 |
m2mb API docs
25.30.003
m2mb API sets documentation
|
|
m2mb API docs
25.30.003
m2mb API sets documentation
|
The RSA public-key cryptosystem. More...
Enumerations | |
| enum | M2MB_CRYPTO_RSA_PADDING_TYPE_E { M2MB_CRYPTO_RSA_PADDING_PKCS1_V15, M2MB_CRYPTO_RSA_PADDING_PKCS1_OAEP, M2MB_CRYPTO_RSA_PADDING_PKCS1_PSS, M2MB_CRYPTO_RSA_PADDING_PKCS1_PSS_AUTORECOVER_SALTLEN, M2MB_CRYPTO_RSA_PADDING_NONE } |
| Padding types for RSA encryption. More... | |
| enum | M2MB_CRYPTO_RSA_MODE_E { M2MB_CRYPTO_RSA_PUBLIC, M2MB_CRYPTO_RSA_PRIVATE } |
| The operation mode (encrypt/decrypt). | |
Functions | |
| M2MB_RESULT_E | m2mb_crypto_rsa_init (M2MB_CRYPTO_RSA_CONTEXT *ctx, M2MB_CRYPTO_RSA_PADDING_TYPE_E padding_type, M2MB_CRYPTO_MD_ALG_E hash_id) |
| Allocates an M2MB_CRYPTO_RSA_CONTEXT structure. More... | |
| M2MB_RESULT_E | m2mb_crypto_rsa_deinit (M2MB_CRYPTO_RSA_CONTEXT ctx) |
| Free an M2MB_CRYPTO_RSA_CONTEXT structure. More... | |
| M2MB_RESULT_E | m2mb_crypto_rsa_public (M2MB_CRYPTO_RSA_CONTEXT ctx, const UINT8 *in, UINT8 *out) |
| RSA public key operation. More... | |
| M2MB_RESULT_E | m2mb_crypto_rsa_private (M2MB_CRYPTO_RSA_CONTEXT ctx, const UINT8 *in, UINT8 *out) |
| RSA private key operation. More... | |
| M2MB_RESULT_E | m2mb_crypto_rsa_generate_key (M2MB_CRYPTO_RSA_CONTEXT ctx, UINT32 key_size, UINT32 public_exponent) |
| Generates an RSA key pair. More... | |
| M2MB_RESULT_E | m2mb_crypto_rsa_keyblob_export (M2MB_CRYPTO_RSA_CONTEXT ctx, UINT8 *keyblob, UINT32 *keyblob_length) |
| Exports an RSA key pair blob from the given context. The blob is encrypted with a device specific key and can only be used on the same HW originating it. More... | |
| M2MB_RESULT_E | m2mb_crypto_rsa_keyblob_import (M2MB_CRYPTO_RSA_CONTEXT ctx, const UINT8 *keyblob, UINT32 keyblob_length) |
| Imports an RSA key pair into the context. More... | |
| M2MB_RESULT_E | m2mb_crypto_rsa_public_key_export (M2MB_CRYPTO_RSA_CONTEXT ctx, UINT8 *modulus, UINT32 *modulus_size, UINT8 *public_exponent, UINT32 *public_exponent_size) |
| Exports an RSA public key from the given context. More... | |
| M2MB_RESULT_E | m2mb_crypto_rsa_public_key_import (M2MB_CRYPTO_RSA_CONTEXT ctx, const UINT8 *modulus, UINT32 modulus_size, const UINT8 *public_exponent, UINT32 public_exponent_size) |
| Imports an RSA public key to the given context. More... | |
| M2MB_RESULT_E | m2mb_crypto_rsa_externalkey_import (M2MB_CRYPTO_RSA_CONTEXT ctx, const UINT8 *modulus, UINT32 modulus_size, const UINT8 *p_factor, UINT32 p_factor_size, const UINT8 *q_factor, UINT32 q_factor_size, const UINT8 *public_exponent, UINT32 public_exponent_size, const UINT8 *private_exponent, UINT32 private_exponent_size, M2MB_CRYPTO_RSA_PADDING_TYPE_E padding_type) |
| Imports an externally generated RSA key pair into the context. More... | |
| M2MB_RESULT_E | m2mb_crypto_rsa_encrypt (M2MB_CRYPTO_RSA_CONTEXT ctx, M2MB_CRYPTO_RSA_MODE_E mode, SIZE_T inlen, const UINT8 *in, UINT8 *out) |
