Merge pull request #2735 from jareckib/master
[RRG-proxmark3.git] / common / mbedtls / pkcs11.h
blob1f864a515be4885cf1b7c6f3bae1c261ee0cd9a0
1 /**
2 * \file pkcs11.h
4 * \brief Wrapper for PKCS#11 library libpkcs11-helper
6 * \author Adriaan de Jong <dejong@fox-it.com>
7 */
8 /*
9 * Copyright The Mbed TLS Contributors
10 * SPDX-License-Identifier: Apache-2.0
12 * Licensed under the Apache License, Version 2.0 (the "License"); you may
13 * not use this file except in compliance with the License.
14 * You may obtain a copy of the License at
16 * http://www.apache.org/licenses/LICENSE-2.0
18 * Unless required by applicable law or agreed to in writing, software
19 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
20 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21 * See the License for the specific language governing permissions and
22 * limitations under the License.
24 #ifndef MBEDTLS_PKCS11_H
25 #define MBEDTLS_PKCS11_H
27 #if !defined(MBEDTLS_CONFIG_FILE)
28 #include "mbedtls/config.h"
29 #else
30 #include MBEDTLS_CONFIG_FILE
31 #endif
33 #if defined(MBEDTLS_PKCS11_C)
35 #include "mbedtls/x509_crt.h"
37 #include <pkcs11-helper-1.0/pkcs11h-certificate.h>
39 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
40 !defined(inline) && !defined(__cplusplus)
41 #define inline __inline
42 #endif
44 #ifdef __cplusplus
45 extern "C" {
46 #endif
48 #if defined(MBEDTLS_DEPRECATED_REMOVED)
50 /**
51 * Context for PKCS #11 private keys.
53 typedef struct mbedtls_pkcs11_context {
54 pkcs11h_certificate_t pkcs11h_cert;
55 int len;
56 } mbedtls_pkcs11_context;
58 #if defined(MBEDTLS_DEPRECATED_WARNING)
59 #define MBEDTLS_DEPRECATED __attribute__((deprecated))
60 #else
61 #define MBEDTLS_DEPRECATED
62 #endif
64 /**
65 * Initialize a mbedtls_pkcs11_context.
66 * (Just making memory references valid.)
68 * \deprecated This function is deprecated and will be removed in a
69 * future version of the library.
71 MBEDTLS_DEPRECATED void mbedtls_pkcs11_init(mbedtls_pkcs11_context *ctx);
73 /**
74 * Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.
76 * \deprecated This function is deprecated and will be removed in a
77 * future version of the library.
79 * \param cert X.509 certificate to fill
80 * \param pkcs11h_cert PKCS #11 helper certificate
82 * \return 0 on success.
84 MBEDTLS_DEPRECATED int mbedtls_pkcs11_x509_cert_bind(mbedtls_x509_crt *cert,
85 pkcs11h_certificate_t pkcs11h_cert);
87 /**
88 * Set up a mbedtls_pkcs11_context storing the given certificate. Note that the
89 * mbedtls_pkcs11_context will take over control of the certificate, freeing it when
90 * done.
92 * \deprecated This function is deprecated and will be removed in a
93 * future version of the library.
95 * \param priv_key Private key structure to fill.
96 * \param pkcs11_cert PKCS #11 helper certificate
98 * \return 0 on success
100 MBEDTLS_DEPRECATED int mbedtls_pkcs11_priv_key_bind(
101 mbedtls_pkcs11_context *priv_key,
102 pkcs11h_certificate_t pkcs11_cert);
105 * Free the contents of the given private key context. Note that the structure
106 * itself is not freed.
108 * \deprecated This function is deprecated and will be removed in a
109 * future version of the library.
111 * \param priv_key Private key structure to cleanup
113 MBEDTLS_DEPRECATED void mbedtls_pkcs11_priv_key_free(
114 mbedtls_pkcs11_context *priv_key);
117 * \brief Do an RSA private key decrypt, then remove the message
118 * padding
120 * \deprecated This function is deprecated and will be removed in a future
121 * version of the library.
