blob: e4b56188e8f58d585d14af1e490f86b4515d252c [file] [log] [blame]
Paul Bakkered27a042013-04-18 22:46:23 +02001/**
2 * \file pk.h
3 *
4 * \brief Public Key abstraction layer
5 *
6 * Copyright (C) 2006-2013, Brainspark B.V.
7 *
8 * This file is part of PolarSSL (http://www.polarssl.org)
9 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
10 *
11 * All rights reserved.
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License along
24 * with this program; if not, write to the Free Software Foundation, Inc.,
25 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 */
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +020027
Paul Bakkered27a042013-04-18 22:46:23 +020028#ifndef POLARSSL_PK_H
29#define POLARSSL_PK_H
30
Manuel Pégourié-Gonnard244569f2013-07-10 09:46:30 +020031#include "config.h"
32
Manuel Pégourié-Gonnardf73da022013-08-17 14:36:32 +020033#include "md.h"
34
Manuel Pégourié-Gonnard244569f2013-07-10 09:46:30 +020035#if defined(POLARSSL_RSA_C)
36#include "rsa.h"
37#endif
38
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +020039#if defined(POLARSSL_ECP_C)
40#include "ecp.h"
41#endif
42
Manuel Pégourié-Gonnard211a64c2013-08-09 15:04:26 +020043#if defined(POLARSSL_ECDSA_C)
44#include "ecdsa.h"
45#endif
46
Manuel Pégourié-Gonnard7a6c9462013-07-09 10:04:07 +020047#define POLARSSL_ERR_PK_MALLOC_FAILED -0x2F80 /**< Memory alloation failed. */
Manuel Pégourié-Gonnardfff80f82013-08-17 15:20:06 +020048#define POLARSSL_ERR_PK_TYPE_MISMATCH -0x2F00 /**< Type mismatch, eg attempt to encrypt with an ECDSA key */
Manuel Pégourié-Gonnard15699382013-08-14 19:22:48 +020049#define POLARSSL_ERR_PK_BAD_INPUT_DATA -0x2E80 /**< Bad input parameters to function. */
Paul Bakker1a7550a2013-09-15 13:01:22 +020050#define POLARSSL_ERR_PK_FILE_IO_ERROR -0x2E00 /**< Read/write of file failed. */
51#define POLARSSL_ERR_PK_KEY_INVALID_VERSION -0x2D80 /**< Unsupported key version */
52#define POLARSSL_ERR_PK_KEY_INVALID_FORMAT -0x2D00 /**< Invalid key tag or value. */
53#define POLARSSL_ERR_PK_UNKNOWN_PK_ALG -0x2C80 /**< Key algorithm is unsupported (only RSA and EC are supported). */
54#define POLARSSL_ERR_PK_PASSWORD_REQUIRED -0x2C00 /**< Private key password can't be empty. */
55#define POLARSSL_ERR_PK_PASSWORD_MISMATCH -0x2B80 /**< Given private key password does not allow for correct decryption. */
56#define POLARSSL_ERR_PK_INVALID_PUBKEY -0x2B00 /**< The pubkey tag or value is invalid (only RSA and EC are supported). */
57#define POLARSSL_ERR_PK_INVALID_ALG -0x2A80 /**< The algorithm tag or value is invalid. */
58#define POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE -0x2A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */
59#define POLARSSL_ERR_PK_FEATURE_UNAVAILABLE -0x2980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */
60
Manuel Pégourié-Gonnard7a6c9462013-07-09 10:04:07 +020061
Manuel Pégourié-Gonnard360a5832013-07-10 14:56:36 +020062#if defined(POLARSSL_RSA_C)
63/**
64 * Quick access to an RSA context inside a PK context.
65 *
66 * \warning You must make sure the PK context actually holds an RSA context
67 * before using this macro!
