TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / f4cf80b86f998260028494443af3cd74e44f933a / . / library / pkparse.c
blob: d0ae5d53bc2527388b653ced7d07a5a7f3016562 [file] [log] [blame]
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1/*
2 * Public Key layer for parsing key files and structures
3 *
4 * Copyright (C) 2006-2013, Brainspark B.V.
5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#include "polarssl/config.h"
27
Paul Bakker4606c732013-09-15 17:04:23 +0200[diff] [blame]28#if defined(POLARSSL_PK_PARSE_C)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]29
30#include "polarssl/pk.h"
31#include "polarssl/asn1.h"
32#include "polarssl/oid.h"
33
34#if defined(POLARSSL_RSA_C)
35#include "polarssl/rsa.h"
36#endif
37#if defined(POLARSSL_ECP_C)
38#include "polarssl/ecp.h"
39#endif
40#if defined(POLARSSL_ECDSA_C)
41#include "polarssl/ecdsa.h"
42#endif
Paul Bakkercff68422013-09-15 20:43:33 +0200[diff] [blame]43#if defined(POLARSSL_PEM_PARSE_C)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]44#include "polarssl/pem.h"
45#endif
46#if defined(POLARSSL_PKCS5_C)
47#include "polarssl/pkcs5.h"
48#endif
49#if defined(POLARSSL_PKCS12_C)
50#include "polarssl/pkcs12.h"
51#endif
52
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]53#if defined(POLARSSL_PLATFORM_C)
54#include "polarssl/platform.h"
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]55#else
56#include <stdlib.h>
57#define polarssl_malloc malloc
58#define polarssl_free free
59#endif
60
61#if defined(POLARSSL_FS_IO)
62/*
63 * Load all data from a file into a given buffer.
64 */
65static int load_file( const char *path, unsigned char **buf, size_t *n )
66{
67 FILE *f;
68 long size;
69
70 if( ( f = fopen( path, "rb" ) ) == NULL )
71 return( POLARSSL_ERR_PK_FILE_IO_ERROR );
72
73 fseek( f, 0, SEEK_END );
74 if( ( size = ftell( f ) ) == -1 )
75 {
76 fclose( f );
77 return( POLARSSL_ERR_PK_FILE_IO_ERROR );
78 }
79 fseek( f, 0, SEEK_SET );
80
81 *n = (size_t) size;
82
83 if( *n + 1 == 0 ||
84 ( *buf = (unsigned char *) polarssl_malloc( *n + 1 ) ) == NULL )
85 {
86 fclose( f );
87 return( POLARSSL_ERR_PK_MALLOC_FAILED );
88 }
89
90 if( fread( *buf, 1, *n, f ) != *n )
91 {
92 fclose( f );
93 polarssl_free( *buf );
94 return( POLARSSL_ERR_PK_FILE_IO_ERROR );
95 }
96
97 fclose( f );
98
99 (*buf)[*n] = '\0';
100
101 return( 0 );
102}
103
104/*
105 * Load and parse a private key
106 */
107int pk_parse_keyfile( pk_context *ctx,
108 const char *path, const char *pwd )
109{
110 int ret;
111 size_t n;
112 unsigned char *buf;
113
114 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
115 return( ret );
116
117 if( pwd == NULL )
118 ret = pk_parse_key( ctx, buf, n, NULL, 0 );
119 else
120 ret = pk_parse_key( ctx, buf, n,
121 (const unsigned char *) pwd, strlen( pwd ) );
122
123 memset( buf, 0, n + 1 );
124 polarssl_free( buf );
125
126 return( ret );
127}
128
129/*
130 * Load and parse a public key
131 */
132int pk_parse_public_keyfile( pk_context *ctx, const char *path )
133{
134 int ret;
135 size_t n;
136 unsigned char *buf;
137
138 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
139 return( ret );
140
141 ret = pk_parse_public_key( ctx, buf, n );
142
143 memset( buf, 0, n + 1 );
144 polarssl_free( buf );
145
146 return( ret );
147}
148#endif /* POLARSSL_FS_IO */
149
150#if defined(POLARSSL_ECP_C)
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]151/* Minimally parse an ECParameters buffer to and asn1_buf
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]152 *
153 * ECParameters ::= CHOICE {
154 * namedCurve OBJECT IDENTIFIER
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]155 * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]156 * -- implicitCurve NULL
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]157 * }
158 */
159static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
160 asn1_buf *params )
161{
162 int ret;
163
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]164 /* Tag may be either OID or SEQUENCE */
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]165 params->tag = **p;
Manuel Pégourié-Gonnard6fac3512014-03-19 16:39:52 +0100[diff] [blame]166 if( params->tag != ASN1_OID
167#if defined(POLARSSL_PK_PARSE_EC_EXTENDED)
168 && params->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE )
169#endif
170 )
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]171 {
172 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
173 POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
174 }
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]175
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]176 if( ( ret = asn1_get_tag( p, end, &params->len, params->tag ) ) != 0 )
177 {
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]178 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]179 }
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]180
181 params->p = *p;
182 *p += params->len;
183
184 if( *p != end )
185 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
186 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
187
188 return( 0 );
189}
190
Manuel Pégourié-Gonnard6fac3512014-03-19 16:39:52 +0100[diff] [blame]191#if defined(POLARSSL_PK_PARSE_EC_EXTENDED)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]192/*
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]193 * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it.
