[398] | 1 | /*
|
---|
| 2 | * Public Key layer for parsing key files and structures
|
---|
| 3 | *
|
---|
| 4 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
---|
| 5 | * SPDX-License-Identifier: Apache-2.0
|
---|
| 6 | *
|
---|
| 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
|
---|
| 8 | * not use this file except in compliance with the License.
|
---|
| 9 | * You may obtain a copy of the License at
|
---|
| 10 | *
|
---|
| 11 | * http://www.apache.org/licenses/LICENSE-2.0
|
---|
| 12 | *
|
---|
| 13 | * Unless required by applicable law or agreed to in writing, software
|
---|
| 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
---|
| 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
---|
| 16 | * See the License for the specific language governing permissions and
|
---|
| 17 | * limitations under the License.
|
---|
| 18 | *
|
---|
| 19 | * This file is part of mbed TLS (https://tls.mbed.org)
|
---|
| 20 | */
|
---|
| 21 |
|
---|
| 22 | #if !defined(MBEDTLS_CONFIG_FILE)
|
---|
| 23 | #include "mbedtls/config.h"
|
---|
| 24 | #else
|
---|
| 25 | #include MBEDTLS_CONFIG_FILE
|
---|
| 26 | #endif
|
---|
| 27 |
|
---|
| 28 | #if defined(MBEDTLS_PK_PARSE_C)
|
---|
| 29 |
|
---|
| 30 | #include "mbedtls/pk.h"
|
---|
| 31 | #include "mbedtls/asn1.h"
|
---|
| 32 | #include "mbedtls/oid.h"
|
---|
| 33 | #include "mbedtls/platform_util.h"
|
---|
| 34 |
|
---|
| 35 | #include <string.h>
|
---|
| 36 |
|
---|
| 37 | #if defined(MBEDTLS_RSA_C)
|
---|
| 38 | #include "mbedtls/rsa.h"
|
---|
| 39 | #endif
|
---|
| 40 | #if defined(MBEDTLS_ECP_C)
|
---|
| 41 | #include "mbedtls/ecp.h"
|
---|
| 42 | #endif
|
---|
| 43 | #if defined(MBEDTLS_ECDSA_C)
|
---|
| 44 | #include "mbedtls/ecdsa.h"
|
---|
| 45 | #endif
|
---|
| 46 | #if defined(MBEDTLS_PEM_PARSE_C)
|
---|
| 47 | #include "mbedtls/pem.h"
|
---|
| 48 | #endif
|
---|
| 49 | #if defined(MBEDTLS_PKCS5_C)
|
---|
| 50 | #include "mbedtls/pkcs5.h"
|
---|
| 51 | #endif
|
---|
| 52 | #if defined(MBEDTLS_PKCS12_C)
|
---|
| 53 | #include "mbedtls/pkcs12.h"
|
---|
| 54 | #endif
|
---|
| 55 |
|
---|
| 56 | #if defined(MBEDTLS_PLATFORM_C)
|
---|
| 57 | #include "mbedtls/platform.h"
|
---|
| 58 | #else
|
---|
| 59 | #include <stdlib.h>
|
---|
| 60 | #define mbedtls_calloc calloc
|
---|
| 61 | #define mbedtls_free free
|
---|
| 62 | #endif
|
---|
| 63 |
|
---|
| 64 | /* Parameter validation macros based on platform_util.h */
|
---|
| 65 | #define PK_VALIDATE_RET( cond ) \
|
---|
| 66 | MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
|
---|
| 67 | #define PK_VALIDATE( cond ) \
|
---|
| 68 | MBEDTLS_INTERNAL_VALIDATE( cond )
|
---|
| 69 |
|
---|
| 70 | #if defined(MBEDTLS_FS_IO)
|
---|
| 71 | /*
|
---|
| 72 | * Load all data from a file into a given buffer.
|
---|
| 73 | *
|
---|
| 74 | * The file is expected to contain either PEM or DER encoded data.
|
---|
| 75 | * A terminating null byte is always appended. It is included in the announced
|
---|
| 76 | * length only if the data looks like it is PEM encoded.
|
---|
| 77 | */
|
---|
| 78 | int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
|
---|
| 79 | {
|
---|
| 80 | FILE *f;
|
---|
| 81 | long size;
|
---|
| 82 |
|
---|
| 83 | PK_VALIDATE_RET( path != NULL );
|
---|
| 84 | PK_VALIDATE_RET( buf != NULL );
|
---|
| 85 | PK_VALIDATE_RET( n != NULL );
|
---|
| 86 |
|
---|
| 87 | if( ( f = fopen( path, "rb" ) ) == NULL )
|
---|
| 88 | return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
|
---|
| 89 |
|
---|
| 90 | fseek( f, 0, SEEK_END );
|
---|
| 91 | if( ( size = ftell( f ) ) == -1 )
|
---|
| 92 | {
|
---|
| 93 | fclose( f );
|
---|
| 94 | return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
|
---|
| 95 | }
|
---|
| 96 | fseek( f, 0, SEEK_SET );
|
---|
| 97 |
|
---|
| 98 | *n = (size_t) size;
|
---|
| 99 |
|
---|
| 100 | if( *n + 1 == 0 ||
|
---|
| 101 | ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
|
---|
| 102 | {
|
---|
| 103 | fclose( f );
|
---|
| 104 | return( MBEDTLS_ERR_PK_ALLOC_FAILED );
|
---|
| 105 | }
|
---|
| 106 |
|
---|
| 107 | if( fread( *buf, 1, *n, f ) != *n )
|
---|
| 108 | {
|
---|
| 109 | fclose( f );
|
---|
| 110 |
|
---|
| 111 | mbedtls_platform_zeroize( *buf, *n );
|
---|
| 112 | mbedtls_free( *buf );
|
---|
| 113 |
|
---|
| 114 | return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
|
---|
| 115 | }
|
---|
| 116 |
|
---|
| 117 | fclose( f );
|
---|
| 118 |
|
---|
| 119 | (*buf)[*n] = '\0';
|
---|
| 120 |
|
---|
| 121 | if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
|
---|
| 122 | ++*n;
|
---|
| 123 |
|
---|
| 124 | return( 0 );
|
---|
| 125 | }
|
---|
| 126 |
|
---|
| 127 | /*
|
---|
| 128 | * Load and parse a private key
|
---|
| 129 | */
|
---|
| 130 | int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
|
---|
| 131 | const char *path, const char *pwd )
|
---|
| 132 | {
|
---|
| 133 | int ret;
|
---|
| 134 | size_t n;
|
---|
| 135 | unsigned char *buf;
|
---|
| 136 |
|
---|
| 137 | PK_VALIDATE_RET( ctx != NULL );
|
---|
| 138 | PK_VALIDATE_RET( path != NULL );
|
---|
| 139 |
|
---|
| 140 | if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
|
---|
| 141 | return( ret );
|
---|
| 142 |
|
---|
| 143 | if( pwd == NULL )
|
---|
| 144 | ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 );
|
---|
| 145 | else
|
---|
| 146 | ret = mbedtls_pk_parse_key( ctx, buf, n,
|
---|
| 147 | (const unsigned char *) pwd, strlen( pwd ) );
|
---|
| 148 |
|
---|
| 149 | mbedtls_platform_zeroize( buf, n );
|
---|
| 150 | mbedtls_free( buf );
|
---|
| 151 |
|
---|
| 152 | return( ret );
|
---|
| 153 | }
|
---|
| 154 |
|
---|
| 155 | /*
|
---|
| 156 | * Load and parse a public key
|
---|
| 157 | */
|
---|
| 158 | int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
|
---|
| 159 | {
|
---|
| 160 | int ret;
|
---|
| 161 | size_t n;
|
---|
| 162 | unsigned char *buf;
|
---|
| 163 |
|
---|
| 164 | PK_VALIDATE_RET( ctx != NULL );
|
---|
| 165 | PK_VALIDATE_RET( path != NULL );
|
---|
| 166 |
|
---|
| 167 | if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
|
---|
| 168 | return( ret );
|
---|
| 169 |
|
---|
| 170 | ret = mbedtls_pk_parse_public_key( ctx, buf, n );
|
---|
| 171 |
|
---|
| 172 | mbedtls_platform_zeroize( buf, n );
|
---|
| 173 | mbedtls_free( buf );
|
---|
| 174 |
|
---|
| 175 | return( ret );
|
---|
| 176 | }
|
---|
| 177 | #endif /* MBEDTLS_FS_IO */
|
---|
| 178 |
|
---|
| 179 | #if defined(MBEDTLS_ECP_C)
|
---|
| 180 | /* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf
|
---|
| 181 | *
|
---|
| 182 | * ECParameters ::= CHOICE {
|
---|
| 183 | * namedCurve OBJECT IDENTIFIER
|
---|
| 184 | * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
|
---|
| 185 | * -- implicitCurve NULL
|
---|
| 186 | * }
|
---|
| 187 | */
|
---|
| 188 | static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
|
---|
| 189 | mbedtls_asn1_buf *params )
|
---|
| 190 | {
|
---|
| 191 | int ret;
|
---|
| 192 |
|
---|
| 193 | if ( end - *p < 1 )
|
---|
| 194 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
|
---|
| 195 | MBEDTLS_ERR_ASN1_OUT_OF_DATA );
|
---|
| 196 |
|
---|
| 197 | /* Tag may be either OID or SEQUENCE */
|
---|
| 198 | params->tag = **p;
|
---|
| 199 | if( params->tag != MBEDTLS_ASN1_OID
|
---|
| 200 | #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
|
---|
| 201 | && params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE )
|
---|
| 202 | #endif
|
---|
| 203 | )
|
---|
| 204 | {
|
---|
| 205 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
|
---|
| 206 | MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
|
---|
| 207 | }
|
---|
| 208 |
|
---|
| 209 | if( ( ret = mbedtls_asn1_get_tag( p, end, ¶ms->len, params->tag ) ) != 0 )
|
---|
| 210 | {
|
---|
| 211 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 212 | }
|
---|
| 213 |
|
---|
| 214 | params->p = *p;
|
---|
| 215 | *p += params->len;
|
---|
| 216 |
|
---|
| 217 | if( *p != end )
|
---|
| 218 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
|
---|
| 219 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
| 220 |
|
---|
| 221 | return( 0 );
|
---|
| 222 | }
|
---|
| 223 |
|
---|
| 224 | #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
|
---|
| 225 | /*
|
---|
| 226 | * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it.
