Maxim nexpaq / nexpaq_dev

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

features/mbedtls/inc/mbedtls/pk.h@0:6c56fb4bc5f0, 2016-11-04 (annotated)

Committer:
nexpaq
Date:
Fri Nov 04 20:27:58 2016 +0000
Revision:
0:6c56fb4bc5f0
Moving to library for sharing updates

Who changed what in which revision?

UserRevisionLine numberNew contents of line
nexpaq 0:6c56fb4bc5f0 1 /**
nexpaq 0:6c56fb4bc5f0 2 * \file pk.h
nexpaq 0:6c56fb4bc5f0 3 *
nexpaq 0:6c56fb4bc5f0 4 * \brief Public Key abstraction layer
nexpaq 0:6c56fb4bc5f0 5 *
nexpaq 0:6c56fb4bc5f0 6 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
nexpaq 0:6c56fb4bc5f0 7 * SPDX-License-Identifier: Apache-2.0
nexpaq 0:6c56fb4bc5f0 8 *
nexpaq 0:6c56fb4bc5f0 9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
nexpaq 0:6c56fb4bc5f0 10 * not use this file except in compliance with the License.
nexpaq 0:6c56fb4bc5f0 11 * You may obtain a copy of the License at
nexpaq 0:6c56fb4bc5f0 12 *
nexpaq 0:6c56fb4bc5f0 13 * http://www.apache.org/licenses/LICENSE-2.0
nexpaq 0:6c56fb4bc5f0 14 *
nexpaq 0:6c56fb4bc5f0 15 * Unless required by applicable law or agreed to in writing, software
nexpaq 0:6c56fb4bc5f0 16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
nexpaq 0:6c56fb4bc5f0 17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
nexpaq 0:6c56fb4bc5f0 18 * See the License for the specific language governing permissions and
nexpaq 0:6c56fb4bc5f0 19 * limitations under the License.
nexpaq 0:6c56fb4bc5f0 20 *
nexpaq 0:6c56fb4bc5f0 21 * This file is part of mbed TLS (https://tls.mbed.org)
nexpaq 0:6c56fb4bc5f0 22 */
nexpaq 0:6c56fb4bc5f0 23
nexpaq 0:6c56fb4bc5f0 24 #ifndef MBEDTLS_PK_H
nexpaq 0:6c56fb4bc5f0 25 #define MBEDTLS_PK_H
nexpaq 0:6c56fb4bc5f0 26
nexpaq 0:6c56fb4bc5f0 27 #if !defined(MBEDTLS_CONFIG_FILE)
nexpaq 0:6c56fb4bc5f0 28 #include "config.h"
nexpaq 0:6c56fb4bc5f0 29 #else
nexpaq 0:6c56fb4bc5f0 30 #include MBEDTLS_CONFIG_FILE
nexpaq 0:6c56fb4bc5f0 31 #endif
nexpaq 0:6c56fb4bc5f0 32
nexpaq 0:6c56fb4bc5f0 33 #include "md.h"
nexpaq 0:6c56fb4bc5f0 34
nexpaq 0:6c56fb4bc5f0 35 #if defined(MBEDTLS_RSA_C)
nexpaq 0:6c56fb4bc5f0 36 #include "rsa.h"
nexpaq 0:6c56fb4bc5f0 37 #endif
nexpaq 0:6c56fb4bc5f0 38
nexpaq 0:6c56fb4bc5f0 39 #if defined(MBEDTLS_ECP_C)
nexpaq 0:6c56fb4bc5f0 40 #include "ecp.h"
nexpaq 0:6c56fb4bc5f0 41 #endif
nexpaq 0:6c56fb4bc5f0 42
nexpaq 0:6c56fb4bc5f0 43 #if defined(MBEDTLS_ECDSA_C)
nexpaq 0:6c56fb4bc5f0 44 #include "ecdsa.h"
nexpaq 0:6c56fb4bc5f0 45 #endif
nexpaq 0:6c56fb4bc5f0 46
nexpaq 0:6c56fb4bc5f0 47 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
nexpaq 0:6c56fb4bc5f0 48 !defined(inline) && !defined(__cplusplus)
nexpaq 0:6c56fb4bc5f0 49 #define inline __inline
nexpaq 0:6c56fb4bc5f0 50 #endif
nexpaq 0:6c56fb4bc5f0 51
nexpaq 0:6c56fb4bc5f0 52 #define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 /**< Memory allocation failed. */
nexpaq 0:6c56fb4bc5f0 53 #define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00 /**< Type mismatch, eg attempt to encrypt with an ECDSA key */
nexpaq 0:6c56fb4bc5f0 54 #define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 /**< Bad input parameters to function. */
nexpaq 0:6c56fb4bc5f0 55 #define MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00 /**< Read/write of file failed. */
nexpaq 0:6c56fb4bc5f0 56 #define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80 /**< Unsupported key version */
nexpaq 0:6c56fb4bc5f0 57 #define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 /**< Invalid key tag or value. */
nexpaq 0:6c56fb4bc5f0 58 #define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 /**< Key algorithm is unsupported (only RSA and EC are supported). */
nexpaq 0:6c56fb4bc5f0 59 #define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00 /**< Private key password can't be empty. */
nexpaq 0:6c56fb4bc5f0 60 #define MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80 /**< Given private key password does not allow for correct decryption. */
nexpaq 0:6c56fb4bc5f0 61 #define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00 /**< The pubkey tag or value is invalid (only RSA and EC are supported). */
nexpaq 0:6c56fb4bc5f0 62 #define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 /**< The algorithm tag or value is invalid. */
nexpaq 0:6c56fb4bc5f0 63 #define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */
nexpaq 0:6c56fb4bc5f0 64 #define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */
nexpaq 0:6c56fb4bc5f0 65 #define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The signature is valid but its length is less than expected. */
nexpaq 0:6c56fb4bc5f0 66
nexpaq 0:6c56fb4bc5f0 67 #ifdef __cplusplus
nexpaq 0:6c56fb4bc5f0 68 extern "C" {
nexpaq 0:6c56fb4bc5f0 69 #endif
nexpaq 0:6c56fb4bc5f0 70
nexpaq 0:6c56fb4bc5f0 71 /**
nexpaq 0:6c56fb4bc5f0 72 * \brief Public key types
nexpaq 0:6c56fb4bc5f0 73 */
nexpaq 0:6c56fb4bc5f0 74 typedef enum {
nexpaq 0:6c56fb4bc5f0 75 MBEDTLS_PK_NONE=0,
nexpaq 0:6c56fb4bc5f0 76 MBEDTLS_PK_RSA,
nexpaq 0:6c56fb4bc5f0 77 MBEDTLS_PK_ECKEY,
nexpaq 0:6c56fb4bc5f0 78 MBEDTLS_PK_ECKEY_DH,
nexpaq 0:6c56fb4bc5f0 79 MBEDTLS_PK_ECDSA,
nexpaq 0:6c56fb4bc5f0 80 MBEDTLS_PK_RSA_ALT,
nexpaq 0:6c56fb4bc5f0 81 MBEDTLS_PK_RSASSA_PSS,
nexpaq 0:6c56fb4bc5f0 82 } mbedtls_pk_type_t;
nexpaq 0:6c56fb4bc5f0 83
nexpaq 0:6c56fb4bc5f0 84 /**
nexpaq 0:6c56fb4bc5f0 85 * \brief Options for RSASSA-PSS signature verification.
