1 | /*
|
---|
2 | * Public Key layer for parsing key files and structures
|
---|
3 | *
|
---|
4 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
---|
5 | * SPDX-License-Identifier: Apache-2.0
|
---|
6 | *
|
---|
7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
|
---|
8 | * not use this file except in compliance with the License.
|
---|
9 | * You may obtain a copy of the License at
|
---|
10 | *
|
---|
11 | * http://www.apache.org/licenses/LICENSE-2.0
|
---|
12 | *
|
---|
13 | * Unless required by applicable law or agreed to in writing, software
|
---|
14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
---|
15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
---|
16 | * See the License for the specific language governing permissions and
|
---|
17 | * limitations under the License.
|
---|
18 | *
|
---|
19 | * This file is part of mbed TLS (https://tls.mbed.org)
|
---|
20 | */
|
---|
21 |
|
---|
22 | #if !defined(MBEDTLS_CONFIG_FILE)
|
---|
23 | #include "mbedtls/config.h"
|
---|
24 | #else
|
---|
25 | #include MBEDTLS_CONFIG_FILE
|
---|
26 | #endif
|
---|
27 |
|
---|
28 | #if defined(MBEDTLS_PK_PARSE_C)
|
---|
29 |
|
---|
30 | #include "mbedtls/pk.h"
|
---|
31 | #include "mbedtls/asn1.h"
|
---|
32 | #include "mbedtls/oid.h"
|
---|
33 | #include "mbedtls/platform_util.h"
|
---|
34 |
|
---|
35 | #include <string.h>
|
---|
36 |
|
---|
37 | #if defined(MBEDTLS_RSA_C)
|
---|
38 | #include "mbedtls/rsa.h"
|
---|
39 | #endif
|
---|
40 | #if defined(MBEDTLS_ECP_C)
|
---|
41 | #include "mbedtls/ecp.h"
|
---|
42 | #endif
|
---|
43 | #if defined(MBEDTLS_ECDSA_C)
|
---|
44 | #include "mbedtls/ecdsa.h"
|
---|
45 | #endif
|
---|
46 | #if defined(MBEDTLS_PEM_PARSE_C)
|
---|
47 | #include "mbedtls/pem.h"
|
---|
48 | #endif
|
---|
49 | #if defined(MBEDTLS_PKCS5_C)
|
---|
50 | #include "mbedtls/pkcs5.h"
|
---|
51 | #endif
|
---|
52 | #if defined(MBEDTLS_PKCS12_C)
|
---|
53 | #include "mbedtls/pkcs12.h"
|
---|
54 | #endif
|
---|
55 |
|
---|
56 | #if defined(MBEDTLS_PLATFORM_C)
|
---|
57 | #include "mbedtls/platform.h"
|
---|
58 | #else
|
---|
59 | #include <stdlib.h>
|
---|
60 | #define mbedtls_calloc calloc
|
---|
61 | #define mbedtls_free free
|
---|
62 | #endif
|
---|
63 |
|
---|
64 | /* Parameter validation macros based on platform_util.h */
|
---|
65 | #define PK_VALIDATE_RET( cond ) \
|
---|
66 | MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
|
---|
67 | #define PK_VALIDATE( cond ) \
|
---|
68 | MBEDTLS_INTERNAL_VALIDATE( cond )
|
---|
69 |
|
---|
70 | #if defined(MBEDTLS_FS_IO)
|
---|
71 | /*
|
---|
72 | * Load all data from a file into a given buffer.
|
---|
73 | *
|
---|
74 | * The file is expected to contain either PEM or DER encoded data.
|
---|
75 | * A terminating null byte is always appended. It is included in the announced
|
---|
76 | * length only if the data looks like it is PEM encoded.
|
---|
77 | */
|
---|
78 | int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
|
---|
79 | {
|
---|
80 | FILE *f;
|
---|
81 | long size;
|
---|
82 |
|
---|
83 | PK_VALIDATE_RET( path != NULL );
|
---|
84 | PK_VALIDATE_RET( buf != NULL );
|
---|
85 | PK_VALIDATE_RET( n != NULL );
|
---|
86 |
|
---|
87 | if( ( f = fopen( path, "rb" ) ) == NULL )
|
---|
88 | return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
|
---|
89 |
|
---|
90 | fseek( f, 0, SEEK_END );
|
---|
91 | if( ( size = ftell( f ) ) == -1 )
|
---|
92 | {
|
---|
93 | fclose( f );
|
---|
94 | return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
|
---|
95 | }
|
---|
96 | fseek( f, 0, SEEK_SET );
|
---|
97 |
|
---|
98 | *n = (size_t) size;
|
---|
99 |
|
---|
100 | if( *n + 1 == 0 ||
|
---|
101 | ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
|
---|
102 | {
|
---|
103 | fclose( f );
|
---|
104 | return( MBEDTLS_ERR_PK_ALLOC_FAILED );
|
---|
105 | }
|
---|
106 |
|
---|
107 | if( fread( *buf, 1, *n, f ) != *n )
|
---|
108 | {
|
---|
109 | fclose( f );
|
---|
110 |
|
---|
111 | mbedtls_platform_zeroize( *buf, *n );
|
---|
112 | mbedtls_free( *buf );
|
---|
113 |
|
---|
114 | return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
|
---|
115 | }
|
---|
116 |
|
---|
117 | fclose( f );
|
---|
118 |
|
---|
119 | (*buf)[*n] = '\0';
|
---|
120 |
|
---|
121 | if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
|
---|
122 | ++*n;
|
---|
123 |
|
---|
124 | return( 0 );
|
---|
125 | }
|
---|
126 |
|
---|
127 | /*
|
---|
128 | * Load and parse a private key
|
---|
129 | */
|
---|
130 | int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
|
---|
131 | const char *path, const char *pwd )
|
---|
132 | {
|
---|
133 | int ret;
|
---|
134 | size_t n;
|
---|
135 | unsigned char *buf;
|
---|
136 |
|
---|
137 | PK_VALIDATE_RET( ctx != NULL );
|
---|
138 | PK_VALIDATE_RET( path != NULL );
|
---|
139 |
|
---|
140 | if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
|
---|
141 | return( ret );
|
---|
142 |
|
---|
143 | if( pwd == NULL )
|
---|
144 | ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 );
|
---|
145 | else
|
---|
146 | ret = mbedtls_pk_parse_key( ctx, buf, n,
|
---|
147 | (const unsigned char *) pwd, strlen( pwd ) );
|
---|
148 |
|
---|
149 | mbedtls_platform_zeroize( buf, n );
|
---|
150 | mbedtls_free( buf );
|
---|
151 |
|
---|
152 | return( ret );
|
---|
153 | }
|
---|
154 |
|
---|
155 | /*
|
---|
156 | * Load and parse a public key
|
---|
157 | */
|
---|
158 | int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
|
---|
159 | {
|
---|
160 | int ret;
|
---|
161 | size_t n;
|
---|
162 | unsigned char *buf;
|
---|
163 |
|
---|
164 | PK_VALIDATE_RET( ctx != NULL );
|
---|
165 | PK_VALIDATE_RET( path != NULL );
|
---|
166 |
|
---|
167 | if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
|
---|
168 | return( ret );
|
---|
169 |
|
---|
170 | ret = mbedtls_pk_parse_public_key( ctx, buf, n );
|
---|
171 |
|
---|
172 | mbedtls_platform_zeroize( buf, n );
|
---|
173 | mbedtls_free( buf );
|
---|
174 |
|
---|
175 | return( ret );
|
---|
176 | }
|
---|
177 | #endif /* MBEDTLS_FS_IO */
|
---|
178 |
|
---|
179 | #if defined(MBEDTLS_ECP_C)
|
---|
180 | /* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf
|
---|
181 | *
|
---|
182 | * ECParameters ::= CHOICE {
|
---|
183 | * namedCurve OBJECT IDENTIFIER
|
---|
184 | * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
|
---|
185 | * -- implicitCurve NULL
|
---|
186 | * }
|
---|
187 | */
|
---|
188 | static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
|
---|
189 | mbedtls_asn1_buf *params )
|
---|
190 | {
|
---|
191 | int ret;
|
---|
192 |
|
---|
193 | if ( end - *p < 1 )
|
---|
194 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
|
---|
195 | MBEDTLS_ERR_ASN1_OUT_OF_DATA );
|
---|
196 |
|
---|
197 | /* Tag may be either OID or SEQUENCE */
|
---|
198 | params->tag = **p;
|
---|
199 | if( params->tag != MBEDTLS_ASN1_OID
|
---|
200 | #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
|
---|
201 | && params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE )
|
---|
202 | #endif
|
---|
203 | )
|
---|
204 | {
|
---|
205 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
|
---|
206 | MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
|
---|
207 | }
|
---|
208 |
|
---|
209 | if( ( ret = mbedtls_asn1_get_tag( p, end, ¶ms->len, params->tag ) ) != 0 )
|
---|
210 | {
|
---|
211 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
212 | }
|
---|
213 |
|
---|
214 | params->p = *p;
|
---|
215 | *p += params->len;
|
---|
216 |
|
---|
217 | if( *p != end )
|
---|
218 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
|
---|
219 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
220 |
|
---|
221 | return( 0 );
|
---|
222 | }
|
---|
223 |
|
---|
224 | #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
|
---|
225 | /*
|
---|
226 | * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it.
