Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
pkparse.c
00001 /* 00002 * Public Key layer for parsing key files and structures 00003 * 00004 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00005 * SPDX-License-Identifier: Apache-2.0 00006 * 00007 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00008 * not use this file except in compliance with the License. 00009 * You may obtain a copy of the License at 00010 * 00011 * http://www.apache.org/licenses/LICENSE-2.0 00012 * 00013 * Unless required by applicable law or agreed to in writing, software 00014 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00015 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00016 * See the License for the specific language governing permissions and 00017 * limitations under the License. 00018 * 00019 * This file is part of mbed TLS (https://tls.mbed.org) 00020 */ 00021 00022 #if !defined(MBEDTLS_CONFIG_FILE) 00023 #include "mbedtls/config.h" 00024 #else 00025 #include MBEDTLS_CONFIG_FILE 00026 #endif 00027 00028 #if defined(MBEDTLS_PK_PARSE_C) 00029 00030 #include "mbedtls/pk.h" 00031 #include "mbedtls/asn1.h" 00032 #include "mbedtls/oid.h" 00033 #include "mbedtls/platform_util.h" 00034 00035 #include <string.h> 00036 00037 #if defined(MBEDTLS_RSA_C) 00038 #include "mbedtls/rsa.h" 00039 #endif 00040 #if defined(MBEDTLS_ECP_C) 00041 #include "mbedtls/ecp.h" 00042 #endif 00043 #if defined(MBEDTLS_ECDSA_C) 00044 #include "mbedtls/ecdsa.h" 00045 #endif 00046 #if defined(MBEDTLS_PEM_PARSE_C) 00047 #include "mbedtls/pem.h" 00048 #endif 00049 #if defined(MBEDTLS_PKCS5_C) 00050 #include "mbedtls/pkcs5.h" 00051 #endif 00052 #if defined(MBEDTLS_PKCS12_C) 00053 #include "mbedtls/pkcs12.h" 00054 #endif 00055 00056 #if defined(MBEDTLS_PLATFORM_C) 00057 #include "mbedtls/platform.h" 00058 #else 00059 #include <stdlib.h> 00060 #define mbedtls_calloc calloc 00061 #define mbedtls_free free 00062 #endif 00063 00064 #if defined(MBEDTLS_FS_IO) 00065 /* 00066 * Load all data from a file into a given buffer. 00067 * 00068 * The file is expected to contain either PEM or DER encoded data. 00069 * A terminating null byte is always appended. It is included in the announced 00070 * length only if the data looks like it is PEM encoded. 00071 */ 00072 int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ) 00073 { 00074 FILE *f; 00075 long size; 00076 00077 if( ( f = fopen( path, "rb" ) ) == NULL ) 00078 return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); 00079 00080 fseek( f, 0, SEEK_END ); 00081 if( ( size = ftell( f ) ) == -1 ) 00082 { 00083 fclose( f ); 00084 return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); 00085 } 00086 fseek( f, 0, SEEK_SET ); 00087 00088 *n = (size_t) size; 00089 00090 if( *n + 1 == 0 || 00091 ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL ) 00092 { 00093 fclose( f ); 00094 return( MBEDTLS_ERR_PK_ALLOC_FAILED ); 00095 } 00096 00097 if( fread( *buf, 1, *n, f ) != *n ) 00098 { 00099 fclose( f ); 00100 00101 mbedtls_platform_zeroize( *buf, *n ); 00102 mbedtls_free( *buf ); 00103 00104 return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); 00105 } 00106 00107 fclose( f ); 00108 00109 (*buf)[*n] = '\0'; 00110 00111 if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL ) 00112 ++*n; 00113 00114 return( 0 ); 00115 } 00116 00117 /* 00118 * Load and parse a private key 00119 */ 00120 int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, 00121 const char *path, const char *pwd ) 00122 { 00123 int ret; 00124 size_t n; 00125 unsigned char *buf; 00126 00127 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) 00128 return( ret ); 00129 00130 if( pwd == NULL ) 00131 ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 ); 00132 else 00133 ret = mbedtls_pk_parse_key( ctx, buf, n, 00134 (const unsigned char *) pwd, strlen( pwd ) ); 00135 00136 mbedtls_platform_zeroize( buf, n ); 00137 mbedtls_free( buf ); 00138 00139 return( ret ); 00140 } 00141 00142 /* 00143 * Load and parse a public key 00144 */ 00145 int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) 00146 { 00147 int ret; 00148 size_t n; 00149 unsigned char *buf; 00150 00151 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) 00152 return( ret ); 00153 00154 ret = mbedtls_pk_parse_public_key( ctx, buf, n ); 00155 00156 mbedtls_platform_zeroize( buf, n ); 00157 mbedtls_free( buf ); 00158 00159 return( ret ); 00160 } 00161 #endif /* MBEDTLS_FS_IO */ 00162 00163 #if defined(MBEDTLS_ECP_C) 00164 /* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf 00165 * 00166 * ECParameters ::= CHOICE { 00167 * namedCurve OBJECT IDENTIFIER 00168 * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... } 00169 * -- implicitCurve NULL 00170 * } 00171 */ 00172 static int pk_get_ecparams( unsigned char **p, const unsigned char *end, 00173 mbedtls_asn1_buf *params ) 00174 { 00175 int ret; 00176 00177 if ( end - *p < 1 ) 00178 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 00179 MBEDTLS_ERR_ASN1_OUT_OF_DATA ); 00180 00181 /* Tag may be either OID or SEQUENCE */ 00182 params->tag = **p; 00183 if( params->tag != MBEDTLS_ASN1_OID 00184 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) 00185 && params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) 00186 #endif 00187 ) 00188 { 00189 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 00190 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); 00191 } 00192 00193 if( ( ret = mbedtls_asn1_get_tag( p, end, ¶ms->len, params->tag ) ) != 0 ) 00194 { 00195 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00196 } 00197 00198 params->p = *p; 00199 *p += params->len; 00200 00201 if( *p != end ) 00202 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 00203 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00204 00205 return( 0 ); 00206 } 00207 00208 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) 00209 /* 00210 * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it. 00211 * WARNING: the resulting group should only be used with 00212 * pk_group_id_from_specified(), since its base point may not be set correctly 00213 * if it was encoded compressed. 