68 */
Manuel Pégourié-Gonnard3fb5c5e2013-08-14 18:26:41 +020069#define pk_rsa( pk ) ( (rsa_context *) (pk).pk_ctx )
Manuel Pégourié-Gonnardfd5164e2013-07-11 16:39:05 +020070#endif /* POLARSSL_RSA_C */
Manuel Pégourié-Gonnard360a5832013-07-10 14:56:36 +020071
72#if defined(POLARSSL_ECP_C)
73/**
74 * Quick access to an EC context inside a PK context.
75 *
76 * \warning You must make sure the PK context actually holds an EC context
77 * before using this macro!
78 */
Manuel Pégourié-Gonnard3fb5c5e2013-08-14 18:26:41 +020079#define pk_ec( pk ) ( (ecp_keypair *) (pk).pk_ctx )
Manuel Pégourié-Gonnardfd5164e2013-07-11 16:39:05 +020080#endif /* POLARSSL_ECP_C */
Manuel Pégourié-Gonnard360a5832013-07-10 14:56:36 +020081
82
Paul Bakkered27a042013-04-18 22:46:23 +020083#ifdef __cplusplus
84extern "C" {
85#endif
86
87/**
88 * \brief Public key types
89 */
90typedef enum {
91 POLARSSL_PK_NONE=0,
92 POLARSSL_PK_RSA,
Manuel Pégourié-Gonnard5a9b82e2013-07-01 16:57:44 +020093 POLARSSL_PK_ECKEY,
94 POLARSSL_PK_ECKEY_DH,
Manuel Pégourié-Gonnard1e60cd02013-07-10 10:28:53 +020095 POLARSSL_PK_ECDSA,
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +020096 POLARSSL_PK_RSA_ALT,
Manuel Pégourié-Gonnardb1d4eb12014-01-22 10:12:57 +010097 POLARSSL_PK_RSASSA_PSS,
Paul Bakkered27a042013-04-18 22:46:23 +020098} pk_type_t;
99
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200100/**
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200101 * \brief Types for interfacing with the debug module
102 */
103typedef enum
104{
105 POLARSSL_PK_DEBUG_NONE = 0,
106 POLARSSL_PK_DEBUG_MPI,
107 POLARSSL_PK_DEBUG_ECP,
108} pk_debug_type;
109
110/**
111 * \brief Item to send to the debug module
112 */
113typedef struct
114{
115 pk_debug_type type;
Paul Bakkerfcc17212013-10-11 09:36:52 +0200116 const char *name;
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200117 void *value;
118} pk_debug_item;
119
120/** Maximum number of item send for debugging, plus 1 */
121#define POLARSSL_PK_DEBUG_MAX_ITEMS 3
122
123/**
Manuel Pégourié-Gonnard3fb5c5e2013-08-14 18:26:41 +0200124 * \brief Public key information and operations
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200125 */
126typedef struct
127{
128 /** Public key type */
129 pk_type_t type;
130
Manuel Pégourié-Gonnardf8c948a2013-08-12 19:45:32 +0200131 /** Type name */
132 const char *name;
133
134 /** Get key size in bits */
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200135 size_t (*get_size)( const void * );
Manuel Pégourié-Gonnardf8c948a2013-08-12 19:45:32 +0200136
Paul Bakker4fc090a2013-09-18 15:43:25 +0200137 /** Tell if the context implements this type (e.g. ECKEY can do ECDSA) */
Manuel Pégourié-Gonnardf18c3e02013-08-12 18:41:18 +0200138 int (*can_do)( pk_type_t type );
139
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200140 /** Verify signature */
Manuel Pégourié-Gonnardf73da022013-08-17 14:36:32 +0200141 int (*verify_func)( void *ctx, md_type_t md_alg,
142 const unsigned char *hash, size_t hash_len,
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200143 const unsigned char *sig, size_t sig_len );
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200144
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200145 /** Make signature */
146 int (*sign_func)( void *ctx, md_type_t md_alg,
147 const unsigned char *hash, size_t hash_len,
148 unsigned char *sig, size_t *sig_len,
149 int (*f_rng)(void *, unsigned char *, size_t),
150 void *p_rng );
151
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200152 /** Decrypt message */
153 int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
154 unsigned char *output, size_t *olen, size_t osize,
155 int (*f_rng)(void *, unsigned char *, size_t),
