1 /*
2 * Public Key abstraction layer
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6 *
7 * This file is provided under the Apache License 2.0, or the
8 * GNU General Public License v2.0 or later.
9 *
10 * **********
11 * Apache License 2.0:
12 *
13 * Licensed under the Apache License, Version 2.0 (the "License"); you may
14 * not use this file except in compliance with the License.
15 * You may obtain a copy of the License at
16 *
17 * http://www.apache.org/licenses/LICENSE-2.0
18 *
19 * Unless required by applicable law or agreed to in writing, software
20 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
21 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22 * See the License for the specific language governing permissions and
23 * limitations under the License.
24 *
25 * **********
26 *
27 * **********
28 * GNU General Public License v2.0 or later:
29 *
30 * This program is free software; you can redistribute it and/or modify
31 * it under the terms of the GNU General Public License as published by
32 * the Free Software Foundation; either version 2 of the License, or
33 * (at your option) any later version.
34 *
35 * This program is distributed in the hope that it will be useful,
36 * but WITHOUT ANY WARRANTY; without even the implied warranty of
37 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
38 * GNU General Public License for more details.
39 *
40 * You should have received a copy of the GNU General Public License along
41 * with this program; if not, write to the Free Software Foundation, Inc.,
42 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
43 *
44 * **********
45 */
46
47 #if !defined(MBEDTLS_CONFIG_FILE)
48 #include "mbedtls/config.h"
49 #else
50 #include MBEDTLS_CONFIG_FILE
51 #endif
52
53 #if defined(MBEDTLS_PK_C)
54 #include "mbedtls/pk.h"
55 #include "mbedtls/pk_internal.h"
56
57 #include "mbedtls/platform_util.h"
58
59 #if defined(MBEDTLS_RSA_C)
60 #include "mbedtls/rsa.h"
61 #endif
62 #if defined(MBEDTLS_ECP_C)
63 #include "mbedtls/ecp.h"
64 #endif
65 #if defined(MBEDTLS_ECDSA_C)
66 #include "mbedtls/ecdsa.h"
67 #endif
68
69 #include <limits.h>
70 #include <stdint.h>
71
72 /* Parameter validation macros based on platform_util.h */
73 #define PK_VALIDATE_RET( cond ) \
74 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
75 #define PK_VALIDATE( cond ) \
76 MBEDTLS_INTERNAL_VALIDATE( cond )
77
78 /*
79 * Initialise a mbedtls_pk_context
80 */
mbedtls_pk_init(mbedtls_pk_context * ctx)81 void mbedtls_pk_init( mbedtls_pk_context *ctx )
82 {
83 PK_VALIDATE( ctx != NULL );
84
85 ctx->pk_info = NULL;
86 ctx->pk_ctx = NULL;
87 }
88
89 /*
90 * Free (the components of) a mbedtls_pk_context
91 */
mbedtls_pk_free(mbedtls_pk_context * ctx)92 void mbedtls_pk_free( mbedtls_pk_context *ctx )
93 {
94 if( ctx == NULL )
95 return;
96
97 if ( ctx->pk_info != NULL )
98 ctx->pk_info->ctx_free_func( ctx->pk_ctx );
99
100 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) );
101 }
102
103 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
104 /*
105 * Initialize a restart context
106 */
mbedtls_pk_restart_init(mbedtls_pk_restart_ctx * ctx)107 void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx )
108 {
109 PK_VALIDATE( ctx != NULL );
110 ctx->pk_info = NULL;
111 ctx->rs_ctx = NULL;
112 }
113
114 /*
115 * Free the components of a restart context
116 */
mbedtls_pk_restart_free(mbedtls_pk_restart_ctx * ctx)117 void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx )
118 {
119 if( ctx == NULL || ctx->pk_info == NULL ||
120 ctx->pk_info->rs_free_func == NULL )
121 {
122 return;
123 }
124
125 ctx->pk_info->rs_free_func( ctx->rs_ctx );
126
127 ctx->pk_info = NULL;
128 ctx->rs_ctx = NULL;
129 }
130 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
131
132 /*
133 * Get pk_info structure from type
134 */
mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type)135 const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type )
136 {
137 switch( pk_type ) {
138 #if defined(MBEDTLS_RSA_C)
139 case MBEDTLS_PK_RSA:
140 return( &mbedtls_rsa_info );
141 #endif
142 #if defined(MBEDTLS_ECP_C)
143 case MBEDTLS_PK_ECKEY:
144 return( &mbedtls_eckey_info );
145 case MBEDTLS_PK_ECKEY_DH:
146 return( &mbedtls_eckeydh_info );
147 #endif
148 #if defined(MBEDTLS_ECDSA_C)
149 case MBEDTLS_PK_ECDSA:
150 return( &mbedtls_ecdsa_info );
151 #endif
152 /* MBEDTLS_PK_RSA_ALT omitted on purpose */
153 default:
154 return( NULL );
155 }
156 }
157
158 /*
159 * Initialise context
160 */
mbedtls_pk_setup(mbedtls_pk_context * ctx,const mbedtls_pk_info_t * info)161 int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
162 {
163 PK_VALIDATE_RET( ctx != NULL );
164 if( info == NULL || ctx->pk_info != NULL )