nexpaq 0:6c56fb4bc5f0 86 * See \c mbedtls_rsa_rsassa_pss_verify_ext()
nexpaq 0:6c56fb4bc5f0 87 */
nexpaq 0:6c56fb4bc5f0 88 typedef struct
nexpaq 0:6c56fb4bc5f0 89 {
nexpaq 0:6c56fb4bc5f0 90 mbedtls_md_type_t mgf1_hash_id;
nexpaq 0:6c56fb4bc5f0 91 int expected_salt_len;
nexpaq 0:6c56fb4bc5f0 92
nexpaq 0:6c56fb4bc5f0 93 } mbedtls_pk_rsassa_pss_options;
nexpaq 0:6c56fb4bc5f0 94
nexpaq 0:6c56fb4bc5f0 95 /**
nexpaq 0:6c56fb4bc5f0 96 * \brief Types for interfacing with the debug module
nexpaq 0:6c56fb4bc5f0 97 */
nexpaq 0:6c56fb4bc5f0 98 typedef enum
nexpaq 0:6c56fb4bc5f0 99 {
nexpaq 0:6c56fb4bc5f0 100 MBEDTLS_PK_DEBUG_NONE = 0,
nexpaq 0:6c56fb4bc5f0 101 MBEDTLS_PK_DEBUG_MPI,
nexpaq 0:6c56fb4bc5f0 102 MBEDTLS_PK_DEBUG_ECP,
nexpaq 0:6c56fb4bc5f0 103 } mbedtls_pk_debug_type;
nexpaq 0:6c56fb4bc5f0 104
nexpaq 0:6c56fb4bc5f0 105 /**
nexpaq 0:6c56fb4bc5f0 106 * \brief Item to send to the debug module
nexpaq 0:6c56fb4bc5f0 107 */
nexpaq 0:6c56fb4bc5f0 108 typedef struct
nexpaq 0:6c56fb4bc5f0 109 {
nexpaq 0:6c56fb4bc5f0 110 mbedtls_pk_debug_type type;
nexpaq 0:6c56fb4bc5f0 111 const char *name;
nexpaq 0:6c56fb4bc5f0 112 void *value;
nexpaq 0:6c56fb4bc5f0 113 } mbedtls_pk_debug_item;
nexpaq 0:6c56fb4bc5f0 114
nexpaq 0:6c56fb4bc5f0 115 /** Maximum number of item send for debugging, plus 1 */
nexpaq 0:6c56fb4bc5f0 116 #define MBEDTLS_PK_DEBUG_MAX_ITEMS 3
nexpaq 0:6c56fb4bc5f0 117
nexpaq 0:6c56fb4bc5f0 118 /**
nexpaq 0:6c56fb4bc5f0 119 * \brief Public key information and operations
nexpaq 0:6c56fb4bc5f0 120 */
nexpaq 0:6c56fb4bc5f0 121 typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
nexpaq 0:6c56fb4bc5f0 122
nexpaq 0:6c56fb4bc5f0 123 /**
nexpaq 0:6c56fb4bc5f0 124 * \brief Public key container
nexpaq 0:6c56fb4bc5f0 125 */
nexpaq 0:6c56fb4bc5f0 126 typedef struct
nexpaq 0:6c56fb4bc5f0 127 {
nexpaq 0:6c56fb4bc5f0 128 const mbedtls_pk_info_t * pk_info; /**< Public key informations */
nexpaq 0:6c56fb4bc5f0 129 void * pk_ctx; /**< Underlying public key context */
nexpaq 0:6c56fb4bc5f0 130 } mbedtls_pk_context;
nexpaq 0:6c56fb4bc5f0 131
nexpaq 0:6c56fb4bc5f0 132 #if defined(MBEDTLS_RSA_C)
nexpaq 0:6c56fb4bc5f0 133 /**
nexpaq 0:6c56fb4bc5f0 134 * Quick access to an RSA context inside a PK context.
nexpaq 0:6c56fb4bc5f0 135 *
nexpaq 0:6c56fb4bc5f0 136 * \warning You must make sure the PK context actually holds an RSA context
nexpaq 0:6c56fb4bc5f0 137 * before using this function!
nexpaq 0:6c56fb4bc5f0 138 */
nexpaq 0:6c56fb4bc5f0 139 static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
nexpaq 0:6c56fb4bc5f0 140 {
nexpaq 0:6c56fb4bc5f0 141 return( (mbedtls_rsa_context *) (pk).pk_ctx );
nexpaq 0:6c56fb4bc5f0 142 }
nexpaq 0:6c56fb4bc5f0 143 #endif /* MBEDTLS_RSA_C */
nexpaq 0:6c56fb4bc5f0 144
nexpaq 0:6c56fb4bc5f0 145 #if defined(MBEDTLS_ECP_C)
nexpaq 0:6c56fb4bc5f0 146 /**
nexpaq 0:6c56fb4bc5f0 147 * Quick access to an EC context inside a PK context.