| Generic RSA PKCS#1 encryption method. This function adds the message padding, then performs an RSA operation (encryption). More... | |
| M2MB_RESULT_E | m2mb_crypto_rsa_decrypt (M2MB_CRYPTO_RSA_CONTEXT ctx, M2MB_CRYPTO_RSA_MODE_E mode, SIZE_T *outlen, UINT8 *out, SIZE_T out_max_len, const UINT8 *in) |
| Generic RSA PKCS#1 decryption method. This function performs an RSA operation (decryption), then removes the message padding. More... | |
| M2MB_RESULT_E | m2mb_crypto_rsa_sign (M2MB_CRYPTO_RSA_CONTEXT ctx, M2MB_CRYPTO_RSA_MODE_E mode, M2MB_CRYPTO_MD_ALG_E md_alg, UINT32 hashlen, const UINT8 *hash, UINT8 *sig) |
| Generic RSA PKCS#1 signature creation method. The signature is created using the context key (created via the m2mb_crypto_rsa_generate_key()). More... | |
| M2MB_RESULT_E | m2mb_crypto_rsa_verify (M2MB_CRYPTO_RSA_CONTEXT ctx, UINT8 *pubkey, UINT32 pubkey_length, M2MB_CRYPTO_MD_ALG_E md_alg, UINT32 hashlen, const UINT8 *hash, const UINT8 *sig) |
| Generic RSA PKCS#1 signature verification method. More... | |
The RSA public-key cryptosystem.
Padding types for RSA encryption.
| M2MB_RESULT_E m2mb_crypto_rsa_decrypt | ( | M2MB_CRYPTO_RSA_CONTEXT | ctx, |
| M2MB_CRYPTO_RSA_MODE_E | mode, | ||
| SIZE_T * | outlen, | ||
| UINT8 * | out, | ||
| SIZE_T | out_max_len, | ||
| const UINT8 * | in | ||
| ) |
Generic RSA PKCS#1 decryption method. This function performs an RSA operation (decryption), then removes the message padding.
This function decrypts <inlen> bytes from <in> buffer using the public/private key from <ctx> (depending on the <mode> provided) and writes, at most, out_max_len bytes of cyphertext data to <out>. The value inlen cannot be bigger than the modulus size.
| [in] | ctx | Pointer to a context structure previously allocated by m2mb_crypto_rsa_init(). |
| [in] | mode | M2MB_CRYPTO_RSA_PUBLIC or M2MB_CRYPTO_RSA_PRIVATE |
| [out] | outlen | The length, in bytes, of the plaintext data put into <out> |
| [out] | out | The buffer that will hold the resulting plaintext. Must be as large as the RSA modulus size . |
| [in] | out_max_len | The maximum length of the out buffer |
| [in] | in | The ciphertext buffer to decrypt. Must be as large as the size of the modulus (eg. 128 bytes if RSA-1024 is used) |
Example
| M2MB_RESULT_E m2mb_crypto_rsa_deinit | ( | M2MB_CRYPTO_RSA_CONTEXT | ctx | ) |
Free an M2MB_CRYPTO_RSA_CONTEXT structure.
This function free a previously allocated RSA context.
| [in] | ctx | Pointer to a context structure to be free by this function. |
| M2MB_RESULT_E m2mb_crypto_rsa_encrypt | ( | M2MB_CRYPTO_RSA_CONTEXT | ctx, |
| M2MB_CRYPTO_RSA_MODE_E | mode, | ||
| SIZE_T | inlen, | ||
| const UINT8 * | in, | ||
| UINT8 * | out | ||
| ) |
Generic RSA PKCS#1 encryption method. This function adds the message padding, then performs an RSA operation (encryption).
