Maxim nexpaq
Preliminary main mbed library for nexpaq development
features/mbedtls/src/pkparse.c@1:d96dbedaebdb, 2016-11-04 (annotated)
- Committer:
- nexpaq
- Date:
- Fri Nov 04 20:54:50 2016 +0000
- Revision:
- 1:d96dbedaebdb
- Parent:
- 0:6c56fb4bc5f0
Removed extra directories for other platforms
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| nexpaq | 0:6c56fb4bc5f0 | 1 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 2 | * Public Key layer for parsing key files and structures |
| nexpaq | 0:6c56fb4bc5f0 | 3 | * |
| nexpaq | 0:6c56fb4bc5f0 | 4 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved |
| nexpaq | 0:6c56fb4bc5f0 | 5 | * SPDX-License-Identifier: Apache-2.0 |
| nexpaq | 0:6c56fb4bc5f0 | 6 | * |
| nexpaq | 0:6c56fb4bc5f0 | 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
| nexpaq | 0:6c56fb4bc5f0 | 8 | * not use this file except in compliance with the License. |
| nexpaq | 0:6c56fb4bc5f0 | 9 | * You may obtain a copy of the License at |
| nexpaq | 0:6c56fb4bc5f0 | 10 | * |
| nexpaq | 0:6c56fb4bc5f0 | 11 | * http://www.apache.org/licenses/LICENSE-2.0 |
| nexpaq | 0:6c56fb4bc5f0 | 12 | * |
| nexpaq | 0:6c56fb4bc5f0 | 13 | * Unless required by applicable law or agreed to in writing, software |
| nexpaq | 0:6c56fb4bc5f0 | 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| nexpaq | 0:6c56fb4bc5f0 | 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| nexpaq | 0:6c56fb4bc5f0 | 16 | * See the License for the specific language governing permissions and |
| nexpaq | 0:6c56fb4bc5f0 | 17 | * limitations under the License. |
| nexpaq | 0:6c56fb4bc5f0 | 18 | * |
| nexpaq | 0:6c56fb4bc5f0 | 19 | * This file is part of mbed TLS (https://tls.mbed.org) |
| nexpaq | 0:6c56fb4bc5f0 | 20 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 21 | |
| nexpaq | 0:6c56fb4bc5f0 | 22 | #if !defined(MBEDTLS_CONFIG_FILE) |
| nexpaq | 0:6c56fb4bc5f0 | 23 | #include "mbedtls/config.h" |
| nexpaq | 0:6c56fb4bc5f0 | 24 | #else |
| nexpaq | 0:6c56fb4bc5f0 | 25 | #include MBEDTLS_CONFIG_FILE |
| nexpaq | 0:6c56fb4bc5f0 | 26 | #endif |
| nexpaq | 0:6c56fb4bc5f0 | 27 | |
| nexpaq | 0:6c56fb4bc5f0 | 28 | #if defined(MBEDTLS_PK_PARSE_C) |
| nexpaq | 0:6c56fb4bc5f0 | 29 | |
| nexpaq | 0:6c56fb4bc5f0 | 30 | #include "mbedtls/pk.h" |
| nexpaq | 0:6c56fb4bc5f0 | 31 | #include "mbedtls/asn1.h" |
| nexpaq | 0:6c56fb4bc5f0 | 32 | #include "mbedtls/oid.h" |
| nexpaq | 0:6c56fb4bc5f0 | 33 | |
| nexpaq | 0:6c56fb4bc5f0 | 34 | #include <string.h> |
| nexpaq | 0:6c56fb4bc5f0 | 35 | |
| nexpaq | 0:6c56fb4bc5f0 | 36 | #if defined(MBEDTLS_RSA_C) |
| nexpaq | 0:6c56fb4bc5f0 | 37 | #include "mbedtls/rsa.h" |
| nexpaq | 0:6c56fb4bc5f0 | 38 | #endif |
| nexpaq | 0:6c56fb4bc5f0 | 39 | #if defined(MBEDTLS_ECP_C) |
| nexpaq | 0:6c56fb4bc5f0 | 40 | #include "mbedtls/ecp.h" |
| nexpaq | 0:6c56fb4bc5f0 | 41 | #endif |
| nexpaq | 0:6c56fb4bc5f0 | 42 | #if defined(MBEDTLS_ECDSA_C) |
| nexpaq | 0:6c56fb4bc5f0 | 43 | #include "mbedtls/ecdsa.h" |
| nexpaq | 0:6c56fb4bc5f0 | 44 | #endif |
| nexpaq | 0:6c56fb4bc5f0 | 45 | #if defined(MBEDTLS_PEM_PARSE_C) |
| nexpaq | 0:6c56fb4bc5f0 | 46 | #include "mbedtls/pem.h" |
| nexpaq | 0:6c56fb4bc5f0 | 47 | #endif |
| nexpaq | 0:6c56fb4bc5f0 | 48 | #if defined(MBEDTLS_PKCS5_C) |
| nexpaq | 0:6c56fb4bc5f0 | 49 | #include "mbedtls/pkcs5.h" |
| nexpaq | 0:6c56fb4bc5f0 | 50 | #endif |
| nexpaq | 0:6c56fb4bc5f0 | 51 | #if defined(MBEDTLS_PKCS12_C) |
| nexpaq | 0:6c56fb4bc5f0 | 52 | #include "mbedtls/pkcs12.h" |
| nexpaq | 0:6c56fb4bc5f0 | 53 | #endif |
| nexpaq | 0:6c56fb4bc5f0 | 54 | |
| nexpaq | 0:6c56fb4bc5f0 | 55 | #if defined(MBEDTLS_PLATFORM_C) |
| nexpaq | 0:6c56fb4bc5f0 | 56 | #include "mbedtls/platform.h" |
| nexpaq | 0:6c56fb4bc5f0 | 57 | #else |
| nexpaq | 0:6c56fb4bc5f0 | 58 | #include <stdlib.h> |
| nexpaq | 0:6c56fb4bc5f0 | 59 | #define mbedtls_calloc calloc |
| nexpaq | 0:6c56fb4bc5f0 | 60 | #define mbedtls_free free |
| nexpaq | 0:6c56fb4bc5f0 | 61 | #endif |
| nexpaq | 0:6c56fb4bc5f0 | 62 | |
| nexpaq | 0:6c56fb4bc5f0 | 63 | #if defined(MBEDTLS_FS_IO) |
| nexpaq | 0:6c56fb4bc5f0 | 64 | /* Implementation that should never be optimized out by the compiler */ |
| nexpaq | 0:6c56fb4bc5f0 | 65 | static void mbedtls_zeroize( void *v, size_t n ) { |
| nexpaq | 0:6c56fb4bc5f0 | 66 | volatile unsigned char *p = v; while( n-- ) *p++ = 0; |
| nexpaq | 0:6c56fb4bc5f0 | 67 | } |
| nexpaq | 0:6c56fb4bc5f0 | 68 | |
| nexpaq | 0:6c56fb4bc5f0 | 69 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 70 | * Load all data from a file into a given buffer. |
| nexpaq | 0:6c56fb4bc5f0 | 71 | * |
| nexpaq | 0:6c56fb4bc5f0 | 72 | * The file is expected to contain either PEM or DER encoded data. |
| nexpaq | 0:6c56fb4bc5f0 | 73 | * A terminating null byte is always appended. It is included in the announced |
| nexpaq | 0:6c56fb4bc5f0 | 74 | * length only if the data looks like it is PEM encoded. |
| nexpaq | 0:6c56fb4bc5f0 | 75 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 76 | int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ) |
| nexpaq | 0:6c56fb4bc5f0 | 77 | { |
| nexpaq | 0:6c56fb4bc5f0 | 78 | FILE *f; |
| nexpaq | 0:6c56fb4bc5f0 | 79 | long size; |
| nexpaq | 0:6c56fb4bc5f0 | 80 | |
| nexpaq | 0:6c56fb4bc5f0 | 81 | if( ( f = fopen( path, "rb" ) ) == NULL ) |
| nexpaq | 0:6c56fb4bc5f0 | 82 | return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); |
| nexpaq | 0:6c56fb4bc5f0 | 83 | |
| nexpaq | 0:6c56fb4bc5f0 | 84 | fseek( f, 0, SEEK_END ); |
| nexpaq | 0:6c56fb4bc5f0 | 85 | if( ( size = ftell( f ) ) == -1 ) |
| nexpaq | 0:6c56fb4bc5f0 | 86 | { |
| nexpaq | 0:6c56fb4bc5f0 | 87 | fclose( f ); |
| nexpaq | 0:6c56fb4bc5f0 | 88 | return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); |
| nexpaq | 0:6c56fb4bc5f0 | 89 | } |
| nexpaq | 0:6c56fb4bc5f0 | 90 | fseek( f, 0, SEEK_SET ); |
| nexpaq | 0:6c56fb4bc5f0 | 91 | |
| nexpaq | 0:6c56fb4bc5f0 | 92 | *n = (size_t) size; |
| nexpaq | 0:6c56fb4bc5f0 | 93 | |
| nexpaq | 0:6c56fb4bc5f0 | 94 | if( *n + 1 == 0 || |
| nexpaq | 0:6c56fb4bc5f0 | 95 | ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL ) |
| nexpaq | 0:6c56fb4bc5f0 | 96 | { |
| nexpaq | 0:6c56fb4bc5f0 | 97 | fclose( f ); |
| nexpaq | 0:6c56fb4bc5f0 | 98 | return( MBEDTLS_ERR_PK_ALLOC_FAILED ); |
| nexpaq | 0:6c56fb4bc5f0 | 99 | } |
| nexpaq | 0:6c56fb4bc5f0 | 100 | |
| nexpaq | 0:6c56fb4bc5f0 | 101 | if( fread( *buf, 1, *n, f ) != *n ) |
| nexpaq | 0:6c56fb4bc5f0 | 102 | { |
| nexpaq | 0:6c56fb4bc5f0 | 103 | fclose( f ); |
| nexpaq | 0:6c56fb4bc5f0 | 104 | mbedtls_free( *buf ); |
| nexpaq | 0:6c56fb4bc5f0 | 105 | return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); |
| nexpaq | 0:6c56fb4bc5f0 | 106 | } |
| nexpaq | 0:6c56fb4bc5f0 | 107 | |
| nexpaq | 0:6c56fb4bc5f0 | 108 | fclose( f ); |
| nexpaq | 0:6c56fb4bc5f0 | 109 | |
| nexpaq | 0:6c56fb4bc5f0 | 110 | (*buf)[*n] = '\0'; |
| nexpaq | 0:6c56fb4bc5f0 | 111 | |
| nexpaq | 0:6c56fb4bc5f0 | 112 | if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL ) |
| nexpaq | 0:6c56fb4bc5f0 | 113 | ++*n; |
| nexpaq | 0:6c56fb4bc5f0 | 114 | |
| nexpaq | 0:6c56fb4bc5f0 | 115 | return( 0 ); |
| nexpaq | 0:6c56fb4bc5f0 | 116 | } |
| nexpaq | 0:6c56fb4bc5f0 | 117 | |
| nexpaq | 0:6c56fb4bc5f0 | 118 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 119 | * Load and parse a private key |
| nexpaq | 0:6c56fb4bc5f0 | 120 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 121 | int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, |
| nexpaq | 0:6c56fb4bc5f0 | 122 | const char *path, const char *pwd ) |
| nexpaq | 0:6c56fb4bc5f0 | 123 | { |
| nexpaq | 0:6c56fb4bc5f0 | 124 | int ret; |
| nexpaq | 0:6c56fb4bc5f0 | 125 | size_t n; |
| nexpaq | 0:6c56fb4bc5f0 | 126 | unsigned char *buf; |
| nexpaq | 0:6c56fb4bc5f0 | 127 | |
| nexpaq | 0:6c56fb4bc5f0 | 128 | if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 129 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 130 | |
| nexpaq | 0:6c56fb4bc5f0 | 131 | if( pwd == NULL ) |
| nexpaq | 0:6c56fb4bc5f0 | 132 | ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 ); |
| nexpaq | 0:6c56fb4bc5f0 | 133 | else |
| nexpaq | 0:6c56fb4bc5f0 | 134 | ret = mbedtls_pk_parse_key( ctx, buf, n, |
| nexpaq | 0:6c56fb4bc5f0 | 135 | (const unsigned char *) pwd, strlen( pwd ) ); |
| nexpaq | 0:6c56fb4bc5f0 | 136 | |
| nexpaq | 0:6c56fb4bc5f0 | 137 | mbedtls_zeroize( buf, n ); |
| nexpaq | 0:6c56fb4bc5f0 | 138 | mbedtls_free( buf ); |
| nexpaq | 0:6c56fb4bc5f0 | 139 | |
| nexpaq | 0:6c56fb4bc5f0 | 140 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 141 | } |
| nexpaq | 0:6c56fb4bc5f0 | 142 | |
| nexpaq | 0:6c56fb4bc5f0 | 143 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 144 | * Load and parse a public key |
| nexpaq | 0:6c56fb4bc5f0 | 145 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 146 | int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) |
| nexpaq | 0:6c56fb4bc5f0 | 147 | { |
| nexpaq | 0:6c56fb4bc5f0 | 148 | int ret; |
| nexpaq | 0:6c56fb4bc5f0 | 149 | size_t n; |
| nexpaq | 0:6c56fb4bc5f0 | 150 | unsigned char *buf; |
| nexpaq | 0:6c56fb4bc5f0 | 151 | |
| nexpaq | 0:6c56fb4bc5f0 | 152 | if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 153 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 154 | |
| nexpaq | 0:6c56fb4bc5f0 | 155 | ret = mbedtls_pk_parse_public_key( ctx, buf, n ); |
| nexpaq | 0:6c56fb4bc5f0 | 156 | |
| nexpaq | 0:6c56fb4bc5f0 | 157 | mbedtls_zeroize( buf, n ); |
| nexpaq | 0:6c56fb4bc5f0 | 158 | mbedtls_free( buf ); |
| nexpaq | 0:6c56fb4bc5f0 | 159 | |
| nexpaq | 0:6c56fb4bc5f0 | 160 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 161 | } |
| nexpaq | 0:6c56fb4bc5f0 | 162 | #endif /* MBEDTLS_FS_IO */ |
| nexpaq | 0:6c56fb4bc5f0 | 163 | |
| nexpaq | 0:6c56fb4bc5f0 | 164 | #if defined(MBEDTLS_ECP_C) |
| nexpaq | 0:6c56fb4bc5f0 | 165 | /* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf |
| nexpaq | 0:6c56fb4bc5f0 | 166 | * |
