Preliminary main mbed library for nexpaq development

Committer:
nexpaq
Date:
Fri Nov 04 20:27:58 2016 +0000
Revision:
0:6c56fb4bc5f0
Moving to library for sharing updates

Who changed what in which revision?

UserRevisionLine numberNew contents of line
nexpaq 0:6c56fb4bc5f0 1 /*
nexpaq 0:6c56fb4bc5f0 2 * Public Key layer for parsing key files and structures
nexpaq 0:6c56fb4bc5f0 3 *
nexpaq 0:6c56fb4bc5f0 4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
nexpaq 0:6c56fb4bc5f0 5 * SPDX-License-Identifier: Apache-2.0
nexpaq 0:6c56fb4bc5f0 6 *
nexpaq 0:6c56fb4bc5f0 7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
nexpaq 0:6c56fb4bc5f0 8 * not use this file except in compliance with the License.
nexpaq 0:6c56fb4bc5f0 9 * You may obtain a copy of the License at
nexpaq 0:6c56fb4bc5f0 10 *
nexpaq 0:6c56fb4bc5f0 11 * http://www.apache.org/licenses/LICENSE-2.0
nexpaq 0:6c56fb4bc5f0 12 *
nexpaq 0:6c56fb4bc5f0 13 * Unless required by applicable law or agreed to in writing, software
nexpaq 0:6c56fb4bc5f0 14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
nexpaq 0:6c56fb4bc5f0 15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
nexpaq 0:6c56fb4bc5f0 16 * See the License for the specific language governing permissions and
nexpaq 0:6c56fb4bc5f0 17 * limitations under the License.
nexpaq 0:6c56fb4bc5f0 18 *
nexpaq 0:6c56fb4bc5f0 19 * This file is part of mbed TLS (https://tls.mbed.org)
nexpaq 0:6c56fb4bc5f0 20 */
nexpaq 0:6c56fb4bc5f0 21
nexpaq 0:6c56fb4bc5f0 22 #if !defined(MBEDTLS_CONFIG_FILE)
nexpaq 0:6c56fb4bc5f0 23 #include "mbedtls/config.h"
nexpaq 0:6c56fb4bc5f0 24 #else
nexpaq 0:6c56fb4bc5f0 25 #include MBEDTLS_CONFIG_FILE
nexpaq 0:6c56fb4bc5f0 26 #endif
nexpaq 0:6c56fb4bc5f0 27
nexpaq 0:6c56fb4bc5f0 28 #if defined(MBEDTLS_PK_PARSE_C)
nexpaq 0:6c56fb4bc5f0 29
nexpaq 0:6c56fb4bc5f0 30 #include "mbedtls/pk.h"
nexpaq 0:6c56fb4bc5f0 31 #include "mbedtls/asn1.h"
nexpaq 0:6c56fb4bc5f0 32 #include "mbedtls/oid.h"
nexpaq 0:6c56fb4bc5f0 33
nexpaq 0:6c56fb4bc5f0 34 #include <string.h>
nexpaq 0:6c56fb4bc5f0 35
nexpaq 0:6c56fb4bc5f0 36 #if defined(MBEDTLS_RSA_C)
nexpaq 0:6c56fb4bc5f0 37 #include "mbedtls/rsa.h"
nexpaq 0:6c56fb4bc5f0 38 #endif
nexpaq 0:6c56fb4bc5f0 39 #if defined(MBEDTLS_ECP_C)
nexpaq 0:6c56fb4bc5f0 40 #include "mbedtls/ecp.h"
nexpaq 0:6c56fb4bc5f0 41 #endif
nexpaq 0:6c56fb4bc5f0 42 #if defined(MBEDTLS_ECDSA_C)
nexpaq 0:6c56fb4bc5f0 43 #include "mbedtls/ecdsa.h"
nexpaq 0:6c56fb4bc5f0 44 #endif
nexpaq 0:6c56fb4bc5f0 45 #if defined(MBEDTLS_PEM_PARSE_C)
nexpaq 0:6c56fb4bc5f0 46 #include "mbedtls/pem.h"
nexpaq 0:6c56fb4bc5f0 47 #endif
nexpaq 0:6c56fb4bc5f0 48 #if defined(MBEDTLS_PKCS5_C)
nexpaq 0:6c56fb4bc5f0 49 #include "mbedtls/pkcs5.h"
nexpaq 0:6c56fb4bc5f0 50 #endif
nexpaq 0:6c56fb4bc5f0 51 #if defined(MBEDTLS_PKCS12_C)
nexpaq 0:6c56fb4bc5f0 52 #include "mbedtls/pkcs12.h"
nexpaq 0:6c56fb4bc5f0 53 #endif
nexpaq 0:6c56fb4bc5f0 54
nexpaq 0:6c56fb4bc5f0 55 #if defined(MBEDTLS_PLATFORM_C)
nexpaq 0:6c56fb4bc5f0 56 #include "mbedtls/platform.h"
nexpaq 0:6c56fb4bc5f0 57 #else
nexpaq 0:6c56fb4bc5f0 58 #include <stdlib.h>
nexpaq 0:6c56fb4bc5f0 59 #define mbedtls_calloc calloc
nexpaq 0:6c56fb4bc5f0 60 #define mbedtls_free free
nexpaq 0:6c56fb4bc5f0 61 #endif
nexpaq 0:6c56fb4bc5f0 62
nexpaq 0:6c56fb4bc5f0 63 #if defined(MBEDTLS_FS_IO)
nexpaq 0:6c56fb4bc5f0 64 /* Implementation that should never be optimized out by the compiler */
nexpaq 0:6c56fb4bc5f0 65 static void mbedtls_zeroize( void *v, size_t n ) {
nexpaq 0:6c56fb4bc5f0 66 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
nexpaq 0:6c56fb4bc5f0 67 }
nexpaq 0:6c56fb4bc5f0 68
nexpaq 0:6c56fb4bc5f0 69 /*
nexpaq 0:6c56fb4bc5f0 70 * Load all data from a file into a given buffer.
nexpaq 0:6c56fb4bc5f0 71 *
nexpaq 0:6c56fb4bc5f0 72 * The file is expected to contain either PEM or DER encoded data.
nexpaq 0:6c56fb4bc5f0 73 * A terminating null byte is always appended. It is included in the announced
nexpaq 0:6c56fb4bc5f0 74 * length only if the data looks like it is PEM encoded.
nexpaq 0:6c56fb4bc5f0 75 */
nexpaq 0:6c56fb4bc5f0 76 int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
nexpaq 0:6c56fb4bc5f0 77 {
nexpaq 0:6c56fb4bc5f0 78 FILE *f;
nexpaq 0:6c56fb4bc5f0 79 long size;
nexpaq 0:6c56fb4bc5f0 80
nexpaq 0:6c56fb4bc5f0 81 if( ( f = fopen( path, "rb" ) ) == NULL )
nexpaq 0:6c56fb4bc5f0 82 return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
nexpaq 0:6c56fb4bc5f0 83
nexpaq 0:6c56fb4bc5f0 84 fseek( f, 0, SEEK_END );
nexpaq 0:6c56fb4bc5f0 85 if( ( size = ftell( f ) ) == -1 )
nexpaq 0:6c56fb4bc5f0 86 {
nexpaq 0:6c56fb4bc5f0 87 fclose( f );
nexpaq 0:6c56fb4bc5f0 88 return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
nexpaq 0:6c56fb4bc5f0 89 }
nexpaq 0:6c56fb4bc5f0 90 fseek( f, 0, SEEK_SET );
nexpaq 0:6c56fb4bc5f0 91
nexpaq 0:6c56fb4bc5f0 92 *n = (size_t) size;
nexpaq 0:6c56fb4bc5f0 93
nexpaq 0:6c56fb4bc5f0 94 if( *n + 1 == 0 ||
nexpaq 0:6c56fb4bc5f0 95 ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
nexpaq 0:6c56fb4bc5f0 96 {
nexpaq 0:6c56fb4bc5f0 97 fclose( f );
nexpaq 0:6c56fb4bc5f0 98 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
nexpaq 0:6c56fb4bc5f0 99 }
nexpaq 0:6c56fb4bc5f0 100
nexpaq 0:6c56fb4bc5f0 101 if( fread( *buf, 1, *n, f ) != *n )
nexpaq 0:6c56fb4bc5f0 102 {
nexpaq 0:6c56fb4bc5f0 103 fclose( f );
nexpaq 0:6c56fb4bc5f0 104 mbedtls_free( *buf );
nexpaq 0:6c56fb4bc5f0 105 return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
nexpaq 0:6c56fb4bc5f0 106 }
nexpaq 0:6c56fb4bc5f0 107
nexpaq 0:6c56fb4bc5f0 108 fclose( f );
nexpaq 0:6c56fb4bc5f0 109
nexpaq 0:6c56fb4bc5f0 110 (*buf)[*n] = '\0';
nexpaq 0:6c56fb4bc5f0 111
nexpaq 0:6c56fb4bc5f0 112 if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
nexpaq 0:6c56fb4bc5f0 113 ++*n;
nexpaq 0:6c56fb4bc5f0 114
nexpaq 0:6c56fb4bc5f0 115 return( 0 );
nexpaq 0:6c56fb4bc5f0 116 }
nexpaq 0:6c56fb4bc5f0 117
nexpaq 0:6c56fb4bc5f0 118 /*
nexpaq 0:6c56fb4bc5f0 119 * Load and parse a private key
nexpaq 0:6c56fb4bc5f0 120 */
nexpaq 0:6c56fb4bc5f0 121 int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
nexpaq 0:6c56fb4bc5f0 122 const char *path, const char *pwd )
nexpaq 0:6c56fb4bc5f0 123 {
nexpaq 0:6c56fb4bc5f0 124 int ret;
nexpaq 0:6c56fb4bc5f0 125 size_t n;
nexpaq 0:6c56fb4bc5f0 126 unsigned char *buf;
nexpaq 0:6c56fb4bc5f0 127
nexpaq 0:6c56fb4bc5f0 128 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 129 return( ret );
nexpaq 0:6c56fb4bc5f0 130
nexpaq 0:6c56fb4bc5f0 131 if( pwd == NULL )
nexpaq 0:6c56fb4bc5f0 132 ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 );
nexpaq 0:6c56fb4bc5f0 133 else
nexpaq 0:6c56fb4bc5f0 134 ret = mbedtls_pk_parse_key( ctx, buf, n,
nexpaq 0:6c56fb4bc5f0 135 (const unsigned char *) pwd, strlen( pwd ) );
nexpaq 0:6c56fb4bc5f0 136
nexpaq 0:6c56fb4bc5f0 137 mbedtls_zeroize( buf, n );
nexpaq 0:6c56fb4bc5f0 138 mbedtls_free( buf );
nexpaq 0:6c56fb4bc5f0 139
nexpaq 0:6c56fb4bc5f0 140 return( ret );
nexpaq 0:6c56fb4bc5f0 141 }
nexpaq 0:6c56fb4bc5f0 142
nexpaq 0:6c56fb4bc5f0 143 /*
nexpaq 0:6c56fb4bc5f0 144 * Load and parse a public key
nexpaq 0:6c56fb4bc5f0 145 */
nexpaq 0:6c56fb4bc5f0 146 int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
nexpaq 0:6c56fb4bc5f0 147 {
nexpaq 0:6c56fb4bc5f0 148 int ret;
nexpaq 0:6c56fb4bc5f0 149 size_t n;
nexpaq 0:6c56fb4bc5f0 150 unsigned char *buf;
nexpaq 0:6c56fb4bc5f0 151
nexpaq 0:6c56fb4bc5f0 152 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 153 return( ret );
nexpaq 0:6c56fb4bc5f0 154
nexpaq 0:6c56fb4bc5f0 155 ret = mbedtls_pk_parse_public_key( ctx, buf, n );
nexpaq 0:6c56fb4bc5f0 156
nexpaq 0:6c56fb4bc5f0 157 mbedtls_zeroize( buf, n );
nexpaq 0:6c56fb4bc5f0 158 mbedtls_free( buf );
nexpaq 0:6c56fb4bc5f0 159
nexpaq 0:6c56fb4bc5f0 160 return( ret );
nexpaq 0:6c56fb4bc5f0 161 }
nexpaq 0:6c56fb4bc5f0 162 #endif /* MBEDTLS_FS_IO */
nexpaq 0:6c56fb4bc5f0 163
nexpaq 0:6c56fb4bc5f0 164 #if defined(MBEDTLS_ECP_C)
nexpaq 0:6c56fb4bc5f0 165 /* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf
nexpaq 0:6c56fb4bc5f0 166 *
nexpaq 0:6c56fb4bc5f0 167 * ECParameters ::= CHOICE {
nexpaq 0:6c56fb4bc5f0 168 * namedCurve OBJECT IDENTIFIER
nexpaq 0:6c56fb4bc5f0 169 * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
nexpaq 0:6c56fb4bc5f0 170 * -- implicitCurve NULL
nexpaq 0:6c56fb4bc5f0 171 * }
nexpaq 0:6c56fb4bc5f0 172 */
nexpaq 0:6c56fb4bc5f0 173 static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
nexpaq 0:6c56fb4bc5f0 174 mbedtls_asn1_buf *params )
