pk.h 22 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619
  1. /**
  2. * \file pk.h
  3. *
  4. * \brief Public Key abstraction layer
  5. *
  6. * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
  7. * SPDX-License-Identifier: GPL-2.0
  8. *
  9. * This program is free software; you can redistribute it and/or modify
  10. * it under the terms of the GNU General Public License as published by
  11. * the Free Software Foundation; either version 2 of the License, or
  12. * (at your option) any later version.
  13. *
  14. * This program is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU General Public License along
  20. * with this program; if not, write to the Free Software Foundation, Inc.,
  21. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  22. *
  23. * This file is part of mbed TLS (https://tls.mbed.org)
  24. */
  25. #ifndef MBEDTLS_PK_H
  26. #define MBEDTLS_PK_H
  27. #if !defined(MBEDTLS_CONFIG_FILE)
  28. #include "config.h"
  29. #else
  30. #include MBEDTLS_CONFIG_FILE
  31. #endif
  32. #include "md.h"
  33. #if defined(MBEDTLS_RSA_C)
  34. #include "rsa.h"
  35. #endif
  36. #if defined(MBEDTLS_ECP_C)
  37. #include "ecp.h"
  38. #endif
  39. #if defined(MBEDTLS_ECDSA_C)
  40. #include "ecdsa.h"
  41. #endif
  42. #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
  43. !defined(inline) && !defined(__cplusplus)
  44. #define inline __inline
  45. #endif
  46. #define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 /**< Memory allocation failed. */
  47. #define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00 /**< Type mismatch, eg attempt to encrypt with an ECDSA key */
  48. #define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 /**< Bad input parameters to function. */
  49. #define MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00 /**< Read/write of file failed. */
  50. #define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80 /**< Unsupported key version */
  51. #define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 /**< Invalid key tag or value. */
  52. #define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 /**< Key algorithm is unsupported (only RSA and EC are supported). */
  53. #define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00 /**< Private key password can't be empty. */
  54. #define MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80 /**< Given private key password does not allow for correct decryption. */
  55. #define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00 /**< The pubkey tag or value is invalid (only RSA and EC are supported). */
  56. #define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 /**< The algorithm tag or value is invalid. */
  57. #define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */
  58. #define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */
  59. #define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The signature is valid but its length is less than expected. */
  60. #ifdef __cplusplus
  61. extern "C" {
  62. #endif
  63. /**
  64. * \brief Public key types
  65. */
  66. typedef enum {
  67. MBEDTLS_PK_NONE=0,
  68. MBEDTLS_PK_RSA,
  69. MBEDTLS_PK_ECKEY,
  70. MBEDTLS_PK_ECKEY_DH,
  71. MBEDTLS_PK_ECDSA,
  72. MBEDTLS_PK_RSA_ALT,
  73. MBEDTLS_PK_RSASSA_PSS,
  74. } mbedtls_pk_type_t;
  75. /**
  76. * \brief Options for RSASSA-PSS signature verification.
  77. * See \c mbedtls_rsa_rsassa_pss_verify_ext()
  78. */
  79. typedef struct
  80. {
  81. mbedtls_md_type_t mgf1_hash_id;
  82. int expected_salt_len;
  83. } mbedtls_pk_rsassa_pss_options;
  84. /**
  85. * \brief Types for interfacing with the debug module
  86. */
  87. typedef enum
  88. {
  89. MBEDTLS_PK_DEBUG_NONE = 0,
  90. MBEDTLS_PK_DEBUG_MPI,
  91. MBEDTLS_PK_DEBUG_ECP,
  92. } mbedtls_pk_debug_type;
  93. /**
  94. * \brief Item to send to the debug module
  95. */
  96. typedef struct
  97. {
  98. mbedtls_pk_debug_type type;
  99. const char *name;
  100. void *value;
  101. } mbedtls_pk_debug_item;
  102. /** Maximum number of item send for debugging, plus 1 */
  103. #define MBEDTLS_PK_DEBUG_MAX_ITEMS 3
  104. /**
  105. * \brief Public key information and operations
  106. */
  107. typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
  108. /**
  109. * \brief Public key container
  110. */
  111. typedef struct
  112. {
  113. const mbedtls_pk_info_t * pk_info; /**< Public key informations */
  114. void * pk_ctx; /**< Underlying public key context */
  115. } mbedtls_pk_context;
  116. #if defined(MBEDTLS_RSA_C)
  117. /**
  118. * Quick access to an RSA context inside a PK context.