| nexpaq | 0:6c56fb4bc5f0 | 167 | * ECParameters ::= CHOICE { |
| nexpaq | 0:6c56fb4bc5f0 | 168 | * namedCurve OBJECT IDENTIFIER |
| nexpaq | 0:6c56fb4bc5f0 | 169 | * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... } |
| nexpaq | 0:6c56fb4bc5f0 | 170 | * -- implicitCurve NULL |
| nexpaq | 0:6c56fb4bc5f0 | 171 | * } |
| nexpaq | 0:6c56fb4bc5f0 | 172 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 173 | static int pk_get_ecparams( unsigned char **p, const unsigned char *end, |
| nexpaq | 0:6c56fb4bc5f0 | 174 | mbedtls_asn1_buf *params ) |
| nexpaq | 0:6c56fb4bc5f0 | 175 | { |
| nexpaq | 0:6c56fb4bc5f0 | 176 | int ret; |
| nexpaq | 0:6c56fb4bc5f0 | 177 | |
| nexpaq | 0:6c56fb4bc5f0 | 178 | /* Tag may be either OID or SEQUENCE */ |
| nexpaq | 0:6c56fb4bc5f0 | 179 | params->tag = **p; |
| nexpaq | 0:6c56fb4bc5f0 | 180 | if( params->tag != MBEDTLS_ASN1_OID |
| nexpaq | 0:6c56fb4bc5f0 | 181 | #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) |
| nexpaq | 0:6c56fb4bc5f0 | 182 | && params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) |
| nexpaq | 0:6c56fb4bc5f0 | 183 | #endif |
| nexpaq | 0:6c56fb4bc5f0 | 184 | ) |
| nexpaq | 0:6c56fb4bc5f0 | 185 | { |
| nexpaq | 0:6c56fb4bc5f0 | 186 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + |
| nexpaq | 0:6c56fb4bc5f0 | 187 | MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); |
| nexpaq | 0:6c56fb4bc5f0 | 188 | } |
| nexpaq | 0:6c56fb4bc5f0 | 189 | |
| nexpaq | 0:6c56fb4bc5f0 | 190 | if( ( ret = mbedtls_asn1_get_tag( p, end, ¶ms->len, params->tag ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 191 | { |
| nexpaq | 0:6c56fb4bc5f0 | 192 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 193 | } |
| nexpaq | 0:6c56fb4bc5f0 | 194 | |
| nexpaq | 0:6c56fb4bc5f0 | 195 | params->p = *p; |
| nexpaq | 0:6c56fb4bc5f0 | 196 | *p += params->len; |
| nexpaq | 0:6c56fb4bc5f0 | 197 | |
| nexpaq | 0:6c56fb4bc5f0 | 198 | if( *p != end ) |
| nexpaq | 0:6c56fb4bc5f0 | 199 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + |
| nexpaq | 0:6c56fb4bc5f0 | 200 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); |
| nexpaq | 0:6c56fb4bc5f0 | 201 | |
| nexpaq | 0:6c56fb4bc5f0 | 202 | return( 0 ); |
| nexpaq | 0:6c56fb4bc5f0 | 203 | } |
| nexpaq | 0:6c56fb4bc5f0 | 204 | |
| nexpaq | 0:6c56fb4bc5f0 | 205 | #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) |
| nexpaq | 0:6c56fb4bc5f0 | 206 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 207 | * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it. |
| nexpaq | 0:6c56fb4bc5f0 | 208 | * WARNING: the resulting group should only be used with |
| nexpaq | 0:6c56fb4bc5f0 | 209 | * pk_group_id_from_specified(), since its base point may not be set correctly |
| nexpaq | 0:6c56fb4bc5f0 | 210 | * if it was encoded compressed. |
| nexpaq | 0:6c56fb4bc5f0 | 211 | * |
| nexpaq | 0:6c56fb4bc5f0 | 212 | * SpecifiedECDomain ::= SEQUENCE { |
| nexpaq | 0:6c56fb4bc5f0 | 213 | * version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...), |
| nexpaq | 0:6c56fb4bc5f0 | 214 | * fieldID FieldID {{FieldTypes}}, |
| nexpaq | 0:6c56fb4bc5f0 | 215 | * curve Curve, |
| nexpaq | 0:6c56fb4bc5f0 | 216 | * base ECPoint, |
| nexpaq | 0:6c56fb4bc5f0 | 217 | * order INTEGER, |
| nexpaq | 0:6c56fb4bc5f0 | 218 | * cofactor INTEGER OPTIONAL, |
| nexpaq | 0:6c56fb4bc5f0 | 219 | * hash HashAlgorithm OPTIONAL, |
| nexpaq | 0:6c56fb4bc5f0 | 220 | * ... |
| nexpaq | 0:6c56fb4bc5f0 | 221 | * } |
| nexpaq | 0:6c56fb4bc5f0 | 222 | * |
| nexpaq | 0:6c56fb4bc5f0 | 223 | * We only support prime-field as field type, and ignore hash and cofactor. |
| nexpaq | 0:6c56fb4bc5f0 | 224 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 225 | static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp ) |
| nexpaq | 0:6c56fb4bc5f0 | 226 | { |
| nexpaq | 0:6c56fb4bc5f0 | 227 | int ret; |
| nexpaq | 0:6c56fb4bc5f0 | 228 | unsigned char *p = params->p; |
| nexpaq | 0:6c56fb4bc5f0 | 229 | const unsigned char * const end = params->p + params->len; |
| nexpaq | 0:6c56fb4bc5f0 | 230 | const unsigned char *end_field, *end_curve; |
| nexpaq | 0:6c56fb4bc5f0 | 231 | size_t len; |
| nexpaq | 0:6c56fb4bc5f0 | 232 | int ver; |
| nexpaq | 0:6c56fb4bc5f0 | 233 | |
| nexpaq | 0:6c56fb4bc5f0 | 234 | /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */ |
| nexpaq | 0:6c56fb4bc5f0 | 235 | if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 236 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 237 | |
| nexpaq | 0:6c56fb4bc5f0 | 238 | if( ver < 1 || ver > 3 ) |
| nexpaq | 0:6c56fb4bc5f0 | 239 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); |
| nexpaq | 0:6c56fb4bc5f0 | 240 | |
| nexpaq | 0:6c56fb4bc5f0 | 241 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 242 | * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field |
| nexpaq | 0:6c56fb4bc5f0 | 243 | * fieldType FIELD-ID.&id({IOSet}), |
| nexpaq | 0:6c56fb4bc5f0 | 244 | * parameters FIELD-ID.&Type({IOSet}{@fieldType}) |
| nexpaq | 0:6c56fb4bc5f0 | 245 | * } |
| nexpaq | 0:6c56fb4bc5f0 | 246 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 247 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, |
| nexpaq | 0:6c56fb4bc5f0 | 248 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 249 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 250 | |
| nexpaq | 0:6c56fb4bc5f0 | 251 | end_field = p + len; |
| nexpaq | 0:6c56fb4bc5f0 | 252 | |
| nexpaq | 0:6c56fb4bc5f0 | 253 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 254 | * FIELD-ID ::= TYPE-IDENTIFIER |
| nexpaq | 0:6c56fb4bc5f0 | 255 | * FieldTypes FIELD-ID ::= { |
| nexpaq | 0:6c56fb4bc5f0 | 256 | * { Prime-p IDENTIFIED BY prime-field } | |
| nexpaq | 0:6c56fb4bc5f0 | 257 | * { Characteristic-two IDENTIFIED BY characteristic-two-field } |
| nexpaq | 0:6c56fb4bc5f0 | 258 | * } |
| nexpaq | 0:6c56fb4bc5f0 | 259 | * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 } |
| nexpaq | 0:6c56fb4bc5f0 | 260 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 261 | if( ( ret = mbedtls_asn1_get_tag( &p, end_field, &len, MBEDTLS_ASN1_OID ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 262 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 263 | |
| nexpaq | 0:6c56fb4bc5f0 | 264 | if( len != MBEDTLS_OID_SIZE( MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD ) || |
| nexpaq | 0:6c56fb4bc5f0 | 265 | memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 266 | { |
| nexpaq | 0:6c56fb4bc5f0 | 267 | return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); |
| nexpaq | 0:6c56fb4bc5f0 | 268 | } |
| nexpaq | 0:6c56fb4bc5f0 | 269 | |
| nexpaq | 0:6c56fb4bc5f0 | 270 | p += len; |
| nexpaq | 0:6c56fb4bc5f0 | 271 | |
| nexpaq | 0:6c56fb4bc5f0 | 272 | /* Prime-p ::= INTEGER -- Field of size p. */ |
| nexpaq | 0:6c56fb4bc5f0 | 273 | if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 274 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 275 | |
| nexpaq | 0:6c56fb4bc5f0 | 276 | grp->pbits = mbedtls_mpi_bitlen( &grp->P ); |
| nexpaq | 0:6c56fb4bc5f0 | 277 | |
| nexpaq | 0:6c56fb4bc5f0 | 278 | if( p != end_field ) |
| nexpaq | 0:6c56fb4bc5f0 | 279 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + |
| nexpaq | 0:6c56fb4bc5f0 | 280 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); |
| nexpaq | 0:6c56fb4bc5f0 | 281 | |
| nexpaq | 0:6c56fb4bc5f0 | 282 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 283 | * Curve ::= SEQUENCE { |
| nexpaq | 0:6c56fb4bc5f0 | 284 | * a FieldElement, |
| nexpaq | 0:6c56fb4bc5f0 | 285 | * b FieldElement, |
| nexpaq | 0:6c56fb4bc5f0 | 286 | * seed BIT STRING OPTIONAL |
| nexpaq | 0:6c56fb4bc5f0 | 287 | * -- Shall be present if used in SpecifiedECDomain |
| nexpaq | 0:6c56fb4bc5f0 | 288 | * -- with version equal to ecdpVer2 or ecdpVer3 |
| nexpaq | 0:6c56fb4bc5f0 | 289 | * } |
| nexpaq | 0:6c56fb4bc5f0 | 290 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 291 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, |
| nexpaq | 0:6c56fb4bc5f0 | 292 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 293 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 294 | |
| nexpaq | 0:6c56fb4bc5f0 | 295 | end_curve = p + len; |
| nexpaq | 0:6c56fb4bc5f0 | 296 | |
| nexpaq | 0:6c56fb4bc5f0 | 297 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 298 | * FieldElement ::= OCTET STRING |
| nexpaq | 0:6c56fb4bc5f0 | 299 | * containing an integer in the case of a prime field |
| nexpaq | 0:6c56fb4bc5f0 | 300 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 301 | if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 || |
| nexpaq | 0:6c56fb4bc5f0 | 302 | ( ret = mbedtls_mpi_read_binary( &grp->A, p, len ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 303 | { |
| nexpaq | 0:6c56fb4bc5f0 | 304 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 305 | } |
| nexpaq | 0:6c56fb4bc5f0 | 306 | |
| nexpaq | 0:6c56fb4bc5f0 | 307 | p += len; |
| nexpaq | 0:6c56fb4bc5f0 | 308 | |
| nexpaq | 0:6c56fb4bc5f0 | 309 | if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 || |
| nexpaq | 0:6c56fb4bc5f0 | 310 | ( ret = mbedtls_mpi_read_binary( &grp->B, p, len ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 311 | { |
| nexpaq | 0:6c56fb4bc5f0 | 312 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 313 | } |
| nexpaq | 0:6c56fb4bc5f0 | 314 | |
| nexpaq | 0:6c56fb4bc5f0 | 315 | p += len; |
| nexpaq | 0:6c56fb4bc5f0 | 316 | |
| nexpaq | 0:6c56fb4bc5f0 | 317 | /* Ignore seed BIT STRING OPTIONAL */ |
| nexpaq | 0:6c56fb4bc5f0 | 318 | if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING ) ) == 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 319 | p += len; |
| nexpaq | 0:6c56fb4bc5f0 | 320 | |
| nexpaq | 0:6c56fb4bc5f0 | 321 | if( p != end_curve ) |
| nexpaq | 0:6c56fb4bc5f0 | 322 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + |
| nexpaq | 0:6c56fb4bc5f0 | 323 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); |
| nexpaq | 0:6c56fb4bc5f0 | 324 | |
