1 // SPDX-License-Identifier: Apache-2.0 2 /* 3 * Public Key layer for parsing key files and structures 4 * 5 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 6 * 7 * Licensed under the Apache License, Version 2.0 (the "License"); you may 8 * not use this file except in compliance with the License. 9 * You may obtain a copy of the License at 10 * 11 * http://www.apache.org/licenses/LICENSE-2.0 12 * 13 * Unless required by applicable law or agreed to in writing, software 14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 * See the License for the specific language governing permissions and 17 * limitations under the License. 18 * 19 * This file is part of mbed TLS (https://tls.mbed.org) 20 */ 21 22 #if !defined(MBEDTLS_CONFIG_FILE) 23 #include "mbedtls/config.h" 24 #else 25 #include MBEDTLS_CONFIG_FILE 26 #endif 27 28 #if defined(MBEDTLS_PK_PARSE_C) 29 30 #include "mbedtls/pk.h" 31 #include "mbedtls/asn1.h" 32 #include "mbedtls/oid.h" 33 34 #include <string.h> 35 36 #if defined(MBEDTLS_RSA_C) 37 #include "mbedtls/rsa.h" 38 #endif 39 #if defined(MBEDTLS_ECP_C) 40 #include "mbedtls/ecp.h" 41 #endif 42 #if defined(MBEDTLS_ECDSA_C) 43 #include "mbedtls/ecdsa.h" 44 #endif 45 #if defined(MBEDTLS_PEM_PARSE_C) 46 #include "mbedtls/pem.h" 47 #endif 48 #if defined(MBEDTLS_PKCS5_C) 49 #include "mbedtls/pkcs5.h" 50 #endif 51 #if defined(MBEDTLS_PKCS12_C) 52 #include "mbedtls/pkcs12.h" 53 #endif 54 55 #if defined(MBEDTLS_PLATFORM_C) 56 #include "mbedtls/platform.h" 57 #else 58 #include <stdlib.h> 59 #define mbedtls_calloc calloc 60 #define mbedtls_free free 61 #endif 62 63 #if defined(MBEDTLS_FS_IO) 64 /* Implementation that should never be optimized out by the compiler */ 65 static void mbedtls_zeroize( void *v, size_t n ) { 66 volatile unsigned char *p = v; while( n-- ) *p++ = 0; 67 } 68 69 /* 70 * Load all data from a file into a given buffer. 71 * 72 * The file is expected to contain either PEM or DER encoded data. 73 * A terminating null byte is always appended. It is included in the announced 74 * length only if the data looks like it is PEM encoded. 75 */ 76 int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ) 77 { 78 FILE *f; 79 long size; 80 81 if( ( f = fopen( path, "rb" ) ) == NULL ) 82 return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); 83 84 fseek( f, 0, SEEK_END ); 85 if( ( size = ftell( f ) ) == -1 ) 86 { 87 fclose( f ); 88 return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); 89 } 90 fseek( f, 0, SEEK_SET ); 91 92 *n = (size_t) size; 93 94 if( *n + 1 == 0 || 95 ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL ) 96 { 97 fclose( f ); 98 return( MBEDTLS_ERR_PK_ALLOC_FAILED ); 99 } 100 101 if( fread( *buf, 1, *n, f ) != *n ) 102 { 103 fclose( f ); 104 mbedtls_free( *buf ); 105 return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); 106 } 107 108 fclose( f ); 109 110 (*buf)[*n] = '\0'; 111 112 if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL ) 113 ++*n; 114 115 return( 0 ); 116 } 117 118 /* 119 * Load and parse a private key 120 */ 121 int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, 122 const char *path, const char *pwd ) 123 { 124 int ret; 125 size_t n; 126 unsigned char *buf; 127 128 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) 129 return( ret ); 130 131 if( pwd == NULL ) 132 ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 ); 133 else 134 ret = mbedtls_pk_parse_key( ctx, buf, n, 135 (const unsigned char *) pwd, strlen( pwd ) ); 136 137 mbedtls_zeroize( buf, n ); 138 mbedtls_free( buf ); 139 140 return( ret ); 141 } 142 143 /* 144 * Load and parse a public key 145 */ 146 int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) 147 { 148 int ret; 149 size_t n; 150 unsigned char *buf; 151 152 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) 153 return( ret ); 154 155 ret = mbedtls_pk_parse_public_key( ctx, buf, n ); 156 157 mbedtls_zeroize( buf, n ); 158 mbedtls_free( buf ); 159 160 return( ret ); 161 } 162 #endif /* MBEDTLS_FS_IO */ 163 164 #if defined(MBEDTLS_ECP_C) 165 /* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf 166 * 167 * ECParameters ::= CHOICE { 168 * namedCurve OBJECT IDENTIFIER 169 * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... } 170 * -- implicitCurve NULL 171 * } 172 */ 173 static int pk_get_ecparams( unsigned char **p, const unsigned char *end, 174 mbedtls_asn1_buf *params ) 175 { 176 int ret; 177 178 /* Tag may be either OID or SEQUENCE */ 179 params->tag = **p; 180 if( params->tag != MBEDTLS_ASN1_OID 181 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) 182 && params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) 183 #endif 184 ) 185 { 186 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 187 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); 188 } 189 190 if( ( ret = mbedtls_asn1_get_tag( p, end, ¶ms->len, params->tag ) ) != 0 ) 191 { 192 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 193 } 194 195 params->p = *p; 196 *p += params->len; 197 198 if( *p != end ) 199 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 200 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 201 202 return( 0 ); 203 } 204 205 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) 206 /* 207 * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it. 208 * WARNING: the resulting group should only be used with 209 * pk_group_id_from_specified(), since its base point may not be set correctly 210 * if it was encoded compressed. 211 * 212 * SpecifiedECDomain ::= SEQUENCE { 213 * version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...), 214 * fieldID FieldID {{FieldTypes}}, 215 * curve Curve, 216 * base ECPoint, 217 * order INTEGER, 218 * cofactor INTEGER OPTIONAL, 219 * hash HashAlgorithm OPTIONAL, 220 * ... 221 * } 222 * 223 * We only support prime-field as field type, and ignore hash and cofactor. 224 */ 225 static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp ) 226 { 227 int ret; 228 unsigned char *p = params->p; 229 const unsigned char * const end = params->p + params->len; 230 const unsigned char *end_field, *end_curve; 231 size_t len; 232 int ver; 233 234 /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */ 235 if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 ) 236 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 237 238 if( ver < 1 || ver > 3 ) 239 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 240 241 /* 242 * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field 243 * fieldType FIELD-ID.&id({IOSet}), 244 * parameters FIELD-ID.&Type({IOSet}{@fieldType}) 245 * } 246 */ 247 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 248 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 249 return( ret ); 250 251 end_field = p + len; 252 253 /* 254 * FIELD-ID ::= TYPE-IDENTIFIER 255 * FieldTypes FIELD-ID ::= { 256 * { Prime-p IDENTIFIED BY prime-field } | 257 * { Characteristic-two IDENTIFIED BY characteristic-two-field } 258 * } 259 * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 } 260 */ 261 if( ( ret = mbedtls_asn1_get_tag( &p, end_field, &len, MBEDTLS_ASN1_OID ) ) != 0 ) 262 return( ret ); 263 264 if( len != MBEDTLS_OID_SIZE( MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD ) || 265 memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 ) 266 { 267 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); 268 } 269 270 p += len; 271 272 /* Prime-p ::= INTEGER -- Field of size p. */ 273 if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 ) 274 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 275 276 grp->pbits = mbedtls_mpi_bitlen( &grp->P ); 277 278 if( p != end_field ) 279 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 280 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 281 282 /* 283 * Curve ::= SEQUENCE { 284 * a FieldElement, 285 * b FieldElement, 286 * seed BIT STRING OPTIONAL 287 * -- Shall be present if used in SpecifiedECDomain 288 * -- with version equal to ecdpVer2 or ecdpVer3 289 * } 290 */ 291 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 292 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 293 return( ret ); 294 295 end_curve = p + len; 296 297 /* 298 * FieldElement ::= OCTET STRING 299 * containing an integer in the case of a prime field 300 */ 301 if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 || 302 ( ret = mbedtls_mpi_read_binary( &grp->A, p, len ) ) != 0 ) 303 { 304 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 305 } 306 307 p += len; 308 309 if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 || 310 ( ret = mbedtls_mpi_read_binary( &grp->B, p, len ) ) != 0 ) 311 { 312 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 313 } 314 315 p += len; 316 317 /* Ignore seed BIT STRING OPTIONAL */ 318 if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING ) ) == 0 ) 319 p += len; 320 321 if( p != end_curve ) 322 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 323 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 324 325 /* 326 * ECPoint ::= OCTET STRING 327 */ 328 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) 329 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 330 331 if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G, 332 ( const unsigned char *) p, len ) ) != 0 ) 333 { 334 /* 335 * If we can't read the point because it's