tpf_RSA_encrypt_data: Encrypt data using an RSA public key

This function encrypts data using an RSA public key and returns the encrypted data to the application.

Last updated

Changed in 2020 (information only; no code change).
Added for PUT06.

Format

maketpf_env += oco
LIBS := CPKL
#include <tpf/tpfapi.h>
int tpf_RSA_encrypt_data(unsigned char *data,
                                  int   data_length,
                         unsigned char *encrypt_buffer,
                                  int  *encrypt_len,
                                  int   key_type,
                                  void *pubkey_input,
                                  int   padding);

data

A pointer to the data to encrypt.

data_length

The length (in bytes) of the data to encrypt, which must be less than the size of the RSA key minus N, where N is the number of bytes needed by the specified padding method. For padding method TPF_RSA_PKCS1_PADDING, N is 11. For TPF_RSA_PKCS1_OAEP_PADDING, N is 41.

encrypt_buffer

A pointer to the buffer into which the encrypted data is placed. This can be the same address of the data to encrypt. The buffer size must be at least the size of the RSA key.

encrypt_len

A pointer that upon return is set to the length (in bytes) of data that was encrypted, including padding bytes. This value will always be the size of the RSA key.

key_type

The location from which the public key is retrieved, where key_type is one of the following:

TPF_RSA_USE_KEY_PAIR_NAME: The public key is retrieved from the z/TPF keystore using a key pair name pointed to by pubkey_input.
TPF_RSA_USE_RSA: The public key is retrieved from an RSA structure pointed to by pubkey_input.
TPF_RSA_USE_PUBLIC_KEY_FILE: The public key is retrieved from a file on the z/TPF file system pointed to by pubkey_input. The public key file must be in PKCS #1 format.
TPF_RSA_USE_CERTIFICATE_FILE: The public key is retrieved from a certificate on the z/TPF file system pointed to by pubkey_input.
TPF_RSA_USE_X509: The public key is retrieved from an X509 structure pointed to by pubkey_input.

pubkey_input

Must be one of the following:

key_pair_name: A pointer to the 8-byte RSA key pair name created on z/TPF. The name must consist of letters, numbers, or both. If the name is less than 8 bytes, it must be left-justified and either null-terminated or padded with blanks. All letters are converted to uppercase.
rsa: A pointer to the RSA structure that contains the public key.
public_key_file_name: A pointer to a null-terminated string that specifies the file that contains the public key. The public key needs to be encoded in a PKCS#1 RSAPublicKey structure. The maximum length of the file name is 1024 characters.
certificate_file_name: A pointer to a null-terminated string that specifies the file that contains the digital certificate that contains the public key. The certificate must be in X509 format. The maximum length of the file name is 1024 characters.
X509: A pointer to the X509 structure that contains the public key.

padding

The padding method used to encrypt the data using the z/TPF public key, where padding is one of the following:

TPF_RSA_PKCS1_PADDING: PKCS #1 v1.5 padding.
TPF_RSA_PKCS1_OAEP_PADDING: PKCS #1 v2.0 padding.

Normal return

TPF_RSA_ENCRYPT_OK: The data was encrypted successfully.

Error return

TPF_RSA_ENCRYPT_DATA_LENGTH_ERROR: The length of the data to be encrypted is too large or less than 1.
TPF_RSA_ENCRYPT_FILE_READ_ERROR: The file containing the public key or certificate cannot be read.
TPF_RSA_ENCRYPT_INTERNAL_ERROR: An internal processing error occurred.
TPF_RSA_ENCRYPT_LIBRARY_ERROR: An encryption library function did not produce a valid return.
TPF_RSA_ENCRYPT_NO_HARDWARE: The hardware needed to process this function is either not installed or not enabled.
TPF_RSA_ENCRYPT_NO_PKKEY_NAME: The specified public key pair name does not exist.
TPF_RSA_ENCRYPT_NO_SUPPORT: The keystore is not defined.
TPF_RSA_ENCRYPT_PADDING_NOT_VALID: The specified padding method is not valid.
TPF_RSA_ENCRYPT_PKKEY_NOT_ACTIVE: The specified public key pair name is not active.
TPF_RSA_ENCRYPT_POINTER_NOT_VALID: An input parameter pointer is not valid.
TPF_RSA_ENCRYPT_STATE_ERROR: TPF_RSA_USE_PUBLIC_KEY_FILE or TPF_RSA_USE_CERTIFICATE_FILE was specified and file system restart has not completed, or public key restart processing has not completed.
TPF_RSA_ENCRYPT_TYPE_NOT_VALID: The specified key type is not valid.

Programming considerations

Secure key management for public key cryptography must be enabled to use this function. See Enabling secure key management for public key cryptography
To use this function, you must include the OCO environment and CPKL library (see prototype) in your makefile.

Examples

The following example encrypts data using an RSA public key.

maketpf_env += oco
LIBS := CPKL
#include <tpf/tpfapi.h>

int app_enc_dec() {

   char *key_pair_name = malloc(8);
   unsigned char enc_buff[256];
   char  data[30];
   int   data_length;
   int   enc_len;
   int   rc, padding;

   strcpy (key_pair_name,"PAIR1");
   sprintf(data, "DATA12345678AbcDefg\0");
   data_length = sizeof(data);
   padding = TPF_RSA_PKCS1_OAEP_PADDING;

   rc = tpf_RSA_encrypt_data((unsigned char *)data, data_length, enc_buff, &enc_len,
                             TPF_RSA_USE_KEY_PAIR_NAME, key_pair_name, padding);
   if (rc != TPF_RSA_ENCRYPT_OK) {
     printf("Encrypt failed\n");
     return(ERROR);
   }
   return(rc);
}