| nexpaq | 0:6c56fb4bc5f0 | 325 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 326 | * ECPoint ::= OCTET STRING |
| nexpaq | 0:6c56fb4bc5f0 | 327 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 328 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 329 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 330 | |
| nexpaq | 0:6c56fb4bc5f0 | 331 | if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G, |
| nexpaq | 0:6c56fb4bc5f0 | 332 | ( const unsigned char *) p, len ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 333 | { |
| nexpaq | 0:6c56fb4bc5f0 | 334 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 335 | * If we can't read the point because it's compressed, cheat by |
| nexpaq | 0:6c56fb4bc5f0 | 336 | * reading only the X coordinate and the parity bit of Y. |
| nexpaq | 0:6c56fb4bc5f0 | 337 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 338 | if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE || |
| nexpaq | 0:6c56fb4bc5f0 | 339 | ( p[0] != 0x02 && p[0] != 0x03 ) || |
| nexpaq | 0:6c56fb4bc5f0 | 340 | len != mbedtls_mpi_size( &grp->P ) + 1 || |
| nexpaq | 0:6c56fb4bc5f0 | 341 | mbedtls_mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 || |
| nexpaq | 0:6c56fb4bc5f0 | 342 | mbedtls_mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 || |
| nexpaq | 0:6c56fb4bc5f0 | 343 | mbedtls_mpi_lset( &grp->G.Z, 1 ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 344 | { |
| nexpaq | 0:6c56fb4bc5f0 | 345 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); |
| nexpaq | 0:6c56fb4bc5f0 | 346 | } |
| nexpaq | 0:6c56fb4bc5f0 | 347 | } |
| nexpaq | 0:6c56fb4bc5f0 | 348 | |
| nexpaq | 0:6c56fb4bc5f0 | 349 | p += len; |
| nexpaq | 0:6c56fb4bc5f0 | 350 | |
| nexpaq | 0:6c56fb4bc5f0 | 351 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 352 | * order INTEGER |
| nexpaq | 0:6c56fb4bc5f0 | 353 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 354 | if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 355 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 356 | |
| nexpaq | 0:6c56fb4bc5f0 | 357 | grp->nbits = mbedtls_mpi_bitlen( &grp->N ); |
| nexpaq | 0:6c56fb4bc5f0 | 358 | |
| nexpaq | 0:6c56fb4bc5f0 | 359 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 360 | * Allow optional elements by purposefully not enforcing p == end here. |
| nexpaq | 0:6c56fb4bc5f0 | 361 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 362 | |
| nexpaq | 0:6c56fb4bc5f0 | 363 | return( 0 ); |
| nexpaq | 0:6c56fb4bc5f0 | 364 | } |
| nexpaq | 0:6c56fb4bc5f0 | 365 | |
| nexpaq | 0:6c56fb4bc5f0 | 366 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 367 | * Find the group id associated with an (almost filled) group as generated by |
| nexpaq | 0:6c56fb4bc5f0 | 368 | * pk_group_from_specified(), or return an error if unknown. |
| nexpaq | 0:6c56fb4bc5f0 | 369 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 370 | static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id ) |
| nexpaq | 0:6c56fb4bc5f0 | 371 | { |
| nexpaq | 0:6c56fb4bc5f0 | 372 | int ret = 0; |
| nexpaq | 0:6c56fb4bc5f0 | 373 | mbedtls_ecp_group ref; |
| nexpaq | 0:6c56fb4bc5f0 | 374 | const mbedtls_ecp_group_id *id; |
| nexpaq | 0:6c56fb4bc5f0 | 375 | |
| nexpaq | 0:6c56fb4bc5f0 | 376 | mbedtls_ecp_group_init( &ref ); |
| nexpaq | 0:6c56fb4bc5f0 | 377 | |
| nexpaq | 0:6c56fb4bc5f0 | 378 | for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ ) |
| nexpaq | 0:6c56fb4bc5f0 | 379 | { |
| nexpaq | 0:6c56fb4bc5f0 | 380 | /* Load the group associated to that id */ |
| nexpaq | 0:6c56fb4bc5f0 | 381 | mbedtls_ecp_group_free( &ref ); |
| nexpaq | 0:6c56fb4bc5f0 | 382 | MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ref, *id ) ); |
| nexpaq | 0:6c56fb4bc5f0 | 383 | |
| nexpaq | 0:6c56fb4bc5f0 | 384 | /* Compare to the group we were given, starting with easy tests */ |
| nexpaq | 0:6c56fb4bc5f0 | 385 | if( grp->pbits == ref.pbits && grp->nbits == ref.nbits && |
| nexpaq | 0:6c56fb4bc5f0 | 386 | mbedtls_mpi_cmp_mpi( &grp->P, &ref.P ) == 0 && |
| nexpaq | 0:6c56fb4bc5f0 | 387 | mbedtls_mpi_cmp_mpi( &grp->A, &ref.A ) == 0 && |
| nexpaq | 0:6c56fb4bc5f0 | 388 | mbedtls_mpi_cmp_mpi( &grp->B, &ref.B ) == 0 && |
| nexpaq | 0:6c56fb4bc5f0 | 389 | mbedtls_mpi_cmp_mpi( &grp->N, &ref.N ) == 0 && |
| nexpaq | 0:6c56fb4bc5f0 | 390 | mbedtls_mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 && |
| nexpaq | 0:6c56fb4bc5f0 | 391 | mbedtls_mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 && |
| nexpaq | 0:6c56fb4bc5f0 | 392 | /* For Y we may only know the parity bit, so compare only that */ |
| nexpaq | 0:6c56fb4bc5f0 | 393 | mbedtls_mpi_get_bit( &grp->G.Y, 0 ) == mbedtls_mpi_get_bit( &ref.G.Y, 0 ) ) |
| nexpaq | 0:6c56fb4bc5f0 | 394 | { |
| nexpaq | 0:6c56fb4bc5f0 | 395 | break; |
| nexpaq | 0:6c56fb4bc5f0 | 396 | } |
| nexpaq | 0:6c56fb4bc5f0 | 397 | |
| nexpaq | 0:6c56fb4bc5f0 | 398 | } |
| nexpaq | 0:6c56fb4bc5f0 | 399 | |
| nexpaq | 0:6c56fb4bc5f0 | 400 | cleanup: |
| nexpaq | 0:6c56fb4bc5f0 | 401 | mbedtls_ecp_group_free( &ref ); |
| nexpaq | 0:6c56fb4bc5f0 | 402 | |
| nexpaq | 0:6c56fb4bc5f0 | 403 | *grp_id = *id; |
| nexpaq | 0:6c56fb4bc5f0 | 404 | |
| nexpaq | 0:6c56fb4bc5f0 | 405 | if( ret == 0 && *id == MBEDTLS_ECP_DP_NONE ) |
| nexpaq | 0:6c56fb4bc5f0 | 406 | ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; |
| nexpaq | 0:6c56fb4bc5f0 | 407 | |
| nexpaq | 0:6c56fb4bc5f0 | 408 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 409 | } |
| nexpaq | 0:6c56fb4bc5f0 | 410 | |
| nexpaq | 0:6c56fb4bc5f0 | 411 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 412 | * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID |
| nexpaq | 0:6c56fb4bc5f0 | 413 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 414 | static int pk_group_id_from_specified( const mbedtls_asn1_buf *params, |
| nexpaq | 0:6c56fb4bc5f0 | 415 | mbedtls_ecp_group_id *grp_id ) |
| nexpaq | 0:6c56fb4bc5f0 | 416 | { |
| nexpaq | 0:6c56fb4bc5f0 | 417 | int ret; |
| nexpaq | 0:6c56fb4bc5f0 | 418 | mbedtls_ecp_group grp; |
| nexpaq | 0:6c56fb4bc5f0 | 419 | |
| nexpaq | 0:6c56fb4bc5f0 | 420 | mbedtls_ecp_group_init( &grp ); |
| nexpaq | 0:6c56fb4bc5f0 | 421 | |
| nexpaq | 0:6c56fb4bc5f0 | 422 | if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 423 | goto cleanup; |
| nexpaq | 0:6c56fb4bc5f0 | 424 | |
| nexpaq | 0:6c56fb4bc5f0 | 425 | ret = pk_group_id_from_group( &grp, grp_id ); |
| nexpaq | 0:6c56fb4bc5f0 | 426 | |
| nexpaq | 0:6c56fb4bc5f0 | 427 | cleanup: |
| nexpaq | 0:6c56fb4bc5f0 | 428 | mbedtls_ecp_group_free( &grp ); |
| nexpaq | 0:6c56fb4bc5f0 | 429 | |
| nexpaq | 0:6c56fb4bc5f0 | 430 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 431 | } |
| nexpaq | 0:6c56fb4bc5f0 | 432 | #endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */ |
| nexpaq | 0:6c56fb4bc5f0 | 433 | |
| nexpaq | 0:6c56fb4bc5f0 | 434 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 435 | * Use EC parameters to initialise an EC group |
| nexpaq | 0:6c56fb4bc5f0 | 436 | * |
| nexpaq | 0:6c56fb4bc5f0 | 437 | * ECParameters ::= CHOICE { |
| nexpaq | 0:6c56fb4bc5f0 | 438 | * namedCurve OBJECT IDENTIFIER |
| nexpaq | 0:6c56fb4bc5f0 | 439 | * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... } |
| nexpaq | 0:6c56fb4bc5f0 | 440 | * -- implicitCurve NULL |
| nexpaq | 0:6c56fb4bc5f0 | 441 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 442 | static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp ) |
| nexpaq | 0:6c56fb4bc5f0 | 443 | { |
| nexpaq | 0:6c56fb4bc5f0 | 444 | int ret; |
| nexpaq | 0:6c56fb4bc5f0 | 445 | mbedtls_ecp_group_id grp_id; |
| nexpaq | 0:6c56fb4bc5f0 | 446 | |
| nexpaq | 0:6c56fb4bc5f0 | 447 | if( params->tag == MBEDTLS_ASN1_OID ) |
| nexpaq | 0:6c56fb4bc5f0 | 448 | { |
| nexpaq | 0:6c56fb4bc5f0 | 449 | if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 450 | return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE ); |
| nexpaq | 0:6c56fb4bc5f0 | 451 | } |
| nexpaq | 0:6c56fb4bc5f0 | 452 | else |
| nexpaq | 0:6c56fb4bc5f0 | 453 | { |
| nexpaq | 0:6c56fb4bc5f0 | 454 | #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) |
| nexpaq | 0:6c56fb4bc5f0 | 455 | if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 456 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 457 | #else |
| nexpaq | 0:6c56fb4bc5f0 | 458 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); |
| nexpaq | 0:6c56fb4bc5f0 | 459 | #endif |
| nexpaq | 0:6c56fb4bc5f0 | 460 | } |
| nexpaq | 0:6c56fb4bc5f0 | 461 | |
| nexpaq | 0:6c56fb4bc5f0 | 462 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 463 | * grp may already be initilialized; if so, make sure IDs match |
| nexpaq | 0:6c56fb4bc5f0 | 464 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 465 | if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id ) |
| nexpaq | 0:6c56fb4bc5f0 | 466 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); |
| nexpaq | 0:6c56fb4bc5f0 | 467 | |
| nexpaq | 0:6c56fb4bc5f0 | 468 | if( ( ret = mbedtls_ecp_group_load( grp, grp_id ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 469 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 470 | |
| nexpaq | 0:6c56fb4bc5f0 | 471 | return( 0 ); |
| nexpaq | 0:6c56fb4bc5f0 | 472 | } |
| nexpaq | 0:6c56fb4bc5f0 | 473 | |
| nexpaq | 0:6c56fb4bc5f0 | 474 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 475 | * EC public key is an EC point |
| nexpaq | 0:6c56fb4bc5f0 | 476 | * |
| nexpaq | 0:6c56fb4bc5f0 | 477 | * The caller is responsible for clearing the structure upon failure if |
| nexpaq | 0:6c56fb4bc5f0 | 478 | * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE |
| nexpaq | 0:6c56fb4bc5f0 | 479 | * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state. |
| nexpaq | 0:6c56fb4bc5f0 | 480 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 481 | static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end, |
| nexpaq | 0:6c56fb4bc5f0 | 482 | mbedtls_ecp_keypair *key ) |
