Details | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
8774 | rgimad | 1 | /* |
2 | * Public Key layer for parsing key files and structures |
||
3 | * |
||
4 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved |
||
5 | * SPDX-License-Identifier: GPL-2.0 |
||
6 | * |
||
7 | * This program is free software; you can redistribute it and/or modify |
||
8 | * it under the terms of the GNU General Public License as published by |
||
9 | * the Free Software Foundation; either version 2 of the License, or |
||
10 | * (at your option) any later version. |
||
11 | * |
||
12 | * This program is distributed in the hope that it will be useful, |
||
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
15 | * GNU General Public License for more details. |
||
16 | * |
||
17 | * You should have received a copy of the GNU General Public License along |
||
18 | * with this program; if not, write to the Free Software Foundation, Inc., |
||
19 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
||
20 | * |
||
21 | * This file is part of mbed TLS (https://tls.mbed.org) |
||
22 | */ |
||
23 | |||
24 | #if !defined(MBEDTLS_CONFIG_FILE) |
||
25 | #include "mbedtls/config.h" |
||
26 | #else |
||
27 | #include MBEDTLS_CONFIG_FILE |
||
28 | #endif |
||
29 | |||
30 | #if defined(MBEDTLS_PK_PARSE_C) |
||
31 | |||
32 | #include "mbedtls/pk.h" |
||
33 | #include "mbedtls/asn1.h" |
||
34 | #include "mbedtls/oid.h" |
||
35 | #include "mbedtls/platform_util.h" |
||
36 | |||
37 | #include |
||
38 | |||
39 | #if defined(MBEDTLS_RSA_C) |
||
40 | #include "mbedtls/rsa.h" |
||
41 | #endif |
||
42 | #if defined(MBEDTLS_ECP_C) |
||
43 | #include "mbedtls/ecp.h" |
||
44 | #endif |
||
45 | #if defined(MBEDTLS_ECDSA_C) |
||
46 | #include "mbedtls/ecdsa.h" |
||
47 | #endif |
||
48 | #if defined(MBEDTLS_PEM_PARSE_C) |
||
49 | #include "mbedtls/pem.h" |
||
50 | #endif |
||
51 | #if defined(MBEDTLS_PKCS5_C) |
||
52 | #include "mbedtls/pkcs5.h" |
||
53 | #endif |
||
54 | #if defined(MBEDTLS_PKCS12_C) |
||
55 | #include "mbedtls/pkcs12.h" |
||
56 | #endif |
||
57 | |||
58 | #if defined(MBEDTLS_PLATFORM_C) |
||
59 | #include "mbedtls/platform.h" |
||
60 | #else |
||
61 | #include |
||
62 | #define mbedtls_calloc calloc |
||
63 | #define mbedtls_free free |
||
64 | #endif |
||
65 | |||
66 | /* Parameter validation macros based on platform_util.h */ |
||
67 | #define PK_VALIDATE_RET( cond ) \ |
||
68 | MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA ) |
||
69 | #define PK_VALIDATE( cond ) \ |
||
70 | MBEDTLS_INTERNAL_VALIDATE( cond ) |
||
71 | |||
72 | #if defined(MBEDTLS_FS_IO) |
||
73 | /* |
||
74 | * Load all data from a file into a given buffer. |
||
75 | * |
||
76 | * The file is expected to contain either PEM or DER encoded data. |
||
77 | * A terminating null byte is always appended. It is included in the announced |
||
78 | * length only if the data looks like it is PEM encoded. |
||
79 | */ |
||
80 | int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ) |
||
81 | { |
||
82 | FILE *f; |
||
83 | long size; |
||
84 | |||
85 | PK_VALIDATE_RET( path != NULL ); |
||
86 | PK_VALIDATE_RET( buf != NULL ); |
||
87 | PK_VALIDATE_RET( n != NULL ); |
||
88 | |||
89 | if( ( f = fopen( path, "rb" ) ) == NULL ) |
||
90 | return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); |
||
91 | |||
92 | fseek( f, 0, SEEK_END ); |
||
93 | if( ( size = ftell( f ) ) == -1 ) |
||
94 | { |
||
95 | fclose( f ); |
||
96 | return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); |
||
97 | } |
||
98 | fseek( f, 0, SEEK_SET ); |
||
99 | |||
100 | *n = (size_t) size; |
||
101 | |||
102 | if( *n + 1 == 0 || |
||
103 | ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL ) |
||
104 | { |
||
105 | fclose( f ); |
||
106 | return( MBEDTLS_ERR_PK_ALLOC_FAILED ); |
||
107 | } |
||
108 | |||
109 | if( fread( *buf, 1, *n, f ) != *n ) |
||
110 | { |
||
111 | fclose( f ); |
||
112 | |||
113 | mbedtls_platform_zeroize( *buf, *n ); |
||
114 | mbedtls_free( *buf ); |
||
115 | |||
116 | return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); |
||
117 | } |
||
118 | |||
119 | fclose( f ); |
||
120 | |||
121 | (*buf)[*n] = '\0'; |
||
122 | |||
123 | if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL ) |
||
124 | ++*n; |
||
125 | |||
126 | return( 0 ); |
||
127 | } |
||
128 | |||
129 | /* |
||
130 | * Load and parse a private key |
||
131 | */ |
||
132 | int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, |
||
133 | const char *path, const char *pwd ) |
||
134 | { |
||
135 | int ret; |
||
136 | size_t n; |
||
137 | unsigned char *buf; |
||
138 | |||
139 | PK_VALIDATE_RET( ctx != NULL ); |
||
140 | PK_VALIDATE_RET( path != NULL ); |
||
141 | |||
142 | if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) |
||
143 | return( ret ); |
||
144 | |||
145 | if( pwd == NULL ) |
||
146 | ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 ); |
||
147 | else |
||
148 | ret = mbedtls_pk_parse_key( ctx, buf, n, |
||
149 | (const unsigned char *) pwd, strlen( pwd ) ); |
||
150 | |||
151 | mbedtls_platform_zeroize( buf, n ); |
||
152 | mbedtls_free( buf ); |
||
153 | |||
154 | return( ret ); |
||
155 | } |
||
156 | |||
157 | /* |
||
158 | * Load and parse a public key |
||
159 | */ |
||
160 | int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) |
||
161 | { |
||
162 | int ret; |
||
163 | size_t n; |
||
164 | unsigned char *buf; |
||
165 | |||
166 | PK_VALIDATE_RET( ctx != NULL ); |
||
167 | PK_VALIDATE_RET( path != NULL ); |
||
168 | |||
169 | if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) |
||
170 | return( ret ); |
||
171 | |||
172 | ret = mbedtls_pk_parse_public_key( ctx, buf, n ); |
||
173 | |||
174 | mbedtls_platform_zeroize( buf, n ); |
||
175 | mbedtls_free( buf ); |
||
176 | |||
177 | return( ret ); |
||
178 | } |
||
179 | #endif /* MBEDTLS_FS_IO */ |
||
180 | |||
181 | #if defined(MBEDTLS_ECP_C) |
||
182 | /* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf |
||
183 | * |
||
184 | * ECParameters ::= CHOICE { |
||
185 | * namedCurve OBJECT IDENTIFIER |
||
186 | * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... } |
||
187 | * -- implicitCurve NULL |
||
188 | * } |
||
189 | */ |
||
190 | static int pk_get_ecparams( unsigned char **p, const unsigned char *end, |
||
191 | mbedtls_asn1_buf *params ) |
||
192 | { |
||
193 | int ret; |
||
194 | |||
195 | if ( end - *p < 1 ) |
||
196 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + |
||
197 | MBEDTLS_ERR_ASN1_OUT_OF_DATA ); |
||
198 | |||
199 | /* Tag may be either OID or SEQUENCE */ |
||
200 | params->tag = **p; |
||
201 | if( params->tag != MBEDTLS_ASN1_OID |
||
202 | #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) |
||
203 | && params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) |
||
204 | #endif |
||
205 | ) |
||
206 | { |
||
207 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + |
||
