Knight KE
/
Game_Master
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
pkparse.c
00001 /* 00002 * Public Key layer for parsing key files and structures 00003 * 00004 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00005 * SPDX-License-Identifier: Apache-2.0 00006 * 00007 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00008 * not use this file except in compliance with the License. 00009 * You may obtain a copy of the License at 00010 * 00011 * http://www.apache.org/licenses/LICENSE-2.0 00012 * 00013 * Unless required by applicable law or agreed to in writing, software 00014 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00015 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00016 * See the License for the specific language governing permissions and 00017 * limitations under the License. 00018 * 00019 * This file is part of mbed TLS (https://tls.mbed.org) 00020 */ 00021 00022 #if !defined(MBEDTLS_CONFIG_FILE) 00023 #include "mbedtls/config.h" 00024 #else 00025 #include MBEDTLS_CONFIG_FILE 00026 #endif 00027 00028 #if defined(MBEDTLS_PK_PARSE_C) 00029 00030 #include "mbedtls/pk.h" 00031 #include "mbedtls/asn1.h" 00032 #include "mbedtls/oid.h" 00033 #include "mbedtls/platform_util.h" 00034 00035 #include <string.h> 00036 00037 #if defined(MBEDTLS_RSA_C) 00038 #include "mbedtls/rsa.h" 00039 #endif 00040 #if defined(MBEDTLS_ECP_C) 00041 #include "mbedtls/ecp.h" 00042 #endif 00043 #if defined(MBEDTLS_ECDSA_C) 00044 #include "mbedtls/ecdsa.h" 00045 #endif 00046 #if defined(MBEDTLS_PEM_PARSE_C) 00047 #include "mbedtls/pem.h" 00048 #endif 00049 #if defined(MBEDTLS_PKCS5_C) 00050 #include "mbedtls/pkcs5.h" 00051 #endif 00052 #if defined(MBEDTLS_PKCS12_C) 00053 #include "mbedtls/pkcs12.h" 00054 #endif 00055 00056 #if defined(MBEDTLS_PLATFORM_C) 00057 #include "mbedtls/platform.h" 00058 #else 00059 #include <stdlib.h> 00060 #define mbedtls_calloc calloc 00061 #define mbedtls_free free 00062 #endif 00063 00064 #if defined(MBEDTLS_FS_IO) 00065 /* 00066 * Load all data from a file into a given buffer. 00067 * 00068 * The file is expected to contain either PEM or DER encoded data. 00069 * A terminating null byte is always appended. It is included in the announced 00070 * length only if the data looks like it is PEM encoded. 00071 */ 00072 int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ) 00073 { 00074 FILE *f; 00075 long size; 00076 00077 if( ( f = fopen( path, "rb" ) ) == NULL ) 00078 return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); 00079 00080 fseek( f, 0, SEEK_END ); 00081 if( ( size = ftell( f ) ) == -1 ) 00082 { 00083 fclose( f ); 00084 return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); 00085 } 00086 fseek( f, 0, SEEK_SET ); 00087 00088 *n = (size_t) size; 00089 00090 if( *n + 1 == 0 || 00091 ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL ) 00092 { 00093 fclose( f ); 00094 return( MBEDTLS_ERR_PK_ALLOC_FAILED ); 00095 } 00096 00097 if( fread( *buf, 1, *n, f ) != *n ) 00098 { 00099 fclose( f ); 00100 00101 mbedtls_platform_zeroize( *buf, *n ); 00102 mbedtls_free( *buf ); 00103 00104 return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); 00105 } 00106 00107 fclose( f ); 00108 00109 (*buf)[*n] = '\0'; 00110 00111 if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL ) 00112 ++*n; 00113 00114 return( 0 ); 00115 } 00116 00117 /* 00118 * Load and parse a private key 00119 */ 00120 int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, 00121 const char *path, const char *pwd ) 00122 { 00123 int ret; 00124 size_t n; 00125 unsigned char *buf; 00126 00127 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) 00128 return( ret ); 00129 00130 if( pwd == NULL ) 00131 ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 ); 00132 else 00133 ret = mbedtls_pk_parse_key( ctx, buf, n, 00134 (const unsigned char *) pwd, strlen( pwd ) ); 00135 00136 mbedtls_platform_zeroize( buf, n ); 00137 mbedtls_free( buf ); 00138 00139 return( ret ); 00140 } 00141 00142 /* 00143 * Load and parse a public key 00144 */ 00145 int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) 00146 { 00147 int ret; 00148 size_t n; 00149 unsigned char *buf; 00150 00151 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) 00152 return( ret ); 00153 00154 ret = mbedtls_pk_parse_public_key( ctx, buf, n ); 00155 00156 mbedtls_platform_zeroize( buf, n ); 00157 mbedtls_free( buf ); 00158 00159 return( ret ); 00160 } 00161 #endif /* MBEDTLS_FS_IO */ 00162 00163 #if defined(MBEDTLS_ECP_C) 00164 /* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf 00165 * 00166 * ECParameters ::= CHOICE { 00167 * namedCurve OBJECT IDENTIFIER 00168 * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... } 00169 * -- implicitCurve NULL 00170 * } 00171 */ 00172 static int pk_get_ecparams( unsigned char **p, const unsigned char *end, 00173 mbedtls_asn1_buf *params ) 00174 { 00175 int ret; 00176 00177 if ( end - *p < 1 ) 00178 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 00179 MBEDTLS_ERR_ASN1_OUT_OF_DATA ); 00180 00181 /* Tag may be either OID or SEQUENCE */ 00182 params->tag = **p; 00183 if( params->tag != MBEDTLS_ASN1_OID 00184 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) 00185 && params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) 00186 #endif 00187 ) 00188 { 00189 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 00190 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); 00191 } 00192 00193 if( ( ret = mbedtls_asn1_get_tag( p, end, ¶ms->len, params->tag ) ) != 0 ) 00194 { 00195 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00196 } 00197 00198 params->p = *p; 00199 *p += params->len; 00200 00201 if( *p != end ) 00202 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 00203 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00204 00205 return( 0 ); 00206 } 00207 00208 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) 00209 /* 00210 * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it. 00211 * WARNING: the resulting group should only be used with 00212 * pk_group_id_from_specified(), since its base point may not be set correctly 00213 * if it was encoded compressed. 