Knight KE / Mbed OS Game_Master
Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers pkparse.c Source File

pkparse.c

00001 /*
00002  *  Public Key layer for parsing key files and structures
00003  *
00004  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
00005  *  SPDX-License-Identifier: Apache-2.0
00006  *
00007  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
00008  *  not use this file except in compliance with the License.
00009  *  You may obtain a copy of the License at
00010  *
00011  *  http://www.apache.org/licenses/LICENSE-2.0
00012  *
00013  *  Unless required by applicable law or agreed to in writing, software
00014  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
00015  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00016  *  See the License for the specific language governing permissions and
00017  *  limitations under the License.
00018  *
00019  *  This file is part of mbed TLS (https://tls.mbed.org)
00020  */
00021 
00022 #if !defined(MBEDTLS_CONFIG_FILE)
00023 #include "mbedtls/config.h"
00024 #else
00025 #include MBEDTLS_CONFIG_FILE
00026 #endif
00027 
00028 #if defined(MBEDTLS_PK_PARSE_C)
00029 
00030 #include "mbedtls/pk.h"
00031 #include "mbedtls/asn1.h"
00032 #include "mbedtls/oid.h"
00033 #include "mbedtls/platform_util.h"
00034 
00035 #include <string.h>
00036 
00037 #if defined(MBEDTLS_RSA_C)
00038 #include "mbedtls/rsa.h"
00039 #endif
00040 #if defined(MBEDTLS_ECP_C)
00041 #include "mbedtls/ecp.h"
00042 #endif
00043 #if defined(MBEDTLS_ECDSA_C)
00044 #include "mbedtls/ecdsa.h"
00045 #endif
00046 #if defined(MBEDTLS_PEM_PARSE_C)
00047 #include "mbedtls/pem.h"
00048 #endif
00049 #if defined(MBEDTLS_PKCS5_C)
00050 #include "mbedtls/pkcs5.h"
00051 #endif
00052 #if defined(MBEDTLS_PKCS12_C)
00053 #include "mbedtls/pkcs12.h"
00054 #endif
00055 
00056 #if defined(MBEDTLS_PLATFORM_C)
00057 #include "mbedtls/platform.h"
00058 #else
00059 #include <stdlib.h>
00060 #define mbedtls_calloc    calloc
00061 #define mbedtls_free       free
00062 #endif
00063 
00064 #if defined(MBEDTLS_FS_IO)
00065 /*
00066  * Load all data from a file into a given buffer.
00067  *
00068  * The file is expected to contain either PEM or DER encoded data.
00069  * A terminating null byte is always appended. It is included in the announced
00070  * length only if the data looks like it is PEM encoded.
00071  */
00072 int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
00073 {
00074     FILE *f;
00075     long size;
00076 
00077     if( ( f = fopen( path, "rb" ) ) == NULL )
00078         return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
00079 
00080     fseek( f, 0, SEEK_END );
00081     if( ( size = ftell( f ) ) == -1 )
00082     {
00083         fclose( f );
00084         return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
00085     }
00086     fseek( f, 0, SEEK_SET );
00087 
00088     *n = (size_t) size;
00089 
00090     if( *n + 1 == 0 ||
00091         ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
00092     {
00093         fclose( f );
00094         return( MBEDTLS_ERR_PK_ALLOC_FAILED );
00095     }
00096 
00097     if( fread( *buf, 1, *n, f ) != *n )
00098     {
00099         fclose( f );
00100 
00101         mbedtls_platform_zeroize( *buf, *n );
00102         mbedtls_free( *buf );
00103 
00104         return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
00105     }
00106 
00107     fclose( f );
00108 
00109     (*buf)[*n] = '\0';
00110 
00111     if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
00112         ++*n;
00113 
00114     return( 0 );
00115 }
00116 
00117 /*
00118  * Load and parse a private key
00119  */
00120 int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
00121                       const char *path, const char *pwd )
00122 {
00123     int ret;
00124     size_t n;
00125     unsigned char *buf;
00126 
00127     if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
00128         return( ret );
00129 
00130     if( pwd == NULL )
00131         ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 );
00132     else
00133         ret = mbedtls_pk_parse_key( ctx, buf, n,
00134                 (const unsigned char *) pwd, strlen( pwd ) );
00135 
00136     mbedtls_platform_zeroize( buf, n );
00137     mbedtls_free( buf );
00138 
00139     return( ret );
00140 }
00141 
00142 /*
00143  * Load and parse a public key
00144  */
00145 int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
00146 {
00147     int ret;
00148     size_t n;
00149     unsigned char *buf;
00150 
00151     if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
00152         return( ret );
00153 
00154     ret = mbedtls_pk_parse_public_key( ctx, buf, n );
00155 
00156     mbedtls_platform_zeroize( buf, n );
00157     mbedtls_free( buf );
00158 
00159     return( ret );
00160 }
00161 #endif /* MBEDTLS_FS_IO */
00162 
00163 #if defined(MBEDTLS_ECP_C)
00164 /* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf
00165  *
00166  * ECParameters ::= CHOICE {
00167  *   namedCurve         OBJECT IDENTIFIER
00168  *   specifiedCurve     SpecifiedECDomain -- = SEQUENCE { ... }
00169  *   -- implicitCurve   NULL
00170  * }
00171  */
00172 static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
00173                             mbedtls_asn1_buf *params )
00174 {
00175     int ret;
00176 
00177     if ( end - *p < 1 )
00178         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
00179                 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
00180 
00181     /* Tag may be either OID or SEQUENCE */
00182     params->tag = **p;
00183     if( params->tag != MBEDTLS_ASN1_OID
00184 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
00185             && params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE )
00186 #endif
00187             )
00188     {
00189         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
00190                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
00191     }
00192 
00193     if( ( ret = mbedtls_asn1_get_tag( p, end, &params->len, params->tag ) ) != 0 )
00194     {
00195         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
00196     }
00197 
00198     params->p = *p;
00199     *p += params->len;
00200 
00201     if( *p != end )
00202         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
00203                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
00204 
00205     return( 0 );
00206 }
00207 
00208 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
00209 /*
00210  * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it.