This function encrypts <inlen> bytes from <in> buffer using the public/private key from <ctx> (depending on the <mode> provided>) and writes, at most, <modulus> bytes of cyphertext data to <out>. It is the generic wrapper for performing a PKCS#1 encryption (PKCS#1 v1.5 and PKCS#1 v2.1 padding)
| [in] | ctx | Pointer to a context structure previously allocated by m2mb_crypto_rsa_init(). |
| [in] | mode | M2MB_CRYPTO_RSA_PUBLIC or M2MB_CRYPTO_RSA_PRIVATE |
| [in] | inlen | The length, in bytes, of the <in> plaintext buffer |
| [in] | in | The plaintext buffer to encrypt. This must not be NULL In case of M2MB_CRYPTO_RSA_PADDING_NONE or M2MB_CRYPTO_RSA_PADDING_PKCS1_V15, the plaintext max length must be M-11 octets, where M is the length in bytes of the modulus n. References:https://tools.ietf.org/html/rfc2437#section-7.2.1 In the others cases (PKCS version 2.1), the plaintext max length must be M-2-2hLen octets, where M is the length in bytes of the modulus n and hLen is the length the hash function. References: https://tools.ietf.org/html/rfc2437#section-7.1.1 |
| [out] | out | The buffer that will hold the ciphertext. Must be in the size of RSA modulus size (eg. 128 bytes if RSA-1024 is used). |
Example
| M2MB_RESULT_E m2mb_crypto_rsa_externalkey_import | ( | M2MB_CRYPTO_RSA_CONTEXT | ctx, |
| const UINT8 * | modulus, | ||
| UINT32 | modulus_size, | ||
| const UINT8 * | p_factor, | ||
| UINT32 | p_factor_size, | ||
| const UINT8 * | q_factor, | ||
| UINT32 | q_factor_size, | ||
| const UINT8 * | public_exponent, | ||
| UINT32 | public_exponent_size, | ||
| const UINT8 * | private_exponent, | ||
| UINT32 | private_exponent_size, | ||
| M2MB_CRYPTO_RSA_PADDING_TYPE_E | padding_type | ||
| ) |
Imports an externally generated RSA key pair into the context.
m2mb_crypto_rsa_externalkey_import
This function imports a given RSA key pair (which was created by an external implementation) to the provided context. This basically allows using of a keys not created by the m2mb_crypto component.
| [in] | ctx | Pointer to a context structure previously allocated by m2mb_crypto_rsa_init(). |
| [in] | modulus | RSA modulus |
| [in] | modulus_size | RSA modulus size in bytes |
| [in] | p_factor | RSA p factor |
| [in] | p_factor_size | RSA p factor size in bytes |
| [in] | q_factor | RSA q factor |
| [in] | q_factor_size | RSA q factor size in bytes |
| [in] | public_exponent | RSA public exponent. |
| [in] | public_exponent_size | RSA public exponent size in bytes |
| [in] | private_exponent | RSA private exponent. |
| [in] | private_exponent_size | RSA private exponent size in bytes |
| [in] | padding_type | Padding type to use. |
Example
| M2MB_RESULT_E m2mb_crypto_rsa_generate_key | ( | M2MB_CRYPTO_RSA_CONTEXT | ctx, |
| UINT32 | key_size, | ||
| UINT32 | public_exponent | ||
| ) |
Generates an RSA key pair.
This function generates an RSA key pair. The RSA key pair is stored in the context and can be exported via a call to m2mb_crypto_rsa_key_export().
| [in] | ctx | Pointer to a context structure previously allocated by m2mb_crypto_rsa_init(). |
| [in] | key_size | RSA key length (in bytes). |
| [in] | public_exponent | The public key exponent This must be odd and greater than 1. |
| M2MB_RESULT_E m2mb_crypto_rsa_init | ( | M2MB_CRYPTO_RSA_CONTEXT * | ctx, |
| M2MB_CRYPTO_RSA_PADDING_TYPE_E | padding_type, | ||
| M2MB_CRYPTO_MD_ALG_E | hash_id | ||
| ) |
Allocates an M2MB_CRYPTO_RSA_CONTEXT structure.
This function allocates an RSA context to be later used by any RSA function.
| [in] | ctx | Pointer to a context structure to be allocated by this function. Any consecutive call to RSA function must use this context. |
| [in] | padding_type | Padding type to use. |
| [in] | hash_id | The index of hash algorithm used for generating signature. There are also two RSA encryption schemes with padding: RSA PKCS-v1.5 and RSA OAEP, the hash_id is needed only for RSA OAEP. |
Setting M2MB_CRYPTO_RSA_PADDING_NONE falls in PKCS#1 v1.5 padding mode when using m2mb_crypto_rsa_encrypt and m2mb_crypto_rsa_decrypt.
