]>
Commit | Line | Data |
---|---|---|
1 | /** | |
2 | * \file pk.h | |
3 | * | |
4 | * \brief Public Key abstraction layer | |
5 | */ | |
6 | /* | |
7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved | |
8 | * SPDX-License-Identifier: GPL-2.0 | |
9 | * | |
10 | * This program is free software; you can redistribute it and/or modify | |
11 | * it under the terms of the GNU General Public License as published by | |
12 | * the Free Software Foundation; either version 2 of the License, or | |
13 | * (at your option) any later version. | |
14 | * | |
15 | * This program is distributed in the hope that it will be useful, | |
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
18 | * GNU General Public License for more details. | |
19 | * | |
20 | * You should have received a copy of the GNU General Public License along | |
21 | * with this program; if not, write to the Free Software Foundation, Inc., | |
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | |
23 | * | |
24 | * This file is part of mbed TLS (https://tls.mbed.org) | |
25 | */ | |
26 | ||
27 | #ifndef MBEDTLS_PK_H | |
28 | #define MBEDTLS_PK_H | |
29 | ||
30 | #if !defined(MBEDTLS_CONFIG_FILE) | |
31 | #include "config.h" | |
32 | #else | |
33 | #include MBEDTLS_CONFIG_FILE | |
34 | #endif | |
35 | ||
36 | #include "md.h" | |
37 | ||
38 | #if defined(MBEDTLS_RSA_C) | |
39 | #include "rsa.h" | |
40 | #endif | |
41 | ||
42 | #if defined(MBEDTLS_ECP_C) | |
43 | #include "ecp.h" | |
44 | #endif | |
45 | ||
46 | #if defined(MBEDTLS_ECDSA_C) | |
47 | #include "ecdsa.h" | |
48 | #endif | |
49 | ||
50 | #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ | |
51 | !defined(inline) && !defined(__cplusplus) | |
52 | #define inline __inline | |
53 | #endif | |
54 | ||
55 | #define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 /**< Memory allocation failed. */ | |
56 | #define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00 /**< Type mismatch, eg attempt to encrypt with an ECDSA key */ | |
57 | #define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 /**< Bad input parameters to function. */ | |
58 | #define MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00 /**< Read/write of file failed. */ | |
59 | #define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80 /**< Unsupported key version */ | |
60 | #define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 /**< Invalid key tag or value. */ | |
61 | #define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 /**< Key algorithm is unsupported (only RSA and EC are supported). */ | |
62 | #define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00 /**< Private key password can't be empty. */ | |
63 | #define MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80 /**< Given private key password does not allow for correct decryption. */ | |
64 | #define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00 /**< The pubkey tag or value is invalid (only RSA and EC are supported). */ | |
65 | #define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 /**< The algorithm tag or value is invalid. */ | |
66 | #define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */ | |
67 | #define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */ | |
68 | #define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The buffer contains a valid signature followed by more data. */ | |
69 | #define MBEDTLS_ERR_PK_HW_ACCEL_FAILED -0x3880 /**< PK hardware accelerator failed. */ | |
70 | ||
71 | #ifdef __cplusplus | |
72 | extern "C" { | |
73 | #endif | |
74 | ||
75 | /** | |
76 | * \brief Public key types | |
77 | */ | |
78 | typedef enum { | |
79 | MBEDTLS_PK_NONE=0, | |
80 | MBEDTLS_PK_RSA, | |
81 | MBEDTLS_PK_ECKEY, | |
82 | MBEDTLS_PK_ECKEY_DH, | |
83 | MBEDTLS_PK_ECDSA, | |
84 | MBEDTLS_PK_RSA_ALT, | |
85 | MBEDTLS_PK_RSASSA_PSS, | |
86 | } mbedtls_pk_type_t; | |
87 | ||
88 | /** | |
89 | * \brief Options for RSASSA-PSS signature verification. | |
90 | * See \c mbedtls_rsa_rsassa_pss_verify_ext() | |
91 | */ | |
92 | typedef struct mbedtls_pk_rsassa_pss_options | |
93 | { | |
94 | mbedtls_md_type_t mgf1_hash_id; | |
