1/**
2 * \file pem.h
3 *
4 * \brief Privacy Enhanced Mail (PEM) decoding
5 */
6/*
7 * Copyright The Mbed TLS Contributors
8 * SPDX-License-Identifier: Apache-2.0
9 *
10 * Licensed under the Apache License, Version 2.0 (the "License"); you may
11 * not use this file except in compliance with the License.
12 * You may obtain a copy of the License at
13 *
14 * http://www.apache.org/licenses/LICENSE-2.0
15 *
16 * Unless required by applicable law or agreed to in writing, software
17 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 * See the License for the specific language governing permissions and
20 * limitations under the License.
21 */
22#ifndef MBEDTLS_PEM_H
23#define MBEDTLS_PEM_H
24
25#if !defined(MBEDTLS_CONFIG_FILE)
26#include "mbedtls/config.h"
27#else
28#include MBEDTLS_CONFIG_FILE
29#endif
30
31#include <stddef.h>
32
33/**
34 * \name PEM Error codes
35 * These error codes are returned in case of errors reading the
36 * PEM data.
37 * \{
38 */
39/** No PEM header or footer found. */
40#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080
41/** PEM string is not as expected. */
42#define MBEDTLS_ERR_PEM_INVALID_DATA -0x1100
43/** Failed to allocate memory. */
44#define MBEDTLS_ERR_PEM_ALLOC_FAILED -0x1180
45/** RSA IV is not in hex-format. */
46#define MBEDTLS_ERR_PEM_INVALID_ENC_IV -0x1200
47/** Unsupported key encryption algorithm. */
48#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG -0x1280
49/** Private key password can't be empty. */
50#define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED -0x1300
51/** Given private key password does not allow for correct decryption. */
52#define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH -0x1380
53/** Unavailable feature, e.g. hashing/encryption combination. */
54#define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE -0x1400
55/** Bad input parameters to function. */
56#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480
57/** \} name PEM Error codes */
58
59#ifdef __cplusplus
60extern "C" {
61#endif
62
63#if defined(MBEDTLS_PEM_PARSE_C)
64/**
65 * \brief PEM context structure
66 */
67typedef struct mbedtls_pem_context {
68 unsigned char *buf; /*!< buffer for decoded data */
69 size_t buflen; /*!< length of the buffer */
70 unsigned char *info; /*!< buffer for extra header information */
71}
72mbedtls_pem_context;
73
74/**
75 * \brief PEM context setup
76 *
77 * \param ctx context to be initialized
78 */
79void mbedtls_pem_init(mbedtls_pem_context *ctx);
80
81/**
82 * \brief Read a buffer for PEM information and store the resulting
83 * data into the specified context buffers.
84 *
85 * \param ctx context to use
86 * \param header header string to seek and expect
87 * \param footer footer string to seek and expect
88 * \param data source data to look in (must be nul-terminated)
89 * \param pwd password for decryption (can be NULL)
90 * \param pwdlen length of password
91 * \param use_len destination for total length used (set after header is
92 * correctly read, so unless you get
93 * MBEDTLS_ERR_PEM_BAD_INPUT_DATA or
94 * MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is
95 * the length to skip)
96 *
97 * \note Attempts to check password correctness by verifying if
98 * the decrypted text starts with an ASN.1 sequence of
99 * appropriate length
100 *
101 * \return 0 on success, or a specific PEM error code
102 */
103int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const char *footer,
104 const unsigned char *data,
105 const unsigned char *pwd,
106 size_t pwdlen, size_t *use_len);
107
108/**
109 * \brief PEM context memory freeing
110 *
111 * \param ctx context to be freed
112 */
113void mbedtls_pem_free(mbedtls_pem_context *ctx);
114#endif /* MBEDTLS_PEM_PARSE_C */
115
116#if defined(MBEDTLS_PEM_WRITE_C)
117/**
118 * \brief Write a buffer of PEM information from a DER encoded
119 * buffer.
120 *
121 * \param header The header string to write.
122 * \param footer The footer string to write.
123 * \param der_data The DER data to encode.
124 * \param der_len The length of the DER data \p der_data in Bytes.
125 * \param buf The buffer to write to.
126 * \param buf_len The length of the output buffer \p buf in Bytes.
127 * \param olen The address at which to store the total length written
128 * or required (if \p buf_len is not enough).
129 *
130 * \note You may pass \c NULL for \p buf and \c 0 for \p buf_len
131 * to request the length of the resulting PEM buffer in
132 * `*olen`.
133 *
134 * \note This function may be called with overlapping \p der_data
135 * and \p buf buffers.
136 *
137 * \return \c 0 on success.
138 * \return #MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL if \p buf isn't large
139 * enough to hold the PEM buffer. In this case, `*olen` holds
140 * the required minimum size of \p buf.
141 * \return Another PEM or BASE64 error code on other kinds of failure.
142 */
143int mbedtls_pem_write_buffer(const char *header, const char *footer,
144 const unsigned char *der_data, size_t der_len,
145 unsigned char *buf, size_t buf_len, size_t *olen);
146#endif /* MBEDTLS_PEM_WRITE_C */
147
148#ifdef __cplusplus
149}
150#endif
151
152#endif /* pem.h */
153