00214 * 00215 * SpecifiedECDomain ::= SEQUENCE { 00216 * version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...), 00217 * fieldID FieldID {{FieldTypes}}, 00218 * curve Curve, 00219 * base ECPoint, 00220 * order INTEGER, 00221 * cofactor INTEGER OPTIONAL, 00222 * hash HashAlgorithm OPTIONAL, 00223 * ... 00224 * } 00225 * 00226 * We only support prime-field as field type, and ignore hash and cofactor. 00227 */ 00228 static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp ) 00229 { 00230 int ret; 00231 unsigned char *p = params->p; 00232 const unsigned char * const end = params->p + params->len; 00233 const unsigned char *end_field, *end_curve; 00234 size_t len; 00235 int ver; 00236 00237 /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */ 00238 if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 ) 00239 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00240 00241 if( ver < 1 || ver > 3 ) 00242 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 00243 00244 /* 00245 * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field 00246 * fieldType FIELD-ID.&id({IOSet}), 00247 * parameters FIELD-ID.&Type({IOSet}{@fieldType}) 00248 * } 00249 */ 00250 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00251 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00252 return( ret ); 00253 00254 end_field = p + len; 00255 00256 /* 00257 * FIELD-ID ::= TYPE-IDENTIFIER 00258 * FieldTypes FIELD-ID ::= { 00259 * { Prime-p IDENTIFIED BY prime-field } | 00260 * { Characteristic-two IDENTIFIED BY characteristic-two-field } 00261 * } 00262 * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 } 00263 */ 00264 if( ( ret = mbedtls_asn1_get_tag( &p, end_field, &len, MBEDTLS_ASN1_OID ) ) != 0 ) 00265 return( ret ); 00266 00267 if( len != MBEDTLS_OID_SIZE( MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD ) || 00268 memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 ) 00269 { 00270 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); 00271 } 00272 00273 p += len; 00274 00275 /* Prime-p ::= INTEGER -- Field of size p. */ 00276 if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 ) 00277 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00278 00279 grp->pbits = mbedtls_mpi_bitlen( &grp->P ); 00280 00281 if( p != end_field ) 00282 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 00283 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00284 00285 /* 00286 * Curve ::= SEQUENCE { 00287 * a FieldElement, 00288 * b FieldElement, 00289 * seed BIT STRING OPTIONAL 00290 * -- Shall be present if used in SpecifiedECDomain 00291 * -- with version equal to ecdpVer2 or ecdpVer3 00292 * } 00293 */ 00294 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00295 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00296 return( ret ); 00297 00298 end_curve = p + len; 00299 00300 /* 00301 * FieldElement ::= OCTET STRING 00302 * containing an integer in the case of a prime field 00303 */ 00304 if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 || 00305 ( ret = mbedtls_mpi_read_binary( &grp->A , p, len ) ) != 0 ) 00306 { 00307 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00308 } 00309 00310 p += len; 00311 00312 if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 || 00313 ( ret = mbedtls_mpi_read_binary( &grp->B , p, len ) ) != 0 ) 00314 { 00315 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00316 } 00317 00318 p += len; 00319 00320 /* Ignore seed BIT STRING OPTIONAL */ 00321 if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING ) ) == 0 ) 00322 p += len; 00323 00324 if( p != end_curve ) 00325 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 00326 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00327 00328 /* 00329 * ECPoint ::= OCTET STRING 00330 */ 00331 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) 00332 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00333 00334 if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G , 00335 ( const unsigned char *) p, len ) ) != 0 ) 00336 { 00337 /* 00338 * If we can't read the point because it's compressed, cheat by 00339 * reading only the X coordinate and the parity bit of Y. 00340 */ 00341 if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE || 00342 ( p[0] != 0x02 && p[0] != 0x03 ) || 00343 len != mbedtls_mpi_size( &grp->P ) + 1 || 00344 mbedtls_mpi_read_binary( &grp->G .X , p + 1, len - 1 ) != 0 || 00345 mbedtls_mpi_lset( &grp->G .Y , p[0] - 2 ) != 0 || 00346 mbedtls_mpi_lset( &grp->G .Z , 1 ) != 0 ) 00347 { 00348 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 00349 } 00350 } 00351 00352 p += len; 00353 00354 /* 00355 * order INTEGER 00356 */ 00357 if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 ) 00358 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00359 00360 grp->nbits = mbedtls_mpi_bitlen( &grp->N ); 00361 00362 /* 00363 * Allow optional elements by purposefully not enforcing p == end here. 00364 */ 00365 00366 return( 0 ); 00367 } 00368 00369 /* 00370 * Find the group id associated with an (almost filled) group as generated by 00371 * pk_group_from_specified(), or return an error if unknown. 