To encrypt / decript a buffer without padding, use m2mb_crypto_rsa_public and m2mb_crypto_rsa_private
Example
| M2MB_RESULT_E m2mb_crypto_rsa_keyblob_export | ( | M2MB_CRYPTO_RSA_CONTEXT | ctx, |
| UINT8 * | keyblob, | ||
| UINT32 * | keyblob_length | ||
| ) |
Exports an RSA key pair blob from the given context. The blob is encrypted with a device specific key and can only be used on the same HW originating it.
This function exports an RSA key pair for the given context. Assumption made is that the context already have keys, i.e. keys were created using the m2mb_crypto_rsa_generate_key()
| [in] | ctx | Pointer to a context structure previously allocated by m2mb_crypto_rsa_init(). |
| [out] | keyblob | The buffer that will hold the result keyblob representing the exported RSA key pair. If keyblob ptr is NULL, this function will return the number of bytes required for the keyblob via the keyblob_length pointer. |
| [out] | keyblob_length | The length of the RSA key blob |
Example
| M2MB_RESULT_E m2mb_crypto_rsa_keyblob_import | ( | M2MB_CRYPTO_RSA_CONTEXT | ctx, |
| const UINT8 * | keyblob, | ||
| UINT32 | keyblob_length | ||
| ) |
Imports an RSA key pair into the context.
This function imports a given keyblob (which was previously created by m2mb_crypto_rsa_generate_key and was exported by m2mb_crypto_rsa_key_export) to the provided context. This basically allows using of an old keys with an existing context. The blob is encrypted with a device specific key and can only be used on the same HW originating it.
| [in] | ctx | Pointer to a context structure previously allocated by m2mb_crypto_rsa_init(). |
| [in] | keyblob | The keyblob previously exported using m2mb_crypto_rsa_key_export() that will be imported into the given context. These keys can then be used for RSA operations like encrypt, decrypt, sign & verify. |
| [in] | keyblob_length | The length of the RSA key blob |
| M2MB_RESULT_E m2mb_crypto_rsa_private | ( | M2MB_CRYPTO_RSA_CONTEXT | ctx, |
| const UINT8 * | in, | ||
| UINT8 * | out | ||
| ) |
RSA private key operation.
This function is doing an RSA private key operation. This function does not handle message padding. Generally used to get the original message from the secret produced with m2mb_crypto_rsa_public(...). If instead it used to generate the secret, to get back the original message, RSA public key operation need to be performed. See m2mb_crypto_rsa_public(...)
| [in] | ctx | Pointer to a context structure previously allocated by m2mb_crypto_rsa_init(). |
| [in] | in | The input buffer. Must be large enough for the RSA operation key that is used (e.g. 128 bytes if RSA-1024 is used) |
| [out] | out | The output buffer. Must be large enough for the RSA operation key that is used (e.g. 128 bytes if RSA-1024 is used) |
Example
| M2MB_RESULT_E m2mb_crypto_rsa_public | ( | M2MB_CRYPTO_RSA_CONTEXT | ctx, |
| const UINT8 * | in, | ||
| UINT8 * | out | ||
| ) |
RSA public key operation.
This function is doing an RSA public key operation. This function does not handle message padding. Generally used to produce secret from original message. If instead it used to get original message from secret, the secret must have been produced with an RSA private key operation. See m2mb_crypto_rsa_private(...)
| [in] | ctx | Pointer to a context structure previously allocated by m2mb_crypto_rsa_init(). |
| [in] | in | The input buffer that must be large enough for the RSA operation key that is used (e.g. 128 bytes if RSA-1024 is used). |
| [out] | out | The output buffer that must be large enough for the RSA operation key that is used (e.g. 128 bytes if RSA-1024 is used). |
Example
| M2MB_RESULT_E m2mb_crypto_rsa_public_key_export | ( | M2MB_CRYPTO_RSA_CONTEXT | ctx, |
| UINT8 * | modulus, | ||
| UINT32 * | modulus_size, | ||
| UINT8 * | public_exponent, | ||
| UINT32 * | public_exponent_size | ||
| ) |
Exports an RSA public key from the given context.