208 | MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); |
||
209 | } |
||
210 | |||
211 | if( ( ret = mbedtls_asn1_get_tag( p, end, ¶ms->len, params->tag ) ) != 0 ) |
||
212 | { |
||
213 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
214 | } |
||
215 | |||
216 | params->p = *p; |
||
217 | *p += params->len; |
||
218 | |||
219 | if( *p != end ) |
||
220 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + |
||
221 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); |
||
222 | |||
223 | return( 0 ); |
||
224 | } |
||
225 | |||
226 | #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) |
||
227 | /* |
||
228 | * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it. |
||
229 | * WARNING: the resulting group should only be used with |
||
230 | * pk_group_id_from_specified(), since its base point may not be set correctly |
||
231 | * if it was encoded compressed. |
||
232 | * |
||
233 | * SpecifiedECDomain ::= SEQUENCE { |
||
234 | * version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...), |
||
235 | * fieldID FieldID {{FieldTypes}}, |
||
236 | * curve Curve, |
||
237 | * base ECPoint, |
||
238 | * order INTEGER, |
||
239 | * cofactor INTEGER OPTIONAL, |
||
240 | * hash HashAlgorithm OPTIONAL, |
||
241 | * ... |
||
242 | * } |
||
243 | * |
||
244 | * We only support prime-field as field type, and ignore hash and cofactor. |
||
245 | */ |
||
246 | static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp ) |
||
247 | { |
||
248 | int ret; |
||
249 | unsigned char *p = params->p; |
||
250 | const unsigned char * const end = params->p + params->len; |
||
251 | const unsigned char *end_field, *end_curve; |
||
252 | size_t len; |
||
253 | int ver; |
||
254 | |||
255 | /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */ |
||
256 | if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 ) |
||
257 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
258 | |||
259 | if( ver < 1 || ver > 3 ) |
||
260 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); |
||
261 | |||
262 | /* |
||
263 | * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field |
||
264 | * fieldType FIELD-ID.&id({IOSet}), |
||
265 | * parameters FIELD-ID.&Type({IOSet}{@fieldType}) |
||
266 | * } |
||
267 | */ |
||
268 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, |
||
269 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) |
||
270 | return( ret ); |
||
271 | |||
272 | end_field = p + len; |
||
273 | |||
274 | /* |
||
275 | * FIELD-ID ::= TYPE-IDENTIFIER |
||
276 | * FieldTypes FIELD-ID ::= { |
||
277 | * { Prime-p IDENTIFIED BY prime-field } | |
||
278 | * { Characteristic-two IDENTIFIED BY characteristic-two-field } |
||
279 | * } |
||
280 | * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 } |
||
281 | */ |
||
282 | if( ( ret = mbedtls_asn1_get_tag( &p, end_field, &len, MBEDTLS_ASN1_OID ) ) != 0 ) |
||
283 | return( ret ); |
||
284 | |||
285 | if( len != MBEDTLS_OID_SIZE( MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD ) || |
||
286 | memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 ) |
||
287 | { |
||
288 | return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); |
||
289 | } |
||
290 | |||
291 | p += len; |
||
292 | |||
293 | /* Prime-p ::= INTEGER -- Field of size p. */ |
||
294 | if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 ) |
||
295 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
296 | |||
297 | grp->pbits = mbedtls_mpi_bitlen( &grp->P ); |
||
298 | |||
299 | if( p != end_field ) |
||
300 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + |
||
301 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); |
||
302 | |||
303 | /* |
||
304 | * Curve ::= SEQUENCE { |
||
305 | * a FieldElement, |
||
306 | * b FieldElement, |
||
307 | * seed BIT STRING OPTIONAL |
||
308 | * -- Shall be present if used in SpecifiedECDomain |
||
309 | * -- with version equal to ecdpVer2 or ecdpVer3 |
||
310 | * } |
||
311 | */ |
||
312 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, |
||
313 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) |
||
314 | return( ret ); |
||
315 | |||
316 | end_curve = p + len; |
||
317 | |||
318 | /* |
||
319 | * FieldElement ::= OCTET STRING |
||
320 | * containing an integer in the case of a prime field |
||
321 | */ |
||
322 | if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 || |
||
323 | ( ret = mbedtls_mpi_read_binary( &grp->A, p, len ) ) != 0 ) |
||
324 | { |
||
325 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
326 | } |
||
327 | |||
328 | p += len; |
||
329 | |||
330 | if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 || |
||
331 | ( ret = mbedtls_mpi_read_binary( &grp->B, p, len ) ) != 0 ) |
||
332 | { |
||
333 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
334 | } |
||
335 | |||
336 | p += len; |
||
337 | |||
338 | /* Ignore seed BIT STRING OPTIONAL */ |
||
339 | if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING ) ) == 0 ) |
||
340 | p += len; |
||
341 | |||
342 | if( p != end_curve ) |
||
343 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + |
||
344 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); |
||
345 | |||
346 | /* |
||
347 | * ECPoint ::= OCTET STRING |
||
348 | */ |
||
349 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) |
||
350 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
351 | |||
352 | if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G, |
||
353 | ( const unsigned char *) p, len ) ) != 0 ) |
||
354 | { |
||
355 | /* |
||
356 | * If we can't read the point because it's compressed, cheat by |
||
357 | * reading only the X coordinate and the parity bit of Y. |
||
358 | */ |
||
359 | if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE || |
||
360 | ( p[0] != 0x02 && p[0] != 0x03 ) || |
||
361 | len != mbedtls_mpi_size( &grp->P ) + 1 || |
||
362 | mbedtls_mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 || |
||
363 | mbedtls_mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 || |
||
364 | mbedtls_mpi_lset( &grp->G.Z, 1 ) != 0 ) |
||
365 | { |
||
366 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); |
||
367 | } |
||
368 | } |
||
369 | |||
370 | p += len; |
||
371 | |||
372 | /* |
||
373 | * order INTEGER |
||
374 | */ |
||
375 | if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 ) |
||
376 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
377 | |||
378 | grp->nbits = mbedtls_mpi_bitlen( &grp->N ); |
||
379 | |||
380 | /* |
||
381 | * Allow optional elements by purposefully not enforcing p == end here. |
||
382 | */ |
||
383 | |||
384 | return( 0 ); |
||
385 | } |
||
386 | |||
387 | /* |
||
388 | * Find the group id associated with an (almost filled) group as generated by |
||
389 | * pk_group_from_specified(), or return an error if unknown. |
||
390 | */ |
||
391 | static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id ) |
||
392 | { |
||
393 | int ret = 0; |
||
394 | mbedtls_ecp_group ref; |
