1 /**
2 * \file pk_internal.h
3 *
4 * \brief Public Key abstraction layer: internal (i.e. library only) functions
5 * and definitions.
6 */
7 /*
8 * Copyright The Mbed TLS Contributors
9 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
10 */
11 #ifndef MBEDTLS_PK_INTERNAL_H
12 #define MBEDTLS_PK_INTERNAL_H
13
14 #include "mbedtls/pk.h"
15
16 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
17 #include "mbedtls/ecp.h"
18 #endif
19
20 #if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
21 #include "psa/crypto.h"
22
23 #include "psa_util_internal.h"
24 #define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status)
25 #define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
26 psa_to_pk_rsa_errors, \
27 psa_pk_status_to_mbedtls)
28 #define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
29 psa_to_pk_ecdsa_errors, \
30 psa_pk_status_to_mbedtls)
31 #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
32
33 /* Headers/footers for PEM files */
34 #define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----"
35 #define PEM_END_PUBLIC_KEY "-----END PUBLIC KEY-----"
36 #define PEM_BEGIN_PRIVATE_KEY_RSA "-----BEGIN RSA PRIVATE KEY-----"
37 #define PEM_END_PRIVATE_KEY_RSA "-----END RSA PRIVATE KEY-----"
38 #define PEM_BEGIN_PUBLIC_KEY_RSA "-----BEGIN RSA PUBLIC KEY-----"
39 #define PEM_END_PUBLIC_KEY_RSA "-----END RSA PUBLIC KEY-----"
40 #define PEM_BEGIN_PRIVATE_KEY_EC "-----BEGIN EC PRIVATE KEY-----"
41 #define PEM_END_PRIVATE_KEY_EC "-----END EC PRIVATE KEY-----"
42 #define PEM_BEGIN_PRIVATE_KEY_PKCS8 "-----BEGIN PRIVATE KEY-----"
43 #define PEM_END_PRIVATE_KEY_PKCS8 "-----END PRIVATE KEY-----"
44 #define PEM_BEGIN_ENCRYPTED_PRIVATE_KEY_PKCS8 "-----BEGIN ENCRYPTED PRIVATE KEY-----"
45 #define PEM_END_ENCRYPTED_PRIVATE_KEY_PKCS8 "-----END ENCRYPTED PRIVATE KEY-----"
46
47 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
48 /**
49 * Public function mbedtls_pk_ec() can be used to get direct access to the
50 * wrapped ecp_keypair structure pointed to the pk_ctx. However this is not
51 * ideal because it bypasses the PK module on the control of its internal
52 * structure (pk_context) fields.
53 * For backward compatibility we keep mbedtls_pk_ec() when ECP_C is defined, but
54 * we provide 2 very similar functions when only ECP_LIGHT is enabled and not
55 * ECP_C.
56 * These variants embed the "ro" or "rw" keywords in their name to make the
57 * usage of the returned pointer explicit. Of course the returned value is
58 * const or non-const accordingly.
59 */
mbedtls_pk_ec_ro(const mbedtls_pk_context pk)60 static inline const mbedtls_ecp_keypair *mbedtls_pk_ec_ro(const mbedtls_pk_context pk)
61 {
62 switch (mbedtls_pk_get_type(&pk)) {
63 case MBEDTLS_PK_ECKEY:
64 case MBEDTLS_PK_ECKEY_DH:
65 case MBEDTLS_PK_ECDSA:
66 return (const mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx);
67 default:
68 return NULL;
69 }
70 }
71
mbedtls_pk_ec_rw(const mbedtls_pk_context pk)72 static inline mbedtls_ecp_keypair *mbedtls_pk_ec_rw(const mbedtls_pk_context pk)
73 {
74 switch (mbedtls_pk_get_type(&pk)) {
75 case MBEDTLS_PK_ECKEY:
76 case MBEDTLS_PK_ECKEY_DH:
77 case MBEDTLS_PK_ECDSA:
78 return (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx);
79 default:
80 return NULL;
81 }
82 }
83 #endif /* MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_PK_USE_PSA_EC_DATA */
84
85 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
mbedtls_pk_get_ec_group_id(const mbedtls_pk_context * pk)86 static inline mbedtls_ecp_group_id mbedtls_pk_get_ec_group_id(const mbedtls_pk_context *pk)
87 {
88 mbedtls_ecp_group_id id;
89
90 #if defined(MBEDTLS_USE_PSA_CRYPTO)
91 if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
92 psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT;
93 psa_key_type_t opaque_key_type;
94 psa_ecc_family_t curve;
95
96 if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) {
97 return MBEDTLS_ECP_DP_NONE;
98 }
99 opaque_key_type = psa_get_key_type(&opaque_attrs);
100 curve = PSA_KEY_TYPE_ECC_GET_FAMILY(opaque_key_type);
101 id = mbedtls_ecc_group_from_psa(curve, psa_get_key_bits(&opaque_attrs));