00214 * 00215 * SpecifiedECDomain ::= SEQUENCE { 00216 * version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...), 00217 * fieldID FieldID {{FieldTypes}}, 00218 * curve Curve, 00219 * base ECPoint, 00220 * order INTEGER, 00221 * cofactor INTEGER OPTIONAL, 00222 * hash HashAlgorithm OPTIONAL, 00223 * ... 00224 * } 00225 * 00226 * We only support prime-field as field type, and ignore hash and cofactor. 00227 */ 00228 static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp ) 00229 { 00230 int ret; 00231 unsigned char *p = params->p; 00232 const unsigned char * const end = params->p + params->len; 00233 const unsigned char *end_field, *end_curve; 00234 size_t len; 00235 int ver; 00236 00237 /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */ 00238 if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 ) 00239 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00240 00241 if( ver < 1 || ver > 3 ) 00242 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 00243 00244 /* 00245 * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field 00246 * fieldType FIELD-ID.&id({IOSet}), 00247 * parameters FIELD-ID.&Type({IOSet}{@fieldType}) 00248 * } 00249 */ 00250 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00251 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00252 return( ret ); 00253 00254 end_field = p + len; 00255 00256 /* 00257 * FIELD-ID ::= TYPE-IDENTIFIER 00258 * FieldTypes FIELD-ID ::= { 00259 * { Prime-p IDENTIFIED BY prime-field } | 00260 * { Characteristic-two IDENTIFIED BY characteristic-two-field } 00261 * } 00262 * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 } 00263 */ 00264 if( ( ret = mbedtls_asn1_get_tag( &p, end_field, &len, MBEDTLS_ASN1_OID ) ) != 0 ) 00265 return( ret ); 00266 00267 if( len != MBEDTLS_OID_SIZE( MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD ) || 00268 memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 ) 00269 { 00270 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); 00271 } 00272 00273 p += len; 00274 00275 /* Prime-p ::= INTEGER -- Field of size p. */ 00276 if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 ) 00277 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00278 00279 grp->pbits = mbedtls_mpi_bitlen( &grp->P ); 00280 00281 if( p != end_field ) 00282 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 00283 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00284 00285 /* 00286 * Curve ::= SEQUENCE { 00287 * a FieldElement, 00288 * b FieldElement, 00289 * seed BIT STRING OPTIONAL 00290 * -- Shall be present if used in SpecifiedECDomain 00291 * -- with version equal to ecdpVer2 or ecdpVer3 00292 * } 00293 */ 00294 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00295 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00296 return( ret ); 00297 00298 end_curve = p + len; 00299 00300 /* 00301 * FieldElement ::= OCTET STRING 00302 * containing an integer in the case of a prime field 00303 */ 00304 if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 || 00305 ( ret = mbedtls_mpi_read_binary( &grp->A , p, len ) ) != 0 ) 00306 { 00307 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00308 } 00309 00310 p += len; 00311 00312 if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 || 00313 ( ret = mbedtls_mpi_read_binary( &grp->B , p, len ) ) != 0 ) 00314 { 00315 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00316 } 00317 00318 p += len; 00319 00320 /* Ignore seed BIT STRING OPTIONAL */ 00321 if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING ) ) == 0 ) 00322 p += len; 00323 00324 if( p != end_curve ) 00325 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 00326 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00327 00328 /* 00329 * ECPoint ::= OCTET STRING 00330 */ 00331 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) 00332 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00333 00334 if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G , 00335 ( const unsigned char *) p, len ) ) != 0 ) 00336 { 00337 /* 00338 * If we can't read the point because it's compressed, cheat by 00339 * reading only the X coordinate and the parity bit of Y. 00340 */ 00341 if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE || 00342 ( p[0] != 0x02 && p[0] != 0x03 ) || 00343 len != mbedtls_mpi_size( &grp->P ) + 1 || 00344 mbedtls_mpi_read_binary( &grp->G .X , p + 1, len - 1 ) != 0 || 00345 mbedtls_mpi_lset( &grp->G .Y , p[0] - 2 ) != 0 || 00346 mbedtls_mpi_lset( &grp->G .Z , 1 ) != 0 ) 00347 { 00348 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 00349 } 00350 } 00351 00352 p += len; 00353 00354 /* 00355 * order INTEGER 00356 */ 00357 if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 ) 00358 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00359 00360 grp->nbits = mbedtls_mpi_bitlen( &grp->N ); 00361 00362 /* 00363 * Allow optional elements by purposefully not enforcing p == end here. 00364 */ 00365 00366 return( 0 ); 00367 } 00368 00369 /* 00370 * Find the group id associated with an (almost filled) group as generated by 00371 * pk_group_from_specified(), or return an error if unknown. 