Add the Labs projects provided in the V10.2.1_191129 zip file.

[freertos] / FreeRTOS-Labs / Source / mbedtls / include / mbedtls / pkcs11.h

/**\r
 * \file pkcs11.h\r
 *\r
 * \brief Wrapper for PKCS#11 library libpkcs11-helper\r
 *\r
 * \author Adriaan de Jong <dejong@fox-it.com>\r
 */\r
/*\r
 *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved\r
 *  SPDX-License-Identifier: Apache-2.0\r
 *\r
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may\r
 *  not use this file except in compliance with the License.\r
 *  You may obtain a copy of the License at\r
 *\r
 *  http://www.apache.org/licenses/LICENSE-2.0\r
 *\r
 *  Unless required by applicable law or agreed to in writing, software\r
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\r
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
 *  See the License for the specific language governing permissions and\r
 *  limitations under the License.\r
 *\r
 *  This file is part of mbed TLS (https://tls.mbed.org)\r
 */\r
#ifndef MBEDTLS_PKCS11_H\r
#define MBEDTLS_PKCS11_H\r
\r
#if !defined(MBEDTLS_CONFIG_FILE)\r
#include "config.h"\r
#else\r
#include MBEDTLS_CONFIG_FILE\r
#endif\r
\r
#if defined(MBEDTLS_PKCS11_C)\r
\r
#include "x509_crt.h"\r
\r
#include <pkcs11-helper-1.0/pkcs11h-certificate.h>\r
\r
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \\r
    !defined(inline) && !defined(__cplusplus)\r
#define inline __inline\r
#endif\r
\r
#ifdef __cplusplus\r
extern "C" {\r
#endif\r
\r
/**\r
 * Context for PKCS #11 private keys.\r
 */\r
typedef struct mbedtls_pkcs11_context\r
{\r
        pkcs11h_certificate_t pkcs11h_cert;\r
        int len;\r
} mbedtls_pkcs11_context;\r
\r
/**\r
 * Initialize a mbedtls_pkcs11_context.\r
 * (Just making memory references valid.)\r
 */\r
void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx );\r
\r
/**\r
 * Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.\r
 *\r
 * \param cert          X.509 certificate to fill\r
 * \param pkcs11h_cert  PKCS #11 helper certificate\r
 *\r
 * \return              0 on success.\r
 */\r
int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11h_cert );\r
\r
/**\r
 * Set up a mbedtls_pkcs11_context storing the given certificate. Note that the\r
 * mbedtls_pkcs11_context will take over control of the certificate, freeing it when\r
 * done.\r
 *\r
 * \param priv_key      Private key structure to fill.\r
 * \param pkcs11_cert   PKCS #11 helper certificate\r
 *\r
 * \return              0 on success\r
 */\r
int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key,\r
        pkcs11h_certificate_t pkcs11_cert );\r
\r
/**\r
 * Free the contents of the given private key context. Note that the structure\r
 * itself is not freed.\r
 *\r
 * \param priv_key      Private key structure to cleanup\r
 */\r
void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key );\r
\r
/**\r
 * \brief          Do an RSA private key decrypt, then remove the message\r
 *                 padding\r
 *\r
 * \param ctx      PKCS #11 context\r
 * \param mode     must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature\r
 * \param input    buffer holding the encrypted data\r
 * \param output   buffer that will hold the plaintext\r
 * \param olen     will contain the plaintext length\r
 * \param output_max_len    maximum length of the output buffer\r
 *\r
 * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code\r
 *\r
 * \note           The output buffer must be as large as the size\r
 *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise\r
 *                 an error is thrown.\r
 */\r
int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,\r
                       int mode, size_t *olen,\r
                       const unsigned char *input,\r
                       unsigned char *output,\r
                       size_t output_max_len );\r
\r
/**\r
 * \brief          Do a private RSA to sign a message digest\r
 *\r
 * \param ctx      PKCS #11 context\r
 * \param mode     must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature\r
 * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)\r
 * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)\r
 * \param hash     buffer holding the message digest\r
 * \param sig      buffer that will hold the ciphertext\r
 *\r
 * \return         0 if the signing operation was successful,\r
 *                 or an MBEDTLS_ERR_RSA_XXX error code\r
 *\r
 * \note           The "sig" buffer must be as large as the size\r
 *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).\r
 */\r
int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,\r
                    int mode,\r
                    mbedtls_md_type_t md_alg,\r
                    unsigned int hashlen,\r
                    const unsigned char *hash,\r
                    unsigned char *sig );\r
\r
/**\r
 * SSL/TLS wrappers for PKCS#11 functions\r
 */\r
static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen,\r
                        const unsigned char *input, unsigned char *output,\r
                        size_t output_max_len )\r
{\r
    return mbedtls_pkcs11_decrypt( (mbedtls_pkcs11_context *) ctx, mode, olen, input, output,\r
                           output_max_len );\r
}\r
\r
static inline int mbedtls_ssl_pkcs11_sign( void *ctx,\r
                     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,\r
                     int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,\r
                     const unsigned char *hash, unsigned char *sig )\r
{\r
    ((void) f_rng);\r
    ((void) p_rng);\r
    return mbedtls_pkcs11_sign( (mbedtls_pkcs11_context *) ctx, mode, md_alg,\r
                        hashlen, hash, sig );\r
}\r
\r
static inline size_t mbedtls_ssl_pkcs11_key_len( void *ctx )\r
{\r
    return ( (mbedtls_pkcs11_context *) ctx )->len;\r
}\r
\r
#ifdef __cplusplus\r
}\r
#endif\r
\r
#endif /* MBEDTLS_PKCS11_C */\r
\r
#endif /* MBEDTLS_PKCS11_H */\r