1 /** 2 * \file pem.h 3 * 4 * \brief Privacy Enhanced Mail (PEM) decoding 5 */ 6 /* 7 * Copyright The Mbed TLS Contributors 8 * SPDX-License-Identifier: Apache-2.0 9 * 10 * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 * not use this file except in compliance with the License. 12 * You may obtain a copy of the License at 13 * 14 * http://www.apache.org/licenses/LICENSE-2.0 15 * 16 * Unless required by applicable law or agreed to in writing, software 17 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 * See the License for the specific language governing permissions and 20 * limitations under the License. 21 */ 22 #ifndef MBEDTLS_PEM_H 23 #define MBEDTLS_PEM_H 24 25 #if !defined(MBEDTLS_CONFIG_FILE) 26 #include "mbedtls/config.h" 27 #else 28 #include MBEDTLS_CONFIG_FILE 29 #endif 30 31 #include <stddef.h> 32 33 /** 34 * \name PEM Error codes 35 * These error codes are returned in case of errors reading the 36 * PEM data. 37 * \{ 38 */ 39 /** No PEM header or footer found. */ 40 #define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 41 /** PEM string is not as expected. */ 42 #define MBEDTLS_ERR_PEM_INVALID_DATA -0x1100 43 /** Failed to allocate memory. */ 44 #define MBEDTLS_ERR_PEM_ALLOC_FAILED -0x1180 45 /** RSA IV is not in hex-format. */ 46 #define MBEDTLS_ERR_PEM_INVALID_ENC_IV -0x1200 47 /** Unsupported key encryption algorithm. */ 48 #define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG -0x1280 49 /** Private key password can't be empty. */ 50 #define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED -0x1300 51 /** Given private key password does not allow for correct decryption. */ 52 #define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH -0x1380 53 /** Unavailable feature, e.g. hashing/encryption combination. */ 54 #define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE -0x1400 55 /** Bad input parameters to function. */ 56 #define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480 57 /* \} name */ 58 59 #ifdef __cplusplus 60 extern "C" { 61 #endif 62 63 #if defined(MBEDTLS_PEM_PARSE_C) 64 /** 65 * \brief PEM context structure 66 */ 67 typedef struct mbedtls_pem_context 68 { 69 unsigned char *buf; /*!< buffer for decoded data */ 70 size_t buflen; /*!< length of the buffer */ 71 unsigned char *info; /*!< buffer for extra header information */ 72 } 73 mbedtls_pem_context; 74 75 /** 76 * \brief PEM context setup 77 * 78 * \param ctx context to be initialized 79 */ 80 void mbedtls_pem_init( mbedtls_pem_context *ctx ); 81 82 /** 83 * \brief Read a buffer for PEM information and store the resulting 84 * data into the specified context buffers. 85 * 86 * \param ctx context to use 87 * \param header header string to seek and expect 88 * \param footer footer string to seek and expect 89 * \param data source data to look in (must be nul-terminated) 90 * \param pwd password for decryption (can be NULL) 91 * \param pwdlen length of password 92 * \param use_len destination for total length used (set after header is 93 * correctly read, so unless you get 94 * MBEDTLS_ERR_PEM_BAD_INPUT_DATA or 95 * MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is 96 * the length to skip) 97 * 98 * \note Attempts to check password correctness by verifying if 99 * the decrypted text starts with an ASN.1 sequence of 100 * appropriate length 101 * 102 * \return 0 on success, or a specific PEM error code 103 */ 104 int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer, 105 const unsigned char *data, 106 const unsigned char *pwd, 107 size_t pwdlen, size_t *use_len ); 108 109 /** 110 * \brief PEM context memory freeing 111 * 112 * \param ctx context to be freed 113 */ 114 void mbedtls_pem_free( mbedtls_pem_context *ctx ); 115 #endif /* MBEDTLS_PEM_PARSE_C */ 116 117 #if defined(MBEDTLS_PEM_WRITE_C) 118 /** 119 * \brief Write a buffer of PEM information from a DER encoded 120 * buffer. 121 * 122 * \param header The header string to write. 123 * \param footer The footer string to write. 124 * \param der_data The DER data to encode. 125 * \param der_len The length of the DER data \p der_data in Bytes. 126 * \param buf The buffer to write to. 127 * \param buf_len The length of the output buffer \p buf in Bytes. 128 * \param olen The address at which to store the total length written 129 * or required (if \p buf_len is not enough). 130 * 131 * \note You may pass \c NULL for \p buf and \c 0 for \p buf_len 132 * to request the length of the resulting PEM buffer in 133 * `*olen`. 134 * 135 * \note This function may be called with overlapping \p der_data 136 * and \p buf buffers. 137 * 138 * \return \c 0 on success. 139 * \return #MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL if \p buf isn't large 140 * enough to hold the PEM buffer. In this case, `*olen` holds 141 * the required minimum size of \p buf. 142 * \return Another PEM or BASE64 error code on other kinds of failure. 143 */ 144 int mbedtls_pem_write_buffer( const char *header, const char *footer, 145 const unsigned char *der_data, size_t der_len, 146 unsigned char *buf, size_t buf_len, size_t *olen ); 147 #endif /* MBEDTLS_PEM_WRITE_C */ 148 149 #ifdef __cplusplus 150 } 151 #endif 152 153 #endif /* pem.h */ 154