||
395 | const mbedtls_ecp_group_id *id; |
||
396 | |||
397 | mbedtls_ecp_group_init( &ref ); |
||
398 | |||
399 | for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ ) |
||
400 | { |
||
401 | /* Load the group associated to that id */ |
||
402 | mbedtls_ecp_group_free( &ref ); |
||
403 | MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ref, *id ) ); |
||
404 | |||
405 | /* Compare to the group we were given, starting with easy tests */ |
||
406 | if( grp->pbits == ref.pbits && grp->nbits == ref.nbits && |
||
407 | mbedtls_mpi_cmp_mpi( &grp->P, &ref.P ) == 0 && |
||
408 | mbedtls_mpi_cmp_mpi( &grp->A, &ref.A ) == 0 && |
||
409 | mbedtls_mpi_cmp_mpi( &grp->B, &ref.B ) == 0 && |
||
410 | mbedtls_mpi_cmp_mpi( &grp->N, &ref.N ) == 0 && |
||
411 | mbedtls_mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 && |
||
412 | mbedtls_mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 && |
||
413 | /* For Y we may only know the parity bit, so compare only that */ |
||
414 | mbedtls_mpi_get_bit( &grp->G.Y, 0 ) == mbedtls_mpi_get_bit( &ref.G.Y, 0 ) ) |
||
415 | { |
||
416 | break; |
||
417 | } |
||
418 | |||
419 | } |
||
420 | |||
421 | cleanup: |
||
422 | mbedtls_ecp_group_free( &ref ); |
||
423 | |||
424 | *grp_id = *id; |
||
425 | |||
426 | if( ret == 0 && *id == MBEDTLS_ECP_DP_NONE ) |
||
427 | ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; |
||
428 | |||
429 | return( ret ); |
||
430 | } |
||
431 | |||
432 | /* |
||
433 | * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID |
||
434 | */ |
||
435 | static int pk_group_id_from_specified( const mbedtls_asn1_buf *params, |
||
436 | mbedtls_ecp_group_id *grp_id ) |
||
437 | { |
||
438 | int ret; |
||
439 | mbedtls_ecp_group grp; |
||
440 | |||
441 | mbedtls_ecp_group_init( &grp ); |
||
442 | |||
443 | if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 ) |
||
444 | goto cleanup; |
||
445 | |||
446 | ret = pk_group_id_from_group( &grp, grp_id ); |
||
447 | |||
448 | cleanup: |
||
449 | mbedtls_ecp_group_free( &grp ); |
||
450 | |||
451 | return( ret ); |
||
452 | } |
||
453 | #endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */ |
||
454 | |||
455 | /* |
||
456 | * Use EC parameters to initialise an EC group |
||
457 | * |
||
458 | * ECParameters ::= CHOICE { |
||
459 | * namedCurve OBJECT IDENTIFIER |
||
460 | * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... } |
||
461 | * -- implicitCurve NULL |
||
462 | */ |
||
463 | static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp ) |
||
464 | { |
||
465 | int ret; |
||
466 | mbedtls_ecp_group_id grp_id; |
||
467 | |||
468 | if( params->tag == MBEDTLS_ASN1_OID ) |
||
469 | { |
||
470 | if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 ) |
||
471 | return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE ); |
||
472 | } |
||
473 | else |
||
474 | { |
||
475 | #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) |
||
476 | if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 ) |
||
477 | return( ret ); |
||
478 | #else |
||
479 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); |
||
480 | #endif |
||
481 | } |
||
482 | |||
483 | /* |
||
484 | * grp may already be initilialized; if so, make sure IDs match |
||
485 | */ |
||
486 | if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id ) |
||
487 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); |
||
488 | |||
489 | if( ( ret = mbedtls_ecp_group_load( grp, grp_id ) ) != 0 ) |
||
490 | return( ret ); |
||
491 | |||
492 | return( 0 ); |
||
493 | } |
||
494 | |||
495 | /* |
||
496 | * EC public key is an EC point |
||
497 | * |
||
498 | * The caller is responsible for clearing the structure upon failure if |
||
499 | * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE |
||
500 | * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state. |
||
501 | */ |
||
502 | static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end, |
||
503 | mbedtls_ecp_keypair *key ) |
||
504 | { |
||
505 | int ret; |
||
506 | |||
507 | if( ( ret = mbedtls_ecp_point_read_binary( &key->grp, &key->Q, |
||
508 | (const unsigned char *) *p, end - *p ) ) == 0 ) |
||
509 | { |
||
510 | ret = mbedtls_ecp_check_pubkey( &key->grp, &key->Q ); |
||
511 | } |
||
512 | |||
513 | /* |
||
514 | * We know mbedtls_ecp_point_read_binary consumed all bytes or failed |
||
515 | */ |
||
516 | *p = (unsigned char *) end; |
||
517 | |||
518 | return( ret ); |
||
519 | } |
||
520 | #endif /* MBEDTLS_ECP_C */ |
||
521 | |||
522 | #if defined(MBEDTLS_RSA_C) |
||
523 | /* |
||
524 | * RSAPublicKey ::= SEQUENCE { |
||
525 | * modulus INTEGER, -- n |
||
526 | * publicExponent INTEGER -- e |
||
527 | * } |
||
528 | */ |
||
529 | static int pk_get_rsapubkey( unsigned char **p, |
||
530 | const unsigned char *end, |
||
531 | mbedtls_rsa_context *rsa ) |
||
532 | { |
||
533 | int ret; |
||
534 | size_t len; |
||
535 | |||
536 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len, |
||
537 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) |
||
538 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); |
||
539 | |||
540 | if( *p + len != end ) |
||
541 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY + |
||
542 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); |
||
543 | |||
544 | /* Import N */ |
||
545 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) |
||
546 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); |
||
547 | |||
548 | if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0, |
||
549 | NULL, 0, NULL, 0 ) ) != 0 ) |
||
550 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); |
||
551 | |||
552 | *p += len; |
||
553 | |||
554 | /* Import E */ |
||
555 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) |
||
556 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); |
||
557 | |||
558 | if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0, |
||
559 | NULL, 0, *p, len ) ) != 0 ) |
||
560 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); |
||
561 | |||
562 | *p += len; |
||
563 | |||
564 | if( mbedtls_rsa_complete( rsa ) != 0 || |
||
565 | mbedtls_rsa_check_pubkey( rsa ) != 0 ) |
||
566 | { |
||
567 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); |
||
568 | } |
||
569 | |||
570 | if( *p != end ) |
||
571 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY + |
||
572 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); |
||
573 | |||
574 | return( 0 ); |
||
575 | } |
||
576 | #endif /* MBEDTLS_RSA_C */ |
||
577 | |||
578 | /* Get a PK algorithm identifier |
||
579 | * |
||
580 | * AlgorithmIdentifier ::= SEQUENCE { |
||
581 | * algorithm OBJECT IDENTIFIER, |
||
582 | * parameters ANY DEFINED BY algorithm OPTIONAL } |
||
583 | */ |
||
584 | static int pk_get_pk_alg( unsigned char **p, |
||
585 | const unsigned char *end, |
||
586 | mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params ) |
||
587 | { |
||
588 | int ret; |
