1 /*
2 * Public Key layer for parsing key files and structures
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: GPL-2.0
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * This file is part of mbed TLS (https://tls.mbed.org)
22 */
23
24 #if !defined(MBEDTLS_CONFIG_FILE)
25 #include "mbedtls/config.h"
26 #else
27 #include MBEDTLS_CONFIG_FILE
28 #endif
29
30 #if defined(MBEDTLS_PK_PARSE_C)
31
32 #include "mbedtls/pk.h"
33 #include "mbedtls/asn1.h"
34 #include "mbedtls/oid.h"
35 #include "mbedtls/platform_util.h"
36
37 #include <string.h>
38
39 #if defined(MBEDTLS_RSA_C)
40 #include "mbedtls/rsa.h"
41 #endif
42 #if defined(MBEDTLS_ECP_C)
43 #include "mbedtls/ecp.h"
44 #endif
45 #if defined(MBEDTLS_ECDSA_C)
46 #include "mbedtls/ecdsa.h"
47 #endif
48 #if defined(MBEDTLS_PEM_PARSE_C)
49 #include "mbedtls/pem.h"
50 #endif
51 #if defined(MBEDTLS_PKCS5_C)
52 #include "mbedtls/pkcs5.h"
53 #endif
54 #if defined(MBEDTLS_PKCS12_C)
55 #include "mbedtls/pkcs12.h"
56 #endif
57
58 #if defined(MBEDTLS_PLATFORM_C)
59 #include "mbedtls/platform.h"
60 #else
61 #include <stdlib.h>
62 #define mbedtls_calloc calloc
63 #define mbedtls_free free
64 #endif
65
66 #if defined(MBEDTLS_FS_IO)
67 /*
68 * Load all data from a file into a given buffer.
69 *
70 * The file is expected to contain either PEM or DER encoded data.
71 * A terminating null byte is always appended. It is included in the announced
72 * length only if the data looks like it is PEM encoded.
73 */
mbedtls_pk_load_file(const char * path,unsigned char ** buf,size_t * n)74 int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
75 {
76 FILE *f;
77 long size;
78
79 if( ( f = fopen( path, "rb" ) ) == NULL )
80 return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
81
82 fseek( f, 0, SEEK_END );
83 if( ( size = ftell( f ) ) == -1 )
84 {
85 fclose( f );
86 return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
87 }
88 fseek( f, 0, SEEK_SET );
89
90 *n = (size_t) size;
91
92 if( *n + 1 == 0 ||
93 ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
94 {
95 fclose( f );
96 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
97 }
98
99 if( fread( *buf, 1, *n, f ) != *n )
100 {
101 fclose( f );
102
103 mbedtls_platform_zeroize( *buf, *n );
104 mbedtls_free( *buf );
105
106 return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
107 }
108
109 fclose( f );
110
111 (*buf)[*n] = '\0';
112
113 if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
114 ++*n;
115
116 return( 0 );
117 }
118
119 /*
120 * Load and parse a private key
121 */
mbedtls_pk_parse_keyfile(mbedtls_pk_context * ctx,const char * path,const char * pwd)122 int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
123 const char *path, const char *pwd )
124 {
125 int ret;
126 size_t n;
127 unsigned char *buf;
128
129 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
130 return( ret );
131
132 if( pwd == NULL )
133 ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 );
134 else
135 ret = mbedtls_pk_parse_key( ctx, buf, n,
136 (const unsigned char *) pwd, strlen( pwd ) );
137
138 mbedtls_platform_zeroize( buf, n );
139 mbedtls_free( buf );
140
141 return( ret );
142 }
143
144 /*
145 * Load and parse a public key
146 */
mbedtls_pk_parse_public_keyfile(mbedtls_pk_context * ctx,const char * path)147 int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
148 {
149 int ret;
150 size_t n;
151 unsigned char *buf;
152
153 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
154 return( ret );
155
156 ret = mbedtls_pk_parse_public_key( ctx, buf, n );
157
158 mbedtls_platform_zeroize( buf, n );
159 mbedtls_free( buf );
160
161 return( ret );
162 }
163 #endif /* MBEDTLS_FS_IO */
164
165 #if defined(MBEDTLS_ECP_C)
166 /* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf
167 *
168 * ECParameters ::= CHOICE {
169 * namedCurve OBJECT IDENTIFIER
170 * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
171 * -- implicitCurve NULL
172 * }
173 */
pk_get_ecparams(unsigned char ** p,const unsigned char * end,mbedtls_asn1_buf * params)174 static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
175 mbedtls_asn1_buf *params )
176 {
177 int ret;
178
179 if ( end - *p < 1 )
180 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
181 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
182
183 /* Tag may be either OID or SEQUENCE */
184 params->tag = **p;
185 if( params->tag != MBEDTLS_ASN1_OID
186 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
187 && params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE )
188 #endif
189 )
190 {
191 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
192 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
193 }
194
195 if( ( ret = mbedtls_asn1_get_tag( p, end, ¶ms->len, params->tag ) ) != 0 )
196 {
197 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
198 }
199
200 params->p = *p;
201 *p += params->len;
202
203 if( *p != end )
204 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
205 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
206
207 return( 0 );
208 }
209
210 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
211 /*
212 * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it.