95 | int expected_salt_len; | |
96 | ||
97 | } mbedtls_pk_rsassa_pss_options; | |
98 | ||
99 | /** | |
100 | * \brief Types for interfacing with the debug module | |
101 | */ | |
102 | typedef enum | |
103 | { | |
104 | MBEDTLS_PK_DEBUG_NONE = 0, | |
105 | MBEDTLS_PK_DEBUG_MPI, | |
106 | MBEDTLS_PK_DEBUG_ECP, | |
107 | } mbedtls_pk_debug_type; | |
108 | ||
109 | /** | |
110 | * \brief Item to send to the debug module | |
111 | */ | |
112 | typedef struct mbedtls_pk_debug_item | |
113 | { | |
114 | mbedtls_pk_debug_type type; | |
115 | const char *name; | |
116 | void *value; | |
117 | } mbedtls_pk_debug_item; | |
118 | ||
119 | /** Maximum number of item send for debugging, plus 1 */ | |
120 | #define MBEDTLS_PK_DEBUG_MAX_ITEMS 3 | |
121 | ||
122 | /** | |
123 | * \brief Public key information and operations | |
124 | */ | |
125 | typedef struct mbedtls_pk_info_t mbedtls_pk_info_t; | |
126 | ||
127 | /** | |
128 | * \brief Public key container | |
129 | */ | |
130 | typedef struct mbedtls_pk_context | |
131 | { | |
132 | const mbedtls_pk_info_t * pk_info; /**< Public key informations */ | |
133 | void * pk_ctx; /**< Underlying public key context */ | |
134 | } mbedtls_pk_context; | |
135 | ||
136 | #if defined(MBEDTLS_RSA_C) | |
137 | /** | |
138 | * Quick access to an RSA context inside a PK context. | |
139 | * | |
140 | * \warning You must make sure the PK context actually holds an RSA context | |
141 | * before using this function! | |
142 | */ | |
143 | static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk ) | |
144 | { | |
145 | return( (mbedtls_rsa_context *) (pk).pk_ctx ); | |
146 | } | |
147 | #endif /* MBEDTLS_RSA_C */ | |
148 | ||
149 | #if defined(MBEDTLS_ECP_C) | |
150 | /** | |
151 | * Quick access to an EC context inside a PK context. | |
152 | * | |
153 | * \warning You must make sure the PK context actually holds an EC context | |
154 | * before using this function! | |
155 | */ | |
156 | static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk ) | |
157 | { | |
158 | return( (mbedtls_ecp_keypair *) (pk).pk_ctx ); | |
159 | } | |
160 | #endif /* MBEDTLS_ECP_C */ | |
161 | ||
162 | #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) | |
163 | /** | |
164 | * \brief Types for RSA-alt abstraction | |
165 | */ | |
166 | typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *olen, | |
167 | const unsigned char *input, unsigned char *output, | |
168 | size_t output_max_len ); | |
169 | typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx, | |
170 | int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, | |
171 | int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, | |
172 | const unsigned char *hash, unsigned char *sig ); | |
173 | typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx ); | |
174 | #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ | |
175 | ||
176 | /** | |
177 | * \brief Return information associated with the given PK type | |
178 | * | |
179 | * \param pk_type PK type to search for. | |
180 | * | |
181 | * \return The PK info associated with the type or NULL if not found. | |
182 | */ | |
183 | const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type ); | |
184 | ||
185 | /** | |
186 | * \brief Initialize a mbedtls_pk_context (as NONE) | |
187 | */ | |
188 | void mbedtls_pk_init( mbedtls_pk_context *ctx ); | |
189 | ||
190 | /** | |
191 | * \brief Free a mbedtls_pk_context | |
192 | */ | |
193 | void mbedtls_pk_free( mbedtls_pk_context *ctx ); | |
194 | ||
195 | /** | |
196 | * \brief Initialize a PK context with the information given | |
197 | * and allocates the type-specific PK subcontext. | |
198 | * | |
199 | * \param ctx Context to initialize. Must be empty (type NONE). | |
200 | * \param info Information to use | |
201 | * | |
202 | * \return 0 on success, | |
203 | * MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input, | |
204 | * MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure. | |
205 | * | |
206 | * \note For contexts holding an RSA-alt key, use | |
207 | * \c mbedtls_pk_setup_rsa_alt() instead. | |
208 | */ | |
209 | int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ); | |