194 * WARNING: the resulting group should only be used with
195 * pk_group_id_from_specified(), since its base point may not be set correctly
196 * if it was encoded compressed.
197 *
198 * SpecifiedECDomain ::= SEQUENCE {
199 * version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...),
200 * fieldID FieldID {{FieldTypes}},
201 * curve Curve,
202 * base ECPoint,
203 * order INTEGER,
204 * cofactor INTEGER OPTIONAL,
205 * hash HashAlgorithm OPTIONAL,
206 * ...
207 * }
208 *
209 * We only support prime-field as field type, and ignore hash and cofactor.
210 */
211static int pk_group_from_specified( const asn1_buf *params, ecp_group *grp )
212{
213 int ret;
214 unsigned char *p = params->p;
215 const unsigned char * const end = params->p + params->len;
216 const unsigned char *end_field, *end_curve;
217 size_t len;
218 int ver;
219
220 /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */
221 if( ( ret = asn1_get_int( &p, end, &ver ) ) != 0 )
222 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
223
224 if( ver < 1 || ver > 3 )
225 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
226
227 /*
228 * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field
229 * fieldType FIELD-ID.&id({IOSet}),
230 * parameters FIELD-ID.&Type({IOSet}{@fieldType})
231 * }
232 */
233 if( ( ret = asn1_get_tag( &p, end, &len,
234 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
235 return( ret );
236
237 end_field = p + len;
238
239 /*
240 * FIELD-ID ::= TYPE-IDENTIFIER
241 * FieldTypes FIELD-ID ::= {
242 * { Prime-p IDENTIFIED BY prime-field } |
243 * { Characteristic-two IDENTIFIED BY characteristic-two-field }
244 * }
245 * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
246 */
247 if( ( ret = asn1_get_tag( &p, end_field, &len, ASN1_OID ) ) != 0 )
248 return( ret );
249
250 if( len != OID_SIZE( OID_ANSI_X9_62_PRIME_FIELD ) ||
251 memcmp( p, OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
252 {
253 return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
254 }
255
256 p += len;
257
258 /* Prime-p ::= INTEGER -- Field of size p. */
259 if( ( ret = asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 )
260 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
261
262 grp->pbits = mpi_msb( &grp->P );
263
264 if( p != end_field )
265 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
266 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
267
268 /*
269 * Curve ::= SEQUENCE {
270 * a FieldElement,
271 * b FieldElement,
272 * seed BIT STRING OPTIONAL
273 * -- Shall be present if used in SpecifiedECDomain
274 * -- with version equal to ecdpVer2 or ecdpVer3
275 * }
276 */
277 if( ( ret = asn1_get_tag( &p, end, &len,
278 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
279 return( ret );
280
281 end_curve = p + len;
282
283 /*
284 * FieldElement ::= OCTET STRING
285 * containing an integer in the case of a prime field
286 */
287 if( ( ret = asn1_get_tag( &p, end_curve, &len, ASN1_OCTET_STRING ) ) != 0 ||
288 ( ret = mpi_read_binary( &grp->A, p, len ) ) != 0 )
289 {
290 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
291 }
292
293 p += len;
294
295 if( ( ret = asn1_get_tag( &p, end_curve, &len, ASN1_OCTET_STRING ) ) != 0 ||
296 ( ret = mpi_read_binary( &grp->B, p, len ) ) != 0 )
297 {
298 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
299 }
300
301 p += len;
302
303 /* Ignore seed BIT STRING OPTIONAL */
304 if( ( ret = asn1_get_tag( &p, end_curve, &len, ASN1_BIT_STRING ) ) == 0 )
305 p += len;
306
307 if( p != end_curve )
308 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
309 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
310
311 /*
312 * ECPoint ::= OCTET STRING
313 */
Manuel Pégourié-Gonnard5246ee52014-03-19 16:18:38 +0100[diff] [blame]314 if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]315 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
316
Manuel Pégourié-Gonnard5246ee52014-03-19 16:18:38 +0100[diff] [blame]317 if( ( ret = ecp_point_read_binary( grp, &grp->G,
318 ( const unsigned char *) p, len ) ) != 0 )
319 {
320 /*
321 * If we can't read the point because it's compressed, cheat by
322 * reading only the X coordinate and the parity bit of Y.