213 * WARNING: the resulting group should only be used with
214 * pk_group_id_from_specified(), since its base point may not be set correctly
215 * if it was encoded compressed.
216 *
217 * SpecifiedECDomain ::= SEQUENCE {
218 * version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...),
219 * fieldID FieldID {{FieldTypes}},
220 * curve Curve,
221 * base ECPoint,
222 * order INTEGER,
223 * cofactor INTEGER OPTIONAL,
224 * hash HashAlgorithm OPTIONAL,
225 * ...
226 * }
227 *
228 * We only support prime-field as field type, and ignore hash and cofactor.
229 */
pk_group_from_specified(const mbedtls_asn1_buf * params,mbedtls_ecp_group * grp)230 static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
231 {
232 int ret;
233 unsigned char *p = params->p;
234 const unsigned char * const end = params->p + params->len;
235 const unsigned char *end_field, *end_curve;
236 size_t len;
237 int ver;
238
239 /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */
240 if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 )
241 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
242
243 if( ver < 1 || ver > 3 )
244 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
245
246 /*
247 * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field
248 * fieldType FIELD-ID.&id({IOSet}),
249 * parameters FIELD-ID.&Type({IOSet}{@fieldType})
250 * }
251 */
252 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
253 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
254 return( ret );
255
256 end_field = p + len;
257
258 /*
259 * FIELD-ID ::= TYPE-IDENTIFIER
260 * FieldTypes FIELD-ID ::= {
261 * { Prime-p IDENTIFIED BY prime-field } |
262 * { Characteristic-two IDENTIFIED BY characteristic-two-field }
263 * }
264 * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
265 */
266 if( ( ret = mbedtls_asn1_get_tag( &p, end_field, &len, MBEDTLS_ASN1_OID ) ) != 0 )
267 return( ret );
268
269 if( len != MBEDTLS_OID_SIZE( MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD ) ||
270 memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
271 {
272 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
273 }
274
275 p += len;
276
277 /* Prime-p ::= INTEGER -- Field of size p. */
278 if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 )
279 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
280
281 grp->pbits = mbedtls_mpi_bitlen( &grp->P );
282
283 if( p != end_field )
284 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
285 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
286
287 /*
288 * Curve ::= SEQUENCE {
289 * a FieldElement,
290 * b FieldElement,
291 * seed BIT STRING OPTIONAL
292 * -- Shall be present if used in SpecifiedECDomain
293 * -- with version equal to ecdpVer2 or ecdpVer3
294 * }
295 */
296 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
297 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
298 return( ret );
299
300 end_curve = p + len;
301
302 /*
303 * FieldElement ::= OCTET STRING
304 * containing an integer in the case of a prime field
305 */
306 if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
307 ( ret = mbedtls_mpi_read_binary( &grp->A, p, len ) ) != 0 )
308 {
309 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
310 }
311
312 p += len;
313
314 if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
315 ( ret = mbedtls_mpi_read_binary( &grp->B, p, len ) ) != 0 )
316 {
317 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
318 }
319
320 p += len;
321
322 /* Ignore seed BIT STRING OPTIONAL */
323 if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING ) ) == 0 )
324 p += len;
325
326 if( p != end_curve )
327 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
328 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
329
330 /*
331 * ECPoint ::= OCTET STRING
332 */
333 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
334 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
335
336 if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G,
337 ( const unsigned char *) p, len ) ) != 0 )
338 {
339 /*
340 * If we can't read the point because it's compressed, cheat by
341 * reading only the X coordinate and the parity bit of Y.
342 */
343 if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ||
344 ( p[0] != 0x02 && p[0] != 0x03 ) ||
345 len != mbedtls_mpi_size( &grp->P ) + 1 ||
346 mbedtls_mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 ||
347 mbedtls_mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 ||
348 mbedtls_mpi_lset( &grp->G.Z, 1 ) != 0 )
349 {
350 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
351 }
352 }
353
354 p += len;
355
356 /*
357 * order INTEGER
358 */
359 if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 )
360 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
361
362 grp->nbits = mbedtls_mpi_bitlen( &grp->N );
363
364 /*
365 * Allow optional elements by purposefully not enforcing p == end here.
366 */
367
368 return( 0 );
369 }
370
371 /*
372 * Find the group id associated with an (almost filled) group as generated by
373 * pk_group_from_specified(), or return an error if unknown.