210 | ||
211 | #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) | |
212 | /** | |
213 | * \brief Initialize an RSA-alt context | |
214 | * | |
215 | * \param ctx Context to initialize. Must be empty (type NONE). | |
216 | * \param key RSA key pointer | |
217 | * \param decrypt_func Decryption function | |
218 | * \param sign_func Signing function | |
219 | * \param key_len_func Function returning key length in bytes | |
220 | * | |
221 | * \return 0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the | |
222 | * context wasn't already initialized as RSA_ALT. | |
223 | * | |
224 | * \note This function replaces \c mbedtls_pk_setup() for RSA-alt. | |
225 | */ | |
226 | int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key, | |
227 | mbedtls_pk_rsa_alt_decrypt_func decrypt_func, | |
228 | mbedtls_pk_rsa_alt_sign_func sign_func, | |
229 | mbedtls_pk_rsa_alt_key_len_func key_len_func ); | |
230 | #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ | |
231 | ||
232 | /** | |
233 | * \brief Get the size in bits of the underlying key | |
234 | * | |
235 | * \param ctx Context to use | |
236 | * | |
237 | * \return Key size in bits, or 0 on error | |
238 | */ | |
239 | size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx ); | |
240 | ||
241 | /** | |
242 | * \brief Get the length in bytes of the underlying key | |
243 | * \param ctx Context to use | |
244 | * | |
245 | * \return Key length in bytes, or 0 on error | |
246 | */ | |
247 | static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx ) | |
248 | { | |
249 | return( ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 ); | |
250 | } | |
251 | ||
252 | /** | |
253 | * \brief Tell if a context can do the operation given by type | |
254 | * | |
255 | * \param ctx Context to test | |
256 | * \param type Target type | |
257 | * | |
258 | * \return 0 if context can't do the operations, | |
259 | * 1 otherwise. | |
260 | */ | |
261 | int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ); | |
262 | ||
263 | /** | |
264 | * \brief Verify signature (including padding if relevant). | |
265 | * | |
266 | * \param ctx PK context to use | |
267 | * \param md_alg Hash algorithm used (see notes) | |
268 | * \param hash Hash of the message to sign | |
269 | * \param hash_len Hash length or 0 (see notes) | |
270 | * \param sig Signature to verify | |
271 | * \param sig_len Signature length | |
272 | * | |
273 | * \return 0 on success (signature is valid), | |
274 | * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid | |
275 | * signature in sig but its length is less than \p siglen, | |
276 | * or a specific error code. | |
277 | * | |
278 | * \note For RSA keys, the default padding type is PKCS#1 v1.5. | |
279 | * Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... ) | |
280 | * to verify RSASSA_PSS signatures. | |
281 | * | |
282 | * \note If hash_len is 0, then the length associated with md_alg | |
283 | * is used instead, or an error returned if it is invalid. | |
284 | * | |
285 | * \note md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0 | |
286 | */ | |
287 | int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, | |
288 | const unsigned char *hash, size_t hash_len, | |
289 | const unsigned char *sig, size_t sig_len ); | |
290 | ||
291 | /** | |
292 | * \brief Verify signature, with options. | |
293 | * (Includes verification of the padding depending on type.) | |
294 | * | |
295 | * \param type Signature type (inc. possible padding type) to verify | |
296 | * \param options Pointer to type-specific options, or NULL | |
297 | * \param ctx PK context to use | |
298 | * \param md_alg Hash algorithm used (see notes) | |
299 | * \param hash Hash of the message to sign | |
300 | * \param hash_len Hash length or 0 (see notes) | |
301 | * \param sig Signature to verify | |
302 | * \param sig_len Signature length | |
303 | * | |
304 | * \return 0 on success (signature is valid), | |
305 | * #MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be | |
306 | * used for this type of signatures, | |
307 | * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid | |
308 | * signature in sig but its length is less than \p siglen, | |
309 | * or a specific error code. | |
310 | * | |
311 | * \note If hash_len is 0, then the length associated with md_alg | |
312 | * is used instead, or an error returned if it is invalid. | |
313 | * | |
314 | * \note md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0 | |
315 | * | |
316 | * \note If type is MBEDTLS_PK_RSASSA_PSS, then options must point | |
317 | * to a mbedtls_pk_rsassa_pss_options structure, | |
318 | * otherwise it must be NULL. | |
319 | */ | |
320 | int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, | |
321 | mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, | |
322 | const unsigned char *hash, size_t hash_len, | |
323 | const unsigned char *sig, size_t sig_len ); | |
324 | ||
325 | /** | |
326 | * \brief Make signature, including padding if relevant. | |
327 | * | |
328 | * \param ctx PK context to use - must hold a private key | |
329 | * \param md_alg Hash algorithm used (see notes) | |
330 | * \param hash Hash of the message to sign | |
331 | * \param hash_len Hash length or 0 (see notes) | |
332 | * \param sig Place to write the signature | |
333 | * \param sig_len Number of bytes written | |
334 | * \param f_rng RNG function | |
335 | * \param p_rng RNG parameter | |
336 | * | |
337 | * \return 0 on success, or a specific error code. | |
338 | * | |
339 | * \note For RSA keys, the default padding type is PKCS#1 v1.5. | |
340 | * There is no interface in the PK module to make RSASSA-PSS | |
341 | * signatures yet. | |
342 | * | |
343 | * \note If hash_len is 0, then the length associated with md_alg | |
344 | * is used instead, or an error returned if it is invalid. | |
345 | * | |
346 | * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0. | |
347 | * For ECDSA, md_alg may never be MBEDTLS_MD_NONE. | |
348 | */ | |
349 | int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, | |
350 | const unsigned char *hash, size_t hash_len, | |
351 | unsigned char *sig, size_t *sig_len, | |
352 | int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); | |
353 | ||
354 | /** | |
355 | * \brief Decrypt message (including padding if relevant). | |
356 | * | |
357 | * \param ctx PK context to use - must hold a private key | |
358 | * \param input Input to decrypt | |
359 | * \param ilen Input size | |
360 | * \param output Decrypted output | |
361 | * \param olen Decrypted message length | |
362 | * \param osize Size of the output buffer | |
363 | * \param f_rng RNG function | |
364 | * \param p_rng RNG parameter | |
365 | * | |
366 | * \note For RSA keys, the default padding type is PKCS#1 v1.5. | |
367 | * | |
368 | * \return 0 on success, or a specific error code. | |
369 | */ | |
370 | int mbedtls_pk_decrypt( mbedtls_pk_context *ctx, | |
371 | const unsigned char *input, size_t ilen, | |
372 | unsigned char *output, size_t *olen, size_t osize, | |
373 | int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); | |
374 | ||
375 | /** | |
376 | * \brief Encrypt message (including padding if relevant). | |
377 | * | |
378 | * \param ctx PK context to use | |
379 | * \param input Message to encrypt | |
380 | * \param ilen Message size | |
381 | * \param output Encrypted output | |
382 | * \param olen Encrypted output length | |
383 | * \param osize Size of the output buffer | |
384 | * \param f_rng RNG function | |
385 | * \param p_rng RNG parameter | |
386 | * | |
387 | * \note For RSA keys, the default padding type is PKCS#1 v1.5. | |
388 | * | |
389 | * \return 0 on success, or a specific error code. | |
390 | */ | |
391 | int mbedtls_pk_encrypt( mbedtls_pk_context *ctx, | |
392 | const unsigned char *input, size_t ilen, | |
393 | unsigned char *output, size_t *olen, size_t osize, | |
394 | int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); | |
395 | ||
396 | /** | |
397 | * \brief Check if a public-private pair of keys matches. | |
398 | * | |
399 | * \param pub Context holding a public key. | |
400 | * \param prv Context holding a private (and public) key. | |
401 | * | |
402 | * \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA | |
403 | */ | |