nexpaq 0:6c56fb4bc5f0 175 {
nexpaq 0:6c56fb4bc5f0 176 int ret;
nexpaq 0:6c56fb4bc5f0 177
nexpaq 0:6c56fb4bc5f0 178 /* Tag may be either OID or SEQUENCE */
nexpaq 0:6c56fb4bc5f0 179 params->tag = **p;
nexpaq 0:6c56fb4bc5f0 180 if( params->tag != MBEDTLS_ASN1_OID
nexpaq 0:6c56fb4bc5f0 181 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
nexpaq 0:6c56fb4bc5f0 182 && params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE )
nexpaq 0:6c56fb4bc5f0 183 #endif
nexpaq 0:6c56fb4bc5f0 184 )
nexpaq 0:6c56fb4bc5f0 185 {
nexpaq 0:6c56fb4bc5f0 186 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
nexpaq 0:6c56fb4bc5f0 187 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
nexpaq 0:6c56fb4bc5f0 188 }
nexpaq 0:6c56fb4bc5f0 189
nexpaq 0:6c56fb4bc5f0 190 if( ( ret = mbedtls_asn1_get_tag( p, end, &params->len, params->tag ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 191 {
nexpaq 0:6c56fb4bc5f0 192 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 193 }
nexpaq 0:6c56fb4bc5f0 194
nexpaq 0:6c56fb4bc5f0 195 params->p = *p;
nexpaq 0:6c56fb4bc5f0 196 *p += params->len;
nexpaq 0:6c56fb4bc5f0 197
nexpaq 0:6c56fb4bc5f0 198 if( *p != end )
nexpaq 0:6c56fb4bc5f0 199 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
nexpaq 0:6c56fb4bc5f0 200 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
nexpaq 0:6c56fb4bc5f0 201
nexpaq 0:6c56fb4bc5f0 202 return( 0 );
nexpaq 0:6c56fb4bc5f0 203 }
nexpaq 0:6c56fb4bc5f0 204
nexpaq 0:6c56fb4bc5f0 205 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
nexpaq 0:6c56fb4bc5f0 206 /*
nexpaq 0:6c56fb4bc5f0 207 * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it.
nexpaq 0:6c56fb4bc5f0 208 * WARNING: the resulting group should only be used with
nexpaq 0:6c56fb4bc5f0 209 * pk_group_id_from_specified(), since its base point may not be set correctly
nexpaq 0:6c56fb4bc5f0 210 * if it was encoded compressed.
nexpaq 0:6c56fb4bc5f0 211 *
nexpaq 0:6c56fb4bc5f0 212 * SpecifiedECDomain ::= SEQUENCE {
nexpaq 0:6c56fb4bc5f0 213 * version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...),
nexpaq 0:6c56fb4bc5f0 214 * fieldID FieldID {{FieldTypes}},
nexpaq 0:6c56fb4bc5f0 215 * curve Curve,
nexpaq 0:6c56fb4bc5f0 216 * base ECPoint,
nexpaq 0:6c56fb4bc5f0 217 * order INTEGER,
nexpaq 0:6c56fb4bc5f0 218 * cofactor INTEGER OPTIONAL,
nexpaq 0:6c56fb4bc5f0 219 * hash HashAlgorithm OPTIONAL,
nexpaq 0:6c56fb4bc5f0 220 * ...
nexpaq 0:6c56fb4bc5f0 221 * }
nexpaq 0:6c56fb4bc5f0 222 *
nexpaq 0:6c56fb4bc5f0 223 * We only support prime-field as field type, and ignore hash and cofactor.
nexpaq 0:6c56fb4bc5f0 224 */
nexpaq 0:6c56fb4bc5f0 225 static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
nexpaq 0:6c56fb4bc5f0 226 {
nexpaq 0:6c56fb4bc5f0 227 int ret;
nexpaq 0:6c56fb4bc5f0 228 unsigned char *p = params->p;
nexpaq 0:6c56fb4bc5f0 229 const unsigned char * const end = params->p + params->len;
nexpaq 0:6c56fb4bc5f0 230 const unsigned char *end_field, *end_curve;
nexpaq 0:6c56fb4bc5f0 231 size_t len;
nexpaq 0:6c56fb4bc5f0 232 int ver;
nexpaq 0:6c56fb4bc5f0 233
nexpaq 0:6c56fb4bc5f0 234 /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */
nexpaq 0:6c56fb4bc5f0 235 if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 236 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 237
nexpaq 0:6c56fb4bc5f0 238 if( ver < 1 || ver > 3 )
nexpaq 0:6c56fb4bc5f0 239 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
nexpaq 0:6c56fb4bc5f0 240
nexpaq 0:6c56fb4bc5f0 241 /*
nexpaq 0:6c56fb4bc5f0 242 * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field
nexpaq 0:6c56fb4bc5f0 243 * fieldType FIELD-ID.&id({IOSet}),
nexpaq 0:6c56fb4bc5f0 244 * parameters FIELD-ID.&Type({IOSet}{@fieldType})
nexpaq 0:6c56fb4bc5f0 245 * }
nexpaq 0:6c56fb4bc5f0 246 */
nexpaq 0:6c56fb4bc5f0 247 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
nexpaq 0:6c56fb4bc5f0 248 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 249 return( ret );
nexpaq 0:6c56fb4bc5f0 250
nexpaq 0:6c56fb4bc5f0 251 end_field = p + len;
nexpaq 0:6c56fb4bc5f0 252
nexpaq 0:6c56fb4bc5f0 253 /*
nexpaq 0:6c56fb4bc5f0 254 * FIELD-ID ::= TYPE-IDENTIFIER
nexpaq 0:6c56fb4bc5f0 255 * FieldTypes FIELD-ID ::= {
nexpaq 0:6c56fb4bc5f0 256 * { Prime-p IDENTIFIED BY prime-field } |
nexpaq 0:6c56fb4bc5f0 257 * { Characteristic-two IDENTIFIED BY characteristic-two-field }
nexpaq 0:6c56fb4bc5f0 258 * }
nexpaq 0:6c56fb4bc5f0 259 * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
nexpaq 0:6c56fb4bc5f0 260 */
nexpaq 0:6c56fb4bc5f0 261 if( ( ret = mbedtls_asn1_get_tag( &p, end_field, &len, MBEDTLS_ASN1_OID ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 262 return( ret );
nexpaq 0:6c56fb4bc5f0 263
nexpaq 0:6c56fb4bc5f0 264 if( len != MBEDTLS_OID_SIZE( MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD ) ||
nexpaq 0:6c56fb4bc5f0 265 memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
nexpaq 0:6c56fb4bc5f0 266 {
nexpaq 0:6c56fb4bc5f0 267 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
nexpaq 0:6c56fb4bc5f0 268 }
nexpaq 0:6c56fb4bc5f0 269
nexpaq 0:6c56fb4bc5f0 270 p += len;
nexpaq 0:6c56fb4bc5f0 271
nexpaq 0:6c56fb4bc5f0 272 /* Prime-p ::= INTEGER -- Field of size p. */
nexpaq 0:6c56fb4bc5f0 273 if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 274 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 275
nexpaq 0:6c56fb4bc5f0 276 grp->pbits = mbedtls_mpi_bitlen( &grp->P );
nexpaq 0:6c56fb4bc5f0 277
nexpaq 0:6c56fb4bc5f0 278 if( p != end_field )
nexpaq 0:6c56fb4bc5f0 279 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
nexpaq 0:6c56fb4bc5f0 280 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
nexpaq 0:6c56fb4bc5f0 281
nexpaq 0:6c56fb4bc5f0 282 /*
nexpaq 0:6c56fb4bc5f0 283 * Curve ::= SEQUENCE {
nexpaq 0:6c56fb4bc5f0 284 * a FieldElement,
nexpaq 0:6c56fb4bc5f0 285 * b FieldElement,
nexpaq 0:6c56fb4bc5f0 286 * seed BIT STRING OPTIONAL
nexpaq 0:6c56fb4bc5f0 287 * -- Shall be present if used in SpecifiedECDomain
nexpaq 0:6c56fb4bc5f0 288 * -- with version equal to ecdpVer2 or ecdpVer3
nexpaq 0:6c56fb4bc5f0 289 * }
nexpaq 0:6c56fb4bc5f0 290 */
nexpaq 0:6c56fb4bc5f0 291 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
nexpaq 0:6c56fb4bc5f0 292 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 293 return( ret );
nexpaq 0:6c56fb4bc5f0 294
nexpaq 0:6c56fb4bc5f0 295 end_curve = p + len;
nexpaq 0:6c56fb4bc5f0 296
nexpaq 0:6c56fb4bc5f0 297 /*
nexpaq 0:6c56fb4bc5f0 298 * FieldElement ::= OCTET STRING
nexpaq 0:6c56fb4bc5f0 299 * containing an integer in the case of a prime field
nexpaq 0:6c56fb4bc5f0 300 */
nexpaq 0:6c56fb4bc5f0 301 if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
nexpaq 0:6c56fb4bc5f0 302 ( ret = mbedtls_mpi_read_binary( &grp->A, p, len ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 303 {
nexpaq 0:6c56fb4bc5f0 304 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 305 }
nexpaq 0:6c56fb4bc5f0 306
nexpaq 0:6c56fb4bc5f0 307 p += len;
nexpaq 0:6c56fb4bc5f0 308
nexpaq 0:6c56fb4bc5f0 309 if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
nexpaq 0:6c56fb4bc5f0 310 ( ret = mbedtls_mpi_read_binary( &grp->B, p, len ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 311 {
nexpaq 0:6c56fb4bc5f0 312 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 313 }
nexpaq 0:6c56fb4bc5f0 314
nexpaq 0:6c56fb4bc5f0 315 p += len;
nexpaq 0:6c56fb4bc5f0 316
nexpaq 0:6c56fb4bc5f0 317 /* Ignore seed BIT STRING OPTIONAL */
nexpaq 0:6c56fb4bc5f0 318 if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING ) ) == 0 )
nexpaq 0:6c56fb4bc5f0 319 p += len;
nexpaq 0:6c56fb4bc5f0 320
nexpaq 0:6c56fb4bc5f0 321 if( p != end_curve )
nexpaq 0:6c56fb4bc5f0 322 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
nexpaq 0:6c56fb4bc5f0 323 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
nexpaq 0:6c56fb4bc5f0 324
nexpaq 0:6c56fb4bc5f0 325 /*
nexpaq 0:6c56fb4bc5f0 326 * ECPoint ::= OCTET STRING
nexpaq 0:6c56fb4bc5f0 327 */
nexpaq 0:6c56fb4bc5f0 328 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 329 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 330
nexpaq 0:6c56fb4bc5f0 331 if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G,
nexpaq 0:6c56fb4bc5f0 332 ( const unsigned char *) p, len ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 333 {
nexpaq 0:6c56fb4bc5f0 334 /*
nexpaq 0:6c56fb4bc5f0 335 * If we can't read the point because it's compressed, cheat by
nexpaq 0:6c56fb4bc5f0 336 * reading only the X coordinate and the parity bit of Y.