00211  * WARNING: the resulting group should only be used with
00212  * pk_group_id_from_specified(), since its base point may not be set correctly
00213  * if it was encoded compressed.
00214  *
00215  *  SpecifiedECDomain ::= SEQUENCE {
00216  *      version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...),
00217  *      fieldID FieldID {{FieldTypes}},
00218  *      curve Curve,
00219  *      base ECPoint,
00220  *      order INTEGER,
00221  *      cofactor INTEGER OPTIONAL,
00222  *      hash HashAlgorithm OPTIONAL,
00223  *      ...
00224  *  }
00225  *
00226  * We only support prime-field as field type, and ignore hash and cofactor.
00227  */
00228 static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
00229 {
00230     int ret;
00231     unsigned char *p = params->p;
00232     const unsigned char * const end = params->p + params->len;
00233     const unsigned char *end_field, *end_curve;
00234     size_t len;
00235     int ver;
00236 
00237     /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */
00238     if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 )
00239         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
00240 
00241     if( ver < 1 || ver > 3 )
00242         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
00243 
00244     /*
00245      * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field
00246      *       fieldType FIELD-ID.&id({IOSet}),
00247      *       parameters FIELD-ID.&Type({IOSet}{@fieldType})
00248      * }
00249      */
00250     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
00251             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
00252         return( ret );
00253 
00254     end_field = p + len;
00255 
00256     /*
00257      * FIELD-ID ::= TYPE-IDENTIFIER
00258      * FieldTypes FIELD-ID ::= {
00259      *       { Prime-p IDENTIFIED BY prime-field } |
00260      *       { Characteristic-two IDENTIFIED BY characteristic-two-field }
00261      * }
00262      * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
00263      */
00264     if( ( ret = mbedtls_asn1_get_tag( &p, end_field, &len, MBEDTLS_ASN1_OID ) ) != 0 )
00265         return( ret );
00266 
00267     if( len != MBEDTLS_OID_SIZE( MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD ) ||
00268         memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
00269     {
00270         return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
00271     }
00272 
00273     p += len;
00274 
00275     /* Prime-p ::= INTEGER -- Field of size p. */
00276     if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P  ) ) != 0 )
00277         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
00278 
00279     grp->pbits  = mbedtls_mpi_bitlen( &grp->P  );
00280 
00281     if( p != end_field )
00282         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
00283                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
00284 
00285     /*
00286      * Curve ::= SEQUENCE {
00287      *       a FieldElement,
00288      *       b FieldElement,
00289      *       seed BIT STRING OPTIONAL
00290      *       -- Shall be present if used in SpecifiedECDomain
00291      *       -- with version equal to ecdpVer2 or ecdpVer3
00292      * }
00293      */
00294     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
00295             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
00296         return( ret );
00297 
00298     end_curve = p + len;
00299 
00300     /*
00301      * FieldElement ::= OCTET STRING
00302      * containing an integer in the case of a prime field
00303      */
00304     if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
00305         ( ret = mbedtls_mpi_read_binary( &grp->A , p, len ) ) != 0 )
00306     {
00307         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
00308     }
00309 
00310     p += len;
00311 
00312     if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
00313         ( ret = mbedtls_mpi_read_binary( &grp->B , p, len ) ) != 0 )
00314     {
00315         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
00316     }
00317 
00318     p += len;
00319 
00320     /* Ignore seed BIT STRING OPTIONAL */
00321     if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING ) ) == 0 )
00322         p += len;
00323 
00324     if( p != end_curve )
00325         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
00326                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
00327 
00328     /*
00329      * ECPoint ::= OCTET STRING
00330      */
00331     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
00332         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
00333 
00334     if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G ,
00335                                       ( const unsigned char *) p, len ) ) != 0 )
00336     {
00337         /*
00338          * If we can't read the point because it's compressed, cheat by
00339          * reading only the X coordinate and the parity bit of Y.
00340          */
00341         if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ||
00342             ( p[0] != 0x02 && p[0] != 0x03 ) ||
00343             len != mbedtls_mpi_size( &grp->P  ) + 1 ||
00344             mbedtls_mpi_read_binary( &grp->G .X , p + 1, len - 1 ) != 0 ||
00345             mbedtls_mpi_lset( &grp->G .Y , p[0] - 2 ) != 0 ||
00346             mbedtls_mpi_lset( &grp->G .Z , 1 ) != 0 )
00347         {
00348             return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
00349         }
00350     }
00351 
00352     p += len;
00353 
00354     /*
00355      * order INTEGER
00356      */
00357     if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N  ) ) != 0 )
00358         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
00359 
00360     grp->nbits  = mbedtls_mpi_bitlen( &grp->N  );
00361 
00362     /*
00363      * Allow optional elements by purposefully not enforcing p == end here.