nexpaq 0:6c56fb4bc5f0 148 *
nexpaq 0:6c56fb4bc5f0 149 * \warning You must make sure the PK context actually holds an EC context
nexpaq 0:6c56fb4bc5f0 150 * before using this function!
nexpaq 0:6c56fb4bc5f0 151 */
nexpaq 0:6c56fb4bc5f0 152 static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
nexpaq 0:6c56fb4bc5f0 153 {
nexpaq 0:6c56fb4bc5f0 154 return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
nexpaq 0:6c56fb4bc5f0 155 }
nexpaq 0:6c56fb4bc5f0 156 #endif /* MBEDTLS_ECP_C */
nexpaq 0:6c56fb4bc5f0 157
nexpaq 0:6c56fb4bc5f0 158 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
nexpaq 0:6c56fb4bc5f0 159 /**
nexpaq 0:6c56fb4bc5f0 160 * \brief Types for RSA-alt abstraction
nexpaq 0:6c56fb4bc5f0 161 */
nexpaq 0:6c56fb4bc5f0 162 typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *olen,
nexpaq 0:6c56fb4bc5f0 163 const unsigned char *input, unsigned char *output,
nexpaq 0:6c56fb4bc5f0 164 size_t output_max_len );
nexpaq 0:6c56fb4bc5f0 165 typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx,
nexpaq 0:6c56fb4bc5f0 166 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
nexpaq 0:6c56fb4bc5f0 167 int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
nexpaq 0:6c56fb4bc5f0 168 const unsigned char *hash, unsigned char *sig );
nexpaq 0:6c56fb4bc5f0 169 typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx );
nexpaq 0:6c56fb4bc5f0 170 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
nexpaq 0:6c56fb4bc5f0 171
nexpaq 0:6c56fb4bc5f0 172 /**
nexpaq 0:6c56fb4bc5f0 173 * \brief Return information associated with the given PK type
nexpaq 0:6c56fb4bc5f0 174 *
nexpaq 0:6c56fb4bc5f0 175 * \param pk_type PK type to search for.
nexpaq 0:6c56fb4bc5f0 176 *
nexpaq 0:6c56fb4bc5f0 177 * \return The PK info associated with the type or NULL if not found.
nexpaq 0:6c56fb4bc5f0 178 */
nexpaq 0:6c56fb4bc5f0 179 const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type );
nexpaq 0:6c56fb4bc5f0 180
nexpaq 0:6c56fb4bc5f0 181 /**
nexpaq 0:6c56fb4bc5f0 182 * \brief Initialize a mbedtls_pk_context (as NONE)
nexpaq 0:6c56fb4bc5f0 183 */
nexpaq 0:6c56fb4bc5f0 184 void mbedtls_pk_init( mbedtls_pk_context *ctx );
nexpaq 0:6c56fb4bc5f0 185
nexpaq 0:6c56fb4bc5f0 186 /**
nexpaq 0:6c56fb4bc5f0 187 * \brief Free a mbedtls_pk_context
nexpaq 0:6c56fb4bc5f0 188 */
nexpaq 0:6c56fb4bc5f0 189 void mbedtls_pk_free( mbedtls_pk_context *ctx );
nexpaq 0:6c56fb4bc5f0 190
nexpaq 0:6c56fb4bc5f0 191 /**
nexpaq 0:6c56fb4bc5f0 192 * \brief Initialize a PK context with the information given
nexpaq 0:6c56fb4bc5f0 193 * and allocates the type-specific PK subcontext.
nexpaq 0:6c56fb4bc5f0 194 *
nexpaq 0:6c56fb4bc5f0 195 * \param ctx Context to initialize. Must be empty (type NONE).
nexpaq 0:6c56fb4bc5f0 196 * \param info Information to use
nexpaq 0:6c56fb4bc5f0 197 *
nexpaq 0:6c56fb4bc5f0 198 * \return 0 on success,
nexpaq 0:6c56fb4bc5f0 199 * MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input,
nexpaq 0:6c56fb4bc5f0 200 * MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
nexpaq 0:6c56fb4bc5f0 201 *
nexpaq 0:6c56fb4bc5f0 202 * \note For contexts holding an RSA-alt key, use
nexpaq 0:6c56fb4bc5f0 203 * \c mbedtls_pk_setup_rsa_alt() instead.
nexpaq 0:6c56fb4bc5f0 204 */
nexpaq 0:6c56fb4bc5f0 205 int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
nexpaq 0:6c56fb4bc5f0 206
nexpaq 0:6c56fb4bc5f0 207 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
nexpaq 0:6c56fb4bc5f0 208 /**
nexpaq 0:6c56fb4bc5f0 209 * \brief Initialize an RSA-alt context
nexpaq 0:6c56fb4bc5f0 210 *
nexpaq 0:6c56fb4bc5f0 211 * \param ctx Context to initialize. Must be empty (type NONE).
nexpaq 0:6c56fb4bc5f0 212 * \param key RSA key pointer
nexpaq 0:6c56fb4bc5f0 213 * \param decrypt_func Decryption function
nexpaq 0:6c56fb4bc5f0 214 * \param sign_func Signing function
nexpaq 0:6c56fb4bc5f0 215 * \param key_len_func Function returning key length in bytes
nexpaq 0:6c56fb4bc5f0 216 *
nexpaq 0:6c56fb4bc5f0 217 * \return 0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the
nexpaq 0:6c56fb4bc5f0 218 * context wasn't already initialized as RSA_ALT.
nexpaq 0:6c56fb4bc5f0 219 *
nexpaq 0:6c56fb4bc5f0 220 * \note This function replaces \c mbedtls_pk_setup() for RSA-alt.
