mbedtls_rsa_complete(), which checks and
185 * completes the provided information to a ready-for-use
189 * parameters are necessary to set up a private or public
203 * \return A non-zero error code on failure.
211 * \brief This function imports core RSA parameters, in raw big-endian
218 * by a call to mbedtls_rsa_complete(), which checks and
219 * completes the provided information to a ready-for-use
223 * parameters are necessary to set up a private or public
242 * \return A non-zero error code on failure.
253 * a set of imported core parameters.
288 * If this function runs successfully, the non-NULL buffers
298 * <li>A SW or HW implementation might not support a certain
322 * \return A non-zero return code on any other failure.
331 * in raw big-endian binary format.
333 * If this function runs successfully, the non-NULL buffers
343 * <li>A SW or HW implementation might not support a certain
374 * \return A non-zero return code on any other failure.
384 * \brief This function exports CRT parameters of a private RSA key.
386 * \note Alternative RSA implementations not using CRT-parameters
391 * \param DP The MPI to hold \c D modulo `P-1`,
393 * \param DQ The MPI to hold \c D modulo `Q-1`,
399 * \return A non-zero error code on failure.
425 * This may be \c NULL if \p f_rng doesn't need a context.
439 * \brief This function checks if a context contains at least an RSA
455 * \brief This function checks if a context contains an RSA private key
473 * content of an PKCS1-encoded RSA private key, for example, you
493 * \brief This function checks a public-private RSA key pair.
510 * \param input The input buffer. This must be a readable buffer
511 * of length \c ctx->len Bytes. For example, \c 256 Bytes
512 * for an 2048-bit RSA modulus.
513 * \param output The output buffer. This must be a writable buffer
514 * of length \c ctx->len Bytes. For example, \c 256 Bytes
515 * for an 2048-bit RSA modulus.
532 * \note Blinding is used if and only if a PRNG is provided.
536 * against some side-channel attacks.
538 * \warning It is deprecated and a security risk to not provide
539 * a PRNG here and thereby prevent the use of blinding.
541 * of a PRNG.
546 * if \p f_rng doesn't need a context.
547 * \param input The input buffer. This must be a readable buffer
548 * of length \c ctx->len Bytes. For example, \c 256 Bytes
549 * for an 2048-bit RSA modulus.
550 * \param output The output buffer. This must be a writable buffer
551 * of length \c ctx->len Bytes. For example, \c 256 Bytes
552 * for an 2048-bit RSA modulus.
568 * It is the generic wrapper for performing a PKCS#1 encryption
575 * \c NULL if \p f_rng doesn't need a context argument.
577 * \param input The input data to encrypt. This must be a readable
580 * \param output The output buffer. This must be a writable buffer
581 * of length \c ctx->len Bytes. For example, \c 256 Bytes
582 * for an 2048-bit RSA modulus.
595 * \brief This function performs a PKCS#1 v1.5 encryption operation
596 * (RSAES-PKCS1-v1_5-ENCRYPT).
602 * be \c NULL if \p f_rng doesn't need a context argument.
604 * \param input The input data to encrypt. This must be a readable
607 * \param output The output buffer. This must be a writable buffer
608 * of length \c ctx->len Bytes. For example, \c 256 Bytes
609 * for an 2048-bit RSA modulus.
622 * \brief This function performs a PKCS#1 v2.1 OAEP encryption
623 * operation (RSAES-OAEP-ENCRYPT).
626 * of ctx->N. For example, 128 Bytes if RSA-1024 is used.
632 * be \c NULL if \p f_rng doesn't need a context argument.
634 * This must be a readable buffer of length \p label_len
638 * \param input The input data to encrypt. This must be a readable
641 * \param output The output buffer. This must be a writable buffer
642 * of length \c ctx->len Bytes. For example, \c 256 Bytes
643 * for an 2048-bit RSA modulus.
660 * It is the generic wrapper for performing a PKCS#1 decryption
664 * as large as the size \p ctx->len of \p ctx->N (for example,
665 * 128 Bytes if RSA-1024 is used) to be able to hold an
674 * \c NULL if \p f_rng doesn't need a context.
677 * \param input The ciphertext buffer. This must be a readable buffer
678 * of length \c ctx->len Bytes. For example, \c 256 Bytes
679 * for an 2048-bit RSA modulus.
681 * be a writable buffer of length \p output_max_len Bytes.
696 * \brief This function performs a PKCS#1 v1.5 decryption
697 * operation (RSAES-PKCS1-v1_5-DECRYPT).
700 * as large as the size \p ctx->len of \p ctx->N, for example,
701 * 128 Bytes if RSA-1024 is used, to be able to hold an
710 * \c NULL if \p f_rng doesn't need a context.