323 */
324 if( ret != POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE ||
325 ( p[0] != 0x02 && p[0] != 0x03 ) ||
326 len != mpi_size( &grp->P ) + 1 ||
327 mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 ||
328 mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 ||
329 mpi_lset( &grp->G.Z, 1 ) != 0 )
330 {
331 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
332 }
333 }
334
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]335 p += len;
336
337 /*
338 * order INTEGER
339 */
340 if( ( ret = asn1_get_mpi( &p, end, &grp->N ) ) )
341 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
342
343 grp->nbits = mpi_msb( &grp->N );
344
345 /*
346 * Allow optional elements by purposefully not enforcing p == end here.
347 */
348
349 return( 0 );
350}
351
352/*
353 * Find the group id associated with an (almost filled) group as generated by
354 * pk_group_from_specified(), or return an error if unknown.
355 */
356static int pk_group_id_from_group( const ecp_group *grp, ecp_group_id *grp_id )
357{
Manuel Pégourié-Gonnard5b8c4092014-03-27 14:59:42 +0100[diff] [blame]358 int ret = 0;
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]359 ecp_group ref;
360 const ecp_group_id *id;
361
362 ecp_group_init( &ref );
363
364 for( id = ecp_grp_id_list(); *id != POLARSSL_ECP_DP_NONE; id++ )
365 {
366 /* Load the group associated to that id */
367 ecp_group_free( &ref );
368 MPI_CHK( ecp_use_known_dp( &ref, *id ) );
369
370 /* Compare to the group we were given, starting with easy tests */
371 if( grp->pbits == ref.pbits && grp->nbits == ref.nbits &&
372 mpi_cmp_mpi( &grp->P, &ref.P ) == 0 &&
373 mpi_cmp_mpi( &grp->A, &ref.A ) == 0 &&
374 mpi_cmp_mpi( &grp->B, &ref.B ) == 0 &&
375 mpi_cmp_mpi( &grp->N, &ref.N ) == 0 &&
376 mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 &&
377 mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 &&
378 /* For Y we may only know the parity bit, so compare only that */
379 mpi_get_bit( &grp->G.Y, 0 ) == mpi_get_bit( &ref.G.Y, 0 ) )
380 {
381 break;
382 }
383
384 }
385
386cleanup:
387 ecp_group_free( &ref );
388
389 *grp_id = *id;
390
391 if( ret == 0 && *id == POLARSSL_ECP_DP_NONE )
392 ret = POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE;
393
394 return( ret );
395}
396
397/*
398 * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID
399 */
400static int pk_group_id_from_specified( const asn1_buf *params,
401 ecp_group_id *grp_id )
402{
403 int ret;
404 ecp_group grp;
405
406 ecp_group_init( &grp );
407
408 if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 )
409 goto cleanup;
410
411 ret = pk_group_id_from_group( &grp, grp_id );
412
413cleanup:
414 ecp_group_free( &grp );
415
416 return( ret );
417}
Manuel Pégourié-Gonnard6fac3512014-03-19 16:39:52 +0100[diff] [blame]418#endif /* POLARSSL_PK_PARSE_EC_EXTENDED */
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]419
420/*
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]421 * Use EC parameters to initialise an EC group
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]422 *
423 * ECParameters ::= CHOICE {
424 * namedCurve OBJECT IDENTIFIER
425 * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
426 * -- implicitCurve NULL
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]427 */
428static int pk_use_ecparams( const asn1_buf *params, ecp_group *grp )
429{
430 int ret;
431 ecp_group_id grp_id;
432
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]433 if( params->tag == ASN1_OID )
434 {
435 if( oid_get_ec_grp( params, &grp_id ) != 0 )
436 return( POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE );
437 }
438 else
439 {
Manuel Pégourié-Gonnard6fac3512014-03-19 16:39:52 +0100[diff] [blame]440#if defined(POLARSSL_PK_PARSE_EC_EXTENDED)
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]441 if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 )
442 return( ret );
Manuel Pégourié-Gonnard6fac3512014-03-19 16:39:52 +0100[diff] [blame]443#else
444 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
445#endif
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]446 }
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]447
448 /*
449 * grp may already be initilialized; if so, make sure IDs match
450 */
451 if( grp->id != POLARSSL_ECP_DP_NONE && grp->id != grp_id )
452 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
453
454 if( ( ret = ecp_use_known_dp( grp, grp_id ) ) != 0 )
455 return( ret );
456
457 return( 0 );
458}
459
460/*
461 * EC public key is an EC point
Manuel Pégourié-Gonnard5246ee52014-03-19 16:18:38 +0100[diff] [blame]462 *
463 * The caller is responsible for clearing the structure upon failure if
464 * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE
465 * return code of ecp_point_read_binary() and leave p in a usable state.