compressed, cheat by 336 * reading only the X coordinate and the parity bit of Y. 337 */ 338 if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE || 339 ( p[0] != 0x02 && p[0] != 0x03 ) || 340 len != mbedtls_mpi_size( &grp->P ) + 1 || 341 mbedtls_mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 || 342 mbedtls_mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 || 343 mbedtls_mpi_lset( &grp->G.Z, 1 ) != 0 ) 344 { 345 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 346 } 347 } 348 349 p += len; 350 351 /* 352 * order INTEGER 353 */ 354 if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 ) 355 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 356 357 grp->nbits = mbedtls_mpi_bitlen( &grp->N ); 358 359 /* 360 * Allow optional elements by purposefully not enforcing p == end here. 361 */ 362 363 return( 0 ); 364 } 365 366 /* 367 * Find the group id associated with an (almost filled) group as generated by 368 * pk_group_from_specified(), or return an error if unknown. 369 */ 370 static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id ) 371 { 372 int ret = 0; 373 mbedtls_ecp_group ref; 374 const mbedtls_ecp_group_id *id; 375 376 mbedtls_ecp_group_init( &ref ); 377 378 for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ ) 379 { 380 /* Load the group associated to that id */ 381 mbedtls_ecp_group_free( &ref ); 382 MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ref, *id ) ); 383 384 /* Compare to the group we were given, starting with easy tests */ 385 if( grp->pbits == ref.pbits && grp->nbits == ref.nbits && 386 mbedtls_mpi_cmp_mpi( &grp->P, &ref.P ) == 0 && 387 mbedtls_mpi_cmp_mpi( &grp->A, &ref.A ) == 0 && 388 mbedtls_mpi_cmp_mpi( &grp->B, &ref.B ) == 0 && 389 mbedtls_mpi_cmp_mpi( &grp->N, &ref.N ) == 0 && 390 mbedtls_mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 && 391 mbedtls_mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 && 392 /* For Y we may only know the parity bit, so compare only that */ 393 mbedtls_mpi_get_bit( &grp->G.Y, 0 ) == mbedtls_mpi_get_bit( &ref.G.Y, 0 ) ) 394 { 395 break; 396 } 397 398 } 399 400 cleanup: 401 mbedtls_ecp_group_free( &ref ); 402 403 *grp_id = *id; 404 405 if( ret == 0 && *id == MBEDTLS_ECP_DP_NONE ) 406 ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; 407 408 return( ret ); 409 } 410 411 /* 412 * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID 413 */ 414 static int pk_group_id_from_specified( const mbedtls_asn1_buf *params, 415 mbedtls_ecp_group_id *grp_id ) 416 { 417 int ret; 418 mbedtls_ecp_group grp; 419 420 mbedtls_ecp_group_init( &grp ); 421 422 if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 ) 423 goto cleanup; 424 425 ret = pk_group_id_from_group( &grp, grp_id ); 426 427 cleanup: 428 mbedtls_ecp_group_free( &grp ); 429 430 return( ret ); 431 } 432 #endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */ 433 434 /* 435 * Use EC parameters to initialise an EC group 436 * 437 * ECParameters ::= CHOICE { 438 * namedCurve OBJECT IDENTIFIER 439 * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... } 440 * -- implicitCurve NULL 441 */ 442 static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp ) 443 { 444 int ret; 445 mbedtls_ecp_group_id grp_id; 446 447 if( params->tag == MBEDTLS_ASN1_OID ) 448 { 449 if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 ) 450 return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE ); 451 } 452 else 453 { 454 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) 455 if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 ) 456 return( ret ); 457 #else 458 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 459 #endif 460 } 461 462 /* 463 * grp may already be initilialized; if so, make sure IDs match 464 */ 465 if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id ) 466 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 467 468 if( ( ret = mbedtls_ecp_group_load( grp, grp_id ) ) != 0 ) 469 return( ret ); 470 471 return( 0 ); 472 } 473 474 /* 475 * EC public key is an EC point 476 * 477 * The caller is responsible for clearing the structure upon failure if 478 * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE 479 * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state. 