TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c53dee302d94c4efc78dfcd7cda23c9e617d9ad3 / . / include / mbedtls / pk_info.h
blob: a808c2cabac8164ba922ae6d2b4330a197a99ed3 [file] [log] [blame]
Gilles Peskine5cc7bc52017-11-03 11:58:25 +0100[diff] [blame]1/**
2 * \file pk_info.h
3 *
4 * \brief Public Key cryptography abstraction layer: object interface
5 *
6 * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 *
21 * This file is part of mbed TLS (https://tls.mbed.org)
22 */
23
24#ifndef MBEDTLS_PK_INFO_H
25#define MBEDTLS_PK_INFO_H
26
27#if !defined(MBEDTLS_CONFIG_FILE)
28#include "config.h"
29#else
30#include MBEDTLS_CONFIG_FILE
31#endif
32
33#include "pk.h"
34
Gilles Peskine02768b42017-11-03 19:20:27 +0100[diff] [blame]35#ifdef __cplusplus
36extern "C" {
37#endif
38
39/**
40 * Methods that opaque key pair objects must implement.
41 *
42 * Engines that interface with external cryptographic processors must
43 * implement this interface. Platform-specific hardware accelerators
44 * that can be used for all keys of a given type should use alternative
45 * ("xxx_alt") interfaces instead. This interface allows using different
46 * engines for each key.
47 *
48 * An engine for asymmetric cryptography must implement the interface
49 * described in this structure. The interface for the engine may be
50 * exposed in one of two ways:
51 *
52 * - Declare the mbedtls_pk_info_t structure and instruct users to call
53 * mbedtls_pk_setup with that structure.
54 * - Keep the mbedtls_pk_info_t structure hidden and declare a function
55 * to call instead of mbedtls_pk_setup. This function should have an
56 * interface of the form
57 * `int mbedtls_pk_setup_myengine(mbedtls_pk_context *, ...)`
58 * where the extra parameters depend on the engine, e.g. handles to keys
59 * stored in an external cryptographic module.
60 *
61 * Unless otherwise indicated, functions returning int must return an
62 * Mbed TLS status code, either 0 for success or a negative value to indicate
63 * an error. It is recommended to use the MBEDTLS_ERR_PK_XXX error codes
64 * defined in pk.h.
65 *
66 * Some methods are optional; this is clearly indicated in their description.
67 * If a method is optional, then an opaque key implementation may put NULL
68 * in the corresponding field. The corresponding function in pk.h will
69 * return MBEDTLS_ERR_PK_TYPE_MISMATCH in this case.
70 *
71 * \note If you are using the PK interface to perform operations on
72 * keys, call the functions in pk.h. The interface in this file should only
73 * be used by implementers of opaque key engines.
Andrzej Kureke7353102018-01-22 07:14:34 -0500[diff] [blame]74 *
75 * \warning: Do not declare this structure directly! It may be extended in
76 * future* versions of Mbed TLS. Call the macro
77 * MBEDTLS_PK_OPAQUE_INFO_1() or MBEDTLS_PK_OPAQUE_INFO_ASYNC_1() instead.
78 * These macros are guaranteed to take parameters with the same type
79 * and semantics as previous versions and fill any new field of the
80 * structure with sensible values.
Gilles Peskine02768b42017-11-03 19:20:27 +0100[diff] [blame]81 */
Gilles Peskine5cc7bc52017-11-03 11:58:25 +0100[diff] [blame]82struct mbedtls_pk_info_t
83{
Gilles Peskine02768b42017-11-03 19:20:27 +0100[diff] [blame]84 /** Key pair type.
85 *
86 * mbedtls_pk_get_type() returns this value.
87 *
88 * For transparent keys, this contains an indication of supported
89 * algorithms. For opaque keys, this is \c MBEDTLS_PK_OPAQUE. */
Gilles Peskine5cc7bc52017-11-03 11:58:25 +0100[diff] [blame]90 mbedtls_pk_type_t type;
91
Gilles Peskine02768b42017-11-03 19:20:27 +0100[diff] [blame]92 /** Type name.
93 *
94 * mbedtls_pk_get_name() returns this value. It must be a
95 * null-terminated string.