123 * \param ctx PKCS #11 context
124 * \param mode must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
125 * \param input buffer holding the encrypted data
126 * \param output buffer that will hold the plaintext
127 * \param olen will contain the plaintext length
128 * \param output_max_len maximum length of the output buffer
130 * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
132 * \note The output buffer must be as large as the size
133 * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
134 * an error is thrown.
136 MBEDTLS_DEPRECATED int mbedtls_pkcs11_decrypt(mbedtls_pkcs11_context *ctx,
137 int mode, size_t *olen,
138 const unsigned char *input,
139 unsigned char *output,
140 size_t output_max_len);
143 * \brief Do a private RSA to sign a message digest
145 * \deprecated This function is deprecated and will be removed in a future
146 * version of the library.
148 * \param ctx PKCS #11 context
149 * \param mode must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
150 * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
151 * \param hashlen message digest length (for MBEDTLS_MD_NONE only)
152 * \param hash buffer holding the message digest
153 * \param sig buffer that will hold the ciphertext
155 * \return 0 if the signing operation was successful,
156 * or an MBEDTLS_ERR_RSA_XXX error code
158 * \note The "sig" buffer must be as large as the size
159 * of ctx->N (eg. 128 bytes if RSA-1024 is used).
161 MBEDTLS_DEPRECATED int mbedtls_pkcs11_sign(mbedtls_pkcs11_context *ctx,
162 int mode,
163 mbedtls_md_type_t md_alg,
164 unsigned int hashlen,
165 const unsigned char *hash,
166 unsigned char *sig);
169 * SSL/TLS wrappers for PKCS#11 functions
171 * \deprecated This function is deprecated and will be removed in a future
172 * version of the library.
174 MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_decrypt(void *ctx,
175 int mode, size_t *olen,
176 const unsigned char *input, unsigned char *output,
177 size_t output_max_len) {
178 return mbedtls_pkcs11_decrypt((mbedtls_pkcs11_context *) ctx, mode, olen, input, output,
179 output_max_len);
183 * \brief This function signs a message digest using RSA.
185 * \deprecated This function is deprecated and will be removed in a future
186 * version of the library.
188 * \param ctx The PKCS #11 context.
189 * \param f_rng The RNG function. This parameter is unused.
190 * \param p_rng The RNG context. This parameter is unused.
191 * \param mode The operation to run. This must be set to
192 * MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's
193 * signature.
194 * \param md_alg The message digest algorithm. One of the MBEDTLS_MD_XXX
195 * must be passed to this function and MBEDTLS_MD_NONE can be
196 * used for signing raw data.
197 * \param hashlen The message digest length (for MBEDTLS_MD_NONE only).
198 * \param hash The buffer holding the message digest.
199 * \param sig The buffer that will hold the ciphertext.
201 * \return \c 0 if the signing operation was successful.
202 * \return A non-zero error code on failure.
204 * \note The \p sig buffer must be as large as the size of
205 * <code>ctx->N</code>. For example, 128 bytes if RSA-1024 is
206 * used.
208 MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_sign(void *ctx,
209 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
210 int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
211 const unsigned char *hash, unsigned char *sig) {
212 ((void) f_rng);
213 ((void) p_rng);
214 return mbedtls_pkcs11_sign((mbedtls_pkcs11_context *) ctx, mode, md_alg,
215 hashlen, hash, sig);
219 * This function gets the length of the private key.
221 * \deprecated This function is deprecated and will be removed in a future
222 * version of the library.
224 * \param ctx The PKCS #11 context.
226 * \return The length of the private key.
228 MBEDTLS_DEPRECATED static inline size_t mbedtls_ssl_pkcs11_key_len(void *ctx) {
229 return ((mbedtls_pkcs11_context *) ctx)->len;
232 #undef MBEDTLS_DEPRECATED
234 #endif /* MBEDTLS_DEPRECATED_REMOVED */
236 #ifdef __cplusplus
238 #endif
240 #endif /* MBEDTLS_PKCS11_C */
242 #endif /* MBEDTLS_PKCS11_H */