||
589 | mbedtls_asn1_buf alg_oid; |
||
590 | |||
591 | memset( params, 0, sizeof(mbedtls_asn1_buf) ); |
||
592 | |||
593 | if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 ) |
||
594 | return( MBEDTLS_ERR_PK_INVALID_ALG + ret ); |
||
595 | |||
596 | if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 ) |
||
597 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); |
||
598 | |||
599 | /* |
||
600 | * No parameters with RSA (only for EC) |
||
601 | */ |
||
602 | if( *pk_alg == MBEDTLS_PK_RSA && |
||
603 | ( ( params->tag != MBEDTLS_ASN1_NULL && params->tag != 0 ) || |
||
604 | params->len != 0 ) ) |
||
605 | { |
||
606 | return( MBEDTLS_ERR_PK_INVALID_ALG ); |
||
607 | } |
||
608 | |||
609 | return( 0 ); |
||
610 | } |
||
611 | |||
612 | /* |
||
613 | * SubjectPublicKeyInfo ::= SEQUENCE { |
||
614 | * algorithm AlgorithmIdentifier, |
||
615 | * subjectPublicKey BIT STRING } |
||
616 | */ |
||
617 | int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, |
||
618 | mbedtls_pk_context *pk ) |
||
619 | { |
||
620 | int ret; |
||
621 | size_t len; |
||
622 | mbedtls_asn1_buf alg_params; |
||
623 | mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; |
||
624 | const mbedtls_pk_info_t *pk_info; |
||
625 | |||
626 | PK_VALIDATE_RET( p != NULL ); |
||
627 | PK_VALIDATE_RET( *p != NULL ); |
||
628 | PK_VALIDATE_RET( end != NULL ); |
||
629 | PK_VALIDATE_RET( pk != NULL ); |
||
630 | |||
631 | if( ( ret = mbedtls_asn1_get_tag( p, end, &len, |
||
632 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) |
||
633 | { |
||
634 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
635 | } |
||
636 | |||
637 | end = *p + len; |
||
638 | |||
639 | if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 ) |
||
640 | return( ret ); |
||
641 | |||
642 | if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 ) |
||
643 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); |
||
644 | |||
645 | if( *p + len != end ) |
||
646 | return( MBEDTLS_ERR_PK_INVALID_PUBKEY + |
||
647 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); |
||
648 | |||
649 | if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL ) |
||
650 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); |
||
651 | |||
652 | if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ) |
||
653 | return( ret ); |
||
654 | |||
655 | #if defined(MBEDTLS_RSA_C) |
||
656 | if( pk_alg == MBEDTLS_PK_RSA ) |
||
657 | { |
||
658 | ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) ); |
||
659 | } else |
||
660 | #endif /* MBEDTLS_RSA_C */ |
||
661 | #if defined(MBEDTLS_ECP_C) |
||
662 | if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY ) |
||
663 | { |
||
664 | ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp ); |
||
665 | if( ret == 0 ) |
||
666 | ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) ); |
||
667 | } else |
||
668 | #endif /* MBEDTLS_ECP_C */ |
||
669 | ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; |
||
670 | |||
671 | if( ret == 0 && *p != end ) |
||
672 | ret = MBEDTLS_ERR_PK_INVALID_PUBKEY |
||
673 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; |
||
674 | |||
675 | if( ret != 0 ) |
||
676 | mbedtls_pk_free( pk ); |
||
677 | |||
678 | return( ret ); |
||
679 | } |
||
680 | |||
681 | #if defined(MBEDTLS_RSA_C) |
||
682 | /* |
||
683 | * Wrapper around mbedtls_asn1_get_mpi() that rejects zero. |
||
684 | * |
||
685 | * The value zero is: |
||
686 | * - never a valid value for an RSA parameter |
||
687 | * - interpreted as "omitted, please reconstruct" by mbedtls_rsa_complete(). |
||
688 | * |
||
689 | * Since values can't be omitted in PKCS#1, passing a zero value to |
||
690 | * rsa_complete() would be incorrect, so reject zero values early. |
||
691 | */ |
||
692 | static int asn1_get_nonzero_mpi( unsigned char **p, |
||
693 | const unsigned char *end, |
||
694 | mbedtls_mpi *X ) |
||
695 | { |
||
696 | int ret; |
||
697 | |||
698 | ret = mbedtls_asn1_get_mpi( p, end, X ); |
||
699 | if( ret != 0 ) |
||
700 | return( ret ); |
||
701 | |||
702 | if( mbedtls_mpi_cmp_int( X, 0 ) == 0 ) |
||
703 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); |
||
704 | |||
705 | return( 0 ); |
||
706 | } |
||
707 | |||
708 | /* |
||
709 | * Parse a PKCS#1 encoded private RSA key |
||
710 | */ |
||
711 | static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, |
||
712 | const unsigned char *key, |
||
713 | size_t keylen ) |
||
714 | { |
||
715 | int ret, version; |
||
716 | size_t len; |
||
717 | unsigned char *p, *end; |
||
718 | |||
719 | mbedtls_mpi T; |
||
720 | mbedtls_mpi_init( &T ); |
||
721 | |||
722 | p = (unsigned char *) key; |
||
723 | end = p + keylen; |
||
724 | |||
725 | /* |
||
726 | * This function parses the RSAPrivateKey (PKCS#1) |
||
727 | * |
||
728 | * RSAPrivateKey ::= SEQUENCE { |
||
729 | * version Version, |
||
730 | * modulus INTEGER, -- n |
||
731 | * publicExponent INTEGER, -- e |
||
732 | * privateExponent INTEGER, -- d |
||
733 | * prime1 INTEGER, -- p |
||
734 | * prime2 INTEGER, -- q |
||
735 | * exponent1 INTEGER, -- d mod (p-1) |
||
736 | * exponent2 INTEGER, -- d mod (q-1) |
||
737 | * coefficient INTEGER, -- (inverse of q) mod p |
||
738 | * otherPrimeInfos OtherPrimeInfos OPTIONAL |
||
739 | * } |
||
740 | */ |
||
741 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, |
||
742 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) |
||
743 | { |
||
744 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
745 | } |
||
746 | |||
747 | end = p + len; |
||
748 | |||
749 | if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) |
||
750 | { |
||
751 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
752 | } |
||
753 | |||
754 | if( version != 0 ) |
||
755 | { |
||
756 | return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); |
||
757 | } |
||
758 | |||
759 | /* Import N */ |
||
760 | if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || |
||
761 | ( ret = mbedtls_rsa_import( rsa, &T, NULL, NULL, |
||
762 | NULL, NULL ) ) != 0 ) |
||
763 | goto cleanup; |
||
764 | |||
765 | /* Import E */ |
||
766 | if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || |
||
767 | ( ret = mbedtls_rsa_import( rsa, NULL, NULL, NULL, |
||
768 | NULL, &T ) ) != 0 ) |
||
769 | goto cleanup; |
||
770 | |||
771 | /* Import D */ |
||
772 | if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || |
||
773 | ( ret = mbedtls_rsa_import( rsa, NULL, NULL, NULL, |
||
774 | &T, NULL ) ) != 0 ) |
||
775 | goto cleanup; |
||
776 | |||
777 | /* Import P */ |
||
778 | if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || |
||
779 | ( ret = mbedtls_rsa_import( rsa, NULL, &T, NULL, |
||
780 | NULL, NULL ) ) != 0 ) |
||
781 | goto cleanup; |
||
782 | |||
783 | /* Import Q */ |
||
784 | if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || |
||
785 | ( ret = mbedtls_rsa_import( rsa, NULL, NULL, &T, |
||
786 | NULL, NULL ) ) != 0 ) |
||
