TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / eab20d2a9c9dac1eefa308e237febde847034e3d / . / library / pkparse.c
blob: 19078493d5a782f8f596af2a2254a9217b2557af [file] [log] [blame]
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1/*
2 * Public Key layer for parsing key files and structures
3 *
4 * Copyright (C) 2006-2013, Brainspark B.V.
5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#include "polarssl/config.h"
27
Paul Bakker4606c732013-09-15 17:04:23 +0200[diff] [blame]28#if defined(POLARSSL_PK_PARSE_C)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]29
30#include "polarssl/pk.h"
31#include "polarssl/asn1.h"
32#include "polarssl/oid.h"
33
34#if defined(POLARSSL_RSA_C)
35#include "polarssl/rsa.h"
36#endif
37#if defined(POLARSSL_ECP_C)
38#include "polarssl/ecp.h"
39#endif
40#if defined(POLARSSL_ECDSA_C)
41#include "polarssl/ecdsa.h"
42#endif
Paul Bakkercff68422013-09-15 20:43:33 +0200[diff] [blame]43#if defined(POLARSSL_PEM_PARSE_C)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]44#include "polarssl/pem.h"
45#endif
46#if defined(POLARSSL_PKCS5_C)
47#include "polarssl/pkcs5.h"
48#endif
49#if defined(POLARSSL_PKCS12_C)
50#include "polarssl/pkcs12.h"
51#endif
52
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]53#if defined(POLARSSL_PLATFORM_C)
54#include "polarssl/platform.h"
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]55#else
56#include <stdlib.h>
57#define polarssl_malloc malloc
58#define polarssl_free free
59#endif
60
61#if defined(POLARSSL_FS_IO)
62/*
63 * Load all data from a file into a given buffer.
64 */
65static int load_file( const char *path, unsigned char **buf, size_t *n )
66{
67 FILE *f;
68 long size;
69
70 if( ( f = fopen( path, "rb" ) ) == NULL )
71 return( POLARSSL_ERR_PK_FILE_IO_ERROR );
72
73 fseek( f, 0, SEEK_END );
74 if( ( size = ftell( f ) ) == -1 )
75 {
76 fclose( f );
77 return( POLARSSL_ERR_PK_FILE_IO_ERROR );
78 }
79 fseek( f, 0, SEEK_SET );
80
81 *n = (size_t) size;
82
83 if( *n + 1 == 0 ||
84 ( *buf = (unsigned char *) polarssl_malloc( *n + 1 ) ) == NULL )
85 {
86 fclose( f );
87 return( POLARSSL_ERR_PK_MALLOC_FAILED );
88 }
89
90 if( fread( *buf, 1, *n, f ) != *n )
91 {
92 fclose( f );
93 polarssl_free( *buf );
94 return( POLARSSL_ERR_PK_FILE_IO_ERROR );
95 }
96
97 fclose( f );
98
99 (*buf)[*n] = '\0';
100
101 return( 0 );
102}
103
104/*
105 * Load and parse a private key
106 */
107int pk_parse_keyfile( pk_context *ctx,
108 const char *path, const char *pwd )
109{
110 int ret;
111 size_t n;
112 unsigned char *buf;
113
114 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
115 return( ret );
116
117 if( pwd == NULL )
118 ret = pk_parse_key( ctx, buf, n, NULL, 0 );
119 else
120 ret = pk_parse_key( ctx, buf, n,
121 (const unsigned char *) pwd, strlen( pwd ) );
122
123 memset( buf, 0, n + 1 );
124 polarssl_free( buf );
125
126 return( ret );
127}
128
129/*
130 * Load and parse a public key
131 */
132int pk_parse_public_keyfile( pk_context *ctx, const char *path )
133{
134 int ret;
135 size_t n;
136 unsigned char *buf;
137
138 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
139 return( ret );
140
141 ret = pk_parse_public_key( ctx, buf, n );
142
143 memset( buf, 0, n + 1 );
144 polarssl_free( buf );
145
146 return( ret );
147}
148#endif /* POLARSSL_FS_IO */
149
150#if defined(POLARSSL_ECP_C)
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame^]151/* Minimally parse an ECParameters buffer to and asn1_buf
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]152 *
153 * ECParameters ::= CHOICE {
154 * namedCurve OBJECT IDENTIFIER
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame^]155 * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]156 * -- implicitCurve NULL
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]157 * }
158 */
159static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
160 asn1_buf *params )
161{
162 int ret;
163
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame^]164 /* Tag may be either OID or SEQUENCE */
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]165 params->tag = **p;
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame^]166 if( params->tag != ASN1_OID &&
167 params->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
168 {
169 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
170 POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
171 }
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]172
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame^]173 if( ( ret = asn1_get_tag( p, end, &params->len, params->tag ) ) != 0 )
174 {
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]175 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame^]176 }
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]177
178 params->p = *p;
179 *p += params->len;
180
181 if( *p != end )
182 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
183 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
184
185 return( 0 );
186}
187
188/*
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame^]189 * Import a point from unsigned binary data (SEC1 2.3.4), sloppy version:
190 * accepts compressed point, but then don't fill the Y coordinate, only its
191 * parity bit. This is a hack to be able to read SpecifiedECDomain to the
192 * degree that we can check if it is one of the known groups,
193 * see pk_group_from_specified() and ultimately pk_group_id_from_specified().