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]466 */
467static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
468 ecp_keypair *key )
469{
470 int ret;
471
472 if( ( ret = ecp_point_read_binary( &key->grp, &key->Q,
Manuel Pégourié-Gonnard5246ee52014-03-19 16:18:38 +0100[diff] [blame]473 (const unsigned char *) *p, end - *p ) ) == 0 )
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]474 {
Manuel Pégourié-Gonnard5246ee52014-03-19 16:18:38 +0100[diff] [blame]475 ret = ecp_check_pubkey( &key->grp, &key->Q );
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]476 }
477
478 /*
Manuel Pégourié-Gonnard5246ee52014-03-19 16:18:38 +0100[diff] [blame]479 * We know ecp_point_read_binary consumed all bytes or failed
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]480 */
481 *p = (unsigned char *) end;
482
Manuel Pégourié-Gonnard5246ee52014-03-19 16:18:38 +0100[diff] [blame]483 return( ret );
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]484}
485#endif /* POLARSSL_ECP_C */
486
487#if defined(POLARSSL_RSA_C)
488/*
489 * RSAPublicKey ::= SEQUENCE {
490 * modulus INTEGER, -- n
491 * publicExponent INTEGER -- e
492 * }
493 */
494static int pk_get_rsapubkey( unsigned char **p,
495 const unsigned char *end,
496 rsa_context *rsa )
497{
498 int ret;
499 size_t len;
500
501 if( ( ret = asn1_get_tag( p, end, &len,
502 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
503 return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret );
504
505 if( *p + len != end )
506 return( POLARSSL_ERR_PK_INVALID_PUBKEY +
507 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
508
509 if( ( ret = asn1_get_mpi( p, end, &rsa->N ) ) != 0 ||
510 ( ret = asn1_get_mpi( p, end, &rsa->E ) ) != 0 )
511 return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret );
512
513 if( *p != end )
514 return( POLARSSL_ERR_PK_INVALID_PUBKEY +
515 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
516
517 if( ( ret = rsa_check_pubkey( rsa ) ) != 0 )
Manuel Pégourié-Gonnard387a2112013-09-18 18:54:01 +0200[diff] [blame]518 return( POLARSSL_ERR_PK_INVALID_PUBKEY );
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]519
520 rsa->len = mpi_size( &rsa->N );
521
522 return( 0 );
523}
524#endif /* POLARSSL_RSA_C */
525
526/* Get a PK algorithm identifier
527 *
528 * AlgorithmIdentifier ::= SEQUENCE {
529 * algorithm OBJECT IDENTIFIER,
530 * parameters ANY DEFINED BY algorithm OPTIONAL }
531 */
532static int pk_get_pk_alg( unsigned char **p,
533 const unsigned char *end,
534 pk_type_t *pk_alg, asn1_buf *params )
535{
536 int ret;
537 asn1_buf alg_oid;
538
539 memset( params, 0, sizeof(asn1_buf) );
540
541 if( ( ret = asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
542 return( POLARSSL_ERR_PK_INVALID_ALG + ret );
543
544 if( oid_get_pk_alg( &alg_oid, pk_alg ) != 0 )
545 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
546
547 /*
548 * No parameters with RSA (only for EC)
549 */
550 if( *pk_alg == POLARSSL_PK_RSA &&
551 ( ( params->tag != ASN1_NULL && params->tag != 0 ) ||
552 params->len != 0 ) )
553 {
554 return( POLARSSL_ERR_PK_INVALID_ALG );
555 }
556
557 return( 0 );
558}
559
560/*
561 * SubjectPublicKeyInfo ::= SEQUENCE {
562 * algorithm AlgorithmIdentifier,
563 * subjectPublicKey BIT STRING }
564 */
Paul Bakkerda771152013-09-16 22:45:03 +0200[diff] [blame]565int pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
566 pk_context *pk )
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]567{
568 int ret;
569 size_t len;
570 asn1_buf alg_params;
571 pk_type_t pk_alg = POLARSSL_PK_NONE;
572 const pk_info_t *pk_info;
573
574 if( ( ret = asn1_get_tag( p, end, &len,
575 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
576 {
577 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
578 }
579
580 end = *p + len;
581
582 if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
583 return( ret );
584
585 if( ( ret = asn1_get_bitstring_null( p, end, &len ) ) != 0 )
586 return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret );
587
588 if( *p + len != end )
589 return( POLARSSL_ERR_PK_INVALID_PUBKEY +
590 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
591
592 if( ( pk_info = pk_info_from_type( pk_alg ) ) == NULL )
593 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
594
595 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 )
596 return( ret );
597
598#if defined(POLARSSL_RSA_C)
599 if( pk_alg == POLARSSL_PK_RSA )
600 {
601 ret = pk_get_rsapubkey( p, end, pk_rsa( *pk ) );
602 } else
603#endif /* POLARSSL_RSA_C */
604#if defined(POLARSSL_ECP_C)
605 if( pk_alg == POLARSSL_PK_ECKEY_DH || pk_alg == POLARSSL_PK_ECKEY )
606 {
607 ret = pk_use_ecparams( &alg_params, &pk_ec( *pk )->grp );
608 if( ret == 0 )
609 ret = pk_get_ecpubkey( p, end, pk_ec( *pk ) );
610 } else
611#endif /* POLARSSL_ECP_C */
612 ret = POLARSSL_ERR_PK_UNKNOWN_PK_ALG;
613
614 if( ret == 0 && *p != end )
615 ret = POLARSSL_ERR_PK_INVALID_PUBKEY
616 POLARSSL_ERR_ASN1_LENGTH_MISMATCH;
617
618 if( ret != 0 )
619 pk_free( pk );
620
621 return( ret );
622}
623
624#if defined(POLARSSL_RSA_C)
625/*
626 * Parse a PKCS#1 encoded private RSA key
627 */
628static int pk_parse_key_pkcs1_der( rsa_context *rsa,
