#[repr(C)]pub struct Pk { /* private fields */ }
Implementations§
source§impl Pk
impl Pk
sourcepub fn from_private_key(key: &[u8], password: Option<&[u8]>) -> Result<Pk>
pub fn from_private_key(key: &[u8], password: Option<&[u8]>) -> Result<Pk>
Takes both DER and PEM forms of PKCS#1 or PKCS#8 encoded keys.
When calling on PEM-encoded data, key
must be NULL-terminated
sourcepub fn from_public_key(key: &[u8]) -> Result<Pk>
pub fn from_public_key(key: &[u8]) -> Result<Pk>
Takes both DER and PEM encoded SubjectPublicKeyInfo keys.
When calling on PEM-encoded data, key
must be NULL-terminated
pub fn generate_rsa<F: Random>( rng: &mut F, bits: u32, exponent: u32 ) -> Result<Pk>
pub fn generate_ec<F: Random, C: TryInto<EcGroup, Error = impl Into<Error>>>( rng: &mut F, curve: C ) -> Result<Pk>
pub fn private_from_ec_components( curve: EcGroup, private_key: Mpi ) -> Result<Pk>
private_from_ec_scalar_with_rng
instead.sourcepub fn private_from_ec_scalar_with_rng<F: Random>(
curve: EcGroup,
private_key: Mpi,
rng: &mut F
) -> Result<Pk>
pub fn private_from_ec_scalar_with_rng<F: Random>( curve: EcGroup, private_key: Mpi, rng: &mut F ) -> Result<Pk>
Constructs a private key from elliptic curve components.
This function requires a random number generator (RNG) because it uses the EcPoint::mul
function which requires an RNG for blinding.
It initializes a Pk
context, generates the public key point by multiplying the curve generator
with the private key, and sets up the private key context with the generated curve, private key,
and public point.
§Arguments
rng
- The RNG used for blinding in theEcPoint::mul
function.curve
- The elliptic curve group to use for key generation.private_key
- The private key as an MPI (Multiple Precision Integer).
§Returns
Result<Pk>
- APk
context filled with the generated private key on success.
§Errors
This function will return an error if:
- Fails to generate
EcPoint
from given EcGroup incurve
. - The underlying C
mbedtls_pk_setup
function fails to set up thePk
context. - The
EcPoint::mul_with_rng
function fails to generate the public key point.
pub fn public_from_ec_components( curve: EcGroup, public_point: EcPoint ) -> Result<Pk>
sourcepub fn private_from_rsa_components(
components: RsaPrivateComponents<'_>
) -> Result<Pk>
pub fn private_from_rsa_components( components: RsaPrivateComponents<'_> ) -> Result<Pk>
Construct a private key from RSA components.
sourcepub fn public_from_rsa_components(
components: RsaPublicComponents<'_>
) -> Result<Pk>
pub fn public_from_rsa_components( components: RsaPublicComponents<'_> ) -> Result<Pk>
Construct a public key from RSA components.
pub fn public_custom_algo(algo_id: &[u64], pk: &[u8]) -> Result<Pk>
pub fn private_custom_algo(algo_id: &[u64], pk: &[u8], sk: &[u8]) -> Result<Pk>
pub fn custom_algo_id(&self) -> Result<&[u64]>
pub fn custom_public_key(&self) -> Result<&[u8]>
pub fn custom_private_key(&self) -> Result<&[u8]>
sourcepub fn set_options(&mut self, options: Options)
pub fn set_options(&mut self, options: Options)
Panics if the options are not valid for this key type.
pub fn can_do(&self, t: Type) -> bool
pub fn check_pair(public: &Self, private: &Self) -> bool
pub fn pk_type(&self) -> Type
pub fn curve(&self) -> Result<EcGroupId>
pub fn curve_oid(&self) -> Result<Vec<u64>>
pub fn ec_group(&self) -> Result<EcGroup>
pub fn ec_public(&self) -> Result<EcPoint>
pub fn ec_private(&self) -> Result<Mpi>
pub fn rsa_public_modulus(&self) -> Result<Mpi>
pub fn rsa_private_prime1(&self) -> Result<Mpi>
pub fn rsa_private_prime2(&self) -> Result<Mpi>
pub fn rsa_private_exponent(&self) -> Result<Mpi>
pub fn rsa_crt_dp(&self) -> Result<Mpi>
pub fn rsa_crt_dq(&self) -> Result<Mpi>
pub fn rsa_crt_qp(&self) -> Result<Mpi>
pub fn rsa_public_exponent(&self) -> Result<u32>
pub fn name(&self) -> Result<&str>
pub fn decrypt<F: Random>( &mut self, cipher: &[u8], plain: &mut [u8], rng: &mut F ) -> Result<usize>
sourcepub fn decrypt_with_label<F: Random>(
&mut self,
cipher: &[u8],
plain: &mut [u8],
rng: &mut F,
label: &[u8]
) -> Result<usize>
pub fn decrypt_with_label<F: Random>( &mut self, cipher: &[u8], plain: &mut [u8], rng: &mut F, label: &[u8] ) -> Result<usize>
Decrypt using a custom label.
This function may only be called on an RSA key with its padding set to RSA_PKCS_V21.
pub fn encrypt<F: Random>( &mut self, plain: &[u8], cipher: &mut [u8], rng: &mut F ) -> Result<usize>
sourcepub fn encrypt_with_label<F: Random>(
&mut self,
plain: &[u8],
cipher: &mut [u8],
rng: &mut F,
label: &[u8]
) -> Result<usize>
pub fn encrypt_with_label<F: Random>( &mut self, plain: &[u8], cipher: &mut [u8], rng: &mut F, label: &[u8] ) -> Result<usize>
Encrypt using a custom label.
This function may only be called on an RSA key with its padding set to RSA_PKCS_V21.
sourcepub fn sign<F: Random>(
&mut self,
md: MdType,
hash: &[u8],
sig: &mut [u8],
rng: &mut F
) -> Result<usize>
pub fn sign<F: Random>( &mut self, md: MdType, hash: &[u8], sig: &mut [u8], rng: &mut F ) -> Result<usize>
Sign the hash hash
of type md
, placing the signature in sig
. rng
must be a cryptographically secure RNG.
For RSA signatures, the length of sig
must be greater than or equal to
the RSA modulus length, otherwise sign()
fails with
Error::PkSigLenMismatch
.
For EC signatures, the length of sig
must be greater than or equal to
ECDSA_MAX_LEN
, otherwise sign()
fails with
Error::PkSigLenMismatch
.
On success, returns the actual number of bytes written to sig
.
pub fn sign_deterministic<F: Random>( &mut self, md: MdType, hash: &[u8], sig: &mut [u8], rng: &mut F ) -> Result<usize>
pub fn verify(&mut self, md: MdType, hash: &[u8], sig: &[u8]) -> Result<()>
sourcepub fn agree<F: Random>(
&mut self,
other: &Pk,
shared: &mut [u8],
rng: &mut F
) -> Result<usize>
pub fn agree<F: Random>( &mut self, other: &Pk, shared: &mut [u8], rng: &mut F ) -> Result<usize>
Agree on a shared secret with another public key.