4 * \brief Public Key abstraction layer
6 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
7 * SPDX-License-Identifier: Apache-2.0
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
21 * This file is part of mbed TLS (https://tls.mbed.org)
27 #if !defined(MBEDTLS_CONFIG_FILE)
30 #include MBEDTLS_CONFIG_FILE
35 #if defined(MBEDTLS_RSA_C)
39 #if defined(MBEDTLS_ECP_C)
43 #if defined(MBEDTLS_ECDSA_C)
47 #define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 /**< Memory allocation failed. */
48 #define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00 /**< Type mismatch, eg attempt to encrypt with an ECDSA key */
49 #define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 /**< Bad input parameters to function. */
50 #define MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00 /**< Read/write of file failed. */
51 #define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80 /**< Unsupported key version */
52 #define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 /**< Invalid key tag or value. */
53 #define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 /**< Key algorithm is unsupported (only RSA and EC are supported). */
54 #define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00 /**< Private key password can't be empty. */
55 #define MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80 /**< Given private key password does not allow for correct decryption. */
56 #define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00 /**< The pubkey tag or value is invalid (only RSA and EC are supported). */
57 #define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 /**< The algorithm tag or value is invalid. */
58 #define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */
59 #define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */
60 #define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The signature is valid but its length is less than expected. */
68 * \brief Public key types
77 MBEDTLS_PK_RSASSA_PSS
,
81 * \brief Options for RSASSA-PSS signature verification.
82 * See \c mbedtls_rsa_rsassa_pss_verify_ext()
86 mbedtls_md_type_t mgf1_hash_id
;
87 int expected_salt_len
;
89 } mbedtls_pk_rsassa_pss_options
;
92 * \brief Types for interfacing with the debug module
96 MBEDTLS_PK_DEBUG_NONE
= 0,
99 } mbedtls_pk_debug_type
;
102 * \brief Item to send to the debug module
106 mbedtls_pk_debug_type type
;
109 } mbedtls_pk_debug_item
;
111 /** Maximum number of item send for debugging, plus 1 */
112 #define MBEDTLS_PK_DEBUG_MAX_ITEMS 3
115 * \brief Public key information and operations
117 typedef struct mbedtls_pk_info_t mbedtls_pk_info_t
;
120 * \brief Public key container
124 const mbedtls_pk_info_t
* pk_info
; /**< Public key informations */
125 void * pk_ctx
; /**< Underlying public key context */
126 } mbedtls_pk_context
;
128 #if defined(MBEDTLS_RSA_C)
130 * Quick access to an RSA context inside a PK context.
132 * \warning You must make sure the PK context actually holds an RSA context
133 * before using this function!
135 static inline mbedtls_rsa_context
*mbedtls_pk_rsa( const mbedtls_pk_context pk
)
137 return( (mbedtls_rsa_context
*) (pk
).pk_ctx
);
139 #endif /* MBEDTLS_RSA_C */
141 #if defined(MBEDTLS_ECP_C)
143 * Quick access to an EC context inside a PK context.
145 * \warning You must make sure the PK context actually holds an EC context
146 * before using this function!
148 static inline mbedtls_ecp_keypair
*mbedtls_pk_ec( const mbedtls_pk_context pk
)
150 return( (mbedtls_ecp_keypair
*) (pk
).pk_ctx
);
152 #endif /* MBEDTLS_ECP_C */
154 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
156 * \brief Types for RSA-alt abstraction
158 typedef int (*mbedtls_pk_rsa_alt_decrypt_func
)( void *ctx
, int mode
, size_t *olen
,
159 const unsigned char *input
, unsigned char *output
,
160 size_t output_max_len
);
161 typedef int (*mbedtls_pk_rsa_alt_sign_func
)( void *ctx
,
162 int (*f_rng
)(void *, unsigned char *, size_t), void *p_rng
,
163 int mode
, mbedtls_md_type_t md_alg
, unsigned int hashlen
,
164 const unsigned char *hash
, unsigned char *sig
);
165 typedef size_t (*mbedtls_pk_rsa_alt_key_len_func
)( void *ctx
);
166 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
169 * \brief Return information associated with the given PK type
171 * \param pk_type PK type to search for.
173 * \return The PK info associated with the type or NULL if not found.
175 const mbedtls_pk_info_t
*mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type
);
178 * \brief Initialize a mbedtls_pk_context (as NONE)
180 void mbedtls_pk_init( mbedtls_pk_context
*ctx
);
183 * \brief Free a mbedtls_pk_context
185 void mbedtls_pk_free( mbedtls_pk_context
*ctx
);
188 * \brief Initialize a PK context with the information given
189 * and allocates the type-specific PK subcontext.