nexpaq 0:6c56fb4bc5f0 337 */
nexpaq 0:6c56fb4bc5f0 338 if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ||
nexpaq 0:6c56fb4bc5f0 339 ( p[0] != 0x02 && p[0] != 0x03 ) ||
nexpaq 0:6c56fb4bc5f0 340 len != mbedtls_mpi_size( &grp->P ) + 1 ||
nexpaq 0:6c56fb4bc5f0 341 mbedtls_mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 ||
nexpaq 0:6c56fb4bc5f0 342 mbedtls_mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 ||
nexpaq 0:6c56fb4bc5f0 343 mbedtls_mpi_lset( &grp->G.Z, 1 ) != 0 )
nexpaq 0:6c56fb4bc5f0 344 {
nexpaq 0:6c56fb4bc5f0 345 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
nexpaq 0:6c56fb4bc5f0 346 }
nexpaq 0:6c56fb4bc5f0 347 }
nexpaq 0:6c56fb4bc5f0 348
nexpaq 0:6c56fb4bc5f0 349 p += len;
nexpaq 0:6c56fb4bc5f0 350
nexpaq 0:6c56fb4bc5f0 351 /*
nexpaq 0:6c56fb4bc5f0 352 * order INTEGER
nexpaq 0:6c56fb4bc5f0 353 */
nexpaq 0:6c56fb4bc5f0 354 if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 355 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 356
nexpaq 0:6c56fb4bc5f0 357 grp->nbits = mbedtls_mpi_bitlen( &grp->N );
nexpaq 0:6c56fb4bc5f0 358
nexpaq 0:6c56fb4bc5f0 359 /*
nexpaq 0:6c56fb4bc5f0 360 * Allow optional elements by purposefully not enforcing p == end here.
nexpaq 0:6c56fb4bc5f0 361 */
nexpaq 0:6c56fb4bc5f0 362
nexpaq 0:6c56fb4bc5f0 363 return( 0 );
nexpaq 0:6c56fb4bc5f0 364 }
nexpaq 0:6c56fb4bc5f0 365
nexpaq 0:6c56fb4bc5f0 366 /*
nexpaq 0:6c56fb4bc5f0 367 * Find the group id associated with an (almost filled) group as generated by
nexpaq 0:6c56fb4bc5f0 368 * pk_group_from_specified(), or return an error if unknown.
nexpaq 0:6c56fb4bc5f0 369 */
nexpaq 0:6c56fb4bc5f0 370 static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id )
nexpaq 0:6c56fb4bc5f0 371 {
nexpaq 0:6c56fb4bc5f0 372 int ret = 0;
nexpaq 0:6c56fb4bc5f0 373 mbedtls_ecp_group ref;
nexpaq 0:6c56fb4bc5f0 374 const mbedtls_ecp_group_id *id;
nexpaq 0:6c56fb4bc5f0 375
nexpaq 0:6c56fb4bc5f0 376 mbedtls_ecp_group_init( &ref );
nexpaq 0:6c56fb4bc5f0 377
nexpaq 0:6c56fb4bc5f0 378 for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ )
nexpaq 0:6c56fb4bc5f0 379 {
nexpaq 0:6c56fb4bc5f0 380 /* Load the group associated to that id */
nexpaq 0:6c56fb4bc5f0 381 mbedtls_ecp_group_free( &ref );
nexpaq 0:6c56fb4bc5f0 382 MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ref, *id ) );
nexpaq 0:6c56fb4bc5f0 383
nexpaq 0:6c56fb4bc5f0 384 /* Compare to the group we were given, starting with easy tests */
nexpaq 0:6c56fb4bc5f0 385 if( grp->pbits == ref.pbits && grp->nbits == ref.nbits &&
nexpaq 0:6c56fb4bc5f0 386 mbedtls_mpi_cmp_mpi( &grp->P, &ref.P ) == 0 &&
nexpaq 0:6c56fb4bc5f0 387 mbedtls_mpi_cmp_mpi( &grp->A, &ref.A ) == 0 &&
nexpaq 0:6c56fb4bc5f0 388 mbedtls_mpi_cmp_mpi( &grp->B, &ref.B ) == 0 &&
nexpaq 0:6c56fb4bc5f0 389 mbedtls_mpi_cmp_mpi( &grp->N, &ref.N ) == 0 &&
nexpaq 0:6c56fb4bc5f0 390 mbedtls_mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 &&
nexpaq 0:6c56fb4bc5f0 391 mbedtls_mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 &&
nexpaq 0:6c56fb4bc5f0 392 /* For Y we may only know the parity bit, so compare only that */
nexpaq 0:6c56fb4bc5f0 393 mbedtls_mpi_get_bit( &grp->G.Y, 0 ) == mbedtls_mpi_get_bit( &ref.G.Y, 0 ) )
nexpaq 0:6c56fb4bc5f0 394 {
nexpaq 0:6c56fb4bc5f0 395 break;
nexpaq 0:6c56fb4bc5f0 396 }
nexpaq 0:6c56fb4bc5f0 397
nexpaq 0:6c56fb4bc5f0 398 }
nexpaq 0:6c56fb4bc5f0 399
nexpaq 0:6c56fb4bc5f0 400 cleanup:
nexpaq 0:6c56fb4bc5f0 401 mbedtls_ecp_group_free( &ref );
nexpaq 0:6c56fb4bc5f0 402
nexpaq 0:6c56fb4bc5f0 403 *grp_id = *id;
nexpaq 0:6c56fb4bc5f0 404
nexpaq 0:6c56fb4bc5f0 405 if( ret == 0 && *id == MBEDTLS_ECP_DP_NONE )
nexpaq 0:6c56fb4bc5f0 406 ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
nexpaq 0:6c56fb4bc5f0 407
nexpaq 0:6c56fb4bc5f0 408 return( ret );
nexpaq 0:6c56fb4bc5f0 409 }
nexpaq 0:6c56fb4bc5f0 410
nexpaq 0:6c56fb4bc5f0 411 /*
nexpaq 0:6c56fb4bc5f0 412 * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID
nexpaq 0:6c56fb4bc5f0 413 */
nexpaq 0:6c56fb4bc5f0 414 static int pk_group_id_from_specified( const mbedtls_asn1_buf *params,
nexpaq 0:6c56fb4bc5f0 415 mbedtls_ecp_group_id *grp_id )
nexpaq 0:6c56fb4bc5f0 416 {
nexpaq 0:6c56fb4bc5f0 417 int ret;
nexpaq 0:6c56fb4bc5f0 418 mbedtls_ecp_group grp;
nexpaq 0:6c56fb4bc5f0 419
nexpaq 0:6c56fb4bc5f0 420 mbedtls_ecp_group_init( &grp );
nexpaq 0:6c56fb4bc5f0 421
nexpaq 0:6c56fb4bc5f0 422 if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 423 goto cleanup;
nexpaq 0:6c56fb4bc5f0 424
nexpaq 0:6c56fb4bc5f0 425 ret = pk_group_id_from_group( &grp, grp_id );
nexpaq 0:6c56fb4bc5f0 426
nexpaq 0:6c56fb4bc5f0 427 cleanup:
nexpaq 0:6c56fb4bc5f0 428 mbedtls_ecp_group_free( &grp );
nexpaq 0:6c56fb4bc5f0 429
nexpaq 0:6c56fb4bc5f0 430 return( ret );
nexpaq 0:6c56fb4bc5f0 431 }
nexpaq 0:6c56fb4bc5f0 432 #endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
nexpaq 0:6c56fb4bc5f0 433
nexpaq 0:6c56fb4bc5f0 434 /*
nexpaq 0:6c56fb4bc5f0 435 * Use EC parameters to initialise an EC group
nexpaq 0:6c56fb4bc5f0 436 *
nexpaq 0:6c56fb4bc5f0 437 * ECParameters ::= CHOICE {
nexpaq 0:6c56fb4bc5f0 438 * namedCurve OBJECT IDENTIFIER
nexpaq 0:6c56fb4bc5f0 439 * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
nexpaq 0:6c56fb4bc5f0 440 * -- implicitCurve NULL
nexpaq 0:6c56fb4bc5f0 441 */
nexpaq 0:6c56fb4bc5f0 442 static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
nexpaq 0:6c56fb4bc5f0 443 {
nexpaq 0:6c56fb4bc5f0 444 int ret;
nexpaq 0:6c56fb4bc5f0 445 mbedtls_ecp_group_id grp_id;
nexpaq 0:6c56fb4bc5f0 446
nexpaq 0:6c56fb4bc5f0 447 if( params->tag == MBEDTLS_ASN1_OID )
nexpaq 0:6c56fb4bc5f0 448 {
nexpaq 0:6c56fb4bc5f0 449 if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 )
nexpaq 0:6c56fb4bc5f0 450 return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE );
nexpaq 0:6c56fb4bc5f0 451 }
nexpaq 0:6c56fb4bc5f0 452 else
nexpaq 0:6c56fb4bc5f0 453 {
nexpaq 0:6c56fb4bc5f0 454 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
nexpaq 0:6c56fb4bc5f0 455 if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 456 return( ret );
nexpaq 0:6c56fb4bc5f0 457 #else
nexpaq 0:6c56fb4bc5f0 458 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
nexpaq 0:6c56fb4bc5f0 459 #endif
nexpaq 0:6c56fb4bc5f0 460 }
nexpaq 0:6c56fb4bc5f0 461
nexpaq 0:6c56fb4bc5f0 462 /*
nexpaq 0:6c56fb4bc5f0 463 * grp may already be initilialized; if so, make sure IDs match
nexpaq 0:6c56fb4bc5f0 464 */
nexpaq 0:6c56fb4bc5f0 465 if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id )
nexpaq 0:6c56fb4bc5f0 466 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
nexpaq 0:6c56fb4bc5f0 467
nexpaq 0:6c56fb4bc5f0 468 if( ( ret = mbedtls_ecp_group_load( grp, grp_id ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 469 return( ret );
nexpaq 0:6c56fb4bc5f0 470
nexpaq 0:6c56fb4bc5f0 471 return( 0 );
nexpaq 0:6c56fb4bc5f0 472 }
nexpaq 0:6c56fb4bc5f0 473
nexpaq 0:6c56fb4bc5f0 474 /*
nexpaq 0:6c56fb4bc5f0 475 * EC public key is an EC point
nexpaq 0:6c56fb4bc5f0 476 *
nexpaq 0:6c56fb4bc5f0 477 * The caller is responsible for clearing the structure upon failure if
nexpaq 0:6c56fb4bc5f0 478 * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE
nexpaq 0:6c56fb4bc5f0 479 * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state.
