Wrapper for PKCS#11 library libpkcs11-helper.
More...
#include "mbedtls/config.h"
#include "mbedtls/x509_crt.h"
#include <pkcs11-helper-1.0/pkcs11h-certificate.h>
Go to the source code of this file.
|
MBEDTLS_DEPRECATED void | mbedtls_pkcs11_init (mbedtls_pkcs11_context *ctx) |
|
MBEDTLS_DEPRECATED int | mbedtls_pkcs11_x509_cert_bind (mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11h_cert) |
|
MBEDTLS_DEPRECATED int | mbedtls_pkcs11_priv_key_bind (mbedtls_pkcs11_context *priv_key, pkcs11h_certificate_t pkcs11_cert) |
|
MBEDTLS_DEPRECATED void | mbedtls_pkcs11_priv_key_free (mbedtls_pkcs11_context *priv_key) |
|
MBEDTLS_DEPRECATED int | mbedtls_pkcs11_decrypt (mbedtls_pkcs11_context *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len) |
| Do an RSA private key decrypt, then remove the message padding. More...
|
|
MBEDTLS_DEPRECATED int | mbedtls_pkcs11_sign (mbedtls_pkcs11_context *ctx, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig) |
| Do a private RSA to sign a message digest. More...
|
|
static MBEDTLS_DEPRECATED int | mbedtls_ssl_pkcs11_decrypt (void *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len) |
|
static MBEDTLS_DEPRECATED int | mbedtls_ssl_pkcs11_sign (void *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig) |
| This function signs a message digest using RSA. More...
|
|
static MBEDTLS_DEPRECATED size_t | mbedtls_ssl_pkcs11_key_len (void *ctx) |
|
Wrapper for PKCS#11 library libpkcs11-helper.
- Author
- Adriaan de Jong dejon.nosp@m.g@fo.nosp@m.x-it..nosp@m.com
Definition in file pkcs11.h.
#define MBEDTLS_DEPRECATED __attribute__((deprecated)) |
Context for PKCS #11 private keys.
Do an RSA private key decrypt, then remove the message padding.
- Deprecated:
- This function is deprecated and will be removed in a future version of the library.
- Parameters
-
ctx | PKCS #11 context |
mode | must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature |
input | buffer holding the encrypted data |
output | buffer that will hold the plaintext |
olen | will contain the plaintext length |
output_max_len | maximum length of the output buffer |
- Returns
- 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
- Note
- The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise an error is thrown.
Referenced by mbedtls_ssl_pkcs11_decrypt().
Initialize a mbedtls_pkcs11_context. (Just making memory references valid.)
- Deprecated:
- This function is deprecated and will be removed in a future version of the library.
Set up a mbedtls_pkcs11_context storing the given certificate. Note that the mbedtls_pkcs11_context will take over control of the certificate, freeing it when done.
- Deprecated:
- This function is deprecated and will be removed in a future version of the library.
- Parameters
-
priv_key | Private key structure to fill. |
pkcs11_cert | PKCS #11 helper certificate |
- Returns
- 0 on success
Free the contents of the given private key context. Note that the structure itself is not freed.
- Deprecated:
- This function is deprecated and will be removed in a future version of the library.
- Parameters
-
priv_key | Private key structure to cleanup |
Do a private RSA to sign a message digest.
- Deprecated:
- This function is deprecated and will be removed in a future version of the library.
- Parameters
-
ctx | PKCS #11 context |
mode | must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature |
md_alg | a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) |
hashlen | message digest length (for MBEDTLS_MD_NONE only) |
hash | buffer holding the message digest |
sig | buffer that will hold the ciphertext |
- Returns
- 0 if the signing operation was successful, or an MBEDTLS_ERR_RSA_XXX error code
- Note
- The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).
Referenced by mbedtls_ssl_pkcs11_sign().
Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.
- Deprecated:
- This function is deprecated and will be removed in a future version of the library.
- Parameters
-
cert | X.509 certificate to fill |
pkcs11h_cert | PKCS #11 helper certificate |
- Returns
- 0 on success.
static MBEDTLS_DEPRECATED int mbedtls_ssl_pkcs11_decrypt |
( |
void * |
ctx, |
|
|
int |
mode, |
|
|
size_t * |
olen, |
|
|
const unsigned char * |
input, |
|
|
unsigned char * |
output, |
|
|
size_t |
output_max_len |
|
) |
| |
|
inlinestatic |
This function gets the length of the private key.
- Deprecated:
- This function is deprecated and will be removed in a future version of the library.
- Parameters
-
- Returns
- The length of the private key.
Definition at line 231 of file pkcs11.h.
static MBEDTLS_DEPRECATED int mbedtls_ssl_pkcs11_sign |
( |
void * |
ctx, |
|
|
int(*)(void *, unsigned char *, size_t) |
f_rng, |
|
|
void * |
p_rng, |
|
|
int |
mode, |
|
|
mbedtls_md_type_t |
md_alg, |
|
|
unsigned int |
hashlen, |
|
|
const unsigned char * |
hash, |
|
|
unsigned char * |
sig |
|
) |
| |
|
inlinestatic |
This function signs a message digest using RSA.
- Deprecated:
- This function is deprecated and will be removed in a future version of the library.
- Parameters
-
ctx | The PKCS #11 context. |
f_rng | The RNG function. This parameter is unused. |
p_rng | The RNG context. This parameter is unused. |
mode | The operation to run. This must be set to MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature. |
md_alg | The message digest algorithm. One of the MBEDTLS_MD_XXX must be passed to this function and MBEDTLS_MD_NONE can be used for signing raw data. |
hashlen | The message digest length (for MBEDTLS_MD_NONE only). |
hash | The buffer holding the message digest. |
sig | The buffer that will hold the ciphertext. |
- Returns
0
if the signing operation was successful.
-
A non-zero error code on failure.
- Note
- The
sig
buffer must be as large as the size of ctx->N
. For example, 128 bytes if RSA-1024 is used.
Definition at line 210 of file pkcs11.h.
References mbedtls_pkcs11_sign().