1 /**
2  * \file rsa_internal.h
3  *
4  * \brief Internal-only RSA public-key cryptosystem API.
5  *
6  * This file declares RSA-related functions that are to be used
7  * only from within the Mbed TLS library itself.
8  *
9  */
10 /*
11  *  Copyright The Mbed TLS Contributors
12  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
13  */
14 #ifndef MBEDTLS_RSA_INTERNAL_H
15 #define MBEDTLS_RSA_INTERNAL_H
16 
17 #include "mbedtls/rsa.h"
18 #include "mbedtls/asn1.h"
19 
20 /**
21  * \brief           Parse a PKCS#1 (ASN.1) encoded private RSA key.
22  *
23  * \param rsa       The RSA context where parsed data will be stored.
24  * \param key       The buffer that contains the key.
25  * \param keylen    The length of the key buffer in bytes.
26  *
27  * \return          0 on success.
28  * \return          MBEDTLS_ERR_ASN1_xxx in case of ASN.1 parsing errors.
29  * \return          MBEDTLS_ERR_RSA_xxx in case of RSA internal failures while
30  *                  parsing data.
31  * \return          MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if validity checks on the
32  *                  provided key fail.
33  */
34 int mbedtls_rsa_parse_key(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen);
35 
36 /**
37  * \brief           Parse a PKCS#1 (ASN.1) encoded public RSA key.
38  *
39  * \param rsa       The RSA context where parsed data will be stored.
40  * \param key       The buffer that contains the key.
41  * \param keylen    The length of the key buffer in bytes.
42  *
43  * \return          0 on success.
44  * \return          MBEDTLS_ERR_ASN1_xxx in case of ASN.1 parsing errors.
45  * \return          MBEDTLS_ERR_RSA_xxx in case of RSA internal failures while
46  *                  parsing data.
47  * \return          MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if validity checks on the
48  *                  provided key fail.
49  */
50 int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen);
51 
52 /**
53  * \brief           Write a PKCS#1 (ASN.1) encoded private RSA key.
54  *
55  * \param rsa       The RSA context which contains the data to be written.
56  * \param start     Beginning of the buffer that will be filled with the
57  *                  private key.
58  * \param p         End of the buffer that will be filled with the private key.
59  *                  On successful return, the referenced pointer will be
60  *                  updated in order to point to the beginning of written data.
61  *
62  * \return          On success, the number of bytes written to the output buffer
63  *                  (i.e. a value > 0).
64  * \return          MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the RSA context does not
65  *                  contain a valid key pair.
66  * \return          MBEDTLS_ERR_ASN1_xxx in case of failure while writing to the
67  *                  output buffer.
68  *
69  * \note            The output buffer is filled backward, i.e. starting from its
70  *                  end and moving toward its start.
71  */
72 int mbedtls_rsa_write_key(const mbedtls_rsa_context *rsa, unsigned char *start,
73                           unsigned char **p);
74 
75 /**
76  * \brief           Parse a PKCS#1 (ASN.1) encoded public RSA key.
77  *
78  * \param rsa       The RSA context which contains the data to be written.
79  * \param start     Beginning of the buffer that will be filled with the
80  *                  private key.
81  * \param p         End of the buffer that will be filled with the private key.
82  *                  On successful return, the referenced pointer will be
83  *                  updated in order to point to the beginning of written data.
84  *
85  * \return          On success, the number of bytes written to the output buffer
86  *                  (i.e. a value > 0).
87  * \return          MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the RSA context does not
88  *                  contain a valid public key.
89  * \return          MBEDTLS_ERR_ASN1_xxx in case of failure while writing to the
90  *                  output buffer.
91  *
92  * \note            The output buffer is filled backward, i.e. starting from its
93  *                  end and moving toward its start.
94  */
95 int mbedtls_rsa_write_pubkey(const mbedtls_rsa_context *rsa, unsigned char *start,
96                              unsigned char **p);
97 
98 #if defined(MBEDTLS_PKCS1_V21)
99 /**
100  * \brief This function is analogue to \c mbedtls_rsa_rsassa_pss_sign().
101  *        The only difference between them is that this function is more flexible
102  *        on the parameters of \p ctx that are set with \c mbedtls_rsa_set_padding().
103  *
104  * \note  Compared to its counterpart, this function:
105  *        - does not check the padding setting of \p ctx.
106  *        - allows the hash_id of \p ctx to be MBEDTLS_MD_NONE,
107  *          in which case it uses \p md_alg as the hash_id.
108  *
109  * \note  Refer to \c mbedtls_rsa_rsassa_pss_sign() for a description
110  *        of the functioning and parameters of this function.
111  */
112 int mbedtls_rsa_rsassa_pss_sign_no_mode_check(mbedtls_rsa_context *ctx,
113                                               int (*f_rng)(void *, unsigned char *, size_t),
114                                               void *p_rng,
115                                               mbedtls_md_type_t md_alg,
116                                               unsigned int hashlen,
117                                               const unsigned char *hash,
118                                               unsigned char *sig);
119 #endif /* MBEDTLS_PKCS1_V21 */
120 
121 #endif /* rsa_internal.h */
122