buffer_t hmac::finish() { buffer_t digest(pimpl->size(), '\0'); mbedcrypto_c_call(mbedtls_md_hmac_finish, &pimpl->ctx_, to_ptr(digest)); return digest; }
buffer_t decrypt(context& d, buffer_view_t encrypted_value) { if (type_of(d) != pk_t::rsa) throw exceptions::support_error{}; if ((encrypted_value.size() << 3) > key_bitlen(d)) throw larger_than_key{}; size_t olen = 32 + max_crypt_size(d); buffer_t output(olen, '\0'); mbedcrypto_c_call( mbedtls_pk_decrypt, &d.pk_, encrypted_value.data(), encrypted_value.size(), to_ptr(output), &olen, olen, rnd_generator::maker, &d.rnd_); output.resize(olen); return output; }
buffer_t export_public_key(context& d, key_format fmt) { #if defined(MBEDTLS_PK_WRITE_C) buffer_t output(K::DefaultExportBufferSize, '\0'); if (fmt == pk::pem_format) { mbedcrypto_c_call( mbedtls_pk_write_pubkey_pem, &d.pk_, to_ptr(output), K::DefaultExportBufferSize); output.resize(std::strlen(output.c_str())); finalize_pem(output); } else if (fmt == pk::der_format) { int ret = mbedtls_pk_write_pubkey_der( &d.pk_, to_ptr(output), K::DefaultExportBufferSize); if (ret < 0) throw exception{ret, __FUNCTION__}; size_t length = ret; output.erase(0, K::DefaultExportBufferSize - length); output.resize(length); } return output; #else // MBEDTLS_PK_WRITE_C throw exceptions::pk_export_missed{}; #endif // MBEDTLS_PK_WRITE_C }
void load_public_key(context& d, const char* fpath) { auto old_type = type_of(d); reset(d); mbedcrypto_c_call(mbedtls_pk_parse_public_keyfile, &d.pk_, fpath); // check the key type ensure_type_match(d, old_type, type_of(d)); d.key_is_private_ = false; }
buffer_t hash::make(hash_t type, const unsigned char* src, size_t length) { auto digest = digest_pair(type); mbedcrypto_c_call( mbedtls_md, std::get<0>(digest), src, length, to_ptr(std::get<1>(digest))); return std::get<1>(digest); }
void import_public_key(context& d, buffer_view_t pub_data) { auto old_type = type_of(d); reset(d); mbedcrypto_c_call( mbedtls_pk_parse_public_key, &d.pk_, pub_data.data(), pub_data.size()); // check the key type ensure_type_match(d, old_type, type_of(d)); d.key_is_private_ = false; }
buffer_t hash::of_file(hash_t type, const char* filePath) { #if defined(MBEDTLS_FS_IO) auto digest = digest_pair(type); mbedcrypto_c_call( mbedtls_md_file, std::get<0>(digest), filePath, to_ptr(std::get<1>(digest))); return std::get<1>(digest); #else throw support_exception{}; #endif }
void generate_ec_key(context& d, curve_t ctype) { #if defined(MBEDTLS_ECP_C) // resets previous states pk::reset_as(d, pk_t::eckey); mbedcrypto_c_call( mbedtls_ecp_gen_key, to_native(ctype), mbedtls_pk_ec(d.pk_), rnd_generator::maker, &d.rnd_); // set the key type d.key_is_private_ = true; #else // MBEDTLS_ECP_C throw exceptions::ecp_missed{}; #endif // MBEDTLS_ECP_C }
void generate_rsa_key(context& d, size_t key_bitlen, size_t exponent) { #if defined(MBEDTLS_GENPRIME) // resets previous states pk::reset_as(d, pk_t::rsa); mbedcrypto_c_call( mbedtls_rsa_gen_key, mbedtls_pk_rsa(d.pk_), rnd_generator::maker, &d.rnd_, static_cast<unsigned int>(key_bitlen), static_cast<int>(exponent)); // set the key type d.key_is_private_ = true; #else // MBEDTLS_GENPRIME throw exceptions::rsa_keygen_missed{}; #endif // MBEDTLS_GENPRIME }
buffer_t sign(context& d, buffer_view_t hvalue, hash_t halgo) { if (type_of(d) != pk_t::rsa && !can_do(d, pk_t::ecdsa)) throw exceptions::support_error{}; check_crypt_size_of(d, hvalue); size_t olen = 32 + max_crypt_size(d); buffer_t output(olen, '\0'); mbedcrypto_c_call( mbedtls_pk_sign, &d.pk_, to_native(halgo), hvalue.data(), hvalue.size(), to_ptr(output), &olen, rnd_generator::maker, &d.rnd_); output.resize(olen); return output; }
buffer_t encrypt(context& d, buffer_view_t source) { if (type_of(d) != pk_t::rsa) throw exceptions::support_error{}; check_crypt_size_of(d, source); size_t olen = 32 + max_crypt_size(d); buffer_t output(olen, '\0'); mbedcrypto_c_call( mbedtls_pk_encrypt, &d.pk_, source.data(), source.size(), to_ptr(output), &olen, olen, rnd_generator::maker, &d.rnd_); output.resize(olen); return output; }
void hmac::update(const unsigned char* src, size_t length) { mbedcrypto_c_call(mbedtls_md_hmac_update, &pimpl->ctx_, src, length); }
void hmac::start() { mbedcrypto_c_call(mbedtls_md_hmac_reset, &pimpl->ctx_); }
void hmac::start(const buffer_t& key) { mbedcrypto_c_call( mbedtls_md_hmac_starts, &pimpl->ctx_, to_const_ptr(key), key.size()); }
void hash::start() { mbedcrypto_c_call(mbedtls_md_starts, &pimpl->ctx_); }