194 */
195static int pk_ecp_point_read_sloppy( const ecp_group *grp, ecp_point *pt,
196 const unsigned char *buf, size_t ilen )
197{
198 int ret;
199 size_t plen;
200
201 if( ilen == 1 && buf[0] == 0x00 )
202 return( ecp_set_zero( pt ) );
203
204 plen = mpi_size( &grp->P );
205
206 if( ilen == 2 * plen + 1 && buf[0] == 0x04 )
207 {
208 MPI_CHK( mpi_read_binary( &pt->X, buf + 1, plen ) );
209 MPI_CHK( mpi_read_binary( &pt->Y, buf + 1 + plen, plen ) );
210 MPI_CHK( mpi_lset( &pt->Z, 1 ) );
211 }
212 else if( ilen == plen + 1 && ( buf[0] == 0x02 || buf[0] == 0x03 ) )
213 {
214 MPI_CHK( mpi_read_binary( &pt->X, buf + 1, plen ) );
215 MPI_CHK( mpi_lset( &pt->Y, buf[0] - 2 ) );
216 MPI_CHK( mpi_lset( &pt->Z, 1 ) );
217 }
218 else
219 return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
220
221cleanup:
222 return( ret );
223}
224
225/*
226 * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it.
227 * WARNING: the resulting group should only be used with
228 * pk_group_id_from_specified(), since its base point may not be set correctly
229 * if it was encoded compressed.
230 *
231 * SpecifiedECDomain ::= SEQUENCE {
232 * version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...),
233 * fieldID FieldID {{FieldTypes}},
234 * curve Curve,
235 * base ECPoint,
236 * order INTEGER,
237 * cofactor INTEGER OPTIONAL,
238 * hash HashAlgorithm OPTIONAL,
239 * ...
240 * }
241 *
242 * We only support prime-field as field type, and ignore hash and cofactor.
243 */
244static int pk_group_from_specified( const asn1_buf *params, ecp_group *grp )
245{
246 int ret;
247 unsigned char *p = params->p;
248 const unsigned char * const end = params->p + params->len;
249 const unsigned char *end_field, *end_curve;
250 size_t len;
251 int ver;
252
253 /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */
254 if( ( ret = asn1_get_int( &p, end, &ver ) ) != 0 )
255 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
256
257 if( ver < 1 || ver > 3 )
258 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
259
260 /*
261 * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field
262 * fieldType FIELD-ID.&id({IOSet}),
263 * parameters FIELD-ID.&Type({IOSet}{@fieldType})
264 * }
265 */
266 if( ( ret = asn1_get_tag( &p, end, &len,
267 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
268 return( ret );
269
270 end_field = p + len;
271
272 /*
273 * FIELD-ID ::= TYPE-IDENTIFIER
274 * FieldTypes FIELD-ID ::= {
275 * { Prime-p IDENTIFIED BY prime-field } |
276 * { Characteristic-two IDENTIFIED BY characteristic-two-field }
277 * }
278 * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
279 */
280 if( ( ret = asn1_get_tag( &p, end_field, &len, ASN1_OID ) ) != 0 )
281 return( ret );
282
283 if( len != OID_SIZE( OID_ANSI_X9_62_PRIME_FIELD ) ||
284 memcmp( p, OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
285 {
286 return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
287 }
288
289 p += len;
290
291 /* Prime-p ::= INTEGER -- Field of size p. */
292 if( ( ret = asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 )
293 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
294
295 grp->pbits = mpi_msb( &grp->P );
296
297 if( p != end_field )
298 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
299 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
300
301 /*
302 * Curve ::= SEQUENCE {
303 * a FieldElement,
304 * b FieldElement,
305 * seed BIT STRING OPTIONAL
306 * -- Shall be present if used in SpecifiedECDomain
307 * -- with version equal to ecdpVer2 or ecdpVer3
308 * }
309 */
310 if( ( ret = asn1_get_tag( &p, end, &len,
311 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
312 return( ret );
313
314 end_curve = p + len;
315
316 /*
317 * FieldElement ::= OCTET STRING
318 * containing an integer in the case of a prime field
319 */
320 if( ( ret = asn1_get_tag( &p, end_curve, &len, ASN1_OCTET_STRING ) ) != 0 ||
321 ( ret = mpi_read_binary( &grp->A, p, len ) ) != 0 )
322 {
323 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
324 }
325
326 p += len;
327
328 if( ( ret = asn1_get_tag( &p, end_curve, &len, ASN1_OCTET_STRING ) ) != 0 ||
329 ( ret = mpi_read_binary( &grp->B, p, len ) ) != 0 )
330 {
331 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
332 }
333
334 p += len;
335