191 * \param ctx Context to initialize. Must be empty (type NONE).
192 * \param info Information to use
194 * \return 0 on success,
195 * MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input,
196 * MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
198 * \note For contexts holding an RSA-alt key, use
199 * \c mbedtls_pk_setup_rsa_alt() instead.
201 int mbedtls_pk_setup( mbedtls_pk_context
*ctx
, const mbedtls_pk_info_t
*info
);
203 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
205 * \brief Initialize an RSA-alt context
207 * \param ctx Context to initialize. Must be empty (type NONE).
208 * \param key RSA key pointer
209 * \param decrypt_func Decryption function
210 * \param sign_func Signing function
211 * \param key_len_func Function returning key length in bytes
213 * \return 0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the
214 * context wasn't already initialized as RSA_ALT.
216 * \note This function replaces \c mbedtls_pk_setup() for RSA-alt.
218 int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context
*ctx
, void * key
,
219 mbedtls_pk_rsa_alt_decrypt_func decrypt_func
,
220 mbedtls_pk_rsa_alt_sign_func sign_func
,
221 mbedtls_pk_rsa_alt_key_len_func key_len_func
);
222 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
225 * \brief Get the size in bits of the underlying key
227 * \param ctx Context to use
229 * \return Key size in bits, or 0 on error
231 size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context
*ctx
);
234 * \brief Get the length in bytes of the underlying key
235 * \param ctx Context to use
237 * \return Key length in bytes, or 0 on error
239 static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context
*ctx
)
241 return( ( mbedtls_pk_get_bitlen( ctx
) + 7 ) / 8 );
245 * \brief Tell if a context can do the operation given by type
247 * \param ctx Context to test
248 * \param type Target type
250 * \return 0 if context can't do the operations,
253 int mbedtls_pk_can_do( const mbedtls_pk_context
*ctx
, mbedtls_pk_type_t type
);
256 * \brief Verify signature (including padding if relevant).
258 * \param ctx PK context to use
259 * \param md_alg Hash algorithm used (see notes)
260 * \param hash Hash of the message to sign
261 * \param hash_len Hash length or 0 (see notes)
262 * \param sig Signature to verify
263 * \param sig_len Signature length
265 * \return 0 on success (signature is valid),
266 * MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
267 * valid but its actual length is less than sig_len,
268 * or a specific error code.
270 * \note For RSA keys, the default padding type is PKCS#1 v1.5.
271 * Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
272 * to verify RSASSA_PSS signatures.
274 * \note If hash_len is 0, then the length associated with md_alg
275 * is used instead, or an error returned if it is invalid.
277 * \note md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
279 int mbedtls_pk_verify( mbedtls_pk_context
*ctx
, mbedtls_md_type_t md_alg
,
280 const unsigned char *hash
, size_t hash_len
,
281 const unsigned char *sig
, size_t sig_len
);
284 * \brief Verify signature, with options.
285 * (Includes verification of the padding depending on type.)
287 * \param type Signature type (inc. possible padding type) to verify
288 * \param options Pointer to type-specific options, or NULL
289 * \param ctx PK context to use
290 * \param md_alg Hash algorithm used (see notes)
291 * \param hash Hash of the message to sign
292 * \param hash_len Hash length or 0 (see notes)
293 * \param sig Signature to verify
294 * \param sig_len Signature length
296 * \return 0 on success (signature is valid),
297 * MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
298 * used for this type of signatures,
299 * MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
300 * valid but its actual length is less than sig_len,
301 * or a specific error code.
303 * \note If hash_len is 0, then the length associated with md_alg
304 * is used instead, or an error returned if it is invalid.
306 * \note md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
308 * \note If type is MBEDTLS_PK_RSASSA_PSS, then options must point
309 * to a mbedtls_pk_rsassa_pss_options structure,
310 * otherwise it must be NULL.
312 int mbedtls_pk_verify_ext( mbedtls_pk_type_t type
, const void *options
,
313 mbedtls_pk_context
*ctx
, mbedtls_md_type_t md_alg
,
314 const unsigned char *hash
, size_t hash_len
,
315 const unsigned char *sig
, size_t sig_len
);
318 * \brief Make signature, including padding if relevant.
320 * \param ctx PK context to use
321 * \param md_alg Hash algorithm used (see notes)
322 * \param hash Hash of the message to sign
323 * \param hash_len Hash length or 0 (see notes)
324 * \param sig Place to write the signature
325 * \param sig_len Number of bytes written
326 * \param f_rng RNG function
327 * \param p_rng RNG parameter
329 * \return 0 on success, or a specific error code.