480 */ 481 static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end, 482 mbedtls_ecp_keypair *key ) 483 { 484 int ret; 485 486 if( ( ret = mbedtls_ecp_point_read_binary( &key->grp, &key->Q, 487 (const unsigned char *) *p, end - *p ) ) == 0 ) 488 { 489 ret = mbedtls_ecp_check_pubkey( &key->grp, &key->Q ); 490 } 491 492 /* 493 * We know mbedtls_ecp_point_read_binary consumed all bytes or failed 494 */ 495 *p = (unsigned char *) end; 496 497 return( ret ); 498 } 499 #endif /* MBEDTLS_ECP_C */ 500 501 #if defined(MBEDTLS_RSA_C) 502 /* 503 * RSAPublicKey ::= SEQUENCE { 504 * modulus INTEGER, -- n 505 * publicExponent INTEGER -- e 506 * } 507 */ 508 static int pk_get_rsapubkey( unsigned char **p, 509 const unsigned char *end, 510 mbedtls_rsa_context *rsa ) 511 { 512 int ret; 513 size_t len; 514 515 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 516 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 517 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); 518 519 if( *p + len != end ) 520 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + 521 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 522 523 if( ( ret = mbedtls_asn1_get_mpi( p, end, &rsa->N ) ) != 0 || 524 ( ret = mbedtls_asn1_get_mpi( p, end, &rsa->E ) ) != 0 ) 525 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); 526 527 if( *p != end ) 528 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + 529 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 530 531 if( ( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 ) 532 return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); 533 534 rsa->len = mbedtls_mpi_size( &rsa->N ); 535 536 return( 0 ); 537 } 538 #endif /* MBEDTLS_RSA_C */ 539 540 /* Get a PK algorithm identifier 541 * 542 * AlgorithmIdentifier ::= SEQUENCE { 543 * algorithm OBJECT IDENTIFIER, 544 * parameters ANY DEFINED BY algorithm OPTIONAL } 545 */ 546 static int pk_get_pk_alg( unsigned char **p, 547 const unsigned char *end, 548 mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params ) 549 { 550 int ret; 551 mbedtls_asn1_buf alg_oid; 552 553 memset( params, 0, sizeof(mbedtls_asn1_buf) ); 554 555 if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 ) 556 return( MBEDTLS_ERR_PK_INVALID_ALG + ret ); 557 558 if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 ) 559 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); 560 561 /* 562 * No parameters with RSA (only for EC) 563 */ 564 if( *pk_alg == MBEDTLS_PK_RSA && 565 ( ( params->tag != MBEDTLS_ASN1_NULL && params->tag != 0 ) || 566 params->len != 0 ) ) 567 { 568 return( MBEDTLS_ERR_PK_INVALID_ALG ); 569 } 570 571 return( 0 ); 572 } 573 574 /* 575 * SubjectPublicKeyInfo ::= SEQUENCE { 576 * algorithm AlgorithmIdentifier, 577 * subjectPublicKey BIT STRING } 578 */ 579 int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, 580 mbedtls_pk_context *pk ) 581 { 582 int ret; 583 size_t len; 584 mbedtls_asn1_buf alg_params; 585 mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; 586 const mbedtls_pk_info_t *pk_info; 587 588 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 589 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 590 { 591 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 592 } 593 594 end = *p + len; 595 596 if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 ) 597 return( ret ); 598 599 if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 ) 600 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); 601 602 if( *p + len != end ) 603 return( MBEDTLS_ERR_PK_INVALID_PUBKEY + 604 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 605 606 if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL ) 607 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); 608 609 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ) 610 return( ret ); 611 612 #if defined(MBEDTLS_RSA_C) 613 if( pk_alg == MBEDTLS_PK_RSA ) 614 { 615 ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) ); 616 } else 617 #endif /* MBEDTLS_RSA_C */ 618 #if defined(MBEDTLS_ECP_C) 619 if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY ) 620 { 621 ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp ); 622 if( ret == 0 ) 623 ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) ); 624 } else 625 #endif /* MBEDTLS_ECP_C */ 626 ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; 627 628 if( ret == 0 && *p != end ) 629 ret = MBEDTLS_ERR_PK_INVALID_PUBKEY 630 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; 631 632 if( ret != 0 ) 633 mbedtls_pk_free( pk ); 634 635 return( ret ); 636 } 637 638 #if defined(MBEDTLS_RSA_C) 639 /* 640 * Parse a PKCS#1 encoded private RSA key 641 */ 642 static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, 643 const unsigned char *key, 644 size_t keylen ) 645 { 646 int ret; 647 size_t len; 648 unsigned char *p, *end; 649 650 p = (unsigned char *) key; 651 end = p + keylen; 652 653 /* 654 * This function parses the RSAPrivateKey (PKCS#1) 655 * 656 * RSAPrivateKey ::= SEQUENCE { 657 * version Version, 658 * modulus INTEGER, -- n 659 * publicExponent INTEGER, -- e 