713 * \param input The ciphertext buffer. This must be a readable buffer
714 * of length \c ctx->len Bytes. For example, \c 256 Bytes
715 * for an 2048-bit RSA modulus.
717 * be a writable buffer of length \p output_max_len Bytes.
733 * \brief This function performs a PKCS#1 v2.1 OAEP decryption
734 * operation (RSAES-OAEP-DECRYPT).
737 * as large as the size \p ctx->len of \p ctx->N, for
738 * example, 128 Bytes if RSA-1024 is used, to be able to
748 * \c NULL if \p f_rng doesn't need a context.
750 * This must be a readable buffer of length \p label_len
755 * \param input The ciphertext buffer. This must be a readable buffer
756 * of length \c ctx->len Bytes. For example, \c 256 Bytes
757 * for an 2048-bit RSA modulus.
759 * be a writable buffer of length \p output_max_len Bytes.
775 * \brief This function performs a private RSA operation to sign
776 * a message digest using PKCS#1.
778 * It is the generic wrapper for performing a PKCS#1
782 * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
792 * if \p f_rng doesn't need a context argument.
793 * \param md_alg The message-digest algorithm used to hash the original data.
799 * This must be a readable buffer of at least \p hashlen Bytes.
800 * \param sig The buffer to hold the signature. This must be a writable
801 * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
802 * for an 2048-bit RSA modulus. A buffer length of
817 * \brief This function performs a PKCS#1 v1.5 signature
818 * operation (RSASSA-PKCS1-v1_5-SIGN).
824 * if \p f_rng doesn't need a context argument.
825 * \param md_alg The message-digest algorithm used to hash the original data.
831 * This must be a readable buffer of at least \p hashlen Bytes.
832 * \param sig The buffer to hold the signature. This must be a writable
833 * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
834 * for an 2048-bit RSA modulus. A buffer length of
849 * \brief This function performs a PKCS#1 v2.1 PSS signature
850 * operation (RSASSA-PSS-SIGN).
856 * mask generation function, consult <em>RFC-3447: Public-Key
861 * with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1 v2.2) §9.1.1
870 * if \p f_rng doesn't need a context argument.
871 * \param md_alg The message-digest algorithm used to hash the original data.
877 * This must be a readable buffer of at least \p hashlen Bytes.
882 * FIPS 186-4 §5.5.
883 * \param sig The buffer to hold the signature. This must be a writable
884 * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
885 * for an 2048-bit RSA modulus. A buffer length of
901 * \brief This function performs a PKCS#1 v2.1 PSS signature
902 * operation (RSASSA-PSS-SIGN).
908 * mask generation function, consult <em>RFC-3447: Public-Key
914 * size complies with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1
915 * v2.2) §9.1.1 step 3. Furthermore this function enforces a
925 * if \p f_rng doesn't need a context argument.
926 * \param md_alg The message-digest algorithm used to hash the original data.
932 * This must be a readable buffer of at least \p hashlen Bytes.
933 * \param sig The buffer to hold the signature. This must be a writable
934 * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
935 * for an 2048-bit RSA modulus. A buffer length of
950 * \brief This function performs a public RSA operation and checks
953 * This is the generic wrapper for performing a PKCS#1
961 * \param md_alg The message-digest algorithm used to hash the original data.
967 * This must be a readable buffer of at least \p hashlen Bytes.
968 * \param sig The buffer holding the signature. This must be a readable
969 * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
970 * for an 2048-bit RSA modulus.
982 * \brief This function performs a PKCS#1 v1.5 verification
983 * operation (RSASSA-PKCS1-v1_5-VERIFY).
986 * \param md_alg The message-digest algorithm used to hash the original data.
992 * This must be a readable buffer of at least \p hashlen Bytes.
993 * \param sig The buffer holding the signature. This must be a readable
994 * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
995 * for an 2048-bit RSA modulus.
1007 * \brief This function performs a PKCS#1 v2.1 PSS verification
1008 * operation (RSASSA-PSS-VERIFY).
1014 * mask generation function, consult <em>RFC-3447: Public-Key
1021 * \param md_alg The message-digest algorithm used to hash the original data.
1027 * This must be a readable buffer of at least \p hashlen Bytes.
1028 * \param sig The buffer holding the signature. This must be a readable
1029 * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
1030 * for an 2048-bit RSA modulus.
1042 * \brief This function performs a PKCS#1 v2.1 PSS verification
1043 * operation (RSASSA-PSS-VERIFY).
1046 * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
1052 * \param md_alg The message-digest algorithm used to hash the original data.
1058 * This must be a readable buffer of at least \p hashlen Bytes.
1063 * <em>RFC-3447: Public-Key Cryptography Standards
1068 * \param sig The buffer holding the signature. This must be a readable
1069 * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
1070 * for an 2048-bit RSA modulus.
1098 * this function is a no-op. If it is not \c NULL, it must