nexpaq 0:6c56fb4bc5f0 221 */
nexpaq 0:6c56fb4bc5f0 222 int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
nexpaq 0:6c56fb4bc5f0 223 mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
nexpaq 0:6c56fb4bc5f0 224 mbedtls_pk_rsa_alt_sign_func sign_func,
nexpaq 0:6c56fb4bc5f0 225 mbedtls_pk_rsa_alt_key_len_func key_len_func );
nexpaq 0:6c56fb4bc5f0 226 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
nexpaq 0:6c56fb4bc5f0 227
nexpaq 0:6c56fb4bc5f0 228 /**
nexpaq 0:6c56fb4bc5f0 229 * \brief Get the size in bits of the underlying key
nexpaq 0:6c56fb4bc5f0 230 *
nexpaq 0:6c56fb4bc5f0 231 * \param ctx Context to use
nexpaq 0:6c56fb4bc5f0 232 *
nexpaq 0:6c56fb4bc5f0 233 * \return Key size in bits, or 0 on error
nexpaq 0:6c56fb4bc5f0 234 */
nexpaq 0:6c56fb4bc5f0 235 size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
nexpaq 0:6c56fb4bc5f0 236
nexpaq 0:6c56fb4bc5f0 237 /**
nexpaq 0:6c56fb4bc5f0 238 * \brief Get the length in bytes of the underlying key
nexpaq 0:6c56fb4bc5f0 239 * \param ctx Context to use
nexpaq 0:6c56fb4bc5f0 240 *
nexpaq 0:6c56fb4bc5f0 241 * \return Key length in bytes, or 0 on error
nexpaq 0:6c56fb4bc5f0 242 */
nexpaq 0:6c56fb4bc5f0 243 static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx )
nexpaq 0:6c56fb4bc5f0 244 {
nexpaq 0:6c56fb4bc5f0 245 return( ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 );
nexpaq 0:6c56fb4bc5f0 246 }
nexpaq 0:6c56fb4bc5f0 247
nexpaq 0:6c56fb4bc5f0 248 /**
nexpaq 0:6c56fb4bc5f0 249 * \brief Tell if a context can do the operation given by type
nexpaq 0:6c56fb4bc5f0 250 *
nexpaq 0:6c56fb4bc5f0 251 * \param ctx Context to test
nexpaq 0:6c56fb4bc5f0 252 * \param type Target type
nexpaq 0:6c56fb4bc5f0 253 *
nexpaq 0:6c56fb4bc5f0 254 * \return 0 if context can't do the operations,
nexpaq 0:6c56fb4bc5f0 255 * 1 otherwise.
nexpaq 0:6c56fb4bc5f0 256 */
nexpaq 0:6c56fb4bc5f0 257 int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
nexpaq 0:6c56fb4bc5f0 258
nexpaq 0:6c56fb4bc5f0 259 /**
nexpaq 0:6c56fb4bc5f0 260 * \brief Verify signature (including padding if relevant).
nexpaq 0:6c56fb4bc5f0 261 *
nexpaq 0:6c56fb4bc5f0 262 * \param ctx PK context to use
nexpaq 0:6c56fb4bc5f0 263 * \param md_alg Hash algorithm used (see notes)
nexpaq 0:6c56fb4bc5f0 264 * \param hash Hash of the message to sign
nexpaq 0:6c56fb4bc5f0 265 * \param hash_len Hash length or 0 (see notes)
nexpaq 0:6c56fb4bc5f0 266 * \param sig Signature to verify
nexpaq 0:6c56fb4bc5f0 267 * \param sig_len Signature length
nexpaq 0:6c56fb4bc5f0 268 *
nexpaq 0:6c56fb4bc5f0 269 * \return 0 on success (signature is valid),
nexpaq 0:6c56fb4bc5f0 270 * MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
nexpaq 0:6c56fb4bc5f0 271 * valid but its actual length is less than sig_len,
nexpaq 0:6c56fb4bc5f0 272 * or a specific error code.
nexpaq 0:6c56fb4bc5f0 273 *
nexpaq 0:6c56fb4bc5f0 274 * \note For RSA keys, the default padding type is PKCS#1 v1.5.
nexpaq 0:6c56fb4bc5f0 275 * Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
nexpaq 0:6c56fb4bc5f0 276 * to verify RSASSA_PSS signatures.
nexpaq 0:6c56fb4bc5f0 277 *
nexpaq 0:6c56fb4bc5f0 278 * \note If hash_len is 0, then the length associated with md_alg
nexpaq 0:6c56fb4bc5f0 279 * is used instead, or an error returned if it is invalid.
nexpaq 0:6c56fb4bc5f0 280 *
nexpaq 0:6c56fb4bc5f0 281 * \note md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
nexpaq 0:6c56fb4bc5f0 282 */
nexpaq 0:6c56fb4bc5f0 283 int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
nexpaq 0:6c56fb4bc5f0 284 const unsigned char *hash, size_t hash_len,
nexpaq 0:6c56fb4bc5f0 285 const unsigned char *sig, size_t sig_len );
nexpaq 0:6c56fb4bc5f0 286
nexpaq 0:6c56fb4bc5f0 287 /**
nexpaq 0:6c56fb4bc5f0 288 * \brief Verify signature, with options.
nexpaq 0:6c56fb4bc5f0 289 * (Includes verification of the padding depending on type.)
nexpaq 0:6c56fb4bc5f0 290 *
nexpaq 0:6c56fb4bc5f0 291 * \param type Signature type (inc. possible padding type) to verify
nexpaq 0:6c56fb4bc5f0 292 * \param options Pointer to type-specific options, or NULL
nexpaq 0:6c56fb4bc5f0 293 * \param ctx PK context to use
nexpaq 0:6c56fb4bc5f0 294 * \param md_alg Hash algorithm used (see notes)
nexpaq 0:6c56fb4bc5f0 295 * \param hash Hash of the message to sign
nexpaq 0:6c56fb4bc5f0 296 * \param hash_len Hash length or 0 (see notes)
nexpaq 0:6c56fb4bc5f0 297 * \param sig Signature to verify
nexpaq 0:6c56fb4bc5f0 298 * \param sig_len Signature length
nexpaq 0:6c56fb4bc5f0 299 *
nexpaq 0:6c56fb4bc5f0 300 * \return 0 on success (signature is valid),
nexpaq 0:6c56fb4bc5f0 301 * MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
nexpaq 0:6c56fb4bc5f0 302 * used for this type of signatures,
nexpaq 0:6c56fb4bc5f0 303 * MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
nexpaq 0:6c56fb4bc5f0 304 * valid but its actual length is less than sig_len,
nexpaq 0:6c56fb4bc5f0 305 * or a specific error code.