629 const unsigned char *key,
630 size_t keylen )
631{
632 int ret;
633 size_t len;
634 unsigned char *p, *end;
635
636 p = (unsigned char *) key;
637 end = p + keylen;
638
639 /*
640 * This function parses the RSAPrivateKey (PKCS#1)
641 *
642 * RSAPrivateKey ::= SEQUENCE {
643 * version Version,
644 * modulus INTEGER, -- n
645 * publicExponent INTEGER, -- e
646 * privateExponent INTEGER, -- d
647 * prime1 INTEGER, -- p
648 * prime2 INTEGER, -- q
649 * exponent1 INTEGER, -- d mod (p-1)
650 * exponent2 INTEGER, -- d mod (q-1)
651 * coefficient INTEGER, -- (inverse of q) mod p
652 * otherPrimeInfos OtherPrimeInfos OPTIONAL
653 * }
654 */
655 if( ( ret = asn1_get_tag( &p, end, &len,
656 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
657 {
658 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
659 }
660
661 end = p + len;
662
663 if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
664 {
665 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
666 }
667
668 if( rsa->ver != 0 )
669 {
670 return( POLARSSL_ERR_PK_KEY_INVALID_VERSION );
671 }
672
673 if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
674 ( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
675 ( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
676 ( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 ||
677 ( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 ||
678 ( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
679 ( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
680 ( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
681 {
682 rsa_free( rsa );
683 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
684 }
685
686 rsa->len = mpi_size( &rsa->N );
687
688 if( p != end )
689 {
690 rsa_free( rsa );
691 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
692 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
693 }
694
695 if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
696 {
697 rsa_free( rsa );
698 return( ret );
699 }
700
701 return( 0 );
702}
703#endif /* POLARSSL_RSA_C */
704
705#if defined(POLARSSL_ECP_C)
706/*
707 * Parse a SEC1 encoded private EC key
708 */
709static int pk_parse_key_sec1_der( ecp_keypair *eck,
710 const unsigned char *key,
711 size_t keylen )
712{
713 int ret;
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]714 int version, pubkey_done;
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]715 size_t len;
716 asn1_buf params;
717 unsigned char *p = (unsigned char *) key;
718 unsigned char *end = p + keylen;
719 unsigned char *end2;
720
721 /*
722 * RFC 5915, or SEC1 Appendix C.4
723 *
724 * ECPrivateKey ::= SEQUENCE {
725 * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
726 * privateKey OCTET STRING,
727 * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
728 * publicKey [1] BIT STRING OPTIONAL
729 * }
730 */
731 if( ( ret = asn1_get_tag( &p, end, &len,
732 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
733 {
734 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
735 }
736
737 end = p + len;
738
739 if( ( ret = asn1_get_int( &p, end, &version ) ) != 0 )
740 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
741
742 if( version != 1 )
743 return( POLARSSL_ERR_PK_KEY_INVALID_VERSION );
744
745 if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
746 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
747
748 if( ( ret = mpi_read_binary( &eck->d, p, len ) ) != 0 )
749 {
750 ecp_keypair_free( eck );
751 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
752 }
753
754 p += len;
755
756 /*
757 * Is 'parameters' present?
758 */
759 if( ( ret = asn1_get_tag( &p, end, &len,
760 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) == 0 )
761 {
762 if( ( ret = pk_get_ecparams( &p, p + len, &params) ) != 0 ||
763 ( ret = pk_use_ecparams( &params, &eck->grp ) ) != 0 )
764 {
765 ecp_keypair_free( eck );
766 return( ret );
767 }
768 }
769 else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
770 {
771 ecp_keypair_free( eck );
772 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
773 }
774
775 /*
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]776 * Is 'publickey' present? If not, or if we can't read it (eg because it
777 * is compressed), create it from the private key.
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]778 */
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]779 pubkey_done = 0;
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]780 if( ( ret = asn1_get_tag( &p, end, &len,
781 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ) == 0 )
782 {
783 end2 = p + len;
784
785 if( ( ret = asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
786 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
787
788 if( p + len != end2 )
789 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
790 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
791
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]792 if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
793 pubkey_done = 1;
Manuel Pégourié-Gonnard5246ee52014-03-19 16:18:38 +0100[diff] [blame]794 else
795 {
796 /*
797 * The only acceptable failure mode of pk_get_ecpubkey() above
798 * is if the point format is not recognized.