| nexpaq | 0:6c56fb4bc5f0 | 483 | { |
| nexpaq | 0:6c56fb4bc5f0 | 484 | int ret; |
| nexpaq | 0:6c56fb4bc5f0 | 485 | |
| nexpaq | 0:6c56fb4bc5f0 | 486 | if( ( ret = mbedtls_ecp_point_read_binary( &key->grp, &key->Q, |
| nexpaq | 0:6c56fb4bc5f0 | 487 | (const unsigned char *) *p, end - *p ) ) == 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 488 | { |
| nexpaq | 0:6c56fb4bc5f0 | 489 | ret = mbedtls_ecp_check_pubkey( &key->grp, &key->Q ); |
| nexpaq | 0:6c56fb4bc5f0 | 490 | } |
| nexpaq | 0:6c56fb4bc5f0 | 491 | |
| nexpaq | 0:6c56fb4bc5f0 | 492 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 493 | * We know mbedtls_ecp_point_read_binary consumed all bytes or failed |
| nexpaq | 0:6c56fb4bc5f0 | 494 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 495 | *p = (unsigned char *) end; |
| nexpaq | 0:6c56fb4bc5f0 | 496 | |
| nexpaq | 0:6c56fb4bc5f0 | 497 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 498 | } |
| nexpaq | 0:6c56fb4bc5f0 | 499 | #endif /* MBEDTLS_ECP_C */ |
| nexpaq | 0:6c56fb4bc5f0 | 500 | |
| nexpaq | 0:6c56fb4bc5f0 | 501 | #if defined(MBEDTLS_RSA_C) |
| nexpaq | 0:6c56fb4bc5f0 | 502 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 503 | * RSAPublicKey ::= SEQUENCE { |
| nexpaq | 0:6c56fb4bc5f0 | 504 | * modulus INTEGER, -- n |
| nexpaq | 0:6c56fb4bc5f0 | 505 | * publicExponent INTEGER -- e |
| nexpaq | 0:6c56fb4bc5f0 | 506 | * } |
| nexpaq | 0:6c56fb4bc5f0 | 507 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 508 | static int pk_get_rsapubkey( unsigned char **p, |
| nexpaq | 0:6c56fb4bc5f0 | 509 | const unsigned char *end, |
| nexpaq | 0:6c56fb4bc5f0 | 510 | mbedtls_rsa_context *rsa ) |
| nexpaq | 0:6c56fb4bc5f0 | 511 | { |
| nexpaq | 0:6c56fb4bc5f0 | 512 | int ret; |
| nexpaq | 0:6c56fb4bc5f0 | 513 | size_t len; |
| nexpaq | 0:6c56fb4bc5f0 | 514 | |
| nexpaq | 0:6c56fb4bc5f0 | 515 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len, |
| nexpaq | 0:6c56fb4bc5f0 | 516 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 517 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 518 | |
| nexpaq | 0:6c56fb4bc5f0 | 519 | if( *p + len != end ) |
| nexpaq | 0:6c56fb4bc5f0 | 520 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY + |
| nexpaq | 0:6c56fb4bc5f0 | 521 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); |
| nexpaq | 0:6c56fb4bc5f0 | 522 | |
| nexpaq | 0:6c56fb4bc5f0 | 523 | if( ( ret = mbedtls_asn1_get_mpi( p, end, &rsa->N ) ) != 0 || |
| nexpaq | 0:6c56fb4bc5f0 | 524 | ( ret = mbedtls_asn1_get_mpi( p, end, &rsa->E ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 525 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 526 | |
| nexpaq | 0:6c56fb4bc5f0 | 527 | if( *p != end ) |
| nexpaq | 0:6c56fb4bc5f0 | 528 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY + |
| nexpaq | 0:6c56fb4bc5f0 | 529 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); |
| nexpaq | 0:6c56fb4bc5f0 | 530 | |
| nexpaq | 0:6c56fb4bc5f0 | 531 | if( ( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 532 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); |
| nexpaq | 0:6c56fb4bc5f0 | 533 | |
| nexpaq | 0:6c56fb4bc5f0 | 534 | rsa->len = mbedtls_mpi_size( &rsa->N ); |
| nexpaq | 0:6c56fb4bc5f0 | 535 | |
| nexpaq | 0:6c56fb4bc5f0 | 536 | return( 0 ); |
| nexpaq | 0:6c56fb4bc5f0 | 537 | } |
| nexpaq | 0:6c56fb4bc5f0 | 538 | #endif /* MBEDTLS_RSA_C */ |
| nexpaq | 0:6c56fb4bc5f0 | 539 | |
| nexpaq | 0:6c56fb4bc5f0 | 540 | /* Get a PK algorithm identifier |
| nexpaq | 0:6c56fb4bc5f0 | 541 | * |
| nexpaq | 0:6c56fb4bc5f0 | 542 | * AlgorithmIdentifier ::= SEQUENCE { |
| nexpaq | 0:6c56fb4bc5f0 | 543 | * algorithm OBJECT IDENTIFIER, |
| nexpaq | 0:6c56fb4bc5f0 | 544 | * parameters ANY DEFINED BY algorithm OPTIONAL } |
| nexpaq | 0:6c56fb4bc5f0 | 545 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 546 | static int pk_get_pk_alg( unsigned char **p, |
| nexpaq | 0:6c56fb4bc5f0 | 547 | const unsigned char *end, |
| nexpaq | 0:6c56fb4bc5f0 | 548 | mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params ) |
| nexpaq | 0:6c56fb4bc5f0 | 549 | { |
| nexpaq | 0:6c56fb4bc5f0 | 550 | int ret; |
| nexpaq | 0:6c56fb4bc5f0 | 551 | mbedtls_asn1_buf alg_oid; |
| nexpaq | 0:6c56fb4bc5f0 | 552 | |
| nexpaq | 0:6c56fb4bc5f0 | 553 | memset( params, 0, sizeof(mbedtls_asn1_buf) ); |
| nexpaq | 0:6c56fb4bc5f0 | 554 | |
| nexpaq | 0:6c56fb4bc5f0 | 555 | if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 556 | return( MBEDTLS_ERR_PK_INVALID_ALG + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 557 | |
| nexpaq | 0:6c56fb4bc5f0 | 558 | if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 559 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); |
| nexpaq | 0:6c56fb4bc5f0 | 560 | |
| nexpaq | 0:6c56fb4bc5f0 | 561 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 562 | * No parameters with RSA (only for EC) |
| nexpaq | 0:6c56fb4bc5f0 | 563 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 564 | if( *pk_alg == MBEDTLS_PK_RSA && |
| nexpaq | 0:6c56fb4bc5f0 | 565 | ( ( params->tag != MBEDTLS_ASN1_NULL && params->tag != 0 ) || |
| nexpaq | 0:6c56fb4bc5f0 | 566 | params->len != 0 ) ) |
| nexpaq | 0:6c56fb4bc5f0 | 567 | { |
| nexpaq | 0:6c56fb4bc5f0 | 568 | return( MBEDTLS_ERR_PK_INVALID_ALG ); |
| nexpaq | 0:6c56fb4bc5f0 | 569 | } |
| nexpaq | 0:6c56fb4bc5f0 | 570 | |
| nexpaq | 0:6c56fb4bc5f0 | 571 | return( 0 ); |
| nexpaq | 0:6c56fb4bc5f0 | 572 | } |
| nexpaq | 0:6c56fb4bc5f0 | 573 | |
| nexpaq | 0:6c56fb4bc5f0 | 574 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 575 | * SubjectPublicKeyInfo ::= SEQUENCE { |
| nexpaq | 0:6c56fb4bc5f0 | 576 | * algorithm AlgorithmIdentifier, |
| nexpaq | 0:6c56fb4bc5f0 | 577 | * subjectPublicKey BIT STRING } |
| nexpaq | 0:6c56fb4bc5f0 | 578 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 579 | int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, |
| nexpaq | 0:6c56fb4bc5f0 | 580 | mbedtls_pk_context *pk ) |
| nexpaq | 0:6c56fb4bc5f0 | 581 | { |
| nexpaq | 0:6c56fb4bc5f0 | 582 | int ret; |
| nexpaq | 0:6c56fb4bc5f0 | 583 | size_t len; |
| nexpaq | 0:6c56fb4bc5f0 | 584 | mbedtls_asn1_buf alg_params; |
| nexpaq | 0:6c56fb4bc5f0 | 585 | mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; |
| nexpaq | 0:6c56fb4bc5f0 | 586 | const mbedtls_pk_info_t *pk_info; |
| nexpaq | 0:6c56fb4bc5f0 | 587 | |
| nexpaq | 0:6c56fb4bc5f0 | 588 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len, |
| nexpaq | 0:6c56fb4bc5f0 | 589 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 590 | { |
| nexpaq | 0:6c56fb4bc5f0 | 591 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 592 | } |
| nexpaq | 0:6c56fb4bc5f0 | 593 | |
| nexpaq | 0:6c56fb4bc5f0 | 594 | end = *p + len; |
| nexpaq | 0:6c56fb4bc5f0 | 595 | |
| nexpaq | 0:6c56fb4bc5f0 | 596 | if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 597 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 598 | |
| nexpaq | 0:6c56fb4bc5f0 | 599 | if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 600 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 601 | |
| nexpaq | 0:6c56fb4bc5f0 | 602 | if( *p + len != end ) |
| nexpaq | 0:6c56fb4bc5f0 | 603 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY + |
| nexpaq | 0:6c56fb4bc5f0 | 604 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); |
| nexpaq | 0:6c56fb4bc5f0 | 605 | |
| nexpaq | 0:6c56fb4bc5f0 | 606 | if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL ) |
| nexpaq | 0:6c56fb4bc5f0 | 607 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); |
| nexpaq | 0:6c56fb4bc5f0 | 608 | |
| nexpaq | 0:6c56fb4bc5f0 | 609 | if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 610 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 611 | |
| nexpaq | 0:6c56fb4bc5f0 | 612 | #if defined(MBEDTLS_RSA_C) |
| nexpaq | 0:6c56fb4bc5f0 | 613 | if( pk_alg == MBEDTLS_PK_RSA ) |
| nexpaq | 0:6c56fb4bc5f0 | 614 | { |
| nexpaq | 0:6c56fb4bc5f0 | 615 | ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) ); |
| nexpaq | 0:6c56fb4bc5f0 | 616 | } else |
| nexpaq | 0:6c56fb4bc5f0 | 617 | #endif /* MBEDTLS_RSA_C */ |
| nexpaq | 0:6c56fb4bc5f0 | 618 | #if defined(MBEDTLS_ECP_C) |
| nexpaq | 0:6c56fb4bc5f0 | 619 | if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY ) |
| nexpaq | 0:6c56fb4bc5f0 | 620 | { |
| nexpaq | 0:6c56fb4bc5f0 | 621 | ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp ); |
| nexpaq | 0:6c56fb4bc5f0 | 622 | if( ret == 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 623 | ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) ); |
| nexpaq | 0:6c56fb4bc5f0 | 624 | } else |
| nexpaq | 0:6c56fb4bc5f0 | 625 | #endif /* MBEDTLS_ECP_C */ |
| nexpaq | 0:6c56fb4bc5f0 | 626 | ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; |
| nexpaq | 0:6c56fb4bc5f0 | 627 | |
| nexpaq | 0:6c56fb4bc5f0 | 628 | if( ret == 0 && *p != end ) |
| nexpaq | 0:6c56fb4bc5f0 | 629 | ret = MBEDTLS_ERR_PK_INVALID_PUBKEY |
| nexpaq | 0:6c56fb4bc5f0 | 630 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; |
| nexpaq | 0:6c56fb4bc5f0 | 631 | |
| nexpaq | 0:6c56fb4bc5f0 | 632 | if( ret != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 633 | mbedtls_pk_free( pk ); |
| nexpaq | 0:6c56fb4bc5f0 | 634 | |
| nexpaq | 0:6c56fb4bc5f0 | 635 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 636 | } |
| nexpaq | 0:6c56fb4bc5f0 | 637 | |
| nexpaq | 0:6c56fb4bc5f0 | 638 | #if defined(MBEDTLS_RSA_C) |
| nexpaq | 0:6c56fb4bc5f0 | 639 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 640 | * Parse a PKCS#1 encoded private RSA key |
| nexpaq | 0:6c56fb4bc5f0 | 641 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 642 | static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, |
| nexpaq | 0:6c56fb4bc5f0 | 643 | const unsigned char *key, |
| nexpaq | 0:6c56fb4bc5f0 | 644 | size_t keylen ) |
| nexpaq | 0:6c56fb4bc5f0 | 645 | { |
| nexpaq | 0:6c56fb4bc5f0 | 646 | int ret; |
| nexpaq | 0:6c56fb4bc5f0 | 647 | size_t len; |