787 | goto cleanup; |
||
788 | |||
789 | #if !defined(MBEDTLS_RSA_NO_CRT) && !defined(MBEDTLS_RSA_ALT) |
||
790 | /* |
||
791 | * The RSA CRT parameters DP, DQ and QP are nominally redundant, in |
||
792 | * that they can be easily recomputed from D, P and Q. However by |
||
793 | * parsing them from the PKCS1 structure it is possible to avoid |
||
794 | * recalculating them which both reduces the overhead of loading |
||
795 | * RSA private keys into memory and also avoids side channels which |
||
796 | * can arise when computing those values, since all of D, P, and Q |
||
797 | * are secret. See https://eprint.iacr.org/2020/055 for a |
||
798 | * description of one such attack. |
||
799 | */ |
||
800 | |||
801 | /* Import DP */ |
||
802 | if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || |
||
803 | ( ret = mbedtls_mpi_copy( &rsa->DP, &T ) ) != 0 ) |
||
804 | goto cleanup; |
||
805 | |||
806 | /* Import DQ */ |
||
807 | if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || |
||
808 | ( ret = mbedtls_mpi_copy( &rsa->DQ, &T ) ) != 0 ) |
||
809 | goto cleanup; |
||
810 | |||
811 | /* Import QP */ |
||
812 | if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || |
||
813 | ( ret = mbedtls_mpi_copy( &rsa->QP, &T ) ) != 0 ) |
||
814 | goto cleanup; |
||
815 | |||
816 | #else |
||
817 | /* Verify existance of the CRT params */ |
||
818 | if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || |
||
819 | ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || |
||
820 | ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ) |
||
821 | goto cleanup; |
||
822 | #endif |
||
823 | |||
824 | /* rsa_complete() doesn't complete anything with the default |
||
825 | * implementation but is still called: |
||
826 | * - for the benefit of alternative implementation that may want to |
||
827 | * pre-compute stuff beyond what's provided (eg Montgomery factors) |
||
828 | * - as is also sanity-checks the key |
||
829 | * |
||
830 | * Furthermore, we also check the public part for consistency with |
||
831 | * mbedtls_pk_parse_pubkey(), as it includes size minima for example. |
||
832 | */ |
||
833 | if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 || |
||
834 | ( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 ) |
||
835 | { |
||
836 | goto cleanup; |
||
837 | } |
||
838 | |||
839 | if( p != end ) |
||
840 | { |
||
841 | ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + |
||
842 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ; |
||
843 | } |
||
844 | |||
845 | cleanup: |
||
846 | |||
847 | mbedtls_mpi_free( &T ); |
||
848 | |||
849 | if( ret != 0 ) |
||
850 | { |
||
851 | /* Wrap error code if it's coming from a lower level */ |
||
852 | if( ( ret & 0xff80 ) == 0 ) |
||
853 | ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret; |
||
854 | else |
||
855 | ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; |
||
856 | |||
857 | mbedtls_rsa_free( rsa ); |
||
858 | } |
||
859 | |||
860 | return( ret ); |
||
861 | } |
||
862 | #endif /* MBEDTLS_RSA_C */ |
||
863 | |||
864 | #if defined(MBEDTLS_ECP_C) |
||
865 | /* |
||
866 | * Parse a SEC1 encoded private EC key |
||
867 | */ |
||
868 | static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, |
||
869 | const unsigned char *key, |
||
870 | size_t keylen ) |
||
871 | { |
||
872 | int ret; |
||
873 | int version, pubkey_done; |
||
874 | size_t len; |
||
875 | mbedtls_asn1_buf params; |
||
876 | unsigned char *p = (unsigned char *) key; |
||
877 | unsigned char *end = p + keylen; |
||
878 | unsigned char *end2; |
||
879 | |||
880 | /* |
||
881 | * RFC 5915, or SEC1 Appendix C.4 |
||
882 | * |
||
883 | * ECPrivateKey ::= SEQUENCE { |
||
884 | * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), |
||
885 | * privateKey OCTET STRING, |
||
886 | * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, |
||
887 | * publicKey [1] BIT STRING OPTIONAL |
||
888 | * } |
||
889 | */ |
||
890 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, |
||
891 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) |
||
892 | { |
||
893 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
894 | } |
||
895 | |||
896 | end = p + len; |
||
897 | |||
898 | if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) |
||
899 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
900 | |||
901 | if( version != 1 ) |
||
902 | return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); |
||
903 | |||
904 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) |
||
905 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
906 | |||
907 | if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 ) |
||
908 | { |
||
909 | mbedtls_ecp_keypair_free( eck ); |
||
910 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
911 | } |
||
912 | |||
913 | p += len; |
||
914 | |||
915 | pubkey_done = 0; |
||
916 | if( p != end ) |
||
917 | { |
||
918 | /* |
||
919 | * Is 'parameters' present? |
||
920 | */ |
||
921 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, |
||
922 | MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 ) |
||
923 | { |
||
924 | if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 || |
||
925 | ( ret = pk_use_ecparams( ¶ms, &eck->grp ) ) != 0 ) |
||
926 | { |
||
927 | mbedtls_ecp_keypair_free( eck ); |
||
928 | return( ret ); |
||
929 | } |
||
930 | } |
||
931 | else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) |
||
932 | { |
||
933 | mbedtls_ecp_keypair_free( eck ); |
||
934 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
935 | } |
||
936 | } |
||
937 | |||
938 | if( p != end ) |
||
939 | { |
||
940 | /* |
||
941 | * Is 'publickey' present? If not, or if we can't read it (eg because it |
||
942 | * is compressed), create it from the private key. |
||
943 | */ |
||
944 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, |
||
945 | MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 ) |
||
946 | { |
||
947 | end2 = p + len; |
||
948 | |||
949 | if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 ) |
||
950 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
951 | |||
952 | if( p + len != end2 ) |
||
953 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + |
||
954 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); |
||
955 | |||
956 | if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 ) |
||
957 | pubkey_done = 1; |
||
958 | else |
||
959 | { |
||
960 | /* |
||
961 | * The only acceptable failure mode of pk_get_ecpubkey() above |
||
962 | * is if the point format is not recognized. |
||
963 | */ |
||
964 | if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ) |
||
965 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); |
||
966 | } |
||
967 | } |
||
968 | else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) |
||
969 | { |
||
970 | mbedtls_ecp_keypair_free( eck ); |
||
971 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
972 | } |
||
973 | } |
||
