/src/mbedtls/library/pk_internal.h

Source (jump to first uncovered line)
/**
 * \file pk_internal.h
 *
 * \brief Public Key abstraction layer: internal (i.e. library only) functions
 *        and definitions.
 */
/*
 *  Copyright The Mbed TLS Contributors
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 */
#ifndef MBEDTLS_PK_INTERNAL_H
#define MBEDTLS_PK_INTERNAL_H

#include "mbedtls/pk.h"

#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#include "mbedtls/ecp.h"
#endif

#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#include "psa/crypto.h"

#include "psa_util_internal.h"
#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status)
#define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,     \
                                                                  psa_to_pk_rsa_errors,            \
                                                                  psa_pk_status_to_mbedtls)
#define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,   \
                                                                    psa_to_pk_ecdsa_errors,        \
                                                                    psa_pk_status_to_mbedtls)
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */

/* Headers/footers for PEM files */
#define PEM_BEGIN_PUBLIC_KEY    "-----BEGIN PUBLIC KEY-----"
#define PEM_END_PUBLIC_KEY      "-----END PUBLIC KEY-----"
#define PEM_BEGIN_PRIVATE_KEY_RSA   "-----BEGIN RSA PRIVATE KEY-----"
#define PEM_END_PRIVATE_KEY_RSA     "-----END RSA PRIVATE KEY-----"
#define PEM_BEGIN_PUBLIC_KEY_RSA     "-----BEGIN RSA PUBLIC KEY-----"
#define PEM_END_PUBLIC_KEY_RSA     "-----END RSA PUBLIC KEY-----"
#define PEM_BEGIN_PRIVATE_KEY_EC    "-----BEGIN EC PRIVATE KEY-----"
#define PEM_END_PRIVATE_KEY_EC      "-----END EC PRIVATE KEY-----"
#define PEM_BEGIN_PRIVATE_KEY_PKCS8 "-----BEGIN PRIVATE KEY-----"
#define PEM_END_PRIVATE_KEY_PKCS8   "-----END PRIVATE KEY-----"
#define PEM_BEGIN_ENCRYPTED_PRIVATE_KEY_PKCS8 "-----BEGIN ENCRYPTED PRIVATE KEY-----"
#define PEM_END_ENCRYPTED_PRIVATE_KEY_PKCS8   "-----END ENCRYPTED PRIVATE KEY-----"

#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
/**
 * Public function mbedtls_pk_ec() can be used to get direct access to the
 * wrapped ecp_keypair structure pointed to the pk_ctx. However this is not
 * ideal because it bypasses the PK module on the control of its internal
 * structure (pk_context) fields.
 * For backward compatibility we keep mbedtls_pk_ec() when ECP_C is defined, but
 * we provide 2 very similar functions when only ECP_LIGHT is enabled and not
 * ECP_C.
 * These variants embed the "ro" or "rw" keywords in their name to make the
 * usage of the returned pointer explicit. Of course the returned value is
 * const or non-const accordingly.
 */
static inline const mbedtls_ecp_keypair *mbedtls_pk_ec_ro(const mbedtls_pk_context pk)
{
    switch (mbedtls_pk_get_type(&pk)) {
        case MBEDTLS_PK_ECKEY:
        case MBEDTLS_PK_ECKEY_DH:
        case MBEDTLS_PK_ECDSA:
            return (const mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx);
        default:
            return NULL;
    }
}

static inline mbedtls_ecp_keypair *mbedtls_pk_ec_rw(const mbedtls_pk_context pk)
{
    switch (mbedtls_pk_get_type(&pk)) {
        case MBEDTLS_PK_ECKEY:
        case MBEDTLS_PK_ECKEY_DH:
        case MBEDTLS_PK_ECDSA:
            return (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx);
        default:
            return NULL;
    }
}
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_PK_USE_PSA_EC_DATA */

#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
static inline mbedtls_ecp_group_id mbedtls_pk_get_ec_group_id(const mbedtls_pk_context *pk)
{
    mbedtls_ecp_group_id id;

