mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-30 01:04:20 +01:00
Add and document an RSA-specific error code for unsupported exports
E.g., a private key on an external chip might not be exportable to RAM.
This commit is contained in:
parent
bead71752e
commit
91c194dabb
@ -48,6 +48,7 @@
|
|||||||
#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */
|
#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */
|
||||||
#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */
|
#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */
|
||||||
#define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */
|
#define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */
|
||||||
|
#define MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED -0x4500 /**< The requested parameter export is not possible/allowed. */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* RSA constants
|
* RSA constants
|
||||||
@ -446,6 +447,21 @@ int mbedtls_rsa_check_crt( const mbedtls_rsa_context *ctx,
|
|||||||
* \param E MPI to hold the public exponent, or NULL
|
* \param E MPI to hold the public exponent, or NULL
|
||||||
*
|
*
|
||||||
* \return 0 if successful, non-zero error code otherwise.
|
* \return 0 if successful, non-zero error code otherwise.
|
||||||
|
* In particular, if exporting the requested parameters
|
||||||
|
* cannot be done because of a lack of functionality
|
||||||
|
* or because of security policies, the error code
|
||||||
|
* MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned.
|
||||||
|
* In this case, the RSA context stays intact and can
|
||||||
|
* be continued to be used.
|
||||||
|
*
|
||||||
|
* \note Two reasons for returning MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED
|
||||||
|
* would be the following: Firstly, it might be that an
|
||||||
|
* alternative RSA implementation is in use which stores
|
||||||
|
* the key externally, and which either cannot or should not
|
||||||
|
* export it into RAM. Alternatively, an implementation
|
||||||
|
* (regardless of SW or HW) might not support deducing e.g.
|
||||||
|
* P, Q from N, D, E if the former are not part of the
|
||||||
|
* implementation.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
|
int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
|
||||||
@ -475,6 +491,24 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
|
|||||||
* pointed to by N, P, Q, D, E are fully written, with
|
* pointed to by N, P, Q, D, E are fully written, with
|
||||||
* additional unused space filled leading by 0-bytes.
|
* additional unused space filled leading by 0-bytes.
|
||||||
*
|
*
|
||||||
|
* \return 0 if successful, non-zero error code otherwise.
|
||||||
|
* In particular, if exporting the requested parameters
|
||||||
|
* cannot be done because of a lack of functionality
|
||||||
|
* or because of security policies, the error code
|
||||||
|
* MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned.
|
||||||
|
* In this case, the RSA context stays intact and can
|
||||||
|
* be continued to be used.
|
||||||
|
*
|
||||||
|
* \note Two reasons for returning MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED
|
||||||
|
* would be the following: Firstly, it might be that an
|
||||||
|
* alternative RSA implementation is in use which stores
|
||||||
|
* the key externally, and which either cannot or should not
|
||||||
|
* export it into RAM. Alternatively, an implementation
|
||||||
|
* (regardless of SW or HW) might not support deducing e.g.
|
||||||
|
* P, Q from N, D, E if the former are not part of the
|
||||||
|
* implementation.
|
||||||
|
*
|
||||||
|
*
|
||||||
*/
|
*/
|
||||||
int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
|
int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
|
||||||
unsigned char *N, size_t N_len,
|
unsigned char *N, size_t N_len,
|
||||||
|
Loading…
Reference in New Issue
Block a user