336 /* Ignore seed BIT STRING OPTIONAL */
337 if( ( ret = asn1_get_tag( &p, end_curve, &len, ASN1_BIT_STRING ) ) == 0 )
338 p += len;
339
340 if( p != end_curve )
341 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
342 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
343
344 /*
345 * ECPoint ::= OCTET STRING
346 */
347 if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 ||
348 ( ret = pk_ecp_point_read_sloppy( grp, &grp->G,
349 ( const unsigned char *) p, len ) ) != 0 )
350 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
351
352 p += len;
353
354 /*
355 * order INTEGER
356 */
357 if( ( ret = asn1_get_mpi( &p, end, &grp->N ) ) )
358 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
359
360 grp->nbits = mpi_msb( &grp->N );
361
362 /*
363 * Allow optional elements by purposefully not enforcing p == end here.
364 */
365
366 return( 0 );
367}
368
369/*
370 * Find the group id associated with an (almost filled) group as generated by
371 * pk_group_from_specified(), or return an error if unknown.
372 */
373static int pk_group_id_from_group( const ecp_group *grp, ecp_group_id *grp_id )
374{
375 int ret;
376 ecp_group ref;
377 const ecp_group_id *id;
378
379 ecp_group_init( &ref );
380
381 for( id = ecp_grp_id_list(); *id != POLARSSL_ECP_DP_NONE; id++ )
382 {
383 /* Load the group associated to that id */
384 ecp_group_free( &ref );
385 MPI_CHK( ecp_use_known_dp( &ref, *id ) );
386
387 /* Compare to the group we were given, starting with easy tests */
388 if( grp->pbits == ref.pbits && grp->nbits == ref.nbits &&
389 mpi_cmp_mpi( &grp->P, &ref.P ) == 0 &&
390 mpi_cmp_mpi( &grp->A, &ref.A ) == 0 &&
391 mpi_cmp_mpi( &grp->B, &ref.B ) == 0 &&
392 mpi_cmp_mpi( &grp->N, &ref.N ) == 0 &&
393 mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 &&
394 mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 &&
395 /* For Y we may only know the parity bit, so compare only that */
396 mpi_get_bit( &grp->G.Y, 0 ) == mpi_get_bit( &ref.G.Y, 0 ) )
397 {
398 break;
399 }
400
401 }
402
403cleanup:
404 ecp_group_free( &ref );
405
406 *grp_id = *id;
407
408 if( ret == 0 && *id == POLARSSL_ECP_DP_NONE )
409 ret = POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE;
410
411 return( ret );
412}
413
414/*
415 * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID
416 */
417static int pk_group_id_from_specified( const asn1_buf *params,
418 ecp_group_id *grp_id )
419{
420 int ret;
421 ecp_group grp;
422
423 ecp_group_init( &grp );
424
425 if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 )
426 goto cleanup;
427
428 ret = pk_group_id_from_group( &grp, grp_id );
429
430cleanup:
431 ecp_group_free( &grp );
432
433 return( ret );
434}
435
436/*
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]437 * Use EC parameters to initialise an EC group
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame^]438 *
439 * ECParameters ::= CHOICE {
440 * namedCurve OBJECT IDENTIFIER
441 * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
442 * -- implicitCurve NULL
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]443 */
444static int pk_use_ecparams( const asn1_buf *params, ecp_group *grp )
445{
446 int ret;
447 ecp_group_id grp_id;
448
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame^]449 if( params->tag == ASN1_OID )
450 {
451 if( oid_get_ec_grp( params, &grp_id ) != 0 )
452 return( POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE );
453 }
454 else
455 {
456 if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 )
457 return( ret );
458 }
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]459
460 /*
461 * grp may already be initilialized; if so, make sure IDs match
462 */
463 if( grp->id != POLARSSL_ECP_DP_NONE && grp->id != grp_id )
464 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
465
466 if( ( ret = ecp_use_known_dp( grp, grp_id ) ) != 0 )
467 return( ret );
468
469 return( 0 );
470}
471
472/*
473 * EC public key is an EC point
474 */
475static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
476 ecp_keypair *key )
477{
478 int ret;
479
480 if( ( ret = ecp_point_read_binary( &key->grp, &key->Q,
481 (const unsigned char *) *p, end - *p ) ) != 0 ||
482 ( ret = ecp_check_pubkey( &key->grp, &key->Q ) ) != 0 )
483 {
484 ecp_keypair_free( key );
485 return( POLARSSL_ERR_PK_INVALID_PUBKEY );