|
---|
| 227 | * WARNING: the resulting group should only be used with
|
---|
| 228 | * pk_group_id_from_specified(), since its base point may not be set correctly
|
---|
| 229 | * if it was encoded compressed.
|
---|
| 230 | *
|
---|
| 231 | * SpecifiedECDomain ::= SEQUENCE {
|
---|
| 232 | * version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...),
|
---|
| 233 | * fieldID FieldID {{FieldTypes}},
|
---|
| 234 | * curve Curve,
|
---|
| 235 | * base ECPoint,
|
---|
| 236 | * order INTEGER,
|
---|
| 237 | * cofactor INTEGER OPTIONAL,
|
---|
| 238 | * hash HashAlgorithm OPTIONAL,
|
---|
| 239 | * ...
|
---|
| 240 | * }
|
---|
| 241 | *
|
---|
| 242 | * We only support prime-field as field type, and ignore hash and cofactor.
|
---|
| 243 | */
|
---|
| 244 | static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
|
---|
| 245 | {
|
---|
| 246 | int ret;
|
---|
| 247 | unsigned char *p = params->p;
|
---|
| 248 | const unsigned char * const end = params->p + params->len;
|
---|
| 249 | const unsigned char *end_field, *end_curve;
|
---|
| 250 | size_t len;
|
---|
| 251 | int ver;
|
---|
| 252 |
|
---|
| 253 | /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */
|
---|
| 254 | if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 )
|
---|
| 255 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 256 |
|
---|
| 257 | if( ver < 1 || ver > 3 )
|
---|
| 258 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
---|
| 259 |
|
---|
| 260 | /*
|
---|
| 261 | * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field
|
---|
| 262 | * fieldType FIELD-ID.&id({IOSet}),
|
---|
| 263 | * parameters FIELD-ID.&Type({IOSet}{@fieldType})
|
---|
| 264 | * }
|
---|
| 265 | */
|
---|
| 266 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
| 267 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
| 268 | return( ret );
|
---|
| 269 |
|
---|
| 270 | end_field = p + len;
|
---|
| 271 |
|
---|
| 272 | /*
|
---|
| 273 | * FIELD-ID ::= TYPE-IDENTIFIER
|
---|
| 274 | * FieldTypes FIELD-ID ::= {
|
---|
| 275 | * { Prime-p IDENTIFIED BY prime-field } |
|
---|
| 276 | * { Characteristic-two IDENTIFIED BY characteristic-two-field }
|
---|
| 277 | * }
|
---|
| 278 | * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
|
---|
| 279 | */
|
---|
| 280 | if( ( ret = mbedtls_asn1_get_tag( &p, end_field, &len, MBEDTLS_ASN1_OID ) ) != 0 )
|
---|
| 281 | return( ret );
|
---|
| 282 |
|
---|
| 283 | if( len != MBEDTLS_OID_SIZE( MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD ) ||
|
---|
| 284 | memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
|
---|
| 285 | {
|
---|
| 286 | return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
---|
| 287 | }
|
---|
| 288 |
|
---|
| 289 | p += len;
|
---|
| 290 |
|
---|
| 291 | /* Prime-p ::= INTEGER -- Field of size p. */
|
---|
| 292 | if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 )
|
---|
| 293 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 294 |
|
---|
| 295 | grp->pbits = mbedtls_mpi_bitlen( &grp->P );
|
---|
| 296 |
|
---|
| 297 | if( p != end_field )
|
---|
| 298 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
|
---|
| 299 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
| 300 |
|
---|
| 301 | /*
|
---|
| 302 | * Curve ::= SEQUENCE {
|
---|
| 303 | * a FieldElement,
|
---|
| 304 | * b FieldElement,
|
---|
| 305 | * seed BIT STRING OPTIONAL
|
---|
| 306 | * -- Shall be present if used in SpecifiedECDomain
|
---|
| 307 | * -- with version equal to ecdpVer2 or ecdpVer3
|
---|
| 308 | * }
|
---|
| 309 | */
|
---|
| 310 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
| 311 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
| 312 | return( ret );
|
---|
| 313 |
|
---|
| 314 | end_curve = p + len;
|
---|
| 315 |
|
---|
| 316 | /*
|
---|
| 317 | * FieldElement ::= OCTET STRING
|
---|
| 318 | * containing an integer in the case of a prime field
|
---|
| 319 | */
|
---|
| 320 | if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
|
---|
| 321 | ( ret = mbedtls_mpi_read_binary( &grp->A, p, len ) ) != 0 )
|
---|
| 322 | {
|
---|
| 323 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 324 | }
|
---|
| 325 |
|
---|
| 326 | p += len;
|
---|
| 327 |
|
---|
| 328 | if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
|
---|
| 329 | ( ret = mbedtls_mpi_read_binary( &grp->B, p, len ) ) != 0 )
|
---|
| 330 | {
|
---|
| 331 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 332 | }
|
---|
| 333 |
|
---|
| 334 | p += len;
|
---|
| 335 |
|
---|
| 336 | /* Ignore seed BIT STRING OPTIONAL */
|
---|
| 337 | if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING ) ) == 0 )
|
---|
| 338 | p += len;
|
---|
| 339 |
|
---|
| 340 | if( p != end_curve )
|
---|
| 341 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
|
---|
| 342 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
| 343 |
|
---|
| 344 | /*
|
---|
| 345 | * ECPoint ::= OCTET STRING
|
---|
| 346 | */
|
---|
| 347 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
|
---|
| 348 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 349 |
|
---|
| 350 | if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G,
|
---|
| 351 | ( const unsigned char *) p, len ) ) != 0 )
|
---|
| 352 | {
|
---|
| 353 | /*
|
---|
| 354 | * If we can't read the point because it's compressed, cheat by
|
---|
| 355 | * reading only the X coordinate and the parity bit of Y.
|
---|
| 356 | */
|
---|
| 357 | if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ||
|
---|
| 358 | ( p[0] != 0x02 && p[0] != 0x03 ) ||
|
---|
| 359 | len != mbedtls_mpi_size( &grp->P ) + 1 ||
|
---|
| 360 | mbedtls_mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 ||
|
---|
| 361 | mbedtls_mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 ||
|
---|
| 362 | mbedtls_mpi_lset( &grp->G.Z, 1 ) != 0 )
|
---|
| 363 | {
|
---|
| 364 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
---|
| 365 | }
|
---|
| 366 | }
|
---|
| 367 |
|
---|
| 368 | p += len;
|
---|
| 369 |
|
---|
| 370 | /*
|
---|
| 371 | * order INTEGER
|
---|
| 372 | */
|
---|
| 373 | if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 )
|
---|
| 374 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 375 |
|
---|
| 376 | grp->nbits = mbedtls_mpi_bitlen( &grp->N );
|
---|
| 377 |
|
---|
| 378 | /*
|
---|
| 379 | * Allow optional elements by purposefully not enforcing p == end here.