nexpaq 0:6c56fb4bc5f0 480 */
nexpaq 0:6c56fb4bc5f0 481 static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
nexpaq 0:6c56fb4bc5f0 482 mbedtls_ecp_keypair *key )
nexpaq 0:6c56fb4bc5f0 483 {
nexpaq 0:6c56fb4bc5f0 484 int ret;
nexpaq 0:6c56fb4bc5f0 485
nexpaq 0:6c56fb4bc5f0 486 if( ( ret = mbedtls_ecp_point_read_binary( &key->grp, &key->Q,
nexpaq 0:6c56fb4bc5f0 487 (const unsigned char *) *p, end - *p ) ) == 0 )
nexpaq 0:6c56fb4bc5f0 488 {
nexpaq 0:6c56fb4bc5f0 489 ret = mbedtls_ecp_check_pubkey( &key->grp, &key->Q );
nexpaq 0:6c56fb4bc5f0 490 }
nexpaq 0:6c56fb4bc5f0 491
nexpaq 0:6c56fb4bc5f0 492 /*
nexpaq 0:6c56fb4bc5f0 493 * We know mbedtls_ecp_point_read_binary consumed all bytes or failed
nexpaq 0:6c56fb4bc5f0 494 */
nexpaq 0:6c56fb4bc5f0 495 *p = (unsigned char *) end;
nexpaq 0:6c56fb4bc5f0 496
nexpaq 0:6c56fb4bc5f0 497 return( ret );
nexpaq 0:6c56fb4bc5f0 498 }
nexpaq 0:6c56fb4bc5f0 499 #endif /* MBEDTLS_ECP_C */
nexpaq 0:6c56fb4bc5f0 500
nexpaq 0:6c56fb4bc5f0 501 #if defined(MBEDTLS_RSA_C)
nexpaq 0:6c56fb4bc5f0 502 /*
nexpaq 0:6c56fb4bc5f0 503 * RSAPublicKey ::= SEQUENCE {
nexpaq 0:6c56fb4bc5f0 504 * modulus INTEGER, -- n
nexpaq 0:6c56fb4bc5f0 505 * publicExponent INTEGER -- e
nexpaq 0:6c56fb4bc5f0 506 * }
nexpaq 0:6c56fb4bc5f0 507 */
nexpaq 0:6c56fb4bc5f0 508 static int pk_get_rsapubkey( unsigned char **p,
nexpaq 0:6c56fb4bc5f0 509 const unsigned char *end,
nexpaq 0:6c56fb4bc5f0 510 mbedtls_rsa_context *rsa )
nexpaq 0:6c56fb4bc5f0 511 {
nexpaq 0:6c56fb4bc5f0 512 int ret;
nexpaq 0:6c56fb4bc5f0 513 size_t len;
nexpaq 0:6c56fb4bc5f0 514
nexpaq 0:6c56fb4bc5f0 515 if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
nexpaq 0:6c56fb4bc5f0 516 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 517 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
nexpaq 0:6c56fb4bc5f0 518
nexpaq 0:6c56fb4bc5f0 519 if( *p + len != end )
nexpaq 0:6c56fb4bc5f0 520 return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
nexpaq 0:6c56fb4bc5f0 521 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
nexpaq 0:6c56fb4bc5f0 522
nexpaq 0:6c56fb4bc5f0 523 if( ( ret = mbedtls_asn1_get_mpi( p, end, &rsa->N ) ) != 0 ||
nexpaq 0:6c56fb4bc5f0 524 ( ret = mbedtls_asn1_get_mpi( p, end, &rsa->E ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 525 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
nexpaq 0:6c56fb4bc5f0 526
nexpaq 0:6c56fb4bc5f0 527 if( *p != end )
nexpaq 0:6c56fb4bc5f0 528 return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
nexpaq 0:6c56fb4bc5f0 529 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
nexpaq 0:6c56fb4bc5f0 530
nexpaq 0:6c56fb4bc5f0 531 if( ( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 532 return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
nexpaq 0:6c56fb4bc5f0 533
nexpaq 0:6c56fb4bc5f0 534 rsa->len = mbedtls_mpi_size( &rsa->N );
nexpaq 0:6c56fb4bc5f0 535
nexpaq 0:6c56fb4bc5f0 536 return( 0 );
nexpaq 0:6c56fb4bc5f0 537 }
nexpaq 0:6c56fb4bc5f0 538 #endif /* MBEDTLS_RSA_C */
nexpaq 0:6c56fb4bc5f0 539
nexpaq 0:6c56fb4bc5f0 540 /* Get a PK algorithm identifier
nexpaq 0:6c56fb4bc5f0 541 *
nexpaq 0:6c56fb4bc5f0 542 * AlgorithmIdentifier ::= SEQUENCE {
nexpaq 0:6c56fb4bc5f0 543 * algorithm OBJECT IDENTIFIER,
nexpaq 0:6c56fb4bc5f0 544 * parameters ANY DEFINED BY algorithm OPTIONAL }
nexpaq 0:6c56fb4bc5f0 545 */
nexpaq 0:6c56fb4bc5f0 546 static int pk_get_pk_alg( unsigned char **p,
nexpaq 0:6c56fb4bc5f0 547 const unsigned char *end,
nexpaq 0:6c56fb4bc5f0 548 mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params )
nexpaq 0:6c56fb4bc5f0 549 {
nexpaq 0:6c56fb4bc5f0 550 int ret;
nexpaq 0:6c56fb4bc5f0 551 mbedtls_asn1_buf alg_oid;
nexpaq 0:6c56fb4bc5f0 552
nexpaq 0:6c56fb4bc5f0 553 memset( params, 0, sizeof(mbedtls_asn1_buf) );
nexpaq 0:6c56fb4bc5f0 554
nexpaq 0:6c56fb4bc5f0 555 if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 556 return( MBEDTLS_ERR_PK_INVALID_ALG + ret );
nexpaq 0:6c56fb4bc5f0 557
nexpaq 0:6c56fb4bc5f0 558 if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 )
nexpaq 0:6c56fb4bc5f0 559 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
nexpaq 0:6c56fb4bc5f0 560
nexpaq 0:6c56fb4bc5f0 561 /*
nexpaq 0:6c56fb4bc5f0 562 * No parameters with RSA (only for EC)
nexpaq 0:6c56fb4bc5f0 563 */
nexpaq 0:6c56fb4bc5f0 564 if( *pk_alg == MBEDTLS_PK_RSA &&
nexpaq 0:6c56fb4bc5f0 565 ( ( params->tag != MBEDTLS_ASN1_NULL && params->tag != 0 ) ||
nexpaq 0:6c56fb4bc5f0 566 params->len != 0 ) )
nexpaq 0:6c56fb4bc5f0 567 {
nexpaq 0:6c56fb4bc5f0 568 return( MBEDTLS_ERR_PK_INVALID_ALG );
nexpaq 0:6c56fb4bc5f0 569 }
nexpaq 0:6c56fb4bc5f0 570
nexpaq 0:6c56fb4bc5f0 571 return( 0 );
nexpaq 0:6c56fb4bc5f0 572 }
nexpaq 0:6c56fb4bc5f0 573
nexpaq 0:6c56fb4bc5f0 574 /*
nexpaq 0:6c56fb4bc5f0 575 * SubjectPublicKeyInfo ::= SEQUENCE {
nexpaq 0:6c56fb4bc5f0 576 * algorithm AlgorithmIdentifier,
nexpaq 0:6c56fb4bc5f0 577 * subjectPublicKey BIT STRING }
nexpaq 0:6c56fb4bc5f0 578 */
nexpaq 0:6c56fb4bc5f0 579 int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
nexpaq 0:6c56fb4bc5f0 580 mbedtls_pk_context *pk )
nexpaq 0:6c56fb4bc5f0 581 {
nexpaq 0:6c56fb4bc5f0 582 int ret;
nexpaq 0:6c56fb4bc5f0 583 size_t len;
nexpaq 0:6c56fb4bc5f0 584 mbedtls_asn1_buf alg_params;
nexpaq 0:6c56fb4bc5f0 585 mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
nexpaq 0:6c56fb4bc5f0 586 const mbedtls_pk_info_t *pk_info;
nexpaq 0:6c56fb4bc5f0 587
nexpaq 0:6c56fb4bc5f0 588 if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
nexpaq 0:6c56fb4bc5f0 589 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 590 {
nexpaq 0:6c56fb4bc5f0 591 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 592 }
nexpaq 0:6c56fb4bc5f0 593
nexpaq 0:6c56fb4bc5f0 594 end = *p + len;
nexpaq 0:6c56fb4bc5f0 595
nexpaq 0:6c56fb4bc5f0 596 if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 597 return( ret );
nexpaq 0:6c56fb4bc5f0 598
nexpaq 0:6c56fb4bc5f0 599 if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 600 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
nexpaq 0:6c56fb4bc5f0 601
nexpaq 0:6c56fb4bc5f0 602 if( *p + len != end )
nexpaq 0:6c56fb4bc5f0 603 return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
nexpaq 0:6c56fb4bc5f0 604 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
nexpaq 0:6c56fb4bc5f0 605
nexpaq 0:6c56fb4bc5f0 606 if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
nexpaq 0:6c56fb4bc5f0 607 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
nexpaq 0:6c56fb4bc5f0 608
nexpaq 0:6c56fb4bc5f0 609 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 610 return( ret );
nexpaq 0:6c56fb4bc5f0 611
nexpaq 0:6c56fb4bc5f0 612 #if defined(MBEDTLS_RSA_C)
nexpaq 0:6c56fb4bc5f0 613 if( pk_alg == MBEDTLS_PK_RSA )
nexpaq 0:6c56fb4bc5f0 614 {
nexpaq 0:6c56fb4bc5f0 615 ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) );
nexpaq 0:6c56fb4bc5f0 616 } else
nexpaq 0:6c56fb4bc5f0 617 #endif /* MBEDTLS_RSA_C */
nexpaq 0:6c56fb4bc5f0 618 #if defined(MBEDTLS_ECP_C)
nexpaq 0:6c56fb4bc5f0 619 if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY )
nexpaq 0:6c56fb4bc5f0 620 {
nexpaq 0:6c56fb4bc5f0 621 ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp );
nexpaq 0:6c56fb4bc5f0 622 if( ret == 0 )
nexpaq 0:6c56fb4bc5f0 623 ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) );
nexpaq 0:6c56fb4bc5f0 624 } else
nexpaq 0:6c56fb4bc5f0 625 #endif /* MBEDTLS_ECP_C */
nexpaq 0:6c56fb4bc5f0 626 ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
nexpaq 0:6c56fb4bc5f0 627
nexpaq 0:6c56fb4bc5f0 628 if( ret == 0 && *p != end )
nexpaq 0:6c56fb4bc5f0 629 ret = MBEDTLS_ERR_PK_INVALID_PUBKEY
nexpaq 0:6c56fb4bc5f0 630 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
nexpaq 0:6c56fb4bc5f0 631
nexpaq 0:6c56fb4bc5f0 632 if( ret != 0 )
nexpaq 0:6c56fb4bc5f0 633 mbedtls_pk_free( pk );
nexpaq 0:6c56fb4bc5f0 634
nexpaq 0:6c56fb4bc5f0 635 return( ret );
nexpaq 0:6c56fb4bc5f0 636 }
nexpaq 0:6c56fb4bc5f0 637
nexpaq 0:6c56fb4bc5f0 638 #if defined(MBEDTLS_RSA_C)
nexpaq 0:6c56fb4bc5f0 639 /*
nexpaq 0:6c56fb4bc5f0 640 * Parse a PKCS#1 encoded private RSA key
nexpaq 0:6c56fb4bc5f0 641 */
nexpaq 0:6c56fb4bc5f0 642 static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
nexpaq 0:6c56fb4bc5f0 643 const unsigned char *key,
nexpaq 0:6c56fb4bc5f0 644 size_t keylen )
nexpaq 0:6c56fb4bc5f0 645 {