00372 */ 00373 static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id ) 00374 { 00375 int ret = 0; 00376 mbedtls_ecp_group ref; 00377 const mbedtls_ecp_group_id *id; 00378 00379 mbedtls_ecp_group_init( &ref ); 00380 00381 for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ ) 00382 { 00383 /* Load the group associated to that id */ 00384 mbedtls_ecp_group_free( &ref ); 00385 MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ref, *id ) ); 00386 00387 /* Compare to the group we were given, starting with easy tests */ 00388 if( grp->pbits == ref.pbits && grp->nbits == ref.nbits && 00389 mbedtls_mpi_cmp_mpi( &grp->P , &ref.P ) == 0 && 00390 mbedtls_mpi_cmp_mpi( &grp->A , &ref.A ) == 0 && 00391 mbedtls_mpi_cmp_mpi( &grp->B , &ref.B ) == 0 && 00392 mbedtls_mpi_cmp_mpi( &grp->N , &ref.N ) == 0 && 00393 mbedtls_mpi_cmp_mpi( &grp->G .X , &ref.G .X ) == 0 && 00394 mbedtls_mpi_cmp_mpi( &grp->G .Z , &ref.G .Z ) == 0 && 00395 /* For Y we may only know the parity bit, so compare only that */ 00396 mbedtls_mpi_get_bit( &grp->G .Y , 0 ) == mbedtls_mpi_get_bit( &ref.G .Y , 0 ) ) 00397 { 00398 break; 00399 } 00400 00401 } 00402 00403 cleanup: 00404 mbedtls_ecp_group_free( &ref ); 00405 00406 *grp_id = *id; 00407 00408 if( ret == 0 && *id == MBEDTLS_ECP_DP_NONE ) 00409 ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; 00410 00411 return( ret ); 00412 } 00413 00414 /* 00415 * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID 00416 */ 00417 static int pk_group_id_from_specified( const mbedtls_asn1_buf *params, 00418 mbedtls_ecp_group_id *grp_id ) 00419 { 00420 int ret; 00421 mbedtls_ecp_group grp; 00422 00423 mbedtls_ecp_group_init( &grp ); 00424 00425 if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 ) 00426 goto cleanup; 00427 00428 ret = pk_group_id_from_group( &grp, grp_id ); 00429 00430 cleanup: 00431 mbedtls_ecp_group_free( &grp ); 00432 00433 return( ret ); 00434 } 00435 #endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */ 00436 00437 /* 00438 * Use EC parameters to initialise an EC group 00439 * 00440 * ECParameters ::= CHOICE { 00441 * namedCurve OBJECT IDENTIFIER 00442 * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... } 00443 * -- implicitCurve NULL 00444 */ 00445 static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp ) 00446 { 00447 int ret; 00448 mbedtls_ecp_group_id grp_id; 00449 00450 if( params->tag == MBEDTLS_ASN1_OID ) 00451 { 00452 if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 ) 00453 return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE ); 00454 } 00455 else 00456 { 00457 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) 00458 if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 ) 00459 return( ret ); 00460 #else 00461 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 00462 #endif 00463 } 00464 00465 /* 00466 * grp may already be initilialized; if so, make sure IDs match 00467 */ 00468 if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id ) 00469 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 00470 00471 if( ( ret = mbedtls_ecp_group_load( grp, grp_id ) ) != 0 ) 00472 return( ret ); 00473 00474 return( 0 ); 00475 } 00476 00477 /* 00478 * EC public key is an EC point 00479 * 00480 * The caller is responsible for clearing the structure upon failure if 00481 * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE 00482 * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state. 00483 */ 00484 static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end, 00485 mbedtls_ecp_keypair *key ) 00486 { 00487 int ret; 00488 00489 if( ( ret = mbedtls_ecp_point_read_binary( &key->grp , &key->Q , 00490 (const unsigned char *) *p, end - *p ) ) == 0 ) 00491 { 00492 ret = mbedtls_ecp_check_pubkey( &key->grp , &key->Q ); 00493 } 00494 00495 /* 00496 * We know mbedtls_ecp_point_read_binary consumed all bytes or failed 00497 */ 00498 *p = (unsigned char *) end; 00499 00500 return( ret ); 00501 } 00502 #endif /* MBEDTLS_ECP_C */ 00503 00504 #if defined(MBEDTLS_RSA_C) 00505 /* 00506 * RSAPublicKey ::= SEQUENCE { 00507 * modulus INTEGER, -- n 00508 * publicExponent INTEGER -- e 00509 * } 00510 */ 00511 static int pk_get_rsapubkey( unsigned char **p, 00512 const unsigned char *end, 00513 mbedtls_rsa_context *rsa ) 00514 { 00515 int ret; 00516 size_t len; 00517 00518 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 00519 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00520 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); 00521 00522 if( *p + len != end ) 00523 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + 00524 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00525 00526 /* Import N */ 00527 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) 00528 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); 00529 00530 if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0, 00531 NULL, 0, NULL, 0 ) ) != 0 ) 00532 return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); 00533 00534 *p += len; 00535 00536 /* Import E */ 00537 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) 00538 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); 00539 00540 if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0, 