374 */
pk_group_id_from_group(const mbedtls_ecp_group * grp,mbedtls_ecp_group_id * grp_id)375 static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id )
376 {
377 int ret = 0;
378 mbedtls_ecp_group ref;
379 const mbedtls_ecp_group_id *id;
380
381 mbedtls_ecp_group_init( &ref );
382
383 for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ )
384 {
385 /* Load the group associated to that id */
386 mbedtls_ecp_group_free( &ref );
387 MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ref, *id ) );
388
389 /* Compare to the group we were given, starting with easy tests */
390 if( grp->pbits == ref.pbits && grp->nbits == ref.nbits &&
391 mbedtls_mpi_cmp_mpi( &grp->P, &ref.P ) == 0 &&
392 mbedtls_mpi_cmp_mpi( &grp->A, &ref.A ) == 0 &&
393 mbedtls_mpi_cmp_mpi( &grp->B, &ref.B ) == 0 &&
394 mbedtls_mpi_cmp_mpi( &grp->N, &ref.N ) == 0 &&
395 mbedtls_mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 &&
396 mbedtls_mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 &&
397 /* For Y we may only know the parity bit, so compare only that */
398 mbedtls_mpi_get_bit( &grp->G.Y, 0 ) == mbedtls_mpi_get_bit( &ref.G.Y, 0 ) )
399 {
400 break;
401 }
402
403 }
404
405 cleanup:
406 mbedtls_ecp_group_free( &ref );
407
408 *grp_id = *id;
409
410 if( ret == 0 && *id == MBEDTLS_ECP_DP_NONE )
411 ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
412
413 return( ret );
414 }
415
416 /*
417 * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID
418 */
pk_group_id_from_specified(const mbedtls_asn1_buf * params,mbedtls_ecp_group_id * grp_id)419 static int pk_group_id_from_specified( const mbedtls_asn1_buf *params,
420 mbedtls_ecp_group_id *grp_id )
421 {
422 int ret;
423 mbedtls_ecp_group grp;
424
425 mbedtls_ecp_group_init( &grp );
426
427 if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 )
428 goto cleanup;
429
430 ret = pk_group_id_from_group( &grp, grp_id );
431
432 cleanup:
433 mbedtls_ecp_group_free( &grp );
434
435 return( ret );
436 }
437 #endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
438
439 /*
440 * Use EC parameters to initialise an EC group
441 *
442 * ECParameters ::= CHOICE {
443 * namedCurve OBJECT IDENTIFIER
444 * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
445 * -- implicitCurve NULL
446 */
pk_use_ecparams(const mbedtls_asn1_buf * params,mbedtls_ecp_group * grp)447 static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
448 {
449 int ret;
450 mbedtls_ecp_group_id grp_id;
451
452 if( params->tag == MBEDTLS_ASN1_OID )
453 {
454 if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 )
455 return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE );
456 }
457 else
458 {
459 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
460 if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 )
461 return( ret );
462 #else
463 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
464 #endif
465 }
466
467 /*
468 * grp may already be initilialized; if so, make sure IDs match
469 */
470 if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id )
471 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
472
473 if( ( ret = mbedtls_ecp_group_load( grp, grp_id ) ) != 0 )
474 return( ret );
475
476 return( 0 );
477 }
478
479 /*
480 * EC public key is an EC point
481 *
482 * The caller is responsible for clearing the structure upon failure if
483 * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE
484 * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state.
485 */
pk_get_ecpubkey(unsigned char ** p,const unsigned char * end,mbedtls_ecp_keypair * key)486 static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
487 mbedtls_ecp_keypair *key )
488 {
489 int ret;
490
491 if( ( ret = mbedtls_ecp_point_read_binary( &key->grp, &key->Q,
492 (const unsigned char *) *p, end - *p ) ) == 0 )
493 {
494 ret = mbedtls_ecp_check_pubkey( &key->grp, &key->Q );
495 }
496
497 /*
498 * We know mbedtls_ecp_point_read_binary consumed all bytes or failed
499 */
500 *p = (unsigned char *) end;
501
502 return( ret );
503 }
504 #endif /* MBEDTLS_ECP_C */
505
506 #if defined(MBEDTLS_RSA_C)
507 /*
508 * RSAPublicKey ::= SEQUENCE {
509 * modulus INTEGER, -- n
510 * publicExponent INTEGER -- e
511 * }
512 */
pk_get_rsapubkey(unsigned char ** p,const unsigned char * end,mbedtls_rsa_context * rsa)513 static int pk_get_rsapubkey( unsigned char **p,
514 const unsigned char *end,
515 mbedtls_rsa_context *rsa )
516 {
517 int ret;
518 size_t len;
519
520 if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
521 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
522 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
523
524 if( *p + len != end )
525 return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
526 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
527
528 /* Import N */
529 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
530 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
531
532 if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0,
533 NULL, 0, NULL, 0 ) ) != 0 )
534 return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
535
536 *p += len;
537
538 /* Import E */
539 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
540 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
541
542 if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
543 NULL, 0, *p, len ) ) != 0 )
544 return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
545
546 *p += len;
547
548 if( mbedtls_rsa_complete( rsa ) != 0 ||