00364      */
00365 
00366     return( 0 );
00367 }
00368 
00369 /*
00370  * Find the group id associated with an (almost filled) group as generated by
00371  * pk_group_from_specified(), or return an error if unknown.
00372  */
00373 static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id )
00374 {
00375     int ret = 0;
00376     mbedtls_ecp_group ref;
00377     const mbedtls_ecp_group_id *id;
00378 
00379     mbedtls_ecp_group_init( &ref );
00380 
00381     for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ )
00382     {
00383         /* Load the group associated to that id */
00384         mbedtls_ecp_group_free( &ref );
00385         MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ref, *id ) );
00386 
00387         /* Compare to the group we were given, starting with easy tests */
00388         if( grp->pbits  == ref.pbits  && grp->nbits  == ref.nbits  &&
00389             mbedtls_mpi_cmp_mpi( &grp->P , &ref.P  ) == 0 &&
00390             mbedtls_mpi_cmp_mpi( &grp->A , &ref.A  ) == 0 &&
00391             mbedtls_mpi_cmp_mpi( &grp->B , &ref.B  ) == 0 &&
00392             mbedtls_mpi_cmp_mpi( &grp->N , &ref.N  ) == 0 &&
00393             mbedtls_mpi_cmp_mpi( &grp->G .X , &ref.G .X  ) == 0 &&
00394             mbedtls_mpi_cmp_mpi( &grp->G .Z , &ref.G .Z  ) == 0 &&
00395             /* For Y we may only know the parity bit, so compare only that */
00396             mbedtls_mpi_get_bit( &grp->G .Y , 0 ) == mbedtls_mpi_get_bit( &ref.G .Y , 0 ) )
00397         {
00398             break;
00399         }
00400 
00401     }
00402 
00403 cleanup:
00404     mbedtls_ecp_group_free( &ref );
00405 
00406     *grp_id = *id;
00407 
00408     if( ret == 0 && *id == MBEDTLS_ECP_DP_NONE )
00409         ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
00410 
00411     return( ret );
00412 }
00413 
00414 /*
00415  * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID
00416  */
00417 static int pk_group_id_from_specified( const mbedtls_asn1_buf *params,
00418                                        mbedtls_ecp_group_id *grp_id )
00419 {
00420     int ret;
00421     mbedtls_ecp_group grp;
00422 
00423     mbedtls_ecp_group_init( &grp );
00424 
00425     if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 )
00426         goto cleanup;
00427 
00428     ret = pk_group_id_from_group( &grp, grp_id );
00429 
00430 cleanup:
00431     mbedtls_ecp_group_free( &grp );
00432 
00433     return( ret );
00434 }
00435 #endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
00436 
00437 /*
00438  * Use EC parameters to initialise an EC group
00439  *
00440  * ECParameters ::= CHOICE {
00441  *   namedCurve         OBJECT IDENTIFIER
00442  *   specifiedCurve     SpecifiedECDomain -- = SEQUENCE { ... }
00443  *   -- implicitCurve   NULL
00444  */
00445 static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
00446 {
00447     int ret;
00448     mbedtls_ecp_group_id grp_id;
00449 
00450     if( params->tag == MBEDTLS_ASN1_OID )
00451     {
00452         if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 )
00453             return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE );
00454     }
00455     else
00456     {
00457 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
00458         if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 )
00459             return( ret );
00460 #else
00461         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
00462 #endif
00463     }
00464 
00465     /*
00466      * grp may already be initilialized; if so, make sure IDs match
00467      */
00468     if( grp->id  != MBEDTLS_ECP_DP_NONE && grp->id  != grp_id )
00469         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
00470 
00471     if( ( ret = mbedtls_ecp_group_load( grp, grp_id ) ) != 0 )
00472         return( ret );
00473 
00474     return( 0 );
00475 }
00476 
00477 /*
00478  * EC public key is an EC point
00479  *
00480  * The caller is responsible for clearing the structure upon failure if
00481  * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE
00482  * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state.