  119. *
  120. * \warning You must make sure the PK context actually holds an RSA context
  121. * before using this function!
  122. */
  123. static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
  124. {
  125. return( (mbedtls_rsa_context *) (pk).pk_ctx );
  126. }
  127. #endif /* MBEDTLS_RSA_C */
  128. #if defined(MBEDTLS_ECP_C)
  129. /**
  130. * Quick access to an EC context inside a PK context.
  131. *
  132. * \warning You must make sure the PK context actually holds an EC context
  133. * before using this function!
  134. */
  135. static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
  136. {
  137. return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
  138. }
  139. #endif /* MBEDTLS_ECP_C */
  140. #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
  141. /**
  142. * \brief Types for RSA-alt abstraction
  143. */
  144. typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *olen,
  145. const unsigned char *input, unsigned char *output,
  146. size_t output_max_len );
  147. typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx,
  148. int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
  149. int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
  150. const unsigned char *hash, unsigned char *sig );
  151. typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx );
  152. #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
  153. /**
  154. * \brief Return information associated with the given PK type
  155. *
  156. * \param pk_type PK type to search for.
  157. *
  158. * \return The PK info associated with the type or NULL if not found.
  159. */
  160. const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type );
  161. /**
  162. * \brief Initialize a mbedtls_pk_context (as NONE)
  163. */
  164. void mbedtls_pk_init( mbedtls_pk_context *ctx );
  165. /**
  166. * \brief Free a mbedtls_pk_context
  167. */
  168. void mbedtls_pk_free( mbedtls_pk_context *ctx );
  169. /**
  170. * \brief Initialize a PK context with the information given
  171. * and allocates the type-specific PK subcontext.
  172. *
  173. * \param ctx Context to initialize. Must be empty (type NONE).
  174. * \param info Information to use
  175. *
  176. * \return 0 on success,
  177. * MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input,
  178. * MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
  179. *
  180. * \note For contexts holding an RSA-alt key, use
  181. * \c mbedtls_pk_setup_rsa_alt() instead.
  182. */
  183. int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
  184. #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
  185. /**
  186. * \brief Initialize an RSA-alt context
  187. *
  188. * \param ctx Context to initialize. Must be empty (type NONE).
  189. * \param key RSA key pointer
  190. * \param decrypt_func Decryption function
  191. * \param sign_func Signing function
  192. * \param key_len_func Function returning key length in bytes
  193. *
  194. * \return 0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the
  195. * context wasn't already initialized as RSA_ALT.
  196. *
  197. * \note This function replaces \c mbedtls_pk_setup() for RSA-alt.
  198. */
  199. int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
  200. mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
  201. mbedtls_pk_rsa_alt_sign_func sign_func,
  202. mbedtls_pk_rsa_alt_key_len_func key_len_func );
  203. #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
  204. /**
  205. * \brief Get the size in bits of the underlying key
  206. *
  207. * \param ctx Context to use
  208. *
  209. * \return Key size in bits, or 0 on error
  210. */
  211. size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
  212. /**
  213. * \brief Get the length in bytes of the underlying key
  214. * \param ctx Context to use
  215. *
  216. * \return Key length in bytes, or 0 on error
  217. */
  218. static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx )
  219. {
  220. return( ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 );
  221. }
  222. /**
  223. * \brief Tell if a context can do the operation given by type
  224. *
  225. * \param ctx Context to test
  226. * \param type Target type
  227. *
  228. * \return 0 if context can't do the operations,
  229. * 1 otherwise.
