1 /**
2  * \file pk_wrap.h
3  *
4  * \brief Public Key abstraction layer: wrapper functions
5  */
6 /*
7  *  Copyright The Mbed TLS Contributors
8  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9  */
10 
11 #ifndef MBEDTLS_PK_WRAP_H
12 #define MBEDTLS_PK_WRAP_H
13 
14 #include "mbedtls/build_info.h"
15 
16 #include "mbedtls/pk.h"
17 
18 #if defined(MBEDTLS_PSA_CRYPTO_C)
19 #include "psa/crypto.h"
20 #endif /* MBEDTLS_PSA_CRYPTO_C */
21 
22 struct mbedtls_pk_info_t {
23     /** Public key type */
24     mbedtls_pk_type_t type;
25 
26     /** Type name */
27     const char *name;
28 
29     /** Get key size in bits */
30     size_t (*get_bitlen)(mbedtls_pk_context *pk);
31 
32     /** Tell if the context implements this type (e.g. ECKEY can do ECDSA) */
33     int (*can_do)(mbedtls_pk_type_t type);
34 
35     /** Verify signature */
36     int (*verify_func)(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
37                        const unsigned char *hash, size_t hash_len,
38                        const unsigned char *sig, size_t sig_len);
39 
40     /** Make signature */
41     int (*sign_func)(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
42                      const unsigned char *hash, size_t hash_len,
43                      unsigned char *sig, size_t sig_size, size_t *sig_len,
44                      int (*f_rng)(void *, unsigned char *, size_t),
45                      void *p_rng);
46 
47 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
48     /** Verify signature (restartable) */
49     int (*verify_rs_func)(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
50                           const unsigned char *hash, size_t hash_len,
51                           const unsigned char *sig, size_t sig_len,
52                           void *rs_ctx);
53 
54     /** Make signature (restartable) */
55     int (*sign_rs_func)(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
56                         const unsigned char *hash, size_t hash_len,
57                         unsigned char *sig, size_t sig_size, size_t *sig_len,
58                         int (*f_rng)(void *, unsigned char *, size_t),
59                         void *p_rng, void *rs_ctx);
60 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
61 
62     /** Decrypt message */
63     int (*decrypt_func)(mbedtls_pk_context *pk, const unsigned char *input, size_t ilen,
64                         unsigned char *output, size_t *olen, size_t osize,
65                         int (*f_rng)(void *, unsigned char *, size_t),
66                         void *p_rng);
67 
68     /** Encrypt message */
69     int (*encrypt_func)(mbedtls_pk_context *pk, const unsigned char *input, size_t ilen,
70                         unsigned char *output, size_t *olen, size_t osize,
71                         int (*f_rng)(void *, unsigned char *, size_t),
72                         void *p_rng);
73 
74     /** Check public-private key pair */
75     int (*check_pair_func)(mbedtls_pk_context *pub, mbedtls_pk_context *prv,
76                            int (*f_rng)(void *, unsigned char *, size_t),
77                            void *p_rng);
78 
79     /** Allocate a new context */
80     void * (*ctx_alloc_func)(void);
81 
82     /** Free the given context */
83     void (*ctx_free_func)(void *ctx);
84 
85 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
86     /** Allocate the restart context */
87     void *(*rs_alloc_func)(void);
88 
89     /** Free the restart context */
90     void (*rs_free_func)(void *rs_ctx);
91 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
92 
93     /** Interface with the debug module */
94     void (*debug_func)(mbedtls_pk_context *pk, mbedtls_pk_debug_item *items);
95 
96 };
97 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
98 /* Container for RSA-alt */
99 typedef struct {
100     void *key;
101     mbedtls_pk_rsa_alt_decrypt_func decrypt_func;
102     mbedtls_pk_rsa_alt_sign_func sign_func;
103     mbedtls_pk_rsa_alt_key_len_func key_len_func;
104 } mbedtls_rsa_alt_context;
105 #endif
106 
107 #if defined(MBEDTLS_RSA_C)
108 extern const mbedtls_pk_info_t mbedtls_rsa_info;
109 #endif
110 
111 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
112 extern const mbedtls_pk_info_t mbedtls_eckey_info;
113 extern const mbedtls_pk_info_t mbedtls_eckeydh_info;
114 #endif
115 
116 #if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
117 extern const mbedtls_pk_info_t mbedtls_ecdsa_info;
118 #endif
119 
120 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
121 extern const mbedtls_pk_info_t mbedtls_rsa_alt_info;
122 #endif
123 
124 #if defined(MBEDTLS_USE_PSA_CRYPTO)
125 extern const mbedtls_pk_info_t mbedtls_ecdsa_opaque_info;
126 extern const mbedtls_pk_info_t mbedtls_rsa_opaque_info;
127 
128 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
129 #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
130 int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa_ecdsa(psa_status_t status);
131 #endif
132 #endif
133 
134 #endif /* MBEDTLS_USE_PSA_CRYPTO */
135 
136 #if defined(MBEDTLS_PSA_CRYPTO_C)
137 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
138 int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa(psa_status_t status);
139 
140 #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ||    \
141     defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
142 int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa_rsa(psa_status_t status);
143 #endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
144 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
145 
146 #if defined(MBEDTLS_RSA_C)
147 int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t psa_alg_md,
148                                 mbedtls_rsa_context *rsa_ctx,
149                                 const unsigned char *hash, size_t hash_len,
150                                 unsigned char *sig, size_t sig_size,
151                                 size_t *sig_len);
152 #endif /* MBEDTLS_RSA_C */
153 
154 #endif /* MBEDTLS_PSA_CRYPTO_C */
155 
156 #endif /* MBEDTLS_PK_WRAP_H */
157