799 */
800 if( ret != POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE )
801 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
802 }
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]803 }
804 else if ( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
805 {
806 ecp_keypair_free( eck );
807 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
808 }
Manuel Pégourié-Gonnardeab20d22014-03-14 17:58:42 +0100[diff] [blame]809
810 if( ! pubkey_done &&
811 ( ret = ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
812 NULL, NULL ) ) != 0 )
Manuel Pégourié-Gonnardff29f9c2013-09-18 16:13:02 +0200[diff] [blame]813 {
814 ecp_keypair_free( eck );
815 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
816 }
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]817
818 if( ( ret = ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
819 {
820 ecp_keypair_free( eck );
821 return( ret );
822 }
823
824 return 0;
825}
826#endif /* POLARSSL_ECP_C */
827
828/*
829 * Parse an unencrypted PKCS#8 encoded private key
830 */
831static int pk_parse_key_pkcs8_unencrypted_der(
832 pk_context *pk,
833 const unsigned char* key,
834 size_t keylen )
835{
836 int ret, version;
837 size_t len;
838 asn1_buf params;
839 unsigned char *p = (unsigned char *) key;
840 unsigned char *end = p + keylen;
841 pk_type_t pk_alg = POLARSSL_PK_NONE;
842 const pk_info_t *pk_info;
843
844 /*
845 * This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208)
846 *
847 * PrivateKeyInfo ::= SEQUENCE {
848 * version Version,
849 * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
850 * privateKey PrivateKey,
851 * attributes [0] IMPLICIT Attributes OPTIONAL }
852 *
853 * Version ::= INTEGER
854 * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
855 * PrivateKey ::= OCTET STRING
856 *
857 * The PrivateKey OCTET STRING is a SEC1 ECPrivateKey
858 */
859
860 if( ( ret = asn1_get_tag( &p, end, &len,
861 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
862 {
863 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
864 }
865
866 end = p + len;
867
868 if( ( ret = asn1_get_int( &p, end, &version ) ) != 0 )
869 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
870
871 if( version != 0 )
872 return( POLARSSL_ERR_PK_KEY_INVALID_VERSION + ret );
873
874 if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, &params ) ) != 0 )
875 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
876
877 if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
878 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
879
880 if( len < 1 )
881 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
882 POLARSSL_ERR_ASN1_OUT_OF_DATA );
883
884 if( ( pk_info = pk_info_from_type( pk_alg ) ) == NULL )
885 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
886
887 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 )
888 return( ret );
889
890#if defined(POLARSSL_RSA_C)
891 if( pk_alg == POLARSSL_PK_RSA )
892 {
893 if( ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ), p, len ) ) != 0 )
894 {
895 pk_free( pk );
896 return( ret );
897 }
898 } else
899#endif /* POLARSSL_RSA_C */
900#if defined(POLARSSL_ECP_C)
901 if( pk_alg == POLARSSL_PK_ECKEY || pk_alg == POLARSSL_PK_ECKEY_DH )
902 {
903 if( ( ret = pk_use_ecparams( &params, &pk_ec( *pk )->grp ) ) != 0 ||
904 ( ret = pk_parse_key_sec1_der( pk_ec( *pk ), p, len ) ) != 0 )
905 {
906 pk_free( pk );
907 return( ret );
908 }
909 } else
910#endif /* POLARSSL_ECP_C */
911 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
912
913 return 0;
914}
915
916/*
917 * Parse an encrypted PKCS#8 encoded private key
918 */
919static int pk_parse_key_pkcs8_encrypted_der(
920 pk_context *pk,
921 const unsigned char *key, size_t keylen,
922 const unsigned char *pwd, size_t pwdlen )
923{
Paul Bakkerf4cf80b2014-04-17 17:19:56 +0200[diff] [blame^]924 int ret, decrypted = 0;
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]925 size_t len;
926 unsigned char buf[2048];
927 unsigned char *p, *end;
928 asn1_buf pbe_alg_oid, pbe_params;
929#if defined(POLARSSL_PKCS12_C)
930 cipher_type_t cipher_alg;
931 md_type_t md_alg;
932#endif
933
934 memset( buf, 0, sizeof( buf ) );
935
936 p = (unsigned char *) key;
937 end = p + keylen;
938
939 if( pwdlen == 0 )
940 return( POLARSSL_ERR_PK_PASSWORD_REQUIRED );
941
942 /*
943 * This function parses the EncryptedPrivatKeyInfo object (PKCS#8)
944 *
945 * EncryptedPrivateKeyInfo ::= SEQUENCE {
946 * encryptionAlgorithm EncryptionAlgorithmIdentifier,
947 * encryptedData EncryptedData
948 * }
949 *
950 * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
951 *