156 void *p_rng );
157
158 /** Encrypt message */
159 int (*encrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
160 unsigned char *output, size_t *olen, size_t osize,
161 int (*f_rng)(void *, unsigned char *, size_t),
162 void *p_rng );
163
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200164 /** Allocate a new context */
165 void * (*ctx_alloc_func)( void );
166
167 /** Free the given context */
168 void (*ctx_free_func)( void *ctx );
169
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200170 /** Interface with the debug module */
171 void (*debug_func)( const void *ctx, pk_debug_item *items );
172
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200173} pk_info_t;
174
175/**
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200176 * \brief Public key container
177 */
178typedef struct
179{
Manuel Pégourié-Gonnard3fb5c5e2013-08-14 18:26:41 +0200180 const pk_info_t * pk_info; /**< Public key informations */
181 void * pk_ctx; /**< Underlying public key context */
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200182} pk_context;
183
184/**
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200185 * \brief Types for RSA-alt abstraction
186 */
187typedef int (*pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *olen,
188 const unsigned char *input, unsigned char *output,
189 size_t output_max_len );
190typedef int (*pk_rsa_alt_sign_func)( void *ctx,
191 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
Steffan Karger28d81a02013-11-13 16:57:58 +0100192 int mode, md_type_t md_alg, unsigned int hashlen,
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200193 const unsigned char *hash, unsigned char *sig );
194typedef size_t (*pk_rsa_alt_key_len_func)( void *ctx );
195
196/**
Manuel Pégourié-Gonnardab466942013-08-15 11:30:27 +0200197 * \brief Return information associated with the given PK type
198 *
Paul Bakkerdcbfdcc2013-09-10 16:16:50 +0200199 * \param pk_type PK type to search for.
Manuel Pégourié-Gonnardab466942013-08-15 11:30:27 +0200200 *
201 * \return The PK info associated with the type or NULL if not found.
202 */
203const pk_info_t *pk_info_from_type( pk_type_t pk_type );
204
205/**
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200206 * \brief Initialize a pk_context (as NONE)
207 */
208void pk_init( pk_context *ctx );
209
210/**
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200211 * \brief Free a pk_context
212 */
213void pk_free( pk_context *ctx );
214
215/**
Manuel Pégourié-Gonnardab466942013-08-15 11:30:27 +0200216 * \brief Initialize a PK context with the information given
217 * and allocates the type-specific PK subcontext.
218 *
219 * \param ctx Context to initialize. Must be empty (type NONE).
220 * \param info Information to use
221 *
222 * \return 0 on success,
223 * POLARSSL_ERR_PK_BAD_INPUT_DATA on invalid input,
224 * POLARSSL_ERR_PK_MALLOC_FAILED on allocation failure.
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200225 *
Manuel Pégourié-Gonnardb4fae572014-01-20 11:22:25 +0100226 * \note For RSA contexts, padding defaults to PKCS_V15.
227 * Use pk_rsa_set_padding() to change it.
228 *
229 * \note To create a context holding an RSA-alt key, use
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200230 * \c pk_init_ctx_rsa_alt() instead.
Manuel Pégourié-Gonnardab466942013-08-15 11:30:27 +0200231 */
232int pk_init_ctx( pk_context *ctx, const pk_info_t *info );
233
Manuel Pégourié-Gonnardb4fae572014-01-20 11:22:25 +0100234#if defined(POLARSSL_RSA_C)
235/**
236 * \brief Set the padding method for an RSA key
237 *
238 * Note: Set padding to RSA_PKCS_V21 for the RSAES-OAEP
239 * encryption scheme and the RSASSA-PSS signature scheme.