|
---|
227 | * WARNING: the resulting group should only be used with
|
---|
228 | * pk_group_id_from_specified(), since its base point may not be set correctly
|
---|
229 | * if it was encoded compressed.
|
---|
230 | *
|
---|
231 | * SpecifiedECDomain ::= SEQUENCE {
|
---|
232 | * version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...),
|
---|
233 | * fieldID FieldID {{FieldTypes}},
|
---|
234 | * curve Curve,
|
---|
235 | * base ECPoint,
|
---|
236 | * order INTEGER,
|
---|
237 | * cofactor INTEGER OPTIONAL,
|
---|
238 | * hash HashAlgorithm OPTIONAL,
|
---|
239 | * ...
|
---|
240 | * }
|
---|
241 | *
|
---|
242 | * We only support prime-field as field type, and ignore hash and cofactor.
|
---|
243 | */
|
---|
244 | static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
|
---|
245 | {
|
---|
246 | int ret;
|
---|
247 | unsigned char *p = params->p;
|
---|
248 | const unsigned char * const end = params->p + params->len;
|
---|
249 | const unsigned char *end_field, *end_curve;
|
---|
250 | size_t len;
|
---|
251 | int ver;
|
---|
252 |
|
---|
253 | /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */
|
---|
254 | if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 )
|
---|
255 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
256 |
|
---|
257 | if( ver < 1 || ver > 3 )
|
---|
258 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
---|
259 |
|
---|
260 | /*
|
---|
261 | * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field
|
---|
262 | * fieldType FIELD-ID.&id({IOSet}),
|
---|
263 | * parameters FIELD-ID.&Type({IOSet}{@fieldType})
|
---|
264 | * }
|
---|
265 | */
|
---|
266 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
267 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
268 | return( ret );
|
---|
269 |
|
---|
270 | end_field = p + len;
|
---|
271 |
|
---|
272 | /*
|
---|
273 | * FIELD-ID ::= TYPE-IDENTIFIER
|
---|
274 | * FieldTypes FIELD-ID ::= {
|
---|
275 | * { Prime-p IDENTIFIED BY prime-field } |
|
---|
276 | * { Characteristic-two IDENTIFIED BY characteristic-two-field }
|
---|
277 | * }
|
---|
278 | * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
|
---|
279 | */
|
---|
280 | if( ( ret = mbedtls_asn1_get_tag( &p, end_field, &len, MBEDTLS_ASN1_OID ) ) != 0 )
|
---|
281 | return( ret );
|
---|
282 |
|
---|
283 | if( len != MBEDTLS_OID_SIZE( MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD ) ||
|
---|
284 | memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
|
---|
285 | {
|
---|
286 | return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
---|
287 | }
|
---|
288 |
|
---|
289 | p += len;
|
---|
290 |
|
---|
291 | /* Prime-p ::= INTEGER -- Field of size p. */
|
---|
292 | if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 )
|
---|
293 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
294 |
|
---|
295 | grp->pbits = mbedtls_mpi_bitlen( &grp->P );
|
---|
296 |
|
---|
297 | if( p != end_field )
|
---|
298 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
|
---|
299 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
300 |
|
---|
301 | /*
|
---|
302 | * Curve ::= SEQUENCE {
|
---|
303 | * a FieldElement,
|
---|
304 | * b FieldElement,
|
---|
305 | * seed BIT STRING OPTIONAL
|
---|
306 | * -- Shall be present if used in SpecifiedECDomain
|
---|
307 | * -- with version equal to ecdpVer2 or ecdpVer3
|
---|
308 | * }
|
---|
309 | */
|
---|
310 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
311 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
312 | return( ret );
|
---|
313 |
|
---|
314 | end_curve = p + len;
|
---|
315 |
|
---|
316 | /*
|
---|
317 | * FieldElement ::= OCTET STRING
|
---|
318 | * containing an integer in the case of a prime field
|
---|
319 | */
|
---|
320 | if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
|
---|
321 | ( ret = mbedtls_mpi_read_binary( &grp->A, p, len ) ) != 0 )
|
---|
322 | {
|
---|
323 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
324 | }
|
---|
325 |
|
---|
326 | p += len;
|
---|
327 |
|
---|
328 | if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
|
---|
329 | ( ret = mbedtls_mpi_read_binary( &grp->B, p, len ) ) != 0 )
|
---|
330 | {
|
---|
331 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
332 | }
|
---|
333 |
|
---|
334 | p += len;
|
---|
335 |
|
---|
336 | /* Ignore seed BIT STRING OPTIONAL */
|
---|
337 | if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING ) ) == 0 )
|
---|
338 | p += len;
|
---|
339 |
|
---|
340 | if( p != end_curve )
|
---|
341 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
|
---|
342 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
343 |
|
---|
344 | /*
|
---|
345 | * ECPoint ::= OCTET STRING
|
---|
346 | */
|
---|
347 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
|
---|
348 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
349 |
|
---|
350 | if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G,
|
---|
351 | ( const unsigned char *) p, len ) ) != 0 )
|
---|
352 | {
|
---|
353 | /*
|
---|
354 | * If we can't read the point because it's compressed, cheat by
|
---|
355 | * reading only the X coordinate and the parity bit of Y.