| nexpaq | 0:6c56fb4bc5f0 | 648 | unsigned char *p, *end; |
| nexpaq | 0:6c56fb4bc5f0 | 649 | |
| nexpaq | 0:6c56fb4bc5f0 | 650 | p = (unsigned char *) key; |
| nexpaq | 0:6c56fb4bc5f0 | 651 | end = p + keylen; |
| nexpaq | 0:6c56fb4bc5f0 | 652 | |
| nexpaq | 0:6c56fb4bc5f0 | 653 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 654 | * This function parses the RSAPrivateKey (PKCS#1) |
| nexpaq | 0:6c56fb4bc5f0 | 655 | * |
| nexpaq | 0:6c56fb4bc5f0 | 656 | * RSAPrivateKey ::= SEQUENCE { |
| nexpaq | 0:6c56fb4bc5f0 | 657 | * version Version, |
| nexpaq | 0:6c56fb4bc5f0 | 658 | * modulus INTEGER, -- n |
| nexpaq | 0:6c56fb4bc5f0 | 659 | * publicExponent INTEGER, -- e |
| nexpaq | 0:6c56fb4bc5f0 | 660 | * privateExponent INTEGER, -- d |
| nexpaq | 0:6c56fb4bc5f0 | 661 | * prime1 INTEGER, -- p |
| nexpaq | 0:6c56fb4bc5f0 | 662 | * prime2 INTEGER, -- q |
| nexpaq | 0:6c56fb4bc5f0 | 663 | * exponent1 INTEGER, -- d mod (p-1) |
| nexpaq | 0:6c56fb4bc5f0 | 664 | * exponent2 INTEGER, -- d mod (q-1) |
| nexpaq | 0:6c56fb4bc5f0 | 665 | * coefficient INTEGER, -- (inverse of q) mod p |
| nexpaq | 0:6c56fb4bc5f0 | 666 | * otherPrimeInfos OtherPrimeInfos OPTIONAL |
| nexpaq | 0:6c56fb4bc5f0 | 667 | * } |
| nexpaq | 0:6c56fb4bc5f0 | 668 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 669 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, |
| nexpaq | 0:6c56fb4bc5f0 | 670 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 671 | { |
| nexpaq | 0:6c56fb4bc5f0 | 672 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 673 | } |
| nexpaq | 0:6c56fb4bc5f0 | 674 | |
| nexpaq | 0:6c56fb4bc5f0 | 675 | end = p + len; |
| nexpaq | 0:6c56fb4bc5f0 | 676 | |
| nexpaq | 0:6c56fb4bc5f0 | 677 | if( ( ret = mbedtls_asn1_get_int( &p, end, &rsa->ver ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 678 | { |
| nexpaq | 0:6c56fb4bc5f0 | 679 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 680 | } |
| nexpaq | 0:6c56fb4bc5f0 | 681 | |
| nexpaq | 0:6c56fb4bc5f0 | 682 | if( rsa->ver != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 683 | { |
| nexpaq | 0:6c56fb4bc5f0 | 684 | return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); |
| nexpaq | 0:6c56fb4bc5f0 | 685 | } |
| nexpaq | 0:6c56fb4bc5f0 | 686 | |
| nexpaq | 0:6c56fb4bc5f0 | 687 | if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->N ) ) != 0 || |
| nexpaq | 0:6c56fb4bc5f0 | 688 | ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->E ) ) != 0 || |
| nexpaq | 0:6c56fb4bc5f0 | 689 | ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->D ) ) != 0 || |
| nexpaq | 0:6c56fb4bc5f0 | 690 | ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->P ) ) != 0 || |
| nexpaq | 0:6c56fb4bc5f0 | 691 | ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 || |
| nexpaq | 0:6c56fb4bc5f0 | 692 | ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 || |
| nexpaq | 0:6c56fb4bc5f0 | 693 | ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 || |
| nexpaq | 0:6c56fb4bc5f0 | 694 | ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 695 | { |
| nexpaq | 0:6c56fb4bc5f0 | 696 | mbedtls_rsa_free( rsa ); |
| nexpaq | 0:6c56fb4bc5f0 | 697 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 698 | } |
| nexpaq | 0:6c56fb4bc5f0 | 699 | |
| nexpaq | 0:6c56fb4bc5f0 | 700 | rsa->len = mbedtls_mpi_size( &rsa->N ); |
| nexpaq | 0:6c56fb4bc5f0 | 701 | |
| nexpaq | 0:6c56fb4bc5f0 | 702 | if( p != end ) |
| nexpaq | 0:6c56fb4bc5f0 | 703 | { |
| nexpaq | 0:6c56fb4bc5f0 | 704 | mbedtls_rsa_free( rsa ); |
| nexpaq | 0:6c56fb4bc5f0 | 705 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + |
| nexpaq | 0:6c56fb4bc5f0 | 706 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); |
| nexpaq | 0:6c56fb4bc5f0 | 707 | } |
| nexpaq | 0:6c56fb4bc5f0 | 708 | |
| nexpaq | 0:6c56fb4bc5f0 | 709 | if( ( ret = mbedtls_rsa_check_privkey( rsa ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 710 | { |
| nexpaq | 0:6c56fb4bc5f0 | 711 | mbedtls_rsa_free( rsa ); |
| nexpaq | 0:6c56fb4bc5f0 | 712 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 713 | } |
| nexpaq | 0:6c56fb4bc5f0 | 714 | |
| nexpaq | 0:6c56fb4bc5f0 | 715 | return( 0 ); |
| nexpaq | 0:6c56fb4bc5f0 | 716 | } |
| nexpaq | 0:6c56fb4bc5f0 | 717 | #endif /* MBEDTLS_RSA_C */ |
| nexpaq | 0:6c56fb4bc5f0 | 718 | |
| nexpaq | 0:6c56fb4bc5f0 | 719 | #if defined(MBEDTLS_ECP_C) |
| nexpaq | 0:6c56fb4bc5f0 | 720 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 721 | * Parse a SEC1 encoded private EC key |
| nexpaq | 0:6c56fb4bc5f0 | 722 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 723 | static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, |
| nexpaq | 0:6c56fb4bc5f0 | 724 | const unsigned char *key, |
| nexpaq | 0:6c56fb4bc5f0 | 725 | size_t keylen ) |
| nexpaq | 0:6c56fb4bc5f0 | 726 | { |
| nexpaq | 0:6c56fb4bc5f0 | 727 | int ret; |
| nexpaq | 0:6c56fb4bc5f0 | 728 | int version, pubkey_done; |
| nexpaq | 0:6c56fb4bc5f0 | 729 | size_t len; |
| nexpaq | 0:6c56fb4bc5f0 | 730 | mbedtls_asn1_buf params; |
| nexpaq | 0:6c56fb4bc5f0 | 731 | unsigned char *p = (unsigned char *) key; |
| nexpaq | 0:6c56fb4bc5f0 | 732 | unsigned char *end = p + keylen; |
| nexpaq | 0:6c56fb4bc5f0 | 733 | unsigned char *end2; |
| nexpaq | 0:6c56fb4bc5f0 | 734 | |
| nexpaq | 0:6c56fb4bc5f0 | 735 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 736 | * RFC 5915, or SEC1 Appendix C.4 |
| nexpaq | 0:6c56fb4bc5f0 | 737 | * |
| nexpaq | 0:6c56fb4bc5f0 | 738 | * ECPrivateKey ::= SEQUENCE { |
| nexpaq | 0:6c56fb4bc5f0 | 739 | * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), |
| nexpaq | 0:6c56fb4bc5f0 | 740 | * privateKey OCTET STRING, |
| nexpaq | 0:6c56fb4bc5f0 | 741 | * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, |
| nexpaq | 0:6c56fb4bc5f0 | 742 | * publicKey [1] BIT STRING OPTIONAL |
| nexpaq | 0:6c56fb4bc5f0 | 743 | * } |
| nexpaq | 0:6c56fb4bc5f0 | 744 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 745 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, |
| nexpaq | 0:6c56fb4bc5f0 | 746 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 747 | { |
| nexpaq | 0:6c56fb4bc5f0 | 748 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 749 | } |
| nexpaq | 0:6c56fb4bc5f0 | 750 | |
| nexpaq | 0:6c56fb4bc5f0 | 751 | end = p + len; |
| nexpaq | 0:6c56fb4bc5f0 | 752 | |
| nexpaq | 0:6c56fb4bc5f0 | 753 | if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 754 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 755 | |
| nexpaq | 0:6c56fb4bc5f0 | 756 | if( version != 1 ) |
| nexpaq | 0:6c56fb4bc5f0 | 757 | return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); |
| nexpaq | 0:6c56fb4bc5f0 | 758 | |
| nexpaq | 0:6c56fb4bc5f0 | 759 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 760 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 761 | |
| nexpaq | 0:6c56fb4bc5f0 | 762 | if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 763 | { |
| nexpaq | 0:6c56fb4bc5f0 | 764 | mbedtls_ecp_keypair_free( eck ); |
| nexpaq | 0:6c56fb4bc5f0 | 765 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 766 | } |
| nexpaq | 0:6c56fb4bc5f0 | 767 | |
| nexpaq | 0:6c56fb4bc5f0 | 768 | p += len; |
| nexpaq | 0:6c56fb4bc5f0 | 769 | |
| nexpaq | 0:6c56fb4bc5f0 | 770 | pubkey_done = 0; |
| nexpaq | 0:6c56fb4bc5f0 | 771 | if( p != end ) |
| nexpaq | 0:6c56fb4bc5f0 | 772 | { |
| nexpaq | 0:6c56fb4bc5f0 | 773 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 774 | * Is 'parameters' present? |
| nexpaq | 0:6c56fb4bc5f0 | 775 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 776 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, |
| nexpaq | 0:6c56fb4bc5f0 | 777 | MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 778 | { |
| nexpaq | 0:6c56fb4bc5f0 | 779 | if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 || |
| nexpaq | 0:6c56fb4bc5f0 | 780 | ( ret = pk_use_ecparams( ¶ms, &eck->grp ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 781 | { |
| nexpaq | 0:6c56fb4bc5f0 | 782 | mbedtls_ecp_keypair_free( eck ); |
| nexpaq | 0:6c56fb4bc5f0 | 783 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 784 | } |
| nexpaq | 0:6c56fb4bc5f0 | 785 | } |
| nexpaq | 0:6c56fb4bc5f0 | 786 | else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) |
| nexpaq | 0:6c56fb4bc5f0 | 787 | { |
| nexpaq | 0:6c56fb4bc5f0 | 788 | mbedtls_ecp_keypair_free( eck ); |
| nexpaq | 0:6c56fb4bc5f0 | 789 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 790 | } |
| nexpaq | 0:6c56fb4bc5f0 | 791 | |
| nexpaq | 0:6c56fb4bc5f0 | 792 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 793 | * Is 'publickey' present? If not, or if we can't read it (eg because it |
| nexpaq | 0:6c56fb4bc5f0 | 794 | * is compressed), create it from the private key. |
| nexpaq | 0:6c56fb4bc5f0 | 795 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 796 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, |
| nexpaq | 0:6c56fb4bc5f0 | 797 | MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 798 | { |
| nexpaq | 0:6c56fb4bc5f0 | 799 | end2 = p + len; |
| nexpaq | 0:6c56fb4bc5f0 | 800 | |
| nexpaq | 0:6c56fb4bc5f0 | 801 | if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 802 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 803 | |
| nexpaq | 0:6c56fb4bc5f0 | 804 | if( p + len != end2 ) |
| nexpaq | 0:6c56fb4bc5f0 | 805 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + |
| nexpaq | 0:6c56fb4bc5f0 | 806 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); |
| nexpaq | 0:6c56fb4bc5f0 | 807 | |
| nexpaq | 0:6c56fb4bc5f0 | 808 | if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 809 | pubkey_done = 1; |
| nexpaq | 0:6c56fb4bc5f0 | 810 | else |
| nexpaq | 0:6c56fb4bc5f0 | 811 | { |
| nexpaq | 0:6c56fb4bc5f0 | 812 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 813 | * The only acceptable failure mode of pk_get_ecpubkey() above |
| nexpaq | 0:6c56fb4bc5f0 | 814 | * is if the point format is not recognized. |