nexpaq 0:6c56fb4bc5f0 646 int ret;
nexpaq 0:6c56fb4bc5f0 647 size_t len;
nexpaq 0:6c56fb4bc5f0 648 unsigned char *p, *end;
nexpaq 0:6c56fb4bc5f0 649
nexpaq 0:6c56fb4bc5f0 650 p = (unsigned char *) key;
nexpaq 0:6c56fb4bc5f0 651 end = p + keylen;
nexpaq 0:6c56fb4bc5f0 652
nexpaq 0:6c56fb4bc5f0 653 /*
nexpaq 0:6c56fb4bc5f0 654 * This function parses the RSAPrivateKey (PKCS#1)
nexpaq 0:6c56fb4bc5f0 655 *
nexpaq 0:6c56fb4bc5f0 656 * RSAPrivateKey ::= SEQUENCE {
nexpaq 0:6c56fb4bc5f0 657 * version Version,
nexpaq 0:6c56fb4bc5f0 658 * modulus INTEGER, -- n
nexpaq 0:6c56fb4bc5f0 659 * publicExponent INTEGER, -- e
nexpaq 0:6c56fb4bc5f0 660 * privateExponent INTEGER, -- d
nexpaq 0:6c56fb4bc5f0 661 * prime1 INTEGER, -- p
nexpaq 0:6c56fb4bc5f0 662 * prime2 INTEGER, -- q
nexpaq 0:6c56fb4bc5f0 663 * exponent1 INTEGER, -- d mod (p-1)
nexpaq 0:6c56fb4bc5f0 664 * exponent2 INTEGER, -- d mod (q-1)
nexpaq 0:6c56fb4bc5f0 665 * coefficient INTEGER, -- (inverse of q) mod p
nexpaq 0:6c56fb4bc5f0 666 * otherPrimeInfos OtherPrimeInfos OPTIONAL
nexpaq 0:6c56fb4bc5f0 667 * }
nexpaq 0:6c56fb4bc5f0 668 */
nexpaq 0:6c56fb4bc5f0 669 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
nexpaq 0:6c56fb4bc5f0 670 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 671 {
nexpaq 0:6c56fb4bc5f0 672 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 673 }
nexpaq 0:6c56fb4bc5f0 674
nexpaq 0:6c56fb4bc5f0 675 end = p + len;
nexpaq 0:6c56fb4bc5f0 676
nexpaq 0:6c56fb4bc5f0 677 if( ( ret = mbedtls_asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 678 {
nexpaq 0:6c56fb4bc5f0 679 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 680 }
nexpaq 0:6c56fb4bc5f0 681
nexpaq 0:6c56fb4bc5f0 682 if( rsa->ver != 0 )
nexpaq 0:6c56fb4bc5f0 683 {
nexpaq 0:6c56fb4bc5f0 684 return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
nexpaq 0:6c56fb4bc5f0 685 }
nexpaq 0:6c56fb4bc5f0 686
nexpaq 0:6c56fb4bc5f0 687 if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
nexpaq 0:6c56fb4bc5f0 688 ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
nexpaq 0:6c56fb4bc5f0 689 ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
nexpaq 0:6c56fb4bc5f0 690 ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->P ) ) != 0 ||
nexpaq 0:6c56fb4bc5f0 691 ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 ||
nexpaq 0:6c56fb4bc5f0 692 ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
nexpaq 0:6c56fb4bc5f0 693 ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
nexpaq 0:6c56fb4bc5f0 694 ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 695 {
nexpaq 0:6c56fb4bc5f0 696 mbedtls_rsa_free( rsa );
nexpaq 0:6c56fb4bc5f0 697 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 698 }
nexpaq 0:6c56fb4bc5f0 699
nexpaq 0:6c56fb4bc5f0 700 rsa->len = mbedtls_mpi_size( &rsa->N );
nexpaq 0:6c56fb4bc5f0 701
nexpaq 0:6c56fb4bc5f0 702 if( p != end )
nexpaq 0:6c56fb4bc5f0 703 {
nexpaq 0:6c56fb4bc5f0 704 mbedtls_rsa_free( rsa );
nexpaq 0:6c56fb4bc5f0 705 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
nexpaq 0:6c56fb4bc5f0 706 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
nexpaq 0:6c56fb4bc5f0 707 }
nexpaq 0:6c56fb4bc5f0 708
nexpaq 0:6c56fb4bc5f0 709 if( ( ret = mbedtls_rsa_check_privkey( rsa ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 710 {
nexpaq 0:6c56fb4bc5f0 711 mbedtls_rsa_free( rsa );
nexpaq 0:6c56fb4bc5f0 712 return( ret );
nexpaq 0:6c56fb4bc5f0 713 }
nexpaq 0:6c56fb4bc5f0 714
nexpaq 0:6c56fb4bc5f0 715 return( 0 );
nexpaq 0:6c56fb4bc5f0 716 }
nexpaq 0:6c56fb4bc5f0 717 #endif /* MBEDTLS_RSA_C */
nexpaq 0:6c56fb4bc5f0 718
nexpaq 0:6c56fb4bc5f0 719 #if defined(MBEDTLS_ECP_C)
nexpaq 0:6c56fb4bc5f0 720 /*
nexpaq 0:6c56fb4bc5f0 721 * Parse a SEC1 encoded private EC key
nexpaq 0:6c56fb4bc5f0 722 */
nexpaq 0:6c56fb4bc5f0 723 static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
nexpaq 0:6c56fb4bc5f0 724 const unsigned char *key,
nexpaq 0:6c56fb4bc5f0 725 size_t keylen )
nexpaq 0:6c56fb4bc5f0 726 {
nexpaq 0:6c56fb4bc5f0 727 int ret;
nexpaq 0:6c56fb4bc5f0 728 int version, pubkey_done;
nexpaq 0:6c56fb4bc5f0 729 size_t len;
nexpaq 0:6c56fb4bc5f0 730 mbedtls_asn1_buf params;
nexpaq 0:6c56fb4bc5f0 731 unsigned char *p = (unsigned char *) key;
nexpaq 0:6c56fb4bc5f0 732 unsigned char *end = p + keylen;
nexpaq 0:6c56fb4bc5f0 733 unsigned char *end2;
nexpaq 0:6c56fb4bc5f0 734
nexpaq 0:6c56fb4bc5f0 735 /*
nexpaq 0:6c56fb4bc5f0 736 * RFC 5915, or SEC1 Appendix C.4
nexpaq 0:6c56fb4bc5f0 737 *
nexpaq 0:6c56fb4bc5f0 738 * ECPrivateKey ::= SEQUENCE {
nexpaq 0:6c56fb4bc5f0 739 * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
nexpaq 0:6c56fb4bc5f0 740 * privateKey OCTET STRING,
nexpaq 0:6c56fb4bc5f0 741 * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
nexpaq 0:6c56fb4bc5f0 742 * publicKey [1] BIT STRING OPTIONAL
nexpaq 0:6c56fb4bc5f0 743 * }
nexpaq 0:6c56fb4bc5f0 744 */
nexpaq 0:6c56fb4bc5f0 745 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
nexpaq 0:6c56fb4bc5f0 746 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 747 {
nexpaq 0:6c56fb4bc5f0 748 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 749 }
nexpaq 0:6c56fb4bc5f0 750
nexpaq 0:6c56fb4bc5f0 751 end = p + len;
nexpaq 0:6c56fb4bc5f0 752
nexpaq 0:6c56fb4bc5f0 753 if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 754 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 755
nexpaq 0:6c56fb4bc5f0 756 if( version != 1 )
nexpaq 0:6c56fb4bc5f0 757 return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
nexpaq 0:6c56fb4bc5f0 758
nexpaq 0:6c56fb4bc5f0 759 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 760 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 761
nexpaq 0:6c56fb4bc5f0 762 if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 763 {
nexpaq 0:6c56fb4bc5f0 764 mbedtls_ecp_keypair_free( eck );
nexpaq 0:6c56fb4bc5f0 765 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 766 }
nexpaq 0:6c56fb4bc5f0 767
nexpaq 0:6c56fb4bc5f0 768 p += len;
nexpaq 0:6c56fb4bc5f0 769
nexpaq 0:6c56fb4bc5f0 770 pubkey_done = 0;
nexpaq 0:6c56fb4bc5f0 771 if( p != end )
nexpaq 0:6c56fb4bc5f0 772 {
nexpaq 0:6c56fb4bc5f0 773 /*
nexpaq 0:6c56fb4bc5f0 774 * Is 'parameters' present?
nexpaq 0:6c56fb4bc5f0 775 */
nexpaq 0:6c56fb4bc5f0 776 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
nexpaq 0:6c56fb4bc5f0 777 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
nexpaq 0:6c56fb4bc5f0 778 {
nexpaq 0:6c56fb4bc5f0 779 if( ( ret = pk_get_ecparams( &p, p + len, &params) ) != 0 ||
nexpaq 0:6c56fb4bc5f0 780 ( ret = pk_use_ecparams( &params, &eck->grp ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 781 {
nexpaq 0:6c56fb4bc5f0 782 mbedtls_ecp_keypair_free( eck );
nexpaq 0:6c56fb4bc5f0 783 return( ret );
nexpaq 0:6c56fb4bc5f0 784 }
nexpaq 0:6c56fb4bc5f0 785 }
nexpaq 0:6c56fb4bc5f0 786 else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
nexpaq 0:6c56fb4bc5f0 787 {
nexpaq 0:6c56fb4bc5f0 788 mbedtls_ecp_keypair_free( eck );
nexpaq 0:6c56fb4bc5f0 789 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 790 }
nexpaq 0:6c56fb4bc5f0 791
nexpaq 0:6c56fb4bc5f0 792 /*
nexpaq 0:6c56fb4bc5f0 793 * Is 'publickey' present? If not, or if we can't read it (eg because it
nexpaq 0:6c56fb4bc5f0 794 * is compressed), create it from the private key.
nexpaq 0:6c56fb4bc5f0 795 */
nexpaq 0:6c56fb4bc5f0 796 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
nexpaq 0:6c56fb4bc5f0 797 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
nexpaq 0:6c56fb4bc5f0 798 {
nexpaq 0:6c56fb4bc5f0 799 end2 = p + len;
nexpaq 0:6c56fb4bc5f0 800
nexpaq 0:6c56fb4bc5f0 801 if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 802 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 803
nexpaq 0:6c56fb4bc5f0 804 if( p + len != end2 )
nexpaq 0:6c56fb4bc5f0 805 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
nexpaq 0:6c56fb4bc5f0 806 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
nexpaq 0:6c56fb4bc5f0 807
nexpaq 0:6c56fb4bc5f0 808 if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
nexpaq 0:6c56fb4bc5f0 809 pubkey_done = 1;
nexpaq 0:6c56fb4bc5f0 810 else
nexpaq 0:6c56fb4bc5f0 811 {
nexpaq 0:6c56fb4bc5f0 812 /*
nexpaq 0:6c56fb4bc5f0 813 * The only acceptable failure mode of pk_get_ecpubkey() above
nexpaq 0:6c56fb4bc5f0 814 * is if the point format is not recognized.