|
---|
| 380 | */
|
---|
| 381 |
|
---|
| 382 | return( 0 );
|
---|
| 383 | }
|
---|
| 384 |
|
---|
| 385 | /*
|
---|
| 386 | * Find the group id associated with an (almost filled) group as generated by
|
---|
| 387 | * pk_group_from_specified(), or return an error if unknown.
|
---|
| 388 | */
|
---|
| 389 | static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id )
|
---|
| 390 | {
|
---|
| 391 | int ret = 0;
|
---|
| 392 | mbedtls_ecp_group ref;
|
---|
| 393 | const mbedtls_ecp_group_id *id;
|
---|
| 394 |
|
---|
| 395 | mbedtls_ecp_group_init( &ref );
|
---|
| 396 |
|
---|
| 397 | for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ )
|
---|
| 398 | {
|
---|
| 399 | /* Load the group associated to that id */
|
---|
| 400 | mbedtls_ecp_group_free( &ref );
|
---|
| 401 | MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ref, *id ) );
|
---|
| 402 |
|
---|
| 403 | /* Compare to the group we were given, starting with easy tests */
|
---|
| 404 | if( grp->pbits == ref.pbits && grp->nbits == ref.nbits &&
|
---|
| 405 | mbedtls_mpi_cmp_mpi( &grp->P, &ref.P ) == 0 &&
|
---|
| 406 | mbedtls_mpi_cmp_mpi( &grp->A, &ref.A ) == 0 &&
|
---|
| 407 | mbedtls_mpi_cmp_mpi( &grp->B, &ref.B ) == 0 &&
|
---|
| 408 | mbedtls_mpi_cmp_mpi( &grp->N, &ref.N ) == 0 &&
|
---|
| 409 | mbedtls_mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 &&
|
---|
| 410 | mbedtls_mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 &&
|
---|
| 411 | /* For Y we may only know the parity bit, so compare only that */
|
---|
| 412 | mbedtls_mpi_get_bit( &grp->G.Y, 0 ) == mbedtls_mpi_get_bit( &ref.G.Y, 0 ) )
|
---|
| 413 | {
|
---|
| 414 | break;
|
---|
| 415 | }
|
---|
| 416 |
|
---|
| 417 | }
|
---|
| 418 |
|
---|
| 419 | cleanup:
|
---|
| 420 | mbedtls_ecp_group_free( &ref );
|
---|
| 421 |
|
---|
| 422 | *grp_id = *id;
|
---|
| 423 |
|
---|
| 424 | if( ret == 0 && *id == MBEDTLS_ECP_DP_NONE )
|
---|
| 425 | ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
|
---|
| 426 |
|
---|
| 427 | return( ret );
|
---|
| 428 | }
|
---|
| 429 |
|
---|
| 430 | /*
|
---|
| 431 | * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID
|
---|
| 432 | */
|
---|
| 433 | static int pk_group_id_from_specified( const mbedtls_asn1_buf *params,
|
---|
| 434 | mbedtls_ecp_group_id *grp_id )
|
---|
| 435 | {
|
---|
| 436 | int ret;
|
---|
| 437 | mbedtls_ecp_group grp;
|
---|
| 438 |
|
---|
| 439 | mbedtls_ecp_group_init( &grp );
|
---|
| 440 |
|
---|
| 441 | if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 )
|
---|
| 442 | goto cleanup;
|
---|
| 443 |
|
---|
| 444 | ret = pk_group_id_from_group( &grp, grp_id );
|
---|
| 445 |
|
---|
| 446 | cleanup:
|
---|
| 447 | mbedtls_ecp_group_free( &grp );
|
---|
| 448 |
|
---|
| 449 | return( ret );
|
---|
| 450 | }
|
---|
| 451 | #endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
|
---|
| 452 |
|
---|
| 453 | /*
|
---|
| 454 | * Use EC parameters to initialise an EC group
|
---|
| 455 | *
|
---|
| 456 | * ECParameters ::= CHOICE {
|
---|
| 457 | * namedCurve OBJECT IDENTIFIER
|
---|
| 458 | * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
|
---|
| 459 | * -- implicitCurve NULL
|
---|
| 460 | */
|
---|
| 461 | static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
|
---|
| 462 | {
|
---|
| 463 | int ret;
|
---|
| 464 | mbedtls_ecp_group_id grp_id;
|
---|
| 465 |
|
---|
| 466 | if( params->tag == MBEDTLS_ASN1_OID )
|
---|
| 467 | {
|
---|
| 468 | if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 )
|
---|
| 469 | return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE );
|
---|
| 470 | }
|
---|
| 471 | else
|
---|
| 472 | {
|
---|
| 473 | #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
|
---|
| 474 | if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 )
|
---|
| 475 | return( ret );
|
---|
| 476 | #else
|
---|
| 477 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
---|
| 478 | #endif
|
---|
| 479 | }
|
---|
| 480 |
|
---|
| 481 | /*
|
---|
| 482 | * grp may already be initilialized; if so, make sure IDs match
|
---|
| 483 | */
|
---|
| 484 | if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id )
|
---|
| 485 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
---|
| 486 |
|
---|
| 487 | if( ( ret = mbedtls_ecp_group_load( grp, grp_id ) ) != 0 )
|
---|
| 488 | return( ret );
|
---|
| 489 |
|
---|
| 490 | return( 0 );
|
---|
| 491 | }
|
---|
| 492 |
|
---|
| 493 | /*
|
---|
| 494 | * EC public key is an EC point
|
---|
| 495 | *
|
---|
| 496 | * The caller is responsible for clearing the structure upon failure if
|
---|
| 497 | * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE
|
---|
| 498 | * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state.