165 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
166
167 if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
168 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
169
170 ctx->pk_info = info;
171
172 return( 0 );
173 }
174
175 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
176 /*
177 * Initialize an RSA-alt context
178 */
mbedtls_pk_setup_rsa_alt(mbedtls_pk_context * ctx,void * key,mbedtls_pk_rsa_alt_decrypt_func decrypt_func,mbedtls_pk_rsa_alt_sign_func sign_func,mbedtls_pk_rsa_alt_key_len_func key_len_func)179 int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
180 mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
181 mbedtls_pk_rsa_alt_sign_func sign_func,
182 mbedtls_pk_rsa_alt_key_len_func key_len_func )
183 {
184 mbedtls_rsa_alt_context *rsa_alt;
185 const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info;
186
187 PK_VALIDATE_RET( ctx != NULL );
188 if( ctx->pk_info != NULL )
189 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
190
191 if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
192 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
193
194 ctx->pk_info = info;
195
196 rsa_alt = (mbedtls_rsa_alt_context *) ctx->pk_ctx;
197
198 rsa_alt->key = key;
199 rsa_alt->decrypt_func = decrypt_func;
200 rsa_alt->sign_func = sign_func;
201 rsa_alt->key_len_func = key_len_func;
202
203 return( 0 );
204 }
205 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
206
207 /*
208 * Tell if a PK can do the operations of the given type
209 */
mbedtls_pk_can_do(const mbedtls_pk_context * ctx,mbedtls_pk_type_t type)210 int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type )
211 {
212 /* A context with null pk_info is not set up yet and can't do anything.
213 * For backward compatibility, also accept NULL instead of a context
214 * pointer. */
215 if( ctx == NULL || ctx->pk_info == NULL )
216 return( 0 );
217
218 return( ctx->pk_info->can_do( type ) );
219 }
220
221 /*
222 * Helper for mbedtls_pk_sign and mbedtls_pk_verify
223 */
pk_hashlen_helper(mbedtls_md_type_t md_alg,size_t * hash_len)224 static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len )
225 {
226 const mbedtls_md_info_t *md_info;
227
228 if( *hash_len != 0 )
229 return( 0 );
230
231 if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
232 return( -1 );
233
234 *hash_len = mbedtls_md_get_size( md_info );
235 return( 0 );
236 }
237
238 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
239 /*
240 * Helper to set up a restart context if needed
241 */
pk_restart_setup(mbedtls_pk_restart_ctx * ctx,const mbedtls_pk_info_t * info)242 static int pk_restart_setup( mbedtls_pk_restart_ctx *ctx,
243 const mbedtls_pk_info_t *info )
244 {
245 /* Don't do anything if already set up or invalid */
246 if( ctx == NULL || ctx->pk_info != NULL )
247 return( 0 );
248
249 /* Should never happen when we're called */
250 if( info->rs_alloc_func == NULL || info->rs_free_func == NULL )
251 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
252
253 if( ( ctx->rs_ctx = info->rs_alloc_func() ) == NULL )
254 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
255
256 ctx->pk_info = info;
257
258 return( 0 );
259 }
260 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
261
262 /*
263 * Verify a signature (restartable)
264 */
mbedtls_pk_verify_restartable(mbedtls_pk_context * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,const unsigned char * sig,size_t sig_len,mbedtls_pk_restart_ctx * rs_ctx)265 int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
266 mbedtls_md_type_t md_alg,
267 const unsigned char *hash, size_t hash_len,
268 const unsigned char *sig, size_t sig_len,
269 mbedtls_pk_restart_ctx *rs_ctx )
270 {
271 PK_VALIDATE_RET( ctx != NULL );
272 PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
273 hash != NULL );
274 PK_VALIDATE_RET( sig != NULL );
275
276 if( ctx->pk_info == NULL ||
277 pk_hashlen_helper( md_alg, &hash_len ) != 0 )
278 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
279
280 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
281 /* optimization: use non-restartable version if restart disabled */
282 if( rs_ctx != NULL &&
283 mbedtls_ecp_restart_is_enabled() &&
284 ctx->pk_info->verify_rs_func != NULL )
285 {
286 int ret;
287
288 if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 )
289 return( ret );
290
291 ret = ctx->pk_info->verify_rs_func( ctx->pk_ctx,
292 md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx );
293
294 if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
295 mbedtls_pk_restart_free( rs_ctx );
296
297 return( ret );
298 }
299 #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
300 (void) rs_ctx;
301 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
302