|
---|
356 | */
|
---|
357 | if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ||
|
---|
358 | ( p[0] != 0x02 && p[0] != 0x03 ) ||
|
---|
359 | len != mbedtls_mpi_size( &grp->P ) + 1 ||
|
---|
360 | mbedtls_mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 ||
|
---|
361 | mbedtls_mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 ||
|
---|
362 | mbedtls_mpi_lset( &grp->G.Z, 1 ) != 0 )
|
---|
363 | {
|
---|
364 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
---|
365 | }
|
---|
366 | }
|
---|
367 |
|
---|
368 | p += len;
|
---|
369 |
|
---|
370 | /*
|
---|
371 | * order INTEGER
|
---|
372 | */
|
---|
373 | if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 )
|
---|
374 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
375 |
|
---|
376 | grp->nbits = mbedtls_mpi_bitlen( &grp->N );
|
---|
377 |
|
---|
378 | /*
|
---|
379 | * Allow optional elements by purposefully not enforcing p == end here.
|
---|
380 | */
|
---|
381 |
|
---|
382 | return( 0 );
|
---|
383 | }
|
---|
384 |
|
---|
385 | /*
|
---|
386 | * Find the group id associated with an (almost filled) group as generated by
|
---|
387 | * pk_group_from_specified(), or return an error if unknown.
|
---|
388 | */
|
---|
389 | static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id )
|
---|
390 | {
|
---|
391 | int ret = 0;
|
---|
392 | mbedtls_ecp_group ref;
|
---|
393 | const mbedtls_ecp_group_id *id;
|
---|
394 |
|
---|
395 | mbedtls_ecp_group_init( &ref );
|
---|
396 |
|
---|
397 | for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ )
|
---|
398 | {
|
---|
399 | /* Load the group associated to that id */
|
---|
400 | mbedtls_ecp_group_free( &ref );
|
---|
401 | MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ref, *id ) );
|
---|
402 |
|
---|
403 | /* Compare to the group we were given, starting with easy tests */
|
---|
404 | if( grp->pbits == ref.pbits && grp->nbits == ref.nbits &&
|
---|
405 | mbedtls_mpi_cmp_mpi( &grp->P, &ref.P ) == 0 &&
|
---|
406 | mbedtls_mpi_cmp_mpi( &grp->A, &ref.A ) == 0 &&
|
---|
407 | mbedtls_mpi_cmp_mpi( &grp->B, &ref.B ) == 0 &&
|
---|
408 | mbedtls_mpi_cmp_mpi( &grp->N, &ref.N ) == 0 &&
|
---|
409 | mbedtls_mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 &&
|
---|
410 | mbedtls_mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 &&
|
---|
411 | /* For Y we may only know the parity bit, so compare only that */
|
---|
412 | mbedtls_mpi_get_bit( &grp->G.Y, 0 ) == mbedtls_mpi_get_bit( &ref.G.Y, 0 ) )
|
---|
413 | {
|
---|
414 | break;
|
---|
415 | }
|
---|
416 |
|
---|
417 | }
|
---|
418 |
|
---|
419 | cleanup:
|
---|
420 | mbedtls_ecp_group_free( &ref );
|
---|
421 |
|
---|
422 | *grp_id = *id;
|
---|
423 |
|
---|
424 | if( ret == 0 && *id == MBEDTLS_ECP_DP_NONE )
|
---|
425 | ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
|
---|
426 |
|
---|
427 | return( ret );
|
---|
428 | }
|
---|
429 |
|
---|
430 | /*
|
---|
431 | * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID
|
---|
432 | */
|
---|
433 | static int pk_group_id_from_specified( const mbedtls_asn1_buf *params,
|
---|
434 | mbedtls_ecp_group_id *grp_id )
|
---|
435 | {
|
---|
436 | int ret;
|
---|
437 | mbedtls_ecp_group grp;
|
---|
438 |
|
---|
439 | mbedtls_ecp_group_init( &grp );
|
---|
440 |
|
---|
441 | if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 )
|
---|
442 | goto cleanup;
|
---|
443 |
|
---|
444 | ret = pk_group_id_from_group( &grp, grp_id );
|
---|
445 |
|
---|
446 | cleanup:
|
---|
447 | mbedtls_ecp_group_free( &grp );
|
---|
448 |
|
---|
449 | return( ret );
|
---|
450 | }
|
---|
451 | #endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
|
---|
452 |
|
---|
453 | /*
|
---|
454 | * Use EC parameters to initialise an EC group
|
---|
455 | *
|
---|
456 | * ECParameters ::= CHOICE {
|
---|
457 | * namedCurve OBJECT IDENTIFIER
|
---|
458 | * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
|
---|
459 | * -- implicitCurve NULL
|
---|
460 | */
|
---|
461 | static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
|
---|
462 | {
|
---|
463 | int ret;
|
---|
464 | mbedtls_ecp_group_id grp_id;
|
---|
465 |
|
---|
466 | if( params->tag == MBEDTLS_ASN1_OID )
|
---|
467 | {
|
---|
468 | if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 )
|
---|
469 | return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE );
|
---|
470 | }
|
---|
471 | else
|
---|
472 | {
|
---|
473 | #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
|
---|
474 | if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 )
|
---|
475 | return( ret );
|
---|
476 | #else
|
---|
477 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
---|
478 | #endif
|
---|
479 | }
|
---|
480 |
|
---|
481 | /*
|
---|
482 | * grp may already be initilialized; if so, make sure IDs match
|
---|
483 | */
|
---|
484 | if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id )
|
---|
485 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
---|
486 |
|
---|
487 | if( ( ret = mbedtls_ecp_group_load( grp, grp_id ) ) != 0 )
|
---|
488 | return( ret );
|
---|
489 |
|
---|
490 | return( 0 );
|
---|
491 | }
|
---|
492 |
|
---|
493 | /*
|
---|
494 | * EC public key is an EC point
|
---|
495 | *
|
---|
496 | * The caller is responsible for clearing the structure upon failure if
|
---|
497 | * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE
|
---|
498 | * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state.