nexpaq 0:6c56fb4bc5f0 306 *
nexpaq 0:6c56fb4bc5f0 307 * \note If hash_len is 0, then the length associated with md_alg
nexpaq 0:6c56fb4bc5f0 308 * is used instead, or an error returned if it is invalid.
nexpaq 0:6c56fb4bc5f0 309 *
nexpaq 0:6c56fb4bc5f0 310 * \note md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
nexpaq 0:6c56fb4bc5f0 311 *
nexpaq 0:6c56fb4bc5f0 312 * \note If type is MBEDTLS_PK_RSASSA_PSS, then options must point
nexpaq 0:6c56fb4bc5f0 313 * to a mbedtls_pk_rsassa_pss_options structure,
nexpaq 0:6c56fb4bc5f0 314 * otherwise it must be NULL.
nexpaq 0:6c56fb4bc5f0 315 */
nexpaq 0:6c56fb4bc5f0 316 int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
nexpaq 0:6c56fb4bc5f0 317 mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
nexpaq 0:6c56fb4bc5f0 318 const unsigned char *hash, size_t hash_len,
nexpaq 0:6c56fb4bc5f0 319 const unsigned char *sig, size_t sig_len );
nexpaq 0:6c56fb4bc5f0 320
nexpaq 0:6c56fb4bc5f0 321 /**
nexpaq 0:6c56fb4bc5f0 322 * \brief Make signature, including padding if relevant.
nexpaq 0:6c56fb4bc5f0 323 *
nexpaq 0:6c56fb4bc5f0 324 * \param ctx PK context to use - must hold a private key
nexpaq 0:6c56fb4bc5f0 325 * \param md_alg Hash algorithm used (see notes)
nexpaq 0:6c56fb4bc5f0 326 * \param hash Hash of the message to sign
nexpaq 0:6c56fb4bc5f0 327 * \param hash_len Hash length or 0 (see notes)
nexpaq 0:6c56fb4bc5f0 328 * \param sig Place to write the signature
nexpaq 0:6c56fb4bc5f0 329 * \param sig_len Number of bytes written
nexpaq 0:6c56fb4bc5f0 330 * \param f_rng RNG function
nexpaq 0:6c56fb4bc5f0 331 * \param p_rng RNG parameter
nexpaq 0:6c56fb4bc5f0 332 *
nexpaq 0:6c56fb4bc5f0 333 * \return 0 on success, or a specific error code.
nexpaq 0:6c56fb4bc5f0 334 *
nexpaq 0:6c56fb4bc5f0 335 * \note For RSA keys, the default padding type is PKCS#1 v1.5.
nexpaq 0:6c56fb4bc5f0 336 * There is no interface in the PK module to make RSASSA-PSS
nexpaq 0:6c56fb4bc5f0 337 * signatures yet.
nexpaq 0:6c56fb4bc5f0 338 *
nexpaq 0:6c56fb4bc5f0 339 * \note If hash_len is 0, then the length associated with md_alg
nexpaq 0:6c56fb4bc5f0 340 * is used instead, or an error returned if it is invalid.
nexpaq 0:6c56fb4bc5f0 341 *
nexpaq 0:6c56fb4bc5f0 342 * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
nexpaq 0:6c56fb4bc5f0 343 * For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
nexpaq 0:6c56fb4bc5f0 344 */
nexpaq 0:6c56fb4bc5f0 345 int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
nexpaq 0:6c56fb4bc5f0 346 const unsigned char *hash, size_t hash_len,
nexpaq 0:6c56fb4bc5f0 347 unsigned char *sig, size_t *sig_len,
nexpaq 0:6c56fb4bc5f0 348 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
nexpaq 0:6c56fb4bc5f0 349
nexpaq 0:6c56fb4bc5f0 350 /**
nexpaq 0:6c56fb4bc5f0 351 * \brief Decrypt message (including padding if relevant).
nexpaq 0:6c56fb4bc5f0 352 *
nexpaq 0:6c56fb4bc5f0 353 * \param ctx PK context to use - must hold a private key
nexpaq 0:6c56fb4bc5f0 354 * \param input Input to decrypt
nexpaq 0:6c56fb4bc5f0 355 * \param ilen Input size
nexpaq 0:6c56fb4bc5f0 356 * \param output Decrypted output
nexpaq 0:6c56fb4bc5f0 357 * \param olen Decrypted message length
nexpaq 0:6c56fb4bc5f0 358 * \param osize Size of the output buffer
nexpaq 0:6c56fb4bc5f0 359 * \param f_rng RNG function
nexpaq 0:6c56fb4bc5f0 360 * \param p_rng RNG parameter
nexpaq 0:6c56fb4bc5f0 361 *
nexpaq 0:6c56fb4bc5f0 362 * \note For RSA keys, the default padding type is PKCS#1 v1.5.
nexpaq 0:6c56fb4bc5f0 363 *
nexpaq 0:6c56fb4bc5f0 364 * \return 0 on success, or a specific error code.
nexpaq 0:6c56fb4bc5f0 365 */
nexpaq 0:6c56fb4bc5f0 366 int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
nexpaq 0:6c56fb4bc5f0 367 const unsigned char *input, size_t ilen,
nexpaq 0:6c56fb4bc5f0 368 unsigned char *output, size_t *olen, size_t osize,
nexpaq 0:6c56fb4bc5f0 369 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
nexpaq 0:6c56fb4bc5f0 370
nexpaq 0:6c56fb4bc5f0 371 /**
nexpaq 0:6c56fb4bc5f0 372 * \brief Encrypt message (including padding if relevant).
nexpaq 0:6c56fb4bc5f0 373 *
nexpaq 0:6c56fb4bc5f0 374 * \param ctx PK context to use
nexpaq 0:6c56fb4bc5f0 375 * \param input Message to encrypt
nexpaq 0:6c56fb4bc5f0 376 * \param ilen Message size
nexpaq 0:6c56fb4bc5f0 377 * \param output Encrypted output
nexpaq 0:6c56fb4bc5f0 378 * \param olen Encrypted output length
nexpaq 0:6c56fb4bc5f0 379 * \param osize Size of the output buffer
nexpaq 0:6c56fb4bc5f0 380 * \param f_rng RNG function
nexpaq 0:6c56fb4bc5f0 381 * \param p_rng RNG parameter
nexpaq 0:6c56fb4bc5f0 382 *
nexpaq 0:6c56fb4bc5f0 383 * \note For RSA keys, the default padding type is PKCS#1 v1.5.