303 if( ctx->pk_info->verify_func == NULL )
304 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
305
306 return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len,
307 sig, sig_len ) );
308 }
309
310 /*
311 * Verify a signature
312 */
mbedtls_pk_verify(mbedtls_pk_context * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,const unsigned char * sig,size_t sig_len)313 int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
314 const unsigned char *hash, size_t hash_len,
315 const unsigned char *sig, size_t sig_len )
316 {
317 return( mbedtls_pk_verify_restartable( ctx, md_alg, hash, hash_len,
318 sig, sig_len, NULL ) );
319 }
320
321 /*
322 * Verify a signature with options
323 */
mbedtls_pk_verify_ext(mbedtls_pk_type_t type,const void * options,mbedtls_pk_context * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,const unsigned char * sig,size_t sig_len)324 int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
325 mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
326 const unsigned char *hash, size_t hash_len,
327 const unsigned char *sig, size_t sig_len )
328 {
329 PK_VALIDATE_RET( ctx != NULL );
330 PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
331 hash != NULL );
332 PK_VALIDATE_RET( sig != NULL );
333
334 if( ctx->pk_info == NULL )
335 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
336
337 if( ! mbedtls_pk_can_do( ctx, type ) )
338 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
339
340 if( type == MBEDTLS_PK_RSASSA_PSS )
341 {
342 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
343 int ret;
344 const mbedtls_pk_rsassa_pss_options *pss_opts;
345
346 #if SIZE_MAX > UINT_MAX
347 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
348 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
349 #endif /* SIZE_MAX > UINT_MAX */
350
351 if( options == NULL )
352 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
353
354 pss_opts = (const mbedtls_pk_rsassa_pss_options *) options;
355
356 if( sig_len < mbedtls_pk_get_len( ctx ) )
357 return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
358
359 ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ),
360 NULL, NULL, MBEDTLS_RSA_PUBLIC,
361 md_alg, (unsigned int) hash_len, hash,
362 pss_opts->mgf1_hash_id,
363 pss_opts->expected_salt_len,
364 sig );
365 if( ret != 0 )
366 return( ret );
367
368 if( sig_len > mbedtls_pk_get_len( ctx ) )
369 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
370
371 return( 0 );
372 #else
373 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
374 #endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */
375 }
376
377 /* General case: no options */
378 if( options != NULL )
379 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
380
381 return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) );
382 }
383
384 /*
385 * Make a signature (restartable)
386 */
mbedtls_pk_sign_restartable(mbedtls_pk_context * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,unsigned char * sig,size_t * sig_len,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng,mbedtls_pk_restart_ctx * rs_ctx)387 int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
388 mbedtls_md_type_t md_alg,
389 const unsigned char *hash, size_t hash_len,
390 unsigned char *sig, size_t *sig_len,
391 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
392 mbedtls_pk_restart_ctx *rs_ctx )
393 {
394 PK_VALIDATE_RET( ctx != NULL );
395 PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
396 hash != NULL );
397 PK_VALIDATE_RET( sig != NULL );
398
399 if( ctx->pk_info == NULL ||
400 pk_hashlen_helper( md_alg, &hash_len ) != 0 )
401 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
402
403 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
404 /* optimization: use non-restartable version if restart disabled */
405 if( rs_ctx != NULL &&
406 mbedtls_ecp_restart_is_enabled() &&
407 ctx->pk_info->sign_rs_func != NULL )
408 {
409 int ret;
410
411 if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 )
412 return( ret );
413
414 ret = ctx->pk_info->sign_rs_func( ctx->pk_ctx, md_alg,
415 hash, hash_len, sig, sig_len, f_rng, p_rng, rs_ctx->rs_ctx );
416
417 if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
418 mbedtls_pk_restart_free( rs_ctx );
419
420 return( ret );
421 }
422 #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
423 (void) rs_ctx;
424 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
425
426 if( ctx->pk_info->sign_func == NULL )
427 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
428
429 return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len,
430 sig, sig_len, f_rng, p_rng ) );
431 }
432
433 /*
434 * Make a signature
435 */