| nexpaq | 0:6c56fb4bc5f0 | 815 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 816 | if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ) |
| nexpaq | 0:6c56fb4bc5f0 | 817 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); |
| nexpaq | 0:6c56fb4bc5f0 | 818 | } |
| nexpaq | 0:6c56fb4bc5f0 | 819 | } |
| nexpaq | 0:6c56fb4bc5f0 | 820 | else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) |
| nexpaq | 0:6c56fb4bc5f0 | 821 | { |
| nexpaq | 0:6c56fb4bc5f0 | 822 | mbedtls_ecp_keypair_free( eck ); |
| nexpaq | 0:6c56fb4bc5f0 | 823 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 824 | } |
| nexpaq | 0:6c56fb4bc5f0 | 825 | } |
| nexpaq | 0:6c56fb4bc5f0 | 826 | |
| nexpaq | 0:6c56fb4bc5f0 | 827 | if( ! pubkey_done && |
| nexpaq | 0:6c56fb4bc5f0 | 828 | ( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G, |
| nexpaq | 0:6c56fb4bc5f0 | 829 | NULL, NULL ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 830 | { |
| nexpaq | 0:6c56fb4bc5f0 | 831 | mbedtls_ecp_keypair_free( eck ); |
| nexpaq | 0:6c56fb4bc5f0 | 832 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 833 | } |
| nexpaq | 0:6c56fb4bc5f0 | 834 | |
| nexpaq | 0:6c56fb4bc5f0 | 835 | if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 836 | { |
| nexpaq | 0:6c56fb4bc5f0 | 837 | mbedtls_ecp_keypair_free( eck ); |
| nexpaq | 0:6c56fb4bc5f0 | 838 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 839 | } |
| nexpaq | 0:6c56fb4bc5f0 | 840 | |
| nexpaq | 0:6c56fb4bc5f0 | 841 | return( 0 ); |
| nexpaq | 0:6c56fb4bc5f0 | 842 | } |
| nexpaq | 0:6c56fb4bc5f0 | 843 | #endif /* MBEDTLS_ECP_C */ |
| nexpaq | 0:6c56fb4bc5f0 | 844 | |
| nexpaq | 0:6c56fb4bc5f0 | 845 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 846 | * Parse an unencrypted PKCS#8 encoded private key |
| nexpaq | 0:6c56fb4bc5f0 | 847 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 848 | static int pk_parse_key_pkcs8_unencrypted_der( |
| nexpaq | 0:6c56fb4bc5f0 | 849 | mbedtls_pk_context *pk, |
| nexpaq | 0:6c56fb4bc5f0 | 850 | const unsigned char* key, |
| nexpaq | 0:6c56fb4bc5f0 | 851 | size_t keylen ) |
| nexpaq | 0:6c56fb4bc5f0 | 852 | { |
| nexpaq | 0:6c56fb4bc5f0 | 853 | int ret, version; |
| nexpaq | 0:6c56fb4bc5f0 | 854 | size_t len; |
| nexpaq | 0:6c56fb4bc5f0 | 855 | mbedtls_asn1_buf params; |
| nexpaq | 0:6c56fb4bc5f0 | 856 | unsigned char *p = (unsigned char *) key; |
| nexpaq | 0:6c56fb4bc5f0 | 857 | unsigned char *end = p + keylen; |
| nexpaq | 0:6c56fb4bc5f0 | 858 | mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; |
| nexpaq | 0:6c56fb4bc5f0 | 859 | const mbedtls_pk_info_t *pk_info; |
| nexpaq | 0:6c56fb4bc5f0 | 860 | |
| nexpaq | 0:6c56fb4bc5f0 | 861 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 862 | * This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208) |
| nexpaq | 0:6c56fb4bc5f0 | 863 | * |
| nexpaq | 0:6c56fb4bc5f0 | 864 | * PrivateKeyInfo ::= SEQUENCE { |
| nexpaq | 0:6c56fb4bc5f0 | 865 | * version Version, |
| nexpaq | 0:6c56fb4bc5f0 | 866 | * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, |
| nexpaq | 0:6c56fb4bc5f0 | 867 | * privateKey PrivateKey, |
| nexpaq | 0:6c56fb4bc5f0 | 868 | * attributes [0] IMPLICIT Attributes OPTIONAL } |
| nexpaq | 0:6c56fb4bc5f0 | 869 | * |
| nexpaq | 0:6c56fb4bc5f0 | 870 | * Version ::= INTEGER |
| nexpaq | 0:6c56fb4bc5f0 | 871 | * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier |
| nexpaq | 0:6c56fb4bc5f0 | 872 | * PrivateKey ::= OCTET STRING |
| nexpaq | 0:6c56fb4bc5f0 | 873 | * |
| nexpaq | 0:6c56fb4bc5f0 | 874 | * The PrivateKey OCTET STRING is a SEC1 ECPrivateKey |
| nexpaq | 0:6c56fb4bc5f0 | 875 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 876 | |
| nexpaq | 0:6c56fb4bc5f0 | 877 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, |
| nexpaq | 0:6c56fb4bc5f0 | 878 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 879 | { |
| nexpaq | 0:6c56fb4bc5f0 | 880 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 881 | } |
| nexpaq | 0:6c56fb4bc5f0 | 882 | |
| nexpaq | 0:6c56fb4bc5f0 | 883 | end = p + len; |
| nexpaq | 0:6c56fb4bc5f0 | 884 | |
| nexpaq | 0:6c56fb4bc5f0 | 885 | if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 886 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 887 | |
| nexpaq | 0:6c56fb4bc5f0 | 888 | if( version != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 889 | return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 890 | |
| nexpaq | 0:6c56fb4bc5f0 | 891 | if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 892 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 893 | |
| nexpaq | 0:6c56fb4bc5f0 | 894 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 895 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 896 | |
| nexpaq | 0:6c56fb4bc5f0 | 897 | if( len < 1 ) |
| nexpaq | 0:6c56fb4bc5f0 | 898 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + |
| nexpaq | 0:6c56fb4bc5f0 | 899 | MBEDTLS_ERR_ASN1_OUT_OF_DATA ); |
| nexpaq | 0:6c56fb4bc5f0 | 900 | |
| nexpaq | 0:6c56fb4bc5f0 | 901 | if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL ) |
| nexpaq | 0:6c56fb4bc5f0 | 902 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); |
| nexpaq | 0:6c56fb4bc5f0 | 903 | |
| nexpaq | 0:6c56fb4bc5f0 | 904 | if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 905 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 906 | |
| nexpaq | 0:6c56fb4bc5f0 | 907 | #if defined(MBEDTLS_RSA_C) |
| nexpaq | 0:6c56fb4bc5f0 | 908 | if( pk_alg == MBEDTLS_PK_RSA ) |
| nexpaq | 0:6c56fb4bc5f0 | 909 | { |
| nexpaq | 0:6c56fb4bc5f0 | 910 | if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 911 | { |
| nexpaq | 0:6c56fb4bc5f0 | 912 | mbedtls_pk_free( pk ); |
| nexpaq | 0:6c56fb4bc5f0 | 913 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 914 | } |
| nexpaq | 0:6c56fb4bc5f0 | 915 | } else |
| nexpaq | 0:6c56fb4bc5f0 | 916 | #endif /* MBEDTLS_RSA_C */ |
| nexpaq | 0:6c56fb4bc5f0 | 917 | #if defined(MBEDTLS_ECP_C) |
| nexpaq | 0:6c56fb4bc5f0 | 918 | if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH ) |
| nexpaq | 0:6c56fb4bc5f0 | 919 | { |
| nexpaq | 0:6c56fb4bc5f0 | 920 | if( ( ret = pk_use_ecparams( ¶ms, &mbedtls_pk_ec( *pk )->grp ) ) != 0 || |
| nexpaq | 0:6c56fb4bc5f0 | 921 | ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 922 | { |
| nexpaq | 0:6c56fb4bc5f0 | 923 | mbedtls_pk_free( pk ); |
| nexpaq | 0:6c56fb4bc5f0 | 924 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 925 | } |
| nexpaq | 0:6c56fb4bc5f0 | 926 | } else |
| nexpaq | 0:6c56fb4bc5f0 | 927 | #endif /* MBEDTLS_ECP_C */ |
| nexpaq | 0:6c56fb4bc5f0 | 928 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); |
| nexpaq | 0:6c56fb4bc5f0 | 929 | |
| nexpaq | 0:6c56fb4bc5f0 | 930 | return( 0 ); |
| nexpaq | 0:6c56fb4bc5f0 | 931 | } |
| nexpaq | 0:6c56fb4bc5f0 | 932 | |
| nexpaq | 0:6c56fb4bc5f0 | 933 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 934 | * Parse an encrypted PKCS#8 encoded private key |
| nexpaq | 0:6c56fb4bc5f0 | 935 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 936 | #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) |
| nexpaq | 0:6c56fb4bc5f0 | 937 | static int pk_parse_key_pkcs8_encrypted_der( |
| nexpaq | 0:6c56fb4bc5f0 | 938 | mbedtls_pk_context *pk, |
| nexpaq | 0:6c56fb4bc5f0 | 939 | const unsigned char *key, size_t keylen, |
| nexpaq | 0:6c56fb4bc5f0 | 940 | const unsigned char *pwd, size_t pwdlen ) |
| nexpaq | 0:6c56fb4bc5f0 | 941 | { |
| nexpaq | 0:6c56fb4bc5f0 | 942 | int ret, decrypted = 0; |
| nexpaq | 0:6c56fb4bc5f0 | 943 | size_t len; |
| nexpaq | 0:6c56fb4bc5f0 | 944 | unsigned char buf[2048]; |
| nexpaq | 0:6c56fb4bc5f0 | 945 | unsigned char *p, *end; |
| nexpaq | 0:6c56fb4bc5f0 | 946 | mbedtls_asn1_buf pbe_alg_oid, pbe_params; |
| nexpaq | 0:6c56fb4bc5f0 | 947 | #if defined(MBEDTLS_PKCS12_C) |
| nexpaq | 0:6c56fb4bc5f0 | 948 | mbedtls_cipher_type_t cipher_alg; |
| nexpaq | 0:6c56fb4bc5f0 | 949 | mbedtls_md_type_t md_alg; |
| nexpaq | 0:6c56fb4bc5f0 | 950 | #endif |
| nexpaq | 0:6c56fb4bc5f0 | 951 | |
| nexpaq | 0:6c56fb4bc5f0 | 952 | memset( buf, 0, sizeof( buf ) ); |
| nexpaq | 0:6c56fb4bc5f0 | 953 | |
| nexpaq | 0:6c56fb4bc5f0 | 954 | p = (unsigned char *) key; |
| nexpaq | 0:6c56fb4bc5f0 | 955 | end = p + keylen; |
| nexpaq | 0:6c56fb4bc5f0 | 956 | |
| nexpaq | 0:6c56fb4bc5f0 | 957 | if( pwdlen == 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 958 | return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); |
| nexpaq | 0:6c56fb4bc5f0 | 959 | |
| nexpaq | 0:6c56fb4bc5f0 | 960 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 961 | * This function parses the EncryptedPrivatKeyInfo object (PKCS#8) |
| nexpaq | 0:6c56fb4bc5f0 | 962 | * |
| nexpaq | 0:6c56fb4bc5f0 | 963 | * EncryptedPrivateKeyInfo ::= SEQUENCE { |
| nexpaq | 0:6c56fb4bc5f0 | 964 | * encryptionAlgorithm EncryptionAlgorithmIdentifier, |
| nexpaq | 0:6c56fb4bc5f0 | 965 | * encryptedData EncryptedData |
| nexpaq | 0:6c56fb4bc5f0 | 966 | * } |
| nexpaq | 0:6c56fb4bc5f0 | 967 | * |
| nexpaq | 0:6c56fb4bc5f0 | 968 | * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier |
| nexpaq | 0:6c56fb4bc5f0 | 969 | * |
| nexpaq | 0:6c56fb4bc5f0 | 970 | * EncryptedData ::= OCTET STRING |
| nexpaq | 0:6c56fb4bc5f0 | 971 | * |
| nexpaq | 0:6c56fb4bc5f0 | 972 | * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo |
| nexpaq | 0:6c56fb4bc5f0 | 973 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 974 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, |
| nexpaq | 0:6c56fb4bc5f0 | 975 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 976 | { |
| nexpaq | 0:6c56fb4bc5f0 | 977 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 978 | } |
| nexpaq | 0:6c56fb4bc5f0 | 979 | |
| nexpaq | 0:6c56fb4bc5f0 | 980 | end = p + len; |
| nexpaq | 0:6c56fb4bc5f0 | 981 | |
| nexpaq | 0:6c56fb4bc5f0 | 982 | if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 983 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 984 | |