96 *
97 * For transparent keys, this reflects the key type. For opaque keys,
98 * this reflects the cryptographic module driver. */
Gilles Peskine5cc7bc52017-11-03 11:58:25 +0100[diff] [blame]99 const char *name;
100
Gilles Peskine02768b42017-11-03 19:20:27 +0100[diff] [blame]101 /** Get key size in bits.
102 *
103 * mbedtls_pk_get_bitlen() returns this value.
104 *
105 * This function cannot fail. */
Gilles Peskine5cc7bc52017-11-03 11:58:25 +0100[diff] [blame]106 size_t (*get_bitlen)( const void *ctx );
107
Gilles Peskine02768b42017-11-03 19:20:27 +0100[diff] [blame]108 /** Tell if the context implements this type (e.g.\ ECKEY can do ECDSA).
109 *
110 * mbedtls_pk_can_do() calls this function.
111 *
112 * This function is only based on the key type. It does not take any
113 * usage restrictions into account. */
Gilles Peskine5cc7bc52017-11-03 11:58:25 +0100[diff] [blame]114 int (*can_do)( const void * ctx, mbedtls_pk_type_t type );
115
Andrzej Kurek8b6aaca2018-01-22 07:04:46 -0500[diff] [blame]116 /** Signature size
117 *
118 * mbedtls_pk_signature_size() returns this value.
119 *
120 * Opaque implementations may omit this method if they do not support
121 * signature. */
122 size_t (*signature_size_func)( const void *ctx );
123
Gilles Peskine02768b42017-11-03 19:20:27 +0100[diff] [blame]124 /** Verify signature
125 *
126 * mbedtls_pk_verify() calls this function.
127 *
128 * Opaque implementations may omit this method if they do not support
129 * signature verification. */
Gilles Peskine5cc7bc52017-11-03 11:58:25 +0100[diff] [blame]130 int (*verify_func)( void *ctx, mbedtls_md_type_t md_alg,
131 const unsigned char *hash, size_t hash_len,
132 const unsigned char *sig, size_t sig_len );
133
Gilles Peskine02768b42017-11-03 19:20:27 +0100[diff] [blame]134 /** Make signature
135 *
136 * mbedtls_pk_sign() calls this function.
137 *
138 * Assume that the buffer \c sig has room for
139 * \c signature_size_func(ctx) bytes.
140 *
141 * The arguments \c f_rng and \c p_rng are provided in case the
142 * algorithm requires randomization. Implementations are not
143 * required to use it if they have their own random source. If \c
144 * f_rng is null, the implementation should operate if it can, and
145 * return #MBEDTLS_ERR_PK_BAD_INPUT_DATA otherwise.
146 *
147 * Opaque implementations may omit this method if they do not support
148 * signature. */
Gilles Peskine5cc7bc52017-11-03 11:58:25 +0100[diff] [blame]149 int (*sign_func)( void *ctx, mbedtls_md_type_t md_alg,
150 const unsigned char *hash, size_t hash_len,
151 unsigned char *sig, size_t *sig_len,
152 int (*f_rng)(void *, unsigned char *, size_t),
153 void *p_rng );
154
Gilles Peskine02768b42017-11-03 19:20:27 +0100[diff] [blame]155 /** Decrypt message
156 *
157 * mbedtls_pk_decrypt() calls this function.
158 *
159 * The arguments \c f_rng and \c p_rng are provided in case the
160 * algorithm requires randomization. Implementations are not
161 * required to use it if they have their own random source. If \c
162 * f_rng is null, the implementation should operate if it can, and
163 * return #MBEDTLS_ERR_PK_BAD_INPUT_DATA otherwise.
164 *
165 * Opaque implementations may omit this method if they do not support
166 * decryption. */
Gilles Peskine5cc7bc52017-11-03 11:58:25 +0100[diff] [blame]167 int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
168 unsigned char *output, size_t *olen, size_t osize,
169 int (*f_rng)(void *, unsigned char *, size_t),
170 void *p_rng );
171
Gilles Peskine02768b42017-11-03 19:20:27 +0100[diff] [blame]172 /** Encrypt message
173 *
174 * mbedtls_pk_decrypt() calls this function.