240 *
241 * \param ctx PK context to be set
242 * \param padding RSA_PKCS_V15 or RSA_PKCS_V21
243 * \param hash_id RSA_PKCS_V21 hash identifier
244 *
245 * \note The hash_id parameter is actually ignored
246 * when using RSA_PKCS_V15 padding.
247 */
248int pk_rsa_set_padding( pk_context *ctx, int padding, int hash_id );
249#endif /* POLARSSL_RSA_C */
250
Manuel Pégourié-Gonnardab466942013-08-15 11:30:27 +0200251/**
Paul Bakker4fc090a2013-09-18 15:43:25 +0200252 * \brief Initialize an RSA-alt context
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200253 *
254 * \param ctx Context to initialize. Must be empty (type NONE).
255 * \param key RSA key pointer
256 * \param decrypt_func Decryption function
257 * \param sign_func Signing function
258 * \param key_len_func Function returning key length
259 *
260 * \return 0 on success, or POLARSSL_ERR_PK_BAD_INPUT_DATA if the
261 * context wasn't already initialized as RSA_ALT.
262 *
263 * \note This function replaces \c pk_init_ctx() for RSA-alt.
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200264 */
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200265int pk_init_ctx_rsa_alt( pk_context *ctx, void * key,
266 pk_rsa_alt_decrypt_func decrypt_func,
267 pk_rsa_alt_sign_func sign_func,
268 pk_rsa_alt_key_len_func key_len_func );
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200269
270/**
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200271 * \brief Get the size in bits of the underlying key
272 *
273 * \param ctx Context to use
274 *
275 * \return Key size in bits, or 0 on error
276 */
277size_t pk_get_size( const pk_context *ctx );
278
279/**
Manuel Pégourié-Gonnard0d420492013-08-21 16:14:26 +0200280 * \brief Get the length in bytes of the underlying key
281 * \param ctx Context to use
282 *
Paul Bakker4fc090a2013-09-18 15:43:25 +0200283 * \return Key length in bytes, or 0 on error
Manuel Pégourié-Gonnard0d420492013-08-21 16:14:26 +0200284 */
Manuel Pégourié-Gonnardc6b68032013-08-22 17:36:45 +0200285static inline size_t pk_get_len( const pk_context *ctx )
Manuel Pégourié-Gonnard0d420492013-08-21 16:14:26 +0200286{
287 return( ( pk_get_size( ctx ) + 7 ) / 8 );
288}
289
290/**
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200291 * \brief Tell if a context can do the operation given by type
292 *
293 * \param ctx Context to test
294 * \param type Target type
295 *
296 * \return 0 if context can't do the operations,
297 * 1 otherwise.
298 */
299int pk_can_do( pk_context *ctx, pk_type_t type );
300
301/**
302 * \brief Verify signature
303 *
304 * \param ctx PK context to use
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200305 * \param md_alg Hash algorithm used (see notes)
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200306 * \param hash Hash of the message to sign
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200307 * \param hash_len Hash length or 0 (see notes)
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200308 * \param sig Signature to verify
309 * \param sig_len Signature length
310 *
311 * \return 0 on success (signature is valid),
312 * or a specific error code.
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200313 *
314 * \note If hash_len is 0, then the length associated with md_alg
315 * is used instead, or an error returned if it is invalid.
316 *
317 * \note md_alg may be POLARSSL_MD_NONE, only if hash_len != 0
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200318 */
Manuel Pégourié-Gonnardf73da022013-08-17 14:36:32 +0200319int pk_verify( pk_context *ctx, md_type_t md_alg,
320 const unsigned char *hash, size_t hash_len,
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200321 const unsigned char *sig, size_t sig_len );
322
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200323/**
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200324 * \brief Make signature
325 *
326 * \param ctx PK context to use
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200327 * \param md_alg Hash algorithm used (see notes)
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200328 * \param hash Hash of the message to sign
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200329 * \param hash_len Hash length or 0 (see notes)
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200330 * \param sig Place to write the signature
331 * \param sig_len Number of bytes written
332 * \param f_rng RNG function
333 * \param p_rng RNG parameter
334 *
335 * \return 0 on success, or a specific error code.