00541 NULL, 0, *p, len ) ) != 0 ) 00542 return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); 00543 00544 *p += len; 00545 00546 if( mbedtls_rsa_complete( rsa ) != 0 || 00547 mbedtls_rsa_check_pubkey( rsa ) != 0 ) 00548 { 00549 return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); 00550 } 00551 00552 if( *p != end ) 00553 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + 00554 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00555 00556 return( 0 ); 00557 } 00558 #endif /* MBEDTLS_RSA_C */ 00559 00560 /* Get a PK algorithm identifier 00561 * 00562 * AlgorithmIdentifier ::= SEQUENCE { 00563 * algorithm OBJECT IDENTIFIER, 00564 * parameters ANY DEFINED BY algorithm OPTIONAL } 00565 */ 00566 static int pk_get_pk_alg( unsigned char **p, 00567 const unsigned char *end, 00568 mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params ) 00569 { 00570 int ret; 00571 mbedtls_asn1_buf alg_oid; 00572 00573 memset( params, 0, sizeof(mbedtls_asn1_buf) ); 00574 00575 if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 ) 00576 return( MBEDTLS_ERR_PK_INVALID_ALG + ret ); 00577 00578 if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 ) 00579 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); 00580 00581 /* 00582 * No parameters with RSA (only for EC) 00583 */ 00584 if( *pk_alg == MBEDTLS_PK_RSA && 00585 ( ( params->tag != MBEDTLS_ASN1_NULL && params->tag != 0 ) || 00586 params->len != 0 ) ) 00587 { 00588 return( MBEDTLS_ERR_PK_INVALID_ALG ); 00589 } 00590 00591 return( 0 ); 00592 } 00593 00594 /* 00595 * SubjectPublicKeyInfo ::= SEQUENCE { 00596 * algorithm AlgorithmIdentifier, 00597 * subjectPublicKey BIT STRING } 00598 */ 00599 int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, 00600 mbedtls_pk_context *pk ) 00601 { 00602 int ret; 00603 size_t len; 00604 mbedtls_asn1_buf alg_params; 00605 mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; 00606 const mbedtls_pk_info_t *pk_info; 00607 00608 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 00609 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00610 { 00611 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00612 } 00613 00614 end = *p + len; 00615 00616 if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 ) 00617 return( ret ); 00618 00619 if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 ) 00620 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); 00621 00622 if( *p + len != end ) 00623 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + 00624 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00625 00626 if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL ) 00627 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); 00628 00629 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ) 00630 return( ret ); 00631 00632 #if defined(MBEDTLS_RSA_C) 00633 if( pk_alg == MBEDTLS_PK_RSA ) 00634 { 00635 ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) ); 00636 } else 00637 #endif /* MBEDTLS_RSA_C */ 00638 #if defined(MBEDTLS_ECP_C) 00639 if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY ) 00640 { 00641 ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp ); 00642 if( ret == 0 ) 00643 ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) ); 00644 } else 00645 #endif /* MBEDTLS_ECP_C */ 00646 ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; 00647 00648 if( ret == 0 && *p != end ) 00649 ret = MBEDTLS_ERR_PK_INVALID_PUBKEY 00650 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; 00651 00652 if( ret != 0 ) 00653 mbedtls_pk_free( pk ); 00654 00655 return( ret ); 00656 } 00657 00658 #if defined(MBEDTLS_RSA_C) 00659 /* 00660 * Parse a PKCS#1 encoded private RSA key 00661 */ 00662 static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, 00663 const unsigned char *key, 00664 size_t keylen ) 00665 { 00666 int ret, version; 00667 size_t len; 00668 unsigned char *p, *end; 00669 00670 mbedtls_mpi T; 00671 mbedtls_mpi_init( &T ); 00672 00673 p = (unsigned char *) key; 00674 end = p + keylen; 00675 00676 /* 00677 * This function parses the RSAPrivateKey (PKCS#1) 00678 * 00679 * RSAPrivateKey ::= SEQUENCE { 00680 * version Version, 00681 * modulus INTEGER, -- n 00682 * publicExponent INTEGER, -- e 00683 * privateExponent INTEGER, -- d 00684 * prime1 INTEGER, -- p 00685 * prime2 INTEGER, -- q 00686 * exponent1 INTEGER, -- d mod (p-1) 00687 * exponent2 INTEGER, -- d mod (q-1) 00688 * coefficient INTEGER, -- (inverse of q) mod p 00689 * otherPrimeInfos OtherPrimeInfos OPTIONAL 00690 * } 00691 */ 00692 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00693 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00694 { 00695 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00696 } 00697 00698 end = p + len; 00699 00700 if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) 00701 { 00702 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00703 } 00704 00705 if( version != 0 ) 00706 { 00707 return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); 00708 } 00709 00710 /* Import N */ 00711 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00712 MBEDTLS_ASN1_INTEGER ) ) != 0 || 00713 ( ret = mbedtls_rsa_import_raw( rsa, p, len, NULL, 0, NULL, 0, 00714 NULL, 0, NULL, 0 ) ) != 0 ) 00715 goto cleanup; 00716 p += len; 00717 00718 /* Import E */ 00719 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00720 MBEDTLS_ASN1_INTEGER ) ) != 0 || 00721 ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0, 00722 NULL, 0, p, len ) ) != 