00483  */
00484 static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
00485                             mbedtls_ecp_keypair *key )
00486 {
00487     int ret;
00488 
00489     if( ( ret = mbedtls_ecp_point_read_binary( &key->grp , &key->Q ,
00490                     (const unsigned char *) *p, end - *p ) ) == 0 )
00491     {
00492         ret = mbedtls_ecp_check_pubkey( &key->grp , &key->Q  );
00493     }
00494 
00495     /*
00496      * We know mbedtls_ecp_point_read_binary consumed all bytes or failed
00497      */
00498     *p = (unsigned char *) end;
00499 
00500     return( ret );
00501 }
00502 #endif /* MBEDTLS_ECP_C */
00503 
00504 #if defined(MBEDTLS_RSA_C)
00505 /*
00506  *  RSAPublicKey ::= SEQUENCE {
00507  *      modulus           INTEGER,  -- n
00508  *      publicExponent    INTEGER   -- e
00509  *  }
00510  */
00511 static int pk_get_rsapubkey( unsigned char **p,
00512                              const unsigned char *end,
00513                              mbedtls_rsa_context *rsa )
00514 {
00515     int ret;
00516     size_t len;
00517 
00518     if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
00519             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
00520         return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
00521 
00522     if( *p + len != end )
00523         return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
00524                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
00525 
00526     /* Import N */
00527     if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
00528         return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
00529 
00530     if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0,
00531                                         NULL, 0, NULL, 0 ) ) != 0 )
00532         return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
00533 
00534     *p += len;
00535 
00536     /* Import E */
00537     if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
00538         return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
00539 
00540     if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
00541                                         NULL, 0, *p, len ) ) != 0 )
00542         return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
00543 
00544     *p += len;
00545 
00546     if( mbedtls_rsa_complete( rsa ) != 0 ||
00547         mbedtls_rsa_check_pubkey( rsa ) != 0 )
00548     {
00549         return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
00550     }
00551 
00552     if( *p != end )
00553         return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
00554                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
00555 
00556     return( 0 );
00557 }
00558 #endif /* MBEDTLS_RSA_C */
00559 
00560 /* Get a PK algorithm identifier
00561  *
00562  *  AlgorithmIdentifier  ::=  SEQUENCE  {
00563  *       algorithm               OBJECT IDENTIFIER,
00564  *       parameters              ANY DEFINED BY algorithm OPTIONAL  }
00565  */
00566 static int pk_get_pk_alg( unsigned char **p,
00567                           const unsigned char *end,
00568                           mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params )
00569 {
00570     int ret;
00571     mbedtls_asn1_buf alg_oid;
00572 
00573     memset( params, 0, sizeof(mbedtls_asn1_buf) );
00574 
00575     if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
00576         return( MBEDTLS_ERR_PK_INVALID_ALG + ret );
00577 
00578     if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 )
00579         return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
00580 
00581     /*
00582      * No parameters with RSA (only for EC)
00583      */
00584     if( *pk_alg == MBEDTLS_PK_RSA &&
00585             ( ( params->tag != MBEDTLS_ASN1_NULL && params->tag != 0 ) ||
00586                 params->len != 0 ) )
00587     {
00588         return( MBEDTLS_ERR_PK_INVALID_ALG );
00589     }
00590 
00591     return( 0 );
00592 }
00593 
00594 /*
00595  *  SubjectPublicKeyInfo  ::=  SEQUENCE  {
00596  *       algorithm            AlgorithmIdentifier,
00597  *       subjectPublicKey     BIT STRING }
00598  */
00599 int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
00600                         mbedtls_pk_context *pk )
00601 {
00602     int ret;
00603     size_t len;
00604     mbedtls_asn1_buf alg_params;
00605     mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
00606     const mbedtls_pk_info_t *pk_info;
00607 
00608     if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
00609                     MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
00610     {
00611         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
00612     }
00613 
00614     end = *p + len;
00615 
00616     if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
00617         return( ret );
00618 
00619     if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
00620         return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
00621 
00622     if( *p + len != end )
00623         return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
00624                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
00625 
00626     if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
00627         return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
00628 
00629     if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
00630         return( ret );
00631 
00632 #if defined(MBEDTLS_RSA_C)
00633     if( pk_alg == MBEDTLS_PK_RSA )
00634     {
00635         ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) );
00636     } else
00637 #endif /* MBEDTLS_RSA_C */
00638 #if defined(MBEDTLS_ECP_C)
00639     if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY )
00640     {
00641         ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp  );
00642         if( ret == 0 )
00643             ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) );
00644     } else
00645 #endif /* MBEDTLS_ECP_C */
00646         ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
00647 
00648     if( ret == 0 && *p != end )
00649         ret = MBEDTLS_ERR_PK_INVALID_PUBKEY
00650               MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
00651 
00652     if( ret != 0 )
00653         mbedtls_pk_free( pk );
00654 
00655     return( ret );
00656 }
00657 
00658 #if defined(MBEDTLS_RSA_C)
00659 /*
00660  * Parse a PKCS#1 encoded private RSA key
00661  */
00662 static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
00663                                    const unsigned char *key,
00664                                    size_t keylen )
00665 {
00666     int ret, version;
00667     size_t len;
00668     unsigned char *p, *end;
00669 
00670     mbedtls_mpi T;
00671     mbedtls_mpi_init( &T );
00672 
00673     p = (unsigned char *) key;
00674     end = p + keylen;
00675 
00676     /*
00677      * This function parses the RSAPrivateKey (PKCS#1)
00678      *
00679      *  RSAPrivateKey ::= SEQUENCE {
00680      *      version           Version,
00681      *      modulus           INTEGER,  -- n
00682      *      publicExponent    INTEGER,  -- e
00683      *      privateExponent   INTEGER,  -- d
00684      *      prime1            INTEGER,  -- p
00685      *      prime2            INTEGER,  -- q
00686      *      exponent1         INTEGER,  -- d mod (p-1)
00687      *      exponent2         INTEGER,  -- d mod (q-1)
00688      *      coefficient       INTEGER,  -- (inverse of q) mod p