|
---|
| 499 | */
|
---|
| 500 | static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
|
---|
| 501 | mbedtls_ecp_keypair *key )
|
---|
| 502 | {
|
---|
| 503 | int ret;
|
---|
| 504 |
|
---|
| 505 | if( ( ret = mbedtls_ecp_point_read_binary( &key->grp, &key->Q,
|
---|
| 506 | (const unsigned char *) *p, end - *p ) ) == 0 )
|
---|
| 507 | {
|
---|
| 508 | ret = mbedtls_ecp_check_pubkey( &key->grp, &key->Q );
|
---|
| 509 | }
|
---|
| 510 |
|
---|
| 511 | /*
|
---|
| 512 | * We know mbedtls_ecp_point_read_binary consumed all bytes or failed
|
---|
| 513 | */
|
---|
| 514 | *p = (unsigned char *) end;
|
---|
| 515 |
|
---|
| 516 | return( ret );
|
---|
| 517 | }
|
---|
| 518 | #endif /* MBEDTLS_ECP_C */
|
---|
| 519 |
|
---|
| 520 | #if defined(MBEDTLS_RSA_C)
|
---|
| 521 | /*
|
---|
| 522 | * RSAPublicKey ::= SEQUENCE {
|
---|
| 523 | * modulus INTEGER, -- n
|
---|
| 524 | * publicExponent INTEGER -- e
|
---|
| 525 | * }
|
---|
| 526 | */
|
---|
| 527 | static int pk_get_rsapubkey( unsigned char **p,
|
---|
| 528 | const unsigned char *end,
|
---|
| 529 | mbedtls_rsa_context *rsa )
|
---|
| 530 | {
|
---|
| 531 | int ret;
|
---|
| 532 | size_t len;
|
---|
| 533 |
|
---|
| 534 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
|
---|
| 535 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
| 536 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
|
---|
| 537 |
|
---|
| 538 | if( *p + len != end )
|
---|
| 539 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
|
---|
| 540 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
| 541 |
|
---|
| 542 | /* Import N */
|
---|
| 543 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
|
---|
| 544 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
|
---|
| 545 |
|
---|
| 546 | if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0,
|
---|
| 547 | NULL, 0, NULL, 0 ) ) != 0 )
|
---|
| 548 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
|
---|
| 549 |
|
---|
| 550 | *p += len;
|
---|
| 551 |
|
---|
| 552 | /* Import E */
|
---|
| 553 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
|
---|
| 554 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
|
---|
| 555 |
|
---|
| 556 | if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
|
---|
| 557 | NULL, 0, *p, len ) ) != 0 )
|
---|
| 558 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
|
---|
| 559 |
|
---|
| 560 | *p += len;
|
---|
| 561 |
|
---|
| 562 | if( mbedtls_rsa_complete( rsa ) != 0 ||
|
---|
| 563 | mbedtls_rsa_check_pubkey( rsa ) != 0 )
|
---|
| 564 | {
|
---|
| 565 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
|
---|
| 566 | }
|
---|
| 567 |
|
---|
| 568 | if( *p != end )
|
---|
| 569 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
|
---|
| 570 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
| 571 |
|
---|
| 572 | return( 0 );
|
---|
| 573 | }
|
---|
| 574 | #endif /* MBEDTLS_RSA_C */
|
---|
| 575 |
|
---|
| 576 | /* Get a PK algorithm identifier
|
---|
| 577 | *
|
---|
| 578 | * AlgorithmIdentifier ::= SEQUENCE {
|
---|
| 579 | * algorithm OBJECT IDENTIFIER,
|
---|
| 580 | * parameters ANY DEFINED BY algorithm OPTIONAL }
|
---|
| 581 | */
|
---|
| 582 | static int pk_get_pk_alg( unsigned char **p,
|
---|
| 583 | const unsigned char *end,
|
---|
| 584 | mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params )
|
---|
| 585 | {
|
---|
| 586 | int ret;
|
---|
| 587 | mbedtls_asn1_buf alg_oid;
|
---|
| 588 |
|
---|
| 589 | memset( params, 0, sizeof(mbedtls_asn1_buf) );
|
---|
| 590 |
|
---|
| 591 | if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
|
---|
| 592 | return( MBEDTLS_ERR_PK_INVALID_ALG + ret );
|
---|
| 593 |
|
---|
| 594 | if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 )
|
---|
| 595 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
---|
| 596 |
|
---|
| 597 | /*
|
---|
| 598 | * No parameters with RSA (only for EC)
|
---|
| 599 | */
|
---|
| 600 | if( *pk_alg == MBEDTLS_PK_RSA &&
|
---|
| 601 | ( ( params->tag != MBEDTLS_ASN1_NULL && params->tag != 0 ) ||
|
---|
| 602 | params->len != 0 ) )
|
---|
| 603 | {
|
---|
| 604 | return( MBEDTLS_ERR_PK_INVALID_ALG );
|
---|
| 605 | }
|
---|
| 606 |
|
---|
| 607 | return( 0 );
|
---|
| 608 | }
|
---|
| 609 |
|
---|
| 610 | /*
|
---|
| 611 | * SubjectPublicKeyInfo ::= SEQUENCE {
|
---|
| 612 | * algorithm AlgorithmIdentifier,
|
---|
| 613 | * subjectPublicKey BIT STRING }
|
---|
| 614 | */
|
---|
| 615 | int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
|
---|
| 616 | mbedtls_pk_context *pk )
|
---|
| 617 | {
|
---|
| 618 | int ret;
|
---|
| 619 | size_t len;
|
---|
| 620 | mbedtls_asn1_buf alg_params;
|
---|
| 621 | mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
|
---|
| 622 | const mbedtls_pk_info_t *pk_info;
|
---|
| 623 |
|
---|
| 624 | PK_VALIDATE_RET( p != NULL );
|
---|
| 625 | PK_VALIDATE_RET( *p != NULL );
|
---|
| 626 | PK_VALIDATE_RET( end != NULL );
|
---|
| 627 | PK_VALIDATE_RET( pk != NULL );
|
---|
| 628 |
|
---|
| 629 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
|
---|
| 630 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
| 631 | {
|
---|
| 632 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 633 | }
|
---|
| 634 |
|
---|
| 635 | end = *p + len;
|
---|
| 636 |
|
---|
| 637 | if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
|
---|
| 638 | return( ret );
|
---|
| 639 |
|
---|
| 640 | if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
|
---|
| 641 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
|
---|
| 642 |
|
---|
| 643 | if( *p + len != end )
|
---|
| 644 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
|
---|
| 645 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
| 646 |
|
---|
| 647 | if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
|
---|
| 648 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
---|
| 649 |
|
---|
| 650 | if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
|
---|
| 651 | return( ret );
|
---|
| 652 |
|
---|
| 653 | #if defined(MBEDTLS_RSA_C)
|
---|
| 654 | if( pk_alg == MBEDTLS_PK_RSA )
|
---|
| 655 | {
|
---|
| 656 | ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) );
|
---|
| 657 | } else
|
---|
| 658 | #endif /* MBEDTLS_RSA_C */
|
---|
| 659 | #if defined(MBEDTLS_ECP_C)
|
---|
| 660 | if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY )
|
---|
| 661 | {
|
---|
| 662 | ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp );
|
---|
| 663 | if( ret == 0 )
|
---|
| 664 | ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) );
|
---|
| 665 | } else
|
---|
| 666 | #endif /* MBEDTLS_ECP_C */
|
---|
| 667 | ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
|
---|
| 668 |
|
---|
| 669 | if( ret == 0 && *p != end )
|
---|
| 670 | ret = MBEDTLS_ERR_PK_INVALID_PUBKEY
|
---|
| 671 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
|
---|
| 672 |
|
---|
| 673 | if( ret != 0 )
|
---|
| 674 | mbedtls_pk_free( pk );
|
---|
| 675 |
|
---|
| 676 | return( ret );
|
---|
| 677 | }
|
---|
| 678 |
|
---|
| 679 | #if defined(MBEDTLS_RSA_C)
|
---|
| 680 | /*
|
---|
| 681 | * Parse a PKCS#1 encoded private RSA key
|
---|
| 682 | */
|
---|
| 683 | static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
|
---|
| 684 | const unsigned char *key,
|
---|
| 685 | size_t keylen )
|
---|
| 686 | {
|
---|
| 687 | int ret, version;
|
---|
| 688 | size_t len;
|
---|
| 689 | unsigned char *p, *end;
|
---|
| 690 |
|
---|
| 691 | mbedtls_mpi T;
|
---|
| 692 | mbedtls_mpi_init( &T );
|
---|
| 693 |
|
---|
| 694 | p = (unsigned char *) key;
|
---|
| 695 | end = p + keylen;
|
---|
| 696 |
|
---|
| 697 | /*
|
---|
| 698 | * This function parses the RSAPrivateKey (PKCS#1)
|
---|
| 699 | *
|
---|
| 700 | * RSAPrivateKey ::= SEQUENCE {
|
---|
| 701 | * version Version,
|
---|
| 702 | * modulus INTEGER, -- n
|
---|
| 703 | * publicExponent INTEGER, -- e
|
---|
| 704 | * privateExponent INTEGER, -- d
|
---|
| 705 | * prime1 INTEGER, -- p
|
---|
| 706 | * prime2 INTEGER, -- q
|
---|
| 707 | * exponent1 INTEGER, -- d mod (p-1)
|
---|
| 708 | * exponent2 INTEGER, -- d mod (q-1)
|
---|
| 709 | * coefficient INTEGER, -- (inverse of q) mod p
|
---|
| 710 | * otherPrimeInfos OtherPrimeInfos OPTIONAL
|
---|
| 711 | * }
|
---|
| 712 | */
|
---|
| 713 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
| 714 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
| 715 | {
|
---|
| 716 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 717 | }
|
---|
| 718 |
|
---|
| 719 | end = p + len;
|
---|
| 720 |
|
---|
| 721 | if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
|