486 }
487
488 /*
489 * We know ecp_point_read_binary consumed all bytes
490 */
491 *p = (unsigned char *) end;
492
493 return( 0 );
494}
495#endif /* POLARSSL_ECP_C */
496
497#if defined(POLARSSL_RSA_C)
498/*
499 * RSAPublicKey ::= SEQUENCE {
500 * modulus INTEGER, -- n
501 * publicExponent INTEGER -- e
502 * }
503 */
504static int pk_get_rsapubkey( unsigned char **p,
505 const unsigned char *end,
506 rsa_context *rsa )
507{
508 int ret;
509 size_t len;
510
511 if( ( ret = asn1_get_tag( p, end, &len,
512 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
513 return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret );
514
515 if( *p + len != end )
516 return( POLARSSL_ERR_PK_INVALID_PUBKEY +
517 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
518
519 if( ( ret = asn1_get_mpi( p, end, &rsa->N ) ) != 0 ||
520 ( ret = asn1_get_mpi( p, end, &rsa->E ) ) != 0 )
521 return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret );
522
523 if( *p != end )
524 return( POLARSSL_ERR_PK_INVALID_PUBKEY +
525 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
526
527 if( ( ret = rsa_check_pubkey( rsa ) ) != 0 )
Manuel Pégourié-Gonnard387a2112013-09-18 18:54:01 +0200[diff] [blame]528 return( POLARSSL_ERR_PK_INVALID_PUBKEY );
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]529
530 rsa->len = mpi_size( &rsa->N );
531
532 return( 0 );
533}
534#endif /* POLARSSL_RSA_C */
535
536/* Get a PK algorithm identifier
537 *
538 * AlgorithmIdentifier ::= SEQUENCE {
539 * algorithm OBJECT IDENTIFIER,
540 * parameters ANY DEFINED BY algorithm OPTIONAL }
541 */
542static int pk_get_pk_alg( unsigned char **p,
543 const unsigned char *end,
544 pk_type_t *pk_alg, asn1_buf *params )
545{
546 int ret;
547 asn1_buf alg_oid;
548
549 memset( params, 0, sizeof(asn1_buf) );
550
551 if( ( ret = asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
552 return( POLARSSL_ERR_PK_INVALID_ALG + ret );
553
554 if( oid_get_pk_alg( &alg_oid, pk_alg ) != 0 )
555 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
556
557 /*
558 * No parameters with RSA (only for EC)
559 */
560 if( *pk_alg == POLARSSL_PK_RSA &&
561 ( ( params->tag != ASN1_NULL && params->tag != 0 ) ||
562 params->len != 0 ) )
563 {
564 return( POLARSSL_ERR_PK_INVALID_ALG );
565 }
566
567 return( 0 );
568}
569
570/*
571 * SubjectPublicKeyInfo ::= SEQUENCE {
572 * algorithm AlgorithmIdentifier,
573 * subjectPublicKey BIT STRING }
574 */
Paul Bakkerda771152013-09-16 22:45:03 +0200[diff] [blame]575int pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
576 pk_context *pk )
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]577{
578 int ret;
579 size_t len;
580 asn1_buf alg_params;
581 pk_type_t pk_alg = POLARSSL_PK_NONE;
582 const pk_info_t *pk_info;
583
584 if( ( ret = asn1_get_tag( p, end, &len,
585 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
586 {
587 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
588 }
589
590 end = *p + len;
591
592 if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
593 return( ret );
594
595 if( ( ret = asn1_get_bitstring_null( p, end, &len ) ) != 0 )
596 return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret );
597
598 if( *p + len != end )
599 return( POLARSSL_ERR_PK_INVALID_PUBKEY +
600 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
601
602 if( ( pk_info = pk_info_from_type( pk_alg ) ) == NULL )
603 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
604
605 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 )
606 return( ret );
607
608#if defined(POLARSSL_RSA_C)
609 if( pk_alg == POLARSSL_PK_RSA )
610 {
611 ret = pk_get_rsapubkey( p, end, pk_rsa( *pk ) );
612 } else
613#endif /* POLARSSL_RSA_C */
614#if defined(POLARSSL_ECP_C)
615 if( pk_alg == POLARSSL_PK_ECKEY_DH || pk_alg == POLARSSL_PK_ECKEY )
616 {
617 ret = pk_use_ecparams( &alg_params, &pk_ec( *pk )->grp );
618 if( ret == 0 )
619 ret = pk_get_ecpubkey( p, end, pk_ec( *pk ) );
620 } else
621#endif /* POLARSSL_ECP_C */
622 ret = POLARSSL_ERR_PK_UNKNOWN_PK_ALG;
623
624 if( ret == 0 && *p != end )
625 ret = POLARSSL_ERR_PK_INVALID_PUBKEY
626 POLARSSL_ERR_ASN1_LENGTH_MISMATCH;
627
628 if( ret != 0 )
629 pk_free( pk );
630
631 return( ret );
632}
633
634#if defined(POLARSSL_RSA_C)
635/*
636 * Parse a PKCS#1 encoded private RSA key
637 */