#if defined(MBEDTLS_USE_PSA_CRYPTO)
    if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
        psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT;
        psa_key_type_t opaque_key_type;
        psa_ecc_family_t curve;

        if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) {
            return MBEDTLS_ECP_DP_NONE;
        }
        opaque_key_type = psa_get_key_type(&opaque_attrs);
        curve = PSA_KEY_TYPE_ECC_GET_FAMILY(opaque_key_type);
        id = mbedtls_ecc_group_from_psa(curve, psa_get_key_bits(&opaque_attrs));
        psa_reset_key_attributes(&opaque_attrs);
    } else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
    {
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
        id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits);
#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
        id = mbedtls_pk_ec_ro(*pk)->grp.id;
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
    }

    return id;
}

/* Helper for Montgomery curves */
#if defined(MBEDTLS_ECP_HAVE_CURVE25519) || defined(MBEDTLS_ECP_HAVE_CURVE448)
#define MBEDTLS_PK_HAVE_RFC8410_CURVES
#endif /* MBEDTLS_ECP_HAVE_CURVE25519 || MBEDTLS_ECP_DP_CURVE448 */

#define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id)  \
    ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448))

static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk)
{
    mbedtls_ecp_group_id id = mbedtls_pk_get_ec_group_id(pk);

    return MBEDTLS_PK_IS_RFC8410_GROUP_ID(id);
}

/*
 * Set the group used by this key.
 *
 * [in/out] pk: in: must have been pk_setup() to an ECC type
 *              out: will have group (curve) information set
 * [in] grp_in: a supported group ID (not NONE)
 */
int mbedtls_pk_ecc_set_group(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id);

/*
 * Set the private key material
 *
 * [in/out] pk: in: must have the group set already, see mbedtls_pk_ecc_set_group().
 *              out: will have the private key set.
 * [in] key, key_len: the raw private key (no ASN.1 wrapping).
 */
int mbedtls_pk_ecc_set_key(mbedtls_pk_context *pk, unsigned char *key, size_t key_len);

/*
 * Set the public key.
 *
 * [in/out] pk: in: must have its group set, see mbedtls_pk_ecc_set_group().
 *              out: will have the public key set.
 * [in] pub, pub_len: the raw public key (an ECPoint).
 *
 * Return:
 * - 0 on success;
 * - MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the format is potentially valid
 *   but not supported;
 * - another error code otherwise.
 */
int mbedtls_pk_ecc_set_pubkey(mbedtls_pk_context *pk, const unsigned char *pub, size_t pub_len);

/*
 * Derive a public key from its private counterpart.
 * Computationally intensive, only use when public key is not available.
 *
 * [in/out] pk: in: must have the private key set, see mbedtls_pk_ecc_set_key().
 *              out: will have the public key set.
 * [in] prv, prv_len: the raw private key (see note below).
 * [in] f_rng, p_rng: RNG function and context.
 *
 * Note: the private key information is always available from pk,
 * however for convenience the serialized version is also passed,
 * as it's available at each calling site, and useful in some configs
 * (as otherwise we would have to re-serialize it from the pk context).
 *
 * There are three implementations of this function:
 * 1. MBEDTLS_PK_USE_PSA_EC_DATA,
 * 2. MBEDTLS_USE_PSA_CRYPTO but not MBEDTLS_PK_USE_PSA_EC_DATA,
 * 3. not MBEDTLS_USE_PSA_CRYPTO.
 */
int mbedtls_pk_ecc_set_pubkey_from_prv(mbedtls_pk_context *pk,
                                       const unsigned char *prv, size_t prv_len,
                                       int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */

/* Helper for (deterministic) ECDSA */
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
#define MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET  PSA_ALG_DETERMINISTIC_ECDSA
#else
#define MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET  PSA_ALG_ECDSA
#endif

#if defined(MBEDTLS_TEST_HOOKS)
MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der(
    mbedtls_pk_context *pk,
    unsigned char *key, size_t keylen,
    const unsigned char *pwd, size_t pwdlen,
    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
#endif

#if defined(MBEDTLS_FS_IO)
int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n);
#endif

