1/** 2 * \file pk_internal.h 3 * 4 * \brief Public Key abstraction layer: internal (i.e. library only) functions 5 * and definitions. 6 */ 7/* 8 * Copyright The Mbed TLS Contributors 9 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 10 */ 11#ifndef MBEDTLS_PK_INTERNAL_H 12#define MBEDTLS_PK_INTERNAL_H 13 14#include "mbedtls/pk.h" 15 16#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 17#include "mbedtls/ecp.h" 18#endif 19 20#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) 21#include "psa/crypto.h" 22 23#include "psa_util_internal.h" 24#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status) 25#define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ 26 psa_to_pk_rsa_errors, \ 27 psa_pk_status_to_mbedtls) 28#define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ 29 psa_to_pk_ecdsa_errors, \ 30 psa_pk_status_to_mbedtls) 31#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ 32 33/* Headers/footers for PEM files */ 34#define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----" 35#define PEM_END_PUBLIC_KEY "-----END PUBLIC KEY-----" 36#define PEM_BEGIN_PRIVATE_KEY_RSA "-----BEGIN RSA PRIVATE KEY-----" 37#define PEM_END_PRIVATE_KEY_RSA "-----END RSA PRIVATE KEY-----" 38#define PEM_BEGIN_PUBLIC_KEY_RSA "-----BEGIN RSA PUBLIC KEY-----" 39#define PEM_END_PUBLIC_KEY_RSA "-----END RSA PUBLIC KEY-----" 40#define PEM_BEGIN_PRIVATE_KEY_EC "-----BEGIN EC PRIVATE KEY-----" 41#define PEM_END_PRIVATE_KEY_EC "-----END EC PRIVATE KEY-----" 42#define PEM_BEGIN_PRIVATE_KEY_PKCS8 "-----BEGIN PRIVATE KEY-----" 43#define PEM_END_PRIVATE_KEY_PKCS8 "-----END PRIVATE KEY-----" 44#define PEM_BEGIN_ENCRYPTED_PRIVATE_KEY_PKCS8 "-----BEGIN ENCRYPTED PRIVATE KEY-----" 45#define PEM_END_ENCRYPTED_PRIVATE_KEY_PKCS8 "-----END ENCRYPTED PRIVATE KEY-----" 46 47#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_PK_USE_PSA_EC_DATA) 48/** 49 * Public function mbedtls_pk_ec() can be used to get direct access to the 50 * wrapped ecp_keypair structure pointed to the pk_ctx. However this is not 51 * ideal because it bypasses the PK module on the control of its internal 52 * structure (pk_context) fields. 53 * For backward compatibility we keep mbedtls_pk_ec() when ECP_C is defined, but 54 * we provide 2 very similar functions when only ECP_LIGHT is enabled and not 55 * ECP_C. 56 * These variants embed the "ro" or "rw" keywords in their name to make the 57 * usage of the returned pointer explicit. Of course the returned value is 58 * const or non-const accordingly. 59 */ 60static inline const mbedtls_ecp_keypair *mbedtls_pk_ec_ro(const mbedtls_pk_context pk) 61{ 62 switch (mbedtls_pk_get_type(&pk)) { 63 case MBEDTLS_PK_ECKEY: 64 case MBEDTLS_PK_ECKEY_DH: 65 case MBEDTLS_PK_ECDSA: 66 return (const mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx); 67 default: 68 return NULL; 69 } 70} 71 72static inline mbedtls_ecp_keypair *mbedtls_pk_ec_rw(const mbedtls_pk_context pk) 73{ 74 switch (mbedtls_pk_get_type(&pk)) { 75 case MBEDTLS_PK_ECKEY: 76 case MBEDTLS_PK_ECKEY_DH: 77 case MBEDTLS_PK_ECDSA: 78 return (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx); 79 default: 80 return NULL; 81 } 82} 83#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_PK_USE_PSA_EC_DATA */ 84 85#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 86static inline mbedtls_ecp_group_id mbedtls_pk_get_ec_group_id(const mbedtls_pk_context *pk) 87{ 88 mbedtls_ecp_group_id id; 89 90#if defined(MBEDTLS_USE_PSA_CRYPTO) 91 if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { 92 psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT; 93 psa_key_type_t opaque_key_type; 94 psa_ecc_family_t curve; 95 96 if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) { 97 return MBEDTLS_ECP_DP_NONE; 98 } 99 opaque_key_type = psa_get_key_type(&opaque_attrs); 100 curve = PSA_KEY_TYPE_ECC_GET_FAMILY(opaque_key_type); 101 id = mbedtls_ecc_group_from_psa(curve, psa_get_key_bits(&opaque_attrs)); 102 psa_reset_key_attributes(&opaque_attrs); 