| nexpaq | 0:6c56fb4bc5f0 | 985 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 986 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 987 | |
| nexpaq | 0:6c56fb4bc5f0 | 988 | if( len > sizeof( buf ) ) |
| nexpaq | 0:6c56fb4bc5f0 | 989 | return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); |
| nexpaq | 0:6c56fb4bc5f0 | 990 | |
| nexpaq | 0:6c56fb4bc5f0 | 991 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 992 | * Decrypt EncryptedData with appropriate PDE |
| nexpaq | 0:6c56fb4bc5f0 | 993 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 994 | #if defined(MBEDTLS_PKCS12_C) |
| nexpaq | 0:6c56fb4bc5f0 | 995 | if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 996 | { |
| nexpaq | 0:6c56fb4bc5f0 | 997 | if( ( ret = mbedtls_pkcs12_pbe( &pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, |
| nexpaq | 0:6c56fb4bc5f0 | 998 | cipher_alg, md_alg, |
| nexpaq | 0:6c56fb4bc5f0 | 999 | pwd, pwdlen, p, len, buf ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 1000 | { |
| nexpaq | 0:6c56fb4bc5f0 | 1001 | if( ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH ) |
| nexpaq | 0:6c56fb4bc5f0 | 1002 | return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); |
| nexpaq | 0:6c56fb4bc5f0 | 1003 | |
| nexpaq | 0:6c56fb4bc5f0 | 1004 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 1005 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1006 | |
| nexpaq | 0:6c56fb4bc5f0 | 1007 | decrypted = 1; |
| nexpaq | 0:6c56fb4bc5f0 | 1008 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1009 | else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 1010 | { |
| nexpaq | 0:6c56fb4bc5f0 | 1011 | if( ( ret = mbedtls_pkcs12_pbe_sha1_rc4_128( &pbe_params, |
| nexpaq | 0:6c56fb4bc5f0 | 1012 | MBEDTLS_PKCS12_PBE_DECRYPT, |
| nexpaq | 0:6c56fb4bc5f0 | 1013 | pwd, pwdlen, |
| nexpaq | 0:6c56fb4bc5f0 | 1014 | p, len, buf ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 1015 | { |
| nexpaq | 0:6c56fb4bc5f0 | 1016 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 1017 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1018 | |
| nexpaq | 0:6c56fb4bc5f0 | 1019 | // Best guess for password mismatch when using RC4. If first tag is |
| nexpaq | 0:6c56fb4bc5f0 | 1020 | // not MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE |
| nexpaq | 0:6c56fb4bc5f0 | 1021 | // |
| nexpaq | 0:6c56fb4bc5f0 | 1022 | if( *buf != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) |
| nexpaq | 0:6c56fb4bc5f0 | 1023 | return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); |
| nexpaq | 0:6c56fb4bc5f0 | 1024 | |
| nexpaq | 0:6c56fb4bc5f0 | 1025 | decrypted = 1; |
| nexpaq | 0:6c56fb4bc5f0 | 1026 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1027 | else |
| nexpaq | 0:6c56fb4bc5f0 | 1028 | #endif /* MBEDTLS_PKCS12_C */ |
| nexpaq | 0:6c56fb4bc5f0 | 1029 | #if defined(MBEDTLS_PKCS5_C) |
| nexpaq | 0:6c56fb4bc5f0 | 1030 | if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid ) == 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 1031 | { |
| nexpaq | 0:6c56fb4bc5f0 | 1032 | if( ( ret = mbedtls_pkcs5_pbes2( &pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen, |
| nexpaq | 0:6c56fb4bc5f0 | 1033 | p, len, buf ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 1034 | { |
| nexpaq | 0:6c56fb4bc5f0 | 1035 | if( ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH ) |
| nexpaq | 0:6c56fb4bc5f0 | 1036 | return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); |
| nexpaq | 0:6c56fb4bc5f0 | 1037 | |
| nexpaq | 0:6c56fb4bc5f0 | 1038 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 1039 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1040 | |
| nexpaq | 0:6c56fb4bc5f0 | 1041 | decrypted = 1; |
| nexpaq | 0:6c56fb4bc5f0 | 1042 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1043 | else |
| nexpaq | 0:6c56fb4bc5f0 | 1044 | #endif /* MBEDTLS_PKCS5_C */ |
| nexpaq | 0:6c56fb4bc5f0 | 1045 | { |
| nexpaq | 0:6c56fb4bc5f0 | 1046 | ((void) pwd); |
| nexpaq | 0:6c56fb4bc5f0 | 1047 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1048 | |
| nexpaq | 0:6c56fb4bc5f0 | 1049 | if( decrypted == 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 1050 | return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); |
| nexpaq | 0:6c56fb4bc5f0 | 1051 | |
| nexpaq | 0:6c56fb4bc5f0 | 1052 | return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) ); |
| nexpaq | 0:6c56fb4bc5f0 | 1053 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1054 | #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ |
| nexpaq | 0:6c56fb4bc5f0 | 1055 | |
| nexpaq | 0:6c56fb4bc5f0 | 1056 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 1057 | * Parse a private key |
| nexpaq | 0:6c56fb4bc5f0 | 1058 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 1059 | int mbedtls_pk_parse_key( mbedtls_pk_context *pk, |
| nexpaq | 0:6c56fb4bc5f0 | 1060 | const unsigned char *key, size_t keylen, |
| nexpaq | 0:6c56fb4bc5f0 | 1061 | const unsigned char *pwd, size_t pwdlen ) |
| nexpaq | 0:6c56fb4bc5f0 | 1062 | { |
| nexpaq | 0:6c56fb4bc5f0 | 1063 | int ret; |
| nexpaq | 0:6c56fb4bc5f0 | 1064 | const mbedtls_pk_info_t *pk_info; |
| nexpaq | 0:6c56fb4bc5f0 | 1065 | |
| nexpaq | 0:6c56fb4bc5f0 | 1066 | #if defined(MBEDTLS_PEM_PARSE_C) |
| nexpaq | 0:6c56fb4bc5f0 | 1067 | size_t len; |
| nexpaq | 0:6c56fb4bc5f0 | 1068 | mbedtls_pem_context pem; |
| nexpaq | 0:6c56fb4bc5f0 | 1069 | |
| nexpaq | 0:6c56fb4bc5f0 | 1070 | mbedtls_pem_init( &pem ); |
| nexpaq | 0:6c56fb4bc5f0 | 1071 | |
| nexpaq | 0:6c56fb4bc5f0 | 1072 | #if defined(MBEDTLS_RSA_C) |
| nexpaq | 0:6c56fb4bc5f0 | 1073 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ |
| nexpaq | 0:6c56fb4bc5f0 | 1074 | if( keylen == 0 || key[keylen - 1] != '\0' ) |
| nexpaq | 0:6c56fb4bc5f0 | 1075 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; |
| nexpaq | 0:6c56fb4bc5f0 | 1076 | else |
| nexpaq | 0:6c56fb4bc5f0 | 1077 | ret = mbedtls_pem_read_buffer( &pem, |
| nexpaq | 0:6c56fb4bc5f0 | 1078 | "-----BEGIN RSA PRIVATE KEY-----", |
| nexpaq | 0:6c56fb4bc5f0 | 1079 | "-----END RSA PRIVATE KEY-----", |
| nexpaq | 0:6c56fb4bc5f0 | 1080 | key, pwd, pwdlen, &len ); |
| nexpaq | 0:6c56fb4bc5f0 | 1081 | |
| nexpaq | 0:6c56fb4bc5f0 | 1082 | if( ret == 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 1083 | { |
| nexpaq | 0:6c56fb4bc5f0 | 1084 | if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) |
| nexpaq | 0:6c56fb4bc5f0 | 1085 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); |
| nexpaq | 0:6c56fb4bc5f0 | 1086 | |
| nexpaq | 0:6c56fb4bc5f0 | 1087 | if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || |
| nexpaq | 0:6c56fb4bc5f0 | 1088 | ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), |
| nexpaq | 0:6c56fb4bc5f0 | 1089 | pem.buf, pem.buflen ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 1090 | { |
| nexpaq | 0:6c56fb4bc5f0 | 1091 | mbedtls_pk_free( pk ); |
| nexpaq | 0:6c56fb4bc5f0 | 1092 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1093 | |
| nexpaq | 0:6c56fb4bc5f0 | 1094 | mbedtls_pem_free( &pem ); |
| nexpaq | 0:6c56fb4bc5f0 | 1095 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 1096 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1097 | else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ) |
| nexpaq | 0:6c56fb4bc5f0 | 1098 | return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); |
| nexpaq | 0:6c56fb4bc5f0 | 1099 | else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ) |
| nexpaq | 0:6c56fb4bc5f0 | 1100 | return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); |
| nexpaq | 0:6c56fb4bc5f0 | 1101 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) |
| nexpaq | 0:6c56fb4bc5f0 | 1102 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 1103 | #endif /* MBEDTLS_RSA_C */ |
| nexpaq | 0:6c56fb4bc5f0 | 1104 | |
| nexpaq | 0:6c56fb4bc5f0 | 1105 | #if defined(MBEDTLS_ECP_C) |
| nexpaq | 0:6c56fb4bc5f0 | 1106 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ |
| nexpaq | 0:6c56fb4bc5f0 | 1107 | if( keylen == 0 || key[keylen - 1] != '\0' ) |
| nexpaq | 0:6c56fb4bc5f0 | 1108 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; |
| nexpaq | 0:6c56fb4bc5f0 | 1109 | else |
| nexpaq | 0:6c56fb4bc5f0 | 1110 | ret = mbedtls_pem_read_buffer( &pem, |
| nexpaq | 0:6c56fb4bc5f0 | 1111 | "-----BEGIN EC PRIVATE KEY-----", |
| nexpaq | 0:6c56fb4bc5f0 | 1112 | "-----END EC PRIVATE KEY-----", |
| nexpaq | 0:6c56fb4bc5f0 | 1113 | key, pwd, pwdlen, &len ); |
| nexpaq | 0:6c56fb4bc5f0 | 1114 | if( ret == 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 1115 | { |
| nexpaq | 0:6c56fb4bc5f0 | 1116 | if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL ) |
| nexpaq | 0:6c56fb4bc5f0 | 1117 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); |
| nexpaq | 0:6c56fb4bc5f0 | 1118 | |
| nexpaq | 0:6c56fb4bc5f0 | 1119 | if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || |
| nexpaq | 0:6c56fb4bc5f0 | 1120 | ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), |
| nexpaq | 0:6c56fb4bc5f0 | 1121 | pem.buf, pem.buflen ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 1122 | { |
| nexpaq | 0:6c56fb4bc5f0 | 1123 | mbedtls_pk_free( pk ); |
| nexpaq | 0:6c56fb4bc5f0 | 1124 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1125 | |
| nexpaq | 0:6c56fb4bc5f0 | 1126 | mbedtls_pem_free( &pem ); |
| nexpaq | 0:6c56fb4bc5f0 | 1127 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 1128 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1129 | else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ) |
| nexpaq | 0:6c56fb4bc5f0 | 1130 | return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); |
| nexpaq | 0:6c56fb4bc5f0 | 1131 | else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ) |
| nexpaq | 0:6c56fb4bc5f0 | 1132 | return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); |
| nexpaq | 0:6c56fb4bc5f0 | 1133 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) |