638static int pk_parse_key_pkcs1_der( rsa_context *rsa,
639 const unsigned char *key,
640 size_t keylen )
641{
642 int ret;
643 size_t len;
644 unsigned char *p, *end;
645
646 p = (unsigned char *) key;
647 end = p + keylen;
648
649 /*
650 * This function parses the RSAPrivateKey (PKCS#1)
651 *
652 * RSAPrivateKey ::= SEQUENCE {
653 * version Version,
654 * modulus INTEGER, -- n
655 * publicExponent INTEGER, -- e
656 * privateExponent INTEGER, -- d
657 * prime1 INTEGER, -- p
658 * prime2 INTEGER, -- q
659 * exponent1 INTEGER, -- d mod (p-1)
660 * exponent2 INTEGER, -- d mod (q-1)
661 * coefficient INTEGER, -- (inverse of q) mod p
662 * otherPrimeInfos OtherPrimeInfos OPTIONAL
663 * }
664 */
665 if( ( ret = asn1_get_tag( &p, end, &len,
666 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
667 {
668 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
669 }
670
671 end = p + len;
672
673 if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
674 {
675 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
676 }
677
678 if( rsa->ver != 0 )
679 {
680 return( POLARSSL_ERR_PK_KEY_INVALID_VERSION );
681 }
682
683 if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
684 ( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
685 ( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
686 ( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 ||
687 ( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 ||
688 ( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
689 ( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
690 ( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
691 {
692 rsa_free( rsa );
693 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
694 }
695
696 rsa->len = mpi_size( &rsa->N );
697
698 if( p != end )
699 {
700 rsa_free( rsa );
701 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
702 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
703 }
704
705 if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
706 {
707 rsa_free( rsa );
708 return( ret );
709 }
710
711 return( 0 );
712}
713#endif /* POLARSSL_RSA_C */
714
715#if defined(POLARSSL_ECP_C)
716/*
717 * Parse a SEC1 encoded private EC key
718 */
719static int pk_parse_key_sec1_der( ecp_keypair *eck,
720 const unsigned char *key,
721 size_t keylen )
722{
723 int ret;
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame^]724 int version, pubkey_done;
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]725 size_t len;
726 asn1_buf params;
727 unsigned char *p = (unsigned char *) key;
728 unsigned char *end = p + keylen;
729 unsigned char *end2;
730
731 /*
732 * RFC 5915, or SEC1 Appendix C.4
733 *
734 * ECPrivateKey ::= SEQUENCE {
735 * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
736 * privateKey OCTET STRING,
737 * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
738 * publicKey [1] BIT STRING OPTIONAL
739 * }
740 */
741 if( ( ret = asn1_get_tag( &p, end, &len,
742 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
743 {
744 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
745 }
746
747 end = p + len;
748
749 if( ( ret = asn1_get_int( &p, end, &version ) ) != 0 )
750 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
751
752 if( version != 1 )
753 return( POLARSSL_ERR_PK_KEY_INVALID_VERSION );
754
755 if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
756 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
757
758 if( ( ret = mpi_read_binary( &eck->d, p, len ) ) != 0 )
759 {
760 ecp_keypair_free( eck );
761 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
762 }
763
764 p += len;
765
766 /*
767 * Is 'parameters' present?
768 */
769 if( ( ret = asn1_get_tag( &p, end, &len,
770 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) == 0 )
771 {
772 if( ( ret = pk_get_ecparams( &p, p + len, &params) ) != 0 ||
773 ( ret = pk_use_ecparams( &params, &eck->grp ) ) != 0 )
774 {
775 ecp_keypair_free( eck );
776 return( ret );
777 }
778 }
779 else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
780 {
781 ecp_keypair_free( eck );
782 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
783 }
784
785 /*
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame^]786 * Is 'publickey' present? If not, or if we can't read it (eg because it
787 * is compressed), create it from the private key.