549 mbedtls_rsa_check_pubkey( rsa ) != 0 )
550 {
551 return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
552 }
553
554 if( *p != end )
555 return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
556 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
557
558 return( 0 );
559 }
560 #endif /* MBEDTLS_RSA_C */
561
562 /* Get a PK algorithm identifier
563 *
564 * AlgorithmIdentifier ::= SEQUENCE {
565 * algorithm OBJECT IDENTIFIER,
566 * parameters ANY DEFINED BY algorithm OPTIONAL }
567 */
pk_get_pk_alg(unsigned char ** p,const unsigned char * end,mbedtls_pk_type_t * pk_alg,mbedtls_asn1_buf * params)568 static int pk_get_pk_alg( unsigned char **p,
569 const unsigned char *end,
570 mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params )
571 {
572 int ret;
573 mbedtls_asn1_buf alg_oid;
574
575 memset( params, 0, sizeof(mbedtls_asn1_buf) );
576
577 if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
578 return( MBEDTLS_ERR_PK_INVALID_ALG + ret );
579
580 if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 )
581 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
582
583 /*
584 * No parameters with RSA (only for EC)
585 */
586 if( *pk_alg == MBEDTLS_PK_RSA &&
587 ( ( params->tag != MBEDTLS_ASN1_NULL && params->tag != 0 ) ||
588 params->len != 0 ) )
589 {
590 return( MBEDTLS_ERR_PK_INVALID_ALG );
591 }
592
593 return( 0 );
594 }
595
596 /*
597 * SubjectPublicKeyInfo ::= SEQUENCE {
598 * algorithm AlgorithmIdentifier,
599 * subjectPublicKey BIT STRING }
600 */
mbedtls_pk_parse_subpubkey(unsigned char ** p,const unsigned char * end,mbedtls_pk_context * pk)601 int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
602 mbedtls_pk_context *pk )
603 {
604 int ret;
605 size_t len;
606 mbedtls_asn1_buf alg_params;
607 mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
608 const mbedtls_pk_info_t *pk_info;
609
610 if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
611 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
612 {
613 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
614 }
615
616 end = *p + len;
617
618 if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
619 return( ret );
620
621 if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
622 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
623
624 if( *p + len != end )
625 return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
626 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
627
628 if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
629 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
630
631 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
632 return( ret );
633
634 #if defined(MBEDTLS_RSA_C)
635 if( pk_alg == MBEDTLS_PK_RSA )
636 {
637 ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) );
638 } else
639 #endif /* MBEDTLS_RSA_C */
640 #if defined(MBEDTLS_ECP_C)
641 if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY )
642 {
643 ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp );
644 if( ret == 0 )
645 ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) );
646 } else
647 #endif /* MBEDTLS_ECP_C */
648 ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
649
650 if( ret == 0 && *p != end )
651 ret = MBEDTLS_ERR_PK_INVALID_PUBKEY
652 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
653
654 if( ret != 0 )
655 mbedtls_pk_free( pk );
656
657 return( ret );
658 }
659
660 #if defined(MBEDTLS_RSA_C)
661 /*
662 * Parse a PKCS#1 encoded private RSA key
663 */
pk_parse_key_pkcs1_der(mbedtls_rsa_context * rsa,const unsigned char * key,size_t keylen)664 static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
665 const unsigned char *key,
666 size_t keylen )
667 {
668 int ret, version;
669 size_t len;
670 unsigned char *p, *end;
671
672 mbedtls_mpi T;
673 mbedtls_mpi_init( &T );
674
675 p = (unsigned char *) key;
676 end = p + keylen;
677
678 /*
679 * This function parses the RSAPrivateKey (PKCS#1)
680 *
681 * RSAPrivateKey ::= SEQUENCE {
682 * version Version,
683 * modulus INTEGER, -- n
684 * publicExponent INTEGER, -- e
685 * privateExponent INTEGER, -- d
686 * prime1 INTEGER, -- p
687 * prime2 INTEGER, -- q
688 * exponent1 INTEGER, -- d mod (p-1)
689 * exponent2 INTEGER, -- d mod (q-1)
690 * coefficient INTEGER, -- (inverse of q) mod p
691 * otherPrimeInfos OtherPrimeInfos OPTIONAL
692 * }
693 */
694 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
695 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
696 {
697 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
698 }
699
700 end = p + len;
701
702 if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
703 {
704 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
705 }
706
707 if( version != 0 )
708 {
709 return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
710 }
711
712 /* Import N */
713 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
714 MBEDTLS_ASN1_INTEGER ) ) != 0 ||
715 ( ret = mbedtls_rsa_import_raw( rsa, p, len, NULL, 0, NULL, 0,
716 NULL, 0, NULL, 0 ) ) != 0 )
717 goto cleanup;
718 p += len;
719
720 /* Import E */
721 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
722 MBEDTLS_ASN1_INTEGER ) ) != 0 ||
723 ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
724 NULL, 0, p, len ) ) != 0 )
725 goto cleanup;
726 p += len;
727
728 /* Import D */
729 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
730 MBEDTLS_ASN1_INTEGER ) ) != 0 ||
731 ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