103 } else 104#endif /* MBEDTLS_USE_PSA_CRYPTO */ 105 { 106#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 107 id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits); 108#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ 109 id = mbedtls_pk_ec_ro(*pk)->grp.id; 110#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ 111 } 112 113 return id; 114} 115 116/* Helper for Montgomery curves */ 117#if defined(MBEDTLS_ECP_HAVE_CURVE25519) || defined(MBEDTLS_ECP_HAVE_CURVE448) 118#define MBEDTLS_PK_HAVE_RFC8410_CURVES 119#endif /* MBEDTLS_ECP_HAVE_CURVE25519 || MBEDTLS_ECP_DP_CURVE448 */ 120 121#define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \ 122 ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448)) 123 124static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) 125{ 126 mbedtls_ecp_group_id id = mbedtls_pk_get_ec_group_id(pk); 127 128 return MBEDTLS_PK_IS_RFC8410_GROUP_ID(id); 129} 130 131/* 132 * Set the group used by this key. 133 * 134 * [in/out] pk: in: must have been pk_setup() to an ECC type 135 * out: will have group (curve) information set 136 * [in] grp_in: a supported group ID (not NONE) 137 */ 138int mbedtls_pk_ecc_set_group(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id); 139 140/* 141 * Set the private key material 142 * 143 * [in/out] pk: in: must have the group set already, see mbedtls_pk_ecc_set_group(). 144 * out: will have the private key set. 145 * [in] key, key_len: the raw private key (no ASN.1 wrapping). 146 */ 147int mbedtls_pk_ecc_set_key(mbedtls_pk_context *pk, unsigned char *key, size_t key_len); 148 149/* 150 * Set the public key. 151 * 152 * [in/out] pk: in: must have its group set, see mbedtls_pk_ecc_set_group(). 153 * out: will have the public key set. 154 * [in] pub, pub_len: the raw public key (an ECPoint). 155 * 156 * Return: 157 * - 0 on success; 158 * - MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the format is potentially valid 159 * but not supported; 160 * - another error code otherwise. 161 */ 162int mbedtls_pk_ecc_set_pubkey(mbedtls_pk_context *pk, const unsigned char *pub, size_t pub_len); 163 164/* 165 * Derive a public key from its private counterpart. 166 * Computationally intensive, only use when public key is not available. 167 * 168 * [in/out] pk: in: must have the private key set, see mbedtls_pk_ecc_set_key(). 169 * out: will have the public key set. 170 * [in] prv, prv_len: the raw private key (see note below). 171 * [in] f_rng, p_rng: RNG function and context. 172 * 173 * Note: the private key information is always available from pk, 174 * however for convenience the serialized version is also passed, 175 * as it's available at each calling site, and useful in some configs 176 * (as otherwise we would have to re-serialize it from the pk context). 177 * 178 * There are three implementations of this function: 179 * 1. MBEDTLS_PK_USE_PSA_EC_DATA, 180 * 2. MBEDTLS_USE_PSA_CRYPTO but not MBEDTLS_PK_USE_PSA_EC_DATA, 181 * 3. not MBEDTLS_USE_PSA_CRYPTO. 182 */ 183int mbedtls_pk_ecc_set_pubkey_from_prv(mbedtls_pk_context *pk, 184 const unsigned char *prv, size_t prv_len, 185 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); 186#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 187 188/* Helper for (deterministic) ECDSA */ 189#if defined(MBEDTLS_ECDSA_DETERMINISTIC) 190#define MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET PSA_ALG_DETERMINISTIC_ECDSA 191#else 192#define MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET PSA_ALG_ECDSA 193#endif 194 195#if defined(MBEDTLS_TEST_HOOKS) 196MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der( 197 mbedtls_pk_context *pk, 198 unsigned char *key, size_t keylen, 199 const unsigned char *pwd, size_t pwdlen, 200 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); 201#endif 202 203#if defined(MBEDTLS_FS_IO) 204int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n); 205#endif 206 207#endif /* MBEDTLS_PK_INTERNAL_H */ 208