|
---|
499 | */
|
---|
500 | static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
|
---|
501 | mbedtls_ecp_keypair *key )
|
---|
502 | {
|
---|
503 | int ret;
|
---|
504 |
|
---|
505 | if( ( ret = mbedtls_ecp_point_read_binary( &key->grp, &key->Q,
|
---|
506 | (const unsigned char *) *p, end - *p ) ) == 0 )
|
---|
507 | {
|
---|
508 | ret = mbedtls_ecp_check_pubkey( &key->grp, &key->Q );
|
---|
509 | }
|
---|
510 |
|
---|
511 | /*
|
---|
512 | * We know mbedtls_ecp_point_read_binary consumed all bytes or failed
|
---|
513 | */
|
---|
514 | *p = (unsigned char *) end;
|
---|
515 |
|
---|
516 | return( ret );
|
---|
517 | }
|
---|
518 | #endif /* MBEDTLS_ECP_C */
|
---|
519 |
|
---|
520 | #if defined(MBEDTLS_RSA_C)
|
---|
521 | /*
|
---|
522 | * RSAPublicKey ::= SEQUENCE {
|
---|
523 | * modulus INTEGER, -- n
|
---|
524 | * publicExponent INTEGER -- e
|
---|
525 | * }
|
---|
526 | */
|
---|
527 | static int pk_get_rsapubkey( unsigned char **p,
|
---|
528 | const unsigned char *end,
|
---|
529 | mbedtls_rsa_context *rsa )
|
---|
530 | {
|
---|
531 | int ret;
|
---|
532 | size_t len;
|
---|
533 |
|
---|
534 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
|
---|
535 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
536 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
|
---|
537 |
|
---|
538 | if( *p + len != end )
|
---|
539 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
|
---|
540 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
541 |
|
---|
542 | /* Import N */
|
---|
543 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
|
---|
544 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
|
---|
545 |
|
---|
546 | if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0,
|
---|
547 | NULL, 0, NULL, 0 ) ) != 0 )
|
---|
548 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
|
---|
549 |
|
---|
550 | *p += len;
|
---|
551 |
|
---|
552 | /* Import E */
|
---|
553 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
|
---|
554 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
|
---|
555 |
|
---|
556 | if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
|
---|
557 | NULL, 0, *p, len ) ) != 0 )
|
---|
558 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
|
---|
559 |
|
---|
560 | *p += len;
|
---|
561 |
|
---|
562 | if( mbedtls_rsa_complete( rsa ) != 0 ||
|
---|
563 | mbedtls_rsa_check_pubkey( rsa ) != 0 )
|
---|
564 | {
|
---|
565 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
|
---|
566 | }
|
---|
567 |
|
---|
568 | if( *p != end )
|
---|
569 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
|
---|
570 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
571 |
|
---|
572 | return( 0 );
|
---|
573 | }
|
---|
574 | #endif /* MBEDTLS_RSA_C */
|
---|
575 |
|
---|
576 | /* Get a PK algorithm identifier
|
---|
577 | *
|
---|
578 | * AlgorithmIdentifier ::= SEQUENCE {
|
---|
579 | * algorithm OBJECT IDENTIFIER,
|
---|
580 | * parameters ANY DEFINED BY algorithm OPTIONAL }
|
---|
581 | */
|
---|
582 | static int pk_get_pk_alg( unsigned char **p,
|
---|
583 | const unsigned char *end,
|
---|
584 | mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params )
|
---|
585 | {
|
---|
586 | int ret;
|
---|
587 | mbedtls_asn1_buf alg_oid;
|
---|
588 |
|
---|
589 | memset( params, 0, sizeof(mbedtls_asn1_buf) );
|
---|
590 |
|
---|
591 | if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
|
---|
592 | return( MBEDTLS_ERR_PK_INVALID_ALG + ret );
|
---|
593 |
|
---|
594 | if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 )
|
---|
595 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
---|
596 |
|
---|
597 | /*
|
---|
598 | * No parameters with RSA (only for EC)
|
---|
599 | */
|
---|
600 | if( *pk_alg == MBEDTLS_PK_RSA &&
|
---|
601 | ( ( params->tag != MBEDTLS_ASN1_NULL && params->tag != 0 ) ||
|
---|
602 | params->len != 0 ) )
|
---|
603 | {
|
---|
604 | return( MBEDTLS_ERR_PK_INVALID_ALG );
|
---|
605 | }
|
---|
606 |
|
---|
607 | return( 0 );
|
---|
608 | }
|
---|
609 |
|
---|
610 | /*
|
---|
611 | * SubjectPublicKeyInfo ::= SEQUENCE {
|
---|
612 | * algorithm AlgorithmIdentifier,
|
---|
613 | * subjectPublicKey BIT STRING }
|
---|
614 | */
|
---|
615 | int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
|
---|
616 | mbedtls_pk_context *pk )
|
---|
617 | {
|
---|
618 | int ret;
|
---|
619 | size_t len;
|
---|
620 | mbedtls_asn1_buf alg_params;
|
---|
621 | mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
|
---|
622 | const mbedtls_pk_info_t *pk_info;
|
---|
623 |
|
---|
624 | PK_VALIDATE_RET( p != NULL );
|
---|
625 | PK_VALIDATE_RET( *p != NULL );
|
---|
626 | PK_VALIDATE_RET( end != NULL );
|
---|
627 | PK_VALIDATE_RET( pk != NULL );
|
---|
628 |
|
---|
629 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
|
---|
630 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
631 | {
|
---|
632 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
633 | }
|
---|
634 |
|
---|
635 | end = *p + len;
|
---|
636 |
|
---|
637 | if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
|
---|
638 | return( ret );
|
---|
639 |
|
---|
640 | if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
|
---|
641 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
|
---|
642 |
|
---|
643 | if( *p + len != end )
|
---|
644 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
|
---|
645 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
646 |
|
---|
647 | if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
|
---|
648 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
---|
649 |
|
---|
650 | if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
|
---|
651 | return( ret );
|
---|
652 |
|
---|
653 | #if defined(MBEDTLS_RSA_C)
|
---|
654 | if( pk_alg == MBEDTLS_PK_RSA )
|
---|
655 | {
|
---|
656 | ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) );
|
---|
657 | } else
|
---|
658 | #endif /* MBEDTLS_RSA_C */
|
---|
659 | #if defined(MBEDTLS_ECP_C)
|
---|
660 | if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY )
|
---|
661 | {
|
---|
662 | ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp );
|
---|
663 | if( ret == 0 )
|
---|
664 | ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) );
|
---|
665 | } else
|
---|
666 | #endif /* MBEDTLS_ECP_C */
|
---|
667 | ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
|
---|
668 |
|
---|
669 | if( ret == 0 && *p != end )
|
---|
670 | ret = MBEDTLS_ERR_PK_INVALID_PUBKEY
|
---|
671 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
|
---|
672 |
|
---|
673 | if( ret != 0 )
|
---|
674 | mbedtls_pk_free( pk );
|
---|
675 |
|
---|
676 | return( ret );
|
---|
677 | }
|
---|
678 |
|
---|
679 | #if defined(MBEDTLS_RSA_C)
|
---|
680 | /*
|
---|
681 | * Parse a PKCS#1 encoded private RSA key
|
---|
682 | */
|
---|
683 | static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
|
---|
684 | const unsigned char *key,
|
---|
685 | size_t keylen )
|
---|
686 | {
|
---|
687 | int ret, version;
|
---|
688 | size_t len;
|
---|
689 | unsigned char *p, *end;
|
---|
690 |
|
---|
691 | mbedtls_mpi T;
|
---|
692 | mbedtls_mpi_init( &T );
|
---|
693 |
|
---|
694 | p = (unsigned char *) key;
|
---|
695 | end = p + keylen;
|
---|
696 |
|
---|
697 | /*
|
---|
698 | * This function parses the RSAPrivateKey (PKCS#1)
|
---|
699 | *
|
---|
700 | * RSAPrivateKey ::= SEQUENCE {
|
---|
701 | * version Version,
|
---|
702 | * modulus INTEGER, -- n
|
---|
703 | * publicExponent INTEGER, -- e
|
---|
704 | * privateExponent INTEGER, -- d
|
---|
705 | * prime1 INTEGER, -- p
|
---|
706 | * prime2 INTEGER, -- q
|
---|
707 | * exponent1 INTEGER, -- d mod (p-1)
|
---|
708 | * exponent2 INTEGER, -- d mod (q-1)
|
---|
709 | * coefficient INTEGER, -- (inverse of q) mod p
|
---|
710 | * otherPrimeInfos OtherPrimeInfos OPTIONAL
|
---|
711 | * }
|
---|
712 | */
|
---|
713 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
714 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
715 | {
|
---|
716 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
717 | }
|
---|
718 |
|
---|
719 | end = p + len;
|
---|
720 |
|
---|
721 | if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
|
---|
722 | {
|