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]788 */
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame^]789 pubkey_done = 0;
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]790 if( ( ret = asn1_get_tag( &p, end, &len,
791 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ) == 0 )
792 {
793 end2 = p + len;
794
795 if( ( ret = asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
796 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
797
798 if( p + len != end2 )
799 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
800 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
801
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame^]802 if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
803 pubkey_done = 1;
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]804 }
805 else if ( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
806 {
807 ecp_keypair_free( eck );
808 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
809 }
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame^]810
811 if( ! pubkey_done &&
812 ( ret = ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
813 NULL, NULL ) ) != 0 )
Manuel Pégourié-Gonnardff29f9c2013-09-18 16:13:02 +0200[diff] [blame]814 {
815 ecp_keypair_free( eck );
816 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
817 }
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]818
819 if( ( ret = ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
820 {
821 ecp_keypair_free( eck );
822 return( ret );
823 }
824
825 return 0;
826}
827#endif /* POLARSSL_ECP_C */
828
829/*
830 * Parse an unencrypted PKCS#8 encoded private key
831 */
832static int pk_parse_key_pkcs8_unencrypted_der(
833 pk_context *pk,
834 const unsigned char* key,
835 size_t keylen )
836{
837 int ret, version;
838 size_t len;
839 asn1_buf params;
840 unsigned char *p = (unsigned char *) key;
841 unsigned char *end = p + keylen;
842 pk_type_t pk_alg = POLARSSL_PK_NONE;
843 const pk_info_t *pk_info;
844
845 /*
846 * This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208)
847 *
848 * PrivateKeyInfo ::= SEQUENCE {
849 * version Version,
850 * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
851 * privateKey PrivateKey,
852 * attributes [0] IMPLICIT Attributes OPTIONAL }
853 *
854 * Version ::= INTEGER
855 * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
856 * PrivateKey ::= OCTET STRING
857 *
858 * The PrivateKey OCTET STRING is a SEC1 ECPrivateKey
859 */
860
861 if( ( ret = asn1_get_tag( &p, end, &len,
862 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
863 {
864 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
865 }
866
867 end = p + len;
868
869 if( ( ret = asn1_get_int( &p, end, &version ) ) != 0 )
870 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
871
872 if( version != 0 )
873 return( POLARSSL_ERR_PK_KEY_INVALID_VERSION + ret );
874
875 if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, &params ) ) != 0 )
876 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
877
878 if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
879 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
880
881 if( len < 1 )
882 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
883 POLARSSL_ERR_ASN1_OUT_OF_DATA );
884
885 if( ( pk_info = pk_info_from_type( pk_alg ) ) == NULL )
886 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
887
888 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 )
889 return( ret );
890
891#if defined(POLARSSL_RSA_C)
892 if( pk_alg == POLARSSL_PK_RSA )
893 {
894 if( ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ), p, len ) ) != 0 )
895 {
896 pk_free( pk );
897 return( ret );
898 }
899 } else
900#endif /* POLARSSL_RSA_C */
901#if defined(POLARSSL_ECP_C)
902 if( pk_alg == POLARSSL_PK_ECKEY || pk_alg == POLARSSL_PK_ECKEY_DH )
903 {
904 if( ( ret = pk_use_ecparams( &params, &pk_ec( *pk )->grp ) ) != 0 ||
905 ( ret = pk_parse_key_sec1_der( pk_ec( *pk ), p, len ) ) != 0 )
906 {
907 pk_free( pk );
908 return( ret );
909 }
910 } else
911#endif /* POLARSSL_ECP_C */
912 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
913
914 return 0;
915}
916
917/*
918 * Parse an encrypted PKCS#8 encoded private key
919 */
920static int pk_parse_key_pkcs8_encrypted_der(
921 pk_context *pk,
922 const unsigned char *key, size_t keylen,
923 const unsigned char *pwd, size_t pwdlen )
924{
925 int ret;
926 size_t len;
927 unsigned char buf[2048];
928 unsigned char *p, *end;
929 asn1_buf pbe_alg_oid, pbe_params;
930#if defined(POLARSSL_PKCS12_C)
931 cipher_type_t cipher_alg;
932 md_type_t md_alg;
933#endif