660 * privateExponent INTEGER, -- d 661 * prime1 INTEGER, -- p 662 * prime2 INTEGER, -- q 663 * exponent1 INTEGER, -- d mod (p-1) 664 * exponent2 INTEGER, -- d mod (q-1) 665 * coefficient INTEGER, -- (inverse of q) mod p 666 * otherPrimeInfos OtherPrimeInfos OPTIONAL 667 * } 668 */ 669 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 670 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 671 { 672 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 673 } 674 675 end = p + len; 676 677 if( ( ret = mbedtls_asn1_get_int( &p, end, &rsa->ver ) ) != 0 ) 678 { 679 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 680 } 681 682 if( rsa->ver != 0 ) 683 { 684 return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); 685 } 686 687 if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->N ) ) != 0 || 688 ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->E ) ) != 0 || 689 ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->D ) ) != 0 || 690 ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->P ) ) != 0 || 691 ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 || 692 ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 || 693 ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 || 694 ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 ) 695 { 696 mbedtls_rsa_free( rsa ); 697 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 698 } 699 700 rsa->len = mbedtls_mpi_size( &rsa->N ); 701 702 if( p != end ) 703 { 704 mbedtls_rsa_free( rsa ); 705 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 706 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 707 } 708 709 if( ( ret = mbedtls_rsa_check_privkey( rsa ) ) != 0 ) 710 { 711 mbedtls_rsa_free( rsa ); 712 return( ret ); 713 } 714 715 return( 0 ); 716 } 717 #endif /* MBEDTLS_RSA_C */ 718 719 #if defined(MBEDTLS_ECP_C) 720 /* 721 * Parse a SEC1 encoded private EC key 722 */ 723 static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, 724 const unsigned char *key, 725 size_t keylen ) 726 { 727 int ret; 728 int version, pubkey_done; 729 size_t len; 730 mbedtls_asn1_buf params; 731 unsigned char *p = (unsigned char *) key; 732 unsigned char *end = p + keylen; 733 unsigned char *end2; 734 735 /* 736 * RFC 5915, or SEC1 Appendix C.4 737 * 738 * ECPrivateKey ::= SEQUENCE { 739 * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), 740 * privateKey OCTET STRING, 741 * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, 742 * publicKey [1] BIT STRING OPTIONAL 743 * } 744 */ 745 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 746 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 747 { 748 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 749 } 750 751 end = p + len; 752 753 if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) 754 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 755 756 if( version != 1 ) 757 return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); 758 759 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) 760 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 761 762 if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 ) 763 { 764 mbedtls_ecp_keypair_free( eck ); 765 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 766 } 767 768 p += len; 769 770 pubkey_done = 0; 771 if( p != end ) 772 { 773 /* 774 * Is 'parameters' present? 775 */ 776 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 777 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 ) 778 { 779 if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 || 780 ( ret = pk_use_ecparams( ¶ms, &eck->grp ) ) != 0 ) 781 { 782 mbedtls_ecp_keypair_free( eck ); 783 return( ret ); 784 } 785 } 786 else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 787 { 788 mbedtls_ecp_keypair_free( eck ); 789 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 790 } 791 792 /* 793 * Is 'publickey' present? If not, or if we can't read it (eg because it 794 * is compressed), create it from the private key. 795 */ 796 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 797 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 ) 798 { 799 end2 = p + len; 800 801 if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 ) 802 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 803 804 if( p + len != end2 ) 805 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 806 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 807 808 if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 ) 809 pubkey_done = 1; 810 else 811 { 812 /* 813 * The only acceptable failure mode of pk_get_ecpubkey() above 814 * is if the point format is not recognized. 