1 /** 2 * \file pem.h 3 * 4 * \brief Privacy Enhanced Mail (PEM) decoding 5 */ 6 /* 7 * Copyright The Mbed TLS Contributors 8 * SPDX-License-Identifier: Apache-2.0 9 * 10 * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 * not use this file except in compliance with the License. 12 * You may obtain a copy of the License at 13 * 14 * http://www.apache.org/licenses/LICENSE-2.0 15 * 16 * Unless required by applicable law or agreed to in writing, software 17 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 * See the License for the specific language governing permissions and 20 * limitations under the License. 21 */ 22 #ifndef MBEDTLS_PEM_H 23 #define MBEDTLS_PEM_H 24 25 #if !defined(MBEDTLS_CONFIG_FILE) 26 #include "mbedtls/config.h" 27 #else 28 #include MBEDTLS_CONFIG_FILE 29 #endif 30 31 #include <stddef.h> 32 33 /** 34 * \name PEM Error codes 35 * These error codes are returned in case of errors reading the 36 * PEM data. 37 * \{ 38 */ 39 #define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 /**< No PEM header or footer found. */ 40 #define MBEDTLS_ERR_PEM_INVALID_DATA -0x1100 /**< PEM string is not as expected. */ 41 #define MBEDTLS_ERR_PEM_ALLOC_FAILED -0x1180 /**< Failed to allocate memory. */ 42 #define MBEDTLS_ERR_PEM_INVALID_ENC_IV -0x1200 /**< RSA IV is not in hex-format. */ 43 #define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG -0x1280 /**< Unsupported key encryption algorithm. */ 44 #define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED -0x1300 /**< Private key password can't be empty. */ 45 #define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH -0x1380 /**< Given private key password does not allow for correct decryption. */ 46 #define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE -0x1400 /**< Unavailable feature, e.g. hashing/encryption combination. */ 47 #define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480 /**< Bad input parameters to function. */ 48 /* \} name */ 49 50 #ifdef __cplusplus 51 extern "C" { 52 #endif 53 54 #if defined(MBEDTLS_PEM_PARSE_C) 55 /** 56 * \brief PEM context structure 57 */ 58 typedef struct mbedtls_pem_context 59 { 60 unsigned char *buf; /*!< buffer for decoded data */ 61 size_t buflen; /*!< length of the buffer */ 62 unsigned char *info; /*!< buffer for extra header information */ 63 } 64 mbedtls_pem_context; 65 66 /** 67 * \brief PEM context setup 68 * 69 * \param ctx context to be initialized 70 */ 71 void mbedtls_pem_init( mbedtls_pem_context *ctx ); 72 73 /** 74 * \brief Read a buffer for PEM information and store the resulting 75 * data into the specified context buffers. 76 * 77 * \param ctx context to use 78 * \param header header string to seek and expect 79 * \param footer footer string to seek and expect 80 * \param data source data to look in (must be nul-terminated) 81 * \param pwd password for decryption (can be NULL) 82 * \param pwdlen length of password 83 * \param use_len destination for total length used (set after header is 84 * correctly read, so unless you get 85 * MBEDTLS_ERR_PEM_BAD_INPUT_DATA or 86 * MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is 87 * the length to skip) 88 * 89 * \note Attempts to check password correctness by verifying if 90 * the decrypted text starts with an ASN.1 sequence of 91 * appropriate length 92 * 93 * \return 0 on success, or a specific PEM error code 94 */ 95 int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer, 96 const unsigned char *data, 97 const unsigned char *pwd, 98 size_t pwdlen, size_t *use_len ); 99 100 /** 101 * \brief PEM context memory freeing 102 * 103 * \param ctx context to be freed 104 */ 105 void mbedtls_pem_free( mbedtls_pem_context *ctx ); 106 #endif /* MBEDTLS_PEM_PARSE_C */ 107 108 #if defined(MBEDTLS_PEM_WRITE_C) 109 /** 110 * \brief Write a buffer of PEM information from a DER encoded 111 * buffer. 112 * 113 * \param header The header string to write. 114 * \param footer The footer string to write. 115 * \param der_data The DER data to encode. 116 * \param der_len The length of the DER data \p der_data in Bytes. 117 * \param buf The buffer to write to. 118 * \param buf_len The length of the output buffer \p buf in Bytes. 119 * \param olen The address at which to store the total length written 120 * or required (if \p buf_len is not enough). 121 * 122 * \note You may pass \c NULL for \p buf and \c 0 for \p buf_len 123 * to request the length of the resulting PEM buffer in 124 * `*olen`. 125 * 126 * \note This function may be called with overlapping \p der_data 127 * and \p buf buffers. 128 * 129 * \return \c 0 on success. 130 * \return #MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL if \p buf isn't large 131 * enough to hold the PEM buffer. In this case, `*olen` holds 132 * the required minimum size of \p buf. 133 * \return Another PEM or BASE64 error code on other kinds of failure. 134 */ 135 int mbedtls_pem_write_buffer( const char *header, const char *footer, 136 const unsigned char *der_data, size_t der_len, 137 unsigned char *buf, size_t buf_len, size_t *olen ); 138 #endif /* MBEDTLS_PEM_WRITE_C */ 139 140 #ifdef __cplusplus 141 } 142 #endif 143 144 #endif /* pem.h */ 145