  230. */
  231. int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
  232. /**
  233. * \brief Verify signature (including padding if relevant).
  234. *
  235. * \param ctx PK context to use
  236. * \param md_alg Hash algorithm used (see notes)
  237. * \param hash Hash of the message to sign
  238. * \param hash_len Hash length or 0 (see notes)
  239. * \param sig Signature to verify
  240. * \param sig_len Signature length
  241. *
  242. * \return 0 on success (signature is valid),
  243. * MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
  244. * valid but its actual length is less than sig_len,
  245. * or a specific error code.
  246. *
  247. * \note For RSA keys, the default padding type is PKCS#1 v1.5.
  248. * Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
  249. * to verify RSASSA_PSS signatures.
  250. *
  251. * \note If hash_len is 0, then the length associated with md_alg
  252. * is used instead, or an error returned if it is invalid.
  253. *
  254. * \note md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
  255. */
  256. int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
  257. const unsigned char *hash, size_t hash_len,
  258. const unsigned char *sig, size_t sig_len );
  259. /**
  260. * \brief Verify signature, with options.
  261. * (Includes verification of the padding depending on type.)
  262. *
  263. * \param type Signature type (inc. possible padding type) to verify
  264. * \param options Pointer to type-specific options, or NULL
  265. * \param ctx PK context to use
  266. * \param md_alg Hash algorithm used (see notes)
  267. * \param hash Hash of the message to sign
  268. * \param hash_len Hash length or 0 (see notes)
  269. * \param sig Signature to verify
  270. * \param sig_len Signature length
  271. *
  272. * \return 0 on success (signature is valid),
  273. * MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
  274. * used for this type of signatures,
  275. * MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
  276. * valid but its actual length is less than sig_len,
  277. * or a specific error code.
  278. *
  279. * \note If hash_len is 0, then the length associated with md_alg
  280. * is used instead, or an error returned if it is invalid.
  281. *
  282. * \note md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
  283. *
  284. * \note If type is MBEDTLS_PK_RSASSA_PSS, then options must point
  285. * to a mbedtls_pk_rsassa_pss_options structure,
  286. * otherwise it must be NULL.
  287. */
  288. int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
  289. mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
  290. const unsigned char *hash, size_t hash_len,
  291. const unsigned char *sig, size_t sig_len );
  292. /**
  293. * \brief Make signature, including padding if relevant.
  294. *
  295. * \param ctx PK context to use - must hold a private key
  296. * \param md_alg Hash algorithm used (see notes)
  297. * \param hash Hash of the message to sign
  298. * \param hash_len Hash length or 0 (see notes)
  299. * \param sig Place to write the signature
  300. * \param sig_len Number of bytes written
  301. * \param f_rng RNG function
  302. * \param p_rng RNG parameter
  303. *
  304. * \return 0 on success, or a specific error code.
  305. *
  306. * \note For RSA keys, the default padding type is PKCS#1 v1.5.
  307. * There is no interface in the PK module to make RSASSA-PSS
  308. * signatures yet.
  309. *
  310. * \note If hash_len is 0, then the length associated with md_alg
  311. * is used instead, or an error returned if it is invalid.
  312. *
  313. * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
  314. * For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
  315. */
  316. int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
  317. const unsigned char *hash, size_t hash_len,
  318. unsigned char *sig, size_t *sig_len,
  319. int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
  320. /**
  321. * \brief Decrypt message (including padding if relevant).
  322. *
  323. * \param ctx PK context to use - must hold a private key
  324. * \param input Input to decrypt
  325. * \param ilen Input size
  326. * \param output Decrypted output
  327. * \param olen Decrypted message length
  328. * \param osize Size of the output buffer
  329. * \param f_rng RNG function
  330. * \param p_rng RNG parameter
  331. *
  332. * \note For RSA keys, the default padding type is PKCS#1 v1.5.
