Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: TYBLE16_simple_data_logger TYBLE16_MP3_Air
pkcs11.h
00001 /** 00002 * \file pkcs11.h 00003 * 00004 * \brief Wrapper for PKCS#11 library libpkcs11-helper 00005 * 00006 * \author Adriaan de Jong <dejong@fox-it.com> 00007 */ 00008 /* 00009 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00010 * SPDX-License-Identifier: Apache-2.0 00011 * 00012 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00013 * not use this file except in compliance with the License. 00014 * You may obtain a copy of the License at 00015 * 00016 * http://www.apache.org/licenses/LICENSE-2.0 00017 * 00018 * Unless required by applicable law or agreed to in writing, software 00019 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00020 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00021 * See the License for the specific language governing permissions and 00022 * limitations under the License. 00023 * 00024 * This file is part of mbed TLS (https://tls.mbed.org) 00025 */ 00026 #ifndef MBEDTLS_PKCS11_H 00027 #define MBEDTLS_PKCS11_H 00028 00029 #if !defined(MBEDTLS_CONFIG_FILE) 00030 #include "mbedtls/config.h" 00031 #else 00032 #include MBEDTLS_CONFIG_FILE 00033 #endif 00034 00035 #if defined(MBEDTLS_PKCS11_C) 00036 00037 #include "mbedtls/x509_crt.h" 00038 00039 #include <pkcs11-helper-1.0/pkcs11h-certificate.h> 00040 00041 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ 00042 !defined(inline) && !defined(__cplusplus) 00043 #define inline __inline 00044 #endif 00045 00046 #ifdef __cplusplus 00047 extern "C" { 00048 #endif 00049 00050 /** 00051 * Context for PKCS #11 private keys. 00052 */ 00053 typedef struct mbedtls_pkcs11_context 00054 { 00055 pkcs11h_certificate_t pkcs11h_cert; 00056 int len; 00057 } mbedtls_pkcs11_context; 00058 00059 /** 00060 * Initialize a mbedtls_pkcs11_context. 00061 * (Just making memory references valid.) 00062 */ 00063 void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx ); 00064 00065 /** 00066 * Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate. 00067 * 00068 * \param cert X.509 certificate to fill 00069 * \param pkcs11h_cert PKCS #11 helper certificate 00070 * 00071 * \return 0 on success. 00072 */ 00073 int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11h_cert ); 00074 00075 /** 00076 * Set up a mbedtls_pkcs11_context storing the given certificate. Note that the 00077 * mbedtls_pkcs11_context will take over control of the certificate, freeing it when 00078 * done. 00079 * 00080 * \param priv_key Private key structure to fill. 00081 * \param pkcs11_cert PKCS #11 helper certificate 00082 * 00083 * \return 0 on success 00084 */ 00085 int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key, 00086 pkcs11h_certificate_t pkcs11_cert ); 00087 00088 /** 00089 * Free the contents of the given private key context. Note that the structure 00090 * itself is not freed. 00091 * 00092 * \param priv_key Private key structure to cleanup 00093 */ 00094 void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key ); 00095 00096 /** 00097 * \brief Do an RSA private key decrypt, then remove the message 00098 * padding 00099 * 00100 * \param ctx PKCS #11 context 00101 * \param mode must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature 00102 * \param input buffer holding the encrypted data 00103 * \param output buffer that will hold the plaintext 00104 * \param olen will contain the plaintext length 00105 * \param output_max_len maximum length of the output buffer 00106 * 00107 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code 00108 * 00109 * \note The output buffer must be as large as the size 00110 * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise 00111 * an error is thrown. 00112 */ 00113 int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx, 00114 int mode, size_t *olen, 00115 const unsigned char *input, 00116 unsigned char *output, 00117 size_t output_max_len ); 00118 00119 /** 00120 * \brief Do a private RSA to sign a message digest 00121 * 00122 * \param ctx PKCS #11 context 00123 * \param mode must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature 00124 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) 00125 * \param hashlen message digest length (for MBEDTLS_MD_NONE only) 00126 * \param hash buffer holding the message digest 00127 * \param sig buffer that will hold the ciphertext 00128 * 00129 * \return 0 if the signing operation was successful, 00130 * or an MBEDTLS_ERR_RSA_XXX error code 00131 * 00132 * \note The "sig" buffer must be as large as the size 00133 * of ctx->N (eg. 128 bytes if RSA-1024 is used). 00134 */ 00135 int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx, 00136 int mode, 00137 mbedtls_md_type_t md_alg, 00138 unsigned int hashlen, 00139 const unsigned char *hash, 00140 unsigned char *sig ); 00141 00142 /** 00143 * SSL/TLS wrappers for PKCS#11 functions 00144 */ 00145 static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen, 00146 const unsigned char *input, unsigned char *output, 00147 size_t output_max_len ) 00148 { 00149 return mbedtls_pkcs11_decrypt( (mbedtls_pkcs11_context *) ctx, mode, olen, input, output, 00150 output_max_len ); 00151 } 00152 00153 static inline int mbedtls_ssl_pkcs11_sign( void *ctx, 00154 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, 00155 int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, 00156 const unsigned char *hash, unsigned char *sig ) 00157 { 00158 ((void) f_rng); 00159 ((void) p_rng); 00160 return mbedtls_pkcs11_sign( (mbedtls_pkcs11_context *) ctx, mode, md_alg, 00161 hashlen, hash, sig ); 00162 } 00163 00164 static inline size_t mbedtls_ssl_pkcs11_key_len( void *ctx ) 00165 { 00166 return ( (mbedtls_pkcs11_context *) ctx )->len; 00167 } 00168 00169 #ifdef __cplusplus 00170 } 00171 #endif 00172 00173 #endif /* MBEDTLS_PKCS11_C */ 00174 00175 #endif /* MBEDTLS_PKCS11_H */
Generated on Tue Jul 12 2022 13:54:41 by