---|
| 722 | {
|
---|
| 723 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 724 | }
|
---|
| 725 |
|
---|
| 726 | if( version != 0 )
|
---|
| 727 | {
|
---|
| 728 | return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
|
---|
| 729 | }
|
---|
| 730 |
|
---|
| 731 | /* Import N */
|
---|
| 732 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
| 733 | MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
---|
| 734 | ( ret = mbedtls_rsa_import_raw( rsa, p, len, NULL, 0, NULL, 0,
|
---|
| 735 | NULL, 0, NULL, 0 ) ) != 0 )
|
---|
| 736 | goto cleanup;
|
---|
| 737 | p += len;
|
---|
| 738 |
|
---|
| 739 | /* Import E */
|
---|
| 740 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
| 741 | MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
---|
| 742 | ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
|
---|
| 743 | NULL, 0, p, len ) ) != 0 )
|
---|
| 744 | goto cleanup;
|
---|
| 745 | p += len;
|
---|
| 746 |
|
---|
| 747 | /* Import D */
|
---|
| 748 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
| 749 | MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
---|
| 750 | ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
|
---|
| 751 | p, len, NULL, 0 ) ) != 0 )
|
---|
| 752 | goto cleanup;
|
---|
| 753 | p += len;
|
---|
| 754 |
|
---|
| 755 | /* Import P */
|
---|
| 756 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
| 757 | MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
---|
| 758 | ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, p, len, NULL, 0,
|
---|
| 759 | NULL, 0, NULL, 0 ) ) != 0 )
|
---|
| 760 | goto cleanup;
|
---|
| 761 | p += len;
|
---|
| 762 |
|
---|
| 763 | /* Import Q */
|
---|
| 764 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
| 765 | MBEDTLS_ASN1_INTEGER ) ) != 0 ||
|
---|
| 766 | ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, p, len,
|
---|
| 767 | NULL, 0, NULL, 0 ) ) != 0 )
|
---|
| 768 | goto cleanup;
|
---|
| 769 | p += len;
|
---|
| 770 |
|
---|
| 771 | /* Complete the RSA private key */
|
---|
| 772 | if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 )
|
---|
| 773 | goto cleanup;
|
---|
| 774 |
|
---|
| 775 | /* Check optional parameters */
|
---|
| 776 | if( ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
|
---|
| 777 | ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
|
---|
| 778 | ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 )
|
---|
| 779 | goto cleanup;
|
---|
| 780 |
|
---|
| 781 | if( p != end )
|
---|
| 782 | {
|
---|
| 783 | ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
|
---|
| 784 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ;
|
---|
| 785 | }
|
---|
| 786 |
|
---|
| 787 | cleanup:
|
---|
| 788 |
|
---|
| 789 | mbedtls_mpi_free( &T );
|
---|
| 790 |
|
---|
| 791 | if( ret != 0 )
|
---|
| 792 | {
|
---|
| 793 | /* Wrap error code if it's coming from a lower level */
|
---|
| 794 | if( ( ret & 0xff80 ) == 0 )
|
---|
| 795 | ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret;
|
---|
| 796 | else
|
---|
| 797 | ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
|
---|
| 798 |
|
---|
| 799 | mbedtls_rsa_free( rsa );
|
---|
| 800 | }
|
---|
| 801 |
|
---|
| 802 | return( ret );
|
---|
| 803 | }
|
---|
| 804 | #endif /* MBEDTLS_RSA_C */
|
---|
| 805 |
|
---|
| 806 | #if defined(MBEDTLS_ECP_C)
|
---|
| 807 | /*
|
---|
| 808 | * Parse a SEC1 encoded private EC key
|
---|
| 809 | */
|
---|
| 810 | static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
|
---|
| 811 | const unsigned char *key,
|
---|
| 812 | size_t keylen )
|
---|
| 813 | {
|
---|
| 814 | int ret;
|
---|
| 815 | int version, pubkey_done;
|
---|
| 816 | size_t len;
|
---|
| 817 | mbedtls_asn1_buf params;
|
---|
| 818 | unsigned char *p = (unsigned char *) key;
|
---|
| 819 | unsigned char *end = p + keylen;
|
---|
| 820 | unsigned char *end2;
|
---|
| 821 |
|
---|
| 822 | /*
|
---|
| 823 | * RFC 5915, or SEC1 Appendix C.4
|
---|
| 824 | *
|
---|
| 825 | * ECPrivateKey ::= SEQUENCE {
|
---|
| 826 | * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
|
---|
| 827 | * privateKey OCTET STRING,
|
---|
| 828 | * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
|
---|
| 829 | * publicKey [1] BIT STRING OPTIONAL
|
---|
| 830 | * }
|
---|
| 831 | */
|
---|
| 832 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
| 833 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
| 834 | {
|
---|
| 835 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 836 | }
|
---|
| 837 |
|
---|
| 838 | end = p + len;
|
---|
| 839 |
|
---|
| 840 | if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
|
---|
| 841 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 842 |
|
---|
| 843 | if( version != 1 )
|
---|
| 844 | return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
|
---|
| 845 |
|
---|
| 846 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
|
---|
| 847 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 848 |
|
---|
| 849 | if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 )
|
---|
| 850 | {
|
---|
| 851 | mbedtls_ecp_keypair_free( eck );
|
---|
| 852 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 853 | }
|
---|
| 854 |
|
---|
| 855 | p += len;
|
---|
| 856 |
|
---|
| 857 | pubkey_done = 0;
|
---|
| 858 | if( p != end )
|
---|
| 859 | {
|
---|
| 860 | /*
|
---|
| 861 | * Is 'parameters' present?
|
---|
| 862 | */
|
---|
| 863 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
| 864 | MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
|
---|
| 865 | {
|
---|
| 866 | if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 ||
|
---|
| 867 | ( ret = pk_use_ecparams( ¶ms, &eck->grp ) ) != 0 )
|
---|
| 868 | {
|
---|
| 869 | mbedtls_ecp_keypair_free( eck );
|
---|
| 870 | return( ret );
|
---|
| 871 | }
|
---|
| 872 | }
|
---|
| 873 | else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
|
---|
| 874 | {
|
---|
| 875 | mbedtls_ecp_keypair_free( eck );
|
---|
| 876 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 877 | }
|
---|
| 878 | }
|
---|
| 879 |
|
---|
| 880 | if( p != end )
|
---|
| 881 | {
|
---|
| 882 | /*
|
---|
| 883 | * Is 'publickey' present? If not, or if we can't read it (eg because it
|
---|
| 884 | * is compressed), create it from the private key.
|
---|
| 885 | */
|
---|
| 886 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
| 887 | MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
|
---|
| 888 | {
|
---|
| 889 | end2 = p + len;
|
---|
| 890 |
|
---|
| 891 | if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
|
---|
| 892 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 893 |
|
---|
| 894 | if( p + len != end2 )
|
---|
| 895 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
|
---|
| 896 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
---|
| 897 |
|
---|
| 898 | if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
|
---|
| 899 | pubkey_done = 1;
|
---|
| 900 | else
|
---|
| 901 | {
|
---|
| 902 | /*
|
---|
| 903 | * The only acceptable failure mode of pk_get_ecpubkey() above
|
---|
| 904 | * is if the point format is not recognized.
|
---|
| 905 | */
|
---|
| 906 | if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE )
|
---|
| 907 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
---|
| 908 | }
|
---|
| 909 | }
|
---|
| 910 | else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
|
---|
| 911 | {
|
---|
| 912 | mbedtls_ecp_keypair_free( eck );
|
---|
| 913 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 914 | }
|
---|
| 915 | }
|
---|
| 916 |
|
---|
| 917 | if( ! pubkey_done &&
|
---|
| 918 | ( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
|
---|
| 919 | NULL, NULL ) ) != 0 )
|
---|
| 920 | {
|
---|
| 921 | mbedtls_ecp_keypair_free( eck );
|
---|
| 922 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 923 | }
|
---|
| 924 |
|
---|
| 925 | if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
|
---|
| 926 | {
|
---|
| 927 | mbedtls_ecp_keypair_free( eck );
|
---|
| 928 | return( ret );
|
---|
| 929 | }
|
---|
| 930 |
|
---|
| 931 | return( 0 );
|
---|
| 932 | }
|
---|
| 933 | #endif /* MBEDTLS_ECP_C */
|
---|
| 934 |
|
---|
| 935 | /*
|
---|
| 936 | * Parse an unencrypted PKCS#8 encoded private key
|
---|
| 937 | *
|
---|
| 938 | * Notes:
|
---|
| 939 | *
|
---|
| 940 | * - This function does not own the key buffer. It is the
|
---|
| 941 | * responsibility of the caller to take care of zeroizing
|
---|
| 942 | * and freeing it after use.
|
---|
| 943 | *
|
---|
| 944 | * - The function is responsible for freeing the provided
|
---|
| 945 | * PK context on failure.