974 | |||
975 | if( ! pubkey_done && |
||
976 | ( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G, |
||
977 | NULL, NULL ) ) != 0 ) |
||
978 | { |
||
979 | mbedtls_ecp_keypair_free( eck ); |
||
980 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
981 | } |
||
982 | |||
983 | if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 ) |
||
984 | { |
||
985 | mbedtls_ecp_keypair_free( eck ); |
||
986 | return( ret ); |
||
987 | } |
||
988 | |||
989 | return( 0 ); |
||
990 | } |
||
991 | #endif /* MBEDTLS_ECP_C */ |
||
992 | |||
993 | /* |
||
994 | * Parse an unencrypted PKCS#8 encoded private key |
||
995 | * |
||
996 | * Notes: |
||
997 | * |
||
998 | * - This function does not own the key buffer. It is the |
||
999 | * responsibility of the caller to take care of zeroizing |
||
1000 | * and freeing it after use. |
||
1001 | * |
||
1002 | * - The function is responsible for freeing the provided |
||
1003 | * PK context on failure. |
||
1004 | * |
||
1005 | */ |
||
1006 | static int pk_parse_key_pkcs8_unencrypted_der( |
||
1007 | mbedtls_pk_context *pk, |
||
1008 | const unsigned char* key, |
||
1009 | size_t keylen ) |
||
1010 | { |
||
1011 | int ret, version; |
||
1012 | size_t len; |
||
1013 | mbedtls_asn1_buf params; |
||
1014 | unsigned char *p = (unsigned char *) key; |
||
1015 | unsigned char *end = p + keylen; |
||
1016 | mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; |
||
1017 | const mbedtls_pk_info_t *pk_info; |
||
1018 | |||
1019 | /* |
||
1020 | * This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208) |
||
1021 | * |
||
1022 | * PrivateKeyInfo ::= SEQUENCE { |
||
1023 | * version Version, |
||
1024 | * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, |
||
1025 | * privateKey PrivateKey, |
||
1026 | * attributes [0] IMPLICIT Attributes OPTIONAL } |
||
1027 | * |
||
1028 | * Version ::= INTEGER |
||
1029 | * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier |
||
1030 | * PrivateKey ::= OCTET STRING |
||
1031 | * |
||
1032 | * The PrivateKey OCTET STRING is a SEC1 ECPrivateKey |
||
1033 | */ |
||
1034 | |||
1035 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, |
||
1036 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) |
||
1037 | { |
||
1038 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
1039 | } |
||
1040 | |||
1041 | end = p + len; |
||
1042 | |||
1043 | if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) |
||
1044 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
1045 | |||
1046 | if( version != 0 ) |
||
1047 | return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret ); |
||
1048 | |||
1049 | if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 ) |
||
1050 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
1051 | |||
1052 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) |
||
1053 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
1054 | |||
1055 | if( len < 1 ) |
||
1056 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + |
||
1057 | MBEDTLS_ERR_ASN1_OUT_OF_DATA ); |
||
1058 | |||
1059 | if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL ) |
||
1060 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); |
||
1061 | |||
1062 | if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ) |
||
1063 | return( ret ); |
||
1064 | |||
1065 | #if defined(MBEDTLS_RSA_C) |
||
1066 | if( pk_alg == MBEDTLS_PK_RSA ) |
||
1067 | { |
||
1068 | if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 ) |
||
1069 | { |
||
1070 | mbedtls_pk_free( pk ); |
||
1071 | return( ret ); |
||
1072 | } |
||
1073 | } else |
||
1074 | #endif /* MBEDTLS_RSA_C */ |
||
1075 | #if defined(MBEDTLS_ECP_C) |
||
1076 | if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH ) |
||
1077 | { |
||
1078 | if( ( ret = pk_use_ecparams( ¶ms, &mbedtls_pk_ec( *pk )->grp ) ) != 0 || |
||
1079 | ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len ) ) != 0 ) |
||
1080 | { |
||
1081 | mbedtls_pk_free( pk ); |
||
1082 | return( ret ); |
||
1083 | } |
||
1084 | } else |
||
1085 | #endif /* MBEDTLS_ECP_C */ |
||
1086 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); |
||
1087 | |||
1088 | return( 0 ); |
||
1089 | } |
||
1090 | |||
1091 | /* |
||
1092 | * Parse an encrypted PKCS#8 encoded private key |
||
1093 | * |
||
1094 | * To save space, the decryption happens in-place on the given key buffer. |
||
1095 | * Also, while this function may modify the keybuffer, it doesn't own it, |
||
1096 | * and instead it is the responsibility of the caller to zeroize and properly |
||
1097 | * free it after use. |
||
1098 | * |
||
1099 | */ |
||
1100 | #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) |
||
1101 | static int pk_parse_key_pkcs8_encrypted_der( |
||
1102 | mbedtls_pk_context *pk, |
||
1103 | unsigned char *key, size_t keylen, |
||
1104 | const unsigned char *pwd, size_t pwdlen ) |
||
1105 | { |
||
1106 | int ret, decrypted = 0; |
||
1107 | size_t len; |
||
1108 | unsigned char *buf; |
||
1109 | unsigned char *p, *end; |
||
1110 | mbedtls_asn1_buf pbe_alg_oid, pbe_params; |
||
1111 | #if defined(MBEDTLS_PKCS12_C) |
||
1112 | mbedtls_cipher_type_t cipher_alg; |
||
1113 | mbedtls_md_type_t md_alg; |
||
1114 | #endif |
||
1115 | |||
1116 | p = key; |
||
1117 | end = p + keylen; |
||
1118 | |||
1119 | if( pwdlen == 0 ) |
||
1120 | return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); |
||
1121 | |||
1122 | /* |
||
1123 | * This function parses the EncryptedPrivateKeyInfo object (PKCS#8) |
||
1124 | * |
||
1125 | * EncryptedPrivateKeyInfo ::= SEQUENCE { |
||
1126 | * encryptionAlgorithm EncryptionAlgorithmIdentifier, |
||
1127 | * encryptedData EncryptedData |
||
1128 | * } |
||
1129 | * |
||
1130 | * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier |
||
1131 | * |
||
1132 | * EncryptedData ::= OCTET STRING |
||
1133 | * |
||
1134 | * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo |
||
1135 | * |
||
1136 | */ |
||
1137 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, |
||
1138 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) |
||
1139 | { |
||
1140 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
1141 | } |
||
1142 | |||
1143 | end = p + len; |
||
1144 | |||
1145 | if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 ) |
||
1146 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
1147 | |||
1148 | if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) |
||
1149 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); |
||
1150 | |||
1151 | buf = p; |
||
1152 | |||
1153 | /* |
||
1154 | * Decrypt EncryptedData with appropriate PBE |
||
1155 | */ |
||
1156 | #if defined(MBEDTLS_PKCS12_C) |
||
1157 | if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 ) |
||
1158 | { |
||
1159 | if( ( ret = mbedtls_pkcs12_pbe( &pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, |
||
1160 | cipher_alg, md_alg, |
||
1161 | pwd, pwdlen, p, len, buf ) ) != 0 ) |
||
1162 | { |