nexpaq 0:6c56fb4bc5f0 384 *
nexpaq 0:6c56fb4bc5f0 385 * \return 0 on success, or a specific error code.
nexpaq 0:6c56fb4bc5f0 386 */
nexpaq 0:6c56fb4bc5f0 387 int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
nexpaq 0:6c56fb4bc5f0 388 const unsigned char *input, size_t ilen,
nexpaq 0:6c56fb4bc5f0 389 unsigned char *output, size_t *olen, size_t osize,
nexpaq 0:6c56fb4bc5f0 390 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
nexpaq 0:6c56fb4bc5f0 391
nexpaq 0:6c56fb4bc5f0 392 /**
nexpaq 0:6c56fb4bc5f0 393 * \brief Check if a public-private pair of keys matches.
nexpaq 0:6c56fb4bc5f0 394 *
nexpaq 0:6c56fb4bc5f0 395 * \param pub Context holding a public key.
nexpaq 0:6c56fb4bc5f0 396 * \param prv Context holding a private (and public) key.
nexpaq 0:6c56fb4bc5f0 397 *
nexpaq 0:6c56fb4bc5f0 398 * \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
nexpaq 0:6c56fb4bc5f0 399 */
nexpaq 0:6c56fb4bc5f0 400 int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv );
nexpaq 0:6c56fb4bc5f0 401
nexpaq 0:6c56fb4bc5f0 402 /**
nexpaq 0:6c56fb4bc5f0 403 * \brief Export debug information
nexpaq 0:6c56fb4bc5f0 404 *
nexpaq 0:6c56fb4bc5f0 405 * \param ctx Context to use
nexpaq 0:6c56fb4bc5f0 406 * \param items Place to write debug items
nexpaq 0:6c56fb4bc5f0 407 *
nexpaq 0:6c56fb4bc5f0 408 * \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
nexpaq 0:6c56fb4bc5f0 409 */
nexpaq 0:6c56fb4bc5f0 410 int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items );
nexpaq 0:6c56fb4bc5f0 411
nexpaq 0:6c56fb4bc5f0 412 /**
nexpaq 0:6c56fb4bc5f0 413 * \brief Access the type name
nexpaq 0:6c56fb4bc5f0 414 *
nexpaq 0:6c56fb4bc5f0 415 * \param ctx Context to use
nexpaq 0:6c56fb4bc5f0 416 *
nexpaq 0:6c56fb4bc5f0 417 * \return Type name on success, or "invalid PK"
nexpaq 0:6c56fb4bc5f0 418 */
nexpaq 0:6c56fb4bc5f0 419 const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
nexpaq 0:6c56fb4bc5f0 420
nexpaq 0:6c56fb4bc5f0 421 /**
nexpaq 0:6c56fb4bc5f0 422 * \brief Get the key type
nexpaq 0:6c56fb4bc5f0 423 *
nexpaq 0:6c56fb4bc5f0 424 * \param ctx Context to use
nexpaq 0:6c56fb4bc5f0 425 *
nexpaq 0:6c56fb4bc5f0 426 * \return Type on success, or MBEDTLS_PK_NONE
nexpaq 0:6c56fb4bc5f0 427 */
nexpaq 0:6c56fb4bc5f0 428 mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
nexpaq 0:6c56fb4bc5f0 429
nexpaq 0:6c56fb4bc5f0 430 #if defined(MBEDTLS_PK_PARSE_C)
nexpaq 0:6c56fb4bc5f0 431 /** \ingroup pk_module */
nexpaq 0:6c56fb4bc5f0 432 /**
nexpaq 0:6c56fb4bc5f0 433 * \brief Parse a private key in PEM or DER format
nexpaq 0:6c56fb4bc5f0 434 *
nexpaq 0:6c56fb4bc5f0 435 * \param ctx key to be initialized
nexpaq 0:6c56fb4bc5f0 436 * \param key input buffer
nexpaq 0:6c56fb4bc5f0 437 * \param keylen size of the buffer
nexpaq 0:6c56fb4bc5f0 438 * (including the terminating null byte for PEM data)
nexpaq 0:6c56fb4bc5f0 439 * \param pwd password for decryption (optional)
nexpaq 0:6c56fb4bc5f0 440 * \param pwdlen size of the password
nexpaq 0:6c56fb4bc5f0 441 *
nexpaq 0:6c56fb4bc5f0 442 * \note On entry, ctx must be empty, either freshly initialised
nexpaq 0:6c56fb4bc5f0 443 * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
nexpaq 0:6c56fb4bc5f0 444 * specific key type, check the result with mbedtls_pk_can_do().
nexpaq 0:6c56fb4bc5f0 445 *
nexpaq 0:6c56fb4bc5f0 446 * \note The key is also checked for correctness.
nexpaq 0:6c56fb4bc5f0 447 *
nexpaq 0:6c56fb4bc5f0 448 * \return 0 if successful, or a specific PK or PEM error code
nexpaq 0:6c56fb4bc5f0 449 */
nexpaq 0:6c56fb4bc5f0 450 int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
nexpaq 0:6c56fb4bc5f0 451 const unsigned char *key, size_t keylen,
nexpaq 0:6c56fb4bc5f0 452 const unsigned char *pwd, size_t pwdlen );
nexpaq 0:6c56fb4bc5f0 453
nexpaq 0:6c56fb4bc5f0 454 /** \ingroup pk_module */
nexpaq 0:6c56fb4bc5f0 455 /**
nexpaq 0:6c56fb4bc5f0 456 * \brief Parse a public key in PEM or DER format
nexpaq 0:6c56fb4bc5f0 457 *
nexpaq 0:6c56fb4bc5f0 458 * \param ctx key to be initialized
nexpaq 0:6c56fb4bc5f0 459 * \param key input buffer
nexpaq 0:6c56fb4bc5f0 460 * \param keylen size of the buffer
nexpaq 0:6c56fb4bc5f0 461 * (including the terminating null byte for PEM data)
nexpaq 0:6c56fb4bc5f0 462 *
nexpaq 0:6c56fb4bc5f0 463 * \note On entry, ctx must be empty, either freshly initialised
nexpaq 0:6c56fb4bc5f0 464 * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
nexpaq 0:6c56fb4bc5f0 465 * specific key type, check the result with mbedtls_pk_can_do().