815 */ 816 if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ) 817 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 818 } 819 } 820 else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 821 { 822 mbedtls_ecp_keypair_free( eck ); 823 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 824 } 825 } 826 827 if( ! pubkey_done && 828 ( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G, 829 NULL, NULL ) ) != 0 ) 830 { 831 mbedtls_ecp_keypair_free( eck ); 832 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 833 } 834 835 if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 ) 836 { 837 mbedtls_ecp_keypair_free( eck ); 838 return( ret ); 839 } 840 841 return( 0 ); 842 } 843 #endif /* MBEDTLS_ECP_C */ 844 845 /* 846 * Parse an unencrypted PKCS#8 encoded private key 847 */ 848 static int pk_parse_key_pkcs8_unencrypted_der( 849 mbedtls_pk_context *pk, 850 const unsigned char* key, 851 size_t keylen ) 852 { 853 int ret, version; 854 size_t len; 855 mbedtls_asn1_buf params; 856 unsigned char *p = (unsigned char *) key; 857 unsigned char *end = p + keylen; 858 mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; 859 const mbedtls_pk_info_t *pk_info; 860 861 /* 862 * This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208) 863 * 864 * PrivateKeyInfo ::= SEQUENCE { 865 * version Version, 866 * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, 867 * privateKey PrivateKey, 868 * attributes [0] IMPLICIT Attributes OPTIONAL } 869 * 870 * Version ::= INTEGER 871 * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier 872 * PrivateKey ::= OCTET STRING 873 * 874 * The PrivateKey OCTET STRING is a SEC1 ECPrivateKey 875 */ 876 877 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 878 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 879 { 880 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 881 } 882 883 end = p + len; 884 885 if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) 886 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 887 888 if( version != 0 ) 889 return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret ); 890 891 if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 ) 892 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 893 894 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) 895 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 896 897 if( len < 1 ) 898 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + 899 MBEDTLS_ERR_ASN1_OUT_OF_DATA ); 900 901 if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL ) 902 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); 903 904 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ) 905 return( ret ); 906 907 #if defined(MBEDTLS_RSA_C) 908 if( pk_alg == MBEDTLS_PK_RSA ) 909 { 910 if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 ) 911 { 912 mbedtls_pk_free( pk ); 913 return( ret ); 914 } 915 } else 916 #endif /* MBEDTLS_RSA_C */ 917 #if defined(MBEDTLS_ECP_C) 918 if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH ) 919 { 920 if( ( ret = pk_use_ecparams( ¶ms, &mbedtls_pk_ec( *pk )->grp ) ) != 0 || 921 ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len ) ) != 0 ) 922 { 923 mbedtls_pk_free( pk ); 924 return( ret ); 925 } 926 } else 927 #endif /* MBEDTLS_ECP_C */ 928 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); 929 930 return( 0 ); 931 } 932 933 /* 934 * Parse an encrypted PKCS#8 encoded private key 935 */ 936 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) 937 static int pk_parse_key_pkcs8_encrypted_der( 938 mbedtls_pk_context *pk, 939 const unsigned char *key, size_t keylen, 940 const unsigned char *pwd, size_t pwdlen ) 941 { 942 int ret, decrypted = 0; 943 size_t len; 944 unsigned char buf[2048]; 945 unsigned char *p, *end; 946 mbedtls_asn1_buf pbe_alg_oid, pbe_params; 947 #if defined(MBEDTLS_PKCS12_C) 948 mbedtls_cipher_type_t cipher_alg; 949 mbedtls_md_type_t md_alg; 950 #endif 951 952 memset( buf, 0, sizeof( buf ) ); 953 954 p = (unsigned char *) key; 955 end = p + keylen; 956 957 if( pwdlen == 0 ) 958 return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); 959 960 /* 961 * This function parses the EncryptedPrivatKeyInfo object (PKCS#8) 962 * 963 * EncryptedPrivateKeyInfo ::= SEQUENCE { 964 * encryptionAlgorithm EncryptionAlgorithmIdentifier, 965 * encryptedData EncryptedData 966 * } 967 * 968 * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier 969 * 970 * EncryptedData ::= OCTET STRING 971 * 972 * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo 973 */ 974 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 975 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 976 { 977 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 