nexpaq 0:6c56fb4bc5f0 815 */
nexpaq 0:6c56fb4bc5f0 816 if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE )
nexpaq 0:6c56fb4bc5f0 817 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
nexpaq 0:6c56fb4bc5f0 818 }
nexpaq 0:6c56fb4bc5f0 819 }
nexpaq 0:6c56fb4bc5f0 820 else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
nexpaq 0:6c56fb4bc5f0 821 {
nexpaq 0:6c56fb4bc5f0 822 mbedtls_ecp_keypair_free( eck );
nexpaq 0:6c56fb4bc5f0 823 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 824 }
nexpaq 0:6c56fb4bc5f0 825 }
nexpaq 0:6c56fb4bc5f0 826
nexpaq 0:6c56fb4bc5f0 827 if( ! pubkey_done &&
nexpaq 0:6c56fb4bc5f0 828 ( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
nexpaq 0:6c56fb4bc5f0 829 NULL, NULL ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 830 {
nexpaq 0:6c56fb4bc5f0 831 mbedtls_ecp_keypair_free( eck );
nexpaq 0:6c56fb4bc5f0 832 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 833 }
nexpaq 0:6c56fb4bc5f0 834
nexpaq 0:6c56fb4bc5f0 835 if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 836 {
nexpaq 0:6c56fb4bc5f0 837 mbedtls_ecp_keypair_free( eck );
nexpaq 0:6c56fb4bc5f0 838 return( ret );
nexpaq 0:6c56fb4bc5f0 839 }
nexpaq 0:6c56fb4bc5f0 840
nexpaq 0:6c56fb4bc5f0 841 return( 0 );
nexpaq 0:6c56fb4bc5f0 842 }
nexpaq 0:6c56fb4bc5f0 843 #endif /* MBEDTLS_ECP_C */
nexpaq 0:6c56fb4bc5f0 844
nexpaq 0:6c56fb4bc5f0 845 /*
nexpaq 0:6c56fb4bc5f0 846 * Parse an unencrypted PKCS#8 encoded private key
nexpaq 0:6c56fb4bc5f0 847 */
nexpaq 0:6c56fb4bc5f0 848 static int pk_parse_key_pkcs8_unencrypted_der(
nexpaq 0:6c56fb4bc5f0 849 mbedtls_pk_context *pk,
nexpaq 0:6c56fb4bc5f0 850 const unsigned char* key,
nexpaq 0:6c56fb4bc5f0 851 size_t keylen )
nexpaq 0:6c56fb4bc5f0 852 {
nexpaq 0:6c56fb4bc5f0 853 int ret, version;
nexpaq 0:6c56fb4bc5f0 854 size_t len;
nexpaq 0:6c56fb4bc5f0 855 mbedtls_asn1_buf params;
nexpaq 0:6c56fb4bc5f0 856 unsigned char *p = (unsigned char *) key;
nexpaq 0:6c56fb4bc5f0 857 unsigned char *end = p + keylen;
nexpaq 0:6c56fb4bc5f0 858 mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
nexpaq 0:6c56fb4bc5f0 859 const mbedtls_pk_info_t *pk_info;
nexpaq 0:6c56fb4bc5f0 860
nexpaq 0:6c56fb4bc5f0 861 /*
nexpaq 0:6c56fb4bc5f0 862 * This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208)
nexpaq 0:6c56fb4bc5f0 863 *
nexpaq 0:6c56fb4bc5f0 864 * PrivateKeyInfo ::= SEQUENCE {
nexpaq 0:6c56fb4bc5f0 865 * version Version,
nexpaq 0:6c56fb4bc5f0 866 * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
nexpaq 0:6c56fb4bc5f0 867 * privateKey PrivateKey,
nexpaq 0:6c56fb4bc5f0 868 * attributes [0] IMPLICIT Attributes OPTIONAL }
nexpaq 0:6c56fb4bc5f0 869 *
nexpaq 0:6c56fb4bc5f0 870 * Version ::= INTEGER
nexpaq 0:6c56fb4bc5f0 871 * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
nexpaq 0:6c56fb4bc5f0 872 * PrivateKey ::= OCTET STRING
nexpaq 0:6c56fb4bc5f0 873 *
nexpaq 0:6c56fb4bc5f0 874 * The PrivateKey OCTET STRING is a SEC1 ECPrivateKey
nexpaq 0:6c56fb4bc5f0 875 */
nexpaq 0:6c56fb4bc5f0 876
nexpaq 0:6c56fb4bc5f0 877 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
nexpaq 0:6c56fb4bc5f0 878 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 879 {
nexpaq 0:6c56fb4bc5f0 880 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 881 }
nexpaq 0:6c56fb4bc5f0 882
nexpaq 0:6c56fb4bc5f0 883 end = p + len;
nexpaq 0:6c56fb4bc5f0 884
nexpaq 0:6c56fb4bc5f0 885 if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 886 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 887
nexpaq 0:6c56fb4bc5f0 888 if( version != 0 )
nexpaq 0:6c56fb4bc5f0 889 return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret );
nexpaq 0:6c56fb4bc5f0 890
nexpaq 0:6c56fb4bc5f0 891 if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, &params ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 892 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 893
nexpaq 0:6c56fb4bc5f0 894 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 895 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 896
nexpaq 0:6c56fb4bc5f0 897 if( len < 1 )
nexpaq 0:6c56fb4bc5f0 898 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
nexpaq 0:6c56fb4bc5f0 899 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
nexpaq 0:6c56fb4bc5f0 900
nexpaq 0:6c56fb4bc5f0 901 if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
nexpaq 0:6c56fb4bc5f0 902 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
nexpaq 0:6c56fb4bc5f0 903
nexpaq 0:6c56fb4bc5f0 904 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 905 return( ret );
nexpaq 0:6c56fb4bc5f0 906
nexpaq 0:6c56fb4bc5f0 907 #if defined(MBEDTLS_RSA_C)
nexpaq 0:6c56fb4bc5f0 908 if( pk_alg == MBEDTLS_PK_RSA )
nexpaq 0:6c56fb4bc5f0 909 {
nexpaq 0:6c56fb4bc5f0 910 if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 911 {
nexpaq 0:6c56fb4bc5f0 912 mbedtls_pk_free( pk );
nexpaq 0:6c56fb4bc5f0 913 return( ret );
nexpaq 0:6c56fb4bc5f0 914 }
nexpaq 0:6c56fb4bc5f0 915 } else
nexpaq 0:6c56fb4bc5f0 916 #endif /* MBEDTLS_RSA_C */
nexpaq 0:6c56fb4bc5f0 917 #if defined(MBEDTLS_ECP_C)
nexpaq 0:6c56fb4bc5f0 918 if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )
nexpaq 0:6c56fb4bc5f0 919 {
nexpaq 0:6c56fb4bc5f0 920 if( ( ret = pk_use_ecparams( &params, &mbedtls_pk_ec( *pk )->grp ) ) != 0 ||
nexpaq 0:6c56fb4bc5f0 921 ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 922 {
nexpaq 0:6c56fb4bc5f0 923 mbedtls_pk_free( pk );
nexpaq 0:6c56fb4bc5f0 924 return( ret );
nexpaq 0:6c56fb4bc5f0 925 }
nexpaq 0:6c56fb4bc5f0 926 } else
nexpaq 0:6c56fb4bc5f0 927 #endif /* MBEDTLS_ECP_C */
nexpaq 0:6c56fb4bc5f0 928 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
nexpaq 0:6c56fb4bc5f0 929
nexpaq 0:6c56fb4bc5f0 930 return( 0 );
nexpaq 0:6c56fb4bc5f0 931 }
nexpaq 0:6c56fb4bc5f0 932
nexpaq 0:6c56fb4bc5f0 933 /*
nexpaq 0:6c56fb4bc5f0 934 * Parse an encrypted PKCS#8 encoded private key
nexpaq 0:6c56fb4bc5f0 935 */
nexpaq 0:6c56fb4bc5f0 936 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
nexpaq 0:6c56fb4bc5f0 937 static int pk_parse_key_pkcs8_encrypted_der(
nexpaq 0:6c56fb4bc5f0 938 mbedtls_pk_context *pk,
nexpaq 0:6c56fb4bc5f0 939 const unsigned char *key, size_t keylen,
nexpaq 0:6c56fb4bc5f0 940 const unsigned char *pwd, size_t pwdlen )
nexpaq 0:6c56fb4bc5f0 941 {
nexpaq 0:6c56fb4bc5f0 942 int ret, decrypted = 0;
nexpaq 0:6c56fb4bc5f0 943 size_t len;
nexpaq 0:6c56fb4bc5f0 944 unsigned char buf[2048];
nexpaq 0:6c56fb4bc5f0 945 unsigned char *p, *end;
nexpaq 0:6c56fb4bc5f0 946 mbedtls_asn1_buf pbe_alg_oid, pbe_params;
nexpaq 0:6c56fb4bc5f0 947 #if defined(MBEDTLS_PKCS12_C)
nexpaq 0:6c56fb4bc5f0 948 mbedtls_cipher_type_t cipher_alg;
nexpaq 0:6c56fb4bc5f0 949 mbedtls_md_type_t md_alg;
nexpaq 0:6c56fb4bc5f0 950 #endif
nexpaq 0:6c56fb4bc5f0 951
nexpaq 0:6c56fb4bc5f0 952 memset( buf, 0, sizeof( buf ) );
nexpaq 0:6c56fb4bc5f0 953
nexpaq 0:6c56fb4bc5f0 954 p = (unsigned char *) key;
nexpaq 0:6c56fb4bc5f0 955 end = p + keylen;
nexpaq 0:6c56fb4bc5f0 956
nexpaq 0:6c56fb4bc5f0 957 if( pwdlen == 0 )
nexpaq 0:6c56fb4bc5f0 958 return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
nexpaq 0:6c56fb4bc5f0 959
nexpaq 0:6c56fb4bc5f0 960 /*
nexpaq 0:6c56fb4bc5f0 961 * This function parses the EncryptedPrivatKeyInfo object (PKCS#8)
nexpaq 0:6c56fb4bc5f0 962 *
nexpaq 0:6c56fb4bc5f0 963 * EncryptedPrivateKeyInfo ::= SEQUENCE {
nexpaq 0:6c56fb4bc5f0 964 * encryptionAlgorithm EncryptionAlgorithmIdentifier,
nexpaq 0:6c56fb4bc5f0 965 * encryptedData EncryptedData
nexpaq 0:6c56fb4bc5f0 966 * }
nexpaq 0:6c56fb4bc5f0 967 *
nexpaq 0:6c56fb4bc5f0 968 * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
nexpaq 0:6c56fb4bc5f0 969 *
nexpaq 0:6c56fb4bc5f0 970 * EncryptedData ::= OCTET STRING
nexpaq 0:6c56fb4bc5f0 971 *
nexpaq 0:6c56fb4bc5f0 972 * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
nexpaq 0:6c56fb4bc5f0 973 */
nexpaq 0:6c56fb4bc5f0 974 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
nexpaq 0:6c56fb4bc5f0 975 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 976 {
nexpaq 0:6c56fb4bc5f0 977 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 978 }
nexpaq 0:6c56fb4bc5f0 979