00689      *      otherPrimeInfos   OtherPrimeInfos OPTIONAL
00690      *  }
00691      */
00692     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
00693             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
00694     {
00695         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
00696     }
00697 
00698     end = p + len;
00699 
00700     if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
00701     {
00702         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
00703     }
00704 
00705     if( version != 0 )
00706     {
00707         return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
00708     }
00709 
00710     /* Import N */
00711     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
00712                                       MBEDTLS_ASN1_INTEGER ) ) != 0 ||
00713         ( ret = mbedtls_rsa_import_raw( rsa, p, len, NULL, 0, NULL, 0,
00714                                         NULL, 0, NULL, 0 ) ) != 0 )
00715         goto cleanup;
00716     p += len;
00717 
00718     /* Import E */
00719     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
00720                                       MBEDTLS_ASN1_INTEGER ) ) != 0 ||
00721         ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
00722                                         NULL, 0, p, len ) ) != 0 )
00723         goto cleanup;
00724     p += len;
00725 
00726     /* Import D */
00727     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
00728                                       MBEDTLS_ASN1_INTEGER ) ) != 0 ||
00729         ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
00730                                         p, len, NULL, 0 ) ) != 0 )
00731         goto cleanup;
00732     p += len;
00733 
00734     /* Import P */
00735     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
00736                                       MBEDTLS_ASN1_INTEGER ) ) != 0 ||
00737         ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, p, len, NULL, 0,
00738                                         NULL, 0, NULL, 0 ) ) != 0 )
00739         goto cleanup;
00740     p += len;
00741 
00742     /* Import Q */
00743     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
00744                                       MBEDTLS_ASN1_INTEGER ) ) != 0 ||
00745         ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, p, len,
00746                                         NULL, 0, NULL, 0 ) ) != 0 )
00747         goto cleanup;
00748     p += len;
00749 
00750     /* Complete the RSA private key */
00751     if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 )
00752         goto cleanup;
00753 
00754     /* Check optional parameters */
00755     if( ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
00756         ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
00757         ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 )
00758         goto cleanup;
00759 
00760     if( p != end )
00761     {
00762         ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
00763               MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ;
00764     }
00765 
00766 cleanup:
00767 
00768     mbedtls_mpi_free( &T );
00769 
00770     if( ret != 0 )
00771     {
00772         /* Wrap error code if it's coming from a lower level */
00773         if( ( ret & 0xff80 ) == 0 )
00774             ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret;
00775         else
00776             ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
00777 
00778         mbedtls_rsa_free( rsa );
00779     }
00780 
00781     return( ret );
00782 }
00783 #endif /* MBEDTLS_RSA_C */
00784 
00785 #if defined(MBEDTLS_ECP_C)
00786 /*
00787  * Parse a SEC1 encoded private EC key
00788  */
00789 static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
00790                                   const unsigned char *key,
00791                                   size_t keylen )
00792 {
00793     int ret;
00794     int version, pubkey_done;
00795     size_t len;
00796     mbedtls_asn1_buf params;
00797     unsigned char *p = (unsigned char *) key;
00798     unsigned char *end = p + keylen;
00799     unsigned char *end2;
00800 
00801     /*
00802      * RFC 5915, or SEC1 Appendix C.4
00803      *
00804      * ECPrivateKey ::= SEQUENCE {
00805      *      version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
00806      *      privateKey     OCTET STRING,
00807      *      parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
00808      *      publicKey  [1] BIT STRING OPTIONAL
00809      *    }
00810      */
00811     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
00812             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
00813     {
00814         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
00815     }
00816 
00817     end = p + len;
00818 
00819     if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
00820         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
00821 
00822     if( version != 1 )
00823         return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
00824 
00825     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
00826         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
00827 
00828     if( ( ret = mbedtls_mpi_read_binary( &eck->d , p, len ) ) != 0 )
00829     {
00830         mbedtls_ecp_keypair_free( eck );
00831         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
00832     }
00833 
00834     p += len;
00835 
00836     pubkey_done = 0;
00837     if( p != end )
00838     {
00839         /*
00840          * Is 'parameters' present?
00841          */
00842         if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
00843                         MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
00844         {
00845             if( ( ret = pk_get_ecparams( &p, p + len, &params) ) != 0 ||
00846                 ( ret = pk_use_ecparams( &params, &eck->grp  )  ) != 0 )
00847             {
00848                 mbedtls_ecp_keypair_free( eck );
00849                 return( ret );
00850             }
00851         }
00852         else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
00853         {
00854             mbedtls_ecp_keypair_free( eck );
00855             return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
00856         }
00857     }
00858 
00859     if( p != end )
00860     {
00861         /*
00862          * Is 'publickey' present? If not, or if we can't read it (eg because it
00863          * is compressed), create it from the private key.
00864          */
00865         if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
00866                         MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
00867         {
00868             end2 = p + len;
00869 
00870             if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
00871                 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
00872 
00873             if( p + len != end2 )
00874                 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
00875                         MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
00876 
00877             if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
00878                 pubkey_done = 1;
00879             else
00880             {
00881                 /*
00882                  * The only acceptable failure mode of pk_get_ecpubkey() above
00883                  * is if the point format is not recognized.