00372 */ 00373 static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id ) 00374 { 00375 int ret = 0; 00376 mbedtls_ecp_group ref; 00377 const mbedtls_ecp_group_id *id; 00378 00379 mbedtls_ecp_group_init( &ref ); 00380 00381 for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ ) 00382 { 00383 /* Load the group associated to that id */ 00384 mbedtls_ecp_group_free( &ref ); 00385 MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ref, *id ) ); 00386 00387 /* Compare to the group we were given, starting with easy tests */ 00388 if( grp->pbits == ref.pbits && grp->nbits == ref.nbits && 00389 mbedtls_mpi_cmp_mpi( &grp->P , &ref.P ) == 0 && 00390 mbedtls_mpi_cmp_mpi( &grp->A , &ref.A ) == 0 && 00391 mbedtls_mpi_cmp_mpi( &grp->B , &ref.B ) == 0 && 00392 mbedtls_mpi_cmp_mpi( &grp->N , &ref.N ) == 0 && 00393 mbedtls_mpi_cmp_mpi( &grp->G .X , &ref.G .X ) == 0 && 00394 mbedtls_mpi_cmp_mpi( &grp->G .Z , &ref.G .Z ) == 0 && 00395 /* For Y we may only know the parity bit, so compare only that */ 00396 mbedtls_mpi_get_bit( &grp->G .Y , 0 ) == mbedtls_mpi_get_bit( &ref.G .Y , 0 ) ) 00397 { 00398 break; 00399 } 00400 00401 } 00402 00403 cleanup: 00404 mbedtls_ecp_group_free( &ref ); 00405 00406 *grp_id = *id; 00407 00408 if( ret == 0 && *id == MBEDTLS_ECP_DP_NONE ) 00409 ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; 00410 00411 return( ret ); 00412 } 00413 00414 /* 00415 * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID 00416 */ 00417 static int pk_group_id_from_specified( const mbedtls_asn1_buf *params, 00418 mbedtls_ecp_group_id *grp_id ) 00419 { 00420 int ret; 00421 mbedtls_ecp_group grp; 00422 00423 mbedtls_ecp_group_init( &grp ); 00424 00425 if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 ) 00426 goto cleanup; 00427 00428 ret = pk_group_id_from_group( &grp, grp_id ); 00429 00430 cleanup: 00431 mbedtls_ecp_group_free( &grp ); 00432 00433 return( ret ); 00434 } 00435 #endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */ 00436 00437 /* 00438 * Use EC parameters to initialise an EC group 00439 * 00440 * ECParameters ::= CHOICE { 00441 * namedCurve OBJECT IDENTIFIER 00442 * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... } 00443 * -- implicitCurve NULL 00444 */ 00445 static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp ) 00446 { 00447 int ret; 00448 mbedtls_ecp_group_id grp_id; 00449 00450 if( params->tag == MBEDTLS_ASN1_OID ) 00451 { 00452 if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 ) 00453 return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE ); 00454 } 00455 else 00456 { 00457 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) 00458 if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 ) 00459 return( ret ); 00460 #else 00461 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 00462 #endif 00463 } 00464 00465 /* 00466 * grp may already be initilialized; if so, make sure IDs match 00467 */ 00468 if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id ) 00469 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 00470 00471 if( ( ret = mbedtls_ecp_group_load( grp, grp_id ) ) != 0 ) 00472 return( ret ); 00473 00474 return( 0 ); 00475 } 00476 00477 /* 00478 * EC public key is an EC point 00479 * 00480 * The caller is responsible for clearing the structure upon failure if 00481 * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE 00482 * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state. 00483 */ 00484 static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end, 00485 mbedtls_ecp_keypair *key ) 00486 { 00487 int ret; 00488 00489 if( ( ret = mbedtls_ecp_point_read_binary( &key->grp , &key->Q , 00490 (const unsigned char *) *p, end - *p ) ) == 0 ) 00491 { 00492 ret = mbedtls_ecp_check_pubkey( &key->grp , &key->Q ); 00493 } 00494 00495 /* 00496 * We know mbedtls_ecp_point_read_binary consumed all bytes or failed 00497 */ 00498 *p = (unsigned char *) end; 00499 00500 return( ret ); 00501 } 00502 #endif /* MBEDTLS_ECP_C */ 00503 00504 #if defined(MBEDTLS_RSA_C) 00505 /* 00506 * RSAPublicKey ::= SEQUENCE { 00507 * modulus INTEGER, -- n 00508 * publicExponent INTEGER -- e 00509 * } 00510 */ 00511 static int pk_get_rsapubkey( unsigned char **p, 00512 const unsigned char *end, 00513 mbedtls_rsa_context *rsa ) 00514 { 00515 int ret; 00516 size_t len; 00517 00518 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 00519 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00520 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); 00521 00522 if( *p + len != end ) 00523 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + 00524 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00525 00526 /* Import N */ 00527 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) 00528 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); 00529 00530 if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0, 00531 NULL, 0, NULL, 0 ) ) != 0 ) 00532 return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); 00533 00534 *p += len; 00535 00536 /* Import E */ 00537 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) 00538 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); 00539 00540 