|
---|
| 946 | *
|
---|
| 947 | */
|
---|
| 948 | static int pk_parse_key_pkcs8_unencrypted_der(
|
---|
| 949 | mbedtls_pk_context *pk,
|
---|
| 950 | const unsigned char* key,
|
---|
| 951 | size_t keylen )
|
---|
| 952 | {
|
---|
| 953 | int ret, version;
|
---|
| 954 | size_t len;
|
---|
| 955 | mbedtls_asn1_buf params;
|
---|
| 956 | unsigned char *p = (unsigned char *) key;
|
---|
| 957 | unsigned char *end = p + keylen;
|
---|
| 958 | mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
|
---|
| 959 | const mbedtls_pk_info_t *pk_info;
|
---|
| 960 |
|
---|
| 961 | /*
|
---|
| 962 | * This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208)
|
---|
| 963 | *
|
---|
| 964 | * PrivateKeyInfo ::= SEQUENCE {
|
---|
| 965 | * version Version,
|
---|
| 966 | * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
|
---|
| 967 | * privateKey PrivateKey,
|
---|
| 968 | * attributes [0] IMPLICIT Attributes OPTIONAL }
|
---|
| 969 | *
|
---|
| 970 | * Version ::= INTEGER
|
---|
| 971 | * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
|
---|
| 972 | * PrivateKey ::= OCTET STRING
|
---|
| 973 | *
|
---|
| 974 | * The PrivateKey OCTET STRING is a SEC1 ECPrivateKey
|
---|
| 975 | */
|
---|
| 976 |
|
---|
| 977 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
| 978 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
| 979 | {
|
---|
| 980 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 981 | }
|
---|
| 982 |
|
---|
| 983 | end = p + len;
|
---|
| 984 |
|
---|
| 985 | if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
|
---|
| 986 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 987 |
|
---|
| 988 | if( version != 0 )
|
---|
| 989 | return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret );
|
---|
| 990 |
|
---|
| 991 | if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 )
|
---|
| 992 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 993 |
|
---|
| 994 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
|
---|
| 995 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 996 |
|
---|
| 997 | if( len < 1 )
|
---|
| 998 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
|
---|
| 999 | MBEDTLS_ERR_ASN1_OUT_OF_DATA );
|
---|
| 1000 |
|
---|
| 1001 | if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
|
---|
| 1002 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
---|
| 1003 |
|
---|
| 1004 | if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
|
---|
| 1005 | return( ret );
|
---|
| 1006 |
|
---|
| 1007 | #if defined(MBEDTLS_RSA_C)
|
---|
| 1008 | if( pk_alg == MBEDTLS_PK_RSA )
|
---|
| 1009 | {
|
---|
| 1010 | if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 )
|
---|
| 1011 | {
|
---|
| 1012 | mbedtls_pk_free( pk );
|
---|
| 1013 | return( ret );
|
---|
| 1014 | }
|
---|
| 1015 | } else
|
---|
| 1016 | #endif /* MBEDTLS_RSA_C */
|
---|
| 1017 | #if defined(MBEDTLS_ECP_C)
|
---|
| 1018 | if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )
|
---|
| 1019 | {
|
---|
| 1020 | if( ( ret = pk_use_ecparams( ¶ms, &mbedtls_pk_ec( *pk )->grp ) ) != 0 ||
|
---|
| 1021 | ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len ) ) != 0 )
|
---|
| 1022 | {
|
---|
| 1023 | mbedtls_pk_free( pk );
|
---|
| 1024 | return( ret );
|
---|
| 1025 | }
|
---|
| 1026 | } else
|
---|
| 1027 | #endif /* MBEDTLS_ECP_C */
|
---|
| 1028 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
---|
| 1029 |
|
---|
| 1030 | return( 0 );
|
---|
| 1031 | }
|
---|
| 1032 |
|
---|
| 1033 | /*
|
---|
| 1034 | * Parse an encrypted PKCS#8 encoded private key
|
---|
| 1035 | *
|
---|
| 1036 | * To save space, the decryption happens in-place on the given key buffer.
|
---|
| 1037 | * Also, while this function may modify the keybuffer, it doesn't own it,
|
---|
| 1038 | * and instead it is the responsibility of the caller to zeroize and properly
|
---|
| 1039 | * free it after use.
|
---|
| 1040 | *
|
---|
| 1041 | */
|
---|
| 1042 | #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
|
---|
| 1043 | static int pk_parse_key_pkcs8_encrypted_der(
|
---|
| 1044 | mbedtls_pk_context *pk,
|
---|
| 1045 | unsigned char *key, size_t keylen,
|
---|
| 1046 | const unsigned char *pwd, size_t pwdlen )
|
---|
| 1047 | {
|
---|
| 1048 | int ret, decrypted = 0;
|
---|
| 1049 | size_t len;
|
---|
| 1050 | unsigned char *buf;
|
---|
| 1051 | unsigned char *p, *end;
|
---|
| 1052 | mbedtls_asn1_buf pbe_alg_oid, pbe_params;
|
---|
| 1053 | #if defined(MBEDTLS_PKCS12_C)
|
---|
| 1054 | mbedtls_cipher_type_t cipher_alg;
|
---|
| 1055 | mbedtls_md_type_t md_alg;
|
---|
| 1056 | #endif
|
---|
| 1057 |
|
---|
| 1058 | p = key;
|
---|
| 1059 | end = p + keylen;
|
---|
| 1060 |
|
---|
| 1061 | if( pwdlen == 0 )
|
---|
| 1062 | return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
|
---|
| 1063 |
|
---|
| 1064 | /*
|
---|
| 1065 | * This function parses the EncryptedPrivateKeyInfo object (PKCS#8)
|
---|
| 1066 | *
|
---|
| 1067 | * EncryptedPrivateKeyInfo ::= SEQUENCE {
|
---|
| 1068 | * encryptionAlgorithm EncryptionAlgorithmIdentifier,
|
---|
| 1069 | * encryptedData EncryptedData
|
---|
| 1070 | * }
|
---|
| 1071 | *
|
---|
| 1072 | * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
|
---|
| 1073 | *
|
---|
| 1074 | * EncryptedData ::= OCTET STRING
|
---|
| 1075 | *
|
---|
| 1076 | * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
|
---|
| 1077 | *
|
---|
| 1078 | */
|
---|
| 1079 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
---|
| 1080 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
---|
| 1081 | {
|
---|
| 1082 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 1083 | }
|
---|
| 1084 |
|
---|
| 1085 | end = p + len;
|
---|
| 1086 |
|
---|
| 1087 | if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
|
---|
| 1088 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 1089 |
|
---|
| 1090 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
|
---|
| 1091 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
---|
| 1092 |
|
---|
| 1093 | buf = p;
|
---|
| 1094 |
|
---|
| 1095 | /*
|
---|
| 1096 | * Decrypt EncryptedData with appropriate PBE
|
---|
| 1097 | */
|
---|
| 1098 | #if defined(MBEDTLS_PKCS12_C)
|
---|
| 1099 | if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
|
---|
| 1100 | {
|
---|
| 1101 | if( ( ret = mbedtls_pkcs12_pbe( &pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
|
---|
| 1102 | cipher_alg, md_alg,
|
---|
| 1103 | pwd, pwdlen, p, len, buf ) ) != 0 )
|
---|
| 1104 | {
|
---|
| 1105 | if( ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH )
|
---|
| 1106 | return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
|
---|
| 1107 |
|
---|
| 1108 | return( ret );
|
---|
| 1109 | }
|
---|
| 1110 |
|
---|
| 1111 | decrypted = 1;
|
---|
| 1112 | }
|
---|
| 1113 | else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 )
|
---|
| 1114 | {
|
---|
| 1115 | if( ( ret = mbedtls_pkcs12_pbe_sha1_rc4_128( &pbe_params,
|
---|
| 1116 | MBEDTLS_PKCS12_PBE_DECRYPT,
|
---|
| 1117 | pwd, pwdlen,
|
---|
| 1118 | p, len, buf ) ) != 0 )
|
---|
| 1119 | {
|
---|
| 1120 | return( ret );
|
---|
| 1121 | }
|
---|
| 1122 |
|
---|
| 1123 | // Best guess for password mismatch when using RC4. If first tag is
|
---|
| 1124 | // not MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE
|
---|
| 1125 | //
|
---|
| 1126 | if( *buf != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
|
---|
| 1127 | return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
|
---|
| 1128 |
|
---|
| 1129 | decrypted = 1;
|
---|
| 1130 | }
|
---|
| 1131 | else
|
---|
| 1132 | #endif /* MBEDTLS_PKCS12_C */
|
---|
| 1133 | #if defined(MBEDTLS_PKCS5_C)
|
---|
| 1134 | if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid ) == 0 )
|
---|
| 1135 | {
|
---|
| 1136 | if( ( ret = mbedtls_pkcs5_pbes2( &pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen,
|
---|
| 1137 | p, len, buf ) ) != 0 )
|
---|
| 1138 | {
|
---|
| 1139 | if( ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH )
|
---|
| 1140 | return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
|
---|
| 1141 |
|
---|
| 1142 | return( ret );
|
---|
| 1143 | }
|
---|
| 1144 |
|
---|
| 1145 | decrypted = 1;
|
---|
| 1146 | }
|
---|
| 1147 | else
|
---|
| 1148 | #endif /* MBEDTLS_PKCS5_C */
|
---|
| 1149 | {
|
---|
| 1150 | ((void) pwd);
|
---|
| 1151 | }
|
---|
| 1152 |
|
---|
| 1153 | if( decrypted == 0 )
|
---|
| 1154 | return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
---|
| 1155 |
|
---|
| 1156 | return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
|
---|
| 1157 | }
|
---|
| 1158 | #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
|
---|
| 1159 |
|
---|
| 1160 | /*
|
---|
| 1161 | * Parse a private key
|
---|
| 1162 | */
|
---|
| 1163 | int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
---|
| 1164 | const unsigned char *key, size_t keylen,
|
---|
| 1165 | const unsigned char *pwd, size_t pwdlen )
|
---|
| 1166 | {
|
---|
| 1167 | int ret;
|
---|
| 1168 | const mbedtls_pk_info_t *pk_info;
|
---|
| 1169 | #if defined(MBEDTLS_PEM_PARSE_C)
|
---|
| 1170 | size_t len;
|
---|
| 1171 | mbedtls_pem_context pem;
|
---|
| 1172 | #endif
|
---|
| 1173 |
|
---|
| 1174 | PK_VALIDATE_RET( pk != NULL );
|
---|
| 1175 | if( keylen == 0 )
|
---|
| 1176 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
---|
| 1177 | PK_VALIDATE_RET( key != NULL );
|
---|
| 1178 |
|
---|
| 1179 | #if defined(MBEDTLS_PEM_PARSE_C)
|
---|
| 1180 | mbedtls_pem_init( &pem );
|
---|
| 1181 |
|
---|
| 1182 | #if defined(MBEDTLS_RSA_C)
|
---|
| 1183 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
---|
| 1184 | if( key[keylen - 1] != '\0' )
|
---|
| 1185 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
---|
| 1186 | else
|
---|
| 1187 | ret = mbedtls_pem_read_buffer( &pem,
|
---|
| 1188 | "-----BEGIN RSA PRIVATE KEY-----",
|
---|
| 1189 | "-----END RSA PRIVATE KEY-----",
|
---|
| 1190 | key, pwd, pwdlen, &len );
|
---|
| 1191 |
|
---|
| 1192 | if( ret == 0 )
|
---|
| 1193 | {
|
---|
| 1194 | pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
|
---|
| 1195 | if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
|
---|
| 1196 | ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
|
---|
| 1197 | pem.buf, pem.buflen ) ) != 0 )
|
---|
| 1198 | {
|
---|
| 1199 | mbedtls_pk_free( pk );
|
---|
| 1200 | }
|
---|
| 1201 |
|
---|
| 1202 | mbedtls_pem_free( &pem );
|
---|
| 1203 | return( ret );
|
---|
| 1204 | }
|
---|
| 1205 | else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
|
---|
| 1206 | return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
|
---|
| 1207 | else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
|
---|
| 1208 | return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
|
---|
| 1209 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
---|
| 1210 | return( ret );
|
---|
| 1211 | #endif /* MBEDTLS_RSA_C */
|
---|
| 1212 |
|
---|
| 1213 | #if defined(MBEDTLS_ECP_C)
|
---|
| 1214 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
---|
| 1215 | if( key[keylen - 1] != '\0' )
|
---|
| 1216 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
---|
| 1217 | else
|
---|
| 1218 | ret = mbedtls_pem_read_buffer( &pem,
|
---|
| 1219 | "-----BEGIN EC PRIVATE KEY-----",
|
---|
| 1220 | "-----END EC PRIVATE KEY-----",
|
---|
| 1221 | key, pwd, pwdlen, &len );
|
---|
| 1222 | if( ret == 0 )
|
---|
| 1223 | {
|
---|
| 1224 | pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
|
---|
| 1225 |
|
---|
| 1226 | if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
|
---|
| 1227 | ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
|
---|
| 1228 | pem.buf, pem.buflen ) ) != 0 )
|
---|
| 1229 | {
|
---|
| 1230 | mbedtls_pk_free( pk );
|
---|
| 1231 | }
|
---|
| 1232 |
|
---|
| 1233 | mbedtls_pem_free( &pem );
|
---|
| 1234 | return( ret );
|
---|
| 1235 | }
|
---|
| 1236 | else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
|
---|
| 1237 | return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
|
---|
| 1238 | else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
|
---|
| 1239 | return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
|
---|
| 1240 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
---|
| 1241 | return( ret );
|
---|
| 1242 | #endif /* MBEDTLS_ECP_C */
|
---|
| 1243 |
|
---|
| 1244 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
---|
| 1245 | if( key[keylen - 1] != '\0' )
|
---|
| 1246 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
---|
| 1247 | else
|
---|
| 1248 | ret = mbedtls_pem_read_buffer( &pem,
|
---|
| 1249 | "-----BEGIN PRIVATE KEY-----",
|
---|
| 1250 | "-----END PRIVATE KEY-----",
|
---|
| 1251 | key, NULL, 0, &len );
|
---|
| 1252 | if( ret == 0 )
|
---|
| 1253 | {
|
---|
| 1254 | if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
|
---|
| 1255 | pem.buf, pem.buflen ) ) != 0 )
|
---|
| 1256 | {
|
---|
| 1257 | mbedtls_pk_free( pk );
|
---|
| 1258 | }
|
---|
| 1259 |
|
---|
| 1260 | mbedtls_pem_free( &pem );
|
---|
| 1261 | return( ret );
|
---|
| 1262 | }
|
---|
| 1263 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
---|
| 1264 | return( ret );
|
---|
| 1265 |
|
---|
| 1266 | #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
|
---|
| 1267 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
---|
| 1268 | if( key[keylen - 1] != '\0' )
|
---|
| 1269 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
---|
| 1270 | else
|
---|
| 1271 | ret = mbedtls_pem_read_buffer( &pem,
|
---|
| 1272 | "-----BEGIN ENCRYPTED PRIVATE KEY-----",
|
---|
| 1273 | "-----END ENCRYPTED PRIVATE KEY-----",
|
---|
| 1274 | key, NULL, 0, &len );
|
---|
| 1275 | if( ret == 0 )
|
---|
| 1276 | {
|
---|
| 1277 | if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
|
---|
| 1278 | pem.buf, pem.buflen,
|
---|
| 1279 | pwd, pwdlen ) ) != 0 )
|
---|
| 1280 | {
|
---|
| 1281 | mbedtls_pk_free( pk );
|
---|
| 1282 | }
|
---|
| 1283 |
|
---|
| 1284 | mbedtls_pem_free( &pem );
|
---|
| 1285 | return( ret );
|
---|
| 1286 | }
|
---|
| 1287 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
---|
| 1288 | return( ret );
|
---|
| 1289 | #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
|
---|
| 1290 | #else
|
---|
| 1291 | ((void) pwd);
|
---|
| 1292 | ((void) pwdlen);
|
---|
| 1293 | #endif /* MBEDTLS_PEM_PARSE_C */
|
---|
| 1294 |
|
---|
| 1295 | /*
|
---|
| 1296 | * At this point we only know it's not a PEM formatted key. Could be any
|
---|
| 1297 | * of the known DER encoded private key formats
|
---|
| 1298 | *
|
