Documentation

Documentation

Includes

config.h

#include "config.h"
#include "config.h"

MBEDTLS_CONFIG_FILE

#include MBEDTLS_CONFIG_FILE
#include MBEDTLS_CONFIG_FILE

x509_crt.h

#include "x509_crt.h"
#include "x509_crt.h"

pkcs11-helper-1.0/pkcs11h-certificate.h

#include <pkcs11-helper-1.0/pkcs11h-certificate.h>
#include 

Macros

Marco MBEDTLS_PKCS11_H

#define MBEDTLS_PKCS11_H


      

Marco inline

#define inline __inline

      

Functions

Func mbedtls_pkcs11_init

void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx );
/**
 * Initialize a mbedtls_pkcs11_context.
 * (Just making memory references valid.)
 */

Func mbedtls_pkcs11_x509_cert_bind

int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11h_cert );
/**
 * Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.
 *
 * \param cert          X.509 certificate to fill
 * \param pkcs11h_cert  PKCS #11 helper certificate
 *
 * \return              0 on success.
 */

Func mbedtls_pkcs11_priv_key_bind

int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key,
       pkcs11h_certificate_t pkcs11_cert );
/**
 * Set up a mbedtls_pkcs11_context storing the given certificate. Note that the
 * mbedtls_pkcs11_context will take over control of the certificate, freeing it when
 * done.
 *
 * \param priv_key      Private key structure to fill.
 * \param pkcs11_cert   PKCS #11 helper certificate
 *
 * \return              0 on success
 */

Func mbedtls_pkcs11_priv_key_free

void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key );
/**
 * Free the contents of the given private key context. Note that the structure
 * itself is not freed.
 *
 * \param priv_key      Private key structure to cleanup
 */

Func mbedtls_pkcs11_decrypt

int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
                      int mode, size_t *olen,
                      const unsigned char *input,
                      unsigned char *output,
                      size_t output_max_len );
/**
 * \brief          Do an RSA private key decrypt, then remove the message
 *                 padding
 *
 * \param ctx      PKCS #11 context
 * \param mode     must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
 * \param input    buffer holding the encrypted data
 * \param output   buffer that will hold the plaintext
 * \param olen     will contain the plaintext length
 * \param output_max_len    maximum length of the output buffer
 *
 * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
 *
 * \note           The output buffer must be as large as the size
 *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
 *                 an error is thrown.
 */

Func mbedtls_pkcs11_sign

int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
                   int mode,
                   mbedtls_md_type_t md_alg,
                   unsigned int hashlen,
                   const unsigned char *hash,
                   unsigned char *sig );
/**
 * \brief          Do a private RSA to sign a message digest
 *
 * \param ctx      PKCS #11 context
 * \param mode     must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
 * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
 * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
 * \param hash     buffer holding the message digest
 * \param sig      buffer that will hold the ciphertext
 *
 * \return         0 if the signing operation was successful,
 *                 or an MBEDTLS_ERR_RSA_XXX error code
 *
 * \note           The "sig" buffer must be as large as the size
 *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
 */

Vars

Consts

Types

Typedefs

Typedef mbedtls_pkcs11_context;

typedef struct mbedtls_pkcs11_context
{
       pkcs11h_certificate_t pkcs11h_cert;
       int len;
} mbedtls_pkcs11_context;
/**
 * Context for PKCS #11 private keys.
 */