if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0, 00541 NULL, 0, *p, len ) ) != 0 ) 00542 return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); 00543 00544 *p += len; 00545 00546 if( mbedtls_rsa_complete( rsa ) != 0 || 00547 mbedtls_rsa_check_pubkey( rsa ) != 0 ) 00548 { 00549 return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); 00550 } 00551 00552 if( *p != end ) 00553 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + 00554 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00555 00556 return( 0 ); 00557 } 00558 #endif /* MBEDTLS_RSA_C */ 00559 00560 /* Get a PK algorithm identifier 00561 * 00562 * AlgorithmIdentifier ::= SEQUENCE { 00563 * algorithm OBJECT IDENTIFIER, 00564 * parameters ANY DEFINED BY algorithm OPTIONAL } 00565 */ 00566 static int pk_get_pk_alg( unsigned char **p, 00567 const unsigned char *end, 00568 mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params ) 00569 { 00570 int ret; 00571 mbedtls_asn1_buf alg_oid; 00572 00573 memset( params, 0, sizeof(mbedtls_asn1_buf) ); 00574 00575 if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 ) 00576 return( MBEDTLS_ERR_PK_INVALID_ALG + ret ); 00577 00578 if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 ) 00579 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); 00580 00581 /* 00582 * No parameters with RSA (only for EC) 00583 */ 00584 if( *pk_alg == MBEDTLS_PK_RSA && 00585 ( ( params->tag != MBEDTLS_ASN1_NULL && params->tag != 0 ) || 00586 params->len != 0 ) ) 00587 { 00588 return( MBEDTLS_ERR_PK_INVALID_ALG ); 00589 } 00590 00591 return( 0 ); 00592 } 00593 00594 /* 00595 * SubjectPublicKeyInfo ::= SEQUENCE { 00596 * algorithm AlgorithmIdentifier, 00597 * subjectPublicKey BIT STRING } 00598 */ 00599 int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, 00600 mbedtls_pk_context *pk ) 00601 { 00602 int ret; 00603 size_t len; 00604 mbedtls_asn1_buf alg_params; 00605 mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; 00606 const mbedtls_pk_info_t *pk_info; 00607 00608 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 00609 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00610 { 00611 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00612 } 00613 00614 end = *p + len; 00615 00616 if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 ) 00617 return( ret ); 00618 00619 if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 ) 00620 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); 00621 00622 if( *p + len != end ) 00623 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + 00624 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00625 00626 if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL ) 00627 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); 00628 00629 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ) 00630 return( ret ); 00631 00632 #if defined(MBEDTLS_RSA_C) 00633 if( pk_alg == MBEDTLS_PK_RSA ) 00634 { 00635 ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) ); 00636 } else 00637 #endif /* MBEDTLS_RSA_C */ 00638 #if defined(MBEDTLS_ECP_C) 00639 if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY ) 00640 { 00641 ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp ); 00642 if( ret == 0 ) 00643 ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) ); 00644 } else 00645 #endif /* MBEDTLS_ECP_C */ 00646 ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; 00647 00648 if( ret == 0 && *p != end ) 00649 ret = MBEDTLS_ERR_PK_INVALID_PUBKEY 00650 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; 00651 00652 if( ret != 0 ) 00653 mbedtls_pk_free( pk ); 00654 00655 return( ret ); 00656 } 00657 00658 #if defined(MBEDTLS_RSA_C) 00659 /* 00660 * Parse a PKCS#1 encoded private RSA key 00661 */ 00662 static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, 00663 const unsigned char *key, 00664 size_t keylen ) 00665 { 00666 int ret, version; 00667 size_t len; 00668 unsigned char *p, *end; 00669 00670 mbedtls_mpi T; 00671 mbedtls_mpi_init( &T ); 00672 00673 p = (unsigned char *) key; 00674 end = p + keylen; 00675 00676 /* 00677 * This function parses the RSAPrivateKey (PKCS#1) 00678 * 00679 * RSAPrivateKey ::= SEQUENCE { 00680 * version Version, 00681 * modulus INTEGER, -- n 00682 * publicExponent INTEGER, -- e 00683 * privateExponent INTEGER, -- d 00684 * prime1 INTEGER, -- p 00685 * prime2 INTEGER, -- q 00686 * exponent1 INTEGER, -- d mod (p-1) 00687 * exponent2 INTEGER, -- d mod (q-1) 00688 * coefficient INTEGER, -- (inverse of q) mod p 00689 * otherPrimeInfos OtherPrimeInfos OPTIONAL 00690 * } 00691 */ 00692 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00693 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00694 { 00695 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00696 } 00697 00698 end = p + len; 00699 00700 if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) 00701 { 00702 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00703 } 00704 00705 if( version != 0 ) 00706 { 00707 return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); 00708 } 00709 00710 /* Import N */ 00711 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00712 MBEDTLS_ASN1_INTEGER ) ) != 0 || 00713 ( ret = mbedtls_rsa_import_raw( rsa, p, len, NULL, 0, NULL, 0, 00714 NULL, 0, NULL, 0 ) ) != 0 ) 00715 goto cleanup; 00716 p += len; 00717 00718 /* Import E */ 00719 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00720 MBEDTLS_ASN1_INTEGER ) ) != 0 || 00721 ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0, 00722 NULL, 0, p, len ) ) != 0 ) 00723 goto cleanup; 00724 p += len; 00725 00726 /* Import D */ 00727 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00728 MBEDTLS_ASN1_INTEGER ) ) != 0 || 00729 ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0, 00730 p, len, NULL, 0 ) ) != 0 ) 00731 goto cleanup; 00732 p += len; 00733 00734 /* Import P */ 00735 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00736 MBEDTLS_ASN1_INTEGER ) ) != 0 || 00737 ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, p, len, NULL, 0, 00738 NULL, 0, NULL, 0 ) ) != 0 ) 00739 goto cleanup; 00740 p += len; 00741 00742 /* Import Q */ 00743 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00744 MBEDTLS_ASN1_INTEGER ) ) != 0 || 00745 ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, p, len, 00746 NULL, 0, NULL, 0 ) ) != 0 ) 00747 goto cleanup; 00748 p += len; 00749 00750 /* Complete the RSA private key */ 00751 if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 ) 00752 goto cleanup; 00753 00754 /* Check optional parameters */ 00755 if( ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 || 00756 ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 || 00757 ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ) 00758 goto cleanup; 00759 00760 if( p != end ) 00761 { 00762 ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 00763 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ; 00764 } 00765 00766 cleanup: 00767 00768 mbedtls_mpi_free( &T ); 00769 00770 if( ret != 0 ) 00771 { 00772 /* Wrap error code if it's coming from a lower level */ 00773 if( ( ret & 0xff80 ) == 0 ) 00774 ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret; 00775 else 00776 ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; 00777 00778 mbedtls_rsa_free( rsa ); 00779 } 00780 00781 return( ret ); 00782 } 00783 #endif /* MBEDTLS_RSA_C */ 00784 00785 #if defined(MBEDTLS_ECP_C) 00786 /* 00787 * Parse a SEC1 encoded private EC key 00788 */ 00789 static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, 00790 const unsigned char *key, 00791 size_t keylen ) 00792 { 00793 int ret; 00794 int version, pubkey_done; 00795 size_t len; 00796 mbedtls_asn1_buf params; 00797 unsigned char *p = (unsigned char *) key; 00798 unsigned char *end = p + keylen; 00799 unsigned char *end2; 00800 00801 /* 00802 * RFC 5915, or SEC1 Appendix C.4 00803 * 00804 * ECPrivateKey ::= SEQUENCE { 00805 * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), 00806 * privateKey OCTET STRING, 00807 * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, 00808 * publicKey [1] BIT STRING OPTIONAL 00809 * } 00810 */ 00811 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00812 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00813 { 00814 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00815 } 00816 00817 end = p + len; 00818 00819 if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) 00820 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00821 00822 if( version != 1 ) 00823 return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); 00824 00825 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) 00826 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00827 00828 if( ( ret = mbedtls_mpi_read_binary( &eck->d , p, len ) ) != 0 ) 00829 { 00830 mbedtls_ecp_keypair_free( eck ); 00831 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00832 } 00833 00834 p += len; 00835 00836 pubkey_done = 0; 00837 if( p != end ) 00838 { 00839 /* 00840 * Is 'parameters' present? 00841 */ 00842 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00843 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 ) 00844 { 00845 if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 || 00846 ( ret = pk_use_ecparams( ¶ms, &eck->grp ) ) != 0 ) 00847 { 00848 mbedtls_ecp_keypair_free( eck ); 00849 return( ret ); 00850 } 00851 } 00852 else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 00853 { 00854 mbedtls_ecp_keypair_free( eck ); 00855 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00856 } 00857 } 00858 00859 if( p != end ) 00860 { 00861 /* 00862 * Is 'publickey' present? If not, or if we can't read it (eg because it 00863 * is compressed), create it from the private key. 00864 */ 00865 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00866 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 ) 00867 { 00868 end2 = p + len; 00869 00870 if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 ) 00871 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00872 00873 if( p + len != end2 ) 00874 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 00875 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00876 00877 if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 ) 00878 pubkey_done = 1; 00879 else 00880 { 00881 /* 00882 * The only acceptable failure mode of pk_get_ecpubkey() above 00883 * is if the point format is not recognized. 00884 */ 00885 if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ) 00886 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 00887 } 00888 } 00889 else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 00890 { 00891 mbedtls_ecp_keypair_free( eck ); 00892 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00893 } 00894 } 00895 00896 if( ! pubkey_done && 00897 ( ret = mbedtls_ecp_mul( &eck->grp , &eck->Q , &eck->d , &eck->grp .G , 00898 NULL, NULL ) ) != 0 ) 00899 { 00900 mbedtls_ecp_keypair_free( eck ); 00901 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00902 } 00903 00904 if( ( ret = mbedtls_ecp_check_privkey( &eck->grp , &eck->d ) ) != 0 ) 00905 { 00906 mbedtls_ecp_keypair_free( eck ); 00907 return( ret ); 00908 } 00909 00910 return( 0 ); 00911 } 00912 #endif /* MBEDTLS_ECP_C */ 00913 00914 /* 00915 * Parse an unencrypted PKCS#8 encoded private key 00916 * 00917 * Notes: 00918 * 00919 * - This function does not own the key buffer. It is the 00920 * responsibility of the caller to take care of zeroizing 00921 * and freeing it after use. 00922 * 00923 * - The function is responsible for freeing the provided 00924 * PK context on failure. 