  333. *
  334. * \return 0 on success, or a specific error code.
  335. */
  336. int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
  337. const unsigned char *input, size_t ilen,
  338. unsigned char *output, size_t *olen, size_t osize,
  339. int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
  340. /**
  341. * \brief Encrypt message (including padding if relevant).
  342. *
  343. * \param ctx PK context to use
  344. * \param input Message to encrypt
  345. * \param ilen Message size
  346. * \param output Encrypted output
  347. * \param olen Encrypted output length
  348. * \param osize Size of the output buffer
  349. * \param f_rng RNG function
  350. * \param p_rng RNG parameter
  351. *
  352. * \note For RSA keys, the default padding type is PKCS#1 v1.5.
  353. *
  354. * \return 0 on success, or a specific error code.
  355. */
  356. int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
  357. const unsigned char *input, size_t ilen,
  358. unsigned char *output, size_t *olen, size_t osize,
  359. int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
  360. /**
  361. * \brief Check if a public-private pair of keys matches.
  362. *
  363. * \param pub Context holding a public key.
  364. * \param prv Context holding a private (and public) key.
  365. *
  366. * \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
  367. */
  368. int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv );
  369. /**
  370. * \brief Export debug information
  371. *
  372. * \param ctx Context to use
  373. * \param items Place to write debug items
  374. *
  375. * \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
  376. */
  377. int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items );
  378. /**
  379. * \brief Access the type name
  380. *
  381. * \param ctx Context to use
  382. *
  383. * \return Type name on success, or "invalid PK"
  384. */
  385. const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
  386. /**
  387. * \brief Get the key type
  388. *
  389. * \param ctx Context to use
  390. *
  391. * \return Type on success, or MBEDTLS_PK_NONE
  392. */
  393. mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
  394. #if defined(MBEDTLS_PK_PARSE_C)
  395. /** \ingroup pk_module */
  396. /**
  397. * \brief Parse a private key in PEM or DER format
  398. *
  399. * \param ctx key to be initialized
  400. * \param key input buffer
  401. * \param keylen size of the buffer
  402. * (including the terminating null byte for PEM data)
  403. * \param pwd password for decryption (optional)
  404. * \param pwdlen size of the password
  405. *
  406. * \note On entry, ctx must be empty, either freshly initialised
  407. * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
  408. * specific key type, check the result with mbedtls_pk_can_do().
  409. *
  410. * \note The key is also checked for correctness.
  411. *
  412. * \return 0 if successful, or a specific PK or PEM error code
  413. */
  414. int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
  415. const unsigned char *key, size_t keylen,
  416. const unsigned char *pwd, size_t pwdlen );
  417. /** \ingroup pk_module */
  418. /**
  419. * \brief Parse a public key in PEM or DER format
  420. *
  421. * \param ctx key to be initialized
  422. * \param key input buffer
  423. * \param keylen size of the buffer
  424. * (including the terminating null byte for PEM data)
  425. *
  426. * \note On entry, ctx must be empty, either freshly initialised
  427. * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
  428. * specific key type, check the result with mbedtls_pk_can_do().
  429. *
  430. * \note The key is also checked for correctness.
  431. *
  432. * \return 0 if successful, or a specific PK or PEM error code
  433. */
  434. int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
  435. const unsigned char *key, size_t keylen );
  436. #if defined(MBEDTLS_FS_IO)
  437. /** \ingroup pk_module */
  438. /**
  439. * \brief Load and parse a private key
  440. *
  441. * \param ctx key to be initialized
  442. * \param path filename to read the private key from
  443. * \param password password to decrypt the file (can be NULL)
  444. *
  445. * \note On entry, ctx must be empty, either freshly initialised
  446. * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
  447. * specific key type, check the result with mbedtls_pk_can_do().
  448. *
  449. * \note The key is also checked for correctness.