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200336 *
337 * \note If hash_len is 0, then the length associated with md_alg
338 * is used instead, or an error returned if it is invalid.
339 *
340 * \note md_alg may be POLARSSL_MD_NONE, only if hash_len != 0
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200341 */
342int pk_sign( pk_context *ctx, md_type_t md_alg,
343 const unsigned char *hash, size_t hash_len,
344 unsigned char *sig, size_t *sig_len,
345 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
346
347/**
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200348 * \brief Decrypt message
349 *
350 * \param ctx PK context to use
351 * \param input Input to decrypt
352 * \param ilen Input size
353 * \param output Decrypted output
Paul Bakker4fc090a2013-09-18 15:43:25 +0200354 * \param olen Decrypted message length
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200355 * \param osize Size of the output buffer
Paul Bakkerdcbfdcc2013-09-10 16:16:50 +0200356 * \param f_rng RNG function
357 * \param p_rng RNG parameter
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200358 *
359 * \return 0 on success, or a specific error code.
360 */
361int pk_decrypt( pk_context *ctx,
362 const unsigned char *input, size_t ilen,
363 unsigned char *output, size_t *olen, size_t osize,
364 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
365
366/**
367 * \brief Encrypt message
368 *
369 * \param ctx PK context to use
370 * \param input Message to encrypt
371 * \param ilen Message size
372 * \param output Encrypted output
373 * \param olen Encrypted output length
374 * \param osize Size of the output buffer
Paul Bakkerdcbfdcc2013-09-10 16:16:50 +0200375 * \param f_rng RNG function
376 * \param p_rng RNG parameter
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200377 *
378 * \return 0 on success, or a specific error code.
379 */
380int pk_encrypt( pk_context *ctx,
381 const unsigned char *input, size_t ilen,
382 unsigned char *output, size_t *olen, size_t osize,
383 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
384
385/**
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200386 * \brief Export debug information
387 *
388 * \param ctx Context to use
389 * \param items Place to write debug items
390 *
Paul Bakker4fc090a2013-09-18 15:43:25 +0200391 * \return 0 on success or POLARSSL_ERR_PK_BAD_INPUT_DATA
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200392 */
393int pk_debug( const pk_context *ctx, pk_debug_item *items );
394
Manuel Pégourié-Gonnard3fb5c5e2013-08-14 18:26:41 +0200395/**
396 * \brief Access the type name
397 *
398 * \param ctx Context to use
399 *
400 * \return Type name on success, or "invalid PK"
401 */
402const char * pk_get_name( const pk_context *ctx );
403
Manuel Pégourié-Gonnard8053da42013-09-11 22:28:30 +0200404/**
Paul Bakker4fc090a2013-09-18 15:43:25 +0200405 * \brief Get the key type
Manuel Pégourié-Gonnard8053da42013-09-11 22:28:30 +0200406 *
407 * \param ctx Context to use
408 *
409 * \return Type on success, or POLARSSL_PK_NONE
410 */
411pk_type_t pk_get_type( const pk_context *ctx );
412
Paul Bakker4606c732013-09-15 17:04:23 +0200413#if defined(POLARSSL_PK_PARSE_C)
Paul Bakkerff3a5182013-09-16 22:42:19 +0200414/** \ingroup pk_module */
Paul Bakker1a7550a2013-09-15 13:01:22 +0200415/**