0 ) 00723 goto cleanup; 00724 p += len; 00725 00726 /* Import D */ 00727 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00728 MBEDTLS_ASN1_INTEGER ) ) != 0 || 00729 ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0, 00730 p, len, NULL, 0 ) ) != 0 ) 00731 goto cleanup; 00732 p += len; 00733 00734 /* Import P */ 00735 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00736 MBEDTLS_ASN1_INTEGER ) ) != 0 || 00737 ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, p, len, NULL, 0, 00738 NULL, 0, NULL, 0 ) ) != 0 ) 00739 goto cleanup; 00740 p += len; 00741 00742 /* Import Q */ 00743 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00744 MBEDTLS_ASN1_INTEGER ) ) != 0 || 00745 ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, p, len, 00746 NULL, 0, NULL, 0 ) ) != 0 ) 00747 goto cleanup; 00748 p += len; 00749 00750 /* Complete the RSA private key */ 00751 if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 ) 00752 goto cleanup; 00753 00754 /* Check optional parameters */ 00755 if( ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 || 00756 ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 || 00757 ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ) 00758 goto cleanup; 00759 00760 if( p != end ) 00761 { 00762 ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 00763 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ; 00764 } 00765 00766 cleanup: 00767 00768 mbedtls_mpi_free( &T ); 00769 00770 if( ret != 0 ) 00771 { 00772 /* Wrap error code if it's coming from a lower level */ 00773 if( ( ret & 0xff80 ) == 0 ) 00774 ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret; 00775 else 00776 ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; 00777 00778 mbedtls_rsa_free( rsa ); 00779 } 00780 00781 return( ret ); 00782 } 00783 #endif /* MBEDTLS_RSA_C */ 00784 00785 #if defined(MBEDTLS_ECP_C) 00786 /* 00787 * Parse a SEC1 encoded private EC key 00788 */ 00789 static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, 00790 const unsigned char *key, 00791 size_t keylen ) 00792 { 00793 int ret; 00794 int version, pubkey_done; 00795 size_t len; 00796 mbedtls_asn1_buf params; 00797 unsigned char *p = (unsigned char *) key; 00798 unsigned char *end = p + keylen; 00799 unsigned char *end2; 00800 00801 /* 00802 * RFC 5915, or SEC1 Appendix C.4 00803 * 00804 * ECPrivateKey ::= SEQUENCE { 00805 * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), 00806 * privateKey OCTET STRING, 00807 * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, 00808 * publicKey [1] BIT STRING OPTIONAL 00809 * } 00810 */ 00811 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00812 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00813 { 00814 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00815 } 00816 00817 end = p + len; 00818 00819 if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) 00820 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00821 00822 if( version != 1 ) 00823 return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); 00824 00825 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) 00826 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00827 00828 if( ( ret = mbedtls_mpi_read_binary( &eck->d , p, len ) ) != 0 ) 00829 { 00830 mbedtls_ecp_keypair_free( eck ); 00831 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00832 } 00833 00834 p += len; 00835 00836 pubkey_done = 0; 00837 if( p != end ) 00838 { 00839 /* 00840 * Is 'parameters' present? 00841 */ 00842 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00843 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 ) 00844 { 00845 if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 || 00846 ( ret = pk_use_ecparams( ¶ms, &eck->grp ) ) != 0 ) 00847 { 00848 mbedtls_ecp_keypair_free( eck ); 00849 return( ret ); 00850 } 00851 } 00852 else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 00853 { 00854 mbedtls_ecp_keypair_free( eck ); 00855 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00856 } 00857 } 00858 00859 if( p != end ) 00860 { 00861 /* 00862 * Is 'publickey' present? If not, or if we can't read it (eg because it 00863 * is compressed), create it from the private key. 00864 */ 00865 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00866 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 ) 00867 { 00868 end2 = p + len; 00869 00870 if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 ) 00871 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00872 00873 if( p + len != end2 ) 00874 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 00875 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00876 00877 if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 ) 00878 pubkey_done = 1; 00879 else 00880 { 00881 /* 00882 * The only acceptable failure mode of pk_get_ecpubkey() above 00883 * is if the point format is not recognized. 00884 */ 00885 if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ) 00886 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 00887 } 00888 } 00889 else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 00890 { 00891 mbedtls_ecp_keypair_free( eck ); 00892 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00893 } 00894 } 00895 00896 if( ! pubkey_done && 00897 ( ret = mbedtls_ecp_mul( &eck->grp , &eck->Q , &eck->d , &eck->grp .G , 00898 NULL, NULL ) ) != 0 ) 00899 { 00900 mbedtls_ecp_keypair_free( eck ); 00901 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00902 } 00903 00904 if( ( ret = mbedtls_ecp_check_privkey( &eck->grp , &eck->d ) ) != 0 ) 00905 { 00906 mbedtls_ecp_keypair_free( eck ); 00907 return( ret ); 00908 } 00909 00910 return( 0 ); 00911 } 00912 #endif /* MBEDTLS_ECP_C */ 00913 00914 /* 00915 * Parse an unencrypted PKCS#8 encoded private key 00916 * 00917 * Notes: 00918 * 00919 * - This function does not own the key buffer. It is the 00920 * responsibility of the caller to take care of zeroizing 00921 * and freeing it after use. 00922 * 00923 * - The function is responsible for freeing the provided 00924 * PK context on failure. 