#endif /* MBEDTLS_PK_INTERNAL_H */

Coverage Report

Created: 2025-03-01 06:26

Line	Count	Source (jump to first uncovered line)
1		/**
2		* \file pk_internal.h
3		*
4		* \brief Public Key abstraction layer: internal (i.e. library only) functions
5		* and definitions.
6		*/
7		/*
8		* Copyright The Mbed TLS Contributors
9		* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
10		*/
11		#ifndef MBEDTLS_PK_INTERNAL_H
12		#define MBEDTLS_PK_INTERNAL_H
13
14		#include "mbedtls/pk.h"
15
16		#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
17		#include "mbedtls/ecp.h"
18		#endif
19
20		#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
21		#include "psa/crypto.h"
22
23		#include "psa_util_internal.h"
24	0	#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status)
25	0	#define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
26	0	psa_to_pk_rsa_errors, \
27	0	psa_pk_status_to_mbedtls)
28	0	#define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
29	0	psa_to_pk_ecdsa_errors, \
30	0	psa_pk_status_to_mbedtls)
31		#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
32
33		/* Headers/footers for PEM files */
34	0	#define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----"
35	0	#define PEM_END_PUBLIC_KEY "-----END PUBLIC KEY-----"
36	0	#define PEM_BEGIN_PRIVATE_KEY_RSA "-----BEGIN RSA PRIVATE KEY-----"
37	0	#define PEM_END_PRIVATE_KEY_RSA "-----END RSA PRIVATE KEY-----"
38	0	#define PEM_BEGIN_PUBLIC_KEY_RSA "-----BEGIN RSA PUBLIC KEY-----"
39	0	#define PEM_END_PUBLIC_KEY_RSA "-----END RSA PUBLIC KEY-----"
40	0	#define PEM_BEGIN_PRIVATE_KEY_EC "-----BEGIN EC PRIVATE KEY-----"
41	0	#define PEM_END_PRIVATE_KEY_EC "-----END EC PRIVATE KEY-----"
42	0	#define PEM_BEGIN_PRIVATE_KEY_PKCS8 "-----BEGIN PRIVATE KEY-----"
43	0	#define PEM_END_PRIVATE_KEY_PKCS8 "-----END PRIVATE KEY-----"
44	0	#define PEM_BEGIN_ENCRYPTED_PRIVATE_KEY_PKCS8 "-----BEGIN ENCRYPTED PRIVATE KEY-----"
45	0	#define PEM_END_ENCRYPTED_PRIVATE_KEY_PKCS8 "-----END ENCRYPTED PRIVATE KEY-----"
46
47		#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
48		/**
49		* Public function mbedtls_pk_ec() can be used to get direct access to the
50		* wrapped ecp_keypair structure pointed to the pk_ctx. However this is not
51		* ideal because it bypasses the PK module on the control of its internal
52		* structure (pk_context) fields.
53		* For backward compatibility we keep mbedtls_pk_ec() when ECP_C is defined, but
54		* we provide 2 very similar functions when only ECP_LIGHT is enabled and not
55		* ECP_C.
56		* These variants embed the "ro" or "rw" keywords in their name to make the
57		* usage of the returned pointer explicit. Of course the returned value is
58		* const or non-const accordingly.
59		*/
60		static inline const mbedtls_ecp_keypair *mbedtls_pk_ec_ro(const mbedtls_pk_context pk)
61	0	{
62	0	switch (mbedtls_pk_get_type(&pk)) {
63	0	case MBEDTLS_PK_ECKEY:
64	0	case MBEDTLS_PK_ECKEY_DH:
65	0	case MBEDTLS_PK_ECDSA:
66	0	return (const mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx);
67	0	default:
68	0	return NULL;
69	0	}
70	0	} Unexecuted instantiation: psa_exercise_key.c:mbedtls_pk_ec_ro Unexecuted instantiation: pkcs7.c:mbedtls_pk_ec_ro Unexecuted instantiation: x509.c:mbedtls_pk_ec_ro Unexecuted instantiation: x509_crl.c:mbedtls_pk_ec_ro Unexecuted instantiation: x509_crt.c:mbedtls_pk_ec_ro Unexecuted instantiation: pk.c:mbedtls_pk_ec_ro Unexecuted instantiation: pk_ecc.c:mbedtls_pk_ec_ro Unexecuted instantiation: pk_wrap.c:mbedtls_pk_ec_ro Unexecuted instantiation: pkparse.c:mbedtls_pk_ec_ro