mbedtls_pk_sign(mbedtls_pk_context * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,unsigned char * sig,size_t * sig_len,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)436 int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
437 const unsigned char *hash, size_t hash_len,
438 unsigned char *sig, size_t *sig_len,
439 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
440 {
441 return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len,
442 sig, sig_len, f_rng, p_rng, NULL ) );
443 }
444
445 /*
446 * Decrypt message
447 */
mbedtls_pk_decrypt(mbedtls_pk_context * ctx,const unsigned char * input,size_t ilen,unsigned char * output,size_t * olen,size_t osize,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)448 int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
449 const unsigned char *input, size_t ilen,
450 unsigned char *output, size_t *olen, size_t osize,
451 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
452 {
453 PK_VALIDATE_RET( ctx != NULL );
454 PK_VALIDATE_RET( input != NULL || ilen == 0 );
455 PK_VALIDATE_RET( output != NULL || osize == 0 );
456 PK_VALIDATE_RET( olen != NULL );
457
458 if( ctx->pk_info == NULL )
459 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
460
461 if( ctx->pk_info->decrypt_func == NULL )
462 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
463
464 return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen,
465 output, olen, osize, f_rng, p_rng ) );
466 }
467
468 /*
469 * Encrypt message
470 */
mbedtls_pk_encrypt(mbedtls_pk_context * ctx,const unsigned char * input,size_t ilen,unsigned char * output,size_t * olen,size_t osize,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)471 int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
472 const unsigned char *input, size_t ilen,
473 unsigned char *output, size_t *olen, size_t osize,
474 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
475 {
476 PK_VALIDATE_RET( ctx != NULL );
477 PK_VALIDATE_RET( input != NULL || ilen == 0 );
478 PK_VALIDATE_RET( output != NULL || osize == 0 );
479 PK_VALIDATE_RET( olen != NULL );
480
481 if( ctx->pk_info == NULL )
482 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
483
484 if( ctx->pk_info->encrypt_func == NULL )
485 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
486
487 return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen,
488 output, olen, osize, f_rng, p_rng ) );
489 }
490
491 /*
492 * Check public-private key pair
493 */
mbedtls_pk_check_pair(const mbedtls_pk_context * pub,const mbedtls_pk_context * prv)494 int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv )
495 {
496 PK_VALIDATE_RET( pub != NULL );
497 PK_VALIDATE_RET( prv != NULL );
498
499 if( pub->pk_info == NULL ||
500 prv->pk_info == NULL ||
501 prv->pk_info->check_pair_func == NULL )
502 {
503 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
504 }
505
506 if( prv->pk_info->type == MBEDTLS_PK_RSA_ALT )
507 {
508 if( pub->pk_info->type != MBEDTLS_PK_RSA )
509 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
510 }
511 else
512 {
513 if( pub->pk_info != prv->pk_info )
514 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
515 }
516
517 return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) );
518 }
519
520 /*
521 * Get key size in bits
522 */
mbedtls_pk_get_bitlen(const mbedtls_pk_context * ctx)523 size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx )
524 {
525 /* For backward compatibility, accept NULL or a context that
526 * isn't set up yet, and return a fake value that should be safe. */
527 if( ctx == NULL || ctx->pk_info == NULL )
528 return( 0 );
529
530 return( ctx->pk_info->get_bitlen( ctx->pk_ctx ) );
531 }
532
533 /*
534 * Export debug information
535 */
mbedtls_pk_debug(const mbedtls_pk_context * ctx,mbedtls_pk_debug_item * items)536 int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items )
537 {
538 PK_VALIDATE_RET( ctx != NULL );
539 if( ctx->pk_info == NULL )
540 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
541
542 if( ctx->pk_info->debug_func == NULL )
543 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
544
545 ctx->pk_info->debug_func( ctx->pk_ctx, items );
546 return( 0 );
547 }
548
549 /*
550 * Access the PK type name
551 */
mbedtls_pk_get_name(const mbedtls_pk_context * ctx)552 const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx )
553 {
554 if( ctx == NULL || ctx->pk_info == NULL )
555 return( "invalid PK" );
556
557 return( ctx->pk_info->name );
558 }
559
560 /*
561 * Access the PK type
562 */
mbedtls_pk_get_type(const mbedtls_pk_context * ctx)563 mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx )
564 {
565 if( ctx == NULL || ctx->pk_info == NULL )
566 return( MBEDTLS_PK_NONE );
567
568 return( ctx->pk_info->type );
569 }
570
571 #endif /* MBEDTLS_PK_C */
572