978 } 979 980 end = p + len; 981 982 if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 ) 983 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 984 985 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) 986 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); 987 988 if( len > sizeof( buf ) ) 989 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 990 991 /* 992 * Decrypt EncryptedData with appropriate PDE 993 */ 994 #if defined(MBEDTLS_PKCS12_C) 995 if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 ) 996 { 997 if( ( ret = mbedtls_pkcs12_pbe( &pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, 998 cipher_alg, md_alg, 999 pwd, pwdlen, p, len, buf ) ) != 0 ) 1000 { 1001 if( ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH ) 1002 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); 1003 1004 return( ret ); 1005 } 1006 1007 decrypted = 1; 1008 } 1009 else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 ) 1010 { 1011 if( ( ret = mbedtls_pkcs12_pbe_sha1_rc4_128( &pbe_params, 1012 MBEDTLS_PKCS12_PBE_DECRYPT, 1013 pwd, pwdlen, 1014 p, len, buf ) ) != 0 ) 1015 { 1016 return( ret ); 1017 } 1018 1019 // Best guess for password mismatch when using RC4. If first tag is 1020 // not MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE 1021 // 1022 if( *buf != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) 1023 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); 1024 1025 decrypted = 1; 1026 } 1027 else 1028 #endif /* MBEDTLS_PKCS12_C */ 1029 #if defined(MBEDTLS_PKCS5_C) 1030 if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid ) == 0 ) 1031 { 1032 if( ( ret = mbedtls_pkcs5_pbes2( &pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen, 1033 p, len, buf ) ) != 0 ) 1034 { 1035 if( ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH ) 1036 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); 1037 1038 return( ret ); 1039 } 1040 1041 decrypted = 1; 1042 } 1043 else 1044 #endif /* MBEDTLS_PKCS5_C */ 1045 { 1046 ((void) pwd); 1047 } 1048 1049 if( decrypted == 0 ) 1050 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); 1051 1052 return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) ); 1053 } 1054 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ 1055 1056 /* 1057 * Parse a private key 1058 */ 1059 int mbedtls_pk_parse_key( mbedtls_pk_context *pk, 1060 const unsigned char *key, size_t keylen, 1061 const unsigned char *pwd, size_t pwdlen ) 1062 { 1063 int ret; 1064 const mbedtls_pk_info_t *pk_info; 1065 1066 #if defined(MBEDTLS_PEM_PARSE_C) 1067 size_t len; 1068 mbedtls_pem_context pem; 1069 1070 mbedtls_pem_init( &pem ); 1071 1072 #if defined(MBEDTLS_RSA_C) 1073 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 1074 if( keylen == 0 || key[keylen - 1] != '\0' ) 1075 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; 1076 else 1077 ret = mbedtls_pem_read_buffer( &pem, 1078 "-----BEGIN RSA PRIVATE KEY-----", 1079 "-----END RSA PRIVATE KEY-----", 1080 key, pwd, pwdlen, &len ); 1081 1082 if( ret == 0 ) 1083 { 1084 if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) 1085 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); 1086 1087 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || 1088 ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), 1089 pem.buf, pem.buflen ) ) != 0 ) 1090 { 1091 mbedtls_pk_free( pk ); 1092 } 1093 1094 mbedtls_pem_free( &pem ); 1095 return( ret ); 1096 } 1097 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ) 1098 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); 1099 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ) 1100 return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); 1101 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 1102 return( ret ); 1103 #endif /* MBEDTLS_RSA_C */ 1104 1105 #if defined(MBEDTLS_ECP_C) 1106 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 1107 if( keylen == 0 || key[keylen - 1] != '\0' ) 1108 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; 1109 else 1110 ret = mbedtls_pem_read_buffer( &pem, 1111 "-----BEGIN EC PRIVATE KEY-----", 1112 "-----END EC PRIVATE KEY-----", 1113 key, pwd, pwdlen, &len ); 1114 if( ret == 0 ) 1115 { 1116 if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL ) 1117 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); 1118 1119 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || 1120 ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), 1121 pem.buf, pem.buflen ) ) != 0 ) 1122 { 1123 mbedtls_pk_free( pk ); 1124 } 1125 1126 mbedtls_pem_free( &pem ); 1127 return( ret ); 1128 } 1129 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ) 1130 