00884                  */
00885                 if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE )
00886                     return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
00887             }
00888         }
00889         else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
00890         {
00891             mbedtls_ecp_keypair_free( eck );
00892             return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
00893         }
00894     }
00895 
00896     if( ! pubkey_done &&
00897         ( ret = mbedtls_ecp_mul( &eck->grp , &eck->Q , &eck->d , &eck->grp .G ,
00898                                                       NULL, NULL ) ) != 0 )
00899     {
00900         mbedtls_ecp_keypair_free( eck );
00901         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
00902     }
00903 
00904     if( ( ret = mbedtls_ecp_check_privkey( &eck->grp , &eck->d  ) ) != 0 )
00905     {
00906         mbedtls_ecp_keypair_free( eck );
00907         return( ret );
00908     }
00909 
00910     return( 0 );
00911 }
00912 #endif /* MBEDTLS_ECP_C */
00913 
00914 /*
00915  * Parse an unencrypted PKCS#8 encoded private key
00916  *
00917  * Notes:
00918  *
00919  * - This function does not own the key buffer. It is the
00920  *   responsibility of the caller to take care of zeroizing
00921  *   and freeing it after use.
00922  *
00923  * - The function is responsible for freeing the provided
00924  *   PK context on failure.
00925  *
00926  */
00927 static int pk_parse_key_pkcs8_unencrypted_der(
00928                                     mbedtls_pk_context *pk,
00929                                     const unsigned char* key,
00930                                     size_t keylen )
00931 {
00932     int ret, version;
00933     size_t len;
00934     mbedtls_asn1_buf params;
00935     unsigned char *p = (unsigned char *) key;
00936     unsigned char *end = p + keylen;
00937     mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
00938     const mbedtls_pk_info_t *pk_info;
00939 
00940     /*
00941      * This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208)
00942      *
00943      *    PrivateKeyInfo ::= SEQUENCE {
00944      *      version                   Version,
00945      *      privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
00946      *      privateKey                PrivateKey,
00947      *      attributes           [0]  IMPLICIT Attributes OPTIONAL }
00948      *
00949      *    Version ::= INTEGER
00950      *    PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
00951      *    PrivateKey ::= OCTET STRING
00952      *
00953      *  The PrivateKey OCTET STRING is a SEC1 ECPrivateKey
00954      */
00955 
00956     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
00957             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
00958     {
00959         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
00960     }
00961 
00962     end = p + len;
00963 
00964     if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
00965         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
00966 
00967     if( version != 0 )
00968         return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret );
00969 
00970     if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, &params ) ) != 0 )
00971         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
00972 
00973     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
00974         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
00975 
00976     if( len < 1 )
00977         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
00978                 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
00979 
00980     if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
00981         return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
00982 
00983     if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
00984         return( ret );
00985 
00986 #if defined(MBEDTLS_RSA_C)
00987     if( pk_alg == MBEDTLS_PK_RSA )
00988     {
00989         if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 )
00990         {
00991             mbedtls_pk_free( pk );
00992             return( ret );
00993         }
00994     } else
00995 #endif /* MBEDTLS_RSA_C */
00996 #if defined(MBEDTLS_ECP_C)
00997     if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )
00998     {
00999         if( ( ret = pk_use_ecparams( &params, &mbedtls_pk_ec( *pk )->grp  ) ) != 0 ||
01000             ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len )  ) != 0 )
01001         {
01002             mbedtls_pk_free( pk );
01003             return( ret );
01004         }
01005     } else
01006 #endif /* MBEDTLS_ECP_C */
01007         return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
01008 
01009     return( 0 );
01010 }
01011 
01012 /*
01013  * Parse an encrypted PKCS#8 encoded private key
01014  *
01015  * To save space, the decryption happens in-place on the given key buffer.
01016  * Also, while this function may modify the keybuffer, it doesn't own it,
01017  * and instead it is the responsibility of the caller to zeroize and properly
01018  * free it after use.
01019  *
01020  */
01021 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
01022 static int pk_parse_key_pkcs8_encrypted_der(
01023                                     mbedtls_pk_context *pk,
01024                                     unsigned char *key, size_t keylen,
01025                                     const unsigned char *pwd, size_t pwdlen )
01026 {
01027     int ret, decrypted = 0;
01028     size_t len;
01029     unsigned char *buf;
01030     unsigned char *p, *end;
01031     mbedtls_asn1_buf pbe_alg_oid, pbe_params;
01032 #if defined(MBEDTLS_PKCS12_C)
01033     mbedtls_cipher_type_t cipher_alg;
01034     mbedtls_md_type_t md_alg;
01035 #endif
01036 
01037     p = key;
01038     end = p + keylen;
01039 
01040     if( pwdlen == 0 )
01041         return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
01042 
01043     /*
01044      * This function parses the EncryptedPrivateKeyInfo object (PKCS#8)
01045      *
01046      *  EncryptedPrivateKeyInfo ::= SEQUENCE {
01047      *    encryptionAlgorithm  EncryptionAlgorithmIdentifier,
01048      *    encryptedData        EncryptedData
01049      *  }
01050      *
01051      *  EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
01052      *
01053      *  EncryptedData ::= OCTET STRING
01054      *
01055      *  The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
01056      *
01057      */
01058     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
01059             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
01060     {
01061         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
01062     }
01063 
01064     end = p + len;
01065 
01066     if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
01067         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
01068 
01069     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