00925 * 00926 */ 00927 static int pk_parse_key_pkcs8_unencrypted_der( 00928 mbedtls_pk_context *pk, 00929 const unsigned char* key, 00930 size_t keylen ) 00931 { 00932 int ret, version; 00933 size_t len; 00934 mbedtls_asn1_buf params; 00935 unsigned char *p = (unsigned char *) key; 00936 unsigned char *end = p + keylen; 00937 mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; 00938 const mbedtls_pk_info_t *pk_info; 00939 00940 /* 00941 * This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208) 00942 * 00943 * PrivateKeyInfo ::= SEQUENCE { 00944 * version Version, 00945 * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, 00946 * privateKey PrivateKey, 00947 * attributes [0] IMPLICIT Attributes OPTIONAL } 00948 * 00949 * Version ::= INTEGER 00950 * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier 00951 * PrivateKey ::= OCTET STRING 00952 * 00953 * The PrivateKey OCTET STRING is a SEC1 ECPrivateKey 00954 */ 00955 00956 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00957 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00958 { 00959 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00960 } 00961 00962 end = p + len; 00963 00964 if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) 00965 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00966 00967 if( version != 0 ) 00968 return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret ); 00969 00970 if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 ) 00971 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00972 00973 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) 00974 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 00975 00976 if( len < 1 ) 00977 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 00978 MBEDTLS_ERR_ASN1_OUT_OF_DATA ); 00979 00980 if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL ) 00981 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); 00982 00983 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ) 00984 return( ret ); 00985 00986 #if defined(MBEDTLS_RSA_C) 00987 if( pk_alg == MBEDTLS_PK_RSA ) 00988 { 00989 if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 ) 00990 { 00991 mbedtls_pk_free( pk ); 00992 return( ret ); 00993 } 00994 } else 00995 #endif /* MBEDTLS_RSA_C */ 00996 #if defined(MBEDTLS_ECP_C) 00997 if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH ) 00998 { 00999 if( ( ret = pk_use_ecparams( ¶ms, &mbedtls_pk_ec( *pk )->grp ) ) != 0 || 01000 ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len ) ) != 0 ) 01001 { 01002 mbedtls_pk_free( pk ); 01003 return( ret ); 01004 } 01005 } else 01006 #endif /* MBEDTLS_ECP_C */ 01007 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); 01008 01009 return( 0 ); 01010 } 01011 01012 /* 01013 * Parse an encrypted PKCS#8 encoded private key 01014 * 01015 * To save space, the decryption happens in-place on the given key buffer. 01016 * Also, while this function may modify the keybuffer, it doesn't own it, 01017 * and instead it is the responsibility of the caller to zeroize and properly 01018 * free it after use. 01019 * 01020 */ 01021 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) 01022 static int pk_parse_key_pkcs8_encrypted_der( 01023 mbedtls_pk_context *pk, 01024 unsigned char *key, size_t keylen, 01025 const unsigned char *pwd, size_t pwdlen ) 01026 { 01027 int ret, decrypted = 0; 01028 size_t len; 01029 unsigned char *buf; 01030 unsigned char *p, *end; 01031 mbedtls_asn1_buf pbe_alg_oid, pbe_params; 01032 #if defined(MBEDTLS_PKCS12_C) 01033 mbedtls_cipher_type_t cipher_alg; 01034 mbedtls_md_type_t md_alg; 01035 #endif 01036 01037 p = key; 01038 end = p + keylen; 01039 01040 if( pwdlen == 0 ) 01041 return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); 01042 01043 /* 01044 * This function parses the EncryptedPrivateKeyInfo object (PKCS#8) 01045 * 01046 * EncryptedPrivateKeyInfo ::= SEQUENCE { 01047 * encryptionAlgorithm EncryptionAlgorithmIdentifier, 01048 * encryptedData EncryptedData 01049 * } 01050 * 01051 * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier 01052 * 01053 * EncryptedData ::= OCTET STRING 01054 * 01055 * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo 01056 * 01057 */ 01058 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 01059 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 01060 { 01061 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 01062 } 01063 01064 end = p + len; 01065 01066 if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 ) 01067 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 01068 01069 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) 01070 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 01071 01072 buf = p; 01073 01074 /* 01075 * Decrypt EncryptedData with appropriate PBE 01076 */ 01077 #if defined(MBEDTLS_PKCS12_C) 01078 if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 ) 01079 { 01080 if( ( ret = mbedtls_pkcs12_pbe( &pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, 01081 cipher_alg, md_alg, 01082 pwd, pwdlen, p, len, buf ) ) != 0 ) 01083 { 01084 if( ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH ) 01085 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); 01086 01087 return( ret ); 01088 } 01089 01090 decrypted = 1; 01091 } 01092 else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 ) 01093 { 01094 if( ( ret = mbedtls_pkcs12_pbe_sha1_rc4_128( &pbe_params, 01095 MBEDTLS_PKCS12_PBE_DECRYPT, 01096 pwd, pwdlen, 01097 p, len, buf ) ) != 0 ) 01098 { 01099 return( ret ); 01100 } 01101 01102 // Best guess for password mismatch when using RC4. If first tag is 01103 // not MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE 01104 // 01105 if( *buf != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) 01106 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); 01107 01108 decrypted = 1; 01109 } 01110 else 01111 #endif /* MBEDTLS_PKCS12_C */ 01112 #if defined(MBEDTLS_PKCS5_C) 01113 if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid ) == 0 ) 01114 { 01115 if( ( ret = mbedtls_pkcs5_pbes2( &pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen, 01116 p, len, buf ) ) != 0 ) 01117 { 01118 if( ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH ) 01119 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); 01120 01121 return( ret ); 01122 } 01123 01124 decrypted = 1; 01125 } 01126 else 01127 #endif /* MBEDTLS_PKCS5_C */ 01128 { 01129 ((void) pwd); 01130 } 01131 01132 if( decrypted == 0 ) 01133 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); 01134 01135 return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) ); 01136 } 01137 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ 01138 01139 /* 01140 * Parse a private key 01141 */ 01142 int mbedtls_pk_parse_key( mbedtls_pk_context *pk, 01143 const unsigned char *key, size_t keylen, 01144 const unsigned char *pwd, size_t pwdlen ) 01145 { 01146 int ret; 01147 const mbedtls_pk_info_t *pk_info; 01148 01149 #if defined(MBEDTLS_PEM_PARSE_C) 01150 size_t len; 01151 mbedtls_pem_context pem; 01152 01153 mbedtls_pem_init( &pem ); 01154 01155 #if defined(MBEDTLS_RSA_C) 01156 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 01157 if( keylen == 0 || key[keylen - 1] != '\0' ) 01158 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; 01159 else 01160 ret = mbedtls_pem_read_buffer( &pem, 01161 "-----BEGIN RSA PRIVATE KEY-----", 01162 "-----END RSA PRIVATE KEY-----", 01163 key, pwd, pwdlen, &len ); 01164 01165 if( ret == 0 ) 01166 { 01167 pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ); 01168 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || 01169 ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), 01170 pem.buf , pem.buflen ) ) != 0 ) 01171 { 01172 mbedtls_pk_free( pk ); 01173 } 01174 01175 mbedtls_pem_free( &pem ); 01176 return( ret ); 01177 } 01178 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ) 01179 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); 01180 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ) 01181 return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); 01182 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 01183 return( ret ); 01184 #endif /* MBEDTLS_RSA_C */ 01185 01186 #if defined(MBEDTLS_ECP_C) 01187 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 01188 if( keylen == 0 || key[keylen - 1] != '\0' ) 01189 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; 01190 else 01191 ret = mbedtls_pem_read_buffer( &pem, 01192 "-----BEGIN EC PRIVATE KEY-----", 01193 "-----END EC PRIVATE KEY-----", 01194 key, pwd, pwdlen, &len ); 01195 if( ret == 0 ) 01196 { 01197 pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ); 01198 01199 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || 01200 ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), 01201 pem.buf , pem.buflen ) ) != 0 ) 01202 { 01203 mbedtls_pk_free( pk ); 01204 } 01205 01206 mbedtls_pem_free( &pem ); 01207 return( ret ); 01208 } 01209 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ) 01210 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); 01211 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ) 01212 return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); 01213 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 01214 return( ret ); 01215 #endif /* MBEDTLS_ECP_C */ 01216 01217 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 01218 if( keylen == 0 || key[keylen - 1] != '\0' ) 01219 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; 01220 else 01221 ret = mbedtls_pem_read_buffer( &pem, 01222 "-----BEGIN PRIVATE KEY-----", 01223 "-----END PRIVATE KEY-----", 01224 key, NULL, 0, &len ); 01225 if( ret == 0 ) 01226 { 01227 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, 01228 pem.buf , pem.buflen ) ) != 0 ) 01229 { 01230 mbedtls_pk_free( pk ); 01231 } 01232 01233 mbedtls_pem_free( &pem ); 01234 return( ret ); 01235 } 01236 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 01237 return( ret ); 01238 01239 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) 01240 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 01241 if( keylen == 0 || key[keylen - 1] != '\0' ) 01242 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; 01243 else 01244 ret = mbedtls_pem_read_buffer( &pem, 01245 "-----BEGIN ENCRYPTED PRIVATE KEY-----", 01246 "-----END ENCRYPTED PRIVATE KEY-----", 01247 key, NULL, 0, &len ); 01248 if( ret == 0 ) 01249 { 01250 