102 psa_reset_key_attributes(&opaque_attrs);
103 } else
104 #endif /* MBEDTLS_USE_PSA_CRYPTO */
105 {
106 #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
107 id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits);
108 #else /* MBEDTLS_PK_USE_PSA_EC_DATA */
109 id = mbedtls_pk_ec_ro(*pk)->grp.id;
110 #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
111 }
112
113 return id;
114 }
115
116 /* Helper for Montgomery curves */
117 #if defined(MBEDTLS_ECP_HAVE_CURVE25519) || defined(MBEDTLS_ECP_HAVE_CURVE448)
118 #define MBEDTLS_PK_HAVE_RFC8410_CURVES
119 #endif /* MBEDTLS_ECP_HAVE_CURVE25519 || MBEDTLS_ECP_DP_CURVE448 */
120
121 #define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \
122 ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448))
123
mbedtls_pk_is_rfc8410(const mbedtls_pk_context * pk)124 static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk)
125 {
126 mbedtls_ecp_group_id id = mbedtls_pk_get_ec_group_id(pk);
127
128 return MBEDTLS_PK_IS_RFC8410_GROUP_ID(id);
129 }
130
131 /*
132 * Set the group used by this key.
133 *
134 * [in/out] pk: in: must have been pk_setup() to an ECC type
135 * out: will have group (curve) information set
136 * [in] grp_in: a supported group ID (not NONE)
137 */
138 int mbedtls_pk_ecc_set_group(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id);
139
140 /*
141 * Set the private key material
142 *
143 * [in/out] pk: in: must have the group set already, see mbedtls_pk_ecc_set_group().
144 * out: will have the private key set.
145 * [in] key, key_len: the raw private key (no ASN.1 wrapping).
146 */
147 int mbedtls_pk_ecc_set_key(mbedtls_pk_context *pk, unsigned char *key, size_t key_len);
148
149 /*
150 * Set the public key.
151 *
152 * [in/out] pk: in: must have its group set, see mbedtls_pk_ecc_set_group().
153 * out: will have the public key set.
154 * [in] pub, pub_len: the raw public key (an ECPoint).
155 *
156 * Return:
157 * - 0 on success;
158 * - MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the format is potentially valid
159 * but not supported;
160 * - another error code otherwise.
161 */
162 int mbedtls_pk_ecc_set_pubkey(mbedtls_pk_context *pk, const unsigned char *pub, size_t pub_len);
163
164 /*
165 * Derive a public key from its private counterpart.
166 * Computationally intensive, only use when public key is not available.
167 *
168 * [in/out] pk: in: must have the private key set, see mbedtls_pk_ecc_set_key().
169 * out: will have the public key set.
170 * [in] prv, prv_len: the raw private key (see note below).
171 * [in] f_rng, p_rng: RNG function and context.
172 *
173 * Note: the private key information is always available from pk,
174 * however for convenience the serialized version is also passed,
175 * as it's available at each calling site, and useful in some configs
176 * (as otherwise we would have to re-serialize it from the pk context).
177 *
178 * There are three implementations of this function:
179 * 1. MBEDTLS_PK_USE_PSA_EC_DATA,
180 * 2. MBEDTLS_USE_PSA_CRYPTO but not MBEDTLS_PK_USE_PSA_EC_DATA,
181 * 3. not MBEDTLS_USE_PSA_CRYPTO.
182 */
183 int mbedtls_pk_ecc_set_pubkey_from_prv(mbedtls_pk_context *pk,
184 const unsigned char *prv, size_t prv_len,
185 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
186 #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
187
188 /* Helper for (deterministic) ECDSA */
189 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
190 #define MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET PSA_ALG_DETERMINISTIC_ECDSA
191 #else
192 #define MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET PSA_ALG_ECDSA
193 #endif
194
195 #if defined(MBEDTLS_TEST_HOOKS)
196 MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der(
197 mbedtls_pk_context *pk,
198 unsigned char *key, size_t keylen,
199 const unsigned char *pwd, size_t pwdlen,
200 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
201 #endif
202
203 #if defined(MBEDTLS_FS_IO)
204 int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n);
205 #endif
206
207 #endif /* MBEDTLS_PK_INTERNAL_H */
208