331 * \note For RSA keys, the default padding type is PKCS#1 v1.5.
332 * There is no interface in the PK module to make RSASSA-PSS
335 * \note If hash_len is 0, then the length associated with md_alg
336 * is used instead, or an error returned if it is invalid.
338 * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
339 * For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
341 int mbedtls_pk_sign( mbedtls_pk_context
*ctx
, mbedtls_md_type_t md_alg
,
342 const unsigned char *hash
, size_t hash_len
,
343 unsigned char *sig
, size_t *sig_len
,
344 int (*f_rng
)(void *, unsigned char *, size_t), void *p_rng
);
347 * \brief Decrypt message (including padding if relevant).
349 * \param ctx PK context to use
350 * \param input Input to decrypt
351 * \param ilen Input size
352 * \param output Decrypted output
353 * \param olen Decrypted message length
354 * \param osize Size of the output buffer
355 * \param f_rng RNG function
356 * \param p_rng RNG parameter
358 * \note For RSA keys, the default padding type is PKCS#1 v1.5.
360 * \return 0 on success, or a specific error code.
362 int mbedtls_pk_decrypt( mbedtls_pk_context
*ctx
,
363 const unsigned char *input
, size_t ilen
,
364 unsigned char *output
, size_t *olen
, size_t osize
,
365 int (*f_rng
)(void *, unsigned char *, size_t), void *p_rng
);
368 * \brief Encrypt message (including padding if relevant).
370 * \param ctx PK context to use
371 * \param input Message to encrypt
372 * \param ilen Message size
373 * \param output Encrypted output
374 * \param olen Encrypted output length
375 * \param osize Size of the output buffer
376 * \param f_rng RNG function
377 * \param p_rng RNG parameter
379 * \note For RSA keys, the default padding type is PKCS#1 v1.5.
381 * \return 0 on success, or a specific error code.
383 int mbedtls_pk_encrypt( mbedtls_pk_context
*ctx
,
384 const unsigned char *input
, size_t ilen
,
385 unsigned char *output
, size_t *olen
, size_t osize
,
386 int (*f_rng
)(void *, unsigned char *, size_t), void *p_rng
);
389 * \brief Check if a public-private pair of keys matches.
391 * \param pub Context holding a public key.
392 * \param prv Context holding a private (and public) key.
394 * \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
396 int mbedtls_pk_check_pair( const mbedtls_pk_context
*pub
, const mbedtls_pk_context
*prv
);
399 * \brief Export debug information
401 * \param ctx Context to use
402 * \param items Place to write debug items
404 * \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
406 int mbedtls_pk_debug( const mbedtls_pk_context
*ctx
, mbedtls_pk_debug_item
*items
);
409 * \brief Access the type name
411 * \param ctx Context to use
413 * \return Type name on success, or "invalid PK"
415 const char * mbedtls_pk_get_name( const mbedtls_pk_context
*ctx
);
418 * \brief Get the key type
420 * \param ctx Context to use
422 * \return Type on success, or MBEDTLS_PK_NONE
424 mbedtls_pk_type_t
mbedtls_pk_get_type( const mbedtls_pk_context
*ctx
);
426 #if defined(MBEDTLS_PK_PARSE_C)
427 /** \ingroup pk_module */
429 * \brief Parse a private key in PEM or DER format
431 * \param ctx key to be initialized
432 * \param key input buffer
433 * \param keylen size of the buffer
434 * (including the terminating null byte for PEM data)
435 * \param pwd password for decryption (optional)
436 * \param pwdlen size of the password
438 * \note On entry, ctx must be empty, either freshly initialised
439 * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
440 * specific key type, check the result with mbedtls_pk_can_do().
442 * \note The key is also checked for correctness.
444 * \return 0 if successful, or a specific PK or PEM error code
446 int mbedtls_pk_parse_key( mbedtls_pk_context
*ctx
,
447 const unsigned char *key
, size_t keylen
,
448 const unsigned char *pwd
, size_t pwdlen
);
450 /** \ingroup pk_module */
452 * \brief Parse a public key in PEM or DER format
454 * \param ctx key to be initialized
455 * \param key input buffer
456 * \param keylen size of the buffer
457 * (including the terminating null byte for PEM data)
459 * \note On entry, ctx must be empty, either freshly initialised
460 * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
461 * specific key type, check the result with mbedtls_pk_can_do().
463 * \note The key is also checked for correctness.