  450. *
  451. * \return 0 if successful, or a specific PK or PEM error code
  452. */
  453. int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
  454. const char *path, const char *password );
  455. /** \ingroup pk_module */
  456. /**
  457. * \brief Load and parse a public key
  458. *
  459. * \param ctx key to be initialized
  460. * \param path filename to read the public key from
  461. *
  462. * \note On entry, ctx must be empty, either freshly initialised
  463. * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If
  464. * you need a specific key type, check the result with
  465. * mbedtls_pk_can_do().
  466. *
  467. * \note The key is also checked for correctness.
  468. *
  469. * \return 0 if successful, or a specific PK or PEM error code
  470. */
  471. int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path );
  472. #endif /* MBEDTLS_FS_IO */
  473. #endif /* MBEDTLS_PK_PARSE_C */
  474. #if defined(MBEDTLS_PK_WRITE_C)
  475. /**
  476. * \brief Write a private key to a PKCS#1 or SEC1 DER structure
  477. * Note: data is written at the end of the buffer! Use the
  478. * return value to determine where you should start
  479. * using the buffer
  480. *
  481. * \param ctx private to write away
  482. * \param buf buffer to write to
  483. * \param size size of the buffer
  484. *
  485. * \return length of data written if successful, or a specific
  486. * error code
  487. */
  488. int mbedtls_pk_write_key_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
  489. /**
  490. * \brief Write a public key to a SubjectPublicKeyInfo DER structure
  491. * Note: data is written at the end of the buffer! Use the
  492. * return value to determine where you should start
  493. * using the buffer
  494. *
  495. * \param ctx public key to write away
  496. * \param buf buffer to write to
  497. * \param size size of the buffer
  498. *
  499. * \return length of data written if successful, or a specific
  500. * error code
  501. */
  502. int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
  503. #if defined(MBEDTLS_PEM_WRITE_C)
  504. /**
  505. * \brief Write a public key to a PEM string
  506. *
  507. * \param ctx public key to write away
  508. * \param buf buffer to write to
  509. * \param size size of the buffer
  510. *
  511. * \return 0 if successful, or a specific error code
  512. */
  513. int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
  514. /**
  515. * \brief Write a private key to a PKCS#1 or SEC1 PEM string
  516. *
  517. * \param ctx private to write away
  518. * \param buf buffer to write to
  519. * \param size size of the buffer
  520. *
  521. * \return 0 if successful, or a specific error code
  522. */
  523. int mbedtls_pk_write_key_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
  524. #endif /* MBEDTLS_PEM_WRITE_C */
  525. #endif /* MBEDTLS_PK_WRITE_C */
  526. /*
  527. * WARNING: Low-level functions. You probably do not want to use these unless
  528. * you are certain you do ;)
  529. */
  530. #if defined(MBEDTLS_PK_PARSE_C)
  531. /**
  532. * \brief Parse a SubjectPublicKeyInfo DER structure
  533. *
  534. * \param p the position in the ASN.1 data
  535. * \param end end of the buffer
  536. * \param pk the key to fill
  537. *
  538. * \return 0 if successful, or a specific PK error code
  539. */
  540. int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
  541. mbedtls_pk_context *pk );
  542. #endif /* MBEDTLS_PK_PARSE_C */
  543. #if defined(MBEDTLS_PK_WRITE_C)
  544. /**
  545. * \brief Write a subjectPublicKey to ASN.1 data
  546. * Note: function works backwards in data buffer
  547. *
  548. * \param p reference to current position pointer
  549. * \param start start of the buffer (for bounds-checking)
  550. * \param key public key to write away
  551. *
  552. * \return the length written or a negative error code
  553. */
  554. int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
  555. const mbedtls_pk_context *key );
  556. #endif /* MBEDTLS_PK_WRITE_C */
  557. /*
  558. * Internal module functions. You probably do not want to use these unless you
  559. * know you do.
  560. */
  561. #if defined(MBEDTLS_FS_IO)
  562. int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n );
  563. #endif
  564. #ifdef __cplusplus
  565. }
  566. #endif
  567. #endif /* MBEDTLS_PK_H */