nexpaq 0:6c56fb4bc5f0 980 end = p + len;
nexpaq 0:6c56fb4bc5f0 981
nexpaq 0:6c56fb4bc5f0 982 if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 983 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 984
nexpaq 0:6c56fb4bc5f0 985 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 986 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
nexpaq 0:6c56fb4bc5f0 987
nexpaq 0:6c56fb4bc5f0 988 if( len > sizeof( buf ) )
nexpaq 0:6c56fb4bc5f0 989 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
nexpaq 0:6c56fb4bc5f0 990
nexpaq 0:6c56fb4bc5f0 991 /*
nexpaq 0:6c56fb4bc5f0 992 * Decrypt EncryptedData with appropriate PDE
nexpaq 0:6c56fb4bc5f0 993 */
nexpaq 0:6c56fb4bc5f0 994 #if defined(MBEDTLS_PKCS12_C)
nexpaq 0:6c56fb4bc5f0 995 if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
nexpaq 0:6c56fb4bc5f0 996 {
nexpaq 0:6c56fb4bc5f0 997 if( ( ret = mbedtls_pkcs12_pbe( &pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
nexpaq 0:6c56fb4bc5f0 998 cipher_alg, md_alg,
nexpaq 0:6c56fb4bc5f0 999 pwd, pwdlen, p, len, buf ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 1000 {
nexpaq 0:6c56fb4bc5f0 1001 if( ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH )
nexpaq 0:6c56fb4bc5f0 1002 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
nexpaq 0:6c56fb4bc5f0 1003
nexpaq 0:6c56fb4bc5f0 1004 return( ret );
nexpaq 0:6c56fb4bc5f0 1005 }
nexpaq 0:6c56fb4bc5f0 1006
nexpaq 0:6c56fb4bc5f0 1007 decrypted = 1;
nexpaq 0:6c56fb4bc5f0 1008 }
nexpaq 0:6c56fb4bc5f0 1009 else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 )
nexpaq 0:6c56fb4bc5f0 1010 {
nexpaq 0:6c56fb4bc5f0 1011 if( ( ret = mbedtls_pkcs12_pbe_sha1_rc4_128( &pbe_params,
nexpaq 0:6c56fb4bc5f0 1012 MBEDTLS_PKCS12_PBE_DECRYPT,
nexpaq 0:6c56fb4bc5f0 1013 pwd, pwdlen,
nexpaq 0:6c56fb4bc5f0 1014 p, len, buf ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 1015 {
nexpaq 0:6c56fb4bc5f0 1016 return( ret );
nexpaq 0:6c56fb4bc5f0 1017 }
nexpaq 0:6c56fb4bc5f0 1018
nexpaq 0:6c56fb4bc5f0 1019 // Best guess for password mismatch when using RC4. If first tag is
nexpaq 0:6c56fb4bc5f0 1020 // not MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE
nexpaq 0:6c56fb4bc5f0 1021 //
nexpaq 0:6c56fb4bc5f0 1022 if( *buf != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
nexpaq 0:6c56fb4bc5f0 1023 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
nexpaq 0:6c56fb4bc5f0 1024
nexpaq 0:6c56fb4bc5f0 1025 decrypted = 1;
nexpaq 0:6c56fb4bc5f0 1026 }
nexpaq 0:6c56fb4bc5f0 1027 else
nexpaq 0:6c56fb4bc5f0 1028 #endif /* MBEDTLS_PKCS12_C */
nexpaq 0:6c56fb4bc5f0 1029 #if defined(MBEDTLS_PKCS5_C)
nexpaq 0:6c56fb4bc5f0 1030 if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid ) == 0 )
nexpaq 0:6c56fb4bc5f0 1031 {
nexpaq 0:6c56fb4bc5f0 1032 if( ( ret = mbedtls_pkcs5_pbes2( &pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen,
nexpaq 0:6c56fb4bc5f0 1033 p, len, buf ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 1034 {
nexpaq 0:6c56fb4bc5f0 1035 if( ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH )
nexpaq 0:6c56fb4bc5f0 1036 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
nexpaq 0:6c56fb4bc5f0 1037
nexpaq 0:6c56fb4bc5f0 1038 return( ret );
nexpaq 0:6c56fb4bc5f0 1039 }
nexpaq 0:6c56fb4bc5f0 1040
nexpaq 0:6c56fb4bc5f0 1041 decrypted = 1;
nexpaq 0:6c56fb4bc5f0 1042 }
nexpaq 0:6c56fb4bc5f0 1043 else
nexpaq 0:6c56fb4bc5f0 1044 #endif /* MBEDTLS_PKCS5_C */
nexpaq 0:6c56fb4bc5f0 1045 {
nexpaq 0:6c56fb4bc5f0 1046 ((void) pwd);
nexpaq 0:6c56fb4bc5f0 1047 }
nexpaq 0:6c56fb4bc5f0 1048
nexpaq 0:6c56fb4bc5f0 1049 if( decrypted == 0 )
nexpaq 0:6c56fb4bc5f0 1050 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
nexpaq 0:6c56fb4bc5f0 1051
nexpaq 0:6c56fb4bc5f0 1052 return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
nexpaq 0:6c56fb4bc5f0 1053 }
nexpaq 0:6c56fb4bc5f0 1054 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
nexpaq 0:6c56fb4bc5f0 1055
nexpaq 0:6c56fb4bc5f0 1056 /*
nexpaq 0:6c56fb4bc5f0 1057 * Parse a private key
nexpaq 0:6c56fb4bc5f0 1058 */
nexpaq 0:6c56fb4bc5f0 1059 int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
nexpaq 0:6c56fb4bc5f0 1060 const unsigned char *key, size_t keylen,
nexpaq 0:6c56fb4bc5f0 1061 const unsigned char *pwd, size_t pwdlen )
nexpaq 0:6c56fb4bc5f0 1062 {
nexpaq 0:6c56fb4bc5f0 1063 int ret;
nexpaq 0:6c56fb4bc5f0 1064 const mbedtls_pk_info_t *pk_info;
nexpaq 0:6c56fb4bc5f0 1065
nexpaq 0:6c56fb4bc5f0 1066 #if defined(MBEDTLS_PEM_PARSE_C)
nexpaq 0:6c56fb4bc5f0 1067 size_t len;
nexpaq 0:6c56fb4bc5f0 1068 mbedtls_pem_context pem;
nexpaq 0:6c56fb4bc5f0 1069
nexpaq 0:6c56fb4bc5f0 1070 mbedtls_pem_init( &pem );
nexpaq 0:6c56fb4bc5f0 1071
nexpaq 0:6c56fb4bc5f0 1072 #if defined(MBEDTLS_RSA_C)
nexpaq 0:6c56fb4bc5f0 1073 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
nexpaq 0:6c56fb4bc5f0 1074 if( keylen == 0 || key[keylen - 1] != '\0' )
nexpaq 0:6c56fb4bc5f0 1075 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
nexpaq 0:6c56fb4bc5f0 1076 else
nexpaq 0:6c56fb4bc5f0 1077 ret = mbedtls_pem_read_buffer( &pem,
nexpaq 0:6c56fb4bc5f0 1078 "-----BEGIN RSA PRIVATE KEY-----",
nexpaq 0:6c56fb4bc5f0 1079 "-----END RSA PRIVATE KEY-----",
nexpaq 0:6c56fb4bc5f0 1080 key, pwd, pwdlen, &len );
nexpaq 0:6c56fb4bc5f0 1081
nexpaq 0:6c56fb4bc5f0 1082 if( ret == 0 )
nexpaq 0:6c56fb4bc5f0 1083 {
nexpaq 0:6c56fb4bc5f0 1084 if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
nexpaq 0:6c56fb4bc5f0 1085 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
nexpaq 0:6c56fb4bc5f0 1086
nexpaq 0:6c56fb4bc5f0 1087 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
nexpaq 0:6c56fb4bc5f0 1088 ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
nexpaq 0:6c56fb4bc5f0 1089 pem.buf, pem.buflen ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 1090 {
nexpaq 0:6c56fb4bc5f0 1091 mbedtls_pk_free( pk );
nexpaq 0:6c56fb4bc5f0 1092 }
nexpaq 0:6c56fb4bc5f0 1093
nexpaq 0:6c56fb4bc5f0 1094 mbedtls_pem_free( &pem );
nexpaq 0:6c56fb4bc5f0 1095 return( ret );
nexpaq 0:6c56fb4bc5f0 1096 }
nexpaq 0:6c56fb4bc5f0 1097 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
nexpaq 0:6c56fb4bc5f0 1098 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
nexpaq 0:6c56fb4bc5f0 1099 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
nexpaq 0:6c56fb4bc5f0 1100 return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
nexpaq 0:6c56fb4bc5f0 1101 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
nexpaq 0:6c56fb4bc5f0 1102 return( ret );
nexpaq 0:6c56fb4bc5f0 1103 #endif /* MBEDTLS_RSA_C */
nexpaq 0:6c56fb4bc5f0 1104
nexpaq 0:6c56fb4bc5f0 1105 #if defined(MBEDTLS_ECP_C)
nexpaq 0:6c56fb4bc5f0 1106 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
nexpaq 0:6c56fb4bc5f0 1107 if( keylen == 0 || key[keylen - 1] != '\0' )
nexpaq 0:6c56fb4bc5f0 1108 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
nexpaq 0:6c56fb4bc5f0 1109 else
nexpaq 0:6c56fb4bc5f0 1110 ret = mbedtls_pem_read_buffer( &pem,
nexpaq 0:6c56fb4bc5f0 1111 "-----BEGIN EC PRIVATE KEY-----",
nexpaq 0:6c56fb4bc5f0 1112 "-----END EC PRIVATE KEY-----",
nexpaq 0:6c56fb4bc5f0 1113 key, pwd, pwdlen, &len );
nexpaq 0:6c56fb4bc5f0 1114 if( ret == 0 )
nexpaq 0:6c56fb4bc5f0 1115 {
nexpaq 0:6c56fb4bc5f0 1116 if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL )
nexpaq 0:6c56fb4bc5f0 1117 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
nexpaq 0:6c56fb4bc5f0 1118
nexpaq 0:6c56fb4bc5f0 1119 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
nexpaq 0:6c56fb4bc5f0 1120 ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
nexpaq 0:6c56fb4bc5f0 1121 pem.buf, pem.buflen ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 1122 {
nexpaq 0:6c56fb4bc5f0 1123 mbedtls_pk_free( pk );
nexpaq 0:6c56fb4bc5f0 1124 }
nexpaq 0:6c56fb4bc5f0 1125
nexpaq 0:6c56fb4bc5f0 1126 mbedtls_pem_free( &pem );
nexpaq 0:6c56fb4bc5f0 1127 return( ret );
nexpaq 0:6c56fb4bc5f0 1128 }
nexpaq 0:6c56fb4bc5f0 1129 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
nexpaq 0:6c56fb4bc5f0 1130 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
nexpaq 0:6c56fb4bc5f0 1131 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