01070         return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
01071 
01072     buf = p;
01073 
01074     /*
01075      * Decrypt EncryptedData with appropriate PBE
01076      */
01077 #if defined(MBEDTLS_PKCS12_C)
01078     if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
01079     {
01080         if( ( ret = mbedtls_pkcs12_pbe( &pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
01081                                 cipher_alg, md_alg,
01082                                 pwd, pwdlen, p, len, buf ) ) != 0 )
01083         {
01084             if( ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH )
01085                 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
01086 
01087             return( ret );
01088         }
01089 
01090         decrypted = 1;
01091     }
01092     else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 )
01093     {
01094         if( ( ret = mbedtls_pkcs12_pbe_sha1_rc4_128( &pbe_params,
01095                                              MBEDTLS_PKCS12_PBE_DECRYPT,
01096                                              pwd, pwdlen,
01097                                              p, len, buf ) ) != 0 )
01098         {
01099             return( ret );
01100         }
01101 
01102         // Best guess for password mismatch when using RC4. If first tag is
01103         // not MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE
01104         //
01105         if( *buf != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
01106             return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
01107 
01108         decrypted = 1;
01109     }
01110     else
01111 #endif /* MBEDTLS_PKCS12_C */
01112 #if defined(MBEDTLS_PKCS5_C)
01113     if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid ) == 0 )
01114     {
01115         if( ( ret = mbedtls_pkcs5_pbes2( &pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen,
01116                                   p, len, buf ) ) != 0 )
01117         {
01118             if( ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH )
01119                 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
01120 
01121             return( ret );
01122         }
01123 
01124         decrypted = 1;
01125     }
01126     else
01127 #endif /* MBEDTLS_PKCS5_C */
01128     {
01129         ((void) pwd);
01130     }
01131 
01132     if( decrypted == 0 )
01133         return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
01134 
01135     return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
01136 }
01137 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
01138 
01139 /*
01140  * Parse a private key
01141  */
01142 int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
01143                   const unsigned char *key, size_t keylen,
01144                   const unsigned char *pwd, size_t pwdlen )
01145 {
01146     int ret;
01147     const mbedtls_pk_info_t *pk_info;
01148 
01149 #if defined(MBEDTLS_PEM_PARSE_C)
01150     size_t len;
01151     mbedtls_pem_context pem;
01152 
01153     mbedtls_pem_init( &pem );
01154 
01155 #if defined(MBEDTLS_RSA_C)
01156     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
01157     if( keylen == 0 || key[keylen - 1] != '\0' )
01158         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
01159     else
01160         ret = mbedtls_pem_read_buffer( &pem,
01161                                "-----BEGIN RSA PRIVATE KEY-----",
01162                                "-----END RSA PRIVATE KEY-----",
01163                                key, pwd, pwdlen, &len );
01164 
01165     if( ret == 0 )
01166     {
01167         pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
01168         if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
01169             ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
01170                                             pem.buf , pem.buflen  ) ) != 0 )
01171         {
01172             mbedtls_pk_free( pk );
01173         }
01174 
01175         mbedtls_pem_free( &pem );
01176         return( ret );
01177     }
01178     else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
01179         return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
01180     else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
01181         return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
01182     else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
01183         return( ret );
01184 #endif /* MBEDTLS_RSA_C */
01185 
01186 #if defined(MBEDTLS_ECP_C)
01187     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
01188     if( keylen == 0 || key[keylen - 1] != '\0' )
01189         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
01190     else
01191         ret = mbedtls_pem_read_buffer( &pem,
01192                                "-----BEGIN EC PRIVATE KEY-----",
01193                                "-----END EC PRIVATE KEY-----",
01194                                key, pwd, pwdlen, &len );
01195     if( ret == 0 )
01196     {
01197         pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
01198 
01199         if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
01200             ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
01201                                            pem.buf , pem.buflen  ) ) != 0 )
01202         {
01203             mbedtls_pk_free( pk );
01204         }
01205 
01206         mbedtls_pem_free( &pem );
01207         return( ret );
01208     }
01209     else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
01210         return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
01211     else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
01212         return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
01213     else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
01214         return( ret );
01215 #endif /* MBEDTLS_ECP_C */
01216 
01217     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
01218     if( keylen == 0 || key[keylen - 1] != '\0' )
01219         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
01220     else
01221         ret = mbedtls_pem_read_buffer( &pem,
01222                                "-----BEGIN PRIVATE KEY-----",
01223                                "-----END PRIVATE KEY-----",
01224                                key, NULL, 0, &len );
01225     if( ret == 0 )
01226     {
01227         if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
01228                                                 pem.buf , pem.buflen  ) ) != 0 )
01229         {
01230             mbedtls_pk_free( pk );
01231         }
01232 
01233         mbedtls_pem_free( &pem );
01234         return( ret );
01235     }
01236     else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
01237         return( ret );
01238 
01239 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
01240     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
01241     if( keylen == 0 || key[keylen - 1] != '\0' )