---|
| 1299 | * We try the different DER format parsers to see if one passes without
|
---|
| 1300 | * error
|
---|
| 1301 | */
|
---|
| 1302 | #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
|
---|
| 1303 | {
|
---|
| 1304 | unsigned char *key_copy;
|
---|
| 1305 |
|
---|
| 1306 | if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
|
---|
| 1307 | return( MBEDTLS_ERR_PK_ALLOC_FAILED );
|
---|
| 1308 |
|
---|
| 1309 | memcpy( key_copy, key, keylen );
|
---|
| 1310 |
|
---|
| 1311 | ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
|
---|
| 1312 | pwd, pwdlen );
|
---|
| 1313 |
|
---|
| 1314 | mbedtls_platform_zeroize( key_copy, keylen );
|
---|
| 1315 | mbedtls_free( key_copy );
|
---|
| 1316 | }
|
---|
| 1317 |
|
---|
| 1318 | if( ret == 0 )
|
---|
| 1319 | return( 0 );
|
---|
| 1320 |
|
---|
| 1321 | mbedtls_pk_free( pk );
|
---|
| 1322 | mbedtls_pk_init( pk );
|
---|
| 1323 |
|
---|
| 1324 | if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )
|
---|
| 1325 | {
|
---|
| 1326 | return( ret );
|
---|
| 1327 | }
|
---|
| 1328 | #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
|
---|
| 1329 |
|
---|
| 1330 | if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
|
---|
| 1331 | return( 0 );
|
---|
| 1332 |
|
---|
| 1333 | mbedtls_pk_free( pk );
|
---|
| 1334 | mbedtls_pk_init( pk );
|
---|
| 1335 |
|
---|
| 1336 | #if defined(MBEDTLS_RSA_C)
|
---|
| 1337 |
|
---|
| 1338 | pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
|
---|
| 1339 | if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
|
---|
| 1340 | pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) == 0 )
|
---|
| 1341 | {
|
---|
| 1342 | return( 0 );
|
---|
| 1343 | }
|
---|
| 1344 |
|
---|
| 1345 | mbedtls_pk_free( pk );
|
---|
| 1346 | mbedtls_pk_init( pk );
|
---|
| 1347 | #endif /* MBEDTLS_RSA_C */
|
---|
| 1348 |
|
---|
| 1349 | #if defined(MBEDTLS_ECP_C)
|
---|
| 1350 | pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
|
---|
| 1351 | if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
|
---|
| 1352 | pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
|
---|
| 1353 | key, keylen ) == 0 )
|
---|
| 1354 | {
|
---|
| 1355 | return( 0 );
|
---|
| 1356 | }
|
---|
| 1357 | mbedtls_pk_free( pk );
|
---|
| 1358 | #endif /* MBEDTLS_ECP_C */
|
---|
| 1359 |
|
---|
| 1360 | /* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_C isn't,
|
---|
| 1361 | * it is ok to leave the PK context initialized but not
|
---|
| 1362 | * freed: It is the caller's responsibility to call pk_init()
|
---|
| 1363 | * before calling this function, and to call pk_free()
|
---|
| 1364 | * when it fails. If MBEDTLS_ECP_C is defined but MBEDTLS_RSA_C
|
---|
| 1365 | * isn't, this leads to mbedtls_pk_free() being called
|
---|
| 1366 | * twice, once here and once by the caller, but this is
|
---|
| 1367 | * also ok and in line with the mbedtls_pk_free() calls
|
---|
| 1368 | * on failed PEM parsing attempts. */
|
---|
| 1369 |
|
---|
| 1370 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
---|
| 1371 | }
|
---|
| 1372 |
|
---|
| 1373 | /*
|
---|
| 1374 | * Parse a public key
|
---|
| 1375 | */
|
---|
| 1376 | int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
|
---|
| 1377 | const unsigned char *key, size_t keylen )
|
---|
| 1378 | {
|
---|
| 1379 | int ret;
|
---|
| 1380 | unsigned char *p;
|
---|
| 1381 | #if defined(MBEDTLS_RSA_C)
|
---|
| 1382 | const mbedtls_pk_info_t *pk_info;
|
---|
| 1383 | #endif
|
---|
| 1384 | #if defined(MBEDTLS_PEM_PARSE_C)
|
---|
| 1385 | size_t len;
|
---|
| 1386 | mbedtls_pem_context pem;
|
---|
| 1387 | #endif
|
---|
| 1388 |
|
---|
| 1389 | PK_VALIDATE_RET( ctx != NULL );
|
---|
| 1390 | if( keylen == 0 )
|
---|
| 1391 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
---|
| 1392 | PK_VALIDATE_RET( key != NULL || keylen == 0 );
|
---|
| 1393 |
|
---|
| 1394 | #if defined(MBEDTLS_PEM_PARSE_C)
|
---|
| 1395 | mbedtls_pem_init( &pem );
|
---|
| 1396 | #if defined(MBEDTLS_RSA_C)
|
---|
| 1397 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
---|
| 1398 | if( key[keylen - 1] != '\0' )
|
---|
| 1399 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
---|
| 1400 | else
|
---|
| 1401 | ret = mbedtls_pem_read_buffer( &pem,
|
---|
| 1402 | "-----BEGIN RSA PUBLIC KEY-----",
|
---|
| 1403 | "-----END RSA PUBLIC KEY-----",
|
---|
| 1404 | key, NULL, 0, &len );
|
---|
| 1405 |
|
---|
| 1406 | if( ret == 0 )
|
---|
| 1407 | {
|
---|
| 1408 | p = pem.buf;
|
---|
| 1409 | if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
|
---|
| 1410 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
---|
| 1411 |
|
---|
| 1412 | if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
|
---|
| 1413 | return( ret );
|
---|
| 1414 |
|
---|
| 1415 | if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 )
|
---|
| 1416 | mbedtls_pk_free( ctx );
|
---|
| 1417 |
|
---|
| 1418 | mbedtls_pem_free( &pem );
|
---|
| 1419 | return( ret );
|
---|
| 1420 | }
|
---|
| 1421 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
---|
| 1422 | {
|
---|
| 1423 | mbedtls_pem_free( &pem );
|
---|
| 1424 | return( ret );
|
---|
| 1425 | }
|
---|
| 1426 | #endif /* MBEDTLS_RSA_C */
|
---|
| 1427 |
|
---|
| 1428 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
---|
| 1429 | if( key[keylen - 1] != '\0' )
|
---|
| 1430 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
---|
| 1431 | else
|
---|
| 1432 | ret = mbedtls_pem_read_buffer( &pem,
|
---|
| 1433 | "-----BEGIN PUBLIC KEY-----",
|
---|
| 1434 | "-----END PUBLIC KEY-----",
|
---|
| 1435 | key, NULL, 0, &len );
|
---|
| 1436 |
|
---|
| 1437 | if( ret == 0 )
|
---|
| 1438 | {
|
---|
| 1439 | /*
|
---|
| 1440 | * Was PEM encoded
|
---|
| 1441 | */
|
---|
| 1442 | p = pem.buf;
|
---|
| 1443 |
|
---|
| 1444 | ret = mbedtls_pk_parse_subpubkey( &p, p + pem.buflen, ctx );
|
---|
| 1445 | mbedtls_pem_free( &pem );
|
---|
| 1446 | return( ret );
|
---|
| 1447 | }
|
---|
| 1448 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
---|
| 1449 | {
|
---|
| 1450 | mbedtls_pem_free( &pem );
|
---|
| 1451 | return( ret );
|
---|
| 1452 | }
|
---|
| 1453 | mbedtls_pem_free( &pem );
|
---|
| 1454 | #endif /* MBEDTLS_PEM_PARSE_C */
|
---|
| 1455 |
|
---|
| 1456 | #if defined(MBEDTLS_RSA_C)
|
---|
| 1457 | if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
|
---|
| 1458 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
---|
| 1459 |
|
---|
| 1460 | if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
|
---|
| 1461 | return( ret );
|
---|
| 1462 |
|
---|
| 1463 | p = (unsigned char *)key;
|
---|
| 1464 | ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) );
|
---|
| 1465 | if( ret == 0 )
|
---|
| 1466 | {
|
---|
| 1467 | return( ret );
|
---|
| 1468 | }
|
---|
| 1469 | mbedtls_pk_free( ctx );
|
---|
| 1470 | if( ret != ( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
|
---|
| 1471 | {
|
---|
| 1472 | return( ret );
|
---|
| 1473 | }
|
---|
| 1474 | #endif /* MBEDTLS_RSA_C */
|
---|
| 1475 | p = (unsigned char *) key;
|
---|
| 1476 |
|
---|
| 1477 | ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx );
|
---|
| 1478 |
|
---|
| 1479 | return( ret );
|
---|
| 1480 | }
|
---|
| 1481 |
|
---|
| 1482 | #endif /* MBEDTLS_PK_PARSE_C */
|
---|