732 p, len, NULL, 0 ) ) != 0 )
733 goto cleanup;
734 p += len;
735
736 /* Import P */
737 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
738 MBEDTLS_ASN1_INTEGER ) ) != 0 ||
739 ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, p, len, NULL, 0,
740 NULL, 0, NULL, 0 ) ) != 0 )
741 goto cleanup;
742 p += len;
743
744 /* Import Q */
745 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
746 MBEDTLS_ASN1_INTEGER ) ) != 0 ||
747 ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, p, len,
748 NULL, 0, NULL, 0 ) ) != 0 )
749 goto cleanup;
750 p += len;
751
752 /* Complete the RSA private key */
753 if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 )
754 goto cleanup;
755
756 /* Check optional parameters */
757 if( ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
758 ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
759 ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 )
760 goto cleanup;
761
762 if( p != end )
763 {
764 ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
765 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ;
766 }
767
768 cleanup:
769
770 mbedtls_mpi_free( &T );
771
772 if( ret != 0 )
773 {
774 /* Wrap error code if it's coming from a lower level */
775 if( ( ret & 0xff80 ) == 0 )
776 ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret;
777 else
778 ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
779
780 mbedtls_rsa_free( rsa );
781 }
782
783 return( ret );
784 }
785 #endif /* MBEDTLS_RSA_C */
786
787 #if defined(MBEDTLS_ECP_C)
788 /*
789 * Parse a SEC1 encoded private EC key
790 */
pk_parse_key_sec1_der(mbedtls_ecp_keypair * eck,const unsigned char * key,size_t keylen)791 static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
792 const unsigned char *key,
793 size_t keylen )
794 {
795 int ret;
796 int version, pubkey_done;
797 size_t len;
798 mbedtls_asn1_buf params;
799 unsigned char *p = (unsigned char *) key;
800 unsigned char *end = p + keylen;
801 unsigned char *end2;
802
803 /*
804 * RFC 5915, or SEC1 Appendix C.4
805 *
806 * ECPrivateKey ::= SEQUENCE {
807 * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
808 * privateKey OCTET STRING,
809 * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
810 * publicKey [1] BIT STRING OPTIONAL
811 * }
812 */
813 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
814 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
815 {
816 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
817 }
818
819 end = p + len;
820
821 if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
822 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
823
824 if( version != 1 )
825 return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
826
827 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
828 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
829
830 if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 )
831 {
832 mbedtls_ecp_keypair_free( eck );
833 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
834 }
835
836 p += len;
837
838 pubkey_done = 0;
839 if( p != end )
840 {
841 /*
842 * Is 'parameters' present?
843 */
844 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
845 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
846 {
847 if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 ||
848 ( ret = pk_use_ecparams( ¶ms, &eck->grp ) ) != 0 )
849 {
850 mbedtls_ecp_keypair_free( eck );
851 return( ret );
852 }
853 }
854 else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
855 {
856 mbedtls_ecp_keypair_free( eck );
857 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
858 }
859 }
860
861 if( p != end )
862 {
863 /*
864 * Is 'publickey' present? If not, or if we can't read it (eg because it
865 * is compressed), create it from the private key.
866 */
867 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
868 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
869 {
870 end2 = p + len;
871
872 if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
873 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
874
875 if( p + len != end2 )
876 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
877 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
878
879 if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
880 pubkey_done = 1;
881 else
882 {
883 /*
884 * The only acceptable failure mode of pk_get_ecpubkey() above
885 * is if the point format is not recognized.
886 */
887 if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE )
888 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
889 }
890 }
891 else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
892 {
893 mbedtls_ecp_keypair_free( eck );
894 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
895 }
896 }
897
898 if( ! pubkey_done &&
899 ( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
900 NULL, NULL ) ) != 0 )
901 {
902 mbedtls_ecp_keypair_free( eck );
903 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
904 }
905
906 if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
907 {
908 mbedtls_ecp_keypair_free( eck );
909 return( ret );
910 }
911
912 return( 0 );
913 }
914 #endif /* MBEDTLS_ECP_C */
915
916 /*
917 * Parse an unencrypted PKCS#8 encoded private key
918 *
919 * Notes:
920 *
921 * - This function does not own the key buffer. It is the
922 * responsibility of the caller to take care of zeroizing
923 * and freeing it after use.
924 *
925 * - The function is responsible for freeing the provided
926 * PK context on failure.
