pk.h File Reference

Public key container.

Item to send to the debug module.

Public key information and operations.

Definition at line 130 of file pk.h.

Types for RSA-alt abstraction.

Definition at line 185 of file pk.h.

Options for RSASSA-PSS signature verification.

See mbedtls_rsa_rsassa_pss_verify_ext()

Types for interfacing with the debug module.

Definition at line 107 of file pk.h.

Public key types.

Definition at line 82 of file pk.h.

Tell if a context can do the operation given by type.

Parameters:

ctx	The context to query. It must have been initialized.
type	The desired type.

Returns:

1 if the context can do operations on the given type.

0 if the context cannot do the operations on the given type. This is always the case for a context that has been initialized but not set up, or that has been cleared with mbedtls_pk_free().

Definition at line 224 of file pk.c.

Check if a public-private pair of keys matches.

Parameters:

pub	Context holding a public key.
prv	Context holding a private (and public) key.

Returns:

0 on success (keys were checked and match each other).

MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the keys could not be checked - in that case they may or may not match.

MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid.

Another non-zero value if the keys do not match.

Definition at line 508 of file pk.c.

Export debug information.

Parameters:

ctx	The PK context to use. It must have been initialized.
items	Place to write debug items

Returns:

0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA

Definition at line 552 of file pk.c.

Decrypt message (including padding if relevant).

Parameters:

ctx	The PK context to use. It must have been set up with a private key.
input	Input to decrypt
ilen	Input size
output	Decrypted output
olen	Decrypted message length
osize	Size of the output buffer
f_rng	RNG function
p_rng	RNG parameter

Note:

For RSA keys, the default padding type is PKCS#1 v1.5.

Returns:

0 on success, or a specific error code.

Definition at line 462 of file pk.c.

Quick access to an EC context inside a PK context.

Warning:

You must make sure the PK context actually holds an EC context before using this function!

Definition at line 175 of file pk.h.

Encrypt message (including padding if relevant).

Parameters:

ctx	The PK context to use. It must have been set up.
input	Message to encrypt
ilen	Message size
output	Encrypted output
olen	Encrypted output length
osize	Size of the output buffer
f_rng	RNG function
p_rng	RNG parameter

Note:

For RSA keys, the default padding type is PKCS#1 v1.5.

Returns:

0 on success, or a specific error code.

Definition at line 485 of file pk.c.

Free the components of a mbedtls_pk_context.

Parameters:

ctx	The context to clear. It must have been initialized. If this is NULL, this function does nothing.

Note:

For contexts that have been set up with mbedtls_pk_setup_opaque(), this does not free the underlying PSA key and you still need to call psa_destroy_key() independently if you want to destroy that key.

Definition at line 71 of file pk.c.

Get the size in bits of the underlying key.

Parameters:

ctx	The context to query. It must have been initialized.

Returns:

Key size in bits, or 0 on error

Definition at line 539 of file pk.c.

Get the length in bytes of the underlying key.

Parameters:

ctx	The context to query. It must have been initialized.

Returns:

Key length in bytes, or 0 on error

Definition at line 330 of file pk.h.

Access the type name.

Parameters:

ctx	The PK context to use. It must have been initialized.

Returns:

Type name on success, or "invalid PK"

Definition at line 568 of file pk.c.

Get the key type.

Parameters:

ctx	The PK context to use. It must have been initialized.

Returns:

Type on success.

MBEDTLS_PK_NONE for a context that has not been set up.

Definition at line 579 of file pk.c.

Return information associated with the given PK type.

Parameters:

pk_type

PK type to search for.

Returns:

The PK info associated with the type or NULL if not found.

Definition at line 114 of file pk.c.

Initialize a mbedtls_pk_context (as NONE).

Parameters:

ctx	The context to initialize. This must not be NULL.

Definition at line 60 of file pk.c.

Parse a private key in PEM or DER format.

Parameters:

ctx	The PK context to fill. It must have been initialized but not set up.
key	Input buffer to parse. The buffer must contain the input exactly, with no extra trailing material. For PEM, the buffer must contain a null-terminated string.
keylen	Size of key in bytes. For PEM data, this includes the terminating null byte, so keylen must be equal to `strlen(key) + 1`.
pwd	Optional password for decryption. Pass NULL if expecting a non-encrypted key. Pass a string of pwdlen bytes if expecting an encrypted key; a non-encrypted key will also be accepted. The empty password is not supported.
pwdlen	Size of the password in bytes. Ignored if pwd is NULL.

Note:

On entry, ctx must be empty, either freshly initialised with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a specific key type, check the result with mbedtls_pk_can_do().

The key is also checked for correctness.

Returns:

0 if successful, or a specific PK or PEM error code

Definition at line 1163 of file pkparse.c.

Load and parse a private key.