934
935 memset( buf, 0, sizeof( buf ) );
936
937 p = (unsigned char *) key;
938 end = p + keylen;
939
940 if( pwdlen == 0 )
941 return( POLARSSL_ERR_PK_PASSWORD_REQUIRED );
942
943 /*
944 * This function parses the EncryptedPrivatKeyInfo object (PKCS#8)
945 *
946 * EncryptedPrivateKeyInfo ::= SEQUENCE {
947 * encryptionAlgorithm EncryptionAlgorithmIdentifier,
948 * encryptedData EncryptedData
949 * }
950 *
951 * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
952 *
953 * EncryptedData ::= OCTET STRING
954 *
955 * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
956 */
957 if( ( ret = asn1_get_tag( &p, end, &len,
958 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
959 {
960 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
961 }
962
963 end = p + len;
964
965 if( ( ret = asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
966 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
967
968 if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
969 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
970
971 if( len > sizeof( buf ) )
972 return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
973
974 /*
975 * Decrypt EncryptedData with appropriate PDE
976 */
977#if defined(POLARSSL_PKCS12_C)
978 if( oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
979 {
980 if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT,
981 cipher_alg, md_alg,
982 pwd, pwdlen, p, len, buf ) ) != 0 )
983 {
984 if( ret == POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH )
985 return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
986
987 return( ret );
988 }
989 }
990 else if( OID_CMP( OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) )
991 {
992 if( ( ret = pkcs12_pbe_sha1_rc4_128( &pbe_params,
993 PKCS12_PBE_DECRYPT,
994 pwd, pwdlen,
995 p, len, buf ) ) != 0 )
996 {
997 return( ret );
998 }
999
1000 // Best guess for password mismatch when using RC4. If first tag is
1001 // not ASN1_CONSTRUCTED | ASN1_SEQUENCE
1002 //
1003 if( *buf != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
1004 return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
1005 }
1006 else
1007#endif /* POLARSSL_PKCS12_C */
1008#if defined(POLARSSL_PKCS5_C)
1009 if( OID_CMP( OID_PKCS5_PBES2, &pbe_alg_oid ) )
1010 {
1011 if( ( ret = pkcs5_pbes2( &pbe_params, PKCS5_DECRYPT, pwd, pwdlen,
1012 p, len, buf ) ) != 0 )
1013 {
1014 if( ret == POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH )
1015 return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
1016
1017 return( ret );
1018 }
1019 }
1020 else
1021#endif /* POLARSSL_PKCS5_C */
Manuel Pégourié-Gonnard1032c1d2013-09-18 17:18:34 +0200[diff] [blame]1022 {
1023 ((void) pwd);
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1024 return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
Manuel Pégourié-Gonnard1032c1d2013-09-18 17:18:34 +0200[diff] [blame]1025 }
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1026
1027 return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
1028}
1029
1030/*
1031 * Parse a private key
1032 */
1033int pk_parse_key( pk_context *pk,
1034 const unsigned char *key, size_t keylen,
1035 const unsigned char *pwd, size_t pwdlen )
1036{
1037 int ret;
1038 const pk_info_t *pk_info;
1039
Paul Bakkercff68422013-09-15 20:43:33 +0200[diff] [blame]1040#if defined(POLARSSL_PEM_PARSE_C)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1041 size_t len;
1042 pem_context pem;
1043
1044 pem_init( &pem );
1045
1046#if defined(POLARSSL_RSA_C)
1047 ret = pem_read_buffer( &pem,
1048 "-----BEGIN RSA PRIVATE KEY-----",
1049 "-----END RSA PRIVATE KEY-----",
1050 key, pwd, pwdlen, &len );
1051 if( ret == 0 )
1052 {
1053 if( ( pk_info = pk_info_from_type( POLARSSL_PK_RSA ) ) == NULL )
1054 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
1055
1056 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
1057 ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ),
1058 pem.buf, pem.buflen ) ) != 0 )
1059 {
1060 pk_free( pk );
1061 }
1062
1063 pem_free( &pem );
1064 return( ret );
1065 }
1066 else if( ret == POLARSSL_ERR_PEM_PASSWORD_MISMATCH )
1067 return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
1068 else if( ret == POLARSSL_ERR_PEM_PASSWORD_REQUIRED )
1069 return( POLARSSL_ERR_PK_PASSWORD_REQUIRED );
1070 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1071 return( ret );
1072#endif /* POLARSSL_RSA_C */
1073
1074#if defined(POLARSSL_ECP_C)
1075 ret = pem_read_buffer( &pem,
1076 "-----BEGIN EC PRIVATE KEY-----",
1077 "-----END EC PRIVATE KEY-----",
1078 key, pwd, pwdlen, &len );
1079 if( ret == 0 )