||
1163 | if( ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH ) |
||
1164 | return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); |
||
1165 | |||
1166 | return( ret ); |
||
1167 | } |
||
1168 | |||
1169 | decrypted = 1; |
||
1170 | } |
||
1171 | else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 ) |
||
1172 | { |
||
1173 | if( ( ret = mbedtls_pkcs12_pbe_sha1_rc4_128( &pbe_params, |
||
1174 | MBEDTLS_PKCS12_PBE_DECRYPT, |
||
1175 | pwd, pwdlen, |
||
1176 | p, len, buf ) ) != 0 ) |
||
1177 | { |
||
1178 | return( ret ); |
||
1179 | } |
||
1180 | |||
1181 | // Best guess for password mismatch when using RC4. If first tag is |
||
1182 | // not MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE |
||
1183 | // |
||
1184 | if( *buf != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) |
||
1185 | return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); |
||
1186 | |||
1187 | decrypted = 1; |
||
1188 | } |
||
1189 | else |
||
1190 | #endif /* MBEDTLS_PKCS12_C */ |
||
1191 | #if defined(MBEDTLS_PKCS5_C) |
||
1192 | if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid ) == 0 ) |
||
1193 | { |
||
1194 | if( ( ret = mbedtls_pkcs5_pbes2( &pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen, |
||
1195 | p, len, buf ) ) != 0 ) |
||
1196 | { |
||
1197 | if( ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH ) |
||
1198 | return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); |
||
1199 | |||
1200 | return( ret ); |
||
1201 | } |
||
1202 | |||
1203 | decrypted = 1; |
||
1204 | } |
||
1205 | else |
||
1206 | #endif /* MBEDTLS_PKCS5_C */ |
||
1207 | { |
||
1208 | ((void) pwd); |
||
1209 | } |
||
1210 | |||
1211 | if( decrypted == 0 ) |
||
1212 | return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); |
||
1213 | |||
1214 | return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) ); |
||
1215 | } |
||
1216 | #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ |
||
1217 | |||
1218 | /* |
||
1219 | * Parse a private key |
||
1220 | */ |
||
1221 | int mbedtls_pk_parse_key( mbedtls_pk_context *pk, |
||
1222 | const unsigned char *key, size_t keylen, |
||
1223 | const unsigned char *pwd, size_t pwdlen ) |
||
1224 | { |
||
1225 | int ret; |
||
1226 | const mbedtls_pk_info_t *pk_info; |
||
1227 | #if defined(MBEDTLS_PEM_PARSE_C) |
||
1228 | size_t len; |
||
1229 | mbedtls_pem_context pem; |
||
1230 | #endif |
||
1231 | |||
1232 | PK_VALIDATE_RET( pk != NULL ); |
||
1233 | if( keylen == 0 ) |
||
1234 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); |
||
1235 | PK_VALIDATE_RET( key != NULL ); |
||
1236 | |||
1237 | #if defined(MBEDTLS_PEM_PARSE_C) |
||
1238 | mbedtls_pem_init( &pem ); |
||
1239 | |||
1240 | #if defined(MBEDTLS_RSA_C) |
||
1241 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ |
||
1242 | if( key[keylen - 1] != '\0' ) |
||
1243 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; |
||
1244 | else |
||
1245 | ret = mbedtls_pem_read_buffer( &pem, |
||
1246 | "-----BEGIN RSA PRIVATE KEY-----", |
||
1247 | "-----END RSA PRIVATE KEY-----", |
||
1248 | key, pwd, pwdlen, &len ); |
||
1249 | |||
1250 | if( ret == 0 ) |
||
1251 | { |
||
1252 | pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ); |
||
1253 | if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || |
||
1254 | ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), |
||
1255 | pem.buf, pem.buflen ) ) != 0 ) |
||
1256 | { |
||
1257 | mbedtls_pk_free( pk ); |
||
1258 | } |
||
1259 | |||
1260 | mbedtls_pem_free( &pem ); |
||
1261 | return( ret ); |
||
1262 | } |
||
1263 | else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ) |
||
1264 | return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); |
||
1265 | else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ) |
||
1266 | return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); |
||
1267 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) |
||
1268 | return( ret ); |
||
1269 | #endif /* MBEDTLS_RSA_C */ |
||
1270 | |||
1271 | #if defined(MBEDTLS_ECP_C) |
||
1272 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ |
||
1273 | if( key[keylen - 1] != '\0' ) |
||
1274 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; |
||
1275 | else |
||
1276 | ret = mbedtls_pem_read_buffer( &pem, |
||
1277 | "-----BEGIN EC PRIVATE KEY-----", |
||
1278 | "-----END EC PRIVATE KEY-----", |
||
1279 | key, pwd, pwdlen, &len ); |
||
1280 | if( ret == 0 ) |
||
1281 | { |
||
1282 | pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ); |
||
1283 | |||
1284 | if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || |
||
1285 | ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), |
||
1286 | pem.buf, pem.buflen ) ) != 0 ) |
||
1287 | { |
||
1288 | mbedtls_pk_free( pk ); |
||
1289 | } |
||
1290 | |||
1291 | mbedtls_pem_free( &pem ); |
||
1292 | return( ret ); |
||
1293 | } |
||
1294 | else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ) |
||
1295 | return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); |
||
1296 | else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ) |
||
1297 | return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); |
||
1298 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) |
||
1299 | return( ret ); |
||
1300 | #endif /* MBEDTLS_ECP_C */ |
||
1301 | |||
1302 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ |
||
1303 | if( key[keylen - 1] != '\0' ) |
||
1304 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; |
||
1305 | else |
||
1306 | ret = mbedtls_pem_read_buffer( &pem, |
||
1307 | "-----BEGIN PRIVATE KEY-----", |
||
1308 | "-----END PRIVATE KEY-----", |
||
1309 | key, NULL, 0, &len ); |
||
1310 | if( ret == 0 ) |
||
1311 | { |
||
1312 | if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, |
||
1313 | pem.buf, pem.buflen ) ) != 0 ) |
||
1314 | { |
||
1315 | mbedtls_pk_free( pk ); |
||
1316 | } |
||
1317 | |||
1318 | mbedtls_pem_free( &pem ); |
||
1319 | return( ret ); |
||
1320 | } |
||
1321 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) |
||
1322 | return( ret ); |
||
1323 | |||
1324 | #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) |
||
1325 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ |
||
1326 | if( key[keylen - 1] != '\0' ) |
||
1327 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; |
||
1328 | else |
||
1329 | ret = mbedtls_pem_read_buffer( &pem, |
||
1330 | "-----BEGIN ENCRYPTED PRIVATE KEY-----", |
||
1331 | "-----END ENCRYPTED PRIVATE KEY-----", |
||
1332 | key, NULL, 0, &len ); |
||
1333 | if( ret == 0 ) |
||
1334 | { |
||
1335 | if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, |
||
1336 | pem.buf, pem.buflen, |
||
1337 | pwd, pwdlen ) ) != 0 ) |
||
1338 | { |
||
1339 | mbedtls_pk_free( pk ); |
||
1340 | } |
||
1341 | |||
1342 | mbedtls_pem_free( &pem ); |
||
1343 | return( ret ); |
||
1344 | } |
||
1345 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) |
||
1346 | return( ret ); |