952 * EncryptedData ::= OCTET STRING
953 *
954 * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
955 */
956 if( ( ret = asn1_get_tag( &p, end, &len,
957 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
958 {
959 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
960 }
961
962 end = p + len;
963
964 if( ( ret = asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
965 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
966
967 if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
968 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
969
970 if( len > sizeof( buf ) )
971 return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
972
973 /*
974 * Decrypt EncryptedData with appropriate PDE
975 */
976#if defined(POLARSSL_PKCS12_C)
977 if( oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
978 {
979 if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT,
980 cipher_alg, md_alg,
981 pwd, pwdlen, p, len, buf ) ) != 0 )
982 {
983 if( ret == POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH )
984 return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
985
986 return( ret );
987 }
Paul Bakkerf4cf80b2014-04-17 17:19:56 +0200[diff] [blame^]988
989 decrypted = 1;
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]990 }
991 else if( OID_CMP( OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) )
992 {
993 if( ( ret = pkcs12_pbe_sha1_rc4_128( &pbe_params,
994 PKCS12_PBE_DECRYPT,
995 pwd, pwdlen,
996 p, len, buf ) ) != 0 )
997 {
998 return( ret );
999 }
1000
1001 // Best guess for password mismatch when using RC4. If first tag is
1002 // not ASN1_CONSTRUCTED | ASN1_SEQUENCE
1003 //
1004 if( *buf != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
1005 return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
Paul Bakkerf4cf80b2014-04-17 17:19:56 +0200[diff] [blame^]1006
1007 decrypted = 1;
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1008 }
1009 else
1010#endif /* POLARSSL_PKCS12_C */
1011#if defined(POLARSSL_PKCS5_C)
1012 if( OID_CMP( OID_PKCS5_PBES2, &pbe_alg_oid ) )
1013 {
1014 if( ( ret = pkcs5_pbes2( &pbe_params, PKCS5_DECRYPT, pwd, pwdlen,
1015 p, len, buf ) ) != 0 )
1016 {
1017 if( ret == POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH )
1018 return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
1019
1020 return( ret );
1021 }
Paul Bakkerf4cf80b2014-04-17 17:19:56 +0200[diff] [blame^]1022
1023 decrypted = 1;
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1024 }
1025 else
1026#endif /* POLARSSL_PKCS5_C */
Manuel Pégourié-Gonnard1032c1d2013-09-18 17:18:34 +0200[diff] [blame]1027 {
1028 ((void) pwd);
Manuel Pégourié-Gonnard1032c1d2013-09-18 17:18:34 +0200[diff] [blame]1029 }
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1030
Paul Bakkerf4cf80b2014-04-17 17:19:56 +0200[diff] [blame^]1031 if( decrypted == 0 )
1032 return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
1033
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1034 return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
1035}
1036
1037/*
1038 * Parse a private key
1039 */
1040int pk_parse_key( pk_context *pk,
1041 const unsigned char *key, size_t keylen,
1042 const unsigned char *pwd, size_t pwdlen )
1043{
1044 int ret;
1045 const pk_info_t *pk_info;
1046
Paul Bakkercff68422013-09-15 20:43:33 +0200[diff] [blame]1047#if defined(POLARSSL_PEM_PARSE_C)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1048 size_t len;
1049 pem_context pem;
1050
1051 pem_init( &pem );
1052
1053#if defined(POLARSSL_RSA_C)
1054 ret = pem_read_buffer( &pem,
1055 "-----BEGIN RSA PRIVATE KEY-----",
1056 "-----END RSA PRIVATE KEY-----",
1057 key, pwd, pwdlen, &len );
1058 if( ret == 0 )
1059 {
1060 if( ( pk_info = pk_info_from_type( POLARSSL_PK_RSA ) ) == NULL )
1061 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
1062
1063 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
1064 ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ),
1065 pem.buf, pem.buflen ) ) != 0 )
1066 {
1067 pk_free( pk );
1068 }
1069
1070 pem_free( &pem );
1071 return( ret );
1072 }
1073 else if( ret == POLARSSL_ERR_PEM_PASSWORD_MISMATCH )
1074 return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
1075 else if( ret == POLARSSL_ERR_PEM_PASSWORD_REQUIRED )
1076 return( POLARSSL_ERR_PK_PASSWORD_REQUIRED );
1077 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1078 return( ret );
1079#endif /* POLARSSL_RSA_C */
1080
1081#if defined(POLARSSL_ECP_C)
1082 ret = pem_read_buffer( &pem,
1083 "-----BEGIN EC PRIVATE KEY-----",
1084 "-----END EC PRIVATE KEY-----",
1085 key, pwd, pwdlen, &len );
1086 if( ret == 0 )