nexpaq 0:6c56fb4bc5f0 466 *
nexpaq 0:6c56fb4bc5f0 467 * \note The key is also checked for correctness.
nexpaq 0:6c56fb4bc5f0 468 *
nexpaq 0:6c56fb4bc5f0 469 * \return 0 if successful, or a specific PK or PEM error code
nexpaq 0:6c56fb4bc5f0 470 */
nexpaq 0:6c56fb4bc5f0 471 int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
nexpaq 0:6c56fb4bc5f0 472 const unsigned char *key, size_t keylen );
nexpaq 0:6c56fb4bc5f0 473
nexpaq 0:6c56fb4bc5f0 474 #if defined(MBEDTLS_FS_IO)
nexpaq 0:6c56fb4bc5f0 475 /** \ingroup pk_module */
nexpaq 0:6c56fb4bc5f0 476 /**
nexpaq 0:6c56fb4bc5f0 477 * \brief Load and parse a private key
nexpaq 0:6c56fb4bc5f0 478 *
nexpaq 0:6c56fb4bc5f0 479 * \param ctx key to be initialized
nexpaq 0:6c56fb4bc5f0 480 * \param path filename to read the private key from
nexpaq 0:6c56fb4bc5f0 481 * \param password password to decrypt the file (can be NULL)
nexpaq 0:6c56fb4bc5f0 482 *
nexpaq 0:6c56fb4bc5f0 483 * \note On entry, ctx must be empty, either freshly initialised
nexpaq 0:6c56fb4bc5f0 484 * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
nexpaq 0:6c56fb4bc5f0 485 * specific key type, check the result with mbedtls_pk_can_do().
nexpaq 0:6c56fb4bc5f0 486 *
nexpaq 0:6c56fb4bc5f0 487 * \note The key is also checked for correctness.
nexpaq 0:6c56fb4bc5f0 488 *
nexpaq 0:6c56fb4bc5f0 489 * \return 0 if successful, or a specific PK or PEM error code
nexpaq 0:6c56fb4bc5f0 490 */
nexpaq 0:6c56fb4bc5f0 491 int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
nexpaq 0:6c56fb4bc5f0 492 const char *path, const char *password );
nexpaq 0:6c56fb4bc5f0 493
nexpaq 0:6c56fb4bc5f0 494 /** \ingroup pk_module */
nexpaq 0:6c56fb4bc5f0 495 /**
nexpaq 0:6c56fb4bc5f0 496 * \brief Load and parse a public key
nexpaq 0:6c56fb4bc5f0 497 *
nexpaq 0:6c56fb4bc5f0 498 * \param ctx key to be initialized
nexpaq 0:6c56fb4bc5f0 499 * \param path filename to read the public key from
nexpaq 0:6c56fb4bc5f0 500 *
nexpaq 0:6c56fb4bc5f0 501 * \note On entry, ctx must be empty, either freshly initialised
nexpaq 0:6c56fb4bc5f0 502 * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If
nexpaq 0:6c56fb4bc5f0 503 * you need a specific key type, check the result with
nexpaq 0:6c56fb4bc5f0 504 * mbedtls_pk_can_do().
nexpaq 0:6c56fb4bc5f0 505 *
nexpaq 0:6c56fb4bc5f0 506 * \note The key is also checked for correctness.
nexpaq 0:6c56fb4bc5f0 507 *
nexpaq 0:6c56fb4bc5f0 508 * \return 0 if successful, or a specific PK or PEM error code
nexpaq 0:6c56fb4bc5f0 509 */
nexpaq 0:6c56fb4bc5f0 510 int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path );
nexpaq 0:6c56fb4bc5f0 511 #endif /* MBEDTLS_FS_IO */
nexpaq 0:6c56fb4bc5f0 512 #endif /* MBEDTLS_PK_PARSE_C */
nexpaq 0:6c56fb4bc5f0 513
nexpaq 0:6c56fb4bc5f0 514 #if defined(MBEDTLS_PK_WRITE_C)
nexpaq 0:6c56fb4bc5f0 515 /**
nexpaq 0:6c56fb4bc5f0 516 * \brief Write a private key to a PKCS#1 or SEC1 DER structure
nexpaq 0:6c56fb4bc5f0 517 * Note: data is written at the end of the buffer! Use the
nexpaq 0:6c56fb4bc5f0 518 * return value to determine where you should start
nexpaq 0:6c56fb4bc5f0 519 * using the buffer
nexpaq 0:6c56fb4bc5f0 520 *
nexpaq 0:6c56fb4bc5f0 521 * \param ctx private to write away
nexpaq 0:6c56fb4bc5f0 522 * \param buf buffer to write to
nexpaq 0:6c56fb4bc5f0 523 * \param size size of the buffer
nexpaq 0:6c56fb4bc5f0 524 *
nexpaq 0:6c56fb4bc5f0 525 * \return length of data written if successful, or a specific
nexpaq 0:6c56fb4bc5f0 526 * error code
nexpaq 0:6c56fb4bc5f0 527 */
nexpaq 0:6c56fb4bc5f0 528 int mbedtls_pk_write_key_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
nexpaq 0:6c56fb4bc5f0 529
nexpaq 0:6c56fb4bc5f0 530 /**
nexpaq 0:6c56fb4bc5f0 531 * \brief Write a public key to a SubjectPublicKeyInfo DER structure
nexpaq 0:6c56fb4bc5f0 532 * Note: data is written at the end of the buffer! Use the
nexpaq 0:6c56fb4bc5f0 533 * return value to determine where you should start
nexpaq 0:6c56fb4bc5f0 534 * using the buffer
nexpaq 0:6c56fb4bc5f0 535 *
nexpaq 0:6c56fb4bc5f0 536 * \param ctx public key to write away
nexpaq 0:6c56fb4bc5f0 537 * \param buf buffer to write to