01242         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
01243     else
01244         ret = mbedtls_pem_read_buffer( &pem,
01245                                "-----BEGIN ENCRYPTED PRIVATE KEY-----",
01246                                "-----END ENCRYPTED PRIVATE KEY-----",
01247                                key, NULL, 0, &len );
01248     if( ret == 0 )
01249     {
01250         if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
01251                                                       pem.buf , pem.buflen ,
01252                                                       pwd, pwdlen ) ) != 0 )
01253         {
01254             mbedtls_pk_free( pk );
01255         }
01256 
01257         mbedtls_pem_free( &pem );
01258         return( ret );
01259     }
01260     else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
01261         return( ret );
01262 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
01263 #else
01264     ((void) ret);
01265     ((void) pwd);
01266     ((void) pwdlen);
01267 #endif /* MBEDTLS_PEM_PARSE_C */
01268 
01269     /*
01270      * At this point we only know it's not a PEM formatted key. Could be any
01271      * of the known DER encoded private key formats
01272      *
01273      * We try the different DER format parsers to see if one passes without
01274      * error
01275      */
01276 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
01277     {
01278         unsigned char *key_copy;
01279 
01280         if( keylen == 0 )
01281             return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
01282 
01283         if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
01284             return( MBEDTLS_ERR_PK_ALLOC_FAILED );
01285 
01286         memcpy( key_copy, key, keylen );
01287 
01288         ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
01289                                                 pwd, pwdlen );
01290 
01291         mbedtls_platform_zeroize( key_copy, keylen );
01292         mbedtls_free( key_copy );
01293     }
01294 
01295     if( ret == 0 )
01296         return( 0 );
01297 
01298     mbedtls_pk_free( pk );
01299 
01300     if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )
01301     {
01302         return( ret );
01303     }
01304 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
01305 
01306     if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
01307         return( 0 );
01308 
01309     mbedtls_pk_free( pk );
01310 
01311 #if defined(MBEDTLS_RSA_C)
01312 
01313     pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
01314     if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
01315         ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
01316                                         key, keylen ) ) != 0 )
01317     {
01318         mbedtls_pk_free( pk );
01319     }
01320     else
01321     {
01322         return( 0 );
01323     }
01324 
01325 #endif /* MBEDTLS_RSA_C */
01326 
01327 #if defined(MBEDTLS_ECP_C)
01328 
01329     pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
01330     if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
01331         ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
01332                                        key, keylen ) ) != 0 )
01333     {
01334         mbedtls_pk_free( pk );
01335     }
01336     else
01337     {
01338         return( 0 );
01339     }
01340 
01341 #endif /* MBEDTLS_ECP_C */
01342 
01343     return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
01344 }
01345 
01346 /*
01347  * Parse a public key
01348  */
01349 int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
01350                          const unsigned char *key, size_t keylen )
01351 {
01352     int ret;
01353     unsigned char *p;
01354 #if defined(MBEDTLS_RSA_C)
01355     const mbedtls_pk_info_t *pk_info;
01356 #endif
01357 #if defined(MBEDTLS_PEM_PARSE_C)
01358     size_t len;
01359     mbedtls_pem_context pem;
01360 
01361     mbedtls_pem_init( &pem );
01362 #if defined(MBEDTLS_RSA_C)
01363     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
01364     if( keylen == 0 || key[keylen - 1] != '\0' )
01365         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
01366     else
01367         ret = mbedtls_pem_read_buffer( &pem,
01368                                "-----BEGIN RSA PUBLIC KEY-----",
01369                                "-----END RSA PUBLIC KEY-----",
01370                                key, NULL, 0, &len );
01371 
01372     if( ret == 0 )
01373     {
01374         p = pem.buf ;
01375         if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
01376             return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
01377 
01378         if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
01379             return( ret );
01380 
01381         if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen , mbedtls_pk_rsa( *ctx ) ) ) != 0 )
01382             mbedtls_pk_free( ctx );
01383 
01384         mbedtls_pem_free( &pem );
01385         return( ret );
01386     }
01387     else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
01388     {
01389         mbedtls_pem_free( &pem );
01390         return( ret );
01391     }
01392 #endif /* MBEDTLS_RSA_C */
01393 
01394     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
01395     if( keylen == 0 || key[keylen - 1] != '\0' )
01396         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
01397     else
01398         ret = mbedtls_pem_read_buffer( &pem,
01399                 "-----BEGIN PUBLIC KEY-----",
01400                 "-----END PUBLIC KEY-----",
01401                 key, NULL, 0, &len );
01402 
01403     if( ret == 0 )
01404     {
01405         /*
01406          * Was PEM encoded
01407          */
01408         p = pem.buf ;
01409 
01410         ret = mbedtls_pk_parse_subpubkey( &p,  p + pem.buflen , ctx );
01411         mbedtls_pem_free( &pem );
01412         return( ret );
01413     }
01414     else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
01415     {
01416         mbedtls_pem_free( &pem );
01417         return( ret );
01418     }
01419     mbedtls_pem_free( &pem );
01420 #endif /* MBEDTLS_PEM_PARSE_C */
01421 
01422 #if defined(MBEDTLS_RSA_C)
01423     if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
01424         return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
01425 
01426     if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
01427         return( ret );
01428 
01429     p = (unsigned char *)key;
01430     ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) );
01431     if( ret == 0 )
01432     {
01433         return( ret );
01434     }
01435     mbedtls_pk_free( ctx );
01436     if( ret != ( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
01437     {
01438         return( ret );
01439     }
01440 #endif /* MBEDTLS_RSA_C */
01441     p = (unsigned char *) key;
01442 
01443     ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx );
01444 
01445     return( ret );
01446 }
01447 
01448 #endif /* MBEDTLS_PK_PARSE_C */