| nexpaq | 0:6c56fb4bc5f0 | 1134 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 1135 | #endif /* MBEDTLS_ECP_C */ |
| nexpaq | 0:6c56fb4bc5f0 | 1136 | |
| nexpaq | 0:6c56fb4bc5f0 | 1137 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ |
| nexpaq | 0:6c56fb4bc5f0 | 1138 | if( keylen == 0 || key[keylen - 1] != '\0' ) |
| nexpaq | 0:6c56fb4bc5f0 | 1139 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; |
| nexpaq | 0:6c56fb4bc5f0 | 1140 | else |
| nexpaq | 0:6c56fb4bc5f0 | 1141 | ret = mbedtls_pem_read_buffer( &pem, |
| nexpaq | 0:6c56fb4bc5f0 | 1142 | "-----BEGIN PRIVATE KEY-----", |
| nexpaq | 0:6c56fb4bc5f0 | 1143 | "-----END PRIVATE KEY-----", |
| nexpaq | 0:6c56fb4bc5f0 | 1144 | key, NULL, 0, &len ); |
| nexpaq | 0:6c56fb4bc5f0 | 1145 | if( ret == 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 1146 | { |
| nexpaq | 0:6c56fb4bc5f0 | 1147 | if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, |
| nexpaq | 0:6c56fb4bc5f0 | 1148 | pem.buf, pem.buflen ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 1149 | { |
| nexpaq | 0:6c56fb4bc5f0 | 1150 | mbedtls_pk_free( pk ); |
| nexpaq | 0:6c56fb4bc5f0 | 1151 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1152 | |
| nexpaq | 0:6c56fb4bc5f0 | 1153 | mbedtls_pem_free( &pem ); |
| nexpaq | 0:6c56fb4bc5f0 | 1154 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 1155 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1156 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) |
| nexpaq | 0:6c56fb4bc5f0 | 1157 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 1158 | |
| nexpaq | 0:6c56fb4bc5f0 | 1159 | #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) |
| nexpaq | 0:6c56fb4bc5f0 | 1160 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ |
| nexpaq | 0:6c56fb4bc5f0 | 1161 | if( keylen == 0 || key[keylen - 1] != '\0' ) |
| nexpaq | 0:6c56fb4bc5f0 | 1162 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; |
| nexpaq | 0:6c56fb4bc5f0 | 1163 | else |
| nexpaq | 0:6c56fb4bc5f0 | 1164 | ret = mbedtls_pem_read_buffer( &pem, |
| nexpaq | 0:6c56fb4bc5f0 | 1165 | "-----BEGIN ENCRYPTED PRIVATE KEY-----", |
| nexpaq | 0:6c56fb4bc5f0 | 1166 | "-----END ENCRYPTED PRIVATE KEY-----", |
| nexpaq | 0:6c56fb4bc5f0 | 1167 | key, NULL, 0, &len ); |
| nexpaq | 0:6c56fb4bc5f0 | 1168 | if( ret == 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 1169 | { |
| nexpaq | 0:6c56fb4bc5f0 | 1170 | if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, |
| nexpaq | 0:6c56fb4bc5f0 | 1171 | pem.buf, pem.buflen, |
| nexpaq | 0:6c56fb4bc5f0 | 1172 | pwd, pwdlen ) ) != 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 1173 | { |
| nexpaq | 0:6c56fb4bc5f0 | 1174 | mbedtls_pk_free( pk ); |
| nexpaq | 0:6c56fb4bc5f0 | 1175 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1176 | |
| nexpaq | 0:6c56fb4bc5f0 | 1177 | mbedtls_pem_free( &pem ); |
| nexpaq | 0:6c56fb4bc5f0 | 1178 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 1179 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1180 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) |
| nexpaq | 0:6c56fb4bc5f0 | 1181 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 1182 | #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ |
| nexpaq | 0:6c56fb4bc5f0 | 1183 | #else |
| nexpaq | 0:6c56fb4bc5f0 | 1184 | ((void) ret); |
| nexpaq | 0:6c56fb4bc5f0 | 1185 | ((void) pwd); |
| nexpaq | 0:6c56fb4bc5f0 | 1186 | ((void) pwdlen); |
| nexpaq | 0:6c56fb4bc5f0 | 1187 | #endif /* MBEDTLS_PEM_PARSE_C */ |
| nexpaq | 0:6c56fb4bc5f0 | 1188 | |
| nexpaq | 0:6c56fb4bc5f0 | 1189 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 1190 | * At this point we only know it's not a PEM formatted key. Could be any |
| nexpaq | 0:6c56fb4bc5f0 | 1191 | * of the known DER encoded private key formats |
| nexpaq | 0:6c56fb4bc5f0 | 1192 | * |
| nexpaq | 0:6c56fb4bc5f0 | 1193 | * We try the different DER format parsers to see if one passes without |
| nexpaq | 0:6c56fb4bc5f0 | 1194 | * error |
| nexpaq | 0:6c56fb4bc5f0 | 1195 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 1196 | #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) |
| nexpaq | 0:6c56fb4bc5f0 | 1197 | if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen, |
| nexpaq | 0:6c56fb4bc5f0 | 1198 | pwd, pwdlen ) ) == 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 1199 | { |
| nexpaq | 0:6c56fb4bc5f0 | 1200 | return( 0 ); |
| nexpaq | 0:6c56fb4bc5f0 | 1201 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1202 | |
| nexpaq | 0:6c56fb4bc5f0 | 1203 | mbedtls_pk_free( pk ); |
| nexpaq | 0:6c56fb4bc5f0 | 1204 | |
| nexpaq | 0:6c56fb4bc5f0 | 1205 | if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH ) |
| nexpaq | 0:6c56fb4bc5f0 | 1206 | { |
| nexpaq | 0:6c56fb4bc5f0 | 1207 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 1208 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1209 | #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ |
| nexpaq | 0:6c56fb4bc5f0 | 1210 | |
| nexpaq | 0:6c56fb4bc5f0 | 1211 | if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 1212 | return( 0 ); |
| nexpaq | 0:6c56fb4bc5f0 | 1213 | |
| nexpaq | 0:6c56fb4bc5f0 | 1214 | mbedtls_pk_free( pk ); |
| nexpaq | 0:6c56fb4bc5f0 | 1215 | |
| nexpaq | 0:6c56fb4bc5f0 | 1216 | #if defined(MBEDTLS_RSA_C) |
| nexpaq | 0:6c56fb4bc5f0 | 1217 | if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) |
| nexpaq | 0:6c56fb4bc5f0 | 1218 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); |
| nexpaq | 0:6c56fb4bc5f0 | 1219 | |
| nexpaq | 0:6c56fb4bc5f0 | 1220 | if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || |
| nexpaq | 0:6c56fb4bc5f0 | 1221 | ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) ) == 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 1222 | { |
| nexpaq | 0:6c56fb4bc5f0 | 1223 | return( 0 ); |
| nexpaq | 0:6c56fb4bc5f0 | 1224 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1225 | |
| nexpaq | 0:6c56fb4bc5f0 | 1226 | mbedtls_pk_free( pk ); |
| nexpaq | 0:6c56fb4bc5f0 | 1227 | #endif /* MBEDTLS_RSA_C */ |
| nexpaq | 0:6c56fb4bc5f0 | 1228 | |
| nexpaq | 0:6c56fb4bc5f0 | 1229 | #if defined(MBEDTLS_ECP_C) |
| nexpaq | 0:6c56fb4bc5f0 | 1230 | if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL ) |
| nexpaq | 0:6c56fb4bc5f0 | 1231 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); |
| nexpaq | 0:6c56fb4bc5f0 | 1232 | |
| nexpaq | 0:6c56fb4bc5f0 | 1233 | if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || |
| nexpaq | 0:6c56fb4bc5f0 | 1234 | ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), key, keylen ) ) == 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 1235 | { |
| nexpaq | 0:6c56fb4bc5f0 | 1236 | return( 0 ); |
| nexpaq | 0:6c56fb4bc5f0 | 1237 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1238 | |
| nexpaq | 0:6c56fb4bc5f0 | 1239 | mbedtls_pk_free( pk ); |
| nexpaq | 0:6c56fb4bc5f0 | 1240 | #endif /* MBEDTLS_ECP_C */ |
| nexpaq | 0:6c56fb4bc5f0 | 1241 | |
| nexpaq | 0:6c56fb4bc5f0 | 1242 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); |
| nexpaq | 0:6c56fb4bc5f0 | 1243 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1244 | |
| nexpaq | 0:6c56fb4bc5f0 | 1245 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 1246 | * Parse a public key |
| nexpaq | 0:6c56fb4bc5f0 | 1247 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 1248 | int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, |
| nexpaq | 0:6c56fb4bc5f0 | 1249 | const unsigned char *key, size_t keylen ) |
| nexpaq | 0:6c56fb4bc5f0 | 1250 | { |
| nexpaq | 0:6c56fb4bc5f0 | 1251 | int ret; |
| nexpaq | 0:6c56fb4bc5f0 | 1252 | unsigned char *p; |
| nexpaq | 0:6c56fb4bc5f0 | 1253 | #if defined(MBEDTLS_PEM_PARSE_C) |
| nexpaq | 0:6c56fb4bc5f0 | 1254 | size_t len; |
| nexpaq | 0:6c56fb4bc5f0 | 1255 | mbedtls_pem_context pem; |
| nexpaq | 0:6c56fb4bc5f0 | 1256 | |
| nexpaq | 0:6c56fb4bc5f0 | 1257 | mbedtls_pem_init( &pem ); |
| nexpaq | 0:6c56fb4bc5f0 | 1258 | |
| nexpaq | 0:6c56fb4bc5f0 | 1259 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ |
| nexpaq | 0:6c56fb4bc5f0 | 1260 | if( keylen == 0 || key[keylen - 1] != '\0' ) |
| nexpaq | 0:6c56fb4bc5f0 | 1261 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; |
| nexpaq | 0:6c56fb4bc5f0 | 1262 | else |
| nexpaq | 0:6c56fb4bc5f0 | 1263 | ret = mbedtls_pem_read_buffer( &pem, |
| nexpaq | 0:6c56fb4bc5f0 | 1264 | "-----BEGIN PUBLIC KEY-----", |
| nexpaq | 0:6c56fb4bc5f0 | 1265 | "-----END PUBLIC KEY-----", |
| nexpaq | 0:6c56fb4bc5f0 | 1266 | key, NULL, 0, &len ); |
| nexpaq | 0:6c56fb4bc5f0 | 1267 | |
| nexpaq | 0:6c56fb4bc5f0 | 1268 | if( ret == 0 ) |
| nexpaq | 0:6c56fb4bc5f0 | 1269 | { |
| nexpaq | 0:6c56fb4bc5f0 | 1270 | /* |
| nexpaq | 0:6c56fb4bc5f0 | 1271 | * Was PEM encoded |
| nexpaq | 0:6c56fb4bc5f0 | 1272 | */ |
| nexpaq | 0:6c56fb4bc5f0 | 1273 | key = pem.buf; |
| nexpaq | 0:6c56fb4bc5f0 | 1274 | keylen = pem.buflen; |
| nexpaq | 0:6c56fb4bc5f0 | 1275 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1276 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) |
| nexpaq | 0:6c56fb4bc5f0 | 1277 | { |
| nexpaq | 0:6c56fb4bc5f0 | 1278 | mbedtls_pem_free( &pem ); |
| nexpaq | 0:6c56fb4bc5f0 | 1279 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 1280 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1281 | #endif /* MBEDTLS_PEM_PARSE_C */ |
| nexpaq | 0:6c56fb4bc5f0 | 1282 | p = (unsigned char *) key; |
| nexpaq | 0:6c56fb4bc5f0 | 1283 | |
| nexpaq | 0:6c56fb4bc5f0 | 1284 | ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx ); |
| nexpaq | 0:6c56fb4bc5f0 | 1285 | |
| nexpaq | 0:6c56fb4bc5f0 | 1286 | #if defined(MBEDTLS_PEM_PARSE_C) |
| nexpaq | 0:6c56fb4bc5f0 | 1287 | mbedtls_pem_free( &pem ); |
| nexpaq | 0:6c56fb4bc5f0 | 1288 | #endif |
| nexpaq | 0:6c56fb4bc5f0 | 1289 | |
| nexpaq | 0:6c56fb4bc5f0 | 1290 | return( ret ); |
| nexpaq | 0:6c56fb4bc5f0 | 1291 | } |
| nexpaq | 0:6c56fb4bc5f0 | 1292 | |
| nexpaq | 0:6c56fb4bc5f0 | 1293 | #endif /* MBEDTLS_PK_PARSE_C */ |