927 *
928 */
pk_parse_key_pkcs8_unencrypted_der(mbedtls_pk_context * pk,const unsigned char * key,size_t keylen)929 static int pk_parse_key_pkcs8_unencrypted_der(
930 mbedtls_pk_context *pk,
931 const unsigned char* key,
932 size_t keylen )
933 {
934 int ret, version;
935 size_t len;
936 mbedtls_asn1_buf params;
937 unsigned char *p = (unsigned char *) key;
938 unsigned char *end = p + keylen;
939 mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
940 const mbedtls_pk_info_t *pk_info;
941
942 /*
943 * This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208)
944 *
945 * PrivateKeyInfo ::= SEQUENCE {
946 * version Version,
947 * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
948 * privateKey PrivateKey,
949 * attributes [0] IMPLICIT Attributes OPTIONAL }
950 *
951 * Version ::= INTEGER
952 * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
953 * PrivateKey ::= OCTET STRING
954 *
955 * The PrivateKey OCTET STRING is a SEC1 ECPrivateKey
956 */
957
958 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
959 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
960 {
961 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
962 }
963
964 end = p + len;
965
966 if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
967 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
968
969 if( version != 0 )
970 return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret );
971
972 if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 )
973 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
974
975 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
976 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
977
978 if( len < 1 )
979 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
980 MBEDTLS_ERR_ASN1_OUT_OF_DATA );
981
982 if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
983 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
984
985 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
986 return( ret );
987
988 #if defined(MBEDTLS_RSA_C)
989 if( pk_alg == MBEDTLS_PK_RSA )
990 {
991 if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 )
992 {
993 mbedtls_pk_free( pk );
994 return( ret );
995 }
996 } else
997 #endif /* MBEDTLS_RSA_C */
998 #if defined(MBEDTLS_ECP_C)
999 if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )
1000 {
1001 if( ( ret = pk_use_ecparams( ¶ms, &mbedtls_pk_ec( *pk )->grp ) ) != 0 ||
1002 ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len ) ) != 0 )
1003 {
1004 mbedtls_pk_free( pk );
1005 return( ret );
1006 }
1007 } else
1008 #endif /* MBEDTLS_ECP_C */
1009 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
1010
1011 return( 0 );
1012 }
1013
1014 /*
1015 * Parse an encrypted PKCS#8 encoded private key
1016 *
1017 * To save space, the decryption happens in-place on the given key buffer.
1018 * Also, while this function may modify the keybuffer, it doesn't own it,
1019 * and instead it is the responsibility of the caller to zeroize and properly
1020 * free it after use.
1021 *
1022 */
1023 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
pk_parse_key_pkcs8_encrypted_der(mbedtls_pk_context * pk,unsigned char * key,size_t keylen,const unsigned char * pwd,size_t pwdlen)1024 static int pk_parse_key_pkcs8_encrypted_der(
1025 mbedtls_pk_context *pk,
1026 unsigned char *key, size_t keylen,
1027 const unsigned char *pwd, size_t pwdlen )
1028 {
1029 int ret, decrypted = 0;
1030 size_t len;
1031 unsigned char *buf;
1032 unsigned char *p, *end;
1033 mbedtls_asn1_buf pbe_alg_oid, pbe_params;
1034 #if defined(MBEDTLS_PKCS12_C)
1035 mbedtls_cipher_type_t cipher_alg;
1036 mbedtls_md_type_t md_alg;
1037 #endif
1038
1039 p = key;
1040 end = p + keylen;
1041
1042 if( pwdlen == 0 )
1043 return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
1044
1045 /*
1046 * This function parses the EncryptedPrivateKeyInfo object (PKCS#8)
1047 *
1048 * EncryptedPrivateKeyInfo ::= SEQUENCE {
1049 * encryptionAlgorithm EncryptionAlgorithmIdentifier,
1050 * encryptedData EncryptedData
1051 * }
1052 *
1053 * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
1054 *
1055 * EncryptedData ::= OCTET STRING
1056 *
1057 * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
1058 *
1059 */
1060 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
1061 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
1062 {
1063 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
1064 }
1065
1066 end = p + len;
1067
1068 if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
1069 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
1070
1071 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
1072 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
1073
1074 buf = p;
1075
1076 /*
1077 * Decrypt EncryptedData with appropriate PBE
1078 */
1079 #if defined(MBEDTLS_PKCS12_C)
1080 if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
1081 {
1082 if( ( ret = mbedtls_pkcs12_pbe( &pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
1083 cipher_alg, md_alg,
1084 pwd, pwdlen, p, len, buf ) ) != 0 )
1085 {
1086 if( ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH )
1087 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
1088
1089 return( ret );
1090 }