416 * \brief Parse a private key
417 *
418 * \param ctx key to be initialized
419 * \param key input buffer
420 * \param keylen size of the buffer
421 * \param pwd password for decryption (optional)
422 * \param pwdlen size of the password
423 *
424 * \return 0 if successful, or a specific PK or PEM error code
425 */
426int pk_parse_key( pk_context *ctx,
427 const unsigned char *key, size_t keylen,
428 const unsigned char *pwd, size_t pwdlen );
429
Paul Bakkerff3a5182013-09-16 22:42:19 +0200430/** \ingroup pk_module */
Paul Bakker1a7550a2013-09-15 13:01:22 +0200431/**
432 * \brief Parse a public key
433 *
434 * \param ctx key to be initialized
435 * \param key input buffer
436 * \param keylen size of the buffer
437 *
438 * \return 0 if successful, or a specific PK or PEM error code
439 */
440int pk_parse_public_key( pk_context *ctx,
441 const unsigned char *key, size_t keylen );
442
443#if defined(POLARSSL_FS_IO)
Paul Bakkerff3a5182013-09-16 22:42:19 +0200444/** \ingroup pk_module */
Paul Bakker1a7550a2013-09-15 13:01:22 +0200445/**
Paul Bakkerc7bb02b2013-09-15 14:54:56 +0200446 * \brief Load and parse a private key
447 *
448 * \param ctx key to be initialized
449 * \param path filename to read the private key from
450 * \param password password to decrypt the file (can be NULL)
451 *
452 * \return 0 if successful, or a specific PK or PEM error code
453 */
454int pk_parse_keyfile( pk_context *ctx,
455 const char *path, const char *password );
456
Paul Bakkerff3a5182013-09-16 22:42:19 +0200457/** \ingroup pk_module */
Paul Bakkerc7bb02b2013-09-15 14:54:56 +0200458/**
Paul Bakker1a7550a2013-09-15 13:01:22 +0200459 * \brief Load and parse a public key
460 *
461 * \param ctx key to be initialized
462 * \param path filename to read the private key from
463 *
464 * \return 0 if successful, or a specific PK or PEM error code
465 */
466int pk_parse_public_keyfile( pk_context *ctx, const char *path );
467#endif /* POLARSSL_FS_IO */
Paul Bakker4606c732013-09-15 17:04:23 +0200468#endif /* POLARSSL_PK_PARSE_C */
Paul Bakker1a7550a2013-09-15 13:01:22 +0200469
Paul Bakker4606c732013-09-15 17:04:23 +0200470#if defined(POLARSSL_PK_WRITE_C)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200471/**
Paul Bakkerc7bb02b2013-09-15 14:54:56 +0200472 * \brief Write a private key to a PKCS#1 or SEC1 DER structure
473 * Note: data is written at the end of the buffer! Use the
474 * return value to determine where you should start
475 * using the buffer
476 *
Paul Bakkera36d23e2013-12-30 17:57:27 +0100477 * \param ctx private to write away
Paul Bakkerc7bb02b2013-09-15 14:54:56 +0200478 * \param buf buffer to write to
479 * \param size size of the buffer
480 *
481 * \return length of data written if successful, or a specific
482 * error code
483 */
Paul Bakkera36d23e2013-12-30 17:57:27 +0100484int pk_write_key_der( pk_context *ctx, unsigned char *buf, size_t size );
Paul Bakkerc7bb02b2013-09-15 14:54:56 +0200485
486/**
487 * \brief Write a public key to a SubjectPublicKeyInfo DER structure
488 * Note: data is written at the end of the buffer! Use the
489 * return value to determine where you should start
490 * using the buffer
491 *
Paul Bakkera36d23e2013-12-30 17:57:27 +0100492 * \param ctx public key to write away