Parameters:

ctx	The PK context to fill. It must have been initialized but not set up.
path	filename to read the private key from
password	Optional password to decrypt the file. Pass NULL if expecting a non-encrypted key. Pass a null-terminated string if expecting an encrypted key; a non-encrypted key will also be accepted. The empty password is not supported.

Note:

On entry, ctx must be empty, either freshly initialised with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a specific key type, check the result with mbedtls_pk_can_do().

The key is also checked for correctness.

Returns:

0 if successful, or a specific PK or PEM error code

Definition at line 130 of file pkparse.c.

Parse a public key in PEM or DER format.

Parameters:

ctx	The PK context to fill. It must have been initialized but not set up.
key	Input buffer to parse. The buffer must contain the input exactly, with no extra trailing material. For PEM, the buffer must contain a null-terminated string.
keylen	Size of key in bytes. For PEM data, this includes the terminating null byte, so keylen must be equal to `strlen(key) + 1`.

Note:

On entry, ctx must be empty, either freshly initialised with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a specific key type, check the result with mbedtls_pk_can_do().

The key is also checked for correctness.

Returns:

0 if successful, or a specific PK or PEM error code

Definition at line 1376 of file pkparse.c.

Load and parse a public key.

Parameters:

ctx	The PK context to fill. It must have been initialized but not set up.
path	filename to read the public key from

Note:

On entry, ctx must be empty, either freshly initialised with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a specific key type, check the result with mbedtls_pk_can_do().

The key is also checked for correctness.

Returns:

0 if successful, or a specific PK or PEM error code

Definition at line 158 of file pkparse.c.

Parse a SubjectPublicKeyInfo DER structure.

Parameters:

p	the position in the ASN.1 data
end	end of the buffer
pk	The PK context to fill. It must have been initialized but not set up.

Returns:

0 if successful, or a specific PK error code

Definition at line 615 of file pkparse.c.

Free the components of a restart context.

Parameters:

ctx	The context to clear. It must have been initialized. If this is NULL, this function does nothing.

Definition at line 96 of file pk.c.

Initialize a restart context.

Parameters:

ctx	The context to initialize. This must not be NULL.

Definition at line 86 of file pk.c.

Quick access to an RSA context inside a PK context.

Warning:

You must make sure the PK context actually holds an RSA context before using this function!

Definition at line 162 of file pk.h.

Initialize a PK context with the information given and allocates the type-specific PK subcontext.

Parameters:

ctx	Context to initialize. It must not have been set up yet (type MBEDTLS_PK_NONE).
info	Information to use

Returns:

0 on success, MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input, MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.

Note:

For contexts holding an RSA-alt key, use mbedtls_pk_setup_rsa_alt() instead.

Definition at line 140 of file pk.c.

Initialize a PK context to wrap a PSA key.

Note:

This function replaces mbedtls_pk_setup() for contexts that wrap a (possibly opaque) PSA key instead of storing and manipulating the key material directly.

Parameters:

ctx	The context to initialize. It must be empty (type NONE).
key	The PSA key to wrap, which must hold an ECC key pair (see notes below).

Note:

The wrapped key must remain valid as long as the wrapping PK context is in use, that is at least between the point this function is called and the point mbedtls_pk_free() is called on this context. The wrapped key might then be independently used or destroyed.

This function is currently only available for ECC key pairs (that is, ECC keys containing private key material). Support for other key types may be added later.

Returns:

0 on success.

MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input (context already used, invalid key handle).

MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an ECC key pair.

MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.

Definition at line 158 of file pk.c.

Initialize an RSA-alt context.

Parameters:

ctx	Context to initialize. It must not have been set up yet (type MBEDTLS_PK_NONE).
key	RSA key pointer
decrypt_func	Decryption function
sign_func	Signing function
key_len_func	Function returning key length in bytes

Returns:

0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the context wasn't already initialized as RSA_ALT.

Note:

This function replaces mbedtls_pk_setup() for RSA-alt.

Definition at line 193 of file pk.c.

Make signature, including padding if relevant.

Parameters:

ctx	The PK context to use. It must have been set up with a private key.
md_alg	Hash algorithm used (see notes)
hash	Hash of the message to sign
hash_len	Hash length or 0 (see notes)
sig	Place to write the signature
sig_len	Number of bytes written
f_rng	RNG function
p_rng	RNG parameter

Returns:

0 on success, or a specific error code.

Note:

For RSA keys, the default padding type is PKCS#1 v1.5. There is no interface in the PK module to make RSASSA-PSS signatures yet.

If hash_len is 0, then the length associated with md_alg is used instead, or an error returned if it is invalid.

For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0. For ECDSA, md_alg may never be MBEDTLS_MD_NONE.

Definition at line 450 of file pk.c.

Restartable version of mbedtls_pk_sign()

Note:

Performs the same job as mbedtls_pk_sign(), but can return early and restart according to the limit set with mbedtls_ecp_set_max_ops() to reduce blocking for ECC operations. For RSA, same as mbedtls_pk_sign().