nexpaq 0:6c56fb4bc5f0 538 * \param size size of the buffer
nexpaq 0:6c56fb4bc5f0 539 *
nexpaq 0:6c56fb4bc5f0 540 * \return length of data written if successful, or a specific
nexpaq 0:6c56fb4bc5f0 541 * error code
nexpaq 0:6c56fb4bc5f0 542 */
nexpaq 0:6c56fb4bc5f0 543 int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
nexpaq 0:6c56fb4bc5f0 544
nexpaq 0:6c56fb4bc5f0 545 #if defined(MBEDTLS_PEM_WRITE_C)
nexpaq 0:6c56fb4bc5f0 546 /**
nexpaq 0:6c56fb4bc5f0 547 * \brief Write a public key to a PEM string
nexpaq 0:6c56fb4bc5f0 548 *
nexpaq 0:6c56fb4bc5f0 549 * \param ctx public key to write away
nexpaq 0:6c56fb4bc5f0 550 * \param buf buffer to write to
nexpaq 0:6c56fb4bc5f0 551 * \param size size of the buffer
nexpaq 0:6c56fb4bc5f0 552 *
nexpaq 0:6c56fb4bc5f0 553 * \return 0 if successful, or a specific error code
nexpaq 0:6c56fb4bc5f0 554 */
nexpaq 0:6c56fb4bc5f0 555 int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
nexpaq 0:6c56fb4bc5f0 556
nexpaq 0:6c56fb4bc5f0 557 /**
nexpaq 0:6c56fb4bc5f0 558 * \brief Write a private key to a PKCS#1 or SEC1 PEM string
nexpaq 0:6c56fb4bc5f0 559 *
nexpaq 0:6c56fb4bc5f0 560 * \param ctx private to write away
nexpaq 0:6c56fb4bc5f0 561 * \param buf buffer to write to
nexpaq 0:6c56fb4bc5f0 562 * \param size size of the buffer
nexpaq 0:6c56fb4bc5f0 563 *
nexpaq 0:6c56fb4bc5f0 564 * \return 0 if successful, or a specific error code
nexpaq 0:6c56fb4bc5f0 565 */
nexpaq 0:6c56fb4bc5f0 566 int mbedtls_pk_write_key_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
nexpaq 0:6c56fb4bc5f0 567 #endif /* MBEDTLS_PEM_WRITE_C */
nexpaq 0:6c56fb4bc5f0 568 #endif /* MBEDTLS_PK_WRITE_C */
nexpaq 0:6c56fb4bc5f0 569
nexpaq 0:6c56fb4bc5f0 570 /*
nexpaq 0:6c56fb4bc5f0 571 * WARNING: Low-level functions. You probably do not want to use these unless
nexpaq 0:6c56fb4bc5f0 572 * you are certain you do ;)
nexpaq 0:6c56fb4bc5f0 573 */
nexpaq 0:6c56fb4bc5f0 574
nexpaq 0:6c56fb4bc5f0 575 #if defined(MBEDTLS_PK_PARSE_C)
nexpaq 0:6c56fb4bc5f0 576 /**
nexpaq 0:6c56fb4bc5f0 577 * \brief Parse a SubjectPublicKeyInfo DER structure
nexpaq 0:6c56fb4bc5f0 578 *
nexpaq 0:6c56fb4bc5f0 579 * \param p the position in the ASN.1 data
nexpaq 0:6c56fb4bc5f0 580 * \param end end of the buffer
nexpaq 0:6c56fb4bc5f0 581 * \param pk the key to fill
nexpaq 0:6c56fb4bc5f0 582 *
nexpaq 0:6c56fb4bc5f0 583 * \return 0 if successful, or a specific PK error code
nexpaq 0:6c56fb4bc5f0 584 */
nexpaq 0:6c56fb4bc5f0 585 int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
nexpaq 0:6c56fb4bc5f0 586 mbedtls_pk_context *pk );
nexpaq 0:6c56fb4bc5f0 587 #endif /* MBEDTLS_PK_PARSE_C */
nexpaq 0:6c56fb4bc5f0 588
nexpaq 0:6c56fb4bc5f0 589 #if defined(MBEDTLS_PK_WRITE_C)
nexpaq 0:6c56fb4bc5f0 590 /**
nexpaq 0:6c56fb4bc5f0 591 * \brief Write a subjectPublicKey to ASN.1 data
nexpaq 0:6c56fb4bc5f0 592 * Note: function works backwards in data buffer
nexpaq 0:6c56fb4bc5f0 593 *
nexpaq 0:6c56fb4bc5f0 594 * \param p reference to current position pointer
nexpaq 0:6c56fb4bc5f0 595 * \param start start of the buffer (for bounds-checking)
nexpaq 0:6c56fb4bc5f0 596 * \param key public key to write away
nexpaq 0:6c56fb4bc5f0 597 *
nexpaq 0:6c56fb4bc5f0 598 * \return the length written or a negative error code
nexpaq 0:6c56fb4bc5f0 599 */
nexpaq 0:6c56fb4bc5f0 600 int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
nexpaq 0:6c56fb4bc5f0 601 const mbedtls_pk_context *key );
nexpaq 0:6c56fb4bc5f0 602 #endif /* MBEDTLS_PK_WRITE_C */
nexpaq 0:6c56fb4bc5f0 603
nexpaq 0:6c56fb4bc5f0 604 /*
nexpaq 0:6c56fb4bc5f0 605 * Internal module functions. You probably do not want to use these unless you
nexpaq 0:6c56fb4bc5f0 606 * know you do.
nexpaq 0:6c56fb4bc5f0 607 */
nexpaq 0:6c56fb4bc5f0 608 #if defined(MBEDTLS_FS_IO)
nexpaq 0:6c56fb4bc5f0 609 int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n );
nexpaq 0:6c56fb4bc5f0 610 #endif
nexpaq 0:6c56fb4bc5f0 611
nexpaq 0:6c56fb4bc5f0 612 #ifdef __cplusplus
nexpaq 0:6c56fb4bc5f0 613 }
nexpaq 0:6c56fb4bc5f0 614 #endif
nexpaq 0:6c56fb4bc5f0 615
nexpaq 0:6c56fb4bc5f0 616 #endif /* MBEDTLS_PK_H */