71
72		static inline mbedtls_ecp_keypair *mbedtls_pk_ec_rw(const mbedtls_pk_context pk)
73	0	{
74	0	switch (mbedtls_pk_get_type(&pk)) {
75	0	case MBEDTLS_PK_ECKEY:
76	0	case MBEDTLS_PK_ECKEY_DH:
77	0	case MBEDTLS_PK_ECDSA:
78	0	return (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx);
79	0	default:
80	0	return NULL;
81	0	}
82	0	} Unexecuted instantiation: psa_exercise_key.c:mbedtls_pk_ec_rw Unexecuted instantiation: pkcs7.c:mbedtls_pk_ec_rw Unexecuted instantiation: x509.c:mbedtls_pk_ec_rw Unexecuted instantiation: x509_crl.c:mbedtls_pk_ec_rw Unexecuted instantiation: x509_crt.c:mbedtls_pk_ec_rw Unexecuted instantiation: pk.c:mbedtls_pk_ec_rw Unexecuted instantiation: pk_ecc.c:mbedtls_pk_ec_rw Unexecuted instantiation: pk_wrap.c:mbedtls_pk_ec_rw Unexecuted instantiation: pkparse.c:mbedtls_pk_ec_rw
83		#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_PK_USE_PSA_EC_DATA */
84
85		#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
86		static inline mbedtls_ecp_group_id mbedtls_pk_get_ec_group_id(const mbedtls_pk_context *pk)
87	0	{
88	0	mbedtls_ecp_group_id id;
89
90	0	#if defined(MBEDTLS_USE_PSA_CRYPTO)
91	0	if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
92	0	psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT;
93	0	psa_key_type_t opaque_key_type;
94	0	psa_ecc_family_t curve;
95
96	0	if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) {
97	0	return MBEDTLS_ECP_DP_NONE;
98	0	}
99	0	opaque_key_type = psa_get_key_type(&opaque_attrs);
100	0	curve = PSA_KEY_TYPE_ECC_GET_FAMILY(opaque_key_type);
101	0	id = mbedtls_ecc_group_from_psa(curve, psa_get_key_bits(&opaque_attrs));
102	0	psa_reset_key_attributes(&opaque_attrs);
103	0	} else
104	0	#endif /* MBEDTLS_USE_PSA_CRYPTO */
105	0	{
106		#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
107		id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits);
108		#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
109	0	id = mbedtls_pk_ec_ro(*pk)->grp.id;
110	0	#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
111	0	}
112
113	0	return id;
114	0	} Unexecuted instantiation: psa_exercise_key.c:mbedtls_pk_get_ec_group_id Unexecuted instantiation: pkcs7.c:mbedtls_pk_get_ec_group_id Unexecuted instantiation: x509.c:mbedtls_pk_get_ec_group_id Unexecuted instantiation: x509_crl.c:mbedtls_pk_get_ec_group_id Unexecuted instantiation: x509_crt.c:mbedtls_pk_get_ec_group_id Unexecuted instantiation: pk.c:mbedtls_pk_get_ec_group_id Unexecuted instantiation: pk_ecc.c:mbedtls_pk_get_ec_group_id Unexecuted instantiation: pk_wrap.c:mbedtls_pk_get_ec_group_id Unexecuted instantiation: pkparse.c:mbedtls_pk_get_ec_group_id
115
116		/* Helper for Montgomery curves */
117		#if defined(MBEDTLS_ECP_HAVE_CURVE25519) \|\| defined(MBEDTLS_ECP_HAVE_CURVE448)
118		#define MBEDTLS_PK_HAVE_RFC8410_CURVES
119		#endif /* MBEDTLS_ECP_HAVE_CURVE25519 \|\| MBEDTLS_ECP_DP_CURVE448 */
120
121		#define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \
122	0	((id == MBEDTLS_ECP_DP_CURVE25519) \|\| (id == MBEDTLS_ECP_DP_CURVE448))
123
124		static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk)
125	0	{
126	0	mbedtls_ecp_group_id id = mbedtls_pk_get_ec_group_id(pk);
127	0
128	0	return MBEDTLS_PK_IS_RFC8410_GROUP_ID(id);