if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, 01251 pem.buf , pem.buflen , 01252 pwd, pwdlen ) ) != 0 ) 01253 { 01254 mbedtls_pk_free( pk ); 01255 } 01256 01257 mbedtls_pem_free( &pem ); 01258 return( ret ); 01259 } 01260 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 01261 return( ret ); 01262 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ 01263 #else 01264 ((void) ret); 01265 ((void) pwd); 01266 ((void) pwdlen); 01267 #endif /* MBEDTLS_PEM_PARSE_C */ 01268 01269 /* 01270 * At this point we only know it's not a PEM formatted key. Could be any 01271 * of the known DER encoded private key formats 01272 * 01273 * We try the different DER format parsers to see if one passes without 01274 * error 01275 */ 01276 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) 01277 { 01278 unsigned char *key_copy; 01279 01280 if( keylen == 0 ) 01281 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 01282 01283 if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL ) 01284 return( MBEDTLS_ERR_PK_ALLOC_FAILED ); 01285 01286 memcpy( key_copy, key, keylen ); 01287 01288 ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen, 01289 pwd, pwdlen ); 01290 01291 mbedtls_platform_zeroize( key_copy, keylen ); 01292 mbedtls_free( key_copy ); 01293 } 01294 01295 if( ret == 0 ) 01296 return( 0 ); 01297 01298 mbedtls_pk_free( pk ); 01299 01300 if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH ) 01301 { 01302 return( ret ); 01303 } 01304 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ 01305 01306 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 ) 01307 return( 0 ); 01308 01309 mbedtls_pk_free( pk ); 01310 01311 #if defined(MBEDTLS_RSA_C) 01312 01313 pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ); 01314 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || 01315 ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), 01316 key, keylen ) ) != 0 ) 01317 { 01318 mbedtls_pk_free( pk ); 01319 } 01320 else 01321 { 01322 return( 0 ); 01323 } 01324 01325 #endif /* MBEDTLS_RSA_C */ 01326 01327 #if defined(MBEDTLS_ECP_C) 01328 01329 pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ); 01330 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || 01331 ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), 01332 key, keylen ) ) != 0 ) 01333 { 01334 mbedtls_pk_free( pk ); 01335 } 01336 else 01337 { 01338 return( 0 ); 01339 } 01340 01341 #endif /* MBEDTLS_ECP_C */ 01342 01343 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 01344 } 01345 01346 /* 01347 * Parse a public key 01348 */ 01349 int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, 01350 const unsigned char *key, size_t keylen ) 01351 { 01352 int ret; 01353 unsigned char *p; 01354 #if defined(MBEDTLS_RSA_C) 01355 const mbedtls_pk_info_t *pk_info; 01356 #endif 01357 #if defined(MBEDTLS_PEM_PARSE_C) 01358 size_t len; 01359 mbedtls_pem_context pem; 01360 01361 mbedtls_pem_init( &pem ); 01362 #if defined(MBEDTLS_RSA_C) 01363 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 01364 if( keylen == 0 || key[keylen - 1] != '\0' ) 01365 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; 01366 else 01367 ret = mbedtls_pem_read_buffer( &pem, 01368 "-----BEGIN RSA PUBLIC KEY-----", 01369 "-----END RSA PUBLIC KEY-----", 01370 key, NULL, 0, &len ); 01371 01372 if( ret == 0 ) 01373 { 01374 p = pem.buf ; 01375 if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) 01376 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); 01377 01378 if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) 01379 return( ret ); 01380 01381 if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen , mbedtls_pk_rsa( *ctx ) ) ) != 0 ) 01382 mbedtls_pk_free( ctx ); 01383 01384 mbedtls_pem_free( &pem ); 01385 return( ret ); 01386 } 01387 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 01388 { 01389 mbedtls_pem_free( &pem ); 01390 return( ret ); 01391 } 01392 #endif /* MBEDTLS_RSA_C */ 01393 01394 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 01395 if( keylen == 0 || key[keylen - 1] != '\0' ) 01396 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; 01397 else 01398 ret = mbedtls_pem_read_buffer( &pem, 01399 "-----BEGIN PUBLIC KEY-----", 01400 "-----END PUBLIC KEY-----", 01401 key, NULL, 0, &len ); 01402 01403 if( ret == 0 ) 01404 { 01405 /* 01406 * Was PEM encoded 01407 */ 01408 p = pem.buf ; 01409 01410 ret = mbedtls_pk_parse_subpubkey( &p, p + pem.buflen , ctx ); 01411 mbedtls_pem_free( &pem ); 01412 return( ret ); 01413 } 01414 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 01415 { 01416 mbedtls_pem_free( &pem ); 01417 return( ret ); 01418 } 01419 mbedtls_pem_free( &pem ); 01420 #endif /* MBEDTLS_PEM_PARSE_C */ 01421 01422 #if defined(MBEDTLS_RSA_C) 01423 if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) 01424 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); 01425 01426 if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) 01427 return( ret ); 01428 01429 p = (unsigned char *)key; 01430 ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) ); 01431 if( ret == 0 ) 01432 { 01433 return( ret ); 01434 } 01435 mbedtls_pk_free( ctx ); 01436 if( ret != ( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) 01437 { 01438 return( ret ); 01439 } 01440 #endif /* MBEDTLS_RSA_C */ 01441 p = (unsigned char *) key; 01442 01443 ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx ); 01444 01445 return( ret ); 01446 } 01447 01448 #endif /* MBEDTLS_PK_PARSE_C */
Generated on Tue Jul 12 2022 12:45:41 by