||
1347 | #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ |
||
1348 | #else |
||
1349 | ((void) pwd); |
||
1350 | ((void) pwdlen); |
||
1351 | #endif /* MBEDTLS_PEM_PARSE_C */ |
||
1352 | |||
1353 | /* |
||
1354 | * At this point we only know it's not a PEM formatted key. Could be any |
||
1355 | * of the known DER encoded private key formats |
||
1356 | * |
||
1357 | * We try the different DER format parsers to see if one passes without |
||
1358 | * error |
||
1359 | */ |
||
1360 | #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) |
||
1361 | { |
||
1362 | unsigned char *key_copy; |
||
1363 | |||
1364 | if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL ) |
||
1365 | return( MBEDTLS_ERR_PK_ALLOC_FAILED ); |
||
1366 | |||
1367 | memcpy( key_copy, key, keylen ); |
||
1368 | |||
1369 | ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen, |
||
1370 | pwd, pwdlen ); |
||
1371 | |||
1372 | mbedtls_platform_zeroize( key_copy, keylen ); |
||
1373 | mbedtls_free( key_copy ); |
||
1374 | } |
||
1375 | |||
1376 | if( ret == 0 ) |
||
1377 | return( 0 ); |
||
1378 | |||
1379 | mbedtls_pk_free( pk ); |
||
1380 | mbedtls_pk_init( pk ); |
||
1381 | |||
1382 | if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH ) |
||
1383 | { |
||
1384 | return( ret ); |
||
1385 | } |
||
1386 | #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ |
||
1387 | |||
1388 | if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 ) |
||
1389 | return( 0 ); |
||
1390 | |||
1391 | mbedtls_pk_free( pk ); |
||
1392 | mbedtls_pk_init( pk ); |
||
1393 | |||
1394 | #if defined(MBEDTLS_RSA_C) |
||
1395 | |||
1396 | pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ); |
||
1397 | if( mbedtls_pk_setup( pk, pk_info ) == 0 && |
||
1398 | pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) == 0 ) |
||
1399 | { |
||
1400 | return( 0 ); |
||
1401 | } |
||
1402 | |||
1403 | mbedtls_pk_free( pk ); |
||
1404 | mbedtls_pk_init( pk ); |
||
1405 | #endif /* MBEDTLS_RSA_C */ |
||
1406 | |||
1407 | #if defined(MBEDTLS_ECP_C) |
||
1408 | pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ); |
||
1409 | if( mbedtls_pk_setup( pk, pk_info ) == 0 && |
||
1410 | pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), |
||
1411 | key, keylen ) == 0 ) |
||
1412 | { |
||
1413 | return( 0 ); |
||
1414 | } |
||
1415 | mbedtls_pk_free( pk ); |
||
1416 | #endif /* MBEDTLS_ECP_C */ |
||
1417 | |||
1418 | /* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_C isn't, |
||
1419 | * it is ok to leave the PK context initialized but not |
||
1420 | * freed: It is the caller's responsibility to call pk_init() |
||
1421 | * before calling this function, and to call pk_free() |
||
1422 | * when it fails. If MBEDTLS_ECP_C is defined but MBEDTLS_RSA_C |
||
1423 | * isn't, this leads to mbedtls_pk_free() being called |
||
1424 | * twice, once here and once by the caller, but this is |
||
1425 | * also ok and in line with the mbedtls_pk_free() calls |
||
1426 | * on failed PEM parsing attempts. */ |
||
1427 | |||
1428 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); |
||
1429 | } |
||
1430 | |||
1431 | /* |
||
1432 | * Parse a public key |
||
1433 | */ |
||
1434 | int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, |
||
1435 | const unsigned char *key, size_t keylen ) |
||
1436 | { |
||
1437 | int ret; |
||
1438 | unsigned char *p; |
||
1439 | #if defined(MBEDTLS_RSA_C) |
||
1440 | const mbedtls_pk_info_t *pk_info; |
||
1441 | #endif |
||
1442 | #if defined(MBEDTLS_PEM_PARSE_C) |
||
1443 | size_t len; |
||
1444 | mbedtls_pem_context pem; |
||
1445 | #endif |
||
1446 | |||
1447 | PK_VALIDATE_RET( ctx != NULL ); |
||
1448 | if( keylen == 0 ) |
||
1449 | return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); |
||
1450 | PK_VALIDATE_RET( key != NULL || keylen == 0 ); |
||
1451 | |||
1452 | #if defined(MBEDTLS_PEM_PARSE_C) |
||
1453 | mbedtls_pem_init( &pem ); |
||
1454 | #if defined(MBEDTLS_RSA_C) |
||
1455 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ |
||
1456 | if( key[keylen - 1] != '\0' ) |
||
1457 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; |
||
1458 | else |
||
1459 | ret = mbedtls_pem_read_buffer( &pem, |
||
1460 | "-----BEGIN RSA PUBLIC KEY-----", |
||
1461 | "-----END RSA PUBLIC KEY-----", |
||
1462 | key, NULL, 0, &len ); |
||
1463 | |||
1464 | if( ret == 0 ) |
||
1465 | { |
||
1466 | p = pem.buf; |
||
1467 | if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) |
||
1468 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); |
||
1469 | |||
1470 | if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) |
||
1471 | return( ret ); |
||
1472 | |||
1473 | if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 ) |
||
1474 | mbedtls_pk_free( ctx ); |
||
1475 | |||
1476 | mbedtls_pem_free( &pem ); |
||
1477 | return( ret ); |
||
1478 | } |
||
1479 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) |
||
1480 | { |
||
1481 | mbedtls_pem_free( &pem ); |
||
1482 | return( ret ); |
||
1483 | } |
||
1484 | #endif /* MBEDTLS_RSA_C */ |
||
1485 | |||
1486 | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ |
||
1487 | if( key[keylen - 1] != '\0' ) |
||
1488 | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; |
||
1489 | else |
||
1490 | ret = mbedtls_pem_read_buffer( &pem, |
||
1491 | "-----BEGIN PUBLIC KEY-----", |
||
1492 | "-----END PUBLIC KEY-----", |
||
1493 | key, NULL, 0, &len ); |
||
1494 | |||
1495 | if( ret == 0 ) |
||
1496 | { |
||
1497 | /* |
||
1498 | * Was PEM encoded |
||
1499 | */ |
||
1500 | p = pem.buf; |
||
1501 | |||
1502 | ret = mbedtls_pk_parse_subpubkey( &p, p + pem.buflen, ctx ); |
||
1503 | mbedtls_pem_free( &pem ); |
||
1504 | return( ret ); |
||
1505 | } |
||
1506 | else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) |
||
1507 | { |
||
1508 | mbedtls_pem_free( &pem ); |
||
1509 | return( ret ); |
||
1510 | } |
||
1511 | mbedtls_pem_free( &pem ); |
||
1512 | #endif /* MBEDTLS_PEM_PARSE_C */ |
||
1513 | |||
1514 | #if defined(MBEDTLS_RSA_C) |
||
1515 | if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) |
||
1516 | return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); |
||
1517 | |||
1518 | if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) |
||
1519 | return( ret ); |
||
1520 | |||
1521 | p = (unsigned char *)key; |
||
1522 | ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) ); |
||
1523 | if( ret == 0 ) |
||
1524 | { |
||
1525 | return( ret ); |
||
1526 | } |
||
1527 | mbedtls_pk_free( ctx ); |
||
1528 | if( ret != ( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) |
||
1529 | { |
||
1530 | return( ret ); |
||
1531 | } |
||
1532 | #endif /* MBEDTLS_RSA_C */ |
||
1533 | p = (unsigned char *) key; |
||
1534 | |||
1535 | ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx ); |
||
1536 | |||
1537 | return( ret ); |
||
1538 | } |
||
1539 | |||
1540 | #endif /* MBEDTLS_PK_PARSE_C */>>> |