@@ -2830,10 +2830,48 @@ int wc_Curve25519KeyToDer(curve25519_key* key, byte* output, word32 outLen,
28302830 \endcode
28312831
28322832 \sa wc_Ed25519PrivateKeyToDer
2833+ \sa wc_Ed25519PrivateKeyDecode_ex
28332834*/
28342835int wc_Ed25519PrivateKeyDecode (const byte * input , word32 * inOutIdx ,
28352836 ed25519_key * key , word32 inSz );
28362837
2838+ /*!
2839+ \ingroup Ed25519
2840+ \brief Decodes Ed25519 private key from DER format with control over
2841+ validation of a bundled public key. When the DER contains a public key
2842+ and trusted is 0, the public key is validated with
2843+ wc_ed25519_check_key(), including a check that it matches the private
2844+ key. When trusted is 1 all validation of the bundled public key is
2845+ skipped, so trusted should only be set with known-good key material.
2846+ wc_Ed25519PrivateKeyDecode() behaves as trusted set to 0.
2847+
2848+ \return 0 on success
2849+ \return negative on error
2850+
2851+ \param input DER encoded Ed25519 private key buffer
2852+ \param inOutIdx Pointer to index in buffer
2853+ \param key Ed25519 key structure to store key
2854+ \param inSz Size of input buffer
2855+ \param trusted Indicates whether the bundled public key data is trusted.
2856+ When 0, the public key is validated with wc_ed25519_check_key().
2857+ When 1, the public key is imported without any validation.
2858+
2859+ _Example_
2860+ \code
2861+ ed25519_key key;
2862+ word32 idx = 0;
2863+ // key material comes from this application's own storage
2864+ int ret = wc_Ed25519PrivateKeyDecode_ex(derBuf, &idx, &key,
2865+ derSz, 1);
2866+ \endcode
2867+
2868+ \sa wc_Ed25519PrivateKeyDecode
2869+ \sa wc_Ed25519PrivateKeyToDer
2870+ \sa wc_ed25519_import_private_key_ex
2871+ */
2872+ int wc_Ed25519PrivateKeyDecode_ex (const byte * input , word32 * inOutIdx ,
2873+ ed25519_key * key , word32 inSz , int trusted );
2874+
28372875/*!
28382876 \ingroup Ed25519
28392877 \brief Decodes Ed25519 public key from DER format.
@@ -2952,10 +2990,48 @@ int wc_Ed25519PublicKeyToDer(const ed25519_key* key, byte* output,
29522990 \endcode
29532991
29542992 \sa wc_Ed448PrivateKeyToDer
2993+ \sa wc_Ed448PrivateKeyDecode_ex
29552994*/
29562995int wc_Ed448PrivateKeyDecode (const byte * input , word32 * inOutIdx ,
29572996 ed448_key * key , word32 inSz );
29582997
2998+ /*!
2999+ \ingroup Ed448
3000+ \brief Decodes Ed448 private key from DER format with control over
3001+ validation of a bundled public key. When the DER contains a public key
3002+ and trusted is 0, the public key is validated with wc_ed448_check_key(),
3003+ including a check that it matches the private key. When trusted is 1
3004+ all validation of the bundled public key is skipped, so trusted should
3005+ only be set with known-good key material. wc_Ed448PrivateKeyDecode()
3006+ behaves as trusted set to 0.
3007+
3008+ \return 0 on success
3009+ \return negative on error
3010+
3011+ \param input DER encoded Ed448 private key buffer
3012+ \param inOutIdx Pointer to index in buffer
3013+ \param key Ed448 key structure to store key
3014+ \param inSz Size of input buffer
3015+ \param trusted Indicates whether the bundled public key data is trusted.
3016+ When 0, the public key is validated with wc_ed448_check_key().
3017+ When 1, the public key is imported without any validation.
3018+
3019+ _Example_
3020+ \code
3021+ ed448_key key;
3022+ word32 idx = 0;
3023+ // key material comes from this application's own storage
3024+ int ret = wc_Ed448PrivateKeyDecode_ex(derBuf, &idx, &key,
3025+ derSz, 1);
3026+ \endcode
3027+
3028+ \sa wc_Ed448PrivateKeyDecode
3029+ \sa wc_Ed448PrivateKeyToDer
3030+ \sa wc_ed448_import_private_key_ex
3031+ */
3032+ int wc_Ed448PrivateKeyDecode_ex (const byte * input , word32 * inOutIdx ,
3033+ ed448_key * key , word32 inSz , int trusted );
3034+
29593035/*!
29603036 \ingroup Ed448
29613037 \brief Decodes Ed448 public key from DER format.
0 commit comments