This function exports an RSA public key exponent and modulus for the given context. The RSA public key information will be exported from the given context (assuming context has keys associated).
| [in] | ctx | Pointer to a context structure previously allocated by m2mb_crypto_rsa_init(). |
| [out] | modulus | RSA modulus. If modulus ptr is NULL, this function will return the number of bytes required for the modulus via the modulus_size pointer. |
| [out] | modulus_size | RSA modulus size |
| [out] | public_exponent | RSA public exponent. If public_exponent ptr is NULL, this function will return the number of bytes required for the public_exponent via the public_exponent_size pointer. |
| [out] | public_exponent_size | RSA public exponent size. |
Example
| M2MB_RESULT_E m2mb_crypto_rsa_public_key_import | ( | M2MB_CRYPTO_RSA_CONTEXT | ctx, |
| const UINT8 * | modulus, | ||
| UINT32 | modulus_size, | ||
| const UINT8 * | public_exponent, | ||
| UINT32 | public_exponent_size | ||
| ) |
Imports an RSA public key to the given context.
This function imports an RSA public key exponent and modulus into the given context. The RSA public key information, i.e. exponent and mudulus will be stored into the provided context.
| [in] | ctx | Pointer to a context structure previously allocated by m2mb_crypto_rsa_init(). |
| [in] | modulus | RSA modulus. Must not be NULL. |
| [in] | modulus_size | RSA modulus size, in bytes. |
| [in] | public_exponent | RSA public exponent. Must not be NULL. |
| [in] | public_exponent_size | RSA public exponent size, in bytes. |
Example present in the above m2mb_crypto_rsa_public_key_export
| M2MB_RESULT_E m2mb_crypto_rsa_sign | ( | M2MB_CRYPTO_RSA_CONTEXT | ctx, |
| M2MB_CRYPTO_RSA_MODE_E | mode, | ||
| M2MB_CRYPTO_MD_ALG_E | md_alg, | ||
| UINT32 | hashlen, | ||
| const UINT8 * | hash, | ||
| UINT8 * | sig | ||
| ) |
Generic RSA PKCS#1 signature creation method. The signature is created using the context key (created via the m2mb_crypto_rsa_generate_key()).
This function will use the padding setup (done by m2mb_crypto_rsa_init()) and performs a private RSA operation to sign the message digest.
| [in] | ctx | Pointer to a context structure previously allocated by m2mb_crypto_rsa_init(). |
| [in] | mode | M2MB_CRYPTO_RSA_PUBLIC or M2MB_CRYPTO_RSA_PRIVATE It is deprecated and discouraged to call this function using M2MB_CRYPTO_RSA_PUBLIC mode |
| [out] | md_alg | The message digest algorithm or M2MB_CRYPTO_MD_NONE for raw data signing. |
| [out] | hashlen | The length of the provided <hash>, i.e. the message digest length. It is only required when using <md_alg>=M2MB_CRYPTO_MD_NONE and retrieved automatically from the hash algorithm if md_alg is specified. |
| [in] | hash | The message digest to sign. |
| [out] | sig | The result ciphertext. The sig buffer must be as large as the size of the modulus. For example len of sig = 128 bytes if RSA-1024 is used. |
Example
| M2MB_RESULT_E m2mb_crypto_rsa_verify | ( | M2MB_CRYPTO_RSA_CONTEXT | ctx, |
| UINT8 * | pubkey, | ||
| UINT32 | pubkey_length, | ||
| M2MB_CRYPTO_MD_ALG_E | md_alg, | ||
| UINT32 | hashlen, | ||
| const UINT8 * | hash, | ||
| const UINT8 * | sig | ||
| ) |
Generic RSA PKCS#1 signature verification method.
This function will use the padding setup (done by m2mb_crypto_rsa_init()) and will do a public RSA operation to verify the signature and performs a public RSA operation.
| [in] | ctx | Pointer to a context structure previously initialized by m2mb_crypto_rsa_init(). |
| [in] | pubkey | The public key to use for the verification (plaintext). Today not SUPPORTED: pubkey must be set to NULL and the public key from the current context is used. With pubkey different from NULL an error is provided. |
| [in] | pubkey_length | The length of the provided public key. Still NOT SUPPORTED: 0 need to be provided. |
| [out] | md_alg | The message digest algorithm or M2MB_CRYPTO_MD_NONE for raw data verification. |
| [out] | hashlen | The length of the provided <hash>, i.e. the message digest length. It is only required when using <md_alg>=M2MB_CRYPTO_MD_NONE and retrieved automatically from the hash algorithm if md_alg is specified. |
| [in] | hash | The message digest to verify it's signature. |
| [in] | sig | The signature ciphertext to verify against the hash. |
Example
1.8.16