1080 {
1081 if( ( pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ) ) == NULL )
1082 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
1083
1084 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
1085 ( ret = pk_parse_key_sec1_der( pk_ec( *pk ),
1086 pem.buf, pem.buflen ) ) != 0 )
1087 {
1088 pk_free( pk );
1089 }
1090
1091 pem_free( &pem );
1092 return( ret );
1093 }
1094 else if( ret == POLARSSL_ERR_PEM_PASSWORD_MISMATCH )
1095 return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
1096 else if( ret == POLARSSL_ERR_PEM_PASSWORD_REQUIRED )
1097 return( POLARSSL_ERR_PK_PASSWORD_REQUIRED );
1098 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1099 return( ret );
1100#endif /* POLARSSL_ECP_C */
1101
1102 ret = pem_read_buffer( &pem,
1103 "-----BEGIN PRIVATE KEY-----",
1104 "-----END PRIVATE KEY-----",
1105 key, NULL, 0, &len );
1106 if( ret == 0 )
1107 {
1108 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
1109 pem.buf, pem.buflen ) ) != 0 )
1110 {
1111 pk_free( pk );
1112 }
1113
1114 pem_free( &pem );
1115 return( ret );
1116 }
1117 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1118 return( ret );
1119
1120 ret = pem_read_buffer( &pem,
1121 "-----BEGIN ENCRYPTED PRIVATE KEY-----",
1122 "-----END ENCRYPTED PRIVATE KEY-----",
1123 key, NULL, 0, &len );
1124 if( ret == 0 )
1125 {
1126 if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
1127 pem.buf, pem.buflen,
1128 pwd, pwdlen ) ) != 0 )
1129 {
1130 pk_free( pk );
1131 }
1132
1133 pem_free( &pem );
1134 return( ret );
1135 }
1136 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1137 return( ret );
1138#else
1139 ((void) pwd);
1140 ((void) pwdlen);
Paul Bakkercff68422013-09-15 20:43:33 +0200[diff] [blame]1141#endif /* POLARSSL_PEM_PARSE_C */
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1142
1143 /*
1144 * At this point we only know it's not a PEM formatted key. Could be any
1145 * of the known DER encoded private key formats
1146 *
1147 * We try the different DER format parsers to see if one passes without
1148 * error
1149 */
1150 if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen,
1151 pwd, pwdlen ) ) == 0 )
1152 {
1153 return( 0 );
1154 }
1155
1156 pk_free( pk );
1157
1158 if( ret == POLARSSL_ERR_PK_PASSWORD_MISMATCH )
1159 {
1160 return( ret );
1161 }
1162
1163 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
1164 return( 0 );
1165
1166 pk_free( pk );
1167
1168#if defined(POLARSSL_RSA_C)
1169 if( ( pk_info = pk_info_from_type( POLARSSL_PK_RSA ) ) == NULL )
1170 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
1171
1172 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
1173 ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ), key, keylen ) ) == 0 )
1174 {
1175 return( 0 );
1176 }
1177
1178 pk_free( pk );
1179#endif /* POLARSSL_RSA_C */
1180
1181#if defined(POLARSSL_ECP_C)
1182 if( ( pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ) ) == NULL )
1183 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
1184
1185 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
1186 ( ret = pk_parse_key_sec1_der( pk_ec( *pk ), key, keylen ) ) == 0 )
1187 {
1188 return( 0 );
1189 }
1190
1191 pk_free( pk );
1192#endif /* POLARSSL_ECP_C */
1193
1194 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
1195}
1196
1197/*
1198 * Parse a public key
1199 */
1200int pk_parse_public_key( pk_context *ctx,
1201 const unsigned char *key, size_t keylen )
1202{
1203 int ret;
1204 unsigned char *p;
Paul Bakkercff68422013-09-15 20:43:33 +0200[diff] [blame]1205#if defined(POLARSSL_PEM_PARSE_C)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1206 size_t len;
1207 pem_context pem;
1208
1209 pem_init( &pem );
1210 ret = pem_read_buffer( &pem,
1211 "-----BEGIN PUBLIC KEY-----",
1212 "-----END PUBLIC KEY-----",
1213 key, NULL, 0, &len );
1214
1215 if( ret == 0 )
1216 {
1217 /*
1218 * Was PEM encoded
1219 */
1220 key = pem.buf;
1221 keylen = pem.buflen;
1222 }
1223 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1224 {
1225 pem_free( &pem );
1226 return( ret );
1227 }
1228#endif
1229 p = (unsigned char *) key;
1230
Paul Bakkerda771152013-09-16 22:45:03 +0200[diff] [blame]1231 ret = pk_parse_subpubkey( &p, p + keylen, ctx );
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1232
Paul Bakkercff68422013-09-15 20:43:33 +0200[diff] [blame]1233#if defined(POLARSSL_PEM_PARSE_C)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1234 pem_free( &pem );
1235#endif
1236
1237 return( ret );
1238}
1239
Paul Bakker4606c732013-09-15 17:04:23 +0200[diff] [blame]1240#endif /* POLARSSL_PK_PARSE_C */