1091
1092 decrypted = 1;
1093 }
1094 else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 )
1095 {
1096 if( ( ret = mbedtls_pkcs12_pbe_sha1_rc4_128( &pbe_params,
1097 MBEDTLS_PKCS12_PBE_DECRYPT,
1098 pwd, pwdlen,
1099 p, len, buf ) ) != 0 )
1100 {
1101 return( ret );
1102 }
1103
1104 // Best guess for password mismatch when using RC4. If first tag is
1105 // not MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE
1106 //
1107 if( *buf != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
1108 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
1109
1110 decrypted = 1;
1111 }
1112 else
1113 #endif /* MBEDTLS_PKCS12_C */
1114 #if defined(MBEDTLS_PKCS5_C)
1115 if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid ) == 0 )
1116 {
1117 if( ( ret = mbedtls_pkcs5_pbes2( &pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen,
1118 p, len, buf ) ) != 0 )
1119 {
1120 if( ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH )
1121 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
1122
1123 return( ret );
1124 }
1125
1126 decrypted = 1;
1127 }
1128 else
1129 #endif /* MBEDTLS_PKCS5_C */
1130 {
1131 ((void) pwd);
1132 }
1133
1134 if( decrypted == 0 )
1135 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
1136
1137 return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
1138 }
1139 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
1140
1141 /*
1142 * Parse a private key
1143 */
mbedtls_pk_parse_key(mbedtls_pk_context * pk,const unsigned char * key,size_t keylen,const unsigned char * pwd,size_t pwdlen)1144 int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
1145 const unsigned char *key, size_t keylen,
1146 const unsigned char *pwd, size_t pwdlen )
1147 {
1148 int ret;
1149 const mbedtls_pk_info_t *pk_info;
1150
1151 #if defined(MBEDTLS_PEM_PARSE_C)
1152 size_t len;
1153 mbedtls_pem_context pem;
1154
1155 mbedtls_pem_init( &pem );
1156
1157 #if defined(MBEDTLS_RSA_C)
1158 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
1159 if( keylen == 0 || key[keylen - 1] != '\0' )
1160 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1161 else
1162 ret = mbedtls_pem_read_buffer( &pem,
1163 "-----BEGIN RSA PRIVATE KEY-----",
1164 "-----END RSA PRIVATE KEY-----",
1165 key, pwd, pwdlen, &len );
1166
1167 if( ret == 0 )
1168 {
1169 pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
1170 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
1171 ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
1172 pem.buf, pem.buflen ) ) != 0 )
1173 {
1174 mbedtls_pk_free( pk );
1175 }
1176
1177 mbedtls_pem_free( &pem );
1178 return( ret );
1179 }
1180 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
1181 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
1182 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
1183 return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
1184 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1185 return( ret );
1186 #endif /* MBEDTLS_RSA_C */
1187
1188 #if defined(MBEDTLS_ECP_C)
1189 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
1190 if( keylen == 0 || key[keylen - 1] != '\0' )
1191 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1192 else
1193 ret = mbedtls_pem_read_buffer( &pem,
1194 "-----BEGIN EC PRIVATE KEY-----",
1195 "-----END EC PRIVATE KEY-----",
1196 key, pwd, pwdlen, &len );
1197 if( ret == 0 )
1198 {
1199 pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
1200
1201 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
1202 ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
1203 pem.buf, pem.buflen ) ) != 0 )
1204 {
1205 mbedtls_pk_free( pk );
1206 }
1207
1208 mbedtls_pem_free( &pem );
1209 return( ret );
1210 }
1211 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
1212 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
1213 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
1214 return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
1215 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1216 return( ret );
1217 #endif /* MBEDTLS_ECP_C */
1218
1219 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
1220 if( keylen == 0 || key[keylen - 1] != '\0' )
1221 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1222 else
1223 ret = mbedtls_pem_read_buffer( &pem,
1224 "-----BEGIN PRIVATE KEY-----",
1225 "-----END PRIVATE KEY-----",
1226 key, NULL, 0, &len );
1227 if( ret == 0 )
1228 {
1229 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
1230 pem.buf, pem.buflen ) ) != 0 )
1231 {
1232 mbedtls_pk_free( pk );
1233 }
1234
1235 mbedtls_pem_free( &pem );
1236 return( ret );
1237 }
1238 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1239 return( ret );
1240
1241 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
1242 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
1243 if( keylen == 0 || key[keylen - 1] != '\0' )
1244 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1245 else
1246 ret = mbedtls_pem_read_buffer( &pem,
1247 "-----BEGIN ENCRYPTED PRIVATE KEY-----",
1248 "-----END ENCRYPTED PRIVATE KEY-----",
1249 key, NULL, 0, &len );
1250 if( ret == 0 )
1251 {
1252 if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
1253 pem.buf, pem.buflen,