---|
723 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
724 | }
|
---|
725 |
|
---|
726 | if( version != 0 )
|
---|
727 | {
|
---|
728 | return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
|
---|
729 | }
|
---|
730 |
|
---|
731 | /* Import N */
|
---|
732 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
733 | MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
---|
734 | ( ret = mbedtls_rsa_import_raw( rsa, p, len, NULL, 0, NULL, 0,
|
---|
735 | NULL, 0, NULL, 0 ) ) != 0 )
|
---|
736 | goto cleanup;
|
---|
737 | p += len;
|
---|
738 |
|
---|
739 | /* Import E */
|
---|
740 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
741 | MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
---|
742 | ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
|
---|
743 | NULL, 0, p, len ) ) != 0 )
|
---|
744 | goto cleanup;
|
---|
745 | p += len;
|
---|
746 |
|
---|
747 | /* Import D */
|
---|
748 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
749 | MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
---|
750 | ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
|
---|
751 | p, len, NULL, 0 ) ) != 0 )
|
---|
752 | goto cleanup;
|
---|
753 | p += len;
|
---|
754 |
|
---|
755 | /* Import P */
|
---|
756 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
757 | MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
---|
758 | ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, p, len, NULL, 0,
|
---|
759 | NULL, 0, NULL, 0 ) ) != 0 )
|
---|
760 | goto cleanup;
|
---|
761 | p += len;
|
---|
762 |
|
---|
763 | /* Import Q */
|
---|
764 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
765 | MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
---|
766 | ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, p, len,
|
---|
767 | NULL, 0, NULL, 0 ) ) != 0 )
|
---|
768 | goto cleanup;
|
---|
769 | p += len;
|
---|
770 |
|
---|
771 | /* Complete the RSA private key */
|
---|
772 | if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 )
|
---|
773 | goto cleanup;
|
---|
774 |
|
---|
775 | /* Check optional parameters */
|
---|
776 | if( ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
|
---|
777 | ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
|
---|
778 | ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 )
|
---|
779 | goto cleanup;
|
---|
780 |
|
---|
781 | if( p != end )
|
---|
782 | {
|
---|
783 | ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
|
---|
784 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ;
|
---|
785 | }
|
---|
786 |
|
---|
787 | cleanup:
|
---|
788 |
|
---|
789 | mbedtls_mpi_free( &T );
|
---|
790 |
|
---|
791 | if( ret != 0 )
|
---|
792 | {
|
---|
793 | /* Wrap error code if it's coming from a lower level */
|
---|
794 | if( ( ret & 0xff80 ) == 0 )
|
---|
795 | ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret;
|
---|
796 | else
|
---|
797 | ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
|
---|
798 |
|
---|
799 | mbedtls_rsa_free( rsa );
|
---|
800 | }
|
---|
801 |
|
---|
802 | return( ret );
|
---|
803 | }
|
---|
804 | #endif /* MBEDTLS_RSA_C */
|
---|
805 |
|
---|
806 | #if defined(MBEDTLS_ECP_C)
|
---|
807 | /*
|
---|
808 | * Parse a SEC1 encoded private EC key
|
---|
809 | */
|
---|
810 | static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
|
---|
811 | const unsigned char *key,
|
---|
812 | size_t keylen )
|
---|
813 | {
|
---|
814 | int ret;
|
---|
815 | int version, pubkey_done;
|
---|
816 | size_t len;
|
---|
817 | mbedtls_asn1_buf params;
|
---|
818 | unsigned char *p = (unsigned char *) key;
|
---|
819 | unsigned char *end = p + keylen;
|
---|
820 | unsigned char *end2;
|
---|
821 |
|
---|
822 | /*
|
---|
823 | * RFC 5915, or SEC1 Appendix C.4
|
---|
824 | *
|
---|
825 | * ECPrivateKey ::= SEQUENCE {
|
---|
826 | * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
|
---|
827 | * privateKey OCTET STRING,
|
---|
828 | * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
|
---|
829 | * publicKey [1] BIT STRING OPTIONAL
|
---|
830 | * }
|
---|
831 | */
|
---|
832 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
833 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
834 | {
|
---|
835 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
836 | }
|
---|
837 |
|
---|
838 | end = p + len;
|
---|
839 |
|
---|
840 | if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
|
---|
841 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
842 |
|
---|
843 | if( version != 1 )
|
---|
844 | return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
|
---|
845 |
|
---|
846 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
|
---|
847 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
848 |
|
---|
849 | if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 )
|
---|
850 | {
|
---|
851 | mbedtls_ecp_keypair_free( eck );
|
---|
852 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
853 | }
|
---|
854 |
|
---|
855 | p += len;
|
---|
856 |
|
---|
857 | pubkey_done = 0;
|
---|
858 | if( p != end )
|
---|
859 | {
|
---|
860 | /*
|
---|
861 | * Is 'parameters' present?
|
---|
862 | */
|
---|
863 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
864 | MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
|
---|
865 | {
|
---|
866 | if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 ||
|
---|
867 | ( ret = pk_use_ecparams( ¶ms, &eck->grp ) ) != 0 )
|
---|
868 | {
|
---|
869 | mbedtls_ecp_keypair_free( eck );
|
---|
870 | return( ret );
|
---|
871 | }
|
---|
872 | }
|
---|
873 | else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
|
---|
874 | {
|
---|
875 | mbedtls_ecp_keypair_free( eck );
|
---|
876 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
877 | }
|
---|
878 | }
|
---|
879 |
|
---|
880 | if( p != end )
|
---|
881 | {
|
---|
882 | /*
|
---|
883 | * Is 'publickey' present? If not, or if we can't read it (eg because it
|
---|
884 | * is compressed), create it from the private key.
|
---|
885 | */
|
---|
886 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
887 | MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
|
---|
888 | {
|
---|
889 | end2 = p + len;
|
---|
890 |
|
---|
891 | if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
|
---|
892 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
893 |
|
---|
894 | if( p + len != end2 )
|
---|
895 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
|
---|
896 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
897 |
|
---|
898 | if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
|
---|
899 | pubkey_done = 1;
|
---|
900 | else
|
---|
901 | {
|
---|
902 | /*
|
---|
903 | * The only acceptable failure mode of pk_get_ecpubkey() above
|
---|
904 | * is if the point format is not recognized.
|
---|
905 | */
|
---|
906 | if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE )
|
---|
907 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
---|
908 | }
|
---|
909 | }
|
---|
910 | else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
|
---|
911 | {
|
---|
912 | mbedtls_ecp_keypair_free( eck );
|
---|
913 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
914 | }
|
---|
915 | }
|
---|
916 |
|
---|
917 | if( ! pubkey_done &&
|
---|
918 | ( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
|
---|
919 | NULL, NULL ) ) != 0 )
|
---|
920 | {
|
---|
921 | mbedtls_ecp_keypair_free( eck );
|
---|
922 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
923 | }
|
---|
924 |
|
---|
925 | if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
|
---|
926 | {
|
---|
927 | mbedtls_ecp_keypair_free( eck );
|
---|
928 | return( ret );
|
---|
929 | }
|
---|
930 |
|
---|
931 | return( 0 );
|
---|
932 | }
|
---|
933 | #endif /* MBEDTLS_ECP_C */
|
---|
934 |
|
---|
935 | /*
|
---|
936 | * Parse an unencrypted PKCS#8 encoded private key
|
---|
937 | *
|
---|
938 | * Notes:
|
---|
939 | *
|
---|
940 | * - This function does not own the key buffer. It is the
|
---|
941 | * responsibility of the caller to take care of zeroizing
|
---|
942 | * and freeing it after use.
|
---|
943 | *
|
---|
944 | * - The function is responsible for freeing the provided
|
---|
945 | * PK context on failure.
