1 /** 2 * \file pk_wrap.h 3 * 4 * \brief Public Key abstraction layer: wrapper functions 5 */ 6 /* 7 * Copyright The Mbed TLS Contributors 8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 9 */ 10 11 #ifndef MBEDTLS_PK_WRAP_H 12 #define MBEDTLS_PK_WRAP_H 13 14 #include "mbedtls/build_info.h" 15 16 #include "mbedtls/pk.h" 17 18 #if defined(MBEDTLS_PSA_CRYPTO_C) 19 #include "psa/crypto.h" 20 #endif /* MBEDTLS_PSA_CRYPTO_C */ 21 22 struct mbedtls_pk_info_t { 23 /** Public key type */ 24 mbedtls_pk_type_t type; 25 26 /** Type name */ 27 const char *name; 28 29 /** Get key size in bits */ 30 size_t (*get_bitlen)(mbedtls_pk_context *pk); 31 32 /** Tell if the context implements this type (e.g. ECKEY can do ECDSA) */ 33 int (*can_do)(mbedtls_pk_type_t type); 34 35 /** Verify signature */ 36 int (*verify_func)(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, 37 const unsigned char *hash, size_t hash_len, 38 const unsigned char *sig, size_t sig_len); 39 40 /** Make signature */ 41 int (*sign_func)(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, 42 const unsigned char *hash, size_t hash_len, 43 unsigned char *sig, size_t sig_size, size_t *sig_len, 44 int (*f_rng)(void *, unsigned char *, size_t), 45 void *p_rng); 46 47 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 48 /** Verify signature (restartable) */ 49 int (*verify_rs_func)(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, 50 const unsigned char *hash, size_t hash_len, 51 const unsigned char *sig, size_t sig_len, 52 void *rs_ctx); 53 54 /** Make signature (restartable) */ 55 int (*sign_rs_func)(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, 56 const unsigned char *hash, size_t hash_len, 57 unsigned char *sig, size_t sig_size, size_t *sig_len, 58 int (*f_rng)(void *, unsigned char *, size_t), 59 void *p_rng, void *rs_ctx); 60 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 61 62 /** Decrypt message */ 63 int (*decrypt_func)(mbedtls_pk_context *pk, const unsigned char *input, size_t ilen, 64 unsigned char *output, size_t *olen, size_t osize, 65 int (*f_rng)(void *, unsigned char *, size_t), 66 void *p_rng); 67 68 /** Encrypt message */ 69 int (*encrypt_func)(mbedtls_pk_context *pk, const unsigned char *input, size_t ilen, 70 unsigned char *output, size_t *olen, size_t osize, 71 int (*f_rng)(void *, unsigned char *, size_t), 72 void *p_rng); 73 74 /** Check public-private key pair */ 75 int (*check_pair_func)(mbedtls_pk_context *pub, mbedtls_pk_context *prv, 76 int (*f_rng)(void *, unsigned char *, size_t), 77 void *p_rng); 78 79 /** Allocate a new context */ 80 void * (*ctx_alloc_func)(void); 81 82 /** Free the given context */ 83 void (*ctx_free_func)(void *ctx); 84 85 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 86 /** Allocate the restart context */ 87 void *(*rs_alloc_func)(void); 88 89 /** Free the restart context */ 90 void (*rs_free_func)(void *rs_ctx); 91 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 92 93 /** Interface with the debug module */ 94 void (*debug_func)(mbedtls_pk_context *pk, mbedtls_pk_debug_item *items); 95 96 }; 97 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 98 /* Container for RSA-alt */ 99 typedef struct { 100 void *key; 101 mbedtls_pk_rsa_alt_decrypt_func decrypt_func; 102 mbedtls_pk_rsa_alt_sign_func sign_func; 103 mbedtls_pk_rsa_alt_key_len_func key_len_func; 104 } mbedtls_rsa_alt_context; 105 #endif 106 107 #if defined(MBEDTLS_RSA_C) 108 extern const mbedtls_pk_info_t mbedtls_rsa_info; 109 #endif 110 111 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 112 extern const mbedtls_pk_info_t mbedtls_eckey_info; 113 extern const mbedtls_pk_info_t mbedtls_eckeydh_info; 114 #endif 115 116 #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) 117 extern const mbedtls_pk_info_t mbedtls_ecdsa_info; 118 #endif 119 120 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 121 extern const mbedtls_pk_info_t mbedtls_rsa_alt_info; 122 #endif 123 124 #if defined(MBEDTLS_USE_PSA_CRYPTO) 125 extern const mbedtls_pk_info_t mbedtls_ecdsa_opaque_info; 126 extern const mbedtls_pk_info_t mbedtls_rsa_opaque_info; 127 128 #if !defined(MBEDTLS_DEPRECATED_REMOVED) 129 #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) 130 int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa_ecdsa(psa_status_t status); 131 #endif 132 #endif 133 134 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 135 136 #if defined(MBEDTLS_PSA_CRYPTO_C) 137 #if !defined(MBEDTLS_DEPRECATED_REMOVED) 138 int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa(psa_status_t status); 139 140 #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ 141 defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) 142 int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa_rsa(psa_status_t status); 143 #endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */ 144 #endif /* !MBEDTLS_DEPRECATED_REMOVED */ 145 146 #if defined(MBEDTLS_RSA_C) 147 int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t psa_alg_md, 148 mbedtls_rsa_context *rsa_ctx, 149 const unsigned char *hash, size_t hash_len, 150 unsigned char *sig, size_t sig_size, 151 size_t *sig_len); 152 #endif /* MBEDTLS_RSA_C */ 153 154 #endif /* MBEDTLS_PSA_CRYPTO_C */ 155 156 #endif /* MBEDTLS_PK_WRAP_H */ 157