129	0	} Unexecuted instantiation: psa_exercise_key.c:mbedtls_pk_is_rfc8410 Unexecuted instantiation: pkcs7.c:mbedtls_pk_is_rfc8410 Unexecuted instantiation: x509.c:mbedtls_pk_is_rfc8410 Unexecuted instantiation: x509_crl.c:mbedtls_pk_is_rfc8410 Unexecuted instantiation: x509_crt.c:mbedtls_pk_is_rfc8410 Unexecuted instantiation: pk.c:mbedtls_pk_is_rfc8410 Unexecuted instantiation: pk_ecc.c:mbedtls_pk_is_rfc8410 Unexecuted instantiation: pk_wrap.c:mbedtls_pk_is_rfc8410 Unexecuted instantiation: pkparse.c:mbedtls_pk_is_rfc8410
130
131		/*
132		* Set the group used by this key.
133		*
134		* [in/out] pk: in: must have been pk_setup() to an ECC type
135		* out: will have group (curve) information set
136		* [in] grp_in: a supported group ID (not NONE)
137		*/
138		int mbedtls_pk_ecc_set_group(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id);
139
140		/*
141		* Set the private key material
142		*
143		* [in/out] pk: in: must have the group set already, see mbedtls_pk_ecc_set_group().
144		* out: will have the private key set.
145		* [in] key, key_len: the raw private key (no ASN.1 wrapping).
146		*/
147		int mbedtls_pk_ecc_set_key(mbedtls_pk_context pk, unsigned char key, size_t key_len);
148
149		/*
150		* Set the public key.
151		*
152		* [in/out] pk: in: must have its group set, see mbedtls_pk_ecc_set_group().
153		* out: will have the public key set.
154		* [in] pub, pub_len: the raw public key (an ECPoint).
155		*
156		* Return:
157		* - 0 on success;
158		* - MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the format is potentially valid
159		* but not supported;
160		* - another error code otherwise.
161		*/
162		int mbedtls_pk_ecc_set_pubkey(mbedtls_pk_context pk, const unsigned char pub, size_t pub_len);
163
164		/*
165		* Derive a public key from its private counterpart.
166		* Computationally intensive, only use when public key is not available.
167		*
168		* [in/out] pk: in: must have the private key set, see mbedtls_pk_ecc_set_key().
169		* out: will have the public key set.
170		* [in] prv, prv_len: the raw private key (see note below).
171		* [in] f_rng, p_rng: RNG function and context.
172		*
173		* Note: the private key information is always available from pk,
174		* however for convenience the serialized version is also passed,
175		* as it's available at each calling site, and useful in some configs
176		* (as otherwise we would have to re-serialize it from the pk context).
177		*
178		* There are three implementations of this function:
179		* 1. MBEDTLS_PK_USE_PSA_EC_DATA,
180		* 2. MBEDTLS_USE_PSA_CRYPTO but not MBEDTLS_PK_USE_PSA_EC_DATA,
181		* 3. not MBEDTLS_USE_PSA_CRYPTO.
182		*/
183		int mbedtls_pk_ecc_set_pubkey_from_prv(mbedtls_pk_context *pk,
184		const unsigned char *prv, size_t prv_len,
185		int (f_rng)(void , unsigned char , size_t), void p_rng);
186		#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
187
188		/* Helper for (deterministic) ECDSA */
189		#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
190	0	#define MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET PSA_ALG_DETERMINISTIC_ECDSA
191		#else
192		#define MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET PSA_ALG_ECDSA
193		#endif
194
195		#if defined(MBEDTLS_TEST_HOOKS)
196		MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der(
197		mbedtls_pk_context *pk,
198		unsigned char *key, size_t keylen,
199		const unsigned char *pwd, size_t pwdlen,
200		int (f_rng)(void , unsigned char , size_t), void p_rng);
201		#endif
202
203		#if defined(MBEDTLS_FS_IO)
204		int mbedtls_pk_load_file(const char path, unsigned char buf, size_t n);
205		#endif
206
207		#endif /* MBEDTLS_PK_INTERNAL_H */