404 | int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv ); | |
405 | ||
406 | /** | |
407 | * \brief Export debug information | |
408 | * | |
409 | * \param ctx Context to use | |
410 | * \param items Place to write debug items | |
411 | * | |
412 | * \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA | |
413 | */ | |
414 | int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items ); | |
415 | ||
416 | /** | |
417 | * \brief Access the type name | |
418 | * | |
419 | * \param ctx Context to use | |
420 | * | |
421 | * \return Type name on success, or "invalid PK" | |
422 | */ | |
423 | const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx ); | |
424 | ||
425 | /** | |
426 | * \brief Get the key type | |
427 | * | |
428 | * \param ctx Context to use | |
429 | * | |
430 | * \return Type on success, or MBEDTLS_PK_NONE | |
431 | */ | |
432 | mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ); | |
433 | ||
434 | #if defined(MBEDTLS_PK_PARSE_C) | |
435 | /** \ingroup pk_module */ | |
436 | /** | |
437 | * \brief Parse a private key in PEM or DER format | |
438 | * | |
439 | * \param ctx key to be initialized | |
440 | * \param key input buffer | |
441 | * \param keylen size of the buffer | |
442 | * (including the terminating null byte for PEM data) | |
443 | * \param pwd password for decryption (optional) | |
444 | * \param pwdlen size of the password | |
445 | * | |
446 | * \note On entry, ctx must be empty, either freshly initialised | |
447 | * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a | |
448 | * specific key type, check the result with mbedtls_pk_can_do(). | |
449 | * | |
450 | * \note The key is also checked for correctness. | |
451 | * | |
452 | * \return 0 if successful, or a specific PK or PEM error code | |
453 | */ | |
454 | int mbedtls_pk_parse_key( mbedtls_pk_context *ctx, | |
455 | const unsigned char *key, size_t keylen, | |
456 | const unsigned char *pwd, size_t pwdlen ); | |
457 | ||
458 | /** \ingroup pk_module */ | |
459 | /** | |
460 | * \brief Parse a public key in PEM or DER format | |
461 | * | |
462 | * \param ctx key to be initialized | |
463 | * \param key input buffer | |
464 | * \param keylen size of the buffer | |
465 | * (including the terminating null byte for PEM data) | |
466 | * | |
467 | * \note On entry, ctx must be empty, either freshly initialised | |
468 | * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a | |
469 | * specific key type, check the result with mbedtls_pk_can_do(). | |
470 | * | |
471 | * \note The key is also checked for correctness. | |
472 | * | |
473 | * \return 0 if successful, or a specific PK or PEM error code | |
474 | */ | |
475 | int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, | |
476 | const unsigned char *key, size_t keylen ); | |
477 | ||
478 | #if defined(MBEDTLS_FS_IO) | |
479 | /** \ingroup pk_module */ | |
480 | /** | |
481 | * \brief Load and parse a private key | |
482 | * | |
483 | * \param ctx key to be initialized | |
484 | * \param path filename to read the private key from | |
485 | * \param password password to decrypt the file (can be NULL) | |
486 | * | |
487 | * \note On entry, ctx must be empty, either freshly initialised | |
488 | * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a | |
489 | * specific key type, check the result with mbedtls_pk_can_do(). | |
490 | * | |
491 | * \note The key is also checked for correctness. | |
492 | * | |
493 | * \return 0 if successful, or a specific PK or PEM error code | |
494 | */ | |
495 | int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, | |
496 | const char *path, const char *password ); | |
497 | ||
498 | /** \ingroup pk_module */ | |
499 | /** | |
500 | * \brief Load and parse a public key | |
501 | * | |
502 | * \param ctx key to be initialized | |
503 | * \param path filename to read the public key from | |
504 | * | |
505 | * \note On entry, ctx must be empty, either freshly initialised | |
506 | * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If | |
507 | * you need a specific key type, check the result with | |
508 | * mbedtls_pk_can_do(). | |
509 | * | |