|
---|
946 | *
|
---|
947 | */
|
---|
948 | static int pk_parse_key_pkcs8_unencrypted_der(
|
---|
949 | mbedtls_pk_context *pk,
|
---|
950 | const unsigned char* key,
|
---|
951 | size_t keylen )
|
---|
952 | {
|
---|
953 | int ret, version;
|
---|
954 | size_t len;
|
---|
955 | mbedtls_asn1_buf params;
|
---|
956 | unsigned char *p = (unsigned char *) key;
|
---|
957 | unsigned char *end = p + keylen;
|
---|
958 | mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
|
---|
959 | const mbedtls_pk_info_t *pk_info;
|
---|
960 |
|
---|
961 | /*
|
---|
962 | * This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208)
|
---|
963 | *
|
---|
964 | * PrivateKeyInfo ::= SEQUENCE {
|
---|
965 | * version Version,
|
---|
966 | * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
|
---|
967 | * privateKey PrivateKey,
|
---|
968 | * attributes [0] IMPLICIT Attributes OPTIONAL }
|
---|
969 | *
|
---|
970 | * Version ::= INTEGER
|
---|
971 | * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
|
---|
972 | * PrivateKey ::= OCTET STRING
|
---|
973 | *
|
---|
974 | * The PrivateKey OCTET STRING is a SEC1 ECPrivateKey
|
---|
975 | */
|
---|
976 |
|
---|
977 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
978 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
979 | {
|
---|
980 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
981 | }
|
---|
982 |
|
---|
983 | end = p + len;
|
---|
984 |
|
---|
985 | if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
|
---|
986 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
987 |
|
---|
988 | if( version != 0 )
|
---|
989 | return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret );
|
---|
990 |
|
---|
991 | if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 )
|
---|
992 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
993 |
|
---|
994 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
|
---|
995 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
996 |
|
---|
997 | if( len < 1 )
|
---|
998 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
|
---|
999 | MBEDTLS_ERR_ASN1_OUT_OF_DATA );
|
---|
1000 |
|
---|
1001 | if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
|
---|
1002 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
---|
1003 |
|
---|
1004 | if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
|
---|
1005 | return( ret );
|
---|
1006 |
|
---|
1007 | #if defined(MBEDTLS_RSA_C)
|
---|
1008 | if( pk_alg == MBEDTLS_PK_RSA )
|
---|
1009 | {
|
---|
1010 | if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 )
|
---|
1011 | {
|
---|
1012 | mbedtls_pk_free( pk );
|
---|
1013 | return( ret );
|
---|
1014 | }
|
---|
1015 | } else
|
---|
1016 | #endif /* MBEDTLS_RSA_C */
|
---|
1017 | #if defined(MBEDTLS_ECP_C)
|
---|
1018 | if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )
|
---|
1019 | {
|
---|
1020 | if( ( ret = pk_use_ecparams( ¶ms, &mbedtls_pk_ec( *pk )->grp ) ) != 0 ||
|
---|
1021 | ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len ) ) != 0 )
|
---|
1022 | {
|
---|
1023 | mbedtls_pk_free( pk );
|
---|
1024 | return( ret );
|
---|
1025 | }
|
---|
1026 | } else
|
---|
1027 | #endif /* MBEDTLS_ECP_C */
|
---|
1028 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
---|
1029 |
|
---|
1030 | return( 0 );
|
---|
1031 | }
|
---|
1032 |
|
---|
1033 | /*
|
---|
1034 | * Parse an encrypted PKCS#8 encoded private key
|
---|
1035 | *
|
---|
1036 | * To save space, the decryption happens in-place on the given key buffer.
|
---|
1037 | * Also, while this function may modify the keybuffer, it doesn't own it,
|
---|
1038 | * and instead it is the responsibility of the caller to zeroize and properly
|
---|
1039 | * free it after use.
|
---|
1040 | *
|
---|
1041 | */
|
---|
1042 | #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
|
---|
1043 | static int pk_parse_key_pkcs8_encrypted_der(
|
---|
1044 | mbedtls_pk_context *pk,
|
---|
1045 | unsigned char *key, size_t keylen,
|
---|
1046 | const unsigned char *pwd, size_t pwdlen )
|
---|
1047 | {
|
---|
1048 | int ret, decrypted = 0;
|
---|
1049 | size_t len;
|
---|
1050 | unsigned char *buf;
|
---|
1051 | unsigned char *p, *end;
|
---|
1052 | mbedtls_asn1_buf pbe_alg_oid, pbe_params;
|
---|
1053 | #if defined(MBEDTLS_PKCS12_C)
|
---|
1054 | mbedtls_cipher_type_t cipher_alg;
|
---|
1055 | mbedtls_md_type_t md_alg;
|
---|
1056 | #endif
|
---|
1057 |
|
---|
1058 | p = key;
|
---|
1059 | end = p + keylen;
|
---|
1060 |
|
---|
1061 | if( pwdlen == 0 )
|
---|
1062 | return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
|
---|
1063 |
|
---|
1064 | /*
|
---|
1065 | * This function parses the EncryptedPrivateKeyInfo object (PKCS#8)
|
---|
1066 | *
|
---|
1067 | * EncryptedPrivateKeyInfo ::= SEQUENCE {
|
---|
1068 | * encryptionAlgorithm EncryptionAlgorithmIdentifier,
|
---|
1069 | * encryptedData EncryptedData
|
---|
1070 | * }
|
---|
1071 | *
|
---|
1072 | * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
|
---|
1073 | *
|
---|
1074 | * EncryptedData ::= OCTET STRING
|
---|
1075 | *
|
---|
1076 | * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
|
---|
1077 | *
|
---|
1078 | */
|
---|
1079 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
1080 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
1081 | {
|
---|
1082 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
1083 | }
|
---|
1084 |
|
---|
1085 | end = p + len;
|
---|
1086 |
|
---|
1087 | if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
|
---|
1088 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
1089 |
|
---|
1090 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
|
---|
1091 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
1092 |
|
---|
1093 | buf = p;
|
---|
1094 |
|
---|
1095 | /*
|
---|
1096 | * Decrypt EncryptedData with appropriate PBE
|
---|
1097 | */
|
---|
1098 | #if defined(MBEDTLS_PKCS12_C)
|
---|
1099 | if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
|
---|
1100 | {
|
---|
1101 | if( ( ret = mbedtls_pkcs12_pbe( &pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
|
---|
1102 | cipher_alg, md_alg,
|
---|
1103 | pwd, pwdlen, p, len, buf ) ) != 0 )
|
---|
1104 | {
|
---|
1105 | if( ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH )
|
---|
1106 | return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
|
---|
1107 |
|
---|
1108 | return( ret );
|
---|
1109 | }
|
---|
1110 |
|
---|
1111 | decrypted = 1;
|
---|
1112 | }
|
---|
1113 | else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 )
|
---|
1114 | {
|
---|
1115 | if( ( ret = mbedtls_pkcs12_pbe_sha1_rc4_128( &pbe_params,
|
---|
1116 | MBEDTLS_PKCS12_PBE_DECRYPT,
|
---|
1117 | pwd, pwdlen,
|
---|
1118 | p, len, buf ) ) != 0 )
|
---|
1119 | {
|
---|
1120 | return( ret );
|
---|
1121 | }
|
---|
1122 |
|
---|
1123 | // Best guess for password mismatch when using RC4. If first tag is
|
---|
1124 | // not MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE
|
---|
1125 | //
|
---|
1126 | if( *buf != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
|
---|
1127 | return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
|
---|
1128 |
|
---|
1129 | decrypted = 1;
|
---|
1130 | }
|
---|
1131 | else
|
---|
1132 | #endif /* MBEDTLS_PKCS12_C */
|
---|
1133 | #if defined(MBEDTLS_PKCS5_C)
|
---|
1134 | if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid ) == 0 )
|
---|
1135 | {
|
---|
1136 | if( ( ret = mbedtls_pkcs5_pbes2( &pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen,
|
---|
1137 | p, len, buf ) ) != 0 )
|
---|
1138 | {
|
---|
1139 | if( ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH )
|
---|
1140 | return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
|
---|
1141 |
|
---|
1142 | return( ret );
|
---|
1143 | }
|
---|
1144 |
|
---|
1145 | decrypted = 1;
|
---|
1146 | }
|
---|
1147 | else
|
---|
1148 | #endif /* MBEDTLS_PKCS5_C */
|
---|
1149 | {
|
---|
1150 | ((void) pwd);
|
---|
1151 | }
|
---|
1152 |
|
---|
1153 | if( decrypted == 0 )
|
---|
1154 | return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
---|
1155 |
|
---|
1156 | return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
|
---|
1157 | }
|
---|
1158 | #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
|
---|
1159 |
|
---|
1160 | /*
|
---|
1161 | * Parse a private key
|
---|
1162 | */
|
---|
1163 | int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
---|
1164 | const unsigned char *key, size_t keylen,
|
---|
1165 | const unsigned char *pwd, size_t pwdlen )
|
---|
1166 | {
|
---|
1167 | int ret;
|
---|
1168 | const mbedtls_pk_info_t *pk_info;
|
---|
1169 | #if defined(MBEDTLS_PEM_PARSE_C)
|
---|
1170 | size_t len;
|
---|
1171 | mbedtls_pem_context pem;
|
---|
1172 | #endif
|
---|
1173 |
|
---|
1174 | PK_VALIDATE_RET( pk != NULL );
|
---|
1175 | if( keylen == 0 )
|
---|
1176 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
---|
1177 | PK_VALIDATE_RET( key != NULL );
|
---|
1178 |
|
---|
1179 | #if defined(MBEDTLS_PEM_PARSE_C)
|
---|
1180 | mbedtls_pem_init( &pem );
|
---|
1181 |
|
---|
1182 | #if defined(MBEDTLS_RSA_C)
|
---|
1183 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
---|
1184 | if( key[keylen - 1] != '\0' )
|
---|
1185 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
---|
1186 | else
|
---|
1187 | ret = mbedtls_pem_read_buffer( &pem,
|
---|
1188 | "-----BEGIN RSA PRIVATE KEY-----",
|
---|
1189 | "-----END RSA PRIVATE KEY-----",
|
---|
1190 | key, pwd, pwdlen, &len );
|
---|
1191 |
|
---|
1192 | if( ret == 0 )
|
---|
1193 | {
|
---|
1194 | pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
|
---|
1195 | if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
|
---|
1196 | ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
|
---|
1197 | pem.buf, pem.buflen ) ) != 0 )
|
---|
1198 | {
|
---|
1199 | mbedtls_pk_free( pk );
|
---|
1200 | }
|
---|
1201 |
|
---|
1202 | mbedtls_pem_free( &pem );
|
---|
1203 | return( ret );
|
---|
1204 | }
|
---|
1205 | else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
|
---|
1206 | return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
|
---|
1207 | else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
|
---|
1208 | return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
|
---|
1209 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
---|
1210 | return( ret );
|
---|
1211 | #endif /* MBEDTLS_RSA_C */
|
---|
1212 |
|
---|
1213 | #if defined(MBEDTLS_ECP_C)
|
---|
1214 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
---|
1215 | if( key[keylen - 1] != '\0' )
|
---|
1216 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
---|
1217 | else
|
---|
1218 | ret = mbedtls_pem_read_buffer( &pem,
|
---|
1219 | "-----BEGIN EC PRIVATE KEY-----",
|
---|
1220 | "-----END EC PRIVATE KEY-----",
|
---|
1221 | key, pwd, pwdlen, &len );
|
---|
1222 | if( ret == 0 )
|
---|
1223 | {
|
---|
1224 | pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
|
---|
1225 |
|
---|
1226 | if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
|
---|
1227 | ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
|
---|
1228 | pem.buf, pem.buflen ) ) != 0 )
|
---|
1229 | {
|
---|
1230 | mbedtls_pk_free( pk );
|
---|
1231 | }
|
---|
1232 |
|
---|
1233 | mbedtls_pem_free( &pem );
|
---|
1234 | return( ret );
|
---|
1235 | }
|
---|
1236 | else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
|
---|
1237 | return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
|
---|
1238 | else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
|
---|
1239 | return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
|
---|
1240 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
---|
1241 | return( ret );
|
---|
1242 | #endif /* MBEDTLS_ECP_C */
|
---|
1243 |
|
---|
1244 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
---|
1245 | if( key[keylen - 1] != '\0' )
|
---|
1246 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
---|
1247 | else
|
---|
1248 | ret = mbedtls_pem_read_buffer( &pem,
|
---|
1249 | "-----BEGIN PRIVATE KEY-----",
|
---|
1250 | "-----END PRIVATE KEY-----",
|
---|
1251 | key, NULL, 0, &len );
|
---|
1252 | if( ret == 0 )
|
---|
1253 | {
|
---|
1254 | if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
|
---|
1255 | pem.buf, pem.buflen ) ) != 0 )
|
---|
1256 | {
|
---|
1257 | mbedtls_pk_free( pk );
|
---|
1258 | }
|
---|
1259 |
|
---|
1260 | mbedtls_pem_free( &pem );
|
---|
1261 | return( ret );
|
---|
1262 | }
|
---|
1263 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
---|
1264 | return( ret );
|
---|
1265 |
|
---|
1266 | #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
|
---|
1267 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
---|
1268 | if( key[keylen - 1] != '\0' )
|
---|
1269 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
---|
1270 | else
|
---|
1271 | ret = mbedtls_pem_read_buffer( &pem,
|
---|
1272 | "-----BEGIN ENCRYPTED PRIVATE KEY-----",
|
---|
1273 | "-----END ENCRYPTED PRIVATE KEY-----",
|
---|
1274 | key, NULL, 0, &len );
|
---|
1275 | if( ret == 0 )
|
---|
1276 | {
|
---|
1277 | if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
|
---|
1278 | pem.buf, pem.buflen,
|
---|
1279 | pwd, pwdlen ) ) != 0 )
|
---|
1280 | {
|
---|
1281 | mbedtls_pk_free( pk );
|
---|
1282 | }
|
---|
1283 |
|
---|
1284 | mbedtls_pem_free( &pem );
|
---|
1285 | return( ret );
|
---|
1286 | }
|
---|
1287 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
---|
1288 | return( ret );
|
---|
1289 | #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
|
---|
1290 | #else
|
---|
1291 | ((void) pwd);
|
---|
1292 | ((void) pwdlen);
|
---|
1293 | #endif /* MBEDTLS_PEM_PARSE_C */
|
---|
1294 |
|
---|
1295 | /*
|
---|
1296 | * At this point we only know it's not a PEM formatted key. Could be any
|
---|
1297 | * of the known DER encoded private key formats
|
---|