Parameters:

ctx	The PK context to use. It must have been set up with a private key.
md_alg	Hash algorithm used (see notes)
hash	Hash of the message to sign
hash_len	Hash length or 0 (see notes)
sig	Place to write the signature
sig_len	Number of bytes written
f_rng	RNG function
p_rng	RNG parameter
rs_ctx	Restart context (NULL to disable restart)

Returns:

See mbedtls_pk_sign(), or

MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of operations was reached: see mbedtls_ecp_set_max_ops().

Definition at line 401 of file pk.c.

Verify signature (including padding if relevant).

Parameters:

ctx	The PK context to use. It must have been set up.
md_alg	Hash algorithm used (see notes)
hash	Hash of the message to sign
hash_len	Hash length or 0 (see notes)
sig	Signature to verify
sig_len	Signature length

Returns:

0 on success (signature is valid), MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid signature in sig but its length is less than siglen, or a specific error code.

Note:

For RSA keys, the default padding type is PKCS#1 v1.5. Use mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... ) to verify RSASSA_PSS signatures.

If hash_len is 0, then the length associated with md_alg is used instead, or an error returned if it is invalid.

md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0

Definition at line 327 of file pk.c.

Verify signature, with options.

(Includes verification of the padding depending on type.)

Parameters:

type	Signature type (inc. possible padding type) to verify
options	Pointer to type-specific options, or NULL
ctx	The PK context to use. It must have been set up.
md_alg	Hash algorithm used (see notes)
hash	Hash of the message to sign
hash_len	Hash length or 0 (see notes)
sig	Signature to verify
sig_len	Signature length

Returns:

0 on success (signature is valid), MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be used for this type of signatures, MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid signature in sig but its length is less than siglen, or a specific error code.

Note:

If hash_len is 0, then the length associated with md_alg is used instead, or an error returned if it is invalid.

md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0

If type is MBEDTLS_PK_RSASSA_PSS, then options must point to a mbedtls_pk_rsassa_pss_options structure, otherwise it must be NULL.

Definition at line 338 of file pk.c.

Restartable version of mbedtls_pk_verify()

Note:

Performs the same job as mbedtls_pk_verify(), but can return early and restart according to the limit set with mbedtls_ecp_set_max_ops() to reduce blocking for ECC operations. For RSA, same as mbedtls_pk_verify().

Parameters:

ctx	The PK context to use. It must have been set up.
md_alg	Hash algorithm used (see notes)
hash	Hash of the message to sign
hash_len	Hash length or 0 (see notes)
sig	Signature to verify
sig_len	Signature length
rs_ctx	Restart context (NULL to disable restart)

Returns:

See mbedtls_pk_verify(), or

MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of operations was reached: see mbedtls_ecp_set_max_ops().

Definition at line 279 of file pk.c.

Turn an EC key into an opaque one.

Warning:

This is a temporary utility function for tests. It might change or be removed at any time without notice.

Note:

Only ECDSA keys are supported so far. Signing with the specified hash is the only allowed use of that key.

Parameters:

pk	Input: the EC key to import to a PSA key. Output: a PK context wrapping that PSA key.
handle	Output: a PSA key handle. It's the caller's responsibility to call psa_destroy_key() on that handle after calling mbedtls_pk_free() on the PK context.
hash_alg	The hash algorithm to allow for use with that key.

Returns:

0 if successful.

An Mbed TLS error code otherwise.

Definition at line 594 of file pk.c.

Write a private key to a PKCS#1 or SEC1 DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer.

Parameters:

ctx	PK context which must contain a valid private key.
buf	buffer to write to
size	size of the buffer

Returns:

length of data written if successful, or a specific error code

Definition at line 294 of file pkwrite.c.

Write a private key to a PKCS#1 or SEC1 PEM string.

Parameters:

ctx	PK context which must contain a valid private key.
buf	Buffer to write to. The output includes a terminating null byte.
size	Size of the buffer in bytes.

Returns:

0 if successful, or a specific error code

Definition at line 563 of file pkwrite.c.

Write a subjectPublicKey to ASN.1 data Note: function works backwards in data buffer.

Parameters:

p	reference to current position pointer
start	start of the buffer (for bounds-checking)
key	PK context which must contain a valid public or private key.

Returns:

the length written or a negative error code

Definition at line 159 of file pkwrite.c.

Write a public key to a SubjectPublicKeyInfo DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer.

Parameters:

ctx	PK context which must contain a valid public or private key.
buf	buffer to write to
size	size of the buffer

Returns:

length of data written if successful, or a specific error code

Definition at line 208 of file pkwrite.c.

Write a public key to a PEM string.

Parameters:

ctx	PK context which must contain a valid public or private key.
buf	Buffer to write to. The output includes a terminating null byte.
size	Size of the buffer in bytes.

Returns:

0 if successful, or a specific error code

Definition at line 538 of file pkwrite.c.