00925 * 00926 */ 00927 static int pk_parse_key_pkcs8_unencrypted_der( 00928 mbedtls_pk_context *pk, 00929 const unsigned char* key, 00930 size_t keylen ) 00931 { 00932 int ret, version; 00933 size_t len; 00934 mbedtls_asn1_buf params; 00935 unsigned char *p = (unsigned char *) key; 00936 unsigned char *end = p + keylen; 00937 mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; 00938 const mbedtls_pk_info_t *pk_info; 00939 00940 /* 00941 * This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208) 00942 * 00943 * PrivateKeyInfo ::= SEQUENCE { 00944 * version Version, 00945 * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, 00946 * privateKey PrivateKey, 00947 * attributes [0] IMPLICIT Attributes OPTIONAL } 00948 * 00949 * Version ::= INTEGER 00950 * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier 00951 * PrivateKey ::= OCTET STRING 00952 * 00953 * The PrivateKey OCTET STRING is a SEC1 ECPrivateKey 00954 */ 00955 00956 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00957 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00958 { 00959 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00960 } 00961 00962 end = p + len; 00963 00964 if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) 00965 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00966 00967 if( version != 0 ) 00968 return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret ); 00969 00970 if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 ) 00971 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00972 00973 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) 00974 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00975 00976 if( len < 1 ) 00977 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 00978 MBEDTLS_ERR_ASN1_OUT_OF_DATA ); 00979 00980 if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL ) 00981 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); 00982 00983 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ) 00984 return( ret ); 00985 00986 #if defined(MBEDTLS_RSA_C) 00987 if( pk_alg == MBEDTLS_PK_RSA ) 00988 { 00989 if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 ) 00990 { 00991 mbedtls_pk_free( pk ); 00992 return( ret ); 00993 } 00994 } else 00995 #endif /* MBEDTLS_RSA_C */ 00996 #if defined(MBEDTLS_ECP_C) 00997 if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH ) 00998 { 00999 if( ( ret = pk_use_ecparams( ¶ms, &mbedtls_pk_ec( *pk )->grp ) ) != 0 || 01000 ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len ) ) != 0 ) 01001 { 01002 mbedtls_pk_free( pk ); 01003 return( ret ); 01004 } 01005 } else 01006 #endif /* MBEDTLS_ECP_C */ 01007 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); 01008 01009 return( 0 ); 01010 } 01011 01012 /* 01013 * Parse an encrypted PKCS#8 encoded private key 01014 * 01015 * To save space, the decryption happens in-place on the given key buffer. 01016 * Also, while this function may modify the keybuffer, it doesn't own it, 01017 * and instead it is the responsibility of the caller to zeroize and properly 01018 * free it after use. 01019 * 01020 */ 01021 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) 01022 static int pk_parse_key_pkcs8_encrypted_der( 01023 mbedtls_pk_context *pk, 01024 unsigned char *key, size_t keylen, 01025 const unsigned char *pwd, size_t pwdlen ) 01026 { 01027 int ret, decrypted = 0; 01028 size_t len; 01029 unsigned char *buf; 01030 unsigned char *p, *end; 01031 mbedtls_asn1_buf pbe_alg_oid, pbe_params; 01032 #if defined(MBEDTLS_PKCS12_C) 01033 mbedtls_cipher_type_t cipher_alg; 01034 mbedtls_md_type_t md_alg; 01035 #endif 01036 01037 p = key; 01038 end = p + keylen; 01039 01040 if( pwdlen == 0 ) 01041 return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); 01042 01043 /* 01044 * This function parses the EncryptedPrivateKeyInfo object (PKCS#8) 01045 * 01046 * EncryptedPrivateKeyInfo ::= SEQUENCE { 01047 * encryptionAlgorithm EncryptionAlgorithmIdentifier, 01048 * encryptedData EncryptedData 01049 * } 01050 * 01051 * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier 01052 * 01053 * EncryptedData ::= OCTET STRING 01054 * 01055 * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo 01056 * 01057 */ 01058 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 01059 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 01060 { 01061 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 01062 } 01063 01064 end = p + len; 01065 01066 if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 ) 01067 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 01068 01069 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) 01070 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 01071 01072 buf = p; 01073 01074 /* 01075 * Decrypt EncryptedData with appropriate PBE 01076 */ 01077 #if defined(MBEDTLS_PKCS12_C) 01078 if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 ) 01079 { 01080 if( ( ret = mbedtls_pkcs12_pbe( &pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, 01081 cipher_alg, md_alg, 01082 pwd, pwdlen, p, len, buf ) ) != 0 ) 01083 { 01084 if( ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH ) 01085 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); 01086 01087 return( ret ); 01088 } 01089 01090 decrypted = 1; 01091 } 01092 else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 ) 01093 { 01094 if( ( ret = mbedtls_pkcs12_pbe_sha1_rc4_128( &pbe_params, 01095 MBEDTLS_PKCS12_PBE_DECRYPT, 01096 pwd, pwdlen, 01097 p, len, buf ) ) != 0 ) 01098 { 01099 return( ret ); 01100 } 01101 01102 // Best guess for password mismatch when using RC4. If first tag is 01103 // not MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE 01104 // 01105 if( *buf != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) 01106 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); 01107 01108 decrypted = 1; 01109 } 01110 else 01111 #endif /* MBEDTLS_PKCS12_C */ 01112 #if defined(MBEDTLS_PKCS5_C) 01113 if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid ) == 0 ) 01114 { 01115 if( ( ret = mbedtls_pkcs5_pbes2( &pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen, 01116 p, len, buf ) ) != 0 ) 01117 { 01118 if( ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH ) 01119 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); 01120 01121 return( ret ); 01122 } 01123 01124 decrypted = 1; 01125 } 01126 else 01127 #endif /* MBEDTLS_PKCS5_C */ 01128 { 01129 ((void) pwd); 01130 } 01131 01132 if( decrypted == 0 ) 01133 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); 01134 01135 return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) ); 01136 } 01137 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ 01138 01139 /* 01140 * Parse a private key 01141 */ 01142 int mbedtls_pk_parse_key( mbedtls_pk_context *pk, 01143 const unsigned char *key, size_t keylen, 01144 const unsigned char *pwd, size_t pwdlen ) 01145 { 01146 int ret; 01147 const mbedtls_pk_info_t *pk_info; 01148 01149 #if defined(MBEDTLS_PEM_PARSE_C) 01150 size_t len; 01151 mbedtls_pem_context pem; 01152 01153 mbedtls_pem_init( &pem ); 01154 01155 #if defined(MBEDTLS_RSA_C) 01156 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 01157 if( keylen == 0 || key[keylen - 1] != '\0' ) 01158 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; 01159 else 01160 ret = mbedtls_pem_read_buffer( &pem, 01161 "-----BEGIN RSA PRIVATE KEY-----", 01162 "-----END RSA PRIVATE KEY-----", 01163 key, pwd, pwdlen, &len ); 01164 01165 if( ret == 0 ) 01166 { 01167 pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ); 01168 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || 01169 ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), 01170 pem.buf , pem.buflen ) ) != 0 ) 01171 { 01172 mbedtls_pk_free( pk ); 01173 } 01174 01175 mbedtls_pem_free( &pem ); 01176 return( ret ); 01177 } 01178 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ) 01179 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); 01180 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ) 01181 return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); 01182 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 01183 return( ret ); 01184 #endif /* MBEDTLS_RSA_C */ 01185 01186 #if defined(MBEDTLS_ECP_C) 01187 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 01188 if( keylen == 0 || key[keylen - 1] != '\0' ) 01189 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; 01190 else 01191 ret = mbedtls_pem_read_buffer( &pem, 01192 "-----BEGIN EC PRIVATE KEY-----", 01193 "-----END EC PRIVATE KEY-----", 01194 key, pwd, pwdlen, &len ); 01195 if( ret == 0 ) 01196 { 01197 pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ); 01198 01199 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || 01200 ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), 01201 pem.buf , pem.buflen ) ) != 0 ) 01202 { 01203 mbedtls_pk_free( pk ); 01204 } 01205 01206 mbedtls_pem_free( &pem ); 01207 return( ret ); 01208 } 01209 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ) 01210 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); 01211 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ) 01212 return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); 01213 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 01214 return( ret ); 01215 #endif /* MBEDTLS_ECP_C */ 01216 01217 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 01218 if( keylen == 0 || key[keylen - 1] != '\0' ) 01219 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; 01220 else 01221 ret = mbedtls_pem_read_buffer( &pem, 01222 "-----BEGIN PRIVATE KEY-----", 01223 "-----END PRIVATE KEY-----", 01224 key, NULL, 0, &len ); 01225 if( ret == 0 ) 01226 { 01227 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, 01228 pem.buf , pem.buflen ) ) != 0 ) 01229 { 01230 mbedtls_pk_free( pk ); 01231 } 01232 01233 mbedtls_pem_free( &pem ); 01234 return( ret ); 01235 } 01236 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 01237 return( ret ); 01238 01239 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) 01240 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 01241 if( keylen == 0 || key[keylen - 1] != '\0' ) 01242 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; 01243 else 01244 ret = mbedtls_pem_read_buffer( &pem, 01245 "-----BEGIN ENCRYPTED PRIVATE KEY-----", 01246 "-----END ENCRYPTED PRIVATE KEY-----", 01247 key, NULL, 0, &len ); 01248 if( ret == 0 ) 01249 { 01250 