175 *
176 * The arguments \c f_rng and \c p_rng are provided in case the
177 * algorithm requires randomization. Implementations are not
178 * required to use it if they have their own random source. If \c
179 * f_rng is null, the implementation should operate if it can, and
180 * return #MBEDTLS_ERR_PK_BAD_INPUT_DATA otherwise.
181 *
182 * Opaque implementations may omit this method if they do not support
183 * encryption. */
Gilles Peskine5cc7bc52017-11-03 11:58:25 +0100[diff] [blame]184 int (*encrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
185 unsigned char *output, size_t *olen, size_t osize,
186 int (*f_rng)(void *, unsigned char *, size_t),
187 void *p_rng );
188
Gilles Peskine02768b42017-11-03 19:20:27 +0100[diff] [blame]189 /** Check public-private key pair
190 *
191 * mbedtls_pk_check_pair() calls this function on the private key pair
192 * object \c prv. The other argument \c pub may be of any type, but it
193 * is guaranteed to be initialized.
194 *
195 * Opaque implementations may omit this method. */
196 int (*check_pair_func)( const mbedtls_pk_context *pub, const void *prv );
Gilles Peskine5cc7bc52017-11-03 11:58:25 +0100[diff] [blame]197
Gilles Peskine02768b42017-11-03 19:20:27 +0100[diff] [blame]198 /** Allocate a new context
199 *
200 * mbedtls_pk_setup() calls this function.
201 *
202 * If this function returns NULL, the allocation is considered to
203 * have failed and the the object remains uninitialized.
204 *
205 * Opaque implementations may omit this method. In this case,
206 * mbedtls_pk_setup will set the \c pk_ctx field of the mbedtls_pk_context
207 * object to NULL, and it is up to an engine-specific setup function to
208 * initialize the \c pk_ctx field. This is useful if the size of the
209 * memory depends on extra parameters passed to the engine-specific setup
210 * function. */
Gilles Peskine5cc7bc52017-11-03 11:58:25 +0100[diff] [blame]211 void * (*ctx_alloc_func)( void );
212
Gilles Peskine02768b42017-11-03 19:20:27 +0100[diff] [blame]213 /** Free the given context
214 *
215 * mbedtls_pk_free() calls this function. It must free the data allocated
216 * by \b ctx_alloc_func as well as any other resource that belongs to
217 * the object.
218 * */
Gilles Peskine5cc7bc52017-11-03 11:58:25 +0100[diff] [blame]219 void (*ctx_free_func)( void *ctx );
220
Gilles Peskine02768b42017-11-03 19:20:27 +0100[diff] [blame]221 /** Interface with the debug module
222 *
223 * mbedtls_pk_debug() calls this function.
224 *
225 * Opaque implementations may omit this method. */
Gilles Peskine5cc7bc52017-11-03 11:58:25 +0100[diff] [blame]226 void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items );
227
Gilles Peskine5cc7bc52017-11-03 11:58:25 +0100[diff] [blame]228};
229
Andrzej Kureke7353102018-01-22 07:14:34 -0500[diff] [blame]230#define MBEDTLS_PK_OPAQUE_INFO_1( \
231 name \
232 , get_bitlen \
233 , can_do \
234 , signature_size_func \
235 , verify_func \
236 , sign_func \
237 , decrypt_func \
238 , encrypt_func \
239 , check_pair_func \
240 , ctx_alloc_func \
241 , ctx_free_func \
242 , debug_func \
243 ) \
244 { \
245 MBEDTLS_PK_OPAQUE \
246 , name \
247 , get_bitlen \
248 , can_do \
249 , signature_size_func \
250 , verify_func \
251 , sign_func \
252 , decrypt_func \
253 , encrypt_func \
254 , check_pair_func \
255 , ctx_alloc_func \
256 , ctx_free_func \
257 , debug_func \
258 }
259
Gilles Peskine02768b42017-11-03 19:20:27 +0100[diff] [blame]260#ifdef __cplusplus
261}
262#endif
263
Gilles Peskine5cc7bc52017-11-03 11:58:25 +0100[diff] [blame]264#endif /* MBEDTLS_PK_INFO_H */