510 | * \note The key is also checked for correctness. | |
511 | * | |
512 | * \return 0 if successful, or a specific PK or PEM error code | |
513 | */ | |
514 | int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ); | |
515 | #endif /* MBEDTLS_FS_IO */ | |
516 | #endif /* MBEDTLS_PK_PARSE_C */ | |
517 | ||
518 | #if defined(MBEDTLS_PK_WRITE_C) | |
519 | /** | |
520 | * \brief Write a private key to a PKCS#1 or SEC1 DER structure | |
521 | * Note: data is written at the end of the buffer! Use the | |
522 | * return value to determine where you should start | |
523 | * using the buffer | |
524 | * | |
525 | * \param ctx private to write away | |
526 | * \param buf buffer to write to | |
527 | * \param size size of the buffer | |
528 | * | |
529 | * \return length of data written if successful, or a specific | |
530 | * error code | |
531 | */ | |
532 | int mbedtls_pk_write_key_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size ); | |
533 | ||
534 | /** | |
535 | * \brief Write a public key to a SubjectPublicKeyInfo DER structure | |
536 | * Note: data is written at the end of the buffer! Use the | |
537 | * return value to determine where you should start | |
538 | * using the buffer | |
539 | * | |
540 | * \param ctx public key to write away | |
541 | * \param buf buffer to write to | |
542 | * \param size size of the buffer | |
543 | * | |
544 | * \return length of data written if successful, or a specific | |
545 | * error code | |
546 | */ | |
547 | int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size ); | |
548 | ||
549 | #if defined(MBEDTLS_PEM_WRITE_C) | |
550 | /** | |
551 | * \brief Write a public key to a PEM string | |
552 | * | |
553 | * \param ctx public key to write away | |
554 | * \param buf buffer to write to | |
555 | * \param size size of the buffer | |
556 | * | |
557 | * \return 0 if successful, or a specific error code | |
558 | */ | |
559 | int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size ); | |
560 | ||
561 | /** | |
562 | * \brief Write a private key to a PKCS#1 or SEC1 PEM string | |
563 | * | |
564 | * \param ctx private to write away | |
565 | * \param buf buffer to write to | |
566 | * \param size size of the buffer | |
567 | * | |
568 | * \return 0 if successful, or a specific error code | |
569 | */ | |
570 | int mbedtls_pk_write_key_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size ); | |
571 | #endif /* MBEDTLS_PEM_WRITE_C */ | |
572 | #endif /* MBEDTLS_PK_WRITE_C */ | |
573 | ||
574 | /* | |
575 | * WARNING: Low-level functions. You probably do not want to use these unless | |
576 | * you are certain you do ;) | |
577 | */ | |
578 | ||
579 | #if defined(MBEDTLS_PK_PARSE_C) | |
580 | /** | |
581 | * \brief Parse a SubjectPublicKeyInfo DER structure | |
582 | * | |
583 | * \param p the position in the ASN.1 data | |
584 | * \param end end of the buffer | |
585 | * \param pk the key to fill | |
586 | * | |
587 | * \return 0 if successful, or a specific PK error code | |
588 | */ | |
589 | int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, | |
590 | mbedtls_pk_context *pk ); | |
591 | #endif /* MBEDTLS_PK_PARSE_C */ | |
592 | ||
593 | #if defined(MBEDTLS_PK_WRITE_C) | |
594 | /** | |
595 | * \brief Write a subjectPublicKey to ASN.1 data | |
596 | * Note: function works backwards in data buffer | |
597 | * | |
598 | * \param p reference to current position pointer | |
599 | * \param start start of the buffer (for bounds-checking) | |
600 | * \param key public key to write away | |
601 | * | |
602 | * \return the length written or a negative error code | |
603 | */ | |
604 | int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start, | |
605 | const mbedtls_pk_context *key ); | |
606 | #endif /* MBEDTLS_PK_WRITE_C */ | |
607 | ||
608 | /* | |
609 | * Internal module functions. You probably do not want to use these unless you | |
610 | * know you do. | |
611 | */ | |
612 | #if defined(MBEDTLS_FS_IO) | |
613 | int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ); | |
614 | #endif | |
615 | ||
616 | #ifdef __cplusplus | |
617 | } | |
618 | #endif | |
619 | ||
620 | #endif /* MBEDTLS_PK_H */ |