if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, 01251 pem.buf , pem.buflen , 01252 pwd, pwdlen ) ) != 0 ) 01253 { 01254 mbedtls_pk_free( pk ); 01255 } 01256 01257 mbedtls_pem_free( &pem ); 01258 return( ret ); 01259 } 01260 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 01261 return( ret ); 01262 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ 01263 #else 01264 ((void) ret); 01265 ((void) pwd); 01266 ((void) pwdlen); 01267 #endif /* MBEDTLS_PEM_PARSE_C */ 01268 01269 /* 01270 * At this point we only know it's not a PEM formatted key. Could be any 01271 * of the known DER encoded private key formats 01272 * 01273 * We try the different DER format parsers to see if one passes without 01274 * error 01275 */ 01276 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) 01277 { 01278 unsigned char *key_copy; 01279 01280 if( keylen == 0 ) 01281 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 01282 01283 if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL ) 01284 return( MBEDTLS_ERR_PK_ALLOC_FAILED ); 01285 01286 memcpy( key_copy, key, keylen ); 01287 01288 ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen, 01289 pwd, pwdlen ); 01290 01291 mbedtls_platform_zeroize( key_copy, keylen ); 01292 mbedtls_free( key_copy ); 01293 } 01294 01295 if( ret == 0 ) 01296 return( 0 ); 01297 01298 mbedtls_pk_free( pk ); 01299 01300 if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH ) 01301 { 01302 return( ret ); 01303 } 01304 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ 01305 01306 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 ) 01307 return( 0 ); 01308 01309 mbedtls_pk_free( pk ); 01310 01311 #if defined(MBEDTLS_RSA_C) 01312 01313 pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ); 01314 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || 01315 ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), 01316 key, keylen ) ) != 0 ) 01317 { 01318 mbedtls_pk_free( pk ); 01319 } 01320 else 01321 { 01322 return( 0 ); 01323 } 01324 01325 #endif /* MBEDTLS_RSA_C */ 01326 01327 #if defined(MBEDTLS_ECP_C) 01328 01329 pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ); 01330 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || 01331 ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), 01332 key, keylen ) ) != 0 ) 01333 { 01334 mbedtls_pk_free( pk ); 01335 } 01336 else 01337 { 01338 return( 0 ); 01339 } 01340 01341 #endif /* MBEDTLS_ECP_C */ 01342 01343 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 01344 } 01345 01346 /* 01347 * Parse a public key 01348 */ 01349 int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, 01350 const unsigned char *key, size_t keylen ) 01351 { 01352 int ret; 01353 unsigned char *p; 01354 #if defined(MBEDTLS_RSA_C) 01355 const mbedtls_pk_info_t *pk_info; 01356 #endif 01357 #if defined(MBEDTLS_PEM_PARSE_C) 01358 size_t len; 01359 mbedtls_pem_context pem; 01360 01361 mbedtls_pem_init( &pem ); 01362 #if defined(MBEDTLS_RSA_C) 01363 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 01364 if( keylen == 0 || key[keylen - 1] != '\0' ) 01365 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; 01366 else 01367 ret = mbedtls_pem_read_buffer( &pem, 01368 "-----BEGIN RSA PUBLIC KEY-----", 01369 "-----END RSA PUBLIC KEY-----", 01370 key, NULL, 0, &len ); 01371 01372 if( ret == 0 ) 01373 { 01374 p = pem.buf ; 01375 if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) 01376 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); 01377 01378 if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) 01379 return( ret ); 01380 01381 if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen , mbedtls_pk_rsa( *ctx ) ) ) != 0 ) 01382 mbedtls_pk_free( ctx ); 01383 01384 mbedtls_pem_free( &pem ); 01385 return( ret ); 01386 } 01387 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 01388 { 01389 mbedtls_pem_free( &pem ); 01390 return( ret ); 01391 } 01392 #endif /* MBEDTLS_RSA_C */ 01393 01394 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 01395 if( keylen == 0 || key[keylen - 1] != '\0' ) 01396 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; 01397 else 01398 ret = mbedtls_pem_read_buffer( &pem, 01399 "-----BEGIN PUBLIC KEY-----", 01400 "-----END PUBLIC KEY-----", 01401 key, NULL, 0, &len ); 01402 01403 if( ret == 0 ) 01404 { 01405 /* 01406 * Was PEM encoded 01407 */ 01408 p = pem.buf ; 01409 01410 ret = mbedtls_pk_parse_subpubkey( &p, p + pem.buflen , ctx ); 01411 mbedtls_pem_free( &pem ); 01412 return( ret ); 01413 } 01414 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 01415 { 01416 mbedtls_pem_free( &pem ); 01417 return( ret ); 01418 } 01419 mbedtls_pem_free( &pem ); 01420 #endif /* MBEDTLS_PEM_PARSE_C */ 01421 01422 #if defined(MBEDTLS_RSA_C) 01423 if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) 01424 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); 01425 01426 if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) 01427 return( ret ); 01428 01429 p = (unsigned char *)key; 01430 ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) ); 01431 if( ret == 0 ) 01432 { 01433 return( ret ); 01434 } 01435 mbedtls_pk_free( ctx ); 01436 if( ret != ( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) 01437 { 01438 return( ret ); 01439 } 01440 #endif /* MBEDTLS_RSA_C */ 01441 p = (unsigned char *) key; 01442 01443 ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx ); 01444 01445 return( ret ); 01446 } 01447 01448 #endif /* MBEDTLS_PK_PARSE_C */
Generated on Tue Jul 12 2022 12:45:41 by
1.7.2