Paul Bakkerc7bb02b2013-09-15 14:54:56 +0200493 * \param buf buffer to write to
494 * \param size size of the buffer
495 *
496 * \return length of data written if successful, or a specific
497 * error code
498 */
Paul Bakkera36d23e2013-12-30 17:57:27 +0100499int pk_write_pubkey_der( pk_context *ctx, unsigned char *buf, size_t size );
Paul Bakkerc7bb02b2013-09-15 14:54:56 +0200500
Paul Bakkercff68422013-09-15 20:43:33 +0200501#if defined(POLARSSL_PEM_WRITE_C)
Paul Bakkerc7bb02b2013-09-15 14:54:56 +0200502/**
503 * \brief Write a public key to a PEM string
504 *
Paul Bakkera36d23e2013-12-30 17:57:27 +0100505 * \param ctx public key to write away
Paul Bakkerc7bb02b2013-09-15 14:54:56 +0200506 * \param buf buffer to write to
507 * \param size size of the buffer
508 *
509 * \return 0 successful, or a specific error code
510 */
Paul Bakkera36d23e2013-12-30 17:57:27 +0100511int pk_write_pubkey_pem( pk_context *ctx, unsigned char *buf, size_t size );
Paul Bakkerc7bb02b2013-09-15 14:54:56 +0200512
513/**
514 * \brief Write a private key to a PKCS#1 or SEC1 PEM string
515 *
Paul Bakkera36d23e2013-12-30 17:57:27 +0100516 * \param ctx private to write away
Paul Bakkerc7bb02b2013-09-15 14:54:56 +0200517 * \param buf buffer to write to
518 * \param size size of the buffer
519 *
520 * \return 0 successful, or a specific error code
521 */
Paul Bakkera36d23e2013-12-30 17:57:27 +0100522int pk_write_key_pem( pk_context *ctx, unsigned char *buf, size_t size );
Paul Bakkercff68422013-09-15 20:43:33 +0200523#endif /* POLARSSL_PEM_WRITE_C */
Paul Bakker4606c732013-09-15 17:04:23 +0200524#endif /* POLARSSL_PK_WRITE_C */
Paul Bakkerc7bb02b2013-09-15 14:54:56 +0200525
526/*
527 * WARNING: Low-level functions. You probably do not want to use these unless
528 * you are certain you do ;)
529 */
530
Paul Bakker4606c732013-09-15 17:04:23 +0200531#if defined(POLARSSL_PK_PARSE_C)
Paul Bakkerc7bb02b2013-09-15 14:54:56 +0200532/**
Paul Bakker1a7550a2013-09-15 13:01:22 +0200533 * \brief Parse a SubjectPublicKeyInfo DER structure
534 *
535 * \param p the position in the ASN.1 data
536 * \param end end of the buffer
537 * \param pk the key to fill
538 *
539 * \return 0 if successful, or a specific PK error code
540 */
Paul Bakkerda771152013-09-16 22:45:03 +0200541int pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
542 pk_context *pk );
Paul Bakker4606c732013-09-15 17:04:23 +0200543#endif /* POLARSSL_PK_PARSE_C */
Paul Bakker1a7550a2013-09-15 13:01:22 +0200544
Paul Bakker4606c732013-09-15 17:04:23 +0200545#if defined(POLARSSL_PK_WRITE_C)
Paul Bakkerc7bb02b2013-09-15 14:54:56 +0200546/**
547 * \brief Write a subjectPublicKey to ASN.1 data
548 * Note: function works backwards in data buffer
549 *
550 * \param p reference to current position pointer
551 * \param start start of the buffer (for bounds-checking)
552 * \param key public key to write away
553 *
554 * \return the length written or a negative error code
555 */
556int pk_write_pubkey( unsigned char **p, unsigned char *start,
557 const pk_context *key );
Paul Bakker4606c732013-09-15 17:04:23 +0200558#endif /* POLARSSL_PK_WRITE_C */
Paul Bakkerc7bb02b2013-09-15 14:54:56 +0200559
Paul Bakkered27a042013-04-18 22:46:23 +0200560#ifdef __cplusplus
561}
562#endif
563
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200564#endif /* POLARSSL_PK_H */