465 * \return 0 if successful, or a specific PK or PEM error code
467 int mbedtls_pk_parse_public_key( mbedtls_pk_context
*ctx
,
468 const unsigned char *key
, size_t keylen
);
470 #if defined(MBEDTLS_FS_IO)
471 /** \ingroup pk_module */
473 * \brief Load and parse a private key
475 * \param ctx key to be initialized
476 * \param path filename to read the private key from
477 * \param password password to decrypt the file (can be NULL)
479 * \note On entry, ctx must be empty, either freshly initialised
480 * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
481 * specific key type, check the result with mbedtls_pk_can_do().
483 * \note The key is also checked for correctness.
485 * \return 0 if successful, or a specific PK or PEM error code
487 int mbedtls_pk_parse_keyfile( mbedtls_pk_context
*ctx
,
488 const char *path
, const char *password
);
490 /** \ingroup pk_module */
492 * \brief Load and parse a public key
494 * \param ctx key to be initialized
495 * \param path filename to read the private key from
497 * \note On entry, ctx must be empty, either freshly initialised
498 * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
499 * specific key type, check the result with mbedtls_pk_can_do().
501 * \note The key is also checked for correctness.
503 * \return 0 if successful, or a specific PK or PEM error code
505 int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context
*ctx
, const char *path
);
506 #endif /* MBEDTLS_FS_IO */
507 #endif /* MBEDTLS_PK_PARSE_C */
509 #if defined(MBEDTLS_PK_WRITE_C)
511 * \brief Write a private key to a PKCS#1 or SEC1 DER structure
512 * Note: data is written at the end of the buffer! Use the
513 * return value to determine where you should start
516 * \param ctx private to write away
517 * \param buf buffer to write to
518 * \param size size of the buffer
520 * \return length of data written if successful, or a specific
523 int mbedtls_pk_write_key_der( mbedtls_pk_context
*ctx
, unsigned char *buf
, size_t size
);
526 * \brief Write a public key to a SubjectPublicKeyInfo DER structure
527 * Note: data is written at the end of the buffer! Use the
528 * return value to determine where you should start
531 * \param ctx public key to write away
532 * \param buf buffer to write to
533 * \param size size of the buffer
535 * \return length of data written if successful, or a specific
538 int mbedtls_pk_write_pubkey_der( mbedtls_pk_context
*ctx
, unsigned char *buf
, size_t size
);
540 #if defined(MBEDTLS_PEM_WRITE_C)
542 * \brief Write a public key to a PEM string
544 * \param ctx public key to write away
545 * \param buf buffer to write to
546 * \param size size of the buffer
548 * \return 0 if successful, or a specific error code
550 int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context
*ctx
, unsigned char *buf
, size_t size
);
553 * \brief Write a private key to a PKCS#1 or SEC1 PEM string
555 * \param ctx private to write away
556 * \param buf buffer to write to
557 * \param size size of the buffer
559 * \return 0 if successful, or a specific error code
561 int mbedtls_pk_write_key_pem( mbedtls_pk_context
*ctx
, unsigned char *buf
, size_t size
);
562 #endif /* MBEDTLS_PEM_WRITE_C */
563 #endif /* MBEDTLS_PK_WRITE_C */
566 * WARNING: Low-level functions. You probably do not want to use these unless
567 * you are certain you do ;)
570 #if defined(MBEDTLS_PK_PARSE_C)
572 * \brief Parse a SubjectPublicKeyInfo DER structure
574 * \param p the position in the ASN.1 data
575 * \param end end of the buffer
576 * \param pk the key to fill
578 * \return 0 if successful, or a specific PK error code
580 int mbedtls_pk_parse_subpubkey( unsigned char **p
, const unsigned char *end
,
581 mbedtls_pk_context
*pk
);
582 #endif /* MBEDTLS_PK_PARSE_C */
584 #if defined(MBEDTLS_PK_WRITE_C)
586 * \brief Write a subjectPublicKey to ASN.1 data
587 * Note: function works backwards in data buffer
589 * \param p reference to current position pointer
590 * \param start start of the buffer (for bounds-checking)
591 * \param key public key to write away
593 * \return the length written or a negative error code
595 int mbedtls_pk_write_pubkey( unsigned char **p
, unsigned char *start
,
596 const mbedtls_pk_context
*key
);
597 #endif /* MBEDTLS_PK_WRITE_C */
600 * Internal module functions. You probably do not want to use these unless you
603 #if defined(MBEDTLS_FS_IO)
604 int mbedtls_pk_load_file( const char *path
, unsigned char **buf
, size_t *n
);
611 #endif /* MBEDTLS_PK_H */