1298 | *
|
---|
1299 | * We try the different DER format parsers to see if one passes without
|
---|
1300 | * error
|
---|
1301 | */
|
---|
1302 | #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
|
---|
1303 | {
|
---|
1304 | unsigned char *key_copy;
|
---|
1305 |
|
---|
1306 | if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
|
---|
1307 | return( MBEDTLS_ERR_PK_ALLOC_FAILED );
|
---|
1308 |
|
---|
1309 | memcpy( key_copy, key, keylen );
|
---|
1310 |
|
---|
1311 | ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
|
---|
1312 | pwd, pwdlen );
|
---|
1313 |
|
---|
1314 | mbedtls_platform_zeroize( key_copy, keylen );
|
---|
1315 | mbedtls_free( key_copy );
|
---|
1316 | }
|
---|
1317 |
|
---|
1318 | if( ret == 0 )
|
---|
1319 | return( 0 );
|
---|
1320 |
|
---|
1321 | mbedtls_pk_free( pk );
|
---|
1322 | mbedtls_pk_init( pk );
|
---|
1323 |
|
---|
1324 | if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )
|
---|
1325 | {
|
---|
1326 | return( ret );
|
---|
1327 | }
|
---|
1328 | #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
|
---|
1329 |
|
---|
1330 | if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
|
---|
1331 | return( 0 );
|
---|
1332 |
|
---|
1333 | mbedtls_pk_free( pk );
|
---|
1334 | mbedtls_pk_init( pk );
|
---|
1335 |
|
---|
1336 | #if defined(MBEDTLS_RSA_C)
|
---|
1337 |
|
---|
1338 | pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
|
---|
1339 | if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
|
---|
1340 | pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) == 0 )
|
---|
1341 | {
|
---|
1342 | return( 0 );
|
---|
1343 | }
|
---|
1344 |
|
---|
1345 | mbedtls_pk_free( pk );
|
---|
1346 | mbedtls_pk_init( pk );
|
---|
1347 | #endif /* MBEDTLS_RSA_C */
|
---|
1348 |
|
---|
1349 | #if defined(MBEDTLS_ECP_C)
|
---|
1350 | pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
|
---|
1351 | if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
|
---|
1352 | pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
|
---|
1353 | key, keylen ) == 0 )
|
---|
1354 | {
|
---|
1355 | return( 0 );
|
---|
1356 | }
|
---|
1357 | mbedtls_pk_free( pk );
|
---|
1358 | #endif /* MBEDTLS_ECP_C */
|
---|
1359 |
|
---|
1360 | /* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_C isn't,
|
---|
1361 | * it is ok to leave the PK context initialized but not
|
---|
1362 | * freed: It is the caller's responsibility to call pk_init()
|
---|
1363 | * before calling this function, and to call pk_free()
|
---|
1364 | * when it fails. If MBEDTLS_ECP_C is defined but MBEDTLS_RSA_C
|
---|
1365 | * isn't, this leads to mbedtls_pk_free() being called
|
---|
1366 | * twice, once here and once by the caller, but this is
|
---|
1367 | * also ok and in line with the mbedtls_pk_free() calls
|
---|
1368 | * on failed PEM parsing attempts. */
|
---|
1369 |
|
---|
1370 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
---|
1371 | }
|
---|
1372 |
|
---|
1373 | /*
|
---|
1374 | * Parse a public key
|
---|
1375 | */
|
---|
1376 | int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
|
---|
1377 | const unsigned char *key, size_t keylen )
|
---|
1378 | {
|
---|
1379 | int ret;
|
---|
1380 | unsigned char *p;
|
---|
1381 | #if defined(MBEDTLS_RSA_C)
|
---|
1382 | const mbedtls_pk_info_t *pk_info;
|
---|
1383 | #endif
|
---|
1384 | #if defined(MBEDTLS_PEM_PARSE_C)
|
---|
1385 | size_t len;
|
---|
1386 | mbedtls_pem_context pem;
|
---|
1387 | #endif
|
---|
1388 |
|
---|
1389 | PK_VALIDATE_RET( ctx != NULL );
|
---|
1390 | if( keylen == 0 )
|
---|
1391 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
---|
1392 | PK_VALIDATE_RET( key != NULL || keylen == 0 );
|
---|
1393 |
|
---|
1394 | #if defined(MBEDTLS_PEM_PARSE_C)
|
---|
1395 | mbedtls_pem_init( &pem );
|
---|
1396 | #if defined(MBEDTLS_RSA_C)
|
---|
1397 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
---|
1398 | if( key[keylen - 1] != '\0' )
|
---|
1399 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
---|
1400 | else
|
---|
1401 | ret = mbedtls_pem_read_buffer( &pem,
|
---|
1402 | "-----BEGIN RSA PUBLIC KEY-----",
|
---|
1403 | "-----END RSA PUBLIC KEY-----",
|
---|
1404 | key, NULL, 0, &len );
|
---|
1405 |
|
---|
1406 | if( ret == 0 )
|
---|
1407 | {
|
---|
1408 | p = pem.buf;
|
---|
1409 | if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
|
---|
1410 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
---|
1411 |
|
---|
1412 | if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
|
---|
1413 | return( ret );
|
---|
1414 |
|
---|
1415 | if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 )
|
---|
1416 | mbedtls_pk_free( ctx );
|
---|
1417 |
|
---|
1418 | mbedtls_pem_free( &pem );
|
---|
1419 | return( ret );
|
---|
1420 | }
|
---|
1421 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
---|
1422 | {
|
---|
1423 | mbedtls_pem_free( &pem );
|
---|
1424 | return( ret );
|
---|
1425 | }
|
---|
1426 | #endif /* MBEDTLS_RSA_C */
|
---|
1427 |
|
---|
1428 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
---|
1429 | if( key[keylen - 1] != '\0' )
|
---|
1430 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
---|
1431 | else
|
---|
1432 | ret = mbedtls_pem_read_buffer( &pem,
|
---|
1433 | "-----BEGIN PUBLIC KEY-----",
|
---|
1434 | "-----END PUBLIC KEY-----",
|
---|
1435 | key, NULL, 0, &len );
|
---|
1436 |
|
---|
1437 | if( ret == 0 )
|
---|
1438 | {
|
---|
1439 | /*
|
---|
1440 | * Was PEM encoded
|
---|
1441 | */
|
---|
1442 | p = pem.buf;
|
---|
1443 |
|
---|
1444 | ret = mbedtls_pk_parse_subpubkey( &p, p + pem.buflen, ctx );
|
---|
1445 | mbedtls_pem_free( &pem );
|
---|
1446 | return( ret );
|
---|
1447 | }
|
---|
1448 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
---|
1449 | {
|
---|
1450 | mbedtls_pem_free( &pem );
|
---|
1451 | return( ret );
|
---|
1452 | }
|
---|
1453 | mbedtls_pem_free( &pem );
|
---|
1454 | #endif /* MBEDTLS_PEM_PARSE_C */
|
---|
1455 |
|
---|
1456 | #if defined(MBEDTLS_RSA_C)
|
---|
1457 | if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
|
---|
1458 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
---|
1459 |
|
---|
1460 | if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
|
---|
1461 | return( ret );
|
---|
1462 |
|
---|
1463 | p = (unsigned char *)key;
|
---|
1464 | ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) );
|
---|
1465 | if( ret == 0 )
|
---|
1466 | {
|
---|
1467 | return( ret );
|
---|
1468 | }
|
---|
1469 | mbedtls_pk_free( ctx );
|
---|
1470 | if( ret != ( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
|
---|
1471 | {
|
---|
1472 | return( ret );
|
---|
1473 | }
|
---|
1474 | #endif /* MBEDTLS_RSA_C */
|
---|
1475 | p = (unsigned char *) key;
|
---|
1476 |
|
---|
1477 | ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx );
|
---|
1478 |
|
---|
1479 | return( ret );
|
---|
1480 | }
|
---|
1481 |
|
---|
1482 | #endif /* MBEDTLS_PK_PARSE_C */
|
---|