nexpaq 0:6c56fb4bc5f0 1132 return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
nexpaq 0:6c56fb4bc5f0 1133 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
nexpaq 0:6c56fb4bc5f0 1134 return( ret );
nexpaq 0:6c56fb4bc5f0 1135 #endif /* MBEDTLS_ECP_C */
nexpaq 0:6c56fb4bc5f0 1136
nexpaq 0:6c56fb4bc5f0 1137 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
nexpaq 0:6c56fb4bc5f0 1138 if( keylen == 0 || key[keylen - 1] != '\0' )
nexpaq 0:6c56fb4bc5f0 1139 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
nexpaq 0:6c56fb4bc5f0 1140 else
nexpaq 0:6c56fb4bc5f0 1141 ret = mbedtls_pem_read_buffer( &pem,
nexpaq 0:6c56fb4bc5f0 1142 "-----BEGIN PRIVATE KEY-----",
nexpaq 0:6c56fb4bc5f0 1143 "-----END PRIVATE KEY-----",
nexpaq 0:6c56fb4bc5f0 1144 key, NULL, 0, &len );
nexpaq 0:6c56fb4bc5f0 1145 if( ret == 0 )
nexpaq 0:6c56fb4bc5f0 1146 {
nexpaq 0:6c56fb4bc5f0 1147 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
nexpaq 0:6c56fb4bc5f0 1148 pem.buf, pem.buflen ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 1149 {
nexpaq 0:6c56fb4bc5f0 1150 mbedtls_pk_free( pk );
nexpaq 0:6c56fb4bc5f0 1151 }
nexpaq 0:6c56fb4bc5f0 1152
nexpaq 0:6c56fb4bc5f0 1153 mbedtls_pem_free( &pem );
nexpaq 0:6c56fb4bc5f0 1154 return( ret );
nexpaq 0:6c56fb4bc5f0 1155 }
nexpaq 0:6c56fb4bc5f0 1156 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
nexpaq 0:6c56fb4bc5f0 1157 return( ret );
nexpaq 0:6c56fb4bc5f0 1158
nexpaq 0:6c56fb4bc5f0 1159 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
nexpaq 0:6c56fb4bc5f0 1160 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
nexpaq 0:6c56fb4bc5f0 1161 if( keylen == 0 || key[keylen - 1] != '\0' )
nexpaq 0:6c56fb4bc5f0 1162 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
nexpaq 0:6c56fb4bc5f0 1163 else
nexpaq 0:6c56fb4bc5f0 1164 ret = mbedtls_pem_read_buffer( &pem,
nexpaq 0:6c56fb4bc5f0 1165 "-----BEGIN ENCRYPTED PRIVATE KEY-----",
nexpaq 0:6c56fb4bc5f0 1166 "-----END ENCRYPTED PRIVATE KEY-----",
nexpaq 0:6c56fb4bc5f0 1167 key, NULL, 0, &len );
nexpaq 0:6c56fb4bc5f0 1168 if( ret == 0 )
nexpaq 0:6c56fb4bc5f0 1169 {
nexpaq 0:6c56fb4bc5f0 1170 if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
nexpaq 0:6c56fb4bc5f0 1171 pem.buf, pem.buflen,
nexpaq 0:6c56fb4bc5f0 1172 pwd, pwdlen ) ) != 0 )
nexpaq 0:6c56fb4bc5f0 1173 {
nexpaq 0:6c56fb4bc5f0 1174 mbedtls_pk_free( pk );
nexpaq 0:6c56fb4bc5f0 1175 }
nexpaq 0:6c56fb4bc5f0 1176
nexpaq 0:6c56fb4bc5f0 1177 mbedtls_pem_free( &pem );
nexpaq 0:6c56fb4bc5f0 1178 return( ret );
nexpaq 0:6c56fb4bc5f0 1179 }
nexpaq 0:6c56fb4bc5f0 1180 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
nexpaq 0:6c56fb4bc5f0 1181 return( ret );
nexpaq 0:6c56fb4bc5f0 1182 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
nexpaq 0:6c56fb4bc5f0 1183 #else
nexpaq 0:6c56fb4bc5f0 1184 ((void) ret);
nexpaq 0:6c56fb4bc5f0 1185 ((void) pwd);
nexpaq 0:6c56fb4bc5f0 1186 ((void) pwdlen);
nexpaq 0:6c56fb4bc5f0 1187 #endif /* MBEDTLS_PEM_PARSE_C */
nexpaq 0:6c56fb4bc5f0 1188
nexpaq 0:6c56fb4bc5f0 1189 /*
nexpaq 0:6c56fb4bc5f0 1190 * At this point we only know it's not a PEM formatted key. Could be any
nexpaq 0:6c56fb4bc5f0 1191 * of the known DER encoded private key formats
nexpaq 0:6c56fb4bc5f0 1192 *
nexpaq 0:6c56fb4bc5f0 1193 * We try the different DER format parsers to see if one passes without
nexpaq 0:6c56fb4bc5f0 1194 * error
nexpaq 0:6c56fb4bc5f0 1195 */
nexpaq 0:6c56fb4bc5f0 1196 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
nexpaq 0:6c56fb4bc5f0 1197 if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen,
nexpaq 0:6c56fb4bc5f0 1198 pwd, pwdlen ) ) == 0 )
nexpaq 0:6c56fb4bc5f0 1199 {
nexpaq 0:6c56fb4bc5f0 1200 return( 0 );
nexpaq 0:6c56fb4bc5f0 1201 }
nexpaq 0:6c56fb4bc5f0 1202
nexpaq 0:6c56fb4bc5f0 1203 mbedtls_pk_free( pk );
nexpaq 0:6c56fb4bc5f0 1204
nexpaq 0:6c56fb4bc5f0 1205 if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )
nexpaq 0:6c56fb4bc5f0 1206 {
nexpaq 0:6c56fb4bc5f0 1207 return( ret );
nexpaq 0:6c56fb4bc5f0 1208 }
nexpaq 0:6c56fb4bc5f0 1209 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
nexpaq 0:6c56fb4bc5f0 1210
nexpaq 0:6c56fb4bc5f0 1211 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
nexpaq 0:6c56fb4bc5f0 1212 return( 0 );
nexpaq 0:6c56fb4bc5f0 1213
nexpaq 0:6c56fb4bc5f0 1214 mbedtls_pk_free( pk );
nexpaq 0:6c56fb4bc5f0 1215
nexpaq 0:6c56fb4bc5f0 1216 #if defined(MBEDTLS_RSA_C)
nexpaq 0:6c56fb4bc5f0 1217 if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
nexpaq 0:6c56fb4bc5f0 1218 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
nexpaq 0:6c56fb4bc5f0 1219
nexpaq 0:6c56fb4bc5f0 1220 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
nexpaq 0:6c56fb4bc5f0 1221 ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) ) == 0 )
nexpaq 0:6c56fb4bc5f0 1222 {
nexpaq 0:6c56fb4bc5f0 1223 return( 0 );
nexpaq 0:6c56fb4bc5f0 1224 }
nexpaq 0:6c56fb4bc5f0 1225
nexpaq 0:6c56fb4bc5f0 1226 mbedtls_pk_free( pk );
nexpaq 0:6c56fb4bc5f0 1227 #endif /* MBEDTLS_RSA_C */
nexpaq 0:6c56fb4bc5f0 1228
nexpaq 0:6c56fb4bc5f0 1229 #if defined(MBEDTLS_ECP_C)
nexpaq 0:6c56fb4bc5f0 1230 if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL )
nexpaq 0:6c56fb4bc5f0 1231 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
nexpaq 0:6c56fb4bc5f0 1232
nexpaq 0:6c56fb4bc5f0 1233 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
nexpaq 0:6c56fb4bc5f0 1234 ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), key, keylen ) ) == 0 )
nexpaq 0:6c56fb4bc5f0 1235 {
nexpaq 0:6c56fb4bc5f0 1236 return( 0 );
nexpaq 0:6c56fb4bc5f0 1237 }
nexpaq 0:6c56fb4bc5f0 1238
nexpaq 0:6c56fb4bc5f0 1239 mbedtls_pk_free( pk );
nexpaq 0:6c56fb4bc5f0 1240 #endif /* MBEDTLS_ECP_C */
nexpaq 0:6c56fb4bc5f0 1241
nexpaq 0:6c56fb4bc5f0 1242 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
nexpaq 0:6c56fb4bc5f0 1243 }
nexpaq 0:6c56fb4bc5f0 1244
nexpaq 0:6c56fb4bc5f0 1245 /*
nexpaq 0:6c56fb4bc5f0 1246 * Parse a public key
nexpaq 0:6c56fb4bc5f0 1247 */
nexpaq 0:6c56fb4bc5f0 1248 int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
nexpaq 0:6c56fb4bc5f0 1249 const unsigned char *key, size_t keylen )
nexpaq 0:6c56fb4bc5f0 1250 {
nexpaq 0:6c56fb4bc5f0 1251 int ret;
nexpaq 0:6c56fb4bc5f0 1252 unsigned char *p;
nexpaq 0:6c56fb4bc5f0 1253 #if defined(MBEDTLS_PEM_PARSE_C)
nexpaq 0:6c56fb4bc5f0 1254 size_t len;
nexpaq 0:6c56fb4bc5f0 1255 mbedtls_pem_context pem;
nexpaq 0:6c56fb4bc5f0 1256
nexpaq 0:6c56fb4bc5f0 1257 mbedtls_pem_init( &pem );
nexpaq 0:6c56fb4bc5f0 1258
nexpaq 0:6c56fb4bc5f0 1259 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
nexpaq 0:6c56fb4bc5f0 1260 if( keylen == 0 || key[keylen - 1] != '\0' )
nexpaq 0:6c56fb4bc5f0 1261 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
nexpaq 0:6c56fb4bc5f0 1262 else
nexpaq 0:6c56fb4bc5f0 1263 ret = mbedtls_pem_read_buffer( &pem,
nexpaq 0:6c56fb4bc5f0 1264 "-----BEGIN PUBLIC KEY-----",
nexpaq 0:6c56fb4bc5f0 1265 "-----END PUBLIC KEY-----",
nexpaq 0:6c56fb4bc5f0 1266 key, NULL, 0, &len );
nexpaq 0:6c56fb4bc5f0 1267
nexpaq 0:6c56fb4bc5f0 1268 if( ret == 0 )
nexpaq 0:6c56fb4bc5f0 1269 {
nexpaq 0:6c56fb4bc5f0 1270 /*
nexpaq 0:6c56fb4bc5f0 1271 * Was PEM encoded
nexpaq 0:6c56fb4bc5f0 1272 */
nexpaq 0:6c56fb4bc5f0 1273 key = pem.buf;
nexpaq 0:6c56fb4bc5f0 1274 keylen = pem.buflen;
nexpaq 0:6c56fb4bc5f0 1275 }
nexpaq 0:6c56fb4bc5f0 1276 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
nexpaq 0:6c56fb4bc5f0 1277 {
nexpaq 0:6c56fb4bc5f0 1278 mbedtls_pem_free( &pem );
nexpaq 0:6c56fb4bc5f0 1279 return( ret );
nexpaq 0:6c56fb4bc5f0 1280 }
nexpaq 0:6c56fb4bc5f0 1281 #endif /* MBEDTLS_PEM_PARSE_C */
nexpaq 0:6c56fb4bc5f0 1282 p = (unsigned char *) key;
nexpaq 0:6c56fb4bc5f0 1283
nexpaq 0:6c56fb4bc5f0 1284 ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx );
nexpaq 0:6c56fb4bc5f0 1285
nexpaq 0:6c56fb4bc5f0 1286 #if defined(MBEDTLS_PEM_PARSE_C)
nexpaq 0:6c56fb4bc5f0 1287 mbedtls_pem_free( &pem );
nexpaq 0:6c56fb4bc5f0 1288 #endif
nexpaq 0:6c56fb4bc5f0 1289
nexpaq 0:6c56fb4bc5f0 1290 return( ret );
nexpaq 0:6c56fb4bc5f0 1291 }
nexpaq 0:6c56fb4bc5f0 1292
nexpaq 0:6c56fb4bc5f0 1293 #endif /* MBEDTLS_PK_PARSE_C */