return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); 1131 else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ) 1132 return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); 1133 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 1134 return( ret ); 1135 #endif /* MBEDTLS_ECP_C */ 1136 1137 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 1138 if( keylen == 0 || key[keylen - 1] != '\0' ) 1139 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; 1140 else 1141 ret = mbedtls_pem_read_buffer( &pem, 1142 "-----BEGIN PRIVATE KEY-----", 1143 "-----END PRIVATE KEY-----", 1144 key, NULL, 0, &len ); 1145 if( ret == 0 ) 1146 { 1147 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, 1148 pem.buf, pem.buflen ) ) != 0 ) 1149 { 1150 mbedtls_pk_free( pk ); 1151 } 1152 1153 mbedtls_pem_free( &pem ); 1154 return( ret ); 1155 } 1156 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 1157 return( ret ); 1158 1159 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) 1160 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 1161 if( keylen == 0 || key[keylen - 1] != '\0' ) 1162 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; 1163 else 1164 ret = mbedtls_pem_read_buffer( &pem, 1165 "-----BEGIN ENCRYPTED PRIVATE KEY-----", 1166 "-----END ENCRYPTED PRIVATE KEY-----", 1167 key, NULL, 0, &len ); 1168 if( ret == 0 ) 1169 { 1170 if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, 1171 pem.buf, pem.buflen, 1172 pwd, pwdlen ) ) != 0 ) 1173 { 1174 mbedtls_pk_free( pk ); 1175 } 1176 1177 mbedtls_pem_free( &pem ); 1178 return( ret ); 1179 } 1180 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 1181 return( ret ); 1182 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ 1183 #else 1184 ((void) ret); 1185 ((void) pwd); 1186 ((void) pwdlen); 1187 #endif /* MBEDTLS_PEM_PARSE_C */ 1188 1189 /* 1190 * At this point we only know it's not a PEM formatted key. Could be any 1191 * of the known DER encoded private key formats 1192 * 1193 * We try the different DER format parsers to see if one passes without 1194 * error 1195 */ 1196 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) 1197 if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen, 1198 pwd, pwdlen ) ) == 0 ) 1199 { 1200 return( 0 ); 1201 } 1202 1203 mbedtls_pk_free( pk ); 1204 1205 if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH ) 1206 { 1207 return( ret ); 1208 } 1209 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ 1210 1211 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 ) 1212 return( 0 ); 1213 1214 mbedtls_pk_free( pk ); 1215 1216 #if defined(MBEDTLS_RSA_C) 1217 if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) 1218 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); 1219 1220 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || 1221 ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) ) == 0 ) 1222 { 1223 return( 0 ); 1224 } 1225 1226 mbedtls_pk_free( pk ); 1227 #endif /* MBEDTLS_RSA_C */ 1228 1229 #if defined(MBEDTLS_ECP_C) 1230 if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL ) 1231 return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); 1232 1233 if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || 1234 ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), key, keylen ) ) == 0 ) 1235 { 1236 return( 0 ); 1237 } 1238 1239 mbedtls_pk_free( pk ); 1240 #endif /* MBEDTLS_ECP_C */ 1241 1242 return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); 1243 } 1244 1245 /* 1246 * Parse a public key 1247 */ 1248 int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, 1249 const unsigned char *key, size_t keylen ) 1250 { 1251 int ret; 1252 unsigned char *p; 1253 #if defined(MBEDTLS_PEM_PARSE_C) 1254 size_t len; 1255 mbedtls_pem_context pem; 1256 1257 mbedtls_pem_init( &pem ); 1258 1259 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 1260 if( keylen == 0 || key[keylen - 1] != '\0' ) 1261 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; 1262 else 1263 ret = mbedtls_pem_read_buffer( &pem, 1264 "-----BEGIN PUBLIC KEY-----", 1265 "-----END PUBLIC KEY-----", 1266 key, NULL, 0, &len ); 1267 1268 if( ret == 0 ) 1269 { 1270 /* 1271 * Was PEM encoded 1272 */ 1273 key = pem.buf; 1274 keylen = pem.buflen; 1275 } 1276 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 1277 { 1278 mbedtls_pem_free( &pem ); 1279 return( ret ); 1280 } 1281 #endif /* MBEDTLS_PEM_PARSE_C */ 1282 p = (unsigned char *) key; 1283 1284 ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx ); 1285 1286 #if defined(MBEDTLS_PEM_PARSE_C) 1287 mbedtls_pem_free( &pem ); 1288 #endif 1289 1290 return( ret ); 1291 } 1292 1293 #endif /* MBEDTLS_PK_PARSE_C */ 1294