PK: support for opaque keys
Add a new key pair object type: MBEDTLS_PK_OPAQUE, intended for
implementations of asymmetric cryptography operations that call an
external cryptographic module.
External cryptographic module engines must implement the API described
by a mbedtls_pk_info_t structure and, usually, a custom setup function.
Document the fields of the mbedtls_pk_info_t structure and the
requirements on a PK engine. Also document non-obvious aspects of the
behavior of the pk interface functions on opaque keys.
Change the interface of check_pair_func to take a pointer to a full
mbedtls_pk_context as its pub argument, and not just the data part of
the context. This is necessary because when prv is opaque, pub may
legitimately be of a different type (typically prv would be opaque and
pub would be transparent).
diff --git a/library/error.c b/library/error.c
index 151ca4e..d60f652 100644
--- a/library/error.c
+++ b/library/error.c
@@ -288,6 +288,12 @@
mbedtls_snprintf( buf, buflen, "PK - Unavailable feature, e.g. RSA disabled for RSA key" );
if( use_ret == -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH) )
mbedtls_snprintf( buf, buflen, "PK - The signature is valid but its length is less than expected" );
+ if( use_ret == -(MBEDTLS_ERR_PK_INVALID_SIGNATURE) )
+ mbedtls_snprintf( buf, buflen, "PK - Invalid signature" );
+ if( use_ret == -(MBEDTLS_ERR_PK_BUFFER_TOO_SMALL) )
+ mbedtls_snprintf( buf, buflen, "PK - Output buffer too small" );
+ if( use_ret == -(MBEDTLS_ERR_PK_NOT_PERMITTED) )
+ mbedtls_snprintf( buf, buflen, "PK - Operation not permitted" );
#endif /* MBEDTLS_PK_C */
#if defined(MBEDTLS_PKCS12_C)