• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /**
2  * \file pk_wrap.h
3  *
4  * \brief Public Key abstraction layer: wrapper functions
5  */
6 /*
7  *  Copyright The Mbed TLS Contributors
8  *  SPDX-License-Identifier: Apache-2.0
9  *
10  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
11  *  not use this file except in compliance with the License.
12  *  You may obtain a copy of the License at
13  *
14  *  http://www.apache.org/licenses/LICENSE-2.0
15  *
16  *  Unless required by applicable law or agreed to in writing, software
17  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  *  See the License for the specific language governing permissions and
20  *  limitations under the License.
21  */
22 
23 #ifndef MBEDTLS_PK_WRAP_H
24 #define MBEDTLS_PK_WRAP_H
25 
26 #include "mbedtls/build_info.h"
27 
28 #include "mbedtls/pk.h"
29 
30 #if defined(MBEDTLS_PSA_CRYPTO_C)
31 #include "psa/crypto.h"
32 #endif /* MBEDTLS_PSA_CRYPTO_C */
33 
34 struct mbedtls_pk_info_t {
35     /** Public key type */
36     mbedtls_pk_type_t type;
37 
38     /** Type name */
39     const char *name;
40 
41     /** Get key size in bits */
42     size_t (*get_bitlen)(const void *);
43 
44     /** Tell if the context implements this type (e.g. ECKEY can do ECDSA) */
45     int (*can_do)(mbedtls_pk_type_t type);
46 
47     /** Verify signature */
48     int (*verify_func)(void *ctx, mbedtls_md_type_t md_alg,
49                        const unsigned char *hash, size_t hash_len,
50                        const unsigned char *sig, size_t sig_len);
51 
52     /** Make signature */
53     int (*sign_func)(void *ctx, mbedtls_md_type_t md_alg,
54                      const unsigned char *hash, size_t hash_len,
55                      unsigned char *sig, size_t sig_size, size_t *sig_len,
56                      int (*f_rng)(void *, unsigned char *, size_t),
57                      void *p_rng);
58 
59 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
60     /** Verify signature (restartable) */
61     int (*verify_rs_func)(void *ctx, mbedtls_md_type_t md_alg,
62                           const unsigned char *hash, size_t hash_len,
63                           const unsigned char *sig, size_t sig_len,
64                           void *rs_ctx);
65 
66     /** Make signature (restartable) */
67     int (*sign_rs_func)(void *ctx, mbedtls_md_type_t md_alg,
68                         const unsigned char *hash, size_t hash_len,
69                         unsigned char *sig, size_t sig_size, size_t *sig_len,
70                         int (*f_rng)(void *, unsigned char *, size_t),
71                         void *p_rng, void *rs_ctx);
72 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
73 
74     /** Decrypt message */
75     int (*decrypt_func)(void *ctx, const unsigned char *input, size_t ilen,
76                         unsigned char *output, size_t *olen, size_t osize,
77                         int (*f_rng)(void *, unsigned char *, size_t),
78                         void *p_rng);
79 
80     /** Encrypt message */
81     int (*encrypt_func)(void *ctx, const unsigned char *input, size_t ilen,
82                         unsigned char *output, size_t *olen, size_t osize,
83                         int (*f_rng)(void *, unsigned char *, size_t),
84                         void *p_rng);
85 
86     /** Check public-private key pair */
87     int (*check_pair_func)(const void *pub, const void *prv,
88                            int (*f_rng)(void *, unsigned char *, size_t),
89                            void *p_rng);
90 
91     /** Allocate a new context */
92     void * (*ctx_alloc_func)(void);
93 
94     /** Free the given context */
95     void (*ctx_free_func)(void *ctx);
96 
97 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
98     /** Allocate the restart context */
99     void *(*rs_alloc_func)(void);
100 
101     /** Free the restart context */
102     void (*rs_free_func)(void *rs_ctx);
103 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
104 
105     /** Interface with the debug module */
106     void (*debug_func)(const void *ctx, mbedtls_pk_debug_item *items);
107 
108 };
109 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
110 /* Container for RSA-alt */
111 typedef struct {
112     void *key;
113     mbedtls_pk_rsa_alt_decrypt_func decrypt_func;
114     mbedtls_pk_rsa_alt_sign_func sign_func;
115     mbedtls_pk_rsa_alt_key_len_func key_len_func;
116 } mbedtls_rsa_alt_context;
117 #endif
118 
119 #if defined(MBEDTLS_RSA_C)
120 extern const mbedtls_pk_info_t mbedtls_rsa_info;
121 #endif
122 
123 #if defined(MBEDTLS_ECP_C)
124 extern const mbedtls_pk_info_t mbedtls_eckey_info;
125 extern const mbedtls_pk_info_t mbedtls_eckeydh_info;
126 #endif
127 
128 #if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
129 extern const mbedtls_pk_info_t mbedtls_ecdsa_info;
130 #endif
131 
132 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
133 extern const mbedtls_pk_info_t mbedtls_rsa_alt_info;
134 #endif
135 
136 #if defined(MBEDTLS_USE_PSA_CRYPTO)
137 extern const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info;
138 extern const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info;
139 
140 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
141 #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
142 int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa_ecdsa(psa_status_t status);
143 #endif
144 #endif
145 
146 #endif /* MBEDTLS_USE_PSA_CRYPTO */
147 
148 #if defined(MBEDTLS_PSA_CRYPTO_C)
149 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
150 int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa(psa_status_t status);
151 
152 #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ||    \
153     defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
154 int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa_rsa(psa_status_t status);
155 #endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
156 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
157 
158 #if defined(MBEDTLS_RSA_C)
159 int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t psa_alg_md,
160                                 mbedtls_rsa_context *rsa_ctx,
161                                 const unsigned char *hash, size_t hash_len,
162                                 unsigned char *sig, size_t sig_size,
163                                 size_t *sig_len);
164 #endif /* MBEDTLS_RSA_C */
165 
166 #endif /* MBEDTLS_PSA_CRYPTO_C */
167 
168 #endif /* MBEDTLS_PK_WRAP_H */
169