1087 {
1088 if( ( pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ) ) == NULL )
1089 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
1090
1091 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
1092 ( ret = pk_parse_key_sec1_der( pk_ec( *pk ),
1093 pem.buf, pem.buflen ) ) != 0 )
1094 {
1095 pk_free( pk );
1096 }
1097
1098 pem_free( &pem );
1099 return( ret );
1100 }
1101 else if( ret == POLARSSL_ERR_PEM_PASSWORD_MISMATCH )
1102 return( POLARSSL_ERR_PK_PASSWORD_MISMATCH );
1103 else if( ret == POLARSSL_ERR_PEM_PASSWORD_REQUIRED )
1104 return( POLARSSL_ERR_PK_PASSWORD_REQUIRED );
1105 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1106 return( ret );
1107#endif /* POLARSSL_ECP_C */
1108
1109 ret = pem_read_buffer( &pem,
1110 "-----BEGIN PRIVATE KEY-----",
1111 "-----END PRIVATE KEY-----",
1112 key, NULL, 0, &len );
1113 if( ret == 0 )
1114 {
1115 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
1116 pem.buf, pem.buflen ) ) != 0 )
1117 {
1118 pk_free( pk );
1119 }
1120
1121 pem_free( &pem );
1122 return( ret );
1123 }
1124 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1125 return( ret );
1126
1127 ret = pem_read_buffer( &pem,
1128 "-----BEGIN ENCRYPTED PRIVATE KEY-----",
1129 "-----END ENCRYPTED PRIVATE KEY-----",
1130 key, NULL, 0, &len );
1131 if( ret == 0 )
1132 {
1133 if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
1134 pem.buf, pem.buflen,
1135 pwd, pwdlen ) ) != 0 )
1136 {
1137 pk_free( pk );
1138 }
1139
1140 pem_free( &pem );
1141 return( ret );
1142 }
1143 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1144 return( ret );
1145#else
1146 ((void) pwd);
1147 ((void) pwdlen);
Paul Bakkercff68422013-09-15 20:43:33 +0200[diff] [blame]1148#endif /* POLARSSL_PEM_PARSE_C */
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1149
1150 /*
1151 * At this point we only know it's not a PEM formatted key. Could be any
1152 * of the known DER encoded private key formats
1153 *
1154 * We try the different DER format parsers to see if one passes without
1155 * error
1156 */
1157 if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen,
1158 pwd, pwdlen ) ) == 0 )
1159 {
1160 return( 0 );
1161 }
1162
1163 pk_free( pk );
1164
1165 if( ret == POLARSSL_ERR_PK_PASSWORD_MISMATCH )
1166 {
1167 return( ret );
1168 }
1169
1170 if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
1171 return( 0 );
1172
1173 pk_free( pk );
1174
1175#if defined(POLARSSL_RSA_C)
1176 if( ( pk_info = pk_info_from_type( POLARSSL_PK_RSA ) ) == NULL )
1177 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
1178
1179 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
1180 ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ), key, keylen ) ) == 0 )
1181 {
1182 return( 0 );
1183 }
1184
1185 pk_free( pk );
1186#endif /* POLARSSL_RSA_C */
1187
1188#if defined(POLARSSL_ECP_C)
1189 if( ( pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ) ) == NULL )
1190 return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG );
1191
1192 if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
1193 ( ret = pk_parse_key_sec1_der( pk_ec( *pk ), key, keylen ) ) == 0 )
1194 {
1195 return( 0 );
1196 }
1197
1198 pk_free( pk );
1199#endif /* POLARSSL_ECP_C */
1200
1201 return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
1202}
1203
1204/*
1205 * Parse a public key
1206 */
1207int pk_parse_public_key( pk_context *ctx,
1208 const unsigned char *key, size_t keylen )
1209{
1210 int ret;
1211 unsigned char *p;
Paul Bakkercff68422013-09-15 20:43:33 +0200[diff] [blame]1212#if defined(POLARSSL_PEM_PARSE_C)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1213 size_t len;
1214 pem_context pem;
1215
1216 pem_init( &pem );
1217 ret = pem_read_buffer( &pem,
1218 "-----BEGIN PUBLIC KEY-----",
1219 "-----END PUBLIC KEY-----",
1220 key, NULL, 0, &len );
1221
1222 if( ret == 0 )
1223 {
1224 /*
1225 * Was PEM encoded
1226 */
1227 key = pem.buf;
1228 keylen = pem.buflen;
1229 }
1230 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1231 {
1232 pem_free( &pem );
1233 return( ret );
1234 }
1235#endif
1236 p = (unsigned char *) key;
1237
Paul Bakkerda771152013-09-16 22:45:03 +0200[diff] [blame]1238 ret = pk_parse_subpubkey( &p, p + keylen, ctx );
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1239
Paul Bakkercff68422013-09-15 20:43:33 +0200[diff] [blame]1240#if defined(POLARSSL_PEM_PARSE_C)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]1241 pem_free( &pem );
1242#endif
1243
1244 return( ret );
1245}
1246
Paul Bakker4606c732013-09-15 17:04:23 +0200[diff] [blame]1247#endif /* POLARSSL_PK_PARSE_C */