S2OPC OPCUA Toolkit
mbedtls_common.h
Go to the documentation of this file.
1 /*
2  * Licensed to Systerel under one or more contributor license
3  * agreements. See the NOTICE file distributed with this work
4  * for additional information regarding copyright ownership.
5  * Systerel licenses this file to you under the Apache
6  * License, Version 2.0 (the "License"); you may not use this
7  * file except in compliance with the License. You may obtain
8  * a copy of the License at
9  *
10  * http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing,
13  * software distributed under the License is distributed on an
14  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15  * KIND, either express or implied. See the License for the
16  * specific language governing permissions and limitations
17  * under the License.
18  */
19 
25 #ifndef SOPC_CRYPTO_MBEDTLS_COMMON_H_
26 #define SOPC_CRYPTO_MBEDTLS_COMMON_H_
27 
28 #include "mbedtls/version.h"
29 
30 #if MBEDTLS_VERSION_MAJOR == 2
31 #if MBEDTLS_VERSION_MINOR >= 28
32 #define MBEDTLS_CAN_RESOLVE_HOSTNAME 1
33 #else
34 #define MBEDTLS_CAN_RESOLVE_HOSTNAME 0
35 /* X509 SAN are not implemented before 2.28 but these values are only used to write generic ASN.1 buffer */
36 #define MBEDTLS_X509_SAN_DNS_NAME 2
37 #define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER 6
38 #endif // MBEDTLS_VERSION_MINOR >= 28
39 
40 /* MBEDTLS V2 */
41 #define MBEDTLS_RSA_RSAES_OAEP_ENCRYPT(ctx, f_rng, p_rng, label, label_len, ilen, input, output) \
42  mbedtls_rsa_rsaes_oaep_encrypt(ctx, f_rng, p_rng, MBEDTLS_RSA_PUBLIC, label, label_len, ilen, input, output)
43 #define MBEDTLS_RSA_RSAES_OAEP_DECRYPT(ctx, f_rng, p_rng, label, label_len, olen, input, output, output_max_len) \
44  mbedtls_rsa_rsaes_oaep_decrypt(ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, label, label_len, olen, input, output, \
45  output_max_len)
46 #define MBEDTLS_RSA_RSASSA_PKCS1_V15_SIGN(ctx, f_rng, p_rng, md_alg, hashlen, hash, sig) \
47  mbedtls_rsa_rsassa_pkcs1_v15_sign(ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg, hashlen, hash, sig)
48 #define MBEDTLS_RSA_RSASSA_PKCS1_V15_VERIFY(ctx, md_alg, hashlen, hash, sig) \
49  mbedtls_rsa_rsassa_pkcs1_v15_verify(ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, md_alg, hashlen, hash, sig)
50 #define MBEDTLS_RSA_RSASSA_PSS_SIGN(ctx, f_rng, p_rng, md_alg, hashlen, hash, sig) \
51  mbedtls_rsa_rsassa_pss_sign(ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg, hashlen, hash, sig)
52 #define MBEDTLS_RSA_RSASSA_PSS_VERIFY(ctx, md_alg, hashlen, hash, sig) \
53  mbedtls_rsa_rsassa_pss_verify(ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, md_alg, hashlen, hash, sig)
54 #define MBEDTLS_PK_PARSE_KEY mbedtls_pk_parse_key
55 #define MBEDTLS_RSA_SET_PADDING(prsa, padding, hash_id) mbedtls_rsa_set_padding(prsa, padding, (int) hash_id)
56 #define MBEDTLS_X509WRITE_CSR_SET_EXTENSION(ctx, oid, oid_len, val, val_len) \
57  mbedtls_x509write_csr_set_extension(ctx, oid, oid_len, val, val_len)
58 
59 #elif MBEDTLS_VERSION_MAJOR == 3
60 /* MBEDTLS V3 */
61 #define MBEDTLS_CAN_RESOLVE_HOSTNAME 1
62 #define MBEDTLS_RSA_RSAES_OAEP_ENCRYPT mbedtls_rsa_rsaes_oaep_encrypt
63 #define MBEDTLS_RSA_RSAES_OAEP_DECRYPT mbedtls_rsa_rsaes_oaep_decrypt
64 #define MBEDTLS_RSA_RSASSA_PKCS1_V15_SIGN mbedtls_rsa_rsassa_pkcs1_v15_sign
65 #define MBEDTLS_RSA_RSASSA_PKCS1_V15_VERIFY mbedtls_rsa_rsassa_pkcs1_v15_verify
66 #define MBEDTLS_RSA_RSASSA_PSS_SIGN mbedtls_rsa_rsassa_pss_sign
67 #define MBEDTLS_RSA_RSASSA_PSS_VERIFY mbedtls_rsa_rsassa_pss_verify
68 #define MBEDTLS_RSA_SET_PADDING(prsa, padding, hash_id) mbedtls_rsa_set_padding(prsa, padding, hash_id)
69 #define MBEDTLS_X509WRITE_CSR_SET_EXTENSION(ctx, oid, oid_len, val, val_len) \
70  mbedtls_x509write_csr_set_extension(ctx, oid, oid_len, 0, val, val_len)
71 
72 // Note: f_rng is set to NULL. mbedtls_pk_parse_key documentation states that it must not be NULL.
73 // However, this rng parameters are only used in scope of Elliptic curves.
74 #define MBEDTLS_PK_PARSE_KEY(ctx, key, keylen, pwd, pwdlen) \
75  mbedtls_pk_parse_key(ctx, key, keylen, pwd, pwdlen, NULL, NULL)
76 #ifdef MBEDTLS_ECP_C
77 // TODO : f_rng cannot be NULL in case of use of Elliptic curves
78 #error "Cannot use elliptic curves with MBEDTLS V3. MBEDTLS_PK_PARSE_KEY must be modified to receive f_rng"
79 #endif
80 
81 // These defines shall be set before including any other MBEDTLS headers
82 #ifndef MBEDTLS_ALLOW_PRIVATE_ACCESS
83 #define MBEDTLS_ALLOW_PRIVATE_ACCESS
84 #endif
85 
86 #else /* MBEDTLS_VERSION_MAJOR neither 2 nor 3 */
87 #error "Unsupported MBEDTLS VERSION (see MBEDTLS_VERSION_MAJOR)"
88 #endif
89 
90 #endif /* SOPC_CRYPTO_MBEDTLS_COMMON_H_ */