1254 pwd, pwdlen ) ) != 0 )
1255 {
1256 mbedtls_pk_free( pk );
1257 }
1258
1259 mbedtls_pem_free( &pem );
1260 return( ret );
1261 }
1262 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1263 return( ret );
1264 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
1265 #else
1266 ((void) pwd);
1267 ((void) pwdlen);
1268 #endif /* MBEDTLS_PEM_PARSE_C */
1269
1270 /*
1271 * At this point we only know it's not a PEM formatted key. Could be any
1272 * of the known DER encoded private key formats
1273 *
1274 * We try the different DER format parsers to see if one passes without
1275 * error
1276 */
1277 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
1278 {
1279 unsigned char *key_copy;
1280
1281 if( keylen == 0 )
1282 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
1283
1284 if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
1285 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
1286
1287 memcpy( key_copy, key, keylen );
1288
1289 ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
1290 pwd, pwdlen );
1291
1292 mbedtls_platform_zeroize( key_copy, keylen );
1293 mbedtls_free( key_copy );
1294 }
1295
1296 if( ret == 0 )
1297 return( 0 );
1298
1299 mbedtls_pk_free( pk );
1300
1301 if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )
1302 {
1303 return( ret );
1304 }
1305 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
1306
1307 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
1308 return( 0 );
1309
1310 mbedtls_pk_free( pk );
1311
1312 #if defined(MBEDTLS_RSA_C)
1313
1314 pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
1315 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
1316 ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
1317 key, keylen ) ) != 0 )
1318 {
1319 mbedtls_pk_free( pk );
1320 }
1321 else
1322 {
1323 return( 0 );
1324 }
1325
1326 #endif /* MBEDTLS_RSA_C */
1327
1328 #if defined(MBEDTLS_ECP_C)
1329
1330 pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
1331 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
1332 ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
1333 key, keylen ) ) != 0 )
1334 {
1335 mbedtls_pk_free( pk );
1336 }
1337 else
1338 {
1339 return( 0 );
1340 }
1341
1342 #endif /* MBEDTLS_ECP_C */
1343
1344 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
1345 }
1346
1347 /*
1348 * Parse a public key
1349 */
mbedtls_pk_parse_public_key(mbedtls_pk_context * ctx,const unsigned char * key,size_t keylen)1350 int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
1351 const unsigned char *key, size_t keylen )
1352 {
1353 int ret;
1354 unsigned char *p;
1355 #if defined(MBEDTLS_RSA_C)
1356 const mbedtls_pk_info_t *pk_info;
1357 #endif
1358 #if defined(MBEDTLS_PEM_PARSE_C)
1359 size_t len;
1360 mbedtls_pem_context pem;
1361
1362 mbedtls_pem_init( &pem );
1363 #if defined(MBEDTLS_RSA_C)
1364 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
1365 if( keylen == 0 || key[keylen - 1] != '\0' )
1366 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1367 else
1368 ret = mbedtls_pem_read_buffer( &pem,
1369 "-----BEGIN RSA PUBLIC KEY-----",
1370 "-----END RSA PUBLIC KEY-----",
1371 key, NULL, 0, &len );
1372
1373 if( ret == 0 )
1374 {
1375 p = pem.buf;
1376 if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
1377 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
1378
1379 if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
1380 return( ret );
1381
1382 if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 )
1383 mbedtls_pk_free( ctx );
1384
1385 mbedtls_pem_free( &pem );
1386 return( ret );
1387 }
1388 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1389 {
1390 mbedtls_pem_free( &pem );
1391 return( ret );
1392 }
1393 #endif /* MBEDTLS_RSA_C */
1394
1395 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
1396 if( keylen == 0 || key[keylen - 1] != '\0' )
1397 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
1398 else
1399 ret = mbedtls_pem_read_buffer( &pem,
1400 "-----BEGIN PUBLIC KEY-----",
1401 "-----END PUBLIC KEY-----",
1402 key, NULL, 0, &len );
1403
1404 if( ret == 0 )
1405 {
1406 /*
1407 * Was PEM encoded
1408 */
1409 p = pem.buf;
1410
1411 ret = mbedtls_pk_parse_subpubkey( &p, p + pem.buflen, ctx );
1412 mbedtls_pem_free( &pem );
1413 return( ret );
1414 }
1415 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1416 {
1417 mbedtls_pem_free( &pem );
1418 return( ret );
1419 }
1420 mbedtls_pem_free( &pem );
1421 #endif /* MBEDTLS_PEM_PARSE_C */
1422
1423 #if defined(MBEDTLS_RSA_C)
1424 if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
1425 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
1426
1427 if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
1428 return( ret );
1429
1430 p = (unsigned char *)key;
1431 ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) );
1432 if( ret == 0 )
1433 {
1434 return( ret );
1435 }
1436 mbedtls_pk_free( ctx );
1437 if( ret != ( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
1438 {
1439 return( ret );
1440 }
1441 #endif /* MBEDTLS_RSA_C */
1442 p = (unsigned char *) key;
1443
1444 ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx );
1445
1446 return( ret );
1447 }
1448
1449 #endif /* MBEDTLS_PK_PARSE_C */
1450